mirror of
https://github.com/vdukhovni/postfix
synced 2025-08-22 09:57:34 +00:00
postfix-3.10-20240622
This commit is contained in:
parent
65e61c361d
commit
c770c08168
@ -28095,3 +28095,21 @@ Apologies for any names omitted.
|
|||||||
Bugfix (defect introduced: Postfix 3.10, date 20230310):
|
Bugfix (defect introduced: Postfix 3.10, date 20230310):
|
||||||
segfault after reading a null pointer, while responding to
|
segfault after reading a null pointer, while responding to
|
||||||
an unknown or unimplemented command. File: smtpd/smtpd.c.
|
an unknown or unimplemented command. File: smtpd/smtpd.c.
|
||||||
|
|
||||||
|
20240614
|
||||||
|
|
||||||
|
Documentation: made the descriptions of command-line arguments
|
||||||
|
inside {} more consistent. Files: proto/master, pipe/pipe.c.
|
||||||
|
|
||||||
|
20240618
|
||||||
|
|
||||||
|
Code health: factored out duplicate code for unknown and
|
||||||
|
unimplemented commands in the SMTP server. File: smtpd/smtpd.c.
|
||||||
|
|
||||||
|
20240622
|
||||||
|
|
||||||
|
Documentation: in the rbl_reply_maps description,added text
|
||||||
|
how it handles reject_rbl_* or reject_rhsbl_* queries with
|
||||||
|
an address filter. Also added text to clarify te differences
|
||||||
|
between rbl_reply_maps and postscreen_dnsbl_reply_map.
|
||||||
|
File: proto/postconf.proto.
|
||||||
|
@ -16,6 +16,10 @@ Wish list:
|
|||||||
using FIFOs anymore, and trigger servers could use a proper
|
using FIFOs anymore, and trigger servers could use a proper
|
||||||
(attribute, value) protocol.
|
(attribute, value) protocol.
|
||||||
|
|
||||||
|
The postsceen NON-SMTP test should log the command in
|
||||||
|
the same format as the BARE NEWLINE and PREGREET tests.
|
||||||
|
Consider logging the entire unadulterated command line.
|
||||||
|
|
||||||
"postconf -d" should not complain about a missing master.cf
|
"postconf -d" should not complain about a missing master.cf
|
||||||
file.
|
file.
|
||||||
|
|
||||||
|
@ -909,7 +909,7 @@ stored as plaintext. </p>
|
|||||||
auxprop plugin. Instead, you can use "<code>saslauthd -a ldap</code>"
|
auxprop plugin. Instead, you can use "<code>saslauthd -a ldap</code>"
|
||||||
to query the LDAP database directly, with appropriate configuration
|
to query the LDAP database directly, with appropriate configuration
|
||||||
in <code>saslauthd.conf</code>, <a
|
in <code>saslauthd.conf</code>, <a
|
||||||
href="http://git.cyrusimap.org/cyrus-sasl/tree/saslauthd/LDAP_SASLAUTHD">as
|
href="https://github.com/cyrusimap/cyrus-sasl/blob/master/saslauthd/LDAP_SASLAUTHD">as
|
||||||
described here</a>. You will not be able to use any of the
|
described here</a>. You will not be able to use any of the
|
||||||
methods that require access to plaintext passwords, such as the
|
methods that require access to plaintext passwords, such as the
|
||||||
shared-secret methods CRAM-MD5 and DIGEST-MD5. </p>
|
shared-secret methods CRAM-MD5 and DIGEST-MD5. </p>
|
||||||
|
@ -240,16 +240,14 @@ MASTER(5) MASTER(5)
|
|||||||
verbose.
|
verbose.
|
||||||
|
|
||||||
<b>Command-line arguments that start with {</b>
|
<b>Command-line arguments that start with {</b>
|
||||||
Specify "{" and "}" around command arguments that start
|
|
||||||
with "{" (Postfix 3.0 and later). The outer "{" and "}"
|
|
||||||
are removed from the input, together with any leading or
|
|
||||||
trailing whitespace.
|
|
||||||
|
|
||||||
<b>Other command-line arguments</b>
|
<b>Command-line arguments that contain whitespace</b>
|
||||||
Specify "{" and "}" around command arguments that contain
|
|
||||||
whitespace (Postfix 3.0 and later). The outer "{" and "}"
|
<b>Command-line arguments that must be empty</b>
|
||||||
are removed from the input, together with any leading or
|
Specify "{" and "}" around such arguments (Postfix 3.0
|
||||||
trailing whitespace.
