mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-31 22:25:24 +00:00
Code Issues Releases Wiki Activity

postfix-2.5-20070824

Browse Source
This commit is contained in:
Wietse Venema
2007-08-24 00:00:00 -05:00
committed by Viktor Dukhovni
parent 0463e04580
commit 6ffd52a10d
29 changed files with 459 additions and 357 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
postfix/HISTORY
View File

@@ -13674,3 +13674,22 @@ Apologies for any names omitted.
cleanup server would get out of sync with the milter when cleanup server would get out of sync with the milter when
a milter replied with ACCEPT at the DATA command. Files: a milter replied with ACCEPT at the DATA command. Files:
cleanup/cleanup_envelope.c, smtpd/smtpd.c, milter/milters.c. cleanup/cleanup_envelope.c, smtpd/smtpd.c, milter/milters.c.
20070811
Cleanup: unlike smtpd_mumble_restrictions, the Postfix SMTP
server Milter reject logging did not show the (helo argument,
sender address, or recipient address) that was being rejected.
File: smtpd/smtpd.c.
20070824
Bugfix (introduced snapshot 20070429): the pipe(8) delivery
agent 'q' flag (quote address local-part) used the same bit
mask as the 'B' flag (append blank line). Setting one flag
also turned on the other. File: pipe/pipe.c.
Feature: specify the 'X' flag to indicate that the pipe(8)
delivery agent performs final delivery. This changes the
status in DSN "success" messages from "relayed" into
"delivered". File: pipe/pipe.c.

2
postfix/README_FILES/DATABASE_README
View File

@@ -246,7 +246,7 @@ To find out what database types your Postfix system supports, use the "ppooss
in tcp_table(5). The lookup table name is "tcp:host:port" where "host" in tcp_table(5). The lookup table name is "tcp:host:port" where "host"
specifies a symbolic hostname or a numeric IP address, and "port" specifies a symbolic hostname or a numeric IP address, and "port"
specifies a symbolic service name or a numeric port number. This specifies a symbolic service name or a numeric port number. This
protocol is not available up to and including Postfix version 2.4. protocol is not available in the stable Postfix release.
uunniixx (read-only) uunniixx (read-only)
A limited way to query the UNIX authentication database. The following A limited way to query the UNIX authentication database. The following
tables are implemented: tables are implemented:

2
postfix/README_FILES/TUNING_README
View File

@@ -155,7 +155,7 @@ will suffer grotesque delays if you do so. The limits are designed to protect
the smtpd(8) server against abuse by out-of-control clients. the smtpd(8) server against abuse by out-of-control clients.
smtpd_client_connection_count_limit (default: 50) smtpd_client_connection_count_limit (default: 50)
The maximum number of connections than an SMTP client may make The maximum number of connections that an SMTP client may make
simultaneously. simultaneously.
smtpd_client_connection_rate_limit (default: no limit) smtpd_client_connection_rate_limit (default: no limit)
The maximum number of connections that an SMTP client may make in the The maximum number of connections that an SMTP client may make in the

3
postfix/WISHLIST
View File

@@ -1,5 +1,8 @@
Wish list: Wish list:
Make TLS_BIO_BUFSIZE run-time adjustable, to future-proof
Postfix for remote connections with MSS > 8 kbytes.
Absent a formal spec, model IPv6 RBL lookups after the IPv6 Absent a formal spec, model IPv6 RBL lookups after the IPv6
PTR lookups (one zone per hex nibble, nibbles in reversed PTR lookups (one zone per hex nibble, nibbles in reversed
order). How to specify whether to query an RBL server for order). How to specify whether to query an RBL server for

4
postfix/html/DATABASE_README.html
View File

@@ -365,8 +365,8 @@ example, the lookup table "static:foobar" always returns the string
described in <a href="tcp_table.5.html">tcp_table(5)</a>. The lookup table name is "<a href="tcp_table.5.html">tcp</a>:host:port" described in <a href="tcp_table.5.html">tcp_table(5)</a>. The lookup table name is "<a href="tcp_table.5.html">tcp</a>:host:port"
where "host" specifies a symbolic hostname or a numeric IP address, where "host" specifies a symbolic hostname or a numeric IP address,
and "port" specifies a symbolic service name or a numeric port and "port" specifies a symbolic service name or a numeric port
number. This protocol is not available up to and including Postfix number. This protocol is not available in the stable Postfix release.
version 2.4. </dd> </dd>
<dt> <b>unix</b> (read-only) </dt> <dt> <b>unix</b> (read-only) </dt>

2
postfix/html/TUNING_README.html
View File

@@ -243,7 +243,7 @@ out-of-control clients. </p>
<dl> <dl>
<dt> <a href="postconf.5.html#smtpd_client_connection_count_limit">smtpd_client_connection_count_limit</a> (default: 50) </dt> <dd> <dt> <a href="postconf.5.html#smtpd_client_connection_count_limit">smtpd_client_connection_count_limit</a> (default: 50) </dt> <dd>
The maximum number of connections than an SMTP client may make The maximum number of connections that an SMTP client may make
simultaneously. </dd> simultaneously. </dd>
<dt> <a href="postconf.5.html#smtpd_client_connection_rate_limit">smtpd_client_connection_rate_limit</a> (default: no limit) </dt> <dt> <a href="postconf.5.html#smtpd_client_connection_rate_limit">smtpd_client_connection_rate_limit</a> (default: no limit) </dt>

19
postfix/html/mysql_table.5.html
View File

@@ -259,7 +259,15 @@ MYSQL_TABLE(5) MYSQL_TABLE(5)
limit is exceeded. Setting the limit to 1 ensures limit is exceeded. Setting the limit to 1 ensures
that lookups do not return multiple values. that lookups do not return multiple values.
The following parameters can be used to fill in a SELECT <b>OBSOLETE QUERY INTERFACE</b>
This section describes an interface that is deprecated as
of Postfix 2.2. It is replaced by the more general <b>query</b>
interface described above. If the <b>query</b> parameter is
defined, the legacy parameters described here ignored.
Please migrate to the new interface as the legacy inter-
face may be removed in a future release.
The following parameters can be used to fill in a SELECT
template statement of the form: template statement of the form:
SELECT [<b>select_field</b>] SELECT [<b>select_field</b>]
@@ -267,18 +275,11 @@ MYSQL_TABLE(5) MYSQL_TABLE(5)
WHERE [<b>where_field</b>] = '%s' WHERE [<b>where_field</b>] = '%s'
[<b>additional_conditions</b>] [<b>additional_conditions</b>]
The specifier %s is replaced by the search string, and is The specifier %s is replaced by the search string, and is
escaped so if it contains single quotes or other odd char- escaped so if it contains single quotes or other odd char-
acters, it will not cause a parse error, or worse, a secu- acters, it will not cause a parse error, or worse, a secu-
rity problem. rity problem.
As of Postfix 2.2 this interface is obsolete, it is
replaced by the more general <b>query</b> interface described
above. If the <b>query</b> parameter is defined, the legacy
parameters are ignored. Please migrate to the new inter-
face as the legacy interface may be removed in a future
release.
<b>select_field</b> <b>select_field</b>
The SQL "select" parameter. Example: The SQL "select" parameter. Example:
<b>select_field</b> = forw_addr <b>select_field</b> = forw_addr

