snapshot-20010228

postfix/0README

@@ -2,8 +2,13 @@ Purpose of this document
 ========================
 
 This document provides a road map of the Postfix mail system source
-code distribution.  I suggest that you take a few minutes to read
-this file, and then proceed with the INSTALL instructions.
+code distribution.  I suggest that you
+
+- take a few minutes to read this file,
+
+- review the RELEASE_NOTES file for incompatible changes,
+
+- and then proceed with the INSTALL instructions.
 
 Introduction
 ============

postfix/BEWARE

@@ -1,11 +0,0 @@
-LINUX SYSLOGD PERFORMANCE
-=========================
-
-LINUX syslogd uses synchronous writes by default, which is very
-expensive. For services such as mail it is recommended that you
-disable synchronous logfile writes by editing /etc/syslog.conf and
-by prepending a - to the logfile name:
-
-    mail.*                          -/var/log/mail.log
-
-Send a "kill -HUP" to the syslogd to make the change effective.

postfix/FILTER_README

@@ -178,6 +178,11 @@ log in, and can be given a "*" password and non-existent shell and
 home directory.  This user handles all potentially dangerous mail
 content - that is why it should be a separate account.
 
+In the above example, Postfix listens on port localhost:10025.  If
+you want to have your filter listening on port localhost:10025
+instead of Postfix, then you must run your filter as a stand-alone
+program.
+
 The /some/where/filter command is most likely a PERL script. PERL
 has modules that make talking SMTP easy. The command-line specifies
 that mail should be sent back into Postfix via localhost port 10026.

postfix/HISTORY

@@ -4948,6 +4948,15 @@ Apologies for any names omitted.
 	Code cleanup: Postfix should now run with no alias database.
 
 	Code cleanup: local_destination_recipient_limit and
-	local_destination_concurrency_limit are not first-class
+	local_destination_concurrency_limit have become first-class
 	configuration parameters. Files: global/mail_params.h,
 	*qmgr/qmgr.c, postconf/postconf.c.
+
+20010226
+
+	Documentation suggestions by Lars Hecking and Richard
+	Huxton, Matthias Andree and many others.
+
+	Code cleanup: some queue/transport operations need to be
+	moved, after the code cleanup of the recipient/concurrency
+	limit handling. Patrik Rak.  Files: *qmgr/qmgr_message.c.

postfix/RELEASE_NOTES

@@ -1,3 +1,8 @@
+Release 20010228 differs from snapshot 20010228 in that the virtual
+delivery agent and nqmgr queue manager are left out. That software
+will become part of the official release when it has not changed
+in a while.
+
 Incompatible changes with snapshot-20010225
 ===========================================
 

postfix/conf/main.cf

@@ -4,6 +4,9 @@
 # The general format is lines with parameter = value pairs. Lines
 # that begin with whitespace continue the previous line. A value can
 # contain references to other $names or ${name}s.
+#
+# NOTE - CHANGE NO MORE THAN 2-3 PARAMETERS AT A TIME, AND TEST IF
+# POSTFIX STILL WORKS AFTER EVERY CHANGE.
 
 # SOFT BOUNCE
 #
@@ -129,6 +132,9 @@ mail_owner = postfix
 # through Postfix.  See the smtpd_recipient_restrictions parameter
 # in file sample-smtpd.cf.
 #
+# You can specify the list of "trusted" network addresses by hand
+# or you can let Postfix do it for you (which is the default).
+#
 # By default (mynetworks_style = subnet), Postfix "trusts" SMTP
 # clients in the same IP subnetworks as the local machine.
 # On Linux, this does works correctly only with interfaces specified
@@ -136,7 +142,9 @@ mail_owner = postfix
 # 
 # Specify "mynetworks_style = class" when Postfix should "trust" SMTP
 # clients in the same IP class A/B/C networks as the local machine.
-# This used to be the default. It is appropriate for service providers.
+# Don't do this with a dialup site - it would cause Postfix to "trust"
+# your entire provider's network.  Instead, specify an explicit
+# mynetworks list by hand, as described below.
 #  
 # Specify "mynetworks_style = host" when Postfix should "trust"
 # only the local machine.
@@ -145,10 +153,12 @@ mail_owner = postfix
 # mynetworks_style = subnet
 # mynetworks_style = host
 
