mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-09-03 23:55:18 +00:00
Code Issues Releases Wiki Activity

postfix-2.0.13-20030705

Browse Source
This commit is contained in:
Wietse Venema
2003-07-05 00:00:00 -05:00
committed by Viktor Dukhovni
parent 4d17a8158b
commit 42fc9d60d1
55 changed files with 804 additions and 485 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
postfix/HISTORY
View File

@@ -8273,11 +8273,6 @@ Apologies for any names omitted.
avoiding code tries a little harder when it encounters a avoiding code tries a little harder when it encounters a
race condition. File: util/safe_open.c. race condition. File: util/safe_open.c.
20030623
Non-prod operator precedence bug with detecting end of
DATA. Matthias Andree. File: smtpd/smtpd.c.
20030624 20030624
Bugfix: reject_unverified_address() set the defer_if_reject Bugfix: reject_unverified_address() set the defer_if_reject
@@ -8335,10 +8330,15 @@ Apologies for any names omitted.
Feature: TCP lookup table support, finally finished. Files: Feature: TCP lookup table support, finally finished. Files:
proto/tcp_table, proto/dict_tcp.[hc]. proto/tcp_table, proto/dict_tcp.[hc].
20030703 20030705
Non-prod: the SMTPD proxy client lost the reply to ".". Feature: new receive_override_options parameter controls
Amazing. what happens before or after an external content filter:
rejecting unknown recipients, canonical and virtual address
mapping, address masquerading, automatic BCC recipients
and header/body checks. This is more convenient than having
to specify two different cleanup services in the master.cf
file.
Open problems: Open problems:

259
postfix/README_FILES/FILTER_README
View File

@@ -1,22 +1,33 @@
Introduction Introduction
============ ============
This is a very first implementation of Postfix content filtering. Normally, Postfix receives mail, stores it in the mail queue and
A Postfix content filter receives unfiltered mail from Postfix and then delivers it. With the external content filter described here,
does one of the following: mail is filtered AFTER it is queued. This gives you maximal control
over how many filtering processes you are willing to run in parallel.
- re-injects the mail back into Postfix, perhaps after changing content [This is not to be confused with the approach that is described in
- rejects the mail (by sending a suitable status code back to the SMTPD_PROXY_README document, where SMTP mail is filtered BEFORE
Postfix) so that it is returned to sender. it is queued]
- sends the mail somewhere else
An external content filter receives unfiltered mail from Postfix
and does one of the following:
1 - Re-inject the mail back into Postfix, perhaps after changing
content.
2 - Reject the mail (by sending a suitable status code back to
Postfix) so that it is returned to sender.
3 - Send the mail somewhere else.
This document describes two approaches to content filtering: simple This document describes two approaches to content filtering: simple
and advanced. Both filter all the mail by default. and advanced. Both filter all the mail by default.
At the end are examples that show how to filter only mail from At the end are examples that show how to filter only mail from
users, about using different filters for different domains that users, how to use different filters for different domains that you
you provide MX service for, and about selective filtering on the provide MX service for, and how to set up selective filtering on
basis of message envelope and/or header/body patterns. the basis of message envelope and/or header/body patterns.
Simple content filtering example Simple content filtering example
================================ ================================
@@ -153,7 +164,7 @@ runs into a resource problem. This approach uses content filtering
software that can receive and deliver mail via SMTP. software that can receive and deliver mail via SMTP.
Some Anti-virus software is built to receive and deliver mail via Some Anti-virus software is built to receive and deliver mail via
SMTP and is ready to use as an advanced Postfix content filter. SMTP and is ready to use as an advanced external content filter.
For non-SMTP capable content filtering software, Bennett Todd's For non-SMTP capable content filtering software, Bennett Todd's
SMTP proxy implements a nice PERL/SMTP content filtering framework. SMTP proxy implements a nice PERL/SMTP content filtering framework.
See: http://bent.latency.net/smtpprox/ See: http://bent.latency.net/smtpprox/
@@ -189,16 +200,21 @@ Postfix via localhost port 10026.
: : : :
................. .................
To enable content filtering in this manner, specify in main.cf a To enable content filtering in this manner, specify in main.cf:
new parameter:
/etc/postfix/main.cf: /etc/postfix/main.cf:
content_filter = scan:localhost:10025 content_filter = scan:localhost:10025
receive_override_options = no_address_mappings
This causes Postfix to add one extra content filtering record to The first line causes Postfix to add one extra content filtering
each incoming mail message, with content scan:localhost:10025. record to each incoming mail message, with content scan:localhost:10025.
The content filtering records are added by the smtpd and pickup The content filtering records are added by the smtpd, pickup and
servers. qmqpd servers.
The second line disables address mapping before the content filter,
so that the content filter sees the original mail addresses instead
of the result of virtual alias expansion, canonical mapping, address
masquerading, etc.
When a queue file has content filtering information, the queue When a queue file has content filtering information, the queue
manager will deliver the mail to the specified content filter manager will deliver the mail to the specified content filter
@@ -258,8 +274,7 @@ a dedicated listener on port localhost 10026:
/etc/postfix/master.cf: /etc/postfix/master.cf:
localhost:10026 inet n - n - 10 smtpd localhost:10026 inet n - n - 10 smtpd
-o content_filter= -o content_filter=
-o local_recipient_maps= -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o relay_recipient_maps=
-o myhostname=localhost.domain.tld -o myhostname=localhost.domain.tld
-o smtpd_helo_restrictions= -o smtpd_helo_restrictions=
-o smtpd_client_restrictions= -o smtpd_client_restrictions=
@@ -267,196 +282,30 @@ a dedicated listener on port localhost 10026:
-o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8 -o mynetworks=127.0.0.0/8
Warning for Postfix version 2 users: in this SMTP server after the Note: do not use spaces around the "=" or "," characters.
content filter, do not override main.cf settings for virtual_alias_maps
or virtual_alias_domains. That would cause mail to be rejected with
"User unknown".
This SMTP server has the same process limit as the "filter" master.cf This SMTP server has the same process limit as the "filter" master.cf
entry. entry.
The "-o content_filter=" requests no content filtering for incoming The "-o content_filter=" overrides main.cf and requests no content
mail. filtering for incoming mail. This is required or else mail will
stay in the content filtering loop.
The "-o local_recipient_maps=" and "-o relay_recipient_maps=" avoid The "-o receive_override_options" line overrides main.cf and turns
unnecessary table lookups. off table lookups that were already done before the content filter:
attempts to find out if a recipient is unknown, and header/body
checks that can suck up lots of CPU cycles. These override options
are either implemented by the SMTP server itself, or they are passed
on to the cleanup server.
The "-o myhostname=localhost.domain.tld" avoids false alarms ("host The "-o myhostname=localhost.domain.tld" overrides main.cf and
<servername> greeted me with my own hostname") if your content avoids false alarms ("host <servername> greeted me with my own
filter is based on a proxy that simply relays SMTP commands. hostname") if your content filter is based on a proxy that simply
relays SMTP commands.
The "-o smtpd_xxx_restrictions" and "-o mynetworks=127.0.0.0/8" The "-o smtpd_xxx_restrictions" and "-o mynetworks=127.0.0.0/8"
turn off UCE controls that would only waste time here. override main.cf and turn off UCE controls that would only waste
time here.
Squeezing out more performance
==============================
Many refinements are possible, such as running a specially-configured
smtp delivery agent for feeding mail into the content filter, and
turning off address rewriting before content filtering.
As the example below shows, things quickly become very complex,
because a lot of main.cf like information gets listed in the
master.cf file. This makes the system hard to understand.
Even worse, details change as Postfix evolves and different
configuration parameters are implemented by different programs.
If you need to squeeze out more performance, it is probably simpler
to run multiple Postfix instances, one before and one after the
content filter. That way, each instance can have simple main.cf
and master.cf files, each instance can have its own mail queue,
and the system will be easier to understand.
As before, we will set up a content filtering program that receives
SMTP mail via localhost port 10025, and that submits SMTP mail back
into Postfix via localhost port 10026.
.......................................
: Postfix :
----->smtpd \ :
: -pre-cleanup-\ /local---->
---->pickup / -queue- :
: -cleanup-/ | \smtp----->
: bounces/ ^ v :
: and locally | v :
: forwarded smtpd scan :
: messages 10026 | :
...........................|...........
^ |
| v
....|.............
: | 10025 :
: filter :
: :
..................
To enable content filtering in this manner, specify in main.cf a
new parameter:
/etc/postfix/main.cf:
content_filter = scan:localhost:10025
/etc/postfix/master.cf:
#
# These are the usual input "smtpd" and local "pickup" servers already
# present in master.cf. We add an option to select a non-default
# cleanup service (defined further below).
#
smtp inet n - n - - smtpd
-o cleanup_service_name=pre-cleanup
pickup fifo n - n 60 1 pickup
-o cleanup_service_name=pre-cleanup
#
# ------------------------------------------------------------------
#
# This is the cleanup daemon that handles messages in front of
# the content filter. It does header_checks and body_checks (if
# any), but does no virtual alias or canonical address mapping,
# so that mail passes through your content filter with the original
# recipient addresses mostly intact.
#
# Virtual alias or canonical address mapping happens in the second
# cleanup phase after the content filter. This gives the content_filter
# access to *largely* unmodified addresses for maximum flexibility.
#
# Some sites may specifically want to perform canonical or virtual
# address mapping in front of the content_filter. In that case you
# still have to enable address rewriting in the after-filter cleanup
# instance, in order to correctly process forwarded mail or bounced
# mail.
#
pre-cleanup unix n - n - 0 cleanup
-o canonical_maps=
-o sender_canonical_maps=
-o recipient_canonical_maps=
-o masquerade_domains=
-o virtual_alias_maps=
#
# ------------------------------------------------------------------
#
# This is the delivery agent that injects mail into the content
# filter. It is tuned for low concurrency, because most content
# filters burn CPU and use lots of memory. The process limit of 10
# re-enforces the effect of $default_destination_concurrency_limit.
# Even without an explicit process limit, the concurrency is bounded
# because all messages heading into the content filter have the same
# destination.
#
scan unix - - n - 10 smtp
#
# ------------------------------------------------------------------
#
# This is the SMTP listener that receives filtered messages from
# the content filter. It *MUST* clear the content_filter
# parameter to avoid loops, and use a different hostname to avoid
# triggering the Postfix SMTP loop detection code.
#
# This "smtpd" uses the normal cleanup service which is also used
# for bounces and for internally forwarded mail.
#
# The parameters from mynetworks onward disable all access
# control other than insisting on connections from one of the IP
# addresses of the host. This is typically overkill, but can
# reduce resource usage, if the default restrictions use lots of
# tables.
#
localhost:10026 inet n - n - - smtpd
-o content_filter=
-o myhostname=localhost.domain.tld
-o local_recipient_maps=
-o relay_recipient_maps=
-o mynetworks=127.0.0.0/8
-o mynetworks_style=host
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
#
# Do not override main.cf settings here for virtual_alias_maps or
# virtual_mailbox_maps. This causes mail to be rejected with "User
# unknown in virtual (alias|mailbox) recipient table".
#
# ------------------------------------------------------------------
#
# This is the normal cleanup daemon for use after content filtering.
# No header or body checks, because those have already been taken
# care of by the pre-cleanup service before the content filter.
#
# The normal cleanup instance does all the virtual alias and canonical
# address mapping that was disabled in the pre-cleanup instance before
# the content filter. This rewriting must be done even when you didn't
# disable address rewriting in the pre-cleanup instance, in order to
# correctly process bounces and locally forwarded mail.
#
cleanup unix n - n - 0 cleanup
-o header_checks=
-o mime_header_checks=
-o nested_header_checks=
-o body_checks=
#
# ------------------------------------------------------------------
#
# The normal "smtp" delivery agent for contrast with "scan".
#
smtp unix - - n - - smtp
The above example causes Postfix to add one content filtering record
to each incoming mail message, with content scan:localhost:10025.
You can use the same syntax as in the right-hand side of a Postfix
transport table. The content filtering records are added by the
smtpd and pickup servers.
The "scan" transport is a dedicated instance of the "smtp" delivery
agent for injecting messages into the SMTP content filter. Using
a dedicated "smtp" transport allows one to tune it for the specific
task of delivering mail to a local content filter (low latency,
low concurrency, throughput dependent on predictably low latency).
See the previous example for setting up the content filter with
the Postfix spawn service; you can of course use any server that
can be run stand-alone outside the Postfix environment.
Filtering mail from outside users only Filtering mail from outside users only
====================================== ======================================
@@ -479,7 +328,13 @@ SMTP server addresses in master.cf:
# SMTP service for external users, with content filtering. # SMTP service for external users, with content filtering.
1.2.3.5:smtp inet n - n - - smtpd 1.2.3.5:smtp inet n - n - - smtpd
-o content_filter=foo:bar -o content_filter=foo:bar
-o receive_override_options=no_address_mappings
After this, you can follow the same procedure as outlined in the
"advanced" content filtering example above, except that you do not
need to specify "content_filter" or "receive_override_options" in
the main.cf file.
Getting really nasty Getting really nasty
==================== ====================

69
postfix/README_FILES/SMTPD_PROXY_README
View File

@@ -1,26 +1,26 @@
Purpose of the SMTPD pass-through proxy feature Purpose of the SMTPD pass-through proxy feature
=============================================== ===============================================
The Postfix SMTP server can be configured to forward all mail to Normally, Postfix receives mail, stores it in the mail queue and
a proxy server, for example, a real-time SPAM filter. The proxy is then delivers it. The Postfix SMTP server can be configured to
supposed to send the mail into another Postfix SMTP server process forward all incoming mail to an SMTP proxy server (for example, a
for normal delivery. real-time SPAM filter) that inspects all mail BEFORE it is stored
in the Postfix mail queue.
The proxy server receives only the commands that the Postfix SMTP [This is not to be confused with the approach described in the
server has approved. The proxy server should accept the same MAIL FILTER_README document, where all mail is inspected AFTER it is
FROM and RCPT TO command syntax as Postfix, but does not need to stored in the Postfix mail queue]
support ESMTP command pipelining.
This feature is meant to be used as follows: The SMTP proxy server receives unfiltered mail from Postfix and
does one of the following:
Internet -> smtpd -> proxy -> smtpd -> cleanup -> queue 1 - Re-inject the mail back into Postfix, perhaps after changing
Postfix Postfix Postfix Postfix content.
For reference, this is the normal path from network to mail queue: 2 - Reject the mail (by sending a suitable status code back to
Postfix) so that it is returned to sender.
Internet -> smtpd -> cleanup -> queue
Postfix Postfix Postfix
3 - Send the mail somewhere else.
Limitations Limitations
=========== ===========
@@ -47,6 +47,36 @@ triggers a Postfix header_checks FILTER action, or send the mail
into Postfix via an alternative Postfix SMTP server that always into Postfix via an alternative Postfix SMTP server that always
turns on content filtering. turns on content filtering.
How the Postfix talks to the SMTP proxy
=======================================
When Postfix talks to the SMTP proxy server it generates its own
EHLO, DATA and QUIT commands, and forwards unmodified copies of
the MAIL FROM and RCPT TO commands that the Postfix SMTP server
has approved. All commands are sent without using ESMTP command
pipelining. The SMTP proxy server must accept the same MAIL FROM
and RCPT TO command syntax as the Postfix SMTP server.
This feature is meant to be used as follows:
/ smtp
Internet -> smtpd -> proxy -> smtpd -> cleanup -> queue -> local
Postfix Postfix \ virtual etc.
For reference, this is the normal path through Postfix:
/ smtp
Internet -> smtpd -> cleanup -> queue -> local
Postfix \ virtual etc.
For comparison, this is the FILTER_README approach with an SMTP-based
content filter:
/ smtp
Internet -> smtpd -> cleanup -> queue -> local
Postfix ^ v \ virtual etc.
smtpd smtp
Postfix Postfix
\ /
filter <-
Configuration parameters Configuration parameters
======================== ========================
@@ -77,13 +107,20 @@ process.
/etc/postfix/master.cf /etc/postfix/master.cf
smtp inet n - n - - smtpd smtp inet n - n - - smtpd
-o smtpd_proxy_filter=26 -o smtpd_proxy_filter=26
:26 inet n - n - - smtpd :26 inet n - n - - smtpd
-o receive_override_options=no_unknown_recipient_checks
Note: do not specify spaces around the "=" or "," characters.
The ":26" causes Postfix to listen on the localhost address only. The ":26" causes Postfix to listen on the localhost address only.
DO NOT expose the secondary SMTP server to the Internet :-)
The result is as follows: The result is as follows:
Internet -> smtpd on port 25 -> smtpd on port 26 -> cleanup -> queue Internet -> smtpd on port 25 -> smtpd on port 26 -> cleanup -> queue
This configuration is sufficient for stress testing. This configuration is sufficient for stress testing.
Other suggestions for test configurations: use the Postfix smtp-sink
command as the proxy, or something as basic as netcat.

10
postfix/RELEASE_NOTES
View File

@@ -22,6 +22,16 @@ snapshot release). Patches change the patchlevel and the release
date. Snapshots change only the release date, unless they include date. Snapshots change only the release date, unless they include
the same bugfixes as a patch release. the same bugfixes as a patch release.
Major changes with Postfix snapshot 2.0.13-20030705
===================================================
New receive_override_options parameter that eliminates the need
for different cleanup service instances before and after an external
content filter. One parameter controls what happens before or after
the content filter: rejecting unknown recipients, canonical mapping,
virtual alias expansion, masquerading, automatic BCC recipients
and header/body checks. See sample-filter.cf for details.
Incompatible changes with Postfix snapshot 2.0.13-20030704 Incompatible changes with Postfix snapshot 2.0.13-20030704
========================================================== ==========================================================

2
postfix/conf/access
View File

@@ -110,7 +110,7 @@
# A network address is a sequence of one or more # A network address is a sequence of one or more
# octets separated by ".". # octets separated by ".".
# #
# NOTE: use the cidr lookup table type if to specify # NOTE: use the cidr lookup table type to specify
# network/netmask patterns. See cidr_table(5) for # network/netmask patterns. See cidr_table(5) for
# details. # details.
# #

30
postfix/conf/sample-filter.cf
View File

@@ -157,5 +157,33 @@ body_checks = regexp:/etc/postfix/body_checks
# #
# By default, only the first 50 kbytes of a message body segment are # By default, only the first 50 kbytes of a message body segment are
# inspected with body_checks patterns. # inspected with body_checks patterns.
# #
body_checks_max_size = 51200 body_checks_max_size = 51200
# The receive_override_options parameter controls what input processing
# happens before or after an external content filter.
#
# Specify zero or more of the following options. The options override
# main.cf settings and are either implemented by the SMTP server, by
# the QMQP server, or by the pickup server, or they are passed on to
# the cleanup server.
#
# When the receive_override_options setting BEFORE the content filter
# is specified in the main.cf file, specify the "AFTER content filter"
# receive_override_options setting in master.cf (or vice versa).
#
# - no_unknown_recipient_checks: Do not try to reject unknown
# recipients (SMTP server only). This is typically specified AFTER
# an external content filter.
#
# - no_address_mappings: Disable canonical address mapping, virtual
# alias map expansion, address masquerading, and automatic BCC
# recipients. This is typically specified BEFORE an external content
# filter.
#
# - no_header_body_checks: Disable header/body_checks. This is
# typically specified AFTER an external content filter.
#
# receive_override_options = no_unknown_recipient_checks, no_header_body_checks
# receive_override_options = no_address_mappings
receive_override_options =

4
postfix/conf/sample-misc.cf
View File

@@ -429,7 +429,7 @@ recipient_delimiter =
# By default, this feature is disabled. # By default, this feature is disabled.
# #
# Specify the types and names of databases to use. After change, # Specify the types and names of databases to use. After change,
# run "postmap /etc/postfix/relocated", then "postfix reload". # run "postmap /etc/postfix/recipient_bcc".
# #
# NOTE: if mail to the BCC address bounces it will be returned to # NOTE: if mail to the BCC address bounces it will be returned to
# the sender. # the sender.
@@ -492,7 +492,7 @@ resolve_dequoted_address = no
# By default, this feature is disabled. # By default, this feature is disabled.
# #
# Specify the types and names of databases to use. After change, # Specify the types and names of databases to use. After change,
# run "postmap /etc/postfix/relocated", then "postfix reload". # run "postmap /etc/postfix/sender_bcc".
# #
# NOTE: if mail to the BCC address bounces it will be returned to # NOTE: if mail to the BCC address bounces it will be returned to
# the sender. # the sender.

