mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-30 05:38:06 +00:00
Code Issues Releases Wiki Activity

postfix-2.5.3

Browse Source
This commit is contained in:
Wietse Venema 2008-07-26 00:00:00 -05:00 committed by Viktor Dukhovni
parent caa4ec5a68
commit fa3a2cce64
17 changed files with 188 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
postfix/HISTORY
View File

@ -14397,3 +14397,17 @@ Apologies for any names omitted.
Cleanup: using "Before-queue content filter", RFC3848 Cleanup: using "Before-queue content filter", RFC3848
information was not added to the headers. Carlos Velasco. information was not added to the headers. Carlos Velasco.
File smtpd/smtpd.c. File smtpd/smtpd.c.
20080717
Cleanup: a poorly-implemented integer overflow check for
TCP MSS calculation had the unexpected effect that people
broke Postfix on LP64 systems while attempting to silence
a compiler warning. File: util/vstream_tweak.c.
20080725
Paranoia: defer delivery when a mailbox file is not owned
by the recipient. Requested by Sebastian Krahmer, SuSE.
Specify "strict_mailbox_ownership=no" to ignore ownership
discrepancies. Files: local/mailbox.c, virtual/mailbox.c.

12
postfix/RELEASE_NOTES
View File

@ -11,8 +11,16 @@ instead, a new snapshot is released.
The mail_release_date configuration parameter (format: yyyymmdd) The mail_release_date configuration parameter (format: yyyymmdd)
specifies the release date of a stable release or snapshot release. specifies the release date of a stable release or snapshot release.
Incompatibility with Postfix 2.3 and earlier Incompatibility with Postfix 2.5.3
-------------------------------------------- ==================================
When a mailbox file is not owned by its recipient, the local and
virtual delivery agents now log a warning and defer delivery.
Specify "strict_mailbox_ownership = no" to ignore such ownership
discrepancies.
Postfix 2.5.0 Release Notes
===========================
If you upgrade from Postfix 2.3 or earlier, read RELEASE_NOTES-2.4 If you upgrade from Postfix 2.3 or earlier, read RELEASE_NOTES-2.4
before proceeding. before proceeding.

