From 48a0b6fc2350ba76ecc548563119ae9b40c6719c Mon Sep 17 00:00:00 2001 From: Wietse Venema Date: Fri, 21 Mar 2014 00:00:00 -0500 Subject: [PATCH] postfix-2.12-20140321 --- postfix/HISTORY | 17 +- postfix/RELEASE_NOTES | 47 ++-- postfix/html/lmtp.8.html | 201 +++++++------- postfix/html/local.8.html | 91 +++---- postfix/html/pipe.8.html | 7 +- postfix/html/postconf.5.html | 252 ++++++++++-------- postfix/html/smtp.8.html | 201 +++++++------- postfix/html/virtual.8.html | 15 +- postfix/man/man5/postconf.5 | 214 ++++++++------- postfix/man/man8/local.8 | 7 +- postfix/man/man8/pipe.8 | 7 +- postfix/man/man8/smtp.8 | 7 +- postfix/man/man8/virtual.8 | 7 +- postfix/mantools/postlink | 12 +- postfix/proto/postconf.proto | 98 ++++--- postfix/src/global/Makefile.in | 38 +-- postfix/src/global/bounce.c | 18 +- postfix/src/global/bounce.h | 6 +- postfix/src/global/defer.c | 12 +- postfix/src/global/defer.h | 2 +- postfix/src/global/dsn_filter.c | 192 +++++++++++++ .../src/global/{ndr_filter.h => dsn_filter.h} | 16 +- postfix/src/global/mail_params.c | 6 +- postfix/src/global/mail_params.h | 34 +-- postfix/src/global/mail_version.h | 2 +- postfix/src/global/ndr_filter.c | 182 ------------- postfix/src/global/sent.c | 13 +- postfix/src/local/local.c | 11 +- postfix/src/master/Makefile.in | 8 +- postfix/src/master/event_server.c | 10 +- postfix/src/master/multi_server.c | 10 +- postfix/src/master/single_server.c | 10 +- postfix/src/master/trigger_server.c | 10 +- postfix/src/pipe/pipe.c | 11 +- postfix/src/smtp/lmtp_params.c | 2 +- postfix/src/smtp/smtp.c | 9 +- postfix/src/smtp/smtp_params.c | 2 +- postfix/src/virtual/virtual.c | 11 +- 38 files changed, 958 insertions(+), 840 deletions(-) create mode 100644 postfix/src/global/dsn_filter.c rename postfix/src/global/{ndr_filter.h => dsn_filter.h} (52%) delete mode 100644 postfix/src/global/ndr_filter.c diff --git a/postfix/HISTORY b/postfix/HISTORY index 5fbfbff68..c502ba6a9 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -19627,10 +19627,25 @@ Apologies for any names omitted. Feature: local_bounce_defer_filter support. Files: global/bounce.[hc], global/defer.[hc], local/command.c, local/file.c, local/bounce_workaround.c, local/local.c, - global/mail_params.h. + global/mail_params.h, mantools/postlink. 20140318 Refinement: don't throttle an SMTP destination when the new smtp_bounce_defer_filter feature turns a soft bounce into a hard bounce. File: smtp/smtp_trouble.c. + +20140320 + + Feature: support to replace successful delivery status code + and explanatory text. This can be used to to hide local + details such as destination commands or file names when a + remote sender requests confirmation of delivery. As of now + *_bounce_defer_filter is renamed into *_delivery_status_filter. + Files: global/bounce.c, global/bounce.h, global/defer.c, + global/defer.h, global/dsn_filter.c, global/dsn_filter.h, + global/mail_params.c, global/mail_params.h, global/sent.c, + local/local.c, master/event_server.c, master/multi_server.c, + master/single_server.c, master/trigger_server.c, pipe/pipe.c, + smtp/lmtp_params.c, smtp/smtp.c, smtp/smtp_params.c, + virtual/virtual.c, mantools/postlink. diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index 2d4cfb9a4..e56c6dc7a 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -16,42 +16,53 @@ specifies the release date of a stable release or snapshot release. If you upgrade from Postfix 2.10 or earlier, read RELEASE_NOTES-2.11 before proceeding. -Major changes with snapshot 20140318 +Major changes with snapshot 20140321 ==================================== -Support to change arbitrary hard delivery errors into soft errors -and vice versa, or to replace the descriptive text in non-delivery -notifications. This was originally implemented for sites that want -to bounce mail when no remote SMTP server supports STARTTLS. +Delivery status filter support, to replace the delivery status codes +and explanatory text of successful or unsuccessful deliveries. This +was originally implemented for sites that want to turn certain soft +delivery errors into hard delivery errors, but it can also be used +to censor out information from delivery confirmation reports. This feature is implemented as a filter that replaces the three-number enhanced status code and descriptive text in Postfix delivery agent -bounce/defer messages. Note: this will not override "soft_bounce=yes". +success, bounce, or defer messages. Note: this will not override +"soft_bounce=yes", and this will not change a successful delivery +status into an unsuccessful status or vice versa. -The following example turns specific soft TLS errors into hard +The first example turns specific soft TLS errors into hard errors, by overriding the first number in the enhanced status code. /etc/postfix/main.cf: - smtp_bounce_defer_filter = pcre:/etc/postfix/smtp_ndr_filter + smtp_delivery_status_filter = pcre:/etc/postfix/smtp_dsn_filter -/etc/postfix/smtp_ndr_filter: +/etc/postfix/smtp_dsn_filter: /^4(\.\d+\.\d+ TLS is required, but host \S+ refused to start TLS: .+)/ 5$1 /^4(\.\d+\.\d+ TLS is required, but was not offered by host .+)/ 5$1 +The second example removes the destination command name and file +name from local(8) successful delivery reports, so that they will +not be reported when a sender requests confirmation of delivery. + +/etc/postfix/main.cf: + local_delivery_status_filter = pcre:/etc/postfix/local_dsn_filter + +/etc/postfix/local_dsn_filter: + /^(2\S+ delivered to file).+/ $1 + /^(2\S+ delivered to command).+/ $1 + This feature is supported in the lmtp(8), local(8), pipe(8), smtp(8) and virtual(8) delivery agents. That is, all delivery agents that actually deliver mail. -This feature will not be supported in the error(8) or retry(8) dummy -delivery agents, because lots of things would break. - The new main.cf parameters and default values are: - default_bounce_defer_filter = - lmtp_bounce_defer_filter = $default_bounce_defer_filter - local_bounce_defer_filter = $default_bounce_defer_filter - pipe_bounce_defer_filter = $default_bounce_defer_filter - smtp_bounce_defer_filter = $default_bounce_defer_filter - virtual_bounce_defer_filter = $default_bounce_defer_filter + default_delivery_status_filter = + lmtp_delivery_status_filter = $default_delivery_status_filter + local_delivery_status_filter = $default_delivery_status_filter + pipe_delivery_status_filter = $default_delivery_status_filter + smtp_delivery_status_filter = $default_delivery_status_filter + virtual_delivery_status_filter = $default_delivery_status_filter See the postconf(5) manpage for more details. diff --git a/postfix/html/lmtp.8.html b/postfix/html/lmtp.8.html index bbbcc1a26..6a85843d1 100644 --- a/postfix/html/lmtp.8.html +++ b/postfix/html/lmtp.8.html @@ -292,9 +292,10 @@ SMTP(8) SMTP(8) Available in Postfix version 2.12 and later: - smtp_bounce_defer_filter ($default_bounce_defer_filter) - Optional filter to change arbitrary hard delivery errors into - soft errors and vice versa in the smtp(8) delivery agent. + smtp_delivery_status_filter ($default_delivery_status_filter) + Optional filter for the smtp(8) delivery agent to change the + delivery status code or explanatory text of successful or unsuc- + cessful deliveries. MIME PROCESSING CONTROLS Available in Postfix version 2.0 and later: @@ -312,7 +313,7 @@ SMTP(8) SMTP(8) Available in Postfix version 2.1 and later: smtp_send_xforward_command (no) - Send the non-standard XFORWARD command when the Postfix SMTP + Send the non-standard XFORWARD command when the Postfix SMTP server EHLO response announces XFORWARD support. SASL AUTHENTICATION CONTROLS @@ -320,62 +321,62 @@ SMTP(8) SMTP(8) Enable SASL authentication in the Postfix SMTP client. smtp_sasl_password_maps (empty) - Optional Postfix SMTP client lookup tables with one user- - name:password entry per remote hostname or domain, or sender + Optional Postfix SMTP client lookup tables with one user- + name:password entry per remote hostname or domain, or sender address when sender-dependent authentication is enabled. smtp_sasl_security_options (noplaintext, noanonymous) Postfix SMTP client SASL security options; as of Postfix 2.3 the - list of available features depends on the SASL client implemen- + list of available features depends on the SASL client implemen- tation that is selected with smtp_sasl_type. Available in Postfix version 2.2 and later: smtp_sasl_mechanism_filter (empty) - If non-empty, a Postfix SMTP client filter for the remote SMTP + If non-empty, a Postfix SMTP client filter for the remote SMTP server's list of offered SASL mechanisms. Available in Postfix version 2.3 and later: smtp_sender_dependent_authentication (no) Enable sender-dependent authentication in the Postfix SMTP - client; this is available only with SASL authentication, and - disables SMTP connection caching to ensure that mail from dif- + client; this is available only with SASL authentication, and + disables SMTP connection caching to ensure that mail from dif- ferent senders will use the appropriate credentials. smtp_sasl_path (empty) Implementation-specific information that the Postfix SMTP client - passes through to the SASL plug-in implementation that is + passes through to the SASL plug-in implementation that is selected with smtp_sasl_type. smtp_sasl_type (cyrus) - The SASL plug-in type that the Postfix SMTP client should use + The SASL plug-in type that the Postfix SMTP client should use for authentication. Available in Postfix version 2.5 and later: smtp_sasl_auth_cache_name (empty) - An optional table to prevent repeated SASL authentication fail- - ures with the same remote SMTP server hostname, username and + An optional table to prevent repeated SASL authentication fail- + ures with the same remote SMTP server hostname, username and password. smtp_sasl_auth_cache_time (90d) - The maximal age of an smtp_sasl_auth_cache_name entry before it + The maximal age of an smtp_sasl_auth_cache_name entry before it is removed. smtp_sasl_auth_soft_bounce (yes) - When a remote SMTP server rejects a SASL authentication request - with a 535 reply code, defer mail delivery instead of returning + When a remote SMTP server rejects a SASL authentication request + with a 535 reply code, defer mail delivery instead of returning mail as undeliverable. Available in Postfix version 2.9 and later: smtp_send_dummy_mail_auth (no) - Whether or not to append the "AUTH=<>" option to the MAIL FROM + Whether or not to append the "AUTH=<>" option to the MAIL FROM command in SASL-authenticated SMTP sessions. STARTTLS SUPPORT CONTROLS - Detailed information about STARTTLS configuration may be found in the + Detailed information about STARTTLS configuration may be found in the TLS_README document. smtp_tls_security_level (empty) @@ -385,20 +386,20 @@ SMTP(8) SMTP(8) smtp_tls_enforce_peername. smtp_sasl_tls_security_options ($smtp_sasl_security_options) - The SASL authentication security options that the Postfix SMTP + The SASL authentication security options that the Postfix SMTP client uses for TLS encrypted SMTP sessions. smtp_starttls_timeout (300s) - Time limit for Postfix SMTP client write and read operations + Time limit for Postfix SMTP client write and read operations during TLS startup and shutdown handshake procedures. smtp_tls_CAfile (empty) - A file containing CA certificates of root CAs trusted to sign - either remote SMTP server certificates or intermediate CA cer- + A file containing CA certificates of root CAs trusted to sign + either remote SMTP server certificates or intermediate CA cer- tificates. smtp_tls_CApath (empty) - Directory with PEM format certificate authority certificates + Directory with PEM format certificate authority certificates that the Postfix SMTP client uses to verify a remote SMTP server certificate. @@ -406,7 +407,7 @@ SMTP(8) SMTP(8) File with the Postfix SMTP client RSA certificate in PEM format. smtp_tls_mandatory_ciphers (medium) - The minimum TLS cipher grade that the Postfix SMTP client will + The minimum TLS cipher grade that the Postfix SMTP client will use with mandatory TLS encryption. smtp_tls_exclude_ciphers (empty) @@ -414,8 +415,8 @@ SMTP(8) SMTP(8) client cipher list at all TLS security levels. smtp_tls_mandatory_exclude_ciphers (empty) - Additional list of ciphers or cipher types to exclude from the - Postfix SMTP client cipher list at mandatory TLS security lev- + Additional list of ciphers or cipher types to exclude from the + Postfix SMTP client cipher list at mandatory TLS security lev- els. smtp_tls_dcert_file (empty) @@ -431,7 +432,7 @@ SMTP(8) SMTP(8) Enable additional Postfix SMTP client logging of TLS activity. smtp_tls_note_starttls_offer (no) - Log the hostname of a remote SMTP server that offers STARTTLS, + Log the hostname of a remote SMTP server that offers STARTTLS, when TLS is not already enabled for that server. smtp_tls_policy_maps (empty) @@ -440,14 +441,14 @@ SMTP(8) SMTP(8) fied, this overrides the obsolete smtp_tls_per_site parameter. smtp_tls_mandatory_protocols (!SSLv2) - List of SSL/TLS protocols that the Postfix SMTP client will use + List of SSL/TLS protocols that the Postfix SMTP client will use with mandatory TLS encryption. smtp_tls_scert_verifydepth (9) The verification depth for remote SMTP server certificates. smtp_tls_secure_cert_match (nexthop, dot-nexthop) - How the Postfix SMTP client verifies the server certificate + How the Postfix SMTP client verifies the server certificate peername for the "secure" TLS security level. smtp_tls_session_cache_database (empty) @@ -455,16 +456,16 @@ SMTP(8) SMTP(8) session cache. smtp_tls_session_cache_timeout (3600s) - The expiration time of Postfix SMTP client TLS session cache + The expiration time of Postfix SMTP client TLS session cache information. smtp_tls_verify_cert_match (hostname) - How the Postfix SMTP client verifies the server certificate + How the Postfix SMTP client verifies the server certificate peername for the "verify" TLS security level. tls_daemon_random_bytes (32) - The number of pseudo-random bytes that an smtp(8) or smtpd(8) - process requests from the tlsmgr(8) server in order to seed its + The number of pseudo-random bytes that an smtp(8) or smtpd(8) + process requests from the tlsmgr(8) server in order to seed its internal pseudo random number generator (PRNG). tls_high_cipherlist (ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH) @@ -480,52 +481,52 @@ SMTP(8) SMTP(8) The OpenSSL cipherlist for "EXPORT" or higher grade ciphers. tls_null_cipherlist (eNULL:!aNULL) - The OpenSSL cipherlist for "NULL" grade ciphers that provide + The OpenSSL cipherlist for "NULL" grade ciphers that provide authentication without encryption. Available in Postfix version 2.4 and later: smtp_sasl_tls_verified_security_options ($smtp_sasl_tls_secu- rity_options) - The SASL authentication security options that the Postfix SMTP - client uses for TLS encrypted SMTP sessions with a verified + The SASL authentication security options that the Postfix SMTP + client uses for TLS encrypted SMTP sessions with a verified server certificate. Available in Postfix version 2.5 and later: smtp_tls_fingerprint_cert_match (empty) - List of acceptable remote SMTP server certificate fingerprints - for the "fingerprint" TLS security level (smtp_tls_secu- + List of acceptable remote SMTP server certificate fingerprints + for the "fingerprint" TLS security level (smtp_tls_secu- rity_level = fingerprint). smtp_tls_fingerprint_digest (md5) - The message digest algorithm used to construct remote SMTP + The message digest algorithm used to construct remote SMTP server certificate fingerprints. Available in Postfix version 2.6 and later: smtp_tls_protocols (!SSLv2) - List of TLS protocols that the Postfix SMTP client will exclude + List of TLS protocols that the Postfix SMTP client will exclude or include with opportunistic TLS encryption. smtp_tls_ciphers (export) - The minimum TLS cipher grade that the Postfix SMTP client will + The minimum TLS cipher grade that the Postfix SMTP client will use with opportunistic TLS encryption. smtp_tls_eccert_file (empty) - File with the Postfix SMTP client ECDSA certificate in PEM for- + File with the Postfix SMTP client ECDSA certificate in PEM for- mat. smtp_tls_eckey_file ($smtp_tls_eccert_file) - File with the Postfix SMTP client ECDSA private key in PEM for- + File with the Postfix SMTP client ECDSA private key in PEM for- mat. Available in Postfix version 2.7 and later: smtp_tls_block_early_mail_reply (no) - Try to detect a mail hijacking attack based on a TLS protocol - vulnerability (CVE-2009-3555), where an attacker prepends mali- - cious HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client + Try to detect a mail hijacking attack based on a TLS protocol + vulnerability (CVE-2009-3555), where an attacker prepends mali- + cious HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client TLS session. Available in Postfix version 2.8 and later: @@ -536,11 +537,11 @@ SMTP(8) SMTP(8) Available in Postfix version 2.11 and later: smtp_tls_trust_anchor_file (empty) - Zero or more PEM-format files with trust-anchor certificates + Zero or more PEM-format files with trust-anchor certificates and/or public keys. smtp_tls_force_insecure_host_tlsa_lookup (no) - Lookup the associated DANE TLSA RRset even when a hostname is + Lookup the associated DANE TLSA RRset even when a hostname is not an alias and its address records lie in an unsigned zone. tls_dane_trust_anchor_digest_enable (yes) @@ -550,49 +551,49 @@ SMTP(8) SMTP(8) The name of the tlsmgr(8) service entry in master.cf. OBSOLETE STARTTLS CONTROLS - The following configuration parameters exist for compatibility with - Postfix versions before 2.3. Support for these will be removed in a + The following configuration parameters exist for compatibility with + Postfix versions before 2.3. Support for these will be removed in a future release. smtp_use_tls (no) - Opportunistic mode: use TLS when a remote SMTP server announces + Opportunistic mode: use TLS when a remote SMTP server announces STARTTLS support, otherwise send the mail in the clear. smtp_enforce_tls (no) - Enforcement mode: require that remote SMTP servers use TLS + Enforcement mode: require that remote SMTP servers use TLS encryption, and never send mail in the clear. smtp_tls_enforce_peername (yes) - With mandatory TLS encryption, require that the remote SMTP - server hostname matches the information in the remote SMTP + With mandatory TLS encryption, require that the remote SMTP + server hostname matches the information in the remote SMTP server certificate. smtp_tls_per_site (empty) - Optional lookup tables with the Postfix SMTP client TLS usage - policy by next-hop destination and by remote SMTP server host- + Optional lookup tables with the Postfix SMTP client TLS usage + policy by next-hop destination and by remote SMTP server host- name. smtp_tls_cipherlist (empty) - Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS + Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS cipher list. RESOURCE AND