2
postfix/html/access.5.html
View File

@@ -111,7 +111,7 @@ ACCESS(5) ACCESS(5)
A network address is a sequence of one or more A network address is a sequence of one or more
octets separated by ".". octets separated by ".".
NOTE: use the <b>cidr</b> lookup table type if to specify NOTE: use the <b>cidr</b> lookup table type to specify
network/netmask patterns. See <a href="cidr_table.5.html">cidr_table(5)</a> for network/netmask patterns. See <a href="cidr_table.5.html">cidr_table(5)</a> for
details. details.

52
postfix/html/local.8.html
View File

@@ -21,7 +21,7 @@ LOCAL(8) LOCAL(8)
reports are sent to the <a href="bounce.8.html"><b>bounce</b>(8)</a> or <a href="defer.8.html"><b>defer</b>(8)</a> daemon as reports are sent to the <a href="bounce.8.html"><b>bounce</b>(8)</a> or <a href="defer.8.html"><b>defer</b>(8)</a> daemon as
appropriate. appropriate.
<b>SYSTEM-WIDE</b> <b>AND</b> <b>USER-LEVEL</b> <b>ALIASING</b> <b>SYSTEM-WIDE AND USER-LEVEL ALIASING</b>
The system administrator can set up one or more system- The system administrator can set up one or more system-
wide <b>sendmail</b>-style alias databases. Users can have <b>send-</b> wide <b>sendmail</b>-style alias databases. Users can have <b>send-</b>
<b>mail</b>-style ~/.<b>forward</b> files. Mail for <i>name</i> is delivered <b>mail</b>-style ~/.<b>forward</b> files. Mail for <i>name</i> is delivered
@@ -68,7 +68,7 @@ LOCAL(8) LOCAL(8)
<b>cate</b><i>_</i><b>filter</b><i>_</i><b>limit</b> configuration parameter limits the num- <b>cate</b><i>_</i><b>filter</b><i>_</i><b>limit</b> configuration parameter limits the num-
ber of remembered recipients. ber of remembered recipients.
<b>MAIL</b> <b>FORWARDING</b> <b>MAIL FORWARDING</b>
For the sake of reliability, forwarded mail is re-submit- For the sake of reliability, forwarded mail is re-submit-
ted as a new message, so that each recipient has a sepa- ted as a new message, so that each recipient has a sepa-
rate on-file delivery status record. rate on-file delivery status record.
@@ -79,7 +79,7 @@ LOCAL(8) LOCAL(8)
already listed in a <b>Delivered-To:</b> header, the message is already listed in a <b>Delivered-To:</b> header, the message is
bounced. bounced.
<b>MAILBOX</b> <b>DELIVERY</b> <b>MAILBOX DELIVERY</b>
The default per-user mailbox is a file in the UNIX mail The default per-user mailbox is a file in the UNIX mail
spool directory (<b>/var/mail/</b><i>user</i> or <b>/var/spool/mail/</b><i>user</i>); spool directory (<b>/var/mail/</b><i>user</i> or <b>/var/spool/mail/</b><i>user</i>);
the location can be specified with the <b>mail</b><i>_</i><b>spool</b><i>_</i><b>direc-</b> the location can be specified with the <b>mail</b><i>_</i><b>spool</b><i>_</i><b>direc-</b>
@@ -109,7 +109,7 @@ LOCAL(8) LOCAL(8)
UNIX passwd database. UNIX passwd database.
In the case of UNIX-style mailbox delivery, the <b>local</b> dae- In the case of UNIX-style mailbox delivery, the <b>local</b> dae-
mon prepends a "<b>From</b> <i>sender</i> <i>time_stamp</i>" envelope header to mon prepends a "<b>From</b> <i>sender time_stamp</i>" envelope header to
each message, prepends an <b>X-Original-To:</b> header with the each message, prepends an <b>X-Original-To:</b> header with the
recipient address as given to Postfix, prepends an recipient address as given to Postfix, prepends an
optional <b>Delivered-To:</b> header with the envelope recipient optional <b>Delivered-To:</b> header with the envelope recipient
@@ -126,10 +126,10 @@ LOCAL(8) LOCAL(8)
the recipient address as given to Postfix, and prepends a the recipient address as given to Postfix, and prepends a
<b>Return-Path:</b> header with the envelope sender address. <b>Return-Path:</b> header with the envelope sender address.
<b>EXTERNAL</b> <b>COMMAND</b> <b>DELIVERY</b> <b>EXTERNAL COMMAND DELIVERY</b>
The <b>allow</b><i>_</i><b>mail</b><i>_</i><b>to</b><i>_</i><b>commands</b> configuration parameter The <b>allow</b><i>_</i><b>mail</b><i>_</i><b>to</b><i>_</i><b>commands</b> configuration parameter
restricts delivery to external commands. The default set- restricts delivery to external commands. The default set-
ting (<b>alias,</b> <b>forward</b>) forbids command destinations in ting (<b>alias, forward</b>) forbids command destinations in
<b>:include:</b> files. <b>:include:</b> files.
The command is executed directly where possible. Assis- The command is executed directly where possible. Assis-
@@ -179,14 +179,14 @@ LOCAL(8) LOCAL(8)
The current working directory is the mail queue directory. The current working directory is the mail queue directory.
The <b>local</b> daemon prepends a "<b>From</b> <i>sender</i> <i>time_stamp</i>" enve- The <b>local</b> daemon prepends a "<b>From</b> <i>sender time_stamp</i>" enve-
lope header to each message, prepends an <b>X-Original-To:</b> lope header to each message, prepends an <b>X-Original-To:</b>
header with the recipient address as given to Postfix, header with the recipient address as given to Postfix,
prepends an optional <b>Delivered-To:</b> header with the recipi- prepends an optional <b>Delivered-To:</b> header with the recipi-
ent envelope address, prepends a <b>Return-Path:</b> header with ent envelope address, prepends a <b>Return-Path:</b> header with
the sender envelope address, and appends no empty line. the sender envelope address, and appends no empty line.
<b>EXTERNAL</b> <b>FILE</b> <b>DELIVERY</b> <b>EXTERNAL FILE DELIVERY</b>
The delivery format depends on the destination filename The delivery format depends on the destination filename
syntax. The default is to use UNIX-style mailbox format. syntax. The default is to use UNIX-style mailbox format.
Specify a name ending in <b>/</b> for <b>qmail</b>-compatible <b>maildir</b> Specify a name ending in <b>/</b> for <b>qmail</b>-compatible <b>maildir</b>
@@ -197,7 +197,7 @@ LOCAL(8) LOCAL(8)
<b>forward</b>) forbids file destinations in <b>:include:</b> files. <b>forward</b>) forbids file destinations in <b>:include:</b> files.
In the case of UNIX-style mailbox delivery, the <b>local</b> dae- In the case of UNIX-style mailbox delivery, the <b>local</b> dae-
mon prepends a "<b>From</b> <i>sender</i> <i>time_stamp</i>" envelope header to mon prepends a "<b>From</b> <i>sender time_stamp</i>" envelope header to
each message, prepends an <b>X-Original-To:</b> header with the each message, prepends an <b>X-Original-To:</b> header with the
recipient address as given to Postfix, prepends an recipient address as given to Postfix, prepends an
optional <b>Delivered-To:</b> header with the recipient envelope optional <b>Delivered-To:</b> header with the recipient envelope
@@ -215,12 +215,12 @@ LOCAL(8) LOCAL(8)
the recipient address as given to Postfix. The envelope the recipient address as given to Postfix. The envelope
sender address is available in the <b>Return-Path:</b> header. sender address is available in the <b>Return-Path:</b> header.
<b>ADDRESS</b> <b>EXTENSION</b> <b>ADDRESS EXTENSION</b>
The optional <b>recipient</b><i>_</i><b>delimiter</b> configuration parameter The optional <b>recipient</b><i>_</i><b>delimiter</b> configuration parameter
specifies how to separate address extensions from local specifies how to separate address extensions from local
recipient names. recipient names.
For example, with "<b>recipient</b><i>_</i><b>delimiter</b> <b>=</b> <b>+</b>", mail for For example, with "<b>recipient</b><i>_</i><b>delimiter = +</b>", mail for
<i>name</i>+<i>foo</i> is delivered to the alias <i>name</i>+<i>foo</i> or to the <i>name</i>+<i>foo</i> is delivered to the alias <i>name</i>+<i>foo</i> or to the
alias <i>name</i>, to the destinations listed in ~<i>name</i>/.<b>for-</b> alias <i>name</i>, to the destinations listed in ~<i>name</i>/.<b>for-</b>
<b>ward</b>+<i>foo</i> or in ~<i>name</i>/.<b>forward</b>, to the mailbox owned by the <b>ward</b>+<i>foo</i> or in ~<i>name</i>/.<b>forward</b>, to the mailbox owned by the
@@ -229,7 +229,7 @@ LOCAL(8) LOCAL(8)
In all cases the <b>local</b> daemon prepends an optional `<b>Deliv-</b> In all cases the <b>local</b> daemon prepends an optional `<b>Deliv-</b>
<b>ered-To:</b> <i>name</i>+<i>foo</i>' header line. <b>ered-To:</b> <i>name</i>+<i>foo</i>' header line.
<b>DELIVERY</b> <b>RIGHTS</b> <b>DELIVERY RIGHTS</b>
Deliveries to external files and external commands are Deliveries to external files and external commands are
made with the rights of the receiving user on whose behalf made with the rights of the receiving user on whose behalf
the delivery is made. In the absence of a user context, the delivery is made. In the absence of a user context,
@@ -261,10 +261,10 @@ LOCAL(8) LOCAL(8)
detected early. The resulting mail forwarding loop is detected early. The resulting mail forwarding loop is
broken by the use of the <b>Delivered-To:</b> message header. broken by the use of the <b>Delivered-To:</b> message header.
<b>CONFIGURATION</b> <b>PARAMETERS</b> <b>CONFIGURATION PARAMETERS</b>
The following <b>main.cf</b> parameters are especially relevant The following <b>main.cf</b> parameters are especially relevant
to this program. See the Postfix <b>main.cf</b> file for syntax to this program. See the Postfix <b>main.cf</b> file for syntax
details and for default values. Use the <b>postfix</b> <b>reload</b> details and for default values. Use the <b>postfix reload</b>
command after a configuration change. command after a configuration change.
<b>Miscellaneous</b> <b>Miscellaneous</b>
@@ -302,7 +302,7 @@ LOCAL(8) LOCAL(8)
<b>prepend</b><i>_</i><b>delivered</b><i>_</i><b>header</b> <b>prepend</b><i>_</i><b>delivered</b><i>_</i><b>header</b>
Prepend an optional <b>Delivered-To:</b> header upon Prepend an optional <b>Delivered-To:</b> header upon
external forwarding, delivery to command or file. external forwarding, delivery to command or file.
Specify zero or more of: <b>command,</b> <b>file,</b> <b>forward</b>. Specify zero or more of: <b>command, file, forward</b>.
Turning off <b>Delivered-To:</b> when forwarding mail is Turning off <b>Delivered-To:</b> when forwarding mail is
not recommended. not recommended.
@@ -314,7 +314,7 @@ LOCAL(8) LOCAL(8)
sible by the recipient before attempting delivery. sible by the recipient before attempting delivery.
Defer delivery otherwise. Defer delivery otherwise.
<b>Mailbox</b> <b>delivery</b> <b>Mailbox delivery</b>
<b>fallback</b><i>_</i><b>transport</b> <b>fallback</b><i>_</i><b>transport</b>
Message transport for recipients that are not found Message transport for recipients that are not found
in the UNIX passwd database. This parameter over- in the UNIX passwd database. This parameter over-
@@ -323,7 +323,7 @@ LOCAL(8) LOCAL(8)
Note: you must update the <b>local</b><i>_</i><b>recipient</b><i>_</i><b>maps</b> set- Note: you must update the <b>local</b><i>_</i><b>recipient</b><i>_</i><b>maps</b> set-
ting in the <b>main.cf</b> file, otherwise the Postfix ting in the <b>main.cf</b> file, otherwise the Postfix
SMTP server will reject mail for non-UNIX accounts SMTP server will reject mail for non-UNIX accounts
with "<b>User</b> <b>unknown</b> <b>in</b> <b>local</b> <b>recipient</b> <b>table</b>". with "<b>User unknown in local recipient table</b>".
<b>home</b><i>_</i><b>mailbox</b> <b>home</b><i>_</i><b>mailbox</b>
Pathname of a mailbox relative to a user's home Pathname of a mailbox relative to a user's home
@@ -335,10 +335,10 @@ LOCAL(8) LOCAL(8)
users. The <i>address</i> is subjected to <i>$name</i> expan- users. The <i>address</i> is subjected to <i>$name</i> expan-
sion. sion.
Note: you must specify "<b>local</b><i>_</i><b>recipient</b><i>_</i><b>maps</b> <b>=</b>" Note: you must specify "<b>local</b><i>_</i><b>recipient</b><i>_</i><b>maps =</b>"
(i.e. empty) in the <b>main.cf</b> file, otherwise the (i.e. empty) in the <b>main.cf</b> file, otherwise the
Postfix SMTP server will reject mail for non-UNIX Postfix SMTP server will reject mail for non-UNIX
accounts with "<b>User</b> <b>unknown</b> <b>in</b> <b>local</b> <b>recipient</b> accounts with "<b>User unknown in local recipient</b>
<b>table</b>". <b>table</b>".
<b>mail</b><i>_</i><b>spool</b><i>_</i><b>directory</b> <b>mail</b><i>_</i><b>spool</b><i>_</i><b>directory</b>
@@ -368,10 +368,10 @@ LOCAL(8) LOCAL(8)
non-UNIX accounts then you must update the non-UNIX accounts then you must update the
<b>local</b><i>_</i><b>recipient</b><i>_</i><b>maps</b> setting in the <b>main.cf</b> file, <b>local</b><i>_</i><b>recipient</b><i>_</i><b>maps</b> setting in the <b>main.cf</b> file,
otherwise the Postfix SMTP server will reject mail otherwise the Postfix SMTP server will reject mail
for non-UNIX accounts with "<b>User</b> <b>unknown</b> <b>in</b> <b>local</b> for non-UNIX accounts with "<b>User unknown in local</b>
<b>recipient</b> <b>table</b>". <b>recipient table</b>".
<b>Locking</b> <b>controls</b> <b>Locking controls</b>
<b>deliver</b><i>_</i><b>lock</b><i>_</i><b>attempts</b> <b>deliver</b><i>_</i><b>lock</b><i>_</i><b>attempts</b>
Limit the number of attempts to acquire an exclu- Limit the number of attempts to acquire an exclu-
sive lock on a mailbox or external file. sive lock on a mailbox or external file.
@@ -387,9 +387,9 @@ LOCAL(8) LOCAL(8)
What file locking method(s) to use when delivering What file locking method(s) to use when delivering
to a UNIX-style mailbox. The default setting is to a UNIX-style mailbox. The default setting is
system dependent. For a list of available file system dependent. For a list of available file
locking methods, use the <b>postconf</b> <b>-l</b> command. locking methods, use the <b>postconf -l</b> command.
<b>Resource</b> <b>controls</b> <b>Resource controls</b>
<b>command</b><i>_</i><b>time</b><i>_</i><b>limit</b> <b>command</b><i>_</i><b>time</b><i>_</i><b>limit</b>
Limit the amount of time for delivery to external Limit the amount of time for delivery to external
command. command.
@@ -417,7 +417,7 @@ LOCAL(8) LOCAL(8)
that is written to upon delivery). Set to zero to that is written to upon delivery). Set to zero to
disable the limit. disable the limit.
<b>Security</b> <b>controls</b> <b>Security controls</b>
<b>allow</b><i>_</i><b>mail</b><i>_</i><b>to</b><i>_</i><b>commands</b> <b>allow</b><i>_</i><b>mail</b><i>_</i><b>to</b><i>_</i><b>commands</b>
Restrict the usage of mail delivery to external Restrict the usage of mail delivery to external
command. Specify zero or more of: <b>alias</b>, <b>forward</b>, command. Specify zero or more of: <b>alias</b>, <b>forward</b>,
@@ -449,7 +449,7 @@ LOCAL(8) LOCAL(8)
The <i>maildir</i> structure appears in the <b>qmail</b> system by The <i>maildir</i> structure appears in the <b>qmail</b> system by
Daniel Bernstein. Daniel Bernstein.
<b>SEE</b> <b>ALSO</b> <b>SEE ALSO</b>
<a href="aliases.5.html">aliases(5)</a> format of alias database <a href="aliases.5.html">aliases(5)</a> format of alias database
<a href="bounce.8.html">bounce(8)</a> non-delivery status reports <a href="bounce.8.html">bounce(8)</a> non-delivery status reports
<a href="postalias.1.html">postalias(1)</a> create/update alias database <a href="postalias.1.html">postalias(1)</a> create/update alias database

25
postfix/html/pickup.8.html
View File

@@ -37,13 +37,13 @@ PICKUP(8) PICKUP(8)
already complex <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon would have to deal with already complex <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon would have to deal with
unfiltered user data. unfiltered user data.
<b>CONFIGURATION</b> <b>PARAMETERS</b> <b>CONFIGURATION PARAMETERS</b>
The following <b>main.cf</b> parameters are especially relevant The following <b>main.cf</b> parameters are especially relevant
to this program. See the Postfix <b>main.cf</b> file for syntax to this program. See the Postfix <b>main.cf</b> file for syntax
details and for default values. Use the <b>postfix</b> <b>reload</b> details and for default values. Use the <b>postfix reload</b>
command after a configuration change. command after a configuration change.
<b>Content</b> <b>inspection</b> <b>controls</b> <b>Content inspection controls</b>
<b>content</b><i>_</i><b>filter</b> <b>content</b><i>_</i><b>filter</b>
The name of a mail delivery transport that filters The name of a mail delivery transport that filters
mail and that either bounces mail or re-injects the mail and that either bounces mail or re-injects the
@@ -51,11 +51,28 @@ PICKUP(8) PICKUP(8)
same syntax as the right-hand side of a Postfix same syntax as the right-hand side of a Postfix
transport table. transport table.
<b>receive</b><i>_</i><b>override</b><i>_</i><b>options</b>
The following options override <b>main.cf</b> settings.
The options are passed on to the downstream cleanup
server.
<b>no</b><i>_</i><b>address</b><i>_</i><b>mappings</b>
Disable canonical address mapping, virtual
alias map expansion, address masquerading,
and automatic BCC recipients. Specify this
if address mapping etc. are to be done <b>after</b>
an external content filter.
<b>no</b><i>_</i><b>header</b><i>_</i><b>body</b><i>_</i><b>checks</b>
Disable header/body_checks. Specify this if
header/body_checks are to be done <b>after</b> an
external content filter.
<b>Miscellaneous</b> <b>Miscellaneous</b>
<b>queue</b><i>_</i><b>directory</b> <b>queue</b><i>_</i><b>directory</b>
Top-level directory of the Postfix queue. Top-level directory of the Postfix queue.
<b>SEE</b> <b>ALSO</b> <b>SEE ALSO</b>
<a href="cleanup.8.html">cleanup(8)</a> message canonicalization <a href="cleanup.8.html">cleanup(8)</a> message canonicalization
<a href="master.8.html">master(8)</a> process manager <a href="master.8.html">master(8)</a> process manager
<a href="sendmail.1.html">sendmail(1)</a>, postdrop(8) mail posting agent <a href="sendmail.1.html">sendmail(1)</a>, postdrop(8) mail posting agent

