This is a variation on the Postfix virtual mailbox example. -Again, every hosted address can have its own mailbox.
+Again, every hosted address can have its own mailbox. However, most +parameters that control the virtual(8) delivery agent are no longer +applicable: only virtual_mailbox_domains and virtual_mailbox_maps +stay in effect. These parameters are needed to reject mail for +unknown recipients.While non-Postfix software is being used for final delivery, some Postfix concepts are still needed in order to glue everything diff --git a/postfix/html/lmtp.8.html b/postfix/html/lmtp.8.html index a72db682a..53bf1c711 100644 --- a/postfix/html/lmtp.8.html +++ b/postfix/html/lmtp.8.html @@ -115,6 +115,7 @@ SMTP(8) SMTP(8) RFC 3461 (SMTP DSN Extension) RFC 3463 (Enhanced Status Codes) RFC 4954 (AUTH command) + RFC 5321 (SMTP protocol) DIAGNOSTICS Problems and transactions are logged to syslogd(8). Cor- @@ -194,7 +195,7 @@ SMTP(8) SMTP(8) smtp_quote_rfc821_envelope (yes) Quote addresses in Postfix SMTP client MAIL FROM - and RCPT TO commands as required by RFC 2821. + and RCPT TO commands as required by RFC 5321. smtp_reply_filter (empty) A mechanism to transform replies from remote SMTP diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index edf9e3d15..23a7ce039 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -96,7 +96,7 @@ is hard-coded as "450".
-Do not change this unless you have a complete understanding of RFC 2821. +Do not change this unless you have a complete understanding of RFC 5321.
@@ -115,7 +115,7 @@ an access(5) map "reject" action.
-Do not change this unless you have a complete understanding of RFC 2821. +Do not change this unless you have a complete understanding of RFC 5321.
@@ -2398,7 +2398,7 @@ client request is rejected by the "defer" restriction.-Do not change this unless you have a complete understanding of RFC 2821. +Do not change this unless you have a complete understanding of RFC 5321.
@@ -3646,7 +3646,7 @@ restriction.-Do not change this unless you have a complete understanding of RFC 2821. +Do not change this unless you have a complete understanding of RFC 5321.
@@ -5630,7 +5630,7 @@ client request is blocked by the rej-Do not change this unless you have a complete understanding of RFC 2821. +Do not change this unless you have a complete understanding of RFC 5321.
@@ -6369,7 +6369,7 @@ restriction.-Do not change this unless you have a complete understanding of RFC 2821. +Do not change this unless you have a complete understanding of RFC 5321.
@@ -8416,7 +8416,7 @@ client request is rejected by the "reject" restriction.
-Do not change this unless you have a complete understanding of RFC 2821. +Do not change this unless you have a complete understanding of RFC 5321.
@@ -8543,7 +8543,7 @@ restriction.-Do not change this unless you have a complete understanding of RFC 2821. +Do not change this unless you have a complete understanding of RFC 5321.
@@ -10003,12 +10003,12 @@ The default time unit is s (seconds).Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO commands as required -by RFC 2821. This includes putting quotes around an address localpart +by RFC 5321. This includes putting quotes around an address localpart that ends in ".".
-The default is to comply with RFC 2821. If you have to send mail to +The default is to comply with RFC 5321. If you have to send mail to a broken SMTP server, configure a special SMTP client in master.cf:
@@ -16611,7 +16611,7 @@ always 450 in case of a temporary DNS error.-Do not change this unless you have a complete understanding of RFC 2821. +Do not change this unless you have a complete understanding of RFC 5321.
@@ -16644,7 +16644,7 @@ with 450 when the mapping failed due to a temporary error condition.-Do not change this unless you have a complete understanding of RFC 2821. +Do not change this unless you have a complete understanding of RFC 5321.
@@ -16675,7 +16675,7 @@ specified with the HELO or EHLO command is rejected by the-Do not change this unless you have a complete understanding of RFC 2821. +Do not change this unless you have a complete understanding of RFC 5321.
@@ -16775,7 +16775,7 @@ accept the address anyway.-Do not change this unless you have a complete understanding of RFC 2821. +Do not change this unless you have a complete understanding of RFC 5321.
@@ -16799,7 +16799,7 @@ accept the address anyway.
-Do not change this unless you have a complete understanding of RFC 2821. +Do not change this unless you have a complete understanding of RFC 5321.
@@ -16857,7 +16857,7 @@ accept the address anyway.
-Do not change this unless you have a complete understanding of RFC 2821. +Do not change this unless you have a complete understanding of RFC 5321.
@@ -16881,7 +16881,7 @@ accept the address anyway.
-Do not change this unless you have a complete understanding of RFC 2821. +Do not change this unless you have a complete understanding of RFC 5321.
@@ -17088,6 +17088,10 @@ Lookup tables with the per-recipient group ID for virtu delivery.
+This parameter is specific to the virtual(8) delivery agent. +It does not apply when mail is delivered with a different mail +delivery program.