28
postfix/html/pgsql_table.5.html
View File

@@ -61,7 +61,7 @@ PGSQL_TABLE(5) PGSQL_TABLE(5)
<b>query</b> = SELECT <i>select</i><b>_</b><i>function</i>('%s') <b>query</b> = SELECT <i>select</i><b>_</b><i>function</i>('%s')
or in the absence of <b>selection_function</b>, the lower prece- or in the absence of <b>select_function</b>, the lower prece-
dence: dence:
<b>query</b> = SELECT <i>select</i><b>_</b><i>field</i> <b>query</b> = SELECT <i>select</i><b>_</b><i>field</i>
@@ -264,23 +264,26 @@ PGSQL_TABLE(5) PGSQL_TABLE(5)
limit is exceeded. Setting the limit to 1 ensures limit is exceeded. Setting the limit to 1 ensures
that lookups do not return multiple values. that lookups do not return multiple values.
Pre-Postfix 2.2 legacy interfaces: <b>OBSOLETE QUERY INTERFACES</b>
This section describes query interfaces that are depre-
cated as of Postfix 2.2. Please migrate to the new <b>query</b>
interface as the old interfaces are slated to be phased
out.
<b>select_function</b> <b>select_function</b>
This parameter specifies a database function name. This parameter specifies a database function name.
Example: Example:
select_function = my_lookup_user_alias select_function = my_lookup_user_alias
This is equivalent to: This is equivalent to:
query = SELECT my_lookup_user_alias('%s') query = SELECT my_lookup_user_alias('%s')
This parameter overrides the legacy table-related This parameter overrides the legacy table-related
fields (described below). With Postfix versions fields (described below). With Postfix versions
prior to 2.2, it also overrides the <b>query</b> parame- prior to 2.2, it also overrides the <b>query</b> parame-
ter. Starting with Postfix 2.2, the <b>query</b> parameter ter. Starting with Postfix 2.2, the <b>query</b> parameter
has highest precedence, and this parameter is dep- has highest precedence, and the <b>select_function</b>
recated. Please migrate to the new <b>query</b> interface parameter is deprecated.
as this interface is slated to be phased out.
The following parameters (with lower precedence than the The following parameters (with lower precedence than the
<b>select_function</b> interface described above) can be used to <b>select_function</b> interface described above) can be used to
@@ -299,9 +302,8 @@ PGSQL_TABLE(5) PGSQL_TABLE(5)
Starting with Postfix 2.2, this interface is obsoleted by Starting with Postfix 2.2, this interface is obsoleted by
the more general <b>query</b> interface described above. If the more general <b>query</b> interface described above. If
higher precedence the <b>query</b> or <b>select_function</b> parameters higher precedence the <b>query</b> or <b>select_function</b> parameters
described above are defined, these parameters are ignored. described above are defined, the parameters described here
Please migrate to the new <b>query</b> interface as this inter- are ignored.
face is slated to be phased out.
<b>select_field</b> <b>select_field</b>
The SQL "select" parameter. Example: The SQL "select" parameter. Example:
@@ -329,7 +331,7 @@ PGSQL_TABLE(5) PGSQL_TABLE(5)
<a href="PGSQL_README.html">PGSQL_README</a>, Postfix PostgreSQL client guide <a href="PGSQL_README.html">PGSQL_README</a>, Postfix PostgreSQL client guide
<b>LICENSE</b> <b>LICENSE</b>
The Secure Mailer license must be distributed with this The Secure Mailer license must be distributed with this
software. software.
<b>HISTORY</b> <b>HISTORY</b>

16
postfix/html/pipe.8.html
View File

@@ -76,7 +76,7 @@ PIPE(8) PIPE(8)
escape sequences are recognized: <b>\a \b \f \n \r \t</b> escape sequences are recognized: <b>\a \b \f \n \r \t</b>
<b>\v \</b><i>ddd</i> (up to three octal digits) and <b>\\</b>. <b>\v \</b><i>ddd</i> (up to three octal digits) and <b>\\</b>.
<b>flags=BDFORhqu.</b>&gt; (optional) <b>flags=BDFORXhqu.</b>&gt; (optional)
Optional message processing flags. By default, a Optional message processing flags. By default, a
message is copied unchanged. message is copied unchanged.
@@ -116,6 +116,12 @@ PIPE(8) PIPE(8)
<b>R</b> Prepend a <b>Return-Path:</b> message header with <b>R</b> Prepend a <b>Return-Path:</b> message header with
the envelope sender address. the envelope sender address.
<b>X</b> Indicate that the external command performs
final delivery. This flag affects the sta-
tus reported in "success" DSN (delivery sta-
tus notification) messages, and changes it
from "relayed" into "delivered".
<b>h</b> Fold the command-line <b>$recipient</b> address <b>h</b> Fold the command-line <b>$recipient</b> address
domain part (text to the right of the right- domain part (text to the right of the right-
most <b>@</b> character) to lower case; fold the most <b>@</b> character) to lower case; fold the
@@ -184,8 +190,8 @@ PIPE(8) PIPE(8)
This feature is available as of Postfix 2.3. This feature is available as of Postfix 2.3.
<b>size</b>=<i>size</i><b>_</b><i>limit</i> (optional) <b>size</b>=<i>size</i><b>_</b><i>limit</i> (optional)
Messages greater in size than this limit (in bytes) Don't deliver messages that exceed this size limit
will be returned to the sender as undeliverable. (in bytes); return them to the sender instead.
<b>user</b>=<i>username</i> (required) <b>user</b>=<i>username</i> (required)
@@ -302,8 +308,8 @@ PIPE(8) PIPE(8)
<b>${sasl_sender</b>} <b>${sasl_sender</b>}
This macro expands to the SASL sender name This macro expands to the SASL sender name
(i.e. the original submitter as per <a href="http://tools.ietf.org/html/rfc2554">RFC</a> (i.e. the original submitter as per <a href="http://tools.ietf.org/html/rfc4954">RFC</a>
<a href="http://tools.ietf.org/html/rfc2554">2554</a>) used during the reception of the mes- <a href="http://tools.ietf.org/html/rfc4954">4954</a>) used during the reception of the mes-
sage. sage.
This is available in Postfix 2.2 and later. This is available in Postfix 2.2 and later.

8
postfix/html/postconf.5.html
View File

@@ -1163,7 +1163,7 @@ is placed into the Postfix configuration directory. </p>
<p> <p>
Enable inter-operability with SMTP clients that implement an obsolete Enable inter-operability with SMTP clients that implement an obsolete
version of the AUTH command (<a href="http://tools.ietf.org/html/rfc2554">RFC 2554</a>). Examples of such clients version of the AUTH command (<a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a>). Examples of such clients
are MicroSoft Outlook Express version 4 and MicroSoft Exchange are MicroSoft Outlook Express version 4 and MicroSoft Exchange
version 5.0. version 5.0.
</p> </p>
@@ -4188,7 +4188,7 @@ a neighboring system. </dd>
<dt><b> <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a> </b></dt> <dt><b> <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a> </b></dt>
<dd> Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> when the <dd> Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> when the
client is successfully authenticated via the <a href="http://tools.ietf.org/html/rfc2554">RFC 2554</a> (AUTH) client is successfully authenticated via the <a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a> (AUTH)
protocol. </dd> protocol. </dd>
<dt><b> <a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a> </b></dt> <dt><b> <a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a> </b></dt>
@@ -9300,7 +9300,7 @@ network or network address listed in $<a href="postconf.5.html#mynetworks">myne
<dt><b><a name="permit_sasl_authenticated">permit_sasl_authenticated</a></b></dt> <dt><b><a name="permit_sasl_authenticated">permit_sasl_authenticated</a></b></dt>
<dd> Permit the request when the client is successfully <dd> Permit the request when the client is successfully
authenticated via the <a href="http://tools.ietf.org/html/rfc2554">RFC 2554</a> (AUTH) protocol. </dd> authenticated via the <a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a> (AUTH) protocol. </dd>
<dt><b><a name="permit_tls_all_clientcerts">permit_tls_all_clientcerts</a></b></dt> <dt><b><a name="permit_tls_all_clientcerts">permit_tls_all_clientcerts</a></b></dt>
@@ -10557,7 +10557,7 @@ the SASL plug-in implementation that is selected with
configuration file or rendezvous point. </p> configuration file or rendezvous point. </p>
<p> This feature is available in Postfix 2.3 and later. In earlier <p> This feature is available in Postfix 2.3 and later. In earlier
releases it was called smtpd_sasl_application. </p> releases it was called <b>smtpd_sasl_application_name</b>. </p>
</DD> </DD>

