mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-31 06:05:37 +00:00
Code Issues Releases Wiki Activity

postfix-2.0.16-20030915

Browse Source
This commit is contained in:
Wietse Venema
2003-09-15 00:00:00 -05:00
committed by Viktor Dukhovni
parent 61fb4506a8
commit b7fe5bb669
17 changed files with 265 additions and 210 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
postfix/HISTORY
View File

@@ -8467,6 +8467,13 @@ Apologies for any names omitted.
networks. Based on code by Ben Rosengart, Panix. Files:
conf/sample-auth.cf, smtpd/smtpd.c.
20030902
Portability: the Postfix master resets the file size to
the largest possible off_t value when the actual limit
appears to overflow the off_t range. Files: util/sys_defs.h,
util/file_limit.c. A fine sample of bit banging.
20030905
Workaround: Solaris 8 select() claims that a non-blocking
@@ -8494,9 +8501,9 @@ Apologies for any names omitted.
20030908
The 20030905 workaround triggers too many warnings. TCP
sockets are back to blocking, and keepalives are turned on
to kill off dead sockets, as suggested by Leandro Santi.
The 20030905 Solaris workaround triggers too many warnings.
TCP sockets are back to blocking, and keepalives are turned
on to kill off dead sockets, as suggested by Leandro Santi.
Files: master/{single,multi}_server.c, smtpd/smtpd.c,
util/sys_defs.h.
@@ -8507,6 +8514,14 @@ Apologies for any names omitted.
was working poorly. Fix by Victor Duchovni, Morgan Stanley.
Files: lmtp/lmtp.c, lmtp/lmtp_proto.c.
20030912
Workaround: besides SMTP server sockets, SMTP client sockets
can also hang on Solaris, as reported by Leandro Santi. In
order to deal with this at the root, all connection management
is now done by sane_accept() and sane_connect(). Both turn
on keepalives on Solaris.
20030913
Safety: set-gid commands don't trust TZ. File: msg_syslog.c.
@@ -8520,7 +8535,8 @@ Apologies for any names omitted.
Dean Gibson.
In header/body_checks, DUNNO is now the preferred action
instead of the now deprecated OK.
instead of the now deprecated OK. This may confuse fewer
people.
In header/body_checks, allow text after IGNORE and DUNNO,
suggested by Victor Duchovni, Morgan Stanley. File:
@@ -8528,14 +8544,21 @@ Apologies for any names omitted.
Feature: reject_rhsbl_helo. File: smtpd/smtpd_check.c.
Cleanup: the LMTP and SMTP clients now send "MAIL FROM:<sender>
Bugfix? The LMTP and SMTP clients now send "MAIL FROM:<sender>
AUTH=<>" when SASL authenticated. Suggested by by Victor
Duchovni, Morgan Stanley. Files: smtp/smtp_proto.c,
lmtp/lmtp_proto.c.
Open problems:
20030915
Med: do not list myorigin in virtual_alias_maps.
Bugfix: mail rejected by the before-queue content filter
was mis-labeled as a software error; it should be labeled
as a policy error instead. File: smtpd/smtpd.c.
Cleanup: postcat is now null-byte transparent. File:
postcat/postcat.c.
Open problems:
High: when virtual aliasing is turned off after content
filtering, local submissions may escape virtual aliasing.
@@ -8544,8 +8567,6 @@ Open problems:
request is in progress; this can result in multiple
non-delivery notifications.
Low: postcat should be null byte transparent.
Low: qmgr_move should not reset time stamps on queue files
without shared lock (i.e. not open by a delivery agent).

