mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-30 05:38:06 +00:00
Code Issues Releases Wiki Activity

postfix-2.4.0

Browse Source
This commit is contained in:
Wietse Venema 2007-03-28 00:00:00 -05:00 committed by Viktor Dukhovni
parent 39195f053d
commit 453b66fac7
15 changed files with 351 additions and 559 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

260
postfix/HISTORY
View File

@ -13396,263 +13396,3 @@ Apologies for any names omitted.
Workaround: Eric Raymond's man page formatters don't handle
low-level *roff .in or .ti controls. We now use .nf and .fi
instead. Files: many.
Wish list:
Remove defer(8) and trace(8) references and man pages. These
are services not program names.
Bind all deliveries to the same local delivery process,
making Postfix perform as poorly as monolithic mailers,
but giving a possibility to eliminate duplicate deliveries.
Maybe declare loop when resolve_local(mxhost) is true?
Update message content length when adding/removing headers.
Need scache size limit.
Update BACKSCATTER_README to use PCRE because that's what I
am using now.
Make postcat header/body aware so people can grep headers.
Make postmap header/body aware so people can test multi-line
header checks.
REDIRECT should override original recipient info, and
probably override DSN as well.
Find out if with Sendmail, a Milter "add recipient" request
results in NOTIFY=NONE as Postfix does now.
Update FILTER_README with mailing list suggestions to tag
with a badness indicator and then filter down-stream.
Either document or remove the internal_mail_filter_classes
feature (it's disabled by default).
Build a command-line test driver for the cleanup engine.
This allows us to test it with arbitrary record sequences
without having to use a live mail queue.
Make null local-part handling configurable: either expand
into mailer-daemon (current bahavior) or disallow (strict
behavior, currently implemented only in the SMTP server).
The type of var_message_limit should be changed from int
to long or better, to take advantage of LP64 architectures.
This also requires checking all expressions in which
var_message_limit appears.
Add M flag (enable multi-recipient delivery) to pipe daemon.
The usage of TLScontext->cache_type is unclear. It specifies
a TLS session cache type (smtpd, smtp, or lmtp), but it is
sometimes used as an indicator that TLS session caching is
unavailable. In reality, that decision is made by not
registering call-back functions for cache maintenance.
Postfix TLS library code should copy any strings that it
receives from the application, instead of passing them
around as pointers. TLScontext->cache_type is a case in
point.
Are transport:nexthop null fields the same as in the case
of default_transport etc. parameters?
Don't lose bits when converting st_dev into maildir file
name. It's 64 bits on Linux. Found with the BEAM source
code analyzer. Is this really a problem, or are they just
using 64 bits for upwards compatibility with LP64 systems?
Do or don't introduce unknown_reverse_client_reject_code.
Check that "UINT32 == unsigned int" choice is ok (i.e. LP64
UNIX).
Tempfail when a Milter application wants content access,
while it is configured in an SMTP server that runs before
the smtpd_proxy filter.
Log DSN original recipient when rejecting mail.
Keep whitespace between label and ":"?
Make the map case folding/locking options configurable, if
not at run-time then at least at compile time so we get
consistent behavior across applications.
Investigate what it would take to eliminate oqmgr, and to
make the old behavior configurable in a unified queue
manager. This would shave another 2.7 KLOC from the source
footprint.
Document the case folding strategy for match_list like
features.
Eliminate the (incoming,deferred)->active rename operation.
Softbounce fallback-to-ISP for SOHO users. This requires
playing with the soft_error test in the smtp_trouble.c
module, and avoiding delivery to backup MX hosts.
In the SMTP server, set a "pipelining detected" flag at the
start of a session and at protocol synchronization points,
so that reject_unauth_pipelining can be specified in any
access rule.
Centralize main.cf parameter input so that defaults work
consistently. What about parameter names that are prefixed
with mail delivery transport names?
Fix default time unit handling so that we can have a default
bounce lifetime of $maximal_queue_lifetime, without causing
panics when a non-default maximal_queue_lifetime setting
includes no time unit.
After the 20051222 ISASCII paranoia, lowercase() lowercases
ASCII text only.
Privacy: remove local command/pathname details from remote
delivery status reports, and log them via local msg_warn().
Is it safe to cache a connection after it has been used for
more than some number of address verification probes?
Try to recognize that Resent- headers appear in blocks,
newest block first. But don't break on incorrect header
