diff --git a/postfix/HISTORY b/postfix/HISTORY
index 83fe24140..0f56857b0 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -10336,11 +10336,31 @@ Apologies for any names omitted.
Cleanup: documented the myorigin/mydomain address rewriting
in canonical, generics and virtual alias maps.
+20050210
+
+ Bugfix: spurious fallback_relay warnings after 20050202.
+ Victor Duchovni. File: smtp/smtp_connect.c.
+
+ Bugfix: (introduced while adopting Postfix/TLS patch) the
+ TLS cache scan stopped after expiring one entry. Victor
+ Duchovni. File: tls/tls_scache.c.
+
+ Safety: delete-behind when removing expired entries from
+ TLS session caches. Some maps mis-behave when the current
+ entry is deleted. File: tls/tls_scache.c.
+
Open problems:
Med: local and remote source port and IP address for smtpd
policy hook.
+ Med: should "generics" be "generic", for consistency with
+ "canonical" and "virtual".
+
+ Med: canonical/generic/virtual mapping always append
+ myorigin/mydomain and never remote_header_rewrite_domain;
+ this needs to be clear from documentation.
+
Med: disable address rewriting after XCLIENT? Introduce a
better concept of original submission?
diff --git a/postfix/README_FILES/SMTPD_POLICY_README b/postfix/README_FILES/SMTPD_POLICY_README
index cf60dbad5..a76a773ac 100644
--- a/postfix/README_FILES/SMTPD_POLICY_README
+++ b/postfix/README_FILES/SMTPD_POLICY_README
@@ -273,7 +273,7 @@ found at http://www.monkeys.com/anti-spam/filtering/sender-domain-validate.in.
5 reject_unauth_destination
6 check_sender_access hash:/etc/postfix/sender_access
7 ...
- 8 restriction_classes = greylist
+ 8 smtpd_restriction_classes = greylist
9 greylist = check_policy_service unix:private/policy
10
11 /etc/postfix/sender_access:
diff --git a/postfix/conf/canonical b/postfix/conf/canonical
index ecfd32dc3..2d3e2b06c 100644
--- a/postfix/conf/canonical
+++ b/postfix/conf/canonical
@@ -102,63 +102,66 @@
# o When the result has the form @otherdomain, the
# result becomes the same user in otherdomain.
#
-# o The result is rewritten as specified with
-# append_at_myorigin or with append_dot_mydomain.
+# o When "append_at_myorigin=yes", append "@$myorigin"
+# to addresses without "@domain".
+#
+# o When "append_dot_mydomain=yes", append ".$mydomain"
+# to addresses without ".domain".
#
# ADDRESS EXTENSION
# When a mail address localpart contains the optional recip-
-# ient delimiter (e.g., user+foo@domain), the lookup order
+# ient delimiter (e.g., user+foo@domain), the lookup order
# becomes: user+foo@domain, user@domain, user+foo, user, and
# @domain.
#
-# The propagate_unmatched_extensions parameter controls
-# whether an unmatched address extension (+foo) is propa-
+# The propagate_unmatched_extensions parameter controls
+# whether an unmatched address extension (+foo) is propa-
# gated to the result of table lookup.
#
# REGULAR EXPRESSION TABLES
-# This section describes how the table lookups change when
+# This section describes how the table lookups change when
# the table is given in the form of regular expressions. For
-# a description of regular expression lookup table syntax,
+# a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5).
#
-# Each pattern is a regular expression that is applied to
+# Each pattern is a regular expression that is applied to
# the entire address being looked up. Thus, user@domain mail
-# addresses are not broken up into their user and @domain
+# addresses are not broken up into their user and @domain
# constituent parts, nor is user+foo broken up into user and
# foo.
#
-# Patterns are applied in the order as specified in the
-# table, until a pattern is found that matches the search
+# Patterns are applied in the order as specified in the
+# table, until a pattern is found that matches the search
# string.
#
-# Results are the same as with indexed file lookups, with
-# the additional feature that parenthesized substrings from
+# Results are the same as with indexed file lookups, with
+# the additional feature that parenthesized substrings from
# the pattern can be interpolated as $1, $2 and so on.
#
# TCP-BASED TABLES
-# This section describes how the table lookups change when
+# This section describes how the table lookups change when
# lookups are directed to a TCP-based server. For a descrip-
-# tion of the TCP client/server lookup protocol, see
-# tcp_table(5). This feature is not available up to and
+# tion of the TCP client/server lookup protocol, see
+# tcp_table(5). This feature is not available up to and
# including Postfix version 2.2.
#
# Each lookup operation uses the entire address once. Thus,
-# user@domain mail addresses are not broken up into their
+# user@domain mail addresses are not broken up into their
# user and @domain constituent parts, nor is user+foo broken
# up into user and foo.
#
# Results are the same as with indexed file lookups.
#
# BUGS
-# The table format does not understand quoting conventions.
+# The table format does not understand quoting conventions.
#
# CONFIGURATION PARAMETERS
-# The following main.cf parameters are especially relevant.
-# The text below provides only a parameter summary. See
+# The following main.cf parameters are especially relevant.
+# The text below provides only a parameter summary. See
# postconf(5) for more details including examples.
#
# canonical_classes
-# What addresses are subject to canonical address
+# What addresses are subject to canonical address
# mapping.
#
# canonical_maps
@@ -173,24 +176,16 @@
# header sender addresses.
#
# propagate_unmatched_extensions
-# A list of address rewriting or forwarding mecha-
-# nisms that propagate an address extension from the
-# original address to the result. Specify zero or
-# more of canonical, virtual, alias, forward,
+# A list of address rewriting or forwarding mecha-
+# nisms that propagate an address extension from the
+# original address to the result. Specify zero or
+# more of canonical, virtual, alias, forward,
# include, or generics.
#
# Other parameters of interest:
#
-# append_at_myorigin
-# Do or don't append "@$myorigin" to addresses with-
-# out domain. This must be turned on in Postfix.
-#
-# append_dot_mydomain
-# Do or don't append ".$mydomain" to addresses with-
-# out "." on the right-hand side of the @.
-#
# inet_interfaces
-# The network interface addresses that this system
+# The network interface addresses that this system
# receives mail on. You need to stop and start Post-
# fix when this parameter changes.
#
@@ -200,20 +195,20 @@
# tor.
#
# masquerade_classes
-# List of address classes subject to masquerading:
-# zero or more of envelope_sender, envelope_recipi-
+# List of address classes subject to masquerading:
+# zero or more of envelope_sender, envelope_recipi-
# ent, header_sender, header_recipient.
#
# masquerade_domains
-# List of domains that hide their subdomain struc-
+# List of domains that hide their subdomain struc-
# ture.
#
# masquerade_exceptions
-# List of user names that are not subject to address
+# List of user names that are not subject to address
# masquerading.
#
# mydestination
-# List of domains that this mail system considers
+# List of domains that this mail system considers
# local.
#
# myorigin
@@ -230,13 +225,13 @@
# virtual(5), virtual aliasing
#
# README FILES
-# Use "postconf readme_directory" or "postconf html_direc-
+# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
# DATABASE_README, Postfix lookup table overview
# ADDRESS_REWRITING_README, address rewriting guide
#
# LICENSE
-# The Secure Mailer license must be distributed with this
+# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)
diff --git a/postfix/conf/generics b/postfix/conf/generics
index 05a572ccb..0a77b3b99 100644
--- a/postfix/conf/generics
+++ b/postfix/conf/generics
@@ -89,60 +89,63 @@
# o When the result has the form @otherdomain, the
# result becomes the same user in otherdomain.
#
-# o The result is rewritten as specified with
-# append_at_myorigin or with append_dot_mydomain.
+# o When "append_at_myorigin=yes", append "@$myorigin"
+# to addresses without "@domain".
+#
+# o When "append_dot_mydomain=yes", append ".$mydomain"
+# to addresses without ".domain".
