mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-29 13:18:12 +00:00
Code Issues Releases Wiki Activity

snapshot-20000104

Browse Source
This commit is contained in:
Wietse Venema 2000-01-04 00:00:00 -05:00
parent 09f6aad7bc
commit c995189c70
18 changed files with 566 additions and 186 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
postfix/HISTORY
View File

@ -3515,3 +3515,31 @@ Apologies for any names omitted.
to enable LMTP delivery over UNIX-domain sockets. The goal
is to simplify the experimental LMTP delivery agent by
ripping out the privileged code that forks the LMTP server.
20000102
Clarified documentation after early feedback on the 19991231
release by Drew Derbyshire, Ollivier Robert, Khetan Gajjar.
Sanity check: a common error is to list Postfix virtual
domains in the mydestination parameter. This causes the
new optional local_recipient_maps feature to reject mail
for virtual users. The SMTP server now explicitly tests
for this common error and logs a warning instead of refusing
the mail. File: smtpd/smtpd_check.c.
20000104
Bugfix: a case sensitivity bug had slipped through in the
anti-relaying code, causing mail for USER@VIRTUAL.DOMAIN
to be rejected with "relay access denied". This was found
by Jim Maenpaa @ jmm.com.
Questionable feature: set "smtp_skip_5xx_greeting = yes"
to make Postfix more sendmail compatible, even though this
is wrong, IMNSHO. File: smtp/smtp_connect.c.
Portability: Ultrix patch from Simon Burge @ thistledown.com.au.
Portability: Siemens Pyramid (dcosx) patch by Thomas D.
Knox @ vushta.com.

19
postfix/RELEASE_NOTES
View File

@ -1,3 +1,14 @@
Incompatible changes with snapshot-20000104
===========================================
None sofar.
Major changes with snapshot-20000104
====================================
Questionable feature: with "smtp_skip_5xx_greeting = yes", Postfix
emulates brain damage found in some other MTAs.
Incompatible changes with postfix-19991231:
===========================================
@ -76,10 +87,10 @@ installation can be done without write access to the build tree.
- The SMTP server now rejects mail for unknown users in virtual
domains that are defined by Postfix virtual maps.
- The SMTP server optionally rejects mail for unknown local users.
Use "local_recipient_maps = $alias_maps, unix:passwd.byname" if
your local mail is delivered by a UNIX-style local delivery agent.
See example in conf/main.cf.
- The SMTP server can reject mail for unknown local users. Specify
"local_recipient_maps = $relocated_maps, $alias_maps, unix:passwd.byname"
if your local mail is delivered by a UNIX-style local delivery
agent. See example in conf/main.cf.
- Use "disable_vrfy_command = yes" to disable the SMTP VRFY command.
This prevents some forms of address harvesting.

43
postfix/conf/access
View File

@ -10,12 +10,21 @@
# to selectively reject or accept mail from or to specific hosts,
# domains, networks, host addresses or mail addresses.
#
# The table serves as input to the \fBpostmap\fR(1) command. The
# result, an indexed file in \fBdbm\fR or \fBdb\fR format,
# Normally, the table serves as input to the \fBpostmap\fR(1) command.
# The result, an indexed file in \fBdbm\fR or \fBdb\fR format,
# is used for fast searching by the mail system. After an update
# it may take a minute or so before the change becomes visible.
# Issue a \fBpostfix reload\fR command to eliminate the delay.
#
# When the table is provided via other means such as NIS, LDAP
# or SQL, the same lookups are done as for ordinary indexed files.
#
# Alternatively, the table can be provided as a regular-expression
# map where patterns are given as regular expressions. In that case,
# the lookups are done in a slightly different way as described below.
# TABLE FORMAT
# .ad
# .fi
# The format of the access table is as follows:
# .IP "blanks and comments"
# Blank lines are ignored, as are lines beginning with `#'.
@ -23,14 +32,15 @@
# When \fIpattern\fR matches a mail address, domain or host address,
# perform the corresponding \fIaction\fR.
# PATTERNS
# Patterns are tried in the order as listed below:
# .ad
# .fi
# With lookups from indexed files, patterns are tried in the order as
# listed below:
# .IP \fIuser\fR@\fIdomain\fR
# Matches the specified mail address.
# .IP \fIdomain.name\fR
# Matches the \fIdomain.name\fR itself and any subdomain thereof,
# either in hostnames or in mail addresses. Top-level domains will
# Matches the \fIdomain.name\fR itself and any subdomain thereof,
# either in hostnames or in mail addresses. Top-level domains will
# never be matched.
# .IP \fIuser\fR@
# Matches all mail addresses with the specified user part.
@ -52,11 +62,34 @@
# .IP \fBOK\fR
# .IP "\fIAny other text\fR"
# Accept the address etc. that matches the pattern.
# REGULAR EXPRESSION TABLES
# .ad
# .fi
# This section describes how the table lookups change when the table
# is given in the form of regular expressions. For a description of
# regular expression lookup table syntax, see \fBregexp_table\fR(5)
# or \fBpcre_table\fR(5).
#
# Patterns become regular expressions that are applied to the entire
# string being looked up. Depending on the application, that string
# is an entire client hostname, an entire client IP address, or an
# entire mail address.
#
# In contrast to the normal lookups from indexed files, no parent
# domain or network search is done, and \fIuser@domain\fR mail
# addresses are not broken up into their \fIuser@\fR and \fIdomain\fR
# constituent parts.
#
# Actions are the same as with normal indexed file lookups, with
# the additional feature that parenthesized substrings from the
# pattern can be interpolated as \fB$1\fR, \fB$2\fR and so on.
# BUGS
# The table format does not understand quoting conventions.
# SEE ALSO
# postmap(1) create mapping table
# smtpd(8) smtp server
# pcre_table(5) format of PCRE tables
# regexp_table(5) format of POSIX regexp tables
# LICENSE
# .ad
# .fi

5
postfix/conf/main.cf
View File

@ -125,7 +125,10 @@ mail_owner = postfix
# Beware: if the Postfix SMTP server runs chrooted, you may have to
# copy the passwd database into the jail. This is system dependent.
#
#local_recipient_maps = $alias_maps unix:passwd.byname
# FOR THIS TO WORK, DO NOT SPECIFY VIRTUAL DOMAINS IN MYDESTINATION.
# MYDESTINATION MUST LIST NON-VIRTUAL DOMAINS ONLY.
#
#local_recipient_maps = $relocated_maps $alias_maps unix:passwd.byname
# ADDRESS REWRITING
#

4
postfix/global/mail_params.h
View File

@ -576,6 +576,10 @@ extern int var_smtp_quit_tmout;
#define DEF_SMTP_SKIP_4XX 0
extern bool var_smtp_skip_4xx_greeting;
#define VAR_SMTP_SKIP_5XX "smtp_skip_5xx_greeting"
#define DEF_SMTP_SKIP_5XX 0
extern bool var_smtp_skip_5xx_greeting;
#define VAR_IGN_MX_LOOKUP_ERR "ignore_mx_lookup_error"
#define DEF_IGN_MX_LOOKUP_ERR 0
extern bool var_ign_mx_lookup_err;

