mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-29 13:18:12 +00:00
Code Issues Releases Wiki Activity

postfix-3.10-20240603

Browse Source
This commit is contained in:
Wietse Z Venema 2024-06-03 00:00:00 -05:00 committed by Viktor Dukhovni
parent 3a7fa9f6e4
commit 3bd5858b32
17 changed files with 253 additions and 117 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
postfix/HISTORY
View File

@ -28047,3 +28047,30 @@ Apologies for any names omitted.
queue file, log not only the 'new' name in the incoming queue file, log not only the 'new' name in the incoming
queue, but also log the 'old' name in the maildrop queue. queue, but also log the 'old' name in the maildrop queue.
File: pickup/pickup.c. File: pickup/pickup.c.
20240422
Cleanup: improved warning text when a local alias contains
a domain. File: postalias/postalias.c.
20240502
Documentation: clarified the spawn(8) manpage BUGS section.
File: spawn/spawn.c.
20240504
Documentation: clarified some text in the Postfix overview.
File: proto/OVERVIEW.html.
20240603
Documentation: with "smtpd_tls_security_level = encrypt",
clarified what commands the Postfix will accept during the
plaintext phase. File: proto/postconf.proto.
Documentation: ugly javascript workaround for
Google Chrome scrolling to the wrong location with
'<a name=' and '<a id=' tags in postconf.5.html. See
https://support.google.com/chrome/thread/11993079. File:
proto/postconf.html.prolog.

52
postfix/README_FILES/OVERVIEW
View File

@ -109,8 +109,8 @@ unnumbered names inside shaded areas represent Postfix queues.
error(8) delivery agents are special: they discard or bounce all mail, and error(8) delivery agents are special: they discard or bounce all mail, and
are not shown in the figure above. are not shown in the figure above.
The queue manager maintains a small active queue with the messages that it The queue manager maintains a limited active queue with the messages that
has opened for delivery. The active queue acts as a limited window on it has opened for delivery. The active queue acts as a limited window on
potentially large incoming or deferred queues. The limited active queue potentially large incoming or deferred queues. The limited active queue
prevents the queue manager from running out of memory under heavy load. prevents the queue manager from running out of memory under heavy load.
@ -126,11 +126,13 @@ unnumbered names inside shaded areas represent Postfix queues.
relocated(5) table for recipients whose address has changed; mail for such relocated(5) table for recipients whose address has changed; mail for such
recipients is returned to the sender with an explanation. recipients is returned to the sender with an explanation.
* The smtp(8) client looks up a list of mail exchangers for the destination * The smtp(8) client looks up a list of SMTP servers for the destination(s)
host, sorts the list by preference, and tries each server in turn until it in a delivery request, sorts the list by preference, and tries each server
finds a server that responds. It then encapsulates the sender, recipient in turn until it has delivered or bounced all recipients in the delivery
and message content as required by the SMTP protocol; this includes request. It encapsulates the sender, recipients and message content as
conversion of 8-bit MIME to 7-bit encoding. required by the SMTP protocol; this includes message body conversion from
8-bit MIME to 7-bit encoding, but does not include RFC 2047 header
encoding.
* The lmtp(8) client speaks a protocol similar to SMTP that is optimized for * The lmtp(8) client speaks a protocol similar to SMTP that is optimized for
delivery to mailbox servers such as Cyrus. The advantage of this setup is delivery to mailbox servers such as Cyrus. The advantage of this setup is