81
postfix/README_FILES/SMTPD_PROXY_README
View File

@@ -1,9 +1,9 @@
Purpose of the SMTP-based before-queue proxy filter feature
===========================================================
Purpose of the before-queue content filter feature
==================================================
Normally, Postfix receives mail, stores it in the mail queue and
then delivers it. The Postfix SMTP server can be configured to
forward all incoming mail through a proxy filter (for example, a
forward all incoming mail to a content filter (for example, a
real-time SPAM filter) that inspects all mail BEFORE it is stored
in the Postfix mail queue.
@@ -11,7 +11,7 @@ in the Postfix mail queue.
FILTER_README document, where all mail is inspected AFTER it is
stored in the Postfix mail queue]
The SMTP-based before-queue proxy filter is meant to be used as follows:
The before-queue content filter is meant to be used as follows:
before / smtp
Internet -> smtpd -> queue -> smtpd -> cleanup -> queue -> local
@@ -34,14 +34,14 @@ after-queue content filter:
queue <-
filter
The SMTP-based before-queue proxy filter receives unfiltered mail
from Postfix and does one of the following:
The before-queue content filter receives unfiltered SMTP mail from
Postfix and does one of the following:
1 - Re-inject the mail back into Postfix via SMTP, perhaps after
changing content.
2 - Reject the mail (by sending a suitable status code back to
Postfix). Postfix passes the status back to the remote SMTP
2 - Reject the mail by sending a suitable SMTP status code back
to Postfix. Postfix passes the status back to the remote SMTP
client. This way, Postfix does not have to send a bounce message.
3 - Send the mail somewhere else.
@@ -49,45 +49,36 @@ from Postfix and does one of the following:
Limitations
===========
The SMTP-based before-queue proxy filter allows Postfix to reject
mail before the incoming SMTP mail transfer completes, so that
Postfix does not have to send rejected mail back to the sender.
Mail that is not accepted remains the responsibility of the client.
In all other respects this content filtering approach is inferior
to the existing content filter (see FILTER_README) which processes
mail AFTER it is queued, because that gives you full control over
how many filtering processes can be run in parallel.
The before-queue content filter allows Postfix to reject mail before
the incoming SMTP mail transfer completes, so that Postfix does
not have to send rejected mail back to the sender. Mail that is
not accepted remains the responsibility of the remote SMTP client.
The problem with before-queue content filtering is that the remote
SMTP client expects an SMTP reply within a deadline. As the system
load increases, fewer and fewer CPU cycles remain available to
answer within the deadline, and eventually you either have to stop
accepting mail or you have to accept unfiltered mail.
accepting mail or you have to stop filtering the mail.
A possible workaround is to have the proxy take special action when
the deadline is reached: add a distinctive message header that
triggers a Postfix header_checks FILTER action, or send the mail
into Postfix via an alternative Postfix SMTP server that always
turns on content filtering.
How Postfix talks to the before-queue proxy filter
How Postfix talks to the before-queue content filter
==================================================
When passing mail to the SMTP-based before-queue filter, Postfix
generates its own EHLO, DATA and QUIT commands, and forwards
unmodified copies of the MAIL FROM and RCPT TO commands that the
Postfix SMTP server has approved. All commands are sent without
using ESMTP command pipelining. The SMTP proxy server should accept
the same MAIL FROM and RCPT TO command syntax as the Postfix SMTP
server.
Postfix makes one connection per email message. Postfix speaks
ESMTP, but uses no command pipelining. Postfix generates its own
EHLO, DATA and QUIT commands, and forwards unmodified copies of
all the MAIL FROM and RCPT TO commands that the Postfix SMTP server
didn't reject itself. The SMTP proxy server should accept the same
MAIL FROM and RCPT TO command syntax as the Postfix SMTP server.
Postfix sends no other SMTP commands.
The before-queue proxy filter is expected literally pass on the
SMTP commands that it receives from Postfix to an after-filter
Postfix SMTP server that listens on a non-standard port. When the
filter rejects content, it should send a negative response back to
Postfix, and it should abort any connection with the after-filter
Postfix SMTP server without completing the SMTP dialog.
The content filter is expected to pass on unmodified SMTP commands
from a before-filter Postfix SMTP server to an after-filter Postfix
SMTP server that listens on a non-standard port. When the filter
rejects content, it should send a negative SMTP response back to
the before-filter Postfix SMTP server, and it should abort any
connection with the after-filter Postfix SMTP server without
completing the SMTP conversation with the after-filter Postfix SMTP
server.
Configuration parameters
========================
@@ -96,12 +87,12 @@ Parameters that control proxying:
smtpd_proxy_filter (syntax: host:port)
The host and TCP port of the before-queue proxy filter. When
The host and TCP port of the before-queue content filter. When
no host or host: is specified, localhost is assumed.
smtpd_proxy_timeout (default: 100s)
Timeout for connecting to the before-queue proxy filter and
Timeout for connecting to the before-queue content filter and
for sending and receiving commands and data. All proxy errors
are logged to the maillog file. For privacy reasons, all the
remote SMTP client sees is "451 Error: queue file write error".
@@ -109,15 +100,15 @@ smtpd_proxy_timeout (default: 100s)
smtpd_proxy_ehlo (default: $myhostname)
The hostname to use when sending an EHLO command to the
before-queue proxy filter.
before-queue content filter.
Testing the SMTP pass-through proxy feature
===========================================
The following example sets up a null proxy, that is, the Postfix
SMTP server gives the mail directly to another Postfix SMTP server
process without intervening content filter. This useful only for
testing, of course.
The following example sets up a null content filter, that is, the
Postfix SMTP server gives the mail directly to another Postfix SMTP
server process without intervening content filter. This useful only
for testing, of course.
/etc/postfix/master.cf
smtp inet n - n - - smtpd

