mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-30 21:55:20 +00:00
Code Issues Releases Wiki Activity

postfix-2.2-20050208

Browse Source
This commit is contained in:
Wietse Venema
2005-02-08 00:00:00 -05:00
committed by Viktor Dukhovni
parent 3414d539d2
commit d2c73aa0fe
41 changed files with 344 additions and 746 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
postfix/HISTORY
View File

@@ -10300,12 +10300,33 @@ Apologies for any names omitted.
the input when the action is NOT executed. File:
cleanup/cleanup_message.c.
Bugfix? Cleanup? Documentation? main.cf now implements
${name[?:]value} as promised in the postconf(5) manual.
Implemented by deleting the macro processor in dict_eval(),
and using the one in mac_expand() instead. File: util/dict.c.
20050208
Feature: check_ccert_access maptype:mapname for access(5)
control, based on code by Victor Duchovni. File:
smtpd/smtpd_check.c and documentation.
Sanity check: don't allow unlimited message size with
limited mailbox size. File: local/local.c, virtual/virtual.c.
Open problems:
Med: local and remote source port and IP address for smtpd
policy hook.
Med: smtp_connect_timeout_budget (default: 2x smtp_connect_timeout)
Med: disable address rewriting after XCLIENT? Introduce a
better concept of original submission?
Med: find out what TLS attributes to export via the policy
servicer hooks: peer CN, issuer CN, peer fingerprint,
verification status.
Med: smtp_connect_timeout_budget (default: 3x smtp_connect_timeout)
to limit the total time spent trying to connect.
Med: transform IPv4-in-IPv6 address literals to IPv4 form
@@ -10336,9 +10357,6 @@ Open problems:
Med: eliminate the tls_info data structure.
Med: implement ${name[?:]value} in main.cf or update the
postconf(5) manual.
Low: reject HELO with any domain name or IP address that
this MTA is the final destination for.
@@ -10384,7 +10402,9 @@ Open problems:
Med: silly queue file bit so that the queue manager doesn't
skip files when fast flush is requested while a queue scan
is in progress.
is in progress. The bit is set by the flush server and is
reset when the mail is deferred, so that it survives queue
manager restart.
Med: postsuper -r should do something with recipients in
bounce logfiles.

6
postfix/README_FILES/SMTPD_ACCESS_README
View File

@@ -125,6 +125,12 @@ Examples of simple restriction lists are:
# Whitelisting: local clients may specify any destination. Others may not.
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
# Block clients that speak too early.
smtpd_data_restrictions = reject_unauth_pipelining
# Enforce mail volume quota via policy service callouts.
smtpd_end_of_data_restrictions = check_policy_service unix:private/policy
Each restriction list is evaluated from left to right until some restriction
produces a result of PERMIT, REJECT or DEFER (try again later). The end of the
list is equivalent to a PERMIT result. By placing a PERMIT restriction before a

8
postfix/README_FILES/TLS_README
View File

@@ -382,8 +382,8 @@ Example:
SSeerrvveerr aacccceessss ccoonnttrrooll
Postfix TLS support introduces two additional features for Postfix SMTP server
access control:
Postfix TLS support introduces three additional features for Postfix SMTP
server access control:
permit_tls_clientcerts
Allow the remote SMTP client SMTP request if the client certificate
@@ -394,6 +394,10 @@ access control:
Allow the remote client SMTP request if the client certificate passes
verification.
check_ccert_access type:table
If the client certificate passes verification, use its fingerprint as a
key for the specified access(5) table.
The permit_tls_all_clientcerts feature must be used with caution, because it
can result in too many access permissions. Use this feature only if a special
CA issues the client certificates, and only if this CA is listed as trusted CA.

16
postfix/RELEASE_NOTES
View File

@@ -7,17 +7,25 @@ snapshot release). Patches are issued for the official release
and change the patchlevel and the release date. Patches are never
issued for snapshot releases.
Major changes with snapshot Postfix-2.2-20050208
================================================
New "check_ccert_maps maptype:mapname" feature to enforce access
control based on (hexadecimal) client certificate fingerprints.
Major changes with snapshot Postfix-2.2-20050206
================================================
Support for address rewriting in outgoing SMTP mail. This is useful
for sites that have no valid Internet domain name, and that use a
domain name such as localdomain.local instead. Mail addresses that
use such domain names are often rejected by mail servers. The new
smtp_generics_maps feature allows you to replace local mail addresses
by valid Internet addresses when mail needs to be sent across the
use such domain names are often rejected by mail servers.
The new smtp_generics_maps feature allows you to replace local mail
addresses by valid Internet addresses when mail is sent across the
Internet. It has no effect on mail that is sent between accounts
on the local machine.
on the local machine. The syntax is described in generics(5) and
a detailed example is in the STANDARD_CONFIGURATION_README file.
Example:

4
postfix/conf/relocated
View File

@@ -62,8 +62,8 @@
# in $inet_interfaces or $proxy_interfaces.
#
# @domain
# Matches every other address in domain. This form
# has the lowest precedence.
# Matches other addresses in domain. This form has
# the lowest precedence.
#
# ADDRESS EXTENSION
# When a mail address localpart contains the optional recip-

4
postfix/html/ADDRESS_REWRITING_README.html
View File

@@ -685,12 +685,12 @@ recipients. Postfix provides three mechanisms: </p>
the specified address. In Postfix versions before 2.1, this feature
is implemented by <a href="smtpd.8.html">smtpd(8)</a>, <a href="qmqpd.8.html">qmqpd(8)</a>, or <a href="pickup.8.html">pickup(8)</a>. </dd>
<dt> <a href="postconf.5.html#sender_bcc_maps">sender_bcc_maps</a> = type:table </dt> <dd> Search the specified
<dt> <a href="postconf.5.html#sender_bcc_maps">sender_bcc_maps</a> = <a href="DATABASE_README.html">type:table</a> </dt> <dd> Search the specified
"<a href="DATABASE_README.html">type:table</a>" lookup table with the envelope sender address for an
automatic BCC address. This feature is available in Postfix 2.1
and later. </dd>
<dt> <a href="postconf.5.html#recipient_bcc_maps">recipient_bcc_maps</a> = type:table </dt> <dd> Search the specified
<dt> <a href="postconf.5.html#recipient_bcc_maps">recipient_bcc_maps</a> = <a href="DATABASE_README.html">type:table</a> </dt> <dd> Search the specified
"<a href="DATABASE_README.html">type:table</a>" lookup table with the envelope recipient address for
an automatic BCC address. This feature is available in Postfix 2.1
and later. </dd>

2
postfix/html/DATABASE_README.html
View File

@@ -335,7 +335,7 @@ are given in <a href="pgsql_table.5.html">pgsql_table(5)</a>. </dd>
<dt> <b>proxy</b> (read-only) </dt>
<dd> Access information via the Postfix <a href="proxymap.8.html">proxymap(8)</a> service. The
lookup table name syntax is "<a href="proxymap.8.html">proxy</a>:type:table". </dd>
lookup table name syntax is "<a href="proxymap.8.html">proxy</a>:<a href="DATABASE_README.html">type:table</a>". </dd>
<dt> <b>regexp</b> (read-only) </dt>

2
postfix/html/IPV6_README.html
View File

@@ -192,7 +192,7 @@ information inside "<tt>[]</tt>", like this: </p>
IPv6 address information inside "<tt>[]</tt>" in the main.cf parameter
value and in files specified with a "<i>/file/name</i>" pattern.
IPv6 addresses contain the ":" character, and would otherwise be
confused with a "<i>type:table</i>" pattern. </b> </p>
confused with a "<i><a href="DATABASE_README.html">type:table</a></i>" pattern. </b> </p>
<h2><a name="limitations">Known Limitations</a></h2>