#
# ADDRESS EXTENSION
# When a mail address localpart contains the optional recip-
-# ient delimiter (e.g., user+foo@domain), the lookup order
+# ient delimiter (e.g., user+foo@domain), the lookup order
# becomes: user+foo@domain, user@domain, user+foo, user, and
# @domain.
#
-# The propagate_unmatched_extensions parameter controls
-# whether an unmatched address extension (+foo) is propa-
+# The propagate_unmatched_extensions parameter controls
+# whether an unmatched address extension (+foo) is propa-
# gated to the result of table lookup.
#
# REGULAR EXPRESSION TABLES
-# This section describes how the table lookups change when
+# This section describes how the table lookups change when
# the table is given in the form of regular expressions. For
-# a description of regular expression lookup table syntax,
+# a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5).
#
-# Each pattern is a regular expression that is applied to
+# Each pattern is a regular expression that is applied to
# the entire address being looked up. Thus, user@domain mail
-# addresses are not broken up into their user and @domain
+# addresses are not broken up into their user and @domain
# constituent parts, nor is user+foo broken up into user and
# foo.
#
-# Patterns are applied in the order as specified in the
-# table, until a pattern is found that matches the search
+# Patterns are applied in the order as specified in the
+# table, until a pattern is found that matches the search
# string.
#
-# Results are the same as with indexed file lookups, with
-# the additional feature that parenthesized substrings from
+# Results are the same as with indexed file lookups, with
+# the additional feature that parenthesized substrings from
# the pattern can be interpolated as $1, $2 and so on.
#
# TCP-BASED TABLES
-# This section describes how the table lookups change when
+# This section describes how the table lookups change when
# lookups are directed to a TCP-based server. For a descrip-
-# tion of the TCP client/server lookup protocol, see
-# tcp_table(5). This feature is not available up to and
+# tion of the TCP client/server lookup protocol, see
+# tcp_table(5). This feature is not available up to and
# including Postfix version 2.2.
#
# Each lookup operation uses the entire address once. Thus,
-# user@domain mail addresses are not broken up into their
+# user@domain mail addresses are not broken up into their
# user and @domain constituent parts, nor is user+foo broken
# up into user and foo.
#
# Results are the same as with indexed file lookups.
#
# EXAMPLE
-# The following shows a generic mapping with an indexed
-# file. When mail is sent to a remote host via SMTP, this
-# replaces his@localdomain.local by his ISP mail address,
-# replaces her@localdomain.local by her ISP mail address,
-# and replaces other local addresses by his ISP account,
-# with an address extension of +local (this example assumes
+# The following shows a generic mapping with an indexed
+# file. When mail is sent to a remote host via SMTP, this
+# replaces his@localdomain.local by his ISP mail address,
+# replaces her@localdomain.local by her ISP mail address,
+# and replaces other local addresses by his ISP account,
+# with an address extension of +local (this example assumes
# that the ISP supports "+" style address extensions).
#
# /etc/postfix/main.cf:
@@ -153,43 +156,35 @@
# her@localdomain.local heraccount@herisp.example
# @localdomain.local hisaccount+local@hisisp.example
#
-# Execute the command "postmap /etc/postfix/generics" when-
-# ever the table is changed. Instead of hash, some systems
-# use dbm database files. To find out what tables your sys-
+# Execute the command "postmap /etc/postfix/generics" when-
+# ever the table is changed. Instead of hash, some systems
+# use dbm database files. To find out what tables your sys-
# tem supports use the command "postconf -m".
#
# BUGS
-# The table format does not understand quoting conventions.
+# The table format does not understand quoting conventions.
#
# CONFIGURATION PARAMETERS
-# The following main.cf parameters are especially relevant.
-# The text below provides only a parameter summary. See
+# The following main.cf parameters are especially relevant.
+# The text below provides only a parameter summary. See
# postconf(5) for more details including examples.
#
# smtp_generics_maps
# Address mapping lookup table for envelope and
-# header sender and recipient addresses while deliv-
+# header sender and recipient addresses while deliv-
# ering mail via SMTP.
#
# propagate_unmatched_extensions
-# A list of address rewriting or forwarding mecha-
-# nisms that propagate an address extension from the
-# original address to the result. Specify zero or
-# more of canonical, virtual, alias, forward,
+# A list of address rewriting or forwarding mecha-
+# nisms that propagate an address extension from the
+# original address to the result. Specify zero or
+# more of canonical, virtual, alias, forward,
# include, or generics.
#
# Other parameters of interest:
#
-# append_at_myorigin
-# Do or don't append "@$myorigin" to addresses with-
-# out domain. This must be turned on in Postfix.
-#
-# append_dot_mydomain
-# Do or don't append ".$mydomain" to addresses with-
-# out "." on the right-hand side of the @.
-#
# inet_interfaces
-# The network interface addresses that this system
+# The network interface addresses that this system
# receives mail on. You need to stop and start Post-
# fix when this parameter changes.
#
@@ -199,7 +194,7 @@
# tor.
#
# mydestination
-# List of domains that this mail system considers
+# List of domains that this mail system considers
# local.
#
# myorigin
@@ -215,13 +210,13 @@
# smtp(8), Postfix SMTP client
#
# README FILES
-# Use "postconf readme_directory" or "postconf html_direc-
+# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
# DATABASE_README, Postfix lookup table overview
# ADDRESS_REWRITING_README, address rewriting guide
#
# LICENSE
-# The Secure Mailer license must be distributed with this
+# The Secure Mailer license must be distributed with this
# software.
#
# HISTORY
diff --git a/postfix/conf/virtual b/postfix/conf/virtual
index 1f33a6815..8df4eec53 100644
--- a/postfix/conf/virtual
+++ b/postfix/conf/virtual
@@ -103,34 +103,37 @@
# works only for the first address in a multi-address
# lookup result.
#
-# o The result is rewritten as specified with
-# append_at_myorigin or with append_dot_mydomain.
+# o When "append_at_myorigin=yes", append "@$myorigin"
+# to addresses without "@domain".
+#
+# o When "append_dot_mydomain=yes", append ".$mydomain"
+# to addresses without ".domain".
#
# ADDRESS EXTENSION
# When a mail address localpart contains the optional recip-
-# ient delimiter (e.g., user+foo@domain), the lookup order
+# ient delimiter (e.g., user+foo@domain), the lookup order
# becomes: user+foo@domain, user@domain, user+foo, user, and
# @domain.
#
-# The propagate_unmatched_extensions parameter controls
-# whether an unmatched address extension (+foo) is propa-
+# The propagate_unmatched_extensions parameter controls
+# whether an unmatched address extension (+foo) is propa-
# gated to the result of table lookup.
#
# VIRTUAL ALIAS DOMAINS
-# Besides virtual aliases, the virtual alias table can also
+# Besides virtual aliases, the virtual alias table can also
# be used to implement virtual alias domains. With a virtual
-# alias domain, all recipient addresses are aliased to
+# alias domain, all recipient addresses are aliased to
# addresses in other domains.
#
# Virtual alias domains are not to be confused with the vir-
# tual mailbox domains that are implemented with the Postfix
# virtual(8) mail delivery agent. With virtual mailbox
-# domains, each recipient address can have its own mailbox.
+# domains, each recipient address can have its own mailbox.
#
-# With a virtual alias domain, the virtual domain has its
-# own user name space. Local (i.e. non-virtual) usernames
-# are not visible in a virtual alias domain. In particular,
-# local aliases(5) and local mailing lists are not visible
+# With a virtual alias domain, the virtual domain has its
+# own user name space. Local (i.e. non-virtual) usernames
+# are not visible in a virtual alias domain. In particular,
+# local aliases(5) and local mailing lists are not visible
# as localname@virtual-alias.domain.
#
# Support for a virtual alias domain looks like:
@@ -138,7 +141,7 @@
# /etc/postfix/main.cf:
# virtual_alias_maps = hash:/etc/postfix/virtual
#
-# Note: some systems use dbm databases instead of hash.
