mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-29 13:18:12 +00:00
Code Issues Releases Wiki Activity

postfix-2.0.16-20031022

Browse Source
This commit is contained in:
Wietse Venema 2003-10-22 00:00:00 -05:00 committed by Viktor Dukhovni
parent 7650921ea0
commit 8a2c6280e8
46 changed files with 744 additions and 261 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
postfix/HISTORY
View File

@ -8625,6 +8625,73 @@ Apologies for any names omitted.
everything that invokes these routines including queue
manager and delivery agents.
20030922
Feature: "XADDR address hostname" SMTP command, for SMTPD
restriction debugging, and for sites with fetchmail-like
software that extracts client information from the first
Received: header. The smtpd_authorized_xaddr_clients
parameter specifies what clients are allowed to use XADDR
(default: none). Files: smtpd/smtpd.c.
20031015
Workaround: smtpd access maps should not apply subdomain
name magic to numerical hostnames. File: smtpd/smtpd_check.c.
Safety: the local delivery agent now defers delivery when
alias lookup produces an empty result. File: local/alias.c.
20031019
Workaround: disable request/reply size limit in attr_scan*.c
to prevent mail from getting stuck when rewriting a malformed
message header. This limit was turned on with snapshot
20030715 to harden the protocol that is used by SMTPD policy
delegation. A "no code change" workaround is to specify
"header_size_limit = $line_length_limit". The proper fix
is to enforce request/reply size limits only for data from
outside of Postfix. Problem reported by Brandon Mullenberg,
Dialup USA. Files: util/attr_scan*.c.
Feature: "XLOGINFO address hostname" SMTP command, so that
Postfix daemons behind SMTPD pass-through proxies log useful
client name/address information instead of localhost[127.0.0.1].
The smtpd_authorized_xloginfo_clients parameter specifies
what clients are allowed to use XLOGINFO (default: none).
Files: smtpd/smtpd.c.
Cleanup: renamed the authorized_verp_clients parameter to
smtpd_authorized_verp_clients for consistency.
20031021
Workaround: the demo greylist script now uses BTREE instead
of HASH files for hopefully better stability. The real fix
is to use a single updater process that serves multiple
clients. That approach seems to work well with the verify
daemon. File: examples/smtpd-policy/smtpd-policy.pl.
20031022
Safety: the SMTP server now warns when the queue_minfree
value is less than twice the message size limit. File:
smtpd/smtpd.c.
Safety: the SMTP server no longer accepts mail when the
amount of free space is less than twice the message size
limit. File: smtpd/smtpd_check.c.
Safety: log a warning and defer mail when canonical or
virtual lookups return a non-address result (like a string
that contains no address). File: global/mail_addr_map.c.
Safety: log a warning and defer mail when any map lookup
returns an empty string result, and explain that "no result"
is expected in case of a "not found" condition. This happens
with incorrectly implemented SQL or LDAP tables. File:
global/maps_find.c.
Open problems:
High: when virtual aliasing is turned off after content
@ -8663,9 +8730,6 @@ Open problems:
Low: sendmail does not store null command-line recipients.
Low: sendmail, not cleanup, should extract recipients from
message headers.
Low: have a configurable list of errno values for mailbox
or maildir delivery that result in deferral rather than
bouncing mail.

7
postfix/README_FILES/FILTER_README
View File

@ -155,6 +155,13 @@ queue, mail will bounce. The same lack of robustness can happen
when the content filtering software itself runs into a resource
problem.
The simple content filter method is not suitable for content filter
actions that are invoked via header_checks or body_checks patterns.
These patterns will be applied again after mail is re-injected with
the Postfix sendmail command, resulting in a mail filtering loop.
Instead, use the advanced content filtering method (see below) and
turn off header_checks or body_checks patterns for filtered mail.
Advanced content filtering example
===================================

85
postfix/README_FILES/SMTPD_PROXY_README
View File

@ -1,15 +1,10 @@
Purpose of the before-queue content filter feature
==================================================
Normally, Postfix receives mail, stores it in the mail queue and
then delivers it. The Postfix SMTP server can be configured to
forward all incoming mail to a content filter (for example, a
real-time SPAM filter) that inspects all mail BEFORE it is stored
in the Postfix mail queue.
[This is not to be confused with the approach described in the
FILTER_README document, where all mail is inspected AFTER it is
stored in the Postfix mail queue]
The Postfix SMTP server can be configured to forward all incoming
mail to a content filter (for example, a real-time SPAM filter)
that inspects all mail BEFORE it is stored in the Postfix mail
queue.
The before-queue content filter is meant to be used as follows:
@ -17,25 +12,32 @@ The before-queue content filter is meant to be used as follows:
Internet -> smtpd -> queue -> smtpd -> cleanup -> queue -> local
Postfix filter Postfix \ virtual etc.
For reference, this is the normal path through Postfix:
Normally, Postfix receives mail, stores it in the mail queue and
then delivers it. The next diagram shows the normal path through
Postfix for mail that arrives via the network:
/ smtp
Internet -> smtpd -> cleanup -> queue -> local
Postfix \ virtual etc.
For comparison, this is the FILTER_README approach with an SMTP-based
after-queue content filter:
/ smtp
Internet -> smtpd -> cleanup -> queue -> local
Postfix ^ v \ virtual etc.
smtpd smtp
Postfix Postfix
\ after /
queue <-
filter
The before-queue content filter is not to be confused with the
approach described in the FILTER_README document, where mail is
filtered AFTER it is stored in the Postfix mail queue. For example,
below is the FILTER_README approach with an SMTP-based after-queue
content filter:
The before-queue content filter receives unfiltered SMTP mail from
Postfix and does one of the following:
/ smtp
Internet -> smtpd -> cleanup -> queue -> local
Postfix ^ v \ virtual etc.
smtpd smtp
Postfix Postfix
\ after /
queue <-
filter
The before-queue content filter functions just like the after-queue
content filter. It receives unfiltered SMTP mail from Postfix and
does one of the following:
1 - Re-inject the mail back into Postfix via SMTP, perhaps after
changing content.
@ -44,7 +46,7 @@ Postfix and does one of the following:
to Postfix. Postfix passes the status back to the remote SMTP
client. This way, Postfix does not have to send a bounce message.
3 - Send the mail somewhere else.
3 - Send the mail somewhere else, or discard the mail.
Limitations
===========
@ -63,24 +65,27 @@ accepting mail or you have to stop filtering the mail.
How Postfix talks to the before-queue content filter
==================================================
Postfix makes one connection per email message. Postfix speaks
ESMTP, but uses no command pipelining. Postfix generates its own
EHLO, DATA and QUIT commands, and forwards unmodified copies of
all the MAIL FROM and RCPT TO commands that the Postfix SMTP server
didn't reject itself. The SMTP proxy server should accept the same
The before-filter Postfix SMTP server connects to the content
filter, delivers one message, and disconnects. While sending mail
into the content filter, Postfix speaks ESMTP but uses no command
pipelining. Postfix generates its own EHLO, XLOGINFO (for logging
the remote client IP address instead of localhost[127.0.0.1]), DATA
and QUIT commands, and forwards unmodified copies of all the MAIL
FROM and RCPT TO commands that the before-filter Postfix SMTP server
didn't reject itself. The SMTP proxy server should accept the same
MAIL FROM and RCPT TO command syntax as the Postfix SMTP server.
Postfix sends no other SMTP commands.
The content filter is expected to pass on unmodified SMTP commands
from a before-filter Postfix SMTP server to an after-filter Postfix
SMTP server that listens on a non-standard port. When the filter
rejects content, it should send a negative SMTP response back to
the before-filter Postfix SMTP server, and it should abort any
connection with the after-filter Postfix SMTP server without
SMTP server that usually listens on a non-standard port. When the
filter rejects content, it should send a negative SMTP response
back to the before-filter Postfix SMTP server, and it should abort
the connection with the after-filter Postfix SMTP server without
completing the SMTP conversation with the after-filter Postfix SMTP
server.
Configuration parameters
Configuration parameters
========================
Parameters that control proxying:
@ -111,21 +116,31 @@ server process without intervening content filter. This useful only
for testing, of course.
/etc/postfix/master.cf
smtp inet n - n - - smtpd
smtp inet n - n - - smtpd
-o smtpd_proxy_filter=26
:26 inet n - n - - smtpd
-o smtpd_authorized_xloginfo_clients=127.0.0.0/8
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o receive_override_options=no_unknown_recipient_checks
-o receive_override_options=no_unknown_recipient_checks
Note: do not specify spaces around the "=" or "," characters.
The ":26" causes Postfix to listen on the localhost address only.
DO NOT expose the secondary SMTP server to the Internet :-)
The smtpd_authorized_xloginfo_clients parameter allows the before
filter SMTP server to pass the remote SMTP client name and address
to the after-filter SMTP server, so that the after-filter Postfix
daemons log the remote client name and address instead of logging
localhost[127.0.0.1].
The other parameter settings avoid duplication of effort that is
done in the "before filter" SMTP server.
The result is as follows:
Internet -> smtpd on port 25 -> smtpd on port 26 -> cleanup -> queue

4
postfix/README_FILES/VERP_README
View File

@ -35,8 +35,8 @@ are used as part of a username or domain name (such as alphanumerics),
or because they are non-ASCII or control characters. And who knows,
some characters may tickle bugs in vulnerable software.
- authorized_verp_clients (default value: $mynetworks) controls
what network clients are allowed to request VERP style delivery.
- smtpd_authorized_verp_clients (default value: none) controls
what SMTP clients are allowed to request VERP style delivery.
Exceptions: the Postfix QMQP server uses its own access control
mechanism, and local submission (via /usr/sbin/sendmail etc.) is
always authorized. To authorize a host, list its name, IP address,

49
postfix/RELEASE_NOTES
View File

@ -22,6 +22,55 @@ snapshot release). Patches change the patchlevel and the release
date. Snapshots change only the release date, unless they include
the same bugfixes as a patch release.
Incompatible changes with Postfix snapshot 2.0.16-20031022
==========================================================
Postfix no longer retries delivery when no MX host has a valid A
record, for compatibility with most other MTAs. This change is made
in anticipation of a possible Verisign "wild-card MX record without
A record" for unregistered domains. To get the old behavior, specify
"smtp_defer_if_no_mx_address_found = yes".
The Postfix SMTP client no longer looks in /etc/hosts by default.
To get the old behavior, specify "smtp_host_lookup = dns, native".
The authorized_verp_clients configuration parameter has been renamed
to smtpd_authorized_verp_clients. This is for consistency with the
new smtpd_authorized_xaddr_clients and smtpd_authorized_xloginfo_clients
configuration parameters that control the use of the new XADDR and
XLOGINFO commands.
The smtpd_authorized_verp_clients parameter now defaults to nothing
(no XVERP command is accepted).
The Postfix SMTP server no longer allows queue_minfree values that
are less than twice the message_size_limit value.
The Postfix SMTP server no longer accepts mail when the amount of
free queue space is less than twice the message_size_limit value.
Major changes with Postfix snapshot 2.0.16-20031022
===================================================
Easier debugging of SMTPD access restrictions. The SMTP command
"XADDR client-address client-hostname" changes Postfix's idea of
the remote client name and address, so that you can pretend to
connect from anywhere on the Internet. Use of this command is
restricted to clients that match the list of names or addresses
specified with the smtpd_authorized_xaddr_clients parameter. By
default, XADDR is not accepted from anywhere.
More useful logging by Postfix daemons behind a real-time SMTP
proxy filter (the logging now shows the remote client name and
address, instead of localhost[127.0.0.1]). This uses the new SMTP
command "XLOGINFO client-address client-hostname", which specifies
the client name and address for logging purposes without changing
the name/address that are used for SMTPD access control. Use of
this command is restricted to clients that match the list of names
or addresses specified with the smtpd_authorized_xloginfo_clients
parameter. By default, XLOGINFO is not accepted from anywhere.
For an example, see the updated SMTPD_PROXY_README file.
Major changes with Postfix snapshot 2.0.16-20030917
===================================================

