mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-29 13:18:12 +00:00
Code Issues Releases Wiki Activity

snapshot-19991220

Browse Source
This commit is contained in:
Wietse Venema 1999-12-20 00:00:00 -05:00
parent 89d0723baf
commit 6c23bcd020
18 changed files with 462 additions and 275 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
postfix/HISTORY
View File

@ -3427,3 +3427,12 @@ Apologies for any names omitted.
Cleanup: INSTALL.sh uses a configurable directory for
scratch files, so that it can install from a file system
that is not writable by the super-user.
19991220
Cleanup: it is no longer necessary to list $virtual_maps
as part of the relay_domains definition. The SMTP server
now by default accepts mail for domains that match
$mydestination or $virtual_maps, or that resolve to a mail
delivery transport that is listed in $local_transport.
Files: smtpd/smtpd_check.c and lots of documentation.

79
postfix/conf/main.cf
View File

@ -14,12 +14,6 @@
#
queue_directory = /var/spool/postfix
# The program_directory parameter specifies the default location of
# Postfix support programs and daemons. This setting can be overruled
# with the command_directory and daemon_directory parameters.
#
program_directory = /some/where/postfix/bin
# The command_directory parameter specifies the location of all
# postXXX commands. The default value is $program_directory.
#
@ -90,7 +84,9 @@ mail_owner = postfix
#inet_interfaces = $myhostname, localhost
# The mydestination parameter specifies the list of domains that this
# machine considers itself the final destination for.
# machine considers itself the final destination for. That does not
# include domains that are hosted on this machine. Those domains are
# specified elsewhere (see sample-virtual.cf, and sample-transport.cf).
#
# The default is $myhostname + localhost.$mydomain. On a mail domain
# gateway, you should also include $mydomain. Do not specify the
@ -131,34 +127,6 @@ mail_owner = postfix
#
#local_recipient_maps = $alias_maps unix:passwd.byname
# INTERNET VERSUS INTRANET
#
# The relayhost parameter specifies the default host to send mail to
# when no entry is matched in the optional transport(5) table. When
# no relayhost is given, mail is routed directly to the destination.
#
# On an intranet, specify the organizational domain name. If your
# internal DNS uses no MX records, specify the name of the intranet
# gateway host instead.
#
# Specify a domain, host, host:port, [address] or [address:port].
# Use the form [destination] to turn off MX lookups. See also the
# default_transport parameter if you're connected via UUCP.
#
#relayhost = $mydomain
#relayhost = gateway.my.domain
#relayhost = uucphost
#relayhost = [mail.$mydomain:9999]
# DEFAULT TRANSPORT
#
# The default_transport parameter specifies the default message
# delivery transport to use when no transport is explicitly given in
# the optional transport(5) table.
#
#default_transport = smtp
#default_transport = uucp
# ADDRESS REWRITING
#
# Insert text from sample-rewrite.cf if you need to do address
@ -211,18 +179,6 @@ mail_owner = postfix
#alias_database = hash:/etc/aliases
#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases
# DELIVERED-TO
#
# The prepend_delivered_header controls when Postfix should prepend
# a Delivered-To: message header.
#
# By default, Postfix prepends a Delivered-To: header when forwarding
# mail and when delivering to file (mailbox) or command. Turning off
# the Delivered-To: header when forwarding mail is not recommended.
#
# prepend_delivered_header = command, file, forward
# prepend_delivered_header = forward
# ADDRESS EXTENSIONS (e.g., user+foo)
#
# The recipient_delimiter parameter specifies the separator between
@ -256,10 +212,6 @@ mail_owner = postfix
# the recipient with proper HOME, SHELL and LOGNAME environment settings.
# Exception: delivery for root is done as $default_user.
#
# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE WITH, E.G., PROCMAIL,
# YOU MUST SET UP AN ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL
# USER.
#
# Other environment variables of interest: USER (recipient username),
# EXTENSION (address extension), DOMAIN (domain part of address),
# and LOCAL (the address localpart).
@ -271,6 +223,9 @@ mail_owner = postfix
# Avoid shell meta characters because they will force Postfix to run
# an expensive shell process. Procmail alone is expensive enough.
#
# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN
# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER.
#
#mailbox_command = /some/where/procmail
#mailbox_command = /some/where/procmail -a "$EXTENSION"
@ -317,14 +272,20 @@ mail_owner = postfix
#header_checks = regexp:/etc/postfix/filename
#header_checks = pcre:/etc/postfix/filename
# The relay_domains parameter restricts what client hostname domains
# (and subdomains thereof) this mail system will relay mail from,
# and restricts what destination domains (and subdomains thereof)
# this system will relay mail to. See the smtpd_recipient_restrictions
# restriction in the file sample-smtpd.cf.
# The relay_domains parameter restricts what clients this mail system
# will relay mail from, or what destinations this system will relay
# mail to. See the smtpd_recipient_restrictions restriction in the
# file sample-smtpd.cf.
#
# By default, Postfix relays mail only from clients or to destinations
# in or below $mydestination, or in the optional virtual domain list.
# By default, Postfix relays mail from clients whose IP address
# matches $mynetworks, and from clients or to destination domains
# matching $relay_domains or subdomains thereof. The default
# relay_domains value is $mydestination.
#
# By default, the Postfix SMTP server accepts mail for domains listed
# in $mydestination and in $virtual_maps, and for destinations that
# resolve to a mail delivery transport listed in $local_transports.
# These destinations do not need to be listed in $relay_domains.
#
# Specify a list of hosts or domains, /file/name patterns or type:name
# lookup tables, separated by commas and/or whitespace. Continue
@ -336,7 +297,7 @@ mail_owner = postfix
# list this system as their primary or backup MX host. See the
# permit_mx_backup restriction in the file sample-smtpd.cf.
#
#relay_domains = $mydestination, $virtual_maps
#relay_domains = $mydestination
# The mynetworks parameter specifies the list of networks that are
# local to this machine. The list is used by the anti-UCE software

