mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-30 21:55:20 +00:00
Code Issues Releases Wiki Activity

postfix-2.11-20131103

Browse Source
This commit is contained in:
Wietse Venema
2013-11-03 00:00:00 -05:00
committed by Viktor Dukhovni
parent 4920c6b506
commit 78fe66320c
25 changed files with 286 additions and 251 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
postfix/HISTORY
View File

@@ -19034,3 +19034,20 @@ Apologies for any names omitted.
Documentation: added SASL_README example for check_sasl_access.
File: proto/SASL_README.html.
20131102
Security violation: by default, LMDB 0.9.9 writes fragments
of uninitialized heap memory to a world-readable database
file. This is a basic memory disclosure vulnerability:
memory content that a program does not intend to share ends
up in a world-readable file. The content of uninitialized
heap memory depends on program execution history. That
history includes code execution in other libraries that are
linked into the program. To work around this problem we
disable the use of malloc() in LMDB. However, that does not
address several disclosures of stack memory. File:
util/dict_lmdb.c.
Cleanup: expand TAB characters when generating HTML and
README files. Files: proto/Makefile.in.

6
postfix/README_FILES/ADDRESS_REWRITING_README
View File

@@ -655,9 +655,9 @@ Example:
smtp_generic_maps = hash:/etc/postfix/generic
/etc/postfix/generic:
his@localdomain.local hisaccount@hisisp.example
her@localdomain.local heraccount@herisp.example
@localdomain.local hisaccount+local@hisisp.example
his@localdomain.local hisaccount@hisisp.example
her@localdomain.local heraccount@herisp.example
@localdomain.local hisaccount+local@hisisp.example
When mail is sent to a remote host via SMTP, this replaces
his@localdomain.local by his ISP mail address, replaces her@localdomain.local

4
postfix/README_FILES/BACKSCATTER_README
View File

@@ -119,7 +119,7 @@ this:
endif
/^Message-ID:.* <!&!/ DUNNO
/^Message-ID:.*@(porcupine\.org)/
reject forged domain name in Message-ID: header: $1
reject forged domain name in Message-ID: header: $1
/etc/postfix/body_checks:
# Do not indent the patterns between "if" and "endif".
@@ -134,7 +134,7 @@ this:
endif
/^[> ]*Message-ID:.* <!&!/ DUNNO
/^[> ]*Message-ID:.*@(porcupine\.org)/
reject forged domain name in Message-ID: header: $1
reject forged domain name in Message-ID: header: $1
Notes:

12
postfix/README_FILES/DATABASE_README
View File

@@ -151,16 +151,16 @@ font.
# Note 1: commands are specified after a TAB character.
# Note 2: use postalias(1) for local aliases, postmap(1) for the rest.
aliases.db: aliases.in
postalias aliases.in
mv aliases.in.db aliases.db
postalias aliases.in
mv aliases.in.db aliases.db
access.db: access.in
postmap access.in
mv access.in.db access.db
postmap access.in
mv access.in.db access.db
virtual.db: virtual.in
postmap virtual.in
mv virtual.in.db virtual.db
postmap virtual.in
mv virtual.in.db virtual.db
...etcetera...
# vvii aacccceessss..iinn

26
postfix/README_FILES/MULTI_INSTANCE_README
View File

@@ -157,13 +157,13 @@ submission null client:
# a template file. The build process expands the template into
# "mtaadmin+root=mta1"
#
root mtaadmin+root=mta1
root mtaadmin+root=mta1
/etc/postfix/virtual:
# Caretaker aliases:
#
root mtaadmin
postmaster root
root mtaadmin
postmaster root
You would typically also add a Makefile, to automatically run postmap(1)
commands when source files change. This Makefile also creates a "generic"
@@ -175,13 +175,13 @@ database when none exists.
all: virtual.cdb generic.cdb
generic: Makefile
@echo Creating $@
@rm -f $@.tmp
@printf '%s\t%s+root=%s\n' root $MTAADMIN `uname -n` > $@.tmp
@mv $@.tmp generic
@echo Creating $@
@rm -f $@.tmp
@printf '%s\t%s+root=%s\n' root $MTAADMIN `uname -n` > $@.tmp
@mv $@.tmp generic
%.cdb: %
postmap cdb:$<
postmap cdb:$<
Construct the "virtual" and "generic" databases (the latter is created by
running "make"), then start and test the null-client:
@@ -439,7 +439,7 @@ include:
# Avoid splitting the envelope and scanning messages multiple times.
# Match the re-injection server's recipient limit.
#
smtp_destination_recipient_limit = 1000
smtp_destination_recipient_limit = 1000
# Tolerate occasional high latency in the content filter.
#
@@ -875,9 +875,9 @@ If you want to override the conventional values of the instance installation
parameters, specify their values on the command-line:
# postmulti [-I postfix-myinst] [-G mygroup] -e create \
"config_directory = /path/to/config_directory" \
"queue_directory = /path/to/queue_directory" \
"data_directory = /path/to/data_directory"
"config_directory = /path/to/config_directory" \
"queue_directory = /path/to/queue_directory" \
"data_directory = /path/to/data_directory"
A note on the --II and --GG options above. These are always used to assign a name
or group name to an instance, while the --ii and --gg options always select
@@ -924,7 +924,7 @@ match this name if necessary):
Otherwise, you must specify the location of its configuration directory:
# postmulti [-I postfix-myinst] [-G mygroup] -e import \
"config_directory = /path/of/config_directory"
"config_directory = /path/of/config_directory"
When the instance is imported, you can assign a name or a group. As with
"create", you can control the placement of the new instance in the start order

6
postfix/README_FILES/RESTRICTION_CLASS_README
View File

@@ -30,9 +30,9 @@ Example:
smtpd_recipient_restrictions =
permit_mynetworks
# reject_unauth_destination is not needed here if the mail
# relay policy is specified with smtpd_relay_restrictions
# (available with Postfix 2.10 and later).
# reject_unauth_destination is not needed here if the mail
# relay policy is specified with smtpd_relay_restrictions
# (available with Postfix 2.10 and later).
reject_unauth_destination
check_recipient_access hash:/etc/postfix/recipient_access
...

