mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-22 09:57:34 +00:00
Code Issues Releases Wiki Activity

postfix-2.10-20120801

Browse Source
This commit is contained in:
Wietse Venema 2012-08-01 00:00:00 -05:00 committed by Viktor Dukhovni
parent 7f53bacbb8
commit 678c09702b
23 changed files with 231 additions and 104 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
postfix/HISTORY
View File

@ -17901,3 +17901,20 @@ Apologies for any names omitted.
buffer size that will be used with the next read(2) or
write(2) operation. Files: util/vstream.c, util/vstream.h,
util/vstream_tweak.c.
20120717
Documentation: update to RFC5321.
20120730
Bugfix (introduced: 20000314): AUTH is not allowed after
MAIL. Timo Sirainen. Files: smtpd/smtpd.c, smtpd/smtpd.h,
smtpd/smtpd_sasl_proto.c.
20120801
Documentation: point of what virtual_xxx parameters are
specific to the virtual(8) delivery agent, and will have
no effect when mail is delivered with a different program.
Files: proto/postconf.proto, proto/VIRTUAL_README.html.

5
postfix/README_FILES/VIRTUAL_README
View File

@ -259,7 +259,10 @@ More details about the virtual mailbox delivery agent are given in the virtual
NNoonn--PPoossttffiixx mmaaiillbbooxx ssttoorree:: sseeppaarraattee ddoommaaiinnss,, nnoonn--UUNNIIXX aaccccoouunnttss
This is a variation on the Postfix virtual mailbox example. Again, every hosted
address can have its own mailbox.
address can have its own mailbox. However, most parameters that control the
virtual(8) delivery agent are no longer applicable: only
virtual_mailbox_domains and virtual_mailbox_maps stay in effect. These
parameters are needed to reject mail for unknown recipients.
While non-Postfix software is being used for final delivery, some Postfix
concepts are still needed in order to glue everything together. For additional

10
postfix/html/VIRTUAL_README.html
View File

@ -260,8 +260,8 @@ section at the top of this document.</p>
3 <a href="postconf.5.html#virtual_mailbox_base">virtual_mailbox_base</a> = /var/mail/vhosts
4 <a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> = hash:/etc/postfix/vmailbox
5 <a href="postconf.5.html#virtual_minimum_uid">virtual_minimum_uid</a> = 100
6 <a href="postconf.5.html#virtual_uid_maps">virtual_uid_maps</a> = static:5000
7 <a href="postconf.5.html#virtual_gid_maps">virtual_gid_maps</a> = static:5000
6 <a href="postconf.5.html#virtual_uid_maps">virtual_uid_maps</a> = <a href="DATABASE_README.html#types">static</a>:5000
7 <a href="postconf.5.html#virtual_gid_maps">virtual_gid_maps</a> = <a href="DATABASE_README.html#types">static</a>:5000
8 <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = hash:/etc/postfix/virtual
9
10 /etc/postfix/vmailbox:
@ -357,7 +357,11 @@ in the <a href="virtual.8.html">virtual(8)</a> manual page. </p>
domains, non-UNIX accounts</a></h2>
<p> This is a variation on the Postfix <a href="VIRTUAL_README.html#virtual_mailbox">virtual mailbox example</a>.
Again, every hosted address can have its own mailbox. </p>
Again, every hosted address can have its own mailbox. However, most
parameters that control the <a href="virtual.8.html">virtual(8)</a> delivery agent are no longer
applicable: only <a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> and <a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>
stay in effect. These parameters are needed to reject mail for
unknown recipients. </p>
<p> While non-Postfix software is being used for final delivery,
some Postfix concepts are still needed in order to glue everything

3
postfix/html/lmtp.8.html
View File

@ -115,6 +115,7 @@ SMTP(8) SMTP(8)
<a href="http://tools.ietf.org/html/rfc3461">RFC 3461</a> (SMTP DSN Extension)
<a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced Status Codes)
<a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a> (AUTH command)
<a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a> (SMTP protocol)
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8). Cor-
@ -194,7 +195,7 @@ SMTP(8) SMTP(8)
<b><a href="postconf.5.html#smtp_quote_rfc821_envelope">smtp_quote_rfc821_envelope</a> (yes)</b>
Quote addresses in Postfix SMTP client MAIL FROM
and RCPT TO commands as required by <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>.
and RCPT TO commands as required by <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
<b><a href="postconf.5.html#smtp_reply_filter">smtp_reply_filter</a> (empty)</b>
A mechanism to transform replies from remote SMTP