RATE CONTROLS smtp_destination_concurrency_limit ($default_destination_concur- rency_limit) - The maximal number of parallel deliveries to the same destina- + The maximal number of parallel deliveries to the same destina- tion via the smtp message delivery transport. smtp_destination_recipient_limit ($default_destination_recipient_limit) - The maximal number of recipients per message for the smtp mes- + The maximal number of recipients per message for the smtp mes- sage delivery transport. smtp_connect_timeout (30s) - The Postfix SMTP client time limit for completing a TCP connec- + The Postfix SMTP client time limit for completing a TCP connec- tion, or zero (use the operating system built-in time limit). smtp_helo_timeout (300s) - The Postfix SMTP client time limit for sending the HELO or EHLO - command, and for receiving the initial remote SMTP server + The Postfix SMTP client time limit for sending the HELO or EHLO + command, and for receiving the initial remote SMTP server response. lmtp_lhlo_timeout (300s) @@ -604,19 +605,19 @@ SMTP(8) SMTP(8) mand, and for receiving the remote SMTP server response. smtp_mail_timeout (300s) - The Postfix SMTP client time limit for sending the MAIL FROM + The Postfix SMTP client time limit for sending the MAIL FROM command, and for receiving the remote SMTP server response. smtp_rcpt_timeout (300s) - The Postfix SMTP client time limit for sending the SMTP RCPT TO + The Postfix SMTP client time limit for sending the SMTP RCPT TO command, and for receiving the remote SMTP server response. smtp_data_init_timeout (120s) - The Postfix SMTP client time limit for sending the SMTP DATA + The Postfix SMTP client time limit for sending the SMTP DATA command, and for receiving the remote SMTP server response. smtp_data_xfer_timeout (180s) - The Postfix SMTP client time limit for sending the SMTP message + The Postfix SMTP client time limit for sending the SMTP message content. smtp_data_done_timeout (600s) @@ -630,13 +631,13 @@ SMTP(8) SMTP(8) Available in Postfix version 2.1 and later: smtp_mx_address_limit (5) - The maximal number of MX (mail exchanger) IP addresses that can - result from Postfix SMTP client mail exchanger lookups, or zero + The maximal number of MX (mail exchanger) IP addresses that can + result from Postfix SMTP client mail exchanger lookups, or zero (no limit). smtp_mx_session_limit (2) - The maximal number of SMTP sessions per delivery request before - the Postfix SMTP client gives up or delivers to a fall-back + The maximal number of SMTP sessions per delivery request before + the Postfix SMTP client gives up or delivers to a fall-back relay host, or zero (no limit). smtp_rset_timeout (20s) @@ -646,17 +647,17 @@ SMTP(8) SMTP(8) Available in Postfix version 2.2 and earlier: lmtp_cache_connection (yes) - Keep Postfix LMTP client connections open for up to $max_idle + Keep Postfix LMTP client connections open for up to $max_idle seconds. Available in Postfix version 2.2 and later: smtp_connection_cache_destinations (empty) - Permanently enable SMTP connection caching for the specified + Permanently enable SMTP connection caching for the specified destinations. smtp_connection_cache_on_demand (yes) - Temporarily enable SMTP connection caching while a destination + Temporarily enable SMTP connection caching while a destination has a high volume of mail in the active queue. smtp_connection_reuse_time_limit (300s) @@ -670,37 +671,37 @@ SMTP(8) SMTP(8) Available in Postfix version 2.3 and later: connection_cache_protocol_timeout (5s) - Time limit for connection cache connect, send or receive opera- + Time limit for connection cache connect, send or receive opera- tions. Available in Postfix version 2.9 and later: smtp_per_record_deadline (no) - Change the behavior of the smtp_*_timeout time limits, from a - time limit per read or write system call, to a time limit to - send or receive a complete record (an SMTP command line, SMTP - response line, SMTP message content line, or TLS protocol mes- + Change the behavior of the smtp_*_timeout time limits, from a + time limit per read or write system call, to a time limit to + send or receive a complete record (an SMTP command line, SMTP + response line, SMTP message content line, or TLS protocol mes- sage). Available in Postfix version 2.11 and later: smtp_connection_reuse_count_limit (0) - When SMTP connection caching is enabled, the number of times - that an SMTP session may be reused before it is closed, or zero + When SMTP connection caching is enabled, the number of times + that an SMTP session may be reused before it is closed, or zero (no limit). TROUBLE SHOOTING CONTROLS debug_peer_level (2) - The increment in verbose logging level when a remote client or + The increment in verbose logging level when a remote client or server matches a pattern in the debug_peer_list parameter. debug_peer_list (empty) - Optional list of remote client or server hostname or network + Optional list of remote client or server hostname or network address patterns that cause the verbose logging level to increase by the amount specified in $debug_peer_level. error_notice_recipient (postmaster) - The recipient of postmaster notifications about mail delivery + The recipient of postmaster notifications about mail delivery problems that are caused by policy, resource, software or proto- col errors. @@ -714,46 +715,46 @@ SMTP(8) SMTP(8) MISCELLANEOUS CONTROLS best_mx_transport (empty) - Where the Postfix SMTP client should deliver mail when it + Where the Postfix SMTP client should deliver mail when it detects a "mail loops back to myself" error condition. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and master.cf con- + The default location of the Postfix main.cf and master.cf con- figuration files. daemon_timeout (18000s) - How much time a Postfix daemon process may take to handle a + How much time a Postfix daemon process may take to handle a request before it is terminated by a built-in watchdog timer. delay_logging_resolution_limit (2) - The maximal number of digits after the decimal point when log- + The maximal number of digits after the decimal point when log- ging sub-second delay values. disable_dns_lookups (no) Disable DNS lookups in the Postfix SMTP and LMTP clients. inet_interfaces (all) - The network interface addresses that this mail system receives + The network interface addresses that this mail system receives mail on. inet_protocols (all) - The Internet protocols Postfix will attempt to use when making + The Internet protocols Postfix will attempt to use when making or accepting connections. ipc_timeout (3600s) - The time limit for sending or receiving information over an + The time limit for sending or receiving information over an internal communication channel. lmtp_assume_final (no) - When a remote LMTP server announces no DSN support, assume that - the server performs final delivery, and send "delivered" deliv- + When a remote LMTP server announces no DSN support, assume that + the server performs final delivery, and send "delivered" deliv- ery status notifications instead of "relayed". lmtp_tcp_port (24) The default TCP port that the Postfix LMTP client connects to. max_idle (100s) - The maximum amount of time that an idle Postfix daemon process + The maximum amount of time that an idle Postfix daemon process waits for an incoming connection before terminating voluntarily. max_use (100) @@ -767,20 +768,20 @@ SMTP(8) SMTP(8) The process name of a Postfix command or daemon process. proxy_interfaces (empty) - The network interface addresses that this mail system receives + The network interface addresses that this mail system receives mail on by way of a proxy or network address translation unit. smtp_address_preference (any) The address type ("ipv6", "ipv4" or "any") that the Postfix SMTP - client will try first, when a destination has IPv6 and IPv4 + client will try first, when a destination has IPv6 and IPv4 addresses with equal MX preference. smtp_bind_address (empty) - An optional numerical network address that the Postfix SMTP + An optional numerical network address that the Postfix SMTP client should bind to when making an IPv4 connection. smtp_bind_address6 (empty) - An optional numerical network address that the Postfix SMTP + An optional numerical network address that the Postfix SMTP client should bind to when making an IPv6 connection. smtp_helo_name ($myhostname) @@ -800,8 +801,8 @@ SMTP(8) SMTP(8) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the process name in - syslog records, so that "smtpd" becomes, for example, "post- + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post- fix/smtpd". Available with Postfix 2.2 and earlier: diff --git a/postfix/html/local.8.html b/postfix/html/local.8.html index 8d450937f..67245eb16 100644 --- a/postfix/html/local.8.html +++ b/postfix/html/local.8.html @@ -360,43 +360,44 @@ LOCAL(8) LOCAL(8) Available in Postfix version 2.12 and later: - local_bounce_defer_filter ($default_bounce_defer_filter) - Optional filter to change arbitrary hard delivery errors into - soft errors and vice versa in the local(8) delivery agent. + local_delivery_status_filter ($default_delivery_status_filter) + Optional filter for the local(8) delivery agent to change the + status code or explanatory text of successful or unsuccessful + deliveries. DELIVERY METHOD CONTROLS - The precedence of local(8) delivery methods from high to low is: + The precedence of local(8) delivery methods from high to low is: aliases, .forward files, mailbox_transport_maps, mailbox_transport, - mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_direc- + mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_direc- tory, fallback_transport_maps, fallback_transport, and luser_relay. alias_maps (see 'postconf -d' output) The alias databases that are used for local(8) delivery. forward_path (see 'postconf -d' output) - The local(8) delivery agent search list for finding a .forward + The local(8) delivery agent search list for finding a .forward file with user-specified delivery methods. mailbox_transport_maps (empty) Optional lookup tables with per-recipient message delivery - transports to use for local(8) mailbox delivery, whether or not + transports to use for local(8) mailbox delivery, whether or not the recipients are found in the UNIX passwd database. mailbox_transport (empty) - Optional message delivery transport that the local(8) delivery - agent should use for mailbox delivery to all local recipients, + Optional message delivery transport that the local(8) delivery + agent should use for mailbox delivery to all local recipients, whether or not they are found in the UNIX passwd database. mailbox_command_maps (empty) - Optional lookup tables with per-recipient external commands to + Optional lookup tables with per-recipient external commands to use for local(8) mailbox delivery. mailbox_command (empty) - Optional external command that the local(8) delivery agent + Optional external command that the local(8) delivery agent should use for mailbox delivery. home_mailbox (empty) - Optional pathname of a mailbox file relative to a local(8) + Optional pathname of a mailbox file relative to a local(8) user's home directory. mail_spool_directory (see 'postconf -d' output) @@ -408,17 +409,17 @@ LOCAL(8) LOCAL(8) not find in the aliases(5) or UNIX password database. fallback_transport (empty) - Optional message delivery transport that the local(8) delivery - agent should use for names that are not found in the aliases(5) + Optional message delivery transport that the local(8) delivery + agent should use for names that are not found in the aliases(5) or UNIX password database. luser_relay (empty) - Optional catch-all destination for unknown local(8) recipients. + Optional catch-all destination for unknown local(8) recipients. Available in Postfix version 2.2 and later: command_execution_directory (empty) - The local(8) delivery agent working directory for delivery to + The local(8) delivery agent working directory for delivery to external command. MAILBOX LOCKING CONTROLS @@ -427,15 +428,15 @@ LOCAL(8) LOCAL(8) mailbox file or bounce(8) logfile. deliver_lock_delay (1s) - The time between attempts to acquire an exclusive lock on a + The time between attempts to acquire an exclusive lock on a mailbox file or bounce(8) logfile. stale_lock_time (500s) - The time after which a stale exclusive mailbox lockfile is + The time after which a stale exclusive mailbox lockfile is removed. mailbox_delivery_lock (see 'postconf -d' output) - How to lock a UNIX-style local(8) mailbox before attempting + How to lock a UNIX-style local(8) mailbox before attempting delivery. RESOURCE AND RATE CONTROLS @@ -448,18 +449,18 @@ LOCAL(8) LOCAL(8) showq(8) queue displays. local_destination_concurrency_limit (2) - The maximal number of parallel deliveries via the local mail - delivery transport to the same recipient (when "local_destina- - tion_recipient_limit = 1") or the maximal number of parallel + The maximal number of parallel deliveries via the local mail + delivery transport to the same recipient (when "local_destina- + tion_recipient_limit = 1") or the maximal number of parallel deliveries to the same local domain (when "local_destina- tion_recipient_limit > 1"). local_destination_recipient_limit (1) - The maximal number of recipients per message delivery via the + The maximal number of recipients per message delivery via the local mail delivery transport. mailbox_size_limit (51200000) - The maximal size of any local(8) individual mailbox or maildir + The maximal size of any local(8) individual mailbox or maildir file, or zero (no limit). SECURITY CONTROLS @@ -470,49 +471,49 @@ LOCAL(8) LOCAL(8) Restrict local(8) mail delivery to external files. command_expansion_filter (see 'postconf -d' output) - Restrict the characters that the local(8) delivery agent allows - in $name expansions of $mailbox_command and $command_execu- + Restrict the characters that the local(8) delivery agent allows + in $name expansions of $mailbox_command and $command_execu- tion_directory. default_privs (nobody) - The default rights used by the local(8) delivery agent for + The default rights used by the local(8) delivery agent for delivery to external file or command. forward_expansion_filter (see 'postconf -d' output) - Restrict the characters that the local(8) delivery agent allows + Restrict the characters that the local(8) delivery agent allows in $name expansions of $forward_path. Available in Postfix version 2.2 and later: execution_directory_expansion_filter (see 'postconf -d' output) - Restrict the characters that the local(8) delivery agent allows + Restrict the characters that the local(8) delivery agent allows in $name expansions of $command_execution_directory. Available in Postfix version 2.5.3 and later: strict_mailbox_ownership (yes) - Defer delivery when a mailbox file is not owned by its recipi- + Defer delivery when a mailbox file is not owned by its recipi- ent. MISCELLANEOUS CONTROLS config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and master.cf con- + The default location of the Postfix main.cf and master.cf con- figuration files. daemon_timeout (18000s) - How much time a Postfix daemon process may take to handle a + How much time a Postfix daemon process may take to handle a request before it is terminated by a built-in watchdog timer. delay_logging_resolution_limit (2) - The maximal number of digits after the decimal point when log- + The maximal number of digits after the decimal point when log- ging sub-second delay values. export_environment (see 'postconf -d' output) - The list of environment variables that a Postfix process will + The list of environment variables that a Postfix process will export to non-Postfix processes. ipc_timeout (3600s) - The time limit for sending or receiving information over an + The time limit for sending or receiving information over an internal communication channel. local_command_shell (empty) @@ -520,7 +521,7 @@ LOCAL(8) LOCAL(8) mand. max_idle (100s) - The maximum amount of time that an idle Postfix daemon process + The maximum amount of time that an idle Postfix daemon process waits for an incoming connection before terminating voluntarily. max_use (100) @@ -528,8 +529,8 @@ LOCAL(8) LOCAL(8) process will service before terminating voluntarily. prepend_delivered_header (command, file, forward) - The message delivery contexts where the Postfix local(8) deliv- - ery agent prepends a Delivered-To: message header with the + The message delivery contexts where the Postfix local(8) deliv- + ery agent prepends a Delivered-To: message header with the address that the mail was delivered to. process_id (read-only) @@ -539,15 +540,15 @@ LOCAL(8) LOCAL(8) The process name of a Postfix command or daemon process. propagate_unmatched_extensions (canonical, virtual) - What address lookup tables copy an address extension from the + What address lookup tables copy an address extension from the lookup key to the lookup result. queue_directory (see 'postconf -d' output) The location of the Postfix top-level queue directory. recipient_delimiter (empty) - The set of characters that can separate a user name from its - extension (example: user+foo), or a .forward file name from its + The set of characters that can separate a user name from its + extension (example: user+foo), or a .forward file name from its extension (example: .forward+foo). require_home_directory (no) @@ -558,8 +559,8 @@ LOCAL(8) LOCAL(8) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the process name in - syslog records, so that "smtpd" becomes, for example, "post- + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post- fix/smtpd". FILES @@ -582,10 +583,10 @@ LOCAL(8) LOCAL(8) The Secure Mailer license must be distributed with this software. HISTORY - The Delivered-To: message header appears in the qmail system by Daniel + The Delivered-To: message header appears in the qmail system by Daniel Bernstein. - The maildir structure appears in the qmail system by Daniel Bernstein. + The maildir structure appears in the qmail system by Daniel Bernstein. AUTHOR(S) Wietse Venema diff --git a/postfix/html/pipe.8.html b/postfix/html/pipe.8.html index 1ecbcaac1..8c21f4c7e 100644 --- a/postfix/html/pipe.8.html +++ b/postfix/html/pipe.8.html @@ -449,9 +449,10 @@ PIPE(8) PIPE(8) Available in Postfix version 2.12 and later: - pipe_bounce_defer_filter ($default_bounce_defer_filter) - Optional filter to change arbitrary hard delivery errors into - soft errors and vice versa in the pipe(8) delivery agent. + pipe_delivery_status_filter ($default_delivery_status_filter) + Optional filter for the pipe(8) delivery agent to change the + delivery status code or explanatory text of successful or unsuc- + cessful deliveries. SEE ALSO qmgr(8), queue manager diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index f6ddb475f..316f0fb12 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -1756,74 +1756,6 @@ Example: - - -
default_bounce_defer_filter -(default: empty)
- -