26
postfix/README_FILES/SASL_README
View File

@@ -846,19 +846,19 @@ authenticated SMTP clients to send mail to remote destinations. Examples:
# preferably specified under smtpd_relay_restrictions.
/etc/postfix/main.cf:
smtpd_relay_restrictions =
permit_mynetworks
ppeerrmmiitt__ssaassll__aauutthheennttiiccaatteedd
reject_unauth_destination
permit_mynetworks
ppeerrmmiitt__ssaassll__aauutthheennttiiccaatteedd
reject_unauth_destination
# Older configurations combine relay control and spam control under
# smtpd_recipient_restrictions. To use this example with Postfix >=
# 2.10 specify "smtpd_relay_restrictions=".
/etc/postfix/main.cf:
smtpd_recipient_restrictions =
permit_mynetworks
ppeerrmmiitt__ssaassll__aauutthheennttiiccaatteedd
reject_unauth_destination
...other rules...
permit_mynetworks
ppeerrmmiitt__ssaassll__aauutthheennttiiccaatteedd
reject_unauth_destination
...other rules...
EEnnvveellooppee sseennddeerr aaddddrreessss aauutthhoorriizzaattiioonn
@@ -878,7 +878,7 @@ authenticated client is allowed to use a particular envelope sender address:
smtpd_recipient_restrictions =
...
rreejjeecctt__sseennddeerr__llooggiinn__mmiissmmaattcchh
permit_sasl_authenticated
permit_sasl_authenticated
...
The controlled_envelope_senders table specifies the binding between a sender
@@ -915,14 +915,14 @@ credentials have been compromised.
/etc/postfix/main.cf:
smtpd_recipient_restrictions =
permit_mynetworks
check_sasl_access hash:/etc/postfix/sasl_access
permit_sasl_authenticated
...
permit_mynetworks
check_sasl_access hash:/etc/postfix/sasl_access
permit_sasl_authenticated
...
/etc/postfix/sasl_access:
# Use this when smtpd_sasl_local_domain is empty.
username HOLD
username HOLD
# Use this when smtpd_sasl_local_domain=example.com.
username@example.com HOLD

8
postfix/README_FILES/SCHEDULER_README
View File

@@ -594,10 +594,10 @@ The first approximation of the new scheduling algorithm is like this:
if transport process limit reached continue
foreach transport's job (in the order of the transport's job list)
do
foreach job's peer (round-robin-by-destination)
if peer->queue->concurrency < peer->queue->window
return next peer entry.
done
foreach job's peer (round-robin-by-destination)
if peer->queue->concurrency < peer->queue->window
return next peer entry.
done
done
done

20
postfix/README_FILES/SMTPD_ACCESS_README
View File

@@ -134,20 +134,20 @@ Examples of simple restriction lists are:
# Relay control (Postfix 2.10 and later): local clients and
# authenticated clients may specify any destination domain.
smtpd_relay_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
permit_sasl_authenticated,
reject_unauth_destination
# Spam control: exclude local clients and authenticated clients
# from DNSBL lookups.
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
# reject_unauth_destination is not needed here if the mail
# relay policy is specified under smtpd_relay_restrictions
# (available with Postfix 2.10 and later).
reject_unauth_destination
reject_rbl_client zen.spamhaus.org,
reject_rhsbl_helo dbl.spamhaus.org,
reject_rhsbl_sender dbl.spamhaus.org
permit_sasl_authenticated,
# reject_unauth_destination is not needed here if the mail
# relay policy is specified under smtpd_relay_restrictions
# (available with Postfix 2.10 and later).
reject_unauth_destination
reject_rbl_client zen.spamhaus.org,
reject_rhsbl_helo dbl.spamhaus.org,
reject_rhsbl_sender dbl.spamhaus.org
# Block clients that speak too early.
smtpd_data_restrictions = reject_unauth_pipelining

10
postfix/README_FILES/TLS_README
View File

@@ -1140,7 +1140,7 @@ the example above, we show two matching fingerprints:
smtp_tls_fingerprint_digest = md5
/etc/postfix/tls_policy:
example.com fingerprint
example.com fingerprint
match=3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1
match=EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35
@@ -1753,8 +1753,8 @@ Example:
[mail.example.org]:587 secure match=nexthop
# Postfix 2.5 and later
[thumb.example.org] fingerprint
match=EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35
match=3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1
match=EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35
match=3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1
# Postfix 2.6 and later
example.info may protocols=!SSLv2 ciphers=medium
exclude=3DES
@@ -2135,14 +2135,14 @@ indicates a super-user shell.
/etc/postfix/main.cf:
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_tls_session_cache_database =
btree:/var/lib/postfix/smtp_tls_session_cache
btree:/var/lib/postfix/smtp_tls_session_cache
smtp_tls_security_level = may
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_cert_file = /etc/postfix/foo-cert.pem
smtpd_tls_key_file = /etc/postfix/foo-key.pem
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database =
btree:/var/lib/postfix/smtpd_tls_session_cache
btree:/var/lib/postfix/smtpd_tls_session_cache
tls_random_source = dev:/dev/urandom
smtpd_tls_security_level = may

2
postfix/WISHLIST
View File

@@ -15,8 +15,6 @@ Wish list:
Things to do after the stable release:
Why does postlink no longer hyperlink static:all?
Begin code revision, after DANE support stabilizes. This
should be one pass that changes only names and no code.