2
postfix/global/mail_version.h
View File

@ -15,7 +15,7 @@
* Version of this program.
*/
#define VAR_MAIL_VERSION "mail_version"
#define DEF_MAIL_VERSION "Postfix-19991231"
#define DEF_MAIL_VERSION "Snapshot-20000104"
extern char *var_mail_version;
/* LICENSE

467
postfix/html/faq.html
View File

@ -28,9 +28,9 @@
<li><a href="#relaying">Mail relaying</a>
<li><a href="#remote_delivery">Delivery to remote systems</a>
<li><a href="#remote_delivery">Remote delivery</a>
<li><a href="#local_delivery">Delivery to local (non-virtual) addresses</a>
<li><a href="#local_delivery">Local (non-virtual) delivery</a>
<li><a href="#mailing_lists">Mailing lists</a>
@ -87,6 +87,8 @@ distribution list</a>
<li><a href="#majordomo-approve">Postfix breaks the majordomo "approve" command</a>
<li><a href="#skip_greeting">Postfix does not try all the MX addresses</a>
</ul>
<a name="relaying"><h3>Mail relaying</h3>
@ -97,22 +99,24 @@ distribution list</a>
<li><a href="#mobile">Relaying mail for mobile users</a>
<li><a href="#relay_virtual">Postfix refuses to receive mail for some
virtual domains</a>
<li><a href="#virtual_setup">Postfix refuses mail for virtual
domains with "relay access denied"</a>
<li><a href="#relay_restrict">Restricting what users can send mail to off-site destinations</a>
</ul>
<a name="remote_delivery"><h3>Delivery to remote systems</h3>
<a name="remote_delivery"><h3>Remote delivery</h3>
<ul>
<li><a href="#timeouts">Mail fails consistently with timeout or lost connection</a>
<li><a href="#skip_greeting">Postfix does not try all the MX addresses</a>
</ul>
<a name="local_delivery"><h3>Delivery to local (non-virtual) addresses</h3>
<a name="local_delivery"><h3>Local (non-virtual) delivery</h3>
<ul>
@ -155,12 +159,24 @@ distribution list</a>
<ul>
<li><a href="#virtual_setup">How to configure a Postfix virtual domain</a>
<li><a href="#virtual_setup">Postfix does not refuse mail for
unknown virtual users</a>
<li><a href="#virtual_setup">Mail for unknown virtual users fails
with "mail loops back to myself"</a>
<li><a href="#virtual_setup">Postfix refuses mail for virtual
domains with "user unknown"</a>
<li><a href="#virtual_setup">Postfix refuses mail for virtual
domains with "relay access denied"</a>
<li><a href="#command">Commands don't work in Postfix virtual maps</a>
<li><a href="#unknown_virtual">Rejecting mail for unknown virtual users</a>
<li><a href="#relay_virtual">Postfix refuses to receive mail for some
virtual domains</a>
<li><a href="#domain_mailbox">Receiving a virtual domain in a
mailbox</a>
</ul>
@ -200,7 +216,7 @@ virtual domains</a>
<li><a href="#dbm_dirfno">Undefined symbols: dbm_pagfno, dbm_dirfno etc.</a>
<li><a href="#db">Using DB libraries on Solaris etc.</a>
<li><a href="#db">Using third-party DB libraries</a>
</ul>
@ -234,7 +250,7 @@ needs tweaking only if you have a very slow or a very fast net/machine.
Workstation:
<pre>
<b>/etc/postfix/main.cf</b>:
/etc/postfix/main.cf:
myorigin = $mydomain
</pre>
@ -242,7 +258,7 @@ Workstation:
Server:
<pre>
<b>/etc/postfix/main.cf</b>:
/etc/postfix/main.cf:
myorigin = $mydomain
mydestination = $myhostname, localhost.$mydomain, $mydomain
</pre>
@ -259,7 +275,7 @@ workstation:
Server:
<pre>
<b>/etc/aliases</b>:
/etc/aliases:
joe: joe@joes.workstation
jane: jane@janes.workstation
</pre>
@ -287,11 +303,11 @@ domain.
<p>
<pre>
<b>/etc/postfix/main.cf</b>:
/etc/postfix/main.cf:
myorigin = $mydomain
relayhost = $mydomain
<b>/etc/postfix/master.cf</b>:
/etc/postfix/master.cf:
Comment out the SMTP server entry
Comment out the local delivery agent entry
</pre>
@ -318,7 +334,7 @@ to let that mail gateway take care of forwarding.
because it allows users to change machines without hassle.
<pre>
<b>/etc/postfix/main.cf</b>:
/etc/postfix/main.cf:
myorigin = $mydomain
</pre>
@ -330,7 +346,7 @@ for mail for the local machine:
<p>
<pre>
<b>/etc/postfix/main.cf</b>:
/etc/postfix/main.cf:
relayhost = $mydomain
</pre>
@ -347,7 +363,7 @@ specify the intranet mail gateway host itself:
<p>
<pre>
<b>/etc/postfix/main.cf</b>:
/etc/postfix/main.cf:
relayhost = host.my.domain
</pre>
@ -359,7 +375,7 @@ DNS lookups as well:
<p>
<pre>
<b>/etc/postfix/main.cf</b>:
/etc/postfix/main.cf:
disable_dns_lookups = yes
</pre>
@ -378,13 +394,13 @@ href="transport.5.html">transport</a> table lookups.
<p>
<pre>
<b>/etc/postfix/transport</b>:
/etc/postfix/transport:
my.domain smtp:
.my.domain smtp:
thishost.my.domain local: <blink>!important!</blink>
localhost.my.domain local: <blink>!important!</blink>
thishost.my.domain local: !!!important!!!
localhost.my.domain local: !!!important!!!
<b>/etc/postfix/main.cf</b>:
/etc/postfix/main.cf:
transport_maps = hash:/etc/postfix/transport
</pre>
@ -395,8 +411,9 @@ else mail will bounce with a "mail loops to myself" condition.
<p>
Specify <b>dbm:/etc/postfix/transport</b> if your system
uses <b>dbm</b> files instead of <b>db</b>.
Specify <b>dbm:/etc/postfix/transport</b> if your system uses
<b>dbm</b> files instead of <b>db</b>. To find out what map types
Postfix supports, use the command <b>postconf -m</b>.
<p>
@ -438,23 +455,24 @@ route mail for <i>my.domain</i> to the inside machine:
<p>
<pre>
<b>/etc/postfix/main.cf</b>:
/etc/postfix/main.cf:
mydestination = $myhostname, my.domain, localhost.my.domain
relay_domains =
transport_maps = hash:/etc/postfix/transport
<b>/etc/postfix/transport</b>:
/etc/postfix/transport:
my.domain smtp:inside-gateway.my.domain (forwards user@domain)
.my.domain smtp:inside-gateway.my.domain (forwards user@firewall)
<b>/etc/postfix/master.cf</b>:
/etc/postfix/master.cf:
Comment out the local delivery agent
</pre>
<p>
Specify <b>dbm:/etc/postfix/transport</b> if your system uses <b>dbm</b>
files instead of <b>db</b>.
Specify <b>dbm:/etc/postfix/transport</b> if your system uses
<b>dbm</b> files instead of <b>db</b>. To find out what map types
Postfix supports, use the command <b>postconf -m</b>.
<p>
@ -498,7 +516,7 @@ that is connected all the time.
<p>
<pre>
<b>/etc/postfix/main.cf:</b>
/etc/postfix/main.cf:
relayhost = smtprelay.someprovider.com
</pre>
@ -518,7 +536,7 @@ calls from being placed, disable spontaneous SMTP mail deliveries.
<p>
<pre>
<b>/etc/postfix/main.cf:</b>
/etc/postfix/main.cf:
defer_transports = smtp (Only for systems that use on-demand dialup IP)
</pre>
@ -537,7 +555,7 @@ To prevent these delays, disable all SMTP client DNS lookups.
<p>
<pre>
<b>/etc/postfix/main.cf</b>:
/etc/postfix/main.cf:
disable_dns_lookups = yes (Only for delivery across LANs that are disconnected most of the time)
</pre>
@ -644,7 +662,7 @@ four hours, specify:
<p>
<pre>
<b>/etc/postfix/main.cf</b>
/etc/postfix/main.cf:
delay_warning_time = 4
</pre>
@ -731,6 +749,8 @@ mail for arbitrary non-local destinations:
<p>
Don't Panic! Upgrade to a Postfix version of 19991227 or later.
To find out what Postfix version you have, execute the command
<b>postconf mail_version</b>.
<p>
@ -816,12 +836,12 @@ ahead of the other SMTPD recipient restrictions:
<p>
<pre>
<b>/etc/postfix/main.cf</b>:
/etc/postfix/main.cf:
smtpd_recipient_restrictions =
regexp:/etc/postfix/regexp_access
<i>...other restrictions...</i>
...other restrictions...
<b>/etc/postfix/regexp_access</b>:
/etc/postfix/regexp_access:
/[%!@].*[%!@]/ 550 Sender specified routing is not supported here.
</pre>
@ -858,13 +878,13 @@ a Postfix-compatible access table with client IP address information:
<p>
<pre>
<b>/etc/postfix/main.cf</b>:
/etc/postfix/main.cf:
smtpd_recipient_restrictions =
permit_mynetworks
check_client_access hash:/etc/postfix/client_access
check_relay_domains
<b>/etc/postfix/client_access</b>:
/etc/postfix/client_access:
4.3.2.1 OK
5.4.3.2 987654321
</pre>
@ -872,7 +892,8 @@ a Postfix-compatible access table with client IP address information:
<p>
Specify <B>dbm</b> instead of <b>hash</b> if your system uses
<b>dbm</b> files instead of <b>db</b> files.
<b>dbm</b> files instead of <b>db</b> files. To find out what map
types Postfix supports, use the command <b>postconf -m</b>.
<p>
@ -893,18 +914,18 @@ spammer ever finds out the address of your users.
<p>
<pre>
<b>/etc/postfix/main.cf</b>:
/etc/postfix/main.cf:
smtpd_recipient_restrictions =
permit_mynetworks
check_client_access hash:/etc/postfix/client_access
check_sender_access hash:/etc/postfix/sender_access
check_relay_domains
<b>/etc/postfix/client_access</b>:
/etc/postfix/client_access:
11.22.33 OK
dialup.isp.com OK
<b>/etc/postfix/sender_access</b>:
/etc/postfix/sender_access:
joe@my.domain OK
blow@my.domain OK
</pre>
@ -955,7 +976,7 @@ LDAP or SQL.
<p>
<pre>
<b>/etc/postfix/main.cf</b>:
/etc/postfix/main.cf:
smtpd_recipient_restrictions =
hash:/etc/postfix/restricted_senders
...other stuff...
@ -963,11 +984,11 @@ LDAP or SQL.
restriction_classes = local_only
local_only = check_recipient_access hash:/etc/postfix/local_domains, reject
<b>/etc/postfix/restricted_senders</b>:
/etc/postfix/restricted_senders:
foo@domain local_only
bar@domain local_only
<b>/etc/postfix/local_domains</b>:
/etc/postfix/local_domains:
this.domain OK (matches this.domain and subdomains)
that.domain OK (matches that.domain and subdomains)
</pre>
@ -975,7 +996,8 @@ LDAP or SQL.
<p>
Specify <B>dbm</b> instead of <b>hash</b> if your system uses
<b>dbm</b> files instead of <b>db</b> files.
<b>dbm</b> files instead of <b>db</b> files. To find out what map
types Postfix supports, use the command <b>postconf -m</b>.
<p>
@ -1077,6 +1099,66 @@ and convince the person responsible for it to fix the configuration.
<hr>
<a name="skip_greeting"><h3>Postfix does not try all the MX
addresses</h3>
When delivering mail, Postfix tries all MX addresses in order of
preference, and stops at the first server that speaks SMTP.
<p>
If the first server that speaks SMTP rejects the connection by
greeting the client with a 5xx status code, which means "I will
never accept your mail", Postfix gives up and bounces the message
to the sender.
<p>
If the first server that speaks SMTP rejects the connection by
greeting the client with a 4xx status code, which means "come back
later", Postfix backs off and defers delivery until later.
<p>
Some people will argue that Postfix should contact the other MX
addresses even when the server greets with 4xx or 5xx, if only
because that is what Sendmail does, and of course we know that
everything Sendmail does is right.
<p>
Unfortunately, some people configure their infrastructure badly.
Their most preferred MX server is visible to the world but it
rejects connections from outside with a 5xx or 4xx greeting. Just
because Sendmail goes to the second-best MX server, these people
assume that every mailer will do so.
<p>
If such configurations are a problem for you, below are some controls
that work around them.
<p>
<pre>
/etc/postfix/main.cf:
smtp_skip_4xx_greeting = yes
smtp_skip_5xx_greeting = yes
</pre>
<p>
The <b>smtp_skip_5xx_greeting</b> is present in Postfix releases
later than 20000104. To find out what Postfix version you have,
use the command <b>postconf mail_version</b>.
<p>
Execute the command <b>postfix reload</b> to make the change
effective immediately.
<hr>
<a name="root"> <h3>Root's mail is delivered to nobody</h3>
If you use <a href="#procmail">procmail</a> (or some other command)
@ -1101,7 +1183,7 @@ real user.
<p>
<pre>
<b>/etc/aliases:</b>
/etc/aliases:
root: you
</pre>
@ -1122,12 +1204,17 @@ To find out the location for your system, execute the command
<a name="bogus"><h3>Postfix accepts mail for non-existing local users</h3>
The information in this section applies to Postfix versions 19991216
and later. See elsewhere for <a href="#unknown_virtual">unknown
See elsewhere for how to reject mail for <a href="#virtual_setup">unknown
virtual</a> users.
<p>
The information in this section applies to Postfix versions 19991216
and later. To find out what Postfix version you have, execute the
command <b>postconf mail_version</b>.
<p>
By default, the Postfix SMTP server does not know what local users
exist, and will happily accept mail for <i>unknown@your.site</i>.
The reason is that different local delivery agents have different
@ -1139,27 +1226,31 @@ Of course mail for a non-existent local user will eventually bounce
as undeliverable, but why accept such mail in the first place? You
can tell the Postfix SMTP server how to find out if a user exists by
listing all tables with local addresses in the <b>local_recipient_maps</b>
parameter:
parameter.
<p>
For example, if you use the default Postfix local delivery agent
in <b>/etc/postfix/master.cf</b>, specify:
<p>
<pre>
<b>/etc/postfix/main.cf</b>:
local_recipient_maps = $alias_maps, unix:passwd.byname
/etc/postfix/main.cf:
local_recipient_maps = $relocated_maps $alias_maps, unix:passwd.byname
</pre>
<p>
The above should work on UNIX systems, provided that you use the
Postfix local delivery agent. However, if you run the Postfix SMTP