|
and later). The outer "{" and "}" will be removed,
|
||||||
|
together with any leading or trailing whitespace in the
|
||||||
|
remaining text.
|
||||||
|
|
||||||
<b>SEE ALSO</b>
|
<b>SEE ALSO</b>
|
||||||
<a href="master.8.html">master(8)</a>, process manager
|
<a href="master.8.html">master(8)</a>, process manager
|
||||||
|
@ -195,8 +195,10 @@ PIPE(8) PIPE(8)
|
|||||||
interpreter.
|
interpreter.
|
||||||
|
|
||||||
Specify "{" and "}" around command arguments that contain white-
|
Specify "{" and "}" around command arguments that contain white-
|
||||||
space (Postfix 3.0 and later). Whitespace after the opening "{"
|
space, arguments that begin with "{", or arguments that must be
|
||||||
and before the closing "}" is ignored.
|
an empty string (Postfix 3.0 and later). The outer "{" and "}"
|
||||||
|
will be removed, together with any leading or trailing white-
|
||||||
|
space in the remaining text.
|
||||||
|
|
||||||
In the command argument vector, the following macros are recog-
|
In the command argument vector, the following macros are recog-
|
||||||
nized and replaced with corresponding information from the Post-
|
nized and replaced with corresponding information from the Post-
|
||||||
|
@ -2670,7 +2670,7 @@ Instead of $name you can also specify ${name} or $(name).
|
|||||||
|
|
||||||
<p> Note: when an enhanced status code is specified in an RBL reply
|
<p> Note: when an enhanced status code is specified in an RBL reply
|
||||||
template, it is subject to modification. The following transformations
|
template, it is subject to modification. The following transformations
|
||||||
are needed when the same RBL reply template is used for client,
|
are needed when the same RBL response template is used for client,
|
||||||
helo, sender, or recipient access restrictions. </p>
|
helo, sender, or recipient access restrictions. </p>
|
||||||
|
|
||||||
<ul>
|
<ul>
|
||||||
@ -8798,6 +8798,11 @@ the file is read). </p>
|
|||||||
secret.zen.spamhaus.org zen.spamhaus.org
|
secret.zen.spamhaus.org zen.spamhaus.org
|
||||||
</pre>
|
</pre>
|
||||||
|
|
||||||
|
<p> NOTE: This feature differs from the Postfix SMTP server's
|
||||||
|
<a href="postconf.5.html#rbl_reply_maps">rbl_reply_maps</a> feature, where 1) the table search key includes the
|
||||||
|
optional "<i>=address</i>" filter, and where 2) the lookup result
|
||||||
|
contains free text with <i>$name</i> variables. </p>
|
||||||
|
|
||||||
<p> This feature is available in Postfix 2.8. </p>
|
<p> This feature is available in Postfix 2.8. </p>
|
||||||
|
|
||||||
|
|
||||||
@ -9807,15 +9812,46 @@ This feature is available in Postfix 2.0 and later.
|
|||||||
(default: empty)</b></DT><DD>
|
(default: empty)</b></DT><DD>
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
Optional lookup tables with RBL response templates. The tables are
|
Optional lookup tables with RBL or RHSBL response templates. The
|
||||||
indexed by the RBL domain name. By default, Postfix uses the default
|
table search key is the reject_rbl_* or reject_rhsbl_* argument,
|
||||||
|
including any optional "<i>=address-pattern</i>" filter. </p>
|
||||||
|
|
||||||
|
<p> By default, Postfix uses the
|
||||||
template as specified with the <a href="postconf.5.html#default_rbl_reply">default_rbl_reply</a> configuration
|
template as specified with the <a href="postconf.5.html#default_rbl_reply">default_rbl_reply</a> configuration
|
||||||
parameter. See there for a discussion of the syntax of RBL reply
|
parameter. See there for a discussion of the response template
|
||||||
templates.
|
syntax.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<p> Example: </p>
|
||||||
|
|
||||||
|
<pre>
|
||||||
|
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
|
||||||
|
<a href="postconf.5.html#rbl_reply_maps">rbl_reply_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/rbl_reply
|
||||||
|
<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> =
|
||||||
|
<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>,
|
||||||
|
<a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a> <i>secret</i>.zen.dq.spamhaus.net=127.0.0.[2..11],
|
||||||
|
...