22
postfix/html/ADDRESS_REWRITING_README.html
View File

@@ -434,7 +434,7 @@ from remote SMTP clients only if the client matches the
<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter, or if the
<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> configuration parameter specifies a
non-empty value. To get the behavior before Postfix 2.2, specify
"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = static:all". </p> </dd>
"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all". </p> </dd>
<dt>Rewrite "site!user" to "user@site" </dt>
@@ -448,7 +448,7 @@ from remote SMTP clients only if the client matches the
<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter, or if the
<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> configuration parameter specifies a
non-empty value. To get the behavior before Postfix 2.2, specify
"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = static:all". </p> </dd>
"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all". </p> </dd>
<dt>Rewrite "user%domain" to "user@domain"</dt>
@@ -461,7 +461,7 @@ from remote SMTP clients only if the client matches the
<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter, or if the
<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> configuration parameter specifies a
non-empty value. To get the behavior before Postfix 2.2, specify
"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = static:all". </p> </dd>
"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all". </p> </dd>
<dt>
@@ -478,7 +478,7 @@ from remote SMTP clients only if the client matches the
domain name specified with the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a>
configuration parameter, if one is specified. To get the behavior
before Postfix 2.2, specify "<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> =
static:all". </p>
<a href="DATABASE_README.html#types">static</a>:all". </p>
<p> If your machine is not the main machine for $<a href="postconf.5.html#myorigin">myorigin</a> and you
wish to have some users delivered locally without going via that
@@ -502,7 +502,7 @@ from remote SMTP clients only if the client matches the
domain name specified with the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a>
configuration parameter, if one is specified. To get the behavior
before Postfix 2.2, specify "<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> =
static:all". </p>
<a href="DATABASE_README.html#types">static</a>:all". </p>
<p> Some will argue that rewriting "host" to "host.domain"
is bad. That is why it can be turned off. Others like the convenience
@@ -519,7 +519,7 @@ from remote SMTP clients only if the client matches the
<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter, or if the
<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> configuration parameter specifies a
non-empty value. To get the behavior before Postfix 2.2, specify
"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = static:all". </p> </dd>
"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all". </p> </dd>
</dl>
@@ -537,7 +537,7 @@ from remote SMTP clients only if the client matches the
<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter, or if the
<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> configuration parameter specifies a
non-empty value. To get the behavior before Postfix 2.2, specify
"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = static:all". </p>
"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all". </p>
<p> Address rewriting is
done for local and remote addresses. The mapping is useful to
@@ -621,7 +621,7 @@ from remote SMTP clients only if the client matches the
<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter, or if the
<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> configuration parameter specifies a
non-empty value. To get the behavior before Postfix 2.2, specify
"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = static:all". </p>
"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all". </p>
<p> Address masquerading is disabled by default, and is implemented
by the <a href="cleanup.8.html">cleanup(8)</a> server. To enable, edit the <a href="postconf.5.html#masquerade_domains">masquerade_domains</a>
@@ -995,9 +995,9 @@ local machine. </p>
<a href="postconf.5.html#smtp_generic_maps">smtp_generic_maps</a> = hash:/etc/postfix/generic
/etc/postfix/generic:
his@localdomain.local hisaccount@hisisp.example
her@localdomain.local heraccount@herisp.example
@localdomain.local hisaccount+local@hisisp.example
his@localdomain.local hisaccount@hisisp.example
her@localdomain.local heraccount@herisp.example
@localdomain.local hisaccount+local@hisisp.example
</pre>
</blockquote>

4
postfix/html/BACKSCATTER_README.html
View File

@@ -195,7 +195,7 @@ patterns like this: </p>
endif
/^Message-ID:.* &lt;!&amp;!/ DUNNO
/^Message-ID:.*@(porcupine\.org)/
reject forged domain name in Message-ID: header: $1
reject forged domain name in Message-ID: header: $1
/etc/postfix/body_checks:
# Do not indent the patterns between "if" and "endif".
@@ -209,7 +209,7 @@ patterns like this: </p>
endif
/^[&gt; ]*Message-ID:.* &lt;!&amp;!/ DUNNO
/^[&gt; ]*Message-ID:.*@(porcupine\.org)/
reject forged domain name in Message-ID: header: $1
reject forged domain name in Message-ID: header: $1
</pre>
</blockquote>

8
postfix/html/BUILTIN_FILTER_README.html
View File

@@ -78,13 +78,13 @@ built-in content inspection works: </p>
<td align="center" valign="middle"> <tt> -&gt; </tt> </td>
<td bgcolor="#f0f0ff" align="center" valign="middle">
Delivery<br> agents </td>
<td bgcolor="#f0f0ff" align="center" valign="middle">
Delivery<br> agents </td>
<td align="center" valign="middle"> <tt> -&gt; </tt> </td>
<td bgcolor="#f0f0ff" align="center" valign="middle">
Network or<br> local mailbox </td>
<td bgcolor="#f0f0ff" align="center" valign="middle">
Network or<br> local mailbox </td>
</tr>

12
postfix/html/DATABASE_README.html
View File

@@ -225,16 +225,16 @@ all: aliases.db access.db virtual.db ...etcetera...
# Note 1: commands are specified after a TAB character.
# Note 2: use <a href="postalias.1.html">postalias(1)</a> for local aliases, <a href="postmap.1.html">postmap(1)</a> for the rest.
aliases.db: aliases.in
postalias aliases.in
mv aliases.in.db aliases.db
postalias aliases.in
mv aliases.in.db aliases.db
access.db: access.in
postmap access.in
mv access.in.db access.db
postmap access.in
mv access.in.db access.db
virtual.db: virtual.in
postmap virtual.in
mv virtual.in.db virtual.db
postmap virtual.in
mv virtual.in.db virtual.db
...etcetera...
# <b>vi access.in</b>