129
postfix/conf/access
View File

@@ -66,28 +66,29 @@
# The pattern domain.tld also matches subdomains, but
# only when the string smtpd_access_maps is listed in
# the Postfix parent_domain_matches_subdomains con-
# figuration setting. Otherwise, specify .domain.tld
# (note the initial dot) in order to match subdo-
# mains.
# figuration setting (note that this is the default
# for some versions of Postfix). Otherwise, specify
# .domain.tld (note the initial dot) in order to
# match subdomains.
#
# user@ Matches all mail addresses with the specified user
# user@ Matches all mail addresses with the specified user
# part.
#
# Note: lookup of the null sender address is not possible
# with some types of lookup table. By default, Postfix uses
# <> as the lookup key for such addresses. The value is
# specified with the smtpd_null_access_lookup_key parameter
# Note: lookup of the null sender address is not possible
# with some types of lookup table. By default, Postfix uses
# <> as the lookup key for such addresses. The value is
# specified with the smtpd_null_access_lookup_key parameter
# in the Postfix main.cf file.
#
# EMAIL ADDRESS EXTENSION
# When a mail address localpart contains the optional recip-
# ient delimiter (e.g., user+foo@domain), the lookup order
# becomes: user+foo@domain, user@domain, domain, user+foo@,
# ient delimiter (e.g., user+foo@domain), the lookup order
# becomes: user+foo@domain, user@domain, domain, user+foo@,
# and user@.
#
# HOST NAME/ADDRESS PATTERNS
# With lookups from indexed files such as DB or DBM, or from
# networked tables such as NIS, LDAP or SQL, the following
# networked tables such as NIS, LDAP or SQL, the following
# lookup patterns are examined in the order as listed:
#
# domain.tld
@@ -95,9 +96,9 @@
#
# The pattern domain.tld also matches subdomains, but
# only when the string smtpd_access_maps is listed in
# the Postfix parent_domain_matches_subdomains con-
# the Postfix parent_domain_matches_subdomains con-
# figuration setting. Otherwise, specify .domain.tld
# (note the initial dot) in order to match subdo-
# (note the initial dot) in order to match subdo-
# mains.
#
# net.work.addr.ess
@@ -106,88 +107,88 @@
#
# net.work
#
# net Matches any host address in the specified network.
# A network address is a sequence of one or more
# net Matches any host address in the specified network.
# A network address is a sequence of one or more
# octets separated by ".".
#
# NOTE: use the cidr lookup table type to specify
# NOTE: use the cidr lookup table type to specify
# network/netmask patterns. See cidr_table(5) for
# details.
#
# ACTIONS
# [45]NN text
# Reject the address etc. that matches the pattern,
# Reject the address etc. that matches the pattern,
# and respond with the numerical code and text.
#
# REJECT optional text...
# Reject the address etc. that matches the pattern.
# Reply with $reject_code optional text... when the
# optional text is specified, otherwise reply with a
# Reject the address etc. that matches the pattern.
# Reply with $reject_code optional text... when the
# optional text is specified, otherwise reply with a
# generic error response message.
#
# DEFER_IF_REJECT optional text...
# Defer the request if some later restriction would
# Defer the request if some later restriction would
# result in a REJECT action. Reply with "450 optional
# text... when the optional text is specified, other-
# wise reply with a generic error response message.
#
# DEFER_IF_PERMIT optional text...
# Defer the request if some later restriction would
# Defer the request if some later restriction would
# result in a PERMIT action (there is an implied PER-
# MIT at the end of each restriction list). Reply
# with "450 optional text... when the optional text
# is specified, otherwise reply with a generic error
# MIT at the end of each restriction list). Reply
# with "450 optional text... when the optional text
# is specified, otherwise reply with a generic error
# response message.
#
# OK Accept the address etc. that matches the pattern.
#
# all-numerical
# An all-numerical result is treated as OK. This for-
# mat is generated by address-based relay authoriza-
# mat is generated by address-based relay authoriza-
# tion schemes.
#
# DUNNO Pretend that the lookup key was not found in this
# DUNNO Pretend that the lookup key was not found in this
# table. This prevents Postfix from trying substrings
# of the lookup key (such as a subdomain name, or a
# of the lookup key (such as a subdomain name, or a
# network address subnetwork).
#
# HOLD optional text...
# Place the message on the hold queue, where it will
# sit until someone either deletes it or releases it
# for delivery. Log the optional text if specified,
# Place the message on the hold queue, where it will
# sit until someone either deletes it or releases it
# for delivery. Log the optional text if specified,
# otherwise log a generic message.
#
# Mail that is placed on hold can be examined with
# the postcat(1) command, and can be destroyed or
# Mail that is placed on hold can be examined with
# the postcat(1) command, and can be destroyed or
# released with the postsuper(1) command.
#
# Note: this action currently affects all recipients
# of the message.
#
# DISCARD optional text...
# Claim successful delivery and silently discard the
# message. Log the optional text if specified, oth-
# erwise log a generic message.
#
# Note: this action currently affects all recipients
# of the message.
#
# DISCARD optional text...
# Claim successful delivery and silently discard the
# message. Log the optional text if specified, oth-
# erwise log a generic message.
#
# Note: this action currently affects all recipients
# of the message.
#
# FILTER transport:destination
# After the message is queued, send the entire mes-
# sage through a content filter. More information
# After the message is queued, send the entire mes-
# sage through a content filter. More information
# about content filters is in the Postfix FIL-
# TER_README file.
#
# Note: this action overrides the main.cf con-
# Note: this action overrides the main.cf con-
# tent_filter setting, and currently affects all
# recipients of the message.
#
# REDIRECT user@domain
# After the message is queued, send the message to
# After the message is queued, send the message to
# the specified address instead of the intended
# recipient(s).
#
# Note: this action overrides the FILTER action, and
# Note: this action overrides the FILTER action, and
# currently affects all recipients of the message.
#
# restriction...
@@ -195,46 +196,46 @@
# reject_unauth_destination, and so on).
#
# REGULAR EXPRESSION TABLES
# This section describes how the table lookups change when
# This section describes how the table lookups change when
# the table is given in the form of regular expressions. For
# a description of regular expression lookup table syntax,
# a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5).
#
# Each pattern is a regular expression that is applied to
# Each pattern is a regular expression that is applied to
# the entire string being looked up. Depending on the appli-
# cation, that string is an entire client hostname, an
# cation, that string is an entire client hostname, an
# entire client IP address, or an entire mail address. Thus,
# no parent domain or parent network search is done,
# user@domain mail addresses are not broken up into their
# user@domain mail addresses are not broken up into their
# user@ and domain constituent parts, nor is user+foo broken
# up into user and foo.
#
# Patterns are applied in the order as specified in the
# table, until a pattern is found that matches the search
# Patterns are applied in the order as specified in the
# table, until a pattern is found that matches the search
# string.
#
# Actions are the same as with indexed file lookups, with
# the additional feature that parenthesized substrings from
# Actions are the same as with indexed file lookups, with
# the additional feature that parenthesized substrings from
# the pattern can be interpolated as $1, $2 and so on.
#
# TCP-BASED TABLES
# This section describes how the table lookups change when
# This section describes how the table lookups change when
# lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see
# tion of the TCP client/server lookup protocol, see
# tcp_table(5).
#
# Each lookup operation uses the entire query string once.
# Depending on the application, that string is an entire
# Each lookup operation uses the entire query string once.
# Depending on the application, that string is an entire
# client hostname, an entire client IP address, or an entire
# mail address. Thus, no parent domain or parent network
# search is done, user@domain mail addresses are not broken
# up into their user@ and domain constituent parts, nor is
# mail address. Thus, no parent domain or parent network
# search is done, user@domain mail addresses are not broken
# up into their user@ and domain constituent parts, nor is
# user+foo broken up into user and foo.
#
# Actions are the same as with indexed file lookups.
#
# BUGS
# The table format does not understand quoting conventions.
# The table format does not understand quoting conventions.
#
# SEE ALSO
# postmap(1) create lookup table
@@ -245,7 +246,7 @@
# tcp_table(5) TCP client/server table lookup protocol
#
# LICENSE
# The Secure Mailer license must be distributed with this
# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)