+
In a lookup table, specify a left-hand side of "@domain.tld" to
match any user in the specified domain that does not have a specific
@@ -17128,6 +17132,10 @@ file system with mailboxes. While
+ This parameter is specific to the virtual(8) delivery agent.
+It does not apply when mail is delivered with a different mail
+delivery program.
Example:
This parameter is specific to the virtual(8) delivery agent. +It does not apply when mail is delivered with a different mail +delivery program.
+ @@ -17179,6 +17191,10 @@ delivery. For a list of available file locking methods, use the "postconf -l" command. +This parameter is specific to the virtual(8) delivery agent. +It does not apply when mail is delivered with a different mail +delivery program.
+This setting is ignored with maildir style delivery, because such deliveries are safe without application-level locks. @@ -17211,6 +17227,10 @@ match any user in the specified domain that does not have a specific "user@domain.tld" entry.
+The remainder of this text is specific to the virtual(8) delivery +agent. It does not apply when mail is delivered with a different +mail delivery program.
+The virtual(8) delivery agent uses this table to look up the per-recipient mailbox or maildir pathname. If the lookup result @@ -17266,6 +17286,10 @@ values less than this will be rejected, and the message will be deferred.
+This parameter is specific to the virtual(8) delivery agent. +It does not apply when mail is delivered with a different mail +delivery program.
+ @@ -17300,6 +17324,10 @@ Lookup tables with the per-recipient user ID that the v delivery agent uses while writing to the recipient's mailbox. +This parameter is specific to the virtual(8) delivery agent. +It does not apply when mail is delivered with a different mail +delivery program.
+In a lookup table, specify a left-hand side of "@domain.tld" to match any user in the specified domain that does not have a diff --git a/postfix/html/postqueue.1.html b/postfix/html/postqueue.1.html index 4a5dfc560..50edb8372 100644 --- a/postfix/html/postqueue.1.html +++ b/postfix/html/postqueue.1.html @@ -73,7 +73,7 @@ POSTQUEUE(1) POSTQUEUE(1) -s site Schedule immediate delivery of all mail that is queued for the named site. A numerical site must be - specified as a valid RFC 2821 address literal + specified as a valid RFC 5321 address literal enclosed in [], just like in email addresses. The site must be eligible for the "fast flush" service. See flush(8) for more information about the "fast diff --git a/postfix/html/postscreen.8.html b/postfix/html/postscreen.8.html index 901b71631..5d5ec05ba 100644 --- a/postfix/html/postscreen.8.html +++ b/postfix/html/postscreen.8.html @@ -78,24 +78,24 @@ POSTSCREEN(8) POSTSCREEN(8) BUGS The postscreen(8) built-in SMTP protocol engine currently does not announce support for AUTH, XCLIENT or XFORWARD. - Support for AUTH may be added in the future. In the mean - time, if you need to make these services available on port - 25, then do not enable the optional "after 220 server - greeting" tests, and do not use DNSBLs that reject traffic - from dial-up and residential networks. + If you need to make these services available on port 25, + then do not enable the optional "after 220 server greet- + ing" tests, and do not use DNSBLs that reject traffic from + dial-up and residential networks. - The optional "after 220 server greeting" tests involve - postscreen(8)'s built-in SMTP protocol engine. When these + The optional "after 220 server greeting" tests involve + postscreen(8)'s built-in SMTP protocol engine. When these tests succeed, postscreen(8) adds the client to the tempo- - rary whitelist but it cannot not hand off the "live" con- - nection to a Postfix SMTP server process in the middle of - a session. Instead, postscreen(8) defers attempts to - deliver mail with a 4XX status, and waits for the client - to disconnect. The next time a good client connects, it - will be allowed to talk to a Postfix SMTP server process - to deliver mail. postscreen(8) mitigates the impact of - this limitation by giving such tests a long expiration - time. + rary whitelist, but it cannot not hand off the "live" con- + nection to a Postfix SMTP server process in the middle of + a session. Instead, postscreen(8) defers attempts to + deliver mail with a 4XX status, and waits for the client + to disconnect. When the client connects again, + postscreen(8) will allow the client to talk to a Postfix + SMTP server process (provided that the whitelist status + has not expired). postscreen(8) mitigates the impact of + this limitation by giving the "after 220 server greeting" + tests a long expiration time. CONFIGURATION PARAMETERS Changes to main.cf are not picked up automatically, as diff --git a/postfix/html/smtp.8.html b/postfix/html/smtp.8.html index a72db682a..53bf1c711 100644 --- a/postfix/html/smtp.8.html +++ b/postfix/html/smtp.8.html @@ -115,6 +115,7 @@ SMTP(8) SMTP(8) RFC 3461 (SMTP DSN Extension) RFC 3463 (Enhanced Status Codes) RFC 4954 (AUTH command) + RFC 5321 (SMTP protocol) DIAGNOSTICS Problems and transactions are logged to syslogd(8). Cor- @@ -194,7 +195,7 @@ SMTP(8) SMTP(8) smtp_quote_rfc821_envelope (yes) Quote addresses in Postfix