mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-30 21:55:20 +00:00
Code Issues Releases Wiki Activity

postfix-2.5-20070613

Browse Source
This commit is contained in:
Wietse Venema
2007-06-13 00:00:00 -05:00
committed by Viktor Dukhovni
parent 476834efdd
commit c176ce0090
21 changed files with 427 additions and 350 deletions
Download Patch File Download Diff File Expand all files Collapse all files

277
postfix/HISTORY
View File

@@ -13588,273 +13588,16 @@ Apologies for any names omitted.
20070425 broke on non-IPv6 systems. Files: smtpd/smtpd_peer.c,
qmqpd/qmqpd_peer.c.
Wish list:
20070610
Update attr_print/scan() so they can send/receive file
descriptors. This simplifies kludgy code in many daemons.
Isolation: don't allow the pipe(8) delivery agent to leak
postdrop group privileges with "user=xxx:postdrop". File:
pipe/pipe.c.
Make adding date/from/etc. conditional. Perhaps on header
rewrite context? Do we need a more powerful concept than
local_header_rewrite_clients/remote_header_rewrite_domain?
20070613
Would there be a problem adding $smtpd_mumble_restrictions
and $smtpd_sender_login_maps to the default proxy_read_maps
settings?
Remove defer(8) and trace(8) references and man pages. These
are services not program names.
Bind all deliveries to the same local delivery process,
making Postfix perform as poorly as monolithic mailers, but
giving a possibility to eliminate duplicate deliveries.
Maybe declare loop when resolve_local(mxhost) is true?
Update message content length when adding/removing headers.
Need scache size limit.
Update BACKSCATTER_README to use PCRE because that's what I
am using now.
Make postcat header/body aware so people can grep headers.
Make postmap header/body aware so people can test multi-line
header checks.
REDIRECT should override original recipient info, and
probably override DSN as well.
Find out if with Sendmail, a Milter "add recipient" request
results in NOTIFY=NONE as Postfix does now.
Update FILTER_README with mailing list suggestions to tag
with a badness indicator and then filter down-stream.
Either document or remove the internal_mail_filter_classes
feature (it's disabled by default).
Build a command-line test driver for the cleanup engine.
This allows us to test it with arbitrary record sequences
without having to use a live mail queue.
Make null local-part handling configurable: either expand
into mailer-daemon (current bahavior) or disallow (strict
behavior, currently implemented only in the SMTP server).
The type of var_message_limit should be changed from int
to long or better, to take advantage of LP64 architectures.
This also requires checking all expressions in which
var_message_limit appears.
Add M flag (enable multi-recipient delivery) to pipe daemon.
The usage of TLScontext->cache_type is unclear. It specifies
a TLS session cache type (smtpd, smtp, or lmtp), but it is
sometimes used as an indicator that TLS session caching is
unavailable. In reality, that decision is made by not
registering call-back functions for cache maintenance.
Postfix TLS library code should copy any strings that it
receives from the application, instead of passing them
around as pointers. TLScontext->cache_type is a case in
point.
Are transport:nexthop null fields the same as in the case
of default_transport etc. parameters?
Don't lose bits when converting st_dev into maildir file
name. It's 64 bits on Linux. Found with the BEAM source
code analyzer. Is this really a problem, or are they just
using 64 bits for upwards compatibility with LP64 systems?
Do or don't introduce unknown_reverse_client_reject_code.
Check that "UINT32 == unsigned int" choice is ok (i.e. LP64
UNIX).
Tempfail when a Milter application wants content access,
while it is configured in an SMTP server that runs before
the smtpd_proxy filter.
Log DSN original recipient when rejecting mail.
Keep whitespace between label and ":"?
Make the map case folding/locking options configurable, if
not at run-time then at least at compile time so we get
consistent behavior across applications.
Investigate what it would take to eliminate oqmgr, and to
make the old behavior configurable in a unified queue
manager. This would shave another 2.7 KLOC from the source
footprint.
Document the case folding strategy for match_list like
features.
Eliminate the (incoming,deferred)->active rename operation.
Softbounce fallback-to-ISP for SOHO users. This requires
playing with the soft_error test in the smtp_trouble.c
module, and avoiding delivery to backup MX hosts.
In the SMTP server, set a "pipelining detected" flag at the
start of a session and at protocol synchronization points,
so that reject_unauth_pipelining can be specified in any
access rule.
Centralize main.cf parameter input so that defaults work
consistently. What about parameter names that are prefixed
with mail delivery transport names?
Fix default time unit handling so that we can have a default
bounce lifetime of $maximal_queue_lifetime, without causing
panics when a non-default maximal_queue_lifetime setting
includes no time unit.
After the 20051222 ISASCII paranoia, lowercase() lowercases
ASCII text only.
Privacy: remove local command/pathname details from remote
delivery status reports, and log them via local msg_warn().
Is it safe to cache a connection after it has been used for