+# Note: some systems use dbm databases instead of hash.
# See the output from "postconf -m" for available
# database types.
#
@@ -148,103 +151,95 @@
# user1@virtual-alias.domain address1
# user2@virtual-alias.domain address2, address3
#
-# The virtual-alias.domain anything entry is required for a
+# The virtual-alias.domain anything entry is required for a
# virtual alias domain. Without this entry, mail is rejected
-# with "relay access denied", or bounces with "mail loops
+# with "relay access denied", or bounces with "mail loops
# back to myself".
#
-# Do not specify virtual alias domain names in the main.cf
+# Do not specify virtual alias domain names in the main.cf
# mydestination or relay_domains configuration parameters.
#
-# With a virtual alias domain, the Postfix SMTP server
-# accepts mail for known-user@virtual-alias.domain, and
-# rejects mail for unknown-user@virtual-alias.domain as
+# With a virtual alias domain, the Postfix SMTP server
+# accepts mail for known-user@virtual-alias.domain, and
+# rejects mail for unknown-user@virtual-alias.domain as
# undeliverable.
#
-# Instead of specifying the virtual alias domain name via
-# the virtual_alias_maps table, you may also specify it via
+# Instead of specifying the virtual alias domain name via
+# the virtual_alias_maps table, you may also specify it via
# the main.cf virtual_alias_domains configuration parameter.
-# This latter parameter uses the same syntax as the main.cf
+# This latter parameter uses the same syntax as the main.cf
# mydestination configuration parameter.
#
# REGULAR EXPRESSION TABLES
-# This section describes how the table lookups change when
+# This section describes how the table lookups change when
# the table is given in the form of regular expressions. For
-# a description of regular expression lookup table syntax,
+# a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5).
#
-# Each pattern is a regular expression that is applied to
+# Each pattern is a regular expression that is applied to
# the entire address being looked up. Thus, user@domain mail
-# addresses are not broken up into their user and @domain
+# addresses are not broken up into their user and @domain
# constituent parts, nor is user+foo broken up into user and
# foo.
#
-# Patterns are applied in the order as specified in the
-# table, until a pattern is found that matches the search
+# Patterns are applied in the order as specified in the
+# table, until a pattern is found that matches the search
# string.
#
-# Results are the same as with indexed file lookups, with
-# the additional feature that parenthesized substrings from
+# Results are the same as with indexed file lookups, with
+# the additional feature that parenthesized substrings from
# the pattern can be interpolated as $1, $2 and so on.
#
# TCP-BASED TABLES
-# This section describes how the table lookups change when
+# This section describes how the table lookups change when
# lookups are directed to a TCP-based server. For a descrip-
-# tion of the TCP client/server lookup protocol, see
-# tcp_table(5). This feature is not available up to and
+# tion of the TCP client/server lookup protocol, see
+# tcp_table(5). This feature is not available up to and
# including Postfix version 2.2.
#
# Each lookup operation uses the entire address once. Thus,
-# user@domain mail addresses are not broken up into their
+# user@domain mail addresses are not broken up into their
# user and @domain constituent parts, nor is user+foo broken
# up into user and foo.
#
# Results are the same as with indexed file lookups.
#
# BUGS
-# The table format does not understand quoting conventions.
+# The table format does not understand quoting conventions.
#
# CONFIGURATION PARAMETERS
-# The following main.cf parameters are especially relevant
-# to this topic. See the Postfix main.cf file for syntax
-# details and for default values. Use the "postfix reload"
+# The following main.cf parameters are especially relevant
+# to this topic. See the Postfix main.cf file for syntax
+# details and for default values. Use the "postfix reload"
# command after a configuration change.
#
# virtual_alias_maps
# List of virtual aliasing tables.
#
# virtual_alias_domains
-# List of virtual alias domains. This uses the same
+# List of virtual alias domains. This uses the same
# syntax as the mydestination parameter.
#
# propagate_unmatched_extensions
-# A list of address rewriting or forwarding mecha-
-# nisms that propagate an address extension from the
-# original address to the result. Specify zero or
-# more of canonical, virtual, alias, forward,
+# A list of address rewriting or forwarding mecha-
+# nisms that propagate an address extension from the
+# original address to the result. Specify zero or
+# more of canonical, virtual, alias, forward,
# include, or generics.
#
# Other parameters of interest:
#
-# append_at_myorigin
-# Do or don't append "@$myorigin" to addresses with-
-# out domain. This must be turned on in Postfix.
-#
-# append_dot_mydomain
-# Do or don't append ".$mydomain" to addresses with-
-# out "." on the right-hand side of the @.
-#
# inet_interfaces
-# The network interface addresses that this system
+# The network interface addresses that this system
# receives mail on. You need to stop and start Post-
# fix when this parameter changes.
#
# mydestination
-# List of domains that this mail system considers
+# List of domains that this mail system considers
# local.
#
# myorigin
-# The domain that is appended to any address that
+# The domain that is appended to any address that
# does not have a domain.
#
# owner_request_special
@@ -263,14 +258,14 @@
# canonical(5), canonical address mapping
#
# README FILES
-# Use "postconf readme_directory" or "postconf html_direc-
+# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
# DATABASE_README, Postfix lookup table overview
# ADDRESS_REWRITING_README, address rewriting guide
# VIRTUAL_README, domain hosting guide
#
# LICENSE
-# The Secure Mailer license must be distributed with this
+# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)
diff --git a/postfix/html/SMTPD_POLICY_README.html b/postfix/html/SMTPD_POLICY_README.html
index 61afced15..7279933a2 100644
--- a/postfix/html/SMTPD_POLICY_README.html
+++ b/postfix/html/SMTPD_POLICY_README.html
@@ -386,7 +386,7 @@ forged MAIL FROM domains can be found at
5 reject_unauth_destination
6 check_sender_access hash:/etc/postfix/sender_access
7 ...
- 8 restriction_classes = greylist
+ 8 smtpd_restriction_classes = greylist
9 greylist = check_policy_service unix:private/policy
10
11 /etc/postfix/sender_access:
diff --git a/postfix/html/canonical.5.html b/postfix/html/canonical.5.html
index 0c1294d9d..e56d9a75e 100644
--- a/postfix/html/canonical.5.html
+++ b/postfix/html/canonical.5.html
@@ -108,63 +108,66 @@ CANONICAL(5) CANONICAL(5)
o When the result has the form @otherdomain, the
result becomes the same user in otherdomain.
- o The result is rewritten as specified with
- append_at_myorigin or with append_dot_mydomain.
+ o When "append_at_myorigin=yes", append "@$myorigin"
+ to addresses without "@domain".
+
+ o When "append_dot_mydomain=yes", append ".$mydomain"
+ to addresses without ".domain".
ADDRESS EXTENSION
When a mail address localpart contains the optional recip-
- ient delimiter (e.g., user+foo@domain), the lookup order
+ ient delimiter (e.g., user+foo@domain), the lookup order
becomes: user+foo@domain, user@domain, user+foo, user, and
@domain.
- The propagate_unmatched_extensions parameter controls
- whether an unmatched address extension (+foo) is propa-
+ The propagate_unmatched_extensions parameter controls
+ whether an unmatched address extension (+foo) is propa-
gated to the result of table lookup.
REGULAR EXPRESSION TABLES
- This section describes how the table lookups change when
+ This section describes how the table lookups change when
the table is given in the form of regular expressions. For
- a description of regular expression lookup table syntax,
+ a description of regular expression lookup table syntax,
see regexp_table(5) or pcre_table(5).
- Each pattern is a regular expression that is applied to
+ Each pattern is a regular expression that is applied to
the entire address being looked up. Thus, user@domain mail
- addresses are not broken up into their user and @domain
+ addresses are not broken up into their user and @domain
constituent parts, nor is user+foo broken up into user and
foo.
