mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-22 01:49:47 +00:00
Code Issues Releases Wiki Activity

postfix-3.10-20241202

Browse Source
This commit is contained in:
Wietse Z Venema 2024-12-02 00:00:00 -05:00 committed by Viktor Dukhovni
parent 1099dd6b49
commit 45b1555c81
26 changed files with 461 additions and 295 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
postfix/HISTORY
View File

@ -28582,3 +28582,58 @@ Apologies for any names omitted.
instead of a message buffer and length. This is in preparation
for unix-dgram support in a spawn(8)-like service. Files:
master/dgram_server.c, master/mail_server.h, postlogd/postlogd.c.
20241122
Documentation: updated the LOCAL_RECIPIENT_README text, and
pointed there from the local_recipient_maps description in
postconf(5). Files: proto/LOCAL_RECIPIENT_README.html,
proto/postconf.proto.
20241127
Documentation: default_delivery_status_filter text. File:
proto/postconf.proto.
Documentation: support to convert superscripts in postconf.proto
manpage text from HTML to *roff. The result is a compromise:
vertical motion (\v'expr') works with groff, but not with
the newer mandoc and with the older UNIX nroff. So we use
^ instead. Files: mantools/fixman, mantools/postconf2man,
proto/postconf.proto.
20241129
Bugfix (introduced: on or before 19891104): the manpage
extractor mis-formatted titles with multiple names. File:
mantools/srctoman.
20241130
Bugfix (defect introduced: 19991230): the spawn daemon
failed to enforce the command time limit. It was sending
the SIGKILL signal using the wrong effective UID and GID.
The pipe daemon has always done this right. File:
util/spawn_command.c.
20241201
Bugfix (defect introduced Postfix 3.0). Missing UTF8
autodetection for headers that are automatically generated
by Postfix (for example, a From: header with UTF8 full name
information from the password file). Reported by Michael
Tokarev. File: src/cleanup/cleanup_message.c.
20241202
Cleanup: don't leak parent directory information into
documentation checks. File: mantools/dehtml.
Documentation: reverted a breaking change made 20241122.
File: html/Makefile.in.
Documentation: revised spawn(8) manpage text. This is all
that remains of a failed experiment to implement a
datagram-based spawn(8) service. It was too difficult to
enforce that processes terminate as expected after "postfix
reload" etc. File: spawn/spawn.c.

71
postfix/README_FILES/LOCAL_RECIPIENT_README
View File

@ -21,7 +21,7 @@ recipients correctly.
* Configuring local_recipient_maps in main.cf
* When you need to change the local_recipient_maps setting in main.cf
* Local recipient table format
* Local recipient table query format
CCoonnffiigguurriinngg llooccaall__rreecciippiieenntt__mmaappss iinn mmaaiinn..ccff
@ -30,11 +30,13 @@ addresses of local recipients. A recipient address is local when its domain
matches $mydestination, $inet_interfaces or $proxy_interfaces. If a local
username or address is not listed in $local_recipient_maps, then the Postfix
SMTP server will reject the address with "User unknown in local recipient
table". Other Postfix interfaces may still accept an "unknown" recipient.
table". Other interfaces such as the Postfix sendmail(1) command may still
accept an "unknown" recipient.
The default setting, shown below, assumes that you use the default Postfix
local(8) delivery agent for local delivery, where recipients are either UNIX
accounts or local aliases:
accounts (typically, in /etc/passwd) or local aliases (typically, in /etc/
aliases):
/etc/postfix/main.cf:
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
@ -67,19 +69,19 @@ WWhheenn yyoouu nneeeedd ttoo cchhaannggee tthhee llooc
local_transport = virtual
local_recipient_maps = $virtual_mailbox_maps
If you use a different delivery agent for $mydestination etc. domains, see
the section "Local recipient table format" below for a description of how
the table should be populated.
If you don't use the local(8) or virtual(8) delivery agent for
$mydestination etc. domains, see the section "Local recipient table format"
below for a description of how the table should be populated.
* Problem: you use the mailbox_transport or fallback_transport feature of the
Postfix local(8) delivery agent in order to deliver mail to non-UNIX
accounts.
recipients.
Solution: you need to add the database that lists the non-UNIX users:
Solution: you need to add the database that lists the non-UNIX recipients:
/etc/postfix/main.cf
local_recipient_maps = proxy:unix:passwd.byname, $alias_maps,
<the database with non-UNIX accounts>
<the database with non-UNIX recipients>
See the section "Local recipient table format" below for a description of
how the table should be populated.
@ -88,30 +90,49 @@ WWhheenn yyoouu nneeeedd ttoo cchhaannggee tthhee llooc
agent.
Solution: you must disable the local_recipient_maps feature completely, so
that Postfix accepts mail for all local addresses:
that the Postfix SMTP server accepts mail for all local addresses:
/etc/postfix/main.cf
local_recipient_maps =
LLooccaall rreecciippiieenntt ttaabbllee ffoorrmmaatt
LLooccaall rreecciippiieenntt ttaabbllee qquueerryy ffoorrmmaatt
If you use local files in postmap(1) format, then local_recipient_maps expects
the following table format:
If local_recipient_maps specifies local files, such as files in postmap(1) or
postalias(1) format, then the Postfix SMTP server generates the following
queries:
* In the left-hand side, specify a bare username, an "@domain.tld" wild-card,
or specify a complete "user@domain.tld" address.
* The full recipient address. This query supports a non-default
local_transport setting with a delivery agent such as lmtp(8) or virtual
(8). See "Configuring local_recipient_maps in main.cf: for additional
guidance for what lookup tables to specify.
* You have to specify something on the right-hand side of the table, but the
value is ignored by local_recipient_maps.
* The recipient address local-part. This query supports the default
local_transport setting with the UNIX-compatible local(8) delivery agent;
the Postfix SMTP server makes this query only when the recipient domain
matches $mydestination, $inet_interfaces or $proxy_interfaces.
If you use lookup tables based on NIS, LDAP, MYSQL, or PGSQL, then
local_recipient_maps does the same queries as for local files in postmap(1)
format, and expects the same results.
* The recipient @domain. This query supports a non-default local_transport
setting with a delivery agent such as virtual(8); it is a wildcard for
domains that do not have a valid recipient list.
With regular expression tables, Postfix only queries with the full recipient
address, and not with the bare username or the "@domain.tld" wild-card.
NOTES:
NOTE: a lookup table should always return a result when the address exists, and
should always return "not found" when the address does not exist. In
particular, a zero-length result does not count as a "not found" result.
* A lookup table should return a non-empty result when the address exists,
and should return "not found" when the address does not exist. In
particular, a zero-length (empty) result does not count as a "not found"
result.
* When local_recipient_maps specifies a lookup table based on ldap:,
memcache:, mongodb:, mysql:, pgsql:, sqlite:, or other external database,
then the Postfix SMTP server queries that lookup table with the same
queries as described at the start of this section, and expects the same
results.
* To suppress lookups for the local-part and the @domain wild-card, specify
the ddoommaaiinn setting in a Postfix ldap:, memcache:, mongodb:, mysql:, pgsql:,
sqlite:, etc., database client configuration file.
* When local_recipient_maps specifies a lookup table based on pcre:, regexp:,
socketmap: or tcp:, Postfix queries that table only with the full recipient
address, and not with the local-part or the @domain wild-card.

