mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-31 14:17:41 +00:00
Code Issues Releases Wiki Activity

postfix-2.6-20080726

Browse Source
This commit is contained in:
Wietse Venema
2008-07-26 00:00:00 -05:00
committed by Viktor Dukhovni
parent ed03f0df0f
commit 7e3ab00293
23 changed files with 281 additions and 109 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
postfix/HISTORY
View File

@@ -14526,3 +14526,26 @@ Apologies for any names omitted.
The description of SASL authentication attributes was
garbled. File: pipe/pipe.c.
Information: the master(8) server now logs the version
besides the configuration directory upon "postfix reload".
File: master/master.c.
20080717
Cleanup: a poorly-implemented integer overflow check for
TCP MSS calculation had the unexpected effect that people
broke Postfix on LP64 systems while attempting to silence
a compiler warning. File: util/vstream_tweak.c.
20080721
The cleanup server now rejects undisclosed_recipients_header
parameter values with invalid message header syntax.
File: cleanup/cleanup_message.c.
20080725
Paranoia: defer delivery when a mailbox file is not owned
by the recipient. Sebastian Krahmer, SuSE. Files:
local/mailbox.c, virtual/mailbox.c.

20
postfix/RELEASE_NOTES
View File

@@ -11,12 +11,6 @@ instead, a new snapshot is released.
The mail_release_date configuration parameter (format: yyyymmdd)
specifies the release date of a stable release or snapshot release.
Incompatibility with Postfix 2.4 and earlier
============================================
If you upgrade from Postfix 2.4 or earlier, read RELEASE_NOTES-2.5
before proceeding.
Incompatibility with snapshot 20080629
======================================
@@ -25,6 +19,14 @@ longer ignores the "smtpd_tls_auth_only = yes" parameter setting.
Earlier Postfix SMTP server versions would announce SASL support,
and would accept SASL login or sender information.
Incompatibility with snapshot 20080726
======================================
When a mailbox file is not owned by its recipient, the local and
virtual delivery agents now log a warning and defer delivery.
Specify "strict_mailbox_ownership = no" to ignore such ownership
discrepancies.
Major changes with snapshot 20080629
====================================
@@ -72,3 +74,9 @@ files with versions from an older release, and end up with a broken
configuration that cannot repair itself. For this reason, postfix-script,
postfix-files and post-install are moved away from /etc/postfix to
$daemon_directory.
Incompatible changes with Postfix 2.5.0
=======================================
If you upgrade from Postfix 2.4 or earlier, read RELEASE_NOTES-2.5
before proceeding.

8
postfix/WISHLIST
View File

@@ -1,5 +1,13 @@
Wish list:
Force a panic when the VDA patch reduces the file size limit
under the message size. They break the code that marks a
recipient as "done", when that recipient was added late
(e.g., "sendmail -t" or Milter SMFIR_ADDRCPT).
Set a flag when a remote SMTP client speaks before the
Postfix SMTP server sends the 220 greeting.
Encapsulate time_t comparisons so that they can be made
system dependent (use difftime() where available).