62
postfix/html/postconf.5.html
View File

@ -96,7 +96,7 @@ is hard-coded as "450".
</p>
<p>
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>.
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
<p>
@ -115,7 +115,7 @@ an <a href="access.5.html">access(5)</a> map "reject" action.
</p>
<p>
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>.
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
@ -2398,7 +2398,7 @@ client request is rejected by the "defer" restriction.
</p>
<p>
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>.
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
@ -3646,7 +3646,7 @@ restriction.
</p>
<p>
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>.
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
@ -5630,7 +5630,7 @@ client request is blocked by the <a href="postconf.5.html#reject_rbl_client">rej
</p>
<p>
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>.
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
@ -6369,7 +6369,7 @@ restriction.
</p>
<p>
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>.
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
<p>
@ -8416,7 +8416,7 @@ client request is rejected by the "reject" restriction.
</p>
<p>
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>.
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
@ -8543,7 +8543,7 @@ restriction.
</p>
<p>
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>.
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
@ -10003,12 +10003,12 @@ The default time unit is s (seconds).
<p>
Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO commands
as required
by <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>. This includes putting quotes around an address localpart
by <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>. This includes putting quotes around an address localpart
that ends in ".".
</p>
<p>
The default is to comply with <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>. If you have to send mail to
The default is to comply with <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>. If you have to send mail to
a broken SMTP server, configure a special SMTP client in <a href="master.5.html">master.cf</a>:
</p>
@ -16611,7 +16611,7 @@ always 450 in case of a temporary DNS error.
</p>
<p>
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>.
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
@ -16644,7 +16644,7 @@ with 450 when the mapping failed due to a temporary error condition.
</p>
<p>
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>.
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
@ -16675,7 +16675,7 @@ specified with the HELO or EHLO command is rejected by the
</p>
<p>
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>.
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
@ -16775,7 +16775,7 @@ accept the address anyway.
</p>
<p>
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>.
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
<p>
@ -16799,7 +16799,7 @@ accept the address anyway.
</p>
<p>
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>.
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
<p>
@ -16857,7 +16857,7 @@ accept the address anyway.
</p>
<p>
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>.
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
<p>
@ -16881,7 +16881,7 @@ accept the address anyway.
</p>
<p>
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>.
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
<p>
@ -17088,6 +17088,10 @@ Lookup tables with the per-recipient group ID for <a href="virtual.8.html">virtu
delivery.
</p>
<p> This parameter is specific to the <a href="virtual.8.html">virtual(8)</a> delivery agent.
It does not apply when mail is delivered with a different mail
delivery program. </p>
<p>
In a lookup table, specify a left-hand side of "@domain.tld" to
match any user in the specified domain that does not have a specific
@ -17128,6 +17132,10 @@ file system with mailboxes. While <a href="postconf.5.html#virtual_mailbox_base
set to "/", this setting isn't recommended.
</p>
<p> This parameter is specific to the <a href="virtual.8.html">virtual(8)</a> delivery agent.
It does not apply when mail is delivered with a different mail
delivery program. </p>
<p>
Example:
</p>
@ -17167,6 +17175,10 @@ value is backwards compatible with Postfix version 1.1.
The maximal size in bytes of an individual <a href="virtual.8.html">virtual(8)</a> mailbox or
maildir file, or zero (no limit). </p>
<p> This parameter is specific to the <a href="virtual.8.html">virtual(8)</a> delivery agent.
It does not apply when mail is delivered with a different mail
delivery program. </p>
</DD>
@ -17179,6 +17191,10 @@ delivery. For a list of available file locking methods, use the
"<b>postconf -l</b>" command.
</p>
<p> This parameter is specific to the <a href="virtual.8.html">virtual(8)</a> delivery agent.
It does not apply when mail is delivered with a different mail
delivery program. </p>
<p>
This setting is ignored with <b>maildir</b> style delivery, because
such deliveries are safe without application-level locks.
@ -17211,6 +17227,10 @@ match any user in the specified domain that does not have a specific
"user@domain.tld" entry.
</p>
<p> The remainder of this text is specific to the <a href="virtual.8.html">virtual(8)</a> delivery
agent. It does not apply when mail is delivered with a different
mail delivery program. </p>
<p>
The <a href="virtual.8.html">virtual(8)</a> delivery agent uses this table to look up the
per-recipient mailbox or maildir pathname. If the lookup result
@ -17266,6 +17286,10 @@ values less than this will be rejected, and the message will be
deferred.
</p>
<p> This parameter is specific to the <a href="virtual.8.html">virtual(8)</a> delivery agent.
It does not apply when mail is delivered with a different mail
delivery program. </p>
</DD>
@ -17300,6 +17324,10 @@ Lookup tables with the per-recipient user ID that the <a href="virtual.8.html">v
delivery agent uses while writing to the recipient's mailbox.
</p>
<p> This parameter is specific to the <a href="virtual.8.html">virtual(8)</a> delivery agent.
It does not apply when mail is delivered with a different mail
delivery program. </p>
<p>
In a lookup table, specify a left-hand side of "@domain.tld"
to match any user in the specified domain that does not have a

2
postfix/html/postqueue.1.html
View File

@ -73,7 +73,7 @@ POSTQUEUE(1) POSTQUEUE(1)
<b>-s</b> <i>site</i>
Schedule immediate delivery of all mail that is
queued for the named <i>site</i>. A numerical site must be
specified as a valid <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a> address literal
specified as a valid <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a> address literal
enclosed in [], just like in email addresses. The
site must be eligible for the "fast flush" service.
See <a href="flush.8.html"><b>flush</b>(8)</a> for more information about the "fast