@ -158,10 +160,11 @@ unnumbered names inside shaded areas represent Postfix queues.
* The pipe(8) mailer is the outbound interface to other mail processing * The pipe(8) mailer is the outbound interface to other mail processing
systems (the Postfix sendmail(1) command being the inbound interface). The systems (the Postfix sendmail(1) command being the inbound interface). The
interface is UNIX compatible: it provides information on the command line interface is UNIX compatible: the pipe(8) mailer provides information to a
and on the standard input stream, and expects a process exit status code as child process command line, environment variables, and standard input
defined in <sysexits.h>. Examples of delivery via the pipe(8) mailer are in stream, and expects a child process exit status code as defined in
the MAILDROP_README and UUCP_README documents. <sysexits.h>. Examples of delivery via the pipe(8) mailer are in the
FILTER_README, MAILDROP_README, and UUCP_README documents.
PPoossttffiixx bbeehhiinndd tthhee sscceenneess PPoossttffiixx bbeehhiinndd tthhee sscceenneess
@ -237,11 +240,12 @@ queues.
message message
logfiles logfiles
* The flush(8) servers maintain per-destination logs and implement both ETRN * The flush(8) servers maintain per-destination logs and implement "sendmail
and "sendmail -qRdestination", as described in the ETRN_README document. -qRsite", "sendmail -qIqueueid" "postqueue -s site", "postqueue -
This moves selected queue files from the deferred queue back to the i queueid", and ETRN as described in the ETRN_README document. This moves
incoming queue and requests their delivery. The flush(8) service is selected queue files from the deferred queue back to the incoming queue and
available with Postfix version 1.0 and later. requests their delivery. The flush(8) service is available with Postfix
version 1.0 and later.
incoming incoming
^ ^
@ -298,14 +302,7 @@ queues.
connection setup and improves message delivery rates. After a Postfix smtp connection setup and improves message delivery rates. After a Postfix smtp
(8) client connects to a remote SMTP server and sends plaintext EHLO and (8) client connects to a remote SMTP server and sends plaintext EHLO and
STARTTLS commands, the smtp(8) client inserts a tlsproxy(8) process into STARTTLS commands, the smtp(8) client inserts a tlsproxy(8) process into
the connection as shown below. the connection as shown in the top of the figure below.
After the mail transaction completes, the Postfix smtp(8) client gives the
smtp(8)-to-tlsproxy(8) connection to the scache(8) server, which keeps the
connection open for a limited amount of time. The smtp(8) client continues
with some other mail delivery request. Meanwhile, any Postfix smtp(8)
client can ask the scache(8) server for that cached connection and reuse it
for mail delivery.
/-- smtp(8) --> tlsproxy(8) --> Internet /-- smtp(8) --> tlsproxy(8) --> Internet
@ -318,6 +315,13 @@ queues.
scache(8) scache(8)
After the mail transaction completes, the Postfix smtp(8) client gives the
smtp(8)-to-tlsproxy(8) connection to the scache(8) server, which keeps the
connection open for a limited amount of time. The smtp(8) client continues
with some other mail delivery request. Meanwhile, any Postfix smtp(8)
client can ask the scache(8) server for that cached connection and reuse it
for mail delivery.
* The showq(8) servers list the Postfix queue status. This is the queue * The showq(8) servers list the Postfix queue status. This is the queue
listing service that does the work for the mailq(1) and postqueue(1) listing service that does the work for the mailq(1) and postqueue(1)
commands. commands.

