From 6ffd52a10dc54d248e30ae69cf34a8c9b992be30 Mon Sep 17 00:00:00 2001 From: Wietse Venema Date: Fri, 24 Aug 2007 00:00:00 -0500 Subject: [PATCH] postfix-2.5-20070824 --- postfix/HISTORY | 19 ++ postfix/README_FILES/DATABASE_README | 2 +- postfix/README_FILES/TUNING_README | 2 +- postfix/WISHLIST | 3 + postfix/html/DATABASE_README.html | 4 +- postfix/html/TUNING_README.html | 2 +- postfix/html/mysql_table.5.html | 19 +- postfix/html/pgsql_table.5.html | 28 +- postfix/html/pipe.8.html | 16 +- postfix/html/postconf.5.html | 8 +- postfix/html/smtpd.8.html | 472 ++++++++++++++------------- postfix/makedefs | 4 +- postfix/man/man5/mysql_table.5 | 19 +- postfix/man/man5/pgsql_table.5 | 21 +- postfix/man/man5/postconf.5 | 8 +- postfix/man/man8/pipe.8 | 13 +- postfix/man/man8/smtpd.8 | 11 +- postfix/proto/DATABASE_README.html | 4 +- postfix/proto/TUNING_README.html | 2 +- postfix/proto/mysql_table | 17 +- postfix/proto/pgsql_table | 19 +- postfix/proto/postconf.proto | 10 +- postfix/src/global/mail_version.h | 2 +- postfix/src/pipe/pipe.c | 40 ++- postfix/src/smtpd/smtpd.c | 62 ++-- postfix/src/tlsmgr/tlsmgr.c | 2 + postfix/src/util/sys_defs.h | 2 +- postfix/src/util/vstream.c | 3 +- postfix/src/util/vstream_tweak.c | 2 +- 29 files changed, 459 insertions(+), 357 deletions(-) diff --git a/postfix/HISTORY b/postfix/HISTORY index 1302134b5..06f5b7cbf 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -13674,3 +13674,22 @@ Apologies for any names omitted. cleanup server would get out of sync with the milter when a milter replied with ACCEPT at the DATA command. Files: cleanup/cleanup_envelope.c, smtpd/smtpd.c, milter/milters.c. + +20070811 + + Cleanup: unlike smtpd_mumble_restrictions, the Postfix SMTP + server Milter reject logging did not show the (helo argument, + sender address, or recipient address) that was being rejected. + File: smtpd/smtpd.c. + +20070824 + + Bugfix (introduced snapshot 20070429): the pipe(8) delivery + agent 'q' flag (quote address local-part) used the same bit + mask as the 'B' flag (append blank line). Setting one flag + also turned on the other. File: pipe/pipe.c. + + Feature: specify the 'X' flag to indicate that the pipe(8) + delivery agent performs final delivery. This changes the + status in DSN "success" messages from "relayed" into + "delivered". File: pipe/pipe.c. diff --git a/postfix/README_FILES/DATABASE_README b/postfix/README_FILES/DATABASE_README index b1a9645a1..31796e0a6 100644 --- a/postfix/README_FILES/DATABASE_README +++ b/postfix/README_FILES/DATABASE_README @@ -246,7 +246,7 @@ To find out what database types your Postfix system supports, use the "ppooss in tcp_table(5). The lookup table name is "tcp:host:port" where "host" specifies a symbolic hostname or a numeric IP address, and "port" specifies a symbolic service name or a numeric port number. This - protocol is not available up to and including Postfix version 2.4. + protocol is not available in the stable Postfix release. uunniixx (read-only) A limited way to query the UNIX authentication database. The following tables are implemented: diff --git a/postfix/README_FILES/TUNING_README b/postfix/README_FILES/TUNING_README index e7cf35217..8ee42f1fb 100644 --- a/postfix/README_FILES/TUNING_README +++ b/postfix/README_FILES/TUNING_README @@ -155,7 +155,7 @@ will suffer grotesque delays if you do so. The limits are designed to protect the smtpd(8) server against abuse by out-of-control clients. smtpd_client_connection_count_limit (default: 50) - The maximum number of connections than an SMTP client may make + The maximum number of connections that an SMTP client may make simultaneously. smtpd_client_connection_rate_limit (default: no limit) The maximum number of connections that an SMTP client may make in the diff --git a/postfix/WISHLIST b/postfix/WISHLIST index e81bb404e..2d41e5cd6 100644 --- a/postfix/WISHLIST +++ b/postfix/WISHLIST @@ -1,5 +1,8 @@ Wish list: + Make TLS_BIO_BUFSIZE run-time adjustable, to future-proof + Postfix for remote connections with MSS > 8 kbytes. + Absent a formal spec, model IPv6 RBL lookups after the IPv6 PTR lookups (one zone per hex nibble, nibbles in reversed order). How to specify whether to query an RBL server for diff --git a/postfix/html/DATABASE_README.html b/postfix/html/DATABASE_README.html index 3ab4fa44e..d28def720 100644 --- a/postfix/html/DATABASE_README.html +++ b/postfix/html/DATABASE_README.html @@ -365,8 +365,8 @@ example, the lookup table "static:foobar" always returns the string described in tcp_table(5). The lookup table name is "tcp:host:port" where "host" specifies a symbolic hostname or a numeric IP address, and "port" specifies a symbolic service name or a numeric port -number. This protocol is not available up to and including Postfix -version 2.4. +number. This protocol is not available in the stable Postfix release. +
unix (read-only)
diff --git a/postfix/html/TUNING_README.html b/postfix/html/TUNING_README.html index 8b5f47a9d..50e85d3ab 100644 --- a/postfix/html/TUNING_README.html +++ b/postfix/html/TUNING_README.html @@ -243,7 +243,7 @@ out-of-control clients.

smtpd_client_connection_count_limit (default: 50)
-The maximum number of connections than an SMTP client may make +The maximum number of connections that an SMTP client may make simultaneously.
smtpd_client_connection_rate_limit (default: no limit)
diff --git a/postfix/html/mysql_table.5.html b/postfix/html/mysql_table.5.html index f1f78ac89..a527881f9 100644 --- a/postfix/html/mysql_table.5.html +++ b/postfix/html/mysql_table.5.html @@ -259,7 +259,15 @@ MYSQL_TABLE(5) MYSQL_TABLE(5) limit is exceeded. Setting the limit to 1 ensures that lookups do not return multiple values. - The following parameters can be used to fill in a SELECT +OBSOLETE QUERY INTERFACE + This section describes an interface that is deprecated as + of Postfix 2.2. It is replaced by the more general query + interface described above. If the query parameter is + defined, the legacy parameters described here ignored. + Please migrate to the new interface as the legacy inter- + face may be removed in a future release. + + The following parameters can be used to fill in a SELECT template statement of the form: SELECT [select_field] @@ -267,18 +275,11 @@ MYSQL_TABLE(5) MYSQL_TABLE(5) WHERE [where_field] = '%s' [additional_conditions] - The specifier %s is replaced by the search string, and is + The specifier %s is replaced by the search string, and is escaped so if it contains single quotes or other odd char- acters, it will not cause a parse error, or worse, a secu- rity problem. - As of Postfix 2.2 this interface is obsolete, it is - replaced by the more general query interface described - above. If the query parameter is defined, the legacy - parameters are ignored. Please migrate to the new inter- - face as the legacy interface may be removed in a future - release. - select_field The SQL "select" parameter. Example: select_field = forw_addr diff --git a/postfix/html/pgsql_table.5.html b/postfix/html/pgsql_table.5.html index 39904c4ab..dc07cc586 100644 --- a/postfix/html/pgsql_table.5.html +++ b/postfix/html/pgsql_table.5.html @@ -61,7 +61,7 @@ PGSQL_TABLE(5) PGSQL_TABLE(5) query = SELECT select_function('%s') - or in the absence of selection_function, the lower prece- + or in the absence of select_function, the lower prece- dence: query = SELECT select_field @@ -264,23 +264,26 @@ PGSQL_TABLE(5) PGSQL_TABLE(5) limit is exceeded. Setting the limit to 1 ensures that lookups do not return multiple values. - Pre-Postfix 2.2 legacy interfaces: +OBSOLETE QUERY INTERFACES + This section describes query interfaces that are depre- + cated as of Postfix 2.2. Please migrate to the new query + interface as the old interfaces are slated to be phased + out. select_function - This parameter specifies a database function name. + This parameter specifies a database function name. Example: select_function = my_lookup_user_alias This is equivalent to: query = SELECT my_lookup_user_alias('%s') - This parameter overrides the legacy table-related - fields (described below). With Postfix versions - prior to 2.2, it also overrides the query parame- + This parameter overrides the legacy table-related + fields (described below). With Postfix versions + prior to 2.2, it also overrides the query parame- ter. Starting with Postfix 2.2, the query parameter - has highest precedence, and this parameter is dep- - recated. Please migrate to the new query interface - as this interface is slated to be phased out. + has highest precedence, and the select_function + parameter is deprecated. The following parameters (with lower precedence than the select_function interface described above) can be used to @@ -299,9 +302,8 @@ PGSQL_TABLE(5) PGSQL_TABLE(5) Starting with Postfix 2.2, this interface is obsoleted by the more general query interface described above. If higher precedence the query or select_function parameters - described above are defined, these parameters are ignored. - Please migrate to the new query interface as this inter- - face is slated to be phased out. + described above are defined, the parameters described here + are ignored. select_field The SQL "select" parameter. Example: @@ -329,7 +331,7 @@ PGSQL_TABLE(5) PGSQL_TABLE(5) PGSQL_README, Postfix PostgreSQL client guide LICENSE - The Secure Mailer license must be distributed with this + The Secure Mailer license must be distributed with this software. HISTORY diff --git a/postfix/html/pipe.8.html b/postfix/html/pipe.8.html index 6da46ca08..61d865ca5 100644 --- a/postfix/html/pipe.8.html +++ b/postfix/html/pipe.8.html @@ -76,7 +76,7 @@ PIPE(8) PIPE(8) escape sequences are recognized: \a \b \f \n \r \t \v \ddd (up to three octal digits) and \\. - flags=BDFORhqu.> (optional) + flags=BDFORXhqu.> (optional) Optional message processing flags. By default, a message is copied unchanged. @@ -116,6 +116,12 @@ PIPE(8) PIPE(8) R Prepend a Return-Path: message header with the envelope sender address. + X Indicate that the external command performs + final delivery. This flag affects the sta- + tus reported in "success" DSN (delivery sta- + tus notification) messages, and changes it + from "relayed" into "delivered". + h Fold the command-line $recipient address domain part (text to the right of the right- most @ character) to lower case; fold the @@ -184,8 +190,8 @@ PIPE(8) PIPE(8) This feature is available as of Postfix 2.3. size=size_limit (optional) - Messages greater in size than this limit (in bytes) - will be returned to the sender as undeliverable. + Don't deliver messages that exceed this size limit + (in bytes); return them to the sender instead. user=username (required) @@ -302,8 +308,8 @@ PIPE(8) PIPE(8) ${sasl_sender} This macro expands to the SASL sender name - (i.e. the original submitter as per RFC - 2554) used during the reception of the mes- + (i.e. the original submitter as per RFC + 4954) used during the reception of the mes- sage. This is available in Postfix 2.2 and later. diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index e461dac4b..8886ee9e8 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -1163,7 +1163,7 @@ is placed into the Postfix configuration directory.