32
postfix/html/postscreen.8.html
View File

@ -78,24 +78,24 @@ POSTSCREEN(8) POSTSCREEN(8)
<b>BUGS</b>
The <a href="postscreen.8.html"><b>postscreen</b>(8)</a> built-in SMTP protocol engine currently
does not announce support for AUTH, XCLIENT or XFORWARD.
Support for AUTH may be added in the future. In the mean
time, if you need to make these services available on port
25, then do not enable the optional "after 220 server
greeting" tests, and do not use DNSBLs that reject traffic
from dial-up and residential networks.
If you need to make these services available on port 25,
then do not enable the optional "after 220 server greet-
ing" tests, and do not use DNSBLs that reject traffic from
dial-up and residential networks.
The optional "after 220 server greeting" tests involve
<a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s built-in SMTP protocol engine. When these
The optional "after 220 server greeting" tests involve
<a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s built-in SMTP protocol engine. When these
tests succeed, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> adds the client to the tempo-
rary whitelist but it cannot not hand off the "live" con-
nection to a Postfix SMTP server process in the middle of
a session. Instead, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> defers attempts to
deliver mail with a 4XX status, and waits for the client
to disconnect. The next time a good client connects, it
will be allowed to talk to a Postfix SMTP server process
to deliver mail. <a href="postscreen.8.html"><b>postscreen</b>(8)</a> mitigates the impact of
this limitation by giving such tests a long expiration
time.
rary whitelist, but it cannot not hand off the "live" con-
nection to a Postfix SMTP server process in the middle of
a session. Instead, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> defers attempts to
deliver mail with a 4XX status, and waits for the client
to disconnect. When the client connects again,
<a href="postscreen.8.html"><b>postscreen</b>(8)</a> will allow the client to talk to a Postfix
SMTP server process (provided that the whitelist status
has not expired). <a href="postscreen.8.html"><b>postscreen</b>(8)</a> mitigates the impact of
this limitation by giving the "after 220 server greeting"
tests a long expiration time.
<b>CONFIGURATION PARAMETERS</b>
Changes to <a href="postconf.5.html">main.cf</a> are not picked up automatically, as

3
postfix/html/smtp.8.html
View File

@ -115,6 +115,7 @@ SMTP(8) SMTP(8)
<a href="http://tools.ietf.org/html/rfc3461">RFC 3461</a> (SMTP DSN Extension)
<a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced Status Codes)
<a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a> (AUTH command)
<a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a> (SMTP protocol)
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8). Cor-
@ -194,7 +195,7 @@ SMTP(8) SMTP(8)
<b><a href="postconf.5.html#smtp_quote_rfc821_envelope">smtp_quote_rfc821_envelope</a> (yes)</b>
Quote addresses in Postfix SMTP client MAIL FROM
and RCPT TO commands as required by <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>.
and RCPT TO commands as required by <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
<b><a href="postconf.5.html#smtp_reply_filter">smtp_reply_filter</a> (empty)</b>
A mechanism to transform replies from remote SMTP

1
postfix/html/smtpd.8.html
View File

@ -59,6 +59,7 @@ SMTPD(8) SMTPD(8)
<a href="http://tools.ietf.org/html/rfc3848">RFC 3848</a> (ESMTP transmission types)
<a href="http://tools.ietf.org/html/rfc4409">RFC 4409</a> (Message submission)
<a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a> (AUTH command)
<a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a> (SMTP protocol)
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8).

2
postfix/man/man1/postqueue.1
View File

@ -66,7 +66,7 @@ attempt will be made until the mail is taken off hold.
.RE
.IP "\fB-s \fIsite\fR"
Schedule immediate delivery of all mail that is queued for the named
\fIsite\fR. A numerical site must be specified as a valid RFC 2821
\fIsite\fR. A numerical site must be specified as a valid RFC 5321
address literal enclosed in [], just like in email addresses.
The site must be eligible for the "fast flush" service.
See \fBflush\fR(8) for more information about the "fast flush"

