mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-29 13:18:12 +00:00
Code Issues Releases Wiki Activity

postfix-2.12-20140105

Browse Source
This commit is contained in:
Wietse Venema 2014-01-05 00:00:00 -05:00 committed by Viktor Dukhovni
parent 4a25a6b519
commit b3a48ba3a8
17 changed files with 383 additions and 314 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
postfix/README_FILES/LMDB_README
View File

@ -2,6 +2,13 @@ PPoossttffiixx OOppeennLLDDAAPP LLMMDDBB HHoowwttoo
-------------------------------------------------------------------------------
NNoottee
LMDB is not supported in the stable Postfix release. It will spontaneously
terminate a Postfix daemon process without allowing Postfix to 1) report the
problem to the maillog file, and to 2) provide reduced service where this is
appropriate.
IInnttrroodduuccttiioonn
Postfix uses databases of various kinds to store and look up information.
@ -72,7 +79,7 @@ NNoonn--oobbvviioouuss rreeccoovveerryy wwiitthh ppoos
ccoorrrruupptteedd ddaattaabbaassee..
Problem:
A corrupted LMDB database cann't be rebuilt simply by re-running postmap(1)
A corrupted LMDB database can't be rebuilt simply by re-running postmap(1)
or postalias(1), or by waiting until a tlsmgr(8) daemon restarts. This
problem does not exist with other Postfix databases.

