From 47602acef6f7c8be826a858ee7e4b2d54ff957b9 Mon Sep 17 00:00:00 2001 From: Wietse Venema Date: Fri, 23 Mar 2007 00:00:00 -0500 Subject: [PATCH] postfix-2.4.0-RC8 --- postfix/HISTORY | 14 +- postfix/README_FILES/AAAREADME | 8 - postfix/README_FILES/ADDRESS_CLASS_README | 5 +- .../README_FILES/ADDRESS_VERIFICATION_README | 4 +- postfix/README_FILES/CONNECTION_CACHE_README | 18 +- postfix/README_FILES/DATABASE_README | 6 +- postfix/README_FILES/DB_README | 15 +- postfix/README_FILES/DEBUG_README | 41 +-- postfix/README_FILES/DSN_README | 2 +- postfix/README_FILES/ETRN_README | 40 +-- postfix/README_FILES/FILTER_README | 82 ++--- postfix/README_FILES/LDAP_README | 8 +- postfix/README_FILES/MILTER_README | 107 +++---- postfix/README_FILES/PACKAGE_README | 8 +- postfix/README_FILES/SMTPD_POLICY_README | 2 +- postfix/README_FILES/TUNING_README | 77 +++-- postfix/TODO | 14 +- .../MacOSX/Postfix.StartupItem/Postfix | 46 --- .../StartupParameters.plist | 13 - postfix/auxiliary/MacOSX/README-INSTALL.OSX | 74 ----- postfix/auxiliary/MacOSX/activate-postfix | 43 --- postfix/auxiliary/MacOSX/activate-sendmail | 24 -- .../auxiliary/MacOSX/backup-postfix-binaries | 20 -- .../auxiliary/MacOSX/backup-sendmail-binaries | 20 -- postfix/auxiliary/MacOSX/deactivate-postfix | 16 - postfix/auxiliary/MacOSX/defines | 12 - postfix/auxiliary/MacOSX/niscript | 164 ---------- postfix/auxiliary/MacOSX/repair-oldsetup | 8 - postfix/conf/access | 283 +++++++++--------- postfix/conf/header_checks | 257 ++++++++-------- postfix/conf/postfix-files | 4 +- postfix/examples/smtpd-policy/README.SPF | 6 + .../smtpd-policy/postfix-policyd-spf.pl | 238 --------------- postfix/html/ADDRESS_CLASS_README.html | 9 +- postfix/html/ADDRESS_VERIFICATION_README.html | 5 +- postfix/html/CONNECTION_CACHE_README.html | 36 ++- postfix/html/CYRUS_README.html | 24 -- postfix/html/DATABASE_README.html | 8 +- postfix/html/DB_README.html | 15 +- postfix/html/DEBUG_README.html | 40 +-- postfix/html/DSN_README.html | 2 +- postfix/html/ETRN_README.html | 49 +-- postfix/html/FILTER_README.html | 62 ++-- postfix/html/LDAP_README.html | 2 +- postfix/html/MILTER_README.html | 115 +++---- postfix/html/PACKAGE_README.html | 8 +- postfix/html/SMTPD_POLICY_README.html | 2 +- postfix/html/TUNING_README.html | 89 ++++-- postfix/html/ULTRIX_README.html | 71 ----- postfix/html/access.5.html | 281 ++++++++--------- postfix/html/header_checks.5.html | 255 ++++++++-------- postfix/html/index.html | 14 - postfix/html/ldap_table.5.html | 40 +-- postfix/html/postconf.5.html | 26 +- postfix/makedefs | 8 + postfix/man/man5/access.5 | 10 +- postfix/man/man5/header_checks.5 | 46 +-- postfix/man/man5/ldap_table.5 | 4 +- postfix/man/man5/postconf.5 | 20 +- postfix/mantools/postlink | 16 +- postfix/proto/ADDRESS_CLASS_README.html | 5 +- .../proto/ADDRESS_VERIFICATION_README.html | 5 +- postfix/proto/CONNECTION_CACHE_README.html | 30 +- postfix/proto/CYRUS_README.html | 24 -- postfix/proto/DATABASE_README.html | 8 +- postfix/proto/DB_README.html | 15 +- postfix/proto/DEBUG_README.html | 40 +-- postfix/proto/DSN_README.html | 2 +- postfix/proto/ETRN_README.html | 37 +-- postfix/proto/FILTER_README.html | 62 ++-- postfix/proto/LDAP_README.html | 2 +- postfix/proto/MACOSX_README | 2 - postfix/proto/MILTER_README.html | 115 +++---- postfix/proto/Makefile.in | 6 +- postfix/proto/PACKAGE_README.html | 4 +- postfix/proto/SMTPD_POLICY_README.html | 2 +- postfix/proto/TUNING_README.html | 89 ++++-- postfix/proto/ULTRIX_README.html | 71 ----- postfix/proto/access | 10 +- postfix/proto/header_checks | 46 +-- postfix/proto/ldap_table | 4 +- postfix/proto/postconf.proto | 26 +- postfix/src/global/dict_proxy.c | 7 +- postfix/src/global/mail_version.h | 4 +- postfix/src/global/mbox_open.c | 2 +- postfix/src/util/sys_defs.h | 6 + 86 files changed, 1472 insertions(+), 2088 deletions(-) delete mode 100755 postfix/auxiliary/MacOSX/Postfix.StartupItem/Postfix delete mode 100644 postfix/auxiliary/MacOSX/Postfix.StartupItem/StartupParameters.plist delete mode 100644 postfix/auxiliary/MacOSX/README-INSTALL.OSX delete mode 100755 postfix/auxiliary/MacOSX/activate-postfix delete mode 100755 postfix/auxiliary/MacOSX/activate-sendmail delete mode 100755 postfix/auxiliary/MacOSX/backup-postfix-binaries delete mode 100755 postfix/auxiliary/MacOSX/backup-sendmail-binaries delete mode 100755 postfix/auxiliary/MacOSX/deactivate-postfix delete mode 100644 postfix/auxiliary/MacOSX/defines delete mode 100755 postfix/auxiliary/MacOSX/niscript delete mode 100755 postfix/auxiliary/MacOSX/repair-oldsetup create mode 100644 postfix/examples/smtpd-policy/README.SPF delete mode 100755 postfix/examples/smtpd-policy/postfix-policyd-spf.pl delete mode 100644 postfix/html/CYRUS_README.html delete mode 100644 postfix/html/ULTRIX_README.html delete mode 100644 postfix/proto/CYRUS_README.html delete mode 100644 postfix/proto/MACOSX_README delete mode 100644 postfix/proto/ULTRIX_README.html diff --git a/postfix/HISTORY b/postfix/HISTORY index 54ec6b0ff..2643b31ad 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -13303,7 +13303,8 @@ Apologies for any names omitted. instead of appending mail to a deleted file. To minimize the use of this workaround, Postfix now by default creates mailbox dotlock files on all systems, and creates dotlock - files before opening mailbox files. Files: util/sys_defs.h. + files before opening mailbox files. Files: util/sys_defs.h, + global/mbox_open.c. 20070301 @@ -13374,6 +13375,17 @@ Apologies for any names omitted. records or content encoding records with other mail. File: global/rec_type.h. +20070321 + + Bugfix (introduced 20070224): local(8) or virtual(8) could + log a misleading error message after failure to open a + mailbox file. File: global/mbox_open.c. + + Bugfix (code should have been updated 20070104): the proxymap + client did not propagate changes in case folding flags. + Currently, nothing in Postfix uses this functionality. + File: global/dict_proxy.c. + Wish list: Bind all deliveries to the same local delivery process, diff --git a/postfix/README_FILES/AAAREADME b/postfix/README_FILES/AAAREADME index 4a317e155..44e307ca7 100644 --- a/postfix/README_FILES/AAAREADME +++ b/postfix/README_FILES/AAAREADME @@ -18,7 +18,6 @@ PPrroobblleemm ssoollvviinngg * QSHAPE_README: Bottleneck analysis * TUNING_README: Performance tuning * DEBUG_README: Debugging strategies - * Error messages (*) CCoonntteenntt iinnssppeeccttiioonn @@ -50,20 +49,16 @@ LLooookkuupp ttaabblleess ((ddaattaabbaasseess)) MMaaiilliinngg lliisstt ssuuppppoorrtt - * qmail/ezmlm support (*) * VERP_README: VERP Support SSppeecciiffiicc eennvviirroonnmmeennttss * LINUX_README: Linux issues * NFS_README: NFS issues - * ULTRIX_README: Ultrix support OOtthheerr mmaaiill ddeelliivveerryy aaggeennttss - * Cyrus (*) * MAILDROP_README: Maildrop - * LMTP (*) OOtthheerr ttooppiiccss @@ -78,6 +73,3 @@ OOtthheerr ttooppiiccss * XCLIENT_README: XCLIENT Command * XFORWARD_README: XFORWARD Command -(*) These documents will be made available via http://www.postfix.org/ and -mirror sites. - diff --git a/postfix/README_FILES/ADDRESS_CLASS_README b/postfix/README_FILES/ADDRESS_CLASS_README index 9a8b9075c..3eefa48b6 100644 --- a/postfix/README_FILES/ADDRESS_CLASS_README +++ b/postfix/README_FILES/ADDRESS_CLASS_README @@ -28,8 +28,9 @@ An address class is defined by three items. * The list of domains that are a member of the class: for example, all local domains, or all relay domains. - * The default delivery method. For example, the local or smtp delivery agent. - This helps to keep Postfix configurations simple. + * The default delivery transport. For example, the local or relay delivery + transport (delivery transports are defined in master.cf). This helps to + keep Postfix configurations simple. * The list of valid recipient addresses for that address class. The Postfix SMTP server rejects invalid recipients with "User unknown in scache(8) <-> smtp(8) --> Internet - - The scache(8) server, introduced with Postfix version 2.2, maintains the shared connection cache. With Postfix version 2.2, only the smtp(8) client has support to access this cache. + smtp(8) --> Internet + + + | + | + | + | smtp(8) --> Internet + | + | + v ^ + | + + scache(8) + + When SMTP connection caching is enabled (see next section), the smtp(8) client does not disconnect after a mail transaction, but gives the connection to the scache(8) server which keeps the connection open for a limited amount of time. diff --git a/postfix/README_FILES/DATABASE_README b/postfix/README_FILES/DATABASE_README index c1202d22a..b1a9645a1 100644 --- a/postfix/README_FILES/DATABASE_README +++ b/postfix/README_FILES/DATABASE_README @@ -44,7 +44,8 @@ Benefits of the Postfix (key, value) query interface: lookups" below. * You can use Berkeley DB files with fixed lookup strings for simple address rewriting operations and you can use regular expression tables for the more - complicated work. + complicated work. In other words, you don't have to put everything into the + same table. PPoossttffiixx lliissttss vveerrssuuss ttaabblleess @@ -124,7 +125,8 @@ update fails because the disk is full or because something else happens. This is because commands such as postmap(1) or postalias(1) overwrite existing files. If the update fails in the middle then you have no usable database, and Postfix will stop working. This is not an issue with the CDB database type -available with Postfix 2.2 and later, because CDB database rebuilds are atomic. +available with Postfix 2.2 and later: CDB creates a new file, and renames the +file upon successful completion. With multi-file databases such as DBM, there is no simple solution. With Berkeley DB and other "one file" databases, it is possible to add some extra diff --git a/postfix/README_FILES/DB_README b/postfix/README_FILES/DB_README index 62b852ef3..955a60ace 100644 --- a/postfix/README_FILES/DB_README +++ b/postfix/README_FILES/DB_README @@ -25,14 +25,15 @@ This document describes: BBuuiillddiinngg PPoossttffiixx oonn ssyysstteemmss wwiitthhoouutt BBeerrkkeelleeyy DDBB -Many commercial UNIXes ship without Berkeley DB support. Examples are Solaris, -HP-UX, IRIX, UNIXWARE. In order to build Postfix with Berkeley DB support you -need to download and install the source code from http://www.sleepycat.com/ +Some UNIXes ship without Berkeley DB support; for historical reasons these use +DBM files instead. A problem with DBM files is that they can store only limited +amounts of data. To build Postfix with Berkeley DB support you need to download +and install the source code from http://www.oracle.com/database/berkeley-db/. Warning: some Linux system libraries use Berkeley DB, as do some third-party libraries such as SASL. If you compile Postfix with a different Berkeley DB implementation, then every Postfix program will dump core because either the -system library, SASL library, or Postfix itself ends up using the wrong +system library, the SASL library, or Postfix itself ends up using the wrong version. The more recent Berkeley DB versions have a compile-time switch, "--with- @@ -40,8 +41,8 @@ uniquename", which renames the symbols so that multiple versions of Berkeley DB can co-exist in the same application. Although wasteful, this may be the only way to keep things from falling apart. -To build Postfix after you installed the Berkeley DB from http:// -www.sleepycat.com/, use something like: +To build Postfix after you installed the Berkeley DB from source code, use +something like: % make tidy % make makefiles CCARGS="-DHAS_DB -I/usr/local/BerkeleyDB/include" \ @@ -151,5 +152,5 @@ Add the "-lpthread" library to the "make makefiles" command. % make makefiles .... AUXLIBS="... -lpthread" -More information is available at http://www.sleepycat.com/. +More information is available at http://www.oracle.com/database/berkeley-db/. diff --git a/postfix/README_FILES/DEBUG_README b/postfix/README_FILES/DEBUG_README index bb2ee7393..fd447f8c2 100644 --- a/postfix/README_FILES/DEBUG_README +++ b/postfix/README_FILES/DEBUG_README @@ -54,8 +54,8 @@ The nature of each problem is indicated as follows: configuration file settings that you can fix. Postfix cannot proceed until this is fixed. - * "eerrrroorr" reports a fatal or non-fatal error condition. Postfix cannot - proceed until this is fixed. + * "eerrrroorr" reports an error condition. For safety reasons, a Postfix process + will terminate when more than 13 of these happen. * "wwaarrnniinngg" indicates a non-fatal error. These are problems that you may not be able to fix (such as a broken DNS server elsewhere on the network) but @@ -85,7 +85,7 @@ Postfix can produce two types of mail delivery reports for debugging: Mail Delivery Status Report will be mailed to . These reports contain information that is generated by Postfix delivery agents. -Since these run as daemon processes and do not interact with users directly, +Since these run as daemon processes that cannot interact with users directly, the result is sent as mail to the sender of the test message. The format of these reports is practically identical to that of ordinary non-delivery notifications. @@ -136,29 +136,31 @@ change effective immediately, execute the command "ppoossttffiixx rreel RReeccoorrdd tthhee SSMMTTPP sseessssiioonn wwiitthh aa nneettwwoorrkk ssnniiffffeerr This example uses ttccppdduummpp. In order to record a conversation you need to -specify a large enough buffer with the "-s" option or else you will miss some +specify a large enough buffer with the "--ss" option or else you will miss some or all of the packet payload. - # ttccppdduummpp --ww //ffiillee//nnaammee --ss 22000000 hhoosstt eexxaammppllee..ccoomm aanndd ppoorrtt 2255 + # ttccppdduummpp --ww //ffiillee//nnaammee --ss 00 hhoosstt eexxaammppllee..ccoomm aanndd ppoorrtt 2255 + +Older tcpdump versions don't support "--ss 00"; in that case, use "--ss 22000000" +instead. Run this for a while, stop with Ctrl-C when done. To view the data use a binary -viewer, or eetthheerreeaall, or use my ttccppdduummppxx utility that is available from ftp:// -ftp.porcupine.org/pub/debugging/. +viewer, eetthheerreeaall, or good old lleessss. MMaakkiinngg PPoossttffiixx ddaaeemmoonn pprrooggrraammss mmoorree vveerrbboossee Append one or more "--vv" options to selected daemon definitions in /etc/postfix/ master.cf and type "ppoossttffiixx rreellooaadd". This will cause a lot of activity to be -logged to the syslog daemon. Example: +logged to the syslog daemon. For example, to make the Postfix SMTP server +process more verbose: /etc/postfix/master.cf: smtp inet n - n - - smtpd -v -This makes the Postfix SMTP server more verbose. To diagnose problems with -address rewriting one would specify a "--vv" option for the cleanup(8) and/or -trivial-rewrite(8) daemon, and to diagnose problems with mail delivery one -would specify a "--vv" option for the qmgr(8) or oqmgr(8) queue manager, or for -the lmtp(8), local(8), pipe(8), smtp(8), or virtual(8) delivery agent. +To diagnose problems with address rewriting specify a "--vv" option for the +cleanup(8) and/or trivial-rewrite(8) daemon, and to diagnose problems with mail +delivery specify a "--vv" option for the qmgr(8) or oqmgr(8) queue manager, or +for the lmtp(8), local(8), pipe(8), smtp(8), or virtual(8) delivery agent. MMaannuuaallllyy ttrraacciinngg aa PPoossttffiixx ddaaeemmoonn pprroocceessss @@ -361,16 +363,17 @@ When reporting a problem, be sure to include the following information. * Postfix logging. See the text at the top of the DEBUG_README document to find out where logging is stored. Please do not frustrate the helpers by - word wrapping the logging. + word wrapping the logging. If the logging is more than a few kbytes of + text, consider posting an URL on a web or ftp site. * Consider using a test email address so that you don't have to reveal email addresses or passwords of innocent people. - * If you can't use a test email address, please anonymize information - consistently. Replace each letter by "A", each digit by "D" so that the - helpers can still recognize syntactical errors. + * If you can't use a test email address, please anonymize email addresses and + host names consistently. Replace each letter by "A", each digit by "D" so + that the helpers can still recognize syntactical errors. - * Output from "ppoossttccoonnff --nn". Please do not send your main.cf file or 400+ + * Output from "ppoossttccoonnff --nn". Please do not send your main.cf file, or 500+ lines of ppoossttccoonnff output. * Better, provide output from the ppoossttffiinnggeerr tool. This can be found at http: @@ -383,7 +386,7 @@ When reporting a problem, be sure to include the following information. * If the problem is about too much mail in the queue, consider including output from the qqsshhaappee tool, as described in the QSHAPE_README file. - * If the problem is protocol related (connections time out or an SMTP server + * If the problem is protocol related (connections time out, or an SMTP server complains about syntax errors etc.) consider recording a session with ttccppdduummpp, as described in the DEBUG_README document. diff --git a/postfix/README_FILES/DSN_README b/postfix/README_FILES/DSN_README index a422a3f6f..efd7f4c11 100644 --- a/postfix/README_FILES/DSN_README +++ b/postfix/README_FILES/DSN_README @@ -22,7 +22,7 @@ Specifically, DSN support gives an email sender the ability to specify: confused with the message ID, which identifies the message content. The implementation of DSN support involves extra parameters to the SMTP MAIL -FROM and RCPT TO commands, as well as new Postfix sendmail command line options +FROM and RCPT TO commands, as well as two Postfix sendmail command line options that provide a sub-set of the functions of the extra SMTP command parameters. This document has information on the following topics: diff --git a/postfix/README_FILES/ETRN_README b/postfix/README_FILES/ETRN_README index 5970aacbb..76bc8dece 100644 --- a/postfix/README_FILES/ETRN_README +++ b/postfix/README_FILES/ETRN_README @@ -11,10 +11,6 @@ to the customer, and delivers that mail bbyy ccoonnnneeccttiinngg t sseerrvveerr. The mail is not delivered via the connection that was used for sending ETRN. -Postfix versions before 1.0 (also known as version 20010228) implemented the -ETRN command in an inefficient manner: they simply attempted to deliver all -queued mail. This is slow on mail servers that queue mail for many customers. - As of version 1.0, Postfix has a fast ETRN implementation that does not require Postfix to examine every queue file. Instead, Postfix maintains a record of what queue files contain mail for destinations that are configured for ETRN @@ -40,11 +36,11 @@ The following is an example SMTP session that shows how an SMTP client requests the ETRN service. Client commands are shown in bold font. 220 my.server.tld ESMTP Postfix - hheelloo mmyy..cclliieenntt..ttlldd + HHEELLOO mmyy..cclliieenntt..ttlldd 250 Ok - eettrrnn ssoommee..ccuussttoommeerr..ddoommaaiinn + EETTRRNN ssoommee..ccuussttoommeerr..ddoommaaiinn 250 Queuing started - qquuiitt + QQUUIITT 221 Bye As mentioned in the introduction, the mail is delivered by connecting to the @@ -53,7 +49,8 @@ send the ETRN command. The Postfix operator can request delivery for a specific customer by using the command "sendmail -qRdestination" and, with Postfix version 1.1 and later, -"postqueue -sdestination". +"postqueue -sdestination". Access to this feature is controlled with the +authorized_flush_users configuration parameter (Postfix version 2.2 and later). HHooww PPoossttffiixx ffaasstt EETTRRNN wwoorrkkss @@ -85,13 +82,14 @@ service for every possible destination. * The flush(8) daemon maintains per-destination logfiles with queue file names. When a request to "deliver mail now" arrives, Postfix will attempt to deliver all recipients in the queue files that have mail for the - destination in question. This does not perform well when queue files have - recipients in many different domains. + destination in question. This does not perform well with queue files that + have recipients in many different domains, such as queue files with + outbound mailing list traffic. * The flush(8) daemon maintains per-destination logfiles only for - destinations listed with $fast_flush_domains. With other destinations it - not possible to trigger delivery with "sendmail -qRdestination" or, with - Postfix version 1.1 and later, "postqueue -sdestination". + destinations listed with $fast_flush_domains. With other destinations you + cannot request delivery with "sendmail -qRdestination" or, with Postfix + version 1.1 and later, "postqueue -sdestination". * Up to and including early versions of Postfix version 2.1, the "fast flush" service may not deliver some messages if the request to "deliver mail now" @@ -100,6 +98,10 @@ service for every possible destination. dead domains, and the list of message delivery transports specified with the defer_transports configuration parameter. + * Up to and including Postfix version 2.3, the "fast flush" service may not + deliver some messages if the request to "deliver mail now" arrives while an + incoming queue scan is already in progress. + CCoonnffiigguurriinngg tthhee PPoossttffiixx ffaasstt EETTRRNN sseerrvviiccee The behavior of the flush(8) daemon is controlled by parameters in the main.cf @@ -200,9 +202,9 @@ client that is allowed to execute ETRN commands (by default, that's every client), and type the commands shown in boldface: 220 my.server.tld ESMTP Postfix - hheelloo mmyy..cclliieenntt..ttlldd + HHEELLOO mmyy..cclliieenntt..ttlldd 250 Ok - eettrrnn ssoommee..ccuussttoommeerr..ddoommaaiinn + EETTRRNN ssoommee..ccuussttoommeerr..ddoommaaiinn 250 Queuing started where "some.customer.domain" is the name of a domain that has a non-empty @@ -225,9 +227,9 @@ relay to (any domain listed in $relay_domains), but that has no mail queued. The text in bold face stands for the commands that you type: 220 my.server.tld ESMTP Postfix - hheelloo mmyy..cclliieenntt..ttlldd + HHEELLOO mmyy..cclliieenntt..ttlldd 250 Ok - eettrrnn ssoommee..ootthheerr..ccuussttoommeerr..ddoommaaiinn + EETTRRNN ssoommee..ootthheerr..ccuussttoommeerr..ddoommaaiinn 250 Queuing started This time, the "ETRN"" command should trigger NO mail deliveries at all. If @@ -239,9 +241,9 @@ willing to relay to. It does not matter if your server has mail queued for that destination. 220 my.server.tld ESMTP Postfix - hheelloo mmyy..cclliieenntt..ttlldd + HHEELLOO mmyy..cclliieenntt..ttlldd 250 Ok - eettrrnn nnoott..aa..ccuussttoommeerr..ddoommaaiinn + EETTRRNN nnoott..aa..ccuussttoommeerr..ddoommaaiinn 459 : service unavailable In this case, Postfix should reject the request as shown above. diff --git a/postfix/README_FILES/FILTER_README b/postfix/README_FILES/FILTER_README index 970583712..192ed2a48 100644 --- a/postfix/README_FILES/FILTER_README +++ b/postfix/README_FILES/FILTER_README @@ -21,9 +21,9 @@ This document describes implementations that use a single Postfix instance for everything: receiving, filtering and delivering mail. Applications that use two separate Postfix instances will be covered by a later version of this document. -The after-queue content filter is not to be confused with the approach that is -described in the SMTPD_PROXY_README document, where incoming SMTP mail is -filtered BEFORE it is stored into the Postfix queue. +The after-queue content filter is not to be confused with the approaches +described in the SMTPD_PROXY_README or MILTER_README documents, where incoming +SMTP mail is filtered BEFORE it is stored into the Postfix queue. This document describes two approaches to content filter all email, as well as several options to filter mail selectively: @@ -50,14 +50,16 @@ several options to filter mail selectively: PPrriinncciipplleess ooff ooppeerraattiioonn -An external content filter receives unfiltered mail from Postfix (as described -further below) and does one of the following: +An after-queue content filter receives unfiltered mail from Postfix (as +described further below) and can do one of the following: 1. Re-inject the mail back into Postfix, perhaps after changing content and/or destination. - 2. Reject the mail (by sending a suitable status code back to Postfix). - Postfix will return the mail to the sender. + 2. Discard or quarantine the mail. + + 3. Reject the mail (by sending a suitable status code back to Postfix). + Postfix will send the mail back to the sender address. NOTE: in this time of mail worms and forged spam, it is a VERY BAD IDEA to send viruses back to the sender address, because the sender address is almost @@ -67,8 +69,9 @@ it. SSiimmppllee ccoonntteenntt ffiilltteerr eexxaammppllee -The first example is simple to set up. Postfix receives unfiltered mail from -the network with the smtpd(8) server, and delivers unfiltered mail to a content +The first example is simple to set up, but has major limitations that will be +addressed in a second example. Postfix receives unfiltered mail from the +network with the smtpd(8) server, and delivers unfiltered mail to a content filter with the Postfix pipe(8) delivery agent. The content filter injects filtered mail back into Postfix with the Postfix sendmail(1) command, so that Postfix can deliver it to the final destination. @@ -126,33 +129,36 @@ The content filter can be a simple shell script like this: Notes: - * Line 8: The -G option does nothing before Postfix 2.3, otherwise it - disables address rewriting of message headers. + * Line 8: The -G option says the filter output is not a local mail + submission: don't do silly things like appending the local domain name to + addresses in message headers. This option does nothing before Postfix + version 2.3. * Line 8: The -i option says don't stop reading input when a line contains "." only. * Line 8: NEVER NEVER NEVER use the "-t" command-line option here. It will - mis-deliver mail, like sending mailing list mail back to the mailing list. + mis-deliver mail, like sending messages from a mailing list back to the + mailing list. * Line 21: The idea is to first capture the message to file and then run the content through a third-party content filter program. - * Line 22: If the mail cannot be captured to file, mail delivery is deferred - by terminating with exit status 75 (EX_TEMPFAIL). Postfix places the - message in the deferred mail queue and tries again later. + * Line 22: If the message cannot be captured to file, mail delivery is + deferred by terminating with exit status 75 (EX_TEMPFAIL). Postfix places + the message in the deferred mail queue and tries again later. * Line 25: You will need to specify a real content filter program here that receives the content on standard input. * Line 26: If the content filter program finds a problem, the mail is bounced - by terminating with exit status 69 (EX_UNAVAILABLE). Postfix will return - the message to the sender as undeliverable. + by terminating with exit status 69 (EX_UNAVAILABLE). Postfix will send the + message back to the sender as undeliverable mail. - * Note: in this time of mail worms and spam, it is a BAD IDEA to send known + * NOTE: in this time of mail worms and spam, it is a BAD IDEA to send known viruses or spam back to the sender, because that address is likely to be - forged. It is safer to discard known to be bad content and to quarantine - suspicious content so that it can be inspected by a human being. + forged. It is safer to discard known viruses and to quarantine suspicious + content so that it can be inspected by a human being. * Line 28: If the content is OK, it is given as input to the Postfix sendmail command, and the exit status of the filter command is whatever exit status @@ -164,7 +170,7 @@ Notes: I suggest that you first run this script by hand until you are satisfied with the results. Run it with a real message (headers+body) as input: - % /path/to/script -f sender recipient... - This happens because some Milter applications expect that the queue ID is + This happens because those Milter applications expect that the queue ID is known before the MTA accepts the MAIL FROM (sender) command. Postfix, on the other hand, does not choose a queue file name until after it accepts - the first valid RCPT TO (recipient) command. Postfix queue file names must + the first valid RCPT TO (recipient) command (Postfix queue file names must be unique across multiple directories, so the name can't be chosen before - the file is created. If multiple messages were to use the same queue ID - simultaneously, mail would be lost. + the file is created; if multiple messages were to use the same queue ID + simultaneously, mail would be lost). - To work around the ugly message header from Milter applications, we add a - little code to the Milter source to look up the queue ID after Postfix - receives the end of the message. +Fixing the ugly header maybe as simple as upgrading to a recent version of the +Milter application. For example, current versions of dkim-filter and dk-filter +have code that looks up the Postfix queue ID at a later protocol stage. - o Edit the filter source file (typically named dk-filter/dk-filter.c or - similar). +To fix the ugly message header with sid-filter applications, we change the +source code, so that it does the queue ID lookup after Postfix receives the end +of the message. - o Look up the mlfi_eom() function and add code near the top shown as bboolldd - text below: + * Edit the filter source file (named sid-filter/sid-filter.c). - dfc = cc->cctx_msg; - assert(dfc != NULL); + * Look up the smfilter table and replace mlfi_eoh by NULL. - //** DDeetteerrmmiinnee tthhee jjoobb IIDD ffoorr llooggggiinngg.. **// - iiff ((ddffcc-->>mmccttxx__jjoobbiidd ==== 00 |||| ssttrrccmmpp((ddffcc-->>mmccttxx__jjoobbiidd,, JJOOBBIIDDUUNNKKNNOOWWNN)) ==== 00)) - {{ - cchhaarr **jjoobbiidd == ssmmffii__ggeettssyymmvvaall((ccttxx,, ""ii""));; - iiff ((jjoobbiidd !!== 00)) - ddffcc-->>mmccttxx__jjoobbiidd == jjoobbiidd;; - }} + * Look up the mlfi_eom() function and add code near the top that calls + mlfi_eoh() as shown by the bboolldd text below: - /* get hostname; used in the X header and in new MIME boundaries */ + assert(ctx != NULL); + #endif /* !DEBUG */ - NOTES: + rreett == mmllffii__eeoohh((ccttxx));; + iiff ((rreett !!== SSMMFFIISS__CCOONNTTIINNUUEE)) + rreettuurrnn rreett;; - o Different mail filters use slightly different names for variables. If - the above code does not compile, look for the code at the start of the - mlfi_eoh() routine. +NOTES: - o This fixes only the ugly message header, but not the WARNING message. - Fortunately, dk-filter logs that message only once. + * This was tested with sid-milter-0.2.10 and sid-milter-0.2.14. - With some Milter applications we can fix both the WARNING and the "unknown- - msgid" by postponing the call of mlfi_eoh() (or whatever routine logs the - WARNING) until the end of the message. + * This fixes only the ugly message header, but not the WARNING message. + Fortunately, sid-milter logs that message only once. - o Edit the filter source file (typically named sid-filter/sid-filter.c or - similar). +To fix the ugly message header with other Milter applications, you will need to +do something like this: - o Look up the smfilter table and replace mlfi_eoh (or whatever routine - logs the WARNING) by NULL. + * Edit the filter source file (typically named xxx-filter/xxx-filter.c or + similar). - o Look up the mlfi_eom() function and add code near the top that calls - mlfi_eoh() as shown by the bboolldd text below: + * Look up the mlfi_eom() function and add code near the top shown as bboolldd + text below: - assert(ctx != NULL); - #endif /* !DEBUG */ + dfc = cc->cctx_msg; + assert(dfc != NULL); - rreett == mmllffii__eeoohh((ccttxx));; - iiff ((rreett !!== SSMMFFIISS__CCOONNTTIINNUUEE)) - rreettuurrnn rreett;; + //** DDeetteerrmmiinnee tthhee jjoobb IIDD ffoorr llooggggiinngg.. **// + iiff ((ddffcc-->>mmccttxx__jjoobbiidd ==== 00 |||| ssttrrccmmpp((ddffcc-->>mmccttxx__jjoobbiidd,, JJOOBBIIDDUUNNKKNNOOWWNN)) ==== 00)) {{ + cchhaarr **jjoobbiidd == ssmmffii__ggeettssyymmvvaall((ccttxx,, ""ii""));; + iiff ((jjoobbiidd !!== 00)) + ddffcc-->>mmccttxx__jjoobbiidd == jjoobbiidd;; + }} - This works with sid-milter-0.2.10. Other Milter applications will dump core - when you do this. + /* get hostname; used in the X header and in new MIME boundaries */ + +NOTES: + + * Different mail filters use slightly different names for variables. If the + above code does not compile, look for the code at the start of the mlfi_eoh + () routine. + + * This fixes only the ugly message header, but not the WARNING message. + Fortunately, many Milters log that message only once. LLiimmiittaattiioonnss diff --git a/postfix/README_FILES/PACKAGE_README b/postfix/README_FILES/PACKAGE_README index 71cec7151..d0e57d854 100644 --- a/postfix/README_FILES/PACKAGE_README +++ b/postfix/README_FILES/PACKAGE_README @@ -11,10 +11,10 @@ for general use. GGeenneerraall ddiissttrriibbuuttiioonnss:: pplleeaassee pprroovviiddee aa ssmmaallll ddeeffaauulltt mmaaiinn..ccff ffiillee The installed main.cf file must be small. PLEASE resist the temptation to list -all 400+ parameters in the main.cf file. Postfix is supposed to be easy to -configure. Listing all 400+ in main.cf defeats the purpose. It is an invitation -for hobbyists to make random changes without understanding what they do, and -gets them into endless trouble. +all parameters in the main.cf file. Postfix is supposed to be easy to +configure. Listing all parameters in main.cf defeats the purpose. It is an +invitation for hobbyists to make random changes without understanding what they +do, and gets them into endless trouble. GGeenneerraall ddiissttrriibbuuttiioonnss:: pplleeaassee iinncclluuddee RREEAADDMMEE oorr HHTTMMLL ffiilleess diff --git a/postfix/README_FILES/SMTPD_POLICY_README b/postfix/README_FILES/SMTPD_POLICY_README index 7735aaeaa..5098dd880 100644 --- a/postfix/README_FILES/SMTPD_POLICY_README +++ b/postfix/README_FILES/SMTPD_POLICY_README @@ -118,7 +118,7 @@ Notes: how the client was authenticated via TLS. These attributes are empty in case of no certificate authentication. As of Postfix 2.2.11 these attribute values are encoded as xtext: some characters are represented by +XX, where - XX is the two-digit hecadecimal representation of the character value. + XX is the two-digit hexadecimal representation of the character value. * The "encryption_*" attributes (Postfix 2.3 and later) specify information about how the connection is encrypted. With plaintext connections the diff --git a/postfix/README_FILES/TUNING_README b/postfix/README_FILES/TUNING_README index 000f98d21..c6016d092 100644 --- a/postfix/README_FILES/TUNING_README +++ b/postfix/README_FILES/TUNING_README @@ -141,7 +141,8 @@ Postfix version 2.0 and earlier: MMeeaassuurreess aaggaaiinnsstt cclliieennttss tthhaatt mmaakkee ttoooo mmaannyy ccoonnnneeccttiioonnss -Note: the anvil(8) service was introduced with Postfix version 2.2. +Note: these features use the Postfix anvil(8) service, introduced with Postfix +version 2.2. The Postfix smtpd(8) server can limit the number of simultaneous connections from the same SMTP client, as well as the number of connections that a client @@ -149,29 +150,31 @@ is allowed to make per unit time. These statistics are maintained by the anvil (8) server (translation: if anvil(8) breaks, then connection limits stop working). -IMPORTANT: These limits are designed to protect the smtpd(8) server against -flagrant abuse. Do not use these limits to regulate legitimate traffic: mail -will suffer grotesque delays if you do so. +IMPORTANT: These limits must not be used to regulate legitimate traffic: mail +will suffer grotesque delays if you do so. The limits are designed to protect +the smtpd(8) server against abuse by out-of-control clients. - * An SMTP client may make up to $smtpd_client_connection_count_limit - simultaneous connections (default: 50). This is half the default process - limit. - - * An SMTP client may make up to $smtpd_client_message_rate_limit message - delivery requests per unit time (default: no limit). - - * An SMTP client may send up to $smtpd_client_recipient_rate_limit recipient - addresses per unit time (default: no limit). - - * An SMTP client may make up to $smtpd_client_connection_rate_limit - connections per unit time (default: no limit). - - * These limits are not applied to SMTP clients in the networks specified with - $smtpd_client_event_limit_exceptions (default: clients in $mynetworks may - make an unlimited number of connections). - - * The anvil_rate_time_unit parameter specifies the time unit over which - client connection rates are computed (default: 60s). + smtpd_client_connection_count_limit (default: 50) + The maximum number of connections than an SMTP client may make + simultaneously. + smtpd_client_connection_rate_limit (default: no limit) + The maximum number of connections that an SMTP client may make in the + time interval specified with anvil_rate_time_unit (default: 60s). + smtpd_client_message_rate_limit (default: no limit) + The maximum number of message delivery requests that an SMTP client may + make in the time interval specified with anvil_rate_time_unit (default: + 60s). + smtpd_client_recipient_rate_limit (default: no limit) + The maximum number of recipient addresses that an SMTP client may + specify in the time interval specified with anvil_rate_time_unit + (default: 60s). + smtpd_client_new_tls_session_rate_limit (default: no limit) + The maximum number of new TLS sessions (without using the TLS session + cache) that an SMTP client may negotiate in the time interval specified + with anvil_rate_time_unit (default: 60s). + smtpd_client_event_limit_exceptions (default: $mynetworks) + SMTP clients that are excluded from connection and rate limits + specified above. GGeenneerraall mmaaiill ddeelliivveerryy ppeerrffoorrmmaannccee ttiippss @@ -251,7 +254,7 @@ Examples of transport specific concurrency limits are: limit delivery concurrency to the same recipient: if the recipient has an expensive shell command in her .forward file, or if the recipient is a mailing list manager, you don't want to run too many instances of those - processes the same time. + processes at the same time. * The default smtp_destination_concurrency_limit of 20 seems enough to noticeably load a system without bringing it to its knees. Be careful when @@ -334,9 +337,9 @@ message it may blame the message itself, or it may blame the receiving party. This process is governed by a bunch of little parameters. - queue_run_delay (default: 1000 seconds) + queue_run_delay (default: 300 seconds; before Postfix 2.4: 1000s) How often the queue manager scans the queue for deferred mail. - minimal_backoff_time (default: 1000 seconds) + minimal_backoff_time (default: 300 seconds; before Postfix 2.4: 1000s) The minimal amount of time a message won't be looked at, and the minimal amount of time to stay away from a "dead" destination. maximal_backoff_time (default: 4000 seconds) @@ -374,8 +377,8 @@ mail delivery performance actually becomes worse. The symptoms are as follows: When mail is being deferred frequently, fixing the problem is always better than increasing the frequency of delivery attempts. However, if you can control only the delivery attempt frequency, consider using a dedicated fallback_relay -"graveyard" machine for bad destinations so that they do not ruin the -performance of normal mail deliveries. +"graveyard" machine for bad destinations, so that these destinations do not +ruin the performance of normal mail deliveries. TTuunniinngg tthhee nnuummbbeerr ooff PPoossttffiixx pprroocceesssseess @@ -414,6 +417,16 @@ TTuunniinngg tthhee nnuummbbeerr ooff ooppeenn ffiillee When Postfix opens too many files or sockets, processes will abort with fatal errors, and the system may log "file table full" errors. + * Depending on your Postfix and operating system versions you may need to + recompile Postfix if you need more than 1024 file descriptors per process: + + o No recompilation is needed for Postfix version 2.4 and later, when it + was compiled for systems that support BSD kqueue(2) (FreeBSD 4.1, + NetBSD 2.0, OpenBSD 2.9), Solaris 8 /dev/poll, or Linux 2.6 epoll(4). + + o Otherwise, Postfix needs to be recompiled to override the default + FD_SETSIZE value. + * Reduce the number of processes as described under "Tuning the number of Postfix processes" above. Fewer processes need fewer open files and sockets. @@ -423,8 +436,8 @@ errors, and the system may log "file table full" errors. sure to verify the following information with your system tuning guide: o Some FreeBSD kernel parameters can be specified in /boot/loader.conf, - and some can be changed with sysctl commands. Which is which depends on - the version. + and some can be specified in /etc/sysctl.conf or changed with sysctl + commands. Which is which depends on the version. kern.ipc.maxsockets="5000" kern.ipc.nmbclusters="65536" @@ -432,8 +445,8 @@ errors, and the system may log "file table full" errors. kern.maxfiles="16384" kern.maxfilesperproc="16384" - o Linux kernel parameters can be specified in /etc/sysctl.conf and can - also be changed with sysctl commands: + o Linux kernel parameters can be specified in /etc/sysctl.conf or changed + with sysctl commands: fs.file-max=16384 kernel.threads-max=2048 diff --git a/postfix/TODO b/postfix/TODO index 2b036642d..d3e5e2e2a 100644 --- a/postfix/TODO +++ b/postfix/TODO @@ -1,23 +1,13 @@ What needs to be done before Postfix 2.4.0 is finished: -- Update MILTER_README (dkim, application patches). - - Create RELEASE_NOTES_2.4. - Update BACKSCATTER_README with PCRE rules. +- Otherwise done up to and including FILTER_README + - Truncate wish list from HISTORY. - Spell check and double word check the proto files. - Parameter hyperlink check and HTML check the html outputs. - -- Replace SPF policy server script by link to SPF website. - -- Remove MacOS X examples. They have not been updated. - -- Is "postmap -qf" still needed with regexp/pcre maps? - -- Update TUNING_README smtpd_client_*_limit feature list (add TLS). - -- Update TUNING_README file descriptor tuning. diff --git a/postfix/auxiliary/MacOSX/Postfix.StartupItem/Postfix b/postfix/auxiliary/MacOSX/Postfix.StartupItem/Postfix deleted file mode 100755 index 5c6511426..000000000 --- a/postfix/auxiliary/MacOSX/Postfix.StartupItem/Postfix +++ /dev/null @@ -1,46 +0,0 @@ -#!