diff --git a/postfix/HISTORY b/postfix/HISTORY index 6f4122a0d..e215dc4bc 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -8335,6 +8335,11 @@ Apologies for any names omitted. Feature: TCP lookup table support, finally finished. Files: proto/tcp_table, proto/dict_tcp.[hc]. +20030703 + + Non-prod: the SMTPD proxy client lost the reply to ".". + Amazing. + Open problems: Low: smtp-source may block when sending large test messages. diff --git a/postfix/README_FILES/ADDRESS_VERIFICATION_README b/postfix/README_FILES/ADDRESS_VERIFICATION_README index 049877598..01262944f 100644 --- a/postfix/README_FILES/ADDRESS_VERIFICATION_README +++ b/postfix/README_FILES/ADDRESS_VERIFICATION_README @@ -12,12 +12,16 @@ recipients, for example on mail relay hosts that do not have a copy of all the relayed recipient addresses. With address verification turned on, normal mail will suffer only -a short delay of up to 9 seconds while an address is verified for +a short delay of up to 6 seconds while an address is verified for the first time. Once an address status is known, the status is cached and Postfix replies immediately. When verification takes -longer than 9 seconds the Postfix SMTP server defers the sender or -recipient address with a 450 reply. Normal mail clients will connect -again after some delay. +too long the Postfix SMTP server defers the sender or recipient +address with a 450 reply. Normal mail clients will connect again +after some delay. + +The address verification delay is configurable with the main.cf +address_verify_poll_count and address_verify_poll_delay parameters. +See the sample-verify.cf file for details. Limitations =========== diff --git a/postfix/README_FILES/SMTPD_PROXY_README b/postfix/README_FILES/SMTPD_PROXY_README index 28e1e9eb5..78f1c0d8f 100644 --- a/postfix/README_FILES/SMTPD_PROXY_README +++ b/postfix/README_FILES/SMTPD_PROXY_README @@ -16,6 +16,12 @@ This feature is meant to be used as follows: Internet -> smtpd -> proxy -> smtpd -> cleanup -> queue Postfix Postfix Postfix Postfix +For reference, this is the normal path from network to mail queue: + + Internet -> smtpd -> cleanup -> queue + Postfix Postfix Postfix + + Limitations =========== @@ -72,7 +78,9 @@ process. /etc/postfix/master.cf smtp inet n - n - - smtpd -o smtpd_proxy_filter=26 - 26 inet n - n - - smtpd + :26 inet n - n - - smtpd + +The ":26" causes Postfix to listen on the localhost address only. The result is as follows: diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index 0221d767d..90434153d 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -22,7 +22,7 @@ snapshot release). Patches change the patchlevel and the release date. Snapshots change only the release date, unless they include the same bugfixes as a patch release. -Incompatible changes with Postfix snapshot 2.0.13-20030702 +Incompatible changes with Postfix snapshot 2.0.13-20030704 ========================================================== Support for client side LDAP caching is gone. OpenLDAP 2.1.13 and @@ -31,7 +31,7 @@ Postfix now ignores cache controlling parameters in an LDAP configuration file and logs a warning. Credits to Victor Duchovni and Lamont Jones. -Major changes with Postfix snapshot 2.0.13-20030702 +Major changes with Postfix snapshot 2.0.13-20030704 =================================================== The Postfix SMTP server can be configured to send all mail into a diff --git a/postfix/conf/access b/postfix/conf/access index baacf9c42..a09736f87 100644 --- a/postfix/conf/access +++ b/postfix/conf/access @@ -29,8 +29,10 @@ # # Alternatively, the table can be provided as a regular- # expression map where patterns are given as regular expres- -# sions. In that case, the lookups are done in a slightly -# different way as described below. +# sions, or lookups can be directed to TCP-based server. In +# that case, the lookups are done in a slightly different +# way as described below under "REGULAR EXPRESSION TABLES" +# and "TCP-BASED TABLES". # # TABLE FORMAT # The format of the access table is as follows: @@ -77,7 +79,7 @@ # specified with the smtpd_null_access_lookup_key parameter # in the Postfix main.cf file. # -# ADDRESS EXTENSION +# EMAIL ADDRESS EXTENSION # When a mail address localpart contains the optional recip- # ient delimiter (e.g., user+foo@domain), the lookup order # becomes: user+foo@domain, user@domain, domain, user+foo@, @@ -108,75 +110,76 @@ # A network address is a sequence of one or more # octets separated by ".". # -# NOTE: use the cidr lookup table type if you want to -# specify arbitrary network blocks. +# NOTE: use the cidr lookup table type if to specify +# network/netmask patterns. See cidr_table(5) for +# details. # # ACTIONS # [45]NN text -# Reject the address etc. that matches the pattern, +# Reject the address etc. that matches the pattern, # and respond with the numerical code and text. # # REJECT # # REJECT optional text... -# Reject the address etc. that matches the pattern. -# Reply with $reject_code optional text... when the -# optional text is specified, otherwise reply with a +# Reject the address etc. that matches the pattern. +# Reply with $reject_code optional text... when the +# optional text is specified, otherwise reply with a # generic error response message. # # OK Accept the address etc. that matches the pattern. # # all-numerical # An all-numerical result is treated as OK. This for- -# mat is generated by address-based relay authoriza- +# mat is generated by address-based relay authoriza- # tion schemes. # -# DUNNO Pretend that the lookup key was not found in this +# DUNNO Pretend that the lookup key was not found in this # table. This prevents Postfix from trying substrings -# of the lookup key (such as a subdomain name, or a +# of the lookup key (such as a subdomain name, or a # network address subnetwork). # # HOLD # # HOLD optional text... -# Place the message on the hold queue, where it will -# sit until someone either deletes it or releases it -# for delivery. Log the optional text if specified, +# Place the message on the hold queue, where it will +# sit until someone either deletes it or releases it +# for delivery. Log the optional text if specified, # otherwise log a generic message. # -# Mail that is placed on hold can be examined with -# the postcat(1) command, and can be destroyed or +# Mail that is placed on hold can be examined with +# the postcat(1) command, and can be destroyed or # released with the postsuper(1) command. # -# Note: this action currently affects all recipients +# Note: this action currently affects all recipients # of the message. # # DISCARD # # DISCARD optional text... -# Claim successful delivery and silently discard the -# message. Log the optional text if specified, oth- +# Claim successful delivery and silently discard the +# message. Log the optional text if specified, oth- # erwise log a generic message. # -# Note: this action currently affects all recipients +# Note: this action currently affects all recipients # of the message. # # FILTER transport:destination -# After the message is queued, send the entire mes- -# sage through a content filter. More information +# After the message is queued, send the entire mes- +# sage through a content filter. More information # about content filters is in the Postfix FIL- # TER_README file. # -# Note: this action overrides the main.cf con- +# Note: this action overrides the main.cf con- # tent_filter setting, and currently affects all # recipients of the message. # # REDIRECT user@domain -# After the message is queued, send the message to +# After the message is queued, send the message to # the specified address instead of the intended # recipient(s). # -# Note: this action overrides the FILTER action, and +# Note: this action overrides the FILTER action, and # currently affects all recipients of the message. # # restriction... @@ -184,28 +187,44 @@ # reject_unauth_destination, and so on). # # REGULAR EXPRESSION TABLES -# This section describes how the table lookups change when +# This section describes how the table lookups change when # the table is given in the form of regular expressions. For -# a description of regular expression lookup table syntax, +# a description of regular expression lookup table syntax, # see regexp_table(5) or pcre_table(5). # -# Each pattern is a regular expression that is applied to +# Each pattern is a regular expression that is applied to # the entire string being looked up. Depending on the appli- -# cation, that string is an entire client hostname, an +# cation, that string is an entire client hostname, an # entire client IP address, or an entire mail address. Thus, # no parent domain or parent network search is done, -# user@domain mail addresses are not broken up into their +# user@domain mail addresses are not broken up into their # user@ and domain constituent parts, nor is user+foo broken # up into user and foo. # -# Patterns are applied in the order as specified in the -# table, until a pattern is found that matches the search +# Patterns are applied in the order as specified in the +# table, until a pattern is found that matches the search # string. # -# Actions are the same as with indexed file lookups, with -# the additional feature that parenthesized substrings from +# Actions are the same as with indexed file lookups, with +# the additional feature that parenthesized substrings from # the pattern can be interpolated as $1, $2 and so on. # +# TCP-BASED TABLES +# This section describes how the table lookups change when +# lookups are directed to a TCP-based server. For a descrip- +# tion of the TCP client/server lookup protocol, see +# tcp_table(5). +# +# Each lookup operation uses the entire query string once. +# Depending on the application, that string is an entire +# client hostname, an entire client IP address, or an entire +# mail address. Thus, no parent domain or parent network +# search is done, user@domain mail addresses are not broken +# up into their user@ and domain constituent parts, nor is +# user+foo broken up into user and foo. +# +# Actions are the same as with indexed file lookups. +# # BUGS # The table format does not understand quoting conventions. # @@ -215,6 +234,7 @@ # cidr_table(5) format of CIDR tables # pcre_table(5) format of PCRE tables # regexp_table(5) format of POSIX regular expression tables +# tcp_table(5) TCP client/server table lookup protocol # # LICENSE # The Secure Mailer license must be distributed with this diff --git a/postfix/conf/canonical b/postfix/conf/canonical index e140b0927..1b5d58fbb 100644 --- a/postfix/conf/canonical +++ b/postfix/conf/canonical @@ -28,8 +28,10 @@ # # Alternatively, the table can be provided as a regular- # expression map where patterns are given as regular expres- -# sions. In that case, the lookups are done in a slightly -# different way as described below. +# sions, or lookups can be directed to TCP-based server. In +# that case, the lookups are done in a slightly different +# way as described below under "REGULAR EXPRESSION TABLES" +# and "TCP-BASED TABLES". # # The canonical mapping affects both message header # addresses (i.e. addresses that appear inside messages) and @@ -119,6 +121,19 @@ # the additional feature that parenthesized substrings from # the pattern can be interpolated as $1, $2 and so on. # +# TCP-BASED TABLES +# This section describes how the table lookups change when +# lookups are directed to a TCP-based server. For a descrip- +# tion of the TCP client/server lookup protocol, see +# tcp_table(5). +# +# Each lookup operation uses the entire address once. Thus, +# user@domain mail addresses are not broken up into their +# user and @domain constituent parts, nor is user+foo broken +# up into user and foo. +# +# Results are the same as with indexed file lookups. +# # BUGS # The table format does not understand quoting conventions. # @@ -176,6 +191,7 @@ # virtual(5) virtual domain mapping # pcre_table(5) format of PCRE tables # regexp_table(5) format of POSIX regular expression tables +# tcp_table(5) TCP client/server table lookup protocol # # LICENSE # The Secure Mailer license must be distributed with this diff --git a/postfix/conf/cidr_table b/postfix/conf/cidr_table index 76b27d484..b2bbbaa11 100644 --- a/postfix/conf/cidr_table +++ b/postfix/conf/cidr_table @@ -41,15 +41,16 @@ # line that starts with whitespace continues a logi- # cal line. # +# SEARCH ORDER # Patterns are applied in the order as specified in the # table, until a pattern is found that matches the search # string. # # EXAMPLE SMTPD ACCESS MAP # /etc/postfix/main.cf: -# smtpd_client_restrictions = ... cidr:/etc/postfix/client_cidr ... +# smtpd_client_restrictions = ... cidr:/etc/postfix/client.cidr ... # -# /etc/postfix/client_cidr: +# /etc/postfix/client.cidr: # # Rule order matters. Put more specific whitelist entries # # before more general blacklist entries. # 192.168.1.1 OK diff --git a/postfix/conf/pcre_table b/postfix/conf/pcre_table index 776bbdc34..b49af90a3 100644 --- a/postfix/conf/pcre_table +++ b/postfix/conf/pcre_table @@ -20,6 +20,7 @@ # To test lookup tables, use the postmap command as # described in the SYNOPSIS above. # +# TABLE FORMAT # The general form of a PCRE table is: # # /pattern/flags result @@ -118,6 +119,11 @@ # thus reserving these combinations for future expan- # sion. # +# SEARCH ORDER +# Patterns are applied in the order as specified in the +# table, until a pattern is found that matches the search +# string. +# # Each pattern is applied to the entire lookup key string. # Depending on the application, that string is an entire # client hostname, an entire client IP address, or an entire @@ -126,18 +132,16 @@ # broken up into their user and domain constituent parts, # nor is user+foo broken up into user and foo. # -# Patterns are applied in the order as specified in the -# table, until a pattern is found that matches the search -# string. -# +# TEXT SUBSTITUTION # Substitution of substrings from the matched expression # into the result string is possible using the conventional # perl syntax ($1, $2, etc.). The macros in the result # string may need to be written as ${n} or $(n) if they -# aren't followed by whitespace. Since negated patterns -# (those preceded by !) return a result when the expression -# does not match, substitutions are not available for -# negated patterns. +# aren't followed by whitespace. +# +# Note: since negated patterns (those preceded by !) return +# a result when the expression does not match, substitutions +# are not available for negated patterns. # # EXAMPLE SMTPD ACCESS MAP # # Protect your outgoing majordomo exploders diff --git a/postfix/conf/regexp_table b/postfix/conf/regexp_table index d3534b855..e70a2e1eb 100644 --- a/postfix/conf/regexp_table +++ b/postfix/conf/regexp_table @@ -20,6 +20,7 @@ # To test lookup tables, use the postmap command as # described in the SYNOPSIS above. # +# TABLE FORMAT # The general form of a Postfix regular expression table is: # # /pattern/flags result @@ -60,6 +61,11 @@ # and `m' (enable multi-line mode, that is, treat newline # characters as special). # +# TABLE SEARCH ORDER +# Patterns are applied in the order as specified in the +# table, until a pattern is found that matches the search +# string. +# # Each pattern is applied to the entire lookup key string. # Depending on the application, that string is an entire # client hostname, an entire client IP address, or an entire @@ -68,17 +74,15 @@ # broken up into their user and domain constituent parts, # nor is user+foo broken up into user and foo. # -# Patterns are applied in the order as specified in the -# table, until a pattern is found that matches the search -# string. -# +# TEXT SUBSTITUTION # Substitution of substrings from the matched expression # into the result string is possible using $1, $2, etc.. The # macros in the result string may need to be written as ${n} -# or $(n) if they aren't followed by whitespace. Since -# negated patterns (those preceded by !) return a result -# when the expression does not match, substitutions are not -# available for negated patterns. +# or $(n) if they aren't followed by whitespace. +# +# Note: since negated patterns (those preceded by !) return +# a result when the expression does not match, substitutions +# are not available for negated patterns. # # EXAMPLE SMTPD ACCESS MAP # # Disallow sender-specified routing. This is a must if you relay mail diff --git a/postfix/conf/relocated b/postfix/conf/relocated index 791dd50ce..24fe58497 100644 --- a/postfix/conf/relocated +++ b/postfix/conf/relocated @@ -24,8 +24,10 @@ # # Alternatively, the table can be provided as a regular- # expression map where patterns are given as regular expres- -# sions. In that case, the lookups are done in a slightly -# different way as described below. +# sions, or lookups can be directed to TCP-based server. In +# that case, the lookups are done in a slightly different +# way as described below under "REGULAR EXPRESSION TABLES" +# and "TCP-BASED TABLES". # # Table lookups are case insensitive. # @@ -70,31 +72,46 @@ # # REGULAR EXPRESSION TABLES # This section describes how the table lookups change when -# the table is given in the form of regular expressions. For -# a description of regular expression lookup table syntax, -# see regexp_table(5) or pcre_table(5). +# the table is given in the form of regular expressions or +# when lookups are directed to a TCP-based server. For a +# description of regular expression lookup table syntax, see +# regexp_table(5) or pcre_table(5). For a description of the +# TCP client/server table lookup protocol, see tcp_table(5). # -# Each pattern is a regular expression that is applied to +# Each pattern is a regular expression that is applied to # the entire address being looked up. Thus, user@domain mail -# addresses are not broken up into their user and @domain +# addresses are not broken up into their user and @domain # constituent parts, nor is user+foo broken up into user and # foo. # -# Patterns are applied in the order as specified in the -# table, until a pattern is found that matches the search +# Patterns are applied in the order as specified in the +# table, until a pattern is found that matches the search # string. # -# Results are the same as with indexed file lookups, with -# the additional feature that parenthesized substrings from +# Results are the same as with indexed file lookups, with +# the additional feature that parenthesized substrings from # the pattern can be interpolated as $1, $2 and so on. # +# TCP-BASED TABLES +# This section describes how the table lookups change when +# lookups are directed to a TCP-based server. For a descrip- +# tion of the TCP client/server lookup protocol, see +# tcp_table(5). +# +# Each lookup operation uses the entire address once. Thus, +# user@domain mail addresses are not broken up into their +# user and @domain constituent parts, nor is user+foo broken +# up into user and foo. +# +# Results are the same as with indexed file lookups. +# # BUGS -# The table format does not understand quoting conventions. +# The table format does not understand quoting conventions. # # CONFIGURATION PARAMETERS -# The following main.cf parameters are especially relevant -# to this topic. See the Postfix main.cf file for syntax -# details and for default values. Use the postfix reload +# The following main.cf parameters are especially relevant +# to this topic. See the Postfix main.cf file for syntax +# details and for default values. Use the postfix reload # command after a configuration change. # # relocated_maps @@ -103,12 +120,12 @@ # Other parameters of interest: # # inet_interfaces -# The network interface addresses that this system +# The network interface addresses that this system # receives mail on. You need to stop and start Post- # fix when this parameter changes. # # mydestination -# List of domains that this mail system considers +# List of domains that this mail system considers # local. # # myorigin @@ -118,9 +135,10 @@ # postmap(1) create lookup table # pcre_table(5) format of PCRE tables # regexp_table(5) format of POSIX regular expression tables +# tcp_table(5) TCP client/server table lookup protocol # # LICENSE -# The Secure Mailer license must be distributed with this +# The Secure Mailer license must be distributed with this # software. # # AUTHOR(S) diff --git a/postfix/conf/sample-verify.cf b/postfix/conf/sample-verify.cf index e645f078a..3bda0a772 100644 --- a/postfix/conf/sample-verify.cf +++ b/postfix/conf/sample-verify.cf @@ -24,18 +24,25 @@ address_verify_sender = postmaster # The address_verify_poll_count parameter specifies how many times # to query the address verification service for completion of an -# address verification request. Specify 0 to implement a simple form -# of greylisting, that is, always defer the first delivery request -# from an unknown sender address. +# address verification request. # -#address_verify_poll_count = 0 +# The default poll count is 3. +# +# Specify 1 to implement a crude form of greylisting, that is, always +# defer the first delivery request for a never seen before address. +# +#address_verify_poll_count = 1 address_verify_poll_count = 3 # The address_verify_poll_delay parameter specifies how long to wait # after querying the address verification service for completion of # an address verification request. # -address_verify_poll_delay = 3 +# The default polling delay is 3 seconds. +# +# Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). +# +address_verify_poll_delay = 3s # # CACHE CONTROL diff --git a/postfix/conf/tcp_table