94
postfix/html/local.8.html
View File

@ -398,60 +398,66 @@ LOCAL(8) LOCAL(8)
attempt; do not update the Delivered-To: address attempt; do not update the Delivered-To: address
while expanding aliases or .forward files. while expanding aliases or .forward files.
Available in Postfix version 2.5.3 and later:
<b><a href="postconf.5.html#strict_mailbox_ownership">strict_mailbox_ownership</a> (yes)</b>
Defer delivery when a mailbox file is not owned by
its recipient.
<b>DELIVERY METHOD CONTROLS</b> <b>DELIVERY METHOD CONTROLS</b>
The precedence of <a href="local.8.html"><b>local</b>(8)</a> delivery methods from high to The precedence of <a href="local.8.html"><b>local</b>(8)</a> delivery methods from high to
low is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>, low is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>,
<a href="postconf.5.html#mailbox_transport">mailbox_transport</a>, <a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>, <a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>,
<a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>, fallback_trans- <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>, fallback_trans-
port_maps, <a href="postconf.5.html#fallback_transport">fallback_transport</a>, and <a href="postconf.5.html#luser_relay">luser_relay</a>. port_maps, <a href="postconf.5.html#fallback_transport">fallback_transport</a>, and <a href="postconf.5.html#luser_relay">luser_relay</a>.
<b><a href="postconf.5.html#alias_maps">alias_maps</a> (see 'postconf -d' output)</b> <b><a href="postconf.5.html#alias_maps">alias_maps</a> (see 'postconf -d' output)</b>
The alias databases that are used for <a href="local.8.html"><b>local</b>(8)</a> The alias databases that are used for <a href="local.8.html"><b>local</b>(8)</a>
delivery. delivery.
<b><a href="postconf.5.html#forward_path">forward_path</a> (see 'postconf -d' output)</b> <b><a href="postconf.5.html#forward_path">forward_path</a> (see 'postconf -d' output)</b>
The <a href="local.8.html"><b>local</b>(8)</a> delivery agent search list for finding The <a href="local.8.html"><b>local</b>(8)</a> delivery agent search list for finding
a .forward file with user-specified delivery meth- a .forward file with user-specified delivery meth-
ods. ods.
<b><a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a> (empty)</b> <b><a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a> (empty)</b>
Optional lookup tables with per-recipient message Optional lookup tables with per-recipient message
delivery transports to use for <a href="local.8.html"><b>local</b>(8)</a> mailbox delivery transports to use for <a href="local.8.html"><b>local</b>(8)</a> mailbox
delivery, whether or not the recipients are found delivery, whether or not the recipients are found
in the UNIX passwd database. in the UNIX passwd database.
<b><a href="postconf.5.html#mailbox_transport">mailbox_transport</a> (empty)</b> <b><a href="postconf.5.html#mailbox_transport">mailbox_transport</a> (empty)</b>
Optional message delivery transport that the Optional message delivery transport that the
<a href="local.8.html"><b>local</b>(8)</a> delivery agent should use for mailbox <a href="local.8.html"><b>local</b>(8)</a> delivery agent should use for mailbox
delivery to all local recipients, whether or not delivery to all local recipients, whether or not
they are found in the UNIX passwd database. they are found in the UNIX passwd database.
<b><a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a> (empty)</b> <b><a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a> (empty)</b>
Optional lookup tables with per-recipient external Optional lookup tables with per-recipient external
commands to use for <a href="local.8.html"><b>local</b>(8)</a> mailbox delivery. commands to use for <a href="local.8.html"><b>local</b>(8)</a> mailbox delivery.
<b><a href="postconf.5.html#mailbox_command">mailbox_command</a> (empty)</b> <b><a href="postconf.5.html#mailbox_command">mailbox_command</a> (empty)</b>
Optional external command that the <a href="local.8.html"><b>local</b>(8)</a> deliv- Optional external command that the <a href="local.8.html"><b>local</b>(8)</a> deliv-
ery agent should use for mailbox delivery. ery agent should use for mailbox delivery.
<b><a href="postconf.5.html#home_mailbox">home_mailbox</a> (empty)</b> <b><a href="postconf.5.html#home_mailbox">home_mailbox</a> (empty)</b>
Optional pathname of a mailbox file relative to a Optional pathname of a mailbox file relative to a
<a href="local.8.html"><b>local</b>(8)</a> user's home directory. <a href="local.8.html"><b>local</b>(8)</a> user's home directory.
