mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-09-01 22:55:29 +00:00
Code Issues Releases Wiki Activity

postfix-2.5-20070328

Browse Source
This commit is contained in:
Wietse Venema
2007-03-28 00:00:00 -05:00
committed by Viktor Dukhovni
parent 63e0d1546b
commit a1a5c3cc6e
87 changed files with 1741 additions and 1634 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
postfix/HISTORY
View File

@@ -13386,8 +13386,22 @@ Apologies for any names omitted.
Currently, nothing in Postfix uses this functionality. Currently, nothing in Postfix uses this functionality.
File: global/dict_proxy.c. File: global/dict_proxy.c.
20070325
Bugfix: postfix-install didn't work for symlink or hardlink
targets, when the parent directory had a value of "no".
20070326
Workaround: Eric Raymond's man page formatters don't handle
low-level *roff .in or .ti controls. We now use .nf and .fi
instead. Files: many.
Wish list: Wish list:
Remove defer(8) and trace(8) references and man pages. These
are services not program names.
Bind all deliveries to the same local delivery process, Bind all deliveries to the same local delivery process,
making Postfix perform as poorly as monolithic mailers, making Postfix perform as poorly as monolithic mailers,
but giving a possibility to eliminate duplicate deliveries. but giving a possibility to eliminate duplicate deliveries.
@@ -13398,16 +13412,9 @@ Wish list:
Need scache size limit. Need scache size limit.
Don't transform bare username into user@localdomain.localdomain
when no domain is specified via main.cf or via the machine
hostname.
Update BACKSCATTER_README to use PCRE because that's what I Update BACKSCATTER_README to use PCRE because that's what I
am using now. am using now.
Update MILTER_README with Martinec info.
http://www.ijs.si/software/amavisd/amavisd-new-docs.html#dkim
Make postcat header/body aware so people can grep headers. Make postcat header/body aware so people can grep headers.
Make postmap header/body aware so people can test multi-line Make postmap header/body aware so people can test multi-line
@@ -13490,8 +13497,6 @@ Wish list:
playing with the soft_error test in the smtp_trouble.c playing with the soft_error test in the smtp_trouble.c
module, and avoiding delivery to backup MX hosts. module, and avoiding delivery to backup MX hosts.
select -> kqueue, epoll, /dev/poll, poll() ...
In the SMTP server, set a "pipelining detected" flag at the In the SMTP server, set a "pipelining detected" flag at the
start of a session and at protocol synchronization points, start of a session and at protocol synchronization points,
so that reject_unauth_pipelining can be specified in any so that reject_unauth_pipelining can be specified in any
@@ -13512,9 +13517,6 @@ Wish list:
Privacy: remove local command/pathname details from remote Privacy: remove local command/pathname details from remote
delivery status reports, and log them via local msg_warn(). delivery status reports, and log them via local msg_warn().
Remove defer(8) and trace(8) references and man pages. These
are services not program names.
Is it safe to cache a connection after it has been used for Is it safe to cache a connection after it has been used for
more than some number of address verification probes? more than some number of address verification probes?

40
postfix/README_FILES/BACKSCATTER_README
View File

@@ -4,7 +4,11 @@ PPoossttffiixx BBaacckkssccaatttteerr HHoowwttoo
OOvveerrvviieeww OOvveerrvviieeww
This document describes features that require Postfix version 2.0 or later. This document describes features that require Postfix version 2.0 or later. The
examples use Perl Compatible Regular Expressions (Postfix pcre: tables), but
also provide a translation to POSIX regular expressions (Postfix regexp:
tables). PCRE is preferred primarily because the implementation is often
faster.
Topics covered in this document: Topics covered in this document:
@@ -97,8 +101,8 @@ To block such backscatter I use header_checks and body_checks patterns like
this: this:
/etc/postfix/main.cf: /etc/postfix/main.cf:
header_checks = regexp:/etc/postfix/header_checks header_checks = pcre:/etc/postfix/header_checks
body_checks = regexp:/etc/postfix/body_checks body_checks = pcre:/etc/postfix/body_checks
/etc/postfix/header_checks: /etc/postfix/header_checks:
if /^Received:/ if /^Received:/
@@ -107,7 +111,7 @@ this:
/^Received: +from +[^ ]+ +\(([^ ]+ +[he]+lo=|[he]+lo +) /^Received: +from +[^ ]+ +\(([^ ]+ +[he]+lo=|[he]+lo +)
(porcupine\.org)\)/ (porcupine\.org)\)/
reject forged client name in Received: header: $2 reject forged client name in Received: header: $2
/^Received:.* +by +(porcupine\.org)[[:>:]]/ /^Received:.* +by +(porcupine\.org)\b/
reject forged mail server name in Received: header: $1 reject forged mail server name in Received: header: $1
endif endif
/^Message-ID:.* <!&!/ DUNNO /^Message-ID:.* <!&!/ DUNNO
@@ -121,7 +125,7 @@ this:
/^[> ]*Received: +from +[^ ]+ +\(([^ ]+ +[he]+lo=|[he]+lo +) /^[> ]*Received: +from +[^ ]+ +\(([^ ]+ +[he]+lo=|[he]+lo +)
(porcupine\.org)\)/ (porcupine\.org)\)/
reject forged client name in Received: header: $2 reject forged client name in Received: header: $2
/^[> ]*Received:.* +by +(porcupine\.org)[[:>:]]/ /^[> ]*Received:.* +by +(porcupine\.org)\b/
reject forged mail server name in Received: header: $1 reject forged mail server name in Received: header: $1
endif endif
/^[> ]*Message-ID:.* <!&!/ DUNNO /^[> ]*Message-ID:.* <!&!/ DUNNO
@@ -130,6 +134,9 @@ this:
Notes: Notes:
* The example uses pcre: tables mainly for speed; with minor modifications,
you can use regexp: tables as explained below.
* The example is simplified for educational purposes. In reality my patterns * The example is simplified for educational purposes. In reality my patterns
list multiple domain names, as "(domain|domain|...)". list multiple domain names, as "(domain|domain|...)".
@@ -139,8 +146,9 @@ Notes:
* The "\(" and "\)" match "(" and ")" literally. Without the "\", the "(" and * The "\(" and "\)" match "(" and ")" literally. Without the "\", the "(" and
")" would be grouping operators. ")" would be grouping operators.
* The "[[:>:]]" matches the end of a word. On some systems you should specify * The "\b" is used here to match the end of a word. If you use regexp:
"\>" instead. For details see your system documentation. tables, specify "[[:>:]]" (on some systems you should specify "\>" instead;
for details see your system documentation).
* The "if /pattern/" and "endif" eliminate unnecessary matching attempts. DO * The "if /pattern/" and "endif" eliminate unnecessary matching attempts. DO
NOT indent lines starting with /pattern/ between the "if" and "endif"! NOT indent lines starting with /pattern/ between the "if" and "endif"!
@@ -202,25 +210,29 @@ the backscatter mail that I get claims to be sent from these addresses. Such
mail is obviously forged and is very easy to stop. mail is obviously forged and is very easy to stop.
/etc/postfix/main.cf: /etc/postfix/main.cf:
header_checks = regexp:/etc/postfix/header_checks header_checks = pcre:/etc/postfix/header_checks
body_checks = regexp:/etc/postfix/body_checks body_checks = pcre:/etc/postfix/body_checks
/etc/postfix/header_checks: /etc/postfix/header_checks:
/^(From|Return-Path):.*[[:<:]](user@domain\.tld)[[:>:]]/ /^(From|Return-Path):.*\b(user@domain\.tld)\b/
reject forged sender address in $1: header: $2 reject forged sender address in $1: header: $2
/etc/postfix/body_checks: /etc/postfix/body_checks:
/^[> ]*(From|Return-Path):.*[[:<:]](user@domain\.tld)[[:>:]]/ /^[> ]*(From|Return-Path):.*\b(user@domain\.tld)\b/
reject forged sender address in $1: header: $2 reject forged sender address in $1: header: $2
Notes: Notes:
* The example uses pcre: tables mainly for speed; with minor modifications,
you can use regexp: tables as explained below.
* The example is simplified for educational purposes. In reality, my patterns * The example is simplified for educational purposes. In reality, my patterns
list multiple email addresses as "(user1@domain1\.tld|user2@domain2\.tld)". list multiple email addresses as "(user1@domain1\.tld|user2@domain2\.tld)".
* The "[[:<:]]" and "[[:>:]]" match the beginning and end of a word, * The two "\b" as used in "\b(user@domain\.tld)\b" match the beginning and
respectively. On some systems you should specify "\<" and "\>" instead. For end of a word, respectively. If you use regexp: tables, specify "[[:<:]]
details see your system documentation. and [[:>:]]" (on some systems you should specify "\< and \>" instead; for
details see your system documentation).
* The "\." matches "." literally. Without the "\", the "." would match any * The "\." matches "." literally. Without the "\", the "." would match any
character. character.

1
postfix/README_FILES/INSTALL
View File

@@ -88,6 +88,7 @@ At some point in time, a version of Postfix was supported on:
Linux RedHat 3.x (January 2004) - 9.x Linux RedHat 3.x (January 2004) - 9.x
Linux Slackware 3.x, 4.x, 7.x Linux Slackware 3.x, 4.x, 7.x
Linux SuSE 5.x, 6.x, 7.x Linux SuSE 5.x, 6.x, 7.x
Linux Ubuntu 4.10..7.04
Mac OS X Mac OS X
NEXTSTEP 3.x NEXTSTEP 3.x
NetBSD 1.x NetBSD 1.x

3
postfix/README_FILES/MILTER_README
View File

@@ -443,9 +443,6 @@ NOTES:
* This was tested with sid-milter-0.2.10 and sid-milter-0.2.14. * This was tested with sid-milter-0.2.10 and sid-milter-0.2.14.
* This fixes only the ugly message header, but not the WARNING message.
Fortunately, sid-milter logs that message only once.
To fix the ugly message header with other Milter applications, you will need to To fix the ugly message header with other Milter applications, you will need to
do something like this: do something like this:

11
postfix/README_FILES/OVERVIEW
View File

@@ -209,12 +209,13 @@ queues.
Network -> smtpd(8) <-> anvil(8) Network -> smtpd(8) <-> anvil(8)
* The bounce(8), defer(8) and trace(8) servers each maintain their own queue * The bounce(8), defer(8) and trace(8) services each maintain their own queue
directory trees with per-message logfiles. This information is used to send directory trees with per-message logfiles. Postfix uses this information
delivery or non-delivery notifications to the sender. when sending "failed", "delayed" or "success" delivery status notifications
to the sender.
The trace(8) service implements support for the Postfix "sendmail -bv" and The trace(8) service also implements support for the Postfix "sendmail -bv"
"sendmail -v" commands which produce reports about how Postfix delivers and "sendmail -v" commands which produce reports about how Postfix delivers
mail, and is available with Postfix version 2.1 and later. See DEBUG_README mail, and is available with Postfix version 2.1 and later. See DEBUG_README
for examples. for examples.

176
postfix/RELEASE_NOTES
View File

@@ -1,184 +1,18 @@
The stable Postfix release is called postfix-2.3.x where 2=major The stable Postfix release is called postfix-2.4.x where 2=major
release number, 3=minor release number, x=patchlevel. The stable release number, 4=minor release number, x=patchlevel. The stable
release never changes except for patches that address bugs or release never changes except for patches that address bugs or
emergencies. Patches change the patchlevel and the release date. emergencies. Patches change the patchlevel and the release date.
New features are developed in snapshot releases. These are called New features are developed in snapshot releases. These are called
postfix-2.4-yyyymmdd where yyyymmdd is the release date (yyyy=year, postfix-2.5-yyyymmdd where yyyymmdd is the release date (yyyy=year,
mm=month, dd=day). Patches are never issued for snapshot releases; mm=month, dd=day). Patches are never issued for snapshot releases;
instead, a new snapshot is released. instead, a new snapshot is released.
The mail_release_date configuration parameter (format: yyyymmdd) The mail_release_date configuration parameter (format: yyyymmdd)
specifies the release date of a stable release or snapshot release. specifies the release date of a stable release or snapshot release.
Incompatibility with Postfix 2.2 and earlier Incompatibility with Postfix 2.3 and earlier
============================================ ============================================
If you upgrade from Postfix 2.2 or earlier, read RELEASE_NOTES-2.3 If you upgrade from Postfix 2.3 or earlier, read RELEASE_NOTES-2.4
before proceeding. before proceeding.
Incompatibility with Postfix snapshot 200702224
===============================================
As a safety measure, Postfix now by default creates mailbox dotlock
files on all systems. This prevents problems with GNU POP3D which
subverts kernel locking by creating a new mailbox file and deleting
the old one.
Major changes with Postfix snapshot 20070212-event
==================================================
Better support for systems that run thousands of Postfix processes.
Postfix now supports FreeBSD kqueue(2), Solaris poll(7d) and Linux
epoll(4) as more scalable alternatives to the traditional select(2)
system call, and uses poll(2) when examining a single file descriptor
for readability or writability. These features are supported on
sufficiently recent versions of FreeBSD, NetBSD, OpenBSD, Solaris
and Linux; support for other systems will be added as evidence
becomes available that usable implementations exist.
Incompatibility with Postfix snapshot 20070201
==============================================
Some default settings have been adjusted to better match contemporary
requirements:
- queue_run_delay and minimal_backoff_time were reduced from 1000s
to 300s so that deliveries are retried earlier after the first
failure.
- ipc_idle was reduced from 100s to 5s, so that tlsmgr and scache
clients will more quickly release unused file handles.
Major changes with Postfix snapshot 20070121
============================================
The support for Milter header modification requests was revised.
With minimal change in the on-disk representation, the code was
greatly simplified, and regression tests were updated to ensure
that old errors were not re-introduced. The queue file format is
entirely backwards compatible with Postfix 2.3.
Incompatible changes with Postfix snapshot 20070116
===================================================
A new field is added to the queue file "size" record that specifies
the message content length. Postfix 2.3 and older Postfix 2.4
versions will ignore this field, and will report the message size
as it was before the body was replaced.
Major changes with Postfix snapshot 20070116
============================================
Support for Milter requests to replace the message body. Postfix
now implements all the header/body modification requests that are
available with Sendmail 8.13.
Incompatible changes with Postfix snapshot 20061217
===================================================
Postfix no longer requires a domain name. It uses "localdomain" as
the default Internet domain name when no domain is specified via
main.cf or via the machine's hostname.
Major changes with Postfix snapshot 20061217
============================================
More precise queue flushing with the ETRN, "postqueue -s site", and
"sendmail -qRsite" commands, after minimization of race conditions.
New per-queue-file flushing with "postqueue -i queueid" and "sendmail
-qIqueueid".
Incompatible changes with Postfix snapshot 20061214
===================================================
The check_smtpd_policy client sends TLS certificate attributes
(client ccert_subject, ccert_issuer) only after successful client
certificate verification. The reason is that the certification
verification status itself is not available in the policy request.
The check_smtpd_policy client sends TLS certificate fingerprint
information even when the certificate itself was not verified.
The remote SMTP client TLS certificate fingerprint can be used for
access control even when the certificate itself was not verified.
Incompatible changes with Postfix snapshot 20061209
===================================================
The Postfix installation procedure no longer updates main.cf with
"unknown_local_recipient_reject_code = 450". Four years after the
introduction of mandatory recipient validation, this transitional
tool is no longer neeed.
After upgrading Postfix you MUST execute "postfix reload", otherwise
the queue manager may log a warnings with:
warning: connect to transport retry: Connection refused
The upgrade procedure adds a new "retry" service to the master.cf
file. If you make the mistake of copying old Postfix configuration
files over the new files, the queue manager may log warnings with:
warning: connect to transport retry: Connection refused
To fix your master.cf file, use "postfix upgrade-configuration"
followed by "postfix reload".
Small changes were made to the default bounce message templates,
to prevent HTML-aware software from hiding or removing the text
"<postmaster>", and producing misleading text.
Major changes with Postfix snapshot 20061209
============================================
Better interoperability with non-conforming SMTP servers that reply
and disconnect before Postfix has sent the complete message content.
Improved worst-case (old and new) queue manager performance when
deferring or bouncing large amounts of mail. Instead of talking to
the bounce or defer service synchronously, this work is now done
in the background by the error or retry service.
Improved worst-case (new) queue manager performance when delivering
multi-recipient mail. The queue manager now proactively reads
recipients from the queue file, instead of waiting for the slowest
deliveries to complete before reading in new recipients. This
introduces two parameters: default_recipient_refill_limit (how many
recipient slots to refill at a time) and default_recipient_refill_delay
(how long to wait between refill operations). These two parameters
act as defaults for optional per-transport settings.
Better support for queue file systems on file servers with drifting
clocks. Clock skew can be a problem, because Postfix does not deliver
mail until the local clock catches up with the queue file's last
modification time stamp. On systems with usable futimes() or
equivalent (Solaris, *BSD, MacOS, but not Linux), Postfix now always
explicitly sets the queue file last modification time stamps while
creating a queue file. On systems without usable futimes() (Linux,
and ancient versions of Solaris, SunOS and *BSD) Postfix keeps using
the slower utime() system call to update queue file time stamps
when the file system clock is off with respect to the local system
clock, and logs a warning.
Incompatible changes with Postfix snapshot 20061006
===================================================
The format of SMTP server TLS session cache lookup keys has changed.
The lookup key now includes the master.cf service name.
Major changes with Postfix snapshot 20061006
============================================
Individual CISCO PIX bug workarounds are now on/off configurable.
This introduces new parameters: smtp_pix_workarounds (default:
disable_esmtp, delay_dotcrlf) and smtp_pix_workaround_maps (workarounds
indexed by server IP address). The default settings are backwards
compatible.
Incompatible changes with Postfix snapshot 20060806
===================================================
Postfix no longer announces its name in delivery status notifications.
Users believe that Wietse provides a free help desk service that
solves all their email problems.

0
postfix/RELEASE_NOTES_2.3 → postfix/RELEASE_NOTES-2.3
View File

198
postfix/RELEASE_NOTES-2.4 Normal file
View File

@@ -0,0 +1,198 @@
The stable Postfix release is called postfix-2.4.x where 2=major
release number, 4=minor release number, x=patchlevel. The stable
release never changes except for patches that address bugs or
emergencies. Patches change the patchlevel and the release date.
New features are developed in snapshot releases. These are called
postfix-2.5-yyyymmdd where yyyymmdd is the release date (yyyy=year,
mm=month, dd=day). Patches are never issued for snapshot releases;
instead, a new snapshot is released.
The mail_release_date configuration parameter (format: yyyymmdd)
specifies the release date of a stable release or snapshot release.
Major changes - critical
------------------------
See RELEASE_NOTES-2.3 if you upgrade from Postfix 2.2 or earlier.
[Incompat 20070122] To take advantage of the new support for BSD
kqueue, Linux epoll, or Solaris /dev/poll, you must restart (not
reload) Postfix after upgrading from Postfix 2.3.
[Incompat 20061209] If you upgrade Postfix without restarting, you
MUST execute "postfix reload", otherwise the queue manager may log
a warnings with:
warning: connect to transport retry: Connection refused
[Incompat 20061209] The upgrade procedure adds a new "retry" service
to the master.cf file. If you make the mistake of copying old
Postfix configuration files over the new files, the queue manager
may log warnings with:
warning: connect to transport retry: Connection refused
To fix your master.cf file, use "postfix upgrade-configuration"
followed by "postfix reload".
Major changes - safety
----------------------
[Incompat 20070222] As a safety measure, Postfix now by default
creates mailbox dotlock files on all systems. This prevents problems
with GNU POP3D which subverts kernel locking by creating a new
mailbox file and deleting the old one.
Major changes - Milter support
------------------------------
[Feature 20070121] The support for Milter header modification
requests was revised. With minimal change in the on-disk representation,
the code was greatly simplified, and regression tests were updated
to ensure that old errors were not re-introduced. The queue file
format is entirely backwards compatible with Postfix 2.3.
[Feature 20070116] Support for Milter requests to replace the message
body. Postfix now implements all the header/body modification
requests that are available with Sendmail 8.13.
[Incompat 20070116] A new field is added to the queue file "size"
record that specifies the message content length. Postfix 2.3 and
older Postfix 2.4 snapshots will ignore this field, and will report
the message size as it was before the body was replaced.
Major changes - TLS support
---------------------------
[Incompat 20061214] The check_smtpd_policy client sends TLS certificate
attributes (client ccert_subject, ccert_issuer) only after successful
client certificate verification. The reason is that the certification
verification status itself is not available in the policy request.
[Incompat 20061214] The check_smtpd_policy client sends TLS certificate
fingerprint information even when the certificate itself was not
verified.
[Incompat 20061214] The remote SMTP client TLS certificate fingerprint
can be used for access control even when the certificate itself was
not verified.
[Incompat 20061006] The format of SMTP server TLS session cache
lookup keys has changed. The lookup key now includes the master.cf
service name.
Major changes - performance
---------------------------
[Feature 20070212] Better support for systems that run thousands
of Postfix processes. Postfix now supports FreeBSD kqueue(2),
Solaris poll(7d) and Linux epoll(4) as more scalable alternatives
to the traditional select(2) system call, and uses poll(2) when
examining a single file descriptor for readability or writability.
These features are supported on sufficiently recent versions of
FreeBSD, NetBSD, OpenBSD, Solaris and Linux; support for other
systems will be added as evidence becomes available that usable
implementations exist.
[Incompat 20070201] Some default settings have been adjusted to
better match contemporary requirements:
- queue_run_delay and minimal_backoff_time were reduced from 1000s
to 300s so that deliveries are retried earlier after the first
failure.
- ipc_idle was reduced from 100s to 5s, so that tlsmgr and scache
clients will more quickly release unused file handles.
[Feature 20061209] Improved worst-case (old and new) queue manager
performance when deferring or bouncing large amounts of mail. Instead
of talking to the bounce or defer service synchronously, this work
is now done in the background by the error or retry service.
[Feature 20061209] Improved worst-case (new) queue manager performance
when delivering multi-recipient mail. The queue manager now proactively
reads recipients from the queue file, instead of waiting for the
slowest deliveries to complete before reading in new recipients.
This introduces two parameters: default_recipient_refill_limit (how
many recipient slots to refill at a time) and
default_recipient_refill_delay (how long to wait between refill
operations). These two parameters act as defaults for optional
per-transport settings.
Major changes - delivery status notifications
---------------------------------------------
[Incompat 20061209] Small changes were made to the default bounce
message templates, to prevent HTML-aware software from hiding or
removing the text "<postmaster>", and producing misleading text.
[Incompat 20060806] Postfix no longer announces its name in delivery
status notifications. Users believe that Wietse provides a free
help desk service that solves all their email problems.
Major changes - ETRN support
----------------------------
[Feature 20061217] More precise queue flushing with the ETRN,
"postqueue -s site", and "sendmail -qRsite" commands, after
minimization of race conditions. New per-queue-file flushing with
"postqueue -i queueid" and "sendmail -qIqueueid".
Major changes - small office/home office support
------------------------------------------------
[Incompat 20061217] Postfix no longer requires a domain name. It
uses "localdomain" as the default Internet domain name when no
domain is specified via main.cf or via the machine's hostname.
Major changes - SMTP access control
-----------------------------------
[Incompat 20061214] The check_smtpd_policy client sends TLS certificate
attributes (client ccert_subject, ccert_issuer) only after successful
client certificate verification. The reason is that the certification
verification status itself is not available in the policy request.
[Incompat 20061214] The check_smtpd_policy client sends TLS certificate
fingerprint information even when the certificate itself was not
verified.
[Incompat 20061214] The remote SMTP client TLS certificate fingerprint
can be used for
access control even when the certificate itself was not verified.
[Incompat 20061209] The Postfix installation procedure no longer
updates main.cf with "unknown_local_recipient_reject_code = 450".
Four years after the introduction of mandatory recipient validation,
this transitional tool is no longer neeed.
Major changes - workarounds
---------------------------
[Incompat 20070222] As a safety measure, Postfix now by default
creates mailbox dotlock files on all systems. This prevents problems
with GNU POP3D which subverts kernel locking by creating a new
mailbox file and deleting the old one.
[Feature 20061209] Better interoperability with non-conforming SMTP
servers that reply and disconnect before Postfix has sent the
complete message content.
[Feature 20061209] Better support for queue file systems on file
servers with drifting clocks. Clock skew can be a problem, because
Postfix does not deliver mail until the local clock catches up with
the queue file's last modification time stamp. On systems with
usable futimes() or equivalent (Solaris, *BSD, MacOS, but not Linux),
Postfix now always explicitly sets the queue file last modification
time stamps while creating a queue file. On systems without usable
futimes() (Linux, and ancient versions of Solaris, SunOS and *BSD)
Postfix keeps using the slower utime() system call to update queue
file time stamps when the file system clock is off with respect to
the local system clock, and logs a warning.
[Feature 20061006] Individual CISCO PIX bug workarounds are now
on/off configurable. This introduces new parameters: smtp_pix_workarounds
(default: disable_esmtp, delay_dotcrlf) and smtp_pix_workaround_maps
(workarounds indexed by server IP address). The default settings
are backwards compatible.

8
postfix/conf/access
View File

@@ -382,11 +382,11 @@
# 1.2.3 REJECT # 1.2.3 REJECT
# 1.2.3.4 OK # 1.2.3.4 OK
# #
# Execute the command "postmap /etc/postfix/access" after # Execute the command "postmap /etc/postfix/access" after
# editing the file. # editing the file.
# #
# BUGS # BUGS
# The table format does not understand quoting conventions. # The table format does not understand quoting conventions.
# #
# SEE ALSO # SEE ALSO
# postmap(1), Postfix lookup table manager # postmap(1), Postfix lookup table manager
@@ -395,13 +395,13 @@
# transport(5), transport:nexthop syntax # transport(5), transport:nexthop syntax
# #
# README FILES # README FILES
# Use "postconf readme_directory" or "postconf html_direc- # Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information. # tory" to locate this information.
# SMTPD_ACCESS_README, built-in SMTP server access control # SMTPD_ACCESS_README, built-in SMTP server access control
# DATABASE_README, Postfix lookup table overview # DATABASE_README, Postfix lookup table overview
# #
# LICENSE # LICENSE
# The Secure Mailer license must be distributed with this # The Secure Mailer license must be distributed with this
# software. # software.
# #
# AUTHOR(S) # AUTHOR(S)

6
postfix/conf/canonical
View File

@@ -111,8 +111,10 @@
# applied to recipient addresses, the Postfix SMTP # applied to recipient addresses, the Postfix SMTP
# server accepts mail for any recipient in domain, # server accepts mail for any recipient in domain,
# regardless of whether that recipient exists. This # regardless of whether that recipient exists. This
# may turn your mail system into a backscatter source # may turn your mail system into a backscatter
# that returns undeliverable spam to innocent people. # source: Postfix first accepts mail for non-existent
# recipients and then tries to return that mail as
# "undeliverable" to the often forged sender address.
# #
# RESULT ADDRESS REWRITING # RESULT ADDRESS REWRITING
# The lookup result is subject to address rewriting: # The lookup result is subject to address rewriting:

8
postfix/conf/generic
View File

@@ -155,12 +155,12 @@
# that the ISP supports "+" style address extensions). # that the ISP supports "+" style address extensions).
# #
# /etc/postfix/main.cf: # /etc/postfix/main.cf:
# smtp_generic_maps = hash:/etc/postfix/generic # smtp_generic_maps = hash:/etc/postfix/generic
# #
# /etc/postfix/generic: # /etc/postfix/generic:
# his@localdomain.local hisaccount@hisisp.example # his@localdomain.local hisaccount@hisisp.example
# her@localdomain.local heraccount@herisp.example # her@localdomain.local heraccount@herisp.example
# @localdomain.local hisaccount+local@hisisp.example # @localdomain.local hisaccount+local@hisisp.example
# #
# Execute the command "postmap /etc/postfix/generic" when- # Execute the command "postmap /etc/postfix/generic" when-
# ever the table is changed. Instead of hash, some systems # ever the table is changed. Instead of hash, some systems