more than some number of address verification probes?
Try to recognize that Resent- headers appear in blocks,
newest block first. But don't break on incorrect header
block organization.
Hard limits on cache sizes (anvil, specifically).
Laptop friendliness: make the qmgr remember when the next
deferred queue scan needs to be done, and have the pickup
server stat() the maildrop directory before searching it.
Low: replace_sender/replace_recipient actions in access
maps?
Low: configurable order of local(8) delivery methods.
Med: local and remote source port and IP address for smtpd
policy hook.
Med: smtp_connect_timeout_budget (default: 3x smtp_connect_timeout)
to limit the total time spent trying to connect.
Med: transform IPv4-in-IPv6 address literals to IPv4 form
when comparing against local IP addresses?
Med: transform IPv4-in-IPv6 address literals to IPv4 form
when eliminating MX mailer loops?
Med: Postfix requires [] around IPv6 address information
in match lists such as mynetworks, debug_peer_list etc.,
but the [] must not be specified in access(5) maps. Other
places don't care. For now, this gotcha is documented in
IPV6_README and in postconf(5) with each feature that may
use IPv6 address information. The general recommendation
is not to use [] unless absolutely necessary.
Med: the partial address matching of IPv6 addresses in
access(5) maps is a bit lame: it repeatedly truncates the
last ":octetpair" from the printable address representation
until a match is found or until truncation is no longer
possible. Since one or more ":" are usually omitted from
the printable IPv6 address representation, this does not
really try all the possibilities that one might expect to
be tried. For now, this gotcha is documented in access(5).
Med: the TLS certificate verification depth parameters never
worked.
Low: reject HELO with any domain name or IP address that
this MTA is the final destination for.
Low: should the Delivered-To: test in local(8) be configurable?
Low: make mail_addr_find() lookup configurable.
Low: update events.c so that 1-second timer requests do not
suffer from rounding errors. This is needed for 1-second
SMTP session caching time limits. A 1-second interval would
become arbitrarily short when an event is scheduled just
before the current second rolls over.
Low: configurable internal/system locking method.
Low: add INSTALL section for pre-existing Postfix systems.
Low: add INSTALL section for pre-existing RPM Postfixes.
Low: disallow smtpd_recipient_limit < 100 (the RFC minimum).
Low: noise filter: allow smtp(8) to retry immediately if
all MXes return a quick ECONNRESET or 4xx reply during the
initial handshake. Retry once? How many times?
Low: make post-install a "postfix-only script" so it can
take data from the environment instead of main.cf.
Low: randomize deferred mail backoff.
Med: separate ulimit for delivery to command?
Med: option to open queue file early, after MAIL FROM. This
would allow correlation of rejected RCPT TO requests with
accepted requests for the same mail transaction.
Med: postsuper -r should do something with recipients in
bounce logfiles, to make sure the sender will be notified.
To be perfectly safe, no process other than the queue manager
should move a queue file away from the active queue.
This could involve tagging a queue file, and use up another
permission bit (postsuper tags a "hot" file, qmgr requeues it).
Low: postsuper re-run after renaming files, but only a
limited number of times.
Low: smtp-source may block when sending large test messages.
Med: find a way to log the sender address when MAIL FROM
is rejected due to lack of disk space.
Low: revise other local delivery agent duplicate filters.
Low: all table lookups should consistently use internalized
(unquoted) or externalized (quoted) forms as lookup keys.
smtpd, qmgr, local, etc. use unquoted address forms as keys.
cleanup uses quoted forms.
Low: have a configurable list of errno values for mailbox
or maildir delivery that result in deferral rather than
bouncing mail. What about "killed by signal" exits?
Low: after reorganizing configuration parameters, add flags
to all parameters whose value can be read from file.
Medium: need in-process caching for map lookups. LDAP servers
seem to need this in particular. Need a way to expire cached
results that are too old.
Low: generic showq protocol, to allow for more intelligent
processing than just mailq. Maybe marry this with postsuper.
Low: default domain for appending to unqualified recipients,
so that unqualified names can be delivered locally.
Low: The $process_id_directory setting is not used anywhere
in Postfix. Problem reported by Michael Smith, texas.net.
This should be documented, or better, the code should warn
about attempts to set read-only parameters.
Low: postconf -e edits parameters that postconf won't list.
Low: while converting 8bit text to quoted-printable, perhaps
use =46rom to avoid having to produce >From when delivering
to mailbox.
virtual_mailbox_path expression like forward_path, so that
people can specify prefix and suffix.
Bugfix: the Milter client assumed that body edit requests
would never come before header/envelope edit requests.
Problem was triggered by Jose-Marcio Martins da Cruz. Also
streamlined the handling of queue file update errors. File:
milter/milter8.c.

