diff --git a/postfix/COMPATIBILITY b/postfix/COMPATIBILITY index 76803407a..e9a27b111 100644 --- a/postfix/COMPATIBILITY +++ b/postfix/COMPATIBILITY @@ -7,10 +7,10 @@ aliases yes (can enable/disable mail to /file or |command) bare newlines yes (but will send CRLF) blacklisting yes (client name/addr; helo hostname; mail from; rcpt to) -content filter yes +content filter yes (see FILTER_README) db tables yes (compile time option) dbm tables yes (compile time option) -delivered-to yes +delivered-to yes (configurable with prepend_delivered_header) dsn not yet (bounces have DSN form) errors-to: yes esmtp yes @@ -20,22 +20,22 @@ flock locking yes (runtime configurable) home mailbox yes ident lookup no ldap tables yes (contributed) -luser relay yes lmtp support yes (client) +luser relay yes m4 config no mail to command yes (configurable for .forward, aliases, :include:) mail to file yes (configurable for .forward, aliases, :include:) -maildir yes +maildir yes (in home, system mailspool, /file/name/ alias) mailertable yes (it's called transport) mailq yes majordomo yes (edit approve script to delete /delivered-to/i) mime conversion not yet; postfix uses just-send-eight -missing <> yes (most common address forms) mysql tables yes (contributed) netinfo tables yes (contributed) newaliases yes (main alias database only) nis tables yes nis+ tables not yet +no <> in smtp yes (most common address forms) pipeline option yes (server and client) pop/imap yes (with third-party daemons that use /var[/spool]/mail) qmqp server yes (with verp support) @@ -44,18 +44,18 @@ return-receipt: not yet sasl support yes (compile time option) sendmail -bt no sendmail -q yes -sendmail -qRxxx yes +sendmail -qRxxx yes (for domains specified in fast_flush_domains) sendmail -qSxxx no sendmail -qtime ignored -sendmail -v no +sendmail -v yes (but does not show delivery) sendmail.cf no (uses table-driven address rewriting) size option yes, server and client -smarthost yes +smarthost yes (specify relayhost in main.cf) tcp wrapper no (use built-in blacklist facility) user+extension yes (also: .forward+extension) user-extension yes (also: .forward-extension) user.lock yes (runtime configurable) uucp support yes (sends user@domain recipients) verp support yes (delimiters are configurable) -virtual domains yes +virtual domains yes (via local delivery agent and via dedicated delivery agent) year 2000 safe yes diff --git a/postfix/COPYRIGHT b/postfix/COPYRIGHT new file mode 100644 index 000000000..beb9c97d9 --- /dev/null +++ b/postfix/COPYRIGHT @@ -0,0 +1,35 @@ +Included for the use of the fix_strcasecmp.c module which works +around a Solaris problem. + +/* + * Copyright (c) 1987, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ diff --git a/postfix/HISTORY b/postfix/HISTORY index 90bf26024..5051f742a 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -5632,7 +5632,7 @@ Apologies for any names omitted. 20011116 Bugfix: consolidated all the command transaction log resets - and eliminated one missing reset (Victor Duchovny, Morgan + and eliminated one missing reset (Victor Duchovni, Morgan Stanley). File: smtpd/smtpd.c. 20011118 @@ -5831,7 +5831,7 @@ Apologies for any names omitted. Cleanup: proper detection of big number overflow in EHLO and MAIL FROM size announcements, with input from Victor - Duchovny, Morgan Stanley. Files: global/off_cvt.c, + Duchovni, Morgan Stanley. Files: global/off_cvt.c, smtpd/smtpd.c, smtp/smtp_proto.c, util/alldig.c. Forward compatibility: added queue file record types for @@ -5906,7 +5906,7 @@ Apologies for any names omitted. Cleanup: SMTPD access maps now return DUNNO (undetermined) instead of OK when a recipient address contains multiple - domains (user@dom1@dom2, etcetera). Victor Duchovny, Morgan + domains (user@dom1@dom2, etcetera). Victor Duchovni, Morgan Stanley. File: smtpd/smtpd_check.c. 20020106 @@ -5920,7 +5920,7 @@ Apologies for any names omitted. queue directory, still referenced install.cf when setting maildrop directory group ownership; and the postfix command did not export the setgid_group parameter to the postfix-script - shell script. Victor Duchovny. + shell script. Victor Duchovni. Bugfix: postfix-script, when creating a missing public queue directory, did not set group ownership of the public @@ -5947,7 +5947,7 @@ Apologies for any names omitted. 