<b><a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a> (see 'postconf -d' output)</b> <b><a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a> (see 'postconf -d' output)</b>
The directory where <a href="local.8.html"><b>local</b>(8)</a> UNIX-style mailboxes The directory where <a href="local.8.html"><b>local</b>(8)</a> UNIX-style mailboxes
are kept. are kept.
<b><a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a> (empty)</b> <b><a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a> (empty)</b>
Optional lookup tables with per-recipient message Optional lookup tables with per-recipient message
delivery transports for recipients that the delivery transports for recipients that the
<a href="local.8.html"><b>local</b>(8)</a> delivery agent could not find in the <a href="local.8.html"><b>local</b>(8)</a> delivery agent could not find in the
<a href="aliases.5.html"><b>aliases</b>(5)</a> or UNIX password database. <a href="aliases.5.html"><b>aliases</b>(5)</a> or UNIX password database.
<b><a href="postconf.5.html#fallback_transport">fallback_transport</a> (empty)</b> <b><a href="postconf.5.html#fallback_transport">fallback_transport</a> (empty)</b>
Optional message delivery transport that the Optional message delivery transport that the
<a href="local.8.html"><b>local</b>(8)</a> delivery agent should use for names that <a href="local.8.html"><b>local</b>(8)</a> delivery agent should use for names that
are not found in the <a href="aliases.5.html"><b>aliases</b>(5)</a> or UNIX password are not found in the <a href="aliases.5.html"><b>aliases</b>(5)</a> or UNIX password
database. database.
<b><a href="postconf.5.html#luser_relay">luser_relay</a> (empty)</b> <b><a href="postconf.5.html#luser_relay">luser_relay</a> (empty)</b>
@ -461,7 +467,7 @@ LOCAL(8) LOCAL(8)
Available in Postfix version 2.2 and later: Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#command_execution_directory">command_execution_directory</a> (empty)</b> <b><a href="postconf.5.html#command_execution_directory">command_execution_directory</a> (empty)</b>
The <a href="local.8.html"><b>local</b>(8)</a> delivery agent working directory for The <a href="local.8.html"><b>local</b>(8)</a> delivery agent working directory for
delivery to external command. delivery to external command.
<b>MAILBOX LOCKING CONTROLS</b> <b>MAILBOX LOCKING CONTROLS</b>
@ -470,15 +476,15 @@ LOCAL(8) LOCAL(8)
sive lock on a mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile. sive lock on a mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
<b><a href="postconf.5.html#deliver_lock_delay">deliver_lock_delay</a> (1s)</b> <b><a href="postconf.5.html#deliver_lock_delay">deliver_lock_delay</a> (1s)</b>
The time between attempts to acquire an exclusive The time between attempts to acquire an exclusive
lock on a mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile. lock on a mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
<b><a href="postconf.5.html#stale_lock_time">stale_lock_time</a> (500s)</b> <b><a href="postconf.5.html#stale_lock_time">stale_lock_time</a> (500s)</b>
The time after which a stale exclusive mailbox The time after which a stale exclusive mailbox
lockfile is removed. lockfile is removed.
<b><a href="postconf.5.html#mailbox_delivery_lock">mailbox_delivery_lock</a> (see 'postconf -d' output)</b> <b><a href="postconf.5.html#mailbox_delivery_lock">mailbox_delivery_lock</a> (see 'postconf -d' output)</b>
How to lock a UNIX-style <a href="local.8.html"><b>local</b>(8)</a> mailbox before How to lock a UNIX-style <a href="local.8.html"><b>local</b>(8)</a> mailbox before
attempting delivery. attempting delivery.
<b>RESOURCE AND RATE CONTROLS</b> <b>RESOURCE AND RATE CONTROLS</b>
@ -486,17 +492,17 @@ LOCAL(8) LOCAL(8)
Time limit for delivery to external commands. Time limit for delivery to external commands.
<b><a href="postconf.5.html#duplicate_filter_limit">duplicate_filter_limit</a> (1000)</b> <b><a href="postconf.5.html#duplicate_filter_limit">duplicate_filter_limit</a> (1000)</b>
The maximal number of addresses remembered by the The maximal number of addresses remembered by the
address duplicate filter for <a href="aliases.5.html"><b>aliases</b>(5)</a> or <a href="virtual.5.html"><b>vir-</b></a> address duplicate filter for <a href="aliases.5.html"><b>aliases</b>(5)</a> or <a href="virtual.5.html"><b>vir-</b></a>
<a href="virtual.5.html"><b>tual</b>(5)</a> alias expansion, or for <a href="showq.8.html"><b>showq</b>(8)</a> queue dis- <a href="virtual.5.html"><b>tual</b>(5)</a> alias expansion, or for <a href="showq.8.html"><b>showq</b>(8)</a> queue dis-
plays. plays.
<b><a href="postconf.5.html#local_destination_concurrency_limit">local_destination_concurrency_limit</a> (2)</b> <b><a href="postconf.5.html#local_destination_concurrency_limit">local_destination_concurrency_limit</a> (2)</b>