262
postfix/RELEASE_NOTES
View File

@ -1,269 +1,17 @@
This is the Postfix 2.11 (experimental) branch.
This is the Postfix 2.12 (experimental) branch.
The stable Postfix release is called postfix-2.10.x where 2=major
release number, 10=minor release number, x=patchlevel. The stable
The stable Postfix release is called postfix-2.11.x where 2=major
release number, 11=minor release number, x=patchlevel. The stable
release never changes except for patches that address bugs or
emergencies. Patches change the patchlevel and the release date.
New features are developed in snapshot releases. These are called
postfix-2.11-yyyymmdd where yyyymmdd is the release date (yyyy=year,
postfix-2.12-yyyymmdd where yyyymmdd is the release date (yyyy=year,
mm=month, dd=day). Patches are never issued for snapshot releases;
instead, a new snapshot is released.
The mail_release_date configuration parameter (format: yyyymmdd)
specifies the release date of a stable release or snapshot release.
If you upgrade from Postfix 2.9 or earlier, read RELEASE_NOTES-2.10
If you upgrade from Postfix 2.10 or earlier, read RELEASE_NOTES-2.11
before proceeding.
Incompatible changes with snapshot 20131217
===========================================
The master_service_disable syntax has changed: use "service/type"
instead of "service.type". The new form is consistent with master.cf
parameter namespaces. The old form is still supported to avoid
breaking existing configurations.
Major changes with with snapshot 20131217
=========================================
Support for advanced master.cf query and update operations. This
was implemented primarily to support automated system management
tools.
The goal is to make all Postfix master.cf details accessible as
lists of "name=value" pairs, where the names are organized into
structured name spaces. This allows other programs to query
information or request updates, without having to worry about the
exact layout of master.cf files.
Managing master.cf service attributes
-------------------------------------
First, an example that shows the smtp/inet service in the traditional
form:
$ postconf -M smtp/inet
smtp inet n - n - - smtpd
Different variants of this command show different amounts of output.
For example, "postconf -M smtp" enumerates all services that have
a name "smtp" and any service type ("inet", "unix", etc.), and
"postconf -M" enumerates all master.cf services.
General rule: each name component that is not present becomes a "*"
wildcard.
Coming back to the above example, the postconf -F option can now
enumerate the smtp/inet service fields as follows:
$ postconf -F smtp/inet
smtp/inet/service = smtp
smtp/inet/type = inet
smtp/inet/private = n
smtp/inet/unprivileged = -
smtp/inet/chroot = n
smtp/inet/wakeup = -
smtp/inet/process_limit = -
smtp/inet/command = smtpd
This form makes it very easy to change one field in master.cf.
For example to turn on chroot on the smtp/inet service you use:
$ postconf -F smtp/inet/chroot=y
$ postfix reload
Moreover, with "-F" you can specify "*" for service name or service
type to get a wild-card match. For example, to turn off chroot on
all Postfix daemons, use this:
$ postconf -F '*/*/chroot=n'
$ postfix reload
Managing master.cf service "-o parameter=value" settings
--------------------------------------------------------
For a second example, let's look at the submission service. This
service typically has multiple "-o parameter=value" overrides. First
the traditional view:
$ postconf -Mf submission
submission inet n - n - - smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
...
The postconf -P option can now enumerate these parameters as follows:
$ postconf -P submission
submission/inet/smtpd_sasl_auth_enable = yes
submission/inet/smtpd_tls_security_level = encrypt
...
Again, this form makes it very easy to modify one parameter
setting. For example, to change the smtpd_tls_security_level setting
for the submission/inet service:
$ postconf -P 'submission/inet/smtpd_tls_security_level=may'
You can create or remove a parametername=parametervalue setting:
Create:
$ postconf -P 'submission/inet/parametername=parametervalue'
Remove:
$ postconf -PX submission/inet/parametername
Finally, always execute "postfix reload" after updating master.cf.
Managing master.cf service entries
----------------------------------
Finally, adding master.cf entries is possible, but currently this
does not yet have "advanced" support. It can only be done at the
level of the traditional master.cf file format.
Suppose that you need to configure a Postfix SMTP client that will
handle slow email deliveries. To implement this you need to clone
the smtp/unix service settings and create a new delay/unix service.
First, you would enumerate the smtp/unix service like this:
$ postconf -M smtp/unix
smtp unix - - n - - smtp
Then you would copy those fields (except the first field) by hand
to create the delay/unix service:
$ postconf -M delay/unix="delay unix - - n - - smtp"
To combine the above steps in one command:
$ postconf -M delay/unix="`postconf -M smtp/unix|awk '{$1 = "delay"}'`"
This is perhaps not super-convenient for manual cloning, but it
