diff --git a/postfix/FILTER_README b/postfix/FILTER_README index c6a3a71c0..7c1ebfc61 100644 --- a/postfix/FILTER_README +++ b/postfix/FILTER_README @@ -1,7 +1,6 @@ This is a very first implementation of Postfix content filtering. -A Postfix content filter re-injects filtered mail back into Postfix. -If all you want is content _inspection_, see the INSPECT_README -file instead. +A Postfix content filter receives unfiltered mail from Postfix and +re-injects filtered mail back into Postfix. It involves an incompatible change to queue file formats. Older Postfix versions will reject mail that needs to be content filtered, diff --git a/postfix/HISTORY b/postfix/HISTORY index 106f87a42..35cdcb3f3 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -4055,12 +4055,6 @@ Apologies for any names omitted. lying around after unsuccessful delivery (problem reported by Brian Laughton @ Corp.Axxent.Ca). -20000619 - - Workaround: if append_dot_mydomain=no, turn on parent domain - search in the Postfix SMTP client, so that mail does not - bounce. Files: smtp/smtp.c, smtp/smtp_unalias.c. - 20000621 AIX 4.x had POSIX regular expression support all the time @@ -4127,7 +4121,7 @@ Apologies for any names omitted. not exist, defer mail instead of bouncing it (which would lose the mail if the bounce would have to be delivered to that same non-existent relayhost). Problem reported by - Chris Cooper @ maths.ox.ac.uk. + Chris Cooper @ maths.ox.ac.uk. File: smtp/smtp_connect.c. 20000821 @@ -4136,6 +4130,7 @@ Apologies for any names omitted. Cleanup: smtpd now replies with 555 when the client sends unrecognized RCPT TO parameters, as required by RFC 1869 (problem report by Robert Norris @ its.monash.edu.au). + File: smtpd/smtpd.c. 20000822 @@ -4156,3 +4151,58 @@ Apologies for any names omitted. access controls, for example, hold off mail from an unknown client or sender until we have completed some investigation, after which we will either reject or accept. + +20000905 + + Robustness: the dns client now rejects malformed domain + names rather than depending on the DNS to report that the + name does not exist. Linux returns a rather misleading + server failure code as found out by Patrik Rak. File: + dns/dns_lookup.c. + +20000911 + + Feature: added IGNORE keyword to header_checks and body_checks + to pretend that certain data does not exist. File: + cleanup/cleanup_message.c. + +20000911 + + Bugfix: the SASL code did not allow MAIL FROM... AUTH=sender + without prior authentication. The RFC allows this, although + one wonders what the reasoning behind this is. File: + smtpd/smtpd_sasl_proto.c. + +20000913 + + Bugfix: the rmail script did not handle remote UUCP systems + that send a from_ line with unqualified envelope sender. + Reported by Luciano Mannucci. + + Compatibility: don't insert Sender: header lines. Sendmail + has not done so for at least 10 years, if it ever did. + Problem reported by Brad Knowles. File: cleanup/cleanup_message.c. + +20000916 + + Bugfix: when propagating an address extension in a virtual + or canonical mapping, cleanup accesses memory that is no + longer allocated. This can happen when the result address + length is more than 100 characters. Problem reported by + Adi Prasaja @ satunet.com. File: global/mail_addr_crunch.c. + + Bugfix: fixed a misleading error message when the cleanup + server reaches the queue file size limit. Fix by Robby + Griffin @ MIT.EDU. File: cleanup/cleanup_extracted.c. + +20000917 + + Bugfix: postalias -i would complain about duplicate entries + for the Sendmail-compatible @ entry and for the NIS-compatible + YP_LAST_MODIFIED and YP_MASTER_NAME entries. + +20000918 + + Gross hack: prevent looping a bad recipient by always + forwarding recipients in :include: files, even when + owner-listname is not set. File: local/recipient.c. diff --git a/postfix/INSPECT_README b/postfix/INSPECT_README deleted file mode 100644 index 2b91d3456..000000000 --- a/postfix/INSPECT_README +++ /dev/null @@ -1,181 +0,0 @@ -This is a very first implementation of Postfix content inspection. -A Postfix content inspector causes "bad" mail to be bounced. All -other mail is delivered normally. If you want content _inspection_, -which allows you to modify mail content or destination, see the -FILTER_README file instead. - -Content inspection involves an incompatible change to queue file -formats. Older Postfix versions will reject mail that needs to be -content inspected, and will move the queue file to the "corrupt" -mail queue subdirectory. - -This document describes two approaches to content inspection. - -Simple content inspection example -================================= - -The example is relatively simple to set up, but is resource