472
postfix/html/smtpd.8.html
View File

File diff suppressed because it is too large Load Diff

4
postfix/makedefs
View File

@@ -130,6 +130,8 @@ case "$SYSTEM.$RELEASE" in
;; ;;
FreeBSD.6*) SYSTYPE=FREEBSD6 FreeBSD.6*) SYSTYPE=FREEBSD6
;; ;;
FreeBSD.7*) SYSTYPE=FREEBSD7
;;
OpenBSD.2*) SYSTYPE=OPENBSD2 OpenBSD.2*) SYSTYPE=OPENBSD2
;; ;;
OpenBSD.3*) SYSTYPE=OPENBSD3 OpenBSD.3*) SYSTYPE=OPENBSD3
@@ -309,7 +311,7 @@ EOF
rm -f makedefs.test makedefs.test.o makedefs.test.c;; rm -f makedefs.test makedefs.test.o makedefs.test.c;;
esac esac
;; ;;
GNU.0*|GNU/kFreeBSD.[56]*) GNU.0*|GNU/kFreeBSD.[567]*)
SYSTYPE=GNU0 SYSTYPE=GNU0
# Postfix no longer needs DB 1.85 compatibility # Postfix no longer needs DB 1.85 compatibility
if [ -f /usr/include/db.h ] if [ -f /usr/include/db.h ]

19
postfix/man/man5/mysql_table.5
View File

@@ -258,7 +258,18 @@ A setting of zero disables the limit. Lookups fail with a
temporary error if the limit is exceeded. Setting the temporary error if the limit is exceeded. Setting the
limit to 1 ensures that lookups do not return multiple limit to 1 ensures that lookups do not return multiple
values. values.
.PP .SH "OBSOLETE QUERY INTERFACE"
.na
.nf
.ad
.fi
This section describes an interface that is deprecated as
of Postfix 2.2. It is replaced by the more general \fBquery\fR
interface described above. If the \fBquery\fR parameter
is defined, the legacy parameters described here ignored.
Please migrate to the new interface as the legacy interface
may be removed in a future release.
The following parameters can be used to fill in a The following parameters can be used to fill in a
SELECT template statement of the form: SELECT template statement of the form:
@@ -272,12 +283,6 @@ SELECT template statement of the form:
The specifier %s is replaced by the search string, and is The specifier %s is replaced by the search string, and is
escaped so if it contains single quotes or other odd characters, escaped so if it contains single quotes or other odd characters,
it will not cause a parse error, or worse, a security problem. it will not cause a parse error, or worse, a security problem.
As of Postfix 2.2 this interface is obsolete, it is replaced
by the more general \fBquery\fR interface described above.
If the \fBquery\fR parameter is defined, the legacy parameters
are ignored. Please migrate to the new interface as the legacy
interface may be removed in a future release.
.IP "\fBselect_field\fR" .IP "\fBselect_field\fR"
The SQL "select" parameter. Example: The SQL "select" parameter. Example:
.nf .nf

21
postfix/man/man5/pgsql_table.5
View File

@@ -65,7 +65,7 @@ migrate to the new interface set:
\fBquery\fR = SELECT \fIselect_function\fR('%s') \fBquery\fR = SELECT \fIselect_function\fR('%s')
.fi .fi
or in the absence of \fBselection_function\fR, the lower precedence: or in the absence of \fBselect_function\fR, the lower precedence:
.nf .nf
\fBquery\fR = SELECT \fIselect_field\fR \fBquery\fR = SELECT \fIselect_field\fR
@@ -261,8 +261,15 @@ A setting of zero disables the limit. Lookups fail with a
temporary error if the limit is exceeded. Setting the temporary error if the limit is exceeded. Setting the
limit to 1 ensures that lookups do not return multiple limit to 1 ensures that lookups do not return multiple
values. values.
.PP .SH "OBSOLETE QUERY INTERFACES"
Pre-Postfix 2.2 legacy interfaces: .na
.nf
.ad
.fi
This section describes query interfaces that are deprecated
as of Postfix 2.2. Please migrate to the new \fBquery\fR
interface as the old interfaces are slated to be phased
out.
.IP "\fBselect_function\fR" .IP "\fBselect_function\fR"
This parameter specifies a database function name. Example: This parameter specifies a database function name. Example:
.nf .nf
@@ -277,9 +284,8 @@ This is equivalent to:
This parameter overrides the legacy table-related fields (described This parameter overrides the legacy table-related fields (described
below). With Postfix versions prior to 2.2, it also overrides the below). With Postfix versions prior to 2.2, it also overrides the
\fBquery\fR parameter. Starting with Postfix 2.2, the \fBquery\fR \fBquery\fR parameter. Starting with Postfix 2.2, the \fBquery\fR
parameter has highest precedence, and this parameter is deprecated. parameter has highest precedence, and the \fBselect_function\fR
Please migrate to the new \fBquery\fR interface as this interface parameter is deprecated.
is slated to be phased out.
.PP .PP
The following parameters (with lower precedence than the The following parameters (with lower precedence than the
\fBselect_function\fR interface described above) can be used to \fBselect_function\fR interface described above) can be used to
@@ -300,8 +306,7 @@ problem.
Starting with Postfix 2.2, this interface is obsoleted by the more Starting with Postfix 2.2, this interface is obsoleted by the more
general \fBquery\fR interface described above. If higher precedence general \fBquery\fR interface described above. If higher precedence
the \fBquery\fR or \fBselect_function\fR parameters described above the \fBquery\fR or \fBselect_function\fR parameters described above
are defined, these parameters are ignored. Please migrate to the new are defined, the parameters described here are ignored.
\fBquery\fR interface as this interface is slated to be phased out.
.IP "\fBselect_field\fR" .IP "\fBselect_field\fR"
The SQL "select" parameter. Example: The SQL "select" parameter. Example:
.nf .nf

8
postfix/man/man5/postconf.5
View File

@@ -641,7 +641,7 @@ is placed into the Postfix configuration directory.
This feature is available in Postfix 2.3 and later. This feature is available in Postfix 2.3 and later.
.SH broken_sasl_auth_clients (default: no) .SH broken_sasl_auth_clients (default: no)
Enable inter-operability with SMTP clients that implement an obsolete Enable inter-operability with SMTP clients that implement an obsolete
version of the AUTH command (RFC 2554). Examples of such clients version of the AUTH command (RFC 4954). Examples of such clients
are MicroSoft Outlook Express version 4 and MicroSoft Exchange are MicroSoft Outlook Express version 4 and MicroSoft Exchange
version 5.0. version 5.0.
.PP .PP
@@ -2225,7 +2225,7 @@ address rewriting when mail from a remote client is forwarded by
a neighboring system. a neighboring system.
.IP "\fB permit_sasl_authenticated \fR" .IP "\fB permit_sasl_authenticated \fR"
Append the domain name in $myorigin or $mydomain when the Append the domain name in $myorigin or $mydomain when the
client is successfully authenticated via the RFC 2554 (AUTH) client is successfully authenticated via the RFC 4954 (AUTH)
protocol. protocol.
.IP "\fB permit_tls_clientcerts \fR" .IP "\fB permit_tls_clientcerts \fR"
Append the domain name in $myorigin or $mydomain when the Append the domain name in $myorigin or $mydomain when the
@@ -5488,7 +5488,7 @@ Permit the request when the client IP address matches any
network or network address listed in $mynetworks. network or network address listed in $mynetworks.
.IP "\fBpermit_sasl_authenticated\fR" .IP "\fBpermit_sasl_authenticated\fR"
Permit the request when the client is successfully Permit the request when the client is successfully
authenticated via the RFC 2554 (AUTH) protocol. authenticated via the RFC 4954 (AUTH) protocol.
.IP "\fBpermit_tls_all_clientcerts\fR" .IP "\fBpermit_tls_all_clientcerts\fR"
Permit the request when the remote SMTP client certificate is Permit the request when the remote SMTP client certificate is
verified successfully. This option must be used only if a special verified successfully. This option must be used only if a special
@@ -6311,7 +6311,7 @@ the SASL plug-in implementation that is selected with
configuration file or rendezvous point. configuration file or rendezvous point.
.PP .PP
This feature is available in Postfix 2.3 and later. In earlier This feature is available in Postfix 2.3 and later. In earlier
releases it was called smtpd_sasl_application. releases it was called \fBsmtpd_sasl_application_name\fR.
.SH smtpd_sasl_security_options (default: noanonymous) .SH smtpd_sasl_security_options (default: noanonymous)
Postfix SMTP server SASL security options; as of Postfix 2.3 Postfix SMTP server SASL security options; as of Postfix 2.3
the list of available the list of available