block organization.
Hard limits on cache sizes (anvil, specifically).
Laptop friendliness: make the qmgr remember when the next
deferred queue scan needs to be done, and have the pickup
server stat() the maildrop directory before searching it.
Low: replace_sender/replace_recipient actions in access
maps?
Low: configurable order of local(8) delivery methods.
Med: local and remote source port and IP address for smtpd
policy hook.
Med: smtp_connect_timeout_budget (default: 3x smtp_connect_timeout)
to limit the total time spent trying to connect.
Med: transform IPv4-in-IPv6 address literals to IPv4 form
when comparing against local IP addresses?
Med: transform IPv4-in-IPv6 address literals to IPv4 form
when eliminating MX mailer loops?
Med: Postfix requires [] around IPv6 address information
in match lists such as mynetworks, debug_peer_list etc.,
but the [] must not be specified in access(5) maps. Other
places don't care. For now, this gotcha is documented in
IPV6_README and in postconf(5) with each feature that may
use IPv6 address information. The general recommendation
is not to use [] unless absolutely necessary.
Med: the partial address matching of IPv6 addresses in
access(5) maps is a bit lame: it repeatedly truncates the
last ":octetpair" from the printable address representation
until a match is found or until truncation is no longer
possible. Since one or more ":" are usually omitted from
the printable IPv6 address representation, this does not
really try all the possibilities that one might expect to
be tried. For now, this gotcha is documented in access(5).
Med: the TLS certificate verification depth parameters never
worked.
Low: reject HELO with any domain name or IP address that
this MTA is the final destination for.
Low: should the Delivered-To: test in local(8) be configurable?
Low: make mail_addr_find() lookup configurable.
Low: update events.c so that 1-second timer requests do not
suffer from rounding errors. This is needed for 1-second
SMTP session caching time limits. A 1-second interval would
become arbitrarily short when an event is scheduled just
before the current second rolls over.
Low: configurable internal/system locking method.
Low: add INSTALL section for pre-existing Postfix systems.
Low: add INSTALL section for pre-existing RPM Postfixes.
Low: disallow smtpd_recipient_limit < 100 (the RFC minimum).
Low: noise filter: allow smtp(8) to retry immediately if
all MXes return a quick ECONNRESET or 4xx reply during the
initial handshake. Retry once? How many times?
Low: make post-install a "postfix-only script" so it can
take data from the environment instead of main.cf.
Low: randomize deferred mail backoff.
Med: separate ulimit for delivery to command?
Med: option to open queue file early, after MAIL FROM. This
would allow correlation of rejected RCPT TO requests with
accepted requests for the same mail transaction.
Med: postsuper -r should do something with recipients in
bounce logfiles, to make sure the sender will be notified.
To be perfectly safe, no process other than the queue manager
should move a queue file away from the active queue.
This could involve tagging a queue file, and use up another
permission bit (postsuper tags a "hot" file, qmgr requeues it).
Low: postsuper re-run after renaming files, but only a
limited number of times.
Low: smtp-source may block when sending large test messages.
Med: find a way to log the sender address when MAIL FROM
is rejected due to lack of disk space.
Low: revise other local delivery agent duplicate filters.
Low: all table lookups should consistently use internalized
(unquoted) or externalized (quoted) forms as lookup keys.
smtpd, qmgr, local, etc. use unquoted address forms as keys.
cleanup uses quoted forms.
Low: have a configurable list of errno values for mailbox
or maildir delivery that result in deferral rather than
bouncing mail. What about "killed by signal" exits?
Low: after reorganizing configuration parameters, add flags
to all parameters whose value can be read from file.
Medium: need in-process caching for map lookups. LDAP servers
seem to need this in particular. Need a way to expire cached
results that are too old.
Low: generic showq protocol, to allow for more intelligent
processing than just mailq. Maybe marry this with postsuper.
Low: default domain for appending to unqualified recipients,
so that unqualified names can be delivered locally.
Low: The $process_id_directory setting is not used anywhere
in Postfix. Problem reported by Michael Smith, texas.net.
This should be documented, or better, the code should warn
about attempts to set read-only parameters.
Low: postconf -e edits parameters that postconf won't list.
Low: while converting 8bit text to quoted-printable, perhaps
use =46rom to avoid having to produce >From when delivering
to mailbox.
virtual_mailbox_path expression like forward_path, so that
people can specify prefix and suffix.

