mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-30 13:48:06 +00:00
Code Issues Releases Wiki Activity

postfix-2.2-20041022

Browse Source
This commit is contained in:
Wietse Venema
2004-10-22 00:00:00 -05:00
committed by Viktor Dukhovni
parent f2ffad66ca
commit d9f316cf24
66 changed files with 725 additions and 396 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
postfix/HISTORY
View File

@@ -9776,27 +9776,22 @@ Apologies for any names omitted.
20041014-21
By default, Postfix no longer appends the local domain to
incomplete message header addresses from remote clients.
Thus, spam from badly written software no longer looks like
it came from a local user.
Instead, Postfix either does not rewrite headers from remote
clients at all, or it appends the domain name that is
specified with the new invalid_rewrite_context_domain
Postfix no longer appends the local domain to header
addresses from remote clients. Instead, Postfix either
does not rewrite those headers at all, or it appends the
domain specified with the new remote_header_rewrite_domain
parameter.
Postfix still appends $@myorigin or .$mydomain to headers
in mail from Postfix sendmail, from clients listed with
the local_rewrite_context_clients parameter (default:
from the Postfix sendmail command, or from clients listed
with the new local_header_rewrite_clients parameter (default:
permit_mynetworks, permit_sasl_authenticated).
The context specified with remote_rewrite_context_name is
used for all other clients. The default setting is backwards
compatible to avoid surprises.
20041016
Postfix still appends $@myorigin or .$mydomain when rewriting
incomplete envelope addresses.
Bugfix: attr_clnt_request() did not properly skip hash
table arguments. Luc Pardon, Skopos Consulting. File:
util/attr_clnt.c.
20041018
@@ -9807,18 +9802,21 @@ Apologies for any names omitted.
Support for Errors-To: is permanently removed.
Open problems:
20041022
High: document master(5) for generic daemon options.
Bugfix: "smtp_connection_cache_on_demand=no" could crash
the SMTP client. File: smtp/smtp_connect.c.
Robustness: extra sanity checks. Files: util/dict_db.c,
util/dict_dbm.c.
Open problems:
Low: reject HELO with any domain name that this MTA is
final destination for.
Low: should the Delivered-To: test in local(8) be configurable?
Low: append a different domain (like, address.invalid) for
mail from clients not in mynetworks.
Low: document propagate_unmatched_extensions in aliases(5)
etc.
@@ -9849,9 +9847,6 @@ Open problems:
all MXes return a quick ECONNRESET or 4xx reply during the
initial handshake.
Low: add msg_panic() guard to ensure that at least one of
DICT_FLAG_TRY1NULL or DICT_FLAG_TRY1NULL is set upon lookup.
Low: make post-install a "postfix-only script" so it can
take data from the environment instead of main.cf.

30
postfix/README_FILES/ADDRESS_REWRITING_README
View File

@@ -166,6 +166,12 @@ table, it first rewrites the address to the standard
rewrite(8) daemon. The purpose of rewriting to standard form is to reduce the
number of entries needed in lookup tables.
Postfix versions 2.2 and later do not rewrite message headers from remote SMTP
clients at all, unless a non-empty domain name is specified with the
remote_header_rewrite_domain configuration parameter. The
local_header_rewrite_clients parameter controls what SMTP clients Postfix
considers local.
The Postfix trivial-rewrite(8) daemon implements the following hard-coded
address manipulations:
@@ -193,6 +199,10 @@ address manipulations:
of Postfix components expect that all addresses have the form
"user@domain".
Postfix versions 2.2 and later do not rewrite message headers from
remote SMTP clients at all, or they append the domain name specified
with the remote_header_rewrite_domain configuration parameter.
If your machine is not the main machine for $myorigin and you wish to
have some users delivered locally without going via that main machine,
make an entry in the virtual alias table that redirects
@@ -204,8 +214,12 @@ address manipulations:
(default: yes). The purpose is to get consistent treatment of different
forms of the same hostname.
Some will argue that rewriting "host" to "host.$mydomain" is bad. That
is why it can be turned off. Others like the convenience of having the
Postfix versions 2.2 and later do not rewrite message headers from
remote clients at all, or they append the domain name specified with
the remote_header_rewrite_domain configuration parameter.
Some will argue that rewriting "host" to "host.domain" is bad. That is
why it can be turned off. Others like the convenience of having the
local domain appended automatically.
Rewrite "user@site." to "user@site" (without the trailing dot).
@@ -219,6 +233,12 @@ message envelopes and in message headers. By default all header and envelope
addresses are rewritten; this is controlled with the canonical_classes
configuration parameter.
Postfix versions 2.2 and later do not rewrite message headers from remote
clients at all, unless a non-empty domain name is specified with the
remote_header_rewrite_domain configuration parameter. The
local_header_rewrite_clients parameter controls what SMTP clients Postfix
considers local.
Address rewriting is done for local and remote addresses. The mapping is useful
to replace login names by "Firstname.Lastname" style addresses, or to clean up
invalid domains in mail addresses produced by legacy mail systems.
@@ -277,6 +297,12 @@ Address masquerading is a method to hide hosts inside a domain behind their
mail gateway, and to make it appear as if the mail comes from the gateway
itself, instead of from individual machines.
Postfix versions 2.2 and later do not rewrite message headers from remote SMTP
clients at all, unless a non-empty domain name is specified with the
remote_header_rewrite_domain configuration parameter. The
local_header_rewrite_clients parameter controls what SMTP clients Postfix
considers local.
Address masquerading is disabled by default, and is implemented by the cleanup
(8) server. To enable, edit the masquerade_domains parameter in the main.cf
file and specify one or more domain names separated by whitespace or commas.

65
postfix/RELEASE_NOTES
View File

@@ -7,54 +7,53 @@ snapshot release). Patches are issued for the official release
and change the patchlevel and the release date. Patches are never
issued for snapshot releases.
Incompatible changes with snapshot Postfix-2.2-20041019
Incompatible changes with snapshot Postfix-2.2-20041022
=======================================================
You must reload or restart Postfix, because the protocol between
queue manager and delivery agents has changed. If you forget this,
mail will remain queued until you restart/reload Postfix.
You must reload or stop/start Postfix, because the queue manager
to delivery agent protocol has changed. If you forget this, mail
will remain queued until the queue manager is restarted.
Support for return addresses in the non-standard Errors-To: message
headers is removed. It was already disabled by default with Postfix
version 2.1. Since it is non-standard, there was no guarantee that
it would have effect on other MTAs.
Support for the non-standard Errors-To: return addresses is removed.
It was already disabled by default with Postfix version 2.1. Since
Errors-To: is non-standard, there was no guarantee that it would
have effect with other MTAs.
Major changes with snapshot Postfix-2.2-20041019
Major changes with snapshot Postfix-2.2-20041022
================================================
The NIS+ client by Geoff Gibbs is now part of the Postfix source
tree. Details are given in the nisplus_table(5) manual page.
Message header address rewriting contexts. These control what
domains are appended to incomplete addresses in message headers,
and whether headers are rewritten at all.
By default, Postfix no longer appends the local domain to addresses
in message headers from remote clients. Thus, spam from poorly
written software no longer looks like it came from a local user.
- "local": Append the domain names in myorigin or mydomain to
incomplete addresses in message headers.
Postfix either does not rewrite remote message headers at all, or
it rewrites headers and appends the domain name that is specified
with the remote_header_rewrite_domain parameter (like "domain.invalid").
- "invalid": append "domain.invalid" (or whatever is specified
with the invalid_header_rewrite_context_domain parameter) to
incomplete addresses in message headers,
To get the behavior of earlier Postfix versions specify
- "none": disable header address rewriting (don't even do canonical
mapping or address masquerading).
/etc/postfix/main.cf:
local_header_rewrite_clients = static:all
The "local" address rewriting context is used for mail submitted
with the Postfix sendmail command, for mail from clients that match
$local_header_rewrite_context_clients (default: $mynetworks), and
for mail from SASL authenticated clients. It is not automatically
used for pop-before-smtp clients; you'll have to specify their
lookup table via the local_header_rewrite_context_clients parameter.
Postfix always appends local domain information in message headers
from Postfix sendmail and from local clients.
The smtpd_remote_header_rewrite_context parameter specifies the
address rewriting context for remote mail. The backwards compatible
default is "local". Purists will specify "none", so that Postfix
does not modify headers (not even with canonical mappings or address
masquerading).
By default, Postfix considers a client local when its address
matches mynetworks, or when it is SASL or TLS authenticated. If
you want to include a pop-before-smtp table, then you have to
specify that via the new local_header_rewrite_clients parameter:
Postix always uses the "local" context for envelope addresses,
because an unqualified address is effectively local when someone
attempts to reply to it.
/etc/postfix/main.cf:
local_header_rewrite_clients = permit_mynetworks,
permit_sasl_authenticated, permit_tls_clientcerts,
check_address_map hash:/etc/postfix/pop-before-smtp
As before, Postfix appends local domain information to envelope
addresses, because an unqualified address is effectively local when
someone attempts to reply to it.
Incompatible changes with snapshot Postfix-2.2-20041009
=======================================================