203
postfix/conf/header_checks
View File

@@ -66,70 +66,75 @@
# time, even when a message header spans multiple lines. # time, even when a message header spans multiple lines.
# Body lines are always examined one line at a time. # Body lines are always examined one line at a time.
# #
# COMPATIBILITY
# With Postfix version 2.2 and earlier specify "postmap -fq"
# to query a table that contains case sensitive patterns. By
# default, regexp: and pcre: patterns are case insensitive.
#
# TABLE FORMAT # TABLE FORMAT
# This document assumes that header and body_checks rules # This document assumes that header and body_checks rules
# are specified in the form of Postfix regular expression # are specified in the form of Postfix regular expression
# lookup tables. Usually the best performance is obtained # lookup tables. Usually the best performance is obtained
# with pcre (Perl Compatible Regular Expression) tables, but # with pcre (Perl Compatible Regular Expression) tables, but
# the slower regexp (POSIX regular expressions) support is # the slower regexp (POSIX regular expressions) support is
# more widely available. Use the command "postconf -m" to # more widely available. Use the command "postconf -m" to
# find out what lookup table types your Postfix system sup- # find out what lookup table types your Postfix system sup-
# ports. # ports.
# #
# The general format of Postfix regular expression tables is # The general format of Postfix regular expression tables is
# given below. For a discussion of specific pattern or # given below. For a discussion of specific pattern or
# flags syntax, see pcre_table(5) or regexp_table(5), # flags syntax, see pcre_table(5) or regexp_table(5),
# respectively. # respectively.
# #
# /pattern/flags action # /pattern/flags action
# When pattern matches the input string, execute the # When pattern matches the input string, execute the
# corresponding action. See below for a list of pos- # corresponding action. See below for a list of pos-
# sible actions. # sible actions.
# #
# !/pattern/flags action # !/pattern/flags action
# When pattern does not match the input string, exe- # When pattern does not match the input string, exe-
# cute the corresponding action. # cute the corresponding action.
# #
# if /pattern/flags # if /pattern/flags
# #
# endif Match the input string against the patterns between # endif Match the input string against the patterns between
# if and endif, if and only if the same input string # if and endif, if and only if the same input string
# also matches pattern. The if..endif can nest. # also matches pattern. The if..endif can nest.
# #
# Note: do not prepend whitespace to patterns inside # Note: do not prepend whitespace to patterns inside
# if..endif. # if..endif.
# #
# if !/pattern/flags # if !/pattern/flags
# #
# endif Match the input string against the patterns between # endif Match the input string against the patterns between
# if and endif, if and only if the same input string # if and endif, if and only if the same input string
# does not match pattern. The if..endif can nest. # does not match pattern. The if..endif can nest.
# #
# blank lines and comments # blank lines and comments
# Empty lines and whitespace-only lines are ignored, # Empty lines and whitespace-only lines are ignored,
# as are lines whose first non-whitespace character # as are lines whose first non-whitespace character
# is a `#'. # is a `#'.
# #
# multi-line text # multi-line text
# A pattern/action line starts with non-whitespace # A pattern/action line starts with non-whitespace
# text. A line that starts with whitespace continues # text. A line that starts with whitespace continues
# a logical line. # a logical line.
# #
# TABLE SEARCH ORDER # TABLE SEARCH ORDER
# For each line of message input, the patterns are applied # For each line of message input, the patterns are applied
# in the order as specified in the table. When a pattern is # in the order as specified in the table. When a pattern is
# found that matches the input line, the corresponding # found that matches the input line, the corresponding
# action is executed and then the next input line is # action is executed and then the next input line is
# inspected. # inspected.
# #
# TEXT SUBSTITUTION # TEXT SUBSTITUTION
# Substitution of substrings from the matched expression # Substitution of substrings from the matched expression
# into the action string is possible using the conventional # into the action string is possible using the conventional
# Perl syntax ($1, $2, etc.). The macros in the result # Perl syntax ($1, $2, etc.). The macros in the result
# string may need to be written as ${n} or $(n) if they # string may need to be written as ${n} or $(n) if they
# aren't followed by whitespace. # aren't followed by whitespace.
# #
# Note: since negated patterns (those preceded by !) return # Note: since negated patterns (those preceded by !) return
# a result when the expression does not match, substitutions # a result when the expression does not match, substitutions
# are not available for negated patterns. # are not available for negated patterns.
# #
@@ -138,12 +143,12 @@
# case for consistency with other Postfix documentation. # case for consistency with other Postfix documentation.
# #
# DISCARD optional text... # DISCARD optional text...
# Claim successful delivery and silently discard the # Claim successful delivery and silently discard the
# message. Log the optional text if specified, oth- # message. Log the optional text if specified, oth-
# erwise log a generic message. # erwise log a generic message.
# #
# Note: this action disables further header or # Note: this action disables further header or
# body_checks inspection of the current message and # body_checks inspection of the current message and
# affects all recipients. To discard only one recip- # affects all recipients. To discard only one recip-
# ient without discarding the entire message, use the # ient without discarding the entire message, use the
# transport(5) table to direct mail to the discard(8) # transport(5) table to direct mail to the discard(8)
@@ -151,49 +156,49 @@
# #
# This feature is available in Postfix 2.0 and later. # This feature is available in Postfix 2.0 and later.
# #
# DUNNO Pretend that the input line did not match any pat- # DUNNO Pretend that the input line did not match any pat-
# tern, and inspect the next input line. This action # tern, and inspect the next input line. This action
# can be used to shorten the table search. # can be used to shorten the table search.
# #
# For backwards compatibility reasons, Postfix also # For backwards compatibility reasons, Postfix also
# accepts OK but it is (and always has been) treated # accepts OK but it is (and always has been) treated
# as DUNNO. # as DUNNO.
# #
# This feature is available in Postfix 2.1 and later. # This feature is available in Postfix 2.1 and later.
# #
# FILTER transport:destination # FILTER transport:destination
# Write a content filter request to the queue file, # Write a content filter request to the queue file,
# and inspect the next input line. After the com- # and inspect the next input line. After the com-
# plete message is received it will be sent through # plete message is received it will be sent through
# the specified external content filter. More infor- # the specified external content filter. More infor-
# mation about external content filters is in the # mation about external content filters is in the
# Postfix FILTER_README file. # Postfix FILTER_README file.
# #
# Note: this action overrides the content_filter set- # Note: this action overrides the content_filter set-
# ting, and affects all recipients of the message. In # ting, and affects all recipients of the message. In
# the case that multiple FILTER actions fire, only # the case that multiple FILTER actions fire, only
# the last one is executed. # the last one is executed.
# #
# This feature is available in Postfix 2.0 and later. # This feature is available in Postfix 2.0 and later.
# #
# HOLD optional text... # HOLD optional text...
# Arrange for the message to be placed on the hold # Arrange for the message to be placed on the hold
# queue, and inspect the next input line. The mes- # queue, and inspect the next input line. The mes-
# sage remains on hold until someone either deletes # sage remains on hold until someone either deletes
# it or releases it for delivery. Log the optional # it or releases it for delivery. Log the optional
# text if specified, otherwise log a generic message. # text if specified, otherwise log a generic message.
# #
# Mail that is placed on hold can be examined with # Mail that is placed on hold can be examined with
# the postcat(1) command, and can be destroyed or # the postcat(1) command, and can be destroyed or
# released with the postsuper(1) command. # released with the postsuper(1) command.
# #
# Note: use "postsuper -r" to release mail that was # Note: use "postsuper -r" to release mail that was
# kept on hold for a significant fraction of $maxi- # kept on hold for a significant fraction of $maxi-
# mal_queue_lifetime or $bounce_queue_lifetime, or # mal_queue_lifetime or $bounce_queue_lifetime, or
# longer. Use "postsuper -H" only for mail that will # longer. Use "postsuper -H" only for mail that will
# not expire within a few delivery attempts. # not expire within a few delivery attempts.
# #
# Note: this action affects all recipients of the # Note: this action affects all recipients of the
# message. # message.
# #
# This feature is available in Postfix 2.0 and later. # This feature is available in Postfix 2.0 and later.
@@ -202,23 +207,23 @@
# the next input line. # the next input line.
# #
# PREPEND text... # PREPEND text...
# Prepend one line with the specified text, and # Prepend one line with the specified text, and
# inspect the next input line. # inspect the next input line.
# #
# Notes: # Notes:
# #
# o The prepended text is output on a separate # o The prepended text is output on a separate
# line, immediately before the input that # line, immediately before the input that
# triggered the PREPEND action. # triggered the PREPEND action.
# #
# o The prepended text is not considered part of # o The prepended text is not considered part of
# the input stream: it is not subject to # the input stream: it is not subject to
# header/body checks or address rewriting, and # header/body checks or address rewriting, and
# it does not affect the way that Postfix adds # it does not affect the way that Postfix adds
# missing message headers. # missing message headers.
# #
# o When prepending text before a message header # o When prepending text before a message header
# line, the prepended text must begin with a # line, the prepended text must begin with a
# valid message header label. # valid message header label.
# #
# o This action cannot be used to prepend multi- # o This action cannot be used to prepend multi-
@@ -227,46 +232,46 @@
# This feature is available in Postfix 2.1 and later. # This feature is available in Postfix 2.1 and later.
# #
# REDIRECT user@domain # REDIRECT user@domain
# Write a message redirection request to the queue # Write a message redirection request to the queue
# file, and inspect the next input line. After the # file, and inspect the next input line. After the
# message is queued, it will be sent to the specified # message is queued, it will be sent to the specified
# address instead of the intended recipient(s). # address instead of the intended recipient(s).
# #
# Note: this action overrides the FILTER action, and # Note: this action overrides the FILTER action, and
# affects all recipients of the message. If multiple # affects all recipients of the message. If multiple
# REDIRECT actions fire, only the last one is exe- # REDIRECT actions fire, only the last one is exe-
# cuted. # cuted.
# #
# This feature is available in Postfix 2.1 and later. # This feature is available in Postfix 2.1 and later.
# #
# REPLACE text... # REPLACE text...
# Replace the current line with the specified text, # Replace the current line with the specified text,
# and inspect the next input line. # and inspect the next input line.
# #
# This feature is available in Postfix 2.2 and later. # This feature is available in Postfix 2.2 and later.
# The description below applies to Postfix 2.2.2 and # The description below applies to Postfix 2.2.2 and
# later. # later.
# #
# Notes: # Notes:
# #
# o When replacing a message header line, the # o When replacing a message header line, the
# replacement text must begin with a valid # replacement text must begin with a valid
# header label. # header label.
# #
# o The replaced text remains part of the input # o The replaced text remains part of the input
# stream. Unlike the result from the PREPEND # stream. Unlike the result from the PREPEND
# action, a replaced message header may be # action, a replaced message header may be
# subject to address rewriting and may affect # subject to address rewriting and may affect
# the way that Postfix adds missing message # the way that Postfix adds missing message
# headers. # headers.
# #
# REJECT optional text... # REJECT optional text...
# Reject the entire message. Reply with optional # Reject the entire message. Reply with optional
# text... when the optional text is specified, other- # text... when the optional text is specified, other-
# wise reply with a generic error message. # wise reply with a generic error message.
# #
# Note: this action disables further header or # Note: this action disables further header or
# body_checks inspection of the current message and # body_checks inspection of the current message and
# affects all recipients. # affects all recipients.
# #
# Postfix version 2.3 and later support enhanced sta- # Postfix version 2.3 and later support enhanced sta-
@@ -275,32 +280,32 @@
# enhanced status code of "5.7.1". # enhanced status code of "5.7.1".
# #
# WARN optional text... # WARN optional text...
# Log a warning with the optional text... (or log a # Log a warning with the optional text... (or log a
# generic message), and inspect the next input line. # generic message), and inspect the next input line.
# This action is useful for debugging and for testing # This action is useful for debugging and for testing
# a pattern before applying more drastic actions. # a pattern before applying more drastic actions.
# #
# BUGS # BUGS
# Many people overlook the main limitations of header and # Many people overlook the main limitations of header and
# body_checks rules. # body_checks rules.
# #
# o These rules operate on one logical message header # o These rules operate on one logical message header
# or one body line at a time. A decision made for one # or one body line at a time. A decision made for one
# line is not carried over to the next line. # line is not carried over to the next line.
# #
# o If text in the message body is encoded (RFC 2045) # o If text in the message body is encoded (RFC 2045)
# then the rules have to specified for the encoded # then the rules need to be specified for the encoded
# form. # form.
# #
# o Likewise, when message headers are encoded (RFC # o Likewise, when message headers are encoded (RFC
# 2047) then the rules need to be specified for the # 2047) then the rules need to be specified for the
# encoded form. # encoded form.
# #
# Message headers added by the cleanup(8) daemon itself are # Message headers added by the cleanup(8) daemon itself are
# excluded from inspection. Examples of such message headers # excluded from inspection. Examples of such message headers
# are From:, To:, Message-ID:, Date:. # are From:, To:, Message-ID:, Date:.
# #
# Message headers deleted by the cleanup(8) daemon will be # Message headers deleted by the cleanup(8) daemon will be
# examined before they are deleted. Examples are: Bcc:, Con- # examined before they are deleted. Examples are: Bcc:, Con-
# tent-Length:, Return-Path:. # tent-Length:, Return-Path:.
# #
@@ -308,11 +313,11 @@
# body_checks # body_checks
# Lookup tables with content filter rules for message # Lookup tables with content filter rules for message
# body lines. These filters see one physical line at # body lines. These filters see one physical line at
# a time, in chunks of at most $line_length_limit # a time, in chunks of at most $line_length_limit
# bytes. # bytes.
# #
# body_checks_size_limit # body_checks_size_limit
# The amount of content per message body segment # The amount of content per message body segment
# (attachment) that is subjected to $body_checks fil- # (attachment) that is subjected to $body_checks fil-
# tering. # tering.
# #
@@ -322,32 +327,32 @@
# #
# nested_header_checks (default: $header_checks) # nested_header_checks (default: $header_checks)
# Lookup tables with content filter rules for message # Lookup tables with content filter rules for message
# header lines: respectively, these are applied to # header lines: respectively, these are applied to
# the initial message headers (not including MIME # the initial message headers (not including MIME
# headers), to the MIME headers anywhere in the mes- # headers), to the MIME headers anywhere in the mes-
# sage, and to the initial headers of attached mes- # sage, and to the initial headers of attached mes-
# sages. # sages.
# #
# Note: these filters see one logical message header # Note: these filters see one logical message header
# at a time, even when a message header spans multi- # at a time, even when a message header spans multi-
# ple lines. Message headers that are longer than # ple lines. Message headers that are longer than
# $header_size_limit characters are truncated. # $header_size_limit characters are truncated.
# #
# disable_mime_input_processing # disable_mime_input_processing
# While receiving mail, give no special treatment to # While receiving mail, give no special treatment to
# MIME related message headers; all text after the # MIME related message headers; all text after the
# initial message headers is considered to be part of # initial message headers is considered to be part of
# the message body. This means that header_checks is # the message body. This means that header_checks is
# applied to all the initial message headers, and # applied to all the initial message headers, and
# that body_checks is applied to the remainder of the # that body_checks is applied to the remainder of the
# message. # message.
# #
# Note: when used in this manner, body_checks will # Note: when used in this manner, body_checks will
# process a multi-line message header one line at a # process a multi-line message header one line at a
# time. # time.
# #
# EXAMPLES # EXAMPLES
# Header pattern to block attachments with bad file name # Header pattern to block attachments with bad file name
# extensions. # extensions.
# #
# /etc/postfix/main.cf: # /etc/postfix/main.cf:
@@ -379,7 +384,7 @@
# RFC 2047, message header encoding for non-ASCII text # RFC 2047, message header encoding for non-ASCII text
# #
# README FILES # README FILES
# Use "postconf readme_directory" or "postconf html_direc- # Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information. # tory" to locate this information.
# DATABASE_README, Postfix lookup table overview # DATABASE_README, Postfix lookup table overview
# CONTENT_INSPECTION_README, Postfix content inspection overview # CONTENT_INSPECTION_README, Postfix content inspection overview
@@ -387,7 +392,7 @@
# BACKSCATTER_README, blocking returned forged mail # BACKSCATTER_README, blocking returned forged mail
# #
# LICENSE # LICENSE
# The Secure Mailer license must be distributed with this # The Secure Mailer license must be distributed with this
# software. # software.
# #
# AUTHOR(S) # AUTHOR(S)

2
postfix/conf/relocated
View File

@@ -41,7 +41,9 @@
# The input format for the postmap(1) command is as follows: # The input format for the postmap(1) command is as follows:
# #
# o An entry has one of the following form: # o An entry has one of the following form:
#
# pattern new_location # pattern new_location
#
# Where new_location specifies contact information # Where new_location specifies contact information
# such as an email address, or perhaps a street # such as an email address, or perhaps a street
# address or telephone number. # address or telephone number.

36
postfix/conf/transport
View File

@@ -13,8 +13,10 @@
# DESCRIPTION # DESCRIPTION
# The optional transport(5) table specifies a mapping from # The optional transport(5) table specifies a mapping from
# email addresses to message delivery transports and next- # email addresses to message delivery transports and next-
# hop hosts. The table is searched by the trivial-rewrite(8) # hop destinations. Message delivery transports such as
# daemon. # local or smtp are defined in the master.cf file, and next-
# hop destinations are typically hosts or domain names. The
# table is searched by the trivial-rewrite(8) daemon.
# #
# This mapping overrides the default transport:nexthop # This mapping overrides the default transport:nexthop
# selection that is built into Postfix: # selection that is built into Postfix:
@@ -166,7 +168,7 @@
# #
# my.domain : # my.domain :
# .my.domain : # .my.domain :
# * smtp:outbound-relay.my.domain # * smtp:outbound-relay.my.domain
# #
# In order to send mail for example.com and its subdomains # In order to send mail for example.com and its subdomains
# via the uucp transport to the UUCP host named example: # via the uucp transport to the UUCP host named example:
@@ -207,30 +209,30 @@
# #
# The error mailer can be used to bounce mail: # The error mailer can be used to bounce mail:
# #
# .example.com error:mail for *.example.com is not # .example.com error:mail for *.example.com is not deliverable
# deliverable
# #
# This causes all mail for user@anything.example.com to be # This causes all mail for user@anything.example.com to be
# bounced. # bounced.
# #
# REGULAR EXPRESSION TABLES # REGULAR EXPRESSION TABLES
# This section describes how the table lookups change when # This section describes how the table lookups change when
# the table is given in the form of regular expressions. For # the table is given in the form of regular expressions. For
# a description of regular expression lookup table syntax, # a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5). # see regexp_table(5) or pcre_table(5).
# #
# Each pattern is a regular expression that is applied to # Each pattern is a regular expression that is applied to
# the entire address being looked up. Thus, # the entire address being looked up. Thus,
# some.domain.hierarchy is not looked up via its parent # some.domain.hierarchy is not looked up via its parent
# domains, nor is user+foo@domain looked up as user@domain. # domains, nor is user+foo@domain looked up as user@domain.
# #
# Patterns are applied in the order as specified in the ta- # Patterns are applied in the order as specified in the ta-
# ble, until a pattern is found that matches the search # ble, until a pattern is found that matches the search
# string. # string.
# #
# Results are the same as with indexed file lookups, with # The trivial-rewrite(8) server disallows regular expression
# the additional feature that parenthesized substrings from # substitution of $1 etc. in regular expression lookup
# the pattern can be interpolated as $1, $2 and so on. # tables, because that could open a security hole (Postfix
# version 2.3 and later).
# #
# TCP-BASED TABLES # TCP-BASED TABLES
# This section describes how the table lookups change when # This section describes how the table lookups change when

20
postfix/conf/virtual
View File

@@ -107,8 +107,10 @@
# Postfix SMTP server accepts mail for any recipient # Postfix SMTP server accepts mail for any recipient
# in domain, regardless of whether that recipient # in domain, regardless of whether that recipient
# exists. This may turn your mail system into a # exists. This may turn your mail system into a
# backscatter source that returns undeliverable spam # backscatter source: Postfix first accepts mail for
# to innocent people. # non-existent recipients and then tries to return
# that mail as "undeliverable" to the often forged
# sender address.
# #
# RESULT ADDRESS REWRITING # RESULT ADDRESS REWRITING
# The lookup result is subject to address rewriting: # The lookup result is subject to address rewriting:
@@ -156,15 +158,15 @@
# /etc/postfix/main.cf: # /etc/postfix/main.cf:
# virtual_alias_maps = hash:/etc/postfix/virtual # virtual_alias_maps = hash:/etc/postfix/virtual
# #
# Note: some systems use dbm databases instead of hash. # Note: some systems use dbm databases instead of hash. See
# See the output from "postconf -m" for available data- # the output from "postconf -m" for available database
# base types. # types.
# #
# /etc/postfix/virtual: # /etc/postfix/virtual:
# virtual-alias.domain anything (right-hand content does not matter) # virtual-alias.domain anything (right-hand content does not matter)
# postmaster@virtual-alias.domain postmaster # postmaster@virtual-alias.domain postmaster
# user1@virtual-alias.domain address1 # user1@virtual-alias.domain address1
# user2@virtual-alias.domain address2, address3 # user2@virtual-alias.domain address2, address3
# #
# The virtual-alias.domain anything entry is required for a # The virtual-alias.domain anything entry is required for a
# virtual alias domain. Without this entry, mail is rejected # virtual alias domain. Without this entry, mail is rejected

43
postfix/html/BACKSCATTER_README.html
View File

@@ -21,7 +21,10 @@ Backscatter Howto</h1>
<h2>Overview </h2> <h2>Overview </h2>
This document describes features that require Postfix version 2.0 This document describes features that require Postfix version 2.0
or later. or later. The examples use Perl Compatible Regular Expressions
(Postfix <a href="pcre_table.5.html">pcre</a>: tables), but also provide a translation to POSIX
regular expressions (Postfix <a href="regexp_table.5.html">regexp</a>: tables). PCRE is preferred
primarily because the implementation is often faster.</p>
<p> Topics covered in this document: </p> <p> Topics covered in this document: </p>
@@ -174,8 +177,8 @@ patterns like this: </p>
<blockquote> <blockquote>
<pre> <pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>: /etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#header_checks">header_checks</a> = <a href="regexp_table.5.html">regexp</a>:/etc/postfix/header_checks <a href="postconf.5.html#header_checks">header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/header_checks
<a href="postconf.5.html#body_checks">body_checks</a> = <a href="regexp_table.5.html">regexp</a>:/etc/postfix/body_checks <a href="postconf.5.html#body_checks">body_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/body_checks
/etc/postfix/header_checks: /etc/postfix/header_checks:
if /^Received:/ if /^Received:/
@@ -183,7 +186,7 @@ patterns like this: </p>
reject forged client name in Received: header: $1 reject forged client name in Received: header: $1
/^Received: +from +[^ ]+ +\(([^ ]+ +[he]+lo=|[he]+lo +)(porcupine\.org)\)/ /^Received: +from +[^ ]+ +\(([^ ]+ +[he]+lo=|[he]+lo +)(porcupine\.org)\)/
reject forged client name in Received: header: $2 reject forged client name in Received: header: $2
/^Received:.* +by +(porcupine\.org)[[:&gt;:]]/ /^Received:.* +by +(porcupine\.org)\b/
reject forged mail server name in Received: header: $1 reject forged mail server name in Received: header: $1
endif endif
/^Message-ID:.* &lt;!&amp;!/ DUNNO /^Message-ID:.* &lt;!&amp;!/ DUNNO
@@ -196,7 +199,7 @@ patterns like this: </p>
reject forged client name in Received: header: $1 reject forged client name in Received: header: $1
/^[&gt; ]*Received: +from +[^ ]+ +\(([^ ]+ +[he]+lo=|[he]+lo +)(porcupine\.org)\)/ /^[&gt; ]*Received: +from +[^ ]+ +\(([^ ]+ +[he]+lo=|[he]+lo +)(porcupine\.org)\)/
reject forged client name in Received: header: $2 reject forged client name in Received: header: $2
/^[&gt; ]*Received:.* +by +(porcupine\.org)[[:&gt;:]]/ /^[&gt; ]*Received:.* +by +(porcupine\.org)\b/
reject forged mail server name in Received: header: $1 reject forged mail server name in Received: header: $1
endif endif
/^[&gt; ]*Message-ID:.* &lt;!&amp;!/ DUNNO /^[&gt; ]*Message-ID:.* &lt;!&amp;!/ DUNNO
@@ -209,6 +212,9 @@ patterns like this: </p>
<ul> <ul>
<li> <p> The example uses <a href="pcre_table.5.html">pcre</a>: tables mainly for speed; with minor
modifications, you can use <a href="regexp_table.5.html">regexp</a>: tables as explained below. </p>
<li> <p> The example is simplified for educational purposes. In <li> <p> The example is simplified for educational purposes. In
reality my patterns list multiple domain names, as reality my patterns list multiple domain names, as
"<tt>(domain|domain|...)</tt>". </p> "<tt>(domain|domain|...)</tt>". </p>
@@ -220,9 +226,10 @@ the "<tt>\</tt>", the "<tt>.</tt>" would match any character. </p>
and "<tt>)</tt>" literally. Without the "<tt>\</tt>", the "<tt>(</tt>" and "<tt>)</tt>" literally. Without the "<tt>\</tt>", the "<tt>(</tt>"
and "<tt>)</tt>" would be grouping operators. </p> and "<tt>)</tt>" would be grouping operators. </p>
<li> <p> The "<tt>[[:&gt;:]]</tt>" matches the end of a word. On <li> <p> The "<tt>\b</tt>" is used here to match the end of a word.
some systems you should specify "<tt>\&gt;</tt>" instead. For details If you use <a href="regexp_table.5.html">regexp</a>: tables, specify "<tt>[[:&gt;:]]</tt>" (on some
see your system documentation. </p> systems you should specify "<tt>\&gt;</tt>" instead; for details
see your system documentation).
<li> <p> The "if /pattern/" and "endif" eliminate unnecessary <li> <p> The "if /pattern/" and "endif" eliminate unnecessary
matching attempts. DO NOT indent lines starting with /pattern/ matching attempts. DO NOT indent lines starting with /pattern/
@@ -311,15 +318,15 @@ and is very easy to stop.
<blockquote> <blockquote>
<pre> <pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>: /etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#header_checks">header_checks</a> = <a href="regexp_table.5.html">regexp</a>:/etc/postfix/header_checks <a href="postconf.5.html#header_checks">header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/header_checks
<a href="postconf.5.html#body_checks">body_checks</a> = <a href="regexp_table.5.html">regexp</a>:/etc/postfix/body_checks <a href="postconf.5.html#body_checks">body_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/body_checks
/etc/postfix/header_checks: /etc/postfix/header_checks:
/^(From|Return-Path):.*[[:&lt;:]](user@domain\.tld)[[:&gt;:]]/ /^(From|Return-Path):.*\b(user@domain\.tld)\b/
reject forged sender address in $1: header: $2 reject forged sender address in $1: header: $2
/etc/postfix/body_checks: /etc/postfix/body_checks:
/^[&gt; ]*(From|Return-Path):.*[[:&lt;:]](user@domain\.tld)[[:&gt;:]]/ /^[&gt; ]*(From|Return-Path):.*\b(user@domain\.tld)\b/
reject forged sender address in $1: header: $2 reject forged sender address in $1: header: $2
</pre> </pre>
</blockquote> </blockquote>
@@ -328,14 +335,18 @@ and is very easy to stop.
<ul> <ul>
<li> <p> The example uses <a href="pcre_table.5.html">pcre</a>: tables mainly for speed; with minor
modifications, you can use <a href="regexp_table.5.html">regexp</a>: tables as explained below. </p>
<li> <p> The example is simplified for educational purposes. In <li> <p> The example is simplified for educational purposes. In
reality, my patterns list multiple email addresses as reality, my patterns list multiple email addresses as
"<tt>(user1@domain1\.tld|user2@domain2\.tld)</tt>". </p> "<tt>(user1@domain1\.tld|user2@domain2\.tld)</tt>". </p>
<li> <p> The "<tt>[[:&lt;:]]</tt>" and "<tt>[[:&gt;:]]</tt>" match <li> <p> The two "<tt>\b</tt>" as used in "<tt>\b(user@domain\.tld)\b</tt>"
the beginning and end of a word, respectively. On some systems you match the beginning and end of a word, respectively. If you use
should specify "<tt>\&lt;</tt>" and "<tt>\&gt;</tt>" instead. For <a href="regexp_table.5.html">regexp</a>: tables, specify "<tt>[[:&lt;:]]</tt> and <tt>[[:&gt;:]]</tt>"
details see your system documentation. </p> (on some systems you should specify "<tt>\&lt;</tt> and <tt>\&gt;</tt>"
instead; for details see your system documentation). </p>
<li> <p> The "<tt>\.</tt>" matches "<tt>.</tt>" literally. Without <li> <p> The "<tt>\.</tt>" matches "<tt>.</tt>" literally. Without
the "<tt>\</tt>", the "<tt>.</tt>" would match any character. </p> the "<tt>\</tt>", the "<tt>.</tt>" would match any character. </p>

1
postfix/html/INSTALL.html
View File

@@ -149,6 +149,7 @@ Linux Debian 1.3.1, 2.x, 3.x <br>
Linux RedHat 3.x (January 2004) - 9.x <br> Linux RedHat 3.x (January 2004) - 9.x <br>
Linux Slackware 3.x, 4.x, 7.x <br> Linux Slackware 3.x, 4.x, 7.x <br>
Linux SuSE 5.x, 6.x, 7.x <br> Linux SuSE 5.x, 6.x, 7.x <br>
Linux Ubuntu 4.10..7.04<br>
Mac OS X <br> Mac OS X <br>
NEXTSTEP 3.x <br> NEXTSTEP 3.x <br>
NetBSD 1.x <br> NetBSD 1.x <br>

3
postfix/html/MILTER_README.html
View File

@@ -708,9 +708,6 @@ text below: </p>
<li> <p> This was tested with sid-milter-0.2.10 and sid-milter-0.2.14. </p> <li> <p> This was tested with sid-milter-0.2.10 and sid-milter-0.2.14. </p>
<li> <p> This fixes only the ugly message header, but not the WARNING
message. Fortunately, sid-milter logs that message only once. </p>
</ul> </ul>
<p> To fix the ugly message header with other Milter applications, <p> To fix the ugly message header with other Milter applications,

11
postfix/html/OVERVIEW.html
View File

@@ -460,12 +460,13 @@ bgcolor="#f0f0ff"> <br> <a href="smtpd.8.html">smtpd(8)</a><br><br> </td> <td> <
</table> </table>
<li> <p> The <a href="bounce.8.html">bounce(8)</a>, <a href="defer.8.html">defer(8)</a> and <a href="trace.8.html">trace(8)</a> servers each maintain <li> <p> The <a href="bounce.8.html">bounce(8)</a>, <a href="defer.8.html">defer(8)</a> and <a href="trace.8.html">trace(8)</a> services each maintain
their own queue directory trees with per-message logfiles. This their own queue directory trees with per-message logfiles. Postfix
information is used to send delivery or non-delivery notifications uses this information when sending "failed", "delayed" or "success"
to the sender. </p> delivery status notifications to the sender. </p>
<p> The <a href="trace.8.html">trace(8)</a> service implements support for the Postfix "sendmail <p> The <a href="trace.8.html">trace(8)</a> service also implements support for the Postfix
"sendmail
-bv" and "sendmail -v" commands which produce reports about how -bv" and "sendmail -v" commands which produce reports about how
Postfix delivers mail, and is available with Postfix version 2.1 Postfix delivers mail, and is available with Postfix version 2.1
and later. See <a href="DEBUG_README.html#trace_mail"> DEBUG_README and later. See <a href="DEBUG_README.html#trace_mail"> DEBUG_README

6
postfix/html/access.5.html
View File

@@ -388,11 +388,11 @@ ACCESS(5) ACCESS(5)
1.2.3 REJECT 1.2.3 REJECT
1.2.3.4 OK 1.2.3.4 OK
Execute the command "<b>postmap /etc/postfix/access</b>" after Execute the command "<b>postmap /etc/postfix/access</b>" after
editing the file. editing the file.
<b>BUGS</b> <b>BUGS</b>
The table format does not understand quoting conventions. The table format does not understand quoting conventions.
<b>SEE ALSO</b> <b>SEE ALSO</b>
<a href="postmap.1.html">postmap(1)</a>, Postfix lookup table manager <a href="postmap.1.html">postmap(1)</a>, Postfix lookup table manager
@@ -405,7 +405,7 @@ ACCESS(5) ACCESS(5)
<a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview <a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
<b>LICENSE</b> <b>LICENSE</b>
The Secure Mailer license must be distributed with this The Secure Mailer license must be distributed with this
software. software.
<b>AUTHOR(S)</b> <b>AUTHOR(S)</b>

4
postfix/html/bounce.5.html
View File

@@ -52,7 +52,7 @@ BOUNCE(5) BOUNCE(5)
something like: something like:
/etc/postfix/<a href="postconf.5.html">main.cf</a>: /etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#bounce_template_file">bounce_template_file</a> = /etc/postfix/bounce.cf <a href="postconf.5.html#bounce_template_file">bounce_template_file</a> = /etc/postfix/bounce.cf
<b>TEMPLATE FILE FORMAT</b> <b>TEMPLATE FILE FORMAT</b>
The template file can specify templates for failed mail, The template file can specify templates for failed mail,
@@ -86,7 +86,7 @@ BOUNCE(5) BOUNCE(5)
If you do so, please include this problem report. You can If you do so, please include this problem report. You can
delete your own text from the attached returned message. delete your own text from the attached returned message.
The mail system The mail system
EOF EOF
The usage and specification of bounce templates is subject The usage and specification of bounce templates is subject

6
postfix/html/canonical.5.html
View File

@@ -117,8 +117,10 @@ CANONICAL(5) CANONICAL(5)
applied to recipient addresses, the Postfix SMTP applied to recipient addresses, the Postfix SMTP
server accepts mail for any recipient in <i>domain</i>, server accepts mail for any recipient in <i>domain</i>,
regardless of whether that recipient exists. This regardless of whether that recipient exists. This
may turn your mail system into a backscatter source may turn your mail system into a backscatter
that returns undeliverable spam to innocent people. source: Postfix first accepts mail for non-existent
recipients and then tries to return that mail as
"undeliverable" to the often forged sender address.
<b>RESULT ADDRESS REWRITING</b> <b>RESULT ADDRESS REWRITING</b>
The lookup result is subject to address rewriting: The lookup result is subject to address rewriting:

8
postfix/html/generic.5.html
View File

@@ -161,12 +161,12 @@ GENERIC(5) GENERIC(5)
that the ISP supports "+" style address extensions). that the ISP supports "+" style address extensions).
/etc/postfix/<a href="postconf.5.html">main.cf</a>: /etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#smtp_generic_maps">smtp_generic_maps</a> = hash:/etc/postfix/generic <a href="postconf.5.html#smtp_generic_maps">smtp_generic_maps</a> = hash:/etc/postfix/generic
/etc/postfix/generic: /etc/postfix/generic:
his@localdomain.local hisaccount@hisisp.example his@localdomain.local hisaccount@hisisp.example
her@localdomain.local heraccount@herisp.example her@localdomain.local heraccount@herisp.example
@localdomain.local hisaccount+local@hisisp.example @localdomain.local hisaccount+local@hisisp.example
Execute the command "<b>postmap /etc/postfix/generic</b>" when- Execute the command "<b>postmap /etc/postfix/generic</b>" when-
ever the table is changed. Instead of <b>hash</b>, some systems ever the table is changed. Instead of <b>hash</b>, some systems