40
postfix/README_FILES/BACKSCATTER_README
View File

@ -4,7 +4,11 @@ PPoossttffiixx BBaacckkssccaatttteerr HHoowwttoo
OOvveerrvviieeww
This document describes features that require Postfix version 2.0 or later.
This document describes features that require Postfix version 2.0 or later. The
examples use Perl Compatible Regular Expressions (Postfix pcre: tables), but
also provide a translation to POSIX regular expressions (Postfix regexp:
tables). PCRE is preferred primarily because the implementation is often
faster.
Topics covered in this document:
@ -97,8 +101,8 @@ To block such backscatter I use header_checks and body_checks patterns like
this:
/etc/postfix/main.cf:
header_checks = regexp:/etc/postfix/header_checks
body_checks = regexp:/etc/postfix/body_checks
header_checks = pcre:/etc/postfix/header_checks
body_checks = pcre:/etc/postfix/body_checks
/etc/postfix/header_checks:
if /^Received:/
@ -107,7 +111,7 @@ this:
/^Received: +from +[^ ]+ +\(([^ ]+ +[he]+lo=|[he]+lo +)
(porcupine\.org)\)/
reject forged client name in Received: header: $2
/^Received:.* +by +(porcupine\.org)[[:>:]]/
/^Received:.* +by +(porcupine\.org)\b/
reject forged mail server name in Received: header: $1
endif
/^Message-ID:.* <!&!/ DUNNO
@ -121,7 +125,7 @@ this:
/^[> ]*Received: +from +[^ ]+ +\(([^ ]+ +[he]+lo=|[he]+lo +)
(porcupine\.org)\)/
reject forged client name in Received: header: $2
/^[> ]*Received:.* +by +(porcupine\.org)[[:>:]]/
/^[> ]*Received:.* +by +(porcupine\.org)\b/
reject forged mail server name in Received: header: $1
endif
/^[> ]*Message-ID:.* <!&!/ DUNNO
@ -130,6 +134,9 @@ this:
Notes:
* The example uses pcre: tables mainly for speed; with minor modifications,
you can use regexp: tables as explained below.
* The example is simplified for educational purposes. In reality my patterns
list multiple domain names, as "(domain|domain|...)".
@ -139,8 +146,9 @@ Notes:
* The "\(" and "\)" match "(" and ")" literally. Without the "\", the "(" and
")" would be grouping operators.
* The "[[:>:]]" matches the end of a word. On some systems you should specify
"\>" instead. For details see your system documentation.
* The "\b" is used here to match the end of a word. If you use regexp:
tables, specify "[[:>:]]" (on some systems you should specify "\>" instead;
for details see your system documentation).
* The "if /pattern/" and "endif" eliminate unnecessary matching attempts. DO
NOT indent lines starting with /pattern/ between the "if" and "endif"!
@ -202,25 +210,29 @@ the backscatter mail that I get claims to be sent from these addresses. Such
mail is obviously forged and is very easy to stop.
/etc/postfix/main.cf:
header_checks = regexp:/etc/postfix/header_checks
body_checks = regexp:/etc/postfix/body_checks
header_checks = pcre:/etc/postfix/header_checks
body_checks = pcre:/etc/postfix/body_checks
/etc/postfix/header_checks:
/^(From|Return-Path):.*[[:<:]](user@domain\.tld)[[:>:]]/
/^(From|Return-Path):.*\b(user@domain\.tld)\b/
reject forged sender address in $1: header: $2
/etc/postfix/body_checks:
/^[> ]*(From|Return-Path):.*[[:<:]](user@domain\.tld)[[:>:]]/
/^[> ]*(From|Return-Path):.*\b(user@domain\.tld)\b/
reject forged sender address in $1: header: $2
Notes:
* The example uses pcre: tables mainly for speed; with minor modifications,
you can use regexp: tables as explained below.
* The example is simplified for educational purposes. In reality, my patterns
list multiple email addresses as "(user1@domain1\.tld|user2@domain2\.tld)".
* The "[[:<:]]" and "[[:>:]]" match the beginning and end of a word,
respectively. On some systems you should specify "\<" and "\>" instead. For
details see your system documentation.
* The two "\b" as used in "\b(user@domain\.tld)\b" match the beginning and
end of a word, respectively. If you use regexp: tables, specify "[[:<:]]
and [[:>:]]" (on some systems you should specify "\< and \>" instead; for
details see your system documentation).
* The "\." matches "." literally. Without the "\", the "." would match any
character.

11
postfix/README_FILES/OVERVIEW
View File

@ -209,12 +209,13 @@ queues.
Network -> smtpd(8) <-> anvil(8)
* The bounce(8), defer(8) and trace(8) servers each maintain their own queue
directory trees with per-message logfiles. This information is used to send
delivery or non-delivery notifications to the sender.
* The bounce(8), defer(8) and trace(8) services each maintain their own queue
directory trees with per-message logfiles. Postfix uses this information
when sending "failed", "delayed" or "success" delivery status notifications
to the sender.
The trace(8) service implements support for the Postfix "sendmail -bv" and
"sendmail -v" commands which produce reports about how Postfix delivers
The trace(8) service also implements support for the Postfix "sendmail -bv"
and "sendmail -v" commands which produce reports about how Postfix delivers
mail, and is available with Postfix version 2.1 and later. See DEBUG_README
for examples.