Optional filter to change arbitrary hard delivery errors into -soft errors and vice versa. This is implemented by rewriting the -three-number enhanced status code and the explanatory text in a -Postfix delivery agent bounce/defer message.

- -

Specify zero or more "type:table" lookup table names, separated -by comma or whitespace. With each bounce or defer request, the -tables are queried in the specified order with one line of text -that is structured as follows:

- -
-enhanced-status-code SPACE explanatory-text -
- -

The first table match wins. The lookup result must have the -same structure as the query: enhanced status codes must have a -first numerical field of 4 (defer) or 5 (bounce), and the explanatory -text field must be non-empty. Other results will result in a warning. -

- -

Example:

- -

The following example turns specific soft TLS errors into hard -errors, by overriding the first number in the enhanced status code. -

- -
-
-/etc/postfix/main.cf:
-    smtp_bounce_defer_filter = pcre:/etc/postfix/smtp_ndr_filter
-
-
- -
-
-/etc/postfix/smtp_ndr_filter:
-    /^4(\.\d+\.\d+ TLS is required, but host \S+ refused to start TLS: .+)/
-        5$1
-    /^4(\.\d+\.\d+ TLS is required, but was not offered by host .+)/
-        5$1
-    # Do not change the following into hard bounces. They may
-    # result from a local configuration problem.
-    # 4.\d+.\d+ TLS is required, but our TLS engine is unavailable
-    # 4.\d+.\d+ TLS is required, but unavailable
-    # 4.\d+.\d+ Cannot start TLS: handshake failure
-
-
- -

Notes:

- - - -

This feature is available in Postfix 2.12 and later.

- -
default_database_type @@ -1952,6 +1884,93 @@ name of the message delivery transport.

+ + +
default_delivery_status_filter +(default: empty)
+ +

Optional filter to replace the delivery status code or explanatory +text of successful or unsuccessful deliveries. This does, however, +not allow the replacement of a successful status code (2.X.X) with +an unsuccessful status code (4.X.X or 5.X.X) or vice versa.

+ +

Specify zero or more "type:table" lookup table names, separated +by comma or whitespace. With each bounce or defer request, the +tables are queried in the specified order with one line of text +that is structured as follows:

+ +
+enhanced-status-code SPACE explanatory-text +
+ +

The first table match wins. The lookup result must have the +same structure as the query, a successful status code (2.X.X) must +be replaced with a successful status code, an unsuccessful status +code (4.X.X or 5.X.X) must be replaced with an unsuccessful status +code, and the explanatory text field must be non-empty. Other results +will result in a warning.

+ +

Example 1: convert specific soft TLS errors into hard errors, +by overriding the first number in the enhanced status code.

+ +
+
+/etc/postfix/main.cf:
+    smtp_delivery_status_filter = pcre:/etc/postfix/smtp_dsn_filter
+
+
+ +
+
+/etc/postfix/smtp_dsn_filter:
+    /^4(\.\d+\.\d+ TLS is required, but host \S+ refused to start TLS: .+)/
+        5$1
+    /^4(\.\d+\.\d+ TLS is required, but was not offered by host .+)/
+        5$1
+    # Do not change the following into hard bounces. They may
+    # result from a local configuration problem.
+    # 4.\d+.\d+ TLS is required, but our TLS engine is unavailable
+    # 4.\d+.\d+ TLS is required, but unavailable
+    # 4.\d+.\d+ Cannot start TLS: handshake failure
+
+
+ +

Example 2: censor the per-recipient delivery status text so +that it does not not reveal the destination command or filename +when a remote sender requests confirmation of successful delivery. +

+ +
+
+/etc/postfix/main.cf:
+    local_delivery_status_filter = pcre:/etc/postfix/local_dsn_filter
+
+
+ +
+
+/etc/postfix/local_dsn_filter:
+    /^(2\S+ delivered to file).+/    $1
+    /^(2\S+ delivered to command).+/ $1
+
+
+ +

Notes:

+ +
    + +

  • This feature will NOT override the soft_bounce safety net.

    + +

  • This feature will change the enhanced status code and text +that is logged to the maillog file, and that is reported to the +sender in delivery confirmation or non-delivery notifications. +

    + +
+ +

This feature is available in Postfix 2.12 and later.

+ +
default_destination_concurrency_failed_cohort_limit @@ -3920,17 +3939,6 @@ parameter. See there for details.

This feature is available in Postfix 2.5 and later.

- - -
lmtp_bounce_defer_filter -(default: empty)
- -

The LMTP-specific version of the smtp_bounce_defer_filter -configuration parameter. See there for details.

- -

This feature is available in Postfix 2.12 and later.

- -
lmtp_cache_connection @@ -4132,6 +4140,17 @@ configuration parameter. See there for details.

This feature is available in Postfix 2.3 and later.

+ + +
lmtp_delivery_status_filter +(default: empty)
+ +

The LMTP-specific version of the smtp_delivery_status_filter +configuration parameter. See there for details.

+ +

This feature is available in Postfix 2.12 and later.

+ +
lmtp_destination_concurrency_limit @@ -5127,18 +5146,6 @@ This feature is available in Postfix 2.1 and later.

- - -
local_bounce_defer_filter -(default: $default_bounce_defer_filter)
- -

Optional filter to change arbitrary hard delivery errors into -soft errors and vice versa in the local(8) delivery agent. See -default_bounce_defer_filter for details.

- -

This feature is available in Postfix 2.12 and later.

- -
local_command_shell @@ -5169,6 +5176,18 @@ Example: + + +
local_delivery_status_filter +(default: $default_delivery_status_filter)
+ +

Optional filter for the local(8) delivery agent to change the +status code or explanatory text of successful or unsuccessful +deliveries. See default_delivery_status_filter for details.

+ +

This feature is available in Postfix 2.12 and later.

+ +
local_destination_concurrency_limit @@ -7013,12 +7032,12 @@ This feature is available in Postfix 2.0 and later. -
pipe_bounce_defer_filter -(default: $default_bounce_defer_filter)
+
pipe_delivery_status_filter +(default: $default_delivery_status_filter)
-

Optional filter to change arbitrary hard delivery errors into -soft errors and vice versa in the pipe(8) delivery agent. See -default_bounce_defer_filter for details.

+

Optional filter for the pipe(8) delivery agent to change the +delivery status code or explanatory text of successful or unsuccessful +deliveries. See default_delivery_status_filter for details.

This feature is available in Postfix 2.12 and later.

@@ -9588,22 +9607,6 @@ that change the delivery time or destination are not available.

This feature is available in Postfix 2.5 and later.

-
- -
smtp_bounce_defer_filter -(default: $default_bounce_defer_filter)
- -

Optional filter to change arbitrary hard delivery errors into -soft errors and vice versa in the smtp(8) delivery agent. See -default_bounce_defer_filter for details.

- -

NOTE: This feature modifies error messages that are generated -by the Postfix SMTP client, and that may or may not be derived from -remote SMTP server responses. In contrast, the smtp_reply_filter -feature modifies remote SMTP server responses that may result in -email non-delivery or delivery.

- -
smtp_cname_overrides_servername @@ -9868,6 +9871,21 @@ This feature is available in Postfix 2.1 and later.

+ + +
smtp_delivery_status_filter +(default: $default_delivery_status_filter)
+ +

Optional filter for the smtp(8) delivery agent to change the +delivery status code or explanatory text of successful or unsuccessful +deliveries. See default_delivery_status_filter for details.

+ +

NOTE: This feature modifies Postfix SMTP client error or non-error +messages that may or may not be derived from remote SMTP server +responses. In contrast, the smtp_reply_filter feature modifies +remote SMTP server responses only.

+ +
smtp_destination_concurrency_limit @@ -18219,12 +18237,12 @@ This feature is available in Postfix 2.1 and later. -
virtual_bounce_defer_filter -(default: $default_bounce_defer_filter)
+
virtual_delivery_status_filter +(default: $default_delivery_status_filter)
-

Optional filter to change arbitrary hard delivery errors into -soft errors and vice versa in the virtual(8) delivery agent. See -default_bounce_defer_filter for details.

+

Optional filter for the virtual(8) delivery agent to change the +delivery status code or explanatory text of successful or unsuccessful +deliveries. See default_delivery_status_filter for details.

This feature is available in Postfix 2.12 and later.

