mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-30 05:38:06 +00:00
Code Issues Releases Wiki Activity

postfix-2.1.2

Browse Source
This commit is contained in:
Wietse Venema 2004-06-15 00:00:00 -05:00 committed by Viktor Dukhovni
parent f77f70552b
commit c302f4a4bf
40 changed files with 183 additions and 168 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
postfix/HISTORY
View File

@ -9356,3 +9356,20 @@ Apologies for any names omitted.
Bugfix: missing "sasl enabled" guard in the SMTPD policy
client. File: smtpd/smtpd_check.c.
20040614
Bugfix: the SMTP client did not reset per-session EHLO,
SASL, and history information when opening a connection to
an alternate SMTP server. This is the result of abstraction
no longer matching function. Reported and diagnosed by
Victor Duchovni, Morgan Stanley.
Bugfix: non-portable reuse of variadic argument lists.
Fix by Victor Duchovni, Morgan Stanley. Files: global/bounce.c,
global/defer.c, global/sent.c, global/trace.c, global/verify.c.
Portability: NetBSD 2.0 has changed from statfs to statvfs.
John Heasley. File: util/sys_defs.h.
Documentation: typo fixes by IKEDA Nozomu.

4
postfix/README_FILES/SMTPD_POLICY_README
View File

@ -145,7 +145,7 @@ NOTES:
* Solaris UNIX-domain sockets do not work reliably. Use TCP sockets instead:
1 /etc/postfix/master.cf:
2 127.0.0.1:9998 unix - n n - - spawn
2 127.0.0.1:9998 inet n n n - - spawn
3 user=nobody argv=/some/where/policy-server
4
5 /etc/postfix/main.cf:
@ -235,7 +235,7 @@ On Solaris you must use inet: style sockets instead of unix: style, as detailed
in the "Policy client/server configuration" section above.
1 /etc/postfix/master.cf:
2 127.0.0.1:9998 unix - n n - - spawn
2 127.0.0.1:9998 inet n n n - - spawn
3 user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
4
5 /etc/postfix/main.cf:

14
postfix/RELEASE_NOTES
View File

@ -15,14 +15,12 @@ snapshot releases.
Major changes - critical
------------------------
If you run Postfix 1.x or earlier then you must stop Postfix before
upgrading. This is because the master-child protocols have changed,
and very little will work with the old master daemon process.
[Incompat 20021119] You can upgrade Postfix 2.0 without stopping.
After upgrading an existing Postfix 2.0 system you must use "postfix
reload". Some internal protocols have changed, but the master-child
protocols are the same as with Postfix 2.0.
If you run Postfix 2.0 or earlier then you must stop Postfix before
upgrading. The master-child protocols have changed between Postfix
1.1 and 2.0, and version 2.1 sometimes writes queue files that the
2.0 and earlier queue managers complain about. If this happens move
the files from the corrupt directory to the maildrop directory and
give them another chance.
[Incompat 20021119] The Postfix upgrade procedure will add two new
services to your master.cf file: "trace" and "verify". These servers

4
postfix/conf/header_checks
View File

@ -303,9 +303,9 @@
# exploit.
#
# /etc/postfix/main.cf:
# header_checks = regexp:/etc/postfix/header_checks
# body_checks = regexp:/etc/postfix/body_checks
#
# /etc/postfix/header_checks:
# /etc/postfix/body_checks:
# /^<iframe src=(3D)?cid:.* height=(3D)?0 width=(3D)?0>$/
# REJECT IFRAME vulnerability exploit
#

2
postfix/conf/main.cf
View File

@ -498,7 +498,7 @@ unknown_local_recipient_reject_code = 550
# JUNK MAIL CONTROLS
#
# The controls listed here are only a very small subset. The file
# SPTMD_ACCESS_README provides an overview.
# SMTPD_ACCESS_README provides an overview.
# The header_checks parameter specifies an optional table with patterns
# that each logical message header is matched against, including

4
postfix/html/SMTPD_POLICY_README.html
View File

@ -216,7 +216,7 @@ TCP sockets instead: </p>
<blockquote>
<pre>
1 /etc/postfix/master.cf:
2 127.0.0.1:9998 unix - n n - - spawn
2 127.0.0.1:9998 inet n n n - - spawn
3 user=nobody argv=/some/where/policy-server
4
5 /etc/postfix/main.cf:
@ -340,7 +340,7 @@ client/server configuration</a>" section above. </p>
<blockquote>
<pre>
1 /etc/postfix/master.cf:
2 127.0.0.1:9998 unix - n n - - spawn
2 127.0.0.1:9998 inet n n n - - spawn
3 user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
4
5 /etc/postfix/main.cf:

4
postfix/html/header_checks.5.html
View File

@ -309,9 +309,9 @@ HEADER_CHECKS(5) HEADER_CHECKS(5)
exploit.
/etc/postfix/main.cf:
<a href="postconf.5.html#header_checks">header_checks</a> = <a href="regexp_table.5.html">regexp</a>:/etc/postfix/header_checks
<a href="postconf.5.html#body_checks">body_checks</a> = <a href="regexp_table.5.html">regexp</a>:/etc/postfix/body_checks
/etc/postfix/header_checks:
/etc/postfix/body_checks:
/^&lt;iframe src=(3D)?cid:.* height=(3D)?0 width=(3D)?0&gt;$/
REJECT IFRAME vulnerability exploit

4
postfix/html/pickup.8.html
View File

@ -43,8 +43,8 @@ PICKUP(8) PICKUP(8)
unfiltered user data.
<b>CONFIGURATION PARAMETERS</b>
As the pickup daemon is a relatively long-running process,
up to an hour may pass before a <b>main.cf</b> change takes
As the <a href="pickup.8.html">pickup(8)</a> daemon is a relatively long-running pro-
cess, up to an hour may pass before a <b>main.cf</b> change takes
effect. Use the command "<b>postfix reload</b>" command to speed
up a change.