b/postfix/conf/tcp_table index db1b38503..60c4b4e7a 100644 --- a/postfix/conf/tcp_table +++ b/postfix/conf/tcp_table @@ -6,13 +6,13 @@ # SYNOPSIS # postmap -q "string" tcp:host:port # -# postmap -q - regexp:host:port $@ +cidr_table.5.html: ../proto/cidr_table + PATH=../mantools:$$PATH; \ + srctoman - $? | $(AWK) | nroff -man | uniq | man2html | postlink >$@ + canonical.5.html: ../proto/canonical PATH=../mantools:$$PATH; \ srctoman - $? | $(AWK) | nroff -man | uniq | man2html | postlink >$@ @@ -202,6 +207,10 @@ relocated.5.html: ../proto/relocated PATH=../mantools:$$PATH; \ srctoman - $? | $(AWK) | nroff -man | uniq | man2html | postlink >$@ +tcp_table.5.html: ../proto/tcp_table + PATH=../mantools:$$PATH; \ + srctoman - $? | $(AWK) | nroff -man | uniq | man2html | postlink >$@ + transport.5.html: ../proto/transport PATH=../mantools:$$PATH; \ srctoman - $? | $(AWK) | nroff -man | uniq | man2html | postlink >$@ diff --git a/postfix/html/access.5.html b/postfix/html/access.5.html index 2d57fef95..59ab85999 100644 --- a/postfix/html/access.5.html +++ b/postfix/html/access.5.html @@ -5,11 +5,11 @@ ACCESS(5) ACCESS(5) access - format of Postfix access table SYNOPSIS - postmap /etc/postfix/access + postmap /etc/postfix/access - postmap -q "string" /etc/postfix/access + postmap -q "string" /etc/postfix/access - postmap -q - /etc/postfix/access <inputfile + postmap -q - /etc/postfix/access <inputfile DESCRIPTION The optional access table directs the Postfix SMTP server @@ -21,7 +21,7 @@ ACCESS(5) ACCESS(5) that serves as input to the postmap(1) command. The result, an indexed file in dbm or db format, is used for fast searching by the mail system. Execute the command - postmap /etc/postfix/access in order to rebuild the + postmap /etc/postfix/access in order to rebuild the indexed file after changing the access table. When the table is provided via other means such as NIS, @@ -30,13 +30,15 @@ ACCESS(5) ACCESS(5) Alternatively, the table can be provided as a regular- expression map where patterns are given as regular expres- - sions. In that case, the lookups are done in a slightly - different way as described below. + sions, or lookups can be directed to TCP-based server. In + that case, the lookups are done in a slightly different + way as described below under "REGULAR EXPRESSION TABLES" + and "TCP-BASED TABLES". -TABLE FORMAT +TABLE FORMAT The format of the access table is as follows: - pattern action + pattern action When pattern matches a mail address, domain or host address, perform the corresponding action. @@ -50,7 +52,7 @@ ACCESS(5) ACCESS(5) line that starts with whitespace continues a logi- cal line. -EMAIL ADDRESS PATTERNS +EMAIL ADDRESS PATTERNS With lookups from indexed files such as DB or DBM, or from networked tables such as NIS, LDAP or SQL, the following lookup patterns are examined in the order as listed: @@ -78,13 +80,13 @@ ACCESS(5) ACCESS(5) specified with the smtpd_null_access_lookup_key parameter in the Postfix main.cf file. -ADDRESS EXTENSION +EMAIL ADDRESS EXTENSION When a mail address localpart contains the optional recip- ient delimiter (e.g., user+foo@domain), the lookup order becomes: user+foo@domain, user@domain, domain, user+foo@, and user@. -HOST NAME/ADDRESS PATTERNS +HOST NAME/ADDRESS PATTERNS With lookups from indexed files such as DB or DBM, or from networked tables such as NIS, LDAP or SQL, the following lookup patterns are examined in the order as listed: @@ -109,113 +111,131 @@ ACCESS(5) ACCESS(5) A network address is a sequence of one or more octets separated by ".". - NOTE: use the cidr lookup table type if you want to - specify arbitrary network blocks. + NOTE: use the cidr lookup table type if to specify + network/netmask patterns. See cidr_table(5) for + details. ACTIONS - [45]NN text - Reject the address etc. that matches the pattern, + [45]NN text + Reject the address etc. that matches the pattern, and respond with the numerical code and text. REJECT - REJECT optional text... - Reject the address etc. that matches the pattern. - Reply with $reject_code optional text... when the - optional text is specified, otherwise reply with a + REJECT optional text... + Reject the address etc. that matches the pattern. + Reply with $reject_code optional text... when the + optional text is specified, otherwise reply with a generic error response message. OK Accept the address etc. that matches the pattern. all-numerical An all-numerical result is treated as OK. This for- - mat is generated by address-based relay authoriza- + mat is generated by address-based relay authoriza- tion schemes. - DUNNO Pretend that the lookup key was not found in this + DUNNO Pretend that the lookup key was not found in this table. This prevents Postfix from trying substrings - of the lookup key (such as a subdomain name, or a + of the lookup key (such as a subdomain name, or a network address subnetwork). HOLD - HOLD optional text... - Place the message on the hold queue, where it will - sit until someone either deletes it or releases it - for delivery. Log the optional text if specified, + HOLD optional text... + Place the message on the hold queue, where it will + sit until someone either deletes it or releases it + for delivery. Log the optional text if specified, otherwise log a generic message. - Mail that is placed on hold can be examined with - the postcat(1) command, and can be destroyed or + Mail that is placed on hold can be examined with + the postcat(1) command, and can be destroyed or released with the postsuper(1) command. - Note: this action currently affects all recipients - of the message. - - DISCARD - - DISCARD optional text... - Claim successful delivery and silently discard the - message. Log the optional text if specified, oth- - erwise log a generic message. - Note: this action currently affects all recipients of the message. + DISCARD + + DISCARD optional text... + Claim successful delivery and silently discard the + message. Log the optional text if specified, oth- + erwise log a generic message. + + Note: this action currently affects all recipients + of the message. + FILTER transport:destination - After the message is queued, send the entire mes- - sage through a content filter. More information + After the message is queued, send the entire mes- + sage through a content filter. More information about content filters is in the Postfix FIL- TER_README file. - Note: this action overrides the main.cf con- + Note: this action overrides the main.cf con- tent_filter setting, and currently affects all recipients of the message. REDIRECT user@domain - After the message is queued, send the message to + After the message is queued, send the message to the specified address instead of the intended recipient(s). - Note: this action overrides the FILTER action, and + Note: this action overrides the FILTER action, and currently affects all recipients of the message. restriction... Apply the named UCE restriction(s) (permit, reject, reject_unauth_destination, and so on). -REGULAR EXPRESSION TABLES - This section describes how the table lookups change when +REGULAR EXPRESSION TABLES + This section describes how the table lookups change when the table is given in the form of regular expressions. For - a description of regular expression lookup table syntax, + a description of regular expression lookup table syntax, see regexp_table(5) or pcre_table(5). - Each pattern is a regular expression that is applied to + Each pattern is a regular expression that is applied to the entire string being looked up. Depending on the appli- - cation, that string is an entire client hostname, an + cation, that string is an entire client hostname, an entire client IP address, or an entire mail address. Thus, no parent domain or parent network search is done, - user@domain mail addresses are not broken up into their + user@domain mail addresses are not broken up into their user@ and domain constituent parts, nor is user+foo broken up into user and foo. - Patterns are applied in the order as specified in the - table, until a pattern is found that matches the search + Patterns are applied in the order as specified in the + table, until a pattern is found that matches the search string. - Actions are the same as with indexed file lookups, with - the additional feature that parenthesized substrings from + Actions are the same as with indexed file lookups, with + the additional feature that parenthesized substrings from the pattern can be interpolated as $1, $2 and so on. +TCP-BASED TABLES + This section describes how the table lookups change when + lookups are directed to a TCP-based server. For a descrip- + tion of the TCP client/server lookup protocol, see + tcp_table(5). + + Each lookup operation uses the entire query string once. + Depending on the application, that string is an entire + client hostname, an entire client IP address, or an entire + mail address. Thus, no parent domain or parent network + search is done, user@domain mail addresses are not broken + up into their user@ and domain constituent parts, nor is + user+foo broken up into user and foo. + + Actions are the same as with indexed file lookups. + BUGS The table format does not understand quoting conventions. -SEE ALSO +SEE ALSO postmap(1) create lookup table smtpd(8) smtp server - cidr_table(5) format of CIDR tables + cidr_table(5) format of CIDR tables pcre_table(5) format of PCRE tables regexp_table(5) format of POSIX regular expression tables + tcp_table(5) TCP client/server table lookup protocol LICENSE The Secure Mailer license must be distributed with this diff --git a/postfix/html/canonical.5.html b/postfix/html/canonical.5.html index 641f732fa..b37810ef9 100644 --- a/postfix/html/canonical.5.html +++ b/postfix/html/canonical.5.html @@ -5,11 +5,11 @@ CANONICAL(5) CANONICAL(5) canonical - format of Postfix canonical table SYNOPSIS - postmap /etc/postfix/canonical + postmap /etc/postfix/canonical - postmap -q "string" /etc/postfix/canonical + postmap -q "string" /etc/postfix/canonical - postmap -q - /etc/postfix/canonical <inputfile + postmap -q - /etc/postfix/canonical <inputfile DESCRIPTION The optional canonical table specifies an address mapping @@ -20,7 +20,7 @@ CANONICAL(5) CANONICAL(5) that serves as input to the postmap(1) command. The result, an indexed file in dbm or db format, is used for fast searching by the mail system. Execute the command - postmap /etc/postfix/canonical in order to rebuild the + postmap /etc/postfix/canonical in order to rebuild the indexed file after changing the text file. When the table is provided via other means such as NIS, @@ -29,8 +29,10 @@ CANONICAL(5) CANONICAL(5) Alternatively, the table can be provided as a regular- expression map where patterns are given as regular expres- - sions. In that case, the lookups are done in a slightly - different way as described below. + sions, or lookups can be directed to TCP-based server. In + that case, the lookups are done in a slightly different + way as described below under "REGULAR EXPRESSION TABLES" + and "TCP-BASED TABLES". The canonical mapping affects both message header addresses (i.e. addresses that appear inside messages) and @@ -48,10 +50,10 @@ CANONICAL(5) CANONICAL(5) The canonical mapping is not to be confused with local aliasing. Use the aliases(5) map for that purpose. -TABLE FORMAT +TABLE FORMAT The format of the canonical table is as follows: - pattern result + pattern result When pattern matches a mail address, replace it by the corresponding result. @@ -69,7 +71,7 @@ CANONICAL(5) CANONICAL(5) networked tables such as NIS, LDAP or SQL, patterns are tried in the order as listed below: - user@domain address + user@domain address user@domain is replaced by address. This form has the highest precedence. @@ -78,7 +80,7 @@ CANONICAL(5) CANONICAL(5) duce Firstname.Lastname style addresses, but see below for a simpler solution. - user address + user address user@site is replaced by address when site is equal to $myorigin, when site is listed in $mydestina- tion, or when it is listed in $inet_interfaces. @@ -86,21 +88,21 @@ CANONICAL(5) CANONICAL(5) This form is useful for replacing login names by Firstname.Lastname. - @domain address + @domain address Every address in domain is replaced by address. This form has the lowest precedence. In all the above forms, when address has the form @other- domain, the result is the same user in otherdomain. -ADDRESS EXTENSION +ADDRESS EXTENSION When a mail address localpart contains the optional recip- ient delimiter (e.g., user+foo@domain), the lookup order becomes: user+foo@domain, user@domain, user+foo, user, and @domain. An unmatched address extension (+foo) is propa- gated to the result of table lookup. -REGULAR EXPRESSION TABLES +REGULAR EXPRESSION TABLES This section describes how the table lookups change when the table is given in the form of regular expressions. For a description of regular expression lookup table syntax, @@ -120,13 +122,26 @@ CANONICAL(5) CANONICAL(5) the additional feature that parenthesized substrings from the pattern can be interpolated as $1, $2 and so on. +TCP-BASED TABLES + This section describes how the table lookups change when + lookups are directed to a TCP-based server. For a descrip- + tion of the TCP client/server lookup protocol, see + tcp_table(5). + + Each lookup operation uses the entire address once. Thus, + user@domain mail addresses are not broken up into their + user and @domain constituent parts, nor is user+foo broken + up into user and foo. + + Results are the same as with indexed file lookups. + BUGS The table format does not understand quoting conventions. -CONFIGURATION PARAMETERS +CONFIGURATION PARAMETERS The following main.cf parameters are especially relevant to this topic. See the Postfix main.cf file for syntax - details and for default values. Use the postfix reload + details and for default values. Use the postfix reload command after a configuration change. canonical_maps @@ -171,12 +186,13 @@ CANONICAL(5) CANONICAL(5) Give special treatment to owner-xxx and xxx-request addresses. -SEE ALSO +SEE ALSO cleanup(8) canonicalize and enqueue mail postmap(1) create mapping table virtual(5) virtual domain mapping pcre_table(5) format of PCRE tables regexp_table(5) format of POSIX regular expression tables + tcp_table(5) TCP client/server table lookup protocol LICENSE The Secure Mailer license must be distributed with this diff --git a/postfix/html/cidr_table.5.html b/postfix/html/cidr_table.5.html new file mode 100644 index 000000000..c7cd67312 --- /dev/null +++ b/postfix/html/cidr_table.5.html @@ -0,0 +1,80 @@ + 
+CIDR_TABLE(5)                                       CIDR_TABLE(5)
+
+NAME
+       cidr_table - format of Postfix CIDR tables
+
+SYNOPSIS
+       postmap -q "string" cidr:/etc/postfix/filename
+
+       postmap -q - cidr:/etc/postfix/filename <inputfile
+
+DESCRIPTION
+       The  Postfix  mail  system  uses  optional  access control
+       tables.  These tables are usually in  dbm  or  db  format.
+       Alternatively,  access  control tables can be specified in
+       CIDR form.
+
+       To find out what types of lookup tables your Postfix  sys-
+       tem supports use the postconf -m command.
+
+       To   test  lookup  tables,  use  the  postmap  command  as
+       described in the SYNOPSIS above.
+
+TABLE FORMAT
+       The general form of a Postfix CIDR table is:
+
+       network_address/network_mask     result
+              When a search string matches the specified  network
+              block, use the corresponding result value.
+
+       network_address     result
+              When  a search string matches the specified network
+              address, use the corresponding result value.
+
+       blank lines and comments
+              Empty lines and whitespace-only lines are  ignored,
+              as  are  lines whose first non-whitespace character
+              is a `#'.
+
+       multi-line text
+              A logical line starts with non-whitespace  text.  A
+              line  that starts with whitespace continues a logi-
+              cal line.
+
+SEARCH ORDER
+       Patterns are applied in the  order  as  specified  in  the
+       table,  until  a  pattern is found that matches the search
+       string.
+
+EXAMPLE SMTPD ACCESS MAP
+       /etc/postfix/main.cf:
+           smtpd_client_restrictions = ... cidr:/etc/postfix/client.cidr ...
+
+       /etc/postfix/client.cidr:
+           # Rule order matters. Put more specific whitelist entries
+           # before more general blacklist entries.
+           192.168.1.1             OK
+           192.168.0.0/16          REJECT
+
+SEE ALSO
+       regexp_table(5) format of regular expression tables
+       pcre_table(5) format of PCRE tables
+       tcp_table(5) TCP client/server table lookup protocol
+
+AUTHOR(S)
+       The CIDR table lookup code was originally written by:
+       Jozsef Kadlecsik
+       kadlec@blackhole.kfki.hu
+       KFKI Research Institute for Particle and Nuclear Physics
+       POB. 49
+       1525 Budapest, Hungary
+
+       Adopted and adapted by:
+       Wietse Venema
+       IBM T.J. Watson Research
+       P.O. Box 704
+       Yorktown Heights, NY 10598, USA
+
+                                                    CIDR_TABLE(5)
+
diff --git a/postfix/html/cleanup.8.html b/postfix/html/cleanup.8.html index 50266a5a4..ca73d0c6f 100644 --- a/postfix/html/cleanup.8.html +++ b/postfix/html/cleanup.8.html @@ -63,15 +63,15 @@ CLEANUP(8) CLEANUP(8) BUGS Table-driven rewriting rules make it hard to express if - then else and other logical relationships. + then else and other logical relationships. -CONFIGURATION PARAMETERS +CONFIGURATION PARAMETERS The following main.cf parameters are especially relevant to this program. See the Postfix main.cf file for syntax - details and for default values. Use the postfix reload + details and for default values. Use the postfix reload command after a configuration change. -Content filtering +Content filtering body_checks Lookup tables with content filters for message body lines. These filters see physical lines one at a @@ -94,7 +94,7 @@ CLEANUP(8) CLEANUP(8) sages. These filters see logical headers one at a time, including headers that span multiple lines. -MIME Processing +MIME Processing disable_mime_input_processing While receiving, give no special treatment to Con- tent-Type: message headers; all text after the ini- @@ -153,6 +153,14 @@ CLEANUP(8) CLEANUP(8) recipient address. The BCC address is added when the message enters the system. + enable_original_recipient + Enable support for the X-Original-To: message + header, which is needed for multi-recipient mail- + boxes. When this is enabled, Postfix performs + duplicate elimination on (original recipient, + rewritten recipient) pairs, instead of looking at + the rewritten recipient only. + hopcount_limit Limit the number of Received: message headers. @@ -161,24 +169,16 @@ CLEANUP(8) CLEANUP(8) were specified in (Resent-)To: or (Resent-)Cc: mes- sage headers. -Address transformations +Address transformations empty_address_recipient - The destination for undeliverable mail from <>. - This substitution is done before all other address + The destination for undeliverable mail from <>. + This substitution is done before all other address rewriting. canonical_maps Address mapping lookup table for sender and recipi- ent addresses in envelopes and headers. - enable_original_recipient - Enable support for the X-Original-To message - header, which is needed for multi-recipient mail- - boxes. When this is enabled, Postfix performs - duplicate elimination on (original recipient, - rewritten recipient) pairs, instead of looking at - the rewritten recipient only. - recipient_canonical_maps Address mapping lookup table for envelope and header recipient addresses. @@ -204,7 +204,7 @@ CLEANUP(8) CLEANUP(8) Address mapping lookup table for envelope recipient addresses. -Resource controls +Resource controls duplicate_filter_limit Limits the number of envelope recipients that are remembered. @@ -231,7 +231,7 @@ CLEANUP(8) CLEANUP(8) Limit the recursion depth of virtual alias expan- sion. -SEE ALSO +SEE ALSO canonical(5) canonical address lookup table format qmgr(8) queue manager daemon syslogd(8) system logging diff --git a/postfix/html/pcre_table.5.html b/postfix/html/pcre_table.5.html index 629ab56e5..c4deb2007 100644 --- a/postfix/html/pcre_table.5.html +++ b/postfix/html/pcre_table.5.html @@ -5,9 +5,9 @@ PCRE_TABLE(5) PCRE_TABLE(5) pcre_table - format of Postfix PCRE tables SYNOPSIS - postmap -q "string" pcre:/etc/postfix/filename + postmap -q "string" pcre:/etc/postfix/filename - postmap -q - pcre:/etc/postfix/filename <inputfile + postmap -q - pcre:/etc/postfix/filename <inputfile DESCRIPTION The Postfix mail system uses optional tables for address @@ -16,16 +16,17 @@ PCRE_TABLE(5) PCRE_TABLE(5) fied in Perl Compatible Regular Expression form. To find out what types of lookup tables your Postfix sys- - tem supports use the postconf -m command. + tem supports use the postconf -m command. To test lookup tables, use the postmap command as described in the SYNOPSIS above. +TABLE FORMAT The general form of a PCRE table is: - /pattern/flags result + /pattern/flags result - !/pattern/flags result + !/pattern/flags result When pattern matches (does not match) a search string, use the corresponding result value. @@ -39,9 +40,9 @@ PCRE_TABLE(5) PCRE_TABLE(5) line that starts with whitespace continues a logi- cal line. - if /pattern/flags + if /pattern/flags - if !/pattern/flags + if !