16
postfix/WISHLIST
View File

@ -6,6 +6,22 @@ Wish list:
Disable -DSNAPSHOT and -DNONPROD in makedefs. Disable -DSNAPSHOT and -DNONPROD in makedefs.
Many master.cf services don't expect wakeup calls, resulting
in weird warnings. Maybe the master daemon could signal the
wakeup intent through a child process command-line option,
so that the child can log "do not enable wakeups". Or the
client could announce to the xxx_server-main() skeleton
whether it wants wakeups. Or the child process could
special-case messages that consist only of a "W". We're not
using FIFOs anymore, and trigger servers could use a proper
(attribute, value) protocol.
"postconf -d" should not complain about a missing master.cf
file.
qmgr_message.c should do the right thing when the
double_bounce_sender value contains @.
migrate rbl -> dnsbl migrate rbl -> dnsbl
migrate smtpd_sasl_tls_security_options to "noanonymous" migrate smtpd_sasl_tls_security_options to "noanonymous"

47
postfix/html/OVERVIEW.html
View File

@ -329,7 +329,7 @@ or more recipient addresses. The <a href="discard.8.html">discard(8)</a> and <a
agents are special: they discard or bounce all mail, and are not agents are special: they discard or bounce all mail, and are not
shown in the figure above. </p> shown in the figure above. </p>
<p> The queue manager maintains a small <a href="QSHAPE_README.html#active_queue">active queue</a> with the <p> The queue manager maintains a limited <a href="QSHAPE_README.html#active_queue">active queue</a> with the
messages that it has opened for delivery. The <a href="QSHAPE_README.html#active_queue">active queue</a> acts as messages that it has opened for delivery. The <a href="QSHAPE_README.html#active_queue">active queue</a> acts as
a limited window on potentially large <a href="QSHAPE_README.html#incoming_queue">incoming</a> or <a href="QSHAPE_README.html#deferred_queue">deferred queues</a>. a limited window on potentially large <a href="QSHAPE_README.html#incoming_queue">incoming</a> or <a href="QSHAPE_README.html#deferred_queue">deferred queues</a>.
The limited <a href="QSHAPE_README.html#active_queue">active queue</a> prevents the queue manager from running The limited <a href="QSHAPE_README.html#active_queue">active queue</a> prevents the queue manager from running
@ -349,12 +349,13 @@ can be specified with the optional <a href="transport.5.html">transport(5)</a> t
for recipients whose address has changed; mail for such recipients is for recipients whose address has changed; mail for such recipients is
returned to the sender with an explanation. </p> returned to the sender with an explanation. </p>
<li> <p> The <a href="smtp.8.html">smtp(8)</a> client looks up a list of mail exchangers for <li> <p> The <a href="smtp.8.html">smtp(8)</a> client looks up a list of SMTP servers for
the destination host, sorts the list by preference, and tries each the destination(s) in a delivery request, sorts the list by preference,
server in turn until it finds a server that responds. It then and tries each server in turn until it has delivered or bounced all
encapsulates the sender, recipient and message content as required recipients in the delivery request. It encapsulates the sender,
by the SMTP protocol; this includes conversion of 8-bit MIME to recipients and message content as required by the SMTP protocol;
7-bit encoding. </p> this includes message body conversion from 8-bit MIME to 7-bit
encoding, but does not include <a href="https://tools.ietf.org/html/rfc2047">RFC 2047</a> header encoding. </p>
<li> <p> The <a href="lmtp.8.html">lmtp(8)</a> client speaks a protocol similar to SMTP that <li> <p> The <a href="lmtp.8.html">lmtp(8)</a> client speaks a protocol similar to SMTP that
is optimized for delivery to mailbox servers such as Cyrus. The is optimized for delivery to mailbox servers such as Cyrus. The
@ -384,10 +385,12 @@ small domains on a single machine. This is described in the
<li> <p> The <a href="pipe.8.html">pipe(8)</a> mailer is the outbound interface to other mail <li> <p> The <a href="pipe.8.html">pipe(8)</a> mailer is the outbound interface to other mail
processing systems (the Postfix <a href="sendmail.1.html">sendmail(1)</a> command being the processing systems (the Postfix <a href="sendmail.1.html">sendmail(1)</a> command being the
inbound interface). The interface is UNIX compatible: it provides inbound interface). The interface is UNIX compatible: the <a href="pipe.8.html">pipe(8)</a>