94
postfix/html/local.8.html
View File

@@ -398,60 +398,66 @@ LOCAL(8) LOCAL(8)
attempt; do not update the Delivered-To: address
while expanding aliases or .forward files.
Available in Postfix version 2.5.3 and later:
<b><a href="postconf.5.html#strict_mailbox_ownership">strict_mailbox_ownership</a> (yes)</b>
Defer delivery when a mailbox file is not owned by
its recipient.
<b>DELIVERY METHOD CONTROLS</b>
The precedence of <a href="local.8.html"><b>local</b>(8)</a> delivery methods from high to
low is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>,
<a href="postconf.5.html#mailbox_transport">mailbox_transport</a>, <a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>,
<a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>, fallback_trans-
The precedence of <a href="local.8.html"><b>local</b>(8)</a> delivery methods from high to
low is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>,
<a href="postconf.5.html#mailbox_transport">mailbox_transport</a>, <a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>,
<a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>, fallback_trans-
port_maps, <a href="postconf.5.html#fallback_transport">fallback_transport</a>, and <a href="postconf.5.html#luser_relay">luser_relay</a>.
<b><a href="postconf.5.html#alias_maps">alias_maps</a> (see 'postconf -d' output)</b>
The alias databases that are used for <a href="local.8.html"><b>local</b>(8)</a>
The alias databases that are used for <a href="local.8.html"><b>local</b>(8)</a>
delivery.
<b><a href="postconf.5.html#forward_path">forward_path</a> (see 'postconf -d' output)</b>
The <a href="local.8.html"><b>local</b>(8)</a> delivery agent search list for finding
a .forward file with user-specified delivery meth-
a .forward file with user-specified delivery meth-
ods.
<b><a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a> (empty)</b>
Optional lookup tables with per-recipient message
delivery transports to use for <a href="local.8.html"><b>local</b>(8)</a> mailbox
delivery, whether or not the recipients are found
Optional lookup tables with per-recipient message
delivery transports to use for <a href="local.8.html"><b>local</b>(8)</a> mailbox
delivery, whether or not the recipients are found
in the UNIX passwd database.
<b><a href="postconf.5.html#mailbox_transport">mailbox_transport</a> (empty)</b>
Optional message delivery transport that the
<a href="local.8.html"><b>local</b>(8)</a> delivery agent should use for mailbox
delivery to all local recipients, whether or not
Optional message delivery transport that the
<a href="local.8.html"><b>local</b>(8)</a> delivery agent should use for mailbox
delivery to all local recipients, whether or not
they are found in the UNIX passwd database.
<b><a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a> (empty)</b>
Optional lookup tables with per-recipient external
Optional lookup tables with per-recipient external
commands to use for <a href="local.8.html"><b>local</b>(8)</a> mailbox delivery.
<b><a href="postconf.5.html#mailbox_command">mailbox_command</a> (empty)</b>
Optional external command that the <a href="local.8.html"><b>local</b>(8)</a> deliv-
Optional external command that the <a href="local.8.html"><b>local</b>(8)</a> deliv-
ery agent should use for mailbox delivery.
<b><a href="postconf.5.html#home_mailbox">home_mailbox</a> (empty)</b>
Optional pathname of a mailbox file relative to a
Optional pathname of a mailbox file relative to a
<a href="local.8.html"><b>local</b>(8)</a> user's home directory.
<b><a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a> (see 'postconf -d' output)</b>
The directory where <a href="local.8.html"><b>local</b>(8)</a> UNIX-style mailboxes
The directory where <a href="local.8.html"><b>local</b>(8)</a> UNIX-style mailboxes
are kept.
<b><a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a> (empty)</b>
Optional lookup tables with per-recipient message
delivery transports for recipients that the
<a href="local.8.html"><b>local</b>(8)</a> delivery agent could not find in the
Optional lookup tables with per-recipient message
delivery transports for recipients that the
<a href="local.8.html"><b>local</b>(8)</a> delivery agent could not find in the
<a href="aliases.5.html"><b>aliases</b>(5)</a> or UNIX password database.
<b><a href="postconf.5.html#fallback_transport">fallback_transport</a> (empty)</b>
Optional message delivery transport that the
<a href="local.8.html"><b>local</b>(8)</a> delivery agent should use for names that
are not found in the <a href="aliases.5.html"><b>aliases</b>(5)</a> or UNIX password
Optional message delivery transport that the
<a href="local.8.html"><b>local</b>(8)</a> delivery agent should use for names that
are not found in the <a href="aliases.5.html"><b>aliases</b>(5)</a> or UNIX password
database.
<b><a href="postconf.5.html#luser_relay">luser_relay</a> (empty)</b>
@@ -461,7 +467,7 @@ LOCAL(8) LOCAL(8)
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#command_execution_directory">command_execution_directory</a> (empty)</b>
The <a href="local.8.html"><b>local</b>(8)</a> delivery agent working directory for
The <a href="local.8.html"><b>local</b>(8)</a> delivery agent working directory for
delivery to external command.
<b>MAILBOX LOCKING CONTROLS</b>
@@ -470,15 +476,15 @@ LOCAL(8) LOCAL(8)
sive lock on a mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
<b><a href="postconf.5.html#deliver_lock_delay">deliver_lock_delay</a> (1s)</b>
The time between attempts to acquire an exclusive
The time between attempts to acquire an exclusive
lock on a mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
<b><a href="postconf.5.html#stale_lock_time">stale_lock_time</a> (500s)</b>
The time after which a stale exclusive mailbox
The time after which a stale exclusive mailbox
lockfile is removed.
<b><a href="postconf.5.html#mailbox_delivery_lock">mailbox_delivery_lock</a> (see 'postconf -d' output)</b>
How to lock a UNIX-style <a href="local.8.html"><b>local</b>(8)</a> mailbox before
How to lock a UNIX-style <a href="local.8.html"><b>local</b>(8)</a> mailbox before
attempting delivery.
<b>RESOURCE AND RATE CONTROLS</b>
@@ -486,17 +492,17 @@ LOCAL(8) LOCAL(8)
Time limit for delivery to external commands.
<b><a href="postconf.5.html#duplicate_filter_limit">duplicate_filter_limit</a> (1000)</b>
The maximal number of addresses remembered by the
address duplicate filter for <a href="aliases.5.html"><b>aliases</b>(5)</a> or <a href="virtual.5.html"><b>vir-</b></a>
The maximal number of addresses remembered by the
address duplicate filter for <a href="aliases.5.html"><b>aliases</b>(5)</a> or <a href="virtual.5.html"><b>vir-</b></a>
<a href="virtual.5.html"><b>tual</b>(5)</a> alias expansion, or for <a href="showq.8.html"><b>showq</b>(8)</a> queue dis-
plays.
<b><a href="postconf.5.html#local_destination_concurrency_limit">local_destination_concurrency_limit</a> (2)</b>
The maximal number of parallel deliveries via the
The maximal number of parallel deliveries via the
local mail delivery transport to the same recipient
(when "<a href="postconf.5.html#local_destination_recipient_limit">local_destination_recipient_limit</a> = 1") or
the maximal number of parallel deliveries to the
same <a href="ADDRESS_CLASS_README.html#local_domain_class">local domain</a> (when "local_destination_recipi-
(when "<a href="postconf.5.html#local_destination_recipient_limit">local_destination_recipient_limit</a> = 1") or
the maximal number of parallel deliveries to the
same <a href="ADDRESS_CLASS_README.html#local_domain_class">local domain</a> (when "local_destination_recipi-
ent_limit &gt; 1").
<b><a href="postconf.5.html#local_destination_recipient_limit">local_destination_recipient_limit</a> (1)</b>
@@ -509,33 +515,39 @@ LOCAL(8) LOCAL(8)
<b>SECURITY CONTROLS</b>
<b><a href="postconf.5.html#allow_mail_to_commands">allow_mail_to_commands</a> (alias, forward)</b>
Restrict <a href="local.8.html"><b>local</b>(8)</a> mail delivery to external com-
Restrict <a href="local.8.html"><b>local</b>(8)</a> mail delivery to external com-
mands.
<b><a href="postconf.5.html#allow_mail_to_files">allow_mail_to_files</a> (alias, forward)</b>
Restrict <a href="local.8.html"><b>local</b>(8)</a> mail delivery to external files.
Restrict <a href="local.8.html"><b>local</b>(8)</a> mail delivery to external files.
<b><a href="postconf.5.html#command_expansion_filter">command_expansion_filter</a> (see 'postconf -d' output)</b>
Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery
agent allows in $name expansions of $<a href="postconf.5.html#mailbox_command">mailbox_com</a>-
<a href="postconf.5.html#mailbox_command">mand</a>.
Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery
agent allows in $name expansions of $<a href="postconf.5.html#mailbox_command">mailbox_com</a>-
<a href="postconf.5.html#mailbox_command">mand</a> and $<a href="postconf.5.html#command_execution_directory">command_execution_directory</a>.
<b><a href="postconf.5.html#default_privs">default_privs</a> (nobody)</b>
The default rights used by the <a href="local.8.html"><b>local</b>(8)</a> delivery
The default rights used by the <a href="local.8.html"><b>local</b>(8)</a> delivery
agent for delivery to external file or command.
<b><a href="postconf.5.html#forward_expansion_filter">forward_expansion_filter</a> (see 'postconf -d' output)</b>
Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery
agent allows in $name expansions of $<a href="postconf.5.html#forward_path">forward_path</a>.
Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery
agent allows in $name expansions of $<a href="postconf.5.html#forward_path">forward_path</a>.
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#execution_directory_expansion_filter">execution_directory_expansion_filter</a> (see 'postconf -d'</b>
<b>output)</b>
Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery
Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery
agent allows in $name expansions of $<a href="postconf.5.html#command_execution_directory">command_execu</a>-
<a href="postconf.5.html#command_execution_directory">tion_directory</a>.
Available in Postfix version 2.5.3 and later:
<b><a href="postconf.5.html#strict_mailbox_ownership">strict_mailbox_ownership</a> (yes)</b>
Defer delivery when a mailbox file is not owned by
its recipient.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and