diff --git a/postfix/html/smtp.8.html b/postfix/html/smtp.8.html index bbbcc1a26..6a85843d1 100644 --- a/postfix/html/smtp.8.html +++ b/postfix/html/smtp.8.html @@ -292,9 +292,10 @@ SMTP(8) SMTP(8) Available in Postfix version 2.12 and later: - smtp_bounce_defer_filter ($default_bounce_defer_filter) - Optional filter to change arbitrary hard delivery errors into - soft errors and vice versa in the smtp(8) delivery agent. + smtp_delivery_status_filter ($default_delivery_status_filter) + Optional filter for the smtp(8) delivery agent to change the + delivery status code or explanatory text of successful or unsuc- + cessful deliveries. MIME PROCESSING CONTROLS Available in Postfix version 2.0 and later: @@ -312,7 +313,7 @@ SMTP(8) SMTP(8) Available in Postfix version 2.1 and later: smtp_send_xforward_command (no) - Send the non-standard XFORWARD command when the Postfix SMTP + Send the non-standard XFORWARD command when the Postfix SMTP server EHLO response announces XFORWARD support. SASL AUTHENTICATION CONTROLS @@ -320,62 +321,62 @@ SMTP(8) SMTP(8) Enable SASL authentication in the Postfix SMTP client. smtp_sasl_password_maps (empty) - Optional Postfix SMTP client lookup tables with one user- - name:password entry per remote hostname or domain, or sender + Optional Postfix SMTP client lookup tables with one user- + name:password entry per remote hostname or domain, or sender address when sender-dependent authentication is enabled. smtp_sasl_security_options (noplaintext, noanonymous) Postfix SMTP client SASL security options; as of Postfix 2.3 the - list of available features depends on the SASL client implemen- + list of available features depends on the SASL client implemen- tation that is selected with smtp_sasl_type. Available in Postfix version 2.2 and later: smtp_sasl_mechanism_filter (empty) - If non-empty, a Postfix SMTP client filter for the remote SMTP + If non-empty, a Postfix SMTP client filter for the remote SMTP server's list of offered SASL mechanisms. Available in Postfix version 2.3 and later: smtp_sender_dependent_authentication (no) Enable sender-dependent authentication in the Postfix SMTP - client; this is available only with SASL authentication, and - disables SMTP connection caching to ensure that mail from dif- + client; this is available only with SASL authentication, and + disables SMTP connection caching to ensure that mail from dif- ferent senders will use the appropriate credentials. smtp_sasl_path (empty) Implementation-specific information that the Postfix SMTP client - passes through to the SASL plug-in implementation that is + passes through to the SASL plug-in implementation that is selected with smtp_sasl_type. smtp_sasl_type (cyrus) - The SASL plug-in type that the Postfix SMTP client should use + The SASL plug-in type that the Postfix SMTP client should use for authentication. Available in Postfix version 2.5 and later: smtp_sasl_auth_cache_name (empty) - An optional table to prevent repeated SASL authentication fail- - ures with the same remote SMTP server hostname, username and + An optional table to prevent repeated SASL authentication fail- + ures with the same remote SMTP server hostname, username and password. smtp_sasl_auth_cache_time (90d) - The maximal age of an smtp_sasl_auth_cache_name entry before it + The maximal age of an smtp_sasl_auth_cache_name entry before it is removed. smtp_sasl_auth_soft_bounce (yes) - When a remote SMTP server rejects a SASL authentication request - with a 535 reply code, defer mail delivery instead of returning + When a remote SMTP server rejects a SASL authentication request + with a 535 reply code, defer mail delivery instead of returning mail as undeliverable. Available in Postfix version 2.9 and later: smtp_send_dummy_mail_auth (no) - Whether or not to append the "AUTH=<>" option to the MAIL FROM + Whether or not to append the "AUTH=<>" option to the MAIL FROM command in SASL-authenticated SMTP sessions. STARTTLS SUPPORT CONTROLS - Detailed information about STARTTLS configuration may be found in the + Detailed information about STARTTLS configuration may be found in the TLS_README document. smtp_tls_security_level (empty) @@ -385,20 +386,20 @@ SMTP(8) SMTP(8) smtp_tls_enforce_peername. smtp_sasl_tls_security_options ($smtp_sasl_security_options) - The SASL authentication security options that the Postfix SMTP + The SASL authentication security options that the Postfix SMTP client uses for TLS encrypted SMTP sessions. smtp_starttls_timeout (300s) - Time limit for Postfix SMTP client write and read operations + Time limit for Postfix SMTP client write and read operations during TLS startup and shutdown handshake procedures. smtp_tls_CAfile (empty) - A file containing CA certificates of root CAs trusted to sign - either remote SMTP server certificates or intermediate CA cer- + A file containing CA certificates of root CAs trusted to sign + either remote SMTP server certificates or intermediate CA cer- tificates. smtp_tls_CApath (empty) - Directory with PEM format certificate authority certificates + Directory with PEM format certificate authority certificates that the Postfix SMTP client uses to verify a remote SMTP server certificate. @@ -406,7 +407,7 @@ SMTP(8) SMTP(8) File with the Postfix SMTP client RSA certificate in PEM format. smtp_tls_mandatory_ciphers (medium) - The minimum TLS cipher grade that the Postfix SMTP client will + The minimum TLS cipher grade that the Postfix SMTP client will use with mandatory TLS encryption. smtp_tls_exclude_ciphers (empty) @@ -414,8 +415,8 @@ SMTP(8) SMTP(8) client cipher list at all TLS security levels. smtp_tls_mandatory_exclude_ciphers (empty) - Additional list of ciphers or cipher types to exclude from the - Postfix SMTP client cipher list at mandatory TLS security lev- + Additional list of ciphers or cipher types to exclude from the + Postfix SMTP client cipher list at mandatory TLS security lev- els. smtp_tls_dcert_file (empty) @@ -431,7 +432,7 @@ SMTP(8) SMTP(8) Enable additional Postfix SMTP client logging of TLS activity. smtp_tls_note_starttls_offer (no) - Log the hostname of a remote SMTP server that offers STARTTLS, + Log the hostname of a remote SMTP server that offers STARTTLS, when TLS is not already enabled for that server. smtp_tls_policy_maps (empty) @@ -440,14 +441,14 @@ SMTP(8) SMTP(8) fied, this overrides the obsolete smtp_tls_per_site parameter. smtp_tls_mandatory_protocols (!SSLv2) - List of SSL/TLS protocols that the Postfix SMTP client will use + List of SSL/TLS protocols that the Postfix SMTP client will use with mandatory TLS encryption. smtp_tls_scert_verifydepth (9) The verification depth for remote SMTP server certificates. smtp_tls_secure_cert_match (nexthop, dot-nexthop) - How the Postfix SMTP client verifies the server certificate + How the Postfix SMTP client verifies the server certificate peername for the "secure" TLS security level. smtp_tls_session_cache_database (empty) @@ -455,16 +456,16 @@ SMTP(8) SMTP(8) session cache. smtp_tls_session_cache_timeout (3600s) - The expiration time of Postfix SMTP client TLS session cache + The expiration time of Postfix SMTP client TLS session cache information. smtp_tls_verify_cert_match (hostname) - How the Postfix SMTP client verifies the server certificate + How the Postfix SMTP client verifies the server certificate peername for the "verify" TLS security level. tls_daemon_random_bytes (32) - The number of pseudo-random bytes that an smtp(8) or smtpd(8) - process requests from the tlsmgr(8) server in order to seed its + The number of pseudo-random bytes that an smtp(8) or smtpd(8) + process requests from the tlsmgr(8) server in order to seed its internal pseudo random number generator (PRNG). tls_high_cipherlist (ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH) @@ -480,52 +481,52 @@ SMTP(8) SMTP(8) The OpenSSL cipherlist for "EXPORT" or higher grade ciphers. tls_null_cipherlist (eNULL:!aNULL) - The OpenSSL cipherlist for "NULL" grade ciphers that provide + The OpenSSL cipherlist for "NULL" grade ciphers that provide authentication without encryption. Available in Postfix version 2.4 and later: smtp_sasl_tls_verified_security_options ($smtp_sasl_tls_secu- rity_options) - The SASL authentication security options that the Postfix SMTP - client uses for TLS encrypted SMTP sessions with a verified + The SASL authentication security options that the Postfix SMTP + client uses for TLS encrypted SMTP sessions with a verified server certificate. Available in Postfix version 2.5 and later: smtp_tls_fingerprint_cert_match (empty) - List of acceptable remote SMTP server certificate fingerprints - for the "fingerprint" TLS security level (smtp_tls_secu- + List of acceptable remote SMTP server certificate fingerprints + for the "fingerprint" TLS security level (smtp_tls_secu- rity_level = fingerprint). smtp_tls_fingerprint_digest (md5) - The message digest algorithm used to construct remote SMTP + The message digest algorithm used to construct remote SMTP server certificate fingerprints. Available in Postfix version 2.6 and later: smtp_tls_protocols (!SSLv2) - List of TLS protocols that the Postfix SMTP client will exclude + List of TLS protocols that the Postfix SMTP client will exclude or include with opportunistic TLS encryption. smtp_tls_ciphers (export) - The minimum TLS cipher grade that the Postfix SMTP client will + The minimum TLS cipher grade that the Postfix SMTP client will use with opportunistic TLS encryption. smtp_tls_eccert_file (empty) - File with the Postfix SMTP client ECDSA certificate in PEM for- + File with the Postfix SMTP client ECDSA certificate in PEM for- mat. smtp_tls_eckey_file ($smtp_tls_eccert_file) - File with the Postfix SMTP client ECDSA private key in PEM for- + File with the Postfix SMTP client ECDSA private key in PEM for- mat. Available in Postfix version 2.7 and later: smtp_tls_block_early_mail_reply (no) - Try to detect a mail hijacking attack based on a TLS protocol - vulnerability (CVE-2009-3555), where an attacker prepends mali- - cious HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client + Try to detect a mail hijacking attack based on a TLS protocol + vulnerability (CVE-2009-3555), where an attacker prepends mali- + cious HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client TLS session. Available in Postfix version 2.8 and later: @@ -536,11 +537,11 @@ SMTP(8) SMTP(8) Available in Postfix version 2.11 and later: smtp_tls_trust_anchor_file (empty) - Zero or more PEM-format files with trust-anchor certificates + Zero or more PEM-format files with trust-anchor certificates and/or public keys. smtp_tls_force_insecure_host_tlsa_lookup (no) - Lookup the associated DANE TLSA RRset even when a hostname is + Lookup the associated DANE TLSA RRset even when a hostname is not an alias and its address records lie in an unsigned zone. tls_dane_trust_anchor_digest_enable (yes) @@ -550,49 +551,49 @@ SMTP(8) SMTP(8) The name of the tlsmgr(8) service entry in master.cf. OBSOLETE STARTTLS CONTROLS - The following configuration parameters exist for compatibility with - Postfix versions before 2.3. Support for these will be removed in a + The following configuration parameters exist for compatibility with + Postfix versions before 2.3. Support for these will be removed in a future release. smtp_use_tls (no) - Opportunistic mode: use TLS when a remote SMTP server announces + Opportunistic mode: use TLS when a remote SMTP server announces STARTTLS support, otherwise send the mail in the clear. smtp_enforce_tls (no) - Enforcement mode: require that remote SMTP servers use TLS + Enforcement mode: require that remote SMTP servers use TLS encryption, and never send mail in the clear. smtp_tls_enforce_peername (yes) - With mandatory TLS encryption, require that the remote SMTP - server hostname matches the information in the remote SMTP + With mandatory TLS encryption, require that the remote SMTP + server hostname matches the information in the remote SMTP server certificate. smtp_tls_per_site (empty) - Optional lookup tables with the Postfix SMTP client TLS usage - policy by next-hop destination and by remote SMTP server host- + Optional lookup tables with the Postfix SMTP client TLS usage + policy by next-hop destination and by remote SMTP server host- name. smtp_tls_cipherlist (empty) - Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS + Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS cipher list. RESOURCE AND RATE CONTROLS smtp_destination_concurrency_limit ($default_destination_concur- rency_limit) - The maximal number of parallel deliveries to the same destina- + The maximal number of parallel deliveries to the same destina- tion via the smtp message delivery transport. smtp_destination_recipient_limit ($default_destination_recipient_limit) - The maximal number of recipients per message for the smtp mes- + The maximal number of recipients per message for the smtp mes- sage delivery transport. smtp_connect_timeout (30s) - The Postfix SMTP client time limit for completing a TCP connec- + The Postfix SMTP client time limit for completing a TCP connec- tion, or zero (use the operating system built-in time limit). smtp_helo_timeout (300s) - The Postfix SMTP client time limit for sending the HELO or EHLO - command, and for receiving the initial remote SMTP server + The Postfix SMTP client time limit for sending the HELO or EHLO + command, and for receiving the initial remote SMTP server response. lmtp_lhlo_timeout (300s) @@ -604,19 +605,19 @@ SMTP(8) SMTP(8) mand, and for receiving the remote SMTP server response. smtp_mail_timeout (300s) - The Postfix SMTP client time limit for sending the MAIL FROM + The Postfix SMTP client time limit for sending the MAIL FROM command, and for receiving the remote SMTP server response. smtp_rcpt_timeout (300s) - The Postfix SMTP client time limit for sending the SMTP RCPT TO + The Postfix SMTP client time limit for sending the SMTP RCPT TO command, and for receiving the remote SMTP server response. smtp_data_init_timeout (120s) - The Postfix SMTP client time limit for sending the SMTP DATA + The Postfix SMTP client time limit for sending the SMTP DATA command, and for receiving the remote SMTP server response. smtp_data_xfer_timeout (180s) - The Postfix SMTP client time limit for sending the SMTP message + The Postfix SMTP client time limit for sending the SMTP message content. smtp_data_done_timeout (600s) @@ -630,13 +631,13 @@ SMTP(8) SMTP(8) Available in Postfix version 2.1 and later: smtp_mx_address_limit (5) - The maximal number of MX (mail exchanger) IP addresses that can - result from Postfix SMTP client mail exchanger lookups, or zero + The maximal number of MX (mail exchanger) IP addresses that can + result from Postfix SMTP client mail exchanger lookups, or zero (no limit). smtp_mx_session_limit (2) - The maximal number of SMTP sessions per delivery request before - the Postfix SMTP client gives up or delivers to a fall-back + The maximal number of SMTP sessions per delivery request before + the Postfix SMTP client gives up or delivers to a fall-back relay host, or zero (no limit). smtp_rset_timeout (20s) @@ -646,17 +647,17 @@ SMTP(8) SMTP(8) Available in Postfix version 2.2 and earlier: lmtp_cache_connection (yes) - Keep Postfix LMTP client connections open for up to $max_idle + Keep Postfix LMTP client connections open for up to $max_idle seconds. Available in Postfix version 2.2 and later: smtp_connection_cache_destinations (empty) - Permanently enable SMTP connection caching for the specified + Permanently enable SMTP connection caching for the specified destinations. smtp_connection_cache_on_demand (yes) - Temporarily enable SMTP connection caching while a destination + Temporarily enable SMTP connection caching while a destination has a high volume of mail in the active queue. smtp_connection_reuse_time_limit (300s) @@ -670,37 +671,37 @@ SMTP(8) SMTP(8) Available in Postfix version 2.3 and later: connection_cache_protocol_timeout (5s) - Time limit for connection cache connect, send or receive opera- + Time limit for connection cache connect, send or receive opera- tions. Available in Postfix version 2.9 and later: smtp_per_record_deadline (no) - Change the behavior of the smtp_*_timeout time limits, from a - time limit per read or write system call, to a time limit to - send or receive a complete record (an SMTP command line, SMTP - response line, SMTP message content line, or TLS protocol mes- + Change the behavior of the smtp_*_timeout time limits, from a + time limit per read or write system call, to a time limit to + send or receive a complete record (an SMTP command line, SMTP + response line, SMTP message content line, or TLS protocol mes- sage). Available in Postfix version 2.11 and later: smtp_connection_reuse_count_limit (0) - When SMTP connection caching is enabled, the number of times - that an SMTP session may be reused before it is closed, or zero + When SMTP connection caching is enabled, the number of times + that an SMTP session may be reused before it is closed, or zero (no limit). TROUBLE SHOOTING CONTROLS debug_peer_level (2) - The increment in verbose logging level when a remote client or + The increment in verbose logging level when a remote client or server matches a pattern in the debug_peer_list parameter. debug_peer_list (empty) - Optional list of remote client or server hostname or network + Optional list of remote client or server hostname or network address patterns that cause the verbose logging level to increase by the amount specified in $debug_peer_level. error_notice_recipient (postmaster) - The recipient of postmaster notifications about mail delivery + The recipient of postmaster notifications about mail delivery problems that are caused by policy, resource, software or proto- col errors. @@ -714,46 +715,46 @@ SMTP(8) SMTP(8) MISCELLANEOUS CONTROLS best_mx_transport (empty) - Where the Postfix SMTP client should deliver mail when it + Where the Postfix SMTP client should deliver mail when it detects a "mail loops back to myself" error condition. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and master.cf con- + The default location of the Postfix main.cf and master.cf con- figuration files. daemon_timeout (18000s) - How much time a Postfix daemon process may take to handle a + How much time a Postfix daemon process may take to handle a request before it is terminated by a built-in watchdog timer. delay_logging_resolution_limit (2) - The maximal number of digits after the decimal point when log- + The maximal number of digits after the decimal point when log- ging sub-second delay values. disable_dns_lookups (no) Disable DNS lookups in the Postfix SMTP and LMTP clients. inet_interfaces (all) - The network interface addresses that this mail system receives + The network interface addresses that this mail system receives mail on. inet_protocols (all) - The Internet protocols Postfix will attempt to use when making + The Internet protocols Postfix will attempt to use when making or accepting connections. ipc_timeout (3600s) - The time limit for sending or receiving information over an + The time limit for sending or receiving information over an internal communication channel. lmtp_assume_final (no) - When a remote LMTP server announces no DSN support, assume that - the server performs final delivery, and send "delivered" deliv- + When a remote LMTP server announces no DSN support, assume that + the server performs final delivery, and send "delivered" deliv- ery status notifications instead of "relayed". lmtp_tcp_port (24) The default TCP port that the Postfix LMTP client connects to. max_idle (100s) - The maximum amount of time that an idle Postfix daemon process + The maximum amount of time that an idle Postfix daemon process waits for an incoming connection before terminating voluntarily. max_use (100) @@ -767,20 +768,20 @@ SMTP(8) SMTP(8) The process name of a Postfix command or daemon process. proxy_interfaces (empty) - The network interface addresses that this mail system receives + The network interface addresses that this mail system receives mail on by way of a proxy or network address translation unit. smtp_address_preference (any) The address type ("ipv6", "ipv4" or "any") that the Postfix SMTP - client will try first, when a destination has IPv6 and IPv4 + client will try first, when a destination has IPv6 and IPv4 addresses with equal MX preference. smtp_bind_address (empty) - An optional numerical network address that the Postfix SMTP + An optional numerical network address that the Postfix SMTP client should bind to when making an IPv4 connection. smtp_bind_address6 (empty) - An optional numerical network address that the Postfix SMTP + An optional numerical network address that the Postfix SMTP client should bind to when making an IPv6 connection. smtp_helo_name ($myhostname) @@ -800,8 +801,8 @@ SMTP(8) SMTP(8) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - The mail system name that is prepended to the process name in - syslog records, so that "smtpd" becomes, for example, "post- + The mail system name that is prepended to the process name in + syslog records, so that "smtpd" becomes, for example, "post- fix/smtpd". Available with Postfix 2.2 and earlier: diff --git a/postfix/html/virtual.8.html b/postfix/html/virtual.8.html index fd1c83ed4..4b0635432 100644 --- a/postfix/html/virtual.8.html +++ b/postfix/html/virtual.8.html @@ -263,9 +263,10 @@ VIRTUAL(8) VIRTUAL(8) Available in Postfix version 2.12 and later: - virtual_bounce_defer_filter ($default_bounce_defer_filter) - Optional filter to change arbitrary hard delivery errors into - soft errors and vice versa in the virtual(8) delivery agent. + virtual_delivery_status_filter ($default_delivery_status_filter) + Optional filter for the virtual(8) delivery agent to change the + delivery status code or explanatory text of successful or unsuc- + cessful deliveries. SEE ALSO qmgr(8), queue manager @@ -282,15 +283,15 @@ VIRTUAL(8) VIRTUAL(8) The Secure Mailer license must be distributed with this software. HISTORY - This delivery agent was originally based on the Postfix local delivery - agent. Modifications mainly consisted of removing code that either was + This delivery agent was originally based on the Postfix local delivery + agent. Modifications mainly consisted of removing code that either was not applicable or that was not safe in this context: aliases, ~user/.forward files, delivery to "|command" or to /file/name. - The Delivered-To: message header appears in the qmail system by Daniel + The Delivered-To: message header appears in the qmail system by Daniel Bernstein. - The maildir structure appears in the qmail system by Daniel Bernstein. + The maildir structure appears in the qmail system by Daniel Bernstein. AUTHOR(S) Wietse Venema diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index 6a989d565..43dfa2d9b 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -1021,71 +1021,6 @@ debugger_command = .fi .ad .ft R -.SH default_bounce_defer_filter (default: empty) -Optional filter to change arbitrary hard delivery errors into -soft errors and vice versa. This is implemented by rewriting the -three-number enhanced status code and the explanatory text in a -Postfix delivery agent bounce/defer message. -.PP -Specify zero or more "type:table" lookup table names, separated -by comma or whitespace. With each bounce or defer request, the -tables are queried in the specified order with one line of text -that is structured as follows: -.sp -.in +4 -enhanced-status-code SPACE explanatory-text -.in -4 -.PP -The first table match wins. The lookup result must have the -same structure as the query: enhanced status codes must have a -first numerical field of 4 (defer) or 5 (bounce), and the explanatory -text field must be non-empty. Other results will result in a warning. -.PP -Example: -.PP -The following example turns specific soft TLS errors into hard -errors, by overriding the first number in the enhanced status code. -.sp -.in +4 -.nf -.na -.ft C -/etc/postfix/main.cf: - smtp_bounce_defer_filter = pcre:/etc/postfix/smtp_ndr_filter -.fi -.ad -.ft R -.in -4 -.sp -.in +4 -.nf -.na -.ft C -/etc/postfix/smtp_ndr_filter: - /^4(\e.\ed+\e.\ed+ TLS is required, but host \eS+ refused to start TLS: .+)/ - 5$1 - /^4(\e.\ed+\e.\ed+ TLS is required, but was not offered by host .+)/ - 5$1 - # Do not change the following into hard bounces. They may - # result from a local configuration problem. - # 4.\ed+.\ed+ TLS is required, but our TLS engine is unavailable - # 4.\ed+.\ed+ TLS is required, but unavailable - # 4.\ed+.\ed+ Cannot start TLS: handshake failure -.fi -.ad -.ft R -.in -4 -.PP -Notes: -.IP \(bu -This feature will NOT override the soft_bounce safety net. -.IP \(bu -This feature will change the enhanced status code and text -that is logged to the maillog file, and that is reported to the -sender. -.br -.PP -This feature is available in Postfix 2.12 and later. .SH default_database_type (default: see "postconf -d" output) The default database type for use in \fBnewaliases\fR(1), \fBpostalias\fR(1) and \fBpostmap\fR(1) commands. On many UNIX systems the default type is @@ -1173,6 +1108,98 @@ another preemption can take place later. Use \fItransport\fR_delivery_slot_loan to specify a transport-specific override, where \fItransport\fR is the master.cf name of the message delivery transport. +.SH default_delivery_status_filter (default: empty) +Optional filter to replace the delivery status code or explanatory +text of successful or unsuccessful deliveries. This does, however, +not allow the replacement of a successful status code (2.X.X) with +an unsuccessful status code (4.X.X or 5.X.X) or vice versa. +.PP +Specify zero or more "type:table" lookup table names, separated +by comma or whitespace. With each bounce or defer request, the +tables are queried in the specified order with one line of text +that is structured as follows: +.sp +.in +4 +enhanced-status-code SPACE explanatory-text +.in -4 +.PP +The first table match wins. The lookup result must have the +same structure as the query, a successful status code (2.X.X) must +be replaced with a successful status code, an unsuccessful status +code (4.X.X or 5.X.X) must be replaced with an unsuccessful status +code, and the explanatory text field must be non-empty. Other results +will result in a warning. +.PP +Example 1: convert specific soft TLS errors into hard errors, +by overriding the first number in the enhanced status code. +.sp +.in +4 +.nf +.na +.ft C +/etc/postfix/main.cf: + smtp_delivery_status_filter = pcre:/etc/postfix/smtp_dsn_filter +.fi +.ad +.ft R +.in -4 +.sp +.in +4 +.nf +.na +.ft C +/etc/postfix/smtp_dsn_filter: + /^4(\e.\ed+\e.\ed+ TLS is required, but host \eS+ refused to start TLS: .+)/ + 5$1 + /^4(\e.\ed+\e.\ed+ TLS is required, but was not offered by host .+)/ + 5$1 + # Do not change the following into hard bounces. They may + # result from a local configuration problem. + # 4.\ed+.\ed+ TLS is required, but our TLS engine is unavailable + # 4.\ed+.\ed+ TLS is required, but unavailable + # 4.\ed+.\ed+ Cannot start TLS: handshake failure +.fi +.ad +.ft R +.in -4 +.PP +Example 2: censor the per-recipient delivery status text so +that it does not not reveal the destination command or filename +when a remote sender requests confirmation of successful delivery. +.sp +.in +4 +.nf +.na +.ft C +/etc/postfix/main.cf: + local_delivery_status_filter = pcre:/etc/postfix/local_dsn_filter +.fi +.ad +.ft R +.in -4 +.sp +.in +4 +.nf +.na +.ft C +/etc/postfix/local_dsn_filter: + /^(2\eS+ delivered to file).+/ $1 + /^(2\eS+ delivered to command).+/ $1 +.fi +.ad +.ft R +.in -4 +.PP +Notes: +.IP \(bu +This feature will NOT override the soft_bounce safety net. +.IP \(bu +This feature will change the enhanced status code and text +that is logged to the maillog file, and that is reported to the +sender in delivery confirmation or non-delivery notifications. +.br +.PP +This feature is available in Postfix 2.12 and later. .SH default_destination_concurrency_failed_cohort_limit (default: 1) How many pseudo-cohorts must suffer connection or handshake failure before a specific destination is considered unavailable @@ -2340,11 +2367,6 @@ The LMTP-specific version of the smtp_body_checks configuration parameter. See there for details. .PP This feature is available in Postfix 2.5 and later. -.SH lmtp_bounce_defer_filter (default: empty) -The LMTP-specific version of the smtp_bounce_defer_filter -configuration parameter. See there for details. -.PP -This feature is available in Postfix 2.12 and later. .SH lmtp_cache_connection (default: yes) Keep Postfix LMTP client connections open for up to $max_idle seconds. When the LMTP client receives a request for the same @@ -2454,6 +2476,11 @@ The LMTP-specific version of the smtp_defer_if_no_mx_address_found configuration parameter. See there for details. .PP This feature is available in Postfix 2.3 and later. +.SH lmtp_delivery_status_filter (default: empty) +The LMTP-specific version of the smtp_delivery_status_filter +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.12 and later. .SH lmtp_destination_concurrency_limit (default: $default_destination_concurrency_limit) The maximal number of parallel deliveries to the same destination via the lmtp message delivery transport. This limit is enforced by @@ -2929,12 +2956,6 @@ Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). The default time unit is s (seconds). .PP This feature is available in Postfix 2.1 and later. -.SH local_bounce_defer_filter (default: $default_bounce_defer_filter) -Optional filter to change arbitrary hard delivery errors into -soft errors and vice versa in the \fBlocal\fR(8) delivery agent. See -default_bounce_defer_filter for details. -.PP -This feature is available in Postfix 2.12 and later. .SH local_command_shell (default: empty) Optional shell program for \fBlocal\fR(8) delivery to non-Postfix command. By default, non-Postfix commands are executed directly; commands @@ -2959,6 +2980,12 @@ local_command_shell = /bin/bash -c .fi .ad .ft R +.SH local_delivery_status_filter (default: $default_delivery_status_filter) +Optional filter for the \fBlocal\fR(8) delivery agent to change the +status code or explanatory text of successful or unsuccessful +deliveries. See default_delivery_status_filter for details. +.PP +This feature is available in Postfix 2.12 and later. .SH local_destination_concurrency_limit (default: 2) The maximal number of parallel deliveries via the local mail delivery transport to the same recipient (when @@ -4173,10 +4200,10 @@ The name of the \fBpickup\fR(8) service. This service picks up local mail submissions from the Postfix maildrop queue. .PP This feature is available in Postfix 2.0 and later. -.SH pipe_bounce_defer_filter (default: $default_bounce_defer_filter) -Optional filter to change arbitrary hard delivery errors into -soft errors and vice versa in the \fBpipe\fR(8) delivery agent. See -default_bounce_defer_filter for details. +.SH pipe_delivery_status_filter (default: $default_delivery_status_filter) +Optional filter for the \fBpipe\fR(8) delivery agent to change the +delivery status code or explanatory text of successful or unsuccessful +deliveries. See default_delivery_status_filter for details. .PP This feature is available in Postfix 2.12 and later. .SH plaintext_reject_code (default: 450) @@ -5852,16 +5879,6 @@ These tables are searched while mail is being delivered. Actions that change the delivery time or destination are not available. .PP This feature is available in Postfix 2.5 and later. -.SH smtp_bounce_defer_filter (default: $default_bounce_defer_filter) -Optional filter to change arbitrary hard delivery errors into -soft errors and vice versa in the \fBsmtp\fR(8) delivery agent. See -default_bounce_defer_filter for details. -.PP -NOTE: This feature modifies error messages that are generated -by the Postfix SMTP client, and that may or may not be derived from -remote SMTP server responses. In contrast, the smtp_reply_filter -feature modifies remote SMTP server responses that may result in -email non-delivery or delivery. .SH smtp_cname_overrides_servername (default: version dependent) When the remote SMTP servername is a DNS CNAME, replace the servername with the result from CNAME expansion for the purpose of @@ -6027,6 +6044,15 @@ or worse preference than the local MTA itself. .PP This feature is available in Postfix 2.1 and later. +.SH smtp_delivery_status_filter (default: $default_delivery_status_filter) +Optional filter for the \fBsmtp\fR(8) delivery agent to change the +delivery status code or explanatory text of successful or unsuccessful +deliveries. See default_delivery_status_filter for details. +.PP +NOTE: This feature modifies Postfix SMTP client error or non-error +messages that may or may not be derived from remote SMTP server +responses. In contrast, the smtp_reply_filter feature modifies +remote SMTP server responses only. .SH smtp_destination_concurrency_limit (default: $default_destination_concurrency_limit) The maximal number of parallel deliveries to the same destination via the smtp message delivery transport. This limit is enforced by @@ -12338,10 +12364,10 @@ reach the sum of the expansion and recursion limits. This may change in the future. .PP This feature is available in Postfix 2.1 and later. -.SH virtual_bounce_defer_filter (default: $default_bounce_defer_filter) -Optional filter to change arbitrary hard delivery errors into -soft errors and vice versa in the \fBvirtual\fR(8) delivery agent. See -default_bounce_defer_filter for details. +.SH virtual_delivery_status_filter (default: $default_delivery_status_filter) +Optional filter for the \fBvirtual\fR(8) delivery agent to change the +delivery status code or explanatory text of successful or unsuccessful +deliveries. See default_delivery_status_filter for details. .PP This feature is available in Postfix 2.12 and later. .SH virtual_destination_concurrency_limit (default: $default_destination_concurrency_limit) diff --git a/postfix/man/man8/local.8 b/postfix/man/man8/local.8 index b8d780b39..9feeaa01b 100644 --- a/postfix/man/man8/local.8 +++ b/postfix/man/man8/local.8 @@ -421,9 +421,10 @@ attribute, when delivering mail to a child alias that does not have its own owner alias. .PP Available in Postfix version 2.12 and later: -.IP "\fBlocal_bounce_defer_filter ($default_bounce_defer_filter)\fR" -Optional filter to change arbitrary hard delivery errors into -soft errors and vice versa in the \fBlocal\fR(8) delivery agent. +.IP "\fBlocal_delivery_status_filter ($default_delivery_status_filter)\fR" +Optional filter for the \fBlocal\fR(8) delivery agent to change the +status code or explanatory text of successful or unsuccessful +deliveries. .SH "DELIVERY METHOD CONTROLS" .na .nf diff --git a/postfix/man/man8/pipe.8 b/postfix/man/man8/pipe.8 index 578628e23..a3754d291 100644 --- a/postfix/man/man8/pipe.8 +++ b/postfix/man/man8/pipe.8 @@ -426,9 +426,10 @@ The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". .PP Available in Postfix version 2.12 and later: -.IP "\fBpipe_bounce_defer_filter ($default_bounce_defer_filter)\fR" -Optional filter to change arbitrary hard delivery errors into -soft errors and vice versa in the \fBpipe\fR(8) delivery agent. +.IP "\fBpipe_delivery_status_filter ($default_delivery_status_filter)\fR" +Optional filter for the \fBpipe\fR(8) delivery agent to change the +delivery status code or explanatory text of successful or unsuccessful +deliveries. .SH "SEE ALSO" .na .nf diff --git a/postfix/man/man8/smtp.8 b/postfix/man/man8/smtp.8 index 1f257b275..f723f1be9 100644 --- a/postfix/man/man8/smtp.8 +++ b/postfix/man/man8/smtp.8 @@ -276,9 +276,10 @@ Available in Postfix version 2.11 and later: Level of DNS support in the Postfix SMTP client. .PP Available in Postfix version 2.12 and later: -.IP "\fBsmtp_bounce_defer_filter ($default_bounce_defer_filter)\fR" -Optional filter to change arbitrary hard delivery errors into -soft errors and vice versa in the \fBsmtp\fR(8) delivery agent. +.IP "\fBsmtp_delivery_status_filter ($default_delivery_status_filter)\fR" +Optional filter for the \fBsmtp\fR(8) delivery agent to change the +delivery status code or explanatory text of successful or unsuccessful +deliveries. .SH "MIME PROCESSING CONTROLS" .na .nf diff --git a/postfix/man/man8/virtual.8 b/postfix/man/man8/virtual.8 index a61cffe66..743992c28 100644 --- a/postfix/man/man8/virtual.8 +++ b/postfix/man/man8/virtual.8 @@ -283,9 +283,10 @@ The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". .PP Available in Postfix version 2.12 and later: -.IP "\fBvirtual_bounce_defer_filter ($default_bounce_defer_filter)\fR" -Optional filter to change arbitrary hard delivery errors into -soft errors and vice versa in the \fBvirtual\fR(8) delivery agent. +.IP "\fBvirtual_delivery_status_filter ($default_delivery_status_filter)\fR" +Optional filter for the \fBvirtual\fR(8) delivery agent to change the +delivery status code or explanatory text of successful or unsuccessful +deliveries. .SH "SEE ALSO" .na .nf diff --git a/postfix/mantools/postlink b/postfix/mantools/postlink index ff86a8ffe..73e69278d 100755 --- a/postfix/mantools/postlink +++ b/postfix/mantools/postlink @@ -133,7 +133,7 @@ while (<>) { s;\bdaemon_timeout\b;$&;g; s;\bdebug_peer_level\b;$&;g; s;\bdebug_peer_list\b;$&;g; - s;\bdefault_bounce_defer_filter\b;$&;g; + s;\bdefault_delivery_status_filter\b;$&;g; s;\bdefault_data[-]*\n* *[]*base_type\b;$&;g; s;\bdefault_deliv[-]*\n* *[]*ery_slot_cost\b;$&;g; s;\bdefault_deliv[-]*\n* *[]*ery_slot_discount\b;$&;g; @@ -213,7 +213,7 @@ while (<>) { s;\blmtp_address_preference\b;$&;g; s;\blmtp_body_checks\b;$&;g; s;\blmtp_cname_overrides_servername\b;$&;g; - s;\blmtp_bounce_defer_filter\b;$&;g; + s;\blmtp_delivery_status_filter\b;$&;g; s;\blmtp_dns_resolver_options\b;$&;g; s;\blmtp_dns_support_level\b;$&;g; s;\blmtp_header_checks\b;$&;g; @@ -307,7 +307,7 @@ while (<>) { s;\blmtp_skip_quit_response\b;$&;g; s;\blmtp_tcp_port\b;$&;g; s;\blmtp_xforward_timeout\b;$&;g; - s;\blocal_bounce_defer_filter\b;$&;g; + s;\blocal_delivery_status_filter\b;$&;g; s;\blocal_command_shell\b;$&;g; s;\blocal_destina[-]*\n* *[]*tion_concurrency_limit\b;$&;g; s;\blocal_destina[-]*\n* *[]*tion_recip[-]*\n* *[]*ient_limit\b;$&;g; @@ -360,7 +360,7 @@ while (<>) { s;\bpar[-]*\n* *[]*ent_domain_matches_subdomains\b;$&;g; s;\bpermit_mx_backup_networks\b;$&;g; s;\bpickup_service_name\b;$&;g; - s;\bpipe_bounce_defer_filter\b;$&;g; + s;\bpipe_delivery_status_filter\b;$&;g; s;\bplaintext_reject_code\b;$&;g; s;\bpost[-]*\n* *[]*multi_start_commands\b;$&;g; s;\bpost[-]*\n* *[]*multi_stop_commands\b;$&;g; @@ -455,7 +455,7 @@ while (<>) { s;\bsmtp_connection_cache_time_limit\b;$&;g; s;\bsmtp_connection_cache_destinations\b;$&;g; - s;\bsmtp_bounce_defer_filter\b;$&;g; + s;\bsmtp_delivery_status_filter\b;$&;g; s;\bsmtp_data_done_timeout\b;$&;g; s;\bsmtp_data_init_timeout\b;$&;g; s;\bsmtp_data_xfer_timeout\b;$&;g; @@ -606,7 +606,7 @@ while (<>) { s;\bvir[-]*\n*[ ]*tual_alias_maps\b;$&;g; s;\bvir[-]*\n*[ ]*tual_maps\b;$&;g; s;\bvir[-]*\n*[ ]*tual_alias_recursion_limit\b;$&;g; - s;\bvir[-]*\n*[ ]*tual_bounce_defer_filter\b;$&;g; + s;\bvir[-]*\n*[ ]*tual_delivery_status_filter\b;$&;g; s;\bvir[-]*\n*[ ]*tual_gid_maps\b;$&;g; s;\bvir[-]*\n*[ ]*tual_mail[-]*\n* *[]*box_base\b;$&;g; s;\bvir[-]*\n*[ ]*tual_mail[-]*\n* *[]*box_domains\b;$&;g; diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index effee2c84..e621cbb8c 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -15616,12 +15616,12 @@ anchor assertion) TLSA records.

