mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-22 09:57:34 +00:00
Code Issues Releases Wiki Activity

postfix-3.10-20241202

Browse Source
This commit is contained in:
Wietse Z Venema 2024-12-02 00:00:00 -05:00 committed by Viktor Dukhovni
parent 1099dd6b49
commit 45b1555c81
26 changed files with 461 additions and 295 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
postfix/HISTORY
View File

@ -28582,3 +28582,58 @@ Apologies for any names omitted.
instead of a message buffer and length. This is in preparation instead of a message buffer and length. This is in preparation
for unix-dgram support in a spawn(8)-like service. Files: for unix-dgram support in a spawn(8)-like service. Files:
master/dgram_server.c, master/mail_server.h, postlogd/postlogd.c. master/dgram_server.c, master/mail_server.h, postlogd/postlogd.c.
20241122
Documentation: updated the LOCAL_RECIPIENT_README text, and
pointed there from the local_recipient_maps description in
postconf(5). Files: proto/LOCAL_RECIPIENT_README.html,
proto/postconf.proto.
20241127
Documentation: default_delivery_status_filter text. File:
proto/postconf.proto.
Documentation: support to convert superscripts in postconf.proto
manpage text from HTML to *roff. The result is a compromise:
vertical motion (\v'expr') works with groff, but not with
the newer mandoc and with the older UNIX nroff. So we use
^ instead. Files: mantools/fixman, mantools/postconf2man,
proto/postconf.proto.
20241129
Bugfix (introduced: on or before 19891104): the manpage
extractor mis-formatted titles with multiple names. File:
mantools/srctoman.
20241130
Bugfix (defect introduced: 19991230): the spawn daemon
failed to enforce the command time limit. It was sending
the SIGKILL signal using the wrong effective UID and GID.
The pipe daemon has always done this right. File:
util/spawn_command.c.
20241201
Bugfix (defect introduced Postfix 3.0). Missing UTF8
autodetection for headers that are automatically generated
by Postfix (for example, a From: header with UTF8 full name
information from the password file). Reported by Michael
Tokarev. File: src/cleanup/cleanup_message.c.
20241202
Cleanup: don't leak parent directory information into
documentation checks. File: mantools/dehtml.
Documentation: reverted a breaking change made 20241122.
File: html/Makefile.in.
Documentation: revised spawn(8) manpage text. This is all
that remains of a failed experiment to implement a
datagram-based spawn(8) service. It was too difficult to
enforce that processes terminate as expected after "postfix
reload" etc. File: spawn/spawn.c.

71
postfix/README_FILES/LOCAL_RECIPIENT_README
View File

@ -21,7 +21,7 @@ recipients correctly.
* Configuring local_recipient_maps in main.cf * Configuring local_recipient_maps in main.cf
* When you need to change the local_recipient_maps setting in main.cf * When you need to change the local_recipient_maps setting in main.cf
* Local recipient table format * Local recipient table query format
CCoonnffiigguurriinngg llooccaall__rreecciippiieenntt__mmaappss iinn mmaaiinn..ccff CCoonnffiigguurriinngg llooccaall__rreecciippiieenntt__mmaappss iinn mmaaiinn..ccff
@ -30,11 +30,13 @@ addresses of local recipients. A recipient address is local when its domain
matches $mydestination, $inet_interfaces or $proxy_interfaces. If a local matches $mydestination, $inet_interfaces or $proxy_interfaces. If a local
username or address is not listed in $local_recipient_maps, then the Postfix username or address is not listed in $local_recipient_maps, then the Postfix
SMTP server will reject the address with "User unknown in local recipient SMTP server will reject the address with "User unknown in local recipient
table". Other Postfix interfaces may still accept an "unknown" recipient. table". Other interfaces such as the Postfix sendmail(1) command may still
accept an "unknown" recipient.
The default setting, shown below, assumes that you use the default Postfix The default setting, shown below, assumes that you use the default Postfix
local(8) delivery agent for local delivery, where recipients are either UNIX local(8) delivery agent for local delivery, where recipients are either UNIX
accounts or local aliases: accounts (typically, in /etc/passwd) or local aliases (typically, in /etc/
aliases):
/etc/postfix/main.cf: /etc/postfix/main.cf:
local_recipient_maps = proxy:unix:passwd.byname $alias_maps local_recipient_maps = proxy:unix:passwd.byname $alias_maps
@ -67,19 +69,19 @@ WWhheenn yyoouu nneeeedd ttoo cchhaannggee tthhee llooc
local_transport = virtual local_transport = virtual
local_recipient_maps = $virtual_mailbox_maps local_recipient_maps = $virtual_mailbox_maps
If you use a different delivery agent for $mydestination etc. domains, see If you don't use the local(8) or virtual(8) delivery agent for
the section "Local recipient table format" below for a description of how $mydestination etc. domains, see the section "Local recipient table format"
the table should be populated. below for a description of how the table should be populated.
* Problem: you use the mailbox_transport or fallback_transport feature of the * Problem: you use the mailbox_transport or fallback_transport feature of the
Postfix local(8) delivery agent in order to deliver mail to non-UNIX Postfix local(8) delivery agent in order to deliver mail to non-UNIX
accounts. recipients.
Solution: you need to add the database that lists the non-UNIX users: Solution: you need to add the database that lists the non-UNIX recipients:
/etc/postfix/main.cf /etc/postfix/main.cf
local_recipient_maps = proxy:unix:passwd.byname, $alias_maps, local_recipient_maps = proxy:unix:passwd.byname, $alias_maps,
<the database with non-UNIX accounts> <the database with non-UNIX recipients>
See the section "Local recipient table format" below for a description of See the section "Local recipient table format" below for a description of
how the table should be populated. how the table should be populated.
@ -88,30 +90,49 @@ WWhheenn yyoouu nneeeedd ttoo cchhaannggee tthhee llooc
agent. agent.
Solution: you must disable the local_recipient_maps feature completely, so Solution: you must disable the local_recipient_maps feature completely, so
that Postfix accepts mail for all local addresses: that the Postfix SMTP server accepts mail for all local addresses:
/etc/postfix/main.cf /etc/postfix/main.cf
local_recipient_maps = local_recipient_maps =
LLooccaall rreecciippiieenntt ttaabbllee ffoorrmmaatt LLooccaall rreecciippiieenntt ttaabbllee qquueerryy ffoorrmmaatt
If you use local files in postmap(1) format, then local_recipient_maps expects If local_recipient_maps specifies local files, such as files in postmap(1) or
the following table format: postalias(1) format, then the Postfix SMTP server generates the following
queries:
* In the left-hand side, specify a bare username, an "@domain.tld" wild-card, * The full recipient address. This query supports a non-default
or specify a complete "user@domain.tld" address. local_transport setting with a delivery agent such as lmtp(8) or virtual
(8). See "Configuring local_recipient_maps in main.cf: for additional
guidance for what lookup tables to specify.
* You have to specify something on the right-hand side of the table, but the * The recipient address local-part. This query supports the default
value is ignored by local_recipient_maps. local_transport setting with the UNIX-compatible local(8) delivery agent;
the Postfix SMTP server makes this query only when the recipient domain
matches $mydestination, $inet_interfaces or $proxy_interfaces.
If you use lookup tables based on NIS, LDAP, MYSQL, or PGSQL, then * The recipient @domain. This query supports a non-default local_transport
local_recipient_maps does the same queries as for local files in postmap(1) setting with a delivery agent such as virtual(8); it is a wildcard for
format, and expects the same results. domains that do not have a valid recipient list.
With regular expression tables, Postfix only queries with the full recipient NOTES:
address, and not with the bare username or the "@domain.tld" wild-card.
NOTE: a lookup table should always return a result when the address exists, and * A lookup table should return a non-empty result when the address exists,
should always return "not found" when the address does not exist. In and should return "not found" when the address does not exist. In
particular, a zero-length result does not count as a "not found" result. particular, a zero-length (empty) result does not count as a "not found"
result.
* When local_recipient_maps specifies a lookup table based on ldap:,
memcache:, mongodb:, mysql:, pgsql:, sqlite:, or other external database,
then the Postfix SMTP server queries that lookup table with the same
queries as described at the start of this section, and expects the same
results.
* To suppress lookups for the local-part and the @domain wild-card, specify
the ddoommaaiinn setting in a Postfix ldap:, memcache:, mongodb:, mysql:, pgsql:,
sqlite:, etc., database client configuration file.
* When local_recipient_maps specifies a lookup table based on pcre:, regexp:,
socketmap: or tcp:, Postfix queries that table only with the full recipient
address, and not with the local-part or the @domain wild-card.