intensive -because it runs a shell script for each message. - -With the shell script as shown you can lose a factor in Postfix -performance for each temporary file that is created and deleted in -the process of content inspection. The performance impact is less -for mail that is submitted or delivered locally, because such -deliveries are not as fast as SMTP transit mail. - -The example assumes that only mail received via SMTP needs to be -content inspected. - - .................................. - . Postfix . - ------smtpd \ /local----- - . -cleanup->queue- . - -----pickup / \smtp------ - . | . - . \pipe------>inspector - .................................. - -Create a dedicated local user account called "inspect". The user -will never log in, and can be given a "*" password and non-existent -shell and home. - -Create a directory /var/spool/inspect that is accessible only to -the "inspect" user. This is where the content inspection software -will store any temporary files. - -Define a content inspection entry in the Postfix master file: - - /etc/postfix/master.cf: - inspect unix - n n - - pipe - user=inspect argv=/some/where/inspect ${sender} ${recipient} - -The filter program can start out as a simple shell script like this: - - #!/bin/sh - - # Localize this - INSPECT_DIR=/var/spool/inspect - - # Exit codes from - EX_TEMPFAIL=75 - EX_UNAVAILABLE=69 - - cd $INSPECT_DIR || { echo $INSPECT_DIR does not exist; exit $EX_TEMPFAIL; } - - # Clean up when done or when aborting. - trap "rm -f in.$$; exit" 0 1 2 3 15 - - cat >in.$$ || { echo Cannot save mail to file; exit $EX_TEMPFAIL; } - - # inspect queue- . - -----pickup / | \smtp------ - . v . - . smtp . - . | . - ......................|........... - | - v - ................. - . 10025 . - . inspection . - . . - ................. - -To enable content inspection in this manner, specify in main.cf a -new parameter: - - /etc/postfix/main.cf: - content_filter = smtp:localhost:10025 - -This causes Postfix to add one extra content inspection record to -each incoming mail message, with content smtp:localhost:10025. -You can use the same syntax as in the right-hand side of a Postfix -transport table. The content inspection records are added by the -smtpd and pickup servers. - -When a queue file has content inspection information, the queue -manager will deliver the mail to the specified content inspector -before attempting final delivery. - -The content filter can be set up with the Postfix spawn service, -which is the Postfix equivalent of inetd. For example, to instantiate -up to 10 content inspection processes on demand: - - /etc/postfix/master.cf: - localhost:10025 inet n n n - 10 spawn - user=inspect argv=/some/where/inspect - -"inspect" is a dedicated local user account. The user will never -log in, and can be given a "*" password and non-existent shell and -home. - -The spawn server is part of Postfix but is not installed by default. -Edit the top-level Makefile.in file, run "make makefiles", "make", -and "make install". The manual page isn't installed by default, -either. See the spawn.c source file. - -The /some/where/inspect command is most likely a PERL script. PERL -has modules that make talking SMTP easy. - -For now, it is left up to the Postfix users to come up with a -PERL/SMTP framework for Postfix content inspection. If done well, -it can be used with other mailers too, which is a nice spin-off. diff --git a/postfix/auxiliary/rmail/rmail b/postfix/auxiliary/rmail/rmail index 44c999ee7..eb35bf1c2 100755 --- a/postfix/auxiliary/rmail/rmail +++ b/postfix/auxiliary/rmail/rmail @@ -3,6 +3,11 @@ # Dummy UUCP rmail command for postfix/qmail systems SENDMAIL="/usr/sbin/sendmail" -IFS=" " read junk from junk +IFS=" " read junk from junk junk junk junk junk junk junk relay + +case "$from" in + *[@!]*) ;; + *) from="$from@$relay";; +esac exec $SENDMAIL -f "$from" -- "$@" diff --git a/postfix/cleanup/cleanup_extracted.c b/postfix/cleanup/cleanup_extracted.c index 1f5c54072..1a4982fa1 100644 --- a/postfix/cleanup/cleanup_extracted.c +++ b/postfix/cleanup/cleanup_extracted.c @@ -183,10 +183,13 @@ static void cleanup_extracted_process(CLEANUP_STATE *state, int type, char *buf, */ if (vstream_fflush(state->dst)) { msg_warn("%s: write queue file: %m", state->queue_id); - if (errno == EFBIG) + if (errno == EFBIG) { + msg_warn("%s: queue file size limit exceeded", state->queue_id); state->errs |= CLEANUP_STAT_SIZE; - else + } else { + msg_warn("%s: write queue file: %m", state->queue_id); state->errs |= CLEANUP_STAT_WRITE; + } return; } diff --git a/postfix/cleanup/cleanup_message.c b/postfix/cleanup/cleanup_message.c index ed43a5929..151bbb154 100644 --- a/postfix/cleanup/cleanup_message.c +++ b/postfix/cleanup/cleanup_message.c @@ -267,6 +267,8 @@ static void cleanup_header(CLEANUP_STATE *state) state->queue_id, header, state->sender, state->recip ? state->recip : "unknown"); state->errs |= CLEANUP_STAT_CONT; + } else if (strcasecmp(value, "IGNORE") == 0) { + return; } } } @@ -346,12 +348,8 @@ static void cleanup_missing_headers(CLEANUP_STATE *state) } /* - * Add a missing (Resent-)From: header. If a (Resent-)From: header is - * present, see if we need a (Resent-)Sender: header. + * Add a missing (Resent-)From: header. */ -#define NOT_SPECIAL_SENDER(addr) (*(addr) != 0 \ - && strcasecmp(addr, mail_addr_double_bounce()) != 0) - if ((state->headers_seen & (1 << (state->resent[0] ? HDR_RESENT_FROM : HDR_FROM))) == 0) { quote_822_local(state->temp1, *state->sender ? @@ -366,15 +364,6 @@ static void cleanup_missing_headers(CLEANUP_STATE *state) tok822_free_tree(token); } CLEANUP_OUT_BUF(state, REC_TYPE_NORM, state->temp2); - } else if ((state->headers_seen & (1 << (state->resent[0] ? - HDR_RESENT_SENDER : HDR_SENDER))) == 0 - && NOT_SPECIAL_SENDER(state->sender)) { - from = (state->resent[0] ? state->resent_from : state->from); - if (from == 0 || strcasecmp(state->sender, from) != 0) { - quote_822_local(state->temp1, state->sender); - cleanup_out_format(state, REC_TYPE_NORM, "%sSender: %s", - state->resent, vstring_str(state->temp1)); - } } /* @@ -508,6 +497,8 @@ static void cleanup_message_body(CLEANUP_STATE *state, int type, char *buf, int state->queue_id, buf, state->sender, state->recip ? state->recip : "unknown"); state->errs |= CLEANUP_STAT_CONT; + } else if (strcasecmp(value, "IGNORE") == 0) { + return; } } } diff --git a/postfix/dns/dns_lookup.c b/postfix/dns/dns_lookup.c index 15caa6760..fedd6a870 100644 --- a/postfix/dns/dns_lookup.c +++ b/postfix/dns/dns_lookup.c @@ -109,6 +109,7 @@ #include #include #include +#include /* DNS library. */ @@ -430,6 +431,16 @@ int dns_lookup(const char *name, unsigned type, unsigned flags, int count; int status; + /* + * The Linux resolver misbehaves when given an invalid domain name. + */ + if (!valid_hostname(name)) { + if (why) + vstring_sprintf(why, "Name service error for %s: invalid name", + name); + return (DNS_NOTFOUND); + } + /* * Perform the lookup. Follow CNAME chains, but only up to a * pre-determined maximum. diff --git a/postfix/examples/chroot-setup/LINUX2 b/postfix/examples/chroot-setup/LINUX2 index e6b180246..1d35e1c8e 100644 --- a/postfix/examples/chroot-setup/LINUX2 +++ b/postfix/examples/chroot-setup/LINUX2 @@ -8,11 +8,9 @@ POSTFIX_DIR=${POSTFIX_DIR-/var/spool/postfix} cd ${POSTFIX_DIR} mkdir etc -cp /etc/localtime /etc/services /etc/resolv.conf etc +cp /etc/localtime /etc/services /etc/resolv.conf /etc/nsswitch.conf etc mkdir -p usr/lib/zoneinfo ln -s /etc/localtime usr/lib/zoneinfo -if [ -e /lib/libnss_dns.so.1 ]; then - mkdir lib - cp /lib/libnss_dns.so.1 lib -fi +mkdir lib +cp /lib/libnss_* lib diff --git a/postfix/global/mail_addr_crunch.c b/postfix/global/mail_addr_crunch.c index 5f1c3a707..23383e041 100644 --- a/postfix/global/mail_addr_crunch.c +++ b/postfix/global/mail_addr_crunch.c @@ -84,10 +84,10 @@ ARGV *mail_addr_crunch(const char *string, const char *extension) tok822_externalize(extern_addr, tpp[0]->head, TOK822_STR_DEFL); canon_addr_external(canon_addr, STR(extern_addr)); if (extension) { + VSTRING_SPACE(canon_addr, extlen + 1); if ((ratsign = strrchr(STR(canon_addr), '@')) == 0) { vstring_strcat(canon_addr, extension); } else { - VSTRING_SPACE(canon_addr, extlen + 1); memmove(ratsign + extlen, ratsign, strlen(ratsign) + 1); memcpy(ratsign, extension, extlen); VSTRING_SKIP(canon_addr); diff --git a/postfix/global/mail_copy.c b/postfix/global/mail_copy.c index c8fae4f5f..e08d301f5 100644 --- a/postfix/global/mail_copy.c +++ b/postfix/global/mail_copy.c @@ -42,8 +42,9 @@ /* data to stable storage, and truncate the destination /* file to its original length in case of problems. /* .IP MAIL_COPY_FROM -/* Prepend a UNIX-style From_ line to the message, and append -/* an empty line to the end of the message. +/* Prepend a UNIX-style From_ line to the message. +/* .IP MAIL_COPY_BLANK +/* Append an empty line to the end of the message. /* .IP MAIL_COPY_DELIVERED /* Prepend a Delivered-To: header with the name of the /* \fIdelivered\fR attribute. diff --git a/postfix/global/mail_version.h b/postfix/global/mail_version.h index 64a3274c3..8830407cf 100644 --- a/postfix/global/mail_version.h +++ b/postfix/global/mail_version.h @@ -15,7 +15,7 @@ * Version of this program. */ #define VAR_MAIL_VERSION "mail_version" -#define DEF_MAIL_VERSION "Snapshot-20000823" +#define DEF_MAIL_VERSION "Snapshot-20000918" extern char *var_mail_version; /* LICENSE diff --git