62
postfix/man/man5/postconf.5
View File

@ -69,14 +69,14 @@ an \fBaccess\fR(5) map "defer" action, including "defer_if_permit"
or "defer_if_reject". Prior to Postfix 2.6, the response
is hard-coded as "450".
.PP
Do not change this unless you have a complete understanding of RFC 2821.
Do not change this unless you have a complete understanding of RFC 5321.
.PP
This feature is available in Postfix 2.6 and later.
.SH access_map_reject_code (default: 554)
The numerical Postfix SMTP server response code for
an \fBaccess\fR(5) map "reject" action.
.PP
Do not change this unless you have a complete understanding of RFC 2821.
Do not change this unless you have a complete understanding of RFC 5321.
.SH address_verify_cache_cleanup_interval (default: 12h)
The amount of time between \fBverify\fR(8) address verification
database cleanup runs. This feature requires that the database
@ -1392,7 +1392,7 @@ This feature is available in Postfix 1.1 and later.
The numerical Postfix SMTP server response code when a remote SMTP
client request is rejected by the "defer" restriction.
.PP
Do not change this unless you have a complete understanding of RFC 2821.
Do not change this unless you have a complete understanding of RFC 5321.
.SH defer_service_name (default: defer)
The name of the defer service. This service is implemented by the
\fBbounce\fR(8) daemon and maintains a record
@ -2093,7 +2093,7 @@ The numerical Postfix SMTP server response code when the client
HELO or EHLO command parameter is rejected by the reject_invalid_helo_hostname
restriction.
.PP
Do not change this unless you have a complete understanding of RFC 2821.
Do not change this unless you have a complete understanding of RFC 5321.
.SH ipc_idle (default: version dependent)
The time after which a client closes an idle internal communication
channel. The purpose is to allow Postfix daemon processes to
@ -3142,7 +3142,7 @@ client request is blocked by the reject_rbl_client, reject_rhsbl_client,
reject_rhsbl_reverse_client, reject_rhsbl_sender or
reject_rhsbl_recipient restriction.
.PP
Do not change this unless you have a complete understanding of RFC 2821.
Do not change this unless you have a complete understanding of RFC 5321.
.SH masquerade_classes (default: envelope_sender, header_sender, header_recipient)
What addresses are subject to address masquerading.
.PP
@ -3609,7 +3609,7 @@ The numerical Postfix SMTP server response code when a remote SMTP
client request is blocked by the reject_multi_recipient_bounce
restriction.
.PP
Do not change this unless you have a complete understanding of RFC 2821.
Do not change this unless you have a complete understanding of RFC 5321.
.PP
This feature is available in Postfix 2.1 and later.
.SH mydestination (default: $myhostname, localhost.$mydomain, localhost)
@ -4860,7 +4860,7 @@ recipient_delimiter = +
The numerical Postfix SMTP server response code when a remote SMTP
client request is rejected by the "reject" restriction.
.PP
Do not change this unless you have a complete understanding of RFC 2821.
Do not change this unless you have a complete understanding of RFC 5321.
.SH reject_tempfail_action (default: defer_if_permit)
The Postfix SMTP server's action when a reject-type restriction
fails due to a temporary error condition. Specify "defer" to defer
@ -4950,7 +4950,7 @@ The numerical Postfix SMTP server response code when a client
request is rejected by the reject_unauth_destination recipient
restriction.
.PP
Do not change this unless you have a complete understanding of RFC 2821.
Do not change this unless you have a complete understanding of RFC 5321.
.SH relay_recipient_maps (default: empty)
Optional lookup tables with all valid addresses in the domains
that match $relay_domains. Specify @domain as a wild-card for
@ -5833,10 +5833,10 @@ The default time unit is s (seconds).
.SH smtp_quote_rfc821_envelope (default: yes)
Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO commands
as required
by RFC 2821. This includes putting quotes around an address localpart
by RFC 5321. This includes putting quotes around an address localpart
that ends in ".".
.PP
The default is to comply with RFC 2821. If you have to send mail to
The default is to comply with RFC 5321. If you have to send mail to
a broken SMTP server, configure a special SMTP client in master.cf:
.sp
.in +4
@ -10700,7 +10700,7 @@ recipient address is rejected by the reject_unknown_sender_domain
or reject_unknown_recipient_domain restriction. The response is
always 450 in case of a temporary DNS error.
.PP
Do not change this unless you have a complete understanding of RFC 2821.
Do not change this unless you have a complete understanding of RFC 5321.
.SH unknown_address_tempfail_action (default: $reject_tempfail_action)
The Postfix SMTP server's action when reject_unknown_sender_domain
or reject_unknown_recipient_domain fail due to a temporary error
@ -10716,7 +10716,7 @@ without valid address <=> name mapping is rejected by the
reject_unknown_client_hostname restriction. The SMTP server always replies
with 450 when the mapping failed due to a temporary error condition.
.PP
Do not change this unless you have a complete understanding of RFC 2821.
Do not change this unless you have a complete understanding of RFC 5321.
.SH unknown_helo_hostname_tempfail_action (default: $reject_tempfail_action)
The Postfix SMTP server's action when reject_unknown_helo_hostname
fails due to an temporary error condition. Specify "defer" to defer
@ -10731,7 +10731,7 @@ The numerical Postfix SMTP server response code when the hostname
specified with the HELO or EHLO command is rejected by the
reject_unknown_helo_hostname restriction.
.PP
Do not change this unless you have a complete understanding of RFC 2821.
Do not change this unless you have a complete understanding of RFC 5321.
.SH unknown_local_recipient_reject_code (default: 550)
The numerical Postfix SMTP server response code when a recipient
address is local, and $local_recipient_maps specifies a list of
@ -10779,7 +10779,7 @@ probe fails due to a temporary error condition.
Unlike elsewhere in Postfix, you can specify 250 in order to
accept the address anyway.
.PP
Do not change this unless you have a complete understanding of RFC 2821.
Do not change this unless you have a complete understanding of RFC 5321.
.PP
This feature is available in Postfix 2.6 and later.
.SH unverified_recipient_reject_code (default: 450)
@ -10789,7 +10789,7 @@ is rejected by the reject_unverified_recipient restriction.
Unlike elsewhere in Postfix, you can specify 250 in order to
accept the address anyway.
.PP
Do not change this unless you have a complete understanding of RFC 2821.
Do not change this unless you have a complete understanding of RFC 5321.
.PP
This feature is available in Postfix 2.1 and later.
.SH unverified_recipient_reject_reason (default: empty)
@ -10825,7 +10825,7 @@ probe fails due to a temporary error condition.
Unlike elsewhere in Postfix, you can specify 250 in order to
accept the address anyway.
.PP
Do not change this unless you have a complete understanding of RFC 2821.
Do not change this unless you have a complete understanding of RFC 5321.
.PP
This feature is available in Postfix 2.6 and later.
.SH unverified_sender_reject_code (default: 450)
@ -10835,7 +10835,7 @@ address is rejected by the reject_unverified_sender restriction.
Unlike elsewhere in Postfix, you can specify 250 in order to
accept the address anyway.
.PP
Do not change this unless you have a complete understanding of RFC 2821.
Do not change this unless you have a complete understanding of RFC 5321.
.PP
This feature is available in Postfix 2.1 and later.
.SH unverified_sender_reject_reason (default: empty)
@ -10961,6 +10961,10 @@ into concurrency per recipient.
Lookup tables with the per-recipient group ID for \fBvirtual\fR(8) mailbox
delivery.
.PP
This parameter is specific to the \fBvirtual\fR(8) delivery agent.
It does not apply when mail is delivered with a different mail
delivery program.
.PP
In a lookup table, specify a left-hand side of "@domain.tld" to
match any user in the specified domain that does not have a specific
"user@domain.tld" entry.
@ -10985,6 +10989,10 @@ measure to ensure that an out of control map doesn't litter the
file system with mailboxes. While virtual_mailbox_base could be
set to "/", this setting isn't recommended.
.PP
This parameter is specific to the \fBvirtual\fR(8) delivery agent.
It does not apply when mail is delivered with a different mail
delivery program.
.PP
Example:
.PP
.nf
@ -11010,11 +11018,19 @@ value is backwards compatible with Postfix version 1.1.
.SH virtual_mailbox_limit (default: 51200000)
The maximal size in bytes of an individual \fBvirtual\fR(8) mailbox or
maildir file, or zero (no limit).
.PP
This parameter is specific to the \fBvirtual\fR(8) delivery agent.
It does not apply when mail is delivered with a different mail
delivery program.
.SH virtual_mailbox_lock (default: see "postconf -d" output)
How to lock a UNIX-style \fBvirtual\fR(8) mailbox before attempting
delivery. For a list of available file locking methods, use the
"\fBpostconf -l\fR" command.
.PP
This parameter is specific to the \fBvirtual\fR(8) delivery agent.
It does not apply when mail is delivered with a different mail
delivery program.
.PP
This setting is ignored with \fBmaildir\fR style delivery, because
such deliveries are safe without application-level locks.
.PP
@ -11031,6 +11047,10 @@ In a lookup table, specify a left-hand side of "@domain.tld" to
match any user in the specified domain that does not have a specific
"user@domain.tld" entry.
.PP
The remainder of this text is specific to the \fBvirtual\fR(8) delivery
agent. It does not apply when mail is delivered with a different
mail delivery program.
.PP
The \fBvirtual\fR(8) delivery agent uses this table to look up the
per-recipient mailbox or maildir pathname. If the lookup result
ends in a slash ("/"), maildir-style delivery is carried out,
@ -11063,6 +11083,10 @@ The minimum user ID value that the \fBvirtual\fR(8) delivery agent accepts
as a result from $virtual_uid_maps table lookup. Returned
values less than this will be rejected, and the message will be
deferred.
.PP
This parameter is specific to the \fBvirtual\fR(8) delivery agent.
It does not apply when mail is delivered with a different mail
delivery program.
.SH virtual_transport (default: virtual)
The default mail delivery transport and next-hop destination for
final delivery to domains listed with $virtual_mailbox_domains.
@ -11078,6 +11102,10 @@ This feature is available in Postfix 2.0 and later.
Lookup tables with the per-recipient user ID that the \fBvirtual\fR(8)
delivery agent uses while writing to the recipient's mailbox.
.PP
This parameter is specific to the \fBvirtual\fR(8) delivery agent.
It does not apply when mail is delivered with a different mail
delivery program.
.PP
In a lookup table, specify a left-hand side of "@domain.tld"
to match any user in the specified domain that does not have a
specific "user@domain.tld" entry.