8
postfix/html/postcat.1.html
View File

@@ -20,8 +20,8 @@ POSTCAT(1) POSTCAT(1)
directory instead of the default configuration directory instead of the default configuration
directory. directory.
<b>-q</b> Search the Postfix queue for <i>files</i>. By default, <b>-q</b> Search the Postfix queue for the named <i>files</i>
file names are taken literally. instead of taking the names literally.
<b>-v</b> Enable verbose logging for debugging purposes. Mul- <b>-v</b> Enable verbose logging for debugging purposes. Mul-
tiple <b>-v</b> options make the software increasingly tiple <b>-v</b> options make the software increasingly
@@ -34,9 +34,9 @@ POSTCAT(1) POSTCAT(1)
<b>MAIL</b><i>_</i><b>CONFIG</b> <b>MAIL</b><i>_</i><b>CONFIG</b>
Directory with Postfix configuration files. Directory with Postfix configuration files.
<b>CONFIGURATION</b> <b>PARAMETERS</b> <b>CONFIGURATION PARAMETERS</b>
See the Postfix <b>main.cf</b> file for syntax details and for See the Postfix <b>main.cf</b> file for syntax details and for
default values. Use the <b>postfix</b> <b>reload</b> command after a default values. Use the <b>postfix reload</b> command after a
configuration change. configuration change.
<b>queue</b><i>_</i><b>directory</b> <b>queue</b><i>_</i><b>directory</b>

27
postfix/html/qmqpd.8.html
View File

@@ -37,10 +37,10 @@ QMQPD(8) QMQPD(8)
Postfix replies immediately and closes the connection. It Postfix replies immediately and closes the connection. It
is left up to the client to handle the situation. is left up to the client to handle the situation.
<b>CONFIGURATION</b> <b>PARAMETERS</b> <b>CONFIGURATION PARAMETERS</b>
The following <b>main.cf</b> parameters are especially relevant The following <b>main.cf</b> parameters are especially relevant
to this program. See the Postfix <b>main.cf</b> file for syntax to this program. See the Postfix <b>main.cf</b> file for syntax
details and for default values. Use the <b>postfix</b> <b>reload</b> details and for default values. Use the <b>postfix reload</b>
command after a configuration change. command after a configuration change.
<b>Miscellaneous</b> <b>Miscellaneous</b>
@@ -71,7 +71,7 @@ QMQPD(8) QMQPD(8)
reject responses. This can be useful for testing reject responses. This can be useful for testing
purposes. purposes.
<b>Content</b> <b>inspection</b> <b>controls</b> <b>Content inspection controls</b>
<b>content</b><i>_</i><b>filter</b> <b>content</b><i>_</i><b>filter</b>
The name of a mail delivery transport that filters The name of a mail delivery transport that filters
mail and that either bounces mail or re-injects the mail and that either bounces mail or re-injects the
@@ -79,7 +79,24 @@ QMQPD(8) QMQPD(8)
same syntax as the right-hand side of a Postfix same syntax as the right-hand side of a Postfix
transport table. transport table.
<b>Resource</b> <b>controls</b> <b>receive</b><i>_</i><b>override</b><i>_</i><b>options</b>
The following options override <b>main.cf</b> settings.
The options are passed on to the downstream cleanup
server.
<b>no</b><i>_</i><b>address</b><i>_</i><b>mappings</b>
Disable canonical address mapping, virtual
alias map expansion, address masquerading,
and automatic BCC recipients. Specify this
if address mapping etc. are to be done <b>after</b>
an external content filter.
<b>no</b><i>_</i><b>header</b><i>_</i><b>body</b><i>_</i><b>checks</b>
Disable header/body_checks. Specify this if
header/body_checks are to be done <b>after</b> an
external content filter.
<b>Resource controls</b>
<b>line</b><i>_</i><b>length</b><i>_</i><b>limit</b> <b>line</b><i>_</i><b>length</b><i>_</i><b>limit</b>
Limit the amount of memory in bytes used for the Limit the amount of memory in bytes used for the
handling of partial input lines, and the length of handling of partial input lines, and the length of
@@ -96,7 +113,7 @@ QMQPD(8) QMQPD(8)
Time to wait in seconds before informing the client Time to wait in seconds before informing the client
of a problem. This slows down run-away errors. of a problem. This slows down run-away errors.
<b>SEE</b> <b>ALSO</b> <b>SEE ALSO</b>
<a href="http://cr.yp.to/proto/qmqp.html">http://cr.yp.to/proto/qmqp.html</a>, QMQP protocol <a href="http://cr.yp.to/proto/qmqp.html">http://cr.yp.to/proto/qmqp.html</a>, QMQP protocol
<a href="cleanup.8.html">cleanup(8)</a> message canonicalization <a href="cleanup.8.html">cleanup(8)</a> message canonicalization
<a href="master.8.html">master(8)</a> process manager <a href="master.8.html">master(8)</a> process manager

187
postfix/html/smtpd.8.html
View File

@@ -80,10 +80,33 @@ SMTPD(8) SMTPD(8)
same syntax as the right-hand side of a Postfix same syntax as the right-hand side of a Postfix
transport table. transport table.
<b>receive</b><i>_</i><b>override</b><i>_</i><b>options</b>
The following options override <b>main.cf</b> settings.
The options are either implemented by the SMTP
server or are passed on to the downstream cleanup
server.
<b>no</b><i>_</i><b>unknown</b><i>_</i><b>recipient</b><i>_</i><b>checks</b>
Do not try to reject unknown recipients.
This is typically specified with the SMTP
server <b>after</b> an external content filter.
<b>no</b><i>_</i><b>address</b><i>_</i><b>mappings</b>
Disable canonical address mapping, virtual
alias map expansion, address masquerading,
and automatic BCC recipients. This is typi-
cally specified with the SMTP server <b>before</b>
an external content filter.
<b>no</b><i>_</i><b>header</b><i>_</i><b>body</b><i>_</i><b>checks</b>
Disable header/body_checks. This is typi-
cally specified with the SMTP server <b>after</b>
an external content filter.
<b>Authentication controls</b> <b>Authentication controls</b>
<b>enable</b><i>_</i><b>sasl</b><i>_</i><b>authentication</b> <b>enable</b><i>_</i><b>sasl</b><i>_</i><b>authentication</b>
Enable per-session authentication as per <a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a> Enable per-session authentication as per <a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a>
(SASL). This functionality is available only when (SASL). This functionality is available only when
explicitly selected at program build time and explicitly selected at program build time and
explicitly enabled at runtime. explicitly enabled at runtime.
@@ -109,16 +132,16 @@ SMTPD(8) SMTPD(8)
Disallow anonymous logins. Disallow anonymous logins.
<b>smtpd</b><i>_</i><b>sender</b><i>_</i><b>login</b><i>_</i><b>maps</b> <b>smtpd</b><i>_</i><b>sender</b><i>_</i><b>login</b><i>_</i><b>maps</b>
Maps that specify the SASL login name that owns a Maps that specify the SASL login name that owns a
MAIL FROM sender address. Used by the MAIL FROM sender address. Used by the
<b>reject</b><i>_</i><b>sender</b><i>_</i><b>login</b><i>_</i><b>mismatch</b> sender anti-spoofing <b>reject</b><i>_</i><b>sender</b><i>_</i><b>login</b><i>_</i><b>mismatch</b> sender anti-spoofing
restriction. restriction.
<b>Pass-through proxy</b> <b>Pass-through proxy</b>
Optionally, the Postfix SMTP server can be configured to Optionally, the Postfix SMTP server can be configured to
forward all mail to a proxy server, for example a real- forward all mail to a proxy server, for example a real-
time content filter. This proxy server should support the time content filter. This proxy server should support the
same MAIL FROM and RCPT TO command syntax as Postfix, but same MAIL FROM and RCPT TO command syntax as Postfix, but
does not need to support ESMTP command pipelining. does not need to support ESMTP command pipelining.
<b>smtpd</b><i>_</i><b>proxy</b><i>_</i><b>filter</b> <b>smtpd</b><i>_</i><b>proxy</b><i>_</i><b>filter</b>
@@ -139,23 +162,23 @@ SMTPD(8) SMTPD(8)
that are authorized to use the XVERP extension. that are authorized to use the XVERP extension.
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>level</b> <b>debug</b><i>_</i><b>peer</b><i>_</i><b>level</b>
Increment in verbose logging level when a remote Increment in verbose logging level when a remote
host matches a pattern in the <b>debug</b><i>_</i><b>peer</b><i>_</i><b>list</b> host matches a pattern in the <b>debug</b><i>_</i><b>peer</b><i>_</i><b>list</b>
parameter. parameter.
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>list</b> <b>debug</b><i>_</i><b>peer</b><i>_</i><b>list</b>
List of domain or network patterns. When a remote List of domain or network patterns. When a remote
host matches a pattern, increase the verbose log- host matches a pattern, increase the verbose log-
ging level by the amount specified in the ging level by the amount specified in the
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>level</b> parameter. <b>debug</b><i>_</i><b>peer</b><i>_</i><b>level</b> parameter.
<b>default</b><i>_</i><b>verp</b><i>_</i><b>delimiters</b> <b>default</b><i>_</i><b>verp</b><i>_</i><b>delimiters</b>
The default VERP delimiter characters that are used The default VERP delimiter characters that are used
when the XVERP command is specified without when the XVERP command is specified without
explicit delimiters. explicit delimiters.
<b>error</b><i>_</i><b>notice</b><i>_</i><b>recipient</b> <b>error</b><i>_</i><b>notice</b><i>_</i><b>recipient</b>
Recipient of protocol/policy/resource/software Recipient of protocol/policy/resource/software
error notices. error notices.
<b>hopcount</b><i>_</i><b>limit</b> <b>hopcount</b><i>_</i><b>limit</b>
@@ -164,18 +187,18 @@ SMTPD(8) SMTPD(8)
<b>notify</b><i>_</i><b>classes</b> <b>notify</b><i>_</i><b>classes</b>
List of error classes. Of special interest are: List of error classes. Of special interest are:
<b>policy</b> When a client violates any policy, mail a <b>policy</b> When a client violates any policy, mail a
transcript of the entire SMTP session to the transcript of the entire SMTP session to the
postmaster. postmaster.
<b>protocol</b> <b>protocol</b>
When a client violates the SMTP protocol or When a client violates the SMTP protocol or
issues an unimplemented command, mail a issues an unimplemented command, mail a
transcript of the entire SMTP session to the transcript of the entire SMTP session to the
postmaster. postmaster.
<b>smtpd</b><i>_</i><b>banner</b> <b>smtpd</b><i>_</i><b>banner</b>
Text that follows the <b>220</b> status code in the SMTP Text that follows the <b>220</b> status code in the SMTP
greeting banner. greeting banner.
<b>smtpd</b><i>_</i><b>expansion</b><i>_</i><b>filter</b> <b>smtpd</b><i>_</i><b>expansion</b><i>_</i><b>filter</b>
@@ -183,57 +206,57 @@ SMTPD(8) SMTPD(8)
expansion of rbl template responses and other text. expansion of rbl template responses and other text.
<b>smtpd</b><i>_</i><b>recipient</b><i>_</i><b>limit</b> <b>smtpd</b><i>_</i><b>recipient</b><i>_</i><b>limit</b>
Restrict the number of recipients that the SMTP Restrict the number of recipients that the SMTP
server accepts per message delivery. server accepts per message delivery.
<b>smtpd</b><i>_</i><b>timeout</b> <b>smtpd</b><i>_</i><b>timeout</b>
Limit the time to send a server response and to Limit the time to send a server response and to
receive a client request. receive a client request.
<b>soft</b><i>_</i><b>bounce</b> <b>soft</b><i>_</i><b>bounce</b>
Change hard (5xx) reject responses into soft (4xx) Change hard (5xx) reject responses into soft (4xx)
reject responses. This can be useful for testing reject responses. This can be useful for testing
purposes. purposes.
<b>verp</b><i>_</i><b>delimiter</b><i>_</i><b>filter</b> <b>verp</b><i>_</i><b>delimiter</b><i>_</i><b>filter</b>
The characters that Postfix accepts as VERP delim- The characters that Postfix accepts as VERP delim-
iter characters. iter characters.
<b>Known versus unknown recipients</b> <b>Known versus unknown recipients</b>
<b>show</b><i>_</i><b>user</b><i>_</i><b>unknown</b><i>_</i><b>table</b><i>_</i><b>name</b> <b>show</b><i>_</i><b>user</b><i>_</i><b>unknown</b><i>_</i><b>table</b><i>_</i><b>name</b>
Whether or not to reveal the table name in the Whether or not to reveal the table name in the
"User unknown" responses. The extra detail makes "User unknown" responses. The extra detail makes
trouble shooting easier but also reveals informa- trouble shooting easier but also reveals informa-
tion that is nobody elses business. tion that is nobody elses business.
<b>unknown</b><i>_</i><b>local</b><i>_</i><b>recipient</b><i>_</i><b>reject</b><i>_</i><b>code</b> <b>unknown</b><i>_</i><b>local</b><i>_</i><b>recipient</b><i>_</i><b>reject</b><i>_</i><b>code</b>
The response code when a client specifies a recipi- The response code when a client specifies a recipi-
ent whose domain matches <b>$mydestination</b> or ent whose domain matches <b>$mydestination</b> or
<b>$inet</b><i>_</i><b>interfaces</b>, while <b>$local</b><i>_</i><b>recipient</b><i>_</i><b>maps</b> is <b>$inet</b><i>_</i><b>interfaces</b>, while <b>$local</b><i>_</i><b>recipient</b><i>_</i><b>maps</b> is
non-empty and does not list the recipient address non-empty and does not list the recipient address
or address local-part. or address local-part.
<b>unknown</b><i>_</i><b>relay</b><i>_</i><b>recipient</b><i>_</i><b>reject</b><i>_</i><b>code</b> <b>unknown</b><i>_</i><b>relay</b><i>_</i><b>recipient</b><i>_</i><b>reject</b><i>_</i><b>code</b>
The response code when a client specifies a recipi- The response code when a client specifies a recipi-
ent whose domain matches <b>$relay</b><i>_</i><b>domains</b>, while ent whose domain matches <b>$relay</b><i>_</i><b>domains</b>, while
<b>$relay</b><i>_</i><b>recipient</b><i>_</i><b>maps</b> is non-empty and does not <b>$relay</b><i>_</i><b>recipient</b><i>_</i><b>maps</b> is non-empty and does not
list the recipient address. list the recipient address.
<b>unknown</b><i>_</i><b>virtual</b><i>_</i><b>alias</b><i>_</i><b>reject</b><i>_</i><b>code</b> <b>unknown</b><i>_</i><b>virtual</b><i>_</i><b>alias</b><i>_</i><b>reject</b><i>_</i><b>code</b>
The response code when a client specifies a recipi- The response code when a client specifies a recipi-
ent whose domain matches <b>$virtual</b><i>_</i><b>alias</b><i>_</i><b>domains</b>, ent whose domain matches <b>$virtual</b><i>_</i><b>alias</b><i>_</i><b>domains</b>,
while the recipient is not listed in <b>$vir-</b> while the recipient is not listed in <b>$vir-</b>
<b>tual</b><i>_</i><b>alias</b><i>_</i><b>maps</b>. <b>tual</b><i>_</i><b>alias</b><i>_</i><b>maps</b>.
<b>unknown</b><i>_</i><b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>reject</b><i>_</i><b>code</b> <b>unknown</b><i>_</i><b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>reject</b><i>_</i><b>code</b>
The response code when a client specifies a recipi- The response code when a client specifies a recipi-
ent whose domain matches <b>$virtual</b><i>_</i><b>mailbox</b><i>_</i><b>domains</b>, ent whose domain matches <b>$virtual</b><i>_</i><b>mailbox</b><i>_</i><b>domains</b>,
while the recipient is not listed in <b>$virtual</b><i>_</i><b>mail-</b> while the recipient is not listed in <b>$virtual</b><i>_</i><b>mail-</b>
<b>box</b><i>_</i><b>maps</b>. <b>box</b><i>_</i><b>maps</b>.
<b>Resource controls</b> <b>Resource controls</b>
<b>line</b><i>_</i><b>length</b><i>_</i><b>limit</b> <b>line</b><i>_</i><b>length</b><i>_</i><b>limit</b>
Limit the amount of memory in bytes used for the Limit the amount of memory in bytes used for the
handling of partial input lines. handling of partial input lines.
<b>message</b><i>_</i><b>size</b><i>_</i><b>limit</b> <b>message</b><i>_</i><b>size</b><i>_</i><b>limit</b>
@@ -241,8 +264,8 @@ SMTPD(8) SMTPD(8)
ing on-disk storage for envelope information. ing on-disk storage for envelope information.
<b>queue</b><i>_</i><b>minfree</b> <b>queue</b><i>_</i><b>minfree</b>
Minimal amount of free space in bytes in the queue Minimal amount of free space in bytes in the queue
file system for the SMTP server to accept any mail file system for the SMTP server to accept any mail
at all. at all.
<b>smtpd</b><i>_</i><b>history</b><i>_</i><b>flush</b><i>_</i><b>threshold</b> <b>smtpd</b><i>_</i><b>history</b><i>_</i><b>flush</b><i>_</i><b>threshold</b>
@@ -257,23 +280,23 @@ SMTPD(8) SMTPD(8)
<b>smtpd</b><i>_</i><b>soft</b><i>_</i><b>error</b><i>_</i><b>limit</b> <b>smtpd</b><i>_</i><b>soft</b><i>_</i><b>error</b><i>_</i><b>limit</b>
When an SMTP client has made this number of errors, When an SMTP client has made this number of errors,
wait <i>error_count</i> seconds before responding to any wait <i>error_count</i> seconds before responding to any
client request. client request.
<b>smtpd</b><i>_</i><b>hard</b><i>_</i><b>error</b><i>_</i><b>limit</b> <b>smtpd</b><i>_</i><b>hard</b><i>_</i><b>error</b><i>_</i><b>limit</b>
Disconnect after a client has made this number of Disconnect after a client has made this number of
errors. errors.
<b>smtpd</b><i>_</i><b>junk</b><i>_</i><b>command</b><i>_</i><b>limit</b> <b>smtpd</b><i>_</i><b>junk</b><i>_</i><b>command</b><i>_</i><b>limit</b>
Limit the number of times a client can issue a junk Limit the number of times a client can issue a junk
command such as NOOP, VRFY, ETRN or RSET in one command such as NOOP, VRFY, ETRN or RSET in one
SMTP session before it is penalized with tarpit SMTP session before it is penalized with tarpit
delays. delays.
<b>UCE control restrictions</b> <b>UCE control restrictions</b>
<b>parent</b><i>_</i><b>domain</b><i>_</i><b>matches</b><i>_</i><b>subdomains</b> <b>parent</b><i>_</i><b>domain</b><i>_</i><b>matches</b><i>_</i><b>subdomains</b>
List of Postfix features that use <i>domain.tld</i> pat- List of Postfix features that use <i>domain.tld</i> pat-
terns to match <i>sub.domain.tld</i> (as opposed to terns to match <i>sub.domain.tld</i> (as opposed to
requiring <i>.domain.tld</i> patterns). requiring <i>.domain.tld</i> patterns).
<b>smtpd</b><i>_</i><b>client</b><i>_</i><b>restrictions</b> <b>smtpd</b><i>_</i><b>client</b><i>_</i><b>restrictions</b>
@@ -281,19 +304,19 @@ SMTPD(8) SMTPD(8)
tem. tem.
<b>smtpd</b><i>_</i><b>helo</b><i>_</i><b>required</b> <b>smtpd</b><i>_</i><b>helo</b><i>_</i><b>required</b>
Require that clients introduce themselves at the Require that clients introduce themselves at the
beginning of an SMTP session. beginning of an SMTP session.
<b>smtpd</b><i>_</i><b>helo</b><i>_</i><b>restrictions</b> <b>smtpd</b><i>_</i><b>helo</b><i>_</i><b>restrictions</b>
Restrict what client hostnames are allowed in <b>HELO</b> Restrict what client hostnames are allowed in <b>HELO</b>
and <b>EHLO</b> commands. and <b>EHLO</b> commands.
<b>smtpd</b><i>_</i><b>sender</b><i>_</i><b>restrictions</b> <b>smtpd</b><i>_</i><b>sender</b><i>_</i><b>restrictions</b>
Restrict what sender addresses are allowed in <b>MAIL</b> Restrict what sender addresses are allowed in <b>MAIL</b>
<b>FROM</b> commands. <b>FROM</b> commands.
<b>smtpd</b><i>_</i><b>recipient</b><i>_</i><b>restrictions</b> <b>smtpd</b><i>_</i><b>recipient</b><i>_</i><b>restrictions</b>
Restrict what recipient addresses are allowed in Restrict what recipient addresses are allowed in
<b>RCPT TO</b> commands. <b>RCPT TO</b> commands.
<b>smtpd</b><i>_</i><b>etrn</b><i>_</i><b>restrictions</b> <b>smtpd</b><i>_</i><b>etrn</b><i>_</i><b>restrictions</b>
@@ -301,96 +324,96 @@ SMTPD(8) SMTPD(8)
mands, and what clients may issue <b>ETRN</b> commands. mands, and what clients may issue <b>ETRN</b> commands.
<b>smtpd</b><i>_</i><b>data</b><i>_</i><b>restrictions</b> <b>smtpd</b><i>_</i><b>data</b><i>_</i><b>restrictions</b>
Restrictions on the <b>DATA</b> command. Currently, the Restrictions on the <b>DATA</b> command. Currently, the
only restriction that makes sense here is only restriction that makes sense here is
<b>reject</b><i>_</i><b>unauth</b><i>_</i><b>pipelining</b>. <b>reject</b><i>_</i><b>unauth</b><i>_</i><b>pipelining</b>.
<b>allow</b><i>_</i><b>untrusted</b><i>_</i><b>routing</b> <b>allow</b><i>_</i><b>untrusted</b><i>_</i><b>routing</b>
Allow untrusted clients to specify addresses with Allow untrusted clients to specify addresses with
sender-specified routing. Enabling this opens up sender-specified routing. Enabling this opens up
nasty relay loopholes involving trusted backup MX nasty relay loopholes involving trusted backup MX
hosts. hosts.
<b>smtpd</b><i>_</i><b>restriction</b><i>_</i><b>classes</b> <b>smtpd</b><i>_</i><b>restriction</b><i>_</i><b>classes</b>
Declares the name of zero or more parameters that Declares the name of zero or more parameters that
contain a list of UCE restrictions. The names of contain a list of UCE restrictions. The names of
these parameters can then be used instead of the these parameters can then be used instead of the
restriction lists that they represent. restriction lists that they represent.
<b>smtpd</b><i>_</i><b>null</b><i>_</i><b>access</b><i>_</i><b>lookup</b><i>_</i><b>key</b> <b>smtpd</b><i>_</i><b>null</b><i>_</i><b>access</b><i>_</i><b>lookup</b><i>_</i><b>key</b>
The lookup key to be used in SMTPD access tables The lookup key to be used in SMTPD access tables
instead of the null sender address. A null sender instead of the null sender address. A null sender
address cannot be looked up. address cannot be looked up.
<b>maps</b><i>_</i><b>rbl</b><i>_</i><b>domains</b> (deprecated) <b>maps</b><i>_</i><b>rbl</b><i>_</i><b>domains</b> (deprecated)
List of DNS domains that publish the addresses of List of DNS domains that publish the addresses of
blacklisted hosts. This is used with the deprecated blacklisted hosts. This is used with the deprecated
<b>reject</b><i>_</i><b>maps</b><i>_</i><b>rbl</b> restriction. <b>reject</b><i>_</i><b>maps</b><i>_</i><b>rbl</b> restriction.
<b>permit</b><i>_</i><b>mx</b><i>_</i><b>backup</b><i>_</i><b>networks</b> <b>permit</b><i>_</i><b>mx</b><i>_</i><b>backup</b><i>_</i><b>networks</b>
Only domains whose primary MX hosts match the Only domains whose primary MX hosts match the
listed networks are eligible for the <b>per-</b> listed networks are eligible for the <b>per-</b>
<b>mit</b><i>_</i><b>mx</b><i>_</i><b>backup</b> feature. <b>mit</b><i>_</i><b>mx</b><i>_</i><b>backup</b> feature.
<b>relay</b><i>_</i><b>domains</b> <b>relay</b><i>_</i><b>domains</b>
Restrict what domains this mail system will relay Restrict what domains this mail system will relay
mail to. The domains are routed to the delivery mail to. The domains are routed to the delivery
agent specified with the <b>relay</b><i>_</i><b>transport</b> setting. agent specified with the <b>relay</b><i>_</i><b>transport</b> setting.
<b>Sender/recipient address verification</b> <b>Sender/recipient address verification</b>
Address verification is implemented by sending probe email Address verification is implemented by sending probe email
messages that are not actually delivered, and is enabled messages that are not actually delivered, and is enabled
via the reject_unverified_{sender,recipient} access via the reject_unverified_{sender,recipient} access
restriction. The status of verification probes is main- restriction. The status of verification probes is main-
tained by the address verification service. tained by the address verification service.
<b>address</b><i>_</i><b>verify</b><i>_</i><b>poll</b><i>_</i><b>count</b> <b>address</b><i>_</i><b>verify</b><i>_</i><b>poll</b><i>_</i><b>count</b>
How many times to query the address verification How many times to query the address verification
service for completion of an address verification service for completion of an address verification
request. Specify 1 to implement a simple form of request. Specify 1 to implement a simple form of
greylisting, that is, always defer the request for greylisting, that is, always defer the request for
a new sender or recipient address. a new sender or recipient address.
<b>address</b><i>_</i><b>verify</b><i>_</i><b>poll</b><i>_</i><b>delay</b> <b>address</b><i>_</i><b>verify</b><i>_</i><b>poll</b><i>_</i><b>delay</b>
Time to wait after querying the address verifica- Time to wait after querying the address verifica-
tion service for completion of an address verifica- tion service for completion of an address verifica-
tion request. tion request.
<b>UCE control responses</b> <b>UCE control responses</b>
<b>access</b><i>_</i><b>map</b><i>_</i><b>reject</b><i>_</i><b>code</b> <b>access</b><i>_</i><b>map</b><i>_</i><b>reject</b><i>_</i><b>code</b>
Response code when a client violates an access Response code when a client violates an access
database restriction. database restriction.
<b>default</b><i>_</i><b>rbl</b><i>_</i><b>reply</b> <b>default</b><i>_</i><b>rbl</b><i>_</i><b>reply</b>
Default template reply when a request is RBL black- Default template reply when a request is RBL black-
listed. This template is used by the <b>reject</b><i>_</i><b>rbl</b><i>_</i><b>*</b> listed. This template is used by the <b>reject</b><i>_</i><b>rbl</b><i>_</i><b>*</b>
and <b>reject</b><i>_</i><b>rhsbl</b><i>_</i><b>*</b> restrictions. See also: and <b>reject</b><i>_</i><b>rhsbl</b><i>_</i><b>*</b> restrictions. See also:
<b>rbl</b><i>_</i><b>reply</b><i>_</i><b>maps</b> and <b>smtpd</b><i>_</i><b>expansion</b><i>_</i><b>filter</b>. <b>rbl</b><i>_</i><b>reply</b><i>_</i><b>maps</b> and <b>smtpd</b><i>_</i><b>expansion</b><i>_</i><b>filter</b>.
<b>defer</b><i>_</i><b>code</b> <b>defer</b><i>_</i><b>code</b>
Response code when a client request is rejected by Response code when a client request is rejected by
the <b>defer</b> restriction. the <b>defer</b> restriction.
<b>invalid</b><i>_</i><b>hostname</b><i>_</i><b>reject</b><i>_</i><b>code</b> <b>invalid</b><i>_</i><b>hostname</b><i>_</i><b>reject</b><i>_</i><b>code</b>
Response code when a client violates the Response code when a client violates the
<b>reject</b><i>_</i><b>invalid</b><i>_</i><b>hostname</b> restriction. <b>reject</b><i>_</i><b>invalid</b><i>_</i><b>hostname</b> restriction.
<b>maps</b><i>_</i><b>rbl</b><i>_</i><b>reject</b><i>_</i><b>code</b> <b>maps</b><i>_</i><b>rbl</b><i>_</i><b>reject</b><i>_</i><b>code</b>
Response code when a request is RBL blacklisted. Response code when a request is RBL blacklisted.
<b>multi</b><i>_</i><b>recipient</b><i>_</i><b>bounce</b><i>_</i><b>reject</b><i>_</i><b>code</b> <b>multi</b><i>_</i><b>recipient</b><i>_</i><b>bounce</b><i>_</i><b>reject</b><i>_</i><b>code</b>
Response code when a multi-recipient bounce is Response code when a multi-recipient bounce is
blocked. blocked.
<b>rbl</b><i>_</i><b>reply</b><i>_</i><b>maps</b> <b>rbl</b><i>_</i><b>reply</b><i>_</i><b>maps</b>
Table with template responses for RBL blacklisted Table with template responses for RBL blacklisted
requests, indexed by RBL domain name. These tem- requests, indexed by RBL domain name. These tem-
plates are used by the <b>reject</b><i>_</i><b>rbl</b><i>_</i><b>*</b> and plates are used by the <b>reject</b><i>_</i><b>rbl</b><i>_</i><b>*</b> and
<b>reject</b><i>_</i><b>rhsbl</b><i>_</i><b>*</b> restrictions. See also: <b>reject</b><i>_</i><b>rhsbl</b><i>_</i><b>*</b> restrictions. See also:
<b>default</b><i>_</i><b>rbl</b><i>_</i><b>reply</b> and <b>smtpd</b><i>_</i><b>expansion</b><i>_</i><b>filter</b>. <b>default</b><i>_</i><b>rbl</b><i>_</i><b>reply</b> and <b>smtpd</b><i>_</i><b>expansion</b><i>_</i><b>filter</b>.
<b>reject</b><i>_</i><b>code</b> <b>reject</b><i>_</i><b>code</b>
Response code when the client matches a <b>reject</b> Response code when the client matches a <b>reject</b>
restriction. restriction.
<b>relay</b><i>_</i><b>domains</b><i>_</i><b>reject</b><i>_</i><b>code</b> <b>relay</b><i>_</i><b>domains</b><i>_</i><b>reject</b><i>_</i><b>code</b>
@@ -398,7 +421,7 @@ SMTPD(8) SMTPD(8)
mail relay policy. mail relay policy.
<b>unknown</b><i>_</i><b>address</b><i>_</i><b>reject</b><i>_</i><b>code</b> <b>unknown</b><i>_</i><b>address</b><i>_</i><b>reject</b><i>_</i><b>code</b>
Response code when a client violates the Response code when a client violates the
<b>reject</b><i>_</i><b>unknown</b><i>_</i><b>address</b> restriction. <b>reject</b><i>_</i><b>unknown</b><i>_</i><b>address</b> restriction.
<b>unknown</b><i>_</i><b>client</b><i>_</i><b>reject</b><i>_</i><b>code</b> <b>unknown</b><i>_</i><b>client</b><i>_</i><b>reject</b><i>_</i><b>code</b>
@@ -407,15 +430,15 @@ SMTPD(8) SMTPD(8)
tion. tion.
<b>unknown</b><i>_</i><b>hostname</b><i>_</i><b>reject</b><i>_</i><b>code</b> <b>unknown</b><i>_</i><b>hostname</b><i>_</i><b>reject</b><i>_</i><b>code</b>
Response code when a client violates the Response code when a client violates the
<b>reject</b><i>_</i><b>unknown</b><i>_</i><b>hostname</b> restriction. <b>reject</b><i>_</i><b>unknown</b><i>_</i><b>hostname</b> restriction.
<b>unverified</b><i>_</i><b>sender</b><i>_</i><b>reject</b><i>_</i><b>code</b> <b>unverified</b><i>_</i><b>sender</b><i>_</i><b>reject</b><i>_</i><b>code</b>
Response code when a sender address is known to be Response code when a sender address is known to be
undeliverable. undeliverable.
<b>unverified</b><i>_</i><b>recipient</b><i>_</i><b>reject</b><i>_</i><b>code</b> <b>unverified</b><i>_</i><b>recipient</b><i>_</i><b>reject</b><i>_</i><b>code</b>
Response code when a recipient address is known to Response code when a recipient address is known to
be undeliverable. be undeliverable.
<b>SEE ALSO</b> <b>SEE ALSO</b>
@@ -426,7 +449,7 @@ SMTPD(8) SMTPD(8)
<a href="verify.8.html">verify(8)</a> address verification service <a href="verify.8.html">verify(8)</a> address verification service
<b>LICENSE</b> <b>LICENSE</b>
The Secure Mailer license must be distributed with this The Secure Mailer license must be distributed with this
software. software.
<b>AUTHOR(S)</b> <b>AUTHOR(S)</b>