7
postfix/conf/sample-local.cf
View File

@ -101,10 +101,6 @@ home_mailbox =
# as the recipient with proper HOME, SHELL and LOGNAME environment settings.
# Exception: delivery for root is done as $default_user.
#
# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE WITH, E.G., PROCMAIL,
# YOU MUST SET UP AN ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL
# USER.
#
# Other environment variables of interest: USER (recipient username),
# EXTENSION (address extension), DOMAIN (domain part of address),
# and LOCAL (the address localpart).
@ -116,6 +112,9 @@ home_mailbox =
# Avoid shell meta characters because they will force Postfix to run
# an expensive shell process. Procmail alone is expensive enough.
#
# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN
# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER.
#
# mailbox_command = /some/where/procmail
# mailbox_command = /some/where/procmail -a "$EXTENSION"
mailbox_command =

39
postfix/conf/sample-smtpd.cf
View File

@ -185,22 +185,30 @@ smtpd_sender_restrictions =
# The smtpd_recipient_restrictions parameter specifies restrictions on
# recipient addresses that SMTP clients can send in RCPT TO commands.
#
# The default is to permit any destination from clients that match
# $mynetworks, and to otherwise permit only mail from clients or to
# destinations that match $relay_domains or a subdomain thereof.
# By default, Postfix relays mail from clients whose IP address
# matches $mynetworks, and from clients or to destination domains
# matching $relay_domains or subdomains thereof. The default
# relay_domains value is $mydestination.
#
# The following restrictions are available:
# By default, the Postfix SMTP server accepts mail for domains listed
# in $mydestination and in $virtual_maps, and for destinations that
# resolve to a mail delivery transport listed in $local_transports.
# These destinations do not need to be listed in $relay_domains.
#
# permit_mynetworks: permit if the client address matches $mynetworks.
# The following restrictions are available (* is part of default setting):
#
# *permit_mynetworks: permit if the client address matches $mynetworks.
# reject_unknown_client: reject the request if the client hostname is unknown.
# reject_maps_rbl: reject if the client is listed under $maps_rbl_domains.
# reject_invalid_hostname: reject HELO hostname with bad syntax.
# reject_unknown_hostname: reject HELO hostname without DNS A or MX record.
# reject_unknown_sender_domain: reject sender domain without A or MX record.
# check_relay_domains: permit only mail from clients/to domains matching
# $relay_domains, or to the local machine.
# permit_auth_destination: permit mail to self or to $relay_domains.
# reject_unauth_destination: reject mail not to self or to $relay_domains.
# *check_relay_domains: permit only mail from clients/to domains matching
# $relay_domains, or to $mydestination, $virtual_maps or $local_transports
# permit_auth_destination: permit mail to domains matching $relay_domains,
# or to $mydestination, $virtual_maps or $local_transports.
# reject_unauth_destination: reject mail not to $relay_domains or to
# $mydestination, $virtual_maps or $local_transports.
# reject_unauth_pipelining: reject mail from improperly pipelining spamware
# permit_mx_backup: accept mail for sites that list me as MX host.
# reject_unknown_recipient_domain: reject domains without A or MX record.
@ -246,8 +254,15 @@ maps_rbl_domains = rbl.maps.vix.com
# and restricts what destination domains (and subdomains thereof)
# this system will relay mail to.
#
# By default, Postfix relays mail only from clients or to destinations
# in or below $mydestination, or in the optional virtual domain list.
# By default, Postfix relays mail from clients whose IP address
# matches $mynetworks, and from clients or to destination domains
# matching $relay_domains or subdomains thereof. The default
# relay_domains value is $mydestination.
#
# By default, the Postfix SMTP server accepts mail for domains listed
# in $mydestination and in $virtual_maps, and for destinations that
# resolve to a mail delivery transport listed in $local_transports.
# These destinations do not need to be listed in $relay_domains.
#
# Specify a list of hosts or domains, /file/name patterns or type:name
# lookup tables, separated by commas and/or whitespace. Continue
@ -260,7 +275,7 @@ maps_rbl_domains = rbl.maps.vix.com
# permit_mx_backup restriction, in the description of the
# smtpd_recipient_restrictions parameter.
#
relay_domains = $mydestination, $virtual_maps
relay_domains = $mydestination
#
# RESPONSE CODES

16
postfix/conf/sample-transport.cf
View File

@ -4,6 +4,14 @@
# This file contains example settings of Postfix configuration
# parameters that control the optional transport table lookups.
# The local_transports parameter defines the name of the default
# transport for local mail delivery, plus zero or more names of
# additional transports that are known to deliver locally. By default,
# the SMTP server's UCE restrictions permit mail for any destination
# that resolves to a mail delivery transport in $local_transports.
#
local_transports = local,cyrus
# The transport_maps parameter specifies optional tables with domain
# to (transport, nexthop) mappings. See transport(5) for syntax details.
#
@ -16,11 +24,3 @@
# transport_maps = hash:/etc/postfix/transport, nis:transport
# transport_maps = hash:/etc/postfix/transport, netinfo:/transport
transport_maps =
# The local_transports parameter defines the name of the default
# transport for local mail delivery, plus zero or more names of
# additional transports that are known to deliver locally. The SMTP
# server's UCE restrictions use this list to decide if an address
# would be forwarded or not.
#
local_transports = local

2
postfix/conf/sample-virtual.cf
View File

@ -13,7 +13,7 @@
# If you use this feature, run "postmap /etc/postfix/virtual" to
# build the necessary DBM or DB file after change.
#
# It will take a minute or so before the change becomes visible.
# It may take a minute or so before the change becomes visible.
# Use "postfix reload" to eliminate the delay.
#
# virtual_maps = dbm:/etc/postfix/virtual

6
postfix/conf/virtual
View File

@ -31,10 +31,8 @@
# .fi
# .in -4
#
# With this, the SMTP server accepts mail for \fIvirtual.domain\fR
# (provided that the \fBrelay_domains\fR parameter includes
# $\fBvirtual_maps\fR), and mail for \fIunknown\fR@\fIvirtual.domain\fR
# is bounced as undeliverable.
# With this, the SMTP server accepts mail for \fIvirtual.domain\fR and
# rejects mail for \fIunknown\fR@\fIvirtual.domain\fR as undeliverable.
#
# The format of the virtual table is as follows, mappings being
# tried in the order as listed in this manual page:

