The cleanup(8) daemon uses the canonical(5) tables to rewrite -all addresses in message envelopes and in message headers. This is +addresses in message envelopes and in message headers. By default +all header and envelope addresses are rewritten; this is controlled +with the canonical_classes configuration parameter.
+ +Address rewriting is done for local and remote addresses. The mapping is useful to replace login names by "Firstname.Lastname" style addresses, or to clean up invalid domains in mail addresses produced by legacy mail @@ -453,7 +457,10 @@ applied only to sender addresses or to recipient addresses.
The sender and recipient canonical maps are applied before the -common canonical maps.
+common canonical maps. The sender_canonical_classes and +recipient_canonical_classes parameters control what addresses are +subject to sender_canonical_maps and recipient_canonical_maps +mappings, respectively.Sender-specific rewriting is useful when you want to rewrite ugly sender addresses to pretty ones, and still want to be able to diff --git a/postfix/html/SASL_README.html b/postfix/html/SASL_README.html index bcd2cf874..355a503a5 100644 --- a/postfix/html/SASL_README.html +++ b/postfix/html/SASL_README.html @@ -473,6 +473,13 @@ for example:
enters the optional chroot jail, so you can keep the file in /etc/postfix. +Note: Some SMTP servers support authentication mechanisms that, +although available on the client system, may not in practice work or +possess the appropriate credentials to authenticate to the server. It +is possible via the smtp_sasl_mechanism_filter parameter to further +restrict the list of server mechanisms that the smtp(8) client will take +into consideration.
+ The Postfix SMTP client is backwards compatible with SMTP
servers that use the non-standard "AUTH=method..." syntax in response
to the EHLO command; there is no Postfix client configuration needed
diff --git a/postfix/html/STANDARD_CONFIGURATION_README.html b/postfix/html/STANDARD_CONFIGURATION_README.html
index 32d152b0a..2e100cd35 100644
--- a/postfix/html/STANDARD_CONFIGURATION_README.html
+++ b/postfix/html/STANDARD_CONFIGURATION_README.html
@@ -422,6 +422,22 @@ matches $inet_interfaces or $
+ In some installations, there may be separate instances of Postfix
+processing inbound and outbound mail on a multi-homed firewall. The
+inbound Postfix instance has an SMTP server listening on the external
+firewall interface, and the outbound Postfix instance has an SMTP server
+listening on the internal interface. In such a configuration is it is
+tempting to configure $inet_interfaces in each instance with just the
+corresponding interface address. In most cases using inet_interaces in this way will not work,
+because as documented in the $inet_interfaces reference manual, the
+smtp(8) delivery agent will also use the specified interface address
+as the source address for outbound connections and will be unable to
+reach hosts on "the other side" of the firewall. The symptoms are that
+the firewall is unable to connect to hosts that are in fact up. See the
+inet_interfaces parameter documentation for suggested work-arounds. The simplest way to set up Postfix on a host behind a firewalled
diff --git a/postfix/html/canonical.5.html b/postfix/html/canonical.5.html
index de9c5ac44..fbfc98324 100644
--- a/postfix/html/canonical.5.html
+++ b/postfix/html/canonical.5.html
@@ -39,120 +39,131 @@ CANONICAL(5) CANONICAL(5)
way as described below under "REGULAR EXPRESSION TABLES"
and "TCP-BASED TABLES".
- The canonical mapping affects both message header
+ By default the canonical mapping affects both message
+ header addresses (i.e. addresses that appear inside mes-
+ sages) and message envelope addresses (for example, the
+ addresses that are used in SMTP protocol commands). Think
+ Sendmail rule set S3, if you like. This is controlled
+ with the canonical_classes parameter.
+
+ The canonical mapping affects both message header
addresses (i.e. addresses that appear inside messages) and
- message envelope addresses (for example, the addresses
- that are used in SMTP protocol commands). Think Sendmail
+ message envelope addresses (for example, the addresses
+ that are used in SMTP protocol commands). Think Sendmail
rule set S3, if you like.
- Typically, one would use the canonical table to replace
- login names by Firstname.Lastname, or to clean up
+ Typically, one would use the canonical table to replace
+ login names by Firstname.Lastname, or to clean up
addresses produced by legacy mail systems.
- The canonical mapping is not to be confused with virtual
+ The canonical mapping is not to be confused with virtual
domain support. Use the virtual(5) map for that purpose.
- The canonical mapping is not to be confused with local
+ The canonical mapping is not to be confused with local
aliasing. Use the aliases(5) map for that purpose.
TABLE FORMAT
The input format for the postmap(1) command is as follows:
pattern result
- When pattern matches a mail address, replace it by
+ When pattern matches a mail address, replace it by
the corresponding result.
blank lines and comments
- Empty lines and whitespace-only lines are ignored,
- as are lines whose first non-whitespace character
+ Empty lines and whitespace-only lines are ignored,
+ as are lines whose first non-whitespace character
is a `#'.
multi-line text
- A logical line starts with non-whitespace text. A
- line that starts with whitespace continues a logi-
+ A logical line starts with non-whitespace text. A
+ line that starts with whitespace continues a logi-
cal line.
With lookups from indexed files such as DB or DBM, or from
- networked tables such as NIS, LDAP or SQL, patterns are
+ networked tables such as NIS, LDAP or SQL, patterns are
tried in the order as listed below:
user@domain address
- user@domain is replaced by address. This form has
+ user@domain is replaced by address. This form has
the highest precedence.
- This is useful to clean up addresses produced by
- legacy mail systems. It can also be used to pro-
- duce Firstname.Lastname style addresses, but see
+ This is useful to clean up addresses produced by
+ legacy mail systems. It can also be used to pro-
+ duce Firstname.Lastname style addresses, but see
below for a simpler solution.
user address
user@site is replaced by address when site is equal
- to $myorigin, when site is listed in $mydestina-
- tion, or when it is listed in $inet_interfaces or
+ to $myorigin, when site is listed in $mydestina-
+ tion, or when it is listed in $inet_interfaces or
$proxy_interfaces.
- This form is useful for replacing login names by
+ This form is useful for replacing login names by
Firstname.Lastname.
@domain address
- Every address in domain is replaced by address.
+ Every address in domain is replaced by address.
This form has the lowest precedence.
- In all the above forms, when address has the form @other-
+ In all the above forms, when address has the form @other-
domain, the result is the same user in otherdomain.
ADDRESS EXTENSION
When a mail address localpart contains the optional recip-
- ient delimiter (e.g., user+foo@domain), the lookup order
+ ient delimiter (e.g., user+foo@domain), the lookup order
becomes: user+foo@domain, user@domain, user+foo, user, and
@domain.
- The propagate_unmatched_extensions parameter controls
- whether an unmatched address extension (+foo) is propa-
+ The propagate_unmatched_extensions parameter controls
+ whether an unmatched address extension (+foo) is propa-
gated to the result of table lookup.
REGULAR EXPRESSION TABLES
- This section describes how the table lookups change when
+ This section describes how the table lookups change when
the table is given in the form of regular expressions. For
- a description of regular expression lookup table syntax,
+ a description of regular expression lookup table syntax,
see regexp_table(5) or pcre_table(5).
- Each pattern is a regular expression that is applied to
+ Each pattern is a regular expression that is applied to
the entire address being looked up. Thus, user@domain mail
- addresses are not broken up into their user and @domain
+ addresses are not broken up into their user and @domain
constituent parts, nor is user+foo broken up into user and
foo.
- Patterns are applied in the order as specified in the
- table, until a pattern is found that matches the search
+ Patterns are applied in the order as specified in the
+ table, until a pattern is found that matches the search
string.
- Results are the same as with indexed file lookups, with
- the additional feature that parenthesized substrings from
+ Results are the same as with indexed file lookups, with
+ the additional feature that parenthesized substrings from
the pattern can be interpolated as $1, $2 and so on.
TCP-BASED TABLES
- This section describes how the table lookups change when
+ This section describes how the table lookups change when
lookups are directed to a TCP-based server. For a descrip-
- tion of the TCP client/server lookup protocol, see
- tcp_table(5). This feature is not available in Postfix
+ tion of the TCP client/server lookup protocol, see
+ tcp_table(5). This feature is not available in Postfix
version 2.1.
Each lookup operation uses the entire address once. Thus,
- user@domain mail addresses are not broken up into their
+ user@domain mail addresses are not broken up into their
user and @domain constituent parts, nor is user+foo broken
up into user and foo.
Results are the same as with indexed file lookups.
BUGS
- The table format does not understand quoting conventions.
+ The table format does not understand quoting conventions.
CONFIGURATION PARAMETERS
- The following main.cf parameters are especially relevant.
- The text below provides only a parameter summary. See
+ The following main.cf parameters are especially relevant.
+ The text below provides only a parameter summary. See
postconf(5) for more details including examples.
+ canonical_classes
+ What addresses are subject to canonical address
+ mapping.
+
canonical_maps
List of canonical mapping tables.
diff --git a/postfix/html/cleanup.8.html b/postfix/html/cleanup.8.html
index c9d3beb2f..235967ba4 100644
--- a/postfix/html/cleanup.8.html
+++ b/postfix/html/cleanup.8.html
@@ -223,10 +223,26 @@ CLEANUP(8) CLEANUP(8)
addresses or domains to other local or remote
address.
+ Available in Postfix version 2.2 and later:
+
+ canonical_classes (envelope_sender, envelope_recipient,
+ header_sender, header_recipient)
+ What addresses are subject to canonical_maps
+ address mapping.
+
+ recipient_canonical_classes (envelope_recipient,
+ header_recipient)
+ What addresses are subject to recipient_canoni-
+ cal_maps address mapping.
+
+ sender_canonical_classes (envelope_sender, header_sender)
+ What addresses are subject to sender_canonical_maps
+ address mapping.
+
RESOURCE AND RATE CONTROLS
duplicate_filter_limit (1000)
- The maximal number of addresses remembered by the
- address duplicate filter for aliases(5) or vir-
+ The maximal number of addresses remembered by the
+ address duplicate filter for aliases(5) or vir-
tual(5) alias expansion, or for showq(8) queue dis-
plays.