/bin/sh - -# Gerben Wierda, Oct 2001. Adapted from an existing example. I waive every -# copyright on this and I also do not give any warranty. - -# Updated Sepember 29, 2002 -# To work properly, the POSTFIX variable needs to be set to -YES- -# in /etc/hostconfig - -. /etc/rc.common - -if [ "${POSTFIX:=-NO-}" = "-YES-" -a "${MAILSERVER:=-NO-}" = "-YES-" ] -then - ConsoleMessage "Cannot run concurrent postfix and sendmail" - sleep 2 - exit -fi - -## -# Start mail server -## - -if [ "$1" == "start" ] -then - if [ "${POSTFIX:=-NO-}" = "-YES-" ] - then - ConsoleMessage "Starting Postfix mail services" - /usr/sbin/postfix start - fi -elif [ "$1" == "stop" ] -then - ConsoleMessage "Stopping Postfix mail services" - /usr/sbin/postfix stop -elif [ "$1" == "restart" ] -then - if [ "${POSTFIX:=-NO-}" = "-YES-" ] - then - ConsoleMessage "Reloading Postfix configuration" - /usr/sbin/postfix reload - else - ConsoleMessage "Stopping Postfix mail services" - /usr/sbin/postfix stop - fi -fi - - diff --git a/postfix/auxiliary/MacOSX/Postfix.StartupItem/StartupParameters.plist b/postfix/auxiliary/MacOSX/Postfix.StartupItem/StartupParameters.plist deleted file mode 100644 index b41a9a02b..000000000 --- a/postfix/auxiliary/MacOSX/Postfix.StartupItem/StartupParameters.plist +++ /dev/null @@ -1,13 +0,0 @@ -{ - Description = "Postfix mail server"; - Provides = ("SMTP"); - Requires = ("Resolver"); - Uses = ("Network Time", "NFS"); - Preference = "None"; - Messages = - { - start = "Starting Postfix"; - stop = "Stopping Postfix"; - restart = "Reloading Postfix Configuration"; - }; -} diff --git a/postfix/auxiliary/MacOSX/README-INSTALL.OSX b/postfix/auxiliary/MacOSX/README-INSTALL.OSX deleted file mode 100644 index aa8db9e5a..000000000 --- a/postfix/auxiliary/MacOSX/README-INSTALL.OSX +++ /dev/null @@ -1,74 +0,0 @@ -# Adapted from an existing example by Gerben Wierda, Oct 2001. I waive every -# copyright on this and I also do not give any warranty. - -Let's start with the important warning: - -DO NOT USE THE MULTIPLE USERS APPLICATION TO CREATE THE POSTFIX USER! - -NOTE: Mac OS X as of version 10.3 comes with Postfix as the standard mailer -and it is supported in Server Admin on Mac OS X 10.3 Server . The instructions -below therefore only apply for Mac OS X 10.2.8. - -NOTE: As of 29 September 2002, these instructions and the scripts have changed -to make the solution more robust for Apple updates. - -Run the commands below in the order that they are presented - -A. INSTALLING POSTFIX for the first time and selecting it as the active - Mail Transfer Agent (MTA): - - # All these commands are written to be run from this directory. - - # This repairs the previous Oct 2001 setup if any - sudo ./repair-oldsetup - - # Prepare for reactivating sendmail - sudo ./backup-sendmail-binaries - - # this creates the necessary users & groups for proper operation - # of postfix: - sudo ./niscript - - # Install postfix: - # When the script asks you for setgid (the default will be no) tell it - # maildrop - (cd ../..; sudo make install) - - # Prepare for reactivating postfix - sudo ./backup-postfix-binaries - - # edit /etc/postfix/main.cf to suit your requirements - ### add your own commands here ### - - # Activate postfix startup at boot time. Deactivates sendmail. - sudo ./activate-postfix - - # Test. Read INSTALL for a series of suggested tests. - -B. DEACTIVATING POSTFIX - - # Deactivate postfix startup at boot time - sudo ./deactivate-postfix - -C. RESTORING Sendmail as the MTA when Postfix is the active MTA - - # This repairs the previous Oct 2001 setup if any - sudo ./repair-oldsetup - - # Deactivate postfix startup at boot time - sudo ./deactivate-postfix - - sudo ./activate-sendmail - - # Restart your computer - -D. RESTORING postfix as the MTA when Sendmail is the active MTA - - # NOTE: The first time you activate postfix you have to follow - # the steps of A. - - # This repairs the previous Oct 2001 setup if any - sudo ./repair-oldsetup - - sudo ./activate-postfix - diff --git a/postfix/auxiliary/MacOSX/activate-postfix b/postfix/auxiliary/MacOSX/activate-postfix deleted file mode 100755 index 9d7779e8d..000000000 --- a/postfix/auxiliary/MacOSX/activate-postfix +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/sh - -# Written by Gerben Wierda, Oct 2001. I waive every copyright on this and -# I also do not give any warranty. - -. ./defines - -# Activate binaries -if [ ! -e ${POSTFIXBACKUPDIR}/sendmail ] -then - echo "Something is wrong: there is no existing postfix binary backup" - exit 1; -else - echo "Restoring postfix versions of sendmail programs from backup..." - (cd ${POSTFIXBACKUPDIR}; tar cf - sendmail) | (cd /usr/sbin; tar xf -) - (cd ${POSTFIXBACKUPDIR}; tar cf - newaliases) | (cd /usr/bin; tar xf -) - (cd ${POSTFIXBACKUPDIR}; tar cf - mailq) | (cd /usr/bin; tar xf -) -fi - -if [ -e "${PSI}" ] -then - echo "Postfix StartupItem already exists." -else - if [ -e "${PSIDISABLED}" ] - then - echo "Reinstating disabled Postfix StartupItem..." - mv "${PSIDISABLED}" "${PSI}" - else - echo "Installing new default Postfix StartupItem..." - cp -R Postfix.StartupItem "${PSI}" - fi -fi - -# De-activate sendmail in /etc/hostconfig -/usr/bin/perl -pi -e 's/MAILSERVER=-YES-/MAILSERVER=-NO-/g' /etc/hostconfig -# Activate postfix in /etc/hostconfig -if /usr/bin/grep '^POSTFIX=-NO-' /etc/hostconfig >/dev/null 2>&1; then - /usr/bin/perl -pi -e 's/POSTFIX=-NO-/POSTFIX=-YES-/g' /etc/hostconfig -else - echo "POSTFIX=-YES-" >>/etc/hostconfig -fi - -/usr/sbin/postfix start diff --git a/postfix/auxiliary/MacOSX/activate-sendmail b/postfix/auxiliary/MacOSX/activate-sendmail deleted file mode 100755 index 72adf94fc..000000000 --- a/postfix/auxiliary/MacOSX/activate-sendmail +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/sh - -# Written by Gerben Wierda, Oct 2001. I waive every copyright on this and -# I also do not give any warranty. - -. ./defines - -. ./deactivate-postfix - -# Activate binaries -if [ ! -e ${SENDMAILBACKUPDIR}/sendmail ] -then - echo "Something is wrong: there is no existing sendmail binary backup" - exit 1; -else - echo "Restoring sendmail versions of sendmail programs from backup..." - (cd ${SENDMAILBACKUPDIR}; tar cf - sendmail) | (cd /usr/sbin; tar xf -) - (cd ${SENDMAILBACKUPDIR}; tar cf - newaliases) | (cd /usr/bin; tar xf -) - (cd ${SENDMAILBACKUPDIR}; tar cf - mailq) | (cd /usr/bin; tar xf -) -fi - -# Activate sendmail in /etc/hostconfig -/usr/bin/perl -pi -e 's/MAILSERVER=-NO-/MAILSERVER=-YES-/g' /etc/hostconfig - diff --git a/postfix/auxiliary/MacOSX/backup-postfix-binaries b/postfix/auxiliary/MacOSX/backup-postfix-binaries deleted file mode 100755 index 37c2b74c2..000000000 --- a/postfix/auxiliary/MacOSX/backup-postfix-binaries +++ /dev/null @@ -1,20 +0,0 @@ -#! /bin/sh - -# Written by Gerben Wierda, Oct 2001. I waive every copyright on this and -# I also do not give any warranty. - -# We use tar, as we do not know beforehand if we are dealing with real -# files or symbolic links. Since we use tar, we cannot change filenames -# we need to create a directory to hold our backup binaries. - -. ./defines - -if [ ! -d ${POSTFIXBACKUPDIR} ] -then - mkdir -p ${POSTFIXBACKUPDIR} -fi - -(cd /usr/sbin; tar cf - sendmail) | (cd ${POSTFIXBACKUPDIR}; tar xf -) -(cd /usr/bin; tar cf - newaliases) | (cd ${POSTFIXBACKUPDIR}; tar xf -) -(cd /usr/bin; tar cf - mailq) | (cd ${POSTFIXBACKUPDIR}; tar xf -) - diff --git a/postfix/auxiliary/MacOSX/backup-sendmail-binaries b/postfix/auxiliary/MacOSX/backup-sendmail-binaries deleted file mode 100755 index ae624f8a2..000000000 --- a/postfix/auxiliary/MacOSX/backup-sendmail-binaries +++ /dev/null @@ -1,20 +0,0 @@ -#! /bin/sh - -# Written by Gerben Wierda, Oct 2001. I waive every copyright on this and -# I also do not give any warranty. - -# We use tar, as we do not know beforehand if we are dealing with real -# files or symbolic links. Since we use tar, we cannot change filenames -# we need to create a directory to hold our backup binaries. - -. ./defines - -if [ ! -d ${SENDMAILBACKUPDIR} ] -then - mkdir -p ${SENDMAILBACKUPDIR} -fi - -(cd /usr/sbin; tar cf - sendmail) | (cd ${SENDMAILBACKUPDIR}; tar xf -) -(cd /usr/bin; tar cf - newaliases) | (cd ${SENDMAILBACKUPDIR}; tar xf -) -(cd /usr/bin; tar cf - mailq) | (cd ${SENDMAILBACKUPDIR}; tar xf -) - diff --git a/postfix/auxiliary/MacOSX/deactivate-postfix b/postfix/auxiliary/MacOSX/deactivate-postfix deleted file mode 100755 index 8b398b176..000000000 --- a/postfix/auxiliary/MacOSX/deactivate-postfix +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh - -# Written by Gerben Wierda, Sep 2002. I waive every copyright on this and -# I also do not give any warranty. - -. ./defines - -if [ -e "${PSI}" ] -then - mv "${PSI}" "${PSIDISABLED}" -fi - -# De-activate postfix in /etc/hostconfig -/usr/bin/perl -pi -e 's/POSTFIX=-YES-/POSTFIX=-NO-/g' /etc/hostconfig - -/usr/sbin/postfix stop >/dev/null 2>&1 diff --git a/postfix/auxiliary/MacOSX/defines b/postfix/auxiliary/MacOSX/defines deleted file mode 100644 index 298a547e5..000000000 --- a/postfix/auxiliary/MacOSX/defines +++ /dev/null @@ -1,12 +0,0 @@ -#! /bin/sh - -# Written by Gerben Wierda, Oct 2001. I waive every copyright on this and -# I also do not give any warranty. - -SIDIR="/Library/StartupItems" - -PSI="${SIDIR}/Postfix" -PSIDISABLED="${PSI}.disabled" - -POSTFIXBACKUPDIR=/usr/sbin/.postfixbackup -SENDMAILBACKUPDIR=/usr/sbin/.sendmailbackup diff --git a/postfix/auxiliary/MacOSX/niscript b/postfix/auxiliary/MacOSX/niscript deleted file mode 100755 index 8031e380e..000000000 --- a/postfix/auxiliary/MacOSX/niscript +++ /dev/null @@ -1,164 +0,0 @@ -#!/usr/bin/perl - -# niscript.pl by Gerben Wierda - -# This little script is an adaptation of the original niscript sh script by -# Joe Block -# instead of using fixed uid/gid and thus not robust if you run it on a -# system where groups and/or users have been added, this script checks -# if the users/groups are there and if not creates them with free id's. - -# 17 Jul 2002 GW: Fixed two bugs -# 1. Typo in createuser would always have uid 88 for postfix -# 2. Add to netinfo domain . instead of / so that it also works on systems -# where the / domain is actually network-wide (not very useful to add -# a postfix user to all systems in that netinfo domain...) - -print <<_WARNING - -This script massages your netinfo database. This can severely break -your system. If your netinfo database breaks, you get to keep the parts. - -No Warranty. Really. - -This script tries to create two groups (if they do not already exist): -- postfix -- maildrop -and tries to create a user (if it does not already exist) -- postfix -which is member of group postfix. - -_WARNING -; - -# The script starts to look at id 88 (both for user and group) and up to 65535 -# It dies if no free id is found. - -my $postfixgid = undef; -my $maildropgid = undef; -my $postfixuid = undef; - -# First create - -my @groups = readgroups(); -foreach $group (@groups) { - (my $groupname, undef, my $gid, undef) = split( ':', $group); - if ($groupname eq 'postfix') { - warn "You already have a postfix group (with gid $gid)\n"; - $postfixgid = $gid; - } - if ($groupname eq 'maildrop') { - warn "You already have a maildrop group (with gid $gid)\n"; - $maildropgid = $gid; - } -} - -if (not defined $postfixgid) { - $postfixgid = creategroup( 'postfix'); -} - -if (not defined $maildropgid) { - $maildropgid = creategroup( 'maildrop'); -} - -my @users = readusers(); -foreach $user (@users) { - (my $username, undef, my $uid, undef) = split( ':', $user); - if ($username eq 'postfix') { - warn "You already have a postfix user (with uid $uid)\n"; - $postfixuid = $uid; - } -} - -if (not defined $postfixuid) { - $postfixuid = createuser( 'postfix', '"Postfix User"', - '/usr/bin/false', '/etc/postfix', - $postfixgid); - addusertogroup( 'postfix', 'postfix'); -} - -warn "\n"; - -sub creategroup -{ - my $name = shift; - open( NIDUMP, "nidump group .|") or die "Cannot run nidump\n"; - my @groups=; - close( NIDUMP); - - my $tryno; - NEXTNO: for ($tryno = 88; $tryno <= 65535; $tryno++) { - foreach my $group (@groups) { - (my $groupname, undef, my $gid, undef) = - split( ':', $group); - next NEXTNO if $gid == $tryno; - } - last NEXTNO; - } - die "Cannot find free gid\n" if $tryno == 65536; - warn "Will create $name as gid $tryno\n"; - system "niutil -create . /groups/$name"; - system "niutil -createprop . /groups/$name name $name"; - system "niutil -createprop . /groups/$name gid $tryno"; - system "niutil -createprop . /groups/$name passwd '*'"; - return $tryno; -} - -sub addusertogroup -{ - my $user = shift; - my $group = shift; - system "niutil -appendprop . /groups/$group users $user"; -} - -sub readgroups -{ - open( NIDUMP, "nidump group .|") or die "Cannot run nidump\n"; - my @groups=; - close( NIDUMP); - return @groups; -} - -sub readusers -{ - my @passwd; - open( NIDUMP, "nidump passwd .|") or die "Cannot run nidump\n"; - @passwd=; - close( NIDUMP); - return @passwd; -} - -sub createuser -{ - my $name = shift; - my $realname = shift; - my $shell = shift; - my $home = shift; - my $gid = shift; - - open( NIDUMP, "nidump passwd .|") or die "Cannot run nidump\n"; - my @passwds=; - close( NIDUMP); - - my $tryno; - NEXTNO: for ($tryno = 88; $tryno <= 65535; $tryno++) { - foreach my $passwd (@passwds) { - (my $passwdname, undef, my $uid, undef) = - split( ':', $passwd); - next NEXTNO if $uid == $tryno; - } - last NEXTNO; - } - die "Cannot find free uid\n" if $tryno == 65536; - warn "Will create $name as uid $tryno\n"; - system "niutil -create . /users/$name"; - system "niutil -createprop . /users/$name realname $realname"; - system "niutil -createprop . /users/$name shell $shell"; - system "niutil -createprop . /users/$name uid $tryno"; - system "niutil -createprop . /users/$name gid $gid"; - system "niutil -createprop . /users/$name home $home"; - system "niutil -createprop . /users/$name _shadow_passwd"; - system "niutil -createprop . /users/$name passwd '*'"; - return $tryno; -} - diff --git a/postfix/auxiliary/MacOSX/repair-oldsetup b/postfix/auxiliary/MacOSX/repair-oldsetup deleted file mode 100755 index a8e1840c8..000000000 --- a/postfix/auxiliary/MacOSX/repair-oldsetup +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh - -if [ -d /System/Library/DisabledStartupItems/Sendmail ] -then - mv /System/Library/DisabledStartupItems/Sendmail /System/Library/StartupItems - rmdir /System/Library/DisabledStartupItems/Sendmail - rm -rf /System/Library/StartupItems/Postfix -fi diff --git a/postfix/conf/access b/postfix/conf/access index ad5c548c4..9d0121bff 100644 --- a/postfix/conf/access +++ b/postfix/conf/access @@ -11,34 +11,35 @@ # postmap -q - /etc/postfix/access as the lookup key for such addresses. The value is -# specified with the smtpd_null_access_lookup_key parameter +# Note: lookup of the null sender address is not possible +# with some types of lookup table. By default, Postfix uses +# <> as the lookup key for such addresses. The value is +# specified with the smtpd_null_access_lookup_key parameter # in the Postfix main.cf file. # # EMAIL ADDRESS EXTENSION # When a mail address localpart contains the optional recip- -# ient delimiter (e.g., user+foo@domain), the lookup order -# becomes: user+foo@domain, user@domain, domain, user+foo@, +# ient delimiter (e.g., user+foo@domain), the lookup order +# becomes: user+foo@domain, user@domain, domain, user+foo@, # and user@. # # HOST NAME/ADDRESS PATTERNS # With lookups from indexed files such as DB or DBM, or from -# networked tables such as NIS, LDAP or SQL, the following +# networked tables such as NIS, LDAP or SQL, the following # lookup patterns are examined in the order as listed: # # domain.tld @@ -103,9 +104,9 @@ # # The pattern domain.tld also matches subdomains, but # only when the string smtpd_access_maps is listed in -# the Postfix parent_domain_matches_subdomains con- +# the Postfix parent_domain_matches_subdomains con- # figuration setting. Otherwise, specify .domain.tld -# (note the initial dot) in order to match subdo- +# (note the initial dot) in order to match subdo- # mains. # # net.work.addr.ess @@ -114,21 +115,21 @@ # # net.work # -# net Matches the specified IPv4 host address or subnet- -# work. An IPv4 host address is a sequence of four +# net Matches the specified IPv4 host address or subnet- +# work. An IPv4 host address is a sequence of four # decimal octets separated by ".". # -# Subnetworks are matched by repeatedly truncating +# Subnetworks are matched by repeatedly truncating # the last ".octet" from the remote IPv4 host address -# string until a match is found in the access table, +# string until a match is found in the access table, # or until further truncation is not possible. # # NOTE 1: The information in the access map should be # in canonical form, with unnecessary null characters -# eliminated. Address information must not be +# eliminated. Address information must not be # enclosed with "[]" characters. # -# NOTE 2: use the cidr lookup table type to specify +# NOTE 2: use the cidr lookup table type to specify # network/netmask patterns. See cidr_table(5) for # details. # @@ -138,12 +139,12 @@ # # net:work # -# net Matches the specified IPv6 host address or subnet- -# work. An IPv6 host address is a sequence of three -# to eight hexadecimal octet pairs separated by ":". +# net Matches the specified IPv6 host address or subnet- +# work. An IPv6 host address is a sequence of three +# to eight hexadecimal octet pairs separated by ":". # -# Subnetworks are matched by repeatedly truncating -# the last ":octetpair" from the remote IPv6 host +# Subnetworks are matched by repeatedly truncating +# the last ":octetpair" from the remote IPv6 host # address string until a match is found in the access # table, or until further truncation is not possible. # @@ -153,10 +154,10 @@ # # NOTE 2: The information in the access map should be # in canonical form, with unnecessary null characters -# eliminated. Address information must not be +# eliminated. Address information must not be # enclosed with "[]" characters. # -# NOTE 3: use the cidr lookup table type to specify +# NOTE 3: use the cidr lookup table type to specify # network/netmask patterns. See cidr_table(5) for # details. # @@ -167,48 +168,48 @@ # # all-numerical # An all-numerical result is treated as OK. This for- -# mat is generated by address-based relay authoriza- +# mat is generated by address-based relay authoriza- # tion schemes such as pop-before-smtp. # # REJECT ACTIONS -# Postfix version 2.3 and later support enhanced status -# codes as defined in RFC 3463. When no code is specified -# at the beginning of the text below, Postfix inserts a -# default enhanced status code of "5.7.1" in the case of -# reject actions, and "4.7.1" in the case of defer actions. +# Postfix version 2.3 and later support enhanced status +# codes as defined in RFC 3463. When no code is specified +# at the beginning of the text below, Postfix inserts a +# default enhanced status code of "5.7.1" in the case of +# reject actions, and "4.7.1" in the case of defer actions. # See "ENHANCED STATUS CODES" below. # # 4NN text # # 5NN text -# Reject the address etc. that matches the pattern, +# Reject the address etc. that matches the pattern, # and respond with the numerical three-digit code and -# text. 4NN means "try again later", while 5NN means +# text. 4NN means "try again later", while 5NN means # "do not try again". # -# The reply code "421" causes Postfix to disconnect +# The reply code "421" causes Postfix to disconnect # immediately (Postfix version 2.3 and later). # # REJECT optional text... -# Reject the address etc. that matches the pattern. -# Reply with $reject_code optional text... when the -# optional text is specified, otherwise reply with a +# Reject the address etc. that matches the pattern. +# Reply with $reject_code optional text... when the +# optional text is specified, otherwise reply with a # generic error response message. # # DEFER_IF_REJECT optional text... -# Defer the request if some later restriction would -# result in a REJECT action. Reply with "450 4.7.1 -# optional text... when the optional text is speci- +# Defer the request if some later restriction would +# result in a REJECT action. Reply with "450 4.7.1 +# optional text... when the optional text is speci- # fied, otherwise reply with a generic error response # message. # # This feature is available in Postfix 2.1 and later. # # DEFER_IF_PERMIT optional text... -# Defer the request if some later restriction would -# result in a an explicit or implicit PERMIT action. -# Reply with "450 4.7.1 optional text... when the -# optional text is specified, otherwise reply with a +# Defer the request if some later restriction would +# result in a an explicit or implicit PERMIT action. +# Reply with "450 4.7.1 optional text... when the +# optional text is specified, otherwise reply with a # generic error response message. # # This feature is available in Postfix 2.1 and later. @@ -219,158 +220,158 @@ # reject_unauth_destination, and so on). # # DISCARD optional text... -# Claim successful delivery and silently discard the -# message. Log the optional text if specified, oth- +# Claim successful delivery and silently discard the +# message. Log the optional text if specified, oth- # erwise log a generic message. # -# Note: this action currently affects all recipients -# of the message. To discard only one recipient -# without discarding the entire message, use the +# Note: this action currently affects all recipients +# of the message. To discard only one recipient +# without discarding the entire message, use the # transport(5) table to direct mail to the discard(8) # service. # # This feature is available in Postfix 2.0 and later. # -# DUNNO Pretend that the lookup key was not found. This -# prevents Postfix from trying substrings of the -# lookup key (such as a subdomain name, or a network +# DUNNO Pretend that the lookup key was not found. This +# prevents Postfix from trying substrings of the +# lookup key (such as a subdomain name, or a network # address subnetwork). # # This feature is available in Postfix 2.0 and later. # # FILTER transport:destination -# After the message is queued, send the entire mes- +# After the message is queued, send the entire mes- # sage through the specified external content filter. -# The transport:destination syntax is described in -# the transport(5) manual page. More information -# about external content filters is in the Postfix +# The transport:destination syntax is described in +# the transport(5) manual page. More information +# about external content filters is in the Postfix # FILTER_README file. # -# Note: this action overrides the main.cf con- -# tent_filter setting, and currently affects all -# recipients of the message. +# Note: this action overrides the content_filter set- +# ting, and currently affects all recipients of the +# message. # # This feature is available in Postfix 2.0 and later. # # HOLD optional text... -# Place the message on the hold queue, where it will -# sit until someone either deletes it or releases it -# for delivery. Log the optional text if specified, +# Place the message on the hold queue, where it will +# sit until someone either deletes it or releases it +# for delivery. Log the optional text if specified, # otherwise log a generic message. # -# Mail that is placed on hold can be examined with -# the postcat(1) command, and can be destroyed or +# Mail that is placed on hold can be examined with +# the postcat(1) command, and can be destroyed or # released with the postsuper(1) command. # -# Note: use "postsuper -r" to release mail that was -# kept on hold for a significant fraction of $maxi- +# Note: use "postsuper -r" to release mail that was +# kept on hold for a significant fraction of $maxi- # mal_queue_lifetime or $bounce_queue_lifetime, or -# longer. Use "postsuper -H" only for mail that will +# longer. Use "postsuper -H" only for mail that will # not expire within a few delivery attempts. # -# Note: this action currently affects all recipients +# Note: this action currently affects all recipients # of the message. # # This feature is available in Postfix 2.0 and later. # # PREPEND headername: headervalue -# Prepend the specified message header to the mes- -# sage. When more than one PREPEND action executes, -# the first prepended header appears before the sec- +# Prepend the specified message header to the mes- +# sage. When more than one PREPEND action executes, +# the first prepended header appears before the sec- # ond etc. prepended header. # -# Note: this action must execute before the message -# content is received; it cannot execute in the con- +# Note: this action must execute before the message +# content is received; it cannot execute in the con- # text of smtpd_end_of_data_restrictions. # # This feature is available in Postfix 2.1 and later. # # REDIRECT user@domain -# After the message is queued, send the message to +# After the message is queued, send the message to # the specified address instead of the intended # recipient(s). # -# Note: this action overrides the FILTER action, and +# Note: this action overrides the FILTER action, and # currently affects all recipients of the message. # # This feature is available in Postfix 2.1 and later. # # WARN optional text... # Log a warning with the optional text, together with -# client information and if available, with helo, +# client information and if available, with helo, # sender, recipient and protocol information. # # This feature is available in Postfix 2.1 and later. # # ENHANCED STATUS CODES -# Postfix version 2.3 and later support enhanced status -# codes as defined in RFC 3463. When an enhanced status -# code is specified in an access table, it is subject to -# modification. The following transformations are needed -# when the same access table is used for client, helo, -# sender, or recipient access restrictions; they happen +# Postfix version 2.3 and later support enhanced status +# codes as defined in RFC 3463. When an enhanced status +# code is specified in an access table, it is subject to +# modification. The following transformations are needed +# when the same access table is used for client, helo, +# sender, or recipient access restrictions; they happen # regardless of whether Postfix replies to a MAIL FROM, RCPT # TO or other SMTP command. # -# o When a sender address matches a REJECT action, the -# Postfix SMTP server will transform a recipient DSN -# status (e.g., 4.1.1-4.1.6) into the corresponding +# o When a sender address matches a REJECT action, the +# Postfix SMTP server will transform a recipient DSN +# status (e.g., 4.1.1-4.1.6) into the corresponding # sender DSN status, and vice versa. # -# o When non-address information matches a REJECT -# action (such as the HELO command argument or the -# client hostname/address), the Postfix SMTP server -# will transform a sender or recipient DSN status -# into a generic non-address DSN status (e.g., +# o When non-address information matches a REJECT +# action (such as the HELO command argument or the +# client hostname/address), the Postfix SMTP server +# will transform a sender or recipient DSN status +# into a generic non-address DSN status (e.g., # 4.0.0). # # REGULAR EXPRESSION TABLES -# This section describes how the table lookups change when +# This section describes how the table lookups change when # the table is given in the form of regular expressions. For -# a description of regular expression lookup table syntax, +# a description of regular expression lookup table syntax, # see regexp_table(5) or pcre_table(5). # -# Each pattern is a regular expression that is applied to +# Each pattern is a regular expression that is applied to # the entire string being looked up. Depending on the appli- -# cation, that string is an entire client hostname, an +# cation, that string is an entire client hostname, an # entire client IP address, or an entire mail address. Thus, # no parent domain or parent network search is done, -# user@domain mail addresses are not broken up into their +# user@domain mail addresses are not broken up into their # user@ and domain constituent parts, nor is user+foo broken # up into user and foo. # -# Patterns are applied in the order as specified in the ta- -# ble, until a pattern is found that matches the search +# Patterns are applied in the order as specified in the ta- +# ble, until a pattern is found that matches the search # string. # -# Actions are the same as with indexed file lookups, with -# the additional feature that parenthesized substrings from +# Actions are the same as with indexed file lookups, with +# the additional feature that parenthesized substrings from # the pattern can be interpolated as $1, $2 and so on. # # TCP-BASED TABLES -# This section describes how the table lookups change when +# This section describes how the table lookups change when # lookups are directed to a TCP-based server. For a descrip- # tion of the TCP client/server lookup protocol, see tcp_ta- # ble(5). This feature is not available up to and including # Postfix version 2.4. # -# Each lookup operation uses the entire query string once. -# Depending on the application, that string is an entire +# Each lookup operation uses the entire query string once. +# Depending on the application, that string is an entire # client hostname, an entire client IP address, or an entire -# mail address. Thus, no parent domain or parent network -# search is done, user@domain mail addresses are not broken -# up into their user@ and domain constituent parts, nor is +# mail address. Thus, no parent domain or parent network +# search is done, user@domain mail addresses are not broken +# up into their user@ and domain constituent parts, nor is # user+foo broken up into user and foo. # # Actions are the same as with indexed file lookups. # # EXAMPLE -# The following example uses an indexed file, so that the -# order of table entries does not matter. The example per- -# mits access by the client at address 1.2.3.4 but rejects -# all other clients in 1.2.3.0/24. Instead of hash lookup -# tables, some systems use dbm. Use the command "postconf -# -m" to find out what lookup tables Postfix supports on +# The following example uses an indexed file, so that the +# order of table entries does not matter. The example per- +# mits access by the client at address 1.2.3.4 but rejects +# all other clients in 1.2.3.0/24. Instead of hash lookup +# tables, some systems use dbm. Use the command "postconf +# -m" to find out what lookup tables Postfix supports on # your system. # # /etc/postfix/main.cf: @@ -385,7 +386,7 @@ # editing the file. # # BUGS -# The table format does not understand quoting conventions. +# The table format does not understand quoting conventions. # # SEE ALSO # postmap(1), Postfix lookup table manager @@ -394,13 +395,13 @@ # transport(5), transport:nexthop syntax # # README FILES -# Use "postconf readme_directory" or "postconf html_direc- +# Use "postconf readme_directory" or "postconf html_direc- # tory" to locate this information. # SMTPD_ACCESS_README, built-in SMTP server access control # DATABASE_README, Postfix lookup table overview # # LICENSE -# The Secure Mailer license must be distributed with this +# The Secure Mailer license must be distributed with this # software. # # AUTHOR(S) diff --git a/postfix/conf/header_checks b/postfix/conf/header_checks index 65469c57a..b9bff2892 100644 --- a/postfix/conf/header_checks +++ b/postfix/conf/header_checks @@ -1,7 +1,7 @@ # HEADER_CHECKS(5) HEADER_CHECKS(5) # # NAME -# header_checks - Postfix built-in header/body inspection +# header_checks - Postfix built-in content inspection # # SYNOPSIS # header_checks = pcre:/etc/postfix/header_checks @@ -13,48 +13,49 @@ # postmap -fq - pcre:/etc/postfix/filename "fatal_exit: @_"); - syslog(warning => "fatal_exit: @_"); - syslog(info => "fatal_exit: @_"); - die "fatal: @_"; -} - -# -# Unbuffer standard output. -# -select((select(STDOUT), $| = 1)[0]); - -# -# This process runs as a daemon, so it can't log to a terminal. Use -# syslog so that people can actually see our messages. -# -setlogsock $syslog_socktype; -openlog $syslog_ident, $syslog_options, $syslog_facility; - -# ---------------------------------------------------------- -# main -# ---------------------------------------------------------- - -# -# Receive a bunch of attributes, evaluate the policy, send the result. -# -my %attr; -while () { - chomp; - if (/=/) { my ($k, $v) = split (/=/, $_, 2); $attr{$k} = $v; next } - elsif (length) { syslog(warning => sprintf("warning: ignoring garbage: %.100s", $_)); next; } - - if ($VERBOSE) { - for (sort keys %attr) { - syslog(debug => "Attribute: %s=%s", $_, $attr{$_}); - } - } - - fatal_exit ("unrecognized request type: '$attr{request}'") unless $attr{request} eq "smtpd_access_policy"; - - my $action = $DEFAULT_RESPONSE; - my %responses; - foreach my $handler (@HANDLERS) { - no strict 'refs'; - my $response = $handler->(attr=>\%attr); - syslog(debug => "handler %s: %s", $handler, $response); - if ($response and $response !~ /^dunno/i) { - syslog(info => "handler %s: %s is decisive.", $handler, $response); - $action = $response; last; - } - } - - syslog(info => "decided action=%s", $action); - - print STDOUT "action=$action\n\n"; - %attr = (); -} - -# ---------------------------------------------------------- -# plugin: SPF -# ---------------------------------------------------------- -sub sender_permitted_from { - local %_ = @_; - my %attr = %{ $_{attr} }; - - my $query = eval { new Mail::SPF::Query (ip =>$attr{client_address}, - sender=>$attr{sender}, - helo =>$attr{helo_name}) }; - if ($@) { - syslog(info => "%s: Mail::SPF::Query->new(%s, %s, %s) failed: %s", - $attr{queue_id}, $attr{client_address}, $attr{sender}, $attr{helo_name}, $@); - return "DUNNO"; - } - my ($result, $smtp_comment, $header_comment) = $query->result(); - - syslog(info => "%s: SPF %s: smtp_comment=%s, header_comment=%s", - $attr{queue_id}, $result, $smtp_comment, $header_comment); - - if ($result eq "fail") { return "REJECT $smtp_comment"; } - elsif ($result eq "error") { return "DEFER_IF_PERMIT $smtp_comment"; } - else { return "PREPEND Received-SPF: $result ($header_comment)"; } -} - -# ---------------------------------------------------------- -# plugin: testing -# ---------------------------------------------------------- -sub testing { - local %_ = @_; - my %attr = %{ $_{attr} }; - - if (lc address_stripped($attr{sender}) eq - lc address_stripped($attr{recipient}) - and - $attr{recipient} =~ /policyblock/) { - - syslog(info => "%s: testing: will block as requested", $attr{queue_id}); - return "REJECT smtpd-policy blocking $attr{recipient}"; - } - else { - syslog(info => "%s: testing: stripped sender=%s, stripped rcpt=%s", - $attr{queue_id}, - address_stripped($attr{sender}), - address_stripped($attr{recipient}), - ); - - } - return "DUNNO"; -} - -sub address_stripped { - # my $foo = localpart_lhs('foo+bar@baz.com'); # returns 'foo@baz.com' - my $string = shift; - for ($string) { - s/[+-].*\@/\@/; - } - return $string; -} diff --git a/postfix/html/ADDRESS_CLASS_README.html b/postfix/html/ADDRESS_CLASS_README.html index 4c5b9973d..6c1afe66f 100644 --- a/postfix/html/ADDRESS_CLASS_README.html +++ b/postfix/html/ADDRESS_CLASS_README.html @@ -53,8 +53,9 @@ address classes are very important for the operation of Postfix.