12
postfix/RELEASE_NOTES-2.0
View File

@ -126,7 +126,10 @@ more flexible "reject_rbl_client" feature instead.
[Obsolete 20021209] The "check_relay_domains" restriction is going
away. The SMTP server logs a warning and suggests using the more
robust "reject_unauth_destination" instead.
robust "reject_unauth_destination" instead. This means that Postfix
by default no longer grants relay permissions on the basis of the
client hostname, and that relay clients must be authorized via
other means such as permit_mynetworks.
[Obsolete 20020917] In regexp lookup tables, the form /pattern1/!/pattern2/
is going away. Use the cleaner and more flexible "if !/pattern2/..endif"
@ -246,7 +249,7 @@ mail relay traffic from outbound traffic. This eliminates a problem
where inbound mail deliveries could become resource starved in the
presence of a high volume of outbound mail.
[Feature 20021013] The body_checks_max_size parameter limits the
[Feature 20021013] The body_checks_size_limit parameter limits the
amount of text per message body segment (or attachment, if you
prefer to use that term) that is subjected to body_checks inspection.
The default limit is 50 kbytes. This speeds up the processing of
@ -399,7 +402,8 @@ or html/uce.html for details.
IP address blacklisting. Based on code by LaMont Jones. The old
"reject_maps_rbl" is now implemented as a wrapper around the
reject_rbl_client code, and logs a warning that "reject_maps_rbl"
is going away.
is going away. To upgrade, specify "reject_rbl_client domainname"
once for each domain name that is listed in maps_rbl_domains.
[Feature 20020923] "reject_rhsbl_sender rbl.domain.tld" for sender
domain blacklisting. Also: reject_rhsbl_client and reject_rhsbl_recipient
@ -657,7 +661,7 @@ mime_header_checks (for MIME headers), and nested_header_checks
(for headers of attached email messages except MIME headers). By
default, all headers are matched with header_checks.
[Feature 20021013] The body_checks_max_size parameter limits the
[Feature 20021013] The body_checks_size_limit parameter limits the
amount of text per message body segment (or attachment, if you
prefer to use that term) that is subjected to body_checks inspection.
The default limit is 50 kbytes. This speeds up the processing of

3
postfix/conf/postfix-files
View File

@ -199,11 +199,14 @@ $readme_directory/MYSQL_README:f:root:-:644
$readme_directory/NFS_README:f:root:-:644
$readme_directory/PACKAGE_README:f:root:-:644
$readme_directory/PCRE_README:f:root:-:644
$readme_directory/PGSQL_README:f:root:-:644
$readme_directory/QMQP_README:f:root:-:644
$readme_directory/RELEASE_NOTES:f:root:-:644
$readme_directory/RESTRICTION_CLASS_README:f:root:-:644
$readme_directory/SASL_README:f:root:-:644
$readme_directory/SCHEDULER_README:f:root:-:644
$readme_directory/SMTPD_POLICY_README:f:root:-:644
$readme_directory/SMTPD_PROXY_README:f:root:-:644
$readme_directory/ULTRIX_README:f:root:-:644
$readme_directory/UUCP_README:f:root:-:644
$readme_directory/VERP_README:f:root:-:644

4
postfix/conf/sample-filter.cf
View File

@ -99,14 +99,14 @@ nested_header_checks = $header_checks
#
body_checks = regexp:/etc/postfix/body_checks
# The body_checks_max_size parameter controls how much text in a
# The body_checks_size_limit parameter controls how much text in a
# message body segment (or attachment, if you prefer to use that
# term) is subjected to body_checks inspection.
#
# By default, only the first 50 kbytes of a message body segment are
# inspected with body_checks patterns.
#
body_checks_max_size = 51200
body_checks_size_limit = 51200
# The receive_override_options parameter controls what input processing
# happens before or after an external content filter.

6
postfix/conf/sample-resource.cf
View File

@ -143,6 +143,12 @@ qmgr_message_recipient_minimum = 10
# space in bytes in the queue file system. This is currently used by
# the SMTP server to decide if it will accept any mail at all.
#
# By default, the SMTP server rejects MAIL FROM commands when the
# amount of free space is less than 2*$message_size_limit.
#
# To specify a higher minimum free space limit, specify a value that
# is at least 2*$message_size_limit.
#
queue_minfree = 0
# The stale_lock_time parameter limits the time after which a stale

11
postfix/conf/sample-smtp.cf
View File

@ -65,6 +65,17 @@ smtp_never_send_ehlo = no
#
#smtp_bind_address=111.222.333.444
# The smtp_defer_if_no_mx_address_found parameter controls what
# Postfix will do when no MX record resolves to an IP address (Postfix
# always ignores MX records with equal or worse preference than the
# local MTA).
#
# The default (no) is to return the mail as undeliverable. With older
# Postfix versions the default was to keep trying to deliver the mail
# until someone fixed the MX record or until the mail was too old.
#
smtp_defer_if_no_mx_address_found = no
# The smtp_line_length_limit parameter controls the length of
# message header and body lines that Postfix will send via SMTP.
# Lines that are longer are broken by inserting <CR> <LF> <SPACE>.

68
postfix/conf/sample-smtpd.cf
View File

@ -47,10 +47,10 @@
#local_recipient_maps = unix:passwd.byname $alias_maps
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
# The unknown_local_recipient_reject_code specifies the SMTP server
# response code when a recipient domain matches $mydestination or
# $inet_interfaces, while $local_recipient_maps is non-empty and the
# recipient address or address local-part is not found.
# The unknown_local_recipient_reject_code parameter specifies the
# SMTP server response code when a recipient domain matches $mydestination
# or $inet_interfaces, while $local_recipient_maps is non-empty and
# the recipient address or address local-part is not found.
#
# The default setting is 550 (reject mail) but it is safer to start
# with 450 (try again later) until you are certain that your
@ -113,6 +113,59 @@ unknown_local_recipient_reject_code = 550
#
#disable_vrfy_command = no
# The smtpd_authorized_xaddr_clients parameter specifies what clients
# are allowed to specify the SMTP "XADDR client-address client-name"
# command. This command changes Postfix's idea of the client hostname
# and IP address for logging and for access control. Typical use is
# for SMTPD access testing.
#
# By default, no clients are allowed to specify XADDR.
#
# Specify an explicit list of network/netmask patterns, where the
# mask specifies the number of bits in the network part of a host
# address.
#
# You can also specify the absolute pathname of a pattern file instead
# of listing the patterns here. Specify type:table for table-based lookups
# (the value on the table right-hand side is not used).
#
smtpd_authorized_xaddr_clients =
# The smtpd_authorized_xloginfo_clients parameter specifies what
# clients are allowed to specify the SMTP "XLOGINFO client-address
# client-name" command. This command changes Postfix's idea of the
# client hostname and IP address for logging but not for access
# control. Typical use is for SMTP-based content filters.
#
# By default, no clients are allowed to specify XLOGINFO.
#
# Specify an explicit list of network/netmask patterns, where the
# mask specifies the number of bits in the network part of a host
# address.
#
# You can also specify the absolute pathname of a pattern file instead
# of listing the patterns here. Specify type:table for table-based lookups
# (the value on the table right-hand side is not used).
#
smtpd_authorized_xloginfo_clients =
# The smtpd_authorized_xverp_clients parameter specifies what clients
# are allowed to specify the SMTP XVERP command. This command requests
# that mail be delivered one recipient at a time with a per recipient
# return address.
#
# By default, no clients are allowed to specify XVERP.
#
# Specify an explicit list of network/netmask patterns, where the
# mask specifies the number of bits in the network part of a host
# address.
#
# You can also specify the absolute pathname of a pattern file instead
# of listing the patterns here. Specify type:table for table-based lookups
# (the value on the table right-hand side is not used).
#
smtpd_authorized_xverp_clients =
# The smtpd_banner parameter specifies the text that follows the 220
# status code in the SMTP greeting banner. Some people like to see
# the mail version advertised. By default, Postfix shows no version.
@ -156,9 +209,10 @@ smtpd_banner = $myhostname ESMTP $mail_name
#
smtpd_etrn_restrictions =
# The smtpd_history_flush_threshold specifies how many lines the SMTP
# server command history is allowed to contain before it is flushed
# to postmaster upon receipt of EHLO, RSET, or end of DATA.
# The smtpd_history_flush_threshold parameter specifies how many
# lines the SMTP server command history is allowed to contain before
# it is flushed to postmaster upon receipt of EHLO, RSET, or end of
# DATA.
#
smtpd_history_flush_threshold = 100

6
postfix/examples/smtpd-policy/smtpd-policy.pl
View File

@ -69,7 +69,7 @@ use Sys::Syslog qw(:DEFAULT setlogsock);
# $database_name.time(), so that the mail system does not get stuck.
#
$database_name="/var/mta/smtpd-policy.db";
$greylist_delay=3600;
$greylist_delay=60;
#
# Syslogging options for verbose mode and for fatal errors.
@ -140,7 +140,7 @@ sub open_database {
# Use tied database to make complex manipulations easier to express.
$database_obj = tie(%db_hash, 'DB_File', $database_name,
O_CREAT|O_RDWR, 0644) ||
O_CREAT|O_RDWR, 0644, $DB_BTREE) ||
fatal_exit "Cannot open database %s: $!", $database_name;
$database_fd = $database_obj->fd;
open DATABASE_HANDLE, "+<&=$database_fd" ||
@ -193,7 +193,7 @@ sub update_database {
# out of the way, and start with a new database.
#
sub sigsegv_handler {
my $backup = $database_name . time();
my $backup = $database_name . "." . time();
rename $database_name, $backup ||
fatal_exit "Can't save %s as %s: $!", $database_name, $backup;

4
postfix/html/basic.html
View File

@ -195,8 +195,8 @@ is attached to.
You should set up a <b>postmaster</b> <a
href="rewrite.html#aliases">alias</a> that points to a human person.
This alias is required to exist, so that people can report mail
delivery problems.
The <b>postmaster</b> address is required to exist, so that people
can report mail delivery problems.
<p>

7
postfix/html/faq.html
View File

@ -1081,8 +1081,8 @@ for you.
<p>
On SuSE systems the file permission fixing utulity is called
<b>SuSEconfig</b>. Other Linux systems may use different names.
On SuSE systems the utulity is called <b>SuSEconfig</b>. Other
Linux systems may use different names.
The usual disclaimers about mileages etc. apply.
<p>
@ -1109,7 +1109,8 @@ add to /etc/permissions.local the following line:
</pre>
</blockquote>
and to make sure that in /etc/rc.config,
and to make sure that in the file /etc/sysconfig/security (with
older SuSE versions, in the file /etc/rc.config),
PERMISSIONS_SECURITY mentions local last, EXAMPLE:
<blockquote>

