mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-22 01:49:47 +00:00
Code Issues Releases Wiki Activity

postfix-3.10-20240928

Browse Source
This commit is contained in:
Wietse Z Venema 2024-09-28 00:00:00 -05:00 committed by Viktor Dukhovni
parent 7ad397c976
commit f57aaf90a7
21 changed files with 220 additions and 167 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
postfix/HISTORY
View File

@ -28313,3 +28313,18 @@ Apologies for any names omitted.
smtp/smtp_params.c, smtp/smtp_tlsrpt.c, tls/tls_client.c,
tls/tls_proxy_client_print.c, tls/tls_proxy_client_scan.c,
tls/tlsrpt_wrapper.c, tls/tlsrpt_wrapper.h.
20240928
Feature (no code change): generate HTML anchors for manpage
sections, for example: cidr_table.5.html#table_format. The
anchor contains the section name, after replacing upper
case with lower case, and after replacing spaces with
underscores. File: mantools/man2html.
Cleanaup (no code change): regenerate all man-style pages
so that the parameter summaries at the end match the text
in postconf(5). This also updates embedded man-style
comments in Postfix source code. Files: mantools/man2html,
proto/aliases, cleanup/cleanup.c, local/local.c, smtpd/smtpd.c,
tlsproxy/tlsproxy.c.

7
postfix/WISHLIST
View File

@ -18,9 +18,10 @@ Wish list:
When debug logging is enabled, dict_db_open() logs a newline
character after the version info.
postsuper fails to write the maillog file while Postfix is down
(the fallback to 'direct write' happens after an irreversible
set_ugid() call).
postsuper fails to write the maillog file while Postfix is
down (the fallback to 'direct write' happens after an
irreversible set_ugid() call). Possible solution: figure
out if we can open the maillog file before dropping privileges.
The postdrop code should be more explicit about what
attrributes it will pass through. rec_attr_map() is not

37
postfix/conf/aliases
View File

@ -206,46 +206,49 @@ decode: root
# updated with "newaliases" or with "sendmail -bi".
#
# alias_maps (see 'postconf -d' output)
# Optional lookup tables with aliases that apply only
# to local(8) recipients; this is unlike vir-
# tual_alias_maps that apply to all recipients:
# local(8), virtual, and remote.
# Optional lookup tables that are searched only with
# an email address localpart (no domain) and that
# apply only to local(8) recipients; this is unlike
# virtual_alias_maps that are often searched with a
# full email address (including domain) and that
# apply to all recipients: local(8), virtual, and
# remote.
#
# allow_mail_to_commands (alias, forward)
# Restrict local(8) mail delivery to external com-
# Restrict local(8) mail delivery to external com-
# mands.
#
# allow_mail_to_files (alias, forward)
# Restrict local(8) mail delivery to external files.
# Restrict local(8) mail delivery to external files.
#
# expand_owner_alias (no)
# When delivering to an alias "aliasname" that has an
# "owner-aliasname" companion alias, set the envelope
# sender address to the expansion of the
# sender address to the expansion of the
# "owner-aliasname" alias.
#
# propagate_unmatched_extensions (canonical, virtual)
# What address lookup tables copy an address exten-
# What address lookup tables copy an address exten-
# sion from the lookup key to the lookup result.
#
# owner_request_special (yes)
# Enable special treatment for owner-listname entries
# in the aliases(5) file, and don't split owner-list-
# name and listname-request address localparts when
# name and listname-request address localparts when
# the recipient_delimiter is set to "-".
#
# recipient_delimiter (empty)
# The set of characters that can separate an email
# address localpart, user name, or a .forward file
# The set of characters that can separate an email
# address localpart, user name, or a .forward file
# name from its extension.
#
# Available in Postfix version 2.3 and later:
#
# frozen_delivered_to (yes)
# Update the local(8) delivery agent's idea of the
# Delivered-To: address (see prepend_deliv-
# ered_header) only once, at the start of a delivery
# attempt; do not update the Delivered-To: address
# Update the local(8) delivery agent's idea of the
# Delivered-To: address (see prepend_deliv-
# ered_header) only once, at the start of a delivery
# attempt; do not update the Delivered-To: address
# while expanding aliases or .forward files.
#
# STANDARDS
@ -258,12 +261,12 @@ decode: root
# postconf(5), configuration parameters
#
# README FILES
# Use "postconf readme_directory" or "postconf html_direc-
# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
# DATABASE_README, Postfix lookup table overview
#
# LICENSE
# The Secure Mailer license must be distributed with this
# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)

32
postfix/html/aliases.5.html
View File

@ -7,15 +7,15 @@
</head> <body> <pre>
ALIASES(5) ALIASES(5)
<b>NAME</b>
<b><a name="name">NAME</a></b>
aliases - Postfix local alias database format
<b>SYNOPSIS</b>
<b><a name="synopsis">SYNOPSIS</a></b>
<b>newaliases</b>
<b>postalias -q</b> <i>name</i> <b>[</b><i>file-type</i><b>]:[</b><i>file-name</i><b>]</b>
<b>DESCRIPTION</b>
<b><a name="description">DESCRIPTION</a></b>
The optional <a href="aliases.5.html"><b>aliases</b>(5)</a> table (<a href="postconf.5.html#alias_maps">alias_maps</a>) redirects mail for local
recipients. The redirections are processed by the Postfix <a href="local.8.html"><b>local</b>(8)</a>
delivery agent. This table is always searched with an email address
@ -105,7 +105,7 @@ ALIASES(5) ALIASES(5)
disallowed by default. To enable, edit the <b><a href="postconf.5.html#allow_mail_to_commands">allow_mail_to_com</a>-</b>
<b><a href="postconf.5.html#allow_mail_to_commands">mands</a></b> and <b><a href="postconf.5.html#allow_mail_to_files">allow_mail_to_files</a></b> configuration parameters.
<b>ADDRESS EXTENSION</b>
<b><a name="address_extension">ADDRESS EXTENSION</a></b>
When alias database search fails, and the recipient localpart contains
the optional recipient delimiter (e.g., <i>user+foo</i>), the search is
repeated for the unextended address (e.g., <i>user</i>).
@ -114,11 +114,11 @@ ALIASES(5) ALIASES(5)
unmatched address extension (<i>+foo</i>) is propagated to the result of table
lookup.
<b>CASE FOLDING</b>
<b><a name="case_folding">CASE FOLDING</a></b>
The <a href="local.8.html">local(8)</a> delivery agent always folds the search string to lowercase
before database lookup.
<b>REGULAR EXPRESSION TABLES</b>
<b><a name="regular_expression_tables">REGULAR EXPRESSION TABLES</a></b>
This section describes how the table lookups change when the table is
given in the form of regular expressions. For a description of regular
expression lookup table syntax, see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
@ -133,7 +133,7 @@ ALIASES(5) ALIASES(5)
Lookup results are the same as with indexed file lookups. For security
reasons there is no support for <b>$1</b>, <b>$2</b> etc. substring interpolation.
<b>SECURITY</b>
<b><a name="security">SECURITY</a></b>
The <a href="local.8.html"><b>local</b>(8)</a> delivery agent disallows regular expression substitution
of $1 etc. in <b><a href="postconf.5.html#alias_maps">alias_maps</a></b>, because that would open a security hole.
@ -142,7 +142,7 @@ ALIASES(5) ALIASES(5)
directly. Before Postfix version 2.2, the <a href="local.8.html"><b>local</b>(8)</a> delivery agent will
terminate with a fatal error.
<b>CONFIGURATION PARAMETERS</b>
<b><a name="configuration_parameters">CONFIGURATION PARAMETERS</a></b>
The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant. The text
below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for more
details including examples.
@ -152,9 +152,11 @@ ALIASES(5) ALIASES(5)
"<b>newaliases</b>" or with "<b>sendmail -bi</b>".
<b><a href="postconf.5.html#alias_maps">alias_maps</a> (see 'postconf -d' output)</b>
Optional lookup tables with aliases that apply only to <a href="local.8.html"><b>local</b>(8)</a>
recipients; this is unlike <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> that apply to all
recipients: <a href="local.8.html"><b>local</b>(8)</a>, virtual, and remote.
Optional lookup tables that are searched only with an email
address localpart (no domain) and that apply only to <a href="local.8.html"><b>local</b>(8)</a>
recipients; this is unlike <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> that are often
searched with a full email address (including domain) and that
apply to all recipients: <a href="local.8.html"><b>local</b>(8)</a>, virtual, and remote.
<b><a href="postconf.5.html#allow_mail_to_commands">allow_mail_to_commands</a> (alias, forward)</b>
Restrict <a href="local.8.html"><b>local</b>(8)</a> mail delivery to external commands.
@ -189,19 +191,19 @@ ALIASES(5) ALIASES(5)
of a delivery attempt; do not update the Delivered-To: address
while expanding aliases or .forward files.
<b>STANDARDS</b>
<b><a name="standards">STANDARDS</a></b>
<a href="https://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
<b>SEE ALSO</b>
<b><a name="see_also">SEE ALSO</a></b>
<a href="local.8.html">local(8)</a>, local delivery agent
<a href="newaliases.1.html">newaliases(1)</a>, create/update alias database
<a href="postalias.1.html">postalias(1)</a>, create/update alias database
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<b>README FILES</b>
<b><a name="readme_files">README FILES</a></b>
<a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
<b>LICENSE</b>
<b><a name="license">LICENSE</a></b>
The Secure Mailer license must be distributed with this software.
<b>AUTHOR(S)</b>