a/postfix/html/pipe.8.html b/postfix/html/pipe.8.html index fa0f42390..c98431c7d 100644 --- a/postfix/html/pipe.8.html +++ b/postfix/html/pipe.8.html @@ -41,9 +41,7 @@ PIPE(8) PIPE(8) F Prepend a "From sender time_stamp" envelope header to the message content. This is - expected by, for example, UUCP software. The - F flag also causes an empty line to be - appended to the message. + expected by, for example, UUCP software. R Prepend a Return-Path: message header with the envelope sender address. @@ -59,6 +57,8 @@ PIPE(8) PIPE(8) user=username:groupname The external command is executed with the rights of + the specified username. The software refuses to + execute commands with root privileges, or with the @@ -71,8 +71,6 @@ PIPE(8) PIPE(8) PIPE(8) PIPE(8) - the specified username. The software refuses to - execute commands with root privileges, or with the privileges of the mail system owner. If groupname is specified, the corresponding group ID is used instead of the group ID of username. @@ -125,6 +123,8 @@ PIPE(8) PIPE(8) tains ${recipient} expands into as many com- mand-line arguments as there are recipients. + ${sender} + This macro expands to the envelope sender @@ -137,8 +137,6 @@ PIPE(8) PIPE(8) PIPE(8) PIPE(8) - ${sender} - This macro expands to the envelope sender address. ${size} @@ -190,7 +188,9 @@ PIPE(8) PIPE(8) transport_destination_concurrency_limit Limit the number of parallel deliveries to the same destination, for delivery via the named transport. - The default limit is taken from the + The default limit is taken from the default_desti- + nation_concurrency_limit parameter. The limit is + enforced by the Postfix queue manager. @@ -203,21 +203,18 @@ PIPE(8) PIPE(8) PIPE(8) PIPE(8) - default_destination_concurrency_limit parameter. - The limit is enforced by the Postfix queue manager. - transport_destination_recipient_limit - Limit the number of recipients per message deliv- - ery, for delivery via the named transport. The - default limit is taken from the default_destina- - tion_recipient_limit parameter. The limit is + Limit the number of recipients per message deliv- + ery, for delivery via the named transport. The + default limit is taken from the default_destina- + tion_recipient_limit parameter. The limit is enforced by the Postfix queue manager. transport_time_limit - Limit the time for delivery to external command, - for delivery via the named transport. The default - limit is taken from the command_time_limit parame- - ter. The limit is enforced by the Postfix queue + Limit the time for delivery to external command, + for delivery via the named transport. The default + limit is taken from the command_time_limit parame- + ter. The limit is enforced by the Postfix queue manager. SEE ALSO @@ -227,7 +224,7 @@ PIPE(8) PIPE(8) syslogd(8) system logging LICENSE - The Secure Mailer license must be distributed with this + The Secure Mailer license must be distributed with this software. AUTHOR(S) @@ -256,6 +253,9 @@ PIPE(8) PIPE(8) + + + diff --git a/postfix/html/smtp.8.html b/postfix/html/smtp.8.html index 1529182fb..05e2d06e6 100644 --- a/postfix/html/smtp.8.html +++ b/postfix/html/smtp.8.html @@ -75,9 +75,6 @@ SMTP(8) SMTP(8) command after a configuration change. Miscellaneous - append_dot_mydomain - Rewrite user@host to user@host.$mydomain. - best_mx_transport Name of the delivery transport to use when the local machine is the most-preferred mail exchanger @@ -126,6 +123,9 @@ SMTP(8) SMTP(8) smtp_always_send_ehlo Always send EHLO at the start of a connection. + smtp_skip_4xx_greeting + Skip servers that greet us with a 4xx status code. + 2 @@ -137,9 +137,6 @@ SMTP(8) SMTP(8) SMTP(8) SMTP(8) - smtp_skip_4xx_greeting - Skip servers that greet us with a 4xx status code. - smtp_skip_5xx_greeting Skip servers that greet us with a 5xx status code. @@ -191,6 +188,9 @@ SMTP(8) SMTP(8) ery. The default limit is taken from the default_destination_recipient_limit parameter. +Timeout controls + smtp_connect_timeout + Timeout in seconds for completing a TCP connection. @@ -203,9 +203,6 @@ SMTP(8) SMTP(8) SMTP(8) SMTP(8) -Timeout controls - smtp_connect_timeout - Timeout in seconds for completing a TCP connection. When no connection can be made within the deadline, the SMTP client tries the next address on the mail exchanger list. @@ -257,6 +254,9 @@ SMTP(8) SMTP(8) The Secure Mailer license must be distributed with this software. +AUTHOR(S) + Wietse Venema + IBM T.J. Watson Research @@ -269,9 +269,6 @@ SMTP(8) SMTP(8) SMTP(8) SMTP(8) -AUTHOR(S) - Wietse Venema - IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA @@ -322,6 +319,9 @@ SMTP(8) SMTP(8) + + + diff --git a/postfix/html/transport.5.html b/postfix/html/transport.5.html