information on the command line and on the standard input stream, mailer provides information to a child process command line,
and expects a process exit status code as defined in &lt;sysexits.h&gt;. environment variables, and standard input stream, and expects a
Examples of delivery via the <a href="pipe.8.html">pipe(8)</a> mailer are in the <a href="MAILDROP_README.html">MAILDROP_README</a> child process exit status code as defined in &lt;sysexits.h&gt;.
Examples of delivery via the <a href="pipe.8.html">pipe(8)</a> mailer are in the <a href="FILTER_README.html">FILTER_README</a>,
<a href="MAILDROP_README.html">MAILDROP_README</a>,
and <a href="UUCP_README.html">UUCP_README</a> documents. and <a href="UUCP_README.html">UUCP_README</a> documents.
</ul> </ul>
@ -502,7 +505,9 @@ Per- <br> message<br> logfiles </td> </tr>
</table> </table>
<li> <p> The <a href="flush.8.html">flush(8)</a> servers maintain per-destination logs and <li> <p> The <a href="flush.8.html">flush(8)</a> servers maintain per-destination logs and
implement both ETRN and "sendmail -qRdestination", as described implement "sendmail -qR<i>site</i>", "sendmail -qI<i>queueid</i>"
"postqueue -s <i>site</i>", "postqueue -i <i>queueid</i>", and ETRN
as described
in the <a href="ETRN_README.html">ETRN_README</a> document. This moves selected queue files from in the <a href="ETRN_README.html">ETRN_README</a> document. This moves selected queue files from
the <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> back to the <a href="QSHAPE_README.html#incoming_queue">incoming queue</a> and requests their the <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> back to the <a href="QSHAPE_README.html#incoming_queue">incoming queue</a> and requests their
delivery. The <a href="flush.8.html">flush(8)</a> service is available with Postfix version delivery. The <a href="flush.8.html">flush(8)</a> service is available with Postfix version
@ -586,15 +591,7 @@ the overhead of connection setup and improves message delivery
rates. After a Postfix <a href="smtp.8.html">smtp(8)</a> client connects to a remote SMTP rates. After a Postfix <a href="smtp.8.html">smtp(8)</a> client connects to a remote SMTP
server and sends plaintext EHLO and STARTTLS commands, the <a href="smtp.8.html">smtp(8)</a> server and sends plaintext EHLO and STARTTLS commands, the <a href="smtp.8.html">smtp(8)</a>
client inserts a <a href="tlsproxy.8.html">tlsproxy(8)</a> process into the connection as shown client inserts a <a href="tlsproxy.8.html">tlsproxy(8)</a> process into the connection as shown
below. </p> in the top of the figure below. </p>
<p> After the mail transaction completes, the Postfix <a href="smtp.8.html">smtp(8)</a> client
gives the <a href="smtp.8.html">smtp(8)</a>-to-<a href="tlsproxy.8.html">tlsproxy(8)</a> connection to the <a href="scache.8.html">scache(8)</a>
server, which keeps the connection open for a limited amount of
time. The <a href="smtp.8.html">smtp(8)</a> client continues with some other mail delivery
request. Meanwhile, any Postfix <a href="smtp.8.html">smtp(8)</a> client can ask the <a href="scache.8.html">scache(8)</a>
server for that cached connection and reuse it for mail delivery.
</p>
<table> <table>
@ -619,6 +616,14 @@ bgcolor="#f0f0ff"> <a href="scache.8.html">scache(8)</a> </td> </tr>
</table> </table>
<p> After the mail transaction completes, the Postfix <a href="smtp.8.html">smtp(8)</a> client
gives the <a href="smtp.8.html">smtp(8)</a>-to-<a href="tlsproxy.8.html">tlsproxy(8)</a> connection to the <a href="scache.8.html">scache(8)</a>
server, which keeps the connection open for a limited amount of
time. The <a href="smtp.8.html">smtp(8)</a> client continues with some other mail delivery
request. Meanwhile, any Postfix <a href="smtp.8.html">smtp(8)</a> client can ask the <a href="scache.8.html">scache(8)</a>
server for that cached connection and reuse it for mail delivery.
</p>
<li> <p> The <a href="showq.8.html">showq(8)</a> servers list the Postfix queue status. This <li> <p> The <a href="showq.8.html">showq(8)</a> servers list the Postfix queue status. This
is the queue listing service that does the work for the <a href="mailq.1.html">mailq(1)</a> is the queue listing service that does the work for the <a href="mailq.1.html">mailq(1)</a>
and <a href="postqueue.1.html">postqueue(1)</a> commands. </p> and <a href="postqueue.1.html">postqueue(1)</a> commands. </p>