4
postfix/global/mail_params.h
View File

@ -84,7 +84,7 @@ extern char *var_mydomain;
* Transports that deliver locally. Order matters.
*/
#define VAR_LOCAL_TRANSP "local_transports"
#define DEF_LOCAL_TRANSP "local"
#define DEF_LOCAL_TRANSP "local,cyrus"
extern char *var_local_transports;
/*
@ -717,7 +717,7 @@ extern int var_trigger_timeout;
extern char *var_mynetworks;
#define VAR_RELAY_DOMAINS "relay_domains"
#define DEF_RELAY_DOMAINS "$mydestination, $virtual_maps"
#define DEF_RELAY_DOMAINS "$mydestination"
extern char *var_relay_domains;
#define VAR_CLIENT_CHECKS "smtpd_client_restrictions"

2
postfix/global/mail_version.h
View File

@ -15,7 +15,7 @@
* Version of this program.
*/
#define VAR_MAIL_VERSION "mail_version"
#define DEF_MAIL_VERSION "Snapshot-19991219"
#define DEF_MAIL_VERSION "Snapshot-19991220"
extern char *var_mail_version;
/* LICENSE

116
postfix/html/faq.html
View File

@ -52,6 +52,8 @@
<ul>
<li><a href="#stand_alone">Stand-alone machine</a>
<li><a href="#workstation_server">Workstations and servers</a>
<li><a href="#null_client">Null clients</a>
@ -110,7 +112,8 @@ virtual domains</a>
<li><a href="#root">Root's mail is delivered to nobody</a>
<li><a href="#local">Delivering some users locally while sending mail as user@domain</a>
<li><a href="#some_local">Delivering some users locally while
sending mail as user@domain</a>
<li><a href="#maildir">Support for maildir-style mailboxes</a>
@ -196,9 +199,19 @@ virtual domains</a>
<hr>
<a name="stand_alone"><h3>Stand-alone machine</h3>
Out of the box, Postfix should work without change on a stand-alone
machine that is has direct Internet access. At least, that is how
Postfix installs when you download the Postfix source code. If you
are on a firewalled intranet, or if your machine is dial-up connected
only a small part of the time, see the respective sections.
<hr>
<a name="workstation_server"><h3>Workstations and servers</h3>
This section describes a workstation-sever environment. All systems
This section describes a workstation-server environment. All systems
send mail as user@domain. All systems receive mail for user@hostname.
The server receives mail for user@domain, too.
@ -268,7 +281,6 @@ domain.
<pre>
<b>/etc/postfix/main.cf</b>:
mydestination =
myorigin = $mydomain
relayhost = $mydomain
@ -279,21 +291,9 @@ domain.
<p>
The mail server is the primary MX host for null clients (remember,
null clients do not receive mail, so something needs to be done
with mail for user@nullclient).
<p>
<pre>
<b>/etc/postfix/main.cf</b>:
myorigin = $mydomain
mydestination = $myhostname localhost.$mydomain $mydomain /etc/postfix/nullclients
<b>/etc/postfix/nullclients</b>:
hosta.my.domain
hostb.my.domain
</pre>
Since everything sends mail as user@domain, nothing sends mail as
user@nullclient, and therefore no special configuration needs to
be done on the mail server for mail addressed to user@nullclient.
<hr>
@ -307,8 +307,18 @@ to let that mail gateway take care of forwarding.
<ul>
<li>Forward <i>all</i> mail to an intranet mail gateway, unless
the mail is to be delivered on the local machine:
<li>Send mail as user@domain. This is optional but highly recommended
because it allows users to change machines without hassle.
<pre>
<b>/etc/postfix/main.cf</b>:
myorigin = $mydomain
</pre>
<p>
<li>Forward <i>all</i> mail to an intranet mail gateway, except
for mail for the local machine:
<p>
@ -364,8 +374,8 @@ href="transport.5.html">transport</a> table lookups.
<b>/etc/postfix/transport</b>:
my.domain smtp:
.my.domain smtp:
thishost.my.domain local: <blink>important!</blink>
localhost.my.domain local: <blink>important!</blink>
thishost.my.domain local: <blink>!important!</blink>
localhost.my.domain local: <blink>!important!</blink>
<b>/etc/postfix/main.cf</b>:
transport_maps = hash:/etc/postfix/transport
@ -373,8 +383,8 @@ href="transport.5.html">transport</a> table lookups.
<p>
Important: do not omit the entries that route local mail to the
local delivery agent, or else mail your mail will go into a loop.
Important: do not omit the entries that deliver mail locally, or
else mail will bounce with a "mail loops to myself" condition.
<p>
@ -383,6 +393,11 @@ uses <b>dbm</b> files instead of <b>db</b>.
<p>
Execute the command <b>postmap /etc/postfix/transport</b> whenever
you edit the transport table.
<p>
<li>Execute the command <b>postfix reload</b> to make the
changes effective.
@ -393,7 +408,8 @@ changes effective.
<a name="firewall"><h3>Running Postfix on a firewall</h3> </a>
Note: this text applies to Postfix versions dated 19991115
and later only.
and later only. To find out what Postfix version you have,
execute the command <b>postconf mail_version</b>.
<p>
@ -421,8 +437,11 @@ route mail for <i>my.domain</i> to the inside machine:
transport_maps = hash:/etc/postfix/transport
<b>/etc/postfix/transport</b>:
my.domain smtp:inside-gateway.my.domain
.my.domain smtp:inside-gateway.my.domain
my.domain smtp:inside-gateway.my.domain (forwards user@domain)
.my.domain smtp:inside-gateway.my.domain (forwards user@firewall)
<b>/etc/postfix/master.cf</b>:
Comment out the local delivery agent
</pre>
<p>
@ -432,6 +451,11 @@ files instead of <b>db</b>.
<p>
<li>Execute the command <b>postmap /etc/postfix/transport</b>
whenever you change the transport table.
<p>
<li>Execute the command <b>postfix reload</b> after a
configuration change.
@ -441,6 +465,18 @@ configuration change.
<a name="dialup"><h3>Running Postfix on a dialup machine</h3></a>
This section applies to dialup connections that are down most of
the time. For dialup connections that are up 24x7, see the <a
href="#workstation_server">workstations and servers</a> section
instead.
<p>
If you do not have your own hostname (as with dynamic IP addressing)
and must send mail as user@your-isp.com, you should also study the
the section on <a href="#some_local">delivering some users locally
while sending mail as user@domain</a>.
<ul>
<li> Route all outgoing mail to your provider.
@ -588,11 +624,12 @@ is probably more a matter of expectation and of what one is used to.
<p>
This can be "fixed" only by making Postfix slower. Postfix would
first have to expand all distribution lists before starting any
delivery. By design, Postfix delivers mail to different destinations
in parallel, and local delivery is no exception. This is why Postfix
can be faster than sendmail.
This can be "fixed" only by making Postfix slower. In the above
examples, Postfix would first have to completely expand all
distribution lists before starting any delivery. By design, Postfix
delivers mail to different destinations in parallel, and local
delivery is no exception. This is why Postfix can be faster than
sendmail.
<hr>
@ -601,14 +638,14 @@ distribution list</h3> </a>
Some people will complain that Postfix sends mail to every member
of a distribution list, including the poster. By default, Sendmail
deletes the poster from the distribution list. Sendmail sends mail
to the poster only when the "metoo" flag is explicitly turned on.
deletes the poster from distribution lists. Sendmail sends mail to
the poster only when the "metoo" flag is explicitly turned on.
<p>
Wietse believes that Postfix implements the "right" behavior,
and suspects that Sendmail's default behavior is a remnant from a
dark past when Sendmail used a really crummy algorithm to avoid
dark past when Sendmail used a pretty crummy algorithm to avoid
aliasing loops.
<hr>
@ -902,7 +939,8 @@ To find out the location for your system, execute the command
<hr>
<a name="local"><h3>Delivering some users locally while sending mail as user@domain</h3></a>
<a name="some_local"><h3>Delivering some users locally while sending
mail as user@domain</h3></a>
<ul>
@ -1630,8 +1668,8 @@ changes effective.
<a name="uucp-only"><h3>Using UUCP as the default transport</h3> </a>
Here is how to relay all your mail over a UUCP link. See the <a
href="#uucp">Internet to UUCP</a> FAQ entry for setting up a machine
that gateways between UUCP and SMTP.
href="#internet-uucp">Internet to UUCP</a> FAQ entry for setting
up a machine that gateways between UUCP and SMTP.
<p>
@ -1813,7 +1851,7 @@ One problem: older DB versions install a file
<b>/usr/local/include/ndbm.h</b> that is incompatible with
<b>/usr/include/ndbm.h</b>. Be sure to get rid of the bogus file.
See the FAQ entry titled "<a href="#dbm_dirfno">Undefined symbols:
dbm_pagfno, dbm_dirfno etc".
dbm_pagfno, dbm_dirfno etc</a>".
<hr>