4
postfix/man/man1/postcat.1
View File

@@ -23,8 +23,8 @@ Options:
The \fBmain.cf\fR configuration file is in the named directory The \fBmain.cf\fR configuration file is in the named directory
instead of the default configuration directory. instead of the default configuration directory.
.IP \fB-q\fR .IP \fB-q\fR
Search the Postfix queue for \fIfiles\fR. By default, Search the Postfix queue for the named \fIfiles\fR instead
file names are taken literally. of taking the names literally.
.IP \fB-v\fR .IP \fB-v\fR
Enable verbose logging for debugging purposes. Multiple \fB-v\fR Enable verbose logging for debugging purposes. Multiple \fB-v\fR
options make the software increasingly verbose. options make the software increasingly verbose.

2
postfix/man/man5/access.5
View File

@@ -109,7 +109,7 @@ order to match subdomains.
Matches any host address in the specified network. A network Matches any host address in the specified network. A network
address is a sequence of one or more octets separated by ".". address is a sequence of one or more octets separated by ".".
NOTE: use the \fBcidr\fR lookup table type if to specify NOTE: use the \fBcidr\fR lookup table type to specify
network/netmask patterns. See cidr_table(5) for details. network/netmask patterns. See cidr_table(5) for details.
.SH ACTIONS .SH ACTIONS
.na .na

13
postfix/man/man8/pickup.8
View File

@@ -61,6 +61,19 @@ The name of a mail delivery transport that filters mail and that
either bounces mail or re-injects the result back into Postfix. either bounces mail or re-injects the result back into Postfix.
This parameter uses the same syntax as the right-hand side of This parameter uses the same syntax as the right-hand side of
a Postfix transport table. a Postfix transport table.
.IP \fBreceive_override_options\fB
The following options override \fBmain.cf\fR settings.
The options are passed on to the downstream cleanup server.
.RS
.IP \fBno_address_mappings\fR
Disable canonical address mapping, virtual alias map expansion,
address masquerading, and automatic BCC recipients. Specify this
if address mapping etc. are to be done \fBafter\fR an external
content filter.
.IP \fBno_header_body_checks\fR
Disable header/body_checks. Specify this if header/body_checks
are to be done \fBafter\fR an external content filter.
.RE
.SH Miscellaneous .SH Miscellaneous
.ad .ad
.fi .fi

13
postfix/man/man8/qmqpd.8
View File

@@ -80,6 +80,19 @@ The name of a mail delivery transport that filters mail and that
either bounces mail or re-injects the result back into Postfix. either bounces mail or re-injects the result back into Postfix.
This parameter uses the same syntax as the right-hand side of This parameter uses the same syntax as the right-hand side of
a Postfix transport table. a Postfix transport table.
.IP \fBreceive_override_options\fB
The following options override \fBmain.cf\fR settings.
The options are passed on to the downstream cleanup server.
.RS
.IP \fBno_address_mappings\fR
Disable canonical address mapping, virtual alias map expansion,
address masquerading, and automatic BCC recipients. Specify this
if address mapping etc. are to be done \fBafter\fR an external
content filter.
.IP \fBno_header_body_checks\fR
Disable header/body_checks. Specify this if header/body_checks
are to be done \fBafter\fR an external content filter.
.RE
.SH "Resource controls" .SH "Resource controls"
.ad .ad
.fi .fi

17
postfix/man/man8/smtpd.8
View File

@@ -86,6 +86,23 @@ The name of a mail delivery transport that filters mail and that
either bounces mail or re-injects the result back into Postfix. either bounces mail or re-injects the result back into Postfix.
This parameter uses the same syntax as the right-hand side of This parameter uses the same syntax as the right-hand side of
a Postfix transport table. a Postfix transport table.
.IP \fBreceive_override_options\fB
The following options override \fBmain.cf\fR settings.
The options are either implemented by the SMTP server or
are passed on to the downstream cleanup server.
.RS
.IP \fBno_unknown_recipient_checks\fR
Do not try to reject unknown recipients. This is typically specified
with the SMTP server \fBafter\fR an external content filter.
.IP \fBno_address_mappings\fR
Disable canonical address mapping, virtual alias map expansion,
address masquerading, and automatic BCC recipients. This is
typically specified with the SMTP server \fBbefore\fR an external
content filter.
.IP \fBno_header_body_checks\fR
Disable header/body_checks. This is typically specified with the
SMTP server \fBafter\fR an external content filter.
.RE
.SH "Authentication controls" .SH "Authentication controls"
.IP \fBenable_sasl_authentication\fR .IP \fBenable_sasl_authentication\fR
Enable per-session authentication as per RFC 2554 (SASL). Enable per-session authentication as per RFC 2554 (SASL).

2
postfix/proto/access
View File

@@ -95,7 +95,7 @@
# Matches any host address in the specified network. A network # Matches any host address in the specified network. A network
# address is a sequence of one or more octets separated by ".". # address is a sequence of one or more octets separated by ".".
# #
# NOTE: use the \fBcidr\fR lookup table type if to specify # NOTE: use the \fBcidr\fR lookup table type to specify
# network/netmask patterns. See cidr_table(5) for details. # network/netmask patterns. See cidr_table(5) for details.
# ACTIONS # ACTIONS
# .ad # .ad

7
postfix/src/bounce/bounce_notify_service.c
View File

@@ -98,7 +98,6 @@ int bounce_notify_service(char *service, char *queue_name,
encoding, BOUNCE_MSG_FAIL); encoding, BOUNCE_MSG_FAIL);
#define NULL_SENDER MAIL_ADDR_EMPTY /* special address */ #define NULL_SENDER MAIL_ADDR_EMPTY /* special address */
#define NULL_CLEANUP_FLAGS 0
#define NULL_TRACE_FLAGS 0 #define NULL_TRACE_FLAGS 0
#define BOUNCE_HEADERS 1 #define BOUNCE_HEADERS 1
#define BOUNCE_ALL 0 #define BOUNCE_ALL 0
@@ -142,7 +141,7 @@ int bounce_notify_service(char *service, char *queue_name,
postmaster = var_2bounce_rcpt; postmaster = var_2bounce_rcpt;
if ((bounce = post_mail_fopen_nowait(mail_addr_double_bounce(), if ((bounce = post_mail_fopen_nowait(mail_addr_double_bounce(),
postmaster, postmaster,
NULL_CLEANUP_FLAGS, CLEANUP_FLAG_MASK_INTERNAL,
NULL_TRACE_FLAGS)) != 0) { NULL_TRACE_FLAGS)) != 0) {
/* /*
@@ -166,7 +165,7 @@ int bounce_notify_service(char *service, char *queue_name,
*/ */
else { else {
if ((bounce = post_mail_fopen_nowait(NULL_SENDER, recipient, if ((bounce = post_mail_fopen_nowait(NULL_SENDER, recipient,
NULL_CLEANUP_FLAGS, CLEANUP_FLAG_MASK_INTERNAL,
NULL_TRACE_FLAGS)) != 0) { NULL_TRACE_FLAGS)) != 0) {
/* /*
@@ -204,7 +203,7 @@ int bounce_notify_service(char *service, char *queue_name,
postmaster = var_bounce_rcpt; postmaster = var_bounce_rcpt;
if ((bounce = post_mail_fopen_nowait(mail_addr_double_bounce(), if ((bounce = post_mail_fopen_nowait(mail_addr_double_bounce(),
postmaster, postmaster,
NULL_CLEANUP_FLAGS, CLEANUP_FLAG_MASK_INTERNAL,
NULL_TRACE_FLAGS)) != 0) { NULL_TRACE_FLAGS)) != 0) {
if (bounce_header(bounce, bounce_info, postmaster) == 0 if (bounce_header(bounce, bounce_info, postmaster) == 0
&& bounce_diagnostic_log(bounce, bounce_info) == 0 && bounce_diagnostic_log(bounce, bounce_info) == 0