47
postfix/html/postconf.5.html
View File

@ -10,6 +10,21 @@
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel='stylesheet' type='text/css' href='postfix-doc.css'> <link rel='stylesheet' type='text/css' href='postfix-doc.css'>
<script type="text/javascript">
// Kludge for https://support.google.com/chrome/thread/11993079
const isChrome = /Chrome/.test(navigator.userAgent)
&& /Google Inc/.test(navigator.vendor);
const hash = window.location.hash;
if (hash && isChrome) {
setTimeout(function() {
window.location.hash = "";
window.location.hash = hash;
}, 1000);
}
</script>
</head> </head>
<body> <body>
@ -2903,13 +2918,20 @@ precision. </p>
<ul> <ul>
<li> a = time from message arrival to last <a href="QSHAPE_README.html#active_queue">active queue</a> entry <li> a = Time from message arrival to last <a href="QSHAPE_README.html#active_queue">active queue</a> entry.
<li> b = time from last <a href="QSHAPE_README.html#active_queue">active queue</a> entry to connection setup <li> b = Time from last <a href="QSHAPE_README.html#active_queue">active queue</a> entry to the beginning of
connection setup.
<li> c = time in connection setup, including DNS, EHLO and STARTTLS <li> c = Time in connection setup. With SMTP, that is the time
before sending the MAIL FROM command: with a new connection, that
includes DNS lookups, and protocol handshakes with TCP, EHLO, and
STARTTLS; with a reused connection, that includes DNS lookups,
connection cache lookup by domain or IP address, and a liveness
probe with RSET.
<li> d = time in message transmission <li> d = Time in message transmission. With SMTP, that starts with
sending MAIL FROM.
</ul> </ul>
@ -15852,9 +15874,13 @@ restriction lists" for a discussion of evaluation context and time.
(default: no)</b></DT><DD> (default: no)</b></DT><DD>
<p> Mandatory TLS: announce STARTTLS support to remote SMTP clients, <p> Mandatory TLS: announce STARTTLS support to remote SMTP clients,
and require that clients use TLS encryption. According to <a href="https://tools.ietf.org/html/rfc2487">RFC 2487</a> and reject all plaintext commands except HELO, EHLO, XCLIENT,
STARTTLS, NOOP, QUIT, and (Postfix &ge; 3.9) HELP.
According to <a href="https://tools.ietf.org/html/rfc2487">RFC 2487</a>
this MUST NOT be applied in case of a publicly-referenced SMTP this MUST NOT be applied in case of a publicly-referenced SMTP
server. This option is therefore off by default. </p> server. Instead, this should be used on dedicated servers, for
example submission (port 587). This option is therefore off by
default. </p>
<p> Note 1: "<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> = yes" implies "<a href="postconf.5.html#smtpd_tls_auth_only">smtpd_tls_auth_only</a> = yes". </p> <p> Note 1: "<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> = yes" implies "<a href="postconf.5.html#smtpd_tls_auth_only">smtpd_tls_auth_only</a> = yes". </p>
@ -19166,10 +19192,11 @@ to remote SMTP clients, but do not require that clients use TLS encryption.
</dd> </dd>
<dt><b>encrypt</b></dt> <dd>Mandatory TLS encryption: announce <dt><b>encrypt</b></dt> <dd>Mandatory TLS encryption: announce
STARTTLS support to remote SMTP clients, and require that clients use TLS STARTTLS support to remote SMTP clients, and reject all plaintext
encryption. According to <a href="https://tools.ietf.org/html/rfc2487">RFC 2487</a> this MUST NOT be applied in case commands except HELO, EHLO, XCLIENT, STARTTLS, NOOP, QUIT, and (Postfix
of a publicly-referenced SMTP server. Instead, this option should &ge; 3.9) HELP. According to <a href="https://tools.ietf.org/html/rfc2487">RFC 2487</a> this MUST NOT be applied in case
be used only on dedicated servers. </dd> of a publicly-referenced SMTP server. Instead, this should be used
on dedicated servers, for example submission (port 587). </dd>
</dl> </dl>