16
postfix/man/man8/postscreen.8
View File

@ -83,8 +83,7 @@ Problems and transactions are logged to \fBsyslogd\fR(8).
The \fBpostscreen\fR(8) built-in SMTP protocol engine
currently does not announce support for AUTH, XCLIENT or
XFORWARD.
Support for AUTH may be added in the future.
In the mean time, if you need to make these services available
If you need to make these services available
on port 25, then do not enable the optional "after 220
server greeting" tests, and do not use DNSBLs that reject
traffic from dial-up and residential networks.
@ -92,15 +91,16 @@ traffic from dial-up and residential networks.
The optional "after 220 server greeting" tests involve
\fBpostscreen\fR(8)'s built-in SMTP protocol engine. When
these tests succeed, \fBpostscreen\fR(8) adds the client
to the temporary whitelist but it cannot not hand off the
to the temporary whitelist, but it cannot not hand off the
"live" connection to a Postfix SMTP server process in the
middle of a session. Instead, \fBpostscreen\fR(8) defers
attempts to deliver mail with a 4XX status, and waits for
the client to disconnect. The next time a good client
connects, it will be allowed to talk to a Postfix SMTP
server process to deliver mail. \fBpostscreen\fR(8) mitigates
the impact of this limitation by giving such tests a long
expiration time.
the client to disconnect. When the client connects again,
\fBpostscreen\fR(8) will allow the client to talk to a
Postfix SMTP server process (provided that the whitelist
status has not expired). \fBpostscreen\fR(8) mitigates
the impact of this limitation by giving the "after 220
server greeting" tests a long expiration time.
.SH "CONFIGURATION PARAMETERS"
.na
.nf

3
postfix/man/man8/smtp.8
View File

@ -109,6 +109,7 @@ RFC 3207 (STARTTLS command)
RFC 3461 (SMTP DSN Extension)
RFC 3463 (Enhanced Status Codes)
RFC 4954 (AUTH command)
RFC 5321 (SMTP protocol)
.SH DIAGNOSTICS
.ad
.fi
@ -185,7 +186,7 @@ per-destination workarounds for CISCO PIX firewall bugs.
.IP "\fBsmtp_quote_rfc821_envelope (yes)\fR"
Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO commands
as required
by RFC 2821.
by RFC 5321.
.IP "\fBsmtp_reply_filter (empty)\fR"
A mechanism to transform replies from remote SMTP servers one
line at a time.