50
postfix/html/master.8.html
View File

@ -1,11 +1,11 @@
<html> <head> </head> <body> <pre>
<html> <body> <pre>
MASTER(8) MASTER(8)
<b>NAME</b>
master - Postfix master process
<b>SYNOPSIS</b>
<b>master</b> [<b>-Dtv</b>] [<b>-c</b> <i>config_dir</i>] [<b>-e</b> <i>exit_time</i>]
<b>master</b> [<b>-Dtv</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] [<b>-e</b> <i>exit</i><b>_</b><i>time</i>]
<b>DESCRIPTION</b>
The <b>master</b> daemon is the resident process that runs Post-
@ -28,19 +28,19 @@ MASTER(8) MASTER(8)
Options:
<b>-c</b> <i>config_dir</i>
<b>-c</b> <i>config</i><b>_</b><i>dir</i>
Read the <b>main.cf</b> and <b>master.cf</b> configuration files
in the named directory instead of the default con-
figuration directory.
<b>-e</b> <i>exit_time</i>
Terminate the master process after <i>exit_time</i> sec-
<b>-e</b> <i>exit</i><b>_</b><i>time</i>
Terminate the master process after <i>exit</i><b>_</b><i>time</i> sec-
onds. Child processes terminate at their conve-
nience.
<b>-D</b> After initialization, run a debugger on the master
process. The debugging command is specified with
the <b>debugger</b><i>_</i><b>command</b> in the <b>main.cf</b> global configu-
the <b>debugger_command</b> in the <b>main.cf</b> global configu-
ration file.
<b>-t</b> Test mode. Return a zero exit status when the <b>mas-</b>
@ -68,7 +68,7 @@ MASTER(8) MASTER(8)
<b>abort</b>), the master process passes the signal on to
its child processes and terminates. This is useful
for an emergency shutdown. Normally one would ter-
minate only the master (<b>postfix</b> <b>stop</b>) and allow
minate only the master (<b>postfix stop</b>) and allow
running processes to finish what they are doing.
<b>DIAGNOSTICS</b>
@ -76,62 +76,62 @@ MASTER(8) MASTER(8)
<b>BUGS</b>
<b>ENVIRONMENT</b>
<b>MAIL</b><i>_</i><b>DEBUG</b>
<b>MAIL_DEBUG</b>
After initialization, start a debugger as specified
with the <b>debugger</b><i>_</i><b>command</b> configuration parameter
with the <b>debugger_command</b> configuration parameter
in the <b>main.cf</b> configuration file.
<b>MAIL</b><i>_</i><b>CONFIG</b>
<b>MAIL_CONFIG</b>
Directory with Postfix configuration files.
<b>CONFIGURATION</b> <b>PARAMETERS</b>
<b>CONFIGURATION PARAMETERS</b>
The following <b>main.cf</b> parameters are especially relevant
to this program. See the Postfix <b>main.cf</b> file for syntax
details and for default values. Use the <b>postfix</b> <b>reload</b>
details and for default values. Use the <b>postfix reload</b>
command after a configuration change.
<b>Miscellaneous</b>
<b>import</b><i>_</i><b>environment</b>
<b>import_environment</b>
<b>export</b><i>_</i><b>environment</b>
<b>export_environment</b>
Lists of names of environment parameters that can
be imported from (exported to) non-Postfix pro-
cesses.
<b>mail</b><i>_</i><b>owner</b>
<b>mail_owner</b>
The owner of the mail queue and of most Postfix
processes.
<b>command</b><i>_</i><b>directory</b>
<b>command_directory</b>
Directory with Postfix support programs.
<b>daemon</b><i>_</i><b>directory</b>
<b>daemon_directory</b>
Directory with Postfix daemon programs.
<b>queue</b><i>_</i><b>directory</b>
<b>queue_directory</b>
Top-level directory of the Postfix queue. This is
also the root directory of Postfix daemons that run
chrooted.
<b>inet</b><i>_</i><b>interfaces</b>
<b>inet_interfaces</b>
The network interface addresses that this system
receives mail on. You need to stop and start Post-
fix when this parameter changes.
<b>Resource</b> <b>controls</b>
<b>default</b><i>_</i><b>process</b><i>_</i><b>limit</b>
<b>Resource controls</b>
<b>default_process_limit</b>
Default limit for the number of simultaneous child
processes that provide a given service.
<b>max</b><i>_</i><b>idle</b>
<b>max_idle</b>
Limit the time in seconds that a child process
waits between service requests.
<b>max</b><i>_</i><b>use</b>
<b>max_use</b>
Limit the number of service requests handled by a
child process.
<b>service</b><i>_</i><b>throttle</b><i>_</i><b>time</b>
<b>service_throttle_time</b>
Time to avoid forking a server that appears to be
broken.
@ -140,7 +140,7 @@ MASTER(8) MASTER(8)
/etc/postfix/master.cf: master process configuration file.
/var/spool/postfix/pid/master.pid: master lock file.
<b>SEE</b> <b>ALSO</b>
<b>SEE ALSO</b>
<a href="qmgr.8.html">qmgr(8)</a> queue manager
<a href="pickup.8.html">pickup(8)</a> local mail pickup
syslogd(8) system logging

107
postfix/html/smtp.8.html
View File

@ -1,4 +1,4 @@
<html> <head> </head> <body> <pre>
<html> <body> <pre>
SMTP(8) SMTP(8)
<b>NAME</b>
@ -52,7 +52,7 @@ SMTP(8) SMTP(8)
rupted message files are marked so that the queue manager
can move them to the <b>corrupt</b> queue for further inspection.
Depending on the setting of the <b>notify</b><i>_</i><b>classes</b> parameter,
Depending on the setting of the <b>notify_classes</b> parameter,
the postmaster is notified of bounces, protocol problems,
and of other trouble.
@ -64,140 +64,140 @@ SMTP(8) SMTP(8)
command after a configuration change.
<b>Miscellaneous</b>
<b>best</b><i>_</i><b>mx</b><i>_</i><b>transport</b>
<b>best_mx_transport</b>
Name of the delivery transport to use when the
local machine is the most-preferred mail exchanger
(by default, a mailer loop is reported, and the
message is bounced).
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>level</b>
<b>debug_peer_level</b>
Verbose logging level increment for hosts that
match a pattern in the <b>debug</b><i>_</i><b>peer</b><i>_</i><b>list</b> parameter.
match a pattern in the <b>debug_peer_list</b> parameter.
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>list</b>
<b>debug_peer_list</b>
List of domain or network patterns. When a remote
host matches a pattern, increase the verbose log-
ging level by the amount specified in the
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>level</b> parameter.
<b>debug_peer_level</b> parameter.
<b>disable</b><i>_</i><b>dns</b><i>_</i><b>lookups</b>
<b>disable_dns_lookups</b>
Disable DNS lookups. This means that mail must be
forwarded via a smart relay host.
<b>smtp</b><i>_</i><b>host</b><i>_</i><b>lookup</b>
<b>smtp_host_lookup</b>
What host lookup mechanism the SMTP client should
use. Specify <b>dns</b> (use DNS lookup) and/or <b>native</b>
(use the native naming service which also uses
/etc/hosts). This setting is ignored when DNS
lookups are disabled.
<b>error</b><i>_</i><b>notice</b><i>_</i><b>recipient</b>
<b>error_notice_recipient</b>
Recipient of protocol/policy/resource/software
error notices.
<b>fallback</b><i>_</i><b>relay</b>
<b>fallback_relay</b>
Hosts to hand off mail to if a message destination
is not found or if a destination is unreachable.
<b>ignore</b><i>_</i><b>mx</b><i>_</i><b>lookup</b><i>_</i><b>error</b>
<b>ignore_mx_lookup_error</b>
When a name server fails to respond to an MX query,
search for an A record, instead of deferring mail
delivery.
<b>inet</b><i>_</i><b>interfaces</b>
<b>inet_interfaces</b>
The network interface addresses that this mail sys-
tem receives mail on. When any of those addresses
appears in the list of mail exchangers for a remote
destination, the list is truncated to avoid mail
delivery loops. See also the <b>proxy</b><i>_</i><b>interfaces</b>
delivery loops. See also the <b>proxy_interfaces</b>
parameter.
<b>notify</b><i>_</i><b>classes</b>
<b>notify_classes</b>
When this parameter includes the <b>protocol</b> class,
send mail to the postmaster with transcripts of
SMTP sessions with protocol errors.
<b>proxy</b><i>_</i><b>interfaces</b>
<b>proxy_interfaces</b>
Network interfaces that this mail system receives
mail on by way of a proxy or network address trans-
lator. When any of those addresses appears in the
list of mail exchangers for a remote destination,
the list is truncated to avoid mail delivery loops.
See also the <b>inet</b><i>_</i><b>interfaces</b> parameter.
See also the <b>inet_interfaces</b> parameter.
<b>smtp</b><i>_</i><b>always</b><i>_</i><b>send</b><i>_</i><b>ehlo</b>
<b>smtp_always_send_ehlo</b>
Always send EHLO at the start of a connection.
<b>smtp</b><i>_</i><b>never</b><i>_</i><b>send</b><i>_</i><b>ehlo</b>
<b>smtp_never_send_ehlo</b>
Never send EHLO at the start of a connection.
<b>smtp</b><i>_</i><b>bind</b><i>_</i><b>address</b>
<b>smtp_bind_address</b>
Numerical source network address to bind to when
making a connection.
<b>smtp</b><i>_</i><b>line</b><i>_</i><b>length</b><i>_</i><b>limit</b>
<b>smtp_line_length_limit</b>
Length limit for SMTP message content lines. Zero
means no limit. Some SMTP servers misbehave on
long lines.
<b>smtp</b><i>_</i><b>helo</b><i>_</i><b>name</b>
<b>smtp_helo_name</b>
The hostname to be used in HELO and EHLO commands.
<b>smtp</b><i>_</i><b>quote</b><i>_</i><b>rfc821</b><i>_</i><b>envelope</b>
<b>smtp_quote_rfc821_envelope</b>
Whether or not to quote MAIL FROM and RCPT TO
addresses as per the rules laid out in <a href="http://www.faqs.org/rfcs/rfc821.html">RFC 821</a>.
<b>smtp</b><i>_</i><b>skip</b><i>_</i><b>4xx</b><i>_</i><b>greeting</b>
<b>smtp_skip_4xx_greeting</b>
Skip servers that greet us with a 4xx status code.
<b>smtp</b><i>_</i><b>skip</b><i>_</i><b>5xx</b><i>_</i><b>greeting</b>
<b>smtp_skip_5xx_greeting</b>
Skip servers that greet us with a 5xx status code.
<b>smtp</b><i>_</i><b>skip</b><i>_</i><b>quit</b><i>_</i><b>response</b>
<b>smtp_skip_quit_response</b>
Do not wait for the server response after sending
QUIT.
<b>smtp</b><i>_</i><b>pix</b><i>_</i><b>workaround</b><i>_</i><b>delay</b><i>_</i><b>time</b>
<b>smtp_pix_workaround_delay_time</b>
The time to pause before sending .&lt;CR&gt;&lt;LF&gt;, while
working around the CISCO PIX firewall
&lt;CR&gt;&lt;LF&gt;.&lt;CR&gt;&lt;LF&gt; bug.
<b>smtp</b><i>_</i><b>pix</b><i>_</i><b>workaround</b><i>_</i><b>threshold</b><i>_</i><b>time</b>
<b>smtp_pix_workaround_threshold_time</b>
The time a message must be queued before the CISCO
PIX firewall &lt;CR&gt;&lt;LF&gt;.&lt;CR&gt;&lt;LF&gt; bug workaround is
turned on.
<b>MIME Conversion</b>
<b>disable</b><i>_</i><b>mime</b><i>_</i><b>output</b><i>_</i><b>conversion</b>
<b>disable_mime_output_conversion</b>
Disable the conversion of 8BITMIME format to 7BIT
format when the remote system does not advertise
8BITMIME support.
<b>mime</b><i>_</i><b>boundary</b><i>_</i><b>length</b><i>_</i><b>limit</b>
<b>mime_boundary_length_limit</b>
The amount of space that will be allocated for MIME
multipart boundary strings. The MIME processor is
unable to distinguish between boundary strings that
do not differ in the first <b>$mime</b><i>_</i><b>bound-</b>
<b>ary</b><i>_</i><b>length</b><i>_</i><b>limit</b> characters.
do not differ in the first <b>$mime_bound-</b>
<b>ary_length_limit</b> characters.
<b>mime</b><i>_</i><b>nesting</b><i>_</i><b>limit</b>
<b>mime_nesting_limit</b>
The maximal nesting level of multipart mail that
the MIME processor can handle. Refuse mail that is
nested deeper, when converting from 8BITMIME format
to 7BIT format.
<b>Authentication controls</b>
<b>smtp</b><i>_</i><b>sasl</b><i>_</i><b>auth</b><i>_</i><b>enable</b>
<b>smtp_sasl_auth_enable</b>
Enable per-session authentication as per <a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a>
(SASL). By default, Postfix is built without SASL
support.
<b>smtp</b><i>_</i><b>sasl</b><i>_</i><b>password</b><i>_</i><b>maps</b>
<b>smtp_sasl_password_maps</b>
Lookup tables with per-host or domain <i>name</i>:<i>password</i>
entries. No entry for a host means no attempt to
authenticate.
<b>smtp</b><i>_</i><b>sasl</b><i>_</i><b>security</b><i>_</i><b>options</b>
<b>smtp_sasl_security_options</b>
Zero or more of the following.
<b>noplaintext</b>
@ -216,15 +216,15 @@ SMTP(8) SMTP(8)
Disallow anonymous logins.
<b>Resource controls</b>
<b>smtp</b><i>_</i><b>destination</b><i>_</i><b>concurrency</b><i>_</i><b>limit</b>
<b>smtp_destination_concurrency_limit</b>
Limit the number of parallel deliveries to the same
destination. The default limit is taken from the
<b>default</b><i>_</i><b>destination</b><i>_</i><b>concurrency</b><i>_</i><b>limit</b> parameter.
<b>default_destination_concurrency_limit</b> parameter.
<b>smtp</b><i>_</i><b>destination</b><i>_</i><b>recipient</b><i>_</i><b>limit</b>
<b>smtp_destination_recipient_limit</b>
Limit the number of recipients per message deliv-
ery. The default limit is taken from the
<b>default</b><i>_</i><b>destination</b><i>_</i><b>recipient</b><i>_</i><b>limit</b> parameter.
<b>default_destination_recipient_limit</b> parameter.
<b>Timeout controls</b>
The default time unit is seconds; an explicit time unit
@ -232,48 +232,55 @@ SMTP(8) SMTP(8)
value: s (seconds), m (minutes), h (hours), d (days) or w
(weeks).
<b>smtp</b><i>_</i><b>connect</b><i>_</i><b>timeout</b>
<b>smtp_connect_timeout</b>
Timeout for completing a TCP connection. When no
connection can be made within the deadline, the
SMTP client tries the next address on the mail
exchanger list.
<b>smtp</b><i>_</i><b>helo</b><i>_</i><b>timeout</b>
<b>smtp_helo_timeout</b>
Timeout for receiving the SMTP greeting banner.
When the server drops the connection without send-
ing a greeting banner, or when it sends no greeting
banner within the deadline, the SMTP client tries
the next address on the mail exchanger list.
<b>smtp</b><i>_</i><b>helo</b><i>_</i><b>timeout</b>
<b>smtp_helo_timeout</b>
Timeout for sending the <b>HELO</b> command, and for
receiving the server response.
<b>smtp</b><i>_</i><b>mail</b><i>_</i><b>timeout</b>
<b>smtp_mail_timeout</b>
Timeout for sending the <b>MAIL FROM</b> command, and for
receiving the server response.
<b>smtp</b><i>_</i><b>rcpt</b><i>_</i><b>timeout</b>
<b>smtp_rcpt_timeout</b>
Timeout for sending the <b>RCPT TO</b> command, and for
receiving the server response.
<b>smtp</b><i>_</i><b>data</b><i>_</i><b>init</b><i>_</i><b>timeout</b>
<b>smtp_data_init_timeout</b>
Timeout for sending the <b>DATA</b> command, and for
receiving the server response.
<b>smtp</b><i>_</i><b>data</b><i>_</i><b>xfer</b><i>_</i><b>timeout</b>
<b>smtp_data_xfer_timeout</b>
Timeout for sending the message content.
<b>smtp</b><i>_</i><b>data</b><i>_</i><b>done</b><i>_</i><b>timeout</b>
<b>smtp_data_done_timeout</b>
Timeout for sending the "<b>.</b>" command, and for
receiving the server response. When no response is
received, a warning is logged that the mail may be
delivered multiple times.
<b>smtp</b><i>_</i><b>rset</b><i>_</i><b>timeout</b>
<b>smtp_defer_if_no_mx_address_found</b>
If no, bounce mail when no MX host resolves to an
address (Postfix always ignores MX hosts with equal
or worse preference than the local MTA). If yes,
keep trying until a suitable MX host resolves or
until the mail is too old.
<b>smtp_rset_timeout</b>
Timeout for sending the <b>RSET</b> command.
<b>smtp</b><i>_</i><b>quit</b><i>_</i><b>timeout</b>
<b>smtp_quit_timeout</b>
Timeout for sending the <b>QUIT</b> command, and for
receiving the server response.