|
||||||
|
<br>
|
||||||
|
/etc/postfix/rbl_reply:
|
||||||
|
# See https://www.postfix.org/postconf.5.html#<a href="postconf.5.html#default_rbl_reply">default_rbl_reply</a>
|
||||||
|
# for the definition of the $client_address and $rbl_class etc.
|
||||||
|
# variables.
|
||||||
|
<i>secret</i>.zen.dq.spamhaus.net=127.0.0.[2..11]
|
||||||
|
554 $rbl_class $rbl_what blocked using ZEN - see <a href="https://www.spamhaus.org/query/ip/$client_address">https://www.spamhaus.org/query/ip/$client_address</a> for details
|
||||||
|
<i>secret</i>.zen.dq.spamhaus.net
|
||||||
|
554 $rbl_class $rbl_what blocked using ZEN - see <a href="https://www.spamhaus.org/query/ip/$client_address">https://www.spamhaus.org/query/ip/$client_address</a> for details
|
||||||
|
</pre>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
NOTE: This feature differs from <a href="postconf.5.html#postscreen_dnsbl_reply_map">postscreen_dnsbl_reply_map</a> where
|
||||||
|
the table search key is a domain name (no "<i>=address</i>" filter,
|
||||||
|
no "<i>*weight</i>" factor) and where the lookup result should be
|
||||||
|
a domain name (no free text, no <i>$name</i> variables).
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
This feature is available in Postfix 2.0 and later.
|
This feature is available in Postfix 2.0 and later.
|
||||||
|
The "=address-pattern" filter is available in Postfix 2.8 and later.
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
|
|
||||||
|
@ -1316,7 +1316,7 @@ SMTPD(8) SMTPD(8)
|
|||||||
<a href="postconf.5.html#reject_multi_recipient_bounce">ent_bounce</a> restriction.
|
<a href="postconf.5.html#reject_multi_recipient_bounce">ent_bounce</a> restriction.
|
||||||
|
|
||||||
<b><a href="postconf.5.html#rbl_reply_maps">rbl_reply_maps</a> (empty)</b>
|
<b><a href="postconf.5.html#rbl_reply_maps">rbl_reply_maps</a> (empty)</b>
|
||||||
Optional lookup tables with RBL response templates.
|
Optional lookup tables with RBL or RHSBL response templates.
|
||||||
|
|
||||||
Available in Postfix version 2.6 and later:
|
Available in Postfix version 2.6 and later:
|
||||||
|
|
||||||
|
@ -243,15 +243,12 @@ personalities via master.cf.
|
|||||||
Increase the verbose logging level. Specify multiple \fB\-v\fR
|
Increase the verbose logging level. Specify multiple \fB\-v\fR
|
||||||
options to make a Postfix daemon process increasingly verbose.
|
options to make a Postfix daemon process increasingly verbose.
|
||||||
.IP "\fBCommand\-line arguments that start with {\fR"
|
.IP "\fBCommand\-line arguments that start with {\fR"
|
||||||
Specify "{" and "}" around command arguments that start
|
.IP "\fBCommand\-line arguments that contain whitespace\fR"
|
||||||
with "{" (Postfix 3.0 and later). The outer "{" and "}" are
|
.IP "\fBCommand\-line arguments that must be empty\fR"
|
||||||
removed from the input, together with any leading or trailing
|
Specify "{" and "}" around such arguments (Postfix 3.0 and
|
||||||
whitespace.
|
later). The outer "{" and "}" will be removed, together
|
||||||
.IP "\fBOther command\-line arguments\fR"
|
with any leading or trailing whitespace in the remaining
|
||||||
Specify "{" and "}" around command arguments that contain
|
text.
|
||||||
whitespace (Postfix 3.0 and later). The outer "{" and "}"
|
|
||||||
are removed from the input, together with any leading or
|
|
||||||
trailing whitespace.
|
|
||||||
.SH "SEE ALSO"
|
.SH "SEE ALSO"
|
||||||
.na
|
.na
|
||||||
.nf
|
.nf
|
||||||
|
@ -1732,7 +1732,7 @@ Instead of $name you can also specify ${name} or $(name).
|
|||||||
.PP
|
.PP
|
||||||
Note: when an enhanced status code is specified in an RBL reply
|
Note: when an enhanced status code is specified in an RBL reply
|
||||||
template, it is subject to modification. The following transformations
|
template, it is subject to modification. The following transformations
|
||||||
are needed when the same RBL reply template is used for client,
|
are needed when the same RBL response template is used for client,
|
||||||
helo, sender, or recipient access restrictions.
|
helo, sender, or recipient access restrictions.