server chrooted, on some systems it will be necessary to have a
copy of the passwd file inside the chroot jail (typically: in
<b>/var/spool/postfix/etc</b>).
However, if you run the Postfix SMTP server chrooted, on some
systems it will be necessary to have a copy of the passwd file
inside the chroot jail (typically: in <b>/var/spool/postfix/etc</b>).
The only way to find out is to try.
<p>
By default, the Postfix SMTP server does know about Postfix <a
href="virtual.5.html">virtual</a> maps, and will reject mail for
href="#virtual_setup">virtual</a> maps, and will reject mail for
<i>unknown@virtual.domain</i> without further configuration.
<hr>
@ -1175,7 +1266,7 @@ domain is to be appended to addresses that do not have a domain:
<p>
<pre>
<b>/etc/postfix/main.cf</b>:
/etc/postfix/main.cf:
myorigin = domain.name
</pre>
@ -1188,10 +1279,10 @@ destinations:
<p>
<pre>
<b>/etc/postfix/main.cf</b>:
/etc/postfix/main.cf:
virtual_maps = hash:/etc/postfix/virtual
<b>/etc/postfix/virtual</b>:
/etc/postfix/virtual:
root root@localhost
postmaster postmaster@localhost
</pre>
@ -1199,7 +1290,8 @@ destinations:
<p>
Specify <B>dbm</b> instead of <b>hash</b> if your system uses
<b>dbm</b> files instead of <b>db</b> files.
<b>dbm</b> files instead of <b>db</b> files. To find out what map
types Postfix supports, use the command <b>postconf -m</b>.
<p>
@ -1225,7 +1317,7 @@ for example:
<p>
<pre>
<b>/etc/postfix/main.cf</b>:
/etc/postfix/main.cf:
home_mailbox = Maildir/
</pre>
@ -1259,10 +1351,10 @@ For example:
<p>
<pre>
<b>/etc/postfix/main.cf</b>:
/etc/postfix/main.cf:
mailbox_command = /path/to/procmail
<b>/etc/postfix/main.cf</b>:
/etc/postfix/main.cf:
mailbox_command = /path/to/procmail -a $EXTENSION
</pre>
@ -1351,29 +1443,16 @@ expression-based filter at the SMTP port:
<p>
<dl>
<pre>
/etc/postfix/main.cf:
smtpd_recipient_restrictions =
... regexp:/etc/postfix/access_regexp ...
smtpd_recipient_restrictions =
... pcre:/etc/postfix/access_regexp ...
<dt><b>/etc/postfix/main.cf:</b>
<dl>
<dt><tt>smtpd_recipient_restrictions = ... regexp:/etc/postfix/access_regexp ...</tt>
<dt><tt>smtpd_recipient_restrictions = ... pcre:/etc/postfix/access_regexp ...</tt>
</dl>
<p>
<dt><b>/etc/postfix/access_regexp:</b>
<dl>
<dt><tt>/^(.*)-outgoing@(.*)/ 554 Use $1@$2 instead</tt>
</dl>
</dl>
/etc/postfix/access_regexp:
/^(.*)-outgoing@(.*)/ 554 Use $1@$2 instead
</pre>
<p>
@ -1418,11 +1497,10 @@ script to strip any header lines that match:
<p>
<dl>
<pre>
/delivered-to/i
<dd><b>/delivered-to/i</b>
</dl>
</pre>
<p>
@ -1456,19 +1534,20 @@ to IP spoofing.
<p>
<pre>
<b>/etc/postfix/main.cf</b>:
/etc/postfix/main.cf:
smtpd_recipient_restrictions =
hash:/etc/postfix/access
..the usual stuff...
<b>/etc/postfix/access</b>:
/etc/postfix/access:
all permit_mynetworks,reject
</pre>
<p>
Specify <B>dbm</b> instead of <b>hash</b> if your system uses
<b>dbm</b> files instead of <b>db</b> files.
<b>dbm</b> files instead of <b>db</b> files. To find out what map
types Postfix supports, use the command <b>postconf -m</b>.
<p>
@ -1492,7 +1571,7 @@ therefore is subject to SMTP sender spoofing.
<p>
<pre>
<b>/etc/postfix/main.cf</b>:
/etc/postfix/main.cf:
smtpd_recipient_restrictions =
hash:/etc/postfix/protected_destinations
..the usual stuff...
@ -1500,11 +1579,11 @@ therefore is subject to SMTP sender spoofing.
smtpd_restriction_classes = insiders_only
insiders_only = check_sender_access hash:/etc/postfix/insiders, reject
<b>/etc/postfix/protected_destinations</b>:
/etc/postfix/protected_destinations:
all@my.domain insiders_only
all@my.hostname insiders_only
<b>/etc/postfix/insiders</b>:
/etc/postfix/insiders:
my.domain OK
another.domain OK
</pre>
@ -1527,6 +1606,67 @@ sense to make it moderated.
<hr>
<a name="virtual_setup"><h3>How to configure a Postfix virtual domain</h3>
Problem:
<p>
<ul>
<li>Postfix does not refuse mail for unknown virtual users.
<li>Mail for unknown virtual users fails with "mail loops back to
myself".
<li>Postfix refuses mail for virtual domains with "user unknown".
<li>Postfix refuses mail for virtual domains with "relay access
denied".
</ul>
<p>
Solution:
<p>
<ul>
<li> Add a magical entry to the Postfix virtual maps for
each Postfix virtual domain:
<p>
<pre>
/etc/postfix/virtual:
virtual.domain whatever
</pre>
<p>
<li> Do not list Postfix virtual domains in the <a
href="basic.html#mydestination">mydestination</a> parameter.
<li> Do not list Postfix virtual maps in the <b>local_recipient_maps</b>
parameter.
<li>As of Postfix version 19991226 it is no longer necessary to
specify virtual maps in the <a
href="uce.html#relay_domains">relay_domains</a> parameter. To find
out what Postfix version you have, execute the command <b>postconf
mail_version</b>.
</ul>
<p>
For more information on how to set up virtual domains, see the <a
href="virtual.5.html">virtual</a> manual page.
<hr>
<a name="command"><h3>Commands don't work in Postfix virtual maps</h3>
Delivering mail to a command is a security-sensitive operation,
@ -1556,7 +1696,7 @@ privileges.
<p>
<pre>
<b>/etc/aliases</b>:
/etc/aliases:
name-virtual.domain "|/some/where/command..."
</pre>
@ -1572,7 +1712,7 @@ alias database.
<p>
<pre>
<b>/etc/postfix/virtual</b>:
/etc/postfix/virtual:
virtual.domain whatever
name@virtual.domain name-virtual.domain
</pre>
@ -1593,67 +1733,69 @@ To find out the location for your system, execute the command
<hr>
<a name="unknown_virtual"><h3>Rejecting mail for unknown virtual users</h3>
<a name="domain_mailbox"><h3>Receiving a virtual domain in a mailbox</h3>
Problem: mail for an unknown virtual user is misdelivered to a local
user with the same name.
Question: how to receive all mail for a domain in a mailbox without
losing the original recipient information? The Postfix Delivered-To:
mail header shows only the mailbox owner, not the virtual address
that the mail was sent to.
<p>
Problem: mail for an unknown virtual user results in an ugly "mail
loops back to myself" error from Postfix.
Answer: I hope we all agree that delivering a domain to a mailbox
is disgusting practice. Forwarding mail via SMTP or UUCP would be
a much better choice. Unfortunately, neither SMTP nor UUCP are a
usable alternative for legions of windows users.
<p>
Solution: add a magical entry to the Postfix virtual database:
That said, it is possible to propagate the original virtual recipient
information to the Delivered-To: header. The trick is to use a
virtual map that uses regular expressions instead of the more