This feature is available in Postfix 2.11 and later.

-%PARAM default_bounce_defer_filter +%PARAM default_delivery_status_filter -

Optional filter to change arbitrary hard delivery errors into -soft errors and vice versa. This is implemented by rewriting the -three-number enhanced status code and the explanatory text in a -Postfix delivery agent bounce/defer message.

+

Optional filter to replace the delivery status code or explanatory +text of successful or unsuccessful deliveries. This does, however, +not allow the replacement of a successful status code (2.X.X) with +an unsuccessful status code (4.X.X or 5.X.X) or vice versa.

Specify zero or more "type:table" lookup table names, separated by comma or whitespace. With each bounce or defer request, the @@ -15633,27 +15633,25 @@ enhanced-status-code SPACE explanatory-text

The first table match wins. The lookup result must have the -same structure as the query: enhanced status codes must have a -first numerical field of 4 (defer) or 5 (bounce), and the explanatory -text field must be non-empty. Other results will result in a warning. -

+same structure as the query, a successful status code (2.X.X) must +be replaced with a successful status code, an unsuccessful status +code (4.X.X or 5.X.X) must be replaced with an unsuccessful status +code, and the explanatory text field must be non-empty. Other results +will result in a warning.

-

Example:

- -

The following example turns specific soft TLS errors into hard -errors, by overriding the first number in the enhanced status code. -

+

Example 1: convert specific soft TLS errors into hard errors, +by overriding the first number in the enhanced status code. 

 /etc/postfix/main.cf:
-    smtp_bounce_defer_filter = pcre:/etc/postfix/smtp_ndr_filter
+    smtp_delivery_status_filter = pcre:/etc/postfix/smtp_dsn_filter
 
-/etc/postfix/smtp_ndr_filter:
+/etc/postfix/smtp_dsn_filter:
     /^4(\.\d+\.\d+ TLS is required, but host \S+ refused to start TLS: .+)/
         5$1
     /^4(\.\d+\.\d+ TLS is required, but was not offered by host .+)/
@@ -15666,6 +15664,26 @@ errors, by overriding the first number in the enhanced status code.
+

Example 2: censor the per-recipient delivery status text so +that it does not not reveal the destination command or filename +when a remote sender requests confirmation of successful delivery. +

+ +
+
+/etc/postfix/main.cf:
+    local_delivery_status_filter = pcre:/etc/postfix/local_dsn_filter
+
+
+ +
+
+/etc/postfix/local_dsn_filter:
+    /^(2\S+ delivered to file).+/    $1
+    /^(2\S+ delivered to command).+/ $1
+
+
+

Notes:

    @@ -15674,51 +15692,51 @@ errors, by overriding the first number in the enhanced status code.

  • This feature will change the enhanced status code and text that is logged to the maillog file, and that is reported to the -sender.

    +sender in delivery confirmation or non-delivery notifications. +

This feature is available in Postfix 2.12 and later.

-%PARAM smtp_bounce_defer_filter $default_bounce_defer_filter +%PARAM smtp_delivery_status_filter $default_delivery_status_filter -

Optional filter to change arbitrary hard delivery errors into -soft errors and vice versa in the smtp(8) delivery agent. See -default_bounce_defer_filter for details.

+

Optional filter for the smtp(8) delivery agent to change the +delivery status code or explanatory text of successful or unsuccessful +deliveries. See default_delivery_status_filter for details.

-

NOTE: This feature modifies error messages that are generated -by the Postfix SMTP client, and that may or may not be derived from -remote SMTP server responses. In contrast, the smtp_reply_filter -feature modifies remote SMTP server responses that may result in -email non-delivery or delivery.

+

NOTE: This feature modifies Postfix SMTP client error or non-error +messages that may or may not be derived from remote SMTP server +responses. In contrast, the smtp_reply_filter feature modifies +remote SMTP server responses only.

-%PARAM lmtp_bounce_defer_filter +%PARAM lmtp_delivery_status_filter -

The LMTP-specific version of the smtp_bounce_defer_filter +

The LMTP-specific version of the smtp_delivery_status_filter configuration parameter. See there for details.

This feature is available in Postfix 2.12 and later.

-%PARAM pipe_bounce_defer_filter $default_bounce_defer_filter +%PARAM pipe_delivery_status_filter $default_delivery_status_filter -

Optional filter to change arbitrary hard delivery errors into -soft errors and vice versa in the pipe(8) delivery agent. See -default_bounce_defer_filter for details.

+

Optional filter for the pipe(8) delivery agent to change the +delivery status code or explanatory text of successful or unsuccessful +deliveries. See default_delivery_status_filter for details.

This feature is available in Postfix 2.12 and later.

-%PARAM virtual_bounce_defer_filter $default_bounce_defer_filter +%PARAM virtual_delivery_status_filter $default_delivery_status_filter -

Optional filter to change arbitrary hard delivery errors into -soft errors and vice versa in the virtual(8) delivery agent. See -default_bounce_defer_filter for details.

+

Optional filter for the virtual(8) delivery agent to change the +delivery status code or explanatory text of successful or unsuccessful +deliveries. See default_delivery_status_filter for details.

This feature is available in Postfix 2.12 and later.

-%PARAM local_bounce_defer_filter $default_bounce_defer_filter +%PARAM local_delivery_status_filter $default_delivery_status_filter -

Optional filter to change arbitrary hard delivery errors into -soft errors and vice versa in the local(8) delivery agent. See -default_bounce_defer_filter for details.

+

Optional filter for the local(8) delivery agent to change the +status code or explanatory text of successful or unsuccessful +deliveries. See default_delivery_status_filter for details.

This feature is available in Postfix 2.12 and later.