48
postfix/html/cleanup.8.html
View File

@ -7,13 +7,13 @@
</head> <body> <pre>
CLEANUP(8) CLEANUP(8)
<b>NAME</b>
<b><a name="name">NAME</a></b>
cleanup - canonicalize and enqueue Postfix message
<b>SYNOPSIS</b>
<b><a name="synopsis">SYNOPSIS</a></b>
<b>cleanup</b> [generic Postfix daemon options]
<b>DESCRIPTION</b>
<b><a name="description">DESCRIPTION</a></b>
The <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon processes inbound mail, inserts it into the
<b>incoming</b> mail queue, and informs the queue manager of its arrival.
@ -62,7 +62,7 @@ CLEANUP(8) CLEANUP(8)
<a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon to bounce the message back to the sender in case of
trouble.
<b>STANDARDS</b>
<b><a name="standards">STANDARDS</a></b>
<a href="https://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
<a href="https://tools.ietf.org/html/rfc2045">RFC 2045</a> (MIME: Format of Internet Message Bodies)
<a href="https://tools.ietf.org/html/rfc2046">RFC 2046</a> (MIME: Media Types)
@ -71,14 +71,14 @@ CLEANUP(8) CLEANUP(8)
<a href="https://tools.ietf.org/html/rfc3464">RFC 3464</a> (Delivery status notifications)
<a href="https://tools.ietf.org/html/rfc5322">RFC 5322</a> (Internet Message Format)
<b>DIAGNOSTICS</b>
<b><a name="diagnostics">DIAGNOSTICS</a></b>
Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
<b>BUGS</b>
<b><a name="bugs">BUGS</a></b>
Table-driven rewriting rules make it hard to express <b>if then else</b> and
other logical relationships.
<b>CONFIGURATION PARAMETERS</b>
<b><a name="configuration_parameters">CONFIGURATION PARAMETERS</a></b>
Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="cleanup.8.html"><b>cleanup</b>(8)</a> processes
run for only a limited amount of time. Use the command "<b>postfix reload</b>"
to speed up a change.
@ -86,7 +86,7 @@ CLEANUP(8) CLEANUP(8)
The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
more details including examples.
<b>COMPATIBILITY CONTROLS</b>
<b><a name="compatibility_controls">COMPATIBILITY CONTROLS</a></b>
<b><a href="postconf.5.html#undisclosed_recipients_header">undisclosed_recipients_header</a> (see 'postconf -d' output)</b>
Message header that the Postfix <a href="cleanup.8.html"><b>cleanup</b>(8)</a> server inserts when a
message contains no To: or Cc: message header.
@ -121,7 +121,7 @@ CLEANUP(8) CLEANUP(8)
<b><a href="postconf.5.html#header_from_format">header_from_format</a> (standard)</b>
The format of the Postfix-generated <b>From:</b> header.
<b>BUILT-IN CONTENT FILTERING CONTROLS</b>
<b><a name="built-in_content_filtering_controls">BUILT-IN CONTENT FILTERING CONTROLS</a></b>
Postfix built-in content filtering is meant to stop a flood of worms or
viruses. It is not a general content filter.
@ -170,7 +170,7 @@ CLEANUP(8) CLEANUP(8)
independent from how a remote mail server handles such charac-
ters.
<b>BEFORE QUEUE MILTER CONTROLS</b>
<b><a name="before_queue_milter_controls">BEFORE QUEUE MILTER CONTROLS</a></b>
As of version 2.3, Postfix supports the Sendmail version 8 Milter (mail
filter) protocol. When mail is not received via the <a href="smtpd.8.html">smtpd(8)</a> server,
the <a href="cleanup.8.html">cleanup(8)</a> server will simulate SMTP events to the extent that this
@ -256,7 +256,7 @@ CLEANUP(8) CLEANUP(8)
for arbitrary macros that Postfix may send to Milter applica-
tions.
<b>MIME PROCESSING CONTROLS</b>
<b><a name="mime_processing_controls">MIME PROCESSING CONTROLS</a></b>
Available in Postfix version 2.0 and later:
<b><a href="postconf.5.html#disable_mime_input_processing">disable_mime_input_processing</a> (no)</b>
@ -289,7 +289,7 @@ CLEANUP(8) CLEANUP(8)
tent-Transfer-Encoding: message headers; historically, this
behavior was hard-coded to be "always on".
<b>AUTOMATIC BCC RECIPIENT CONTROLS</b>
<b><a name="automatic_bcc_recipient_controls">AUTOMATIC BCC RECIPIENT CONTROLS</a></b>
Postfix can automatically add BCC (blind carbon copy) when mail enters
the mail system:
@ -307,7 +307,7 @@ CLEANUP(8) CLEANUP(8)
Optional BCC (blind carbon-copy) address lookup tables, indexed
by envelope recipient address.
<b>ADDRESS TRANSFORMATION CONTROLS</b>
<b><a name="address_transformation_controls">ADDRESS TRANSFORMATION CONTROLS</a></b>
Address rewriting is delegated to the <a href="trivial-rewrite.8.html"><b>trivial-rewrite</b>(8)</a> daemon. The
<a href="cleanup.8.html"><b>cleanup</b>(8)</a> server implements table driven address mapping.
@ -353,9 +353,11 @@ CLEANUP(8) CLEANUP(8)
Available in Postfix version 2.0 and later:
<b><a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> ($<a href="postconf.5.html#virtual_maps">virtual_maps</a>)</b>
Optional lookup tables with aliases that apply to all recipi-
ents: <a href="local.8.html"><b>local</b>(8)</a>, virtual, and remote; this is unlike <a href="postconf.5.html#alias_maps">alias_maps</a>
that apply only to <a href="local.8.html"><b>local</b>(8)</a> recipients.
Optional lookup tables that are often searched with a full email
address (including domain) and that apply to all recipients:
<a href="local.8.html"><b>local</b>(8)</a>, virtual, and remote; this is unlike <a href="postconf.5.html#alias_maps">alias_maps</a> that
are only searched with an email address localpart (no domain)
and that apply only to <a href="local.8.html"><b>local</b>(8)</a> recipients.
Available in Postfix version 2.2 and later:
@ -378,7 +380,7 @@ CLEANUP(8) CLEANUP(8)
<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter, and adding missing head-
ers.
<b>RESOURCE AND RATE CONTROLS</b>
<b><a name="resource_and_rate_controls">RESOURCE AND RATE CONTROLS</a></b>
<b><a href="postconf.5.html#duplicate_filter_limit">duplicate_filter_limit</a> (1000)</b>
The maximal number of addresses remembered by the address dupli-
cate filter for <a href="aliases.5.html"><b>aliases</b>(5)</a> or <a href="virtual.5.html"><b>virtual</b>(5)</a> alias expansion, or for
@ -431,7 +433,7 @@ CLEANUP(8) CLEANUP(8)
The maximal length of an email address after virtual alias
expansion.
<b>SMTPUTF8 CONTROLS</b>
<b><a name="smtputf8_controls">SMTPUTF8 CONTROLS</a></b>
Preliminary SMTPUTF8 support is introduced with Postfix 3.0.
<b><a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> (yes)</b>
@ -449,7 +451,7 @@ CLEANUP(8) CLEANUP(8)
IDNA2008, when converting UTF-8 domain names to/from the ASCII
form that is used for DNS lookups.
<b>MISCELLANEOUS CONTROLS</b>
<b><a name="miscellaneous_controls">MISCELLANEOUS CONTROLS</a></b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
@ -530,11 +532,11 @@ CLEANUP(8) CLEANUP(8)
able, before <a href="postconf.5.html#header_checks">header_checks</a>, <a href="postconf.5.html#body_checks">body_checks</a>, Milters, and before
after-queue content filters.
<b>FILES</b>
<b><a name="files">FILES</a></b>
/etc/postfix/canonical*, canonical mapping table
/etc/postfix/virtual*, virtual mapping table
<b>SEE ALSO</b>
<b><a name="see_also">SEE ALSO</a></b>
<a href="trivial-rewrite.8.html">trivial-rewrite(8)</a>, address rewriting
<a href="qmgr.8.html">qmgr(8)</a>, queue manager
<a href="header_checks.5.html">header_checks(5)</a>, message header content inspection
@ -547,11 +549,11 @@ CLEANUP(8) CLEANUP(8)
<a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
syslogd(8), system logging
<b>README FILES</b>
<b><a name="readme_files">README FILES</a></b>
<a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a> Postfix address manipulation
<a href="CONTENT_INSPECTION_README.html">CONTENT_INSPECTION_README</a> content inspection
<b>LICENSE</b>
<b><a name="license">LICENSE</a></b>
The Secure Mailer license must be distributed with this software.
<b>AUTHOR(S)</b>

