2
0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-30 13:48:06 +00:00

postfix-2.0.18-20040205

This commit is contained in:
Wietse Venema
2004-02-05 00:00:00 -05:00
committed by Viktor Dukhovni
parent 50637b38fb
commit 4dd1be4d8c
16 changed files with 200 additions and 198 deletions

View File

@@ -9092,6 +9092,31 @@ Apologies for any names omitted.
Misc. documentation fixes by Victor Duchovni. Misc. documentation fixes by Victor Duchovni.
20040126
Safety: handle the case that main.cf is updated while it
is being read. File: util/dict.c.
20040127
Bugfix: missing flush_init() call. Introduced 20040105.
File: postqueue/postqueue.c.
20040202
Bugfix: changed mis-leading warning about text>4096 characters
into "unexpected end-of-input". File: util/attr_scan0.c.
20040204
Bugfix: don't panic on a corrupt queue file. File:
*qmgr/qmgr_message.c.
20040205
Cleanup: sample-filter.cf is gone. Better documentation is
available with "man header_checks".
Open problems: Open problems:
Low: log xdelay (esp. for SMTP and delivery to command). Low: log xdelay (esp. for SMTP and delivery to command).

View File

@@ -57,8 +57,10 @@
# find out what lookup table types your Postfix system sup- # find out what lookup table types your Postfix system sup-
# ports. # ports.
# #
# The general format of a Postfix regular expression table # The general format of Postfix regular expression tables is
# is: # given below. For a discussion of specific pattern or
# flags syntax, see pcre_table(5) or regexp_table(5),
# respectively.
# #
# /pattern/flags action # /pattern/flags action
# When pattern matches the input string, execute the # When pattern matches the input string, execute the
@@ -94,10 +96,6 @@
# text. A line that starts with whitespace continues # text. A line that starts with whitespace continues
# a logical line. # a logical line.
# #
# For a discussion of specific pattern or flags syntax
# details, see pcre_table(5) or regexp_table(5), respec-
# tively.
#
# TABLE SEARCH ORDER # TABLE SEARCH ORDER
# For each line of message input, the patterns are applied # For each line of message input, the patterns are applied
# in the order as specified in the table. When a pattern is # in the order as specified in the table. When a pattern is
@@ -138,12 +136,12 @@
# as DUNNO. # as DUNNO.
# #
# FILTER transport:destination # FILTER transport:destination
# Write a content filter request record to the queue # Write a content filter request to the queue file
# file and inspect the next input line. After the # and inspect the next input line. After the com-
# complete message is received it will be sent # plete message is received it will be sent through
# through the specified external content filter. # the specified external content filter. More infor-
# More information about external content filters is # mation about external content filters is in the
# in the Postfix FILTER_README file. # Postfix FILTER_README file.
# #
# Note: this action overrides the main.cf con- # Note: this action overrides the main.cf con-
# tent_filter setting, and affects all recipients of # tent_filter setting, and affects all recipients of
@@ -167,6 +165,15 @@
# IGNORE Delete the current line from the input and inspect # IGNORE Delete the current line from the input and inspect
# the next input line. # the next input line.
# #
# PREPEND text...
# Prepend one line with the specified text and
# inspect the next input line. The prepended line of
# text is output before the input line that triggered
# the PREPEND pattern.
#
# Note: this action cannot be used to prepend multi-
# line text.
#
# REDIRECT user@domain # REDIRECT user@domain
# Write a message redirection request to the queue # Write a message redirection request to the queue
# file and inspect the next input line. After the # file and inspect the next input line. After the
@@ -245,6 +252,19 @@
# process a multi-line message header one line at a # process a multi-line message header one line at a
# time. # time.
# #
# EXAMPLES
# Header pattern to block attachments with bad file name
# extensions.
#
# /^content-(type|disposition):.*name[[:space:]]*=.*\.(exe|vbs)/
# REJECT Bad attachment file name extension: $1
#
# Body pattern to stop a specific HTML browser vulnerability
# exploit.
#
# /^<iframe src=(3D)?cid:.* height=(3D)?0 width=(3D)?0>$/
# REJECT IFRAME vulnerability exploit
#
# SEE ALSO # SEE ALSO
# cleanup(8) canonicalize and enqueue Postfix message # cleanup(8) canonicalize and enqueue Postfix message
# pcre_table(5) format of PCRE tables # pcre_table(5) format of PCRE tables