201
postfix/html/header_checks.5.html
View File

@@ -72,70 +72,75 @@ HEADER_CHECKS(5) HEADER_CHECKS(5)
time, even when a message header spans multiple lines. time, even when a message header spans multiple lines.
Body lines are always examined one line at a time. Body lines are always examined one line at a time.
<b>COMPATIBILITY</b>
With Postfix version 2.2 and earlier specify "<b>postmap -fq</b>"
to query a table that contains case sensitive patterns. By
default, <a href="regexp_table.5.html">regexp</a>: and <a href="pcre_table.5.html">pcre</a>: patterns are case insensitive.
<b>TABLE FORMAT</b> <b>TABLE FORMAT</b>
This document assumes that header and <a href="postconf.5.html#body_checks">body_checks</a> rules This document assumes that header and <a href="postconf.5.html#body_checks">body_checks</a> rules
are specified in the form of Postfix regular expression are specified in the form of Postfix regular expression
lookup tables. Usually the best performance is obtained lookup tables. Usually the best performance is obtained
with <b>pcre</b> (Perl Compatible Regular Expression) tables, but with <b>pcre</b> (Perl Compatible Regular Expression) tables, but
the slower <b>regexp</b> (POSIX regular expressions) support is the slower <b>regexp</b> (POSIX regular expressions) support is
more widely available. Use the command "<b>postconf -m</b>" to more widely available. Use the command "<b>postconf -m</b>" to
find out what lookup table types your Postfix system sup- find out what lookup table types your Postfix system sup-
ports. ports.
The general format of Postfix regular expression tables is The general format of Postfix regular expression tables is
given below. For a discussion of specific pattern or given below. For a discussion of specific pattern or
flags syntax, see <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a> or <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a>, flags syntax, see <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a> or <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a>,
respectively. respectively.
<b>/</b><i>pattern</i><b>/</b><i>flags action</i> <b>/</b><i>pattern</i><b>/</b><i>flags action</i>
When <i>pattern</i> matches the input string, execute the When <i>pattern</i> matches the input string, execute the
corresponding <i>action</i>. See below for a list of pos- corresponding <i>action</i>. See below for a list of pos-
sible actions. sible actions.
<b>!/</b><i>pattern</i><b>/</b><i>flags action</i> <b>!/</b><i>pattern</i><b>/</b><i>flags action</i>
When <i>pattern</i> does <b>not</b> match the input string, exe- When <i>pattern</i> does <b>not</b> match the input string, exe-
cute the corresponding <i>action</i>. cute the corresponding <i>action</i>.
<b>if /</b><i>pattern</i><b>/</b><i>flags</i> <b>if /</b><i>pattern</i><b>/</b><i>flags</i>
<b>endif</b> Match the input string against the patterns between <b>endif</b> Match the input string against the patterns between
<b>if</b> and <b>endif</b>, if and only if the same input string <b>if</b> and <b>endif</b>, if and only if the same input string
also matches <i>pattern</i>. The <b>if</b>..<b>endif</b> can nest. also matches <i>pattern</i>. The <b>if</b>..<b>endif</b> can nest.
Note: do not prepend whitespace to patterns inside Note: do not prepend whitespace to patterns inside
<b>if</b>..<b>endif</b>. <b>if</b>..<b>endif</b>.
<b>if !/</b><i>pattern</i><b>/</b><i>flags</i> <b>if !/</b><i>pattern</i><b>/</b><i>flags</i>
<b>endif</b> Match the input string against the patterns between <b>endif</b> Match the input string against the patterns between
<b>if</b> and <b>endif</b>, if and only if the same input string <b>if</b> and <b>endif</b>, if and only if the same input string
does <b>not</b> match <i>pattern</i>. The <b>if</b>..<b>endif</b> can nest. does <b>not</b> match <i>pattern</i>. The <b>if</b>..<b>endif</b> can nest.
blank lines and comments blank lines and comments
Empty lines and whitespace-only lines are ignored, Empty lines and whitespace-only lines are ignored,
as are lines whose first non-whitespace character as are lines whose first non-whitespace character
is a `#'. is a `#'.
multi-line text multi-line text
A pattern/action line starts with non-whitespace A pattern/action line starts with non-whitespace
text. A line that starts with whitespace continues text. A line that starts with whitespace continues
a logical line. a logical line.
<b>TABLE SEARCH ORDER</b> <b>TABLE SEARCH ORDER</b>
For each line of message input, the patterns are applied For each line of message input, the patterns are applied
in the order as specified in the table. When a pattern is in the order as specified in the table. When a pattern is
found that matches the input line, the corresponding found that matches the input line, the corresponding
action is executed and then the next input line is action is executed and then the next input line is
inspected. inspected.
<b>TEXT SUBSTITUTION</b> <b>TEXT SUBSTITUTION</b>
Substitution of substrings from the matched expression Substitution of substrings from the matched expression
into the <i>action</i> string is possible using the conventional into the <i>action</i> string is possible using the conventional
Perl syntax (<b>$1</b>, <b>$2</b>, etc.). The macros in the result Perl syntax (<b>$1</b>, <b>$2</b>, etc.). The macros in the result
string may need to be written as <b>${n}</b> or <b>$(n)</b> if they string may need to be written as <b>${n}</b> or <b>$(n)</b> if they
aren't followed by whitespace. aren't followed by whitespace.
Note: since negated patterns (those preceded by <b>!</b>) return Note: since negated patterns (those preceded by <b>!</b>) return
a result when the expression does not match, substitutions a result when the expression does not match, substitutions
are not available for negated patterns. are not available for negated patterns.
@@ -144,12 +149,12 @@ HEADER_CHECKS(5) HEADER_CHECKS(5)
case for consistency with other Postfix documentation. case for consistency with other Postfix documentation.
<b>DISCARD</b> <i>optional text...</i> <b>DISCARD</b> <i>optional text...</i>
Claim successful delivery and silently discard the Claim successful delivery and silently discard the
message. Log the optional text if specified, oth- message. Log the optional text if specified, oth-
erwise log a generic message. erwise log a generic message.
Note: this action disables further header or Note: this action disables further header or
<a href="postconf.5.html#body_checks">body_checks</a> inspection of the current message and <a href="postconf.5.html#body_checks">body_checks</a> inspection of the current message and
affects all recipients. To discard only one recip- affects all recipients. To discard only one recip-
ient without discarding the entire message, use the ient without discarding the entire message, use the
<a href="transport.5.html">transport(5)</a> table to direct mail to the <a href="discard.8.html">discard(8)</a> <a href="transport.5.html">transport(5)</a> table to direct mail to the <a href="discard.8.html">discard(8)</a>
@@ -157,49 +162,49 @@ HEADER_CHECKS(5) HEADER_CHECKS(5)
This feature is available in Postfix 2.0 and later. This feature is available in Postfix 2.0 and later.
<b>DUNNO</b> Pretend that the input line did not match any pat- <b>DUNNO</b> Pretend that the input line did not match any pat-
tern, and inspect the next input line. This action tern, and inspect the next input line. This action
can be used to shorten the table search. can be used to shorten the table search.
For backwards compatibility reasons, Postfix also For backwards compatibility reasons, Postfix also
accepts <b>OK</b> but it is (and always has been) treated accepts <b>OK</b> but it is (and always has been) treated
as <b>DUNNO</b>. as <b>DUNNO</b>.
This feature is available in Postfix 2.1 and later. This feature is available in Postfix 2.1 and later.
<b>FILTER</b> <i>transport:destination</i> <b>FILTER</b> <i>transport:destination</i>
Write a content filter request to the queue file, Write a content filter request to the queue file,
and inspect the next input line. After the com- and inspect the next input line. After the com-
plete message is received it will be sent through plete message is received it will be sent through
the specified external content filter. More infor- the specified external content filter. More infor-
mation about external content filters is in the mation about external content filters is in the
Postfix <a href="FILTER_README.html">FILTER_README</a> file. Postfix <a href="FILTER_README.html">FILTER_README</a> file.
Note: this action overrides the <b><a href="postconf.5.html#content_filter">content_filter</a></b> set- Note: this action overrides the <b><a href="postconf.5.html#content_filter">content_filter</a></b> set-
ting, and affects all recipients of the message. In ting, and affects all recipients of the message. In
the case that multiple <b>FILTER</b> actions fire, only the case that multiple <b>FILTER</b> actions fire, only
the last one is executed. the last one is executed.
This feature is available in Postfix 2.0 and later. This feature is available in Postfix 2.0 and later.
<b>HOLD</b> <i>optional text...</i> <b>HOLD</b> <i>optional text...</i>
Arrange for the message to be placed on the <b>hold</b> Arrange for the message to be placed on the <b>hold</b>
queue, and inspect the next input line. The mes- queue, and inspect the next input line. The mes-
sage remains on <b>hold</b> until someone either deletes sage remains on <b>hold</b> until someone either deletes
it or releases it for delivery. Log the optional it or releases it for delivery. Log the optional
text if specified, otherwise log a generic message. text if specified, otherwise log a generic message.
Mail that is placed on hold can be examined with Mail that is placed on hold can be examined with
the <a href="postcat.1.html"><b>postcat</b>(1)</a> command, and can be destroyed or the <a href="postcat.1.html"><b>postcat</b>(1)</a> command, and can be destroyed or
released with the <a href="postsuper.1.html"><b>postsuper</b>(1)</a> command. released with the <a href="postsuper.1.html"><b>postsuper</b>(1)</a> command.
Note: use "<b>postsuper -r</b>" to release mail that was Note: use "<b>postsuper -r</b>" to release mail that was
kept on hold for a significant fraction of <b>$<a href="postconf.5.html#maximal_queue_lifetime">maxi</a>-</b> kept on hold for a significant fraction of <b>$<a href="postconf.5.html#maximal_queue_lifetime">maxi</a>-</b>
<b><a href="postconf.5.html#maximal_queue_lifetime">mal_queue_lifetime</a></b> or <b>$<a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a></b>, or <b><a href="postconf.5.html#maximal_queue_lifetime">mal_queue_lifetime</a></b> or <b>$<a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a></b>, or
longer. Use "<b>postsuper -H</b>" only for mail that will longer. Use "<b>postsuper -H</b>" only for mail that will
not expire within a few delivery attempts. not expire within a few delivery attempts.
Note: this action affects all recipients of the Note: this action affects all recipients of the
message. message.
This feature is available in Postfix 2.0 and later. This feature is available in Postfix 2.0 and later.
@@ -208,23 +213,23 @@ HEADER_CHECKS(5) HEADER_CHECKS(5)
the next input line. the next input line.
<b>PREPEND</b> <i>text...</i> <b>PREPEND</b> <i>text...</i>
Prepend one line with the specified text, and Prepend one line with the specified text, and
inspect the next input line. inspect the next input line.
Notes: Notes:
<b>o</b> The prepended text is output on a separate <b>o</b> The prepended text is output on a separate
line, immediately before the input that line, immediately before the input that
triggered the <b>PREPEND</b> action. triggered the <b>PREPEND</b> action.
<b>o</b> The prepended text is not considered part of <b>o</b> The prepended text is not considered part of
the input stream: it is not subject to the input stream: it is not subject to
header/body checks or address rewriting, and header/body checks or address rewriting, and
it does not affect the way that Postfix adds it does not affect the way that Postfix adds
missing message headers. missing message headers.
<b>o</b> When prepending text before a message header <b>o</b> When prepending text before a message header
line, the prepended text must begin with a line, the prepended text must begin with a
valid message header label. valid message header label.
<b>o</b> This action cannot be used to prepend multi- <b>o</b> This action cannot be used to prepend multi-
@@ -233,46 +238,46 @@ HEADER_CHECKS(5) HEADER_CHECKS(5)
This feature is available in Postfix 2.1 and later. This feature is available in Postfix 2.1 and later.
<b>REDIRECT</b> <i>user@domain</i> <b>REDIRECT</b> <i>user@domain</i>
Write a message redirection request to the queue Write a message redirection request to the queue
file, and inspect the next input line. After the file, and inspect the next input line. After the
message is queued, it will be sent to the specified message is queued, it will be sent to the specified
address instead of the intended recipient(s). address instead of the intended recipient(s).
Note: this action overrides the <b>FILTER</b> action, and Note: this action overrides the <b>FILTER</b> action, and
affects all recipients of the message. If multiple affects all recipients of the message. If multiple
<b>REDIRECT</b> actions fire, only the last one is exe- <b>REDIRECT</b> actions fire, only the last one is exe-
cuted. cuted.
This feature is available in Postfix 2.1 and later. This feature is available in Postfix 2.1 and later.
<b>REPLACE</b> <i>text...</i> <b>REPLACE</b> <i>text...</i>
Replace the current line with the specified text, Replace the current line with the specified text,
and inspect the next input line. and inspect the next input line.
This feature is available in Postfix 2.2 and later. This feature is available in Postfix 2.2 and later.
The description below applies to Postfix 2.2.2 and The description below applies to Postfix 2.2.2 and
later. later.
Notes: Notes:
<b>o</b> When replacing a message header line, the <b>o</b> When replacing a message header line, the
replacement text must begin with a valid replacement text must begin with a valid
header label. header label.
<b>o</b> The replaced text remains part of the input <b>o</b> The replaced text remains part of the input
stream. Unlike the result from the <b>PREPEND</b> stream. Unlike the result from the <b>PREPEND</b>
action, a replaced message header may be action, a replaced message header may be
subject to address rewriting and may affect subject to address rewriting and may affect
the way that Postfix adds missing message the way that Postfix adds missing message
headers. headers.
<b>REJECT</b> <i>optional text...</i> <b>REJECT</b> <i>optional text...</i>
Reject the entire message. Reply with <i>optional</i> Reject the entire message. Reply with <i>optional</i>
<i>text...</i> when the optional text is specified, other- <i>text...</i> when the optional text is specified, other-
wise reply with a generic error message. wise reply with a generic error message.
Note: this action disables further header or Note: this action disables further header or
<a href="postconf.5.html#body_checks">body_checks</a> inspection of the current message and <a href="postconf.5.html#body_checks">body_checks</a> inspection of the current message and
affects all recipients. affects all recipients.
Postfix version 2.3 and later support enhanced sta- Postfix version 2.3 and later support enhanced sta-
@@ -281,32 +286,32 @@ HEADER_CHECKS(5) HEADER_CHECKS(5)
enhanced status code of "5.7.1". enhanced status code of "5.7.1".
<b>WARN</b> <i>optional text...</i> <b>WARN</b> <i>optional text...</i>
Log a warning with the <i>optional text...</i> (or log a Log a warning with the <i>optional text...</i> (or log a
generic message), and inspect the next input line. generic message), and inspect the next input line.
This action is useful for debugging and for testing This action is useful for debugging and for testing
a pattern before applying more drastic actions. a pattern before applying more drastic actions.
<b>BUGS</b> <b>BUGS</b>
Many people overlook the main limitations of header and Many people overlook the main limitations of header and
<a href="postconf.5.html#body_checks">body_checks</a> rules. <a href="postconf.5.html#body_checks">body_checks</a> rules.
<b>o</b> These rules operate on one logical message header <b>o</b> These rules operate on one logical message header
or one body line at a time. A decision made for one or one body line at a time. A decision made for one
line is not carried over to the next line. line is not carried over to the next line.
<b>o</b> If text in the message body is encoded (<a href="http://www.faqs.org/rfcs/rfc2045.html">RFC 2045</a>) <b>o</b> If text in the message body is encoded (<a href="http://www.faqs.org/rfcs/rfc2045.html">RFC 2045</a>)
then the rules have to specified for the encoded then the rules need to be specified for the encoded
form. form.
<b>o</b> Likewise, when message headers are encoded (<a href="http://www.faqs.org/rfcs/rfc2047.html">RFC</a> <b>o</b> Likewise, when message headers are encoded (<a href="http://www.faqs.org/rfcs/rfc2047.html">RFC</a>
<a href="http://www.faqs.org/rfcs/rfc2047.html">2047</a>) then the rules need to be specified for the <a href="http://www.faqs.org/rfcs/rfc2047.html">2047</a>) then the rules need to be specified for the
encoded form. encoded form.
Message headers added by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon itself are Message headers added by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon itself are
excluded from inspection. Examples of such message headers excluded from inspection. Examples of such message headers
are <b>From:</b>, <b>To:</b>, <b>Message-ID:</b>, <b>Date:</b>. are <b>From:</b>, <b>To:</b>, <b>Message-ID:</b>, <b>Date:</b>.
Message headers deleted by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon will be Message headers deleted by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon will be
examined before they are deleted. Examples are: <b>Bcc:, Con-</b> examined before they are deleted. Examples are: <b>Bcc:, Con-</b>
<b>tent-Length:</b>, <b>Return-Path:</b>. <b>tent-Length:</b>, <b>Return-Path:</b>.
@@ -314,11 +319,11 @@ HEADER_CHECKS(5) HEADER_CHECKS(5)
<b><a href="postconf.5.html#body_checks">body_checks</a></b> <b><a href="postconf.5.html#body_checks">body_checks</a></b>
Lookup tables with content filter rules for message Lookup tables with content filter rules for message
body lines. These filters see one physical line at body lines. These filters see one physical line at
a time, in chunks of at most <b>$<a href="postconf.5.html#line_length_limit">line_length_limit</a></b> a time, in chunks of at most <b>$<a href="postconf.5.html#line_length_limit">line_length_limit</a></b>
bytes. bytes.
<b><a href="postconf.5.html#body_checks_size_limit">body_checks_size_limit</a></b> <b><a href="postconf.5.html#body_checks_size_limit">body_checks_size_limit</a></b>
The amount of content per message body segment The amount of content per message body segment
(attachment) that is subjected to <b>$<a href="postconf.5.html#body_checks">body_checks</a></b> fil- (attachment) that is subjected to <b>$<a href="postconf.5.html#body_checks">body_checks</a></b> fil-
tering. tering.
@@ -328,32 +333,32 @@ HEADER_CHECKS(5) HEADER_CHECKS(5)
<b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a></b> (default: <b>$<a href="postconf.5.html#header_checks">header_checks</a></b>) <b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a></b> (default: <b>$<a href="postconf.5.html#header_checks">header_checks</a></b>)
Lookup tables with content filter rules for message Lookup tables with content filter rules for message
header lines: respectively, these are applied to header lines: respectively, these are applied to
the initial message headers (not including MIME the initial message headers (not including MIME
headers), to the MIME headers anywhere in the mes- headers), to the MIME headers anywhere in the mes-
sage, and to the initial headers of attached mes- sage, and to the initial headers of attached mes-
sages. sages.
Note: these filters see one logical message header Note: these filters see one logical message header
at a time, even when a message header spans multi- at a time, even when a message header spans multi-
ple lines. Message headers that are longer than ple lines. Message headers that are longer than
<b>$<a href="postconf.5.html#header_size_limit">header_size_limit</a></b> characters are truncated. <b>$<a href="postconf.5.html#header_size_limit">header_size_limit</a></b> characters are truncated.
<b><a href="postconf.5.html#disable_mime_input_processing">disable_mime_input_processing</a></b> <b><a href="postconf.5.html#disable_mime_input_processing">disable_mime_input_processing</a></b>
While receiving mail, give no special treatment to While receiving mail, give no special treatment to
MIME related message headers; all text after the MIME related message headers; all text after the
initial message headers is considered to be part of initial message headers is considered to be part of
the message body. This means that <b><a href="postconf.5.html#header_checks">header_checks</a></b> is the message body. This means that <b><a href="postconf.5.html#header_checks">header_checks</a></b> is
applied to all the initial message headers, and applied to all the initial message headers, and
that <b><a href="postconf.5.html#body_checks">body_checks</a></b> is applied to the remainder of the that <b><a href="postconf.5.html#body_checks">body_checks</a></b> is applied to the remainder of the
message. message.
Note: when used in this manner, <b><a href="postconf.5.html#body_checks">body_checks</a></b> will Note: when used in this manner, <b><a href="postconf.5.html#body_checks">body_checks</a></b> will
process a multi-line message header one line at a process a multi-line message header one line at a
time. time.
<b>EXAMPLES</b> <b>EXAMPLES</b>
Header pattern to block attachments with bad file name Header pattern to block attachments with bad file name
extensions. extensions.
/etc/postfix/<a href="postconf.5.html">main.cf</a>: /etc/postfix/<a href="postconf.5.html">main.cf</a>:
@@ -391,7 +396,7 @@ HEADER_CHECKS(5) HEADER_CHECKS(5)
<a href="BACKSCATTER_README.html">BACKSCATTER_README</a>, blocking returned forged mail <a href="BACKSCATTER_README.html">BACKSCATTER_README</a>, blocking returned forged mail
<b>LICENSE</b> <b>LICENSE</b>
The Secure Mailer license must be distributed with this The Secure Mailer license must be distributed with this
software. software.
<b>AUTHOR(S)</b> <b>AUTHOR(S)</b>

219
postfix/html/ldap_table.5.html
View File

@@ -327,19 +327,18 @@ LDAP_TABLE(5) LDAP_TABLE(5)
are not performed. This can significantly reduce are not performed. This can significantly reduce
the query load on the LDAP server. the query load on the LDAP server.
domain = postfix.org, hash:/etc/postfix/search- domain = postfix.org, hash:/etc/postfix/searchdomains
domains
It is best not to use LDAP to store the domains It is best not to use LDAP to store the domains
eligible for LDAP lookups. eligible for LDAP lookups.
NOTE: DO NOT define this parameter for <a href="local.8.html">local(8)</a> NOTE: DO NOT define this parameter for <a href="local.8.html">local(8)</a>
aliases. aliases.
This feature is available in Postfix 1.0 and later. This feature is available in Postfix 1.0 and later.
<b>result_attribute (default: maildrop)</b> <b>result_attribute (default: maildrop)</b>
The attribute(s) Postfix will read from any direc- The attribute(s) Postfix will read from any direc-
tory entries returned by the lookup, to be resolved tory entries returned by the lookup, to be resolved
to an email address. to an email address.
@@ -347,57 +346,57 @@ LDAP_TABLE(5) LDAP_TABLE(5)
<b>special_result_attribute (default: empty)</b> <b>special_result_attribute (default: empty)</b>
The attribute(s) of directory entries that can con- The attribute(s) of directory entries that can con-
tain DNs or URLs. If found, a recursive subsequent tain DNs or URLs. If found, a recursive subsequent
search is done using their values. search is done using their values.
special_result_attribute = memberdn special_result_attribute = memberdn
DN recursion retrieves the same result_attributes DN recursion retrieves the same result_attributes
as the main query, including the special attributes as the main query, including the special attributes
for further recursion. URI processing retrieves for further recursion. URI processing retrieves
only those attributes that are included in the URI only those attributes that are included in the URI
definition and are *also* listed in definition and are *also* listed in
"result_attribute". If the URI lists any of the "result_attribute". If the URI lists any of the
map's special result attributes, these are also map's special result attributes, these are also
retrieved and used recursively. retrieved and used recursively.
<b>terminal_result_attribute (default: empty)</b> <b>terminal_result_attribute (default: empty)</b>
When one or more terminal result attributes are When one or more terminal result attributes are
found in an LDAP entry, all other result attributes found in an LDAP entry, all other result attributes
are ignored and only the terminal result attributes are ignored and only the terminal result attributes
are returned. This is useful for delegating expan- are returned. This is useful for delegating expan-
sion of group members to a particular host, by sion of group members to a particular host, by
using an optional "maildrop" attribute on selected using an optional "maildrop" attribute on selected
groups to route the group to a specific host, where groups to route the group to a specific host, where
the group is expanded, possibly via mailing-list the group is expanded, possibly via mailing-list
manager or other special processing. manager or other special processing.
terminal_result_attribute = maildrop terminal_result_attribute = maildrop
This feature is available with Postfix 2.4 or This feature is available with Postfix 2.4 or
later. later.
<b>leaf_result_attribute (default: empty)</b> <b>leaf_result_attribute (default: empty)</b>
When one or more special result attributes are When one or more special result attributes are
found in a non-terminal (see above) LDAP entry, found in a non-terminal (see above) LDAP entry,
leaf result attributes are excluded from the expan- leaf result attributes are excluded from the expan-
sion of that entry. This is useful when expanding sion of that entry. This is useful when expanding
groups and the desired mail address attribute(s) of groups and the desired mail address attribute(s) of
the member objects obtained via DN or URI recursion the member objects obtained via DN or URI recursion
are also present in the group object. To only are also present in the group object. To only
return the attribute values from the leaf objects return the attribute values from the leaf objects
and not the containing group, add the attribute to and not the containing group, add the attribute to
the leaf_result_attribute list, and not the the leaf_result_attribute list, and not the
result_attribute list, which is always expanded. result_attribute list, which is always expanded.
Note, the default value of "result_attribute" is Note, the default value of "result_attribute" is
not empty, you may want to set it explicitly empty not empty, you may want to set it explicitly empty
when using "leaf_result_attribute" to expand the when using "leaf_result_attribute" to expand the
group to a list of member DN addresses. If groups group to a list of member DN addresses. If groups
have both member DN references AND attributes that have both member DN references AND attributes that
hold multiple string valued rfc822 addresses, then hold multiple string valued rfc822 addresses, then
the string attributes go in "result_attribute". the string attributes go in "result_attribute".
The attributes that represent the email addresses The attributes that represent the email addresses
of objects referenced via a DN (or LDAP URI) go in of objects referenced via a DN (or LDAP URI) go in
"leaf_result_attribute". "leaf_result_attribute".
result_attribute = memberaddr result_attribute = memberaddr
@@ -405,42 +404,42 @@ LDAP_TABLE(5) LDAP_TABLE(5)
terminal_result_attribute = maildrop terminal_result_attribute = maildrop
leaf_result_attribute = mail leaf_result_attribute = mail
This feature is available with Postfix 2.4 or This feature is available with Postfix 2.4 or
later. later.
<b>scope (default: sub)</b> <b>scope (default: sub)</b>
The LDAP search scope: <b>sub</b>, <b>base</b>, or <b>one</b>. These The LDAP search scope: <b>sub</b>, <b>base</b>, or <b>one</b>. These
translate into LDAP_SCOPE_SUBTREE, LDAP_SCOPE_BASE, translate into LDAP_SCOPE_SUBTREE, LDAP_SCOPE_BASE,
and LDAP_SCOPE_ONELEVEL. and LDAP_SCOPE_ONELEVEL.
<b>bind (default: yes)</b> <b>bind (default: yes)</b>
Whether or not to bind to the LDAP server. Newer Whether or not to bind to the LDAP server. Newer
LDAP implementations don't require clients to bind, LDAP implementations don't require clients to bind,
which saves time. Example: which saves time. Example:
bind = no bind = no
If you do need to bind, you might consider config- If you do need to bind, you might consider config-
uring Postfix to connect to the local machine on a uring Postfix to connect to the local machine on a
port that's an SSL tunnel to your LDAP server. If port that's an SSL tunnel to your LDAP server. If
your LDAP server doesn't natively support SSL, put your LDAP server doesn't natively support SSL, put
a tunnel (wrapper, proxy, whatever you want to call a tunnel (wrapper, proxy, whatever you want to call
it) on that system too. This should prevent the it) on that system too. This should prevent the
password from traversing the network in the clear. password from traversing the network in the clear.
<b>bind_dn (default: empty)</b> <b>bind_dn (default: empty)</b>
If you do have to bind, do it with this distin- If you do have to bind, do it with this distin-
guished name. Example: guished name. Example:
bind_dn = uid=postfix, dc=your, dc=com bind_dn = uid=postfix, dc=your, dc=com
<b>bind_pw (default: empty)</b> <b>bind_pw (default: empty)</b>
The password for the distinguished name above. If The password for the distinguished name above. If
you have to use this, you probably want to make the you have to use this, you probably want to make the
map configuration file readable only by the Postfix map configuration file readable only by the Postfix
user. When using the obsolete <a href="ldap_table.5.html">ldap</a>:ldapsource syn- user. When using the obsolete <a href="ldap_table.5.html">ldap</a>:ldapsource syn-
tax, with map parameters in <a href="postconf.5.html">main.cf</a>, it is not pos- tax, with map parameters in <a href="postconf.5.html">main.cf</a>, it is not pos-
sible to securely store the bind password. This is sible to securely store the bind password. This is
because <a href="postconf.5.html">main.cf</a> needs to be world readable to allow because <a href="postconf.5.html">main.cf</a> needs to be world readable to allow
local accounts to submit mail via the sendmail com- local accounts to submit mail via the sendmail com-
mand. Example: mand. Example:
@@ -452,43 +451,43 @@ LDAP_TABLE(5) LDAP_TABLE(5)
<b>cache_expiry (IGNORED with a warning)</b> <b>cache_expiry (IGNORED with a warning)</b>
<b>cache_size (IGNORED with a warning)</b> <b>cache_size (IGNORED with a warning)</b>
The above parameters are NO LONGER SUPPORTED by The above parameters are NO LONGER SUPPORTED by
Postfix. Cache support has been dropped from Postfix. Cache support has been dropped from
OpenLDAP as of release 2.1.13. OpenLDAP as of release 2.1.13.
<b>recursion_limit (default: 1000)</b> <b>recursion_limit (default: 1000)</b>
A limit on the nesting depth of DN and URL special A limit on the nesting depth of DN and URL special
result attribute evaluation. The limit must be a result attribute evaluation. The limit must be a
non-zero positive number. non-zero positive number.
<b>expansion_limit (default: 0)</b> <b>expansion_limit (default: 0)</b>
A limit on the total number of result elements A limit on the total number of result elements
returned (as a comma separated list) by a lookup returned (as a comma separated list) by a lookup
against the map. A setting of zero disables the against the map. A setting of zero disables the
limit. Lookups fail with a temporary error if the limit. Lookups fail with a temporary error if the
limit is exceeded. Setting the limit to 1 ensures limit is exceeded. Setting the limit to 1 ensures
that lookups do not return multiple values. that lookups do not return multiple values.
<b>size_limit (default: $expansion_limit)</b> <b>size_limit (default: $expansion_limit)</b>
A limit on the number of LDAP entries returned by A limit on the number of LDAP entries returned by
any single LDAP search performed as part of the any single LDAP search performed as part of the
lookup. A setting of 0 disables the limit. Expan- lookup. A setting of 0 disables the limit. Expan-
sion of DN and URL references involves nested LDAP sion of DN and URL references involves nested LDAP
queries, each of which is separately subjected to queries, each of which is separately subjected to
this limit. this limit.
Note: even a single LDAP entry can generate multi- Note: even a single LDAP entry can generate multi-
ple lookup results, via multiple result attributes ple lookup results, via multiple result attributes
and/or multi-valued result attributes. This limit and/or multi-valued result attributes. This limit
caps the per search resource utilization on the caps the per search resource utilization on the
LDAP server, not the final multiplicity of the LDAP server, not the final multiplicity of the
lookup result. It is analogous to the "-z" option lookup result. It is analogous to the "-z" option
of "ldapsearch". of "ldapsearch".
<b>dereference (default: 0)</b> <b>dereference (default: 0)</b>
When to dereference LDAP aliases. (Note that this When to dereference LDAP aliases. (Note that this
has nothing do with Postfix aliases.) The permitted has nothing do with Postfix aliases.) The permitted
values are those legal for the OpenLDAP/UM LDAP values are those legal for the OpenLDAP/UM LDAP
implementations: implementations:
0 never 0 never
@@ -500,28 +499,28 @@ LDAP_TABLE(5) LDAP_TABLE(5)
3 always 3 always
See ldap.h or the ldap_open(3) or ldapsearch(1) man See ldap.h or the ldap_open(3) or ldapsearch(1) man
pages for more information. And if you're using an pages for more information. And if you're using an
LDAP package that has other possible values, please LDAP package that has other possible values, please
bring it to the attention of the postfix- bring it to the attention of the postfix-
users@postfix.org mailing list. users@postfix.org mailing list.
<b>chase_referrals (default: 0)</b> <b>chase_referrals (default: 0)</b>
Sets (or clears) LDAP_OPT_REFERRALS (requires LDAP Sets (or clears) LDAP_OPT_REFERRALS (requires LDAP
version 3 support). version 3 support).
<b>version (default: 2)</b> <b>version (default: 2)</b>
Specifies the LDAP protocol version to use. Specifies the LDAP protocol version to use.
<b>debuglevel (default: 0)</b> <b>debuglevel (default: 0)</b>
What level to set for debugging in the OpenLDAP What level to set for debugging in the OpenLDAP
libraries. libraries.
<b>LDAP SSL AND STARTTLS PARAMETERS</b> <b>LDAP SSL AND STARTTLS PARAMETERS</b>
If you're using the OpenLDAP libraries compiled with SSL If you're using the OpenLDAP libraries compiled with SSL
support, Postfix can connect to LDAP SSL servers and can support, Postfix can connect to LDAP SSL servers and can
issue the STARTTLS command. issue the STARTTLS command.
LDAP SSL service can be requested by using a LDAP SSL URL LDAP SSL service can be requested by using a LDAP SSL URL
in the server_host parameter: in the server_host parameter:
server_host = ldaps://ldap.example.com:636 server_host = ldaps://ldap.example.com:636
@@ -530,90 +529,90 @@ LDAP_TABLE(5) LDAP_TABLE(5)
start_tls = yes start_tls = yes
Both forms require LDAP protocol version 3, which has to Both forms require LDAP protocol version 3, which has to
be set explicitly with: be set explicitly with:
version = 3 version = 3
If any of the Postfix programs querying the map is config- If any of the Postfix programs querying the map is config-
ured in <a href="master.5.html">master.cf</a> to run chrooted, all the certificates ured in <a href="master.5.html">master.cf</a> to run chrooted, all the certificates
and keys involved have to be copied to the chroot jail. Of and keys involved have to be copied to the chroot jail. Of
course, the private keys should only be readable by the course, the private keys should only be readable by the
user "postfix". user "postfix".
The following parameters are relevant to LDAP SSL and The following parameters are relevant to LDAP SSL and
STARTTLS: STARTTLS:
<b>start_tls (default: no)</b> <b>start_tls (default: no)</b>
Whether or not to issue STARTTLS upon connection to Whether or not to issue STARTTLS upon connection to
the server. Don't set this with LDAP SSL (the SSL the server. Don't set this with LDAP SSL (the SSL
session is setup automatically when the TCP connec- session is setup automatically when the TCP connec-
tion is opened). tion is opened).
<b>tls_ca_cert_dir (No default; set either this or</b> <b>tls_ca_cert_dir (No default; set either this or</b>
<b>tls_ca_cert_file)</b> <b>tls_ca_cert_file)</b>
Directory containing X509 Certificate Authority Directory containing X509 Certificate Authority
certificates in PEM format which are to be recog- certificates in PEM format which are to be recog-
nized by the client in SSL/TLS connections. The nized by the client in SSL/TLS connections. The
files each contain one CA certificate. The files files each contain one CA certificate. The files
are looked up by the CA subject name hash value, are looked up by the CA subject name hash value,
which must hence be available. If more than one CA which must hence be available. If more than one CA
certificate with the same name hash value exist, certificate with the same name hash value exist,
the extension must be different (e.g. 9d66eef0.0, the extension must be different (e.g. 9d66eef0.0,
9d66eef0.1 etc). The search is performed in the 9d66eef0.1 etc). The search is performed in the
ordering of the extension number, regardless of ordering of the extension number, regardless of
other properties of the certificates. Use the other properties of the certificates. Use the
c_rehash utility (from the OpenSSL distribution) to c_rehash utility (from the OpenSSL distribution) to
create the necessary links. create the necessary links.
<b>tls_ca_cert_file (No default; set either this or</b> <b>tls_ca_cert_file (No default; set either this or</b>
<b>tls_ca_cert_dir)</b> <b>tls_ca_cert_dir)</b>
File containing the X509 Certificate Authority cer- File containing the X509 Certificate Authority cer-
tificates in PEM format which are to be recognized tificates in PEM format which are to be recognized
by the client in SSL/TLS connections. This setting by the client in SSL/TLS connections. This setting
takes precedence over tls_ca_cert_dir. takes precedence over tls_ca_cert_dir.
<b>tls_cert (No default; you must set this)</b> <b>tls_cert (No default; you must set this)</b>
File containing client's X509 certificate to be File containing client's X509 certificate to be
used by the client in SSL/ TLS connections. used by the client in SSL/ TLS connections.
<b>tls_key (No default; you must set this)</b> <b>tls_key (No default; you must set this)</b>
File containing the private key corresponding to File containing the private key corresponding to
the above tls_cert. the above tls_cert.
<b>tls_require_cert (default: no)</b> <b>tls_require_cert (default: no)</b>
Whether or not to request server's X509 certificate Whether or not to request server's X509 certificate
and check its validity when establishing SSL/TLS and check its validity when establishing SSL/TLS
connections. connections.
<b>tls_random_file (No default)</b> <b>tls_random_file (No default)</b>
Path of a file to obtain random bits from when Path of a file to obtain random bits from when
/dev/[u]random is not available, to be used by the /dev/[u]random is not available, to be used by the
client in SSL/TLS connections. client in SSL/TLS connections.
<b>tls_cipher_suite (No default)</b> <b>tls_cipher_suite (No default)</b>
Cipher suite to use in SSL/TLS negotiations. Cipher suite to use in SSL/TLS negotiations.
<b>EXAMPLE</b> <b>EXAMPLE</b>
Here's a basic example for using LDAP to look up <a href="local.8.html">local(8)</a> Here's a basic example for using LDAP to look up <a href="local.8.html">local(8)</a>
aliases. Assume that in <a href="postconf.5.html">main.cf</a>, you have: aliases. Assume that in <a href="postconf.5.html">main.cf</a>, you have:
<a href="postconf.5.html#alias_maps">alias_maps</a> = hash:/etc/aliases, <a href="postconf.5.html#alias_maps">alias_maps</a> = hash:/etc/aliases,
<a href="ldap_table.5.html">ldap</a>:/etc/postfix/ldap-aliases.cf <a href="ldap_table.5.html">ldap</a>:/etc/postfix/ldap-aliases.cf
and in <a href="ldap_table.5.html">ldap</a>:/etc/postfix/ldap-aliases.cf you have: and in <a href="ldap_table.5.html">ldap</a>:/etc/postfix/ldap-aliases.cf you have:
server_host = ldap.example.com server_host = ldap.example.com
search_base = dc=example, dc=com search_base = dc=example, dc=com
Upon receiving mail for a local address "ldapuser" that Upon receiving mail for a local address "ldapuser" that
isn't found in the /etc/aliases database, Postfix will isn't found in the /etc/aliases database, Postfix will
search the LDAP server listening at port 389 on ldap.exam- search the LDAP server listening at port 389 on ldap.exam-
ple.com. It will bind anonymously, search for any direc- ple.com. It will bind anonymously, search for any direc-
tory entries whose mailacceptinggeneralid attribute is tory entries whose mailacceptinggeneralid attribute is
"ldapuser", read the "maildrop" attributes of those found, "ldapuser", read the "maildrop" attributes of those found,
and build a list of their maildrops, which will be treated and build a list of their maildrops, which will be treated
as <a href="http://www.faqs.org/rfcs/rfc822.html">RFC822</a> addresses to which the message will be deliv- as <a href="http://www.faqs.org/rfcs/rfc822.html">RFC822</a> addresses to which the message will be deliv-
ered. ered.
<b>SEE ALSO</b> <b>SEE ALSO</b>
@@ -627,13 +626,13 @@ LDAP_TABLE(5) LDAP_TABLE(5)
<a href="LDAP_README.html">LDAP_README</a>, Postfix LDAP client guide <a href="LDAP_README.html">LDAP_README</a>, Postfix LDAP client guide
<b>LICENSE</b> <b>LICENSE</b>
The Secure Mailer license must be distributed with this The Secure Mailer license must be distributed with this
software. software.
<b>AUTHOR(S)</b> <b>AUTHOR(S)</b>
Carsten Hoeger, Hery Rakotoarisoa, John Hensley, Keith Carsten Hoeger, Hery Rakotoarisoa, John Hensley, Keith
Stevenson, LaMont Jones, Liviu Daia, Manuel Guesdon, Mike Stevenson, LaMont Jones, Liviu Daia, Manuel Guesdon, Mike
Mattice, Prabhat K Singh, Sami Haahtinen, Samuel Tardieu, Mattice, Prabhat K Singh, Sami Haahtinen, Samuel Tardieu,
Victor Duchovni, and many others. Victor Duchovni, and many others.
LDAP_TABLE(5) LDAP_TABLE(5)