should be sufficient for programmatic configuration management.
Again, always execute "postfix reload" after updating master.cf.
Deleting or commenting out master.cf entries
--------------------------------------------
The -X (delete entry) and -# (comment out entry) options already
exist for main.cf, and they now also work work for entire master.cf
entries:
Remove main.cf or master.cf entry:
$ postconf -X parametername
$ postconf -MX delay/unix
Comment out main.cf or master.cf entry:
$ postconf -# parametername
$ postconf -M# delay/unix
As with main.cf, there is no support to "undo" master.cf changes
that are made with -X or -#.
Again, always execute "postfix reload" after updating master.cf.
Major changes with snapshot 20131031
====================================
LMDB support is enabled after changes to LMDB lock management. This
includes creating databases with postmap(1) and postalias(1);
read/write access by postscreen(8), proxymap(8), verify(8), and
tlsmgr(8); and database sharing between privileged writer processes
and unprivileged reader processes without world-writable files.
Major changes with snapshot 20130929
====================================
Support to create LMDB databases is no longer available for the
postmap(1) and postalias(1) commands. Instead, consider using cdb:
to manage root-owned databases under the root-owned config_directory
(default: /etc/postfix) such as access(5), virtual(5), transport(5).
The reason is that LMDB applications require write access even when
the application itself is read-only. This violates the principle
of least privilege, and causes all kinds of problems when a non-root
process needs to query a root-owned database.
Support to create LMDB databases is available only for unprivileged
Postfix daemon processes such as postscreen(8), tlsmgr(8) and
verify(8) that manage postfix-owned databases under the postfix-owned
data_directory (default: /var/lib/postfix).
Major changes with snapshot 20130927
====================================
Postfix now handles LMDB "database full" errors automatically. When
a database becomes full, its size limit is doubled, and other
processes automatically pick up the new size limit. The lmdb_map_size
parameter is now mostly irrelevant, and may be removed in the future.
Major changes with snapshot 20130602
====================================
Support for PKI-less TLS server certificate verification, where the
CA public key is identified via DNSSEC lookup.
This feature introduces a new TLS security level called "dane"
(DNS-based Authentication of Named Entities) that uses DNSSEC to
look up CA information for a server TLS certificate. The details
of DANE core protocols are still evolving, as are the details of
how DANE should be used in the context of SMTP. Postfix implements
what appears to be a "rational" subset of the DANE profiles.
The problem with PKI is that there are literally hundreds of
organizations world-wide that can provide a certificate in anyone's
name. There have been widely-published incidents in recent history
where a certificate authority gave out an inappropriate certificate
(e.g., a certificate in the name of Microsoft to someone who did
not represent Microsoft), where a CA was compromised (e.g., DigiNotar,
Comodo), or where a CA made operational mistakes (e.g., TURKTRUST).
Another concern is that a legitimate CA might be coerced to provide
a certificate that allows its government to play man-in-the-middle
on TLS traffic and observe the plaintext.
Major changes with snapshot 20130512
====================================
Allow an SMTP client to skip postscreen(8) tests based on its
postscreen_dnsbl_sites score.
Specify a negative "postscreen_dnsbl_whitelist_threshold" to enable
this feature. When a client passes the threshold value without
having failed other tests, all pending or disabled tests are flagged
as completed.
Major changes with snapshot 20130405
====================================
The recipient_delimiter parameter can now specify a set of characters.
A user name is now separated from its address extension by the first
character that matches the recipient_delimiter set.
For example, specify "recipient_delimiter = +-" to support both the
Postfix-style "+" and the qmail-style "-" extension delimiter.
As before, this implementation recognizes one delimiter character
per email address, and one address extension per email address.
Major changes with snapshot 20130319
====================================
Postfix support for LMDB databases is suspended due to the existence
of a hard limit (an "out of storage" failure mode that cannot be
resolved by increasing the database size).
Postfix may support LMDB again when it no longer limits the size
of Postfix transactions, whether the limit is built into LMDB itself,
or implicit by requiring an unbounded amount of memory to handle a
large transaction.
Major changes with snapshot 20130315
====================================
LMDB support by Howard Chu. This implementation has unexpected
failure modes that don't exist with other Postfix databases, so
don't just yet abandon CDB. See LMDB_README for details.