5
postfix/src/bounce/bounce_notify_verp.c
View File

@@ -110,7 +110,6 @@ int bounce_notify_verp(char *service, char *queue_name,
encoding, BOUNCE_MSG_FAIL); encoding, BOUNCE_MSG_FAIL);
#define NULL_SENDER MAIL_ADDR_EMPTY /* special address */ #define NULL_SENDER MAIL_ADDR_EMPTY /* special address */
#define NULL_CLEANUP_FLAGS 0
#define NULL_TRACE_FLAGS 0 #define NULL_TRACE_FLAGS 0
#define BOUNCE_HEADERS 1 #define BOUNCE_HEADERS 1
#define BOUNCE_ALL 0 #define BOUNCE_ALL 0
@@ -127,7 +126,7 @@ int bounce_notify_verp(char *service, char *queue_name,
verp_sender(verp_buf, verp_delims, recipient, verp_sender(verp_buf, verp_delims, recipient,
bounce_info->log_handle->recipient); bounce_info->log_handle->recipient);
if ((bounce = post_mail_fopen_nowait(NULL_SENDER, STR(verp_buf), if ((bounce = post_mail_fopen_nowait(NULL_SENDER, STR(verp_buf),
NULL_CLEANUP_FLAGS, CLEANUP_FLAG_MASK_INTERNAL,
NULL_TRACE_FLAGS)) != 0) { NULL_TRACE_FLAGS)) != 0) {
/* /*
@@ -177,7 +176,7 @@ int bounce_notify_verp(char *service, char *queue_name,
postmaster = var_bounce_rcpt; postmaster = var_bounce_rcpt;
if ((bounce = post_mail_fopen_nowait(mail_addr_double_bounce(), if ((bounce = post_mail_fopen_nowait(mail_addr_double_bounce(),
postmaster, postmaster,
NULL_CLEANUP_FLAGS, CLEANUP_FLAG_MASK_INTERNAL,
NULL_TRACE_FLAGS)) != 0) { NULL_TRACE_FLAGS)) != 0) {
if (bounce_header(bounce, bounce_info, postmaster) == 0 if (bounce_header(bounce, bounce_info, postmaster) == 0
&& bounce_recipient_log(bounce, bounce_info) == 0 && bounce_recipient_log(bounce, bounce_info) == 0

7
postfix/src/bounce/bounce_one_service.c
View File

@@ -101,7 +101,6 @@ int bounce_one_service(char *queue_name, char *queue_id, char *encoding,
dsn_action, why); dsn_action, why);
#define NULL_SENDER MAIL_ADDR_EMPTY /* special address */ #define NULL_SENDER MAIL_ADDR_EMPTY /* special address */
#define NULL_CLEANUP_FLAGS 0
#define NULL_TRACE_FLAGS 0 #define NULL_TRACE_FLAGS 0
#define BOUNCE_HEADERS 1 #define BOUNCE_HEADERS 1
#define BOUNCE_ALL 0 #define BOUNCE_ALL 0
@@ -145,7 +144,7 @@ int bounce_one_service(char *queue_name, char *queue_id, char *encoding,
} else { } else {
if ((bounce = post_mail_fopen_nowait(mail_addr_double_bounce(), if ((bounce = post_mail_fopen_nowait(mail_addr_double_bounce(),
var_2bounce_rcpt, var_2bounce_rcpt,
NULL_CLEANUP_FLAGS, CLEANUP_FLAG_MASK_INTERNAL,
NULL_TRACE_FLAGS)) != 0) { NULL_TRACE_FLAGS)) != 0) {
/* /*
@@ -169,7 +168,7 @@ int bounce_one_service(char *queue_name, char *queue_id, char *encoding,
*/ */
else { else {
if ((bounce = post_mail_fopen_nowait(NULL_SENDER, orig_sender, if ((bounce = post_mail_fopen_nowait(NULL_SENDER, orig_sender,
NULL_CLEANUP_FLAGS, CLEANUP_FLAG_MASK_INTERNAL,
NULL_TRACE_FLAGS)) != 0) { NULL_TRACE_FLAGS)) != 0) {
/* /*
@@ -206,7 +205,7 @@ int bounce_one_service(char *queue_name, char *queue_id, char *encoding,
*/ */
if ((bounce = post_mail_fopen_nowait(mail_addr_double_bounce(), if ((bounce = post_mail_fopen_nowait(mail_addr_double_bounce(),
var_bounce_rcpt, var_bounce_rcpt,
NULL_CLEANUP_FLAGS, CLEANUP_FLAG_MASK_INTERNAL,
NULL_TRACE_FLAGS)) != 0) { NULL_TRACE_FLAGS)) != 0) {
if (bounce_header(bounce, bounce_info, var_bounce_rcpt) == 0 if (bounce_header(bounce, bounce_info, var_bounce_rcpt) == 0
&& bounce_recipient_log(bounce, bounce_info) == 0 && bounce_recipient_log(bounce, bounce_info) == 0

3
postfix/src/bounce/bounce_trace_service.c
View File

@@ -88,7 +88,6 @@ int bounce_trace_service(char *service, char *queue_name,
encoding, BOUNCE_MSG_STATUS); encoding, BOUNCE_MSG_STATUS);
#define NULL_SENDER MAIL_ADDR_EMPTY /* special address */ #define NULL_SENDER MAIL_ADDR_EMPTY /* special address */
#define NULL_CLEANUP_FLAGS 0
#define NULL_TRACE_FLAGS 0 #define NULL_TRACE_FLAGS 0
#define BOUNCE_ALL 0 #define BOUNCE_ALL 0
@@ -98,7 +97,7 @@ int bounce_trace_service(char *service, char *queue_name,
* per-recipient status, and a copy of the original message. * per-recipient status, and a copy of the original message.
*/ */
if ((bounce = post_mail_fopen_nowait(NULL_SENDER, recipient, if ((bounce = post_mail_fopen_nowait(NULL_SENDER, recipient,
NULL_CLEANUP_FLAGS, CLEANUP_FLAG_MASK_INTERNAL,
NULL_TRACE_FLAGS)) != 0) { NULL_TRACE_FLAGS)) != 0) {
if (bounce_header(bounce, bounce_info, recipient) == 0 if (bounce_header(bounce, bounce_info, recipient) == 0
&& bounce_boilerplate(bounce, bounce_info) == 0 && bounce_boilerplate(bounce, bounce_info) == 0

7
postfix/src/bounce/bounce_warn_service.c
View File

@@ -96,7 +96,6 @@ int bounce_warn_service(char *service, char *queue_name,
encoding, BOUNCE_MSG_WARN); encoding, BOUNCE_MSG_WARN);
#define NULL_SENDER MAIL_ADDR_EMPTY /* special address */ #define NULL_SENDER MAIL_ADDR_EMPTY /* special address */
#define NULL_CLEANUP_FLAGS 0
#define NULL_TRACE_FLAGS 0 #define NULL_TRACE_FLAGS 0
#define BOUNCE_HEADERS 1 #define BOUNCE_HEADERS 1
@@ -139,7 +138,7 @@ int bounce_warn_service(char *service, char *queue_name,
postmaster = var_delay_rcpt; postmaster = var_delay_rcpt;
if ((bounce = post_mail_fopen_nowait(mail_addr_double_bounce(), if ((bounce = post_mail_fopen_nowait(mail_addr_double_bounce(),
postmaster, postmaster,
NULL_CLEANUP_FLAGS, CLEANUP_FLAG_MASK_INTERNAL,
NULL_TRACE_FLAGS)) != 0) { NULL_TRACE_FLAGS)) != 0) {
/* /*
@@ -163,7 +162,7 @@ int bounce_warn_service(char *service, char *queue_name,
*/ */
else { else {
if ((bounce = post_mail_fopen_nowait(NULL_SENDER, recipient, if ((bounce = post_mail_fopen_nowait(NULL_SENDER, recipient,
NULL_CLEANUP_FLAGS, CLEANUP_FLAG_MASK_INTERNAL,
NULL_TRACE_FLAGS)) != 0) { NULL_TRACE_FLAGS)) != 0) {
/* /*
@@ -201,7 +200,7 @@ int bounce_warn_service(char *service, char *queue_name,
postmaster = var_delay_rcpt; postmaster = var_delay_rcpt;
if ((bounce = post_mail_fopen_nowait(mail_addr_double_bounce(), if ((bounce = post_mail_fopen_nowait(mail_addr_double_bounce(),
postmaster, postmaster,
NULL_CLEANUP_FLAGS, CLEANUP_FLAG_MASK_INTERNAL,
NULL_TRACE_FLAGS)) != 0) { NULL_TRACE_FLAGS)) != 0) {
if (bounce_header(bounce, bounce_info, postmaster) == 0 if (bounce_header(bounce, bounce_info, postmaster) == 0
&& bounce_diagnostic_log(bounce, bounce_info) == 0 && bounce_diagnostic_log(bounce, bounce_info) == 0

1
postfix/src/cleanup/Makefile.in
View File

@@ -423,6 +423,7 @@ cleanup_out_recipient.o: ../../include/been_here.h
cleanup_out_recipient.o: ../../include/mail_params.h cleanup_out_recipient.o: ../../include/mail_params.h
cleanup_out_recipient.o: ../../include/rec_type.h cleanup_out_recipient.o: ../../include/rec_type.h
cleanup_out_recipient.o: ../../include/ext_prop.h cleanup_out_recipient.o: ../../include/ext_prop.h
cleanup_out_recipient.o: ../../include/cleanup_user.h
cleanup_out_recipient.o: cleanup.h cleanup_out_recipient.o: cleanup.h
cleanup_out_recipient.o: ../../include/vstring.h cleanup_out_recipient.o: ../../include/vstring.h
cleanup_out_recipient.o: ../../include/vbuf.h cleanup_out_recipient.o: ../../include/vbuf.h

60
postfix/src/cleanup/cleanup_addr.c
View File

@@ -98,15 +98,17 @@ void cleanup_addr_sender(CLEANUP_STATE *state, const char *buf)
if (strcasecmp(STR(clean_addr), STR(state->temp1)) == 0) if (strcasecmp(STR(clean_addr), STR(state->temp1)) == 0)
vstring_strcpy(clean_addr, ""); vstring_strcpy(clean_addr, "");
} }
if (cleanup_send_canon_maps) if (state->flags & CLEANUP_FLAG_MAP_OK) {
cleanup_map11_internal(state, clean_addr, cleanup_send_canon_maps, if (cleanup_send_canon_maps)
cleanup_ext_prop_mask & EXT_PROP_CANONICAL); cleanup_map11_internal(state, clean_addr, cleanup_send_canon_maps,
if (cleanup_comm_canon_maps) cleanup_ext_prop_mask & EXT_PROP_CANONICAL);
cleanup_map11_internal(state, clean_addr, cleanup_comm_canon_maps, if (cleanup_comm_canon_maps)
cleanup_ext_prop_mask & EXT_PROP_CANONICAL); cleanup_map11_internal(state, clean_addr, cleanup_comm_canon_maps,
if (cleanup_masq_domains cleanup_ext_prop_mask & EXT_PROP_CANONICAL);
&& (cleanup_masq_flags & CLEANUP_MASQ_FLAG_ENV_FROM)) if (cleanup_masq_domains
cleanup_masquerade_internal(clean_addr, cleanup_masq_domains); && (cleanup_masq_flags & CLEANUP_MASQ_FLAG_ENV_FROM))
cleanup_masquerade_internal(clean_addr, cleanup_masq_domains);
}
CLEANUP_OUT_BUF(state, REC_TYPE_FROM, clean_addr); CLEANUP_OUT_BUF(state, REC_TYPE_FROM, clean_addr);
if (state->sender == 0) if (state->sender == 0)
state->sender = mystrdup(STR(clean_addr)); state->sender = mystrdup(STR(clean_addr));
@@ -127,15 +129,17 @@ void cleanup_addr_recipient(CLEANUP_STATE *state, const char *buf)
const char *bcc; const char *bcc;
cleanup_rewrite_internal(clean_addr, *buf ? buf : var_empty_addr); cleanup_rewrite_internal(clean_addr, *buf ? buf : var_empty_addr);
if (cleanup_rcpt_canon_maps) if (state->flags & CLEANUP_FLAG_MAP_OK) {
cleanup_map11_internal(state, clean_addr, cleanup_rcpt_canon_maps, if (cleanup_rcpt_canon_maps)
cleanup_ext_prop_mask & EXT_PROP_CANONICAL); cleanup_map11_internal(state, clean_addr, cleanup_rcpt_canon_maps,
if (cleanup_comm_canon_maps) cleanup_ext_prop_mask & EXT_PROP_CANONICAL);
cleanup_map11_internal(state, clean_addr, cleanup_comm_canon_maps, if (cleanup_comm_canon_maps)
cleanup_ext_prop_mask & EXT_PROP_CANONICAL); cleanup_map11_internal(state, clean_addr, cleanup_comm_canon_maps,
if (cleanup_masq_domains cleanup_ext_prop_mask & EXT_PROP_CANONICAL);
&& (cleanup_masq_flags & CLEANUP_MASQ_FLAG_ENV_RCPT)) if (cleanup_masq_domains
cleanup_masquerade_internal(clean_addr, cleanup_masq_domains); && (cleanup_masq_flags & CLEANUP_MASQ_FLAG_ENV_RCPT))
cleanup_masquerade_internal(clean_addr, cleanup_masq_domains);
}
cleanup_out_recipient(state, state->orig_rcpt, STR(clean_addr)); cleanup_out_recipient(state, state->orig_rcpt, STR(clean_addr));
if (state->recip == 0) if (state->recip == 0)
state->recip = mystrdup(STR(clean_addr)); state->recip = mystrdup(STR(clean_addr));
@@ -155,15 +159,17 @@ void cleanup_addr_bcc(CLEANUP_STATE *state, const char *bcc)
VSTRING *clean_addr = vstring_alloc(100); VSTRING *clean_addr = vstring_alloc(100);
cleanup_rewrite_internal(clean_addr, bcc); cleanup_rewrite_internal(clean_addr, bcc);
if (cleanup_rcpt_canon_maps) if (state->flags & CLEANUP_FLAG_MAP_OK) {
cleanup_map11_internal(state, clean_addr, cleanup_rcpt_canon_maps, if (cleanup_rcpt_canon_maps)
cleanup_ext_prop_mask & EXT_PROP_CANONICAL); cleanup_map11_internal(state, clean_addr, cleanup_rcpt_canon_maps,
if (cleanup_comm_canon_maps) cleanup_ext_prop_mask & EXT_PROP_CANONICAL);
cleanup_map11_internal(state, clean_addr, cleanup_comm_canon_maps, if (cleanup_comm_canon_maps)
cleanup_ext_prop_mask & EXT_PROP_CANONICAL); cleanup_map11_internal(state, clean_addr, cleanup_comm_canon_maps,
if (cleanup_masq_domains cleanup_ext_prop_mask & EXT_PROP_CANONICAL);
&& (cleanup_masq_flags & CLEANUP_MASQ_FLAG_ENV_RCPT)) if (cleanup_masq_domains
cleanup_masquerade_internal(clean_addr, cleanup_masq_domains); && (cleanup_masq_flags & CLEANUP_MASQ_FLAG_ENV_RCPT))
cleanup_masquerade_internal(clean_addr, cleanup_masq_domains);
}
cleanup_out_recipient(state, STR(clean_addr), STR(clean_addr)); cleanup_out_recipient(state, STR(clean_addr), STR(clean_addr));
vstring_free(clean_addr); vstring_free(clean_addr);
} }

8
postfix/src/cleanup/cleanup_api.c
View File

@@ -46,7 +46,15 @@
/* Enable header/body filtering. This should be enabled only with mail /* Enable header/body filtering. This should be enabled only with mail
/* that enters Postfix, not with locally forwarded mail or with bounce /* that enters Postfix, not with locally forwarded mail or with bounce
/* messages. /* messages.
/* .IP CLEANUP_FLAG_MAP_OK
/* Enable canonical and virtual mapping, and address masquerading.
/* .PP /* .PP
/* For convenience the CLEANUP_FLAG_MASK_EXTERNAL macro specifies
/* the options that are normally needed for mail that enters
/* Postfix from outside, and CLEANUP_FLAG_MASK_INTERNAL specifies
/* the options that are normally needed for internally generated or
/* forwarded mail.
/*
/* CLEANUP_RECORD() is a macro that processes one message record, /* CLEANUP_RECORD() is a macro that processes one message record,
/* that copies the result to the queue file, and that maintains a /* that copies the result to the queue file, and that maintains a
/* little state machine. The last record in a valid message has type /* little state machine. The last record in a valid message has type

3
postfix/src/cleanup/cleanup_init.c
View File

@@ -264,5 +264,6 @@ void cleanup_post_jail(char *unused_name, char **unused_argv)
/* /*
* Control how unmatched extensions are propagated. * Control how unmatched extensions are propagated.
*/ */
cleanup_ext_prop_mask = ext_prop_mask(var_prop_extension); cleanup_ext_prop_mask =
ext_prop_mask(VAR_PROP_EXTENSION, var_prop_extension);
} }

40
postfix/src/cleanup/cleanup_message.c
View File

@@ -176,15 +176,17 @@ static void cleanup_rewrite_sender(CLEANUP_STATE *state, HEADER_OPTS *hdr_opts,
addr_list = tok822_grep(tree, TOK822_ADDR); addr_list = tok822_grep(tree, TOK822_ADDR);
for (tpp = addr_list; *tpp; tpp++) { for (tpp = addr_list; *tpp; tpp++) {
cleanup_rewrite_tree(*tpp); cleanup_rewrite_tree(*tpp);
if (cleanup_send_canon_maps) if (state->flags & CLEANUP_FLAG_MAP_OK) {
cleanup_map11_tree(state, *tpp, cleanup_send_canon_maps, if (cleanup_send_canon_maps)
cleanup_ext_prop_mask & EXT_PROP_CANONICAL); cleanup_map11_tree(state, *tpp, cleanup_send_canon_maps,
if (cleanup_comm_canon_maps) cleanup_ext_prop_mask & EXT_PROP_CANONICAL);
cleanup_map11_tree(state, *tpp, cleanup_comm_canon_maps, if (cleanup_comm_canon_maps)
cleanup_ext_prop_mask & EXT_PROP_CANONICAL); cleanup_map11_tree(state, *tpp, cleanup_comm_canon_maps,
if (cleanup_masq_domains cleanup_ext_prop_mask & EXT_PROP_CANONICAL);
&& (cleanup_masq_flags & CLEANUP_MASQ_FLAG_HDR_FROM)) if (cleanup_masq_domains
cleanup_masquerade_tree(*tpp, cleanup_masq_domains); && (cleanup_masq_flags & CLEANUP_MASQ_FLAG_HDR_FROM))
cleanup_masquerade_tree(*tpp, cleanup_masq_domains);
}
if (hdr_opts->type == HDR_FROM && state->from == 0) if (hdr_opts->type == HDR_FROM && state->from == 0)
state->from = cleanup_extract_internal(header_buf, *tpp); state->from = cleanup_extract_internal(header_buf, *tpp);
if (hdr_opts->type == HDR_RESENT_FROM && state->resent_from == 0) if (hdr_opts->type == HDR_RESENT_FROM && state->resent_from == 0)
@@ -228,16 +230,18 @@ static void cleanup_rewrite_recip(CLEANUP_STATE *state, HEADER_OPTS *hdr_opts,
addr_list = tok822_grep(tree, TOK822_ADDR); addr_list = tok822_grep(tree, TOK822_ADDR);
for (tpp = addr_list; *tpp; tpp++) { for (tpp = addr_list; *tpp; tpp++) {
cleanup_rewrite_tree(*tpp); cleanup_rewrite_tree(*tpp);
if (cleanup_rcpt_canon_maps) if (state->flags & CLEANUP_FLAG_MAP_OK) {
cleanup_map11_tree(state, *tpp, cleanup_rcpt_canon_maps, if (cleanup_rcpt_canon_maps)
cleanup_ext_prop_mask & EXT_PROP_CANONICAL); cleanup_map11_tree(state, *tpp, cleanup_rcpt_canon_maps,
if (cleanup_comm_canon_maps) cleanup_ext_prop_mask & EXT_PROP_CANONICAL);
cleanup_map11_tree(state, *tpp, cleanup_comm_canon_maps, if (cleanup_comm_canon_maps)
cleanup_ext_prop_mask & EXT_PROP_CANONICAL); cleanup_map11_tree(state, *tpp, cleanup_comm_canon_maps,
cleanup_ext_prop_mask & EXT_PROP_CANONICAL);
if (cleanup_masq_domains if (cleanup_masq_domains
&& (cleanup_masq_flags & CLEANUP_MASQ_FLAG_HDR_RCPT)) && (cleanup_masq_flags & CLEANUP_MASQ_FLAG_HDR_RCPT))
cleanup_masquerade_tree(*tpp, cleanup_masq_domains); cleanup_masquerade_tree(*tpp, cleanup_masq_domains);
}
} }
vstring_sprintf(header_buf, "%s: ", hdr_opts->name); vstring_sprintf(header_buf, "%s: ", hdr_opts->name);
tok822_externalize(header_buf, tree, TOK822_STR_HEAD); tok822_externalize(header_buf, tree, TOK822_STR_HEAD);