|
||||||
.IP \(bu
|
.IP \(bu
|
||||||
When rejecting a sender address, the Postfix SMTP server
|
When rejecting a sender address, the Postfix SMTP server
|
||||||
@ -5570,6 +5570,11 @@ Example:
|
|||||||
.ad
|
.ad
|
||||||
.ft R
|
.ft R
|
||||||
.PP
|
.PP
|
||||||
|
NOTE: This feature differs from the Postfix SMTP server's
|
||||||
|
rbl_reply_maps feature, where 1) the table search key includes the
|
||||||
|
optional "\fI=address\fR" filter, and where 2) the lookup result
|
||||||
|
contains free text with \fI$name\fR variables.
|
||||||
|
.PP
|
||||||
This feature is available in Postfix 2.8.
|
This feature is available in Postfix 2.8.
|
||||||
.SH postscreen_dnsbl_sites (default: empty)
|
.SH postscreen_dnsbl_sites (default: empty)
|
||||||
Optional list of patterns with DNS allow/denylist domains, filters
|
Optional list of patterns with DNS allow/denylist domains, filters
|
||||||
@ -6160,13 +6165,46 @@ queue and schedules delivery requests.
|
|||||||
.PP
|
.PP
|
||||||
This feature is available in Postfix 2.0 and later.
|
This feature is available in Postfix 2.0 and later.
|
||||||
.SH rbl_reply_maps (default: empty)
|
.SH rbl_reply_maps (default: empty)
|
||||||
Optional lookup tables with RBL response templates. The tables are
|
Optional lookup tables with RBL or RHSBL response templates. The
|
||||||
indexed by the RBL domain name. By default, Postfix uses the default
|
table search key is the reject_rbl_* or reject_rhsbl_* argument,
|
||||||
|
including any optional "\fI=address\-pattern\fR" filter.
|
||||||
|
.PP
|
||||||
|
By default, Postfix uses the
|
||||||
template as specified with the default_rbl_reply configuration
|
template as specified with the default_rbl_reply configuration
|
||||||
parameter. See there for a discussion of the syntax of RBL reply
|
parameter. See there for a discussion of the response template
|
||||||
templates.
|
syntax.
|
||||||
|
.PP
|
||||||
|
Example:
|
||||||
|
.PP
|
||||||
|
.nf
|
||||||
|
.na
|
||||||
|
.ft C
|
||||||
|
/etc/postfix/main.cf:
|
||||||
|
rbl_reply_maps = hash:/etc/postfix/rbl_reply
|
||||||
|
smtpd_recipient_restrictions =
|
||||||
|
permit_mynetworks,
|
||||||
|
reject_rbl_client \fIsecret\fR.zen.dq.spamhaus.net=127.0.0.[2..11],
|
||||||
|
...
|
||||||
|
.br
|
||||||
|
/etc/postfix/rbl_reply:
|
||||||
|
# See https://www.postfix.org/postconf.5.html#default_rbl_reply
|
||||||
|
# for the definition of the $client_address and $rbl_class etc.
|
||||||
|
# variables.
|
||||||
|
\fIsecret\fR.zen.dq.spamhaus.net=127.0.0.[2..11]
|
||||||
|
554 $rbl_class $rbl_what blocked using ZEN \- see https://www.spamhaus.org/query/ip/$client_address for details
|
||||||
|
\fIsecret\fR.zen.dq.spamhaus.net
|
||||||
|
554 $rbl_class $rbl_what blocked using ZEN \- see https://www.spamhaus.org/query/ip/$client_address for details
|
||||||
|
.fi
|
||||||
|
.ad
|
||||||
|
.ft R
|
||||||
|
.PP
|
||||||
|
NOTE: This feature differs from postscreen_dnsbl_reply_map where
|
||||||
|
the table search key is a domain name (no "\fI=address\fR" filter,
|
||||||
|
no "\fI*weight\fR" factor) and where the lookup result should be
|
||||||
|
a domain name (no free text, no \fI$name\fR variables).
|
||||||
.PP
|
.PP
|
||||||
This feature is available in Postfix 2.0 and later.
|
This feature is available in Postfix 2.0 and later.
|
||||||
|
The "=address\-pattern" filter is available in Postfix 2.8 and later.
|
||||||
.SH readme_directory (default: see "postconf \-d" output)
|
.SH readme_directory (default: see "postconf \-d" output)
|
||||||
The location of Postfix README files that describe how to build,
|
The location of Postfix README files that describe how to build,
|
||||||
configure or operate a specific Postfix subsystem or feature.
|
configure or operate a specific Postfix subsystem or feature.
|
||||||
|
@ -201,8 +201,10 @@ The command is executed directly, i.e. without interpretation of
|
|||||||
shell meta characters by a shell command interpreter.
|
shell meta characters by a shell command interpreter.