258
postfix/html/Makefile.in.snapshot
View File

@@ -1,258 +0,0 @@
SHELL = /bin/sh
# For now, just hard-coded rules for daemons, commands, config files.
DAEMONS = bounce.8.html cleanup.8.html defer.8.html error.8.html local.8.html \
lmtp.8.html master.8.html pickup.8.html pipe.8.html qmgr.8.html \
showq.8.html smtp.8.html smtpd.8.html trivial-rewrite.8.html \
oqmgr.8.html spawn.8.html flush.8.html virtual.8.html qmqpd.8.html \
trace.8.html verify.8.html proxymap.8.html anvil.8.html
COMMANDS= mailq.1.html newaliases.1.html postalias.1.html postcat.1.html \
postconf.1.html postfix.1.html postkick.1.html postlock.1.html \
postlog.1.html postdrop.1.html postmap.1.html sendmail.1.html \
postqueue.1.html postsuper.1.html smtp-source.1.html \
smtp-sink.1.html qmqp-source.1.html qmqp-sink.1.html
CONFIG = access.5.html aliases.5.html canonical.5.html relocated.5.html \
transport.5.html virtual.5.html pcre_table.5.html regexp_table.5.html \
cidr_table.5.html tcp_table.5.html header_checks.5.html \
ldap_table.5.html mysql_table.5.html pgsql_table.5.html
AWK = awk '{ print; if (NR == 1) print ".pl 9999" }'
MAN2HTML = man2html -t "Postfix manual - `IFS=.; set \`echo $@\`; echo \"$$1($$2)\"`"
update: $(DAEMONS) $(COMMANDS) $(CONFIG)
Makefile: Makefile.in
(set -e; echo "# DO NOT EDIT"; $(OPTS) $(SHELL) ../src/makedefs; cat $?) >$@
clean:
echo clean
tidy: clean
clobber:
rm -f $(DAEMONS) $(COMMANDS) $(CONFIG)
bounce.8.html: ../src/bounce/bounce.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
defer.8.html: bounce.8.html
rm -f $@
ln -s $? $@
error.8.html: ../src/error/error.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
flush.8.html: ../src/flush/flush.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
cleanup.8.html: ../src/cleanup/cleanup.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
anvil.8.html: ../src/anvil/anvil.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
lmtp.8.html: ../src/lmtp/lmtp.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
local.8.html: ../src/local/local.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
master.8.html: ../src/master/master.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
oqmgr.8.html: ../src/oqmgr/qmgr.c
PATH=../mantools:$$PATH; \
srctoman $? | sed -e 's/qmgr[^_]/o&/' \
-e 's/qmgr$$/o&/' \
-e 's/QMGR[^_]/O&/' | \
$(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
pickup.8.html: ../src/pickup/pickup.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
pipe.8.html: ../src/pipe/pipe.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
proxymap.8.html: ../src/proxymap/proxymap.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
qmgr.8.html: ../src/qmgr/qmgr.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
qmqpd.8.html: ../src/qmqpd/qmqpd.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
showq.8.html: ../src/showq/showq.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
spawn.8.html: ../src/spawn/spawn.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
smtp.8.html: ../src/smtp/smtp.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
smtpd.8.html: ../src/smtpd/smtpd.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
virtual.8.html: ../src/virtual/virtual.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
trace.8.html: bounce.8.html
rm -f $@
ln -s $? $@
trivial-rewrite.8.html: ../src/trivial-rewrite/trivial-rewrite.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
verify.8.html: ../src/verify/verify.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
postalias.1.html: ../src/postalias/postalias.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
postcat.1.html: ../src/postcat/postcat.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
postconf.1.html: ../src/postconf/postconf.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
postdrop.1.html: ../src/postdrop/postdrop.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
postfix.1.html: ../src/postfix/postfix.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
postkick.1.html: ../src/postkick/postkick.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
postlock.1.html: ../src/postlock/postlock.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
postlog.1.html: ../src/postlog/postlog.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
postmap.1.html: ../src/postmap/postmap.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
postqueue.1.html: ../src/postqueue/postqueue.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
postsuper.1.html: ../src/postsuper/postsuper.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
sendmail.1.html: ../src/sendmail/sendmail.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
mailq.1.html: sendmail.1.html
PATH=../mantools:$$PATH; \
rm -f $@
ln -s $? $@
newaliases.1.html: sendmail.1.html
PATH=../mantools:$$PATH; \
rm -f $@
ln -s $? $@
smtp-source.1.html: ../src/smtpstone/smtp-source.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
smtp-sink.1.html: ../src/smtpstone/smtp-sink.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
qmqp-source.1.html: ../src/smtpstone/qmqp-source.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
qmqp-sink.1.html: ../src/smtpstone/qmqp-sink.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
access.5.html: ../proto/access
PATH=../mantools:$$PATH; \
srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
aliases.5.html: ../proto/aliases
PATH=../mantools:$$PATH; \
srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
canonical.5.html: ../proto/canonical
PATH=../mantools:$$PATH; \
srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
cidr_table.5.html: ../proto/cidr_table
PATH=../mantools:$$PATH; \
srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
header_checks.5.html: ../proto/header_checks
PATH=../mantools:$$PATH; \
srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
ldap_table.5.html: ../proto/ldap_table
PATH=../mantools:$$PATH; \
srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
mysql_table.5.html: ../proto/mysql_table
PATH=../mantools:$$PATH; \
srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
pcre_table.5.html: ../proto/pcre_table
PATH=../mantools:$$PATH; \
srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
pgsql_table.5.html: ../proto/pgsql_table
PATH=../mantools:$$PATH; \
srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
regexp_table.5.html: ../proto/regexp_table
PATH=../mantools:$$PATH; \
srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
relocated.5.html: ../proto/relocated
PATH=../mantools:$$PATH; \
srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
tcp_table.5.html: ../proto/tcp_table
PATH=../mantools:$$PATH; \
srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
transport.5.html: ../proto/transport
PATH=../mantools:$$PATH; \
srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
virtual.5.html: ../proto/virtual
PATH=../mantools:$$PATH; \
srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@

258
postfix/html/Makefile.in.stable
View File

@@ -1,258 +0,0 @@
SHELL = /bin/sh
# For now, just hard-coded rules for daemons, commands, config files.
DAEMONS = bounce.8.html cleanup.8.html defer.8.html error.8.html local.8.html \
lmtp.8.html master.8.html pickup.8.html pipe.8.html qmgr.8.html \
showq.8.html smtp.8.html smtpd.8.html trivial-rewrite.8.html \
oqmgr.8.html spawn.8.html flush.8.html virtual.8.html qmqpd.8.html \
trace.8.html verify.8.html proxymap.8.html
COMMANDS= mailq.1.html newaliases.1.html postalias.1.html postcat.1.html \
postconf.1.html postfix.1.html postkick.1.html postlock.1.html \
postlog.1.html postdrop.1.html postmap.1.html sendmail.1.html \
postqueue.1.html postsuper.1.html smtp-source.1.html \
smtp-sink.1.html qmqp-source.1.html qmqp-sink.1.html
CONFIG = access.5.html aliases.5.html canonical.5.html relocated.5.html \
transport.5.html virtual.5.html pcre_table.5.html regexp_table.5.html \
cidr_table.5.html header_checks.5.html \
ldap_table.5.html mysql_table.5.html pgsql_table.5.html
AWK = awk '{ print; if (NR == 1) print ".pl 9999" }'
MAN2HTML = man2html -t "Postfix manual - `IFS=.; set \`echo $@\`; echo \"$$1($$2)\"`"
update: $(DAEMONS) $(COMMANDS) $(CONFIG)
Makefile: Makefile.in
(set -e; echo "# DO NOT EDIT"; $(OPTS) $(SHELL) ../src/makedefs; cat $?) >$@
clean:
echo clean
tidy: clean
clobber:
rm -f $(DAEMONS) $(COMMANDS) $(CONFIG)
bounce.8.html: ../src/bounce/bounce.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
defer.8.html: bounce.8.html
rm -f $@
ln -s $? $@
error.8.html: ../src/error/error.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
flush.8.html: ../src/flush/flush.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
cleanup.8.html: ../src/cleanup/cleanup.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
anvil.8.html: ../src/anvil/anvil.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
lmtp.8.html: ../src/lmtp/lmtp.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
local.8.html: ../src/local/local.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
master.8.html: ../src/master/master.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
oqmgr.8.html: ../src/oqmgr/qmgr.c
PATH=../mantools:$$PATH; \
srctoman $? | sed -e 's/qmgr[^_]/o&/' \
-e 's/qmgr$$/o&/' \
-e 's/QMGR[^_]/O&/' | \
$(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
pickup.8.html: ../src/pickup/pickup.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
pipe.8.html: ../src/pipe/pipe.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
proxymap.8.html: ../src/proxymap/proxymap.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
qmgr.8.html: ../src/qmgr/qmgr.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
qmqpd.8.html: ../src/qmqpd/qmqpd.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
showq.8.html: ../src/showq/showq.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
spawn.8.html: ../src/spawn/spawn.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
smtp.8.html: ../src/smtp/smtp.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
smtpd.8.html: ../src/smtpd/smtpd.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
virtual.8.html: ../src/virtual/virtual.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
trace.8.html: bounce.8.html
rm -f $@
ln -s $? $@
trivial-rewrite.8.html: ../src/trivial-rewrite/trivial-rewrite.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
verify.8.html: ../src/verify/verify.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
postalias.1.html: ../src/postalias/postalias.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
postcat.1.html: ../src/postcat/postcat.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
postconf.1.html: ../src/postconf/postconf.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
postdrop.1.html: ../src/postdrop/postdrop.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
postfix.1.html: ../src/postfix/postfix.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
postkick.1.html: ../src/postkick/postkick.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
postlock.1.html: ../src/postlock/postlock.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
postlog.1.html: ../src/postlog/postlog.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
postmap.1.html: ../src/postmap/postmap.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
postqueue.1.html: ../src/postqueue/postqueue.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
postsuper.1.html: ../src/postsuper/postsuper.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
sendmail.1.html: ../src/sendmail/sendmail.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
mailq.1.html: sendmail.1.html
PATH=../mantools:$$PATH; \
rm -f $@
ln -s $? $@
newaliases.1.html: sendmail.1.html
PATH=../mantools:$$PATH; \
rm -f $@
ln -s $? $@
smtp-source.1.html: ../src/smtpstone/smtp-source.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
smtp-sink.1.html: ../src/smtpstone/smtp-sink.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
qmqp-source.1.html: ../src/smtpstone/qmqp-source.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
qmqp-sink.1.html: ../src/smtpstone/qmqp-sink.c
PATH=../mantools:$$PATH; \
srctoman $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
access.5.html: ../proto/access
PATH=../mantools:$$PATH; \
srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
aliases.5.html: ../proto/aliases
PATH=../mantools:$$PATH; \
srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
canonical.5.html: ../proto/canonical
PATH=../mantools:$$PATH; \
srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
cidr_table.5.html: ../proto/cidr_table
PATH=../mantools:$$PATH; \
srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
header_checks.5.html: ../proto/header_checks
PATH=../mantools:$$PATH; \
srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
ldap_table.5.html: ../proto/ldap_table
PATH=../mantools:$$PATH; \
srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
mysql_table.5.html: ../proto/mysql_table
PATH=../mantools:$$PATH; \
srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
pcre_table.5.html: ../proto/pcre_table
PATH=../mantools:$$PATH; \
srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
pgsql_table.5.html: ../proto/pgsql_table
PATH=../mantools:$$PATH; \
srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
regexp_table.5.html: ../proto/regexp_table
PATH=../mantools:$$PATH; \
srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
relocated.5.html: ../proto/relocated
PATH=../mantools:$$PATH; \
srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
tcp_table.5.html: ../proto/tcp_table
PATH=../mantools:$$PATH; \
srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
transport.5.html: ../proto/transport
PATH=../mantools:$$PATH; \
srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
virtual.5.html: ../proto/virtual
PATH=../mantools:$$PATH; \
srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@