256
postfix/RELEASE_NOTES-2.11 Normal file
View File

@ -0,0 +1,256 @@
The stable Postfix release is called postfix-2.11.x where 2=major
release number, 11=minor release number, x=patchlevel. The stable
release never changes except for patches that address bugs or
emergencies. Patches change the patchlevel and the release date.
New features are developed in snapshot releases. These are called
postfix-2.12-yyyymmdd where yyyymmdd is the release date (yyyy=year,
mm=month, dd=day). Patches are never issued for snapshot releases;
instead, a new snapshot is released.
The mail_release_date configuration parameter (format: yyyymmdd)
specifies the release date of a stable release or snapshot release.
If you upgrade from Postfix 2.9 or earlier, read RELEASE_NOTES-2.10
before proceeding.
Major changes - tls
-------------------
[Documentation 20131218] The new FORWARD_SECRECY_README document
conveniently presents all information about Postfix "perfect" forward
secrecy support in one place: what forward secrecy is, how to tweak
settings, and what you can expect to see when Postfix uses ciphers
with forward secrecy.
[Feature 20130602] Support for PKI-less TLS server certificate
verification, where the CA public key or the server certificate is
identified via DNSSEC lookup.
This feature introduces a new TLS security level called "dane"
(DNS-based Authentication of Named Entities) that uses DNSSEC to
look up CA information for a server TLS certificate. The details
of DANE core protocols are still evolving, as are the details of
how DANE should be used in the context of SMTP. Postfix implements
what appears to be a "rational" subset of the DANE profiles.
The problem with PKI is that there are literally hundreds of
organizations world-wide that can provide a certificate in anyone's
name. There have been widely-published incidents in recent history
where a certificate authority gave out an inappropriate certificate
(e.g., a certificate in the name of Microsoft to someone who did
not represent Microsoft), where a CA was compromised (e.g., DigiNotar,
Comodo), or where a CA made operational mistakes (e.g., TURKTRUST).
Another concern is that a legitimate CA might be coerced to provide
a certificate that allows its government to play man-in-the-middle
on TLS traffic and observe the plaintext.
Major changes - postscreen whitelisting
---------------------------------------
[Feature 20130512] Allow an SMTP client to skip postscreen(8) tests
based on its postscreen_dnsbl_sites score.
Specify a negative "postscreen_dnsbl_whitelist_threshold" to enable
this feature. When a client passes the threshold value without
having failed other tests, all pending or disabled tests are flagged
as completed.
Major changes - recipient_delimiter
-----------------------------------
[Feature 20130405] The recipient_delimiter parameter can now specify
a set of characters. A user name is now separated from its address
extension by the first character that matches the recipient_delimiter
set.
For example, specify "recipient_delimiter = +-" to support both the
Postfix-style "+" and the qmail-style "-" extension delimiter.
As before, this implementation recognizes one delimiter character
per email address, and one address extension per email address.
Major changes - smtpd access control
------------------------------------
[Feature 20131031] The check_sasl_access feature can be used to
block hijacked logins. Like other check_mumble_acces features it
queries a lookup table (in this case with the SASL login name), and
it supports the same actions as any Postfix access(5) table.
[Feature 20130924] The reject_known_sender_login_mismatch feature
applies reject_sender_login_mismatch only to MAIL FROM addresses
that are known in $smtpd_sender_login_maps.
Major changes - MacOS X
-----------------------
[Feature 20130325] Full support for kqueue() event handling which
scales better with large numbers of file handles, plus a workaround
for timeout handling on file handles (such as /dev/urandom) that
still do not correctly support poll().
Major changes - master
----------------------
[Incompat 20131217] The master_service_disable parameter value
syntax has changed: use "service/type" instead of "service.type".
The new form is consistent with postconf(1) namespaces for master.cf.
The old form is still supported to avoid breaking existing
configurations.
Major changes - milter
----------------------
[Feature 20131126] Support for ESMTP parameters NOTIFY and ORCPT
in the SMFIR_ADDRCPT_PAR (add recipient) request. Credits: Andrew
Ayer.
Major changes - mysql
---------------------
[Feature 20131117] MySQL client support for option_file, option_group,
tls_cert_file, tls_key_file, tls_CAfile, tls_CApath, tls_verify_cert.
Credits: Gareth Palmer.
Major changes - postconf
------------------------
[Feature 20131217] Support for advanced master.cf query and update
operations. This was implemented primarily to support automated
system management tools.
The goal is to make all Postfix master.cf details accessible as
lists of "name=value" pairs, where the names are organized into
structured name spaces. This allows other programs to query
information or request updates, without having to worry about the
exact layout of master.cf files.
Managing master.cf service attributes
-------------------------------------
First, an example that shows the smtp/inet service in the traditional
form:
$ postconf -M smtp/inet
smtp inet n - n - - smtpd
Different variants of this command show different amounts of output.
For example, "postconf -M smtp" enumerates all services that have
a name "smtp" and any service type ("inet", "unix", etc.), and
"postconf -M" enumerates all master.cf services.
General rule: each name component that is not present becomes a "*"
wildcard.
Coming back to the above example, the postconf -F option can now
enumerate the smtp/inet service fields as follows:
$ postconf -F smtp/inet
smtp/inet/service = smtp
smtp/inet/type = inet
smtp/inet/private = n
smtp/inet/unprivileged = -
smtp/inet/chroot = n
smtp/inet/wakeup = -
smtp/inet/process_limit = -
smtp/inet/command = smtpd
This form makes it very easy to change one field in master.cf.
For example to turn on chroot on the smtp/inet service you use:
$ postconf -F smtp/inet/chroot=y
$ postfix reload
Moreover, with "-F" you can specify "*" for service name or service
type to get a wild-card match. For example, to turn off chroot on
all Postfix daemons, use this:
$ postconf -F '*/*/chroot=n'
$ postfix reload
Managing master.cf service "-o parameter=value" settings
--------------------------------------------------------
For a second example, let's look at the submission service. This
service typically has multiple "-o parameter=value" overrides. First
the traditional view:
$ postconf -Mf submission
submission inet n - n - - smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
...
The postconf -P option can now enumerate these parameters as follows:
$ postconf -P submission
submission/inet/smtpd_sasl_auth_enable = yes
submission/inet/smtpd_tls_security_level = encrypt
...
Again, this form makes it very easy to modify one parameter
setting. For example, to change the smtpd_tls_security_level setting
for the submission/inet service:
$ postconf -P 'submission/inet/smtpd_tls_security_level=may'
You can create or remove a parametername=parametervalue setting:
Create:
$ postconf -P 'submission/inet/parametername=parametervalue'
Remove:
$ postconf -PX submission/inet/parametername
Finally, always execute "postfix reload" after updating master.cf.
Managing master.cf service entries
----------------------------------
Finally, adding master.cf entries is possible, but currently this
does not yet have "advanced" support. It can only be done at the
level of the traditional master.cf file format.
Suppose that you need to configure a Postfix SMTP client that will
handle slow email deliveries. To implement this you need to clone
the smtp/unix service settings and create a new delay/unix service.
First, you would enumerate the smtp/unix service like this:
$ postconf -M smtp/unix
smtp unix - - n - - smtp
Then you would copy those fields (except the first field) by hand
to create the delay/unix service:
$ postconf -M delay/unix="delay unix - - n - - smtp"
To combine the above steps in one command:
$ postconf -M delay/unix="`postconf -M smtp/unix|awk '{$1 = "delay"}'`"
This is perhaps not super-convenient for manual cloning, but it
should be sufficient for programmatic configuration management.
Again, always execute "postfix reload" after updating master.cf.
Deleting or commenting out master.cf entries
--------------------------------------------
The -X (delete entry) and -# (comment out entry) options already
exist for main.cf, and they now also work work for entire master.cf
entries:
Remove main.cf or master.cf entry:
$ postconf -X parametername
$ postconf -MX delay/unix
Comment out main.cf or master.cf entry:
$ postconf -# parametername
$ postconf -M# delay/unix
As with main.cf, there is no support to "undo" master.cf changes
that are made with -X or -#.
Again, always execute "postfix reload" after updating master.cf.