29
postfix/html/ADDRESS_REWRITING_README.html
View File

@@ -339,6 +339,12 @@ mapping lookup table, it first rewrites the address to the standard
form is to reduce the number of entries needed in lookup tables.
</p>
<p> Postfix versions 2.2 and later do not rewrite message headers
from remote SMTP clients at all, unless a non-empty domain name is
specified with the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> configuration
parameter. The <a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter controls
what SMTP clients Postfix considers local. </p>
<p> The Postfix <a href="trivial-rewrite.8.html">trivial-rewrite(8)</a> daemon implements the following
hard-coded address manipulations: </p>
@@ -377,6 +383,11 @@ parameter (default: yes). You should never turn off this feature,
because a lot of Postfix components expect that all addresses have
the form "user@domain". </p>
<p> Postfix versions 2.2 and later do not rewrite message headers
from remote SMTP clients at all, or they append the domain name
specified with the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> configuration
parameter. </p>
<p> If your machine is not the main machine for $<a href="postconf.5.html#myorigin">myorigin</a> and you
wish to have some users delivered locally without going via that
main machine, make an entry in the <a href="#virtual">virtual
@@ -393,7 +404,11 @@ Rewrite "user@host" to "user@host.$<a href="postconf.5.html#mydomain">mydomain</
parameter (default: yes). The purpose is to get consistent treatment
of different forms of the same hostname. </p>
<p> Some will argue that rewriting "host" to "host.$<a href="postconf.5.html#mydomain">mydomain</a>"
<p> Postfix versions 2.2 and later do not rewrite message headers
from remote clients at all, or they append the domain name specified
with the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> configuration parameter. </p>
<p> Some will argue that rewriting "host" to "host.domain"
is bad. That is why it can be turned off. Others like the convenience
of having the <a href="ADDRESS_CLASS_README.html#local_domain_class">local domain</a> appended automatically. </p> </dd>
@@ -414,6 +429,12 @@ addresses in message envelopes and in message headers. By default
all header and envelope addresses are rewritten; this is controlled
with the <a href="postconf.5.html#canonical_classes">canonical_classes</a> configuration parameter. </p>
<p> Postfix versions 2.2 and later do not rewrite message headers
from remote clients at all, unless a non-empty domain name is
specified with the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> configuration
parameter. The <a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter controls
what SMTP clients Postfix considers local. </p>
<p> Address rewriting is
done for local and remote addresses. The mapping is useful to
replace login names by "Firstname.Lastname" style addresses, or to
@@ -491,6 +512,12 @@ behind their mail gateway, and to make it appear as if the mail
comes from the gateway itself, instead of from individual machines.
</p>
<p> Postfix versions 2.2 and later do not rewrite message headers
from remote SMTP clients at all, unless a non-empty domain name is
specified with the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> configuration
parameter. The <a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter controls
what SMTP clients Postfix considers local. </p>
<p> Address masquerading is disabled by default, and is implemented
by the <a href="cleanup.8.html">cleanup(8)</a> server. To enable, edit the <a href="postconf.5.html#masquerade_domains">masquerade_domains</a>
parameter in the main.cf file and specify one or more domain names

1
postfix/html/anvil.8.html
View File

@@ -196,6 +196,7 @@ ANVIL(8) ANVIL(8)
<b>SEE ALSO</b>
<a href="smtpd.8.html">smtpd(8)</a>, Postfix SMTP server
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="master.5.html">master(5)</a>, generic daemon options
<b>README FILES</b>
<a href="TUNING_README.html">TUNING_README</a>, performance tuning

1
postfix/html/bounce.8.html
View File

@@ -147,6 +147,7 @@ BOUNCE(8) BOUNCE(8)
<b>SEE ALSO</b>
<a href="qmgr.8.html">qmgr(8)</a>, queue manager
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="master.5.html">master(5)</a>, generic daemon options
<a href="master.8.html">master(8)</a>, process manager
syslogd(8), system logging

1
postfix/html/cleanup.8.html
View File

@@ -363,6 +363,7 @@ CLEANUP(8) CLEANUP(8)
<a href="canonical.5.html">canonical(5)</a>, canonical address lookup table format
<a href="virtual.5.html">virtual(5)</a>, virtual alias lookup table format
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="master.5.html">master(5)</a>, generic daemon options
<a href="master.8.html">master(8)</a>, process manager
syslogd(8), system logging

1
postfix/html/discard.8.html
View File

@@ -104,6 +104,7 @@ DISCARD(8) DISCARD(8)
<a href="bounce.8.html">bounce(8)</a>, delivery status reports
<a href="error.8.html">error(8)</a>, Postfix error delivery agent
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="master.5.html">master(5)</a>, generic daemon options
<a href="master.8.html">master(8)</a>, process manager
syslogd(8), system logging

1
postfix/html/error.8.html
View File

@@ -118,6 +118,7 @@ ERROR(8) ERROR(8)
<a href="bounce.8.html">bounce(8)</a>, delivery status reports
<a href="discard.8.html">discard(8)</a>, Postfix discard delivery agent
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="master.5.html">master(5)</a>, generic daemon options
<a href="master.8.html">master(8)</a>, process manager
syslogd(8), system logging

1
postfix/html/flush.8.html
View File

@@ -157,6 +157,7 @@ FLUSH(8) FLUSH(8)
<a href="smtpd.8.html">smtpd(8)</a>, SMTP server
<a href="qmgr.8.html">qmgr(8)</a>, queue manager
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="master.5.html">master(5)</a>, generic daemon options
<a href="master.8.html">master(8)</a>, process manager
syslogd(8), system logging

3
postfix/html/lmtp.8.html
View File

@@ -197,7 +197,7 @@ LMTP(8) LMTP(8)
The LMTP client time limit for sending the LMTP
".", and for receiving the server response.
<b><a href="postconf.5.html#lmtp_rset_timeout">lmtp_rset_timeout</a> (120s)</b>
<b><a href="postconf.5.html#lmtp_rset_timeout">lmtp_rset_timeout</a> (20s)</b>
The LMTP client time limit for sending the RSET
command, and for receiving the server response.
@@ -260,6 +260,7 @@ LMTP(8) LMTP(8)
<a href="bounce.8.html">bounce(8)</a>, delivery status reports
<a href="qmgr.8.html">qmgr(8)</a>, queue manager
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="master.5.html">master(5)</a>, generic daemon options
services(4), Internet services and aliases
<a href="master.8.html">master(8)</a>, process manager
syslogd(8), system logging

1
postfix/html/local.8.html
View File

@@ -526,6 +526,7 @@ LOCAL(8) LOCAL(8)
<a href="postalias.1.html">postalias(1)</a>, create/update alias database
<a href="aliases.5.html">aliases(5)</a>, format of alias database
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="master.5.html">master(5)</a>, generic daemon options
syslogd(8), system logging
<b>LICENSE</b>

1
postfix/html/oqmgr.8.html
View File

@@ -312,6 +312,7 @@ OQMGR(8) OQMGR(8)
<a href="trivial-rewrite.8.html">trivial-rewrite(8)</a>, address routing
<a href="bounce.8.html">bounce(8)</a>, delivery status reports
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="master.5.html">master(5)</a>, generic daemon options
<a href="master.8.html">master(8)</a>, process manager
syslogd(8) system logging

3
postfix/html/pickup.8.html
View File

@@ -58,7 +58,7 @@ PICKUP(8) PICKUP(8)
<b><a href="postconf.5.html#receive_override_options">receive_override_options</a> (empty)</b>
Enable or disable recipient validation, built-in
content filtering, or address rewriting.
content filtering, or address mapping.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
@@ -113,6 +113,7 @@ PICKUP(8) PICKUP(8)
<a href="sendmail.1.html">sendmail(1)</a>, Sendmail-compatible interface
<a href="postdrop.1.html">postdrop(1)</a>, mail posting agent
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="master.5.html">master(5)</a>, generic daemon options
<a href="master.8.html">master(8)</a>, process manager
syslogd(8), system logging

1
postfix/html/pipe.8.html
View File

@@ -350,6 +350,7 @@ PIPE(8) PIPE(8)
<a href="qmgr.8.html">qmgr(8)</a>, queue manager
<a href="bounce.8.html">bounce(8)</a>, delivery status reports
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="master.5.html">master(5)</a>, generic daemon options
<a href="master.8.html">master(8)</a>, process manager
syslogd(8), system logging