SMTP client MAIL FROM - and RCPT TO commands as required by RFC 2821. + and RCPT TO commands as required by RFC 5321. smtp_reply_filter (empty) A mechanism to transform replies from remote SMTP diff --git a/postfix/html/smtpd.8.html b/postfix/html/smtpd.8.html index ee9ae6a92..788cfec5f 100644 --- a/postfix/html/smtpd.8.html +++ b/postfix/html/smtpd.8.html @@ -59,6 +59,7 @@ SMTPD(8) SMTPD(8) RFC 3848 (ESMTP transmission types) RFC 4409 (Message submission) RFC 4954 (AUTH command) + RFC 5321 (SMTP protocol) DIAGNOSTICS Problems and transactions are logged to syslogd(8). diff --git a/postfix/man/man1/postqueue.1 b/postfix/man/man1/postqueue.1 index c0db9145f..13ea11822 100644 --- a/postfix/man/man1/postqueue.1 +++ b/postfix/man/man1/postqueue.1 @@ -66,7 +66,7 @@ attempt will be made until the mail is taken off hold. .RE .IP "\fB-s \fIsite\fR" Schedule immediate delivery of all mail that is queued for the named -\fIsite\fR. A numerical site must be specified as a valid RFC 2821 +\fIsite\fR. A numerical site must be specified as a valid RFC 5321 address literal enclosed in [], just like in email addresses. The site must be eligible for the "fast flush" service. See \fBflush\fR(8) for more information about the "fast flush" diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index b8a6c2089..2e2b9190d 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -69,14 +69,14 @@ an \fBaccess\fR(5) map "defer" action, including "defer_if_permit" or "defer_if_reject". Prior to Postfix 2.6, the response is hard-coded as "450". .PP -Do not change this unless you have a complete understanding of RFC 2821. +Do not change this unless you have a complete understanding of RFC 5321. .PP This feature is available in Postfix 2.6 and later. .SH access_map_reject_code (default: 554) The numerical Postfix SMTP server response code for an \fBaccess\fR(5) map "reject" action. .PP -Do not change this unless you have a complete understanding of RFC 2821. +Do not change this unless you have a complete understanding of RFC 5321. .SH address_verify_cache_cleanup_interval (default: 12h) The amount of time between \fBverify\fR(8) address verification database cleanup runs. This feature requires that the database @@ -1392,7 +1392,7 @@ This feature is available in Postfix 1.1 and later. The numerical Postfix SMTP server response code when a remote SMTP client request is rejected by the "defer" restriction. .PP -Do not change this unless you have a complete understanding of RFC 2821. +Do not change this unless you have a complete understanding of RFC 5321. .SH defer_service_name (default: defer) The name of the defer service. This service is implemented by the \fBbounce\fR(8) daemon and maintains a record @@ -2093,7 +2093,7 @@ The numerical Postfix SMTP server response code when the client HELO or EHLO command parameter is rejected by the reject_invalid_helo_hostname restriction. .PP -Do not change this unless you have a complete understanding of RFC 2821. +Do not change this unless you have a complete understanding of RFC 5321. .SH ipc_idle (default: version dependent) The time after which a client closes an idle internal communication channel. The purpose is to allow Postfix daemon processes to @@ -3142,7 +3142,7 @@ client request is blocked by the reject_rbl_client, reject_rhsbl_client, reject_rhsbl_reverse_client, reject_rhsbl_sender or reject_rhsbl_recipient restriction. .PP -Do not change this unless you have a complete understanding of RFC 2821. +Do not change this unless you have a complete understanding of RFC 5321. .SH masquerade_classes (default: envelope_sender, header_sender, header_recipient) What addresses are subject to address masquerading. .PP @@ -3609,7 +3609,7 @@ The numerical Postfix SMTP server response code when a remote SMTP client request is blocked by the reject_multi_recipient_bounce restriction. .PP -Do not change this unless you have a complete understanding of RFC 2821. +Do not change this unless you have a complete understanding of RFC 5321. .PP This feature is available in Postfix 2.1 and later. .SH mydestination (default: $myhostname, localhost.$mydomain, localhost) @@ -4860,7 +4860,7 @@ recipient_delimiter = + The numerical Postfix SMTP server response code when a remote SMTP client request is rejected by the "reject" restriction. .PP -Do not change this unless you have a complete understanding of RFC 2821. +Do not change this unless you have a complete understanding of RFC 5321. .SH reject_tempfail_action (default: defer_if_permit) The Postfix SMTP server's action when a reject-type restriction fails due to a temporary error condition. Specify "defer" to defer @@ -4950,7 +4950,7 @@ The numerical Postfix SMTP server response code when a client request is rejected by the reject_unauth_destination recipient restriction. .PP -Do not change this unless you have a complete understanding of RFC 2821. +Do not change this unless you have a complete understanding of RFC 5321. .SH relay_recipient_maps (default: empty) Optional lookup tables with all valid addresses in the domains that match $relay_domains. Specify @domain as a wild-card for @@ -5833,10 +5833,10 @@ The default time unit is s (seconds). .SH smtp_quote_rfc821_envelope (default: yes) Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO commands as required -by RFC 2821. This includes putting quotes around an address localpart +by RFC 5321. This includes putting quotes around an address localpart that ends in ".". .PP -The default is to comply with RFC 2821. If you have to send mail to +The default is to comply with RFC 5321. If you have to send mail to a broken SMTP server, configure a special SMTP client in master.cf: .sp .in +4 @@ -10700,7 +10700,7 @@ recipient address is rejected by the reject_unknown_sender_domain or reject_unknown_recipient_domain restriction. The response is always 450 in case of a temporary DNS error. .PP -Do not change this unless you have a complete understanding of RFC 2821. +Do not change this unless you have a complete understanding of RFC 5321. .SH unknown_address_tempfail_action (default: $reject_tempfail_action) The Postfix SMTP server's action when reject_unknown_sender_domain or reject_unknown_recipient_domain fail due to a temporary error @@ -10716,7 +10716,7 @@ without valid address <=> name mapping is rejected by the reject_unknown_client_hostname restriction. The SMTP server always replies with 450 when the mapping failed due to a temporary error condition. .PP -Do not change this unless you have a complete understanding of RFC 2821. +Do not change this unless you have a complete understanding of RFC 5321. .SH unknown_helo_hostname_tempfail_action (default: $reject_tempfail_action) The Postfix SMTP server's action when reject_unknown_helo_hostname fails due to an temporary error condition. Specify "defer" to defer @@ -10731,7 +10731,7 @@ The numerical Postfix SMTP server response code when the hostname specified with the HELO or EHLO command is rejected by the reject_unknown_helo_hostname restriction. .PP -Do not change this unless you have a complete understanding of RFC 2821. +Do not change this unless you have a complete understanding of RFC 5321. .SH unknown_local_recipient_reject_code (default: 550) The numerical Postfix SMTP server response code when a recipient address is local, and $local_recipient_maps specifies a list of @@ -10779,7 +10779,7 @@ probe fails due to a temporary error condition. Unlike elsewhere in Postfix, you can specify 250 in order to accept the address anyway. .PP -Do not change this unless you have a complete understanding of RFC 2821. +Do not change this unless you have a complete understanding of RFC 5321. .PP This feature is available in Postfix 2.6 and later. .SH unverified_recipient_reject_code (default: 450) @@ -10789,7 +10789,7 @@ is rejected by the reject_unverified_recipient restriction. Unlike elsewhere in Postfix, you can specify 250 in order to accept the address anyway. .PP -Do not change this unless you have a complete understanding of RFC 2821. +Do not change this unless you have a complete understanding of RFC 5321. .PP This feature is available in Postfix 2.1 and later. .SH unverified_recipient_reject_reason (default: empty) @@ -10825,7 +10825,7 @@ probe fails due to a temporary error condition. Unlike elsewhere in Postfix, you can specify 250 in order to accept the address anyway. .PP -Do not change this unless you have a complete understanding of RFC 2821. +Do not change this unless you have a complete understanding of RFC 5321. .PP This feature is available in Postfix 2.6 and later. .SH unverified_sender_reject_code (default: 450) @@ -10835,7 +10835,7 @@ address is rejected by the reject_unverified_sender restriction. Unlike elsewhere in Postfix, you can specify 250 in order to accept the address anyway. .PP -Do not change this unless you have a complete understanding of RFC 2821. +Do not change this unless you have a complete understanding of RFC 5321. .PP This feature is available in Postfix 2.1 and later. .SH unverified_sender_reject_reason (default: empty) @@ -10961,6 +10961,10 @@ into concurrency per recipient. Lookup tables with the per-recipient group ID for \fBvirtual\fR(8) mailbox delivery. .PP +This parameter is specific to the \fBvirtual\fR(8) delivery agent. +It does not apply when mail is delivered with a different mail +delivery program. +.PP In a lookup table, specify a left-hand side of "@domain.tld" to match any user in the specified domain that does not have a specific "user@domain.tld" entry. @@ -10985,6 +10989,10 @@ measure to ensure that an out of control map doesn't litter the file system with mailboxes. While virtual_mailbox_base could be set to "/", this setting isn't recommended. .PP +This parameter is specific to the \fBvirtual\fR(8) delivery agent. +It does not apply when mail is delivered with a different mail +delivery program. +.PP Example: .PP .nf @@ -11010,11 +11018,19 @@ value is backwards compatible with Postfix version 1.1. .SH virtual_mailbox_limit (default: 51200000) The maximal size in bytes of an individual \fBvirtual\fR(8) mailbox or maildir file, or zero (no limit). +.PP +This parameter is specific to the \fBvirtual\fR(8) delivery agent. +It does not apply when mail is delivered with a different mail +delivery program. .SH virtual_mailbox_lock (default: see "postconf -d" output) How to lock a UNIX-style \fBvirtual\fR(8) mailbox before attempting delivery. For a list of available file locking