13
postfix/man/man8/pipe.8
View File

@@ -75,7 +75,7 @@ The output record delimiter. Typically one would use either
\fB\er\en\fR or \fB\en\fR. The usual C-style backslash escape \fB\er\en\fR or \fB\en\fR. The usual C-style backslash escape
sequences are recognized: \fB\ea \eb \ef \en \er \et \ev sequences are recognized: \fB\ea \eb \ef \en \er \et \ev
\e\fIddd\fR (up to three octal digits) and \fB\e\e\fR. \e\fIddd\fR (up to three octal digits) and \fB\e\e\fR.
.IP "\fBflags=BDFORhqu.>\fR (optional)" .IP "\fBflags=BDFORXhqu.>\fR (optional)"
Optional message processing flags. By default, a message is Optional message processing flags. By default, a message is
copied unchanged. copied unchanged.
.RS .RS
@@ -110,6 +110,11 @@ This feature is available as of Postfix 2.0.
.IP \fBR\fR .IP \fBR\fR
Prepend a \fBReturn-Path:\fR message header with the envelope sender Prepend a \fBReturn-Path:\fR message header with the envelope sender
address. address.
.IP \fBX\fR
Indicate that the external command performs final delivery.
This flag affects the status reported in "success" DSN
(delivery status notification) messages, and changes it
from "relayed" into "delivered".
.IP \fBh\fR .IP \fBh\fR
Fold the command-line \fB$recipient\fR address domain part Fold the command-line \fB$recipient\fR address domain part
(text to the right of the right-most \fB@\fR character) to (text to the right of the right-most \fB@\fR character) to
@@ -173,8 +178,8 @@ specify \fB$sender\fR as an argument by itself:
.IP .IP
This feature is available as of Postfix 2.3. This feature is available as of Postfix 2.3.
.IP "\fBsize\fR=\fIsize_limit\fR (optional)" .IP "\fBsize\fR=\fIsize_limit\fR (optional)"
Messages greater in size than this limit (in bytes) will Don't deliver messages that exceed this size limit (in
be returned to the sender as undeliverable. bytes); return them to the sender instead.
.IP "\fBuser\fR=\fIusername\fR (required)" .IP "\fBuser\fR=\fIusername\fR (required)"
.IP "\fBuser\fR=\fIusername\fR:\fIgroupname\fR" .IP "\fBuser\fR=\fIusername\fR:\fIgroupname\fR"
Execute the external command with the rights of the Execute the external command with the rights of the
@@ -259,7 +264,7 @@ if the message has been received without SASL authentication.
This is available in Postfix 2.2 and later. This is available in Postfix 2.2 and later.
.IP \fB${\fBsasl_sender\fR}\fR .IP \fB${\fBsasl_sender\fR}\fR
This macro expands to the SASL sender name (i.e. the original This macro expands to the SASL sender name (i.e. the original
submitter as per RFC 2554) used during the reception of the message. submitter as per RFC 4954) used during the reception of the message.
.sp .sp
This is available in Postfix 2.2 and later. This is available in Postfix 2.2 and later.
.IP \fB${\fBsasl_username\fR}\fR .IP \fB${\fBsasl_username\fR}\fR

11
postfix/man/man8/smtpd.8
View File

@@ -92,7 +92,7 @@ undesirable use.
.fi .fi
.IP "\fBbroken_sasl_auth_clients (no)\fR" .IP "\fBbroken_sasl_auth_clients (no)\fR"
Enable inter-operability with SMTP clients that implement an obsolete Enable inter-operability with SMTP clients that implement an obsolete
version of the AUTH command (RFC 2554). version of the AUTH command (RFC 4954).
.IP "\fBdisable_vrfy_command (no)\fR" .IP "\fBdisable_vrfy_command (no)\fR"
Disable the SMTP VRFY command. Disable the SMTP VRFY command.
.IP "\fBsmtpd_noop_commands (empty)\fR" .IP "\fBsmtpd_noop_commands (empty)\fR"
@@ -264,13 +264,13 @@ What SMTP clients are allowed to use the XFORWARD feature.
.nf .nf
.ad .ad
.fi .fi
Postfix SASL support (RFC 2554) can be used to authenticate remote Postfix SASL support (RFC 4954) can be used to authenticate remote
SMTP clients to the Postfix SMTP server, and to authenticate the SMTP clients to the Postfix SMTP server, and to authenticate the
Postfix SMTP client to a remote SMTP server. Postfix SMTP client to a remote SMTP server.
See the SASL_README document for details. See the SASL_README document for details.
.IP "\fBbroken_sasl_auth_clients (no)\fR" .IP "\fBbroken_sasl_auth_clients (no)\fR"
Enable inter-operability with SMTP clients that implement an obsolete Enable inter-operability with SMTP clients that implement an obsolete
version of the AUTH command (RFC 2554). version of the AUTH command (RFC 4954).
.IP "\fBsmtpd_sasl_auth_enable (no)\fR" .IP "\fBsmtpd_sasl_auth_enable (no)\fR"
Enable SASL authentication in the Postfix SMTP server. Enable SASL authentication in the Postfix SMTP server.
.IP "\fBsmtpd_sasl_local_domain (empty)\fR" .IP "\fBsmtpd_sasl_local_domain (empty)\fR"
@@ -290,6 +290,11 @@ Available in Postfix version 2.1 and later:
What remote SMTP clients the Postfix SMTP server will not offer What remote SMTP clients the Postfix SMTP server will not offer
AUTH support to. AUTH support to.
.PP .PP
Available in Postfix version 2.1 and 2.2:
.IP "\fBsmtpd_sasl_application_name (smtpd)\fR"
The application name that the Postfix SMTP server uses for SASL
server initialization.
.PP
Available in Postfix version 2.3 and later: Available in Postfix version 2.3 and later:
.IP "\fBsmtpd_sasl_authenticated_header (no)\fR" .IP "\fBsmtpd_sasl_authenticated_header (no)\fR"
Report the SASL authenticated user name in the \fBsmtpd\fR(8) Received Report the SASL authenticated user name in the \fBsmtpd\fR(8) Received

4
postfix/proto/DATABASE_README.html
View File

@@ -365,8 +365,8 @@ example, the lookup table "static:foobar" always returns the string
described in tcp_table(5). The lookup table name is "tcp:host:port" described in tcp_table(5). The lookup table name is "tcp:host:port"
where "host" specifies a symbolic hostname or a numeric IP address, where "host" specifies a symbolic hostname or a numeric IP address,
and "port" specifies a symbolic service name or a numeric port and "port" specifies a symbolic service name or a numeric port
number. This protocol is not available up to and including Postfix number. This protocol is not available in the stable Postfix release.
version 2.4. </dd> </dd>
<dt> <b>unix</b> (read-only) </dt> <dt> <b>unix</b> (read-only) </dt>