4
postfix/WISHLIST
View File

@ -2,6 +2,8 @@ Wish list:
Things to do before the stable release: Things to do before the stable release:
Make the spawn_command fix conditional on compatibility_level.
make pre-release-check, HTML validator check. make pre-release-check, HTML validator check.
Disable -DSNAPSHOT and -DNONPROD in makedefs. Disable -DSNAPSHOT and -DNONPROD in makedefs.
@ -16,6 +18,8 @@ Wish list:
relay_recipient_maps empty should default to 'no valid relay_recipient_maps empty should default to 'no valid
recipients'. Subject to compatibility level. recipients'. Subject to compatibility level.
In mantools/postlink, allow newline etc. in "<a href".
Add an option for a TLSRPT built-in JSON generator. This Add an option for a TLSRPT built-in JSON generator. This
would simplify TLSRPT adoption by eliminating a build-time would simplify TLSRPT adoption by eliminating a build-time
and run-time dependency on the libtlsrpt client library. and run-time dependency on the libtlsrpt client library.

82
postfix/html/LOCAL_RECIPIENT_README.html
View File

@ -45,7 +45,7 @@ in main.cf</a>
<li><a href="#change">When you need to change the local_recipient_maps <li><a href="#change">When you need to change the local_recipient_maps
setting in main.cf</a> setting in main.cf</a>
<li><a href="#format">Local recipient table format </a> <li><a href="#format">Local recipient table query format </a>
</ul> </ul>
@ -58,11 +58,13 @@ local when its domain matches $<a href="postconf.5.html#mydestination">mydestina
$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. If a local username or address is not listed in $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. If a local username or address is not listed in
$<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>, then the Postfix SMTP server will reject $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>, then the Postfix SMTP server will reject
the address with "User unknown in local recipient table". Other the address with "User unknown in local recipient table". Other
Postfix interfaces may still accept an "unknown" recipient. </p> interfaces such as the Postfix <a href="sendmail.1.html">sendmail(1)</a> command may still accept
an "unknown" recipient. </p>
<p> The default setting, shown below, assumes that you use the <p> The default setting, shown below, assumes that you use the
default Postfix <a href="local.8.html">local(8)</a> delivery agent for local delivery, where default Postfix <a href="local.8.html">local(8)</a> delivery agent for local delivery, where
recipients are either UNIX accounts or local aliases: </p> recipients are either UNIX accounts (typically, in /etc/passwd) or
local aliases (typically, in /etc/aliases): </p>
<blockquote> <blockquote>
<pre> <pre>
@ -112,22 +114,23 @@ setting in main.cf</a></h2>
<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> = $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> = $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>
</pre> </pre>
<p> If you use a different delivery agent for $<a href="postconf.5.html#mydestination">mydestination</a> <p> If you don't use the <a href="local.8.html">local(8)</a> or <a href="virtual.8.html">virtual(8)</a> delivery agent
for $<a href="postconf.5.html#mydestination">mydestination</a>
etc. domains, see the section "<a href="#format">Local recipient etc. domains, see the section "<a href="#format">Local recipient
table format</a>" below for a description of how the table table format</a>" below for a description of how the table
should be populated. </p> should be populated. </p>
<li> <p> Problem: you use the <a href="postconf.5.html#mailbox_transport">mailbox_transport</a> or <a href="postconf.5.html#fallback_transport">fallback_transport</a> <li> <p> Problem: you use the <a href="postconf.5.html#mailbox_transport">mailbox_transport</a> or <a href="postconf.5.html#fallback_transport">fallback_transport</a>
feature of the Postfix <a href="local.8.html">local(8)</a> delivery agent in order to feature of the Postfix <a href="local.8.html">local(8)</a> delivery agent in order to
deliver mail to non-UNIX accounts. </p> deliver mail to non-UNIX recipients. </p>
<p> Solution: you need to add the database that lists the <p> Solution: you need to add the database that lists the
non-UNIX users: </p> non-UNIX recipients: </p>
<pre> <pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a> /etc/postfix/<a href="postconf.5.html">main.cf</a>
<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> = <a href="proxymap.8.html">proxy</a>:unix:passwd.byname, $<a href="postconf.5.html#alias_maps">alias_maps</a>, <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> = <a href="proxymap.8.html">proxy</a>:unix:passwd.byname, $<a href="postconf.5.html#alias_maps">alias_maps</a>,
&lt;the database with non-UNIX accounts&gt; &lt;the database with non-UNIX recipients&gt;
</pre> </pre>
<p> See the section "<a href="#format">Local recipient table <p> See the section "<a href="#format">Local recipient table
@ -138,8 +141,8 @@ setting in main.cf</a></h2>
local delivery agent. </p> local delivery agent. </p>
<p> Solution: you must disable the <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> feature <p> Solution: you must disable the <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> feature
completely, so that Postfix accepts mail for all local addresses: completely, so that the Postfix SMTP server accepts mail for
</p> all local addresses: </p>
<pre> <pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a> /etc/postfix/<a href="postconf.5.html">main.cf</a>
@ -148,34 +151,59 @@ setting in main.cf</a></h2>
</ul> </ul>
<h2><a name="format">Local recipient table format</a> </h2> <h2><a name="format">Local recipient table query format</a> </h2>
<p> If you use local files in <a href="postmap.1.html">postmap(1)</a> format, then <p> If <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> specifies local files, such as files in
<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> expects the following table format: </p> <a href="postmap.1.html">postmap(1)</a> or <a href="postalias.1.html">postalias(1)</a> format, then the Postfix SMTP server
generates the following queries: </p>
<ul> <ul>
<li> <p> In the left-hand side, specify a bare username, an <li> <p> The full recipient address. This query supports a non-default
"@domain.tld" wild-card, or specify a complete "user@domain.tld" <a href="postconf.5.html#local_transport">local_transport</a> setting with a delivery agent such as <a href="lmtp.8.html">lmtp(8)</a> or
address. </p> virtual(8). See "<a href="#main_config">Configuring local_recipient_maps
in main.cf</a>: for additional guidance for what lookup tables to
specify. </p>
<li> <p> You have to specify something on the right-hand side of <li> <p> The recipient address local-part. This query supports the
the table, but the value is ignored by <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>. default <a href="postconf.5.html#local_transport">local_transport</a> setting with the UNIX-compatible <a href="local.8.html">local(8)</a>
delivery agent; the Postfix SMTP server makes this query only when
the recipient domain matches $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or
$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. </p>
<li> <p> The recipient @domain. This query supports a non-default
<a href="postconf.5.html#local_transport">local_transport</a> setting with a delivery agent such as <a href="virtual.8.html">virtual(8)</a>;
it is a wildcard for domains that do not have a valid recipient
list. </p>
</ul> </ul>
<p> If you use lookup tables based on NIS, LDAP, MYSQL, or PGSQL, <p> NOTES: </p>
then <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> does the same queries as for local files
in <a href="postmap.1.html">postmap(1)</a> format, and expects the same results. </p>
<p> With regular expression tables, Postfix only queries with the <ul>
full recipient address, and not with the bare username or the
"@domain.tld" wild-card. </p>
<p> NOTE: a lookup table should always return a result when the address <li> <p> A lookup table should return a non-empty result when the
exists, and should always return "not found" when the address does address exists, and should return "not found" when the address does
not exist. In particular, a zero-length result does not count as not exist. In particular, a zero-length (empty) result does not
a "not found" result. </p> count as a "not found" result. </p>
<li> <p> When <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> specifies a lookup table based
on <a href="ldap_table.5.html">ldap</a>:, <a href="memcache_table.5.html">memcache</a>:, <a href="mongodb_table.5.html">mongodb</a>:, <a href="mysql_table.5.html">mysql</a>:, <a href="pgsql_table.5.html">pgsql</a>:, <a href="sqlite_table.5.html">sqlite</a>:, or other
external database, then the Postfix SMTP server queries that lookup
table with the same queries as described at the start of this
section, and expects the same results. </p>
<li> <p> To suppress lookups for the <i>local-part</i> and the
<i>@domain</i> wild-card, specify the <b>domain</b> setting in a
Postfix <a href="ldap_table.5.html">ldap</a>:, <a href="memcache_table.5.html">memcache</a>:, <a href="mongodb_table.5.html">mongodb</a>:, <a href="mysql_table.5.html">mysql</a>:, <a href="pgsql_table.5.html">pgsql</a>:, <a href="sqlite_table.5.html">sqlite</a>:, etc.,
database client configuration file. </p>
<li> <p> When <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> specifies a lookup table based
on <a href="pcre_table.5.html">pcre</a>:, <a href="regexp_table.5.html">regexp</a>:, <a href="socketmap_table.html">socketmap</a>: or <a href="tcp_table.5.html">tcp</a>:, Postfix queries that table
only with the full recipient address, and not with the <i>local-part</i>
or the <i>@domain</i> wild-card. </p>
</ul>
</body> </body>