54
postfix/html/postconf.5.html
View File

@@ -3075,9 +3075,10 @@ into concurrency per domain. </p>
<DT><b><a name="local_header_rewrite_clients">local_header_rewrite_clients</a>
(default: see "postconf -d" output)</b></DT><DD>
<p> Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> to incomplete
message header addresses from these clients; append
$<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> for all other clients. </p>
<p> Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> to message
header addresses from these clients only; either don't rewrite
message headers from other clients at all, or append the domain
specified with the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter. </p>
<p> Specify a list of zero or more of the following: </p>
@@ -3124,9 +3125,27 @@ for pop-before-smtp lookup tables. </dd>
<p> Examples: </p>
<p> The backwards compatible setting: always rewrite message headers,
and always append my own domain to incomplete header addresses. </p>
<pre>
<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = static:all
<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>
</pre>
<p> The default setting: rewrite headers and append my own domain
only with mail from local or authorized clients. </p>
<pre>
<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>,
<a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a> <a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a>
</pre>
<p> Include clients that are pop-before-smtp authenticated: </p>
<pre>
<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>,
<a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a> <a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a>
<a href="postconf.5.html#check_address_map">check_address_map</a> hash:/etc/postfix/pop-before-smtp
</pre>
@@ -5046,13 +5065,28 @@ Examples:
</DD>
<DT><b><a name="remote_header_rewrite_domain">remote_header_rewrite_domain</a>
(default: domain.invalid)</b></DT><DD>
(default: empty)</b></DT><DD>
<p> Append this domain name to incomplete message header addresses
from remote clients; when this domain name is empty, don't rewrite
remote message headers at all. Both stop Postfix from appending
your own domain to addresses in spam from poorly written software.
</p>
<p> Don't rewrite message headers from remote clients at all when
this parameter is empty; otherwise, rewrite remote message headers
and append the specified domain name to incomplete addresses. </p>
<p> Examples: </p>
<p> The safe setting: append "domain.invalid" to incomplete header
addresses from remote SMTP clients, so that those addresses cannot
be confused with local addresses. </p>
<pre>
<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> = domain.invalid
</pre>
<p> The default, purist, setting: don't rewrite headers from remote
clients at all. </p>
<pre>
<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> =
</pre>
</DD>

11
postfix/html/proxymap.8.html
View File

@@ -88,8 +88,8 @@ PROXYMAP(8) PROXYMAP(8)
latency lookups.
<b>CONFIGURATION PARAMETERS</b>
On busy mail systems a long time may pass before prox-
ymap(8) relevant changes to <b>main.cf</b> are picked up. Use the
On busy mail systems a long time may pass before <a href="proxymap.8.html">prox-</a>
<a href="proxymap.8.html">ymap(8)</a> relevant changes to <b>main.cf</b> are picked up. Use the
command "<b>postfix reload</b>" to speed up a change.
The text below provides only a parameter summary. See
@@ -129,6 +129,13 @@ PROXYMAP(8) PROXYMAP(8)
The lookup tables that the <a href="proxymap.8.html">proxymap(8)</a> server is
allowed to access.
<b>SEE ALSO</b>
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="master.5.html">master(5)</a>, generic daemon options
<b>README FILES</b>
<a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
software.

17
postfix/html/smtpd.8.html
View File

@@ -112,15 +112,16 @@ SMTPD(8) SMTPD(8)
<b><a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> (see 'postconf -d' output)</b>
Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> to
incomplete message header addresses from these
clients; append $<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> for
all other clients.
message header addresses from these clients only;
either don't rewrite message headers from other
clients at all, or append the domain specified with
the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter.
<b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> (domain.invalid)</b>
Append this domain name to incomplete message
header addresses from remote clients; when this
domain name is empty, don't rewrite remote message
headers at all.
<b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> (empty)</b>
Don't rewrite message headers from remote clients
at all when this parameter is empty; otherwise,
rewrite remote message headers and append the spec-
ified domain name to incomplete addresses.
<b>AFTER QUEUE EXTERNAL CONTENT INSPECTION CONTROLS</b>
As of version 1.0, Postfix can be configured to send new

16
postfix/html/trivial-rewrite.8.html
View File

@@ -21,17 +21,14 @@ TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8)
Rewrite an address to standard form, according to
the address rewriting context:
<b>local</b>
<b>none</b> Append the domain names specified with <b>$<a href="postconf.5.html#myorigin">myo</a>-</b>
<b>local</b> Append the domain names specified with <b>$<a href="postconf.5.html#myorigin">myo</a>-</b>
<b><a href="postconf.5.html#myorigin">rigin</a></b> or <b>$<a href="postconf.5.html#mydomain">mydomain</a></b> to incomplete addresses;
do <b><a href="postconf.5.html#swap_bangpath">swap_bangpath</a></b> and <b><a href="postconf.5.html#allow_percent_hack">allow_percent_hack</a></b> pro-
cessing as described below, and strip source
routed addresses (<i>@site,@site:user@domain</i>)
to <i>user@domain</i> form.
<b>invalid</b>
Append the domain name specified with
<b>remote</b> Append the domain name specified with
<b>$<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a></b> to incomplete
addresses. Otherwise the result is identical
to that of the <b>local</b> address rewriting con-
@@ -135,10 +132,11 @@ TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8)
Available in Postfix 2.2 and later:
<b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> (domain.invalid)</b>
Append this domain to incomplete message header
addresses from remote clients; when the domain is
empty, don't rewrite remote message headers at all.
<b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> (empty)</b>
Don't rewrite message headers from remote clients
at all when this parameter is empty; otherwise,
rewrite remote message headers and append the spec-
ified domain name to incomplete addresses.
<b>ROUTING CONTROLS</b>
The following is applicable to Postfix version 2.0 and

69
postfix/man/man5/postconf.5
View File

@@ -1561,9 +1561,10 @@ Setting this parameter to a value > 1 changes the meaning of
local_destination_concurrency_limit from concurrency per recipient
into concurrency per domain.
.SH local_header_rewrite_clients (default: see "postconf -d" output)
Append the domain name in $myorigin or $mydomain to incomplete
message header addresses from these clients; append
$remote_header_rewrite_domain for all other clients.
Append the domain name in $myorigin or $mydomain to message
header addresses from these clients only; either don't rewrite
message headers from other clients at all, or append the domain
specified with the remote_header_rewrite_domain parameter.
.PP
Specify a list of zero or more of the following:
.IP "\fB permit_mynetworks \fR"
@@ -1595,11 +1596,37 @@ for pop-before-smtp lookup tables.
.PP
Examples:
.PP
The backwards compatible setting: always rewrite message headers,
and always append my own domain to incomplete header addresses.
.PP
.nf
.na
.ft C
local_header_rewrite_clients = static:all
local_header_rewrite_clients = permit_mynetworks, permit_sasl_authenticated
.fi
.ad
.ft R
.PP
The default setting: rewrite headers and append my own domain
only with mail from local or authorized clients.
.PP
.nf
.na
.ft C
local_header_rewrite_clients = permit_mynetworks,
permit_sasl_authenticated permit_tls_clientcerts
.fi
.ad
.ft R
.PP
Include clients that are pop-before-smtp authenticated:
.PP
.nf
.na
.ft C
local_header_rewrite_clients = permit_mynetworks,
permit_sasl_authenticated permit_tls_clientcerts
check_address_map hash:/etc/postfix/pop-before-smtp
.fi
.ad
.ft R
@@ -2676,11 +2703,35 @@ relocated_maps = hash:/etc/postfix/relocated
.fi
.ad
.ft R
.SH remote_header_rewrite_domain (default: domain.invalid)
Append this domain name to incomplete message header addresses
from remote clients; when this domain name is empty, don't rewrite
remote message headers at all. Both stop Postfix from appending
your own domain to addresses in spam from poorly written software.
.SH remote_header_rewrite_domain (default: empty)
Don't rewrite message headers from remote clients at all when
this parameter is empty; otherwise, rewrite remote message headers
and append the specified domain name to incomplete addresses.
.PP
Examples:
.PP
The safe setting: append "domain.invalid" to incomplete header
addresses from remote SMTP clients, so that those addresses cannot
be confused with local addresses.
.PP
.nf
.na
.ft C
remote_header_rewrite_domain = domain.invalid
.fi
.ad
.ft R
.PP
The default, purist, setting: don't rewrite headers from remote
clients at all.
.PP
.nf
.na
.ft C
remote_header_rewrite_domain =
.fi
.ad
.ft R
.SH require_home_directory (default: no)
Whether or not a local(8) recipient's home directory must exist
before mail delivery is attempted. By default this test is disabled.