76
postfix/html/qmgr.8.html
View File

@ -210,6 +210,10 @@ QMGR(8) QMGR(8)
command after a configuration change.
<b>Miscellaneous</b>
<b>allow</b><i>_</i><b>min</b><i>_</i><b>user</b>
Do not bounce recipient addresses that begin with
'-'.
<b>relocated</b><i>_</i><b>maps</b>
Tables with contact information for users, hosts or
domains that no longer exist. See <a href="relocated.5.html"><b>relocated</b>(5)</a>.
@ -252,10 +256,6 @@ QMGR(8) QMGR(8)
Time in seconds between attempts to contact a bro-
ken delivery transport.
<b>Concurrency</b> <b>controls</b>
In the text below, <i>transport</i> is the first field in a <b>mas-</b>
<b>ter.cf</b> entry.
@ -269,6 +269,26 @@ QMGR(8) QMGR(8)
QMGR(8) QMGR(8)
<b>Concurrency</b> <b>controls</b>
In the text below, <i>transport</i> is the first field in a <b>mas-</b>
<b>ter.cf</b> entry.
<b>qmgr</b><i>_</i><b>fudge</b><i>_</i><b>factor</b> (valid range: 10..100)
The percentage of delivery resources that a busy
mail system will use up for delivery of a large
mailing list message. With 100%, delivery of one
message does not begin before the previous message
has been delivered. This results in good perfor-
mance for large mailing lists, but results in poor
response time for one-to-one mail. With less than
100%, response time for one-to-one mail improves,
but large mailing list delivery performance suf-
fers. In the worst case, recipients near the begin-
ning of a large list receive a burst of messages
immediately, while recipients near the end of that
list receive that same burst of messages a whole
day later.
<b>initial</b><i>_</i><b>destination</b><i>_</i><b>concurrency</b>
Initial per-destination concurrency level for par-
allel delivery to the same destination.
@ -303,6 +323,18 @@ QMGR(8) QMGR(8)
<b>AUTHOR(S)</b>
Wietse Venema
5
QMGR(8) QMGR(8)
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA
@ -326,7 +358,41 @@ QMGR(8) QMGR(8)
5
6
</pre> </body> </html>

