mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-29 13:18:12 +00:00
Code Issues Releases Wiki Activity

postfix-2.2-20041022

Browse Source
This commit is contained in:
Wietse Venema 2004-10-22 00:00:00 -05:00 committed by Viktor Dukhovni
parent f2ffad66ca
commit d9f316cf24
66 changed files with 725 additions and 396 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
postfix/HISTORY
View File

@ -9776,27 +9776,22 @@ Apologies for any names omitted.
20041014-21
By default, Postfix no longer appends the local domain to
incomplete message header addresses from remote clients.
Thus, spam from badly written software no longer looks like
it came from a local user.
Instead, Postfix either does not rewrite headers from remote
clients at all, or it appends the domain name that is
specified with the new invalid_rewrite_context_domain
Postfix no longer appends the local domain to header
addresses from remote clients. Instead, Postfix either
does not rewrite those headers at all, or it appends the
domain specified with the new remote_header_rewrite_domain
parameter.
Postfix still appends $@myorigin or .$mydomain to headers
in mail from Postfix sendmail, from clients listed with
the local_rewrite_context_clients parameter (default:
from the Postfix sendmail command, or from clients listed
with the new local_header_rewrite_clients parameter (default:
permit_mynetworks, permit_sasl_authenticated).
The context specified with remote_rewrite_context_name is
used for all other clients. The default setting is backwards
compatible to avoid surprises.
20041016
Postfix still appends $@myorigin or .$mydomain when rewriting
incomplete envelope addresses.
Bugfix: attr_clnt_request() did not properly skip hash
table arguments. Luc Pardon, Skopos Consulting. File:
util/attr_clnt.c.
20041018
@ -9807,18 +9802,21 @@ Apologies for any names omitted.
Support for Errors-To: is permanently removed.
Open problems:
20041022
High: document master(5) for generic daemon options.
Bugfix: "smtp_connection_cache_on_demand=no" could crash
the SMTP client. File: smtp/smtp_connect.c.
Robustness: extra sanity checks. Files: util/dict_db.c,
util/dict_dbm.c.
Open problems:
Low: reject HELO with any domain name that this MTA is
final destination for.
Low: should the Delivered-To: test in local(8) be configurable?
Low: append a different domain (like, address.invalid) for
mail from clients not in mynetworks.
Low: document propagate_unmatched_extensions in aliases(5)
etc.
@ -9849,9 +9847,6 @@ Open problems:
all MXes return a quick ECONNRESET or 4xx reply during the
initial handshake.
Low: add msg_panic() guard to ensure that at least one of
DICT_FLAG_TRY1NULL or DICT_FLAG_TRY1NULL is set upon lookup.
Low: make post-install a "postfix-only script" so it can
take data from the environment instead of main.cf.

30
postfix/README_FILES/ADDRESS_REWRITING_README
View File

@ -166,6 +166,12 @@ table, it first rewrites the address to the standard
rewrite(8) daemon. The purpose of rewriting to standard form is to reduce the
number of entries needed in lookup tables.
Postfix versions 2.2 and later do not rewrite message headers from remote SMTP
clients at all, unless a non-empty domain name is specified with the
remote_header_rewrite_domain configuration parameter. The
local_header_rewrite_clients parameter controls what SMTP clients Postfix
considers local.
The Postfix trivial-rewrite(8) daemon implements the following hard-coded
address manipulations:
@ -193,6 +199,10 @@ address manipulations:
of Postfix components expect that all addresses have the form
"user@domain".
Postfix versions 2.2 and later do not rewrite message headers from
remote SMTP clients at all, or they append the domain name specified
with the remote_header_rewrite_domain configuration parameter.
If your machine is not the main machine for $myorigin and you wish to
have some users delivered locally without going via that main machine,
make an entry in the virtual alias table that redirects
@ -204,8 +214,12 @@ address manipulations:
(default: yes). The purpose is to get consistent treatment of different
forms of the same hostname.
Some will argue that rewriting "host" to "host.$mydomain" is bad. That
is why it can be turned off. Others like the convenience of having the
Postfix versions 2.2 and later do not rewrite message headers from
remote clients at all, or they append the domain name specified with
the remote_header_rewrite_domain configuration parameter.
Some will argue that rewriting "host" to "host.domain" is bad. That is
why it can be turned off. Others like the convenience of having the
local domain appended automatically.
Rewrite "user@site." to "user@site" (without the trailing dot).
@ -219,6 +233,12 @@ message envelopes and in message headers. By default all header and envelope
addresses are rewritten; this is controlled with the canonical_classes
configuration parameter.
Postfix versions 2.2 and later do not rewrite message headers from remote
clients at all, unless a non-empty domain name is specified with the
remote_header_rewrite_domain configuration parameter. The
local_header_rewrite_clients parameter controls what SMTP clients Postfix
considers local.
Address rewriting is done for local and remote addresses. The mapping is useful
to replace login names by "Firstname.Lastname" style addresses, or to clean up
invalid domains in mail addresses produced by legacy mail systems.
@ -277,6 +297,12 @@ Address masquerading is a method to hide hosts inside a domain behind their
mail gateway, and to make it appear as if the mail comes from the gateway
itself, instead of from individual machines.
Postfix versions 2.2 and later do not rewrite message headers from remote SMTP
clients at all, unless a non-empty domain name is specified with the
remote_header_rewrite_domain configuration parameter. The
local_header_rewrite_clients parameter controls what SMTP clients Postfix
considers local.
Address masquerading is disabled by default, and is implemented by the cleanup
(8) server. To enable, edit the masquerade_domains parameter in the main.cf
file and specify one or more domain names separated by whitespace or commas.

65
postfix/RELEASE_NOTES
View File

@ -7,54 +7,53 @@ snapshot release). Patches are issued for the official release
and change the patchlevel and the release date. Patches are never
issued for snapshot releases.
Incompatible changes with snapshot Postfix-2.2-20041019
Incompatible changes with snapshot Postfix-2.2-20041022
=======================================================
You must reload or restart Postfix, because the protocol between
queue manager and delivery agents has changed. If you forget this,
mail will remain queued until you restart/reload Postfix.
You must reload or stop/start Postfix, because the queue manager
to delivery agent protocol has changed. If you forget this, mail
will remain queued until the queue manager is restarted.
Support for return addresses in the non-standard Errors-To: message
headers is removed. It was already disabled by default with Postfix
version 2.1. Since it is non-standard, there was no guarantee that
it would have effect on other MTAs.
Support for the non-standard Errors-To: return addresses is removed.
It was already disabled by default with Postfix version 2.1. Since
Errors-To: is non-standard, there was no guarantee that it would
have effect with other MTAs.
Major changes with snapshot Postfix-2.2-20041019
Major changes with snapshot Postfix-2.2-20041022
================================================
The NIS+ client by Geoff Gibbs is now part of the Postfix source
tree. Details are given in the nisplus_table(5) manual page.
Message header address rewriting contexts. These control what
domains are appended to incomplete addresses in message headers,
and whether headers are rewritten at all.
By default, Postfix no longer appends the local domain to addresses
in message headers from remote clients. Thus, spam from poorly
written software no longer looks like it came from a local user.
- "local": Append the domain names in myorigin or mydomain to
incomplete addresses in message headers.
Postfix either does not rewrite remote message headers at all, or
it rewrites headers and appends the domain name that is specified
with the remote_header_rewrite_domain parameter (like "domain.invalid").
- "invalid": append "domain.invalid" (or whatever is specified
with the invalid_header_rewrite_context_domain parameter) to
incomplete addresses in message headers,
To get the behavior of earlier Postfix versions specify
- "none": disable header address rewriting (don't even do canonical
mapping or address masquerading).
/etc/postfix/main.cf:
local_header_rewrite_clients = static:all
The "local" address rewriting context is used for mail submitted
with the Postfix sendmail command, for mail from clients that match
$local_header_rewrite_context_clients (default: $mynetworks), and
for mail from SASL authenticated clients. It is not automatically
used for pop-before-smtp clients; you'll have to specify their
lookup table via the local_header_rewrite_context_clients parameter.
Postfix always appends local domain information in message headers
from Postfix sendmail and from local clients.
The smtpd_remote_header_rewrite_context parameter specifies the
address rewriting context for remote mail. The backwards compatible
default is "local". Purists will specify "none", so that Postfix
does not modify headers (not even with canonical mappings or address
masquerading).
By default, Postfix considers a client local when its address
matches mynetworks, or when it is SASL or TLS authenticated. If
you want to include a pop-before-smtp table, then you have to
specify that via the new local_header_rewrite_clients parameter:
Postix always uses the "local" context for envelope addresses,
because an unqualified address is effectively local when someone
attempts to reply to it.
/etc/postfix/main.cf:
local_header_rewrite_clients = permit_mynetworks,
permit_sasl_authenticated, permit_tls_clientcerts,
check_address_map hash:/etc/postfix/pop-before-smtp
As before, Postfix appends local domain information to envelope
addresses, because an unqualified address is effectively local when
someone attempts to reply to it.
Incompatible changes with snapshot Postfix-2.2-20041009
=======================================================

29
postfix/html/ADDRESS_REWRITING_README.html
View File

@ -339,6 +339,12 @@ mapping lookup table, it first rewrites the address to the standard
form is to reduce the number of entries needed in lookup tables.
</p>
<p> Postfix versions 2.2 and later do not rewrite message headers
from remote SMTP clients at all, unless a non-empty domain name is
specified with the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> configuration
parameter. The <a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter controls
what SMTP clients Postfix considers local. </p>
<p> The Postfix <a href="trivial-rewrite.8.html">trivial-rewrite(8)</a> daemon implements the following
hard-coded address manipulations: </p>
@ -377,6 +383,11 @@ parameter (default: yes). You should never turn off this feature,
because a lot of Postfix components expect that all addresses have
the form "user@domain". </p>
<p> Postfix versions 2.2 and later do not rewrite message headers
from remote SMTP clients at all, or they append the domain name
specified with the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> configuration
parameter. </p>
<p> If your machine is not the main machine for $<a href="postconf.5.html#myorigin">myorigin</a> and you
wish to have some users delivered locally without going via that
main machine, make an entry in the <a href="#virtual">virtual
@ -393,7 +404,11 @@ Rewrite "user@host" to "user@host.$<a href="postconf.5.html#mydomain">mydomain</
parameter (default: yes). The purpose is to get consistent treatment
of different forms of the same hostname. </p>
<p> Some will argue that rewriting "host" to "host.$<a href="postconf.5.html#mydomain">mydomain</a>"
<p> Postfix versions 2.2 and later do not rewrite message headers
from remote clients at all, or they append the domain name specified
with the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> configuration parameter. </p>
<p> Some will argue that rewriting "host" to "host.domain"
is bad. That is why it can be turned off. Others like the convenience
of having the <a href="ADDRESS_CLASS_README.html#local_domain_class">local domain</a> appended automatically. </p> </dd>
@ -414,6 +429,12 @@ addresses in message envelopes and in message headers. By default
all header and envelope addresses are rewritten; this is controlled
with the <a href="postconf.5.html#canonical_classes">canonical_classes</a> configuration parameter. </p>
<p> Postfix versions 2.2 and later do not rewrite message headers
from remote clients at all, unless a non-empty domain name is
specified with the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> configuration
parameter. The <a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter controls
what SMTP clients Postfix considers local. </p>
<p> Address rewriting is
done for local and remote addresses. The mapping is useful to
replace login names by "Firstname.Lastname" style addresses, or to
@ -491,6 +512,12 @@ behind their mail gateway, and to make it appear as if the mail
comes from the gateway itself, instead of from individual machines.
</p>
<p> Postfix versions 2.2 and later do not rewrite message headers
from remote SMTP clients at all, unless a non-empty domain name is
specified with the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> configuration
parameter. The <a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter controls
what SMTP clients Postfix considers local. </p>
<p> Address masquerading is disabled by default, and is implemented
by the <a href="cleanup.8.html">cleanup(8)</a> server. To enable, edit the <a href="postconf.5.html#masquerade_domains">masquerade_domains</a>
parameter in the main.cf file and specify one or more domain names

1
postfix/html/anvil.8.html
View File

@ -196,6 +196,7 @@ ANVIL(8) ANVIL(8)
<b>SEE ALSO</b>
<a href="smtpd.8.html">smtpd(8)</a>, Postfix SMTP server
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="master.5.html">master(5)</a>, generic daemon options
<b>README FILES</b>
<a href="TUNING_README.html">TUNING_README</a>, performance tuning

1
postfix/html/bounce.8.html
View File

@ -147,6 +147,7 @@ BOUNCE(8) BOUNCE(8)
<b>SEE ALSO</b>
<a href="qmgr.8.html">qmgr(8)</a>, queue manager
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="master.5.html">master(5)</a>, generic daemon options
<a href="master.8.html">master(8)</a>, process manager
syslogd(8), system logging

1
postfix/html/cleanup.8.html
View File

@ -363,6 +363,7 @@ CLEANUP(8) CLEANUP(8)
<a href="canonical.5.html">canonical(5)</a>, canonical address lookup table format
<a href="virtual.5.html">virtual(5)</a>, virtual alias lookup table format
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="master.5.html">master(5)</a>, generic daemon options
<a href="master.8.html">master(8)</a>, process manager
syslogd(8), system logging