123
postfix/html/smtpd.8.html
View File

@ -166,10 +166,28 @@ SMTPD(8) SMTPD(8)
restriction.
<b>Miscellaneous</b>
<b>authorized_verp_clients</b>
<b>smtpd_authorized_verp_clients</b>
Hostnames, domain names and/or addresses of clients
that are authorized to use the XVERP extension.
<b>smtpd_authorized_xaddr_clients</b>
Hostnames, domain names and/or addresses of clients
that are authorized to use the "XADDR client-
address client-name" command. This changes Post-
fix's idea of the SMTP client IP address and host-
name for access control and for logging purposes.
<b>smtpd_authorized_xloginfo_clients</b>
Hostnames, domain names and/or addresses of clients
that are authorized to use the "XLOGINFO client-
address client-name" command. This changes the
client name and address that are used for logging,
without affecting the client IP address and host-
name that are used for access control. XLOGINFO is
typically used to propagate remote client informa-
tion through an SMTP-based content filter to the
after-filter SMTP server.
<b>debug_peer_level</b>
Increment in verbose logging level when a remote
host matches a pattern in the <b>debug_peer_list</b>
@ -275,7 +293,8 @@ SMTPD(8) SMTPD(8)
<b>queue_minfree</b>
Minimal amount of free space in bytes in the queue
file system for the SMTP server to accept any mail
at all.
at all (default: twice the <b>message_size_limit</b>
value).
<b>smtpd_history_flush_threshold</b>
Flush the command history to postmaster after
@ -289,17 +308,17 @@ SMTPD(8) SMTPD(8)
<b>smtpd_soft_error_limit</b>
When an SMTP client has made this number of errors,
wait <i>error</i><b>_</b><i>count</i> seconds before responding to any
wait <i>error</i><b>_</b><i>count</i> seconds before responding to any
client request.
<b>smtpd_hard_error_limit</b>
Disconnect after a client has made this number of
Disconnect after a client has made this number of
errors.
<b>smtpd_junk_command_limit</b>
Limit the number of times a client can issue a junk
command such as NOOP, VRFY, ETRN or RSET in one
SMTP session before it is penalized with tarpit
command such as NOOP, VRFY, ETRN or RSET in one
SMTP session before it is penalized with tarpit
delays.
<b>Delegated policy</b>
@ -308,17 +327,17 @@ SMTPD(8) SMTPD(8)
receiving from a delegated SMTPD policy server.
<b>smtpd_policy_service_max_idle</b>
Time after which an unused SMTPD policy service
Time after which an unused SMTPD policy service
connection is closed.
<b>smtpd_policy_service_timeout</b>
Time after which an active SMTPD policy service
Time after which an active SMTPD policy service
connection is closed.
<b>UCE control restrictions</b>
<b>parent_domain_matches_subdomains</b>
List of Postfix features that use <i>domain.tld</i> pat-
terns to match <i>sub.domain.tld</i> (as opposed to
List of Postfix features that use <i>domain.tld</i> pat-
terns to match <i>sub.domain.tld</i> (as opposed to
requiring <i>.domain.tld</i> patterns).
<b>smtpd_client_restrictions</b>
@ -326,19 +345,19 @@ SMTPD(8) SMTPD(8)
tem.
<b>smtpd_helo_required</b>
Require that clients introduce themselves at the
Require that clients introduce themselves at the
beginning of an SMTP session.
<b>smtpd_helo_restrictions</b>
Restrict what client hostnames are allowed in <b>HELO</b>
Restrict what client hostnames are allowed in <b>HELO</b>
and <b>EHLO</b> commands.
<b>smtpd_sender_restrictions</b>
Restrict what sender addresses are allowed in <b>MAIL</b>
Restrict what sender addresses are allowed in <b>MAIL</b>
<b>FROM</b> commands.
<b>smtpd_recipient_restrictions</b>
Restrict what recipient addresses are allowed in
Restrict what recipient addresses are allowed in
<b>RCPT TO</b> commands.
<b>smtpd_etrn_restrictions</b>
@ -346,96 +365,96 @@ SMTPD(8) SMTPD(8)
mands, and what clients may issue <b>ETRN</b> commands.
<b>smtpd_data_restrictions</b>
Restrictions on the <b>DATA</b> command. Currently, the
only restriction that makes sense here is
Restrictions on the <b>DATA</b> command. Currently, the
only restriction that makes sense here is
<b>reject_unauth_pipelining</b>.
<b>allow_untrusted_routing</b>
Allow untrusted clients to specify addresses with
sender-specified routing. Enabling this opens up
nasty relay loopholes involving trusted backup MX
Allow untrusted clients to specify addresses with
sender-specified routing. Enabling this opens up
nasty relay loopholes involving trusted backup MX
hosts.
<b>smtpd_restriction_classes</b>
Declares the name of zero or more parameters that
contain a list of UCE restrictions. The names of
these parameters can then be used instead of the
Declares the name of zero or more parameters that
contain a list of UCE restrictions. The names of
these parameters can then be used instead of the
restriction lists that they represent.
<b>smtpd_null_access_lookup_key</b>
The lookup key to be used in SMTPD access tables
instead of the null sender address. A null sender
The lookup key to be used in SMTPD access tables
instead of the null sender address. A null sender
address cannot be looked up.
<b>maps_rbl_domains</b> (deprecated)
List of DNS domains that publish the addresses of
List of DNS domains that publish the addresses of
blacklisted hosts. This is used with the deprecated
<b>reject_maps_rbl</b> restriction.
<b>permit_mx_backup_networks</b>
Only domains whose primary MX hosts match the
listed networks are eligible for the <b>per-</b>
Only domains whose primary MX hosts match the
listed networks are eligible for the <b>per-</b>
<b>mit_mx_backup</b> feature.
<b>relay_domains</b>
Restrict what domains this mail system will relay
mail to. The domains are routed to the delivery
Restrict what domains this mail system will relay
mail to. The domains are routed to the delivery
agent specified with the <b>relay_transport</b> setting.
<b>Sender/recipient address verification</b>
Address verification is implemented by sending probe email
messages that are not actually delivered, and is enabled
via the reject_unverified_{sender,recipient} access
restriction. The status of verification probes is main-
messages that are not actually delivered, and is enabled
via the reject_unverified_{sender,recipient} access
restriction. The status of verification probes is main-
tained by the address verification service.
<b>address_verify_poll_count</b>
How many times to query the address verification
service for completion of an address verification
request. Specify 1 to implement a simple form of
greylisting, that is, always defer the request for
How many times to query the address verification
service for completion of an address verification
request. Specify 1 to implement a simple form of
greylisting, that is, always defer the request for
a new sender or recipient address.
<b>address_verify_poll_delay</b>
Time to wait after querying the address verifica-
Time to wait after querying the address verifica-
tion service for completion of an address verifica-
tion request.
<b>UCE control responses</b>
<b>access_map_reject_code</b>
Response code when a client violates an access
Response code when a client violates an access
database restriction.
<b>default_rbl_reply</b>
Default template reply when a request is RBL black-
listed. This template is used by the <b>reject_rbl_*</b>
and <b>reject_rhsbl_*</b> restrictions. See also:
listed. This template is used by the <b>reject_rbl_*</b>
and <b>reject_rhsbl_*</b> restrictions. See also:
<b>rbl_reply_maps</b> and <b>smtpd_expansion_filter</b>.
<b>defer_code</b>
Response code when a client request is rejected by
Response code when a client request is rejected by
the <b>defer</b> restriction.
<b>invalid_hostname_reject_code</b>
Response code when a client violates the
Response code when a client violates the
<b>reject_invalid_hostname</b> restriction.
<b>maps_rbl_reject_code</b>
Response code when a request is RBL blacklisted.
<b>multi_recipient_bounce_reject_code</b>
Response code when a multi-recipient bounce is
Response code when a multi-recipient bounce is
blocked.
<b>rbl_reply_maps</b>
Table with template responses for RBL blacklisted
requests, indexed by RBL domain name. These tem-
Table with template responses for RBL blacklisted
requests, indexed by RBL domain name. These tem-
plates are used by the <b>reject_rbl_*</b> and
<b>reject_rhsbl_*</b> restrictions. See also:
<b>reject_rhsbl_*</b> restrictions. See also:
<b>default_rbl_reply</b> and <b>smtpd_expansion_filter</b>.
<b>reject_code</b>
Response code when the client matches a <b>reject</b>
Response code when the client matches a <b>reject</b>
restriction.
<b>relay_domains_reject_code</b>
@ -443,7 +462,7 @@ SMTPD(8) SMTPD(8)
mail relay policy.
<b>unknown_address_reject_code</b>
Response code when a client violates the
Response code when a client violates the
<b>reject_unknown_address</b> restriction.
<b>unknown_client_reject_code</b>
@ -452,15 +471,15 @@ SMTPD(8) SMTPD(8)
tion.
<b>unknown_hostname_reject_code</b>
Response code when a client violates the
Response code when a client violates the
<b>reject_unknown_hostname</b> restriction.
<b>unverified_sender_reject_code</b>
Response code when a sender address is known to be
Response code when a sender address is known to be
undeliverable.
<b>unverified_recipient_reject_code</b>
Response code when a recipient address is known to
Response code when a recipient address is known to
be undeliverable.
<b>SEE ALSO</b>
@ -471,7 +490,7 @@ SMTPD(8) SMTPD(8)
<a href="verify.8.html">verify(8)</a> address verification service
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>