33
postfix/WISHLIST
View File

@ -1,13 +1,22 @@
Wish list:
Things to do before the stable release:
Spell-check, double-word check, and HTML validator check.
Remove this file from the stable release.
Things to do after the stable release:
Discourage the use of "after 220" tests in POSTSCREEN_README
and the documentation of individual parameter settings.
To un-break "make tests" under src/smtpd, make tests
independent from the DNS and native routines for host
name/address lookup.
Incorporate 3rd-party code such as dynamic_maps.
Support 3rd-party extension with /etc/postfix/postfix-files.d
Make been_here flag BH_FLAG_FOLD configurable for masochists.
Replace some redundant TLS_README sections with pointers
@ -15,24 +24,18 @@ Wish list:
Move html/index.html source to proto/.
How hard is it to follow canonical or virtual mapping
for the purpose of address validation? We must never
reject a valid address.
Preserve case in smtpd_resolve_addr() and add a structure
member for the case-folded address.
member for the case-folded address. IIRC some Milter macro
needs to show the unfolded address.
Per SASL account rate limits. This requires new infrastructure
that maintains stats by SASL account.
Watchdog timer to postmap/postalias.
Things to do before the stable release:
Spell-check, double-word check, and HTML validator check.
Discourage the use of "after 220" tests in POSTSCREEN_README
and the documentation of individual parameter settings.
Remove this file from the stable release.
Things to do after the stable release:
Watchdog timer in postmap/postalias.
Begin code revision, after DANE support stabilizes. This
should be one pass that changes only names and no code.