26
postfix/html/MULTI_INSTANCE_README.html
View File

@@ -209,13 +209,13 @@ href="STANDARD_CONFIGURATION_README.html#null_client">null client</a>:
# a template file. The build process expands the template into
# "mtaadmin+root=mta1"
#
root mtaadmin+root=mta1
root mtaadmin+root=mta1
/etc/postfix/virtual:
# Caretaker aliases:
#
root mtaadmin
postmaster root
root mtaadmin
postmaster root
</pre>
</blockquote>
@@ -231,13 +231,13 @@ creates a "generic" database when none exists. </p>
all: virtual.cdb generic.cdb
generic: Makefile
@echo Creating $@
@rm -f $@.tmp
@printf '%s\t%s+root=%s\n' root $MTAADMIN `uname -n` &gt; $@.tmp
@mv $@.tmp generic
@echo Creating $@
@rm -f $@.tmp
@printf '%s\t%s+root=%s\n' root $MTAADMIN `uname -n` &gt; $@.tmp
@mv $@.tmp generic
%.<a href="CDB_README.html">cdb</a>: %
postmap <a href="CDB_README.html">cdb</a>:$&lt;
postmap <a href="CDB_README.html">cdb</a>:$&lt;
</pre>
</blockquote>
@@ -554,7 +554,7 @@ pre-filter input instance include: </p>
# Avoid splitting the envelope and scanning messages multiple times.
# Match the re-injection server's recipient limit.
#
<a href="postconf.5.html#smtp_destination_recipient_limit">smtp_destination_recipient_limit</a> = 1000
<a href="postconf.5.html#smtp_destination_recipient_limit">smtp_destination_recipient_limit</a> = 1000
# Tolerate occasional high latency in the content filter.
#
@@ -1126,9 +1126,9 @@ installation parameters, specify their values on the command-line: </p>
<blockquote>
<pre>
# postmulti [-I postfix-myinst] [-G mygroup] -e create \
"<a href="postconf.5.html#config_directory">config_directory</a> = /path/to/config_directory" \
"<a href="postconf.5.html#queue_directory">queue_directory</a> = /path/to/queue_directory" \
"<a href="postconf.5.html#data_directory">data_directory</a> = /path/to/data_directory"
"<a href="postconf.5.html#config_directory">config_directory</a> = /path/to/config_directory" \
"<a href="postconf.5.html#queue_directory">queue_directory</a> = /path/to/queue_directory" \
"<a href="postconf.5.html#data_directory">data_directory</a> = /path/to/data_directory"
</pre>
</blockquote>
@@ -1191,7 +1191,7 @@ directory: </p>
<blockquote>
<pre>
# postmulti [-I postfix-myinst] [-G mygroup] -e import \
"<a href="postconf.5.html#config_directory">config_directory</a> = /path/of/config_directory"
"<a href="postconf.5.html#config_directory">config_directory</a> = /path/of/config_directory"
</pre>
</blockquote>

6
postfix/html/RESTRICTION_CLASS_README.html
View File

@@ -49,9 +49,9 @@ care about these low-level details. </p>
<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> =
<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>
# <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> is not needed here if the mail
# relay policy is specified with <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>
# (available with Postfix 2.10 and later).
# <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> is not needed here if the mail
# relay policy is specified with <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>
# (available with Postfix 2.10 and later).
<a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
<a href="postconf.5.html#check_recipient_access">check_recipient_access</a> hash:/etc/postfix/recipient_access
...

26
postfix/html/SASL_README.html
View File

@@ -1385,9 +1385,9 @@ Examples:
# preferably specified under <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>.
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> =
<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>
<strong><a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a></strong>
<a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>
<strong><a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a></strong>
<a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
</pre>
<pre>
@@ -1396,10 +1396,10 @@ Examples:
# 2.10 specify "<a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>=".
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> =
<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>
<strong><a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a></strong>
<a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
...other rules...
<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>
<strong><a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a></strong>
<a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
...other rules...
</pre>
</blockquote>
@@ -1425,7 +1425,7 @@ use a particular envelope sender address: </p>
<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> =
...
<strong><a href="postconf.5.html#reject_sender_login_mismatch">reject_sender_login_mismatch</a></strong>
<a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>
<a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>
...
</pre>
</blockquote>
@@ -1472,14 +1472,14 @@ REJECT mail from accounts whose credentials have been compromised.
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> =
<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>
<a href="postconf.5.html#check_sasl_access">check_sasl_access</a> hash:/etc/postfix/sasl_access
<a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>
...
<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>
<a href="postconf.5.html#check_sasl_access">check_sasl_access</a> hash:/etc/postfix/sasl_access
<a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>
...
/etc/postfix/sasl_access:
# Use this when <a href="postconf.5.html#smtpd_sasl_local_domain">smtpd_sasl_local_domain</a> is empty.
username HOLD
username HOLD
# Use this when <a href="postconf.5.html#smtpd_sasl_local_domain">smtpd_sasl_local_domain</a>=example.com.
username@example.com HOLD
</pre>

10
postfix/html/SCHEDULER_README.html
View File

@@ -1,5 +1,5 @@
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
"http://www.w3.org/TR/html4/loose.dtd">
<html>
@@ -877,10 +877,10 @@ do
if transport process limit reached continue
foreach transport's job (in the order of the transport's job list)
do
foreach job's peer (round-robin-by-destination)
if peer-&gt;queue-&gt;concurrency &lt; peer-&gt;queue-&gt;window
return next peer entry.
done
foreach job's peer (round-robin-by-destination)
if peer-&gt;queue-&gt;concurrency &lt; peer-&gt;queue-&gt;window
return next peer entry.
done
done
done
</pre>

20
postfix/html/SMTPD_ACCESS_README.html
View File

@@ -190,20 +190,20 @@ described in the <a href="postconf.5.html">postconf(5)</a> manual page. </p>
# Relay control (Postfix 2.10 and later): local clients and
# authenticated clients may specify any destination domain.
<a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>,
<a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>,
<a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
<a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>,
<a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
# Spam control: exclude local clients and authenticated clients
# from DNSBL lookups.
<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>,
<a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>,
# <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> is not needed here if the mail
# relay policy is specified under <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>
# (available with Postfix 2.10 and later).
<a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
<a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a> zen.spamhaus.org,
<a href="postconf.5.html#reject_rhsbl_helo">reject_rhsbl_helo</a> dbl.spamhaus.org,
<a href="postconf.5.html#reject_rhsbl_sender">reject_rhsbl_sender</a> dbl.spamhaus.org
<a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>,
# <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> is not needed here if the mail
# relay policy is specified under <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>
# (available with Postfix 2.10 and later).
<a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
<a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a> zen.spamhaus.org,
<a href="postconf.5.html#reject_rhsbl_helo">reject_rhsbl_helo</a> dbl.spamhaus.org,
<a href="postconf.5.html#reject_rhsbl_sender">reject_rhsbl_sender</a> dbl.spamhaus.org
# Block clients that speak too early.
<a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a> = <a href="postconf.5.html#reject_unauth_pipelining">reject_unauth_pipelining</a>