3
postfix/html/Makefile.in
View File

@ -38,7 +38,8 @@ tidy: clean
clobber: clobber:
rm -f $(DAEMONS) $(COMMANDS) $(CONFIG) rm -f $(DAEMONS) $(COMMANDS) $(CONFIG)
$(DAEMONS) $(COMMANDS) $(CONFIG): ../mantools/man2html # The following would add man2html to $? in rules for individual files.
#$(DAEMONS) $(COMMANDS) $(CONFIG): ../mantools/man2html
index.html: ../proto/index.html index.html: ../proto/index.html
cp $? $@ cp $? $@

6
postfix/html/lmtp.8.html
View File

@ -5,7 +5,7 @@
<link rel='stylesheet' type='text/css' href='postfix-doc.css'> <link rel='stylesheet' type='text/css' href='postfix-doc.css'>
<title> Postfix manual - smtp(8) </title> <title> Postfix manual - smtp(8) </title>
</head> <body> <pre> </head> <body> <pre>
SMTP,(LMTP) SMTP,(LMTP) SMTP(8) SMTP(8)
<b><a name="name">NAME</a></b> <b><a name="name">NAME</a></b>
smtp, lmtp - Postfix SMTP+LMTP client smtp, lmtp - Postfix SMTP+LMTP client
@ -979,7 +979,7 @@ SMTP,(LMTP) SMTP,(LMTP)
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b> <b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
The maximal number of digits after the decimal point when log- The maximal number of digits after the decimal point when log-
ging sub-second delay values. ging delay values.
<b><a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> (no)</b> <b><a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> (no)</b>
Disable DNS lookups in the Postfix SMTP and LMTP clients. Disable DNS lookups in the Postfix SMTP and LMTP clients.
@ -1153,5 +1153,5 @@ SMTP,(LMTP) SMTP,(LMTP)
Victor Duchovni Victor Duchovni
Morgan Stanley Morgan Stanley
8 SMTP,(LMTP) SMTP(8)
</pre> </body> </html> </pre> </body> </html>

89
postfix/html/postconf.5.html
View File

@ -2143,10 +2143,13 @@ name of the message delivery transport.
<DT><b><a name="default_delivery_status_filter">default_delivery_status_filter</a> <DT><b><a name="default_delivery_status_filter">default_delivery_status_filter</a>
(default: empty)</b></DT><DD> (default: empty)</b></DT><DD>
<p> Optional filter to replace the delivery status code or explanatory <p> Optional filter in Postfix delivery agents, to replace the
text of successful or unsuccessful deliveries. This does not allow delivery status code or explanatory text of successful or unsuccessful
deliveries. This allows the replacement of a temporary error status
code (4.X.X) with a permanent error status code (5.X.X) or vice
versa, but does not allow
the replacement of a successful status code (2.X.X) with an the replacement of a successful status code (2.X.X) with an
unsuccessful status code (4.X.X or 5.X.X) or vice versa. </p> unsuccessful status code (4.X.X or 5.X.X) or vice versa. </p>
<p> Note: the (smtp|lmtp)_delivery_status_filter is applied only <p> Note: the (smtp|lmtp)_delivery_status_filter is applied only
once per recipient: when delivery is successful, when delivery is once per recipient: when delivery is successful, when delivery is
@ -2916,18 +2919,21 @@ Example:
(default: 2)</b></DT><DD> (default: 2)</b></DT><DD>
<p> The maximal number of digits after the decimal point when logging <p> The maximal number of digits after the decimal point when logging
sub-second delay values. Specify a number in the range 0..6. </p> delay values. Specify a number in the range 0..6. </p>
<p> To improve readability, delays are logged with only a limited
number of significant digits: </p>
<ul> <ul>
<li> <p> Delays &ge; 100s are rounded off to an integral number of <li> Delays &ge; 100s are rounded off to an integral number of
seconds. </p> seconds.
<li> <p> Delays &lt; 10^-$<a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> are <li> Delays &lt; 10<sup>-$<a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a></sup> are
rounded off to "0". </p> rounded off to "0".
<li> <p> Other delays are rounded off to two significant digits, <li> Other delays are rounded off to two significant digits, or
or fewer if the result would exceed the delay_resolution_limit. </p> fewer if the result would exceed the <a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a>.
</ul> </ul>
@ -6271,13 +6277,31 @@ match. </dd>
<DT><b><a name="local_recipient_maps">local_recipient_maps</a> <DT><b><a name="local_recipient_maps">local_recipient_maps</a>
(default: <a href="proxymap.8.html">proxy</a>:unix:passwd.byname $<a href="postconf.5.html#alias_maps">alias_maps</a>)</b></DT><DD> (default: <a href="proxymap.8.html">proxy</a>:unix:passwd.byname $<a href="postconf.5.html#alias_maps">alias_maps</a>)</b></DT><DD>
<p> Lookup tables with all names or addresses of local recipients: <p> Lookup tables with all names or addresses of valid local
a recipient address is local when its domain matches $<a href="postconf.5.html#mydestination">mydestination</a>, recipients. A recipient address is local when its domain matches
$<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. Specify @domain as a $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. </p>
wild-card for domains that do not have a valid recipient list.
<p> If the <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> parameter value is non-empty (the
default), then the Postfix SMTP server queries <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>
as specified in "<a href="LOCAL_RECIPIENT_README.html#format">Local
recipient table query format</a>", and rejects mail for unknown
local recipients. Other Postfix interfaces such as the Postfix
<a href="sendmail.1.html">sendmail(1)</a> command may still accept an "unknown" recipient. </p>
<p> The default <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> setting assumes that <a href="postconf.5.html#local_transport">local_transport</a>
specifies the UNIX-compatible <a href="local.8.html">local(8)</a> delivery agent which queries
the UNIX passwd database (typically, /etc.passwd) and the local
aliases database (typically, /etc/aliases). The <a href="proxymap.8.html">proxy</a>: agent allows
the Postfix SMTP server to access the UNIX passwd database from
outside a chroot jail. </p>
<p> For other local mail delivery configurations, see "<a href="LOCAL_RECIPIENT_README.html#change">When you need to
change the local_recipient_maps setting in main.cf</a>". </p>
<p>
Technically, tables listed with $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> are used as Technically, tables listed with $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> are used as
lists: Postfix needs to know only if a lookup string is found or lists: The Postfix SMTP server needs to know only if a lookup string
not, but it does not use the result from table lookup. </p> is found or not, but it does not use the result from table lookup. </p>
<p> <p>
Specify zero or more "type:name" lookup tables, separated by Specify zero or more "type:name" lookup tables, separated by
@ -6285,44 +6309,11 @@ whitespace or comma. Tables will be searched in the specified order
until a match is found. until a match is found.
</p> </p>
<p>
If this parameter is non-empty (the default), then the Postfix SMTP
server will reject mail for unknown local users. Other Postfix
interfaces may still accept an "unknown" recipient. </p>
<p> <p>
To turn off local recipient checking in the Postfix SMTP server, To turn off local recipient checking in the Postfix SMTP server,
specify "<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> =" (i.e. empty). specify "<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> =" (i.e. empty).
</p> </p>
<p>
The default setting assumes that you use the default Postfix local
delivery agent for local delivery. You need to update the
<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> setting if:
</p>
<ul>
<li>You redefine the local delivery agent in <a href="master.5.html">master.cf</a>.
<li>You redefine the "<a href="postconf.5.html#local_transport">local_transport</a>" setting in <a href="postconf.5.html">main.cf</a>.
<li>You use the "<a href="postconf.5.html#luser_relay">luser_relay</a>", "<a href="postconf.5.html#mailbox_transport">mailbox_transport</a>", or "<a href="postconf.5.html#fallback_transport">fallback_transport</a>"
feature of the Postfix <a href="local.8.html">local(8)</a> delivery agent.
</ul>
<p>
Details are described in the <a href="LOCAL_RECIPIENT_README.html">LOCAL_RECIPIENT_README</a> file.
</p>
<p>
Beware: if the Postfix SMTP server runs chrooted, you need to access
the passwd file via the <a href="proxymap.8.html">proxymap(8)</a> service, in order to overcome
chroot access restrictions. The alternative, maintaining a copy of
the system password file in the chroot jail is not practical.
</p>
<p> <p>
Examples: Examples:
</p> </p>