120
postfix/html/mysql_table.5.html
View File

@@ -21,26 +21,26 @@ MYSQL_TABLE(5) MYSQL_TABLE(5)
Alternatively, lookup tables can be specified as MySQL Alternatively, lookup tables can be specified as MySQL
databases. In order to use MySQL lookups, define a MySQL databases. In order to use MySQL lookups, define a MySQL
source as a lookup table in main.cf, for example: source as a lookup table in <a href="postconf.5.html">main.cf</a>, for example:
<a href="postconf.5.html#alias_maps">alias_maps</a> = <a href="mysql_table.5.html">mysql</a>:/etc/mysql-aliases.cf <a href="postconf.5.html#alias_maps">alias_maps</a> = <a href="mysql_table.5.html">mysql</a>:/etc/mysql-aliases.cf
The file /etc/postfix/mysql-aliases.cf has the same format The file /etc/postfix/mysql-aliases.cf has the same format
as the Postfix main.cf file, and can specify the parame- as the Postfix <a href="postconf.5.html">main.cf</a> file, and can specify the parame-
ters described below. ters described below.
<b>BACKWARDS COMPATIBILITY</b> <b>BACKWARDS COMPATIBILITY</b>
For compatibility with other Postfix lookup tables, MySQL For compatibility with other Postfix lookup tables, MySQL
parameters can also be defined in main.cf. In order to do parameters can also be defined in <a href="postconf.5.html">main.cf</a>. In order to do
that, specify as MySQL source a name that doesn't begin that, specify as MySQL source a name that doesn't begin
with a slash or a dot. The MySQL parameters will then be with a slash or a dot. The MySQL parameters will then be
accessible as the name you've given the source in its def- accessible as the name you've given the source in its def-
inition, an underscore, and the name of the parameter. inition, an underscore, and the name of the parameter.
For example, if the map is specified as "<a href="mysql_table.5.html">mysql</a>:<i>mysqlname</i>", For example, if the map is specified as "<a href="mysql_table.5.html">mysql</a>:<i>mysqlname</i>",
the parameter "hosts" below would be defined in main.cf as the parameter "hosts" below would be defined in <a href="postconf.5.html">main.cf</a> as
"<i>mysqlname</i>_hosts". "<i>mysqlname</i>_hosts".
Note: with this form, the passwords for the MySQL sources Note: with this form, the passwords for the MySQL sources
are written in main.cf, which is normally world-readable. are written in <a href="postconf.5.html">main.cf</a>, which is normally world-readable.
Support for this form will be removed in a future Postfix Support for this form will be removed in a future Postfix
version. version.
@@ -115,58 +115,57 @@ MYSQL_TABLE(5) MYSQL_TABLE(5)
<b>query</b> The SQL query template used to search the database, <b>query</b> The SQL query template used to search the database,
where <b>%s</b> is a substitute for the address Postfix is where <b>%s</b> is a substitute for the address Postfix is
trying to resolve, e.g. trying to resolve, e.g.
query = SELECT replacement FROM aliases WHERE query = SELECT replacement FROM aliases WHERE mailbox = '%s'
mailbox = '%s'
This parameter supports the following '%' expan- This parameter supports the following '%' expan-
sions: sions:
<b>%%</b> This is replaced by a literal '%' character. <b>%%</b> This is replaced by a literal '%' character.
<b>%s</b> This is replaced by the input key. SQL <b>%s</b> This is replaced by the input key. SQL
quoting is used to make sure that the input quoting is used to make sure that the input
key does not add unexpected metacharacters. key does not add unexpected metacharacters.
<b>%u</b> When the input key is an address of the form <b>%u</b> When the input key is an address of the form
user@domain, <b>%u</b> is replaced by the SQL user@domain, <b>%u</b> is replaced by the SQL
quoted local part of the address. Other- quoted local part of the address. Other-
wise, <b>%u</b> is replaced by the entire search wise, <b>%u</b> is replaced by the entire search
string. If the localpart is empty, the string. If the localpart is empty, the
query is suppressed and returns no results. query is suppressed and returns no results.
<b>%d</b> When the input key is an address of the form <b>%d</b> When the input key is an address of the form
user@domain, <b>%d</b> is replaced by the SQL user@domain, <b>%d</b> is replaced by the SQL
quoted domain part of the address. Other- quoted domain part of the address. Other-
wise, the query is suppressed and returns no wise, the query is suppressed and returns no
results. results.
<b>%[SUD]</b> The upper-case equivalents of the above <b>%[SUD]</b> The upper-case equivalents of the above
expansions behave in the <b>query</b> parameter expansions behave in the <b>query</b> parameter
identically to their lower-case counter- identically to their lower-case counter-
parts. With the <b>result_format</b> parameter parts. With the <b>result_format</b> parameter
(see below), they expand the input key (see below), they expand the input key
rather than the result value. rather than the result value.
<b>%[1-9]</b> The patterns %1, %2, ... %9 are replaced by <b>%[1-9]</b> The patterns %1, %2, ... %9 are replaced by
the corresponding most significant component the corresponding most significant component
of the input key's domain. If the input key of the input key's domain. If the input key
is <i>user@mail.example.com</i>, then %1 is <b>com</b>, %2 is <i>user@mail.example.com</i>, then %1 is <b>com</b>, %2
is <b>example</b> and %3 is <b>mail</b>. If the input key is <b>example</b> and %3 is <b>mail</b>. If the input key
is unqualified or does not have enough is unqualified or does not have enough
domain components to satisfy all the speci- domain components to satisfy all the speci-
fied patterns, the query is suppressed and fied patterns, the query is suppressed and
returns no results. returns no results.
The <b>domain</b> parameter described below limits the The <b>domain</b> parameter described below limits the
input keys to addresses in matching domains. When input keys to addresses in matching domains. When
the <b>domain</b> parameter is non-empty, SQL queries for the <b>domain</b> parameter is non-empty, SQL queries for
unqualified addresses or addresses in non-matching unqualified addresses or addresses in non-matching
domains are suppressed and return no results. domains are suppressed and return no results.
This parameter is available with Postfix 2.2. In This parameter is available with Postfix 2.2. In
prior releases the SQL query was built from the prior releases the SQL query was built from the
separate parameters: <b>select_field</b>, <b>table</b>, separate parameters: <b>select_field</b>, <b>table</b>,
<b>where_field</b> and <b>additional_conditions</b>. The mapping <b>where_field</b> and <b>additional_conditions</b>. The mapping
from the old parameters to the equivalent query is: from the old parameters to the equivalent query is:
SELECT [<b>select_field</b>] SELECT [<b>select_field</b>]
@@ -176,72 +175,71 @@ MYSQL_TABLE(5) MYSQL_TABLE(5)
The '%s' in the <b>WHERE</b> clause expands to the escaped The '%s' in the <b>WHERE</b> clause expands to the escaped
search string. With Postfix 2.2 these legacy search string. With Postfix 2.2 these legacy
parameters are used if the <b>query</b> parameter is not parameters are used if the <b>query</b> parameter is not
specified. specified.
NOTE: DO NOT put quotes around the query parameter. NOTE: DO NOT put quotes around the query parameter.
<b>result_format (default: %s</b>) <b>result_format (default: %s</b>)
Format template applied to result attributes. Most Format template applied to result attributes. Most
commonly used to append (or prepend) text to the commonly used to append (or prepend) text to the
result. This parameter supports the following '%' result. This parameter supports the following '%'
expansions: expansions:
<b>%%</b> This is replaced by a literal '%' character. <b>%%</b> This is replaced by a literal '%' character.
<b>%s</b> This is replaced by the value of the result <b>%s</b> This is replaced by the value of the result
attribute. When result is empty it is attribute. When result is empty it is
skipped. skipped.
<b>%u</b> When the result attribute value is an <b>%u</b> When the result attribute value is an
address of the form user@domain, <b>%u</b> is address of the form user@domain, <b>%u</b> is
replaced by the local part of the address. replaced by the local part of the address.
When the result has an empty localpart it is When the result has an empty localpart it is
skipped. skipped.
<b>%d</b> When a result attribute value is an address <b>%d</b> When a result attribute value is an address
of the form user@domain, <b>%d</b> is replaced by of the form user@domain, <b>%d</b> is replaced by
the domain part of the attribute value. When the domain part of the attribute value. When
the result is unqualified it is skipped. the result is unqualified it is skipped.
<b>%[SUD1-9]</b> <b>%[SUD1-9]</b>
The upper-case and decimal digit expansions The upper-case and decimal digit expansions
interpolate the parts of the input key interpolate the parts of the input key
rather than the result. Their behavior is rather than the result. Their behavior is
identical to that described with <b>query</b>, and identical to that described with <b>query</b>, and
in fact because the input key is known in in fact because the input key is known in
advance, queries whose key does not contain advance, queries whose key does not contain
all the information specified in the result all the information specified in the result
template are suppressed and return no template are suppressed and return no
results. results.
For example, using "result_format = <a href="smtp.8.html">smtp</a>:[%s]" For example, using "result_format = <a href="smtp.8.html">smtp</a>:[%s]"
allows one to use a mailHost attribute as the basis allows one to use a mailHost attribute as the basis
of a <a href="transport.5.html">transport(5)</a> table. After applying the result of a <a href="transport.5.html">transport(5)</a> table. After applying the result
format, multiple values are concatenated as comma format, multiple values are concatenated as comma
separated strings. The expansion_limit and parame- separated strings. The expansion_limit and parame-
ter explained below allows one to restrict the num- ter explained below allows one to restrict the num-
ber of values in the result, which is especially ber of values in the result, which is especially
useful for maps that must return at most one value. useful for maps that must return at most one value.
The default value <b>%s</b> specifies that each result The default value <b>%s</b> specifies that each result
value should be used as is. value should be used as is.
This parameter is available with Postfix 2.2 and This parameter is available with Postfix 2.2 and
later. later.
NOTE: DO NOT put quotes around the result format! NOTE: DO NOT put quotes around the result format!
<b>domain (default: no domain list)</b> <b>domain (default: no domain list)</b>
This is a list of domain names, paths to files, or This is a list of domain names, paths to files, or
dictionaries. When specified, only fully qualified dictionaries. When specified, only fully qualified
search keys with a *non-empty* localpart and a search keys with a *non-empty* localpart and a
matching domain are eligible for lookup: 'user' matching domain are eligible for lookup: 'user'
lookups, bare domain lookups and "@domain" lookups lookups, bare domain lookups and "@domain" lookups
are not performed. This can significantly reduce are not performed. This can significantly reduce
the query load on the MySQL server. the query load on the MySQL server.
domain = postfix.org, hash:/etc/postfix/search- domain = postfix.org, hash:/etc/postfix/searchdomains
domains
It is best not to use SQL to store the domains eli- It is best not to use SQL to store the domains eli-
gible for SQL lookups. gible for SQL lookups.

2
postfix/html/nisplus_table.5.html
View File

@@ -55,7 +55,7 @@ NISPLUS_TABLE(5) NISPLUS_TABLE(5)
A NIS+ aliases map might be queried as follows: A NIS+ aliases map might be queried as follows:
<a href="postconf.5.html#alias_maps">alias_maps</a> = dbm:/etc/mail/aliases, <a href="postconf.5.html#alias_maps">alias_maps</a> = dbm:/etc/mail/aliases,
<a href="nisplus_table.5.html">nisplus</a>:[alias=%s];mail_aliases.org_dir.$<a href="postconf.5.html#mydomain">mydomain</a>.:1 <a href="nisplus_table.5.html">nisplus</a>:[alias=%s];mail_aliases.org_dir.$<a href="postconf.5.html#mydomain">mydomain</a>.:1
This queries the local aliases file before the NIS+ file. This queries the local aliases file before the NIS+ file.

4
postfix/html/pcre_table.5.html
View File

@@ -16,8 +16,8 @@ PCRE_TABLE(5) PCRE_TABLE(5)
<b>DESCRIPTION</b> <b>DESCRIPTION</b>
The Postfix mail system uses optional tables for address The Postfix mail system uses optional tables for address
rewriting or mail routing. These tables are usually in <b>dbm</b> rewriting, mail routing, or access control. These tables
or <b>db</b> format. are usually in <b>dbm</b> or <b>db</b> format.
Alternatively, lookup tables can be specified in Perl Com- Alternatively, lookup tables can be specified in Perl Com-
patible Regular Expression form. In this case, each input patible Regular Expression form. In this case, each input

122
postfix/html/pgsql_table.5.html
View File

@@ -21,27 +21,27 @@ PGSQL_TABLE(5) PGSQL_TABLE(5)
Alternatively, lookup tables can be specified as Post- Alternatively, lookup tables can be specified as Post-
greSQL databases. In order to use PostgreSQL lookups, greSQL databases. In order to use PostgreSQL lookups,
define a PostgreSQL source as a lookup table in main.cf, define a PostgreSQL source as a lookup table in <a href="postconf.5.html">main.cf</a>,
for example: for example:
<a href="postconf.5.html#alias_maps">alias_maps</a> = <a href="pgsql_table.5.html">pgsql</a>:/etc/pgsql-aliases.cf <a href="postconf.5.html#alias_maps">alias_maps</a> = <a href="pgsql_table.5.html">pgsql</a>:/etc/pgsql-aliases.cf
The file /etc/postfix/pgsql-aliases.cf has the same format The file /etc/postfix/pgsql-aliases.cf has the same format
as the Postfix main.cf file, and can specify the parame- as the Postfix <a href="postconf.5.html">main.cf</a> file, and can specify the parame-
ters described below. ters described below.
<b>BACKWARDS COMPATIBILITY</b> <b>BACKWARDS COMPATIBILITY</b>
For compatibility with other Postfix lookup tables, Post- For compatibility with other Postfix lookup tables, Post-
greSQL parameters can also be defined in main.cf. In greSQL parameters can also be defined in <a href="postconf.5.html">main.cf</a>. In
order to do that, specify as PostgreSQL source a name that order to do that, specify as PostgreSQL source a name that
doesn't begin with a slash or a dot. The PostgreSQL doesn't begin with a slash or a dot. The PostgreSQL
parameters will then be accessible as the name you've parameters will then be accessible as the name you've
given the source in its definition, an underscore, and the given the source in its definition, an underscore, and the
name of the parameter. For example, if the map is speci- name of the parameter. For example, if the map is speci-
fied as "<a href="pgsql_table.5.html">pgsql</a>:<i>pgsqlname</i>", the parameter "hosts" below fied as "<a href="pgsql_table.5.html">pgsql</a>:<i>pgsqlname</i>", the parameter "hosts" below
would be defined in main.cf as "<i>pgsqlname</i>_hosts". would be defined in <a href="postconf.5.html">main.cf</a> as "<i>pgsqlname</i>_hosts".
Note: with this form, the passwords for the PostgreSQL Note: with this form, the passwords for the PostgreSQL
sources are written in main.cf, which is normally world- sources are written in <a href="postconf.5.html">main.cf</a>, which is normally world-
readable. Support for this form will be removed in a readable. Support for this form will be removed in a
future Postfix version. future Postfix version.
@@ -121,132 +121,130 @@ PGSQL_TABLE(5) PGSQL_TABLE(5)
<b>query</b> The SQL query template used to search the database, <b>query</b> The SQL query template used to search the database,
where <b>%s</b> is a substitute for the address Postfix is where <b>%s</b> is a substitute for the address Postfix is
trying to resolve, e.g. trying to resolve, e.g.
query = SELECT replacement FROM aliases WHERE query = SELECT replacement FROM aliases WHERE mailbox = '%s'
mailbox = '%s'
This parameter supports the following '%' expan- This parameter supports the following '%' expan-
sions: sions:
<b>%%</b> This is replaced by a literal '%' character. <b>%%</b> This is replaced by a literal '%' character.
(Postfix 2.2 and later) (Postfix 2.2 and later)
<b>%s</b> This is replaced by the input key. SQL <b>%s</b> This is replaced by the input key. SQL
quoting is used to make sure that the input quoting is used to make sure that the input
key does not add unexpected metacharacters. key does not add unexpected metacharacters.
<b>%u</b> When the input key is an address of the form <b>%u</b> When the input key is an address of the form
user@domain, <b>%u</b> is replaced by the SQL user@domain, <b>%u</b> is replaced by the SQL
quoted local part of the address. Other- quoted local part of the address. Other-
wise, <b>%u</b> is replaced by the entire search wise, <b>%u</b> is replaced by the entire search
string. If the localpart is empty, the string. If the localpart is empty, the
query is suppressed and returns no results. query is suppressed and returns no results.
<b>%d</b> When the input key is an address of the form <b>%d</b> When the input key is an address of the form
user@domain, <b>%d</b> is replaced by the SQL user@domain, <b>%d</b> is replaced by the SQL
quoted domain part of the address. Other- quoted domain part of the address. Other-
wise, the query is suppressed and returns no wise, the query is suppressed and returns no
results. results.
<b>%[SUD]</b> The upper-case equivalents of the above <b>%[SUD]</b> The upper-case equivalents of the above
expansions behave in the <b>query</b> parameter expansions behave in the <b>query</b> parameter
identically to their lower-case counter- identically to their lower-case counter-
parts. With the <b>result_format</b> parameter parts. With the <b>result_format</b> parameter
(see below), they expand the input key (see below), they expand the input key
rather than the result value. rather than the result value.
The above %S, %U and %D expansions are The above %S, %U and %D expansions are
available with Postfix 2.2 and later available with Postfix 2.2 and later
<b>%[1-9]</b> The patterns %1, %2, ... %9 are replaced by <b>%[1-9]</b> The patterns %1, %2, ... %9 are replaced by
the corresponding most significant component the corresponding most significant component
of the input key's domain. If the input key of the input key's domain. If the input key
is <i>user@mail.example.com</i>, then %1 is <b>com</b>, %2 is <i>user@mail.example.com</i>, then %1 is <b>com</b>, %2
is <b>example</b> and %3 is <b>mail</b>. If the input key is <b>example</b> and %3 is <b>mail</b>. If the input key
is unqualified or does not have enough is unqualified or does not have enough
domain components to satisfy all the speci- domain components to satisfy all the speci-
fied patterns, the query is suppressed and fied patterns, the query is suppressed and
returns no results. returns no results.
The above %1, ... %9 expansions are avail- The above %1, ... %9 expansions are avail-
able with Postfix 2.2 and later able with Postfix 2.2 and later
The <b>domain</b> parameter described below limits the The <b>domain</b> parameter described below limits the
input keys to addresses in matching domains. When input keys to addresses in matching domains. When
the <b>domain</b> parameter is non-empty, SQL queries for the <b>domain</b> parameter is non-empty, SQL queries for
unqualified addresses or addresses in non-matching unqualified addresses or addresses in non-matching
domains are suppressed and return no results. domains are suppressed and return no results.
The precedence of this parameter has changed with The precedence of this parameter has changed with
Postfix 2.2, in prior releases the precedence was, Postfix 2.2, in prior releases the precedence was,
from highest to lowest, <b>select_function</b>, <b>query</b>, from highest to lowest, <b>select_function</b>, <b>query</b>,
<b>select_field</b>, ... <b>select_field</b>, ...
With Postfix 2.2 the <b>query</b> parameter has highest With Postfix 2.2 the <b>query</b> parameter has highest
precedence, see COMPATIBILITY above. precedence, see COMPATIBILITY above.
NOTE: DO NOT put quotes around the <b>query</b> parameter. NOTE: DO NOT put quotes around the <b>query</b> parameter.
<b>result_format (default: %s</b>) <b>result_format (default: %s</b>)
Format template applied to result attributes. Most Format template applied to result attributes. Most
commonly used to append (or prepend) text to the commonly used to append (or prepend) text to the
result. This parameter supports the following '%' result. This parameter supports the following '%'
expansions: expansions:
<b>%%</b> This is replaced by a literal '%' character. <b>%%</b> This is replaced by a literal '%' character.
<b>%s</b> This is replaced by the value of the result <b>%s</b> This is replaced by the value of the result
attribute. When result is empty it is attribute. When result is empty it is
skipped. skipped.
<b>%u</b> When the result attribute value is an <b>%u</b> When the result attribute value is an
address of the form user@domain, <b>%u</b> is address of the form user@domain, <b>%u</b> is
replaced by the local part of the address. replaced by the local part of the address.
When the result has an empty localpart it is When the result has an empty localpart it is
skipped. skipped.
<b>%d</b> When a result attribute value is an address <b>%d</b> When a result attribute value is an address
of the form user@domain, <b>%d</b> is replaced by of the form user@domain, <b>%d</b> is replaced by
the domain part of the attribute value. When the domain part of the attribute value. When
the result is unqualified it is skipped. the result is unqualified it is skipped.
<b>%[SUD1-9]</b> <b>%[SUD1-9]</b>
The upper-case and decimal digit expansions The upper-case and decimal digit expansions
interpolate the parts of the input key interpolate the parts of the input key
rather than the result. Their behavior is rather than the result. Their behavior is
identical to that described with <b>query</b>, and identical to that described with <b>query</b>, and
in fact because the input key is known in in fact because the input key is known in
advance, queries whose key does not contain advance, queries whose key does not contain
all the information specified in the result all the information specified in the result
template are suppressed and return no template are suppressed and return no
results. results.
For example, using "result_format = <a href="smtp.8.html">smtp</a>:[%s]" For example, using "result_format = <a href="smtp.8.html">smtp</a>:[%s]"
allows one to use a mailHost attribute as the basis allows one to use a mailHost attribute as the basis
of a <a href="transport.5.html">transport(5)</a> table. After applying the result of a <a href="transport.5.html">transport(5)</a> table. After applying the result
format, multiple values are concatenated as comma format, multiple values are concatenated as comma
separated strings. The expansion_limit and parame- separated strings. The expansion_limit and parame-
ter explained below allows one to restrict the num- ter explained below allows one to restrict the num-
ber of values in the result, which is especially ber of values in the result, which is especially
useful for maps that must return at most one value. useful for maps that must return at most one value.
The default value <b>%s</b> specifies that each result The default value <b>%s</b> specifies that each result
value should be used as is. value should be used as is.
This parameter is available with Postfix 2.2 and This parameter is available with Postfix 2.2 and
later. later.
NOTE: DO NOT put quotes around the result format! NOTE: DO NOT put quotes around the result format!
<b>domain (default: no domain list)</b> <b>domain (default: no domain list)</b>
This is a list of domain names, paths to files, or This is a list of domain names, paths to files, or
dictionaries. When specified, only fully qualified dictionaries. When specified, only fully qualified
search keys with a *non-empty* localpart and a search keys with a *non-empty* localpart and a
matching domain are eligible for lookup: 'user' matching domain are eligible for lookup: 'user'
lookups, bare domain lookups and "@domain" lookups lookups, bare domain lookups and "@domain" lookups
are not performed. This can significantly reduce are not performed. This can significantly reduce
the query load on the PostgreSQL server. the query load on the PostgreSQL server.
domain = postfix.org, hash:/etc/postfix/search- domain = postfix.org, hash:/etc/postfix/searchdomains
domains
It is best not to use SQL to store the domains eli- It is best not to use SQL to store the domains eli-
gible for SQL lookups. gible for SQL lookups.

4
postfix/html/pipe.8.html
View File

@@ -278,8 +278,8 @@ PIPE(8) PIPE(8)
<b>${sasl_sender</b>} <b>${sasl_sender</b>}
This macro expands to the SASL sender name This macro expands to the SASL sender name
(i.e. the original submitter as per RFC (i.e. the original submitter as per <a href="http://www.faqs.org/rfcs/rfc2554.html">RFC</a>
2554) used during the reception of the mes- <a href="http://www.faqs.org/rfcs/rfc2554.html">2554</a>) used during the reception of the mes-
sage. sage.
This is available in Postfix 2.2 and later. This is available in Postfix 2.2 and later.

149
postfix/html/postsuper.1.html
View File

@@ -45,157 +45,156 @@ POSTSUPER(1) POSTSUPER(1)
delete all mail with exactly one recipient delete all mail with exactly one recipient
<b>user@example.com</b>: <b>user@example.com</b>:
mailq | tail +2 | grep -v '^ *(' | awk 'BEGIN { RS mailq | tail +2 | grep -v '^ *(' | awk 'BEGIN { RS = "" }
= "" }
# $7=sender, $8=recipient1, $9=recipient2 # $7=sender, $8=recipient1, $9=recipient2
{ if ($8 == "user@example.com" &amp;&amp; $9 == "") { if ($8 == "user@example.com" &amp;&amp; $9 == "")
print $1 } print $1 }
' | tr -d '*!' | postsuper -d - ' | tr -d '*!' | postsuper -d -
Specify "<b>-d ALL</b>" to remove all messages; for exam- Specify "<b>-d ALL</b>" to remove all messages; for exam-
ple, specify "<b>-d ALL deferred</b>" to delete all mail ple, specify "<b>-d ALL deferred</b>" to delete all mail
in the <b>deferred</b> queue. As a safety measure, the in the <b>deferred</b> queue. As a safety measure, the
word <b>ALL</b> must be specified in upper case. word <b>ALL</b> must be specified in upper case.
Warning: Postfix queue IDs are reused. There is a Warning: Postfix queue IDs are reused. There is a
very small possibility that postsuper deletes the very small possibility that postsuper deletes the
wrong message file when it is executed while the wrong message file when it is executed while the
Postfix mail system is delivering mail. Postfix mail system is delivering mail.
The scenario is as follows: The scenario is as follows:
1) The Postfix queue manager deletes the mes- 1) The Postfix queue manager deletes the mes-
sage that <a href="postsuper.1.html"><b>postsuper</b>(1)</a> is asked to delete, sage that <a href="postsuper.1.html"><b>postsuper</b>(1)</a> is asked to delete,
because Postfix is finished with the message because Postfix is finished with the message
(it is delivered, or it is returned to the (it is delivered, or it is returned to the
sender). sender).
2) New mail arrives, and the new message is 2) New mail arrives, and the new message is
given the same queue ID as the message that given the same queue ID as the message that
<a href="postsuper.1.html"><b>postsuper</b>(1)</a> is supposed to delete. The <a href="postsuper.1.html"><b>postsuper</b>(1)</a> is supposed to delete. The
probability for reusing a deleted queue ID probability for reusing a deleted queue ID
is about 1 in 2**15 (the number of different is about 1 in 2**15 (the number of different
microsecond values that the system clock can microsecond values that the system clock can
distinguish within a second). distinguish within a second).
3) <a href="postsuper.1.html"><b>postsuper</b>(1)</a> deletes the new message, 3) <a href="postsuper.1.html"><b>postsuper</b>(1)</a> deletes the new message,
instead of the old message that it should instead of the old message that it should
have deleted. have deleted.
<b>-h</b> <i>queue</i><b>_</b><i>id</i> <b>-h</b> <i>queue</i><b>_</b><i>id</i>
Put mail "on hold" so that no attempt is made to Put mail "on hold" so that no attempt is made to
deliver it. Move one message with the named queue deliver it. Move one message with the named queue
ID from the named mail queue(s) (default: <b>incoming</b>, ID from the named mail queue(s) (default: <b>incoming</b>,
<b>active</b> and <b>deferred</b>) to the <b>hold</b> queue. <b>active</b> and <b>deferred</b>) to the <b>hold</b> queue.
If a <i>queue</i><b>_</b><i>id</i> of <b>-</b> is specified, the program reads If a <i>queue</i><b>_</b><i>id</i> of <b>-</b> is specified, the program reads
queue IDs from standard input. queue IDs from standard input.
Specify "<b>-h ALL</b>" to hold all messages; for example, Specify "<b>-h ALL</b>" to hold all messages; for example,
specify "<b>-h ALL deferred</b>" to hold all mail in the specify "<b>-h ALL deferred</b>" to hold all mail in the
<b>deferred</b> queue. As a safety measure, the word <b>ALL</b> <b>deferred</b> queue. As a safety measure, the word <b>ALL</b>
must be specified in upper case. must be specified in upper case.
Note: while mail is "on hold" it will not expire Note: while mail is "on hold" it will not expire
when its time in the queue exceeds the <b><a href="postconf.5.html#maximal_queue_lifetime">maxi</a>-</b> when its time in the queue exceeds the <b><a href="postconf.5.html#maximal_queue_lifetime">maxi</a>-</b>
<b><a href="postconf.5.html#maximal_queue_lifetime">mal_queue_lifetime</a></b> or <b><a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a></b> set- <b><a href="postconf.5.html#maximal_queue_lifetime">mal_queue_lifetime</a></b> or <b><a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a></b> set-
ting. It becomes subject to expiration after it is ting. It becomes subject to expiration after it is
released from "hold". released from "hold".
<b>-H</b> <i>queue</i><b>_</b><i>id</i> <b>-H</b> <i>queue</i><b>_</b><i>id</i>
Release mail that was put "on hold". Move one mes- Release mail that was put "on hold". Move one mes-
sage with the named queue ID from the named mail sage with the named queue ID from the named mail
queue(s) (default: <b>hold</b>) to the <b>deferred</b> queue. queue(s) (default: <b>hold</b>) to the <b>deferred</b> queue.
If a <i>queue</i><b>_</b><i>id</i> of <b>-</b> is specified, the program reads If a <i>queue</i><b>_</b><i>id</i> of <b>-</b> is specified, the program reads
queue IDs from standard input. queue IDs from standard input.
Note: specify "<b>postsuper -r</b>" to release mail that Note: specify "<b>postsuper -r</b>" to release mail that
was kept on hold for a significant fraction of was kept on hold for a significant fraction of
<b>$<a href="postconf.5.html#maximal_queue_lifetime">maximal_queue_lifetime</a></b> or <b>$<a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a></b>, <b>$<a href="postconf.5.html#maximal_queue_lifetime">maximal_queue_lifetime</a></b> or <b>$<a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a></b>,
or longer. or longer.
Specify "<b>-H ALL</b>" to release all mail that is "on Specify "<b>-H ALL</b>" to release all mail that is "on
hold". As a safety measure, the word <b>ALL</b> must be hold". As a safety measure, the word <b>ALL</b> must be
specified in upper case. specified in upper case.
<b>-p</b> Purge old temporary files that are left over after <b>-p</b> Purge old temporary files that are left over after
system or software crashes. system or software crashes.
<b>-r</b> <i>queue</i><b>_</b><i>id</i> <b>-r</b> <i>queue</i><b>_</b><i>id</i>
Requeue the message with the named queue ID from Requeue the message with the named queue ID from
the named mail queue(s) (default: <b>hold</b>, <b>incoming</b>, the named mail queue(s) (default: <b>hold</b>, <b>incoming</b>,
<b>active</b> and <b>deferred</b>). To requeue multiple mes- <b>active</b> and <b>deferred</b>). To requeue multiple mes-
sages, specify multiple <b>-r</b> command-line options. sages, specify multiple <b>-r</b> command-line options.
Alternatively, if a <i>queue</i><b>_</b><i>id</i> of <b>-</b> is specified, the Alternatively, if a <i>queue</i><b>_</b><i>id</i> of <b>-</b> is specified, the
program reads queue IDs from standard input. program reads queue IDs from standard input.
Specify "<b>-r ALL</b>" to requeue all messages. As a Specify "<b>-r ALL</b>" to requeue all messages. As a
safety measure, the word <b>ALL</b> must be specified in safety measure, the word <b>ALL</b> must be specified in
upper case. upper case.
A requeued message is moved to the <b>maildrop</b> queue, A requeued message is moved to the <b>maildrop</b> queue,
from where it is copied by the <a href="pickup.8.html"><b>pickup</b>(8)</a> and from where it is copied by the <a href="pickup.8.html"><b>pickup</b>(8)</a> and
<a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemons to a new queue file. In many <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemons to a new queue file. In many
respects its handling differs from that of a new respects its handling differs from that of a new
local submission. local submission.
<b>o</b> The message is not subjected to the <b>o</b> The message is not subjected to the
<a href="postconf.5.html#smtpd_milters">smtpd_milters</a> or <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a> settings. <a href="postconf.5.html#smtpd_milters">smtpd_milters</a> or <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a> settings.
When mail has passed through an external When mail has passed through an external
content filter, this would produce incorrect content filter, this would produce incorrect
results with Milter applications that depend results with Milter applications that depend
on original SMTP connection state informa- on original SMTP connection state informa-
tion. tion.
<b>o</b> The message is subjected again to mail <b>o</b> The message is subjected again to mail
address rewriting and substitution. This is address rewriting and substitution. This is
useful when rewriting rules or virtual map- useful when rewriting rules or virtual map-
pings have changed. pings have changed.
The address rewriting context (local or The address rewriting context (local or
remote) is the same as when the message was remote) is the same as when the message was
received. received.
<b>o</b> The message is subjected to the same <a href="postconf.5.html#content_filter">con</a>- <b>o</b> The message is subjected to the same <a href="postconf.5.html#content_filter">con</a>-
<a href="postconf.5.html#content_filter">tent_filter</a> settings (if any) as used for <a href="postconf.5.html#content_filter">tent_filter</a> settings (if any) as used for
new local mail submissions. This is useful new local mail submissions. This is useful
when <a href="postconf.5.html#content_filter">content_filter</a> settings have changed. when <a href="postconf.5.html#content_filter">content_filter</a> settings have changed.
Warning: Postfix queue IDs are reused. There is a Warning: Postfix queue IDs are reused. There is a
very small possibility that <a href="postsuper.1.html"><b>postsuper</b>(1)</a> requeues very small possibility that <a href="postsuper.1.html"><b>postsuper</b>(1)</a> requeues
the wrong message file when it is executed while the wrong message file when it is executed while
the Postfix mail system is running, but no harm the Postfix mail system is running, but no harm
should be done. should be done.
<b>-s</b> Structure check and structure repair. This should <b>-s</b> Structure check and structure repair. This should
be done once before Postfix startup. be done once before Postfix startup.
<b>o</b> Rename files whose name does not match the <b>o</b> Rename files whose name does not match the
message file inode number. This operation is message file inode number. This operation is
necessary after restoring a mail queue from necessary after restoring a mail queue from
a different machine, or from backup media. a different machine, or from backup media.
<b>o</b> Move queue files that are in the wrong place <b>o</b> Move queue files that are in the wrong place
in the file system hierarchy and remove sub- in the file system hierarchy and remove sub-
directories that are no longer needed. File directories that are no longer needed. File
position rearrangements are necessary after position rearrangements are necessary after
a change in the <b><a href="postconf.5.html#hash_queue_names">hash_queue_names</a></b> and/or a change in the <b><a href="postconf.5.html#hash_queue_names">hash_queue_names</a></b> and/or
<b><a href="postconf.5.html#hash_queue_depth">hash_queue_depth</a></b> configuration parameters. <b><a href="postconf.5.html#hash_queue_depth">hash_queue_depth</a></b> configuration parameters.
<b>-v</b> Enable verbose logging for debugging purposes. Mul- <b>-v</b> Enable verbose logging for debugging purposes. Mul-
tiple <b>-v</b> options make the software increasingly tiple <b>-v</b> options make the software increasingly
verbose. verbose.
<b>DIAGNOSTICS</b> <b>DIAGNOSTICS</b>
Problems are reported to the standard error stream and to Problems are reported to the standard error stream and to
<b>syslogd</b>(8). <b>syslogd</b>(8).
<a href="postsuper.1.html"><b>postsuper</b>(1)</a> reports the number of messages deleted with <a href="postsuper.1.html"><b>postsuper</b>(1)</a> reports the number of messages deleted with
<b>-d</b>, the number of messages requeued with <b>-r</b>, and the num- <b>-d</b>, the number of messages requeued with <b>-r</b>, and the num-
ber of messages whose queue file name was fixed with <b>-s</b>. ber of messages whose queue file name was fixed with <b>-s</b>.
The report is written to the standard error stream and to The report is written to the standard error stream and to
<b>syslogd</b>(8). <b>syslogd</b>(8).
<b>ENVIRONMENT</b> <b>ENVIRONMENT</b>
@@ -203,37 +202,37 @@ POSTSUPER(1) POSTSUPER(1)
Directory with the <a href="postconf.5.html"><b>main.cf</b></a> file. Directory with the <a href="postconf.5.html"><b>main.cf</b></a> file.
<b>BUGS</b> <b>BUGS</b>
Mail that is not sanitized by Postfix (i.e. mail in the Mail that is not sanitized by Postfix (i.e. mail in the
<b>maildrop</b> queue) cannot be placed "on hold". <b>maildrop</b> queue) cannot be placed "on hold".
<b>CONFIGURATION PARAMETERS</b> <b>CONFIGURATION PARAMETERS</b>
The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant
to this program. The text below provides only a parameter to this program. The text below provides only a parameter
summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including exam- summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including exam-
ples. ples.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b> <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
<a href="master.5.html">master.cf</a> configuration files. <a href="master.5.html">master.cf</a> configuration files.
<b><a href="postconf.5.html#hash_queue_depth">hash_queue_depth</a> (1)</b> <b><a href="postconf.5.html#hash_queue_depth">hash_queue_depth</a> (1)</b>
The number of subdirectory levels for queue direc- The number of subdirectory levels for queue direc-
tories listed with the <a href="postconf.5.html#hash_queue_names">hash_queue_names</a> parameter. tories listed with the <a href="postconf.5.html#hash_queue_names">hash_queue_names</a> parameter.
<b><a href="postconf.5.html#hash_queue_names">hash_queue_names</a> (deferred, defer)</b> <b><a href="postconf.5.html#hash_queue_names">hash_queue_names</a> (deferred, defer)</b>
The names of queue directories that are split The names of queue directories that are split
across multiple subdirectory levels. across multiple subdirectory levels.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b> <b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
The location of the Postfix top-level queue direc- The location of the Postfix top-level queue direc-
tory. tory.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b> <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging. The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b> <b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
The mail system name that is prepended to the The mail system name that is prepended to the
process name in syslog records, so that "smtpd" process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd". becomes, for example, "postfix/smtpd".
<b>SEE ALSO</b> <b>SEE ALSO</b>
@@ -241,7 +240,7 @@ POSTSUPER(1) POSTSUPER(1)
<a href="postqueue.1.html">postqueue(1)</a>, unprivileged queue operations <a href="postqueue.1.html">postqueue(1)</a>, unprivileged queue operations
<b>LICENSE</b> <b>LICENSE</b>
The Secure Mailer license must be distributed with this The Secure Mailer license must be distributed with this
software. software.
<b>AUTHOR(S)</b> <b>AUTHOR(S)</b>

4
postfix/html/regexp_table.5.html
View File

@@ -16,8 +16,8 @@ REGEXP_TABLE(5) REGEXP_TABLE(5)
<b>DESCRIPTION</b> <b>DESCRIPTION</b>
The Postfix mail system uses optional tables for address The Postfix mail system uses optional tables for address
rewriting or mail routing. These tables are usually in <b>dbm</b> rewriting, mail routing, or access control. These tables
or <b>db</b> format. are usually in <b>dbm</b> or <b>db</b> format.
Alternatively, lookup tables can be specified in POSIX Alternatively, lookup tables can be specified in POSIX
regular expression form. In this case, each input is com- regular expression form. In this case, each input is com-

2
postfix/html/relocated.5.html
View File

@@ -47,7 +47,9 @@ RELOCATED(5) RELOCATED(5)
The input format for the <a href="postmap.1.html"><b>postmap</b>(1)</a> command is as follows: The input format for the <a href="postmap.1.html"><b>postmap</b>(1)</a> command is as follows:
<b>o</b> An entry has one of the following form: <b>o</b> An entry has one of the following form:
<i>pattern new</i><b>_</b><i>location</i> <i>pattern new</i><b>_</b><i>location</i>
Where <i>new</i><b>_</b><i>location</i> specifies contact information Where <i>new</i><b>_</b><i>location</i> specifies contact information
such as an email address, or perhaps a street such as an email address, or perhaps a street
address or telephone number. address or telephone number.