6
postfix/man/man8/smtp.8
View File

@ -225,6 +225,12 @@ Timeout for sending the message content.
Timeout for sending the "\fB.\fR" command, and for
receiving the server response. When no response is received, a
warning is logged that the mail may be delivered multiple times.
.IP \fBsmtp_defer_if_no_mx_address_found\fR
If no, bounce mail when no MX host resolves to an address
(Postfix always ignores MX hosts with equal or worse preference
than the local MTA).
If yes, keep trying until a suitable MX host resolves or until
the mail is too old.
.IP \fBsmtp_rset_timeout\fR
Timeout for sending the \fBRSET\fR command.
.IP \fBsmtp_quit_timeout\fR

19
postfix/man/man8/smtpd.8
View File

@ -154,9 +154,23 @@ anti-spoofing restriction.
.SH Miscellaneous
.ad
.fi
.IP \fBauthorized_verp_clients\fR
.IP \fBsmtpd_authorized_verp_clients\fR
Hostnames, domain names and/or addresses of clients that are
authorized to use the XVERP extension.
.IP \fBsmtpd_authorized_xaddr_clients\fR
Hostnames, domain names and/or addresses of clients that are
authorized to use the "XADDR client-address client-name" command.
This changes Postfix's
idea of the SMTP client IP address and hostname for access
control and for logging purposes.
.IP \fBsmtpd_authorized_xloginfo_clients\fR
Hostnames, domain names and/or addresses of clients that are
authorized to use the "XLOGINFO client-address client-name" command.
This changes the client
name and address that are used for logging, without affecting the
client IP address and hostname that are used for access control.
XLOGINFO is typically used to propagate remote client information
through an SMTP-based content filter to the after-filter SMTP server.
.IP \fBdebug_peer_level\fR
Increment in verbose logging level when a remote host matches a
pattern in the \fBdebug_peer_list\fR parameter.
@ -233,7 +247,8 @@ Limit the total size in bytes of a message, including on-disk
storage for envelope information.
.IP \fBqueue_minfree\fR
Minimal amount of free space in bytes in the queue file system
for the SMTP server to accept any mail at all.
for the SMTP server to accept any mail at all (default: twice
the \fBmessage_size_limit\fR value).
.IP \fBsmtpd_history_flush_threshold\fR
Flush the command history to postmaster after receipt of RSET etc.
only if the number of history lines exceeds the given threshold.

3
postfix/src/dns/dns_lookup.c
View File

@ -169,7 +169,8 @@ static int dns_query(const char *name, int type, int flags,
len = res_search((char *) name, C_IN, type, reply->buf, sizeof(reply->buf));
if (len < 0) {
if (why)
vstring_sprintf(why, "Name service error for name=%s type=%s: %s",
vstring_sprintf(why, "Host or domain name not found. "
"Name service error for name=%s type=%s: %s",
name, dns_strtype(type), dns_strerror(h_errno));
if (msg_verbose)
msg_info("dns_query: %s (%s): %s",

8
postfix/src/global/mail_addr_map.c
View File

@ -30,6 +30,8 @@
/* .IP address
/* The address to be looked up.
/* DIAGNOSTICS
/* Warnings: map lookup returns a non-address result.
/*
/* The global \fIdict_errno\fR is non-zero when the lookup
/* should be tried again.
/* SEE ALSO
@ -114,6 +116,12 @@ ARGV *mail_addr_map(MAPS *path, const char *address, int propagate)
if (msg_verbose)
for (i = 0; i < argv->argc; i++)
msg_info("%s: %s -> %d: %s", myname, address, i, argv->argv[i]);
if (argv->argc == 0) {
msg_warn("%s lookup of %s returns non-address result \"%s\"",
path->title, address, string);
argv = argv_free(argv);
dict_errno = DICT_ERR_RETRY;
}
}
/*

21
postfix/src/global/mail_params.h
View File

@ -177,7 +177,7 @@ extern bool var_disable_dns;
#define SMTP_HOST_LOOKUP_NATIVE "native"
#define VAR_SMTP_HOST_LOOKUP "smtp_host_lookup"
#define DEF_SMTP_HOST_LOOKUP SMTP_HOST_LOOKUP_DNS "," SMTP_HOST_LOOKUP_NATIVE
#define DEF_SMTP_HOST_LOOKUP SMTP_HOST_LOOKUP_DNS
extern int var_smtp_dns_lookup;
/*
@ -837,6 +837,10 @@ extern int var_smtp_pix_thresh;
#define DEF_SMTP_PIX_DELAY "10s"
extern int var_smtp_pix_delay;
#define VAR_SMTP_DEFER_MXADDR "smtp_defer_if_no_mx_address_found"
#define DEF_SMTP_DEFER_MXADDR 0
extern bool var_smtp_defer_mxaddr;
/*
* SMTP server. The soft error limit determines how many errors an SMTP
* client may make before we start to slow down; the hard error limit
@ -1558,10 +1562,21 @@ extern char *var_verp_filter;
#define DEF_VERP_BOUNCE_OFF 0
extern bool var_verp_bounce_off;
#define VAR_VERP_CLIENTS "authorized_verp_clients"
#define DEF_VERP_CLIENTS "$mynetworks"
#define VAR_VERP_CLIENTS "smtpd_authorized_verp_clients"
#define DEF_VERP_CLIENTS "$authorized_verp_clients"
extern char *var_verp_clients;
/*
* XADDR.
*/
#define VAR_XADDR_CLIENTS "smtpd_authorized_xaddr_clients"
#define DEF_XADDR_CLIENTS ""
extern char *var_xaddr_clients;
#define VAR_XLOGINFO_CLIENTS "smtpd_authorized_xloginfo_clients"
#define DEF_XLOGINFO_CLIENTS ""
extern char *var_xloginfo_clients;
/*
* Inbound mail flow control. This allows for a stiffer coupling between
* receiving mail and sending mail. A sending process produces one token for

2
postfix/src/global/mail_version.h
View File

@ -20,7 +20,7 @@
* Patches change the patchlevel and the release date. Snapshots change the
* release date only, unless they include the same bugfix as a patch release.
*/
#define MAIL_RELEASE_DATE "20030921"
#define MAIL_RELEASE_DATE "20031022"
#define VAR_MAIL_VERSION "mail_version"
#define DEF_MAIL_VERSION "2.0.16-" MAIL_RELEASE_DATE

10
postfix/src/global/maps.c
View File

@ -56,7 +56,7 @@
/* sensitive.
/* DIAGNOSTICS
/* Panic: inappropriate use; fatal errors: out of memory, unable
/* to open database.
/* to open database. Warnings: null string lookup result.
/*
/* maps_find() returns a null pointer when the requested
/* information was not found. The global \fIdict_errno\fR
@ -171,6 +171,14 @@ const char *maps_find(MAPS *maps, const char *name, int flags)
if (flags != 0 && (dict->flags & flags) == 0)
continue;
if ((expansion = dict_get(dict, name)) != 0) {
if (*expansion == 0) {
msg_warn("%s lookup of %s returns an empty string result",
maps->title, name);
msg_warn("%s should return NO RESULT in case of NOT FOUND",
maps->title);
dict_errno = DICT_ERR_RETRY;
return (0);
}
if (msg_verbose)
msg_info("%s: %s: %s: %s = %s", myname, maps->title,
*map_name, name, expansion);

4
postfix/src/local/alias.c
View File

@ -283,6 +283,10 @@ int deliver_alias(LOCAL_STATE state, USER_ATTR usr_attr,
msg_warn("mailing list \"%s\" needs an \"owner-%s\" alias",
name, name);
#endif
if (alias_count < 1)
*statusp = defer_append(BOUNCE_FLAGS(state.request),
BOUNCE_ATTR(state.msg_attr),
"no recipient in alias lookup result");
myfree(expansion);
if (owner)
myfree(owner);