6
postfix/html/smtp.8.html
View File

@ -5,7 +5,7 @@
<link rel='stylesheet' type='text/css' href='postfix-doc.css'> <link rel='stylesheet' type='text/css' href='postfix-doc.css'>
<title> Postfix manual - smtp(8) </title> <title> Postfix manual - smtp(8) </title>
</head> <body> <pre> </head> <body> <pre>
SMTP,(LMTP) SMTP,(LMTP) SMTP(8) SMTP(8)
<b><a name="name">NAME</a></b> <b><a name="name">NAME</a></b>
smtp, lmtp - Postfix SMTP+LMTP client smtp, lmtp - Postfix SMTP+LMTP client
@ -979,7 +979,7 @@ SMTP,(LMTP) SMTP,(LMTP)
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b> <b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
The maximal number of digits after the decimal point when log- The maximal number of digits after the decimal point when log-
ging sub-second delay values. ging delay values.
<b><a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> (no)</b> <b><a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> (no)</b>
Disable DNS lookups in the Postfix SMTP and LMTP clients. Disable DNS lookups in the Postfix SMTP and LMTP clients.
@ -1153,5 +1153,5 @@ SMTP,(LMTP) SMTP,(LMTP)
Victor Duchovni Victor Duchovni
Morgan Stanley Morgan Stanley
8 SMTP,(LMTP) SMTP(8)
</pre> </body> </html> </pre> </body> </html>

45
postfix/html/spawn.8.html
View File

@ -14,15 +14,21 @@ SPAWN(8) SPAWN(8)
<b>spawn</b> [generic Postfix daemon options] command_attributes... <b>spawn</b> [generic Postfix daemon options] command_attributes...
<b><a name="description">DESCRIPTION</a></b> <b><a name="description">DESCRIPTION</a></b>
The <a href="spawn.8.html"><b>spawn</b>(8)</a> daemon provides the Postfix equivalent of <b>inetd</b>. It lis- The <a href="spawn.8.html"><b>spawn</b>(8)</a> daemon monitors a TCP or UNIX-domain stream socket, con-
tens on a port as specified in the Postfix <a href="master.5.html"><b>master.cf</b></a> file and spawns an figured in <a href="master.5.html"><b>master.cf</b></a> with a service type <b>inet</b> or <b>unix</b>.
external command whenever a connection is established. The connection
can be made over local IPC (such as UNIX-domain sockets) or over
non-local IPC (such as TCP sockets). The command's standard input,
output and error streams are connected directly to the communication
endpoint.
This daemon expects to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager. This daemon spawns an external command whenever a connection is estab-
lished, with the standard input, output and error file descriptors con-
nected to the remote client.
The command process is subject to the time limit specified with the
parameter <a href="postconf.5.html#transport_time_limit"><i>transport</i>_time_limit</a> (default: <a href="postconf.5.html#command_time_limit">command_time_limit</a>) where
<i>transport</i> equals the service name field in <a href="master.5.html">master.cf</a>. A process that
exceeds the time limit will receive a SIGKILL signal.
The <a href="spawn.8.html"><b>spawn</b>(8)</a> daemon service typically has a process limit &gt; 1 in its
<a href="master.5.html"><b>master.cf</b></a> service definition, so that the number of processes can scale
with demand.
<b><a name="command_attribute_syntax">COMMAND ATTRIBUTE SYNTAX</a></b> <b><a name="command_attribute_syntax">COMMAND ATTRIBUTE SYNTAX</a></b>
The external command attributes are given in the <a href="master.5.html"><b>master.cf</b></a> file at the The external command attributes are given in the <a href="master.5.html"><b>master.cf</b></a> file at the
@ -43,23 +49,24 @@ SPAWN(8) SPAWN(8)
out interpretation of shell meta characters by a shell command out interpretation of shell meta characters by a shell command
interpreter. interpreter.
<b><a name="bugs">BUGS</a></b> If a command argument must contain whitespace, or if a command
In order to enforce standard Postfix process resource controls, each argument must begin with "{", enclose the argument with "{" and
<a href="spawn.8.html"><b>spawn</b>(8)</a> daemon process runs only one external command, and blocks "}". This form will ignore whitespace after the outer "{" and
until the command terminates or a time limit is reached. As such, it before the outer "}". Example:
presents a noticeable overhead by wasting precious process resources.
The <a href="spawn.8.html"><b>spawn</b>(8)</a> daemon is expected to be replaced by a more structural argv=/bin/sh -c { shell syntax here }
solution.
<b><a name="diagnostics">DIAGNOSTICS</a></b> <b><a name="diagnostics">DIAGNOSTICS</a></b>
The <a href="spawn.8.html"><b>spawn</b>(8)</a> daemon reports abnormal child exits. Problems are logged The <a href="spawn.8.html"><b>spawn</b>(8)</a> daemon reports abnormal child exits. Problems are logged
to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>. to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
<b><a name="security">SECURITY</a></b> <b><a name="security">SECURITY</a></b>
This program needs root privilege in order to execute external commands The <a href="spawn.8.html"><b>spawn</b>(8)</a> daemon needs root privilege in order to execute external
as the specified user. It is therefore security sensitive. However the commands as the specified user. It is therefore security sensitive.
<a href="spawn.8.html"><b>spawn</b>(8)</a> daemon does not talk to the external command and thus is not
vulnerable to data-driven attacks. However, the <a href="spawn.8.html"><b>spawn</b>(8)</a> daemon does not receive data from or about ser-
vice clients or external commands, and thus is not vulnerable to
data-driven attacks.
<b><a name="configuration_parameters">CONFIGURATION PARAMETERS</a></b> <b><a name="configuration_parameters">CONFIGURATION PARAMETERS</a></b>
Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically as <a href="spawn.8.html"><b>spawn</b>(8)</a> processes Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically as <a href="spawn.8.html"><b>spawn</b>(8)</a> processes