The maximal number of parallel deliveries via the The maximal number of parallel deliveries via the
local mail delivery transport to the same recipient local mail delivery transport to the same recipient
(when "<a href="postconf.5.html#local_destination_recipient_limit">local_destination_recipient_limit</a> = 1") or (when "<a href="postconf.5.html#local_destination_recipient_limit">local_destination_recipient_limit</a> = 1") or
the maximal number of parallel deliveries to the the maximal number of parallel deliveries to the
same <a href="ADDRESS_CLASS_README.html#local_domain_class">local domain</a> (when "local_destination_recipi- same <a href="ADDRESS_CLASS_README.html#local_domain_class">local domain</a> (when "local_destination_recipi-
ent_limit &gt; 1"). ent_limit &gt; 1").
<b><a href="postconf.5.html#local_destination_recipient_limit">local_destination_recipient_limit</a> (1)</b> <b><a href="postconf.5.html#local_destination_recipient_limit">local_destination_recipient_limit</a> (1)</b>
@ -509,33 +515,39 @@ LOCAL(8) LOCAL(8)
<b>SECURITY CONTROLS</b> <b>SECURITY CONTROLS</b>
<b><a href="postconf.5.html#allow_mail_to_commands">allow_mail_to_commands</a> (alias, forward)</b> <b><a href="postconf.5.html#allow_mail_to_commands">allow_mail_to_commands</a> (alias, forward)</b>
Restrict <a href="local.8.html"><b>local</b>(8)</a> mail delivery to external com- Restrict <a href="local.8.html"><b>local</b>(8)</a> mail delivery to external com-
mands. mands.
<b><a href="postconf.5.html#allow_mail_to_files">allow_mail_to_files</a> (alias, forward)</b> <b><a href="postconf.5.html#allow_mail_to_files">allow_mail_to_files</a> (alias, forward)</b>
Restrict <a href="local.8.html"><b>local</b>(8)</a> mail delivery to external files. Restrict <a href="local.8.html"><b>local</b>(8)</a> mail delivery to external files.
<b><a href="postconf.5.html#command_expansion_filter">command_expansion_filter</a> (see 'postconf -d' output)</b> <b><a href="postconf.5.html#command_expansion_filter">command_expansion_filter</a> (see 'postconf -d' output)</b>
Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery
agent allows in $name expansions of $<a href="postconf.5.html#mailbox_command">mailbox_com</a>- agent allows in $name expansions of $<a href="postconf.5.html#mailbox_command">mailbox_com</a>-
<a href="postconf.5.html#mailbox_command">mand</a>. <a href="postconf.5.html#mailbox_command">mand</a> and $<a href="postconf.5.html#command_execution_directory">command_execution_directory</a>.
<b><a href="postconf.5.html#default_privs">default_privs</a> (nobody)</b> <b><a href="postconf.5.html#default_privs">default_privs</a> (nobody)</b>
The default rights used by the <a href="local.8.html"><b>local</b>(8)</a> delivery The default rights used by the <a href="local.8.html"><b>local</b>(8)</a> delivery
agent for delivery to external file or command. agent for delivery to external file or command.
<b><a href="postconf.5.html#forward_expansion_filter">forward_expansion_filter</a> (see 'postconf -d' output)</b> <b><a href="postconf.5.html#forward_expansion_filter">forward_expansion_filter</a> (see 'postconf -d' output)</b>
Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery
agent allows in $name expansions of $<a href="postconf.5.html#forward_path">forward_path</a>. agent allows in $name expansions of $<a href="postconf.5.html#forward_path">forward_path</a>.
Available in Postfix version 2.2 and later: Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#execution_directory_expansion_filter">execution_directory_expansion_filter</a> (see 'postconf -d'</b> <b><a href="postconf.5.html#execution_directory_expansion_filter">execution_directory_expansion_filter</a> (see 'postconf -d'</b>
<b>output)</b> <b>output)</b>
Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery
agent allows in $name expansions of $<a href="postconf.5.html#command_execution_directory">command_execu</a>- agent allows in $name expansions of $<a href="postconf.5.html#command_execution_directory">command_execu</a>-
<a href="postconf.5.html#command_execution_directory">tion_directory</a>. <a href="postconf.5.html#command_execution_directory">tion_directory</a>.
Available in Postfix version 2.5.3 and later:
<b><a href="postconf.5.html#strict_mailbox_ownership">strict_mailbox_ownership</a> (yes)</b>
Defer delivery when a mailbox file is not owned by
its recipient.
<b>MISCELLANEOUS CONTROLS</b> <b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b> <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and The default location of the Postfix <a href="postconf.5.html">main.cf</a> and