46
postfix/RELEASE_NOTES
View File

@ -14,6 +14,8 @@ specifies the release date of a stable release or snapshot release.
Major changes - critical
------------------------
See RELEASE_NOTES-2.3 if you upgrade from Postfix 2.2 or earlier.
[Incompat 20070122] To take advantage of the new support for BSD
kqueue, Linux epoll, or Solaris /dev/poll, you must restart (not
reload) Postfix after upgrading from Postfix 2.3.
@ -42,8 +44,8 @@ creates mailbox dotlock files on all systems. This prevents problems
with GNU POP3D which subverts kernel locking by creating a new
mailbox file and deleting the old one.
Major changes - milter
----------------------
Major changes - Milter support
------------------------------
[Feature 20070121] The support for Milter header modification
requests was revised. With minimal change in the on-disk representation,
@ -55,8 +57,13 @@ format is entirely backwards compatible with Postfix 2.3.
body. Postfix now implements all the header/body modification
requests that are available with Sendmail 8.13.
Major changes - tls
-------------------
[Incompat 20070116] A new field is added to the queue file "size"
record that specifies the message content length. Postfix 2.3 and
older Postfix 2.4 snapshots will ignore this field, and will report
the message size as it was before the body was replaced.
Major changes - TLS support
---------------------------
[Incompat 20061214] The check_smtpd_policy client sends TLS certificate
attributes (client ccert_subject, ccert_issuer) only after successful
@ -113,35 +120,34 @@ default_recipient_refill_delay (how long to wait between refill
operations). These two parameters act as defaults for optional
per-transport settings.
Major changes - delivery status notification
--------------------------------------------
Major changes - delivery status notifications
---------------------------------------------
[Incompat 20061209] Small changes were made to the default bounce
message templates, to prevent HTML-aware software from hiding or
removing the text "<postmaster>", and producing misleading text.
[Incompat 20060806] [Incompat 20060806] Postfix no longer announces
its name in delivery status notifications. Users believe that
Wietse provides a free help desk service that solves all their email
problems.
[Incompat 20060806] Postfix no longer announces its name in delivery
status notifications. Users believe that Wietse provides a free
help desk service that solves all their email problems.
Major changes - etrn
--------------------
Major changes - ETRN support
----------------------------
[Feature 20061217] More precise queue flushing with the ETRN,
"postqueue -s site", and "sendmail -qRsite" commands, after
minimization of race conditions. New per-queue-file flushing with
"postqueue -i queueid" and "sendmail -qIqueueid".
Major changes - small office/home office
----------------------------------------
Major changes - small office/home office support
------------------------------------------------
[Incompat 20061217] Postfix no longer requires a domain name. It
uses "localdomain" as the default Internet domain name when no
domain is specified via main.cf or via the machine's hostname.
Major changes - access control
------------------------------
Major changes - SMTP access control
-----------------------------------
[Incompat 20061214] The check_smtpd_policy client sends TLS certificate
attributes (client ccert_subject, ccert_issuer) only after successful
@ -190,11 +196,3 @@ on/off configurable. This introduces new parameters: smtp_pix_workarounds
(default: disable_esmtp, delay_dotcrlf) and smtp_pix_workaround_maps
(workarounds indexed by server IP address). The default settings
are backwards compatible.
Major changes - other
---------------------
[Incompat 20070116] A new field is added to the queue file "size"
record that specifies the message content length. Postfix 2.3 and
older Postfix 2.4 versions will ignore this field, and will report
the message size as it was before the body was replaced.

0
postfix/RELEASE_NOTES_2.3 → postfix/RELEASE_NOTES-2.3
View File

5
postfix/TODO
View File

@ -1,5 +0,0 @@
What needs to be done before Postfix 2.4.0 is finished:
- Update BACKSCATTER_README with PCRE rules.
- Truncate wish list from HISTORY.

7
postfix/conf/header_checks
View File

@ -66,6 +66,11 @@
# time, even when a message header spans multiple lines.
# Body lines are always examined one line at a time.
#
# COMPATIBILITY
# With Postfix version 2.2 and earlier specify "postmap -fq"
# to query a table that contains case sensitive patterns. By
# default, regexp: and pcre: patterns are case insensitive.
#
# TABLE FORMAT
# This document assumes that header and body_checks rules
# are specified in the form of Postfix regular expression
@ -289,7 +294,7 @@
# line is not carried over to the next line.
#
# o If text in the message body is encoded (RFC 2045)
# then the rules have to specified for the encoded
# then the rules need to be specified for the encoded
# form.
#
# o Likewise, when message headers are encoded (RFC