56
postfix/html/smtpd.8.html
View File

@ -109,6 +109,12 @@ SMTPD(8) SMTPD(8)
<b>notify</b><i>_</i><b>classes</b>
List of error classes. Of special interest are:
<b>local</b><i>_</i><b>recipient</b><i>_</i><b>maps</b>
List of maps with user names that are local to
<b>$myorigin</b> or <b>$inet</b><i>_</i><b>interfaces</b>. If this parameter is
defined, then the SMTP server rejects mail for
unknown local users.
<b>policy</b> When a client violates any policy, mail a
transcript of the entire SMTP session to the
postmaster.
@ -119,12 +125,6 @@ SMTPD(8) SMTPD(8)
transcript of the entire SMTP session to the
postmaster.
<b>smtpd</b><i>_</i><b>banner</b>
Text that follows the <b>220</b> status code in the SMTP
greeting banner.
<b>smtpd</b><i>_</i><b>recipient</b><i>_</i><b>limit</b>
Restrict the number of recipients that the SMTP
@ -137,6 +137,12 @@ SMTPD(8) SMTPD(8)
SMTPD(8) SMTPD(8)
<b>smtpd</b><i>_</i><b>banner</b>
Text that follows the <b>220</b> status code in the SMTP
greeting banner.
<b>smtpd</b><i>_</i><b>recipient</b><i>_</i><b>limit</b>
Restrict the number of recipients that the SMTP
server accepts per message delivery.
<b>smtpd</b><i>_</i><b>timeout</b>
@ -184,13 +190,7 @@ SMTPD(8) SMTPD(8)
Restrict what client hostnames are allowed in <b>HELO</b>
and <b>EHLO</b> commands.
<b>smtpd</b><i>_</i><b>sender</b><i>_</i><b>restrictions</b>
Restrict what sender addresses are allowed in <b>MAIL</b>
<b>FROM</b> commands.
<b>smtpd</b><i>_</i><b>recipient</b><i>_</i><b>restrictions</b>
Restrict what recipient addresses are allowed in
<b>RCPT</b> <b>TO</b> commands.
@ -203,6 +203,14 @@ SMTPD(8) SMTPD(8)
SMTPD(8) SMTPD(8)
<b>smtpd</b><i>_</i><b>sender</b><i>_</i><b>restrictions</b>
Restrict what sender addresses are allowed in <b>MAIL</b>
<b>FROM</b> commands.
<b>smtpd</b><i>_</i><b>recipient</b><i>_</i><b>restrictions</b>
Restrict what recipient addresses are allowed in
<b>RCPT</b> <b>TO</b> commands.
<b>smtpd</b><i>_</i><b>etrn</b><i>_</i><b>restrictions</b>
Restrict what domain names can be used in <b>ETRN</b> com-
mands, and what clients may issue <b>ETRN</b> commands.
@ -249,14 +257,6 @@ SMTPD(8) SMTPD(8)
<b>unknown</b><i>_</i><b>client</b><i>_</i><b>reject</b><i>_</i><b>code</b>
Server response when a client without address to
name mapping violates the <b>reject</b><i>_</i><b>unknown</b><i>_</i><b>clients</b>
restriction.
<b>unknown</b><i>_</i><b>hostname</b><i>_</i><b>reject</b><i>_</i><b>code</b>
Server response when a client violates the
<b>reject</b><i>_</i><b>unknown</b><i>_</i><b>hostname</b> restriction.
<b>SEE</b> <b>ALSO</b>
<a href="cleanup.8.html">cleanup(8)</a> message canonicalization
@ -269,6 +269,14 @@ SMTPD(8) SMTPD(8)
SMTPD(8) SMTPD(8)
restriction.
<b>unknown</b><i>_</i><b>hostname</b><i>_</i><b>reject</b><i>_</i><b>code</b>
Server response when a client violates the
<b>reject</b><i>_</i><b>unknown</b><i>_</i><b>hostname</b> restriction.
<b>SEE</b> <b>ALSO</b>
<a href="cleanup.8.html">cleanup(8)</a> message canonicalization
<a href="master.8.html">master(8)</a> process manager
syslogd(8) system logging
@ -309,14 +317,6 @@ SMTPD(8) SMTPD(8)