2
postfix/README_FILES/OVERVIEW
View File

@@ -120,7 +120,7 @@ unnumbered names inside shaded areas represent Postfix queues.
is described in the QSHAPE_README and TUNING_README documents.
* The trivial-rewrite(8) server resolves each recipient address according to
its local and remote address class, as defined in the ADDRESS_CLASS_README
its local or remote address class, as defined in the ADDRESS_CLASS_README
document. Additional routing information can be specified with the optional
transport(5) table. The trivial-rewrite(8) server optionally queries the
relocated(5) table for recipients whose address has changed; mail for such

8
postfix/RELEASE_NOTES
View File

@@ -17,7 +17,13 @@ Incompatibility with Postfix 2.3 and earlier
If you upgrade from Postfix 2.3 or earlier, read RELEASE_NOTES-2.4
before proceeding.
Incompatibility with Postfix snapshot 2007XXXX
Incompatibility with Postfix snapshot 20070613
==============================================
The pipe(8) delivery agent no longer allows delivery with the same
group ID as the main.cf postdrop group.
Incompatibility with Postfix snapshot 20070514
==============================================
The default sender address for address verification probes was

283
postfix/WISHLIST Normal file
View File

@@ -0,0 +1,283 @@
Wish list:
Really need a cleanup driver that allows testing against
Milter applications instead of synthetic events. This would
have to provide stubs for clients that talk to Postfix
daemon processes. See if this approach can also be used for
other daemons.
smtpd(8) exempts $address_verify_sender from access controls,
but it doesn't know whether cleanup(8) or delivery agents
modify the sender. Would it be possible to "calibrate" this
exemption, perhaps by having delivery agents pass the probe
sender to the verify server, keeping in mind that the probe
sender may differ per delivery agent due to output rewriting.
Update attr_print/scan() so they can send/receive file
descriptors. This simplifies kludgy code in many daemons.
Make adding date/from/etc. conditional. Perhaps on header
rewrite context? Do we need a more powerful concept than
local_header_rewrite_clients/remote_header_rewrite_domain?
Would there be a problem adding $smtpd_mumble_restrictions
and $smtpd_sender_login_maps to the default proxy_read_maps
settings?
Remove defer(8) and trace(8) references and man pages. These
are services not program names.
Bind all deliveries to the same local delivery process,
making Postfix perform as poorly as monolithic mailers, but
giving a possibility to eliminate duplicate deliveries.
Maybe declare loop when resolve_local(mxhost) is true?
Update message content length when adding/removing headers.
Need scache size limit.
Update BACKSCATTER_README to use PCRE because that's what I
am using now.
Make postcat header/body aware so people can grep headers.
Make postmap header/body aware so people can test multi-line
header checks.
REDIRECT should override original recipient info, and
probably override DSN as well.
Find out if with Sendmail, a Milter "add recipient" request
results in NOTIFY=NONE as Postfix does now.
Update FILTER_README with mailing list suggestions to tag
with a badness indicator and then filter down-stream.
Either document or remove the internal_mail_filter_classes
feature (it's disabled by default).
Build a command-line test driver for the cleanup engine.
This allows us to test it with arbitrary record sequences
without having to use a live mail queue.
Make null local-part handling configurable: either expand
into mailer-daemon (current bahavior) or disallow (strict
behavior, currently implemented only in the SMTP server).
The type of var_message_limit should be changed from int
to long or better, to take advantage of LP64 architectures.
This also requires checking all expressions in which
var_message_limit appears.
Add M flag (enable multi-recipient delivery) to pipe daemon.
The usage of TLScontext->cache_type is unclear. It specifies
a TLS session cache type (smtpd, smtp, or lmtp), but it is
sometimes used as an indicator that TLS session caching is
unavailable. In reality, that decision is made by not
registering call-back functions for cache maintenance.
Postfix TLS library code should copy any strings that it
receives from the application, instead of passing them
around as pointers. TLScontext->cache_type is a case in
point.
Are transport:nexthop null fields the same as in the case
of default_transport etc. parameters?
Don't lose bits when converting st_dev into maildir file
name. It's 64 bits on Linux. Found with the BEAM source
code analyzer. Is this really a problem, or are they just
using 64 bits for upwards compatibility with LP64 systems?
Do or don't introduce unknown_reverse_client_reject_code.
Check that "UINT32 == unsigned int" choice is ok (i.e. LP64
UNIX).
Tempfail when a Milter application wants content access,
while it is configured in an SMTP server that runs before
the smtpd_proxy filter.
Log DSN original recipient when rejecting mail.
Keep whitespace between label and ":"?
Make the map case folding/locking options configurable, if
not at run-time then at least at compile time so we get
consistent behavior across applications.
Investigate what it would take to eliminate oqmgr, and to
make the old behavior configurable in a unified queue
manager. This would shave another 2.7 KLOC from the source
footprint.
Document the case folding strategy for match_list like
features.
Eliminate the (incoming,deferred)->active rename operation.
Softbounce fallback-to-ISP for SOHO users. This requires
playing with the soft_error test in the smtp_trouble.c
module, and avoiding delivery to backup MX hosts.
In the SMTP server, set a "pipelining detected" flag at the
start of a session and at protocol synchronization points,