traditional indexed files.
<p>
The following delivers <i>username@virtual.domain</i> with a
Delivered-To: message header that contains <i>joe+username@your.domain</i>.
Postfix already puts the envelope sender address in the Return-Path:
header. The information in the Delivered-To: and Return-Path:
headers is sufficient to reliably implement a domain in a mailbox.
<p>
<pre>
<b>/etc/postfix/virtual</b>:
virtual.domain whatever
/etc/postfix/main.cf:
recipient_delimiter = +
virtual_maps =
...non-regexp virtual maps...
regexp:/etc/postfix/virtual_regexp
/etc/postfix/virtual_regexp:
/^virtual\.domain$/ whatever
/^(.*\)@virtual\.domain$/ joe+$1
</pre>
<p>
This entry will also fix the problem that the Postfix SMTP server
refuses to <a href="#relay_virtual">receive</a> mail for the virtual
domain.
<p>
For more information on how to set up virtual domains, see the <a
href="virtual.5.html">virtual</a> manual page.
<hr>
<a name="relay_virtual"><h3>Postfix refuses to receive mail for some
virtual domains </h3>
In order to receive mail for virtual domains, the Postfix SMTP server
needs to know that the domain is OK.
<p>
Notes:
<ul>
<li>Create an entry in the virtual map that lists the virtual
domain name:
<li> Be sure to specify the <b>^</b> and <b>\</b> and <b>$</b> or
else you may have false hits.
<p>
<li> Maps with regular expressions are searched sequentially. This
can be expensive when you list many domains in regular expression
maps.
<pre>
<b>/etc/postfix/virtual</b>:
virtual.domain whatever
</pre>
<li> Postfix has <b>regexp </b> map support only on modern UNIXes.
Instead of <b>regexp </b> maps your Postfix system may also support
<b>pcre</b> maps which have a similar syntax. To find out what maps
your system supports, use the command <b>postconf -m</b>.
</ul>
<p>
For more details, see the <a href="virtual.5.html">virtual</a>
manual page.
<hr>
<a name="masquerade"><h3>Address masquerading with exceptions</h3></a>
@ -1675,7 +1817,7 @@ coming from <i>user@my.domain</i>, specify:
<p>
<pre>
<b>/etc/postfix/main.cf</b>:
/etc/postfix/main.cf:
masquerade_domains = $mydomain
</pre>
@ -1702,7 +1844,7 @@ such as <b>root</b>, specify:
<p>
<pre>
<b>/etc/postfix/main.cf</b>:
/etc/postfix/main.cf:
masquerade_exceptions = root
</pre>
@ -1714,7 +1856,7 @@ such as <b>root</b>, specify:
<p>
<pre>
<b>/etc/postfix/main.cf</b>:
/etc/postfix/main.cf:
masquerade_domains = somehost.my.domain otherhost.my.domain $mydomain
</pre>
@ -1760,7 +1902,7 @@ Examples:
<p>
<pre>
<b>/etc/postfix/main.cf</b>:
/etc/postfix/main.cf:
mailbox_command = /some/program ...
</pre>
@ -1768,14 +1910,14 @@ Examples:
This example specifies a command that delivers all local mail to
mailbox. See the sample <b>main.cf</b> file for examples. In
<b>/etc/aliases</i>, you must specify an alias for <b>root</b> that
<b>/etc/aliases</b>, you must specify an alias for <b>root</b> that
directs mail to a real person, otherwise mail sent to <b>root</b>
will not work as expected.
<p>
<pre>
<b>/etc/postfix/main.cf</b>:
/etc/postfix/main.cf:
mailbox_transport = foo
</pre>
@ -1801,7 +1943,7 @@ host.
<li>You need an <b>rmail</b> program that extracts the sender
address from mail that arrives via UUCP, and that feeds the mail
into the Postfix <b>sendmail<b> command. Most UNIX systems come
into the Postfix <b>sendmail</b> command. Most UNIX systems come
with an <b>rmail</b> utility. If you're in a pinch, try the one
bundled with the Postfix source code in the <b>auxiliary</b>
directory. Some day Postfix may have its own <b>rmail</b> command.
@ -1814,7 +1956,7 @@ be delivered via UUCP, for example, to a host named <i>uucp-host</i>:
<p>
<pre>
<b>/etc/postfix/transport</b>:
/etc/postfix/transport:
some.domain uucp:uucp-host
.some.domain uucp:uucp-host
</pre>
@ -1836,21 +1978,22 @@ you change the <b>transport</b> file.
<p>
<pre>
<b>/etc/postfix/main.cf</b>:
/etc/postfix/main.cf:
transport_maps = hash:/etc/postfix/transport
</pre>
<p>
Specify <B>dbm</b> instead of <b>hash</b> if your system uses
<b>dbm</b> files instead of <b>db</b> files.
<b>dbm</b> files instead of <b>db</b> files. To find out what map
types Postfix supports, use the command <b>postconf -m</b>.
<p>
<li>Define a mail transport for delivery via UUCP:
<pre>
<b>/etc/postfix/master.cf</b>:
/etc/postfix/master.cf:
uucp unix - n n - - pipe
flags=F user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
</pre>
@ -1870,7 +2013,7 @@ is willing to relay mail for.
<p>
<pre>
<b>/etc/postfix/main.cf</b>:
/etc/postfix/main.cf:
relay_domains = some.domain $mydestination ...
</pre>
@ -1908,7 +2051,7 @@ mail transport to your UUCP gateway host, say, <i>uucp-gateway</i>:
<p>
<pre>
<b>/etc/postfix/main.cf</b>:
/etc/postfix/main.cf:
relayhost = uucp-gateway
default_transport = uucp
</pre>
@ -1920,7 +2063,7 @@ mail transport to your UUCP gateway host, say, <i>uucp-gateway</i>:
<p>
<pre>
<b>/etc/postfix/master.cf</b>:
/etc/postfix/master.cf:
uucp unix - n n - - pipe
flags=F user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
</pre>
@ -1953,21 +2096,22 @@ HylaFax. Here's the setup used:
<p>
<pre>
<b>/etc/postfix/master.cf</b>:
/etc/postfix/master.cf:
fax unix - n n - - pipe
flags= user=fax argv=/usr/bin/faxmail -d -n ${user}
<b>/etc/postfix/transport</b>:
/etc/postfix/transport:
fax.your.domain fax:localhost
<b>/etc/postfix/main.cf</b>:
/etc/postfix/main.cf:
transport_maps = hash:/etc/postfix/transport
</pre>
<p>
Specify <B>dbm</b> instead of <b>hash</b> if your system uses
<b>dbm</b> files instead of <b>db</b> files.
<b>dbm</b> files instead of <b>db</b> files. To find out what map
types Postfix supports, use the command <b>postconf -m</b>.
<p>
@ -2031,7 +2175,7 @@ Fix: get rid of the third-party ndbm.h include file.
<hr>
<a name="db"><h3>Using DB libraries on Solaris etc.</h3> </a>
<a name="db"><h3>Using third-party DB libraries</h3> </a>
The old <b>dbm</b> UNIX database has severe limitations when you
try to store lots of information. It breaks when the number of hash
@ -2049,9 +2193,10 @@ version</a> which has a db-1.85 compatible interface.
<p>
Use the following commands in the Postfix top-level directory.
The LD_LIBRARY_PATH unset commands may be required to avoid linking
in the wrong libraries.
To build with a third-party DB library, use the following commands
in the Postfix top-level directory.
On Solaris, the LD_LIBRARY_PATH unset commands may be required to
avoid linking in the wrong libraries.
<p>