4
postfix/src/cleanup/cleanup_out_recipient.c
View File

@@ -55,6 +55,7 @@
#include <mail_params.h> #include <mail_params.h>
#include <rec_type.h> #include <rec_type.h>
#include <ext_prop.h> #include <ext_prop.h>
#include <cleanup_user.h>
/* Application-specific. */ /* Application-specific. */
@@ -79,7 +80,8 @@ void cleanup_out_recipient(CLEANUP_STATE *state, const char *orcpt,
* onto the same mailbox. The recipient will use our original recipient * onto the same mailbox. The recipient will use our original recipient
* message header to figure things out. * message header to figure things out.
*/ */
if (cleanup_virt_alias_maps == 0) { if ((state->flags & CLEANUP_FLAG_MAP_OK) == 0
|| cleanup_virt_alias_maps == 0) {
if (been_here(state->dups, "%s\n%s", orcpt, recip) == 0) { if (been_here(state->dups, "%s\n%s", orcpt, recip) == 0) {
cleanup_out_string(state, REC_TYPE_ORCP, orcpt); cleanup_out_string(state, REC_TYPE_ORCP, orcpt);
cleanup_out_string(state, REC_TYPE_RCPT, recip); cleanup_out_string(state, REC_TYPE_RCPT, recip);

12
postfix/src/global/Makefile.in
View File

@@ -21,7 +21,7 @@ SRCS = been_here.c bounce.c canon_addr.c cleanup_strerror.c clnt_stream.c \
flush_clnt.c mail_conf_time.c mbox_conf.c mbox_open.c abounce.c \ flush_clnt.c mail_conf_time.c mbox_conf.c mbox_open.c abounce.c \
verp_sender.c match_parent_style.c mime_state.c header_token.c \ verp_sender.c match_parent_style.c mime_state.c header_token.c \
strip_addr.c virtual8_maps.c hold_message.c verify_clnt.c \ strip_addr.c virtual8_maps.c hold_message.c verify_clnt.c \
trace.c log_adhoc.c verify.c dict_proxy.c mail_dict.c trace.c log_adhoc.c verify.c dict_proxy.c mail_dict.c input_transp.c
OBJS = been_here.o bounce.o canon_addr.o cleanup_strerror.o clnt_stream.o \ OBJS = been_here.o bounce.o canon_addr.o cleanup_strerror.o clnt_stream.o \
debug_peer.o debug_process.o defer.o deliver_completed.o \ debug_peer.o debug_process.o defer.o deliver_completed.o \
deliver_flock.o deliver_pass.o deliver_request.o domain_list.o \ deliver_flock.o deliver_pass.o deliver_request.o domain_list.o \
@@ -44,7 +44,7 @@ OBJS = been_here.o bounce.o canon_addr.o cleanup_strerror.o clnt_stream.o \
flush_clnt.o mail_conf_time.o mbox_conf.o mbox_open.o abounce.o \ flush_clnt.o mail_conf_time.o mbox_conf.o mbox_open.o abounce.o \
verp_sender.o match_parent_style.o mime_state.o header_token.o \ verp_sender.o match_parent_style.o mime_state.o header_token.o \
strip_addr.o virtual8_maps.o hold_message.o verify_clnt.o \ strip_addr.o virtual8_maps.o hold_message.o verify_clnt.o \
trace.o log_adhoc.o verify.o dict_proxy.o mail_dict.o trace.o log_adhoc.o verify.o dict_proxy.o mail_dict.o input_transp.o
HDRS = been_here.h bounce.h canon_addr.h cleanup_user.h clnt_stream.h \ HDRS = been_here.h bounce.h canon_addr.h cleanup_user.h clnt_stream.h \
config.h debug_peer.h debug_process.h defer.h deliver_completed.h \ config.h debug_peer.h debug_process.h defer.h deliver_completed.h \
deliver_flock.h deliver_pass.h deliver_request.h domain_list.h \ deliver_flock.h deliver_pass.h deliver_request.h domain_list.h \
@@ -63,7 +63,8 @@ HDRS = been_here.h bounce.h canon_addr.h cleanup_user.h clnt_stream.h \
mbox_conf.h mbox_open.h abounce.h qmqp_proto.h verp_sender.h \ mbox_conf.h mbox_open.h abounce.h qmqp_proto.h verp_sender.h \
match_parent_style.h quote_flags.h mime_state.h header_token.h \ match_parent_style.h quote_flags.h mime_state.h header_token.h \
lex_822.h strip_addr.h virtual8_maps.h hold_message.h verify_clnt.h \ lex_822.h strip_addr.h virtual8_maps.h hold_message.h verify_clnt.h \
trace.h log_adhoc.h verify.h dict_proxy.h mail_dict.h qmgr_user.h trace.h log_adhoc.h verify.h dict_proxy.h mail_dict.h qmgr_user.h \
input_transp.h
TESTSRC = rec2stream.c stream2rec.c recdump.c TESTSRC = rec2stream.c stream2rec.c recdump.c
WARN = -W -Wformat -Wimplicit -Wmissing-prototypes \ WARN = -W -Wformat -Wimplicit -Wmissing-prototypes \
-Wparentheses -Wstrict-prototypes -Wswitch -Wuninitialized \ -Wparentheses -Wstrict-prototypes -Wswitch -Wuninitialized \
@@ -611,6 +612,11 @@ hold_message.o: ../../include/vbuf.h
hold_message.o: ../../include/vstream.h hold_message.o: ../../include/vstream.h
hold_message.o: mail_params.h hold_message.o: mail_params.h
hold_message.o: hold_message.h hold_message.o: hold_message.h
input_transp.o: input_transp.c
input_transp.o: ../../include/sys_defs.h
input_transp.o: ../../include/name_mask.h
input_transp.o: mail_params.h
input_transp.o: input_transp.h
is_header.o: is_header.c is_header.o: is_header.c
is_header.o: ../../include/sys_defs.h is_header.o: ../../include/sys_defs.h
is_header.o: is_header.h is_header.o: is_header.h

13
postfix/src/global/cleanup_user.h
View File

@@ -20,6 +20,19 @@
#define CLEANUP_FLAG_HOLD (1<<2) /* Place message on hold */ #define CLEANUP_FLAG_HOLD (1<<2) /* Place message on hold */
#define CLEANUP_FLAG_DISCARD (1<<3) /* Discard message silently */ #define CLEANUP_FLAG_DISCARD (1<<3) /* Discard message silently */
#define CLEANUP_FLAG_BCC_OK (1<<4) /* Ok to add auto-BCC addresses */ #define CLEANUP_FLAG_BCC_OK (1<<4) /* Ok to add auto-BCC addresses */
#define CLEANUP_FLAG_MAP_OK (1<<5) /* Ok to map addresses */
/*
* These are normally set when receiving mail from outside.
*/
#define CLEANUP_FLAG_MASK_EXTERNAL \
(CLEANUP_FLAG_FILTER | CLEANUP_FLAG_BCC_OK | CLEANUP_FLAG_MAP_OK)
/*
* These are normally set when generating notices or when forwarding mail
* internally.
*/
#define CLEANUP_FLAG_MASK_INTERNAL CLEANUP_FLAG_MAP_OK
/* /*
* These are set on the fly while processing SMTP envelopes or message * These are set on the fly while processing SMTP envelopes or message

6
postfix/src/global/dict_proxy.c
View File

@@ -174,9 +174,11 @@ DICT *dict_proxy_open(const char *map, int open_flags, int dict_flags)
* Sanity checks. * Sanity checks.
*/ */
if (dict_flags & DICT_FLAG_NO_PROXY) if (dict_flags & DICT_FLAG_NO_PROXY)
msg_fatal("%s: proxy map must not be used with this map type", map); msg_fatal("%s: %s map is not allowed for security sensitive data",
map, DICT_TYPE_PROXY);
if (open_flags != O_RDONLY) if (open_flags != O_RDONLY)
msg_fatal("%s: proxy map open requires O_RDONLY access mode", map); msg_fatal("%s: %s map open requires O_RDONLY access mode",
map, DICT_TYPE_PROXY);
/* /*
* Local initialization. * Local initialization.

17
postfix/src/global/ext_prop.c
View File

@@ -6,7 +6,8 @@
/* SYNOPSIS /* SYNOPSIS
/* #include <exp_prop.h> /* #include <exp_prop.h>
/* /*
/* int ext_prop_mask(pattern) /* int ext_prop_mask(param_name, pattern)
/* const char *param_name;
/* const char *pattern; /* const char *pattern;
/* DESCRIPTION /* DESCRIPTION
/* This module controld address extension propagation. /* This module controld address extension propagation.
@@ -15,19 +16,19 @@
/* computes the corresponding mask. The following names are /* computes the corresponding mask. The following names are
/* recognized in \fBpattern\fR, with the corresponding bit mask /* recognized in \fBpattern\fR, with the corresponding bit mask
/* given in parentheses: /* given in parentheses:
/* .IP "canonical (EXP_PROP_CANONICAL)" /* .IP "canonical (EXT_PROP_CANONICAL)"
/* Propagate unmatched address extensions to the right-hand side /* Propagate unmatched address extensions to the right-hand side
/* of canonical table entries (not: regular expressions). /* of canonical table entries (not: regular expressions).
/* .IP "virtual (EXP_PROP_VIRTUAL) /* .IP "virtual (EXT_PROP_VIRTUAL)
/* Propagate unmatched address extensions to the right-hand side /* Propagate unmatched address extensions to the right-hand side
/* of virtual table entries (not: regular expressions). /* of virtual table entries (not: regular expressions).
/* .IP "alias (EXP_PROP_ALIAS) /* .IP "alias (EXT_PROP_ALIAS)
/* Propagate unmatched address extensions to the right-hand side /* Propagate unmatched address extensions to the right-hand side
/* of alias database entries. /* of alias database entries.
/* .IP "forward (EXP_PROP_FORWARD)" /* .IP "forward (EXT_PROP_FORWARD)"
/* Propagate unmatched address extensions to the right-hand side /* Propagate unmatched address extensions to the right-hand side
/* of .forward file entries. /* of .forward file entries.
/* .IP "include (EXP_PROP_INCLUDE)" /* .IP "include (EXT_PROP_INCLUDE)"
/* Propagate unmatched address extensions to the right-hand side /* Propagate unmatched address extensions to the right-hand side
/* of :include: file entries. /* of :include: file entries.
/* DIAGNOSTICS /* DIAGNOSTICS
@@ -58,7 +59,7 @@
/* ext_prop_mask - compute extension propagation mask */ /* ext_prop_mask - compute extension propagation mask */
int ext_prop_mask(const char *pattern) int ext_prop_mask(const char *param_name, const char *pattern)
{ {
static NAME_MASK table[] = { static NAME_MASK table[] = {
"canonical", EXT_PROP_CANONICAL, "canonical", EXT_PROP_CANONICAL,
@@ -69,5 +70,5 @@ int ext_prop_mask(const char *pattern)
0, 0,
}; };
return (name_mask(VAR_PROP_EXTENSION, table, pattern)); return (name_mask(param_name, table, pattern));
} }

2
postfix/src/global/ext_prop.h
View File

@@ -20,7 +20,7 @@
#define EXT_PROP_FORWARD (1<<3) #define EXT_PROP_FORWARD (1<<3)
#define EXT_PROP_INCLUDE (1<<4) #define EXT_PROP_INCLUDE (1<<4)
extern int ext_prop_mask(const char *); extern int ext_prop_mask(const char *, const char *);
/* LICENSE /* LICENSE
/* .ad /* .ad

67
postfix/src/global/input_transp.c Normal file
View File

@@ -0,0 +1,67 @@
/*++
/* NAME
/* input_transp 3
/* SUMMARY
/* receive transparency control
/* SYNOPSIS
/* #include <input_transp.h>
/*
/* int input_transp_mask(param_name, pattern)
/* const char *param_name;
/* const char *pattern;
/* DESCRIPTION
/* This module controls how much processing happens before mail is
/* written to the Postfix queue. Each transparency option is either
/* implemented by a client of the cleanup service, or is passed
/* along in a client request to the cleanup service.
/*
/* input_transp_mask() takes a comma-separated list of names and
/* computes the corresponding mask. The following names are
/* recognized in \fBpattern\fR, with the corresponding bit mask
/* given in parentheses:
/* .IP "no_unknown_recipient_checks (INPUT_TRANSP_UNKNOWN_RCPT)"
/* Do not try to reject unknown recipients.
/* .IP "no_address_mapping (INPUT_TRANSP_ADDRESS_MAPPING)
/* Disable canonical address mapping, virtual alias map expansion,
/* address masquerading, and automatic BCC recipients.
/* .IP "no_header_body_checkss (INPUT_TRANSP_HEADER_BODY)
/* Disable header/body_checks.
/* DIAGNOSTICS
/* Panic: inappropriate use.
/* LICENSE
/* .ad
/* .fi
/* The Secure Mailer license must be distributed with this software.
/* AUTHOR(S)
/* Wietse Venema
/* IBM T.J. Watson Research
/* P.O. Box 704
/* Yorktown Heights, NY 10598, USA
/*--*/
/* System library. */
#include <sys_defs.h>
/* Utility library. */
#include <name_mask.h>
/* Global library. */
#include <mail_params.h>
#include <input_transp.h>
/* input_transp_mask - compute mail receive transparency mask */
int input_transp_mask(const char *param_name, const char *pattern)
{
static NAME_MASK table[] = {
"no_unknown_recipient_checks", INPUT_TRANSP_UNKNOWN_RCPT,
"no_address_mappings", INPUT_TRANSP_ADDRESS_MAPPING,
"no_header_body_checks", INPUT_TRANSP_HEADER_BODY,
0,
};
return (name_mask(param_name, table, pattern));
}

34
postfix/src/global/input_transp.h Normal file
View File

@@ -0,0 +1,34 @@
#ifndef _EXT_PROP_INCLUDED_
#define _EXT_PROP_INCLUDED_
/*++
/* NAME
/* ext_prop 3h
/* SUMMARY
/* address extension propagation control
/* SYNOPSIS
/* #include <ext_prop.h>
/* DESCRIPTION
/* .nf
/*
* External interface.
*/
#define INPUT_TRANSP_UNKNOWN_RCPT (1<<0)
#define INPUT_TRANSP_ADDRESS_MAPPING (1<<1)
#define INPUT_TRANSP_HEADER_BODY (1<<2)
extern int input_transp_mask(const char *, const char *);
/* LICENSE
/* .ad
/* .fi
/* The Secure Mailer license must be distributed with this software.
/* AUTHOR(S)
/* Wietse Venema
/* IBM T.J. Watson Research
/* P.O. Box 704
/* Yorktown Heights, NY 10598, USA
/*--*/
#endif

9
postfix/src/global/mail_params.h
View File

@@ -1841,6 +1841,15 @@ extern char *var_smtpd_proxy_ehlo;
#define DEF_SMTPD_PROXY_TMOUT "100s" #define DEF_SMTPD_PROXY_TMOUT "100s"
extern int var_smtpd_proxy_tmout; extern int var_smtpd_proxy_tmout;
/*
* Transparency options for mail input interfaces and for the cleanup server
* behind them. These should turn off stuff we don't want to happen, because
* the default is to do a lot of things.
*/
#define VAR_INPUT_TRANSP "receive_override_options"
#define DEF_INPUT_TRANSP ""
extern char *var_smtpd_input_transp;
/* LICENSE /* LICENSE
/* .ad /* .ad
/* .fi /* .fi

2
postfix/src/global/mail_version.h
View File

@@ -20,7 +20,7 @@
* Patches change the patchlevel and the release date. Snapshots change the * Patches change the patchlevel and the release date. Snapshots change the
* release date only, unless they include the same bugfix as a patch release. * release date only, unless they include the same bugfix as a patch release.
*/ */
#define MAIL_RELEASE_DATE "20030704" #define MAIL_RELEASE_DATE "20030705"
#define VAR_MAIL_VERSION "mail_version" #define VAR_MAIL_VERSION "mail_version"
#define DEF_MAIL_VERSION "2.0.13-" MAIL_RELEASE_DATE #define DEF_MAIL_VERSION "2.0.13-" MAIL_RELEASE_DATE

3
postfix/src/lmtp/lmtp_chat.c
View File

@@ -262,14 +262,13 @@ void lmtp_chat_notify(LMTP_STATE *state)
* mail bounce wars. Always prepend one space to message content that we * mail bounce wars. Always prepend one space to message content that we
* generate from untrusted data. * generate from untrusted data.
*/ */
#define NULL_CLEANUP_FLAGS 0
#define NULL_TRACE_FLAGS 0 #define NULL_TRACE_FLAGS 0
#define LENGTH 78 #define LENGTH 78
#define INDENT 4 #define INDENT 4
notice = post_mail_fopen_nowait(mail_addr_double_bounce(), notice = post_mail_fopen_nowait(mail_addr_double_bounce(),
var_error_rcpt, var_error_rcpt,
NULL_CLEANUP_FLAGS, CLEANUP_FLAG_MASK_INTERNAL,
NULL_TRACE_FLAGS); NULL_TRACE_FLAGS);
if (notice == 0) { if (notice == 0) {
msg_warn("postmaster notify: %m"); msg_warn("postmaster notify: %m");

5
postfix/src/local/forward.c
View File

@@ -140,8 +140,11 @@ static FORWARD_INFO *forward_open(char *sender)
info->cleanup = cleanup; info->cleanup = cleanup;
info->queue_id = mystrdup(vstring_str(buffer)); info->queue_id = mystrdup(vstring_str(buffer));
info->posting_time = time((time_t *) 0); info->posting_time = time((time_t *) 0);
#define FORWARD_CLEANUP_FLAGS (CLEANUP_FLAG_BOUNCE | CLEANUP_FLAG_MASK_INTERNAL)
attr_print(cleanup, ATTR_FLAG_NONE, attr_print(cleanup, ATTR_FLAG_NONE,
ATTR_TYPE_NUM, MAIL_ATTR_FLAGS, CLEANUP_FLAG_BOUNCE, ATTR_TYPE_NUM, MAIL_ATTR_FLAGS, FORWARD_CLEANUP_FLAGS,
ATTR_TYPE_END); ATTR_TYPE_END);
/* /*

3
postfix/src/local/local.c
View File

@@ -636,7 +636,8 @@ static void local_mask_init(void)
var_allow_files); var_allow_files);
local_cmd_deliver_mask = name_mask(VAR_ALLOW_COMMANDS, command_mask, local_cmd_deliver_mask = name_mask(VAR_ALLOW_COMMANDS, command_mask,
var_allow_commands); var_allow_commands);
local_ext_prop_mask = ext_prop_mask(var_prop_extension); local_ext_prop_mask =
ext_prop_mask(VAR_PROP_EXTENSION, var_prop_extension);
local_deliver_hdr_mask = name_mask(VAR_DELIVER_HDR, deliver_mask, local_deliver_hdr_mask = name_mask(VAR_DELIVER_HDR, deliver_mask,
var_deliver_hdr); var_deliver_hdr);
local_mbox_lock_mask = mbox_lock_mask(var_mailbox_lock); local_mbox_lock_mask = mbox_lock_mask(var_mailbox_lock);

1
postfix/src/pickup/Makefile.in
View File

@@ -77,4 +77,5 @@ pickup.o: ../../include/mail_conf.h
pickup.o: ../../include/record.h pickup.o: ../../include/record.h
pickup.o: ../../include/rec_type.h pickup.o: ../../include/rec_type.h
pickup.o: ../../include/lex_822.h pickup.o: ../../include/lex_822.h
pickup.o: ../../include/input_transp.h
pickup.o: ../../include/mail_server.h pickup.o: ../../include/mail_server.h