2
postfix/html/mysql_table.5.html
View File

@@ -45,7 +45,7 @@ MYSQL_TABLE(5) MYSQL_TABLE(5)
version.
Postfix 2.2 has enhanced query interfaces for MySQL and
PostgreSQL, these include features previously available
PostgreSQL; these include features previously available
only in the Postfix LDAP client. In the new interface the
SQL query is specified via a single <b>query</b> parameter
(described in more detail below). When the new <b>query</b>

40
postfix/html/postconf.5.html
View File

@@ -1143,15 +1143,27 @@ This feature is available in Postfix 2.0 and later.
(default: 50000)</b></DT><DD>
<p> The maximal amount of original message text that is sent in a
non-delivery notification. Specify a byte count. If you increase
this limit, then you should increase the <a href="postconf.5.html#mime_nesting_limit">mime_nesting_limit</a> value
proportionally. </p>
non-delivery notification. Specify a byte count. With Postfix 2.4
and later, a message is returned as either message/rfc822 (the
complete original) or as text/rfc822-headers (the headers only).
With earlier Postfix versions, a message is always returned as
message/rfc822 and is truncated when it exceeds the size limit.
</p>
<p> Note: be careful when making changes. Excessively large values
<p> Notes: </p>
<ul>
<li> <p> If you increase this limit, then you should increase the
<a href="postconf.5.html#mime_nesting_limit">mime_nesting_limit</a> value proportionally. </p>
<li> <p> Be careful when making changes. Excessively large values
will result in the loss of non-delivery notifications, when a bounce
message size exceeds a local or remote MTA's message size limit.
</p>
</ul>
</DD>
@@ -6194,9 +6206,9 @@ key to the lookup result.
</p>
<p>
For example, with a <a href="virtual.5.html">virtual(5)</a> mapping of "<i>joe@domain -&gt;
joe.user</i>", the address "<i>joe+foo@domain</i>" would rewrite
to "<i>joe.user+foo</i>".
For example, with a <a href="virtual.5.html">virtual(5)</a> mapping of "<i>joe@example.com =&gt;
joe.user@example.net</i>", the address "<i>joe+foo@example.com</i>"
would rewrite to "<i>joe.user+foo@example.net</i>".
</p>
<p>
@@ -12517,6 +12529,17 @@ This feature is available in Postfix 2.0 and later.
</p>
</DD>
<DT><b><a name="strict_mailbox_ownership">strict_mailbox_ownership</a>
(default: yes)</b></DT><DD>
<p> Defer delivery when a mailbox file is not owned by its recipient.
The default setting is not backwards compatible. </p>
<p> This feature is available in Postfix 2.5.3 and later. </p>
</DD>
<DT><b><a name="strict_mime_encoding_domain">strict_mime_encoding_domain</a>
@@ -13070,7 +13093,8 @@ The default time unit is s (seconds).
<p>
Message header that the Postfix <a href="cleanup.8.html">cleanup(8)</a> server inserts when a
message contains no To: or Cc: message header. </p>
message contains no To: or Cc: message header. With Postfix 2.4
and later, specify an empty value to disable this feature. </p>
</DD>