1
postfix/man/man8/anvil.8
View File

@@ -215,6 +215,7 @@ records, so that "smtpd" becomes, for example, "postfix/smtpd".
.nf
smtpd(8), Postfix SMTP server
postconf(5), configuration parameters
master(5), generic daemon options
.SH "README FILES"
.na
.nf

1
postfix/man/man8/bounce.8
View File

@@ -123,6 +123,7 @@ records, so that "smtpd" becomes, for example, "postfix/smtpd".
.nf
qmgr(8), queue manager
postconf(5), configuration parameters
master(5), generic daemon options
master(8), process manager
syslogd(8), system logging
.SH "LICENSE"

1
postfix/man/man8/cleanup.8
View File

@@ -299,6 +299,7 @@ body_checks(5), body parts content inspection
canonical(5), canonical address lookup table format
virtual(5), virtual alias lookup table format
postconf(5), configuration parameters
master(5), generic daemon options
master(8), process manager
syslogd(8), system logging
.SH "README FILES"

1
postfix/man/man8/discard.8
View File

@@ -92,6 +92,7 @@ qmgr(8), queue manager
bounce(8), delivery status reports
error(8), Postfix error delivery agent
postconf(5), configuration parameters
master(5), generic daemon options
master(8), process manager
syslogd(8), system logging
.SH "LICENSE"

1
postfix/man/man8/error.8
View File

@@ -101,6 +101,7 @@ qmgr(8), queue manager
bounce(8), delivery status reports
discard(8), Postfix discard delivery agent
postconf(5), configuration parameters
master(5), generic daemon options
master(8), process manager
syslogd(8), system logging
.SH "LICENSE"

1
postfix/man/man8/flush.8
View File

@@ -136,6 +136,7 @@ records, so that "smtpd" becomes, for example, "postfix/smtpd".
smtpd(8), SMTP server
qmgr(8), queue manager
postconf(5), configuration parameters
master(5), generic daemon options
master(8), process manager
syslogd(8), system logging
.SH "README FILES"

7
postfix/man/man8/lmtp.8
View File

@@ -181,9 +181,9 @@ The LMTP client time limit for sending the LMTP message content.
.IP "\fBlmtp_data_done_timeout (600s)\fR"
The LMTP client time limit for sending the LMTP ".", and for
receiving the server response.
.IP "\fBlmtp_rset_timeout (120s)\fR"
The LMTP client time limit for sending the RSET command, and for
receiving the server response.
.IP "\fBlmtp_rset_timeout (20s)\fR"
The LMTP client time limit for sending the RSET command, and
for receiving the server response.
.IP "\fBlmtp_quit_timeout (300s)\fR"
The LMTP client time limit for sending the QUIT command, and for
receiving the server response.
@@ -228,6 +228,7 @@ records, so that "smtpd" becomes, for example, "postfix/smtpd".
bounce(8), delivery status reports
qmgr(8), queue manager
postconf(5), configuration parameters
master(5), generic daemon options
services(4), Internet services and aliases
master(8), process manager
syslogd(8), system logging

1
postfix/man/man8/local.8
View File

@@ -509,6 +509,7 @@ newaliases(1), create/update alias database
postalias(1), create/update alias database
aliases(5), format of alias database
postconf(5), configuration parameters
master(5), generic daemon options
syslogd(8), system logging
.SH "LICENSE"
.na

1
postfix/man/man8/oqmgr.8
View File

@@ -287,6 +287,7 @@ records, so that "smtpd" becomes, for example, "postfix/smtpd".
trivial-rewrite(8), address routing
bounce(8), delivery status reports
postconf(5), configuration parameters
master(5), generic daemon options
master(8), process manager
syslogd(8) system logging
.SH "README FILES"

3
postfix/man/man8/pickup.8
View File

@@ -67,7 +67,7 @@ The name of a mail delivery transport that filters mail after
it is queued.
.IP "\fBreceive_override_options (empty)\fR"
Enable or disable recipient validation, built-in content
filtering, or address rewriting.
filtering, or address mapping.
.SH "MISCELLANEOUS CONTROLS"
.na
.nf
@@ -109,6 +109,7 @@ cleanup(8), message canonicalization
sendmail(1), Sendmail-compatible interface
postdrop(1), mail posting agent
postconf(5), configuration parameters
master(5), generic daemon options
master(8), process manager
syslogd(8), system logging
.SH "LICENSE"

1
postfix/man/man8/pipe.8
View File

@@ -297,6 +297,7 @@ records, so that "smtpd" becomes, for example, "postfix/smtpd".
qmgr(8), queue manager
bounce(8), delivery status reports
postconf(5), configuration parameters
master(5), generic daemon options
master(8), process manager
syslogd(8), system logging
.SH "LICENSE"

15
postfix/man/man8/proxymap.8
View File

@@ -122,6 +122,21 @@ The process ID of a Postfix command or daemon process.
The process name of a Postfix command or daemon process.
.IP "\fBproxy_read_maps (see 'postconf -d' output)\fR"
The lookup tables that the proxymap(8) server is allowed to access.
.SH "SEE ALSO"
.na
.nf
postconf(5), configuration parameters
master(5), generic daemon options
.SH "README FILES"
.na
.nf
.ad
.fi
Use "\fBpostconf readme_directory\fR" or
"\fBpostconf html_directory\fR" to locate this information.
.na
.nf
DATABASE_README, Postfix lookup table overview
.SH "LICENSE"
.na
.nf

15
postfix/man/man8/smtpd.8
View File

@@ -113,13 +113,14 @@ filtering, or address mapping.
.PP
Available in Postfix version 2.2 and later:
.IP "\fBlocal_header_rewrite_clients (see 'postconf -d' output)\fR"
Append the domain name in $myorigin or $mydomain to incomplete
message header addresses from these clients; append
$remote_header_rewrite_domain for all other clients.
.IP "\fBremote_header_rewrite_domain (domain.invalid)\fR"
Append this domain name to incomplete message header addresses
from remote clients; when this domain name is empty, don't rewrite
remote message headers at all.
Append the domain name in $myorigin or $mydomain to message
header addresses from these clients only; either don't rewrite
message headers from other clients at all, or append the domain
specified with the remote_header_rewrite_domain parameter.
.IP "\fBremote_header_rewrite_domain (empty)\fR"
Don't rewrite message headers from remote clients at all when
this parameter is empty; otherwise, rewrite remote message headers
and append the specified domain name to incomplete addresses.
.SH "AFTER QUEUE EXTERNAL CONTENT INSPECTION CONTROLS"
.na
.nf

11
postfix/man/man8/trivial-rewrite.8
View File

@@ -19,13 +19,12 @@ Rewrite an address to standard form, according to the
address rewriting context:
.RS
.IP \fBlocal\fR
.IP \fBnone\fR
Append the domain names specified with \fB$myorigin\fR or
\fB$mydomain\fR to incomplete addresses; do \fBswap_bangpath\fR
and \fBallow_percent_hack\fR processing as described below, and
strip source routed addresses (\fI@site,@site:user@domain\fR)
to \fIuser@domain\fR form.
.IP \fBinvalid\fR
.IP \fBremote\fR
Append the domain name specified with
\fB$remote_header_rewrite_domain\fR to incomplete
addresses. Otherwise the result is identical to that of
@@ -127,10 +126,10 @@ The separator between user names and address extensions (user+foo).
Enable the rewriting of "site!user" into "user@site".
.PP
Available in Postfix 2.2 and later:
.IP "\fBremote_header_rewrite_domain (domain.invalid)\fR"
Append this domain to incomplete message header addresses from
remote clients; when the domain is empty, don't rewrite remote message
headers at all.
.IP "\fBremote_header_rewrite_domain (empty)\fR"
Don't rewrite message headers from remote clients at all when
this parameter is empty; otherwise, rewrite remote message headers
and append the specified domain name to incomplete addresses.
.SH "ROUTING CONTROLS"
.na
.nf