11
postfix/html/postconf.5.html
View File

@ -12495,6 +12495,17 @@ This feature is available in Postfix 2.0 and later.
</p> </p>
</DD>
<DT><b><a name="strict_mailbox_ownership">strict_mailbox_ownership</a>
(default: yes)</b></DT><DD>
<p> Defer delivery when a mailbox file is not owned by its recipient.
The default setting is not backwards compatible. </p>
<p> This feature is available in Postfix 2.5.3 and later. </p>
</DD> </DD>
<DT><b><a name="strict_mime_encoding_domain">strict_mime_encoding_domain</a> <DT><b><a name="strict_mime_encoding_domain">strict_mime_encoding_domain</a>

58
postfix/html/virtual.8.html
View File

@ -200,9 +200,15 @@ VIRTUAL(8) VIRTUAL(8)
destination for final delivery to domains listed destination for final delivery to domains listed
with $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>. with $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>.
Available in Postfix version 2.5.3 and later:
<b><a href="postconf.5.html#strict_mailbox_ownership">strict_mailbox_ownership</a> (yes)</b>
Defer delivery when a mailbox file is not owned by
its recipient.
<b>LOCKING CONTROLS</b> <b>LOCKING CONTROLS</b>
<b><a href="postconf.5.html#virtual_mailbox_lock">virtual_mailbox_lock</a> (see 'postconf -d' output)</b> <b><a href="postconf.5.html#virtual_mailbox_lock">virtual_mailbox_lock</a> (see 'postconf -d' output)</b>
How to lock a UNIX-style <a href="virtual.8.html"><b>virtual</b>(8)</a> mailbox before How to lock a UNIX-style <a href="virtual.8.html"><b>virtual</b>(8)</a> mailbox before
attempting delivery. attempting delivery.
<b><a href="postconf.5.html#deliver_lock_attempts">deliver_lock_attempts</a> (20)</b> <b><a href="postconf.5.html#deliver_lock_attempts">deliver_lock_attempts</a> (20)</b>
@ -210,41 +216,41 @@ VIRTUAL(8) VIRTUAL(8)
sive lock on a mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile. sive lock on a mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
<b><a href="postconf.5.html#deliver_lock_delay">deliver_lock_delay</a> (1s)</b> <b><a href="postconf.5.html#deliver_lock_delay">deliver_lock_delay</a> (1s)</b>
The time between attempts to acquire an exclusive The time between attempts to acquire an exclusive
lock on a mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile. lock on a mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
<b><a href="postconf.5.html#stale_lock_time">stale_lock_time</a> (500s)</b> <b><a href="postconf.5.html#stale_lock_time">stale_lock_time</a> (500s)</b>
The time after which a stale exclusive mailbox The time after which a stale exclusive mailbox
lockfile is removed. lockfile is removed.
<b>RESOURCE AND RATE CONTROLS</b> <b>RESOURCE AND RATE CONTROLS</b>
<b><a href="postconf.5.html#virtual_destination_concurrency_limit">virtual_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destina</a>-</b> <b><a href="postconf.5.html#virtual_destination_concurrency_limit">virtual_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destina</a>-</b>
<b><a href="postconf.5.html#default_destination_concurrency_limit">tion_concurrency_limit</a>)</b> <b><a href="postconf.5.html#default_destination_concurrency_limit">tion_concurrency_limit</a>)</b>
The maximal number of parallel deliveries to the The maximal number of parallel deliveries to the
same destination via the virtual message delivery same destination via the virtual message delivery
transport. transport.
<b><a href="postconf.5.html#virtual_destination_recipient_limit">virtual_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destina</a>-</b> <b><a href="postconf.5.html#virtual_destination_recipient_limit">virtual_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destina</a>-</b>
<b><a href="postconf.5.html#default_destination_recipient_limit">tion_recipient_limit</a>)</b> <b><a href="postconf.5.html#default_destination_recipient_limit">tion_recipient_limit</a>)</b>
The maximal number of recipients per delivery via The maximal number of recipients per delivery via
the virtual message delivery transport. the virtual message delivery transport.
<b><a href="postconf.5.html#virtual_mailbox_limit">virtual_mailbox_limit</a> (51200000)</b> <b><a href="postconf.5.html#virtual_mailbox_limit">virtual_mailbox_limit</a> (51200000)</b>
The maximal size in bytes of an individual mailbox The maximal size in bytes of an individual mailbox
or maildir file, or zero (no limit). or maildir file, or zero (no limit).
<b>MISCELLANEOUS CONTROLS</b> <b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b> <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
<a href="master.5.html">master.cf</a> configuration files. <a href="master.5.html">master.cf</a> configuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b> <b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
How much time a Postfix daemon process may take to How much time a Postfix daemon process may take to
handle a request before it is terminated by a handle a request before it is terminated by a
built-in watchdog timer. built-in watchdog timer.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b> <b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
The maximal number of digits after the decimal The maximal number of digits after the decimal
point when logging sub-second delay values. point when logging sub-second delay values.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b> <b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
@ -252,33 +258,33 @@ VIRTUAL(8) VIRTUAL(8)
over an internal communication channel. over an internal communication channel.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b> <b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
The maximum amount of time that an idle Postfix The maximum amount of time that an idle Postfix
daemon process waits for an incoming connection daemon process waits for an incoming connection
before terminating voluntarily. before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b> <b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
The maximal number of incoming connections that a The maximal number of incoming connections that a
Postfix daemon process will service before termi- Postfix daemon process will service before termi-
nating voluntarily. nating voluntarily.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b> <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
The process ID of a Postfix command or daemon The process ID of a Postfix command or daemon
process. process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b> <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
The process name of a Postfix command or daemon The process name of a Postfix command or daemon
process. process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b> <b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
The location of the Postfix top-level queue direc- The location of the Postfix top-level queue direc-
tory. tory.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b> <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging. The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b> <b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
The mail system name that is prepended to the The mail system name that is prepended to the
process name in syslog records, so that "smtpd" process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd". becomes, for example, "postfix/smtpd".
<b>SEE ALSO</b> <b>SEE ALSO</b>
@ -291,20 +297,20 @@ VIRTUAL(8) VIRTUAL(8)
<a href="VIRTUAL_README.html">VIRTUAL_README</a>, domain hosting howto <a href="VIRTUAL_README.html">VIRTUAL_README</a>, domain hosting howto
<b>LICENSE</b> <b>LICENSE</b>
The Secure Mailer license must be distributed with this The Secure Mailer license must be distributed with this
software. software.
<b>HISTORY</b> <b>HISTORY</b>
This delivery agent was originally based on the Postfix This delivery agent was originally based on the Postfix
local delivery agent. Modifications mainly consisted of local delivery agent. Modifications mainly consisted of
removing code that either was not applicable or that was removing code that either was not applicable or that was
not safe in this context: aliases, ~user/.forward files, not safe in this context: aliases, ~user/.forward files,
delivery to "|command" or to /file/name. delivery to "|command" or to /file/name.
The <b>Delivered-To:</b> message header appears in the <b>qmail</b> sys- The <b>Delivered-To:</b> message header appears in the <b>qmail</b> sys-
tem by Daniel Bernstein. tem by Daniel Bernstein.
The <b>maildir</b> structure appears in the <b>qmail</b> system by The <b>maildir</b> structure appears in the <b>qmail</b> system by
Daniel Bernstein. Daniel Bernstein.
<b>AUTHOR(S)</b> <b>AUTHOR(S)</b>