6
postfix/html/SMTPD_ACCESS_README.html
View File

@@ -179,6 +179,12 @@ described in the <a href="postconf.5.html">postconf(5)</a> manual page. </p>
# Whitelisting: local clients may specify any destination. Others may not.
<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
# Block clients that speak too early.
<a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a> = <a href="postconf.5.html#reject_unauth_pipelining">reject_unauth_pipelining</a>
# Enforce mail volume quota via policy service callouts.
<a href="postconf.5.html#smtpd_end_of_data_restrictions">smtpd_end_of_data_restrictions</a> = <a href="postconf.5.html#check_policy_service">check_policy_service</a> unix:private/policy
</pre>
<p> Each restriction list is evaluated from left to right until

6
postfix/html/TLS_README.html
View File

@@ -580,7 +580,7 @@ recommends a maximum of 24 hours. </p>
<h3><a name="server_access">Server access control</a> </h3>
<p> Postfix TLS support introduces two additional features for
<p> Postfix TLS support introduces three additional features for
Postfix SMTP server access control: </p>
<blockquote>
@@ -596,6 +596,10 @@ and if its fingerprint is listed in the list of client certificates
client SMTP request if the client certificate passes verification.
</p> </dd>
<dt> <a href="postconf.5.html#check_ccert_access">check_ccert_access</a> <a href="DATABASE_README.html">type:table</a></dt> <dd>
<p> If the client certificate passes verification, use its fingerprint
as a key for the specified <a href="access.5.html">access(5)</a> table. </p> </dd>
</dl>
</blockquote>

4
postfix/html/cleanup.8.html
View File

@@ -243,8 +243,8 @@ CLEANUP(8) CLEANUP(8)
<b>RESOURCE AND RATE CONTROLS</b>
<b><a href="postconf.5.html#duplicate_filter_limit">duplicate_filter_limit</a> (1000)</b>
The maximal number of addresses remembered by the
address duplicate filter for <a href="aliases.5.html"><b>aliases</b>(5)</a> or <b>vir-</b>
<b>tual</b>(5) alias expansion, or for <a href="showq.8.html"><b>showq</b>(8)</a> queue dis-
address duplicate filter for <a href="aliases.5.html"><b>aliases</b>(5)</a> or <a href="virtual.5.html"><b>vir-</b></a>
<a href="virtual.5.html"><b>tual</b>(5)</a> alias expansion, or for <a href="showq.8.html"><b>showq</b>(8)</a> queue dis-
plays.
<b><a href="postconf.5.html#header_size_limit">header_size_limit</a> (102400)</b>

4
postfix/html/local.8.html
View File

@@ -445,8 +445,8 @@ LOCAL(8) LOCAL(8)
<b><a href="postconf.5.html#duplicate_filter_limit">duplicate_filter_limit</a> (1000)</b>
The maximal number of addresses remembered by the
address duplicate filter for <a href="aliases.5.html"><b>aliases</b>(5)</a> or <b>vir-</b>
<b>tual</b>(5) alias expansion, or for <a href="showq.8.html"><b>showq</b>(8)</a> queue dis-
address duplicate filter for <a href="aliases.5.html"><b>aliases</b>(5)</a> or <a href="virtual.5.html"><b>vir-</b></a>
<a href="virtual.5.html"><b>tual</b>(5)</a> alias expansion, or for <a href="showq.8.html"><b>showq</b>(8)</a> queue dis-
plays.
<b><a href="postconf.5.html#local_destination_concurrency_limit">local_destination_concurrency_limit</a> (2)</b>

22
postfix/html/postconf.5.html
View File

@@ -46,10 +46,12 @@ that starts with whitespace continues a logical line. </p>
recursively replaced by the value of the named parameter. </p>
<li> <p> The expression "${name?value}" expands to "value" when
"$name" is non-empty. </p>
"$name" is non-empty. This form is supported with Postfix version
2.2 and later. </p>
<li> <p> The expression "${name:value}" expands to "value" when
"$name" is empty. </p>
"$name" is empty. This form is supported with Postfix version 2.2
and later. </p>
</ul>
@@ -5073,6 +5075,12 @@ D7:04:2F:A7:0B:8C:A5:21:FA:31:77:E1:41:8A:EE:80 lutzpc.at.home </p>
relay_clientcerts = hash:/etc/postfix/relay_clientcerts
</pre>
<p>For more fine-grained control, use <a href="postconf.5.html#check_ccert_access">check_ccert_access</a> to select
an appropriate <a href="access.5.html">access(5)</a> policy for each client.
See <a href="RESTRICTION_CLASS_README.html">RESTRICTION_CLASS_README</a>.</p>
<p>This feature is available with Postfix 2.2.</p>
</DD>
@@ -7050,6 +7058,12 @@ client network address information.
<dl>
<dt><b><a name="check_ccert_access">check_ccert_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
<dd>When the remote SMTP client certificate is verified successfully,
use the client certificate fingerprint as lookup key for the specified
<a href="access.5.html">access(5)</a> database. This feature is available with Postfix 2.2.</dd>
<dt><b><a name="check_client_access">check_client_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
<dd>Search the specified access database for the client hostname,
@@ -7077,13 +7091,13 @@ authenticated via the <a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</
verified successfully. This option must be used only if a special
CA issues the certificates and only this CA is listed as trusted
CA, otherwise all clients with a recognized certificate would be
allowed to relay. </dd>
allowed to relay. This feature is available with Postfix 2.2.</dd>
<dt><b><a name="permit_tls_clientcerts">permit_tls_clientcerts</a></b></dt>
<dd>Permit the request when the remote SMTP client certificate is
verified successfully, and the certificate fingerprint is listed
in $relay_clientcerts. </dd>
in $relay_clientcerts. This feature is available with Postfix 2.2.</dd>
<dt><b><a name="reject_rbl_client">reject_rbl_client <i>rbl_domain=d.d.d.d</i></a></b></dt>
<dd>Reject the request when the reversed client network address is