/pattern/flags endif Examine the lines between if..endif only if pattern matches (does not match). The if..endif can nest. @@ -119,6 +120,11 @@ PCRE_TABLE(5) PCRE_TABLE(5) thus reserving these combinations for future expan- sion. +SEARCH ORDER + Patterns are applied in the order as specified in the + table, until a pattern is found that matches the search + string. + Each pattern is applied to the entire lookup key string. Depending on the application, that string is an entire client hostname, an entire client IP address, or an entire @@ -127,20 +133,18 @@ PCRE_TABLE(5) PCRE_TABLE(5) broken up into their user and domain constituent parts, nor is user+foo broken up into user and foo. - Patterns are applied in the order as specified in the - table, until a pattern is found that matches the search - string. - +TEXT SUBSTITUTION Substitution of substrings from the matched expression into the result string is possible using the conventional perl syntax ($1, $2, etc.). The macros in the result string may need to be written as ${n} or $(n) if they - aren't followed by whitespace. Since negated patterns - (those preceded by !) return a result when the expression - does not match, substitutions are not available for - negated patterns. + aren't followed by whitespace. -EXAMPLE SMTPD ACCESS MAP + Note: since negated patterns (those preceded by !) return + a result when the expression does not match, substitutions + are not available for negated patterns. + +EXAMPLE SMTPD ACCESS MAP # Protect your outgoing majordomo exploders /^(?!owner-)(.*)-outgoing@(.*)/ 550 Use ${1}@${2} instead @@ -154,21 +158,21 @@ PCRE_TABLE(5) PCRE_TABLE(5) 550 This user is a funny one. You really don't want to send mail to them as it only makes their head spin. -EXAMPLE HEADER FILTER MAP +EXAMPLE HEADER FILTER MAP /^Subject: make money fast/ REJECT /^To: friend@public\.com/ REJECT -EXAMPLE BODY FILTER MAP +EXAMPLE BODY FILTER MAP # First skip over base 64 encoded text to save CPU cycles. # Requires PCRE version 3. ~^[[:alnum:]+/]{60,}$~ OK # Put your own body patterns here. -SEE ALSO +SEE ALSO regexp_table(5) format of POSIX regular expression tables - cidr_table(5) format of CIDR tables - tcp_table(5) TCP client/server table lookup protocol + cidr_table(5) format of CIDR tables + tcp_table(5) TCP client/server table lookup protocol AUTHOR(S) The PCRE table lookup code was originally written by: diff --git a/postfix/html/regexp_table.5.html b/postfix/html/regexp_table.5.html index 60e8097ea..3e683f9ae 100644 --- a/postfix/html/regexp_table.5.html +++ b/postfix/html/regexp_table.5.html @@ -5,9 +5,9 @@ REGEXP_TABLE(5) REGEXP_TABLE(5) regexp_table - format of Postfix regular expression tables SYNOPSIS - postmap -q "string" regexp:/etc/postfix/filename + postmap -q "string" regexp:/etc/postfix/filename - postmap -q - regexp:/etc/postfix/filename <inputfile + postmap -q - regexp:/etc/postfix/filename <inputfile DESCRIPTION The Postfix mail system uses optional tables for address @@ -16,16 +16,17 @@ REGEXP_TABLE(5) REGEXP_TABLE(5) fied in POSIX regular expression form. To find out what types of lookup tables your Postfix sys- - tem supports use the postconf -m command. + tem supports use the postconf -m command. To test lookup tables, use the postmap command as described in the SYNOPSIS above. +TABLE FORMAT The general form of a Postfix regular expression table is: - /pattern/flags result + /pattern/flags result - !/pattern/flags result + !/pattern/flags result When pattern matches (does not match) a search string, use the corresponding result value. @@ -39,9 +40,9 @@ REGEXP_TABLE(5) REGEXP_TABLE(5) line that starts with whitespace continues a logi- cal line. - if /pattern/flags + if /pattern/flags - if !/pattern/flags + if !/pattern/flags endif Examine the lines between if..endif only if pattern matches (does not match). The if..endif can nest. @@ -61,6 +62,11 @@ REGEXP_TABLE(5) REGEXP_TABLE(5) and `m' (enable multi-line mode, that is, treat newline characters as special). +TABLE SEARCH ORDER + Patterns are applied in the order as specified in the + table, until a pattern is found that matches the search + string. + Each pattern is applied to the entire lookup key string. Depending on the application, that string is an entire client hostname, an entire client IP address, or an entire @@ -69,19 +75,17 @@ REGEXP_TABLE(5) REGEXP_TABLE(5) broken up into their user and domain constituent parts, nor is user+foo broken up into user and foo. - Patterns are applied in the order as specified in the - table, until a pattern is found that matches the search - string. - +TEXT SUBSTITUTION Substitution of substrings from the matched expression into the result string is possible using $1, $2, etc.. The macros in the result string may need to be written as ${n} - or $(n) if they aren't followed by whitespace. Since - negated patterns (those preceded by !) return a result - when the expression does not match, substitutions are not - available for negated patterns. + or $(n) if they aren't followed by whitespace. -EXAMPLE SMTPD ACCESS MAP + Note: since negated patterns (those preceded by !) return + a result when the expression does not match, substitutions + are not available for negated patterns. + +EXAMPLE SMTPD ACCESS MAP # Disallow sender-specified routing. This is a must if you relay mail # for other domains. /[%!@].*[%!@]/ 550 Sender-specified routing rejected @@ -95,21 +99,21 @@ REGEXP_TABLE(5) REGEXP_TABLE(5) /^(.*)-outgoing@(.*)$/ 550 Use ${1}@${2} instead endif -EXAMPLE HEADER FILTER MAP +EXAMPLE HEADER FILTER MAP # These were once common in junk mail. /^Subject: make money fast/ REJECT /^To: friend@public\.com/ REJECT -EXAMPLE BODY FILTER MAP +EXAMPLE BODY FILTER MAP # First skip over base 64 encoded text to save CPU cycles. ~^[[:alnum:]+/]{60,}$~ OK # Put your own body patterns here. -SEE ALSO +SEE ALSO pcre_table(5) format of PCRE tables - cidr_table(5) format of CIDR tables - tcp_table(5) TCP client/server table lookup protocol + cidr_table(5) format of CIDR tables + tcp_table(5) TCP client/server table lookup protocol AUTHOR(S) The regexp table lookup code was originally written by: diff --git a/postfix/html/relocated.5.html b/postfix/html/relocated.5.html index f76aa9f4f..381871aac 100644 --- a/postfix/html/relocated.5.html +++ b/postfix/html/relocated.5.html @@ -5,7 +5,7 @@ RELOCATED(5) RELOCATED(5) relocated - format of Postfix relocated table SYNOPSIS - postmap /etc/postfix/relocated + postmap /etc/postfix/relocated DESCRIPTION The optional relocated table provides the information that @@ -16,7 +16,7 @@ RELOCATED(5) RELOCATED(5) that serves as input to the postmap(1) command. The result, an indexed file in dbm or db format, is used for fast searching by the mail system. Execute the command - postmap /etc/postfix/relocated in order to rebuild the + postmap /etc/postfix/relocated in order to rebuild the indexed file after changing the relocated table. When the table is provided via other means such as NIS, @@ -25,16 +25,18 @@ RELOCATED(5) RELOCATED(5) Alternatively, the table can be provided as a regular- expression map where patterns are given as regular expres- - sions. In that case, the lookups are done in a slightly - different way as described below. + sions, or lookups can be directed to TCP-based server. In + that case, the lookups are done in a slightly different + way as described below under "REGULAR EXPRESSION TABLES" + and "TCP-BASED TABLES". Table lookups are case insensitive. -TABLE FORMAT +TABLE FORMAT The format of the table is as follows: o An entry has one of the following form: - key new_location + key new_location Where new_location specifies contact information such as an email address, or perhaps a street address or telephone number. @@ -63,39 +65,54 @@ RELOCATED(5) RELOCATED(5) Matches every address in domain. This form has the lowest precedence. -ADDRESS EXTENSION +ADDRESS EXTENSION When a mail address localpart contains the optional recip- ient delimiter (e.g., user+foo@domain), the lookup order becomes: user+foo@domain, user@domain, user+foo, user, and @domain. -REGULAR EXPRESSION TABLES +REGULAR EXPRESSION TABLES This section describes how the table lookups change when - the table is given in the form of regular expressions. For - a description of regular expression lookup table syntax, - see regexp_table(5) or pcre_table(5). + the table is given in the form of regular expressions or + when lookups are directed to a TCP-based server. For a + description of regular expression lookup table syntax, see + regexp_table(5) or pcre_table(5). For a description of the + TCP client/server table lookup protocol, see tcp_table(5). - Each pattern is a regular expression that is applied to + Each pattern is a regular expression that is applied to the entire address being looked up. Thus, user@domain mail - addresses are not broken up into their user and @domain + addresses are not broken up into their user and @domain constituent parts, nor is user+foo broken up into user and foo. - Patterns are applied in the order as specified in the - table, until a pattern is found that matches the search + Patterns are applied in the order as specified in the + table, until a pattern is found that matches the search string. - Results are the same as with indexed file lookups, with - the additional feature that parenthesized substrings from + Results are the same as with indexed file lookups, with + the additional feature that parenthesized substrings from the pattern can be interpolated as $1, $2 and so on. -BUGS - The table format does not understand quoting conventions. +TCP-BASED TABLES + This section describes how the table lookups change when + lookups are directed to a TCP-based server. For a descrip- + tion of the TCP client/server lookup protocol, see + tcp_table(5). -CONFIGURATION PARAMETERS - The following main.cf parameters are especially relevant - to this topic. See the Postfix main.cf file for syntax - details and for default values. Use the postfix reload + Each lookup operation uses the entire address once. Thus, + user@domain mail addresses are not broken up into their + user and @domain constituent parts, nor is user+foo broken + up into user and foo. + + Results are the same as with indexed file lookups. + +BUGS + The table format does not understand quoting conventions. + +CONFIGURATION PARAMETERS + The following main.cf parameters are especially relevant + to this topic. See the Postfix main.cf file for syntax + details and for default values. Use the postfix reload command after a configuration change. relocated_maps @@ -104,24 +121,25 @@ RELOCATED(5) RELOCATED(5) Other parameters of interest: inet_interfaces - The network interface addresses that this system + The network interface addresses that this system receives mail on. You need to stop and start Post- fix when this parameter changes. mydestination - List of domains that this mail system considers + List of domains that this mail system considers local. myorigin The domain that is appended to locally-posted mail. -SEE ALSO +SEE ALSO postmap(1) create lookup table pcre_table(5) format of PCRE tables regexp_table(5) format of POSIX regular expression tables + tcp_table(5) TCP client/server table lookup protocol LICENSE - The Secure Mailer license must be distributed with this + The Secure Mailer license must be distributed with this software. AUTHOR(S) diff --git a/postfix/html/smtpd.8.html b/postfix/html/smtpd.8.html index 9e98fba74..7eb550c03 100644 --- a/postfix/html/smtpd.8.html +++ b/postfix/html/smtpd.8.html @@ -22,8 +22,8 @@ SMTPD(8) SMTPD(8) system is not running. The SMTP server implements a variety of policies for con- - nection requests, and for parameters given to HELO, ETRN, - MAIL FROM, VRFY and RCPT TO commands. They are detailed + nection requests, and for parameters given to HELO, ETRN, + MAIL FROM, VRFY and RCPT TO commands. They are detailed below and in the main.cf configuration file. SECURITY @@ -49,13 +49,13 @@ SMTPD(8) SMTPD(8) the postmaster is notified of bounces, protocol problems, policy violations, and of other trouble. -CONFIGURATION PARAMETERS +CONFIGURATION PARAMETERS The following main.cf parameters are especially relevant to this program. See the Postfix main.cf file for syntax - details and for default values. Use the postfix reload + details and for default values. Use the postfix reload command after a configuration change. -Compatibility controls +Compatibility controls strict_rfc821_envelopes Disallow non-RFC 821 style addresses in SMTP com- mands. For example, the RFC822-style address forms @@ -72,7 +72,7 @@ SMTPD(8) SMTPD(8) checking and without any state change. This list overrides built-in command definitions. -Content inspection controls +Content inspection controls content_filter The name of a mail delivery transport that filters mail and that either bounces mail or re-injects the @@ -80,7 +80,7 @@ SMTPD(8) SMTPD(8) same syntax as the right-hand side of a Postfix transport table. -Authentication controls +Authentication controls enable_sasl_authentication Enable per-session authentication as per RFC 2554 (SASL). This functionality is available only when @@ -114,7 +114,7 @@ SMTPD(8) SMTPD(8) reject_sender_login_mismatch sender anti-spoofing restriction. -Pass-through proxy +Pass-through proxy Optionally, the Postfix SMTP server can be configured to forward all mail to a proxy server, for example a real- time content filter. This proxy server should support the @@ -199,7 +199,7 @@ SMTPD(8) SMTPD(8) The characters that Postfix accepts as VERP delim- iter characters. -Known versus unknown recipients +Known versus unknown recipients show_user_unknown_table_name Whether or not to reveal the table name in the "User unknown" responses. The extra detail makes @@ -231,7 +231,7 @@ SMTPD(8) SMTPD(8) while the recipient is not listed in $virtual_mail- box_maps. -Resource controls +Resource controls line_length_limit Limit the amount of memory in bytes used for the handling of partial input lines. @@ -270,7 +270,7 @@ SMTPD(8) SMTPD(8) SMTP session before it is penalized with tarpit delays. -UCE control restrictions +UCE control restrictions parent_domain_matches_subdomains List of Postfix features that use domain.tld pat- terns to match sub.domain.tld (as opposed to @@ -294,7 +294,7 @@ SMTPD(8) SMTPD(8) smtpd_recipient_restrictions Restrict what recipient addresses are allowed in - RCPT TO commands. + RCPT TO commands. smtpd_etrn_restrictions Restrict what domain names can be used in ETRN com- @@ -337,7 +337,7 @@ SMTPD(8) SMTPD(8) mail to. The domains are routed to the delivery agent specified with the relay_transport setting. -Sender/recipient address verification +Sender/recipient address verification Address verification is implemented by sending probe email messages that are not actually delivered, and is enabled via the reject_unverified_{sender,recipient} access @@ -347,49 +347,50 @@ SMTPD(8) SMTPD(8) address_verify_poll_count How many times to query the address verification service for completion of an address verification - request. Specify 0 to implement a simple form of - greylisting. + request. Specify 1 to implement a simple form of + greylisting, that is, always defer the request for + a new sender or recipient address. address_verify_poll_delay - Time to wait after querying the address verifica- + Time to wait after querying the address verifica- tion service for completion of an address verifica- tion request. -UCE control responses +UCE control responses access_map_reject_code - Response code when a client violates an access + Response code when a client violates an access database restriction. default_rbl_reply Default template reply when a request is RBL black- - listed. This template is used by the reject_rbl_* - and reject_rhsbl_* restrictions. See also: + listed. This template is used by the reject_rbl_* + and reject_rhsbl_* restrictions. See also: rbl_reply_maps and smtpd_expansion_filter. defer_code - Response code when a client request is rejected by + Response code when a client request is rejected by the defer restriction. invalid_hostname_reject_code - Response code when a client violates the + Response code when a client violates the reject_invalid_hostname restriction. maps_rbl_reject_code Response code when a request is RBL blacklisted. multi_recipient_bounce_reject_code - Response code when a multi-recipient bounce is + Response code when a multi-recipient bounce is blocked. rbl_reply_maps - Table with template responses for RBL blacklisted - requests, indexed by RBL domain name. These tem- + Table with template responses for RBL blacklisted + requests, indexed by RBL domain name. These tem- plates are used by the reject_rbl_* and - reject_rhsbl_* restrictions. See also: + reject_rhsbl_* restrictions. See also: default_rbl_reply and smtpd_expansion_filter. reject_code - Response code when the client matches a reject + Response code when the client matches a reject restriction. relay_domains_reject_code @@ -397,7 +398,7 @@ SMTPD(8) SMTPD(8) mail relay policy. unknown_address_reject_code - Response code when a client violates the + Response code when a client violates the reject_unknown_address restriction. unknown_client_reject_code @@ -406,18 +407,18 @@ SMTPD(8) SMTPD(8) tion. unknown_hostname_reject_code - Response code when a client violates the + Response code when a client violates the reject_unknown_hostname restriction. unverified_sender_reject_code - Response code when a sender address is known to be + Response code when a sender address is known to be undeliverable. unverified_recipient_reject_code - Response code when a recipient address is known to + Response code when a recipient address is known to be undeliverable. -SEE ALSO +SEE ALSO cleanup(8) message canonicalization master(8) process manager syslogd(8) system logging @@ -425,7 +426,7 @@ SMTPD(8) SMTPD(8) verify(8) address verification service LICENSE - The Secure Mailer license must be distributed with this + The Secure Mailer license must be distributed with this software. AUTHOR(S) diff --git a/postfix/html/tcp_table.5.html b/postfix/html/tcp_table.5.html new file mode 100644 index 000000000..7204cbcd6 --- /dev/null +++ b/postfix/html/tcp_table.5.html @@ -0,0 +1,100 @@ + 
+TCP_TABLE(5)                                         TCP_TABLE(5)
+
+NAME
+       tcp_table - Postfix client/server table lookup protocol
+
+SYNOPSIS
+       postmap -q "string" tcp:host:port
+
+       postmap -q - tcp:host:port <inputfile
+
+DESCRIPTION
+       The  Postfix  mail system uses optional tables for address
+       rewriting or mail routing. These tables are usually in dbm
+       or db format. Alternatively, table lookups can be directed
+       to a TCP server.
+
+       To find out what types of lookup tables your Postfix  sys-
+       tem supports use the postconf -m command.
+
+       To   test  lookup  tables,  use  the  postmap  command  as
+       described in the SYNOPSIS above.
+
+PROTOCOL DESCRIPTION
+       The TCP map class implements a very simple  protocol:  the
+       client  sends  a  request, and the server sends one reply.
+       Requests and replies are sent as one line of  ASCII  text,
+       terminated  by  the  ASCII  newline character. Request and
+       reply parameters (see below) are separated by  whitespace.
+
+REQUEST FORMAT
+       Each request specifies a command, a lookup key, and possi-
+       bly a lookup result.
+
+       get SPACE key NEWLINE
+              Look up data under the specified key.
+
+       put SPACE key SPACE value NEWLINE
+              This request is currently not implemented.
+
+REPLY FORMAT
+       Each reply specifies a status code and text. Replies  must
+       be  no  longer  than 4096 characters including the newline
+       terminator.
+
+       500 SPACE text NEWLINE
+              In case of a lookup  request,  the  requested  data
+              does  not exist.  In case of an update request, the
+              request  was  rejected.   The  text  describes  the
+              nature of the problem.
+
+       400 SPACE text NEWLINE
+              This   indicates   an  error  condition.  The  text
+              describes the nature of  the  problem.  The  client
+              should retry the request later.
+
+       200 SPACE text NEWLINE
+              The request was successful. In the case of a lookup
+              request, the text contains an  encoded  version  of
+              the requested data.
+
+ENCODING
+       In  request  and  reply  parameters, the character %, each
+       non-printing character, and each whitespace character must
+       be  replaced  by  %XX, where XX is the corresponding ASCII
+       hexadecimal character value. The hexadecimal codes can  be
+       specified in any case (upper, lower, mixed).
+
+       The  Postfix  client always encodes a request.  The server
+       may omit the encoding as long as the reply  is  guaranteed
+       to not contain the % or NEWLINE character.
+
+SECURITY
+       Do not use TCP lookup tables for security critical purposes.
+       The client-server connection is not protected and the server
+       is not authenticated.
+
+SEE ALSO
+       regexp_table(5) format of regular expression tables
+       pcre_table(5) format of PCRE tables
+       cidr_table(5) format of CIDR tables
+
+BUGS
+       Only the lookup method is currently implemented.
+
+       The  client  does  not hang up when the connection is idle
+       for a long time.
+
+LICENSE
+       The Secure Mailer license must be  distributed  with  this
+       software.