43
postfix/html/BACKSCATTER_README.html
View File

@ -21,7 +21,10 @@ Backscatter Howto</h1>
<h2>Overview </h2>
This document describes features that require Postfix version 2.0
or later.
or later. The examples use Perl Compatible Regular Expressions
(Postfix <a href="pcre_table.5.html">pcre</a>: tables), but also provide a translation to POSIX
regular expressions (Postfix <a href="regexp_table.5.html">regexp</a>: tables). PCRE is preferred
primarily because the implementation is often faster.</p>
<p> Topics covered in this document: </p>
@ -174,8 +177,8 @@ patterns like this: </p>
<blockquote>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#header_checks">header_checks</a> = <a href="regexp_table.5.html">regexp</a>:/etc/postfix/header_checks
<a href="postconf.5.html#body_checks">body_checks</a> = <a href="regexp_table.5.html">regexp</a>:/etc/postfix/body_checks
<a href="postconf.5.html#header_checks">header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/header_checks
<a href="postconf.5.html#body_checks">body_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/body_checks
/etc/postfix/header_checks:
if /^Received:/
@ -183,7 +186,7 @@ patterns like this: </p>
reject forged client name in Received: header: $1
/^Received: +from +[^ ]+ +\(([^ ]+ +[he]+lo=|[he]+lo +)(porcupine\.org)\)/
reject forged client name in Received: header: $2
/^Received:.* +by +(porcupine\.org)[[:&gt;:]]/
/^Received:.* +by +(porcupine\.org)\b/
reject forged mail server name in Received: header: $1
endif
/^Message-ID:.* &lt;!&amp;!/ DUNNO
@ -196,7 +199,7 @@ patterns like this: </p>
reject forged client name in Received: header: $1
/^[&gt; ]*Received: +from +[^ ]+ +\(([^ ]+ +[he]+lo=|[he]+lo +)(porcupine\.org)\)/
reject forged client name in Received: header: $2
/^[&gt; ]*Received:.* +by +(porcupine\.org)[[:&gt;:]]/
/^[&gt; ]*Received:.* +by +(porcupine\.org)\b/
reject forged mail server name in Received: header: $1
endif
/^[&gt; ]*Message-ID:.* &lt;!&amp;!/ DUNNO
@ -209,6 +212,9 @@ patterns like this: </p>
<ul>
<li> <p> The example uses <a href="pcre_table.5.html">pcre</a>: tables mainly for speed; with minor
modifications, you can use <a href="regexp_table.5.html">regexp</a>: tables as explained below. </p>
<li> <p> The example is simplified for educational purposes. In
reality my patterns list multiple domain names, as
"<tt>(domain|domain|...)</tt>". </p>
@ -220,9 +226,10 @@ the "<tt>\</tt>", the "<tt>.</tt>" would match any character. </p>
and "<tt>)</tt>" literally. Without the "<tt>\</tt>", the "<tt>(</tt>"
and "<tt>)</tt>" would be grouping operators. </p>
<li> <p> The "<tt>[[:&gt;:]]</tt>" matches the end of a word. On
some systems you should specify "<tt>\&gt;</tt>" instead. For details
see your system documentation. </p>
<li> <p> The "<tt>\b</tt>" is used here to match the end of a word.
If you use <a href="regexp_table.5.html">regexp</a>: tables, specify "<tt>[[:&gt;:]]</tt>" (on some
systems you should specify "<tt>\&gt;</tt>" instead; for details
see your system documentation).
<li> <p> The "if /pattern/" and "endif" eliminate unnecessary
matching attempts. DO NOT indent lines starting with /pattern/
@ -311,15 +318,15 @@ and is very easy to stop.
<blockquote>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#header_checks">header_checks</a> = <a href="regexp_table.5.html">regexp</a>:/etc/postfix/header_checks
<a href="postconf.5.html#body_checks">body_checks</a> = <a href="regexp_table.5.html">regexp</a>:/etc/postfix/body_checks
<a href="postconf.5.html#header_checks">header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/header_checks
<a href="postconf.5.html#body_checks">body_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/body_checks
/etc/postfix/header_checks:
/^(From|Return-Path):.*[[:&lt;:]](user@domain\.tld)[[:&gt;:]]/
/^(From|Return-Path):.*\b(user@domain\.tld)\b/
reject forged sender address in $1: header: $2
/etc/postfix/body_checks:
/^[&gt; ]*(From|Return-Path):.*[[:&lt;:]](user@domain\.tld)[[:&gt;:]]/
/^[&gt; ]*(From|Return-Path):.*\b(user@domain\.tld)\b/
reject forged sender address in $1: header: $2
</pre>
</blockquote>
@ -328,14 +335,18 @@ and is very easy to stop.
<ul>
<li> <p> The example uses <a href="pcre_table.5.html">pcre</a>: tables mainly for speed; with minor
modifications, you can use <a href="regexp_table.5.html">regexp</a>: tables as explained below. </p>
<li> <p> The example is simplified for educational purposes. In
reality, my patterns list multiple email addresses as
"<tt>(user1@domain1\.tld|user2@domain2\.tld)</tt>". </p>
<li> <p> The "<tt>[[:&lt;:]]</tt>" and "<tt>[[:&gt;:]]</tt>" match
the beginning and end of a word, respectively. On some systems you
should specify "<tt>\&lt;</tt>" and "<tt>\&gt;</tt>" instead. For
details see your system documentation. </p>
<li> <p> The two "<tt>\b</tt>" as used in "<tt>\b(user@domain\.tld)\b</tt>"
match the beginning and end of a word, respectively. If you use
<a href="regexp_table.5.html">regexp</a>: tables, specify "<tt>[[:&lt;:]]</tt> and <tt>[[:&gt;:]]</tt>"
(on some systems you should specify "<tt>\&lt;</tt> and <tt>\&gt;</tt>"
instead; for details see your system documentation). </p>
<li> <p> The "<tt>\.</tt>" matches "<tt>.</tt>" literally. Without
the "<tt>\</tt>", the "<tt>.</tt>" would match any character. </p>