36
postfix/html/transport.5.html
View File

@@ -19,8 +19,10 @@ TRANSPORT(5) TRANSPORT(5)
<b>DESCRIPTION</b> <b>DESCRIPTION</b>
The optional <a href="transport.5.html"><b>transport</b>(5)</a> table specifies a mapping from The optional <a href="transport.5.html"><b>transport</b>(5)</a> table specifies a mapping from
email addresses to message delivery transports and next- email addresses to message delivery transports and next-
hop hosts. The table is searched by the <a href="trivial-rewrite.8.html"><b>trivial-rewrite</b>(8)</a> hop destinations. Message delivery transports such as
daemon. <b>local</b> or <b>smtp</b> are defined in the <a href="master.5.html"><b>master.cf</b></a> file, and next-
hop destinations are typically hosts or domain names. The
table is searched by the <a href="trivial-rewrite.8.html"><b>trivial-rewrite</b>(8)</a> daemon.
This mapping overrides the default <i>transport</i>:<i>nexthop</i> This mapping overrides the default <i>transport</i>:<i>nexthop</i>
selection that is built into Postfix: selection that is built into Postfix:
@@ -172,7 +174,7 @@ TRANSPORT(5) TRANSPORT(5)
<b>my.domain :</b> <b>my.domain :</b>
<b>.my.domain :</b> <b>.my.domain :</b>
<b>* <a href="smtp.8.html">smtp</a>:outbound-relay.my.domain</b> <b>* <a href="smtp.8.html">smtp</a>:outbound-relay.my.domain</b>
In order to send mail for <b>example.com</b> and its subdomains In order to send mail for <b>example.com</b> and its subdomains
via the <b>uucp</b> transport to the UUCP host named <b>example</b>: via the <b>uucp</b> transport to the UUCP host named <b>example</b>:
@@ -213,30 +215,30 @@ TRANSPORT(5) TRANSPORT(5)
The error mailer can be used to bounce mail: The error mailer can be used to bounce mail:
<b>.example.com <a href="error.8.html">error</a>:mail for *.example.com is not</b> <b>.example.com <a href="error.8.html">error</a>:mail for *.example.com is not deliverable</b>
<b>deliverable</b>
This causes all mail for <i>user</i>@<i>anything</i><b>.example.com</b> to be This causes all mail for <i>user</i>@<i>anything</i><b>.example.com</b> to be
bounced. bounced.
<b>REGULAR EXPRESSION TABLES</b> <b>REGULAR EXPRESSION TABLES</b>
This section describes how the table lookups change when This section describes how the table lookups change when
the table is given in the form of regular expressions. For the table is given in the form of regular expressions. For
a description of regular expression lookup table syntax, a description of regular expression lookup table syntax,
see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>. see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
Each pattern is a regular expression that is applied to Each pattern is a regular expression that is applied to
the entire address being looked up. Thus, the entire address being looked up. Thus,
<i>some.domain.hierarchy</i> is not looked up via its parent <i>some.domain.hierarchy</i> is not looked up via its parent
domains, nor is <i>user+foo@domain</i> looked up as <i>user@domain</i>. domains, nor is <i>user+foo@domain</i> looked up as <i>user@domain</i>.
Patterns are applied in the order as specified in the ta- Patterns are applied in the order as specified in the ta-
ble, until a pattern is found that matches the search ble, until a pattern is found that matches the search
string. string.
Results are the same as with indexed file lookups, with The <a href="trivial-rewrite.8.html"><b>trivial-rewrite</b>(8)</a> server disallows regular expression
the additional feature that parenthesized substrings from substitution of $1 etc. in regular expression lookup
the pattern can be interpolated as <b>$1</b>, <b>$2</b> and so on. tables, because that could open a security hole (Postfix
version 2.3 and later).
<b>TCP-BASED TABLES</b> <b>TCP-BASED TABLES</b>
This section describes how the table lookups change when This section describes how the table lookups change when

20
postfix/html/virtual.5.html
View File

@@ -113,8 +113,10 @@ VIRTUAL(5) VIRTUAL(5)
Postfix SMTP server accepts mail for any recipient Postfix SMTP server accepts mail for any recipient
in <i>domain</i>, regardless of whether that recipient in <i>domain</i>, regardless of whether that recipient
exists. This may turn your mail system into a exists. This may turn your mail system into a
backscatter source that returns undeliverable spam backscatter source: Postfix first accepts mail for
to innocent people. non-existent recipients and then tries to return
that mail as "undeliverable" to the often forged
sender address.
<b>RESULT ADDRESS REWRITING</b> <b>RESULT ADDRESS REWRITING</b>
The lookup result is subject to address rewriting: The lookup result is subject to address rewriting:
@@ -162,15 +164,15 @@ VIRTUAL(5) VIRTUAL(5)
/etc/postfix/<a href="postconf.5.html">main.cf</a>: /etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = hash:/etc/postfix/virtual <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = hash:/etc/postfix/virtual
Note: some systems use <b>dbm</b> databases instead of <b>hash</b>. Note: some systems use <b>dbm</b> databases instead of <b>hash</b>. See
See the output from "<b>postconf -m</b>" for available data- the output from "<b>postconf -m</b>" for available database
base types. types.
/etc/postfix/<a href="virtual.8.html">virtual</a>: /etc/postfix/<a href="virtual.8.html">virtual</a>:
<i>virtual-alias.domain anything</i> (right-hand content does not matter) <i>virtual-alias.domain anything</i> (right-hand content does not matter)
<i>postmaster@virtual-alias.domain postmaster</i> <i>postmaster@virtual-alias.domain postmaster</i>
<i>user1@virtual-alias.domain address1</i> <i>user1@virtual-alias.domain address1</i>
<i>user2@virtual-alias.domain address2, address3</i> <i>user2@virtual-alias.domain address2, address3</i>
The <i>virtual-alias.domain anything</i> entry is required for a The <i>virtual-alias.domain anything</i> entry is required for a
<a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a>. <b>Without this entry, mail is rejected</b> <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a>. <b>Without this entry, mail is rejected</b>

10
postfix/man/man1/postmap.1
View File

@@ -19,8 +19,9 @@ The \fBpostmap\fR(1) command creates or queries one or more Postfix
lookup tables, or updates an existing one. The input and output lookup tables, or updates an existing one. The input and output
file formats are expected to be compatible with: file formats are expected to be compatible with:
.ti +4 .nf
\fBmakemap \fIfile_type\fR \fIfile_name\fR < \fIfile_name\fR \fBmakemap \fIfile_type\fR \fIfile_name\fR < \fIfile_name\fR
.fi
If the result files do not exist they will be created with the If the result files do not exist they will be created with the
same group and other read permissions as their source file. same group and other read permissions as their source file.
@@ -38,8 +39,9 @@ The format of a lookup table input file is as follows:
.IP \(bu .IP \(bu
A table entry has the form A table entry has the form
.sp .sp
.ti +5 .nf
\fIkey\fR whitespace \fIvalue\fR \fIkey\fR whitespace \fIvalue\fR
.fi
.IP \(bu .IP \(bu
Empty lines and whitespace-only lines are ignored, as Empty lines and whitespace-only lines are ignored, as
are lines whose first non-whitespace character is a `#'. are lines whose first non-whitespace character is a `#'.

12
postfix/man/man1/postsuper.1
View File

@@ -42,15 +42,13 @@ If a \fIqueue_id\fR of \fB-\fR is specified, the program reads
queue IDs from standard input. For example, to delete all mail queue IDs from standard input. For example, to delete all mail
with exactly one recipient \fBuser@example.com\fR: with exactly one recipient \fBuser@example.com\fR:
.sp .sp
.nf
mailq | tail +2 | grep -v '^ *(' | awk \'BEGIN { RS = "" } mailq | tail +2 | grep -v '^ *(' | awk \'BEGIN { RS = "" }
.ti +4 # $7=sender, $8=recipient1, $9=recipient2
# $7=sender, $8=recipient1, $9=recipient2 { if ($8 == "user@example.com" && $9 == "")
.ti +4 print $1 }
{ if ($8 == "user@example.com" && $9 == "")
.ti +10
print $1 }
.br
\' | tr -d '*!' | postsuper -d - \' | tr -d '*!' | postsuper -d -
.fi
.sp .sp
Specify "\fB-d ALL\fR" to remove all messages; for example, specify Specify "\fB-d ALL\fR" to remove all messages; for example, specify
"\fB-d ALL deferred\fR" to delete all mail in the \fBdeferred\fR queue. "\fB-d ALL deferred\fR" to delete all mail in the \fBdeferred\fR queue.

17
postfix/man/man5/access.5
View File

@@ -365,20 +365,17 @@ tables, some systems use \fBdbm\fR. Use the command
"\fBpostconf -m\fR" to find out what lookup tables Postfix "\fBpostconf -m\fR" to find out what lookup tables Postfix
supports on your system. supports on your system.
.na
.nf .nf
.na
/etc/postfix/main.cf: /etc/postfix/main.cf:
.in +4 smtpd_client_restrictions =
smtpd_client_restrictions = check_client_access hash:/etc/postfix/access
.in +4
check_client_access hash:/etc/postfix/access
.in -8
/etc/postfix/access: /etc/postfix/access:
.in +4 1.2.3 REJECT
1.2.3 REJECT 1.2.3.4 OK
1.2.3.4 OK .fi
.in -4 .ad
Execute the command "\fBpostmap /etc/postfix/access\fR" after Execute the command "\fBpostmap /etc/postfix/access\fR" after
editing the file. editing the file.

5
postfix/man/man5/aliases.5
View File

@@ -37,8 +37,9 @@ The format of the alias database input file is as follows:
.IP \(bu .IP \(bu
An alias definition has the form An alias definition has the form
.sp .sp
.ti +5 .nf
\fIname\fR: \fIvalue1\fR, \fIvalue2\fR, \fI...\fR \fIname\fR: \fIvalue1\fR, \fIvalue2\fR, \fI...\fR
.fi
.IP \(bu .IP \(bu
Empty lines and whitespace-only lines are ignored, as Empty lines and whitespace-only lines are ignored, as
are lines whose first non-whitespace character is a `#'. are lines whose first non-whitespace character is a `#'.

41
postfix/man/man5/bounce.5
View File

@@ -40,8 +40,9 @@ edit the temporary file.
To preview the results of $\fIname\fR expansions in the To preview the results of $\fIname\fR expansions in the
template text, use the command template text, use the command
.ti +4 .nf
\fBpostconf -b\fR \fItemporary_file\fR \fBpostconf -b\fR \fItemporary_file\fR
.fi
Errors in the template will be reported to the standard Errors in the template will be reported to the standard
error stream and to the syslog daemon. error stream and to the syslog daemon.
@@ -54,9 +55,10 @@ Once the result is satisfactory, copy the template to the
Postfix configuration directory and specify in main.cf Postfix configuration directory and specify in main.cf
something like: something like:
.nf
/etc/postfix/main.cf: /etc/postfix/main.cf:
.ti +4
bounce_template_file = /etc/postfix/bounce.cf bounce_template_file = /etc/postfix/bounce.cf
.fi
.SH "TEMPLATE FILE FORMAT" .SH "TEMPLATE FILE FORMAT"
.na .na
.nf .nf
@@ -76,32 +78,27 @@ only. You can change the word EOF, but you can't enclose
it in quotes as with the shell or with Perl (\fItemplate_name\fB it in quotes as with the shell or with Perl (\fItemplate_name\fB
= <<'EOF'\fR). Here is an example: = <<'EOF'\fR). Here is an example:
.in +4
.nf .nf
.na # The failure template is used for undeliverable mail.
# The failure template is used for undeliverable mail.
failure_template = <<EOF failure_template = <<EOF
Charset: us-ascii Charset: us-ascii
From: MAILER-DAEMON (Mail Delivery System) From: MAILER-DAEMON (Mail Delivery System)
Subject: Undelivered Mail Returned to Sender Subject: Undelivered Mail Returned to Sender
Postmaster-Subject: Postmaster Copy: Undelivered Mail Postmaster-Subject: Postmaster Copy: Undelivered Mail
This is the mail system at host $myhostname. This is the mail system at host $myhostname.
I'm sorry to have to inform you that your message could not I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below. be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to postmaster. For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can If you do so, please include this problem report. You can
delete your own text from the attached returned message. delete your own text from the attached returned message.
.ti +12 The mail system
The mail system EOF
EOF
.in -4
.ad
.fi .fi
.PP .PP
The usage and specification of bounce templates is The usage and specification of bounce templates is

5
postfix/man/man5/canonical.5
View File

@@ -113,8 +113,9 @@ Note: @\fIdomain\fR is a wild-card. When this form is applied
to recipient addresses, the Postfix SMTP server accepts to recipient addresses, the Postfix SMTP server accepts
mail for any recipient in \fIdomain\fR, regardless of whether mail for any recipient in \fIdomain\fR, regardless of whether
that recipient exists. This may turn your mail system into that recipient exists. This may turn your mail system into
a backscatter source that returns undeliverable spam to a backscatter source: Postfix first accepts mail for
innocent people. non-existent recipients and then tries to return that mail
as "undeliverable" to the often forged sender address.
.SH "RESULT ADDRESS REWRITING" .SH "RESULT ADDRESS REWRITING"
.na .na
.nf .nf

15
postfix/man/man5/cidr_table.5
View File

@@ -70,17 +70,16 @@ pattern is found that matches the search string.
.SH "EXAMPLE SMTPD ACCESS MAP" .SH "EXAMPLE SMTPD ACCESS MAP"
.na .na
.nf .nf
.nf
/etc/postfix/main.cf: /etc/postfix/main.cf:
.ti +4 smtpd_client_restrictions = ... cidr:/etc/postfix/client.cidr ...
smtpd_client_restrictions = ... cidr:/etc/postfix/client.cidr ...
/etc/postfix/client.cidr: /etc/postfix/client.cidr:
.in +4 # Rule order matters. Put more specific whitelist entries
# Rule order matters. Put more specific whitelist entries # before more general blacklist entries.
# before more general blacklist entries. 192.168.1.1 OK
192.168.1.1 OK 192.168.0.0/16 REJECT
192.168.0.0/16 REJECT .fi
.in -4
.SH "SEE ALSO" .SH "SEE ALSO"
.na .na
.nf .nf

4
postfix/man/man5/generic.5
View File

@@ -174,16 +174,12 @@ that the ISP supports "+" style address extensions).
.na .na
.nf .nf
/etc/postfix/main.cf: /etc/postfix/main.cf:
.in +4
smtp_generic_maps = hash:/etc/postfix/generic smtp_generic_maps = hash:/etc/postfix/generic
.in -4
/etc/postfix/generic: /etc/postfix/generic:
.in +4
his@localdomain.local hisaccount@hisisp.example his@localdomain.local hisaccount@hisisp.example
her@localdomain.local heraccount@herisp.example her@localdomain.local heraccount@herisp.example
@localdomain.local hisaccount+local@hisisp.example @localdomain.local hisaccount+local@hisisp.example
.in -4
.ad .ad
.fi .fi

35
postfix/man/man5/header_checks.5
View File

@@ -8,17 +8,15 @@ Postfix built-in content inspection
.SH "SYNOPSIS" .SH "SYNOPSIS"
.na .na
.nf .nf
.nf
\fBheader_checks = pcre:/etc/postfix/header_checks\fR \fBheader_checks = pcre:/etc/postfix/header_checks\fR
.br
\fBmime_header_checks = pcre:/etc/postfix/mime_header_checks\fR \fBmime_header_checks = pcre:/etc/postfix/mime_header_checks\fR
.br
\fBnested_header_checks = pcre:/etc/postfix/nested_header_checks\fR \fBnested_header_checks = pcre:/etc/postfix/nested_header_checks\fR
.br
\fBbody_checks = pcre:/etc/postfix/body_checks\fR \fBbody_checks = pcre:/etc/postfix/body_checks\fR
.sp .sp
\fBpostmap -q "\fIstring\fB" pcre:/etc/postfix/\fIfilename\fR \fBpostmap -q "\fIstring\fB" pcre:/etc/postfix/\fIfilename\fR
.br
\fBpostmap -q - pcre:/etc/postfix/\fIfilename\fR <\fIinputfile\fR \fBpostmap -q - pcre:/etc/postfix/\fIfilename\fR <\fIinputfile\fR
.fi
.SH DESCRIPTION .SH DESCRIPTION
.ad .ad
.fi .fi
@@ -66,6 +64,15 @@ message headers is treated as body content.
Note: message headers are examined one logical header at a time, Note: message headers are examined one logical header at a time,
even when a message header spans multiple lines. Body lines are even when a message header spans multiple lines. Body lines are
always examined one line at a time. always examined one line at a time.
.SH "COMPATIBILITY"
.na
.nf
.ad
.fi
With Postfix version 2.2 and earlier specify "\fBpostmap
-fq\fR" to query a table that contains case sensitive
patterns. By default, regexp: and pcre: patterns are case
insensitive.
.SH "TABLE FORMAT" .SH "TABLE FORMAT"
.na .na
.nf .nf
@@ -273,7 +280,7 @@ line at a time. A decision made for one line is not carried over
to the next line. to the next line.
.IP \(bu .IP \(bu
If text in the message body is encoded If text in the message body is encoded
(RFC 2045) then the rules have to specified for the encoded (RFC 2045) then the rules need to be specified for the encoded
form. form.
.IP \(bu .IP \(bu
Likewise, when message headers are encoded (RFC Likewise, when message headers are encoded (RFC
@@ -330,14 +337,11 @@ Header pattern to block attachments with bad file name extensions.
.na .na
.nf .nf
/etc/postfix/main.cf: /etc/postfix/main.cf:
.ti +4 header_checks = regexp:/etc/postfix/header_checks
header_checks = regexp:/etc/postfix/header_checks
/etc/postfix/header_checks: /etc/postfix/header_checks:
.ti +4 /^content-(type|disposition):.*name[[:space:]]*=.*\\.(exe|vbs)/
/^content-(type|disposition):.*name[[:space:]]*=.*\\.(exe|vbs)/ REJECT Bad attachment file name extension: $2
.ti +8
REJECT Bad attachment file name extension: $2
.ad .ad
.fi .fi
@@ -346,14 +350,11 @@ Body pattern to stop a specific HTML browser vulnerability exploit.
.na .na
.nf .nf
/etc/postfix/main.cf: /etc/postfix/main.cf:
.ti +4 body_checks = regexp:/etc/postfix/body_checks
body_checks = regexp:/etc/postfix/body_checks
/etc/postfix/body_checks: /etc/postfix/body_checks:
.ti +4 /^<iframe src=(3D)?cid:.* height=(3D)?0 width=(3D)?0>$/
/^<iframe src=(3D)?cid:.* height=(3D)?0 width=(3D)?0>$/ REJECT IFRAME vulnerability exploit
.ti +8
REJECT IFRAME vulnerability exploit
.SH "SEE ALSO" .SH "SEE ALSO"
.na .na
.nf .nf

151
postfix/man/man5/ldap_table.5
View File

@@ -23,8 +23,9 @@ Alternatively, lookup tables can be specified as LDAP databases.
In order to use LDAP lookups, define an LDAP source as a lookup In order to use LDAP lookups, define an LDAP source as a lookup
table in main.cf, for example: table in main.cf, for example:
.ti +4 .nf
alias_maps = ldap:/etc/postfix/ldap-aliases.cf alias_maps = ldap:/etc/postfix/ldap-aliases.cf
.fi
The file /etc/postfix/ldap-aliases.cf has the same format as The file /etc/postfix/ldap-aliases.cf has the same format as
the Postfix main.cf file, and can specify the parameters the Postfix main.cf file, and can specify the parameters
@@ -89,19 +90,17 @@ return the key itself.
For example, NEVER do this in a map defining $mydestination: For example, NEVER do this in a map defining $mydestination:
.in +4 .nf
query_filter = domain=* query_filter = domain=*
.br result_attribute = domain
result_attribute = domain .fi
.in -4
Do this instead: Do this instead:
.in +4 .nf
query_filter = domain=%s query_filter = domain=%s
.br result_attribute = domain
result_attribute = domain .fi
.in -4
.SH "GENERAL LDAP PARAMETERS" .SH "GENERAL LDAP PARAMETERS"
.na .na
.nf .nf
@@ -114,8 +113,9 @@ strings.
.IP "\fBserver_host (default: localhost)\fR" .IP "\fBserver_host (default: localhost)\fR"
The name of the host running the LDAP server, e.g. The name of the host running the LDAP server, e.g.
.ti +4 .nf
server_host = ldap.example.com server_host = ldap.example.com
.fi
Depending on the LDAP client library you're using, it should Depending on the LDAP client library you're using, it should
be possible to specify multiple servers here, with the library be possible to specify multiple servers here, with the library
@@ -123,41 +123,45 @@ trying them in order should the first one fail. It should also
be possible to give each server in the list a different port be possible to give each server in the list a different port
(overriding \fBserver_port\fR below), by naming them like (overriding \fBserver_port\fR below), by naming them like
.ti +4 .nf
server_host = ldap.example.com:1444 server_host = ldap.example.com:1444
.fi
With OpenLDAP, a (list of) LDAP URLs can be used to specify both With OpenLDAP, a (list of) LDAP URLs can be used to specify both
the hostname(s) and the port(s): the hostname(s) and the port(s):
.ti +4 .nf
server_host = ldap://ldap.example.com:1444 server_host = ldap://ldap.example.com:1444
.ti +8 ldap://ldap2.example.com:1444
ldap://ldap2.example.com:1444 .fi
All LDAP URLs accepted by the OpenLDAP library are supported, All LDAP URLs accepted by the OpenLDAP library are supported,
including connections over UNIX domain sockets, and LDAP SSL including connections over UNIX domain sockets, and LDAP SSL
(the last one provided that OpenLDAP was compiled with support (the last one provided that OpenLDAP was compiled with support
for SSL): for SSL):
.ti +4 .nf
server_host = ldapi://%2Fsome%2Fpath server_host = ldapi://%2Fsome%2Fpath
.ti +8 ldaps://ldap.example.com:636
ldaps://ldap.example.com:636 .fi
.IP "\fBserver_port (default: 389)\fR" .IP "\fBserver_port (default: 389)\fR"
The port the LDAP server listens on, e.g. The port the LDAP server listens on, e.g.
.ti +4 .nf
server_port = 778 server_port = 778
.fi
.IP "\fBtimeout (default: 10 seconds)\fR" .IP "\fBtimeout (default: 10 seconds)\fR"
The number of seconds a search can take before timing out, e.g. The number of seconds a search can take before timing out, e.g.
.ti +4 .fi
timeout = 5 timeout = 5
.fi
.IP "\fBsearch_base (No default; you must configure this)\fR" .IP "\fBsearch_base (No default; you must configure this)\fR"
The RFC2253 base DN at which to conduct the search, e.g. The RFC2253 base DN at which to conduct the search, e.g.
.ti +4 .nf
search_base = dc=your, dc=com search_base = dc=your, dc=com
.fi
.IP .IP
With Postfix 2.2 and later this parameter supports the With Postfix 2.2 and later this parameter supports the
following '%' expansions: following '%' expansions:
@@ -199,8 +203,9 @@ The RFC2254 filter used to search the directory, where \fB%s\fR
is a substitute for the address Postfix is trying to resolve, is a substitute for the address Postfix is trying to resolve,
e.g. e.g.
.ti +4 .nf
query_filter = (&(mail=%s)(paid_up=true)) query_filter = (&(mail=%s)(paid_up=true))
.fi
This parameter supports the following '%' expansions: This parameter supports the following '%' expansions:
.RS .RS
@@ -309,8 +314,9 @@ are eligible for lookup: 'user' lookups, bare domain lookups
and "@domain" lookups are not performed. This can significantly and "@domain" lookups are not performed. This can significantly
reduce the query load on the LDAP server. reduce the query load on the LDAP server.
.ti +4 .nf
domain = postfix.org, hash:/etc/postfix/searchdomains domain = postfix.org, hash:/etc/postfix/searchdomains
.fi
It is best not to use LDAP to store the domains eligible It is best not to use LDAP to store the domains eligible
for LDAP lookups. for LDAP lookups.
@@ -323,15 +329,17 @@ The attribute(s) Postfix will read from any directory
entries returned by the lookup, to be resolved to an email entries returned by the lookup, to be resolved to an email
address. address.
.ti +4 .nf
result_attribute = mailbox, maildrop result_attribute = mailbox, maildrop
.fi
.IP "\fBspecial_result_attribute (default: empty)\fR" .IP "\fBspecial_result_attribute (default: empty)\fR"
The attribute(s) of directory entries that can contain DNs The attribute(s) of directory entries that can contain DNs
or URLs. If found, a recursive subsequent search is done or URLs. If found, a recursive subsequent search is done
using their values. using their values.
.ti +4 .nf
special_result_attribute = memberdn special_result_attribute = memberdn
.fi
DN recursion retrieves the same result_attributes as the DN recursion retrieves the same result_attributes as the
main query, including the special attributes for further main query, including the special attributes for further
@@ -349,8 +357,9 @@ attribute on selected groups to route the group to a specific host,
where the group is expanded, possibly via mailing-list manager or where the group is expanded, possibly via mailing-list manager or
other special processing. other special processing.
.ti +4 .nf
terminal_result_attribute = maildrop terminal_result_attribute = maildrop
.fi
This feature is available with Postfix 2.4 or later. This feature is available with Postfix 2.4 or later.
.IP "\fBleaf_result_attribute (default: empty)\fR" .IP "\fBleaf_result_attribute (default: empty)\fR"
@@ -370,15 +379,12 @@ rfc822 addresses, then the string attributes go in "result_attribute".
The attributes that represent the email addresses of objects The attributes that represent the email addresses of objects
referenced via a DN (or LDAP URI) go in "leaf_result_attribute". referenced via a DN (or LDAP URI) go in "leaf_result_attribute".
.in +4 .nf
result_attribute = memberaddr result_attribute = memberaddr
.br special_result_attribute = memberdn
special_result_attribute = memberdn terminal_result_attribute = maildrop
.br leaf_result_attribute = mail
terminal_result_attribute = maildrop .fi
.br
leaf_result_attribute = mail
.in -4
This feature is available with Postfix 2.4 or later. This feature is available with Postfix 2.4 or later.
.IP "\fBscope (default: sub)\fR" .IP "\fBscope (default: sub)\fR"
@@ -390,8 +396,9 @@ Whether or not to bind to the LDAP server. Newer LDAP
implementations don't require clients to bind, which saves implementations don't require clients to bind, which saves
time. Example: time. Example:
.ti +4 .nf
bind = no bind = no
.fi
If you do need to bind, you might consider configuring If you do need to bind, you might consider configuring
Postfix to connect to the local machine on a port that's Postfix to connect to the local machine on a port that's
@@ -403,8 +410,9 @@ the clear.
.IP "\fBbind_dn (default: empty)\fR" .IP "\fBbind_dn (default: empty)\fR"
If you do have to bind, do it with this distinguished name. Example: If you do have to bind, do it with this distinguished name. Example:
.ti +4 .nf
bind_dn = uid=postfix, dc=your, dc=com bind_dn = uid=postfix, dc=your, dc=com
.fi
.IP "\fBbind_pw (default: empty)\fR" .IP "\fBbind_pw (default: empty)\fR"
The password for the distinguished name above. If you have The password for the distinguished name above. If you have
to use this, you probably want to make the map configuration to use this, you probably want to make the map configuration
@@ -415,8 +423,9 @@ password. This is because main.cf needs to be world readable
to allow local accounts to submit mail via the sendmail to allow local accounts to submit mail via the sendmail
command. Example: command. Example:
.ti +4 .nf
bind_pw = postfixpw bind_pw = postfixpw
.fi
.IP "\fBcache (IGNORED with a warning)\fR" .IP "\fBcache (IGNORED with a warning)\fR"
.IP "\fBcache_expiry (IGNORED with a warning)\fR" .IP "\fBcache_expiry (IGNORED with a warning)\fR"
.IP "\fBcache_size (IGNORED with a warning)\fR" .IP "\fBcache_size (IGNORED with a warning)\fR"
@@ -485,19 +494,22 @@ issue the STARTTLS command.
LDAP SSL service can be requested by using a LDAP SSL URL LDAP SSL service can be requested by using a LDAP SSL URL
in the server_host parameter: in the server_host parameter:
.ti +4 .nf
server_host = ldaps://ldap.example.com:636 server_host = ldaps://ldap.example.com:636
.fi
STARTTLS can be turned on with the start_tls parameter: STARTTLS can be turned on with the start_tls parameter:
.ti +4 .nf
start_tls = yes start_tls = yes
.fi
Both forms require LDAP protocol version 3, which has to be set Both forms require LDAP protocol version 3, which has to be set
explicitly with: explicitly with:
.ti +4 .nf
version = 3 version = 3
.fi
If any of the Postfix programs querying the map is configured in If any of the Postfix programs querying the map is configured in
master.cf to run chrooted, all the certificates and keys involved master.cf to run chrooted, all the certificates and keys involved
@@ -550,18 +562,17 @@ Here's a basic example for using LDAP to look up local(8)
aliases. aliases.
Assume that in main.cf, you have: Assume that in main.cf, you have:
.ti +4 .nf
alias_maps = hash:/etc/aliases, alias_maps = hash:/etc/aliases,
.ti +8 ldap:/etc/postfix/ldap-aliases.cf
ldap:/etc/postfix/ldap-aliases.cf .fi
and in ldap:/etc/postfix/ldap-aliases.cf you have: and in ldap:/etc/postfix/ldap-aliases.cf you have:
.in +4 .nf
server_host = ldap.example.com server_host = ldap.example.com
.br search_base = dc=example, dc=com
search_base = dc=example, dc=com .fi
.in -4
Upon receiving mail for a local address "ldapuser" that Upon receiving mail for a local address "ldapuser" that
isn't found in the /etc/aliases database, Postfix will isn't found in the /etc/aliases database, Postfix will

104
postfix/man/man5/mysql_table.5
View File

@@ -21,8 +21,9 @@ rewriting or mail routing. These tables are usually in
Alternatively, lookup tables can be specified as MySQL databases. Alternatively, lookup tables can be specified as MySQL databases.
In order to use MySQL lookups, define a MySQL source as a lookup In order to use MySQL lookups, define a MySQL source as a lookup
table in main.cf, for example: table in main.cf, for example:
.ti +4 .nf
alias_maps = mysql:/etc/mysql-aliases.cf alias_maps = mysql:/etc/mysql-aliases.cf
.fi
The file /etc/postfix/mysql-aliases.cf has the same format as The file /etc/postfix/mysql-aliases.cf has the same format as
the Postfix main.cf file, and can specify the parameters the Postfix main.cf file, and can specify the parameters
@@ -56,14 +57,12 @@ query constructed from the \fBselect_field\fR, \fBtable\fR,
The old interface will be gradually phased out. To migrate to The old interface will be gradually phased out. To migrate to
the new interface set: the new interface set:
.ti +4 .nf
\fBquery\fR = SELECT [\fIselect_field\fR] \fBquery\fR = SELECT [\fIselect_field\fR]
.ti +8 FROM [\fItable\fR]
FROM [\fItable\fR] WHERE [\fIwhere_field\fR] = '%s'
.ti +8 [\fIadditional_conditions\fR]
WHERE [\fIwhere_field\fR] = '%s' .fi
.ti +12
[\fIadditional_conditions\fR]
Insert the value, not the name, of each legacy parameter. Note Insert the value, not the name, of each legacy parameter. Note
that the \fBadditional_conditions\fR parameter is optional that the \fBadditional_conditions\fR parameter is optional
@@ -97,10 +96,10 @@ return the key itself or a constant value.
The hosts that Postfix will try to connect to and query from. The hosts that Postfix will try to connect to and query from.
Specify \fIunix:\fR for UNIX domain sockets, \fIinet:\fR for TCP Specify \fIunix:\fR for UNIX domain sockets, \fIinet:\fR for TCP
connections (default). Example: connections (default). Example:
.ti +4 .nf
hosts = host1.some.domain host2.some.domain hosts = host1.some.domain host2.some.domain
.ti +4 hosts = unix:/file/name
hosts = unix:/file/name .fi
The hosts are tried in random order, with all connections over The hosts are tried in random order, with all connections over
UNIX domain sockets being tried before those over TCP. The UNIX domain sockets being tried before those over TCP. The
@@ -112,26 +111,28 @@ NOTE: if you specify localhost as a hostname (even if you
prefix it with \fIinet:\fR), MySQL will connect to the default prefix it with \fIinet:\fR), MySQL will connect to the default
UNIX domain socket. In order to instruct MySQL to connect to UNIX domain socket. In order to instruct MySQL to connect to
localhost over TCP you have to specify localhost over TCP you have to specify
.ti +4 .nf
hosts = 127.0.0.1 hosts = 127.0.0.1
.fi
.IP "\fBuser, password\fR" .IP "\fBuser, password\fR"
The user name and password to log into the mysql server. The user name and password to log into the mysql server.
Example: Example:
.in +4 .nf
user = someone user = someone
.br password = some_password
password = some_password .fi
.in -4
.IP "\fBdbname\fR" .IP "\fBdbname\fR"
The database name on the servers. Example: The database name on the servers. Example:
.ti +4 .nf
dbname = customer_database dbname = customer_database
.fi
.IP "\fBquery\fR" .IP "\fBquery\fR"
The SQL query template used to search the database, where \fB%s\fR The SQL query template used to search the database, where \fB%s\fR
is a substitute for the address Postfix is trying to resolve, is a substitute for the address Postfix is trying to resolve,
e.g. e.g.
.ti +4 .nf
query = SELECT replacement FROM aliases WHERE mailbox = '%s' query = SELECT replacement FROM aliases WHERE mailbox = '%s'
.fi
This parameter supports the following '%' expansions: This parameter supports the following '%' expansions:
.RS .RS
@@ -178,14 +179,12 @@ the SQL query was built from the separate parameters:
\fBadditional_conditions\fR. The mapping from the old parameters \fBadditional_conditions\fR. The mapping from the old parameters
to the equivalent query is: to the equivalent query is:
.ti +4 .nf
SELECT [\fBselect_field\fR] SELECT [\fBselect_field\fR]
.ti +4 FROM [\fBtable\fR]
FROM [\fBtable\fR] WHERE [\fBwhere_field\fR] = '%s'
.ti +4 [\fBadditional_conditions\fR]
WHERE [\fBwhere_field\fR] = '%s' .fi
.ti +10
[\fBadditional_conditions\fR]
The '%s' in the \fBWHERE\fR clause expands to the escaped search string. The '%s' in the \fBWHERE\fR clause expands to the escaped search string.
With Postfix 2.2 these legacy parameters are used if the \fBquery\fR With Postfix 2.2 these legacy parameters are used if the \fBquery\fR
@@ -241,8 +240,9 @@ keys with a *non-empty* localpart and a matching domain
are eligible for lookup: 'user' lookups, bare domain lookups are eligible for lookup: 'user' lookups, bare domain lookups
and "@domain" lookups are not performed. This can significantly and "@domain" lookups are not performed. This can significantly
reduce the query load on the MySQL server. reduce the query load on the MySQL server.
.ti +4 .nf
domain = postfix.org, hash:/etc/postfix/searchdomains domain = postfix.org, hash:/etc/postfix/searchdomains
.fi
It is best not to use SQL to store the domains eligible It is best not to use SQL to store the domains eligible
for SQL lookups. for SQL lookups.
@@ -262,14 +262,12 @@ values.
The following parameters can be used to fill in a The following parameters can be used to fill in a
SELECT template statement of the form: SELECT template statement of the form:
.ti +4 .nf
SELECT [\fBselect_field\fR] SELECT [\fBselect_field\fR]
.ti +4 FROM [\fBtable\fR]
FROM [\fBtable\fR] WHERE [\fBwhere_field\fR] = '%s'
.ti +4 [\fBadditional_conditions\fR]
WHERE [\fBwhere_field\fR] = '%s' .fi
.ti +10
[\fBadditional_conditions\fR]
The specifier %s is replaced by the search string, and is The specifier %s is replaced by the search string, and is
escaped so if it contains single quotes or other odd characters, escaped so if it contains single quotes or other odd characters,
@@ -282,20 +280,24 @@ are ignored. Please migrate to the new interface as the legacy
interface may be removed in a future release. interface may be removed in a future release.
.IP "\fBselect_field\fR" .IP "\fBselect_field\fR"
The SQL "select" parameter. Example: The SQL "select" parameter. Example:
.ti +4 .nf
\fBselect_field\fR = forw_addr \fBselect_field\fR = forw_addr
.fi
.IP "\fBtable\fR" .IP "\fBtable\fR"
The SQL "select .. from" table name. Example: The SQL "select .. from" table name. Example:
.ti +4 .nf
\fBtable\fR = mxaliases \fBtable\fR = mxaliases
.fi
.IP "\fBwhere_field\fR .IP "\fBwhere_field\fR
The SQL "select .. where" parameter. Example: The SQL "select .. where" parameter. Example:
.ti +4 .nf
\fBwhere_field\fR = alias \fBwhere_field\fR = alias
.fi
.IP "\fBadditional_conditions\fR .IP "\fBadditional_conditions\fR
Additional conditions to the SQL query. Example: Additional conditions to the SQL query. Example:
.ti +4 .nf
\fBadditional_conditions\fR = AND status = 'paid' \fBadditional_conditions\fR = AND status = 'paid'
.fi
.SH "SEE ALSO" .SH "SEE ALSO"
.na .na
.nf .nf

13
postfix/man/man5/nisplus_table.5
View File

@@ -32,8 +32,9 @@ command as described in the SYNOPSIS above.
Most of the NIS+ query is specified via the NIS+ map name. The Most of the NIS+ query is specified via the NIS+ map name. The
general format of a Postfix NIS+ map name is as follows: general format of a Postfix NIS+ map name is as follows:
.ti +4 .fi
\fBnisplus:[\fIname\fB=%s];\fIname.name.name\fB.:\fIcolumn\fR \fBnisplus:[\fIname\fB=%s];\fIname.name.name\fB.:\fIcolumn\fR
.fi
Postfix NIS+ map names differ from what one normally Postfix NIS+ map names differ from what one normally
would use with commands such as \fBniscat\fR: would use with commands such as \fBniscat\fR:
@@ -54,13 +55,13 @@ no ":\fIcolumn\fR" is specified the first column (1) is used.
.SH "EXAMPLE" .SH "EXAMPLE"
.na .na
.nf .nf
.ad
.fi
A NIS+ aliases map might be queried as follows: A NIS+ aliases map might be queried as follows:
.ti +4 .nf
alias_maps = dbm:/etc/mail/aliases, alias_maps = dbm:/etc/mail/aliases,
.ti +2
nisplus:[alias=%s];mail_aliases.org_dir.$mydomain.:1 nisplus:[alias=%s];mail_aliases.org_dir.$mydomain.:1
.ad
.fi .fi
This queries the local aliases file before the NIS+ file. This queries the local aliases file before the NIS+ file.