4
postfix/src/master/master.c
View File

@ -323,8 +323,8 @@ int main(int argc, char **argv)
clean_env(import_env->argv);
argv_free(import_env);
if ((inherited_limit = get_file_limit()) < (off_t) INT_MAX)
set_file_limit(INT_MAX);
if ((inherited_limit = get_file_limit()) < 0)
set_file_limit(OFF_T_MAX);
if (chdir(var_queue_dir))
msg_fatal("chdir %s: %m", var_queue_dir);

12
postfix/src/smtp/smtp.c
View File

@ -76,7 +76,7 @@
/* Disable DNS lookups. This means that mail must be forwarded
/* via a smart relay host.
/* .IP \fBsmtp_host_lookup\fR
/* What host lookup mechanism the SMTP client should use.
/* What host lookup mechanism the SMTP client should use.
/* Specify \fBdns\fR (use DNS lookup) and/or \fBnative\fR
/* (use the native naming service which also uses /etc/hosts).
/* This setting is ignored when DNS lookups are disabled.
@ -209,6 +209,12 @@
/* Timeout for sending the "\fB.\fR" command, and for
/* receiving the server response. When no response is received, a
/* warning is logged that the mail may be delivered multiple times.
/* .IP \fBsmtp_defer_if_no_mx_address_found\fR
/* If no, bounce mail when no MX host resolves to an address
/* (Postfix always ignores MX hosts with equal or worse preference
/* than the local MTA).
/* If yes, keep trying until a suitable MX host resolves or until
/* the mail is too old.
/* .IP \fBsmtp_rset_timeout\fR
/* Timeout for sending the \fBRSET\fR command.
/* .IP \fBsmtp_quit_timeout\fR
@ -297,7 +303,8 @@ int var_smtp_pix_delay;
int var_smtp_line_limit;
char *var_smtp_helo_name;
char *var_smtp_host_lookup;
int var_smtp_quote_821_env;
bool var_smtp_quote_821_env;
bool var_smtp_defer_mxaddr;
/*
* Global variables. smtp_errno is set by the address lookup routines and by
@ -510,6 +517,7 @@ int main(int argc, char **argv)
VAR_SMTP_SASL_ENABLE, DEF_SMTP_SASL_ENABLE, &var_smtp_sasl_enable,
VAR_SMTP_RAND_ADDR, DEF_SMTP_RAND_ADDR, &var_smtp_rand_addr,
VAR_SMTP_QUOTE_821_ENV, DEF_SMTP_QUOTE_821_ENV, &var_smtp_quote_821_env,
VAR_SMTP_DEFER_MXADDR, DEF_SMTP_DEFER_MXADDR, &var_smtp_defer_mxaddr,
0,
};

3
postfix/src/smtp/smtp_addr.c
View File

@ -408,7 +408,8 @@ DNS_RR *smtp_domain_addr(char *name, VSTRING *why, int *found_myself)
addr_list = smtp_addr_list(mx_names, why);
dns_rr_free(mx_names);
if (addr_list == 0) {
smtp_errno = SMTP_RETRY;
if (var_smtp_defer_mxaddr)
smtp_errno = SMTP_RETRY;
msg_warn("no MX host for %s has a valid A record", name);
break;
}

10
postfix/src/smtp/smtp_proto.c
View File

@ -368,7 +368,7 @@ int smtp_xfer(SMTP_STATE *state)
int except;
int rec_type;
int prev_type = 0;
int sndbufsize;
int sndbufsize = 0;
int sndbuffree;
SOCKOPT_SIZE optlen = sizeof(sndbufsize);
int mail_from_rejected;
@ -443,6 +443,12 @@ int smtp_xfer(SMTP_STATE *state)
msg_fatal("%s: getsockopt: %m", myname);
if (sndbufsize > VSTREAM_BUFSIZE)
sndbufsize = VSTREAM_BUFSIZE;
if (sndbufsize == 0) {
sndbufsize = VSTREAM_BUFSIZE;
if (setsockopt(vstream_fileno(state->session->stream), SOL_SOCKET,
SO_SNDBUF, (char *) &sndbufsize, optlen) < 0)
msg_fatal("%s: setsockopt: %m", myname);
}
if (msg_verbose)
msg_info("Using ESMTP PIPELINING, TCP send buffer size is %d",
sndbufsize);
@ -658,7 +664,7 @@ int smtp_xfer(SMTP_STATE *state)
&& sent(DEL_REQ_TRACE_FLAGS(request->flags),
request->queue_id, rcpt->orig_addr,
rcpt->address, rcpt->offset,
session->namaddr, request->arrival_time,
session->namaddr, request->arrival_time,
"%s",
translit(resp->str, "\n", " ")) == 0) {
if (request->flags & DEL_REQ_FLAG_SUCCESS)

133
postfix/src/smtpd/smtpd.c
View File

@ -140,9 +140,23 @@
/* .SH Miscellaneous
/* .ad
/* .fi
/* .IP \fBauthorized_verp_clients\fR
/* .IP \fBsmtpd_authorized_verp_clients\fR
/* Hostnames, domain names and/or addresses of clients that are
/* authorized to use the XVERP extension.
/* .IP \fBsmtpd_authorized_xaddr_clients\fR
/* Hostnames, domain names and/or addresses of clients that are
/* authorized to use the "XADDR client-address client-name" command.
/* This changes Postfix's
/* idea of the SMTP client IP address and hostname for access
/* control and for logging purposes.
/* .IP \fBsmtpd_authorized_xloginfo_clients\fR
/* Hostnames, domain names and/or addresses of clients that are
/* authorized to use the "XLOGINFO client-address client-name" command.
/* This changes the client
/* name and address that are used for logging, without affecting the
/* client IP address and hostname that are used for access control.
/* XLOGINFO is typically used to propagate remote client information
/* through an SMTP-based content filter to the after-filter SMTP server.
/* .IP \fBdebug_peer_level\fR
/* Increment in verbose logging level when a remote host matches a
/* pattern in the \fBdebug_peer_list\fR parameter.
@ -219,7 +233,8 @@
/* storage for envelope information.
/* .IP \fBqueue_minfree\fR
/* Minimal amount of free space in bytes in the queue file system
/* for the SMTP server to accept any mail at all.
/* for the SMTP server to accept any mail at all (default: twice
/* the \fBmessage_size_limit\fR value).
/* .IP \fBsmtpd_history_flush_threshold\fR
/* Flush the command history to postmaster after receipt of RSET etc.
/* only if the number of history lines exceeds the given threshold.
@ -527,6 +542,8 @@ char *var_input_transp;
int var_smtpd_policy_tmout;
int var_smtpd_policy_idle;
int var_smtpd_policy_ttl;
char *var_xaddr_clients;
char *var_xloginfo_clients;
/*
* Silly little macros.
@ -542,6 +559,18 @@ int var_smtpd_policy_ttl;
static NAMADR_LIST *verp_clients;
/*
* XADDR command.
*/
#define XADDR_CMD "XADDR"
static NAMADR_LIST *xaddr_clients;
/*
* XLOGINFO command.
*/
static NAMADR_LIST *xloginfo_clients;
/*
* Other application-specific globals.
*/
@ -682,6 +711,10 @@ static int ehlo_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
#endif
if (namadr_list_match(verp_clients, state->name, state->addr))
smtpd_chat_reply(state, "250-%s", VERP_CMD);
if (namadr_list_match(xaddr_clients, state->name, state->addr))
smtpd_chat_reply(state, "250-%s", XADDR_CMD);
if (namadr_list_match(xloginfo_clients, state->name, state->addr))
smtpd_chat_reply(state, "250-%s", XLOGINFO_CMD);
smtpd_chat_reply(state, "250 8BITMIME");
return (0);
}
@ -759,7 +792,7 @@ static void mail_open_stream(SMTPD_STATE *state, SMTPD_TOKEN *argv,
smtpd_sasl_mail_log(state);
else
#endif
msg_info("%s: client=%s[%s]", state->queue_id, state->name, state->addr);
msg_info("%s: client=%s", state->queue_id, state->namaddr);
/*
* Record the time of arrival, the sender envelope address, some session
@ -1586,6 +1619,80 @@ static int quit_cmd(SMTPD_STATE *state, int unused_argc, SMTPD_TOKEN *unused_arg
return (0);
}
/* xaddr_cmd - process XADDR */
static int xaddr_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
{
/*
* Sanity checks.
*/
if (namadr_list_match(xaddr_clients, state->name, state->addr) == 0) {
state->error_mask |= MAIL_ERROR_POLICY;
smtpd_chat_reply(state, "554 Error: insufficient authorization");
return (-1);
}
/* Todo: "XADDR address" to let Postfix look up the client name. */
if (argc != 3
|| !valid_hostaddr(argv[1].strval, DONT_GRIPE)
|| !valid_hostname(argv[2].strval, DONT_GRIPE)) {
state->error_mask |= MAIL_ERROR_PROTOCOL;
smtpd_chat_reply(state, "501 Syntax: %s address hostname", XADDR_CMD);
return (-1);
}
/*
* Change peer information for logging and for access control. Change a
* numerical hostname into "unknown", to make it easy to extract client
* information from Received: headers.
*/
#define FIX_NUMERICAL_NAME(s) \
(valid_hostaddr((s), DONT_GRIPE) ? "unknown" : (s))
smtpd_peer_reset(state);
state->name = mystrdup(FIX_NUMERICAL_NAME(argv[2].strval));
state->addr = mystrdup(argv[1].strval);
state->namaddr =
concatenate(state->name, "[", state->addr, "]", (char *) 0);
state->peer_code = strcmp(state->name, "unknown") ? 2 : 5;
smtpd_chat_reply(state, "250 Ok");
return (0);
}
/* xloginfo_cmd - process XLOGINFO */
static int xloginfo_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
{
char *cp;
/*
* Sanity checks.
*/
if (namadr_list_match(xloginfo_clients, state->name, state->addr) == 0) {
state->error_mask |= MAIL_ERROR_POLICY;
smtpd_chat_reply(state, "554 Error: insufficient authorization");
return (-1);
}
if (argc != 3
|| !valid_hostaddr(argv[1].strval, DONT_GRIPE)
|| !valid_hostname(argv[2].strval, DONT_GRIPE)) {
state->error_mask |= MAIL_ERROR_PROTOCOL;
smtpd_chat_reply(state, "501 Syntax: %s address hostname", XLOGINFO_CMD);
return (-1);
}
/*
* Change peer information for logging but not for access control. Change
* a numerical hostname into "unknown", for consistency with XADDR.
*/
myfree(state->namaddr);
state->namaddr =
concatenate(FIX_NUMERICAL_NAME(argv[2].strval),
"[", argv[1].strval, "]", (char *) 0);
smtpd_chat_reply(state, "250 Ok");
return (0);
}
/* chat_reset - notify postmaster and reset conversation log */
static void chat_reset(SMTPD_STATE *state, int threshold)
@ -1637,6 +1744,8 @@ static SMTPD_CMD smtpd_cmd_table[] = {
"VRFY", vrfy_cmd, SMTPD_CMD_FLAG_LIMIT,
"ETRN", etrn_cmd, SMTPD_CMD_FLAG_LIMIT,
"QUIT", quit_cmd, 0,
"XADDR", xaddr_cmd, SMTPD_CMD_FLAG_LIMIT,
"XLOGINFO", xloginfo_cmd, SMTPD_CMD_FLAG_LIMIT,
"Received:", 0, SMTPD_CMD_FLAG_FORBIDDEN,
"Reply-To:", 0, SMTPD_CMD_FLAG_FORBIDDEN,
"Message-ID:", 0, SMTPD_CMD_FLAG_FORBIDDEN,
@ -1849,6 +1958,8 @@ static void pre_jail_init(char *unused_name, char **unused_argv)
*/
smtpd_noop_cmds = string_list_init(MATCH_FLAG_NONE, var_smtpd_noop_cmds);
verp_clients = namadr_list_init(MATCH_FLAG_NONE, var_verp_clients);
xaddr_clients = namadr_list_init(MATCH_FLAG_NONE, var_xaddr_clients);
xloginfo_clients = namadr_list_init(MATCH_FLAG_NONE, var_xloginfo_clients);
if (getuid() == 0 || getuid() == var_owner_uid)
smtpd_check_init();
debug_peer_init();
@ -1877,7 +1988,19 @@ static void post_jail_init(char *unused_name, char **unused_argv)
* recipient checks, address mapping, header_body_checks?.
*/
smtpd_input_transp_mask =
input_transp_mask(VAR_INPUT_TRANSP, var_input_transp);
input_transp_mask(VAR_INPUT_TRANSP, var_input_transp);
/*
* Sanity checks. The queue_minfree value should be at least as large as
* (process_limit * message_size_limit) but that is unpractical, so we
* arbitrarily pick a number and require twice the message size limit.
*/
if (var_queue_minfree > 0
&& var_message_limit > 0
&& var_queue_minfree / 2 < var_message_limit)
msg_warn("%s(%lu) should be at least 2*%s(%lu)",
VAR_QUEUE_MINFREE, (unsigned long) var_queue_minfree,
VAR_MESSAGE_LIMIT, (unsigned long) var_message_limit);
}
/* main - the main program */
@ -1965,6 +2088,8 @@ int main(int argc, char **argv)
VAR_SMTPD_PROXY_FILT, DEF_SMTPD_PROXY_FILT, &var_smtpd_proxy_filt, 0, 0,
VAR_SMTPD_PROXY_EHLO, DEF_SMTPD_PROXY_EHLO, &var_smtpd_proxy_ehlo, 0, 0,
VAR_INPUT_TRANSP, DEF_INPUT_TRANSP, &var_input_transp, 0, 0,
VAR_XADDR_CLIENTS, DEF_XADDR_CLIENTS, &var_xaddr_clients, 0, 0,
VAR_XLOGINFO_CLIENTS, DEF_XLOGINFO_CLIENTS, &var_xloginfo_clients, 0, 0,
0,
};
static CONFIG_RAW_TABLE raw_table[] = {