@@ -235,16 +251,16 @@ CLEANUP(8) CLEANUP(8)
message header.
hopcount_limit (50)
- The maximal number of Received: message headers
+ The maximal number of Received: message headers
that is allowed in the primary message headers.
in_flow_delay (1s)
- Time to pause before accepting a new message, when
+ Time to pause before accepting a new message, when
the message arrival rate exceeds the message deliv-
ery rate.
message_size_limit (10240000)
- The maximal size in bytes of a message, including
+ The maximal size in bytes of a message, including
envelope information.
Available in Postfix version 2.0 and later:
@@ -262,31 +278,31 @@ CLEANUP(8) CLEANUP(8)
will handle.
queue_file_attribute_count_limit (100)
- The maximal number of (name=value) attributes that
+ The maximal number of (name=value) attributes that
may be stored in a Postfix queue file.
Available in Postfix version 2.1 and later:
virtual_alias_expansion_limit (1000)
- The maximal number of addresses that virtual alias
+ The maximal number of addresses that virtual alias
expansion produces from each original recipient.
virtual_alias_recursion_limit (1000)
- The maximal nesting depth of virtual alias expan-
+ The maximal nesting depth of virtual alias expan-
sion.
MISCELLANEOUS CONTROLS
config_directory (see 'postconf -d' output)
- The default location of the Postfix main.cf and
+ The default location of the Postfix main.cf and
master.cf configuration files.
daemon_timeout (18000s)
- How much time a Postfix daemon process may take to
- handle a request before it is terminated by a
+ How much time a Postfix daemon process may take to
+ handle a request before it is terminated by a
built-in watchdog timer.
delay_warning_time (0h)
- The time after which the sender receives the mes-
+ The time after which the sender receives the mes-
sage headers of mail that is still queued.
ipc_timeout (3600s)
@@ -294,12 +310,12 @@ CLEANUP(8) CLEANUP(8)
over an internal communication channel.
max_idle (100s)
- The maximum amount of time that an idle Postfix
- daemon process waits for the next service request
+ The maximum amount of time that an idle Postfix
+ daemon process waits for the next service request
before exiting.
max_use (100)
- The maximal number of connection requests before a
+ The maximal number of connection requests before a
Postfix daemon process terminates.
myhostname (see 'postconf -d' output)
@@ -307,19 +323,19 @@ CLEANUP(8) CLEANUP(8)
myorigin ($myhostname)
The domain name that locally-posted mail appears to
- come from, and that locally posted mail is deliv-
+ come from, and that locally posted mail is deliv-
ered to.
process_id (read-only)
- The process ID of a Postfix command or daemon pro-
+ The process ID of a Postfix command or daemon pro-
cess.
process_name (read-only)
- The process name of a Postfix command or daemon
+ The process name of a Postfix command or daemon
process.
queue_directory (see 'postconf -d' output)
- The location of the Postfix top-level queue direc-
+ The location of the Postfix top-level queue direc-
tory.
soft_bounce (no)
@@ -330,14 +346,14 @@ CLEANUP(8) CLEANUP(8)
The syslog facility of Postfix logging.
syslog_name (postfix)
- The mail system name that is prepended to the pro-
+ The mail system name that is prepended to the pro-
cess name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
Available in Postfix version 2.1 and later:
enable_original_recipient (yes)
- Enable support for the X-Original-To message
+ Enable support for the X-Original-To message
header.
FILES
@@ -359,7 +375,7 @@ CLEANUP(8) CLEANUP(8)
ADDRESS_REWRITING_README Postfix address manipulation
LICENSE
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
AUTHOR(S)
diff --git a/postfix/html/header_checks.5.html b/postfix/html/header_checks.5.html
index 5a0c26d92..203d03c89 100644
--- a/postfix/html/header_checks.5.html
+++ b/postfix/html/header_checks.5.html
@@ -303,7 +303,7 @@ HEADER_CHECKS(5) HEADER_CHECKS(5)
/etc/postfix/header_checks:
/^content-(type|disposition):.*name[[:space:]]*=.*\.(exe|vbs)/
- REJECT Bad attachment file name extension: $1
+ REJECT Bad attachment file name extension: $2
Body pattern to stop a specific HTML browser vulnerability
exploit.
diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html
index 59035717e..9cddea559 100644
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@@ -528,8 +528,11 @@ Example:
Allow a recipient address to have `-' as the first character. By
default, this is not allowed, to avoid accidents with software that
-passes email addresses via the command line.
-Running Postfix behind a firewall
What addresses are subject to canonical_maps address mapping. +By default, canonical_maps address mapping is applied to envelope +sender and recipient addresses, and to header sender and header +recipient addresses.
+ +Specify one or more of: envelope_sender, envelope_recipient, +header_sender, header_recipient
+ +Optional address mapping lookup tables for message headers and envelopes. The mapping is applied to both sender and recipient -addresses, in both envelopes and in headers. This is typically used +addresses, in both envelopes and in headers, as controlled +with the canonical_classes parameter. This is typically used to clean up dirty addresses from legacy mail systems, or to replace login names by Firstname.Lastname. The table format and lookups are documented in canonical(5). @@ -2405,6 +2423,26 @@ machine. The parameter also controls delivery of mail to user@[ip.address].
++When inet_interfaces consists of just one IP address that is not a +loopback (net 127) address, the Postfix SMTP client will use this address +as the IP source address for outbound mail.
+ ++On a multi-homed firewall with separate Postfix instances listening on the +"inside" and "outside" interfaces, this can prevent each instance from +being able to reach servers on the "other side" of the firewall. Setting +smtp_bind_address to 0.0.0.0 avoids the potential problem.
+ ++A better solution is to leave inet_interfaces at the default value +and instead use explicit IP addresses in master.cf. This preserves SMTP +loop detection, by ensuring that each side of the firewall knows that the +other IP address is still the same host. Setting $inet_interfaces to a +single IP address is primarily useful with virtual hosting of domains on +secondary IP addresses, when each IP address serves a different domain +(and has a different $myhostname setting).
+See also the proxy_interfaces parameter, for network addresses that are forwarded to us by way of a proxy or address translator. @@ -4557,6 +4595,20 @@ Example: + + +
What addresses are subject to recipient_canonical_maps address +mapping. By default, recipient_canonical_maps address mapping is +applied to envelope recipient addresses, and to header recipient +addresses.
+ +Specify one or more of: envelope_recipient, header_recipient +
+ +What addresses are subject to sender_canonical_maps address +mapping. By default, sender_canonical_maps address mapping is +applied to envelope sender addresses, and to header sender addresses. +
+ +Specify one or more of: envelope_sender, header_sender
+ +Note: when inet_interfaces specifies exactly one address that +is a non-loopback address, it is automatically used as the +smtp_bind_address. This supports virtual IP hosting, but can be +a problem on multi-homed firewalls. See the inet_interfaces +documentation for more detail.
+ @@ -5642,6 +5713,33 @@ Example: + + ++If non-empty, filters the SMTP server's list of offered SASL mechanisms. +Different client and server implementations may support different +mechanism lists. By default, the client will use the intersection of the +two. smtp_sasl_mechanism_filter further restricts what server mechanisms +the client will take into consideration.
+ +Specify mechanism names, "/file/name" patterns or "type:table" +lookup tables. The right-hand side result from "type:table" lookups +is ignored.
+ ++Examples: +
+ ++smtp_sasl_mechanism_filter = plain, login +smtp_sasl_mechanism_filter = /etc/postfix/smtp_mechs +smtp_sasl_mechanism_filter = !gssapi, !login, static:rest ++ +
-Note 2: for security reasons, the virtual(8) delivery agent does -not allow table lookup through the proxymap(8) service, because -that would open a security hole. +Note 2: for security reasons, the virtual(8) delivery agent will +silently ignore requests to use the proxymap(8) server. Instead +it will open the table directly. Before Postfix version 2.2, the +virtual(8) delivery agent will terminate with a fatal error.
@@ -8118,9 +8215,10 @@ lookup tables, because that would open a security hole.-Note 2: for security reasons, the virtual(8) delivery agent disallows -table lookup through the proxymap(8) server, because that would -open a security hole. +Note 2: for security reasons, the virtual(8) delivery agent will +silently ignore requests to use the proxymap(8) server. Instead +it will open the table directly. Before Postfix version 2.2, the +virtual(8) delivery agent will terminate with a fatal error.
@@ -8203,9 +8301,10 @@ lookup tables, because that would open a security hole.-Note 2: for security reasons, the virtual(8) delivery agent does -not allow table lookup through the proxymap(8) service, because -that would open a security hole. +Note 2: for security reasons, the virtual(8) delivery agent will +silently ignore requests to use the proxymap(8) server. Instead +it will open the table directly. Before Postfix version 2.2, the +virtual(8) delivery agent will terminate with a fatal error.