+
+AUTHOR(S)
+       Wietse Venema
+       IBM T.J. Watson Research
+       P.O. Box 704
+       Yorktown Heights, NY 10598, USA
+
+                                                     TCP_TABLE(5)
+
diff --git a/postfix/html/transport.5.html b/postfix/html/transport.5.html index 4d6185c8f..4cff48c1a 100644 --- a/postfix/html/transport.5.html +++ b/postfix/html/transport.5.html @@ -5,11 +5,11 @@ TRANSPORT(5) TRANSPORT(5) transport - format of Postfix transport table SYNOPSIS - postmap /etc/postfix/transport + postmap /etc/postfix/transport - postmap -q "string" /etc/postfix/transport + postmap -q "string" /etc/postfix/transport - postmap -q - /etc/postfix/transport <inputfile + postmap -q - /etc/postfix/transport <inputfile DESCRIPTION The optional transport table specifies a mapping from @@ -40,7 +40,7 @@ TRANSPORT(5) TRANSPORT(5) that serves as input to the postmap(1) command. The result, an indexed file in dbm or db format, is used for fast searching by the mail system. Execute the command - postmap /etc/postfix/transport in order to rebuild the + postmap /etc/postfix/transport in order to rebuild the indexed file after changing the transport table. When the table is provided via other means such as NIS, @@ -49,192 +49,208 @@ TRANSPORT(5) TRANSPORT(5) Alternatively, the table can be provided as a regular- expression map where patterns are given as regular expres- - sions. In that case, the lookups are done in a slightly - different way as described in section "REGULAR EXPRESSION - TABLES". + sions, or lookups can be directed to TCP-based server. In + that case, the lookups are done in a slightly different + way as described below under "REGULAR EXPRESSION TABLES" + and "TCP-BASED TABLES". -TABLE FORMAT +TABLE FORMAT The format of the transport table is as follows: - pattern result + pattern result When pattern matches the recipient address or domain, use the corresponding result. blank lines and comments - Empty lines and whitespace-only lines are ignored, - as are lines whose first non-whitespace character + Empty lines and whitespace-only lines are ignored, + as are lines whose first non-whitespace character is a `#'. multi-line text - A logical line starts with non-whitespace text. A - line that starts with whitespace continues a logi- + A logical line starts with non-whitespace text. A + line that starts with whitespace continues a logi- cal line. - The pattern specifies an email address, a domain name, or - a domain name hierarchy, as described in section "TABLE + The pattern specifies an email address, a domain name, or + a domain name hierarchy, as described in section "TABLE LOOKUP". - The result is of the form transport:nexthop. The trans- - port field specifies a mail delivery transport such as - smtp or local. The nexthop field specifies where and how + The result is of the form transport:nexthop. The trans- + port field specifies a mail delivery transport such as + smtp or local. The nexthop field specifies where and how to deliver mail. More details are given in section "RESULT FORMAT". -TABLE LOOKUP +TABLE LOOKUP With lookups from indexed files such as DB or DBM, or from - networked tables such as NIS, LDAP or SQL, patterns are + networked tables such as NIS, LDAP or SQL, patterns are tried in the order as listed below: - user+extension@domain transport:nexthop + user+extension@domain transport:nexthop Mail for user+extension@domain is delivered through transport to nexthop. - user@domain transport:nexthop + user@domain transport:nexthop Mail for user@domain is delivered through transport to nexthop. - domain transport:nexthop - Mail for domain is delivered through transport to + domain transport:nexthop + Mail for domain is delivered through transport to nexthop. - .domain transport:nexthop - Mail for any subdomain of domain is delivered - through transport to nexthop. This applies only + .domain transport:nexthop + Mail for any subdomain of domain is delivered + through transport to nexthop. This applies only when the string transport_maps is not listed in the parent_domain_matches_subdomains configuration set- - ting. Otherwise, a domain name matches itself and + ting. Otherwise, a domain name matches itself and its subdomains. Note 1: the special pattern * represents any address (i.e. it functions as the wild-card pattern). - Note 2: the null recipient address is looked up as + Note 2: the null recipient address is looked up as $empty_address_recipient@$myhostname (default: mailer-dae- mon@hostname). -RESULT FORMAT - The transport field specifies the name of a mail delivery +RESULT FORMAT + The transport field specifies the name of a mail delivery transport (the first name of a mail delivery service entry in the Postfix master.cf file). - The interpretation of the nexthop field is transport + The interpretation of the nexthop field is transport dependent. In the case of SMTP, specify host:service for a - non-default server port, and use [host] or [host]:port in - order to disable MX (mail exchanger) DNS lookups. The [] + non-default server port, and use [host] or [host]:port in + order to disable MX (mail exchanger) DNS lookups. The [] form is required when you specify an IP address instead of a hostname. - A null transport and null nexthop result means "do not - change": use the delivery transport and nexthop informa- - tion that would be used when the entire transport table + A null transport and null nexthop result means "do not + change": use the delivery transport and nexthop informa- + tion that would be used when the entire transport table did not exist. - A non-null transport field with a null nexthop field + A non-null transport field with a null nexthop field resets the nexthop information to the recipient domain. - A null transport field with non-null nexthop field does + A null transport field with non-null nexthop field does not modify the transport information. EXAMPLES - In order to deliver internal mail directly, while using a - mail relay for all other mail, specify a null entry for - internal destinations (do not change the delivery trans- - port or the nexthop information) and specify a wildcard + In order to deliver internal mail directly, while using a + mail relay for all other mail, specify a null entry for + internal destinations (do not change the delivery trans- + port or the nexthop information) and specify a wildcard for all other destinations. - my.domain : - .my.domain : - * smtp:outbound-relay.my.domain + my.domain : + .my.domain : + * smtp:outbound-relay.my.domain - In order to send mail for foo.org and its subdomains via + In order to send mail for foo.org and its subdomains via the uucp transport to the UUCP host named foo: - foo.org uucp:foo - .foo.org uucp:foo + foo.org uucp:foo + .foo.org uucp:foo - When no nexthop host name is specified, the destination - domain name is used instead. For example, the following - directs mail for user@foo.org via the slow transport to a - mail exchanger for foo.org. The slow transport could be - something that runs at most one delivery process at a + When no nexthop host name is specified, the destination + domain name is used instead. For example, the following + directs mail for user@foo.org via the slow transport to a + mail exchanger for foo.org. The slow transport could be + something that runs at most one delivery process at a time: - foo.org slow: + foo.org slow: When no transport is specified, Postfix uses the transport that matches the address domain class (see TRANSPORT FIELD - discussion above). The following sends all mail for + discussion above). The following sends all mail for foo.org and its subdomains to host gateway.foo.org: - foo.org :[gateway.foo.org] - .foo.org :[gateway.foo.org] + foo.org :[gateway.foo.org] + .foo.org :[gateway.foo.org] - In the above example, the [] are used to suppress MX - lookups. The result would likely point to your local + In the above example, the [] are used to suppress MX + lookups. The result would likely point to your local machine. - In the case of delivery via SMTP, one may specify host- + In the case of delivery via SMTP, one may specify host- name:service instead of just a host: - foo.org smtp:bar.org:2025 + foo.org smtp:bar.org:2025 - This directs mail for user@foo.org to host bar.org port - 2025. Instead of a numerical port a symbolic name may be - used. Specify [] around the hostname in order to disable + This directs mail for user@foo.org to host bar.org port + 2025. Instead of a numerical port a symbolic name may be + used. Specify [] around the hostname in order to disable MX lookups. The error mailer can be used to bounce mail: - .foo.org error:mail for *.foo.org is not deliv- + .foo.org error:mail for *.foo.org is not deliv- erable - This causes all mail for user@anything.foo.org to be + This causes all mail for user@anything.foo.org to be bounced. -REGULAR EXPRESSION TABLES - This section describes how the table lookups change when +REGULAR EXPRESSION TABLES + This section describes how the table lookups change when the table is given in the form of regular expressions. For - a description of regular expression lookup table syntax, + a description of regular expression lookup table syntax, see regexp_table(5) or pcre_table(5). - Each pattern is a regular expression that is applied to - the entire domain being looked up. Thus, some.domain.hier- - archy is not broken up into parent domains. + Each pattern is a regular expression that is applied to + the entire address being looked up. Thus, + some.domain.hierarchy is not looked up up via its parent + domains, nor is user+foo@domain looked up as user@domain. - Patterns are applied in the order as specified in the - table, until a pattern is found that matches the search + Patterns are applied in the order as specified in the + table, until a pattern is found that matches the search string. - Results are the same as with indexed file lookups, with - the additional feature that parenthesized substrings from + Results are the same as with indexed file lookups, with + the additional feature that parenthesized substrings from the pattern can be interpolated as $1, $2 and so on. -CONFIGURATION PARAMETERS - The following main.cf parameters are especially relevant - to this topic. See the Postfix main.cf file for syntax - details and for default values. Use the postfix reload +TCP-BASED TABLES + This section describes how the table lookups change when + lookups are directed to a TCP-based server. For a descrip- + tion of the TCP client/server lookup protocol, see + tcp_table(5). + + Each lookup operation uses the entire recipient address + once. Thus, some.domain.hierarchy is not looked up via + its parent domains, nor is user+foo@domain looked up as + user@domain. + + Results are the same as with indexed file lookups. + +CONFIGURATION PARAMETERS + The following main.cf parameters are especially relevant + to this topic. See the Postfix main.cf file for syntax + details and for default values. Use the postfix reload command after a configuration change. empty_address_recipient - The address that is looked up instead of the null + The address that is looked up instead of the null sender address. parent_domain_matches_subdomains - List of Postfix features that use domain.tld pat- - terns to match sub.domain.tld (as opposed to + List of Postfix features that use domain.tld pat- + terns to match sub.domain.tld (as opposed to requiring .domain.tld patterns). transport_maps List of transport lookup tables. -SEE ALSO +SEE ALSO postmap(1) create mapping table trivial-rewrite(8) rewrite and resolve addresses pcre_table(5) format of PCRE tables regexp_table(5) format of POSIX regular expression tables + tcp_table(5) TCP client/server table lookup protocol LICENSE - The Secure Mailer license must be distributed with this + The Secure Mailer license must be distributed with this software. AUTHOR(S) diff --git a/postfix/html/verify.8.html b/postfix/html/verify.8.html index ec24b4add..c1756b958 100644 --- a/postfix/html/verify.8.html +++ b/postfix/html/verify.8.html @@ -29,13 +29,13 @@ VERIFY(8) VERIFY(8) This server implements the following requests: - VRFY_ADDR_UPDATE address status text + VRFY_ADDR_UPDATE address status text Update the status of the specified address. VRFY_ADDR_QUERY address - Look up the status, last update time and text of - the specified address. If the status is unknown, a - probe is sent and a default status is returned. + Look up the status and text of the specified + address. If the status is unknown, a probe is sent + and a default status is returned. The server reply status is one of: @@ -84,26 +84,26 @@ VERIFY(8) VERIFY(8) world comes to an end and human intervention is needed. This violates a basic Postfix principle. -CONFIGURATION PARAMETERS +CONFIGURATION PARAMETERS See the Postfix main.cf file for syntax details and for - default values. Use the postfix reload command after a + default values. Use the postfix reload command after a configuration change. -Cache control +Cache control address_verify_map Optional table for persistent recipient status storage. The file is opened before the process enters a chroot jail and before it drops root priv- ileges. By default, the information is kept in - volatile memory, and is lost after postfix reload - or postfix stop. + volatile memory, and is lost after postfix reload + or postfix stop. To recover from a corrupted address verification - database, delete the file and do postfix reload. + database, delete the file and do postfix reload. address_verify_sender The sender address to use for probe messages. Spec- - ify an empty value (address_verify_sender =) or <> + ify an empty value (address_verify_sender =) or <> if you want to use the null sender address. address_verify_positive_expire_time @@ -132,7 +132,7 @@ VERIFY(8) VERIFY(8) probe is sent to verify that a known to be bad address is still bad. -Probe message routing +Probe message routing By default, probe messages are delivered via the same route as regular messages. The following parameters can be used to override specific message routing mechanisms. @@ -155,7 +155,7 @@ VERIFY(8) VERIFY(8) address_verify_default_transport Overrides the default_transport setting. -SEE ALSO +SEE ALSO trivial-rewrite(8) address rewriting and resolving LICENSE diff --git a/postfix/html/virtual.5.html b/postfix/html/virtual.5.html index 30011e065..5ade18a85 100644 --- a/postfix/html/virtual.5.html +++ b/postfix/html/virtual.5.html @@ -5,11 +5,11 @@ VIRTUAL(5) VIRTUAL(5) virtual - format of Postfix virtual alias table SYNOPSIS - postmap /etc/postfix/virtual + postmap /etc/postfix/virtual - postmap -q "string" /etc/postfix/virtual + postmap -q "string" /etc/postfix/virtual - postmap -q - /etc/postfix/virtual <inputfile + postmap -q - /etc/postfix/virtual <inputfile DESCRIPTION The optional virtual alias table specifies address alias- @@ -41,7 +41,7 @@ VIRTUAL(5) VIRTUAL(5) file that serves as input to the postmap(1) command. The result, an indexed file in dbm or db format, is used for fast searching by the mail system. Execute the command - postmap /etc/postfix/virtual in order to rebuild the + postmap /etc/postfix/virtual in order to rebuild the indexed file after changing the text file. When the table is provided via other means such as NIS, @@ -50,14 +50,16 @@ VIRTUAL(5) VIRTUAL(5) Alternatively, the table can be provided as a regular- expression map where patterns are given as regular expres- - sions. In that case, the lookups are done in a slightly - different way as described below. + sions, or lookups can be directed to TCP-based server. In + that case, the lookups are done in a slightly different + way as described below under "REGULAR EXPRESSION TABLES" + and "TCP-BASED TABLES". -TABLE FORMAT +TABLE FORMAT The format of the virtual table is as follows, mappings being tried in the order as listed in this manual page: - pattern result + pattern result When pattern matches a mail address, replace it by the corresponding result. @@ -75,11 +77,11 @@ VIRTUAL(5) VIRTUAL(5) networked tables such as NIS, LDAP or SQL, patterns are tried in the order as listed below: - user@domain address, address, ... + user@domain address, address, ... Mail for user@domain is redirected to address. This form has the highest precedence. - user address, address, ... + user address, address, ... Mail for user@site is redirected to address when site is equal to $myorigin, when site is listed in $mydestination, or when it is listed in @@ -90,7 +92,7 @@ VIRTUAL(5) VIRTUAL(5) that virtual mapping can be applied to non-local addresses. - @domain address, address, ... + @domain address, address, ... Mail for any user in domain is redirected to address. This form has the lowest precedence. @@ -98,14 +100,14 @@ VIRTUAL(5) VIRTUAL(5) domain, the result is the same user in otherdomain. This works for the first address in the expansion only. -ADDRESS EXTENSION +ADDRESS EXTENSION When a mail address localpart contains the optional recip- ient delimiter (e.g., user+foo@domain), the lookup order becomes: user+foo@domain, user@domain, user+foo, user, and @domain. An unmatched address extension (+foo) is propa- gated to the result of table lookup. -VIRTUAL ALIAS DOMAINS +VIRTUAL ALIAS DOMAINS Besides virtual aliases, the virtual alias table can also be used to implement virtual alias domains. With a virtual alias domain, all recipient addresses are aliased to @@ -128,19 +130,19 @@ VIRTUAL(5) VIRTUAL(5) virtual_alias_maps = hash:/etc/postfix/virtual Note: some systems use dbm databases instead of hash. - See the output from postconf -m for available database + See the output from postconf -m for available database types. /etc/postfix/virtual: - virtual-alias.domain anything (right-hand content does not matter) - postmaster@virtual-alias.domain postmaster - user1@virtual-alias.domain address1 - user2@virtual-alias.domain address2, address3 + virtual-alias.domain anything (right-hand content does not matter) + postmaster@virtual-alias.domain postmaster + user1@virtual-alias.domain address1 + user2@virtual-alias.domain address2, address3 - The virtual-alias.domain anything entry is required for a - virtual alias domain. Without this entry, mail is rejected - with "relay access denied", or bounces with "mail loops - back to myself". + The virtual-alias.domain anything entry is required for a + virtual alias domain. Without this entry, mail is rejected + with "relay access denied", or bounces with "mail loops + back to myself". Do not specify virtual alias domain names in the main.cf mydestination or relay_domains configuration parameters. @@ -152,11 +154,11 @@ VIRTUAL(5) VIRTUAL(5) Instead of specifying the virtual alias domain name via the virtual_alias_maps table, you may also specify it via - the main.cf virtual_alias_domains configuration parameter. + the main.cf virtual_alias_domains configuration parameter. This latter parameter uses the same syntax as the main.cf mydestination configuration parameter. -REGULAR EXPRESSION TABLES +REGULAR EXPRESSION TABLES This section describes how the table lookups change when the table is given in the form of regular expressions. For a description of regular expression lookup table syntax, @@ -176,13 +178,26 @@ VIRTUAL(5) VIRTUAL(5) the additional feature that parenthesized substrings from the pattern can be interpolated as $1, $2 and so on. +TCP-BASED TABLES + This section describes how the table lookups change when + lookups are directed to a TCP-based server. For a descrip- + tion of the TCP client/server lookup protocol, see + tcp_table(5). + + Each lookup operation uses the entire address once. Thus, + user@domain mail addresses are not broken up into their + user and @domain constituent parts, nor is user+foo broken + up into user and foo. + + Results are the same as with indexed file lookups. + BUGS The table format does not understand quoting conventions. -CONFIGURATION PARAMETERS +CONFIGURATION PARAMETERS The following main.cf parameters are especially relevant to this topic. See the Postfix main.cf file for syntax - details and for default values. Use the postfix reload + details and for default values. Use the postfix reload command after a