21
postfix/html/postconf.5.html
View File

@ -733,6 +733,7 @@ below it), "/file/name" or "<a href="DATABASE_README.html">type:table</a>" patt
pattern is replaced by its contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table
is matched when a table entry matches a lookup string (the lookup
result is ignored). Continue long lines by starting the next line
with whitespace. </p>
</DD>
@ -1546,7 +1547,7 @@ This feature is available in Postfix 2.0 and later.
The names of message delivery transports that should not be delivered
to unless someone issues "<b>sendmail -q</b>" or equivalent. Specify zero
or more names of mail delivery transports names that appear in the
first field of master.cf).
first field of master.cf.
</p>
<p>
@ -3852,7 +3853,7 @@ The error classes are:
<dd>Send the postmaster copies of the headers of bounced mail, and
send transcripts of SMTP sessions when Postfix rejects mail. The
notification is sent to the address specified with the
<a href="postconf.5.html#bounce_notice_recipient">bounce_notice_recipient</a> configuration parameter (default: postmaster)
<a href="postconf.5.html#bounce_notice_recipient">bounce_notice_recipient</a> configuration parameter (default: postmaster).
</dd>
<dt><b>2bounce</b></dt>
@ -4582,13 +4583,6 @@ recipient addresses with $<a href="postconf.5.html#relay_recipient_maps">relay_r
recipients. See also the <a href="ADDRESS_CLASS_README.html#relay_domain_class">relay domains</a> address class in the
<a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> file. </p>
<p> The list of domains that are by default delivered via the
$<a href="postconf.5.html#local_transport">local_transport</a> mail delivery transport. By default this is the
Postfix <a href="local.8.html">local(8)</a> delivery agent which looks up all recipients in
/etc/passwd and /etc/aliases. The SMTP server validates recipient
addresses with $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>. See also the <a href="ADDRESS_CLASS_README.html#local_domain_class">local domain</a>
address class in the <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> file. </p>
<p> NOTE: Postfix will not automatically forward mail for domains
that list this system as their primary or backup MX host. See the
<a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> restriction in the <a href="postconf.5.html">postconf(5)</a> manual page. </p>
@ -5245,7 +5239,7 @@ This feature is available in Postfix 2.1 and later.
<p>
The maximal length of message header and body lines that Postfix
will send via SMTP. Longer lines are longer are broken by inserting
will send via SMTP. Longer lines are broken by inserting
"&lt;CR&gt;&lt;LF&gt;&lt;SPACE&gt;". This minimizes the damage to
MIME formatted mail.
</p>
@ -5765,7 +5759,7 @@ restrictions.
<p>
By default, clients in trusted networks are excluded. Specify a
list of network blocks, hostnames or .domain names (the initial
initial dot causes the domain to match any name below it).
dot causes the domain to match any name below it).
</p>
<p>
@ -6407,7 +6401,7 @@ supposed to give the result to another Postfix SMTP server process.
</p>
<p> Specify host:port. The host can be specified as an IP address
or was a symbolic name; no MX lookups are done. When no host or
or as a symbolic name; no MX lookups are done. When no host or
host: are specified, the local machine is assumed. </p>
<p> This feature is available in Postfix 2.1 and later. </p>
@ -6606,8 +6600,7 @@ address. <br> The <a href="postconf.5.html#unknown_address_reject_code">unknown_
the response code for rejected requests (default: 450). The response
is always 450 in case of a temporary DNS error.</dd>
<dt><b><a name="reject_unlisted_recipient">reject_unlisted_recipient</a></b>
(Postfix 2.0 name: check_recipient_maps)</dt>
<dt><b><a name="reject_unlisted_recipient">reject_unlisted_recipient</a></b> (Postfix 2.0 name: check_recipient_maps)</dt>
<dd> Reject the request when the RCPT TO address is not listed in
the list of valid recipients for its domain class. See the

2
postfix/html/proxymap.8.html
View File

@ -44,7 +44,7 @@ PROXYMAP(8) PROXYMAP(8)
Open the table with type <i>maptype</i> and name <i>mapname</i>,
as controlled by <i>flags</i>. The reply includes the <i>map-</i>
<i>type</i> dependent flags (to distinguish a fixed string
table from regular a expression table).
table from a regular expression table).
<b>lookup</b> <i>maptype:mapname flags key</i>
Look up the data stored under the requested key.

6
postfix/html/qmgr.8.html
View File

@ -63,8 +63,8 @@ QMGR(8) QMGR(8)
<a href="defer.8.html"><b>defer</b>(8)</a> daemon.
<b>trace</b> Per-recipient status information as requested with
the Postfix "<b>sendmail -v</b>" or "<b>sendmail -bv" com-</b>
<b>mand</b>. These files are maintained by the <a href="trace.8.html"><b>trace</b>(8)</a>
the Postfix "<b>sendmail -v</b>" or "<b>sendmail -bv</b>" com-
mand. These files are maintained by the <a href="trace.8.html"><b>trace</b>(8)</a>
daemon.
The <b>qmgr</b> daemon is responsible for asking the <a href="bounce.8.html"><b>bounce</b>(8)</a>,
@ -365,7 +365,7 @@ QMGR(8) QMGR(8)
<b>SEE ALSO</b>
<a href="trivial-rewrite.8.html">trivial-rewrite(8)</a>, address routing
<a href="bounce.8.html">bounce(8)</a>, delivery status reports
<a href="postconf.5.html">postconf(5)</a> configuration parameters
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="master.8.html">master(8)</a>, process manager
syslogd(8) system logging