methods, use the "\fBpostconf -l\fR" command. .PP +This parameter is specific to the \fBvirtual\fR(8) delivery agent. +It does not apply when mail is delivered with a different mail +delivery program. +.PP This setting is ignored with \fBmaildir\fR style delivery, because such deliveries are safe without application-level locks. .PP @@ -11031,6 +11047,10 @@ In a lookup table, specify a left-hand side of "@domain.tld" to match any user in the specified domain that does not have a specific "user@domain.tld" entry. .PP +The remainder of this text is specific to the \fBvirtual\fR(8) delivery +agent. It does not apply when mail is delivered with a different +mail delivery program. +.PP The \fBvirtual\fR(8) delivery agent uses this table to look up the per-recipient mailbox or maildir pathname. If the lookup result ends in a slash ("/"), maildir-style delivery is carried out, @@ -11063,6 +11083,10 @@ The minimum user ID value that the \fBvirtual\fR(8) delivery agent accepts as a result from $virtual_uid_maps table lookup. Returned values less than this will be rejected, and the message will be deferred. +.PP +This parameter is specific to the \fBvirtual\fR(8) delivery agent. +It does not apply when mail is delivered with a different mail +delivery program. .SH virtual_transport (default: virtual) The default mail delivery transport and next-hop destination for final delivery to domains listed with $virtual_mailbox_domains. @@ -11078,6 +11102,10 @@ This feature is available in Postfix 2.0 and later. Lookup tables with the per-recipient user ID that the \fBvirtual\fR(8) delivery agent uses while writing to the recipient's mailbox. .PP +This parameter is specific to the \fBvirtual\fR(8) delivery agent. +It does not apply when mail is delivered with a different mail +delivery program. +.PP In a lookup table, specify a left-hand side of "@domain.tld" to match any user in the specified domain that does not have a specific "user@domain.tld" entry. diff --git a/postfix/man/man8/postscreen.8 b/postfix/man/man8/postscreen.8 index bd7976222..22a61191e 100644 --- a/postfix/man/man8/postscreen.8 +++ b/postfix/man/man8/postscreen.8 @@ -83,8 +83,7 @@ Problems and transactions are logged to \fBsyslogd\fR(8). The \fBpostscreen\fR(8) built-in SMTP protocol engine currently does not announce support for AUTH, XCLIENT or XFORWARD. -Support for AUTH may be added in the future. -In the mean time, if you need to make these services available +If you need to make these services available on port 25, then do not enable the optional "after 220 server greeting" tests, and do not use DNSBLs that reject traffic from dial-up and residential networks. @@ -92,15 +91,16 @@ traffic from dial-up and residential networks. The optional "after 220 server greeting" tests involve \fBpostscreen\fR(8)'s built-in SMTP protocol engine. When these tests succeed, \fBpostscreen\fR(8) adds the client -to the temporary whitelist but it cannot not hand off the +to the temporary whitelist, but it cannot not hand off the "live" connection to a Postfix SMTP server process in the middle of a session. Instead, \fBpostscreen\fR(8) defers attempts to deliver mail with a 4XX status, and waits for -the client to disconnect. The next time a good client -connects, it will be allowed to talk to a Postfix SMTP -server process to deliver mail. \fBpostscreen\fR(8) mitigates -the impact of this limitation by giving such tests a long -expiration time. +the client to disconnect. When the client connects again, +\fBpostscreen\fR(8) will allow the client to talk to a +Postfix SMTP server process (provided that the whitelist +status has not expired). \fBpostscreen\fR(8) mitigates +the impact of this limitation by giving the "after 220 +server greeting" tests a long expiration time. .SH "CONFIGURATION PARAMETERS" .na .nf diff --git a/postfix/man/man8/smtp.8 b/postfix/man/man8/smtp.8 index 793d79b0e..98b7fa622 100644 --- a/postfix/man/man8/smtp.8 +++ b/postfix/man/man8/smtp.8 @@ -109,6 +109,7 @@ RFC 3207 (STARTTLS command) RFC 3461 (SMTP DSN Extension) RFC 3463 (Enhanced Status Codes) RFC 4954 (AUTH command) +RFC 5321 (SMTP protocol) .SH DIAGNOSTICS .ad .fi @@ -185,7 +186,7 @@ per-destination workarounds for CISCO PIX firewall bugs. .IP "\fBsmtp_quote_rfc821_envelope (yes)\fR" Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO commands as required -by RFC 2821. +by RFC 5321. .IP "\fBsmtp_reply_filter (empty)\fR" A mechanism to transform replies from remote SMTP servers one line at a time. diff --git a/postfix/man/man8/smtpd.8 b/postfix/man/man8/smtpd.8 index 26611a367..b57b9c9bd 100644 --- a/postfix/man/man8/smtpd.8 +++ b/postfix/man/man8/smtpd.8 @@ -62,6 +62,7 @@ RFC 3463 (Enhanced status codes) RFC 3848 (ESMTP transmission types) RFC 4409 (Message submission) RFC 4954 (AUTH command) +RFC 5321 (SMTP protocol) .SH DIAGNOSTICS .ad .fi diff --git a/postfix/proto/VIRTUAL_README.html b/postfix/proto/VIRTUAL_README.html index 7139d0934..ac11f192c 100644 --- a/postfix/proto/VIRTUAL_README.html +++ b/postfix/proto/VIRTUAL_README.html @@ -357,7 +357,11 @@ in the virtual(8) manual page.
domains, non-UNIX accountsThis is a variation on the Postfix virtual mailbox example. -Again, every hosted address can have its own mailbox.