4
postfix/man/man5/pcre_table.5
View File

@@ -15,8 +15,8 @@ format of Postfix PCRE tables
.ad .ad
.fi .fi
The Postfix mail system uses optional tables for address The Postfix mail system uses optional tables for address
rewriting or mail routing. These tables are usually in rewriting, mail routing, or access control. These tables
\fBdbm\fR or \fBdb\fR format. are usually in \fBdbm\fR or \fBdb\fR format.
Alternatively, lookup tables can be specified in Perl Compatible Alternatively, lookup tables can be specified in Perl Compatible
Regular Expression form. In this case, each input is compared Regular Expression form. In this case, each input is compared

100
postfix/man/man5/pgsql_table.5
View File

@@ -21,8 +21,9 @@ rewriting or mail routing. These tables are usually in
Alternatively, lookup tables can be specified as PostgreSQL Alternatively, lookup tables can be specified as PostgreSQL
databases. In order to use PostgreSQL lookups, define a databases. In order to use PostgreSQL lookups, define a
PostgreSQL source as a lookup table in main.cf, for example: PostgreSQL source as a lookup table in main.cf, for example:
.ti +4 .nf
alias_maps = pgsql:/etc/pgsql-aliases.cf alias_maps = pgsql:/etc/pgsql-aliases.cf
.fi
The file /etc/postfix/pgsql-aliases.cf has the same format as The file /etc/postfix/pgsql-aliases.cf has the same format as
the Postfix main.cf file, and can specify the parameters the Postfix main.cf file, and can specify the parameters
@@ -60,19 +61,18 @@ phased out, \fBselect_function\fR, \fBselect_field\fR, \fBtable\fR,
\fBwhere_field\fR and \fBadditional_conditions\fR parameters. To \fBwhere_field\fR and \fBadditional_conditions\fR parameters. To
migrate to the new interface set: migrate to the new interface set:
.ti +4 .nf
\fBquery\fR = SELECT \fIselect_function\fR('%s') \fBquery\fR = SELECT \fIselect_function\fR('%s')
.fi
or in the absence of \fBselection_function\fR, the lower precedence: or in the absence of \fBselection_function\fR, the lower precedence:
.ti +4 .nf
\fBquery\fR = SELECT \fIselect_field\fR \fBquery\fR = SELECT \fIselect_field\fR
.ti +8 FROM \fItable\fR
FROM \fItable\fR WHERE \fIwhere_field\fR = '%s'
.ti +8 \fIadditional_conditions\fR
WHERE \fIwhere_field\fR = '%s' .fi
.ti +12
\fIadditional_conditions\fR
Use the value, not the name, of each legacy parameter. Note Use the value, not the name, of each legacy parameter. Note
that the \fBadditional_conditions\fR parameter is optional that the \fBadditional_conditions\fR parameter is optional
@@ -106,10 +106,10 @@ return the key itself or a constant value.
The hosts that Postfix will try to connect to and query from. The hosts that Postfix will try to connect to and query from.
Specify \fIunix:\fR for UNIX-domain sockets, \fIinet:\fR for TCP Specify \fIunix:\fR for UNIX-domain sockets, \fIinet:\fR for TCP
connections (default). Example: connections (default). Example:
.ti +4 .nf
hosts = host1.some.domain host2.some.domain hosts = host1.some.domain host2.some.domain
.ti +4 hosts = unix:/file/name
hosts = unix:/file/name .fi
The hosts are tried in random order, with all connections over The hosts are tried in random order, with all connections over
UNIX domain sockets being tried before those over TCP. The UNIX domain sockets being tried before those over TCP. The
@@ -124,21 +124,22 @@ connection otherwise.
.IP "\fBuser, password\fR" .IP "\fBuser, password\fR"
The user name and password to log into the pgsql server. The user name and password to log into the pgsql server.
Example: Example:
.in +4 .nf
user = someone user = someone
.br password = some_password
password = some_password .fi
.in -4
.IP "\fBdbname\fR" .IP "\fBdbname\fR"
The database name on the servers. Example: The database name on the servers. Example:
.ti +4 .nf
dbname = customer_database dbname = customer_database
.fi
.IP "\fBquery\fR" .IP "\fBquery\fR"
The SQL query template used to search the database, where \fB%s\fR The SQL query template used to search the database, where \fB%s\fR
is a substitute for the address Postfix is trying to resolve, is a substitute for the address Postfix is trying to resolve,
e.g. e.g.
.ti +4 .nf
query = SELECT replacement FROM aliases WHERE mailbox = '%s' query = SELECT replacement FROM aliases WHERE mailbox = '%s'
.fi
This parameter supports the following '%' expansions: This parameter supports the following '%' expansions:
.RS .RS
@@ -242,8 +243,9 @@ keys with a *non-empty* localpart and a matching domain
are eligible for lookup: 'user' lookups, bare domain lookups are eligible for lookup: 'user' lookups, bare domain lookups
and "@domain" lookups are not performed. This can significantly and "@domain" lookups are not performed. This can significantly
reduce the query load on the PostgreSQL server. reduce the query load on the PostgreSQL server.
.ti +4 .nf
domain = postfix.org, hash:/etc/postfix/searchdomains domain = postfix.org, hash:/etc/postfix/searchdomains
.fi
It is best not to use SQL to store the domains eligible It is best not to use SQL to store the domains eligible
for SQL lookups. for SQL lookups.
@@ -263,12 +265,14 @@ values.
Pre-Postfix 2.2 legacy interfaces: Pre-Postfix 2.2 legacy interfaces:
.IP "\fBselect_function\fR" .IP "\fBselect_function\fR"
This parameter specifies a database function name. Example: This parameter specifies a database function name. Example:
.ti +4 .nf
select_function = my_lookup_user_alias select_function = my_lookup_user_alias
.fi
This is equivalent to: This is equivalent to:
.ti +4 .nf
query = SELECT my_lookup_user_alias('%s') query = SELECT my_lookup_user_alias('%s')
.fi
This parameter overrides the legacy table-related fields (described This parameter overrides the legacy table-related fields (described
below). With Postfix versions prior to 2.2, it also overrides the below). With Postfix versions prior to 2.2, it also overrides the
@@ -281,14 +285,12 @@ The following parameters (with lower precedence than the
\fBselect_function\fR interface described above) can be used to \fBselect_function\fR interface described above) can be used to
build the SQL select statement as follows: build the SQL select statement as follows:
.ti +4 .nf
SELECT [\fBselect_field\fR] SELECT [\fBselect_field\fR]
.ti +4 FROM [\fBtable\fR]
FROM [\fBtable\fR] WHERE [\fBwhere_field\fR] = '%s'
.ti +4 [\fBadditional_conditions\fR]
WHERE [\fBwhere_field\fR] = '%s' .fi
.ti +10
[\fBadditional_conditions\fR]
The specifier %s is replaced with each lookup by the lookup key The specifier %s is replaced with each lookup by the lookup key
and is escaped so if it contains single quotes or other odd and is escaped so if it contains single quotes or other odd
@@ -302,20 +304,24 @@ are defined, these parameters are ignored. Please migrate to the new
\fBquery\fR interface as this interface is slated to be phased out. \fBquery\fR interface as this interface is slated to be phased out.
.IP "\fBselect_field\fR" .IP "\fBselect_field\fR"
The SQL "select" parameter. Example: The SQL "select" parameter. Example:
.ti +4 .nf
\fBselect_field\fR = forw_addr \fBselect_field\fR = forw_addr
.fi
.IP "\fBtable\fR" .IP "\fBtable\fR"
The SQL "select .. from" table name. Example: The SQL "select .. from" table name. Example:
.ti +4 .nf
\fBtable\fR = mxaliases \fBtable\fR = mxaliases
.fi
.IP "\fBwhere_field\fR .IP "\fBwhere_field\fR
The SQL "select .. where" parameter. Example: The SQL "select .. where" parameter. Example:
.ti +4 .nf
\fBwhere_field\fR = alias \fBwhere_field\fR = alias
.fi
.IP "\fBadditional_conditions\fR .IP "\fBadditional_conditions\fR
Additional conditions to the SQL query. Example: Additional conditions to the SQL query. Example:
.ti +4 .nf
\fBadditional_conditions\fR = AND status = 'paid' \fBadditional_conditions\fR = AND status = 'paid'
.fi
.SH "SEE ALSO" .SH "SEE ALSO"
.na .na
.nf .nf

4
postfix/man/man5/regexp_table.5
View File

@@ -15,8 +15,8 @@ format of Postfix regular expression tables
.ad .ad
.fi .fi
The Postfix mail system uses optional tables for address The Postfix mail system uses optional tables for address
rewriting or mail routing. These tables are usually in rewriting, mail routing, or access control. These tables
\fBdbm\fR or \fBdb\fR format. are usually in \fBdbm\fR or \fBdb\fR format.
Alternatively, lookup tables can be specified in POSIX regular Alternatively, lookup tables can be specified in POSIX regular
expression form. In this case, each input is compared against a expression form. In this case, each input is compared against a

8
postfix/man/man5/relocated.5
View File

@@ -49,9 +49,11 @@ lookup fields can match both upper and lower case.
The input format for the \fBpostmap\fR(1) command is as follows: The input format for the \fBpostmap\fR(1) command is as follows:
.IP \(bu .IP \(bu
An entry has one of the following form: An entry has one of the following form:
.ti +5
\fIpattern new_location\fR .nf
.br \fIpattern new_location\fR
.fi
Where \fInew_location\fR specifies contact information such as Where \fInew_location\fR specifies contact information such as
an email address, or perhaps a street address or telephone number. an email address, or perhaps a street address or telephone number.
.IP \(bu .IP \(bu

54
postfix/man/man5/transport.5
View File

@@ -17,7 +17,10 @@ Postfix transport table format
.ad .ad
.fi .fi
The optional \fBtransport\fR(5) table specifies a mapping from email The optional \fBtransport\fR(5) table specifies a mapping from email
addresses to message delivery transports and next-hop hosts. The addresses to message delivery transports and next-hop destinations.
Message delivery transports such as \fBlocal\fR or \fBsmtp\fR
are defined in the \fBmaster.cf\fR file, and next-hop
destinations are typically hosts or domain names. The
table is searched by the \fBtrivial-rewrite\fR(8) daemon. table is searched by the \fBtrivial-rewrite\fR(8) daemon.
This mapping overrides the default \fItransport\fR:\fInexthop\fR This mapping overrides the default \fItransport\fR:\fInexthop\fR
@@ -165,20 +168,19 @@ internal destinations (do not change the delivery transport or
the nexthop information) and specify a wildcard for all other the nexthop information) and specify a wildcard for all other
destinations. destinations.
.ti +5 .nf
\fB\&my.domain :\fR \fB\&my.domain :\fR
.ti +5 \fB\&.my.domain :\fR
\fB\&.my.domain :\fR \fB* smtp:outbound-relay.my.domain\fR
.ti +5 .fi
\fB* smtp:outbound-relay.my.domain\fR
In order to send mail for \fBexample.com\fR and its subdomains In order to send mail for \fBexample.com\fR and its subdomains
via the \fBuucp\fR transport to the UUCP host named \fBexample\fR: via the \fBuucp\fR transport to the UUCP host named \fBexample\fR:
.ti +5 .nf
\fBexample.com uucp:example\fR \fBexample.com uucp:example\fR
.ti +5 \fB\&.example.com uucp:example\fR
\fB\&.example.com uucp:example\fR .fi
When no nexthop host name is specified, the destination domain When no nexthop host name is specified, the destination domain
name is used instead. For example, the following directs mail for name is used instead. For example, the following directs mail for
@@ -186,18 +188,19 @@ name is used instead. For example, the following directs mail for
exchanger for \fBexample.com\fR. The \fBslow\fR transport could be exchanger for \fBexample.com\fR. The \fBslow\fR transport could be
configured to run at most one delivery process at a time: configured to run at most one delivery process at a time:
.ti +5 .nf
\fBexample.com slow:\fR \fBexample.com slow:\fR
.fi
When no transport is specified, Postfix uses the transport that When no transport is specified, Postfix uses the transport that
matches the address domain class (see DESCRIPTION matches the address domain class (see DESCRIPTION
above). The following sends all mail for \fBexample.com\fR and its above). The following sends all mail for \fBexample.com\fR and its
subdomains to host \fBgateway.example.com\fR: subdomains to host \fBgateway.example.com\fR:
.ti +5 .nf
\fBexample.com :[gateway.example.com]\fR \fBexample.com :[gateway.example.com]\fR
.ti +5 \fB\&.example.com :[gateway.example.com]\fR
\fB\&.example.com :[gateway.example.com]\fR .fi
In the above example, the [] suppress MX lookups. In the above example, the [] suppress MX lookups.
This prevents mail routing loops when your machine is primary MX This prevents mail routing loops when your machine is primary MX
@@ -206,8 +209,9 @@ host for \fBexample.com\fR.
In the case of delivery via SMTP, one may specify In the case of delivery via SMTP, one may specify
\fIhostname\fR:\fIservice\fR instead of just a host: \fIhostname\fR:\fIservice\fR instead of just a host:
.ti +5 .nf
\fBexample.com smtp:bar.example:2025\fR \fBexample.com smtp:bar.example:2025\fR
.fi
This directs mail for \fIuser\fR@\fBexample.com\fR to host \fBbar.example\fR This directs mail for \fIuser\fR@\fBexample.com\fR to host \fBbar.example\fR
port \fB2025\fR. Instead of a numerical port a symbolic name may be port \fB2025\fR. Instead of a numerical port a symbolic name may be
@@ -215,8 +219,9 @@ used. Specify [] around the hostname if MX lookups must be disabled.
The error mailer can be used to bounce mail: The error mailer can be used to bounce mail:
.ti +5 .nf
\fB\&.example.com error:mail for *.example.com is not deliverable\fR \fB\&.example.com error:mail for *.example.com is not deliverable\fR
.fi
This causes all mail for \fIuser\fR@\fIanything\fB.example.com\fR This causes all mail for \fIuser\fR@\fIanything\fB.example.com\fR
to be bounced. to be bounced.
@@ -238,9 +243,10 @@ nor is \fIuser+foo@domain\fR looked up as \fIuser@domain\fR.
Patterns are applied in the order as specified in the table, until a Patterns are applied in the order as specified in the table, until a
pattern is found that matches the search string. pattern is found that matches the search string.
Results are the same as with indexed file lookups, with The \fBtrivial-rewrite\fR(8) server disallows regular
the additional feature that parenthesized substrings from the expression substitution of $1 etc. in regular expression
pattern can be interpolated as \fB$1\fR, \fB$2\fR and so on. lookup tables, because that could open a security hole
(Postfix version 2.3 and later).
.SH "TCP-BASED TABLES" .SH "TCP-BASED TABLES"
.na .na
.nf .nf

25
postfix/man/man5/virtual.5
View File

@@ -108,8 +108,9 @@ Note: @\fIdomain\fR is a wild-card. With this form, the
Postfix SMTP server accepts Postfix SMTP server accepts
mail for any recipient in \fIdomain\fR, regardless of whether mail for any recipient in \fIdomain\fR, regardless of whether
that recipient exists. This may turn your mail system into that recipient exists. This may turn your mail system into
a backscatter source that returns undeliverable spam to a backscatter source: Postfix first accepts mail for
innocent people. non-existent recipients and then tries to return that mail
as "undeliverable" to the often forged sender address.
.SH "RESULT ADDRESS REWRITING" .SH "RESULT ADDRESS REWRITING"
.na .na
.nf .nf
@@ -162,24 +163,20 @@ visible in a virtual alias domain. In particular, local
Support for a virtual alias domain looks like: Support for a virtual alias domain looks like:
.nf
/etc/postfix/main.cf: /etc/postfix/main.cf:
.in +4 virtual_alias_maps = hash:/etc/postfix/virtual
virtual_alias_maps = hash:/etc/postfix/virtual .fi
Note: some systems use \fBdbm\fR databases instead of \fBhash\fR. Note: some systems use \fBdbm\fR databases instead of \fBhash\fR.
See the output from "\fBpostconf -m\fR" for available database types. See the output from "\fBpostconf -m\fR" for available database types.
.ti -4
/etc/postfix/virtual:
.nf .nf
.na /etc/postfix/virtual:
\fIvirtual-alias.domain anything\fR (right-hand content does not matter) \fIvirtual-alias.domain anything\fR (right-hand content does not matter)
\fIpostmaster@virtual-alias.domain postmaster\fR \fIpostmaster@virtual-alias.domain postmaster\fR
\fIuser1@virtual-alias.domain address1\fR \fIuser1@virtual-alias.domain address1\fR
\fIuser2@virtual-alias.domain address2, address3\fR \fIuser2@virtual-alias.domain address2, address3\fR
.fi
.in -4
.ad
.fi .fi
.sp .sp
The \fIvirtual-alias.domain anything\fR entry is required for a The \fIvirtual-alias.domain anything\fR entry is required for a

147
postfix/man/man8/anvil.8
View File

@@ -31,39 +31,36 @@ not care.
.fi .fi
To register a new connection send the following request to To register a new connection send the following request to
the \fBanvil\fR(8) server: the \fBanvil\fR(8) server:
.PP
.in +4 .nf
\fBrequest=connect\fR \fBrequest=connect\fR
.br \fBident=\fIstring\fR
\fBident=\fIstring\fR .fi
.in
.PP
The \fBanvil\fR(8) server answers with the number of The \fBanvil\fR(8) server answers with the number of
simultaneous connections and the number of connections per simultaneous connections and the number of connections per
unit time for the (service, client) combination specified unit time for the (service, client) combination specified
with \fBident\fR: with \fBident\fR:
.PP
.in +4 .nf
\fBstatus=0\fR \fBstatus=0\fR
.br \fBcount=\fInumber\fR
\fBcount=\fInumber\fR \fBrate=\fInumber\fR
.br .fi
\fBrate=\fInumber\fR
.in
.PP
To register a disconnect event send the following request To register a disconnect event send the following request
to the \fBanvil\fR(8) server: to the \fBanvil\fR(8) server:
.PP
.in +4 .nf
\fBrequest=disconnect\fR \fBrequest=disconnect\fR
.br \fBident=\fIstring\fR
\fBident=\fIstring\fR .fi
.in
.PP
The \fBanvil\fR(8) server replies with: The \fBanvil\fR(8) server replies with:
.PP
.ti +4 .nf
\fBstatus=0\fR \fBstatus=0\fR
.fi
.SH "MESSAGE RATE CONTROL" .SH "MESSAGE RATE CONTROL"
.na .na
.nf .nf
@@ -71,22 +68,20 @@ The \fBanvil\fR(8) server replies with:
.fi .fi
To register a message delivery request send the following To register a message delivery request send the following
request to the \fBanvil\fR(8) server: request to the \fBanvil\fR(8) server:
.PP
.in +4 .nf
\fBrequest=message\fR \fBrequest=message\fR
.br \fBident=\fIstring\fR
\fBident=\fIstring\fR .fi
.in
.PP
The \fBanvil\fR(8) server answers with the number of message The \fBanvil\fR(8) server answers with the number of message
delivery requests per unit time for the (service, client) delivery requests per unit time for the (service, client)
combination specified with \fBident\fR: combination specified with \fBident\fR:
.PP
.in +4 .nf
\fBstatus=0\fR \fBstatus=0\fR
.br \fBrate=\fInumber\fR
\fBrate=\fInumber\fR .fi
.in
.SH "RECIPIENT RATE CONTROL" .SH "RECIPIENT RATE CONTROL"
.na .na
.nf .nf
@@ -94,22 +89,20 @@ combination specified with \fBident\fR:
.fi .fi
To register a recipient request send the following request To register a recipient request send the following request
to the \fBanvil\fR(8) server: to the \fBanvil\fR(8) server:
.PP
.in +4 .nf
\fBrequest=recipient\fR \fBrequest=recipient\fR
.br \fBident=\fIstring\fR
\fBident=\fIstring\fR .fi
.in
.PP
The \fBanvil\fR(8) server answers with the number of recipient The \fBanvil\fR(8) server answers with the number of recipient
addresses per unit time for the (service, client) combination addresses per unit time for the (service, client) combination
specified with \fBident\fR: specified with \fBident\fR:
.PP
.in +4 .nf
\fBstatus=0\fR \fBstatus=0\fR
.br \fBrate=\fInumber\fR
\fBrate=\fInumber\fR .fi
.in
.SH "TLS SESSION NEGOTIATION RATE CONTROL" .SH "TLS SESSION NEGOTIATION RATE CONTROL"
.na .na
.nf .nf
@@ -120,41 +113,37 @@ Postfix 2.3 and later.
To register a request for a new (i.e. not cached) TLS session To register a request for a new (i.e. not cached) TLS session
send the following request to the \fBanvil\fR(8) server: send the following request to the \fBanvil\fR(8) server:
.PP
.in +4 .nf
\fBrequest=newtls\fR \fBrequest=newtls\fR
.br \fBident=\fIstring\fR
\fBident=\fIstring\fR .fi
.in
.PP
The \fBanvil\fR(8) server answers with the number of new The \fBanvil\fR(8) server answers with the number of new
TLS session requests per unit time for the (service, client) TLS session requests per unit time for the (service, client)
combination specified with \fBident\fR: combination specified with \fBident\fR:
.PP
.in +4 .nf
\fBstatus=0\fR \fBstatus=0\fR
.br \fBrate=\fInumber\fR
\fBrate=\fInumber\fR .fi
.in
.PP
To retrieve new TLS session request rate information without To retrieve new TLS session request rate information without
updating the counter information, send: updating the counter information, send:
.PP
.in +4 .nf
\fBrequest=newtls_report\fR \fBrequest=newtls_report\fR
.br \fBident=\fIstring\fR
\fBident=\fIstring\fR .fi
.in
.PP
The \fBanvil\fR(8) server answers with the number of new The \fBanvil\fR(8) server answers with the number of new
TLS session requests per unit time for the (service, client) TLS session requests per unit time for the (service, client)
combination specified with \fBident\fR: combination specified with \fBident\fR:
.PP
.in +4 .nf
\fBstatus=0\fR \fBstatus=0\fR
.br \fBrate=\fInumber\fR
\fBrate=\fInumber\fR .fi
.in
.SH "SECURITY" .SH "SECURITY"
.na .na
.nf .nf

25
postfix/man/man8/pipe.8
View File

@@ -37,9 +37,10 @@ or fax machines.
To prevent Postfix from sending multiple recipients per delivery To prevent Postfix from sending multiple recipients per delivery
request, specify request, specify
.sp
.ti +4 .nf
\fItransport\fB_destination_recipient_limit = 1\fR \fItransport\fB_destination_recipient_limit = 1\fR
.fi
in the Postfix \fBmain.cf\fR file, where \fItransport\fR in the Postfix \fBmain.cf\fR file, where \fItransport\fR
is the name in the first column of the Postfix \fBmaster.cf\fR is the name in the first column of the Postfix \fBmaster.cf\fR
@@ -145,17 +146,19 @@ Postfix. The empty sender address is not affected by the
Caution: a null sender address is easily mis-parsed by Caution: a null sender address is easily mis-parsed by
naive software. For example, when the \fBpipe\fR(8) daemon naive software. For example, when the \fBpipe\fR(8) daemon
executes a command such as: executes a command such as:
.sp
.ti +4 .nf
command -f$sender -- $recipient (\fIbad\fR) command -f$sender -- $recipient (\fIbad\fR)
.fi
.IP
the command will mis-parse the -f option value when the the command will mis-parse the -f option value when the
sender address is a null string. For correct parsing, sender address is a null string. For correct parsing,
specify \fB$sender\fR as an argument by itself: specify \fB$sender\fR as an argument by itself:
.sp
.ti +4 .nf
command -f $sender -- $recipient (\fIgood\fR) command -f $sender -- $recipient (\fIgood\fR)
.fi
.IP
This feature is available with Postfix 2.3 and later. This feature is available with Postfix 2.3 and later.
.IP "\fBsize\fR=\fIsize_limit\fR (optional)" .IP "\fBsize\fR=\fIsize_limit\fR (optional)"
Messages greater in size than this limit (in bytes) will Messages greater in size than this limit (in bytes) will

10
postfix/man/man8/proxymap.8
View File

@@ -22,18 +22,20 @@ reject mail for non-existent local addresses, but it is not
practical to maintain a copy of the passwd file in the chroot practical to maintain a copy of the passwd file in the chroot
jail. The solution: jail. The solution:
.sp .sp
.nf
local_recipient_maps = local_recipient_maps =
.ti +4 proxy:unix:passwd.byname $alias_maps
proxy:unix:passwd.byname $alias_maps .fi
.IP \(bu .IP \(bu
To consolidate the number of open lookup tables by sharing To consolidate the number of open lookup tables by sharing
one open table among multiple processes. For example, making one open table among multiple processes. For example, making
mysql connections from every Postfix daemon process results mysql connections from every Postfix daemon process results
in "too many connections" errors. The solution: in "too many connections" errors. The solution:
.sp .sp
.nf
virtual_alias_maps = virtual_alias_maps =
.ti +4 proxy:mysql:/etc/postfix/virtual_alias.cf
proxy:mysql:/etc/postfix/virtual_alias.cf .fi
.sp .sp
The total number of connections is limited by the number of The total number of connections is limited by the number of
proxymap server processes. proxymap server processes.