68
postfix/man/man5/postconf.5
View File

@ -1302,8 +1302,11 @@ Use \fItransport\fR_delivery_slot_loan to specify a
transport\-specific override, where \fItransport\fR is the master.cf transport\-specific override, where \fItransport\fR is the master.cf
name of the message delivery transport. name of the message delivery transport.
.SH default_delivery_status_filter (default: empty) .SH default_delivery_status_filter (default: empty)
Optional filter to replace the delivery status code or explanatory Optional filter in Postfix delivery agents, to replace the
text of successful or unsuccessful deliveries. This does not allow delivery status code or explanatory text of successful or unsuccessful
deliveries. This allows the replacement of a temporary error status
code (4.X.X) with a permanent error status code (5.X.X) or vice
versa, but does not allow
the replacement of a successful status code (2.X.X) with an the replacement of a successful status code (2.X.X) with an
unsuccessful status code (4.X.X or 5.X.X) or vice versa. unsuccessful status code (4.X.X or 5.X.X) or vice versa.
.PP .PP
@ -1843,7 +1846,10 @@ defer_transports = smtp
.ad .ad
.SH delay_logging_resolution_limit (default: 2) .SH delay_logging_resolution_limit (default: 2)
The maximal number of digits after the decimal point when logging The maximal number of digits after the decimal point when logging
sub\-second delay values. Specify a number in the range 0..6. delay values. Specify a number in the range 0..6.
.PP
To improve readability, delays are logged with only a limited
number of significant digits:
.IP \(bu .IP \(bu
Delays >= 100s are rounded off to an integral number of Delays >= 100s are rounded off to an integral number of
seconds. seconds.
@ -1851,8 +1857,8 @@ seconds.
Delays < 10^\-$delay_logging_resolution_limit are Delays < 10^\-$delay_logging_resolution_limit are
rounded off to "0". rounded off to "0".
.IP \(bu .IP \(bu
Other delays are rounded off to two significant digits, Other delays are rounded off to two significant digits, or
or fewer if the result would exceed the delay_resolution_limit. fewer if the result would exceed the delay_logging_resolution_limit.
.br .br
.PP .PP
The format of the "delays=a/b/c/d" logging is as follows: The format of the "delays=a/b/c/d" logging is as follows:
@ -3798,44 +3804,38 @@ Examples:
.PP .PP
This feature is available in Postfix 3.6 and later. This feature is available in Postfix 3.6 and later.
.SH local_recipient_maps (default: proxy:unix:passwd.byname $alias_maps) .SH local_recipient_maps (default: proxy:unix:passwd.byname $alias_maps)
Lookup tables with all names or addresses of local recipients: Lookup tables with all names or addresses of valid local
a recipient address is local when its domain matches $mydestination, recipients. A recipient address is local when its domain matches
$inet_interfaces or $proxy_interfaces. Specify @domain as a $mydestination, $inet_interfaces or $proxy_interfaces.
wild\-card for domains that do not have a valid recipient list. .PP
If the local_recipient_maps parameter value is non\-empty (the
default), then the Postfix SMTP server queries local_recipient_maps
as specified in "Local
recipient table query format", and rejects mail for unknown
local recipients. Other Postfix interfaces such as the Postfix
\fBsendmail\fR(1) command may still accept an "unknown" recipient.
.PP
The default local_recipient_maps setting assumes that local_transport
specifies the UNIX\-compatible \fBlocal\fR(8) delivery agent which queries
the UNIX passwd database (typically, /etc.passwd) and the local
aliases database (typically, /etc/aliases). The proxy: agent allows
the Postfix SMTP server to access the UNIX passwd database from
outside a chroot jail.
.PP
For other local mail delivery configurations, see "When you need to
change the local_recipient_maps setting in main.cf".
.PP
Technically, tables listed with $local_recipient_maps are used as Technically, tables listed with $local_recipient_maps are used as
lists: Postfix needs to know only if a lookup string is found or lists: The Postfix SMTP server needs to know only if a lookup string
not, but it does not use the result from table lookup. is found or not, but it does not use the result from table lookup.
.PP .PP
Specify zero or more "type:name" lookup tables, separated by Specify zero or more "type:name" lookup tables, separated by
whitespace or comma. Tables will be searched in the specified order whitespace or comma. Tables will be searched in the specified order
until a match is found. until a match is found.
.PP .PP
If this parameter is non\-empty (the default), then the Postfix SMTP
server will reject mail for unknown local users. Other Postfix
interfaces may still accept an "unknown" recipient.
.PP
To turn off local recipient checking in the Postfix SMTP server, To turn off local recipient checking in the Postfix SMTP server,
specify "local_recipient_maps =" (i.e. empty). specify "local_recipient_maps =" (i.e. empty).
.PP .PP
The default setting assumes that you use the default Postfix local
delivery agent for local delivery. You need to update the
local_recipient_maps setting if:
.IP \(bu
You redefine the local delivery agent in master.cf.
.IP \(bu
You redefine the "local_transport" setting in main.cf.
.IP \(bu
You use the "luser_relay", "mailbox_transport", or "fallback_transport"
feature of the Postfix \fBlocal\fR(8) delivery agent.
.br
.PP
Details are described in the LOCAL_RECIPIENT_README file.
.PP
Beware: if the Postfix SMTP server runs chrooted, you need to access
the passwd file via the \fBproxymap\fR(8) service, in order to overcome
chroot access restrictions. The alternative, maintaining a copy of
the system password file in the chroot jail is not practical.
.PP
Examples: Examples:
.PP .PP
.nf .nf

4
postfix/man/man8/smtp.8
View File

@ -1,4 +1,4 @@
.TH SMTP, LMTP 8 .TH SMTP 8
.ad .ad
.fi .fi
.SH NAME .SH NAME
@ -874,7 +874,7 @@ How much time a Postfix daemon process may take to handle a
request before it is terminated by a built\-in watchdog timer. request before it is terminated by a built\-in watchdog timer.
.IP "\fBdelay_logging_resolution_limit (2)\fR" .IP "\fBdelay_logging_resolution_limit (2)\fR"
The maximal number of digits after the decimal point when logging The maximal number of digits after the decimal point when logging
sub\-second delay values. delay values.
.IP "\fBdisable_dns_lookups (no)\fR" .IP "\fBdisable_dns_lookups (no)\fR"
Disable DNS lookups in the Postfix SMTP and LMTP clients. Disable DNS lookups in the Postfix SMTP and LMTP clients.
.IP "\fBinet_interfaces (all)\fR" .IP "\fBinet_interfaces (all)\fR"

53
postfix/man/man8/spawn.8
View File

@ -12,17 +12,23 @@ Postfix external command spawner
.SH DESCRIPTION .SH DESCRIPTION
.ad .ad
.fi .fi
The \fBspawn\fR(8) daemon provides the Postfix equivalent The \fBspawn\fR(8) daemon monitors a TCP or UNIX\-domain stream
of \fBinetd\fR. socket, configured in \fBmaster.cf\fR with a service type
It listens on a port as specified in the Postfix \fBmaster.cf\fR file \fBinet\fR or \fBunix\fR.
and spawns an external command whenever a connection is established.
The connection can be made over local IPC (such as UNIX\-domain
sockets) or over non\-local IPC (such as TCP sockets).
The command's standard input, output and error streams are connected
directly to the communication endpoint.
This daemon expects to be run from the \fBmaster\fR(8) process This daemon spawns an external command whenever a connection
manager. is established, with the standard input, output and error file
descriptors connected to the remote client.
The command process is subject to the time limit specified
with the parameter \fItransport\fR_time_limit (default:
command_time_limit) where \fItransport\fR equals the service
name field in master.cf. A process that exceeds the time limit
will receive a SIGKILL signal.
The \fBspawn\fR(8) daemon service typically has a process limit >
1 in its \fBmaster.cf\fR service definition, so that the number
of processes can scale with demand.
.SH "COMMAND ATTRIBUTE SYNTAX" .SH "COMMAND ATTRIBUTE SYNTAX"
.na .na
.nf .nf
@ -43,16 +49,14 @@ The command to be executed. This must be specified as the
last command attribute. last command attribute.
The command is executed directly, i.e. without interpretation of The command is executed directly, i.e. without interpretation of
shell meta characters by a shell command interpreter. shell meta characters by a shell command interpreter.
.SH BUGS .sp
.ad If a command argument must contain whitespace, or if a command
argument must begin with "{", enclose the argument with "{" and
"}". This form will ignore whitespace after the outer "{" and
before the outer "}". Example:
.sp
.fi .fi
In order to enforce standard Postfix process resource controls, argv=/bin/sh \-c { shell syntax here }
each \fBspawn\fR(8) daemon process runs only one external
command, and blocks until the command terminates or a time
limit is reached.
As such, it presents a noticeable overhead by wasting precious
process resources. The \fBspawn\fR(8) daemon is expected to be
replaced by a more structural solution.
.SH DIAGNOSTICS .SH DIAGNOSTICS
.ad .ad
.fi .fi
@ -63,10 +67,13 @@ Problems are logged to \fBsyslogd\fR(8) or \fBpostlogd\fR(8).
.nf .nf
.fi .fi
.ad .ad
This program needs root privilege in order to execute external The \fBspawn\fR(8) daemon needs root privilege in order to
commands as the specified user. It is therefore security sensitive. execute external commands as the specified user. It is therefore
However the \fBspawn\fR(8) daemon does not talk to the external command security sensitive.
and thus is not vulnerable to data\-driven attacks.
However, the \fBspawn\fR(8) daemon does not receive data from
or about service clients or external commands, and thus is not
vulnerable to data\-driven attacks.
.SH "CONFIGURATION PARAMETERS" .SH "CONFIGURATION PARAMETERS"
.na .na
.nf .nf