View File

@@ -516,7 +516,7 @@ unknown_local_recipient_reject_code = 450
# headers of attached messages. With older Postfix versions, MIME and # headers of attached messages. With older Postfix versions, MIME and
# attached message headers were treated as body text. # attached message headers were treated as body text.
# #
# For details, see the sample-filter.cf file. # For details, see "man header_checks".
# #
#header_checks = regexp:/etc/postfix/header_checks #header_checks = regexp:/etc/postfix/header_checks

View File

@@ -172,7 +172,7 @@ $sample_directory/sample-auth.cf:f:root:-:644
$sample_directory/sample-canonical.cf:f:root:-:644:o $sample_directory/sample-canonical.cf:f:root:-:644:o
$sample_directory/sample-compatibility.cf:f:root:-:644 $sample_directory/sample-compatibility.cf:f:root:-:644
$sample_directory/sample-debug.cf:f:root:-:644 $sample_directory/sample-debug.cf:f:root:-:644
$sample_directory/sample-filter.cf:f:root:-:644 $sample_directory/sample-filter.cf:f:root:-:644:o
$sample_directory/sample-flush.cf:f:root:-:644 $sample_directory/sample-flush.cf:f:root:-:644
$sample_directory/sample-ldap.cf:f:root:-:644 $sample_directory/sample-ldap.cf:f:root:-:644
$sample_directory/sample-lmtp.cf:f:root:-:644 $sample_directory/sample-lmtp.cf:f:root:-:644