index 9b760ccd3..31c595d35 100644 --- a/postfix/html/transport.5.html +++ b/postfix/html/transport.5.html @@ -84,47 +84,47 @@ TRANSPORT(5) TRANSPORT(5) names. EXAMPLES - In order to send mail for foo.org and its subdomains - via the uucp transport to the UUCP host named foo: + In order to send mail for foo.org and its subdomains via + the uucp transport to the UUCP host named foo: foo.org uucp:foo .foo.org uucp:foo - When no nexthop host name is specified, the destination domain - name is used instead. For example, the following directs mail for - user@foo.org via the slow transport to a mail - exchanger for foo.org. The slow transport could be - something that runs at most one delivery process at a time: + When no nexthop host name is specified, the destination + domain name is used instead. For example, the following + directs mail for user@foo.org via the slow transport to a + mail exchanger for foo.org. The slow transport could be + something that runs at most one delivery process at a + time: foo.org slow: - When no transport is specified, the default transport is + When no transport is specified, the default transport is used, as specified via the default_transport configuration - parameter. The following sends all mail for foo.org and its - subdomains to host gateway.foo.org: + parameter. The following sends all mail for foo.org and + its subdomains to host gateway.foo.org: foo.org :[gateway.foo.org] .foo.org :[gateway.foo.org] - In the above example, the [] are used to suppress MX lookups. - The result would likely point to your local machine. + In the above example, the [] are used to suppress MX + lookups. The result would likely point to your local + machine. - In the case of delivery via SMTP, one may specify - hostname:service instead of just a host: + In the case of delivery via SMTP, one may specify host- + name:service instead of just a host: foo.org smtp:bar.org:2025 - This directs mail for user@foo.org to host bar.org - port 2025. Instead of a numerical port a symbolic name may be - used. Specify [] around the destination in order to disable MX lookups. + This directs mail for user@foo.org to host bar.org port + 2025. Instead of a numerical port a symbolic name may be + used. Specify [] around the destination in order to dis- + able MX lookups. The error mailer can be used to bounce mail: - .foo.org error:mail for *.foo.org is not deliverable - - This causes all mail for user@anything.foo.org - to be bounced. - + .foo.org error:mail for *.foo.org is not deliv- + erable @@ -137,28 +137,31 @@ TRANSPORT(5) TRANSPORT(5) TRANSPORT(5) TRANSPORT(5) + This causes all mail for user@anything.foo.org to be + bounced. + REGULAR EXPRESSION TABLES - This section describes how the table lookups change when + This section describes how the table lookups change when the table is given in the form of regular expressions. For - a description of regular expression lookup table syntax, + a description of regular expression lookup table syntax, see regexp_table(5) or pcre_table(5). - Each pattern is a regular expression that is applied to + Each pattern is a regular expression that is applied to the entire domain being looked up. Thus, some.domain.hier- archy is not broken up into parent domains. - Patterns are applied in the order as specified in the - table, until a pattern is found that matches the search + Patterns are applied in the order as specified in the + table, until a pattern is found that matches the search string. - Results are the same as with normal indexed file lookups, - with the additional feature that parenthesized substrings - from the pattern can be interpolated as $1, $2 and so on. + Results are the same as with normal indexed file lookups, + with the additional feature that parenthesized substrings + from the pattern can be interpolated as $1, $2 and so on. CONFIGURATION PARAMETERS - The following main.cf parameters are especially relevant - to this topic. See the Postfix main.cf file for syntax - details and for default values. Use the postfix reload + The following main.cf parameters are especially relevant + to this topic. See the Postfix main.cf file for syntax + details and for default values. Use the postfix reload command after a configuration change. transport_maps @@ -167,7 +170,7 @@ TRANSPORT(5) TRANSPORT(5) Other parameters of interest: default_transport - The transport to use when no transport is explic- + The transport to use when no transport is explic- itly specified. relayhost @@ -181,20 +184,83 @@ TRANSPORT(5) TRANSPORT(5) regexp_table(5) format of POSIX regular expression tables LICENSE - The Secure Mailer license must be distributed with this + The Secure Mailer license must be distributed