140
postfix/html/uce.html
View File

@ -26,9 +26,9 @@ unsolicited commercial email (UCE).
<p>
By default, the Postfix <a href="smtpd.8.html">SMTP server</a> will
accept mail only from or to the local network or domain, so that
your system can't be used as a mail relay to forward bulk mail from
random strangers.
accept mail only from or to the local network or domain, or to
domains that are hosted by Postfix, so that your system can't be
used as a mail relay to forward bulk mail from random strangers.
<p>
@ -48,7 +48,7 @@ command.
<p>
<li> <a href="#smtpd_client_restrictions">Client name/address
<li> <a href="#smtpd_client_restrictions">Client hostname/address
restrictions</a>
<p>
@ -62,6 +62,11 @@ restrictions</a>
<p>
<li> <a href="#strict_rfc821_envelopes">Require strict RFC 821-style
envelope addresses </a>
<p>
<li> <a href="#smtpd_sender_restrictions">Sender address restrictions
</a>
@ -108,15 +113,16 @@ matches a table, a REJECT result means reject the message.
<p>
<i>A rule ending in OK affects only the header being matched. The
next header may still result in a REJECT match, causing the mail
still to be rejected.</i>
<i>At present, specifying a header pattern with OK serves no useful
purpose. A rule ending in OK affects only the header being matched.
The next header may still result in a REJECT match, causing the
mail still to be rejected.</i>
</dl>
<p>
<dt>Examples:
<dt>Examples (main.cf):
<dd> <b>header_checks = regexp:/etc/postfix/header_checks</b>
@ -124,9 +130,15 @@ still to be rejected.</i>
<p>
<dt>Example (header_checks):
<dd> /^to: *friend@public\.com$/ REJECT
<p>
<a name="smtpd_client_restrictions">
<h2> Client name/address restrictions</h2>
<h2> Client hostname/address restrictions</h2>
The <b>smtpd_client_restrictions</b> parameter restricts what
clients this system accepts SMTP connections from.
@ -168,7 +180,7 @@ reject_unknown_client</b>
<a name="reject_unknown_client">
<dt> <b>reject_unknown_client</b> <dd> Reject the request when the
client address to name lookup failed. The
client IP address has no PTR record in the DNS. The
<b>unknown_client_reject_code</b> parameter specifies the response
code to rejected requests (default: <b>450</b>).
@ -177,7 +189,7 @@ code to rejected requests (default: <b>450</b>).
<a name="permit_mynetworks">
<dt> <b>permit_mynetworks</b> <dd> Permit the request when the
client address matches any network listed in <a
client IP address matches any network listed in <a
href="basic.html#mynetworks"> $mynetworks</a>.
<p>
@ -187,8 +199,8 @@ href="basic.html#mynetworks"> $mynetworks</a>.
<dt> <b>check_client_access</b> <i>maptype</i>:<i>mapname</i>
<dt> <i>maptype</i>:<i>mapname</i> <dd> Search the named <a
href="access.5.html">access database</a> for the client name, parent
domains, client address, or networks obtained by stripping least
href="access.5.html">access database</a> for the client hostname, parent
domains, client IP address, or networks obtained by stripping least
significant octets. Reject the request if the result is <b>REJECT</b>
or "[<b>45</b>]<i>XX text</i>". Permit the request if the result
is <b>OK</b> or <b>RELAY</b> or all-numerical. Otherwise, treat the
@ -225,7 +237,7 @@ rejected requests (default: <b>554</b>).
<h2> Require HELO (EHLO) command</h2>
The <b>smtpd_helo_required</b> parameter determines if clients must
send a <b>HELO</b> (<b>EHLO</b>) command at the beginning of an
send a <b>HELO</b> (or <b>EHLO</b>) command at the beginning of an
SMTP session. Requiring this will stop some UCE software.
<p>
@ -264,7 +276,7 @@ UCE software can be stopped by being strict here.
<dt>Default:
<dd>By default, the Postfix <a href="smtpd.8.html">SMTP server</a>
accepts any hostname.
accepts any garbage in the <b>HELO</b> (<b>EHLO</b>) command.
<p>
@ -297,7 +309,7 @@ on the client hostname or network address.
<a name="reject_invalid_hostname">
<dt> <b>reject_invalid_hostname</b> <dd> Reject the request when
the client HELO and EHLO command has a bad hostname syntax. The
the client HELO or EHLO parameter has a bad hostname syntax. The
<b>invalid_hostname_reject_code</b> specifies the response code to
rejected requests (default: 501).
@ -326,8 +338,9 @@ response code to rejected requests (default: <b>450</b>).
<dt> <b>reject_non_fqdn_hostname</b> <dd> Reject the request when
the hostname in the client HELO (EHLO) command is not in fully-qualified
domain form. The <b>non_fqdn_reject_code</b> specifies the
response code to rejected requests (default: <b>504</b>).
domain form, as required by the RFC. The <b>non_fqdn_reject_code</b>
specifies the response code to rejected requests (default:
<b>504</b>).
<p>
@ -354,7 +367,7 @@ the response code for <b>REJECT</b> results (default: <b>554</b>).
<dt> <b><a href="#check_client_access">check_client_access</a></b> <i>maptype</i>:<i>mapname</i>
<dd> See client name/address restrictions.
<dd> See client hostname/address restrictions.
<p>
@ -370,6 +383,34 @@ the response code for <b>REJECT</b> results (default: <b>554</b>).
</dl>
<a name="strict_rfc821_envelopes">
<h2> Require strict RFC 821-style envelope addresses </h2>
The <b>strict_rfc821_envelopes</b> parameter controls how tolerant
Postfix is with respect to addresses given in MAIL FROM or RCPT TO
commands. Being strict to the RFC not only stops unwanted mail,
but also blocks legitimate mail from poorly-written mail applications.
<p>
<dl>
<dt> Default:
<dd>By default, the Postfix <a href="smtpd.8.html">SMTP server</a>
accepts any address form that it can make sense of, including forms
that contain RFC 822-style comments, or addresses not enclosed in
&lt;&gt;.
<p>
<dt> Example:
<dd><b>strict_rfc821_envelopes = yes</b>
</dl>
<a name="smtpd_sender_restrictions">
<h2> Sender address restrictions</h2>
@ -469,7 +510,7 @@ response code to rejected requests (default: <b>504</b>).
<dt> <b><a href="#check_client_access">check_client_access</a></b> <i>maptype</i>:<i>mapname</i>
<dd> See client name/address restrictions.
<dd> See client hostname/address restrictions.
<p>
@ -497,10 +538,20 @@ recipient addresses this system accepts in RCPT TO commands.
<dt>Default:
<dd>By default, the Postfix <a href="smtpd.8.html">SMTP server</a>
forwards mail from any client that matches <a
href="basic.html#mynetworks">$mynetworks</a> or <a
href="#relay_domains">$relay_domains</a>, or to any destination
that matches <a href="#relay_domains"> $relay_domains</a>.
relays mail from any client whose IP address matches <a
href="basic.html#mynetworks">$mynetworks</a> or whose hostname
matches <a href="#relay_domains">$relay_domains</a> or a subdomain
thereof, and relays mail to any destination that matches <a
href="#relay_domains"> $relay_domains</a> or a subdomain thereof.
<p>
In addition, the Postfix <a href="smtpd.8.html">SMTP server</a> by
default accepts mail for which Postfix is the final destination:
anything that matches <a href="basic.html#mydomain">$mydomain</a>,
<a href="basic.html#mynetworks">$mynetworks</a> or <a
href="virtual.5.html">$virtual_maps</a>, or anything that resolves
to a mail delivery transport whose name is listed in $local_transports.
<p>
@ -536,12 +587,16 @@ reject_unauth_destination</b>
<a name="check_relay_domains">
<dt> <b>check_relay_domains</b> <dd> Permit the request when the
client hostname matches <a href="#relay_domains">$relay_domains</a>,
or when the resolved destination address matches <a
href="basic.html#mydestination">$mydestination</a>, the machine IP
addresses, or <a href="#relay_domains"> $relay_domains</a>, otherwise
reject the request. The <b>relay_domains_reject_code</b> parameter
specifies the response code for rejected requests (default:
client hostname matches <a href="#relay_domains">$relay_domains</a>
or a subdomain thereof, or when the resolved destination address
matches <a href="#relay_domains">$relay_domains</a> or a subdomain
thereof, or when Postfix is the final destination: anything that
matches <a href="basic.html#mydomain">$mydomain</a>, <a
href="basic.html#mynetworks">$mynetworks</a> or <a
href="virtual.5.html">$virtual_maps</a>, or anything that resolves
to a mail delivery transport whose name is listed in $local_transports.
Otherwise reject the request. The <b>relay_domains_reject_code</b>
parameter specifies the response code for rejected requests (default:
<b>554</b>).
<p>
@ -550,8 +605,12 @@ specifies the response code for rejected requests (default:
<dt> <b>permit_auth_destination</b> <dd> Ignore the client hostname.
Permit the request when the resolved destination address matches
<a href="basic.html#mydestination">$mydestination</a>, the
machine IP addresses, or <a href="#relay_domains"> $relay_domains</a>.
<a href="#relay_domains"> $relay_domains</a> or a subdomain thereof,
or when Postfix is the final destination: anything that matches
<a href="basic.html#mydomain">$mydomain</a>, <a
href="basic.html#mynetworks">$mynetworks</a> or <a
href="virtual.5.html">$virtual_maps</a>, or anything that resolves
to a mail delivery transport whose name is listed in $local_transports.
<p>
@ -559,8 +618,13 @@ machine IP addresses, or <a href="#relay_domains"> $relay_domains</a>.
<dt> <b>reject_unauth_destination</b> <dd> Ignore the client
hostname. Reject the request when the resolved destination address
does not match <a href="basic.html#mydestination">$mydestination</a>,
the machine IP addresses, or <a href="#relay_domains"> $relay_domains</a>.
does not match <a href="#relay_domains"> $relay_domains</a> or a
subdomain thereof, and when Postfix is not the final destination.
Postfix is final destination for anything that matches <a
href="basic.html#mydomain">$mydomain</a>, <a
href="basic.html#mynetworks">$mynetworks</a> or <a
href="virtual.5.html">$virtual_maps</a>, or anything that resolves
to a mail delivery transport whose name is listed in $local_transports.
The <b>relay_domains_reject_code</b> parameter specifies the response
code for rejected requests (default: <b>554</b>).
@ -651,7 +715,7 @@ useful results with the <a href="aliases.5.html">aliases</a> and
<dt> <b><a href="#check_client_access">check_client_access</a></b> <i>maptype</i>:<i>mapname</i>
<dd> See client name/address restrictions.
<dd> See client hostname/address restrictions.
<p>
@ -744,7 +808,7 @@ the result code for rejected requests (default: <b>554</b>).
<dt> <b><a href="#check_client_access">check_client_access</a></b> <i>maptype</i>:<i>mapname</i>
<dd> See client name/address restrictions.
<dd> See client hostname/address restrictions.
<p>
@ -818,7 +882,7 @@ to speed up deliveries.
<dd>This parameter controls the behavior of the <a
href="#reject_maps_rbl">reject_maps_rbl</a> restriction that can
appear as part of a client name/address restriction list.
appear as part of a client hostname/address restriction list.
<p>
@ -836,7 +900,7 @@ Note: RBL lookups are disabled by default.
<dt>Syntax:
<dd> Zero or more DNS domains that blacklist client addresses. A
<dd> Zero or more DNS domains that blacklist client IP addresses. A
host is blacklisted when its reversed IP address is listed as a
subdomain under any of the domains listed in <b>$maps_rbl_domains.</b>