73
postfix/html/smtpd.8.html
View File

@ -434,6 +434,8 @@ SMTPD(8) SMTPD(8)
Postfix SMTP server starts to increment the error
counter with each junk command.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtpd_recipient_overshoot_limit">smtpd_recipient_overshoot_limit</a> (1000)</b>
The number of recipients that a remote SMTP client
can send in excess of the limit specified with
@ -447,12 +449,8 @@ SMTPD(8) SMTPD(8)
outside Postfix. See the file <a href="SMTPD_POLICY_README.html">SMTPD_POLICY_README</a> for
more information.
<b><a href="postconf.5.html#smtpd_policy_service_timeout">smtpd_policy_service_timeout</a> (100s)</b>
The time limit for connecting to, writing to or
receiving from a delegated SMTPD policy server.
<b><a href="postconf.5.html#smtpd_policy_service_max_idle">smtpd_policy_service_max_idle</a> (300s)</b>
The time after which an idle SMTPD policy service
The time after which an idle SMTPD policy service
connection is closed.
<b><a href="postconf.5.html#smtpd_policy_service_max_ttl">smtpd_policy_service_max_ttl</a> (1000s)</b>
@ -460,107 +458,108 @@ SMTPD(8) SMTPD(8)
connection is closed.
<b><a href="postconf.5.html#smtpd_policy_service_timeout">smtpd_policy_service_timeout</a> (100s)</b>
The time limit for connecting to, writing to or
The time limit for connecting to, writing to or
receiving from a delegated SMTPD policy server.
<b>ACCESS CONTROLS</b>
The <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a> document gives an introduction to
The <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a> document gives an introduction to
all the SMTP server access control features.
<b><a href="postconf.5.html#smtpd_delay_reject">smtpd_delay_reject</a> (yes)</b>
Wait until the RCPT TO command before evaluating
Wait until the RCPT TO command before evaluating
$<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>, $smtpd_helo_restric-
tions and $<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a>, or wait until
the ETRN command before evaluating
the ETRN command before evaluating
$<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> and $smtpd_helo_restric-
tions.
<b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> (see 'postconf -d' out-</b>
<b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> (see 'postconf -d' out-</b>
<b>put)</b>
What Postfix features match subdomains of
"domain.tld" automatically, instead of requiring an
explicit ".domain.tld" pattern.
<b><a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> (empty)</b>
Optional SMTP server access restrictions in the
Optional SMTP server access restrictions in the
context of a client SMTP connection request.
<b><a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> (no)</b>
Require that a remote SMTP client introduces itself
at the beginning of an SMTP session with the HELO
at the beginning of an SMTP session with the HELO
or EHLO command.
<b><a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> (empty)</b>
Optional restrictions that the Postfix SMTP server
Optional restrictions that the Postfix SMTP server
applies in the context of the SMTP HELO command.
<b><a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> (empty)</b>
Optional restrictions that the Postfix SMTP server
Optional restrictions that the Postfix SMTP server
applies in the context of the MAIL FROM command.
<b><a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> (<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>,</b>
<b><a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>)</b>
The access restrictions that the Postfix SMTP
server applies in the context of the RCPT TO com-
server applies in the context of the RCPT TO com-
mand.
<b><a href="postconf.5.html#smtpd_etrn_restrictions">smtpd_etrn_restrictions</a> (empty)</b>
Optional SMTP server access restrictions in the
Optional SMTP server access restrictions in the
context of a client ETRN request.
<b><a href="postconf.5.html#allow_untrusted_routing">allow_untrusted_routing</a> (no)</b>
Forward mail with sender-specified routing
(user[@%!]remote[@%!]site) from untrusted clients
Forward mail with sender-specified routing
(user[@%!]remote[@%!]site) from untrusted clients
to destinations matching $<a href="postconf.5.html#relay_domains">relay_domains</a>.
<b><a href="postconf.5.html#smtpd_restriction_classes">smtpd_restriction_classes</a> (empty)</b>
User-defined aliases for groups of access restric-
User-defined aliases for groups of access restric-
tions.
<b><a href="postconf.5.html#smtpd_null_access_lookup_key">smtpd_null_access_lookup_key</a> (</b>&lt;&gt;<b>)</b>
The lookup key to be used in SMTP <a href="access.5.html">access(5)</a> tables
The lookup key to be used in SMTP <a href="access.5.html">access(5)</a> tables
instead of the null sender address.
<b><a href="postconf.5.html#permit_mx_backup_networks">permit_mx_backup_networks</a> (empty)</b>
Restrict the use of the <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> SMTP
access feature to only domains whose primary MX
access feature to only domains whose primary MX
hosts match the listed networks.
Available in Postfix version 2.0 and later:
<b><a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a> (empty)</b>
Optional access restrictions that the Postfix SMTP
Optional access restrictions that the Postfix SMTP
server applies in the context of the SMTP DATA com-
mand.
<b><a href="postconf.5.html#smtpd_expansion_filter">smtpd_expansion_filter</a> (see 'postconf -d' output)</b>
What characters are allowed in $name expansions of
What characters are allowed in $name expansions of
RBL reply templates.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtpd_reject_unlisted_sender">smtpd_reject_unlisted_sender</a> (no)</b>
Request that the Postfix SMTP server rejects mail
from unknown sender addresses, even when no
explicit <a href="postconf.5.html#reject_unlisted_sender">reject_unlisted_sender</a> access restriction
Request that the Postfix SMTP server rejects mail
from unknown sender addresses, even when no
explicit <a href="postconf.5.html#reject_unlisted_sender">reject_unlisted_sender</a> access restriction
is specified.
<b><a href="postconf.5.html#smtpd_reject_unlisted_recipient">smtpd_reject_unlisted_recipient</a> (yes)</b>
Request that the Postfix SMTP server rejects mail
Request that the Postfix SMTP server rejects mail
for unknown recipient addresses, even when no
explicit <a href="postconf.5.html#reject_unlisted_recipient">reject_unlisted_recipient</a> access restric-
explicit <a href="postconf.5.html#reject_unlisted_recipient">reject_unlisted_recipient</a> access restric-
tion is specified.
<b>SENDER AND RECIPIENT ADDRESS VERIFICATION CONTROLS</b>
Postfix version 2.1 introduces sender and address verifi-
cation. This feature is implemented by sending probe
email messages that are not actually delivered. This fea-
ture is requested via the <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a> and
<a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> access restrictions. The sta-
tus of verification probes is maintained by the <a href="verify.8.html">verify(8)</a>
server. See the file <a href="ADDRESS_VERIFICATION_README.html">ADDRESS_VERIFICATION_README</a> for
information about how to configure and operate the Postfix
sender/recipient address verification service.
Postfix version 2.1 introduces sender and recipient
address verification. This feature is implemented by
sending probe email messages that are not actually deliv-
ered. This feature is requested via the <a href="postconf.5.html#reject_unverified_sender">reject_unveri</a>-
<a href="postconf.5.html#reject_unverified_sender">fied_sender</a> and <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> access
restrictions. The status of verification probes is main-
tained by the <a href="verify.8.html">verify(8)</a> server. See the file ADDRESS_VER-
<a href="IFICATION_README.html">IFICATION_README</a> for information about how to configure
and operate the Postfix sender/recipient address verifica-
tion service.
<b><a href="postconf.5.html#address_verify_poll_count">address_verify_poll_count</a> (3)</b>
How many times to query the <a href="verify.8.html">verify(8)</a> service for