View File

@@ -1,137 +0,0 @@
# DO NOT EDIT THIS FILE. EDIT THE MAIN.CF FILE INSTEAD. THE STUFF
# HERE JUST SERVES AS AN EXAMPLE.
#
# This file contains example settings for miscellaneous Postfix
# content filtering parameters.
# The header_checks parameter specifies an optional table with patterns
# that each logical message header is matched against, including
# headers that span multiple physical lines. Patterns are matched
# in the specified order, and the search stops upon the first match.
#
# For examples of pattern syntax see the sample-regexp-header.cf and
# sample-pcre-header.cf files.
#
# When a pattern matches, what happens next depends on the associated
# action that is specified in the right-hand side of the table:
#
# REJECT [optional text...]
# Reject the entire message. The optional text is sent to the
# originator and is logged to the maillog file.
# DUNNO [optional text...]
# Skip all further header patterns for this header line.
# IGNORE [optional text...]
# Silently discard the header line.
# WARN [optional text...]
# Log the message header and the optional text. This is useful
# for testing. When the pattern is good, change the WARN into a
# REJECT or into a DISCARD.
# HOLD [optional text...]
# Place the message on the hold queue. Mail on hold can be
# inspected with the postcat command, and can be destroyed or
# taken off hold (i.e. delivered) with the postsuper command.
# The matched header is logged with the optional text.
# DISCARD [optional text...]
# Claim successful delivery and silently discard the message.
# The matched header is logged with the optional text.
# FILTER transport:nexthop
# After the message is queued, send the message through
# a content filter. This requires different cleanup servers
# before and after the filter, with header/body checks turned
# off in the second cleanup server. More info about content
# filtering is in the Postfix FILTER_README file. This feature
# overrides the main.cf content_filter setting.
# REDIRECT user@domain
# Send the message to the specified address instead of the
# intended recipient(s). This feature overrides the FILTER action.
#
# By default, these patterns apply the primary message headers, to
# MIME headers, and to the headers of attached messages. With older
# Postfix versions, MIME and attached message headers were treated
# as body text.
#
header_checks = regexp:/etc/postfix/header_checks
# The mime_header_checks specifies an optional table with patterns
# that each MIME header is matched against. This applies to MIME
# related headers in message headers, and to the headers that follow
# multipart boundary strings. Headers may span multiple physical lines.
# Patterns are matched in the specified order, and the search stops
# upon the first match.
#
# For examples of pattern syntax see the sample-regexp-header.cf and
# sample-pcre-header files.
#
# Actions on the table right-hand side are the same as with header_checks.
#
mime_header_checks = $header_checks
# The nested_header_checks specifies an optional table with patterns
# that each attached message header is matched against (except for
# MIME related headers). Headers may span multiple physical lines.
# Patterns are matched in the specified order, and the search stops
# upon the first match.
#
# For examples of pattern syntax see the sample-regexp-header.cf and
# sample-pcre-header.cf files.
#
# When a pattern matches, what happens next depends on the associated
# action that is specified in the right-hand side of the table:
#
# Actions on the table right-hand side are the same as with header_checks.
#
# By default, the same patterns are applied as for header_checks.
#
nested_header_checks = $header_checks
# The body_checks parameter specifies an optional table with patterns
# that each physical line in the message body is matched against
# (including MIME headers inside the message body - Postfix does not
# recognize multi-line MIME headers in the message body).
# Lines are matched one at a time. Long lines are matched in chunks
# of at most $line_length_limit characters. Patterns are matched in
# the specified order, and the search stops upon the first match.
#
# For examples of pattern syntax see the sample-regexp-body.cf and
# sample-pcre-body.cf files.
#
# Actions on the table right-hand side are the same as with header_checks.
#
body_checks = regexp:/etc/postfix/body_checks
# The body_checks_size_limit parameter controls how much text in a
# message body segment (or attachment, if you prefer to use that
# term) is subjected to body_checks inspection.
#
# By default, only the first 50 kbytes of a message body segment are
# inspected with body_checks patterns.
#
body_checks_size_limit = 51200
# The receive_override_options parameter controls what input processing
# happens before or after an external content filter.
#
# Specify zero or more of the following options. The options override
# main.cf settings and are either implemented by the SMTP server, by
# the QMQP server, or by the pickup server, or they are passed on to
# the cleanup server.
#
# When the receive_override_options setting BEFORE the content filter
# is specified in the main.cf file, specify the "AFTER content filter"
# receive_override_options setting in master.cf (or vice versa).
#
# - no_unknown_recipient_checks: Do not try to reject unknown
# recipients (SMTP server only). This is typically specified AFTER
# an external content filter.
#
# - no_address_mappings: Disable canonical address mapping, virtual
# alias map expansion, address masquerading, and automatic BCC
# recipients. This is typically specified BEFORE an external content
# filter.
#
# - no_header_body_checks: Disable header/body_checks. This is
# typically specified AFTER an external content filter.
#
# receive_override_options = no_unknown_recipient_checks, no_header_body_checks
# receive_override_options = no_address_mappings
receive_override_options =