+Again, every hosted address can have its own mailbox. However, most +parameters that control the virtual(8) delivery agent are no longer +applicable: only virtual_mailbox_domains and virtual_mailbox_maps +stay in effect. These parameters are needed to reject mail for +unknown recipients.While non-Postfix software is being used for final delivery, some Postfix concepts are still needed in order to glue everything diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index 18c12fafc..0b9b04052 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -157,7 +157,7 @@ an access(5) map "reject" action.
-Do not change this unless you have a complete understanding of RFC 2821. +Do not change this unless you have a complete understanding of RFC 5321.
%PARAM access_map_defer_code 450 @@ -170,7 +170,7 @@ is hard-coded as "450".-Do not change this unless you have a complete understanding of RFC 2821. +Do not change this unless you have a complete understanding of RFC 5321.
@@ -1291,7 +1291,7 @@ client request is rejected by the "defer" restriction.
-Do not change this unless you have a complete understanding of RFC 2821. +Do not change this unless you have a complete understanding of RFC 5321.
%PARAM defer_transports @@ -1979,7 +1979,7 @@ restriction.-Do not change this unless you have a complete understanding of RFC 2821. +Do not change this unless you have a complete understanding of RFC 5321.
%PARAM ipc_idle version dependent @@ -2625,7 +2625,7 @@ reject_rhsbl_recipient restriction.-Do not change this unless you have a complete understanding of RFC 2821. +Do not change this unless you have a complete understanding of RFC 5321.
%PARAM masquerade_classes envelope_sender, header_sender, header_recipient @@ -2837,7 +2837,7 @@ restriction.-Do not change this unless you have a complete understanding of RFC 2821. +Do not change this unless you have a complete understanding of RFC 5321.
@@ -3468,7 +3468,7 @@ client request is rejected by the "reject" restriction.
-Do not change this unless you have a complete understanding of RFC 2821. +Do not change this unless you have a complete understanding of RFC 5321.
%PARAM relay_domains $mydestination @@ -3508,7 +3508,7 @@ restriction.-Do not change this unless you have a complete understanding of RFC 2821. +Do not change this unless you have a complete understanding of RFC 5321.
%PARAM relay_recipient_maps @@ -4242,12 +4242,12 @@ The default time unit is s (seconds).Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO commands as required -by RFC 2821. This includes putting quotes around an address localpart +by RFC 5321. This includes putting quotes around an address localpart that ends in ".".
-The default is to comply with RFC 2821. If you have to send mail to +The default is to comply with RFC 5321. If you have to send mail to a broken SMTP server, configure a special SMTP client in master.cf:
@@ -6412,7 +6412,7 @@ always 450 in case of a temporary DNS error.-Do not change this unless you have a complete understanding of RFC 2821. +Do not change this unless you have a complete understanding of RFC 5321.
%PARAM unknown_client_reject_code 450 @@ -6425,7 +6425,7 @@ with 450 when the mapping failed due to a temporary error condition.-Do not change this unless you have a complete understanding of RFC 2821. +Do not change this unless you have a complete understanding of RFC 5321.
%PARAM unknown_hostname_reject_code 450 @@ -6437,7 +6437,7 @@ reject_unknown_helo_hostname restriction.-Do not change this unless you have a complete understanding of RFC 2821. +Do not change this unless you have a complete understanding of RFC 5321.
%PARAM unknown_local_recipient_reject_code 550 @@ -6481,7 +6481,7 @@ accept the address anyway.-Do not change this unless you have a complete understanding of RFC 2821. +Do not change this unless you have a complete understanding of RFC 5321.
@@ -6501,7 +6501,7 @@ accept the address anyway.
-Do not change this unless you have a complete understanding of RFC 2821. +Do not change this unless you have a complete understanding of RFC 5321.
@@ -6521,7 +6521,7 @@ accept the address anyway.
-Do not change this unless you have a complete understanding of RFC 2821. +Do not change this unless you have a complete understanding of RFC 5321.
@@ -6541,7 +6541,7 @@ accept the address anyway.
-Do not change this unless you have a complete understanding of RFC 2821. +Do not change this unless you have a complete understanding of RFC 5321.
@@ -8272,6 +8272,10 @@ Lookup tables with the per-recipient group ID for virtual(8) mailbox delivery.
+This parameter is specific to the virtual(8) delivery agent. +It does not apply when mail is delivered with a different mail +delivery program.
+In a lookup table, specify a left-hand side of "@domain.tld" to match any user in the specified domain that does not have a specific @@ -8308,6 +8312,10 @@ file system with mailboxes. While virtual_mailbox_base could be set to "/", this setting isn't recommended.
+This parameter is specific to the virtual(8) delivery agent. +It does not apply when mail is delivered with a different mail +delivery program.