10
postfix/html/TLS_README.html
View File

@@ -1528,7 +1528,7 @@ As in the example above, we show two matching fingerprints: </p>
<blockquote>
<pre>
/etc/postfix/tls_policy:
example.com fingerprint
example.com fingerprint
match=3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1
match=EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35
</pre>
@@ -2299,8 +2299,8 @@ Example:
[mail.example.org]:587 secure match=nexthop
# Postfix 2.5 and later
[thumb.example.org] fingerprint
match=EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35
match=3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1
match=EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35
match=3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1
# Postfix 2.6 and later
example.info may protocols=!SSLv2 ciphers=medium exclude=3DES
</pre>
@@ -2791,14 +2791,14 @@ but don't require them from all clients. </p>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> = /etc/postfix/cacert.pem
<a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> =
btree:/var/lib/postfix/smtp_tls_session_cache
btree:/var/lib/postfix/smtp_tls_session_cache
<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = may
<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> = /etc/postfix/cacert.pem
<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> = /etc/postfix/foo-cert.pem
<a href="postconf.5.html#smtpd_tls_key_file">smtpd_tls_key_file</a> = /etc/postfix/foo-key.pem
<a href="postconf.5.html#smtpd_tls_received_header">smtpd_tls_received_header</a> = yes
<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a> =
btree:/var/lib/postfix/smtpd_tls_session_cache
btree:/var/lib/postfix/smtpd_tls_session_cache
<a href="postconf.5.html#tls_random_source">tls_random_source</a> = dev:/dev/urandom
<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> = may
</pre>

10
postfix/html/postconf.5.html
View File

@@ -7018,7 +7018,7 @@ to the configured before/after 220 greeting tests. </dd>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>,
<a href="cidr_table.5.html">cidr</a>:/etc/postfix/postscreen_access.cidr
<a href="cidr_table.5.html">cidr</a>:/etc/postfix/postscreen_access.cidr
<a href="postconf.5.html#postscreen_blacklist_action">postscreen_blacklist_action</a> = enforce
</pre>
@@ -7341,7 +7341,7 @@ the file is read). </p>
<pre>
/etc/postfix/dnsbl_reply:
secret.zen.spamhaus.org zen.spamhaus.org
secret.zen.spamhaus.org zen.spamhaus.org
</pre>
<p> This feature is available in Postfix 2.8. </p>
@@ -11199,7 +11199,7 @@ As in the example above, we show two matching fingerprints: </p>
<blockquote>
<pre>
/etc/postfix/tls_policy:
example.com fingerprint
example.com fingerprint
match=3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1
match=EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35
</pre>
@@ -11777,8 +11777,8 @@ Example:
[mail.example.org]:587 secure match=nexthop
# Postfix 2.5 and later
[thumb.example.org] fingerprint
match=EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35
match=3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1
match=EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35
match=3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1
</pre>
<p> <b>Note:</b> The <b>hostname</b> strategy if listed in a non-default