58
postfix/html/virtual.8.html
View File

@@ -200,9 +200,15 @@ VIRTUAL(8) VIRTUAL(8)
destination for final delivery to domains listed
with $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>.
Available in Postfix version 2.5.3 and later:
<b><a href="postconf.5.html#strict_mailbox_ownership">strict_mailbox_ownership</a> (yes)</b>
Defer delivery when a mailbox file is not owned by
its recipient.
<b>LOCKING CONTROLS</b>
<b><a href="postconf.5.html#virtual_mailbox_lock">virtual_mailbox_lock</a> (see 'postconf -d' output)</b>
How to lock a UNIX-style <a href="virtual.8.html"><b>virtual</b>(8)</a> mailbox before
How to lock a UNIX-style <a href="virtual.8.html"><b>virtual</b>(8)</a> mailbox before
attempting delivery.
<b><a href="postconf.5.html#deliver_lock_attempts">deliver_lock_attempts</a> (20)</b>
@@ -210,41 +216,41 @@ VIRTUAL(8) VIRTUAL(8)
sive lock on a mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
<b><a href="postconf.5.html#deliver_lock_delay">deliver_lock_delay</a> (1s)</b>
The time between attempts to acquire an exclusive
The time between attempts to acquire an exclusive
lock on a mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
<b><a href="postconf.5.html#stale_lock_time">stale_lock_time</a> (500s)</b>
The time after which a stale exclusive mailbox
The time after which a stale exclusive mailbox
lockfile is removed.
<b>RESOURCE AND RATE CONTROLS</b>
<b><a href="postconf.5.html#virtual_destination_concurrency_limit">virtual_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destina</a>-</b>
<b><a href="postconf.5.html#default_destination_concurrency_limit">tion_concurrency_limit</a>)</b>
The maximal number of parallel deliveries to the
same destination via the virtual message delivery
The maximal number of parallel deliveries to the
same destination via the virtual message delivery
transport.
<b><a href="postconf.5.html#virtual_destination_recipient_limit">virtual_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destina</a>-</b>
<b><a href="postconf.5.html#default_destination_recipient_limit">tion_recipient_limit</a>)</b>
The maximal number of recipients per delivery via
The maximal number of recipients per message for
the virtual message delivery transport.
<b><a href="postconf.5.html#virtual_mailbox_limit">virtual_mailbox_limit</a> (51200000)</b>
The maximal size in bytes of an individual mailbox
The maximal size in bytes of an individual mailbox
or maildir file, or zero (no limit).
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
<a href="master.5.html">master.cf</a> configuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
How much time a Postfix daemon process may take to
handle a request before it is terminated by a
How much time a Postfix daemon process may take to
handle a request before it is terminated by a
built-in watchdog timer.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
The maximal number of digits after the decimal
The maximal number of digits after the decimal
point when logging sub-second delay values.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
@@ -252,33 +258,33 @@ VIRTUAL(8) VIRTUAL(8)
over an internal communication channel.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
The maximum amount of time that an idle Postfix
daemon process waits for an incoming connection
The maximum amount of time that an idle Postfix
daemon process waits for an incoming connection
before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
The maximal number of incoming connections that a
Postfix daemon process will service before termi-
The maximal number of incoming connections that a
Postfix daemon process will service before termi-
nating voluntarily.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
The process ID of a Postfix command or daemon
The process ID of a Postfix command or daemon
process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
The process name of a Postfix command or daemon
The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
The location of the Postfix top-level queue direc-
The location of the Postfix top-level queue direc-
tory.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
<b>SEE ALSO</b>
@@ -291,20 +297,20 @@ VIRTUAL(8) VIRTUAL(8)
<a href="VIRTUAL_README.html">VIRTUAL_README</a>, domain hosting howto
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
The Secure Mailer license must be distributed with this
software.
<b>HISTORY</b>
This delivery agent was originally based on the Postfix
local delivery agent. Modifications mainly consisted of
removing code that either was not applicable or that was
not safe in this context: aliases, ~user/.forward files,
This delivery agent was originally based on the Postfix
local delivery agent. Modifications mainly consisted of
removing code that either was not applicable or that was
not safe in this context: aliases, ~user/.forward files,
delivery to "|command" or to /file/name.
The <b>Delivered-To:</b> message header appears in the <b>qmail</b> sys-
tem by Daniel Bernstein.
The <b>maildir</b> structure appears in the <b>qmail</b> system by
The <b>maildir</b> structure appears in the <b>qmail</b> system by
Daniel Bernstein.
<b>AUTHOR(S)</b>