so that reject_unauth_pipelining can be specified in any
access rule.
Centralize main.cf parameter input so that defaults work
consistently. What about parameter names that are prefixed
with mail delivery transport names?
Fix default time unit handling so that we can have a default
bounce lifetime of $maximal_queue_lifetime, without causing
panics when a non-default maximal_queue_lifetime setting
includes no time unit.
After the 20051222 ISASCII paranoia, lowercase() lowercases
ASCII text only.
Privacy: remove local command/pathname details from remote
delivery status reports, and log them via local msg_warn().
Is it safe to cache a connection after it has been used for
more than some number of address verification probes?
Try to recognize that Resent- headers appear in blocks,
newest block first. But don't break on incorrect header
block organization.
Hard limits on cache sizes (anvil, specifically).
Laptop friendliness: make the qmgr remember when the next
deferred queue scan needs to be done, and have the pickup
server stat() the maildrop directory before searching it.
Low: replace_sender/replace_recipient actions in access
maps?
Low: configurable order of local(8) delivery methods.
Med: local and remote source port and IP address for smtpd
policy hook.
Med: smtp_connect_timeout_budget (default: 3x smtp_connect_timeout)
to limit the total time spent trying to connect.
Med: transform IPv4-in-IPv6 address literals to IPv4 form
when comparing against local IP addresses?
Med: transform IPv4-in-IPv6 address literals to IPv4 form
when eliminating MX mailer loops?
Med: Postfix requires [] around IPv6 address information
in match lists such as mynetworks, debug_peer_list etc.,
but the [] must not be specified in access(5) maps. Other
places don't care. For now, this gotcha is documented in
IPV6_README and in postconf(5) with each feature that may
use IPv6 address information. The general recommendation
is not to use [] unless absolutely necessary.
Med: the partial address matching of IPv6 addresses in
access(5) maps is a bit lame: it repeatedly truncates the
last ":octetpair" from the printable address representation
until a match is found or until truncation is no longer
possible. Since one or more ":" are usually omitted from
the printable IPv6 address representation, this does not
really try all the possibilities that one might expect to
be tried. For now, this gotcha is documented in access(5).
Med: the TLS certificate verification depth parameters never
worked.
Low: reject HELO with any domain name or IP address that
this MTA is the final destination for.
Low: should the Delivered-To: test in local(8) be configurable?
Low: make mail_addr_find() lookup configurable.
Low: update events.c so that 1-second timer requests do not
suffer from rounding errors. This is needed for 1-second
SMTP session caching time limits. A 1-second interval would
become arbitrarily short when an event is scheduled just
before the current second rolls over.
Low: configurable internal/system locking method.
Low: add INSTALL section for pre-existing Postfix systems.
Low: add INSTALL section for pre-existing RPM Postfixes.
Low: disallow smtpd_recipient_limit < 100 (the RFC minimum).
Low: noise filter: allow smtp(8) to retry immediately if
all MXes return a quick ECONNRESET or 4xx reply during the
initial handshake. Retry once? How many times?
Low: make post-install a "postfix-only script" so it can
take data from the environment instead of main.cf.
Low: randomize deferred mail backoff.
Med: separate ulimit for delivery to command?
Med: option to open queue file early, after MAIL FROM. This
would allow correlation of rejected RCPT TO requests with
accepted requests for the same mail transaction.
Med: postsuper -r should do something with recipients in
bounce logfiles, to make sure the sender will be notified.
To be perfectly safe, no process other than the queue manager
should move a queue file away from the active queue.
This could involve tagging a queue file, and use up another
permission bit (postsuper tags a "hot" file, qmgr requeues it).
Low: postsuper re-run after renaming files, but only a
limited number of times.
Low: smtp-source may block when sending large test messages.
Med: find a way to log the sender address when MAIL FROM
is rejected due to lack of disk space.
Low: revise other local delivery agent duplicate filters.
Low: all table lookups should consistently use internalized
(unquoted) or externalized (quoted) forms as lookup keys.
smtpd, qmgr, local, etc. use unquoted address forms as keys.
cleanup uses quoted forms.
Low: have a configurable list of errno values for mailbox
or maildir delivery that result in deferral rather than
bouncing mail. What about "killed by signal" exits?
Low: after reorganizing configuration parameters, add flags
to all parameters whose value can be read from file.
Medium: need in-process caching for map lookups. LDAP servers
seem to need this in particular. Need a way to expire cached
results that are too old.
Low: generic showq protocol, to allow for more intelligent
processing than just mailq. Maybe marry this with postsuper.
Low: default domain for appending to unqualified recipients,
so that unqualified names can be delivered locally.
Low: The $process_id_directory setting is not used anywhere
in Postfix. Problem reported by Michael Smith, texas.net.
This should be documented, or better, the code should warn
about attempts to set read-only parameters.
Low: postconf -e edits parameters that postconf won't list.
Low: while converting 8bit text to quoted-printable, perhaps
use =46rom to avoid having to produce >From when delivering
to mailbox.
virtual_mailbox_path expression like forward_path, so that
people can specify prefix and suffix.