14
postfix/html/virtual.5.html
View File

@ -37,9 +37,8 @@ VIRTUAL(5) VIRTUAL(5)
<i>user2@virtual.domain</i> <i>address2,</i> <i>address3</i>
With this, the SMTP server accepts mail for <i>virtual.domain</i>
(provided that the <b>relay</b><i>_</i><b>domains</b> parameter includes $<b>vir-</b>
<b>tual</b><i>_</i><b>maps</b>), and mail for <i>unknown</i>@<i>virtual.domain</i> is bounced
as undeliverable.
and rejects mail for <i>unknown</i>@<i>virtual.domain</i> as undeliver-
able.
The format of the virtual table is as follows, mappings
being tried in the order as listed in this manual page:
@ -59,6 +58,7 @@ VIRTUAL(5) VIRTUAL(5)
$<i>inet_interfaces</i>.
This functionality overlaps with functionality of
the local <i>alias</i>(5) database. The difference is that
@ -71,7 +71,6 @@ VIRTUAL(5) VIRTUAL(5)
VIRTUAL(5) VIRTUAL(5)
the local <i>alias</i>(5) database. The difference is that
<b>virtual</b> mapping can be applied to non-local
addresses.
@ -124,7 +123,8 @@ VIRTUAL(5) VIRTUAL(5)
<a href="cleanup.8.html">cleanup(8)</a> canonicalize and enqueue mail
<a href="postmap.1.html">postmap(1)</a> create mapping table
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
@ -137,8 +137,6 @@ VIRTUAL(5) VIRTUAL(5)
VIRTUAL(5) VIRTUAL(5)
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
@ -191,6 +189,8 @@ VIRTUAL(5) VIRTUAL(5)

6
postfix/man/man5/virtual.5
View File

@ -37,10 +37,8 @@ Typical support for a virtual domain looks like the following:
.fi
.in -4
With this, the SMTP server accepts mail for \fIvirtual.domain\fR
(provided that the \fBrelay_domains\fR parameter includes
$\fBvirtual_maps\fR), and mail for \fIunknown\fR@\fIvirtual.domain\fR
is bounced as undeliverable.
With this, the SMTP server accepts mail for \fIvirtual.domain\fR and
rejects mail for \fIunknown\fR@\fIvirtual.domain\fR as undeliverable.
The format of the virtual table is as follows, mappings being
tried in the order as listed in this manual page:

13
postfix/man/man8/qmgr.8
View File

@ -169,6 +169,8 @@ a configuration change.
.SH Miscellaneous
.ad
.fi
.IP \fBallow_min_user\fR
Do not bounce recipient addresses that begin with '-'.
.IP \fBrelocated_maps\fR
Tables with contact information for users, hosts or domains
that no longer exist. See \fBrelocated\fR(5).
@ -210,6 +212,17 @@ delivery transport.
.fi
In the text below, \fItransport\fR is the first field in a
\fBmaster.cf\fR entry.
.IP "\fBqmgr_fudge_factor\fR (valid range: 10..100)"
The percentage of delivery resources that a busy mail system will
use up for delivery of a large mailing list message.
With 100%, delivery of one message does not begin before the previous
message has been delivered. This results in good performance for large
mailing lists, but results in poor response time for one-to-one mail.
With less than 100%, response time for one-to-one mail improves,
but large mailing list delivery performance suffers. In the worst
case, recipients near the beginning of a large list receive a burst
of messages immediately, while recipients near the end of that list
receive that same burst of messages a whole day later.
.IP \fBinitial_destination_concurrency\fR
Initial per-destination concurrency level for parallel delivery
to the same destination.