60
postfix/html/local.8.html
View File

@ -7,13 +7,13 @@
</head> <body> <pre>
LOCAL(8) LOCAL(8)
<b>NAME</b>
<b><a name="name">NAME</a></b>
local - Postfix local mail delivery
<b>SYNOPSIS</b>
<b><a name="synopsis">SYNOPSIS</a></b>
<b>local</b> [generic Postfix daemon options]
<b>DESCRIPTION</b>
<b><a name="description">DESCRIPTION</a></b>
The <a href="local.8.html"><b>local</b>(8)</a> daemon processes delivery requests from the Postfix queue
manager to deliver mail to local recipients. Each delivery request
specifies a queue file, a sender address, a domain or host to deliver
@ -25,12 +25,12 @@ LOCAL(8) LOCAL(8)
again at a later time. Delivery status reports are sent to the
<a href="bounce.8.html"><b>bounce</b>(8)</a>, <a href="defer.8.html"><b>defer</b>(8)</a> or <a href="trace.8.html"><b>trace</b>(8)</a> daemon as appropriate.
<b>CASE FOLDING</b>
<b><a name="case_folding">CASE FOLDING</a></b>
All delivery decisions are made using the bare recipient name (i.e. the
address localpart), folded to lower case. See also under ADDRESS
EXTENSION below for a few exceptions.
<b>SYSTEM-WIDE AND USER-LEVEL ALIASING</b>
<b><a name="system-wide_and_user-level_aliasing">SYSTEM-WIDE AND USER-LEVEL ALIASING</a></b>
The system administrator can set up one or more system-wide <b>send-</b>
<b>mail</b>-style alias databases. Users can have <b>sendmail</b>-style ~/.<b>forward</b>
files. Mail for <i>name</i> is delivered to the alias <i>name</i>, to destinations
@ -80,7 +80,7 @@ LOCAL(8) LOCAL(8)
attempts to avoid duplicate deliveries. The <b><a href="postconf.5.html#duplicate_filter_limit">duplicate_filter_limit</a></b> con-
figuration parameter limits the number of remembered recipients.
<b>MAIL FORWARDING</b>
<b><a name="mail_forwarding">MAIL FORWARDING</a></b>
For the sake of reliability, forwarded mail is re-submitted as a new
message, so that each recipient has a separate on-file delivery status
record.
@ -90,7 +90,7 @@ LOCAL(8) LOCAL(8)
address. If mail arrives for a recipient that is already listed in a
<b>Delivered-To:</b> header, the message is bounced.
<b>MAILBOX DELIVERY</b>
<b><a name="mailbox_delivery">MAILBOX DELIVERY</a></b>
The default per-user mailbox is a file in the UNIX mail spool directory
(<b>/var/mail/</b><i>user</i> or <b>/var/spool/mail/</b><i>user</i>); the location can be specified
with the <b><a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a></b> configuration parameter. Specify a name
@ -132,7 +132,7 @@ LOCAL(8) LOCAL(8)
to Postfix, and prepends a <b>Return-Path:</b> header with the envelope sender
address.
<b>EXTERNAL COMMAND DELIVERY</b>
<b><a name="external_command_delivery">EXTERNAL COMMAND DELIVERY</a></b>
The <b><a href="postconf.5.html#allow_mail_to_commands">allow_mail_to_commands</a></b> configuration parameter restricts delivery
to external commands. The default setting (<b>alias, forward</b>) forbids com-
mand destinations in <b>:include:</b> files.
@ -246,7 +246,7 @@ LOCAL(8) LOCAL(8)
with the final recipient envelope address, prepends a <b>Return-Path:</b>
header with the sender envelope address, and appends no empty line.
<b>EXTERNAL FILE DELIVERY</b>
<b><a name="external_file_delivery">EXTERNAL FILE DELIVERY</a></b>
The delivery format depends on the destination filename syntax. The
default is to use UNIX-style mailbox format. Specify a name ending in
<b>/</b> for <b>qmail</b>-compatible <b>maildir</b> delivery.
@ -272,7 +272,7 @@ LOCAL(8) LOCAL(8)
to Postfix. The envelope sender address is available in the
<b>Return-Path:</b> header.
<b>ADDRESS EXTENSION</b>
<b><a name="address_extension">ADDRESS EXTENSION</a></b>
The optional <b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a></b> configuration parameter specifies how
to separate address extensions from local recipient names.
@ -281,7 +281,7 @@ LOCAL(8) LOCAL(8)
tions listed in ~<i>name</i>/.<b>forward</b>+<i>foo</i> or in ~<i>name</i>/.<b>forward</b>, to the mailbox
owned by the user <i>name</i>, or it is sent back as undeliverable.
<b>DELIVERY RIGHTS</b>
<b><a name="delivery_rights">DELIVERY RIGHTS</a></b>
Deliveries to external files and external commands are made with the
rights of the receiving user on whose behalf the delivery is made. In
the absence of a user context, the <a href="local.8.html"><b>local</b>(8)</a> daemon uses the owner
@ -289,11 +289,11 @@ LOCAL(8) LOCAL(8)
owned by the superuser, delivery is made with the rights specified with
the <b><a href="postconf.5.html#default_privs">default_privs</a></b> configuration parameter.
<b>STANDARDS</b>
<b><a name="standards">STANDARDS</a></b>
<a href="https://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
<a href="https://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced status codes)
<b>DIAGNOSTICS</b>
<b><a name="diagnostics">DIAGNOSTICS</a></b>
Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
Corrupted message files are marked so that the queue manager can move
them to the <b>corrupt</b> queue afterwards.
@ -301,7 +301,7 @@ LOCAL(8) LOCAL(8)
Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas-
ter is notified of bounces and of other trouble.
<b>SECURITY</b>
<b><a name="security">SECURITY</a></b>
The <a href="local.8.html"><b>local</b>(8)</a> delivery agent needs a dual personality 1) to access the
private Postfix queue and IPC mechanisms, 2) to impersonate the recipi-
ent and deliver to recipient-specified files or commands. It is there-