diff --git a/postfix/src/global/Makefile.in b/postfix/src/global/Makefile.in index f5799eb0e..355465c1a 100644 --- a/postfix/src/global/Makefile.in +++ b/postfix/src/global/Makefile.in @@ -32,7 +32,7 @@ SRCS = abounce.c anvil_clnt.c been_here.c bounce.c bounce_log.c \ match_service.c mail_conf_nint.c addr_match_list.c mail_conf_nbool.c \ smtp_reply_footer.c safe_ultostr.c verify_sender_addr.c \ dict_memcache.c mail_version.c memcache_proto.c server_acl.c \ - mkmap_fail.c haproxy_srvr.c ndr_filter.c + mkmap_fail.c haproxy_srvr.c dsn_filter.c OBJS = abounce.o anvil_clnt.o been_here.o bounce.o bounce_log.o \ canon_addr.o cfg_parser.o cleanup_strerror.o cleanup_strflags.o \ clnt_stream.o conv_time.o db_common.o debug_peer.o debug_process.o \ @@ -66,7 +66,7 @@ OBJS = abounce.o anvil_clnt.o been_here.o bounce.o bounce_log.o \ match_service.o mail_conf_nint.o addr_match_list.o mail_conf_nbool.o \ smtp_reply_footer.o safe_ultostr.o verify_sender_addr.o \ dict_memcache.o mail_version.o memcache_proto.o server_acl.o \ - mkmap_fail.o haproxy_srvr.o ndr_filter.o + mkmap_fail.o haproxy_srvr.o dsn_filter.o HDRS = abounce.h anvil_clnt.h been_here.h bounce.h bounce_log.h \ canon_addr.h cfg_parser.h cleanup_user.h clnt_stream.h config.h \ conv_time.h db_common.h debug_peer.h debug_process.h defer.h \ @@ -93,7 +93,7 @@ HDRS = abounce.h anvil_clnt.h been_here.h bounce.h bounce_log.h \ fold_addr.h header_body_checks.h data_redirect.h match_service.h \ addr_match_list.h smtp_reply_footer.h safe_ultostr.h \ verify_sender_addr.h dict_memcache.h memcache_proto.h server_acl.h \ - haproxy_srvr.h ndr_filter.h + haproxy_srvr.h dsn_filter.h TESTSRC = rec2stream.c stream2rec.c recdump.c DEFS = -I. -I$(INC_DIR) -D$(SYSTYPE) CFLAGS = $(DEBUG) $(OPT) $(DEFS) @@ -666,7 +666,7 @@ bounce.o: log_adhoc.h bounce.o: mail_params.h bounce.o: mail_proto.h bounce.o: msg_stats.h -bounce.o: ndr_filter.h +bounce.o: dsn_filter.h bounce.o: rcpt_print.h bounce.o: recipient_list.h bounce.o: trace.h @@ -812,7 +812,7 @@ defer.o: mail_params.h defer.o: mail_proto.h defer.o: mail_queue.h defer.o: msg_stats.h -defer.o: ndr_filter.h +defer.o: dsn_filter.h defer.o: rcpt_print.h defer.o: recipient_list.h defer.o: trace.h @@ -1806,20 +1806,20 @@ namadr_list.o: ../../include/match_list.h namadr_list.o: ../../include/sys_defs.h namadr_list.o: namadr_list.c namadr_list.o: namadr_list.h -ndr_filter.o: ../../include/argv.h -ndr_filter.o: ../../include/dict.h -ndr_filter.o: ../../include/msg.h -ndr_filter.o: ../../include/myflock.h -ndr_filter.o: ../../include/mymalloc.h -ndr_filter.o: ../../include/sys_defs.h -ndr_filter.o: ../../include/vbuf.h -ndr_filter.o: ../../include/vstream.h -ndr_filter.o: ../../include/vstring.h -ndr_filter.o: dsn.h -ndr_filter.o: dsn_util.h -ndr_filter.o: maps.h -ndr_filter.o: ndr_filter.c -ndr_filter.o: ndr_filter.h +dsn_filter.o: ../../include/argv.h +dsn_filter.o: ../../include/dict.h +dsn_filter.o: ../../include/msg.h +dsn_filter.o: ../../include/myflock.h +dsn_filter.o: ../../include/mymalloc.h +dsn_filter.o: ../../include/sys_defs.h +dsn_filter.o: ../../include/vbuf.h +dsn_filter.o: ../../include/vstream.h +dsn_filter.o: ../../include/vstring.h +dsn_filter.o: dsn.h +dsn_filter.o: dsn_util.h +dsn_filter.o: maps.h +dsn_filter.o: dsn_filter.c +dsn_filter.o: dsn_filter.h off_cvt.o: ../../include/msg.h off_cvt.o: ../../include/sys_defs.h off_cvt.o: ../../include/vbuf.h diff --git a/postfix/src/global/bounce.c b/postfix/src/global/bounce.c index 77496ef37..4e6a305f0 100644 --- a/postfix/src/global/bounce.c +++ b/postfix/src/global/bounce.c @@ -53,7 +53,7 @@ /* const char *title; /* const char *maps; /* INTERNAL API -/* NDR_FILTER *bounce_defer_filter; +/* DSN_FILTER *delivery_status_filter; /* /* int bounce_append_intern(flags, id, stats, recipient, relay, dsn) /* int flags; @@ -181,7 +181,7 @@ /* Global library. */ -#define BOUNCE_DEFER_INTERN +#define DSN_INTERN #include #include #include @@ -195,7 +195,7 @@ /* Shared internally, between bounce and defer clients. */ -NDR_FILTER *bounce_defer_filter; +DSN_FILTER *delivery_status_filter; /* bounce_append - append delivery status to per-message bounce log */ @@ -218,8 +218,8 @@ int bounce_append(int flags, const char *id, MSG_STATS *stats, /* * DSN filter (Postfix 2.12). */ - if (bounce_defer_filter != 0 - && (dsn_res = ndr_filter_lookup(bounce_defer_filter, &my_dsn)) != 0) { + if (delivery_status_filter != 0 + && (dsn_res = dsn_filter_lookup(delivery_status_filter, &my_dsn)) != 0) { if (dsn_res->status[0] == '4') return (defer_append_intern(flags, id, stats, rcpt, relay, dsn_res)); my_dsn = *dsn_res; @@ -406,8 +406,8 @@ int bounce_one(int flags, const char *queue, const char *id, /* * DSN filter (Postfix 2.12). */ - if (bounce_defer_filter != 0 - && (dsn_res = ndr_filter_lookup(bounce_defer_filter, &my_dsn)) != 0) { + if (delivery_status_filter != 0 + && (dsn_res = dsn_filter_lookup(delivery_status_filter, &my_dsn)) != 0) { if (dsn_res->status[0] == '4') return (defer_append_intern(flags, id, stats, rcpt, relay, dsn_res)); my_dsn = *dsn_res; @@ -508,8 +508,8 @@ void bounce_client_init(const char *title, const char *maps) { const char myname[] = "bounce_client_init"; - if (bounce_defer_filter != 0) + if (delivery_status_filter != 0) msg_panic("%s: duplicate initialization", myname); if (*maps) - bounce_defer_filter = ndr_filter_create(title, maps); + delivery_status_filter = dsn_filter_create(title, maps); } diff --git a/postfix/src/global/bounce.h b/postfix/src/global/bounce.h index bb7127841..b72503edb 100644 --- a/postfix/src/global/bounce.h +++ b/postfix/src/global/bounce.h @@ -70,11 +70,11 @@ extern void bounce_client_init(const char *, const char *); * Start of private API. */ -#ifdef BOUNCE_DEFER_INTERN +#ifdef DSN_INTERN -#include +#include -extern NDR_FILTER *bounce_defer_filter; +extern DSN_FILTER *delivery_status_filter; extern int bounce_append_intern(int, const char *, MSG_STATS *, RECIPIENT *, const char *, DSN *); diff --git a/postfix/src/global/defer.c b/postfix/src/global/defer.c index d4aab325f..17eea9a5c 100644 --- a/postfix/src/global/defer.c +++ b/postfix/src/global/defer.c @@ -77,7 +77,7 @@ /* question has been deferred. The defer log is not deleted, /* and no recipients are deleted from the original queue file. /* -/* defer_one() implements ndr_filter(3) compatibility for the +/* defer_one() implements dsn_filter(3) compatibility for the /* bounce_one() routine. /* /* defer_append_intern() is for use after the DSN filter. @@ -160,7 +160,7 @@ /* Global library. */ -#define BOUNCE_DEFER_INTERN +#define DSN_INTERN #include #include #include @@ -195,8 +195,8 @@ int defer_append(int flags, const char *id, MSG_STATS *stats, /* * DSN filter (Postfix 2.12). */ - if (bounce_defer_filter != 0 - && (dsn_res = ndr_filter_lookup(bounce_defer_filter, &my_dsn)) != 0) { + if (delivery_status_filter != 0 + && (dsn_res = dsn_filter_lookup(delivery_status_filter, &my_dsn)) != 0) { if (dsn_res->status[0] == '5') return (bounce_append_intern(flags, id, stats, rcpt, relay, dsn_res)); my_dsn = *dsn_res; @@ -351,8 +351,8 @@ int defer_one(int flags, const char *queue, const char *id, /* * DSN filter (Postfix 2.12). */ - if (bounce_defer_filter != 0 - && (dsn_res = ndr_filter_lookup(bounce_defer_filter, &my_dsn)) != 0) { + if (delivery_status_filter != 0 + && (dsn_res = dsn_filter_lookup(delivery_status_filter, &my_dsn)) != 0) { if (dsn_res->status[0] == '5') return (bounce_one_intern(flags, queue, id, encoding, sender, dsn_envid, dsn_ret, stats, rcpt, diff --git a/postfix/src/global/defer.h b/postfix/src/global/defer.h index 45f878435..0b6ea4d2f 100644 --- a/postfix/src/global/defer.h +++ b/postfix/src/global/defer.h @@ -33,7 +33,7 @@ extern int defer_one(int, const char *, const char *, const char *, /* * Start of private API. */ -#ifdef BOUNCE_DEFER_INTERN +#ifdef DSN_INTERN extern int defer_append_intern(int, const char *, MSG_STATS *, RECIPIENT *, const char *, DSN *); diff --git a/postfix/src/global/dsn_filter.c b/postfix/src/global/dsn_filter.c new file mode 100644 index 000000000..ff5586a98 --- /dev/null +++ b/postfix/src/global/dsn_filter.c @@ -0,0 +1,192 @@ +/*++ +/* NAME +/* dsn_filter 3 +/* SUMMARY +/* filter DSN status or text +/* SYNOPSIS +/* #include +/* +/* DSN_FILTER *dsn_filter_create( +/* const char *title, +/* const char *map_names) +/* +/* DSN *dsn_filter_lookup( +/* DSN_FILTER *fp, +/* DSN *dsn) +/* +/* void dsn_free( +/* DSN_FILTER *fp) +/* DESCRIPTION +/* This module maps (bounce or defer non-delivery status code +/* and text) into replacement (bounce or defer non-delivery +/* status code and text), or maps (success status code and +/* text) into replacement (success status code and text). Other +/* DSN attributes are passed through without modification. +/* +/* dsn_filter_create() instantiates a DSN filter. +/* +/* dsn_filter_lookup() queries the specified filter. The input +/* DSN must be a success, bounce or defer DSN. If a match is +/* found a non-delivery status must map to a non-delivery +/* status, a success status must map to a success status, and +/* the text must be non-empty. The result is a null pointer +/* when no valid match is found. Otherwise, the result is +/* overwritten upon each call. This function must not be +/* called with the result from a dsn_filter_lookup() call. +/* +/* dsn_free() destroys the specified DSN filter. +/* +/* Arguments: +/* .IP title +/* Origin of the mapnames argument, typically a configuration +/* parameter name. This is reported in diagnostics. +/* .IP mapnames +/* List of lookup tables, separated by whitespace or comma. +/* .IP fp +/* filter created with dsn_filter_create() +/* .IP dsn +/* A success, bounce or defer DSN data structure. The +/* dsn_filter_lookup() result value is in part a shallow copy +/* of this argument. +/* SEE ALSO +/* maps(3) multi-table search +/* DIAGNOSTICS +/* Panic: invalid dsn argument; recursive call. Fatal error: +/* memory allocation problem. Warning: invalid DSN lookup +/* result. +/* LICENSE +/* .ad +/* .fi +/* The Secure Mailer license must be distributed with this software. +/* AUTHOR(S) +/* Wietse Venema +/* IBM T.J. Watson Research +/* P.O. Box 704 +/* Yorktown Heights, NY 10598, USA +/*--*/ + + /* + * System libraries. + */ +#include + + /* + * Utility library. + */ +#include +#include +#include + + /* + * Global library. + */ +#include +#include +#include +#include +#include + + /* + * Private data structure. + */ +struct DSN_FILTER { + MAPS *maps; /* Replacement (status, text) */ + VSTRING *buffer; /* Status code and text */ + DSN_SPLIT dp; /* Parsing aid */ + DSN dsn; /* Shallow copy */ +}; + + /* + * SLMs. + */ +#define STR(x) vstring_str(x) + +/* dsn_filter_create - create bounce/defer NDR filter */ + +DSN_FILTER *dsn_filter_create(const char *title, const char *map_names) +{ + const char myname[] = "dsn_filter_create"; + DSN_FILTER *fp; + + if (msg_verbose) + msg_info("%s: %s %s", myname, title, map_names); + + fp = (DSN_FILTER *) mymalloc(sizeof(*fp)); + fp->buffer = vstring_alloc(100); + fp->maps = maps_create(title, map_names, DICT_FLAG_LOCK); + return (fp); +} + +/* dsn_filter_lookup - apply bounce/defer NDR filter */ + +DSN *dsn_filter_lookup(DSN_FILTER *fp, DSN *dsn) +{ + const char myname[] = "dsn_filter_lookup"; + const char *result; + int ndr_dsn = 0; + + if (msg_verbose) + msg_info("%s: %s %s", myname, dsn->status, dsn->reason); + + /* + * XXX Instead of hard-coded '4' etc., use some form of encapsulation + * when reading or updating the status class field. + */ +#define IS_SUCCESS_DSN(s) (dsn_valid(s) && (s)[0] == '2') +#define IS_NDR_DSN(s) (dsn_valid(s) && ((s)[0] == '4' || (s)[0] == '5')) + + /* + * Sanity check. We filter only success/bounce/defer DSNs. + */ + if (IS_SUCCESS_DSN(dsn->status)) + ndr_dsn = 0; + else if (IS_NDR_DSN(dsn->status)) + ndr_dsn = 1; + else + msg_panic("%s: dsn argument with bad status code: %s", + myname, dsn->status); + + /* + * Sanity check. A DSN filter must not be invoked with its own result. + */ + if (dsn->reason == fp->dsn.reason) + msg_panic("%s: recursive call is not allowed", myname); + + /* + * Look up replacement status and text. + */ + vstring_sprintf(fp->buffer, "%s %s", dsn->status, dsn->reason); + if ((result = maps_find(fp->maps, STR(fp->buffer), 0)) != 0) { + /* Sanity check. Do not allow success<=>error mappings. */ + if ((ndr_dsn == 0 && !IS_SUCCESS_DSN(result)) + || (ndr_dsn != 0 && !IS_NDR_DSN(result))) { + msg_warn("%s: bad status code: %s", fp->maps->title, result); + return (0); + } else { + vstring_strcpy(fp->buffer, result); + dsn_split(&fp->dp, "can't happen", STR(fp->buffer)); + (void) DSN_ASSIGN(&fp->dsn, DSN_STATUS(fp->dp.dsn), + (result[0] == '4' ? "delayed" : + result[0] == '5' ? "failed" : + dsn->action), + fp->dp.text, dsn->dtype, dsn->dtext, + dsn->mtype, dsn->mname); + return (&fp->dsn); + } + } + return (0); +} + +/* dsn_filter_free - destroy bounce/defer NDR filter */ + +void dsn_filter_free(DSN_FILTER *fp) +{ + const char myname[] = "dsn_filter_free"; + + if (msg_verbose) + msg_info("%s: %s", myname, fp->maps->title); + + maps_free(fp->maps); + vstring_free(fp->buffer); + myfree((char *) fp); +} diff --git a/postfix/src/global/ndr_filter.h b/postfix/src/global/dsn_filter.h similarity index 52% rename from postfix/src/global/ndr_filter.h rename to postfix/src/global/dsn_filter.h index 1a1f7d1ab..43378dd96 100644 --- a/postfix/src/global/ndr_filter.h +++ b/postfix/src/global/dsn_filter.h @@ -1,24 +1,24 @@ -#ifndef _NDR_FILTER_H_INCLUDED_ -#define _NDR_FILTER_H_INCLUDED_ +#ifndef _DSN_FILTER_H_INCLUDED_ +#define _DSN_FILTER_H_INCLUDED_ /*++ /* NAME -/* ndr_filter 3h +/* dsn_filter 3h /* SUMMARY /* bounce/defer DSN filter /* SYNOPSIS -/* #include +/* #include /* DESCRIPTION /* .nf /* * External interface. */ -typedef struct NDR_FILTER NDR_FILTER; +typedef struct DSN_FILTER DSN_FILTER; -extern NDR_FILTER *ndr_filter_create(const char *, const char *); -extern DSN *ndr_filter_lookup(NDR_FILTER *, DSN *); -extern void ndr_filter_free(NDR_FILTER *); +extern DSN_FILTER *dsn_filter_create(const char *, const char *); +extern DSN *dsn_filter_lookup(DSN_FILTER *, DSN *); +extern void dsn_filter_free(DSN_FILTER *); /* LICENSE /* .ad diff --git a/postfix/src/global/mail_params.c b/postfix/src/global/mail_params.c index f322af651..6e4378c2f 100644 --- a/postfix/src/global/mail_params.c +++ b/postfix/src/global/mail_params.c @@ -121,7 +121,7 @@ /* bool var_multi_enable; /* bool var_long_queue_ids; /* bool var_daemon_open_fatal; -/* char *var_ndr_filter; +/* char *var_dsn_filter; /* /* void mail_params_init() /* @@ -315,7 +315,7 @@ char *var_multi_name; bool var_multi_enable; bool var_long_queue_ids; bool var_daemon_open_fatal; -char *var_ndr_filter; +char *var_dsn_filter; const char null_format_string[1] = ""; @@ -591,7 +591,7 @@ void mail_params_init() VAR_INT_FILT_CLASSES, DEF_INT_FILT_CLASSES, &var_int_filt_classes, 0, 0, /* multi_instance_wrapper may have dependencies but not dependents. */ VAR_MULTI_WRAPPER, DEF_MULTI_WRAPPER, &var_multi_wrapper, 0, 0, - VAR_NDR_FILTER, DEF_NDR_FILTER, &var_ndr_filter, 0, 0, + VAR_DSN_FILTER, DEF_DSN_FILTER, &var_dsn_filter, 0, 0, 0, }; static const CONFIG_STR_FN_TABLE function_str_defaults_2[] = { diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h index 0069c4d2b..5027990d1 100644 --- a/postfix/src/global/mail_params.h +++ b/postfix/src/global/mail_params.h @@ -3747,27 +3747,27 @@ extern bool var_daemon_open_fatal; /* * Optional DSN bounce/defer filter. */ -#define VAR_NDR_FILTER "default_bounce_defer_filter" -#define DEF_NDR_FILTER "" -extern char *var_ndr_filter; +#define VAR_DSN_FILTER "default_delivery_status_filter" +#define DEF_DSN_FILTER "" +extern char *var_dsn_filter; -#define VAR_SMTP_NDR_FILTER "smtp_bounce_defer_filter" -#define DEF_SMTP_NDR_FILTER "$" VAR_NDR_FILTER -#define VAR_LMTP_NDR_FILTER "lmtp_bounce_defer_filter" -#define DEF_LMTP_NDR_FILTER "$" VAR_NDR_FILTER -extern char *var_smtp_ndr_filter; +#define VAR_SMTP_DSN_FILTER "smtp_delivery_status_filter" +#define DEF_SMTP_DSN_FILTER "$" VAR_DSN_FILTER +#define VAR_LMTP_DSN_FILTER "lmtp_delivery_status_filter" +#define DEF_LMTP_DSN_FILTER "$" VAR_DSN_FILTER +extern char *var_smtp_dsn_filter; -#define VAR_PIPE_NDR_FILTER "pipe_bounce_defer_filter" -#define DEF_PIPE_NDR_FILTER "$" VAR_NDR_FILTER -extern char *var_pipe_ndr_filter; +#define VAR_PIPE_DSN_FILTER "pipe_delivery_status_filter" +#define DEF_PIPE_DSN_FILTER "$" VAR_DSN_FILTER +extern char *var_pipe_dsn_filter; -#define VAR_VIRT_NDR_FILTER "virtual_bounce_defer_filter" -#define DEF_VIRT_NDR_FILTER "$" VAR_NDR_FILTER -extern char *var_virt_ndr_filter; +#define VAR_VIRT_DSN_FILTER "virtual_delivery_status_filter" +#define DEF_VIRT_DSN_FILTER "$" VAR_DSN_FILTER +extern char *var_virt_dsn_filter; -#define VAR_LOCAL_NDR_FILTER "local_bounce_defer_filter" -#define DEF_LOCAL_NDR_FILTER "$" VAR_NDR_FILTER -extern char *var_local_ndr_filter; +#define VAR_LOCAL_DSN_FILTER "local_delivery_status_filter" +#define DEF_LOCAL_DSN_FILTER "$" VAR_DSN_FILTER +extern char *var_local_dsn_filter; /* LICENSE /* .ad diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 8923bab87..425bfbfe2 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20140318" +#define MAIL_RELEASE_DATE "20140321" #define MAIL_VERSION_NUMBER "2.12" #ifdef SNAPSHOT diff --git a/postfix/src/global/ndr_filter.c b/postfix/src/global/ndr_filter.c deleted file mode 100644 index 105c21aa6..000000000 --- a/postfix/src/global/ndr_filter.c +++ /dev/null @@ -1,182 +0,0 @@ -/*++ -/* NAME -/* ndr_filter 3 -/* SUMMARY -/* bounce or defer NDR filter -/* SYNOPSIS -/* #include -/* -/* NDR_FILTER *ndr_filter_create( -/* const char *title, -/* const char *map_names) -/* -/* DSN *ndr_filter_lookup( -/* NDR_FILTER *fp, -/* DSN *dsn) -/* -/* void dsn_free( -/* NDR_FILTER *fp) -/* DESCRIPTION -/* This module maps a bounce or defer non-delivery status code -/* and text into a bounce or defer non-delivery status code -/* and text. The other DSN attributes are passed through without -/* modification. -/* -/* ndr_filter_create() instantiates a bounce or defer NDR filter. -/* -/* ndr_filter_lookup() queries the specified filter. The