20020111 Feedback: feedback, bugfixes, and brain-dead shell workarounds - for the install scripts by Victor Duchovny and Simon Mudd. + for the install scripts by Victor Duchovni and Simon Mudd. 20020113 @@ -5960,7 +5960,7 @@ Apologies for any names omitted. Bugfix: alternate_config_directories did not take comma or whitespace as separators. File: global/mail_conf.c. - Victor Duchovny, Norgan Stanley. + Victor Duchovni, Morgan Stanley. Bugfix: the rewritten postfix-install script did not chattr +S the Postfix queue. @@ -5977,8 +5977,257 @@ Apologies for any names omitted. that the startup shell scripts produce a consistent result. Files: postconf.c. +20020117 + + Portability: patch from LaMont Jones for compiling dict_ldap.c + with the Netscape SDK. + + Feature: added "r" (recursive chown/chgrp) flag to the + postfix-files database, for more convenient change of + Postfix queue ownership. Files: conf/postfix-files, + conf/post-install. + +20020122 + + Documentation: lots of little fixes. + + Documentation: updates for the VIRTUAL_README file by Victor + Duchovni, Morgan Stanley. + + Bugfix: postqueue -s dereferenced a null pointer when given + a numerical domain argument. LaMont Jones, HP. + + Cleanup: smtpd now logs a warning when permit_sasl_authenticated + is used while SASL authentication is disabled, instead of + simply ignoring the restriction. LaMont Jones, HP. File: + smtpd/smtpd.c. + + Safety: when postmap creates a non-existent file, the new + file inherits group/other read permissions from the source + file. Based on code by LaMont Jones, HP. File: + postmap/postmap.c. + +20020123 + + Portability: some Linux systems install libnsl.so without + libnsl.a file, causing an yp_match undefined reference + problem. File: makedefs. + +20020124 + + Portability: post-install now requests that command_directory + is given on the command line when the postconf command is + in an unusual place. + + Safety: extra code to detect and report Berkeley DB version + mismatches between compile time and run time. This test + is limited to mismatches in the major version number only. + File: util/dict_db.c. Based on code by Lawrence Greenfield, + Carnegie-Mellon university. + + Safety: the postfix command and the master daemon abort if + they are running set-uid. + + Documentation: the postmap manual page described an out of + date input file format. + +20020129 + + Workaround: SCO version 3.2 can't ioctl(FIONREAD) a pipe. + Therefore, input mail flow control is disabled by default. + Files: makedefs, global/mail_params.h, conf/main.cf. + Problem reported by Kurt Andersen, Agilent. + +20020201 + + Workaround: changed the default smtpd_null_access_lookup_key + setting to <>, because some Bezerkeloid DB implementations + can't handle null-length lookup keys. File: global/mail_params.h. + + Bugfix: backed out a null-length address panic call by + ignoring the problem, like Postfix did in the past. File: + global/resolve_local.c. + + Safety: "postfix check" will now warn if /usr/lib/sendmail + and /usr/sbin/sendmail differ, and will propose to replace + one by a symlink to the other. File: conf/postfix-script. + +20020204 + + Sanity: additional permission checks for "postfix check" + that warn for setgid_group group ownership mismatches. by + Matthias Andree, uni-dortmund.de. File: conf/postfix-script. + + Bugfix: "postfix check" used a too simplistic way to + recognize file ownership (grepping ls output). It now uses + the recently discovered "find -prune". Peter Bieringer, + Matthias Andree. File: conf/postfix-script. + +20020218 + + Workaround: log a warning and disconnect when an SMTP client + ignores our negative replies and starts sending message + content without permission. File: smtpd/smtpd.c. + +20020220 + + Bugfix: mismatch in the file being locked by dict_dbm and + the file being locked by postmap, so that locks did not + work correctly. Victor Duchovni, Morgan Stanley. + +20020222 + + Workaround: Solaris bug 4380626: strcasecmp() and strncasecmp() + produce incorrect results with 8-bit characters. For example, + non-ASCII characters could compare equal to ASCII characters, + and that could result in any number of security problems. + Files: util/strcasecmp.c, COPYRIGHT (the BSD license). + + Bugfix: off-by-one error, causing a null byte to be written + outside dynamically allocated memory in the queue manager + with addresses of exactly 100 bytes long, resulting in + SIGSEGV on systems with an "exact fit" malloc routine. + Experienced by Ralf Hildebrandt; diagnosed by Victor + Duchovny. Files: *qmgr/qmgr_message.c. This is not a + security problem. + + Bugfix: make all recipient comparisons transitive, because + Solaris qsort() causes SIGSEGV errors otherwise. Victor + Duchovny, Morgan Stanley. File: *qmgr/qmgr_message.c. + +20020302 + + Bugfix: don't strip source route (@domain...:) when the + result would be an empty address. This avoids problems when + append_at_myorigin is set to "no" (which is not supported). + Problem reported by Charles McColgan, Big Fish Communications. + File: trivial-rewrite/rewrite.c. + +20020304 + + Cleanup: postqueue should not not complain when output + fails with "broken pipe". + +20020308 + + Bugfix? reply with 550 not 552 when content is rejected. + 552 is reserved for "too much mail". + + Documentation: add note to sendmail manual page that running + "sendmail -bs" as $mail_owner enables SMTP server UCE and + access control checks. This is meant for use from inetd etc. + Matthias Andree. + +20020311 + + Bugfix: DBM maps should use different files for locking + and for change detection. Problem reported by Victor + Duchovny, Morgan Stanley. Files: util/dict.h util/dict.c + util/dict_db.c util/dict_dbm.c global/mkmap.c local/alias.c. + +20020313 + + Bugfix: mailq could show addresses with unusual characters + twice. Problem reported by Victor Duchovny, Morgan Stanley. + File: showq/showq.c. + + Bugfix: null recipients weren't properly recorded in + bounce/defer logfiles. Such recipient addresses are not + accepted in SMTP mail, but they could appear within locally + submitted mail. File: bounce/bounce_append_service.c. + + Workaround: exempt processes running with the real userid + of root from safe_getenv() restrictions. The super-user + is supposed to know what she is doing. + +20020318 + + Workaround: Berkeley DB can't handle null key lookups, + which happen with HELO names ending in ".". Victor Duchovni, + Morgan Stanley. File: smtpd/smtpd_check.c. + + Logging: log a hint when mail is deferred because the + soft_bounce parameter is set. People sometimes forget to + turn it off. File: global/bounce.c. + +20020319 + + Cleanup: add a msg_warn() call when fork() fails in + pipe_command(), to make problems easier to investigate. + Chris Wedgwood. File: global/pipe_command.c. + +20020320 + + Feature: smtp_helo_name parameter to specify the hostname + or [ip.address] in HELO or EHLO commands. Files: smtp/smtp.c + smtp/smtp_proto.c. + +20020324 + + Cleanup: more graceful handling of long physical message + header lines upon input. Physical header lines can now + extend up to $header_size_limit characters. When a logical + message header is too long, the excess text is discarded + and Postfix no longer switches to body mode, to avoid + breaking MIME encapsulation. Based on code by Victor + Duchovni, Morgan Stanley. Files: cleanup/cleanup_out.c, + cleanup/cleanup_message.c. + + Cleanup: more graceful handling of long physical message + header or body lines upon output by the SMTP client. The + SMTP client output line length is controlled by a new + parameter smtp_line_length_limit (default: 990; specify 0 + to disable the limit). Long lines are folded by inserting + , to avoid breaking MIME encapsulation. + Based on code by Victor Duchovni, Morgan