+Example:
@@ -8339,6 +8347,10 @@ value is backwards compatible with Postfix version 1.1. The maximal size in bytes of an individual virtual(8) mailbox or maildir file, or zero (no limit). +This parameter is specific to the virtual(8) delivery agent. +It does not apply when mail is delivered with a different mail +delivery program.
+ %PARAM virtual_mailbox_lock see "postconf -d" output@@ -8347,6 +8359,10 @@ delivery. For a list of available file locking methods, use the "postconf -l" command.
+This parameter is specific to the virtual(8) delivery agent. +It does not apply when mail is delivered with a different mail +delivery program.
+This setting is ignored with maildir style delivery, because such deliveries are safe without application-level locks. @@ -8375,6 +8391,10 @@ match any user in the specified domain that does not have a specific "user@domain.tld" entry.
+The remainder of this text is specific to the virtual(8) delivery +agent. It does not apply when mail is delivered with a different +mail delivery program.
+The virtual(8) delivery agent uses this table to look up the per-recipient mailbox or maildir pathname. If the lookup result @@ -8413,6 +8433,10 @@ values less than this will be rejected, and the message will be deferred.
+This parameter is specific to the virtual(8) delivery agent. +It does not apply when mail is delivered with a different mail +delivery program.
+ %PARAM virtual_transport virtual@@ -8439,6 +8463,10 @@ Lookup tables with the per-recipient user ID that the virtual(8) delivery agent uses while writing to the recipient's mailbox.
+This parameter is specific to the virtual(8) delivery agent. +It does not apply when mail is delivered with a different mail +delivery program.
+In a lookup table, specify a left-hand side of "@domain.tld" to match any user in the specified domain that does not have a diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 07549b29f..74e37ec06 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20120715" +#define MAIL_RELEASE_DATE "20120801" #define MAIL_VERSION_NUMBER "2.10" #ifdef SNAPSHOT diff --git a/postfix/src/postqueue/postqueue.c b/postfix/src/postqueue/postqueue.c index ade5af9ee..15308367e 100644 --- a/postfix/src/postqueue/postqueue.c +++ b/postfix/src/postqueue/postqueue.c @@ -60,7 +60,7 @@ /* .RE /* .IP "\fB-s \fIsite\fR" /* Schedule immediate delivery of all mail that is queued for the named -/* \fIsite\fR. A numerical site must be specified as a valid RFC 2821 +/* \fIsite\fR. A numerical site must be specified as a valid RFC 5321 /* address literal enclosed in [], just like in email addresses. /* The site must be eligible for the "fast flush" service. /* See \fBflush\fR(8) for more information about the "fast flush" diff --git a/postfix/src/postscreen/postscreen.c b/postfix/src/postscreen/postscreen.c index 2c55a660c..6ab4a2ef0 100644 --- a/postfix/src/postscreen/postscreen.c +++ b/postfix/src/postscreen/postscreen.c @@ -69,8 +69,7 @@ /* The \fBpostscreen\fR(8) built-in SMTP protocol engine /* currently does not announce support for AUTH, XCLIENT or /* XFORWARD. -/* Support for AUTH may be added in the future. -/* In the mean time, if you need to make these services available +/* If you need to make these services available /* on port 25, then do not enable the optional "after 220 /* server greeting" tests, and do not use DNSBLs that reject /* traffic from dial-up and residential networks. @@ -78,15 +77,16 @@ /* The optional "after 220 server greeting" tests involve /* \fBpostscreen\fR(8)'s built-in SMTP protocol engine. When /* these tests succeed, \fBpostscreen\fR(8) adds the client -/* to the temporary whitelist but it cannot not hand off the +/* to the temporary whitelist, but it cannot not hand off the /* "live" connection to a Postfix SMTP server process in the /* middle of a session. Instead, \fBpostscreen\fR(8) defers /* attempts to deliver mail with a 4XX status, and waits for -/* the client to disconnect. The next time a good client -/* connects, it will be allowed to talk to a Postfix SMTP -/* server process to deliver mail. \fBpostscreen\fR(8) mitigates -/* the impact of this limitation by giving such tests a long -/* expiration time. +/* the client to disconnect. When the client connects again, +/* \fBpostscreen\fR(8) will allow the client to talk to a +/* Postfix SMTP server process (provided that the whitelist +/* status has not expired). \fBpostscreen\fR(8) mitigates +/* the impact of this limitation by giving the "after 220 +/* server greeting" tests a long expiration time. /* CONFIGURATION PARAMETERS /* .ad /* .fi