131
postfix/html/access.5.html
View File

@@ -1,4 +1,4 @@
<html> <head> </head> <body> <pre>
<html> <body> <pre>
ACCESS(5) ACCESS(5)
<b>NAME</b>
@@ -67,28 +67,29 @@ ACCESS(5) ACCESS(5)
The pattern <i>domain.tld</i> also matches subdomains, but
only when the string <b>smtpd_access_maps</b> is listed in
the Postfix <b>parent_domain_matches_subdomains</b> con-
figuration setting. Otherwise, specify <i>.domain.tld</i>
(note the initial dot) in order to match subdo-
mains.
figuration setting (note that this is the default
for some versions of Postfix). Otherwise, specify
<i>.domain.tld</i> (note the initial dot) in order to
match subdomains.
<i>user</i>@ Matches all mail addresses with the specified user
<i>user</i>@ Matches all mail addresses with the specified user
part.
Note: lookup of the null sender address is not possible
with some types of lookup table. By default, Postfix uses
&lt;&gt; as the lookup key for such addresses. The value is
specified with the <b>smtpd_null_access_lookup_key</b> parameter
Note: lookup of the null sender address is not possible
with some types of lookup table. By default, Postfix uses
&lt;&gt; as the lookup key for such addresses. The value is
specified with the <b>smtpd_null_access_lookup_key</b> parameter
in the Postfix <b>main.cf</b> file.
<b>EMAIL ADDRESS EXTENSION</b>
When a mail address localpart contains the optional recip-
ient delimiter (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order
becomes: <i>user+foo</i>@<i>domain</i>, <i>user</i>@<i>domain</i>, <i>domain</i>, <i>user+foo</i>@,
ient delimiter (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order
becomes: <i>user+foo</i>@<i>domain</i>, <i>user</i>@<i>domain</i>, <i>domain</i>, <i>user+foo</i>@,
and <i>user</i>@.
<b>HOST NAME/ADDRESS PATTERNS</b>
With lookups from indexed files such as DB or DBM, or from
networked tables such as NIS, LDAP or SQL, the following
networked tables such as NIS, LDAP or SQL, the following
lookup patterns are examined in the order as listed:
<i>domain.tld</i>
@@ -96,9 +97,9 @@ ACCESS(5) ACCESS(5)
The pattern <i>domain.tld</i> also matches subdomains, but
only when the string <b>smtpd_access_maps</b> is listed in
the Postfix <b>parent_domain_matches_subdomains</b> con-
the Postfix <b>parent_domain_matches_subdomains</b> con-
figuration setting. Otherwise, specify <i>.domain.tld</i>
(note the initial dot) in order to match subdo-
(note the initial dot) in order to match subdo-
mains.
<i>net.work.addr.ess</i>
@@ -107,88 +108,88 @@ ACCESS(5) ACCESS(5)
<i>net.work</i>
<i>net</i> Matches any host address in the specified network.
A network address is a sequence of one or more
<i>net</i> Matches any host address in the specified network.
A network address is a sequence of one or more
octets separated by ".".
NOTE: use the <b>cidr</b> lookup table type to specify
NOTE: use the <b>cidr</b> lookup table type to specify
network/netmask patterns. See <a href="cidr_table.5.html">cidr_table(5)</a> for
details.
<b>ACTIONS</b>
[<b>45</b>]<i>NN text</i>
Reject the address etc. that matches the pattern,
Reject the address etc. that matches the pattern,
and respond with the numerical code and text.
<b>REJECT</b> <i>optional text...</i>
Reject the address etc. that matches the pattern.
Reply with <i>$reject</i><b>_</b><i>code optional text...</i> when the
optional text is specified, otherwise reply with a
Reject the address etc. that matches the pattern.
Reply with <i>$reject</i><b>_</b><i>code optional text...</i> when the
optional text is specified, otherwise reply with a
generic error response message.
<b>DEFER_IF_REJECT</b> <i>optional text...</i>
Defer the request if some later restriction would
Defer the request if some later restriction would
result in a REJECT action. Reply with "<b>450</b> <i>optional</i>
<i>text...</i> when the optional text is specified, other-
wise reply with a generic error response message.
<b>DEFER_IF_PERMIT</b> <i>optional text...</i>
Defer the request if some later restriction would
Defer the request if some later restriction would
result in a PERMIT action (there is an implied PER-
MIT at the end of each restriction list). Reply
with "<b>450</b> <i>optional text...</i> when the optional text
is specified, otherwise reply with a generic error
MIT at the end of each restriction list). Reply
with "<b>450</b> <i>optional text...</i> when the optional text
is specified, otherwise reply with a generic error
response message.
<b>OK</b> Accept the address etc. that matches the pattern.
<i>all-numerical</i>
An all-numerical result is treated as OK. This for-
mat is generated by address-based relay authoriza-
mat is generated by address-based relay authoriza-
tion schemes.
<b>DUNNO</b> Pretend that the lookup key was not found in this
<b>DUNNO</b> Pretend that the lookup key was not found in this
table. This prevents Postfix from trying substrings
of the lookup key (such as a subdomain name, or a
of the lookup key (such as a subdomain name, or a
network address subnetwork).
<b>HOLD</b> <i>optional text...</i>
Place the message on the <b>hold</b> queue, where it will
sit until someone either deletes it or releases it