2
postfix/proto/TUNING_README.html
View File

@@ -243,7 +243,7 @@ out-of-control clients. </p>
<dl> <dl>
<dt> smtpd_client_connection_count_limit (default: 50) </dt> <dd> <dt> smtpd_client_connection_count_limit (default: 50) </dt> <dd>
The maximum number of connections than an SMTP client may make The maximum number of connections that an SMTP client may make
simultaneously. </dd> simultaneously. </dd>
<dt> smtpd_client_connection_rate_limit (default: no limit) </dt> <dt> smtpd_client_connection_rate_limit (default: no limit) </dt>

17
postfix/proto/mysql_table
View File

@@ -246,7 +246,16 @@
# temporary error if the limit is exceeded. Setting the # temporary error if the limit is exceeded. Setting the
# limit to 1 ensures that lookups do not return multiple # limit to 1 ensures that lookups do not return multiple
# values. # values.
# .PP # OBSOLETE QUERY INTERFACE
# .ad
# .fi
# This section describes an interface that is deprecated as
# of Postfix 2.2. It is replaced by the more general \fBquery\fR
# interface described above. If the \fBquery\fR parameter
# is defined, the legacy parameters described here ignored.
# Please migrate to the new interface as the legacy interface
# may be removed in a future release.
#
# The following parameters can be used to fill in a # The following parameters can be used to fill in a
# SELECT template statement of the form: # SELECT template statement of the form:
# #
@@ -260,12 +269,6 @@
# The specifier %s is replaced by the search string, and is # The specifier %s is replaced by the search string, and is
# escaped so if it contains single quotes or other odd characters, # escaped so if it contains single quotes or other odd characters,
# it will not cause a parse error, or worse, a security problem. # it will not cause a parse error, or worse, a security problem.
#
# As of Postfix 2.2 this interface is obsolete, it is replaced
# by the more general \fBquery\fR interface described above.
# If the \fBquery\fR parameter is defined, the legacy parameters
# are ignored. Please migrate to the new interface as the legacy
# interface may be removed in a future release.
# .IP "\fBselect_field\fR" # .IP "\fBselect_field\fR"
# The SQL "select" parameter. Example: # The SQL "select" parameter. Example:
# .nf # .nf

19
postfix/proto/pgsql_table
View File

@@ -57,7 +57,7 @@
# \fBquery\fR = SELECT \fIselect_function\fR('%s') # \fBquery\fR = SELECT \fIselect_function\fR('%s')
# .fi # .fi
# #
# or in the absence of \fBselection_function\fR, the lower precedence: # or in the absence of \fBselect_function\fR, the lower precedence:
# #
# .nf # .nf
# \fBquery\fR = SELECT \fIselect_field\fR # \fBquery\fR = SELECT \fIselect_field\fR
@@ -249,8 +249,13 @@
# temporary error if the limit is exceeded. Setting the # temporary error if the limit is exceeded. Setting the
# limit to 1 ensures that lookups do not return multiple # limit to 1 ensures that lookups do not return multiple
# values. # values.
# .PP # OBSOLETE QUERY INTERFACES
# Pre-Postfix 2.2 legacy interfaces: # .ad
# .fi
# This section describes query interfaces that are deprecated
# as of Postfix 2.2. Please migrate to the new \fBquery\fR
# interface as the old interfaces are slated to be phased
# out.
# .IP "\fBselect_function\fR" # .IP "\fBselect_function\fR"
# This parameter specifies a database function name. Example: # This parameter specifies a database function name. Example:
# .nf # .nf
@@ -265,9 +270,8 @@
# This parameter overrides the legacy table-related fields (described # This parameter overrides the legacy table-related fields (described
# below). With Postfix versions prior to 2.2, it also overrides the # below). With Postfix versions prior to 2.2, it also overrides the
# \fBquery\fR parameter. Starting with Postfix 2.2, the \fBquery\fR # \fBquery\fR parameter. Starting with Postfix 2.2, the \fBquery\fR
# parameter has highest precedence, and this parameter is deprecated. # parameter has highest precedence, and the \fBselect_function\fR
# Please migrate to the new \fBquery\fR interface as this interface # parameter is deprecated.
# is slated to be phased out.
# .PP # .PP
# The following parameters (with lower precedence than the # The following parameters (with lower precedence than the
# \fBselect_function\fR interface described above) can be used to # \fBselect_function\fR interface described above) can be used to
@@ -288,8 +292,7 @@
# Starting with Postfix 2.2, this interface is obsoleted by the more # Starting with Postfix 2.2, this interface is obsoleted by the more
# general \fBquery\fR interface described above. If higher precedence # general \fBquery\fR interface described above. If higher precedence
# the \fBquery\fR or \fBselect_function\fR parameters described above # the \fBquery\fR or \fBselect_function\fR parameters described above
# are defined, these parameters are ignored. Please migrate to the new # are defined, the parameters described here are ignored.
# \fBquery\fR interface as this interface is slated to be phased out.
# .IP "\fBselect_field\fR" # .IP "\fBselect_field\fR"
# The SQL "select" parameter. Example: # The SQL "select" parameter. Example:
# .nf # .nf

10
postfix/proto/postconf.proto
View File

@@ -4631,7 +4631,7 @@ network or network address listed in $mynetworks. </dd>
<dt><b><a name="permit_sasl_authenticated">permit_sasl_authenticated</a></b></dt> <dt><b><a name="permit_sasl_authenticated">permit_sasl_authenticated</a></b></dt>
<dd> Permit the request when the client is successfully <dd> Permit the request when the client is successfully
authenticated via the RFC 2554 (AUTH) protocol. </dd> authenticated via the RFC 4954 (AUTH) protocol. </dd>
<dt><b><a name="permit_tls_all_clientcerts">permit_tls_all_clientcerts</a></b></dt> <dt><b><a name="permit_tls_all_clientcerts">permit_tls_all_clientcerts</a></b></dt>
@@ -5418,7 +5418,7 @@ smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
%CLASS sasl-auth SASL Authentication %CLASS sasl-auth SASL Authentication
<p> <p>
Postfix SASL support (RFC 2554) can be used to authenticate remote Postfix SASL support (RFC 4954) can be used to authenticate remote
SMTP clients to the Postfix SMTP server, and to authenticate the SMTP clients to the Postfix SMTP server, and to authenticate the
Postfix SMTP client to a remote SMTP server. Postfix SMTP client to a remote SMTP server.
See the SASL_README document for details. See the SASL_README document for details.
@@ -6434,7 +6434,7 @@ This feature is available in Postfix 2.0 and later.
<p> <p>
Enable inter-operability with SMTP clients that implement an obsolete Enable inter-operability with SMTP clients that implement an obsolete
version of the AUTH command (RFC 2554). Examples of such clients version of the AUTH command (RFC 4954). Examples of such clients
are MicroSoft Outlook Express version 4 and MicroSoft Exchange are MicroSoft Outlook Express version 4 and MicroSoft Exchange
version 5.0. version 5.0.
</p> </p>
@@ -8078,7 +8078,7 @@ a neighboring system. </dd>
<dt><b> permit_sasl_authenticated </b></dt> <dt><b> permit_sasl_authenticated </b></dt>
<dd> Append the domain name in $myorigin or $mydomain when the <dd> Append the domain name in $myorigin or $mydomain when the
client is successfully authenticated via the RFC 2554 (AUTH) client is successfully authenticated via the RFC 4954 (AUTH)
protocol. </dd> protocol. </dd>
<dt><b> permit_tls_clientcerts </b></dt> <dt><b> permit_tls_clientcerts </b></dt>
@@ -9397,7 +9397,7 @@ the SASL plug-in implementation that is selected with
configuration file or rendezvous point. </p> configuration file or rendezvous point. </p>
<p> This feature is available in Postfix 2.3 and later. In earlier <p> This feature is available in Postfix 2.3 and later. In earlier
releases it was called smtpd_sasl_application. </p> releases it was called <b>smtpd_sasl_application_name</b>. </p>
%PARAM cyrus_sasl_config_path %PARAM cyrus_sasl_config_path