45
postfix/src/pickup/pickup.c
View File

@@ -45,6 +45,19 @@
/* either bounces mail or re-injects the result back into Postfix. /* either bounces mail or re-injects the result back into Postfix.
/* This parameter uses the same syntax as the right-hand side of /* This parameter uses the same syntax as the right-hand side of
/* a Postfix transport table. /* a Postfix transport table.
/* .IP \fBreceive_override_options\fB
/* The following options override \fBmain.cf\fR settings.
/* The options are passed on to the downstream cleanup server.
/* .RS
/* .IP \fBno_address_mappings\fR
/* Disable canonical address mapping, virtual alias map expansion,
/* address masquerading, and automatic BCC recipients. Specify this
/* if address mapping etc. are to be done \fBafter\fR an external
/* content filter.
/* .IP \fBno_header_body_checks\fR
/* Disable header/body_checks. Specify this if header/body_checks
/* are to be done \fBafter\fR an external content filter.
/* .RE
/* .SH Miscellaneous /* .SH Miscellaneous
/* .ad /* .ad
/* .fi /* .fi
@@ -101,6 +114,7 @@
#include <record.h> #include <record.h>
#include <rec_type.h> #include <rec_type.h>
#include <lex_822.h> #include <lex_822.h>
#include <input_transp.h>
/* Single-threaded server skeleton. */ /* Single-threaded server skeleton. */
@@ -109,6 +123,7 @@
/* Application-specific. */ /* Application-specific. */
char *var_filter_xport; char *var_filter_xport;
char *var_input_transp;
/* /*
* Structure to bundle a bunch of information about a queue file. * Structure to bundle a bunch of information about a queue file.
@@ -128,6 +143,12 @@ typedef struct {
#define REMOVE_MESSAGE_FILE 1 #define REMOVE_MESSAGE_FILE 1
#define KEEP_MESSAGE_FILE 2 #define KEEP_MESSAGE_FILE 2
/*
* Transparency: before mail is queued, do we allow address mapping,
* automatic bcc, header/body checks?
*/
int pickup_input_transp_mask;
/* file_read_error - handle error while reading queue file */ /* file_read_error - handle error while reading queue file */
static int file_read_error(PICKUP_INFO *info, int type) static int file_read_error(PICKUP_INFO *info, int type)
@@ -324,6 +345,7 @@ static int pickup_file(PICKUP_INFO *info)
int status; int status;
VSTREAM *qfile; VSTREAM *qfile;
VSTREAM *cleanup; VSTREAM *cleanup;
int cleanup_flags;
/* /*
* Open the submitted file. If we cannot open it, and we're not having a * Open the submitted file. If we cannot open it, and we're not having a
@@ -354,15 +376,18 @@ static int pickup_file(PICKUP_INFO *info)
* easier to implement the many possible error exits without forgetting * easier to implement the many possible error exits without forgetting
* to close files, or to release memory. * to close files, or to release memory.
*/ */
#define PICKUP_CLEANUP_FLAGS \ cleanup_flags = (CLEANUP_FLAG_BOUNCE | CLEANUP_FLAG_MASK_EXTERNAL);
(CLEANUP_FLAG_BOUNCE | CLEANUP_FLAG_FILTER | CLEANUP_FLAG_BCC_OK) if (pickup_input_transp_mask & INPUT_TRANSP_ADDRESS_MAPPING)
cleanup_flags &= ~(CLEANUP_FLAG_BCC_OK | CLEANUP_FLAG_MAP_OK);
if (pickup_input_transp_mask & INPUT_TRANSP_HEADER_BODY)
cleanup_flags &= ~CLEANUP_FLAG_FILTER;
cleanup = mail_connect_wait(MAIL_CLASS_PUBLIC, var_cleanup_service); cleanup = mail_connect_wait(MAIL_CLASS_PUBLIC, var_cleanup_service);
if (attr_scan(cleanup, ATTR_FLAG_STRICT, if (attr_scan(cleanup, ATTR_FLAG_STRICT,
ATTR_TYPE_STR, MAIL_ATTR_QUEUEID, buf, ATTR_TYPE_STR, MAIL_ATTR_QUEUEID, buf,
ATTR_TYPE_END) != 1 ATTR_TYPE_END) != 1
|| attr_print(cleanup, ATTR_FLAG_NONE, || attr_print(cleanup, ATTR_FLAG_NONE,
ATTR_TYPE_NUM, MAIL_ATTR_FLAGS, PICKUP_CLEANUP_FLAGS, ATTR_TYPE_NUM, MAIL_ATTR_FLAGS, cleanup_flags,
ATTR_TYPE_END) != 0) { ATTR_TYPE_END) != 0) {
status = KEEP_MESSAGE_FILE; status = KEEP_MESSAGE_FILE;
} else { } else {
@@ -440,9 +465,9 @@ static void pickup_service(char *unused_buf, int unused_len,
} while (file_count); } while (file_count);
} }
/* drop_privileges - drop privileges */ /* post_jail_init - drop privileges */
static void drop_privileges(char *unused_name, char **unused_argv) static void post_jail_init(char *unused_name, char **unused_argv)
{ {
/* /*
@@ -450,6 +475,13 @@ static void drop_privileges(char *unused_name, char **unused_argv)
*/ */
if (getuid() != var_owner_uid) if (getuid() != var_owner_uid)
set_ugid(var_owner_uid, var_owner_gid); set_ugid(var_owner_uid, var_owner_gid);
/*
* Initialize the receive transparency options: do we want unknown
* recipient checks, do we want address mapping.
*/
pickup_input_transp_mask =
input_transp_mask(VAR_INPUT_TRANSP, var_input_transp);
} }
/* main - pass control to the multi-threaded server skeleton */ /* main - pass control to the multi-threaded server skeleton */
@@ -458,6 +490,7 @@ int main(int argc, char **argv)
{ {
static CONFIG_STR_TABLE str_table[] = { static CONFIG_STR_TABLE str_table[] = {
VAR_FILTER_XPORT, DEF_FILTER_XPORT, &var_filter_xport, 0, 0, VAR_FILTER_XPORT, DEF_FILTER_XPORT, &var_filter_xport, 0, 0,
VAR_INPUT_TRANSP, DEF_INPUT_TRANSP, &var_input_transp, 0, 0,
0, 0,
}; };
@@ -467,7 +500,7 @@ int main(int argc, char **argv)
*/ */
trigger_server_main(argc, argv, pickup_service, trigger_server_main(argc, argv, pickup_service,
MAIL_SERVER_STR_TABLE, str_table, MAIL_SERVER_STR_TABLE, str_table,
MAIL_SERVER_POST_INIT, drop_privileges, MAIL_SERVER_POST_INIT, post_jail_init,
MAIL_SERVER_SOLITARY, MAIL_SERVER_SOLITARY,
0); 0);
} }

4
postfix/src/postcat/postcat.c
View File

@@ -17,8 +17,8 @@
/* The \fBmain.cf\fR configuration file is in the named directory /* The \fBmain.cf\fR configuration file is in the named directory
/* instead of the default configuration directory. /* instead of the default configuration directory.
/* .IP \fB-q\fR /* .IP \fB-q\fR
/* Search the Postfix queue for \fIfiles\fR. By default, /* Search the Postfix queue for the named \fIfiles\fR instead
/* file names are taken literally. /* of taking the names literally.
/* .IP \fB-v\fR /* .IP \fB-v\fR
/* Enable verbose logging for debugging purposes. Multiple \fB-v\fR /* Enable verbose logging for debugging purposes. Multiple \fB-v\fR
/* options make the software increasingly verbose. /* options make the software increasingly verbose.

49
postfix/src/qmqpd/qmqpd.c
View File

@@ -52,7 +52,7 @@
/* .IP \fBhopcount_limit\fR /* .IP \fBhopcount_limit\fR
/* Limit the number of \fBReceived:\fR message headers. /* Limit the number of \fBReceived:\fR message headers.
/* .IP \fBqmqpd_authorized_clients\fR /* .IP \fBqmqpd_authorized_clients\fR
/* A list of domain or network patterns that specifies what /* A list of domain or network patterns that specifies what
/* clients are allowed to use the service. /* clients are allowed to use the service.
/* .IP \fBqmqpd_timeout\fR /* .IP \fBqmqpd_timeout\fR
/* Limit the time to send a server response and to receive a client /* Limit the time to send a server response and to receive a client
@@ -66,6 +66,19 @@
/* either bounces mail or re-injects the result back into Postfix. /* either bounces mail or re-injects the result back into Postfix.
/* This parameter uses the same syntax as the right-hand side of /* This parameter uses the same syntax as the right-hand side of
/* a Postfix transport table. /* a Postfix transport table.
/* .IP \fBreceive_override_options\fB
/* The following options override \fBmain.cf\fR settings.
/* The options are passed on to the downstream cleanup server.
/* .RS
/* .IP \fBno_address_mappings\fR
/* Disable canonical address mapping, virtual alias map expansion,
/* address masquerading, and automatic BCC recipients. Specify this
/* if address mapping etc. are to be done \fBafter\fR an external
/* content filter.
/* .IP \fBno_header_body_checks\fR
/* Disable header/body_checks. Specify this if header/body_checks
/* are to be done \fBafter\fR an external content filter.
/* .RE
/* .SH "Resource controls" /* .SH "Resource controls"
/* .ad /* .ad
/* .fi /* .fi
@@ -136,6 +149,7 @@
#include <match_parent_style.h> #include <match_parent_style.h>
#include <lex_822.h> #include <lex_822.h>
#include <verp_sender.h> #include <verp_sender.h>
#include <input_transp.h>
/* Single-threaded server skeleton. */ /* Single-threaded server skeleton. */
@@ -155,6 +169,7 @@ int var_qmqpd_timeout;
int var_qmqpd_err_sleep; int var_qmqpd_err_sleep;
char *var_filter_xport; char *var_filter_xport;
char *var_qmqpd_clients; char *var_qmqpd_clients;
char *var_input_transp;
/* /*
* Silly little macros. * Silly little macros.
@@ -171,20 +186,31 @@ char *var_qmqpd_clients;
*/ */
static NAMADR_LIST *qmqpd_clients; static NAMADR_LIST *qmqpd_clients;
/*
* Transparency: before mail is queued, do we allow address mapping,
* automatic bcc, header/body checks?
*/
int qmqpd_input_transp_mask;
/* qmqpd_open_file - open a queue file */ /* qmqpd_open_file - open a queue file */
static void qmqpd_open_file(QMQPD_STATE *state) static void qmqpd_open_file(QMQPD_STATE *state)
{ {
int cleanup_flags;
/* /*
* Connect to the cleanup server. Log client name/address with queue ID. * Connect to the cleanup server. Log client name/address with queue ID.
*/ */
#define QMQPD_CLEANUP_FLAGS (CLEANUP_FLAG_FILTER | CLEANUP_FLAG_BCC_OK) cleanup_flags = CLEANUP_FLAG_MASK_EXTERNAL;
if (qmqpd_input_transp_mask & INPUT_TRANSP_ADDRESS_MAPPING)
cleanup_flags &= ~(CLEANUP_FLAG_BCC_OK | CLEANUP_FLAG_MAP_OK);
if (qmqpd_input_transp_mask & INPUT_TRANSP_HEADER_BODY)
cleanup_flags &= ~CLEANUP_FLAG_FILTER;
state->dest = mail_stream_service(MAIL_CLASS_PUBLIC, var_cleanup_service); state->dest = mail_stream_service(MAIL_CLASS_PUBLIC, var_cleanup_service);
if (state->dest == 0 if (state->dest == 0
|| attr_print(state->dest->stream, ATTR_FLAG_NONE, || attr_print(state->dest->stream, ATTR_FLAG_NONE,
ATTR_TYPE_NUM, MAIL_ATTR_FLAGS, QMQPD_CLEANUP_FLAGS, ATTR_TYPE_NUM, MAIL_ATTR_FLAGS, cleanup_flags,
ATTR_TYPE_END) != 0) ATTR_TYPE_END) != 0)
msg_fatal("unable to connect to the %s %s service", msg_fatal("unable to connect to the %s %s service",
MAIL_CLASS_PUBLIC, var_cleanup_service); MAIL_CLASS_PUBLIC, var_cleanup_service);
@@ -654,7 +680,7 @@ static void qmqpd_service(VSTREAM *stream, char *unused_service, char **argv)
static void pre_accept(char *unused_name, char **unused_argv) static void pre_accept(char *unused_name, char **unused_argv)
{ {
const char *table; const char *table;
if ((table = dict_changed_name()) != 0) { if ((table = dict_changed_name()) != 0) {
msg_info("table %s has changed -- restarting", table); msg_info("table %s has changed -- restarting", table);
exit(0); exit(0);
@@ -671,6 +697,19 @@ static void pre_jail_init(char *unused_name, char **unused_argv)
var_qmqpd_clients); var_qmqpd_clients);
} }
/* post_jail_init - post-jail initialization */
static void post_jail_init(char *unused_name, char **unused_argv)
{
/*
* Initialize the receive transparency options: do we want unknown
* recipient checks, do we want address mapping.
*/
qmqpd_input_transp_mask =
input_transp_mask(VAR_INPUT_TRANSP, var_input_transp);
}
/* main - the main program */ /* main - the main program */
int main(int argc, char **argv) int main(int argc, char **argv)
@@ -683,6 +722,7 @@ int main(int argc, char **argv)
static CONFIG_STR_TABLE str_table[] = { static CONFIG_STR_TABLE str_table[] = {
VAR_FILTER_XPORT, DEF_FILTER_XPORT, &var_filter_xport, 0, 0, VAR_FILTER_XPORT, DEF_FILTER_XPORT, &var_filter_xport, 0, 0,
VAR_QMQPD_CLIENTS, DEF_QMQPD_CLIENTS, &var_qmqpd_clients, 0, 0, VAR_QMQPD_CLIENTS, DEF_QMQPD_CLIENTS, &var_qmqpd_clients, 0, 0,
VAR_INPUT_TRANSP, DEF_INPUT_TRANSP, &var_input_transp, 0, 0,
0, 0,
}; };
@@ -694,5 +734,6 @@ int main(int argc, char **argv)
MAIL_SERVER_STR_TABLE, str_table, MAIL_SERVER_STR_TABLE, str_table,
MAIL_SERVER_PRE_INIT, pre_jail_init, MAIL_SERVER_PRE_INIT, pre_jail_init,
MAIL_SERVER_PRE_ACCEPT, pre_accept, MAIL_SERVER_PRE_ACCEPT, pre_accept,
MAIL_SERVER_POST_INIT, post_jail_init,
0); 0);
} }

3
postfix/src/smtp/smtp_chat.c
View File

@@ -260,14 +260,13 @@ void smtp_chat_notify(SMTP_STATE *state)
* mail bounce wars. Always prepend one space to message content that we * mail bounce wars. Always prepend one space to message content that we
* generate from untrusted data. * generate from untrusted data.
*/ */
#define NULL_CLEANUP_FLAGS 0
#define NULL_TRACE_FLAGS 0 #define NULL_TRACE_FLAGS 0
#define LENGTH 78 #define LENGTH 78
#define INDENT 4 #define INDENT 4
notice = post_mail_fopen_nowait(mail_addr_double_bounce(), notice = post_mail_fopen_nowait(mail_addr_double_bounce(),
var_error_rcpt, var_error_rcpt,
NULL_CLEANUP_FLAGS, CLEANUP_FLAG_MASK_INTERNAL,
NULL_TRACE_FLAGS); NULL_TRACE_FLAGS);
if (notice == 0) { if (notice == 0) {
msg_warn("postmaster notify: %m"); msg_warn("postmaster notify: %m");

2
postfix/src/smtpd/Makefile.in
View File

@@ -147,6 +147,7 @@ smtpd.o: ../../include/quote_822_local.h
smtpd.o: ../../include/quote_flags.h smtpd.o: ../../include/quote_flags.h
smtpd.o: ../../include/lex_822.h smtpd.o: ../../include/lex_822.h
smtpd.o: ../../include/namadr_list.h smtpd.o: ../../include/namadr_list.h
smtpd.o: ../../include/input_transp.h
smtpd.o: ../../include/mail_server.h smtpd.o: ../../include/mail_server.h
smtpd.o: smtpd_token.h smtpd.o: smtpd_token.h
smtpd.o: smtpd.h smtpd.o: smtpd.h
@@ -226,6 +227,7 @@ smtpd_check.o: ../../include/mail_addr.h
smtpd_check.o: ../../include/verify_clnt.h smtpd_check.o: ../../include/verify_clnt.h
smtpd_check.o: ../../include/deliver_request.h smtpd_check.o: ../../include/deliver_request.h
smtpd_check.o: ../../include/recipient_list.h smtpd_check.o: ../../include/recipient_list.h
smtpd_check.o: ../../include/input_transp.h
smtpd_check.o: smtpd.h smtpd_check.o: smtpd.h
smtpd_check.o: ../../include/mail_stream.h smtpd_check.o: ../../include/mail_stream.h
smtpd_check.o: smtpd_sasl_glue.h smtpd_check.o: smtpd_sasl_glue.h