with this software. AUTHOR(S) Wietse Venema IBM T.J. Watson Research P.O. Box 704 - Yorktown Heights, NY 10598, USA - - 3 + + + +TRANSPORT(5) TRANSPORT(5) + + + Yorktown Heights, NY 10598, USA + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + 4 + + diff --git a/postfix/html/virtual.5.html b/postfix/html/virtual.5.html index 6e3daa2ab..5f6065006 100644 --- a/postfix/html/virtual.5.html +++ b/postfix/html/virtual.5.html @@ -43,6 +43,7 @@ VIRTUAL(5) VIRTUAL(5) lowing: virtual.domain anything (right-hand content does not matter) + postmaster@virtual.domain postmaster user1@virtual.domain address1 user2@virtual.domain address2, address3 @@ -57,8 +58,7 @@ VIRTUAL(5) VIRTUAL(5) Blank lines are ignored, as are lines beginning with `#'. - pattern result - When pattern matches a mail address, replace it by + @@ -71,6 +71,8 @@ VIRTUAL(5) VIRTUAL(5) VIRTUAL(5) VIRTUAL(5) + pattern result + When pattern matches a mail address, replace it by the corresponding result. With lookups from indexed files such as DB or DBM, or from @@ -124,8 +126,6 @@ VIRTUAL(5) VIRTUAL(5) table, until a pattern is found that matches the search string. - Results are the same as with normal indexed file lookups, - 2 @@ -137,6 +137,7 @@ VIRTUAL(5) VIRTUAL(5) VIRTUAL(5) VIRTUAL(5) + Results are the same as with normal indexed file lookups, with the additional feature that parenthesized substrings from the pattern can be interpolated as $1, $2 and so on. @@ -193,7 +194,6 @@ VIRTUAL(5) VIRTUAL(5) - 3 diff --git a/postfix/local/recipient.c b/postfix/local/recipient.c index 4db844173..dbc7bc0f6 100644 --- a/postfix/local/recipient.c +++ b/postfix/local/recipient.c @@ -158,6 +158,12 @@ static int deliver_switch(LOCAL_STATE state, USER_ATTR usr_attr) && strcasecmp(state.msg_attr.owner, state.msg_attr.user) != 0) return (deliver_indirect(state)); + /* + * Always forward recipients in :include: files. + */ + if (state.msg_attr.exp_type = EXPAND_TYPE_INCL) + return (deliver_indirect(state)); + /* * Delivery to local user. First try expansion of the recipient's * $HOME/.forward file, then mailbox delivery. diff --git a/postfix/man/man5/transport.5 b/postfix/man/man5/transport.5 index 12fa3c273..97cafb564 100644 --- a/postfix/man/man5/transport.5 +++ b/postfix/man/man5/transport.5 @@ -70,6 +70,7 @@ can also be used with IP addresses instead of hostnames. .na .nf .ad +.fi In order to send mail for \fBfoo.org\fR and its subdomains via the \fBuucp\fR transport to the UUCP host named \fBfoo\fR: diff --git a/postfix/man/man5/virtual.5 b/postfix/man/man5/virtual.5 index e03f6d7da..092ef209c 100644 --- a/postfix/man/man5/virtual.5 +++ b/postfix/man/man5/virtual.5 @@ -43,6 +43,7 @@ Typical support for a virtual domain looks like the following: .in +4 .nf \fIvirtual.domain anything\fR (right-hand content does not matter) +\fIpostmaster@virtual.domain postmaster\fR \fIuser1@virtual.domain address1\fR \fIuser2@virtual.domain address2, address3\fR .fi diff --git a/postfix/man/man8/pipe.8 b/postfix/man/man8/pipe.8 index 65ce68a8c..13a569674 100644 --- a/postfix/man/man8/pipe.8 +++ b/postfix/man/man8/pipe.8 @@ -41,8 +41,7 @@ when preceded by a blank line. .IP \fBF\fR Prepend a "\fBFrom \fIsender time_stamp\fR" envelope header to the message content. -This is expected by, for example, \fBUUCP\fR software. The \fBF\fR -flag also causes an empty line to be appended to the message. +This is expected by, for example, \fBUUCP\fR software. .IP \fBR\fR Prepend a \fBReturn-Path:\fR message header with the envelope sender address. diff --git a/postfix/man/man8/smtp.8 b/postfix/man/man8/smtp.8 index 2942eb9ff..bcf367a20 100644 --- a/postfix/man/man8/smtp.8 +++ b/postfix/man/man8/smtp.8 @@ -72,8 +72,6 @@ a configuration change. .SH Miscellaneous .ad .fi -.IP \fBappend_dot_mydomain\fR -Rewrite \fIuser\fR@\fIhost\fR to \fIuser\fR@\fIhost\fR.$\fBmydomain\fR. .IP \fBbest_mx_transport\fR Name of the delivery transport to use when the local machine is the most-preferred mail exchanger (by default, a mailer diff --git a/postfix/pipe/pipe.c b/postfix/pipe/pipe.c index e85e328f1..2a777833e 100644 --- a/postfix/pipe/pipe.c +++ b/postfix/pipe/pipe.c @@ -33,8 +33,7 @@ /* .IP \fBF\fR /* Prepend a "\fBFrom \fIsender time_stamp\fR" envelope header to /* the message content. -/* This is expected by, for example, \fBUUCP\fR software. The \fBF\fR -/* flag also causes an empty line to be appended to the message. +/* This is expected by, for example, \fBUUCP\fR software. /* .IP \fBR\fR /* Prepend a \fBReturn-Path:\fR message header with the envelope sender /* address. diff --git a/postfix/postalias/postalias.c b/postfix/postalias/postalias.c index 3ff298489..e38e183fc 100644 --- a/postfix/postalias/postalias.c +++ b/postfix/postalias/postalias.c @@ -263,6 +263,12 @@ static void postalias(char *map_type, char *path_name, mkmap_append(mkmap, STR(key_buffer), STR(value_buffer)); } + /* + * Update or append sendmail and NIS signatures. + */ + if ((open_flags & O_TRUNC) == 0) + mkmap->dict->flags |= DICT_FLAG_DUP_REPLACE; + /* * Sendmail compatibility: add the @:@ signature to indicate that the * database is complete. This might be needed by NIS clients running @@ -328,7 +334,7 @@ static int postalias_delete(const char *map_type, const char *map_name, dict = dict_open3(map_type, map_name, O_RDWR, DICT_FLAG_LOCK); status = dict_del(dict, key); dict_close(dict); - return (status); + return (status == 0); } /* usage - explain */ diff --git a/postfix/proto/transport b/postfix/proto/transport index 0905cd583..81fd35733 100644 --- a/postfix/proto/transport +++ b/postfix/proto/transport @@ -60,6 +60,7 @@ # can also be used with IP addresses instead of hostnames. # EXAMPLES # .ad +# .fi # In order to send mail for \fBfoo.org\fR and its subdomains # via the \fBuucp\fR transport to the UUCP host named \fBfoo\fR: # diff --git a/postfix/proto/virtual b/postfix/proto/virtual index c7dfc70a5..1b706dffe 100644 --- a/postfix/proto/virtual +++ b/postfix/proto/virtual @@ -35,6 +35,7 @@ # .in +4 # .nf # \fIvirtual.domain anything\fR (right-hand content does not matter) +# \fIpostmaster@virtual.domain postmaster\fR # \fIuser1@virtual.domain address1\fR # \fIuser2@virtual.domain address2, address3\fR # .fi diff --git a/postfix/smtp/smtp.c b/postfix/smtp/smtp.c index 5a5b30b20..d9d54357e 100644 --- a/postfix/smtp/smtp.c +++ b/postfix/smtp/smtp.c @@ -56,8 +56,6 @@ /* .SH Miscellaneous /* .ad /* .fi -/* .IP \fBappend_dot_mydomain\fR -/* Rewrite \fIuser\fR@\fIhost\fR to \fIuser\fR@\fIhost\fR.$\fBmydomain\fR. /* .IP \fBbest_mx_transport\fR /* Name of the delivery transport to use when the local machine /* is the most-preferred mail exchanger (by default, a mailer @@ -241,7 +239,6 @@ char *var_smtp_sasl_opts; char *var_smtp_sasl_passwd; bool var_smtp_sasl_enable; char *var_smtp_bind_addr; -bool var_append_dot_mydomain; /* * Global variables. smtp_errno is set by the address lookup routines and by @@ -411,7 +408,6 @@ int main(int argc, char **argv) VAR_SKIP_QUIT_RESP, DEF_SKIP_QUIT_RESP, &var_skip_quit_resp, VAR_SMTP_ALWAYS_EHLO, DEF_SMTP_ALWAYS_EHLO, &var_smtp_always_ehlo, VAR_SMTP_SASL_ENABLE, DEF_SMTP_SASL_ENABLE, &var_smtp_sasl_enable, - VAR_APP_DOT_MYDOMAIN, DEF_APP_DOT_MYDOMAIN, &var_append_dot_mydomain, 0, }; diff --git a/postfix/smtp/smtp_unalias.c b/postfix/smtp/smtp_unalias.c index f92fb2477..91cf6f989 100644 --- a/postfix/smtp/smtp_unalias.c +++ b/postfix/smtp/smtp_unalias.c @@ -50,10 +50,6 @@ #include #include -/* Global library. */ - -#include - /* DNS library. */ #include @@ -77,11 +73,8 @@ const char *smtp_unalias_name(const char *name) * after servicing a limited number of requests, so there is no need to * prevent the cache from growing too large, or to expire old entries. */ - if (cache == 0) { + if (cache == 0) cache = htable_create(10); - if (var_append_dot_mydomain == 0) - smtp_unalias_flags |= RES_DNSRCH; - } /* * Look up the fqdn. If none is found use the query name instead, so that diff --git a/postfix/smtpd/smtpd_sasl_proto.c b/postfix/smtpd/smtpd_sasl_proto.c index 8e762f41f..8b9834554 100644 --- a/postfix/smtpd/smtpd_sasl_proto.c +++ b/postfix/smtpd/smtpd_sasl_proto.c @@ -176,10 +176,12 @@ char *smtpd_sasl_mail_opt(SMTPD_STATE *state, const char *addr) state->error_mask |= MAIL_ERROR_PROTOCOL; return ("503 Error: authentication disabled"); } +#if 0 if (state->sasl_username == 0) { state->error_mask |= MAIL_ERROR_PROTOCOL; return ("503 Error: send AUTH command first"); } +#endif if (state->sasl_sender != 0) { state->error_mask |= MAIL_ERROR_PROTOCOL; return ("503 Error: multiple AUTH= options"); diff --git a/postfix/util/dict_tcp.c b/postfix/util/dict_tcp.c index 1cb4b1504..a862a5f2c 100644 --- a/postfix/util/dict_tcp.c +++ b/postfix/util/dict_tcp.c @@ -13,21 +13,21 @@ /* DESCRIPTION /* dict_tcp_open() makes a TCP server accessible via the generic /* dictionary operations described in dict_open(3). -/* The \fIdummy\fR argument is not used. Server access is read-only -/* (i.e., only lookups are implemented). +/* The \fIdummy\fR argument is not used. The only implemented +/* operation is dictionary lookup. /* /* Map names have the form host:port. /* -/* The map implements a very simple protocol: the query is sent as -/* one line of text, and the reply is sent back in the same format. -/* Data is sent as a newline-terminated string. % and non-printable -/* characters are replaced by %xx, xx being the corresponding -/* hexadecimal value. +/* The TCP map class