1
postfix/conf/transport
View File

@@ -267,6 +267,7 @@
#
# SEE ALSO
# trivial-rewrite(8), rewrite and resolve addresses
# master(5), master.cf file format
# postconf(5), configuration parameters
# postmap(1), Postfix lookup table manager
#

2
postfix/html/OVERVIEW.html
View File

@@ -340,7 +340,7 @@ delayed mail delivery attempts is described in the <a href="QSHAPE_README.html">
and <a href="TUNING_README.html">TUNING_README</a> documents. </p>
<li> <p> The <a href="trivial-rewrite.8.html">trivial-rewrite(8)</a> server resolves each recipient
address according to its local and remote address class, as defined
address according to its local or remote address class, as defined
in the <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> document. Additional routing information
can be specified with the optional <a href="transport.5.html">transport(5)</a> table. The
<a href="trivial-rewrite.8.html">trivial-rewrite(8)</a> server optionally queries the <a href="relocated.5.html">relocated(5)</a> table

61
postfix/html/error.8.html
View File

@@ -18,21 +18,22 @@ ERROR(8) ERROR(8)
queue file, a sender address, the reason for non-delivery
(specified as the next-hop destination), and recipient
information. The reason may be prefixed with an <a href="http://www.faqs.org/rfcs/rfc3463.html">RFC</a>
<a href="http://www.faqs.org/rfcs/rfc3463.html">3463</a>-compatible detail code. This program expects to be
run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
<a href="http://www.faqs.org/rfcs/rfc3463.html">3463</a>-compatible detail code; if none is specified a
default 4.0.0 or 5.0.0 code is used instead. This program
expects to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
Depending on the service name in <a href="master.5.html">master.cf</a>, <b>error</b> or
<b>retry</b>, the server bounces or defers all recipients in the
delivery request using the "next-hop" information as the
reason for non-delivery. The <b>retry</b> service name is sup-
Depending on the service name in <a href="master.5.html">master.cf</a>, <b>error</b> or
<b>retry</b>, the server bounces or defers all recipients in the
delivery request using the "next-hop" information as the
reason for non-delivery. The <b>retry</b> service name is sup-
ported as of Postfix 2.4.
Delivery status reports are sent to the <a href="bounce.8.html"><b>bounce</b>(8)</a>,
Delivery status reports are sent to the <a href="bounce.8.html"><b>bounce</b>(8)</a>,
<a href="defer.8.html"><b>defer</b>(8)</a> or <a href="trace.8.html"><b>trace</b>(8)</a> daemon as appropriate.
<b>SECURITY</b>
The <a href="error.8.html"><b>error</b>(8)</a> mailer is not security-sensitive. It does not
talk to the network, and can be run chrooted at fixed low
talk to the network, and can be run chrooted at fixed low
privilege.
<b>STANDARDS</b>
@@ -41,39 +42,39 @@ ERROR(8) ERROR(8)
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8).
Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter,
the postmaster is notified of bounces and of other trou-
Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter,
the postmaster is notified of bounces and of other trou-
ble.
<b>CONFIGURATION PARAMETERS</b>
Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically as <a href="error.8.html"><b>error</b>(8)</a>
processes run for only a limited amount of time. Use the
processes run for only a limited amount of time. Use the
command "<b>postfix reload</b>" to speed up a change.
The text below provides only a parameter summary. See
The text below provides only a parameter summary. See
<a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
<b><a href="postconf.5.html#2bounce_notice_recipient">2bounce_notice_recipient</a> (postmaster)</b>
The recipient of undeliverable mail that cannot be
The recipient of undeliverable mail that cannot be
returned to the sender.
<b><a href="postconf.5.html#bounce_notice_recipient">bounce_notice_recipient</a> (postmaster)</b>
The recipient of postmaster notifications with the
The recipient of postmaster notifications with the
message headers of mail that Postfix did not
deliver and of SMTP conversation transcripts of
deliver and of SMTP conversation transcripts of
mail that Postfix did not receive.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
<a href="master.5.html">master.cf</a> configuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
How much time a Postfix daemon process may take to
handle a request before it is terminated by a
How much time a Postfix daemon process may take to
handle a request before it is terminated by a
built-in watchdog timer.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
The maximal number of digits after the decimal
The maximal number of digits after the decimal
point when logging sub-second delay values.
<b><a href="postconf.5.html#double_bounce_sender">double_bounce_sender</a> (double-bounce)</b>
@@ -85,37 +86,37 @@ ERROR(8) ERROR(8)
over an internal communication channel.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
The maximum amount of time that an idle Postfix
daemon process waits for an incoming connection
The maximum amount of time that an idle Postfix
daemon process waits for an incoming connection
before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
The maximal number of incoming connections that a
Postfix daemon process will service before termi-
The maximal number of incoming connections that a
Postfix daemon process will service before termi-
nating voluntarily.
<b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
The list of error classes that are reported to the
The list of error classes that are reported to the
postmaster.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
The process ID of a Postfix command or daemon
The process ID of a Postfix command or daemon
process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
The process name of a Postfix command or daemon
The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
The location of the Postfix top-level queue direc-
The location of the Postfix top-level queue direc-
tory.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
<b>SEE ALSO</b>
@@ -128,7 +129,7 @@ ERROR(8) ERROR(8)
syslogd(8), system logging
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>