for delivery. Log the optional text if specified,
Place the message on the <b>hold</b> queue, where it will
sit until someone either deletes it or releases it
for delivery. Log the optional text if specified,
otherwise log a generic message.
Mail that is placed on hold can be examined with
the <a href="postcat.1.html"><b>postcat</b>(1)</a> command, and can be destroyed or
Mail that is placed on hold can be examined with
the <a href="postcat.1.html"><b>postcat</b>(1)</a> command, and can be destroyed or
released with the <a href="postsuper.1.html"><b>postsuper</b>(1)</a> command.
Note: this action currently affects all recipients
of the message.
<b>DISCARD</b> <i>optional text...</i>
Claim successful delivery and silently discard the
message. Log the optional text if specified, oth-
erwise log a generic message.
Note: this action currently affects all recipients
of the message.
<b>DISCARD</b> <i>optional text...</i>
Claim successful delivery and silently discard the
message. Log the optional text if specified, oth-
erwise log a generic message.
Note: this action currently affects all recipients
of the message.
<b>FILTER</b> <i>transport:destination</i>
After the message is queued, send the entire mes-
sage through a content filter. More information
After the message is queued, send the entire mes-
sage through a content filter. More information
about content filters is in the Postfix FIL-
TER_README file.
Note: this action overrides the <b>main.cf con-</b>
Note: this action overrides the <b>main.cf con-</b>
<b>tent_filter</b> setting, and currently affects all
recipients of the message.
<b>REDIRECT</b> <i>user@domain</i>
After the message is queued, send the message to
After the message is queued, send the message to
the specified address instead of the intended
recipient(s).
Note: this action overrides the FILTER action, and
Note: this action overrides the FILTER action, and
currently affects all recipients of the message.
<i>restriction...</i>
@@ -196,46 +197,46 @@ ACCESS(5) ACCESS(5)
<b>reject_unauth_destination</b>, and so on).
<b>REGULAR EXPRESSION TABLES</b>
This section describes how the table lookups change when
This section describes how the table lookups change when
the table is given in the form of regular expressions. For
a description of regular expression lookup table syntax,
a description of regular expression lookup table syntax,
see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
Each pattern is a regular expression that is applied to
Each pattern is a regular expression that is applied to
the entire string being looked up. Depending on the appli-
cation, that string is an entire client hostname, an
cation, that string is an entire client hostname, an
entire client IP address, or an entire mail address. Thus,
no parent domain or parent network search is done,
<i>user@domain</i> mail addresses are not broken up into their
<i>user@domain</i> mail addresses are not broken up into their
<i>user@</i> and <i>domain</i> constituent parts, nor is <i>user+foo</i> broken
up into <i>user</i> and <i>foo</i>.
Patterns are applied in the order as specified in the
table, until a pattern is found that matches the search
Patterns are applied in the order as specified in the
table, until a pattern is found that matches the search
string.
Actions are the same as with indexed file lookups, with
the additional feature that parenthesized substrings from
Actions are the same as with indexed file lookups, with
the additional feature that parenthesized substrings from
the pattern can be interpolated as <b>$1</b>, <b>$2</b> and so on.
<b>TCP-BASED TABLES</b>
This section describes how the table lookups change when
This section describes how the table lookups change when
lookups are directed to a TCP-based server. For a descrip-
tion of the TCP client/server lookup protocol, see
tion of the TCP client/server lookup protocol, see
<a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>.
Each lookup operation uses the entire query string once.
Depending on the application, that string is an entire
Each lookup operation uses the entire query string once.
Depending on the application, that string is an entire
client hostname, an entire client IP address, or an entire
mail address. Thus, no parent domain or parent network
search is done, <i>user@domain</i> mail addresses are not broken
up into their <i>user@</i> and <i>domain</i> constituent parts, nor is
mail address. Thus, no parent domain or parent network
search is done, <i>user@domain</i> mail addresses are not broken
up into their <i>user@</i> and <i>domain</i> constituent parts, nor is
<i>user+foo</i> broken up into <i>user</i> and <i>foo</i>.
Actions are the same as with indexed file lookups.
<b>BUGS</b>
The table format does not understand quoting conventions.
The table format does not understand quoting conventions.
<b>SEE ALSO</b>
<a href="postmap.1.html">postmap(1)</a> create lookup table
@@ -246,7 +247,7 @@ ACCESS(5) ACCESS(5)
<a href="tcp_table.5.html">tcp_table(5)</a> TCP client/server table lookup protocol
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>