6
postfix/mantools/dehtml
View File

@ -3,7 +3,7 @@
for i for i
do do
case $i in case $i in
/*) lynx -width=256 -dump file://localhost$i;; /*) lynx -width=256 -dump file://$i;;
*) lynx -width=256 -dump file://localhost`pwd`/$i;; *) lynx -width=256 -dump file://`pwd`/$i;;
esac esac
done | grep -v 'file://localhost/' done | grep -v 'file:///'

2
postfix/mantools/fixman
View File

@ -93,6 +93,8 @@ sub emit_text
$block =~ s/&ge;/>=/g; $block =~ s/&ge;/>=/g;
$block =~ s/&lt;/</g; $block =~ s/&lt;/</g;
$block =~ s/&gt;/>/g; $block =~ s/&gt;/>/g;
$block =~ s/<sup>/^/g;
$block =~ s;</sup>;;g;
# Peep-hole optimizer. # Peep-hole optimizer.
$block =~ s/^\s+//g; $block =~ s/^\s+//g;

2
postfix/mantools/postconf2man
View File

@ -86,6 +86,8 @@ while(<>) {
$block =~ s/&amp;/\&/g; $block =~ s/&amp;/\&/g;
$block =~ s/&ndash;/-/g; $block =~ s/&ndash;/-/g;
$block =~ s/&mdash;/-/g; $block =~ s/&mdash;/-/g;
$block =~ s/<sup>/^/g;
$block =~ s;</sup>;;g;
$block =~ s/\s+\n/\n/g; $block =~ s/\s+\n/\n/g;
$block =~ s/^\n//g; $block =~ s/^\n//g;
$block =~ s/\s*<\s*nroffescape\s+([^ >]+)\s*>\s*/\n\1\n/g; $block =~ s/\s*<\s*nroffescape\s+([^ >]+)\s*>\s*/\n\1\n/g;

2
postfix/mantools/srctoman
View File

@ -63,7 +63,9 @@ do
/^NAME[ ]*$/{ /^NAME[ ]*$/{
N N
s/^.*\n'"$B"'[ ]*// s/^.*\n'"$B"'[ ]*//
s/[ ]*$//
h h
s/,.*\( [0-9][^ ]*\)$/\1/
y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/ y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/
s/^.*$/.TH & '"$SECT"'\ s/^.*$/.TH & '"$SECT"'\
.ad\ .ad\

82
postfix/proto/LOCAL_RECIPIENT_README.html
View File

@ -45,7 +45,7 @@ in main.cf</a>
<li><a href="#change">When you need to change the local_recipient_maps <li><a href="#change">When you need to change the local_recipient_maps
setting in main.cf</a> setting in main.cf</a>
<li><a href="#format">Local recipient table format </a> <li><a href="#format">Local recipient table query format </a>
</ul> </ul>
@ -58,11 +58,13 @@ local when its domain matches $mydestination, $inet_interfaces or
$proxy_interfaces. If a local username or address is not listed in $proxy_interfaces. If a local username or address is not listed in
$local_recipient_maps, then the Postfix SMTP server will reject $local_recipient_maps, then the Postfix SMTP server will reject
the address with "User unknown in local recipient table". Other the address with "User unknown in local recipient table". Other
Postfix interfaces may still accept an "unknown" recipient. </p> interfaces such as the Postfix sendmail(1) command may still accept
an "unknown" recipient. </p>
<p> The default setting, shown below, assumes that you use the <p> The default setting, shown below, assumes that you use the
default Postfix local(8) delivery agent for local delivery, where default Postfix local(8) delivery agent for local delivery, where
recipients are either UNIX accounts or local aliases: </p> recipients are either UNIX accounts (typically, in /etc/passwd) or
local aliases (typically, in /etc/aliases): </p>
<blockquote> <blockquote>
<pre> <pre>
@ -112,22 +114,23 @@ setting in main.cf</a></h2>
local_recipient_maps = $virtual_mailbox_maps local_recipient_maps = $virtual_mailbox_maps
</pre> </pre>
<p> If you use a different delivery agent for $mydestination <p> If you don't use the local(8) or virtual(8) delivery agent
for $mydestination
etc. domains, see the section "<a href="#format">Local recipient etc. domains, see the section "<a href="#format">Local recipient
table format</a>" below for a description of how the table table format</a>" below for a description of how the table
should be populated. </p> should be populated. </p>
<li> <p> Problem: you use the mailbox_transport or fallback_transport <li> <p> Problem: you use the mailbox_transport or fallback_transport
feature of the Postfix local(8) delivery agent in order to feature of the Postfix local(8) delivery agent in order to
deliver mail to non-UNIX accounts. </p> deliver mail to non-UNIX recipients. </p>
<p> Solution: you need to add the database that lists the <p> Solution: you need to add the database that lists the
non-UNIX users: </p> non-UNIX recipients: </p>
<pre> <pre>
/etc/postfix/main.cf /etc/postfix/main.cf
local_recipient_maps = proxy:unix:passwd.byname, $alias_maps, local_recipient_maps = proxy:unix:passwd.byname, $alias_maps,
&lt;the database with non-UNIX accounts&gt; &lt;the database with non-UNIX recipients&gt;
</pre> </pre>
<p> See the section "<a href="#format">Local recipient table <p> See the section "<a href="#format">Local recipient table
@ -138,8 +141,8 @@ setting in main.cf</a></h2>
local delivery agent. </p> local delivery agent. </p>
<p> Solution: you must disable the local_recipient_maps feature <p> Solution: you must disable the local_recipient_maps feature
completely, so that Postfix accepts mail for all local addresses: completely, so that the Postfix SMTP server accepts mail for
</p> all local addresses: </p>
<pre> <pre>
/etc/postfix/main.cf /etc/postfix/main.cf
@ -148,34 +151,59 @@ setting in main.cf</a></h2>
</ul> </ul>
<h2><a name="format">Local recipient table format</a> </h2> <h2><a name="format">Local recipient table query format</a> </h2>
<p> If you use local files in postmap(1) format, then <p> If local_recipient_maps specifies local files, such as files in
local_recipient_maps expects the following table format: </p> postmap(1) or postalias(1) format, then the Postfix SMTP server
generates the following queries: </p>
<ul> <ul>
<li> <p> In the left-hand side, specify a bare username, an <li> <p> The full recipient address. This query supports a non-default
"@domain.tld" wild-card, or specify a complete "user@domain.tld" local_transport setting with a delivery agent such as lmtp(8) or
address. </p> virtual(8). See "<a href="#main_config">Configuring local_recipient_maps
in main.cf</a>: for additional guidance for what lookup tables to
specify. </p>
<li> <p> You have to specify something on the right-hand side of <li> <p> The recipient address local-part. This query supports the
the table, but the value is ignored by local_recipient_maps. default local_transport setting with the UNIX-compatible local(8)
delivery agent; the Postfix SMTP server makes this query only when
the recipient domain matches $mydestination, $inet_interfaces or
$proxy_interfaces. </p>
<li> <p> The recipient @domain. This query supports a non-default
local_transport setting with a delivery agent such as virtual(8);
it is a wildcard for domains that do not have a valid recipient
list. </p>
</ul> </ul>
<p> If you use lookup tables based on NIS, LDAP, MYSQL, or PGSQL, <p> NOTES: </p>
then local_recipient_maps does the same queries as for local files
in postmap(1) format, and expects the same results. </p>
<p> With regular expression tables, Postfix only queries with the <ul>
full recipient address, and not with the bare username or the
"@domain.tld" wild-card. </p>
<p> NOTE: a lookup table should always return a result when the address <li> <p> A lookup table should return a non-empty result when the
exists, and should always return "not found" when the address does address exists, and should return "not found" when the address does
not exist. In particular, a zero-length result does not count as not exist. In particular, a zero-length (empty) result does not
a "not found" result. </p> count as a "not found" result. </p>
<li> <p> When local_recipient_maps specifies a lookup table based
on ldap:, memcache:, mongodb:, mysql:, pgsql:, sqlite:, or other
external database, then the Postfix SMTP server queries that lookup
table with the same queries as described at the start of this
section, and expects the same results. </p>
<li> <p> To suppress lookups for the <i>local-part</i> and the
<i>@domain</i> wild-card, specify the <b>domain</b> setting in a
Postfix ldap:, memcache:, mongodb:, mysql:, pgsql:, sqlite:, etc.,
database client configuration file. </p>
<li> <p> When local_recipient_maps specifies a lookup table based
on pcre:, regexp:, socketmap: or tcp:, Postfix queries that table
only with the full recipient address, and not with the <i>local-part</i>
or the <i>@domain</i> wild-card. </p>
</ul>
</body> </body>