diff --git a/postfix/html/smtp.8.html b/postfix/html/smtp.8.html index 808664687..097a9613d 100644 --- a/postfix/html/smtp.8.html +++ b/postfix/html/smtp.8.html @@ -170,26 +170,32 @@ SMTP(8) SMTP(8) What authentication mechanisms the Postfix SMTP client is allowed to use. + Available in Postfix version 2.2 and later: + + smtp_sasl_mechanism_filter (empty) + If non-empty, filters the SMTP server's list of + offered SASL mechanisms. + RESOURCE AND RATE CONTROLS smtp_destination_concurrency_limit ($default_destina- tion_concurrency_limit) - The maximal number of parallel deliveries to the - same destination via the smtp message delivery + The maximal number of parallel deliveries to the + same destination via the smtp message delivery transport. smtp_destination_recipient_limit ($default_destina- tion_recipient_limit) - The maximal number of recipients per delivery via + The maximal number of recipients per delivery via the smtp message delivery transport. smtp_connect_timeout (30s) - The SMTP client time limit for completing a TCP + The SMTP client time limit for completing a TCP connection, or zero (use the operating system built-in time limit). smtp_helo_timeout (300s) - The SMTP client time limit for sending the HELO or - EHLO command, and for receiving the initial server + The SMTP client time limit for sending the HELO or + EHLO command, and for receiving the initial server response. smtp_xforward_timeout (300s) @@ -197,30 +203,30 @@ SMTP(8) SMTP(8) command, and for receiving the server response. smtp_mail_timeout (300s) - The SMTP client time limit for sending the MAIL - FROM command, and for receiving the server + The SMTP client time limit for sending the MAIL + FROM command, and for receiving the server response. smtp_rcpt_timeout (300s) - The SMTP client time limit for sending the SMTP - RCPT TO command, and for receiving the server + The SMTP client time limit for sending the SMTP + RCPT TO command, and for receiving the server response. smtp_data_init_timeout (120s) - The SMTP client time limit for sending the SMTP - DATA command, and for receiving the server + The SMTP client time limit for sending the SMTP + DATA command, and for receiving the server response. smtp_data_xfer_timeout (180s) - The SMTP client time limit for sending the SMTP + The SMTP client time limit for sending the SMTP message content. smtp_data_done_timeout (600s) - The SMTP client time limit for sending the SMTP + The SMTP client time limit for sending the SMTP ".", and for receiving the server response. smtp_quit_timeout (300s) - The SMTP client time limit for sending the QUIT + The SMTP client time limit for sending the QUIT command, and for receiving the server response. Available in Postfix version 2.1 and later: @@ -231,28 +237,28 @@ SMTP(8) SMTP(8) lookups, or zero (no limit). smtp_mx_session_limit (2) - The maximal number of SMTP sessions per delivery - request before giving up or delivering to a fall- + The maximal number of SMTP sessions per delivery + request before giving up or delivering to a fall- back relay host, or zero (no limit). smtp_rset_timeout (20s) - The SMTP client time limit for sending the RSET + The SMTP client time limit for sending the RSET command, and for receiving the server response. Available in Postfix version 2.2 and later: smtp_connection_cache_destinations (empty) - Permanently enable SMTP connection caching for the + Permanently enable SMTP connection caching for the specified destinations. smtp_connection_cache_on_demand (yes) - Temporarily enable SMTP session caching while a + Temporarily enable SMTP session caching while a destination has a high volume of mail in the active queue. smtp_connection_cache_reuse_limit (10) When SMTP session caching is enabled, the number of - times that an SMTP session is reused before it is + times that an SMTP session is reused before it is closed. smtp_connection_cache_time_limit (2s) @@ -262,46 +268,46 @@ SMTP(8) SMTP(8) TROUBLE SHOOTING CONTROLS debug_peer_level (2) - The increment in verbose logging level when a - remote client or server matches a pattern in the + The increment in verbose logging level when a + remote client or server matches a pattern in the debug_peer_list parameter. debug_peer_list (empty) - Optional list of remote client or server hostname - or network address patterns that cause the verbose - logging level to increase by the amount specified + Optional list of remote client or server hostname + or network address patterns that cause the verbose + logging level to increase by the amount specified in $debug_peer_level. error_notice_recipient (postmaster) - The recipient of postmaster notifications about - mail delivery problems that are caused by policy, + The recipient of postmaster notifications about + mail delivery problems that are caused by policy, resource, software or protocol errors. notify_classes (resource, software) - The list of error classes that are reported to the + The list of error classes that are reported to the postmaster. MISCELLANEOUS CONTROLS best_mx_transport (empty) - Where the Postfix SMTP client should deliver mail + Where the Postfix SMTP client should deliver mail when it detects a "mail loops back to myself" error condition. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and + The default location of the Postfix main.cf and master.cf configuration files. daemon_timeout (18000s) - How much time a Postfix daemon process may take to - handle a request before it is terminated by a + How much time a Postfix daemon process may take to + handle a request before it is terminated by a built-in watchdog timer. disable_dns_lookups (no) - Disable DNS lookups in the Postfix SMTP and LMTP + Disable DNS lookups in the Postfix SMTP and LMTP clients. fallback_relay (empty) - Optional list of relay hosts for SMTP destinations + Optional list of relay hosts for SMTP destinations that can't be found or that are unreachable. inet_interfaces (all) @@ -313,25 +319,25 @@ SMTP(8) SMTP(8) over an internal communication channel. max_idle (100s) - The maximum amount of time that an idle Postfix - daemon process waits for the next service request + The maximum amount of time that an idle Postfix + daemon process waits for the next service request before exiting. max_use (100) - The maximal number of connection requests before a + The maximal number of connection requests before a Postfix daemon process terminates. process_id (read-only) - The process ID of a Postfix command or daemon pro- + The process ID of a Postfix command or daemon pro- cess. process_name (read-only) - The process name of a Postfix command or daemon + The process name of a Postfix command or daemon process. proxy_interfaces (empty) The network interface addresses that this mail sys- - tem receives mail on by way of a proxy or network + tem receives mail on by way of a proxy or network address translation unit. smtp_bind_address (empty) @@ -339,22 +345,22 @@ SMTP(8) SMTP(8) client should bind to when making a connection. smtp_helo_name ($myhostname) - The hostname to send in the SMTP EHLO or HELO com- + The hostname to send in the SMTP EHLO or HELO com- mand. smtp_host_lookup (dns) - What mechanisms when the SMTP client uses to look + What mechanisms when the SMTP client uses to look up a host's IP address. smtp_randomize_addresses (yes) - Randomize the order of equal-preference MX host + Randomize the order of equal-preference MX host addresses. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (postfix) - The mail system name that is prepended to the pro- + The mail system name that is prepended to the pro- cess name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". @@ -370,7 +376,7 @@ SMTP(8) SMTP(8) SASL_README, Postfix SASL howto LICENSE - The Secure Mailer license must be distributed with this + The Secure Mailer license must be distributed with this software. AUTHOR(S) diff --git a/postfix/man/man5/canonical.5 b/postfix/man/man5/canonical.5 index d4c998cf6..544a8e20c 100644 --- a/postfix/man/man5/canonical.5 +++ b/postfix/man/man5/canonical.5 @@ -36,6 +36,13 @@ can be directed to TCP-based server. In that case, the lookups are done in a slightly different way as described below under "REGULAR EXPRESSION TABLES" and "TCP-BASED TABLES". +By default the \fBcanonical\fR mapping affects both message +header addresses (i.e. addresses that appear inside messages) +and message envelope addresses (for example, the addresses +that are used in SMTP protocol commands). Think Sendmail +rule set \fBS3\fR, if you like. This is controlled with +the \fBcanonical_classes\fR parameter. + The \fBcanonical\fR mapping affects both message header addresses (i.e. addresses that appear inside messages) and message envelope addresses (for example, the addresses that are used in SMTP protocol @@ -152,6 +159,8 @@ The table format does not understand quoting conventions. The following \fBmain.cf\fR parameters are especially relevant. The text below provides only a parameter summary. See postconf(5) for more details including examples. +.IP \fBcanonical_classes\fR +What addresses are subject to canonical address mapping. .IP \fBcanonical_maps\fR List of canonical mapping tables. .IP \fBrecipient_canonical_maps\fR diff --git a/postfix/man/man5/header_checks.5 b/postfix/man/man5/header_checks.5 index 866d68831..2d8e51ff5 100644 --- a/postfix/man/man5/header_checks.5 +++ b/postfix/man/man5/header_checks.5 @@ -282,7 +282,7 @@ header_checks = regexp:/etc/postfix/header_checks .ti +4 /^content-(type|disposition):.*name[[:space:]]*=.*\\.(exe|vbs)/ .ti +8 -REJECT Bad attachment file name extension: $1 +REJECT Bad attachment file name extension: $2 .ad .fi diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index 360055e19..739436ebb 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -287,7 +287,11 @@ allow_mail_to_files = alias,forward,include .SH allow_min_user (default: no) Allow a recipient address to have `-' as the first character. By default, this is not allowed, to avoid accidents with software that -passes email addresses via the command line. +passes email addresses via the command line. Such software +would not be able to distinguish a malicious address from a +bona fide command-line option. Although this can be prevented by +inserting a "--" option terminator into the command line, this is +difficult to enforce consistently and globally. .SH allow_percent_hack (default: yes) Enable the rewriting of the form "user%domain" to "user@domain". This is enabled by default. @@ -483,10 +487,19 @@ version 5.0. .PP Specify "\fBbroken_sasl_auth_clients = yes\fR" to have Postfix advertise AUTH support in a non-standard way. +.SH canonical_classes (default: envelope_sender, envelope_recipient, header_sender, header_recipient) +What addresses are subject to canonical_maps address mapping. +By default, canonical_maps address mapping is applied to envelope +sender and recipient addresses, and to header sender and header +recipient addresses. +.PP +Specify one or more of: envelope_sender, envelope_recipient, +header_sender, header_recipient .SH canonical_maps (default: empty) Optional address mapping lookup tables for message headers and envelopes. The mapping is applied to both sender and recipient -addresses, in both envelopes and in headers. This is typically used +addresses, in both envelopes and in headers, as controlled +with the canonical_classes parameter. This is typically used to clean up dirty addresses from legacy mail systems, or to replace login names by Firstname.Lastname. The table format and lookups are documented