1
postfix/man/man8/smtpd.8
View File

@ -62,6 +62,7 @@ RFC 3463 (Enhanced status codes)
RFC 3848 (ESMTP transmission types)
RFC 4409 (Message submission)
RFC 4954 (AUTH command)
RFC 5321 (SMTP protocol)
.SH DIAGNOSTICS
.ad
.fi

6
postfix/proto/VIRTUAL_README.html
View File

@ -357,7 +357,11 @@ in the virtual(8) manual page. </p>
domains, non-UNIX accounts</a></h2>
<p> This is a variation on the Postfix virtual mailbox example.
Again, every hosted address can have its own mailbox. </p>
Again, every hosted address can have its own mailbox. However, most
parameters that control the virtual(8) delivery agent are no longer
applicable: only virtual_mailbox_domains and virtual_mailbox_maps
stay in effect. These parameters are needed to reject mail for
unknown recipients. </p>
<p> While non-Postfix software is being used for final delivery,
some Postfix concepts are still needed in order to glue everything

62
postfix/proto/postconf.proto
View File

@ -157,7 +157,7 @@ an access(5) map "reject" action.
</p>
<p>
Do not change this unless you have a complete understanding of RFC 2821.
Do not change this unless you have a complete understanding of RFC 5321.
</p>
%PARAM access_map_defer_code 450
@ -170,7 +170,7 @@ is hard-coded as "450".
</p>
<p>
Do not change this unless you have a complete understanding of RFC 2821.
Do not change this unless you have a complete understanding of RFC 5321.
</p>
<p>
@ -1291,7 +1291,7 @@ client request is rejected by the "defer" restriction.
</p>
<p>
Do not change this unless you have a complete understanding of RFC 2821.
Do not change this unless you have a complete understanding of RFC 5321.
</p>
%PARAM defer_transports
@ -1979,7 +1979,7 @@ restriction.
</p>
<p>
Do not change this unless you have a complete understanding of RFC 2821.
Do not change this unless you have a complete understanding of RFC 5321.
</p>
%PARAM ipc_idle version dependent
@ -2625,7 +2625,7 @@ reject_rhsbl_recipient restriction.
</p>
<p>
Do not change this unless you have a complete understanding of RFC 2821.
Do not change this unless you have a complete understanding of RFC 5321.
</p>
%PARAM masquerade_classes envelope_sender, header_sender, header_recipient
@ -2837,7 +2837,7 @@ restriction.
</p>
<p>
Do not change this unless you have a complete understanding of RFC 2821.
Do not change this unless you have a complete understanding of RFC 5321.
</p>
<p>
@ -3468,7 +3468,7 @@ client request is rejected by the "reject" restriction.
</p>
<p>
Do not change this unless you have a complete understanding of RFC 2821.
Do not change this unless you have a complete understanding of RFC 5321.
</p>
%PARAM relay_domains $mydestination
@ -3508,7 +3508,7 @@ restriction.
</p>
<p>
Do not change this unless you have a complete understanding of RFC 2821.
Do not change this unless you have a complete understanding of RFC 5321.
</p>
%PARAM relay_recipient_maps
@ -4242,12 +4242,12 @@ The default time unit is s (seconds).
<p>
Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO commands
as required
by RFC 2821. This includes putting quotes around an address localpart
by RFC 5321. This includes putting quotes around an address localpart
that ends in ".".
</p>
<p>
The default is to comply with RFC 2821. If you have to send mail to
The default is to comply with RFC 5321. If you have to send mail to
a broken SMTP server, configure a special SMTP client in master.cf:
</p>
@ -6412,7 +6412,7 @@ always 450 in case of a temporary DNS error.
</p>
<p>
Do not change this unless you have a complete understanding of RFC 2821.
Do not change this unless you have a complete understanding of RFC 5321.
</p>
%PARAM unknown_client_reject_code 450
@ -6425,7 +6425,7 @@ with 450 when the mapping failed due to a temporary error condition.
</p>
<p>
Do not change this unless you have a complete understanding of RFC 2821.
Do not change this unless you have a complete understanding of RFC 5321.
</p>
%PARAM unknown_hostname_reject_code 450
@ -6437,7 +6437,7 @@ reject_unknown_helo_hostname restriction.
</p>
<p>
Do not change this unless you have a complete understanding of RFC 2821.
Do not change this unless you have a complete understanding of RFC 5321.
</p>
%PARAM unknown_local_recipient_reject_code 550
@ -6481,7 +6481,7 @@ accept the address anyway.
</p>
<p>
Do not change this unless you have a complete understanding of RFC 2821.
Do not change this unless you have a complete understanding of RFC 5321.
</p>
<p>
@ -6501,7 +6501,7 @@ accept the address anyway.
</p>
<p>
Do not change this unless you have a complete understanding of RFC 2821.
Do not change this unless you have a complete understanding of RFC 5321.
</p>
<p>
@ -6521,7 +6521,7 @@ accept the address anyway.
</p>
<p>
Do not change this unless you have a complete understanding of RFC 2821.
Do not change this unless you have a complete understanding of RFC 5321.
</p>
<p>
@ -6541,7 +6541,7 @@ accept the address anyway.
</p>
<p>
Do not change this unless you have a complete understanding of RFC 2821.
Do not change this unless you have a complete understanding of RFC 5321.
</p>
<p>
@ -8272,6 +8272,10 @@ Lookup tables with the per-recipient group ID for virtual(8) mailbox
delivery.
</p>
<p> This parameter is specific to the virtual(8) delivery agent.
It does not apply when mail is delivered with a different mail
delivery program. </p>
<p>
In a lookup table, specify a left-hand side of "@domain.tld" to
match any user in the specified domain that does not have a specific
@ -8308,6 +8312,10 @@ file system with mailboxes. While virtual_mailbox_base could be
set to "/", this setting isn't recommended.
</p>
<p> This parameter is specific to the virtual(8) delivery agent.
It does not apply when mail is delivered with a different mail
delivery program. </p>
<p>
Example:
</p>
@ -8339,6 +8347,10 @@ value is backwards compatible with Postfix version 1.1.
The maximal size in bytes of an individual virtual(8) mailbox or
maildir file, or zero (no limit). </p>
<p> This parameter is specific to the virtual(8) delivery agent.
It does not apply when mail is delivered with a different mail
delivery program. </p>
%PARAM virtual_mailbox_lock see "postconf -d" output
<p>
@ -8347,6 +8359,10 @@ delivery. For a list of available file locking methods, use the
"<b>postconf -l</b>" command.
</p>
<p> This parameter is specific to the virtual(8) delivery agent.
It does not apply when mail is delivered with a different mail
delivery program. </p>
<p>
This setting is ignored with <b>maildir</b> style delivery, because
such deliveries are safe without application-level locks.
@ -8375,6 +8391,10 @@ match any user in the specified domain that does not have a specific
"user@domain.tld" entry.
</p>
<p> The remainder of this text is specific to the virtual(8) delivery
agent. It does not apply when mail is delivered with a different
mail delivery program. </p>
<p>
The virtual(8) delivery agent uses this table to look up the
per-recipient mailbox or maildir pathname. If the lookup result
@ -8413,6 +8433,10 @@ values less than this will be rejected, and the message will be
deferred.
</p>
<p> This parameter is specific to the virtual(8) delivery agent.
It does not apply when mail is delivered with a different mail
delivery program. </p>
%PARAM virtual_transport virtual
<p>
@ -8439,6 +8463,10 @@ Lookup tables with the per-recipient user ID that the virtual(8)
delivery agent uses while writing to the recipient's mailbox.
</p>
<p> This parameter is specific to the virtual(8) delivery agent.
It does not apply when mail is delivered with a different mail
delivery program. </p>
<p>
In a lookup table, specify a left-hand side of "@domain.tld"
to match any user in the specified domain that does not have a