- Patterns are applied in the order as specified in the
- table, until a pattern is found that matches the search
+ Patterns are applied in the order as specified in the
+ table, until a pattern is found that matches the search
string.
- Results are the same as with indexed file lookups, with
- the additional feature that parenthesized substrings from
+ Results are the same as with indexed file lookups, with
+ the additional feature that parenthesized substrings from
the pattern can be interpolated as $1, $2 and so on.
TCP-BASED TABLES
- This section describes how the table lookups change when
+ This section describes how the table lookups change when
lookups are directed to a TCP-based server. For a descrip-
- tion of the TCP client/server lookup protocol, see
- tcp_table(5). This feature is not available up to and
+ tion of the TCP client/server lookup protocol, see
+ tcp_table(5). This feature is not available up to and
including Postfix version 2.2.
Each lookup operation uses the entire address once. Thus,
- user@domain mail addresses are not broken up into their
+ user@domain mail addresses are not broken up into their
user and @domain constituent parts, nor is user+foo broken
up into user and foo.
Results are the same as with indexed file lookups.
BUGS
- The table format does not understand quoting conventions.
+ The table format does not understand quoting conventions.
CONFIGURATION PARAMETERS
- The following main.cf parameters are especially relevant.
- The text below provides only a parameter summary. See
+ The following main.cf parameters are especially relevant.
+ The text below provides only a parameter summary. See
postconf(5) for more details including examples.
canonical_classes
- What addresses are subject to canonical address
+ What addresses are subject to canonical address
mapping.
canonical_maps
@@ -179,24 +182,16 @@ CANONICAL(5) CANONICAL(5)
header sender addresses.
propagate_unmatched_extensions
- A list of address rewriting or forwarding mecha-
- nisms that propagate an address extension from the
- original address to the result. Specify zero or
- more of canonical, virtual, alias, forward,
+ A list of address rewriting or forwarding mecha-
+ nisms that propagate an address extension from the
+ original address to the result. Specify zero or
+ more of canonical, virtual, alias, forward,
include, or generics.
Other parameters of interest:
- append_at_myorigin
- Do or don't append "@$myorigin" to addresses with-
- out domain. This must be turned on in Postfix.
-
- append_dot_mydomain
- Do or don't append ".$mydomain" to addresses with-
- out "." on the right-hand side of the @.
-
inet_interfaces
- The network interface addresses that this system
+ The network interface addresses that this system
receives mail on. You need to stop and start Post-
fix when this parameter changes.
@@ -206,20 +201,20 @@ CANONICAL(5) CANONICAL(5)
tor.
masquerade_classes
- List of address classes subject to masquerading:
- zero or more of envelope_sender, envelope_recipi-
+ List of address classes subject to masquerading:
+ zero or more of envelope_sender, envelope_recipi-
ent, header_sender, header_recipient.
masquerade_domains
- List of domains that hide their subdomain struc-
+ List of domains that hide their subdomain struc-
ture.
masquerade_exceptions
- List of user names that are not subject to address
+ List of user names that are not subject to address
masquerading.
mydestination
- List of domains that this mail system considers
+ List of domains that this mail system considers
local.
myorigin
@@ -240,7 +235,7 @@ CANONICAL(5) CANONICAL(5)
ADDRESS_REWRITING_README, address rewriting guide
LICENSE
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
AUTHOR(S)
diff --git a/postfix/html/generics.5.html b/postfix/html/generics.5.html
index e414db163..33b466f70 100644
--- a/postfix/html/generics.5.html
+++ b/postfix/html/generics.5.html
@@ -95,60 +95,63 @@ GENERICS(5) GENERICS(5)
o When the result has the form @otherdomain, the
result becomes the same user in otherdomain.
- o The result is rewritten as specified with
- append_at_myorigin or with append_dot_mydomain.
+ o When "append_at_myorigin=yes", append "@$myorigin"
+ to addresses without "@domain".
+
+ o When "append_dot_mydomain=yes", append ".$mydomain"
+ to addresses without ".domain".
ADDRESS EXTENSION
When a mail address localpart contains the optional recip-
- ient delimiter (e.g., user+foo@domain), the lookup order
+ ient delimiter (e.g., user+foo@domain), the lookup order
becomes: user+foo@domain, user@domain, user+foo, user, and
@domain.
- The propagate_unmatched_extensions parameter controls
- whether an unmatched address extension (+foo) is propa-
+ The propagate_unmatched_extensions parameter controls
+ whether an unmatched address extension (+foo) is propa-
gated to the result of table lookup.
REGULAR EXPRESSION TABLES
- This section describes how the table lookups change when
+ This section describes how the table lookups change when
the table is given in the form of regular expressions. For
- a description of regular expression lookup table syntax,
+ a description of regular expression lookup table syntax,
see regexp_table(5) or pcre_table(5).
- Each pattern is a regular expression that is applied to
+ Each pattern is a regular expression that is applied to
the entire address being looked up. Thus, user@domain mail
- addresses are not broken up into their user and @domain
+ addresses are not broken up into their user and @domain
constituent parts, nor is user+foo broken up into user and
foo.
- Patterns are applied in the order as specified in the
- table, until a pattern is found that matches the search
+ Patterns are applied in the order as specified in the
+ table, until a pattern is found that matches the search
string.
- Results are the same as with indexed file lookups, with
- the additional feature that parenthesized substrings from
+ Results are the same as with indexed file lookups, with
+ the additional feature that parenthesized substrings from
the pattern can be interpolated as $1, $2 and so on.
TCP-BASED TABLES
- This section describes how the table lookups change when
+ This section describes how the table lookups change when
lookups are directed to a TCP-based server. For a descrip-
- tion of the TCP client/server lookup protocol, see
- tcp_table(5). This feature is not available up to and
+ tion of the TCP client/server lookup protocol, see
+ tcp_table(5). This feature is not available up to and
including Postfix version 2.2.
Each lookup operation uses the entire address once. Thus,
- user@domain mail addresses are not broken up into their
+ user@domain mail addresses are not broken up into their
user and @domain constituent parts, nor is user+foo broken
up into user and foo.
Results are the same as with indexed file lookups.
EXAMPLE
- The following shows a generic mapping with an indexed
- file. When mail is sent to a remote host via SMTP, this
- replaces his@localdomain.local by his ISP mail address,
- replaces her@localdomain.local by her ISP mail address,
- and replaces other local addresses by his ISP account,
- with an address extension of +local (this example assumes
+ The following shows a generic mapping with an indexed
+ file. When mail is sent to a remote host via SMTP, this
+ replaces his@localdomain.local by his ISP mail address,
+ replaces her@localdomain.local by her ISP mail address,
+ and replaces other local addresses by his ISP account,
+ with an address extension of +local (this example assumes
that the ISP supports "+" style address extensions).
/etc/postfix/main.cf:
@@ -159,43 +162,35 @@ GENERICS(5) GENERICS(5)
her@localdomain.local heraccount@herisp.example
@localdomain.local hisaccount+local@hisisp.example
- Execute the command "postmap /etc/postfix/generics" when-
- ever the table is changed. Instead of hash, some systems
- use dbm database files. To find out what tables your sys-
+ Execute the command "postmap /etc/postfix/generics" when-
+ ever the table is changed. Instead of hash, some systems
+ use dbm database files. To find out what tables your sys-
tem supports use the command "postconf -m".
BUGS
- The table format does not understand quoting conventions.
+ The table format does not understand quoting conventions.
CONFIGURATION PARAMETERS
- The following main.cf parameters are especially relevant.
- The text below provides only a parameter summary. See
+ The following main.cf parameters are especially relevant.
+ The text below provides only a parameter summary. See
postconf(5) for more details including examples.
smtp_generics_maps
Address mapping lookup table for envelope and
- header sender and recipient addresses while deliv-
+ header sender and recipient addresses while deliv-
ering mail via SMTP.
propagate_unmatched_extensions
- A list of address rewriting or forwarding mecha-
- nisms that propagate an address extension from the
- original address to the result. Specify zero or
- more of canonical, virtual, alias, forward,
+ A list of address rewriting or forwarding mecha-
+ nisms that propagate an address extension from the
+ original address to the result. Specify zero or
+ more of canonical, virtual, alias, forward,
include, or generics.