4
postfix/WISHLIST
View File

@ -2,6 +2,8 @@ Wish list:
Things to do before the stable release:
Make the spawn_command fix conditional on compatibility_level.
make pre-release-check, HTML validator check.
Disable -DSNAPSHOT and -DNONPROD in makedefs.
@ -16,6 +18,8 @@ Wish list:
relay_recipient_maps empty should default to 'no valid
recipients'. Subject to compatibility level.
In mantools/postlink, allow newline etc. in "<a href".
Add an option for a TLSRPT built-in JSON generator. This
would simplify TLSRPT adoption by eliminating a build-time
and run-time dependency on the libtlsrpt client library.

82
postfix/html/LOCAL_RECIPIENT_README.html
View File

@ -45,7 +45,7 @@ in main.cf</a>
<li><a href="#change">When you need to change the local_recipient_maps
setting in main.cf</a>
<li><a href="#format">Local recipient table format </a>
<li><a href="#format">Local recipient table query format </a>
</ul>
@ -58,11 +58,13 @@ local when its domain matches $<a href="postconf.5.html#mydestination">mydestina
$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. If a local username or address is not listed in
$<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>, then the Postfix SMTP server will reject
the address with "User unknown in local recipient table". Other
Postfix interfaces may still accept an "unknown" recipient. </p>
interfaces such as the Postfix <a href="sendmail.1.html">sendmail(1)</a> command may still accept
an "unknown" recipient. </p>
<p> The default setting, shown below, assumes that you use the
default Postfix <a href="local.8.html">local(8)</a> delivery agent for local delivery, where
recipients are either UNIX accounts or local aliases: </p>
recipients are either UNIX accounts (typically, in /etc/passwd) or
local aliases (typically, in /etc/aliases): </p>
<blockquote>
<pre>
@ -112,22 +114,23 @@ setting in main.cf</a></h2>
<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> = $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>
</pre>
<p> If you use a different delivery agent for $<a href="postconf.5.html#mydestination">mydestination</a>
<p> If you don't use the <a href="local.8.html">local(8)</a> or <a href="virtual.8.html">virtual(8)</a> delivery agent
for $<a href="postconf.5.html#mydestination">mydestination</a>
etc. domains, see the section "<a href="#format">Local recipient
table format</a>" below for a description of how the table
should be populated. </p>
<li> <p> Problem: you use the <a href="postconf.5.html#mailbox_transport">mailbox_transport</a> or <a href="postconf.5.html#fallback_transport">fallback_transport</a>
feature of the Postfix <a href="local.8.html">local(8)</a> delivery agent in order to
deliver mail to non-UNIX accounts. </p>
deliver mail to non-UNIX recipients. </p>
<p> Solution: you need to add the database that lists the
non-UNIX users: </p>
non-UNIX recipients: </p>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>
<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> = <a href="proxymap.8.html">proxy</a>:unix:passwd.byname, $<a href="postconf.5.html#alias_maps">alias_maps</a>,
&lt;the database with non-UNIX accounts&gt;
&lt;the database with non-UNIX recipients&gt;
</pre>
<p> See the section "<a href="#format">Local recipient table
@ -138,8 +141,8 @@ setting in main.cf</a></h2>
local delivery agent. </p>
<p> Solution: you must disable the <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> feature
completely, so that Postfix accepts mail for all local addresses:
</p>
completely, so that the Postfix SMTP server accepts mail for
all local addresses: </p>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>
@ -148,34 +151,59 @@ setting in main.cf</a></h2>
</ul>
<h2><a name="format">Local recipient table format</a> </h2>
<h2><a name="format">Local recipient table query format</a> </h2>
<p> If you use local files in <a href="postmap.1.html">postmap(1)</a> format, then
<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> expects the following table format: </p>
<p> If <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> specifies local files, such as files in
<a href="postmap.1.html">postmap(1)</a> or <a href="postalias.1.html">postalias(1)</a> format, then the Postfix SMTP server
generates the following queries: </p>
<ul>
<li> <p> In the left-hand side, specify a bare username, an
"@domain.tld" wild-card, or specify a complete "user@domain.tld"
address. </p>
<li> <p> The full recipient address. This query supports a non-default
<a href="postconf.5.html#local_transport">local_transport</a> setting with a delivery agent such as <a href="lmtp.8.html">lmtp(8)</a> or
virtual(8). See "<a href="#main_config">Configuring local_recipient_maps
in main.cf</a>: for additional guidance for what lookup tables to
specify. </p>
<li> <p> You have to specify something on the right-hand side of
the table, but the value is ignored by <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>.
<li> <p> The recipient address local-part. This query supports the
default <a href="postconf.5.html#local_transport">local_transport</a> setting with the UNIX-compatible <a href="local.8.html">local(8)</a>
delivery agent; the Postfix SMTP server makes this query only when
the recipient domain matches $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or
$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. </p>
<li> <p> The recipient @domain. This query supports a non-default
<a href="postconf.5.html#local_transport">local_transport</a> setting with a delivery agent such as <a href="virtual.8.html">virtual(8)</a>;
it is a wildcard for domains that do not have a valid recipient
list. </p>
</ul>
<p> If you use lookup tables based on NIS, LDAP, MYSQL, or PGSQL,
then <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> does the same queries as for local files
in <a href="postmap.1.html">postmap(1)</a> format, and expects the same results. </p>
<p> NOTES: </p>
<p> With regular expression tables, Postfix only queries with the
full recipient address, and not with the bare username or the
"@domain.tld" wild-card. </p>
<ul>
<p> NOTE: a lookup table should always return a result when the address
exists, and should always return "not found" when the address does
not exist. In particular, a zero-length result does not count as
a "not found" result. </p>
<li> <p> A lookup table should return a non-empty result when the
address exists, and should return "not found" when the address does
not exist. In particular, a zero-length (empty) result does not
count as a "not found" result. </p>
<li> <p> When <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> specifies a lookup table based
on <a href="ldap_table.5.html">ldap</a>:, <a href="memcache_table.5.html">memcache</a>:, <a href="mongodb_table.5.html">mongodb</a>:, <a href="mysql_table.5.html">mysql</a>:, <a href="pgsql_table.5.html">pgsql</a>:, <a href="sqlite_table.5.html">sqlite</a>:, or other
external database, then the Postfix SMTP server queries that lookup
table with the same queries as described at the start of this
section, and expects the same results. </p>
<li> <p> To suppress lookups for the <i>local-part</i> and the
<i>@domain</i> wild-card, specify the <b>domain</b> setting in a
Postfix <a href="ldap_table.5.html">ldap</a>:, <a href="memcache_table.5.html">memcache</a>:, <a href="mongodb_table.5.html">mongodb</a>:, <a href="mysql_table.5.html">mysql</a>:, <a href="pgsql_table.5.html">pgsql</a>:, <a href="sqlite_table.5.html">sqlite</a>:, etc.,
database client configuration file. </p>
<li> <p> When <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> specifies a lookup table based
on <a href="pcre_table.5.html">pcre</a>:, <a href="regexp_table.5.html">regexp</a>:, <a href="socketmap_table.html">socketmap</a>: or <a href="tcp_table.5.html">tcp</a>:, Postfix queries that table
only with the full recipient address, and not with the <i>local-part</i>
or the <i>@domain</i> wild-card. </p>
</ul>
</body>