View File

@@ -58,8 +58,10 @@ HEADER_CHECKS(5) HEADER_CHECKS(5)
find out what lookup table types your Postfix system sup- find out what lookup table types your Postfix system sup-
ports. ports.
The general format of a Postfix regular expression table The general format of Postfix regular expression tables is
is: given below. For a discussion of specific pattern or
flags syntax, see <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a> or <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a>,
respectively.
<b>/</b><i>pattern</i><b>/</b><i>flags action</i> <b>/</b><i>pattern</i><b>/</b><i>flags action</i>
When <i>pattern</i> matches the input string, execute the When <i>pattern</i> matches the input string, execute the
@@ -95,10 +97,6 @@ HEADER_CHECKS(5) HEADER_CHECKS(5)
text. A line that starts with whitespace continues text. A line that starts with whitespace continues
a logical line. a logical line.
For a discussion of specific pattern or flags syntax
details, see <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a> or <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a>, respec-
tively.
<b>TABLE SEARCH ORDER</b> <b>TABLE SEARCH ORDER</b>
For each line of message input, the patterns are applied For each line of message input, the patterns are applied
in the order as specified in the table. When a pattern is in the order as specified in the table. When a pattern is
@@ -139,12 +137,12 @@ HEADER_CHECKS(5) HEADER_CHECKS(5)
as <b>DUNNO</b>. as <b>DUNNO</b>.
<b>FILTER</b> <i>transport:destination</i> <b>FILTER</b> <i>transport:destination</i>
Write a content filter request record to the queue Write a content filter request to the queue file
file and inspect the next input line. After the and inspect the next input line. After the com-
complete message is received it will be sent plete message is received it will be sent through
through the specified external content filter. the specified external content filter. More infor-
More information about external content filters is mation about external content filters is in the
in the Postfix FILTER_README file. Postfix FILTER_README file.
Note: this action overrides the <b>main.cf con-</b> Note: this action overrides the <b>main.cf con-</b>
<b>tent_filter</b> setting, and affects all recipients of <b>tent_filter</b> setting, and affects all recipients of
@@ -168,6 +166,15 @@ HEADER_CHECKS(5) HEADER_CHECKS(5)
<b>IGNORE</b> Delete the current line from the input and inspect <b>IGNORE</b> Delete the current line from the input and inspect
the next input line. the next input line.
<b>PREPEND</b> <i>text...</i>
Prepend one line with the specified text and
inspect the next input line. The prepended line of
text is output before the input line that triggered
the <b>PREPEND</b> pattern.
Note: this action cannot be used to prepend multi-
line text.
<b>REDIRECT</b> <i>user@domain</i> <b>REDIRECT</b> <i>user@domain</i>
Write a message redirection request to the queue Write a message redirection request to the queue
file and inspect the next input line. After the file and inspect the next input line. After the
@@ -246,6 +253,19 @@ HEADER_CHECKS(5) HEADER_CHECKS(5)
process a multi-line message header one line at a process a multi-line message header one line at a
time. time.
<b>EXAMPLES</b>
Header pattern to block attachments with bad file name
extensions.
/^content-(type|disposition):.*name[[:space:]]*=.*\.(exe|vbs)/
REJECT Bad attachment file name extension: $1
Body pattern to stop a specific HTML browser vulnerability
exploit.
/^&lt;iframe src=(3D)?cid:.* height=(3D)?0 width=(3D)?0&gt;$/
REJECT IFRAME vulnerability exploit
<b>SEE ALSO</b> <b>SEE ALSO</b>
<a href="cleanup.8.html">cleanup(8)</a> canonicalize and enqueue Postfix message <a href="cleanup.8.html">cleanup(8)</a> canonicalize and enqueue Postfix message
<a href="pcre_table.5.html">pcre_table(5)</a> format of PCRE tables <a href="pcre_table.5.html">pcre_table(5)</a> format of PCRE tables