5
postfix/man/man8/virtual.8
View File

@@ -34,8 +34,9 @@ address as described under TABLE SEARCH ORDER below.
The mailbox pathname is constructed as follows: The mailbox pathname is constructed as follows:
.ti +2 .nf
\fB$virtual_mailbox_base/$virtual_mailbox_maps(\fIrecipient\fB)\fR \fB$virtual_mailbox_base/$virtual_mailbox_maps(\fIrecipient\fB)\fR
.fi
where \fIrecipient\fR is the full recipient address. where \fIrecipient\fR is the full recipient address.
.SH "UNIX MAILBOX FORMAT" .SH "UNIX MAILBOX FORMAT"

4
postfix/mantools/manspell
View File

@@ -3,5 +3,5 @@
for file for file
do do
echo ==== $file ==== echo ==== $file ====
deroff $file | spell deroff $file | spell | fgrep -vf proto/stop
done | fgrep -vf proto/stop done

43
postfix/proto/BACKSCATTER_README.html
View File

@@ -21,7 +21,10 @@ Backscatter Howto</h1>
<h2>Overview </h2> <h2>Overview </h2>
This document describes features that require Postfix version 2.0 This document describes features that require Postfix version 2.0
or later. or later. The examples use Perl Compatible Regular Expressions
(Postfix pcre: tables), but also provide a translation to POSIX
regular expressions (Postfix regexp: tables). PCRE is preferred
primarily because the implementation is often faster.</p>
<p> Topics covered in this document: </p> <p> Topics covered in this document: </p>
@@ -174,8 +177,8 @@ patterns like this: </p>
<blockquote> <blockquote>
<pre> <pre>
/etc/postfix/main.cf: /etc/postfix/main.cf:
header_checks = regexp:/etc/postfix/header_checks header_checks = pcre:/etc/postfix/header_checks
body_checks = regexp:/etc/postfix/body_checks body_checks = pcre:/etc/postfix/body_checks
/etc/postfix/header_checks: /etc/postfix/header_checks:
if /^Received:/ if /^Received:/
@@ -183,7 +186,7 @@ patterns like this: </p>
reject forged client name in Received: header: $1 reject forged client name in Received: header: $1
/^Received: +from +[^ ]+ +\(([^ ]+ +[he]+lo=|[he]+lo +)(porcupine\.org)\)/ /^Received: +from +[^ ]+ +\(([^ ]+ +[he]+lo=|[he]+lo +)(porcupine\.org)\)/
reject forged client name in Received: header: $2 reject forged client name in Received: header: $2
/^Received:.* +by +(porcupine\.org)[[:&gt;:]]/ /^Received:.* +by +(porcupine\.org)\b/
reject forged mail server name in Received: header: $1 reject forged mail server name in Received: header: $1
endif endif
/^Message-ID:.* &lt;!&amp;!/ DUNNO /^Message-ID:.* &lt;!&amp;!/ DUNNO
@@ -196,7 +199,7 @@ patterns like this: </p>
reject forged client name in Received: header: $1 reject forged client name in Received: header: $1
/^[&gt; ]*Received: +from +[^ ]+ +\(([^ ]+ +[he]+lo=|[he]+lo +)(porcupine\.org)\)/ /^[&gt; ]*Received: +from +[^ ]+ +\(([^ ]+ +[he]+lo=|[he]+lo +)(porcupine\.org)\)/
reject forged client name in Received: header: $2 reject forged client name in Received: header: $2
/^[&gt; ]*Received:.* +by +(porcupine\.org)[[:&gt;:]]/ /^[&gt; ]*Received:.* +by +(porcupine\.org)\b/
reject forged mail server name in Received: header: $1 reject forged mail server name in Received: header: $1
endif endif
/^[&gt; ]*Message-ID:.* &lt;!&amp;!/ DUNNO /^[&gt; ]*Message-ID:.* &lt;!&amp;!/ DUNNO
@@ -209,6 +212,9 @@ patterns like this: </p>
<ul> <ul>
<li> <p> The example uses pcre: tables mainly for speed; with minor
modifications, you can use regexp: tables as explained below. </p>
<li> <p> The example is simplified for educational purposes. In <li> <p> The example is simplified for educational purposes. In
reality my patterns list multiple domain names, as reality my patterns list multiple domain names, as
"<tt>(domain|domain|...)</tt>". </p> "<tt>(domain|domain|...)</tt>". </p>
@@ -220,9 +226,10 @@ the "<tt>\</tt>", the "<tt>.</tt>" would match any character. </p>
and "<tt>)</tt>" literally. Without the "<tt>\</tt>", the "<tt>(</tt>" and "<tt>)</tt>" literally. Without the "<tt>\</tt>", the "<tt>(</tt>"
and "<tt>)</tt>" would be grouping operators. </p> and "<tt>)</tt>" would be grouping operators. </p>
<li> <p> The "<tt>[[:&gt;:]]</tt>" matches the end of a word. On <li> <p> The "<tt>\b</tt>" is used here to match the end of a word.
some systems you should specify "<tt>\&gt;</tt>" instead. For details If you use regexp: tables, specify "<tt>[[:&gt;:]]</tt>" (on some
see your system documentation. </p> systems you should specify "<tt>\&gt;</tt>" instead; for details
see your system documentation).
<li> <p> The "if /pattern/" and "endif" eliminate unnecessary <li> <p> The "if /pattern/" and "endif" eliminate unnecessary
matching attempts. DO NOT indent lines starting with /pattern/ matching attempts. DO NOT indent lines starting with /pattern/
@@ -311,15 +318,15 @@ and is very easy to stop.
<blockquote> <blockquote>
<pre> <pre>
/etc/postfix/main.cf: /etc/postfix/main.cf:
header_checks = regexp:/etc/postfix/header_checks header_checks = pcre:/etc/postfix/header_checks
body_checks = regexp:/etc/postfix/body_checks body_checks = pcre:/etc/postfix/body_checks
/etc/postfix/header_checks: /etc/postfix/header_checks:
/^(From|Return-Path):.*[[:&lt;:]](user@domain\.tld)[[:&gt;:]]/ /^(From|Return-Path):.*\b(user@domain\.tld)\b/
reject forged sender address in $1: header: $2 reject forged sender address in $1: header: $2
/etc/postfix/body_checks: /etc/postfix/body_checks:
/^[&gt; ]*(From|Return-Path):.*[[:&lt;:]](user@domain\.tld)[[:&gt;:]]/ /^[&gt; ]*(From|Return-Path):.*\b(user@domain\.tld)\b/
reject forged sender address in $1: header: $2 reject forged sender address in $1: header: $2
</pre> </pre>
</blockquote> </blockquote>
@@ -328,14 +335,18 @@ and is very easy to stop.
<ul> <ul>
<li> <p> The example uses pcre: tables mainly for speed; with minor
modifications, you can use regexp: tables as explained below. </p>
<li> <p> The example is simplified for educational purposes. In <li> <p> The example is simplified for educational purposes. In
reality, my patterns list multiple email addresses as reality, my patterns list multiple email addresses as
"<tt>(user1@domain1\.tld|user2@domain2\.tld)</tt>". </p> "<tt>(user1@domain1\.tld|user2@domain2\.tld)</tt>". </p>
<li> <p> The "<tt>[[:&lt;:]]</tt>" and "<tt>[[:&gt;:]]</tt>" match <li> <p> The two "<tt>\b</tt>" as used in "<tt>\b(user@domain\.tld)\b</tt>"
the beginning and end of a word, respectively. On some systems you match the beginning and end of a word, respectively. If you use
should specify "<tt>\&lt;</tt>" and "<tt>\&gt;</tt>" instead. For regexp: tables, specify "<tt>[[:&lt;:]]</tt> and <tt>[[:&gt;:]]</tt>"
details see your system documentation. </p> (on some systems you should specify "<tt>\&lt;</tt> and <tt>\&gt;</tt>"
instead; for details see your system documentation). </p>
<li> <p> The "<tt>\.</tt>" matches "<tt>.</tt>" literally. Without <li> <p> The "<tt>\.</tt>" matches "<tt>.</tt>" literally. Without
the "<tt>\</tt>", the "<tt>.</tt>" would match any character. </p> the "<tt>\</tt>", the "<tt>.</tt>" would match any character. </p>

1
postfix/proto/INSTALL.html
View File

@@ -149,6 +149,7 @@ Linux Debian 1.3.1, 2.x, 3.x <br>
Linux RedHat 3.x (January 2004) - 9.x <br> Linux RedHat 3.x (January 2004) - 9.x <br>
Linux Slackware 3.x, 4.x, 7.x <br> Linux Slackware 3.x, 4.x, 7.x <br>
Linux SuSE 5.x, 6.x, 7.x <br> Linux SuSE 5.x, 6.x, 7.x <br>
Linux Ubuntu 4.10..7.04<br>
Mac OS X <br> Mac OS X <br>
NEXTSTEP 3.x <br> NEXTSTEP 3.x <br>
NetBSD 1.x <br> NetBSD 1.x <br>

3
postfix/proto/MILTER_README.html
View File

@@ -708,9 +708,6 @@ text below: </p>
<li> <p> This was tested with sid-milter-0.2.10 and sid-milter-0.2.14. </p> <li> <p> This was tested with sid-milter-0.2.10 and sid-milter-0.2.14. </p>
<li> <p> This fixes only the ugly message header, but not the WARNING
message. Fortunately, sid-milter logs that message only once. </p>
</ul> </ul>
<p> To fix the ugly message header with other Milter applications, <p> To fix the ugly message header with other Milter applications,

11
postfix/proto/OVERVIEW.html
View File

@@ -460,12 +460,13 @@ bgcolor="#f0f0ff"> <br> smtpd(8)<br><br> </td> <td> <tt> &lt;-&gt;
</table> </table>
<li> <p> The bounce(8), defer(8) and trace(8) servers each maintain <li> <p> The bounce(8), defer(8) and trace(8) services each maintain
their own queue directory trees with per-message logfiles. This their own queue directory trees with per-message logfiles. Postfix
information is used to send delivery or non-delivery notifications uses this information when sending "failed", "delayed" or "success"
to the sender. </p> delivery status notifications to the sender. </p>
<p> The trace(8) service implements support for the Postfix "sendmail <p> The trace(8) service also implements support for the Postfix
"sendmail
-bv" and "sendmail -v" commands which produce reports about how -bv" and "sendmail -v" commands which produce reports about how
Postfix delivers mail, and is available with Postfix version 2.1 Postfix delivers mail, and is available with Postfix version 2.1
and later. See <a href="DEBUG_README.html#trace_mail"> DEBUG_README and later. See <a href="DEBUG_README.html#trace_mail"> DEBUG_README

17
postfix/proto/access
View File

@@ -362,20 +362,17 @@
# "\fBpostconf -m\fR" to find out what lookup tables Postfix # "\fBpostconf -m\fR" to find out what lookup tables Postfix
# supports on your system. # supports on your system.
# #
# .na
# .nf # .nf
# .na
# /etc/postfix/main.cf: # /etc/postfix/main.cf:
# .in +4 # smtpd_client_restrictions =
# smtpd_client_restrictions = # check_client_access hash:/etc/postfix/access
# .in +4
# check_client_access hash:/etc/postfix/access
# #
# .in -8
# /etc/postfix/access: # /etc/postfix/access:
# .in +4 # 1.2.3 REJECT
# 1.2.3 REJECT # 1.2.3.4 OK
# 1.2.3.4 OK # .fi
# .in -4 # .ad
# #
# Execute the command "\fBpostmap /etc/postfix/access\fR" after # Execute the command "\fBpostmap /etc/postfix/access\fR" after
# editing the file. # editing the file.

5
postfix/proto/aliases
View File

@@ -31,8 +31,9 @@
# .IP \(bu # .IP \(bu
# An alias definition has the form # An alias definition has the form
# .sp # .sp
# .ti +5 # .nf
# \fIname\fR: \fIvalue1\fR, \fIvalue2\fR, \fI...\fR # \fIname\fR: \fIvalue1\fR, \fIvalue2\fR, \fI...\fR
# .fi
# .IP \(bu # .IP \(bu
# Empty lines and whitespace-only lines are ignored, as # Empty lines and whitespace-only lines are ignored, as
# are lines whose first non-whitespace character is a `#'. # are lines whose first non-whitespace character is a `#'.

49
postfix/proto/bounce
View File

@@ -32,8 +32,9 @@
# To preview the results of $\fIname\fR expansions in the # To preview the results of $\fIname\fR expansions in the
# template text, use the command # template text, use the command
# #
# .ti +4 # .nf
# \fBpostconf -b\fR \fItemporary_file\fR # \fBpostconf -b\fR \fItemporary_file\fR
# .fi
# #
# Errors in the template will be reported to the standard # Errors in the template will be reported to the standard
# error stream and to the syslog daemon. # error stream and to the syslog daemon.
@@ -46,9 +47,10 @@
# Postfix configuration directory and specify in main.cf # Postfix configuration directory and specify in main.cf
# something like: # something like:
# #
# .nf
# /etc/postfix/main.cf: # /etc/postfix/main.cf:
# .ti +4
# bounce_template_file = /etc/postfix/bounce.cf # bounce_template_file = /etc/postfix/bounce.cf
# .fi
# TEMPLATE FILE FORMAT # TEMPLATE FILE FORMAT
# .ad # .ad
# .fi # .fi
@@ -66,32 +68,27 @@
# it in quotes as with the shell or with Perl (\fItemplate_name\fB # it in quotes as with the shell or with Perl (\fItemplate_name\fB
# = <<'EOF'\fR). Here is an example: # = <<'EOF'\fR). Here is an example:
# #
# .in +4
# .nf # .nf
# .na # # The failure template is used for undeliverable mail.
# # The failure template is used for undeliverable mail.
# #
# failure_template = <<EOF # failure_template = <<EOF
# Charset: us-ascii # Charset: us-ascii
# From: MAILER-DAEMON (Mail Delivery System) # From: MAILER-DAEMON (Mail Delivery System)
# Subject: Undelivered Mail Returned to Sender # Subject: Undelivered Mail Returned to Sender
# Postmaster-Subject: Postmaster Copy: Undelivered Mail # Postmaster-Subject: Postmaster Copy: Undelivered Mail
# #
# This is the mail system at host $myhostname. # This is the mail system at host $myhostname.
# #
# I'm sorry to have to inform you that your message could not # I'm sorry to have to inform you that your message could not
# be delivered to one or more recipients. It's attached below. # be delivered to one or more recipients. It's attached below.
# #
# For further assistance, please send mail to postmaster. # For further assistance, please send mail to postmaster.
# #
# If you do so, please include this problem report. You can # If you do so, please include this problem report. You can
# delete your own text from the attached returned message. # delete your own text from the attached returned message.
# #
# .ti +12 # The mail system
# The mail system # EOF
# EOF
# .in -4
# .ad
# .fi # .fi
# .PP # .PP
# The usage and specification of bounce templates is # The usage and specification of bounce templates is

5
postfix/proto/canonical
View File

@@ -101,8 +101,9 @@
# to recipient addresses, the Postfix SMTP server accepts # to recipient addresses, the Postfix SMTP server accepts
# mail for any recipient in \fIdomain\fR, regardless of whether # mail for any recipient in \fIdomain\fR, regardless of whether
# that recipient exists. This may turn your mail system into # that recipient exists. This may turn your mail system into
# a backscatter source that returns undeliverable spam to # a backscatter source: Postfix first accepts mail for
# innocent people. # non-existent recipients and then tries to return that mail
# as "undeliverable" to the often forged sender address.
# RESULT ADDRESS REWRITING # RESULT ADDRESS REWRITING
# .ad # .ad
# .fi # .fi

15
postfix/proto/cidr_table
View File

@@ -58,17 +58,16 @@
# Patterns are applied in the order as specified in the table, until a # Patterns are applied in the order as specified in the table, until a
# pattern is found that matches the search string. # pattern is found that matches the search string.
# EXAMPLE SMTPD ACCESS MAP # EXAMPLE SMTPD ACCESS MAP
# .nf
# /etc/postfix/main.cf: # /etc/postfix/main.cf:
# .ti +4 # smtpd_client_restrictions = ... cidr:/etc/postfix/client.cidr ...
# smtpd_client_restrictions = ... cidr:/etc/postfix/client.cidr ...
# #
# /etc/postfix/client.cidr: # /etc/postfix/client.cidr:
# .in +4 # # Rule order matters. Put more specific whitelist entries
# # Rule order matters. Put more specific whitelist entries # # before more general blacklist entries.
# # before more general blacklist entries. # 192.168.1.1 OK
# 192.168.1.1 OK # 192.168.0.0/16 REJECT
# 192.168.0.0/16 REJECT # .fi
# .in -4
# SEE ALSO # SEE ALSO
# postmap(1), Postfix lookup table manager # postmap(1), Postfix lookup table manager
# regexp_table(5), format of regular expression tables # regexp_table(5), format of regular expression tables

4
postfix/proto/generic
View File

@@ -152,16 +152,12 @@
# .na # .na
# .nf # .nf
# /etc/postfix/main.cf: # /etc/postfix/main.cf:
# .in +4
# smtp_generic_maps = hash:/etc/postfix/generic # smtp_generic_maps = hash:/etc/postfix/generic
# .in -4
# #
# /etc/postfix/generic: # /etc/postfix/generic:
# .in +4
# his@localdomain.local hisaccount@hisisp.example # his@localdomain.local hisaccount@hisisp.example
# her@localdomain.local heraccount@herisp.example # her@localdomain.local heraccount@herisp.example
# @localdomain.local hisaccount+local@hisisp.example # @localdomain.local hisaccount+local@hisisp.example
# .in -4
# #
# .ad # .ad
# .fi # .fi

33
postfix/proto/header_checks
View File

@@ -4,17 +4,15 @@
# SUMMARY # SUMMARY
# Postfix built-in content inspection # Postfix built-in content inspection
# SYNOPSIS # SYNOPSIS
# .nf
# \fBheader_checks = pcre:/etc/postfix/header_checks\fR # \fBheader_checks = pcre:/etc/postfix/header_checks\fR
# .br
# \fBmime_header_checks = pcre:/etc/postfix/mime_header_checks\fR # \fBmime_header_checks = pcre:/etc/postfix/mime_header_checks\fR
# .br
# \fBnested_header_checks = pcre:/etc/postfix/nested_header_checks\fR # \fBnested_header_checks = pcre:/etc/postfix/nested_header_checks\fR
# .br
# \fBbody_checks = pcre:/etc/postfix/body_checks\fR # \fBbody_checks = pcre:/etc/postfix/body_checks\fR
# .sp # .sp
# \fBpostmap -q "\fIstring\fB" pcre:/etc/postfix/\fIfilename\fR # \fBpostmap -q "\fIstring\fB" pcre:/etc/postfix/\fIfilename\fR
# .br
# \fBpostmap -q - pcre:/etc/postfix/\fIfilename\fR <\fIinputfile\fR # \fBpostmap -q - pcre:/etc/postfix/\fIfilename\fR <\fIinputfile\fR
# .fi
# DESCRIPTION # DESCRIPTION
# This document describes access control on the content of # This document describes access control on the content of
# message headers and message body lines; it is implemented # message headers and message body lines; it is implemented
@@ -60,6 +58,13 @@
# Note: message headers are examined one logical header at a time, # Note: message headers are examined one logical header at a time,
# even when a message header spans multiple lines. Body lines are # even when a message header spans multiple lines. Body lines are
# always examined one line at a time. # always examined one line at a time.
# COMPATIBILITY
# .ad
# .fi
# With Postfix version 2.2 and earlier specify "\fBpostmap
# -fq\fR" to query a table that contains case sensitive
# patterns. By default, regexp: and pcre: patterns are case
# insensitive.
# TABLE FORMAT # TABLE FORMAT
# .ad # .ad
# .fi # .fi
@@ -284,7 +289,7 @@
# to the next line. # to the next line.
# .IP \(bu # .IP \(bu
# If text in the message body is encoded # If text in the message body is encoded
# (RFC 2045) then the rules have to specified for the encoded # (RFC 2045) then the rules need to be specified for the encoded
# form. # form.
# .IP \(bu # .IP \(bu
# Likewise, when message headers are encoded (RFC # Likewise, when message headers are encoded (RFC
@@ -337,14 +342,11 @@
# .na # .na
# .nf # .nf
# /etc/postfix/main.cf: # /etc/postfix/main.cf:
# .ti +4 # header_checks = regexp:/etc/postfix/header_checks
# header_checks = regexp:/etc/postfix/header_checks
# #
# /etc/postfix/header_checks: # /etc/postfix/header_checks:
# .ti +4 # /^content-(type|disposition):.*name[[:space:]]*=.*\\.(exe|vbs)/
# /^content-(type|disposition):.*name[[:space:]]*=.*\\.(exe|vbs)/ # REJECT Bad attachment file name extension: $2
# .ti +8
# REJECT Bad attachment file name extension: $2
# #
# .ad # .ad
# .fi # .fi
@@ -353,14 +355,11 @@
# .na # .na
# .nf # .nf
# /etc/postfix/main.cf: # /etc/postfix/main.cf:
# .ti +4 # body_checks = regexp:/etc/postfix/body_checks
# body_checks = regexp:/etc/postfix/body_checks
# #
# /etc/postfix/body_checks: # /etc/postfix/body_checks:
# .ti +4 # /^<iframe src=(3D)?cid:.* height=(3D)?0 width=(3D)?0>$/
# /^<iframe src=(3D)?cid:.* height=(3D)?0 width=(3D)?0>$/ # REJECT IFRAME vulnerability exploit
# .ti +8
# REJECT IFRAME vulnerability exploit
# SEE ALSO # SEE ALSO
# cleanup(8), canonicalize and enqueue Postfix message # cleanup(8), canonicalize and enqueue Postfix message
# pcre_table(5), format of PCRE lookup tables # pcre_table(5), format of PCRE lookup tables

151
postfix/proto/ldap_table
View File

@@ -17,8 +17,9 @@
# In order to use LDAP lookups, define an LDAP source as a lookup # In order to use LDAP lookups, define an LDAP source as a lookup
# table in main.cf, for example: # table in main.cf, for example:
# #
# .ti +4 # .nf
# alias_maps = ldap:/etc/postfix/ldap-aliases.cf # alias_maps = ldap:/etc/postfix/ldap-aliases.cf
# .fi
# #
# The file /etc/postfix/ldap-aliases.cf has the same format as # The file /etc/postfix/ldap-aliases.cf has the same format as
# the Postfix main.cf file, and can specify the parameters # the Postfix main.cf file, and can specify the parameters
@@ -79,19 +80,17 @@
# #
# For example, NEVER do this in a map defining $mydestination: # For example, NEVER do this in a map defining $mydestination:
# #
# .in +4 # .nf
# query_filter = domain=* # query_filter = domain=*
# .br # result_attribute = domain
# result_attribute = domain # .fi
# .in -4
# #
# Do this instead: # Do this instead:
# #
# .in +4 # .nf
# query_filter = domain=%s # query_filter = domain=%s
# .br # result_attribute = domain
# result_attribute = domain # .fi
# .in -4
# GENERAL LDAP PARAMETERS # GENERAL LDAP PARAMETERS
# .ad # .ad
# .fi # .fi
@@ -102,8 +101,9 @@
# .IP "\fBserver_host (default: localhost)\fR" # .IP "\fBserver_host (default: localhost)\fR"
# The name of the host running the LDAP server, e.g. # The name of the host running the LDAP server, e.g.
# #
# .ti +4 # .nf
# server_host = ldap.example.com # server_host = ldap.example.com
# .fi
# #
# Depending on the LDAP client library you're using, it should # Depending on the LDAP client library you're using, it should
# be possible to specify multiple servers here, with the library # be possible to specify multiple servers here, with the library
@@ -111,41 +111,45 @@
# be possible to give each server in the list a different port # be possible to give each server in the list a different port
# (overriding \fBserver_port\fR below), by naming them like # (overriding \fBserver_port\fR below), by naming them like
# #
# .ti +4 # .nf
# server_host = ldap.example.com:1444 # server_host = ldap.example.com:1444
# .fi
# #
# With OpenLDAP, a (list of) LDAP URLs can be used to specify both # With OpenLDAP, a (list of) LDAP URLs can be used to specify both
# the hostname(s) and the port(s): # the hostname(s) and the port(s):
# #
# .ti +4 # .nf
# server_host = ldap://ldap.example.com:1444 # server_host = ldap://ldap.example.com:1444
# .ti +8 # ldap://ldap2.example.com:1444
# ldap://ldap2.example.com:1444 # .fi
# #
# All LDAP URLs accepted by the OpenLDAP library are supported, # All LDAP URLs accepted by the OpenLDAP library are supported,
# including connections over UNIX domain sockets, and LDAP SSL # including connections over UNIX domain sockets, and LDAP SSL
# (the last one provided that OpenLDAP was compiled with support # (the last one provided that OpenLDAP was compiled with support
# for SSL): # for SSL):
# #
# .ti +4 # .nf
# server_host = ldapi://%2Fsome%2Fpath # server_host = ldapi://%2Fsome%2Fpath
# .ti +8 # ldaps://ldap.example.com:636
# ldaps://ldap.example.com:636 # .fi
# .IP "\fBserver_port (default: 389)\fR" # .IP "\fBserver_port (default: 389)\fR"
# The port the LDAP server listens on, e.g. # The port the LDAP server listens on, e.g.
# #
# .ti +4 # .nf
# server_port = 778 # server_port = 778
# .fi
# .IP "\fBtimeout (default: 10 seconds)\fR" # .IP "\fBtimeout (default: 10 seconds)\fR"
# The number of seconds a search can take before timing out, e.g. # The number of seconds a search can take before timing out, e.g.
# #
# .ti +4 # .fi
# timeout = 5 # timeout = 5
# .fi
# .IP "\fBsearch_base (No default; you must configure this)\fR" # .IP "\fBsearch_base (No default; you must configure this)\fR"
# The RFC2253 base DN at which to conduct the search, e.g. # The RFC2253 base DN at which to conduct the search, e.g.
# #
# .ti +4 # .nf
# search_base = dc=your, dc=com # search_base = dc=your, dc=com
# .fi
# .IP # .IP
# With Postfix 2.2 and later this parameter supports the # With Postfix 2.2 and later this parameter supports the
# following '%' expansions: # following '%' expansions:
@@ -187,8 +191,9 @@
# is a substitute for the address Postfix is trying to resolve, # is a substitute for the address Postfix is trying to resolve,
# e.g. # e.g.
# #
# .ti +4 # .nf
# query_filter = (&(mail=%s)(paid_up=true)) # query_filter = (&(mail=%s)(paid_up=true))
# .fi
# #
# This parameter supports the following '%' expansions: # This parameter supports the following '%' expansions:
# .RS # .RS
@@ -297,8 +302,9 @@
# and "@domain" lookups are not performed. This can significantly # and "@domain" lookups are not performed. This can significantly
# reduce the query load on the LDAP server. # reduce the query load on the LDAP server.
# #
# .ti +4 # .nf
# domain = postfix.org, hash:/etc/postfix/searchdomains # domain = postfix.org, hash:/etc/postfix/searchdomains
# .fi
# #
# It is best not to use LDAP to store the domains eligible # It is best not to use LDAP to store the domains eligible
# for LDAP lookups. # for LDAP lookups.
@@ -311,15 +317,17 @@
# entries returned by the lookup, to be resolved to an email # entries returned by the lookup, to be resolved to an email
# address. # address.
# #
# .ti +4 # .nf
# result_attribute = mailbox, maildrop # result_attribute = mailbox, maildrop
# .fi
# .IP "\fBspecial_result_attribute (default: empty)\fR" # .IP "\fBspecial_result_attribute (default: empty)\fR"
# The attribute(s) of directory entries that can contain DNs # The attribute(s) of directory entries that can contain DNs
# or URLs. If found, a recursive subsequent search is done # or URLs. If found, a recursive subsequent search is done
# using their values. # using their values.
# #
# .ti +4 # .nf
# special_result_attribute = memberdn # special_result_attribute = memberdn
# .fi
# #
# DN recursion retrieves the same result_attributes as the # DN recursion retrieves the same result_attributes as the
# main query, including the special attributes for further # main query, including the special attributes for further
@@ -337,8 +345,9 @@
# where the group is expanded, possibly via mailing-list manager or # where the group is expanded, possibly via mailing-list manager or
# other special processing. # other special processing.
# #
# .ti +4 # .nf
# terminal_result_attribute = maildrop # terminal_result_attribute = maildrop
# .fi
# #
# This feature is available with Postfix 2.4 or later. # This feature is available with Postfix 2.4 or later.
# .IP "\fBleaf_result_attribute (default: empty)\fR" # .IP "\fBleaf_result_attribute (default: empty)\fR"
@@ -358,15 +367,12 @@
# The attributes that represent the email addresses of objects # The attributes that represent the email addresses of objects
# referenced via a DN (or LDAP URI) go in "leaf_result_attribute". # referenced via a DN (or LDAP URI) go in "leaf_result_attribute".
# #
# .in +4 # .nf
# result_attribute = memberaddr # result_attribute = memberaddr
# .br # special_result_attribute = memberdn
# special_result_attribute = memberdn # terminal_result_attribute = maildrop
# .br # leaf_result_attribute = mail
# terminal_result_attribute = maildrop # .fi
# .br
# leaf_result_attribute = mail
# .in -4
# #
# This feature is available with Postfix 2.4 or later. # This feature is available with Postfix 2.4 or later.
# .IP "\fBscope (default: sub)\fR" # .IP "\fBscope (default: sub)\fR"
@@ -378,8 +384,9 @@
# implementations don't require clients to bind, which saves # implementations don't require clients to bind, which saves
# time. Example: # time. Example:
# #
# .ti +4 # .nf
# bind = no # bind = no
# .fi
# #
# If you do need to bind, you might consider configuring # If you do need to bind, you might consider configuring
# Postfix to connect to the local machine on a port that's # Postfix to connect to the local machine on a port that's
@@ -391,8 +398,9 @@
# .IP "\fBbind_dn (default: empty)\fR" # .IP "\fBbind_dn (default: empty)\fR"
# If you do have to bind, do it with this distinguished name. Example: # If you do have to bind, do it with this distinguished name. Example:
# #
# .ti +4 # .nf
# bind_dn = uid=postfix, dc=your, dc=com # bind_dn = uid=postfix, dc=your, dc=com
# .fi
# .IP "\fBbind_pw (default: empty)\fR" # .IP "\fBbind_pw (default: empty)\fR"
# The password for the distinguished name above. If you have # The password for the distinguished name above. If you have
# to use this, you probably want to make the map configuration # to use this, you probably want to make the map configuration
@@ -403,8 +411,9 @@
# to allow local accounts to submit mail via the sendmail # to allow local accounts to submit mail via the sendmail
# command. Example: # command. Example:
# #
# .ti +4 # .nf
# bind_pw = postfixpw # bind_pw = postfixpw
# .fi
# .IP "\fBcache (IGNORED with a warning)\fR" # .IP "\fBcache (IGNORED with a warning)\fR"
# .IP "\fBcache_expiry (IGNORED with a warning)\fR" # .IP "\fBcache_expiry (IGNORED with a warning)\fR"
# .IP "\fBcache_size (IGNORED with a warning)\fR" # .IP "\fBcache_size (IGNORED with a warning)\fR"
@@ -471,19 +480,22 @@
# LDAP SSL service can be requested by using a LDAP SSL URL # LDAP SSL service can be requested by using a LDAP SSL URL
# in the server_host parameter: # in the server_host parameter:
# #
# .ti +4 # .nf
# server_host = ldaps://ldap.example.com:636 # server_host = ldaps://ldap.example.com:636
# .fi
# #
# STARTTLS can be turned on with the start_tls parameter: # STARTTLS can be turned on with the start_tls parameter:
# #
# .ti +4 # .nf
# start_tls = yes # start_tls = yes
# .fi
# #
# Both forms require LDAP protocol version 3, which has to be set # Both forms require LDAP protocol version 3, which has to be set
# explicitly with: # explicitly with:
# #
# .ti +4 # .nf
# version = 3 # version = 3
# .fi
# #
# If any of the Postfix programs querying the map is configured in # If any of the Postfix programs querying the map is configured in
# master.cf to run chrooted, all the certificates and keys involved # master.cf to run chrooted, all the certificates and keys involved
@@ -534,18 +546,17 @@
# aliases. # aliases.
# Assume that in main.cf, you have: # Assume that in main.cf, you have:
# #
# .ti +4 # .nf
# alias_maps = hash:/etc/aliases, # alias_maps = hash:/etc/aliases,
# .ti +8 # ldap:/etc/postfix/ldap-aliases.cf
# ldap:/etc/postfix/ldap-aliases.cf # .fi
# #
# and in ldap:/etc/postfix/ldap-aliases.cf you have: # and in ldap:/etc/postfix/ldap-aliases.cf you have:
# #
# .in +4 # .nf
# server_host = ldap.example.com # server_host = ldap.example.com
# .br # search_base = dc=example, dc=com
# search_base = dc=example, dc=com # .fi
# .in -4
# #
# Upon receiving mail for a local address "ldapuser" that # Upon receiving mail for a local address "ldapuser" that
# isn't found in the /etc/aliases database, Postfix will # isn't found in the /etc/aliases database, Postfix will

104
postfix/proto/mysql_table
View File

@@ -15,8 +15,9 @@
# Alternatively, lookup tables can be specified as MySQL databases. # Alternatively, lookup tables can be specified as MySQL databases.
# In order to use MySQL lookups, define a MySQL source as a lookup # In order to use MySQL lookups, define a MySQL source as a lookup
# table in main.cf, for example: # table in main.cf, for example:
# .ti +4 # .nf
# alias_maps = mysql:/etc/mysql-aliases.cf # alias_maps = mysql:/etc/mysql-aliases.cf
# .fi
# #
# The file /etc/postfix/mysql-aliases.cf has the same format as # The file /etc/postfix/mysql-aliases.cf has the same format as
# the Postfix main.cf file, and can specify the parameters # the Postfix main.cf file, and can specify the parameters
@@ -48,14 +49,12 @@
# The old interface will be gradually phased out. To migrate to # The old interface will be gradually phased out. To migrate to
# the new interface set: # the new interface set:
# #
# .ti +4 # .nf
# \fBquery\fR = SELECT [\fIselect_field\fR] # \fBquery\fR = SELECT [\fIselect_field\fR]
# .ti +8 # FROM [\fItable\fR]
# FROM [\fItable\fR] # WHERE [\fIwhere_field\fR] = '%s'
# .ti +8 # [\fIadditional_conditions\fR]
# WHERE [\fIwhere_field\fR] = '%s' # .fi
# .ti +12
# [\fIadditional_conditions\fR]
# #
# Insert the value, not the name, of each legacy parameter. Note # Insert the value, not the name, of each legacy parameter. Note
# that the \fBadditional_conditions\fR parameter is optional # that the \fBadditional_conditions\fR parameter is optional
@@ -85,10 +84,10 @@
# The hosts that Postfix will try to connect to and query from. # The hosts that Postfix will try to connect to and query from.
# Specify \fIunix:\fR for UNIX domain sockets, \fIinet:\fR for TCP # Specify \fIunix:\fR for UNIX domain sockets, \fIinet:\fR for TCP
# connections (default). Example: # connections (default). Example:
# .ti +4 # .nf
# hosts = host1.some.domain host2.some.domain # hosts = host1.some.domain host2.some.domain
# .ti +4 # hosts = unix:/file/name
# hosts = unix:/file/name # .fi
# #
# The hosts are tried in random order, with all connections over # The hosts are tried in random order, with all connections over
# UNIX domain sockets being tried before those over TCP. The # UNIX domain sockets being tried before those over TCP. The
@@ -100,26 +99,28 @@
# prefix it with \fIinet:\fR), MySQL will connect to the default # prefix it with \fIinet:\fR), MySQL will connect to the default
# UNIX domain socket. In order to instruct MySQL to connect to # UNIX domain socket. In order to instruct MySQL to connect to
# localhost over TCP you have to specify # localhost over TCP you have to specify
# .ti +4 # .nf
# hosts = 127.0.0.1 # hosts = 127.0.0.1
# .fi
# .IP "\fBuser, password\fR" # .IP "\fBuser, password\fR"
# The user name and password to log into the mysql server. # The user name and password to log into the mysql server.
# Example: # Example:
# .in +4 # .nf
# user = someone # user = someone
# .br # password = some_password
# password = some_password # .fi
# .in -4
# .IP "\fBdbname\fR" # .IP "\fBdbname\fR"
# The database name on the servers. Example: # The database name on the servers. Example:
# .ti +4 # .nf
# dbname = customer_database # dbname = customer_database
# .fi
# .IP "\fBquery\fR" # .IP "\fBquery\fR"
# The SQL query template used to search the database, where \fB%s\fR # The SQL query template used to search the database, where \fB%s\fR
# is a substitute for the address Postfix is trying to resolve, # is a substitute for the address Postfix is trying to resolve,
# e.g. # e.g.
# .ti +4 # .nf
# query = SELECT replacement FROM aliases WHERE mailbox = '%s' # query = SELECT replacement FROM aliases WHERE mailbox = '%s'
# .fi
# #
# This parameter supports the following '%' expansions: # This parameter supports the following '%' expansions:
# .RS # .RS
@@ -166,14 +167,12 @@
# \fBadditional_conditions\fR. The mapping from the old parameters # \fBadditional_conditions\fR. The mapping from the old parameters
# to the equivalent query is: # to the equivalent query is:
# #
# .ti +4 # .nf
# SELECT [\fBselect_field\fR] # SELECT [\fBselect_field\fR]
# .ti +4 # FROM [\fBtable\fR]
# FROM [\fBtable\fR] # WHERE [\fBwhere_field\fR] = '%s'
# .ti +4 # [\fBadditional_conditions\fR]
# WHERE [\fBwhere_field\fR] = '%s' # .fi
# .ti +10
# [\fBadditional_conditions\fR]
# #
# The '%s' in the \fBWHERE\fR clause expands to the escaped search string. # The '%s' in the \fBWHERE\fR clause expands to the escaped search string.
# With Postfix 2.2 these legacy parameters are used if the \fBquery\fR # With Postfix 2.2 these legacy parameters are used if the \fBquery\fR
@@ -229,8 +228,9 @@
# are eligible for lookup: 'user' lookups, bare domain lookups # are eligible for lookup: 'user' lookups, bare domain lookups
# and "@domain" lookups are not performed. This can significantly # and "@domain" lookups are not performed. This can significantly
# reduce the query load on the MySQL server. # reduce the query load on the MySQL server.
# .ti +4 # .nf
# domain = postfix.org, hash:/etc/postfix/searchdomains # domain = postfix.org, hash:/etc/postfix/searchdomains
# .fi
# #
# It is best not to use SQL to store the domains eligible # It is best not to use SQL to store the domains eligible
# for SQL lookups. # for SQL lookups.
@@ -250,14 +250,12 @@
# The following parameters can be used to fill in a # The following parameters can be used to fill in a
# SELECT template statement of the form: # SELECT template statement of the form:
# #
# .ti +4 # .nf
# SELECT [\fBselect_field\fR] # SELECT [\fBselect_field\fR]
# .ti +4 # FROM [\fBtable\fR]
# FROM [\fBtable\fR] # WHERE [\fBwhere_field\fR] = '%s'
# .ti +4 # [\fBadditional_conditions\fR]
# WHERE [\fBwhere_field\fR] = '%s' # .fi
# .ti +10
# [\fBadditional_conditions\fR]
# #
# The specifier %s is replaced by the search string, and is # The specifier %s is replaced by the search string, and is
# escaped so if it contains single quotes or other odd characters, # escaped so if it contains single quotes or other odd characters,
@@ -270,20 +268,24 @@
# interface may be removed in a future release. # interface may be removed in a future release.
# .IP "\fBselect_field\fR" # .IP "\fBselect_field\fR"
# The SQL "select" parameter. Example: # The SQL "select" parameter. Example:
# .ti +4 # .nf
# \fBselect_field\fR = forw_addr # \fBselect_field\fR = forw_addr
# .fi
# .IP "\fBtable\fR" # .IP "\fBtable\fR"
# The SQL "select .. from" table name. Example: # The SQL "select .. from" table name. Example:
# .ti +4 # .nf
# \fBtable\fR = mxaliases # \fBtable\fR = mxaliases
# .fi
# .IP "\fBwhere_field\fR # .IP "\fBwhere_field\fR
# The SQL "select .. where" parameter. Example: # The SQL "select .. where" parameter. Example:
# .ti +4 # .nf
# \fBwhere_field\fR = alias # \fBwhere_field\fR = alias
# .fi
# .IP "\fBadditional_conditions\fR # .IP "\fBadditional_conditions\fR
# Additional conditions to the SQL query. Example: # Additional conditions to the SQL query. Example:
# .ti +4 # .nf
# \fBadditional_conditions\fR = AND status = 'paid' # \fBadditional_conditions\fR = AND status = 'paid'
# .fi
# SEE ALSO # SEE ALSO
# postmap(1), Postfix lookup table maintenance # postmap(1), Postfix lookup table maintenance
# postconf(5), configuration parameters # postconf(5), configuration parameters

13
postfix/proto/nisplus_table
View File

@@ -24,8 +24,9 @@
# Most of the NIS+ query is specified via the NIS+ map name. The # Most of the NIS+ query is specified via the NIS+ map name. The
# general format of a Postfix NIS+ map name is as follows: # general format of a Postfix NIS+ map name is as follows:
# #
# .ti +4 # .fi
# \fBnisplus:[\fIname\fB=%s];\fIname.name.name\fB.:\fIcolumn\fR # \fBnisplus:[\fIname\fB=%s];\fIname.name.name\fB.:\fIcolumn\fR
# .fi
# #
# Postfix NIS+ map names differ from what one normally # Postfix NIS+ map names differ from what one normally
# would use with commands such as \fBniscat\fR: # would use with commands such as \fBniscat\fR:
@@ -44,13 +45,13 @@
# of the table column that provides the lookup result. When # of the table column that provides the lookup result. When
# no ":\fIcolumn\fR" is specified the first column (1) is used. # no ":\fIcolumn\fR" is specified the first column (1) is used.
# EXAMPLE # EXAMPLE
# .ad
# .fi
# A NIS+ aliases map might be queried as follows: # A NIS+ aliases map might be queried as follows:
# #
# .ti +4 # .nf
# alias_maps = dbm:/etc/mail/aliases, # alias_maps = dbm:/etc/mail/aliases,
# .ti +2
# nisplus:[alias=%s];mail_aliases.org_dir.$mydomain.:1 # nisplus:[alias=%s];mail_aliases.org_dir.$mydomain.:1
# .ad
# .fi # .fi
# #
# This queries the local aliases file before the NIS+ file. # This queries the local aliases file before the NIS+ file.