5
postfix/man/man5/postconf.5
View File

@ -7771,6 +7771,11 @@ This feature should not be enabled on a general purpose mail server,
because it is likely to reject legitimate email. because it is likely to reject legitimate email.
.PP .PP
This feature is available in Postfix 2.0 and later. This feature is available in Postfix 2.0 and later.
.SH strict_mailbox_ownership (default: yes)
Defer delivery when a mailbox file is not owned by its recipient.
The default setting is not backwards compatible.
.PP
This feature is available in Postfix 2.5.3 and later.
.SH strict_mime_encoding_domain (default: no) .SH strict_mime_encoding_domain (default: no)
Reject mail with invalid Content-Transfer-Encoding: information Reject mail with invalid Content-Transfer-Encoding: information
for the message/* or multipart/* MIME content types. This blocks for the message/* or multipart/* MIME content types. This blocks

10
postfix/man/man8/local.8
View File

@ -415,6 +415,10 @@ Update the \fBlocal\fR(8) delivery agent's idea of the Delivered-To:
address (see prepend_delivered_header) only once, at the start of address (see prepend_delivered_header) only once, at the start of
a delivery attempt; do not update the Delivered-To: address while a delivery attempt; do not update the Delivered-To: address while
expanding aliases or .forward files. expanding aliases or .forward files.
.PP
Available in Postfix version 2.5.3 and later:
.IP "\fBstrict_mailbox_ownership (yes)\fR"
Defer delivery when a mailbox file is not owned by its recipient.
.SH "DELIVERY METHOD CONTROLS" .SH "DELIVERY METHOD CONTROLS"
.na .na
.nf .nf
@ -513,7 +517,7 @@ Restrict \fBlocal\fR(8) mail delivery to external commands.
Restrict \fBlocal\fR(8) mail delivery to external files. Restrict \fBlocal\fR(8) mail delivery to external files.
.IP "\fBcommand_expansion_filter (see 'postconf -d' output)\fR" .IP "\fBcommand_expansion_filter (see 'postconf -d' output)\fR"
Restrict the characters that the \fBlocal\fR(8) delivery agent allows in Restrict the characters that the \fBlocal\fR(8) delivery agent allows in
$name expansions of $mailbox_command. $name expansions of $mailbox_command and $command_execution_directory.
.IP "\fBdefault_privs (nobody)\fR" .IP "\fBdefault_privs (nobody)\fR"
The default rights used by the \fBlocal\fR(8) delivery agent for delivery The default rights used by the \fBlocal\fR(8) delivery agent for delivery
to external file or command. to external file or command.
@ -525,6 +529,10 @@ Available in Postfix version 2.2 and later:
.IP "\fBexecution_directory_expansion_filter (see 'postconf -d' output)\fR" .IP "\fBexecution_directory_expansion_filter (see 'postconf -d' output)\fR"
Restrict the characters that the \fBlocal\fR(8) delivery agent allows Restrict the characters that the \fBlocal\fR(8) delivery agent allows
in $name expansions of $command_execution_directory. in $name expansions of $command_execution_directory.
.PP
Available in Postfix version 2.5.3 and later:
.IP "\fBstrict_mailbox_ownership (yes)\fR"
Defer delivery when a mailbox file is not owned by its recipient.
.SH "MISCELLANEOUS CONTROLS" .SH "MISCELLANEOUS CONTROLS"
.na .na
.nf .nf

4
postfix/man/man8/virtual.8
View File

@ -213,6 +213,10 @@ mail is delivered via the $virtual_transport mail delivery transport.
.IP "\fBvirtual_transport (virtual)\fR" .IP "\fBvirtual_transport (virtual)\fR"
The default mail delivery transport and next-hop destination for The default mail delivery transport and next-hop destination for
final delivery to domains listed with $virtual_mailbox_domains. final delivery to domains listed with $virtual_mailbox_domains.
.PP
Available in Postfix version 2.5.3 and later:
.IP "\fBstrict_mailbox_ownership (yes)\fR"
Defer delivery when a mailbox file is not owned by its recipient.
.SH "LOCKING CONTROLS" .SH "LOCKING CONTROLS"
.na .na
.nf .nf

1
postfix/mantools/postlink
View File

@ -517,6 +517,7 @@ while (<>) {
s;\bstrict_8bitmime\b;<a href="postconf.5.html#strict_8bitmime">$&</a>;g; s;\bstrict_8bitmime\b;<a href="postconf.5.html#strict_8bitmime">$&</a>;g;
s;\bstrict_8bitmime_body\b;<a href="postconf.5.html#strict_8bitmime_body">$&</a>;g; s;\bstrict_8bitmime_body\b;<a href="postconf.5.html#strict_8bitmime_body">$&</a>;g;
s;\bstrict_mime_encoding_domain\b;<a href="postconf.5.html#strict_mime_encoding_domain">$&</a>;g; s;\bstrict_mime_encoding_domain\b;<a href="postconf.5.html#strict_mime_encoding_domain">$&</a>;g;
s;\bstrict_mailbox_ownership\b;<a href="postconf.5.html#strict_mailbox_ownership">$&</a>;g;
s;\bstrict_rfc821_envelopes\b;<a href="postconf.5.html#strict_rfc821_envelopes">$&</a>;g; s;\bstrict_rfc821_envelopes\b;<a href="postconf.5.html#strict_rfc821_envelopes">$&</a>;g;
s;\bsun_mailtool_compatibility\b;<a href="postconf.5.html#sun_mailtool_compatibility">$&</a>;g; s;\bsun_mailtool_compatibility\b;<a href="postconf.5.html#sun_mailtool_compatibility">$&</a>;g;
s;\bswap_bangpath\b;<a href="postconf.5.html#swap_bangpath">$&</a>;g; s;\bswap_bangpath\b;<a href="postconf.5.html#swap_bangpath">$&</a>;g;

6
postfix/proto/postconf.proto
View File

@ -11517,3 +11517,9 @@ configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.5 and later. </p> <p> This feature is available in Postfix 2.5 and later. </p>
%PARAM strict_mailbox_ownership yes
<p> Defer delivery when a mailbox file is not owned by its recipient.
The default setting is not backwards compatible. </p>
<p> This feature is available in Postfix 2.5.3 and later. </p>

7
postfix/src/global/mail_params.h
View File

@ -2932,6 +2932,13 @@ extern int var_dest_rate_delay;
#define DEF_STRESS "" #define DEF_STRESS ""
extern char *var_stress; extern char *var_stress;
/*
* Mailbox ownership.
*/
#define VAR_STRICT_MBOX_OWNER "strict_mailbox_ownership"
#define DEF_STRICT_MBOX_OWNER 1
extern bool var_strict_mbox_owner;
/* LICENSE /* LICENSE
/* .ad /* .ad
/* .fi /* .fi