|
||||||
.sp
|
.sp
|
||||||
Specify "{" and "}" around command arguments that contain
|
Specify "{" and "}" around command arguments that contain
|
||||||
whitespace (Postfix 3.0 and later). Whitespace
|
whitespace, arguments that begin with "{", or arguments
|
||||||
after the opening "{" and before the closing "}" is ignored.
|
that must be an empty string (Postfix 3.0 and later). The
|
||||||
|
outer "{" and "}" will be removed, together with any leading
|
||||||
|
or trailing whitespace in the remaining text.
|
||||||
.sp
|
.sp
|
||||||
In the command argument vector, the following macros are recognized
|
In the command argument vector, the following macros are recognized
|
||||||
and replaced with corresponding information from the Postfix queue
|
and replaced with corresponding information from the Postfix queue
|
||||||
|
@ -1140,7 +1140,7 @@ The numerical Postfix SMTP server response code when a remote SMTP
|
|||||||
client request is blocked by the reject_multi_recipient_bounce
|
client request is blocked by the reject_multi_recipient_bounce
|
||||||
restriction.
|
restriction.
|
||||||
.IP "\fBrbl_reply_maps (empty)\fR"
|
.IP "\fBrbl_reply_maps (empty)\fR"
|
||||||
Optional lookup tables with RBL response templates.
|
Optional lookup tables with RBL or RHSBL response templates.
|
||||||
.PP
|
.PP
|
||||||
Available in Postfix version 2.6 and later:
|
Available in Postfix version 2.6 and later:
|
||||||
.IP "\fBaccess_map_defer_code (450)\fR"
|
.IP "\fBaccess_map_defer_code (450)\fR"
|
||||||
|
@ -909,7 +909,7 @@ stored as plaintext. </p>
|
|||||||
auxprop plugin. Instead, you can use "<code>saslauthd -a ldap</code>"
|
auxprop plugin. Instead, you can use "<code>saslauthd -a ldap</code>"
|
||||||
to query the LDAP database directly, with appropriate configuration
|
to query the LDAP database directly, with appropriate configuration
|
||||||
in <code>saslauthd.conf</code>, <a
|
in <code>saslauthd.conf</code>, <a
|
||||||
href="http://git.cyrusimap.org/cyrus-sasl/tree/saslauthd/LDAP_SASLAUTHD">as
|
href="https://github.com/cyrusimap/cyrus-sasl/blob/master/saslauthd/LDAP_SASLAUTHD">as
|
||||||
described here</a>. You will not be able to use any of the
|
described here</a>. You will not be able to use any of the
|
||||||
methods that require access to plaintext passwords, such as the
|
methods that require access to plaintext passwords, such as the
|
||||||
shared-secret methods CRAM-MD5 and DIGEST-MD5. </p>
|
shared-secret methods CRAM-MD5 and DIGEST-MD5. </p>
|
||||||
|
@ -237,15 +237,12 @@
|
|||||||
# Increase the verbose logging level. Specify multiple \fB-v\fR
|
# Increase the verbose logging level. Specify multiple \fB-v\fR
|
||||||
# options to make a Postfix daemon process increasingly verbose.
|
# options to make a Postfix daemon process increasingly verbose.
|
||||||
# .IP "\fBCommand-line arguments that start with {\fR"
|
# .IP "\fBCommand-line arguments that start with {\fR"
|
||||||
# Specify "{" and "}" around command arguments that start
|
# .IP "\fBCommand-line arguments that contain whitespace\fR"
|
||||||
# with "{" (Postfix 3.0 and later). The outer "{" and "}" are
|
# .IP "\fBCommand-line arguments that must be empty\fR"
|
||||||
# removed from the input, together with any leading or trailing
|
# Specify "{" and "}" around such arguments (Postfix 3.0 and
|
||||||
# whitespace.
|
# later). The outer "{" and "}" will be removed, together
|
||||||
# .IP "\fBOther command-line arguments\fR"
|
# with any leading or trailing whitespace in the remaining
|
||||||
Specify "{" and "}" around command arguments that contain
|
# text.
|
||||||
# whitespace (Postfix 3.0 and later). The outer "{" and "}"
|
|
||||||
# are removed from the input, together with any leading or
|
|
||||||
# trailing whitespace.
|
|
||||||
# SEE ALSO
|
# SEE ALSO
|
||||||
# master(8), process manager
|
# master(8), process manager
|
||||||
# postconf(5), configuration parameters
|
# postconf(5), configuration parameters
|
||||||
|
@ -1254,7 +1254,7 @@ Instead of $name you can also specify ${name} or $(name).