View File

@@ -1,13 +1,13 @@
<html> <head> </head> <body> <pre> <html> <body> <pre>
POSTQUEUE(1) POSTQUEUE(1) POSTQUEUE(1) POSTQUEUE(1)
<b>NAME</b> <b>NAME</b>
postqueue - Postfix queue control postqueue - Postfix queue control
<b>SYNOPSIS</b> <b>SYNOPSIS</b>
<b>postqueue</b> [<b>-c</b> <i>config_dir</i>] <b>-f</b> <b>postqueue</b> [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] <b>-f</b>
<b>postqueue</b> [<b>-c</b> <i>config_dir</i>] <b>-p</b> <b>postqueue</b> [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] <b>-p</b>
<b>postqueue</b> [<b>-c</b> <i>config_dir</i>] <b>-s</b> <i>site</i> <b>postqueue</b> [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] <b>-s</b> <i>site</i>
<b>DESCRIPTION</b> <b>DESCRIPTION</b>
The <b>postqueue</b> program implements the Postfix user inter- The <b>postqueue</b> program implements the Postfix user inter-
@@ -19,7 +19,7 @@ POSTQUEUE(1) POSTQUEUE(1)
The following options are recognized: The following options are recognized:
<b>-c</b> <i>config_dir</i> <b>-c</b> <i>config</i><b>_</b><i>dir</i>
The <b>main.cf</b> configuration file is in the named The <b>main.cf</b> configuration file is in the named
directory instead of the default configuration directory instead of the default configuration
directory. See also the MAIL_CONFIG environment directory. See also the MAIL_CONFIG environment
@@ -28,7 +28,7 @@ POSTQUEUE(1) POSTQUEUE(1)
<b>-f</b> Flush the queue: attempt to deliver all queued <b>-f</b> Flush the queue: attempt to deliver all queued
mail. mail.
This option implements the traditional <b>sendmail</b> <b>-q</b> This option implements the traditional <b>sendmail -q</b>
command, by contacting the Postfix <a href="qmgr.8.html"><b>qmgr</b>(8)</a> daemon. command, by contacting the Postfix <a href="qmgr.8.html"><b>qmgr</b>(8)</a> daemon.
<b>-p</b> Produce a traditional sendmail-style queue listing. <b>-p</b> Produce a traditional sendmail-style queue listing.
@@ -83,7 +83,7 @@ POSTQUEUE(1) POSTQUEUE(1)
A non-standard directory is allowed only if the A non-standard directory is allowed only if the
name is listed in the standard <b>main.cf</b> file, in the name is listed in the standard <b>main.cf</b> file, in the
<b>alternate</b><i>_</i><b>config</b><i>_</i><b>directories</b> configuration parame- <b>alternate_config_directories</b> configuration parame-
ter value. ter value.
Only the superuser is allowed to specify arbitrary Only the superuser is allowed to specify arbitrary
@@ -93,24 +93,24 @@ POSTQUEUE(1) POSTQUEUE(1)
/var/spool/postfix, mail queue /var/spool/postfix, mail queue
/etc/postfix, configuration files /etc/postfix, configuration files
<b>CONFIGURATION</b> <b>PARAMETERS</b> <b>CONFIGURATION PARAMETERS</b>
<b>import</b><i>_</i><b>environment</b> <b>import_environment</b>
List of names of environment parameters that can be List of names of environment parameters that can be
imported from non-Postfix processes. imported from non-Postfix processes.
<b>queue</b><i>_</i><b>directory</b> <b>queue_directory</b>
Top-level directory of the Postfix queue. This is Top-level directory of the Postfix queue. This is
also the root directory of Postfix daemons that run also the root directory of Postfix daemons that run
chrooted. chrooted.
<b>fast</b><i>_</i><b>flush</b><i>_</i><b>domains</b> <b>fast_flush_domains</b>
List of domains that will receive "fast flush" ser- List of domains that will receive "fast flush" ser-
vice (default: all domains that this system is vice (default: all domains that this system is
willing to relay mail to). This list specifies the willing to relay mail to). This list specifies the
domains that Postfix accepts in the SMTP <b>ETRN</b> domains that Postfix accepts in the SMTP <b>ETRN</b>
request and in the <b>sendmail</b> <b>-qR</b> command. request and in the <b>sendmail -qR</b> command.
<b>SEE</b> <b>ALSO</b> <b>SEE ALSO</b>
<a href="sendmail.1.html">sendmail(1)</a> sendmail-compatible user interface <a href="sendmail.1.html">sendmail(1)</a> sendmail-compatible user interface
<a href="postsuper.1.html">postsuper(1)</a> privileged queue operations <a href="postsuper.1.html">postsuper(1)</a> privileged queue operations
<a href="qmgr.8.html">qmgr(8)</a> queue manager <a href="qmgr.8.html">qmgr(8)</a> queue manager