2
postfix/html/spawn.8.html
View File

@ -66,7 +66,7 @@ SPAWN(8) SPAWN(8)
data-driven attacks.
<b>CONFIGURATION PARAMETERS</b>
Changes to <b>main.cf</b> are picked up automatically as <a href="smtpd.8.html">smtpd(8)</a>
Changes to <b>main.cf</b> are picked up automatically as <a href="spawn.8.html">spawn(8)</a>
processes run for only a limited amount of time. Use the
command "<b>postfix reload</b>" to speed up a change.

14
postfix/html/trivial-rewrite.8.html
View File

@ -156,13 +156,13 @@ TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8)
destination).
<b>ADDRESS VERIFICATION CONTROLS</b>
Postfix version 2.1 introduces sender and address verifi-
cation. This feature is implemented by sending probe
email messages that are not actually delivered. By
default, address verification probes use the same route as
regular mail. To override specific aspects of message
routing for address verification probes, specify one or
more of the following:
Postfix version 2.1 introduces sender and recipient
address verification. This feature is implemented by
sending probe email messages that are not actually deliv-
ered. By default, address verification probes use the
same route as regular mail. To override specific aspects
of message routing for address verification probes, spec-
ify one or more of the following:
<b><a href="postconf.5.html#address_verify_local_transport">address_verify_local_transport</a> ($<a href="postconf.5.html#local_transport">local_transport</a>)</b>
Overrides the <a href="postconf.5.html#local_transport">local_transport</a> parameter setting for

4
postfix/man/man5/header_checks.5
View File

@ -292,9 +292,9 @@ Body pattern to stop a specific HTML browser vulnerability exploit.
.nf
/etc/postfix/main.cf:
.ti +4
header_checks = regexp:/etc/postfix/header_checks
body_checks = regexp:/etc/postfix/body_checks
/etc/postfix/header_checks:
/etc/postfix/body_checks:
.ti +4
/^<iframe src=(3D)?cid:.* height=(3D)?0 width=(3D)?0>$/
.ti +8

23
postfix/man/man5/postconf.5
View File

@ -388,6 +388,7 @@ below it), "/file/name" or "type:table" patterns. A "/file/name"
pattern is replaced by its contents; a "type:table" lookup table
is matched when a table entry matches a lookup string (the lookup
result is ignored). Continue long lines by starting the next line
with whitespace.
.SH backwards_bounce_logfile_compatibility (default: yes)
Produce additional bounce(8) logfile records that can be read by
older Postfix versions. The current and more extensible "name =
@ -796,7 +797,7 @@ This feature is available in Postfix 2.0 and later.
The names of message delivery transports that should not be delivered
to unless someone issues "\fBsendmail -q\fR" or equivalent. Specify zero
or more names of mail delivery transports names that appear in the
first field of master.cf).
first field of master.cf.
.PP
Example:
.PP
@ -1969,7 +1970,7 @@ The error classes are:
Send the postmaster copies of the headers of bounced mail, and
send transcripts of SMTP sessions when Postfix rejects mail. The
notification is sent to the address specified with the
bounce_notice_recipient configuration parameter (default: postmaster)
bounce_notice_recipient configuration parameter (default: postmaster).
.IP "\fB2bounce\fR"
Send undeliverable bounced mail to the postmaster. The notification
is sent to the address specified with the 2bounce_notice_recipient
@ -2365,13 +2366,6 @@ recipient addresses with $relay_recipient_maps and rejects non-existent
recipients. See also the relay domains address class in the
ADDRESS_CLASS_README file.
.PP
The list of domains that are by default delivered via the
$local_transport mail delivery transport. By default this is the
Postfix local(8) delivery agent which looks up all recipients in
/etc/passwd and /etc/aliases. The SMTP server validates recipient
addresses with $local_recipient_maps. See also the local domain
address class in the ADDRESS_CLASS_README file.
.PP
NOTE: Postfix will not automatically forward mail for domains
that list this system as their primary or backup MX host. See the
permit_mx_backup restriction in the postconf(5) manual page.
@ -2721,7 +2715,7 @@ Use the native service for hosts not found in the DNS.
This feature is available in Postfix 2.1 and later.
.SH smtp_line_length_limit (default: 990)
The maximal length of message header and body lines that Postfix
will send via SMTP. Longer lines are longer are broken by inserting
will send via SMTP. Longer lines are broken by inserting
"<CR><LF><SPACE>". This minimizes the damage to
MIME formatted mail.
.PP
@ -2988,7 +2982,7 @@ restrictions.
.PP
By default, clients in trusted networks are excluded. Specify a
list of network blocks, hostnames or .domain names (the initial
initial dot causes the domain to match any name below it).
dot causes the domain to match any name below it).
.PP
This feature is not part of the stable Postfix 2.1 release.
.SH smtpd_client_connection_rate_limit (default: 0)
@ -3370,7 +3364,7 @@ The proxy receives all mail from the Postfix SMTP server, and is
supposed to give the result to another Postfix SMTP server process.
.PP
Specify host:port. The host can be specified as an IP address
or was a symbolic name; no MX lookups are done. When no host or
or as a symbolic name; no MX lookups are done. When no host or
host: are specified, the local machine is assumed.
.PP
This feature is available in Postfix 2.1 and later.
@ -3507,9 +3501,8 @@ address.
The unknown_address_reject_code parameter specifies
the response code for rejected requests (default: 450). The response
is always 450 in case of a temporary DNS error.
.IP "\fBreject_unlisted_recipient\fR
(Postfix 2.0 name: check_recipient_maps)"
Reject the request when the RCPT TO address is not listed in
.IP "\fBreject_unlisted_recipient\fR (Postfix 2.0 name: check_recipient_maps)"
Reject the request when the RCPT TO address is not listed in
the list of valid recipients for its domain class. See the
smtpd_reject_unlisted_recipient parameter description for details.
This feature is available in Postfix 2.1 and later.