Other parameters of interest:
- append_at_myorigin
- Do or don't append "@$myorigin" to addresses with-
- out domain. This must be turned on in Postfix.
-
- append_dot_mydomain
- Do or don't append ".$mydomain" to addresses with-
- out "." on the right-hand side of the @.
-
inet_interfaces
- The network interface addresses that this system
+ The network interface addresses that this system
receives mail on. You need to stop and start Post-
fix when this parameter changes.
@@ -205,7 +200,7 @@ GENERICS(5) GENERICS(5)
tor.
mydestination
- List of domains that this mail system considers
+ List of domains that this mail system considers
local.
myorigin
@@ -225,7 +220,7 @@ GENERICS(5) GENERICS(5)
ADDRESS_REWRITING_README, address rewriting guide
LICENSE
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
HISTORY
diff --git a/postfix/html/virtual.5.html b/postfix/html/virtual.5.html
index 4b9f30bb5..c5f42cdd5 100644
--- a/postfix/html/virtual.5.html
+++ b/postfix/html/virtual.5.html
@@ -109,34 +109,37 @@ VIRTUAL(5) VIRTUAL(5)
works only for the first address in a multi-address
lookup result.
- o The result is rewritten as specified with
- append_at_myorigin or with append_dot_mydomain.
+ o When "append_at_myorigin=yes", append "@$myorigin"
+ to addresses without "@domain".
+
+ o When "append_dot_mydomain=yes", append ".$mydomain"
+ to addresses without ".domain".
ADDRESS EXTENSION
When a mail address localpart contains the optional recip-
- ient delimiter (e.g., user+foo@domain), the lookup order
+ ient delimiter (e.g., user+foo@domain), the lookup order
becomes: user+foo@domain, user@domain, user+foo, user, and
@domain.
- The propagate_unmatched_extensions parameter controls
- whether an unmatched address extension (+foo) is propa-
+ The propagate_unmatched_extensions parameter controls
+ whether an unmatched address extension (+foo) is propa-
gated to the result of table lookup.
VIRTUAL ALIAS DOMAINS
- Besides virtual aliases, the virtual alias table can also
+ Besides virtual aliases, the virtual alias table can also
be used to implement virtual alias domains. With a virtual
- alias domain, all recipient addresses are aliased to
+ alias domain, all recipient addresses are aliased to
addresses in other domains.
Virtual alias domains are not to be confused with the vir-
tual mailbox domains that are implemented with the Postfix
virtual(8) mail delivery agent. With virtual mailbox
- domains, each recipient address can have its own mailbox.
+ domains, each recipient address can have its own mailbox.
- With a virtual alias domain, the virtual domain has its
- own user name space. Local (i.e. non-virtual) usernames
- are not visible in a virtual alias domain. In particular,
- local aliases(5) and local mailing lists are not visible
+ With a virtual alias domain, the virtual domain has its
+ own user name space. Local (i.e. non-virtual) usernames
+ are not visible in a virtual alias domain. In particular,
+ local aliases(5) and local mailing lists are not visible
as localname@virtual-alias.domain.
Support for a virtual alias domain looks like:
@@ -144,7 +147,7 @@ VIRTUAL(5) VIRTUAL(5)
/etc/postfix/main.cf:
virtual_alias_maps = hash:/etc/postfix/virtual
- Note: some systems use dbm databases instead of hash.
+ Note: some systems use dbm databases instead of hash.
See the output from "postconf -m" for available
database types.
@@ -154,103 +157,95 @@ VIRTUAL(5) VIRTUAL(5)
user1@virtual-alias.domain address1
user2@virtual-alias.domain address2, address3
- The virtual-alias.domain anything entry is required for a
+ The virtual-alias.domain anything entry is required for a
virtual alias domain. Without this entry, mail is rejected
- with "relay access denied", or bounces with "mail loops
+ with "relay access denied", or bounces with "mail loops
back to myself".
- Do not specify virtual alias domain names in the main.cf
+ Do not specify virtual alias domain names in the main.cf
mydestination or relay_domains configuration parameters.
- With a virtual alias domain, the Postfix SMTP server
- accepts mail for known-user@virtual-alias.domain, and
- rejects mail for unknown-user@virtual-alias.domain as
+ With a virtual alias domain, the Postfix SMTP server
+ accepts mail for known-user@virtual-alias.domain, and
+ rejects mail for unknown-user@virtual-alias.domain as
undeliverable.
- Instead of specifying the virtual alias domain name via
- the virtual_alias_maps table, you may also specify it via
+ Instead of specifying the virtual alias domain name via
+ the virtual_alias_maps table, you may also specify it via
the main.cf virtual_alias_domains configuration parameter.
- This latter parameter uses the same syntax as the main.cf
+ This latter parameter uses the same syntax as the main.cf
mydestination configuration parameter.
REGULAR EXPRESSION TABLES
- This section describes how the table lookups change when
+ This section describes how the table lookups change when
the table is given in the form of regular expressions. For
- a description of regular expression lookup table syntax,
+ a description of regular expression lookup table syntax,
see regexp_table(5) or pcre_table(5).
- Each pattern is a regular expression that is applied to
+ Each pattern is a regular expression that is applied to
the entire address being looked up. Thus, user@domain mail
- addresses are not broken up into their user and @domain
+ addresses are not broken up into their user and @domain
constituent parts, nor is user+foo broken up into user and
foo.
- Patterns are applied in the order as specified in the
- table, until a pattern is found that matches the search
+ Patterns are applied in the order as specified in the
+ table, until a pattern is found that matches the search
string.
- Results are the same as with indexed file lookups, with
- the additional feature that parenthesized substrings from
+ Results are the same as with indexed file lookups, with
+ the additional feature that parenthesized substrings from
the pattern can be interpolated as $1, $2 and so on.
TCP-BASED TABLES
- This section describes how the table lookups change when
+ This section describes how the table lookups change when
lookups are directed to a TCP-based server. For a descrip-
- tion of the TCP client/server lookup protocol, see
- tcp_table(5). This feature is not available up to and
+ tion of the TCP client/server lookup protocol, see
+ tcp_table(5). This feature is not available up to and
including Postfix version 2.2.
Each lookup operation uses the entire address once. Thus,
- user@domain mail addresses are not broken up into their
+ user@domain mail addresses are not broken up into their
user and @domain constituent parts, nor is user+foo broken
up into user and foo.
Results are the same as with indexed file lookups.
BUGS
- The table format does not understand quoting conventions.
+ The table format does not understand quoting conventions.
CONFIGURATION PARAMETERS
- The following main.cf parameters are especially relevant
- to this topic. See the Postfix main.cf file for syntax
- details and for default values. Use the "postfix reload"
+ The following main.cf parameters are especially relevant
+ to this topic. See the Postfix main.cf file for syntax
+ details and for default values. Use the "postfix reload"
command after a configuration change.
virtual_alias_maps
List of virtual aliasing tables.
virtual_alias_domains
- List of virtual alias domains. This uses the same
+ List of virtual alias domains. This uses the same
syntax as the mydestination parameter.
propagate_unmatched_extensions
- A list of address rewriting or forwarding mecha-
- nisms that propagate an address extension from the
- original address to the result. Specify zero or
- more of canonical, virtual, alias, forward,
+ A list of address rewriting or forwarding mecha-
+ nisms that propagate an address extension from the
+ original address to the result. Specify zero or
+ more of canonical, virtual, alias, forward,
include, or generics.
Other parameters of interest:
- append_at_myorigin
- Do or don't append "@$myorigin" to addresses with-
- out domain. This must be turned on in Postfix.
-
- append_dot_mydomain
- Do or don't append ".$mydomain" to addresses with-
- out "." on the right-hand side of the @.