Enable inter-operability with SMTP clients that implement an obsolete -version of the AUTH command (RFC 2554). Examples of such clients +version of the AUTH command (RFC 4954). Examples of such clients are MicroSoft Outlook Express version 4 and MicroSoft Exchange version 5.0.

@@ -4188,7 +4188,7 @@ a neighboring system.
permit_sasl_authenticated
Append the domain name in $myorigin or $mydomain when the -client is successfully authenticated via the RFC 2554 (AUTH) +client is successfully authenticated via the RFC 4954 (AUTH) protocol.
permit_tls_clientcerts
@@ -9300,7 +9300,7 @@ network or network address listed in $myne
permit_sasl_authenticated
Permit the request when the client is successfully -authenticated via the RFC 2554 (AUTH) protocol.
+authenticated via the RFC 4954 (AUTH) protocol.
permit_tls_all_clientcerts
@@ -10557,7 +10557,7 @@ the SASL plug-in implementation that is selected with configuration file or rendezvous point.

This feature is available in Postfix 2.3 and later. In earlier -releases it was called smtpd_sasl_application.

+releases it was called smtpd_sasl_application_name.

diff --git a/postfix/html/smtpd.8.html b/postfix/html/smtpd.8.html index 3a7d15e3a..ca03ac772 100644 --- a/postfix/html/smtpd.8.html +++ b/postfix/html/smtpd.8.html @@ -82,7 +82,7 @@ SMTPD(8) SMTPD(8) broken_sasl_auth_clients (no) Enable inter-operability with SMTP clients that implement an obsolete version of the AUTH command - (RFC 2554). + (RFC 4954). disable_vrfy_command (no) Disable the SMTP VRFY command. @@ -287,7 +287,7 @@ SMTPD(8) SMTPD(8) feature. SASL AUTHENTICATION CONTROLS - Postfix SASL support (RFC 2554) can be used to authenti- + Postfix SASL support (RFC 4954) can be used to authenti- cate remote SMTP clients to the Postfix SMTP server, and to authenticate the Postfix SMTP client to a remote SMTP server. See the SASL_README document for details. @@ -295,7 +295,7 @@ SMTPD(8) SMTPD(8) broken_sasl_auth_clients (no) Enable inter-operability with SMTP clients that implement an obsolete version of the AUTH command - (RFC 2554). + (RFC 4954). smtpd_sasl_auth_enable (no) Enable SASL authentication in the Postfix SMTP @@ -321,79 +321,85 @@ SMTPD(8) SMTPD(8) What remote SMTP clients the Postfix SMTP server will not offer AUTH support to. + Available in Postfix version 2.1 and 2.2: + + smtpd_sasl_application_name (smtpd) + The application name that the Postfix SMTP server + uses for SASL server initialization. + Available in Postfix version 2.3 and later: smtpd_sasl_authenticated_header (no) - Report the SASL authenticated user name in the + Report the SASL authenticated user name in the smtpd(8) Received message header. smtpd_sasl_path (smtpd) - Implementation-specific information that the Post- - fix SMTP server passes through to the SASL plug-in - implementation that is selected with + Implementation-specific information that the Post- + fix SMTP server passes through to the SASL plug-in + implementation that is selected with smtpd_sasl_type. smtpd_sasl_type (cyrus) - The SASL plug-in type that the Postfix SMTP server + The SASL plug-in type that the Postfix SMTP server should use for authentication. Available in Postfix version 2.5 and later: cyrus_sasl_config_path (empty) - Search path for Cyrus SASL application configura- - tion files, currently used only to locate the + Search path for Cyrus SASL application configura- + tion files, currently used only to locate the $smtpd_sasl_path.conf file. STARTTLS SUPPORT CONTROLS - Detailed information about STARTTLS configuration may be + Detailed information about STARTTLS configuration may be found in the TLS_README document. smtpd_tls_security_level (empty) - The SMTP TLS security level for the Postfix SMTP - server; when a non-empty value is specified, this + The SMTP TLS security level for the Postfix SMTP + server; when a non-empty value is specified, this overrides the obsolete parameters smtpd_use_tls and smtpd_enforce_tls. smtpd_sasl_tls_security_options ($smtpd_sasl_secu- rity_options) - The SASL authentication security options that the - Postfix SMTP server uses for TLS encrypted SMTP + The SASL authentication security options that the + Postfix SMTP server uses for TLS encrypted SMTP sessions. smtpd_starttls_timeout (300s) - The time limit for Postfix SMTP server write and - read operations during TLS startup and shutdown + The time limit for Postfix SMTP server write and + read operations during TLS startup and shutdown handshake procedures. smtpd_tls_CAfile (empty) - The file with the certificate of the certification - authority (CA) that issued the Postfix SMTP server + The file with the certificate of the certification + authority (CA) that issued the Postfix SMTP server certificate. smtpd_tls_CAfile (empty) - The file with the certificate of the certification - authority (CA) that issued the Postfix SMTP server + The file with the certificate of the certification + authority (CA) that issued the Postfix SMTP server certificate. smtpd_tls_always_issue_session_ids (yes) - Force the Postfix SMTP server to issue a TLS ses- - sion id, even when TLS session caching is turned + Force the Postfix SMTP server to issue a TLS ses- + sion id, even when TLS session caching is turned off (smtpd_tls_session_cache_database is empty). smtpd_tls_ask_ccert (no) - Ask a remote SMTP client for a client certificate. + Ask a remote SMTP client for a client certificate. smtpd_tls_auth_only (no) When TLS encryption is optional in the Postfix SMTP - server, do not announce or accept SASL authentica- + server, do not announce or accept SASL authentica- tion over unencrypted connections. smtpd_tls_ccert_verifydepth (5) - The verification depth for remote SMTP client cer- + The verification depth for remote SMTP client cer- tificates. smtpd_tls_cert_file (empty) - File with the Postfix SMTP server RSA certificate + File with the Postfix SMTP server RSA certificate in PEM format. smtpd_tls_exclude_ciphers (empty) @@ -401,56 +407,56 @@ SMTPD(8) SMTPD(8) SMTP server cipher list at all TLS security levels. smtpd_tls_dcert_file (empty) - File with the Postfix SMTP server DSA certificate + File with the Postfix SMTP server DSA certificate in PEM format. smtpd_tls_dh1024_param_file (empty) - File with DH parameters that the Postfix SMTP - server should use with EDH ciphers. - - smtpd_tls_dh512_param_file (empty) File with DH parameters that the Postfix SMTP server should use with EDH ciphers. + smtpd_tls_dh512_param_file (empty) + File with DH parameters that the Postfix SMTP + server should use with EDH ciphers. + smtpd_tls_dkey_file ($smtpd_tls_dcert_file) - File with the Postfix SMTP server DSA private key + File with the Postfix SMTP server DSA private key in PEM format. smtpd_tls_key_file ($smtpd_tls_cert_file) - File with the Postfix SMTP server RSA private key + File with the Postfix SMTP server RSA private key in PEM format. smtpd_tls_loglevel (0) - Enable additional Postfix SMTP server logging of + Enable additional Postfix SMTP server logging of TLS activity. smtpd_tls_mandatory_ciphers (medium) - The minimum TLS cipher grade that the Postfix SMTP + The minimum TLS cipher grade that the Postfix SMTP server will use with mandatory TLS encryption. smtpd_tls_mandatory_exclude_ciphers (empty) - Additional list of ciphers or cipher types to - exclude from the SMTP server cipher list at manda- + Additional list of ciphers or cipher types to + exclude from the SMTP server cipher list at manda- tory TLS security levels. smtpd_tls_mandatory_protocols (SSLv3, TLSv1) - The TLS protocols accepted by the Postfix SMTP + The TLS protocols accepted by the Postfix SMTP server with mandatory TLS encryption. smtpd_tls_received_header (no) Request that the Postfix SMTP server produces Received: message headers that include information - about the protocol and cipher used, as well as the - client CommonName and client certificate issuer + about the protocol and cipher used, as well as the + client CommonName and client certificate issuer CommonName. smtpd_tls_req_ccert (no) - With mandatory TLS encryption, require a remote - SMTP client certificate in order to allow TLS con- + With mandatory TLS encryption, require a remote + SMTP client certificate in order to allow TLS con- nections to proceed. smtpd_tls_session_cache_database (empty) - Name of the file containing the optional Postfix + Name of the file containing the optional Postfix SMTP server TLS session cache. smtpd_tls_session_cache_timeout (3600s) @@ -458,14 +464,14 @@ SMTPD(8) SMTPD(8) sion cache information. smtpd_tls_wrappermode (no) - Run the Postfix SMTP server in the non-standard - "wrapper" mode, instead of using the STARTTLS com- + Run the Postfix SMTP server in the non-standard + "wrapper" mode, instead of using the STARTTLS com- mand. tls_daemon_random_bytes (32) - The number of pseudo-random bytes that an smtp(8) - or smtpd(8) process requests from the tlsmgr(8) - server in order to seed its internal pseudo random + The number of pseudo-random bytes that an smtp(8) + or smtpd(8) process requests from the tlsmgr(8) + server in order to seed its internal pseudo random number generator (PRNG). tls_high_cipherlist @@ -477,7 +483,7 @@ SMTPD(8) SMTPD(8) ciphers. tls_low_cipherlist (ALL:!EXPORT:+RC4:@STRENGTH) - The OpenSSL cipherlist for "LOW" or higher grade + The OpenSSL cipherlist for "LOW" or higher grade ciphers. tls_export_cipherlist (ALL:+RC4:@STRENGTH) @@ -485,22 +491,22 @@ SMTPD(8) SMTPD(8) ciphers. tls_null_cipherlist (eNULL:!aNULL) - The OpenSSL cipherlist for "NULL" grade ciphers + The OpenSSL cipherlist for "NULL" grade ciphers that provide authentication without encryption. OBSOLETE STARTTLS CONTROLS - The following configuration parameters exist for compati- + The following configuration parameters exist for compati- bility with Postfix versions before 2.3. Support for these will be removed in a future release. smtpd_use_tls (no) - Opportunistic TLS: announce STARTTLS support to - SMTP clients, but do not require that clients use + Opportunistic TLS: announce STARTTLS support to + SMTP clients, but do not require that clients use TLS encryption. smtpd_enforce_tls (no) - Mandatory TLS: announce STARTTLS support to SMTP - clients, and require that clients use TLS encryp- + Mandatory TLS: announce STARTTLS support to SMTP + clients, and require that clients use TLS encryp- tion. smtpd_tls_cipherlist (empty) @@ -508,64 +514,64 @@ SMTPD(8) SMTPD(8) server TLS cipher list. VERP SUPPORT CONTROLS - With VERP style delivery, each recipient of a message + With VERP style delivery, each recipient of a message receives a customized copy of the message with his/her own - recipient address encoded in the envelope sender address. + recipient address encoded in the envelope sender address. The VERP_README file describes configuration and operation - details of Postfix support for variable envelope return + details of Postfix support for variable envelope return path addresses. VERP style delivery is requested with the - SMTP XVERP command or with the "sendmail -V" command-line - option and is available in Postfix version 1.1 and later. + SMTP XVERP command or with the "sendmail -V" command-line + option and is available in Postfix version 1.1 and later. default_verp_delimiters (+=) The two default VERP delimiter characters. verp_delimiter_filter (-=+) - The characters Postfix accepts as VERP delimiter - characters on the Postfix sendmail(1) command line + The characters Postfix accepts as VERP delimiter + characters on the Postfix sendmail(1) command line and in SMTP commands. Available in Postfix version 1.1 and 2.0: authorized_verp_clients ($mynetworks) - What SMTP clients are allowed to specify the XVERP + What SMTP clients are allowed to specify the XVERP command. Available in Postfix version 2.1 and later: smtpd_authorized_verp_clients ($authorized_verp_clients) - What SMTP clients are allowed to specify the XVERP + What SMTP clients are allowed to specify the XVERP command. TROUBLE SHOOTING CONTROLS - The DEBUG_README document describes how to debug parts of - the Postfix mail system. The methods vary from making the - software log a lot of detail, to running some daemon pro- + The DEBUG_README document describes how to debug parts of + the Postfix mail system. The methods vary from making the + software log a lot of detail, to running some daemon pro- cesses under control of a call tracer or debugger. debug_peer_level (2) - The increment in verbose logging level when a - remote client or server matches a pattern in the + The increment in verbose logging level when a + remote client or server matches a pattern in the debug_peer_list parameter. debug_peer_list (empty) - Optional list of remote client or server hostname - or network address patterns that cause the verbose - logging level to increase by the amount specified + Optional list of remote client or server hostname + or network address patterns that cause the verbose + logging level to increase by the amount specified in $debug_peer_level. error_notice_recipient (postmaster) - The recipient of postmaster notifications about - mail delivery problems that are caused by policy, + The recipient of postmaster notifications about + mail delivery problems that are caused by policy, resource, software or protocol errors. internal_mail_filter_classes (empty) - What categories of Postfix-generated mail are sub- - ject to before-queue content inspection by + What categories of Postfix-generated mail are sub- + ject to before-queue content inspection by non_smtpd_milters, header_checks and body_checks. notify_classes (resource, software) - The list of error classes that are reported to the + The list of error classes that are reported to the postmaster. soft_bounce (no) @@ -575,22 +581,22 @@ SMTPD(8) SMTPD(8) Available in Postfix version 2.1 and later: smtpd_authorized_xclient_hosts (empty) - What SMTP clients are allowed to use the XCLIENT + What SMTP clients are allowed to use the XCLIENT feature. KNOWN VERSUS UNKNOWN RECIPIENT CONTROLS - As of Postfix version 2.0, the SMTP server rejects mail - for unknown recipients. This prevents the mail queue from - clogging up with undeliverable MAILER-DAEMON messages. - Additional information on this topic is in the + As of Postfix version 2.0, the SMTP server rejects mail + for unknown recipients. This prevents the mail queue from + clogging up with undeliverable MAILER-DAEMON messages. + Additional information on this topic is in the LOCAL_RECIPIENT_README and ADDRESS_CLASS_README documents. show_user_unknown_table_name (yes) - Display the name of the recipient table in the + Display the name of the recipient table in the "User unknown" responses. canonical_maps (empty) - Optional address mapping lookup tables for message + Optional address mapping lookup tables for message headers and envelopes. recipient_canonical_maps (empty) @@ -601,7 +607,7 @@ SMTPD(8) SMTPD(8) mydestination ($myhostname, localhost.$mydomain, local- host) - The list of domains that are delivered via the + The list of domains that are delivered via the $local_transport mail delivery transport. inet_interfaces (all) @@ -610,146 +616,146 @@ SMTPD(8) SMTPD(8) proxy_interfaces (empty) The network interface addresses that this mail sys- - tem receives mail on by way of a proxy or network + tem receives mail on by way of a proxy or network address translation unit. inet_protocols (ipv4) - The Internet protocols Postfix will attempt to use + The Internet protocols Postfix will attempt to use when making or accepting connections. local_recipient_maps (proxy:unix:passwd.byname $alias_maps) - Lookup tables with all names or addresses of local - recipients: a recipient address is local when its - domain matches $mydestination, $inet_interfaces or + Lookup tables with all names or addresses of local + recipients: a recipient address is local when its + domain matches $mydestination, $inet_interfaces or $proxy_interfaces. unknown_local_recipient_reject_code (550) - The numerical Postfix SMTP server response code - when a recipient address is local, and - $local_recipient_maps specifies a list of lookup + The numerical Postfix SMTP server response code + when a recipient address is local, and + $local_recipient_maps specifies a list of lookup tables that does not match the recipient. - Parameters concerning known/unknown recipients of relay + Parameters concerning known/unknown recipients of relay destinations: relay_domains ($mydestination) - What destination domains (and subdomains thereof) + What destination domains (and subdomains thereof) this system will relay mail to. relay_recipient_maps (empty) - Optional lookup tables with all valid addresses in + Optional lookup tables with all valid addresses in the domains that match $relay_domains. unknown_relay_recipient_reject_code (550) The numerical Postfix SMTP server reply code when a - recipient address matches $relay_domains, and - relay_recipient_maps specifies a list of lookup + recipient address matches $relay_domains, and + relay_recipient_maps specifies a list of lookup tables that does not match the recipient address. - Parameters concerning known/unknown recipients in virtual + Parameters concerning known/unknown recipients in virtual alias domains: virtual_alias_domains ($virtual_alias_maps) Postfix is final destination for the specified list - of virtual alias domains, that is, domains for - which all addresses are aliased to addresses in + of virtual alias domains, that is, domains for + which all addresses are aliased to addresses in other local or remote domains. virtual_alias_maps ($virtual_maps) - Optional lookup tables that alias specific mail - addresses or domains to other local or remote + Optional lookup tables that alias specific mail + addresses or domains to other local or remote address. unknown_virtual_alias_reject_code (550) The SMTP server reply code when a recipient address - matches $virtual_alias_domains, and $vir- - tual_alias_maps specifies a list of lookup tables + matches $virtual_alias_domains, and $vir- + tual_alias_maps specifies a list of lookup tables that does not match the recipient address. - Parameters concerning known/unknown recipients in virtual + Parameters concerning known/unknown recipients in virtual mailbox domains: virtual_mailbox_domains ($virtual_mailbox_maps) Postfix is final destination for the specified list - of domains; mail is delivered via the $vir- + of domains; mail is delivered via the $vir- tual_transport mail delivery transport. virtual_mailbox_maps (empty) - Optional lookup tables with all valid addresses in + Optional lookup tables with all valid addresses in the domains that match $virtual_mailbox_domains. unknown_virtual_mailbox_reject_code (550) The SMTP server reply code when a recipient address - matches $virtual_mailbox_domains, and $vir- + matches $virtual_mailbox_domains, and $vir- tual_mailbox_maps specifies a list of lookup tables that does not match the recipient address. RESOURCE AND RATE CONTROLS - The following parameters limit resource usage by the SMTP + The following parameters limit resource usage by the SMTP server and/or control client request rates. line_length_limit (2048) - Upon input, long lines are chopped up into pieces - of at most this length; upon delivery, long lines + Upon input, long lines are chopped up into pieces + of at most this length; upon delivery, long lines are reconstructed. queue_minfree (0) - The minimal amount of free space in bytes in the + The minimal amount of free space in bytes in the queue file system that is needed to receive mail. message_size_limit (10240000) - The maximal size in bytes of a message, including + The maximal size in bytes of a message, including envelope information. smtpd_recipient_limit (1000) - The maximal number of recipients that the Postfix + The maximal number of recipients that the Postfix SMTP server accepts per message delivery request. smtpd_timeout (300s) - The time limit for sending a Postfix SMTP server - response and for receiving a remote SMTP client + The time limit for sending a Postfix SMTP server + response and for receiving a remote SMTP client request. smtpd_history_flush_threshold (100) - The maximal number of lines in the Postfix SMTP - server command history before it is flushed upon + The maximal number of lines in the Postfix SMTP + server command history before it is flushed upon receipt of EHLO, RSET, or end of DATA. Available in Postfix version 2.3 and later: smtpd_peername_lookup (yes) Attempt to look up the remote SMTP client hostname, - and verify that the name matches the client IP + and verify that the name matches the client IP address. The per SMTP client connection count and request rate lim- its are implemented in co-operation with the anvil(8) ser- - vice, and are available in Postfix version 2.2 and later. + vice, and are available in Postfix version 2.2 and later. smtpd_client_connection_count_limit (50) - How many simultaneous connections any client is + How many simultaneous connections any client is allowed to make to this service. smtpd_client_connection_rate_limit (0) The maximal number of connection attempts any - client is allowed to make to this service per time + client is allowed to make to this service per time