2
postfix/man/man8/pickup.8
View File

@ -51,7 +51,7 @@ descriptor instead of file data, but then the already complex
.nf
.ad
.fi
As the pickup daemon is a relatively long-running process, up
As the pickup(8) daemon is a relatively long-running process, up
to an hour may pass before a \fBmain.cf\fR change takes effect.
Use the command "\fBpostfix reload\fR" command to speed up a change.

4
postfix/man/man8/proxymap.8
View File

@ -42,8 +42,8 @@ The proxymap server implements the following requests:
.IP "\fBopen\fR \fImaptype:mapname flags\fR"
Open the table with type \fImaptype\fR and name \fImapname\fR,
as controlled by \fIflags\fR. The reply includes the \fImaptype\fR
dependent flags (to distinguish a fixed string table from regular
a expression table).
dependent flags (to distinguish a fixed string table from a regular
expression table).
.IP "\fBlookup\fR \fImaptype:mapname flags key\fR"
Look up the data stored under the requested key.
The reply is the request completion status code (below) and

4
postfix/man/man8/qmgr.8
View File

@ -60,7 +60,7 @@ Per-recipient status information about why mail is delayed.
These files are maintained by the \fBdefer\fR(8) daemon.
.IP \fBtrace\fR
Per-recipient status information as requested with the
Postfix "\fBsendmail -v\fR" or "\fBsendmail -bv" command\fR.
Postfix "\fBsendmail -v\fR" or "\fBsendmail -bv\fR" command.
These files are maintained by the \fBtrace\fR(8) daemon.
.PP
The \fBqmgr\fR daemon is responsible for asking the
@ -325,7 +325,7 @@ records, so that "smtpd" becomes, for example, "postfix/smtpd".
.nf
trivial-rewrite(8), address routing
bounce(8), delivery status reports
postconf(5) configuration parameters
postconf(5), configuration parameters
master(8), process manager
syslogd(8) system logging
.SH "README FILES"

7
postfix/man/man8/smtpd.8
View File

@ -374,6 +374,8 @@ make without delivering mail.
The number of junk commands (NOOP, VRFY, ETRN or RSET) that a remote
SMTP client can send before the Postfix SMTP server starts to
increment the error counter with each junk command.
.PP
Available in Postfix version 2.1 and later:
.IP "\fBsmtpd_recipient_overshoot_limit (1000)\fR"
The number of recipients that a remote SMTP client can send in
excess of the limit specified with $smtpd_recipient_limit, before
@ -387,9 +389,6 @@ for each excess recipient.
As of version 2.1, Postfix can be configured to delegate access
policy decisions to an external server that runs outside Postfix.
See the file SMTPD_POLICY_README for more information.
.IP "\fBsmtpd_policy_service_timeout (100s)\fR"
The time limit for connecting to, writing to or receiving from a
delegated SMTPD policy server.
.IP "\fBsmtpd_policy_service_max_idle (300s)\fR"
The time after which an idle SMTPD policy service connection is
closed.
@ -466,7 +465,7 @@ access restriction is specified.
.nf
.ad
.fi
Postfix version 2.1 introduces sender and address verification.
Postfix version 2.1 introduces sender and recipient address verification.
This feature is implemented by sending probe email messages that
are not actually delivered.
This feature is requested via the reject_unverified_sender and

2
postfix/man/man8/spawn.8
View File

@ -69,7 +69,7 @@ and thus is not vulnerable to data-driven attacks.
.nf
.ad
.fi
Changes to \fBmain.cf\fR are picked up automatically as smtpd(8)
Changes to \fBmain.cf\fR are picked up automatically as spawn(8)
processes run for only a limited amount of time. Use the command
"\fBpostfix reload\fR" to speed up a change.

2
postfix/man/man8/trivial-rewrite.8
View File

@ -144,7 +144,7 @@ Optional lookup tables with mappings from recipient address to
.nf
.ad
.fi
Postfix version 2.1 introduces sender and address verification.
Postfix version 2.1 introduces sender and recipient address verification.
This feature is implemented by sending probe email messages that
are not actually delivered.
By default, address verification probes use the same route

2
postfix/mantools/postconf2man
View File

@ -57,7 +57,7 @@ while(<>) {
#$block =~ s/<\/ul>/\n.PP\n/g;
$block =~ s/<\/dl>/\n/g;
$block =~ s/<\/ul>/\n/g;
$block =~ s/<dd>/\n/g;
$block =~ s/<dd>\s*/\n/g;
$block =~ s/<\/dd>/\n/g;
$block =~ s/<li>\s*/\n.IP \\(bu\n/g;
$block =~ s/<dt>\s*/\n.IP "/g;

4
postfix/proto/header_checks
View File

@ -272,9 +272,9 @@
# .nf
# /etc/postfix/main.cf:
# .ti +4
# header_checks = regexp:/etc/postfix/header_checks
# body_checks = regexp:/etc/postfix/body_checks
#
# /etc/postfix/header_checks:
# /etc/postfix/body_checks:
# .ti +4
# /^<iframe src=(3D)?cid:.* height=(3D)?0 width=(3D)?0>$/
# .ti +8

