mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-09-01 06:35:27 +00:00
Code Issues Releases Wiki Activity

postfix-2.11-20131103

Browse Source
This commit is contained in:
Wietse Venema
2013-11-03 00:00:00 -05:00
committed by Viktor Dukhovni
parent 4920c6b506
commit 78fe66320c
25 changed files with 286 additions and 251 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
postfix/HISTORY
View File

@@ -19034,3 +19034,20 @@ Apologies for any names omitted.
Documentation: added SASL_README example for check_sasl_access. Documentation: added SASL_README example for check_sasl_access.
File: proto/SASL_README.html. File: proto/SASL_README.html.
20131102
Security violation: by default, LMDB 0.9.9 writes fragments
of uninitialized heap memory to a world-readable database
file. This is a basic memory disclosure vulnerability:
memory content that a program does not intend to share ends
up in a world-readable file. The content of uninitialized
heap memory depends on program execution history. That
history includes code execution in other libraries that are
linked into the program. To work around this problem we
disable the use of malloc() in LMDB. However, that does not
address several disclosures of stack memory. File:
util/dict_lmdb.c.
Cleanup: expand TAB characters when generating HTML and
README files. Files: proto/Makefile.in.

6
postfix/README_FILES/ADDRESS_REWRITING_README
View File

@@ -655,9 +655,9 @@ Example:
smtp_generic_maps = hash:/etc/postfix/generic smtp_generic_maps = hash:/etc/postfix/generic
/etc/postfix/generic: /etc/postfix/generic:
his@localdomain.local hisaccount@hisisp.example his@localdomain.local hisaccount@hisisp.example
her@localdomain.local heraccount@herisp.example her@localdomain.local heraccount@herisp.example
@localdomain.local hisaccount+local@hisisp.example @localdomain.local hisaccount+local@hisisp.example
When mail is sent to a remote host via SMTP, this replaces When mail is sent to a remote host via SMTP, this replaces
his@localdomain.local by his ISP mail address, replaces her@localdomain.local his@localdomain.local by his ISP mail address, replaces her@localdomain.local

4
postfix/README_FILES/BACKSCATTER_README
View File

@@ -119,7 +119,7 @@ this:
endif endif
/^Message-ID:.* <!&!/ DUNNO /^Message-ID:.* <!&!/ DUNNO
/^Message-ID:.*@(porcupine\.org)/ /^Message-ID:.*@(porcupine\.org)/
reject forged domain name in Message-ID: header: $1 reject forged domain name in Message-ID: header: $1
/etc/postfix/body_checks: /etc/postfix/body_checks:
# Do not indent the patterns between "if" and "endif". # Do not indent the patterns between "if" and "endif".
@@ -134,7 +134,7 @@ this:
endif endif
/^[> ]*Message-ID:.* <!&!/ DUNNO /^[> ]*Message-ID:.* <!&!/ DUNNO
/^[> ]*Message-ID:.*@(porcupine\.org)/ /^[> ]*Message-ID:.*@(porcupine\.org)/
reject forged domain name in Message-ID: header: $1 reject forged domain name in Message-ID: header: $1
Notes: Notes:

12
postfix/README_FILES/DATABASE_README
View File

@@ -151,16 +151,16 @@ font.
# Note 1: commands are specified after a TAB character. # Note 1: commands are specified after a TAB character.
# Note 2: use postalias(1) for local aliases, postmap(1) for the rest. # Note 2: use postalias(1) for local aliases, postmap(1) for the rest.
aliases.db: aliases.in aliases.db: aliases.in
postalias aliases.in postalias aliases.in
mv aliases.in.db aliases.db mv aliases.in.db aliases.db
access.db: access.in access.db: access.in
postmap access.in postmap access.in
mv access.in.db access.db mv access.in.db access.db
virtual.db: virtual.in virtual.db: virtual.in
postmap virtual.in postmap virtual.in
mv virtual.in.db virtual.db mv virtual.in.db virtual.db
...etcetera... ...etcetera...
# vvii aacccceessss..iinn # vvii aacccceessss..iinn

26
postfix/README_FILES/MULTI_INSTANCE_README
View File

@@ -157,13 +157,13 @@ submission null client:
# a template file. The build process expands the template into # a template file. The build process expands the template into
# "mtaadmin+root=mta1" # "mtaadmin+root=mta1"
# #
root mtaadmin+root=mta1 root mtaadmin+root=mta1
/etc/postfix/virtual: /etc/postfix/virtual:
# Caretaker aliases: # Caretaker aliases:
# #
root mtaadmin root mtaadmin
postmaster root postmaster root
You would typically also add a Makefile, to automatically run postmap(1) You would typically also add a Makefile, to automatically run postmap(1)
commands when source files change. This Makefile also creates a "generic" commands when source files change. This Makefile also creates a "generic"
@@ -175,13 +175,13 @@ database when none exists.
all: virtual.cdb generic.cdb all: virtual.cdb generic.cdb
generic: Makefile generic: Makefile
@echo Creating $@ @echo Creating $@
@rm -f $@.tmp @rm -f $@.tmp
@printf '%s\t%s+root=%s\n' root $MTAADMIN `uname -n` > $@.tmp @printf '%s\t%s+root=%s\n' root $MTAADMIN `uname -n` > $@.tmp
@mv $@.tmp generic @mv $@.tmp generic
%.cdb: % %.cdb: %
postmap cdb:$< postmap cdb:$<
Construct the "virtual" and "generic" databases (the latter is created by Construct the "virtual" and "generic" databases (the latter is created by
running "make"), then start and test the null-client: running "make"), then start and test the null-client:
@@ -439,7 +439,7 @@ include:
# Avoid splitting the envelope and scanning messages multiple times. # Avoid splitting the envelope and scanning messages multiple times.
# Match the re-injection server's recipient limit. # Match the re-injection server's recipient limit.
# #
smtp_destination_recipient_limit = 1000 smtp_destination_recipient_limit = 1000
# Tolerate occasional high latency in the content filter. # Tolerate occasional high latency in the content filter.
# #
@@ -875,9 +875,9 @@ If you want to override the conventional values of the instance installation
parameters, specify their values on the command-line: parameters, specify their values on the command-line:
# postmulti [-I postfix-myinst] [-G mygroup] -e create \ # postmulti [-I postfix-myinst] [-G mygroup] -e create \
"config_directory = /path/to/config_directory" \ "config_directory = /path/to/config_directory" \
"queue_directory = /path/to/queue_directory" \ "queue_directory = /path/to/queue_directory" \
"data_directory = /path/to/data_directory" "data_directory = /path/to/data_directory"
A note on the --II and --GG options above. These are always used to assign a name A note on the --II and --GG options above. These are always used to assign a name
or group name to an instance, while the --ii and --gg options always select or group name to an instance, while the --ii and --gg options always select
@@ -924,7 +924,7 @@ match this name if necessary):
Otherwise, you must specify the location of its configuration directory: Otherwise, you must specify the location of its configuration directory:
# postmulti [-I postfix-myinst] [-G mygroup] -e import \ # postmulti [-I postfix-myinst] [-G mygroup] -e import \
"config_directory = /path/of/config_directory" "config_directory = /path/of/config_directory"
When the instance is imported, you can assign a name or a group. As with When the instance is imported, you can assign a name or a group. As with
"create", you can control the placement of the new instance in the start order "create", you can control the placement of the new instance in the start order

6
postfix/README_FILES/RESTRICTION_CLASS_README
View File

@@ -30,9 +30,9 @@ Example:
smtpd_recipient_restrictions = smtpd_recipient_restrictions =
permit_mynetworks permit_mynetworks
# reject_unauth_destination is not needed here if the mail # reject_unauth_destination is not needed here if the mail
# relay policy is specified with smtpd_relay_restrictions # relay policy is specified with smtpd_relay_restrictions
# (available with Postfix 2.10 and later). # (available with Postfix 2.10 and later).
reject_unauth_destination reject_unauth_destination
check_recipient_access hash:/etc/postfix/recipient_access check_recipient_access hash:/etc/postfix/recipient_access
... ...