Stanley. File: + smtp/smtp_proto.c. + +20020325 + + Cleanup: allow additional text after a WARN command in a + header/body_checks pattern file, so that one can change + REJECT+text into WARN+text and vice versa. Based on code + by Fredrik Thulin, Stockholm University. + + Cleanup: log a warning when an unknown command is found in + a header/body_checks pattern file, or when additional text + is found after a command that does not expect additional + text. Based on code by Fredrik Thulin, Stockholm University. + + Bugfix: sendmail should not recognize "." as the end of + input when the current read operation started in the middle + of a line. Victor Duchovni, Morgan Stanley. File: + sendmail/sendmail.c. + +20020328 + + Portability fix for OPENSTEP and NEXTSTEP by Gerben Wierda. + File: util/sys_defs.h. + +20020329 + + Bugfix: defer_transports broke because the flush server + triggered mail delivery (as if ETRN was sent) while doing + some internal housekeeping of per-destination logfiles. + Problem experienced by LaMont Jones, HP. File: flush/flush.c. + + Bugfix: virtual mapping broke for addresses with embedded + whitespace. Fix by Victor Duchovni, Morgan Stanley. File: + cleanup/cleanup_map1n.c. + + Feature: configurable service name for the cleanup service. + Files: global/mail_params.[hc]. + + Feature: SASL version 2 support by Jason Hoos. + Open problems: + Low: sendmail does not store null command-line recipients. + + Low: have a configurable list of errno values for mailbox + or maildir delivery that result in deferral rather than + bouncing mail. + Low: don't do user@domain and @domain lookups in local_recipient_maps queries. diff --git a/postfix/INSTALL b/postfix/INSTALL index 0dcc558dc..b3e3b246f 100644 --- a/postfix/INSTALL +++ b/postfix/INSTALL @@ -84,7 +84,7 @@ If your system is supported, it is one of OpenBSD 2.x Reliant UNIX 5.x Rhapsody 5.x - SunOS 4.1.x + SunOS 4.1.x (with Postfix 1.1.0) SunOS 5.4..5.8 (Solaris 2.4..8) Ultrix 4.x (well, that was long ago) @@ -222,6 +222,11 @@ In order to install or upgrade Postfix: NB: this group was optional with older Postfix releases; it is now required. +- Optional: If you want to install symbol-stripped (non-debug) versions + of the Postfix programs and daemons, do: + + % strip bin/* libexec/* + - Run one of the following commands as the super-user: # make install (interactive version, first time install) @@ -276,10 +281,6 @@ and watch your syslog file for any error messages. Typical logfile names are: /var/log/maillog or /var/log/syslog. See /etc/syslog.conf for actual logfile names. -When it is run for the first time, the Postfix startup shell script -will create a bunch of subdirectories below the Postfix spool -directory. - In order to inspect the mail queue, use % sendmail -bp @@ -322,10 +323,6 @@ and watch your syslog file for any error messages. Typical logfile names are: /var/log/maillog or /var/log/syslog. See /etc/syslog.conf for actual logfile names. -When it is run for the first time, the Postfix startup shell script -will create a bunch of subdirectories below the Postfix spool -directory. - In order to inspect the mail queue, use % sendmail -bp @@ -360,10 +357,6 @@ and watch the syslog file for any complaints from the mail system. Typical logfile names are: /var/log/maillog or /var/log/syslog. See /etc/syslog.conf for actual logfile names. -When it is run for the first time, the Postfix startup shell script -will create a bunch of subdirectories below the Postfix spool -directory. - See also the "Care and feeding" section 13 below. 