  • The list of domains that are a member of the class: for example, all local domains, or all relay domains.

    -

  • The default delivery method. For example, the local or -smtp delivery agent. This helps to keep Postfix configurations +

  • The default delivery transport. For example, the local or +relay delivery transport (delivery transports are defined in +master.cf). This helps to keep Postfix configurations simple.

  • The list of valid recipient addresses for that address @@ -95,7 +96,7 @@ empty, then the Postfix SMTP server accepts any address in the local domain class.

  • The mail delivery transport is specified with the -local_transport parameter. The default value is local:$myhostname +local_transport parameter. The default value is local:$myhostname for delivery with the local(8) delivery agent.

    @@ -265,7 +266,7 @@ default. The Postfix SMTP server uses this to reject mail for unknown local recipients. See the LOCAL_RECIPIENT_README file hints and tips.

    -

  • Introduction of the relay delivery transport in master.cf. +

  • Introduction of the relay delivery transport in master.cf. This helps to avoid mail delivery scheduling problems on inbound mail relays when there is a lot of outbound mail, but may require that you update your "defer_transports" setting.

    diff --git a/postfix/html/ADDRESS_VERIFICATION_README.html b/postfix/html/ADDRESS_VERIFICATION_README.html index 0f14fb030..ce38c1534 100644 --- a/postfix/html/ADDRESS_VERIFICATION_README.html +++ b/postfix/html/ADDRESS_VERIFICATION_README.html @@ -229,7 +229,10 @@ MAILER-DAEMON messages.

    Recipient address verification is relatively straightforward and there are no surprises. If a recipient probe fails, then Postfix rejects mail for the recipient address. If a recipient probe -succeeds, then Postfix accepts mail for the recipient address.

    +succeeds, then Postfix accepts mail for the recipient address. +However, recipient address verification probes can increase the +load on down-stream MTAs when you're being flooded by backscatter +bounces, or when some spammer is mounting a dictionary attack.

    By default, address verification results are not saved. To avoid probing the same address repeatedly, you can store the result in a diff --git a/postfix/html/CONNECTION_CACHE_README.html b/postfix/html/CONNECTION_CACHE_README.html index 2c741ced4..fb7a08bc1 100644 --- a/postfix/html/CONNECTION_CACHE_README.html +++ b/postfix/html/CONNECTION_CACHE_README.html @@ -92,28 +92,38 @@ by the mail delivering process that creates the connection. To get the same performance improvement as with a shared connection cache, non-shared connections need to be kept open for a longer time.

    +

    The scache(8) server, introduced with Postfix version 2.2, +maintains the shared connection cache. With Postfix version 2.2, +only the smtp(8) client has support to access this cache.

    +
    - - + + + + + + + + + +
    Internet <-- -
    smtp(8)
          		<->
    scache(8)
          		<-> -
    smtp(8)
          		--> Internet

    smtp(8) +
          		--> Internet
      |
    |
    |
    |
    |
    |
    v    		  

    smtp(8)
          		--> Internet
    ^
    |    		  

    scache(8) +
     
    -

    The scache(8) server, introduced with Postfix version 2.2, -maintains the shared connection cache. With Postfix version 2.2, -only the smtp(8) client has support to access this cache.

    -

    When SMTP connection caching is enabled (see next section), the smtp(8) client does not disconnect after a mail transaction, but gives the connection to the scache(8) server which keeps the -connection open for a limited amount of time.

    +connection open for a limited amount of time.

    After handing over the open connection to the scache(8) server, the smtp(8) client continues with some other mail delivery request. @@ -144,7 +154,7 @@ destination has a high volume of mail in the main.cf: smtp_connection_cache_on_demand = yes @@ -167,7 +177,7 @@ right-hand side of an email address, without the [] around a numeric IP address),

  • if mail is sent via a relay host: a relay host name (without -the [] or non-default TCP port), as specified in main.cf or in the +the [] or non-default TCP port), as specified in main.cf or in the transport map,

  • a /file/name with domain names and/or relay host names as @@ -184,7 +194,7 @@ lookups is ignored. 

    -/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     smtp_connection_cache_destinations = $relayhost
     smtp_connection_cache_destinations = hotmail.com, ...
     smtp_connection_cache_destinations = static:all (not recommended)
diff --git a/postfix/html/CYRUS_README.html b/postfix/html/CYRUS_README.html
deleted file mode 100644
index 30ad5bdca..000000000
--- a/postfix/html/CYRUS_README.html
+++ /dev/null
@@ -1,24 +0,0 @@
-
-
-
-
-
-
-Postfix Cyrus Howto
-
-
-
-
-
-
-
-
    Postfix Cyrus Howto
    
-
-
    
-
-
     This document will be made available via http://www.postfix.org/. 
    
-
-
-
-
diff --git a/postfix/html/DATABASE_README.html b/postfix/html/DATABASE_README.html
index 315fe1c20..3ab4fa44e 100644
--- a/postfix/html/DATABASE_README.html
+++ b/postfix/html/DATABASE_README.html
@@ -80,7 +80,8 @@ below.
 
 
  •  You can use Berkeley DB files with fixed lookup strings for
 simple address rewriting operations and you can use regular expression
-tables for the more complicated work.
+tables for the more complicated work. In other words, you don't
+have to put everything into the same table.
 
 
 
@@ -189,8 +190,9 @@ because something else happens.  This is because commands such as
 postmap(1) or postalias(1) overwrite existing files. If the update
 fails in the middle then you have no usable database, and Postfix
 will stop working. This is not an issue with the CDB database type
-available with Postfix 2.2 and later, because CDB
-database rebuilds are atomic. 
    
+available with Postfix 2.2 and later: CDB
+creates a new file, and renames the file upon successful completion.
+
    
 
 
     With multi-file databases such as DBM, there is no simple
 solution. With Berkeley DB and other "one file" databases, it is
diff --git a/postfix/html/DB_README.html b/postfix/html/DB_README.html
index d89fd5028..421c7e7d3 100644
--- a/postfix/html/DB_README.html
+++ b/postfix/html/DB_README.html
@@ -49,15 +49,17 @@ versions.  
    
 
    Building Postfix on systems without Berkeley
 DB
    
 
-
     Many commercial UNIXes ship without Berkeley DB support. Examples
-are Solaris, HP-UX, IRIX, UNIXWARE. In order to build Postfix with
+
     Some UNIXes ship without Berkeley DB support; for historical
+reasons these use DBM files instead. A problem with DBM files is
+that they can store only limited amounts of data. To build Postfix
+with
 Berkeley DB support you need to download and install the source
-code from http://www.sleepycat.com/ 
    
+code from http://www.oracle.com/database/berkeley-db/. 
    
 
 
     Warning: some Linux system libraries use Berkeley DB, as do
 some third-party libraries such as SASL. If you compile Postfix
 with a different Berkeley DB implementation, then every Postfix
-program will dump core because either the system library, SASL
+program will dump core because either the system library, the SASL
 library, or Postfix itself ends up using the wrong version. 
    
 
 
    The more recent Berkeley DB versions have a compile-time switch,
@@ -67,7 +69,7 @@ Although wasteful, this may be the only way to keep things from
 falling apart. 
    
 
 
     To build Postfix after you installed the Berkeley DB from
-http://www.sleepycat.com/, use something like: 
    
+source code, use something like: 
    
 
 
    
 
    @@ -214,7 +216,8 @@ undefined reference to `pthread_mutex_trylock'
 
    
 
    
 
-
     More information is available at http://www.sleepycat.com/. 
    
+
     More information is available at
+http://www.oracle.com/database/berkeley-db/. 
    
 
 
 
diff --git a/postfix/html/DEBUG_README.html b/postfix/html/DEBUG_README.html
index 0f785d55b..fd648c484 100644
--- a/postfix/html/DEBUG_README.html
+++ b/postfix/html/DEBUG_README.html
@@ -100,8 +100,9 @@ is fixed. 
    
 permissions, incorrect configuration file settings that you can
 fix.  Postfix cannot proceed until this is fixed. 
    
 
-
  •  
     "error" reports a fatal or non-fatal error condition.
-Postfix cannot proceed until this is fixed.  
    
+
  •  
     "error" reports an error condition. For safety
+reasons, a Postfix process will terminate when more than 13 of these
+happen. 
    
 
 
  •  
     "warning" indicates a non-fatal error. These are
 problems that you may not be able to fix (such as a broken DNS
@@ -145,7 +146,7 @@ Mail Delivery Status Report will be mailed to <your login name>.
 
 
 
     These reports contain information that is generated by Postfix
-delivery agents. Since these run as daemon processes and do not
+delivery agents. Since these run as daemon processes that cannot
 interact with users directly, the result is sent as mail to the
 sender of the test message. The format of these reports is practically
 identical to that of ordinary non-delivery notifications. 
    
@@ -209,18 +210,21 @@ command "postfix reload". 
    
 
    Record the SMTP session with a network sniffer
    
 
 
     This example uses tcpdump. In order to record a conversation
-you need to specify a large enough buffer with the "-s" option or
-else you will miss some or all of the packet payload. 
    
+you need to specify a large enough buffer with the "-s"
+option or else you will miss some or all of the packet payload.
+
    
 
 
    
 
    -# tcpdump -w /file/name -s 2000 host example.com and port 25
+# tcpdump -w /file/name -s 0 host example.com and port 25
 
    
 
    
 
+
     Older tcpdump versions don't support "-s 0"; in that case,
+use "-s 2000" instead.  
    
+
 
     Run this for a while, stop with Ctrl-C when done. To view the
-data use a binary viewer, or ethereal, or use my tcpdumpx
-utility that is available from ftp://ftp.porcupine.org/pub/debugging/.
+data use a binary viewer, ethereal, or good old less.
 
    
 
 
    Making Postfix daemon programs more verbose
    
@@ -228,7 +232,7 @@ utility that is available from 
 
     Append one or more "-v" options to selected daemon
 definitions in /etc/postfix/master.cf and type "postfix reload".
 This will cause a lot of activity to be logged to the syslog daemon.
-Example: 
    
+For example, to make the Postfix SMTP server process more verbose: 
    
 
 
    
 
    @@ -237,10 +241,9 @@ Example: 
    
 
    
 
    
 
-
     This makes the Postfix SMTP server more verbose. To diagnose
-problems with address rewriting one would specify a "-v"
+
     To diagnose problems with address rewriting specify a "-v"
 option for the cleanup(8) and/or trivial-rewrite(8) daemon, and to
-diagnose problems with mail delivery one would specify a "-v"
+diagnose problems with mail delivery specify a "-v"
 option for the qmgr(8) or oqmgr(8) queue manager, or for the lmtp(8),
 local(8), pipe(8), smtp(8), or virtual(8) delivery agent.  
    
 
@@ -538,20 +541,23 @@ attachments, instead of reciting information from memory.
 
 
  •  
     Postfix logging. See the text at the top of the DEBUG_README
 document to find out where logging is stored. Please do not frustrate
-the helpers by word wrapping the logging. 
    
+the helpers by word wrapping the logging. If the logging is more
+than a few kbytes of text, consider posting an URL on a web or ftp
+site. 
    
 
 
  •  
     Consider using a test email address so that you don't have
 to reveal email addresses or passwords of innocent people. 
    
 
 
  •  
     If you can't use a test email address, please anonymize
-information consistently. Replace each letter by "A", each digit
+email addresses and host names consistently. Replace each letter
+by "A", each digit
 by "D" so that the helpers can still recognize syntactical errors.
 
    
 
 
  •  
     Output from "postconf -n". Please do not send your
-main.cf file or 400+ lines of postconf output. 
    
+main.cf file, or 500+ lines of postconf output. 
    
 
-
  •  
      Better, provide output from the postfinger tool.
+
  •  
     Better, provide output from the postfinger tool.
 This can be found at http://ftp.wl0.org/SOURCES/postfinger.  
    
 
 
  •  
     If the problem is SASL related, consider including the
@@ -562,7 +568,7 @@ output from the saslfinger tool. This can be found at
 including output from the qshape tool, as described in the
 QSHAPE_README file. 
    
 
-
  •  
     If the problem is protocol related (connections time out
+
  •  
     If the problem is protocol related (connections time out,
 or an SMTP server complains about syntax errors etc.) consider
 recording a session with tcpdump, as described in the DEBUG_README document.  
diff --git a/postfix/html/DSN_README.html b/postfix/html/DSN_README.html
index 8a389498b..6ca3d84d3 100644
--- a/postfix/html/DSN_README.html
+++ b/postfix/html/DSN_README.html
@@ -44,7 +44,7 @@ identifies the message content. 
    
 
 
 
     The implementation of DSN support involves extra parameters to
-the SMTP MAIL FROM and RCPT TO commands, as well as new Postfix
+the SMTP MAIL FROM and RCPT TO commands, as well as two Postfix
 sendmail command line options that provide a sub-set of the functions
 of the extra SMTP command parameters. 
    
 
diff --git a/postfix/html/ETRN_README.html b/postfix/html/ETRN_README.html
index f064f3a00..4322031c4 100644
--- a/postfix/html/ETRN_README.html
+++ b/postfix/html/ETRN_README.html
@@ -27,11 +27,6 @@ searches the queue for mail to the customer, and delivers that mail
 not delivered via the connection that was used for sending ETRN.
 
    
 
-
     Postfix versions before 1.0 (also known as version 20010228)
-implemented the ETRN command in an inefficient manner: they simply
-attempted to deliver all queued mail.  This is slow on mail servers
-that queue mail for many customers.  
    
-
 
     As of version 1.0, Postfix has a fast ETRN implementation that
 does not require Postfix to examine every queue file.  Instead,
 Postfix maintains a record of what queue files contain mail for
@@ -74,11 +69,11 @@ font.  
    
 
    
 
     220 my.server.tld ESMTP Postfix
-helo my.client.tld
+HELO my.client.tld
 250 Ok
-etrn some.customer.domain
+ETRN some.customer.domain
 250 Queuing started
-quit
+QUIT
 221 Bye
 
    
 
    
@@ -90,6 +85,8 @@ the connection that was used to send the ETRN command. 
    
 
     The Postfix operator can request delivery for a specific customer
 by using the command "sendmail -qRdestination" and, with
 Postfix version 1.1 and later, "postqueue -sdestination".
+Access to this feature is controlled with the authorized_flush_users
+configuration parameter (Postfix version 2.2 and later).
 
    
 
 
    How Postfix fast ETRN works
    
@@ -149,12 +146,13 @@ want to turn on fast ETRN service for every possible destination.
 with queue file names. When a request to "deliver mail now" arrives,
 Postfix will attempt to deliver all recipients in the queue files
 that have mail for the destination in question.  This does not
-perform well when queue files have recipients in many different
-domains.  
    
+perform well with queue files that have recipients in many different
+domains, such as queue files with outbound mailing list traffic.
+
    
 
 
  •  
     The flush(8) daemon maintains per-destination logfiles
 only for destinations listed with $fast_flush_domains. With other
-destinations it not possible to trigger delivery with "sendmail
+destinations you cannot request delivery with "sendmail
 -qRdestination" or, with Postfix version 1.1 and later,
 "postqueue -sdestination". 
    
 
@@ -166,19 +164,24 @@ does not ignore the volatile in-memory list of dead domains, and
 the list of message delivery transports specified with the
 defer_transports configuration parameter.  
    
 
+
  •  
     Up to and including Postfix version 2.3, the "fast flush"
+service may not deliver some messages if the request to "deliver
+mail now" arrives while an incoming queue scan is already in progress.
+
    
+
 
 
 
    Configuring the Postfix fast ETRN service
    
 
 
     The behavior of the flush(8) daemon is controlled by parameters
-in the main.cf configuration file. 
    
+in the main.cf configuration file. 
    
 
 
     By default, Postfix "fast ETRN" service is available only for
 destinations that Postfix is willing to relay mail to:  
    
 
 
    
 
    -/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     fast_flush_domains = $relay_domains
     smtpd_etrn_restrictions = permit_mynetworks, reject
 
    
@@ -203,7 +206,7 @@ may execute the ETRN command. By default, any client has permission.
 
 
    
 
    -/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     fast_flush_domains = $relay_domains, some.other.domain
 
    
 
    
@@ -213,7 +216,7 @@ and so that it maintains no per-destination logfiles, specify: 
    
 
 
    
 
    -/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     fast_flush_domains =
 
    
 
    
@@ -240,7 +243,7 @@ for this delivery transport is deferred as soon as it arrives.
 
 
    
 
    - 1 /etc/postfix/master.cf:
+ 1 /etc/postfix/master.cf:
  2   # =============================================================
  3   # service type  private unpriv  chroot  wakeup  maxproc command
  4   #               (yes)   (yes)   (yes)   (never) (100)
@@ -249,7 +252,7 @@ for this delivery transport is deferred as soon as it arrives.
  7   relay     unix  -       -       n       -       -       smtp
  8   etrn-only unix  -       -       n       -       -       smtp
  9 
-10 /etc/postfix/main.cf:
+10 /etc/postfix/main.cf:
 11   relay_domains = customer.tld ...other domains...
 12   defer_transports = etrn-only
 13   transport_maps = hash:/etc/postfix/transport
@@ -302,9 +305,9 @@ boldface: 
    
 
    
 
     220 my.server.tld ESMTP Postfix
-helo my.client.tld
+HELO my.client.tld
 250 Ok
-etrn some.customer.domain
+ETRN some.customer.domain
 250 Queuing started
 
    
 
    
@@ -338,9 +341,9 @@ commands that you type: 
    
 
    
 
     220 my.server.tld ESMTP Postfix
-helo my.client.tld
+HELO my.client.tld
 250 Ok
-etrn some.other.customer.domain
+ETRN some.other.customer.domain
 250 Queuing started
 
    
 
    
@@ -356,9 +359,9 @@ server has mail queued for that destination. 
    
 
    
 
     220 my.server.tld ESMTP Postfix
-helo my.client.tld
+HELO my.client.tld
 250 Ok
-etrn not.a.customer.domain
+ETRN not.a.customer.domain
 459 <not.a.customer.domain>: service unavailable
 
    
 
    
diff --git a/postfix/html/FILTER_README.html b/postfix/html/FILTER_README.html
index b678175bc..0bb4332d0 100644
--- a/postfix/html/FILTER_README.html
+++ b/postfix/html/FILTER_README.html
@@ -71,7 +71,8 @@ mail.  Applications that use two separate Postfix instances will
 be covered by a later version of this document.  
    
 
 
     The after-queue content filter is not to be confused with the
-approach that is described in the SMTPD_PROXY_README document,
+approaches described in the SMTPD_PROXY_README or MILTER_README
+documents,
 where incoming SMTP mail is filtered BEFORE it is stored into the
 Postfix queue.  
    
 
@@ -125,16 +126,18 @@ all email, as well as several options to filter mail selectively: 
    
 
 
    Principles of operation 
    
 
-
     An external content filter receives unfiltered mail from Postfix
-(as described further below) and does one of the following: 
    
+
     An after-queue content filter receives unfiltered mail from Postfix
+(as described further below) and can do one of the following: 
    
 
 
      
 
 
    1.  
       Re-inject the mail back into Postfix, perhaps after changing
     content and/or destination. 
      
 
+
    2.  
       Discard or quarantine the mail. 
      
+
 
    3.  
       Reject the mail (by sending a suitable status code back to
-    Postfix). Postfix will return the mail to the sender. 
      
+    Postfix). Postfix will send the mail back to the sender address. 
      
 
 
    
 
@@ -146,7 +149,8 @@ suspect so that a human can decide what to do with it. 
    
 
 
    Simple content filter example
    
 
-
     The first example is simple to set up.  Postfix receives
+
     The first example is simple to set up, but has major limitations
+that will be addressed in a second example.  Postfix receives
 unfiltered mail from the network with the smtpd(8) server, and
 delivers unfiltered mail to a content filter with the Postfix
 pipe(8) delivery agent.  The content filter injects filtered mail
@@ -282,21 +286,23 @@ document for an introduction to the Postfix architecture. 
    
 
 
      
 
-
    •  
       Line 8: The -G option does nothing before Postfix 2.3,
-otherwise it disables address rewriting of message headers. 
      
+
    •  
       Line 8: The -G option says the filter output is not a local
+mail submission: don't do silly things like appending the local
+domain name to addresses in message headers.  This option does
+nothing before Postfix version 2.3.  
      
 
 
    •  
       Line 8: The -i option says don't stop reading input when
 a line contains "." only.  
      
 
 
    •  
       Line 8: NEVER NEVER NEVER use the "-t" command-line option
-here. It will mis-deliver mail, like sending mailing list mail back
-to the mailing list. 
      
+here. It will mis-deliver mail, like sending messages from a mailing
+list back to the mailing list. 
      
 
 
    •  
       Line 21: The idea is to first capture the message to
 file and then run the content through a third-party content filter
 program. 
      
 
-
    •  
       Line 22: If the mail cannot be captured to file, mail
+
    •  
       Line 22: If the message cannot be captured to file, mail
 delivery is deferred by terminating with exit status 75 (EX_TEMPFAIL).
 Postfix places the message in the deferred mail queue and tries
 again later.  
      
@@ -306,13 +312,14 @@ program here that receives the content on standard input. 
      
 
 
    •  
       Line 26: If the content filter program finds a problem,
 the mail is bounced by terminating with exit status 69 (EX_UNAVAILABLE).
-Postfix will return the message to the sender as undeliverable.
+Postfix will send the message back to the sender as undeliverable
+mail.
 
      
 
-
    •  
       Note: in this time of mail worms and spam, it is a BAD
+
    •  
       NOTE: in this time of mail worms and spam, it is a BAD
 IDEA to send known viruses or spam back to the sender, because that
-address is likely to be forged. It is safer to discard known to be
-bad content and to quarantine suspicious content so that it can
+address is likely to be forged. It is safer to discard known viruses
+and to quarantine suspicious content so that it can
 be inspected by a human being. 
      
 
 
    •  
       Line 28: If the content is OK, it is given as input to
@@ -331,7 +338,7 @@ as input: 
      
 
 
      
 
      -% /path/to/script -f sender recipient... <message-file
+% /path/to/script -f sender -- recipient... <message-file
 
      
 
      
 
@@ -381,7 +388,7 @@ entry that defines the Postfix SMTP server: 
      
         -o content_filter=filter:dummy
 
    
 
-
     The "content_filter" line causes Postfix to add one content
+
     The "-o content_filter" line causes Postfix to add one content
 filter request record to each incoming mail message, with content
 "filter:dummy". This record overrides the normal mail routing
 and causes mail to be given to the content filter instead. 
    
@@ -432,7 +439,7 @@ for filtered mail. 
    
 Postfix SMTP server. 
    
 
 
  •  
     Execute "postsuper -r ALL" to remove content
-filter information from existing queue files. 
    
+filter request records from existing queue files. 
    
 
 
  •  
     Execute another "postfix reload". 
    
 
@@ -553,7 +560,9 @@ document for an introduction to the Postfix architecture. 
    
 
 
     The example given here filters all mail, including mail that
 arrives via SMTP and mail that is locally submitted via the Postfix
-sendmail command. See examples near the end of this document for
+sendmail command (local submissions enter Postfix via the pickup(8)
+server; to keep the figure simple we omit local submission details).
+See examples near the end of this document for
 how to exclude local users from filtering, or how to configure a
 destination dependent content filter. 
    
 
@@ -638,7 +647,7 @@ for more information. 
    
 
  •  
     The "-o disable_mime_output_conversion=yes" is a workaround
 that prevents the breaking of domainkeys and other digital signatures.
 This is needed because some SMTP-based content filters don't announce
-8BITMIME support, even though they can handle it just fine.  
    
+8BITMIME support, even though they can handle 8-bit mail. 
    
 
 
  •  
     The "-o smtp_generic_maps=" is a workaround that prevents
 local address rewriting with generic(5) maps. Such rewriting should
@@ -672,6 +681,10 @@ shell and home directory.  This user handles all potentially
 dangerous mail content - that is why it should be a separate account.
 
    
 
+
  •  
     By default, Postfix will terminate a command that runs
+longer than command_time_limit seconds (default: 1000s). This is a
+safety measure that prevents filters from running forever. 
    
+
 
 
 
     If you want to have your filter listening on port localhost:10025
@@ -711,15 +724,14 @@ that injects mail back into Postfix. 
    
 
 
      
 
-
    •  
       Note: do not use spaces around the "=" or "," characters. 
      
+
    •  
       NOTE: do not use spaces around the "=" or "," characters. 
      
 
-
    •  
       Note: the SMTP server must not have a smaller process
+
    •  
       NOTE: the SMTP server must not have a smaller process
 limit than the "filter" master.cf entry. 
      
 
 
    •  
       The "-o content_filter=" overrides main.cf settings, and
 requests no content filtering for mail from the content filter.
-This is required or else mail will stay in the content filtering
-loop. 
      
+This is required or else mail will loop. 
      
 
 
    •  
       The "-o receive_override_options" overrides main.cf settings
 to avoid duplicating work that was already done before the content
@@ -737,7 +749,7 @@ specified in main.cf: 
      
     
    •  
       We specify "no_milters" to disable Milter applications
     (this option is available only in Postfix 2.3 and later).  
      
 
-    
    •  
       We don't specify "no_address_mapping" here.  This
+    
    •  
       We don't specify "no_address_mappings" here.  This
     enables virtual alias expansion, canonical mappings, address
     masquerading, and other address mappings after the content
     filter. The main.cf setting of "receive_override_options"
@@ -794,7 +806,7 @@ when content filtering is turned off. 
      
 
    • 
 
 
  •  
     Execute "postsuper -r ALL" to remove content
-filter information from existing queue files. 
    
+filter request records from existing queue files. 
    
 
 
  •  
     Execute another "postfix reload". 
    
 
diff --git a/postfix/html/LDAP_README.html b/postfix/html/LDAP_README.html
index 6fe7ef71b..179ea74db 100644
--- a/postfix/html/LDAP_README.html
+++ b/postfix/html/LDAP_README.html
@@ -350,7 +350,7 @@ assume for the moment that groups never have a "maildrop" (the "bgroup"
 
    •  
 
 
     Note: if the desired member object result attribute is always also
-present in the group, you get suprising results, the expansion also
+present in the group, you get surprising results, the expansion also
 returns the address of the group. This is a known limitation of Postfix
 releases prior to 2.4, and is addressed in the new with Postfix 2.4
 "leaf_result_attribute" feature described in ldap_table(5). 
    
diff --git a/postfix/html/MILTER_README.html b/postfix/html/MILTER_README.html
index 1bbb5cce0..b0f637a89 100644
--- a/postfix/html/MILTER_README.html
+++ b/postfix/html/MILTER_README.html
@@ -28,9 +28,13 @@ this happens before mail is queued.  
    
 
     The reason for adding Milter support to Postfix is that there
 exists a large collection of applications, not only to block unwanted
 mail, but also to verify authenticity (examples: Domain keys
+identified mail, SenderID+SPF and
 Domain keys)
-or to digitally sign mail (example: Domain keys
+identified mail, Domain keys).
 Having yet another Postfix-specific version of all that software
 is a poor use of human and system resources. 
    
@@ -202,14 +206,14 @@ does. 
    
 
 
     On some Linux and *BSD distributions, the Sendmail libmilter
 library is installed by default. With this, applications such as
-dk-milter
+dkim-milter
 and sid-milter
 build out of the box without requiring any tinkering:
    
 
 
    
 
    -$ gzcat dk-milter-x.y.z.tar.gz | tar xf -
-$ cd dk-milter-x.y.z
+$ gzcat dkim-milter-x.y.z.tar.gz | tar xf -
+$ cd dkim-milter-x.y.z
 $ make
 [...lots of output omitted...]
 
    
@@ -260,7 +264,7 @@ for options.  A typical command looks like this:
    
 
 
    
 
    -# /some/where/dk-filter -u userid -p inet:portnumber@localhost ...other options...
+# /some/where/dkim-filter -u userid -p inet:portnumber@localhost ...other options...
 
    
 
    
 
@@ -652,23 +656,70 @@ X-SenderID: Sendmail Sender-ID Filter vx.y.z host.example.com <unknown-msgid&
    • -

    This happens because some Milter applications expect that the +

    This happens because those Milter applications expect that the queue ID is known before the MTA accepts the MAIL FROM (sender) command. Postfix, on the other hand, does not choose a queue file name until after it accepts the first valid RCPT -TO (recipient) command. Postfix queue file names must be unique +TO (recipient) command (Postfix queue file names must be unique across multiple directories, so the name can't be chosen before the -file is created. If multiple messages were to use the same queue -ID simultaneously, mail would be lost.

    +file is created; if multiple messages were to use the same queue +ID simultaneously, mail would be lost).

    -

    To work around the ugly message header from Milter applications, -we add a little code to the Milter source to look up the queue ID -after Postfix receives the end of the message.

    + + +

    Fixing the ugly header maybe as simple as upgrading to a recent +version of the Milter application. For example, current versions +of dkim-filter and dk-filter have code that looks up the Postfix +queue ID at a later protocol stage.

    + +

    To fix the ugly message header with sid-filter applications, +we change the source code, so that it does the queue ID lookup after +Postfix receives the end of the message.

    + +
      + +

    • Edit the filter source file (named +sid-filter/sid-filter.c).

      + +

    • Look up the smfilter table and replace +mlfi_eoh by NULL. +

      + +

    • Look up the mlfi_eom() function and add code near +the top that calls mlfi_eoh() as shown by the bold +text below:

      + +
    + +
    +
    +        assert(ctx != NULL);
+#endif /* !DEBUG */
+
+        ret = mlfi_eoh(ctx);
+        if (ret != SMFIS_CONTINUE)
+                return ret;
+
    +
    + +

    NOTES:

    + +
      + +

    • This was tested with sid-milter-0.2.10 and sid-milter-0.2.14.

      + +

    • This fixes only the ugly message header, but not the WARNING +message. Fortunately, sid-milter logs that message only once.

      + +
    + +

    To fix the ugly message header with other Milter applications, +you will need to do something like this:

    • Edit the filter source file (typically named -dk-filter/dk-filter.c or similar).

      +xxx-filter/xxx-filter.c or similar).

    • Look up the mlfi_eom() function and add code near the top shown as bold text below:

      @@ -700,43 +751,7 @@ variables. If the above code does not compile, look for the code at the start of the mlfi_eoh() routine.

    • This fixes only the ugly message header, but not the WARNING -message. Fortunately, dk-filter logs that message only once.

      - -
    - -

    With some Milter applications we can fix both the WARNING and -the "unknown-msgid" by postponing the call of mlfi_eoh() -(or whatever routine logs the WARNING) until the end of the message. -

    - -
      - -

    • Edit the filter source file (typically named -sid-filter/sid-filter.c or similar).

      - -

    • Look up the smfilter table and replace -mlfi_eoh (or whatever routine logs the WARNING) by NULL. -

      - -

    • Look up the mlfi_eom() function and add code near -the top that calls mlfi_eoh() as shown by the bold -text below:

      - -
    - -
    -
    -        assert(ctx != NULL);
-#endif /* !DEBUG */
-
-        ret = mlfi_eoh(ctx);
-        if (ret != SMFIS_CONTINUE)
-                return ret;
-
    -
    - -

    This works with sid-milter-0.2.10. Other Milter applications -will dump core when you do this.

    +message. Fortunately, many Milters log that message only once.

    diff --git a/postfix/html/PACKAGE_README.html b/postfix/html/PACKAGE_README.html index 9d385cbfd..d06e8810d 100644 --- a/postfix/html/PACKAGE_README.html +++ b/postfix/html/PACKAGE_README.html @@ -26,9 +26,9 @@ Postfix distributions for general use.

    General distributions: please provide a small default main.cf file

    -

    The installed main.cf file must be small. PLEASE resist the -temptation to list all 400+ parameters in the main.cf file. Postfix -is supposed to be easy to configure. Listing all 400+ in main.cf +

    The installed main.cf file must be small. PLEASE resist the +temptation to list all parameters in the main.cf file. Postfix +is supposed to be easy to configure. Listing all parameters in main.cf defeats the purpose. It is an invitation for hobbyists to make random changes without understanding what they do, and gets them into endless trouble.

    @@ -70,7 +70,7 @@ script directly (% sh post-install).

    You will be prompted for installation parameters. Specify an install_root directory other than /. The mail_owner and setgid_group -installation parameter settings will be recorded in the main.cf +installation parameter settings will be recorded in the main.cf file, but they won't take effect until the package is unpacked and installed on the destination machine.

    diff --git a/postfix/html/SMTPD_POLICY_README.html b/postfix/html/SMTPD_POLICY_README.html index 0e0a21c45..51b011c4a 100644 --- a/postfix/html/SMTPD_POLICY_README.html +++ b/postfix/html/SMTPD_POLICY_README.html @@ -164,7 +164,7 @@ etrn_domain= These attributes are empty in case of no certificate authentication. As of Postfix 2.2.11 these attribute values are encoded as xtext: some characters are represented by +XX, where XX is the - two-digit hecadecimal representation of the character value. + two-digit hexadecimal representation of the character value.

  • The "encryption_*" attributes (Postfix 2.3 and later) diff --git a/postfix/html/TUNING_README.html b/postfix/html/TUNING_README.html index 6a837a4dc..b08d24914 100644 --- a/postfix/html/TUNING_README.html +++ b/postfix/html/TUNING_README.html @@ -224,8 +224,8 @@ seconds or $smtpd_error_sleep_t

    Measures against clients that make too many connections

    -

    Note: the anvil(8) service was introduced with Postfix version -2.2.

    +

    Note: these features use the Postfix anvil(8) service, introduced +with Postfix version 2.2.

    The Postfix smtpd(8) server can limit the number of simultaneous connections from the same SMTP client, as well as the number of @@ -233,34 +233,47 @@ connections that a client is allowed to make per unit time. These statistics are maintained by the anvil(8) server (translation: if anvil(8) breaks, then connection limits stop working).

    -

    IMPORTANT: These limits are designed to protect the smtpd(8) server -against flagrant abuse. Do not use these limits to regulate legitimate -traffic: mail will suffer grotesque delays if you do so.

    +

    IMPORTANT: These limits must not be used to regulate legitimate +traffic: mail will suffer grotesque delays if you do so. The limits +are designed to protect the smtpd(8) server against abuse by +out-of-control clients.

    - +
    smtpd_client_event_limit_exceptions (default: $mynetworks) +
    SMTP clients that are excluded from connection and rate +limits specified above.
    + + + +

    General mail delivery performance tips

    @@ -360,7 +373,7 @@ is not useful. Another good reason to limit delivery concurrency to the same recipient: if the recipient has an expensive shell command in her .forward file, or if the recipient is a mailing list manager, you don't want to run too many instances of those processes -the same time.

    +at the same time.

  • The default smtp_destination_concurrency_limit of 20 seems enough to noticeably load a system without bringing it to its knees. @@ -465,10 +478,12 @@ some amount of time.

    -
    queue_run_delay (default: 1000 seconds)
    How often +
    queue_run_delay (default: 300 seconds; before Postfix 2.4: +1000s)
    How often the queue manager scans the queue for deferred mail.
    -
    minimal_backoff_time (default: 1000 seconds)
    The +
    minimal_backoff_time (default: 300 seconds; before Postfix +2.4: 1000s)
    The minimal amount of time a message won't be looked at, and the minimal amount of time to stay away from a "dead" destination.
    @@ -519,7 +534,8 @@ that usually requires timing out one or more SMTP connections.

    always better than increasing the frequency of delivery attempts. However, if you can control only the delivery attempt frequency, consider using a dedicated fallback_relay "graveyard" machine for -bad destinations so that they do not ruin the performance of normal +bad destinations, so that these destinations do not ruin the +performance of normal mail deliveries.

    Tuning the number of Postfix processes

    @@ -573,6 +589,20 @@ errors.

      +

    • Depending on your Postfix and operating system versions +you may need to recompile Postfix if you need more than 1024 file +descriptors per process:

      + +

      • No recompilation is needed for Postfix version 2.4 +and later, when it was compiled for systems that support BSD kqueue(2) +(FreeBSD 4.1, NetBSD 2.0, OpenBSD 2.9), Solaris 8 /dev/poll, or +Linux 2.6 epoll(4).

        + +

      • Otherwise, Postfix needs to be recompiled to override the +default FD_SETSIZE value.

        + +
      +

    • Reduce the number of processes as described under "Tuning the number of Postfix processes" above. Fewer processes need fewer open files and sockets.

      @@ -585,7 +615,8 @@ with your system tuning guide:

      • Some FreeBSD kernel parameters can be specified in -/boot/loader.conf, and some can be changed with sysctl commands. +/boot/loader.conf, and some can be specified in /etc/sysctl.conf +or changed with sysctl commands. Which is which depends on the version.

        @@ -598,7 +629,7 @@ kern.maxfilesperproc="16384"

      • Linux kernel parameters can be specified in /etc/sysctl.conf -and can also be changed with sysctl commands:

        +or changed with sysctl commands: 

         fs.file-max=16384
@@ -607,7 +638,7 @@ kernel.threads-max=2048
 
 
      •  
         Solaris kernel parameters can be specified in /etc/system,
 as described in the Solaris
+href="http://www.science.uva.nl/pub/solaris/solaris2.html#q3.48">Solaris
 FAQ entry titled "How can I increase the number of file
 descriptors per process?" 
        
 
diff --git a/postfix/html/ULTRIX_README.html b/postfix/html/ULTRIX_README.html
deleted file mode 100644
index b2fb39c4e..000000000
--- a/postfix/html/ULTRIX_README.html
+++ /dev/null
@@ -1,71 +0,0 @@
-
-
-
-
-
-
-Postfix and Ultrix 
-
-
-
-
-
-
-
-
        Postfix and Ultrix 
        
-
-
        
-
-
         Postfix on Ultrix 
        
-
-
         This document is probably only of historical value, because
-Ultrix version 4 dates from the early 1990s. However, as long as
-Wietse keeps Postfix alive for SunOS 4, it is likely to run on
-Ultrix 4 with very little change. Feedback is welcome if anyone
-actually still uses Postfix on any version of Ultrix. 
        
-
-
         The source of this document is an email message by Christian von Roques
-that was sent on Jun 2, 1999. 
        
-
-
         
-
-
         I've upgraded the MTA of our DECstation-3100 running Ultrix4.3a to
-postfix-19990317-pl05 and am sending you the patches I needed to get
-it running under Ultrix. 
        
-
-
         . . . 
        
-
-
         One of the bugs of Ultrix's /bin/sh is that shell-variables
-set in arguments of `:' expand to garbage if expanded in here-documents.
-Using a different shell helps.  I needed to replace all calls of
-``sh .../makedefs'' by ``$(SHELL) .../makedefs'' in all the
-Makefile.in and am now able to use ``make SHELL=/bin/sh5'' or zsh.
-
-
         . . . 
        
-
-
         Ultrix's FD_SET_SIZE is 4096, but getdtablesize()
-returns 64 by default, if not increased when building a new
-kernel.  getrlimit() doesn't know RLIMIT_NOFILE.  This makes
-event_init() always log the warning: `could allocate space for
-only 64 open files'. 
        
-
-
         I just reduced the threshold from 256 to 64, but this is not good.
-The initial problem still remains: How to disable this warning on
-Ultrix without making the source ugly?   
        
-
-
        
-
-
         To work around the first problem, all the Makefile.in files
-have been updated to use `$(SHELL)' instead of `sh'. So you only
-need to supply a non-default shell in order to eliminate Ultrix
-shell trouble.  
        
-
-
         To work around the latter, util/sys_defs.h was updated for
-Ultrix, with a default FD_SETSIZE of 100.  This should be sufficient
-for a workstation. Even in 1999, no-one would run a major mail hub
-on Ultrix 4. 
        
-
-
-
-
diff --git a/postfix/html/access.5.html b/postfix/html/access.5.html
index f4ccec1f9..143ab57d9 100644
--- a/postfix/html/access.5.html
+++ b/postfix/html/access.5.html
@@ -17,34 +17,35 @@ ACCESS(5)                                                            ACCESS(5)
        postmap -q - /etc/postfix/access <inputfile
 
 DESCRIPTION
-       The  Postfix SMTP server supports access control on remote
-       SMTP client information: host  names,  network  addresses,
-       and   envelope   sender   or   recipient  addresses.   See
-       header_checks(5) or body_checks(5) for access  control  on
-       the content of email messages.
+       This  document  describes  access  control  on remote SMTP
+       client information: host  names,  network  addresses,  and
+       envelope  sender or recipient addresses; it is implemented
+       by the  Postfix  SMTP  server.   See  header_checks(5)  or
+       body_checks(5)  for access control on the content of email
+       messages.
 
-       Normally,  the access(5) table is specified as a text file
-       that serves as  input  to  the  postmap(1)  command.   The
-       result,  an  indexed file in dbm or db format, is used for
-       fast searching by the mail  system.  Execute  the  command
-       "postmap  /etc/postfix/access"  to rebuild an indexed file
+       Normally, the access(5) table is specified as a text  file
+       that  serves  as  input  to  the  postmap(1) command.  The
+       result, an indexed file in dbm or db format, is  used  for
+       fast  searching  by  the  mail system. Execute the command
+       "postmap /etc/postfix/access" to rebuild an  indexed  file
        after changing the corresponding text file.
 
-       When the table is provided via other means  such  as  NIS,
-       LDAP  or  SQL,  the  same lookups are done as for ordinary
+       When  the  table  is provided via other means such as NIS,
+       LDAP or SQL, the same lookups are  done  as  for  ordinary
        indexed files.
 
-       Alternatively, the table can be  provided  as  a  regular-
+       Alternatively,  the  table  can  be provided as a regular-
        expression map where patterns are given as regular expres-
-       sions, or lookups can be directed to TCP-based server.  In
-       those  cases, the lookups are done in a slightly different
-       way as described below under "REGULAR  EXPRESSION  TABLES"
+       sions,  or lookups can be directed to TCP-based server. In
+       those cases, the lookups are done in a slightly  different
+       way  as  described below under "REGULAR EXPRESSION TABLES"
        or "TCP-BASED TABLES".
 
 CASE FOLDING
-       The  search  string is folded to lowercase before database
-       lookup. As of Postfix 2.3, the search string is  not  case
-       folded  with database types such as regexp: or pcre: whose
+       The search string is folded to lowercase  before  database
+       lookup.  As  of Postfix 2.3, the search string is not case
+       folded with database types such as regexp: or pcre:  whose
        lookup fields can match both upper and lower case.
 
 TABLE FORMAT
@@ -55,53 +56,53 @@ ACCESS(5)                                                            ACCESS(5)
               address, perform the corresponding action.
 
        blank lines and comments
-              Empty lines and whitespace-only lines are  ignored,
-              as  are  lines whose first non-whitespace character
+              Empty  lines and whitespace-only lines are ignored,
+              as are lines whose first  non-whitespace  character
               is a `#'.
 
        multi-line text
-              A logical line starts with non-whitespace  text.  A
-              line  that starts with whitespace continues a logi-
+              A  logical  line starts with non-whitespace text. A
+              line that starts with whitespace continues a  logi-
               cal line.
 
 EMAIL ADDRESS PATTERNS
        With lookups from indexed files such as DB or DBM, or from
-       networked  tables  such  as NIS, LDAP or SQL, patterns are
+       networked tables such as NIS, LDAP or  SQL,  patterns  are
        tried in the order as listed below:
 
        user@domain
               Matches the specified mail address.
 
        domain.tld
-              Matches domain.tld as the domain part of  an  email
+              Matches  domain.tld  as the domain part of an email
               address.
 
               The pattern domain.tld also matches subdomains, but
               only when the string smtpd_access_maps is listed in
-              the  Postfix  parent_domain_matches_subdomains con-
-              figuration setting (note that this is  the  default
-              for  some versions of Postfix).  Otherwise, specify
-              .domain.tld (note the  initial  dot)  in  order  to
+              the Postfix  parent_domain_matches_subdomains  con-
+              figuration  setting  (note that this is the default
+              for some versions of Postfix).  Otherwise,  specify
+              .domain.tld  (note  the  initial  dot)  in order to
               match subdomains.
 
-       user@  Matches  all mail addresses with the specified user
+       user@  Matches all mail addresses with the specified  user
               part.
 
-       Note: lookup of the null sender address  is  not  possible
-       with  some types of lookup table. By default, Postfix uses
-       <> as the lookup key for  such  addresses.  The  value  is
-       specified  with the smtpd_null_access_lookup_key parameter
+       Note:  lookup  of  the null sender address is not possible
+       with some types of lookup table. By default, Postfix  uses
+       <>  as  the  lookup  key  for such addresses. The value is
+       specified with the smtpd_null_access_lookup_key  parameter
        in the Postfix main.cf file.
 
 EMAIL ADDRESS EXTENSION
        When a mail address localpart contains the optional recip-
-       ient  delimiter  (e.g., user+foo@domain), the lookup order
-       becomes: user+foo@domain, user@domain, domain,  user+foo@,
+       ient delimiter (e.g., user+foo@domain), the  lookup  order
+       becomes:  user+foo@domain, user@domain, domain, user+foo@,
        and user@.
 
 HOST NAME/ADDRESS PATTERNS
        With lookups from indexed files such as DB or DBM, or from
-       networked tables such as NIS, LDAP or SQL,  the  following
+       networked  tables  such as NIS, LDAP or SQL, the following
        lookup patterns are examined in the order as listed:
 
        domain.tld
@@ -109,9 +110,9 @@ ACCESS(5)                                                            ACCESS(5)
 
               The pattern domain.tld also matches subdomains, but
               only when the string smtpd_access_maps is listed in
-              the  Postfix  parent_domain_matches_subdomains con-
+              the Postfix  parent_domain_matches_subdomains  con-
               figuration setting.  Otherwise, specify .domain.tld
-              (note  the  initial  dot)  in order to match subdo-
+              (note the initial dot) in  order  to  match  subdo-
               mains.
 
        net.work.addr.ess
@@ -120,21 +121,21 @@ ACCESS(5)                                                            ACCESS(5)
 
        net.work
 
-       net    Matches the specified IPv4 host address or  subnet-
-              work.  An  IPv4  host address is a sequence of four
+       net    Matches  the specified IPv4 host address or subnet-
+              work. An IPv4 host address is a  sequence  of  four
               decimal octets separated by ".".
 
-              Subnetworks are matched  by  repeatedly  truncating
+              Subnetworks  are  matched  by repeatedly truncating
               the last ".octet" from the remote IPv4 host address
-              string until a match is found in the access  table,
+              string  until a match is found in the access table,
               or until further truncation is not possible.
 
               NOTE 1: The information in the access map should be
               in canonical form, with unnecessary null characters
-              eliminated.    Address   information  must  not  be
+              eliminated.   Address  information  must   not   be
               enclosed with "[]" characters.
 
-              NOTE 2: use the cidr lookup table type  to  specify
+              NOTE  2:  use the cidr lookup table type to specify
               network/netmask  patterns.  See  cidr_table(5)  for
               details.
 
@@ -144,12 +145,12 @@ ACCESS(5)                                                            ACCESS(5)
 
        net:work
 
-       net    Matches the specified IPv6 host address or  subnet-
-              work.  An  IPv6 host address is a sequence of three
-              to eight hexadecimal octet pairs separated by  ":".
+       net    Matches  the specified IPv6 host address or subnet-
+              work. An IPv6 host address is a sequence  of  three
+              to  eight hexadecimal octet pairs separated by ":".
 
-              Subnetworks  are  matched  by repeatedly truncating
-              the last ":octetpair" from  the  remote  IPv6  host
+              Subnetworks are matched  by  repeatedly  truncating
+              the  last  ":octetpair"  from  the remote IPv6 host
               address string until a match is found in the access
               table, or until further truncation is not possible.
 
@@ -159,10 +160,10 @@ ACCESS(5)                                                            ACCESS(5)
 
               NOTE 2: The information in the access map should be
               in canonical form, with unnecessary null characters
-              eliminated.    Address   information  must  not  be
+              eliminated.   Address  information  must   not   be
               enclosed with "[]" characters.
 
-              NOTE 3: use the cidr lookup table type  to  specify
+              NOTE  3:  use the cidr lookup table type to specify
               network/netmask  patterns.  See  cidr_table(5)  for
               details.
 
@@ -173,48 +174,48 @@ ACCESS(5)                                                            ACCESS(5)
 
        all-numerical
               An all-numerical result is treated as OK. This for-
-              mat is generated by address-based relay  authoriza-
+              mat  is generated by address-based relay authoriza-
               tion schemes such as pop-before-smtp.
 
 REJECT ACTIONS
-       Postfix  version  2.3  and  later  support enhanced status
-       codes as defined in RFC 3463.  When no code  is  specified
-       at  the  beginning  of  the  text below, Postfix inserts a
-       default enhanced status code of "5.7.1"  in  the  case  of
-       reject  actions, and "4.7.1" in the case of defer actions.
+       Postfix version 2.3  and  later  support  enhanced  status
+       codes  as  defined in RFC 3463.  When no code is specified
+       at the beginning of the  text  below,  Postfix  inserts  a
+       default  enhanced  status  code  of "5.7.1" in the case of
+       reject actions, and "4.7.1" in the case of defer  actions.
        See "ENHANCED STATUS CODES" below.
 
        4NN text
 
        5NN text
-              Reject the address etc. that matches  the  pattern,
+              Reject  the  address etc. that matches the pattern,
               and respond with the numerical three-digit code and
-              text. 4NN means "try again later", while 5NN  means
+              text.  4NN means "try again later", while 5NN means
               "do not try again".
 
-              The  reply  code "421" causes Postfix to disconnect
+              The reply code "421" causes Postfix  to  disconnect
               immediately (Postfix version 2.3 and later).
 
        REJECT optional text...
-              Reject the address etc. that matches  the  pattern.
-              Reply  with  $reject_code optional text... when the
-              optional text is specified, otherwise reply with  a
+              Reject  the  address etc. that matches the pattern.
+              Reply with $reject_code optional text...  when  the
+              optional  text is specified, otherwise reply with a
               generic error response message.
 
        DEFER_IF_REJECT optional text...
-              Defer  the  request if some later restriction would
-              result in a REJECT action. Reply  with  "450  4.7.1
-              optional  text...  when the optional text is speci-
+              Defer the request if some later  restriction  would
+              result  in  a  REJECT action. Reply with "450 4.7.1
+              optional text... when the optional text  is  speci-
               fied, otherwise reply with a generic error response
               message.
 
               This feature is available in Postfix 2.1 and later.
 
        DEFER_IF_PERMIT optional text...
-              Defer the request if some later  restriction  would
-              result  in a an explicit or implicit PERMIT action.
-              Reply with "450 4.7.1  optional  text...  when  the
-              optional  text is specified, otherwise reply with a
+              Defer  the  request if some later restriction would
+              result in a an explicit or implicit PERMIT  action.
+              Reply  with  "450  4.7.1  optional text... when the
+              optional text is specified, otherwise reply with  a
               generic error response message.
 
               This feature is available in Postfix 2.1 and later.
@@ -225,158 +226,158 @@ ACCESS(5)                                                            ACCESS(5)
               reject_unauth_destination, and so on).
 
        DISCARD optional text...
-              Claim successful delivery and silently discard  the
-              message.   Log the optional text if specified, oth-
+              Claim  successful delivery and silently discard the
+              message.  Log the optional text if specified,  oth-
               erwise log a generic message.
 
-              Note: this action currently affects all  recipients
-              of  the  message.   To  discard  only one recipient
-              without discarding  the  entire  message,  use  the
+              Note:  this action currently affects all recipients
+              of the message.   To  discard  only  one  recipient
+              without  discarding  the  entire  message,  use the
               transport(5) table to direct mail to the discard(8)
               service.
 
               This feature is available in Postfix 2.0 and later.
 
-       DUNNO  Pretend  that  the  lookup  key was not found. This
-              prevents Postfix  from  trying  substrings  of  the
-              lookup  key (such as a subdomain name, or a network
+       DUNNO  Pretend that the lookup key  was  not  found.  This
+              prevents  Postfix  from  trying  substrings  of the
+              lookup key (such as a subdomain name, or a  network
               address subnetwork).
 
               This feature is available in Postfix 2.0 and later.
 
        FILTER transport:destination
-              After  the  message is queued, send the entire mes-
+              After the message is queued, send the  entire  mes-
               sage through the specified external content filter.
-              The  transport:destination  syntax  is described in
-              the transport(5)  manual  page.   More  information
-              about  external  content  filters is in the Postfix
+              The transport:destination syntax  is  described  in
+              the  transport(5)  manual  page.   More information
+              about external content filters is  in  the  Postfix
               FILTER_README file.
 
-              Note:  this  action  overrides  the  main.cf   con-
-              tent_filter  setting,  and  currently  affects  all
-              recipients of the message.
+              Note: this action overrides the content_filter set-
+              ting, and currently affects all recipients  of  the
+              message.
 
               This feature is available in Postfix 2.0 and later.
 
        HOLD optional text...
-              Place  the message on the hold queue, where it will
-              sit until someone either deletes it or releases  it
-              for  delivery.  Log the optional text if specified,
+              Place the message on the hold queue, where it  will
+              sit  until someone either deletes it or releases it
+              for delivery.  Log the optional text if  specified,
               otherwise log a generic message.
 
-              Mail that is placed on hold can  be  examined  with
-              the  postcat(1)  command,  and  can be destroyed or
+              Mail  that  is  placed on hold can be examined with
+              the postcat(1) command, and  can  be  destroyed  or
               released with the postsuper(1) command.
 
-              Note: use "postsuper -r" to release mail  that  was
-              kept  on  hold for a significant fraction of $maxi-
+              Note:  use  "postsuper -r" to release mail that was
+              kept on hold for a significant fraction  of  $maxi-
               mal_queue_lifetime  or  $bounce_queue_lifetime,  or
-              longer.  Use "postsuper -H" only for mail that will
+              longer. Use "postsuper -H" only for mail that  will
               not expire within a few delivery attempts.
 
-              Note: this action currently affects all  recipients
+              Note:  this action currently affects all recipients
               of the message.
 
               This feature is available in Postfix 2.0 and later.
 
        PREPEND headername: headervalue
-              Prepend the specified message header  to  the  mes-
-              sage.   When more than one PREPEND action executes,
-              the first prepended header appears before the  sec-
+              Prepend  the  specified  message header to the mes-
+              sage.  When more than one PREPEND action  executes,
+              the  first prepended header appears before the sec-
               ond etc. prepended header.
 
-              Note:  this  action must execute before the message
-              content is received; it cannot execute in the  con-
+              Note: this action must execute before  the  message
+              content  is received; it cannot execute in the con-
               text of smtpd_end_of_data_restrictions.
 
               This feature is available in Postfix 2.1 and later.
 
        REDIRECT user@domain
-              After the message is queued, send  the  message  to
+              After  the  message  is queued, send the message to
               the  specified  address  instead  of  the  intended
               recipient(s).
 
-              Note: this action overrides the FILTER action,  and
+              Note:  this action overrides the FILTER action, and
               currently affects all recipients of the message.
 
               This feature is available in Postfix 2.1 and later.
 
        WARN optional text...
               Log a warning with the optional text, together with
-              client  information  and  if  available, with helo,
+              client information and  if  available,  with  helo,
               sender, recipient and protocol information.
 
               This feature is available in Postfix 2.1 and later.
 
 ENHANCED STATUS CODES
-       Postfix  version  2.3  and  later  support enhanced status
-       codes as defined in RFC 3463.   When  an  enhanced  status
-       code  is  specified  in  an access table, it is subject to
-       modification. The  following  transformations  are  needed
-       when  the  same  access  table  is  used for client, helo,
-       sender, or  recipient  access  restrictions;  they  happen
+       Postfix version 2.3  and  later  support  enhanced  status
+       codes  as  defined  in  RFC 3463.  When an enhanced status
+       code is specified in an access table,  it  is  subject  to
+       modification.  The  following  transformations  are needed
+       when the same access  table  is  used  for  client,  helo,
+       sender,  or  recipient  access  restrictions;  they happen
        regardless of whether Postfix replies to a MAIL FROM, RCPT
        TO or other SMTP command.
 
-       o      When a sender address matches a REJECT action,  the
-              Postfix  SMTP server will transform a recipient DSN
-              status (e.g., 4.1.1-4.1.6) into  the  corresponding
+       o      When  a sender address matches a REJECT action, the
+              Postfix SMTP server will transform a recipient  DSN
+              status  (e.g.,  4.1.1-4.1.6) into the corresponding
               sender DSN status, and vice versa.
 
-       o      When   non-address  information  matches  a  REJECT
-              action (such as the HELO command  argument  or  the
-              client  hostname/address),  the Postfix SMTP server
-              will transform a sender  or  recipient  DSN  status
-              into   a  generic  non-address  DSN  status  (e.g.,
+       o      When  non-address  information  matches  a   REJECT
+              action  (such  as  the HELO command argument or the
+              client hostname/address), the Postfix  SMTP  server
+              will  transform  a  sender  or recipient DSN status
+              into  a  generic  non-address  DSN  status   (e.g.,
               4.0.0).
 
 REGULAR EXPRESSION TABLES
-       This section describes how the table lookups  change  when
+       This  section  describes how the table lookups change when
        the table is given in the form of regular expressions. For
-       a description of regular expression lookup  table  syntax,
+       a  description  of regular expression lookup table syntax,
        see regexp_table(5) or pcre_table(5).
 
-       Each  pattern  is  a regular expression that is applied to
+       Each pattern is a regular expression that  is  applied  to
        the entire string being looked up. Depending on the appli-
-       cation,  that  string  is  an  entire  client hostname, an
+       cation, that string  is  an  entire  client  hostname,  an
        entire client IP address, or an entire mail address. Thus,
        no  parent  domain  or  parent  network  search  is  done,
-       user@domain mail addresses are not broken  up  into  their
+       user@domain  mail  addresses  are not broken up into their
        user@ and domain constituent parts, nor is user+foo broken
        up into user and foo.
 
-       Patterns are applied in the order as specified in the  ta-
-       ble,  until  a  pattern  is  found that matches the search
+       Patterns  are applied in the order as specified in the ta-
+       ble, until a pattern is  found  that  matches  the  search
        string.
 
-       Actions are the same as with indexed  file  lookups,  with
-       the  additional feature that parenthesized substrings from
+       Actions  are  the  same as with indexed file lookups, with
+       the additional feature that parenthesized substrings  from
        the pattern can be interpolated as $1, $2 and so on.
 
 TCP-BASED TABLES
-       This section describes how the table lookups  change  when
+       This  section  describes how the table lookups change when
        lookups are directed to a TCP-based server. For a descrip-
        tion of the TCP client/server lookup protocol, see tcp_ta-
        ble(5).  This feature is not available up to and including
        Postfix version 2.4.
 
-       Each lookup operation uses the entire query  string  once.
-       Depending  on  the  application,  that string is an entire
+       Each  lookup  operation uses the entire query string once.
+       Depending on the application, that  string  is  an  entire
        client hostname, an entire client IP address, or an entire
-       mail  address.   Thus,  no parent domain or parent network
-       search is done, user@domain mail addresses are not  broken
-       up  into  their user@ and domain constituent parts, nor is
+       mail address.  Thus, no parent domain  or  parent  network
+       search  is done, user@domain mail addresses are not broken
+       up into their user@ and domain constituent parts,  nor  is
        user+foo broken up into user and foo.
 
        Actions are the same as with indexed file lookups.
 
 EXAMPLE
-       The following example uses an indexed file,  so  that  the
-       order  of  table entries does not matter. The example per-
-       mits access by the client at address 1.2.3.4  but  rejects
-       all  other  clients  in 1.2.3.0/24. Instead of hash lookup
-       tables, some systems use dbm.  Use the  command  "postconf
-       -m"  to  find  out  what lookup tables Postfix supports on
+       The  following  example  uses an indexed file, so that the
+       order of table entries does not matter. The  example  per-
+       mits  access  by the client at address 1.2.3.4 but rejects
+       all other clients in 1.2.3.0/24. Instead  of  hash  lookup
+       tables,  some  systems use dbm.  Use the command "postconf
+       -m" to find out what lookup  tables  Postfix  supports  on
        your system.
 
        /etc/postfix/main.cf:
@@ -391,7 +392,7 @@ ACCESS(5)                                                            ACCESS(5)
        editing the file.
 
 BUGS
-       The table format does not understand quoting  conventions.
+       The  table format does not understand quoting conventions.
 
 SEE ALSO
        postmap(1), Postfix lookup table manager
@@ -404,7 +405,7 @@ ACCESS(5)                                                            ACCESS(5)
        DATABASE_README, Postfix lookup table overview
 
 LICENSE
-       The Secure Mailer license must be  distributed  with  this
+       The  Secure  Mailer  license must be distributed with this
        software.
 
 AUTHOR(S)
diff --git a/postfix/html/header_checks.5.html b/postfix/html/header_checks.5.html
index a456be7c9..c9e39d2f0 100644
--- a/postfix/html/header_checks.5.html
+++ b/postfix/html/header_checks.5.html
@@ -7,7 +7,7 @@
 HEADER_CHECKS(5)                                              HEADER_CHECKS(5)
 
 NAME
-       header_checks - Postfix built-in header/body inspection
+       header_checks - Postfix built-in content inspection
 
 SYNOPSIS
        header_checks = pcre:/etc/postfix/header_checks
@@ -19,48 +19,49 @@ HEADER_CHECKS(5)                                              HEADER_CHECKS(5)
        postmap -fq - pcre:/etc/postfix/filename <inputfile
 
 DESCRIPTION
-       The  Postfix  cleanup(8) server supports access control on
-       the content of message headers  and  message  body  lines.
-       See  access(5)  for  access  control on remote SMTP client
+       This  document  describes access control on the content of
+       message headers and message body lines; it is  implemented
+       by  the  Postfix  cleanup(8) server before mail is queued.
+       See access(5) for access control  on  remote  SMTP  client
        information.
 
-       Each message header  or  message  body  line  is  compared
-       against  a  list  of  patterns.  When a match is found the
+       Each  message  header  or  message  body  line is compared
+       against a list of patterns.  When a  match  is  found  the
        corresponding action is executed, and the matching process
-       is  repeated  for  the next message header or message body
+       is repeated for the next message header  or  message  body
        line.
 
-       For examples, see the EXAMPLES section at the end of  this
+       For  examples, see the EXAMPLES section at the end of this
        manual page.
 
        Postfix header or body_checks are designed to stop a flood
-       of mail from worms or viruses; they do not decode  attach-
-       ments,  and  they do not unzip archives. See the documents
-       referenced below in the README FILES section if  you  need
+       of  mail from worms or viruses; they do not decode attach-
+       ments, and they do not unzip archives. See  the  documents
+       referenced  below  in the README FILES section if you need
        more sophisticated content analysis.
 
        Postfix supports four built-in content inspection classes:
 
        header_checks
-              These  are  applied  to  initial  message   headers
-              (except  for  the  headers  that are processed with
+              These   are  applied  to  initial  message  headers
+              (except for the headers  that  are  processed  with
               mime_header_checks).
 
        mime_header_checks (default: $header_checks)
-              These are applied to MIME related  message  headers
+              These  are  applied to MIME related message headers
               only.
 
               This feature is available in Postfix 2.0 and later.
 
        nested_header_checks (default: $header_checks)
-              These are applied to message  headers  of  attached
-              email  messages  (except  for  the headers that are
+              These  are  applied  to message headers of attached
+              email messages (except for  the  headers  that  are
               processed with mime_header_checks).
 
               This feature is available in Postfix 2.0 and later.
 
        body_checks
-              These  are  applied to all other content, including
+              These are applied to all other  content,  including
               multi-part message boundaries.
 
               With Postfix versions before 2.0, all content after
@@ -68,73 +69,73 @@ HEADER_CHECKS(5)                                              HEADER_CHECKS(5)
               tent.
 
        Note: message headers are examined one logical header at a
-       time,  even  when  a  message header spans multiple lines.
+       time, even when a message  header  spans  multiple  lines.
        Body lines are always examined one line at a time.
 
 TABLE FORMAT
-       This document assumes that header  and  body_checks  rules
-       are  specified  in  the form of Postfix regular expression
-       lookup tables. Usually the best  performance  is  obtained
+       This  document  assumes  that header and body_checks rules
+       are specified in the form of  Postfix  regular  expression
+       lookup  tables.  Usually  the best performance is obtained
        with pcre (Perl Compatible Regular Expression) tables, but
-       the slower regexp (POSIX regular expressions)  support  is
-       more  widely  available.  Use the command "postconf -m" to
-       find out what lookup table types your Postfix system  sup-
+       the  slower  regexp (POSIX regular expressions) support is
+       more widely available.  Use the command "postconf  -m"  to
+       find  out what lookup table types your Postfix system sup-
        ports.
 
        The general format of Postfix regular expression tables is
-       given below.  For a  discussion  of  specific  pattern  or
-       flags   syntax,   see  pcre_table(5)  or  regexp_table(5),
+       given  below.   For  a  discussion  of specific pattern or
+       flags  syntax,  see  pcre_table(5)   or   regexp_table(5),
        respectively.
 
        /pattern/flags action
-              When pattern matches the input string, execute  the
-              corresponding  action. See below for a list of pos-
+              When  pattern matches the input string, execute the
+              corresponding action. See below for a list of  pos-
               sible actions.
 
        !/pattern/flags action
-              When pattern does not match the input string,  exe-
+              When  pattern does not match the input string, exe-
               cute the corresponding action.
 
        if /pattern/flags
 
        endif  Match the input string against the patterns between
-              if and endif, if and only if the input string  also
-              matches pattern. The if..endif can nest.
+              if  and endif, if and only if the same input string
+              also matches pattern. The if..endif can nest.
 
-              Note:  do not prepend whitespace to patterns inside
+              Note: do not prepend whitespace to patterns  inside
               if..endif.
 
        if !/pattern/flags
 
        endif  Match the input string against the patterns between
-              if  and endif, if and only if the input string does
-              not match pattern. The if..endif can nest.
+              if and endif, if and only if the same input  string
+              does not match pattern. The if..endif can nest.
 
        blank lines and comments
-              Empty lines and whitespace-only lines are  ignored,
-              as  are  lines whose first non-whitespace character
+              Empty  lines and whitespace-only lines are ignored,
+              as are lines whose first  non-whitespace  character
               is a `#'.
 
        multi-line text
-              A pattern/action line  starts  with  non-whitespace
-              text.  A line that starts with whitespace continues
+              A  pattern/action  line  starts with non-whitespace
+              text. A line that starts with whitespace  continues
               a logical line.
 
 TABLE SEARCH ORDER
-       For each line of message input, the patterns  are  applied
-       in  the order as specified in the table. When a pattern is
-       found that  matches  the  input  line,  the  corresponding
-       action  is  executed  and  then  the  next  input  line is
+       For  each  line of message input, the patterns are applied
+       in the order as specified in the table. When a pattern  is
+       found  that  matches  the  input  line,  the corresponding
+       action is  executed  and  then  the  next  input  line  is
        inspected.
 
 TEXT SUBSTITUTION
-       Substitution of substrings  from  the  matched  expression
-       into  the action string is possible using the conventional
-       Perl syntax ($1, $2, etc.).   The  macros  in  the  result
-       string  may  need  to  be  written as ${n} or $(n) if they
+       Substitution  of  substrings  from  the matched expression
+       into the action string is possible using the  conventional
+       Perl  syntax  ($1,  $2,  etc.).   The macros in the result
+       string may need to be written as  ${n}  or  $(n)  if  they
        aren't followed by whitespace.
 
-       Note: since negated patterns (those preceded by !)  return
+       Note:  since negated patterns (those preceded by !) return
        a result when the expression does not match, substitutions
        are not available for negated patterns.
 
@@ -143,12 +144,12 @@ HEADER_CHECKS(5)                                              HEADER_CHECKS(5)
        case for consistency with other Postfix documentation.
 
        DISCARD optional text...
-              Claim  successful delivery and silently discard the
-              message.  Log the optional text if specified,  oth-
+              Claim successful delivery and silently discard  the
+              message.   Log the optional text if specified, oth-
               erwise log a generic message.
 
-              Note:   this  action  disables  further  header  or
-              body_checks inspection of the current  message  and
+              Note:  this  action  disables  further  header   or
+              body_checks  inspection  of the current message and
               affects all recipients.  To discard only one recip-
               ient without discarding the entire message, use the
               transport(5) table to direct mail to the discard(8)
@@ -156,74 +157,74 @@ HEADER_CHECKS(5)                                              HEADER_CHECKS(5)
 
               This feature is available in Postfix 2.0 and later.
 
-       DUNNO  Pretend  that the input line did not match any pat-
-              tern, and inspect the next input line. This  action
+       DUNNO  Pretend that the input line did not match any  pat-
+              tern,  and inspect the next input line. This action
               can be used to shorten the table search.
 
-              For  backwards  compatibility reasons, Postfix also
-              accepts OK but it is (and always has been)  treated
+              For backwards compatibility reasons,  Postfix  also
+              accepts  OK but it is (and always has been) treated
               as DUNNO.
 
               This feature is available in Postfix 2.1 and later.
 
        FILTER transport:destination
-              Write a content filter request to  the  queue  file
-              and  inspect  the  next input line.  After the com-
-              plete message is received it will be  sent  through
+              Write  a  content filter request to the queue file,
+              and inspect the next input line.   After  the  com-
+              plete  message  is received it will be sent through
               the specified external content filter.  More infor-
-              mation about external content  filters  is  in  the
+              mation  about  external  content  filters is in the
               Postfix FILTER_README file.
 
-              Note:   this  action  overrides  the  main.cf  con-
-              tent_filter setting, and affects all recipients  of
-              the  message.  In  the  case  that  multiple FILTER
-              actions fire, only the last one is executed.
+              Note: this action overrides the content_filter set-
+              ting, and affects all recipients of the message. In
+              the case that multiple FILTER  actions  fire,  only
+              the last one is executed.
 
               This feature is available in Postfix 2.0 and later.
 
        HOLD optional text...
-              Arrange  for  the  message to be placed on the hold
-              queue, and inspect the next input line.   The  mes-
-              sage  remains  on hold until someone either deletes
-              it or releases it for delivery.  Log  the  optional
+              Arrange for the message to be placed  on  the  hold
+              queue,  and  inspect the next input line.  The mes-
+              sage remains on hold until someone  either  deletes
+              it  or  releases it for delivery.  Log the optional
               text if specified, otherwise log a generic message.
 
-              Mail that is placed on hold can  be  examined  with
-              the  postcat(1)  command,  and  can be destroyed or
+              Mail  that  is  placed on hold can be examined with
+              the postcat(1) command, and  can  be  destroyed  or
               released with the postsuper(1) command.
 
-              Note: use "postsuper -r" to release mail  that  was
-              kept  on  hold for a significant fraction of $maxi-
+              Note:  use  "postsuper -r" to release mail that was
+              kept on hold for a significant fraction  of  $maxi-
               mal_queue_lifetime  or  $bounce_queue_lifetime,  or
-              longer.  Use "postsuper -H" only for mail that will
+              longer. Use "postsuper -H" only for mail that  will
               not expire within a few delivery attempts.
 
-              Note: this action affects  all  recipients  of  the
+              Note:  this  action  affects  all recipients of the
               message.
 
               This feature is available in Postfix 2.0 and later.
 
-       IGNORE Delete the current line from the input and  inspect
+       IGNORE Delete the current line from the input, and inspect
               the next input line.
 
        PREPEND text...
-              Prepend  one  line  with  the  specified  text  and
+              Prepend one  line  with  the  specified  text,  and
               inspect the next input line.
 
               Notes:
 
-              o      The prepended text is output on  a  separate
+              o      The  prepended  text is output on a separate
                      line,  immediately  before  the  input  that
                      triggered the PREPEND action.
 
               o      The prepended text is not considered part of
-                     the  input  stream:  it  is  not  subject to
+                     the input  stream:  it  is  not  subject  to
                      header/body checks or address rewriting, and
                      it does not affect the way that Postfix adds
                      missing message headers.
 
               o      When prepending text before a message header
-                     line,  the  prepended text must begin with a
+                     line, the prepended text must begin  with  a
                      valid message header label.
 
               o      This action cannot be used to prepend multi-
@@ -232,46 +233,46 @@ HEADER_CHECKS(5)                                              HEADER_CHECKS(5)
               This feature is available in Postfix 2.1 and later.
 
        REDIRECT user@domain
-              Write a message redirection request  to  the  queue
-              file  and  inspect  the  next input line. After the
+              Write  a  message  redirection request to the queue
+              file, and inspect the next input  line.  After  the
               message is queued, it will be sent to the specified
               address instead of the intended recipient(s).
 
-              Note:  this action overrides the FILTER action, and
-              affects all recipients of the message. If  multiple
-              REDIRECT  actions  fire,  only the last one is exe-
+              Note: this action overrides the FILTER action,  and
+              affects  all recipients of the message. If multiple
+              REDIRECT actions fire, only the last  one  is  exe-
               cuted.
 
               This feature is available in Postfix 2.1 and later.
 
        REPLACE text...
-              Replace  the  current  line with the specified text
+              Replace the current line with the  specified  text,
               and inspect the next input line.
 
               This feature is available in Postfix 2.2 and later.
-              The  description below applies to Postfix 2.2.2 and
+              The description below applies to Postfix 2.2.2  and
               later.
 
               Notes:
 
-              o      When replacing a message  header  line,  the
-                     replacement  text  must  begin  with a valid
+              o      When  replacing  a  message header line, the
+                     replacement text must  begin  with  a  valid
                      header label.
 
-              o      The replaced text remains part of the  input
-                     stream.  Unlike  the result from the PREPEND
-                     action, a replaced  message  header  may  be
-                     subject  to address rewriting and may affect
-                     the way that Postfix  adds  missing  message
+              o      The  replaced text remains part of the input
+                     stream. Unlike the result from  the  PREPEND
+                     action,  a  replaced  message  header may be
+                     subject to address rewriting and may  affect
+                     the  way  that  Postfix adds missing message
                      headers.
 
        REJECT optional text...
-              Reject  the  entire  message.  Reply  with optional
+              Reject the  entire  message.  Reply  with  optional
               text... when the optional text is specified, other-
               wise reply with a generic error message.
 
-              Note:   this  action  disables  further  header  or
-              body_checks inspection of the current  message  and
+              Note:  this  action  disables  further  header   or
+              body_checks  inspection  of the current message and
               affects all recipients.
 
               Postfix version 2.3 and later support enhanced sta-
@@ -280,26 +281,32 @@ HEADER_CHECKS(5)                                              HEADER_CHECKS(5)
               enhanced status code of "5.7.1".
 
        WARN optional text...
-              Log a warning with the optional text... (or  log  a
-              generic  message)  and inspect the next input line.
+              Log  a  warning with the optional text... (or log a
+              generic message), and inspect the next input  line.
               This action is useful for debugging and for testing
               a pattern before applying more drastic actions.
 
 BUGS
-       Many  people  overlook  the main limitations of header and
-       body_checks rules.  These rules  operate  on  one  logical
-       message  header or one body line at a time, and a decision
-       made for one line is not carried over to  the  next  line.
-       If text in the message body is encoded (RFC 2045) then the
-       rules have to specified for the encoded  form.   Likewise,
-       when message headers are encoded (RFC 2047) then the rules
-       need to be specified for the encoded form.
+       Many people overlook the main limitations  of  header  and
+       body_checks rules.
 
-       Message headers added by the cleanup(8) daemon itself  are
+       o      These  rules  operate on one logical message header
+              or one body line at a time. A decision made for one
+              line is not carried over to the next line.
+
+       o      If  text  in the message body is encoded (RFC 2045)
+              then the rules have to specified  for  the  encoded
+              form.
+
+       o      Likewise,  when  message  headers  are encoded (RFC
+              2047) then the rules need to be specified  for  the
+              encoded form.
+
+       Message  headers added by the cleanup(8) daemon itself are
        excluded from inspection. Examples of such message headers
        are From:, To:, Message-ID:, Date:.
 
-       Message headers deleted by the cleanup(8) daemon  will  be
+       Message  headers  deleted by the cleanup(8) daemon will be
        examined before they are deleted. Examples are: Bcc:, Con-
        tent-Length:, Return-Path:.
 
@@ -307,11 +314,11 @@ HEADER_CHECKS(5)                                              HEADER_CHECKS(5)
        body_checks
               Lookup tables with content filter rules for message
               body lines.  These filters see one physical line at
-              a time, in chunks  of  at  most  $line_length_limit
+              a  time,  in  chunks  of at most $line_length_limit
               bytes.
 
        body_checks_size_limit
-              The  amount  of  content  per  message body segment
+              The amount of  content  per  message  body  segment
               (attachment) that is subjected to $body_checks fil-
               tering.
 
@@ -321,32 +328,32 @@ HEADER_CHECKS(5)                                              HEADER_CHECKS(5)
 
        nested_header_checks (default: $header_checks)
               Lookup tables with content filter rules for message
-              header lines: respectively, these  are  applied  to
-              the  initial  message  headers  (not including MIME
-              headers), to the MIME headers anywhere in the  mes-
-              sage,  and  to the initial headers of attached mes-
+              header  lines:  respectively,  these are applied to
+              the initial message  headers  (not  including  MIME
+              headers),  to the MIME headers anywhere in the mes-
+              sage, and to the initial headers of  attached  mes-
               sages.
 
-              Note: these filters see one logical message  header
-              at  a time, even when a message header spans multi-
-              ple lines. Message headers  that  are  longer  than
+              Note:  these filters see one logical message header
+              at a time, even when a message header spans  multi-
+              ple  lines.  Message  headers  that are longer than
               $header_size_limit characters are truncated.
 
        disable_mime_input_processing
-              While  receiving mail, give no special treatment to
-              MIME related message headers; all  text  after  the
+              While receiving mail, give no special treatment  to
+              MIME  related  message  headers; all text after the
               initial message headers is considered to be part of
-              the message body. This means that header_checks  is
-              applied  to  all  the  initial message headers, and
+              the  message body. This means that header_checks is
+              applied to all the  initial  message  headers,  and
               that body_checks is applied to the remainder of the
               message.
 
-              Note:  when  used  in this manner, body_checks will
-              process a multi-line message header one line  at  a
+              Note: when used in this  manner,  body_checks  will
+              process  a  multi-line message header one line at a
               time.
 
 EXAMPLES
-       Header  pattern  to  block  attachments with bad file name
+       Header pattern to block attachments  with  bad  file  name
        extensions.
 
        /etc/postfix/main.cf:
@@ -384,7 +391,7 @@ HEADER_CHECKS(5)                                              HEADER_CHECKS(5)
        BACKSCATTER_README, blocking returned forged mail
 
 LICENSE
-       The Secure Mailer license must be  distributed  with  this
+       The  Secure  Mailer  license must be distributed with this
        software.
 
 AUTHOR(S)
diff --git a/postfix/html/index.html b/postfix/html/index.html
index 350e42402..4107fc0e1 100644
--- a/postfix/html/index.html
+++ b/postfix/html/index.html
@@ -58,8 +58,6 @@ configuration examples 
 
 
      •   Debugging strategies  
 
-
      •  Error messages (*)
-

      Content inspection

      @@ -134,8 +132,6 @@ Per-client/user/etc. access @@ -152,20 +148,14 @@ Per-client/user/etc. access
    • NFS issues -
    • Ultrix support -

    Other mail delivery agents

    Other topics

    @@ -200,10 +190,6 @@ Recipients - (*) These documents will be -made available via -http://www.postfix.org/ and mirror sites. - diff --git a/postfix/html/ldap_table.5.html b/postfix/html/ldap_table.5.html index 238197abc..60d460ee5 100644 --- a/postfix/html/ldap_table.5.html +++ b/postfix/html/ldap_table.5.html @@ -374,29 +374,30 @@ LDAP_TABLE(5) LDAP_TABLE(5) terminal_result_attribute = maildrop - This feature is available with Postfix >= 2.4. + This feature is available with Postfix 2.4 or + later. leaf_result_attribute (default: empty) - When one or more special result attributes are - found in a non-terminal (see above) LDAP entry, + When one or more special result attributes are + found in a non-terminal (see above) LDAP entry, leaf result attributes are excluded from the expan- - sion of that entry. This is useful when expanding + sion of that entry. This is useful when expanding groups and the desired mail address attribute(s) of the member objects obtained via DN or URI recursion - are also present in the group object. To only - return the attribute values from the leaf objects - and not the containing group, add the attribute to - the leaf_result_attribute list, and not the - result_attribute list, which is always expanded. - Note, the default value of "result_attribute" is - not empty, you may want to set it explicitly empty - when using "leaf_result_attribute" to expand the - group to a list of member DN addresses. If groups - have both member DN references AND attributes that - hold multiple string valued rfc822 addresses, then - the string attributes go in "result_attribute". - The attributes that represent the email addresses - of objects referenced via a DN (or LDAP URI) go in + are also present in the group object. To only + return the attribute values from the leaf objects + and not the containing group, add the attribute to + the leaf_result_attribute list, and not the + result_attribute list, which is always expanded. + Note, the default value of "result_attribute" is + not empty, you may want to set it explicitly empty + when using "leaf_result_attribute" to expand the + group to a list of member DN addresses. If groups + have both member DN references AND attributes that + hold multiple string valued rfc822 addresses, then + the string attributes go in "result_attribute". + The attributes that represent the email addresses + of objects referenced via a DN (or LDAP URI) go in "leaf_result_attribute". result_attribute = memberaddr @@ -404,7 +405,8 @@ LDAP_TABLE(5) LDAP_TABLE(5) terminal_result_attribute = maildrop leaf_result_attribute = mail - This feature is available with Postfix >= 2.4. + This feature is available with Postfix 2.4 or + later. scope (default: sub) The LDAP search scope: sub, base, or one. These diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index dd6ae5ed2..fcb57fe71 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -674,8 +674,8 @@ are calculated.

    -This feature is implemented by the anvil(8) service which is not -part of the stable Postfix version 2.1 release. +This feature is implemented by the anvil(8) service which is available +in Postfix version 2.2 and later.

    @@ -5254,17 +5254,18 @@ This feature is available in Postfix 2.0 and later.

    minimal_backoff_time -(default: version dependent)
    +(default: 300s)
    + +

    +The minimal time between attempts to deliver a deferred message; +prior to Postfix 2.4 the default value was 1000s. +

    -The minimal time between attempts to deliver a deferred message. This parameter also limits the time an unreachable destination is kept in the short-term, in-memory, destination status cache.

    -

    With Postfix 2.4 the default value was reduced from 1000s to -300s.

    -

    This parameter should be set greater than or equal to $queue_run_delay. See also $maximal_backoff_time.

    @@ -6057,14 +6058,11 @@ zero means there is no minimum required amount of free space.
    queue_run_delay -(default: version dependent)
    +(default: 300s)

    -The time between deferred queue scans by the queue manager. -

    - -

    -With Postfix 2.4 the default value was reduced from 1000s to 300s. +The time between deferred queue scans by the queue manager; +prior to Postfix 2.4 the default value was 1000s.

    This parameter should be set less than or equal to @@ -8476,7 +8474,7 @@ and higher the optional "ciphers" attribute overrides the smtp_tls_mandatory_ciphers parameter and the optional "protocols" keyword overrides the main.cf smtp_tls_mandatory_protocols parameter. In the policy table, multiple protocols must be separated by colons, -as attribute values may not contain whitespace or commas.

    +as attribute values may not contain whitespace or commas.
    verify
    Mandatory TLS verification. At this security level, DNS MX lookups are trusted to be secure enough, and the name diff --git a/postfix/makedefs b/postfix/makedefs index e8b07639f..ed4a06b80 100644 --- a/postfix/makedefs +++ b/postfix/makedefs @@ -374,6 +374,14 @@ Rhapsody.5*|Darwin.*) ;; esac ;; +"Mac OS".10.[0-3]*) + SYSTYPE=MACOSX + # Use the native compiler by default + : ${CC=cc} + AWK=gawk + CCARGS="$CCARGS -DNO_KQUEUE" + ;; + "Mac OS".10*) SYSTYPE=MACOSX # Use the native compiler by default : ${CC=cc} diff --git a/postfix/man/man5/access.5 b/postfix/man/man5/access.5 index c52fbe13b..b330f2ecb 100644 --- a/postfix/man/man5/access.5 +++ b/postfix/man/man5/access.5 @@ -16,10 +16,10 @@ Postfix SMTP server access table .SH DESCRIPTION .ad .fi -The Postfix SMTP server supports access control on remote -SMTP client information: host names, network addresses, and -envelope sender -or recipient addresses. See \fBheader_checks\fR(5) or +This document describes access control on remote SMTP client +information: host names, network addresses, and envelope +sender or recipient addresses; it is implemented by the +Postfix SMTP server. See \fBheader_checks\fR(5) or \fBbody_checks\fR(5) for access control on the content of email messages. @@ -239,7 +239,7 @@ syntax is described in the \fBtransport\fR(5) manual page. More information about external content filters is in the Postfix FILTER_README file. .sp -Note: this action overrides the \fBmain.cf content_filter\fR setting, +Note: this action overrides the \fBcontent_filter\fR setting, and currently affects all recipients of the message. .sp This feature is available in Postfix 2.0 and later. diff --git a/postfix/man/man5/header_checks.5 b/postfix/man/man5/header_checks.5 index bc0f4f17c..e5a00d079 100644 --- a/postfix/man/man5/header_checks.5 +++ b/postfix/man/man5/header_checks.5 @@ -4,7 +4,7 @@ .SH NAME header_checks \- -Postfix built-in header/body inspection +Postfix built-in content inspection .SH "SYNOPSIS" .na .nf @@ -22,8 +22,9 @@ Postfix built-in header/body inspection .SH DESCRIPTION .ad .fi -The Postfix \fBcleanup\fR(8) server supports access control -on the content of message headers and message body lines. +This document describes access control on the content of +message headers and message body lines; it is implemented +by the Postfix cleanup(8) server before mail is queued. See \fBaccess\fR(5) for access control on remote SMTP client information. @@ -92,16 +93,17 @@ execute the corresponding \fIaction\fR. .IP "\fBif /\fIpattern\fB/\fIflags\fR" .IP "\fBendif\fR" Match the input string against the patterns between \fBif\fR -and \fBendif\fR, if and only if the input string also matches -\fIpattern\fR. The \fBif\fR..\fBendif\fR can nest. +and \fBendif\fR, if and only if the same input string also +matches \fIpattern\fR. The \fBif\fR..\fBendif\fR can nest. .sp Note: do not prepend whitespace to patterns inside \fBif\fR..\fBendif\fR. .IP "\fBif !/\fIpattern\fB/\fIflags\fR" .IP "\fBendif\fR" Match the input string against the patterns between \fBif\fR -and \fBendif\fR, if and only if the input string does \fBnot\fR -match \fIpattern\fR. The \fBif\fR..\fBendif\fR can nest. +and \fBendif\fR, if and only if the same input string does +\fBnot\fR match \fIpattern\fR. The \fBif\fR..\fBendif\fR +can nest. .IP "blank lines and comments" Empty lines and whitespace-only lines are ignored, as are lines whose first non-whitespace character is a `#'. @@ -159,13 +161,13 @@ For backwards compatibility reasons, Postfix also accepts .sp This feature is available in Postfix 2.1 and later. .IP "\fBFILTER \fItransport:destination\fR" -Write a content filter request to the queue file and +Write a content filter request to the queue file, and inspect the next input line. After the complete message is received it will be sent through the specified external content filter. More information about external content filters is in the Postfix FILTER_README file. .sp -Note: this action overrides the \fBmain.cf content_filter\fR setting, +Note: this action overrides the \fBcontent_filter\fR setting, and affects all recipients of the message. In the case that multiple \fBFILTER\fR actions fire, only the last one is executed. .sp @@ -190,10 +192,10 @@ Note: this action affects all recipients of the message. .sp This feature is available in Postfix 2.0 and later. .IP \fBIGNORE\fR -Delete the current line from the input and inspect +Delete the current line from the input, and inspect the next input line. .IP "\fBPREPEND \fItext...\fR" -Prepend one line with the specified text and inspect the next +Prepend one line with the specified text, and inspect the next input line. .sp Notes: @@ -215,7 +217,7 @@ This action cannot be used to prepend multi-line text. .IP This feature is available in Postfix 2.1 and later. .IP "\fBREDIRECT \fIuser@domain\fR" -Write a message redirection request to the queue file and +Write a message redirection request to the queue file, and inspect the next input line. After the message is queued, it will be sent to the specified address instead of the intended recipient(s). @@ -226,7 +228,7 @@ fire, only the last one is executed. .sp This feature is available in Postfix 2.1 and later. .IP "\fBREPLACE \fItext...\fR" -Replace the current line with the specified text and inspect the next +Replace the current line with the specified text, and inspect the next input line. .sp This feature is available in Postfix 2.2 and later. The @@ -257,21 +259,27 @@ text...\fR, Postfix inserts a default enhanced status code of "5.7.1". .IP "\fBWARN \fIoptional text...\fR Log a warning with the \fIoptional text...\fR (or log a -generic message) and inspect the next input line. This +generic message), and inspect the next input line. This action is useful for debugging and for testing a pattern before applying more drastic actions. .SH BUGS .ad .fi Many people overlook the main limitations of header and body_checks -rules. These rules operate on one logical message header or one body -line at a time, and a decision made for one line is not carried over -to the next line. If text in the message body is encoded +rules. +.IP \(bu +These rules operate on one logical message header or one body +line at a time. A decision made for one line is not carried over +to the next line. +.IP \(bu +If text in the message body is encoded (RFC 2045) then the rules have to specified for the encoded -form. Likewise, when message headers are encoded (RFC +form. +.IP \(bu +Likewise, when message headers are encoded (RFC 2047) then the rules need to be specified for the encoded form. - +.PP Message headers added by the \fBcleanup\fR(8) daemon itself are excluded from inspection. Examples of such message headers are \fBFrom:\fR, \fBTo:\fR, \fBMessage-ID:\fR, \fBDate:\fR. diff --git a/postfix/man/man5/ldap_table.5 b/postfix/man/man5/ldap_table.5 index 1cb4f4918..ca97365e7 100644 --- a/postfix/man/man5/ldap_table.5 +++ b/postfix/man/man5/ldap_table.5 @@ -352,7 +352,7 @@ other special processing. .ti +4 terminal_result_attribute = maildrop -This feature is available with Postfix >= 2.4. +This feature is available with Postfix 2.4 or later. .IP "\fBleaf_result_attribute (default: empty)\fR" When one or more special result attributes are found in a non-terminal (see above) LDAP entry, leaf result attributes are excluded from the @@ -380,7 +380,7 @@ terminal_result_attribute = maildrop leaf_result_attribute = mail .in -4 -This feature is available with Postfix >= 2.4. +This feature is available with Postfix 2.4 or later. .IP "\fBscope (default: sub)\fR" The LDAP search scope: \fBsub\fR, \fBbase\fR, or \fBone\fR. These translate into LDAP_SCOPE_SUBTREE, LDAP_SCOPE_BASE, diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index 6f67cfb3b..08d68369a 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -368,8 +368,8 @@ generates itself. The time unit over which client connection rates and other rates are calculated. .PP -This feature is implemented by the \fBanvil\fR(8) service which is not -part of the stable Postfix version 2.1 release. +This feature is implemented by the \fBanvil\fR(8) service which is available +in Postfix version 2.2 and later. .PP The default interval is relatively short. Because of the high frequency of updates, the \fBanvil\fR(8) server uses volatile memory @@ -2850,14 +2850,13 @@ The maximal recursion level that the MIME processor will handle. Postfix refuses mail that is nested deeper than the specified limit. .PP This feature is available in Postfix 2.0 and later. -.SH minimal_backoff_time (default: version dependent) -The minimal time between attempts to deliver a deferred message. +.SH minimal_backoff_time (default: 300s) +The minimal time between attempts to deliver a deferred message; +prior to Postfix 2.4 the default value was 1000s. +.PP This parameter also limits the time an unreachable destination is kept in the short-term, in-memory, destination status cache. .PP -With Postfix 2.4 the default value was reduced from 1000s to -300s. -.PP This parameter should be set greater than or equal to $queue_run_delay. See also $maximal_backoff_time. .PP @@ -3306,10 +3305,9 @@ value that is at least 1.5*$message_size_limit. .PP With Postfix versions 2.0 and earlier, a queue_minfree value of zero means there is no minimum required amount of free space. -.SH queue_run_delay (default: version dependent) -The time between deferred queue scans by the queue manager. -.PP -With Postfix 2.4 the default value was reduced from 1000s to 300s. +.SH queue_run_delay (default: 300s) +The time between deferred queue scans by the queue manager; +prior to Postfix 2.4 the default value was 1000s. .PP This parameter should be set less than or equal to $minimal_backoff_time. See also $maximal_backoff_time. diff --git a/postfix/mantools/postlink b/postfix/mantools/postlink index b81a59ac2..77768dd57 100755 --- a/postfix/mantools/postlink +++ b/postfix/mantools/postlink @@ -14,7 +14,7 @@ while (<>) { { Again: - if (/-[<\/bB>]*$/) { + if (/(-[<\/bB>]*|RFC)$/) { $_ .= "\n"; $len1 = length; $_ .= <>; @@ -778,7 +778,13 @@ while (<>) { s;\bmilter_unknown_command_macros\b;$&;g; s;\bmilter_end_of_data_macros\b;$&;g; - # Split *README, parameter or restriction hyperlinks across line breaks + # Hyperlink URLs and RFC documents + + s/(http:\/\/[^ ,"\(\)]*[^ ,"\(\):;!?.])/$1<\/a>/; + s/(ftp:\/\/[^ ,"\(\)]*[^ ,"\(\):;!?.])/$1<\/a>/; + s/\bRFC\s*([1-9]\d*)/$&<\/a>/; + + # Split README/RFC/parameter/restriction hyperlinks that span line breaks s/()([-A-Za-z0-9_]*)\b([-<\/bB>]*\n *[]*)\b([-A-Za-z0-9_]*)(<\/a>)/$1$2$5$3$1$4$5/; @@ -787,12 +793,6 @@ while (<>) { s/()([]*[-a-zA-Z0-9._]*[]*)<\/a>\1/$1$2/g; s/()([]*[-a-zA-Z0-9._]*[]*)<\/a>\1/$1$2/g; - # Hyperlink URLs and RFC documents - - s/(http:\/\/[^ ,"\(\)]*[^ ,"\(\):;!?.])/$1<\/a>/; - s/(ftp:\/\/[^ ,"\(\)]*[^ ,"\(\):;!?.])/$1<\/a>/; - s/\bRFC *([1-9]\d*)/$&<\/a>/; - # Hyperlink phrases not in headers. if (/<\/*h\d>/) { diff --git a/postfix/proto/ADDRESS_CLASS_README.html b/postfix/proto/ADDRESS_CLASS_README.html index 3741f5761..b3a0b2f14 100644 --- a/postfix/proto/ADDRESS_CLASS_README.html +++ b/postfix/proto/ADDRESS_CLASS_README.html @@ -53,8 +53,9 @@ address classes are very important for the operation of Postfix.

  • The list of domains that are a member of the class: for example, all local domains, or all relay domains.

    -

  • The default delivery method. For example, the local or -smtp delivery agent. This helps to keep Postfix configurations +

  • The default delivery transport. For example, the local or +relay delivery transport (delivery transports are defined in +master.cf). This helps to keep Postfix configurations simple.

  • The list of valid recipient addresses for that address diff --git a/postfix/proto/ADDRESS_VERIFICATION_README.html b/postfix/proto/ADDRESS_VERIFICATION_README.html index d3ff04385..6addcb7b5 100644 --- a/postfix/proto/ADDRESS_VERIFICATION_README.html +++ b/postfix/proto/ADDRESS_VERIFICATION_README.html @@ -229,7 +229,10 @@ MAILER-DAEMON messages.

    Recipient address verification is relatively straightforward and there are no surprises. If a recipient probe fails, then Postfix rejects mail for the recipient address. If a recipient probe -succeeds, then Postfix accepts mail for the recipient address.

    +succeeds, then Postfix accepts mail for the recipient address. +However, recipient address verification probes can increase the +load on down-stream MTAs when you're being flooded by backscatter +bounces, or when some spammer is mounting a dictionary attack.

    By default, address verification results are not saved. To avoid probing the same address repeatedly, you can store the result in a diff --git a/postfix/proto/CONNECTION_CACHE_README.html b/postfix/proto/CONNECTION_CACHE_README.html index 17692e713..b9999c2b1 100644 --- a/postfix/proto/CONNECTION_CACHE_README.html +++ b/postfix/proto/CONNECTION_CACHE_README.html @@ -92,28 +92,38 @@ by the mail delivering process that creates the connection. To get the same performance improvement as with a shared connection cache, non-shared connections need to be kept open for a longer time.

    +

    The scache(8) server, introduced with Postfix version 2.2, +maintains the shared connection cache. With Postfix version 2.2, +only the smtp(8) client has support to access this cache.

    +
    - - + + + + + + + + + +
    Internet <-- -
    smtp(8)
          		<->
    scache(8)
          		<-> -
    smtp(8)
          		--> Internet

    smtp(8) +
          		--> Internet
      |
    |
    |
    |
    |
    |
    v    		  

    smtp(8)
          		--> Internet
    ^
    |    		  

    scache(8) +
     
    -

    The scache(8) server, introduced with Postfix version 2.2, -maintains the shared connection cache. With Postfix version 2.2, -only the smtp(8) client has support to access this cache.

    -

    When SMTP connection caching is enabled (see next section), the smtp(8) client does not disconnect after a mail transaction, but gives the connection to the scache(8) server which keeps the -connection open for a limited amount of time.

    +connection open for a limited amount of time.

    After handing over the open connection to the scache(8) server, the smtp(8) client continues with some other mail delivery request. diff --git a/postfix/proto/CYRUS_README.html b/postfix/proto/CYRUS_README.html deleted file mode 100644 index d304c77d3..000000000 --- a/postfix/proto/CYRUS_README.html +++ /dev/null @@ -1,24 +0,0 @@ - - - - - - -Postfix Cyrus Howto - - - - - - - -

    Postfix Cyrus Howto

    - -
    - -

    This document will be made available via http://www.postfix.org/.

    - - - - diff --git a/postfix/proto/DATABASE_README.html b/postfix/proto/DATABASE_README.html index 7718c7d21..e5fde9d1e 100644 --- a/postfix/proto/DATABASE_README.html +++ b/postfix/proto/DATABASE_README.html @@ -80,7 +80,8 @@ below.
  • You can use Berkeley DB files with fixed lookup strings for simple address rewriting operations and you can use regular expression -tables for the more complicated work. +tables for the more complicated work. In other words, you don't +have to put everything into the same table. @@ -189,8 +190,9 @@ because something else happens. This is because commands such as postmap(1) or postalias(1) overwrite existing files. If the update fails in the middle then you have no usable database, and Postfix will stop working. This is not an issue with the CDB database type -available with Postfix 2.2 and later, because CDB -database rebuilds are atomic.

    +available with Postfix 2.2 and later: CDB +creates a new file, and renames the file upon successful completion. +

    With multi-file databases such as DBM, there is no simple solution. With Berkeley DB and other "one file" databases, it is diff --git a/postfix/proto/DB_README.html b/postfix/proto/DB_README.html index 896817b25..cc6595ca1 100644 --- a/postfix/proto/DB_README.html +++ b/postfix/proto/DB_README.html @@ -49,15 +49,17 @@ versions.

    Building Postfix on systems without Berkeley DB

    -

    Many commercial UNIXes ship without Berkeley DB support. Examples -are Solaris, HP-UX, IRIX, UNIXWARE. In order to build Postfix with +

    Some UNIXes ship without Berkeley DB support; for historical +reasons these use DBM files instead. A problem with DBM files is +that they can store only limited amounts of data. To build Postfix +with Berkeley DB support you need to download and install the source -code from http://www.sleepycat.com/

    +code from http://www.oracle.com/database/berkeley-db/.

    Warning: some Linux system libraries use Berkeley DB, as do some third-party libraries such as SASL. If you compile Postfix with a different Berkeley DB implementation, then every Postfix -program will dump core because either the system library, SASL +program will dump core because either the system library, the SASL library, or Postfix itself ends up using the wrong version.

    The more recent Berkeley DB versions have a compile-time switch, @@ -67,7 +69,7 @@ Although wasteful, this may be the only way to keep things from falling apart.

    To build Postfix after you installed the Berkeley DB from -http://www.sleepycat.com/, use something like:

    +source code, use something like: 

    @@ -214,7 +216,8 @@ undefined reference to `pthread_mutex_trylock'
    -

    More information is available at http://www.sleepycat.com/.

    +

    More information is available at +http://www.oracle.com/database/berkeley-db/.

    diff --git a/postfix/proto/DEBUG_README.html b/postfix/proto/DEBUG_README.html index cdfc09a4b..2cb297249 100644 --- a/postfix/proto/DEBUG_README.html +++ b/postfix/proto/DEBUG_README.html @@ -100,8 +100,9 @@ is fixed.

    permissions, incorrect configuration file settings that you can fix. Postfix cannot proceed until this is fixed.

    -

  • "error" reports a fatal or non-fatal error condition. -Postfix cannot proceed until this is fixed.

    +

  • "error" reports an error condition. For safety +reasons, a Postfix process will terminate when more than 13 of these +happen.

  • "warning" indicates a non-fatal error. These are problems that you may not be able to fix (such as a broken DNS @@ -145,7 +146,7 @@ Mail Delivery Status Report will be mailed to <your login name>.

    These reports contain information that is generated by Postfix -delivery agents. Since these run as daemon processes and do not +delivery agents. Since these run as daemon processes that cannot interact with users directly, the result is sent as mail to the sender of the test message. The format of these reports is practically identical to that of ordinary non-delivery notifications.

    @@ -209,18 +210,21 @@ command "postfix reload".

    Record the SMTP session with a network sniffer

    This example uses tcpdump. In order to record a conversation -you need to specify a large enough buffer with the "-s" option or -else you will miss some or all of the packet payload.

    +you need to specify a large enough buffer with the "-s" +option or else you will miss some or all of the packet payload. +

    -# tcpdump -w /file/name -s 2000 host example.com and port 25
+# tcpdump -w /file/name -s 0 host example.com and port 25
    +

    Older tcpdump versions don't support "-s 0"; in that case, +use "-s 2000" instead.

    +

    Run this for a while, stop with Ctrl-C when done. To view the -data use a binary viewer, or ethereal, or use my tcpdumpx -utility that is available from ftp://ftp.porcupine.org/pub/debugging/. +data use a binary viewer, ethereal, or good old less.

    Making Postfix daemon programs more verbose

    @@ -228,7 +232,7 @@ utility that is available from ftp://ftp.porcupine.org/pub/debugging/.

    Append one or more "-v" options to selected daemon definitions in /etc/postfix/master.cf and type "postfix reload". This will cause a lot of activity to be logged to the syslog daemon. -Example:

    +For example, to make the Postfix SMTP server process more verbose: 

    @@ -237,10 +241,9 @@ Example:
    -

    This makes the Postfix SMTP server more verbose. To diagnose -problems with address rewriting one would specify a "-v" +

    To diagnose problems with address rewriting specify a "-v" option for the cleanup(8) and/or trivial-rewrite(8) daemon, and to -diagnose problems with mail delivery one would specify a "-v" +diagnose problems with mail delivery specify a "-v" option for the qmgr(8) or oqmgr(8) queue manager, or for the lmtp(8), local(8), pipe(8), smtp(8), or virtual(8) delivery agent.

    @@ -538,20 +541,23 @@ attachments, instead of reciting information from memory.

  • Postfix logging. See the text at the top of the DEBUG_README document to find out where logging is stored. Please do not frustrate -the helpers by word wrapping the logging.

    +the helpers by word wrapping the logging. If the logging is more +than a few kbytes of text, consider posting an URL on a web or ftp +site.

  • Consider using a test email address so that you don't have to reveal email addresses or passwords of innocent people.

  • If you can't use a test email address, please anonymize -information consistently. Replace each letter by "A", each digit +email addresses and host names consistently. Replace each letter +by "A", each digit by "D" so that the helpers can still recognize syntactical errors.

  • Output from "postconf -n". Please do not send your -main.cf file or 400+ lines of postconf output.

    +main.cf file, or 500+ lines of postconf output.

    -

  • Better, provide output from the postfinger tool. +

  • Better, provide output from the postfinger tool. This can be found at http://ftp.wl0.org/SOURCES/postfinger.

  • If the problem is SASL related, consider including the @@ -562,7 +568,7 @@ http://postfix.state-of-mind.de/patrick.koetter/saslfinger/.

    including output from the qshape tool, as described in the QSHAPE_README file.

    -

  • If the problem is protocol related (connections time out +

  • If the problem is protocol related (connections time out, or an SMTP server complains about syntax errors etc.) consider recording a session with tcpdump, as described in the DEBUG_README document. diff --git a/postfix/proto/DSN_README.html b/postfix/proto/DSN_README.html index 793317275..456862b4f 100644 --- a/postfix/proto/DSN_README.html +++ b/postfix/proto/DSN_README.html @@ -44,7 +44,7 @@ identifies the message content.

    The implementation of DSN support involves extra parameters to -the SMTP MAIL FROM and RCPT TO commands, as well as new Postfix +the SMTP MAIL FROM and RCPT TO commands, as well as two Postfix sendmail command line options that provide a sub-set of the functions of the extra SMTP command parameters.

    diff --git a/postfix/proto/ETRN_README.html b/postfix/proto/ETRN_README.html index 10b5484d4..5f9bf7f0f 100644 --- a/postfix/proto/ETRN_README.html +++ b/postfix/proto/ETRN_README.html @@ -27,11 +27,6 @@ searches the queue for mail to the customer, and delivers that mail not delivered via the connection that was used for sending ETRN.

    -

    Postfix versions before 1.0 (also known as version 20010228) -implemented the ETRN command in an inefficient manner: they simply -attempted to deliver all queued mail. This is slow on mail servers -that queue mail for many customers.

    -

    As of version 1.0, Postfix has a fast ETRN implementation that does not require Postfix to examine every queue file. Instead, Postfix maintains a record of what queue files contain mail for @@ -74,11 +69,11 @@ font. 

     220 my.server.tld ESMTP Postfix
-helo my.client.tld
+HELO my.client.tld
 250 Ok
-etrn some.customer.domain
+ETRN some.customer.domain
 250 Queuing started
-quit
+QUIT
 221 Bye
    @@ -90,6 +85,8 @@ the connection that was used to send the ETRN command.

    The Postfix operator can request delivery for a specific customer by using the command "sendmail -qRdestination" and, with Postfix version 1.1 and later, "postqueue -sdestination". +Access to this feature is controlled with the authorized_flush_users +configuration parameter (Postfix version 2.2 and later).

    How Postfix fast ETRN works

    @@ -149,12 +146,13 @@ want to turn on fast ETRN service for every possible destination. with queue file names. When a request to "deliver mail now" arrives, Postfix will attempt to deliver all recipients in the queue files that have mail for the destination in question. This does not -perform well when queue files have recipients in many different -domains.

    +perform well with queue files that have recipients in many different +domains, such as queue files with outbound mailing list traffic. +

  • The flush(8) daemon maintains per-destination logfiles only for destinations listed with $fast_flush_domains. With other -destinations it not possible to trigger delivery with "sendmail +destinations you cannot request delivery with "sendmail -qRdestination" or, with Postfix version 1.1 and later, "postqueue -sdestination".

    @@ -166,6 +164,11 @@ does not ignore the volatile in-memory list of dead domains, and the list of message delivery transports specified with the defer_transports configuration parameter.

    +

  • Up to and including Postfix version 2.3, the "fast flush" +service may not deliver some messages if the request to "deliver +mail now" arrives while an incoming queue scan is already in progress. +

    +

    Configuring the Postfix fast ETRN service

    @@ -302,9 +305,9 @@ boldface: 

     220 my.server.tld ESMTP Postfix
-helo my.client.tld
+HELO my.client.tld
 250 Ok
-etrn some.customer.domain
+ETRN some.customer.domain
 250 Queuing started
    @@ -338,9 +341,9 @@ commands that you type: 

     220 my.server.tld ESMTP Postfix
-helo my.client.tld
+HELO my.client.tld
 250 Ok
-etrn some.other.customer.domain
+ETRN some.other.customer.domain
 250 Queuing started
    @@ -356,9 +359,9 @@ server has mail queued for that destination. 

     220 my.server.tld ESMTP Postfix
-helo my.client.tld
+HELO my.client.tld
 250 Ok
-etrn not.a.customer.domain
+ETRN not.a.customer.domain
 459 <not.a.customer.domain>: service unavailable
    diff --git a/postfix/proto/FILTER_README.html b/postfix/proto/FILTER_README.html index 2cdb80384..9f036b1cb 100644 --- a/postfix/proto/FILTER_README.html +++ b/postfix/proto/FILTER_README.html @@ -71,7 +71,8 @@ mail. Applications that use two separate Postfix instances will be covered by a later version of this document.

    The after-queue content filter is not to be confused with the -approach that is described in the SMTPD_PROXY_README document, +approaches described in the SMTPD_PROXY_README or MILTER_README +documents, where incoming SMTP mail is filtered BEFORE it is stored into the Postfix queue.

    @@ -125,16 +126,18 @@ all email, as well as several options to filter mail selectively:

    Principles of operation

    -

    An external content filter receives unfiltered mail from Postfix -(as described further below) and does one of the following:

    +

    An after-queue content filter receives unfiltered mail from Postfix +(as described further below) and can do one of the following:

    1. Re-inject the mail back into Postfix, perhaps after changing content and/or destination.

      +

    2. Discard or quarantine the mail.

      +

    3. Reject the mail (by sending a suitable status code back to - Postfix). Postfix will return the mail to the sender.

      + Postfix). Postfix will send the mail back to the sender address.

    @@ -146,7 +149,8 @@ suspect so that a human can decide what to do with it.

    Simple content filter example

    -

    The first example is simple to set up. Postfix receives +

    The first example is simple to set up, but has major limitations +that will be addressed in a second example. Postfix receives unfiltered mail from the network with the smtpd(8) server, and delivers unfiltered mail to a content filter with the Postfix pipe(8) delivery agent. The content filter injects filtered mail @@ -282,21 +286,23 @@ document for an introduction to the Postfix architecture.

      -

    • Line 8: The -G option does nothing before Postfix 2.3, -otherwise it disables address rewriting of message headers.

      +

    • Line 8: The -G option says the filter output is not a local +mail submission: don't do silly things like appending the local +domain name to addresses in message headers. This option does +nothing before Postfix version 2.3.

    • Line 8: The -i option says don't stop reading input when a line contains "." only.

    • Line 8: NEVER NEVER NEVER use the "-t" command-line option -here. It will mis-deliver mail, like sending mailing list mail back -to the mailing list.

      +here. It will mis-deliver mail, like sending messages from a mailing +list back to the mailing list.

    • Line 21: The idea is to first capture the message to file and then run the content through a third-party content filter program.

      -

    • Line 22: If the mail cannot be captured to file, mail +

    • Line 22: If the message cannot be captured to file, mail delivery is deferred by terminating with exit status 75 (EX_TEMPFAIL). Postfix places the message in the deferred mail queue and tries again later.

      @@ -306,13 +312,14 @@ program here that receives the content on standard input.

    • Line 26: If the content filter program finds a problem, the mail is bounced by terminating with exit status 69 (EX_UNAVAILABLE). -Postfix will return the message to the sender as undeliverable. +Postfix will send the message back to the sender as undeliverable +mail.

      -

    • Note: in this time of mail worms and spam, it is a BAD +

    • NOTE: in this time of mail worms and spam, it is a BAD IDEA to send known viruses or spam back to the sender, because that -address is likely to be forged. It is safer to discard known to be -bad content and to quarantine suspicious content so that it can +address is likely to be forged. It is safer to discard known viruses +and to quarantine suspicious content so that it can be inspected by a human being.

    • Line 28: If the content is OK, it is given as input to @@ -331,7 +338,7 @@ as input: 

      -% /path/to/script -f sender recipient... <message-file
+% /path/to/script -f sender -- recipient... <message-file
      @@ -381,7 +388,7 @@ entry that defines the Postfix SMTP server:

      -o content_filter=filter:dummy -

      The "content_filter" line causes Postfix to add one content +

      The "-o content_filter" line causes Postfix to add one content filter request record to each incoming mail message, with content "filter:dummy". This record overrides the normal mail routing and causes mail to be given to the content filter instead.

      @@ -432,7 +439,7 @@ content_filter=filter:dummy" text from the entry that defines the Postfix SMTP server.

    • Execute "postsuper -r ALL" to remove content -filter information from existing queue files.

      +filter request records from existing queue files.

    • Execute another "postfix reload".

      @@ -553,7 +560,9 @@ document for an introduction to the Postfix architecture.

      The example given here filters all mail, including mail that arrives via SMTP and mail that is locally submitted via the Postfix -sendmail command. See examples near the end of this document for +sendmail command (local submissions enter Postfix via the pickup(8) +server; to keep the figure simple we omit local submission details). +See examples near the end of this document for how to exclude local users from filtering, or how to configure a destination dependent content filter.

      @@ -638,7 +647,7 @@ for more information.

    • The "-o disable_mime_output_conversion=yes" is a workaround that prevents the breaking of domainkeys and other digital signatures. This is needed because some SMTP-based content filters don't announce -8BITMIME support, even though they can handle it just fine.

      +8BITMIME support, even though they can handle 8-bit mail.

    • The "-o smtp_generic_maps=" is a workaround that prevents local address rewriting with generic(5) maps. Such rewriting should @@ -672,6 +681,10 @@ shell and home directory. This user handles all potentially dangerous mail content - that is why it should be a separate account.

      +

    • By default, Postfix will terminate a command that runs +longer than command_time_limit seconds (default: 1000s). This is a +safety measure that prevents filters from running forever.

      +

    If you want to have your filter listening on port localhost:10025 @@ -711,15 +724,14 @@ that injects mail back into Postfix.

      -

    • Note: do not use spaces around the "=" or "," characters.

      +

    • NOTE: do not use spaces around the "=" or "," characters.

      -

    • Note: the SMTP server must not have a smaller process +

    • NOTE: the SMTP server must not have a smaller process limit than the "filter" master.cf entry.

    • The "-o content_filter=" overrides main.cf settings, and requests no content filtering for mail from the content filter. -This is required or else mail will stay in the content filtering -loop.

      +This is required or else mail will loop.

    • The "-o receive_override_options" overrides main.cf settings to avoid duplicating work that was already done before the content @@ -737,7 +749,7 @@ specified in main.cf:

    • We specify "no_milters" to disable Milter applications (this option is available only in Postfix 2.3 and later).

      -

    • We don't specify "no_address_mapping" here. This +

    • We don't specify "no_address_mappings" here. This enables virtual alias expansion, canonical mappings, address masquerading, and other address mappings after the content filter. The main.cf setting of "receive_override_options" @@ -794,7 +806,7 @@ when content filtering is turned off.

    • Execute "postsuper -r ALL" to remove content -filter information from existing queue files.

      +filter request records from existing queue files.

    • Execute another "postfix reload".

      diff --git a/postfix/proto/LDAP_README.html b/postfix/proto/LDAP_README.html index 7b8b60857..8ad25d9be 100644 --- a/postfix/proto/LDAP_README.html +++ b/postfix/proto/LDAP_README.html @@ -350,7 +350,7 @@ assume for the moment that groups never have a "maildrop" (the "bgroup"

      Note: if the desired member object result attribute is always also -present in the group, you get suprising results, the expansion also +present in the group, you get surprising results, the expansion also returns the address of the group. This is a known limitation of Postfix releases prior to 2.4, and is addressed in the new with Postfix 2.4 "leaf_result_attribute" feature described in ldap_table(5).

      diff --git a/postfix/proto/MACOSX_README b/postfix/proto/MACOSX_README deleted file mode 100644 index 24f37094d..000000000 --- a/postfix/proto/MACOSX_README +++ /dev/null @@ -1,2 +0,0 @@ -See the files in auxiliary/MacOSX for hints and tips to set up -Postfix. diff --git a/postfix/proto/MILTER_README.html b/postfix/proto/MILTER_README.html index 853bb8ae3..8c8dfc46e 100644 --- a/postfix/proto/MILTER_README.html +++ b/postfix/proto/MILTER_README.html @@ -28,9 +28,13 @@ this happens before mail is queued.

      The reason for adding Milter support to Postfix is that there exists a large collection of applications, not only to block unwanted mail, but also to verify authenticity (examples: Domain keys +identified mail, SenderID+SPF and Domain keys) -or to digitally sign mail (example: Domain keys +identified mail, Domain keys). Having yet another Postfix-specific version of all that software is a poor use of human and system resources.

      @@ -202,14 +206,14 @@ does.

      On some Linux and *BSD distributions, the Sendmail libmilter library is installed by default. With this, applications such as -dk-milter +dkim-milter and sid-milter build out of the box without requiring any tinkering:

      -$ gzcat dk-milter-x.y.z.tar.gz | tar xf -
-$ cd dk-milter-x.y.z
+$ gzcat dkim-milter-x.y.z.tar.gz | tar xf -
+$ cd dkim-milter-x.y.z
 $ make
 [...lots of output omitted...]
      @@ -260,7 +264,7 @@ for options. A typical command looks like this:

      -# /some/where/dk-filter -u userid -p inet:portnumber@localhost ...other options...
+# /some/where/dkim-filter -u userid -p inet:portnumber@localhost ...other options...
      @@ -652,23 +656,70 @@ X-SenderID: Sendmail Sender-ID Filter vx.y.z host.example.com <unknown-msgid&
      -

      This happens because some Milter applications expect that the +

      This happens because those Milter applications expect that the queue ID is known before the MTA accepts the MAIL FROM (sender) command. Postfix, on the other hand, does not choose a queue file name until after it accepts the first valid RCPT -TO (recipient) command. Postfix queue file names must be unique +TO (recipient) command (Postfix queue file names must be unique across multiple directories, so the name can't be chosen before the -file is created. If multiple messages were to use the same queue -ID simultaneously, mail would be lost.

      +file is created; if multiple messages were to use the same queue +ID simultaneously, mail would be lost).

      -

      To work around the ugly message header from Milter applications, -we add a little code to the Milter source to look up the queue ID -after Postfix receives the end of the message.

      +
    + +

    Fixing the ugly header maybe as simple as upgrading to a recent +version of the Milter application. For example, current versions +of dkim-filter and dk-filter have code that looks up the Postfix +queue ID at a later protocol stage.

    + +

    To fix the ugly message header with sid-filter applications, +we change the source code, so that it does the queue ID lookup after +Postfix receives the end of the message.

    + +
      + +

    • Edit the filter source file (named +sid-filter/sid-filter.c).