9
postfix/html/LMDB_README.html
View File

@ -17,6 +17,13 @@
<hr>
<h2>Note</h2>
<p> LMDB is not supported in the stable Postfix release. It will
spontaneously terminate a Postfix daemon process without allowing
Postfix to 1) report the problem to the maillog file, and to 2)
provide reduced service where this is appropriate. </p>
<h2>Introduction</h2>
<p> Postfix uses databases of various kinds to store and look up
@ -294,7 +301,7 @@ sure that <a href="postconf.5.html#lmdb_map_size">lmdb_map_size</a> &gt; 3x the
<dl>
<dt> Problem: </dt> <dd> <p> A corrupted LMDB database cann't be
<dt> Problem: </dt> <dd> <p> A corrupted LMDB database can't be
rebuilt simply by re-running <a href="postmap.1.html">postmap(1)</a> or <a href="postalias.1.html">postalias(1)</a>, or by
waiting until a <a href="tlsmgr.8.html">tlsmgr(8)</a> daemon restarts. This problem does not
exist with other Postfix databases. </p> </dd>

3
postfix/html/POSTSCREEN_README.html
View File

@ -1071,7 +1071,8 @@ of the following options: </p>
key_format = postscreen:%s
</pre>
<li> <p> A persistent <a href="lmdb_table.5.html">lmdb</a>: temporary whitelist can be shared between
<li> <p>
A persistent <a href="lmdb_table.5.html">lmdb</a>: temporary whitelist can be shared between
<a href="postscreen.8.html">postscreen(8)</a> daemons that run under the same <a href="master.8.html">master(8)</a> daemon,
or under different <a href="master.8.html">master(8)</a> daemons on the same host. Disable
cache cleanup (<a href="postconf.5.html#postscreen_cache_cleanup_interval">postscreen_cache_cleanup_interval</a> = 0) in all

5
postfix/html/lmdb_table.5.html
View File

@ -20,6 +20,11 @@ LMDB_TABLE(5) LMDB_TABLE(5)
<b>postmap -q - <a href="lmdb_table.5.html">lmdb</a>:/etc/postfix/</b><i>filename</i> &lt;<i>inputfile</i>
<b>DESCRIPTION</b>
LMDB is not supported in the stable Postfix release. It will sponta-
neously terminate a Postfix daemon process without allowing Postfix to
1) report the problem to the maillog file, and to 2) provide reduced
service where this is appropriate.
The Postfix LMDB adapter provides access to a persistent, memory-
mapped, key-value store. The database size is limited only by the size
of the memory address space and file system.

7
postfix/html/postconf.5.html
View File

@ -5888,7 +5888,7 @@ Examples:
<p> Selectively disable <a href="master.8.html">master(8)</a> listener ports by service type
or by service name and type. Specify a list of service types
("inet", "unix", "fifo", or "pass") or "name.type" tuples, where
("inet", "unix", "fifo", or "pass") or "name/type" tuples, where
"name" is the first field of a <a href="master.5.html">master.cf</a> entry and "type" is a
service type. As with other Postfix matchlists, a search stops at
the first match. Specify "!pattern" to exclude a service from the
@ -5901,14 +5901,15 @@ is intentional. </p>
<p> Examples: </p>
<pre>
# With Postfix 2.6..2.10 use '.' instead of '/'.
# Turn on all <a href="master.8.html">master(8)</a> listener ports (the default).
<a href="postconf.5.html#master_service_disable">master_service_disable</a> =
# Turn off only the main SMTP listener port.
<a href="postconf.5.html#master_service_disable">master_service_disable</a> = smtp.inet
<a href="postconf.5.html#master_service_disable">master_service_disable</a> = smtp/inet
# Turn off all TCP/IP listener ports.
<a href="postconf.5.html#master_service_disable">master_service_disable</a> = inet
# Turn off all TCP/IP listener ports except "foo".
<a href="postconf.5.html#master_service_disable">master_service_disable</a> = !foo.inet, inet
<a href="postconf.5.html#master_service_disable">master_service_disable</a> = !foo/inet, inet
</pre>
<p> This feature is available in Postfix 2.6 and later. </p>

6
postfix/man/man5/lmdb_table.5
View File

@ -22,6 +22,12 @@ Postfix LMDB adapter
.SH DESCRIPTION
.ad
.fi
LMDB is not supported in the stable Postfix release. It
will spontaneously terminate a Postfix daemon process without
allowing Postfix to 1) report the problem to the maillog
file, and to 2) provide reduced service where this is
appropriate.
The Postfix LMDB adapter provides access to a persistent,
memory-mapped, key-value store. The database size is limited
only by the size of the memory address space and file system.