4
postfix/man/man8/smtpd.8
View File

@ -95,6 +95,10 @@ Recipient of protocol/policy/resource/software error notices.
Limit the number of \fBReceived:\fR message headers.
.IP \fBnotify_classes\fR
List of error classes. Of special interest are:
.IP \fBlocal_recipient_maps\fR
List of maps with user names that are local to \fB$myorigin\fR
or \fB$inet_interfaces\fR. If this parameter is defined,
then the SMTP server rejects mail for unknown local users.
.RS
.IP \fBpolicy\fR
When a client violates any policy, mail a transcript of the

44
postfix/smtpd/smtpd_check.c
View File

@ -121,15 +121,21 @@
/* .IP check_relay_domains
/* Allow the request when either the client hostname or the resolved
/* recipient domain matches the \fIrelay_domains\fR configuration
/* parameter. Reject the request otherwise.
/* parameter or a subdomain therereof, or when the destination somehow
/* resolves locally (see $mydestination, $virtual_maps or
/* $local_transports). Reject the request otherwise.
/* The \fIrelay_domains_reject_code\fR configuration parameter specifies
/* the reject status code (default: 554).
/* .IP permit_auth_destination
/* Permit the request when the resolved recipient domain matches
/* the local machine or the \fIrelay_domains\fR configuration parameter.
/* Permit the request when the resolved recipient domain matches the
/* \fIrelay_domains\fR configuration parameter or a subdomain therereof,
/* or when the destination somehow resolves locally (see $mydestination,
/* $virtual_maps or $local_transports).
/* .IP reject_unauth_destination
/* Reject the request when the resolved recipient domain does not match
/* the local machine or the \fIrelay_domains\fR configuration parameter.
/* the \fIrelay_domains\fR configuration parameter or a subdomain
/* therereof, and when the destination does not somehow resolve locally
/* (see $mydestination, $virtual_maps or $local_transports).
/* Same error code as check_relay_domains.
/* .IP reject_unauth_pipelining
/* Reject the request when the client has already sent the next request
@ -721,13 +727,17 @@ static int check_relay_domains(SMTPD_STATE *state, char *recipient,
resolve_clnt_query(STR(query), &reply);
/*
* Permit if destination is local. XXX This must be generalized for
* per-domain user tables and for non-UNIX local delivery agents.
* Permit if destination is local. That is, the destination matches
* mydestination or virtual_maps, or it resolves to any transport that
* delivers locally.
*/
if (match_any_local_transport(STR(reply.transport))
|| (domain = strrchr(STR(reply.recipient), '@')) == 0)
return (SMTPD_CHECK_OK);
domain += 1;
if (resolve_local(domain)
|| (*var_virtual_maps && maps_find(virtual_maps, domain, 0)))
return (SMTPD_CHECK_OK);
/*
* Permit if the destination matches the relay_domains list.
@ -760,13 +770,17 @@ static int permit_auth_destination(char *recipient)
resolve_clnt_query(STR(query), &reply);
/*
* Permit if destination is local. XXX This must be generalized for
* per-domain user tables and for non-UNIX local delivery agents.
* Permit if destination is local. That is, the destination matches
* mydestination or virtual_maps, or it resolves to any transport that
* delivers locally.
*/
if (match_any_local_transport(STR(reply.transport))
|| (domain = strrchr(STR(reply.recipient), '@')) == 0)
return (SMTPD_CHECK_OK);
domain += 1;
if (resolve_local(domain)
|| (*var_virtual_maps && maps_find(virtual_maps, domain, 0)))
return (SMTPD_CHECK_OK);
/*
* Permit if the destination matches the relay_domains list.
@ -797,13 +811,17 @@ static int reject_unauth_destination(SMTPD_STATE *state, char *recipient)
resolve_clnt_query(STR(query), &reply);
/*
* Pass if destination is local. XXX This must be generalized for
* per-domain user tables and for non-UNIX local delivery agents.
* Permit if destination is local. That is, the destination matches
* mydestination or virtual_maps, or it resolves to any transport that
* delivers locally.
*/
if (match_any_local_transport(STR(reply.transport))
|| (domain = strrchr(STR(reply.recipient), '@')) == 0)
return (SMTPD_CHECK_DUNNO);
domain += 1;
if (resolve_local(domain)
|| (*var_virtual_maps && maps_find(virtual_maps, domain, 0)))
return (SMTPD_CHECK_DUNNO);
/*
* Pass if the destination matches the relay_domains list.
@ -907,7 +925,8 @@ static int permit_mx_backup(SMTPD_STATE *unused_state, const char *recipient)
|| (domain = strrchr(STR(reply.recipient), '@')) == 0)
return (SMTPD_CHECK_OK);
domain += 1;
if (resolve_local(domain))
if (resolve_local(domain)
|| (*var_virtual_maps && maps_find(virtual_maps, domain, 0)))
return (SMTPD_CHECK_OK);
if (msg_verbose)
@ -1041,6 +1060,9 @@ static int reject_unknown_address(SMTPD_STATE *state, char *addr,
|| (domain = strrchr(STR(reply.recipient), '@')) == 0)
return (SMTPD_CHECK_DUNNO);
domain += 1;
if (resolve_local(domain)
|| (*var_virtual_maps && maps_find(virtual_maps, domain, 0)))
return (SMTPD_CHECK_DUNNO);
if (domain[0] == '#')
return (SMTPD_CHECK_DUNNO);
if (domain[0] == '[' && domain[strlen(domain) - 1] == ']')