View File

@@ -61,7 +61,10 @@ expressions) support is more widely available.
Use the command \fBpostconf -m\fR to find out what lookup table Use the command \fBpostconf -m\fR to find out what lookup table
types your Postfix system supports. types your Postfix system supports.
The general format of a Postfix regular expression table is: The general format of Postfix regular expression tables is
given below.
For a discussion of specific pattern or flags syntax,
see \fBpcre_table\fR(5) or \fBregexp_table\fR(5), respectively.
.IP "\fB/\fIpattern\fB/\fIflags action\fR" .IP "\fB/\fIpattern\fB/\fIflags action\fR"
When \fIpattern\fR matches the input string, execute When \fIpattern\fR matches the input string, execute
the corresponding \fIaction\fR. See below for a list the corresponding \fIaction\fR. See below for a list
@@ -88,9 +91,6 @@ are lines whose first non-whitespace character is a `#'.
.IP "multi-line text" .IP "multi-line text"
A pattern/action line starts with non-whitespace text. A line that A pattern/action line starts with non-whitespace text. A line that
starts with whitespace continues a logical line. starts with whitespace continues a logical line.
.PP
For a discussion of specific pattern or flags syntax details,
see \fBpcre_table\fR(5) or \fBregexp_table\fR(5), respectively.
.SH TABLE SEARCH ORDER .SH TABLE SEARCH ORDER
.na .na
.nf .nf
@@ -135,7 +135,7 @@ next input line. This action can be used to shorten the table search.
For backwards compatibility reasons, Postfix also accepts For backwards compatibility reasons, Postfix also accepts
\fBOK\fR but it is (and always has been) treated as \fBDUNNO\fR. \fBOK\fR but it is (and always has been) treated as \fBDUNNO\fR.
.IP "\fBFILTER \fItransport:destination\fR" .IP "\fBFILTER \fItransport:destination\fR"
Write a content filter request record to the queue file and Write a content filter request to the queue file and
inspect the next input line. inspect the next input line.
After the complete message is received it will be sent through After the complete message is received it will be sent through
the specified external content filter. More information about the specified external content filter. More information about
@@ -159,6 +159,12 @@ Note: this action affects all recipients of the message.
.IP \fBIGNORE\fR .IP \fBIGNORE\fR
Delete the current line from the input and inspect Delete the current line from the input and inspect
the next input line. the next input line.
.IP "\fBPREPEND \fItext...\fR"
Prepend one line with the specified text and inspect the next
input line. The prepended line of text is output before the
input line that triggered the \fBPREPEND\fR pattern.
.sp
Note: this action cannot be used to prepend multi-line text.
.IP "\fBREDIRECT \fIuser@domain\fR" .IP "\fBREDIRECT \fIuser@domain\fR"
Write a message redirection request to the queue file and Write a message redirection request to the queue file and
inspect the next input line. After the message is queued, inspect the next input line. After the message is queued,
@@ -224,6 +230,28 @@ message.
.sp .sp
Note: when used in this manner, \fBbody_checks\fR will process Note: when used in this manner, \fBbody_checks\fR will process
a multi-line message header one line at a time. a multi-line message header one line at a time.
.SH EXAMPLES
.na
.nf
.ad
.fi
Header pattern to block attachments with bad file name extensions.
.na
.nf
/^content-(type|disposition):.*name[[:space:]]*=.*\\.(exe|vbs)/
.ti +4
REJECT Bad attachment file name extension: $1
.ad
.fi
Body pattern to stop a specific HTML browser vulnerability exploit.
.na
.nf
/^<iframe src=(3D)?cid:.* height=(3D)?0 width=(3D)?0>$/
.ti +4
REJECT IFRAME vulnerability exploit
.SH SEE ALSO .SH SEE ALSO
.na .na
.nf .nf