@ -315,7 +315,7 @@ LOCAL(8) LOCAL(8)
directly. Before Postfix version 2.2, the <a href="local.8.html"><b>local</b>(8)</a> delivery agent will
terminate with a fatal error.
<b>BUGS</b>
<b><a name="bugs">BUGS</a></b>
For security reasons, the message delivery status of external commands
or of external files is never checkpointed to file. As a result, the
program may occasionally deliver more than once to a command or exter-
@ -325,7 +325,7 @@ LOCAL(8) LOCAL(8)
The resulting mail forwarding loop is broken by the use of the <b>Deliv-</b>
<b>ered-To:</b> message header.
<b>CONFIGURATION PARAMETERS</b>
<b><a name="configuration_parameters">CONFIGURATION PARAMETERS</a></b>
Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="local.8.html"><b>local</b>(8)</a> processes
run for only a limited amount of time. Use the command "<b>postfix reload</b>"
to speed up a change.
@ -333,7 +333,7 @@ LOCAL(8) LOCAL(8)
The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
more details including examples.
<b>COMPATIBILITY CONTROLS</b>
<b><a name="compatibility_controls">COMPATIBILITY CONTROLS</a></b>
<b><a href="postconf.5.html#biff">biff</a> (yes)</b>
Whether or not to use the local <a href="postconf.5.html#biff">biff</a> service.
@ -377,16 +377,18 @@ LOCAL(8) LOCAL(8)
status code or explanatory text of successful or unsuccessful
deliveries.
<b>DELIVERY METHOD CONTROLS</b>
<b><a name="delivery_method_controls">DELIVERY METHOD CONTROLS</a></b>
The precedence of <a href="local.8.html"><b>local</b>(8)</a> delivery methods from high to low is:
aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>, <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>,
<a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_direc</a>-
<a href="postconf.5.html#mail_spool_directory">tory</a>, <a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a>, <a href="postconf.5.html#fallback_transport">fallback_transport</a>, and <a href="postconf.5.html#luser_relay">luser_relay</a>.
<b><a href="postconf.5.html#alias_maps">alias_maps</a> (see 'postconf -d' output)</b>
Optional lookup tables with aliases that apply only to <a href="local.8.html"><b>local</b>(8)</a>
recipients; this is unlike <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> that apply to all
recipients: <a href="local.8.html"><b>local</b>(8)</a>, virtual, and remote.
Optional lookup tables that are searched only with an email
address localpart (no domain) and that apply only to <a href="local.8.html"><b>local</b>(8)</a>
recipients; this is unlike <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> that are often
searched with a full email address (including domain) and that
apply to all recipients: <a href="local.8.html"><b>local</b>(8)</a>, virtual, and remote.
<b><a href="postconf.5.html#forward_path">forward_path</a> (see 'postconf -d' output)</b>
The <a href="local.8.html"><b>local</b>(8)</a> delivery agent search list for finding a .forward
@ -436,7 +438,7 @@ LOCAL(8) LOCAL(8)
The <a href="local.8.html"><b>local</b>(8)</a> delivery agent working directory for delivery to
external commands.
<b>MAILBOX LOCKING CONTROLS</b>
<b><a name="mailbox_locking_controls">MAILBOX LOCKING CONTROLS</a></b>
<b><a href="postconf.5.html#deliver_lock_attempts">deliver_lock_attempts</a> (20)</b>
The maximal number of attempts to acquire an exclusive lock on a
mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
@ -453,7 +455,7 @@ LOCAL(8) LOCAL(8)
How to lock a UNIX-style <a href="local.8.html"><b>local</b>(8)</a> mailbox before attempting
delivery.
<b>RESOURCE AND RATE CONTROLS</b>
<b><a name="resource_and_rate_controls">RESOURCE AND RATE CONTROLS</a></b>
<b><a href="postconf.5.html#command_time_limit">command_time_limit</a> (1000s)</b>
Time limit for delivery to external commands.
@ -479,7 +481,7 @@ LOCAL(8) LOCAL(8)
The maximal number of recipients per message delivery via the
local mail delivery transport.
<b>SECURITY CONTROLS</b>
<b><a name="security_controls">SECURITY CONTROLS</a></b>
<b><a href="postconf.5.html#allow_mail_to_commands">allow_mail_to_commands</a> (alias, forward)</b>
Restrict <a href="local.8.html"><b>local</b>(8)</a> mail delivery to external commands.
@ -511,7 +513,7 @@ LOCAL(8) LOCAL(8)
Defer delivery when a mailbox file is not owned by its recipi-
ent.
<b>MISCELLANEOUS CONTROLS</b>
<b><a name="miscellaneous_controls">MISCELLANEOUS CONTROLS</a></b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
@ -593,13 +595,13 @@ LOCAL(8) LOCAL(8)
The email address form that will be used in non-debug logging
(info, warning, etc.).
<b>FILES</b>
<b><a name="files">FILES</a></b>
The following are examples; details differ between systems.
$HOME/.forward, per-user aliasing
/etc/aliases, system-wide alias database
/var/spool/mail, system mailboxes
<b>SEE ALSO</b>
<b><a name="see_also">SEE ALSO</a></b>
<a href="qmgr.8.html">qmgr(8)</a>, queue manager
<a href="bounce.8.html">bounce(8)</a>, delivery status reports
<a href="newaliases.1.html">newaliases(1)</a>, create/update alias database
@ -610,10 +612,10 @@ LOCAL(8) LOCAL(8)
<a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
syslogd(8), system logging
<b>LICENSE</b>
<b><a name="license">LICENSE</a></b>
The Secure Mailer license must be distributed with this software.
<b>HISTORY</b>
<b><a name="history">HISTORY</a></b>
The <b>Delivered-To:</b> message header appears in the <b>qmail</b> system by Daniel
Bernstein.