21
postfix/proto/postconf.proto
View File

@ -1010,7 +1010,7 @@ Do not change this unless you have a complete understanding of RFC 821.
The names of message delivery transports that should not be delivered
to unless someone issues "<b>sendmail -q</b>" or equivalent. Specify zero
or more names of mail delivery transports names that appear in the
first field of master.cf).
first field of master.cf.
</p>
<p>
@ -2406,7 +2406,7 @@ The error classes are:
<dd>Send the postmaster copies of the headers of bounced mail, and
send transcripts of SMTP sessions when Postfix rejects mail. The
notification is sent to the address specified with the
bounce_notice_recipient configuration parameter (default: postmaster)
bounce_notice_recipient configuration parameter (default: postmaster).
</dd>
<dt><b>2bounce</b></dt>
@ -2829,13 +2829,6 @@ recipient addresses with $relay_recipient_maps and rejects non-existent
recipients. See also the relay domains address class in the
ADDRESS_CLASS_README file. </p>
<p> The list of domains that are by default delivered via the
$local_transport mail delivery transport. By default this is the
Postfix local(8) delivery agent which looks up all recipients in
/etc/passwd and /etc/aliases. The SMTP server validates recipient
addresses with $local_recipient_maps. See also the local domain
address class in the ADDRESS_CLASS_README file. </p>
<p> NOTE: Postfix will not automatically forward mail for domains
that list this system as their primary or backup MX host. See the
permit_mx_backup restriction in the postconf(5) manual page. </p>
@ -3327,7 +3320,7 @@ This feature is available in Postfix 2.1 and later.
<p>
The maximal length of message header and body lines that Postfix
will send via SMTP. Longer lines are longer are broken by inserting
will send via SMTP. Longer lines are broken by inserting
"&lt;CR&gt;&lt;LF&gt;&lt;SPACE&gt;". This minimizes the damage to
MIME formatted mail.
</p>
@ -3611,6 +3604,7 @@ below it), "/file/name" or "type:table" patterns. A "/file/name"
pattern is replaced by its contents; a "type:table" lookup table
is matched when a table entry matches a lookup string (the lookup
result is ignored). Continue long lines by starting the next line
with whitespace. </p>
%PARAM smtpd_authorized_verp_clients $authorized_verp_clients
@ -3742,7 +3736,7 @@ restrictions.
<p>
By default, clients in trusted networks are excluded. Specify a
list of network blocks, hostnames or .domain names (the initial
initial dot causes the domain to match any name below it).
dot causes the domain to match any name below it).
</p>
<p>
@ -4268,7 +4262,7 @@ supposed to give the result to another Postfix SMTP server process.
</p>
<p> Specify host:port. The host can be specified as an IP address
or was a symbolic name; no MX lookups are done. When no host or
or as a symbolic name; no MX lookups are done. When no host or
host: are specified, the local machine is assumed. </p>
<p> This feature is available in Postfix 2.1 and later. </p>
@ -4444,8 +4438,7 @@ address. <br> The unknown_address_reject_code parameter specifies
the response code for rejected requests (default: 450). The response
is always 450 in case of a temporary DNS error.</dd>
<dt><b><a name="reject_unlisted_recipient">reject_unlisted_recipient</a></b>
(Postfix 2.0 name: check_recipient_maps)</dt>
<dt><b><a name="reject_unlisted_recipient">reject_unlisted_recipient</a></b> (Postfix 2.0 name: check_recipient_maps)</dt>
<dd> Reject the request when the RCPT TO address is not listed in
the list of valid recipients for its domain class. See the

18
postfix/src/global/bounce.c
View File

@ -257,10 +257,11 @@ int vbounce_append(int flags, const char *id, const char *orig_rcpt,
ATTR_TYPE_STR, MAIL_ATTR_WHY, vstring_str(why),
ATTR_TYPE_END) == 0
&& ((flags & DEL_REQ_FLAG_RECORD) == 0
|| vtrace_append(flags, id, orig_rcpt, recipient, relay,
entry, dsn_code, dsn_action, fmt, ap) == 0)) {
vlog_adhoc(id, orig_rcpt, recipient, relay,
entry, log_status, fmt, ap);
|| trace_append(flags, id, orig_rcpt, recipient, relay,
entry, dsn_code, dsn_action,
"%s", vstring_str(why)) == 0)) {
log_adhoc(id, orig_rcpt, recipient, relay,
entry, log_status, "%s", vstring_str(why));
status = (var_soft_bounce ? -1 : 0);
} else if ((flags & BOUNCE_FLAG_CLEAN) == 0) {
status = defer_append(flags, id, orig_rcpt, recipient, offset,
@ -384,10 +385,11 @@ int vbounce_one(int flags, const char *queue, const char *id,
ATTR_TYPE_STR, MAIL_ATTR_WHY, vstring_str(why),
ATTR_TYPE_END) == 0
&& ((flags & DEL_REQ_FLAG_RECORD) == 0
|| vtrace_append(flags, id, orig_rcpt, recipient, relay,
entry, "5.0.0", "failed", fmt, ap) == 0)) {
vlog_adhoc(id, orig_rcpt, recipient, relay,
entry, "bounced", fmt, ap);
|| trace_append(flags, id, orig_rcpt, recipient, relay,
entry, "5.0.0", "failed",
"%s", vstring_str(why)) == 0)) {
log_adhoc(id, orig_rcpt, recipient, relay,
entry, "bounced", "%s", vstring_str(why));
status = 0;
} else if ((flags & BOUNCE_FLAG_CLEAN) == 0) {
status = defer_append(flags, id, orig_rcpt, recipient, offset,