7
postfix/man/man5/postconf.5
View File

@ -3430,7 +3430,7 @@ masquerade_exceptions = root
.SH master_service_disable (default: empty)
Selectively disable \fBmaster\fR(8) listener ports by service type
or by service name and type. Specify a list of service types
("inet", "unix", "fifo", or "pass") or "name.type" tuples, where
("inet", "unix", "fifo", or "pass") or "name/type" tuples, where
"name" is the first field of a master.cf entry and "type" is a
service type. As with other Postfix matchlists, a search stops at
the first match. Specify "!pattern" to exclude a service from the
@ -3445,14 +3445,15 @@ Examples:
.nf
.na
.ft C
# With Postfix 2.6..2.10 use '.' instead of '/'.
# Turn on all \fBmaster\fR(8) listener ports (the default).
master_service_disable =
# Turn off only the main SMTP listener port.
master_service_disable = smtp.inet
master_service_disable = smtp/inet
# Turn off all TCP/IP listener ports.
master_service_disable = inet
# Turn off all TCP/IP listener ports except "foo".
master_service_disable = !foo.inet, inet
master_service_disable = !foo/inet, inet
.fi
.ad
.ft R

9
postfix/proto/LMDB_README.html
View File

@ -17,6 +17,13 @@
<hr>
<h2>Note</h2>
<p> LMDB is not supported in the stable Postfix release. It will
spontaneously terminate a Postfix daemon process without allowing
Postfix to 1) report the problem to the maillog file, and to 2)
provide reduced service where this is appropriate. </p>
<h2>Introduction</h2>
<p> Postfix uses databases of various kinds to store and look up
@ -294,7 +301,7 @@ tlsmgr(8) from a corrupted database. </strong></p>
<dl>
<dt> Problem: </dt> <dd> <p> A corrupted LMDB database cann't be
<dt> Problem: </dt> <dd> <p> A corrupted LMDB database can't be
rebuilt simply by re-running postmap(1) or postalias(1), or by
waiting until a tlsmgr(8) daemon restarts. This problem does not
exist with other Postfix databases. </p> </dd>

3
postfix/proto/POSTSCREEN_README.html
View File

@ -1071,7 +1071,8 @@ of the following options: </p>
key_format = postscreen:%s
</pre>
<li> <p> A persistent lmdb: temporary whitelist can be shared between
<li> <p>
A persistent lmdb: temporary whitelist can be shared between
postscreen(8) daemons that run under the same master(8) daemon,
or under different master(8) daemons on the same host. Disable
cache cleanup (postscreen_cache_cleanup_interval = 0) in all

6
postfix/proto/lmdb_table
View File

@ -16,6 +16,12 @@
# .br
# \fBpostmap -q - lmdb:/etc/postfix/\fIfilename\fB <\fIinputfile\fR
# DESCRIPTION
# LMDB is not supported in the stable Postfix release. It
# will spontaneously terminate a Postfix daemon process without
# allowing Postfix to 1) report the problem to the maillog
# file, and to 2) provide reduced service where this is
# appropriate.
#
# The Postfix LMDB adapter provides access to a persistent,
# memory-mapped, key-value store. The database size is limited
# only by the size of the memory address space and file system.

7
postfix/proto/postconf.proto
View File

@ -13020,7 +13020,7 @@ This service is normally implemented by the proxymap(8) daemon.
<p> Selectively disable master(8) listener ports by service type
or by service name and type. Specify a list of service types
("inet", "unix", "fifo", or "pass") or "name.type" tuples, where
("inet", "unix", "fifo", or "pass") or "name/type" tuples, where
"name" is the first field of a master.cf entry and "type" is a
service type. As with other Postfix matchlists, a search stops at
the first match. Specify "!pattern" to exclude a service from the
@ -13033,14 +13033,15 @@ is intentional. </p>
<p> Examples: </p>
<pre>
# With Postfix 2.6..2.10 use '.' instead of '/'.
# Turn on all master(8) listener ports (the default).
master_service_disable =
# Turn off only the main SMTP listener port.
master_service_disable = smtp.inet
master_service_disable = smtp/inet
# Turn off all TCP/IP listener ports.
master_service_disable = inet
# Turn off all TCP/IP listener ports except "foo".
master_service_disable = !foo.inet, inet
master_service_disable = !foo/inet, inet
</pre>
<p> This feature is available in Postfix 2.6 and later. </p>