75
postfix/html/postfix.1.html
View File

@@ -26,56 +26,55 @@ POSTFIX(1) POSTFIX(1)
The following commands are implemented:
<b>check</b> Validate the Postfix mail system configuration.
Warn about bad directory/file ownership or permis-
<b>check</b> Warn about bad directory/file ownership or permis-
sions, and create missing directories.
<b>start</b> Start the Postfix mail system. This also runs the
<b>start</b> Start the Postfix mail system. This also runs the
configuration check described above.
<b>stop</b> Stop the Postfix mail system in an orderly fashion.
Running processes are allowed to terminate at their
earliest convenience.
If possible, running processes are allowed to ter-
minate at their earliest convenience.
Note: in order to refresh the Postfix mail system
after a configuration change, do not use the <b>start</b>
and <b>stop</b> commands in succession. Use the <b>reload</b>
Note: in order to refresh the Postfix mail system
after a configuration change, do not use the <b>start</b>
and <b>stop</b> commands in succession. Use the <b>reload</b>
command instead.
<b>abort</b> Stop the Postfix mail system abruptly. Running pro-
cesses are signaled to stop immediately.
<b>flush</b> Force delivery: attempt to deliver every message in
the deferred mail queue. Normally, attempts to
deliver delayed mail happen at regular intervals,
the deferred mail queue. Normally, attempts to
deliver delayed mail happen at regular intervals,
the interval doubling after each failed attempt.
Warning: flushing undeliverable mail frequently
will result in poor delivery performance of all
will result in poor delivery performance of all
other mail.
<b>reload</b> Re-read configuration files. Running processes ter-
minate at their earliest convenience.
<b>set-permissions [</b><i>name</i>=<i>value ...</i><b>]</b>
Set the ownership and permissions of Postfix
related files and directories, as specified in the
Set the ownership and permissions of Postfix
related files and directories, as specified in the
<b>postfix-files</b> file.
Specify <i>name</i>=<i>value</i> to override and update specific
main.cf configuration parameters. Use this, for
example, to change the <b><a href="postconf.5.html#mail_owner">mail_owner</a></b> or <b><a href="postconf.5.html#setgid_group">setgid_group</a></b>
Specify <i>name</i>=<i>value</i> to override and update specific
main.cf configuration parameters. Use this, for
example, to change the <b><a href="postconf.5.html#mail_owner">mail_owner</a></b> or <b><a href="postconf.5.html#setgid_group">setgid_group</a></b>
setting for an already installed Postfix system.
This feature is available in Postfix 2.1 and later.
<b>upgrade-configuration [</b><i>name</i>=<i>value ...</i><b>]</b>
Update the <b>main.cf</b> and <b>master.cf</b> files with infor-
mation that Postfix needs in order to run: add or
update services, and add or update configuration
Update the <b>main.cf</b> and <b>master.cf</b> files with infor-
mation that Postfix needs in order to run: add or
update services, and add or update configuration
parameter settings.
Specify <i>name</i>=<i>value</i> to override and update specific
Specify <i>name</i>=<i>value</i> to override and update specific
main.cf configuration parameters.
This feature is available in Postfix 2.1 and later.
@@ -83,10 +82,10 @@ POSTFIX(1) POSTFIX(1)
The following options are implemented:
<b>-c</b> <i>config</i><b>_</b><i>dir</i>
Read the <b>main.cf</b> and <b>master.cf</b> configuration files
in the named directory instead of the default con-
Read the <b>main.cf</b> and <b>master.cf</b> configuration files
in the named directory instead of the default con-
figuration directory. Use this to distinguish
between multiple Postfix instances on the same
between multiple Postfix instances on the same
host.
<b>-D</b> (with <b>postfix start</b> only)
@@ -95,11 +94,11 @@ POSTFIX(1) POSTFIX(1)
parameter.
<b>-v</b> Enable verbose logging for debugging purposes. Mul-
tiple <b>-v</b> options make the software increasingly
tiple <b>-v</b> options make the software increasingly
verbose.
<b>ENVIRONMENT</b>
The <a href="postfix.1.html"><b>postfix</b>(1)</a> command exports the following environment
The <a href="postfix.1.html"><b>postfix</b>(1)</a> command exports the following environment
variables before executing the <b>postfix-script</b> file:
<b>MAIL_CONFIG</b>
@@ -115,23 +114,23 @@ POSTFIX(1) POSTFIX(1)
sent.
<b>CONFIGURATION PARAMETERS</b>
The following <b>main.cf</b> configuration parameters are
The following <b>main.cf</b> configuration parameters are
exported as environment variables with the same names:
<b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
The location of all postfix administrative com-
The location of all postfix administrative com-
mands.
<b><a href="postconf.5.html#daemon_directory">daemon_directory</a> (see 'postconf -d' output)</b>
The directory with Postfix support programs and
The directory with Postfix support programs and
daemon programs.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
The default location of the Postfix main.cf and
The default location of the Postfix main.cf and
master.cf configuration files.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
The location of the Postfix top-level queue direc-
The location of the Postfix top-level queue direc-
tory.
<b><a href="postconf.5.html#mail_owner">mail_owner</a> (postfix)</b>
@@ -147,7 +146,7 @@ POSTFIX(1) POSTFIX(1)
location of the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command.
<b><a href="postconf.5.html#newaliases_path">newaliases_path</a> (see 'postconf -d' output)</b>
Sendmail compatibility feature that specifies the
Sendmail compatibility feature that specifies the
location of the <a href="newaliases.1.html"><b>newaliases</b>(1)</a> command.
<b><a href="postconf.5.html#mailq_path">mailq_path</a> (see 'postconf -d' output)</b>
@@ -155,7 +154,7 @@ POSTFIX(1) POSTFIX(1)
the Postfix <a href="mailq.1.html"><b>mailq</b>(1)</a> command is installed.
<b><a href="postconf.5.html#html_directory">html_directory</a> (see 'postconf -d' output)</b>
The location of Postfix HTML files that describe
The location of Postfix HTML files that describe
how to build, configure or operate a specific Post-
fix subsystem or feature.
@@ -163,26 +162,26 @@ POSTFIX(1) POSTFIX(1)
Where the Postfix manual pages are installed.
<b><a href="postconf.5.html#readme_directory">readme_directory</a> (see 'postconf -d' output)</b>
The location of Postfix README files that describe
The location of Postfix README files that describe
how to build, configure or operate a specific Post-
fix subsystem or feature.
Other configuration parameters:
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
The default location of the Postfix main.cf and
The default location of the Postfix main.cf and
master.cf configuration files.
<b><a href="postconf.5.html#import_environment">import_environment</a> (see 'postconf -d' output)</b>
The list of environment parameters that a Postfix
process will import from a non-Postfix parent pro-
The list of environment parameters that a Postfix
process will import from a non-Postfix parent pro-
cess.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
The mail system name that is prepended to the pro-
The mail system name that is prepended to the pro-
cess name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
@@ -271,7 +270,7 @@ POSTFIX(1) POSTFIX(1)
<a href="QSHAPE_README.html">QSHAPE_README</a>, Postfix queue analysis
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>