70
postfix/html/smtpd.8.html
View File

@ -7,15 +7,15 @@
</head> <body> <pre>
SMTPD(8) SMTPD(8)
<b>NAME</b>
<b><a name="name">NAME</a></b>
smtpd - Postfix SMTP server
<b>SYNOPSIS</b>
<b><a name="synopsis">SYNOPSIS</a></b>
<b>smtpd</b> [generic Postfix daemon options]
<b>sendmail -bs</b>
<b>DESCRIPTION</b>
<b><a name="description">DESCRIPTION</a></b>
The SMTP server accepts network connection requests and performs zero
or more SMTP transactions per connection. Each received message is
piped through the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon, and is placed into the <b>incoming</b>
@ -35,12 +35,12 @@ SMTPD(8) SMTPD(8)
<b>RCPT TO</b> commands. They are detailed below and in the <a href="postconf.5.html"><b>main.cf</b></a> configura-
tion file.
<b>SECURITY</b>
<b><a name="security">SECURITY</a></b>
The SMTP server is moderately security-sensitive. It talks to SMTP
clients and to DNS servers on the network. The SMTP server can be run
chrooted at fixed low privilege.
<b>STANDARDS</b>
<b><a name="standards">STANDARDS</a></b>
<a href="https://tools.ietf.org/html/rfc821">RFC 821</a> (SMTP protocol)
<a href="https://tools.ietf.org/html/rfc1123">RFC 1123</a> (Host requirements)
<a href="https://tools.ietf.org/html/rfc1652">RFC 1652</a> (8bit-MIME transport)
@ -63,14 +63,14 @@ SMTPD(8) SMTPD(8)
<a href="https://tools.ietf.org/html/rfc6533">RFC 6533</a> (Internationalized Delivery Status Notifications)
<a href="https://tools.ietf.org/html/rfc7505">RFC 7505</a> ("Null MX" No Service Resource Record)
<b>DIAGNOSTICS</b>
<b><a name="diagnostics">DIAGNOSTICS</a></b>
Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas-
ter is notified of bounces, protocol problems, policy violations, and
of other trouble.
<b>CONFIGURATION PARAMETERS</b>
<b><a name="configuration_parameters">CONFIGURATION PARAMETERS</a></b>
Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="smtpd.8.html"><b>smtpd</b>(8)</a> processes
run for only a limited amount of time. Use the command "<b>postfix reload</b>"
to speed up a change.
@ -78,7 +78,7 @@ SMTPD(8) SMTPD(8)
The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
more details including examples.
<b>COMPATIBILITY CONTROLS</b>
<b><a name="compatibility_controls">COMPATIBILITY CONTROLS</a></b>
The following parameters work around implementation errors in other
software, and/or allow you to override standards in order to prevent
undesirable use.
@ -190,7 +190,7 @@ SMTPD(8) SMTPD(8)
DATA and BDAT requests, when deadlines are enabled with
<a href="postconf.5.html#smtpd_per_request_deadline">smtpd_per_request_deadline</a>.
<b>ADDRESS REWRITING CONTROLS</b>
<b><a name="address_rewriting_controls">ADDRESS REWRITING CONTROLS</a></b>
See the <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a> document for a detailed discussion of
Postfix address rewriting.
@ -205,7 +205,7 @@ SMTPD(8) SMTPD(8)
updating incomplete addresses with the domain name in $<a href="postconf.5.html#myorigin">myorigin</a>
or $<a href="postconf.5.html#mydomain">mydomain</a>, and adding missing headers.
<b>BEFORE-SMTPD PROXY AGENT</b>
<b><a name="before-smtpd_proxy_agent">BEFORE-SMTPD PROXY AGENT</a></b>
Available in Postfix version 2.10 and later:
<b><a href="postconf.5.html#smtpd_upstream_proxy_protocol">smtpd_upstream_proxy_protocol</a> (empty)</b>
@ -216,7 +216,7 @@ SMTPD(8) SMTPD(8)
The time limit for the proxy protocol specified with the
<a href="postconf.5.html#smtpd_upstream_proxy_protocol">smtpd_upstream_proxy_protocol</a> parameter.
<b>AFTER QUEUE EXTERNAL CONTENT INSPECTION CONTROLS</b>
<b><a name="after_queue_external_content_inspection_controls">AFTER QUEUE EXTERNAL CONTENT INSPECTION CONTROLS</a></b>
As of version 1.0, Postfix can be configured to send new mail to an
external content filter AFTER the mail is queued. This content filter
is expected to inject mail back into a (Postfix or other) MTA for fur-
@ -226,7 +226,7 @@ SMTPD(8) SMTPD(8)
After the message is queued, send the entire message to the
specified <i>transport:destination</i>.
<b>BEFORE QUEUE EXTERNAL CONTENT INSPECTION CONTROLS</b>
<b><a name="before_queue_external_content_inspection_controls">BEFORE QUEUE EXTERNAL CONTENT INSPECTION CONTROLS</a></b>
As of version 2.1, the Postfix SMTP server can be configured to send
incoming mail to a real-time SMTP-based content filter BEFORE mail is
queued. This content filter is expected to inject mail back into Post-
@ -248,7 +248,7 @@ SMTPD(8) SMTPD(8)
The time limit for connecting to a proxy filter and for sending
or receiving information.
<b>BEFORE QUEUE MILTER CONTROLS</b>
<b><a name="before_queue_milter_controls">BEFORE QUEUE MILTER CONTROLS</a></b>
As of version 2.3, Postfix supports the Sendmail version 8 Milter (mail
filter) protocol. These content filters run outside Postfix. They can
inspect the SMTP command stream and the message content, and can
@ -333,7 +333,7 @@ SMTPD(8) SMTPD(8)
Lookup tables with Milter settings per remote SMTP client IP
address.
<b>GENERAL CONTENT INSPECTION CONTROLS</b>
<b><a name="general_content_inspection_controls">GENERAL CONTENT INSPECTION CONTROLS</a></b>
The following parameters are applicable for both built-in and external
content filters.
@ -343,7 +343,7 @@ SMTPD(8) SMTPD(8)
Enable or disable recipient validation, built-in content filter-
ing, or address mapping.
<b>EXTERNAL CONTENT INSPECTION CONTROLS</b>
<b><a name="external_content_inspection_controls">EXTERNAL CONTENT INSPECTION CONTROLS</a></b>
The following parameters are applicable for both before-queue and
after-queue content filtering.
@ -353,7 +353,7 @@ SMTPD(8) SMTPD(8)
What remote SMTP clients are allowed to use the XFORWARD fea-
ture.
<b>SASL AUTHENTICATION CONTROLS</b>
<b><a name="sasl_authentication_controls">SASL AUTHENTICATION CONTROLS</a></b>
Postfix SASL support (<a href="https://tools.ietf.org/html/rfc4954">RFC 4954</a>) can be used to authenticate remote SMTP
clients to the Postfix SMTP server, and to authenticate the Postfix
SMTP client to a remote SMTP server. See the <a href="SASL_README.html">SASL_README</a> document for
@ -377,7 +377,7 @@ SMTPD(8) SMTPD(8)
<b><a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a> (empty)</b>
Optional lookup table with the SASL login names that own the
sender (MAIL FROM) addresses.
envelope sender (MAIL FROM) addresses.
Available in Postfix version 2.1 and later:
@ -430,7 +430,7 @@ SMTPD(8) SMTPD(8)
If non-empty, a filter for the SASL mechanism names that the
Postfix SMTP server will announce in the EHLO response.
<b>STARTTLS SUPPORT CONTROLS</b>
<b><a name="starttls_support_controls">STARTTLS SUPPORT CONTROLS</a></b>
Detailed information about STARTTLS configuration may be found in the
<a href="TLS_README.html">TLS_README</a> document.