-# Instead of using mynetworks_style to implicitly derive the mynetworks
-# list from local machine addresses, you can specify an explicit list
-# of network/netmask patterns, where the mask specifies the number of
-# bits in the network part of a host address.
+# Alternatively, you can specify the mynetworks list by hand, in
+# which case Postfix ignores the mynetworks_style setting.
+#
+# Specify an explicit list of network/netmask patterns, where the
+# mask specifies the number of bits in the network part of a host
+# address.
 #
 # You can also specify the absolute pathname of a pattern file instead
 # of listing the patterns here.

postfix/conf/sample-misc.cf

@@ -218,12 +218,17 @@ myorigin = $myhostname
 # through Postfix.  See the smtpd_recipient_restrictions parameter
 # in file sample-smtpd.cf.
 #
+# You can specify the list of "trusted" network addresses by hand
+# or you can let Postfix do it for you (which is the default).
+#
 # By default (mynetworks_style = subnet), Postfix "trusts" SMTP
 # clients in the same IP subnetworks as the local machine.
 # 
 # Specify "mynetworks_style = class" when Postfix should "trust" SMTP
 # clients in the same IP class A/B/C networks as the local machine.
-# This used to be the default. It is appropriate for service providers.
+# Don't do this with a dialup site - it would cause Postfix to "trust"
+# your entire provider's network.  Instead, specify an explicit
+# mynetworks list by hand, as described below.
 #  
 # Specify "mynetworks_style = host" when Postfix should "trust"
 # only the local machine.
@@ -232,10 +237,12 @@ myorigin = $myhostname
 # mynetworks_style = subnet
 # mynetworks_style = host
 
-# Instead of using mynetworks_style to implicitly derive the mynetworks
-# list from local machine addresses, you can specify an explicit list
-# of network/netmask patterns, where the mask specifies the number of
-# bits in the network part of a host address.
+# Alternatively, you can specify the mynetworks list by hand, in
+# which case Postfix ignores the mynetworks_style setting.
+#
+# Specify an explicit list of network/netmask patterns, where the
+# mask specifies the number of bits in the network part of a host
+# address.
 #
 # You can also specify the absolute pathname of a pattern file instead
 # of listing the patterns here.

postfix/conf/sample-smtpd.cf

@@ -108,12 +108,17 @@ smtpd_hard_error_limit = 100
 # through Postfix.  See the smtpd_recipient_restrictions parameter
 # in file sample-smtpd.cf.
 #
+# You can specify the list of "trusted" network addresses by hand
+# or you can let Postfix do it for you (which is the default).
+#
 # By default (mynetworks_style = subnet), Postfix "trusts" SMTP
 # clients in the same IP subnetworks as the local machine.
 # 
 # Specify "mynetworks_style = class" when Postfix should "trust" SMTP
 # clients in the same IP class A/B/C networks as the local machine.
-# This used to be the default. It is appropriate for service providers.
+# Don't do this with a dialup site - it would cause Postfix to "trust"
+# your entire provider's network.  Instead, specify an explicit
+# mynetworks list by hand, as described below.
 #  
 # Specify "mynetworks_style = host" when Postfix should "trust"
 # only the local machine.
@@ -122,10 +127,12 @@ smtpd_hard_error_limit = 100
 mynetworks_style = subnet
 # mynetworks_style = host
 
-# Instead of using mynetworks_style to implicitly derive the mynetworks
-# list from local machine addresses, you can specify an explicit list
-# of network/netmask patterns, where the mask specifies the number of
-# bits in the network part of a host address.
+# Alternatively, you can specify the mynetworks list by hand, in
+# which case Postfix ignores the mynetworks_style setting.
+#
+# Specify an explicit list of network/netmask patterns, where the
+# mask specifies the number of bits in the network part of a host
+# address.
 #
 # You can also specify the absolute pathname of a pattern file instead
 # of listing the patterns here.

postfix/html/backstage.html

@@ -57,6 +57,22 @@ or in order to resolve a destination.
 queue status. This is the program behind the <a
 href="mailq.1.html">mailq</a> command.
 