2
postfix/man/man5/mysql_table.5
View File

@@ -46,7 +46,7 @@ Note: with this form, the passwords for the MySQL sources are
written in main.cf, which is normally world-readable. Support
for this form will be removed in a future Postfix version.
Postfix 2.2 has enhanced query interfaces for MySQL and PostgreSQL,
Postfix 2.2 has enhanced query interfaces for MySQL and PostgreSQL;
these include features previously available only in the Postfix
LDAP client. In the new interface the SQL query is specified via
a single \fBquery\fR parameter (described in more detail below).

29
postfix/man/man5/postconf.5
View File

@@ -634,11 +634,18 @@ of failed delivery attempts and generates non-delivery notifications.
This feature is available in Postfix 2.0 and later.
.SH bounce_size_limit (default: 50000)
The maximal amount of original message text that is sent in a
non-delivery notification. Specify a byte count. If you increase
this limit, then you should increase the mime_nesting_limit value
proportionally.
non-delivery notification. Specify a byte count. With Postfix 2.4
and later, a message is returned as either message/rfc822 (the
complete original) or as text/rfc822-headers (the headers only).
With earlier Postfix versions, a message is always returned as
message/rfc822 and is truncated when it exceeds the size limit.
.PP
Note: be careful when making changes. Excessively large values
Notes:
.IP \(bu
If you increase this limit, then you should increase the
mime_nesting_limit value proportionally.
.IP \(bu
Be careful when making changes. Excessively large values
will result in the loss of non-delivery notifications, when a bounce
message size exceeds a local or remote MTA's message size limit.
.SH bounce_template_file (default: empty)
@@ -3440,9 +3447,9 @@ The process name of a Postfix command or daemon process.
What address lookup tables copy an address extension from the lookup
key to the lookup result.
.PP
For example, with a \fBvirtual\fR(5) mapping of "\fIjoe@domain ->
joe.user\fR", the address "\fIjoe+foo@domain\fR" would rewrite
to "\fIjoe.user+foo\fR".
For example, with a \fBvirtual\fR(5) mapping of "\fIjoe@example.com =>
joe.user@example.net\fR", the address "\fIjoe+foo@example.com\fR"
would rewrite to "\fIjoe.user+foo@example.net\fR".
.PP
Specify zero or more of \fBcanonical\fR, \fBvirtual\fR, \fBalias\fR,
\fBforward\fR, \fBinclude\fR or \fBgeneric\fR. These cause
@@ -7789,6 +7796,11 @@ This feature should not be enabled on a general purpose mail server,
because it is likely to reject legitimate email.
.PP
This feature is available in Postfix 2.0 and later.
.SH strict_mailbox_ownership (default: yes)
Defer delivery when a mailbox file is not owned by its recipient.
The default setting is not backwards compatible.
.PP
This feature is available in Postfix 2.5.3 and later.
.SH strict_mime_encoding_domain (default: no)
Reject mail with invalid Content-Transfer-Encoding: information
for the message/* or multipart/* MIME content types. This blocks
@@ -8078,7 +8090,8 @@ Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
.SH undisclosed_recipients_header (default: To: undisclosed-recipients:;)
Message header that the Postfix \fBcleanup\fR(8) server inserts when a
message contains no To: or Cc: message header.
message contains no To: or Cc: message header. With Postfix 2.4
and later, specify an empty value to disable this feature.
.SH unknown_address_reject_code (default: 450)
The numerical Postfix SMTP server response code when a sender or
recipient address is rejected by the reject_unknown_sender_domain