4
postfix/src/global/mail_version.h
View File

@ -20,8 +20,8 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
#define MAIL_RELEASE_DATE "20140104"
#define MAIL_VERSION_NUMBER "2.11"
#define MAIL_RELEASE_DATE "20140105"
#define MAIL_VERSION_NUMBER "2.12"
#ifdef SNAPSHOT
#define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE

19
postfix/src/util/lmdb_cache_test.sh Normal file
View File

@ -0,0 +1,19 @@
#!/bin/sh
set -e
rm -f foo.lmdb
./dict_cache <<EOF
cache lmdb:foo
update x ${1-2000}
run
update y ${1-2000}
purge x
run
purge y
run
EOF
../../bin/postmap -s lmdb:foo | diff /dev/null -
rm -f foo.lmdb

14
postfix/src/util/slmdb.c
View File

@ -288,6 +288,7 @@ static void slmdb_cursor_close(SLMDB *slmdb)
static void slmdb_saved_key_init(SLMDB *slmdb)
{
slmdb->saved_key.mv_data = 0;
slmdb->saved_key.mv_size = 0;
slmdb->saved_key_size = 0;
}
@ -296,8 +297,7 @@ static void slmdb_saved_key_init(SLMDB *slmdb)
static void slmdb_saved_key_free(SLMDB *slmdb)
{
free(slmdb->saved_key.mv_data);
slmdb->saved_key.mv_data = 0;
slmdb->saved_key_size = 0;
slmdb_saved_key_init(slmdb);
}
#define HAVE_SLMDB_SAVED_KEY(s) ((s)->saved_key.mv_data != 0)
@ -318,7 +318,7 @@ static int slmdb_saved_key_assign(SLMDB *slmdb, MDB_val *key_val)
slmdb->saved_key.mv_data =
realloc(slmdb->saved_key.mv_data, key_val->mv_size);
if (slmdb->saved_key.mv_data == 0) {
slmdb->saved_key_size = 0;
slmdb_saved_key_init(slmdb);
return (ENOMEM);
} else {
slmdb->saved_key_size = key_val->mv_size;
@ -374,7 +374,7 @@ static int slmdb_recover(SLMDB *slmdb, int status)
/*
* Close the cursor and its read transaction before changing the memory
* map size. We can restore it later with the saved key information.
* map size. We can restore it later from the saved key information.
*/
if (slmdb->cursor != 0)
slmdb_cursor_close(slmdb);
@ -588,7 +588,7 @@ int slmdb_del(SLMDB *slmdb, MDB_val *mdb_key)
/*
* Before doing a non-bulk write transaction in MDB_NOLOCK mode, close a
* cursor and its read transaction. We can restore it later with the
* cursor and its read transaction. We can restore it later from the
* saved key information.
*/
if (slmdb->cursor != 0 && slmdb->txn == 0
@ -639,7 +639,7 @@ int slmdb_cursor_get(SLMDB *slmdb, MDB_val *mdb_key,
}
/*
* Restore the cursor to the saved key position.
* Restore the cursor position from the saved key information.
*/
if (HAVE_SLMDB_SAVED_KEY(slmdb) && op != MDB_FIRST) {
if ((status = mdb_cursor_get(slmdb->cursor, &slmdb->saved_key,
@ -740,7 +740,7 @@ int slmdb_close(SLMDB *slmdb)
mdb_env_close(slmdb->env);
/*
* Clean up the saved key position.
* Clean up the saved key information.
*/
if (HAVE_SLMDB_SAVED_KEY(slmdb))
slmdb_saved_key_free(slmdb);