|
|||||||
|
|
||||||
<p> Note: when an enhanced status code is specified in an RBL reply
|
<p> Note: when an enhanced status code is specified in an RBL reply
|
||||||
template, it is subject to modification. The following transformations
|
template, it is subject to modification. The following transformations
|
||||||
are needed when the same RBL reply template is used for client,
|
are needed when the same RBL response template is used for client,
|
||||||
helo, sender, or recipient access restrictions. </p>
|
helo, sender, or recipient access restrictions. </p>
|
||||||
|
|
||||||
<ul>
|
<ul>
|
||||||
@ -3586,15 +3586,46 @@ The default time unit is s (seconds). </p>
|
|||||||
%PARAM rbl_reply_maps
|
%PARAM rbl_reply_maps
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
Optional lookup tables with RBL response templates. The tables are
|
Optional lookup tables with RBL or RHSBL response templates. The
|
||||||
indexed by the RBL domain name. By default, Postfix uses the default
|
table search key is the reject_rbl_* or reject_rhsbl_* argument,
|
||||||
|
including any optional "<i>=address-pattern</i>" filter. </p>
|
||||||
|
|
||||||
|
<p> By default, Postfix uses the
|
||||||
template as specified with the default_rbl_reply configuration
|
template as specified with the default_rbl_reply configuration
|
||||||
parameter. See there for a discussion of the syntax of RBL reply
|
parameter. See there for a discussion of the response template
|
||||||
templates.
|
syntax.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<p> Example: </p>
|
||||||
|
|
||||||
|
<pre>
|
||||||
|
/etc/postfix/main.cf:
|
||||||
|
rbl_reply_maps = hash:/etc/postfix/rbl_reply
|
||||||
|
smtpd_recipient_restrictions =
|
||||||
|
permit_mynetworks,
|
||||||
|
reject_rbl_client <i>secret</i>.zen.dq.spamhaus.net=127.0.0.[2..11],
|
||||||
|
...
|
||||||
|
<br>
|
||||||
|
/etc/postfix/rbl_reply:
|
||||||
|
# See https://www.postfix.org/postconf.5.html#default_rbl_reply
|
||||||
|
# for the definition of the $client_address and $rbl_class etc.
|
||||||
|
# variables.
|
||||||
|
<i>secret</i>.zen.dq.spamhaus.net=127.0.0.[2..11]
|
||||||
|
554 $rbl_class $rbl_what blocked using ZEN - see https://www.spamhaus.org/query/ip/$client_address for details
|
||||||
|
<i>secret</i>.zen.dq.spamhaus.net
|
||||||
|
554 $rbl_class $rbl_what blocked using ZEN - see https://www.spamhaus.org/query/ip/$client_address for details
|
||||||
|
</pre>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
NOTE: This feature differs from postscreen_dnsbl_reply_map where
|
||||||
|
the table search key is a domain name (no "<i>=address</i>" filter,
|
||||||
|
no "<i>*weight</i>" factor) and where the lookup result should be
|
||||||
|
a domain name (no free text, no <i>$name</i> variables).
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
This feature is available in Postfix 2.0 and later.
|
This feature is available in Postfix 2.0 and later.
|
||||||
|
The "=address-pattern" filter is available in Postfix 2.8 and later.
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
%PARAM receive_override_options
|
%PARAM receive_override_options
|
||||||
@ -15418,6 +15449,11 @@ the file is read). </p>
|
|||||||
secret.zen.spamhaus.org zen.spamhaus.org
|
secret.zen.spamhaus.org zen.spamhaus.org
|
||||||
</pre>
|
</pre>
|
||||||
|
|
||||||
|
<p> NOTE: This feature differs from the Postfix SMTP server's
|
||||||
|
rbl_reply_maps feature, where 1) the table search key includes the
|
||||||
|
optional "<i>=address</i>" filter, and where 2) the lookup result
|
||||||
|
contains free text with <i>$name</i> variables. </p>
|
||||||
|
|
||||||
<p> This feature is available in Postfix 2.8. </p>
|
<p> This feature is available in Postfix 2.8. </p>
|
||||||
|
|
||||||
%PARAM postscreen_dnsbl_timeout 10s
|
%PARAM postscreen_dnsbl_timeout 10s
|
||||||
|
@ -1604,3 +1604,5 @@ LLC
|
|||||||
Maadani
|
Maadani
|
||||||
GTEST
|
GTEST
|
||||||
javascript
|
javascript
|
||||||
|
SMFI
|
||||||
|
RHSBL
|
||||||
|
@ -126,3 +126,5 @@ proto proto mysql_table proto pgsql_table proto ldap_table
|
|||||||
a domain File postalias postalias c
|
a domain File postalias postalias c
|
||||||
File spawn spawn c
|
File spawn spawn c
|
||||||
an unknown or unimplemented command File smtpd smtpd c
|
an unknown or unimplemented command File smtpd smtpd c
|
||||||
|
inside more consistent Files proto master pipe pipe c
|
||||||
|
unimplemented commands in the SMTP server File smtpd smtpd c
|
||||||
|
@ -20,7 +20,7 @@
|
|||||||
* Patches change both the patchlevel and the release date. Snapshots have no
|
* Patches change both the patchlevel and the release date. Snapshots have no
|
||||||
* patchlevel; they change the release date only.