95
postfix/html/postsuper.1.html
View File

@@ -38,10 +38,12 @@ POSTSUPER(1) POSTSUPER(1)
<b>-d</b> <i>queue</i><b>_</b><i>id</i>
Delete one message with the named queue ID from the
named mail queue(s) (default: <b>hold</b>, <b>incoming</b>,
<b>active</b> and <b>deferred</b>). If a <i>queue</i><b>_</b><i>id</i> of <b>-</b> is speci-
fied, the program reads queue IDs from standard
input. For example, to delete all mail with exactly
one recipient <b>user@example.com</b>:
<b>active</b> and <b>deferred</b>).
If a <i>queue</i><b>_</b><i>id</i> of <b>-</b> is specified, the program reads
queue IDs from standard input. For example, to
delete all mail with exactly one recipient
<b>user@example.com</b>:
mailq | tail +2 | awk 'BEGIN { RS = "" }
# $7=sender, $8=recipient1, $9=recipient2
@@ -83,26 +85,28 @@ POSTSUPER(1) POSTSUPER(1)
Put mail "on hold" so that no attempt is made to
deliver it. Move one message with the named queue
ID from the named mail queue(s) (default: <b>incoming</b>,
<b>active</b> and <b>deferred</b>) to the <b>hold</b> queue. If a
<i>queue</i><b>_</b><i>id</i> of <b>-</b> is specified, the program reads queue
IDs from standard input.
<b>active</b> and <b>deferred</b>) to the <b>hold</b> queue.
Specify <b>-h ALL</b> to hold all messages; for example,
If a <i>queue</i><b>_</b><i>id</i> of <b>-</b> is specified, the program reads
queue IDs from standard input.
Specify <b>-h ALL</b> to hold all messages; for example,
specify <b>-h ALL deferred</b> to hold mail in the
<b>deferred</b> queue. As a safety measure, the word <b>ALL</b>
<b>deferred</b> queue. As a safety measure, the word <b>ALL</b>
must be specified in upper case.
Note: while mail is "on hold" it will not expire
when its time in the queue exceeds the <b><a href="postconf.5.html#maximal_queue_lifetime">maxi</a>-</b>
Note: while mail is "on hold" it will not expire
when its time in the queue exceeds the <b><a href="postconf.5.html#maximal_queue_lifetime">maxi</a>-</b>
<b><a href="postconf.5.html#maximal_queue_lifetime">mal_queue_lifetime</a></b> or <b><a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a></b> set-
ting. It becomes subject to expiration after it is
ting. It becomes subject to expiration after it is
released from "hold".
<b>-H</b> <i>queue</i><b>_</b><i>id</i>
Release mail that was put "on hold". Move one mes-
sage with the named queue ID from the named mail
queue(s) (default: <b>hold</b>) to the <b>deferred</b> queue. If
a <i>queue</i><b>_</b><i>id</i> of <b>-</b> is specified, the program reads
sage with the named queue ID from the named mail
queue(s) (default: <b>hold</b>) to the <b>deferred</b> queue.
If a <i>queue</i><b>_</b><i>id</i> of <b>-</b> is specified, the program reads
queue IDs from standard input.
Note: use "<b>postsuper -r</b>" to release mail that was
@@ -121,55 +125,56 @@ POSTSUPER(1) POSTSUPER(1)
Requeue the message with the named queue ID from
the named mail queue(s) (default: <b>hold</b>, <b>incoming</b>,
<b>active</b> and <b>deferred</b>). To requeue multiple mes-
sages, specify multiple <b>-r</b> command-line options.
sages, specify multiple <b>-r</b> command-line options.
Alternatively, if a <i>queue</i><b>_</b><i>id</i> of <b>-</b> is specified, the
program reads queue IDs from standard input.
Specify <b>-r ALL</b> to requeue all messages. As a safety
measure, the word <b>ALL</b> must be specified in upper
measure, the word <b>ALL</b> must be specified in upper
case.
A requeued message is moved to the <b>maildrop</b> queue,
from where it is copied by the pickup daemon to a
new file whose name is guaranteed to match the new
A requeued message is moved to the <b>maildrop</b> queue,
from where it is copied by the pickup daemon to a
new file whose name is guaranteed to match the new
queue file inode number. The new queue file is sub-
jected again to mail address rewriting and substi-
jected again to mail address rewriting and substi-
tution. This is useful when rewriting rules or vir-
tual mappings have changed.
Warning: Postfix queue IDs are reused. There is a
very small possibility that <a href="postsuper.1.html"><b>postsuper</b>(1)</a> requeues
the wrong message file when it is executed while
the Postfix mail system is running, but no harm
Warning: Postfix queue IDs are reused. There is a
very small possibility that <a href="postsuper.1.html"><b>postsuper</b>(1)</a> requeues
the wrong message file when it is executed while
the Postfix mail system is running, but no harm
should be done.
<b>-s</b> Structure check and structure repair. This should
<b>-s</b> Structure check and structure repair. This should
be done once before Postfix startup.
<b>o</b> Rename files whose name does not match the
<b>o</b> Rename files whose name does not match the
message file inode number. This operation is
necessary after restoring a mail queue from
necessary after restoring a mail queue from
a different machine, or from backup media.
<b>o</b> Move queue files that are in the wrong place
in the file system hierarchy and remove sub-
directories that are no longer needed. File
position rearrangements are necessary after
position rearrangements are necessary after
a change in the <b><a href="postconf.5.html#hash_queue_names">hash_queue_names</a></b> and/or
<b><a href="postconf.5.html#hash_queue_depth">hash_queue_depth</a></b> configuration parameters.
<b>-v</b> Enable verbose logging for debugging purposes. Mul-
tiple <b>-v</b> options make the software increasingly
tiple <b>-v</b> options make the software increasingly
verbose.
<b>DIAGNOSTICS</b>
Problems are reported to the standard error stream and to
Problems are reported to the standard error stream and to
<b>syslogd</b>(8).
<a href="postsuper.1.html"><b>postsuper</b>(1)</a> reports the number of messages deleted with
<b>-d</b>, the number of messages requeued with <b>-r</b>, and the num-
ber of messages whose queue file name was fixed with <b>-s</b>.
The report is written to the standard error stream and to
<a href="postsuper.1.html"><b>postsuper</b>(1)</a> reports the number of messages deleted with
<b>-d</b>, the number of messages requeued with <b>-r</b>, and the num-
ber of messages whose queue file name was fixed with <b>-s</b>.
The report is written to the standard error stream and to
<b>syslogd</b>(8).
<b>ENVIRONMENT</b>
@@ -177,36 +182,36 @@ POSTSUPER(1) POSTSUPER(1)
Directory with the <b>main.cf</b> file.
<b>BUGS</b>
Mail that is not sanitized by Postfix (i.e. mail in the
Mail that is not sanitized by Postfix (i.e. mail in the
<b>maildrop</b> queue) cannot be placed "on hold".
<b>CONFIGURATION PARAMETERS</b>
The following <b>main.cf</b> parameters are especially relevant
The following <b>main.cf</b> parameters are especially relevant
to this program. The text below provides only a parameter
summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including exam-
summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including exam-
ples.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
The default location of the Postfix main.cf and
The default location of the Postfix main.cf and
master.cf configuration files.
<b><a href="postconf.5.html#hash_queue_depth">hash_queue_depth</a> (1)</b>
The number of subdirectory levels for queue direc-
tories listed with the <a href="postconf.5.html#hash_queue_names">hash_queue_names</a> parameter.
The number of subdirectory levels for queue direc-
tories listed with the <a href="postconf.5.html#hash_queue_names">hash_queue_names</a> parameter.
<b><a href="postconf.5.html#hash_queue_names">hash_queue_names</a> (deferred, defer)</b>
The names of queue directories that are split
The names of queue directories that are split
across multiple subdirectory levels.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
The location of the Postfix top-level queue direc-
The location of the Postfix top-level queue direc-
tory.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
The mail system name that is prepended to the pro-
The mail system name that is prepended to the pro-
cess name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
@@ -215,7 +220,7 @@ POSTSUPER(1) POSTSUPER(1)
<a href="postqueue.1.html">postqueue(1)</a>, unprivileged queue operations
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>

4
postfix/html/relocated.5.html
View File

@@ -68,8 +68,8 @@ RELOCATED(5) RELOCATED(5)
in $<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b> or $<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a></b>.
@<i>domain</i>
Matches every other address in <i>domain</i>. This form
has the lowest precedence.
Matches other addresses in <i>domain</i>. This form has
the lowest precedence.
<b>ADDRESS EXTENSION</b>
When a mail address localpart contains the optional recip-

2
postfix/makedefs
View File

@@ -8,7 +8,7 @@
# SYNOPSIS
# \fBmake makefiles \fIname=value...\fR
# DESCRIPTION
# The \fBmakedefs\fR command identifies the program compilation
# The \fBmakedefs\fR command identifies the compilation
# environment, and emits macro definitions on the standard output
# stream that can be prepended to template Makefiles.
#

10
postfix/man/man1/postfix.1
View File

@@ -25,15 +25,15 @@ runs the \fBpostfix-script\fR shell script to do the actual work.
The following commands are implemented:
.IP \fBcheck\fR
Validate the Postfix mail system configuration. Warn about bad
directory/file ownership or permissions, and create missing
directories.
Warn about bad directory/file ownership or permissions,
and create missing directories.
.IP \fBstart\fR
Start the Postfix mail system. This also runs the configuration
check described above.
.IP \fBstop\fR
Stop the Postfix mail system in an orderly fashion. Running processes
are allowed to terminate at their earliest convenience.
Stop the Postfix mail system in an orderly fashion. If
possible, running processes are allowed to terminate at
their earliest convenience.
.sp
Note: in order to refresh the Postfix mail system after a
configuration change, do not use the \fBstart\fR and \fBstop\fR

4
postfix/man/man1/postsuper.1
View File

@@ -37,6 +37,7 @@ MAIL_CONFIG environment setting below.
Delete one message with the named queue ID from the named
mail queue(s) (default: \fBhold\fR, \fBincoming\fR, \fBactive\fR and
\fBdeferred\fR).
If a \fIqueue_id\fR of \fB-\fR is specified, the program reads
queue IDs from standard input. For example, to delete all mail
with exactly one recipient \fBuser@example.com\fR:
@@ -82,6 +83,7 @@ Put mail "on hold" so that no attempt is made to deliver it.
Move one message with the named queue ID from the named
mail queue(s) (default: \fBincoming\fR, \fBactive\fR and
\fBdeferred\fR) to the \fBhold\fR queue.
If a \fIqueue_id\fR of \fB-\fR is specified, the program reads
queue IDs from standard input.
.sp
@@ -98,6 +100,7 @@ expiration after it is released from "hold".
Release mail that was put "on hold".
Move one message with the named queue ID from the named
mail queue(s) (default: \fBhold\fR) to the \fBdeferred\fR queue.
If a \fIqueue_id\fR of \fB-\fR is specified, the program reads
queue IDs from standard input.
.sp
@@ -117,6 +120,7 @@ mail queue(s) (default: \fBhold\fR, \fBincoming\fR, \fBactive\fR and
\fBdeferred\fR).
To requeue multiple messages, specify multiple \fB-r\fR
command-line options.
Alternatively, if a \fIqueue_id\fR of \fB-\fR is specified,
the program reads queue IDs from standard input.
.sp

20
postfix/man/man5/postconf.5
View File

@@ -36,10 +36,12 @@ The expressions "$name", "${name}" or "$(name)" are
recursively replaced by the value of the named parameter.
.IP \(bu
The expression "${name?value}" expands to "value" when
"$name" is non-empty.
"$name" is non-empty. This form is supported with Postfix
version 2.2 and later.
.IP \(bu
The expression "${name:value}" expands to "value" when
"$name" is empty.
"$name" is empty. This form is supported with Postfix
version 2.2 and later.
.RE
.IP \(bu
When the same parameter is defined multiple times, only the last
@@ -2743,6 +2745,12 @@ relay_clientcerts = hash:/etc/postfix/relay_clientcerts
.fi
.ad
.ft R
.PP
For more fine-grained control, use check_ccert_access to select
an appropriate \fBaccess\fR(5) policy for each client.
See RESTRICTION_CLASS_README.
.PP
This feature is available with Postfix 2.2.
.SH relay_destination_concurrency_limit (default: $default_destination_concurrency_limit)
The maximal number of parallel deliveries to the same destination
via the relay message delivery transport. This limit is enforced
@@ -3925,6 +3933,10 @@ restriction that matches wins.
.PP
The following restrictions are specific to client hostname or
client network address information.
.IP "\fBcheck_ccert_access \fItype:table\fR\fR"
When the remote SMTP client certificate is verified successfully,
use the client certificate fingerprint as lookup key for the specified
\fBaccess\fR(5) database. This feature is available with Postfix 2.2.
.IP "\fBcheck_client_access \fItype:table\fR\fR"
Search the specified access database for the client hostname,
parent domains, client IP address, or networks obtained by stripping
@@ -3943,11 +3955,11 @@ Permit the request when the remote SMTP client certificate is
verified successfully. This option must be used only if a special
CA issues the certificates and only this CA is listed as trusted
CA, otherwise all clients with a recognized certificate would be
allowed to relay.
allowed to relay. This feature is available with Postfix 2.2.
.IP "\fBpermit_tls_clientcerts\fR"
Permit the request when the remote SMTP client certificate is
verified successfully, and the certificate fingerprint is listed
in $relay_clientcerts.
in $relay_clientcerts. This feature is available with Postfix 2.2.
.IP "\fBreject_rbl_client \fIrbl_domain=d.d.d.d\fR\fR"
Reject the request when the reversed client network address is
listed with the A record "\fId.d.d.d\fR" under \fIrbl_domain\fR

2
postfix/man/man5/relocated.5
View File

@@ -67,7 +67,7 @@ Matches \fIuser\fR@\fIsite\fR when \fIsite\fR is $\fBmyorigin\fR,
when \fIsite\fR is listed in $\fBmydestination\fR, or when \fIsite\fR
is listed in $\fBinet_interfaces\fR or $\fBproxy_interfaces\fR.
.IP @\fIdomain\fR
Matches every other address in \fIdomain\fR. This form has the lowest
Matches other addresses in \fIdomain\fR. This form has the lowest
precedence.
.SH "ADDRESS EXTENSION"
.na

3
postfix/mantools/postlink
View File

@@ -578,7 +578,7 @@ while (<>) {
s/\b[A-Z0-9_]*_README\b/<a href="$&.html">$&<\/a>/g;
s/\bINSTALL\b/<a href="$&.html">$&<\/a>/g;
s/\bOVERVIEW\b/<a href="$&.html">$&<\/a>/g;
s/"type:table"/"<a href="DATABASE_README.html">type:table<\/a>"/g;
s/\btype:table\b/<a href="DATABASE_README.html">type:table<\/a>/g;
# Split manual page hyperlinks across newlines
@@ -597,6 +597,7 @@ while (<>) {
# Access restrictions - client
s;\bcheck_client_access\b;<a href="postconf.5.html#check_client_access">$&</a>;g;
s;\bcheck_ccert_access\b;<a href="postconf.5.html#check_ccert_access">$&</a>;g;
s;\bpermit_inet_interfaces\b;<a href="postconf.5.html#permit_inet_interfaces">$&</a>;g;
s;\bpermit_mynetworks\b;<a href="postconf.5.html#permit_mynetworks">$&</a>;g;
s;\bpermit_sasl_authenticated\b;<a href="postconf.5.html#permit_sasl_authenticated">$&</a>;g;

6
postfix/proto/SMTPD_ACCESS_README.html
View File

@@ -179,6 +179,12 @@ described in the postconf(5) manual page. </p>
# Whitelisting: local clients may specify any destination. Others may not.
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
# Block clients that speak too early.
smtpd_data_restrictions = reject_unauth_pipelining
# Enforce mail volume quota via policy service callouts.
smtpd_end_of_data_restrictions = check_policy_service unix:private/policy
</pre>
<p> Each restriction list is evaluated from left to right until

6
postfix/proto/TLS_README.html
View File

@@ -580,7 +580,7 @@ recommends a maximum of 24 hours. </p>
<h3><a name="server_access">Server access control</a> </h3>
<p> Postfix TLS support introduces two additional features for
<p> Postfix TLS support introduces three additional features for
Postfix SMTP server access control: </p>
<blockquote>
@@ -596,6 +596,10 @@ and if its fingerprint is listed in the list of client certificates
client SMTP request if the client certificate passes verification.
</p> </dd>
<dt> check_ccert_access type:table</dt> <dd>
<p> If the client certificate passes verification, use its fingerprint
as a key for the specified access(5) table. </p> </dd>
</dl>
</blockquote>

6
postfix/proto/postconf.html.prolog
View File

@@ -46,10 +46,12 @@ that starts with whitespace continues a logical line. </p>
recursively replaced by the value of the named parameter. </p>
<li> <p> The expression "${name?value}" expands to "value" when
"$name" is non-empty. </p>
"$name" is non-empty. This form is supported with Postfix version
2.2 and later. </p>
<li> <p> The expression "${name:value}" expands to "value" when
"$name" is empty. </p>
"$name" is empty. This form is supported with Postfix version 2.2
and later. </p>
</ul>

6
postfix/proto/postconf.man.prolog
View File

@@ -36,10 +36,12 @@ The expressions "$name", "${name}" or "$(name)" are
recursively replaced by the value of the named parameter.
.IP \(bu
The expression "${name?value}" expands to "value" when
"$name" is non-empty.
"$name" is non-empty. This form is supported with Postfix
version 2.2 and later.
.IP \(bu
The expression "${name:value}" expands to "value" when
"$name" is empty.
"$name" is empty. This form is supported with Postfix
version 2.2 and later.
.RE
.IP \(bu
When the same parameter is defined multiple times, only the last

16
postfix/proto/postconf.proto
View File

@@ -4313,6 +4313,12 @@ client network address information.
<dl>
<dt><b><a name="check_ccert_access">check_ccert_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
<dd>When the remote SMTP client certificate is verified successfully,
use the client certificate fingerprint as lookup key for the specified
access(5) database. This feature is available with Postfix 2.2.</dd>
<dt><b><a name="check_client_access">check_client_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
<dd>Search the specified access database for the client hostname,
@@ -4341,13 +4347,13 @@ authenticated via the RFC 2554 (AUTH) protocol. </dd>
verified successfully. This option must be used only if a special
CA issues the certificates and only this CA is listed as trusted
CA, otherwise all clients with a recognized certificate would be
allowed to relay. </dd>
allowed to relay. This feature is available with Postfix 2.2.</dd>
<dt><b><a name="permit_tls_clientcerts">permit_tls_clientcerts</a></b></dt>
<dd>Permit the request when the remote SMTP client certificate is
verified successfully, and the certificate fingerprint is listed
in $relay_clientcerts. </dd>
in $relay_clientcerts. This feature is available with Postfix 2.2.</dd>
<dt><b><a name="reject_rbl_client">reject_rbl_client <i>rbl_domain=d.d.d.d</i></a></b></dt>
<dd>Reject the request when the reversed client network address is
@@ -7873,6 +7879,12 @@ D7:04:2F:A7:0B:8C:A5:21:FA:31:77:E1:41:8A:EE:80 lutzpc.at.home </p>
relay_clientcerts = hash:/etc/postfix/relay_clientcerts
</pre>
<p>For more fine-grained control, use check_ccert_access to select
an appropriate access(5) policy for each client.
See RESTRICTION_CLASS_README.</p>
<p>This feature is available with Postfix 2.2.</p>
%PARAM smtpd_tls_cipherlist
<p> Controls the Postfix SMTP server TLS cipher selection scheme.

1
postfix/src/global/mail_params.h
View File

@@ -1662,6 +1662,7 @@ extern char *var_perm_mx_networks;
extern int var_access_map_code;
#define CHECK_CLIENT_ACL "check_client_access"
#define CHECK_CCERT_ACL "check_ccert_access"
#define CHECK_HELO_ACL "check_helo_access"
#define CHECK_SENDER_ACL "check_sender_access"
#define CHECK_RECIP_ACL "check_recipient_access"

2
postfix/src/global/mail_version.h
View File

@@ -20,7 +20,7 @@
* Patches change the patchlevel and the release date. Snapshots change the
* release date only.
*/
#define MAIL_RELEASE_DATE "20050207"
#define MAIL_RELEASE_DATE "20050208"
#define MAIL_VERSION_NUMBER "2.2"
#define VAR_MAIL_VERSION "mail_version"

2
postfix/src/local/local.c
View File

@@ -790,7 +790,7 @@ static void pre_init(char *unused_name, char **unused_argv)
* file.
*/
if (var_mailbox_limit) {
if (var_mailbox_limit < var_message_limit)
if (var_mailbox_limit < var_message_limit || var_message_limit == 0)
msg_fatal("main.cf configuration error: %s is smaller than %s",
VAR_MAILBOX_LIMIT, VAR_MESSAGE_LIMIT);
set_file_limit(var_mailbox_limit);

10
postfix/src/postfix/postfix.c
View File

@@ -19,15 +19,15 @@
/*
/* The following commands are implemented:
/* .IP \fBcheck\fR
/* Validate the Postfix mail system configuration. Warn about bad
/* directory/file ownership or permissions, and create missing
/* directories.
/* Warn about bad directory/file ownership or permissions,
/* and create missing directories.
/* .IP \fBstart\fR
/* Start the Postfix mail system. This also runs the configuration
/* check described above.
/* .IP \fBstop\fR
/* Stop the Postfix mail system in an orderly fashion. Running processes
/* are allowed to terminate at their earliest convenience.
/* Stop the Postfix mail system in an orderly fashion. If
/* possible, running processes are allowed to terminate at
/* their earliest convenience.
/* .sp
/* Note: in order to refresh the Postfix mail system after a
/* configuration change, do not use the \fBstart\fR and \fBstop\fR

4
postfix/src/postsuper/postsuper.c
View File

@@ -31,6 +31,7 @@
/* Delete one message with the named queue ID from the named
/* mail queue(s) (default: \fBhold\fR, \fBincoming\fR, \fBactive\fR and
/* \fBdeferred\fR).
/*
/* If a \fIqueue_id\fR of \fB-\fR is specified, the program reads
/* queue IDs from standard input. For example, to delete all mail
/* with exactly one recipient \fBuser@example.com\fR:
@@ -76,6 +77,7 @@
/* Move one message with the named queue ID from the named
/* mail queue(s) (default: \fBincoming\fR, \fBactive\fR and
/* \fBdeferred\fR) to the \fBhold\fR queue.
/*
/* If a \fIqueue_id\fR of \fB-\fR is specified, the program reads
/* queue IDs from standard input.
/* .sp
@@ -92,6 +94,7 @@
/* Release mail that was put "on hold".
/* Move one message with the named queue ID from the named
/* mail queue(s) (default: \fBhold\fR) to the \fBdeferred\fR queue.
/*
/* If a \fIqueue_id\fR of \fB-\fR is specified, the program reads
/* queue IDs from standard input.
/* .sp
@@ -111,6 +114,7 @@
/* \fBdeferred\fR).
/* To requeue multiple messages, specify multiple \fB-r\fR
/* command-line options.
/*
/* Alternatively, if a \fIqueue_id\fR of \fB-\fR is specified,
/* the program reads queue IDs from standard input.
/* .sp

38
postfix/src/smtpd/smtpd_check.c
View File

@@ -336,6 +336,7 @@ static int check_rcpt_maps(SMTPD_STATE *, const char *, const char *);
* Reject context.
*/
#define SMTPD_NAME_CLIENT "Client host"
#define SMTPD_NAME_CCERT "Client certificate"
#define SMTPD_NAME_HELO "Helo command"
#define SMTPD_NAME_SENDER "Sender address"
#define SMTPD_NAME_RECIPIENT "Recipient address"
@@ -2341,6 +2342,39 @@ static int check_server_access(SMTPD_STATE *state, const char *table,
CHECK_SERVER_RETURN(SMTPD_CHECK_DUNNO);
}
/* check_ccert_access - access for TLS clients by certificate fingerprint */
#ifdef USE_TLS
static int check_ccert_access(SMTPD_STATE *state, const char *table,
const char *def_acl)
{
char *myname = "check_ccert_access";
int found;
if (state->tls_info.peer_verified && state->tls_info.peer_fingerprint) {
if (msg_verbose)
msg_info("%s: %s", myname, state->tls_info.peer_fingerprint);
/*
* Regexp tables don't make sense for certificate fingerprints. That
* may be so, but we can't ignore the entire check_ccert_access
* request without logging a warning.
*
* Log the peer CommonName when access is denied. Non-printable
* characters will be neutered by smtpd_check_reject(). The SMTP
* client name and address are always syslogged as part of a "reject"
* event.
*/
return (check_access(state, table, state->tls_info.peer_fingerprint,
DICT_FLAG_NONE, &found, state->tls_info.peer_CN,
SMTPD_NAME_CCERT, def_acl));
}
return (SMTPD_CHECK_DUNNO);
}
#endif
/* check_mail_access - OK/FAIL based on mail address lookup */
static int check_mail_access(SMTPD_STATE *state, const char *table,
@@ -3204,6 +3238,10 @@ static int generic_checks(SMTPD_STATE *state, ARGV *restrictions,
status = reject_rbl_domain(state, *cpp, state->name,
SMTPD_NAME_CLIENT);
}
#ifdef USE_TLS
} else if (is_map_command(state, name, CHECK_CCERT_ACL, &cpp)) {
status = check_ccert_access(state, *cpp, def_acl);
#endif
}
/*

92
postfix/src/util/dict.c
View File

@@ -117,8 +117,8 @@
/* dict_eval() expands macro references in the specified string.
/* The result is owned by the dictionary manager. Make a copy if the
/* result is to survive multiple dict_eval() calls. When the
/* \fIrecursive\fR argument is non-zero, macros references are
/* expanded recursively.
/* \fIrecursive\fR argument is non-zero, macro references in macro
/* lookup results are expanded recursively.
/*
/* dict_walk() iterates over all registered dictionaries in some
/* arbitrary order, and invokes the specified action routine with
@@ -183,7 +183,7 @@
#include "vstream.h"
#include "vstring.h"
#include "readlline.h"
#include "mac_parse.h"
#include "mac_expand.h"
#include "stringops.h"
#include "iostuff.h"
#include "dict.h"
@@ -410,94 +410,52 @@ void dict_load_fp(const char *dict_name, VSTREAM *fp)
vstring_free(buf);
}
/*
* Helper for macro expansion callback.
*/
struct dict_eval_context {
const char *dict_name; /* where to look */
VSTRING *buf; /* result buffer */
int recursive; /* recursive or not */
};
/* dict_eval_lookup - macro parser call-back routine */
/* dict_eval_action - macro parser call-back routine */
static int dict_eval_action(int type, VSTRING *buf, char *ptr)
static const char *dict_eval_lookup(const char *key, int unused_type,
char *dict_name)
{
struct dict_eval_context *ctxt = (struct dict_eval_context *) ptr;
char *myname = "dict_eval_action";
const char *pp;
if (msg_verbose > 1)
msg_info("%s: type %s buf %s context %s \"%s\" %s",
myname, type == MAC_PARSE_VARNAME ? "variable" : "literal",
STR(buf), ctxt->dict_name, STR(ctxt->buf),
ctxt->recursive ? "recursive" : "non-recursive");
/*
* In order to support recursion, we must save the dict_lookup() result.
* We use the input buffer since it will not be needed anymore.
* XXX how would one recover?
*/
if (type == MAC_PARSE_VARNAME) {
if ((pp = dict_lookup(ctxt->dict_name, STR(buf))) == 0) {
if (dict_errno) /* XXX how would one recover? */
msg_fatal("dictionary %s: lookup %s: temporary error",
ctxt->dict_name, STR(buf));
} else if (ctxt->recursive) {
vstring_strcpy(buf, pp); /* XXX clobber input */
dict_eval(ctxt->dict_name, STR(buf), ctxt->recursive);
} else {
vstring_strcat(ctxt->buf, pp);
}
} else {
vstring_strcat(ctxt->buf, STR(buf));
}
return (0);
if ((pp = dict_lookup(dict_name, key)) == 0 && dict_errno != 0)
msg_fatal("dictionary %s: lookup %s: temporary error", dict_name, key);
return (pp);
}
/* dict_eval - expand embedded dictionary references */
const char *dict_eval(const char *dict_name, const char *value, int recursive)
{
const char *myname = "dict_eval";
static VSTRING *buf;
static struct dict_eval_context ctxt;
static int loop = 0;
/*
* Sanity check.
*/
if (loop > 100)
msg_fatal("unreasonable macro nesting: \"%s\"", value);
int status;
/*
* Initialize.
*/
if (buf == 0)
buf = vstring_alloc(10);
if (loop++ == 0) {
VSTRING_RESET(buf);
VSTRING_TERMINATE(buf);
}
ctxt.buf = buf;
ctxt.recursive = recursive;
ctxt.dict_name = dict_name;
/*
* Expand macros, possibly recursively.
*/
if (msg_verbose > 1)
msg_info("dict_eval[%d] %s", loop, value);
mac_parse(value, dict_eval_action, (char *) &ctxt);
if (msg_verbose > 1)
msg_info("dict_eval[%d] result %s", loop, STR(buf));
/*
* Cleanup.
*/
loop--;
VSTRING_TERMINATE(buf);
#define DONT_FILTER (char *) 0
status = mac_expand(buf, value,
recursive ? MAC_EXP_FLAG_RECURSE : MAC_EXP_FLAG_NONE,
DONT_FILTER, dict_eval_lookup, (char *) dict_name);
if (status & MAC_PARSE_ERROR)
msg_fatal("dictionary %s: macro processing error", dict_name);
if (msg_verbose) {
if (strcmp(value, STR(buf)) != 0)
msg_info("%s: expand %s -> %s", myname, value, STR(buf));
else
msg_info("%s: const %s", myname, value);
}
return (STR(buf));
}

9
postfix/src/util/dict_open.c
View File

@@ -88,9 +88,14 @@
/* into the right-hand side.
/* .IP DICT_FLAG_NO_PROXY
/* Disallow access through the \fBproxymap\fR service.
/* .IP DICT_FLAG_NO_UNAUTH
/* Disallow network lookup mechanisms that lack any form of
/* authentication (example: tcp_table; even NIS can be secured
/* to some extent by requiring that the server binds to a
/* privileged port).
/* .IP DICT_FLAG_PARANOID
/* A combination of all the paranoia flags: DICT_FLAG_NO_REGSUB
/* and DICT_FLAG_NO_PROXY.
/* A combination of all the paranoia flags: DICT_FLAG_NO_REGSUB,
/* DICT_FLAG_NO_PROXY and DICT_FLAG_NO_UNAUTH.
/* .PP
/* Specify DICT_FLAG_NONE for no special processing.
/*

22
postfix/src/util/mac_expand.c
View File

@@ -45,7 +45,7 @@
/* Bit-wise OR of zero or more of the following:
/* .RS
/* .IP MAC_EXP_FLAG_RECURSE
/* Expand $name recursively. This should never be done with
/* Expand macros in lookup results. This should never be done with
/* data whose origin is untrusted.
/* .PP
/* The constant MAC_EXP_FLAG_NONE specifies a manifest null value.
@@ -59,7 +59,7 @@
/* MAC_EXP_MODE_TEST to test the existence of the named attribute
/* or MAC_EXP_MODE_USE to use the value of the named attribute,
/* and the caller context that was given to mac_expand(). A null
/* result means that the requested attribute was not defined.
/* result value means that the requested attribute was not defined.
/* .IP context
/* Caller context that is passed on to the attribute lookup routine.
/* DIAGNOSTICS
@@ -136,8 +136,11 @@ static int mac_expand_callback(int type, VSTRING *buf, char *ptr)
/*
* $Name etc. reference.
*
* In order to support expansion of lookup results, we must save the lookup
* result. We use the input buffer since it will not be needed anymore.
*/
if (type == MAC_PARSE_VARNAME) {
if (type == MAC_PARSE_EXPR) {
/*
* Look for the ? or : delimiter. In case of a syntax error, return
@@ -183,7 +186,8 @@ static int mac_expand_callback(int type, VSTRING *buf, char *ptr)
} else if (*text == 0) {
/* void */ ;
} else if (mc->flags & MAC_EXP_FLAG_RECURSE) {
mac_parse(text, mac_expand_callback, (char *) mc);
vstring_strcpy(buf, text);
mac_parse(vstring_str(buf), mac_expand_callback, (char *) mc);
} else {
len = VSTRING_LEN(mc->result);
vstring_strcat(mc->result, text);
@@ -201,17 +205,9 @@ static int mac_expand_callback(int type, VSTRING *buf, char *ptr)
* Literal text.
*/
else {
text = vstring_str(buf);
vstring_strcat(mc->result, text);
vstring_strcat(mc->result, vstring_str(buf));
}
/*
* Give the poor tester a clue of what is going on.
*/
if (msg_verbose)
msg_info("%s: %s = %s", myname, vstring_str(buf),
text ? text : "(undef)");
mc->level--;
return (mc->status);

20
postfix/src/util/mac_parse.c
View File

@@ -23,9 +23,11 @@
/* found, and \fIcontext\fR is passed on unmodified from the caller.
/* The application is at liberty to clobber \fIbuf\fR.
/* .IP MAC_PARSE_LITERAL
/* The text in \fIbuf\fR is literal text.
/* .IP MAC_PARSE_VARNAME
/* The text in \fIbuf\fR is a macro expression.
/* The content of \fIbuf\fR is literal text.
/* .IP MAC_PARSE_EXPR
/* The content of \fIbuf\fR is a macro expression: either a
/* bare macro name without the preceding "$", or all the text
/* inside $() or ${}.
/* .PP
/* The action routine result value is the bit-wise OR of zero or more
/* of the following:
@@ -72,11 +74,11 @@
* execute the action, and reset the temporary buffer for re-use.
*/
#define MAC_PARSE_ACTION(status, type, buf, context) \
{ \
do { \
VSTRING_TERMINATE(buf); \
status |= action(type, buf, context); \
status |= action((type), (buf), (context)); \
VSTRING_RESET(buf); \
}
} while(0)
/* mac_parse - split string into literal text and macro references */
@@ -138,7 +140,7 @@ int mac_parse(const char *value, MAC_PARSE_FN action, char *context)
msg_warn("empty macro name: \"%s\"", value);
break;
}
MAC_PARSE_ACTION(status, MAC_PARSE_VARNAME, buf, context);
MAC_PARSE_ACTION(status, MAC_PARSE_EXPR, buf, context);
}
}
if (VSTRING_LEN(buf) > 0 && (status & MAC_PARSE_ERROR) == 0)
@@ -167,8 +169,8 @@ static int mac_parse_print(int type, VSTRING *buf, char *unused_context)
char *type_name;
switch (type) {
case MAC_PARSE_VARNAME:
type_name = "MAC_PARSE_VARNAME";
case MAC_PARSE_EXPR:
type_name = "MAC_PARSE_EXPR";
break;
case MAC_PARSE_LITERAL:
type_name = "MAC_PARSE_LITERAL";

3
postfix/src/util/mac_parse.h
View File

@@ -20,7 +20,8 @@
* External interface.
*/
#define MAC_PARSE_LITERAL 1
#define MAC_PARSE_VARNAME 2
#define MAC_PARSE_EXPR 2
#define MAC_PARSE_VARNAME MAC_PARSE_EXPR /* 2.1 compatibility */
#define MAC_PARSE_OK 0
#define MAC_PARSE_ERROR (1<<0)

2
postfix/src/virtual/virtual.c
View File

@@ -457,7 +457,7 @@ static void pre_init(char *unused_name, char **unused_argv)
* file.
*/
if (var_virt_mailbox_limit) {
if (var_virt_mailbox_limit < var_message_limit)
if (var_virt_mailbox_limit < var_message_limit || var_message_limit == 0)
msg_fatal("main.cf configuration error: %s is smaller than %s",
VAR_VIRT_MAILBOX_LIMIT, VAR_MESSAGE_LIMIT);
set_file_limit(var_virt_mailbox_limit);