8
postfix/src/global/defer.c
View File

@ -224,14 +224,16 @@ int vdefer_append(int flags, const char *id, const char *orig_rcpt,
ATTR_TYPE_STR, MAIL_ATTR_WHY, vstring_str(why),
ATTR_TYPE_END) != 0)
msg_warn("%s: %s service failure", id, var_defer_service);
vlog_adhoc(id, orig_rcpt, recipient, relay, entry, "deferred", fmt, ap);
log_adhoc(id, orig_rcpt, recipient, relay, entry, "deferred",
"%s", vstring_str(why));
/*
* Traced delivery.
*/
if (flags & DEL_REQ_FLAG_RECORD)
if (vtrace_append(flags, id, orig_rcpt, recipient, relay,
entry, "4.0.0", "deferred", fmt, ap) != 0)
if (trace_append(flags, id, orig_rcpt, recipient, relay,
entry, "4.0.0", "deferred",
"%s", vstring_str(why)) != 0)
msg_warn("%s: %s service failure", id, var_trace_service);
/*

4
postfix/src/global/mail_version.h
View File

@ -20,8 +20,8 @@
* Patches change the patchlevel and the release date. Snapshots change the
* release date only.
*/
#define MAIL_RELEASE_DATE "20040503"
#define MAIL_VERSION_NUMBER "2.1.1"
#define MAIL_RELEASE_DATE "20040615"
#define MAIL_VERSION_NUMBER "2.1.2"
#define VAR_MAIL_VERSION "mail_version"
#ifdef SNAPSHOT

13
postfix/src/global/sent.c
View File

@ -161,17 +161,22 @@ int vsent(int flags, const char *id, const char *orig_rcpt,
* Normal mail delivery. May also send a delivery record to the user.
*/
else {
VSTRING *text = vstring_alloc(10);
vstring_vsprintf(text, fmt, ap);
if ((flags & DEL_REQ_FLAG_RECORD) == 0
|| vtrace_append(flags, id, orig_rcpt, recipient, relay,
entry, "2.0.0", "delivered", fmt, ap) == 0) {
vlog_adhoc(id, orig_rcpt, recipient, relay,
entry, "sent", fmt, ap);
|| trace_append(flags, id, orig_rcpt, recipient, relay,
entry, "2.0.0", "delivered",
"%s", vstring_str(text)) == 0) {
log_adhoc(id, orig_rcpt, recipient, relay,
entry, "sent", "%s", vstring_str(text));
status = 0;
} else {
status = defer_append(flags, id, orig_rcpt, recipient, offset,
relay, entry, "%s: %s service failed",
id, var_trace_service);
}
vstring_free(text);
return (status);
}
}

4
postfix/src/global/trace.c
View File

@ -172,8 +172,8 @@ int vtrace_append(int flags, const char *queue_id,
req_stat = -1;
} else {
if (flags & DEL_REQ_FLAG_EXPAND)
vlog_adhoc(queue_id, orig_rcpt, recipient, relay,
entry, dsn_action, fmt, ap);
log_adhoc(queue_id, orig_rcpt, recipient, relay,
entry, dsn_action, "%s", vstring_str(why));
req_stat = 0;
}
vstring_free(why);

10
postfix/src/global/verify.c
View File

@ -134,26 +134,30 @@ int vverify_append(const char *queue_id, const char *orig_rcpt,
time_t entry, const char *status,
int rcpt_stat, const char *fmt, va_list ap)
{
VSTRING *text = vstring_alloc(10);
int req_stat;
/*
* Impedance adaptor between bounce/defer/sent and verify_clnt.
*/
vstring_vsprintf(text, fmt, ap);
if (var_verify_neg_cache || rcpt_stat == DEL_RCPT_STAT_OK) {
req_stat = verify_clnt_vupdate(orig_rcpt, rcpt_stat, fmt, ap);
if (req_stat == VRFY_STAT_OK && strcasecmp(recipient, orig_rcpt) != 0)
req_stat = verify_clnt_vupdate(recipient, rcpt_stat, fmt, ap);
req_stat = verify_clnt_update(recipient, rcpt_stat,
"%s", vstring_str(text));
} else {
status = "undeliverable-but-not-cached";
req_stat = VRFY_STAT_OK;
}
if (req_stat == VRFY_STAT_OK) {
vlog_adhoc(queue_id, orig_rcpt, recipient, relay,
entry, status, fmt, ap);
log_adhoc(queue_id, orig_rcpt, recipient, relay,
entry, status, "%s", vstring_str(text));
req_stat = 0;
} else {
msg_warn("%s: %s service failure", queue_id, var_verify_service);
req_stat = -1;
}
vstring_free(text);
return (req_stat);
}

2
postfix/src/pickup/pickup.c
View File

@ -35,7 +35,7 @@
/* CONFIGURATION PARAMETERS
/* .ad
/* .fi
/* As the pickup daemon is a relatively long-running process, up
/* As the pickup(8) daemon is a relatively long-running process, up
/* to an hour may pass before a \fBmain.cf\fR change takes effect.
/* Use the command "\fBpostfix reload\fR" command to speed up a change.
/*

4
postfix/src/proxymap/proxymap.c
View File

@ -36,8 +36,8 @@
/* .IP "\fBopen\fR \fImaptype:mapname flags\fR"
/* Open the table with type \fImaptype\fR and name \fImapname\fR,
/* as controlled by \fIflags\fR. The reply includes the \fImaptype\fR
/* dependent flags (to distinguish a fixed string table from regular
/* a expression table).
/* dependent flags (to distinguish a fixed string table from a regular
/* expression table).
/* .IP "\fBlookup\fR \fImaptype:mapname flags key\fR"
/* Look up the data stored under the requested key.
/* The reply is the request completion status code (below) and