configuration change. virtual_alias_maps @@ -211,11 +226,12 @@ VIRTUAL(5) VIRTUAL(5) Give special treatment to owner-xxx and xxx-request addresses. -SEE ALSO +SEE ALSO cleanup(8) canonicalize and enqueue mail postmap(1) create mapping table regexp_table(5) POSIX regular expression table format pcre_table(5) Perl Compatible Regular Expression table format + tcp_table(5) TCP client/server table lookup protocol LICENSE The Secure Mailer license must be distributed with this diff --git a/postfix/man/man5/access.5 b/postfix/man/man5/access.5 index 5f5ae97a3..060f9b1ba 100644 --- a/postfix/man/man5/access.5 +++ b/postfix/man/man5/access.5 @@ -32,8 +32,10 @@ When the table is provided via other means such as NIS, LDAP or SQL, the same lookups are done as for ordinary indexed files. Alternatively, the table can be provided as a regular-expression -map where patterns are given as regular expressions. In that case, -the lookups are done in a slightly different way as described below. +map where patterns are given as regular expressions, or lookups +can be directed to TCP-based server. In that case, the lookups are +done in a slightly different way as described below under +"REGULAR EXPRESSION TABLES" and "TCP-BASED TABLES". .SH TABLE FORMAT .na .nf @@ -75,7 +77,7 @@ some types of lookup table. By default, Postfix uses \fB<>\fR as the lookup key for such addresses. The value is specified with the \fBsmtpd_null_access_lookup_key\fR parameter in the Postfix \fBmain.cf\fR file. -.SH ADDRESS EXTENSION +.SH EMAIL ADDRESS EXTENSION .na .nf .fi @@ -107,8 +109,8 @@ order to match subdomains. Matches any host address in the specified network. A network address is a sequence of one or more octets separated by ".". -NOTE: use the \fBcidr\fR lookup table type if you want to -specify arbitrary network blocks. +NOTE: use the \fBcidr\fR lookup table type if to specify +network/netmask patterns. See cidr_table(5) for details. .SH ACTIONS .na .nf @@ -190,6 +192,24 @@ pattern is found that matches the search string. Actions are the same as with indexed file lookups, with the additional feature that parenthesized substrings from the pattern can be interpolated as \fB$1\fR, \fB$2\fR and so on. +.SH TCP-BASED TABLES +.na +.nf +.ad +.fi +This section describes how the table lookups change when lookups +are directed to a TCP-based server. For a description of the TCP +client/server lookup protocol, see \fBtcp_table\fR(5). + +Each lookup operation uses the entire query string once. +Depending on the application, that string is an entire client +hostname, an entire client IP address, or an entire mail address. +Thus, no parent domain or parent network search is done, +\fIuser@domain\fR mail addresses are not broken up into +their \fIuser@\fR and \fIdomain\fR constituent parts, nor is +\fIuser+foo\fR broken up into \fIuser\fR and \fIfoo\fR. + +Actions are the same as with indexed file lookups. .SH BUGS .ad .fi @@ -202,6 +222,7 @@ smtpd(8) smtp server cidr_table(5) format of CIDR tables pcre_table(5) format of PCRE tables regexp_table(5) format of POSIX regular expression tables +tcp_table(5) TCP client/server table lookup protocol .SH LICENSE .na .nf diff --git a/postfix/man/man5/canonical.5 b/postfix/man/man5/canonical.5 index 2b413caf5..7a7c6f26f 100644 --- a/postfix/man/man5/canonical.5 +++ b/postfix/man/man5/canonical.5 @@ -31,8 +31,10 @@ When the table is provided via other means such as NIS, LDAP or SQL, the same lookups are done as for ordinary indexed files. Alternatively, the table can be provided as a regular-expression -map where patterns are given as regular expressions. In that case, -the lookups are done in a slightly different way as described below. +map where patterns are given as regular expressions, or lookups +can be directed to TCP-based server. In that case, the lookups are +done in a slightly different way as described below under +"REGULAR EXPRESSION TABLES" and "TCP-BASED TABLES". The \fBcanonical\fR mapping affects both message header addresses (i.e. addresses that appear inside messages) and message envelope @@ -118,6 +120,21 @@ pattern is found that matches the search string. Results are the same as with indexed file lookups, with the additional feature that parenthesized substrings from the pattern can be interpolated as \fB$1\fR, \fB$2\fR and so on. +.SH TCP-BASED TABLES +.na +.nf +.ad +.fi +This section describes how the table lookups change when lookups +are directed to a TCP-based server. For a description of the TCP +client/server lookup protocol, see \fBtcp_table\fR(5). + +Each lookup operation uses the entire address once. Thus, +\fIuser@domain\fR mail addresses are not broken up into their +\fIuser\fR and \fI@domain\fR constituent parts, nor is +\fIuser+foo\fR broken up into \fIuser\fR and \fIfoo\fR. + +Results are the same as with indexed file lookups. .SH BUGS .ad .fi @@ -167,6 +184,7 @@ postmap(1) create mapping table virtual(5) virtual domain mapping pcre_table(5) format of PCRE tables regexp_table(5) format of POSIX regular expression tables +tcp_table(5) TCP client/server table lookup protocol .SH LICENSE .na .nf diff --git a/postfix/man/man5/cidr_table.5 b/postfix/man/man5/cidr_table.5 index 179eb6641..645561c7c 100644 --- a/postfix/man/man5/cidr_table.5 +++ b/postfix/man/man5/cidr_table.5 @@ -41,7 +41,11 @@ are lines whose first non-whitespace character is a `#'. .IP "multi-line text" A logical line starts with non-whitespace text. A line that starts with whitespace continues a logical line. -.PP +.SH SEARCH ORDER +.na +.nf +.ad +.fi Patterns are applied in the order as specified in the table, until a pattern is found that matches the search string. .SH EXAMPLE SMTPD ACCESS MAP @@ -49,9 +53,9 @@ pattern is found that matches the search string. .nf /etc/postfix/main.cf: .ti +4 -smtpd_client_restrictions = ... cidr:/etc/postfix/client_cidr ... +smtpd_client_restrictions = ... cidr:/etc/postfix/client.cidr ... -/etc/postfix/client_cidr: +/etc/postfix/client.cidr: .in +4 # Rule order matters. Put more specific whitelist entries # before more general blacklist entries. diff --git a/postfix/man/man5/pcre_table.5 b/postfix/man/man5/pcre_table.5 index 98bd0f7c5..4a48ef933 100644 --- a/postfix/man/man5/pcre_table.5 +++ b/postfix/man/man5/pcre_table.5 @@ -24,7 +24,11 @@ supports use the \fBpostconf -m\fR command. To test lookup tables, use the \fBpostmap\fR command as described in the SYNOPSIS above. - +.SH TABLE FORMAT +.na +.nf +.ad +.fi The general form of a PCRE table is: .IP "\fB/\fIpattern\fB/\fIflags result\fR" .IP "\fB!/\fIpattern\fB/\fIflags result\fR" @@ -100,7 +104,14 @@ Toggles the PCRE_EXTRA flag. When this flag is on, any backslash in a pattern that is followed by a letter that has no special meaning causes an error, thus reserving these combinations for future expansion. -.PP +.SH SEARCH ORDER +.na +.nf +.ad +.fi +Patterns are applied in the order as specified in the table, until a +pattern is found that matches the search string. + Each pattern is applied to the entire lookup key string. Depending on the application, that string is an entire client hostname, an entire client IP address, or an entire mail address. @@ -108,16 +119,19 @@ Thus, no parent domain or parent network search is done, and \fIuser@domain\fR mail addresses are not broken up into their \fIuser\fR and \fIdomain\fR constituent parts, nor is \fIuser+foo\fR broken up into \fIuser\fR and \fIfoo\fR. - -Patterns are applied in the order as specified in the table, until a -pattern is found that matches the search string. - +.SH TEXT SUBSTITUTION +.na +.nf +.ad +.fi Substitution of substrings from the matched expression into the result string is possible using the conventional perl syntax ($1, $2, etc.). The macros in the result string may need to be written as ${n} -or $(n) if they aren't followed by whitespace. Since negated patterns -(those preceded by \fB!\fR) return a result when the expression does -not match, substitutions are not available for negated patterns. +or $(n) if they aren't followed by whitespace. + +Note: since negated patterns (those preceded by \fB!\fR) return a +result when the expression does not match, substitutions are not +available for negated patterns. .SH EXAMPLE SMTPD ACCESS MAP .na .nf diff --git a/postfix/man/man5/regexp_table.5 b/postfix/man/man5/regexp_table.5 index 0f5173d51..6f577817a 100644 --- a/postfix/man/man5/regexp_table.5 +++ b/postfix/man/man5/regexp_table.5 @@ -24,7 +24,11 @@ supports use the \fBpostconf -m\fR command. To test lookup tables, use the \fBpostmap\fR command as described in the SYNOPSIS above. - +.SH TABLE FORMAT +.na +.nf +.ad +.fi The general form of a Postfix regular expression table is: .IP "\fB/\fIpattern\fB/\fIflags result\fR" .IP "\fB!/\fIpattern\fB/\fIflags result\fR" @@ -54,6 +58,13 @@ By default, matching is case-insensitive, although following the second slash with an `i' flag will reverse this. Other flags are `x' (disable extended expression syntax), and `m' (enable multi-line mode, that is, treat newline characters as special). +.SH TABLE SEARCH ORDER +.na +.nf +.ad +.fi +Patterns are applied in the order as specified in the table, until a +pattern is found that matches the search string. Each pattern is applied to the entire lookup key string. Depending on the application, that string is an entire client @@ -62,16 +73,19 @@ Thus, no parent domain or parent network search is done, and \fIuser@domain\fR mail addresses are not broken up into their \fIuser\fR and \fIdomain\fR constituent parts, nor is \fIuser+foo\fR broken up into \fIuser\fR and \fIfoo\fR. - -Patterns are applied in the order as specified in the table, until a -pattern is found that matches the search string. - +.SH TEXT SUBSTITUTION +.na +.nf +.ad +.fi Substitution of substrings from the matched expression into the result string is possible using $1, $2, etc.. The macros in the result string may need to be written as ${n} or $(n) if they aren't followed -by whitespace. Since negated patterns (those preceded by \fB!\fR) -return a result when the expression does not match, substitutions are -not available for negated patterns. +by whitespace. + +Note: since negated patterns (those preceded by \fB!\fR) return a +result when the expression does not match, substitutions are not +available for negated patterns. .SH EXAMPLE SMTPD ACCESS MAP .na .nf diff --git a/postfix/man/man5/relocated.5 b/postfix/man/man5/relocated.5 index d16b331a4..756574140 100644 --- a/postfix/man/man5/relocated.5 +++ b/postfix/man/man5/relocated.5 @@ -26,8 +26,10 @@ When the table is provided via other means such as NIS, LDAP or SQL, the same lookups are done as for ordinary indexed files. Alternatively, the table can be provided as a regular-expression -map where patterns are given as regular expressions. In that case, -the lookups are done in a slightly different way as described below. +map where patterns are given as regular expressions, or lookups +can be directed to TCP-based server. In that case, the lookups are +done in a slightly different way as described below under +"REGULAR EXPRESSION TABLES" and "TCP-BASED TABLES". Table lookups are case insensitive. .SH TABLE FORMAT @@ -78,9 +80,11 @@ When a mail address localpart contains the optional recipient delimiter .ad .fi This section describes how the table lookups change when the table -is given in the form of regular expressions. For a description of -regular expression lookup table syntax, see \fBregexp_table\fR(5) -or \fBpcre_table\fR(5). +is given in the form of regular expressions or when lookups are +directed to a TCP-based server. For a description of regular +expression lookup table syntax, see \fBregexp_table\fR(5) or +\fBpcre_table\fR(5). For a description of the TCP client/server +table lookup protocol, see \fBtcp_table\fR(5). Each pattern is a regular expression that is applied to the entire address being looked up. Thus, \fIuser@domain\fR mail addresses are not @@ -93,6 +97,21 @@ pattern is found that matches the search string. Results are the same as with indexed file lookups, with the additional feature that parenthesized substrings from the pattern can be interpolated as \fB$1\fR, \fB$2\fR and so on. +.SH TCP-BASED TABLES +.na +.nf +.ad +.fi +This section describes how the table lookups change when lookups +are directed to a TCP-based server. For a description of the TCP +client/server lookup protocol, see \fBtcp_table\fR(5). + +Each lookup operation uses the entire address once. Thus, +\fIuser@domain\fR mail addresses are not broken up into their +\fIuser\fR and \fI@domain\fR constituent parts, nor is +\fIuser+foo\fR broken up into \fIuser\fR and \fIfoo\fR. + +Results are the same as with indexed file lookups. .SH BUGS .ad .fi @@ -123,6 +142,7 @@ The domain that is appended to locally-posted mail. postmap(1) create lookup table pcre_table(5) format of PCRE tables regexp_table(5) format of POSIX regular expression tables +tcp_table(5) TCP client/server table lookup protocol .SH LICENSE .na .nf diff --git a/postfix/man/man5/tcp_table.5 b/postfix/man/man5/tcp_table.5 index 69ab6b4f3..d42de894c 100644 --- a/postfix/man/man5/tcp_table.5 +++ b/postfix/man/man5/tcp_table.5 @@ -10,14 +10,14 @@ Postfix client/server table lookup protocol .nf \fBpostmap -q "\fIstring\fB" tcp:\fIhost:port\fR -\fBpostmap -q - regexp:\fIhost:port\fR <\fIinputfile\fR +\fBpostmap -q - tcp:\fIhost:port\fR <\fIinputfile\fR .SH DESCRIPTION .ad .fi The Postfix mail system uses optional tables for address rewriting or mail routing. These tables are usually in -\fBdbm\fR or \fBdb\fR format. Alternatively, lookup tables -can be specified as a TCP client/server pair. +\fBdbm\fR or \fBdb\fR format. Alternatively, table lookups +can be directed to a TCP server. To find out what types of lookup tables your Postfix system supports use the \fBpostconf -m\fR command. @@ -34,22 +34,13 @@ sends a request, and the server sends one reply. Requests and replies are sent as one line of ASCII text, terminated by the ASCII newline character. Request and reply parameters (see below) are separated by whitespace. -.SH ENCODING -.na -.nf -.ad -.fi -In request and reply parameters, the character % and any non-printing -and whitespace characters must be replaced by %XX, XX being the -corresponding ASCII hexadecimal character value. The hexadecimal codes -can be specified in any case (upper, lower, mixed). .SH REQUEST FORMAT .na .nf .ad .fi -Requests are strings that serve as lookup key in the simulated -table. +Each request specifies a command, a lookup key, and possibly a +lookup result. .IP "\fBget\fR SPACE \fIkey\fR NEWLINE" Look up data under the specified key. .IP "\fBput\fR SPACE \fIkey\fR SPACE \fIvalue\fR NEWLINE" @@ -59,18 +50,37 @@ This request is currently not implemented. .nf .ad .fi -Replies must be no longer than 4096 characters including the -newline terminator, and must have the following form: -.IP "\fB500\fR SPACE \fIoptional-text\fR NEWLINE" +Each reply specifies a status code and text. Replies must be no +longer than 4096 characters including the newline terminator. +.IP "\fB500\fR SPACE \fItext\fR NEWLINE" In case of a lookup request, the requested data does not exist. In case of an update request, the request was rejected. -.IP "\fB400\fR SPACE \fIoptional-text\fR NEWLINE" -This indicates an error condition. The text gives the nature of +The text describes the nature of the problem. +.IP "\fB400\fR SPACE \fItext\fR NEWLINE" +This indicates an error condition. The text describes the nature of the problem. The client should retry the request later. .IP "\fB200\fR SPACE \fItext\fR NEWLINE" The request was successful. In the case of a lookup request, the text contains an encoded version of the requested data. -Otherwise the text is optional. +.SH ENCODING +.na +.nf +.ad +.fi +In request and reply parameters, the character %, each non-printing +character, and each whitespace character must be replaced by %XX, +where XX is the corresponding ASCII hexadecimal character value. The +hexadecimal codes can be specified in any case (upper, lower, mixed). + +The Postfix client always encodes a request. +The server may omit the encoding as long as the reply +is guaranteed to not contain the % or NEWLINE character. +.SH SECURITY +.na +.nf +Do not use TCP lookup tables for security critical purposes. +The client-server connection is not protected and the server +is not authenticated. .SH SEE ALSO .na .nf @@ -81,6 +91,9 @@ cidr_table(5) format of CIDR tables .ad .fi Only the lookup method is currently implemented. + +The client does not hang up when the connection is idle for +a long time. .SH LICENSE .na .nf diff --git a/postfix/man/man5/transport.5 b/postfix/man/man5/transport.5 index 05eba4ca1..adebc271c 100644 --- a/postfix/man/man5/transport.5 +++ b/postfix/man/man5/transport.5 @@ -46,9 +46,10 @@ When the table is provided via other means such as NIS, LDAP or SQL, the same lookups are done as for ordinary indexed files. Alternatively, the table can be provided as a regular-expression -map where patterns are given as regular expressions. In that case, -the lookups are done in a slightly different way as described -in section "REGULAR EXPRESSION TABLES". +map where patterns are given as regular expressions, or lookups +can be directed to TCP-based server. In that case, the lookups are +done in a slightly different way as described below under +"REGULAR EXPRESSION TABLES" and "TCP-BASED TABLES". .SH TABLE FORMAT .na .nf @@ -144,7 +145,7 @@ destinations. .ti +5 \fB\&.my.domain :\fR .ti +5 -\fB* smtp:outbound-relay.my.domain\fR +\fB* smtp:outbound-relay.my.domain\fR In order to send mail for \fBfoo.org\fR and its subdomains via the \fBuucp\fR transport to the UUCP host named \fBfoo\fR: @@ -204,8 +205,9 @@ regular expression lookup table syntax, see \fBregexp_table\fR(5) or \fBpcre_table\fR(5). Each pattern is a regular expression that is applied to the entire -domain being looked up. Thus, \fIsome.domain.hierarchy\fR is not -broken up into parent domains. +address being looked up. Thus, \fIsome.domain.hierarchy\fR is not +looked up up via its parent domains, +nor is \fIuser+foo@domain\fR looked up as \fIuser@domain\fR. Patterns are applied in the order as specified in the table, until a pattern is found that matches the search string. @@ -213,6 +215,20 @@ pattern is found that matches the search string. Results are the same as with indexed file lookups, with the additional feature that parenthesized substrings from the pattern can be interpolated as \fB$1\fR, \fB$2\fR and so on. +.SH TCP-BASED TABLES +.na +.nf +.ad +.fi +This section describes how the table lookups change when lookups +are directed to a TCP-based server. For a description of the TCP +client/server lookup protocol, see \fBtcp_table\fR(5). + +Each lookup operation uses the entire recipient address once. Thus, +\fIsome.domain.hierarchy\fR is not looked up via its parent domains, +nor is \fIuser+foo@domain\fR looked up as \fIuser@domain\fR. + +Results are the same as with indexed file lookups. .SH CONFIGURATION PARAMETERS .na .nf @@ -237,6 +253,7 @@ postmap(1) create mapping table trivial-rewrite(8) rewrite and resolve addresses pcre_table(5) format of PCRE tables regexp_table(5) format of POSIX regular expression tables +tcp_table(5) TCP client/server table lookup protocol .SH LICENSE .na .nf diff --git a/postfix/man/man5/virtual.5 b/postfix/man/man5/virtual.5 index bec609898..dce50baa5 100644 --- a/postfix/man/man5/virtual.5 +++ b/postfix/man/man5/virtual.5 @@ -48,8 +48,10 @@ When the table is provided via other means such as NIS, LDAP or SQL, the same lookups are done as for ordinary indexed files. Alternatively, the table can be provided as a regular-expression -map where patterns are given as regular expressions. In that case, -the lookups are done in a slightly different way as described below. +map where patterns are given as regular expressions, or lookups +can be directed to TCP-based server. In that case, the lookups are +done in a slightly different way as described below under +"REGULAR EXPRESSION TABLES" and "TCP-BASED TABLES". .SH TABLE FORMAT .na .nf @@ -178,6 +180,21 @@ pattern is found that matches the search string. Results are the same as with indexed file lookups, with