@ -612,8 +612,8 @@ SMTPD(8) SMTPD(8)
Available in Postfix version 3.2 and later:
<b><a href="postconf.5.html#tls_eecdh_auto_curves">tls_eecdh_auto_curves</a> (see 'postconf -d' output)</b>
The prioritized list of elliptic curves supported by the Postfix
SMTP client and server.
The prioritized list of elliptic curves, that should be enabled
in the Postfix SMTP client and server.
Available in Postfix version 3.4 and later:
@ -655,7 +655,7 @@ SMTPD(8) SMTPD(8)
instead of an X.509 certificate, when asking for or requiring
client authentication.
<b>OBSOLETE STARTTLS CONTROLS</b>
<b><a name="obsolete_starttls_controls">OBSOLETE STARTTLS CONTROLS</a></b>
The following configuration parameters exist for compatibility with
Postfix versions before 2.3. Support for these will be removed in a
future release.
@ -673,7 +673,7 @@ SMTPD(8) SMTPD(8)
Obsolete Postfix &lt; 2.3 control for the Postfix SMTP server TLS
cipher list.
<b>SMTPUTF8 CONTROLS</b>
<b><a name="smtputf8_controls">SMTPUTF8 CONTROLS</a></b>
Preliminary SMTPUTF8 support is introduced with Postfix 3.0.
<b><a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> (yes)</b>
@ -694,7 +694,7 @@ SMTPD(8) SMTPD(8)
IDNA2008, when converting UTF-8 domain names to/from the ASCII
form that is used for DNS lookups.
<b>VERP SUPPORT CONTROLS</b>
<b><a name="verp_support_controls">VERP SUPPORT CONTROLS</a></b>
With VERP style delivery, each recipient of a message receives a cus-
tomized copy of the message with his/her own recipient address encoded
in the envelope sender address. The <a href="VERP_README.html">VERP_README</a> file describes config-
@ -722,7 +722,7 @@ SMTPD(8) SMTPD(8)
What remote SMTP clients are allowed to specify the XVERP com-
mand.
<b>TROUBLE SHOOTING CONTROLS</b>
<b><a name="trouble_shooting_controls">TROUBLE SHOOTING CONTROLS</a></b>
The <a href="DEBUG_README.html">DEBUG_README</a> document describes how to debug parts of the Postfix
mail system. The methods vary from making the software log a lot of
detail, to running some daemon processes under control of a call tracer
@ -772,7 +772,7 @@ SMTPD(8) SMTPD(8)
access lists (by default, the SMTP server logs "reject" actions
but not "permit" actions).
<b>KNOWN VERSUS UNKNOWN RECIPIENT CONTROLS</b>
<b><a name="known_versus_unknown_recipient_controls">KNOWN VERSUS UNKNOWN RECIPIENT CONTROLS</a></b>
As of Postfix version 2.0, the SMTP server rejects mail for unknown
recipients. This prevents the mail queue from clogging up with undeliv-
erable MAILER-DAEMON messages. Additional information on this topic is
@ -878,7 +878,7 @@ SMTPD(8) SMTPD(8)
specifies a list of lookup tables that does not match the recip-
ient address.
<b>RESOURCE AND RATE CONTROLS</b>
<b><a name="resource_and_rate_controls">RESOURCE AND RATE CONTROLS</a></b>
The following parameters limit resource usage by the SMTP server and/or
control client request rates.
@ -1014,7 +1014,7 @@ SMTPD(8) SMTPD(8)
The numerical Postfix SMTP server response code when rejecting a
request with "<a href="postconf.5.html#smtpd_forbid_bare_newline">smtpd_forbid_bare_newline</a> = reject".
<b>TARPIT CONTROLS</b>
<b><a name="tarpit_controls">TARPIT CONTROLS</a></b>
When a remote SMTP client makes errors, the Postfix SMTP server can
insert delays before responding. This can help to slow down run-away
software. The behavior is controlled by an error counter that counts
@ -1049,7 +1049,7 @@ SMTPD(8) SMTPD(8)
before the Postfix SMTP server increments the per-session error
count for each excess recipient.
<b>ACCESS POLICY DELEGATION CONTROLS</b>
<b><a name="access_policy_delegation_controls">ACCESS POLICY DELEGATION CONTROLS</a></b>
As of version 2.1, Postfix can be configured to delegate access policy
decisions to an external server that runs outside Postfix. See the
file <a href="SMTPD_POLICY_README.html">SMTPD_POLICY_README</a> for more information.
@ -1092,7 +1092,7 @@ SMTPD(8) SMTPD(8)
(originally, to share the same service endpoint among multiple
<a href="postconf.5.html#check_policy_service">check_policy_service</a> clients).
<b>ACCESS CONTROLS</b>
<b><a name="access_controls">ACCESS CONTROLS</a></b>
The <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a> document gives an introduction to all the SMTP
server access control features.
@ -1186,7 +1186,7 @@ SMTPD(8) SMTPD(8)
server applies in the context of the RCPT TO command, before
<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>.
<b>SENDER AND RECIPIENT ADDRESS VERIFICATION CONTROLS</b>
<b><a name="sender_and_recipient_address_verification_controls">SENDER AND RECIPIENT ADDRESS VERIFICATION CONTROLS</a></b>
Postfix version 2.1 introduces sender and recipient address verifica-
tion. This feature is implemented by sending probe email messages that
are not actually delivered. This feature is requested via the
@ -1249,7 +1249,7 @@ SMTPD(8) SMTPD(8)
The time between changes in the time-dependent portion of
address verification probe sender addresses.
<b>ACCESS CONTROL RESPONSES</b>
<b><a name="access_control_responses">ACCESS CONTROL RESPONSES</a></b>
The following parameters control numerical SMTP reply codes and/or text
responses.
@ -1338,7 +1338,7 @@ SMTPD(8) SMTPD(8)
<a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a> or <a href="postconf.5.html#reject_unknown_recipient_domain">reject_unknown_recipient_domain</a>
fail due to a temporary error condition.
<b>MISCELLANEOUS CONTROLS</b>
<b><a name="miscellaneous_controls">MISCELLANEOUS CONTROLS</a></b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
@ -1432,7 +1432,7 @@ SMTPD(8) SMTPD(8)
Lookup tables, indexed by the complete Postfix SMTP server 4xx
or 5xx response, with reject footer templates.
<b>SEE ALSO</b>
<b><a name="see_also">SEE ALSO</a></b>
<a href="anvil.8.html">anvil(8)</a>, connection/rate limiting
<a href="cleanup.8.html">cleanup(8)</a>, message canonicalization
<a href="tlsmgr.8.html">tlsmgr(8)</a>, TLS session and PRNG management
@ -1444,7 +1444,7 @@ SMTPD(8) SMTPD(8)
<a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
syslogd(8), system logging
<b>README FILES</b>
<b><a name="readme_files">README FILES</a></b>
<a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a>, blocking unknown hosted or relay recipients
<a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a>, Postfix address manipulation
<a href="BDAT_README.html">BDAT_README</a>, Postfix CHUNKING support
@ -1460,7 +1460,7 @@ SMTPD(8) SMTPD(8)
<a href="XCLIENT_README.html">XCLIENT_README</a>, Postfix XCLIENT extension
<a href="XFORWARD_README.html">XFORWARD_README</a>, Postfix XFORWARD extension
<b>LICENSE</b>
<b><a name="license">LICENSE</a></b>
The Secure Mailer license must be distributed with this software.
<b>AUTHOR(S)</b>