10
postfix/man/man8/local.8
View File

@@ -415,6 +415,10 @@ Update the \fBlocal\fR(8) delivery agent's idea of the Delivered-To:
address (see prepend_delivered_header) only once, at the start of
a delivery attempt; do not update the Delivered-To: address while
expanding aliases or .forward files.
.PP
Available in Postfix version 2.5.3 and later:
.IP "\fBstrict_mailbox_ownership (yes)\fR"
Defer delivery when a mailbox file is not owned by its recipient.
.SH "DELIVERY METHOD CONTROLS"
.na
.nf
@@ -513,7 +517,7 @@ Restrict \fBlocal\fR(8) mail delivery to external commands.
Restrict \fBlocal\fR(8) mail delivery to external files.
.IP "\fBcommand_expansion_filter (see 'postconf -d' output)\fR"
Restrict the characters that the \fBlocal\fR(8) delivery agent allows in
$name expansions of $mailbox_command.
$name expansions of $mailbox_command and $command_execution_directory.
.IP "\fBdefault_privs (nobody)\fR"
The default rights used by the \fBlocal\fR(8) delivery agent for delivery
to external file or command.
@@ -525,6 +529,10 @@ Available in Postfix version 2.2 and later:
.IP "\fBexecution_directory_expansion_filter (see 'postconf -d' output)\fR"
Restrict the characters that the \fBlocal\fR(8) delivery agent allows
in $name expansions of $command_execution_directory.
.PP
Available in Postfix version 2.5.3 and later:
.IP "\fBstrict_mailbox_ownership (yes)\fR"
Defer delivery when a mailbox file is not owned by its recipient.
.SH "MISCELLANEOUS CONTROLS"
.na
.nf

6
postfix/man/man8/virtual.8
View File

@@ -213,6 +213,10 @@ mail is delivered via the $virtual_transport mail delivery transport.
.IP "\fBvirtual_transport (virtual)\fR"
The default mail delivery transport and next-hop destination for
final delivery to domains listed with $virtual_mailbox_domains.
.PP
Available in Postfix version 2.5.3 and later:
.IP "\fBstrict_mailbox_ownership (yes)\fR"
Defer delivery when a mailbox file is not owned by its recipient.
.SH "LOCKING CONTROLS"
.na
.nf
@@ -238,7 +242,7 @@ The time after which a stale exclusive mailbox lockfile is removed.
The maximal number of parallel deliveries to the same destination
via the virtual message delivery transport.
.IP "\fBvirtual_destination_recipient_limit ($default_destination_recipient_limit)\fR"
The maximal number of recipients per delivery via the virtual
The maximal number of recipients per message for the virtual
message delivery transport.
.IP "\fBvirtual_mailbox_limit (51200000)\fR"
The maximal size in bytes of an individual mailbox or maildir file,

1
postfix/mantools/postlink
View File

@@ -517,6 +517,7 @@ while (<>) {
s;\bstrict_8bitmime\b;<a href="postconf.5.html#strict_8bitmime">$&</a>;g;
s;\bstrict_8bitmime_body\b;<a href="postconf.5.html#strict_8bitmime_body">$&</a>;g;
s;\bstrict_mime_encoding_domain\b;<a href="postconf.5.html#strict_mime_encoding_domain">$&</a>;g;
s;\bstrict_mailbox_ownership\b;<a href="postconf.5.html#strict_mailbox_ownership">$&</a>;g;
s;\bstrict_rfc821_envelopes\b;<a href="postconf.5.html#strict_rfc821_envelopes">$&</a>;g;
s;\bsun_mailtool_compatibility\b;<a href="postconf.5.html#sun_mailtool_compatibility">$&</a>;g;
s;\bswap_bangpath\b;<a href="postconf.5.html#swap_bangpath">$&</a>;g;

2
postfix/proto/mysql_table
View File

@@ -38,7 +38,7 @@
# written in main.cf, which is normally world-readable. Support
# for this form will be removed in a future Postfix version.
#
# Postfix 2.2 has enhanced query interfaces for MySQL and PostgreSQL,
# Postfix 2.2 has enhanced query interfaces for MySQL and PostgreSQL;
# these include features previously available only in the Postfix
# LDAP client. In the new interface the SQL query is specified via
# a single \fBquery\fR parameter (described in more detail below).

34
postfix/proto/postconf.proto
View File

@@ -709,15 +709,27 @@ This feature is available in Postfix 2.1 and later.
%PARAM bounce_size_limit 50000
<p> The maximal amount of original message text that is sent in a
non-delivery notification. Specify a byte count. If you increase
this limit, then you should increase the mime_nesting_limit value
proportionally. </p>
non-delivery notification. Specify a byte count. With Postfix 2.4
and later, a message is returned as either message/rfc822 (the
complete original) or as text/rfc822-headers (the headers only).
With earlier Postfix versions, a message is always returned as
message/rfc822 and is truncated when it exceeds the size limit.
</p>
<p> Note: be careful when making changes. Excessively large values
<p> Notes: </p>
<ul>
<li> <p> If you increase this limit, then you should increase the
mime_nesting_limit value proportionally. </p>
<li> <p> Be careful when making changes. Excessively large values
will result in the loss of non-delivery notifications, when a bounce
message size exceeds a local or remote MTA's message size limit.
</p>
</ul>
%PARAM canonical_maps
<p>
@@ -3022,9 +3034,9 @@ key to the lookup result.
</p>
<p>
For example, with a virtual(5) mapping of "<i>joe@domain -&gt;
joe.user</i>", the address "<i>joe+foo@domain</i>" would rewrite
to "<i>joe.user+foo</i>".
For example, with a virtual(5) mapping of "<i>joe@example.com =&gt;
joe.user@example.net</i>", the address "<i>joe+foo@example.com</i>"
would rewrite to "<i>joe.user+foo@example.net</i>".
</p>
<p>
@@ -7863,7 +7875,8 @@ This feature is available in Postfix 2.1 and later.
<p>
Message header that the Postfix cleanup(8) server inserts when a
message contains no To: or Cc: message header. </p>
message contains no To: or Cc: message header. With Postfix 2.4
and later, specify an empty value to disable this feature. </p>
%PARAM unknown_relay_recipient_reject_code 550
@@ -11595,4 +11608,9 @@ details.
<p> This feature is available in Postfix 2.6 and later. </p>
%PARAM strict_mailbox_ownership yes
<p> Defer delivery when a mailbox file is not owned by its recipient.
The default setting is not backwards compatible. </p>
<p> This feature is available in Postfix 2.5.3 and later. </p>