26
postfix/README_FILES/SASL_README
View File

@@ -846,19 +846,19 @@ authenticated SMTP clients to send mail to remote destinations. Examples:
# preferably specified under smtpd_relay_restrictions. # preferably specified under smtpd_relay_restrictions.
/etc/postfix/main.cf: /etc/postfix/main.cf:
smtpd_relay_restrictions = smtpd_relay_restrictions =
permit_mynetworks permit_mynetworks
ppeerrmmiitt__ssaassll__aauutthheennttiiccaatteedd ppeerrmmiitt__ssaassll__aauutthheennttiiccaatteedd
reject_unauth_destination reject_unauth_destination
# Older configurations combine relay control and spam control under # Older configurations combine relay control and spam control under
# smtpd_recipient_restrictions. To use this example with Postfix >= # smtpd_recipient_restrictions. To use this example with Postfix >=
# 2.10 specify "smtpd_relay_restrictions=". # 2.10 specify "smtpd_relay_restrictions=".
/etc/postfix/main.cf: /etc/postfix/main.cf:
smtpd_recipient_restrictions = smtpd_recipient_restrictions =
permit_mynetworks permit_mynetworks
ppeerrmmiitt__ssaassll__aauutthheennttiiccaatteedd ppeerrmmiitt__ssaassll__aauutthheennttiiccaatteedd
reject_unauth_destination reject_unauth_destination
...other rules... ...other rules...
EEnnvveellooppee sseennddeerr aaddddrreessss aauutthhoorriizzaattiioonn EEnnvveellooppee sseennddeerr aaddddrreessss aauutthhoorriizzaattiioonn
@@ -878,7 +878,7 @@ authenticated client is allowed to use a particular envelope sender address:
smtpd_recipient_restrictions = smtpd_recipient_restrictions =
... ...
rreejjeecctt__sseennddeerr__llooggiinn__mmiissmmaattcchh rreejjeecctt__sseennddeerr__llooggiinn__mmiissmmaattcchh
permit_sasl_authenticated permit_sasl_authenticated
... ...
The controlled_envelope_senders table specifies the binding between a sender The controlled_envelope_senders table specifies the binding between a sender
@@ -915,14 +915,14 @@ credentials have been compromised.
/etc/postfix/main.cf: /etc/postfix/main.cf:
smtpd_recipient_restrictions = smtpd_recipient_restrictions =
permit_mynetworks permit_mynetworks
check_sasl_access hash:/etc/postfix/sasl_access check_sasl_access hash:/etc/postfix/sasl_access
permit_sasl_authenticated permit_sasl_authenticated
... ...
/etc/postfix/sasl_access: /etc/postfix/sasl_access:
# Use this when smtpd_sasl_local_domain is empty. # Use this when smtpd_sasl_local_domain is empty.
username HOLD username HOLD
# Use this when smtpd_sasl_local_domain=example.com. # Use this when smtpd_sasl_local_domain=example.com.
username@example.com HOLD username@example.com HOLD

8
postfix/README_FILES/SCHEDULER_README
View File

@@ -594,10 +594,10 @@ The first approximation of the new scheduling algorithm is like this:
if transport process limit reached continue if transport process limit reached continue
foreach transport's job (in the order of the transport's job list) foreach transport's job (in the order of the transport's job list)
do do
foreach job's peer (round-robin-by-destination) foreach job's peer (round-robin-by-destination)
if peer->queue->concurrency < peer->queue->window if peer->queue->concurrency < peer->queue->window
return next peer entry. return next peer entry.
done done
done done
done done

20
postfix/README_FILES/SMTPD_ACCESS_README
View File

@@ -134,20 +134,20 @@ Examples of simple restriction lists are:
# Relay control (Postfix 2.10 and later): local clients and # Relay control (Postfix 2.10 and later): local clients and
# authenticated clients may specify any destination domain. # authenticated clients may specify any destination domain.
smtpd_relay_restrictions = permit_mynetworks, smtpd_relay_restrictions = permit_mynetworks,
permit_sasl_authenticated, permit_sasl_authenticated,
reject_unauth_destination reject_unauth_destination
# Spam control: exclude local clients and authenticated clients # Spam control: exclude local clients and authenticated clients
# from DNSBL lookups. # from DNSBL lookups.
smtpd_recipient_restrictions = permit_mynetworks, smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, permit_sasl_authenticated,
# reject_unauth_destination is not needed here if the mail # reject_unauth_destination is not needed here if the mail
# relay policy is specified under smtpd_relay_restrictions # relay policy is specified under smtpd_relay_restrictions
# (available with Postfix 2.10 and later). # (available with Postfix 2.10 and later).
reject_unauth_destination reject_unauth_destination
reject_rbl_client zen.spamhaus.org, reject_rbl_client zen.spamhaus.org,
reject_rhsbl_helo dbl.spamhaus.org, reject_rhsbl_helo dbl.spamhaus.org,
reject_rhsbl_sender dbl.spamhaus.org reject_rhsbl_sender dbl.spamhaus.org
# Block clients that speak too early. # Block clients that speak too early.
smtpd_data_restrictions = reject_unauth_pipelining smtpd_data_restrictions = reject_unauth_pipelining

10
postfix/README_FILES/TLS_README
View File

@@ -1140,7 +1140,7 @@ the example above, we show two matching fingerprints:
smtp_tls_fingerprint_digest = md5 smtp_tls_fingerprint_digest = md5
/etc/postfix/tls_policy: /etc/postfix/tls_policy:
example.com fingerprint example.com fingerprint
match=3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1 match=3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1
match=EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35 match=EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35
@@ -1753,8 +1753,8 @@ Example:
[mail.example.org]:587 secure match=nexthop [mail.example.org]:587 secure match=nexthop
# Postfix 2.5 and later # Postfix 2.5 and later
[thumb.example.org] fingerprint [thumb.example.org] fingerprint
match=EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35 match=EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35
match=3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1 match=3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1
# Postfix 2.6 and later # Postfix 2.6 and later
example.info may protocols=!SSLv2 ciphers=medium example.info may protocols=!SSLv2 ciphers=medium
exclude=3DES exclude=3DES
@@ -2135,14 +2135,14 @@ indicates a super-user shell.
/etc/postfix/main.cf: /etc/postfix/main.cf:
smtp_tls_CAfile = /etc/postfix/cacert.pem smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_tls_session_cache_database = smtp_tls_session_cache_database =
btree:/var/lib/postfix/smtp_tls_session_cache btree:/var/lib/postfix/smtp_tls_session_cache
smtp_tls_security_level = may smtp_tls_security_level = may
smtpd_tls_CAfile = /etc/postfix/cacert.pem smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_cert_file = /etc/postfix/foo-cert.pem smtpd_tls_cert_file = /etc/postfix/foo-cert.pem
smtpd_tls_key_file = /etc/postfix/foo-key.pem smtpd_tls_key_file = /etc/postfix/foo-key.pem
smtpd_tls_received_header = yes smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = smtpd_tls_session_cache_database =
btree:/var/lib/postfix/smtpd_tls_session_cache btree:/var/lib/postfix/smtpd_tls_session_cache
tls_random_source = dev:/dev/urandom tls_random_source = dev:/dev/urandom
smtpd_tls_security_level = may smtpd_tls_security_level = may

2
postfix/WISHLIST
View File

@@ -15,8 +15,6 @@ Wish list:
Things to do after the stable release: Things to do after the stable release:
Why does postlink no longer hyperlink static:all?
Begin code revision, after DANE support stabilizes. This Begin code revision, after DANE support stabilizes. This
should be one pass that changes only names and no code. should be one pass that changes only names and no code.