56
postfix/src/smtpd/smtpd.c
View File

@@ -72,6 +72,23 @@
/* either bounces mail or re-injects the result back into Postfix. /* either bounces mail or re-injects the result back into Postfix.
/* This parameter uses the same syntax as the right-hand side of /* This parameter uses the same syntax as the right-hand side of
/* a Postfix transport table. /* a Postfix transport table.
/* .IP \fBreceive_override_options\fB
/* The following options override \fBmain.cf\fR settings.
/* The options are either implemented by the SMTP server or
/* are passed on to the downstream cleanup server.
/* .RS
/* .IP \fBno_unknown_recipient_checks\fR
/* Do not try to reject unknown recipients. This is typically specified
/* with the SMTP server \fBafter\fR an external content filter.
/* .IP \fBno_address_mappings\fR
/* Disable canonical address mapping, virtual alias map expansion,
/* address masquerading, and automatic BCC recipients. This is
/* typically specified with the SMTP server \fBbefore\fR an external
/* content filter.
/* .IP \fBno_header_body_checks\fR
/* Disable header/body_checks. This is typically specified with the
/* SMTP server \fBafter\fR an external content filter.
/* .RE
/* .SH "Authentication controls" /* .SH "Authentication controls"
/* .IP \fBenable_sasl_authentication\fR /* .IP \fBenable_sasl_authentication\fR
/* Enable per-session authentication as per RFC 2554 (SASL). /* Enable per-session authentication as per RFC 2554 (SASL).
@@ -396,6 +413,7 @@
#include <quote_822_local.h> #include <quote_822_local.h>
#include <lex_822.h> #include <lex_822.h>
#include <namadr_list.h> #include <namadr_list.h>
#include <input_transp.h>
/* Single-threaded server skeleton. */ /* Single-threaded server skeleton. */
@@ -484,10 +502,10 @@ char *var_verp_clients;
int var_show_unk_rcpt_table; int var_show_unk_rcpt_table;
int var_verify_poll_count; int var_verify_poll_count;
int var_verify_poll_delay; int var_verify_poll_delay;
char *var_smtpd_proxy_filt; char *var_smtpd_proxy_filt;
int var_smtpd_proxy_tmout; int var_smtpd_proxy_tmout;
char *var_smtpd_proxy_ehlo; char *var_smtpd_proxy_ehlo;
char *var_input_transp;
/* /*
* Silly little macros. * Silly little macros.
@@ -503,6 +521,11 @@ char *var_smtpd_proxy_ehlo;
static NAMADR_LIST *verp_clients; static NAMADR_LIST *verp_clients;
/*
* Other application-specific globals.
*/
int smtpd_input_transp_mask;
/* /*
* Forward declarations. * Forward declarations.
*/ */
@@ -624,6 +647,7 @@ static void mail_open_stream(SMTPD_STATE *state, SMTPD_TOKEN *argv,
const char *encoding, const char *verp_delims) const char *encoding, const char *verp_delims)
{ {
char *postdrop_command; char *postdrop_command;
int cleanup_flags;
/* /*
* XXX 2821: An SMTP server is not allowed to "clean up" mail except in * XXX 2821: An SMTP server is not allowed to "clean up" mail except in
@@ -641,14 +665,18 @@ static void mail_open_stream(SMTPD_STATE *state, SMTPD_TOKEN *argv,
* If running from the master or from inetd, connect to the cleanup * If running from the master or from inetd, connect to the cleanup
* service. * service.
*/ */
#define SMTPD_CLEANUP_FLAGS (CLEANUP_FLAG_FILTER | CLEANUP_FLAG_BCC_OK) cleanup_flags = CLEANUP_FLAG_MASK_EXTERNAL;
if (smtpd_input_transp_mask & INPUT_TRANSP_ADDRESS_MAPPING)
cleanup_flags &= ~(CLEANUP_FLAG_BCC_OK | CLEANUP_FLAG_MAP_OK);
if (smtpd_input_transp_mask & INPUT_TRANSP_HEADER_BODY)
cleanup_flags &= ~CLEANUP_FLAG_FILTER;
if (SMTPD_STAND_ALONE(state) == 0) { if (SMTPD_STAND_ALONE(state) == 0) {
state->dest = mail_stream_service(MAIL_CLASS_PUBLIC, state->dest = mail_stream_service(MAIL_CLASS_PUBLIC,
var_cleanup_service); var_cleanup_service);
if (state->dest == 0 if (state->dest == 0
|| attr_print(state->dest->stream, ATTR_FLAG_NONE, || attr_print(state->dest->stream, ATTR_FLAG_NONE,
ATTR_TYPE_NUM, MAIL_ATTR_FLAGS, SMTPD_CLEANUP_FLAGS, ATTR_TYPE_NUM, MAIL_ATTR_FLAGS, cleanup_flags,
ATTR_TYPE_END) != 0) ATTR_TYPE_END) != 0)
msg_fatal("unable to connect to the %s %s service", msg_fatal("unable to connect to the %s %s service",
MAIL_CLASS_PUBLIC, var_cleanup_service); MAIL_CLASS_PUBLIC, var_cleanup_service);
@@ -983,10 +1011,11 @@ static void mail_reset(SMTPD_STATE *state)
state->discard = 0; state->discard = 0;
/* /*
* Try to be nice. Don't bother when we lost the connection. * Try to be nice. Don't bother when we lost the connection. Don't bother
* waiting for a reply, it just increases latency.
*/ */
if (state->proxy) { if (state->proxy) {
(void) smtpd_proxy_cmd(state, SMTPD_PROX_WANT_ANY, "QUIT"); (void) smtpd_proxy_cmd(state, SMTPD_PROX_WANT_NONE, "QUIT");
smtpd_proxy_close(state); smtpd_proxy_close(state);
} }
} }
@@ -1648,7 +1677,7 @@ static void smtpd_proto(SMTPD_STATE *state)
} }
if (cmdp->flags & SMTPD_CMD_FLAG_FORBIDDEN) { if (cmdp->flags & SMTPD_CMD_FLAG_FORBIDDEN) {
msg_warn("%s sent non-SMTP command: %.100s", msg_warn("%s sent non-SMTP command: %.100s",
state->namaddr, vstring_str(state->buffer)); state->namaddr, vstring_str(state->buffer));
smtpd_chat_reply(state, "221 Error: I can break rules, too. Goodbye."); smtpd_chat_reply(state, "221 Error: I can break rules, too. Goodbye.");
break; break;
} }
@@ -1782,6 +1811,19 @@ static void pre_jail_init(char *unused_name, char **unused_argv)
#endif #endif
} }
/* post_jail_init - post-jail initialization */
static void post_jail_init(char *unused_name, char **unused_argv)
{
/*
* Initialize the receive transparency options: do we want unknown
* recipient checks, address mapping, header_body_checks?.
*/
smtpd_input_transp_mask =
input_transp_mask(VAR_INPUT_TRANSP, var_input_transp);
}
/* main - the main program */ /* main - the main program */
int main(int argc, char **argv) int main(int argc, char **argv)
@@ -1862,6 +1904,7 @@ int main(int argc, char **argv)
VAR_VERP_CLIENTS, DEF_VERP_CLIENTS, &var_verp_clients, 0, 0, VAR_VERP_CLIENTS, DEF_VERP_CLIENTS, &var_verp_clients, 0, 0,
VAR_SMTPD_PROXY_FILT, DEF_SMTPD_PROXY_FILT, &var_smtpd_proxy_filt, 0, 0, VAR_SMTPD_PROXY_FILT, DEF_SMTPD_PROXY_FILT, &var_smtpd_proxy_filt, 0, 0,
VAR_SMTPD_PROXY_EHLO, DEF_SMTPD_PROXY_EHLO, &var_smtpd_proxy_ehlo, 0, 0, VAR_SMTPD_PROXY_EHLO, DEF_SMTPD_PROXY_EHLO, &var_smtpd_proxy_ehlo, 0, 0,
VAR_INPUT_TRANSP, DEF_INPUT_TRANSP, &var_input_transp, 0, 0,
0, 0,
}; };
static CONFIG_RAW_TABLE raw_table[] = { static CONFIG_RAW_TABLE raw_table[] = {
@@ -1881,5 +1924,6 @@ int main(int argc, char **argv)
MAIL_SERVER_TIME_TABLE, time_table, MAIL_SERVER_TIME_TABLE, time_table,
MAIL_SERVER_PRE_INIT, pre_jail_init, MAIL_SERVER_PRE_INIT, pre_jail_init,
MAIL_SERVER_PRE_ACCEPT, pre_accept, MAIL_SERVER_PRE_ACCEPT, pre_accept,
MAIL_SERVER_POST_INIT, post_jail_init,
0); 0);
} }

6
postfix/src/smtpd/smtpd.h
View File

@@ -122,6 +122,12 @@ extern void smtpd_state_reset(SMTPD_STATE *);
void smtpd_peer_init(SMTPD_STATE *state); void smtpd_peer_init(SMTPD_STATE *state);
void smtpd_peer_reset(SMTPD_STATE *state); void smtpd_peer_reset(SMTPD_STATE *state);
/*
* Transparency: before mail is queued, do we check for unknown recipients,
* do we allow address mapping, automatic bcc, header/body checks?
*/
int smtpd_input_transp_mask;
/* LICENSE /* LICENSE
/* .ad /* .ad
/* .fi /* .fi

3
postfix/src/smtpd/smtpd_chat.c
View File

@@ -214,14 +214,13 @@ void smtpd_chat_notify(SMTPD_STATE *state)
* mail bounce wars. Always prepend one space to message content that we * mail bounce wars. Always prepend one space to message content that we
* generate from untrusted data. * generate from untrusted data.
*/ */
#define NULL_CLEANUP_FLAGS 0
#define NULL_TRACE_FLAGS 0 #define NULL_TRACE_FLAGS 0
#define LENGTH 78 #define LENGTH 78
#define INDENT 4 #define INDENT 4
notice = post_mail_fopen_nowait(mail_addr_double_bounce(), notice = post_mail_fopen_nowait(mail_addr_double_bounce(),
var_error_rcpt, var_error_rcpt,
NULL_CLEANUP_FLAGS, CLEANUP_FLAG_MASK_INTERNAL,
NULL_TRACE_FLAGS); NULL_TRACE_FLAGS);
if (notice == 0) { if (notice == 0) {
msg_warn("postmaster notify: %m"); msg_warn("postmaster notify: %m");

3
postfix/src/smtpd/smtpd_check.c
View File

@@ -319,6 +319,7 @@
#include <mail_proto.h> #include <mail_proto.h>
#include <mail_addr.h> #include <mail_addr.h>
#include <verify_clnt.h> #include <verify_clnt.h>
#include <input_transp.h>
/* Application-specific. */ /* Application-specific. */
@@ -3294,6 +3295,8 @@ static int check_rcpt_maps(SMTPD_STATE *state, const char *recipient)
* Duplicate suppression. There's an implicit check_recipient_maps * Duplicate suppression. There's an implicit check_recipient_maps
* restriction at the end of all recipient restrictions. * restriction at the end of all recipient restrictions.
*/ */
if (smtpd_input_transp_mask & INPUT_TRANSP_UNKNOWN_RCPT)
return (0);
if (state->rcptmap_checked == 1) if (state->rcptmap_checked == 1)
return (0); return (0);
state->rcptmap_checked = 1; state->rcptmap_checked = 1;

47
postfix/src/smtpd/smtpd_proxy.c
View File

@@ -11,7 +11,7 @@
/* .in +4 /* .in +4
/* /* other fields... */ /* /* other fields... */
/* VSTREAM *proxy; /* connection to SMTP proxy */ /* VSTREAM *proxy; /* connection to SMTP proxy */
/* VSTRING *proxy_reply; /* last SMTP proxy response */ /* VSTRING *proxy_buffer; /* last SMTP proxy response */
/* /* other fields... */ /* /* other fields... */
/* .in -4 /* .in -4
/* } SMTPD_STATE; /* } SMTPD_STATE;
@@ -56,17 +56,17 @@
/* MAIL FROM command, and receives the reply. A non-zero result means /* MAIL FROM command, and receives the reply. A non-zero result means
/* trouble: either the proxy is unavailable, or it did not send the /* trouble: either the proxy is unavailable, or it did not send the
/* expected reply. /* expected reply.
/* All results are reported via the state->proxy_reply field in a form /* All results are reported via the state->proxy_buffer field in a form
/* that can be sent to the SMTP client. In case of error, the /* that can be sent to the SMTP client. In case of error, the
/* state->error_mask and state->err fields are updated. /* state->error_mask and state->err fields are updated.
/* A state->proxy_reply field is created automatically; this field /* A state->proxy_buffer field is created automatically; this field
/* persists beyond the end of a proxy session. /* persists beyond the end of a proxy session.
/* /*
/* smtpd_proxy_cmd() formats and sends the specified command to the /* smtpd_proxy_cmd() formats and sends the specified command to the
/* proxy server, and receives the proxy server reply. A non-zero result /* proxy server, and receives the proxy server reply. A non-zero result
/* means trouble: either the proxy is unavailable, or it did not send the /* means trouble: either the proxy is unavailable, or it did not send the
/* expected reply. /* expected reply.
/* All results are reported via the state->proxy_reply field in a form /* All results are reported via the state->proxy_buffer field in a form
/* that can be sent to the SMTP client. In case of error, the /* that can be sent to the SMTP client. In case of error, the
/* state->error_mask and state->err fields are updated. /* state->error_mask and state->err fields are updated.
/* /*
@@ -100,12 +100,14 @@
/* Expected proxy server reply status code range. A warning is logged /* Expected proxy server reply status code range. A warning is logged
/* when an unexpected reply is received. Specify one of the following: /* when an unexpected reply is received. Specify one of the following:
/* .RS /* .RS
/* .IP SMTPD_PROX_WANT_ANY
/* The caller has no expectation. Do not warn for unexpected replies.
/* .IP SMTPD_PROX_WANT_OK /* .IP SMTPD_PROX_WANT_OK
/* The caller expects a reply in the 200 range. /* The caller expects a reply in the 200 range.
/* .IP SMTPD_PROX_WANT_MORE /* .IP SMTPD_PROX_WANT_MORE
/* The caller expects a reply in the 300 range. /* The caller expects a reply in the 300 range.
/* .IP SMTPD_PROX_WANT_ANY
/* The caller has no expectation. Do not warn for unexpected replies.
/* .IP SMTPD_PROX_WANT_NONE
/* Do not bother waiting for a reply.
/* .RE /* .RE
/* .IP format /* .IP format
/* A format string. /* A format string.
@@ -200,7 +202,8 @@ int smtpd_proxy_open(SMTPD_STATE *state, const char *service,
* Get server greeting banner. * Get server greeting banner.
* *
* If this fails then we have a problem because the proxy should always * If this fails then we have a problem because the proxy should always
* accept our connection. * accept our connection. Make up our own response instead of passing
* back the greeting banner: the client expects a MAIL FROM reply.
*/ */
if (smtpd_proxy_cmd(state, SMTPD_PROX_WANT_OK, SMTPD_PROXY_CONNECT) != 0) { if (smtpd_proxy_cmd(state, SMTPD_PROX_WANT_OK, SMTPD_PROXY_CONNECT) != 0) {
vstring_sprintf(state->proxy_buffer, vstring_sprintf(state->proxy_buffer,
@@ -210,10 +213,10 @@ int smtpd_proxy_open(SMTPD_STATE *state, const char *service,
} }
/* /*
* Send our own EHLO command. * Send our own EHLO command. If this fails then we have a problem
* * because the proxy should always accept our EHLO command. Make up our
* If this fails then we have a problem because the proxy should always * own response instead of passing back the EHLO reply: the client
* accept our EHLO command. * expects a MAIL FROM reply.
*/ */
if (smtpd_proxy_cmd(state, SMTPD_PROX_WANT_OK, "EHLO %s", ehlo_name) != 0) { if (smtpd_proxy_cmd(state, SMTPD_PROX_WANT_OK, "EHLO %s", ehlo_name) != 0) {
vstring_sprintf(state->proxy_buffer, vstring_sprintf(state->proxy_buffer,
@@ -234,9 +237,9 @@ int smtpd_proxy_open(SMTPD_STATE *state, const char *service,
return (0); return (0);
} }
/* smtpd_proxy_comms_error - report proxy communication error */ /* smtpd_proxy_rdwr_error - report proxy communication error */
static int smtpd_proxy_comms_error(VSTREAM *stream, int err) static int smtpd_proxy_rdwr_error(VSTREAM *stream, int err)
{ {
switch (err) { switch (err) {
case SMTP_ERR_EOF: case SMTP_ERR_EOF:
@@ -246,7 +249,7 @@ static int smtpd_proxy_comms_error(VSTREAM *stream, int err)
msg_warn("timeout talking to proxy %s", VSTREAM_PATH(stream)); msg_warn("timeout talking to proxy %s", VSTREAM_PATH(stream));
return (err); return (err);
default: default:
msg_panic("smtpd_proxy_comms_error: unknown proxy %s stream error %d", msg_panic("smtpd_proxy_rdwr_error: unknown proxy %s stream error %d",
VSTREAM_PATH(stream), err); VSTREAM_PATH(stream), err);
} }
} }
@@ -287,7 +290,7 @@ int smtpd_proxy_cmd(SMTPD_STATE *state, int expect, const char *fmt,...)
|| vstream_ferror(state->proxy) || vstream_ferror(state->proxy)
|| vstream_feof(state->proxy) || vstream_feof(state->proxy)
|| ((err = vstream_setjmp(state->proxy) != 0) || ((err = vstream_setjmp(state->proxy) != 0)
&& smtpd_proxy_comms_error(state->proxy, err))) { && smtpd_proxy_rdwr_error(state->proxy, err))) {
state->error_mask |= MAIL_ERROR_SOFTWARE; state->error_mask |= MAIL_ERROR_SOFTWARE;
state->err |= CLEANUP_STAT_PROXY; state->err |= CLEANUP_STAT_PROXY;
vstring_sprintf(state->proxy_buffer, vstring_sprintf(state->proxy_buffer,
@@ -325,6 +328,13 @@ int smtpd_proxy_cmd(SMTPD_STATE *state, int expect, const char *fmt,...)
state->proxy); state->proxy);
} }
/*
* Early return if we don't want to wait for a server reply (such as
* after sending QUIT.
*/
if (expect == SMTPD_PROX_WANT_NONE)
return (0);
/* /*
* Censor out non-printable characters in server responses and keep the * Censor out non-printable characters in server responses and keep the
* last line of multi-line responses. * last line of multi-line responses.
@@ -362,8 +372,7 @@ int smtpd_proxy_cmd(SMTPD_STATE *state, int expect, const char *fmt,...)
* Log a warning in case the proxy does not send the expected response. * Log a warning in case the proxy does not send the expected response.
* Silently accept any response when the client expressed no expectation. * Silently accept any response when the client expressed no expectation.
*/ */
if (expect != SMTPD_PROX_WANT_ANY if (expect != SMTPD_PROX_WANT_ANY && expect != *STR(state->proxy_buffer)) {
&& expect != (STR(state->proxy_buffer)[0] - '0')) {
va_start(ap, fmt); va_start(ap, fmt);
smtpd_proxy_cmd_error(state, fmt, ap); smtpd_proxy_cmd_error(state, fmt, ap);
va_end(ap); va_end(ap);
@@ -387,7 +396,7 @@ int smtpd_proxy_rec_put(VSTREAM *stream, int rec_type,
|| vstream_feof(stream)) || vstream_feof(stream))
return (REC_TYPE_ERROR); return (REC_TYPE_ERROR);
if ((err = vstream_setjmp(stream)) != 0) if ((err = vstream_setjmp(stream)) != 0)
return (smtpd_proxy_comms_error(stream, err), REC_TYPE_ERROR); return (smtpd_proxy_rdwr_error(stream, err), REC_TYPE_ERROR);
/* /*
* Send one content record. Errors and results must be as with rec_put(). * Send one content record. Errors and results must be as with rec_put().
@@ -416,7 +425,7 @@ int smtpd_proxy_rec_fprintf(VSTREAM *stream, int rec_type,
|| vstream_feof(stream)) || vstream_feof(stream))
return (REC_TYPE_ERROR); return (REC_TYPE_ERROR);
if ((err = vstream_setjmp(stream)) != 0) if ((err = vstream_setjmp(stream)) != 0)
return (smtpd_proxy_comms_error(stream, err), REC_TYPE_ERROR); return (smtpd_proxy_rdwr_error(stream, err), REC_TYPE_ERROR);
/* /*
* Send one content record. Errors and results must be as with * Send one content record. Errors and results must be as with

7
postfix/src/smtpd/smtpd_proxy.h
View File

@@ -18,9 +18,10 @@
/* /*
* Application-specific. * Application-specific.
*/ */
#define SMTPD_PROX_WANT_ANY 0 #define SMTPD_PROX_WANT_NONE '\0' /* Do not receive reply */
#define SMTPD_PROX_WANT_OK 2 #define SMTPD_PROX_WANT_ANY '0' /* Expect any reply */
#define SMTPD_PROX_WANT_MORE 3 #define SMTPD_PROX_WANT_OK '2' /* Expect 2XX reply */
#define SMTPD_PROX_WANT_MORE '3' /* Expect 3XX reply */
extern int smtpd_proxy_open(SMTPD_STATE *, const char *, int, const char *, const char *); extern int smtpd_proxy_open(SMTPD_STATE *, const char *, int, const char *, const char *);
extern int smtpd_proxy_cmd(SMTPD_STATE *, int, const char *,...); extern int smtpd_proxy_cmd(SMTPD_STATE *, int, const char *,...);

3
postfix/src/verify/verify.c
View File

@@ -410,7 +410,6 @@ static void verify_query_service(VSTREAM *client_stream)
(addr_status == DEL_RCPT_STAT_OK && updated + var_verify_pos_try < now) (addr_status == DEL_RCPT_STAT_OK && updated + var_verify_pos_try < now)
#define NEGATIVE_REFRESH_NEEDED(addr_status, updated) \ #define NEGATIVE_REFRESH_NEEDED(addr_status, updated) \
(addr_status != DEL_RCPT_STAT_OK && updated + var_verify_neg_try < now) (addr_status != DEL_RCPT_STAT_OK && updated + var_verify_neg_try < now)
#define NULL_CLEANUP_FLAGS 0
if (now - probed > PROBE_TTL if (now - probed > PROBE_TTL
&& (POSITIVE_REFRESH_NEEDED(addr_status, updated) && (POSITIVE_REFRESH_NEEDED(addr_status, updated)
@@ -420,7 +419,7 @@ static void verify_query_service(VSTREAM *client_stream)
STR(addr), addr_status, now, updated); STR(addr), addr_status, now, updated);
post_mail_fopen_async(strcmp(var_verify_sender, "<>") == 0 ? post_mail_fopen_async(strcmp(var_verify_sender, "<>") == 0 ?
"" : var_verify_sender, STR(addr), "" : var_verify_sender, STR(addr),
NULL_CLEANUP_FLAGS, CLEANUP_FLAG_MASK_INTERNAL,
DEL_REQ_FLAG_VERIFY, DEL_REQ_FLAG_VERIFY,
verify_post_mail_action, verify_post_mail_action,
(void *) 0); (void *) 0);