2
postfix/src/global/mail_version.h
View File

@@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no * Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only. * patchlevel; they change the release date only.
*/ */
#define MAIL_RELEASE_DATE "20070731" #define MAIL_RELEASE_DATE "20070824"
#define MAIL_VERSION_NUMBER "2.5" #define MAIL_VERSION_NUMBER "2.5"
#ifdef SNAPSHOT #ifdef SNAPSHOT

40
postfix/src/pipe/pipe.c
View File

@@ -65,7 +65,7 @@
/* \fB\er\en\fR or \fB\en\fR. The usual C-style backslash escape /* \fB\er\en\fR or \fB\en\fR. The usual C-style backslash escape
/* sequences are recognized: \fB\ea \eb \ef \en \er \et \ev /* sequences are recognized: \fB\ea \eb \ef \en \er \et \ev
/* \e\fIddd\fR (up to three octal digits) and \fB\e\e\fR. /* \e\fIddd\fR (up to three octal digits) and \fB\e\e\fR.
/* .IP "\fBflags=BDFORhqu.>\fR (optional)" /* .IP "\fBflags=BDFORXhqu.>\fR (optional)"
/* Optional message processing flags. By default, a message is /* Optional message processing flags. By default, a message is
/* copied unchanged. /* copied unchanged.
/* .RS /* .RS
@@ -100,6 +100,11 @@
/* .IP \fBR\fR /* .IP \fBR\fR
/* Prepend a \fBReturn-Path:\fR message header with the envelope sender /* Prepend a \fBReturn-Path:\fR message header with the envelope sender
/* address. /* address.
/* .IP \fBX\fR
/* Indicate that the external command performs final delivery.
/* This flag affects the status reported in "success" DSN
/* (delivery status notification) messages, and changes it
/* from "relayed" into "delivered".
/* .IP \fBh\fR /* .IP \fBh\fR
/* Fold the command-line \fB$recipient\fR address domain part /* Fold the command-line \fB$recipient\fR address domain part
/* (text to the right of the right-most \fB@\fR character) to /* (text to the right of the right-most \fB@\fR character) to
@@ -163,8 +168,8 @@
/* .IP /* .IP
/* This feature is available as of Postfix 2.3. /* This feature is available as of Postfix 2.3.
/* .IP "\fBsize\fR=\fIsize_limit\fR (optional)" /* .IP "\fBsize\fR=\fIsize_limit\fR (optional)"
/* Messages greater in size than this limit (in bytes) will /* Don't deliver messages that exceed this size limit (in
/* be returned to the sender as undeliverable. /* bytes); return them to the sender instead.
/* .IP "\fBuser\fR=\fIusername\fR (required)" /* .IP "\fBuser\fR=\fIusername\fR (required)"
/* .IP "\fBuser\fR=\fIusername\fR:\fIgroupname\fR" /* .IP "\fBuser\fR=\fIusername\fR:\fIgroupname\fR"
/* Execute the external command with the rights of the /* Execute the external command with the rights of the
@@ -249,7 +254,7 @@
/* This is available in Postfix 2.2 and later. /* This is available in Postfix 2.2 and later.
/* .IP \fB${\fBsasl_sender\fR}\fR /* .IP \fB${\fBsasl_sender\fR}\fR
/* This macro expands to the SASL sender name (i.e. the original /* This macro expands to the SASL sender name (i.e. the original
/* submitter as per RFC 2554) used during the reception of the message. /* submitter as per RFC 4954) used during the reception of the message.
/* .sp /* .sp
/* This is available in Postfix 2.2 and later. /* This is available in Postfix 2.2 and later.
/* .IP \fB${\fBsasl_username\fR}\fR /* .IP \fB${\fBsasl_username\fR}\fR
@@ -490,7 +495,8 @@
#define PIPE_OPT_FOLD_BASE (16) #define PIPE_OPT_FOLD_BASE (16)
#define PIPE_OPT_FOLD_USER (FOLD_ADDR_USER << PIPE_OPT_FOLD_BASE) #define PIPE_OPT_FOLD_USER (FOLD_ADDR_USER << PIPE_OPT_FOLD_BASE)
#define PIPE_OPT_FOLD_HOST (FOLD_ADDR_HOST << PIPE_OPT_FOLD_BASE) #define PIPE_OPT_FOLD_HOST (FOLD_ADDR_HOST << PIPE_OPT_FOLD_BASE)
#define PIPE_OPT_QUOTE_LOCAL (PIPE_OPT_FOLD_BASE << 2) #define PIPE_OPT_QUOTE_LOCAL (1 << (PIPE_OPT_FOLD_BASE + 2))
#define PIPE_OPT_FINAL_DELIVERY (1 << (PIPE_OPT_FOLD_BASE + 3))
#define PIPE_OPT_FOLD_ALL (FOLD_ADDR_ALL << PIPE_OPT_FOLD_BASE) #define PIPE_OPT_FOLD_ALL (FOLD_ADDR_ALL << PIPE_OPT_FOLD_BASE)
#define PIPE_OPT_FOLD_FLAGS(f) \ #define PIPE_OPT_FOLD_FLAGS(f) \
@@ -811,6 +817,9 @@ static void get_service_attr(PIPE_ATTR *attr, char **argv)
case 'R': case 'R':
attr->flags |= MAIL_COPY_RETURN_PATH; attr->flags |= MAIL_COPY_RETURN_PATH;
break; break;
case 'X':
attr->flags |= PIPE_OPT_FINAL_DELIVERY;
break;
case '.': case '.':
attr->flags |= MAIL_COPY_DOT; attr->flags |= MAIL_COPY_DOT;
break; break;
@@ -939,7 +948,7 @@ static void get_service_attr(PIPE_ATTR *attr, char **argv)
/* eval_command_status - do something with command completion status */ /* eval_command_status - do something with command completion status */
static int eval_command_status(int command_status, char *service, static int eval_command_status(int command_status, char *service,
DELIVER_REQUEST *request, VSTREAM *src, DELIVER_REQUEST *request, PIPE_ATTR *attr,
DSN_BUF *why) DSN_BUF *why)
{ {
RECIPIENT *rcpt; RECIPIENT *rcpt;
@@ -953,7 +962,8 @@ static int eval_command_status(int command_status, char *service,
*/ */