22
postfix/html/ADDRESS_REWRITING_README.html
View File

@@ -434,7 +434,7 @@ from remote SMTP clients only if the client matches the
<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter, or if the <a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter, or if the
<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> configuration parameter specifies a <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> configuration parameter specifies a
non-empty value. To get the behavior before Postfix 2.2, specify non-empty value. To get the behavior before Postfix 2.2, specify
"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = static:all". </p> </dd> "<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all". </p> </dd>
<dt>Rewrite "site!user" to "user@site" </dt> <dt>Rewrite "site!user" to "user@site" </dt>
@@ -448,7 +448,7 @@ from remote SMTP clients only if the client matches the
<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter, or if the <a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter, or if the
<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> configuration parameter specifies a <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> configuration parameter specifies a
non-empty value. To get the behavior before Postfix 2.2, specify non-empty value. To get the behavior before Postfix 2.2, specify
"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = static:all". </p> </dd> "<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all". </p> </dd>
<dt>Rewrite "user%domain" to "user@domain"</dt> <dt>Rewrite "user%domain" to "user@domain"</dt>
@@ -461,7 +461,7 @@ from remote SMTP clients only if the client matches the
<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter, or if the <a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter, or if the
<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> configuration parameter specifies a <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> configuration parameter specifies a
non-empty value. To get the behavior before Postfix 2.2, specify non-empty value. To get the behavior before Postfix 2.2, specify
"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = static:all". </p> </dd> "<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all". </p> </dd>
<dt> <dt>
@@ -478,7 +478,7 @@ from remote SMTP clients only if the client matches the
domain name specified with the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> domain name specified with the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a>
configuration parameter, if one is specified. To get the behavior configuration parameter, if one is specified. To get the behavior
before Postfix 2.2, specify "<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = before Postfix 2.2, specify "<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> =
static:all". </p> <a href="DATABASE_README.html#types">static</a>:all". </p>
<p> If your machine is not the main machine for $<a href="postconf.5.html#myorigin">myorigin</a> and you <p> If your machine is not the main machine for $<a href="postconf.5.html#myorigin">myorigin</a> and you
wish to have some users delivered locally without going via that wish to have some users delivered locally without going via that
@@ -502,7 +502,7 @@ from remote SMTP clients only if the client matches the
domain name specified with the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> domain name specified with the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a>
configuration parameter, if one is specified. To get the behavior configuration parameter, if one is specified. To get the behavior
before Postfix 2.2, specify "<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = before Postfix 2.2, specify "<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> =
static:all". </p> <a href="DATABASE_README.html#types">static</a>:all". </p>
<p> Some will argue that rewriting "host" to "host.domain" <p> Some will argue that rewriting "host" to "host.domain"
is bad. That is why it can be turned off. Others like the convenience is bad. That is why it can be turned off. Others like the convenience
@@ -519,7 +519,7 @@ from remote SMTP clients only if the client matches the
<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter, or if the <a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter, or if the
<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> configuration parameter specifies a <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> configuration parameter specifies a
non-empty value. To get the behavior before Postfix 2.2, specify non-empty value. To get the behavior before Postfix 2.2, specify
"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = static:all". </p> </dd> "<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all". </p> </dd>
</dl> </dl>
@@ -537,7 +537,7 @@ from remote SMTP clients only if the client matches the
<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter, or if the <a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter, or if the
<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> configuration parameter specifies a <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> configuration parameter specifies a
non-empty value. To get the behavior before Postfix 2.2, specify non-empty value. To get the behavior before Postfix 2.2, specify
"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = static:all". </p> "<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all". </p>
<p> Address rewriting is <p> Address rewriting is
done for local and remote addresses. The mapping is useful to done for local and remote addresses. The mapping is useful to
@@ -621,7 +621,7 @@ from remote SMTP clients only if the client matches the
<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter, or if the <a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter, or if the
<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> configuration parameter specifies a <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> configuration parameter specifies a
non-empty value. To get the behavior before Postfix 2.2, specify non-empty value. To get the behavior before Postfix 2.2, specify
"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = static:all". </p> "<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all". </p>
<p> Address masquerading is disabled by default, and is implemented <p> Address masquerading is disabled by default, and is implemented
by the <a href="cleanup.8.html">cleanup(8)</a> server. To enable, edit the <a href="postconf.5.html#masquerade_domains">masquerade_domains</a> by the <a href="cleanup.8.html">cleanup(8)</a> server. To enable, edit the <a href="postconf.5.html#masquerade_domains">masquerade_domains</a>
@@ -995,9 +995,9 @@ local machine. </p>
<a href="postconf.5.html#smtp_generic_maps">smtp_generic_maps</a> = hash:/etc/postfix/generic <a href="postconf.5.html#smtp_generic_maps">smtp_generic_maps</a> = hash:/etc/postfix/generic
/etc/postfix/generic: /etc/postfix/generic:
his@localdomain.local hisaccount@hisisp.example his@localdomain.local hisaccount@hisisp.example
her@localdomain.local heraccount@herisp.example her@localdomain.local heraccount@herisp.example
@localdomain.local hisaccount+local@hisisp.example @localdomain.local hisaccount+local@hisisp.example
</pre> </pre>
</blockquote> </blockquote>

4
postfix/html/BACKSCATTER_README.html
View File

@@ -195,7 +195,7 @@ patterns like this: </p>
endif endif
/^Message-ID:.* &lt;!&amp;!/ DUNNO /^Message-ID:.* &lt;!&amp;!/ DUNNO
/^Message-ID:.*@(porcupine\.org)/ /^Message-ID:.*@(porcupine\.org)/
reject forged domain name in Message-ID: header: $1 reject forged domain name in Message-ID: header: $1
/etc/postfix/body_checks: /etc/postfix/body_checks:
# Do not indent the patterns between "if" and "endif". # Do not indent the patterns between "if" and "endif".
@@ -209,7 +209,7 @@ patterns like this: </p>
endif endif
/^[&gt; ]*Message-ID:.* &lt;!&amp;!/ DUNNO /^[&gt; ]*Message-ID:.* &lt;!&amp;!/ DUNNO
/^[&gt; ]*Message-ID:.*@(porcupine\.org)/ /^[&gt; ]*Message-ID:.*@(porcupine\.org)/
reject forged domain name in Message-ID: header: $1 reject forged domain name in Message-ID: header: $1
</pre> </pre>
</blockquote> </blockquote>

8
postfix/html/BUILTIN_FILTER_README.html
View File

@@ -78,13 +78,13 @@ built-in content inspection works: </p>
<td align="center" valign="middle"> <tt> -&gt; </tt> </td> <td align="center" valign="middle"> <tt> -&gt; </tt> </td>
<td bgcolor="#f0f0ff" align="center" valign="middle"> <td bgcolor="#f0f0ff" align="center" valign="middle">
Delivery<br> agents </td> Delivery<br> agents </td>
<td align="center" valign="middle"> <tt> -&gt; </tt> </td> <td align="center" valign="middle"> <tt> -&gt; </tt> </td>
<td bgcolor="#f0f0ff" align="center" valign="middle"> <td bgcolor="#f0f0ff" align="center" valign="middle">
Network or<br> local mailbox </td> Network or<br> local mailbox </td>
</tr> </tr>

12
postfix/html/DATABASE_README.html
View File

@@ -225,16 +225,16 @@ all: aliases.db access.db virtual.db ...etcetera...
# Note 1: commands are specified after a TAB character. # Note 1: commands are specified after a TAB character.
# Note 2: use <a href="postalias.1.html">postalias(1)</a> for local aliases, <a href="postmap.1.html">postmap(1)</a> for the rest. # Note 2: use <a href="postalias.1.html">postalias(1)</a> for local aliases, <a href="postmap.1.html">postmap(1)</a> for the rest.
aliases.db: aliases.in aliases.db: aliases.in
postalias aliases.in postalias aliases.in
mv aliases.in.db aliases.db mv aliases.in.db aliases.db
access.db: access.in access.db: access.in
postmap access.in postmap access.in
mv access.in.db access.db mv access.in.db access.db
virtual.db: virtual.in virtual.db: virtual.in
postmap virtual.in postmap virtual.in
mv virtual.in.db virtual.db mv virtual.in.db virtual.db
...etcetera... ...etcetera...
# <b>vi access.in</b> # <b>vi access.in</b>