in canonical(5). @@ -1202,6 +1215,23 @@ on. By default, the software claims all active interfaces on the machine. The parameter also controls delivery of mail to user@[ip.address]. .PP +When inet_interfaces consists of just one IP address that is not a +loopback (net 127) address, the Postfix SMTP client will use this address +as the IP source address for outbound mail. +.PP +On a multi-homed firewall with separate Postfix instances listening on the +"inside" and "outside" interfaces, this can prevent each instance from +being able to reach servers on the "other side" of the firewall. Setting +smtp_bind_address to 0.0.0.0 avoids the potential problem. +.PP +A better solution is to leave inet_interfaces at the default value +and instead use explicit IP addresses in master.cf. This preserves SMTP +loop detection, by ensuring that each side of the firewall knows that the +other IP address is still the same host. Setting $inet_interfaces to a +single IP address is primarily useful with virtual hosting of domains on +secondary IP addresses, when each IP address serves a different domain +(and has a different $myhostname setting). +.PP See also the proxy_interfaces parameter, for network addresses that are forwarded to us by way of a proxy or address translator. .PP @@ -2350,6 +2380,13 @@ recipient_bcc_maps = hash:/etc/postfix/recipient_bcc .fi .ad .ft R +.SH recipient_canonical_classes (default: envelope_recipient, header_recipient) +What addresses are subject to recipient_canonical_maps address +mapping. By default, recipient_canonical_maps address mapping is +applied to envelope recipient addresses, and to header recipient +addresses. +.PP +Specify one or more of: envelope_recipient, header_recipient .SH recipient_canonical_maps (default: empty) Optional address mapping lookup tables for envelope and header recipient addresses. @@ -2606,6 +2643,12 @@ sender_bcc_maps = hash:/etc/postfix/sender_bcc .fi .ad .ft R +.SH sender_canonical_classes (default: envelope_sender, header_sender) +What addresses are subject to sender_canonical_maps address +mapping. By default, sender_canonical_maps address mapping is +applied to envelope sender addresses, and to header sender addresses. +.PP +Specify one or more of: envelope_sender, header_sender .SH sender_canonical_maps (default: empty) Optional address mapping lookup tables for envelope and header sender addresses. @@ -2686,6 +2729,12 @@ for example: .fi .ad .ft R +.PP +Note: when inet_interfaces specifies exactly one address that +is a non-loopback address, it is automatically used as the +smtp_bind_address. This supports virtual IP hosting, but can be +a problem on multi-homed firewalls. See the inet_interfaces +documentation for more detail. .SH smtp_connect_timeout (default: 30s) The SMTP client time limit for completing a TCP connection, or zero (use the operating system built-in time limit). @@ -2929,6 +2978,28 @@ smtp_sasl_auth_enable = yes .fi .ad .ft R +.SH smtp_sasl_mechanism_filter (default: empty) +If non-empty, filters the SMTP server's list of offered SASL mechanisms. +Different client and server implementations may support different +mechanism lists. By default, the client will use the intersection of the +two. smtp_sasl_mechanism_filter further restricts what server mechanisms +the client will take into consideration. +.PP +Specify mechanism names, "/file/name" patterns or "type:table" +lookup tables. The right-hand side result from "type:table" lookups +is ignored. +.PP +Examples: +.PP +.nf +.na +.ft C +smtp_sasl_mechanism_filter = plain, login +smtp_sasl_mechanism_filter = /etc/postfix/smtp_mechs +smtp_sasl_mechanism_filter = !gssapi, !login, static:rest +.fi +.ad +.ft R .SH smtp_sasl_password_maps (default: empty) Optional SMTP client lookup tables with one username:password entry per remote hostname or domain. If a remote host or domain has no @@ -3661,9 +3732,8 @@ The recipient domain matches $mydestination, $inet_interfaces or $proxy_interfaces, but the recipient is not listed in $local_recipient_maps, and $local_recipient_maps is not null. .IP \(bu -The recipient domain matches $virtual_alias_maps but the -recipient is not listed in $virtual_alias_maps, and $virtual_alias_maps -is not null. +The recipient domain matches $virtual_alias_domains but the +recipient is not listed in $virtual_alias_maps. .IP \(bu The recipient domain matches $virtual_mailbox_domains but the recipient is not listed in $virtual_mailbox_maps, and $virtual_mailbox_maps @@ -3684,9 +3754,8 @@ The sender domain matches $mydestination, $inet_interfaces or $proxy_interfaces, but the recipient is not listed in $local_recipient_maps, and $local_recipient_maps is not null. .IP \(bu -The sender domain matches $virtual_alias_maps but the recipient -is not listed in $virtual_alias_maps, and $virtual_alias_maps is -not null. +The sender domain matches $virtual_alias_domains but the recipient +is not listed in $virtual_alias_maps. .IP \(bu The sender domain matches $virtual_mailbox_domains but the recipient is not listed in $virtual_mailbox_maps, and $virtual_mailbox_maps @@ -4300,9 +4369,10 @@ Note 1: for security reasons, the virtual(8) delivery agent disallows regular expression substitution of $1 etc. in regular expression lookup tables, because that would open a security hole. .PP -Note 2: for security reasons, the virtual(8) delivery agent does -not allow table lookup through the proxymap(8) service, because -that would open a security hole. +Note 2: for security reasons, the virtual(8) delivery agent will +silently ignore requests to use the proxymap(8) server. Instead +it will open the table directly. Before Postfix version 2.2, the +virtual(8) delivery agent will terminate with a fatal error. .SH virtual_mailbox_base (default: empty) A prefix that the virtual(8) delivery agent prepends to all pathname results from $virtual_mailbox_maps table lookups. This is a safety @@ -4372,9 +4442,10 @@ Note 1: for security reasons, the virtual(8) delivery agent disallows regular expression substitution of $1 etc. in regular expression lookup tables, because that would open a security hole. .PP -Note 2: for security reasons, the virtual(8) delivery agent disallows -table lookup through the proxymap(8) server, because that would -open a security hole. +Note 2: for security reasons, the virtual(8) delivery agent will +silently ignore requests to use the proxymap(8) server. Instead +it will open the table directly. Before Postfix version 2.2, the +virtual(8) delivery agent will terminate with a fatal error. .SH virtual_maps (default: empty) Optional lookup tables with a) names of domains for which all addresses are aliased to addresses in other local or remote domains, @@ -4415,9 +4486,10 @@ Note 1: for security reasons, the virtual(8) delivery agent disallows regular expression substitution of $1 etc. in regular expression lookup tables, because that would open a security hole. .PP -Note 2: for security reasons, the virtual(8) delivery agent does -not allow table lookup through the proxymap(8) service, because -that would open a security hole. +Note 2: for security reasons, the virtual(8) delivery agent will +silently ignore requests to use the proxymap(8) server. Instead +it will open the table directly. Before Postfix version 2.2, the +virtual(8) delivery agent will terminate with a fatal error. .SH SEE ALSO .na .nf diff --git a/postfix/man/man8/cleanup.8 b/postfix/man/man8/cleanup.8 index 0e91dcb67..ba4ead2b2 100644 --- a/postfix/man/man8/cleanup.8 +++ b/postfix/man/man8/cleanup.8 @@ -194,6 +194,16 @@ Available in Postfix version 2.0 and later: .IP "\fBvirtual_alias_maps ($virtual_maps)\fR" Optional lookup tables that alias specific mail addresses or domains to other local or remote address. +.PP +Available in Postfix version 2.2 and later: +.IP "\fBcanonical_classes (envelope_sender, envelope_recipient, header_sender, header_recipient)\fR" +What addresses are subject to canonical_maps address mapping. +.IP "\fBrecipient_canonical_classes (envelope_recipient, header_recipient)\fR" +What addresses are subject to recipient_canonical_maps address +mapping. +.IP "\fBsender_canonical_classes (envelope_sender, header_sender)\fR" +What addresses are subject to sender_canonical_maps address +mapping. .SH "RESOURCE AND RATE CONTROLS" .na .nf diff --git a/postfix/man/man8/smtp.8 b/postfix/man/man8/smtp.8 index f6f530e28..6126844b6 100644 --- a/postfix/man/man8/smtp.8 +++ b/postfix/man/man8/smtp.8 @@ -162,6 +162,10 @@ per remote hostname or domain. .IP "\fBsmtp_sasl_security_options (noplaintext, noanonymous)\fR" What authentication mechanisms the Postfix SMTP client is allowed to use. +.PP +Available in Postfix version 2.2 and later: +.IP "\fBsmtp_sasl_mechanism_filter (empty)\fR" +If non-empty, filters the SMTP server's list of offered SASL mechanisms. .SH "RESOURCE AND RATE CONTROLS" .na .nf diff --git a/postfix/mantools/docparam b/postfix/mantools/docparam index 7dec7ca70..7a6ddadd4 100755 --- a/postfix/mantools/docparam +++ b/postfix/mantools/docparam @@ -185,6 +185,7 @@ BEGIN { table["smtpd_sasl_local_domain"] = "var_smtpd_sasl_realm" table["smtpd_sender_login_maps"] = "var_smtpd_snd_auth_maps" table["smtp_sasl_auth_enable"] = "var_smtp_sasl_enable" + table["smtp_sasl_mechanism_filter"] = "var_smtp_sasl_mechs" table["smtp_sasl_password_maps"] = "var_smtp_sasl_passwd" table["smtp_sasl_security_options"] = "var_smtp_sasl_opts" table["lmtpd_banner"] = "var_lmtpd_banner" diff --git a/postfix/mantools/postlink b/postfix/mantools/postlink index 9ed72b58f..f16639619 100755 --- a/postfix/mantools/postlink +++ b/postfix/mantools/postlink @@ -104,6 +104,7 @@ while (<>) { s;\bbounce_service_name\b;$&;g; s;\bbounce_size_limit\b;$&;g; s;\bbroken_sasl_auth_clients\b;$&;g; + s;\bcanonical_classes\b;$&;g; s;\bcanonical_maps\b;$&;g; s;\bcleanup_service_name\b;$&;g; s;\bcommand_execu[-]*\n* *[The cleanup(8) daemon uses the canonical(5) tables to rewrite -all addresses in message envelopes and in message headers. This is +addresses in message envelopes and in message headers. By default +all header and envelope addresses are rewritten; this is controlled +with the canonical_classes configuration parameter.
+ +Address rewriting is done for local and remote addresses. The mapping is useful to replace login names by "Firstname.Lastname" style addresses, or to clean up invalid domains in mail addresses produced by legacy mail @@ -453,7 +457,10 @@ applied only to sender addresses or to recipient addresses.
The sender and recipient canonical maps are applied before the -common canonical maps.
+common canonical maps. The sender_canonical_classes and +recipient_canonical_classes parameters control what addresses are +subject to sender_canonical_maps and recipient_canonical_maps +mappings, respectively.Sender-specific rewriting is useful when you want to rewrite ugly sender addresses to pretty ones, and still want to be able to diff --git a/postfix/proto/SASL_README.html b/postfix/proto/SASL_README.html index f0c3e46a2..86d35b209 100644 --- a/postfix/proto/SASL_README.html +++ b/postfix/proto/SASL_README.html @@ -473,6 +473,13 @@ for example:
enters the optional chroot jail, so you can keep the file in /etc/postfix. +Note: Some SMTP servers support authentication mechanisms that, +although available on the client system, may not in practice work or +possess the appropriate credentials to authenticate to the server. It +is possible via the smtp_sasl_mechanism_filter parameter to further +restrict the list of server mechanisms that the smtp(8) client will take +into consideration.