3
postfix/html/Makefile.in
View File

@ -38,7 +38,8 @@ tidy: clean
clobber:
rm -f $(DAEMONS) $(COMMANDS) $(CONFIG)
$(DAEMONS) $(COMMANDS) $(CONFIG): ../mantools/man2html
# The following would add man2html to $? in rules for individual files.
#$(DAEMONS) $(COMMANDS) $(CONFIG): ../mantools/man2html
index.html: ../proto/index.html
cp $? $@

6
postfix/html/lmtp.8.html
View File

@ -5,7 +5,7 @@
<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
<title> Postfix manual - smtp(8) </title>
</head> <body> <pre>
SMTP,(LMTP) SMTP,(LMTP)
SMTP(8) SMTP(8)
<b><a name="name">NAME</a></b>
smtp, lmtp - Postfix SMTP+LMTP client
@ -979,7 +979,7 @@ SMTP,(LMTP) SMTP,(LMTP)
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
The maximal number of digits after the decimal point when log-
ging sub-second delay values.
ging delay values.
<b><a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> (no)</b>
Disable DNS lookups in the Postfix SMTP and LMTP clients.
@ -1153,5 +1153,5 @@ SMTP,(LMTP) SMTP,(LMTP)
Victor Duchovni
Morgan Stanley
8 SMTP,(LMTP)
SMTP(8)
</pre> </body> </html>

89
postfix/html/postconf.5.html
View File

@ -2143,10 +2143,13 @@ name of the message delivery transport.
<DT><b><a name="default_delivery_status_filter">default_delivery_status_filter</a>
(default: empty)</b></DT><DD>
<p> Optional filter to replace the delivery status code or explanatory
text of successful or unsuccessful deliveries. This does not allow
<p> Optional filter in Postfix delivery agents, to replace the
delivery status code or explanatory text of successful or unsuccessful
deliveries. This allows the replacement of a temporary error status
code (4.X.X) with a permanent error status code (5.X.X) or vice
versa, but does not allow
the replacement of a successful status code (2.X.X) with an
unsuccessful status code (4.X.X or 5.X.X) or vice versa. </p>
unsuccessful status code (4.X.X or 5.X.X) or vice versa. </p>
<p> Note: the (smtp|lmtp)_delivery_status_filter is applied only
once per recipient: when delivery is successful, when delivery is
@ -2916,18 +2919,21 @@ Example:
(default: 2)</b></DT><DD>
<p> The maximal number of digits after the decimal point when logging
sub-second delay values. Specify a number in the range 0..6. </p>
delay values. Specify a number in the range 0..6. </p>
<p> To improve readability, delays are logged with only a limited
number of significant digits: </p>
<ul>
<li> <p> Delays &ge; 100s are rounded off to an integral number of
seconds. </p>
<li> Delays &ge; 100s are rounded off to an integral number of
seconds.
<li> <p> Delays &lt; 10^-$<a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> are
rounded off to "0". </p>
<li> Delays &lt; 10<sup>-$<a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a></sup> are
rounded off to "0".
<li> <p> Other delays are rounded off to two significant digits,
or fewer if the result would exceed the delay_resolution_limit. </p>
<li> Other delays are rounded off to two significant digits, or
fewer if the result would exceed the <a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a>.
</ul>
@ -6271,13 +6277,31 @@ match. </dd>
<DT><b><a name="local_recipient_maps">local_recipient_maps</a>
(default: <a href="proxymap.8.html">proxy</a>:unix:passwd.byname $<a href="postconf.5.html#alias_maps">alias_maps</a>)</b></DT><DD>
<p> Lookup tables with all names or addresses of local recipients:
a recipient address is local when its domain matches $<a href="postconf.5.html#mydestination">mydestination</a>,
$<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. Specify @domain as a
wild-card for domains that do not have a valid recipient list.
<p> Lookup tables with all names or addresses of valid local
recipients. A recipient address is local when its domain matches
$<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. </p>
<p> If the <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> parameter value is non-empty (the
default), then the Postfix SMTP server queries <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>
as specified in "<a href="LOCAL_RECIPIENT_README.html#format">Local
recipient table query format</a>", and rejects mail for unknown
local recipients. Other Postfix interfaces such as the Postfix
<a href="sendmail.1.html">sendmail(1)</a> command may still accept an "unknown" recipient. </p>
<p> The default <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> setting assumes that <a href="postconf.5.html#local_transport">local_transport</a>
specifies the UNIX-compatible <a href="local.8.html">local(8)</a> delivery agent which queries
the UNIX passwd database (typically, /etc.passwd) and the local
aliases database (typically, /etc/aliases). The <a href="proxymap.8.html">proxy</a>: agent allows
the Postfix SMTP server to access the UNIX passwd database from
outside a chroot jail. </p>
<p> For other local mail delivery configurations, see "<a href="LOCAL_RECIPIENT_README.html#change">When you need to
change the local_recipient_maps setting in main.cf</a>". </p>
<p>
Technically, tables listed with $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> are used as
lists: Postfix needs to know only if a lookup string is found or
not, but it does not use the result from table lookup. </p>
lists: The Postfix SMTP server needs to know only if a lookup string
is found or not, but it does not use the result from table lookup. </p>
<p>
Specify zero or more "type:name" lookup tables, separated by
@ -6285,44 +6309,11 @@ whitespace or comma. Tables will be searched in the specified order
until a match is found.
</p>
<p>
If this parameter is non-empty (the default), then the Postfix SMTP
server will reject mail for unknown local users. Other Postfix
interfaces may still accept an "unknown" recipient. </p>
<p>
To turn off local recipient checking in the Postfix SMTP server,
specify "<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> =" (i.e. empty).
</p>
<p>
The default setting assumes that you use the default Postfix local
delivery agent for local delivery. You need to update the
<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> setting if:
</p>
<ul>
<li>You redefine the local delivery agent in <a href="master.5.html">master.cf</a>.
<li>You redefine the "<a href="postconf.5.html#local_transport">local_transport</a>" setting in <a href="postconf.5.html">main.cf</a>.
<li>You use the "<a href="postconf.5.html#luser_relay">luser_relay</a>", "<a href="postconf.5.html#mailbox_transport">mailbox_transport</a>", or "<a href="postconf.5.html#fallback_transport">fallback_transport</a>"
feature of the Postfix <a href="local.8.html">local(8)</a> delivery agent.
</ul>
<p>
Details are described in the <a href="LOCAL_RECIPIENT_README.html">LOCAL_RECIPIENT_README</a> file.
</p>
<p>
Beware: if the Postfix SMTP server runs chrooted, you need to access
the passwd file via the <a href="proxymap.8.html">proxymap(8)</a> service, in order to overcome
chroot access restrictions. The alternative, maintaining a copy of
the system password file in the chroot jail is not practical.
</p>
<p>
Examples:
</p>