11
postfix/html/OVERVIEW.html
View File

@ -460,12 +460,13 @@ bgcolor="#f0f0ff"> <br> <a href="smtpd.8.html">smtpd(8)</a><br><br> </td> <td> <
</table>
<li> <p> The <a href="bounce.8.html">bounce(8)</a>, <a href="defer.8.html">defer(8)</a> and <a href="trace.8.html">trace(8)</a> servers each maintain
their own queue directory trees with per-message logfiles. This
information is used to send delivery or non-delivery notifications
to the sender. </p>
<li> <p> The <a href="bounce.8.html">bounce(8)</a>, <a href="defer.8.html">defer(8)</a> and <a href="trace.8.html">trace(8)</a> services each maintain
their own queue directory trees with per-message logfiles. Postfix
uses this information when sending "failed", "delayed" or "success"
delivery status notifications to the sender. </p>
<p> The <a href="trace.8.html">trace(8)</a> service implements support for the Postfix "sendmail
<p> The <a href="trace.8.html">trace(8)</a> service also implements support for the Postfix
"sendmail
-bv" and "sendmail -v" commands which produce reports about how
Postfix delivers mail, and is available with Postfix version 2.1
and later. See <a href="DEBUG_README.html#trace_mail"> DEBUG_README

7
postfix/html/header_checks.5.html
View File

@ -72,6 +72,11 @@ HEADER_CHECKS(5) HEADER_CHECKS(5)
time, even when a message header spans multiple lines.
Body lines are always examined one line at a time.
<b>COMPATIBILITY</b>
With Postfix version 2.2 and earlier specify "<b>postmap -fq</b>"
to query a table that contains case sensitive patterns. By
default, <a href="regexp_table.5.html">regexp</a>: and <a href="pcre_table.5.html">pcre</a>: patterns are case insensitive.
<b>TABLE FORMAT</b>
This document assumes that header and <a href="postconf.5.html#body_checks">body_checks</a> rules
are specified in the form of Postfix regular expression
@ -295,7 +300,7 @@ HEADER_CHECKS(5) HEADER_CHECKS(5)
line is not carried over to the next line.
<b>o</b> If text in the message body is encoded (<a href="http://www.faqs.org/rfcs/rfc2045.html">RFC 2045</a>)
then the rules have to specified for the encoded
then the rules need to be specified for the encoded
form.
<b>o</b> Likewise, when message headers are encoded (<a href="http://www.faqs.org/rfcs/rfc2047.html">RFC</a>