36
postfix/html/tlsproxy.8.html
View File

@ -7,13 +7,13 @@
</head> <body> <pre>
TLSPROXY(8) TLSPROXY(8)
<b>NAME</b>
<b><a name="name">NAME</a></b>
tlsproxy - Postfix TLS proxy
<b>SYNOPSIS</b>
<b><a name="synopsis">SYNOPSIS</a></b>
<b>tlsproxy</b> [generic Postfix daemon options]
<b>DESCRIPTION</b>
<b><a name="description">DESCRIPTION</a></b>
The <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server implements a two-way TLS proxy. It is used by
the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server to talk SMTP-over-TLS with remote SMTP clients
that are not allowlisted (including clients whose allowlist status has
@ -24,7 +24,7 @@ TLSPROXY(8) TLSPROXY(8)
same time, it is a good idea to allow the number of processes to
increase with load, so that the service remains responsive.
<b>PROTOCOL EXAMPLE</b>
<b><a name="protocol_example">PROTOCOL EXAMPLE</a></b>
The example below concerns <a href="postscreen.8.html"><b>postscreen</b>(8)</a>. However, the <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a>
server is agnostic of the application protocol, and the example is eas-
ily adapted to other applications.
@ -40,15 +40,15 @@ TLSPROXY(8) TLSPROXY(8)
of the TLS-level handshake, <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> translates between plaintext
from/to <a href="postscreen.8.html"><b>postscreen</b>(8)</a> and ciphertext to/from the remote SMTP client.
<b>SECURITY</b>
<b><a name="security">SECURITY</a></b>
The <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server is moderately security-sensitive. It talks to
untrusted clients on the network. The process can be run chrooted at
fixed low privilege.
<b>DIAGNOSTICS</b>
<b><a name="diagnostics">DIAGNOSTICS</a></b>
Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
<b>CONFIGURATION PARAMETERS</b>
<b><a name="configuration_parameters">CONFIGURATION PARAMETERS</a></b>
Changes to <a href="postconf.5.html"><b>main.cf</b></a> are not picked up automatically, as <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> pro-
cesses may run for a long time depending on mail server load. Use the
command "<b>postfix reload</b>" to speed up a change.
@ -56,7 +56,7 @@ TLSPROXY(8) TLSPROXY(8)
The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
more details including examples.
<b>STARTTLS GLOBAL CONTROLS</b>
<b><a name="starttls_global_controls">STARTTLS GLOBAL CONTROLS</a></b>
The following settings are global and therefore cannot be overruled by
information specified in a <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> client request.
@ -137,8 +137,8 @@ TLSPROXY(8) TLSPROXY(8)
Available in Postfix version 3.2 and later:
<b><a href="postconf.5.html#tls_eecdh_auto_curves">tls_eecdh_auto_curves</a> (see 'postconf -d' output)</b>
The prioritized list of elliptic curves supported by the Postfix
SMTP client and server.
The prioritized list of elliptic curves, that should be enabled
in the Postfix SMTP client and server.
Available in Postfix version 3.4 and later:
@ -169,7 +169,7 @@ TLSPROXY(8) TLSPROXY(8)
The application name passed by Postfix to OpenSSL library ini-
tialization functions.
<b>STARTTLS SERVER CONTROLS</b>
<b><a name="starttls_server_controls">STARTTLS SERVER CONTROLS</a></b>
These settings are clones of Postfix SMTP server settings. They allow
<a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> to load the same certificate and private key information as
the Postfix SMTP server, before dropping privileges, so that the key
@ -287,7 +287,7 @@ TLSPROXY(8) TLSPROXY(8)
instead of an X.509 certificate, when asking or requiring client
authentication.
<b>STARTTLS CLIENT CONTROLS</b>
<b><a name="starttls_client_controls">STARTTLS CLIENT CONTROLS</a></b>
These settings are clones of Postfix SMTP client settings. They allow
<a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> to load the same certificate and private key information as
the Postfix SMTP client, before dropping privileges, so that the key
@ -381,7 +381,7 @@ TLSPROXY(8) TLSPROXY(8)
Optional lookup tables with the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> client TLS
security policy by next-hop destination.
<b>OBSOLETE STARTTLS SUPPORT CONTROLS</b>
<b><a name="obsolete_starttls_support_controls">OBSOLETE STARTTLS SUPPORT CONTROLS</a></b>
These parameters are supported for compatibility with <a href="smtpd.8.html"><b>smtpd</b>(8)</a> legacy
parameters.
@ -400,12 +400,12 @@ TLSPROXY(8) TLSPROXY(8)
<b><a href="postconf.5.html#tlsproxy_client_enforce_tls">tlsproxy_client_enforce_tls</a> ($<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>)</b>
Enforcement mode: require that SMTP servers use TLS encryption.
<b>RESOURCE CONTROLS</b>
<b><a name="resource_controls">RESOURCE CONTROLS</a></b>
<b><a href="postconf.5.html#tlsproxy_watchdog_timeout">tlsproxy_watchdog_timeout</a> (10s)</b>
How much time a <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> process may take to process local or
remote I/O before it is terminated by a built-in watchdog timer.
<b>MISCELLANEOUS CONTROLS</b>
<b><a name="miscellaneous_controls">MISCELLANEOUS CONTROLS</a></b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
@ -428,17 +428,17 @@ TLSPROXY(8) TLSPROXY(8)
<b><a href="postconf.5.html#service_name">service_name</a> (read-only)</b>
The <a href="master.5.html">master.cf</a> service name of a Postfix daemon process.
<b>SEE ALSO</b>
<b><a name="see_also">SEE ALSO</a></b>
<a href="postscreen.8.html">postscreen(8)</a>, Postfix zombie blocker
<a href="smtpd.8.html">smtpd(8)</a>, Postfix SMTP server
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
syslogd(8), system logging
<b>LICENSE</b>
<b><a name="license">LICENSE</a></b>
The Secure Mailer license must be distributed with this software.
<b>HISTORY</b>
<b><a name="history">HISTORY</a></b>
This service was introduced with Postfix version 2.8.
<b>AUTHOR(S)</b>

8
postfix/man/man5/aliases.5
View File

@ -175,9 +175,11 @@ The text below provides only a parameter summary. See
The alias databases for \fBlocal\fR(8) delivery that are updated with
"\fBnewaliases\fR" or with "\fBsendmail \-bi\fR".
.IP "\fBalias_maps (see 'postconf -d' output)\fR"
Optional lookup tables with aliases that apply only to \fBlocal\fR(8)
recipients; this is unlike virtual_alias_maps that apply to all
recipients: \fBlocal\fR(8), virtual, and remote.
Optional lookup tables that are searched only with an email address
localpart (no domain) and that apply only to \fBlocal\fR(8) recipients;
this is unlike virtual_alias_maps that are often searched with a
full email address (including domain) and that apply to all recipients:
\fBlocal\fR(8), virtual, and remote.
.IP "\fBallow_mail_to_commands (alias, forward)\fR"
Restrict \fBlocal\fR(8) mail delivery to external commands.
.IP "\fBallow_mail_to_files (alias, forward)\fR"

6
postfix/man/man8/cleanup.8
View File

@ -329,8 +329,10 @@ remote domains.
.PP
Available in Postfix version 2.0 and later:
.IP "\fBvirtual_alias_maps ($virtual_maps)\fR"
Optional lookup tables with aliases that apply to all recipients:
\fBlocal\fR(8), virtual, and remote; this is unlike alias_maps that apply
Optional lookup tables that are often searched with a full email
address (including domain) and that apply to all recipients: \fBlocal\fR(8),
virtual, and remote; this is unlike alias_maps that are only searched
with an email address localpart (no domain) and that apply
only to \fBlocal\fR(8) recipients.
.PP
Available in Postfix version 2.2 and later:

8
postfix/man/man8/local.8
View File

@ -452,9 +452,11 @@ mailbox_transport, mailbox_command_maps, mailbox_command,
home_mailbox, mail_spool_directory, fallback_transport_maps,
fallback_transport, and luser_relay.
.IP "\fBalias_maps (see 'postconf -d' output)\fR"
Optional lookup tables with aliases that apply only to \fBlocal\fR(8)
recipients; this is unlike virtual_alias_maps that apply to all
recipients: \fBlocal\fR(8), virtual, and remote.
Optional lookup tables that are searched only with an email address
localpart (no domain) and that apply only to \fBlocal\fR(8) recipients;
this is unlike virtual_alias_maps that are often searched with a
full email address (including domain) and that apply to all recipients:
\fBlocal\fR(8), virtual, and remote.
.IP "\fBforward_path (see 'postconf -d' output)\fR"
The \fBlocal\fR(8) delivery agent search list for finding a .forward
file with user\-specified delivery methods.