29
postfix/proto/ADDRESS_REWRITING_README.html
View File

@@ -339,6 +339,12 @@ trivial-rewrite(8) daemon. The purpose of rewriting to standard
form is to reduce the number of entries needed in lookup tables.
</p>
<p> Postfix versions 2.2 and later do not rewrite message headers
from remote SMTP clients at all, unless a non-empty domain name is
specified with the remote_header_rewrite_domain configuration
parameter. The local_header_rewrite_clients parameter controls
what SMTP clients Postfix considers local. </p>
<p> The Postfix trivial-rewrite(8) daemon implements the following
hard-coded address manipulations: </p>
@@ -377,6 +383,11 @@ parameter (default: yes). You should never turn off this feature,
because a lot of Postfix components expect that all addresses have
the form "user@domain". </p>
<p> Postfix versions 2.2 and later do not rewrite message headers
from remote SMTP clients at all, or they append the domain name
specified with the remote_header_rewrite_domain configuration
parameter. </p>
<p> If your machine is not the main machine for $myorigin and you
wish to have some users delivered locally without going via that
main machine, make an entry in the <a href="#virtual">virtual
@@ -393,7 +404,11 @@ Rewrite "user@host" to "user@host.$mydomain" </dt>
parameter (default: yes). The purpose is to get consistent treatment
of different forms of the same hostname. </p>
<p> Some will argue that rewriting "host" to "host.$mydomain"
<p> Postfix versions 2.2 and later do not rewrite message headers
from remote clients at all, or they append the domain name specified
with the remote_header_rewrite_domain configuration parameter. </p>
<p> Some will argue that rewriting "host" to "host.domain"
is bad. That is why it can be turned off. Others like the convenience
of having the local domain appended automatically. </p> </dd>
@@ -414,6 +429,12 @@ addresses in message envelopes and in message headers. By default
all header and envelope addresses are rewritten; this is controlled
with the canonical_classes configuration parameter. </p>
<p> Postfix versions 2.2 and later do not rewrite message headers
from remote clients at all, unless a non-empty domain name is
specified with the remote_header_rewrite_domain configuration
parameter. The local_header_rewrite_clients parameter controls
what SMTP clients Postfix considers local. </p>
<p> Address rewriting is
done for local and remote addresses. The mapping is useful to
replace login names by "Firstname.Lastname" style addresses, or to
@@ -491,6 +512,12 @@ behind their mail gateway, and to make it appear as if the mail
comes from the gateway itself, instead of from individual machines.
</p>
<p> Postfix versions 2.2 and later do not rewrite message headers
from remote SMTP clients at all, unless a non-empty domain name is
specified with the remote_header_rewrite_domain configuration
parameter. The local_header_rewrite_clients parameter controls
what SMTP clients Postfix considers local. </p>
<p> Address masquerading is disabled by default, and is implemented
by the cleanup(8) server. To enable, edit the masquerade_domains
parameter in the main.cf file and specify one or more domain names

54
postfix/proto/postconf.proto
View File

@@ -7218,19 +7218,35 @@ is already bounded by $max_idle. </p>
session cache hit and miss rates for logical destinations and for
physical endpoints. </p>
%PARAM remote_header_rewrite_domain domain.invalid
%PARAM remote_header_rewrite_domain
<p> Append this domain name to incomplete message header addresses
from remote clients; when this domain name is empty, don't rewrite
remote message headers at all. Both stop Postfix from appending
your own domain to addresses in spam from poorly written software.
</p>
<p> Don't rewrite message headers from remote clients at all when
this parameter is empty; otherwise, rewrite remote message headers
and append the specified domain name to incomplete addresses. </p>
<p> Examples: </p>
<p> The safe setting: append "domain.invalid" to incomplete header
addresses from remote SMTP clients, so that those addresses cannot
be confused with local addresses. </p>
<pre>
remote_header_rewrite_domain = domain.invalid
</pre>
<p> The default, purist, setting: don't rewrite headers from remote
clients at all. </p>
<pre>
remote_header_rewrite_domain =
</pre>
%PARAM local_header_rewrite_clients see "postconf -d" output
<p> Append the domain name in $myorigin or $mydomain to incomplete
message header addresses from these clients; append
$remote_header_rewrite_domain for all other clients. </p>
<p> Append the domain name in $myorigin or $mydomain to message
header addresses from these clients only; either don't rewrite
message headers from other clients at all, or append the domain
specified with the remote_header_rewrite_domain parameter. </p>
<p> Specify a list of zero or more of the following: </p>
@@ -7277,7 +7293,25 @@ for pop-before-smtp lookup tables. </dd>
<p> Examples: </p>
<p> The backwards compatible setting: always rewrite message headers,
and always append my own domain to incomplete header addresses. </p>
<pre>
local_header_rewrite_clients = static:all
local_header_rewrite_clients = permit_mynetworks, permit_sasl_authenticated
</pre>
<p> The default setting: rewrite headers and append my own domain
only with mail from local or authorized clients. </p>
<pre>
local_header_rewrite_clients = permit_mynetworks,
permit_sasl_authenticated permit_tls_clientcerts
</pre>
<p> Include clients that are pop-before-smtp authenticated: </p>
<pre>
local_header_rewrite_clients = permit_mynetworks,
permit_sasl_authenticated permit_tls_clientcerts
check_address_map hash:/etc/postfix/pop-before-smtp
</pre>

1
postfix/src/anvil/anvil.c
View File

@@ -193,6 +193,7 @@
/* SEE ALSO
/* smtpd(8), Postfix SMTP server
/* postconf(5), configuration parameters
/* master(5), generic daemon options
/* README FILES
/* .ad
/* .fi

1
postfix/src/bounce/bounce.c
View File

@@ -107,6 +107,7 @@
/* SEE ALSO
/* qmgr(8), queue manager
/* postconf(5), configuration parameters
/* master(5), generic daemon options
/* master(8), process manager
/* syslogd(8), system logging
/* LICENSE

1
postfix/src/cleanup/cleanup.c
View File

@@ -267,6 +267,7 @@
/* canonical(5), canonical address lookup table format
/* virtual(5), virtual alias lookup table format
/* postconf(5), configuration parameters
/* master(5), generic daemon options
/* master(8), process manager
/* syslogd(8), system logging
/* README FILES

1
postfix/src/discard/discard.c
View File

@@ -76,6 +76,7 @@
/* bounce(8), delivery status reports
/* error(8), Postfix error delivery agent
/* postconf(5), configuration parameters
/* master(5), generic daemon options
/* master(8), process manager
/* syslogd(8), system logging
/* LICENSE

1
postfix/src/error/error.c
View File

@@ -85,6 +85,7 @@
/* bounce(8), delivery status reports
/* discard(8), Postfix discard delivery agent
/* postconf(5), configuration parameters
/* master(5), generic daemon options
/* master(8), process manager
/* syslogd(8), system logging
/* LICENSE

1
postfix/src/flush/flush.c
View File

@@ -118,6 +118,7 @@
/* smtpd(8), SMTP server
/* qmgr(8), queue manager
/* postconf(5), configuration parameters
/* master(5), generic daemon options
/* master(8), process manager
/* syslogd(8), system logging
/* README FILES

2
postfix/src/global/mail_params.h
View File

@@ -2092,7 +2092,7 @@ extern char *var_anvil_service;
* What domain names to assume when no valid domain context exists.
*/
#define VAR_REM_RWR_DOMAIN "remote_header_rewrite_domain"
#define DEF_REM_RWR_DOMAIN "domain.invalid"
#define DEF_REM_RWR_DOMAIN ""
extern char *var_remote_rwr_domain;
#define CHECK_ADDR_MAP "check_address_map"

2
postfix/src/global/mail_version.h
View File

@@ -20,7 +20,7 @@
* Patches change the patchlevel and the release date. Snapshots change the
* release date only.
*/
#define MAIL_RELEASE_DATE "20041021"
#define MAIL_RELEASE_DATE "20041022"
#define MAIL_VERSION_NUMBER "2.2"
#define VAR_MAIL_VERSION "mail_version"

7
postfix/src/lmtp/lmtp.c
View File

@@ -157,9 +157,9 @@
/* .IP "\fBlmtp_data_done_timeout (600s)\fR"
/* The LMTP client time limit for sending the LMTP ".", and for
/* receiving the server response.
/* .IP "\fBlmtp_rset_timeout (120s)\fR"
/* The LMTP client time limit for sending the RSET command, and for
/* receiving the server response.
/* .IP "\fBlmtp_rset_timeout (20s)\fR"
/* The LMTP client time limit for sending the RSET command, and
/* for receiving the server response.
/* .IP "\fBlmtp_quit_timeout (300s)\fR"
/* The LMTP client time limit for sending the QUIT command, and for
/* receiving the server response.
@@ -200,6 +200,7 @@
/* bounce(8), delivery status reports
/* qmgr(8), queue manager
/* postconf(5), configuration parameters
/* master(5), generic daemon options
/* services(4), Internet services and aliases
/* master(8), process manager
/* syslogd(8), system logging

2
postfix/src/lmtp/lmtp_proto.c
View File

@@ -425,7 +425,7 @@ static int lmtp_loop(LMTP_STATE *state, NOCLOBBER int send_state,
DEL_REQ_ATTR_AVAIL(request->rewrite_context) == 0 ?
XFORWARD_UNAVAILABLE :
strcmp(request->rewrite_context, REWRITE_LOCAL) ?
XFORWARD_DOM_LOCAL : XFORWARD_DOM_REMOTE);
XFORWARD_DOM_REMOTE : XFORWARD_DOM_LOCAL );
next_state = LMTP_STATE_MAIL;
break;

1
postfix/src/local/local.c
View File

@@ -465,6 +465,7 @@
/* postalias(1), create/update alias database
/* aliases(5), format of alias database
/* postconf(5), configuration parameters
/* master(5), generic daemon options
/* syslogd(8), system logging
/* LICENSE
/* .ad