17
postfix/man/man5/header_checks.5
View File

@ -8,17 +8,15 @@ Postfix built-in content inspection
.SH "SYNOPSIS"
.na
.nf
.nf
\fBheader_checks = pcre:/etc/postfix/header_checks\fR
.br
\fBmime_header_checks = pcre:/etc/postfix/mime_header_checks\fR
.br
\fBnested_header_checks = pcre:/etc/postfix/nested_header_checks\fR
.br
\fBbody_checks = pcre:/etc/postfix/body_checks\fR
.sp
\fBpostmap -q "\fIstring\fB" pcre:/etc/postfix/\fIfilename\fR
.br
\fBpostmap -q - pcre:/etc/postfix/\fIfilename\fR <\fIinputfile\fR
.fi
.SH DESCRIPTION
.ad
.fi
@ -66,6 +64,15 @@ message headers is treated as body content.
Note: message headers are examined one logical header at a time,
even when a message header spans multiple lines. Body lines are
always examined one line at a time.
.SH "COMPATIBILITY"
.na
.nf
.ad
.fi
With Postfix version 2.2 and earlier specify "\fBpostmap
-fq\fR" to query a table that contains case sensitive
patterns. By default, regexp: and pcre: patterns are case
insensitive.
.SH "TABLE FORMAT"
.na
.nf
@ -273,7 +280,7 @@ line at a time. A decision made for one line is not carried over
to the next line.
.IP \(bu
If text in the message body is encoded
(RFC 2045) then the rules have to specified for the encoded
(RFC 2045) then the rules need to be specified for the encoded
form.
.IP \(bu
Likewise, when message headers are encoded (RFC

43
postfix/proto/BACKSCATTER_README.html
View File

@ -21,7 +21,10 @@ Backscatter Howto</h1>
<h2>Overview </h2>
This document describes features that require Postfix version 2.0
or later.
or later. The examples use Perl Compatible Regular Expressions
(Postfix pcre: tables), but also provide a translation to POSIX
regular expressions (Postfix regexp: tables). PCRE is preferred
primarily because the implementation is often faster.</p>
<p> Topics covered in this document: </p>
@ -174,8 +177,8 @@ patterns like this: </p>
<blockquote>
<pre>
/etc/postfix/main.cf:
header_checks = regexp:/etc/postfix/header_checks
body_checks = regexp:/etc/postfix/body_checks
header_checks = pcre:/etc/postfix/header_checks
body_checks = pcre:/etc/postfix/body_checks
/etc/postfix/header_checks:
if /^Received:/
@ -183,7 +186,7 @@ patterns like this: </p>
reject forged client name in Received: header: $1
/^Received: +from +[^ ]+ +\(([^ ]+ +[he]+lo=|[he]+lo +)(porcupine\.org)\)/
reject forged client name in Received: header: $2
/^Received:.* +by +(porcupine\.org)[[:&gt;:]]/
/^Received:.* +by +(porcupine\.org)\b/
reject forged mail server name in Received: header: $1
endif
/^Message-ID:.* &lt;!&amp;!/ DUNNO
@ -196,7 +199,7 @@ patterns like this: </p>
reject forged client name in Received: header: $1
/^[&gt; ]*Received: +from +[^ ]+ +\(([^ ]+ +[he]+lo=|[he]+lo +)(porcupine\.org)\)/
reject forged client name in Received: header: $2
/^[&gt; ]*Received:.* +by +(porcupine\.org)[[:&gt;:]]/
/^[&gt; ]*Received:.* +by +(porcupine\.org)\b/
reject forged mail server name in Received: header: $1
endif
/^[&gt; ]*Message-ID:.* &lt;!&amp;!/ DUNNO
@ -209,6 +212,9 @@ patterns like this: </p>
<ul>
<li> <p> The example uses pcre: tables mainly for speed; with minor
modifications, you can use regexp: tables as explained below. </p>
<li> <p> The example is simplified for educational purposes. In
reality my patterns list multiple domain names, as
"<tt>(domain|domain|...)</tt>". </p>
@ -220,9 +226,10 @@ the "<tt>\</tt>", the "<tt>.</tt>" would match any character. </p>
and "<tt>)</tt>" literally. Without the "<tt>\</tt>", the "<tt>(</tt>"
and "<tt>)</tt>" would be grouping operators. </p>
<li> <p> The "<tt>[[:&gt;:]]</tt>" matches the end of a word. On
some systems you should specify "<tt>\&gt;</tt>" instead. For details
see your system documentation. </p>
<li> <p> The "<tt>\b</tt>" is used here to match the end of a word.
If you use regexp: tables, specify "<tt>[[:&gt;:]]</tt>" (on some
systems you should specify "<tt>\&gt;</tt>" instead; for details
see your system documentation).
<li> <p> The "if /pattern/" and "endif" eliminate unnecessary
matching attempts. DO NOT indent lines starting with /pattern/
@ -311,15 +318,15 @@ and is very easy to stop.
<blockquote>
<pre>
/etc/postfix/main.cf:
header_checks = regexp:/etc/postfix/header_checks
body_checks = regexp:/etc/postfix/body_checks
header_checks = pcre:/etc/postfix/header_checks
body_checks = pcre:/etc/postfix/body_checks
/etc/postfix/header_checks:
/^(From|Return-Path):.*[[:&lt;:]](user@domain\.tld)[[:&gt;:]]/
/^(From|Return-Path):.*\b(user@domain\.tld)\b/
reject forged sender address in $1: header: $2
/etc/postfix/body_checks:
/^[&gt; ]*(From|Return-Path):.*[[:&lt;:]](user@domain\.tld)[[:&gt;:]]/
/^[&gt; ]*(From|Return-Path):.*\b(user@domain\.tld)\b/
reject forged sender address in $1: header: $2
</pre>
</blockquote>
@ -328,14 +335,18 @@ and is very easy to stop.
<ul>
<li> <p> The example uses pcre: tables mainly for speed; with minor
modifications, you can use regexp: tables as explained below. </p>
<li> <p> The example is simplified for educational purposes. In
reality, my patterns list multiple email addresses as
"<tt>(user1@domain1\.tld|user2@domain2\.tld)</tt>". </p>
<li> <p> The "<tt>[[:&lt;:]]</tt>" and "<tt>[[:&gt;:]]</tt>" match
the beginning and end of a word, respectively. On some systems you
should specify "<tt>\&lt;</tt>" and "<tt>\&gt;</tt>" instead. For
details see your system documentation. </p>
<li> <p> The two "<tt>\b</tt>" as used in "<tt>\b(user@domain\.tld)\b</tt>"
match the beginning and end of a word, respectively. If you use
regexp: tables, specify "<tt>[[:&lt;:]]</tt> and <tt>[[:&gt;:]]</tt>"
(on some systems you should specify "<tt>\&lt;</tt> and <tt>\&gt;</tt>"
instead; for details see your system documentation). </p>
<li> <p> The "<tt>\.</tt>" matches "<tt>.</tt>" literally. Without
the "<tt>\</tt>", the "<tt>.</tt>" would match any character. </p>