1
postfix/html/discard.8.html
View File

@ -104,6 +104,7 @@ DISCARD(8) DISCARD(8)
<a href="bounce.8.html">bounce(8)</a>, delivery status reports
<a href="error.8.html">error(8)</a>, Postfix error delivery agent
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="master.5.html">master(5)</a>, generic daemon options
<a href="master.8.html">master(8)</a>, process manager
syslogd(8), system logging

1
postfix/html/error.8.html
View File

@ -118,6 +118,7 @@ ERROR(8) ERROR(8)
<a href="bounce.8.html">bounce(8)</a>, delivery status reports
<a href="discard.8.html">discard(8)</a>, Postfix discard delivery agent
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="master.5.html">master(5)</a>, generic daemon options
<a href="master.8.html">master(8)</a>, process manager
syslogd(8), system logging

1
postfix/html/flush.8.html
View File

@ -157,6 +157,7 @@ FLUSH(8) FLUSH(8)
<a href="smtpd.8.html">smtpd(8)</a>, SMTP server
<a href="qmgr.8.html">qmgr(8)</a>, queue manager
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="master.5.html">master(5)</a>, generic daemon options
<a href="master.8.html">master(8)</a>, process manager
syslogd(8), system logging

3
postfix/html/lmtp.8.html
View File

@ -197,7 +197,7 @@ LMTP(8) LMTP(8)
The LMTP client time limit for sending the LMTP
".", and for receiving the server response.
<b><a href="postconf.5.html#lmtp_rset_timeout">lmtp_rset_timeout</a> (120s)</b>
<b><a href="postconf.5.html#lmtp_rset_timeout">lmtp_rset_timeout</a> (20s)</b>
The LMTP client time limit for sending the RSET
command, and for receiving the server response.
@ -260,6 +260,7 @@ LMTP(8) LMTP(8)
<a href="bounce.8.html">bounce(8)</a>, delivery status reports
<a href="qmgr.8.html">qmgr(8)</a>, queue manager
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="master.5.html">master(5)</a>, generic daemon options
services(4), Internet services and aliases
<a href="master.8.html">master(8)</a>, process manager
syslogd(8), system logging

1
postfix/html/local.8.html
View File

@ -526,6 +526,7 @@ LOCAL(8) LOCAL(8)
<a href="postalias.1.html">postalias(1)</a>, create/update alias database
<a href="aliases.5.html">aliases(5)</a>, format of alias database
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="master.5.html">master(5)</a>, generic daemon options
syslogd(8), system logging
<b>LICENSE</b>

1
postfix/html/oqmgr.8.html
View File

@ -312,6 +312,7 @@ OQMGR(8) OQMGR(8)
<a href="trivial-rewrite.8.html">trivial-rewrite(8)</a>, address routing
<a href="bounce.8.html">bounce(8)</a>, delivery status reports
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="master.5.html">master(5)</a>, generic daemon options
<a href="master.8.html">master(8)</a>, process manager
syslogd(8) system logging

3
postfix/html/pickup.8.html
View File

@ -58,7 +58,7 @@ PICKUP(8) PICKUP(8)
<b><a href="postconf.5.html#receive_override_options">receive_override_options</a> (empty)</b>
Enable or disable recipient validation, built-in
content filtering, or address rewriting.
content filtering, or address mapping.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
@ -113,6 +113,7 @@ PICKUP(8) PICKUP(8)
<a href="sendmail.1.html">sendmail(1)</a>, Sendmail-compatible interface
<a href="postdrop.1.html">postdrop(1)</a>, mail posting agent
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="master.5.html">master(5)</a>, generic daemon options
<a href="master.8.html">master(8)</a>, process manager
syslogd(8), system logging

1
postfix/html/pipe.8.html
View File

@ -350,6 +350,7 @@ PIPE(8) PIPE(8)
<a href="qmgr.8.html">qmgr(8)</a>, queue manager
<a href="bounce.8.html">bounce(8)</a>, delivery status reports
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="master.5.html">master(5)</a>, generic daemon options
<a href="master.8.html">master(8)</a>, process manager
syslogd(8), system logging

56
postfix/html/postconf.5.html
View File

@ -3075,9 +3075,10 @@ into concurrency per domain. </p>
<DT><b><a name="local_header_rewrite_clients">local_header_rewrite_clients</a>
(default: see "postconf -d" output)</b></DT><DD>
<p> Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> to incomplete
message header addresses from these clients; append
$<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> for all other clients. </p>
<p> Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> to message
header addresses from these clients only; either don't rewrite
message headers from other clients at all, or append the domain
specified with the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter. </p>
<p> Specify a list of zero or more of the following: </p>
@ -3124,9 +3125,27 @@ for pop-before-smtp lookup tables. </dd>
<p> Examples: </p>
<p> The backwards compatible setting: always rewrite message headers,
and always append my own domain to incomplete header addresses. </p>
<pre>
<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = static:all
<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>
<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = static:all
</pre>
<p> The default setting: rewrite headers and append my own domain
only with mail from local or authorized clients. </p>
<pre>
<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>,
<a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a> <a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a>
</pre>
<p> Include clients that are pop-before-smtp authenticated: </p>
<pre>
<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>,
<a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a> <a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a>
<a href="postconf.5.html#check_address_map">check_address_map</a> hash:/etc/postfix/pop-before-smtp
</pre>
@ -5046,13 +5065,28 @@ Examples:
</DD>
<DT><b><a name="remote_header_rewrite_domain">remote_header_rewrite_domain</a>
(default: domain.invalid)</b></DT><DD>
(default: empty)</b></DT><DD>
<p> Append this domain name to incomplete message header addresses
from remote clients; when this domain name is empty, don't rewrite
remote message headers at all. Both stop Postfix from appending
your own domain to addresses in spam from poorly written software.
</p>
<p> Don't rewrite message headers from remote clients at all when
this parameter is empty; otherwise, rewrite remote message headers
and append the specified domain name to incomplete addresses. </p>
<p> Examples: </p>
<p> The safe setting: append "domain.invalid" to incomplete header
addresses from remote SMTP clients, so that those addresses cannot
be confused with local addresses. </p>
<pre>
<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> = domain.invalid
</pre>
<p> The default, purist, setting: don't rewrite headers from remote
clients at all. </p>
<pre>
<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> =
</pre>
</DD>

13
postfix/html/proxymap.8.html
View File

@ -88,8 +88,8 @@ PROXYMAP(8) PROXYMAP(8)
latency lookups.
<b>CONFIGURATION PARAMETERS</b>
On busy mail systems a long time may pass before prox-
ymap(8) relevant changes to <b>main.cf</b> are picked up. Use the
On busy mail systems a long time may pass before <a href="proxymap.8.html">prox-</a>
<a href="proxymap.8.html">ymap(8)</a> relevant changes to <b>main.cf</b> are picked up. Use the
command "<b>postfix reload</b>" to speed up a change.
The text below provides only a parameter summary. See
@ -129,8 +129,15 @@ PROXYMAP(8) PROXYMAP(8)
The lookup tables that the <a href="proxymap.8.html">proxymap(8)</a> server is
allowed to access.
<b>SEE ALSO</b>
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="master.5.html">master(5)</a>, generic daemon options
<b>README FILES</b>
<a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
The Secure Mailer license must be distributed with this
software.
<b>HISTORY</b>