6
postfix/html/smtp.8.html
View File

@ -5,7 +5,7 @@
<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
<title> Postfix manual - smtp(8) </title>
</head> <body> <pre>
SMTP,(LMTP) SMTP,(LMTP)
SMTP(8) SMTP(8)
<b><a name="name">NAME</a></b>
smtp, lmtp - Postfix SMTP+LMTP client
@ -979,7 +979,7 @@ SMTP,(LMTP) SMTP,(LMTP)
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
The maximal number of digits after the decimal point when log-
ging sub-second delay values.
ging delay values.
<b><a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> (no)</b>
Disable DNS lookups in the Postfix SMTP and LMTP clients.
@ -1153,5 +1153,5 @@ SMTP,(LMTP) SMTP,(LMTP)
Victor Duchovni
Morgan Stanley
8 SMTP,(LMTP)
SMTP(8)
</pre> </body> </html>

45
postfix/html/spawn.8.html
View File

@ -14,15 +14,21 @@ SPAWN(8) SPAWN(8)
<b>spawn</b> [generic Postfix daemon options] command_attributes...
<b><a name="description">DESCRIPTION</a></b>
The <a href="spawn.8.html"><b>spawn</b>(8)</a> daemon provides the Postfix equivalent of <b>inetd</b>. It lis-
tens on a port as specified in the Postfix <a href="master.5.html"><b>master.cf</b></a> file and spawns an
external command whenever a connection is established. The connection
can be made over local IPC (such as UNIX-domain sockets) or over
non-local IPC (such as TCP sockets). The command's standard input,
output and error streams are connected directly to the communication
endpoint.
The <a href="spawn.8.html"><b>spawn</b>(8)</a> daemon monitors a TCP or UNIX-domain stream socket, con-
figured in <a href="master.5.html"><b>master.cf</b></a> with a service type <b>inet</b> or <b>unix</b>.
This daemon expects to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
This daemon spawns an external command whenever a connection is estab-
lished, with the standard input, output and error file descriptors con-
nected to the remote client.
The command process is subject to the time limit specified with the
parameter <a href="postconf.5.html#transport_time_limit"><i>transport</i>_time_limit</a> (default: <a href="postconf.5.html#command_time_limit">command_time_limit</a>) where
<i>transport</i> equals the service name field in <a href="master.5.html">master.cf</a>. A process that
exceeds the time limit will receive a SIGKILL signal.
The <a href="spawn.8.html"><b>spawn</b>(8)</a> daemon service typically has a process limit &gt; 1 in its
<a href="master.5.html"><b>master.cf</b></a> service definition, so that the number of processes can scale
with demand.
<b><a name="command_attribute_syntax">COMMAND ATTRIBUTE SYNTAX</a></b>
The external command attributes are given in the <a href="master.5.html"><b>master.cf</b></a> file at the
@ -43,23 +49,24 @@ SPAWN(8) SPAWN(8)
out interpretation of shell meta characters by a shell command
interpreter.
<b><a name="bugs">BUGS</a></b>
In order to enforce standard Postfix process resource controls, each
<a href="spawn.8.html"><b>spawn</b>(8)</a> daemon process runs only one external command, and blocks
until the command terminates or a time limit is reached. As such, it
presents a noticeable overhead by wasting precious process resources.
The <a href="spawn.8.html"><b>spawn</b>(8)</a> daemon is expected to be replaced by a more structural
solution.
If a command argument must contain whitespace, or if a command
argument must begin with "{", enclose the argument with "{" and
"}". This form will ignore whitespace after the outer "{" and
before the outer "}". Example:
argv=/bin/sh -c { shell syntax here }
<b><a name="diagnostics">DIAGNOSTICS</a></b>
The <a href="spawn.8.html"><b>spawn</b>(8)</a> daemon reports abnormal child exits. Problems are logged
to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
<b><a name="security">SECURITY</a></b>
This program needs root privilege in order to execute external commands
as the specified user. It is therefore security sensitive. However the
<a href="spawn.8.html"><b>spawn</b>(8)</a> daemon does not talk to the external command and thus is not
vulnerable to data-driven attacks.
The <a href="spawn.8.html"><b>spawn</b>(8)</a> daemon needs root privilege in order to execute external
commands as the specified user. It is therefore security sensitive.
However, the <a href="spawn.8.html"><b>spawn</b>(8)</a> daemon does not receive data from or about ser-
vice clients or external commands, and thus is not vulnerable to
data-driven attacks.
<b><a name="configuration_parameters">CONFIGURATION PARAMETERS</a></b>
Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically as <a href="spawn.8.html"><b>spawn</b>(8)</a> processes