223
postfix/proto/Makefile.in
View File

@@ -95,6 +95,7 @@ MAN = ../man/man5/postconf.5
AWK = awk '{ print; if (NR == 1) print ".pl 9999\n.ll 65" }'
SRCTOMAN= ../mantools/srctoman
POSTLINK= ../mantools/postlink
DETAB = pr -tre
HT2READ = ../mantools/html2readme
MAKEAAA = ../mantools/makereadme
MAKESOHO= ../mantools/make_soho_readme
@@ -138,341 +139,341 @@ clobber:
$(SRCTOMAN) - $? | $(AWK) | nroff -man | col -bx | uniq | sed 's/^/# /' >$@
../html/ADDRESS_CLASS_README.html: ADDRESS_CLASS_README.html
$(POSTLINK) $? >$@
$(POSTLINK) $? | $(DETAB) >$@
../html/ADDRESS_REWRITING_README.html: ADDRESS_REWRITING_README.html
$(POSTLINK) $? >$@
$(POSTLINK) $? | $(DETAB) >$@
../html/ADDRESS_VERIFICATION_README.html: ADDRESS_VERIFICATION_README.html
$(POSTLINK) $? >$@
$(POSTLINK) $? | $(DETAB) >$@
../html/BACKSCATTER_README.html: BACKSCATTER_README.html
$(POSTLINK) $? >$@
$(POSTLINK) $? | $(DETAB) >$@
../html/CDB_README.html: CDB_README.html
$(POSTLINK) $? >$@
$(POSTLINK) $? | $(DETAB) >$@
../html/CONNECTION_CACHE_README.html: CONNECTION_CACHE_README.html
$(POSTLINK) $? >$@
$(POSTLINK) $? | $(DETAB) >$@
../html/CONTENT_INSPECTION_README.html: CONTENT_INSPECTION_README.html
$(POSTLINK) $? >$@
$(POSTLINK) $? | $(DETAB) >$@
../html/CYRUS_README.html: CYRUS_README.html
$(POSTLINK) $? >$@
$(POSTLINK) $? | $(DETAB) >$@
../html/BASIC_CONFIGURATION_README.html: BASIC_CONFIGURATION_README.html
$(POSTLINK) $? >$@
$(POSTLINK) $? | $(DETAB) >$@
../html/BUILTIN_FILTER_README.html: BUILTIN_FILTER_README.html
$(POSTLINK) $? >$@
$(POSTLINK) $? | $(DETAB) >$@
../html/DATABASE_README.html: DATABASE_README.html
$(POSTLINK) $? >$@
$(POSTLINK) $? | $(DETAB) >$@
../html/DB_README.html: DB_README.html
$(POSTLINK) $? >$@
$(POSTLINK) $? | $(DETAB) >$@
../html/DEBUG_README.html: DEBUG_README.html
$(POSTLINK) $? >$@
$(POSTLINK) $? | $(DETAB) >$@
../html/DSN_README.html: DSN_README.html
$(POSTLINK) $? >$@
$(POSTLINK) $? | $(DETAB) >$@
../html/ETRN_README.html: ETRN_README.html
$(POSTLINK) $? >$@
$(POSTLINK) $? | $(DETAB) >$@
../html/FILTER_README.html: FILTER_README.html
$(POSTLINK) $? >$@
$(POSTLINK) $? | $(DETAB) >$@
../html/INSTALL.html: INSTALL.html
$(POSTLINK) $? >$@
$(POSTLINK) $? | $(DETAB) >$@
../html/IPV6_README.html: IPV6_README.html
$(POSTLINK) $? >$@
$(POSTLINK) $? | $(DETAB) >$@
../html/LDAP_README.html: LDAP_README.html
$(POSTLINK) $? >$@
$(POSTLINK) $? | $(DETAB) >$@
../html/LINUX_README.html: LINUX_README.html
$(POSTLINK) $? >$@
$(POSTLINK) $? | $(DETAB) >$@
../html/LOCAL_RECIPIENT_README.html: LOCAL_RECIPIENT_README.html
$(POSTLINK) $? >$@
$(POSTLINK) $? | $(DETAB) >$@
../html/MAILDROP_README.html: MAILDROP_README.html
$(POSTLINK) $? >$@
$(POSTLINK) $? | $(DETAB) >$@
../html/LMDB_README.html: LMDB_README.html
$(POSTLINK) $? >$@
$(POSTLINK) $? | $(DETAB) >$@
../html/MEMCACHE_README.html: MEMCACHE_README.html
$(POSTLINK) $? >$@
$(POSTLINK) $? | $(DETAB) >$@
../html/MILTER_README.html: MILTER_README.html
$(POSTLINK) $? >$@
$(POSTLINK) $? | $(DETAB) >$@
../html/MULTI_INSTANCE_README.html: MULTI_INSTANCE_README.html
$(POSTLINK) $? >$@
$(POSTLINK) $? | $(DETAB) >$@
../html/MYSQL_README.html: MYSQL_README.html
$(POSTLINK) $? >$@
$(POSTLINK) $? | $(DETAB) >$@
../html/NFS_README.html: NFS_README.html
$(POSTLINK) $? >$@
$(POSTLINK) $? | $(DETAB) >$@
../html/OVERVIEW.html: OVERVIEW.html
$(POSTLINK) $? >$@
$(POSTLINK) $? | $(DETAB) >$@
../html/PACKAGE_README.html: PACKAGE_README.html
$(POSTLINK) $? >$@
$(POSTLINK) $? | $(DETAB) >$@
../html/PCRE_README.html: PCRE_README.html
$(POSTLINK) $? >$@
$(POSTLINK) $? | $(DETAB) >$@
../html/PGSQL_README.html: PGSQL_README.html
$(POSTLINK) $? >$@
$(POSTLINK) $? | $(DETAB) >$@
../html/POSTSCREEN_README.html: POSTSCREEN_README.html
$(POSTLINK) $? >$@
$(POSTLINK) $? | $(DETAB) >$@
../html/QMQP_README.html: QMQP_README.html
$(POSTLINK) $? >$@
$(POSTLINK) $? | $(DETAB) >$@
../html/QSHAPE_README.html: QSHAPE_README.html
$(POSTLINK) $? >$@
$(POSTLINK) $? | $(DETAB) >$@
../html/RESTRICTION_CLASS_README.html: RESTRICTION_CLASS_README.html
$(POSTLINK) $? >$@
$(POSTLINK) $? | $(DETAB) >$@
../html/SASL_README.html: SASL_README.html
$(POSTLINK) $? >$@
$(POSTLINK) $? | $(DETAB) >$@
../html/SCHEDULER_README.html: SCHEDULER_README.html
$(POSTLINK) $? >$@
$(POSTLINK) $? | $(DETAB) >$@
../html/SMTPD_ACCESS_README.html: SMTPD_ACCESS_README.html
$(POSTLINK) $? >$@
$(POSTLINK) $? | $(DETAB) >$@
../html/SMTPD_POLICY_README.html: SMTPD_POLICY_README.html
$(POSTLINK) $? >$@
$(POSTLINK) $? | $(DETAB) >$@
../html/SMTPD_PROXY_README.html: SMTPD_PROXY_README.html
$(POSTLINK) $? >$@
$(POSTLINK) $? | $(DETAB) >$@
../html/SOHO_README.html: $(MAKESOHO) $(DEPSOHO)
$(MAKESOHO) | $(POSTLINK) >$@
$(MAKESOHO) | $(POSTLINK) | $(DETAB) >$@
../html/SQLITE_README.html: SQLITE_README.html
$(POSTLINK) $? >$@
$(POSTLINK) $? | $(DETAB) >$@
../html/STANDARD_CONFIGURATION_README.html: STANDARD_CONFIGURATION_README.html
$(POSTLINK) $? >$@
$(POSTLINK) $? | $(DETAB) >$@
../html/STRESS_README.html: STRESS_README.html
$(POSTLINK) $? >$@
$(POSTLINK) $? | $(DETAB) >$@
../html/TUNING_README.html: TUNING_README.html
$(POSTLINK) $? >$@
$(POSTLINK) $? | $(DETAB) >$@
../html/UUCP_README.html: UUCP_README.html
$(POSTLINK) $? >$@
$(POSTLINK) $? | $(DETAB) >$@
../html/ULTRIX_README.html: ULTRIX_README.html
$(POSTLINK) $? >$@
$(POSTLINK) $? | $(DETAB) >$@
../html/VERP_README.html: VERP_README.html
$(POSTLINK) $? >$@
$(POSTLINK) $? | $(DETAB) >$@
../html/VIRTUAL_README.html: VIRTUAL_README.html
$(POSTLINK) $? >$@
$(POSTLINK) $? | $(DETAB) >$@
../html/XCLIENT_README.html: XCLIENT_README.html
$(POSTLINK) $? >$@
$(POSTLINK) $? | $(DETAB) >$@
../html/XFORWARD_README.html: XFORWARD_README.html
$(POSTLINK) $? >$@
$(POSTLINK) $? | $(DETAB) >$@
../html/TLS_README.html: TLS_README.html
$(POSTLINK) $? >$@
$(POSTLINK) $? | $(DETAB) >$@
../html/TLS_LEGACY_README.html: TLS_LEGACY_README.html
$(POSTLINK) $? >$@
$(POSTLINK) $? | $(DETAB) >$@
../README_FILES/ADDRESS_CLASS_README: ADDRESS_CLASS_README.html
$(HT2READ) $? >$@
$(HT2READ) $? | $(DETAB) >$@
../README_FILES/ADDRESS_REWRITING_README: ADDRESS_REWRITING_README.html
$(HT2READ) $? >$@
$(HT2READ) $? | $(DETAB) >$@