26
postfix/html/MULTI_INSTANCE_README.html
View File

@@ -209,13 +209,13 @@ href="STANDARD_CONFIGURATION_README.html#null_client">null client</a>:
# a template file. The build process expands the template into # a template file. The build process expands the template into
# "mtaadmin+root=mta1" # "mtaadmin+root=mta1"
# #
root mtaadmin+root=mta1 root mtaadmin+root=mta1
/etc/postfix/virtual: /etc/postfix/virtual:
# Caretaker aliases: # Caretaker aliases:
# #
root mtaadmin root mtaadmin
postmaster root postmaster root
</pre> </pre>
</blockquote> </blockquote>
@@ -231,13 +231,13 @@ creates a "generic" database when none exists. </p>
all: virtual.cdb generic.cdb all: virtual.cdb generic.cdb
generic: Makefile generic: Makefile
@echo Creating $@ @echo Creating $@
@rm -f $@.tmp @rm -f $@.tmp
@printf '%s\t%s+root=%s\n' root $MTAADMIN `uname -n` &gt; $@.tmp @printf '%s\t%s+root=%s\n' root $MTAADMIN `uname -n` &gt; $@.tmp
@mv $@.tmp generic @mv $@.tmp generic
%.<a href="CDB_README.html">cdb</a>: % %.<a href="CDB_README.html">cdb</a>: %
postmap <a href="CDB_README.html">cdb</a>:$&lt; postmap <a href="CDB_README.html">cdb</a>:$&lt;
</pre> </pre>
</blockquote> </blockquote>
@@ -554,7 +554,7 @@ pre-filter input instance include: </p>
# Avoid splitting the envelope and scanning messages multiple times. # Avoid splitting the envelope and scanning messages multiple times.
# Match the re-injection server's recipient limit. # Match the re-injection server's recipient limit.
# #
<a href="postconf.5.html#smtp_destination_recipient_limit">smtp_destination_recipient_limit</a> = 1000 <a href="postconf.5.html#smtp_destination_recipient_limit">smtp_destination_recipient_limit</a> = 1000
# Tolerate occasional high latency in the content filter. # Tolerate occasional high latency in the content filter.
# #
@@ -1126,9 +1126,9 @@ installation parameters, specify their values on the command-line: </p>
<blockquote> <blockquote>
<pre> <pre>
# postmulti [-I postfix-myinst] [-G mygroup] -e create \ # postmulti [-I postfix-myinst] [-G mygroup] -e create \
"<a href="postconf.5.html#config_directory">config_directory</a> = /path/to/config_directory" \ "<a href="postconf.5.html#config_directory">config_directory</a> = /path/to/config_directory" \
"<a href="postconf.5.html#queue_directory">queue_directory</a> = /path/to/queue_directory" \ "<a href="postconf.5.html#queue_directory">queue_directory</a> = /path/to/queue_directory" \
"<a href="postconf.5.html#data_directory">data_directory</a> = /path/to/data_directory" "<a href="postconf.5.html#data_directory">data_directory</a> = /path/to/data_directory"
</pre> </pre>
</blockquote> </blockquote>
@@ -1191,7 +1191,7 @@ directory: </p>
<blockquote> <blockquote>
<pre> <pre>
# postmulti [-I postfix-myinst] [-G mygroup] -e import \ # postmulti [-I postfix-myinst] [-G mygroup] -e import \
"<a href="postconf.5.html#config_directory">config_directory</a> = /path/of/config_directory" "<a href="postconf.5.html#config_directory">config_directory</a> = /path/of/config_directory"
</pre> </pre>
</blockquote> </blockquote>

6
postfix/html/RESTRICTION_CLASS_README.html
View File

@@ -49,9 +49,9 @@ care about these low-level details. </p>
<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> = <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> =
<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a> <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>
# <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> is not needed here if the mail # <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> is not needed here if the mail
# relay policy is specified with <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> # relay policy is specified with <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>
# (available with Postfix 2.10 and later). # (available with Postfix 2.10 and later).
<a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
<a href="postconf.5.html#check_recipient_access">check_recipient_access</a> hash:/etc/postfix/recipient_access <a href="postconf.5.html#check_recipient_access">check_recipient_access</a> hash:/etc/postfix/recipient_access
... ...

26
postfix/html/SASL_README.html
View File

@@ -1385,9 +1385,9 @@ Examples:
# preferably specified under <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>. # preferably specified under <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>.
/etc/postfix/<a href="postconf.5.html">main.cf</a>: /etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> = <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> =
<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a> <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>
<strong><a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a></strong> <strong><a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a></strong>
<a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
</pre> </pre>
<pre> <pre>
@@ -1396,10 +1396,10 @@ Examples:
# 2.10 specify "<a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>=". # 2.10 specify "<a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>=".
/etc/postfix/<a href="postconf.5.html">main.cf</a>: /etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> = <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> =
<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a> <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>
<strong><a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a></strong> <strong><a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a></strong>
<a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
...other rules... ...other rules...
</pre> </pre>
</blockquote> </blockquote>
@@ -1425,7 +1425,7 @@ use a particular envelope sender address: </p>
<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> = <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> =
... ...
<strong><a href="postconf.5.html#reject_sender_login_mismatch">reject_sender_login_mismatch</a></strong> <strong><a href="postconf.5.html#reject_sender_login_mismatch">reject_sender_login_mismatch</a></strong>
<a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a> <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>
... ...
</pre> </pre>
</blockquote> </blockquote>
@@ -1472,14 +1472,14 @@ REJECT mail from accounts whose credentials have been compromised.
<pre> <pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>: /etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> = <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> =
<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a> <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>
<a href="postconf.5.html#check_sasl_access">check_sasl_access</a> hash:/etc/postfix/sasl_access <a href="postconf.5.html#check_sasl_access">check_sasl_access</a> hash:/etc/postfix/sasl_access
<a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a> <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>
... ...
/etc/postfix/sasl_access: /etc/postfix/sasl_access:
# Use this when <a href="postconf.5.html#smtpd_sasl_local_domain">smtpd_sasl_local_domain</a> is empty. # Use this when <a href="postconf.5.html#smtpd_sasl_local_domain">smtpd_sasl_local_domain</a> is empty.
username HOLD username HOLD
# Use this when <a href="postconf.5.html#smtpd_sasl_local_domain">smtpd_sasl_local_domain</a>=example.com. # Use this when <a href="postconf.5.html#smtpd_sasl_local_domain">smtpd_sasl_local_domain</a>=example.com.
username@example.com HOLD username@example.com HOLD
</pre> </pre>

10
postfix/html/SCHEDULER_README.html
View File

@@ -1,5 +1,5 @@
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN" <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd"> "http://www.w3.org/TR/html4/loose.dtd">
<html> <html>
@@ -877,10 +877,10 @@ do
if transport process limit reached continue if transport process limit reached continue
foreach transport's job (in the order of the transport's job list) foreach transport's job (in the order of the transport's job list)
do do
foreach job's peer (round-robin-by-destination) foreach job's peer (round-robin-by-destination)
if peer-&gt;queue-&gt;concurrency &lt; peer-&gt;queue-&gt;window if peer-&gt;queue-&gt;concurrency &lt; peer-&gt;queue-&gt;window
return next peer entry. return next peer entry.
done done
done done
done done
</pre> </pre>

20
postfix/html/SMTPD_ACCESS_README.html
View File

@@ -190,20 +190,20 @@ described in the <a href="postconf.5.html">postconf(5)</a> manual page. </p>
# Relay control (Postfix 2.10 and later): local clients and # Relay control (Postfix 2.10 and later): local clients and
# authenticated clients may specify any destination domain. # authenticated clients may specify any destination domain.
<a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>,
<a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>, <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>,
<a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
# Spam control: exclude local clients and authenticated clients # Spam control: exclude local clients and authenticated clients
# from DNSBL lookups. # from DNSBL lookups.
<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>,
<a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>, <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>,
# <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> is not needed here if the mail # <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> is not needed here if the mail
# relay policy is specified under <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> # relay policy is specified under <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>
# (available with Postfix 2.10 and later). # (available with Postfix 2.10 and later).
<a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
<a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a> zen.spamhaus.org, <a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a> zen.spamhaus.org,
<a href="postconf.5.html#reject_rhsbl_helo">reject_rhsbl_helo</a> dbl.spamhaus.org, <a href="postconf.5.html#reject_rhsbl_helo">reject_rhsbl_helo</a> dbl.spamhaus.org,
<a href="postconf.5.html#reject_rhsbl_sender">reject_rhsbl_sender</a> dbl.spamhaus.org <a href="postconf.5.html#reject_rhsbl_sender">reject_rhsbl_sender</a> dbl.spamhaus.org
# Block clients that speak too early. # Block clients that speak too early.
<a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a> = <a href="postconf.5.html#reject_unauth_pipelining">reject_unauth_pipelining</a> <a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a> = <a href="postconf.5.html#reject_unauth_pipelining">reject_unauth_pipelining</a>