5
postfix/html/spawn.8.html
View File

@ -44,8 +44,9 @@ SPAWN(8) SPAWN(8)
interpreter. interpreter.
<b>BUGS</b> <b>BUGS</b>
In order to enforce standard Postfix process resource controls, the In order to enforce standard Postfix process resource controls, each
<a href="spawn.8.html"><b>spawn</b>(8)</a> daemon runs only one external command at a time. As such, it <a href="spawn.8.html"><b>spawn</b>(8)</a> daemon process runs only one external command, and blocks
until the command terminates or a time limit is reached. As such, it
presents a noticeable overhead by wasting precious process resources. presents a noticeable overhead by wasting precious process resources.
The <a href="spawn.8.html"><b>spawn</b>(8)</a> daemon is expected to be replaced by a more structural The <a href="spawn.8.html"><b>spawn</b>(8)</a> daemon is expected to be replaced by a more structural
solution. solution.

32
postfix/man/man5/postconf.5
View File

@ -1893,13 +1893,20 @@ precision.
.PP .PP
The format of the "delays=a/b/c/d" logging is as follows: The format of the "delays=a/b/c/d" logging is as follows:
.IP \(bu .IP \(bu
a = time from message arrival to last active queue entry a = Time from message arrival to last active queue entry.
.IP \(bu .IP \(bu
b = time from last active queue entry to connection setup b = Time from last active queue entry to the beginning of
connection setup.
.IP \(bu .IP \(bu
c = time in connection setup, including DNS, EHLO and STARTTLS c = Time in connection setup. With SMTP, that is the time
before sending the MAIL FROM command: with a new connection, that
includes DNS lookups, and protocol handshakes with TCP, EHLO, and
STARTTLS; with a reused connection, that includes DNS lookups,
connection cache lookup by domain or IP address, and a liveness
probe with RSET.
.IP \(bu .IP \(bu
d = time in message transmission d = Time in message transmission. With SMTP, that starts with
sending MAIL FROM.
.br .br
.PP .PP
This feature is available in Postfix 2.3 and later. This feature is available in Postfix 2.3 and later.
@ -10971,9 +10978,13 @@ This feature is available in Postfix 2.2 and later.
See smtpd_data_restrictions for details and limitations. See smtpd_data_restrictions for details and limitations.
.SH smtpd_enforce_tls (default: no) .SH smtpd_enforce_tls (default: no)
Mandatory TLS: announce STARTTLS support to remote SMTP clients, Mandatory TLS: announce STARTTLS support to remote SMTP clients,
and require that clients use TLS encryption. According to RFC 2487 and reject all plaintext commands except HELO, EHLO, XCLIENT,
STARTTLS, NOOP, QUIT, and (Postfix >= 3.9) HELP.
According to RFC 2487
this MUST NOT be applied in case of a publicly\-referenced SMTP this MUST NOT be applied in case of a publicly\-referenced SMTP
server. This option is therefore off by default. server. Instead, this should be used on dedicated servers, for
example submission (port 587). This option is therefore off by
default.
.PP .PP
Note 1: "smtpd_enforce_tls = yes" implies "smtpd_tls_auth_only = yes". Note 1: "smtpd_enforce_tls = yes" implies "smtpd_tls_auth_only = yes".
.PP .PP
@ -13702,10 +13713,11 @@ to remote SMTP clients, but do not require that clients use TLS encryption.
.br .br
.IP "\fBencrypt\fR" .IP "\fBencrypt\fR"
Mandatory TLS encryption: announce Mandatory TLS encryption: announce
STARTTLS support to remote SMTP clients, and require that clients use TLS STARTTLS support to remote SMTP clients, and reject all plaintext
encryption. According to RFC 2487 this MUST NOT be applied in case commands except HELO, EHLO, XCLIENT, STARTTLS, NOOP, QUIT, and (Postfix
of a publicly\-referenced SMTP server. Instead, this option should >= 3.9) HELP. According to RFC 2487 this MUST NOT be applied in case
be used only on dedicated servers. of a publicly\-referenced SMTP server. Instead, this should be used
on dedicated servers, for example submission (port 587).
.br .br
.br .br
.PP .PP