diff --git a/postfix/src/smtp/smtp.c b/postfix/src/smtp/smtp.c index e42282f9f..d91724716 100644 --- a/postfix/src/smtp/smtp.c +++ b/postfix/src/smtp/smtp.c @@ -95,6 +95,7 @@ /* RFC 3461 (SMTP DSN Extension) /* RFC 3463 (Enhanced Status Codes) /* RFC 4954 (AUTH command) +/* RFC 5321 (SMTP protocol) /* DIAGNOSTICS /* Problems and transactions are logged to \fBsyslogd\fR(8). /* Corrupted message files are marked so that the queue manager can @@ -163,7 +164,7 @@ /* .IP "\fBsmtp_quote_rfc821_envelope (yes)\fR" /* Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO commands /* as required -/* by RFC 2821. +/* by RFC 5321. /* .IP "\fBsmtp_reply_filter (empty)\fR" /* A mechanism to transform replies from remote SMTP servers one /* line at a time. diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c index df6ee36ee..83d1e7330 100644 --- a/postfix/src/smtpd/smtpd.c +++ b/postfix/src/smtpd/smtpd.c @@ -52,6 +52,7 @@ /* RFC 3848 (ESMTP transmission types) /* RFC 4409 (Message submission) /* RFC 4954 (AUTH command) +/* RFC 5321 (SMTP protocol) /* DIAGNOSTICS /* Problems and transactions are logged to \fBsyslogd\fR(8). /* @@ -2217,9 +2218,7 @@ static int mail_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv) smtpd_chat_reply(state, "503 5.5.1 Error: send HELO/EHLO first"); return (-1); } -#define IN_MAIL_TRANSACTION(state) ((state)->sender != 0) - - if (IN_MAIL_TRANSACTION(state)) { + if (SMTPD_IN_MAIL_TRANSACTION(state)) { state->error_mask |= MAIL_ERROR_PROTOCOL; smtpd_chat_reply(state, "503 5.5.1 Error: nested MAIL command"); return (-1); @@ -2525,7 +2524,7 @@ static int rcpt_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv) * command with a 501 response. So much for the principle of "be liberal * in what you accept, be strict in what you send". */ - if (!IN_MAIL_TRANSACTION(state)) { + if (!SMTPD_IN_MAIL_TRANSACTION(state)) { state->error_mask |= MAIL_ERROR_PROTOCOL; smtpd_chat_reply(state, "503 5.5.1 Error: need MAIL command"); return (-1); @@ -2888,7 +2887,7 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv) * error. */ if (state->rcpt_count == 0) { - if (!IN_MAIL_TRANSACTION(state)) { + if (!SMTPD_IN_MAIL_TRANSACTION(state)) { state->error_mask |= MAIL_ERROR_PROTOCOL; smtpd_chat_reply(state, "503 5.5.1 Error: need RCPT command"); } else { @@ -3438,7 +3437,7 @@ static int etrn_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv) smtpd_chat_reply(state, "%s", err); return (-1); } - if (IN_MAIL_TRANSACTION(state)) { + if (SMTPD_IN_MAIL_TRANSACTION(state)) { state->error_mask |= MAIL_ERROR_PROTOCOL; smtpd_chat_reply(state, "503 Error: MAIL transaction in progress"); return (-1); @@ -3553,7 +3552,7 @@ static int xclient_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv) * XXX The XCLIENT command will override its own access control, so that * connection count/rate restrictions can be correctly simulated. */ - if (IN_MAIL_TRANSACTION(state)) { + if (SMTPD_IN_MAIL_TRANSACTION(state)) { state->error_mask |= MAIL_ERROR_PROTOCOL; smtpd_chat_reply(state, "503 5.5.1 Error: MAIL transaction in progress"); return (-1); @@ -3849,7 +3848,7 @@ static int xforward_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv) /* * Sanity checks. */ - if (IN_MAIL_TRANSACTION(state)) { + if (SMTPD_IN_MAIL_TRANSACTION(state)) { state->error_mask |= MAIL_ERROR_PROTOCOL; smtpd_chat_reply(state, "503 5.5.1 Error: MAIL transaction in progress"); return (-1); diff --git a/postfix/src/smtpd/smtpd.h b/postfix/src/smtpd/smtpd.h index a4932ac88..8bd11763c 100644 --- a/postfix/src/smtpd/smtpd.h +++ b/postfix/src/smtpd/smtpd.h @@ -305,6 +305,11 @@ extern void smtpd_state_reset(SMTPD_STATE *); #define USE_SMTPD_PROXY(state) \ (SMTPD_STAND_ALONE(state) == 0 && *var_smtpd_proxy_filt) + /* + * Are we in a MAIL transaction? + */ +#define SMTPD_IN_MAIL_TRANSACTION(state) ((state)->sender != 0) + /* * SMTPD peer information lookup. */ diff --git a/postfix/src/smtpd/smtpd_sasl_proto.c b/postfix/src/smtpd/smtpd_sasl_proto.c index 297a445a6..2c01f8dbd 100644 --- a/postfix/src/smtpd/smtpd_sasl_proto.c +++ b/postfix/src/smtpd/smtpd_sasl_proto.c @@ -164,6 +164,11 @@ int smtpd_sasl_auth_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv) smtpd_chat_reply(state, "503 5.5.1 Error: authentication not enabled"); return (-1); } + if (SMTPD_IN_MAIL_TRANSACTION(state)) { + state->error_mask |= MAIL_ERROR_PROTOCOL; + smtpd_chat_reply(state, "503 5.5.1 Error: MAIL transaction in progress"); + return (-1); + } if (smtpd_milters != 0 && (err = milter_other_event(smtpd_milters)) != 0) { if (err[0] == '5') { state->error_mask |= MAIL_ERROR_POLICY;