unit. smtpd_client_message_rate_limit (0) - The maximal number of message delivery requests - that any client is allowed to make to this service + The maximal number of message delivery requests + that any client is allowed to make to this service per time unit, regardless of whether or not Postfix actually accepts those messages. smtpd_client_recipient_rate_limit (0) - The maximal number of recipient addresses that any - client is allowed to send to this service per time + The maximal number of recipient addresses that any + client is allowed to send to this service per time unit, regardless of whether or not Postfix actually accepts those recipients. smtpd_client_event_limit_exceptions ($mynetworks) - Clients that are excluded from connection count, + Clients that are excluded from connection count, connection rate, or SMTP request rate restrictions. Available in Postfix version 2.3 and later: @@ -760,52 +766,52 @@ SMTPD(8) SMTPD(8) tiate with this service per time unit. TARPIT CONTROLS - When a remote SMTP client makes errors, the Postfix SMTP - server can insert delays before responding. This can help - to slow down run-away software. The behavior is con- - trolled by an error counter that counts the number of - errors within an SMTP session that a client makes without + When a remote SMTP client makes errors, the Postfix SMTP + server can insert delays before responding. This can help + to slow down run-away software. The behavior is con- + trolled by an error counter that counts the number of + errors within an SMTP session that a client makes without delivering mail. smtpd_error_sleep_time (1s) With Postfix version 2.1 and later: the SMTP server - response delay after a client has made more than - $smtpd_soft_error_limit errors, and fewer than - $smtpd_hard_error_limit errors, without delivering + response delay after a client has made more than + $smtpd_soft_error_limit errors, and fewer than + $smtpd_hard_error_limit errors, without delivering mail. smtpd_soft_error_limit (10) - The number of errors a remote SMTP client is - allowed to make without delivering mail before the + The number of errors a remote SMTP client is + allowed to make without delivering mail before the Postfix SMTP server slows down all its responses. smtpd_hard_error_limit (20) - The maximal number of errors a remote SMTP client + The maximal number of errors a remote SMTP client is allowed to make without delivering mail. smtpd_junk_command_limit (100) - The number of junk commands (NOOP, VRFY, ETRN or + The number of junk commands (NOOP, VRFY, ETRN or RSET) that a remote SMTP client can send before the - Postfix SMTP server starts to increment the error + Postfix SMTP server starts to increment the error counter with each junk command. Available in Postfix version 2.1 and later: smtpd_recipient_overshoot_limit (1000) - The number of recipients that a remote SMTP client - can send in excess of the limit specified with + The number of recipients that a remote SMTP client + can send in excess of the limit specified with $smtpd_recipient_limit, before the Postfix SMTP - server increments the per-session error count for + server increments the per-session error count for each excess recipient. ACCESS POLICY DELEGATION CONTROLS - As of version 2.1, Postfix can be configured to delegate - access policy decisions to an external server that runs - outside Postfix. See the file SMTPD_POLICY_README for + As of version 2.1, Postfix can be configured to delegate + access policy decisions to an external server that runs + outside Postfix. See the file SMTPD_POLICY_README for more information. smtpd_policy_service_max_idle (300s) - The time after which an idle SMTPD policy service + The time after which an idle SMTPD policy service connection is closed. smtpd_policy_service_max_ttl (1000s) @@ -813,162 +819,162 @@ SMTPD(8) SMTPD(8) connection is closed. smtpd_policy_service_timeout (100s) - The time limit for connecting to, writing to or + The time limit for connecting to, writing to or receiving from a delegated SMTPD policy server. ACCESS CONTROLS - The SMTPD_ACCESS_README document gives an introduction to + The SMTPD_ACCESS_README document gives an introduction to all the SMTP server access control features. smtpd_delay_reject (yes) - Wait until the RCPT TO command before evaluating + Wait until the RCPT TO command before evaluating $smtpd_client_restrictions, $smtpd_helo_restric- tions and $smtpd_sender_restrictions, or wait until - the ETRN command before evaluating + the ETRN command before evaluating $smtpd_client_restrictions and $smtpd_helo_restric- tions. - parent_domain_matches_subdomains (see 'postconf -d' out- + parent_domain_matches_subdomains (see 'postconf -d' out- put) What Postfix features match subdomains of "domain.tld" automatically, instead of requiring an explicit ".domain.tld" pattern. smtpd_client_restrictions (empty) - Optional SMTP server access restrictions in the + Optional SMTP server access restrictions in the context of a client SMTP connection request. smtpd_helo_required (no) Require that a remote SMTP client introduces itself - at the beginning of an SMTP session with the HELO + at the beginning of an SMTP session with the HELO or EHLO command. smtpd_helo_restrictions (empty) - Optional restrictions that the Postfix SMTP server + Optional restrictions that the Postfix SMTP server applies in the context of the SMTP HELO command. smtpd_sender_restrictions (empty) - Optional restrictions that the Postfix SMTP server + Optional restrictions that the Postfix SMTP server applies in the context of the MAIL FROM command. smtpd_recipient_restrictions (permit_mynetworks, reject_unauth_destination) The access restrictions that the Postfix SMTP - server applies in the context of the RCPT TO com- + server applies in the context of the RCPT TO com- mand. smtpd_etrn_restrictions (empty) - Optional SMTP server access restrictions in the + Optional SMTP server access restrictions in the context of a client ETRN request. allow_untrusted_routing (no) - Forward mail with sender-specified routing - (user[@%!]remote[@%!]site) from untrusted clients + Forward mail with sender-specified routing + (user[@%!]remote[@%!]site) from untrusted clients to destinations matching $relay_domains. smtpd_restriction_classes (empty) - User-defined aliases for groups of access restric- + User-defined aliases for groups of access restric- tions. smtpd_null_access_lookup_key (<>) - The lookup key to be used in SMTP access(5) tables + The lookup key to be used in SMTP access(5) tables instead of the null sender address. permit_mx_backup_networks (empty) Restrict the use of the permit_mx_backup SMTP - access feature to only domains whose primary MX + access feature to only domains whose primary MX hosts match the listed networks. Available in Postfix version 2.0 and later: smtpd_data_restrictions (empty) - Optional access restrictions that the Postfix SMTP + Optional access restrictions that the Postfix SMTP server applies in the context of the SMTP DATA com- mand. smtpd_expansion_filter (see 'postconf -d' output) - What characters are allowed in $name expansions of + What characters are allowed in $name expansions of RBL reply templates. Available in Postfix version 2.1 and later: smtpd_reject_unlisted_sender (no) - Request that the Postfix SMTP server rejects mail - from unknown sender addresses, even when no - explicit reject_unlisted_sender access restriction + Request that the Postfix SMTP server rejects mail + from unknown sender addresses, even when no + explicit reject_unlisted_sender access restriction is specified. smtpd_reject_unlisted_recipient (yes) - Request that the Postfix SMTP server rejects mail + Request that the Postfix SMTP server rejects mail for unknown recipient addresses, even when no - explicit reject_unlisted_recipient access restric- + explicit reject_unlisted_recipient access restric- tion is specified. Available in Postfix version 2.2 and later: smtpd_end_of_data_restrictions (empty) - Optional access restrictions that the Postfix SMTP - server applies in the context of the SMTP END-OF- + Optional access restrictions that the Postfix SMTP + server applies in the context of the SMTP END-OF- DATA command. SENDER AND RECIPIENT ADDRESS VERIFICATION CONTROLS - Postfix version 2.1 introduces sender and recipient - address verification. This feature is implemented by - sending probe email messages that are not actually deliv- - ered. This feature is requested via the reject_unveri- - fied_sender and reject_unverified_recipient access - restrictions. The status of verification probes is main- + Postfix version 2.1 introduces sender and recipient + address verification. This feature is implemented by + sending probe email messages that are not actually deliv- + ered. This feature is requested via the reject_unveri- + fied_sender and reject_unverified_recipient access + restrictions. The status of verification probes is main- tained by the verify(8) server. See the file ADDRESS_VER- - IFICATION_README for information about how to configure + IFICATION_README for information about how to configure and operate the Postfix sender/recipient address verifica- tion service. address_verify_poll_count (3) - How many times to query the verify(8) service for - the completion of an address verification request + How many times to query the verify(8) service for + the completion of an address verification request in progress. address_verify_poll_delay (3s) - The delay between queries for the completion of an + The delay between queries for the completion of an address verification request in progress. address_verify_sender ($double_bounce_sender) - The sender address to use in address verification + The sender address to use in address verification probes; prior to Postfix 2.5 the default was "post- master". unverified_sender_reject_code (450) - The numerical Postfix SMTP server response code - when a recipient address is rejected by the + The numerical Postfix SMTP server response code + when a recipient address is rejected by the reject_unverified_sender restriction. unverified_recipient_reject_code (450) - The numerical Postfix SMTP server response when a + The numerical Postfix SMTP server response when a recipient address is rejected by the reject_unveri- fied_recipient restriction. ACCESS CONTROL RESPONSES - The following parameters control numerical SMTP reply + The following parameters control numerical SMTP reply codes and/or text responses. access_map_reject_code (554) - The numerical Postfix SMTP server response code - when a client is rejected by an access(5) map + The numerical Postfix