68
postfix/man/man5/postconf.5
View File

@ -1302,8 +1302,11 @@ Use \fItransport\fR_delivery_slot_loan to specify a
transport\-specific override, where \fItransport\fR is the master.cf
name of the message delivery transport.
.SH default_delivery_status_filter (default: empty)
Optional filter to replace the delivery status code or explanatory
text of successful or unsuccessful deliveries. This does not allow
Optional filter in Postfix delivery agents, to replace the
delivery status code or explanatory text of successful or unsuccessful
deliveries. This allows the replacement of a temporary error status
code (4.X.X) with a permanent error status code (5.X.X) or vice
versa, but does not allow
the replacement of a successful status code (2.X.X) with an
unsuccessful status code (4.X.X or 5.X.X) or vice versa.
.PP
@ -1843,7 +1846,10 @@ defer_transports = smtp
.ad
.SH delay_logging_resolution_limit (default: 2)
The maximal number of digits after the decimal point when logging
sub\-second delay values. Specify a number in the range 0..6.
delay values. Specify a number in the range 0..6.
.PP
To improve readability, delays are logged with only a limited
number of significant digits:
.IP \(bu
Delays >= 100s are rounded off to an integral number of
seconds.
@ -1851,8 +1857,8 @@ seconds.
Delays < 10^\-$delay_logging_resolution_limit are
rounded off to "0".
.IP \(bu
Other delays are rounded off to two significant digits,
or fewer if the result would exceed the delay_resolution_limit.
Other delays are rounded off to two significant digits, or
fewer if the result would exceed the delay_logging_resolution_limit.
.br
.PP
The format of the "delays=a/b/c/d" logging is as follows:
@ -3798,44 +3804,38 @@ Examples:
.PP
This feature is available in Postfix 3.6 and later.
.SH local_recipient_maps (default: proxy:unix:passwd.byname $alias_maps)
Lookup tables with all names or addresses of local recipients:
a recipient address is local when its domain matches $mydestination,
$inet_interfaces or $proxy_interfaces. Specify @domain as a
wild\-card for domains that do not have a valid recipient list.
Lookup tables with all names or addresses of valid local
recipients. A recipient address is local when its domain matches
$mydestination, $inet_interfaces or $proxy_interfaces.
.PP
If the local_recipient_maps parameter value is non\-empty (the
default), then the Postfix SMTP server queries local_recipient_maps
as specified in "Local
recipient table query format", and rejects mail for unknown
local recipients. Other Postfix interfaces such as the Postfix
\fBsendmail\fR(1) command may still accept an "unknown" recipient.
.PP
The default local_recipient_maps setting assumes that local_transport
specifies the UNIX\-compatible \fBlocal\fR(8) delivery agent which queries
the UNIX passwd database (typically, /etc.passwd) and the local
aliases database (typically, /etc/aliases). The proxy: agent allows
the Postfix SMTP server to access the UNIX passwd database from
outside a chroot jail.
.PP
For other local mail delivery configurations, see "When you need to
change the local_recipient_maps setting in main.cf".
.PP
Technically, tables listed with $local_recipient_maps are used as
lists: Postfix needs to know only if a lookup string is found or
not, but it does not use the result from table lookup.
lists: The Postfix SMTP server needs to know only if a lookup string
is found or not, but it does not use the result from table lookup.
.PP
Specify zero or more "type:name" lookup tables, separated by
whitespace or comma. Tables will be searched in the specified order
until a match is found.
.PP
If this parameter is non\-empty (the default), then the Postfix SMTP
server will reject mail for unknown local users. Other Postfix
interfaces may still accept an "unknown" recipient.
.PP
To turn off local recipient checking in the Postfix SMTP server,
specify "local_recipient_maps =" (i.e. empty).
.PP
The default setting assumes that you use the default Postfix local
delivery agent for local delivery. You need to update the
local_recipient_maps setting if:
.IP \(bu
You redefine the local delivery agent in master.cf.
.IP \(bu
You redefine the "local_transport" setting in main.cf.
.IP \(bu
You use the "luser_relay", "mailbox_transport", or "fallback_transport"
feature of the Postfix \fBlocal\fR(8) delivery agent.
.br
.PP
Details are described in the LOCAL_RECIPIENT_README file.
.PP
Beware: if the Postfix SMTP server runs chrooted, you need to access
the passwd file via the \fBproxymap\fR(8) service, in order to overcome
chroot access restrictions. The alternative, maintaining a copy of
the system password file in the chroot jail is not practical.
.PP
Examples:
.PP
.nf

4
postfix/man/man8/smtp.8
View File

@ -1,4 +1,4 @@
.TH SMTP, LMTP 8
.TH SMTP 8
.ad
.fi
.SH NAME
@ -874,7 +874,7 @@ How much time a Postfix daemon process may take to handle a
request before it is terminated by a built\-in watchdog timer.
.IP "\fBdelay_logging_resolution_limit (2)\fR"
The maximal number of digits after the decimal point when logging
sub\-second delay values.
delay values.
.IP "\fBdisable_dns_lookups (no)\fR"
Disable DNS lookups in the Postfix SMTP and LMTP clients.
.IP "\fBinet_interfaces (all)\fR"

53
postfix/man/man8/spawn.8
View File

@ -12,17 +12,23 @@ Postfix external command spawner
.SH DESCRIPTION
.ad
.fi
The \fBspawn\fR(8) daemon provides the Postfix equivalent
of \fBinetd\fR.
It listens on a port as specified in the Postfix \fBmaster.cf\fR file
and spawns an external command whenever a connection is established.
The connection can be made over local IPC (such as UNIX\-domain
sockets) or over non\-local IPC (such as TCP sockets).
The command's standard input, output and error streams are connected
directly to the communication endpoint.
The \fBspawn\fR(8) daemon monitors a TCP or UNIX\-domain stream
socket, configured in \fBmaster.cf\fR with a service type
\fBinet\fR or \fBunix\fR.
This daemon expects to be run from the \fBmaster\fR(8) process
manager.
This daemon spawns an external command whenever a connection
is established, with the standard input, output and error file
descriptors connected to the remote client.
The command process is subject to the time limit specified
with the parameter \fItransport\fR_time_limit (default:
command_time_limit) where \fItransport\fR equals the service
name field in master.cf. A process that exceeds the time limit
will receive a SIGKILL signal.
The \fBspawn\fR(8) daemon service typically has a process limit >
1 in its \fBmaster.cf\fR service definition, so that the number
of processes can scale with demand.
.SH "COMMAND ATTRIBUTE SYNTAX"
.na
.nf
@ -43,16 +49,14 @@ The command to be executed. This must be specified as the
last command attribute.
The command is executed directly, i.e. without interpretation of
shell meta characters by a shell command interpreter.
.SH BUGS
.ad
.sp
If a command argument must contain whitespace, or if a command
argument must begin with "{", enclose the argument with "{" and
"}". This form will ignore whitespace after the outer "{" and
before the outer "}". Example:
.sp
.fi
In order to enforce standard Postfix process resource controls,
each \fBspawn\fR(8) daemon process runs only one external
command, and blocks until the command terminates or a time
limit is reached.
As such, it presents a noticeable overhead by wasting precious
process resources. The \fBspawn\fR(8) daemon is expected to be
replaced by a more structural solution.
argv=/bin/sh \-c { shell syntax here }
.SH DIAGNOSTICS
.ad
.fi
@ -63,10 +67,13 @@ Problems are logged to \fBsyslogd\fR(8) or \fBpostlogd\fR(8).
.nf
.fi
.ad
This program needs root privilege in order to execute external
commands as the specified user. It is therefore security sensitive.
However the \fBspawn\fR(8) daemon does not talk to the external command
and thus is not vulnerable to data\-driven attacks.
The \fBspawn\fR(8) daemon needs root privilege in order to
execute external commands as the specified user. It is therefore
security sensitive.
However, the \fBspawn\fR(8) daemon does not receive data from
or about service clients or external commands, and thus is not
vulnerable to data\-driven attacks.
.SH "CONFIGURATION PARAMETERS"
.na
.nf