399
postfix/html/smtpd.8.html
View File

@ -112,37 +112,38 @@ SMTPD(8) SMTPD(8)
<b><a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> (see 'postconf -d' output)</b>
Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> to
incomplete message header addresses from these
clients; append $<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> for
all other clients.
message header addresses from these clients only;
either don't rewrite message headers from other
clients at all, or append the domain specified with
the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter.
<b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> (domain.invalid)</b>
Append this domain name to incomplete message
header addresses from remote clients; when this
domain name is empty, don't rewrite remote message
headers at all.
<b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> (empty)</b>
Don't rewrite message headers from remote clients
at all when this parameter is empty; otherwise,
rewrite remote message headers and append the spec-
ified domain name to incomplete addresses.
<b>AFTER QUEUE EXTERNAL CONTENT INSPECTION CONTROLS</b>
As of version 1.0, Postfix can be configured to send new
mail to an external content filter AFTER the mail is
queued. This content filter is expected to inject mail
back into a (Postfix or other) MTA for further delivery.
As of version 1.0, Postfix can be configured to send new
mail to an external content filter AFTER the mail is
queued. This content filter is expected to inject mail
back into a (Postfix or other) MTA for further delivery.
See the <a href="FILTER_README.html">FILTER_README</a> document for details.
<b><a href="postconf.5.html#content_filter">content_filter</a> (empty)</b>
The name of a mail delivery transport that filters
The name of a mail delivery transport that filters
mail after it is queued.
<b>BEFORE QUEUE EXTERNAL CONTENT INSPECTION CONTROLS</b>
As of version 2.1, the Postfix SMTP server can be config-
ured to send incoming mail to a real-time SMTP-based con-
As of version 2.1, the Postfix SMTP server can be config-
ured to send incoming mail to a real-time SMTP-based con-
tent filter BEFORE mail is queued. This content filter is
expected to inject mail back into Postfix. See the
<a href="SMTPD_PROXY_README.html">SMTPD_PROXY_README</a> document for details on how to config-
expected to inject mail back into Postfix. See the
<a href="SMTPD_PROXY_README.html">SMTPD_PROXY_README</a> document for details on how to config-
ure and operate this feature.
<b><a href="postconf.5.html#smtpd_proxy_filter">smtpd_proxy_filter</a> (empty)</b>
The hostname and TCP port of the mail filtering
The hostname and TCP port of the mail filtering
proxy server.
<b><a href="postconf.5.html#smtpd_proxy_ehlo">smtpd_proxy_ehlo</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
@ -154,42 +155,42 @@ SMTPD(8) SMTPD(8)
for sending or receiving information.
<b>GENERAL CONTENT INSPECTION CONTROLS</b>
The following parameters are applicable for both built-in
The following parameters are applicable for both built-in
and external content filters.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#receive_override_options">receive_override_options</a> (empty)</b>
Enable or disable recipient validation, built-in
Enable or disable recipient validation, built-in
content filtering, or address mapping.
<b>EXTERNAL CONTENT INSPECTION CONTROLS</b>
The following parameters are applicable for both before-
The following parameters are applicable for both before-
queue and after-queue content filtering.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtpd_authorized_xforward_hosts">smtpd_authorized_xforward_hosts</a> (empty)</b>
What SMTP clients are allowed to use the XFORWARD
What SMTP clients are allowed to use the XFORWARD
feature.
<b>SASL AUTHENTICATION CONTROLS</b>
Postfix SASL support (<a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a>) can be used to authenti-
cate remote SMTP clients to the Postfix SMTP server, and
to authenticate the Postfix SMTP client to a remote SMTP
Postfix SASL support (<a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a>) can be used to authenti-
cate remote SMTP clients to the Postfix SMTP server, and
to authenticate the Postfix SMTP client to a remote SMTP
server. See the <a href="SASL_README.html">SASL_README</a> document for details.
<b><a href="postconf.5.html#broken_sasl_auth_clients">broken_sasl_auth_clients</a> (no)</b>
Enable inter-operability with SMTP clients that
implement an obsolete version of the AUTH command
Enable inter-operability with SMTP clients that
implement an obsolete version of the AUTH command
(<a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a>).
<b><a href="postconf.5.html#smtpd_sasl_auth_enable">smtpd_sasl_auth_enable</a> (no)</b>
Enable SASL authentication in the Postfix SMTP
Enable SASL authentication in the Postfix SMTP
server.
<b><a href="postconf.5.html#smtpd_sasl_application_name">smtpd_sasl_application_name</a> (smtpd)</b>
The application name used for SASL server initial-
The application name used for SASL server initial-
ization.
<b><a href="postconf.5.html#smtpd_sasl_local_domain">smtpd_sasl_local_domain</a> (empty)</b>
@ -200,69 +201,69 @@ SMTPD(8) SMTPD(8)
SMTP server will offer to the client.
<b><a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a> (empty)</b>
Optional lookup table with the SASL login names
Optional lookup table with the SASL login names
that own sender (MAIL FROM) addresses.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtpd_sasl_exceptions_networks">smtpd_sasl_exceptions_networks</a> (empty)</b>
What SMTP clients Postfix will not offer AUTH sup-
What SMTP clients Postfix will not offer AUTH sup-
port to.
<b>VERP SUPPORT CONTROLS</b>
With VERP style delivery, each recipient of a message
With VERP style delivery, each recipient of a message
receives a customized copy of the message with his/her own
recipient address encoded in the envelope sender address.
recipient address encoded in the envelope sender address.
The <a href="VERP_README.html">VERP_README</a> file describes configuration and operation
details of Postfix support for variable envelope return
details of Postfix support for variable envelope return
path addresses. VERP style delivery is requested with the
SMTP XVERP command or with the "sendmail -V" command-line
option and is available in Postfix version 1.1 and later.
SMTP XVERP command or with the "sendmail -V" command-line
option and is available in Postfix version 1.1 and later.
<b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a> (+=)</b>
The two default VERP delimiter characters.
<b><a href="postconf.5.html#verp_delimiter_filter">verp_delimiter_filter</a> (-=+)</b>
The characters Postfix accepts as VERP delimiter
characters on the Postfix <a href="sendmail.1.html">sendmail(1)</a> command line
The characters Postfix accepts as VERP delimiter
characters on the Postfix <a href="sendmail.1.html">sendmail(1)</a> command line
and in SMTP commands.
Available in Postfix version 1.1 and 2.0:
<b><a href="postconf.5.html#authorized_verp_clients">authorized_verp_clients</a> ($<a href="postconf.5.html#mynetworks">mynetworks</a>)</b>
What SMTP clients are allowed to specify the XVERP
What SMTP clients are allowed to specify the XVERP
command.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtpd_authorized_verp_clients">smtpd_authorized_verp_clients</a> ($<a href="postconf.5.html#authorized_verp_clients">authorized_verp_clients</a>)</b>
What SMTP clients are allowed to specify the XVERP
What SMTP clients are allowed to specify the XVERP
command.
<b>TROUBLE SHOOTING CONTROLS</b>
The <a href="DEBUG_README.html">DEBUG_README</a> document describes how to debug parts of
the Postfix mail system. The methods vary from making the
software log a lot of detail, to running some daemon pro-
The <a href="DEBUG_README.html">DEBUG_README</a> document describes how to debug parts of
the Postfix mail system. The methods vary from making the
software log a lot of detail, to running some daemon pro-
cesses under control of a call tracer or debugger.
<b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
The increment in verbose logging level when a
remote client or server matches a pattern in the
The increment in verbose logging level when a
remote client or server matches a pattern in the
<a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
<b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
Optional list of remote client or server hostname
or network address patterns that cause the verbose
logging level to increase by the amount specified
Optional list of remote client or server hostname
or network address patterns that cause the verbose
logging level to increase by the amount specified
in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
<b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b>
The recipient of postmaster notifications about
mail delivery problems that are caused by policy,
The recipient of postmaster notifications about
mail delivery problems that are caused by policy,
resource, software or protocol errors.
<b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
The list of error classes that are reported to the
The list of error classes that are reported to the
postmaster.
<b><a href="postconf.5.html#soft_bounce">soft_bounce</a> (no)</b>
@ -272,22 +273,22 @@ SMTPD(8) SMTPD(8)
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtpd_authorized_xclient_hosts">smtpd_authorized_xclient_hosts</a> (empty)</b>
What SMTP clients are allowed to use the XCLIENT
What SMTP clients are allowed to use the XCLIENT
feature.
<b>KNOWN VERSUS UNKNOWN RECIPIENT CONTROLS</b>
As of Postfix version 2.0, the SMTP server rejects mail
for unknown recipients. This prevents the mail queue from
clogging up with undeliverable MAILER-DAEMON messages.
Additional information on this topic is in the
As of Postfix version 2.0, the SMTP server rejects mail
for unknown recipients. This prevents the mail queue from
clogging up with undeliverable MAILER-DAEMON messages.
Additional information on this topic is in the
<a href="LOCAL_RECIPIENT_README.html">LOCAL_RECIPIENT_README</a> and <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> documents.
<b><a href="postconf.5.html#show_user_unknown_table_name">show_user_unknown_table_name</a> (yes)</b>
Display the name of the recipient table in the
Display the name of the recipient table in the
"User unknown" responses.
<b><a href="postconf.5.html#canonical_maps">canonical_maps</a> (empty)</b>
Optional address mapping lookup tables for message
Optional address mapping lookup tables for message
headers and envelopes.
<b><a href="postconf.5.html#recipient_canonical_maps">recipient_canonical_maps</a> (empty)</b>
@ -298,7 +299,7 @@ SMTPD(8) SMTPD(8)
<b><a href="postconf.5.html#mydestination">mydestination</a> ($<a href="postconf.5.html#myhostname">myhostname</a>, localhost.$<a href="postconf.5.html#mydomain">mydomain</a>, local-</b>
<b>host)</b>
The list of domains that are delivered via the
The list of domains that are delivered via the
$<a href="postconf.5.html#local_transport">local_transport</a> mail delivery transport.
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b>
@ -307,185 +308,185 @@ SMTPD(8) SMTPD(8)
<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b>
The network interface addresses that this mail sys-
tem receives mail on by way of a proxy or network
tem receives mail on by way of a proxy or network
address translation unit.
<b><a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> (<a href="proxymap.8.html">proxy</a>:unix:passwd.byname</b>
<b>$<a href="postconf.5.html#alias_maps">alias_maps</a>)</b>
Lookup tables with all names or addresses of local
recipients: a recipient address is local when its
domain matches $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or
Lookup tables with all names or addresses of local
recipients: a recipient address is local when its
domain matches $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or
$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>.
<b><a href="postconf.5.html#unknown_local_recipient_reject_code">unknown_local_recipient_reject_code</a> (550)</b>
The numerical Postfix SMTP server response code
when a recipient address is local, and
$<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> specifies a list of lookup
The numerical Postfix SMTP server response code
when a recipient address is local, and
$<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> specifies a list of lookup
tables that does not match the recipient.
Parameters concerning known/unknown recipients of relay
Parameters concerning known/unknown recipients of relay
destinations:
<b><a href="postconf.5.html#relay_domains">relay_domains</a> ($<a href="postconf.5.html#mydestination">mydestination</a>)</b>
What destination domains (and subdomains thereof)
What destination domains (and subdomains thereof)
this system will relay mail to.
<b><a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> (empty)</b>
Optional lookup tables with all valid addresses in
Optional lookup tables with all valid addresses in
the domains that match $<a href="postconf.5.html#relay_domains">relay_domains</a>.
<b><a href="postconf.5.html#unknown_relay_recipient_reject_code">unknown_relay_recipient_reject_code</a> (550)</b>
The numerical Postfix SMTP server reply code when a
recipient address matches $<a href="postconf.5.html#relay_domains">relay_domains</a>, and
<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> specifies a list of lookup
recipient address matches $<a href="postconf.5.html#relay_domains">relay_domains</a>, and
<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> specifies a list of lookup
tables that does not match the recipient address.
Parameters concerning known/unknown recipients in virtual
Parameters concerning known/unknown recipients in virtual
alias domains:
<b><a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a> ($<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>)</b>
Postfix is final destination for the specified list
of virtual alias domains, that is, domains for
which all addresses are aliased to addresses in
of virtual alias domains, that is, domains for
which all addresses are aliased to addresses in
other local or remote domains.
<b><a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> ($<a href="postconf.5.html#virtual_maps">virtual_maps</a>)</b>
Optional lookup tables that alias specific mail
addresses or domains to other local or remote
Optional lookup tables that alias specific mail
addresses or domains to other local or remote
address.
<b><a href="postconf.5.html#unknown_virtual_alias_reject_code">unknown_virtual_alias_reject_code</a> (550)</b>
The SMTP server reply code when a recipient address
matches $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, and $<a href="postconf.5.html#virtual_alias_maps">vir</a>-
<a href="postconf.5.html#virtual_alias_maps">tual_alias_maps</a> specifies a list of lookup tables
matches $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, and $<a href="postconf.5.html#virtual_alias_maps">vir</a>-
<a href="postconf.5.html#virtual_alias_maps">tual_alias_maps</a> specifies a list of lookup tables
that does not match the recipient address.
Parameters concerning known/unknown recipients in virtual
Parameters concerning known/unknown recipients in virtual
mailbox domains:
<b><a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> ($<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>)</b>
Postfix is final destination for the specified list
of domains; mail is delivered via the $<a href="postconf.5.html#virtual_transport">vir</a>-
of domains; mail is delivered via the $<a href="postconf.5.html#virtual_transport">vir</a>-
<a href="postconf.5.html#virtual_transport">tual_transport</a> mail delivery transport.
<b><a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> (empty)</b>
Optional lookup tables with all valid addresses in
Optional lookup tables with all valid addresses in
the domains that match $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>.
<b><a href="postconf.5.html#unknown_virtual_mailbox_reject_code">unknown_virtual_mailbox_reject_code</a> (550)</b>
The SMTP server reply code when a recipient address
matches $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>, and $<a href="postconf.5.html#virtual_mailbox_maps">vir</a>-
matches $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>, and $<a href="postconf.5.html#virtual_mailbox_maps">vir</a>-
<a href="postconf.5.html#virtual_mailbox_maps">tual_mailbox_maps</a> specifies a list of lookup tables
that does not match the recipient address.
<b>RESOURCE AND RATE CONTROLS</b>
The following parameters limit resource usage by the SMTP
The following parameters limit resource usage by the SMTP
server and/or control client request rates.
<b><a href="postconf.5.html#line_length_limit">line_length_limit</a> (2048)</b>
Upon input, long lines are chopped up into pieces
of at most this length; upon delivery, long lines
Upon input, long lines are chopped up into pieces
of at most this length; upon delivery, long lines
are reconstructed.
<b><a href="postconf.5.html#queue_minfree">queue_minfree</a> (0)</b>
The minimal amount of free space in bytes in the
The minimal amount of free space in bytes in the
queue file system that is needed to receive mail.
<b><a href="postconf.5.html#message_size_limit">message_size_limit</a> (10240000)</b>
The maximal size in bytes of a message, including
The maximal size in bytes of a message, including
envelope information.
<b><a href="postconf.5.html#smtpd_recipient_limit">smtpd_recipient_limit</a> (1000)</b>
The maximal number of recipients that the Postfix
The maximal number of recipients that the Postfix
SMTP server accepts per message delivery request.
<b><a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> (300s)</b>
The time limit for sending a Postfix SMTP server
response and for receiving a remote SMTP client
The time limit for sending a Postfix SMTP server
response and for receiving a remote SMTP client
request.
<b><a href="postconf.5.html#smtpd_history_flush_threshold">smtpd_history_flush_threshold</a> (100)</b>
The maximal number of lines in the Postfix SMTP
server command history before it is flushed upon
The maximal number of lines in the Postfix SMTP
server command history before it is flushed upon
receipt of EHLO, RSET, or end of DATA.
The per SMTP client connection count and request rate lim-
its are implemented in co-operation with the <a href="anvil.8.html">anvil(8)</a> ser-
vice, and are available in Postfix version 2.2 and later.
vice, and are available in Postfix version 2.2 and later.
<b><a href="postconf.5.html#smtpd_client_connection_count_limit">smtpd_client_connection_count_limit</a> (50)</b>
How many simultaneous connections any client is
How many simultaneous connections any client is
allowed to make to this service.
<b><a href="postconf.5.html#smtpd_client_connection_rate_limit">smtpd_client_connection_rate_limit</a> (0)</b>
The maximal number of connection attempts any
client is allowed to make to this service per time
client is allowed to make to this service per time
unit.
<b><a href="postconf.5.html#smtpd_client_message_rate_limit">smtpd_client_message_rate_limit</a> (0)</b>
The maximal number of message delivery requests
that any client is allowed to make to this service
The maximal number of message delivery requests
that any client is allowed to make to this service
per time unit, regardless of whether or not Postfix
actually accepts those messages.
<b><a href="postconf.5.html#smtpd_client_recipient_rate_limit">smtpd_client_recipient_rate_limit</a> (0)</b>
The maximal number of recipient addresses that any
client is allowed to send to this service per time
The maximal number of recipient addresses that any
client is allowed to send to this service per time
unit, regardless of whether or not Postfix actually
accepts those recipients.
<b><a href="postconf.5.html#smtpd_client_event_limit_exceptions">smtpd_client_event_limit_exceptions</a> ($<a href="postconf.5.html#mynetworks">mynetworks</a>)</b>
Clients that are excluded from connection count,
connection rate, message rate or recipient rate