switch (command_status) { switch (command_status) {
case PIPE_STAT_OK: case PIPE_STAT_OK:
dsb_update(why, "2.0.0", "relayed", DSB_SKIP_RMTA, DSB_SKIP_REPLY, dsb_update(why, "2.0.0", (attr->flags & PIPE_OPT_FINAL_DELIVERY) ?
"delivered" : "relayed", DSB_SKIP_RMTA, DSB_SKIP_REPLY,
"delivered via %s service", service); "delivered via %s service", service);
(void) DSN_FROM_DSN_BUF(why); (void) DSN_FROM_DSN_BUF(why);
for (n = 0; n < request->rcpt_list.len; n++) { for (n = 0; n < request->rcpt_list.len; n++) {
@@ -962,7 +972,7 @@ static int eval_command_status(int command_status, char *service,
request->queue_id, &request->msg_stats, rcpt, request->queue_id, &request->msg_stats, rcpt,
service, &why->dsn); service, &why->dsn);
if (status == 0 && (request->flags & DEL_REQ_FLAG_SUCCESS)) if (status == 0 && (request->flags & DEL_REQ_FLAG_SUCCESS))
deliver_completed(src, rcpt->offset); deliver_completed(request->fp, rcpt->offset);
result |= status; result |= status;
} }
break; break;
@@ -977,7 +987,7 @@ static int eval_command_status(int command_status, char *service,
&request->msg_stats, rcpt, &request->msg_stats, rcpt,
service, &why->dsn); service, &why->dsn);
if (status == 0) if (status == 0)
deliver_completed(src, rcpt->offset); deliver_completed(request->fp, rcpt->offset);
result |= status; result |= status;
} }
} else { } else {
@@ -1047,7 +1057,7 @@ static int deliver_message(DELIVER_REQUEST *request, char *service, char **argv)
if ((attr.flags & MAIL_COPY_DELIVERED) && (rcpt_list->len > 1)) { if ((attr.flags & MAIL_COPY_DELIVERED) && (rcpt_list->len > 1)) {
dsb_simple(why, "4.3.5", "mail system configuration error"); dsb_simple(why, "4.3.5", "mail system configuration error");
deliver_status = eval_command_status(PIPE_STAT_DEFER, service, deliver_status = eval_command_status(PIPE_STAT_DEFER, service,
request, request->fp, why); request, &attr, why);
msg_warn("pipe flag `D' requires %s_destination_recipient_limit = 1", msg_warn("pipe flag `D' requires %s_destination_recipient_limit = 1",
service); service);
DELIVER_MSG_CLEANUP(); DELIVER_MSG_CLEANUP();
@@ -1060,7 +1070,7 @@ static int deliver_message(DELIVER_REQUEST *request, char *service, char **argv)
if ((attr.flags & MAIL_COPY_ORIG_RCPT) && (rcpt_list->len > 1)) { if ((attr.flags & MAIL_COPY_ORIG_RCPT) && (rcpt_list->len > 1)) {
dsb_simple(why, "4.3.5", "mail system configuration error"); dsb_simple(why, "4.3.5", "mail system configuration error");
deliver_status = eval_command_status(PIPE_STAT_DEFER, service, deliver_status = eval_command_status(PIPE_STAT_DEFER, service,
request, request->fp, why); request, &attr, why);
msg_warn("pipe flag `O' requires %s_destination_recipient_limit = 1", msg_warn("pipe flag `O' requires %s_destination_recipient_limit = 1",
service); service);
DELIVER_MSG_CLEANUP(); DELIVER_MSG_CLEANUP();
@@ -1076,7 +1086,7 @@ static int deliver_message(DELIVER_REQUEST *request, char *service, char **argv)
myname, (long) attr.size_limit, request->data_size); myname, (long) attr.size_limit, request->data_size);
dsb_simple(why, "5.2.3", "message too large"); dsb_simple(why, "5.2.3", "message too large");
deliver_status = eval_command_status(PIPE_STAT_BOUNCE, service, deliver_status = eval_command_status(PIPE_STAT_BOUNCE, service,
request, request->fp, why); request, &attr, why);
DELIVER_MSG_CLEANUP(); DELIVER_MSG_CLEANUP();
return (deliver_status); return (deliver_status);
} }
@@ -1126,7 +1136,7 @@ static int deliver_message(DELIVER_REQUEST *request, char *service, char **argv)
dsb_simple(why, "5.4.6", "mail forwarding loop for %s", dsb_simple(why, "5.4.6", "mail forwarding loop for %s",
rcpt->address); rcpt->address);
deliver_status = eval_command_status(PIPE_STAT_BOUNCE, service, deliver_status = eval_command_status(PIPE_STAT_BOUNCE, service,
request, request->fp, why); request, &attr, why);
DELIVER_MSG_CLEANUP(); DELIVER_MSG_CLEANUP();
return (deliver_status); return (deliver_status);
} }
@@ -1179,7 +1189,7 @@ static int deliver_message(DELIVER_REQUEST *request, char *service, char **argv)
rcpt_list, attr.flags)) == 0) { rcpt_list, attr.flags)) == 0) {
dsb_simple(why, "4.3.5", "mail system configuration error"); dsb_simple(why, "4.3.5", "mail system configuration error");
deliver_status = eval_command_status(PIPE_STAT_DEFER, service, deliver_status = eval_command_status(PIPE_STAT_DEFER, service,
request, request->fp, why); request, &attr, why);
DELIVER_MSG_CLEANUP(); DELIVER_MSG_CLEANUP();
return (deliver_status); return (deliver_status);
} }
@@ -1202,7 +1212,7 @@ static int deliver_message(DELIVER_REQUEST *request, char *service, char **argv)
argv_free(export_env); argv_free(export_env);
deliver_status = eval_command_status(command_status, service, request, deliver_status = eval_command_status(command_status, service, request,
request->fp, why); &attr, why);
/* /*
* Clean up. * Clean up.