+The Postfix SMTP client is backwards compatible with SMTP servers that use the non-standard "AUTH=method..." syntax in response to the EHLO command; there is no Postfix client configuration needed diff --git a/postfix/proto/STANDARD_CONFIGURATION_README.html b/postfix/proto/STANDARD_CONFIGURATION_README.html index cbc163385..5b0cbc341 100644 --- a/postfix/proto/STANDARD_CONFIGURATION_README.html +++ b/postfix/proto/STANDARD_CONFIGURATION_README.html @@ -422,6 +422,22 @@ matches $inet_interfaces or $proxy_interfaces.
+In some installations, there may be separate instances of Postfix +processing inbound and outbound mail on a multi-homed firewall. The +inbound Postfix instance has an SMTP server listening on the external +firewall interface, and the outbound Postfix instance has an SMTP server +listening on the internal interface. In such a configuration is it is +tempting to configure $inet_interfaces in each instance with just the +corresponding interface address.
+ +In most cases using inet_interaces in this way will not work, +because as documented in the $inet_interfaces reference manual, the +smtp(8) delivery agent will also use the specified interface address +as the source address for outbound connections and will be unable to +reach hosts on "the other side" of the firewall. The symptoms are that +the firewall is unable to connect to hosts that are in fact up. See the +inet_interfaces parameter documentation for suggested work-arounds.
+The simplest way to set up Postfix on a host behind a firewalled diff --git a/postfix/proto/canonical b/postfix/proto/canonical index a41791269..bba86891a 100644 --- a/postfix/proto/canonical +++ b/postfix/proto/canonical @@ -30,6 +30,13 @@ # done in a slightly different way as described below under # "REGULAR EXPRESSION TABLES" and "TCP-BASED TABLES". # +# By default the \fBcanonical\fR mapping affects both message +# header addresses (i.e. addresses that appear inside messages) +# and message envelope addresses (for example, the addresses +# that are used in SMTP protocol commands). Think Sendmail +# rule set \fBS3\fR, if you like. This is controlled with +# the \fBcanonical_classes\fR parameter. +# # The \fBcanonical\fR mapping affects both message header addresses # (i.e. addresses that appear inside messages) and message envelope # addresses (for example, the addresses that are used in SMTP protocol @@ -134,6 +141,8 @@ # The following \fBmain.cf\fR parameters are especially relevant. # The text below provides only a parameter summary. See # postconf(5) for more details including examples. +# .IP \fBcanonical_classes\fR +# What addresses are subject to canonical address mapping. # .IP \fBcanonical_maps\fR # List of canonical mapping tables. # .IP \fBrecipient_canonical_maps\fR diff --git a/postfix/proto/header_checks b/postfix/proto/header_checks index 6c46afe8c..1b841581c 100644 --- a/postfix/proto/header_checks +++ b/postfix/proto/header_checks @@ -262,7 +262,7 @@ # .ti +4 # /^content-(type|disposition):.*name[[:space:]]*=.*\\.(exe|vbs)/ # .ti +8 -# REJECT Bad attachment file name extension: $1 +# REJECT Bad attachment file name extension: $2 # # .ad # .fi diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index dcae6958c..9f34fa4ee 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -486,8 +486,11 @@ allow_mail_to_files = alias,forward,include
Allow a recipient address to have `-' as the first character. By default, this is not allowed, to avoid accidents with software that -passes email addresses via the command line. -
+passes email addresses via the command line. Such software +would not be able to distinguish a malicious address from a +bona fide command-line option. Although this can be prevented by +inserting a "--" option terminator into the command line, this is +difficult to enforce consistently and globally. %PARAM allow_percent_hack yes @@ -655,7 +658,8 @@ proportionally.Optional address mapping lookup tables for message headers and envelopes. The mapping is applied to both sender and recipient -addresses, in both envelopes and in headers. This is typically used +addresses, in both envelopes and in headers, as controlled +with the canonical_classes parameter. This is typically used to clean up dirty addresses from legacy mail systems, or to replace login names by Firstname.Lastname. The table format and lookups are documented in canonical(5). @@ -677,6 +681,35 @@ canonical_maps = dbm:/etc/postfix/canonical canonical_maps = hash:/etc/postfix/canonical +%PARAM canonical_classes envelope_sender, envelope_recipient, header_sender, header_recipient + +
What addresses are subject to canonical_maps address mapping. +By default, canonical_maps address mapping is applied to envelope +sender and recipient addresses, and to header sender and header +recipient addresses.
+ +Specify one or more of: envelope_sender, envelope_recipient, +header_sender, header_recipient
+ +%PARAM sender_canonical_classes envelope_sender, header_sender + +What addresses are subject to sender_canonical_maps address +mapping. By default, sender_canonical_maps address mapping is +applied to envelope sender addresses, and to header sender addresses. +
+ +Specify one or more of: envelope_sender, header_sender
+ +%PARAM recipient_canonical_classes envelope_recipient, header_recipient + +What addresses are subject to recipient_canonical_maps address +mapping. By default, recipient_canonical_maps address mapping is +applied to envelope recipient addresses, and to header recipient +addresses.
+ +Specify one or more of: envelope_recipient, header_recipient +
+ %PARAM command_directory see "postconf -d" output@@ -1507,6 +1540,26 @@ machine. The parameter also controls delivery of mail to user@[ip.address].
++When inet_interfaces consists of just one IP address that is not a +loopback (net 127) address, the Postfix SMTP client will use this address +as the IP source address for outbound mail.
+ ++On a multi-homed firewall with separate Postfix instances listening on the +"inside" and "outside" interfaces, this can prevent each instance from +being able to reach servers on the "other side" of the firewall. Setting +smtp_bind_address to 0.0.0.0 avoids the potential problem.
+ ++A better solution is to leave inet_interfaces at the default value +and instead use explicit IP addresses in master.cf. This preserves SMTP +loop detection, by ensuring that each side of the firewall knows that the +other IP address is still the same host. Setting $inet_interfaces to a +single IP address is primarily useful with virtual hosting of domains on +secondary IP addresses, when each IP address serves a different domain +(and has a different $myhostname setting).
+See also the proxy_interfaces parameter, for network addresses that are forwarded to us by way of a proxy or address translator. @@ -3172,6 +3225,12 @@ for example: smtp ... smtp -o smtp_bind_address=11.22.33.44 +
Note: when inet_interfaces specifies exactly one address that +is a non-loopback address, it is automatically used as the +smtp_bind_address. This supports virtual IP hosting, but can be +a problem on multi-homed firewalls. See the inet_interfaces +documentation for more detail.
+ %PARAM smtp_connection_cache_time_limit 2sWhen SMTP session caching is enabled, the amount of time that @@ -3654,6 +3713,29 @@ Example: smtp_sasl_security_options = noplaintext +%PARAM smtp_sasl_mechanism_filter + +
+If non-empty, filters the SMTP server's list of offered SASL mechanisms. +Different client and server implementations may support different +mechanism lists. By default, the client will use the intersection of the +two. smtp_sasl_mechanism_filter further restricts what server mechanisms +the client will take into consideration.
+ +Specify mechanism names, "/file/name" patterns or "type:table" +lookup tables. The right-hand side result from "type:table" lookups +is ignored.
+ ++Examples: +
+ ++smtp_sasl_mechanism_filter = plain, login +smtp_sasl_mechanism_filter = /etc/postfix/smtp_mechs +smtp_sasl_mechanism_filter = !gssapi, !login, static:rest ++ %PARAM smtp_send_xforward_command no
@@ -6484,9 +6566,8 @@ from filling up with undeliverable MAILER-DAEMON messages. or $proxy_interfaces, but the recipient is not listed in $local_recipient_maps, and $local_recipient_maps is not null. -
-Note 2: for security reasons, the virtual(8) delivery agent does -not allow table lookup through the proxymap(8) service, because -that would open a security hole. +Note 2: for security reasons, the virtual(8) delivery agent will +silently ignore requests to use the proxymap(8) server. Instead +it will open the table directly. Before Postfix version 2.2, the +virtual(8) delivery agent will terminate with a fatal error.
%PARAM virtual_mailbox_base @@ -6835,9 +6916,10 @@ lookup tables, because that would open a security hole.-Note 2: for security reasons, the virtual(8) delivery agent disallows -table lookup through the proxymap(8) server, because that would -open a security hole. +Note 2: for security reasons, the virtual(8) delivery agent will +silently ignore requests to use the proxymap(8) server. Instead +it will open the table directly. Before Postfix version 2.2, the +virtual(8) delivery agent will terminate with a fatal error.
%PARAM virtual_minimum_uid 100 @@ -6895,9 +6977,10 @@ lookup tables, because that would open a security hole.-Note 2: for security reasons, the virtual(8) delivery agent does -not allow table lookup through the proxymap(8) service, because -that would open a security hole. +Note 2: for security reasons, the virtual(8) delivery agent will +silently ignore requests to use the proxymap(8) server. Instead +it will open the table directly. Before Postfix version 2.2, the +virtual(8) delivery agent will terminate with a fatal error.