90
postfix/proto/postconf.proto
View File

@ -2462,13 +2462,32 @@ into concurrency per domain. </p>
%PARAM local_recipient_maps proxy:unix:passwd.byname $alias_maps %PARAM local_recipient_maps proxy:unix:passwd.byname $alias_maps
<p> Lookup tables with all names or addresses of local recipients: <p> Lookup tables with all names or addresses of valid local
a recipient address is local when its domain matches $mydestination, recipients. A recipient address is local when its domain matches
$inet_interfaces or $proxy_interfaces. Specify @domain as a $mydestination, $inet_interfaces or $proxy_interfaces. </p>
wild-card for domains that do not have a valid recipient list.
<p> If the local_recipient_maps parameter value is non-empty (the
default), then the Postfix SMTP server queries local_recipient_maps
as specified in "<a href="LOCAL_RECIPIENT_README.html#format">Local
recipient table query format</a>", and rejects mail for unknown
local recipients. Other Postfix interfaces such as the Postfix
sendmail(1) command may still accept an "unknown" recipient. </p>
<p> The default local_recipient_maps setting assumes that local_transport
specifies the UNIX-compatible local(8) delivery agent which queries
the UNIX passwd database (typically, /etc.passwd) and the local
aliases database (typically, /etc/aliases). The proxy: agent allows
the Postfix SMTP server to access the UNIX passwd database from
outside a chroot jail. </p>
<p> For other local mail delivery configurations, see <!-- filler
--> "<a href="LOCAL_RECIPIENT_README.html#change">When you need to
change the local_recipient_maps setting in main.cf</a>". </p>
<p>
Technically, tables listed with $local_recipient_maps are used as Technically, tables listed with $local_recipient_maps are used as
lists: Postfix needs to know only if a lookup string is found or lists: The Postfix SMTP server needs to know only if a lookup string
not, but it does not use the result from table lookup. </p> is found or not, but it does not use the result from table lookup. </p>
<p> <p>
Specify zero or more "type:name" lookup tables, separated by Specify zero or more "type:name" lookup tables, separated by
@ -2476,44 +2495,11 @@ whitespace or comma. Tables will be searched in the specified order
until a match is found. until a match is found.
</p> </p>
<p>
If this parameter is non-empty (the default), then the Postfix SMTP
server will reject mail for unknown local users. Other Postfix
interfaces may still accept an "unknown" recipient. </p>
<p> <p>
To turn off local recipient checking in the Postfix SMTP server, To turn off local recipient checking in the Postfix SMTP server,
specify "local_recipient_maps =" (i.e. empty). specify "local_recipient_maps =" (i.e. empty).
</p> </p>
<p>
The default setting assumes that you use the default Postfix local
delivery agent for local delivery. You need to update the
local_recipient_maps setting if:
</p>
<ul>
<li>You redefine the local delivery agent in master.cf.
<li>You redefine the "local_transport" setting in main.cf.
<li>You use the "luser_relay", "mailbox_transport", or "fallback_transport"
feature of the Postfix local(8) delivery agent.
</ul>
<p>
Details are described in the LOCAL_RECIPIENT_README file.
</p>
<p>
Beware: if the Postfix SMTP server runs chrooted, you need to access
the passwd file via the proxymap(8) service, in order to overcome
chroot access restrictions. The alternative, maintaining a copy of
the system password file in the chroot jail is not practical.
</p>
<p> <p>
Examples: Examples:
</p> </p>
@ -10862,18 +10848,21 @@ DNS lookup and increases the maximal inbound delivery rate. </p>
%PARAM delay_logging_resolution_limit 2 %PARAM delay_logging_resolution_limit 2
<p> The maximal number of digits after the decimal point when logging <p> The maximal number of digits after the decimal point when logging
sub-second delay values. Specify a number in the range 0..6. </p> delay values. Specify a number in the range 0..6. </p>
<p> To improve readability, delays are logged with only a limited
number of significant digits: </p>
<ul> <ul>
<li> <p> Delays &ge; 100s are rounded off to an integral number of <li> Delays &ge; 100s are rounded off to an integral number of
seconds. </p> seconds.
<li> <p> Delays &lt; 10^-$delay_logging_resolution_limit are <li> Delays &lt; 10<sup>-$delay_logging_resolution_limit</sup> are
rounded off to "0". </p> rounded off to "0".
<li> <p> Other delays are rounded off to two significant digits, <li> Other delays are rounded off to two significant digits, or
or fewer if the result would exceed the delay_resolution_limit. </p> fewer if the result would exceed the delay_logging_resolution_limit.
</ul> </ul>
@ -17055,10 +17044,13 @@ later. </p>
%PARAM default_delivery_status_filter %PARAM default_delivery_status_filter
<p> Optional filter to replace the delivery status code or explanatory <p> Optional filter in Postfix delivery agents, to replace the
text of successful or unsuccessful deliveries. This does not allow delivery status code or explanatory text of successful or unsuccessful
deliveries. This allows the replacement of a temporary error status
code (4.X.X) with a permanent error status code (5.X.X) or vice
versa, but does not allow
the replacement of a successful status code (2.X.X) with an the replacement of a successful status code (2.X.X) with an
unsuccessful status code (4.X.X or 5.X.X) or vice versa. </p> unsuccessful status code (4.X.X or 5.X.X) or vice versa. </p>
<p> Note: the (smtp|lmtp)_delivery_status_filter is applied only <p> Note: the (smtp|lmtp)_delivery_status_filter is applied only
once per recipient: when delivery is successful, when delivery is once per recipient: when delivery is successful, when delivery is

1
postfix/proto/stop.double-history
View File

@ -145,3 +145,4 @@ proto proto socketmap_table qmqpd qmqpd c tls tls_misc c
proto socketmap_table qmqpd qmqpd c tls tls_misc c proto socketmap_table qmqpd qmqpd c tls tls_misc c
a dependency for html html File html Makefile in a dependency for html html File html Makefile in
master dgram_server c master mail_server h postlogd postlogd c master dgram_server c master mail_server h postlogd postlogd c
reload etc File spawn spawn c

5
postfix/proto/stop.spell-history
View File

@ -90,3 +90,8 @@ dereferenced
MEMCACHE MEMCACHE
sed sed
Wayback Wayback
fixman
mandoc
v'expr
roff
diffs

10
postfix/src/cleanup/cleanup_message.c
View File

@ -729,8 +729,9 @@ static void cleanup_header_done_callback(void *context)
vstring_sprintf(state->temp1, "%s.%s@%s", vstring_sprintf(state->temp1, "%s.%s@%s",
time_stamp, state->queue_id, var_myhostname); time_stamp, state->queue_id, var_myhostname);
} }
cleanup_out_format(state, REC_TYPE_NORM, "%sMessage-Id: <%s>", vstring_sprintf(state->temp2, "%sMessage-Id: <%s>",
state->resent, vstring_str(state->temp1)); state->resent, vstring_str(state->temp1));
cleanup_out_header(state, state->temp2);
msg_info("%s: %smessage-id=<%s>", msg_info("%s: %smessage-id=<%s>",
state->queue_id, *state->resent ? "resent-" : "", state->queue_id, *state->resent ? "resent-" : "",
vstring_str(state->temp1)); vstring_str(state->temp1));
@ -751,8 +752,9 @@ static void cleanup_header_done_callback(void *context)
if ((state->hdr_rewrite_context || var_always_add_hdrs) if ((state->hdr_rewrite_context || var_always_add_hdrs)
&& (state->headers_seen & (1 << (state->resent[0] ? && (state->headers_seen & (1 << (state->resent[0] ?
HDR_RESENT_DATE : HDR_DATE))) == 0) { HDR_RESENT_DATE : HDR_DATE))) == 0) {
cleanup_out_format(state, REC_TYPE_NORM, "%sDate: %s", vstring_sprintf(state->temp2, "%sDate: %s",
state->resent, mail_date(state->arrival_time.tv_sec)); state->resent, mail_date(state->arrival_time.tv_sec));
cleanup_out_header(state, state->temp2);
} }
/* /*
@ -815,7 +817,7 @@ static void cleanup_header_done_callback(void *context)
vstring_sprintf(state->temp2, "%sFrom: %s", vstring_sprintf(state->temp2, "%sFrom: %s",
state->resent, vstring_str(state->temp1)); state->resent, vstring_str(state->temp1));
} }
CLEANUP_OUT_BUF(state, REC_TYPE_NORM, state->temp2); cleanup_out_header(state, state->temp2);
} }
/* /*