|
* patchlevel; they change the release date only.
|
||||||
*/
|
*/
|
||||||
#define MAIL_RELEASE_DATE "20240612"
|
#define MAIL_RELEASE_DATE "20240622"
|
||||||
#define MAIL_VERSION_NUMBER "3.10"
|
#define MAIL_VERSION_NUMBER "3.10"
|
||||||
|
|
||||||
#ifdef SNAPSHOT
|
#ifdef SNAPSHOT
|
||||||
|
@ -191,8 +191,10 @@
|
|||||||
/* shell meta characters by a shell command interpreter.
|
/* shell meta characters by a shell command interpreter.
|
||||||
/* .sp
|
/* .sp
|
||||||
/* Specify "{" and "}" around command arguments that contain
|
/* Specify "{" and "}" around command arguments that contain
|
||||||
/* whitespace (Postfix 3.0 and later). Whitespace
|
/* whitespace, arguments that begin with "{", or arguments
|
||||||
/* after the opening "{" and before the closing "}" is ignored.
|
/* that must be an empty string (Postfix 3.0 and later). The
|
||||||
|
/* outer "{" and "}" will be removed, together with any leading
|
||||||
|
/* or trailing whitespace in the remaining text.
|
||||||
/* .sp
|
/* .sp
|
||||||
/* In the command argument vector, the following macros are recognized
|
/* In the command argument vector, the following macros are recognized
|
||||||
/* and replaced with corresponding information from the Postfix queue
|
/* and replaced with corresponding information from the Postfix queue
|
||||||
|
@ -1084,7 +1084,7 @@
|
|||||||
/* client request is blocked by the reject_multi_recipient_bounce
|
/* client request is blocked by the reject_multi_recipient_bounce
|
||||||
/* restriction.
|
/* restriction.
|
||||||
/* .IP "\fBrbl_reply_maps (empty)\fR"
|
/* .IP "\fBrbl_reply_maps (empty)\fR"
|
||||||
/* Optional lookup tables with RBL response templates.
|
/* Optional lookup tables with RBL or RHSBL response templates.
|
||||||
/* .PP
|
/* .PP
|
||||||
/* Available in Postfix version 2.6 and later:
|
/* Available in Postfix version 2.6 and later:
|
||||||
/* .IP "\fBaccess_map_defer_code (450)\fR"
|
/* .IP "\fBaccess_map_defer_code (450)\fR"
|
||||||
@ -5501,11 +5501,43 @@ static void tls_reset(SMTPD_STATE *state)
|
|||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
/* milter_unknown_reply_override - common code for unknown/unimplemented case */
|
||||||
|
|
||||||
|
static int milter_unknown_reply_override(SMTPD_STATE *state)
|
||||||
|
{
|
||||||
|
const char *err;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* XXX The Postfix libmilter implementation does not indicate whether it
|
||||||
|
* returns:
|
||||||
|
*
|
||||||
|
* 1) A generic "command rejected" etc. reply text that is generated by the
|
||||||
|
* Postfix milter library, when the Sendmail milter library replies with
|
||||||
|
* SMFI_REJECT or SMFI_TEMPFAIL.
|
||||||
|
*
|
||||||
|
* 2) A custom reply text that is generated by a milter application, when
|
||||||
|
* the Sendmail milter library replies with SMFI_REPLY.
|
||||||
|
*
|
||||||
|
* As a compromise, we will not override the Postfix SMTP server's specific
|
||||||
|
* "5XX Unknown command" etc. reply.