SMTP server response code + when a client is rejected by an access(5) map restriction. defer_code (450) - The numerical Postfix SMTP server response code - when a remote SMTP client request is rejected by + The numerical Postfix SMTP server response code + when a remote SMTP client request is rejected by the "defer" restriction. invalid_hostname_reject_code (501) - The numerical Postfix SMTP server response code - when the client HELO or EHLO command parameter is - rejected by the reject_invalid_helo_hostname + The numerical Postfix SMTP server response code + when the client HELO or EHLO command parameter is + rejected by the reject_invalid_helo_hostname restriction. maps_rbl_reject_code (554) - The numerical Postfix SMTP server response code + The numerical Postfix SMTP server response code when a remote SMTP client request is blocked by the reject_rbl_client, reject_rhsbl_client, reject_rhsbl_sender or reject_rhsbl_recipient @@ -976,53 +982,53 @@ SMTPD(8) SMTPD(8) non_fqdn_reject_code (504) The numerical Postfix SMTP server reply code when a - client request is rejected by the + client request is rejected by the reject_non_fqdn_helo_hostname, reject_non_fqdn_sender or reject_non_fqdn_recipient restriction. plaintext_reject_code (450) - The numerical Postfix SMTP server response code - when a request is rejected by the reject_plain- + The numerical Postfix SMTP server response code + when a request is rejected by the reject_plain- text_session restriction. reject_code (554) - The numerical Postfix SMTP server response code - when a remote SMTP client request is rejected by + The numerical Postfix SMTP server response code + when a remote SMTP client request is rejected by the "reject" restriction. relay_domains_reject_code (554) - The numerical Postfix SMTP server response code - when a client request is rejected by the + The numerical Postfix SMTP server response code + when a client request is rejected by the reject_unauth_destination recipient restriction. unknown_address_reject_code (450) - The numerical Postfix SMTP server response code - when a sender or recipient address is rejected by + The numerical Postfix SMTP server response code + when a sender or recipient address is rejected by the reject_unknown_sender_domain or reject_unknown_recipient_domain restriction. unknown_client_reject_code (450) - The numerical Postfix SMTP server response code - when a client without valid address <=> name map- + The numerical Postfix SMTP server response code + when a client without valid address <=> name map- ping is rejected by the reject_unknown_client_host- name restriction. unknown_hostname_reject_code (450) - The numerical Postfix SMTP server response code - when the hostname specified with the HELO or EHLO - command is rejected by the + The numerical Postfix SMTP server response code + when the hostname specified with the HELO or EHLO + command is rejected by the reject_unknown_helo_hostname restriction. Available in Postfix version 2.0 and later: default_rbl_reply (see 'postconf -d' output) - The default SMTP server response template for a - request that is rejected by an RBL-based restric- + The default SMTP server response template for a + request that is rejected by an RBL-based restric- tion. multi_recipient_bounce_reject_code (550) - The numerical Postfix SMTP server response code + The numerical Postfix SMTP server response code when a remote SMTP client request is blocked by the reject_multi_recipient_bounce restriction. @@ -1031,16 +1037,16 @@ SMTPD(8) SMTPD(8) MISCELLANEOUS CONTROLS config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and + The default location of the Postfix main.cf and master.cf configuration files. daemon_timeout (18000s) - How much time a Postfix daemon process may take to - handle a request before it is terminated by a + How much time a Postfix daemon process may take to + handle a request before it is terminated by a built-in watchdog timer. command_directory (see 'postconf -d' output) - The location of all postfix administrative com- + The location of all postfix administrative com- mands. double_bounce_sender (double-bounce) @@ -1061,37 +1067,37 @@ SMTPD(8) SMTPD(8) and most Postfix daemon processes. max_idle (100s) - The maximum amount of time that an idle Postfix - daemon process waits for an incoming connection + The maximum amount of time that an idle Postfix + daemon process waits for an incoming connection before terminating voluntarily. max_use (100) - The maximal number of incoming connections that a - Postfix daemon process will service before termi- + The maximal number of incoming connections that a + Postfix daemon process will service before termi- nating voluntarily. myhostname (see 'postconf -d' output) The internet hostname of this mail system. mynetworks (see 'postconf -d' output) - The list of "trusted" SMTP clients that have more + The list of "trusted" SMTP clients that have more privileges than "strangers". myorigin ($myhostname) The domain name that locally-posted mail appears to - come from, and that locally posted mail is deliv- + come from, and that locally posted mail is deliv- ered to. process_id (read-only) - The process ID of a Postfix command or daemon + The process ID of a Postfix command or daemon process. process_name (read-only) - The process name of a Postfix command or daemon + The process name of a Postfix command or daemon process. queue_directory (see 'postconf -d' output) - The location of the Postfix top-level queue direc- + The location of the Postfix top-level queue direc- tory. recipient_delimiter (empty) @@ -1099,22 +1105,22 @@ SMTPD(8) SMTPD(8) sions (user+foo). smtpd_banner ($myhostname ESMTP $mail_name) - The text that follows the 220 status code in the + The text that follows the 220 status code in the SMTP greeting banner. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (postfix) - The mail system name that is prepended to the - process name in syslog records, so that "smtpd" + The mail system name that is prepended to the + process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". Available in Postfix version 2.2 and later: smtpd_forbidden_commands (CONNECT, GET, POST) - List of commands that causes the Postfix SMTP - server to immediately terminate the session with a + List of commands that causes the Postfix SMTP + server to immediately terminate the session with a 221 code. SEE ALSO @@ -1144,7 +1150,7 @@ SMTPD(8) SMTPD(8) XFORWARD_README, Postfix XFORWARD extension LICENSE - The Secure Mailer license must be distributed with this + The Secure Mailer license must be distributed with this software. AUTHOR(S) diff --git a/postfix/makedefs b/postfix/makedefs index 7018bc0e8..df3e7717c 100644 --- a/postfix/makedefs +++ b/postfix/makedefs @@ -130,6 +130,8 @@ case "$SYSTEM.$RELEASE" in ;; FreeBSD.6*) SYSTYPE=FREEBSD6 ;; + FreeBSD.7*) SYSTYPE=FREEBSD7 + ;; OpenBSD.2*) SYSTYPE=OPENBSD2 ;; OpenBSD.3*) SYSTYPE=OPENBSD3 @@ -309,7 +311,7 @@ EOF rm -f makedefs.test makedefs.test.o makedefs.test.c;; esac ;; - GNU.0*|GNU/kFreeBSD.[56]*) + GNU.0*|GNU/kFreeBSD.[567]*) SYSTYPE=GNU0 # Postfix no longer needs DB 1.85 compatibility if [ -f /usr/include/db.h ] diff --git a/postfix/man/man5/mysql_table.5 b/postfix/man/man5/mysql_table.5 index 3a98b2d47..bde924aff 100644 --- a/postfix/man/man5/mysql_table.5 +++ b/postfix/man/man5/mysql_table.5 @@ -258,7 +258,18 @@ A setting of zero disables the limit. Lookups fail with a temporary error if the limit is exceeded. Setting the limit to 1 ensures that lookups do not return multiple values. -.PP +.SH "OBSOLETE QUERY INTERFACE" +.na +.nf +.ad +.fi +This section describes an interface that is deprecated as +of Postfix 2.2. It is replaced by the more general \fBquery\fR +interface described above. If the \fBquery\fR parameter +is defined, the legacy parameters described here ignored. +Please migrate to the new interface as the legacy interface +may be removed in a future release. + The following parameters can be used to fill in a SELECT template statement of the form: @@ -272,12 +283,6 @@ SELECT template statement of the form: The specifier %s is replaced by the search string, and is escaped so if it contains single quotes or other odd characters, it will not cause a parse error, or worse, a security problem. - -As of Postfix 2.2 this interface is obsolete, it is replaced -by the more general \fBquery\fR interface described above. -If the \fBquery\fR parameter is defined, the legacy parameters -are ignored. Please migrate to the new interface as the legacy -interface may be removed in a future release. .IP "\fBselect_field\fR" The SQL "select" parameter. Example: .nf diff --git a/postfix/man/man5/pgsql_table.5 b/postfix/man/man5/pgsql_table.5 index cfe6ce41b..3ee3b7d80 100644 --- a/postfix/man/man5/pgsql_table.5 +++ b/postfix/man/man5/pgsql_table.5 @@ -65,7 +65,7 @@ migrate to the new interface set: \fBquery\fR = SELECT \fIselect_function\fR('%s') .fi -or in the absence of \fBselection_function\fR, the lower precedence: +or in the absence of \fBselect_function\fR, the lower precedence: .nf \fBquery\fR = SELECT \fIselect_field\fR @@ -261,8 +261,15 @@ A setting of zero disables the limit. Lookups fail with a temporary error if the limit is exceeded. Setting the limit to 1 ensures that lookups do not return multiple values. -.PP -Pre-Postfix 2.2 legacy interfaces: +.SH "OBSOLETE QUERY INTERFACES" +.na +.nf +.ad +.fi +This section describes query interfaces that are deprecated +as of Postfix 2.2. Please migrate to the new \fBquery\fR +interface as the old interfaces are slated to be phased +out. .IP "\fBselect_function\fR" This parameter specifies a database function name. Example: .nf @@ -277,9 +284,8 @@ This is equivalent to: This parameter overrides the legacy table-related fields (described below). With Postfix versions prior to 2.2, it also overrides the \fBquery\fR parameter. Starting with Postfix 2.2, the \fBquery\fR -parameter has highest precedence, and this parameter is deprecated. -Please migrate to the new \fBquery\fR interface as this interface -is slated to be phased out. +parameter has highest precedence, and the \fBselect_function\fR +parameter is deprecated. .PP The following parameters (with lower precedence than the \fBselect_function\fR interface described above) can be used to @@ -300,8 +306,7 @@ problem. Starting with Postfix 2.2, this interface is obsoleted by the more general \fBquery\fR interface described above. If higher precedence the \fBquery\fR or \fBselect_function\fR parameters described above -are defined, these parameters are ignored. Please migrate to the new -\fBquery\fR interface as this interface