4
postfix/src/qmgr/qmgr.c
View File

@ -50,7 +50,7 @@
/* These files are maintained by the \fBdefer\fR(8) daemon.
/* .IP \fBtrace\fR
/* Per-recipient status information as requested with the
/* Postfix "\fBsendmail -v\fR" or "\fBsendmail -bv" command\fR.
/* Postfix "\fBsendmail -v\fR" or "\fBsendmail -bv\fR" command.
/* These files are maintained by the \fBtrace\fR(8) daemon.
/* .PP
/* The \fBqmgr\fR daemon is responsible for asking the
@ -283,7 +283,7 @@
/* SEE ALSO
/* trivial-rewrite(8), address routing
/* bounce(8), delivery status reports
/* postconf(5) configuration parameters
/* postconf(5), configuration parameters
/* master(8), process manager
/* syslogd(8) system logging
/* README FILES

14
postfix/src/smtp/smtp_connect.c
View File

@ -349,6 +349,7 @@ int smtp_connect(SMTP_STATE *state)
if (++addr_count == var_smtp_mxaddr_limit)
next = 0;
if ((state->session = smtp_connect_addr(addr, port, why)) != 0) {
state->features = 0; /* XXX should be SESSION info */
if (++sess_count == var_smtp_mxsess_limit)
next = 0;
state->final_server = (cpp[1] == 0 && next == 0);
@ -356,13 +357,18 @@ int smtp_connect(SMTP_STATE *state)
debug_peer_check(state->session->host, state->session->addr);
if (smtp_helo(state, misc_flags) == 0)
smtp_xfer(state);
if (state->history != 0
&& (state->error_mask & name_mask(VAR_NOTIFY_CLASSES,
mail_error_masks, var_notify_classes)))
smtp_chat_notify(state);
if (state->history != 0) {
if (state->error_mask & name_mask(VAR_NOTIFY_CLASSES,
mail_error_masks, var_notify_classes))
smtp_chat_notify(state);
smtp_chat_reset(state);
}
/* XXX smtp_xfer() may abort in the middle of DATA. */
smtp_session_free(state->session);
state->session = 0;
#ifdef USE_SASL_AUTH
smtp_sasl_cleanup(state);
#endif
debug_peer_restore();
smtp_rcpt_cleanup(state);
} else {

7
postfix/src/smtpd/smtpd.c
View File

@ -338,6 +338,8 @@
/* The number of junk commands (NOOP, VRFY, ETRN or RSET) that a remote
/* SMTP client can send before the Postfix SMTP server starts to
/* increment the error counter with each junk command.
/* .PP
/* Available in Postfix version 2.1 and later:
/* .IP "\fBsmtpd_recipient_overshoot_limit (1000)\fR"
/* The number of recipients that a remote SMTP client can send in
/* excess of the limit specified with $smtpd_recipient_limit, before
@ -349,9 +351,6 @@
/* As of version 2.1, Postfix can be configured to delegate access
/* policy decisions to an external server that runs outside Postfix.
/* See the file SMTPD_POLICY_README for more information.
/* .IP "\fBsmtpd_policy_service_timeout (100s)\fR"
/* The time limit for connecting to, writing to or receiving from a
/* delegated SMTPD policy server.
/* .IP "\fBsmtpd_policy_service_max_idle (300s)\fR"
/* The time after which an idle SMTPD policy service connection is
/* closed.
@ -424,7 +423,7 @@
/* SENDER AND RECIPIENT ADDRESS VERIFICATION CONTROLS
/* .ad
/* .fi
/* Postfix version 2.1 introduces sender and address verification.
/* Postfix version 2.1 introduces sender and recipient address verification.
/* This feature is implemented by sending probe email messages that
/* are not actually delivered.
/* This feature is requested via the reject_unverified_sender and

4
postfix/src/smtpd/smtpd_proxy.h
View File

@ -24,9 +24,9 @@
#define SMTPD_PROX_WANT_MORE '3' /* Expect 3XX reply */
extern int smtpd_proxy_open(SMTPD_STATE *, const char *, int, const char *, const char *);
extern int smtpd_proxy_cmd(SMTPD_STATE *, int, const char *,...);
extern int PRINTFLIKE(3, 4) smtpd_proxy_cmd(SMTPD_STATE *, int, const char *,...);
extern int smtpd_proxy_rec_put(VSTREAM *, int, const char *, int);
extern int smtpd_proxy_rec_fprintf(VSTREAM *, int, const char *,...);
extern int PRINTFLIKE(3, 4) smtpd_proxy_rec_fprintf(VSTREAM *, int, const char *,...);
extern void smtpd_proxy_close(SMTPD_STATE *);
/* LICENSE

2
postfix/src/spawn/spawn.c
View File

@ -53,7 +53,7 @@
/* CONFIGURATION PARAMETERS
/* .ad
/* .fi
/* Changes to \fBmain.cf\fR are picked up automatically as smtpd(8)
/* Changes to \fBmain.cf\fR are picked up automatically as spawn(8)
/* processes run for only a limited amount of time. Use the command
/* "\fBpostfix reload\fR" to speed up a change.
/*

2
postfix/src/trivial-rewrite/trivial-rewrite.c
View File

@ -120,7 +120,7 @@
/* ADDRESS VERIFICATION CONTROLS
/* .ad
/* .fi
/* Postfix version 2.1 introduces sender and address verification.
/* Postfix version 2.1 introduces sender and recipient address verification.
/* This feature is implemented by sending probe email messages that
/* are not actually delivered.
/* By default, address verification probes use the same route

9
postfix/src/util/sys_defs.h
View File

@ -50,8 +50,13 @@
#endif
#define GETTIMEOFDAY(t) gettimeofday(t,(struct timezone *) 0)
#define ROOT_PATH "/bin:/usr/bin:/sbin:/usr/sbin"
#define USE_STATFS
#define STATFS_IN_SYS_MOUNT_H
#if (defined(__NetBSD_Version__) && __NetBSD_Version__ > 200040000)
# define USE_STATVFS
# define STATVFS_IN_SYS_STATVFS_H
#else
# define USE_STATFS
# define STATFS_IN_SYS_MOUNT_H
#endif
#define HAS_POSIX_REGEXP
#define HAS_ST_GEN /* struct stat contains inode generation number */
#define NATIVE_SENDMAIL_PATH "/usr/sbin/sendmail"