2
postfix/src/global/mail_version.h
View File

@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
#define MAIL_RELEASE_DATE "20120715"
#define MAIL_RELEASE_DATE "20120801"
#define MAIL_VERSION_NUMBER "2.10"
#ifdef SNAPSHOT

2
postfix/src/postqueue/postqueue.c
View File

@ -60,7 +60,7 @@
/* .RE
/* .IP "\fB-s \fIsite\fR"
/* Schedule immediate delivery of all mail that is queued for the named
/* \fIsite\fR. A numerical site must be specified as a valid RFC 2821
/* \fIsite\fR. A numerical site must be specified as a valid RFC 5321
/* address literal enclosed in [], just like in email addresses.
/* The site must be eligible for the "fast flush" service.
/* See \fBflush\fR(8) for more information about the "fast flush"

16
postfix/src/postscreen/postscreen.c
View File

@ -69,8 +69,7 @@
/* The \fBpostscreen\fR(8) built-in SMTP protocol engine
/* currently does not announce support for AUTH, XCLIENT or
/* XFORWARD.
/* Support for AUTH may be added in the future.
/* In the mean time, if you need to make these services available
/* If you need to make these services available
/* on port 25, then do not enable the optional "after 220
/* server greeting" tests, and do not use DNSBLs that reject
/* traffic from dial-up and residential networks.
@ -78,15 +77,16 @@
/* The optional "after 220 server greeting" tests involve
/* \fBpostscreen\fR(8)'s built-in SMTP protocol engine. When
/* these tests succeed, \fBpostscreen\fR(8) adds the client
/* to the temporary whitelist but it cannot not hand off the
/* to the temporary whitelist, but it cannot not hand off the
/* "live" connection to a Postfix SMTP server process in the
/* middle of a session. Instead, \fBpostscreen\fR(8) defers
/* attempts to deliver mail with a 4XX status, and waits for
/* the client to disconnect. The next time a good client
/* connects, it will be allowed to talk to a Postfix SMTP
/* server process to deliver mail. \fBpostscreen\fR(8) mitigates
/* the impact of this limitation by giving such tests a long
/* expiration time.
/* the client to disconnect. When the client connects again,
/* \fBpostscreen\fR(8) will allow the client to talk to a
/* Postfix SMTP server process (provided that the whitelist
/* status has not expired). \fBpostscreen\fR(8) mitigates
/* the impact of this limitation by giving the "after 220
/* server greeting" tests a long expiration time.
/* CONFIGURATION PARAMETERS
/* .ad
/* .fi