View File

@@ -53,7 +53,10 @@
# Use the command \fBpostconf -m\fR to find out what lookup table # Use the command \fBpostconf -m\fR to find out what lookup table
# types your Postfix system supports. # types your Postfix system supports.
# #
# The general format of a Postfix regular expression table is: # The general format of Postfix regular expression tables is
# given below.
# For a discussion of specific pattern or flags syntax,
# see \fBpcre_table\fR(5) or \fBregexp_table\fR(5), respectively.
# .IP "\fB/\fIpattern\fB/\fIflags action\fR" # .IP "\fB/\fIpattern\fB/\fIflags action\fR"
# When \fIpattern\fR matches the input string, execute # When \fIpattern\fR matches the input string, execute
# the corresponding \fIaction\fR. See below for a list # the corresponding \fIaction\fR. See below for a list
@@ -80,9 +83,6 @@
# .IP "multi-line text" # .IP "multi-line text"
# A pattern/action line starts with non-whitespace text. A line that # A pattern/action line starts with non-whitespace text. A line that
# starts with whitespace continues a logical line. # starts with whitespace continues a logical line.
# .PP
# For a discussion of specific pattern or flags syntax details,
# see \fBpcre_table\fR(5) or \fBregexp_table\fR(5), respectively.
# TABLE SEARCH ORDER # TABLE SEARCH ORDER
# .ad # .ad
# .fi # .fi
@@ -121,7 +121,7 @@
# For backwards compatibility reasons, Postfix also accepts # For backwards compatibility reasons, Postfix also accepts
# \fBOK\fR but it is (and always has been) treated as \fBDUNNO\fR. # \fBOK\fR but it is (and always has been) treated as \fBDUNNO\fR.
# .IP "\fBFILTER \fItransport:destination\fR" # .IP "\fBFILTER \fItransport:destination\fR"
# Write a content filter request record to the queue file and # Write a content filter request to the queue file and
# inspect the next input line. # inspect the next input line.
# After the complete message is received it will be sent through # After the complete message is received it will be sent through
# the specified external content filter. More information about # the specified external content filter. More information about
@@ -145,6 +145,12 @@
# .IP \fBIGNORE\fR # .IP \fBIGNORE\fR
# Delete the current line from the input and inspect # Delete the current line from the input and inspect
# the next input line. # the next input line.
# .IP "\fBPREPEND \fItext...\fR"
# Prepend one line with the specified text and inspect the next
# input line. The prepended line of text is output before the
# input line that triggered the \fBPREPEND\fR pattern.
# .sp
# Note: this action cannot be used to prepend multi-line text.
# .IP "\fBREDIRECT \fIuser@domain\fR" # .IP "\fBREDIRECT \fIuser@domain\fR"
# Write a message redirection request to the queue file and # Write a message redirection request to the queue file and
# inspect the next input line. After the message is queued, # inspect the next input line. After the message is queued,
@@ -206,6 +212,26 @@
# .sp # .sp
# Note: when used in this manner, \fBbody_checks\fR will process # Note: when used in this manner, \fBbody_checks\fR will process
# a multi-line message header one line at a time. # a multi-line message header one line at a time.
# EXAMPLES
# .ad
# .fi
# Header pattern to block attachments with bad file name extensions.
#
# .na
# .nf
# /^content-(type|disposition):.*name[[:space:]]*=.*\\.(exe|vbs)/
# .ti +4
# REJECT Bad attachment file name extension: $1
#
# .ad
# .fi
# Body pattern to stop a specific HTML browser vulnerability exploit.
#
# .na
# .nf
# /^<iframe src=(3D)?cid:.* height=(3D)?0 width=(3D)?0>$/
# .ti +4
# REJECT IFRAME vulnerability exploit
# SEE ALSO # SEE ALSO
# cleanup(8) canonicalize and enqueue Postfix message # cleanup(8) canonicalize and enqueue Postfix message
# pcre_table(5) format of PCRE tables # pcre_table(5) format of PCRE tables

View File

@@ -20,7 +20,7 @@
* Patches change the patchlevel and the release date. Snapshots change the * Patches change the patchlevel and the release date. Snapshots change the
* release date only, unless they include the same bugfix as a patch release. * release date only, unless they include the same bugfix as a patch release.
*/ */
#define MAIL_RELEASE_DATE "20040122" #define MAIL_RELEASE_DATE "20040205"
#define MAIL_VERSION_NUMBER "2.0.18" #define MAIL_VERSION_NUMBER "2.0.18"
#define VAR_MAIL_VERSION "mail_version" #define VAR_MAIL_VERSION "mail_version"

View File

@@ -584,7 +584,7 @@ static int qmgr_message_read(QMGR_MESSAGE *message)
* IPC channel, sending an empty string is more convenient than sending a * IPC channel, sending an empty string is more convenient than sending a
* null pointer. * null pointer.
*/ */
if (message->errors_to == 0) if (message->errors_to == 0 && message->sender)
message->errors_to = mystrdup(message->sender); message->errors_to = mystrdup(message->sender);
if (message->return_receipt == 0) if (message->return_receipt == 0)
message->return_receipt = mystrdup(""); message->return_receipt = mystrdup("");

View File

@@ -264,6 +264,8 @@ static void flush_site(const char *site)
{ {
int status; int status;
flush_init();
switch (status = flush_send(site)) { switch (status = flush_send(site)) {
case FLUSH_STAT_OK: case FLUSH_STAT_OK:
exit(0); exit(0);