-
inet_interfaces
- The network interface addresses that this system
+ The network interface addresses that this system
receives mail on. You need to stop and start Post-
fix when this parameter changes.
mydestination
- List of domains that this mail system considers
+ List of domains that this mail system considers
local.
myorigin
- The domain that is appended to any address that
+ The domain that is appended to any address that
does not have a domain.
owner_request_special
@@ -274,7 +269,7 @@ VIRTUAL(5) VIRTUAL(5)
VIRTUAL_README, domain hosting guide
LICENSE
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
AUTHOR(S)
diff --git a/postfix/man/man5/canonical.5 b/postfix/man/man5/canonical.5
index fb7163057..8dd791b49 100644
--- a/postfix/man/man5/canonical.5
+++ b/postfix/man/man5/canonical.5
@@ -104,8 +104,11 @@ The lookup result is subject to address rewriting:
When the result has the form @\fIotherdomain\fR, the
result becomes the same \fIuser\fR in \fIotherdomain\fR.
.IP \(bu
-The result is rewritten as specified with \fBappend_at_myorigin\fR
-or with \fBappend_dot_mydomain\fR.
+When "\fBappend_at_myorigin=yes\fR", append "\fB@$myorigin\fR"
+to addresses without "@domain".
+.IP \(bu
+When "\fBappend_dot_mydomain=yes\fR", append
+"\fB.$mydomain\fR" to addresses without ".domain".
.SH "ADDRESS EXTENSION"
.na
.nf
@@ -185,12 +188,6 @@ Specify zero or more of \fBcanonical\fR, \fBvirtual\fR, \fBalias\fR,
\fBforward\fR, \fBinclude\fR, or \fBgenerics\fR.
.PP
Other parameters of interest:
-.IP \fBappend_at_myorigin\fR
-Do or don't append "\fB@$myorigin\fR" to addresses without domain.
-This must be turned on in Postfix.
-.IP \fBappend_dot_mydomain\fR
-Do or don't append "\fB.$mydomain\fR" to addresses without "." on
-the right-hand side of the @.
.IP \fBinet_interfaces\fR
The network interface addresses that this system receives mail on.
You need to stop and start Postfix when this parameter changes.
diff --git a/postfix/man/man5/generics.5 b/postfix/man/man5/generics.5
index 881ec4716..633a2a11f 100644
--- a/postfix/man/man5/generics.5
+++ b/postfix/man/man5/generics.5
@@ -94,8 +94,11 @@ The lookup result is subject to address rewriting:
When the result has the form @\fIotherdomain\fR, the
result becomes the same \fIuser\fR in \fIotherdomain\fR.
.IP \(bu
-The result is rewritten as specified with \fBappend_at_myorigin\fR
-or with \fBappend_dot_mydomain\fR.
+When "\fBappend_at_myorigin=yes\fR", append "\fB@$myorigin\fR"
+to addresses without "@domain".
+.IP \(bu
+When "\fBappend_dot_mydomain=yes\fR", append
+"\fB.$mydomain\fR" to addresses without ".domain".
.SH "ADDRESS EXTENSION"
.na
.nf
@@ -202,12 +205,6 @@ Specify zero or more of \fBcanonical\fR, \fBvirtual\fR, \fBalias\fR,
\fBforward\fR, \fBinclude\fR, or \fBgenerics\fR.
.PP
Other parameters of interest:
-.IP \fBappend_at_myorigin\fR
-Do or don't append "\fB@$myorigin\fR" to addresses without domain.
-This must be turned on in Postfix.
-.IP \fBappend_dot_mydomain\fR
-Do or don't append "\fB.$mydomain\fR" to addresses without "." on
-the right-hand side of the @.
.IP \fBinet_interfaces\fR
The network interface addresses that this system receives mail on.
You need to stop and start Postfix when this parameter changes.
diff --git a/postfix/man/man5/virtual.5 b/postfix/man/man5/virtual.5
index 2f6b868a8..c83ea011f 100644
--- a/postfix/man/man5/virtual.5
+++ b/postfix/man/man5/virtual.5
@@ -102,8 +102,11 @@ result becomes the same \fIuser\fR in \fIotherdomain\fR.
This works only for the first address in a multi-address
lookup result.
.IP \(bu
-The result is rewritten as specified with \fBappend_at_myorigin\fR
-or with \fBappend_dot_mydomain\fR.
+When "\fBappend_at_myorigin=yes\fR", append "\fB@$myorigin\fR"
+to addresses without "@domain".
+.IP \(bu
+When "\fBappend_dot_mydomain=yes\fR", append
+"\fB.$mydomain\fR" to addresses without ".domain".
.SH "ADDRESS EXTENSION"
.na
.nf
@@ -238,12 +241,6 @@ Specify zero or more of \fBcanonical\fR, \fBvirtual\fR, \fBalias\fR,
\fBforward\fR, \fBinclude\fR, or \fBgenerics\fR.
.PP
Other parameters of interest:
-.IP \fBappend_at_myorigin\fR
-Do or don't append "\fB@$myorigin\fR" to addresses without domain.
-This must be turned on in Postfix.
-.IP \fBappend_dot_mydomain\fR
-Do or don't append "\fB.$mydomain\fR" to addresses without "." on
-the right-hand side of the @.
.IP \fBinet_interfaces\fR
The network interface addresses that this system receives mail on.
You need to stop and start Postfix when this parameter changes.
diff --git a/postfix/proto/SMTPD_POLICY_README.html b/postfix/proto/SMTPD_POLICY_README.html
index a6573ad72..4c7315a3d 100644
--- a/postfix/proto/SMTPD_POLICY_README.html
+++ b/postfix/proto/SMTPD_POLICY_README.html
@@ -386,7 +386,7 @@ http://www.monkeys.com/anti-spam/filtering/sender-domain-validate.in.
5 reject_unauth_destination
6 check_sender_access hash:/etc/postfix/sender_access
7 ...
- 8 restriction_classes = greylist
+ 8 smtpd_restriction_classes = greylist
9 greylist = check_policy_service unix:private/policy
10
11 /etc/postfix/sender_access:
diff --git a/postfix/proto/canonical b/postfix/proto/canonical
index 71fb2b2e0..81d3ad381 100644
--- a/postfix/proto/canonical
+++ b/postfix/proto/canonical
@@ -92,8 +92,11 @@
# When the result has the form @\fIotherdomain\fR, the
# result becomes the same \fIuser\fR in \fIotherdomain\fR.
# .IP \(bu
-# The result is rewritten as specified with \fBappend_at_myorigin\fR
-# or with \fBappend_dot_mydomain\fR.
+# When "\fBappend_at_myorigin=yes\fR", append "\fB@$myorigin\fR"
+# to addresses without "@domain".
+# .IP \(bu
+# When "\fBappend_dot_mydomain=yes\fR", append
+# "\fB.$mydomain\fR" to addresses without ".domain".
# ADDRESS EXTENSION
# .fi
# .ad
@@ -163,12 +166,6 @@
# \fBforward\fR, \fBinclude\fR, or \fBgenerics\fR.
# .PP
# Other parameters of interest:
-# .IP \fBappend_at_myorigin\fR
-# Do or don't append "\fB@$myorigin\fR" to addresses without domain.
-# This must be turned on in Postfix.
-# .IP \fBappend_dot_mydomain\fR
-# Do or don't append "\fB.$mydomain\fR" to addresses without "." on
-# the right-hand side of the @.
# .IP \fBinet_interfaces\fR
# The network interface addresses that this system receives mail on.
# You need to stop and start Postfix when this parameter changes.
diff --git a/postfix/proto/generics b/postfix/proto/generics
index b63b5383b..648815d1d 100644
--- a/postfix/proto/generics
+++ b/postfix/proto/generics
@@ -82,8 +82,11 @@
# When the result has the form @\fIotherdomain\fR, the
# result becomes the same \fIuser\fR in \fIotherdomain\fR.
# .IP \(bu
-# The result is rewritten as specified with \fBappend_at_myorigin\fR
-# or with \fBappend_dot_mydomain\fR.