5
postfix/src/smtpd/smtpd.h
View File

@ -128,6 +128,11 @@ extern void smtpd_peer_reset(SMTPD_STATE *state);
*/
extern int smtpd_input_transp_mask;
/*
* XLOGINFO command.
*/
#define XLOGINFO_CMD "XLOGINFO"
/* LICENSE
/* .ad
/* .fi

24
postfix/src/smtpd/smtpd_check.c
View File

@ -233,12 +233,12 @@
/* \fImessage_size_limit\fR configuration parameter. This is a
/* permanent error.
/* .IP \(bu
/* The message would cause the available queue file system space
/* to drop below the bound specified with the \fImin_queue_free\fR
/* configuration parameter. This is a temporary error.
/* The available queue file system space is less than the amount
/* specified with the \fImin_queue_free\fR configuration parameter.
/* This is a temporary error.
/* .IP \(bu
/* The message would use up more than half the available queue file
/* system space. This is a temporary error.
/* The available queue file system space is less than twice the
/* message size limit. This is a temporary error.
/* .PP
/* smtpd_check_data() enforces generic restrictions after the
/* client has sent the DATA command.
@ -2060,6 +2060,7 @@ static int check_domain_access(SMTPD_STATE *state, const char *table,
char *next;
const char *value;
DICT *dict;
int maybe_numerical = 1;
if (msg_verbose)
msg_info("%s: %s", myname, domain);
@ -2084,6 +2085,10 @@ static int check_domain_access(SMTPD_STATE *state, const char *table,
if (dict_errno != 0)
msg_fatal("%s: table lookup problem", table);
}
/* Don't apply subdomain magic to numerical hostnames. */
if (maybe_numerical
&& (maybe_numerical = valid_hostaddr(domain, DONT_GRIPE)) != 0)
break;
if ((next = strchr(name + 1, '.')) == 0)
break;
if (access_parent_style == MATCH_FLAG_PARENT)
@ -2252,6 +2257,7 @@ static int check_server_access(SMTPD_STATE *state, const char *table,
* Check the hostnames first, then the addresses.
*/
for (server = server_list; server != 0; server = server->next) {
h_errno = 0; /* XXX */
if ((hp = gethostbyname((char *) server->data)) == 0) {
msg_warn("Unable to look up %s host %s for %s %s: %s",
dns_strtype(type), (char *) server->data,
@ -3793,17 +3799,17 @@ char *smtpd_check_size(SMTPD_STATE *state, off_t size)
"552 Message size exceeds fixed limit");
return (STR(error_text));
}
fsspace(".", &fsbuf);
if (msg_verbose)
msg_info("%s: blocks %lu avail %lu min_free %lu size %lu",
msg_info("%s: blocks %lu avail %lu min_free %lu msg_size_limit %lu",
myname,
(unsigned long) fsbuf.block_size,
(unsigned long) fsbuf.block_free,
(unsigned long) var_queue_minfree,
(unsigned long) size);
(unsigned long) var_message_limit);
if (BLOCKS(var_queue_minfree) >= fsbuf.block_free
|| BLOCKS(size) >= fsbuf.block_free - BLOCKS(var_queue_minfree)
|| BLOCKS(size) >= fsbuf.block_free / 2) {
|| BLOCKS(var_message_limit) >= fsbuf.block_free / 2) {
(void) smtpd_check_reject(state, MAIL_ERROR_RESOURCE,
"452 Insufficient system storage");
return (STR(error_text));

3
postfix/src/smtpd/smtpd_check.ref
View File

@ -55,7 +55,8 @@ OK
./smtpd_check: <queue id>: reject: HELO from foo[123.123.123.123]: 450 <foo>: Helo command rejected: Host not found; proto=SMTP helo=<foo>
450 <foo>: Helo command rejected: Host not found
>>> helo spike.porcupine.org
OK
./smtpd_check: <queue id>: reject: HELO from foo[123.123.123.123]: 554 <spike.porcupine.org>: Helo command rejected: name server spike.porcupine.org; proto=SMTP helo=<spike.porcupine.org>
554 <spike.porcupine.org>: Helo command rejected: name server spike.porcupine.org
>>> helo_restrictions permit_mynetworks,reject_unknown_client,reject_invalid_hostname,hash:./smtpd_check_access
OK
>>> helo random.bad.domain

3
postfix/src/smtpd/smtpd_check.ref2
View File

@ -55,7 +55,8 @@ OK
./smtpd_check: <queue id>: reject: HELO from foo[123.123.123.123]: 450 <foo>: Helo command rejected: Host not found; proto=SMTP helo=<foo>
450 <foo>: Helo command rejected: Host not found
>>> helo spike.porcupine.org
OK
./smtpd_check: <queue id>: reject: HELO from foo[123.123.123.123]: 554 <spike.porcupine.org>: Helo command rejected: name server spike.porcupine.org; proto=SMTP helo=<spike.porcupine.org>
554 <spike.porcupine.org>: Helo command rejected: name server spike.porcupine.org
>>> helo_restrictions permit_mynetworks,reject_unknown_client,reject_invalid_hostname,check_helo_access,hash:./smtpd_check_access
OK
>>> helo random.bad.domain

2
postfix/src/smtpd/smtpd_check.ref4
View File

@ -6,7 +6,7 @@
>>> smtpd_delay_reject 0
OK
>>> #
>>> # Test the nex access map features
>>> # Test the new access map features
>>> #
>>> sender_restrictions hash:./smtpd_check_access
OK

1
postfix/src/smtpd/smtpd_check_access
View File

@ -60,3 +60,4 @@ dunnotext@dunno.domain dunno text
topica.com reject
10.10.10.10 reject mail server 10.10.10.10
spike.porcupine.org reject name server spike.porcupine.org
241 reject class E subnet

13
postfix/src/smtpd/smtpd_exp.in
View File

@ -64,14 +64,15 @@ rcpt rname@rdomain
# Check MX access
#
helo_restrictions check_helo_mx_access,hash:smtpd_check_access
helo verisign-wildcard.com
#helo verisign-wildcard.com
helo verisign.com
helo example.tld
sender_restrictions check_sender_mx_access,hash:smtpd_check_access
mail foo@verisign-wildcard.com
mail foo@pls.net.au
#mail foo@verisign-wildcard.com
mail foo@verisign.com
recipient_restrictions check_recipient_mx_access,hash:smtpd_check_access
rcpt foo@verisign-wildcard.com
#rcpt foo@verisign-wildcard.com
rcpt foo@verisign.com
rcpt foo@1.2.3.porcupine.org
#
@ -80,14 +81,14 @@ rcpt foo@1.2.3.porcupine.org
helo_restrictions check_helo_ns_access,hash:smtpd_check_access
helo email-publisher.com
helo ns1.topica.com
helo verisign-wildcard.com
#helo verisign-wildcard.com
helo example.tld
sender_restrictions check_sender_ns_access,hash:smtpd_check_access
mail foo@email-publisher.com
mail foo@ns1.topica.com
mail foo@verisign-wildcard.com
#mail foo@verisign-wildcard.com
recipient_restrictions check_recipient_ns_access,hash:smtpd_check_access
rcpt foo@email-publisher.com
rcpt foo@ns1.topica.com
rcpt foo@verisign-wildcard.com
#rcpt foo@verisign-wildcard.com
rcpt foo@1.2.3.porcupine.org