../README_FILES/ADDRESS_VERIFICATION_README: ADDRESS_VERIFICATION_README.html
$(HT2READ) $? >$@
$(HT2READ) $? | $(DETAB) >$@
../README_FILES/BACKSCATTER_README: BACKSCATTER_README.html
$(HT2READ) $? >$@
$(HT2READ) $? | $(DETAB) >$@
../README_FILES/BASIC_CONFIGURATION_README: BASIC_CONFIGURATION_README.html
$(HT2READ) $? >$@
$(HT2READ) $? | $(DETAB) >$@
../README_FILES/BUILTIN_FILTER_README: BUILTIN_FILTER_README.html
$(HT2READ) $? >$@
$(HT2READ) $? | $(DETAB) >$@
../README_FILES/CDB_README: CDB_README.html
$(HT2READ) $? >$@
$(HT2READ) $? | $(DETAB) >$@
../README_FILES/CONNECTION_CACHE_README: CONNECTION_CACHE_README.html
$(HT2READ) $? >$@
$(HT2READ) $? | $(DETAB) >$@
../README_FILES/CONTENT_INSPECTION_README: CONTENT_INSPECTION_README.html
$(HT2READ) $? >$@
$(HT2READ) $? | $(DETAB) >$@
../README_FILES/CYRUS_README: CYRUS_README.html
$(HT2READ) $? >$@
$(HT2READ) $? | $(DETAB) >$@
../README_FILES/DATABASE_README: DATABASE_README.html
$(HT2READ) $? >$@
$(HT2READ) $? | $(DETAB) >$@
../README_FILES/DB_README: DB_README.html
$(HT2READ) $? >$@
$(HT2READ) $? | $(DETAB) >$@
../README_FILES/DEBUG_README: DEBUG_README.html
$(HT2READ) $? >$@
$(HT2READ) $? | $(DETAB) >$@
../README_FILES/DSN_README: DSN_README.html
$(HT2READ) $? >$@
$(HT2READ) $? | $(DETAB) >$@
../README_FILES/ETRN_README: ETRN_README.html
$(HT2READ) $? >$@
$(HT2READ) $? | $(DETAB) >$@
../README_FILES/FILTER_README: FILTER_README.html
$(HT2READ) $? >$@
$(HT2READ) $? | $(DETAB) >$@
../README_FILES/INSTALL: INSTALL.html
$(HT2READ) $? >$@
$(HT2READ) $? | $(DETAB) >$@
../README_FILES/IPV6_README: IPV6_README.html
$(HT2READ) $? >$@
$(HT2READ) $? | $(DETAB) >$@
../README_FILES/LDAP_README: LDAP_README.html
$(HT2READ) $? >$@
$(HT2READ) $? | $(DETAB) >$@
../README_FILES/LINUX_README: LINUX_README.html
$(HT2READ) $? >$@
$(HT2READ) $? | $(DETAB) >$@
../README_FILES/LOCAL_RECIPIENT_README: LOCAL_RECIPIENT_README.html
$(HT2READ) $? >$@
$(HT2READ) $? | $(DETAB) >$@
../README_FILES/MAILDROP_README: MAILDROP_README.html
$(HT2READ) $? >$@
$(HT2READ) $? | $(DETAB) >$@
../README_FILES/LMDB_README: LMDB_README.html
$(HT2READ) $? >$@
$(HT2READ) $? | $(DETAB) >$@
../README_FILES/MEMCACHE_README: MEMCACHE_README.html
$(HT2READ) $? >$@
$(HT2READ) $? | $(DETAB) >$@
../README_FILES/MILTER_README: MILTER_README.html
$(HT2READ) $? >$@
$(HT2READ) $? | $(DETAB) >$@
../README_FILES/MULTI_INSTANCE_README: MULTI_INSTANCE_README.html
$(HT2READ) $? >$@
$(HT2READ) $? | $(DETAB) >$@
../README_FILES/MYSQL_README: MYSQL_README.html
$(HT2READ) $? >$@
$(HT2READ) $? | $(DETAB) >$@
../README_FILES/NFS_README: NFS_README.html
$(HT2READ) $? >$@
$(HT2READ) $? | $(DETAB) >$@
../README_FILES/OVERVIEW: OVERVIEW.html
$(HT2READ) $? >$@
$(HT2READ) $? | $(DETAB) >$@
../README_FILES/PACKAGE_README: PACKAGE_README.html
$(HT2READ) $? >$@
$(HT2READ) $? | $(DETAB) >$@
../README_FILES/PCRE_README: PCRE_README.html
$(HT2READ) $? >$@
$(HT2READ) $? | $(DETAB) >$@
../README_FILES/PGSQL_README: PGSQL_README.html
$(HT2READ) $? >$@
$(HT2READ) $? | $(DETAB) >$@
../README_FILES/POSTSCREEN_README: POSTSCREEN_README.html
$(HT2READ) $? >$@
$(HT2READ) $? | $(DETAB) >$@
../README_FILES/QMQP_README: QMQP_README.html
$(HT2READ) $? >$@
$(HT2READ) $? | $(DETAB) >$@
../README_FILES/QSHAPE_README: QSHAPE_README.html
$(HT2READ) $? >$@
$(HT2READ) $? | $(DETAB) >$@
../README_FILES/RESTRICTION_CLASS_README: RESTRICTION_CLASS_README.html
$(HT2READ) $? >$@
$(HT2READ) $? | $(DETAB) >$@
../README_FILES/SASL_README: SASL_README.html
$(HT2READ) $? >$@
$(HT2READ) $? | $(DETAB) >$@
../README_FILES/SCHEDULER_README: SCHEDULER_README.html
$(HT2READ) $? >$@
$(HT2READ) $? | $(DETAB) >$@
../README_FILES/SMTPD_ACCESS_README: SMTPD_ACCESS_README.html
$(HT2READ) $? >$@
$(HT2READ) $? | $(DETAB) >$@
../README_FILES/SMTPD_POLICY_README: SMTPD_POLICY_README.html
$(HT2READ) $? >$@
$(HT2READ) $? | $(DETAB) >$@
../README_FILES/SMTPD_PROXY_README: SMTPD_PROXY_README.html
$(HT2READ) $? >$@
$(HT2READ) $? | $(DETAB) >$@
../README_FILES/SOHO_README: $(MAKESOHO) $(DEPSOHO)
$(MAKESOHO) | $(HT2READ) >$@
$(MAKESOHO) | $(HT2READ) | $(DETAB) >$@
../README_FILES/SQLITE_README: SQLITE_README.html
$(HT2READ) $? >$@
$(HT2READ) $? | $(DETAB) >$@
../README_FILES/STANDARD_CONFIGURATION_README: STANDARD_CONFIGURATION_README.html
$(HT2READ) $? >$@
$(HT2READ) $? | $(DETAB) >$@
../README_FILES/STRESS_README: STRESS_README.html
$(HT2READ) $? >$@
$(HT2READ) $? | $(DETAB) >$@
../README_FILES/TUNING_README: TUNING_README.html
$(HT2READ) $? >$@
$(HT2READ) $? | $(DETAB) >$@
../README_FILES/UUCP_README: UUCP_README.html
$(HT2READ) $? >$@
$(HT2READ) $? | $(DETAB) >$@
../README_FILES/ULTRIX_README: ULTRIX_README.html
$(HT2READ) $? >$@
$(HT2READ) $? | $(DETAB) >$@
../README_FILES/VERP_README: VERP_README.html
$(HT2READ) $? >$@
$(HT2READ) $? | $(DETAB) >$@
../README_FILES/VIRTUAL_README: VIRTUAL_README.html
$(HT2READ) $? >$@
$(HT2READ) $? | $(DETAB) >$@
../README_FILES/XCLIENT_README: XCLIENT_README.html
$(HT2READ) $? >$@
$(HT2READ) $? | $(DETAB) >$@
../README_FILES/XFORWARD_README: XFORWARD_README.html
$(HT2READ) $? >$@
$(HT2READ) $? | $(DETAB) >$@
../README_FILES/TLS_README: TLS_README.html
$(HT2READ) $? >$@
$(HT2READ) $? | $(DETAB) >$@
../README_FILES/TLS_LEGACY_README: TLS_LEGACY_README.html
$(HT2READ) $? >$@
$(HT2READ) $? | $(DETAB) >$@
../README_FILES/AAAREADME: ../html/index.html $(MAKEAAA)
$(MAKEAAA) ../html/index.html | $(HT2READ) >$@
$(MAKEAAA) ../html/index.html | $(HT2READ) | $(DETAB) >$@
../man/man5/postconf.5: postconf.man.prolog postconf.proto postconf.man.epilog \
../mantools/xpostconf ../mantools/postconf2html ../mantools/postconf2man
(cat postconf.man.prolog; ../mantools/xpostconf postconf.proto | \
../mantools/postconf2html | ../mantools/postconf2man | \
sed 's/\\e&/\\\&/'; cat postconf.man.epilog ) > $@
sed 's/\\e&/\\\&/'; cat postconf.man.epilog ) | $(DETAB) > $@
../html/postconf.5.html: postconf.html.prolog postconf.proto \
postconf.html.epilog ../mantools/xpostconf ../mantools/postconf2html \
../mantools/postlink
(cat postconf.html.prolog; ../mantools/xpostconf postconf.proto | \
../mantools/postconf2html | ../mantools/postlink; \
cat postconf.html.epilog ) > $@
cat postconf.html.epilog ) | $(DETAB) > $@