View File

@@ -619,7 +619,7 @@ static int qmgr_message_read(QMGR_MESSAGE *message)
* IPC channel, sending an empty string is more convenient than sending a * IPC channel, sending an empty string is more convenient than sending a
* null pointer. * null pointer.
*/ */
if (message->errors_to == 0) if (message->errors_to == 0 && message->sender)
message->errors_to = mystrdup(message->sender); message->errors_to = mystrdup(message->sender);
if (message->return_receipt == 0) if (message->return_receipt == 0)
message->return_receipt = mystrdup(""); message->return_receipt = mystrdup("");

View File

@@ -589,6 +589,7 @@ dict.o: vstring.h
dict.o: readlline.h dict.o: readlline.h
dict.o: mac_parse.h dict.o: mac_parse.h
dict.o: stringops.h dict.o: stringops.h
dict.o: iostuff.h
dict.o: dict.h dict.o: dict.h
dict.o: argv.h dict.o: argv.h
dict.o: dict_ht.h dict.o: dict_ht.h

View File

@@ -160,8 +160,6 @@
static int attr_scan0_string(VSTREAM *fp, VSTRING *plain_buf, const char *context) static int attr_scan0_string(VSTREAM *fp, VSTRING *plain_buf, const char *context)
{ {
extern int var_line_limit; /* XXX */
int limit = var_line_limit * 4;
int ch; int ch;
if ((ch = vstring_get_null(plain_buf, fp)) == VSTREAM_EOF) { if ((ch = vstring_get_null(plain_buf, fp)) == VSTREAM_EOF) {
@@ -171,8 +169,8 @@ static int attr_scan0_string(VSTREAM *fp, VSTRING *plain_buf, const char *contex
return (-1); return (-1);
} }
if (ch != 0) { if (ch != 0) {
msg_warn("string length > %d characters from %s while reading %s", msg_warn("unexpected end-of-input from %s while reading %s",
limit, VSTREAM_PATH(fp), context); VSTREAM_PATH(fp), context);
return (-1); return (-1);
} }
if (msg_verbose) if (msg_verbose)

View File

@@ -173,6 +173,7 @@
#include <fcntl.h> #include <fcntl.h>
#include <ctype.h> #include <ctype.h>
#include <string.h> #include <string.h>
#include <time.h>
/* Utility library. */ /* Utility library. */
@@ -184,6 +185,7 @@
#include "readlline.h" #include "readlline.h"
#include "mac_parse.h" #include "mac_parse.h"
#include "stringops.h" #include "stringops.h"
#include "iostuff.h"
#include "dict.h" #include "dict.h"
#include "dict_ht.h" #include "dict_ht.h"
@@ -361,12 +363,29 @@ int dict_sequence(const char *dict_name, const int func,
void dict_load_file(const char *dict_name, const char *path) void dict_load_file(const char *dict_name, const char *path)
{ {
VSTREAM *fp; VSTREAM *fp;
struct stat st;
time_t before;
time_t after;
/*
* Read the file again if it is hot. This may result in reading a partial
* parameter name when a file changes in the middle of a read.
*/
for (before = time((time_t *) 0); /* see below */ ; before = after) {
if ((fp = vstream_fopen(path, O_RDONLY, 0)) == 0) if ((fp = vstream_fopen(path, O_RDONLY, 0)) == 0)
msg_fatal("open %s: %m", path); msg_fatal("open %s: %m", path);
dict_load_fp(dict_name, fp); dict_load_fp(dict_name, fp);
if (fstat(vstream_fileno(fp), &st) < 0)
msg_fatal("fstat %s: %m", path);
if (vstream_ferror(fp) || vstream_fclose(fp)) if (vstream_ferror(fp) || vstream_fclose(fp))
msg_fatal("read %s: %m", path); msg_fatal("read %s: %m", path);
after = time((time_t *) 0);
if (st.st_mtime < before - 1 || st.st_mtime > after)
break;
if (msg_verbose)
msg_info("pausing to let %s cool down", path);
doze(300000);
}
} }
/* dict_load_fp - read entries from open stream */ /* dict_load_fp - read entries from open stream */