10
postfix/makedefs
View File

@ -51,6 +51,11 @@ ARFL=rv
SYSTEM=`(uname -s) 2>/dev/null`
RELEASE=`(uname -r) 2>/dev/null`
VERSION=`(uname -v) 2>/dev/null`
case "$VERSION" in
dcosx*) SYSTEM=$VERSION;;
esac
case "$SYSTEM.$RELEASE" in
UnixWare.5*) SYSTYPE=UW7
@ -195,6 +200,11 @@ ReliantUNIX-?.5.43) SYSTYPE=ReliantUnix543
: ${CC=cc}
AWK=gawk
;;
dcosx.1*) SYSTYPE=DCOSX1
RANLIB=echo
SYSLIBS="-lresolv -lsocket -lnsl -lc -lrpcsvc -L/usr/ucblib -lucb"
;;
".") if [ -d /NextApps ]; then
SYSTYPE=`hostinfo | sed -n \
's/^.*NeXT Mach 3.*$/NEXTSTEP3/;/NEXTSTEP3/{p;q;}'`

5
postfix/master/master_status.c
View File

@ -41,7 +41,6 @@
/* System libraries. */
#include <sys_defs.h>
#include <sys/socket.h>
#include <unistd.h>
/* Utility library. */
@ -155,10 +154,10 @@ void master_status_init(MASTER_SERV *serv)
/*
* Make the read end of this service's status pipe non-blocking so that
* we can detect partial writes on the child side. We use a socket pair,
* we can detect partial writes on the child side. We use a duplex pipe
* so that the child side becomes readable when the master goes away.
*/
if (socketpair(AF_UNIX, SOCK_STREAM, 0, serv->status_fd) < 0)
if (duplex_pipe(serv->status_fd) < 0)
msg_fatal("pipe: %m");
non_blocking(serv->status_fd[0], BLOCKING);
close_on_exec(serv->status_fd[0], CLOSE_ON_EXEC);

4
postfix/smtp/smtp.c
View File

@ -87,6 +87,8 @@
/* postmaster with transcripts of SMTP sessions with protocol errors.
/* .IP \fBsmtp_skip_4xx_greeting\fR
/* Skip servers that greet us with a 4xx status code.
/* .IP \fBsmtp_skip_5xx_greeting\fR
/* Skip servers that greet us with a 5xx status code.
/* .IP \fBsmtp_skip_quit_response\fR
/* Do not wait for the server response after sending QUIT.
/* .SH "Resource controls"
@ -199,6 +201,7 @@ char *var_debug_peer_list;
int var_debug_peer_level;
char *var_notify_classes;
int var_smtp_skip_4xx_greeting;
int var_smtp_skip_5xx_greeting;
int var_ign_mx_lookup_err;
int var_skip_quit_resp;
char *var_fallback_relay;
@ -350,6 +353,7 @@ int main(int argc, char **argv)
};
static CONFIG_BOOL_TABLE bool_table[] = {
VAR_SMTP_SKIP_4XX, DEF_SMTP_SKIP_4XX, &var_smtp_skip_4xx_greeting,
VAR_SMTP_SKIP_5XX, DEF_SMTP_SKIP_5XX, &var_smtp_skip_5xx_greeting,
VAR_IGN_MX_LOOKUP_ERR, DEF_IGN_MX_LOOKUP_ERR, &var_ign_mx_lookup_err,
VAR_SKIP_QUIT_RESP, DEF_SKIP_QUIT_RESP, &var_skip_quit_resp,
0,

11
postfix/smtp/smtp_connect.c
View File

@ -227,6 +227,17 @@ static SMTP_SESSION *smtp_connect_addr(DNS_RR *addr, unsigned port,
vstream_fclose(stream);
return (0);
}
/*
* Skip this host if it sends a 5xx greeting.
*/
if (ch == '5' && var_smtp_skip_5xx_greeting) {
vstring_sprintf(why, "connect to %s[%s]: server refused mail service",
addr->name, inet_ntoa(sin.sin_addr));
smtp_errno = SMTP_RETRY;
vstream_fclose(stream);
return (0);
}
vstream_ungetc(stream, ch);
return (smtp_session_alloc(stream, addr->name, inet_ntoa(sin.sin_addr)));
}