10 - Mandatory configuration file edits diff --git a/postfix/Makefile.in b/postfix/Makefile.in index 0dca600a9..429d62f1c 100644 --- a/postfix/Makefile.in +++ b/postfix/Makefile.in @@ -47,14 +47,6 @@ depend_update: || exit 1; \ done -cleanmakefiles: - set -e; for i in $(DIRS); do \ - (set -e; echo "[$$i]"; cd $$i; rm -f Makefile; \ - ../cleanup_makefile.pl Makefile.in >Makefile.new; \ - rm Makefile.in ; mv Makefile.new Makefile.in); \ - done; - rm -f Makefile; (set -e; sh makedefs && cat Makefile.in) >Makefile - tidy: clean rm -f Makefile */Makefile src/*/Makefile cp Makefile.init Makefile diff --git a/postfix/README_FILES/DB_README b/postfix/README_FILES/DB_README index d6609dd60..6d1bb797c 100644 --- a/postfix/README_FILES/DB_README +++ b/postfix/README_FILES/DB_README @@ -24,11 +24,17 @@ use something like: The exact pathnames depend on the DB version that you installed. For example, Berkeley DB version 2 installs in /usr/local/BerkeleyDB. -Beware, the file format produced by Berkeley DB version 1 is not +Warning: the file format produced by Berkeley DB version 1 is not compatible with that of versions 2 and 3 (versions 2 and 3 have the same format). If you switch between DB versions, then you may have to rebuild all your Postfix DB files. +Warning: if you use Berkeley DB version 2 or later, do not enable +DB 1.85 compatibility mode. Doing so would break fcntl file locking. + +Warning: if you use PERL to manipulate Postfix .db files, then you +need to use the same Berkeley DB version in PERL as in Postfix. + Building Postfix on BSD systems with a specific Berkeley DB version =================================================================== @@ -43,15 +49,16 @@ variant of the following commands: % make makefiles CCARGS=-I/usr/include/db2 AUXLIBS=-ldb2 % make -Beware, the file format produced by Berkeley DB version 1 is not +Warning: the file format produced by Berkeley DB version 1 is not compatible with that of versions 2 and 3 (versions 2 and 3 have the same format). If you switch between DB versions, then you may have to rebuild all your Postfix DB files. Warning: if you use Berkeley DB version 2 or later, do not enable -DB 1.85 compatibility mode. Doing so would break file locking on -Solaris, HP-UX, UNIXWARE, IRIX and other systems, causing mail to -be lost when you update a table while Postfix is running. +DB 1.85 compatibility mode. Doing so would break fcntl file locking. + +Warning: if you use PERL to manipulate Postfix .db files, then you +need to use the same Berkeley DB version in PERL as in Postfix. Building Postfix on Linux with a specific Berkeley DB version ============================================================= @@ -67,7 +74,13 @@ The reason is that the location of the default db.h include file changes randomly between vendors and between versions, so that Postfix has to choose the file for you. -Beware, the file format produced by Berkeley DB version 1 is not +Warning: the file format produced by Berkeley DB version 1 is not compatible with that of versions 2 and 3 (versions 2 and 3 have the same format). If you switch between DB versions, then you may have to rebuild all your Postfix DB files. + +Warning: if you use Berkeley DB version 2 or later, do not enable +DB 1.85 compatibility mode. Doing so would break fcntl file locking. + +Warning: if you use PERL to manipulate Postfix .db files, then you +need to use the same Berkeley DB version in PERL as in Postfix. diff --git a/postfix/README_FILES/FILTER_README b/postfix/README_FILES/FILTER_README index eb1f0b7fe..bc78fef7d 100644 --- a/postfix/README_FILES/FILTER_README +++ b/postfix/README_FILES/FILTER_README @@ -51,7 +51,7 @@ The /some/where/filter program can be a simple shell script like this: exit $? The idea is to first capture the message to file and then run the -content through run a third-party content filter program. If the +content through a third-party content filter program. If the mail cannot be captured to file, mail delivery is deferred by terminating with exit status 75 (EX_TEMPFAIL). If the content filter program finds a problem, the mail is bounced by terminating @@ -211,11 +211,19 @@ a dedicated listener on port localhost 10026: /etc/postfix/master.cf: localhost:10026 inet n - n - 10 smtpd - -o content_filter= -o myhostname=localhost.domain.name + -o content_filter= + -o local_recipient_maps= + -o myhostname=localhost.domain.name This is just another SMTP server. It is configured NOT to request -content filtering for incoming mail, has the same process