|
||||||
|
*/
|
||||||
|
if (state->milters != 0
|
||||||
|
&& (err = milter_unknown_event(state->milters,
|
||||||
|
STR(state->buffer))) != 0) {
|
||||||
|
if (err[0] == '4') {
|
||||||
|
smtpd_chat_reply(state, "%s", err);
|
||||||
|
return (1);
|
||||||
|
} else if (err[0] != '5') {
|
||||||
|
msg_warn("unexpected SMFIC_UNKNOWN response: %s", err);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return (0);
|
||||||
|
}
|
||||||
|
|
||||||
/* unimpl_cmd - dummy for functionality that is not compiled in */
|
/* unimpl_cmd - dummy for functionality that is not compiled in */
|
||||||
|
|
||||||
static int unimpl_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
|
static int unimpl_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
|
||||||
{
|
{
|
||||||
const char *err = 0;
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* When a connection is closed we want to log the request counts for
|
* When a connection is closed we want to log the request counts for
|
||||||
@ -5516,16 +5548,8 @@ static int unimpl_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
|
|||||||
* it must either tempfail or reject.
|
* it must either tempfail or reject.
|
||||||
*/
|
*/
|
||||||
state->error_mask |= MAIL_ERROR_PROTOCOL;
|
state->error_mask |= MAIL_ERROR_PROTOCOL;
|
||||||
if (state->milters != 0
|
if (milter_unknown_reply_override(state) == 0)
|
||||||
&& (err = milter_unknown_event(state->milters,
|
|
||||||
STR(state->buffer))) != 0
|
|
||||||
&& err[0] == '4') {
|
|
||||||
smtpd_chat_reply(state, "%s", err);
|
|
||||||
} else {
|
|
||||||
if (err && err[0] != '5')
|
|
||||||
msg_warn("unexpected SMFIC_UNKNOWN response: %s", err);
|
|
||||||
smtpd_chat_reply(state, "502 5.5.1 Error: command not implemented");
|
smtpd_chat_reply(state, "502 5.5.1 Error: command not implemented");
|
||||||
}
|
|
||||||
return (-1);
|
return (-1);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -5553,7 +5577,7 @@ typedef struct SMTPD_CMD {
|
|||||||
#define SMTPD_CMD_FLAG_PRE_TLS (1<<1) /* allow before STARTTLS */
|
#define SMTPD_CMD_FLAG_PRE_TLS (1<<1) /* allow before STARTTLS */
|
||||||
#define SMTPD_CMD_FLAG_LAST (1<<2) /* last in PIPELINING command group */
|
#define SMTPD_CMD_FLAG_LAST (1<<2) /* last in PIPELINING command group */
|
||||||
|
|
||||||
static int help_cmd(SMTPD_STATE *, int, SMTPD_TOKEN *);
|
static int help_cmd(SMTPD_STATE *, int, SMTPD_TOKEN *);
|
||||||
|
|
||||||
static SMTPD_CMD smtpd_cmd_table[] = {
|
static SMTPD_CMD smtpd_cmd_table[] = {
|
||||||
{SMTPD_CMD_HELO, helo_cmd, SMTPD_CMD_FLAG_LIMIT | SMTPD_CMD_FLAG_PRE_TLS | SMTPD_CMD_FLAG_LAST,},
|
{SMTPD_CMD_HELO, helo_cmd, SMTPD_CMD_FLAG_LIMIT | SMTPD_CMD_FLAG_PRE_TLS | SMTPD_CMD_FLAG_LAST,},
|
||||||
@ -6021,19 +6045,9 @@ static void smtpd_proto(SMTPD_STATE *state)
|
|||||||
}
|
}
|
||||||
/* state->access_denied == 0 || cmdp->action == quit_cmd */
|
/* state->access_denied == 0 || cmdp->action == quit_cmd */
|
||||||
if (cmdp->name == 0) {
|
if (cmdp->name == 0) {
|
||||||
/* See unimpl_cmd() for valid xxfi_unknown() return values. */
|
if (milter_unknown_reply_override(state) == 0)
|
||||||
err = 0;
|
|
||||||
if (state->milters != 0
|
|
||||||
&& (err = milter_unknown_event(state->milters,
|
|
||||||
STR(state->buffer))) != 0
|
|
||||||
&& err[0] == '4') {
|
|
||||||
smtpd_chat_reply(state, "%s", err);
|
|
||||||
} else {
|
|
||||||
if (err && err[0] != '5')
|
|
||||||
msg_warn("unexpected SMFIC_UNKNOWN response: %s", err);
|
|
||||||
smtpd_chat_reply(state,
|
smtpd_chat_reply(state,
|
||||||
"500 5.5.2 Error: command not recognized");
|
"500 5.5.2 Error: command not recognized");
|
||||||
}
|
|
||||||
state->error_mask |= MAIL_ERROR_PROTOCOL;
|
state->error_mask |= MAIL_ERROR_PROTOCOL;
|
||||||
state->error_count++;
|
state->error_count++;
|
||||||
continue;
|
continue;
|
||||||
|
Loading…
x
Reference in New Issue
Block a user