6
postfix/mantools/dehtml
View File

@ -3,7 +3,7 @@
for i
do
case $i in
/*) lynx -width=256 -dump file://localhost$i;;
*) lynx -width=256 -dump file://localhost`pwd`/$i;;
/*) lynx -width=256 -dump file://$i;;
*) lynx -width=256 -dump file://`pwd`/$i;;
esac
done | grep -v 'file://localhost/'
done | grep -v 'file:///'

2
postfix/mantools/fixman
View File

@ -93,6 +93,8 @@ sub emit_text
$block =~ s/&ge;/>=/g;
$block =~ s/&lt;/</g;
$block =~ s/&gt;/>/g;
$block =~ s/<sup>/^/g;
$block =~ s;</sup>;;g;
# Peep-hole optimizer.
$block =~ s/^\s+//g;

2
postfix/mantools/postconf2man
View File

@ -86,6 +86,8 @@ while(<>) {
$block =~ s/&amp;/\&/g;
$block =~ s/&ndash;/-/g;
$block =~ s/&mdash;/-/g;
$block =~ s/<sup>/^/g;
$block =~ s;</sup>;;g;
$block =~ s/\s+\n/\n/g;
$block =~ s/^\n//g;
$block =~ s/\s*<\s*nroffescape\s+([^ >]+)\s*>\s*/\n\1\n/g;

2
postfix/mantools/srctoman
View File

@ -63,7 +63,9 @@ do
/^NAME[ ]*$/{
N
s/^.*\n'"$B"'[ ]*//
s/[ ]*$//
h
s/,.*\( [0-9][^ ]*\)$/\1/
y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/
s/^.*$/.TH & '"$SECT"'\
.ad\

82
postfix/proto/LOCAL_RECIPIENT_README.html
View File

@ -45,7 +45,7 @@ in main.cf</a>
<li><a href="#change">When you need to change the local_recipient_maps
setting in main.cf</a>
<li><a href="#format">Local recipient table format </a>
<li><a href="#format">Local recipient table query format </a>
</ul>
@ -58,11 +58,13 @@ local when its domain matches $mydestination, $inet_interfaces or
$proxy_interfaces. If a local username or address is not listed in
$local_recipient_maps, then the Postfix SMTP server will reject
the address with "User unknown in local recipient table". Other
Postfix interfaces may still accept an "unknown" recipient. </p>
interfaces such as the Postfix sendmail(1) command may still accept
an "unknown" recipient. </p>
<p> The default setting, shown below, assumes that you use the
default Postfix local(8) delivery agent for local delivery, where
recipients are either UNIX accounts or local aliases: </p>
recipients are either UNIX accounts (typically, in /etc/passwd) or
local aliases (typically, in /etc/aliases): </p>
<blockquote>
<pre>
@ -112,22 +114,23 @@ setting in main.cf</a></h2>
local_recipient_maps = $virtual_mailbox_maps
</pre>
<p> If you use a different delivery agent for $mydestination
<p> If you don't use the local(8) or virtual(8) delivery agent
for $mydestination
etc. domains, see the section "<a href="#format">Local recipient
table format</a>" below for a description of how the table
should be populated. </p>
<li> <p> Problem: you use the mailbox_transport or fallback_transport
feature of the Postfix local(8) delivery agent in order to
deliver mail to non-UNIX accounts. </p>
deliver mail to non-UNIX recipients. </p>
<p> Solution: you need to add the database that lists the
non-UNIX users: </p>
non-UNIX recipients: </p>
<pre>
/etc/postfix/main.cf
local_recipient_maps = proxy:unix:passwd.byname, $alias_maps,
&lt;the database with non-UNIX accounts&gt;
&lt;the database with non-UNIX recipients&gt;
</pre>
<p> See the section "<a href="#format">Local recipient table
@ -138,8 +141,8 @@ setting in main.cf</a></h2>
local delivery agent. </p>
<p> Solution: you must disable the local_recipient_maps feature
completely, so that Postfix accepts mail for all local addresses:
</p>
completely, so that the Postfix SMTP server accepts mail for
all local addresses: </p>
<pre>
/etc/postfix/main.cf
@ -148,34 +151,59 @@ setting in main.cf</a></h2>
</ul>
<h2><a name="format">Local recipient table format</a> </h2>
<h2><a name="format">Local recipient table query format</a> </h2>
<p> If you use local files in postmap(1) format, then
local_recipient_maps expects the following table format: </p>
<p> If local_recipient_maps specifies local files, such as files in
postmap(1) or postalias(1) format, then the Postfix SMTP server
generates the following queries: </p>
<ul>
<li> <p> In the left-hand side, specify a bare username, an
"@domain.tld" wild-card, or specify a complete "user@domain.tld"
address. </p>
<li> <p> The full recipient address. This query supports a non-default
local_transport setting with a delivery agent such as lmtp(8) or
virtual(8). See "<a href="#main_config">Configuring local_recipient_maps
in main.cf</a>: for additional guidance for what lookup tables to
specify. </p>
<li> <p> You have to specify something on the right-hand side of
the table, but the value is ignored by local_recipient_maps.
<li> <p> The recipient address local-part. This query supports the
default local_transport setting with the UNIX-compatible local(8)
delivery agent; the Postfix SMTP server makes this query only when
the recipient domain matches $mydestination, $inet_interfaces or
$proxy_interfaces. </p>
<li> <p> The recipient @domain. This query supports a non-default
local_transport setting with a delivery agent such as virtual(8);
it is a wildcard for domains that do not have a valid recipient
list. </p>
</ul>
<p> If you use lookup tables based on NIS, LDAP, MYSQL, or PGSQL,
then local_recipient_maps does the same queries as for local files
in postmap(1) format, and expects the same results. </p>
<p> NOTES: </p>
<p> With regular expression tables, Postfix only queries with the
full recipient address, and not with the bare username or the
"@domain.tld" wild-card. </p>
<ul>
<p> NOTE: a lookup table should always return a result when the address
exists, and should always return "not found" when the address does
not exist. In particular, a zero-length result does not count as
a "not found" result. </p>
<li> <p> A lookup table should return a non-empty result when the
address exists, and should return "not found" when the address does
not exist. In particular, a zero-length (empty) result does not
count as a "not found" result. </p>
<li> <p> When local_recipient_maps specifies a lookup table based
on ldap:, memcache:, mongodb:, mysql:, pgsql:, sqlite:, or other
external database, then the Postfix SMTP server queries that lookup
table with the same queries as described at the start of this
section, and expects the same results. </p>
<li> <p> To suppress lookups for the <i>local-part</i> and the
<i>@domain</i> wild-card, specify the <b>domain</b> setting in a
Postfix ldap:, memcache:, mongodb:, mysql:, pgsql:, sqlite:, etc.,
database client configuration file. </p>
<li> <p> When local_recipient_maps specifies a lookup table based
on pcre:, regexp:, socketmap: or tcp:, Postfix queries that table
only with the full recipient address, and not with the <i>local-part</i>
or the <i>@domain</i> wild-card. </p>
</ul>
</body>