17
postfix/smtpd/smtpd_check.c
View File

@ -811,6 +811,7 @@ static int permit_auth_destination(char *recipient)
*/
canon_addr_internal(query, recipient);
resolve_clnt_query(STR(query), &reply);
lowercase(STR(reply.recipient));
/*
* Handle special case that is not supposed to happen.
@ -947,6 +948,7 @@ static int permit_mx_backup(SMTPD_STATE *unused_state, const char *recipient)
*/
canon_addr_internal(query, recipient);
resolve_clnt_query(STR(query), &reply);
lowercase(STR(reply.recipient));
/*
* If the destination is local, it is acceptable, because we are
@ -1088,6 +1090,7 @@ static int reject_unknown_address(SMTPD_STATE *state, char *addr,
*/
canon_addr_internal(query, addr);
resolve_clnt_query(STR(query), &reply);
lowercase(STR(reply.recipient));
/*
* Skip local destinations and non-DNS forms.
@ -1369,6 +1372,7 @@ static int check_mail_access(SMTPD_STATE *state, char *table, char *addr,
*/
canon_addr_internal(query, addr);
resolve_clnt_query(STR(query), &reply);
lowercase(STR(reply.recipient));
/*
* Garbage in, garbage out. Every address from canon_addr_internal() and
@ -1929,6 +1933,7 @@ char *smtpd_check_rcptmap(SMTPD_STATE *state, char *recipient)
*/
canon_addr_internal(query, recipient);
resolve_clnt_query(STR(query), &reply);
lowercase(STR(reply.recipient));
/*
* Skip non-DNS forms. Skip non-local numerical forms.
@ -1949,6 +1954,18 @@ char *smtpd_check_rcptmap(SMTPD_STATE *state, char *recipient)
#define NOP ((char **) 0)
if (resolve_local(domain)) {
if (*var_virtual_maps
&& maps_find(virtual_maps, domain, 0)) {
msg_warn("virtual domain \"%s\" is listed in $mydestination",
domain);
msg_warn("the $local_recipient_maps feature requires that no");
msg_warn("virtual domains are listed in $mydestination");
msg_warn("be sure to specify the required \"%s whatever\"",
domain);
msg_warn("entry in the virtual map, as explained in the man");
msg_warn("page and in the FAQ entry for virtual domains");
SMTPD_CHECK_RCPT_RETURN(0);
}
if (*var_local_rcpt_maps
&& !mail_addr_find(rcpt_canon_maps, STR(reply.recipient), NOP)
&& !mail_addr_find(canonical_maps, STR(reply.recipient), NOP)

8
postfix/util/Makefile.in
View File

@ -20,7 +20,7 @@ SRCS = argv.c argv_split.c attr.c basename.c binhash.c chroot_uid.c \
vstream.c vstream_popen.c vstring.c vstring_vstream.c writable.c \
write_buf.c write_wait.c dict_unix.c dict_pcre.c stream_listen.c \
stream_connect.c stream_trigger.c dict_regexp.c mac_expand.c \
clean_env.c watchdog.c spawn_command.c
clean_env.c watchdog.c spawn_command.c duplex_pipe.c
OBJS = argv.o argv_split.o attr.o basename.o binhash.o chroot_uid.o \
close_on_exec.o concatenate.o dict.o dict_db.o dict_dbm.o \
dict_env.o dict_ht.o dict_ldap.o dict_mysql.o dict_ni.o dict_nis.o \
@ -42,7 +42,7 @@ OBJS = argv.o argv_split.o attr.o basename.o binhash.o chroot_uid.o \
vstream.o vstream_popen.o vstring.o vstring_vstream.o writable.o \
write_buf.o write_wait.o dict_unix.o dict_pcre.o stream_listen.o \
stream_connect.o stream_trigger.o dict_regexp.o mac_expand.o \
clean_env.o watchdog.o spawn_command.o
clean_env.o watchdog.o spawn_command.o duplex_pipe.o
HDRS = argv.h attr.h binhash.h chroot_uid.h connect.h dict.h dict_db.h \
dict_dbm.h dict_env.h dict_ht.h dict_ldap.h dict_mysql.h \
dict_ni.h dict_nis.h dict_nisplus.h dir_forest.h events.h \
@ -439,6 +439,9 @@ doze.o: doze.c
doze.o: sys_defs.h
doze.o: msg.h
doze.o: iostuff.h
duplex_pipe.o: duplex_pipe.c
duplex_pipe.o: sys_defs.h
duplex_pipe.o: iostuff.h
environ.o: environ.c
environ.o: sys_defs.h
events.o: events.c
@ -863,6 +866,7 @@ vstream_popen.o: vbuf.h
vstream_popen.o: argv.h
vstream_popen.o: set_ugid.h
vstream_popen.o: clean_env.h
vstream_popen.o: iostuff.h
vstring.o: vstring.c
vstring.o: sys_defs.h
vstring.o: mymalloc.h

47
postfix/util/duplex_pipe.c Normal file
View File

@ -0,0 +1,47 @@
/*++
/* NAME
/* duplex_pipe 3
/* SUMMARY
/* local IPD
/* SYNOPSIS
/* #include <iostuff.h>
/*
/* int duplex_pipe(fds)
/* int *fds;
/* DESCRIPTION
/* duplex_pipe() uses whatever local primitive it takes
/* to get a two-way I/O channel.
/* DIAGNOSTICS
/* A null result means success. In case of error, the result
/* is -1 and errno is set to the appropriate number.
/* LICENSE
/* .ad
/* .fi
/* The Secure Mailer license must be distributed with this software.
/* AUTHOR(S)
/* Wietse Venema
/* IBM T.J. Watson Research
/* P.O. Box 704
/* Yorktown Heights, NY 10598, USA
/*--*/
/* System libraries */
#include <sys_defs.h>
#include <sys/socket.h>
/* Utility library. */
#include "iostuff.h"
/* duplex_pipe - give me a duplex pipe or bust */
int duplex_pipe(int *fds)
{
#ifdef HAS_DUPLEX_PIPE
return (pipe(fds));
#else
return (socketpair(AF_UNIX, SOCK_STREAM, 0, fds));
#endif
}

1
postfix/util/iostuff.h
View File

@ -25,6 +25,7 @@ extern int read_wait(int, int);
extern int write_wait(int, int);
extern int write_buf(int, const char *, int, int);
extern void doze(unsigned);
extern int duplex_pipe(int *);
#define BLOCKING 0
#define NON_BLOCKING 1