the additional feature that parenthesized substrings from the pattern can be interpolated as \fB$1\fR, \fB$2\fR and so on. +.SH TCP-BASED TABLES +.na +.nf +.ad +.fi +This section describes how the table lookups change when lookups +are directed to a TCP-based server. For a description of the TCP +client/server lookup protocol, see \fBtcp_table\fR(5). + +Each lookup operation uses the entire address once. Thus, +\fIuser@domain\fR mail addresses are not broken up into their +\fIuser\fR and \fI@domain\fR constituent parts, nor is +\fIuser+foo\fR broken up into \fIuser\fR and \fIfoo\fR. + +Results are the same as with indexed file lookups. .SH BUGS .ad .fi @@ -215,6 +232,7 @@ cleanup(8) canonicalize and enqueue mail postmap(1) create mapping table regexp_table(5) POSIX regular expression table format pcre_table(5) Perl Compatible Regular Expression table format +tcp_table(5) TCP client/server table lookup protocol .SH LICENSE .na .nf diff --git a/postfix/man/man8/cleanup.8 b/postfix/man/man8/cleanup.8 index 0e21c52d2..373af678e 100644 --- a/postfix/man/man8/cleanup.8 +++ b/postfix/man/man8/cleanup.8 @@ -136,6 +136,11 @@ The BCC address is added when the message enters the system. .IP \fBrecipient_bcc_maps\fR Automatic BCC recipient lookup table, indexed by recipient address. The BCC address is added when the message enters the system. +.IP \fBenable_original_recipient\fR +Enable support for the \fBX-Original-To:\fR message header, which is +needed for multi-recipient mailboxes. When this is enabled, Postfix +performs duplicate elimination on (original recipient, rewritten +recipient) pairs, instead of looking at the rewritten recipient only. .IP \fBhopcount_limit\fR Limit the number of \fBReceived:\fR message headers. .IP \fBundisclosed_recipients_header\fR @@ -150,11 +155,6 @@ substitution is done before all other address rewriting. .IP \fBcanonical_maps\fR Address mapping lookup table for sender and recipient addresses in envelopes and headers. -.IP \fBenable_original_recipient\fR -Enable support for the X-Original-To message header, which is -needed for multi-recipient mailboxes. When this is enabled, Postfix -performs duplicate elimination on (original recipient, rewritten -recipient) pairs, instead of looking at the rewritten recipient only. .IP \fBrecipient_canonical_maps\fR Address mapping lookup table for envelope and header recipient addresses. diff --git a/postfix/man/man8/smtpd.8 b/postfix/man/man8/smtpd.8 index 8c63d52aa..94b3c824b 100644 --- a/postfix/man/man8/smtpd.8 +++ b/postfix/man/man8/smtpd.8 @@ -288,7 +288,8 @@ verification service. .IP \fBaddress_verify_poll_count\fR How many times to query the address verification service for completion of an address verification request. -Specify 0 to implement a simple form of greylisting. +Specify 1 to implement a simple form of greylisting, that is, +always defer the request for a new sender or recipient address. .IP \fBaddress_verify_poll_delay\fR Time to wait after querying the address verification service for completion of an address verification request. diff --git a/postfix/man/man8/verify.8 b/postfix/man/man8/verify.8 index ece5ba89f..61a903edf 100644 --- a/postfix/man/man8/verify.8 +++ b/postfix/man/man8/verify.8 @@ -35,8 +35,7 @@ This server implements the following requests: .IP "\fBVRFY_ADDR_UPDATE\fI address status text\fR" Update the status of the specified address. .IP "\fBVRFY_ADDR_QUERY\fI address\fR" -Look up the \fIstatus\fR, \fIlast update time\fR and \fItext\fR -of the specified address. +Look up the \fIstatus\fR and \fItext\fR of the specified address. If the status is unknown, a probe is sent and a default status is returned. .PP diff --git a/postfix/mantools/man2html b/postfix/mantools/man2html index 56355712e..9f34c7419 100755 --- a/postfix/mantools/man2html +++ b/postfix/mantools/man2html @@ -11,8 +11,8 @@ sed ' s/>/\>/g s;_\(.\);\1;g s;.\(.\);\1;g - s;;;g - s;;;g + s;\( *\);\1;g + s;\( *\);\1;g ' "$@" echo ' ' diff --git a/postfix/mantools/postlink b/postfix/mantools/postlink index 9f270cb81..aa56c2cc6 100755 --- a/postfix/mantools/postlink +++ b/postfix/mantools/postlink @@ -52,6 +52,8 @@ exec sed ' s/[]*verify[]*(8)/&<\/a>/ s/[]*virtual[]*(5)/&<\/a>/ s/[]*virtual[]*(8)/&<\/a>/ + s/[]*cidr_table[]*(5)/&<\/a>/ + s/[]*tcp_table[]*(5)/&<\/a>/ s/\(\)\([]*[a-z0-9-]*[-]*\)\(\n *\)\([]*[a-z0-9-]*[]*([0-9])\)\(<\/a>\)/\1\2\5\3\1\4\5/ s/http:\/\/[^ ,]*/&<\/a>/ s/RFC *\([0-9]*\)/&<\/a>/ diff --git a/postfix/proto/access b/postfix/proto/access index d5cddcc06..0ef1eed82 100644 --- a/postfix/proto/access +++ b/postfix/proto/access @@ -6,9 +6,9 @@ # SYNOPSIS # \fBpostmap /etc/postfix/access\fR # -# \fBpostmap -q "\fIstring\fB" /etc/postfix/access\fR +# \fBpostmap -q "\fIstring\fB" /etc/postfix/access\fR # -# \fBpostmap -q - /etc/postfix/access <\fIinputfile\fR +# \fBpostmap -q - /etc/postfix/access <\fIinputfile\fR # DESCRIPTION # The optional \fBaccess\fR table directs the Postfix SMTP server # to selectively reject or accept mail. Access can be allowed or @@ -26,8 +26,10 @@ # or SQL, the same lookups are done as for ordinary indexed files. # # Alternatively, the table can be provided as a regular-expression -# map where patterns are given as regular expressions. In that case, -# the lookups are done in a slightly different way as described below. +# map where patterns are given as regular expressions, or lookups +# can be directed to TCP-based server. In that case, the lookups are +# done in a slightly different way as described below under +# "REGULAR EXPRESSION TABLES" and "TCP-BASED TABLES". # TABLE FORMAT # .ad # .fi @@ -65,7 +67,7 @@ # as the lookup key for such addresses. The value is specified with # the \fBsmtpd_null_access_lookup_key\fR parameter in the Postfix # \fBmain.cf\fR file. -# ADDRESS EXTENSION +# EMAIL ADDRESS EXTENSION # .fi # .ad # When a mail address localpart contains the optional recipient delimiter @@ -93,8 +95,8 @@ # Matches any host address in the specified network. A network # address is a sequence of one or more octets separated by ".". # -# NOTE: use the \fBcidr\fR lookup table type if you want to -# specify arbitrary network blocks. +# NOTE: use the \fBcidr\fR lookup table type if to specify +# network/netmask patterns. See cidr_table(5) for details. # ACTIONS # .ad # .fi @@ -172,6 +174,22 @@ # Actions are the same as with indexed file lookups, with # the additional feature that parenthesized substrings from the # pattern can be interpolated as \fB$1\fR, \fB$2\fR and so on. +# TCP-BASED TABLES +# .ad +# .fi +# This section describes how the table lookups change when lookups +# are directed to a TCP-based server. For a description of the TCP +# client/server lookup protocol, see \fBtcp_table\fR(5). +# +# Each lookup operation uses the entire query string once. +# Depending on the application, that string is an entire client +# hostname, an entire client IP address, or an entire mail address. +# Thus, no parent domain or parent network search is done, +# \fIuser@domain\fR mail addresses are not broken up into +# their \fIuser@\fR and \fIdomain\fR constituent parts, nor is +# \fIuser+foo\fR broken up into \fIuser\fR and \fIfoo\fR. +# +# Actions are the same as with indexed file lookups. # BUGS # The table format does not understand quoting conventions. # SEE ALSO @@ -180,6 +198,7 @@ # cidr_table(5) format of CIDR tables # pcre_table(5) format of PCRE tables # regexp_table(5) format of POSIX regular expression tables +# tcp_table(5) TCP client/server table lookup protocol # LICENSE # .ad # .fi diff --git a/postfix/proto/canonical b/postfix/proto/canonical index 3c0e8427a..60a547058 100644 --- a/postfix/proto/canonical +++ b/postfix/proto/canonical @@ -25,8 +25,10 @@ # or SQL, the same lookups are done as for ordinary indexed files. # # Alternatively, the table can be provided as a regular-expression -# map where patterns are given as regular expressions. In that case, -# the lookups are done in a slightly different way as described below. +# map where patterns are given as regular expressions, or lookups +# can be directed to TCP-based server. In that case, the lookups are +# done in a slightly different way as described below under +# "REGULAR EXPRESSION TABLES" and "TCP-BASED TABLES". # # The \fBcanonical\fR mapping affects both message header addresses # (i.e. addresses that appear inside messages) and message envelope @@ -106,6 +108,19 @@ # Results are the same as with indexed file lookups, with # the additional feature that parenthesized substrings from the # pattern can be interpolated as \fB$1\fR, \fB$2\fR and so on. +# TCP-BASED TABLES +# .ad +# .fi +# This section describes how the table lookups change when lookups +# are directed to a TCP-based server. For a description of the TCP +# client/server lookup protocol, see \fBtcp_table\fR(5). +# +# Each lookup operation uses the entire address once. Thus, +# \fIuser@domain\fR mail addresses are not broken up into their +# \fIuser\fR and \fI@domain\fR constituent parts, nor is +# \fIuser+foo\fR broken up into \fIuser\fR and \fIfoo\fR. +# +# Results are the same as with indexed file lookups. # BUGS # The table format does not understand quoting conventions. # CONFIGURATION PARAMETERS @@ -149,6 +164,7 @@ # virtual(5) virtual domain mapping # pcre_table(5) format of PCRE tables # regexp_table(5) format of POSIX regular expression tables +# tcp_table(5) TCP client/server table lookup protocol # LICENSE # .ad # .fi diff --git a/postfix/proto/cidr_table b/postfix/proto/cidr_table index 13273a064..470e0a8b1 100644 --- a/postfix/proto/cidr_table +++ b/postfix/proto/cidr_table @@ -33,15 +33,17 @@ # .IP "multi-line text" # A logical line starts with non-whitespace text. A line that # starts with whitespace continues a logical line. -# .PP +# SEARCH ORDER +# .ad +# .fi # Patterns are applied in the order as specified in the table, until a # pattern is found that matches the search string. # EXAMPLE SMTPD ACCESS MAP # /etc/postfix/main.cf: # .ti +4 -# smtpd_client_restrictions = ... cidr:/etc/postfix/client_cidr ... +# smtpd_client_restrictions = ... cidr:/etc/postfix/client.cidr ... # -# /etc/postfix/client_cidr: +# /etc/postfix/client.cidr: # .in +4 # # Rule order matters. Put more specific whitelist entries # # before more general blacklist entries. diff --git a/postfix/proto/pcre_table b/postfix/proto/pcre_table index 08f595484..4789ee16e 100644 --- a/postfix/proto/pcre_table +++ b/postfix/proto/pcre_table @@ -18,7 +18,9 @@ # # To test lookup tables, use the \fBpostmap\fR command as # described in the SYNOPSIS above. -# +# TABLE FORMAT +# .ad +# .fi # The general form of a PCRE table is: # .IP "\fB/\fIpattern\fB/\fIflags result\fR" # .IP "\fB!/\fIpattern\fB/\fIflags result\fR" @@ -94,7 +96,12 @@ # When this flag is on, any backslash in a pattern that is # followed by a letter that has no special meaning causes an # error, thus reserving these combinations for future expansion. -# .PP +# SEARCH ORDER +# .ad +# .fi +# Patterns are applied in the order as specified in the table, until a +# pattern is found that matches the search string. +# # Each pattern is applied to the entire lookup key string. # Depending on the application, that string is an entire client # hostname, an entire client IP address, or an entire mail address. @@ -102,16 +109,17 @@ # \fIuser@domain\fR mail addresses are not broken up into their # \fIuser\fR and \fIdomain\fR constituent parts, nor is \fIuser+foo\fR # broken up into \fIuser\fR and \fIfoo\fR. -# -# Patterns are applied in the order as specified in the table, until a -# pattern is found that matches the search string. -# +# TEXT SUBSTITUTION +# .ad +# .fi # Substitution of substrings from the matched expression into the result # string is possible using the conventional perl syntax ($1, $2, etc.). # The macros in the result string may need to be written as ${n} -# or $(n) if they aren't followed by whitespace. Since negated patterns -# (those preceded by \fB!\fR) return a result when the expression does -# not match, substitutions are not available for negated patterns. +# or $(n) if they aren't followed by whitespace. +# +# Note: since negated patterns (those preceded by \fB!\fR) return a +# result when the expression does not match, substitutions are not +# available for negated patterns. # EXAMPLE SMTPD ACCESS MAP # # Protect your outgoing majordomo exploders # /^(?!owner-)(.*)-outgoing@(.*)/ 550 Use ${1}@${2} instead diff --git a/postfix/proto/regexp_table b/postfix/proto/regexp_table index 2e32819a7..65ffde9a7 100644 --- a/postfix/proto/regexp_table +++ b/postfix/proto/regexp_table @@ -18,7 +18,9 @@ # # To test lookup tables, use the \fBpostmap\fR command as # described in the SYNOPSIS above. -# +# TABLE FORMAT +# .ad +# .fi # The general form of a Postfix regular expression table is: # .IP "\fB/\fIpattern\fB/\fIflags result\fR" # .IP "\fB!/\fIpattern\fB/\fIflags result\fR" @@ -48,6 +50,11 @@ # the second slash with an `i' flag will reverse this. Other flags # are `x' (disable extended expression syntax), and `m' (enable # multi-line mode, that is, treat newline characters as special). +# TABLE SEARCH ORDER +# .ad +# .fi +# Patterns are applied in the order as specified in the table, until a +# pattern is found that matches the search string. # # Each pattern is applied to the entire lookup key string. # Depending on the application, that string is an entire client @@ -56,16 +63,17 @@ # \fIuser@domain\fR mail addresses are not broken up into their # \fIuser\fR and \fIdomain\fR constituent parts, nor is \fIuser+foo\fR # broken up into \fIuser\fR and \fIfoo\fR. -# -# Patterns are applied in the order as specified in the table, until a -# pattern is found that matches the search string. -# +# TEXT SUBSTITUTION +# .ad +# .fi # Substitution of substrings from the matched expression into the result # string is possible using $1, $2, etc.. The macros in the result string # may need to be written as ${n} or $(n) if they aren't followed -# by whitespace. Since negated patterns (those preceded by \fB!\fR) -# return a result when the expression does not match, substitutions are -# not available for negated patterns. +# by whitespace. +# +# Note: since negated patterns (those preceded by \fB!\fR) return a +# result when the expression does not match, substitutions are not +# available for negated patterns. # EXAMPLE SMTPD ACCESS MAP # # Disallow sender-specified routing. This is a must if you relay mail # # for other domains. diff --git a/postfix/proto/relocated b/postfix/proto/relocated index 2c245fdda..05dc2d311 100644 --- a/postfix/proto/relocated +++ b/postfix/proto/relocated @@ -20,8 +20,10 @@ # or SQL, the same lookups are done as for ordinary indexed files. # # Alternatively, the table can be provided as a regular-expression -# map where patterns are given as regular expressions. In that case, -# the lookups are done in a slightly different way as described below. +# map where patterns are given as regular expressions, or lookups +# can be directed to TCP-based server. In that case, the lookups are +# done in a slightly different way as described below under +# "REGULAR EXPRESSION TABLES" and "TCP-BASED TABLES". # # Table lookups are case insensitive. # TABLE FORMAT @@ -58,17 +60,19 @@ # ADDRESS EXTENSION # .fi # .ad -# When a mail address localpart contains the optional recipient delimiter -# (e.g., \fIuser+foo\fR@\fIdomain\fR), the lookup order becomes: -# \fIuser+foo\fR@\fIdomain\fR, \fIuser\fR@\fIdomain\fR, \fIuser+foo\fR, +# When a mail address localpart contains the optional recipient delimiter +# (e.g., \fIuser+foo\fR@\fIdomain\fR), the lookup order becomes: +# \fIuser+foo\fR@\fIdomain\fR, \fIuser\fR@\fIdomain\fR, \fIuser+foo\fR, # \fIuser\fR, and @\fIdomain\fR. # REGULAR EXPRESSION TABLES # .ad # .fi # This section describes how the table lookups change when the table -# is given in the form of regular expressions. For a description of -# regular expression lookup table syntax, see \fBregexp_table\fR(5) -# or \fBpcre_table\fR(5). +# is given in the form of regular expressions or when lookups are +# directed to a TCP-based server. For a description of regular +# expression lookup table syntax, see \fBregexp_table\fR(5) or +# \fBpcre_table\fR(5). For a description of the TCP client/server +# table lookup protocol, see \fBtcp_table\fR(5). # # Each pattern is a regular expression that is applied to the entire # address being looked up. Thus, \fIuser@domain\fR mail addresses are not @@ -81,6 +85,19 @@ # Results are the same as with indexed file lookups, with # the additional feature that parenthesized substrings from the # pattern can be interpolated as \fB$1\fR, \fB$2\fR and so on. +# TCP-BASED TABLES +# .ad +# .fi +# This section describes how the table lookups change when lookups +# are directed to a TCP-based server. For a description of the TCP +# client/server lookup protocol, see \fBtcp_table\fR(5). +# +# Each lookup operation uses the entire address once. Thus, +# \fIuser@domain\fR mail addresses are not broken up into their +# \fIuser\fR and \fI@domain\fR constituent parts, nor is +# \fIuser+foo\fR broken up into \fIuser\fR and \fIfoo\fR. +# +# Results are the same as with indexed file lookups. # BUGS # The table format does not understand quoting conventions. # CONFIGURATION PARAMETERS @@ -105,6 +122,7 @@ # postmap(1) create lookup table # pcre_table(5) format of PCRE tables # regexp_table(5) format of POSIX regular expression tables +# tcp_table(5) TCP client/server table lookup protocol # LICENSE # .ad # .fi diff --git a/postfix/proto/tcp_table b/postfix/proto/tcp_table index e099ea258..d92e01579 100644 --- a/postfix/proto/tcp_table +++ b/postfix/proto/tcp_table @@ -6,12 +6,12 @@ # SYNOPSIS # \fBpostmap -q "\fIstring\fB" tcp:\fIhost:port\fR # -# \fBpostmap -q - regexp:\fIhost:port\fR <\fIinputfile\fR +# \fBpostmap -q - tcp:\fIhost:port\fR <\fIinputfile\fR # DESCRIPTION # The Postfix mail system uses optional tables for address # rewriting or mail routing. These tables are usually in -# \fBdbm\fR or \fBdb\fR format. Alternatively, lookup tables -# can be specified as a TCP client/server pair. +# \fBdbm\fR or \fBdb\fR format. Alternatively, table lookups +# can be directed to a TCP server. # # To find out what types of lookup tables your Postfix system # supports use the \fBpostconf -m\fR command. @@ -26,18 +26,11 @@ # replies are sent as one line of ASCII text, terminated by the # ASCII newline character. Request and reply parameters (see below) # are separated by whitespace. -# ENCODING -# .ad -# .fi -# In request and reply parameters, the character % and any non-printing -# and whitespace characters must be replaced by %XX, XX being the -# corresponding ASCII hexadecimal character value. The hexadecimal codes -# can be specified in any case (upper, lower, mixed). # REQUEST FORMAT # .ad # .fi -# Requests are strings that serve as lookup key in the simulated -# table. +# Each request specifies a command, a lookup key, and possibly a +# lookup result. # .IP "\fBget\fR SPACE \fIkey\fR NEWLINE" # Look up data under the specified key. # .IP "\fBput\fR SPACE \fIkey\fR SPACE \fIvalue\fR NEWLINE" @@ -45,24 +38,42 @@ # REPLY FORMAT # .ad # .fi -# Replies must be no longer than 4096 characters including the -# newline terminator, and must have the following form: -# .IP "\fB500\fR SPACE \fIoptional-text\fR NEWLINE" +# Each reply specifies a status code and text. Replies must be no +# longer than 4096 characters including the newline terminator. +# .IP "\fB500\fR SPACE \fItext\fR NEWLINE" # In case of a lookup request, the requested data does not exist. # In case of an update request, the request was rejected. -# .IP "\fB400\fR SPACE \fIoptional-text\fR NEWLINE" -# This indicates an error condition. The text gives the nature of +# The text describes the nature of the problem. +# .IP "\fB400\fR SPACE \fItext\fR NEWLINE" +# This indicates an error condition. The text describes the nature of # the problem. The client should retry the request later. # .IP "\fB200\fR SPACE \fItext\fR NEWLINE" # The request was successful. In the case of a lookup request, # the text contains an encoded version of the requested data. -# Otherwise the text is optional. +# ENCODING +# .ad +# .fi +# In request and reply parameters, the character %, each non-printing +# character, and each whitespace character must be replaced by %XX, +# where XX is the corresponding ASCII hexadecimal character value. The +# hexadecimal codes can be specified in any case (upper, lower, mixed). +# +# The Postfix client always encodes a request. +# The server may omit the encoding as long as the reply +# is guaranteed to not contain the % or NEWLINE character. +# SECURITY +# Do not use TCP lookup tables for security critical purposes. +# The client-server connection is not protected and the server +# is not authenticated. # SEE ALSO # regexp_table(5) format of regular expression tables # pcre_table(5) format of PCRE tables # cidr_table(5) format of CIDR tables # BUGS # Only the lookup method is currently implemented. +# +# The client does not hang up when the connection is idle for +# a long time. # LICENSE # .ad # .fi diff --git a/postfix/proto/transport b/postfix/proto/transport index 122fdfb5d..79f6442c3 100644 --- a/postfix/proto/transport +++ b/postfix/proto/transport @@ -40,9 +40,10 @@ # or SQL, the same lookups are done as for ordinary indexed files. # # Alternatively, the table can be provided as a regular-expression -# map where patterns are given as regular expressions. In that case, -# the lookups are done in a slightly different way as described -# in section "REGULAR EXPRESSION TABLES". +# map where patterns are given as regular expressions, or lookups +# can be directed to TCP-based server. In that case, the lookups are +# done in a slightly different way as described below under +# "REGULAR EXPRESSION TABLES" and "TCP-BASED TABLES". # TABLE FORMAT # .ad # .fi @@ -130,7 +131,7 @@ # .ti +5 # \fB\&.my.domain :\fR # .ti +5 -# \fB* smtp:outbound-relay.my.domain\fR +# \fB* smtp:outbound-relay.my.domain\fR # # In order to send mail for \fBfoo.org\fR and its subdomains # via the \fBuucp\fR transport to the UUCP host named \fBfoo\fR: @@ -188,8 +189,9 @@ # or \fBpcre_table\fR(5). # # Each pattern is a regular expression that is applied to the entire -# domain being looked up. Thus, \fIsome.domain.hierarchy\fR is not -# broken up into parent domains. +# address being looked up. Thus, \fIsome.domain.hierarchy\fR is not +# looked up up via its parent domains, +# nor is \fIuser+foo@domain\fR looked up as \fIuser@domain\fR. # # Patterns are applied in the order as specified in the table, until a # pattern is found that matches the search string. @@ -197,6 +199,18 @@ # Results are the same as with indexed file lookups, with # the additional feature that parenthesized substrings from the # pattern can be interpolated as \fB$1\fR, \fB$2\fR and so on. +# TCP-BASED TABLES +# .ad +# .fi +# This section describes how the table lookups change when lookups +# are directed to a TCP-based server. For a description of the TCP +# client/server lookup protocol, see \fBtcp_table\fR(5). +# +# Each lookup operation uses the entire recipient address once. Thus, +# \fIsome.domain.hierarchy\fR is not looked up via its parent domains, +# nor is \fIuser+foo@domain\fR looked up as \fIuser@domain\fR. +# +# Results are the same as with indexed file lookups. # CONFIGURATION PARAMETERS # .ad # .fi @@ -217,6 +231,7 @@ # trivial-rewrite(8) rewrite and resolve addresses # pcre_table(5) format of PCRE tables # regexp_table(5) format of POSIX regular expression tables +# tcp_table(5) TCP client/server table lookup protocol # LICENSE # .ad # .fi diff --git a/postfix/proto/virtual b/postfix/proto/virtual index f0d904aa0..bb218b1ea 100644 --- a/postfix/proto/virtual +++ b/postfix/proto/virtual @@ -42,8 +42,10 @@ # or SQL, the same lookups are done as for ordinary indexed files. # # Alternatively, the table can be provided as a regular-expression -# map where patterns are given as regular expressions. In that case, -# the lookups are done in a slightly different way as described below. +# map where patterns are given as regular expressions, or lookups +# can be directed to TCP-based server. In that case, the lookups are +# done in a slightly different way as described below under +# "REGULAR EXPRESSION TABLES" and "TCP-BASED TABLES". # TABLE FORMAT # .ad # .fi @@ -164,6 +166,19 @@ # Results are the same as with indexed file lookups, with # the additional feature that parenthesized substrings from the # pattern can be interpolated as \fB$1\fR, \fB$2\fR and so on. +# TCP-BASED TABLES +# .ad +# .fi +# This section describes how the table lookups change when lookups +# are directed to a TCP-based server. For a description of the TCP +# client/server lookup protocol, see \fBtcp_table\fR(5). +# +# Each lookup operation uses the entire address once. Thus, +# \fIuser@domain\fR mail addresses are not broken up into their +# \fIuser\fR and \fI@domain\fR constituent parts, nor is +# \fIuser+foo\fR broken up into \fIuser\fR and \fIfoo\fR. +# +# Results are the same as with indexed file lookups. # BUGS # The table format does not understand quoting conventions. # CONFIGURATION PARAMETERS @@ -195,6 +210,7 @@ # postmap(1) create mapping table # regexp_table(5) POSIX regular expression table format # pcre_table(5) Perl Compatible Regular Expression table format +# tcp_table(5) TCP client/server table lookup protocol # LICENSE # .ad # .fi diff --git a/postfix/src/bounce/bounce_append_service.c b/postfix/src/bounce/bounce_append_service.c index 3225b4787..4dcf3ba48 100644 --- a/postfix/src/bounce/bounce_append_service.c +++ b/postfix/src/bounce/bounce_append_service.c @@ -126,10 +126,9 @@ int bounce_append_service(char *service, char *queue_id, vstream_fprintf(log, "%s=%s\n", MAIL_ATTR_RECIP, *recipient ? printable(vstring_str(quote_822_local(in_buf, recipient)), '?') : "<>"); - if (strcasecmp(recipient, orig_rcpt) != 0) - vstream_fprintf(log, "%s=%s\n", MAIL_ATTR_ORCPT, *orig_rcpt ? - printable(vstring_str(quote_822_local(in_buf, orig_rcpt)), '?') : - "<>"); + if (*orig_rcpt && strcasecmp(recipient, orig_rcpt) != 0) + vstream_fprintf(log, "%s=%s\n", MAIL_ATTR_ORCPT, + printable(vstring_str(quote_822_local(in_buf, orig_rcpt)), '?')); vstream_fprintf(log, "%s=%s\n", MAIL_ATTR_STATUS, printable(status, '?')); vstream_fprintf(log, "%s=%s\n", MAIL_ATTR_ACTION, printable(action, '?')); vstream_fprintf(log, "%s=%s\n", MAIL_ATTR_WHY, printable(why, '?')); diff --git a/postfix/src/cleanup/cleanup.c b/postfix/src/cleanup/cleanup.c index b0dd7911e..56f689018 100644 --- a/postfix/src/cleanup/cleanup.c +++ b/postfix/src/cleanup/cleanup.c @@ -122,6 +122,11 @@ /* .IP \fBrecipient_bcc_maps\fR /* Automatic BCC recipient lookup table, indexed by recipient address. /* The BCC address is added when the message enters the system. +/* .IP \fBenable_original_recipient\fR +/* Enable support for the \fBX-Original-To:\fR message header, which is +/* needed for multi-recipient mailboxes. When this is enabled, Postfix +/* performs duplicate elimination on (original recipient, rewritten +/* recipient) pairs, instead of looking at the rewritten recipient only. /* .IP \fBhopcount_limit\fR /* Limit the number of \fBReceived:\fR message headers. /* .IP \fBundisclosed_recipients_header\fR @@ -136,11 +141,6 @@ /* .IP \fBcanonical_maps\fR /* Address mapping lookup table for sender and recipient addresses /* in envelopes and headers. -/* .IP \fBenable_original_recipient\fR -/* Enable support for the X-Original-To message header, which is -/* needed for multi-recipient mailboxes. When this is enabled, Postfix -/* performs duplicate elimination on (original recipient, rewritten -/* recipient) pairs, instead of looking at the rewritten recipient only. /* .IP \fBrecipient_canonical_maps\fR /* Address mapping lookup table for envelope and header recipient /* addresses. diff --git a/postfix/src/global/bounce_log.c b/postfix/src/global/bounce_log.c index fb9dea27b..40cbe45e3 100644 --- a/postfix/src/global/bounce_log.c +++ b/postfix/src/global/bounce_log.c @@ -89,7 +89,11 @@ /* .PP /* Results: /* .IP recipient -/* The final recipient address. +/* The final recipient address in RFC 822 external form, or <> +/* in case of the null recipient address. +/* .IP orig_rcpt +/* Null pointer or the original recipient address in RFC 822 +/* external form. /* .IP text /* The text that explains why the recipient was undeliverable. /* .IP dsn_status diff --git a/postfix/src/global/header_token.c b/postfix/src/global/header_token.c index 7a2bf0597..20bbc486e 100644 --- a/postfix/src/global/header_token.c +++ b/postfix/src/global/header_token.c @@ -126,6 +126,10 @@ int header_token(HEADER_TOKEN *token, int token_len, /* * Main parsing loop. + * + * XXX What was the reason to continue parsing when user_terminator is + * specified? Perhaps this was needed at some intermediate stage of + * development? */ while ((ch = *cp) != 0 && (user_terminator != 0 || tok_count < token_len)) { cp++; diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 3f96086e5..0a405c69b 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change the patchlevel and the release date. Snapshots change the * release date only, unless they include the same bugfix as a patch release. */ -#define MAIL_RELEASE_DATE "20030702" +#define MAIL_RELEASE_DATE "20030704" #define VAR_MAIL_VERSION "mail_version" #define DEF_MAIL_VERSION "2.0.13-" MAIL_RELEASE_DATE diff --git a/postfix/src/local/forward.c b/postfix/src/local/forward.c index 9a9b148ca..9e7bb192d 100644 --- a/postfix/src/local/forward.c +++ b/postfix/src/local/forward.c @@ -186,9 +186,11 @@ int forward_append(DELIVER_ATTR attr) } /* - * Append the recipient to the message envelope. + * Append the recipient to the message envelope. Don't send the original + * recipient if it was reset due to mailing list expansion. */ - rec_fputs(info->cleanup, REC_TYPE_ORCP, attr.orig_rcpt); + if (*attr.orig_rcpt) + rec_fputs(info->cleanup, REC_TYPE_ORCP, attr.orig_rcpt); rec_fputs(info->cleanup, REC_TYPE_RCPT, attr.recipient); return (vstream_ferror(info->cleanup)); diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c index b3dca183a..e1c1aa032 100644 --- a/postfix/src/smtpd/smtpd.c +++ b/postfix/src/smtpd/smtpd.c @@ -274,7 +274,8 @@ /* .IP \fBaddress_verify_poll_count\fR /* How many times to query the address verification service /* for completion of an address verification request. -/* Specify 0 to implement a simple form of greylisting. +/* Specify 1 to implement a simple form of greylisting, that is, +/* always defer the request for a new sender or recipient address. /* .IP \fBaddress_verify_poll_delay\fR /* Time to wait after querying the address verification service /* for completion of an address verification request. @@ -617,9 +618,10 @@ static void helo_reset(SMTPD_STATE *state) state->helo_name = 0; } -/* mail_open_stream - open mail destination */ +/* mail_open_stream - open mail queue file or IPC stream */ -static void mail_open_stream(SMTPD_STATE *state) +static void mail_open_stream(SMTPD_STATE *state, SMTPD_TOKEN *argv, + const char *encoding, const char *verp_delims) { char *postdrop_command; @@ -666,6 +668,45 @@ static void mail_open_stream(SMTPD_STATE *state) } state->cleanup = state->dest->stream; state->queue_id = mystrdup(state->dest->id); + + /* + * Log the queue ID with the message origin. + */ +#ifdef USE_SASL_AUTH + if (var_smtpd_sasl_enable) + smtpd_sasl_mail_log(state); + else +#endif + msg_info("%s: client=%s[%s]", state->queue_id, state->name, state->addr); + + /* + * Record the time of arrival, the sender envelope address, some session + * information, and some additional attributes. + */ + if (SMTPD_STAND_ALONE(state) == 0) { + rec_fprintf(state->cleanup, REC_TYPE_TIME, "%ld", state->time); + if (*var_filter_xport) + rec_fprintf(state->cleanup, REC_TYPE_FILT, "%s", var_filter_xport); + } + rec_fputs(state->cleanup, REC_TYPE_FROM, argv[2].strval); + if (encoding != 0) + rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s", + MAIL_ATTR_ENCODING, encoding); + if (SMTPD_STAND_ALONE(state) == 0) { + rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s", + MAIL_ATTR_CLIENT_NAME, state->name); + rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s", + MAIL_ATTR_CLIENT_ADDR, state->addr); + rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s", + MAIL_ATTR_ORIGIN, state->namaddr); + if (state->helo_name != 0) + rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s", + MAIL_ATTR_HELO_NAME, state->helo_name); + rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s", + MAIL_ATTR_PROTO_NAME, state->protocol); + } + if (verp_delims) + rec_fputs(state->cleanup, REC_TYPE_VERP, verp_delims); } /* extract_addr - extract address from rubble */ @@ -876,64 +917,35 @@ static int mail_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv) VERP_CMD); return (-1); } - state->time = time((time_t *) 0); if (SMTPD_STAND_ALONE(state) == 0 && var_smtpd_delay_reject == 0 && (err = smtpd_check_mail(state, argv[2].strval)) != 0) { smtpd_chat_reply(state, "%s", err); return (-1); } + state->time = time((time_t *) 0); + + /* + * Open connection to SMTP proxy server. + */ if (SMTPD_STAND_ALONE(state) == 0 && *var_smtpd_proxy_filt) { if (smtpd_proxy_open(state, var_smtpd_proxy_filt, var_smtpd_proxy_tmout, var_smtpd_proxy_ehlo, STR(state->buffer)) != 0) { smtpd_chat_reply(state, "%s", STR(state->proxy_buffer)); return (-1); } - } else { + } + + /* + * Open queue file, or open connection to queue file writing process. + * Check for queue file space first. + */ + else { if ((err = smtpd_check_size(state, state->msg_size)) != 0) { smtpd_chat_reply(state, "%s", err); return (-1); } - - /* - * Open queue file or IPC stream. - */ - mail_open_stream(state); -#ifdef USE_SASL_AUTH - if (var_smtpd_sasl_enable) - smtpd_sasl_mail_log(state); - else -#endif - msg_info("%s: client=%s[%s]", state->queue_id, state->name, state->addr); - - /* - * Record the time of arrival and the sender envelope address. - */ - if (SMTPD_STAND_ALONE(state) == 0) { - rec_fprintf(state->cleanup, REC_TYPE_TIME, "%ld", - (long) time((time_t *) 0)); - if (*var_filter_xport) - rec_fprintf(state->cleanup, REC_TYPE_FILT, "%s", var_filter_xport); - } - rec_fputs(state->cleanup, REC_TYPE_FROM, argv[2].strval); - if (encoding != 0) - rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s", - MAIL_ATTR_ENCODING, encoding); - if (SMTPD_STAND_ALONE(state) == 0) { - rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s", - MAIL_ATTR_CLIENT_NAME, state->name); - rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s", - MAIL_ATTR_CLIENT_ADDR, state->addr); - rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s", - MAIL_ATTR_ORIGIN, state->namaddr); - if (state->helo_name != 0) - rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s", - MAIL_ATTR_HELO_NAME, state->helo_name); - rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s", - MAIL_ATTR_PROTO_NAME, state->protocol); - } - if (verp_delims) - rec_fputs(state->cleanup, REC_TYPE_VERP, verp_delims); + mail_open_stream(state, argv, encoding, verp_delims); } state->sender = mystrdup(argv[2].strval); smtpd_chat_reply(state, "250 Ok"); @@ -969,8 +981,14 @@ static void mail_reset(SMTPD_STATE *state) smtpd_sasl_mail_reset(state); #endif state->discard = 0; - if (state->proxy) + + /* + * Try to be nice. Don't bother when we lost the connection. + */ + if (state->proxy) { + (void) smtpd_proxy_cmd(state, SMTPD_PROX_WANT_ANY, "QUIT"); smtpd_proxy_close(state); + } } /* rcpt_cmd - process RCPT TO command */ @@ -1030,7 +1048,7 @@ static int rcpt_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv) return (-1); } } - if (state->proxy && smtpd_proxy_cmd(state, SMTPD_PROX_STAT_OK, + if (state->proxy && smtpd_proxy_cmd(state, SMTPD_PROX_WANT_OK, "%s", STR(state->buffer)) != 0) { smtpd_chat_reply(state, "%s", STR(state->proxy_buffer)); return (-1); @@ -1099,7 +1117,7 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv) smtpd_chat_reply(state, "%s", err); return (-1); } - if (state->proxy && smtpd_proxy_cmd(state, SMTPD_PROX_STAT_MORE, + if (state->proxy && smtpd_proxy_cmd(state, SMTPD_PROX_WANT_MORE, "%s", STR(state->buffer)) != 0) { smtpd_chat_reply(state, "%s", STR(state->proxy_buffer)); return (-1); @@ -1196,25 +1214,32 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv) } /* - * Send the end-of-segment markers. + * Send the end of DATA and finish the proxy connection. Set the + * CLEANUP_STAT_PROXY error flag in case of trouble. */ if (state->proxy) { - if (state->err == CLEANUP_STAT_OK) - (void) smtpd_proxy_cmd(state, SMTPD_PROX_STAT_ANY, "."); + if (state->err == CLEANUP_STAT_OK) { + (void) smtpd_proxy_cmd(state, SMTPD_PROX_WANT_ANY, "."); + if (*STR(state->proxy_buffer) != '2') + state->err = CLEANUP_STAT_PROXY; + } smtpd_proxy_close(state); - } else { + } + + /* + * Send the end-of-segment markers and finish the queue file record + * stream. + */ + else { if (state->err == CLEANUP_STAT_OK) if (rec_fputs(state->cleanup, REC_TYPE_XTRA, "") < 0 || rec_fputs(state->cleanup, REC_TYPE_END, "") < 0 || vstream_fflush(state->cleanup)) state->err = CLEANUP_STAT_WRITE; - - /* - * Finish the queue file or finish the cleanup conversation. - */ - if (state->err == 0) - state->err = mail_stream_finish(state->dest, why = vstring_alloc(10)); - else + if (state->err == 0) { + why = vstring_alloc(10); + state->err = mail_stream_finish(state->dest, why); + } else mail_stream_cleanup(state->dest); state->dest = 0; state->cleanup = 0; @@ -1253,7 +1278,7 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv) smtpd_chat_reply(state, "451 Error: queue file write error"); } else if ((state->err & CLEANUP_STAT_PROXY) != 0) { state->error_mask |= MAIL_ERROR_SOFTWARE; - smtpd_chat_reply(state, "451 Error: queue file write error"); + smtpd_chat_reply(state, "%s", STR(state->proxy_buffer)); } else { state->error_mask |= MAIL_ERROR_SOFTWARE; smtpd_chat_reply(state, "451 Error: internal error %d", state->err); @@ -1622,8 +1647,8 @@ static void smtpd_proto(SMTPD_STATE *state) continue; } if (cmdp->flags & SMTPD_CMD_FLAG_FORBIDDEN) { - msg_warn("%s sent %s instead of SMTP command: %.100s", - state->namaddr, cmdp->name, vstring_str(state->buffer)); + msg_warn("%s sent non-SMTP command: %.100s", + state->namaddr, vstring_str(state->buffer)); smtpd_chat_reply(state, "221 Error: I can break rules, too. Goodbye."); break; } diff --git a/postfix/src/smtpd/smtpd_check.c b/postfix/src/smtpd/smtpd_check.c index 54ce51789..027dc2d76 100644 --- a/postfix/src/smtpd/smtpd_check.c +++ b/postfix/src/smtpd/smtpd_check.c @@ -2591,7 +2591,7 @@ static int reject_maps_rbl(SMTPD_STATE *state) if (warned == 0) { warned++; msg_warn("support for restriction \"%s\" will be removed from %s; " - "use \"%s \" instead", + "use \"%s domain-name\" instead", REJECT_MAPS_RBL, var_mail_name, REJECT_RBL_CLIENT); } while ((rbl_domain = mystrtok(&bp, " \t\r\n,")) != 0) { @@ -3599,6 +3599,7 @@ static STRING_TABLE string_table[] = { VAR_DEF_RBL_REPLY, DEF_DEF_RBL_REPLY, &var_def_rbl_reply, VAR_RELAY_RCPT_MAPS, DEF_RELAY_RCPT_MAPS, &var_relay_rcpt_maps, VAR_VERIFY_SENDER, DEF_VERIFY_SENDER, &var_verify_sender, + VAR_MAIL_NAME, DEF_MAIL_NAME, &var_mail_name, 0, }; diff --git a/postfix/src/smtpd/smtpd_check.ref b/postfix/src/smtpd/smtpd_check.ref index 61a9b3024..563260e4f 100644 --- a/postfix/src/smtpd/smtpd_check.ref +++ b/postfix/src/smtpd/smtpd_check.ref @@ -139,7 +139,7 @@ OK >>> client foo 123.123.123.123 OK >>> rcpt foo@watson.ibm.com -./smtpd_check: warning: the "check_relay_domains" restriction is going away; use "reject_unauth_destination" instead +./smtpd_check: warning: support for restriction "check_relay_domains" will be removed from Postfix; use "reject_unauth_destination" instead ./smtpd_check: : reject: RCPT from foo[123.123.123.123]: 554 : Recipient address rejected: Relay access denied; from= to= proto=SMTP helo=<123.123.123.123> 554 : Recipient address rejected: Relay access denied >>> rcpt foo@porcupine.org @@ -183,7 +183,7 @@ OK >>> client_restrictions reject_maps_rbl OK >>> client spike.porcupine.org 168.100.189.2 -./smtpd_check: warning: restriction reject_maps_rbl is going away. Please use reject_rbl_client instead +./smtpd_check: warning: support for restriction "reject_maps_rbl" will be removed from Postfix; use "reject_rbl_client domain-name" instead OK >>> client foo 127.0.0.2 ./smtpd_check: : reject: CONNECT from foo[127.0.0.2]: 554 Service unavailable; Client host [127.0.0.2] blocked using relays.mail-abuse.org; from= proto=SMTP helo=<123.123.123.123> diff --git a/postfix/src/smtpd/smtpd_check.ref2 b/postfix/src/smtpd/smtpd_check.ref2 index 142dd1e7f..b7327232d 100644 --- a/postfix/src/smtpd/smtpd_check.ref2 +++ b/postfix/src/smtpd/smtpd_check.ref2 @@ -129,7 +129,7 @@ OK >>> client foo 123.123.123.123 OK >>> rcpt foo@watson.ibm.com -./smtpd_check: warning: the "check_relay_domains" restriction is going away; use "reject_unauth_destination" instead +./smtpd_check: warning: support for restriction "check_relay_domains" will be removed from Postfix; use "reject_unauth_destination" instead ./smtpd_check: : reject: RCPT from foo[123.123.123.123]: 554 : Recipient address rejected: Relay access denied; from= to= proto=SMTP helo= 554 : Recipient address rejected: Relay access denied >>> rcpt foo@porcupine.org @@ -173,7 +173,7 @@ OK >>> client_restrictions reject_maps_rbl OK >>> client spike.porcupine.org 168.100.189.2 -./smtpd_check: warning: restriction reject_maps_rbl is going away. Please use reject_rbl_client instead +./smtpd_check: warning: support for restriction "reject_maps_rbl" will be removed from Postfix; use "reject_rbl_client domain-name" instead OK >>> client foo 127.0.0.2 ./smtpd_check: : reject: CONNECT from foo[127.0.0.2]: 554 Service unavailable; Client host [127.0.0.2] blocked using relays.mail-abuse.org; from= proto=SMTP helo= diff --git a/postfix/src/smtpd/smtpd_exp.ref b/postfix/src/smtpd/smtpd_exp.ref index 05c676c23..36fc6b161 100644 --- a/postfix/src/smtpd/smtpd_exp.ref +++ b/postfix/src/smtpd/smtpd_exp.ref @@ -25,7 +25,7 @@ OK >>> client spike.porcupine.org 168.100.189.2 OK >>> rcpt rname@rdomain -./smtpd_check: warning: restriction reject_maps_rbl is going away. Please use reject_rbl_client instead +./smtpd_check: warning: support for restriction "reject_maps_rbl" will be removed from Postfix; use "reject_rbl_client domain-name" instead OK >>> client foo 127.0.0.2 OK diff --git a/postfix/src/smtpd/smtpd_proxy.c b/postfix/src/smtpd/smtpd_proxy.c index ffe998b61..a9c8e8efb 100644 --- a/postfix/src/smtpd/smtpd_proxy.c +++ b/postfix/src/smtpd/smtpd_proxy.c @@ -15,7 +15,7 @@ /* /* other fields... */ /* .in -4 /* } SMTPD_STATE; -/* +/* SMTP-LEVEL ROUTINES /* int smtpd_proxy_open(state, service, timeout, ehlo_name, mail_from) /* SMTPD_STATE *state; /* const char *service; @@ -28,7 +28,7 @@ /* int expect; /* cont char *format; /* -/* void smtpd_proxy_open(state) +/* void smtpd_proxy_close(state) /* SMTPD_STATE *state; /* RECORD-LEVEL ROUTINES /* int smtpd_proxy_rec_put(stream, rec_type, data, len) @@ -100,16 +100,12 @@ /* Expected proxy server reply status code range. A warning is logged /* when an unexpected reply is received. Specify one of the following: /* .RS -/* .IP SMTPD_PROX_STAT_ANY +/* .IP SMTPD_PROX_WANT_ANY /* The caller has no expectation. Do not warn for unexpected replies. -/* .IP SMTPD_PROX_STAT_OK +/* .IP SMTPD_PROX_WANT_OK /* The caller expects a reply in the 200 range. -/* .IP SMTPD_PROX_STAT_MORE +/* .IP SMTPD_PROX_WANT_MORE /* The caller expects a reply in the 300 range. -/* .IP SMTPD_PROX_STAT_DEFER -/* .IP SMTPD_PROX_STAT_FAIL -/* The caller perversely expects a reply in the 400 and 500 range, -/* respectively. /* .RE /* .IP format /* A format string. @@ -168,6 +164,7 @@ */ #define STR(x) vstring_str(x) #define LEN(x) VSTRING_LEN(x) +#define SMTPD_PROXY_CONNECT ((char *) 0) /* smtpd_proxy_open - open proxy connection after MAIL FROM */ @@ -202,10 +199,10 @@ int smtpd_proxy_open(SMTPD_STATE *state, const char *service, /* * Get server greeting banner. * - * XXX If this fails then we should not send the initial reply when the - * client expects the MAIL FROM reply. + * If this fails then we have a problem because the proxy should always + * accept our connection. */ - if (smtpd_proxy_cmd(state, SMTPD_PROX_STAT_OK, (char *) 0) != 0) { + if (smtpd_proxy_cmd(state, SMTPD_PROX_WANT_OK, SMTPD_PROXY_CONNECT) != 0) { vstring_sprintf(state->proxy_buffer, "451 Error: queue file write error"); smtpd_proxy_close(state); @@ -215,10 +212,10 @@ int smtpd_proxy_open(SMTPD_STATE *state, const char *service, /* * Send our own EHLO command. * - * XXX If this fails then we should not send the EHLO reply when the client - * expects the MAIL FROM reply. + * If this fails then we have a problem because the proxy should always + * accept our EHLO command. */ - if (smtpd_proxy_cmd(state, SMTPD_PROX_STAT_OK, "EHLO %s", ehlo_name) != 0) { + if (smtpd_proxy_cmd(state, SMTPD_PROX_WANT_OK, "EHLO %s", ehlo_name) != 0) { vstring_sprintf(state->proxy_buffer, "451 Error: queue file write error"); smtpd_proxy_close(state); @@ -226,9 +223,11 @@ int smtpd_proxy_open(SMTPD_STATE *state, const char *service, } /* - * Pass-through the client's MAIL FROM command. + * Pass-through the client's MAIL FROM command. If this fails, then we + * have a problem because the proxy should always accept any MAIL FROM + * command that was accepted by us. */ - if (smtpd_proxy_cmd(state, SMTPD_PROX_STAT_OK, "%s", mail_from) != 0) { + if (smtpd_proxy_cmd(state, SMTPD_PROX_WANT_OK, "%s", mail_from) != 0) { smtpd_proxy_close(state); return (-1); } @@ -265,7 +264,8 @@ static void smtpd_proxy_cmd_error(SMTPD_STATE *state, const char *fmt, * because it is used only internally to this module. */ buf = vstring_alloc(100); - vstring_vsprintf(buf, fmt && *fmt ? fmt : "connection request", ap); + vstring_vsprintf(buf, fmt == SMTPD_PROXY_CONNECT ? + "connection request" : fmt, ap); msg_warn("proxy %s rejected \"%s\": \"%s\"", VSTREAM_PATH(state->proxy), STR(buf), STR(state->proxy_buffer)); vstring_free(buf); @@ -296,11 +296,11 @@ int smtpd_proxy_cmd(SMTPD_STATE *state, int expect, const char *fmt,...) } /* - * The command can be omitted at the start of an SMTP session. A null - * format string is not documented as part of the official interface - * because it is used only internally to this module. + * The command can be omitted at the start of an SMTP session. This is + * not documented as part of the official interface because it is used + * only internally to this module. */ - if (fmt && *fmt) { + if (fmt != SMTPD_PROXY_CONNECT) { /* * Format the command. @@ -362,7 +362,7 @@ int smtpd_proxy_cmd(SMTPD_STATE *state, int expect, const char *fmt,...) * Log a warning in case the proxy does not send the expected response. * Silently accept any response when the client expressed no expectation. */ - if (expect != SMTPD_PROX_STAT_ANY + if (expect != SMTPD_PROX_WANT_ANY && expect != (STR(state->proxy_buffer)[0] - '0')) { va_start(ap, fmt); smtpd_proxy_cmd_error(state, fmt, ap); @@ -394,8 +394,10 @@ int smtpd_proxy_rec_put(VSTREAM *stream, int rec_type, */ if (rec_type == REC_TYPE_NORM) smtp_fputs(data, len, stream); - else + else if (rec_type == REC_TYPE_CONT) smtp_fwrite(data, len, stream); + else + msg_panic("smtpd_proxy_rec_put: need REC_TYPE_NORM or REC_TYPE_CONT"); return (rec_type); } @@ -421,9 +423,10 @@ int smtpd_proxy_rec_fprintf(VSTREAM *stream, int rec_type, * rec_fprintf(). */ va_start(ap, fmt); - if (rec_type != REC_TYPE_NORM) + if (rec_type == REC_TYPE_NORM) + smtp_vprintf(stream, fmt, ap); + else msg_panic("smtpd_proxy_rec_fprintf: need REC_TYPE_NORM"); - smtp_vprintf(stream, fmt, ap); va_end(ap); return (rec_type); } diff --git a/postfix/src/smtpd/smtpd_proxy.h b/postfix/src/smtpd/smtpd_proxy.h index 9d0fe53d9..e9ff17ec5 100644 --- a/postfix/src/smtpd/smtpd_proxy.h +++ b/postfix/src/smtpd/smtpd_proxy.h @@ -18,11 +18,9 @@ /* * Application-specific. */ -#define SMTPD_PROX_STAT_ANY 0 -#define SMTPD_PROX_STAT_OK 2 -#define SMTPD_PROX_STAT_MORE 3 -#define SMTPD_PROX_STAT_DEFER 4 -#define SMTPD_PROX_STAT_FAIL 5 +#define SMTPD_PROX_WANT_ANY 0 +#define SMTPD_PROX_WANT_OK 2 +#define SMTPD_PROX_WANT_MORE 3 extern int smtpd_proxy_open(SMTPD_STATE *, const char *, int, const char *, const char *); extern int smtpd_proxy_cmd(SMTPD_STATE *, int, const char *,...); diff --git a/postfix/src/util/dict.h b/postfix/src/util/dict.h index 5dfea824e..1465124fe 100644 --- a/postfix/src/util/dict.h +++ b/postfix/src/util/dict.h @@ -58,10 +58,12 @@ extern DICT *dict_debug(DICT *); #define DICT_FLAG_SYNC_UPDATE (1<<8) /* if file, sync updates */ #define DICT_FLAG_DEBUG (1<<9) /* log access */ #define DICT_FLAG_FOLD_KEY (1<<10) /* lowercase the lookup key */ -#define DICT_FLAG_NO_REGSUB (1<<11) /* no lhs->rhs regexp substitution */ -#define DICT_FLAG_NO_PROXY (1<<12) /* no proxy mapping */ +#define DICT_FLAG_NO_REGSUB (1<<11) /* disallow regexp substitution */ +#define DICT_FLAG_NO_PROXY (1<<12) /* disallow proxy mapping */ +#define DICT_FLAG_NO_UNAUTH (1<<13) /* disallow unauthenticated data */ -#define DICT_FLAG_PARANOID (DICT_FLAG_NO_REGSUB | DICT_FLAG_NO_PROXY) +#define DICT_FLAG_PARANOID \ + (DICT_FLAG_NO_REGSUB | DICT_FLAG_NO_PROXY | DICT_FLAG_NO_UNAUTH) extern int dict_unknown_allowed; extern int dict_errno; diff --git a/postfix/src/util/dict_cidr.c b/postfix/src/util/dict_cidr.c index 6c068031e..5813107f6 100644 --- a/postfix/src/util/dict_cidr.c +++ b/postfix/src/util/dict_cidr.c @@ -6,9 +6,9 @@ /* SYNOPSIS /* #include /* -/* DICT *dict_cidr_open(name, dummy, dict_flags) +/* DICT *dict_cidr_open(name, open_flags, dict_flags) /* const char *name; -/* int dummy; +/* int open_flags; /* int dict_flags; /* DESCRIPTION /* dict_cidr_open() opens the named file and stores @@ -127,9 +127,9 @@ static DICT_CIDR_ENTRY *dict_cidr_parse_rule(const char *mapname, int lineno, struct in_addr net_addr; /* - * Split into key and value. We already eliminated leading whitespace, - * comments, empty lines or lines with whitespace only. This means a null - * key can't happen but we will handle this anyway. + * Split the rule into key and value. We already eliminated leading + * whitespace, comments, empty lines or lines with whitespace only. This + * means a null key can't happen but we will handle this anyway. */ key = p; while (*p && !ISSPACE(*p)) /* Skip over key */ @@ -182,6 +182,9 @@ static DICT_CIDR_ENTRY *dict_cidr_parse_rule(const char *mapname, int lineno, mask_bits = htonl(0xffffffff); } + /* + * Bundle up the result. + */ rule = (DICT_CIDR_ENTRY *) mymalloc(sizeof(DICT_CIDR_ENTRY)); rule->net_bits = net_bits; rule->mask_bits = mask_bits; @@ -197,7 +200,7 @@ static DICT_CIDR_ENTRY *dict_cidr_parse_rule(const char *mapname, int lineno, /* dict_cidr_open - parse CIDR table */ -DICT *dict_cidr_open(const char *mapname, int unused_flags, int dict_flags) +DICT *dict_cidr_open(const char *mapname, int open_flags, int dict_flags) { DICT_CIDR *dict_cidr; VSTREAM *map_fp; @@ -206,6 +209,13 @@ DICT *dict_cidr_open(const char *mapname, int unused_flags, int dict_flags) DICT_CIDR_ENTRY *last_rule = 0; int lineno = 0; + /* + * Sanity checks. + */ + if (open_flags != O_RDONLY) + msg_fatal("%s:%s map requires O_RDONLY access mode", + DICT_TYPE_CIDR, mapname); + /* * XXX Eliminate unnecessary queries by setting a flag that says "this * map matches network addresses only". diff --git a/postfix/src/util/dict_nis.c b/postfix/src/util/dict_nis.c index f72c14aa2..1dabfea7e 100644 --- a/postfix/src/util/dict_nis.c +++ b/postfix/src/util/dict_nis.c @@ -6,14 +6,13 @@ /* SYNOPSIS /* #include /* -/* DICT *dict_nis_open(map, dummy, dict_flags) +/* DICT *dict_nis_open(map, open_flags, dict_flags) /* const char *map; -/* int dummy; +/* int open_flags; /* int dict_flags; /* DESCRIPTION /* dict_nis_open() makes the specified NIS map accessible via /* the generic dictionary operations described in dict_open(3). -/* The \fIdummy\fR argument is not used. /* SEE ALSO /* dict(3) generic dictionary manager /* DIAGNOSTICS @@ -204,10 +203,14 @@ static void dict_nis_close(DICT *dict) /* dict_nis_open - open NIS map */ -DICT *dict_nis_open(const char *map, int unused_flags, int dict_flags) +DICT *dict_nis_open(const char *map, int open_flags, int dict_flags) { DICT_NIS *dict_nis; + if (open_flags != O_RDONLY) + msg_fatal("%s:%s map requires O_RDONLY access mode", + DICT_TYPE_NIS, map); + dict_nis = (DICT_NIS *) dict_alloc(DICT_TYPE_NIS, map, sizeof(*dict_nis)); dict_nis->dict.lookup = dict_nis_lookup; dict_nis->dict.close = dict_nis_close; @@ -216,7 +219,7 @@ DICT *dict_nis_open(const char *map, int unused_flags, int dict_flags) dict_nis->dict.flags |= (DICT_FLAG_TRY1NULL | DICT_FLAG_TRY0NULL); if (dict_nis_domain == 0) dict_nis_init(); - return (DICT_DEBUG(&dict_nis->dict)); + return (DICT_DEBUG (&dict_nis->dict)); } #endif diff --git a/postfix/src/util/dict_pcre.map b/postfix/src/util/dict_pcre.map index 948b5c353..f646a1f3b 100644 --- a/postfix/src/util/dict_pcre.map +++ b/postfix/src/util/dict_pcre.map @@ -19,3 +19,4 @@ if !/xyzzy/ endif endif # trailing whitespace above +! diff --git a/postfix/src/util/dict_pcre.ref b/postfix/src/util/dict_pcre.ref index 4b5910790..78f45e76d 100644 --- a/postfix/src/util/dict_pcre.ref +++ b/postfix/src/util/dict_pcre.ref @@ -3,6 +3,7 @@ ./dict_open: warning: pcre map dict_pcre.map, line 8: unknown regexp option "!": skipping this rule ./dict_open: warning: dict_pcre.map, line 9: no replacement text: using empty string ./dict_open: warning: pcre map dict_pcre.map, line 17: $number found in negative match replacement text: skipping this rule +./dict_open: warning: pcre map dict_pcre.map, line 22: no regexp: skipping this rule true: not found true1=1 true2: not found diff --git a/postfix/src/util/dict_regexp.map b/postfix/src/util/dict_regexp.map index 948b5c353..f646a1f3b 100644 --- a/postfix/src/util/dict_regexp.map +++ b/postfix/src/util/dict_regexp.map @@ -19,3 +19,4 @@ if !/xyzzy/ endif endif # trailing whitespace above +! diff --git a/postfix/src/util/dict_regexp.ref b/postfix/src/util/dict_regexp.ref index 8cf7d8234..4e9e0660e 100644 --- a/postfix/src/util/dict_regexp.ref +++ b/postfix/src/util/dict_regexp.ref @@ -3,6 +3,7 @@ ./dict_open: warning: regexp map dict_regexp.map, line 9: using empty replacement string ./dict_open: warning: regexp map dict_regexp.map, line 10: out of range replacement index "5": skipping this rule ./dict_open: warning: regexp map dict_regexp.map, line 17: $number found in negative match replacement text: skipping this rule +./dict_open: warning: regexp map dict_regexp.map, line 22: no regexp: skipping this rule true: not found true1=1 true2: not found diff --git a/postfix/src/util/dict_tcp.c b/postfix/src/util/dict_tcp.c index b7345feb8..0da332f40 100644 --- a/postfix/src/util/dict_tcp.c +++ b/postfix/src/util/dict_tcp.c @@ -6,16 +6,15 @@ /* SYNOPSIS /* #include /* -/* DICT *dict_tcp_open(map, dummy, dict_flags) +/* DICT *dict_tcp_open(map, open_flags, dict_flags) /* const char *map; -/* int dummy; +/* int open_flags; /* int dict_flags; /* DESCRIPTION /* dict_tcp_open() makes a TCP server accessible via the generic /* dictionary operations described in dict_open(3). -/* The \fIdummy\fR argument is not used. The only implemented -/* operation is dictionary lookup. This map type can be useful -/* for simulating a dynamic lookup table. +/* The only implemented operation is dictionary lookup. This map +/* type can be useful for simulating a dynamic lookup table. /* /* Map names have the form host:port. /* @@ -45,16 +44,19 @@ /* .fi /* Replies must be no longer than 4096 characters including the /* newline terminator, and must have the following form: -/* .IP "500 SPACE optional-text NEWLINE" +/* .IP "500 SPACE text NEWLINE" /* In case of a lookup request, the requested data does not exist. /* In case of an update request, the request was rejected. -/* .IP "400 SPACE optional-text NEWLINE" +/* The text gives the nature of the problem. +/* .IP "400 SPACE text NEWLINE" /* This indicates an error condition. The text gives the nature of /* the problem. The client should retry the request later. /* .IP "200 SPACE text NEWLINE" /* The request was successful. In the case of a lookup request, /* the text contains an encoded version of the requested data. -/* Otherwise the text is optional. +/* SECURITY +/* This map must not be used for security sensitive information, +/* because neither the connection nor the server are authenticated. /* SEE ALSO /* dict(3) generic dictionary manager /* hex_quote(3) http-style quoting @@ -177,7 +179,7 @@ static const char *dict_tcp_lookup(DICT *dict, const char *key) hex_quote(dict_tcp->hex_buf, key); vstream_fprintf(dict_tcp->fp, "get %s\n", STR(dict_tcp->hex_buf)); if (msg_verbose) - msg_info("%s: send \"get %s\"", myname, STR(dict_tcp->hex_buf)); + msg_info("%s: send: get %s", myname, STR(dict_tcp->hex_buf)); last_ch = vstring_get_nonl_bound(dict_tcp->hex_buf, dict_tcp->fp, DICT_TCP_MAXLEN); if (last_ch == '\n') @@ -207,7 +209,7 @@ static const char *dict_tcp_lookup(DICT *dict, const char *key) sleep(1); } if (msg_verbose) - msg_info("%s: recv: \"%s\"", myname, STR(dict_tcp->hex_buf)); + msg_info("%s: recv: %s", myname, STR(dict_tcp->hex_buf)); /* * Check the general reply syntax. If the reply is malformed, disconnect @@ -217,7 +219,7 @@ static const char *dict_tcp_lookup(DICT *dict, const char *key) !ISDIGIT(start[0]) || !ISDIGIT(start[1]) || !ISDIGIT(start[2]) || !ISSPACE(start[3]) || !hex_unquote(dict_tcp->raw_buf, start + 4)) { - msg_warn("read TCP map reply from %s: malformed reply %.100s", + msg_warn("read TCP map reply from %s: malformed reply: %.100s", dict_tcp->dict.name, printable(STR(dict_tcp->hex_buf), '_')); dict_tcp_disconnect(dict_tcp); RETURN(DICT_ERR_RETRY, 0); @@ -229,20 +231,20 @@ static const char *dict_tcp_lookup(DICT *dict, const char *key) */ switch (start[0]) { default: - msg_warn("read TCP map reply from %s: bad status code %.100s", + msg_warn("read TCP map reply from %s: bad status code: %.100s", dict_tcp->dict.name, printable(STR(dict_tcp->hex_buf), '_')); dict_tcp_disconnect(dict_tcp); RETURN(DICT_ERR_RETRY, 0); case '4': if (msg_verbose) msg_info("%s: soft error: %s", - myname, printable(STR(dict_tcp->raw_buf), '_')); + myname, printable(STR(dict_tcp->hex_buf), '_')); dict_tcp_disconnect(dict_tcp); RETURN(DICT_ERR_RETRY, 0); case '5': if (msg_verbose) msg_info("%s: not found: %s", - myname, printable(STR(dict_tcp->raw_buf), '_')); + myname, printable(STR(dict_tcp->hex_buf), '_')); RETURN(DICT_ERR_NONE, 0); case '2': if (msg_verbose) @@ -269,17 +271,32 @@ static void dict_tcp_close(DICT *dict) /* dict_tcp_open - open TCP map */ -DICT *dict_tcp_open(const char *map, int unused_flags, int dict_flags) +DICT *dict_tcp_open(const char *map, int open_flags, int dict_flags) { DICT_TCP *dict_tcp; dict_errno = 0; + /* + * Sanity checks. + */ + if (dict_flags & DICT_FLAG_NO_UNAUTH) + msg_fatal("%s:%s map is not allowed for security sensitive data", + DICT_TYPE_TCP, map); + if (open_flags != O_RDONLY) + msg_fatal("%s:%s map requires O_RDONLY access mode", + DICT_TYPE_TCP, map); + + /* + * Create the dictionary handle. Do not open the connection until the + * first request is made. + */ dict_tcp = (DICT_TCP *) dict_alloc(DICT_TYPE_TCP, map, sizeof(*dict_tcp)); dict_tcp->fp = 0; dict_tcp->raw_buf = dict_tcp->hex_buf = 0; dict_tcp->dict.lookup = dict_tcp_lookup; dict_tcp->dict.close = dict_tcp_close; - dict_tcp->dict.flags = dict_flags | DICT_FLAG_FIXED; + dict_tcp->dict.flags = dict_flags | DICT_FLAG_PATTERN; + return (DICT_DEBUG (&dict_tcp->dict)); } diff --git a/postfix/src/util/match_list.c b/postfix/src/util/match_list.c index 074c8f33c..ab4b13d0e 100644 --- a/postfix/src/util/match_list.c +++ b/postfix/src/util/match_list.c @@ -105,7 +105,6 @@ static ARGV *match_list_parse(ARGV *list, char *string) char *delim = " ,\t\r\n"; char *bp = string; char *pattern; - char *cp; char *map_type_name; char *map_type_name_flags; diff --git a/postfix/src/verify/verify.c b/postfix/src/verify/verify.c index a68b726d3..443b07ecc 100644 --- a/postfix/src/verify/verify.c +++ b/postfix/src/verify/verify.c @@ -29,8 +29,7 @@ /* .IP "\fBVRFY_ADDR_UPDATE\fI address status text\fR" /* Update the status of the specified address. /* .IP "\fBVRFY_ADDR_QUERY\fI address\fR" -/* Look up the \fIstatus\fR, \fIlast update time\fR and \fItext\fR -/* of the specified address. +/* Look up the \fIstatus\fR and \fItext\fR of the specified address. /* If the status is unknown, a probe is sent and a default status is /* returned. /* .PP