is slated to be phased out. +are defined, the parameters described here are ignored. .IP "\fBselect_field\fR" The SQL "select" parameter. Example: .nf diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index 6b5a4c9d4..d4275b695 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -641,7 +641,7 @@ is placed into the Postfix configuration directory. This feature is available in Postfix 2.3 and later. .SH broken_sasl_auth_clients (default: no) Enable inter-operability with SMTP clients that implement an obsolete -version of the AUTH command (RFC 2554). Examples of such clients +version of the AUTH command (RFC 4954). Examples of such clients are MicroSoft Outlook Express version 4 and MicroSoft Exchange version 5.0. .PP @@ -2225,7 +2225,7 @@ address rewriting when mail from a remote client is forwarded by a neighboring system. .IP "\fB permit_sasl_authenticated \fR" Append the domain name in $myorigin or $mydomain when the -client is successfully authenticated via the RFC 2554 (AUTH) +client is successfully authenticated via the RFC 4954 (AUTH) protocol. .IP "\fB permit_tls_clientcerts \fR" Append the domain name in $myorigin or $mydomain when the @@ -5488,7 +5488,7 @@ Permit the request when the client IP address matches any network or network address listed in $mynetworks. .IP "\fBpermit_sasl_authenticated\fR" Permit the request when the client is successfully -authenticated via the RFC 2554 (AUTH) protocol. +authenticated via the RFC 4954 (AUTH) protocol. .IP "\fBpermit_tls_all_clientcerts\fR" Permit the request when the remote SMTP client certificate is verified successfully. This option must be used only if a special @@ -6311,7 +6311,7 @@ the SASL plug-in implementation that is selected with configuration file or rendezvous point. .PP This feature is available in Postfix 2.3 and later. In earlier -releases it was called smtpd_sasl_application. +releases it was called \fBsmtpd_sasl_application_name\fR. .SH smtpd_sasl_security_options (default: noanonymous) Postfix SMTP server SASL security options; as of Postfix 2.3 the list of available diff --git a/postfix/man/man8/pipe.8 b/postfix/man/man8/pipe.8 index 5f521c3d3..370491807 100644 --- a/postfix/man/man8/pipe.8 +++ b/postfix/man/man8/pipe.8 @@ -75,7 +75,7 @@ The output record delimiter. Typically one would use either \fB\er\en\fR or \fB\en\fR. The usual C-style backslash escape sequences are recognized: \fB\ea \eb \ef \en \er \et \ev \e\fIddd\fR (up to three octal digits) and \fB\e\e\fR. -.IP "\fBflags=BDFORhqu.>\fR (optional)" +.IP "\fBflags=BDFORXhqu.>\fR (optional)" Optional message processing flags. By default, a message is copied unchanged. .RS @@ -110,6 +110,11 @@ This feature is available as of Postfix 2.0. .IP \fBR\fR Prepend a \fBReturn-Path:\fR message header with the envelope sender address. +.IP \fBX\fR +Indicate that the external command performs final delivery. +This flag affects the status reported in "success" DSN +(delivery status notification) messages, and changes it +from "relayed" into "delivered". .IP \fBh\fR Fold the command-line \fB$recipient\fR address domain part (text to the right of the right-most \fB@\fR character) to @@ -173,8 +178,8 @@ specify \fB$sender\fR as an argument by itself: .IP This feature is available as of Postfix 2.3. .IP "\fBsize\fR=\fIsize_limit\fR (optional)" -Messages greater in size than this limit (in bytes) will -be returned to the sender as undeliverable. +Don't deliver messages that exceed this size limit (in +bytes); return them to the sender instead. .IP "\fBuser\fR=\fIusername\fR (required)" .IP "\fBuser\fR=\fIusername\fR:\fIgroupname\fR" Execute the external command with the rights of the @@ -259,7 +264,7 @@ if the message has been received without SASL authentication. This is available in Postfix 2.2 and later. .IP \fB${\fBsasl_sender\fR}\fR This macro expands to the SASL sender name (i.e. the original -submitter as per RFC 2554) used during the reception of the message. +submitter as per RFC 4954) used during the reception of the message. .sp This is available in Postfix 2.2 and later. .IP \fB${\fBsasl_username\fR}\fR diff --git a/postfix/man/man8/smtpd.8 b/postfix/man/man8/smtpd.8 index 93e343f8a..fb7e606f1 100644 --- a/postfix/man/man8/smtpd.8 +++ b/postfix/man/man8/smtpd.8 @@ -92,7 +92,7 @@ undesirable use. .fi .IP "\fBbroken_sasl_auth_clients (no)\fR" Enable inter-operability with SMTP clients that implement an obsolete -version of the AUTH command (RFC 2554). +version of the AUTH command (RFC 4954). .IP "\fBdisable_vrfy_command (no)\fR" Disable the SMTP VRFY command. .IP "\fBsmtpd_noop_commands (empty)\fR" @@ -264,13 +264,13 @@ What SMTP clients are allowed to use the XFORWARD feature. .nf .ad .fi -Postfix SASL support (RFC 2554) can be used to authenticate remote +Postfix SASL support (RFC 4954) can be used to authenticate remote SMTP clients to the Postfix SMTP server, and to authenticate the Postfix SMTP client to a remote SMTP server. See the SASL_README document for details. .IP "\fBbroken_sasl_auth_clients (no)\fR" Enable inter-operability with SMTP clients that implement an obsolete -version of the AUTH command (RFC 2554). +version of the AUTH command (RFC 4954). .IP "\fBsmtpd_sasl_auth_enable (no)\fR" Enable SASL authentication in the Postfix SMTP server. .IP "\fBsmtpd_sasl_local_domain (empty)\fR" @@ -290,6 +290,11 @@ Available in Postfix version 2.1 and later: What remote SMTP clients the Postfix SMTP server will not offer AUTH support to. .PP +Available in Postfix version 2.1 and 2.2: +.IP "\fBsmtpd_sasl_application_name (smtpd)\fR" +The application name that the Postfix SMTP server uses for SASL +server initialization. +.PP Available in Postfix version 2.3 and later: .IP "\fBsmtpd_sasl_authenticated_header (no)\fR" Report the SASL authenticated user name in the \fBsmtpd\fR(8) Received diff --git a/postfix/proto/DATABASE_README.html b/postfix/proto/DATABASE_README.html index e5fde9d1e..36fbcb66a 100644 --- a/postfix/proto/DATABASE_README.html +++ b/postfix/proto/DATABASE_README.html @@ -365,8 +365,8 @@ example, the lookup table "static:foobar" always returns the string described in tcp_table(5). The lookup table name is "tcp:host:port" where "host" specifies a symbolic hostname or a numeric IP address, and "port" specifies a symbolic service name or a numeric port -number. This protocol is not available up to and including Postfix -version 2.4. +number. This protocol is not available in the stable Postfix release. +
unix (read-only)
diff --git a/postfix/proto/TUNING_README.html b/postfix/proto/TUNING_README.html index 1a7f756b6..7d129077e 100644 --- a/postfix/proto/TUNING_README.html +++ b/postfix/proto/TUNING_README.html @@ -243,7 +243,7 @@ out-of-control clients.

smtpd_client_connection_count_limit (default: 50)
-The maximum number of connections than an SMTP client may make +The maximum number of connections that an SMTP client may make simultaneously.
smtpd_client_connection_rate_limit (default: no limit)
diff --git a/postfix/proto/mysql_table b/postfix/proto/mysql_table index a8f8bf2a7..ed03c9324 100644 --- a/postfix/proto/mysql_table +++ b/postfix/proto/mysql_table @@ -246,7 +246,16 @@ # temporary error if the limit is exceeded. Setting the # limit to 1 ensures that lookups do not return multiple # values. -# .PP +# OBSOLETE QUERY INTERFACE +# .ad +# .fi +# This section describes an interface that is deprecated as +# of Postfix 2.2. It is replaced by the more general \fBquery\fR +# interface described above. If the \fBquery\fR parameter +# is defined, the legacy parameters described here ignored. +# Please migrate to the new interface as the legacy interface +# may be removed in a future release. +# # The following parameters can be used to fill in a # SELECT template statement of the form: # @@ -260,12 +269,6 @@ # The specifier %s is replaced by the search string, and is # escaped so if it contains single quotes or other odd characters, # it will not cause a parse error, or worse, a security problem. -# -# As of Postfix 2.2 this interface is obsolete, it is replaced -# by the more general \fBquery\fR interface described above. -# If the \fBquery\fR parameter is defined, the legacy parameters -# are ignored. Please migrate to the new interface as the legacy -# interface may be removed in a future release. # .IP "\fBselect_field\fR" # The SQL "select" parameter. Example: # .nf diff --git a/postfix/proto/pgsql_table b/postfix/proto/pgsql_table index 6338416c5..383060093 100644 --- a/postfix/proto/pgsql_table +++ b/postfix/proto/pgsql_table @@ -57,7 +57,7 @@ # \fBquery\fR = SELECT \fIselect_function\fR('%s') # .fi # -# or in the absence of \fBselection_function\fR, the lower precedence: +# or in the absence of \fBselect_function\fR, the lower precedence: # # .nf # \fBquery\fR = SELECT \fIselect_field\fR @@ -249,8 +249,13 @@ # temporary error if the limit is exceeded. Setting the # limit to 1 ensures that lookups do not return multiple # values. -# .PP -# Pre-Postfix 2.2 legacy interfaces: +# OBSOLETE QUERY INTERFACES +# .ad +# .fi +# This section describes query interfaces that are deprecated +# as of Postfix 2.2. Please migrate to the new \fBquery\fR +# interface as the old interfaces are slated to be phased +# out. # .IP "\fBselect_function\fR" # This parameter specifies a database function name. Example: # .nf @@ -265,9 +270,8 @@ # This parameter overrides the legacy table-related fields (described # below). With Postfix versions prior to 2.2, it also overrides the # \fBquery\fR parameter. Starting with Postfix 2.2, the \fBquery\fR -# parameter has highest precedence, and this parameter is deprecated. -# Please migrate to the new \fBquery\fR interface as this interface -# is slated to be phased out. +# parameter has highest precedence, and the \fBselect_function\fR +# parameter is deprecated. # .PP # The following parameters (with lower precedence than the # \fBselect_function\fR interface described above) can be used to @@ -288,8 +292,7 @@ # Starting with Postfix 2.2, this interface is obsoleted by the more # general \fBquery\fR interface described above. If higher precedence # the \fBquery\fR or \fBselect_function\fR parameters described above -# are defined, these parameters are ignored. Please migrate to the new -# \fBquery\fR interface as this interface is slated to be phased out. +# are defined, the parameters described here are ignored. # .IP "\fBselect_field\fR" # The SQL "select" parameter. Example: # .nf diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index cd412cf9e..7f4b36f7e 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -4631,7 +4631,7 @@ network or network address listed in $mynetworks.