7
postfix/man/man8/smtpd.8
View File

@ -357,7 +357,8 @@ the list of available
features depends on the SASL server implementation that is selected
with \fBsmtpd_sasl_type\fR.
.IP "\fBsmtpd_sender_login_maps (empty)\fR"
Optional lookup table with the SASL login names that own the sender
Optional lookup table with the SASL login names that own the
envelope sender
(MAIL FROM) addresses.
.PP
Available in Postfix version 2.1 and later:
@ -542,8 +543,8 @@ Algorithm used to encrypt RFC5077 TLS session tickets.
.PP
Available in Postfix version 3.2 and later:
.IP "\fBtls_eecdh_auto_curves (see 'postconf -d' output)\fR"
The prioritized list of elliptic curves supported by the Postfix
SMTP client and server.
The prioritized list of elliptic curves, that should be enabled in the
Postfix SMTP client and server.
.PP
Available in Postfix version 3.4 and later:
.IP "\fBsmtpd_tls_chain_files (empty)\fR"

4
postfix/man/man8/tlsproxy.8
View File

@ -139,8 +139,8 @@ The location of the OpenSSL command line program \fBopenssl\fR(1).
.PP
Available in Postfix version 3.2 and later:
.IP "\fBtls_eecdh_auto_curves (see 'postconf -d' output)\fR"
The prioritized list of elliptic curves supported by the Postfix
SMTP client and server.
The prioritized list of elliptic curves, that should be enabled in the
Postfix SMTP client and server.
.PP
Available in Postfix version 3.4 and later:
.IP "\fBtls_server_sni_maps (empty)\fR"

13
postfix/mantools/man2html
View File

@ -44,6 +44,19 @@ sed '
N
g
}
# Generate anchors for sections.
/^<b>\([A-Z][-_A-Z0-9 ]*\)<\/b>/{
s//\1/
s/[ ]*$//
h
y/ABCDEFGHIJKLMNOPQRSTUVWXYZ /abcdefghijklmnopqrstuvwxyz_/
s/^/<b><a name="/
s/$/">/
G
s/\n//
s;$;</a></b>;
}
' "$@"
echo '</pre> </body> </html>'

8
postfix/proto/aliases
View File

@ -159,9 +159,11 @@
# The alias databases for \fBlocal\fR(8) delivery that are updated with
# "\fBnewaliases\fR" or with "\fBsendmail -bi\fR".
# .IP "\fBalias_maps (see 'postconf -d' output)\fR"
# Optional lookup tables with aliases that apply only to \fBlocal\fR(8)
# recipients; this is unlike virtual_alias_maps that apply to all
# recipients: \fBlocal\fR(8), virtual, and remote.
# Optional lookup tables that are searched only with an email address
# localpart (no domain) and that apply only to \fBlocal\fR(8) recipients;
# this is unlike virtual_alias_maps that are often searched with a
# full email address (including domain) and that apply to all recipients:
# \fBlocal\fR(8), virtual, and remote.
# .IP "\fBallow_mail_to_commands (alias, forward)\fR"
# Restrict \fBlocal\fR(8) mail delivery to external commands.
# .IP "\fBallow_mail_to_files (alias, forward)\fR"

1
postfix/proto/stop.double-history
View File

@ -132,3 +132,4 @@ proto proto mysql_table proto pgsql_table proto ldap_table
File postcat postcat c
Files src tls tls h src tls tls_dh c src tls tls_misc c
proto TLSRPT_README html proto postconf proto smtp smtp c
proto aliases cleanup cleanup c local local c smtpd smtpd c

6
postfix/src/cleanup/cleanup.c
View File

@ -303,8 +303,10 @@
/* .PP
/* Available in Postfix version 2.0 and later:
/* .IP "\fBvirtual_alias_maps ($virtual_maps)\fR"
/* Optional lookup tables with aliases that apply to all recipients:
/* \fBlocal\fR(8), virtual, and remote; this is unlike alias_maps that apply
/* Optional lookup tables that are often searched with a full email
/* address (including domain) and that apply to all recipients: \fBlocal\fR(8),
/* virtual, and remote; this is unlike alias_maps that are only searched
/* with an email address localpart (no domain) and that apply
/* only to \fBlocal\fR(8) recipients.
/* .PP
/* Available in Postfix version 2.2 and later:

2
postfix/src/global/mail_version.h
View File

@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
#define MAIL_RELEASE_DATE "20240927"
#define MAIL_RELEASE_DATE "20240928"
#define MAIL_VERSION_NUMBER "3.10"
#ifdef SNAPSHOT

8
postfix/src/local/local.c
View File

@ -416,9 +416,11 @@
/* home_mailbox, mail_spool_directory, fallback_transport_maps,
/* fallback_transport, and luser_relay.
/* .IP "\fBalias_maps (see 'postconf -d' output)\fR"
/* Optional lookup tables with aliases that apply only to \fBlocal\fR(8)
/* recipients; this is unlike virtual_alias_maps that apply to all
/* recipients: \fBlocal\fR(8), virtual, and remote.
/* Optional lookup tables that are searched only with an email address
/* localpart (no domain) and that apply only to \fBlocal\fR(8) recipients;
/* this is unlike virtual_alias_maps that are often searched with a
/* full email address (including domain) and that apply to all recipients:
/* \fBlocal\fR(8), virtual, and remote.
/* .IP "\fBforward_path (see 'postconf -d' output)\fR"
/* The \fBlocal\fR(8) delivery agent search list for finding a .forward
/* file with user-specified delivery methods.

7
postfix/src/smtpd/smtpd.c
View File

@ -325,7 +325,8 @@
/* features depends on the SASL server implementation that is selected
/* with \fBsmtpd_sasl_type\fR.
/* .IP "\fBsmtpd_sender_login_maps (empty)\fR"
/* Optional lookup table with the SASL login names that own the sender
/* Optional lookup table with the SASL login names that own the
/* envelope sender
/* (MAIL FROM) addresses.
/* .PP
/* Available in Postfix version 2.1 and later:
@ -508,8 +509,8 @@
/* .PP
/* Available in Postfix version 3.2 and later:
/* .IP "\fBtls_eecdh_auto_curves (see 'postconf -d' output)\fR"
/* The prioritized list of elliptic curves supported by the Postfix
/* SMTP client and server.
/* The prioritized list of elliptic curves, that should be enabled in the
/* Postfix SMTP client and server.
/* .PP
/* Available in Postfix version 3.4 and later:
/* .IP "\fBsmtpd_tls_chain_files (empty)\fR"

4
postfix/src/tlsproxy/tlsproxy.c
View File

@ -123,8 +123,8 @@
/* .PP
/* Available in Postfix version 3.2 and later:
/* .IP "\fBtls_eecdh_auto_curves (see 'postconf -d' output)\fR"
/* The prioritized list of elliptic curves supported by the Postfix
/* SMTP client and server.
/* The prioritized list of elliptic curves, that should be enabled in the
/* Postfix SMTP client and server.
/* .PP
/* Available in Postfix version 3.4 and later:
/* .IP "\fBtls_server_sni_maps (empty)\fR"