11
postfix/proto/OVERVIEW.html
View File

@ -460,12 +460,13 @@ bgcolor="#f0f0ff"> <br> smtpd(8)<br><br> </td> <td> <tt> &lt;-&gt;
</table>
<li> <p> The bounce(8), defer(8) and trace(8) servers each maintain
their own queue directory trees with per-message logfiles. This
information is used to send delivery or non-delivery notifications
to the sender. </p>
<li> <p> The bounce(8), defer(8) and trace(8) services each maintain
their own queue directory trees with per-message logfiles. Postfix
uses this information when sending "failed", "delayed" or "success"
delivery status notifications to the sender. </p>
<p> The trace(8) service implements support for the Postfix "sendmail
<p> The trace(8) service also implements support for the Postfix
"sendmail
-bv" and "sendmail -v" commands which produce reports about how
Postfix delivers mail, and is available with Postfix version 2.1
and later. See <a href="DEBUG_README.html#trace_mail"> DEBUG_README

15
postfix/proto/header_checks
View File

@ -4,17 +4,15 @@
# SUMMARY
# Postfix built-in content inspection
# SYNOPSIS
# .nf
# \fBheader_checks = pcre:/etc/postfix/header_checks\fR
# .br
# \fBmime_header_checks = pcre:/etc/postfix/mime_header_checks\fR
# .br
# \fBnested_header_checks = pcre:/etc/postfix/nested_header_checks\fR
# .br
# \fBbody_checks = pcre:/etc/postfix/body_checks\fR
# .sp
# \fBpostmap -q "\fIstring\fB" pcre:/etc/postfix/\fIfilename\fR
# .br
# \fBpostmap -q - pcre:/etc/postfix/\fIfilename\fR <\fIinputfile\fR
# .fi
# DESCRIPTION
# This document describes access control on the content of
# message headers and message body lines; it is implemented
@ -60,6 +58,13 @@
# Note: message headers are examined one logical header at a time,
# even when a message header spans multiple lines. Body lines are
# always examined one line at a time.
# COMPATIBILITY
# .ad
# .fi
# With Postfix version 2.2 and earlier specify "\fBpostmap
# -fq\fR" to query a table that contains case sensitive
# patterns. By default, regexp: and pcre: patterns are case
# insensitive.
# TABLE FORMAT
# .ad
# .fi
@ -284,7 +289,7 @@
# to the next line.
# .IP \(bu
# If text in the message body is encoded
# (RFC 2045) then the rules have to specified for the encoded
# (RFC 2045) then the rules need to be specified for the encoded
# form.
# .IP \(bu
# Likewise, when message headers are encoded (RFC

4
postfix/src/global/mail_version.h
View File

@ -20,8 +20,8 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
#define MAIL_RELEASE_DATE "20070327"
#define MAIL_VERSION_NUMBER "2.4.0-RC10"
#define MAIL_RELEASE_DATE "20070328"
#define MAIL_VERSION_NUMBER "2.4.0"
#ifdef SNAPSHOT
# define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE