mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-09-03 23:55:18 +00:00
Code Issues Releases Wiki Activity

postfix-2.4.0-RC8

Browse Source
This commit is contained in:
Wietse Venema
2007-03-23 00:00:00 -05:00
committed by Viktor Dukhovni
parent b98446f146
commit 47602acef6
86 changed files with 1472 additions and 2088 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
postfix/HISTORY
View File

@@ -13303,7 +13303,8 @@ Apologies for any names omitted.
instead of appending mail to a deleted file. To minimize
the use of this workaround, Postfix now by default creates
mailbox dotlock files on all systems, and creates dotlock
files before opening mailbox files. Files: util/sys_defs.h.
files before opening mailbox files. Files: util/sys_defs.h,
global/mbox_open.c.
20070301
@@ -13374,6 +13375,17 @@ Apologies for any names omitted.
records or content encoding records with other mail. File:
global/rec_type.h.
20070321
Bugfix (introduced 20070224): local(8) or virtual(8) could
log a misleading error message after failure to open a
mailbox file. File: global/mbox_open.c.
Bugfix (code should have been updated 20070104): the proxymap
client did not propagate changes in case folding flags.
Currently, nothing in Postfix uses this functionality.
File: global/dict_proxy.c.
Wish list:
Bind all deliveries to the same local delivery process,

8
postfix/README_FILES/AAAREADME
View File

@@ -18,7 +18,6 @@ PPrroobblleemm ssoollvviinngg
* QSHAPE_README: Bottleneck analysis
* TUNING_README: Performance tuning
* DEBUG_README: Debugging strategies
* Error messages (*)
CCoonntteenntt iinnssppeeccttiioonn
@@ -50,20 +49,16 @@ LLooookkuupp ttaabblleess ((ddaattaabbaasseess))
MMaaiilliinngg lliisstt ssuuppppoorrtt
* qmail/ezmlm support (*)
* VERP_README: VERP Support
SSppeecciiffiicc eennvviirroonnmmeennttss
* LINUX_README: Linux issues
* NFS_README: NFS issues
* ULTRIX_README: Ultrix support
OOtthheerr mmaaiill ddeelliivveerryy aaggeennttss
* Cyrus (*)
* MAILDROP_README: Maildrop
* LMTP (*)
OOtthheerr ttooppiiccss
@@ -78,6 +73,3 @@ OOtthheerr ttooppiiccss
* XCLIENT_README: XCLIENT Command
* XFORWARD_README: XFORWARD Command
(*) These documents will be made available via http://www.postfix.org/ and
mirror sites.

5
postfix/README_FILES/ADDRESS_CLASS_README
View File

@@ -28,8 +28,9 @@ An address class is defined by three items.
* The list of domains that are a member of the class: for example, all local
domains, or all relay domains.
* The default delivery method. For example, the local or smtp delivery agent.
This helps to keep Postfix configurations simple.
* The default delivery transport. For example, the local or relay delivery
transport (delivery transports are defined in master.cf). This helps to
keep Postfix configurations simple.
* The list of valid recipient addresses for that address class. The Postfix
SMTP server rejects invalid recipients with "User unknown in <name of

4
postfix/README_FILES/ADDRESS_VERIFICATION_README
View File

@@ -122,7 +122,9 @@ from filling up with MAILER-DAEMON messages.
Recipient address verification is relatively straightforward and there are no
surprises. If a recipient probe fails, then Postfix rejects mail for the
recipient address. If a recipient probe succeeds, then Postfix accepts mail for
the recipient address.
the recipient address. However, recipient address verification probes can
increase the load on down-stream MTAs when you're being flooded by backscatter
bounces, or when some spammer is mounting a dictionary attack.
By default, address verification results are not saved. To avoid probing the
same address repeatedly, you can store the result in a persistent database as

18
postfix/README_FILES/CONNECTION_CACHE_README
View File

@@ -57,13 +57,25 @@ reused only by the mail delivering process that creates the connection. To get
the same performance improvement as with a shared connection cache, non-shared
connections need to be kept open for a longer time.
Internet <-- smtp(8) <-> scache(8) <-> smtp(8) --> Internet
The scache(8) server, introduced with Postfix version 2.2, maintains the shared
connection cache. With Postfix version 2.2, only the smtp(8) client has support
to access this cache.
smtp(8) --> Internet
|
|
|
| smtp(8) --> Internet
|
|
v ^
|
scache(8)
When SMTP connection caching is enabled (see next section), the smtp(8) client
does not disconnect after a mail transaction, but gives the connection to the
scache(8) server which keeps the connection open for a limited amount of time.

6
postfix/README_FILES/DATABASE_README
View File

@@ -44,7 +44,8 @@ Benefits of the Postfix (key, value) query interface:
lookups" below.
* You can use Berkeley DB files with fixed lookup strings for simple address
rewriting operations and you can use regular expression tables for the more
complicated work.
complicated work. In other words, you don't have to put everything into the
same table.
PPoossttffiixx lliissttss vveerrssuuss ttaabblleess
@@ -124,7 +125,8 @@ update fails because the disk is full or because something else happens. This
is because commands such as postmap(1) or postalias(1) overwrite existing
files. If the update fails in the middle then you have no usable database, and
Postfix will stop working. This is not an issue with the CDB database type
available with Postfix 2.2 and later, because CDB database rebuilds are atomic.
available with Postfix 2.2 and later: CDB creates a new file, and renames the
file upon successful completion.
With multi-file databases such as DBM, there is no simple solution. With
Berkeley DB and other "one file" databases, it is possible to add some extra

15
postfix/README_FILES/DB_README
View File

@@ -25,14 +25,15 @@ This document describes:
BBuuiillddiinngg PPoossttffiixx oonn ssyysstteemmss wwiitthhoouutt BBeerrkkeelleeyy DDBB
Many commercial UNIXes ship without Berkeley DB support. Examples are Solaris,
HP-UX, IRIX, UNIXWARE. In order to build Postfix with Berkeley DB support you
need to download and install the source code from http://www.sleepycat.com/
Some UNIXes ship without Berkeley DB support; for historical reasons these use
DBM files instead. A problem with DBM files is that they can store only limited
amounts of data. To build Postfix with Berkeley DB support you need to download
and install the source code from http://www.oracle.com/database/berkeley-db/.
Warning: some Linux system libraries use Berkeley DB, as do some third-party
libraries such as SASL. If you compile Postfix with a different Berkeley DB
implementation, then every Postfix program will dump core because either the
system library, SASL library, or Postfix itself ends up using the wrong
system library, the SASL library, or Postfix itself ends up using the wrong
version.
The more recent Berkeley DB versions have a compile-time switch, "--with-
@@ -40,8 +41,8 @@ uniquename", which renames the symbols so that multiple versions of Berkeley DB
can co-exist in the same application. Although wasteful, this may be the only
way to keep things from falling apart.
To build Postfix after you installed the Berkeley DB from http://
www.sleepycat.com/, use something like:
To build Postfix after you installed the Berkeley DB from source code, use
something like:
% make tidy
% make makefiles CCARGS="-DHAS_DB -I/usr/local/BerkeleyDB/include" \
@@ -151,5 +152,5 @@ Add the "-lpthread" library to the "make makefiles" command.
% make makefiles .... AUXLIBS="... -lpthread"
More information is available at http://www.sleepycat.com/.
More information is available at http://www.oracle.com/database/berkeley-db/.

41
postfix/README_FILES/DEBUG_README
View File

@@ -54,8 +54,8 @@ The nature of each problem is indicated as follows:
configuration file settings that you can fix. Postfix cannot proceed until
this is fixed.
* "eerrrroorr" reports a fatal or non-fatal error condition. Postfix cannot
proceed until this is fixed.
* "eerrrroorr" reports an error condition. For safety reasons, a Postfix process
will terminate when more than 13 of these happen.
* "wwaarrnniinngg" indicates a non-fatal error. These are problems that you may not
be able to fix (such as a broken DNS server elsewhere on the network) but
@@ -85,7 +85,7 @@ Postfix can produce two types of mail delivery reports for debugging:
Mail Delivery Status Report will be mailed to <your login name>.
These reports contain information that is generated by Postfix delivery agents.
Since these run as daemon processes and do not interact with users directly,
Since these run as daemon processes that cannot interact with users directly,
the result is sent as mail to the sender of the test message. The format of
these reports is practically identical to that of ordinary non-delivery
notifications.
@@ -136,29 +136,31 @@ change effective immediately, execute the command "ppoossttffiixx rreel
RReeccoorrdd tthhee SSMMTTPP sseessssiioonn wwiitthh aa nneettwwoorrkk ssnniiffffeerr
This example uses ttccppdduummpp. In order to record a conversation you need to
specify a large enough buffer with the "-s" option or else you will miss some
specify a large enough buffer with the "--ss" option or else you will miss some
or all of the packet payload.
# ttccppdduummpp --ww //ffiillee//nnaammee --ss 22000000 hhoosstt eexxaammppllee..ccoomm aanndd ppoorrtt 2255
# ttccppdduummpp --ww //ffiillee//nnaammee --ss 00 hhoosstt eexxaammppllee..ccoomm aanndd ppoorrtt 2255
Older tcpdump versions don't support "--ss 00"; in that case, use "--ss 22000000"
instead.
Run this for a while, stop with Ctrl-C when done. To view the data use a binary
viewer, or eetthheerreeaall, or use my ttccppdduummppxx utility that is available from ftp://
ftp.porcupine.org/pub/debugging/.
viewer, eetthheerreeaall, or good old lleessss.
MMaakkiinngg PPoossttffiixx ddaaeemmoonn pprrooggrraammss mmoorree vveerrbboossee
Append one or more "--vv" options to selected daemon definitions in /etc/postfix/
master.cf and type "ppoossttffiixx rreellooaadd". This will cause a lot of activity to be
logged to the syslog daemon. Example:
logged to the syslog daemon. For example, to make the Postfix SMTP server
process more verbose:
/etc/postfix/master.cf:
smtp inet n - n - - smtpd -v
This makes the Postfix SMTP server more verbose. To diagnose problems with
address rewriting one would specify a "--vv" option for the cleanup(8) and/or
trivial-rewrite(8) daemon, and to diagnose problems with mail delivery one
would specify a "--vv" option for the qmgr(8) or oqmgr(8) queue manager, or for
the lmtp(8), local(8), pipe(8), smtp(8), or virtual(8) delivery agent.
To diagnose problems with address rewriting specify a "--vv" option for the
cleanup(8) and/or trivial-rewrite(8) daemon, and to diagnose problems with mail
delivery specify a "--vv" option for the qmgr(8) or oqmgr(8) queue manager, or
for the lmtp(8), local(8), pipe(8), smtp(8), or virtual(8) delivery agent.
MMaannuuaallllyy ttrraacciinngg aa PPoossttffiixx ddaaeemmoonn pprroocceessss
@@ -361,16 +363,17 @@ When reporting a problem, be sure to include the following information.
* Postfix logging. See the text at the top of the DEBUG_README document to
find out where logging is stored. Please do not frustrate the helpers by
word wrapping the logging.
word wrapping the logging. If the logging is more than a few kbytes of
text, consider posting an URL on a web or ftp site.
* Consider using a test email address so that you don't have to reveal email
addresses or passwords of innocent people.
* If you can't use a test email address, please anonymize information
consistently. Replace each letter by "A", each digit by "D" so that the
helpers can still recognize syntactical errors.
* If you can't use a test email address, please anonymize email addresses and
host names consistently. Replace each letter by "A", each digit by "D" so
that the helpers can still recognize syntactical errors.
* Output from "ppoossttccoonnff --nn". Please do not send your main.cf file or 400+
* Output from "ppoossttccoonnff --nn". Please do not send your main.cf file, or 500+
lines of ppoossttccoonnff output.
* Better, provide output from the ppoossttffiinnggeerr tool. This can be found at http:
@@ -383,7 +386,7 @@ When reporting a problem, be sure to include the following information.
* If the problem is about too much mail in the queue, consider including
output from the qqsshhaappee tool, as described in the QSHAPE_README file.
* If the problem is protocol related (connections time out or an SMTP server
* If the problem is protocol related (connections time out, or an SMTP server
complains about syntax errors etc.) consider recording a session with
ttccppdduummpp, as described in the DEBUG_README document.

2
postfix/README_FILES/DSN_README
View File

@@ -22,7 +22,7 @@ Specifically, DSN support gives an email sender the ability to specify:
confused with the message ID, which identifies the message content.
The implementation of DSN support involves extra parameters to the SMTP MAIL
FROM and RCPT TO commands, as well as new Postfix sendmail command line options
FROM and RCPT TO commands, as well as two Postfix sendmail command line options
that provide a sub-set of the functions of the extra SMTP command parameters.
This document has information on the following topics:

40
postfix/README_FILES/ETRN_README
View File

@@ -11,10 +11,6 @@ to the customer, and delivers that mail bbyy ccoonnnneeccttiinngg t
sseerrvveerr. The mail is not delivered via the connection that was used for sending
ETRN.
Postfix versions before 1.0 (also known as version 20010228) implemented the
ETRN command in an inefficient manner: they simply attempted to deliver all
queued mail. This is slow on mail servers that queue mail for many customers.
As of version 1.0, Postfix has a fast ETRN implementation that does not require
Postfix to examine every queue file. Instead, Postfix maintains a record of
what queue files contain mail for destinations that are configured for ETRN
@@ -40,11 +36,11 @@ The following is an example SMTP session that shows how an SMTP client requests
the ETRN service. Client commands are shown in bold font.
220 my.server.tld ESMTP Postfix
hheelloo mmyy..cclliieenntt..ttlldd
HHEELLOO mmyy..cclliieenntt..ttlldd
250 Ok
eettrrnn ssoommee..ccuussttoommeerr..ddoommaaiinn
EETTRRNN ssoommee..ccuussttoommeerr..ddoommaaiinn
250 Queuing started
qquuiitt
QQUUIITT
221 Bye
As mentioned in the introduction, the mail is delivered by connecting to the
@@ -53,7 +49,8 @@ send the ETRN command.
The Postfix operator can request delivery for a specific customer by using the
command "sendmail -qRdestination" and, with Postfix version 1.1 and later,
"postqueue -sdestination".
"postqueue -sdestination". Access to this feature is controlled with the
authorized_flush_users configuration parameter (Postfix version 2.2 and later).
HHooww PPoossttffiixx ffaasstt EETTRRNN wwoorrkkss
@@ -85,13 +82,14 @@ service for every possible destination.
* The flush(8) daemon maintains per-destination logfiles with queue file
names. When a request to "deliver mail now" arrives, Postfix will attempt
to deliver all recipients in the queue files that have mail for the
destination in question. This does not perform well when queue files have
recipients in many different domains.
destination in question. This does not perform well with queue files that
have recipients in many different domains, such as queue files with
outbound mailing list traffic.
* The flush(8) daemon maintains per-destination logfiles only for
destinations listed with $fast_flush_domains. With other destinations it
not possible to trigger delivery with "sendmail -qRdestination" or, with
Postfix version 1.1 and later, "postqueue -sdestination".
destinations listed with $fast_flush_domains. With other destinations you
cannot request delivery with "sendmail -qRdestination" or, with Postfix
version 1.1 and later, "postqueue -sdestination".
* Up to and including early versions of Postfix version 2.1, the "fast flush"
service may not deliver some messages if the request to "deliver mail now"
@@ -100,6 +98,10 @@ service for every possible destination.
dead domains, and the list of message delivery transports specified with
the defer_transports configuration parameter.
* Up to and including Postfix version 2.3, the "fast flush" service may not
deliver some messages if the request to "deliver mail now" arrives while an
incoming queue scan is already in progress.
CCoonnffiigguurriinngg tthhee PPoossttffiixx ffaasstt EETTRRNN sseerrvviiccee
The behavior of the flush(8) daemon is controlled by parameters in the main.cf
@@ -200,9 +202,9 @@ client that is allowed to execute ETRN commands (by default, that's every
client), and type the commands shown in boldface:
220 my.server.tld ESMTP Postfix
hheelloo mmyy..cclliieenntt..ttlldd
HHEELLOO mmyy..cclliieenntt..ttlldd
250 Ok
eettrrnn ssoommee..ccuussttoommeerr..ddoommaaiinn
EETTRRNN ssoommee..ccuussttoommeerr..ddoommaaiinn
250 Queuing started
where "some.customer.domain" is the name of a domain that has a non-empty
@@ -225,9 +227,9 @@ relay to (any domain listed in $relay_domains), but that has no mail queued.
The text in bold face stands for the commands that you type:
220 my.server.tld ESMTP Postfix
hheelloo mmyy..cclliieenntt..ttlldd
HHEELLOO mmyy..cclliieenntt..ttlldd
250 Ok
eettrrnn ssoommee..ootthheerr..ccuussttoommeerr..ddoommaaiinn
EETTRRNN ssoommee..ootthheerr..ccuussttoommeerr..ddoommaaiinn
250 Queuing started
This time, the "ETRN"" command should trigger NO mail deliveries at all. If
@@ -239,9 +241,9 @@ willing to relay to. It does not matter if your server has mail queued for that
destination.
220 my.server.tld ESMTP Postfix
hheelloo mmyy..cclliieenntt..ttlldd
HHEELLOO mmyy..cclliieenntt..ttlldd
250 Ok
eettrrnn nnoott..aa..ccuussttoommeerr..ddoommaaiinn
EETTRRNN nnoott..aa..ccuussttoommeerr..ddoommaaiinn
459 <not.a.customer.domain>: service unavailable
In this case, Postfix should reject the request as shown above.

82
postfix/README_FILES/FILTER_README
View File

@@ -21,9 +21,9 @@ This document describes implementations that use a single Postfix instance for
everything: receiving, filtering and delivering mail. Applications that use two
separate Postfix instances will be covered by a later version of this document.
The after-queue content filter is not to be confused with the approach that is
described in the SMTPD_PROXY_README document, where incoming SMTP mail is
filtered BEFORE it is stored into the Postfix queue.
The after-queue content filter is not to be confused with the approaches
described in the SMTPD_PROXY_README or MILTER_README documents, where incoming
SMTP mail is filtered BEFORE it is stored into the Postfix queue.
This document describes two approaches to content filter all email, as well as
several options to filter mail selectively:
@@ -50,14 +50,16 @@ several options to filter mail selectively:
PPrriinncciipplleess ooff ooppeerraattiioonn
An external content filter receives unfiltered mail from Postfix (as described
further below) and does one of the following:
An after-queue content filter receives unfiltered mail from Postfix (as
described further below) and can do one of the following:
1. Re-inject the mail back into Postfix, perhaps after changing content and/or
destination.
2. Reject the mail (by sending a suitable status code back to Postfix).
Postfix will return the mail to the sender.
2. Discard or quarantine the mail.
3. Reject the mail (by sending a suitable status code back to Postfix).
Postfix will send the mail back to the sender address.
NOTE: in this time of mail worms and forged spam, it is a VERY BAD IDEA to send
viruses back to the sender address, because the sender address is almost
@@ -67,8 +69,9 @@ it.
SSiimmppllee ccoonntteenntt ffiilltteerr eexxaammppllee
The first example is simple to set up. Postfix receives unfiltered mail from
the network with the smtpd(8) server, and delivers unfiltered mail to a content
The first example is simple to set up, but has major limitations that will be
addressed in a second example. Postfix receives unfiltered mail from the
network with the smtpd(8) server, and delivers unfiltered mail to a content
filter with the Postfix pipe(8) delivery agent. The content filter injects
filtered mail back into Postfix with the Postfix sendmail(1) command, so that
Postfix can deliver it to the final destination.
@@ -126,33 +129,36 @@ The content filter can be a simple shell script like this:
Notes:
* Line 8: The -G option does nothing before Postfix 2.3, otherwise it
disables address rewriting of message headers.
* Line 8: The -G option says the filter output is not a local mail
submission: don't do silly things like appending the local domain name to
addresses in message headers. This option does nothing before Postfix
version 2.3.
* Line 8: The -i option says don't stop reading input when a line contains
"." only.
* Line 8: NEVER NEVER NEVER use the "-t" command-line option here. It will
mis-deliver mail, like sending mailing list mail back to the mailing list.
mis-deliver mail, like sending messages from a mailing list back to the
mailing list.
* Line 21: The idea is to first capture the message to file and then run the
content through a third-party content filter program.
* Line 22: If the mail cannot be captured to file, mail delivery is deferred
by terminating with exit status 75 (EX_TEMPFAIL). Postfix places the
message in the deferred mail queue and tries again later.
* Line 22: If the message cannot be captured to file, mail delivery is
deferred by terminating with exit status 75 (EX_TEMPFAIL). Postfix places
the message in the deferred mail queue and tries again later.
* Line 25: You will need to specify a real content filter program here that
receives the content on standard input.
* Line 26: If the content filter program finds a problem, the mail is bounced
by terminating with exit status 69 (EX_UNAVAILABLE). Postfix will return
the message to the sender as undeliverable.
by terminating with exit status 69 (EX_UNAVAILABLE). Postfix will send the
message back to the sender as undeliverable mail.
* Note: in this time of mail worms and spam, it is a BAD IDEA to send known
* NOTE: in this time of mail worms and spam, it is a BAD IDEA to send known
viruses or spam back to the sender, because that address is likely to be
forged. It is safer to discard known to be bad content and to quarantine
suspicious content so that it can be inspected by a human being.
forged. It is safer to discard known viruses and to quarantine suspicious
content so that it can be inspected by a human being.
* Line 28: If the content is OK, it is given as input to the Postfix sendmail
command, and the exit status of the filter command is whatever exit status
@@ -164,7 +170,7 @@ Notes:
I suggest that you first run this script by hand until you are satisfied with
the results. Run it with a real message (headers+body) as input:
% /path/to/script -f sender recipient... <message-file
% /path/to/script -f sender -- recipient... <message-file
Once you're satisfied with the content filtering script:
@@ -206,10 +212,10 @@ Once you're satisfied with the content filtering script:
smtp inet ...other stuff here, do not change... smtpd
-o content_filter=filter:dummy
The "content_filter" line causes Postfix to add one content filter request
record to each incoming mail message, with content "filter:dummy". This
record overrides the normal mail routing and causes mail to be given to the
content filter instead.
The "-o content_filter" line causes Postfix to add one content filter
request record to each incoming mail message, with content "filter:dummy".
This record overrides the normal mail routing and causes mail to be given
to the content filter instead.
The content_filter configuration parameter accepts the same syntax as the
right-hand side in a Postfix transport table.
@@ -249,7 +255,7 @@ To turn off "simple" content filtering:
* Edit the master.cf file, remove the "-o content_filter=filter:dummy" text
from the entry that defines the Postfix SMTP server.
* Execute "ppoossttssuuppeerr --rr AALLLL" to remove content filter information from
* Execute "ppoossttssuuppeerr --rr AALLLL" to remove content filter request records from
existing queue files.
* Execute another "ppoossttffiixx rreellooaadd".
@@ -285,9 +291,11 @@ architecture.
content filter 10025
The example given here filters all mail, including mail that arrives via SMTP
and mail that is locally submitted via the Postfix sendmail command. See
examples near the end of this document for how to exclude local users from
filtering, or how to configure a destination dependent content filter.
and mail that is locally submitted via the Postfix sendmail command (local
submissions enter Postfix via the pickup(8) server; to keep the figure simple
we omit local submission details). See examples near the end of this document
for how to exclude local users from filtering, or how to configure a
destination dependent content filter.
You can expect to lose about a factor of two in Postfix performance for mail
that arrives and leaves via SMTP, provided that the content filter creates no
@@ -348,7 +356,7 @@ the Postfix master.cf file:
* The "-o disable_mime_output_conversion=yes" is a workaround that prevents
the breaking of domainkeys and other digital signatures. This is needed
because some SMTP-based content filters don't announce 8BITMIME support,
even though they can handle it just fine.
even though they can handle 8-bit mail.
* The "-o smtp_generic_maps=" is a workaround that prevents local address
rewriting with generic(5) maps. Such rewriting should happen only when mail
@@ -373,6 +381,10 @@ filtering processes on localhost port 10025:
user handles all potentially dangerous mail content - that is why it should
be a separate account.
* By default, Postfix will terminate a command that runs longer than
command_time_limit seconds (default: 1000s). This is a safety measure that
prevents filters from running forever.
If you want to have your filter listening on port localhost:10025 instead of
Postfix, then you must run your filter as a stand-alone program, and must not
use the Postfix spawn service.
@@ -405,14 +417,14 @@ without sending `.' on the connection that injects mail back into Postfix.
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
* Note: do not use spaces around the "=" or "," characters.
* NOTE: do not use spaces around the "=" or "," characters.
* Note: the SMTP server must not have a smaller process limit than the
* NOTE: the SMTP server must not have a smaller process limit than the
"filter" master.cf entry.
* The "-o content_filter=" overrides main.cf settings, and requests no
content filtering for mail from the content filter. This is required or
else mail will stay in the content filtering loop.
else mail will loop.
* The "-o receive_override_options" overrides main.cf settings to avoid
duplicating work that was already done before the content filter. These
@@ -426,7 +438,7 @@ without sending `.' on the connection that injects mail back into Postfix.
o We specify "no_milters" to disable Milter applications (this option is
available only in Postfix 2.3 and later).
o We don't specify "no_address_mapping" here. This enables virtual alias
o We don't specify "no_address_mappings" here. This enables virtual alias
expansion, canonical mappings, address masquerading, and other address
mappings after the content filter. The main.cf setting of
"receive_override_options" disables these mappings before the content
@@ -470,7 +482,7 @@ To turn off "advanced" content filtering:
content_filter = scan:localhost:10025
receive_override_options = no_address_mappings
* Execute "ppoossttssuuppeerr --rr AALLLL" to remove content filter information from
* Execute "ppoossttssuuppeerr --rr AALLLL" to remove content filter request records from
existing queue files.
* Execute another "ppoossttffiixx rreellooaadd".

8
postfix/README_FILES/LDAP_README
View File

@@ -249,10 +249,10 @@ attribute is for a different use case). The returned data for "auser" and
auser@mailhub.example.com,buser@mailhub.example.com,auser@example.org,buser@example.org
Note: if the desired member object result attribute is always also present in
the group, you get suprising results, the expansion also returns the address of
the group. This is a known limitation of Postfix releases prior to 2.4, and is
addressed in the new with Postfix 2.4 "leaf_result_attribute" feature described
in ldap_table(5).
the group, you get surprising results, the expansion also returns the address
of the group. This is a known limitation of Postfix releases prior to 2.4, and
is addressed in the new with Postfix 2.4 "leaf_result_attribute" feature
described in ldap_table(5).
Our third use case has some groups that are expanded immediately, and other
groups that are forwarded to a dedicated mailing list manager host for delayed

111
postfix/README_FILES/MILTER_README
View File

@@ -11,9 +11,10 @@ FROM, etc.) as well as mail content. All this happens before mail is queued.
The reason for adding Milter support to Postfix is that there exists a large
collection of applications, not only to block unwanted mail, but also to verify
authenticity (examples: SenderID+SPF and Domain keys) or to digitally sign mail
(example: Domain keys). Having yet another Postfix-specific version of all that
software is a poor use of human and system resources.
authenticity (examples: Domain keys identified mail, SenderID+SPF and Domain
keys) or to digitally sign mail (examples: Domain keys identified mail, Domain
keys). Having yet another Postfix-specific version of all that software is a
poor use of human and system resources.
Postfix version 2.4 implements all the requests of Sendmail version 8 Milter
protocols up to version 4, including message body replacement (body replacement
@@ -86,11 +87,11 @@ implements the Sendmail 8 Milter protocol. Postfix currently does not provide
such a library, but Sendmail does.
On some Linux and *BSD distributions, the Sendmail libmilter library is
installed by default. With this, applications such as dk-milter and sid-milter
build out of the box without requiring any tinkering:
installed by default. With this, applications such as dkim-milter and sid-
milter build out of the box without requiring any tinkering:
$ ggzzccaatt ddkk--mmiilltteerr--xx..yy..zz..ttaarr..ggzz || ttaarr xxff --
$ ccdd ddkk--mmiilltteerr--xx..yy..zz
$ ggzzccaatt ddkkiimm--mmiilltteerr--xx..yy..zz..ttaarr..ggzz || ttaarr xxff --
$ ccdd ddkkiimm--mmiilltteerr--xx..yy..zz
$ mmaakkee
[...lots of output omitted...]
@@ -126,7 +127,7 @@ RRuunnnniinngg MMiilltteerr aapppplliiccaattiioonnss
To run a Milter application, see the documentation of the filter for options. A
typical command looks like this:
# //ssoommee//wwhheerree//ddkk--ffiilltteerr --uu uusseerriidd --pp iinneett::ppoorrttnnuummbbeerr@@llooccaallhhoosstt ......ootthheerr
# //ssoommee//wwhheerree//ddkkiimm--ffiilltteerr --uu uusseerriidd --pp iinneett::ppoorrttnnuummbbeerr@@llooccaallhhoosstt ......ootthheerr
ooppttiioonnss......
Please specify a userid value that isn't used for other applications (not
@@ -407,57 +408,27 @@ Milter applications make assumptions that aren't true in a Postfix environment.
X-SenderID: Sendmail Sender-ID Filter vx.y.z host.example.com <unknown-
msgid>
This happens because some Milter applications expect that the queue ID is
This happens because those Milter applications expect that the queue ID is
known before the MTA accepts the MAIL FROM (sender) command. Postfix, on
the other hand, does not choose a queue file name until after it accepts
the first valid RCPT TO (recipient) command. Postfix queue file names must
the first valid RCPT TO (recipient) command (Postfix queue file names must
be unique across multiple directories, so the name can't be chosen before
the file is created. If multiple messages were to use the same queue ID
simultaneously, mail would be lost.
the file is created; if multiple messages were to use the same queue ID
simultaneously, mail would be lost).
To work around the ugly message header from Milter applications, we add a
little code to the Milter source to look up the queue ID after Postfix
receives the end of the message.
Fixing the ugly header maybe as simple as upgrading to a recent version of the
Milter application. For example, current versions of dkim-filter and dk-filter
have code that looks up the Postfix queue ID at a later protocol stage.
o Edit the filter source file (typically named dk-filter/dk-filter.c or
similar).
To fix the ugly message header with sid-filter applications, we change the
source code, so that it does the queue ID lookup after Postfix receives the end
of the message.
o Look up the mlfi_eom() function and add code near the top shown as bboolldd
text below:
* Edit the filter source file (named sid-filter/sid-filter.c).
dfc = cc->cctx_msg;
assert(dfc != NULL);
* Look up the smfilter table and replace mlfi_eoh by NULL.
//** DDeetteerrmmiinnee tthhee jjoobb IIDD ffoorr llooggggiinngg.. **//
iiff ((ddffcc-->>mmccttxx__jjoobbiidd ==== 00 |||| ssttrrccmmpp((ddffcc-->>mmccttxx__jjoobbiidd,, JJOOBBIIDDUUNNKKNNOOWWNN)) ==== 00))
{{
cchhaarr **jjoobbiidd == ssmmffii__ggeettssyymmvvaall((ccttxx,, ""ii""));;
iiff ((jjoobbiidd !!== 00))
ddffcc-->>mmccttxx__jjoobbiidd == jjoobbiidd;;
}}
/* get hostname; used in the X header and in new MIME boundaries */
NOTES:
o Different mail filters use slightly different names for variables. If
the above code does not compile, look for the code at the start of the
mlfi_eoh() routine.
o This fixes only the ugly message header, but not the WARNING message.
Fortunately, dk-filter logs that message only once.
With some Milter applications we can fix both the WARNING and the "unknown-
msgid" by postponing the call of mlfi_eoh() (or whatever routine logs the
WARNING) until the end of the message.
o Edit the filter source file (typically named sid-filter/sid-filter.c or
similar).
o Look up the smfilter table and replace mlfi_eoh (or whatever routine
logs the WARNING) by NULL.
o Look up the mlfi_eom() function and add code near the top that calls
* Look up the mlfi_eom() function and add code near the top that calls
mlfi_eoh() as shown by the bboolldd text below:
assert(ctx != NULL);
@@ -467,8 +438,42 @@ Milter applications make assumptions that aren't true in a Postfix environment.
iiff ((rreett !!== SSMMFFIISS__CCOONNTTIINNUUEE))
rreettuurrnn rreett;;
This works with sid-milter-0.2.10. Other Milter applications will dump core
when you do this.
NOTES:
* This was tested with sid-milter-0.2.10 and sid-milter-0.2.14.
* This fixes only the ugly message header, but not the WARNING message.
Fortunately, sid-milter logs that message only once.
To fix the ugly message header with other Milter applications, you will need to
do something like this:
* Edit the filter source file (typically named xxx-filter/xxx-filter.c or
similar).
* Look up the mlfi_eom() function and add code near the top shown as bboolldd
text below:
dfc = cc->cctx_msg;
assert(dfc != NULL);
//** DDeetteerrmmiinnee tthhee jjoobb IIDD ffoorr llooggggiinngg.. **//
iiff ((ddffcc-->>mmccttxx__jjoobbiidd ==== 00 |||| ssttrrccmmpp((ddffcc-->>mmccttxx__jjoobbiidd,, JJOOBBIIDDUUNNKKNNOOWWNN)) ==== 00)) {{
cchhaarr **jjoobbiidd == ssmmffii__ggeettssyymmvvaall((ccttxx,, ""ii""));;
iiff ((jjoobbiidd !!== 00))
ddffcc-->>mmccttxx__jjoobbiidd == jjoobbiidd;;
}}
/* get hostname; used in the X header and in new MIME boundaries */
NOTES:
* Different mail filters use slightly different names for variables. If the
above code does not compile, look for the code at the start of the mlfi_eoh
() routine.
* This fixes only the ugly message header, but not the WARNING message.
Fortunately, many Milters log that message only once.
LLiimmiittaattiioonnss

8
postfix/README_FILES/PACKAGE_README
View File

@@ -11,10 +11,10 @@ for general use.
GGeenneerraall ddiissttrriibbuuttiioonnss:: pplleeaassee pprroovviiddee aa ssmmaallll ddeeffaauulltt mmaaiinn..ccff ffiillee
The installed main.cf file must be small. PLEASE resist the temptation to list
all 400+ parameters in the main.cf file. Postfix is supposed to be easy to
configure. Listing all 400+ in main.cf defeats the purpose. It is an invitation
for hobbyists to make random changes without understanding what they do, and
gets them into endless trouble.
all parameters in the main.cf file. Postfix is supposed to be easy to
configure. Listing all parameters in main.cf defeats the purpose. It is an
invitation for hobbyists to make random changes without understanding what they
do, and gets them into endless trouble.
GGeenneerraall ddiissttrriibbuuttiioonnss:: pplleeaassee iinncclluuddee RREEAADDMMEE oorr HHTTMMLL ffiilleess

2
postfix/README_FILES/SMTPD_POLICY_README
View File

@@ -118,7 +118,7 @@ Notes:
how the client was authenticated via TLS. These attributes are empty in
case of no certificate authentication. As of Postfix 2.2.11 these attribute
values are encoded as xtext: some characters are represented by +XX, where
XX is the two-digit hecadecimal representation of the character value.
XX is the two-digit hexadecimal representation of the character value.
* The "encryption_*" attributes (Postfix 2.3 and later) specify information
about how the connection is encrypted. With plaintext connections the

77
postfix/README_FILES/TUNING_README
View File

@@ -141,7 +141,8 @@ Postfix version 2.0 and earlier:
MMeeaassuurreess aaggaaiinnsstt cclliieennttss tthhaatt mmaakkee ttoooo mmaannyy ccoonnnneeccttiioonnss
Note: the anvil(8) service was introduced with Postfix version 2.2.
Note: these features use the Postfix anvil(8) service, introduced with Postfix
version 2.2.
The Postfix smtpd(8) server can limit the number of simultaneous connections
from the same SMTP client, as well as the number of connections that a client
@@ -149,29 +150,31 @@ is allowed to make per unit time. These statistics are maintained by the anvil
(8) server (translation: if anvil(8) breaks, then connection limits stop
working).
IMPORTANT: These limits are designed to protect the smtpd(8) server against
flagrant abuse. Do not use these limits to regulate legitimate traffic: mail
will suffer grotesque delays if you do so.
IMPORTANT: These limits must not be used to regulate legitimate traffic: mail
will suffer grotesque delays if you do so. The limits are designed to protect
the smtpd(8) server against abuse by out-of-control clients.
* An SMTP client may make up to $smtpd_client_connection_count_limit
simultaneous connections (default: 50). This is half the default process
limit.
* An SMTP client may make up to $smtpd_client_message_rate_limit message
delivery requests per unit time (default: no limit).
* An SMTP client may send up to $smtpd_client_recipient_rate_limit recipient
addresses per unit time (default: no limit).
* An SMTP client may make up to $smtpd_client_connection_rate_limit
connections per unit time (default: no limit).
* These limits are not applied to SMTP clients in the networks specified with
$smtpd_client_event_limit_exceptions (default: clients in $mynetworks may
make an unlimited number of connections).
* The anvil_rate_time_unit parameter specifies the time unit over which
client connection rates are computed (default: 60s).
smtpd_client_connection_count_limit (default: 50)
The maximum number of connections than an SMTP client may make
simultaneously.
smtpd_client_connection_rate_limit (default: no limit)
The maximum number of connections that an SMTP client may make in the
time interval specified with anvil_rate_time_unit (default: 60s).
smtpd_client_message_rate_limit (default: no limit)
The maximum number of message delivery requests that an SMTP client may
make in the time interval specified with anvil_rate_time_unit (default:
60s).
smtpd_client_recipient_rate_limit (default: no limit)
The maximum number of recipient addresses that an SMTP client may
specify in the time interval specified with anvil_rate_time_unit
(default: 60s).
smtpd_client_new_tls_session_rate_limit (default: no limit)
The maximum number of new TLS sessions (without using the TLS session
cache) that an SMTP client may negotiate in the time interval specified
with anvil_rate_time_unit (default: 60s).
smtpd_client_event_limit_exceptions (default: $mynetworks)
SMTP clients that are excluded from connection and rate limits
specified above.
GGeenneerraall mmaaiill ddeelliivveerryy ppeerrffoorrmmaannccee ttiippss
@@ -251,7 +254,7 @@ Examples of transport specific concurrency limits are:
limit delivery concurrency to the same recipient: if the recipient has an
expensive shell command in her .forward file, or if the recipient is a
mailing list manager, you don't want to run too many instances of those
processes the same time.
processes at the same time.
* The default smtp_destination_concurrency_limit of 20 seems enough to
noticeably load a system without bringing it to its knees. Be careful when
@@ -334,9 +337,9 @@ message it may blame the message itself, or it may blame the receiving party.
This process is governed by a bunch of little parameters.
queue_run_delay (default: 1000 seconds)
queue_run_delay (default: 300 seconds; before Postfix 2.4: 1000s)
How often the queue manager scans the queue for deferred mail.
minimal_backoff_time (default: 1000 seconds)
minimal_backoff_time (default: 300 seconds; before Postfix 2.4: 1000s)
The minimal amount of time a message won't be looked at, and the
minimal amount of time to stay away from a "dead" destination.
maximal_backoff_time (default: 4000 seconds)
@@ -374,8 +377,8 @@ mail delivery performance actually becomes worse. The symptoms are as follows:
When mail is being deferred frequently, fixing the problem is always better
than increasing the frequency of delivery attempts. However, if you can control
only the delivery attempt frequency, consider using a dedicated fallback_relay
"graveyard" machine for bad destinations so that they do not ruin the
performance of normal mail deliveries.
"graveyard" machine for bad destinations, so that these destinations do not
ruin the performance of normal mail deliveries.
TTuunniinngg tthhee nnuummbbeerr ooff PPoossttffiixx pprroocceesssseess
@@ -414,6 +417,16 @@ TTuunniinngg tthhee nnuummbbeerr ooff ooppeenn ffiillee
When Postfix opens too many files or sockets, processes will abort with fatal
errors, and the system may log "file table full" errors.
* Depending on your Postfix and operating system versions you may need to
recompile Postfix if you need more than 1024 file descriptors per process:
o No recompilation is needed for Postfix version 2.4 and later, when it
was compiled for systems that support BSD kqueue(2) (FreeBSD 4.1,
NetBSD 2.0, OpenBSD 2.9), Solaris 8 /dev/poll, or Linux 2.6 epoll(4).
o Otherwise, Postfix needs to be recompiled to override the default
FD_SETSIZE value.
* Reduce the number of processes as described under "Tuning the number of
Postfix processes" above. Fewer processes need fewer open files and
sockets.
@@ -423,8 +436,8 @@ errors, and the system may log "file table full" errors.
sure to verify the following information with your system tuning guide:
o Some FreeBSD kernel parameters can be specified in /boot/loader.conf,
and some can be changed with sysctl commands. Which is which depends on
the version.
and some can be specified in /etc/sysctl.conf or changed with sysctl
commands. Which is which depends on the version.
kern.ipc.maxsockets="5000"
kern.ipc.nmbclusters="65536"
@@ -432,8 +445,8 @@ errors, and the system may log "file table full" errors.
kern.maxfiles="16384"
kern.maxfilesperproc="16384"
o Linux kernel parameters can be specified in /etc/sysctl.conf and can
also be changed with sysctl commands:
o Linux kernel parameters can be specified in /etc/sysctl.conf or changed
with sysctl commands:
fs.file-max=16384
kernel.threads-max=2048

14
postfix/TODO
View File

@@ -1,23 +1,13 @@
What needs to be done before Postfix 2.4.0 is finished:
- Update MILTER_README (dkim, application patches).
- Create RELEASE_NOTES_2.4.
- Update BACKSCATTER_README with PCRE rules.
- Otherwise done up to and including FILTER_README
- Truncate wish list from HISTORY.
- Spell check and double word check the proto files.
- Parameter hyperlink check and HTML check the html outputs.
- Replace SPF policy server script by link to SPF website.
- Remove MacOS X examples. They have not been updated.
- Is "postmap -qf" still needed with regexp/pcre maps?
- Update TUNING_README smtpd_client_*_limit feature list (add TLS).
- Update TUNING_README file descriptor tuning.

46
postfix/auxiliary/MacOSX/Postfix.StartupItem/Postfix
View File

@@ -1,46 +0,0 @@
#!/bin/sh
# Gerben Wierda, Oct 2001. Adapted from an existing example. I waive every
# copyright on this and I also do not give any warranty.
# Updated Sepember 29, 2002
# To work properly, the POSTFIX variable needs to be set to -YES-
# in /etc/hostconfig
. /etc/rc.common
if [ "${POSTFIX:=-NO-}" = "-YES-" -a "${MAILSERVER:=-NO-}" = "-YES-" ]
then
ConsoleMessage "Cannot run concurrent postfix and sendmail"
sleep 2
exit
fi
##
# Start mail server
##
if [ "$1" == "start" ]
then
if [ "${POSTFIX:=-NO-}" = "-YES-" ]
then
ConsoleMessage "Starting Postfix mail services"
/usr/sbin/postfix start
fi
elif [ "$1" == "stop" ]
then
ConsoleMessage "Stopping Postfix mail services"
/usr/sbin/postfix stop
elif [ "$1" == "restart" ]
then
if [ "${POSTFIX:=-NO-}" = "-YES-" ]
then
ConsoleMessage "Reloading Postfix configuration"
/usr/sbin/postfix reload
else
ConsoleMessage "Stopping Postfix mail services"
/usr/sbin/postfix stop
fi
fi

13
postfix/auxiliary/MacOSX/Postfix.StartupItem/StartupParameters.plist
View File

@@ -1,13 +0,0 @@
{
Description = "Postfix mail server";
Provides = ("SMTP");
Requires = ("Resolver");
Uses = ("Network Time", "NFS");
Preference = "None";
Messages =
{
start = "Starting Postfix";
stop = "Stopping Postfix";
restart = "Reloading Postfix Configuration";
};
}

74
postfix/auxiliary/MacOSX/README-INSTALL.OSX
View File

@@ -1,74 +0,0 @@
# Adapted from an existing example by Gerben Wierda, Oct 2001. I waive every
# copyright on this and I also do not give any warranty.
Let's start with the important warning:
DO NOT USE THE MULTIPLE USERS APPLICATION TO CREATE THE POSTFIX USER!
NOTE: Mac OS X as of version 10.3 comes with Postfix as the standard mailer
and it is supported in Server Admin on Mac OS X 10.3 Server . The instructions
below therefore only apply for Mac OS X 10.2.8.
NOTE: As of 29 September 2002, these instructions and the scripts have changed
to make the solution more robust for Apple updates.
Run the commands below in the order that they are presented
A. INSTALLING POSTFIX for the first time and selecting it as the active
Mail Transfer Agent (MTA):
# All these commands are written to be run from this directory.
# This repairs the previous Oct 2001 setup if any
sudo ./repair-oldsetup
# Prepare for reactivating sendmail
sudo ./backup-sendmail-binaries
# this creates the necessary users & groups for proper operation
# of postfix:
sudo ./niscript
# Install postfix:
# When the script asks you for setgid (the default will be no) tell it
# maildrop
(cd ../..; sudo make install)
# Prepare for reactivating postfix
sudo ./backup-postfix-binaries
# edit /etc/postfix/main.cf to suit your requirements
### add your own commands here ###
# Activate postfix startup at boot time. Deactivates sendmail.
sudo ./activate-postfix
# Test. Read INSTALL for a series of suggested tests.
B. DEACTIVATING POSTFIX
# Deactivate postfix startup at boot time
sudo ./deactivate-postfix
C. RESTORING Sendmail as the MTA when Postfix is the active MTA
# This repairs the previous Oct 2001 setup if any
sudo ./repair-oldsetup
# Deactivate postfix startup at boot time
sudo ./deactivate-postfix
sudo ./activate-sendmail
# Restart your computer
D. RESTORING postfix as the MTA when Sendmail is the active MTA
# NOTE: The first time you activate postfix you have to follow
# the steps of A.
# This repairs the previous Oct 2001 setup if any
sudo ./repair-oldsetup
sudo ./activate-postfix

43
postfix/auxiliary/MacOSX/activate-postfix
View File

@@ -1,43 +0,0 @@
#!/bin/sh
# Written by Gerben Wierda, Oct 2001. I waive every copyright on this and
# I also do not give any warranty.
. ./defines
# Activate binaries
if [ ! -e ${POSTFIXBACKUPDIR}/sendmail ]
then
echo "Something is wrong: there is no existing postfix binary backup"
exit 1;
else
echo "Restoring postfix versions of sendmail programs from backup..."
(cd ${POSTFIXBACKUPDIR}; tar cf - sendmail) | (cd /usr/sbin; tar xf -)
(cd ${POSTFIXBACKUPDIR}; tar cf - newaliases) | (cd /usr/bin; tar xf -)
(cd ${POSTFIXBACKUPDIR}; tar cf - mailq) | (cd /usr/bin; tar xf -)
fi
if [ -e "${PSI}" ]
then
echo "Postfix StartupItem already exists."
else
if [ -e "${PSIDISABLED}" ]
then
echo "Reinstating disabled Postfix StartupItem..."
mv "${PSIDISABLED}" "${PSI}"
else
echo "Installing new default Postfix StartupItem..."
cp -R Postfix.StartupItem "${PSI}"
fi
fi
# De-activate sendmail in /etc/hostconfig
/usr/bin/perl -pi -e 's/MAILSERVER=-YES-/MAILSERVER=-NO-/g' /etc/hostconfig
# Activate postfix in /etc/hostconfig
if /usr/bin/grep '^POSTFIX=-NO-' /etc/hostconfig >/dev/null 2>&1; then
/usr/bin/perl -pi -e 's/POSTFIX=-NO-/POSTFIX=-YES-/g' /etc/hostconfig
else
echo "POSTFIX=-YES-" >>/etc/hostconfig
fi
/usr/sbin/postfix start

24
postfix/auxiliary/MacOSX/activate-sendmail
View File

@@ -1,24 +0,0 @@
#!/bin/sh
# Written by Gerben Wierda, Oct 2001. I waive every copyright on this and
# I also do not give any warranty.
. ./defines
. ./deactivate-postfix
# Activate binaries
if [ ! -e ${SENDMAILBACKUPDIR}/sendmail ]
then
echo "Something is wrong: there is no existing sendmail binary backup"
exit 1;
else
echo "Restoring sendmail versions of sendmail programs from backup..."
(cd ${SENDMAILBACKUPDIR}; tar cf - sendmail) | (cd /usr/sbin; tar xf -)
(cd ${SENDMAILBACKUPDIR}; tar cf - newaliases) | (cd /usr/bin; tar xf -)
(cd ${SENDMAILBACKUPDIR}; tar cf - mailq) | (cd /usr/bin; tar xf -)
fi
# Activate sendmail in /etc/hostconfig
/usr/bin/perl -pi -e 's/MAILSERVER=-NO-/MAILSERVER=-YES-/g' /etc/hostconfig

20
postfix/auxiliary/MacOSX/backup-postfix-binaries
View File

@@ -1,20 +0,0 @@
#! /bin/sh
# Written by Gerben Wierda, Oct 2001. I waive every copyright on this and
# I also do not give any warranty.
# We use tar, as we do not know beforehand if we are dealing with real
# files or symbolic links. Since we use tar, we cannot change filenames
# we need to create a directory to hold our backup binaries.
. ./defines
if [ ! -d ${POSTFIXBACKUPDIR} ]
then
mkdir -p ${POSTFIXBACKUPDIR}
fi
(cd /usr/sbin; tar cf - sendmail) | (cd ${POSTFIXBACKUPDIR}; tar xf -)
(cd /usr/bin; tar cf - newaliases) | (cd ${POSTFIXBACKUPDIR}; tar xf -)
(cd /usr/bin; tar cf - mailq) | (cd ${POSTFIXBACKUPDIR}; tar xf -)

20
postfix/auxiliary/MacOSX/backup-sendmail-binaries
View File

@@ -1,20 +0,0 @@
#! /bin/sh
# Written by Gerben Wierda, Oct 2001. I waive every copyright on this and
# I also do not give any warranty.
# We use tar, as we do not know beforehand if we are dealing with real
# files or symbolic links. Since we use tar, we cannot change filenames
# we need to create a directory to hold our backup binaries.
. ./defines
if [ ! -d ${SENDMAILBACKUPDIR} ]
then
mkdir -p ${SENDMAILBACKUPDIR}
fi
(cd /usr/sbin; tar cf - sendmail) | (cd ${SENDMAILBACKUPDIR}; tar xf -)
(cd /usr/bin; tar cf - newaliases) | (cd ${SENDMAILBACKUPDIR}; tar xf -)
(cd /usr/bin; tar cf - mailq) | (cd ${SENDMAILBACKUPDIR}; tar xf -)

16
postfix/auxiliary/MacOSX/deactivate-postfix
View File

@@ -1,16 +0,0 @@
#!/bin/sh
# Written by Gerben Wierda, Sep 2002. I waive every copyright on this and
# I also do not give any warranty.
. ./defines
if [ -e "${PSI}" ]
then
mv "${PSI}" "${PSIDISABLED}"
fi
# De-activate postfix in /etc/hostconfig
/usr/bin/perl -pi -e 's/POSTFIX=-YES-/POSTFIX=-NO-/g' /etc/hostconfig
/usr/sbin/postfix stop >/dev/null 2>&1

12
postfix/auxiliary/MacOSX/defines
View File

@@ -1,12 +0,0 @@
#! /bin/sh
# Written by Gerben Wierda, Oct 2001. I waive every copyright on this and
# I also do not give any warranty.
SIDIR="/Library/StartupItems"
PSI="${SIDIR}/Postfix"
PSIDISABLED="${PSI}.disabled"
POSTFIXBACKUPDIR=/usr/sbin/.postfixbackup
SENDMAILBACKUPDIR=/usr/sbin/.sendmailbackup

164
postfix/auxiliary/MacOSX/niscript
View File

@@ -1,164 +0,0 @@
#!/usr/bin/perl
# niscript.pl by Gerben Wierda <gerben_wierda@rna.nl>
# This little script is an adaptation of the original niscript sh script by
# Joe Block <jpb@creol.ucf.edu>
# instead of using fixed uid/gid and thus not robust if you run it on a
# system where groups and/or users have been added, this script checks
# if the users/groups are there and if not creates them with free id's.
# 17 Jul 2002 GW: Fixed two bugs
# 1. Typo in createuser would always have uid 88 for postfix
# 2. Add to netinfo domain . instead of / so that it also works on systems
# where the / domain is actually network-wide (not very useful to add
# a postfix user to all systems in that netinfo domain...)
print <<_WARNING
This script massages your netinfo database. This can severely break
your system. If your netinfo database breaks, you get to keep the parts.
No Warranty. Really.
This script tries to create two groups (if they do not already exist):
- postfix
- maildrop
and tries to create a user (if it does not already exist)
- postfix
which is member of group postfix.
_WARNING
;
# The script starts to look at id 88 (both for user and group) and up to 65535
# It dies if no free id is found.
my $postfixgid = undef;
my $maildropgid = undef;
my $postfixuid = undef;
# First create
my @groups = readgroups();
foreach $group (@groups) {
(my $groupname, undef, my $gid, undef) = split( ':', $group);
if ($groupname eq 'postfix') {
warn "You already have a postfix group (with gid $gid)\n";
$postfixgid = $gid;
}
if ($groupname eq 'maildrop') {
warn "You already have a maildrop group (with gid $gid)\n";
$maildropgid = $gid;
}
}
if (not defined $postfixgid) {
$postfixgid = creategroup( 'postfix');
}
if (not defined $maildropgid) {
$maildropgid = creategroup( 'maildrop');
}
my @users = readusers();
foreach $user (@users) {
(my $username, undef, my $uid, undef) = split( ':', $user);
if ($username eq 'postfix') {
warn "You already have a postfix user (with uid $uid)\n";
$postfixuid = $uid;
}
}
if (not defined $postfixuid) {
$postfixuid = createuser( 'postfix', '"Postfix User"',
'/usr/bin/false', '/etc/postfix',
$postfixgid);
addusertogroup( 'postfix', 'postfix');
}
warn "\n";
sub creategroup
{
my $name = shift;
open( NIDUMP, "nidump group .|") or die "Cannot run nidump\n";
my @groups=<NIDUMP>;
close( NIDUMP);
my $tryno;
NEXTNO: for ($tryno = 88; $tryno <= 65535; $tryno++) {
foreach my $group (@groups) {
(my $groupname, undef, my $gid, undef) =
split( ':', $group);
next NEXTNO if $gid == $tryno;
}
last NEXTNO;
}
die "Cannot find free gid\n" if $tryno == 65536;
warn "Will create $name as gid $tryno\n";
system "niutil -create . /groups/$name";
system "niutil -createprop . /groups/$name name $name";
system "niutil -createprop . /groups/$name gid $tryno";
system "niutil -createprop . /groups/$name passwd '*'";
return $tryno;
}
sub addusertogroup
{
my $user = shift;
my $group = shift;
system "niutil -appendprop . /groups/$group users $user";
}
sub readgroups
{
open( NIDUMP, "nidump group .|") or die "Cannot run nidump\n";
my @groups=<NIDUMP>;
close( NIDUMP);
return @groups;
}
sub readusers
{
my @passwd;
open( NIDUMP, "nidump passwd .|") or die "Cannot run nidump\n";
@passwd=<NIDUMP>;
close( NIDUMP);
return @passwd;
}
sub createuser
{
my $name = shift;
my $realname = shift;
my $shell = shift;
my $home = shift;
my $gid = shift;
open( NIDUMP, "nidump passwd .|") or die "Cannot run nidump\n";
my @passwds=<NIDUMP>;
close( NIDUMP);
my $tryno;
NEXTNO: for ($tryno = 88; $tryno <= 65535; $tryno++) {
foreach my $passwd (@passwds) {
(my $passwdname, undef, my $uid, undef) =
split( ':', $passwd);
next NEXTNO if $uid == $tryno;
}
last NEXTNO;
}
die "Cannot find free uid\n" if $tryno == 65536;
warn "Will create $name as uid $tryno\n";
system "niutil -create . /users/$name";
system "niutil -createprop . /users/$name realname $realname";
system "niutil -createprop . /users/$name shell $shell";
system "niutil -createprop . /users/$name uid $tryno";
system "niutil -createprop . /users/$name gid $gid";
system "niutil -createprop . /users/$name home $home";
system "niutil -createprop . /users/$name _shadow_passwd";
system "niutil -createprop . /users/$name passwd '*'";
return $tryno;
}

8
postfix/auxiliary/MacOSX/repair-oldsetup
View File

@@ -1,8 +0,0 @@
#!/bin/sh
if [ -d /System/Library/DisabledStartupItems/Sendmail ]
then
mv /System/Library/DisabledStartupItems/Sendmail /System/Library/StartupItems
rmdir /System/Library/DisabledStartupItems/Sendmail
rm -rf /System/Library/StartupItems/Postfix
fi

17
postfix/conf/access
View File

@@ -11,11 +11,12 @@
# postmap -q - /etc/postfix/access <inputfile
#
# DESCRIPTION
# The Postfix SMTP server supports access control on remote
# SMTP client information: host names, network addresses,
# and envelope sender or recipient addresses. See
# header_checks(5) or body_checks(5) for access control on
# the content of email messages.
# This document describes access control on remote SMTP
# client information: host names, network addresses, and
# envelope sender or recipient addresses; it is implemented
# by the Postfix SMTP server. See header_checks(5) or
# body_checks(5) for access control on the content of email
# messages.
#
# Normally, the access(5) table is specified as a text file
# that serves as input to the postmap(1) command. The
@@ -246,9 +247,9 @@
# about external content filters is in the Postfix
# FILTER_README file.
#
# Note: this action overrides the main.cf con-
# tent_filter setting, and currently affects all
# recipients of the message.
# Note: this action overrides the content_filter set-
# ting, and currently affects all recipients of the
# message.
#
# This feature is available in Postfix 2.0 and later.
#

55
postfix/conf/header_checks
View File

@@ -1,7 +1,7 @@
# HEADER_CHECKS(5) HEADER_CHECKS(5)
#
# NAME
# header_checks - Postfix built-in header/body inspection
# header_checks - Postfix built-in content inspection
#
# SYNOPSIS
# header_checks = pcre:/etc/postfix/header_checks
@@ -13,8 +13,9 @@
# postmap -fq - pcre:/etc/postfix/filename <inputfile
#
# DESCRIPTION
# The Postfix cleanup(8) server supports access control on
# the content of message headers and message body lines.
# This document describes access control on the content of
# message headers and message body lines; it is implemented
# by the Postfix cleanup(8) server before mail is queued.
# See access(5) for access control on remote SMTP client
# information.
#
@@ -92,8 +93,8 @@
# if /pattern/flags
#
# endif Match the input string against the patterns between
# if and endif, if and only if the input string also
# matches pattern. The if..endif can nest.
# if and endif, if and only if the same input string
# also matches pattern. The if..endif can nest.
#
# Note: do not prepend whitespace to patterns inside
# if..endif.
@@ -101,8 +102,8 @@
# if !/pattern/flags
#
# endif Match the input string against the patterns between
# if and endif, if and only if the input string does
# not match pattern. The if..endif can nest.
# if and endif, if and only if the same input string
# does not match pattern. The if..endif can nest.
#
# blank lines and comments
# Empty lines and whitespace-only lines are ignored,
@@ -161,17 +162,17 @@
# This feature is available in Postfix 2.1 and later.
#
# FILTER transport:destination
# Write a content filter request to the queue file
# Write a content filter request to the queue file,
# and inspect the next input line. After the com-
# plete message is received it will be sent through
# the specified external content filter. More infor-
# mation about external content filters is in the
# Postfix FILTER_README file.
#
# Note: this action overrides the main.cf con-
# tent_filter setting, and affects all recipients of
# the message. In the case that multiple FILTER
# actions fire, only the last one is executed.
# Note: this action overrides the content_filter set-
# ting, and affects all recipients of the message. In
# the case that multiple FILTER actions fire, only
# the last one is executed.
#
# This feature is available in Postfix 2.0 and later.
#
@@ -197,11 +198,11 @@
#
# This feature is available in Postfix 2.0 and later.
#
# IGNORE Delete the current line from the input and inspect
# IGNORE Delete the current line from the input, and inspect
# the next input line.
#
# PREPEND text...
# Prepend one line with the specified text and
# Prepend one line with the specified text, and
# inspect the next input line.
#
# Notes:
@@ -227,7 +228,7 @@
#
# REDIRECT user@domain
# Write a message redirection request to the queue
# file and inspect the next input line. After the
# file, and inspect the next input line. After the
# message is queued, it will be sent to the specified
# address instead of the intended recipient(s).
#
@@ -239,7 +240,7 @@
# This feature is available in Postfix 2.1 and later.
#
# REPLACE text...
# Replace the current line with the specified text
# Replace the current line with the specified text,
# and inspect the next input line.
#
# This feature is available in Postfix 2.2 and later.
@@ -275,19 +276,25 @@
#
# WARN optional text...
# Log a warning with the optional text... (or log a
# generic message) and inspect the next input line.
# generic message), and inspect the next input line.
# This action is useful for debugging and for testing
# a pattern before applying more drastic actions.
#
# BUGS
# Many people overlook the main limitations of header and
# body_checks rules. These rules operate on one logical
# message header or one body line at a time, and a decision
# made for one line is not carried over to the next line.
# If text in the message body is encoded (RFC 2045) then the
# rules have to specified for the encoded form. Likewise,
# when message headers are encoded (RFC 2047) then the rules
# need to be specified for the encoded form.
# body_checks rules.
#
# o These rules operate on one logical message header
# or one body line at a time. A decision made for one
# line is not carried over to the next line.
#
# o If text in the message body is encoded (RFC 2045)
# then the rules have to specified for the encoded
# form.
#
# o Likewise, when message headers are encoded (RFC
# 2047) then the rules need to be specified for the
# encoded form.
#
# Message headers added by the cleanup(8) daemon itself are
# excluded from inspection. Examples of such message headers

4
postfix/conf/postfix-files
View File

@@ -280,7 +280,7 @@ $html_directory/BUILTIN_FILTER_README.html:f:root:-:644
$html_directory/CDB_README.html:f:root:-:644
$html_directory/CONNECTION_CACHE_README.html:f:root:-:644
$html_directory/CONTENT_INSPECTION_README.html:f:root:-:644
$html_directory/CYRUS_README.html:f:root:-:644
$html_directory/CYRUS_README.html:f:root:-:644:o
$html_directory/DATABASE_README.html:f:root:-:644
$html_directory/DB_README.html:f:root:-:644
$html_directory/DEBUG_README.html:f:root:-:644
@@ -312,7 +312,7 @@ $html_directory/STANDARD_CONFIGURATION_README.html:f:root:-:644
$html_directory/TLS_LEGACY_README.html:f:root:-:644
$html_directory/TLS_README.html:f:root:-:644
$html_directory/TUNING_README.html:f:root:-:644
$html_directory/ULTRIX_README.html:f:root:-:644
$html_directory/ULTRIX_README.html:f:root:-:644:o
$html_directory/UUCP_README.html:f:root:-:644
$html_directory/VERP_README.html:f:root:-:644
$html_directory/VIRTUAL_README.html:f:root:-:644

6
postfix/examples/smtpd-policy/README.SPF Normal file
View File

@@ -0,0 +1,6 @@
See http://www.openspf.org/Software for the current version of the
SPF policy daemon for Postfix.
SPF support is also available via MILTER plugins, such as sid-milter
at http://sourceforge.net/projects/sid-milter/ which implements both
SenderID and SPF.

238
postfix/examples/smtpd-policy/postfix-policyd-spf.pl
View File

@@ -1,238 +0,0 @@
#!/usr/bin/perl
# postfix-policyd-spf
# http://www.openspf.org
# version 1.07
# $Id$
use Fcntl;
use Sys::Syslog qw(:DEFAULT setlogsock);
use strict;
# ----------------------------------------------------------
# configuration
# ----------------------------------------------------------
# to use SPF, install Mail::SPF::Query from CPAN or from the SPF website at http://www.openspf.org/downloads.html
my @HANDLERS;
push @HANDLERS, "testing";
push @HANDLERS, "sender_permitted_from"; use Mail::SPF::Query;
my $VERBOSE = 0;
my $DEFAULT_RESPONSE = "DUNNO";
#
# Syslogging options for verbose mode and for fatal errors.
# NOTE: comment out the $syslog_socktype line if syslogging does not
# work on your system.
#
my $syslog_socktype = 'unix'; # inet, unix, stream, console
my $syslog_facility = "mail";
my $syslog_options = "pid";
my $syslog_priority = "info";
my $syslog_ident = "postfix/policy-spf";
# ----------------------------------------------------------
# minimal documentation
# ----------------------------------------------------------
#
# Usage: smtpd-policy.pl [-v]
#
# Demo delegated Postfix SMTPD policy server.
# This server implements SPF.
# Another server implements greylisting.
# Postfix has a pluggable policy server architecture.
# You can call one or both from Postfix.
#
# The SPF handler uses Mail::SPF::Query to do the heavy lifting.
#
# This documentation assumes you have read Postfix's README_FILES/SMTPD_POLICY_README
#
# Logging is sent to syslogd.
#
# How it works: each time a Postfix SMTP server process is started
# it connects to the policy service socket, and Postfix runs one
# instance of this PERL script. By default, a Postfix SMTP server
# process terminates after 100 seconds of idle time, or after serving
# 100 clients. Thus, the cost of starting this PERL script is smoothed
# out over time.
#
# To run this from /etc/postfix/master.cf:
#
# policy unix - n n - - spawn
# user=nobody argv=/usr/bin/perl /usr/libexec/postfix/smtpd-policy.pl
#
# To use this from Postfix SMTPD, use in /etc/postfix/main.cf:
#
# smtpd_recipient_restrictions =
# ...
# reject_unauth_destination
# check_policy_service unix:private/policy
# ...
#
# NOTE: specify check_policy_service AFTER reject_unauth_destination
# or else your system can become an open relay.
#
# To test this script by hand, execute:
#
# % perl smtpd-policy.pl
#
# Each query is a bunch of attributes. Order does not matter, and
# the demo script uses only a few of all the attributes shown below:
#
# request=smtpd_access_policy
# protocol_state=RCPT
# protocol_name=SMTP
# helo_name=some.domain.tld
# queue_id=8045F2AB23
# sender=foo@bar.tld
# recipient=bar@foo.tld
# client_address=1.2.3.4
# client_name=another.domain.tld
# [empty line]
#
# The policy server script will answer in the same style, with an
# attribute list followed by a empty line:
#
# action=dunno
# [empty line]
#
# Jul 23 18:43:29 dumbo/dumbo policyd[21171]: Attribute: client_address=208.210.125.227
# Jul 23 18:43:29 dumbo/dumbo policyd[21171]: Attribute: client_name=newbabe.mengwong.com
# Jul 23 18:43:29 dumbo/dumbo policyd[21171]: Attribute: helo_name=newbabe.mengwong.com
# Jul 23 18:43:29 dumbo/dumbo policyd[21171]: Attribute: protocol_name=ESMTP
# Jul 23 18:43:29 dumbo/dumbo policyd[21171]: Attribute: protocol_state=RCPT
# Jul 23 18:43:29 dumbo/dumbo policyd[21171]: Attribute: queue_id=
# Jul 23 18:43:29 dumbo/dumbo policyd[21171]: Attribute: recipient=mengwong@dumbo.pobox.com
# Jul 23 18:43:29 dumbo/dumbo policyd[21171]: Attribute: request=smtpd_access_policy
# Jul 23 18:43:29 dumbo/dumbo policyd[21171]: Attribute: sender=mengwong@newbabe.mengwong.com
# ----------------------------------------------------------
# initialization
# ----------------------------------------------------------
#
# Log an error and abort.
#
sub fatal_exit {
syslog(err => "fatal_exit: @_");
syslog(warning => "fatal_exit: @_");
syslog(info => "fatal_exit: @_");
die "fatal: @_";
}
#
# Unbuffer standard output.
#
select((select(STDOUT), $| = 1)[0]);
#
# This process runs as a daemon, so it can't log to a terminal. Use
# syslog so that people can actually see our messages.
#
setlogsock $syslog_socktype;
openlog $syslog_ident, $syslog_options, $syslog_facility;
# ----------------------------------------------------------
# main
# ----------------------------------------------------------
#
# Receive a bunch of attributes, evaluate the policy, send the result.
#
my %attr;
while (<STDIN>) {
chomp;
if (/=/) { my ($k, $v) = split (/=/, $_, 2); $attr{$k} = $v; next }
elsif (length) { syslog(warning => sprintf("warning: ignoring garbage: %.100s", $_)); next; }
if ($VERBOSE) {
for (sort keys %attr) {
syslog(debug => "Attribute: %s=%s", $_, $attr{$_});
}
}
fatal_exit ("unrecognized request type: '$attr{request}'") unless $attr{request} eq "smtpd_access_policy";
my $action = $DEFAULT_RESPONSE;
my %responses;
foreach my $handler (@HANDLERS) {
no strict 'refs';
my $response = $handler->(attr=>\%attr);
syslog(debug => "handler %s: %s", $handler, $response);
if ($response and $response !~ /^dunno/i) {
syslog(info => "handler %s: %s is decisive.", $handler, $response);
$action = $response; last;
}
}
syslog(info => "decided action=%s", $action);
print STDOUT "action=$action\n\n";
%attr = ();
}
# ----------------------------------------------------------
# plugin: SPF
# ----------------------------------------------------------
sub sender_permitted_from {
local %_ = @_;
my %attr = %{ $_{attr} };
my $query = eval { new Mail::SPF::Query (ip =>$attr{client_address},
sender=>$attr{sender},
helo =>$attr{helo_name}) };
if ($@) {
syslog(info => "%s: Mail::SPF::Query->new(%s, %s, %s) failed: %s",
$attr{queue_id}, $attr{client_address}, $attr{sender}, $attr{helo_name}, $@);
return "DUNNO";
}
my ($result, $smtp_comment, $header_comment) = $query->result();
syslog(info => "%s: SPF %s: smtp_comment=%s, header_comment=%s",
$attr{queue_id}, $result, $smtp_comment, $header_comment);
if ($result eq "fail") { return "REJECT $smtp_comment"; }
elsif ($result eq "error") { return "DEFER_IF_PERMIT $smtp_comment"; }
else { return "PREPEND Received-SPF: $result ($header_comment)"; }
}
# ----------------------------------------------------------
# plugin: testing
# ----------------------------------------------------------
sub testing {
local %_ = @_;
my %attr = %{ $_{attr} };
if (lc address_stripped($attr{sender}) eq
lc address_stripped($attr{recipient})
and
$attr{recipient} =~ /policyblock/) {
syslog(info => "%s: testing: will block as requested", $attr{queue_id});
return "REJECT smtpd-policy blocking $attr{recipient}";
}
else {
syslog(info => "%s: testing: stripped sender=%s, stripped rcpt=%s",
$attr{queue_id},
address_stripped($attr{sender}),
address_stripped($attr{recipient}),
);
}
return "DUNNO";
}
sub address_stripped {
# my $foo = localpart_lhs('foo+bar@baz.com'); # returns 'foo@baz.com'
my $string = shift;
for ($string) {
s/[+-].*\@/\@/;
}
return $string;
}

9
postfix/html/ADDRESS_CLASS_README.html
View File

@@ -53,8 +53,9 @@ address classes are very important for the operation of Postfix. </p>
<li> <p> The list of domains that are a member of the class: for
example, all <a href="ADDRESS_CLASS_README.html#local_domain_class">local domains</a>, or all <a href="ADDRESS_CLASS_README.html#relay_domain_class">relay domains</a>. </p>
<li> <p> The default delivery method. For example, the local or
smtp delivery agent. This helps to keep Postfix configurations
<li> <p> The default delivery transport. For example, the local or
relay delivery transport (delivery transports are defined in
<a href="master.5.html">master.cf</a>). This helps to keep Postfix configurations
simple. </p>
<li> <p> The list of valid recipient addresses for that address
@@ -95,7 +96,7 @@ empty, then the Postfix SMTP server accepts any address in the
<a href="ADDRESS_CLASS_README.html#local_domain_class">local domain</a> class. </p>
<li> <p> The mail delivery transport is specified with the
<a href="postconf.5.html#local_transport">local_transport</a> parameter. The default value is <b>local:$<a href="postconf.5.html#myhostname">myhostname</a></b>
<a href="postconf.5.html#local_transport">local_transport</a> parameter. The default value is <b><a href="local.8.html">local</a>:$<a href="postconf.5.html#myhostname">myhostname</a></b>
for delivery with the <a href="local.8.html">local(8)</a> delivery agent. </p>
</ul>
@@ -265,7 +266,7 @@ default. The Postfix SMTP server uses this to reject mail for
unknown local recipients. See the <a href="LOCAL_RECIPIENT_README.html">LOCAL_RECIPIENT_README</a> file hints
and tips. </p>
<li> <p> Introduction of the relay delivery transport in master.cf.
<li> <p> Introduction of the relay delivery transport in <a href="master.5.html">master.cf</a>.
This helps to avoid mail delivery scheduling problems on inbound
mail relays when there is a lot of outbound mail, but may require
that you update your "<a href="postconf.5.html#defer_transports">defer_transports</a>" setting. </p>

5
postfix/html/ADDRESS_VERIFICATION_README.html
View File

@@ -229,7 +229,10 @@ MAILER-DAEMON messages. </p>
<p> Recipient address verification is relatively straightforward
and there are no surprises. If a recipient probe fails, then Postfix
rejects mail for the recipient address. If a recipient probe
succeeds, then Postfix accepts mail for the recipient address. </p>
succeeds, then Postfix accepts mail for the recipient address.
However, recipient address verification probes can increase the
load on down-stream MTAs when you're being flooded by backscatter
bounces, or when some spammer is mounting a dictionary attack. </p>
<p> By default, address verification results are not saved. To avoid
probing the same address repeatedly, you can store the result in a

34
postfix/html/CONNECTION_CACHE_README.html
View File

@@ -92,24 +92,34 @@ by the mail delivering process that creates the connection. To get
the same performance improvement as with a shared connection cache,
non-shared connections need to be kept open for a longer time. </p>
<p> The <a href="scache.8.html">scache(8)</a> server, introduced with Postfix version 2.2,
maintains the shared connection cache. With Postfix version 2.2,
only the <a href="smtp.8.html">smtp(8)</a> client has support to access this cache. </p>
<blockquote>
<table>
<tr> <td> Internet &lt;-- </td> <td align="center" bgcolor="#f0f0ff">
<br> <a href="smtp.8.html">smtp(8)</a> <br> &nbsp; </td> <td> <tt> &lt;-&gt; </tt> </td> <td
align="center" bgcolor="#f0f0ff"> <br> <a href="scache.8.html">scache(8)</a> <br> &nbsp; </td>
<td> <tt> &lt;-&gt; </tt> </td> <td align="center" bgcolor="#f0f0ff">
<br> <a href="smtp.8.html">smtp(8)</a> <br> &nbsp; </td> <td> --&gt; Internet </td>
<tr> <td align="center" colspan="3" bgcolor="#f0f0ff"> <br> <a href="smtp.8.html">smtp(8)</a>
<br> &nbsp; </td> <td colspan="2"> --&gt; Internet </td> </tr>
<tr> <td align="center" rowspan="3"> &nbsp; </td> <td align="center"
rowspan="3"><tt>|<br>|<br>|<br>|<br>|<br>|<br>v</tt></td>
<td> &nbsp; </td> </tr>
<tr> <td align="center"
colspan="2" bgcolor="#f0f0ff"> <br> <a href="smtp.8.html">smtp(8)</a> <br> &nbsp; </td> <td
align="left"> --&gt; Internet </td> </tr>
<tr> <td align="center"><tt>^<br>|</tt></td> <td> &nbsp; </td> </tr>
<tr> <td align="center" colspan="3" bgcolor="#f0f0ff"> <br> <a href="scache.8.html">scache(8)</a>
<br> &nbsp; </td> </tr>
</table>
</blockquote>
<p> The <a href="scache.8.html">scache(8)</a> server, introduced with Postfix version 2.2,
maintains the shared connection cache. With Postfix version 2.2,
only the <a href="smtp.8.html">smtp(8)</a> client has support to access this cache. </p>
<p> When SMTP connection caching is enabled (see next section), the
<a href="smtp.8.html">smtp(8)</a> client does not disconnect after a mail transaction, but
gives the connection to the <a href="scache.8.html">scache(8)</a> server which keeps the
@@ -144,7 +154,7 @@ destination has a high volume of mail in the <a href="QSHAPE_README.html#active_
<blockquote>
<pre>
/etc/postfix/main.cf:
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a> = yes
</pre>
@@ -167,7 +177,7 @@ right-hand side of an email address, without the [] around a numeric
IP address), </p>
<li> <p> if mail is sent via a <a href="postconf.5.html#relayhost">relay host</a>: a <a href="postconf.5.html#relayhost">relay host</a> name (without
the [] or non-default TCP port), as specified in main.cf or in the
the [] or non-default TCP port), as specified in <a href="postconf.5.html">main.cf</a> or in the
transport map, </p>
<li> <p> a /file/name with domain names and/or <a href="postconf.5.html#relayhost">relay host</a> names as
@@ -184,7 +194,7 @@ lookups is ignored. </p>
<blockquote>
<pre>
/etc/postfix/main.cf:
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> = $<a href="postconf.5.html#relayhost">relayhost</a>
<a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> = hotmail.com, ...
<a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> = static:all (<i>not recommended</i>)

24
postfix/html/CYRUS_README.html
View File

@@ -1,24 +0,0 @@
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Postfix Cyrus Howto</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
</head>
<body>
<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix Cyrus Howto</h1>
<hr>
<p> This document will be made available via <a href="http://www.postfix.org/">http://www.postfix.org/</a>. </p>
</body>
</html>

8
postfix/html/DATABASE_README.html
View File

@@ -80,7 +80,8 @@ below.
<li> You can use Berkeley DB files with fixed lookup strings for
simple address rewriting operations and you can use regular expression
tables for the more complicated work.
tables for the more complicated work. In other words, you don't
have to put everything into the same table.
</ul>
@@ -189,8 +190,9 @@ because something else happens. This is because commands such as
<a href="postmap.1.html">postmap(1)</a> or <a href="postalias.1.html">postalias(1)</a> overwrite existing files. If the update
fails in the middle then you have no usable database, and Postfix
will stop working. This is not an issue with the CDB database type
available with Postfix 2.2 and later, because <a href="CDB_README.html">CDB</a>
database rebuilds are atomic. </p>
available with Postfix 2.2 and later: <a href="CDB_README.html">CDB</a>
creates a new file, and renames the file upon successful completion.
</p>
<p> With multi-file databases such as DBM, there is no simple
solution. With Berkeley DB and other "one file" databases, it is

15
postfix/html/DB_README.html
View File

@@ -49,15 +49,17 @@ versions. </p>
<h2><a name="no_db">Building Postfix on systems without Berkeley
DB</a></h2>
<p> Many commercial UNIXes ship without Berkeley DB support. Examples
are Solaris, HP-UX, IRIX, UNIXWARE. In order to build Postfix with
<p> Some UNIXes ship without Berkeley DB support; for historical
reasons these use DBM files instead. A problem with DBM files is
that they can store only limited amounts of data. To build Postfix
with
Berkeley DB support you need to download and install the source
code from <a href="http://www.sleepycat.com/">http://www.sleepycat.com/</a> </p>
code from <a href="http://www.oracle.com/database/berkeley-db/">http://www.oracle.com/database/berkeley-db/</a>. </p>
<p> Warning: some Linux system libraries use Berkeley DB, as do
some third-party libraries such as SASL. If you compile Postfix
with a different Berkeley DB implementation, then every Postfix
program will dump core because either the system library, SASL
program will dump core because either the system library, the SASL
library, or Postfix itself ends up using the wrong version. </p>
<p>The more recent Berkeley DB versions have a compile-time switch,
@@ -67,7 +69,7 @@ Although wasteful, this may be the only way to keep things from
falling apart. </p>
<p> To build Postfix after you installed the Berkeley DB from
<a href="http://www.sleepycat.com/">http://www.sleepycat.com/</a>, use something like: </p>
source code, use something like: </p>
<blockquote>
<pre>
@@ -214,7 +216,8 @@ undefined reference to `pthread_mutex_trylock'
</pre>
</blockquote>
<p> More information is available at <a href="http://www.sleepycat.com/">http://www.sleepycat.com/</a>. </p>
<p> More information is available at
<a href="http://www.oracle.com/database/berkeley-db/">http://www.oracle.com/database/berkeley-db/</a>. </p>
</body>

38
postfix/html/DEBUG_README.html
View File

@@ -100,8 +100,9 @@ is fixed. </p>
permissions, incorrect configuration file settings that you can
fix. Postfix cannot proceed until this is fixed. </p>
<li> <p> "<b>error</b>" reports a fatal or non-fatal error condition.
Postfix cannot proceed until this is fixed. </p>
<li> <p> "<b>error</b>" reports an error condition. For safety
reasons, a Postfix process will terminate when more than 13 of these
happen. </p>
<li> <p> "<b>warning</b>" indicates a non-fatal error. These are
problems that you may not be able to fix (such as a broken DNS
@@ -145,7 +146,7 @@ Mail Delivery Status Report will be mailed to &lt;your login name&gt;.
</ul>
<p> These reports contain information that is generated by Postfix
delivery agents. Since these run as daemon processes and do not
delivery agents. Since these run as daemon processes that cannot
interact with users directly, the result is sent as mail to the
sender of the test message. The format of these reports is practically
identical to that of ordinary non-delivery notifications. </p>
@@ -209,18 +210,21 @@ command "<b>postfix reload</b>". </p>
<h2><a name="sniffer">Record the SMTP session with a network sniffer</a></h2>
<p> This example uses <b>tcpdump</b>. In order to record a conversation
you need to specify a large enough buffer with the "-s" option or
else you will miss some or all of the packet payload. </p>
you need to specify a large enough buffer with the "<b>-s</b>"
option or else you will miss some or all of the packet payload.
</p>
<blockquote>
<pre>
# <b>tcpdump -w /file/name -s 2000 host example.com and port 25</b>
# <b>tcpdump -w /file/name -s 0 host example.com and port 25</b>
</pre>
</blockquote>
<p> Older tcpdump versions don't support "<b>-s 0</b>"; in that case,
use "<b>-s 2000</b>" instead. </p>
<p> Run this for a while, stop with Ctrl-C when done. To view the
data use a binary viewer, or <b>ethereal</b>, or use my <b>tcpdumpx</b>
utility that is available from <a href="ftp://ftp.porcupine.org/pub/debugging/">ftp://ftp.porcupine.org/pub/debugging/</a>.
data use a binary viewer, <b>ethereal</b>, or good old <b>less</b>.
</p>
<h2><a name="verbose">Making Postfix daemon programs more verbose</a></h2>
@@ -228,7 +232,7 @@ utility that is available from <a href="ftp://ftp.porcupine.org/pub/debugging/">
<p> Append one or more "<b>-v</b>" options to selected daemon
definitions in /etc/postfix/<a href="master.5.html">master.cf</a> and type "<b>postfix reload</b>".
This will cause a lot of activity to be logged to the syslog daemon.
Example: </p>
For example, to make the Postfix SMTP server process more verbose: </p>
<blockquote>
<pre>
@@ -237,10 +241,9 @@ Example: </p>
</pre>
</blockquote>
<p> This makes the Postfix SMTP server more verbose. To diagnose
problems with address rewriting one would specify a "<b>-v</b>"
<p> To diagnose problems with address rewriting specify a "<b>-v</b>"
option for the <a href="cleanup.8.html">cleanup(8)</a> and/or <a href="trivial-rewrite.8.html">trivial-rewrite(8)</a> daemon, and to
diagnose problems with mail delivery one would specify a "<b>-v</b>"
diagnose problems with mail delivery specify a "<b>-v</b>"
option for the <a href="qmgr.8.html">qmgr(8)</a> or <a href="qmgr.8.html">oqmgr(8)</a> queue manager, or for the <a href="lmtp.8.html">lmtp(8)</a>,
<a href="local.8.html">local(8)</a>, <a href="pipe.8.html">pipe(8)</a>, <a href="smtp.8.html">smtp(8)</a>, or <a href="virtual.8.html">virtual(8)</a> delivery agent. </p>
@@ -538,18 +541,21 @@ attachments, instead of reciting information from memory.
<li> <p> Postfix logging. See the text at the top of the <a href="DEBUG_README.html">DEBUG_README</a>
document to find out where logging is stored. Please do not frustrate
the helpers by word wrapping the logging. </p>
the helpers by word wrapping the logging. If the logging is more
than a few kbytes of text, consider posting an URL on a web or ftp
site. </p>
<li> <p> Consider using a test email address so that you don't have
to reveal email addresses or passwords of innocent people. </p>
<li> <p> If you can't use a test email address, please anonymize
information consistently. Replace each letter by "A", each digit
email addresses and host names consistently. Replace each letter
by "A", each digit
by "D" so that the helpers can still recognize syntactical errors.
</p>
<li> <p> Output from "<b>postconf -n</b>". Please do not send your
<a href="postconf.5.html">main.cf</a> file or 400+ lines of <b>postconf</b> output. </p>
<a href="postconf.5.html">main.cf</a> file, or 500+ lines of <b>postconf</b> output. </p>
<li> <p> Better, provide output from the <b>postfinger</b> tool.
This can be found at <a href="http://ftp.wl0.org/SOURCES/postfinger">http://ftp.wl0.org/SOURCES/postfinger</a>. </p>
@@ -562,7 +568,7 @@ output from the <b>saslfinger</b> tool. This can be found at
including output from the <b>qshape</b> tool, as described in the
<a href="QSHAPE_README.html">QSHAPE_README</a> file. </p>
<li> <p> If the problem is protocol related (connections time out
<li> <p> If the problem is protocol related (connections time out,
or an SMTP server complains about syntax errors etc.) consider
recording a session with <b>tcpdump</b>, as described in the <a
href="#sniffer">DEBUG_README</a> document. </ul>

2
postfix/html/DSN_README.html
View File

@@ -44,7 +44,7 @@ identifies the message <i>content</i>. </p>
</ul>
<p> The implementation of DSN support involves extra parameters to
the SMTP MAIL FROM and RCPT TO commands, as well as new Postfix
the SMTP MAIL FROM and RCPT TO commands, as well as two Postfix
sendmail command line options that provide a sub-set of the functions
of the extra SMTP command parameters. </p>

49
postfix/html/ETRN_README.html
View File

@@ -27,11 +27,6 @@ searches the queue for mail to the customer, and delivers that mail
not delivered via the connection that was used for sending ETRN.
</p>
<p> Postfix versions before 1.0 (also known as version 20010228)
implemented the ETRN command in an inefficient manner: they simply
attempted to deliver all queued mail. This is slow on mail servers
that queue mail for many customers. </p>
<p> As of version 1.0, Postfix has a fast ETRN implementation that
does not require Postfix to examine every queue file. Instead,
Postfix maintains a record of what queue files contain mail for
@@ -74,11 +69,11 @@ font. </p>
<blockquote>
<pre>
220 my.server.tld ESMTP Postfix
<b>helo my.client.tld</b>
<b>HELO my.client.tld</b>
250 Ok
<b>etrn some.customer.domain</b>
<b>ETRN some.customer.domain</b>
250 Queuing started
<b>quit</b>
<b>QUIT</b>
221 Bye
</pre>
</blockquote>
@@ -90,6 +85,8 @@ the connection that was used to send the ETRN command. </p>
<p> The Postfix operator can request delivery for a specific customer
by using the command "sendmail -qR<i>destination</i>" and, with
Postfix version 1.1 and later, "postqueue -s<i>destination</i>".
Access to this feature is controlled with the <a href="postconf.5.html#authorized_flush_users">authorized_flush_users</a>
configuration parameter (Postfix version 2.2 and later).
</p>
<h2><a name="how">How Postfix fast ETRN works</a></h2>
@@ -149,12 +146,13 @@ want to turn on fast ETRN service for every possible destination.
with queue file names. When a request to "deliver mail now" arrives,
Postfix will attempt to deliver all recipients in the queue files
that have mail for the destination in question. This does not
perform well when queue files have recipients in many different
domains. </p>
perform well with queue files that have recipients in many different
domains, such as queue files with outbound mailing list traffic.
</p>
<li> <p> The <a href="flush.8.html">flush(8)</a> daemon maintains per-destination logfiles
only for destinations listed with $<a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a>. With other
destinations it not possible to trigger delivery with "sendmail
destinations you cannot request delivery with "sendmail
-qR<i>destination</i>" or, with Postfix version 1.1 and later,
"postqueue -s<i>destination</i>". </p>
@@ -166,19 +164,24 @@ does not ignore the volatile in-memory list of dead domains, and
the list of message delivery transports specified with the
<a href="postconf.5.html#defer_transports">defer_transports</a> configuration parameter. </p>
<li> <p> Up to and including Postfix version 2.3, the "fast flush"
service may not deliver some messages if the request to "deliver
mail now" arrives while an <a href="QSHAPE_README.html#incoming_queue">incoming queue</a> scan is already in progress.
</p>
</ul>
<h2><a name="config">Configuring the Postfix fast ETRN service</a></h2>
<p> The behavior of the <a href="flush.8.html">flush(8)</a> daemon is controlled by parameters
in the main.cf configuration file. </p>
in the <a href="postconf.5.html">main.cf</a> configuration file. </p>
<p> By default, Postfix "fast ETRN" service is available only for
destinations that Postfix is willing to relay mail to: </p>
<blockquote>
<pre>
/etc/postfix/main.cf:
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a> = $<a href="postconf.5.html#relay_domains">relay_domains</a>
<a href="postconf.5.html#smtpd_etrn_restrictions">smtpd_etrn_restrictions</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, reject
</pre>
@@ -203,7 +206,7 @@ may execute the ETRN command. By default, any client has permission.
<blockquote>
<pre>
/etc/postfix/main.cf:
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a> = $<a href="postconf.5.html#relay_domains">relay_domains</a>, some.other.domain
</pre>
</blockquote>
@@ -213,7 +216,7 @@ and so that it maintains no per-destination logfiles, specify: </p>
<blockquote>
<pre>
/etc/postfix/main.cf:
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a> =
</pre>
</blockquote>
@@ -240,7 +243,7 @@ for this delivery transport is deferred as soon as it arrives.
<blockquote>
<pre>
1 /etc/postfix/master.cf:
1 /etc/postfix/<a href="master.5.html">master.cf</a>:
2 # =============================================================
3 # service type private unpriv chroot wakeup maxproc command
4 # (yes) (yes) (yes) (never) (100)
@@ -249,7 +252,7 @@ for this delivery transport is deferred as soon as it arrives.
7 relay unix - - n - - smtp
8 etrn-only unix - - n - - smtp
9
10 /etc/postfix/main.cf:
10 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
11 <a href="postconf.5.html#relay_domains">relay_domains</a> = customer.tld ...other domains...
12 <a href="postconf.5.html#defer_transports">defer_transports</a> = etrn-only
13 <a href="postconf.5.html#transport_maps">transport_maps</a> = hash:/etc/postfix/transport
@@ -302,9 +305,9 @@ boldface: </p>
<blockquote>
<pre>
220 my.server.tld ESMTP Postfix
<b>helo my.client.tld</b>
<b>HELO my.client.tld</b>
250 Ok
<b>etrn some.customer.domain</b>
<b>ETRN some.customer.domain</b>
250 Queuing started
</pre>
</blockquote>
@@ -338,9 +341,9 @@ commands that you type: </p>
<blockquote>
<pre>
220 my.server.tld ESMTP Postfix
<b>helo my.client.tld</b>
<b>HELO my.client.tld</b>
250 Ok
<b>etrn some.other.customer.domain</b>
<b>ETRN some.other.customer.domain</b>
250 Queuing started
</pre>
</blockquote>
@@ -356,9 +359,9 @@ server has mail queued for that destination. </p>
<blockquote>
<pre>
220 my.server.tld ESMTP Postfix
<b>helo my.client.tld</b>
<b>HELO my.client.tld</b>
250 Ok
<b>etrn not.a.customer.domain</b>
<b>ETRN not.a.customer.domain</b>
459 &lt;not.a.customer.domain&gt;: service unavailable
</pre>
</blockquote>

62
postfix/html/FILTER_README.html
View File

@@ -71,7 +71,8 @@ mail. Applications that use two separate Postfix instances will
be covered by a later version of this document. </p>
<p> The after-queue content filter is not to be confused with the
approach that is described in the <a href="SMTPD_PROXY_README.html">SMTPD_PROXY_README</a> document,
approaches described in the <a href="SMTPD_PROXY_README.html">SMTPD_PROXY_README</a> or <a href="MILTER_README.html">MILTER_README</a>
documents,
where incoming SMTP mail is filtered BEFORE it is stored into the
Postfix queue. </p>
@@ -125,16 +126,18 @@ all email, as well as several options to filter mail selectively: </p>
<h2><a name="principles">Principles of operation</a> </h2>
<p> An external content filter receives unfiltered mail from Postfix
(as described further below) and does one of the following: </p>
<p> An after-queue content filter receives unfiltered mail from Postfix
(as described further below) and can do one of the following: </p>
<ol>
<li> <p> Re-inject the mail back into Postfix, perhaps after changing
content and/or destination. </p>
<li> <p> Discard or quarantine the mail. </p>
<li> <p> Reject the mail (by sending a suitable status code back to
Postfix). Postfix will return the mail to the sender. </p>
Postfix). Postfix will send the mail back to the sender address. </p>
</ol>
@@ -146,7 +149,8 @@ suspect so that a human can decide what to do with it. </p>
<h2><a name="simple_filter">Simple content filter example</a></h2>
<p> The first example is simple to set up. Postfix receives
<p> The first example is simple to set up, but has major limitations
that will be addressed in a second example. Postfix receives
unfiltered mail from the network with the <a href="smtpd.8.html">smtpd(8)</a> server, and
delivers unfiltered mail to a content filter with the Postfix
<a href="pipe.8.html">pipe(8)</a> delivery agent. The content filter injects filtered mail
@@ -282,21 +286,23 @@ document for an introduction to the Postfix architecture. </p>
<ul>
<li> <p> Line 8: The -G option does nothing before Postfix 2.3,
otherwise it disables address rewriting of message headers. </p>
<li> <p> Line 8: The -G option says the filter output is not a local
mail submission: don't do silly things like appending the local
domain name to addresses in message headers. This option does
nothing before Postfix version 2.3. </p>
<li> <p> Line 8: The -i option says don't stop reading input when
a line contains "." only. </p>
<li> <p> Line 8: NEVER NEVER NEVER use the "-t" command-line option
here. It will mis-deliver mail, like sending mailing list mail back
to the mailing list. </p>
here. It will mis-deliver mail, like sending messages from a mailing
list back to the mailing list. </p>
<li> <p> Line 21: The idea is to first capture the message to
file and then run the content through a third-party content filter
program. </p>
<li> <p> Line 22: If the mail cannot be captured to file, mail
<li> <p> Line 22: If the message cannot be captured to file, mail
delivery is deferred by terminating with exit status 75 (EX_TEMPFAIL).
Postfix places the message in the deferred mail queue and tries
again later. </p>
@@ -306,13 +312,14 @@ program here that receives the content on standard input. </p>
<li> <p> Line 26: If the content filter program finds a problem,
the mail is bounced by terminating with exit status 69 (EX_UNAVAILABLE).
Postfix will return the message to the sender as undeliverable.
Postfix will send the message back to the sender as undeliverable
mail.
</p>
<li> <p> Note: in this time of mail worms and spam, it is a BAD
<li> <p> NOTE: in this time of mail worms and spam, it is a BAD
IDEA to send known viruses or spam back to the sender, because that
address is likely to be forged. It is safer to discard known to be
bad content and to quarantine suspicious content so that it can
address is likely to be forged. It is safer to discard known viruses
and to quarantine suspicious content so that it can
be inspected by a human being. </p>
<li> <p> Line 28: If the content is OK, it is given as input to
@@ -331,7 +338,7 @@ as input: </p>
<blockquote>
<pre>
% /path/to/script -f sender recipient... &lt;message-file
% /path/to/script -f sender -- recipient... &lt;message-file
</pre>
</blockquote>
@@ -381,7 +388,7 @@ entry that defines the Postfix SMTP server: </p>
-o <a href="postconf.5.html#content_filter">content_filter</a>=filter:dummy
</pre>
<p> The "<a href="postconf.5.html#content_filter">content_filter</a>" line causes Postfix to add one content
<p> The "-o <a href="postconf.5.html#content_filter">content_filter</a>" line causes Postfix to add one content
filter request record to each incoming mail message, with content
"filter:dummy". This record overrides the normal mail routing
and causes mail to be given to the content filter instead. </p>
@@ -432,7 +439,7 @@ for filtered mail. </p>
Postfix SMTP server. </p>
<li> <p> Execute "<b>postsuper -r ALL</b>" to remove content
filter information from existing queue files. </p>
filter request records from existing queue files. </p>
<li> <p> Execute another "<b>postfix reload</b>". </p>
@@ -553,7 +560,9 @@ document for an introduction to the Postfix architecture. </p>
<p> The example given here filters all mail, including mail that
arrives via SMTP and mail that is locally submitted via the Postfix
sendmail command. See examples near the end of this document for
sendmail command (local submissions enter Postfix via the <a href="pickup.8.html">pickup(8)</a>
server; to keep the figure simple we omit local submission details).
See examples near the end of this document for
how to exclude local users from filtering, or how to configure a
destination dependent content filter. </p>
@@ -638,7 +647,7 @@ for more information. </p>
<li> <p> The "-o <a href="postconf.5.html#disable_mime_output_conversion">disable_mime_output_conversion</a>=yes" is a workaround
that prevents the breaking of domainkeys and other digital signatures.
This is needed because some SMTP-based content filters don't announce
8BITMIME support, even though they can handle it just fine. </p>
8BITMIME support, even though they can handle 8-bit mail. </p>
<li> <p> The "-o <a href="postconf.5.html#smtp_generic_maps">smtp_generic_maps</a>=" is a workaround that prevents
local address rewriting with <a href="generic.5.html">generic(5)</a> maps. Such rewriting should
@@ -672,6 +681,10 @@ shell and home directory. This user handles all potentially
dangerous mail content - that is why it should be a separate account.
</p>
<li> <p> By default, Postfix will terminate a command that runs
longer than <a href="postconf.5.html#command_time_limit">command_time_limit</a> seconds (default: 1000s). This is a
safety measure that prevents filters from running forever. </p>
</ul>
<p> If you want to have your filter listening on port localhost:10025
@@ -711,15 +724,14 @@ that injects mail back into Postfix. </p>
<ul>
<li> <p> Note: do not use spaces around the "=" or "," characters. </p>
<li> <p> NOTE: do not use spaces around the "=" or "," characters. </p>
<li> <p> Note: the SMTP server must not have a smaller process
<li> <p> NOTE: the SMTP server must not have a smaller process
limit than the "filter" <a href="master.5.html">master.cf</a> entry. </p>
<li> <p> The "-o <a href="postconf.5.html#content_filter">content_filter</a>=" overrides <a href="postconf.5.html">main.cf</a> settings, and
requests no content filtering for mail from the content filter.
This is required or else mail will stay in the content filtering
loop. </p>
This is required or else mail will loop. </p>
<li> <p> The "-o <a href="postconf.5.html#receive_override_options">receive_override_options</a>" overrides <a href="postconf.5.html">main.cf</a> settings
to avoid duplicating work that was already done before the content
@@ -737,7 +749,7 @@ specified in <a href="postconf.5.html">main.cf</a>: </p>
<li> <p> We specify "<a href="postconf.5.html#no_milters">no_milters</a>" to disable Milter applications
(this option is available only in Postfix 2.3 and later). </p>
<li> <p> We don't specify "no_address_mapping" here. This
<li> <p> We don't specify "<a href="postconf.5.html#no_address_mappings">no_address_mappings</a>" here. This
enables virtual alias expansion, canonical mappings, address
masquerading, and other address mappings after the content
filter. The <a href="postconf.5.html">main.cf</a> setting of "<a href="postconf.5.html#receive_override_options">receive_override_options</a>"
@@ -794,7 +806,7 @@ when content filtering is turned off. </p>
</blockquote>
<li> <p> Execute "<b>postsuper -r ALL</b>" to remove content
filter information from existing queue files. </p>
filter request records from existing queue files. </p>
<li> <p> Execute another "<b>postfix reload</b>". </p>

2
postfix/html/LDAP_README.html
View File

@@ -350,7 +350,7 @@ assume for the moment that groups never have a "maildrop" (the "bgroup"
</blockquote>
<p> Note: if the desired member object result attribute is always also
present in the group, you get suprising results, the expansion also
present in the group, you get surprising results, the expansion also
returns the address of the group. This is a known limitation of Postfix
releases prior to 2.4, and is addressed in the new with Postfix 2.4
"leaf_result_attribute" feature described in <a href="ldap_table.5.html">ldap_table(5)</a>. </p>

115
postfix/html/MILTER_README.html
View File

@@ -28,9 +28,13 @@ this happens before mail is queued. </p>
<p> The reason for adding Milter support to Postfix is that there
exists a large collection of applications, not only to block unwanted
mail, but also to verify authenticity (examples: <a
href="http://sourceforge.net/projects/dkim-milter/">Domain keys
identified mail</a>, <a
href="http://sourceforge.net/projects/sid-milter/">SenderID+SPF</a> and
<a href="http://sourceforge.net/projects/dk-milter/">Domain keys</a>)
or to digitally sign mail (example: <a
or to digitally sign mail (examples: <a
href="http://sourceforge.net/projects/dkim-milter/">Domain keys
identified mail</a>, <a
href="http://sourceforge.net/projects/dk-milter/">Domain keys</a>).
Having yet another Postfix-specific version of all that software
is a poor use of human and system resources. </p>
@@ -202,14 +206,14 @@ does. </p>
<p> On some Linux and *BSD distributions, the Sendmail libmilter
library is installed by default. With this, applications such as
<a href="http://sourceforge.net/projects/dk-milter/">dk-milter</a>
<a href="http://sourceforge.net/projects/dkim-milter/">dkim-milter</a>
and <a href="http://sourceforge.net/projects/sid-milter/">sid-milter</a>
build out of the box without requiring any tinkering:</p>
<blockquote>
<pre>
$ <b>gzcat dk-milter-<i>x.y.z</i>.tar.gz | tar xf -</b>
$ <b>cd dk-milter-<i>x.y.z</i></b>
$ <b>gzcat dkim-milter-<i>x.y.z</i>.tar.gz | tar xf -</b>
$ <b>cd dkim-milter-<i>x.y.z</i></b>
$ <b>make</b>
[...<i>lots of output omitted</i>...]
</pre>
@@ -260,7 +264,7 @@ for options. A typical command looks like this:</p>
<blockquote>
<pre>
# <b>/some/where/dk-filter -u <i>userid</i> -p inet:<i>portnumber</i>@localhost ...<i>other options</i>...</b>
# <b>/some/where/dkim-filter -u <i>userid</i> -p inet:<i>portnumber</i>@localhost ...<i>other options</i>...</b>
</pre>
</blockquote>
@@ -652,23 +656,70 @@ X-SenderID: Sendmail Sender-ID Filter vx.y.z host.example.com &lt;unknown-msgid&
</pre>
</blockquote>
<p> This happens because some Milter applications expect that the
<p> This happens because those Milter applications expect that the
queue ID is known <i>before</i> the MTA accepts the MAIL FROM
(sender) command. Postfix, on the other hand, does not choose a
queue file name until <i>after</i> it accepts the first valid RCPT
TO (recipient) command. Postfix queue file names must be unique
TO (recipient) command (Postfix queue file names must be unique
across multiple directories, so the name can't be chosen before the
file is created. If multiple messages were to use the same queue
ID <i>simultaneously</i>, mail would be lost. </p>
file is created; if multiple messages were to use the same queue
ID <i>simultaneously</i>, mail would be lost). </p>
<p> To work around the ugly message header from Milter applications,
we add a little code to the Milter source to look up the queue ID
after Postfix receives the end of the message. </p>
</ul>
<p> Fixing the ugly header maybe as simple as upgrading to a recent
version of the Milter application. For example, current versions
of dkim-filter and dk-filter have code that looks up the Postfix
queue ID at a later protocol stage. </p>
<p> To fix the ugly message header with sid-filter applications,
we change the source code, so that it does the queue ID lookup after
Postfix receives the end of the message. </p>
<ul>
<li> <p> Edit the filter source file (named
<tt>sid-filter/sid-filter.c</tt>). </p>
<li> <p> Look up the <tt>smfilter</tt> table and replace
<tt>mlfi_eoh</tt> by <tt>NULL</tt>.
</p>
<li> <p> Look up the <tt>mlfi_eom()</tt> function and add code near
the top that calls <tt>mlfi_eoh()</tt> as shown by the <b>bold</b>
text below: </p>
</ul>
<blockquote>
<pre>
assert(ctx != NULL);
#endif /* !DEBUG */
<b>
ret = mlfi_eoh(ctx);
if (ret != SMFIS_CONTINUE)
return ret;</b>
</pre>
</blockquote>
<p> NOTES: </p>
<ul>
<li> <p> This was tested with sid-milter-0.2.10 and sid-milter-0.2.14. </p>
<li> <p> This fixes only the ugly message header, but not the WARNING
message. Fortunately, sid-milter logs that message only once. </p>
</ul>
<p> To fix the ugly message header with other Milter applications,
you will need to do something like this: </p>
<ul>
<li> <p> Edit the filter source file (typically named
<tt>dk-filter/dk-filter.c</tt> or similar). </p>
<tt>xxx-filter/xxx-filter.c</tt> or similar). </p>
<li> <p> Look up the <tt>mlfi_eom()</tt> function and add code near
the top shown as <b>bold</b> text below: </p>
@@ -700,43 +751,7 @@ variables. If the above code does not compile, look for the code
at the start of the <tt>mlfi_eoh()</tt> routine. </p>
<li> <p> This fixes only the ugly message header, but not the WARNING
message. Fortunately, dk-filter logs that message only once. </p>
</ul>
<p> With some Milter applications we can fix both the WARNING and
the "unknown-msgid" by postponing the call of <tt>mlfi_eoh()</tt>
(or whatever routine logs the WARNING) until the end of the message.
</p>
<ul>
<li> <p> Edit the filter source file (typically named
<tt>sid-filter/sid-filter.c</tt> or similar). </p>
<li> <p> Look up the <tt>smfilter</tt> table and replace
<tt>mlfi_eoh</tt> (or whatever routine logs the WARNING) by NULL.
</p>
<li> <p> Look up the <tt>mlfi_eom()</tt> function and add code near
the top that calls <tt>mlfi_eoh()</tt> as shown by the <b>bold</b>
text below: </p>
</ul>
<blockquote>
<pre>
assert(ctx != NULL);
#endif /* !DEBUG */
<b>
ret = mlfi_eoh(ctx);
if (ret != SMFIS_CONTINUE)
return ret;</b>
</pre>
</blockquote>
<p> This works with sid-milter-0.2.10. Other Milter applications
will dump core when you do this. </p>
message. Fortunately, many Milters log that message only once. </p>
</ul>

8
postfix/html/PACKAGE_README.html
View File

@@ -26,9 +26,9 @@ Postfix distributions for general use. </p>
<h2>General distributions: please provide a small default main.cf
file</h2>
<p> The installed main.cf file must be small. PLEASE resist the
temptation to list all 400+ parameters in the main.cf file. Postfix
is supposed to be easy to configure. Listing all 400+ in main.cf
<p> The installed <a href="postconf.5.html">main.cf</a> file must be small. PLEASE resist the
temptation to list all parameters in the <a href="postconf.5.html">main.cf</a> file. Postfix
is supposed to be easy to configure. Listing all parameters in <a href="postconf.5.html">main.cf</a>
defeats the purpose. It is an invitation for hobbyists to make
random changes without understanding what they do, and gets them
into endless trouble. </p>
@@ -70,7 +70,7 @@ script directly (<tt>% <b>sh post-install</b></tt>). </p>
<p> You will be prompted for installation parameters. Specify an
install_root directory other than /. The <a href="postconf.5.html#mail_owner">mail_owner</a> and <a href="postconf.5.html#setgid_group">setgid_group</a>
installation parameter settings will be recorded in the main.cf
installation parameter settings will be recorded in the <a href="postconf.5.html">main.cf</a>
file, but they won't take effect until the package is unpacked and
installed on the destination machine. </p>

2
postfix/html/SMTPD_POLICY_README.html
View File

@@ -164,7 +164,7 @@ etrn_domain=
These attributes are empty in case of no certificate authentication.
As of Postfix 2.2.11 these attribute values are encoded as
xtext: some characters are represented by +XX, where XX is the
two-digit hecadecimal representation of the character value.
two-digit hexadecimal representation of the character value.
</p>
<li> <p> The "encryption_*" attributes (Postfix 2.3 and later)

89
postfix/html/TUNING_README.html
View File

@@ -224,8 +224,8 @@ seconds or $<a href="postconf.5.html#smtpd_error_sleep_time">smtpd_error_sleep_t
<h2><a name="conn_limit">Measures against clients that make too many connections</a></h2>
<p> Note: the <a href="anvil.8.html">anvil(8)</a> service was introduced with Postfix version
2.2. </p>
<p> Note: these features use the Postfix <a href="anvil.8.html">anvil(8)</a> service, introduced
with Postfix version 2.2. </p>
<p> The Postfix <a href="smtpd.8.html">smtpd(8)</a> server can limit the number of simultaneous
connections from the same SMTP client, as well as the number of
@@ -233,34 +233,47 @@ connections that a client is allowed to make per unit time.
These statistics are maintained by the <a href="anvil.8.html">anvil(8)</a> server (translation:
if <a href="anvil.8.html">anvil(8)</a> breaks, then connection limits stop working). </p>
<p> IMPORTANT: These limits are designed to protect the <a href="smtpd.8.html">smtpd(8)</a> server
against flagrant abuse. Do not use these limits to regulate legitimate
traffic: mail will suffer grotesque delays if you do so. </p>
<p> IMPORTANT: These limits must not be used to regulate legitimate
traffic: mail will suffer grotesque delays if you do so. The limits
are designed to protect the <a href="smtpd.8.html">smtpd(8)</a> server against abuse by
out-of-control clients. </p>
<ul>
<blockquote>
<li> <p> An SMTP client may make up to $<a href="postconf.5.html#smtpd_client_connection_count_limit">smtpd_client_connection_count_limit</a>
simultaneous connections (default: 50). This is half the default
process limit. </p>
<dl>
<li> <p> An SMTP client may make up to $<a href="postconf.5.html#smtpd_client_message_rate_limit">smtpd_client_message_rate_limit</a>
message delivery requests per unit time (default: no limit). </p>
<dt> <a href="postconf.5.html#smtpd_client_connection_count_limit">smtpd_client_connection_count_limit</a> (default: 50) </dt> <dd>
The maximum number of connections than an SMTP client may make
simultaneously. </dd>
<li> <p> An SMTP client may send up to $<a href="postconf.5.html#smtpd_client_recipient_rate_limit">smtpd_client_recipient_rate_limit</a>
recipient addresses per unit time (default: no limit). </p>
<dt> <a href="postconf.5.html#smtpd_client_connection_rate_limit">smtpd_client_connection_rate_limit</a> (default: no limit) </dt>
<dd> The maximum number of connections that an SMTP client may make
in the time interval specified with <a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a> (default:
60s). </dd>
<li> <p> An SMTP client may make up to $<a href="postconf.5.html#smtpd_client_connection_rate_limit">smtpd_client_connection_rate_limit</a>
connections per unit time (default: no limit). </p>
<dt> <a href="postconf.5.html#smtpd_client_message_rate_limit">smtpd_client_message_rate_limit</a> (default: no limit) </dt> <dd>
The maximum number of message delivery requests that an SMTP client
may make in the time interval specified with <a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a>
(default: 60s). </dd>
<li> <p> These limits are not applied to SMTP clients in the networks
specified with $<a href="postconf.5.html#smtpd_client_event_limit_exceptions">smtpd_client_event_limit_exceptions</a> (default:
clients in $<a href="postconf.5.html#mynetworks">mynetworks</a> may make an unlimited number of connections).
<dt> <a href="postconf.5.html#smtpd_client_recipient_rate_limit">smtpd_client_recipient_rate_limit</a> (default: no limit) </dt>
<dd> The maximum number of recipient addresses that an SMTP client
may specify in the time interval specified with <a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a>
(default: 60s). </dd>
<li> <p> The <a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a> parameter specifies the time
unit over which client connection rates are computed (default:
60s).
<dt> <a href="postconf.5.html#smtpd_client_new_tls_session_rate_limit">smtpd_client_new_tls_session_rate_limit</a> (default: no limit)
</dt> <dd> The maximum number of new TLS sessions (without using
the TLS session cache) that an SMTP client may negotiate in the
time interval specified with <a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a> (default: 60s).
</dd>
</ul>
<dt> <a href="postconf.5.html#smtpd_client_event_limit_exceptions">smtpd_client_event_limit_exceptions</a> (default: $<a href="postconf.5.html#mynetworks">mynetworks</a>)
</dt> <dd> SMTP clients that are excluded from connection and rate
limits specified above. </dd>
</dl>
</blockquote>
<h2><a name="mailing_tips">General mail delivery performance tips</a></h2>
@@ -360,7 +373,7 @@ is not useful. Another good reason to limit delivery concurrency
to the same recipient: if the recipient has an expensive shell
command in her .forward file, or if the recipient is a mailing list
manager, you don't want to run too many instances of those processes
the same time. </p>
at the same time. </p>
<li> <p> The default <a href="postconf.5.html#smtp_destination_concurrency_limit">smtp_destination_concurrency_limit</a> of 20 seems
enough to noticeably load a system without bringing it to its knees.
@@ -465,10 +478,12 @@ some amount of time. </p>
<dl>
<dt> <a href="postconf.5.html#queue_run_delay">queue_run_delay</a> (default: 1000 seconds) </dt> <dd> How often
<dt> <a href="postconf.5.html#queue_run_delay">queue_run_delay</a> (default: 300 seconds; before Postfix 2.4:
1000s) </dt> <dd> How often
the queue manager scans the queue for deferred mail. </dd>
<dt> <a href="postconf.5.html#minimal_backoff_time">minimal_backoff_time</a> (default: 1000 seconds) </dt> <dd> The
<dt> <a href="postconf.5.html#minimal_backoff_time">minimal_backoff_time</a> (default: 300 seconds; before Postfix
2.4: 1000s) </dt> <dd> The
minimal amount of time a message won't be looked at, and the minimal
amount of time to stay away from a "dead" destination. </dd>
@@ -519,7 +534,8 @@ that usually requires timing out one or more SMTP connections. </p>
always better than increasing the frequency of delivery attempts.
However, if you can control only the delivery attempt frequency,
consider using a dedicated <a href="postconf.5.html#fallback_relay">fallback_relay</a> "graveyard" machine for
bad destinations so that they do not ruin the performance of normal
bad destinations, so that these destinations do not ruin the
performance of normal
mail deliveries. </p>
<h2><a name="proc_limit">Tuning the number of Postfix processes</a></h2>
@@ -573,6 +589,20 @@ errors. </p>
<ul>
<li> <p> Depending on your Postfix and operating system versions
you may need to recompile Postfix if you need more than 1024 file
descriptors per process: </p>
<ul> <li> <p> No recompilation is needed for Postfix version 2.4
and later, when it was compiled for systems that support BSD kqueue(2)
(FreeBSD 4.1, NetBSD 2.0, OpenBSD 2.9), Solaris 8 /dev/poll, or
Linux 2.6 epoll(4). </p>
<li> <p> Otherwise, Postfix needs to be recompiled to override the
default FD_SETSIZE value. </p>
</ul>
<li> <p> Reduce the number of processes as described under "<a
href="#proc_limit">Tuning the number of Postfix processes</a>" above.
Fewer processes need fewer open files and sockets. </p>
@@ -585,7 +615,8 @@ with your system tuning guide: </p>
<ul>
<li> <p> Some FreeBSD kernel parameters can be specified in
/boot/loader.conf, and some can be changed with sysctl commands.
/boot/loader.conf, and some can be specified in /etc/sysctl.conf
or changed with sysctl commands.
Which is which depends on the version.
</p>
@@ -598,7 +629,7 @@ kern.maxfilesperproc="16384"
</pre>
<li> <p> Linux kernel parameters can be specified in /etc/sysctl.conf
and can also be changed with sysctl commands: </p>
or changed with sysctl commands: </p>
<pre>
fs.file-max=16384
@@ -607,7 +638,7 @@ kernel.threads-max=2048
<li> <p> Solaris kernel parameters can be specified in /etc/system,
as described in the <a
href="http://www.science.uva.nl/pub/solaris/solaris2.html#q3.46">Solaris
href="http://www.science.uva.nl/pub/solaris/solaris2.html#q3.48">Solaris
FAQ</a> entry titled "How can I increase the number of file
descriptors per process?" </p>

71
postfix/html/ULTRIX_README.html
View File

@@ -1,71 +0,0 @@
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Postfix and Ultrix </title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
</head>
<body>
<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix and Ultrix </h1>
<hr>
<h2> Postfix on Ultrix </h2>
<p> This document is probably only of historical value, because
Ultrix version 4 dates from the early 1990s. However, as long as
Wietse keeps Postfix alive for SunOS 4, it is likely to run on
Ultrix 4 with very little change. Feedback is welcome if anyone
actually still uses Postfix on any version of Ultrix. </p>
<p> The source of this document is an email message by Christian von Roques
that was sent on Jun 2, 1999. </p>
<blockquote>
<p> I've upgraded the MTA of our DECstation-3100 running Ultrix4.3a to
postfix-19990317-pl05 and am sending you the patches I needed to get
it running under Ultrix. </p>
<p> . . . </p>
<p> One of the bugs of Ultrix's /bin/sh is that shell-variables
set in arguments of `:' expand to garbage if expanded in here-documents.
Using a different shell helps. I needed to replace all calls of
``sh .../makedefs'' by ``$(SHELL) .../makedefs'' in all the
Makefile.in and am now able to use ``make SHELL=/bin/sh5'' or zsh.
<p> . . . </p>
<p> Ultrix's FD_SET_SIZE is 4096, but getdtablesize()
returns 64 by default, if not increased when building a new
kernel. getrlimit() doesn't know RLIMIT_NOFILE. This makes
event_init() always log the warning: `could allocate space for
only 64 open files'. </p>
<p> I just reduced the threshold from 256 to 64, but this is not good.
The initial problem still remains: How to disable this warning on
Ultrix without making the source ugly? </p>
</blockquote>
<p> To work around the first problem, all the Makefile.in files
have been updated to use `$(SHELL)' instead of `sh'. So you only
need to supply a non-default shell in order to eliminate Ultrix
shell trouble. </p>
<p> To work around the latter, util/sys_defs.h was updated for
Ultrix, with a default FD_SETSIZE of 100. This should be sufficient
for a workstation. Even in 1999, no-one would run a major mail hub
on Ultrix 4. </p>
</body>
</html>

17
postfix/html/access.5.html
View File

@@ -17,11 +17,12 @@ ACCESS(5) ACCESS(5)
<b>postmap -q - /etc/postfix/access</b> &lt;<i>inputfile</i>
<b>DESCRIPTION</b>
The Postfix SMTP server supports access control on remote
SMTP client information: host names, network addresses,
and envelope sender or recipient addresses. See
<b><a href="postconf.5.html#header_checks">header_checks</a></b>(5) or <b><a href="postconf.5.html#body_checks">body_checks</a></b>(5) for access control on
the content of email messages.
This document describes access control on remote SMTP
client information: host names, network addresses, and
envelope sender or recipient addresses; it is implemented
by the Postfix SMTP server. See <b><a href="postconf.5.html#header_checks">header_checks</a></b>(5) or
<b><a href="postconf.5.html#body_checks">body_checks</a></b>(5) for access control on the content of email
messages.
Normally, the <a href="access.5.html"><b>access</b>(5)</a> table is specified as a text file
that serves as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> command. The
@@ -252,9 +253,9 @@ ACCESS(5) ACCESS(5)
about external content filters is in the Postfix
<a href="FILTER_README.html">FILTER_README</a> file.
Note: this action overrides the <a href="postconf.5.html"><b>main.cf</a> <a href="postconf.5.html#content_filter">con</a>-</b>
<b><a href="postconf.5.html#content_filter">tent_filter</a></b> setting, and currently affects all
recipients of the message.
Note: this action overrides the <b><a href="postconf.5.html#content_filter">content_filter</a></b> set-
ting, and currently affects all recipients of the
message.
This feature is available in Postfix 2.0 and later.

55
postfix/html/header_checks.5.html
View File

@@ -7,7 +7,7 @@
HEADER_CHECKS(5) HEADER_CHECKS(5)
<b>NAME</b>
<a href="postconf.5.html#header_checks">header_checks</a> - Postfix built-in header/body inspection
<a href="postconf.5.html#header_checks">header_checks</a> - Postfix built-in content inspection
<b>SYNOPSIS</b>
<b><a href="postconf.5.html#header_checks">header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/header_checks</b>
@@ -19,8 +19,9 @@ HEADER_CHECKS(5) HEADER_CHECKS(5)
<b>postmap -fq - <a href="pcre_table.5.html">pcre</a>:/etc/postfix/</b><i>filename</i> &lt;<i>inputfile</i>
<b>DESCRIPTION</b>
The Postfix <a href="cleanup.8.html"><b>cleanup</b>(8)</a> server supports access control on
the content of message headers and message body lines.
This document describes access control on the content of
message headers and message body lines; it is implemented
by the Postfix <a href="cleanup.8.html">cleanup(8)</a> server before mail is queued.
See <a href="access.5.html"><b>access</b>(5)</a> for access control on remote SMTP client
information.
@@ -98,8 +99,8 @@ HEADER_CHECKS(5) HEADER_CHECKS(5)
<b>if /</b><i>pattern</i><b>/</b><i>flags</i>
<b>endif</b> Match the input string against the patterns between
<b>if</b> and <b>endif</b>, if and only if the input string also
matches <i>pattern</i>. The <b>if</b>..<b>endif</b> can nest.
<b>if</b> and <b>endif</b>, if and only if the same input string
also matches <i>pattern</i>. The <b>if</b>..<b>endif</b> can nest.
Note: do not prepend whitespace to patterns inside
<b>if</b>..<b>endif</b>.
@@ -107,8 +108,8 @@ HEADER_CHECKS(5) HEADER_CHECKS(5)
<b>if !/</b><i>pattern</i><b>/</b><i>flags</i>
<b>endif</b> Match the input string against the patterns between
<b>if</b> and <b>endif</b>, if and only if the input string does
<b>not</b> match <i>pattern</i>. The <b>if</b>..<b>endif</b> can nest.
<b>if</b> and <b>endif</b>, if and only if the same input string
does <b>not</b> match <i>pattern</i>. The <b>if</b>..<b>endif</b> can nest.
blank lines and comments
Empty lines and whitespace-only lines are ignored,
@@ -167,17 +168,17 @@ HEADER_CHECKS(5) HEADER_CHECKS(5)
This feature is available in Postfix 2.1 and later.
<b>FILTER</b> <i>transport:destination</i>
Write a content filter request to the queue file
Write a content filter request to the queue file,
and inspect the next input line. After the com-
plete message is received it will be sent through
the specified external content filter. More infor-
mation about external content filters is in the
Postfix <a href="FILTER_README.html">FILTER_README</a> file.
Note: this action overrides the <a href="postconf.5.html"><b>main.cf</a> <a href="postconf.5.html#content_filter">con</a>-</b>
<b><a href="postconf.5.html#content_filter">tent_filter</a></b> setting, and affects all recipients of
the message. In the case that multiple <b>FILTER</b>
actions fire, only the last one is executed.
Note: this action overrides the <b><a href="postconf.5.html#content_filter">content_filter</a></b> set-
ting, and affects all recipients of the message. In
the case that multiple <b>FILTER</b> actions fire, only
the last one is executed.
This feature is available in Postfix 2.0 and later.
@@ -203,11 +204,11 @@ HEADER_CHECKS(5) HEADER_CHECKS(5)
This feature is available in Postfix 2.0 and later.
<b>IGNORE</b> Delete the current line from the input and inspect
<b>IGNORE</b> Delete the current line from the input, and inspect
the next input line.
<b>PREPEND</b> <i>text...</i>
Prepend one line with the specified text and
Prepend one line with the specified text, and
inspect the next input line.
Notes:
@@ -233,7 +234,7 @@ HEADER_CHECKS(5) HEADER_CHECKS(5)
<b>REDIRECT</b> <i>user@domain</i>
Write a message redirection request to the queue
file and inspect the next input line. After the
file, and inspect the next input line. After the
message is queued, it will be sent to the specified
address instead of the intended recipient(s).
@@ -245,7 +246,7 @@ HEADER_CHECKS(5) HEADER_CHECKS(5)
This feature is available in Postfix 2.1 and later.
<b>REPLACE</b> <i>text...</i>
Replace the current line with the specified text
Replace the current line with the specified text,
and inspect the next input line.
This feature is available in Postfix 2.2 and later.
@@ -281,19 +282,25 @@ HEADER_CHECKS(5) HEADER_CHECKS(5)
<b>WARN</b> <i>optional text...</i>
Log a warning with the <i>optional text...</i> (or log a
generic message) and inspect the next input line.
generic message), and inspect the next input line.
This action is useful for debugging and for testing
a pattern before applying more drastic actions.
<b>BUGS</b>
Many people overlook the main limitations of header and
<a href="postconf.5.html#body_checks">body_checks</a> rules. These rules operate on one logical
message header or one body line at a time, and a decision
made for one line is not carried over to the next line.
If text in the message body is encoded (<a href="http://www.faqs.org/rfcs/rfc2045.html">RFC 2045</a>) then the
rules have to specified for the encoded form. Likewise,
when message headers are encoded (<a href="http://www.faqs.org/rfcs/rfc2047.html">RFC 2047</a>) then the rules
need to be specified for the encoded form.
<a href="postconf.5.html#body_checks">body_checks</a> rules.
<b>o</b> These rules operate on one logical message header
or one body line at a time. A decision made for one
line is not carried over to the next line.
<b>o</b> If text in the message body is encoded (<a href="http://www.faqs.org/rfcs/rfc2045.html">RFC 2045</a>)
then the rules have to specified for the encoded
form.
<b>o</b> Likewise, when message headers are encoded (<a href="http://www.faqs.org/rfcs/rfc2047.html">RFC</a>
<a href="http://www.faqs.org/rfcs/rfc2047.html">2047</a>) then the rules need to be specified for the
encoded form.
Message headers added by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon itself are
excluded from inspection. Examples of such message headers

14
postfix/html/index.html
View File

@@ -58,8 +58,6 @@ configuration examples </a>
<li> <a href="DEBUG_README.html"> Debugging strategies </a>
<li> Error messages (*)
</ul>
<p><strong>Content inspection </strong></p>
@@ -134,8 +132,6 @@ Per-client/user/etc. access </a>
<ul>
<li> qmail/ezmlm support (*)
<li> <a href="VERP_README.html"> VERP Support </a>
</ul>
@@ -152,20 +148,14 @@ Per-client/user/etc. access </a>
<li> <a href="NFS_README.html"> NFS issues </a>
<li> <a href="ULTRIX_README.html"> Ultrix support </a>
</ul>
<p><strong> Other mail delivery agents </strong></p>
<ul>
<li> Cyrus (*)
<li> <a href="MAILDROP_README.html"> Maildrop </a>
<li> LMTP (*)
</ul>
<p><strong> Other topics </strong></p>
@@ -200,10 +190,6 @@ Recipients </a>
</td>
<tr> <td colspan="3"> <font size="-1"> (*) These documents will be
made available via <a href="http://www.postfix.org/">
http://www.postfix.org/</a> and mirror sites. </font> </td> </tr>
</table>
</body>

6
postfix/html/ldap_table.5.html
View File

@@ -374,7 +374,8 @@ LDAP_TABLE(5) LDAP_TABLE(5)
terminal_result_attribute = maildrop
This feature is available with Postfix &gt;= 2.4.
This feature is available with Postfix 2.4 or
later.
<b>leaf_result_attribute (default: empty)</b>
When one or more special result attributes are
@@ -404,7 +405,8 @@ LDAP_TABLE(5) LDAP_TABLE(5)
terminal_result_attribute = maildrop
leaf_result_attribute = mail
This feature is available with Postfix &gt;= 2.4.
This feature is available with Postfix 2.4 or
later.
<b>scope (default: sub)</b>
The LDAP search scope: <b>sub</b>, <b>base</b>, or <b>one</b>. These

26
postfix/html/postconf.5.html
View File

@@ -674,8 +674,8 @@ are calculated.
</p>
<p>
This feature is implemented by the <a href="anvil.8.html">anvil(8)</a> service which is not
part of the stable Postfix version 2.1 release.
This feature is implemented by the <a href="anvil.8.html">anvil(8)</a> service which is available
in Postfix version 2.2 and later.
</p>
<p>
@@ -5254,17 +5254,18 @@ This feature is available in Postfix 2.0 and later.
</DD>
<DT><b><a name="minimal_backoff_time">minimal_backoff_time</a>
(default: version dependent)</b></DT><DD>
(default: 300s)</b></DT><DD>
<p>
The minimal time between attempts to deliver a deferred message;
prior to Postfix 2.4 the default value was 1000s.
</p>
<p>
The minimal time between attempts to deliver a deferred message.
This parameter also limits the time an unreachable destination is
kept in the short-term, in-memory, destination status cache.
</p>
<p> With Postfix 2.4 the default value was reduced from 1000s to
300s. </p>
<p> This parameter should be set greater than or equal to
$<a href="postconf.5.html#queue_run_delay">queue_run_delay</a>. See also $<a href="postconf.5.html#maximal_backoff_time">maximal_backoff_time</a>. </p>
@@ -6057,14 +6058,11 @@ zero means there is no minimum required amount of free space.
</DD>
<DT><b><a name="queue_run_delay">queue_run_delay</a>
(default: version dependent)</b></DT><DD>
(default: 300s)</b></DT><DD>
<p>
The time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the queue manager.
</p>
<p>
With Postfix 2.4 the default value was reduced from 1000s to 300s.
The time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the queue manager;
prior to Postfix 2.4 the default value was 1000s.
</p>
<p> This parameter should be set less than or equal to
@@ -8476,7 +8474,7 @@ and higher the optional "ciphers" attribute overrides the <a href="postconf.5.ht
<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> parameter and the optional "protocols"
keyword overrides the <a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> parameter.
In the policy table, multiple protocols must be separated by colons,
as attribute values may not contain whitespace or commas. </p>
as attribute values may not contain whitespace or commas. </dd>
<dt><b>verify</b></dt> <dd>Mandatory TLS verification. At this security
level, DNS MX lookups are trusted to be secure enough, and the name

8
postfix/makedefs
View File

@@ -374,6 +374,14 @@ Rhapsody.5*|Darwin.*)
;;
esac
;;
"Mac OS".10.[0-3]*)
SYSTYPE=MACOSX
# Use the native compiler by default
: ${CC=cc}
AWK=gawk
CCARGS="$CCARGS -DNO_KQUEUE"
;;
"Mac OS".10*) SYSTYPE=MACOSX
# Use the native compiler by default
: ${CC=cc}

10
postfix/man/man5/access.5
View File

@@ -16,10 +16,10 @@ Postfix SMTP server access table
.SH DESCRIPTION
.ad
.fi
The Postfix SMTP server supports access control on remote
SMTP client information: host names, network addresses, and
envelope sender
or recipient addresses. See \fBheader_checks\fR(5) or
This document describes access control on remote SMTP client
information: host names, network addresses, and envelope
sender or recipient addresses; it is implemented by the
Postfix SMTP server. See \fBheader_checks\fR(5) or
\fBbody_checks\fR(5) for access control on the content of
email messages.
@@ -239,7 +239,7 @@ syntax is described in the \fBtransport\fR(5) manual page.
More information
about external content filters is in the Postfix FILTER_README file.
.sp
Note: this action overrides the \fBmain.cf content_filter\fR setting,
Note: this action overrides the \fBcontent_filter\fR setting,
and currently affects all recipients of the message.
.sp
This feature is available in Postfix 2.0 and later.

46
postfix/man/man5/header_checks.5
View File

@@ -4,7 +4,7 @@
.SH NAME
header_checks
\-
Postfix built-in header/body inspection
Postfix built-in content inspection
.SH "SYNOPSIS"
.na
.nf
@@ -22,8 +22,9 @@ Postfix built-in header/body inspection
.SH DESCRIPTION
.ad
.fi
The Postfix \fBcleanup\fR(8) server supports access control
on the content of message headers and message body lines.
This document describes access control on the content of
message headers and message body lines; it is implemented
by the Postfix cleanup(8) server before mail is queued.
See \fBaccess\fR(5) for access control on remote SMTP client
information.
@@ -92,16 +93,17 @@ execute the corresponding \fIaction\fR.
.IP "\fBif /\fIpattern\fB/\fIflags\fR"
.IP "\fBendif\fR"
Match the input string against the patterns between \fBif\fR
and \fBendif\fR, if and only if the input string also matches
\fIpattern\fR. The \fBif\fR..\fBendif\fR can nest.
and \fBendif\fR, if and only if the same input string also
matches \fIpattern\fR. The \fBif\fR..\fBendif\fR can nest.
.sp
Note: do not prepend whitespace to patterns inside
\fBif\fR..\fBendif\fR.
.IP "\fBif !/\fIpattern\fB/\fIflags\fR"
.IP "\fBendif\fR"
Match the input string against the patterns between \fBif\fR
and \fBendif\fR, if and only if the input string does \fBnot\fR
match \fIpattern\fR. The \fBif\fR..\fBendif\fR can nest.
and \fBendif\fR, if and only if the same input string does
\fBnot\fR match \fIpattern\fR. The \fBif\fR..\fBendif\fR
can nest.
.IP "blank lines and comments"
Empty lines and whitespace-only lines are ignored, as
are lines whose first non-whitespace character is a `#'.
@@ -159,13 +161,13 @@ For backwards compatibility reasons, Postfix also accepts
.sp
This feature is available in Postfix 2.1 and later.
.IP "\fBFILTER \fItransport:destination\fR"
Write a content filter request to the queue file and
Write a content filter request to the queue file, and
inspect the next input line.
After the complete message is received it will be sent through
the specified external content filter. More information about
external content filters is in the Postfix FILTER_README file.
.sp
Note: this action overrides the \fBmain.cf content_filter\fR setting,
Note: this action overrides the \fBcontent_filter\fR setting,
and affects all recipients of the message. In the case that multiple
\fBFILTER\fR actions fire, only the last one is executed.
.sp
@@ -190,10 +192,10 @@ Note: this action affects all recipients of the message.
.sp
This feature is available in Postfix 2.0 and later.
.IP \fBIGNORE\fR
Delete the current line from the input and inspect
Delete the current line from the input, and inspect
the next input line.
.IP "\fBPREPEND \fItext...\fR"
Prepend one line with the specified text and inspect the next
Prepend one line with the specified text, and inspect the next
input line.
.sp
Notes:
@@ -215,7 +217,7 @@ This action cannot be used to prepend multi-line text.
.IP
This feature is available in Postfix 2.1 and later.
.IP "\fBREDIRECT \fIuser@domain\fR"
Write a message redirection request to the queue file and
Write a message redirection request to the queue file, and
inspect the next input line. After the message is queued,
it will be sent to the specified address instead of the
intended recipient(s).
@@ -226,7 +228,7 @@ fire, only the last one is executed.
.sp
This feature is available in Postfix 2.1 and later.
.IP "\fBREPLACE \fItext...\fR"
Replace the current line with the specified text and inspect the next
Replace the current line with the specified text, and inspect the next
input line.
.sp
This feature is available in Postfix 2.2 and later. The
@@ -257,21 +259,27 @@ text...\fR, Postfix inserts a default enhanced status code of
"5.7.1".
.IP "\fBWARN \fIoptional text...\fR
Log a warning with the \fIoptional text...\fR (or log a
generic message) and inspect the next input line. This
generic message), and inspect the next input line. This
action is useful for debugging and for testing a pattern
before applying more drastic actions.
.SH BUGS
.ad
.fi
Many people overlook the main limitations of header and body_checks
rules. These rules operate on one logical message header or one body
line at a time, and a decision made for one line is not carried over
to the next line. If text in the message body is encoded
rules.
.IP \(bu
These rules operate on one logical message header or one body
line at a time. A decision made for one line is not carried over
to the next line.
.IP \(bu
If text in the message body is encoded
(RFC 2045) then the rules have to specified for the encoded
form. Likewise, when message headers are encoded (RFC
form.
.IP \(bu
Likewise, when message headers are encoded (RFC
2047) then the rules need to be specified for the encoded
form.
.PP
Message headers added by the \fBcleanup\fR(8) daemon itself
are excluded from inspection. Examples of such message headers
are \fBFrom:\fR, \fBTo:\fR, \fBMessage-ID:\fR, \fBDate:\fR.

4
postfix/man/man5/ldap_table.5
View File

@@ -352,7 +352,7 @@ other special processing.
.ti +4
terminal_result_attribute = maildrop
This feature is available with Postfix >= 2.4.
This feature is available with Postfix 2.4 or later.
.IP "\fBleaf_result_attribute (default: empty)\fR"
When one or more special result attributes are found in a non-terminal
(see above) LDAP entry, leaf result attributes are excluded from the
@@ -380,7 +380,7 @@ terminal_result_attribute = maildrop
leaf_result_attribute = mail
.in -4
This feature is available with Postfix >= 2.4.
This feature is available with Postfix 2.4 or later.
.IP "\fBscope (default: sub)\fR"
The LDAP search scope: \fBsub\fR, \fBbase\fR, or \fBone\fR.
These translate into LDAP_SCOPE_SUBTREE, LDAP_SCOPE_BASE,

20
postfix/man/man5/postconf.5
View File

@@ -368,8 +368,8 @@ generates itself.
The time unit over which client connection rates and other rates
are calculated.
.PP
This feature is implemented by the \fBanvil\fR(8) service which is not
part of the stable Postfix version 2.1 release.
This feature is implemented by the \fBanvil\fR(8) service which is available
in Postfix version 2.2 and later.
.PP
The default interval is relatively short. Because of the high
frequency of updates, the \fBanvil\fR(8) server uses volatile memory
@@ -2850,14 +2850,13 @@ The maximal recursion level that the MIME processor will handle.
Postfix refuses mail that is nested deeper than the specified limit.
.PP
This feature is available in Postfix 2.0 and later.
.SH minimal_backoff_time (default: version dependent)
The minimal time between attempts to deliver a deferred message.
.SH minimal_backoff_time (default: 300s)
The minimal time between attempts to deliver a deferred message;
prior to Postfix 2.4 the default value was 1000s.
.PP
This parameter also limits the time an unreachable destination is
kept in the short-term, in-memory, destination status cache.
.PP
With Postfix 2.4 the default value was reduced from 1000s to
300s.
.PP
This parameter should be set greater than or equal to
$queue_run_delay. See also $maximal_backoff_time.
.PP
@@ -3306,10 +3305,9 @@ value that is at least 1.5*$message_size_limit.
.PP
With Postfix versions 2.0 and earlier, a queue_minfree value of
zero means there is no minimum required amount of free space.
.SH queue_run_delay (default: version dependent)
The time between deferred queue scans by the queue manager.
.PP
With Postfix 2.4 the default value was reduced from 1000s to 300s.
.SH queue_run_delay (default: 300s)
The time between deferred queue scans by the queue manager;
prior to Postfix 2.4 the default value was 1000s.
.PP
This parameter should be set less than or equal to
$minimal_backoff_time. See also $maximal_backoff_time.

16
postfix/mantools/postlink
View File

@@ -14,7 +14,7 @@ while (<>) {
{
Again:
if (/-[<\/bB>]*$/) {
if (/(-[<\/bB>]*|RFC)$/) {
$_ .= "\n";
$len1 = length;
$_ .= <>;
@@ -778,7 +778,13 @@ while (<>) {
s;\bmilter_unknown_command_macros\b;<a href="postconf.5.html#milter_unknown_command_macros">$&</a>;g;
s;\bmilter_end_of_data_macros\b;<a href="postconf.5.html#milter_end_of_data_macros">$&</a>;g;
# Split *README, parameter or restriction hyperlinks across line breaks
# Hyperlink URLs and RFC documents
s/(http:\/\/[^ ,"\(\)]*[^ ,"\(\):;!?.])/<a href="$1">$1<\/a>/;
s/(ftp:\/\/[^ ,"\(\)]*[^ ,"\(\):;!?.])/<a href="$1">$1<\/a>/;
s/\bRFC\s*([1-9]\d*)/<a href="http:\/\/www.faqs.org\/rfcs\/rfc$1.html">$&<\/a>/;
# Split README/RFC/parameter/restriction hyperlinks that span line breaks
s/(<a href="[^"]*">)([-A-Za-z0-9_]*)\b([-<\/bB>]*\n *[<bB>]*)\b([-A-Za-z0-9_]*)(<\/a>)/$1$2$5$3$1$4$5/;
@@ -787,12 +793,6 @@ while (<>) {
s/(<a href="[^"]*">)([<bB>]*[-a-zA-Z0-9._]*[<bB>]*)<\/a>\1/$1$2/g;
s/(<a href="[^"]*">)([<bB>]*[-a-zA-Z0-9._]*[<bB>]*)<\/a>\1/$1$2/g;
# Hyperlink URLs and RFC documents
s/(http:\/\/[^ ,"\(\)]*[^ ,"\(\):;!?.])/<a href="$1">$1<\/a>/;
s/(ftp:\/\/[^ ,"\(\)]*[^ ,"\(\):;!?.])/<a href="$1">$1<\/a>/;
s/\bRFC *([1-9]\d*)/<a href="http:\/\/www.faqs.org\/rfcs\/rfc$1.html">$&<\/a>/;
# Hyperlink phrases not in headers.
if (/<\/*h\d>/) {

5
postfix/proto/ADDRESS_CLASS_README.html
View File

@@ -53,8 +53,9 @@ address classes are very important for the operation of Postfix. </p>
<li> <p> The list of domains that are a member of the class: for
example, all local domains, or all relay domains. </p>
<li> <p> The default delivery method. For example, the local or
smtp delivery agent. This helps to keep Postfix configurations
<li> <p> The default delivery transport. For example, the local or
relay delivery transport (delivery transports are defined in
master.cf). This helps to keep Postfix configurations
simple. </p>
<li> <p> The list of valid recipient addresses for that address

5
postfix/proto/ADDRESS_VERIFICATION_README.html
View File

@@ -229,7 +229,10 @@ MAILER-DAEMON messages. </p>
<p> Recipient address verification is relatively straightforward
and there are no surprises. If a recipient probe fails, then Postfix
rejects mail for the recipient address. If a recipient probe
succeeds, then Postfix accepts mail for the recipient address. </p>
succeeds, then Postfix accepts mail for the recipient address.
However, recipient address verification probes can increase the
load on down-stream MTAs when you're being flooded by backscatter
bounces, or when some spammer is mounting a dictionary attack. </p>
<p> By default, address verification results are not saved. To avoid
probing the same address repeatedly, you can store the result in a

28
postfix/proto/CONNECTION_CACHE_README.html
View File

@@ -92,24 +92,34 @@ by the mail delivering process that creates the connection. To get
the same performance improvement as with a shared connection cache,
non-shared connections need to be kept open for a longer time. </p>
<p> The scache(8) server, introduced with Postfix version 2.2,
maintains the shared connection cache. With Postfix version 2.2,
only the smtp(8) client has support to access this cache. </p>
<blockquote>
<table>
<tr> <td> Internet &lt;-- </td> <td align="center" bgcolor="#f0f0ff">
<br> smtp(8) <br> &nbsp; </td> <td> <tt> &lt;-&gt; </tt> </td> <td
align="center" bgcolor="#f0f0ff"> <br> scache(8) <br> &nbsp; </td>
<td> <tt> &lt;-&gt; </tt> </td> <td align="center" bgcolor="#f0f0ff">
<br> smtp(8) <br> &nbsp; </td> <td> --&gt; Internet </td>
<tr> <td align="center" colspan="3" bgcolor="#f0f0ff"> <br> smtp(8)
<br> &nbsp; </td> <td colspan="2"> --&gt; Internet </td> </tr>
<tr> <td align="center" rowspan="3"> &nbsp; </td> <td align="center"
rowspan="3"><tt>|<br>|<br>|<br>|<br>|<br>|<br>v</tt></td>
<td> &nbsp; </td> </tr>
<tr> <td align="center"
colspan="2" bgcolor="#f0f0ff"> <br> smtp(8) <br> &nbsp; </td> <td
align="left"> --&gt; Internet </td> </tr>
<tr> <td align="center"><tt>^<br>|</tt></td> <td> &nbsp; </td> </tr>
<tr> <td align="center" colspan="3" bgcolor="#f0f0ff"> <br> scache(8)
<br> &nbsp; </td> </tr>
</table>
</blockquote>
<p> The scache(8) server, introduced with Postfix version 2.2,
maintains the shared connection cache. With Postfix version 2.2,
only the smtp(8) client has support to access this cache. </p>
<p> When SMTP connection caching is enabled (see next section), the
smtp(8) client does not disconnect after a mail transaction, but
gives the connection to the scache(8) server which keeps the

24
postfix/proto/CYRUS_README.html
View File

@@ -1,24 +0,0 @@
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Postfix Cyrus Howto</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
</head>
<body>
<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix Cyrus Howto</h1>
<hr>
<p> This document will be made available via http://www.postfix.org/. </p>
</body>
</html>

8
postfix/proto/DATABASE_README.html
View File

@@ -80,7 +80,8 @@ below.
<li> You can use Berkeley DB files with fixed lookup strings for
simple address rewriting operations and you can use regular expression
tables for the more complicated work.
tables for the more complicated work. In other words, you don't
have to put everything into the same table.
</ul>
@@ -189,8 +190,9 @@ because something else happens. This is because commands such as
postmap(1) or postalias(1) overwrite existing files. If the update
fails in the middle then you have no usable database, and Postfix
will stop working. This is not an issue with the CDB database type
available with Postfix 2.2 and later, because <a href="CDB_README.html">CDB</a>
database rebuilds are atomic. </p>
available with Postfix 2.2 and later: <a href="CDB_README.html">CDB</a>
creates a new file, and renames the file upon successful completion.
</p>
<p> With multi-file databases such as DBM, there is no simple
solution. With Berkeley DB and other "one file" databases, it is

15
postfix/proto/DB_README.html
View File

@@ -49,15 +49,17 @@ versions. </p>
<h2><a name="no_db">Building Postfix on systems without Berkeley
DB</a></h2>
<p> Many commercial UNIXes ship without Berkeley DB support. Examples
are Solaris, HP-UX, IRIX, UNIXWARE. In order to build Postfix with
<p> Some UNIXes ship without Berkeley DB support; for historical
reasons these use DBM files instead. A problem with DBM files is
that they can store only limited amounts of data. To build Postfix
with
Berkeley DB support you need to download and install the source
code from http://www.sleepycat.com/ </p>
code from http://www.oracle.com/database/berkeley-db/. </p>
<p> Warning: some Linux system libraries use Berkeley DB, as do
some third-party libraries such as SASL. If you compile Postfix
with a different Berkeley DB implementation, then every Postfix
program will dump core because either the system library, SASL
program will dump core because either the system library, the SASL
library, or Postfix itself ends up using the wrong version. </p>
<p>The more recent Berkeley DB versions have a compile-time switch,
@@ -67,7 +69,7 @@ Although wasteful, this may be the only way to keep things from
falling apart. </p>
<p> To build Postfix after you installed the Berkeley DB from
http://www.sleepycat.com/, use something like: </p>
source code, use something like: </p>
<blockquote>
<pre>
@@ -214,7 +216,8 @@ undefined reference to `pthread_mutex_trylock'
</pre>
</blockquote>
<p> More information is available at http://www.sleepycat.com/. </p>
<p> More information is available at
http://www.oracle.com/database/berkeley-db/. </p>
</body>

38
postfix/proto/DEBUG_README.html
View File

@@ -100,8 +100,9 @@ is fixed. </p>
permissions, incorrect configuration file settings that you can
fix. Postfix cannot proceed until this is fixed. </p>
<li> <p> "<b>error</b>" reports a fatal or non-fatal error condition.
Postfix cannot proceed until this is fixed. </p>
<li> <p> "<b>error</b>" reports an error condition. For safety
reasons, a Postfix process will terminate when more than 13 of these
happen. </p>
<li> <p> "<b>warning</b>" indicates a non-fatal error. These are
problems that you may not be able to fix (such as a broken DNS
@@ -145,7 +146,7 @@ Mail Delivery Status Report will be mailed to &lt;your login name&gt;.
</ul>
<p> These reports contain information that is generated by Postfix
delivery agents. Since these run as daemon processes and do not
delivery agents. Since these run as daemon processes that cannot
interact with users directly, the result is sent as mail to the
sender of the test message. The format of these reports is practically
identical to that of ordinary non-delivery notifications. </p>
@@ -209,18 +210,21 @@ command "<b>postfix reload</b>". </p>
<h2><a name="sniffer">Record the SMTP session with a network sniffer</a></h2>
<p> This example uses <b>tcpdump</b>. In order to record a conversation
you need to specify a large enough buffer with the "-s" option or
else you will miss some or all of the packet payload. </p>
you need to specify a large enough buffer with the "<b>-s</b>"
option or else you will miss some or all of the packet payload.
</p>
<blockquote>
<pre>
# <b>tcpdump -w /file/name -s 2000 host example.com and port 25</b>
# <b>tcpdump -w /file/name -s 0 host example.com and port 25</b>
</pre>
</blockquote>
<p> Older tcpdump versions don't support "<b>-s 0</b>"; in that case,
use "<b>-s 2000</b>" instead. </p>
<p> Run this for a while, stop with Ctrl-C when done. To view the
data use a binary viewer, or <b>ethereal</b>, or use my <b>tcpdumpx</b>
utility that is available from ftp://ftp.porcupine.org/pub/debugging/.
data use a binary viewer, <b>ethereal</b>, or good old <b>less</b>.
</p>
<h2><a name="verbose">Making Postfix daemon programs more verbose</a></h2>
@@ -228,7 +232,7 @@ utility that is available from ftp://ftp.porcupine.org/pub/debugging/.
<p> Append one or more "<b>-v</b>" options to selected daemon
definitions in /etc/postfix/master.cf and type "<b>postfix reload</b>".
This will cause a lot of activity to be logged to the syslog daemon.
Example: </p>
For example, to make the Postfix SMTP server process more verbose: </p>
<blockquote>
<pre>
@@ -237,10 +241,9 @@ Example: </p>
</pre>
</blockquote>
<p> This makes the Postfix SMTP server more verbose. To diagnose
problems with address rewriting one would specify a "<b>-v</b>"
<p> To diagnose problems with address rewriting specify a "<b>-v</b>"
option for the cleanup(8) and/or trivial-rewrite(8) daemon, and to
diagnose problems with mail delivery one would specify a "<b>-v</b>"
diagnose problems with mail delivery specify a "<b>-v</b>"
option for the qmgr(8) or oqmgr(8) queue manager, or for the lmtp(8),
local(8), pipe(8), smtp(8), or virtual(8) delivery agent. </p>
@@ -538,18 +541,21 @@ attachments, instead of reciting information from memory.
<li> <p> Postfix logging. See the text at the top of the DEBUG_README
document to find out where logging is stored. Please do not frustrate
the helpers by word wrapping the logging. </p>
the helpers by word wrapping the logging. If the logging is more
than a few kbytes of text, consider posting an URL on a web or ftp
site. </p>
<li> <p> Consider using a test email address so that you don't have
to reveal email addresses or passwords of innocent people. </p>
<li> <p> If you can't use a test email address, please anonymize
information consistently. Replace each letter by "A", each digit
email addresses and host names consistently. Replace each letter
by "A", each digit
by "D" so that the helpers can still recognize syntactical errors.
</p>
<li> <p> Output from "<b>postconf -n</b>". Please do not send your
main.cf file or 400+ lines of <b>postconf</b> output. </p>
main.cf file, or 500+ lines of <b>postconf</b> output. </p>
<li> <p> Better, provide output from the <b>postfinger</b> tool.
This can be found at http://ftp.wl0.org/SOURCES/postfinger. </p>
@@ -562,7 +568,7 @@ http://postfix.state-of-mind.de/patrick.koetter/saslfinger/. </p>
including output from the <b>qshape</b> tool, as described in the
QSHAPE_README file. </p>
<li> <p> If the problem is protocol related (connections time out
<li> <p> If the problem is protocol related (connections time out,
or an SMTP server complains about syntax errors etc.) consider
recording a session with <b>tcpdump</b>, as described in the <a
href="#sniffer">DEBUG_README</a> document. </ul>

2
postfix/proto/DSN_README.html
View File

@@ -44,7 +44,7 @@ identifies the message <i>content</i>. </p>
</ul>
<p> The implementation of DSN support involves extra parameters to
the SMTP MAIL FROM and RCPT TO commands, as well as new Postfix
the SMTP MAIL FROM and RCPT TO commands, as well as two Postfix
sendmail command line options that provide a sub-set of the functions
of the extra SMTP command parameters. </p>

37
postfix/proto/ETRN_README.html
View File

@@ -27,11 +27,6 @@ searches the queue for mail to the customer, and delivers that mail
not delivered via the connection that was used for sending ETRN.
</p>
<p> Postfix versions before 1.0 (also known as version 20010228)
implemented the ETRN command in an inefficient manner: they simply
attempted to deliver all queued mail. This is slow on mail servers
that queue mail for many customers. </p>
<p> As of version 1.0, Postfix has a fast ETRN implementation that
does not require Postfix to examine every queue file. Instead,
Postfix maintains a record of what queue files contain mail for
@@ -74,11 +69,11 @@ font. </p>
<blockquote>
<pre>
220 my.server.tld ESMTP Postfix
<b>helo my.client.tld</b>
<b>HELO my.client.tld</b>
250 Ok
<b>etrn some.customer.domain</b>
<b>ETRN some.customer.domain</b>
250 Queuing started
<b>quit</b>
<b>QUIT</b>
221 Bye
</pre>
</blockquote>
@@ -90,6 +85,8 @@ the connection that was used to send the ETRN command. </p>
<p> The Postfix operator can request delivery for a specific customer
by using the command "sendmail -qR<i>destination</i>" and, with
Postfix version 1.1 and later, "postqueue -s<i>destination</i>".
Access to this feature is controlled with the authorized_flush_users
configuration parameter (Postfix version 2.2 and later).
</p>
<h2><a name="how">How Postfix fast ETRN works</a></h2>
@@ -149,12 +146,13 @@ want to turn on fast ETRN service for every possible destination.
with queue file names. When a request to "deliver mail now" arrives,
Postfix will attempt to deliver all recipients in the queue files
that have mail for the destination in question. This does not
perform well when queue files have recipients in many different
domains. </p>
perform well with queue files that have recipients in many different
domains, such as queue files with outbound mailing list traffic.
</p>
<li> <p> The flush(8) daemon maintains per-destination logfiles
only for destinations listed with $fast_flush_domains. With other
destinations it not possible to trigger delivery with "sendmail
destinations you cannot request delivery with "sendmail
-qR<i>destination</i>" or, with Postfix version 1.1 and later,
"postqueue -s<i>destination</i>". </p>
@@ -166,6 +164,11 @@ does not ignore the volatile in-memory list of dead domains, and
the list of message delivery transports specified with the
defer_transports configuration parameter. </p>
<li> <p> Up to and including Postfix version 2.3, the "fast flush"
service may not deliver some messages if the request to "deliver
mail now" arrives while an incoming queue scan is already in progress.
</p>
</ul>
<h2><a name="config">Configuring the Postfix fast ETRN service</a></h2>
@@ -302,9 +305,9 @@ boldface: </p>
<blockquote>
<pre>
220 my.server.tld ESMTP Postfix
<b>helo my.client.tld</b>
<b>HELO my.client.tld</b>
250 Ok
<b>etrn some.customer.domain</b>
<b>ETRN some.customer.domain</b>
250 Queuing started
</pre>
</blockquote>
@@ -338,9 +341,9 @@ commands that you type: </p>
<blockquote>
<pre>
220 my.server.tld ESMTP Postfix
<b>helo my.client.tld</b>
<b>HELO my.client.tld</b>
250 Ok
<b>etrn some.other.customer.domain</b>
<b>ETRN some.other.customer.domain</b>
250 Queuing started
</pre>
</blockquote>
@@ -356,9 +359,9 @@ server has mail queued for that destination. </p>
<blockquote>
<pre>
220 my.server.tld ESMTP Postfix
<b>helo my.client.tld</b>
<b>HELO my.client.tld</b>
250 Ok
<b>etrn not.a.customer.domain</b>
<b>ETRN not.a.customer.domain</b>
459 &lt;not.a.customer.domain&gt;: service unavailable
</pre>
</blockquote>

62
postfix/proto/FILTER_README.html
View File

@@ -71,7 +71,8 @@ mail. Applications that use two separate Postfix instances will
be covered by a later version of this document. </p>
<p> The after-queue content filter is not to be confused with the
approach that is described in the SMTPD_PROXY_README document,
approaches described in the SMTPD_PROXY_README or MILTER_README
documents,
where incoming SMTP mail is filtered BEFORE it is stored into the
Postfix queue. </p>
@@ -125,16 +126,18 @@ all email, as well as several options to filter mail selectively: </p>
<h2><a name="principles">Principles of operation</a> </h2>
<p> An external content filter receives unfiltered mail from Postfix
(as described further below) and does one of the following: </p>
<p> An after-queue content filter receives unfiltered mail from Postfix
(as described further below) and can do one of the following: </p>
<ol>
<li> <p> Re-inject the mail back into Postfix, perhaps after changing
content and/or destination. </p>
<li> <p> Discard or quarantine the mail. </p>
<li> <p> Reject the mail (by sending a suitable status code back to
Postfix). Postfix will return the mail to the sender. </p>
Postfix). Postfix will send the mail back to the sender address. </p>
</ol>
@@ -146,7 +149,8 @@ suspect so that a human can decide what to do with it. </p>
<h2><a name="simple_filter">Simple content filter example</a></h2>
<p> The first example is simple to set up. Postfix receives
<p> The first example is simple to set up, but has major limitations
that will be addressed in a second example. Postfix receives
unfiltered mail from the network with the smtpd(8) server, and
delivers unfiltered mail to a content filter with the Postfix
pipe(8) delivery agent. The content filter injects filtered mail
@@ -282,21 +286,23 @@ document for an introduction to the Postfix architecture. </p>
<ul>
<li> <p> Line 8: The -G option does nothing before Postfix 2.3,
otherwise it disables address rewriting of message headers. </p>
<li> <p> Line 8: The -G option says the filter output is not a local
mail submission: don't do silly things like appending the local
domain name to addresses in message headers. This option does
nothing before Postfix version 2.3. </p>
<li> <p> Line 8: The -i option says don't stop reading input when
a line contains "." only. </p>
<li> <p> Line 8: NEVER NEVER NEVER use the "-t" command-line option
here. It will mis-deliver mail, like sending mailing list mail back
to the mailing list. </p>
here. It will mis-deliver mail, like sending messages from a mailing
list back to the mailing list. </p>
<li> <p> Line 21: The idea is to first capture the message to
file and then run the content through a third-party content filter
program. </p>
<li> <p> Line 22: If the mail cannot be captured to file, mail
<li> <p> Line 22: If the message cannot be captured to file, mail
delivery is deferred by terminating with exit status 75 (EX_TEMPFAIL).
Postfix places the message in the deferred mail queue and tries
again later. </p>
@@ -306,13 +312,14 @@ program here that receives the content on standard input. </p>
<li> <p> Line 26: If the content filter program finds a problem,
the mail is bounced by terminating with exit status 69 (EX_UNAVAILABLE).
Postfix will return the message to the sender as undeliverable.
Postfix will send the message back to the sender as undeliverable
mail.
</p>
<li> <p> Note: in this time of mail worms and spam, it is a BAD
<li> <p> NOTE: in this time of mail worms and spam, it is a BAD
IDEA to send known viruses or spam back to the sender, because that
address is likely to be forged. It is safer to discard known to be
bad content and to quarantine suspicious content so that it can
address is likely to be forged. It is safer to discard known viruses
and to quarantine suspicious content so that it can
be inspected by a human being. </p>
<li> <p> Line 28: If the content is OK, it is given as input to
@@ -331,7 +338,7 @@ as input: </p>
<blockquote>
<pre>
% /path/to/script -f sender recipient... &lt;message-file
% /path/to/script -f sender -- recipient... &lt;message-file
</pre>
</blockquote>
@@ -381,7 +388,7 @@ entry that defines the Postfix SMTP server: </p>
-o content_filter=filter:dummy
</pre>
<p> The "content_filter" line causes Postfix to add one content
<p> The "-o content_filter" line causes Postfix to add one content
filter request record to each incoming mail message, with content
"filter:dummy". This record overrides the normal mail routing
and causes mail to be given to the content filter instead. </p>
@@ -432,7 +439,7 @@ content_filter=filter:dummy" text from the entry that defines the
Postfix SMTP server. </p>
<li> <p> Execute "<b>postsuper -r ALL</b>" to remove content
filter information from existing queue files. </p>
filter request records from existing queue files. </p>
<li> <p> Execute another "<b>postfix reload</b>". </p>
@@ -553,7 +560,9 @@ document for an introduction to the Postfix architecture. </p>
<p> The example given here filters all mail, including mail that
arrives via SMTP and mail that is locally submitted via the Postfix
sendmail command. See examples near the end of this document for
sendmail command (local submissions enter Postfix via the pickup(8)
server; to keep the figure simple we omit local submission details).
See examples near the end of this document for
how to exclude local users from filtering, or how to configure a
destination dependent content filter. </p>
@@ -638,7 +647,7 @@ for more information. </p>
<li> <p> The "-o disable_mime_output_conversion=yes" is a workaround
that prevents the breaking of domainkeys and other digital signatures.
This is needed because some SMTP-based content filters don't announce
8BITMIME support, even though they can handle it just fine. </p>
8BITMIME support, even though they can handle 8-bit mail. </p>
<li> <p> The "-o smtp_generic_maps=" is a workaround that prevents
local address rewriting with generic(5) maps. Such rewriting should
@@ -672,6 +681,10 @@ shell and home directory. This user handles all potentially
dangerous mail content - that is why it should be a separate account.
</p>
<li> <p> By default, Postfix will terminate a command that runs
longer than command_time_limit seconds (default: 1000s). This is a
safety measure that prevents filters from running forever. </p>
</ul>
<p> If you want to have your filter listening on port localhost:10025
@@ -711,15 +724,14 @@ that injects mail back into Postfix. </p>
<ul>
<li> <p> Note: do not use spaces around the "=" or "," characters. </p>
<li> <p> NOTE: do not use spaces around the "=" or "," characters. </p>
<li> <p> Note: the SMTP server must not have a smaller process
<li> <p> NOTE: the SMTP server must not have a smaller process
limit than the "filter" master.cf entry. </p>
<li> <p> The "-o content_filter=" overrides main.cf settings, and
requests no content filtering for mail from the content filter.
This is required or else mail will stay in the content filtering
loop. </p>
This is required or else mail will loop. </p>
<li> <p> The "-o receive_override_options" overrides main.cf settings
to avoid duplicating work that was already done before the content
@@ -737,7 +749,7 @@ specified in main.cf: </p>
<li> <p> We specify "no_milters" to disable Milter applications
(this option is available only in Postfix 2.3 and later). </p>
<li> <p> We don't specify "no_address_mapping" here. This
<li> <p> We don't specify "no_address_mappings" here. This
enables virtual alias expansion, canonical mappings, address
masquerading, and other address mappings after the content
filter. The main.cf setting of "receive_override_options"
@@ -794,7 +806,7 @@ when content filtering is turned off. </p>
</blockquote>
<li> <p> Execute "<b>postsuper -r ALL</b>" to remove content
filter information from existing queue files. </p>
filter request records from existing queue files. </p>
<li> <p> Execute another "<b>postfix reload</b>". </p>

2
postfix/proto/LDAP_README.html
View File

@@ -350,7 +350,7 @@ assume for the moment that groups never have a "maildrop" (the "bgroup"
</blockquote>
<p> Note: if the desired member object result attribute is always also
present in the group, you get suprising results, the expansion also
present in the group, you get surprising results, the expansion also
returns the address of the group. This is a known limitation of Postfix
releases prior to 2.4, and is addressed in the new with Postfix 2.4
"leaf_result_attribute" feature described in ldap_table(5). </p>

2
postfix/proto/MACOSX_README
View File

@@ -1,2 +0,0 @@
See the files in auxiliary/MacOSX for hints and tips to set up
Postfix.

115
postfix/proto/MILTER_README.html
View File

@@ -28,9 +28,13 @@ this happens before mail is queued. </p>
<p> The reason for adding Milter support to Postfix is that there
exists a large collection of applications, not only to block unwanted
mail, but also to verify authenticity (examples: <a
href="http://sourceforge.net/projects/dkim-milter/">Domain keys
identified mail</a>, <a
href="http://sourceforge.net/projects/sid-milter/">SenderID+SPF</a> and
<a href="http://sourceforge.net/projects/dk-milter/">Domain keys</a>)
or to digitally sign mail (example: <a
or to digitally sign mail (examples: <a
href="http://sourceforge.net/projects/dkim-milter/">Domain keys
identified mail</a>, <a
href="http://sourceforge.net/projects/dk-milter/">Domain keys</a>).
Having yet another Postfix-specific version of all that software
is a poor use of human and system resources. </p>
@@ -202,14 +206,14 @@ does. </p>
<p> On some Linux and *BSD distributions, the Sendmail libmilter
library is installed by default. With this, applications such as
<a href="http://sourceforge.net/projects/dk-milter/">dk-milter</a>
<a href="http://sourceforge.net/projects/dkim-milter/">dkim-milter</a>
and <a href="http://sourceforge.net/projects/sid-milter/">sid-milter</a>
build out of the box without requiring any tinkering:</p>
<blockquote>
<pre>
$ <b>gzcat dk-milter-<i>x.y.z</i>.tar.gz | tar xf -</b>
$ <b>cd dk-milter-<i>x.y.z</i></b>
$ <b>gzcat dkim-milter-<i>x.y.z</i>.tar.gz | tar xf -</b>
$ <b>cd dkim-milter-<i>x.y.z</i></b>
$ <b>make</b>
[...<i>lots of output omitted</i>...]
</pre>
@@ -260,7 +264,7 @@ for options. A typical command looks like this:</p>
<blockquote>
<pre>
# <b>/some/where/dk-filter -u <i>userid</i> -p inet:<i>portnumber</i>@localhost ...<i>other options</i>...</b>
# <b>/some/where/dkim-filter -u <i>userid</i> -p inet:<i>portnumber</i>@localhost ...<i>other options</i>...</b>
</pre>
</blockquote>
@@ -652,23 +656,70 @@ X-SenderID: Sendmail Sender-ID Filter vx.y.z host.example.com &lt;unknown-msgid&
</pre>
</blockquote>
<p> This happens because some Milter applications expect that the
<p> This happens because those Milter applications expect that the
queue ID is known <i>before</i> the MTA accepts the MAIL FROM
(sender) command. Postfix, on the other hand, does not choose a
queue file name until <i>after</i> it accepts the first valid RCPT
TO (recipient) command. Postfix queue file names must be unique
TO (recipient) command (Postfix queue file names must be unique
across multiple directories, so the name can't be chosen before the
file is created. If multiple messages were to use the same queue
ID <i>simultaneously</i>, mail would be lost. </p>
file is created; if multiple messages were to use the same queue
ID <i>simultaneously</i>, mail would be lost). </p>
<p> To work around the ugly message header from Milter applications,
we add a little code to the Milter source to look up the queue ID
after Postfix receives the end of the message. </p>
</ul>
<p> Fixing the ugly header maybe as simple as upgrading to a recent
version of the Milter application. For example, current versions
of dkim-filter and dk-filter have code that looks up the Postfix
queue ID at a later protocol stage. </p>
<p> To fix the ugly message header with sid-filter applications,
we change the source code, so that it does the queue ID lookup after
Postfix receives the end of the message. </p>
<ul>
<li> <p> Edit the filter source file (named
<tt>sid-filter/sid-filter.c</tt>). </p>
<li> <p> Look up the <tt>smfilter</tt> table and replace
<tt>mlfi_eoh</tt> by <tt>NULL</tt>.
</p>
<li> <p> Look up the <tt>mlfi_eom()</tt> function and add code near
the top that calls <tt>mlfi_eoh()</tt> as shown by the <b>bold</b>
text below: </p>
</ul>
<blockquote>
<pre>
assert(ctx != NULL);
#endif /* !DEBUG */
<b>
ret = mlfi_eoh(ctx);
if (ret != SMFIS_CONTINUE)
return ret;</b>
</pre>
</blockquote>
<p> NOTES: </p>
<ul>
<li> <p> This was tested with sid-milter-0.2.10 and sid-milter-0.2.14. </p>
<li> <p> This fixes only the ugly message header, but not the WARNING
message. Fortunately, sid-milter logs that message only once. </p>
</ul>
<p> To fix the ugly message header with other Milter applications,
you will need to do something like this: </p>
<ul>
<li> <p> Edit the filter source file (typically named
<tt>dk-filter/dk-filter.c</tt> or similar). </p>
<tt>xxx-filter/xxx-filter.c</tt> or similar). </p>
<li> <p> Look up the <tt>mlfi_eom()</tt> function and add code near
the top shown as <b>bold</b> text below: </p>
@@ -700,43 +751,7 @@ variables. If the above code does not compile, look for the code
at the start of the <tt>mlfi_eoh()</tt> routine. </p>
<li> <p> This fixes only the ugly message header, but not the WARNING
message. Fortunately, dk-filter logs that message only once. </p>
</ul>
<p> With some Milter applications we can fix both the WARNING and
the "unknown-msgid" by postponing the call of <tt>mlfi_eoh()</tt>
(or whatever routine logs the WARNING) until the end of the message.
</p>
<ul>
<li> <p> Edit the filter source file (typically named
<tt>sid-filter/sid-filter.c</tt> or similar). </p>
<li> <p> Look up the <tt>smfilter</tt> table and replace
<tt>mlfi_eoh</tt> (or whatever routine logs the WARNING) by NULL.
</p>
<li> <p> Look up the <tt>mlfi_eom()</tt> function and add code near
the top that calls <tt>mlfi_eoh()</tt> as shown by the <b>bold</b>
text below: </p>
</ul>
<blockquote>
<pre>
assert(ctx != NULL);
#endif /* !DEBUG */
<b>
ret = mlfi_eoh(ctx);
if (ret != SMFIS_CONTINUE)
return ret;</b>
</pre>
</blockquote>
<p> This works with sid-milter-0.2.10. Other Milter applications
will dump core when you do this. </p>
message. Fortunately, many Milters log that message only once. </p>
</ul>

6
postfix/proto/Makefile.in
View File

@@ -15,7 +15,6 @@ HTML = ../html/ADDRESS_CLASS_README.html \
../html/CDB_README.html \
../html/CONNECTION_CACHE_README.html \
../html/CONTENT_INSPECTION_README.html \
../html/CYRUS_README.html \
../html/DATABASE_README.html ../html/DB_README.html \
../html/DEBUG_README.html \
../html/DSN_README.html \
@@ -37,7 +36,7 @@ HTML = ../html/ADDRESS_CLASS_README.html \
../html/STANDARD_CONFIGURATION_README.html \
../html/TLS_README.html ../html/TLS_LEGACY_README.html \
../html/TUNING_README.html \
../html/UUCP_README.html ../html/ULTRIX_README.html \
../html/UUCP_README.html \
../html/VERP_README.html ../html/VIRTUAL_README.html \
../html/XCLIENT_README.html ../html/XFORWARD_README.html \
../html/postconf.5.html
@@ -51,7 +50,6 @@ README = ../README_FILES/ADDRESS_CLASS_README \
../README_FILES/CDB_README \
../README_FILES/CONNECTION_CACHE_README \
../README_FILES/CONTENT_INSPECTION_README \
../README_FILES/CYRUS_README \
../README_FILES/DATABASE_README ../README_FILES/DB_README \
../README_FILES/DEBUG_README \
../README_FILES/DSN_README \
@@ -73,7 +71,7 @@ README = ../README_FILES/ADDRESS_CLASS_README \
../README_FILES/STANDARD_CONFIGURATION_README \
../README_FILES/TLS_README ../README_FILES/TLS_LEGACY_README \
../README_FILES/TUNING_README \
../README_FILES/UUCP_README ../README_FILES/ULTRIX_README \
../README_FILES/UUCP_README \
../README_FILES/VERP_README ../README_FILES/VIRTUAL_README \
../README_FILES/XCLIENT_README ../README_FILES/XFORWARD_README \
../README_FILES/AAAREADME

4
postfix/proto/PACKAGE_README.html
View File

@@ -27,8 +27,8 @@ Postfix distributions for general use. </p>
file</h2>
<p> The installed main.cf file must be small. PLEASE resist the
temptation to list all 400+ parameters in the main.cf file. Postfix
is supposed to be easy to configure. Listing all 400+ in main.cf
temptation to list all parameters in the main.cf file. Postfix
is supposed to be easy to configure. Listing all parameters in main.cf
defeats the purpose. It is an invitation for hobbyists to make
random changes without understanding what they do, and gets them
into endless trouble. </p>

2
postfix/proto/SMTPD_POLICY_README.html
View File

@@ -164,7 +164,7 @@ etrn_domain=
These attributes are empty in case of no certificate authentication.
As of Postfix 2.2.11 these attribute values are encoded as
xtext: some characters are represented by +XX, where XX is the
two-digit hecadecimal representation of the character value.
two-digit hexadecimal representation of the character value.
</p>
<li> <p> The "encryption_*" attributes (Postfix 2.3 and later)

89
postfix/proto/TUNING_README.html
View File

@@ -224,8 +224,8 @@ seconds or $smtpd_error_sleep_time, whichever is more. </p>
<h2><a name="conn_limit">Measures against clients that make too many connections</a></h2>
<p> Note: the anvil(8) service was introduced with Postfix version
2.2. </p>
<p> Note: these features use the Postfix anvil(8) service, introduced
with Postfix version 2.2. </p>
<p> The Postfix smtpd(8) server can limit the number of simultaneous
connections from the same SMTP client, as well as the number of
@@ -233,34 +233,47 @@ connections that a client is allowed to make per unit time.
These statistics are maintained by the anvil(8) server (translation:
if anvil(8) breaks, then connection limits stop working). </p>
<p> IMPORTANT: These limits are designed to protect the smtpd(8) server
against flagrant abuse. Do not use these limits to regulate legitimate
traffic: mail will suffer grotesque delays if you do so. </p>
<p> IMPORTANT: These limits must not be used to regulate legitimate
traffic: mail will suffer grotesque delays if you do so. The limits
are designed to protect the smtpd(8) server against abuse by
out-of-control clients. </p>
<ul>
<blockquote>
<li> <p> An SMTP client may make up to $smtpd_client_connection_count_limit
simultaneous connections (default: 50). This is half the default
process limit. </p>
<dl>
<li> <p> An SMTP client may make up to $smtpd_client_message_rate_limit
message delivery requests per unit time (default: no limit). </p>
<dt> smtpd_client_connection_count_limit (default: 50) </dt> <dd>
The maximum number of connections than an SMTP client may make
simultaneously. </dd>
<li> <p> An SMTP client may send up to $smtpd_client_recipient_rate_limit
recipient addresses per unit time (default: no limit). </p>
<dt> smtpd_client_connection_rate_limit (default: no limit) </dt>
<dd> The maximum number of connections that an SMTP client may make
in the time interval specified with anvil_rate_time_unit (default:
60s). </dd>
<li> <p> An SMTP client may make up to $smtpd_client_connection_rate_limit
connections per unit time (default: no limit). </p>
<dt> smtpd_client_message_rate_limit (default: no limit) </dt> <dd>
The maximum number of message delivery requests that an SMTP client
may make in the time interval specified with anvil_rate_time_unit
(default: 60s). </dd>
<li> <p> These limits are not applied to SMTP clients in the networks
specified with $smtpd_client_event_limit_exceptions (default:
clients in $mynetworks may make an unlimited number of connections).
<dt> smtpd_client_recipient_rate_limit (default: no limit) </dt>
<dd> The maximum number of recipient addresses that an SMTP client
may specify in the time interval specified with anvil_rate_time_unit
(default: 60s). </dd>
<li> <p> The anvil_rate_time_unit parameter specifies the time
unit over which client connection rates are computed (default:
60s).
<dt> smtpd_client_new_tls_session_rate_limit (default: no limit)
</dt> <dd> The maximum number of new TLS sessions (without using
the TLS session cache) that an SMTP client may negotiate in the
time interval specified with anvil_rate_time_unit (default: 60s).
</dd>
</ul>
<dt> smtpd_client_event_limit_exceptions (default: $mynetworks)
</dt> <dd> SMTP clients that are excluded from connection and rate
limits specified above. </dd>
</dl>
</blockquote>
<h2><a name="mailing_tips">General mail delivery performance tips</a></h2>
@@ -360,7 +373,7 @@ is not useful. Another good reason to limit delivery concurrency
to the same recipient: if the recipient has an expensive shell
command in her .forward file, or if the recipient is a mailing list
manager, you don't want to run too many instances of those processes
the same time. </p>
at the same time. </p>
<li> <p> The default smtp_destination_concurrency_limit of 20 seems
enough to noticeably load a system without bringing it to its knees.
@@ -465,10 +478,12 @@ some amount of time. </p>
<dl>
<dt> queue_run_delay (default: 1000 seconds) </dt> <dd> How often
<dt> queue_run_delay (default: 300 seconds; before Postfix 2.4:
1000s) </dt> <dd> How often
the queue manager scans the queue for deferred mail. </dd>
<dt> minimal_backoff_time (default: 1000 seconds) </dt> <dd> The
<dt> minimal_backoff_time (default: 300 seconds; before Postfix
2.4: 1000s) </dt> <dd> The
minimal amount of time a message won't be looked at, and the minimal
amount of time to stay away from a "dead" destination. </dd>
@@ -519,7 +534,8 @@ that usually requires timing out one or more SMTP connections. </p>
always better than increasing the frequency of delivery attempts.
However, if you can control only the delivery attempt frequency,
consider using a dedicated fallback_relay "graveyard" machine for
bad destinations so that they do not ruin the performance of normal
bad destinations, so that these destinations do not ruin the
performance of normal
mail deliveries. </p>
<h2><a name="proc_limit">Tuning the number of Postfix processes</a></h2>
@@ -573,6 +589,20 @@ errors. </p>
<ul>
<li> <p> Depending on your Postfix and operating system versions
you may need to recompile Postfix if you need more than 1024 file
descriptors per process: </p>
<ul> <li> <p> No recompilation is needed for Postfix version 2.4
and later, when it was compiled for systems that support BSD kqueue(2)
(FreeBSD 4.1, NetBSD 2.0, OpenBSD 2.9), Solaris 8 /dev/poll, or
Linux 2.6 epoll(4). </p>
<li> <p> Otherwise, Postfix needs to be recompiled to override the
default FD_SETSIZE value. </p>
</ul>
<li> <p> Reduce the number of processes as described under "<a
href="#proc_limit">Tuning the number of Postfix processes</a>" above.
Fewer processes need fewer open files and sockets. </p>
@@ -585,7 +615,8 @@ with your system tuning guide: </p>
<ul>
<li> <p> Some FreeBSD kernel parameters can be specified in
/boot/loader.conf, and some can be changed with sysctl commands.
/boot/loader.conf, and some can be specified in /etc/sysctl.conf
or changed with sysctl commands.
Which is which depends on the version.
</p>
@@ -598,7 +629,7 @@ kern.maxfilesperproc="16384"
</pre>
<li> <p> Linux kernel parameters can be specified in /etc/sysctl.conf
and can also be changed with sysctl commands: </p>
or changed with sysctl commands: </p>
<pre>
fs.file-max=16384
@@ -607,7 +638,7 @@ kernel.threads-max=2048
<li> <p> Solaris kernel parameters can be specified in /etc/system,
as described in the <a
href="http://www.science.uva.nl/pub/solaris/solaris2.html#q3.46">Solaris
href="http://www.science.uva.nl/pub/solaris/solaris2.html#q3.48">Solaris
FAQ</a> entry titled "How can I increase the number of file
descriptors per process?" </p>

71
postfix/proto/ULTRIX_README.html
View File

@@ -1,71 +0,0 @@
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Postfix and Ultrix </title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
</head>
<body>
<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix and Ultrix </h1>
<hr>
<h2> Postfix on Ultrix </h2>
<p> This document is probably only of historical value, because
Ultrix version 4 dates from the early 1990s. However, as long as
Wietse keeps Postfix alive for SunOS 4, it is likely to run on
Ultrix 4 with very little change. Feedback is welcome if anyone
actually still uses Postfix on any version of Ultrix. </p>
<p> The source of this document is an email message by Christian von Roques
that was sent on Jun 2, 1999. </p>
<blockquote>
<p> I've upgraded the MTA of our DECstation-3100 running Ultrix4.3a to
postfix-19990317-pl05 and am sending you the patches I needed to get
it running under Ultrix. </p>
<p> . . . </p>
<p> One of the bugs of Ultrix's /bin/sh is that shell-variables
set in arguments of `:' expand to garbage if expanded in here-documents.
Using a different shell helps. I needed to replace all calls of
``sh .../makedefs'' by ``$(SHELL) .../makedefs'' in all the
Makefile.in and am now able to use ``make SHELL=/bin/sh5'' or zsh.
<p> . . . </p>
<p> Ultrix's FD_SET_SIZE is 4096, but getdtablesize()
returns 64 by default, if not increased when building a new
kernel. getrlimit() doesn't know RLIMIT_NOFILE. This makes
event_init() always log the warning: `could allocate space for
only 64 open files'. </p>
<p> I just reduced the threshold from 256 to 64, but this is not good.
The initial problem still remains: How to disable this warning on
Ultrix without making the source ugly? </p>
</blockquote>
<p> To work around the first problem, all the Makefile.in files
have been updated to use `$(SHELL)' instead of `sh'. So you only
need to supply a non-default shell in order to eliminate Ultrix
shell trouble. </p>
<p> To work around the latter, util/sys_defs.h was updated for
Ultrix, with a default FD_SETSIZE of 100. This should be sufficient
for a workstation. Even in 1999, no-one would run a major mail hub
on Ultrix 4. </p>
</body>
</html>

10
postfix/proto/access
View File

@@ -10,10 +10,10 @@
#
# \fBpostmap -q - /etc/postfix/access <\fIinputfile\fR
# DESCRIPTION
# The Postfix SMTP server supports access control on remote
# SMTP client information: host names, network addresses, and
# envelope sender
# or recipient addresses. See \fBheader_checks\fR(5) or
# This document describes access control on remote SMTP client
# information: host names, network addresses, and envelope
# sender or recipient addresses; it is implemented by the
# Postfix SMTP server. See \fBheader_checks\fR(5) or
# \fBbody_checks\fR(5) for access control on the content of
# email messages.
#
@@ -244,7 +244,7 @@
# More information
# about external content filters is in the Postfix FILTER_README file.
# .sp
# Note: this action overrides the \fBmain.cf content_filter\fR setting,
# Note: this action overrides the \fBcontent_filter\fR setting,
# and currently affects all recipients of the message.
# .sp
# This feature is available in Postfix 2.0 and later.

46
postfix/proto/header_checks
View File

@@ -2,7 +2,7 @@
# NAME
# header_checks 5
# SUMMARY
# Postfix built-in header/body inspection
# Postfix built-in content inspection
# SYNOPSIS
# \fBheader_checks = pcre:/etc/postfix/header_checks\fR
# .br
@@ -16,8 +16,9 @@
# .br
# \fBpostmap -fq - pcre:/etc/postfix/\fIfilename\fR <\fIinputfile\fR
# DESCRIPTION
# The Postfix \fBcleanup\fR(8) server supports access control
# on the content of message headers and message body lines.
# This document describes access control on the content of
# message headers and message body lines; it is implemented
# by the Postfix cleanup(8) server before mail is queued.
# See \fBaccess\fR(5) for access control on remote SMTP client
# information.
#
@@ -84,16 +85,17 @@
# .IP "\fBif /\fIpattern\fB/\fIflags\fR"
# .IP "\fBendif\fR"
# Match the input string against the patterns between \fBif\fR
# and \fBendif\fR, if and only if the input string also matches
# \fIpattern\fR. The \fBif\fR..\fBendif\fR can nest.
# and \fBendif\fR, if and only if the same input string also
# matches \fIpattern\fR. The \fBif\fR..\fBendif\fR can nest.
# .sp
# Note: do not prepend whitespace to patterns inside
# \fBif\fR..\fBendif\fR.
# .IP "\fBif !/\fIpattern\fB/\fIflags\fR"
# .IP "\fBendif\fR"
# Match the input string against the patterns between \fBif\fR
# and \fBendif\fR, if and only if the input string does \fBnot\fR
# match \fIpattern\fR. The \fBif\fR..\fBendif\fR can nest.
# and \fBendif\fR, if and only if the same input string does
# \fBnot\fR match \fIpattern\fR. The \fBif\fR..\fBendif\fR
# can nest.
# .IP "blank lines and comments"
# Empty lines and whitespace-only lines are ignored, as
# are lines whose first non-whitespace character is a `#'.
@@ -172,13 +174,13 @@
# .sp
# This feature is available in Postfix 2.1 and later.
# .IP "\fBFILTER \fItransport:destination\fR"
# Write a content filter request to the queue file and
# Write a content filter request to the queue file, and
# inspect the next input line.
# After the complete message is received it will be sent through
# the specified external content filter. More information about
# external content filters is in the Postfix FILTER_README file.
# .sp
# Note: this action overrides the \fBmain.cf content_filter\fR setting,
# Note: this action overrides the \fBcontent_filter\fR setting,
# and affects all recipients of the message. In the case that multiple
# \fBFILTER\fR actions fire, only the last one is executed.
# .sp
@@ -203,10 +205,10 @@
# .sp
# This feature is available in Postfix 2.0 and later.
# .IP \fBIGNORE\fR
# Delete the current line from the input and inspect
# Delete the current line from the input, and inspect
# the next input line.
# .IP "\fBPREPEND \fItext...\fR"
# Prepend one line with the specified text and inspect the next
# Prepend one line with the specified text, and inspect the next
# input line.
# .sp
# Notes:
@@ -228,7 +230,7 @@
# .IP
# This feature is available in Postfix 2.1 and later.
# .IP "\fBREDIRECT \fIuser@domain\fR"
# Write a message redirection request to the queue file and
# Write a message redirection request to the queue file, and
# inspect the next input line. After the message is queued,
# it will be sent to the specified address instead of the
# intended recipient(s).
@@ -239,7 +241,7 @@
# .sp
# This feature is available in Postfix 2.1 and later.
# .IP "\fBREPLACE \fItext...\fR"
# Replace the current line with the specified text and inspect the next
# Replace the current line with the specified text, and inspect the next
# input line.
# .sp
# This feature is available in Postfix 2.2 and later. The
@@ -270,19 +272,25 @@
# "5.7.1".
# .IP "\fBWARN \fIoptional text...\fR
# Log a warning with the \fIoptional text...\fR (or log a
# generic message) and inspect the next input line. This
# generic message), and inspect the next input line. This
# action is useful for debugging and for testing a pattern
# before applying more drastic actions.
# BUGS
# Many people overlook the main limitations of header and body_checks
# rules. These rules operate on one logical message header or one body
# line at a time, and a decision made for one line is not carried over
# to the next line. If text in the message body is encoded
# rules.
# .IP \(bu
# These rules operate on one logical message header or one body
# line at a time. A decision made for one line is not carried over
# to the next line.
# .IP \(bu
# If text in the message body is encoded
# (RFC 2045) then the rules have to specified for the encoded
# form. Likewise, when message headers are encoded (RFC
# form.
# .IP \(bu
# Likewise, when message headers are encoded (RFC
# 2047) then the rules need to be specified for the encoded
# form.
#
# .PP
# Message headers added by the \fBcleanup\fR(8) daemon itself
# are excluded from inspection. Examples of such message headers
# are \fBFrom:\fR, \fBTo:\fR, \fBMessage-ID:\fR, \fBDate:\fR.

4
postfix/proto/ldap_table
View File

@@ -340,7 +340,7 @@
# .ti +4
# terminal_result_attribute = maildrop
#
# This feature is available with Postfix >= 2.4.
# This feature is available with Postfix 2.4 or later.
# .IP "\fBleaf_result_attribute (default: empty)\fR"
# When one or more special result attributes are found in a non-terminal
# (see above) LDAP entry, leaf result attributes are excluded from the
@@ -368,7 +368,7 @@
# leaf_result_attribute = mail
# .in -4
#
# This feature is available with Postfix >= 2.4.
# This feature is available with Postfix 2.4 or later.
# .IP "\fBscope (default: sub)\fR"
# The LDAP search scope: \fBsub\fR, \fBbase\fR, or \fBone\fR.
# These translate into LDAP_SCOPE_SUBTREE, LDAP_SCOPE_BASE,

26
postfix/proto/postconf.proto
View File

@@ -2622,17 +2622,18 @@ Specify 0 when mail delivery should be tried only once.
The maximal size in bytes of a message, including envelope information.
</p>
%PARAM minimal_backoff_time version dependent
%PARAM minimal_backoff_time 300s
<p>
The minimal time between attempts to deliver a deferred message;
prior to Postfix 2.4 the default value was 1000s.
</p>
<p>
The minimal time between attempts to deliver a deferred message.
This parameter also limits the time an unreachable destination is
kept in the short-term, in-memory, destination status cache.
</p>
<p> With Postfix 2.4 the default value was reduced from 1000s to
300s. </p>
<p> This parameter should be set greater than or equal to
$queue_run_delay. See also $maximal_backoff_time. </p>
@@ -3076,14 +3077,11 @@ With Postfix versions 2.0 and earlier, a queue_minfree value of
zero means there is no minimum required amount of free space.
</p>
%PARAM queue_run_delay version dependent
%PARAM queue_run_delay 300s
<p>
The time between deferred queue scans by the queue manager.
</p>
<p>
With Postfix 2.4 the default value was reduced from 1000s to 300s.
The time between deferred queue scans by the queue manager;
prior to Postfix 2.4 the default value was 1000s.
</p>
<p> This parameter should be set less than or equal to
@@ -6491,8 +6489,8 @@ are calculated.
</p>
<p>
This feature is implemented by the anvil(8) service which is not
part of the stable Postfix version 2.1 release.
This feature is implemented by the anvil(8) service which is available
in Postfix version 2.2 and later.
</p>
<p>
@@ -9631,7 +9629,7 @@ and higher the optional "ciphers" attribute overrides the main.cf
smtp_tls_mandatory_ciphers parameter and the optional "protocols"
keyword overrides the main.cf smtp_tls_mandatory_protocols parameter.
In the policy table, multiple protocols must be separated by colons,
as attribute values may not contain whitespace or commas. </p>
as attribute values may not contain whitespace or commas. </dd>
<dt><b>verify</b></dt> <dd>Mandatory TLS verification. At this security
level, DNS MX lookups are trusted to be secure enough, and the name

7
postfix/src/global/dict_proxy.c
View File

@@ -91,6 +91,7 @@ static const char *dict_proxy_lookup(DICT *dict, const char *key)
VSTREAM *stream;
int status;
int count = 0;
int request_flags;
/*
* The client and server live in separate processes that may start and
@@ -101,6 +102,8 @@ static const char *dict_proxy_lookup(DICT *dict, const char *key)
*/
VSTRING_RESET(dict_proxy->result);
VSTRING_TERMINATE(dict_proxy->result);
request_flags = (dict_proxy->in_flags & DICT_FLAG_RQST_MASK)
| (dict->flags & DICT_FLAG_RQST_MASK);
for (;;) {
stream = clnt_stream_access(proxy_stream);
errno = 0;
@@ -108,7 +111,7 @@ static const char *dict_proxy_lookup(DICT *dict, const char *key)
if (attr_print(stream, ATTR_FLAG_NONE,
ATTR_TYPE_STR, MAIL_ATTR_REQ, PROXY_REQ_LOOKUP,
ATTR_TYPE_STR, MAIL_ATTR_TABLE, dict->name,
ATTR_TYPE_INT, MAIL_ATTR_FLAGS, dict_proxy->in_flags,
ATTR_TYPE_INT, MAIL_ATTR_FLAGS, request_flags,
ATTR_TYPE_STR, MAIL_ATTR_KEY, key,
ATTR_TYPE_END) != 0
|| vstream_fflush(stream)
@@ -122,7 +125,7 @@ static const char *dict_proxy_lookup(DICT *dict, const char *key)
if (msg_verbose)
msg_info("%s: table=%s flags=%s key=%s -> status=%d result=%s",
myname, dict->name,
dict_flags_str(dict_proxy->in_flags), key,
dict_flags_str(request_flags), key,
status, STR(dict_proxy->result));
switch (status) {
case PROXY_STAT_BAD:

4
postfix/src/global/mail_version.h
View File

@@ -20,8 +20,8 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
#define MAIL_RELEASE_DATE "20070320"
#define MAIL_VERSION_NUMBER "2.4.0-RC7"
#define MAIL_RELEASE_DATE "20070323"
#define MAIL_VERSION_NUMBER "2.4.0-RC8"
#ifdef SNAPSHOT
# define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE

2
postfix/src/global/mbox_open.c
View File

@@ -161,9 +161,9 @@ MBOX *mbox_open(const char *path, int flags, mode_t mode, struct stat * st,
*/
if ((fp = safe_open(path, flags | O_NONBLOCK, mode, st,
chown_uid, chown_gid, why->reason)) == 0) {
dsb_status(why, mbox_dsn(errno, def_dsn));
if (locked & MBOX_DOT_LOCK)
dot_unlockfile(path);
dsb_status(why, mbox_dsn(errno, def_dsn));
return (0);
}
close_on_exec(vstream_fileno(fp), CLOSE_ON_EXEC);

6
postfix/src/util/sys_defs.h
View File

@@ -208,6 +208,12 @@
#define NATIVE_NEWALIAS_PATH "/usr/bin/newaliases"
#define NATIVE_COMMAND_DIR "/usr/sbin"
#define NATIVE_DAEMON_DIR "/usr/libexec/postfix"
#ifndef NO_KQUEUE
# define EVENTS_STYLE EVENTS_STYLE_KQUEUE
# define USE_SYSV_POLL
#endif
#endif
/*