16
postfix/util/safe_open.c
View File

@ -45,6 +45,14 @@
/* A safe open routine was discussed by Casper Dik in article
/* <2rdb0s$568@mail.fwi.uva.nl>, posted to comp.security.unix
/* (May 18, 1994).
/*
/* Olaf Kirch discusses how the lstat()/open()+stat() test can
/* be fooled by delaying the open() until the inode found with
/* lstat() has been re-used for a sensitive file (article
/* <20000103212443.A5807@monad.swb.de> posted to bugtraq on
/* Jan 3, 2000). This can be a concern for set-uid processes
/* that run under the control of a user and this can be
/* manipulated with start/stop signals.
/* LICENSE
/* .ad
/* .fi
@ -107,11 +115,17 @@ static VSTREAM *safe_open_exist(const char *path, int flags, VSTRING *why)
* either we followed a symlink while opening an existing file, someone
* quickly changed the number of hard links, or someone replaced the file
* after the open() call. The link and mode tests aren't really necessary
* but the additional cost is low.
* in daemon processes. Set-uid programs, on the other hand, can be
* slowed down by arbitrary amounts, and there it would make sense to
* compare even more file attributes, such as the inode generation number
* on systems that have one.
*/
else if (lstat(path, &lstat_st) < 0
|| fstat_st.st_dev != lstat_st.st_dev
|| fstat_st.st_ino != lstat_st.st_ino
#ifdef HAS_ST_GEN
|| fstat_st.st_gen != lstat_st.st_gen
#endif
|| fstat_st.st_nlink != lstat_st.st_nlink
|| fstat_st.st_mode != lstat_st.st_mode) {
vstring_sprintf(why, "file %s: status has changed", path);

59
postfix/util/sys_defs.h
View File

@ -21,7 +21,7 @@
*/
#if defined(FREEBSD2) || defined(FREEBSD3) || defined(FREEBSD4) \
|| defined(BSDI2) || defined(BSDI3) || defined(BSDI4) \
|| defined(OPENBSD2) || defined(NETBSD1) || defined(RHAPSODY5)
|| defined(OPENBSD2) || defined(NETBSD1)
#define SUPPORTED
#include <sys/types.h>
#define USE_PATHS_H
@ -37,9 +37,14 @@
#define USE_STATFS
#define STATFS_IN_SYS_MOUNT_H
#define HAS_POSIX_REGEXP
#define HAS_ST_GEN /* struct stat contains inode generation number */
#endif
#if defined(OPENBSD2)
#if defined(FREEBSD2) || defined(FREEBSD3) || defined(FREEBSD4)
#define HAS_DUPLEX_PIPE
#endif
#if defined(OPENBSD2) || defined(FREEBSD3) || defined(FREEBSD4)
#define HAS_ISSETUGID
#endif
@ -48,6 +53,21 @@
#endif
#if defined(RHAPSODY5)
#define SUPPORTED
#include <sys/types.h>
#define USE_PATHS_H
#define USE_FLOCK_LOCK
#define HAS_SUN_LEN
#define HAS_FSYNC
#define HAS_DB
#define HAS_SA_LEN
#define DEF_DB_TYPE "hash"
#define ALIAS_DB_MAP "hash:/etc/aliases"
#define GETTIMEOFDAY(t) gettimeofday(t,(struct timezone *) 0)
#define ROOT_PATH "/bin:/usr/bin:/sbin:/usr/sbin"
#define USE_STATFS
#define STATFS_IN_SYS_MOUNT_H
#define HAS_POSIX_REGEXP
#define NORETURN void
#define HAS_NETINFO
#endif
@ -62,8 +82,8 @@
#define UNSAFE_CTYPE /* XXX verify */
#define _PATH_MAILDIR "/var/spool/mail"
#define _PATH_BSHELL "/bin/sh"
#define _PATH_DEFPATH "/usr/bin:/usr/ucb"
#define _PATH_STDPATH "/usr/bin:/usr/etc:/usr/ucb"
#define _PATH_DEFPATH "/bin:/usr/bin:/usr/ucb"
#define _PATH_STDPATH "/bin:/usr/bin:/usr/etc:/usr/ucb"
#define USE_FLOCK_LOCK
#define USE_DOT_LOCK
#define HAS_FSYNC
@ -79,6 +99,7 @@
extern int optind;
extern char *optarg;
extern int opterr;
extern int h_errno;
#define MISSING_STRFTIME_E
#define HAS_NIS
@ -554,6 +575,34 @@ extern int opterr; /* XXX use <getopt.h> */
#define USE_STATVFS
#define STATVFS_IN_SYS_STATVFS_H
#define MISSING_USLEEP
#endif
#ifdef DCOSX1 /* Siemens Pyramid */
#define SUPPORTED
#include <sys/types.h>
#define _PATH_MAILDIR "/var/mail"
#define _PATH_BSHELL "/bin/sh"
#define _PATH_DEFPATH "/usr/bin:/usr/ucb"
#define _PATH_STDPATH "/usr/bin:/usr/sbin:/usr/ucb"
#define MISSING_SETENV
#define USE_FCNTL_LOCK
#define USE_DOT_LOCK
#define HAS_FSYNC
#define DEF_DB_TYPE "hash"
#define ALIAS_DB_MAP "hash:/etc/aliases"
/* Uncomment the following line if you have NIS package installed */
/* #define HAS_NIS */
#define USE_SYS_SOCKIO_H
#define GETTIMEOFDAY(t) gettimeofday(t,NULL)
#define ROOT_PATH "/bin:/usr/bin:/sbin:/usr/sbin:/usr/ucb"
#define FIONREAD_IN_SYS_FILIO_H
#define DBM_NO_TRAILING_NULL
#define USE_STATVFS
#define STATVFS_IN_SYS_STATVFS_H
#define UNIX_DOMAIN_CONNECT_BLOCKS_FOR_ACCEPT
#ifndef S_ISSOCK
#define S_ISSOCK(mode) ((mode&0xF000) == 0xC000)
#endif
#endif
/*
@ -721,7 +770,7 @@ typedef int pid_t;
/*
* Making the ctype.h macros not more expensive than necessary. On some
* systems, ctype.h misbehaves badly with signed characters.
* systems, ctype.h misbehaves with non-ASCII and/or negative characters.
*/
#define _UCHAR_(c) ((unsigned char)(c))
#ifdef UNSAFE_CTYPE

6
postfix/util/vstream_popen.c
View File

@ -20,7 +20,7 @@
/* \fIcommand\fR, which is executed by a child process. The \fIflags\fR
/* argument is as with vstream_fopen(). The child's standard input and
/* standard output are redirected to the stream, which is based on a
/* socketpair.
/* socketpair or other suitable local IPC.
/*
/* vstream_popen_vargs() offers the user more control over the
/* child process and over how it is managed. The key argument
@ -90,7 +90,6 @@
/* System library. */
#include <sys_defs.h>
#include <sys/socket.h>
#include <sys/wait.h>
#include <unistd.h>
#include <stdlib.h>
@ -108,6 +107,7 @@
#include <argv.h>
#include <set_ugid.h>
#include <clean_env.h>
#include <iostuff.h>
/* Application-specific. */
@ -207,7 +207,7 @@ VSTREAM *vstream_popen_vargs(int flags,...)
if (args.command == 0)
args.command = args.argv[0];
if (socketpair(AF_UNIX, SOCK_STREAM, 0, sockfd) < 0)
if (duplex_pipe(sockfd) < 0)
return (0);
switch (pid = fork()) {