%PARAM config_directory see "postconf -d" output diff --git a/postfix/proto/postconf.spec b/postfix/proto/postconf.spec index 486183c35..d2e50c019 100644 --- a/postfix/proto/postconf.spec +++ b/postfix/proto/postconf.spec @@ -293,6 +293,7 @@ %PARAM smtp_sasl_auth_enable %PARAM smtp_sasl_password_maps %PARAM smtp_sasl_security_options +%PARAM smtp_sasl_mechanism_filter %CLASS lmtp-sasl %PARAM lmtp_sasl_auth_enable diff --git a/postfix/src/cleanup/cleanup.c b/postfix/src/cleanup/cleanup.c index 541418714..ec57f6c5a 100644 --- a/postfix/src/cleanup/cleanup.c +++ b/postfix/src/cleanup/cleanup.c @@ -170,6 +170,16 @@ /* .IP "\fBvirtual_alias_maps ($virtual_maps)\fR" /* Optional lookup tables that alias specific mail addresses or domains /* to other local or remote address. +/* .PP +/* Available in Postfix version 2.2 and later: +/* .IP "\fBcanonical_classes (envelope_sender, envelope_recipient, header_sender, header_recipient)\fR" +/* What addresses are subject to canonical_maps address mapping. +/* .IP "\fBrecipient_canonical_classes (envelope_recipient, header_recipient)\fR" +/* What addresses are subject to recipient_canonical_maps address +/* mapping. +/* .IP "\fBsender_canonical_classes (envelope_sender, header_sender)\fR" +/* What addresses are subject to sender_canonical_maps address +/* mapping. /* RESOURCE AND RATE CONTROLS /* .ad /* .fi diff --git a/postfix/src/cleanup/cleanup.h b/postfix/src/cleanup/cleanup.h index 3077dc99b..65ff8bc46 100644 --- a/postfix/src/cleanup/cleanup.h +++ b/postfix/src/cleanup/cleanup.h @@ -80,6 +80,9 @@ typedef struct CLEANUP_STATE { extern MAPS *cleanup_comm_canon_maps; extern MAPS *cleanup_send_canon_maps; extern MAPS *cleanup_rcpt_canon_maps; +extern int cleanup_comm_canon_flags; +extern int cleanup_send_canon_flags; +extern int cleanup_rcpt_canon_flags; extern MAPS *cleanup_header_checks; extern MAPS *cleanup_mimehdr_checks; extern MAPS *cleanup_nesthdr_checks; @@ -91,6 +94,14 @@ extern int cleanup_masq_flags; extern MAPS *cleanup_send_bcc_maps; extern MAPS *cleanup_rcpt_bcc_maps; + /* + * Address canonicalization fine control. + */ +#define CLEANUP_CANON_FLAG_ENV_FROM (1<<0) /* envelope sender */ +#define CLEANUP_CANON_FLAG_ENV_RCPT (1<<1) /* envelope recipient */ +#define CLEANUP_CANON_FLAG_HDR_FROM (1<<2) /* header sender */ +#define CLEANUP_CANON_FLAG_HDR_RCPT (1<<3) /* header recipient */ + /* * Address masquerading fine control. */ diff --git a/postfix/src/cleanup/cleanup_addr.c b/postfix/src/cleanup/cleanup_addr.c index 5013744f0..fc00523c7 100644 --- a/postfix/src/cleanup/cleanup_addr.c +++ b/postfix/src/cleanup/cleanup_addr.c @@ -99,10 +99,12 @@ void cleanup_addr_sender(CLEANUP_STATE *state, const char *buf) vstring_strcpy(clean_addr, ""); } if (state->flags & CLEANUP_FLAG_MAP_OK) { - if (cleanup_send_canon_maps) + if (cleanup_send_canon_maps + && (cleanup_send_canon_flags & CLEANUP_CANON_FLAG_ENV_FROM)) cleanup_map11_internal(state, clean_addr, cleanup_send_canon_maps, cleanup_ext_prop_mask & EXT_PROP_CANONICAL); - if (cleanup_comm_canon_maps) + if (cleanup_comm_canon_maps + && (cleanup_comm_canon_flags & CLEANUP_CANON_FLAG_ENV_FROM)) cleanup_map11_internal(state, clean_addr, cleanup_comm_canon_maps, cleanup_ext_prop_mask & EXT_PROP_CANONICAL); if (cleanup_masq_domains @@ -130,10 +132,12 @@ void cleanup_addr_recipient(CLEANUP_STATE *state, const char *buf) cleanup_rewrite_internal(clean_addr, *buf ? buf : var_empty_addr); if (state->flags & CLEANUP_FLAG_MAP_OK) { - if (cleanup_rcpt_canon_maps) + if (cleanup_rcpt_canon_maps + && (cleanup_rcpt_canon_flags & CLEANUP_CANON_FLAG_ENV_RCPT)) cleanup_map11_internal(state, clean_addr, cleanup_rcpt_canon_maps, cleanup_ext_prop_mask & EXT_PROP_CANONICAL); - if (cleanup_comm_canon_maps) + if (cleanup_comm_canon_maps + && (cleanup_comm_canon_flags & CLEANUP_CANON_FLAG_ENV_RCPT)) cleanup_map11_internal(state, clean_addr, cleanup_comm_canon_maps, cleanup_ext_prop_mask & EXT_PROP_CANONICAL); if (cleanup_masq_domains @@ -160,10 +164,12 @@ void cleanup_addr_bcc(CLEANUP_STATE *state, const char *bcc) cleanup_rewrite_internal(clean_addr, bcc); if (state->flags & CLEANUP_FLAG_MAP_OK) { - if (cleanup_rcpt_canon_maps) + if (cleanup_rcpt_canon_maps + && (cleanup_rcpt_canon_flags & CLEANUP_CANON_FLAG_ENV_RCPT)) cleanup_map11_internal(state, clean_addr, cleanup_rcpt_canon_maps, cleanup_ext_prop_mask & EXT_PROP_CANONICAL); - if (cleanup_comm_canon_maps) + if (cleanup_comm_canon_maps + && (cleanup_comm_canon_flags & CLEANUP_CANON_FLAG_ENV_RCPT)) cleanup_map11_internal(state, clean_addr, cleanup_comm_canon_maps, cleanup_ext_prop_mask & EXT_PROP_CANONICAL); if (cleanup_masq_domains diff --git a/postfix/src/cleanup/cleanup_init.c b/postfix/src/cleanup/cleanup_init.c index df1f9112b..ef51ae299 100644 --- a/postfix/src/cleanup/cleanup_init.c +++ b/postfix/src/cleanup/cleanup_init.c @@ -97,6 +97,9 @@ int var_hopcount_limit; /* max mailer hop count */ char *var_canonical_maps; /* common canonical maps */ char *var_send_canon_maps; /* sender canonical maps */ char *var_rcpt_canon_maps; /* recipient canonical maps */ +char *var_canon_classes; /* what to canonicalize */ +char *var_send_canon_classes; /* what sender to canonicalize */ +char *var_rcpt_canon_classes; /* what recipient to canonicalize */ char *var_virt_alias_maps; /* virtual alias maps */ char *var_masq_domains; /* masquerade domains */ char *var_masq_exceptions; /* users not masqueraded */ @@ -145,6 +148,9 @@ CONFIG_STR_TABLE cleanup_str_table[] = { VAR_CANONICAL_MAPS, DEF_CANONICAL_MAPS, &var_canonical_maps, 0, 0, VAR_SEND_CANON_MAPS, DEF_SEND_CANON_MAPS, &var_send_canon_maps, 0, 0, VAR_RCPT_CANON_MAPS, DEF_RCPT_CANON_MAPS, &var_rcpt_canon_maps, 0, 0, + VAR_CANON_CLASSES, DEF_CANON_CLASSES, &var_canon_classes, 1, 0, + VAR_SEND_CANON_CLASSES, DEF_SEND_CANON_CLASSES, &var_send_canon_classes, 1, 0, + VAR_RCPT_CANON_CLASSES, DEF_RCPT_CANON_CLASSES, &var_rcpt_canon_classes, 1, 0, VAR_VIRT_ALIAS_MAPS, DEF_VIRT_ALIAS_MAPS, &var_virt_alias_maps, 0, 0, VAR_MASQ_DOMAINS, DEF_MASQ_DOMAINS, &var_masq_domains, 0, 0, VAR_EMPTY_ADDR, DEF_EMPTY_ADDR, &var_empty_addr, 1, 0, @@ -168,6 +174,9 @@ CONFIG_STR_TABLE cleanup_str_table[] = { MAPS *cleanup_comm_canon_maps; MAPS *cleanup_send_canon_maps; MAPS *cleanup_rcpt_canon_maps; +int cleanup_comm_canon_flags; +int cleanup_send_canon_flags; +int cleanup_rcpt_canon_flags; MAPS *cleanup_header_checks; MAPS *cleanup_mimehdr_checks; MAPS *cleanup_nesthdr_checks; @@ -196,6 +205,24 @@ void cleanup_all(void) void cleanup_pre_jail(char *unused_name, char **unused_argv) { + static NAME_MASK send_canon_class_table[] = { + CANON_CLASS_ENV_FROM, CLEANUP_CANON_FLAG_ENV_FROM, + CANON_CLASS_HDR_FROM, CLEANUP_CANON_FLAG_HDR_FROM, + 0, + }; + static NAME_MASK rcpt_canon_class_table[] = { + CANON_CLASS_ENV_RCPT, CLEANUP_CANON_FLAG_ENV_RCPT, + CANON_CLASS_HDR_RCPT, CLEANUP_CANON_FLAG_HDR_RCPT, + 0, + }; + static NAME_MASK canon_class_table[] = { + CANON_CLASS_ENV_FROM, CLEANUP_CANON_FLAG_ENV_FROM, + CANON_CLASS_ENV_RCPT, CLEANUP_CANON_FLAG_ENV_RCPT, + CANON_CLASS_HDR_FROM, CLEANUP_CANON_FLAG_HDR_FROM, + CANON_CLASS_HDR_RCPT, CLEANUP_CANON_FLAG_HDR_RCPT, + 0, + }; + static NAME_MASK masq_class_table[] = { MASQ_CLASS_ENV_FROM, CLEANUP_MASQ_FLAG_ENV_FROM, MASQ_CLASS_ENV_RCPT, CLEANUP_MASQ_FLAG_ENV_RCPT, @@ -219,6 +246,18 @@ void cleanup_pre_jail(char *unused_name, char **unused_argv) cleanup_virt_alias_maps = maps_create(VAR_VIRT_ALIAS_MAPS, var_virt_alias_maps, DICT_FLAG_LOCK); + if (*var_canon_classes) + cleanup_comm_canon_flags = + name_mask(VAR_CANON_CLASSES, canon_class_table, + var_canon_classes); + if (*var_send_canon_classes) + cleanup_send_canon_flags = + name_mask(VAR_CANON_CLASSES, send_canon_class_table, + var_send_canon_classes); + if (*var_rcpt_canon_classes) + cleanup_rcpt_canon_flags = + name_mask(VAR_CANON_CLASSES, rcpt_canon_class_table, + var_rcpt_canon_classes); if (*var_masq_domains) cleanup_masq_domains = argv_split(var_masq_domains, " ,\t\r\n"); if (*var_header_checks) diff --git a/postfix/src/cleanup/cleanup_message.c b/postfix/src/cleanup/cleanup_message.c index 3d0e8910b..8a5965a06 100644 --- a/postfix/src/cleanup/cleanup_message.c +++ b/postfix/src/cleanup/cleanup_message.c @@ -177,10 +177,12 @@ static void cleanup_rewrite_sender(CLEANUP_STATE *state, HEADER_OPTS *hdr_opts, for (tpp = addr_list; *tpp; tpp++) { cleanup_rewrite_tree(*tpp); if (state->flags & CLEANUP_FLAG_MAP_OK) { - if (cleanup_send_canon_maps) + if (cleanup_send_canon_maps + && (cleanup_send_canon_flags & CLEANUP_CANON_FLAG_HDR_FROM)) cleanup_map11_tree(state, *tpp, cleanup_send_canon_maps, cleanup_ext_prop_mask & EXT_PROP_CANONICAL); - if (cleanup_comm_canon_maps) + if (cleanup_comm_canon_maps + && (cleanup_comm_canon_flags & CLEANUP_CANON_FLAG_HDR_FROM)) cleanup_map11_tree(state, *tpp, cleanup_comm_canon_maps, cleanup_ext_prop_mask & EXT_PROP_CANONICAL); if (cleanup_masq_domains @@ -234,13 +236,14 @@ static void cleanup_rewrite_recip(CLEANUP_STATE *state, HEADER_OPTS *hdr_opts, for (tpp = addr_list; *tpp; tpp++) { cleanup_rewrite_tree(*tpp); if (state->flags & CLEANUP_FLAG_MAP_OK) { - if (cleanup_rcpt_canon_maps) + if (cleanup_rcpt_canon_maps + && (cleanup_rcpt_canon_flags & CLEANUP_CANON_FLAG_HDR_RCPT)) cleanup_map11_tree(state, *tpp, cleanup_rcpt_canon_maps, cleanup_ext_prop_mask & EXT_PROP_CANONICAL); - if (cleanup_comm_canon_maps) + if (cleanup_comm_canon_maps + && (cleanup_comm_canon_flags & CLEANUP_CANON_FLAG_HDR_RCPT)) cleanup_map11_tree(state, *tpp, cleanup_comm_canon_maps, cleanup_ext_prop_mask & EXT_PROP_CANONICAL); - if (cleanup_masq_domains && (cleanup_masq_flags & CLEANUP_MASQ_FLAG_HDR_RCPT)) cleanup_masquerade_tree(*tpp, cleanup_masq_domains); diff --git a/postfix/src/global/dict_proxy.c b/postfix/src/global/dict_proxy.c index 05b56c914..81aae3462 100644 --- a/postfix/src/global/dict_proxy.c +++ b/postfix/src/global/dict_proxy.c @@ -173,13 +173,18 @@ DICT *dict_proxy_open(const char *map, int open_flags, int dict_flags) /* * Sanity checks. */ - if (dict_flags & DICT_FLAG_NO_PROXY) - msg_fatal("%s: %s map is not allowed for security sensitive data", - map, DICT_TYPE_PROXY); if (open_flags != O_RDONLY) msg_fatal("%s: %s map open requires O_RDONLY access mode", map, DICT_TYPE_PROXY); + /* + * OK. If this map can't be proxied then we silently do a direct open. + * This allows sites to benefit from proxying the virtual mailbox maps + * without unnecessary pain. + */ + if (dict_flags & DICT_FLAG_NO_PROXY) + return (dict_open(map, open_flags, dict_flags)); + /* * Local initialization. */ diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h index 31334577e..507ff0a07 100644 --- a/postfix/src/global/mail_params.h +++ b/postfix/src/global/mail_params.h @@ -334,6 +334,28 @@ extern char *var_send_canon_maps; #define DEF_RCPT_CANON_MAPS "" extern char *var_rcpt_canon_maps; +#define CANON_CLASS_ENV_FROM "envelope_sender" +#define CANON_CLASS_ENV_RCPT "envelope_recipient" +#define CANON_CLASS_HDR_FROM "header_sender" +#define CANON_CLASS_HDR_RCPT "header_recipient" + +#define VAR_CANON_CLASSES "canonical_classes" +#define DEF_CANON_CLASSES CANON_CLASS_ENV_FROM ", " \ + CANON_CLASS_ENV_RCPT ", " \ + CANON_CLASS_HDR_FROM ", " \ + CANON_CLASS_HDR_RCPT +extern char *var_canon_classes; + +#define VAR_SEND_CANON_CLASSES "sender_canonical_classes" +#define DEF_SEND_CANON_CLASSES CANON_CLASS_ENV_FROM ", " \ + CANON_CLASS_HDR_FROM +extern char *var_send_canon_classes; + +#define VAR_RCPT_CANON_CLASSES "recipient_canonical_classes" +#define DEF_RCPT_CANON_CLASSES CANON_CLASS_ENV_RCPT ", " \ + CANON_CLASS_HDR_RCPT +extern char *var_rcpt_canon_classes; + #define VAR_SEND_BCC_MAPS "sender_bcc_maps" #define DEF_SEND_BCC_MAPS "" extern char *var_send_bcc_maps; @@ -980,6 +1002,10 @@ extern char *var_smtp_sasl_passwd; #define DEF_SMTP_SASL_OPTS "noplaintext, noanonymous" extern char *var_smtp_sasl_opts; +#define VAR_SMTP_SASL_MECHS "smtp_sasl_mechanism_filter" +#define DEF_SMTP_SASL_MECHS "" +extern char *var_smtp_sasl_mechs; + /* * LMTP server. The soft error limit determines how many errors an LMTP * client may make before we start to slow down; the hard error limit @@ -2038,6 +2064,7 @@ extern int var_anvil_stat_time; #define VAR_ANVIL_SERVICE "client_connection_rate_service" #define DEF_ANVIL_SERVICE "local:" ANVIL_CLASS "/" ANVIL_SERVICE extern char *var_anvil_service; + #endif /* LICENSE diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 00b7e0843..faed0e6fa 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change the patchlevel and the release date. Snapshots change the * release date only. */ -#define MAIL_RELEASE_DATE "20040801" +#define MAIL_RELEASE_DATE "20040827" #define MAIL_VERSION_NUMBER "2.2" #define VAR_MAIL_VERSION "mail_version" diff --git a/postfix/src/master/master.c b/postfix/src/master/master.c index 0391ad3e3..539fa13e8 100644 --- a/postfix/src/master/master.c +++ b/postfix/src/master/master.c @@ -209,7 +209,6 @@ int main(int argc, char **argv) int fd; int n; int test_lock = 0; - int fd_limit = open_limit(0); VSTRING *why; WATCHDOG *watchdog; ARGV *import_env; @@ -252,10 +251,7 @@ int main(int argc, char **argv) * of this we have to close descriptors > 2, and pray that doing so does * not break things. */ - if (fd_limit > 500) - fd_limit = 500; - for (fd = 3; fd < fd_limit; fd++) - (void) close(fd); + closefrom(3); /* * Initialize logging and exit handler. diff --git a/postfix/src/postalias/Makefile.in b/postfix/src/postalias/Makefile.in index 5049eb1b4..ff9363650 100644 --- a/postfix/src/postalias/Makefile.in +++ b/postfix/src/postalias/Makefile.in @@ -22,7 +22,7 @@ update: ../../bin/$(PROG) tests: test1 test2 -test1: $(PROG) map.in map-abc1.ref map-ghi1.ref map-ABC1.ref +test1: $(PROG) map.in map-abc1.ref map-ghi1.ref map-uABC1.ref ./$(PROG) map.in for key in abc ghi; \ do \ @@ -31,11 +31,11 @@ test1: $(PROG) map.in map-abc1.ref map-ghi1.ref map-ABC1.ref ./$(PROG) -f map.in for key in ABC; \ do \ - ./$(PROG) -fq $${key} map.in | diff map-$${key}1.ref -; \ + ./$(PROG) -fq $${key} map.in | diff map-u$${key}1.ref -; \ done rm -f map.in.db -test2: $(PROG) map.in map-abc2.ref map-ghi2.ref map-ABC2.ref +test2: $(PROG) map.in map-abc2.ref map-ghi2.ref map-uABC2.ref ./$(PROG) map.in for key in abc ghi; \ do \ @@ -44,7 +44,7 @@ test2: $(PROG) map.in map-abc2.ref map-ghi2.ref map-ABC2.ref ./$(PROG) -f map.in for key in ABC; \ do \ - echo $${key} | ./$(PROG) -fq - map.in | diff map-$${key}2.ref -; \ + echo $${key} | ./$(PROG) -fq - map.in | diff map-u$${key}2.ref -; \ done rm -f map.in.db diff --git a/postfix/src/postalias/map-ABC1.ref b/postfix/src/postalias/map-uABC1.ref similarity index 100% rename from postfix/src/postalias/map-ABC1.ref rename to postfix/src/postalias/map-uABC1.ref diff --git a/postfix/src/postalias/map-ABC2.ref b/postfix/src/postalias/map-uABC2.ref similarity index 100% rename from postfix/src/postalias/map-ABC2.ref rename to postfix/src/postalias/map-uABC2.ref diff --git a/postfix/src/postmap/Makefile.in b/postfix/src/postmap/Makefile.in index 00e1c94c7..a598181f2 100644 --- a/postfix/src/postmap/Makefile.in +++ b/postfix/src/postmap/Makefile.in @@ -25,7 +25,7 @@ update: ../../bin/$(PROG) tests: test1 test2 -test1: $(PROG) map.in map-abc1.ref map-ghi1.ref map-ABC1.ref +test1: $(PROG) map.in map-abc1.ref map-ghi1.ref map-uABC1.ref ./$(PROG) map.in for key in abc ghi; \ do \ @@ -34,11 +34,11 @@ test1: $(PROG) map.in map-abc1.ref map-ghi1.ref map-ABC1.ref ./$(PROG) -f map.in for key in ABC; \ do \ - ./$(PROG) -fq $${key} map.in | diff map-$${key}1.ref -; \ + ./$(PROG) -fq $${key} map.in | diff map-u$${key}1.ref -; \ done rm -f map.in.db -test2: $(PROG) map.in map-abc2.ref map-ghi2.ref map-ABC2.ref +test2: $(PROG) map.in map-abc2.ref map-ghi2.ref map-uABC2.ref ./$(PROG) map.in for key in abc ghi; \ do \ @@ -47,7 +47,7 @@ test2: $(PROG) map.in map-abc2.ref map-ghi2.ref map-ABC2.ref ./$(PROG) -f map.in for key in ABC; \ do \ - echo $${key} | ./$(PROG) -fq - map.in | diff map-$${key}2.ref -; \ + echo $${key} | ./$(PROG) -fq - map.in | diff map-u$${key}2.ref -; \ done rm -f map.in.db diff --git a/postfix/src/postmap/map-ABC1.ref b/postfix/src/postmap/map-uABC1.ref similarity index 100% rename from postfix/src/postmap/map-ABC1.ref rename to postfix/src/postmap/map-uABC1.ref diff --git a/postfix/src/postmap/map-ABC2.ref b/postfix/src/postmap/map-uABC2.ref similarity index 100% rename from postfix/src/postmap/map-ABC2.ref rename to postfix/src/postmap/map-uABC2.ref diff --git a/postfix/src/sendmail/sendmail.c b/postfix/src/sendmail/sendmail.c index 7d371fd33..35417ea6e 100644 --- a/postfix/src/sendmail/sendmail.c +++ b/postfix/src/sendmail/sendmail.c @@ -621,6 +621,7 @@ static void enqueue(const int flags, const char *encoding, const char *sender, */ rec_fputs(dst, REC_TYPE_MESG, ""); if (DEL_REQ_TRACE_ONLY(flags) != 0) { + rec_fprintf(dst, REC_TYPE_NORM, "From: %s", saved_sender); rec_fprintf(dst, REC_TYPE_NORM, "Subject: probe"); if (recipients) { rec_fprintf(dst, REC_TYPE_NORM, "To:"); diff --git a/postfix/src/smtp/smtp.c b/postfix/src/smtp/smtp.c index 1431de19d..4abbeb185 100644 --- a/postfix/src/smtp/smtp.c +++ b/postfix/src/smtp/smtp.c @@ -138,6 +138,10 @@ /* .IP "\fBsmtp_sasl_security_options (noplaintext, noanonymous)\fR" /* What authentication mechanisms the Postfix SMTP client is allowed /* to use. +/* .PP +/* Available in Postfix version 2.2 and later: +/* .IP "\fBsmtp_sasl_mechanism_filter (empty)\fR" +/* If non-empty, filters the SMTP server's list of offered SASL mechanisms. /* RESOURCE AND RATE CONTROLS /* .ad /* .fi @@ -365,6 +369,7 @@ int var_smtp_never_ehlo; char *var_smtp_sasl_opts; char *var_smtp_sasl_passwd; bool var_smtp_sasl_enable; +char *var_smtp_sasl_mechs; char *var_smtp_bind_addr; bool var_smtp_rand_addr; int var_smtp_pix_thresh; @@ -568,6 +573,7 @@ int main(int argc, char **argv) VAR_ERROR_RCPT, DEF_ERROR_RCPT, &var_error_rcpt, 1, 0, VAR_SMTP_SASL_PASSWD, DEF_SMTP_SASL_PASSWD, &var_smtp_sasl_passwd, 0, 0, VAR_SMTP_SASL_OPTS, DEF_SMTP_SASL_OPTS, &var_smtp_sasl_opts, 0, 0, + VAR_SMTP_SASL_MECHS, DEF_SMTP_SASL_MECHS, &var_smtp_sasl_mechs, 0, 0, VAR_SMTP_BIND_ADDR, DEF_SMTP_BIND_ADDR, &var_smtp_bind_addr, 0, 0, VAR_SMTP_HELO_NAME, DEF_SMTP_HELO_NAME, &var_smtp_helo_name, 1, 0, VAR_SMTP_HOST_LOOKUP, DEF_SMTP_HOST_LOOKUP, &var_smtp_host_lookup, 1, 0, diff --git a/postfix/src/smtp/smtp_chat.c b/postfix/src/smtp/smtp_chat.c index 06a21273c..4cb579498 100644 --- a/postfix/src/smtp/smtp_chat.c +++ b/postfix/src/smtp/smtp_chat.c @@ -163,6 +163,18 @@ void smtp_chat_cmd(SMTP_SESSION *session, char *fmt,...) */ smtp_fputs(STR(session->buffer), LEN(session->buffer), session->stream); + /* + * Force flushing of output does not belong here. It is done in the + * smtp_loop() main protocol loop when reading the server response, and + * in smtp_helo() when reading the EHLO response after sending the EHLO + * command. + * + * If we do forced flush here, then we must longjmp() on error, and a + * matching "prepare for disaster" error handler must be set up before + * every smtp_chat_cmd() call. + */ +#if 0 + /* * Flush unsent data to avoid timeouts after slow DNS lookups. */ @@ -176,6 +188,7 @@ void smtp_chat_cmd(SMTP_SESSION *session, char *fmt,...) vstream_longjmp(session->stream, SMTP_ERR_TIME); if (vstream_ferror(session->stream)) vstream_longjmp(session->stream, SMTP_ERR_EOF); +#endif } /* smtp_chat_resp - read and process SMTP server response */ diff --git a/postfix/src/smtp/smtp_proto.c b/postfix/src/smtp/smtp_proto.c index 82b7debe3..a56c9aa85 100644 --- a/postfix/src/smtp/smtp_proto.c +++ b/postfix/src/smtp/smtp_proto.c @@ -525,6 +525,14 @@ static int smtp_loop(SMTP_STATE *state, NOCLOBBER int send_state, #define CANT_RSET_THIS_SESSION \ (session->features |= SMTP_FEATURE_RSET_REJECTED) + /* + * Sanity check. We don't want smtp_chat() to inadvertently flush the + * output buffer. That means someone broke pipelining support. + */ + if (session->sndbufsize > VSTREAM_BUFSIZE) + msg_panic("bad sndbufsize %d > VSTREAM_BUFSIZE %d", + session->sndbufsize, VSTREAM_BUFSIZE); + /* * Miscellaneous initialization. Some of this might be done in * smtp_xfer() but that just complicates interfaces and data structures. @@ -551,6 +559,42 @@ static int smtp_loop(SMTP_STATE *state, NOCLOBBER int send_state, next_rcpt = send_rcpt = recv_rcpt = 0; mail_from_rejected = 0; + /* + * Prepare for disaster. This should not be needed because the design + * guarantees that no output is flushed before smtp_chat_resp() is + * called. + * + * 1) Every SMTP command fits entirely in a VSTREAM output buffer. + * + * 2) smtp_loop() never invokes smtp_chat_cmd() without making sure that + * there is sufficient space for the command in the output buffer. + * + * 3) smtp_loop() flushes the output buffer to avoid server timeouts. + * + * Changing any of these would violate the design, and would likely break + * SMTP pipelining. + * + * We set up the error handler anyway (only upon entry to avoid wasting + * resources) because 1) there is code below that expects that VSTREAM + * timeouts are enabled, and 2) this allows us to detect if someone broke + * Postfix by introducing spurious flush before read operations. + */ + if (send_state < SMTP_STATE_XFORWARD_NAME_ADDR + || send_state > SMTP_STATE_QUIT) + msg_panic("%s: bad sender state %d (receiver state %d)", + myname, send_state, recv_state); + smtp_timeout_setup(session->stream, + *xfer_timeouts[send_state]); + if ((except = vstream_setjmp(session->stream)) != 0) { + msg_warn("smtp_proto: spurious flush before read in send state %d", + send_state); + RETURN(SENDING_MAIL ? smtp_stream_except(state, except, + xfer_states[send_state]) : -1); + } + + /* + * The main protocol loop. + */ do { /* diff --git a/postfix/src/smtp/smtp_sasl.h b/postfix/src/smtp/smtp_sasl.h index cf8c6d59c..82377e1bf 100644 --- a/postfix/src/smtp/smtp_sasl.h +++ b/postfix/src/smtp/smtp_sasl.h @@ -23,6 +23,7 @@ extern int smtp_sasl_helo_login(SMTP_STATE *); extern void smtp_sasl_passivate(SMTP_SESSION *, VSTRING *); extern int smtp_sasl_activate(SMTP_SESSION *, char *); +extern STRING_LIST *smtp_sasl_mechs; /* LICENSE /* .ad diff --git a/postfix/src/smtp/smtp_sasl_glue.c b/postfix/src/smtp/smtp_sasl_glue.c index 2c0d88a36..735c2a456 100644 --- a/postfix/src/smtp/smtp_sasl_glue.c +++ b/postfix/src/smtp/smtp_sasl_glue.c @@ -190,6 +190,11 @@ static NAME_MASK smtp_sasl_sec_mask[] = { */ static MAPS *smtp_sasl_passwd_map; + /* + * Supported SASL mechanisms. + */ +STRING_LIST *smtp_sasl_mechs; + /* smtp_sasl_log - logging call-back routine */ static int smtp_sasl_log(void *unused_context, int priority, @@ -343,6 +348,12 @@ void smtp_sasl_initialize(void) if (sasl_client_init(callbacks) != SASL_OK) msg_fatal("SASL library initialization"); + /* + * Initialize optional supported mechanism matchlist + */ + if (*var_smtp_sasl_mechs) + smtp_sasl_mechs = string_list_init(MATCH_FLAG_NONE, + var_smtp_sasl_mechs); } /* smtp_sasl_connect - per-session client initialization */ diff --git a/postfix/src/smtp/smtp_sasl_proto.c b/postfix/src/smtp/smtp_sasl_proto.c index bcd87cb46..e2a35e0e6 100644 --- a/postfix/src/smtp/smtp_sasl_proto.c +++ b/postfix/src/smtp/smtp_sasl_proto.c @@ -61,6 +61,7 @@ #include