3
postfix/html/postconf.5.html
View File

@@ -43,7 +43,8 @@ that starts with whitespace continues a logical line. </p>
<ul>
<li> <p> The expressions "$name", "${name}" or "$(name)" are
recursively replaced by the value of the named parameter. </p>
recursively replaced by the value of the named parameter.
Specify "$$" to produce a single "$" character. </p>
<li> <p> The expression "${name?value}" expands to "value" when
"$name" is non-empty. This form is supported with Postfix version

1
postfix/html/transport.5.html
View File

@@ -273,6 +273,7 @@ TRANSPORT(5) TRANSPORT(5)
<b>SEE ALSO</b>
<a href="trivial-rewrite.8.html">trivial-rewrite(8)</a>, rewrite and resolve addresses
<a href="master.5.html">master(5)</a>, <a href="master.5.html">master.cf</a> file format
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="postmap.1.html">postmap(1)</a>, Postfix lookup table manager

1
postfix/man/man5/postconf.5
View File

@@ -34,6 +34,7 @@ A parameter value may refer to other parameters.
.IP \(bu
The expressions "$name", "${name}" or "$(name)" are
recursively replaced by the value of the named parameter.
Specify "$$" to produce a single "$" character.
.IP \(bu
The expression "${name?value}" expands to "value" when
"$name" is non-empty. This form is supported with Postfix

1
postfix/man/man5/transport.5
View File

@@ -282,6 +282,7 @@ List of transport lookup tables.
.na
.nf
trivial-rewrite(8), rewrite and resolve addresses
master(5), master.cf file format
postconf(5), configuration parameters
postmap(1), Postfix lookup table manager
.SH "README FILES"

3
postfix/man/man8/error.8
View File

@@ -17,7 +17,8 @@ requests from
the queue manager. Each request specifies a queue file, a sender
address, the reason for non-delivery (specified as the
next-hop destination), and recipient information.
The reason may be prefixed with an RFC 3463-compatible detail code.
The reason may be prefixed with an RFC 3463-compatible detail code;
if none is specified a default 4.0.0 or 5.0.0 code is used instead.
This program expects to be run from the \fBmaster\fR(8) process
manager.

2
postfix/proto/OVERVIEW.html
View File

@@ -340,7 +340,7 @@ delayed mail delivery attempts is described in the QSHAPE_README
and TUNING_README documents. </p>
<li> <p> The trivial-rewrite(8) server resolves each recipient
address according to its local and remote address class, as defined
address according to its local or remote address class, as defined
in the ADDRESS_CLASS_README document. Additional routing information
can be specified with the optional transport(5) table. The
trivial-rewrite(8) server optionally queries the relocated(5) table

3
postfix/proto/postconf.html.prolog
View File

@@ -43,7 +43,8 @@ that starts with whitespace continues a logical line. </p>
<ul>
<li> <p> The expressions "$name", "${name}" or "$(name)" are
recursively replaced by the value of the named parameter. </p>
recursively replaced by the value of the named parameter.
Specify "$$" to produce a single "$" character. </p>
<li> <p> The expression "${name?value}" expands to "value" when
"$name" is non-empty. This form is supported with Postfix version