4
postfix/src/global/mail_version.h
View File

@ -20,8 +20,8 @@
* Patches change both the patchlevel and the release date. Snapshots have no * Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only. * patchlevel; they change the release date only.
*/ */
#define MAIL_RELEASE_DATE "20080711" #define MAIL_RELEASE_DATE "20080726"
#define MAIL_VERSION_NUMBER "2.5.3-RC1" #define MAIL_VERSION_NUMBER "2.5.3"
#ifdef SNAPSHOT #ifdef SNAPSHOT
# define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE # define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE

12
postfix/src/local/local.c
View File

@ -381,6 +381,10 @@
/* address (see prepend_delivered_header) only once, at the start of /* address (see prepend_delivered_header) only once, at the start of
/* a delivery attempt; do not update the Delivered-To: address while /* a delivery attempt; do not update the Delivered-To: address while
/* expanding aliases or .forward files. /* expanding aliases or .forward files.
/* .PP
/* Available in Postfix version 2.5.3 and later:
/* .IP "\fBstrict_mailbox_ownership (yes)\fR"
/* Defer delivery when a mailbox file is not owned by its recipient.
/* DELIVERY METHOD CONTROLS /* DELIVERY METHOD CONTROLS
/* .ad /* .ad
/* .fi /* .fi
@ -471,7 +475,7 @@
/* Restrict \fBlocal\fR(8) mail delivery to external files. /* Restrict \fBlocal\fR(8) mail delivery to external files.
/* .IP "\fBcommand_expansion_filter (see 'postconf -d' output)\fR" /* .IP "\fBcommand_expansion_filter (see 'postconf -d' output)\fR"
/* Restrict the characters that the \fBlocal\fR(8) delivery agent allows in /* Restrict the characters that the \fBlocal\fR(8) delivery agent allows in
/* $name expansions of $mailbox_command. /* $name expansions of $mailbox_command and $command_execution_directory.
/* .IP "\fBdefault_privs (nobody)\fR" /* .IP "\fBdefault_privs (nobody)\fR"
/* The default rights used by the \fBlocal\fR(8) delivery agent for delivery /* The default rights used by the \fBlocal\fR(8) delivery agent for delivery
/* to external file or command. /* to external file or command.
@ -483,6 +487,10 @@
/* .IP "\fBexecution_directory_expansion_filter (see 'postconf -d' output)\fR" /* .IP "\fBexecution_directory_expansion_filter (see 'postconf -d' output)\fR"
/* Restrict the characters that the \fBlocal\fR(8) delivery agent allows /* Restrict the characters that the \fBlocal\fR(8) delivery agent allows
/* in $name expansions of $command_execution_directory. /* in $name expansions of $command_execution_directory.
/* .PP
/* Available in Postfix version 2.5.3 and later:
/* .IP "\fBstrict_mailbox_ownership (yes)\fR"
/* Defer delivery when a mailbox file is not owned by its recipient.
/* MISCELLANEOUS CONTROLS /* MISCELLANEOUS CONTROLS
/* .ad /* .ad
/* .fi /* .fi
@ -644,6 +652,7 @@ int var_mailtool_compat;
char *var_mailbox_lock; char *var_mailbox_lock;
int var_mailbox_limit; int var_mailbox_limit;
bool var_frozen_delivered; bool var_frozen_delivered;
bool var_strict_mbox_owner;
int local_cmd_deliver_mask; int local_cmd_deliver_mask;
int local_file_deliver_mask; int local_file_deliver_mask;
@ -891,6 +900,7 @@ int main(int argc, char **argv)
VAR_STAT_HOME_DIR, DEF_STAT_HOME_DIR, &var_stat_home_dir, VAR_STAT_HOME_DIR, DEF_STAT_HOME_DIR, &var_stat_home_dir,
VAR_MAILTOOL_COMPAT, DEF_MAILTOOL_COMPAT, &var_mailtool_compat, VAR_MAILTOOL_COMPAT, DEF_MAILTOOL_COMPAT, &var_mailtool_compat,
VAR_FROZEN_DELIVERED, DEF_FROZEN_DELIVERED, &var_frozen_delivered, VAR_FROZEN_DELIVERED, DEF_FROZEN_DELIVERED, &var_frozen_delivered,
VAR_STRICT_MBOX_OWNER, DEF_STRICT_MBOX_OWNER, &var_strict_mbox_owner,
0, 0,
}; };

6
postfix/src/local/mailbox.c
View File

@ -194,6 +194,12 @@ static int deliver_mailbox_file(LOCAL_STATE state, USER_ATTR usr_attr)
vstream_fclose(mp->fp); vstream_fclose(mp->fp);
dsb_simple(why, "5.2.0", dsb_simple(why, "5.2.0",
"destination %s is not a regular file", mailbox); "destination %s is not a regular file", mailbox);
} else if (var_strict_mbox_owner && st.st_uid != usr_attr.uid) {
vstream_fclose(mp->fp);
dsb_simple(why, "4.2.0",
"destination %s is not owned by recipient", mailbox);
msg_warn("specify \"%s = no\" to ignore mailbox ownership mismatch",
VAR_STRICT_MBOX_OWNER);
} else { } else {
end = vstream_fseek(mp->fp, (off_t) 0, SEEK_END); end = vstream_fseek(mp->fp, (off_t) 0, SEEK_END);
mail_copy_status = mail_copy(COPY_ATTR(state.msg_attr), mp->fp, mail_copy_status = mail_copy(COPY_ATTR(state.msg_attr), mp->fp,