4
postfix/man/man8/spawn.8
View File

@ -47,7 +47,9 @@ shell meta characters by a shell command interpreter.
.ad .ad
.fi .fi
In order to enforce standard Postfix process resource controls, In order to enforce standard Postfix process resource controls,
the \fBspawn\fR(8) daemon runs only one external command at a time. each \fBspawn\fR(8) daemon process runs only one external
command, and blocks until the command terminates or a time
limit is reached.
As such, it presents a noticeable overhead by wasting precious As such, it presents a noticeable overhead by wasting precious
process resources. The \fBspawn\fR(8) daemon is expected to be process resources. The \fBspawn\fR(8) daemon is expected to be
replaced by a more structural solution. replaced by a more structural solution.

47
postfix/proto/OVERVIEW.html
View File

@ -329,7 +329,7 @@ or more recipient addresses. The discard(8) and error(8) delivery
agents are special: they discard or bounce all mail, and are not agents are special: they discard or bounce all mail, and are not
shown in the figure above. </p> shown in the figure above. </p>
<p> The queue manager maintains a small active queue with the <p> The queue manager maintains a limited active queue with the
messages that it has opened for delivery. The active queue acts as messages that it has opened for delivery. The active queue acts as
a limited window on potentially large incoming or deferred queues. a limited window on potentially large incoming or deferred queues.
The limited active queue prevents the queue manager from running The limited active queue prevents the queue manager from running
@ -349,12 +349,13 @@ trivial-rewrite(8) server optionally queries the relocated(5) table
for recipients whose address has changed; mail for such recipients is for recipients whose address has changed; mail for such recipients is
returned to the sender with an explanation. </p> returned to the sender with an explanation. </p>
<li> <p> The smtp(8) client looks up a list of mail exchangers for <li> <p> The smtp(8) client looks up a list of SMTP servers for
the destination host, sorts the list by preference, and tries each the destination(s) in a delivery request, sorts the list by preference,
server in turn until it finds a server that responds. It then and tries each server in turn until it has delivered or bounced all
encapsulates the sender, recipient and message content as required recipients in the delivery request. It encapsulates the sender,
by the SMTP protocol; this includes conversion of 8-bit MIME to recipients and message content as required by the SMTP protocol;
7-bit encoding. </p> this includes message body conversion from 8-bit MIME to 7-bit
encoding, but does not include RFC 2047 header encoding. </p>
<li> <p> The lmtp(8) client speaks a protocol similar to SMTP that <li> <p> The lmtp(8) client speaks a protocol similar to SMTP that
is optimized for delivery to mailbox servers such as Cyrus. The is optimized for delivery to mailbox servers such as Cyrus. The
@ -384,10 +385,12 @@ VIRTUAL_README document. </p>
<li> <p> The pipe(8) mailer is the outbound interface to other mail <li> <p> The pipe(8) mailer is the outbound interface to other mail
processing systems (the Postfix sendmail(1) command being the processing systems (the Postfix sendmail(1) command being the
inbound interface). The interface is UNIX compatible: it provides inbound interface). The interface is UNIX compatible: the pipe(8)
information on the command line and on the standard input stream, mailer provides information to a child process command line,
and expects a process exit status code as defined in &lt;sysexits.h&gt;. environment variables, and standard input stream, and expects a
Examples of delivery via the pipe(8) mailer are in the MAILDROP_README child process exit status code as defined in &lt;sysexits.h&gt;.
Examples of delivery via the pipe(8) mailer are in the FILTER_README,
MAILDROP_README,
and UUCP_README documents. and UUCP_README documents.
</ul> </ul>
@ -502,7 +505,9 @@ Per- <br> message<br> logfiles </td> </tr>
</table> </table>
<li> <p> The flush(8) servers maintain per-destination logs and <li> <p> The flush(8) servers maintain per-destination logs and
implement both ETRN and "sendmail -qRdestination", as described implement "sendmail -qR<i>site</i>", "sendmail -qI<i>queueid</i>"
"postqueue -s <i>site</i>", "postqueue -i <i>queueid</i>", and ETRN
as described
in the ETRN_README document. This moves selected queue files from in the ETRN_README document. This moves selected queue files from
the deferred queue back to the incoming queue and requests their the deferred queue back to the incoming queue and requests their
delivery. The flush(8) service is available with Postfix version delivery. The flush(8) service is available with Postfix version
@ -586,15 +591,7 @@ the overhead of connection setup and improves message delivery
rates. After a Postfix smtp(8) client connects to a remote SMTP rates. After a Postfix smtp(8) client connects to a remote SMTP
server and sends plaintext EHLO and STARTTLS commands, the smtp(8) server and sends plaintext EHLO and STARTTLS commands, the smtp(8)
client inserts a tlsproxy(8) process into the connection as shown client inserts a tlsproxy(8) process into the connection as shown
below. </p> in the top of the figure below. </p>
<p> After the mail transaction completes, the Postfix smtp(8) client
gives the smtp(8)-to-tlsproxy(8) connection to the scache(8)
server, which keeps the connection open for a limited amount of
time. The smtp(8) client continues with some other mail delivery
request. Meanwhile, any Postfix smtp(8) client can ask the scache(8)
server for that cached connection and reuse it for mail delivery.
</p>
<table> <table>
@ -619,6 +616,14 @@ bgcolor="#f0f0ff"> scache(8) </td> </tr>
</table> </table>
<p> After the mail transaction completes, the Postfix smtp(8) client
gives the smtp(8)-to-tlsproxy(8) connection to the scache(8)
server, which keeps the connection open for a limited amount of
time. The smtp(8) client continues with some other mail delivery
request. Meanwhile, any Postfix smtp(8) client can ask the scache(8)
server for that cached connection and reuse it for mail delivery.
</p>
<li> <p> The showq(8) servers list the Postfix queue status. This <li> <p> The showq(8) servers list the Postfix queue status. This
is the queue listing service that does the work for the mailq(1) is the queue listing service that does the work for the mailq(1)
and postqueue(1) commands. </p> and postqueue(1) commands. </p>

15
postfix/proto/postconf.html.prolog
View File

@ -10,6 +10,21 @@
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel='stylesheet' type='text/css' href='postfix-doc.css'> <link rel='stylesheet' type='text/css' href='postfix-doc.css'>
<script type="text/javascript">
// Kludge for https://support.google.com/chrome/thread/11993079
const isChrome = /Chrome/.test(navigator.userAgent)
&& /Google Inc/.test(navigator.vendor);
const hash = window.location.hash;
if (hash && isChrome) {
setTimeout(function() {
window.location.hash = "";
window.location.hash = hash;
}, 1000);
}
</script>
</head> </head>
<body> <body>