1
postfix/proto/postconf.man.prolog
View File

@@ -34,6 +34,7 @@ A parameter value may refer to other parameters.
.IP \(bu
The expressions "$name", "${name}" or "$(name)" are
recursively replaced by the value of the named parameter.
Specify "$$" to produce a single "$" character.
.IP \(bu
The expression "${name?value}" expands to "value" when
"$name" is non-empty. This form is supported with Postfix

1
postfix/proto/transport
View File

@@ -258,6 +258,7 @@
# List of transport lookup tables.
# SEE ALSO
# trivial-rewrite(8), rewrite and resolve addresses
# master(5), master.cf file format
# postconf(5), configuration parameters
# postmap(1), Postfix lookup table manager
# README FILES

3
postfix/src/error/error.c
View File

@@ -11,7 +11,8 @@
/* the queue manager. Each request specifies a queue file, a sender
/* address, the reason for non-delivery (specified as the
/* next-hop destination), and recipient information.
/* The reason may be prefixed with an RFC 3463-compatible detail code.
/* The reason may be prefixed with an RFC 3463-compatible detail code;
/* if none is specified a default 4.0.0 or 5.0.0 code is used instead.
/* This program expects to be run from the \fBmaster\fR(8) process
/* manager.
/*

2
postfix/src/global/mail_version.h
View File

@@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
#define MAIL_RELEASE_DATE "20070531"
#define MAIL_RELEASE_DATE "20070613"
#define MAIL_VERSION_NUMBER "2.5"
#ifdef SNAPSHOT

103
postfix/src/milter/milter8.c
View File

@@ -475,6 +475,26 @@ static int milter8_comm_error(MILTER8 *milter)
return (milter->state = MILTER8_STAT_ERROR);
}
/* milter8_edit_error - local message/envelope edit error */
static void milter8_edit_error(MILTER8 *milter, const char *reply)
{
/*
* Close the socket so that we don't receive later Milter replies while
* we're handling the next email message. Set the Milter handle state to
* ERROR, i.e. don't report further MTA events via this handle. We don't
* want surprises when this code gets reused for a protocol that allows
* envelope or header updates before the end-of-body MTA event.
*/
if (milter->fp != 0) {
(void) vstream_fclose(milter->fp);
milter->fp = 0;
}
milter8_def_reply(milter, reply);
milter->state = MILTER8_STAT_ERROR;
}
/* milter8_close_stream - close stream to milter application */
static void milter8_close_stream(MILTER8 *milter)
@@ -1002,6 +1022,27 @@ static const char *milter8_event(MILTER8 *milter, int event,
msg_info("reply: %s data %ld bytes",
(smfir_name = str_name_code(smfir_table, cmd)) != 0 ?
smfir_name : "unknown", (long) data_size);
/*
* Handle unfinished message body replacement first.
*/
if (body_line_buf != 0 && cmd != SMFIR_REPLBODY) {
/* In case the last body replacement line didn't end in CRLF. */
if (LEN(body_line_buf) > 0)
edit_resp = parent->repl_body(parent->chg_context,
MILTER_BODY_LINE,
body_line_buf);
if (edit_resp == 0)
edit_resp = parent->repl_body(parent->chg_context,
MILTER_BODY_END,
(VSTRING *) 0);
if (edit_resp) {
milter8_edit_error(milter, edit_resp);
MILTER8_EVENT_BREAK(milter->def_reply);
}
vstring_free(body_line_buf);
body_line_buf = 0;
}
switch (cmd) {
/*
@@ -1212,8 +1253,10 @@ static const char *milter8_event(MILTER8 *milter, int event,
edit_resp = parent->del_header(parent->chg_context,
(ssize_t) index,
STR(milter->buf));
if (edit_resp)
MILTER8_EVENT_BREAK(edit_resp);
if (edit_resp) {
milter8_edit_error(milter, edit_resp);
MILTER8_EVENT_BREAK(milter->def_reply);
}
continue;
#endif
@@ -1229,8 +1272,10 @@ static const char *milter8_event(MILTER8 *milter, int event,
edit_resp = parent->add_header(parent->chg_context,
STR(milter->buf),
STR(milter->body));
if (edit_resp)
MILTER8_EVENT_BREAK(edit_resp);
if (edit_resp) {
milter8_edit_error(milter, edit_resp);
MILTER8_EVENT_BREAK(milter->def_reply);
}
continue;
/*
@@ -1257,8 +1302,10 @@ static const char *milter8_event(MILTER8 *milter, int event,
(ssize_t) index + 1,
STR(milter->buf),
STR(milter->body));
if (edit_resp)
MILTER8_EVENT_BREAK(edit_resp);
if (edit_resp) {
milter8_edit_error(milter, edit_resp);
MILTER8_EVENT_BREAK(milter->def_reply);
}
continue;
#endif
@@ -1272,8 +1319,10 @@ static const char *milter8_event(MILTER8 *milter, int event,
MILTER8_EVENT_BREAK(milter->def_reply);
edit_resp = parent->add_rcpt(parent->chg_context,
STR(milter->buf));
if (edit_resp)
MILTER8_EVENT_BREAK(edit_resp);
if (edit_resp) {
milter8_edit_error(milter, edit_resp);
MILTER8_EVENT_BREAK(milter->def_reply);
}
continue;
/*
@@ -1286,8 +1335,10 @@ static const char *milter8_event(MILTER8 *milter, int event,
MILTER8_EVENT_BREAK(milter->def_reply);
edit_resp = parent->del_rcpt(parent->chg_context,
STR(milter->buf));
if (edit_resp)
MILTER8_EVENT_BREAK(edit_resp);
if (edit_resp) {
milter8_edit_error(milter, edit_resp);
MILTER8_EVENT_BREAK(milter->def_reply);
}
continue;
/*
@@ -1323,6 +1374,10 @@ static const char *milter8_event(MILTER8 *milter, int event,
VSTRING_ADDCH(body_line_buf, ch);
}
}
if (edit_resp) {
milter8_edit_error(milter, edit_resp);
MILTER8_EVENT_BREAK(milter->def_reply);
}
continue;
}
}
@@ -1348,35 +1403,11 @@ static const char *milter8_event(MILTER8 *milter, int event,
}
/*
* Finish message body replacement.
* Clean up after aborted message body replacement.
*/
if (body_line_buf != 0) {
if (edit_resp == 0) {
/* In case the last body replacement line didn't end in CRLF. */
if (LEN(body_line_buf) > 0)
edit_resp = parent->repl_body(parent->chg_context,
MILTER_BODY_LINE,
body_line_buf);
if (edit_resp == 0)
edit_resp = parent->repl_body(parent->chg_context,
MILTER_BODY_END,
(VSTRING *) 0);
}
if (body_line_buf)
vstring_free(body_line_buf);
/*
* Override a non-reject/discard result value after body replacement
* failure.
*
* XXX Some cleanup clients ask the cleanup server to bounce mail for
* them. In that case we must override a hard reject retval result
* after queue file update failure. This is not a big problem; the
* odds are small that a Milter application sends a hard reject after
* replacing the message body.
*/
if (edit_resp && (retval == 0 || strchr("DS4", retval[0]) == 0))
retval = edit_resp;
}
return (retval);
}