permit_sasl_authenticated
Permit the request when the client is successfully -authenticated via the RFC 2554 (AUTH) protocol.
+authenticated via the RFC 4954 (AUTH) protocol.
permit_tls_all_clientcerts
@@ -5418,7 +5418,7 @@ smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination %CLASS sasl-auth SASL Authentication

-Postfix SASL support (RFC 2554) can be used to authenticate remote +Postfix SASL support (RFC 4954) can be used to authenticate remote SMTP clients to the Postfix SMTP server, and to authenticate the Postfix SMTP client to a remote SMTP server. See the SASL_README document for details. @@ -6434,7 +6434,7 @@ This feature is available in Postfix 2.0 and later.

Enable inter-operability with SMTP clients that implement an obsolete -version of the AUTH command (RFC 2554). Examples of such clients +version of the AUTH command (RFC 4954). Examples of such clients are MicroSoft Outlook Express version 4 and MicroSoft Exchange version 5.0.

@@ -8078,7 +8078,7 @@ a neighboring system.
permit_sasl_authenticated
Append the domain name in $myorigin or $mydomain when the -client is successfully authenticated via the RFC 2554 (AUTH) +client is successfully authenticated via the RFC 4954 (AUTH) protocol.
permit_tls_clientcerts
@@ -9397,7 +9397,7 @@ the SASL plug-in implementation that is selected with configuration file or rendezvous point.

This feature is available in Postfix 2.3 and later. In earlier -releases it was called smtpd_sasl_application.

+releases it was called smtpd_sasl_application_name.

%PARAM cyrus_sasl_config_path diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 2638bce0a..193f17bd4 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20070731" +#define MAIL_RELEASE_DATE "20070824" #define MAIL_VERSION_NUMBER "2.5" #ifdef SNAPSHOT diff --git a/postfix/src/pipe/pipe.c b/postfix/src/pipe/pipe.c index 0ab9230d0..1e87b7948 100644 --- a/postfix/src/pipe/pipe.c +++ b/postfix/src/pipe/pipe.c @@ -65,7 +65,7 @@ /* \fB\er\en\fR or \fB\en\fR. The usual C-style backslash escape /* sequences are recognized: \fB\ea \eb \ef \en \er \et \ev /* \e\fIddd\fR (up to three octal digits) and \fB\e\e\fR. -/* .IP "\fBflags=BDFORhqu.>\fR (optional)" +/* .IP "\fBflags=BDFORXhqu.>\fR (optional)" /* Optional message processing flags. By default, a message is /* copied unchanged. /* .RS @@ -100,6 +100,11 @@ /* .IP \fBR\fR /* Prepend a \fBReturn-Path:\fR message header with the envelope sender /* address. +/* .IP \fBX\fR +/* Indicate that the external command performs final delivery. +/* This flag affects the status reported in "success" DSN +/* (delivery status notification) messages, and changes it +/* from "relayed" into "delivered". /* .IP \fBh\fR /* Fold the command-line \fB$recipient\fR address domain part /* (text to the right of the right-most \fB@\fR character) to @@ -163,8 +168,8 @@ /* .IP /* This feature is available as of Postfix 2.3. /* .IP "\fBsize\fR=\fIsize_limit\fR (optional)" -/* Messages greater in size than this limit (in bytes) will -/* be returned to the sender as undeliverable. +/* Don't deliver messages that exceed this size limit (in +/* bytes); return them to the sender instead. /* .IP "\fBuser\fR=\fIusername\fR (required)" /* .IP "\fBuser\fR=\fIusername\fR:\fIgroupname\fR" /* Execute the external command with the rights of the @@ -249,7 +254,7 @@ /* This is available in Postfix 2.2 and later. /* .IP \fB${\fBsasl_sender\fR}\fR /* This macro expands to the SASL sender name (i.e. the original -/* submitter as per RFC 2554) used during the reception of the message. +/* submitter as per RFC 4954) used during the reception of the message. /* .sp /* This is available in Postfix 2.2 and later. /* .IP \fB${\fBsasl_username\fR}\fR @@ -490,7 +495,8 @@ #define PIPE_OPT_FOLD_BASE (16) #define PIPE_OPT_FOLD_USER (FOLD_ADDR_USER << PIPE_OPT_FOLD_BASE) #define PIPE_OPT_FOLD_HOST (FOLD_ADDR_HOST << PIPE_OPT_FOLD_BASE) -#define PIPE_OPT_QUOTE_LOCAL (PIPE_OPT_FOLD_BASE << 2) +#define PIPE_OPT_QUOTE_LOCAL (1 << (PIPE_OPT_FOLD_BASE + 2)) +#define PIPE_OPT_FINAL_DELIVERY (1 << (PIPE_OPT_FOLD_BASE + 3)) #define PIPE_OPT_FOLD_ALL (FOLD_ADDR_ALL << PIPE_OPT_FOLD_BASE) #define PIPE_OPT_FOLD_FLAGS(f) \ @@ -811,6 +817,9 @@ static void get_service_attr(PIPE_ATTR *attr, char **argv) case 'R': attr->flags |= MAIL_COPY_RETURN_PATH; break; + case 'X': + attr->flags |= PIPE_OPT_FINAL_DELIVERY; + break; case '.': attr->flags |= MAIL_COPY_DOT; break; @@ -939,7 +948,7 @@ static void get_service_attr(PIPE_ATTR *attr, char **argv) /* eval_command_status - do something with command completion status */ static int eval_command_status(int command_status, char *service, - DELIVER_REQUEST *request, VSTREAM *src, + DELIVER_REQUEST *request, PIPE_ATTR *attr, DSN_BUF *why) { RECIPIENT *rcpt; @@ -953,7 +962,8 @@ static int eval_command_status(int command_status, char *service, */ switch (command_status) { case PIPE_STAT_OK: - dsb_update(why, "2.0.0", "relayed", DSB_SKIP_RMTA, DSB_SKIP_REPLY, + dsb_update(why, "2.0.0", (attr->flags & PIPE_OPT_FINAL_DELIVERY) ? + "delivered" : "relayed", DSB_SKIP_RMTA, DSB_SKIP_REPLY, "delivered via %s service", service); (void) DSN_FROM_DSN_BUF(why); for (n = 0; n < request->rcpt_list.len; n++) { @@ -962,7 +972,7 @@ static int eval_command_status(int command_status, char *service, request->queue_id, &request->msg_stats, rcpt, service, &why->dsn); if (status == 0 && (request->flags & DEL_REQ_FLAG_SUCCESS)) - deliver_completed(src, rcpt->offset); + deliver_completed(request->fp, rcpt->offset); result |= status; } break; @@ -977,7 +987,7 @@ static int eval_command_status(int command_status, char *service, &request->msg_stats, rcpt, service, &why->dsn); if (status == 0) - deliver_completed(src, rcpt->offset); + deliver_completed(request->fp, rcpt->offset); result |= status; } } else { @@ -1047,7 +1057,7 @@ static int deliver_message(DELIVER_REQUEST *request, char *service, char **argv) if ((attr.flags & MAIL_COPY_DELIVERED) && (rcpt_list->len > 1)) { dsb_simple(why, "4.3.5", "mail system configuration error"); deliver_status = eval_command_status(PIPE_STAT_DEFER, service, - request, request->fp, why); + request, &attr, why); msg_warn("pipe flag `D' requires %s_destination_recipient_limit = 1", service); DELIVER_MSG_CLEANUP(); @@ -1060,7 +1070,7 @@ static int deliver_message(DELIVER_REQUEST *request, char *service, char **argv) if ((attr.flags & MAIL_COPY_ORIG_RCPT) && (rcpt_list->len > 1)) { dsb_simple(why, "4.3.5", "mail system configuration error"); deliver_status = eval_command_status(PIPE_STAT_DEFER, service, - request, request->fp, why); + request, &attr, why); msg_warn("pipe flag `O' requires %s_destination_recipient_limit = 1", service); DELIVER_MSG_CLEANUP(); @@ -1076,7 +1086,7 @@ static int deliver_message(DELIVER_REQUEST *request, char *service, char **argv) myname, (long) attr.size_limit, request->data_size); dsb_simple(why, "5.2.3", "message too large"); deliver_status = eval_command_status(PIPE_STAT_BOUNCE, service, - request, request->fp, why); + request, &attr, why); DELIVER_MSG_CLEANUP(); return (deliver_status); } @@ -1126,7 +1136,7 @@ static int deliver_message(DELIVER_REQUEST *request, char *service, char **argv) dsb_simple(why, "5.4.6", "mail forwarding loop for %s", rcpt->address); deliver_status = eval_command_status(PIPE_STAT_BOUNCE, service, - request, request->fp, why); + request, &attr, why); DELIVER_MSG_CLEANUP(); return (deliver_status); } @@ -1179,7 +1189,7 @@ static int deliver_message(DELIVER_REQUEST *request, char *service, char **argv) rcpt_list, attr.flags)) == 0) { dsb_simple(why, "4.3.5", "mail system configuration error"); deliver_status = eval_command_status(PIPE_STAT_DEFER, service, - request, request->fp, why); + request, &attr, why); DELIVER_MSG_CLEANUP(); return (deliver_status); } @@ -1202,7 +1212,7 @@ static int deliver_message(DELIVER_REQUEST *request, char *service, char **argv) argv_free(export_env); deliver_status = eval_command_status(command_status, service, request, - request->fp, why); + &attr, why); /* * Clean up. diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c index 53223c18f..b45d170f1 100644 --- a/postfix/src/smtpd/smtpd.c +++ b/postfix/src/smtpd/smtpd.c @@ -76,7 +76,7 @@ /* .fi /* .IP "\fBbroken_sasl_auth_clients (no)\fR" /* Enable inter-operability with SMTP clients that implement an obsolete -/* version of the AUTH command (RFC 2554). +/* version of the AUTH command (RFC 4954). /* .IP "\fBdisable_vrfy_command (no)\fR" /* Disable the SMTP VRFY command. /* .IP "\fBsmtpd_noop_commands (empty)\fR" @@ -234,13 +234,13 @@ /* SASL AUTHENTICATION CONTROLS /* .ad /* .fi -/* Postfix SASL support (RFC 2554) can be used to authenticate remote +/* Postfix SASL support (RFC 4954) can be used to authenticate remote /* SMTP clients to the Postfix SMTP server, and to authenticate the /* Postfix SMTP client to a remote SMTP server. /* See the SASL_README document for details. /* .IP "\fBbroken_sasl_auth_clients (no)\fR" /* Enable inter-operability with SMTP clients that implement an obsolete -/* version of the AUTH command (RFC 2554). +/* version of the AUTH command (RFC 4954). /* .IP "\fBsmtpd_sasl_auth_enable (no)\fR" /* Enable SASL authentication in the Postfix SMTP server. /* .IP "\fBsmtpd_sasl_local_domain (empty)\fR" @@ -260,6 +260,11 @@ /* What remote SMTP clients the Postfix SMTP server will not offer /* AUTH support to. /* .PP +/* Available in Postfix version 2.1 and 2.2: +/* .IP "\fBsmtpd_sasl_application_name (smtpd)\fR" +/* The application name that the Postfix SMTP server uses for SASL +/* server initialization. +/* .PP /* Available in Postfix version 2.3 and later: /* .IP "\fBsmtpd_sasl_authenticated_header (no)\fR" /* Report the SASL authenticated user name in the \fBsmtpd\fR(8) Received @@ -1344,14 +1349,21 @@ static int helo_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv) * persists so it will apply to MAIL FROM and to other commands such as * AUTH, STARTTLS, and VRFY. */ +#define PUSH_STRING(old, curr, new) { char *old = (curr); (curr) = (new); +#define POP_STRING(old, curr) (curr) = old; } + if (smtpd_milters != 0 && SMTPD_STAND_ALONE(state) == 0 && (state->saved_flags & MILTER_SKIP_FLAGS) == 0 - && (err = milter_helo_event(smtpd_milters, argv[1].strval, 0)) != 0 - && (err = check_milter_reply(state, err)) != 0 - && strncmp(err, "421", 3) == 0) { - smtpd_chat_reply(state, "%s", err); - return (-1); + && (err = milter_helo_event(smtpd_milters, argv[1].strval, 0)) != 0) { + /* Log reject etc. with correct HELO information. */ + PUSH_STRING(saved_helo, state->helo_name, argv[1].strval); + err = check_milter_reply(state, err); + POP_STRING(saved_helo, state->helo_name); + if (err != 0 && strncmp(err, "421", 3) == 0) { + smtpd_chat_reply(state, "%s", err); + return (-1); + } } if (state->helo_name != 0) helo_reset(state); @@ -1411,11 +1423,15 @@ static int ehlo_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv) if (smtpd_milters != 0 && SMTPD_STAND_ALONE(state) == 0 && (state->saved_flags & MILTER_SKIP_FLAGS) == 0 - && (err = milter_helo_event(smtpd_milters, argv[1].strval, 1)) != 0 - && (err = check_milter_reply(state, err)) != 0 - && strncmp(err, "421", 3) == 0) { - smtpd_chat_reply(state, "%s", err); - return (-1); + && (err = milter_helo_event(smtpd_milters, argv[1].strval, 1)) != 0) { + /* Log reject etc. with correct HELO information. */ + PUSH_STRING(saved_helo, state->helo_name, argv[1].strval); + err = check_milter_reply(state, err); + POP_STRING(saved_helo, state->helo_name); + if (err != 0 && strncmp(err, "421", 3) == 0) { + smtpd_chat_reply(state, "%s", err); + return (-1); + } } if (state->helo_name != 0) helo_reset(state); @@ -2057,11 +2073,15 @@ static int mail_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv) if (smtpd_milters != 0 && SMTPD_STAND_ALONE(state) == 0 && (state->saved_flags & MILTER_SKIP_FLAGS) == 0) { - state->sender = STR(state->addr_buf); err = milter_mail_event(smtpd_milters, milter_argv(state, argc - 2, argv + 2)); - state->sender = 0; - if (err != 0 && (err = check_milter_reply(state, err)) != 0) { + if (err != 0) { + /* Log reject etc. with correct sender information. */ + PUSH_STRING(saved_sender, state->sender, STR(state->addr_buf)); + err = check_milter_reply(state, err); + POP_STRING(saved_sender, state->sender); + } + if (err != 0) { /* XXX Reset access map side effects. */ mail_reset(state); smtpd_chat_reply(state, "%s", err); @@ -2307,11 +2327,15 @@ static int rcpt_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv) } if (smtpd_milters != 0 && (state->saved_flags & MILTER_SKIP_FLAGS) == 0) { - state->recipient = STR(state->addr_buf); err = milter_rcpt_event(smtpd_milters, milter_argv(state, argc - 2, argv + 2)); - state->recipient = 0; - if (err != 0 && (err = check_milter_reply(state, err)) != 0) { + if (err != 0) { + /* Log reject etc. with correct recipient information. */ + PUSH_STRING(saved_rcpt, state->recipient, STR(state->addr_buf)); + err = check_milter_reply(state, err); + POP_STRING(saved_rcpt, state->recipient); + } + if (err != 0) { smtpd_chat_reply(state, "%s", err); return (-1); } diff --git a/postfix/src/tlsmgr/tlsmgr.c b/postfix/src/tlsmgr/tlsmgr.c index e4630193d..242c10d96 100644 --- a/postfix/src/tlsmgr/tlsmgr.c +++ b/postfix/src/tlsmgr/tlsmgr.c @@ -810,6 +810,8 @@ static void tlsmgr_pre_init(char *unused_name, char **unused_argv) * Open the session cache files and discard old information while * privileged. Start the cache maintenance pseudo threads after dropping * privileges. + * + * XXX Need sanity check that the databases have different names. */ for (ent = cache_table; ent->cache_label; ++ent) if (**ent->cache_db) diff --git a/postfix/src/util/sys_defs.h b/postfix/src/util/sys_defs.h index 49445bd1f..3576d6900 100644 --- a/postfix/src/util/sys_defs.h +++ b/postfix/src/util/sys_defs.h @@ -24,7 +24,7 @@ * 4.4BSD and close derivatives. */ #if defined(FREEBSD2) || defined(FREEBSD3) || defined(FREEBSD4) \ - || defined(FREEBSD5) || defined(FREEBSD6) \ + || defined(FREEBSD5) || defined(FREEBSD6) || defined(FREEBSD7) \ || defined(BSDI2) || defined(BSDI3) || defined(BSDI4) \ || defined(OPENBSD2) || defined(OPENBSD3) || defined(OPENBSD4) \ || defined(NETBSD1) || defined(NETBSD2) || defined(NETBSD3) \ diff --git a/postfix/src/util/vstream.c b/postfix/src/util/vstream.c index b2ebf1785..361421fbc 100644 --- a/postfix/src/util/vstream.c +++ b/postfix/src/util/vstream.c @@ -846,7 +846,8 @@ static int vstream_buf_space(VBUF *bp, ssize_t want) if (vstream_fflush_some(stream, VSTREAM_TRUNCATE(used, stream->req_bufsize))) return (VSTREAM_EOF); if ((shortage = (want - bp->cnt)) > 0) { - if (shortage > __MAXINT__(ssize_t) -bp->len - stream->req_bufsize) { + if ((bp->flags & VSTREAM_FLAG_FIXED) + || shortage > __MAXINT__(ssize_t) -bp->len - stream->req_bufsize) { bp->flags |= VSTREAM_FLAG_ERR; } else { incr = VSTREAM_ROUNDUP(shortage, stream->req_bufsize); diff --git a/postfix/src/util/vstream_tweak.c b/postfix/src/util/vstream_tweak.c index 145651106..d1afac8fd 100644 --- a/postfix/src/util/vstream_tweak.c +++ b/postfix/src/util/vstream_tweak.c @@ -128,7 +128,7 @@ int vstream_tweak_tcp(VSTREAM *fp) */ #else if (mss > VSTREAM_BUFSIZE) { - int nodelay = 0; + int nodelay = 1; if ((err = setsockopt(vstream_fileno(fp), IPPROTO_TCP, TCP_NODELAY, (char *) &nodelay, sizeof(nodelay))) < 0)