1
postfix/src/oqmgr/qmgr.c
View File

@@ -249,6 +249,7 @@
/* trivial-rewrite(8), address routing
/* bounce(8), delivery status reports
/* postconf(5), configuration parameters
/* master(5), generic daemon options
/* master(8), process manager
/* syslogd(8) system logging
/* README FILES

1
postfix/src/pickup/Makefile.in
View File

@@ -76,4 +76,5 @@ pickup.o: ../../include/record.h
pickup.o: ../../include/rec_type.h
pickup.o: ../../include/lex_822.h
pickup.o: ../../include/input_transp.h
pickup.o: ../../include/rewrite_clnt.h
pickup.o: ../../include/mail_server.h

6
postfix/src/pickup/pickup.c
View File

@@ -49,7 +49,7 @@
/* it is queued.
/* .IP "\fBreceive_override_options (empty)\fR"
/* Enable or disable recipient validation, built-in content
/* filtering, or address rewriting.
/* filtering, or address mapping.
/* MISCELLANEOUS CONTROLS
/* .ad
/* .fi
@@ -87,6 +87,7 @@
/* sendmail(1), Sendmail-compatible interface
/* postdrop(1), mail posting agent
/* postconf(5), configuration parameters
/* master(5), generic daemon options
/* master(8), process manager
/* syslogd(8), system logging
/* LICENSE
@@ -137,6 +138,7 @@
#include <rec_type.h>
#include <lex_822.h>
#include <input_transp.h>
#include <rewrite_clnt.h> /* XXX */
/* Single-threaded server skeleton. */
@@ -292,6 +294,8 @@ static int pickup_copy(VSTREAM *qfile, VSTREAM *cleanup,
*/
rec_fprintf(cleanup, REC_TYPE_ATTR, "%s=%s",
MAIL_ATTR_ORIGIN, MAIL_ATTR_ORG_LOCAL);
rec_fprintf(cleanup, REC_TYPE_ATTR, "%s=%s",
MAIL_ATTR_RWR_CTXT_NAME, REWRITE_LOCAL);
/*
* Copy the message envelope segment. Allow only those records that we

1
postfix/src/pipe/pipe.c
View File

@@ -275,6 +275,7 @@
/* qmgr(8), queue manager
/* bounce(8), delivery status reports
/* postconf(5), configuration parameters
/* master(5), generic daemon options
/* master(8), process manager
/* syslogd(8), system logging
/* LICENSE

11
postfix/src/proxymap/proxymap.c
View File

@@ -106,6 +106,17 @@
/* The process name of a Postfix command or daemon process.
/* .IP "\fBproxy_read_maps (see 'postconf -d' output)\fR"
/* The lookup tables that the proxymap(8) server is allowed to access.
/* SEE ALSO
/* postconf(5), configuration parameters
/* master(5), generic daemon options
/* README FILES
/* .ad
/* .fi
/* Use "\fBpostconf readme_directory\fR" or
/* "\fBpostconf html_directory\fR" to locate this information.
/* .na
/* .nf
/* DATABASE_README, Postfix lookup table overview
/* LICENSE
/* .ad
/* .fi

2
postfix/src/smtp/smtp_connect.c
View File

@@ -527,7 +527,7 @@ int smtp_connect(SMTP_STATE *state)
* high volume of mail in the active queue.
*/
if (cpp == sites->argv
&& ((request->flags & DEL_REQ_FLAG_SCACHE) != 0
&& ((var_smtp_cache_demand && (request->flags & DEL_REQ_FLAG_SCACHE) != 0)
|| (smtp_cache_dest && string_list_match(smtp_cache_dest, domain)))) {
sess_flags |= SMTP_SESS_FLAG_CACHE;
SET_NEXTHOP_STATE(state, lookup_mx, domain, port);

2
postfix/src/smtp/smtp_proto.c
View File

@@ -646,7 +646,7 @@ static int smtp_loop(SMTP_STATE *state, NOCLOBBER int send_state,
DEL_REQ_ATTR_AVAIL(request->rewrite_context) == 0 ?
XFORWARD_UNAVAILABLE :
strcmp(request->rewrite_context, REWRITE_LOCAL) ?
XFORWARD_DOM_LOCAL : XFORWARD_DOM_REMOTE);
XFORWARD_DOM_REMOTE : XFORWARD_DOM_LOCAL );
next_state = SMTP_STATE_MAIL;
break;

28
postfix/src/smtpd/smtpd.c
View File

@@ -95,13 +95,14 @@
/* .PP
/* Available in Postfix version 2.2 and later:
/* .IP "\fBlocal_header_rewrite_clients (see 'postconf -d' output)\fR"
/* Append the domain name in $myorigin or $mydomain to incomplete
/* message header addresses from these clients; append
/* $remote_header_rewrite_domain for all other clients.
/* .IP "\fBremote_header_rewrite_domain (domain.invalid)\fR"
/* Append this domain name to incomplete message header addresses
/* from remote clients; when this domain name is empty, don't rewrite
/* remote message headers at all.
/* Append the domain name in $myorigin or $mydomain to message
/* header addresses from these clients only; either don't rewrite
/* message headers from other clients at all, or append the domain
/* specified with the remote_header_rewrite_domain parameter.
/* .IP "\fBremote_header_rewrite_domain (empty)\fR"
/* Don't rewrite message headers from remote clients at all when
/* this parameter is empty; otherwise, rewrite remote message headers
/* and append the specified domain name to incomplete addresses.
/* AFTER QUEUE EXTERNAL CONTENT INSPECTION CONTROLS
/* .ad
/* .fi
@@ -1073,8 +1074,7 @@ static void mail_open_stream(SMTPD_STATE *state)
if (*var_filter_xport)
rec_fprintf(state->cleanup, REC_TYPE_FILT, "%s", var_filter_xport);
rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
MAIL_ATTR_RWR_CTXT_NAME, state->rewrite_context_name);
}
MAIL_ATTR_RWR_CTXT_NAME, FORWARD_DOMAIN(state));
#ifdef USE_SASL_AUTH
if (var_smtpd_sasl_enable) {
if (state->sasl_method)
@@ -1088,6 +1088,7 @@ static void mail_open_stream(SMTPD_STATE *state)
MAIL_ATTR_SASL_SENDER, state->sasl_sender);
}
#endif
}
rec_fputs(state->cleanup, REC_TYPE_FROM, state->sender);
if (state->encoding != 0)
rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
@@ -1537,6 +1538,7 @@ static int rcpt_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
* we have a valid recipient address.
*/
if (state->proxy == 0 && state->cleanup == 0) {
if (!SMTPD_STAND_ALONE(state))
smtpd_check_rewrite(state);
if (state->proxy_mail) {
if (smtpd_proxy_open(state, var_smtpd_proxy_filt,
@@ -2383,13 +2385,7 @@ static int xforward_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
XFORWARD_DOMAIN, attr_value);
return (-1);
}
if (state->rewrite_context_name
&& strcmp(state->rewrite_context_name,
context_name[context_code])) {
myfree(state->rewrite_context_name);
state->rewrite_context_name =
mystrdup(context_name[context_code]);
}
UPDATE_STR(state->xforward.domain, context_name[context_code]);
break;
/*

16
postfix/src/smtpd/smtpd.h
View File

@@ -53,6 +53,7 @@ typedef struct {
char *protocol; /* email protocol */
char *helo_name; /* helo/ehlo parameter */
char *ident; /* message identifier */
char *domain; /* rewrite context */
} SMTPD_XFORWARD_ATTR;
typedef struct SMTPD_STATE {
@@ -175,6 +176,7 @@ extern void smtpd_state_reset(SMTPD_STATE *);
#define CLIENT_HELO_UNKNOWN 0
#define CLIENT_PROTO_UNKNOWN CLIENT_ATTR_UNKNOWN
#define CLIENT_IDENT_UNKNOWN 0
#define CLIENT_DOMAIN_UNKNOWN 0
#define IS_AVAIL_CLIENT_ATTR(v) ((v) && strcmp((v), CLIENT_ATTR_UNKNOWN))
@@ -184,6 +186,7 @@ extern void smtpd_state_reset(SMTPD_STATE *);
#define IS_AVAIL_CLIENT_HELO(v) ((v) != 0)
#define IS_AVAIL_CLIENT_PROTO(v) IS_AVAIL_CLIENT_ATTR(v)
#define IS_AVAIL_CLIENT_IDENT(v) ((v) != 0)
#define IS_AVAIL_CLIENT_DOMAIN(v) ((v) != 0)
/*
* If running in stand-alone mode, do not try to talk to Postfix daemons but
@@ -230,16 +233,19 @@ extern void smtpd_peer_reset(SMTPD_STATE *state);
(((s)->xforward.flags & SMTPD_STATE_XFORWARD_CLIENT_MASK) ? \
(s)->xforward.a : (s)->a)
#define FORWARD_IDENT_ATTR(s) \
(((s)->xforward.flags & SMTPD_STATE_XFORWARD_IDENT) ? \
(s)->queue_id : (s)->ident)
#define FORWARD_ADDR(s) FORWARD_CLIENT_ATTR((s), addr)
#define FORWARD_NAME(s) FORWARD_CLIENT_ATTR((s), name)
#define FORWARD_NAMADDR(s) FORWARD_CLIENT_ATTR((s), namaddr)
#define FORWARD_PROTO(s) FORWARD_CLIENT_ATTR((s), protocol)
#define FORWARD_HELO(s) FORWARD_CLIENT_ATTR((s), helo_name)
#define FORWARD_IDENT(s) FORWARD_IDENT_ATTR(s)
#define FORWARD_IDENT(s) \
(((s)->xforward.flags & SMTPD_STATE_XFORWARD_IDENT) ? \
(s)->queue_id : (s)->ident)
#define FORWARD_DOMAIN(s) \
(((s)->xforward.flags & SMTPD_STATE_XFORWARD_DOMAIN) ? \
(s)->xforward.domain : (s)->rewrite_context_name)
extern void smtpd_xforward_init(SMTPD_STATE *);
extern void smtpd_xforward_preset(SMTPD_STATE *);