implements a very simple protocol: a query is sent +/* as one line of text, and a reply is sent back in the same format. +/* % and non-printable characters are replaced by %xx, xx being the +/* corresponding hexadecimal value. /* SEE ALSO /* dict(3) generic dictionary manager +/* hex_quote(3) http-style quoting /* DIAGNOSTICS /* Fatal errors: out of memory, unknown host or service name, -/* attempt to update map. +/* attempt to update or iterate over map. /* LICENSE /* .ad /* .fi @@ -63,8 +63,8 @@ typedef struct { DICT dict; /* generic members */ char *map; /* server host:port */ - VSTRING *raw_buf; /* raw buffer */ - VSTRING *hex_buf; /* hexified buffer */ + VSTRING *raw_buf; /* raw I/O buffer */ + VSTRING *hex_buf; /* quoted I/O buffer */ VSTREAM *fp; /* I/O stream */ } DICT_TCP; @@ -73,12 +73,48 @@ typedef struct { #define STR(x) vstring_str(x) +/* dict_tcp_connect - connect to TCP server */ + +static int dict_tcp_connect(DICT_TCP *dict_tcp) +{ + int fd; + + /* + * Connect to the server. Enforce a time limit on read/write operations + * so that we do not get stuck. + */ + if ((fd = inet_connect(dict_tcp->map, BLOCKING, 0)) < 0) { + msg_warn("connect to TCP map %s: %m", dict_tcp->map); + return (-1); + } + dict_tcp->fp = vstream_fdopen(fd, O_RDWR); + vstream_control(dict_tcp->fp, + VSTREAM_CTL_TIMEOUT, DICT_TCP_TMOUT, + VSTREAM_CTL_END); + + /* + * Allocate per-map I/O buffers on the fly. + */ + if (dict_tcp->raw_buf == 0) { + dict_tcp->raw_buf = vstring_alloc(10); + dict_tcp->hex_buf = vstring_alloc(10); + } + return (0); +} + +/* dict_tcp_disconnect - disconnect from TCP server */ + +static void dict_tcp_disconnect(DICT_TCP *dict_tcp) +{ + (void) vstream_fclose(dict_tcp->fp); + dict_tcp->fp = 0; +} + /* dict_tcp_lookup - query TCP server */ static const char *dict_tcp_lookup(DICT *dict, const char *key) { DICT_TCP *dict_tcp = (DICT_TCP *) dict; - int fd; int i; dict_errno = 0; @@ -86,7 +122,7 @@ static const char *dict_tcp_lookup(DICT *dict, const char *key) for (i = 0; /* see below */ ; i++) { /* - * Try to connect a few times before giving up. + * Try to connect a limited number of times before giving up. */ if (i >= DICT_TCP_MAXTRY) { dict_errno = DICT_ERR_RETRY; @@ -94,36 +130,22 @@ static const char *dict_tcp_lookup(DICT *dict, const char *key) } /* - * Sleep between connection attempts. + * Sleep between attempts, instead of hammering the server. */ if (i > 0) sleep(1); /* - * Try to connect to the server. + * Connect to the server. */ - if (dict_tcp->fp == 0) { - if ((fd = inet_connect(dict_tcp->map, BLOCKING, 0)) < 0) { - msg_warn("connect to TCP map %s: %m", dict_tcp->map); + if (dict_tcp->fp == 0) + if (dict_tcp_connect(dict_tcp) < 0) continue; - } - dict_tcp->fp = vstream_fdopen(fd, O_RDWR); - vstream_control(dict_tcp->fp, - VSTREAM_CTL_TIMEOUT, DICT_TCP_TMOUT, - VSTREAM_CTL_END); - } - - /* - * Allocate per-map buffers on the fly. - */ - if (dict_tcp->raw_buf == 0) { - dict_tcp->raw_buf = vstring_alloc(10); - dict_tcp->hex_buf = vstring_alloc(10); - } /* * Send query and receive response. Both are %XX quoted and both are - * terminated by newline. + * terminated by newline. This encoding is convenient for data that + * is mostly text. */ hex_quote(dict_tcp->hex_buf, key); vstream_fprintf(dict_tcp->fp, "%s\n", STR(dict_tcp->hex_buf)); @@ -140,8 +162,7 @@ static const char *dict_tcp_lookup(DICT *dict, const char *key) /* * That did not work. Clean up and try again. */ - (void) vstream_fclose(dict_tcp->fp); - dict_tcp->fp = 0; + dict_tcp_disconnect(dict_tcp); } } @@ -154,6 +175,25 @@ static void dict_tcp_update(DICT *dict, const char *unused_name, const char *unu msg_fatal("dict_tcp_update: attempt to update map %s", dict_tcp->map); } +/* dict_tcp_delete - remove table entry */ + +static int dict_tcp_delete(DICT *dict, const char *unused_name) +{ + DICT_TCP *dict_tcp = (DICT_TCP *) dict; + + msg_fatal("dict_tcp_delete: attempt to update map %s", dict_tcp->map); +} + +/* dict_tcp_sequence - iterate over table */ + +static int dict_tcp_sequence(DICT *dict, int unused_func, + const char **unused_name, const char **unused_value) +{ + DICT_TCP *dict_tcp = (DICT_TCP *) dict; + + msg_fatal("dict_tcp_sequence: attempt to iterate map %s", dict_tcp->map); +} + /* dict_tcp_close - close TCP map */ static void dict_tcp_close(DICT *dict) @@ -183,6 +223,8 @@ DICT *dict_tcp_open(const char *map, int unused_flags, int dict_flags) dict_tcp->raw_buf = dict_tcp->hex_buf = 0; dict_tcp->dict.lookup = dict_tcp_lookup; dict_tcp->dict.update = dict_tcp_update; + dict_tcp->dict.delete = dict_tcp_delete; + dict_tcp->dict.sequence = dict_tcp_sequence; dict_tcp->dict.close = dict_tcp_close; dict_tcp->dict.fd = -1; dict_tcp->map = mystrdup(map);