10
postfix/html/TLS_README.html
View File

@@ -1528,7 +1528,7 @@ As in the example above, we show two matching fingerprints: </p>
<blockquote> <blockquote>
<pre> <pre>
/etc/postfix/tls_policy: /etc/postfix/tls_policy:
example.com fingerprint example.com fingerprint
match=3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1 match=3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1
match=EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35 match=EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35
</pre> </pre>
@@ -2299,8 +2299,8 @@ Example:
[mail.example.org]:587 secure match=nexthop [mail.example.org]:587 secure match=nexthop
# Postfix 2.5 and later # Postfix 2.5 and later
[thumb.example.org] fingerprint [thumb.example.org] fingerprint
match=EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35 match=EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35
match=3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1 match=3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1
# Postfix 2.6 and later # Postfix 2.6 and later
example.info may protocols=!SSLv2 ciphers=medium exclude=3DES example.info may protocols=!SSLv2 ciphers=medium exclude=3DES
</pre> </pre>
@@ -2791,14 +2791,14 @@ but don't require them from all clients. </p>
/etc/postfix/<a href="postconf.5.html">main.cf</a>: /etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> = /etc/postfix/cacert.pem <a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> = /etc/postfix/cacert.pem
<a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> = <a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> =
btree:/var/lib/postfix/smtp_tls_session_cache btree:/var/lib/postfix/smtp_tls_session_cache
<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = may <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = may
<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> = /etc/postfix/cacert.pem <a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> = /etc/postfix/cacert.pem
<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> = /etc/postfix/foo-cert.pem <a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> = /etc/postfix/foo-cert.pem
<a href="postconf.5.html#smtpd_tls_key_file">smtpd_tls_key_file</a> = /etc/postfix/foo-key.pem <a href="postconf.5.html#smtpd_tls_key_file">smtpd_tls_key_file</a> = /etc/postfix/foo-key.pem
<a href="postconf.5.html#smtpd_tls_received_header">smtpd_tls_received_header</a> = yes <a href="postconf.5.html#smtpd_tls_received_header">smtpd_tls_received_header</a> = yes
<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a> = <a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a> =
btree:/var/lib/postfix/smtpd_tls_session_cache btree:/var/lib/postfix/smtpd_tls_session_cache
<a href="postconf.5.html#tls_random_source">tls_random_source</a> = dev:/dev/urandom <a href="postconf.5.html#tls_random_source">tls_random_source</a> = dev:/dev/urandom
<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> = may <a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> = may
</pre> </pre>

10
postfix/html/postconf.5.html
View File

@@ -7018,7 +7018,7 @@ to the configured before/after 220 greeting tests. </dd>
<pre> <pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>: /etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>,
<a href="cidr_table.5.html">cidr</a>:/etc/postfix/postscreen_access.cidr <a href="cidr_table.5.html">cidr</a>:/etc/postfix/postscreen_access.cidr
<a href="postconf.5.html#postscreen_blacklist_action">postscreen_blacklist_action</a> = enforce <a href="postconf.5.html#postscreen_blacklist_action">postscreen_blacklist_action</a> = enforce
</pre> </pre>
@@ -7341,7 +7341,7 @@ the file is read). </p>
<pre> <pre>
/etc/postfix/dnsbl_reply: /etc/postfix/dnsbl_reply:
secret.zen.spamhaus.org zen.spamhaus.org secret.zen.spamhaus.org zen.spamhaus.org
</pre> </pre>
<p> This feature is available in Postfix 2.8. </p> <p> This feature is available in Postfix 2.8. </p>
@@ -11199,7 +11199,7 @@ As in the example above, we show two matching fingerprints: </p>
<blockquote> <blockquote>
<pre> <pre>
/etc/postfix/tls_policy: /etc/postfix/tls_policy:
example.com fingerprint example.com fingerprint
match=3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1 match=3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1
match=EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35 match=EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35
</pre> </pre>
@@ -11777,8 +11777,8 @@ Example:
[mail.example.org]:587 secure match=nexthop [mail.example.org]:587 secure match=nexthop
# Postfix 2.5 and later # Postfix 2.5 and later
[thumb.example.org] fingerprint [thumb.example.org] fingerprint
match=EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35 match=EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35
match=3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1 match=3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1
</pre> </pre>
<p> <b>Note:</b> The <b>hostname</b> strategy if listed in a non-default <p> <b>Note:</b> The <b>hostname</b> strategy if listed in a non-default