16
postfix/src/milter/test-milter.c
View File

@@ -243,14 +243,6 @@ static sfsistat test_body(SMFICTX *ctx, unsigned char *data, size_t data_len)
static sfsistat test_eom(SMFICTX *ctx)
{
printf("test_eom\n");
#ifdef SMFIR_INSHEADER
if (ins_hdr && smfi_insheader(ctx, ins_idx, ins_hdr, ins_val) == MI_FAILURE)
fprintf(stderr, "smfi_insheader failed");
#endif
#ifdef SMFIR_CHGHEADER
if (chg_hdr && smfi_chgheader(ctx, chg_hdr, chg_idx, chg_val) == MI_FAILURE)
fprintf(stderr, "smfi_chgheader failed");
#endif
#ifdef SMFIR_REPLBODY
if (body_file) {
char buf[BUFSIZ + 2];
@@ -278,6 +270,14 @@ static sfsistat test_eom(SMFICTX *ctx)
(void) fclose(fp);
}
}
#endif
#ifdef SMFIR_INSHEADER
if (ins_hdr && smfi_insheader(ctx, ins_idx, ins_hdr, ins_val) == MI_FAILURE)
fprintf(stderr, "smfi_insheader failed");
#endif
#ifdef SMFIR_CHGHEADER
if (chg_hdr && smfi_chgheader(ctx, chg_hdr, chg_idx, chg_val) == MI_FAILURE)
fprintf(stderr, "smfi_chgheader failed");
#endif
return (test_reply(ctx, test_eom_reply));
}

3
postfix/src/pipe/pipe.c
View File

@@ -923,6 +923,9 @@ static void get_service_attr(PIPE_ATTR *attr, char **argv)
if (attr->gid == var_owner_gid)
msg_fatal("user= command-line attribute specifies mail system owner %s group id %ld",
var_mail_owner, (long) attr->gid);
if (attr->gid == var_sgid_gid)
msg_fatal("user= command-line attribute specifies mail system %s group id %ld",
var_sgid_group, (long) attr->gid);
/*
* Give the poor tester a clue of what is going on.