+# When "\fBappend_at_myorigin=yes\fR", append "\fB@$myorigin\fR"
+# to addresses without "@domain".
+# .IP \(bu
+# When "\fBappend_dot_mydomain=yes\fR", append
+# "\fB.$mydomain\fR" to addresses without ".domain".
# ADDRESS EXTENSION
# .fi
# .ad
@@ -178,12 +181,6 @@
# \fBforward\fR, \fBinclude\fR, or \fBgenerics\fR.
# .PP
# Other parameters of interest:
-# .IP \fBappend_at_myorigin\fR
-# Do or don't append "\fB@$myorigin\fR" to addresses without domain.
-# This must be turned on in Postfix.
-# .IP \fBappend_dot_mydomain\fR
-# Do or don't append "\fB.$mydomain\fR" to addresses without "." on
-# the right-hand side of the @.
# .IP \fBinet_interfaces\fR
# The network interface addresses that this system receives mail on.
# You need to stop and start Postfix when this parameter changes.
diff --git a/postfix/proto/virtual b/postfix/proto/virtual
index 987c7e650..b4e7cf30a 100644
--- a/postfix/proto/virtual
+++ b/postfix/proto/virtual
@@ -90,8 +90,11 @@
# This works only for the first address in a multi-address
# lookup result.
# .IP \(bu
-# The result is rewritten as specified with \fBappend_at_myorigin\fR
-# or with \fBappend_dot_mydomain\fR.
+# When "\fBappend_at_myorigin=yes\fR", append "\fB@$myorigin\fR"
+# to addresses without "@domain".
+# .IP \(bu
+# When "\fBappend_dot_mydomain=yes\fR", append
+# "\fB.$mydomain\fR" to addresses without ".domain".
# ADDRESS EXTENSION
# .fi
# .ad
@@ -214,12 +217,6 @@
# \fBforward\fR, \fBinclude\fR, or \fBgenerics\fR.
# .PP
# Other parameters of interest:
-# .IP \fBappend_at_myorigin\fR
-# Do or don't append "\fB@$myorigin\fR" to addresses without domain.
-# This must be turned on in Postfix.
-# .IP \fBappend_dot_mydomain\fR
-# Do or don't append "\fB.$mydomain\fR" to addresses without "." on
-# the right-hand side of the @.
# .IP \fBinet_interfaces\fR
# The network interface addresses that this system receives mail on.
# You need to stop and start Postfix when this parameter changes.
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index a5b3b3755..5cfbb0730 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
* Patches change the patchlevel and the release date. Snapshots change the
* release date only.
*/
-#define MAIL_RELEASE_DATE "20050209"
+#define MAIL_RELEASE_DATE "20050210"
#define MAIL_VERSION_NUMBER "2.2"
#define VAR_MAIL_VERSION "mail_version"
diff --git a/postfix/src/smtp/smtp_connect.c b/postfix/src/smtp/smtp_connect.c
index f712ac089..ecaa2ebfa 100644
--- a/postfix/src/smtp/smtp_connect.c
+++ b/postfix/src/smtp/smtp_connect.c
@@ -558,7 +558,7 @@ int smtp_connect(SMTP_STATE *state)
* getting lost in the complexity.
*/
#define IS_FALLBACK_RELAY(cpp, sites, non_fallback_sites) \
- ((cpp) >= (sites)->argv + (non_fallback_sites))
+ (*(cpp) && (cpp) >= (sites)->argv + (non_fallback_sites))
for (cpp = sites->argv; SMTP_RCPT_LEFT(state) > 0 && (dest = *cpp) != 0; cpp++) {
if (i_am_mx && IS_FALLBACK_RELAY(cpp, sites, non_fallback_sites))
diff --git a/postfix/src/smtp/smtp_map11.c b/postfix/src/smtp/smtp_map11.c
index 11ec50d03..fe3244df0 100644
--- a/postfix/src/smtp/smtp_map11.c
+++ b/postfix/src/smtp/smtp_map11.c
@@ -162,6 +162,7 @@ int main(int argc, char **argv)
msg_info("-- end %s --", *argv);
}
vstring_free(buf);
+ maps_free(maps);
return (0);
}
diff --git a/postfix/src/tls/Makefile.in b/postfix/src/tls/Makefile.in
index 37aa5a5dc..0ef0419d4 100644
--- a/postfix/src/tls/Makefile.in
+++ b/postfix/src/tls/Makefile.in
@@ -25,7 +25,7 @@ MAKES =
all: $(LIB)
Makefile: Makefile.in
- (echo "# DO NOT EDIT"; $(OPTS) $(SHELL) ../../makedefs && cat $?) >$@
+ (echo "# DO NOT EDIT"; tail +2 ../../conf/makedefs.out; cat $?) >$@
test: $(TESTPROG)
diff --git a/postfix/src/tls/tls_scache.c b/postfix/src/tls/tls_scache.c
index 1788cd077..e679d049e 100644
--- a/postfix/src/tls/tls_scache.c
+++ b/postfix/src/tls/tls_scache.c
@@ -372,7 +372,8 @@ int tls_scache_lookup(TLS_SCACHE *cp, const char *cache_id,
/*
* Initialize. Don't leak data.
*/
- VSTRING_RESET(session);
+ if (session)
+ VSTRING_RESET(session);
/*
* Search the cache database.
@@ -446,30 +447,66 @@ int tls_scache_sequence(TLS_SCACHE *cp, int first_next,
{
const char *member;
const char *value;
- char *saved_member;
+ char *saved_cursor;
+ int seq_status;
+
+ /*
+ * XXX Deleting entries while enumerating a map can he tricky. Some map
+ * types have a concept of cursor and support a "delete the current
+ * element" operation. Some map types without cursors don't behave well
+ * when the current first/next entry is deleted (example: Berkeley DB <
+ * 2). To avoid trouble, we delete an expired entry after advancing the
+ * current first/next position beyond it, and ignore client requests to
+ * delete the current entry.
+ */
/*
* Find the first or next database entry.
*/
- if (dict_seq(cp->db, first_next, &member, &value) != 0)
+ seq_status = dict_seq(cp->db, first_next, &member, &value);
+
+ /*
+ * Delete behind. This is a no-op if an expired cache entry was updated
+ * in the mean time.
+ */
+ if (cp->flags & TLS_SCACHE_FLAG_DEL_CURSOR) {
+ cp->flags &= ~TLS_SCACHE_FLAG_DEL_CURSOR;
+ saved_cursor = cp->saved_cursor;
+ cp->saved_cursor = 0;
+ tls_scache_lookup(cp, saved_cursor, TLS_SCACHE_ANY_OPENSSL_VSN,
+ TLS_SCACHE_ANY_FLAGS, (long *) 0, (int *) 0,
+ (VSTRING *) 0);
+ myfree(saved_cursor);
+ } else {
+ if (cp->saved_cursor)
+ myfree(cp->saved_cursor);
+ cp->saved_cursor = 0;
+ }
+
+ /*
+ * Did we find a first or next database entry?
+ */
+ if (seq_status != 0)
return (0); /* End of list reached */
+ /*
+ * Safety against client requests to delete the current first/next entry.
+ */
+ cp->saved_cursor = mystrdup(member);
+
/*
* Activate the passivated cache entry and check the version and time
- * stamp information.
+ * stamp information. Schedule it for deletion if it is bad or too old.
*/
if (tls_scache_decode(cp, member, value, strlen(value), openssl_version,
flags, out_openssl_version, out_flags,
out_session) == 0) {
- saved_member = mystrdup(member);
- tls_scache_delete(cp, saved_member);
- myfree(saved_member);
- return (0);
+ cp->flags |= TLS_SCACHE_FLAG_DEL_CURSOR;
} else {
if (out_cache_id)
*out_cache_id = mystrdup(member);
- return (1);
}
+ return (1);
}
/* tls_scache_delete - delete session from cache */
@@ -484,9 +521,12 @@ int tls_scache_delete(TLS_SCACHE *cp, const char *cache_id)
msg_info("delete %s session id=%s", cp->cache_label, cache_id);
/*
- * Do it.