223
postfix/proto/Makefile.in
View File

@@ -95,6 +95,7 @@ MAN = ../man/man5/postconf.5
AWK = awk '{ print; if (NR == 1) print ".pl 9999\n.ll 65" }' AWK = awk '{ print; if (NR == 1) print ".pl 9999\n.ll 65" }'
SRCTOMAN= ../mantools/srctoman SRCTOMAN= ../mantools/srctoman
POSTLINK= ../mantools/postlink POSTLINK= ../mantools/postlink
DETAB = pr -tre
HT2READ = ../mantools/html2readme HT2READ = ../mantools/html2readme
MAKEAAA = ../mantools/makereadme MAKEAAA = ../mantools/makereadme
MAKESOHO= ../mantools/make_soho_readme MAKESOHO= ../mantools/make_soho_readme
@@ -138,341 +139,341 @@ clobber:
$(SRCTOMAN) - $? | $(AWK) | nroff -man | col -bx | uniq | sed 's/^/# /' >$@ $(SRCTOMAN) - $? | $(AWK) | nroff -man | col -bx | uniq | sed 's/^/# /' >$@
../html/ADDRESS_CLASS_README.html: ADDRESS_CLASS_README.html ../html/ADDRESS_CLASS_README.html: ADDRESS_CLASS_README.html
$(POSTLINK) $? >$@ $(POSTLINK) $? | $(DETAB) >$@
../html/ADDRESS_REWRITING_README.html: ADDRESS_REWRITING_README.html ../html/ADDRESS_REWRITING_README.html: ADDRESS_REWRITING_README.html
$(POSTLINK) $? >$@ $(POSTLINK) $? | $(DETAB) >$@
../html/ADDRESS_VERIFICATION_README.html: ADDRESS_VERIFICATION_README.html ../html/ADDRESS_VERIFICATION_README.html: ADDRESS_VERIFICATION_README.html
$(POSTLINK) $? >$@ $(POSTLINK) $? | $(DETAB) >$@
../html/BACKSCATTER_README.html: BACKSCATTER_README.html ../html/BACKSCATTER_README.html: BACKSCATTER_README.html
$(POSTLINK) $? >$@ $(POSTLINK) $? | $(DETAB) >$@
../html/CDB_README.html: CDB_README.html ../html/CDB_README.html: CDB_README.html
$(POSTLINK) $? >$@ $(POSTLINK) $? | $(DETAB) >$@
../html/CONNECTION_CACHE_README.html: CONNECTION_CACHE_README.html ../html/CONNECTION_CACHE_README.html: CONNECTION_CACHE_README.html
$(POSTLINK) $? >$@ $(POSTLINK) $? | $(DETAB) >$@
../html/CONTENT_INSPECTION_README.html: CONTENT_INSPECTION_README.html ../html/CONTENT_INSPECTION_README.html: CONTENT_INSPECTION_README.html
$(POSTLINK) $? >$@ $(POSTLINK) $? | $(DETAB) >$@
../html/CYRUS_README.html: CYRUS_README.html ../html/CYRUS_README.html: CYRUS_README.html
$(POSTLINK) $? >$@ $(POSTLINK) $? | $(DETAB) >$@
../html/BASIC_CONFIGURATION_README.html: BASIC_CONFIGURATION_README.html ../html/BASIC_CONFIGURATION_README.html: BASIC_CONFIGURATION_README.html
$(POSTLINK) $? >$@ $(POSTLINK) $? | $(DETAB) >$@
../html/BUILTIN_FILTER_README.html: BUILTIN_FILTER_README.html ../html/BUILTIN_FILTER_README.html: BUILTIN_FILTER_README.html
$(POSTLINK) $? >$@ $(POSTLINK) $? | $(DETAB) >$@
../html/DATABASE_README.html: DATABASE_README.html ../html/DATABASE_README.html: DATABASE_README.html
$(POSTLINK) $? >$@ $(POSTLINK) $? | $(DETAB) >$@
../html/DB_README.html: DB_README.html ../html/DB_README.html: DB_README.html
$(POSTLINK) $? >$@ $(POSTLINK) $? | $(DETAB) >$@
../html/DEBUG_README.html: DEBUG_README.html ../html/DEBUG_README.html: DEBUG_README.html
$(POSTLINK) $? >$@ $(POSTLINK) $? | $(DETAB) >$@
../html/DSN_README.html: DSN_README.html ../html/DSN_README.html: DSN_README.html
$(POSTLINK) $? >$@ $(POSTLINK) $? | $(DETAB) >$@
../html/ETRN_README.html: ETRN_README.html ../html/ETRN_README.html: ETRN_README.html
$(POSTLINK) $? >$@ $(POSTLINK) $? | $(DETAB) >$@
../html/FILTER_README.html: FILTER_README.html ../html/FILTER_README.html: FILTER_README.html
$(POSTLINK) $? >$@ $(POSTLINK) $? | $(DETAB) >$@
../html/INSTALL.html: INSTALL.html ../html/INSTALL.html: INSTALL.html
$(POSTLINK) $? >$@ $(POSTLINK) $? | $(DETAB) >$@
../html/IPV6_README.html: IPV6_README.html ../html/IPV6_README.html: IPV6_README.html
$(POSTLINK) $? >$@ $(POSTLINK) $? | $(DETAB) >$@
../html/LDAP_README.html: LDAP_README.html ../html/LDAP_README.html: LDAP_README.html
$(POSTLINK) $? >$@ $(POSTLINK) $? | $(DETAB) >$@
../html/LINUX_README.html: LINUX_README.html ../html/LINUX_README.html: LINUX_README.html
$(POSTLINK) $? >$@ $(POSTLINK) $? | $(DETAB) >$@
../html/LOCAL_RECIPIENT_README.html: LOCAL_RECIPIENT_README.html ../html/LOCAL_RECIPIENT_README.html: LOCAL_RECIPIENT_README.html
$(POSTLINK) $? >$@ $(POSTLINK) $? | $(DETAB) >$@
../html/MAILDROP_README.html: MAILDROP_README.html ../html/MAILDROP_README.html: MAILDROP_README.html
$(POSTLINK) $? >$@ $(POSTLINK) $? | $(DETAB) >$@
../html/LMDB_README.html: LMDB_README.html ../html/LMDB_README.html: LMDB_README.html
$(POSTLINK) $? >$@ $(POSTLINK) $? | $(DETAB) >$@
../html/MEMCACHE_README.html: MEMCACHE_README.html ../html/MEMCACHE_README.html: MEMCACHE_README.html
$(POSTLINK) $? >$@ $(POSTLINK) $? | $(DETAB) >$@
../html/MILTER_README.html: MILTER_README.html ../html/MILTER_README.html: MILTER_README.html
$(POSTLINK) $? >$@ $(POSTLINK) $? | $(DETAB) >$@
../html/MULTI_INSTANCE_README.html: MULTI_INSTANCE_README.html ../html/MULTI_INSTANCE_README.html: MULTI_INSTANCE_README.html
$(POSTLINK) $? >$@ $(POSTLINK) $? | $(DETAB) >$@
../html/MYSQL_README.html: MYSQL_README.html ../html/MYSQL_README.html: MYSQL_README.html
$(POSTLINK) $? >$@ $(POSTLINK) $? | $(DETAB) >$@
../html/NFS_README.html: NFS_README.html ../html/NFS_README.html: NFS_README.html
$(POSTLINK) $? >$@ $(POSTLINK) $? | $(DETAB) >$@
../html/OVERVIEW.html: OVERVIEW.html ../html/OVERVIEW.html: OVERVIEW.html
$(POSTLINK) $? >$@ $(POSTLINK) $? | $(DETAB) >$@
../html/PACKAGE_README.html: PACKAGE_README.html ../html/PACKAGE_README.html: PACKAGE_README.html
$(POSTLINK) $? >$@ $(POSTLINK) $? | $(DETAB) >$@
../html/PCRE_README.html: PCRE_README.html ../html/PCRE_README.html: PCRE_README.html
$(POSTLINK) $? >$@ $(POSTLINK) $? | $(DETAB) >$@
../html/PGSQL_README.html: PGSQL_README.html ../html/PGSQL_README.html: PGSQL_README.html
$(POSTLINK) $? >$@ $(POSTLINK) $? | $(DETAB) >$@
../html/POSTSCREEN_README.html: POSTSCREEN_README.html ../html/POSTSCREEN_README.html: POSTSCREEN_README.html
$(POSTLINK) $? >$@ $(POSTLINK) $? | $(DETAB) >$@
../html/QMQP_README.html: QMQP_README.html ../html/QMQP_README.html: QMQP_README.html
$(POSTLINK) $? >$@ $(POSTLINK) $? | $(DETAB) >$@
../html/QSHAPE_README.html: QSHAPE_README.html ../html/QSHAPE_README.html: QSHAPE_README.html
$(POSTLINK) $? >$@ $(POSTLINK) $? | $(DETAB) >$@
../html/RESTRICTION_CLASS_README.html: RESTRICTION_CLASS_README.html ../html/RESTRICTION_CLASS_README.html: RESTRICTION_CLASS_README.html
$(POSTLINK) $? >$@ $(POSTLINK) $? | $(DETAB) >$@
../html/SASL_README.html: SASL_README.html ../html/SASL_README.html: SASL_README.html
$(POSTLINK) $? >$@ $(POSTLINK) $? | $(DETAB) >$@
../html/SCHEDULER_README.html: SCHEDULER_README.html ../html/SCHEDULER_README.html: SCHEDULER_README.html
$(POSTLINK) $? >$@ $(POSTLINK) $? | $(DETAB) >$@
../html/SMTPD_ACCESS_README.html: SMTPD_ACCESS_README.html ../html/SMTPD_ACCESS_README.html: SMTPD_ACCESS_README.html
$(POSTLINK) $? >$@ $(POSTLINK) $? | $(DETAB) >$@
../html/SMTPD_POLICY_README.html: SMTPD_POLICY_README.html ../html/SMTPD_POLICY_README.html: SMTPD_POLICY_README.html
$(POSTLINK) $? >$@ $(POSTLINK) $? | $(DETAB) >$@
../html/SMTPD_PROXY_README.html: SMTPD_PROXY_README.html ../html/SMTPD_PROXY_README.html: SMTPD_PROXY_README.html
$(POSTLINK) $? >$@ $(POSTLINK) $? | $(DETAB) >$@
../html/SOHO_README.html: $(MAKESOHO) $(DEPSOHO) ../html/SOHO_README.html: $(MAKESOHO) $(DEPSOHO)
$(MAKESOHO) | $(POSTLINK) >$@ $(MAKESOHO) | $(POSTLINK) | $(DETAB) >$@
../html/SQLITE_README.html: SQLITE_README.html ../html/SQLITE_README.html: SQLITE_README.html
$(POSTLINK) $? >$@ $(POSTLINK) $? | $(DETAB) >$@
../html/STANDARD_CONFIGURATION_README.html: STANDARD_CONFIGURATION_README.html ../html/STANDARD_CONFIGURATION_README.html: STANDARD_CONFIGURATION_README.html
$(POSTLINK) $? >$@ $(POSTLINK) $? | $(DETAB) >$@
../html/STRESS_README.html: STRESS_README.html ../html/STRESS_README.html: STRESS_README.html
$(POSTLINK) $? >$@ $(POSTLINK) $? | $(DETAB) >$@
../html/TUNING_README.html: TUNING_README.html ../html/TUNING_README.html: TUNING_README.html
$(POSTLINK) $? >$@ $(POSTLINK) $? | $(DETAB) >$@
../html/UUCP_README.html: UUCP_README.html ../html/UUCP_README.html: UUCP_README.html
$(POSTLINK) $? >$@ $(POSTLINK) $? | $(DETAB) >$@
../html/ULTRIX_README.html: ULTRIX_README.html ../html/ULTRIX_README.html: ULTRIX_README.html
$(POSTLINK) $? >$@ $(POSTLINK) $? | $(DETAB) >$@
../html/VERP_README.html: VERP_README.html ../html/VERP_README.html: VERP_README.html
$(POSTLINK) $? >$@ $(POSTLINK) $? | $(DETAB) >$@
../html/VIRTUAL_README.html: VIRTUAL_README.html ../html/VIRTUAL_README.html: VIRTUAL_README.html
$(POSTLINK) $? >$@ $(POSTLINK) $? | $(DETAB) >$@
../html/XCLIENT_README.html: XCLIENT_README.html ../html/XCLIENT_README.html: XCLIENT_README.html
$(POSTLINK) $? >$@ $(POSTLINK) $? | $(DETAB) >$@
../html/XFORWARD_README.html: XFORWARD_README.html ../html/XFORWARD_README.html: XFORWARD_README.html
$(POSTLINK) $? >$@ $(POSTLINK) $? | $(DETAB) >$@
../html/TLS_README.html: TLS_README.html ../html/TLS_README.html: TLS_README.html
$(POSTLINK) $? >$@ $(POSTLINK) $? | $(DETAB) >$@
../html/TLS_LEGACY_README.html: TLS_LEGACY_README.html ../html/TLS_LEGACY_README.html: TLS_LEGACY_README.html
$(POSTLINK) $? >$@ $(POSTLINK) $? | $(DETAB) >$@
../README_FILES/ADDRESS_CLASS_README: ADDRESS_CLASS_README.html ../README_FILES/ADDRESS_CLASS_README: ADDRESS_CLASS_README.html
$(HT2READ) $? >$@ $(HT2READ) $? | $(DETAB) >$@
../README_FILES/ADDRESS_REWRITING_README: ADDRESS_REWRITING_README.html ../README_FILES/ADDRESS_REWRITING_README: ADDRESS_REWRITING_README.html
$(HT2READ) $? >$@ $(HT2READ) $? | $(DETAB) >$@
../README_FILES/ADDRESS_VERIFICATION_README: ADDRESS_VERIFICATION_README.html ../README_FILES/ADDRESS_VERIFICATION_README: ADDRESS_VERIFICATION_README.html