+<p>
+
+<li>The <a href="flush.8.html">flush</a> daemon improves the
+performance of the SMTP <b>ETRN</b> request, and of its command-line
+equivalent, <b>sendmail -qR</b><i>destination</i>, for selected
+destinations. For other destinations, Postfix silently falls
+back to the equivalent of <b>sendmail -q</b>.
+
+<p>
+
+<li>The <a href="spawn.8.html">spawn</a> daemon listens on a TCP
+port, UNIX-domain socket or FIFO, and runs non-Postfix commands on
+request, with the socket or FIFO connected to the standard input,
+output and error streams.  It is currently used only in an example
+of the Postfix external content filtering system.
+
 </ul>
 
 <hr>

postfix/html/basic.html

@@ -335,7 +335,10 @@ is to let Postfix do the work for you.
 <dl>
 
 <dt> <b>class</b> <dd> Trust SMTP clients in the class A/B/C networks
-that Postfix is connected to.
+that Postfix is connected to. <b>Don't do this with a dialup site
+- it would cause Postfix to "trust" your entire provider's network.
+Instead, specify an explicit mynetworks list by hand, as described
+below</b>.
 
 <p>
 
@@ -352,8 +355,10 @@ subnetworks that Postfix is connected to.
 
 <p>
 
-To specify the list of trusted networks by hand, specify 
-network blocks in CIDR (network/mask) notation, for example:
+Alternatively, you can specify the <b>mynetworks</b> list by hand,
+in which case Postfix ignores the <b>mynetworks_style</b> setting.
+To specify the list of trusted networks by hand, specify network
+blocks in CIDR (network/mask) notation, for example:
 
 <p>
 
@@ -363,6 +368,11 @@ network blocks in CIDR (network/mask) notation, for example:
 
 </dl>
 
+<p>
+
+You can also specify the absolute pathname of a pattern file instead
+of listing the patterns in the <b>main.cf</b> file.
+
 <a name="inet_interfaces"> <h2> My own network addresses </h2> </a>
 
 The <b>inet_interfaces</b> parameter specifies all network interface

postfix/html/faq.html

@@ -22,10 +22,12 @@
 
 <ul>
 
-<li><a href="#example_config">Example configurations</a>
+<li><a href="#poppers">POP or IMAP problems</a>
 
 <li><a href="#warnings">Postfix warnings and error messages</a>
 
+<li><a href="#example_config">Example configurations</a>
+
 <li><a href="#sendmail_incompatibility">Sendmail incompatibility</a>
 
 <li><a href="#moby">Running hundreds of Postfix processes</a>
@@ -58,6 +60,26 @@
 
 <p>
 
+<a name="warnings"><h3>Postfix warnings and error messages</h3>
+
+<ul>
+
+<li><a href="#biff">What does "biff_notify: Connection refused" mean?</a>
+
+<li><a href="#nisdom">What does "NIS domain name not set - NIS lookups disabled" mean?</a>
+
+<li><a href="#dns-again">Mail stays queued with: Host not found, try again</a>
+
+<li><a href="#timeouts">Mail fails consistently with timeout or lost connection</a>
+
+<li><a href="#noalias">What does "fatal: open database /etc/aliases.db" mean?</a>
+
+<li><a href="#nosuid">sendmail has set-uid root file permissions, or is run from a set-uid root process</a>
+
+</ul>
+
+<p>
+
 <a name="example_config"><h3>Example configurations</h3>
 
 <ul>
@@ -78,24 +100,6 @@
 
 <p>
 
-<a name="warnings"><h3>Postfix warnings and error messages</h3>
-
-<ul>
-
-<li><a href="#biff">What does "biff_notify: Connection refused" mean?</a>
-
-<li><a href="#nisdom">What does "NIS domain name not set - NIS lookups disabled" mean?</a>
-
-<li><a href="#dns-again">Mail stays queued with: Host not found, try again</a>
-
-<li><a href="#timeouts">Mail fails consistently with timeout or lost connection</a>
-
-<li><a href="#noalias">What does "fatal: open database /etc/aliases.db" mean?</a>
-
-</ul>
-
-<p>
-
 <a name="sendmail_incompatibility"><h3>Sendmail incompatibility</h3>
 