DSN -/* must be a bounce or defer DSN. If a match is found and the -/* result is properly formatted, the result value must specify -/* a bounce or defer DSN. The result is in part overwritten -/* upon each call, and is in part a shallow copy of the dsn -/* argument. The result is a null pointer when no valid match -/* is found. This function must not be called with the result -/* from a ndr_filter_lookup() call. -/* -/* dsn_free() destroys the specified NDR filter. -/* -/* Arguments: -/* .IP title -/* Origin of the mapnames argument, typically a configuration -/* parameter name. This is reported in diagnostics. -/* .IP mapnames -/* List of lookup tables, separated by whitespace or comma. -/* .IP fp -/* filter created with ndr_filter_create() -/* .IP dsn -/* A bounce or defer DSN data structure. The ndr_filter_lookup() -/* result value is in part a shallow copy of this argument. -/* SEE ALSO -/* maps(3) multi-table search -/* DIAGNOSTICS -/* Panic: invalid dsn argument; recursive call. Fatal error: -/* memory allocation problem. Warning: invalid DSN lookup -/* result. -/* LICENSE -/* .ad -/* .fi -/* The Secure Mailer license must be distributed with this software. -/* AUTHOR(S) -/* Wietse Venema -/* IBM T.J. Watson Research -/* P.O. Box 704 -/* Yorktown Heights, NY 10598, USA -/*--*/ - - /* - * System libraries. - */ -#include - - /* - * Utility library. - */ -#include -#include -#include - - /* - * Global library. - */ -#include -#include -#include -#include -#include - - /* - * Private data structure. - */ -struct NDR_FILTER { - MAPS *maps; /* Replacement (status, text) */ - VSTRING *buffer; /* Status code and text */ - DSN_SPLIT dp; /* Parsing aid */ - DSN dsn; /* Shallow copy */ -}; - - /* - * SLMs. - */ -#define STR(x) vstring_str(x) - -/* ndr_filter_create - create bounce/defer NDR filter */ - -NDR_FILTER *ndr_filter_create(const char *title, const char *map_names) -{ - const char myname[] = "ndr_filter_create"; - NDR_FILTER *fp; - - if (msg_verbose) - msg_info("%s: %s %s", myname, title, map_names); - - fp = (NDR_FILTER *) mymalloc(sizeof(*fp)); - fp->buffer = vstring_alloc(100); - fp->maps = maps_create(title, map_names, DICT_FLAG_LOCK); - return (fp); -} - -/* ndr_filter_lookup - apply bounce/defer NDR filter */ - -DSN *ndr_filter_lookup(NDR_FILTER *fp, DSN *dsn) -{ - const char myname[] = "ndr_filter_lookup"; - const char *result; - - if (msg_verbose) - msg_info("%s: %s %s", myname, dsn->status, dsn->reason); - - /* - * XXX Instead of hard-coded '4' or '5', use some form of encapsulation - * to read or update the class field. - */ -#define IS_NDR_DSN(s) \ - (dsn_valid(s) && ((s)[0] == '4' || (s)[0] == '5')) - - /* - * Sanity check. We filter only bounce/defer DSNs. - */ - if (!IS_NDR_DSN(dsn->status)) - msg_panic("%s: dsn argument with bad status code: %s", - myname, dsn->status); - - /* - * Sanity check. An NDR filter must not be invoked with its own result. - */ - if (dsn->reason == fp->dsn.reason) - msg_panic("%s: recursive call is not allowed", myname); - - /* - * Look up replacement status and text. - */ - vstring_sprintf(fp->buffer, "%s %s", dsn->status, dsn->reason); - if ((result = maps_find(fp->maps, STR(fp->buffer), 0)) != 0) { - /* Sanity check. We accept only bounce/defer DSNs. */ - if (!IS_NDR_DSN(result)) { - msg_warn("%s: bad status code: %s", fp->maps->title, result); - return (0); - } else { - vstring_strcpy(fp->buffer, result); - dsn_split(&fp->dp, "can't happen", STR(fp->buffer)); - (void) DSN_ASSIGN(&fp->dsn, DSN_STATUS(fp->dp.dsn), - (result[0] == '4' ? "delayed" : "failed"), - fp->dp.text, dsn->dtype, dsn->dtext, - dsn->mtype, dsn->mname); - return (&fp->dsn); - } - } - return (0); -} - -/* ndr_filter_free - destroy bounce/defer NDR filter */ - -void ndr_filter_free(NDR_FILTER *fp) -{ - const char myname[] = "ndr_filter_free"; - - if (msg_verbose) - msg_info("%s: %s", myname, fp->maps->title); - - maps_free(fp->maps); - vstring_free(fp->buffer); - myfree((char *) fp); -} diff --git a/postfix/src/global/sent.c b/postfix/src/global/sent.c index c99ae5b17..48db9327b 100644 --- a/postfix/src/global/sent.c +++ b/postfix/src/global/sent.c @@ -19,8 +19,6 @@ /* message delivery record on request by the sender. The /* flags argument determines the action. /* -/* vsent() implements an alternative interface. -/* /* Arguments: /* .IP flags /* Zero or more of the following: @@ -79,6 +77,7 @@ /* Global library. */ +#define DSN_INTERN #include #include #include @@ -97,6 +96,7 @@ int sent(int flags, const char *id, MSG_STATS *stats, DSN *dsn) { DSN my_dsn = *dsn; + DSN *dsn_res; int status; /* @@ -107,6 +107,13 @@ int sent(int flags, const char *id, MSG_STATS *stats, my_dsn.status = "2.0.0"; } + /* + * DSN filter (Postfix 2.12). + */ + if (delivery_status_filter != 0 + && (dsn_res = dsn_filter_lookup(delivery_status_filter, &my_dsn)) != 0) + my_dsn = *dsn_res; + /* * MTA-requested address verification information is stored in the verify * service database. @@ -147,7 +154,7 @@ int sent(int flags, const char *id, MSG_STATS *stats, vstring_sprintf(junk, "%s: %s service failed", id, var_trace_service); my_dsn.reason = vstring_str(junk); - my_dsn.status ="4.3.0"; + my_dsn.status = "4.3.0"; status = defer_append(flags, id, stats, recipient, relay, &my_dsn); vstring_free(junk); } diff --git a/postfix/src/local/local.c b/postfix/src/local/local.c index b28a759ce..c5ad9b9be 100644 --- a/postfix/src/local/local.c +++ b/postfix/src/local/local.c @@ -387,9 +387,10 @@ /* its own owner alias. /* .PP /* Available in Postfix version 2.12 and later: -/* .IP "\fBlocal_bounce_defer_filter ($default_bounce_defer_filter)\fR" -/* Optional filter to change arbitrary hard delivery errors into -/* soft errors and vice versa in the \fBlocal\fR(8) delivery agent. +/* .IP "\fBlocal_delivery_status_filter ($default_delivery_status_filter)\fR" +/* Optional filter for the \fBlocal\fR(8) delivery agent to change the +/* status code or explanatory text of successful or unsuccessful +/* deliveries. /* DELIVERY METHOD CONTROLS /* .ad /* .fi @@ -904,7 +905,7 @@ int main(int argc, char **argv) VAR_DELIVER_HDR, DEF_DELIVER_HDR, &var_deliver_hdr, 0, 0, VAR_MAILBOX_LOCK, DEF_MAILBOX_LOCK, &var_mailbox_lock, 1, 0, VAR_MAILBOX_CMD_MAPS, DEF_MAILBOX_CMD_MAPS, &var_mailbox_cmd_maps, 0, 0, - VAR_LOCAL_NDR_FILTER, DEF_LOCAL_NDR_FILTER, &var_local_ndr_filter, 0, 0, + VAR_LOCAL_DSN_FILTER, DEF_LOCAL_DSN_FILTER, &var_local_ndr_filter, 0, 0, 0, }; static const CONFIG_BOOL_TABLE bool_table[] = { @@ -943,7 +944,7 @@ int main(int argc, char **argv) MAIL_SERVER_POST_INIT, post_init, MAIL_SERVER_PRE_ACCEPT, pre_accept, MAIL_SERVER_PRIVILEGED, - MAIL_SERVER_BOUNCE_INIT, VAR_LOCAL_NDR_FILTER, + MAIL_SERVER_BOUNCE_INIT, VAR_LOCAL_DSN_FILTER, &var_local_ndr_filter, 0); } diff --git a/postfix/src/master/Makefile.in b/postfix/src/master/Makefile.in index 6b1e2c0ba..d1be8fec7 100644 --- a/postfix/src/master/Makefile.in +++ b/postfix/src/master/Makefile.in @@ -94,7 +94,7 @@ event_server.o: ../../include/deliver_request.h event_server.o: ../../include/dict.h event_server.o: ../../include/dsn.h event_server.o: ../../include/dsn_buf.h -event_server.o: ../../include/ndr_filter.h +event_server.o: ../../include/dsn_filter.h event_server.o: ../../include/events.h event_server.o: ../../include/htable.h event_server.o: ../../include/iostuff.h @@ -300,7 +300,7 @@ multi_server.o: ../../include/deliver_request.h multi_server.o: ../../include/dict.h multi_server.o: ../../include/dsn.h multi_server.o: ../../include/dsn_buf.h -multi_server.o: ../../include/ndr_filter.h +multi_server.o: ../../include/dsn_filter.h multi_server.o: ../../include/events.h multi_server.o: ../../include/htable.h multi_server.o: ../../include/iostuff.h @@ -341,7 +341,7 @@ single_server.o: ../../include/deliver_request.h single_server.o: ../../include/dict.h single_server.o: ../../include/dsn.h single_server.o: ../../include/dsn_buf.h -single_server.o: ../../include/ndr_filter.h +single_server.o: ../../include/dsn_filter.h single_server.o: ../../include/events.h single_server.o: ../../include/htable.h single_server.o: ../../include/iostuff.h @@ -382,7 +382,7 @@ trigger_server.o: ../../include/deliver_request.h trigger_server.o: ../../include/dict.h trigger_server.o: ../../include/dsn.h trigger_server.o: ../../include/dsn_buf.h -trigger_server.o: ../../include/ndr_filter.h +trigger_server.o: ../../include/dsn_filter.h trigger_server.o: ../../include/events.h trigger_server.o: ../../include/htable.h trigger_server.o: ../../include/iostuff.h diff --git a/postfix/src/master/event_server.c b/postfix/src/master/event_server.c index ad19ba277..876800db0 100644 --- a/postfix/src/master/event_server.c +++ b/postfix/src/master/event_server.c @@ -560,8 +560,8 @@ NORETURN event_server_main(int argc, char **argv, MULTI_SERVER_FN service,...) char *generation; int msg_vstream_needed = 0; int redo_syslog_init = 0; - const char *ndr_filter_title; - const char **ndr_filter_maps; + const char *dsn_filter_title; + const char **dsn_filter_maps; /* * Process environment options as early as we can. @@ -773,9 +773,9 @@ NORETURN event_server_main(int argc, char **argv, MULTI_SERVER_FN service,...) event_server_slow_exit = va_arg(ap, MAIL_SERVER_SLOW_EXIT_FN); break; case MAIL_SERVER_BOUNCE_INIT: - ndr_filter_title = va_arg(ap, const char *); - ndr_filter_maps = va_arg(ap, const char **); - bounce_client_init(ndr_filter_title, *ndr_filter_maps); + dsn_filter_title = va_arg(ap, const char *); + dsn_filter_maps = va_arg(ap, const char **); + bounce_client_init(dsn_filter_title, *dsn_filter_maps); break; default: msg_panic("%s: unknown argument type: %d", myname, key); diff --git a/postfix/src/master/multi_server.c b/postfix/src/master/multi_server.c index 20179207d..c4f9d82ce 100644 --- a/postfix/src/master/multi_server.c +++ b/postfix/src/master/multi_server.c @@ -556,8 +556,8 @@ NORETURN multi_server_main(int argc, char **argv, MULTI_SERVER_FN service,...) char *generation; int msg_vstream_needed = 0; int redo_syslog_init = 0; - const char *ndr_filter_title; - const char **ndr_filter_maps; + const char *dsn_filter_title; + const char **dsn_filter_maps; /* * Process environment options as early as we can. @@ -763,9 +763,9 @@ NORETURN multi_server_main(int argc, char **argv, MULTI_SERVER_FN service,...) service_name); break; case MAIL_SERVER_BOUNCE_INIT: - ndr_filter_title = va_arg(ap, const char *); - ndr_filter_maps = va_arg(ap, const char **); - bounce_client_init(ndr_filter_title, *ndr_filter_maps); + dsn_filter_title = va_arg(ap, const char *); + dsn_filter_maps = va_arg(ap, const char **); + bounce_client_init(dsn_filter_title, *dsn_filter_maps); break; default: msg_panic("%s: unknown argument type: %d", myname, key); diff --git a/postfix/src/master/single_server.c b/postfix/src/master/single_server.c index a5d068a60..8dc765004 100644 --- a/postfix/src/master/single_server.c +++ b/postfix/src/master/single_server.c @@ -434,8 +434,8 @@ NORETURN single_server_main(int argc, char **argv, SINGLE_SERVER_FN service,...) char *generation; int msg_vstream_needed = 0; int redo_syslog_init = 0; - const char *ndr_filter_title; - const char **ndr_filter_maps; + const char *dsn_filter_title; + const char **dsn_filter_maps; /* * Process environment options as early as we can. @@ -638,9 +638,9 @@ NORETURN single_server_main(int argc, char **argv, SINGLE_SERVER_FN service,...) service_name); break; case MAIL_SERVER_BOUNCE_INIT: - ndr_filter_title = va_arg(ap, const char *); - ndr_filter_maps = va_arg(ap, const char **); - bounce_client_init(ndr_filter_title, *ndr_filter_maps); + dsn_filter_title = va_arg(ap, const char *); + dsn_filter_maps = va_arg(ap, const char **); + bounce_client_init(dsn_filter_title, *dsn_filter_maps); break; default: msg_panic("%s: unknown argument type: %d", myname, key); diff --git a/postfix/src/master/trigger_server.c b/postfix/src/master/trigger_server.c index 05d3f2f9c..591c3543c 100644 --- a/postfix/src/master/trigger_server.c +++ b/postfix/src/master/trigger_server.c @@ -437,8 +437,8 @@ NORETURN trigger_server_main(int argc, char **argv, TRIGGER_SERVER_FN service,.. char *generation; int msg_vstream_needed = 0; int redo_syslog_init = 0; - const char *ndr_filter_title; - const char **ndr_filter_maps; + const char *dsn_filter_title; + const char **dsn_filter_maps; /* * Process environment options as early as we can. @@ -644,9 +644,9 @@ NORETURN trigger_server_main(int argc, char **argv, TRIGGER_SERVER_FN service,.. trigger_server_watchdog = *va_arg(ap, int *); break; case MAIL_SERVER_BOUNCE_INIT: - ndr_filter_title = va_arg(ap, const char *); - ndr_filter_maps = va_arg(ap, const char **); - bounce_client_init(ndr_filter_title, *ndr_filter_maps); + dsn_filter_title = va_arg(ap, const char *); + dsn_filter_maps = va_arg(ap, const char **); + bounce_client_init(dsn_filter_title, *dsn_filter_maps); break; default: msg_panic("%s: unknown argument type: %d", myname, key); diff --git a/postfix/src/pipe/pipe.c b/postfix/src/pipe/pipe.c index e7737a07f..4b6e96d14 100644 --- a/postfix/src/pipe/pipe.c +++ b/postfix/src/pipe/pipe.c @@ -404,9 +404,10 @@ /* records, so that "smtpd" becomes, for example, "postfix/smtpd". /* .PP /* Available in Postfix version 2.12 and later: -/* .IP "\fBpipe_bounce_defer_filter ($default_bounce_defer_filter)\fR" -/* Optional filter to change arbitrary hard delivery errors into -/* soft errors and vice versa in the \fBpipe\fR(8) delivery agent. +/* .IP "\fBpipe_delivery_status_filter ($default_delivery_status_filter)\fR" +/* Optional filter for the \fBpipe\fR(8) delivery agent to change the +/* delivery status code or explanatory text of successful or unsuccessful +/* deliveries. /* SEE ALSO /* qmgr(8), queue manager /* bounce(8), delivery status reports @@ -1329,7 +1330,7 @@ int main(int argc, char **argv) 0, }; static const CONFIG_STR_TABLE str_table[] = { - VAR_PIPE_NDR_FILTER, DEF_PIPE_NDR_FILTER, &var_pipe_ndr_filter, 0, 0, + VAR_PIPE_DSN_FILTER, DEF_PIPE_DSN_FILTER, &var_pipe_ndr_filter, 0, 0, 0, }; @@ -1344,7 +1345,7 @@ int main(int argc, char **argv) MAIL_SERVER_POST_INIT, drop_privileges, MAIL_SERVER_PRE_ACCEPT, pre_accept, MAIL_SERVER_PRIVILEGED, - MAIL_SERVER_BOUNCE_INIT, VAR_PIPE_NDR_FILTER, + MAIL_SERVER_BOUNCE_INIT, VAR_PIPE_DSN_FILTER, &var_pipe_ndr_filter, 0); } diff --git a/postfix/src/smtp/lmtp_params.c b/postfix/src/smtp/lmtp_params.c index cc17d9b08..250a2b34a 100644 --- a/postfix/src/smtp/lmtp_params.c +++ b/postfix/src/smtp/lmtp_params.c @@ -57,7 +57,7 @@ VAR_LMTP_RESP_FILTER, DEF_LMTP_RESP_FILTER, &var_smtp_resp_filter, 0, 0, VAR_LMTP_ADDR_PREF, DEF_LMTP_ADDR_PREF, &var_smtp_addr_pref, 1, 0, VAR_LMTP_DNS_RES_OPT, DEF_LMTP_DNS_RES_OPT, &var_smtp_dns_res_opt, 0, 0, - VAR_LMTP_NDR_FILTER, DEF_LMTP_NDR_FILTER, &var_smtp_ndr_filter, 0, 0, + VAR_LMTP_DSN_FILTER, DEF_LMTP_DSN_FILTER, &var_smtp_ndr_filter, 0, 0, 0, }; static const CONFIG_TIME_TABLE lmtp_time_table[] = { diff --git a/postfix/src/smtp/smtp.c b/postfix/src/smtp/smtp.c index 52456f624..41368636a 100644 --- a/postfix/src/smtp/smtp.c +++ b/postfix/src/smtp/smtp.c @@ -254,9 +254,10 @@ /* Level of DNS support in the Postfix SMTP client. /* .PP /* Available in Postfix version 2.12 and later: -/* .IP "\fBsmtp_bounce_defer_filter ($default_bounce_defer_filter)\fR" -/* Optional filter to change arbitrary hard delivery errors into -/* soft errors and vice versa in the \fBsmtp\fR(8) delivery agent. +/* .IP "\fBsmtp_delivery_status_filter ($default_delivery_status_filter)\fR" +/* Optional filter for the \fBsmtp\fR(8) delivery agent to change the +/* delivery status code or explanatory text of successful or unsuccessful +/* deliveries. /* MIME PROCESSING CONTROLS /* .ad /* .fi @@ -1277,7 +1278,7 @@ int main(int argc, char **argv) MAIL_SERVER_PRE_INIT, pre_init, MAIL_SERVER_POST_INIT, post_init, MAIL_SERVER_PRE_ACCEPT, pre_accept, - MAIL_SERVER_BOUNCE_INIT, VAR_SMTP_NDR_FILTER, + MAIL_SERVER_BOUNCE_INIT, VAR_SMTP_DSN_FILTER, &var_smtp_ndr_filter, 0); } diff --git a/postfix/src/smtp/smtp_params.c b/postfix/src/smtp/smtp_params.c index 616ca7ad8..aecac56bd 100644 --- a/postfix/src/smtp/smtp_params.c +++ b/postfix/src/smtp/smtp_params.c @@ -58,7 +58,7 @@ VAR_SMTP_RESP_FILTER, DEF_SMTP_RESP_FILTER, &var_smtp_resp_filter, 0, 0, VAR_SMTP_ADDR_PREF, DEF_SMTP_ADDR_PREF, &var_smtp_addr_pref, 1, 0, VAR_SMTP_DNS_RES_OPT, DEF_SMTP_DNS_RES_OPT, &var_smtp_dns_res_opt, 0, 0, - VAR_SMTP_NDR_FILTER, DEF_SMTP_NDR_FILTER, &var_smtp_ndr_filter, 0, 0, + VAR_SMTP_DSN_FILTER, DEF_SMTP_DSN_FILTER, &var_smtp_ndr_filter, 0, 0, 0, }; static const CONFIG_TIME_TABLE smtp_time_table[] = { diff --git a/postfix/src/virtual/virtual.c b/postfix/src/virtual/virtual.c index c66431d23..337a99d09 100644 --- a/postfix/src/virtual/virtual.c +++ b/postfix/src/virtual/virtual.c @@ -247,9 +247,10 @@ /* records, so that "smtpd" becomes, for example, "postfix/smtpd". /* .PP /* Available in Postfix version 2.12 and later: -/* .IP "\fBvirtual_bounce_defer_filter ($default_bounce_defer_filter)\fR" -/* Optional filter to change arbitrary hard delivery errors into -/* soft errors and vice versa in the \fBvirtual\fR(8) delivery agent. +/* .IP "\fBvirtual_delivery_status_filter ($default_delivery_status_filter)\fR" +/* Optional filter for the \fBvirtual\fR(8) delivery agent to change the +/* delivery status code or explanatory text of successful or unsuccessful +/* deliveries. /* SEE ALSO /* qmgr(8), queue manager /* bounce(8), delivery status reports @@ -516,7 +517,7 @@ int main(int argc, char **argv) VAR_VIRT_GID_MAPS, DEF_VIRT_GID_MAPS, &var_virt_gid_maps, 0, 0, VAR_VIRT_MAILBOX_BASE, DEF_VIRT_MAILBOX_BASE, &var_virt_mailbox_base, 1, 0, VAR_VIRT_MAILBOX_LOCK, DEF_VIRT_MAILBOX_LOCK, &var_virt_mailbox_lock, 1, 0, - VAR_VIRT_NDR_FILTER, DEF_VIRT_NDR_FILTER, &var_virt_ndr_filter, 0, 0, + VAR_VIRT_DSN_FILTER, DEF_VIRT_DSN_FILTER, &var_virt_ndr_filter, 0, 0, 0, }; static const CONFIG_BOOL_TABLE bool_table[] = { @@ -538,7 +539,7 @@ int main(int argc, char **argv) MAIL_SERVER_POST_INIT, post_init, MAIL_SERVER_PRE_ACCEPT, pre_accept, MAIL_SERVER_PRIVILEGED, - MAIL_SERVER_BOUNCE_INIT, VAR_VIRT_NDR_FILTER, + MAIL_SERVER_BOUNCE_INIT, VAR_VIRT_DSN_FILTER, &var_virt_ndr_filter, 0); }