$(HT2READ) $? >$@ $(HT2READ) $? | $(DETAB) >$@
../README_FILES/BACKSCATTER_README: BACKSCATTER_README.html ../README_FILES/BACKSCATTER_README: BACKSCATTER_README.html
$(HT2READ) $? >$@ $(HT2READ) $? | $(DETAB) >$@
../README_FILES/BASIC_CONFIGURATION_README: BASIC_CONFIGURATION_README.html ../README_FILES/BASIC_CONFIGURATION_README: BASIC_CONFIGURATION_README.html
$(HT2READ) $? >$@ $(HT2READ) $? | $(DETAB) >$@
../README_FILES/BUILTIN_FILTER_README: BUILTIN_FILTER_README.html ../README_FILES/BUILTIN_FILTER_README: BUILTIN_FILTER_README.html
$(HT2READ) $? >$@ $(HT2READ) $? | $(DETAB) >$@
../README_FILES/CDB_README: CDB_README.html ../README_FILES/CDB_README: CDB_README.html
$(HT2READ) $? >$@ $(HT2READ) $? | $(DETAB) >$@
../README_FILES/CONNECTION_CACHE_README: CONNECTION_CACHE_README.html ../README_FILES/CONNECTION_CACHE_README: CONNECTION_CACHE_README.html
$(HT2READ) $? >$@ $(HT2READ) $? | $(DETAB) >$@
../README_FILES/CONTENT_INSPECTION_README: CONTENT_INSPECTION_README.html ../README_FILES/CONTENT_INSPECTION_README: CONTENT_INSPECTION_README.html
$(HT2READ) $? >$@ $(HT2READ) $? | $(DETAB) >$@
../README_FILES/CYRUS_README: CYRUS_README.html ../README_FILES/CYRUS_README: CYRUS_README.html
$(HT2READ) $? >$@ $(HT2READ) $? | $(DETAB) >$@
../README_FILES/DATABASE_README: DATABASE_README.html ../README_FILES/DATABASE_README: DATABASE_README.html
$(HT2READ) $? >$@ $(HT2READ) $? | $(DETAB) >$@
../README_FILES/DB_README: DB_README.html ../README_FILES/DB_README: DB_README.html
$(HT2READ) $? >$@ $(HT2READ) $? | $(DETAB) >$@
../README_FILES/DEBUG_README: DEBUG_README.html ../README_FILES/DEBUG_README: DEBUG_README.html
$(HT2READ) $? >$@ $(HT2READ) $? | $(DETAB) >$@
../README_FILES/DSN_README: DSN_README.html ../README_FILES/DSN_README: DSN_README.html
$(HT2READ) $? >$@ $(HT2READ) $? | $(DETAB) >$@
../README_FILES/ETRN_README: ETRN_README.html ../README_FILES/ETRN_README: ETRN_README.html
$(HT2READ) $? >$@ $(HT2READ) $? | $(DETAB) >$@
../README_FILES/FILTER_README: FILTER_README.html ../README_FILES/FILTER_README: FILTER_README.html
$(HT2READ) $? >$@ $(HT2READ) $? | $(DETAB) >$@
../README_FILES/INSTALL: INSTALL.html ../README_FILES/INSTALL: INSTALL.html
$(HT2READ) $? >$@ $(HT2READ) $? | $(DETAB) >$@
../README_FILES/IPV6_README: IPV6_README.html ../README_FILES/IPV6_README: IPV6_README.html
$(HT2READ) $? >$@ $(HT2READ) $? | $(DETAB) >$@
../README_FILES/LDAP_README: LDAP_README.html ../README_FILES/LDAP_README: LDAP_README.html
$(HT2READ) $? >$@ $(HT2READ) $? | $(DETAB) >$@
../README_FILES/LINUX_README: LINUX_README.html ../README_FILES/LINUX_README: LINUX_README.html
$(HT2READ) $? >$@ $(HT2READ) $? | $(DETAB) >$@
../README_FILES/LOCAL_RECIPIENT_README: LOCAL_RECIPIENT_README.html ../README_FILES/LOCAL_RECIPIENT_README: LOCAL_RECIPIENT_README.html
$(HT2READ) $? >$@ $(HT2READ) $? | $(DETAB) >$@
../README_FILES/MAILDROP_README: MAILDROP_README.html ../README_FILES/MAILDROP_README: MAILDROP_README.html
$(HT2READ) $? >$@ $(HT2READ) $? | $(DETAB) >$@
../README_FILES/LMDB_README: LMDB_README.html ../README_FILES/LMDB_README: LMDB_README.html
$(HT2READ) $? >$@ $(HT2READ) $? | $(DETAB) >$@
../README_FILES/MEMCACHE_README: MEMCACHE_README.html ../README_FILES/MEMCACHE_README: MEMCACHE_README.html
$(HT2READ) $? >$@ $(HT2READ) $? | $(DETAB) >$@
../README_FILES/MILTER_README: MILTER_README.html ../README_FILES/MILTER_README: MILTER_README.html
$(HT2READ) $? >$@ $(HT2READ) $? | $(DETAB) >$@
../README_FILES/MULTI_INSTANCE_README: MULTI_INSTANCE_README.html ../README_FILES/MULTI_INSTANCE_README: MULTI_INSTANCE_README.html
$(HT2READ) $? >$@ $(HT2READ) $? | $(DETAB) >$@
../README_FILES/MYSQL_README: MYSQL_README.html ../README_FILES/MYSQL_README: MYSQL_README.html
$(HT2READ) $? >$@ $(HT2READ) $? | $(DETAB) >$@
../README_FILES/NFS_README: NFS_README.html ../README_FILES/NFS_README: NFS_README.html
$(HT2READ) $? >$@ $(HT2READ) $? | $(DETAB) >$@
../README_FILES/OVERVIEW: OVERVIEW.html ../README_FILES/OVERVIEW: OVERVIEW.html
$(HT2READ) $? >$@ $(HT2READ) $? | $(DETAB) >$@
../README_FILES/PACKAGE_README: PACKAGE_README.html ../README_FILES/PACKAGE_README: PACKAGE_README.html
$(HT2READ) $? >$@ $(HT2READ) $? | $(DETAB) >$@
../README_FILES/PCRE_README: PCRE_README.html ../README_FILES/PCRE_README: PCRE_README.html
$(HT2READ) $? >$@ $(HT2READ) $? | $(DETAB) >$@
../README_FILES/PGSQL_README: PGSQL_README.html ../README_FILES/PGSQL_README: PGSQL_README.html
$(HT2READ) $? >$@ $(HT2READ) $? | $(DETAB) >$@
../README_FILES/POSTSCREEN_README: POSTSCREEN_README.html ../README_FILES/POSTSCREEN_README: POSTSCREEN_README.html
$(HT2READ) $? >$@ $(HT2READ) $? | $(DETAB) >$@
../README_FILES/QMQP_README: QMQP_README.html ../README_FILES/QMQP_README: QMQP_README.html
$(HT2READ) $? >$@ $(HT2READ) $? | $(DETAB) >$@
../README_FILES/QSHAPE_README: QSHAPE_README.html ../README_FILES/QSHAPE_README: QSHAPE_README.html
$(HT2READ) $? >$@ $(HT2READ) $? | $(DETAB) >$@
../README_FILES/RESTRICTION_CLASS_README: RESTRICTION_CLASS_README.html ../README_FILES/RESTRICTION_CLASS_README: RESTRICTION_CLASS_README.html
$(HT2READ) $? >$@ $(HT2READ) $? | $(DETAB) >$@
../README_FILES/SASL_README: SASL_README.html ../README_FILES/SASL_README: SASL_README.html
$(HT2READ) $? >$@ $(HT2READ) $? | $(DETAB) >$@
../README_FILES/SCHEDULER_README: SCHEDULER_README.html ../README_FILES/SCHEDULER_README: SCHEDULER_README.html
$(HT2READ) $? >$@ $(HT2READ) $? | $(DETAB) >$@
../README_FILES/SMTPD_ACCESS_README: SMTPD_ACCESS_README.html ../README_FILES/SMTPD_ACCESS_README: SMTPD_ACCESS_README.html
$(HT2READ) $? >$@ $(HT2READ) $? | $(DETAB) >$@
../README_FILES/SMTPD_POLICY_README: SMTPD_POLICY_README.html ../README_FILES/SMTPD_POLICY_README: SMTPD_POLICY_README.html
$(HT2READ) $? >$@ $(HT2READ) $? | $(DETAB) >$@
../README_FILES/SMTPD_PROXY_README: SMTPD_PROXY_README.html ../README_FILES/SMTPD_PROXY_README: SMTPD_PROXY_README.html
$(HT2READ) $? >$@ $(HT2READ) $? | $(DETAB) >$@
../README_FILES/SOHO_README: $(MAKESOHO) $(DEPSOHO) ../README_FILES/SOHO_README: $(MAKESOHO) $(DEPSOHO)
$(MAKESOHO) | $(HT2READ) >$@ $(MAKESOHO) | $(HT2READ) | $(DETAB) >$@
../README_FILES/SQLITE_README: SQLITE_README.html ../README_FILES/SQLITE_README: SQLITE_README.html
$(HT2READ) $? >$@ $(HT2READ) $? | $(DETAB) >$@
../README_FILES/STANDARD_CONFIGURATION_README: STANDARD_CONFIGURATION_README.html ../README_FILES/STANDARD_CONFIGURATION_README: STANDARD_CONFIGURATION_README.html
$(HT2READ) $? >$@ $(HT2READ) $? | $(DETAB) >$@
../README_FILES/STRESS_README: STRESS_README.html ../README_FILES/STRESS_README: STRESS_README.html
$(HT2READ) $? >$@ $(HT2READ) $? | $(DETAB) >$@
../README_FILES/TUNING_README: TUNING_README.html ../README_FILES/TUNING_README: TUNING_README.html
$(HT2READ) $? >$@ $(HT2READ) $? | $(DETAB) >$@
../README_FILES/UUCP_README: UUCP_README.html ../README_FILES/UUCP_README: UUCP_README.html
$(HT2READ) $? >$@ $(HT2READ) $? | $(DETAB) >$@
../README_FILES/ULTRIX_README: ULTRIX_README.html ../README_FILES/ULTRIX_README: ULTRIX_README.html
$(HT2READ) $? >$@ $(HT2READ) $? | $(DETAB) >$@
../README_FILES/VERP_README: VERP_README.html ../README_FILES/VERP_README: VERP_README.html
$(HT2READ) $? >$@ $(HT2READ) $? | $(DETAB) >$@
../README_FILES/VIRTUAL_README: VIRTUAL_README.html ../README_FILES/VIRTUAL_README: VIRTUAL_README.html
$(HT2READ) $? >$@ $(HT2READ) $? | $(DETAB) >$@
../README_FILES/XCLIENT_README: XCLIENT_README.html ../README_FILES/XCLIENT_README: XCLIENT_README.html
$(HT2READ) $? >$@ $(HT2READ) $? | $(DETAB) >$@
../README_FILES/XFORWARD_README: XFORWARD_README.html ../README_FILES/XFORWARD_README: XFORWARD_README.html
$(HT2READ) $? >$@ $(HT2READ) $? | $(DETAB) >$@
../README_FILES/TLS_README: TLS_README.html ../README_FILES/TLS_README: TLS_README.html
$(HT2READ) $? >$@ $(HT2READ) $? | $(DETAB) >$@
../README_FILES/TLS_LEGACY_README: TLS_LEGACY_README.html ../README_FILES/TLS_LEGACY_README: TLS_LEGACY_README.html
$(HT2READ) $? >$@ $(HT2READ) $? | $(DETAB) >$@
../README_FILES/AAAREADME: ../html/index.html $(MAKEAAA) ../README_FILES/AAAREADME: ../html/index.html $(MAKEAAA)
$(MAKEAAA) ../html/index.html | $(HT2READ) >$@ $(MAKEAAA) ../html/index.html | $(HT2READ) | $(DETAB) >$@
../man/man5/postconf.5: postconf.man.prolog postconf.proto postconf.man.epilog \ ../man/man5/postconf.5: postconf.man.prolog postconf.proto postconf.man.epilog \
../mantools/xpostconf ../mantools/postconf2html ../mantools/postconf2man ../mantools/xpostconf ../mantools/postconf2html ../mantools/postconf2man
(cat postconf.man.prolog; ../mantools/xpostconf postconf.proto | \ (cat postconf.man.prolog; ../mantools/xpostconf postconf.proto | \
../mantools/postconf2html | ../mantools/postconf2man | \ ../mantools/postconf2html | ../mantools/postconf2man | \
sed 's/\\e&/\\\&/'; cat postconf.man.epilog ) > $@ sed 's/\\e&/\\\&/'; cat postconf.man.epilog ) | $(DETAB) > $@
../html/postconf.5.html: postconf.html.prolog postconf.proto \ ../html/postconf.5.html: postconf.html.prolog postconf.proto \
postconf.html.epilog ../mantools/xpostconf ../mantools/postconf2html \ postconf.html.epilog ../mantools/xpostconf ../mantools/postconf2html \
../mantools/postlink ../mantools/postlink
(cat postconf.html.prolog; ../mantools/xpostconf postconf.proto | \ (cat postconf.html.prolog; ../mantools/xpostconf postconf.proto | \
../mantools/postconf2html | ../mantools/postlink; \ ../mantools/postconf2html | ../mantools/postlink; \
cat postconf.html.epilog ) > $@ cat postconf.html.epilog ) | $(DETAB) > $@