Clients that are excluded from connection count,
connection rate, message rate or recipient rate
restrictions.
<b>TARPIT CONTROLS</b>
When a remote SMTP client makes errors, the Postfix SMTP
server can insert delays before responding. This can help
to slow down run-away software. The behavior is con-
trolled by an error counter that counts the number of
errors within an SMTP session that a client makes without
When a remote SMTP client makes errors, the Postfix SMTP
server can insert delays before responding. This can help
to slow down run-away software. The behavior is con-
trolled by an error counter that counts the number of
errors within an SMTP session that a client makes without
delivering mail.
<b><a href="postconf.5.html#smtpd_error_sleep_time">smtpd_error_sleep_time</a> (1s)</b>
With Postfix 2.1 and later: the SMTP server
response delay after a client has made more than
$<a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a> errors, and fewer than
$<a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> errors, without delivering
With Postfix 2.1 and later: the SMTP server
response delay after a client has made more than
$<a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a> errors, and fewer than
$<a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> errors, without delivering
mail.
<b><a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a> (10)</b>
The number of errors a remote SMTP client is
allowed to make without delivering mail before the
The number of errors a remote SMTP client is
allowed to make without delivering mail before the
Postfix SMTP server slows down all its responses.
<b><a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> (20)</b>
The maximal number of errors a remote SMTP client
The maximal number of errors a remote SMTP client
is allowed to make without delivering mail.
<b><a href="postconf.5.html#smtpd_junk_command_limit">smtpd_junk_command_limit</a> (100)</b>
The number of junk commands (NOOP, VRFY, ETRN or
The number of junk commands (NOOP, VRFY, ETRN or
RSET) that a remote SMTP client can send before the
Postfix SMTP server starts to increment the error
Postfix SMTP server starts to increment the error
counter with each junk command.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtpd_recipient_overshoot_limit">smtpd_recipient_overshoot_limit</a> (1000)</b>
The number of recipients that a remote SMTP client
can send in excess of the limit specified with
The number of recipients that a remote SMTP client
can send in excess of the limit specified with
$<a href="postconf.5.html#smtpd_recipient_limit">smtpd_recipient_limit</a>, before the Postfix SMTP
server increments the per-session error count for
server increments the per-session error count for
each excess recipient.
<b>ACCESS POLICY DELEGATION CONTROLS</b>
As of version 2.1, Postfix can be configured to delegate
access policy decisions to an external server that runs
outside Postfix. See the file <a href="SMTPD_POLICY_README.html">SMTPD_POLICY_README</a> for
As of version 2.1, Postfix can be configured to delegate
access policy decisions to an external server that runs
outside Postfix. See the file <a href="SMTPD_POLICY_README.html">SMTPD_POLICY_README</a> for
more information.
<b><a href="postconf.5.html#smtpd_policy_service_max_idle">smtpd_policy_service_max_idle</a> (300s)</b>
The time after which an idle SMTPD policy service
The time after which an idle SMTPD policy service
connection is closed.
<b><a href="postconf.5.html#smtpd_policy_service_max_ttl">smtpd_policy_service_max_ttl</a> (1000s)</b>
@ -493,154 +494,154 @@ SMTPD(8) SMTPD(8)
connection is closed.
<b><a href="postconf.5.html#smtpd_policy_service_timeout">smtpd_policy_service_timeout</a> (100s)</b>
The time limit for connecting to, writing to or
The time limit for connecting to, writing to or
receiving from a delegated SMTPD policy server.
<b>ACCESS CONTROLS</b>
The <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a> document gives an introduction to
The <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a> document gives an introduction to
all the SMTP server access control features.
<b><a href="postconf.5.html#smtpd_delay_reject">smtpd_delay_reject</a> (yes)</b>
Wait until the RCPT TO command before evaluating
Wait until the RCPT TO command before evaluating
$<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>, $smtpd_helo_restric-
tions and $<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a>, or wait until
the ETRN command before evaluating
the ETRN command before evaluating
$<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> and $smtpd_helo_restric-
tions.
<b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> (see 'postconf -d' out-</b>
<b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> (see 'postconf -d' out-</b>
<b>put)</b>
What Postfix features match subdomains of
"domain.tld" automatically, instead of requiring an
explicit ".domain.tld" pattern.
<b><a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> (empty)</b>
Optional SMTP server access restrictions in the
Optional SMTP server access restrictions in the
context of a client SMTP connection request.
<b><a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> (no)</b>
Require that a remote SMTP client introduces itself
at the beginning of an SMTP session with the HELO
at the beginning of an SMTP session with the HELO
or EHLO command.
<b><a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> (empty)</b>
Optional restrictions that the Postfix SMTP server
Optional restrictions that the Postfix SMTP server
applies in the context of the SMTP HELO command.
<b><a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> (empty)</b>
Optional restrictions that the Postfix SMTP server
Optional restrictions that the Postfix SMTP server
applies in the context of the MAIL FROM command.
<b><a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> (<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>,</b>
<b><a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>)</b>
The access restrictions that the Postfix SMTP
server applies in the context of the RCPT TO com-
server applies in the context of the RCPT TO com-
mand.
<b><a href="postconf.5.html#smtpd_etrn_restrictions">smtpd_etrn_restrictions</a> (empty)</b>
Optional SMTP server access restrictions in the
Optional SMTP server access restrictions in the
context of a client ETRN request.
<b><a href="postconf.5.html#allow_untrusted_routing">allow_untrusted_routing</a> (no)</b>
Forward mail with sender-specified routing
(user[@%!]remote[@%!]site) from untrusted clients
Forward mail with sender-specified routing
(user[@%!]remote[@%!]site) from untrusted clients
to destinations matching $<a href="postconf.5.html#relay_domains">relay_domains</a>.
<b><a href="postconf.5.html#smtpd_restriction_classes">smtpd_restriction_classes</a> (empty)</b>
User-defined aliases for groups of access restric-
User-defined aliases for groups of access restric-
tions.
<b><a href="postconf.5.html#smtpd_null_access_lookup_key">smtpd_null_access_lookup_key</a> (</b>&lt;&gt;<b>)</b>
The lookup key to be used in SMTP <a href="access.5.html">access(5)</a> tables
The lookup key to be used in SMTP <a href="access.5.html">access(5)</a> tables
instead of the null sender address.
<b><a href="postconf.5.html#permit_mx_backup_networks">permit_mx_backup_networks</a> (empty)</b>
Restrict the use of the <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> SMTP
access feature to only domains whose primary MX
access feature to only domains whose primary MX
hosts match the listed networks.
Available in Postfix version 2.0 and later:
<b><a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a> (empty)</b>
Optional access restrictions that the Postfix SMTP
Optional access restrictions that the Postfix SMTP
server applies in the context of the SMTP DATA com-
mand.
<b><a href="postconf.5.html#smtpd_expansion_filter">smtpd_expansion_filter</a> (see 'postconf -d' output)</b>
What characters are allowed in $name expansions of
What characters are allowed in $name expansions of
RBL reply templates.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtpd_reject_unlisted_sender">smtpd_reject_unlisted_sender</a> (no)</b>
Request that the Postfix SMTP server rejects mail
from unknown sender addresses, even when no
explicit <a href="postconf.5.html#reject_unlisted_sender">reject_unlisted_sender</a> access restriction
Request that the Postfix SMTP server rejects mail
from unknown sender addresses, even when no
explicit <a href="postconf.5.html#reject_unlisted_sender">reject_unlisted_sender</a> access restriction
is specified.
<b><a href="postconf.5.html#smtpd_reject_unlisted_recipient">smtpd_reject_unlisted_recipient</a> (yes)</b>
Request that the Postfix SMTP server rejects mail
Request that the Postfix SMTP server rejects mail
for unknown recipient addresses, even when no
explicit <a href="postconf.5.html#reject_unlisted_recipient">reject_unlisted_recipient</a> access restric-
explicit <a href="postconf.5.html#reject_unlisted_recipient">reject_unlisted_recipient</a> access restric-
tion is specified.
<b>SENDER AND RECIPIENT ADDRESS VERIFICATION CONTROLS</b>
Postfix version 2.1 introduces sender and recipient
address verification. This feature is implemented by
sending probe email messages that are not actually deliv-
ered. This feature is requested via the <a href="postconf.5.html#reject_unverified_sender">reject_unveri</a>-
<a href="postconf.5.html#reject_unverified_sender">fied_sender</a> and <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> access
restrictions. The status of verification probes is main-
Postfix version 2.1 introduces sender and recipient
address verification. This feature is implemented by
sending probe email messages that are not actually deliv-
ered. This feature is requested via the <a href="postconf.5.html#reject_unverified_sender">reject_unveri</a>-
<a href="postconf.5.html#reject_unverified_sender">fied_sender</a> and <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> access
restrictions. The status of verification probes is main-
tained by the <a href="verify.8.html">verify(8)</a> server. See the file ADDRESS_VER-
<a href="IFICATION_README.html">IFICATION_README</a> for information about how to configure
<a href="IFICATION_README.html">IFICATION_README</a> for information about how to configure
and operate the Postfix sender/recipient address verifica-
tion service.
<b><a href="postconf.5.html#address_verify_poll_count">address_verify_poll_count</a> (3)</b>
How many times to query the <a href="verify.8.html">verify(8)</a> service for
the completion of an address verification request
How many times to query the <a href="verify.8.html">verify(8)</a> service for
the completion of an address verification request
in progress.
<b><a href="postconf.5.html#address_verify_poll_delay">address_verify_poll_delay</a> (3s)</b>
The delay between queries for the completion of an
The delay between queries for the completion of an
address verification request in progress.
<b><a href="postconf.5.html#address_verify_sender">address_verify_sender</a> (postmaster)</b>
The sender address to use in address verification
The sender address to use in address verification
probes.
<b><a href="postconf.5.html#unverified_sender_reject_code">unverified_sender_reject_code</a> (450)</b>
The numerical Postfix SMTP server response code
when a recipient address is rejected by the
The numerical Postfix SMTP server response code
when a recipient address is rejected by the
<a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a> restriction.
<b><a href="postconf.5.html#unverified_recipient_reject_code">unverified_recipient_reject_code</a> (450)</b>
The numerical Postfix SMTP server response when a
The numerical Postfix SMTP server response when a
recipient address is rejected by the <a href="postconf.5.html#reject_unverified_recipient">reject_unveri</a>-
<a href="postconf.5.html#reject_unverified_recipient">fied_recipient</a> restriction.
<b>ACCESS CONTROL RESPONSES</b>
The following parameters control numerical SMTP reply
The following parameters control numerical SMTP reply
codes and/or text responses.
<b><a href="postconf.5.html#access_map_reject_code">access_map_reject_code</a> (554)</b>
The numerical Postfix SMTP server response code
when a client is rejected by an <a href="access.5.html">access(5)</a> map
The numerical Postfix SMTP server response code
when a client is rejected by an <a href="access.5.html">access(5)</a> map
restriction.
<b><a href="postconf.5.html#defer_code">defer_code</a> (450)</b>
The numerical Postfix SMTP server response code
when a remote SMTP client request is rejected by
The numerical Postfix SMTP server response code
when a remote SMTP client request is rejected by
the "defer" restriction.
<b><a href="postconf.5.html#invalid_hostname_reject_code">invalid_hostname_reject_code</a> (501)</b>
The numerical Postfix SMTP server response code
when the client HELO or EHLO command parameter is
rejected by the <a href="postconf.5.html#reject_invalid_hostname">reject_invalid_hostname</a> restric-
The numerical Postfix SMTP server response code
when the client HELO or EHLO command parameter is
rejected by the <a href="postconf.5.html#reject_invalid_hostname">reject_invalid_hostname</a> restric-
tion.
<b><a href="postconf.5.html#maps_rbl_reject_code">maps_rbl_reject_code</a> (554)</b>
The numerical Postfix SMTP server response code
The numerical Postfix SMTP server response code
when a remote SMTP client request is blocked by the
<a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a>, <a href="postconf.5.html#reject_rhsbl_client">reject_rhsbl_client</a>,
<a href="postconf.5.html#reject_rhsbl_sender">reject_rhsbl_sender</a> or <a href="postconf.5.html#reject_rhsbl_recipient">reject_rhsbl_recipient</a>
@ -648,47 +649,47 @@ SMTPD(8) SMTPD(8)
<b><a href="postconf.5.html#non_fqdn_reject_code">non_fqdn_reject_code</a> (504)</b>
The numerical Postfix SMTP server reply code when a
client request is rejected by the
client request is rejected by the
<a href="postconf.5.html#reject_non_fqdn_hostname">reject_non_fqdn_hostname</a>, <a href="postconf.5.html#reject_non_fqdn_sender">reject_non_fqdn_sender</a> or
<a href="postconf.5.html#reject_non_fqdn_recipient">reject_non_fqdn_recipient</a> restriction.
<b><a href="postconf.5.html#reject_code">reject_code</a> (554)</b>
The numerical Postfix SMTP server response code
when a remote SMTP client request is rejected by
The numerical Postfix SMTP server response code
when a remote SMTP client request is rejected by
the "<b>reject</b>" restriction.
<b><a href="postconf.5.html#relay_domains_reject_code">relay_domains_reject_code</a> (554)</b>
The numerical Postfix SMTP server response code
when a client request is rejected by the
The numerical Postfix SMTP server response code
when a client request is rejected by the
<a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> recipient restriction.
<b><a href="postconf.5.html#unknown_address_reject_code">unknown_address_reject_code</a> (450)</b>
The numerical Postfix SMTP server response code
when a sender or recipient address is rejected by
The numerical Postfix SMTP server response code
when a sender or recipient address is rejected by
the <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a> or
<a href="postconf.5.html#reject_unknown_recipient_domain">reject_unknown_recipient_domain</a> restriction.
<b><a href="postconf.5.html#unknown_client_reject_code">unknown_client_reject_code</a> (450)</b>
The numerical Postfix SMTP server response code
when a client without valid address &lt;=&gt; name map-
ping is rejected by the <a href="postconf.5.html#reject_unknown_client">reject_unknown_client</a>
The numerical Postfix SMTP server response code
when a client without valid address &lt;=&gt; name map-
ping is rejected by the <a href="postconf.5.html#reject_unknown_client">reject_unknown_client</a>
restriction.
<b><a href="postconf.5.html#unknown_hostname_reject_code">unknown_hostname_reject_code</a> (450)</b>
The numerical Postfix SMTP server response code
when the hostname specified with the HELO or EHLO
command is rejected by the <a href="postconf.5.html#reject_unknown_hostname">reject_unknown_hostname</a>
The numerical Postfix SMTP server response code
when the hostname specified with the HELO or EHLO
command is rejected by the <a href="postconf.5.html#reject_unknown_hostname">reject_unknown_hostname</a>
restriction.
Available in Postfix version 2.0 and later:
<b><a href="postconf.5.html#default_rbl_reply">default_rbl_reply</a> (see 'postconf -d' output)</b>
The default SMTP server response template for a
request that is rejected by an RBL-based restric-
The default SMTP server response template for a
request that is rejected by an RBL-based restric-
tion.
<b><a href="postconf.5.html#multi_recipient_bounce_reject_code">multi_recipient_bounce_reject_code</a> (550)</b>
The numerical Postfix SMTP server response code
The numerical Postfix SMTP server response code
when a remote SMTP client request is blocked by the
<a href="postconf.5.html#reject_multi_recipient_bounce">reject_multi_recipient_bounce</a> restriction.
@ -697,16 +698,16 @@ SMTPD(8) SMTPD(8)
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
The default location of the Postfix main.cf and
The default location of the Postfix main.cf and
master.cf configuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
How much time a Postfix daemon process may take to
handle a request before it is terminated by a
How much time a Postfix daemon process may take to
handle a request before it is terminated by a
built-in watchdog timer.
<b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
The location of all postfix administrative com-
The location of all postfix administrative com-
mands.
<b><a href="postconf.5.html#double_bounce_sender">double_bounce_sender</a> (double-bounce)</b>
@ -727,36 +728,36 @@ SMTPD(8) SMTPD(8)
and most Postfix daemon processes.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
The maximum amount of time that an idle Postfix
daemon process waits for the next service request
The maximum amount of time that an idle Postfix
daemon process waits for the next service request
before exiting.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
The maximal number of connection requests before a
The maximal number of connection requests before a
Postfix daemon process terminates.
<b><a href="postconf.5.html#myhostname">myhostname</a> (see 'postconf -d' output)</b>
The internet hostname of this mail system.
<b><a href="postconf.5.html#mynetworks">mynetworks</a> (see 'postconf -d' output)</b>
The list of "trusted" SMTP clients that have more
The list of "trusted" SMTP clients that have more
privileges than "strangers".
<b><a href="postconf.5.html#myorigin">myorigin</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
The domain name that locally-posted mail appears to
come from, and that locally posted mail is deliv-
come from, and that locally posted mail is deliv-
ered to.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
The process ID of a Postfix command or daemon pro-
The process ID of a Postfix command or daemon pro-
cess.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
The process name of a Postfix command or daemon
The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
The location of the Postfix top-level queue direc-
The location of the Postfix top-level queue direc-
tory.
<b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> (empty)</b>
@ -764,14 +765,14 @@ SMTPD(8) SMTPD(8)
sions (user+foo).
<b><a href="postconf.5.html#smtpd_banner">smtpd_banner</a> ($<a href="postconf.5.html#myhostname">myhostname</a> ESMTP $<a href="postconf.5.html#mail_name">mail_name</a>)</b>
The text that follows the 220 status code in the
The text that follows the 220 status code in the
SMTP greeting banner.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
The mail system name that is prepended to the pro-
The mail system name that is prepended to the pro-
cess name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
@ -797,7 +798,7 @@ SMTPD(8) SMTPD(8)
<a href="XFORWARD_README.html">XFORWARD_README</a>, Postfix XFORWARD extension
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>

16
postfix/html/trivial-rewrite.8.html
View File

@ -21,17 +21,14 @@ TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8)
Rewrite an address to standard form, according to
the address rewriting context:
<b>local</b>
<b>none</b> Append the domain names specified with <b>$<a href="postconf.5.html#myorigin">myo</a>-</b>
<b>local</b> Append the domain names specified with <b>$<a href="postconf.5.html#myorigin">myo</a>-</b>
<b><a href="postconf.5.html#myorigin">rigin</a></b> or <b>$<a href="postconf.5.html#mydomain">mydomain</a></b> to incomplete addresses;
do <b><a href="postconf.5.html#swap_bangpath">swap_bangpath</a></b> and <b><a href="postconf.5.html#allow_percent_hack">allow_percent_hack</a></b> pro-
cessing as described below, and strip source
routed addresses (<i>@site,@site:user@domain</i>)
to <i>user@domain</i> form.
<b>invalid</b>
Append the domain name specified with
<b>remote</b> Append the domain name specified with
<b>$<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a></b> to incomplete
addresses. Otherwise the result is identical
to that of the <b>local</b> address rewriting con-
@ -135,10 +132,11 @@ TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8)
Available in Postfix 2.2 and later:
<b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> (domain.invalid)</b>
Append this domain to incomplete message header
addresses from remote clients; when the domain is
empty, don't rewrite remote message headers at all.
<b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> (empty)</b>
Don't rewrite message headers from remote clients
at all when this parameter is empty; otherwise,
rewrite remote message headers and append the spec-
ified domain name to incomplete addresses.
<b>ROUTING CONTROLS</b>
The following is applicable to Postfix version 2.0 and

71
postfix/man/man5/postconf.5
View File

@ -1561,9 +1561,10 @@ Setting this parameter to a value > 1 changes the meaning of
local_destination_concurrency_limit from concurrency per recipient
into concurrency per domain.
.SH local_header_rewrite_clients (default: see "postconf -d" output)
Append the domain name in $myorigin or $mydomain to incomplete
message header addresses from these clients; append
$remote_header_rewrite_domain for all other clients.
Append the domain name in $myorigin or $mydomain to message
header addresses from these clients only; either don't rewrite
message headers from other clients at all, or append the domain
specified with the remote_header_rewrite_domain parameter.
.PP
Specify a list of zero or more of the following:
.IP "\fB permit_mynetworks \fR"
@ -1595,11 +1596,37 @@ for pop-before-smtp lookup tables.
.PP
Examples:
.PP
The backwards compatible setting: always rewrite message headers,
and always append my own domain to incomplete header addresses.
.PP
.nf
.na
.ft C
local_header_rewrite_clients = static:all
local_header_rewrite_clients = permit_mynetworks, permit_sasl_authenticated
local_header_rewrite_clients = static:all
.fi
.ad
.ft R
.PP
The default setting: rewrite headers and append my own domain
only with mail from local or authorized clients.
.PP
.nf
.na
.ft C
local_header_rewrite_clients = permit_mynetworks,
permit_sasl_authenticated permit_tls_clientcerts
.fi
.ad
.ft R
.PP
Include clients that are pop-before-smtp authenticated:
.PP
.nf
.na
.ft C
local_header_rewrite_clients = permit_mynetworks,
permit_sasl_authenticated permit_tls_clientcerts
check_address_map hash:/etc/postfix/pop-before-smtp
.fi
.ad
.ft R
@ -2676,11 +2703,35 @@ relocated_maps = hash:/etc/postfix/relocated
.fi
.ad
.ft R
.SH remote_header_rewrite_domain (default: domain.invalid)
Append this domain name to incomplete message header addresses
from remote clients; when this domain name is empty, don't rewrite
remote message headers at all. Both stop Postfix from appending
your own domain to addresses in spam from poorly written software.
.SH remote_header_rewrite_domain (default: empty)
Don't rewrite message headers from remote clients at all when
this parameter is empty; otherwise, rewrite remote message headers
and append the specified domain name to incomplete addresses.
.PP
Examples:
.PP
The safe setting: append "domain.invalid" to incomplete header
addresses from remote SMTP clients, so that those addresses cannot
be confused with local addresses.
.PP
.nf
.na
.ft C
remote_header_rewrite_domain = domain.invalid
.fi
.ad
.ft R
.PP
The default, purist, setting: don't rewrite headers from remote
clients at all.
.PP
.nf
.na
.ft C
remote_header_rewrite_domain =
.fi
.ad
.ft R
.SH require_home_directory (default: no)
Whether or not a local(8) recipient's home directory must exist
before mail delivery is attempted. By default this test is disabled.

1
postfix/man/man8/anvil.8
View File

@ -215,6 +215,7 @@ records, so that "smtpd" becomes, for example, "postfix/smtpd".
.nf
smtpd(8), Postfix SMTP server
postconf(5), configuration parameters
master(5), generic daemon options
.SH "README FILES"
.na
.nf

1
postfix/man/man8/bounce.8
View File

@ -123,6 +123,7 @@ records, so that "smtpd" becomes, for example, "postfix/smtpd".
.nf
qmgr(8), queue manager
postconf(5), configuration parameters
master(5), generic daemon options
master(8), process manager
syslogd(8), system logging
.SH "LICENSE"

1
postfix/man/man8/cleanup.8
View File

@ -299,6 +299,7 @@ body_checks(5), body parts content inspection
canonical(5), canonical address lookup table format
virtual(5), virtual alias lookup table format
postconf(5), configuration parameters
master(5), generic daemon options
master(8), process manager
syslogd(8), system logging
.SH "README FILES"

1
postfix/man/man8/discard.8
View File

@ -92,6 +92,7 @@ qmgr(8), queue manager
bounce(8), delivery status reports
error(8), Postfix error delivery agent
postconf(5), configuration parameters
master(5), generic daemon options
master(8), process manager
syslogd(8), system logging
.SH "LICENSE"

1
postfix/man/man8/error.8
View File

@ -101,6 +101,7 @@ qmgr(8), queue manager
bounce(8), delivery status reports
discard(8), Postfix discard delivery agent
postconf(5), configuration parameters
master(5), generic daemon options
master(8), process manager
syslogd(8), system logging
.SH "LICENSE"

1
postfix/man/man8/flush.8
View File

@ -136,6 +136,7 @@ records, so that "smtpd" becomes, for example, "postfix/smtpd".
smtpd(8), SMTP server
qmgr(8), queue manager
postconf(5), configuration parameters
master(5), generic daemon options
master(8), process manager
syslogd(8), system logging
.SH "README FILES"

7
postfix/man/man8/lmtp.8
View File

@ -181,9 +181,9 @@ The LMTP client time limit for sending the LMTP message content.
.IP "\fBlmtp_data_done_timeout (600s)\fR"
The LMTP client time limit for sending the LMTP ".", and for
receiving the server response.
.IP "\fBlmtp_rset_timeout (120s)\fR"
The LMTP client time limit for sending the RSET command, and for
receiving the server response.
.IP "\fBlmtp_rset_timeout (20s)\fR"
The LMTP client time limit for sending the RSET command, and
for receiving the server response.
.IP "\fBlmtp_quit_timeout (300s)\fR"
The LMTP client time limit for sending the QUIT command, and for
receiving the server response.
@ -228,6 +228,7 @@ records, so that "smtpd" becomes, for example, "postfix/smtpd".
bounce(8), delivery status reports
qmgr(8), queue manager
postconf(5), configuration parameters
master(5), generic daemon options
services(4), Internet services and aliases
master(8), process manager
syslogd(8), system logging

1
postfix/man/man8/local.8
View File

@ -509,6 +509,7 @@ newaliases(1), create/update alias database
postalias(1), create/update alias database
aliases(5), format of alias database
postconf(5), configuration parameters
master(5), generic daemon options
syslogd(8), system logging
.SH "LICENSE"
.na

1
postfix/man/man8/oqmgr.8
View File

@ -287,6 +287,7 @@ records, so that "smtpd" becomes, for example, "postfix/smtpd".
trivial-rewrite(8), address routing
bounce(8), delivery status reports
postconf(5), configuration parameters
master(5), generic daemon options
master(8), process manager
syslogd(8) system logging
.SH "README FILES"

3
postfix/man/man8/pickup.8
View File

@ -67,7 +67,7 @@ The name of a mail delivery transport that filters mail after
it is queued.
.IP "\fBreceive_override_options (empty)\fR"
Enable or disable recipient validation, built-in content
filtering, or address rewriting.
filtering, or address mapping.
.SH "MISCELLANEOUS CONTROLS"
.na
.nf
@ -109,6 +109,7 @@ cleanup(8), message canonicalization
sendmail(1), Sendmail-compatible interface
postdrop(1), mail posting agent
postconf(5), configuration parameters
master(5), generic daemon options
master(8), process manager
syslogd(8), system logging
.SH "LICENSE"

1
postfix/man/man8/pipe.8
View File

@ -297,6 +297,7 @@ records, so that "smtpd" becomes, for example, "postfix/smtpd".
qmgr(8), queue manager
bounce(8), delivery status reports
postconf(5), configuration parameters
master(5), generic daemon options
master(8), process manager
syslogd(8), system logging
.SH "LICENSE"

15
postfix/man/man8/proxymap.8
View File

@ -122,6 +122,21 @@ The process ID of a Postfix command or daemon process.
The process name of a Postfix command or daemon process.
.IP "\fBproxy_read_maps (see 'postconf -d' output)\fR"
The lookup tables that the proxymap(8) server is allowed to access.
.SH "SEE ALSO"
.na
.nf
postconf(5), configuration parameters
master(5), generic daemon options
.SH "README FILES"
.na
.nf
.ad
.fi
Use "\fBpostconf readme_directory\fR" or
"\fBpostconf html_directory\fR" to locate this information.
.na
.nf
DATABASE_README, Postfix lookup table overview
.SH "LICENSE"
.na
.nf

15
postfix/man/man8/smtpd.8
View File

@ -113,13 +113,14 @@ filtering, or address mapping.
.PP
Available in Postfix version 2.2 and later:
.IP "\fBlocal_header_rewrite_clients (see 'postconf -d' output)\fR"
Append the domain name in $myorigin or $mydomain to incomplete
message header addresses from these clients; append
$remote_header_rewrite_domain for all other clients.
.IP "\fBremote_header_rewrite_domain (domain.invalid)\fR"
Append this domain name to incomplete message header addresses
from remote clients; when this domain name is empty, don't rewrite
remote message headers at all.
Append the domain name in $myorigin or $mydomain to message
header addresses from these clients only; either don't rewrite
message headers from other clients at all, or append the domain
specified with the remote_header_rewrite_domain parameter.
.IP "\fBremote_header_rewrite_domain (empty)\fR"
Don't rewrite message headers from remote clients at all when
this parameter is empty; otherwise, rewrite remote message headers
and append the specified domain name to incomplete addresses.
.SH "AFTER QUEUE EXTERNAL CONTENT INSPECTION CONTROLS"
.na
.nf

11
postfix/man/man8/trivial-rewrite.8
View File

@ -19,13 +19,12 @@ Rewrite an address to standard form, according to the
address rewriting context:
.RS
.IP \fBlocal\fR
.IP \fBnone\fR
Append the domain names specified with \fB$myorigin\fR or
\fB$mydomain\fR to incomplete addresses; do \fBswap_bangpath\fR
and \fBallow_percent_hack\fR processing as described below, and
strip source routed addresses (\fI@site,@site:user@domain\fR)
to \fIuser@domain\fR form.
.IP \fBinvalid\fR
.IP \fBremote\fR
Append the domain name specified with
\fB$remote_header_rewrite_domain\fR to incomplete
addresses. Otherwise the result is identical to that of
@ -127,10 +126,10 @@ The separator between user names and address extensions (user+foo).
Enable the rewriting of "site!user" into "user@site".
.PP
Available in Postfix 2.2 and later:
.IP "\fBremote_header_rewrite_domain (domain.invalid)\fR"
Append this domain to incomplete message header addresses from
remote clients; when the domain is empty, don't rewrite remote message
headers at all.
.IP "\fBremote_header_rewrite_domain (empty)\fR"
Don't rewrite message headers from remote clients at all when
this parameter is empty; otherwise, rewrite remote message headers
and append the specified domain name to incomplete addresses.
.SH "ROUTING CONTROLS"
.na
.nf

29
postfix/proto/ADDRESS_REWRITING_README.html
View File

@ -339,6 +339,12 @@ trivial-rewrite(8) daemon. The purpose of rewriting to standard
form is to reduce the number of entries needed in lookup tables.
</p>
<p> Postfix versions 2.2 and later do not rewrite message headers
from remote SMTP clients at all, unless a non-empty domain name is
specified with the remote_header_rewrite_domain configuration
parameter. The local_header_rewrite_clients parameter controls
what SMTP clients Postfix considers local. </p>
<p> The Postfix trivial-rewrite(8) daemon implements the following
hard-coded address manipulations: </p>
@ -377,6 +383,11 @@ parameter (default: yes). You should never turn off this feature,
because a lot of Postfix components expect that all addresses have
the form "user@domain". </p>
<p> Postfix versions 2.2 and later do not rewrite message headers
from remote SMTP clients at all, or they append the domain name
specified with the remote_header_rewrite_domain configuration
parameter. </p>
<p> If your machine is not the main machine for $myorigin and you
wish to have some users delivered locally without going via that
main machine, make an entry in the <a href="#virtual">virtual
@ -393,7 +404,11 @@ Rewrite "user@host" to "user@host.$mydomain" </dt>
parameter (default: yes). The purpose is to get consistent treatment
of different forms of the same hostname. </p>
<p> Some will argue that rewriting "host" to "host.$mydomain"
<p> Postfix versions 2.2 and later do not rewrite message headers
from remote clients at all, or they append the domain name specified
with the remote_header_rewrite_domain configuration parameter. </p>
<p> Some will argue that rewriting "host" to "host.domain"
is bad. That is why it can be turned off. Others like the convenience
of having the local domain appended automatically. </p> </dd>
@ -414,6 +429,12 @@ addresses in message envelopes and in message headers. By default
all header and envelope addresses are rewritten; this is controlled
with the canonical_classes configuration parameter. </p>
<p> Postfix versions 2.2 and later do not rewrite message headers
from remote clients at all, unless a non-empty domain name is
specified with the remote_header_rewrite_domain configuration
parameter. The local_header_rewrite_clients parameter controls
what SMTP clients Postfix considers local. </p>
<p> Address rewriting is
done for local and remote addresses. The mapping is useful to
replace login names by "Firstname.Lastname" style addresses, or to
@ -491,6 +512,12 @@ behind their mail gateway, and to make it appear as if the mail
comes from the gateway itself, instead of from individual machines.
</p>
<p> Postfix versions 2.2 and later do not rewrite message headers
from remote SMTP clients at all, unless a non-empty domain name is
specified with the remote_header_rewrite_domain configuration
parameter. The local_header_rewrite_clients parameter controls
what SMTP clients Postfix considers local. </p>
<p> Address masquerading is disabled by default, and is implemented
by the cleanup(8) server. To enable, edit the masquerade_domains
parameter in the main.cf file and specify one or more domain names

56
postfix/proto/postconf.proto
View File

@ -7218,19 +7218,35 @@ is already bounded by $max_idle. </p>
session cache hit and miss rates for logical destinations and for
physical endpoints. </p>
%PARAM remote_header_rewrite_domain domain.invalid
%PARAM remote_header_rewrite_domain
<p> Append this domain name to incomplete message header addresses
from remote clients; when this domain name is empty, don't rewrite
remote message headers at all. Both stop Postfix from appending
your own domain to addresses in spam from poorly written software.
</p>
<p> Don't rewrite message headers from remote clients at all when
this parameter is empty; otherwise, rewrite remote message headers
and append the specified domain name to incomplete addresses. </p>
<p> Examples: </p>
<p> The safe setting: append "domain.invalid" to incomplete header
addresses from remote SMTP clients, so that those addresses cannot
be confused with local addresses. </p>
<pre>
remote_header_rewrite_domain = domain.invalid
</pre>
<p> The default, purist, setting: don't rewrite headers from remote
clients at all. </p>
<pre>
remote_header_rewrite_domain =
</pre>
%PARAM local_header_rewrite_clients see "postconf -d" output
<p> Append the domain name in $myorigin or $mydomain to incomplete
message header addresses from these clients; append
$remote_header_rewrite_domain for all other clients. </p>
<p> Append the domain name in $myorigin or $mydomain to message
header addresses from these clients only; either don't rewrite
message headers from other clients at all, or append the domain
specified with the remote_header_rewrite_domain parameter. </p>
<p> Specify a list of zero or more of the following: </p>
@ -7277,7 +7293,25 @@ for pop-before-smtp lookup tables. </dd>
<p> Examples: </p>
<p> The backwards compatible setting: always rewrite message headers,
and always append my own domain to incomplete header addresses. </p>
<pre>
local_header_rewrite_clients = static:all
local_header_rewrite_clients = permit_mynetworks, permit_sasl_authenticated
local_header_rewrite_clients = static:all
</pre>
<p> The default setting: rewrite headers and append my own domain
only with mail from local or authorized clients. </p>
<pre>
local_header_rewrite_clients = permit_mynetworks,
permit_sasl_authenticated permit_tls_clientcerts
</pre>
<p> Include clients that are pop-before-smtp authenticated: </p>
<pre>
local_header_rewrite_clients = permit_mynetworks,
permit_sasl_authenticated permit_tls_clientcerts
check_address_map hash:/etc/postfix/pop-before-smtp
</pre>

1
postfix/src/anvil/anvil.c
View File

@ -193,6 +193,7 @@
/* SEE ALSO
/* smtpd(8), Postfix SMTP server
/* postconf(5), configuration parameters
/* master(5), generic daemon options
/* README FILES
/* .ad
/* .fi

1
postfix/src/bounce/bounce.c
View File

@ -107,6 +107,7 @@
/* SEE ALSO
/* qmgr(8), queue manager
/* postconf(5), configuration parameters
/* master(5), generic daemon options
/* master(8), process manager
/* syslogd(8), system logging
/* LICENSE

1
postfix/src/cleanup/cleanup.c
View File

@ -267,6 +267,7 @@
/* canonical(5), canonical address lookup table format
/* virtual(5), virtual alias lookup table format
/* postconf(5), configuration parameters
/* master(5), generic daemon options
/* master(8), process manager
/* syslogd(8), system logging
/* README FILES

1
postfix/src/discard/discard.c
View File

@ -76,6 +76,7 @@
/* bounce(8), delivery status reports
/* error(8), Postfix error delivery agent
/* postconf(5), configuration parameters
/* master(5), generic daemon options
/* master(8), process manager
/* syslogd(8), system logging
/* LICENSE

1
postfix/src/error/error.c
View File

@ -85,6 +85,7 @@
/* bounce(8), delivery status reports
/* discard(8), Postfix discard delivery agent
/* postconf(5), configuration parameters
/* master(5), generic daemon options
/* master(8), process manager
/* syslogd(8), system logging
/* LICENSE

1
postfix/src/flush/flush.c
View File

@ -118,6 +118,7 @@
/* smtpd(8), SMTP server
/* qmgr(8), queue manager
/* postconf(5), configuration parameters
/* master(5), generic daemon options
/* master(8), process manager
/* syslogd(8), system logging
/* README FILES

2
postfix/src/global/mail_params.h
View File

@ -2092,7 +2092,7 @@ extern char *var_anvil_service;
* What domain names to assume when no valid domain context exists.
*/
#define VAR_REM_RWR_DOMAIN "remote_header_rewrite_domain"
#define DEF_REM_RWR_DOMAIN "domain.invalid"
#define DEF_REM_RWR_DOMAIN ""
extern char *var_remote_rwr_domain;
#define CHECK_ADDR_MAP "check_address_map"

2
postfix/src/global/mail_version.h
View File

@ -20,7 +20,7 @@
* Patches change the patchlevel and the release date. Snapshots change the
* release date only.
*/
#define MAIL_RELEASE_DATE "20041021"
#define MAIL_RELEASE_DATE "20041022"
#define MAIL_VERSION_NUMBER "2.2"
#define VAR_MAIL_VERSION "mail_version"

7
postfix/src/lmtp/lmtp.c
View File

@ -157,9 +157,9 @@
/* .IP "\fBlmtp_data_done_timeout (600s)\fR"
/* The LMTP client time limit for sending the LMTP ".", and for
/* receiving the server response.
/* .IP "\fBlmtp_rset_timeout (120s)\fR"
/* The LMTP client time limit for sending the RSET command, and for
/* receiving the server response.
/* .IP "\fBlmtp_rset_timeout (20s)\fR"
/* The LMTP client time limit for sending the RSET command, and
/* for receiving the server response.
/* .IP "\fBlmtp_quit_timeout (300s)\fR"
/* The LMTP client time limit for sending the QUIT command, and for
/* receiving the server response.
@ -200,6 +200,7 @@
/* bounce(8), delivery status reports
/* qmgr(8), queue manager
/* postconf(5), configuration parameters
/* master(5), generic daemon options
/* services(4), Internet services and aliases
/* master(8), process manager
/* syslogd(8), system logging

2
postfix/src/lmtp/lmtp_proto.c
View File

@ -425,7 +425,7 @@ static int lmtp_loop(LMTP_STATE *state, NOCLOBBER int send_state,
DEL_REQ_ATTR_AVAIL(request->rewrite_context) == 0 ?
XFORWARD_UNAVAILABLE :
strcmp(request->rewrite_context, REWRITE_LOCAL) ?
XFORWARD_DOM_LOCAL : XFORWARD_DOM_REMOTE);
XFORWARD_DOM_REMOTE : XFORWARD_DOM_LOCAL );
next_state = LMTP_STATE_MAIL;
break;

1
postfix/src/local/local.c
View File

@ -465,6 +465,7 @@
/* postalias(1), create/update alias database
/* aliases(5), format of alias database
/* postconf(5), configuration parameters
/* master(5), generic daemon options
/* syslogd(8), system logging
/* LICENSE
/* .ad

1
postfix/src/oqmgr/qmgr.c
View File

@ -249,6 +249,7 @@
/* trivial-rewrite(8), address routing
/* bounce(8), delivery status reports
/* postconf(5), configuration parameters
/* master(5), generic daemon options
/* master(8), process manager
/* syslogd(8) system logging
/* README FILES

1
postfix/src/pickup/Makefile.in
View File

@ -76,4 +76,5 @@ pickup.o: ../../include/record.h
pickup.o: ../../include/rec_type.h
pickup.o: ../../include/lex_822.h
pickup.o: ../../include/input_transp.h
pickup.o: ../../include/rewrite_clnt.h
pickup.o: ../../include/mail_server.h

6
postfix/src/pickup/pickup.c
View File

@ -49,7 +49,7 @@
/* it is queued.
/* .IP "\fBreceive_override_options (empty)\fR"
/* Enable or disable recipient validation, built-in content
/* filtering, or address rewriting.
/* filtering, or address mapping.
/* MISCELLANEOUS CONTROLS
/* .ad
/* .fi
@ -87,6 +87,7 @@
/* sendmail(1), Sendmail-compatible interface
/* postdrop(1), mail posting agent
/* postconf(5), configuration parameters
/* master(5), generic daemon options
/* master(8), process manager
/* syslogd(8), system logging
/* LICENSE
@ -137,6 +138,7 @@
#include <rec_type.h>
#include <lex_822.h>
#include <input_transp.h>
#include <rewrite_clnt.h> /* XXX */
/* Single-threaded server skeleton. */
@ -292,6 +294,8 @@ static int pickup_copy(VSTREAM *qfile, VSTREAM *cleanup,
*/
rec_fprintf(cleanup, REC_TYPE_ATTR, "%s=%s",
MAIL_ATTR_ORIGIN, MAIL_ATTR_ORG_LOCAL);
rec_fprintf(cleanup, REC_TYPE_ATTR, "%s=%s",
MAIL_ATTR_RWR_CTXT_NAME, REWRITE_LOCAL);
/*
* Copy the message envelope segment. Allow only those records that we

1
postfix/src/pipe/pipe.c
View File

@ -275,6 +275,7 @@
/* qmgr(8), queue manager
/* bounce(8), delivery status reports
/* postconf(5), configuration parameters
/* master(5), generic daemon options
/* master(8), process manager
/* syslogd(8), system logging
/* LICENSE

11
postfix/src/proxymap/proxymap.c
View File

@ -106,6 +106,17 @@
/* The process name of a Postfix command or daemon process.
/* .IP "\fBproxy_read_maps (see 'postconf -d' output)\fR"
/* The lookup tables that the proxymap(8) server is allowed to access.
/* SEE ALSO
/* postconf(5), configuration parameters
/* master(5), generic daemon options
/* README FILES
/* .ad
/* .fi
/* Use "\fBpostconf readme_directory\fR" or
/* "\fBpostconf html_directory\fR" to locate this information.
/* .na
/* .nf
/* DATABASE_README, Postfix lookup table overview
/* LICENSE
/* .ad
/* .fi

2
postfix/src/smtp/smtp_connect.c
View File

@ -527,7 +527,7 @@ int smtp_connect(SMTP_STATE *state)
* high volume of mail in the active queue.
*/
if (cpp == sites->argv
&& ((request->flags & DEL_REQ_FLAG_SCACHE) != 0
&& ((var_smtp_cache_demand && (request->flags & DEL_REQ_FLAG_SCACHE) != 0)
|| (smtp_cache_dest && string_list_match(smtp_cache_dest, domain)))) {
sess_flags |= SMTP_SESS_FLAG_CACHE;
SET_NEXTHOP_STATE(state, lookup_mx, domain, port);

2
postfix/src/smtp/smtp_proto.c
View File

@ -646,7 +646,7 @@ static int smtp_loop(SMTP_STATE *state, NOCLOBBER int send_state,
DEL_REQ_ATTR_AVAIL(request->rewrite_context) == 0 ?
XFORWARD_UNAVAILABLE :
strcmp(request->rewrite_context, REWRITE_LOCAL) ?
XFORWARD_DOM_LOCAL : XFORWARD_DOM_REMOTE);
XFORWARD_DOM_REMOTE : XFORWARD_DOM_LOCAL );
next_state = SMTP_STATE_MAIL;
break;

52
postfix/src/smtpd/smtpd.c
View File

@ -95,13 +95,14 @@
/* .PP
/* Available in Postfix version 2.2 and later:
/* .IP "\fBlocal_header_rewrite_clients (see 'postconf -d' output)\fR"
/* Append the domain name in $myorigin or $mydomain to incomplete
/* message header addresses from these clients; append
/* $remote_header_rewrite_domain for all other clients.
/* .IP "\fBremote_header_rewrite_domain (domain.invalid)\fR"
/* Append this domain name to incomplete message header addresses
/* from remote clients; when this domain name is empty, don't rewrite
/* remote message headers at all.
/* Append the domain name in $myorigin or $mydomain to message
/* header addresses from these clients only; either don't rewrite
/* message headers from other clients at all, or append the domain
/* specified with the remote_header_rewrite_domain parameter.
/* .IP "\fBremote_header_rewrite_domain (empty)\fR"
/* Don't rewrite message headers from remote clients at all when
/* this parameter is empty; otherwise, rewrite remote message headers
/* and append the specified domain name to incomplete addresses.
/* AFTER QUEUE EXTERNAL CONTENT INSPECTION CONTROLS
/* .ad
/* .fi
@ -1073,21 +1074,21 @@ static void mail_open_stream(SMTPD_STATE *state)
if (*var_filter_xport)
rec_fprintf(state->cleanup, REC_TYPE_FILT, "%s", var_filter_xport);
rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
MAIL_ATTR_RWR_CTXT_NAME, state->rewrite_context_name);
}
MAIL_ATTR_RWR_CTXT_NAME, FORWARD_DOMAIN(state));
#ifdef USE_SASL_AUTH
if (var_smtpd_sasl_enable) {
if (state->sasl_method)
rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
MAIL_ATTR_SASL_METHOD, state->sasl_method);
if (state->sasl_username)
rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
MAIL_ATTR_SASL_USERNAME, state->sasl_username);
if (state->sasl_sender)
rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
MAIL_ATTR_SASL_SENDER, state->sasl_sender);
}
if (var_smtpd_sasl_enable) {
if (state->sasl_method)
rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
MAIL_ATTR_SASL_METHOD, state->sasl_method);
if (state->sasl_username)
rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
MAIL_ATTR_SASL_USERNAME, state->sasl_username);
if (state->sasl_sender)
rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
MAIL_ATTR_SASL_SENDER, state->sasl_sender);
}
#endif
}
rec_fputs(state->cleanup, REC_TYPE_FROM, state->sender);
if (state->encoding != 0)
rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
@ -1537,7 +1538,8 @@ static int rcpt_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
* we have a valid recipient address.
*/
if (state->proxy == 0 && state->cleanup == 0) {
smtpd_check_rewrite(state);
if (!SMTPD_STAND_ALONE(state))
smtpd_check_rewrite(state);
if (state->proxy_mail) {
if (smtpd_proxy_open(state, var_smtpd_proxy_filt,
var_smtpd_proxy_tmout, var_smtpd_proxy_ehlo,
@ -2383,13 +2385,7 @@ static int xforward_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
XFORWARD_DOMAIN, attr_value);
return (-1);
}
if (state->rewrite_context_name
&& strcmp(state->rewrite_context_name,
context_name[context_code])) {
myfree(state->rewrite_context_name);
state->rewrite_context_name =
mystrdup(context_name[context_code]);
}
UPDATE_STR(state->xforward.domain, context_name[context_code]);
break;
/*

16
postfix/src/smtpd/smtpd.h
View File

@ -53,6 +53,7 @@ typedef struct {
char *protocol; /* email protocol */
char *helo_name; /* helo/ehlo parameter */
char *ident; /* message identifier */
char *domain; /* rewrite context */
} SMTPD_XFORWARD_ATTR;
typedef struct SMTPD_STATE {
@ -175,6 +176,7 @@ extern void smtpd_state_reset(SMTPD_STATE *);
#define CLIENT_HELO_UNKNOWN 0
#define CLIENT_PROTO_UNKNOWN CLIENT_ATTR_UNKNOWN
#define CLIENT_IDENT_UNKNOWN 0
#define CLIENT_DOMAIN_UNKNOWN 0
#define IS_AVAIL_CLIENT_ATTR(v) ((v) && strcmp((v), CLIENT_ATTR_UNKNOWN))
@ -184,6 +186,7 @@ extern void smtpd_state_reset(SMTPD_STATE *);
#define IS_AVAIL_CLIENT_HELO(v) ((v) != 0)
#define IS_AVAIL_CLIENT_PROTO(v) IS_AVAIL_CLIENT_ATTR(v)
#define IS_AVAIL_CLIENT_IDENT(v) ((v) != 0)
#define IS_AVAIL_CLIENT_DOMAIN(v) ((v) != 0)
/*
* If running in stand-alone mode, do not try to talk to Postfix daemons but
@ -230,16 +233,19 @@ extern void smtpd_peer_reset(SMTPD_STATE *state);
(((s)->xforward.flags & SMTPD_STATE_XFORWARD_CLIENT_MASK) ? \
(s)->xforward.a : (s)->a)
#define FORWARD_IDENT_ATTR(s) \
(((s)->xforward.flags & SMTPD_STATE_XFORWARD_IDENT) ? \
(s)->queue_id : (s)->ident)
#define FORWARD_ADDR(s) FORWARD_CLIENT_ATTR((s), addr)
#define FORWARD_NAME(s) FORWARD_CLIENT_ATTR((s), name)
#define FORWARD_NAMADDR(s) FORWARD_CLIENT_ATTR((s), namaddr)
#define FORWARD_PROTO(s) FORWARD_CLIENT_ATTR((s), protocol)
#define FORWARD_HELO(s) FORWARD_CLIENT_ATTR((s), helo_name)
#define FORWARD_IDENT(s) FORWARD_IDENT_ATTR(s)
#define FORWARD_IDENT(s) \
(((s)->xforward.flags & SMTPD_STATE_XFORWARD_IDENT) ? \
(s)->queue_id : (s)->ident)
#define FORWARD_DOMAIN(s) \
(((s)->xforward.flags & SMTPD_STATE_XFORWARD_DOMAIN) ? \
(s)->xforward.domain : (s)->rewrite_context_name)
extern void smtpd_xforward_init(SMTPD_STATE *);
extern void smtpd_xforward_preset(SMTPD_STATE *);

23
postfix/src/smtpd/smtpd_check.c
View File

@ -323,7 +323,6 @@ static int check_rcpt_maps(SMTPD_STATE *, const char *, const char *);
#define SMTPD_NAME_RECIPIENT "Recipient address"
#define SMTPD_NAME_ETRN "Etrn command"
#define SMTPD_NAME_DATA "Data command"
#define SMTPD_NAME_REWRITE "Local address rewriting"
/*
* YASLM.
@ -3397,8 +3396,8 @@ void smtpd_check_rewrite(SMTPD_STATE *state)
DICT *dict;
/*
* We don't use generic_checks() because it produces results that
* aren't applicable such as DEFER or REJECT.
* We don't use generic_checks() because it produces results that aren't
* applicable such as DEFER or REJECT.
*/
for (cpp = local_rewrite_clients->argv; *cpp != 0; cpp++) {
if (msg_verbose)
@ -3430,6 +3429,8 @@ void smtpd_check_rewrite(SMTPD_STATE *state)
continue;
}
if (status == SMTPD_CHECK_OK) {
if (state->rewrite_context_name)
myfree(state->rewrite_context_name);
state->rewrite_context_name = mystrdup(REWRITE_LOCAL);
return;
}
@ -4063,7 +4064,7 @@ char *var_def_rbl_reply;
char *var_relay_rcpt_maps;
char *var_verify_sender;
char *var_smtpd_sasl_opts;
char *var_remote_rwr_name;
char *var_remote_rwr_domain;
char *var_local_rwr_clients;
typedef struct {
@ -4105,7 +4106,7 @@ static STRING_TABLE string_table[] = {
VAR_VERIFY_SENDER, DEF_VERIFY_SENDER, &var_verify_sender,
VAR_MAIL_NAME, DEF_MAIL_NAME, &var_mail_name,
VAR_SMTPD_SASL_OPTS, DEF_SMTPD_SASL_OPTS, &var_smtpd_sasl_opts,
VAR_REM_RWR_NAME, DEF_REM_RWR_NAME, &var_remote_rwr_name,
VAR_REM_RWR_DOMAIN, DEF_REM_RWR_DOMAIN, &var_remote_rwr_domain,
VAR_LOC_RWR_CLIENTS, DEF_LOC_RWR_CLIENTS, &var_local_rwr_clients,
0,
};
@ -4171,6 +4172,8 @@ int var_verify_poll_delay;
int var_smtpd_policy_tmout;
int var_smtpd_policy_idle;
int var_smtpd_policy_ttl;
int var_smtpd_rej_unl_from;
int var_smtpd_rej_unl_rcpt;
static INT_TABLE int_table[] = {
"msg_verbose", 0, &msg_verbose,
@ -4195,6 +4198,8 @@ static INT_TABLE int_table[] = {
VAR_VIRT_MAILBOX_CODE, DEF_VIRT_MAILBOX_CODE, &var_virt_mailbox_code,
VAR_SHOW_UNK_RCPT_TABLE, DEF_SHOW_UNK_RCPT_TABLE, &var_show_unk_rcpt_table,
VAR_VERIFY_POLL_COUNT, DEF_VERIFY_POLL_COUNT, &var_verify_poll_count,
VAR_SMTPD_REJ_UNL_FROM, DEF_SMTPD_REJ_UNL_FROM, &var_smtpd_rej_unl_from,
VAR_SMTPD_REJ_UNL_RCPT, DEF_SMTPD_REJ_UNL_RCPT, &var_smtpd_rej_unl_rcpt,
0,
};
@ -4411,7 +4416,7 @@ int main(int argc, char **argv)
string_init();
int_init();
smtpd_check_init();
smtpd_state_init(&state, VSTREAM_IN);
smtpd_state_init(&state, VSTREAM_IN, "smtpd");
state.queue_id = "<queue id>";
/*
@ -4589,11 +4594,17 @@ int main(int argc, char **argv)
* Show commands.
*/
default:
if (strcasecmp(args->argv[0], "check_rewrite") == 0) {
smtpd_check_rewrite(&state);
resp = state.rewrite_context_name;
break;
}
resp = "Commands...\n\
client <name> <address> [<code>]\n\
helo <hostname>\n\
sender <address>\n\
recipient <address>\n\
check_rewrite\n\
msg_verbose <level>\n\
client_restrictions <restrictions>\n\
helo_restrictions <restrictions>\n\