32
postfix/proto/postconf.proto
View File

@ -9856,9 +9856,13 @@ Postfix 2.3 and later use smtpd_tls_security_level instead. </p>
%PARAM smtpd_enforce_tls no %PARAM smtpd_enforce_tls no
<p> Mandatory TLS: announce STARTTLS support to remote SMTP clients, <p> Mandatory TLS: announce STARTTLS support to remote SMTP clients,
and require that clients use TLS encryption. According to RFC 2487 and reject all plaintext commands except HELO, EHLO, XCLIENT,
STARTTLS, NOOP, QUIT, and (Postfix &ge; 3.9) HELP.
According to RFC 2487
this MUST NOT be applied in case of a publicly-referenced SMTP this MUST NOT be applied in case of a publicly-referenced SMTP
server. This option is therefore off by default. </p> server. Instead, this should be used on dedicated servers, for
example submission (port 587). This option is therefore off by
default. </p>
<p> Note 1: "smtpd_enforce_tls = yes" implies "smtpd_tls_auth_only = yes". </p> <p> Note 1: "smtpd_enforce_tls = yes" implies "smtpd_tls_auth_only = yes". </p>
@ -10794,13 +10798,20 @@ precision. </p>
<ul> <ul>
<li> a = time from message arrival to last active queue entry <li> a = Time from message arrival to last active queue entry.
<li> b = time from last active queue entry to connection setup <li> b = Time from last active queue entry to the beginning of
connection setup.
<li> c = time in connection setup, including DNS, EHLO and STARTTLS <li> c = Time in connection setup. With SMTP, that is the time
before sending the MAIL FROM command: with a new connection, that
includes DNS lookups, and protocol handshakes with TCP, EHLO, and
STARTTLS; with a reused connection, that includes DNS lookups,
connection cache lookup by domain or IP address, and a liveness
probe with RSET.
<li> d = time in message transmission <li> d = Time in message transmission. With SMTP, that starts with
sending MAIL FROM.
</ul> </ul>
@ -12683,10 +12694,11 @@ to remote SMTP clients, but do not require that clients use TLS encryption.
</dd> </dd>
<dt><b>encrypt</b></dt> <dd>Mandatory TLS encryption: announce <dt><b>encrypt</b></dt> <dd>Mandatory TLS encryption: announce
STARTTLS support to remote SMTP clients, and require that clients use TLS STARTTLS support to remote SMTP clients, and reject all plaintext
encryption. According to RFC 2487 this MUST NOT be applied in case commands except HELO, EHLO, XCLIENT, STARTTLS, NOOP, QUIT, and (Postfix
of a publicly-referenced SMTP server. Instead, this option should &ge; 3.9) HELP. According to RFC 2487 this MUST NOT be applied in case
be used only on dedicated servers. </dd> of a publicly-referenced SMTP server. Instead, this should be used
on dedicated servers, for example submission (port 587). </dd>
</dl> </dl>

1
postfix/proto/stop
View File

@ -1603,3 +1603,4 @@ Hamid
LLC LLC
Maadani Maadani
GTEST GTEST
javascript

2
postfix/proto/stop.double-history
View File

@ -123,3 +123,5 @@ proto proto aliases proto virtual proto ADDRESS_REWRITING_README html
or unimplemented commands File smtpd smtpd c or unimplemented commands File smtpd smtpd c
proto proto mysql_table proto pgsql_table proto ldap_table proto proto mysql_table proto pgsql_table proto ldap_table
File pickup pickup c File pickup pickup c
a domain File postalias postalias c
File spawn spawn c

5
postfix/proto/stop.spell-proto-html
View File

@ -374,3 +374,8 @@ srv
viktor viktor
MONGODB MONGODB
MongoDB MongoDB
qIqueueid
Dextrous
ar
liveness
superset

2
postfix/src/global/mail_version.h
View File

@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no * Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only. * patchlevel; they change the release date only.
*/ */
#define MAIL_RELEASE_DATE "20240422" #define MAIL_RELEASE_DATE "20240603"
#define MAIL_VERSION_NUMBER "3.10" #define MAIL_VERSION_NUMBER "3.10"
#ifdef SNAPSHOT #ifdef SNAPSHOT

2
postfix/src/postalias/postalias.c
View File

@ -429,7 +429,7 @@ static void postalias(char *map_type, char *path_name, int postalias_flags,
* alias database is being built, so we're guessing a bit. * alias database is being built, so we're guessing a bit.
*/ */
if (tok822_rfind_type(colon, '@') || tok822_rfind_type(colon, '%')) { if (tok822_rfind_type(colon, '@') || tok822_rfind_type(colon, '%')) {
msg_warn("%s, line %d: name must be local", msg_warn("%s, line %d: name must be local and have no domain",
VSTREAM_PATH(source_fp), lineno); VSTREAM_PATH(source_fp), lineno);
tok822_free_tree(tok_list); tok822_free_tree(tok_list);
continue; continue;

4
postfix/src/spawn/spawn.c
View File

@ -37,7 +37,9 @@
/* shell meta characters by a shell command interpreter. /* shell meta characters by a shell command interpreter.
/* BUGS /* BUGS
/* In order to enforce standard Postfix process resource controls, /* In order to enforce standard Postfix process resource controls,
/* the \fBspawn\fR(8) daemon runs only one external command at a time. /* each \fBspawn\fR(8) daemon process runs only one external
/* command, and blocks until the command terminates or a time
/* limit is reached.
/* As such, it presents a noticeable overhead by wasting precious /* As such, it presents a noticeable overhead by wasting precious
/* process resources. The \fBspawn\fR(8) daemon is expected to be /* process resources. The \fBspawn\fR(8) daemon is expected to be
/* replaced by a more structural solution. /* replaced by a more structural solution.