2
postfix/src/global/mail_version.h
View File

@@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no * Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only. * patchlevel; they change the release date only.
*/ */
#define MAIL_RELEASE_DATE "20131102" #define MAIL_RELEASE_DATE "20131103"
#define MAIL_VERSION_NUMBER "2.11" #define MAIL_VERSION_NUMBER "2.11"
#ifdef SNAPSHOT #ifdef SNAPSHOT

21
postfix/src/util/dict_lmdb.c
View File

@@ -551,12 +551,31 @@ DICT *dict_lmdb_open(const char *path, int open_flags, int dict_flags)
mdb_path = concatenate(path, "." DICT_TYPE_LMDB, (char *) 0); mdb_path = concatenate(path, "." DICT_TYPE_LMDB, (char *) 0);
/* /*
* Impedance adapters. * Security violation.
*
* By default, LMDB 0.9.9 writes uninitialized heap memory to a
* world-readable database file. This is a basic memory disclosure
* vulnerability: memory content that a program does not intend to share
* ends up in a world-readable file. The content of uninitialized heap
* memory depends on program execution history. That history includes
* code execution in other libraries that are linked into the program.
*
* As a workaround we turn on MDB_WRITEMAP which disables the use of
* malloc() in LMDB. However, that does not address several disclosures
* of stack memory.
*/ */
mdb_flags = MDB_NOSUBDIR | MDB_NOLOCK; mdb_flags = MDB_NOSUBDIR | MDB_NOLOCK;
if (open_flags == O_RDONLY) if (open_flags == O_RDONLY)
mdb_flags |= MDB_RDONLY; mdb_flags |= MDB_RDONLY;
/*
* Replace with MDB_VERSION_FULL < MDB_VERINT(X, Y, Z) after this is
* fixed up-stream.
*/
#if 1
mdb_flags |= MDB_WRITEMAP;
#endif
slmdb_flags = 0; slmdb_flags = 0;
if (dict_flags & DICT_FLAG_BULK_UPDATE) if (dict_flags & DICT_FLAG_BULK_UPDATE)
slmdb_flags |= SLMDB_FLAG_BULK; slmdb_flags |= SLMDB_FLAG_BULK;