4
postfix/proto/pcre_table
View File

@@ -9,8 +9,8 @@
# \fBpostmap -q - pcre:/etc/postfix/\fIfilename\fR <\fIinputfile\fR # \fBpostmap -q - pcre:/etc/postfix/\fIfilename\fR <\fIinputfile\fR
# DESCRIPTION # DESCRIPTION
# The Postfix mail system uses optional tables for address # The Postfix mail system uses optional tables for address
# rewriting or mail routing. These tables are usually in # rewriting, mail routing, or access control. These tables
# \fBdbm\fR or \fBdb\fR format. # are usually in \fBdbm\fR or \fBdb\fR format.
# #
# Alternatively, lookup tables can be specified in Perl Compatible # Alternatively, lookup tables can be specified in Perl Compatible
# Regular Expression form. In this case, each input is compared # Regular Expression form. In this case, each input is compared

100
postfix/proto/pgsql_table
View File

@@ -15,8 +15,9 @@
# Alternatively, lookup tables can be specified as PostgreSQL # Alternatively, lookup tables can be specified as PostgreSQL
# databases. In order to use PostgreSQL lookups, define a # databases. In order to use PostgreSQL lookups, define a
# PostgreSQL source as a lookup table in main.cf, for example: # PostgreSQL source as a lookup table in main.cf, for example:
# .ti +4 # .nf
# alias_maps = pgsql:/etc/pgsql-aliases.cf # alias_maps = pgsql:/etc/pgsql-aliases.cf
# .fi
# #
# The file /etc/postfix/pgsql-aliases.cf has the same format as # The file /etc/postfix/pgsql-aliases.cf has the same format as
# the Postfix main.cf file, and can specify the parameters # the Postfix main.cf file, and can specify the parameters
@@ -52,19 +53,18 @@
# \fBwhere_field\fR and \fBadditional_conditions\fR parameters. To # \fBwhere_field\fR and \fBadditional_conditions\fR parameters. To
# migrate to the new interface set: # migrate to the new interface set:
# #
# .ti +4 # .nf
# \fBquery\fR = SELECT \fIselect_function\fR('%s') # \fBquery\fR = SELECT \fIselect_function\fR('%s')
# .fi
# #
# or in the absence of \fBselection_function\fR, the lower precedence: # or in the absence of \fBselection_function\fR, the lower precedence:
# #
# .ti +4 # .nf
# \fBquery\fR = SELECT \fIselect_field\fR # \fBquery\fR = SELECT \fIselect_field\fR
# .ti +8 # FROM \fItable\fR
# FROM \fItable\fR # WHERE \fIwhere_field\fR = '%s'
# .ti +8 # \fIadditional_conditions\fR
# WHERE \fIwhere_field\fR = '%s' # .fi
# .ti +12
# \fIadditional_conditions\fR
# #
# Use the value, not the name, of each legacy parameter. Note # Use the value, not the name, of each legacy parameter. Note
# that the \fBadditional_conditions\fR parameter is optional # that the \fBadditional_conditions\fR parameter is optional
@@ -94,10 +94,10 @@
# The hosts that Postfix will try to connect to and query from. # The hosts that Postfix will try to connect to and query from.
# Specify \fIunix:\fR for UNIX-domain sockets, \fIinet:\fR for TCP # Specify \fIunix:\fR for UNIX-domain sockets, \fIinet:\fR for TCP
# connections (default). Example: # connections (default). Example:
# .ti +4 # .nf
# hosts = host1.some.domain host2.some.domain # hosts = host1.some.domain host2.some.domain
# .ti +4 # hosts = unix:/file/name
# hosts = unix:/file/name # .fi
# #
# The hosts are tried in random order, with all connections over # The hosts are tried in random order, with all connections over
# UNIX domain sockets being tried before those over TCP. The # UNIX domain sockets being tried before those over TCP. The
@@ -112,21 +112,22 @@
# .IP "\fBuser, password\fR" # .IP "\fBuser, password\fR"
# The user name and password to log into the pgsql server. # The user name and password to log into the pgsql server.
# Example: # Example:
# .in +4 # .nf
# user = someone # user = someone
# .br # password = some_password
# password = some_password # .fi
# .in -4
# .IP "\fBdbname\fR" # .IP "\fBdbname\fR"
# The database name on the servers. Example: # The database name on the servers. Example:
# .ti +4 # .nf
# dbname = customer_database # dbname = customer_database
# .fi
# .IP "\fBquery\fR" # .IP "\fBquery\fR"
# The SQL query template used to search the database, where \fB%s\fR # The SQL query template used to search the database, where \fB%s\fR
# is a substitute for the address Postfix is trying to resolve, # is a substitute for the address Postfix is trying to resolve,
# e.g. # e.g.
# .ti +4 # .nf
# query = SELECT replacement FROM aliases WHERE mailbox = '%s' # query = SELECT replacement FROM aliases WHERE mailbox = '%s'
# .fi
# #
# This parameter supports the following '%' expansions: # This parameter supports the following '%' expansions:
# .RS # .RS
@@ -230,8 +231,9 @@
# are eligible for lookup: 'user' lookups, bare domain lookups # are eligible for lookup: 'user' lookups, bare domain lookups
# and "@domain" lookups are not performed. This can significantly # and "@domain" lookups are not performed. This can significantly
# reduce the query load on the PostgreSQL server. # reduce the query load on the PostgreSQL server.
# .ti +4 # .nf
# domain = postfix.org, hash:/etc/postfix/searchdomains # domain = postfix.org, hash:/etc/postfix/searchdomains
# .fi
# #
# It is best not to use SQL to store the domains eligible # It is best not to use SQL to store the domains eligible
# for SQL lookups. # for SQL lookups.
@@ -251,12 +253,14 @@
# Pre-Postfix 2.2 legacy interfaces: # Pre-Postfix 2.2 legacy interfaces:
# .IP "\fBselect_function\fR" # .IP "\fBselect_function\fR"
# This parameter specifies a database function name. Example: # This parameter specifies a database function name. Example:
# .ti +4 # .nf
# select_function = my_lookup_user_alias # select_function = my_lookup_user_alias
# .fi
# #
# This is equivalent to: # This is equivalent to:
# .ti +4 # .nf
# query = SELECT my_lookup_user_alias('%s') # query = SELECT my_lookup_user_alias('%s')
# .fi
# #
# This parameter overrides the legacy table-related fields (described # This parameter overrides the legacy table-related fields (described
# below). With Postfix versions prior to 2.2, it also overrides the # below). With Postfix versions prior to 2.2, it also overrides the
@@ -269,14 +273,12 @@
# \fBselect_function\fR interface described above) can be used to # \fBselect_function\fR interface described above) can be used to
# build the SQL select statement as follows: # build the SQL select statement as follows:
# #
# .ti +4 # .nf
# SELECT [\fBselect_field\fR] # SELECT [\fBselect_field\fR]
# .ti +4 # FROM [\fBtable\fR]
# FROM [\fBtable\fR] # WHERE [\fBwhere_field\fR] = '%s'
# .ti +4 # [\fBadditional_conditions\fR]
# WHERE [\fBwhere_field\fR] = '%s' # .fi
# .ti +10
# [\fBadditional_conditions\fR]
# #
# The specifier %s is replaced with each lookup by the lookup key # The specifier %s is replaced with each lookup by the lookup key
# and is escaped so if it contains single quotes or other odd # and is escaped so if it contains single quotes or other odd
@@ -290,20 +292,24 @@
# \fBquery\fR interface as this interface is slated to be phased out. # \fBquery\fR interface as this interface is slated to be phased out.
# .IP "\fBselect_field\fR" # .IP "\fBselect_field\fR"
# The SQL "select" parameter. Example: # The SQL "select" parameter. Example:
# .ti +4 # .nf
# \fBselect_field\fR = forw_addr # \fBselect_field\fR = forw_addr
# .fi
# .IP "\fBtable\fR" # .IP "\fBtable\fR"
# The SQL "select .. from" table name. Example: # The SQL "select .. from" table name. Example:
# .ti +4 # .nf
# \fBtable\fR = mxaliases # \fBtable\fR = mxaliases
# .fi
# .IP "\fBwhere_field\fR # .IP "\fBwhere_field\fR
# The SQL "select .. where" parameter. Example: # The SQL "select .. where" parameter. Example:
# .ti +4 # .nf
# \fBwhere_field\fR = alias # \fBwhere_field\fR = alias
# .fi
# .IP "\fBadditional_conditions\fR # .IP "\fBadditional_conditions\fR
# Additional conditions to the SQL query. Example: # Additional conditions to the SQL query. Example:
# .ti +4 # .nf
# \fBadditional_conditions\fR = AND status = 'paid' # \fBadditional_conditions\fR = AND status = 'paid'
# .fi
# SEE ALSO # SEE ALSO
# postmap(1), Postfix lookup table manager # postmap(1), Postfix lookup table manager
# postconf(5), configuration parameters # postconf(5), configuration parameters

4
postfix/proto/regexp_table
View File

@@ -9,8 +9,8 @@
# \fBpostmap -q - regexp:/etc/postfix/\fIfilename\fR <\fIinputfile\fR # \fBpostmap -q - regexp:/etc/postfix/\fIfilename\fR <\fIinputfile\fR
# DESCRIPTION # DESCRIPTION
# The Postfix mail system uses optional tables for address # The Postfix mail system uses optional tables for address
# rewriting or mail routing. These tables are usually in # rewriting, mail routing, or access control. These tables
# \fBdbm\fR or \fBdb\fR format. # are usually in \fBdbm\fR or \fBdb\fR format.
# #
# Alternatively, lookup tables can be specified in POSIX regular # Alternatively, lookup tables can be specified in POSIX regular
# expression form. In this case, each input is compared against a # expression form. In this case, each input is compared against a

8
postfix/proto/relocated
View File

@@ -39,9 +39,11 @@
# The input format for the \fBpostmap\fR(1) command is as follows: # The input format for the \fBpostmap\fR(1) command is as follows:
# .IP \(bu # .IP \(bu
# An entry has one of the following form: # An entry has one of the following form:
# .ti +5 #
# \fIpattern new_location\fR # .nf
# .br # \fIpattern new_location\fR
# .fi
#
# Where \fInew_location\fR specifies contact information such as # Where \fInew_location\fR specifies contact information such as
# an email address, or perhaps a street address or telephone number. # an email address, or perhaps a street address or telephone number.
# .IP \(bu # .IP \(bu

54
postfix/proto/transport
View File

@@ -11,7 +11,10 @@
# \fBpostmap -q - /etc/postfix/transport <\fIinputfile\fR # \fBpostmap -q - /etc/postfix/transport <\fIinputfile\fR
# DESCRIPTION # DESCRIPTION
# The optional \fBtransport\fR(5) table specifies a mapping from email # The optional \fBtransport\fR(5) table specifies a mapping from email
# addresses to message delivery transports and next-hop hosts. The # addresses to message delivery transports and next-hop destinations.
# Message delivery transports such as \fBlocal\fR or \fBsmtp\fR
# are defined in the \fBmaster.cf\fR file, and next-hop
# destinations are typically hosts or domain names. The
# table is searched by the \fBtrivial-rewrite\fR(8) daemon. # table is searched by the \fBtrivial-rewrite\fR(8) daemon.
# #
# This mapping overrides the default \fItransport\fR:\fInexthop\fR # This mapping overrides the default \fItransport\fR:\fInexthop\fR
@@ -149,20 +152,19 @@
# the nexthop information) and specify a wildcard for all other # the nexthop information) and specify a wildcard for all other
# destinations. # destinations.
# #
# .ti +5 # .nf
# \fB\&my.domain :\fR # \fB\&my.domain :\fR
# .ti +5 # \fB\&.my.domain :\fR
# \fB\&.my.domain :\fR # \fB* smtp:outbound-relay.my.domain\fR
# .ti +5 # .fi
# \fB* smtp:outbound-relay.my.domain\fR
# #
# In order to send mail for \fBexample.com\fR and its subdomains # In order to send mail for \fBexample.com\fR and its subdomains
# via the \fBuucp\fR transport to the UUCP host named \fBexample\fR: # via the \fBuucp\fR transport to the UUCP host named \fBexample\fR:
# #
# .ti +5 # .nf
# \fBexample.com uucp:example\fR # \fBexample.com uucp:example\fR
# .ti +5 # \fB\&.example.com uucp:example\fR
# \fB\&.example.com uucp:example\fR # .fi
# #
# When no nexthop host name is specified, the destination domain # When no nexthop host name is specified, the destination domain
# name is used instead. For example, the following directs mail for # name is used instead. For example, the following directs mail for
@@ -170,18 +172,19 @@
# exchanger for \fBexample.com\fR. The \fBslow\fR transport could be # exchanger for \fBexample.com\fR. The \fBslow\fR transport could be
# configured to run at most one delivery process at a time: # configured to run at most one delivery process at a time:
# #
# .ti +5 # .nf
# \fBexample.com slow:\fR # \fBexample.com slow:\fR
# .fi
# #
# When no transport is specified, Postfix uses the transport that # When no transport is specified, Postfix uses the transport that
# matches the address domain class (see DESCRIPTION # matches the address domain class (see DESCRIPTION
# above). The following sends all mail for \fBexample.com\fR and its # above). The following sends all mail for \fBexample.com\fR and its
# subdomains to host \fBgateway.example.com\fR: # subdomains to host \fBgateway.example.com\fR:
# #
# .ti +5 # .nf
# \fBexample.com :[gateway.example.com]\fR # \fBexample.com :[gateway.example.com]\fR
# .ti +5 # \fB\&.example.com :[gateway.example.com]\fR
# \fB\&.example.com :[gateway.example.com]\fR # .fi
# #
# In the above example, the [] suppress MX lookups. # In the above example, the [] suppress MX lookups.
# This prevents mail routing loops when your machine is primary MX # This prevents mail routing loops when your machine is primary MX
@@ -190,8 +193,9 @@
# In the case of delivery via SMTP, one may specify # In the case of delivery via SMTP, one may specify
# \fIhostname\fR:\fIservice\fR instead of just a host: # \fIhostname\fR:\fIservice\fR instead of just a host:
# #
# .ti +5 # .nf
# \fBexample.com smtp:bar.example:2025\fR # \fBexample.com smtp:bar.example:2025\fR
# .fi
# #
# This directs mail for \fIuser\fR@\fBexample.com\fR to host \fBbar.example\fR # This directs mail for \fIuser\fR@\fBexample.com\fR to host \fBbar.example\fR
# port \fB2025\fR. Instead of a numerical port a symbolic name may be # port \fB2025\fR. Instead of a numerical port a symbolic name may be
@@ -199,8 +203,9 @@
# #
# The error mailer can be used to bounce mail: # The error mailer can be used to bounce mail:
# #
# .ti +5 # .nf
# \fB\&.example.com error:mail for *.example.com is not deliverable\fR # \fB\&.example.com error:mail for *.example.com is not deliverable\fR
# .fi
# #
# This causes all mail for \fIuser\fR@\fIanything\fB.example.com\fR # This causes all mail for \fIuser\fR@\fIanything\fB.example.com\fR
# to be bounced. # to be bounced.
@@ -220,9 +225,10 @@
# Patterns are applied in the order as specified in the table, until a # Patterns are applied in the order as specified in the table, until a
# pattern is found that matches the search string. # pattern is found that matches the search string.
# #
# Results are the same as with indexed file lookups, with # The \fBtrivial-rewrite\fR(8) server disallows regular
# the additional feature that parenthesized substrings from the # expression substitution of $1 etc. in regular expression
# pattern can be interpolated as \fB$1\fR, \fB$2\fR and so on. # lookup tables, because that could open a security hole
# (Postfix version 2.3 and later).
# TCP-BASED TABLES # TCP-BASED TABLES
# .ad # .ad
# .fi # .fi

25
postfix/proto/virtual
View File

@@ -96,8 +96,9 @@
# Postfix SMTP server accepts # Postfix SMTP server accepts
# mail for any recipient in \fIdomain\fR, regardless of whether # mail for any recipient in \fIdomain\fR, regardless of whether
# that recipient exists. This may turn your mail system into # that recipient exists. This may turn your mail system into
# a backscatter source that returns undeliverable spam to # a backscatter source: Postfix first accepts mail for
# innocent people. # non-existent recipients and then tries to return that mail
# as "undeliverable" to the often forged sender address.
# RESULT ADDRESS REWRITING # RESULT ADDRESS REWRITING
# .ad # .ad
# .fi # .fi
@@ -144,24 +145,20 @@
# #
# Support for a virtual alias domain looks like: # Support for a virtual alias domain looks like:
# #
# .nf
# /etc/postfix/main.cf: # /etc/postfix/main.cf:
# .in +4 # virtual_alias_maps = hash:/etc/postfix/virtual
# virtual_alias_maps = hash:/etc/postfix/virtual # .fi
# #
# Note: some systems use \fBdbm\fR databases instead of \fBhash\fR. # Note: some systems use \fBdbm\fR databases instead of \fBhash\fR.
# See the output from "\fBpostconf -m\fR" for available database types. # See the output from "\fBpostconf -m\fR" for available database types.
# #
# .ti -4
# /etc/postfix/virtual:
# .nf # .nf
# .na # /etc/postfix/virtual:
# \fIvirtual-alias.domain anything\fR (right-hand content does not matter) # \fIvirtual-alias.domain anything\fR (right-hand content does not matter)
# \fIpostmaster@virtual-alias.domain postmaster\fR # \fIpostmaster@virtual-alias.domain postmaster\fR
# \fIuser1@virtual-alias.domain address1\fR # \fIuser1@virtual-alias.domain address1\fR
# \fIuser2@virtual-alias.domain address2, address3\fR # \fIuser2@virtual-alias.domain address2, address3\fR
# .fi
# .in -4
# .ad
# .fi # .fi
# .sp # .sp
# The \fIvirtual-alias.domain anything\fR entry is required for a # The \fIvirtual-alias.domain anything\fR entry is required for a

147
postfix/src/anvil/anvil.c
View File

@@ -23,81 +23,74 @@
/* .fi /* .fi
/* To register a new connection send the following request to /* To register a new connection send the following request to
/* the \fBanvil\fR(8) server: /* the \fBanvil\fR(8) server:
/* .PP /*
/* .in +4 /* .nf
/* \fBrequest=connect\fR /* \fBrequest=connect\fR
/* .br /* \fBident=\fIstring\fR
/* \fBident=\fIstring\fR /* .fi
/* .in /*
/* .PP
/* The \fBanvil\fR(8) server answers with the number of /* The \fBanvil\fR(8) server answers with the number of
/* simultaneous connections and the number of connections per /* simultaneous connections and the number of connections per
/* unit time for the (service, client) combination specified /* unit time for the (service, client) combination specified
/* with \fBident\fR: /* with \fBident\fR:
/* .PP /*
/* .in +4 /* .nf
/* \fBstatus=0\fR /* \fBstatus=0\fR
/* .br /* \fBcount=\fInumber\fR
/* \fBcount=\fInumber\fR /* \fBrate=\fInumber\fR
/* .br /* .fi
/* \fBrate=\fInumber\fR /*
/* .in
/* .PP
/* To register a disconnect event send the following request /* To register a disconnect event send the following request
/* to the \fBanvil\fR(8) server: /* to the \fBanvil\fR(8) server:
/* .PP /*
/* .in +4 /* .nf
/* \fBrequest=disconnect\fR /* \fBrequest=disconnect\fR
/* .br /* \fBident=\fIstring\fR
/* \fBident=\fIstring\fR /* .fi
/* .in /*
/* .PP
/* The \fBanvil\fR(8) server replies with: /* The \fBanvil\fR(8) server replies with:
/* .PP /*
/* .ti +4 /* .nf
/* \fBstatus=0\fR /* \fBstatus=0\fR
/* .fi
/* MESSAGE RATE CONTROL /* MESSAGE RATE CONTROL
/* .ad /* .ad
/* .fi /* .fi
/* To register a message delivery request send the following /* To register a message delivery request send the following
/* request to the \fBanvil\fR(8) server: /* request to the \fBanvil\fR(8) server:
/* .PP /*
/* .in +4 /* .nf
/* \fBrequest=message\fR /* \fBrequest=message\fR
/* .br /* \fBident=\fIstring\fR
/* \fBident=\fIstring\fR /* .fi
/* .in /*
/* .PP
/* The \fBanvil\fR(8) server answers with the number of message /* The \fBanvil\fR(8) server answers with the number of message
/* delivery requests per unit time for the (service, client) /* delivery requests per unit time for the (service, client)
/* combination specified with \fBident\fR: /* combination specified with \fBident\fR:
/* .PP /*
/* .in +4 /* .nf
/* \fBstatus=0\fR /* \fBstatus=0\fR
/* .br /* \fBrate=\fInumber\fR
/* \fBrate=\fInumber\fR /* .fi
/* .in
/* RECIPIENT RATE CONTROL /* RECIPIENT RATE CONTROL
/* .ad /* .ad
/* .fi /* .fi
/* To register a recipient request send the following request /* To register a recipient request send the following request
/* to the \fBanvil\fR(8) server: /* to the \fBanvil\fR(8) server:
/* .PP /*
/* .in +4 /* .nf
/* \fBrequest=recipient\fR /* \fBrequest=recipient\fR
/* .br /* \fBident=\fIstring\fR
/* \fBident=\fIstring\fR /* .fi
/* .in /*
/* .PP
/* The \fBanvil\fR(8) server answers with the number of recipient /* The \fBanvil\fR(8) server answers with the number of recipient
/* addresses per unit time for the (service, client) combination /* addresses per unit time for the (service, client) combination
/* specified with \fBident\fR: /* specified with \fBident\fR:
/* .PP /*
/* .in +4 /* .nf
/* \fBstatus=0\fR /* \fBstatus=0\fR
/* .br /* \fBrate=\fInumber\fR
/* \fBrate=\fInumber\fR /* .fi
/* .in
/* TLS SESSION NEGOTIATION RATE CONTROL /* TLS SESSION NEGOTIATION RATE CONTROL
/* .ad /* .ad
/* .fi /* .fi
@@ -106,41 +99,37 @@
/* /*
/* To register a request for a new (i.e. not cached) TLS session /* To register a request for a new (i.e. not cached) TLS session
/* send the following request to the \fBanvil\fR(8) server: /* send the following request to the \fBanvil\fR(8) server:
/* .PP /*
/* .in +4 /* .nf
/* \fBrequest=newtls\fR /* \fBrequest=newtls\fR
/* .br /* \fBident=\fIstring\fR
/* \fBident=\fIstring\fR /* .fi
/* .in /*
/* .PP
/* The \fBanvil\fR(8) server answers with the number of new /* The \fBanvil\fR(8) server answers with the number of new
/* TLS session requests per unit time for the (service, client) /* TLS session requests per unit time for the (service, client)
/* combination specified with \fBident\fR: /* combination specified with \fBident\fR:
/* .PP /*
/* .in +4 /* .nf
/* \fBstatus=0\fR /* \fBstatus=0\fR
/* .br /* \fBrate=\fInumber\fR
/* \fBrate=\fInumber\fR /* .fi
/* .in /*
/* .PP
/* To retrieve new TLS session request rate information without /* To retrieve new TLS session request rate information without
/* updating the counter information, send: /* updating the counter information, send:
/* .PP /*
/* .in +4 /* .nf
/* \fBrequest=newtls_report\fR /* \fBrequest=newtls_report\fR
/* .br /* \fBident=\fIstring\fR
/* \fBident=\fIstring\fR /* .fi
/* .in /*
/* .PP
/* The \fBanvil\fR(8) server answers with the number of new /* The \fBanvil\fR(8) server answers with the number of new
/* TLS session requests per unit time for the (service, client) /* TLS session requests per unit time for the (service, client)
/* combination specified with \fBident\fR: /* combination specified with \fBident\fR:
/* .PP /*
/* .in +4 /* .nf
/* \fBstatus=0\fR /* \fBstatus=0\fR
/* .br /* \fBrate=\fInumber\fR
/* \fBrate=\fInumber\fR /* .fi
/* .in
/* SECURITY /* SECURITY
/* .ad /* .ad
/* .fi /* .fi

8
postfix/src/bounce/2template_test.in
View File

@@ -9,7 +9,7 @@ This is the mail system at host $myhostname.
I'm sorry to have to inform you that your message could not I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below. be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to <postmaster> For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can If you do so, please include this problem report. You can
delete your own text from the attached returned message. delete your own text from the attached returned message.
@@ -32,7 +32,7 @@ This is the mail system at host $myhostname.
Your message could not be delivered for more than $delay_warning_time_hours hour(s). Your message could not be delivered for more than $delay_warning_time_hours hour(s).
It will be retried until it is $maximal_queue_lifetime_days day(s) old. It will be retried until it is $maximal_queue_lifetime_days day(s) old.
For further assistance, please send mail to <postmaster> For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can If you do so, please include this problem report. You can
delete your own text from the attached returned message. delete your own text from the attached returned message.
@@ -77,7 +77,7 @@ This is the mail system at host $myhostname.
I'm sorry to have to inform you that your message could not I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below. be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to <postmaster> For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can If you do so, please include this problem report. You can
delete your own text from the attached returned message. delete your own text from the attached returned message.
@@ -100,7 +100,7 @@ This is the mail system at host $myhostname.
Your message could not be delivered for more than $delay_warning_time_hours hour(s). Your message could not be delivered for more than $delay_warning_time_hours hour(s).
It will be retried until it is $maximal_queue_lifetime_days day(s) old. It will be retried until it is $maximal_queue_lifetime_days day(s) old.
For further assistance, please send mail to <postmaster> For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can If you do so, please include this problem report. You can
delete your own text from the attached returned message. delete your own text from the attached returned message.

4
postfix/src/bounce/template_test.ref
View File

@@ -9,7 +9,7 @@ This is the mail system at host $myhostname.
I'm sorry to have to inform you that your message could not I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below. be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to <postmaster> For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can If you do so, please include this problem report. You can
delete your own text from the attached returned message. delete your own text from the attached returned message.
@@ -32,7 +32,7 @@ This is the mail system at host $myhostname.
Your message could not be delivered for more than $delay_warning_time_hours hour(s). Your message could not be delivered for more than $delay_warning_time_hours hour(s).
It will be retried until it is $maximal_queue_lifetime_days day(s) old. It will be retried until it is $maximal_queue_lifetime_days day(s) old.
For further assistance, please send mail to <postmaster> For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can If you do so, please include this problem report. You can
delete your own text from the attached returned message. delete your own text from the attached returned message.

4
postfix/src/global/mail_version.h
View File

@@ -20,8 +20,8 @@
* Patches change both the patchlevel and the release date. Snapshots have no * Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only. * patchlevel; they change the release date only.
*/ */
#define MAIL_RELEASE_DATE "20070325" #define MAIL_RELEASE_DATE "20070328"
#define MAIL_VERSION_NUMBER "2.4" #define MAIL_VERSION_NUMBER "2.5"
#ifdef SNAPSHOT #ifdef SNAPSHOT
# define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE # define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE

25
postfix/src/pipe/pipe.c
View File

@@ -29,9 +29,10 @@
/* /*
/* To prevent Postfix from sending multiple recipients per delivery /* To prevent Postfix from sending multiple recipients per delivery
/* request, specify /* request, specify
/* /* .sp
/* .ti +4 /* .nf
/* \fItransport\fB_destination_recipient_limit = 1\fR /* \fItransport\fB_destination_recipient_limit = 1\fR
/* .fi
/* /*
/* in the Postfix \fBmain.cf\fR file, where \fItransport\fR /* in the Postfix \fBmain.cf\fR file, where \fItransport\fR
/* is the name in the first column of the Postfix \fBmaster.cf\fR /* is the name in the first column of the Postfix \fBmaster.cf\fR
@@ -135,17 +136,19 @@
/* Caution: a null sender address is easily mis-parsed by /* Caution: a null sender address is easily mis-parsed by
/* naive software. For example, when the \fBpipe\fR(8) daemon /* naive software. For example, when the \fBpipe\fR(8) daemon
/* executes a command such as: /* executes a command such as:
/* /* .sp
/* .ti +4 /* .nf
/* command -f$sender -- $recipient (\fIbad\fR) /* command -f$sender -- $recipient (\fIbad\fR)
/* /* .fi
/* .IP
/* the command will mis-parse the -f option value when the /* the command will mis-parse the -f option value when the
/* sender address is a null string. For correct parsing, /* sender address is a null string. For correct parsing,
/* specify \fB$sender\fR as an argument by itself: /* specify \fB$sender\fR as an argument by itself:
/* /* .sp
/* .ti +4 /* .nf
/* command -f $sender -- $recipient (\fIgood\fR) /* command -f $sender -- $recipient (\fIgood\fR)
/* /* .fi
/* .IP
/* This feature is available with Postfix 2.3 and later. /* This feature is available with Postfix 2.3 and later.
/* .IP "\fBsize\fR=\fIsize_limit\fR (optional)" /* .IP "\fBsize\fR=\fIsize_limit\fR (optional)"
/* Messages greater in size than this limit (in bytes) will /* Messages greater in size than this limit (in bytes) will

10
postfix/src/postmap/postmap.c
View File

@@ -13,8 +13,9 @@
/* lookup tables, or updates an existing one. The input and output /* lookup tables, or updates an existing one. The input and output
/* file formats are expected to be compatible with: /* file formats are expected to be compatible with:
/* /*
/* .ti +4 /* .nf
/* \fBmakemap \fIfile_type\fR \fIfile_name\fR < \fIfile_name\fR /* \fBmakemap \fIfile_type\fR \fIfile_name\fR < \fIfile_name\fR
/* .fi
/* /*
/* If the result files do not exist they will be created with the /* If the result files do not exist they will be created with the
/* same group and other read permissions as their source file. /* same group and other read permissions as their source file.
@@ -30,8 +31,9 @@
/* .IP \(bu /* .IP \(bu
/* A table entry has the form /* A table entry has the form
/* .sp /* .sp
/* .ti +5 /* .nf
/* \fIkey\fR whitespace \fIvalue\fR /* \fIkey\fR whitespace \fIvalue\fR
/* .fi
/* .IP \(bu /* .IP \(bu
/* Empty lines and whitespace-only lines are ignored, as /* Empty lines and whitespace-only lines are ignored, as
/* are lines whose first non-whitespace character is a `#'. /* are lines whose first non-whitespace character is a `#'.

12
postfix/src/postsuper/postsuper.c
View File

@@ -36,15 +36,13 @@
/* queue IDs from standard input. For example, to delete all mail /* queue IDs from standard input. For example, to delete all mail
/* with exactly one recipient \fBuser@example.com\fR: /* with exactly one recipient \fBuser@example.com\fR:
/* .sp /* .sp
/* .nf
/* mailq | tail +2 | grep -v '^ *(' | awk \'BEGIN { RS = "" } /* mailq | tail +2 | grep -v '^ *(' | awk \'BEGIN { RS = "" }
/* .ti +4 /* # $7=sender, $8=recipient1, $9=recipient2
/* # $7=sender, $8=recipient1, $9=recipient2 /* { if ($8 == "user@example.com" && $9 == "")
/* .ti +4 /* print $1 }
/* { if ($8 == "user@example.com" && $9 == "")
/* .ti +10
/* print $1 }
/* .br
/* \' | tr -d '*!' | postsuper -d - /* \' | tr -d '*!' | postsuper -d -
/* .fi
/* .sp /* .sp
/* Specify "\fB-d ALL\fR" to remove all messages; for example, specify /* Specify "\fB-d ALL\fR" to remove all messages; for example, specify
/* "\fB-d ALL deferred\fR" to delete all mail in the \fBdeferred\fR queue. /* "\fB-d ALL deferred\fR" to delete all mail in the \fBdeferred\fR queue.

10
postfix/src/proxymap/proxymap.c
View File

@@ -16,18 +16,20 @@
/* practical to maintain a copy of the passwd file in the chroot /* practical to maintain a copy of the passwd file in the chroot
/* jail. The solution: /* jail. The solution:
/* .sp /* .sp
/* .nf
/* local_recipient_maps = /* local_recipient_maps =
/* .ti +4 /* proxy:unix:passwd.byname $alias_maps
/* proxy:unix:passwd.byname $alias_maps /* .fi
/* .IP \(bu /* .IP \(bu
/* To consolidate the number of open lookup tables by sharing /* To consolidate the number of open lookup tables by sharing
/* one open table among multiple processes. For example, making /* one open table among multiple processes. For example, making
/* mysql connections from every Postfix daemon process results /* mysql connections from every Postfix daemon process results
/* in "too many connections" errors. The solution: /* in "too many connections" errors. The solution:
/* .sp /* .sp
/* .nf
/* virtual_alias_maps = /* virtual_alias_maps =
/* .ti +4 /* proxy:mysql:/etc/postfix/virtual_alias.cf
/* proxy:mysql:/etc/postfix/virtual_alias.cf /* .fi
/* .sp /* .sp
/* The total number of connections is limited by the number of /* The total number of connections is limited by the number of
/* proxymap server processes. /* proxymap server processes.

5
postfix/src/virtual/virtual.c
View File

@@ -26,8 +26,9 @@
/* /*
/* The mailbox pathname is constructed as follows: /* The mailbox pathname is constructed as follows:
/* /*
/* .ti +2 /* .nf
/* \fB$virtual_mailbox_base/$virtual_mailbox_maps(\fIrecipient\fB)\fR /* \fB$virtual_mailbox_base/$virtual_mailbox_maps(\fIrecipient\fB)\fR
/* .fi
/* /*
/* where \fIrecipient\fR is the full recipient address. /* where \fIrecipient\fR is the full recipient address.
/* UNIX MAILBOX FORMAT /* UNIX MAILBOX FORMAT