2
postfix/src/global/mail_version.h
View File

@@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
#define MAIL_RELEASE_DATE "20131102"
#define MAIL_RELEASE_DATE "20131103"
#define MAIL_VERSION_NUMBER "2.11"
#ifdef SNAPSHOT

21
postfix/src/util/dict_lmdb.c
View File

@@ -551,12 +551,31 @@ DICT *dict_lmdb_open(const char *path, int open_flags, int dict_flags)
mdb_path = concatenate(path, "." DICT_TYPE_LMDB, (char *) 0);
/*
* Impedance adapters.
* Security violation.
*
* By default, LMDB 0.9.9 writes uninitialized heap memory to a
* world-readable database file. This is a basic memory disclosure
* vulnerability: memory content that a program does not intend to share
* ends up in a world-readable file. The content of uninitialized heap
* memory depends on program execution history. That history includes
* code execution in other libraries that are linked into the program.
*
* As a workaround we turn on MDB_WRITEMAP which disables the use of
* malloc() in LMDB. However, that does not address several disclosures
* of stack memory.
*/
mdb_flags = MDB_NOSUBDIR | MDB_NOLOCK;
if (open_flags == O_RDONLY)
mdb_flags |= MDB_RDONLY;
/*
* Replace with MDB_VERSION_FULL < MDB_VERINT(X, Y, Z) after this is
* fixed up-stream.
*/
#if 1
mdb_flags |= MDB_WRITEMAP;
#endif
slmdb_flags = 0;
if (dict_flags & DICT_FLAG_BULK_UPDATE)
slmdb_flags |= SLMDB_FLAG_BULK;