2
postfix/src/global/mail_version.h
View File

@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no * Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only. * patchlevel; they change the release date only.
*/ */
#define MAIL_RELEASE_DATE "20241122" #define MAIL_RELEASE_DATE "20241202"
#define MAIL_VERSION_NUMBER "3.10" #define MAIL_VERSION_NUMBER "3.10"
#ifdef SNAPSHOT #ifdef SNAPSHOT

2
postfix/src/smtp/smtp.c
View File

@ -830,7 +830,7 @@
/* request before it is terminated by a built-in watchdog timer. /* request before it is terminated by a built-in watchdog timer.
/* .IP "\fBdelay_logging_resolution_limit (2)\fR" /* .IP "\fBdelay_logging_resolution_limit (2)\fR"
/* The maximal number of digits after the decimal point when logging /* The maximal number of digits after the decimal point when logging
/* sub-second delay values. /* delay values.
/* .IP "\fBdisable_dns_lookups (no)\fR" /* .IP "\fBdisable_dns_lookups (no)\fR"
/* Disable DNS lookups in the Postfix SMTP and LMTP clients. /* Disable DNS lookups in the Postfix SMTP and LMTP clients.
/* .IP "\fBinet_interfaces (all)\fR" /* .IP "\fBinet_interfaces (all)\fR"

53
postfix/src/spawn/spawn.c
View File

@ -6,17 +6,23 @@
/* SYNOPSIS /* SYNOPSIS
/* \fBspawn\fR [generic Postfix daemon options] command_attributes... /* \fBspawn\fR [generic Postfix daemon options] command_attributes...
/* DESCRIPTION /* DESCRIPTION
/* The \fBspawn\fR(8) daemon provides the Postfix equivalent /* The \fBspawn\fR(8) daemon monitors a TCP or UNIX-domain stream
/* of \fBinetd\fR. /* socket, configured in \fBmaster.cf\fR with a service type
/* It listens on a port as specified in the Postfix \fBmaster.cf\fR file /* \fBinet\fR or \fBunix\fR.
/* and spawns an external command whenever a connection is established.
/* The connection can be made over local IPC (such as UNIX-domain
/* sockets) or over non-local IPC (such as TCP sockets).
/* The command's standard input, output and error streams are connected
/* directly to the communication endpoint.
/* /*
/* This daemon expects to be run from the \fBmaster\fR(8) process /* This daemon spawns an external command whenever a connection
/* manager. /* is established, with the standard input, output and error file
/* descriptors connected to the remote client.
/*
/* The command process is subject to the time limit specified
/* with the parameter \fItransport\fR_time_limit (default:
/* command_time_limit) where \fItransport\fR equals the service
/* name field in master.cf. A process that exceeds the time limit
/* will receive a SIGKILL signal.
/*
/* The \fBspawn\fR(8) daemon service typically has a process limit >
/* 1 in its \fBmaster.cf\fR service definition, so that the number
/* of processes can scale with demand.
/* COMMAND ATTRIBUTE SYNTAX /* COMMAND ATTRIBUTE SYNTAX
/* .ad /* .ad
/* .fi /* .fi
@ -35,24 +41,27 @@
/* last command attribute. /* last command attribute.
/* The command is executed directly, i.e. without interpretation of /* The command is executed directly, i.e. without interpretation of
/* shell meta characters by a shell command interpreter. /* shell meta characters by a shell command interpreter.
/* BUGS /* .sp
/* In order to enforce standard Postfix process resource controls, /* If a command argument must contain whitespace, or if a command
/* each \fBspawn\fR(8) daemon process runs only one external /* argument must begin with "{", enclose the argument with "{" and
/* command, and blocks until the command terminates or a time /* "}". This form will ignore whitespace after the outer "{" and
/* limit is reached. /* before the outer "}". Example:
/* As such, it presents a noticeable overhead by wasting precious /* .sp
/* process resources. The \fBspawn\fR(8) daemon is expected to be /* .fi
/* replaced by a more structural solution. /* argv=/bin/sh -c { shell syntax here }
/* DIAGNOSTICS /* DIAGNOSTICS
/* The \fBspawn\fR(8) daemon reports abnormal child exits. /* The \fBspawn\fR(8) daemon reports abnormal child exits.
/* Problems are logged to \fBsyslogd\fR(8) or \fBpostlogd\fR(8). /* Problems are logged to \fBsyslogd\fR(8) or \fBpostlogd\fR(8).
/* SECURITY /* SECURITY
/* .fi /* .fi
/* .ad /* .ad
/* This program needs root privilege in order to execute external /* The \fBspawn\fR(8) daemon needs root privilege in order to
/* commands as the specified user. It is therefore security sensitive. /* execute external commands as the specified user. It is therefore
/* However the \fBspawn\fR(8) daemon does not talk to the external command /* security sensitive.
/* and thus is not vulnerable to data-driven attacks. /*
/* However, the \fBspawn\fR(8) daemon does not receive data from
/* or about service clients or external commands, and thus is not
/* vulnerable to data-driven attacks.
/* CONFIGURATION PARAMETERS /* CONFIGURATION PARAMETERS
/* .ad /* .ad
/* .fi /* .fi

1
postfix/src/util/Makefile.in
View File

@ -2717,6 +2717,7 @@ spawn_command.o: check_arg.h
spawn_command.o: clean_env.h spawn_command.o: clean_env.h
spawn_command.o: exec_command.h spawn_command.o: exec_command.h
spawn_command.o: msg.h spawn_command.o: msg.h
spawn_command.o: set_eugid.h
spawn_command.o: set_ugid.h spawn_command.o: set_ugid.h
spawn_command.o: spawn_command.c spawn_command.o: spawn_command.c
spawn_command.o: spawn_command.h spawn_command.o: spawn_command.h

12
postfix/src/util/spawn_command.c
View File

@ -94,6 +94,7 @@
#include <msg.h> #include <msg.h>
#include <timed_wait.h> #include <timed_wait.h>
#include <set_ugid.h> #include <set_ugid.h>
#include <set_eugid.h>
#include <argv.h> #include <argv.h>
#include <spawn_command.h> #include <spawn_command.h>
#include <exec_command.h> #include <exec_command.h>
@ -245,7 +246,8 @@ WAIT_STATUS_T spawn_command(int key,...)
case 0: case 0:
if (args.uid != (uid_t) - 1 || args.gid != (gid_t) - 1) if (args.uid != (uid_t) - 1 || args.gid != (gid_t) - 1)
set_ugid(args.uid, args.gid); set_ugid(args.uid, args.gid);
setsid(); if (setsid() < 0)
msg_warn("child: setsid: %m");
/* /*
* Pipe plumbing. * Pipe plumbing.
@ -301,9 +303,15 @@ WAIT_STATUS_T spawn_command(int key,...)
*/ */
if ((err = timed_waitpid(pid, &wait_status, 0, args.time_limit)) < 0 if ((err = timed_waitpid(pid, &wait_status, 0, args.time_limit)) < 0
&& errno == ETIMEDOUT) { && errno == ETIMEDOUT) {
uid_t saved_euid = geteuid();
gid_t saved_egid = getegid();
msg_warn("%s: process id %lu: command time limit exceeded", msg_warn("%s: process id %lu: command time limit exceeded",
args.command, (unsigned long) pid); args.command, (unsigned long) pid);
kill(-pid, SIGKILL); set_eugid(args.uid, args.gid);
if (kill(-pid, SIGKILL) < 0)
msg_warn("parent: kill: %m");
set_eugid(saved_euid, saved_egid);
err = waitpid(pid, &wait_status, 0); err = waitpid(pid, &wait_status, 0);
} }
if (err < 0) if (err < 0)