      + +

    • Look up the smfilter table and replace +mlfi_eoh by NULL. +

      + +

    • Look up the mlfi_eom() function and add code near +the top that calls mlfi_eoh() as shown by the bold +text below:

      + +
    + +
    +
    +        assert(ctx != NULL);
+#endif /* !DEBUG */
+
+        ret = mlfi_eoh(ctx);
+        if (ret != SMFIS_CONTINUE)
+                return ret;
+
    +
    + +

    NOTES:

    + +
      + +

    • This was tested with sid-milter-0.2.10 and sid-milter-0.2.14.

      + +

    • This fixes only the ugly message header, but not the WARNING +message. Fortunately, sid-milter logs that message only once.

      + +
    + +

    To fix the ugly message header with other Milter applications, +you will need to do something like this:

    • Edit the filter source file (typically named -dk-filter/dk-filter.c or similar).

      +xxx-filter/xxx-filter.c or similar).

    • Look up the mlfi_eom() function and add code near the top shown as bold text below:

      @@ -700,43 +751,7 @@ variables. If the above code does not compile, look for the code at the start of the mlfi_eoh() routine.

    • This fixes only the ugly message header, but not the WARNING -message. Fortunately, dk-filter logs that message only once.

      - -
    - -

    With some Milter applications we can fix both the WARNING and -the "unknown-msgid" by postponing the call of mlfi_eoh() -(or whatever routine logs the WARNING) until the end of the message. -

    - -
      - -

    • Edit the filter source file (typically named -sid-filter/sid-filter.c or similar).

      - -

    • Look up the smfilter table and replace -mlfi_eoh (or whatever routine logs the WARNING) by NULL. -

      - -

    • Look up the mlfi_eom() function and add code near -the top that calls mlfi_eoh() as shown by the bold -text below:

      - -
    - -
    -
    -        assert(ctx != NULL);
-#endif /* !DEBUG */
-
-        ret = mlfi_eoh(ctx);
-        if (ret != SMFIS_CONTINUE)
-                return ret;
-
    -
    - -

    This works with sid-milter-0.2.10. Other Milter applications -will dump core when you do this.

    +message. Fortunately, many Milters log that message only once.

    diff --git a/postfix/proto/Makefile.in b/postfix/proto/Makefile.in index 594b32bae..69a2d361e 100644 --- a/postfix/proto/Makefile.in +++ b/postfix/proto/Makefile.in @@ -15,7 +15,6 @@ HTML = ../html/ADDRESS_CLASS_README.html \ ../html/CDB_README.html \ ../html/CONNECTION_CACHE_README.html \ ../html/CONTENT_INSPECTION_README.html \ - ../html/CYRUS_README.html \ ../html/DATABASE_README.html ../html/DB_README.html \ ../html/DEBUG_README.html \ ../html/DSN_README.html \ @@ -37,7 +36,7 @@ HTML = ../html/ADDRESS_CLASS_README.html \ ../html/STANDARD_CONFIGURATION_README.html \ ../html/TLS_README.html ../html/TLS_LEGACY_README.html \ ../html/TUNING_README.html \ - ../html/UUCP_README.html ../html/ULTRIX_README.html \ + ../html/UUCP_README.html \ ../html/VERP_README.html ../html/VIRTUAL_README.html \ ../html/XCLIENT_README.html ../html/XFORWARD_README.html \ ../html/postconf.5.html @@ -51,7 +50,6 @@ README = ../README_FILES/ADDRESS_CLASS_README \ ../README_FILES/CDB_README \ ../README_FILES/CONNECTION_CACHE_README \ ../README_FILES/CONTENT_INSPECTION_README \ - ../README_FILES/CYRUS_README \ ../README_FILES/DATABASE_README ../README_FILES/DB_README \ ../README_FILES/DEBUG_README \ ../README_FILES/DSN_README \ @@ -73,7 +71,7 @@ README = ../README_FILES/ADDRESS_CLASS_README \ ../README_FILES/STANDARD_CONFIGURATION_README \ ../README_FILES/TLS_README ../README_FILES/TLS_LEGACY_README \ ../README_FILES/TUNING_README \ - ../README_FILES/UUCP_README ../README_FILES/ULTRIX_README \ + ../README_FILES/UUCP_README \ ../README_FILES/VERP_README ../README_FILES/VIRTUAL_README \ ../README_FILES/XCLIENT_README ../README_FILES/XFORWARD_README \ ../README_FILES/AAAREADME diff --git a/postfix/proto/PACKAGE_README.html b/postfix/proto/PACKAGE_README.html index 72bdf2663..5790ebc4f 100644 --- a/postfix/proto/PACKAGE_README.html +++ b/postfix/proto/PACKAGE_README.html @@ -27,8 +27,8 @@ Postfix distributions for general use.

    file

    The installed main.cf file must be small. PLEASE resist the -temptation to list all 400+ parameters in the main.cf file. Postfix -is supposed to be easy to configure. Listing all 400+ in main.cf +temptation to list all parameters in the main.cf file. Postfix +is supposed to be easy to configure. Listing all parameters in main.cf defeats the purpose. It is an invitation for hobbyists to make random changes without understanding what they do, and gets them into endless trouble.

    diff --git a/postfix/proto/SMTPD_POLICY_README.html b/postfix/proto/SMTPD_POLICY_README.html index b2056a0c3..977f52f55 100644 --- a/postfix/proto/SMTPD_POLICY_README.html +++ b/postfix/proto/SMTPD_POLICY_README.html @@ -164,7 +164,7 @@ etrn_domain= These attributes are empty in case of no certificate authentication. As of Postfix 2.2.11 these attribute values are encoded as xtext: some characters are represented by +XX, where XX is the - two-digit hecadecimal representation of the character value. + two-digit hexadecimal representation of the character value.

  • The "encryption_*" attributes (Postfix 2.3 and later) diff --git a/postfix/proto/TUNING_README.html b/postfix/proto/TUNING_README.html index 0ad9830bc..f38fd7523 100644 --- a/postfix/proto/TUNING_README.html +++ b/postfix/proto/TUNING_README.html @@ -224,8 +224,8 @@ seconds or $smtpd_error_sleep_time, whichever is more.

    Measures against clients that make too many connections

    -

    Note: the anvil(8) service was introduced with Postfix version -2.2.

    +

    Note: these features use the Postfix anvil(8) service, introduced +with Postfix version 2.2.

    The Postfix smtpd(8) server can limit the number of simultaneous connections from the same SMTP client, as well as the number of @@ -233,34 +233,47 @@ connections that a client is allowed to make per unit time. These statistics are maintained by the anvil(8) server (translation: if anvil(8) breaks, then connection limits stop working).

    -

    IMPORTANT: These limits are designed to protect the smtpd(8) server -against flagrant abuse. Do not use these limits to regulate legitimate -traffic: mail will suffer grotesque delays if you do so.

    +

    IMPORTANT: These limits must not be used to regulate legitimate +traffic: mail will suffer grotesque delays if you do so. The limits +are designed to protect the smtpd(8) server against abuse by +out-of-control clients.

    -
      +
      -

    • An SMTP client may make up to $smtpd_client_connection_count_limit -simultaneous connections (default: 50). This is half the default -process limit.

      +
      -

    • An SMTP client may make up to $smtpd_client_message_rate_limit -message delivery requests per unit time (default: no limit).

      +
      smtpd_client_connection_count_limit (default: 50)
      +The maximum number of connections than an SMTP client may make +simultaneously.
      -

    • An SMTP client may send up to $smtpd_client_recipient_rate_limit -recipient addresses per unit time (default: no limit).

      +
      smtpd_client_connection_rate_limit (default: no limit)
      +
      The maximum number of connections that an SMTP client may make +in the time interval specified with anvil_rate_time_unit (default: +60s).
      -

    • An SMTP client may make up to $smtpd_client_connection_rate_limit -connections per unit time (default: no limit).

      +
      smtpd_client_message_rate_limit (default: no limit)
      +The maximum number of message delivery requests that an SMTP client +may make in the time interval specified with anvil_rate_time_unit +(default: 60s).
      -

    • These limits are not applied to SMTP clients in the networks -specified with $smtpd_client_event_limit_exceptions (default: -clients in $mynetworks may make an unlimited number of connections). +

      smtpd_client_recipient_rate_limit (default: no limit)
      +
      The maximum number of recipient addresses that an SMTP client +may specify in the time interval specified with anvil_rate_time_unit +(default: 60s).
      -

    • The anvil_rate_time_unit parameter specifies the time -unit over which client connection rates are computed (default: -60s). +

      smtpd_client_new_tls_session_rate_limit (default: no limit) +
      The maximum number of new TLS sessions (without using +the TLS session cache) that an SMTP client may negotiate in the +time interval specified with anvil_rate_time_unit (default: 60s). +
      -
    +
    smtpd_client_event_limit_exceptions (default: $mynetworks) +
    SMTP clients that are excluded from connection and rate +limits specified above.
    + +
    • + +

    General mail delivery performance tips

    @@ -360,7 +373,7 @@ is not useful. Another good reason to limit delivery concurrency to the same recipient: if the recipient has an expensive shell command in her .forward file, or if the recipient is a mailing list manager, you don't want to run too many instances of those processes -the same time.

    +at the same time.

  • The default smtp_destination_concurrency_limit of 20 seems enough to noticeably load a system without bringing it to its knees. @@ -465,10 +478,12 @@ some amount of time.

    -
    queue_run_delay (default: 1000 seconds)
    How often +
    queue_run_delay (default: 300 seconds; before Postfix 2.4: +1000s)
    How often the queue manager scans the queue for deferred mail.
    -
    minimal_backoff_time (default: 1000 seconds)
    The +
    minimal_backoff_time (default: 300 seconds; before Postfix +2.4: 1000s)
    The minimal amount of time a message won't be looked at, and the minimal amount of time to stay away from a "dead" destination.
    @@ -519,7 +534,8 @@ that usually requires timing out one or more SMTP connections.

    always better than increasing the frequency of delivery attempts. However, if you can control only the delivery attempt frequency, consider using a dedicated fallback_relay "graveyard" machine for -bad destinations so that they do not ruin the performance of normal +bad destinations, so that these destinations do not ruin the +performance of normal mail deliveries.

    Tuning the number of Postfix processes

    @@ -573,6 +589,20 @@ errors.

      +

    • Depending on your Postfix and operating system versions +you may need to recompile Postfix if you need more than 1024 file +descriptors per process:

      + +

      • No recompilation is needed for Postfix version 2.4 +and later, when it was compiled for systems that support BSD kqueue(2) +(FreeBSD 4.1, NetBSD 2.0, OpenBSD 2.9), Solaris 8 /dev/poll, or +Linux 2.6 epoll(4).

        + +

      • Otherwise, Postfix needs to be recompiled to override the +default FD_SETSIZE value.

        + +
      +

    • Reduce the number of processes as described under "Tuning the number of Postfix processes" above. Fewer processes need fewer open files and sockets.

      @@ -585,7 +615,8 @@ with your system tuning guide:

      • Some FreeBSD kernel parameters can be specified in -/boot/loader.conf, and some can be changed with sysctl commands. +/boot/loader.conf, and some can be specified in /etc/sysctl.conf +or changed with sysctl commands. Which is which depends on the version.

        @@ -598,7 +629,7 @@ kern.maxfilesperproc="16384"

      • Linux kernel parameters can be specified in /etc/sysctl.conf -and can also be changed with sysctl commands:

        +or changed with sysctl commands: 

         fs.file-max=16384
@@ -607,7 +638,7 @@ kernel.threads-max=2048
 
 
      •  
         Solaris kernel parameters can be specified in /etc/system,
 as described in the Solaris
+href="http://www.science.uva.nl/pub/solaris/solaris2.html#q3.48">Solaris
 FAQ entry titled "How can I increase the number of file
 descriptors per process?" 
        
 
diff --git a/postfix/proto/ULTRIX_README.html b/postfix/proto/ULTRIX_README.html
deleted file mode 100644
index b2fb39c4e..000000000
--- a/postfix/proto/ULTRIX_README.html
+++ /dev/null
@@ -1,71 +0,0 @@
-
-
-
-
-
-
-Postfix and Ultrix 
-
-
-
-
-
-
-
-
        Postfix and Ultrix 
        
-
-
        
-
-
         Postfix on Ultrix 
        
-
-
         This document is probably only of historical value, because
-Ultrix version 4 dates from the early 1990s. However, as long as
-Wietse keeps Postfix alive for SunOS 4, it is likely to run on
-Ultrix 4 with very little change. Feedback is welcome if anyone
-actually still uses Postfix on any version of Ultrix. 
        
-
-
         The source of this document is an email message by Christian von Roques
-that was sent on Jun 2, 1999. 
        
-
-
         
-
-
         I've upgraded the MTA of our DECstation-3100 running Ultrix4.3a to
-postfix-19990317-pl05 and am sending you the patches I needed to get
-it running under Ultrix. 
        
-
-
         . . . 
        
-
-
         One of the bugs of Ultrix's /bin/sh is that shell-variables
-set in arguments of `:' expand to garbage if expanded in here-documents.
-Using a different shell helps.  I needed to replace all calls of
-``sh .../makedefs'' by ``$(SHELL) .../makedefs'' in all the
-Makefile.in and am now able to use ``make SHELL=/bin/sh5'' or zsh.
-
-
         . . . 
        
-
-
         Ultrix's FD_SET_SIZE is 4096, but getdtablesize()
-returns 64 by default, if not increased when building a new
-kernel.  getrlimit() doesn't know RLIMIT_NOFILE.  This makes
-event_init() always log the warning: `could allocate space for
-only 64 open files'. 
        
-
-
         I just reduced the threshold from 256 to 64, but this is not good.
-The initial problem still remains: How to disable this warning on
-Ultrix without making the source ugly?   
        
-
-
        
-
-
         To work around the first problem, all the Makefile.in files
-have been updated to use `$(SHELL)' instead of `sh'. So you only
-need to supply a non-default shell in order to eliminate Ultrix
-shell trouble.  
        
-
-
         To work around the latter, util/sys_defs.h was updated for
-Ultrix, with a default FD_SETSIZE of 100.  This should be sufficient
-for a workstation. Even in 1999, no-one would run a major mail hub
-on Ultrix 4. 
        
-
-
-
-
diff --git a/postfix/proto/access b/postfix/proto/access
index 261ca8b2e..e170184f5 100644
--- a/postfix/proto/access
+++ b/postfix/proto/access
@@ -10,10 +10,10 @@
 #
 #	\fBpostmap -q - /etc/postfix/access <\fIinputfile\fR
 # DESCRIPTION
-#	The Postfix SMTP server supports access control on remote
-#	SMTP client information: host names, network addresses, and
-#	envelope sender
-#	or recipient addresses.  See \fBheader_checks\fR(5) or
+#	This document describes access control on remote SMTP client
+#	information: host names, network addresses, and envelope
+#	sender or recipient addresses; it is implemented by the
+#	Postfix SMTP server.  See \fBheader_checks\fR(5) or
 #	\fBbody_checks\fR(5) for access control on the content of
 #	email messages.
 #
@@ -244,7 +244,7 @@
 #	More information
 #	about external content filters is in the Postfix FILTER_README file.
 # .sp
-#	Note: this action overrides the \fBmain.cf content_filter\fR setting,
+#	Note: this action overrides the \fBcontent_filter\fR setting,
 #	and currently affects all recipients of the message.
 # .sp
 #	This feature is available in Postfix 2.0 and later.
diff --git a/postfix/proto/header_checks b/postfix/proto/header_checks
index 5aa8c1533..1f0d963ef 100644
--- a/postfix/proto/header_checks
+++ b/postfix/proto/header_checks
@@ -2,7 +2,7 @@
 # NAME
 #	header_checks 5
 # SUMMARY
-#	Postfix built-in header/body inspection
+#	Postfix built-in content inspection
 # SYNOPSIS
 #	\fBheader_checks = pcre:/etc/postfix/header_checks\fR
 # .br
@@ -16,8 +16,9 @@
 # .br
 #	\fBpostmap -fq - pcre:/etc/postfix/\fIfilename\fR <\fIinputfile\fR
 # DESCRIPTION
-#	The Postfix \fBcleanup\fR(8) server supports access control
-#	on the content of message headers and message body lines.
+#	This document describes access control on the content of
+#	message headers and message body lines; it is implemented
+#	by the Postfix cleanup(8) server before mail is queued.
 #	See \fBaccess\fR(5) for access control on remote SMTP client
 #	information.
 #
@@ -84,16 +85,17 @@
 # .IP "\fBif /\fIpattern\fB/\fIflags\fR"
 # .IP "\fBendif\fR"
 #	Match the input string against the patterns between \fBif\fR
-#	and \fBendif\fR, if and only if the input string also matches
-#	\fIpattern\fR. The \fBif\fR..\fBendif\fR can nest.
+#	and \fBendif\fR, if and only if the same input string also
+#	matches \fIpattern\fR. The \fBif\fR..\fBendif\fR can nest.
 # .sp
 #	Note: do not prepend whitespace to patterns inside
 #	\fBif\fR..\fBendif\fR.
 # .IP "\fBif !/\fIpattern\fB/\fIflags\fR"
 # .IP "\fBendif\fR"
 #	Match the input string against the patterns between \fBif\fR
-#	and \fBendif\fR, if and only if the input string does \fBnot\fR
-#	match \fIpattern\fR. The \fBif\fR..\fBendif\fR can nest.
+#	and \fBendif\fR, if and only if the same input string does
+#	\fBnot\fR match \fIpattern\fR. The \fBif\fR..\fBendif\fR
+#	can nest.
 # .IP "blank lines and comments"
 #	Empty lines and whitespace-only lines are ignored, as
 #	are lines whose first non-whitespace character is a `#'.
@@ -172,13 +174,13 @@
 # .sp
 #	This feature is available in Postfix 2.1 and later.
 # .IP "\fBFILTER \fItransport:destination\fR"
-#	Write a content filter request to the queue file and
+#	Write a content filter request to the queue file, and
 #	inspect the next input line.
 #	After the complete message is received it will be sent through
 #	the specified external content filter.  More information about
 #	external content filters is in the Postfix FILTER_README file.
 # .sp
-#	Note: this action overrides the \fBmain.cf content_filter\fR setting,
+#	Note: this action overrides the \fBcontent_filter\fR setting,
 #	and affects all recipients of the message. In the case that multiple
 #	\fBFILTER\fR actions fire, only the last one is executed.
 # .sp
@@ -203,10 +205,10 @@
 # .sp
 #	This feature is available in Postfix 2.0 and later.
 # .IP \fBIGNORE\fR
-#	Delete the current line from the input and inspect
+#	Delete the current line from the input, and inspect
 #	the next input line.
 # .IP "\fBPREPEND \fItext...\fR"
-#	Prepend one line with the specified text and inspect the next
+#	Prepend one line with the specified text, and inspect the next
 #	input line.
 # .sp
 #	Notes: 
@@ -228,7 +230,7 @@
 # .IP
 #	This feature is available in Postfix 2.1 and later.
 # .IP "\fBREDIRECT \fIuser@domain\fR"
-#	Write a message redirection request to the queue file and
+#	Write a message redirection request to the queue file, and
 #	inspect the next input line. After the message is queued,
 #	it will be sent to the specified address instead of the
 #	intended recipient(s).
@@ -239,7 +241,7 @@
 # .sp
 #	This feature is available in Postfix 2.1 and later.
 # .IP "\fBREPLACE \fItext...\fR"
-#	Replace the current line with the specified text and inspect the next
+#	Replace the current line with the specified text, and inspect the next
 #	input line.
 # .sp
 #	This feature is available in Postfix 2.2 and later. The
@@ -270,19 +272,25 @@
 #	"5.7.1".
 # .IP "\fBWARN \fIoptional text...\fR
 #	Log a warning with the \fIoptional text...\fR (or log a
-#	generic message) and inspect the next input line. This
+#	generic message), and inspect the next input line. This
 #	action is useful for debugging and for testing a pattern
 #	before applying more drastic actions.
 # BUGS
 #	Many people overlook the main limitations of header and body_checks
-#	rules.  These rules operate on one logical message header or one body
-#	line at a time, and a decision made for one line is not carried over
-#	to the next line.  If text in the message body is encoded
+#	rules.
+# .IP \(bu
+#	These rules operate on one logical message header or one body
+#	line at a time. A decision made for one line is not carried over
+#	to the next line.
+# .IP \(bu
+#	If text in the message body is encoded
 #	(RFC 2045) then the rules have to specified for the encoded
-#	form.  Likewise, when message headers are encoded (RFC
+#	form.
+# .IP \(bu
+#	Likewise, when message headers are encoded (RFC
 #	2047) then the rules need to be specified for the encoded
 #	form.
-#
+# .PP
 #	Message headers added by the \fBcleanup\fR(8) daemon itself
 #	are excluded from inspection. Examples of such message headers
 #	are \fBFrom:\fR, \fBTo:\fR, \fBMessage-ID:\fR, \fBDate:\fR.
diff --git a/postfix/proto/ldap_table b/postfix/proto/ldap_table
index 8d11e7176..7ca455730 100644
--- a/postfix/proto/ldap_table
+++ b/postfix/proto/ldap_table
@@ -340,7 +340,7 @@
 # .ti +4
 #	terminal_result_attribute = maildrop
 #
-#	This feature is available with Postfix >= 2.4.
+#	This feature is available with Postfix 2.4 or later.
 # .IP "\fBleaf_result_attribute (default: empty)\fR"
 #	When one or more special result attributes are found in a non-terminal
 #	(see above) LDAP entry, leaf result attributes are excluded from the
@@ -368,7 +368,7 @@
 #	leaf_result_attribute = mail
 # .in -4
 #
-#	This feature is available with Postfix >= 2.4.
+#	This feature is available with Postfix 2.4 or later.
 # .IP "\fBscope (default: sub)\fR"
 #	The LDAP search scope: \fBsub\fR, \fBbase\fR, or \fBone\fR.
 #	These translate into LDAP_SCOPE_SUBTREE, LDAP_SCOPE_BASE,
diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto
index e8d4b9e55..32ea94869 100644
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@@ -2622,17 +2622,18 @@ Specify 0 when mail delivery should be tried only once.
 The maximal size in bytes of a message, including envelope information.
 
        
 
-%PARAM minimal_backoff_time version dependent
+%PARAM minimal_backoff_time 300s
+
+
        
+The minimal time between attempts to deliver a deferred message;
+prior to Postfix 2.4 the default value was 1000s.
+
        
 
 
        
-The minimal time between attempts to deliver a deferred message.
 This parameter also limits the time an unreachable destination is
 kept in the short-term, in-memory, destination status cache.
 
        
 
-
         With Postfix 2.4 the default value was reduced from 1000s to
-300s.  
        
-
 
         This parameter should be set greater than or equal to
 $queue_run_delay. See also $maximal_backoff_time.  
        
 
@@ -3076,14 +3077,11 @@ With Postfix versions 2.0 and earlier, a queue_minfree value of
 zero means there is no minimum required amount of free space.
 
        
 
-%PARAM queue_run_delay version dependent
+%PARAM queue_run_delay 300s
 
 
        
-The time between deferred queue scans by the queue manager.
-
        
-
-
        
-With Postfix 2.4 the default value was reduced from 1000s to 300s.
+The time between deferred queue scans by the queue manager;
+prior to Postfix 2.4 the default value was 1000s.
 
        
 
 
         This parameter should be set less than or equal to
@@ -6491,8 +6489,8 @@ are calculated.
 
        
 
 
        
-This feature is implemented by the anvil(8) service which is not
-part of the stable Postfix version 2.1 release.
+This feature is implemented by the anvil(8) service which is available
+in Postfix version 2.2 and later.
 
        
 
 
        
@@ -9631,7 +9629,7 @@ and higher the optional "ciphers" attribute overrides the main.cf
 smtp_tls_mandatory_ciphers parameter and the optional "protocols"
 keyword overrides the main.cf smtp_tls_mandatory_protocols parameter.
 In the policy table, multiple protocols must be separated by colons,
-as attribute values may not contain whitespace or commas. 
        
+as attribute values may not contain whitespace or commas. 
 
 
        verify
         
        Mandatory TLS verification.  At this security
 level, DNS MX lookups are trusted to be secure enough, and the name
diff --git a/postfix/src/global/dict_proxy.c b/postfix/src/global/dict_proxy.c
index c36675c4c..264b5ed39 100644
--- a/postfix/src/global/dict_proxy.c
+++ b/postfix/src/global/dict_proxy.c
@@ -91,6 +91,7 @@ static const char *dict_proxy_lookup(DICT *dict, const char *key)
     VSTREAM *stream;
     int     status;
     int     count = 0;
+    int     request_flags;
 
     /*
      * The client and server live in separate processes that may start and
@@ -101,6 +102,8 @@ static const char *dict_proxy_lookup(DICT *dict, const char *key)
      */
     VSTRING_RESET(dict_proxy->result);
     VSTRING_TERMINATE(dict_proxy->result);
+    request_flags = (dict_proxy->in_flags & DICT_FLAG_RQST_MASK)
+	| (dict->flags & DICT_FLAG_RQST_MASK);
     for (;;) {
 	stream = clnt_stream_access(proxy_stream);
 	errno = 0;
@@ -108,7 +111,7 @@ static const char *dict_proxy_lookup(DICT *dict, const char *key)
 	if (attr_print(stream, ATTR_FLAG_NONE,
 		       ATTR_TYPE_STR, MAIL_ATTR_REQ, PROXY_REQ_LOOKUP,
 		       ATTR_TYPE_STR, MAIL_ATTR_TABLE, dict->name,
-		       ATTR_TYPE_INT, MAIL_ATTR_FLAGS, dict_proxy->in_flags,
+		       ATTR_TYPE_INT, MAIL_ATTR_FLAGS, request_flags,
 		       ATTR_TYPE_STR, MAIL_ATTR_KEY, key,
 		       ATTR_TYPE_END) != 0
 	    || vstream_fflush(stream)
@@ -122,7 +125,7 @@ static const char *dict_proxy_lookup(DICT *dict, const char *key)
 	    if (msg_verbose)
 		msg_info("%s: table=%s flags=%s key=%s -> status=%d result=%s",
 			 myname, dict->name,
-			 dict_flags_str(dict_proxy->in_flags), key,
+			 dict_flags_str(request_flags), key,
 			 status, STR(dict_proxy->result));
 	    switch (status) {
 	    case PROXY_STAT_BAD:
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 6acac2a2c..3fe84d0ef 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,8 +20,8 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20070320"
-#define MAIL_VERSION_NUMBER	"2.4.0-RC7"
+#define MAIL_RELEASE_DATE	"20070323"
+#define MAIL_VERSION_NUMBER	"2.4.0-RC8"
 
 #ifdef SNAPSHOT
 # define MAIL_VERSION_DATE	"-" MAIL_RELEASE_DATE
diff --git a/postfix/src/global/mbox_open.c b/postfix/src/global/mbox_open.c
index 42fae4ca1..ea96d8a4b 100644
--- a/postfix/src/global/mbox_open.c
+++ b/postfix/src/global/mbox_open.c
@@ -161,9 +161,9 @@ MBOX   *mbox_open(const char *path, int flags, mode_t mode, struct stat * st,
      */
     if ((fp = safe_open(path, flags | O_NONBLOCK, mode, st,
 			chown_uid, chown_gid, why->reason)) == 0) {
+	dsb_status(why, mbox_dsn(errno, def_dsn));
 	if (locked & MBOX_DOT_LOCK)
 	    dot_unlockfile(path);
-	dsb_status(why, mbox_dsn(errno, def_dsn));
 	return (0);
     }
     close_on_exec(vstream_fileno(fp), CLOSE_ON_EXEC);
diff --git a/postfix/src/util/sys_defs.h b/postfix/src/util/sys_defs.h
index 96608aa4c..faa2d9f2f 100644
--- a/postfix/src/util/sys_defs.h
+++ b/postfix/src/util/sys_defs.h
@@ -208,6 +208,12 @@
 #define NATIVE_NEWALIAS_PATH "/usr/bin/newaliases"
 #define NATIVE_COMMAND_DIR "/usr/sbin"
 #define NATIVE_DAEMON_DIR "/usr/libexec/postfix"
+
+#ifndef NO_KQUEUE
+# define EVENTS_STYLE	EVENTS_STYLE_KQUEUE
+# define USE_SYSV_POLL
+#endif
+
 #endif
 
  /*