 <ul>
@@ -309,6 +313,44 @@ mailbox</a>
 
 <hr>
 
+<a name="poppers"><h3>POP or IMAP problems</h3>
+
+Postfix is a mail delivery system. Postfix does not implement
+services such as POP or IMAP to read mail. Several POP/IMAP
+implementations exist that can cooperate with software such as
+Postfix.
+
+<p>
+
+Examples of software that is used successfully with Postfix:
+
+<p>
+
+<ul>
+
+<li><a href="http://asg.web.cmu.edu/cyrus/">Cyrus IMAP</a> implements
+IMAP, POP3, and KPOP, later versions also support TLS. This software
+implements its own private mail database system. Not for beginners.
+
+<p>
+
+<li><a href="http://www.inter7.com/courierimap/">Courier-Imap</a>
+provides POP3, IMAP, POP3 and IMAP, and supports access over SSL.
+This software supports the maildir-style mailbox format only
+(one message per file, same format as qmail).
+
+<p>
+
+<li><a href="http://www.eudora.com/qpopper/">Qpopper</a> supports 
+POP3, TLS (SSL), and uses the traditional UNIX-style mailbox format
+(multiple messages per file, each message starts with "From sender date...").
+
+</ul>
+
+<p>
+
+<hr>
+
 <a name="stand_alone"><h3>Stand-alone machine</h3>
 
 Out of the box, Postfix should work without change on a stand-alone
@@ -866,6 +908,68 @@ following command as root:
 
 <hr>
 
+<a name="nosuid"><h1>sendmail has set-uid root file permissions, or is run from a
+set-uid root process</h3></a>
+
+Traditionally, the UNIX <b>sendmail</b> command is installed with
+set-uid root permissions. Even many MTAs other than Sendmail ship
+with a set-uid root <b>sendmail</b> command. This is not the case
+with Postfix.  The Postfix <b>sendmail</b> command is designed not
+to be set-uid.
+
+<p>
+
+Unfortunately, some Linux systems have a helpful utility called
+<b>linuxconf</b> that automatically "fixes" file permissions to
+what they are supposed to be for Sendmail's <b>sendmail</b> command.
+Even when you reset the set-uid bit on the Postfix <b>sendmail</b>
+executable file, <b>linuxconf</b> will happily turn it on again
+for you.
+
+<p>
+
+On SuSE systems the file permission fixing utulity is called
+<b>SuSEconfig</b>.  Other Linux systems may use different names.
+The usual disclaimers about mileages etc. apply.
+
+<p>
+
+<h4>Solutions</h4>
+
+<ul>
+
+<li>Rask Ingemann Lambertsen has a particularly effective
+solution :-)
+
+<blockquote>
+<pre>
+# /etc/rc.d/init.d/linuxconf stop && rpm --erase linuxconf 
+</pre>
+</blockquote>
+
+<li>According to Matthias Andree, the band-aid fix for SuSE is to
+add to /etc/permissions.local the following line:
+
+<blockquote>
+<pre>
+/usr/sbin/sendmail root.root 755
+</pre>
+</blockquote>
+
+and to make sure that in /etc/rc.config,
+PERMISSIONS_SECURITY mentions local last, EXAMPLE:
+
+<blockquote>
+<pre>
+CHECK_PERMISSIONS=set
+PERMISSION_SECURITY="secure local"
+</pre>
+</blockquote>
+
+</ul>
+
+<hr>
+
 <a name="moby-freebsd"><h3>Running hundreds of Postfix processes on FreeBSD</h3></a>
 
 With hundreds of Postfix processes, the kernel will eventually
@@ -2629,8 +2733,8 @@ Note: be sure to not advertise <b>fax.your.domain</b> in the DNS :-)
 
 <a name="deleting"><h3>Deleting a message from the Postfix queue</h3></a>
 
-To delete ONE message with queue id ABCDEF from the Postfix queue,
-it is not necessary to stop Postfix.
+To delete ONE message with queue id ABCDEF (e.g., from <b>mailq</b>
+output) from the Postfix queue, it is not necessary to stop Postfix.
 
 <p>
 
@@ -2647,8 +2751,8 @@ the same queue file name.
 
 <p>
 
-If you have to delete a large amount of mail, it is safer to stop
-Postfix first.
+If you have to delete a large amount of mail, you must stop Postfix
+first.
 