90
postfix/proto/postconf.proto
View File

@ -2462,13 +2462,32 @@ into concurrency per domain. </p>
%PARAM local_recipient_maps proxy:unix:passwd.byname $alias_maps
<p> Lookup tables with all names or addresses of local recipients:
a recipient address is local when its domain matches $mydestination,
$inet_interfaces or $proxy_interfaces. Specify @domain as a
wild-card for domains that do not have a valid recipient list.
<p> Lookup tables with all names or addresses of valid local
recipients. A recipient address is local when its domain matches
$mydestination, $inet_interfaces or $proxy_interfaces. </p>
<p> If the local_recipient_maps parameter value is non-empty (the
default), then the Postfix SMTP server queries local_recipient_maps
as specified in "<a href="LOCAL_RECIPIENT_README.html#format">Local
recipient table query format</a>", and rejects mail for unknown
local recipients. Other Postfix interfaces such as the Postfix
sendmail(1) command may still accept an "unknown" recipient. </p>
<p> The default local_recipient_maps setting assumes that local_transport
specifies the UNIX-compatible local(8) delivery agent which queries
the UNIX passwd database (typically, /etc.passwd) and the local
aliases database (typically, /etc/aliases). The proxy: agent allows
the Postfix SMTP server to access the UNIX passwd database from
outside a chroot jail. </p>
<p> For other local mail delivery configurations, see <!-- filler
--> "<a href="LOCAL_RECIPIENT_README.html#change">When you need to
change the local_recipient_maps setting in main.cf</a>". </p>
<p>
Technically, tables listed with $local_recipient_maps are used as
lists: Postfix needs to know only if a lookup string is found or
not, but it does not use the result from table lookup. </p>
lists: The Postfix SMTP server needs to know only if a lookup string
is found or not, but it does not use the result from table lookup. </p>
<p>
Specify zero or more "type:name" lookup tables, separated by
@ -2476,44 +2495,11 @@ whitespace or comma. Tables will be searched in the specified order
until a match is found.
</p>
<p>
If this parameter is non-empty (the default), then the Postfix SMTP
server will reject mail for unknown local users. Other Postfix
interfaces may still accept an "unknown" recipient. </p>
<p>
To turn off local recipient checking in the Postfix SMTP server,
specify "local_recipient_maps =" (i.e. empty).
</p>
<p>
The default setting assumes that you use the default Postfix local
delivery agent for local delivery. You need to update the
local_recipient_maps setting if:
</p>
<ul>
<li>You redefine the local delivery agent in master.cf.
<li>You redefine the "local_transport" setting in main.cf.
<li>You use the "luser_relay", "mailbox_transport", or "fallback_transport"
feature of the Postfix local(8) delivery agent.
</ul>
<p>
Details are described in the LOCAL_RECIPIENT_README file.
</p>
<p>
Beware: if the Postfix SMTP server runs chrooted, you need to access
the passwd file via the proxymap(8) service, in order to overcome
chroot access restrictions. The alternative, maintaining a copy of
the system password file in the chroot jail is not practical.
</p>
<p>
Examples:
</p>
@ -10862,18 +10848,21 @@ DNS lookup and increases the maximal inbound delivery rate. </p>
%PARAM delay_logging_resolution_limit 2
<p> The maximal number of digits after the decimal point when logging
sub-second delay values. Specify a number in the range 0..6. </p>
delay values. Specify a number in the range 0..6. </p>
<p> To improve readability, delays are logged with only a limited
number of significant digits: </p>
<ul>
<li> <p> Delays &ge; 100s are rounded off to an integral number of
seconds. </p>
<li> Delays &ge; 100s are rounded off to an integral number of
seconds.
<li> <p> Delays &lt; 10^-$delay_logging_resolution_limit are
rounded off to "0". </p>
<li> Delays &lt; 10<sup>-$delay_logging_resolution_limit</sup> are
rounded off to "0".
<li> <p> Other delays are rounded off to two significant digits,
or fewer if the result would exceed the delay_resolution_limit. </p>
<li> Other delays are rounded off to two significant digits, or
fewer if the result would exceed the delay_logging_resolution_limit.
</ul>
@ -17055,10 +17044,13 @@ later. </p>
%PARAM default_delivery_status_filter
<p> Optional filter to replace the delivery status code or explanatory
text of successful or unsuccessful deliveries. This does not allow
<p> Optional filter in Postfix delivery agents, to replace the
delivery status code or explanatory text of successful or unsuccessful
deliveries. This allows the replacement of a temporary error status
code (4.X.X) with a permanent error status code (5.X.X) or vice
versa, but does not allow
the replacement of a successful status code (2.X.X) with an
unsuccessful status code (4.X.X or 5.X.X) or vice versa. </p>
unsuccessful status code (4.X.X or 5.X.X) or vice versa. </p>
<p> Note: the (smtp|lmtp)_delivery_status_filter is applied only
once per recipient: when delivery is successful, when delivery is

1
postfix/proto/stop.double-history
View File

@ -145,3 +145,4 @@ proto proto socketmap_table qmqpd qmqpd c tls tls_misc c
proto socketmap_table qmqpd qmqpd c tls tls_misc c
a dependency for html html File html Makefile in
master dgram_server c master mail_server h postlogd postlogd c
reload etc File spawn spawn c

5
postfix/proto/stop.spell-history
View File

@ -90,3 +90,8 @@ dereferenced
MEMCACHE
sed
Wayback
fixman
mandoc
v'expr
roff
diffs