2
postfix/src/util/vstream_tweak.c
View File

@ -115,7 +115,7 @@ int vstream_tweak_tcp(VSTREAM *fp)
*/ */
#ifdef VSTREAM_CTL_BUFSIZE #ifdef VSTREAM_CTL_BUFSIZE
if (mss > 0) { if (mss > 0) {
if (mss < __MAXINT__(ssize_t) /2) if (mss < INT_MAX / 2)
mss *= 2; mss *= 2;
vstream_control(fp, vstream_control(fp,
VSTREAM_CTL_BUFSIZE, (ssize_t) mss, VSTREAM_CTL_BUFSIZE, (ssize_t) mss,

6
postfix/src/virtual/mailbox.c
View File

@ -125,6 +125,12 @@ static int deliver_mailbox_file(LOCAL_STATE state, USER_ATTR usr_attr)
msg_warn("recipient %s: destination %s is not a regular file", msg_warn("recipient %s: destination %s is not a regular file",
state.msg_attr.rcpt.address, usr_attr.mailbox); state.msg_attr.rcpt.address, usr_attr.mailbox);
dsb_simple(why, "5.3.5", "mail system configuration error"); dsb_simple(why, "5.3.5", "mail system configuration error");
} else if (var_strict_mbox_owner && st.st_uid != usr_attr.uid) {
vstream_fclose(mp->fp);
dsb_simple(why, "4.2.0",
"destination %s is not owned by recipient", usr_attr.mailbox);
msg_warn("specify \"%s = no\" to ignore mailbox ownership mismatch",
VAR_STRICT_MBOX_OWNER);
} else { } else {
end = vstream_fseek(mp->fp, (off_t) 0, SEEK_END); end = vstream_fseek(mp->fp, (off_t) 0, SEEK_END);
mail_copy_status = mail_copy(COPY_ATTR(state.msg_attr), mp->fp, mail_copy_status = mail_copy(COPY_ATTR(state.msg_attr), mp->fp,

10
postfix/src/virtual/virtual.c
View File

@ -183,6 +183,10 @@
/* .IP "\fBvirtual_transport (virtual)\fR" /* .IP "\fBvirtual_transport (virtual)\fR"
/* The default mail delivery transport and next-hop destination for /* The default mail delivery transport and next-hop destination for
/* final delivery to domains listed with $virtual_mailbox_domains. /* final delivery to domains listed with $virtual_mailbox_domains.
/* .PP
/* Available in Postfix version 2.5.3 and later:
/* .IP "\fBstrict_mailbox_ownership (yes)\fR"
/* Defer delivery when a mailbox file is not owned by its recipient.
/* LOCKING CONTROLS /* LOCKING CONTROLS
/* .ad /* .ad
/* .fi /* .fi
@ -329,6 +333,7 @@ char *var_virt_mailbox_base;
char *var_virt_mailbox_lock; char *var_virt_mailbox_lock;
int var_virt_mailbox_limit; int var_virt_mailbox_limit;
char *var_mail_spool_dir; /* XXX dependency fix */ char *var_mail_spool_dir; /* XXX dependency fix */
bool var_strict_mbox_owner;
/* /*
* Mappings. * Mappings.
@ -504,6 +509,10 @@ int main(int argc, char **argv)
VAR_VIRT_MAILBOX_LOCK, DEF_VIRT_MAILBOX_LOCK, &var_virt_mailbox_lock, 1, 0, VAR_VIRT_MAILBOX_LOCK, DEF_VIRT_MAILBOX_LOCK, &var_virt_mailbox_lock, 1, 0,
0, 0,
}; };
static const CONFIG_BOOL_TABLE bool_table[] = {
VAR_STRICT_MBOX_OWNER, DEF_STRICT_MBOX_OWNER, &var_strict_mbox_owner,
0,
};
/* /*
* Fingerprint executables and core dumps. * Fingerprint executables and core dumps.
@ -513,6 +522,7 @@ int main(int argc, char **argv)
single_server_main(argc, argv, local_service, single_server_main(argc, argv, local_service,
MAIL_SERVER_INT_TABLE, int_table, MAIL_SERVER_INT_TABLE, int_table,
MAIL_SERVER_STR_TABLE, str_table, MAIL_SERVER_STR_TABLE, str_table,
MAIL_SERVER_BOOL_TABLE, bool_table,
MAIL_SERVER_PRE_INIT, pre_init, MAIL_SERVER_PRE_INIT, pre_init,
MAIL_SERVER_POST_INIT, post_init, MAIL_SERVER_POST_INIT, post_init,
MAIL_SERVER_PRE_ACCEPT, pre_accept, MAIL_SERVER_PRE_ACCEPT, pre_accept,