 <p>
 <pre>

postfix/html/local.8.html

@@ -360,9 +360,10 @@ LOCAL(8)                                                 LOCAL(8)
        <b>recipient</b><i>_</i><b>delimiter</b>
               Separator between username and address extension.
 
-       <b>test</b><i>_</i><b>home</b><i>_</i><b>directory</b>
+       <b>require</b><i>_</i><b>home</b><i>_</i><b>directory</b>
               Require that a recipient's home directory is acces-
               sible by the recipient before attempting  delivery.
+              Defer delivery otherwise.
 
 <b>Mailbox</b> <b>delivery</b>
        <b>fallback</b><i>_</i><b>transport</b>
@@ -388,7 +389,6 @@ LOCAL(8)                                                 LOCAL(8)
               External command to use for mailbox  delivery.  The
               command  executes  with  the  recipient  privileges
               (exception: root). The string is subject  to  $name
-              expansions.
 
 
 
@@ -401,6 +401,8 @@ LOCAL(8)                                                 LOCAL(8)
 LOCAL(8)                                                 LOCAL(8)
 
 
+              expansions.
+
        <b>mailbox</b><i>_</i><b>transport</b>
               Message  transport  to  use for mailbox delivery to
               all local recipients, whether or not they are found
@@ -420,7 +422,7 @@ LOCAL(8)                                                 LOCAL(8)
        <b>stale</b><i>_</i><b>lock</b><i>_</i><b>time</b>
               Limit the time after which a stale lock is removed.
 
-       <b>mailbox</b><i>__</i><b>delivery</b><i>_</i><b>lock</b>
+       <b>mailbox</b><i>_</i><b>delivery</b><i>_</i><b>lock</b>
               What file locking method(s) to use when  delivering
               to  a  UNIX-style  mailbox.  The default setting is
               system dependent.  For a  list  of  available  file
@@ -456,8 +458,6 @@ LOCAL(8)                                                 LOCAL(8)
 
 
 
-
-
                                                                 7
 
 

postfix/man/man8/local.8

@@ -312,9 +312,9 @@ forwarding, delivery to command or file. Specify zero or more of:
 forwarding mail is not recommended.
 .IP \fBrecipient_delimiter\fR
 Separator between username and address extension.
-.IP \fBtest_home_directory\fR
+.IP \fBrequire_home_directory\fR
 Require that a recipient's home directory is accessible by the
-recipient before attempting delivery.
+recipient before attempting delivery. Defer delivery otherwise.
 .SH Mailbox delivery
 .ad
 .fi
@@ -351,7 +351,7 @@ Time in seconds between successive attempts to acquire
 an exclusive lock.
 .IP \fBstale_lock_time\fR
 Limit the time after which a stale lock is removed.
-.IP \fBmailbox__delivery_lock\fR
+.IP \fBmailbox_delivery_lock\fR
 What file locking method(s) to use when delivering to a UNIX-style
 mailbox.
 The default setting is system dependent.  For a list of available

postfix/src/global/mail_version.h

@@ -15,7 +15,7 @@
   * Version of this program.
   */
 #define VAR_MAIL_VERSION	"mail_version"
-#define DEF_MAIL_VERSION	"Snapshot-20010225"
+#define DEF_MAIL_VERSION	"Snapshot-20010228"
 extern char *var_mail_version;
 
 /* LICENSE

postfix/src/local/local.c

@@ -284,9 +284,9 @@
 /*	forwarding mail is not recommended.
 /* .IP \fBrecipient_delimiter\fR
 /*	Separator between username and address extension.
-/* .IP \fBtest_home_directory\fR
+/* .IP \fBrequire_home_directory\fR
 /*	Require that a recipient's home directory is accessible by the
-/*	recipient before attempting delivery.
+/*	recipient before attempting delivery. Defer delivery otherwise.
 /* .SH Mailbox delivery
 /* .ad
 /* .fi
@@ -323,7 +323,7 @@
 /*	an exclusive lock.
 /* .IP \fBstale_lock_time\fR
 /*	Limit the time after which a stale lock is removed.
-/* .IP \fBmailbox__delivery_lock\fR
+/* .IP \fBmailbox_delivery_lock\fR
 /*	What file locking method(s) to use when delivering to a UNIX-style
 /*	mailbox.
 /*	The default setting is system dependent.  For a list of available