3
postfix/src/smtp/smtp.c
View File

@ -95,6 +95,7 @@
/* RFC 3461 (SMTP DSN Extension)
/* RFC 3463 (Enhanced Status Codes)
/* RFC 4954 (AUTH command)
/* RFC 5321 (SMTP protocol)
/* DIAGNOSTICS
/* Problems and transactions are logged to \fBsyslogd\fR(8).
/* Corrupted message files are marked so that the queue manager can
@ -163,7 +164,7 @@
/* .IP "\fBsmtp_quote_rfc821_envelope (yes)\fR"
/* Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO commands
/* as required
/* by RFC 2821.
/* by RFC 5321.
/* .IP "\fBsmtp_reply_filter (empty)\fR"
/* A mechanism to transform replies from remote SMTP servers one
/* line at a time.

15
postfix/src/smtpd/smtpd.c
View File

@ -52,6 +52,7 @@
/* RFC 3848 (ESMTP transmission types)
/* RFC 4409 (Message submission)
/* RFC 4954 (AUTH command)
/* RFC 5321 (SMTP protocol)
/* DIAGNOSTICS
/* Problems and transactions are logged to \fBsyslogd\fR(8).
/*
@ -2217,9 +2218,7 @@ static int mail_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
smtpd_chat_reply(state, "503 5.5.1 Error: send HELO/EHLO first");
return (-1);
}
#define IN_MAIL_TRANSACTION(state) ((state)->sender != 0)
if (IN_MAIL_TRANSACTION(state)) {
if (SMTPD_IN_MAIL_TRANSACTION(state)) {
state->error_mask |= MAIL_ERROR_PROTOCOL;
smtpd_chat_reply(state, "503 5.5.1 Error: nested MAIL command");
return (-1);
@ -2525,7 +2524,7 @@ static int rcpt_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
* command with a 501 response. So much for the principle of "be liberal
* in what you accept, be strict in what you send".
*/
if (!IN_MAIL_TRANSACTION(state)) {
if (!SMTPD_IN_MAIL_TRANSACTION(state)) {
state->error_mask |= MAIL_ERROR_PROTOCOL;
smtpd_chat_reply(state, "503 5.5.1 Error: need MAIL command");
return (-1);
@ -2888,7 +2887,7 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
* error.
*/
if (state->rcpt_count == 0) {
if (!IN_MAIL_TRANSACTION(state)) {
if (!SMTPD_IN_MAIL_TRANSACTION(state)) {
state->error_mask |= MAIL_ERROR_PROTOCOL;
smtpd_chat_reply(state, "503 5.5.1 Error: need RCPT command");
} else {
@ -3438,7 +3437,7 @@ static int etrn_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
smtpd_chat_reply(state, "%s", err);
return (-1);
}
if (IN_MAIL_TRANSACTION(state)) {
if (SMTPD_IN_MAIL_TRANSACTION(state)) {
state->error_mask |= MAIL_ERROR_PROTOCOL;
smtpd_chat_reply(state, "503 Error: MAIL transaction in progress");
return (-1);
@ -3553,7 +3552,7 @@ static int xclient_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
* XXX The XCLIENT command will override its own access control, so that
* connection count/rate restrictions can be correctly simulated.
*/
if (IN_MAIL_TRANSACTION(state)) {
if (SMTPD_IN_MAIL_TRANSACTION(state)) {
state->error_mask |= MAIL_ERROR_PROTOCOL;
smtpd_chat_reply(state, "503 5.5.1 Error: MAIL transaction in progress");
return (-1);
@ -3849,7 +3848,7 @@ static int xforward_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
/*
* Sanity checks.
*/
if (IN_MAIL_TRANSACTION(state)) {
if (SMTPD_IN_MAIL_TRANSACTION(state)) {
state->error_mask |= MAIL_ERROR_PROTOCOL;
smtpd_chat_reply(state, "503 5.5.1 Error: MAIL transaction in progress");
return (-1);

5
postfix/src/smtpd/smtpd.h
View File

@ -305,6 +305,11 @@ extern void smtpd_state_reset(SMTPD_STATE *);
#define USE_SMTPD_PROXY(state) \
(SMTPD_STAND_ALONE(state) == 0 && *var_smtpd_proxy_filt)
/*
* Are we in a MAIL transaction?
*/
#define SMTPD_IN_MAIL_TRANSACTION(state) ((state)->sender != 0)
/*
* SMTPD peer information lookup.
*/

5
postfix/src/smtpd/smtpd_sasl_proto.c
View File

@ -164,6 +164,11 @@ int smtpd_sasl_auth_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
smtpd_chat_reply(state, "503 5.5.1 Error: authentication not enabled");
return (-1);
}
if (SMTPD_IN_MAIL_TRANSACTION(state)) {
state->error_mask |= MAIL_ERROR_PROTOCOL;
smtpd_chat_reply(state, "503 5.5.1 Error: MAIL transaction in progress");
return (-1);
}
if (smtpd_milters != 0 && (err = milter_other_event(smtpd_milters)) != 0) {
if (err[0] == '5') {
state->error_mask |= MAIL_ERROR_POLICY;