34
postfix/src/smtpd/smtpd_exp.ref
View File

@ -114,26 +114,23 @@ OK
>>> #
>>> helo_restrictions check_helo_mx_access,hash:smtpd_check_access
OK
>>> helo verisign-wildcard.com
./smtpd_check: <queue id>: reject: HELO from spike.porcupine.org[168.100.189.2]: 554 <verisign-wildcard.com>: Helo command rejected: Verisign wild-card; from=<sname@sdomain> proto=SMTP helo=<verisign-wildcard.com>
554 <verisign-wildcard.com>: Helo command rejected: Verisign wild-card
>>> #helo verisign-wildcard.com
>>> helo verisign.com
OK
>>> helo example.tld
./smtpd_check: warning: Unable to look up MX host for example.tld
./smtpd_check: warning: Unable to look up MX host for example.tld: Host not found
OK
>>> sender_restrictions check_sender_mx_access,hash:smtpd_check_access
OK
>>> mail foo@verisign-wildcard.com
./smtpd_check: <queue id>: reject: MAIL from spike.porcupine.org[168.100.189.2]: 554 <foo@verisign-wildcard.com>: Sender address rejected: Verisign wild-card; from=<foo@verisign-wildcard.com> proto=SMTP helo=<example.tld>
554 <foo@verisign-wildcard.com>: Sender address rejected: Verisign wild-card
>>> mail foo@pls.net.au
./smtpd_check: warning: numeric domain name in resource data of MX record for pls.net.au: 203.3.110.241
OK
>>> #mail foo@verisign-wildcard.com
>>> mail foo@verisign.com
OK
>>> recipient_restrictions check_recipient_mx_access,hash:smtpd_check_access
OK
>>> rcpt foo@verisign-wildcard.com
./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.189.2]: 554 <foo@verisign-wildcard.com>: Recipient address rejected: Verisign wild-card; from=<foo@verisign.com> to=<foo@verisign-wildcard.com> proto=SMTP helo=<example.tld>
554 <foo@verisign-wildcard.com>: Recipient address rejected: Verisign wild-card
>>> #rcpt foo@verisign-wildcard.com
>>> rcpt foo@verisign.com
OK
>>> rcpt foo@1.2.3.porcupine.org
@ -150,10 +147,9 @@ OK
>>> helo ns1.topica.com
./smtpd_check: <queue id>: reject: HELO from spike.porcupine.org[168.100.189.2]: 554 <ns1.topica.com>: Helo command rejected: Access denied; from=<foo@verisign.com> proto=SMTP helo=<ns1.topica.com>
554 <ns1.topica.com>: Helo command rejected: Access denied
>>> helo verisign-wildcard.com
OK
>>> #helo verisign-wildcard.com
>>> helo example.tld
./smtpd_check: warning: Unable to look up NS host for example.tld
./smtpd_check: warning: Unable to look up NS host for example.tld: Host not found
OK
>>> sender_restrictions check_sender_ns_access,hash:smtpd_check_access
OK
@ -163,18 +159,16 @@ OK
>>> mail foo@ns1.topica.com
./smtpd_check: <queue id>: reject: MAIL from spike.porcupine.org[168.100.189.2]: 554 <foo@ns1.topica.com>: Sender address rejected: Access denied; from=<foo@ns1.topica.com> proto=SMTP helo=<example.tld>
554 <foo@ns1.topica.com>: Sender address rejected: Access denied
>>> mail foo@verisign-wildcard.com
OK
>>> #mail foo@verisign-wildcard.com
>>> recipient_restrictions check_recipient_ns_access,hash:smtpd_check_access
OK
>>> rcpt foo@email-publisher.com
./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.189.2]: 554 <foo@email-publisher.com>: Recipient address rejected: Access denied; from=<foo@verisign-wildcard.com> to=<foo@email-publisher.com> proto=SMTP helo=<example.tld>
./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.189.2]: 554 <foo@email-publisher.com>: Recipient address rejected: Access denied; from=<foo@ns1.topica.com> to=<foo@email-publisher.com> proto=SMTP helo=<example.tld>
554 <foo@email-publisher.com>: Recipient address rejected: Access denied
>>> rcpt foo@ns1.topica.com
./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.189.2]: 554 <foo@ns1.topica.com>: Recipient address rejected: Access denied; from=<foo@verisign-wildcard.com> to=<foo@ns1.topica.com> proto=SMTP helo=<example.tld>
./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.189.2]: 554 <foo@ns1.topica.com>: Recipient address rejected: Access denied; from=<foo@ns1.topica.com> to=<foo@ns1.topica.com> proto=SMTP helo=<example.tld>
554 <foo@ns1.topica.com>: Recipient address rejected: Access denied
>>> rcpt foo@verisign-wildcard.com
OK
>>> #rcpt foo@verisign-wildcard.com
>>> rcpt foo@1.2.3.porcupine.org
./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.189.2]: 554 <foo@1.2.3.porcupine.org>: Recipient address rejected: name server spike.porcupine.org; from=<foo@verisign-wildcard.com> to=<foo@1.2.3.porcupine.org> proto=SMTP helo=<example.tld>
./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.189.2]: 554 <foo@1.2.3.porcupine.org>: Recipient address rejected: name server spike.porcupine.org; from=<foo@ns1.topica.com> to=<foo@1.2.3.porcupine.org> proto=SMTP helo=<example.tld>
554 <foo@1.2.3.porcupine.org>: Recipient address rejected: name server spike.porcupine.org

2
postfix/src/smtpd/smtpd_peer.c
View File

@ -40,7 +40,7 @@
/* name->address mapping, client address not listed for hostname).
/* .RE
/* .PP
/* smtpd_peer_reset() releases memory allocate by smtpd_peer_init().
/* smtpd_peer_reset() releases memory allocated by smtpd_peer_init().
/* LICENSE
/* .ad
/* .fi

48
postfix/src/smtpd/smtpd_proxy.c
View File

@ -15,7 +15,7 @@
/* /* other fields... */
/* .in -4
/* } SMTPD_STATE;
/*
/*
/* int smtpd_proxy_open(state, service, timeout, ehlo_name, mail_from)
/* SMTPD_STATE *state;
/* const char *service;
@ -175,6 +175,8 @@ int smtpd_proxy_open(SMTPD_STATE *state, const char *service,
const char *mail_from)
{
int fd;
char *lines;
char *line;
/*
* This buffer persists beyond the end of a proxy session so we can
@ -225,6 +227,18 @@ int smtpd_proxy_open(SMTPD_STATE *state, const char *service,
return (-1);
}
/*
* Parse the EHLO reply and see if we can forward the client hostname and
* address info for logging purposes. If the command fails, then proceed.
* It is not the end of the world.
*/
lines = STR(state->proxy_buffer);
while ((line = mystrtok(&lines, "\n")) != 0)
if ((line[3] == ' ' || line[3] == '-')
&& strcmp(line + 4, XLOGINFO_CMD) == 0)
(void) smtpd_proxy_cmd(state, SMTPD_PROX_WANT_ANY, "%s %s %s",
XLOGINFO_CMD, state->addr, state->name);
/*
* Pass-through the client's MAIL FROM command. If this fails, then we
* have a problem because the proxy should always accept any MAIL FROM
@ -282,6 +296,7 @@ int smtpd_proxy_cmd(SMTPD_STATE *state, int expect, const char *fmt,...)
char *cp;
int last_char;
int err = 0;
static VSTRING *buffer = 0;
/*
* Errors first. Be prepared for delayed errors from the DATA phase.
@ -336,19 +351,32 @@ int smtpd_proxy_cmd(SMTPD_STATE *state, int expect, const char *fmt,...)
return (0);
/*
* Censor out non-printable characters in server responses and keep the
* last line of multi-line responses.
* Censor out non-printable characters in server responses and save
* complete multi-line responses if possible.
*/
VSTRING_RESET(state->proxy_buffer);
if (buffer == 0)
buffer = vstring_alloc(10);
for (;;) {
last_char = smtp_get(state->proxy_buffer, state->proxy, var_line_limit);
printable(STR(state->proxy_buffer), '?');
last_char = smtp_get(buffer, state->proxy, var_line_limit);
printable(STR(buffer), '?');
if (last_char != '\n')
msg_warn("%s: response longer than %d: %.30s...",
VSTREAM_PATH(state->proxy), var_line_limit,
STR(state->proxy_buffer));
STR(buffer));
if (msg_verbose)
msg_info("< %s: %.100s", VSTREAM_PATH(state->proxy),
STR(state->proxy_buffer));
STR(buffer));
/*
* Defend against a denial of service attack by limiting the amount
* of multi-line text that we are willing to store.
*/
if (LEN(state->proxy_buffer) < var_line_limit) {
if (VSTRING_LEN(state->proxy_buffer))
VSTRING_ADDCH(state->proxy_buffer, '\n');
vstring_strcat(state->proxy_buffer, STR(buffer));
}
/*
* Parse the response into code and text. Ignore unrecognized
@ -356,16 +384,16 @@ int smtpd_proxy_cmd(SMTPD_STATE *state, int expect, const char *fmt,...)
* line) will have the same effect as the '-' line continuation
* character.
*/
for (cp = STR(state->proxy_buffer); *cp && ISDIGIT(*cp); cp++)
for (cp = STR(buffer); *cp && ISDIGIT(*cp); cp++)
/* void */ ;
if (cp - STR(state->proxy_buffer) == 3) {
if (cp - STR(buffer) == 3) {
if (*cp == '-')
continue;
if (*cp == ' ' || *cp == 0)
break;
}
msg_warn("received garbage from proxy %s: %.100s",
VSTREAM_PATH(state->proxy), STR(state->proxy_buffer));
VSTREAM_PATH(state->proxy), STR(buffer));
}
/*

4
postfix/src/smtpd/smtpd_sasl_proto.c
View File

@ -197,8 +197,8 @@ void smtpd_sasl_mail_log(SMTPD_STATE *state)
{
#define IFELSE(e1,e2,e3) ((e1) ? (e2) : (e3))
msg_info("%s: client=%s[%s]%s%s%s%s%s%s",
state->queue_id, state->name, state->addr,
msg_info("%s: client=%s%s%s%s%s%s%s",
state->queue_id, state->namaddr,
IFELSE(state->sasl_method, ", sasl_method=", ""),
IFELSE(state->sasl_method, state->sasl_method, ""),
IFELSE(state->sasl_username, ", sasl_username=", ""),

2
postfix/src/util/attr_scan0.c
View File

@ -164,7 +164,7 @@ static int attr_scan0_string(VSTREAM *fp, VSTRING *plain_buf, const char *contex
int limit = var_line_limit * 4;
int ch;
if ((ch = vstring_get_null_bound(plain_buf, fp, limit)) == VSTREAM_EOF) {
if ((ch = vstring_get_null(plain_buf, fp)) == VSTREAM_EOF) {
msg_warn("%s on %s while reading %s",
vstream_ftimeout(fp) ? "timeout" : "premature end-of-input",
VSTREAM_PATH(fp), context);

2
postfix/src/util/attr_scan64.c
View File

@ -179,11 +179,13 @@ static int attr_scan64_string(VSTREAM *fp, VSTRING *plain_buf, const char *conte
return (-1);
}
VSTRING_ADDCH(base64_buf, ch);
#if 0
if (LEN(base64_buf) > limit) {
msg_warn("string length > %d characters from %s while reading %s",
limit, VSTREAM_PATH(fp), context);
return (-1);
}
#endif
}
VSTRING_TERMINATE(base64_buf);
if (base64_decode(plain_buf, STR(base64_buf), LEN(base64_buf)) == 0) {

2
postfix/src/util/attr_scan_plain.c
View File

@ -174,11 +174,13 @@ static int attr_scan_plain_string(VSTREAM *fp, VSTRING *plain_buf,
return (-1);
}
VSTRING_ADDCH(plain_buf, ch);
#if 0
if (LEN(plain_buf) > limit) {
msg_warn("string length > %d characters from %s while reading %s",
limit, VSTREAM_PATH(fp), context);
return (-1);
}
#endif
}
VSTRING_TERMINATE(plain_buf);

7
postfix/src/util/base64_code.c
View File

@ -41,6 +41,11 @@
#include "sys_defs.h"
#include <ctype.h>
#include <string.h>
#include <limits.h>
#ifndef UCHAR_MAX
#define UCHAR_MAX 0xff
#endif
/* Utility library. */
@ -102,7 +107,7 @@ VSTRING *base64_decode(VSTRING *result, const char *in, int len)
int ch2;
int ch3;
#define CHARS_PER_BYTE 256
#define CHARS_PER_BYTE (UCHAR_MAX + 1)
#define INVALID 0xff
/*

2
postfix/src/util/sane_connect.c
View File

@ -11,7 +11,7 @@
/* struct sockaddr *buf;
/* SOCKADDR_SIZE *len;
/* DESCRIPTION
/* sane_connect() implements the accept(2) socket call, and maps
/* sane_connect() implements the connect(2) socket call, and maps
/* known harmless error results to EAGAIN.
/* BUGS
/* Bizarre systems may have other harmless error results. Such