23
postfix/src/smtpd/smtpd_check.c
View File

@@ -323,7 +323,6 @@ static int check_rcpt_maps(SMTPD_STATE *, const char *, const char *);
#define SMTPD_NAME_RECIPIENT "Recipient address"
#define SMTPD_NAME_ETRN "Etrn command"
#define SMTPD_NAME_DATA "Data command"
#define SMTPD_NAME_REWRITE "Local address rewriting"
/*
* YASLM.
@@ -3397,8 +3396,8 @@ void smtpd_check_rewrite(SMTPD_STATE *state)
DICT *dict;
/*
* We don't use generic_checks() because it produces results that
* aren't applicable such as DEFER or REJECT.
* We don't use generic_checks() because it produces results that aren't
* applicable such as DEFER or REJECT.
*/
for (cpp = local_rewrite_clients->argv; *cpp != 0; cpp++) {
if (msg_verbose)
@@ -3430,6 +3429,8 @@ void smtpd_check_rewrite(SMTPD_STATE *state)
continue;
}
if (status == SMTPD_CHECK_OK) {
if (state->rewrite_context_name)
myfree(state->rewrite_context_name);
state->rewrite_context_name = mystrdup(REWRITE_LOCAL);
return;
}
@@ -4063,7 +4064,7 @@ char *var_def_rbl_reply;
char *var_relay_rcpt_maps;
char *var_verify_sender;
char *var_smtpd_sasl_opts;
char *var_remote_rwr_name;
char *var_remote_rwr_domain;
char *var_local_rwr_clients;
typedef struct {
@@ -4105,7 +4106,7 @@ static STRING_TABLE string_table[] = {
VAR_VERIFY_SENDER, DEF_VERIFY_SENDER, &var_verify_sender,
VAR_MAIL_NAME, DEF_MAIL_NAME, &var_mail_name,
VAR_SMTPD_SASL_OPTS, DEF_SMTPD_SASL_OPTS, &var_smtpd_sasl_opts,
VAR_REM_RWR_NAME, DEF_REM_RWR_NAME, &var_remote_rwr_name,
VAR_REM_RWR_DOMAIN, DEF_REM_RWR_DOMAIN, &var_remote_rwr_domain,
VAR_LOC_RWR_CLIENTS, DEF_LOC_RWR_CLIENTS, &var_local_rwr_clients,
0,
};
@@ -4171,6 +4172,8 @@ int var_verify_poll_delay;
int var_smtpd_policy_tmout;
int var_smtpd_policy_idle;
int var_smtpd_policy_ttl;
int var_smtpd_rej_unl_from;
int var_smtpd_rej_unl_rcpt;
static INT_TABLE int_table[] = {
"msg_verbose", 0, &msg_verbose,
@@ -4195,6 +4198,8 @@ static INT_TABLE int_table[] = {
VAR_VIRT_MAILBOX_CODE, DEF_VIRT_MAILBOX_CODE, &var_virt_mailbox_code,
VAR_SHOW_UNK_RCPT_TABLE, DEF_SHOW_UNK_RCPT_TABLE, &var_show_unk_rcpt_table,
VAR_VERIFY_POLL_COUNT, DEF_VERIFY_POLL_COUNT, &var_verify_poll_count,
VAR_SMTPD_REJ_UNL_FROM, DEF_SMTPD_REJ_UNL_FROM, &var_smtpd_rej_unl_from,
VAR_SMTPD_REJ_UNL_RCPT, DEF_SMTPD_REJ_UNL_RCPT, &var_smtpd_rej_unl_rcpt,
0,
};
@@ -4411,7 +4416,7 @@ int main(int argc, char **argv)
string_init();
int_init();
smtpd_check_init();
smtpd_state_init(&state, VSTREAM_IN);
smtpd_state_init(&state, VSTREAM_IN, "smtpd");
state.queue_id = "<queue id>";
/*
@@ -4589,11 +4594,17 @@ int main(int argc, char **argv)
* Show commands.
*/
default:
if (strcasecmp(args->argv[0], "check_rewrite") == 0) {
smtpd_check_rewrite(&state);
resp = state.rewrite_context_name;
break;
}
resp = "Commands...\n\
client <name> <address> [<code>]\n\
helo <hostname>\n\
sender <address>\n\
recipient <address>\n\
check_rewrite\n\
msg_verbose <level>\n\
client_restrictions <restrictions>\n\
helo_restrictions <restrictions>\n\

1
postfix/src/smtpd/smtpd_exp.ref
View File

@@ -123,7 +123,6 @@ OK
>>> sender_restrictions check_sender_mx_access,hash:smtpd_check_access
OK
>>> mail foo@pls.net.au
./smtpd_check: warning: numeric domain name in resource data of MX record for pls.net.au: 203.3.110.241
OK
>>> #mail foo@verisign-wildcard.com
>>> mail foo@verisign.com

2
postfix/src/smtpd/smtpd_proxy.c
View File

@@ -340,7 +340,7 @@ int smtpd_proxy_open(SMTPD_STATE *state, const char *service,
FORWARD_PROTO(state))))
&& (!(state->proxy_xforward_features & SMTPD_PROXY_XFORWARD_DOMAIN)
|| !(bad = smtpd_xforward(state, buf, XFORWARD_DOMAIN, 1,
STREQ(state->rewrite_context_name, REWRITE_LOCAL) ?
STREQ(FORWARD_DOMAIN(state), REWRITE_LOCAL) ?
XFORWARD_DOM_LOCAL : XFORWARD_DOM_REMOTE))))
bad = smtpd_xforward_flush(state, buf);
vstring_free(buf);

3
postfix/src/smtpd/smtpd_xforward.c
View File

@@ -59,6 +59,7 @@ void smtpd_xforward_init(SMTPD_STATE *state)
state->xforward.protocol = 0;
state->xforward.helo_name = 0;
state->xforward.ident = 0;
state->xforward.domain = 0;
}
/* smtpd_xforward_preset - set xforward attributes to "unknown" */
@@ -85,6 +86,7 @@ void smtpd_xforward_preset(SMTPD_STATE *state)
/* Leave helo at zero. */
state->xforward.protocol = mystrdup(CLIENT_PROTO_UNKNOWN);
/* Leave ident at zero. */
/* Leave domain context at zero. */
}
/* smtpd_xforward_reset - reset XCLIENT attributes */
@@ -100,4 +102,5 @@ void smtpd_xforward_reset(SMTPD_STATE *state)
FREE_AND_WIPE(state->xforward.protocol);
FREE_AND_WIPE(state->xforward.helo_name);
FREE_AND_WIPE(state->xforward.ident);
FREE_AND_WIPE(state->xforward.domain);
}