10
postfix/html/postcat.1.html
View File

@@ -1,11 +1,11 @@
<html> <head> </head> <body> <pre>
<html> <body> <pre>
POSTCAT(1) POSTCAT(1)
<b>NAME</b>
postcat - show Postfix queue file contents
<b>SYNOPSIS</b>
<b>postcat</b> [<b>-vq</b>] [<b>-c</b> <i>config_dir</i>] [<i>files</i>...]
<b>postcat</b> [<b>-vq</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] [<i>files</i>...]
<b>DESCRIPTION</b>
The <b>postcat</b> command prints the contents of the named <i>files</i>
@@ -15,7 +15,7 @@ POSTCAT(1) POSTCAT(1)
Options:
<b>-c</b> <i>config_dir</i>
<b>-c</b> <i>config</i><b>_</b><i>dir</i>
The <b>main.cf</b> configuration file is in the named
directory instead of the default configuration
directory.
@@ -31,7 +31,7 @@ POSTCAT(1) POSTCAT(1)
Problems are reported to the standard error stream.
<b>ENVIRONMENT</b>
<b>MAIL</b><i>_</i><b>CONFIG</b>
<b>MAIL_CONFIG</b>
Directory with Postfix configuration files.
<b>CONFIGURATION PARAMETERS</b>
@@ -39,7 +39,7 @@ POSTCAT(1) POSTCAT(1)
default values. Use the <b>postfix reload</b> command after a
configuration change.
<b>queue</b><i>_</i><b>directory</b>
<b>queue_directory</b>
Top-level directory of the Postfix queue. This is
also the root directory of Postfix daemons that run
chrooted.