postfix/src/master/master_sig.c

@@ -214,6 +214,8 @@ void    master_sigsetup(void)
 	msg_fatal("pipe: %m");
     non_blocking(SIG_PIPE_WRITE_FD, NON_BLOCKING);
     non_blocking(SIG_PIPE_READ_FD, NON_BLOCKING);
+    close_on_exec(SIG_PIPE_WRITE_FD, CLOSE_ON_EXEC);
+    close_on_exec(SIG_PIPE_READ_FD, CLOSE_ON_EXEC);
     event_enable_read(SIG_PIPE_READ_FD, master_sig_event, (char *) 0);
 #endif
 

postfix/src/nqmgr/qmgr_message.c

@@ -685,8 +685,16 @@ static void qmgr_message_resolve(QMGR_MESSAGE *message)
 	at = strrchr(STR(reply.recipient), '@');
 	len = (at ? (at - STR(reply.recipient)) : strlen(STR(reply.recipient)));
 
-	if ((transport = qmgr_transport_find(STR(reply.transport))) == 0)
-	    transport = qmgr_transport_create(STR(reply.transport));
+	/*
+	 * Look up or instantiate the proper transport. We're working a
+	 * little ahead, doing queue management stuff that used to be done
+	 * way down.
+	 */
+	if (transport == 0 || !STREQ(transport->name, STR(reply.transport))) {
+	    if ((transport = qmgr_transport_find(STR(reply.transport))) == 0)
+		transport = qmgr_transport_create(STR(reply.transport));
+	    queue = 0;
+	}
 	if (transport->recipient_limit == 1) {
 	    VSTRING_SPACE(reply.nexthop, len + 1);
 	    memmove(STR(reply.nexthop) + len + 1, STR(reply.nexthop),
@@ -740,6 +748,7 @@ static void qmgr_message_resolve(QMGR_MESSAGE *message)
 	 * bind each recipient to an in-core queue instance which is needed
 	 * anyway. That gives all information needed for recipient grouping.
 	 */
+#if 0
 
 	/*
 	 * Look up or instantiate the proper transport.
@@ -749,6 +758,7 @@ static void qmgr_message_resolve(QMGR_MESSAGE *message)
 		transport = qmgr_transport_create(STR(reply.transport));
 	    queue = 0;
 	}
+#endif
 
 	/*
 	 * This transport is dead. Defer delivery to this recipient.

postfix/src/qmgr/qmgr_message.c

@@ -565,8 +565,16 @@ static void qmgr_message_resolve(QMGR_MESSAGE *message)
 	at = strrchr(STR(reply.recipient), '@');
 	len = (at ? (at - STR(reply.recipient)) : strlen(STR(reply.recipient)));
 
-	if ((transport = qmgr_transport_find(STR(reply.transport))) == 0)
-	    transport = qmgr_transport_create(STR(reply.transport));
+	/*
+	 * Look up or instantiate the proper transport. We're working a
+	 * little ahead, doing queue management stuff that used to be done
+	 * way down.
+	 */
+	if (transport == 0 || !STREQ(transport->name, STR(reply.transport))) {
+	    if ((transport = qmgr_transport_find(STR(reply.transport))) == 0)
+		transport = qmgr_transport_create(STR(reply.transport));
+	    queue = 0;
+	}
 	if (transport->recipient_limit == 1) {
 	    VSTRING_SPACE(reply.nexthop, len + 1);
 	    memmove(STR(reply.nexthop) + len + 1, STR(reply.nexthop),
@@ -620,6 +628,7 @@ static void qmgr_message_resolve(QMGR_MESSAGE *message)
 	 * bind each recipient to an in-core queue instance which is needed
 	 * anyway. That gives all information needed for recipient grouping.
 	 */
+#if 0
 
 	/*
 	 * Look up or instantiate the proper transport.
@@ -629,6 +638,7 @@ static void qmgr_message_resolve(QMGR_MESSAGE *message)
 		transport = qmgr_transport_create(STR(reply.transport));
 	    queue = 0;
 	}
+#endif
 
 	/*
 	 * This transport is dead. Defer delivery to this recipient.