1
postfix/src/smtpd/smtpd_exp.ref
View File

@ -123,7 +123,6 @@ OK
>>> sender_restrictions check_sender_mx_access,hash:smtpd_check_access
OK
>>> mail foo@pls.net.au
./smtpd_check: warning: numeric domain name in resource data of MX record for pls.net.au: 203.3.110.241
OK
>>> #mail foo@verisign-wildcard.com
>>> mail foo@verisign.com

2
postfix/src/smtpd/smtpd_proxy.c
View File

@ -340,7 +340,7 @@ int smtpd_proxy_open(SMTPD_STATE *state, const char *service,
FORWARD_PROTO(state))))
&& (!(state->proxy_xforward_features & SMTPD_PROXY_XFORWARD_DOMAIN)
|| !(bad = smtpd_xforward(state, buf, XFORWARD_DOMAIN, 1,
STREQ(state->rewrite_context_name, REWRITE_LOCAL) ?
STREQ(FORWARD_DOMAIN(state), REWRITE_LOCAL) ?
XFORWARD_DOM_LOCAL : XFORWARD_DOM_REMOTE))))
bad = smtpd_xforward_flush(state, buf);
vstring_free(buf);

3
postfix/src/smtpd/smtpd_xforward.c
View File

@ -59,6 +59,7 @@ void smtpd_xforward_init(SMTPD_STATE *state)
state->xforward.protocol = 0;
state->xforward.helo_name = 0;
state->xforward.ident = 0;
state->xforward.domain = 0;
}
/* smtpd_xforward_preset - set xforward attributes to "unknown" */
@ -85,6 +86,7 @@ void smtpd_xforward_preset(SMTPD_STATE *state)
/* Leave helo at zero. */
state->xforward.protocol = mystrdup(CLIENT_PROTO_UNKNOWN);
/* Leave ident at zero. */
/* Leave domain context at zero. */
}
/* smtpd_xforward_reset - reset XCLIENT attributes */
@ -100,4 +102,5 @@ void smtpd_xforward_reset(SMTPD_STATE *state)
FREE_AND_WIPE(state->xforward.protocol);
FREE_AND_WIPE(state->xforward.helo_name);
FREE_AND_WIPE(state->xforward.ident);
FREE_AND_WIPE(state->xforward.domain);
}

11
postfix/src/trivial-rewrite/trivial-rewrite.c
View File

@ -13,13 +13,12 @@
/* address rewriting context:
/* .RS
/* .IP \fBlocal\fR
/* .IP \fBnone\fR
/* Append the domain names specified with \fB$myorigin\fR or
/* \fB$mydomain\fR to incomplete addresses; do \fBswap_bangpath\fR
/* and \fBallow_percent_hack\fR processing as described below, and
/* strip source routed addresses (\fI@site,@site:user@domain\fR)
/* to \fIuser@domain\fR form.
/* .IP \fBinvalid\fR
/* .IP \fBremote\fR
/* Append the domain name specified with
/* \fB$remote_header_rewrite_domain\fR to incomplete
/* addresses. Otherwise the result is identical to that of
@ -107,10 +106,10 @@
/* Enable the rewriting of "site!user" into "user@site".
/* .PP
/* Available in Postfix 2.2 and later:
/* .IP "\fBremote_header_rewrite_domain (domain.invalid)\fR"
/* Append this domain to incomplete message header addresses from
/* remote clients; when the domain is empty, don't rewrite remote message
/* headers at all.
/* .IP "\fBremote_header_rewrite_domain (empty)\fR"
/* Don't rewrite message headers from remote clients at all when
/* this parameter is empty; otherwise, rewrite remote message headers
/* and append the specified domain name to incomplete addresses.
/* ROUTING CONTROLS
/* .ad
/* .fi

18
postfix/src/util/dict_db.c
View File

@ -167,6 +167,12 @@ static const char *dict_db_lookup(DICT *dict, const char *name)
static VSTRING *buf;
const char *result = 0;
/*
* Sanity check.
*/
if ((dict->flags & (DICT_FLAG_TRY1NULL | DICT_FLAG_TRY0NULL)) == 0)
msg_panic("dict_db_lookup: no DICT_FLAG_TRY1NULL | DICT_FLAG_TRY0NULL flag");
dict_errno = 0;
memset(&db_key, 0, sizeof(db_key));
memset(&db_value, 0, sizeof(db_value));
@ -231,6 +237,12 @@ static void dict_db_update(DICT *dict, const char *name, const char *value)
DBT db_value;
int status;
/*
* Sanity check.
*/
if ((dict->flags & (DICT_FLAG_TRY1NULL | DICT_FLAG_TRY0NULL)) == 0)
msg_panic("dict_db_update: no DICT_FLAG_TRY1NULL | DICT_FLAG_TRY0NULL flag");
memset(&db_key, 0, sizeof(db_key));
memset(&db_value, 0, sizeof(db_value));
db_key.data = (void *) name;
@ -302,6 +314,12 @@ static int dict_db_delete(DICT *dict, const char *name)
int status = 1;
int flags = 0;
/*
* Sanity check.
*/
if ((dict->flags & (DICT_FLAG_TRY1NULL | DICT_FLAG_TRY0NULL)) == 0)
msg_panic("dict_db_delete: no DICT_FLAG_TRY1NULL | DICT_FLAG_TRY0NULL flag");
memset(&db_key, 0, sizeof(db_key));
/*

18
postfix/src/util/dict_dbm.c
View File

@ -78,6 +78,12 @@ static const char *dict_dbm_lookup(DICT *dict, const char *name)
static VSTRING *buf;
const char *result = 0;
/*
* Sanity check.
*/
if ((dict->flags & (DICT_FLAG_TRY1NULL | DICT_FLAG_TRY0NULL)) == 0)
msg_panic("dict_dbm_lookup: no DICT_FLAG_TRY1NULL | DICT_FLAG_TRY0NULL flag");
dict_errno = 0;
/*
@ -137,6 +143,12 @@ static void dict_dbm_update(DICT *dict, const char *name, const char *value)
datum dbm_value;
int status;
/*
* Sanity check.
*/
if ((dict->flags & (DICT_FLAG_TRY1NULL | DICT_FLAG_TRY0NULL)) == 0)
msg_panic("dict_dbm_update: no DICT_FLAG_TRY1NULL | DICT_FLAG_TRY0NULL flag");
dbm_key.dptr = (void *) name;
dbm_value.dptr = (void *) value;
dbm_key.dsize = strlen(name);
@ -202,6 +214,12 @@ static int dict_dbm_delete(DICT *dict, const char *name)
int status = 1;
int flags = 0;
/*
* Sanity check.
*/
if ((dict->flags & (DICT_FLAG_TRY1NULL | DICT_FLAG_TRY0NULL)) == 0)
msg_panic("dict_dbm_delete: no DICT_FLAG_TRY1NULL | DICT_FLAG_TRY0NULL flag");
/*
* Acquire an exclusive lock.
*/

6
postfix/src/util/dict_nis.c
View File

@ -143,6 +143,12 @@ static const char *dict_nis_lookup(DICT *dict, const char *key)
int err;
static VSTRING *buf;
/*
* Sanity check.
*/
if ((dict->flags & (DICT_FLAG_TRY1NULL | DICT_FLAG_TRY0NULL)) == 0)
msg_panic("dict_nis_lookup: no DICT_FLAG_TRY1NULL | DICT_FLAG_TRY0NULL flag");
dict_errno = 0;
if (dict_nis_domain == dict_nis_disabled)
return (0);

46
postfix/src/util/dict_nisplus.c
View File

@ -119,10 +119,11 @@ static const char *dict_nisplus_lookup(DICT *dict, const char *key)
DICT_NISPLUS *dict_nisplus = (DICT_NISPLUS *) dict;
static VSTRING *quoted_key;
static VSTRING *query;
static VSTRING *reply;
nis_result *nis_alias;
static VSTRING *retval;
nis_result *reply;
int count;
const char *cp;
int last_col;
int ch;
/*
@ -131,7 +132,7 @@ static const char *dict_nisplus_lookup(DICT *dict, const char *key)
dict_errno = 0;
if (quoted_key == 0) {
query = vstring_alloc(100);
reply = vstring_alloc(100);
retval = vstring_alloc(100);
quoted_key = vstring_alloc(100);
}
@ -168,29 +169,35 @@ static const char *dict_nisplus_lookup(DICT *dict, const char *key)
* addresses (in envelopes or in headers) have a finite length.
*/
vstring_sprintf(query, dict_nisplus->template, STR(quoted_key));
nis_alias = nis_list(STR(query), FOLLOW_LINKS | FOLLOW_PATH, NULL, NULL);
reply = nis_list(STR(query), FOLLOW_LINKS | FOLLOW_PATH, NULL, NULL);
/*
* When lookup succeeds, the result may be unusable because it is
* ambiguous.
* When lookup succeeds, the result may be ambiguous, or the requested
* column may not exist.
*/
if (nis_alias->status == NIS_SUCCESS) {
if ((count = NIS_RES_NUMOBJ(nis_alias)) != 1) {
if (reply->status == NIS_SUCCESS) {
if ((count = NIS_RES_NUMOBJ(reply)) != 1) {
msg_warn("ambiguous match (%d results) for %s in NIS+ map %s:"
" ignoring this request",
count, key, dict_nisplus->dict.name);
nis_freeresult(nis_alias);
nis_freeresult(reply);
return (0);
} else {
vstring_strcpy(reply,
NIS_RES_OBJECT(nis_alias)->zo_data.objdata_u
last_col = NIS_RES_OBJECT(reply)->zo_data
.objdata_u.en_data.en_cols.en_cols_len - 1;
if (dict_nisplus->column > last_col)
msg_fatal("requested column %d > max column %d in table %s",
dict_nisplus->column, last_col,
dict_nisplus->dict.name);
vstring_strcpy(retval,
NIS_RES_OBJECT(reply)->zo_data.objdata_u
.en_data.en_cols.en_cols_val[dict_nisplus->column]
.ec_value.ec_value_val);
if (msg_verbose)
msg_info("%s: %s, column %d -> %s", myname, STR(query),
dict_nisplus->column, STR(reply));
nis_freeresult(nis_alias);
return (STR(reply));
dict_nisplus->column, STR(retval));
nis_freeresult(reply);
return (STR(retval));
}
}
@ -200,14 +207,17 @@ static const char *dict_nisplus_lookup(DICT *dict, const char *key)
* the problem and fix it.
*/
else {
if (nis_alias->status != NIS_NOTFOUND
&& nis_alias->status != NIS_PARTIAL) {
if (reply->status != NIS_NOTFOUND
&& reply->status != NIS_PARTIAL) {
msg_warn("lookup %s, NIS+ map %s: %s",
key, dict_nisplus->dict.name,
nis_sperrno(nis_alias->status));
nis_sperrno(reply->status));
dict_errno = DICT_ERR_RETRY;
} else {
if (msg_verbose)
msg_info("%s: not found: query %s", myname, STR(query));
}
nis_freeresult(nis_alias);
nis_freeresult(reply);
return (0);
}
}

1
postfix/src/util/sys_defs.h
View File

@ -296,6 +296,7 @@ extern int opterr;
#define DEF_DB_TYPE "dbm"
#define ALIAS_DB_MAP "dbm:/etc/mail/aliases"
#define HAS_NIS
#define HAS_NISPLUS
#define USE_SYS_SOCKIO_H /* Solaris 2.5, changed sys/ioctl.h */
#define GETTIMEOFDAY(t) gettimeofday(t)
#define ROOT_PATH "/bin:/usr/bin:/sbin:/usr/sbin:/usr/ucb"