3
postfix/man/man5/access.5
View File

@@ -66,7 +66,8 @@ Matches \fIdomain.tld\fR as the domain part of an email address.
.sp
The pattern \fIdomain.tld\fR also matches subdomains, but only
when the string \fBsmtpd_access_maps\fR is listed in the Postfix
\fBparent_domain_matches_subdomains\fR configuration setting.
\fBparent_domain_matches_subdomains\fR configuration setting
(note that this is the default for some versions of Postfix).
Otherwise, specify \fI.domain.tld\fR (note the initial dot) in
order to match subdomains.
.IP \fIuser\fR@

2
postfix/src/global/mail_version.h
View File

@@ -20,7 +20,7 @@
* Patches change the patchlevel and the release date. Snapshots change the
* release date only, unless they include the same bugfix as a patch release.
*/
#define MAIL_RELEASE_DATE "20030812"
#define MAIL_RELEASE_DATE "20030915"
#define VAR_MAIL_VERSION "mail_version"
#define DEF_MAIL_VERSION "2.0.14-" MAIL_RELEASE_DATE

15
postfix/src/global/post_mail.c
View File

@@ -294,7 +294,6 @@ static void post_mail_open_event(int event, char *context)
event_disable_readwrite(vstream_fileno(state->stream));
vstream_fclose(state->stream);
} else {
case EVENT_XCPT:
msg_warn("connect to service: %s: %m", var_cleanup_service);
}
myfree(state->sender);
@@ -303,6 +302,20 @@ static void post_mail_open_event(int event, char *context)
myfree((char *) state);
return;
/*
* Some exception.
*/
case EVENT_XCPT:
msg_warn("error connecting to service: %s", var_cleanup_service);
event_cancel_timer(post_mail_open_event, context);
event_disable_readwrite(vstream_fileno(state->stream));
vstream_fclose(state->stream);
myfree(state->sender);
myfree(state->recipient);
state->notify((VSTREAM *) 0, state->context);
myfree((char *) state);
return;
/*
* Broken software or hardware.
*/

2
postfix/src/lmtp/lmtp_proto.c
View File

@@ -385,7 +385,7 @@ static int lmtp_loop(LMTP_STATE *state, int send_state, int recv_state)
}
/*
* We authenticate the client, not the sender.
* We authenticate the local MTA only, but not the sender.
*/
#ifdef USE_SASL_AUTH
if (var_lmtp_sasl_enable

16
postfix/src/postcat/postcat.c
View File

@@ -80,6 +80,7 @@
#define PC_FLAG_QUEUE (1<<0) /* search queue */
#define STR vstring_str
#define LEN VSTRING_LEN
/* postcat - visualize Postfix queue file contents */
@@ -129,17 +130,16 @@ static void postcat(VSTREAM *fp, VSTRING *buffer)
break;
case REC_TYPE_CONT:
if (msg_verbose)
vstream_printf("%s: %s\n", rec_type_name(rec_type),
STR(buffer));
else
vstream_printf("%s", STR(buffer));
vstream_printf("%s: ", rec_type_name(rec_type));
vstream_fwrite(VSTREAM_OUT, STR(buffer), LEN(buffer));
if (msg_verbose)
VSTREAM_PUTCHAR('\n');
break;
case REC_TYPE_NORM:
if (msg_verbose)
vstream_printf("%s: %s\n", rec_type_name(rec_type),
STR(buffer));
else
vstream_printf("%s\n", STR(buffer));
vstream_printf("%s: ", rec_type_name(rec_type));
vstream_fwrite(VSTREAM_OUT, STR(buffer), LEN(buffer));
VSTREAM_PUTCHAR('\n');
break;
case REC_TYPE_MESG:
vstream_printf("*** MESSAGE CONTENTS %s ***\n", VSTREAM_PATH(fp));

2
postfix/src/smtp/smtp_proto.c
View File

@@ -506,7 +506,7 @@ int smtp_xfer(SMTP_STATE *state)
}
/*
* We authenticate the client, not the sender.
* We authenticate the local MTA only, but not the sender.
*/
#ifdef USE_SASL_AUTH
if (var_smtp_sasl_enable

16
postfix/src/smtpd/smtpd.c
View File

@@ -555,6 +555,8 @@ static void mail_reset(SMTPD_STATE *);
static void rcpt_reset(SMTPD_STATE *);
static void chat_reset(SMTPD_STATE *, int);
#ifdef USE_SASL_AUTH
/*
* SASL exceptions.
*/
@@ -584,6 +586,8 @@ static int sasl_client_exception(SMTPD_STATE *state)
return (match);
}
#endif
/* collapse_args - put arguments together again */
static void collapse_args(int argc, SMTPD_TOKEN *argv)
@@ -1299,8 +1303,9 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
if (state->proxy) {
if (state->err == CLEANUP_STAT_OK) {
(void) smtpd_proxy_cmd(state, SMTPD_PROX_WANT_ANY, ".");
if (*STR(state->proxy_buffer) != '2')
state->err = CLEANUP_STAT_PROXY;
if (state->err == CLEANUP_STAT_OK &&
*STR(state->proxy_buffer) != '2')
state->err = CLEANUP_STAT_CONT;
}
smtpd_proxy_close(state);
}
@@ -1350,8 +1355,11 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
smtpd_chat_reply(state, "554 Error: too many hops");
} else if ((state->err & CLEANUP_STAT_CONT) != 0) {
state->error_mask |= MAIL_ERROR_POLICY;
smtpd_chat_reply(state, "550 Error: %s", LEN(why) ?
STR(why) : "content rejected");
if (state->proxy_buffer)
smtpd_chat_reply(state, "%s", STR(state->proxy_buffer));
else
smtpd_chat_reply(state, "550 Error: %s", LEN(why) ?
STR(why) : "content rejected");
} else if ((state->err & CLEANUP_STAT_WRITE) != 0) {
state->error_mask |= MAIL_ERROR_RESOURCE;
smtpd_chat_reply(state, "451 Error: queue file write error");