11
postfix/src/cleanup/cleanup_message.c
View File

@@ -695,8 +695,15 @@ static void cleanup_header_done_callback(void *context)
#define VISIBLE_RCPT ((1 << HDR_TO) | (1 << HDR_RESENT_TO) \
| (1 << HDR_CC) | (1 << HDR_RESENT_CC))
if ((state->headers_seen & VISIBLE_RCPT) == 0 && *var_rcpt_witheld)
cleanup_out_format(state, REC_TYPE_NORM, "%s", var_rcpt_witheld);
if ((state->headers_seen & VISIBLE_RCPT) == 0 && *var_rcpt_witheld) {
if (!is_header(var_rcpt_witheld)) {
msg_warn("bad %s header text \"%s\" -- "
"need \"headername: headervalue\"",
VAR_RCPT_WITHELD, var_rcpt_witheld);
} else {
cleanup_out_format(state, REC_TYPE_NORM, "%s", var_rcpt_witheld);
}
}
/*
* Place a dummy PTR record right after the last header so that we can

7
postfix/src/global/mail_params.h
View File

@@ -2949,6 +2949,13 @@ extern int var_dest_rate_delay;
#define DEF_STRESS ""
extern char *var_stress;
/*
* Mailbox ownership.
*/
#define VAR_STRICT_MBOX_OWNER "strict_mailbox_ownership"
#define DEF_STRICT_MBOX_OWNER 1
extern bool var_strict_mbox_owner;
/* LICENSE
/* .ad
/* .fi

2
postfix/src/global/mail_version.h
View File

@@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
#define MAIL_RELEASE_DATE "20080629"
#define MAIL_RELEASE_DATE "20080726"
#define MAIL_VERSION_NUMBER "2.6"
#ifdef SNAPSHOT

12
postfix/src/local/local.c
View File

@@ -381,6 +381,10 @@
/* address (see prepend_delivered_header) only once, at the start of
/* a delivery attempt; do not update the Delivered-To: address while
/* expanding aliases or .forward files.
/* .PP
/* Available in Postfix version 2.5.3 and later:
/* .IP "\fBstrict_mailbox_ownership (yes)\fR"
/* Defer delivery when a mailbox file is not owned by its recipient.
/* DELIVERY METHOD CONTROLS
/* .ad
/* .fi
@@ -471,7 +475,7 @@
/* Restrict \fBlocal\fR(8) mail delivery to external files.
/* .IP "\fBcommand_expansion_filter (see 'postconf -d' output)\fR"
/* Restrict the characters that the \fBlocal\fR(8) delivery agent allows in
/* $name expansions of $mailbox_command.
/* $name expansions of $mailbox_command and $command_execution_directory.
/* .IP "\fBdefault_privs (nobody)\fR"
/* The default rights used by the \fBlocal\fR(8) delivery agent for delivery
/* to external file or command.
@@ -483,6 +487,10 @@
/* .IP "\fBexecution_directory_expansion_filter (see 'postconf -d' output)\fR"
/* Restrict the characters that the \fBlocal\fR(8) delivery agent allows
/* in $name expansions of $command_execution_directory.
/* .PP
/* Available in Postfix version 2.5.3 and later:
/* .IP "\fBstrict_mailbox_ownership (yes)\fR"
/* Defer delivery when a mailbox file is not owned by its recipient.
/* MISCELLANEOUS CONTROLS
/* .ad
/* .fi
@@ -644,6 +652,7 @@ int var_mailtool_compat;
char *var_mailbox_lock;
int var_mailbox_limit;
bool var_frozen_delivered;
bool var_strict_mbox_owner;
int local_cmd_deliver_mask;
int local_file_deliver_mask;
@@ -891,6 +900,7 @@ int main(int argc, char **argv)
VAR_STAT_HOME_DIR, DEF_STAT_HOME_DIR, &var_stat_home_dir,
VAR_MAILTOOL_COMPAT, DEF_MAILTOOL_COMPAT, &var_mailtool_compat,
VAR_FROZEN_DELIVERED, DEF_FROZEN_DELIVERED, &var_frozen_delivered,
VAR_STRICT_MBOX_OWNER, DEF_STRICT_MBOX_OWNER, &var_strict_mbox_owner,
0,
};

6
postfix/src/local/mailbox.c
View File

@@ -194,6 +194,12 @@ static int deliver_mailbox_file(LOCAL_STATE state, USER_ATTR usr_attr)
vstream_fclose(mp->fp);
dsb_simple(why, "5.2.0",
"destination %s is not a regular file", mailbox);
} else if (var_strict_mbox_owner && st.st_uid != usr_attr.uid) {
vstream_fclose(mp->fp);
dsb_simple(why, "4.2.0",
"destination %s is not owned by recipient", mailbox);
msg_warn("specify \"%s = no\" to ignore mailbox ownership mismatch",
VAR_STRICT_MBOX_OWNER);
} else {
end = vstream_fseek(mp->fp, (off_t) 0, SEEK_END);
mail_copy_status = mail_copy(COPY_ATTR(state.msg_attr), mp->fp,

3
postfix/src/master/master.c
View File

@@ -481,7 +481,8 @@ int main(int argc, char **argv)
watchdog_start(watchdog); /* same as trigger servers */
event_loop(-1);
if (master_gotsighup) {
msg_info("reload configuration %s", var_config_dir);
msg_info("reload -- version %s, configuration %s",
var_mail_version, var_config_dir);
master_gotsighup = 0; /* this first */
master_vars_init(); /* then this */
master_refresh(); /* then this */

2
postfix/src/util/vstream_tweak.c
View File

@@ -115,7 +115,7 @@ int vstream_tweak_tcp(VSTREAM *fp)
*/
#ifdef VSTREAM_CTL_BUFSIZE
if (mss > 0) {
if (mss < __MAXINT__(ssize_t) /2)
if (mss < INT_MAX / 2)
mss *= 2;
vstream_control(fp,
VSTREAM_CTL_BUFSIZE, (ssize_t) mss,

6
postfix/src/virtual/mailbox.c
View File

@@ -125,6 +125,12 @@ static int deliver_mailbox_file(LOCAL_STATE state, USER_ATTR usr_attr)
msg_warn("recipient %s: destination %s is not a regular file",
state.msg_attr.rcpt.address, usr_attr.mailbox);
dsb_simple(why, "5.3.5", "mail system configuration error");
} else if (var_strict_mbox_owner && st.st_uid != usr_attr.uid) {
vstream_fclose(mp->fp);
dsb_simple(why, "4.2.0",
"destination %s is not owned by recipient", usr_attr.mailbox);
msg_warn("specify \"%s = no\" to ignore mailbox ownership mismatch",
VAR_STRICT_MBOX_OWNER);
} else {
end = vstream_fseek(mp->fp, (off_t) 0, SEEK_END);
mail_copy_status = mail_copy(COPY_ATTR(state.msg_attr), mp->fp,

12
postfix/src/virtual/virtual.c
View File

@@ -183,6 +183,10 @@
/* .IP "\fBvirtual_transport (virtual)\fR"
/* The default mail delivery transport and next-hop destination for
/* final delivery to domains listed with $virtual_mailbox_domains.
/* .PP
/* Available in Postfix version 2.5.3 and later:
/* .IP "\fBstrict_mailbox_ownership (yes)\fR"
/* Defer delivery when a mailbox file is not owned by its recipient.
/* LOCKING CONTROLS
/* .ad
/* .fi
@@ -204,7 +208,7 @@
/* The maximal number of parallel deliveries to the same destination
/* via the virtual message delivery transport.
/* .IP "\fBvirtual_destination_recipient_limit ($default_destination_recipient_limit)\fR"
/* The maximal number of recipients per delivery via the virtual
/* The maximal number of recipients per message for the virtual
/* message delivery transport.
/* .IP "\fBvirtual_mailbox_limit (51200000)\fR"
/* The maximal size in bytes of an individual mailbox or maildir file,
@@ -329,6 +333,7 @@ char *var_virt_mailbox_base;
char *var_virt_mailbox_lock;
int var_virt_mailbox_limit;
char *var_mail_spool_dir; /* XXX dependency fix */
bool var_strict_mbox_owner;
/*
* Mappings.
@@ -504,6 +509,10 @@ int main(int argc, char **argv)
VAR_VIRT_MAILBOX_LOCK, DEF_VIRT_MAILBOX_LOCK, &var_virt_mailbox_lock, 1, 0,
0,
};
static const CONFIG_BOOL_TABLE bool_table[] = {
VAR_STRICT_MBOX_OWNER, DEF_STRICT_MBOX_OWNER, &var_strict_mbox_owner,
0,
};
/*
* Fingerprint executables and core dumps.
@@ -513,6 +522,7 @@ int main(int argc, char **argv)
single_server_main(argc, argv, local_service,
MAIL_SERVER_INT_TABLE, int_table,
MAIL_SERVER_STR_TABLE, str_table,
MAIL_SERVER_BOOL_TABLE, bool_table,
MAIL_SERVER_PRE_INIT, pre_init,
MAIL_SERVER_POST_INIT, post_init,
MAIL_SERVER_PRE_ACCEPT, pre_accept,