10
postfix/src/cleanup/cleanup_message.c
View File

@ -729,8 +729,9 @@ static void cleanup_header_done_callback(void *context)
vstring_sprintf(state->temp1, "%s.%s@%s",
time_stamp, state->queue_id, var_myhostname);
}
cleanup_out_format(state, REC_TYPE_NORM, "%sMessage-Id: <%s>",
state->resent, vstring_str(state->temp1));
vstring_sprintf(state->temp2, "%sMessage-Id: <%s>",
state->resent, vstring_str(state->temp1));
cleanup_out_header(state, state->temp2);
msg_info("%s: %smessage-id=<%s>",
state->queue_id, *state->resent ? "resent-" : "",
vstring_str(state->temp1));
@ -751,8 +752,9 @@ static void cleanup_header_done_callback(void *context)
if ((state->hdr_rewrite_context || var_always_add_hdrs)
&& (state->headers_seen & (1 << (state->resent[0] ?
HDR_RESENT_DATE : HDR_DATE))) == 0) {
cleanup_out_format(state, REC_TYPE_NORM, "%sDate: %s",
vstring_sprintf(state->temp2, "%sDate: %s",
state->resent, mail_date(state->arrival_time.tv_sec));
cleanup_out_header(state, state->temp2);
}
/*
@ -815,7 +817,7 @@ static void cleanup_header_done_callback(void *context)
vstring_sprintf(state->temp2, "%sFrom: %s",
state->resent, vstring_str(state->temp1));
}
CLEANUP_OUT_BUF(state, REC_TYPE_NORM, state->temp2);
cleanup_out_header(state, state->temp2);
}
/*

2
postfix/src/global/mail_version.h
View File

@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
#define MAIL_RELEASE_DATE "20241122"
#define MAIL_RELEASE_DATE "20241202"
#define MAIL_VERSION_NUMBER "3.10"
#ifdef SNAPSHOT

2
postfix/src/smtp/smtp.c
View File

@ -830,7 +830,7 @@
/* request before it is terminated by a built-in watchdog timer.
/* .IP "\fBdelay_logging_resolution_limit (2)\fR"
/* The maximal number of digits after the decimal point when logging
/* sub-second delay values.
/* delay values.
/* .IP "\fBdisable_dns_lookups (no)\fR"
/* Disable DNS lookups in the Postfix SMTP and LMTP clients.
/* .IP "\fBinet_interfaces (all)\fR"

53
postfix/src/spawn/spawn.c
View File

@ -6,17 +6,23 @@
/* SYNOPSIS
/* \fBspawn\fR [generic Postfix daemon options] command_attributes...
/* DESCRIPTION
/* The \fBspawn\fR(8) daemon provides the Postfix equivalent
/* of \fBinetd\fR.
/* It listens on a port as specified in the Postfix \fBmaster.cf\fR file
/* and spawns an external command whenever a connection is established.
/* The connection can be made over local IPC (such as UNIX-domain
/* sockets) or over non-local IPC (such as TCP sockets).
/* The command's standard input, output and error streams are connected
/* directly to the communication endpoint.
/* The \fBspawn\fR(8) daemon monitors a TCP or UNIX-domain stream
/* socket, configured in \fBmaster.cf\fR with a service type
/* \fBinet\fR or \fBunix\fR.
/*
/* This daemon expects to be run from the \fBmaster\fR(8) process
/* manager.
/* This daemon spawns an external command whenever a connection
/* is established, with the standard input, output and error file
/* descriptors connected to the remote client.
/*
/* The command process is subject to the time limit specified
/* with the parameter \fItransport\fR_time_limit (default:
/* command_time_limit) where \fItransport\fR equals the service
/* name field in master.cf. A process that exceeds the time limit
/* will receive a SIGKILL signal.
/*
/* The \fBspawn\fR(8) daemon service typically has a process limit >
/* 1 in its \fBmaster.cf\fR service definition, so that the number
/* of processes can scale with demand.
/* COMMAND ATTRIBUTE SYNTAX
/* .ad
/* .fi
@ -35,24 +41,27 @@
/* last command attribute.
/* The command is executed directly, i.e. without interpretation of
/* shell meta characters by a shell command interpreter.
/* BUGS
/* In order to enforce standard Postfix process resource controls,
/* each \fBspawn\fR(8) daemon process runs only one external
/* command, and blocks until the command terminates or a time
/* limit is reached.
/* As such, it presents a noticeable overhead by wasting precious
/* process resources. The \fBspawn\fR(8) daemon is expected to be
/* replaced by a more structural solution.
/* .sp
/* If a command argument must contain whitespace, or if a command
/* argument must begin with "{", enclose the argument with "{" and
/* "}". This form will ignore whitespace after the outer "{" and
/* before the outer "}". Example:
/* .sp
/* .fi
/* argv=/bin/sh -c { shell syntax here }
/* DIAGNOSTICS
/* The \fBspawn\fR(8) daemon reports abnormal child exits.
/* Problems are logged to \fBsyslogd\fR(8) or \fBpostlogd\fR(8).
/* SECURITY
/* .fi
/* .ad
/* This program needs root privilege in order to execute external
/* commands as the specified user. It is therefore security sensitive.
/* However the \fBspawn\fR(8) daemon does not talk to the external command
/* and thus is not vulnerable to data-driven attacks.
/* The \fBspawn\fR(8) daemon needs root privilege in order to
/* execute external commands as the specified user. It is therefore
/* security sensitive.
/*
/* However, the \fBspawn\fR(8) daemon does not receive data from
/* or about service clients or external commands, and thus is not
/* vulnerable to data-driven attacks.
/* CONFIGURATION PARAMETERS
/* .ad
/* .fi

1
postfix/src/util/Makefile.in
View File

@ -2717,6 +2717,7 @@ spawn_command.o: check_arg.h
spawn_command.o: clean_env.h
spawn_command.o: exec_command.h
spawn_command.o: msg.h
spawn_command.o: set_eugid.h
spawn_command.o: set_ugid.h
spawn_command.o: spawn_command.c
spawn_command.o: spawn_command.h

12
postfix/src/util/spawn_command.c
View File

@ -94,6 +94,7 @@
#include <msg.h>
#include <timed_wait.h>
#include <set_ugid.h>
#include <set_eugid.h>
#include <argv.h>
#include <spawn_command.h>
#include <exec_command.h>
@ -245,7 +246,8 @@ WAIT_STATUS_T spawn_command(int key,...)
case 0:
if (args.uid != (uid_t) - 1 || args.gid != (gid_t) - 1)
set_ugid(args.uid, args.gid);
setsid();
if (setsid() < 0)
msg_warn("child: setsid: %m");
/*
* Pipe plumbing.
@ -301,9 +303,15 @@ WAIT_STATUS_T spawn_command(int key,...)
*/
if ((err = timed_waitpid(pid, &wait_status, 0, args.time_limit)) < 0
&& errno == ETIMEDOUT) {
uid_t saved_euid = geteuid();
gid_t saved_egid = getegid();
msg_warn("%s: process id %lu: command time limit exceeded",
args.command, (unsigned long) pid);
kill(-pid, SIGKILL);
set_eugid(args.uid, args.gid);
if (kill(-pid, SIGKILL) < 0)
msg_warn("parent: kill: %m");
set_eugid(saved_euid, saved_egid);
err = waitpid(pid, &wait_status, 0);
}
if (err < 0)