2
postfix/src/smtpd/smtpd_check.in4
View File

@@ -5,7 +5,7 @@
#msg_verbose 1
smtpd_delay_reject 0
#
# Test the nex access map features
# Test the new access map features
#
sender_restrictions hash:./smtpd_check_access
mail rejecttext@bad.domain

7
postfix/src/smtpd/smtpd_exp.in
View File

@@ -53,3 +53,10 @@ client spike.porcupine.org 168.100.189.2
mail sname@sdomain
rcpt rname@rdomain
rcpt rname@example.tld
#
# RHSBL helo domain name
#
recipient_restrictions reject_rhsbl_helo,abuse.rfc-ignorant.org
helo example.tld
mail sname@sdomain
rcpt rname@rdomain

12
postfix/src/smtpd/smtpd_exp.ref
View File

@@ -97,3 +97,15 @@ OK
>>> rcpt rname@example.tld
./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.189.2]: 554 client=spike.porcupine.org[168.100.189.2] client_address=168.100.189.2 client_name=spike.porcupine.org helo_name=foobar sender=sname@sdomain sender_name=sname sender_domain=sdomain recipient=rname@example.tld recipient_name=rname recipient_domain=example.tld rbl_code=554 rbl_domain=dsn.rfc-ignorant.org rbl_txt=Not supporting null originator (DSN) rbl_what=rname@example.tld rbl_class=Recipient address; from=<sname@sdomain> to=<rname@example.tld> proto=SMTP helo=<foobar>
554 client=spike.porcupine.org[168.100.189.2] client_address=168.100.189.2 client_name=spike.porcupine.org helo_name=foobar sender=sname@sdomain sender_name=sname sender_domain=sdomain recipient=rname@example.tld recipient_name=rname recipient_domain=example.tld rbl_code=554 rbl_domain=dsn.rfc-ignorant.org rbl_txt=Not supporting null originator (DSN) rbl_what=rname@example.tld rbl_class=Recipient address
>>> #
>>> # RHSBL helo domain name
>>> #
>>> recipient_restrictions reject_rhsbl_helo,abuse.rfc-ignorant.org
OK
>>> helo example.tld
OK
>>> mail sname@sdomain
OK
>>> rcpt rname@rdomain
./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.189.2]: 554 Service unavailable; Helo command [example.tld] blocked using abuse.rfc-ignorant.org; Not supporting abuse@domain; from=<sname@sdomain> to=<rname@rdomain> proto=SMTP helo=<example.tld>
554 Service unavailable; Helo command [example.tld] blocked using abuse.rfc-ignorant.org; Not supporting abuse@domain

4
postfix/src/smtpstone/smtp-sink.c
View File

@@ -434,13 +434,13 @@ static int command_read(SINK_STATE *state)
* Got a complete command line. Parse it.
*/
ptr = vstring_str(state->buffer);
if (msg_verbose)
msg_info("%s", ptr);
if ((command = mystrtok(&ptr, " \t")) == 0) {
smtp_printf(state->stream, "500 Error: unknown command");
smtp_flush(state->stream);
return (0);
}
if (msg_verbose)
msg_info("%s", command);
for (cmdp = command_table; cmdp->name != 0; cmdp++)
if (strcasecmp(command, cmdp->name) == 0)
break;

4
postfix/src/trivial-rewrite/resolve.c
View File

@@ -410,8 +410,8 @@ static void resolve_addr(RES_CONTEXT *rp, char *addr,
rcpt_domain, VAR_VIRT_ALIAS_DOMS,
VAR_RELAY_DOMAINS);
if (strcasecmp(rcpt_domain, var_myorigin) == 0)
msg_warn("do not list $%s in %s",
VAR_MYORIGIN, VAR_VIRT_ALIAS_DOMS);
msg_warn("do not list $%s (%s) in %s",
VAR_MYORIGIN, var_myorigin, VAR_VIRT_ALIAS_DOMS);
}
vstring_strcpy(channel, MAIL_SERVICE_ERROR);
vstring_sprintf(nexthop, "User unknown%s",