+ * Do it, unless we would delete the current first/next entry. Some map
+ * types don't have cursors, and some of those don't behave when the
+ * "current" entry is deleted.
*/
- return (dict_del(cp->db, cache_id) == 0);
+ return ((cp->saved_cursor != 0 && strcmp(cp->saved_cursor, cache_id) == 0)
+ || dict_del(cp->db, cache_id) == 0);
}
/* tls_scache_open - open TLS session cache file */
@@ -537,10 +577,12 @@ TLS_SCACHE *tls_scache_open(const char *dbname, const char *cache_label,
* Create the TLS_SCACHE object.
*/
cp = (TLS_SCACHE *) mymalloc(sizeof(*cp));
+ cp->flags = 0;
cp->db = dict;
cp->cache_label = mystrdup(cache_label);
cp->log_level = log_level;
cp->timeout = timeout;
+ cp->saved_cursor = 0;
return (cp);
}
@@ -561,6 +603,8 @@ void tls_scache_close(TLS_SCACHE *cp)
*/
dict_close(cp->db);
myfree(cp->cache_label);
+ if (cp->saved_cursor)
+ myfree(cp->saved_cursor);
myfree((char *) cp);
}
diff --git a/postfix/src/tls/tls_scache.h b/postfix/src/tls/tls_scache.h
index 66025c280..2c828e9cc 100644
--- a/postfix/src/tls/tls_scache.h
+++ b/postfix/src/tls/tls_scache.h
@@ -21,12 +21,16 @@
* External interface.
*/
typedef struct {
+ int flags; /* see below */
DICT *db; /* database handle */
char *cache_label; /* "client" or "server" */
int log_level; /* smtp(d)_tls_log_level */
int timeout; /* smtp(d)_tls_session_cache_timeout */
+ char *saved_cursor; /* cursor cache ID */
} TLS_SCACHE;
+#define TLS_SCACHE_FLAG_DEL_CURSOR (1<<0)
+
extern TLS_SCACHE *tls_scache_open(const char *, const char *, int, int);
extern void tls_scache_close(TLS_SCACHE *);
extern int tls_scache_lookup(TLS_SCACHE *, const char *, long, int, long *, int *, VSTRING *);
diff --git a/postfix/src/util/dict_db.c b/postfix/src/util/dict_db.c
index acdaf4e41..cf0bbefb3 100644
--- a/postfix/src/util/dict_db.c
+++ b/postfix/src/util/dict_db.c
@@ -393,17 +393,19 @@ static int dict_db_sequence(DICT *dict, int function,
dict_errno = 0;
memset(&db_key, 0, sizeof(db_key));
memset(&db_value, 0, sizeof(db_value));
- if (dict_db->cursor == 0)
- db->cursor(db, NULL, &(dict_db->cursor), 0);
/*
* Determine the function.
*/
switch (function) {
case DICT_SEQ_FUN_FIRST:
+ if (dict_db->cursor == 0)
+ db->cursor(db, NULL, &(dict_db->cursor), 0);
db_function = DB_FIRST;
break;
case DICT_SEQ_FUN_NEXT:
+ if (dict_db->cursor == 0)
+ msg_panic("%s: no cursor", myname);
db_function = DB_NEXT;
break;
default:
@@ -421,7 +423,7 @@ static int dict_db_sequence(DICT *dict, int function,
* Database lookup.
*/
status =
- dict_db->cursor->c_get(dict_db->cursor, &db_key, &db_value, DB_NEXT);
+ dict_db->cursor->c_get(dict_db->cursor, &db_key, &db_value, db_function);
if (status != 0 && status != DB_NOTFOUND)
msg_fatal("error [%d] seeking %s: %m", status, dict_db->dict.name);
diff --git a/postfix/src/util/dict_open.c b/postfix/src/util/dict_open.c
index fc892f05b..079c51ee3 100644
--- a/postfix/src/util/dict_open.c
+++ b/postfix/src/util/dict_open.c
@@ -84,7 +84,7 @@
/* With file-based maps, flush I/O buffers to file after each update.
/* Thus feature is not supported with some file-based dictionaries.
/* .IP DICT_FLAG_NO_REGSUB
-/* Disallow regular expression substitution from left-hand side data
+/* Disallow regular expression substitution from left-hand side data
/* into the right-hand side.
/* .IP DICT_FLAG_NO_PROXY
/* Disallow access through the \fBproxymap\fR service.
@@ -143,7 +143,7 @@
/*
/* dict_open_register() adds support for a new dictionary type.
/*
-/* dict_mapnames() returns a sorted list with the names of all available
+/* dict_mapnames() returns a sorted list with the names of all available
/* dictionary types.
/* DIAGNOSTICS
/* Fatal error: open error, unsupported dictionary type, attempt to
@@ -380,7 +380,7 @@ int main(int argc, char **argv)
int open_flags;
char *bufp;
char *cmd;
- char *key;
+ const char *key;
const char *value;
int ch;
@@ -408,18 +408,24 @@ int main(int argc, char **argv)
else
msg_fatal("unknown access mode: %s", argv[2]);
dict_name = argv[optind];
- dict = dict_open(dict_name, open_flags, DICT_FLAG_LOCK);
+ dict = dict_open(dict_name, open_flags, DICT_FLAG_LOCK | DICT_FLAG_DUP_REPLACE);
dict_register(dict_name, dict);
while (vstring_fgets_nonl(inbuf, VSTREAM_IN)) {
bufp = vstring_str(inbuf);
- if ((cmd = mystrtok(&bufp, " ")) == 0 || *bufp == 0) {
- vstream_printf("usage: del key|get key|put key=value\n");
+ if (!isatty(0)) {
+ vstream_printf("> %s\n", bufp);
+ vstream_fflush(VSTREAM_OUT);
+ }
+ if (*bufp == '#')
+ continue;
+ if ((cmd = mystrtok(&bufp, " ")) == 0) {
+ vstream_printf("usage: del key|get key|put key=value|first|next\n");
vstream_fflush(VSTREAM_OUT);
continue;
}
if (dict_changed_name())
msg_warn("dictionary has changed");
- key = vstring_str(unescape(keybuf, mystrtok(&bufp, " =")));
+ key = *bufp ? vstring_str(unescape(keybuf, mystrtok(&bufp, " ="))) : 0;
value = mystrtok(&bufp, " =");
if (strcmp(cmd, "del") == 0 && key && !value) {
if (dict_del(dict, key))
@@ -437,8 +443,22 @@ int main(int argc, char **argv)
} else if (strcmp(cmd, "put") == 0 && key && value) {
dict_put(dict, key, value);
vstream_printf("%s=%s\n", key, value);
+ } else if (strcmp(cmd, "first") == 0 && !key && !value) {
+ if (dict_seq(dict, DICT_SEQ_FUN_FIRST, &key, &value) == 0)
+ vstream_printf("%s=%s\n", key, value);
+ else
+ vstream_printf("%s\n",
+ dict_errno == DICT_ERR_RETRY ?
+ "soft error" : "not found");
+ } else if (strcmp(cmd, "next") == 0 && !key && !value) {
+ if (dict_seq(dict, DICT_SEQ_FUN_NEXT, &key, &value) == 0)
+ vstream_printf("%s=%s\n", key, value);
+ else
+ vstream_printf("%s\n",
+ dict_errno == DICT_ERR_RETRY ?
+ "soft error" : "not found");
} else {
- vstream_printf("usage: del key|get key|put key=value\n");
+ vstream_printf("usage: del key|get key|put key=value|first|next\n");
}
vstream_fflush(VSTREAM_OUT);
}