62
postfix/src/smtpd/smtpd.c
View File

@@ -76,7 +76,7 @@
/* .fi /* .fi
/* .IP "\fBbroken_sasl_auth_clients (no)\fR" /* .IP "\fBbroken_sasl_auth_clients (no)\fR"
/* Enable inter-operability with SMTP clients that implement an obsolete /* Enable inter-operability with SMTP clients that implement an obsolete
/* version of the AUTH command (RFC 2554). /* version of the AUTH command (RFC 4954).
/* .IP "\fBdisable_vrfy_command (no)\fR" /* .IP "\fBdisable_vrfy_command (no)\fR"
/* Disable the SMTP VRFY command. /* Disable the SMTP VRFY command.
/* .IP "\fBsmtpd_noop_commands (empty)\fR" /* .IP "\fBsmtpd_noop_commands (empty)\fR"
@@ -234,13 +234,13 @@
/* SASL AUTHENTICATION CONTROLS /* SASL AUTHENTICATION CONTROLS
/* .ad /* .ad
/* .fi /* .fi
/* Postfix SASL support (RFC 2554) can be used to authenticate remote /* Postfix SASL support (RFC 4954) can be used to authenticate remote
/* SMTP clients to the Postfix SMTP server, and to authenticate the /* SMTP clients to the Postfix SMTP server, and to authenticate the
/* Postfix SMTP client to a remote SMTP server. /* Postfix SMTP client to a remote SMTP server.
/* See the SASL_README document for details. /* See the SASL_README document for details.
/* .IP "\fBbroken_sasl_auth_clients (no)\fR" /* .IP "\fBbroken_sasl_auth_clients (no)\fR"
/* Enable inter-operability with SMTP clients that implement an obsolete /* Enable inter-operability with SMTP clients that implement an obsolete
/* version of the AUTH command (RFC 2554). /* version of the AUTH command (RFC 4954).
/* .IP "\fBsmtpd_sasl_auth_enable (no)\fR" /* .IP "\fBsmtpd_sasl_auth_enable (no)\fR"
/* Enable SASL authentication in the Postfix SMTP server. /* Enable SASL authentication in the Postfix SMTP server.
/* .IP "\fBsmtpd_sasl_local_domain (empty)\fR" /* .IP "\fBsmtpd_sasl_local_domain (empty)\fR"
@@ -260,6 +260,11 @@
/* What remote SMTP clients the Postfix SMTP server will not offer /* What remote SMTP clients the Postfix SMTP server will not offer
/* AUTH support to. /* AUTH support to.
/* .PP /* .PP
/* Available in Postfix version 2.1 and 2.2:
/* .IP "\fBsmtpd_sasl_application_name (smtpd)\fR"
/* The application name that the Postfix SMTP server uses for SASL
/* server initialization.
/* .PP
/* Available in Postfix version 2.3 and later: /* Available in Postfix version 2.3 and later:
/* .IP "\fBsmtpd_sasl_authenticated_header (no)\fR" /* .IP "\fBsmtpd_sasl_authenticated_header (no)\fR"
/* Report the SASL authenticated user name in the \fBsmtpd\fR(8) Received /* Report the SASL authenticated user name in the \fBsmtpd\fR(8) Received
@@ -1344,14 +1349,21 @@ static int helo_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
* persists so it will apply to MAIL FROM and to other commands such as * persists so it will apply to MAIL FROM and to other commands such as
* AUTH, STARTTLS, and VRFY. * AUTH, STARTTLS, and VRFY.
*/ */
#define PUSH_STRING(old, curr, new) { char *old = (curr); (curr) = (new);
#define POP_STRING(old, curr) (curr) = old; }
if (smtpd_milters != 0 if (smtpd_milters != 0
&& SMTPD_STAND_ALONE(state) == 0 && SMTPD_STAND_ALONE(state) == 0
&& (state->saved_flags & MILTER_SKIP_FLAGS) == 0 && (state->saved_flags & MILTER_SKIP_FLAGS) == 0
&& (err = milter_helo_event(smtpd_milters, argv[1].strval, 0)) != 0 && (err = milter_helo_event(smtpd_milters, argv[1].strval, 0)) != 0) {
&& (err = check_milter_reply(state, err)) != 0 /* Log reject etc. with correct HELO information. */
&& strncmp(err, "421", 3) == 0) { PUSH_STRING(saved_helo, state->helo_name, argv[1].strval);
smtpd_chat_reply(state, "%s", err); err = check_milter_reply(state, err);
return (-1); POP_STRING(saved_helo, state->helo_name);
if (err != 0 && strncmp(err, "421", 3) == 0) {
smtpd_chat_reply(state, "%s", err);
return (-1);
}
} }
if (state->helo_name != 0) if (state->helo_name != 0)
helo_reset(state); helo_reset(state);
@@ -1411,11 +1423,15 @@ static int ehlo_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
if (smtpd_milters != 0 if (smtpd_milters != 0
&& SMTPD_STAND_ALONE(state) == 0 && SMTPD_STAND_ALONE(state) == 0
&& (state->saved_flags & MILTER_SKIP_FLAGS) == 0 && (state->saved_flags & MILTER_SKIP_FLAGS) == 0
&& (err = milter_helo_event(smtpd_milters, argv[1].strval, 1)) != 0 && (err = milter_helo_event(smtpd_milters, argv[1].strval, 1)) != 0) {
&& (err = check_milter_reply(state, err)) != 0 /* Log reject etc. with correct HELO information. */
&& strncmp(err, "421", 3) == 0) { PUSH_STRING(saved_helo, state->helo_name, argv[1].strval);
smtpd_chat_reply(state, "%s", err); err = check_milter_reply(state, err);
return (-1); POP_STRING(saved_helo, state->helo_name);
if (err != 0 && strncmp(err, "421", 3) == 0) {
smtpd_chat_reply(state, "%s", err);
return (-1);
}
} }
if (state->helo_name != 0) if (state->helo_name != 0)
helo_reset(state); helo_reset(state);
@@ -2057,11 +2073,15 @@ static int mail_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
if (smtpd_milters != 0 if (smtpd_milters != 0
&& SMTPD_STAND_ALONE(state) == 0 && SMTPD_STAND_ALONE(state) == 0
&& (state->saved_flags & MILTER_SKIP_FLAGS) == 0) { && (state->saved_flags & MILTER_SKIP_FLAGS) == 0) {
state->sender = STR(state->addr_buf);
err = milter_mail_event(smtpd_milters, err = milter_mail_event(smtpd_milters,
milter_argv(state, argc - 2, argv + 2)); milter_argv(state, argc - 2, argv + 2));
state->sender = 0; if (err != 0) {
if (err != 0 && (err = check_milter_reply(state, err)) != 0) { /* Log reject etc. with correct sender information. */
PUSH_STRING(saved_sender, state->sender, STR(state->addr_buf));
err = check_milter_reply(state, err);
POP_STRING(saved_sender, state->sender);
}
if (err != 0) {
/* XXX Reset access map side effects. */ /* XXX Reset access map side effects. */
mail_reset(state); mail_reset(state);
smtpd_chat_reply(state, "%s", err); smtpd_chat_reply(state, "%s", err);
@@ -2307,11 +2327,15 @@ static int rcpt_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
} }
if (smtpd_milters != 0 if (smtpd_milters != 0
&& (state->saved_flags & MILTER_SKIP_FLAGS) == 0) { && (state->saved_flags & MILTER_SKIP_FLAGS) == 0) {
state->recipient = STR(state->addr_buf);
err = milter_rcpt_event(smtpd_milters, err = milter_rcpt_event(smtpd_milters,
milter_argv(state, argc - 2, argv + 2)); milter_argv(state, argc - 2, argv + 2));
state->recipient = 0; if (err != 0) {
if (err != 0 && (err = check_milter_reply(state, err)) != 0) { /* Log reject etc. with correct recipient information. */
PUSH_STRING(saved_rcpt, state->recipient, STR(state->addr_buf));
err = check_milter_reply(state, err);
POP_STRING(saved_rcpt, state->recipient);
}
if (err != 0) {
smtpd_chat_reply(state, "%s", err); smtpd_chat_reply(state, "%s", err);
return (-1); return (-1);
} }

2
postfix/src/tlsmgr/tlsmgr.c
View File

@@ -810,6 +810,8 @@ static void tlsmgr_pre_init(char *unused_name, char **unused_argv)
* Open the session cache files and discard old information while * Open the session cache files and discard old information while
* privileged. Start the cache maintenance pseudo threads after dropping * privileged. Start the cache maintenance pseudo threads after dropping
* privileges. * privileges.
*
* XXX Need sanity check that the databases have different names.
*/ */
for (ent = cache_table; ent->cache_label; ++ent) for (ent = cache_table; ent->cache_label; ++ent)
if (**ent->cache_db) if (**ent->cache_db)

2
postfix/src/util/sys_defs.h
View File

@@ -24,7 +24,7 @@
* 4.4BSD and close derivatives. * 4.4BSD and close derivatives.
*/ */
#if defined(FREEBSD2) || defined(FREEBSD3) || defined(FREEBSD4) \ #if defined(FREEBSD2) || defined(FREEBSD3) || defined(FREEBSD4) \
|| defined(FREEBSD5) || defined(FREEBSD6) \ || defined(FREEBSD5) || defined(FREEBSD6) || defined(FREEBSD7) \
|| defined(BSDI2) || defined(BSDI3) || defined(BSDI4) \ || defined(BSDI2) || defined(BSDI3) || defined(BSDI4) \
|| defined(OPENBSD2) || defined(OPENBSD3) || defined(OPENBSD4) \ || defined(OPENBSD2) || defined(OPENBSD3) || defined(OPENBSD4) \
|| defined(NETBSD1) || defined(NETBSD2) || defined(NETBSD3) \ || defined(NETBSD1) || defined(NETBSD2) || defined(NETBSD3) \

3
postfix/src/util/vstream.c
View File

@@ -846,7 +846,8 @@ static int vstream_buf_space(VBUF *bp, ssize_t want)
if (vstream_fflush_some(stream, VSTREAM_TRUNCATE(used, stream->req_bufsize))) if (vstream_fflush_some(stream, VSTREAM_TRUNCATE(used, stream->req_bufsize)))
return (VSTREAM_EOF); return (VSTREAM_EOF);
if ((shortage = (want - bp->cnt)) > 0) { if ((shortage = (want - bp->cnt)) > 0) {
if (shortage > __MAXINT__(ssize_t) -bp->len - stream->req_bufsize) { if ((bp->flags & VSTREAM_FLAG_FIXED)
|| shortage > __MAXINT__(ssize_t) -bp->len - stream->req_bufsize) {
bp->flags |= VSTREAM_FLAG_ERR; bp->flags |= VSTREAM_FLAG_ERR;
} else { } else {
incr = VSTREAM_ROUNDUP(shortage, stream->req_bufsize); incr = VSTREAM_ROUNDUP(shortage, stream->req_bufsize);

2
postfix/src/util/vstream_tweak.c
View File

@@ -128,7 +128,7 @@ int vstream_tweak_tcp(VSTREAM *fp)
*/ */
#else #else
if (mss > VSTREAM_BUFSIZE) { if (mss > VSTREAM_BUFSIZE) {
int nodelay = 0; int nodelay = 1;
if ((err = setsockopt(vstream_fileno(fp), IPPROTO_TCP, TCP_NODELAY, if ((err = setsockopt(vstream_fileno(fp), IPPROTO_TCP, TCP_NODELAY,
(char *) &nodelay, sizeof(nodelay))) < 0) (char *) &nodelay, sizeof(nodelay))) < 0)