11
postfix/src/trivial-rewrite/trivial-rewrite.c
View File

@@ -13,13 +13,12 @@
/* address rewriting context:
/* .RS
/* .IP \fBlocal\fR
/* .IP \fBnone\fR
/* Append the domain names specified with \fB$myorigin\fR or
/* \fB$mydomain\fR to incomplete addresses; do \fBswap_bangpath\fR
/* and \fBallow_percent_hack\fR processing as described below, and
/* strip source routed addresses (\fI@site,@site:user@domain\fR)
/* to \fIuser@domain\fR form.
/* .IP \fBinvalid\fR
/* .IP \fBremote\fR
/* Append the domain name specified with
/* \fB$remote_header_rewrite_domain\fR to incomplete
/* addresses. Otherwise the result is identical to that of
@@ -107,10 +106,10 @@
/* Enable the rewriting of "site!user" into "user@site".
/* .PP
/* Available in Postfix 2.2 and later:
/* .IP "\fBremote_header_rewrite_domain (domain.invalid)\fR"
/* Append this domain to incomplete message header addresses from
/* remote clients; when the domain is empty, don't rewrite remote message
/* headers at all.
/* .IP "\fBremote_header_rewrite_domain (empty)\fR"
/* Don't rewrite message headers from remote clients at all when
/* this parameter is empty; otherwise, rewrite remote message headers
/* and append the specified domain name to incomplete addresses.
/* ROUTING CONTROLS
/* .ad
/* .fi

18
postfix/src/util/dict_db.c
View File

@@ -167,6 +167,12 @@ static const char *dict_db_lookup(DICT *dict, const char *name)
static VSTRING *buf;
const char *result = 0;
/*
* Sanity check.
*/
if ((dict->flags & (DICT_FLAG_TRY1NULL | DICT_FLAG_TRY0NULL)) == 0)
msg_panic("dict_db_lookup: no DICT_FLAG_TRY1NULL | DICT_FLAG_TRY0NULL flag");
dict_errno = 0;
memset(&db_key, 0, sizeof(db_key));
memset(&db_value, 0, sizeof(db_value));
@@ -231,6 +237,12 @@ static void dict_db_update(DICT *dict, const char *name, const char *value)
DBT db_value;
int status;
/*
* Sanity check.
*/
if ((dict->flags & (DICT_FLAG_TRY1NULL | DICT_FLAG_TRY0NULL)) == 0)
msg_panic("dict_db_update: no DICT_FLAG_TRY1NULL | DICT_FLAG_TRY0NULL flag");
memset(&db_key, 0, sizeof(db_key));
memset(&db_value, 0, sizeof(db_value));
db_key.data = (void *) name;
@@ -302,6 +314,12 @@ static int dict_db_delete(DICT *dict, const char *name)
int status = 1;
int flags = 0;
/*
* Sanity check.
*/
if ((dict->flags & (DICT_FLAG_TRY1NULL | DICT_FLAG_TRY0NULL)) == 0)
msg_panic("dict_db_delete: no DICT_FLAG_TRY1NULL | DICT_FLAG_TRY0NULL flag");
memset(&db_key, 0, sizeof(db_key));
/*

18
postfix/src/util/dict_dbm.c
View File

@@ -78,6 +78,12 @@ static const char *dict_dbm_lookup(DICT *dict, const char *name)
static VSTRING *buf;
const char *result = 0;
/*
* Sanity check.
*/
if ((dict->flags & (DICT_FLAG_TRY1NULL | DICT_FLAG_TRY0NULL)) == 0)
msg_panic("dict_dbm_lookup: no DICT_FLAG_TRY1NULL | DICT_FLAG_TRY0NULL flag");
dict_errno = 0;
/*
@@ -137,6 +143,12 @@ static void dict_dbm_update(DICT *dict, const char *name, const char *value)
datum dbm_value;
int status;
/*
* Sanity check.
*/
if ((dict->flags & (DICT_FLAG_TRY1NULL | DICT_FLAG_TRY0NULL)) == 0)
msg_panic("dict_dbm_update: no DICT_FLAG_TRY1NULL | DICT_FLAG_TRY0NULL flag");
dbm_key.dptr = (void *) name;
dbm_value.dptr = (void *) value;
dbm_key.dsize = strlen(name);
@@ -202,6 +214,12 @@ static int dict_dbm_delete(DICT *dict, const char *name)
int status = 1;
int flags = 0;
/*
* Sanity check.
*/
if ((dict->flags & (DICT_FLAG_TRY1NULL | DICT_FLAG_TRY0NULL)) == 0)
msg_panic("dict_dbm_delete: no DICT_FLAG_TRY1NULL | DICT_FLAG_TRY0NULL flag");
/*
* Acquire an exclusive lock.
*/

6
postfix/src/util/dict_nis.c
View File

@@ -143,6 +143,12 @@ static const char *dict_nis_lookup(DICT *dict, const char *key)
int err;
static VSTRING *buf;
/*
* Sanity check.
*/
if ((dict->flags & (DICT_FLAG_TRY1NULL | DICT_FLAG_TRY0NULL)) == 0)
msg_panic("dict_nis_lookup: no DICT_FLAG_TRY1NULL | DICT_FLAG_TRY0NULL flag");
dict_errno = 0;
if (dict_nis_domain == dict_nis_disabled)
return (0);

46
postfix/src/util/dict_nisplus.c
View File

@@ -119,10 +119,11 @@ static const char *dict_nisplus_lookup(DICT *dict, const char *key)
DICT_NISPLUS *dict_nisplus = (DICT_NISPLUS *) dict;
static VSTRING *quoted_key;
static VSTRING *query;
static VSTRING *reply;
nis_result *nis_alias;
static VSTRING *retval;
nis_result *reply;
int count;
const char *cp;
int last_col;
int ch;
/*
@@ -131,7 +132,7 @@ static const char *dict_nisplus_lookup(DICT *dict, const char *key)
dict_errno = 0;
if (quoted_key == 0) {
query = vstring_alloc(100);
reply = vstring_alloc(100);
retval = vstring_alloc(100);
quoted_key = vstring_alloc(100);
}
@@ -168,29 +169,35 @@ static const char *dict_nisplus_lookup(DICT *dict, const char *key)
* addresses (in envelopes or in headers) have a finite length.
*/
vstring_sprintf(query, dict_nisplus->template, STR(quoted_key));
nis_alias = nis_list(STR(query), FOLLOW_LINKS | FOLLOW_PATH, NULL, NULL);
reply = nis_list(STR(query), FOLLOW_LINKS | FOLLOW_PATH, NULL, NULL);
/*
* When lookup succeeds, the result may be unusable because it is
* ambiguous.
* When lookup succeeds, the result may be ambiguous, or the requested
* column may not exist.
*/
if (nis_alias->status == NIS_SUCCESS) {
if ((count = NIS_RES_NUMOBJ(nis_alias)) != 1) {
if (reply->status == NIS_SUCCESS) {
if ((count = NIS_RES_NUMOBJ(reply)) != 1) {
msg_warn("ambiguous match (%d results) for %s in NIS+ map %s:"
" ignoring this request",
count, key, dict_nisplus->dict.name);
nis_freeresult(nis_alias);
nis_freeresult(reply);
return (0);
} else {
vstring_strcpy(reply,
NIS_RES_OBJECT(nis_alias)->zo_data.objdata_u
last_col = NIS_RES_OBJECT(reply)->zo_data
.objdata_u.en_data.en_cols.en_cols_len - 1;
if (dict_nisplus->column > last_col)
msg_fatal("requested column %d > max column %d in table %s",
dict_nisplus->column, last_col,
dict_nisplus->dict.name);
vstring_strcpy(retval,
NIS_RES_OBJECT(reply)->zo_data.objdata_u
.en_data.en_cols.en_cols_val[dict_nisplus->column]
.ec_value.ec_value_val);
if (msg_verbose)
msg_info("%s: %s, column %d -> %s", myname, STR(query),
dict_nisplus->column, STR(reply));
nis_freeresult(nis_alias);
return (STR(reply));
dict_nisplus->column, STR(retval));
nis_freeresult(reply);
return (STR(retval));
}
}
@@ -200,14 +207,17 @@ static const char *dict_nisplus_lookup(DICT *dict, const char *key)
* the problem and fix it.
*/
else {
if (nis_alias->status != NIS_NOTFOUND
&& nis_alias->status != NIS_PARTIAL) {
if (reply->status != NIS_NOTFOUND
&& reply->status != NIS_PARTIAL) {
msg_warn("lookup %s, NIS+ map %s: %s",
key, dict_nisplus->dict.name,
nis_sperrno(nis_alias->status));
nis_sperrno(reply->status));
dict_errno = DICT_ERR_RETRY;
} else {
if (msg_verbose)
msg_info("%s: not found: query %s", myname, STR(query));
}
nis_freeresult(nis_alias);
nis_freeresult(reply);
return (0);
}
}

1
postfix/src/util/sys_defs.h
View File

@@ -296,6 +296,7 @@ extern int opterr;
#define DEF_DB_TYPE "dbm"
#define ALIAS_DB_MAP "dbm:/etc/mail/aliases"
#define HAS_NIS
#define HAS_NISPLUS
#define USE_SYS_SOCKIO_H /* Solaris 2.5, changed sys/ioctl.h */
#define GETTIMEOFDAY(t) gettimeofday(t)
#define ROOT_PATH "/bin:/usr/bin:/sbin:/usr/sbin:/usr/ucb"