limit -as the filter master.cf entry, and is configured to use a different -hostname in the greeting message (this is necessary for testing -when I simply use no filtering program and let the SMTP content -filtering interfaces talk directly to each other). +content filtering for incoming mail. The server has the same process +limit as the filter master.cf entry. + +The "-o local_recipient_maps=" is a safety in case you have specified +local_recipient_maps in the main.cf file. That setting could +interfere with content filtering. + +The SMTP server is configured to use a different hostname in the +greeting message (this is necessary for testing when I simply use +no filtering program and let the SMTP content filtering interfaces +talk directly to each other). diff --git a/postfix/README_FILES/INSTALL b/postfix/README_FILES/INSTALL new file mode 100644 index 000000000..b3e3b246f --- /dev/null +++ b/postfix/README_FILES/INSTALL @@ -0,0 +1,504 @@ +1 - Purpose of this document +============================ + +This document describes how to build, install and configure a +Postfix system so that it can do one of the following: + + - Send mail only, without changing an existing sendmail + installation. + + - Send and receive mail via a virtual host interface, still + without any change to an existing sendmail installation. + + - Replace sendmail altogether. + +2 - Typographical conventions +============================= + +In the instructions below, a command written as + + # command + +should be executed as the superuser. + +A command written as + + % command + +should be executed as an unprivileged user. + +3 - Documentation +================= + +Documentation is available as HTML web pages (point your browser +to html/index.html) and as UNIX-style man pages (point your MANPATH +environment variable to the `man' subdirectory; be sure to use an +absolute path). + +The sample configuration files in the `conf' directory have extensive +comments, but they may not describe every nuance of every feature. + +Many files have their own built-in manual page. Tools to extract +those embedded manual pages are available in the mantools directory. + +4 - Building on a supported system +================================== + +If your system is supported, it is one of + + AIX 3.2.5 + AIX 4.1.x + AIX 4.2.0 + BSD/OS 2.x + BSD/OS 3.x + BSD/OS 4.x + Darwin 1.x + FreeBSD 2.x + FreeBSD 3.x + FreeBSD 4.x + FreeBSD 5.x + HP-UX 9.x + HP-UX 10.x + HP-UX 11.x + IRIX 5.x + IRIX 6.x + Linux Debian 1.3.1 + Linux Debian 2.x + Linux RedHat 4.x + Linux RedHat 5.x + Linux RedHat 6.x + Linux RedHat 7.x + Linux Slackware 3.x + Linux Slackware 4.x + Linux Slackware 7.x + Linux SuSE 5.x + Linux SuSE 6.x + Linux SuSE 7.x + Mac OS X + NEXTSTEP 3.x + NetBSD 1.x + OPENSTEP 4.x + OSF1.V3 (Digital UNIX) + OSF1.V4 aka Digital UNIX V4 + OSF1.V5 aka Digital UNIX V5 + OpenBSD 2.x + Reliant UNIX 5.x + Rhapsody 5.x + SunOS 4.1.x (with Postfix 1.1.0) + SunOS 5.4..5.8 (Solaris 2.4..8) + Ultrix 4.x (well, that was long ago) + +or something closely resemblant. + +On Solaris, the "make" command and other utilities for software +development are in /usr/ccs/bin, so you MUST have /usr/ccs/bin in +your command search path. + +If you need to build Postfix for multiple architectures, use the +lndir command to build a shadow tree with symbolic links to the +source files. lndir is part of X11R6. + +If at any time in the build process you get messages like: "make: +don't know how to ..." you should be able to recover by running +the following command from the Postfix top-level directory: + + % make -f Makefile.init makefiles + +If you copied the Postfix source code after building it on another +machine, it is a good idea to cd into the top-level directory and + + % make tidy + +first. This will get rid of any system dependencies left over from +compiling the software elsewhere. + +To build with GCC, or with the native compiler if people told me +that is better for your system, just cd into the top-level Postfix +directory of the source tree and type: + + % make + +To build with a non-default compiler, you need to specify the name +of the compiler: + + % make makefiles CC=/opt/SUNWspro/bin/cc (Solaris) + % make + + % make makefiles CC="/opt/ansic/bin/cc -Ae" (HP-UX) + % make + + % make makefiles CC="purify cc" + % make + +and so on. In some cases, optimization is turned off automatically. + +In order to build with non-default settings, for example, with a +configuration directory other than /etc/postfix, use: + + % make makefiles CCARGS=-DDEF_CONFIG_DIR=\\\\\\\"/some/where\\\\\\\" + % make + +That's seven backslashes :-) But at least this works with sh and csh. + +In order to build Postfix for very large applications, where you +expect to run more than 1000 delivery processes, you may need to +override the definition of the FD_SETSIZE macro to make select() +work correctly: + + % make makefiles CCARGS=-DFD_SETSIZE=2048 + +In any case, if the command + + % make + +produces compiler error messages, it may be time to examine the +FAQ document (see htlm/faq.html). + +5 - Porting to on an unsupported system +======================================= + +- Each system type is identified by a unique name. Examples: +SUNOS5, FREEBSD4, and so on. Choose a SYSTEMTYPE name for the new +system. You must use a name that includes at least the major version +of the operating system (such as SUNOS4 or LINUX2), so that different +releases of the same system can be supported without confusion. + +- Add a case statement to the "makedefs" shell script in the +top-level directory that recognizes the new system reliably, and +that emits the right system-specific information. Be sure to make +the code robust against user PATH settings; if the system offers +multiple UNIX flavors (e.g. BSD and SYSV) be sure to build for the +native flavor, not the emulated one. + +- Add an #ifdef SYSTEMTYPE section to the central util/sys_defs.h +include file. You may have to invent new feature macros. Please +choose sensible feature macro names such as HAS_DBM or +FIONREAD_IN_SYS_FILIO_H. I strongly recommend against #ifdef +SYSTEMTYPE dependencies in individual source files. This may seem +to be the quickest solution, but it will create a mess that becomes +increasingly difficult to maintain over time. Moreover, with the +next port you'd have to place #ifdefs all over the source code +again. + +6 - Installing the software after successful compilation +======================================================== + +This text describes how to install Postfix from source code. See +the PACKAGE_README file if you are building a package for distribution +to other systems. + +IMPORTANT: if you are REPLACING an existing sendmail installation +with Postfix, you may need to keep the old sendmail program running +for some time in order to flush the mail queue. As superuser, +execute the following commands (your sendmail, newaliases and mailq +programs may be in a different place): + + # mv /usr/sbin/sendmail /usr/sbin/sendmail.OFF + # mv /usr/bin/newaliases /usr/bin/newaliases.OFF + # mv /usr/bin/mailq /usr/bin/mailq.OFF + # chmod 755 /usr/sbin/sendmail.OFF /usr/bin/newaliases.OFF \ + /usr/bin/mailq.OFF + +In order to install or upgrade Postfix: + +- Create a user account "postfix" with a user id and group id that + are not used by any other user account. Preferably, this is an + account that no-one can log into. The account does not need an + executable login shell, and needs no existing home directory. + My password file entry looks like this: + + postfix:*:12345:12345:postfix:/no/where:/no/shell + +- Make sure there is a corresponding alias in /etc/aliases: + + postfix: root + +- Create a group "postdrop" with a group id that is not used by + any other user account. Not even by the postfix user account. + My group file entry looks like: + + postdrop:*:54321: + + NB: this group was optional with older Postfix releases; it is + now required. + +- Optional: If you want to install symbol-stripped (non-debug) versions + of the Postfix programs and daemons, do: + + % strip bin/* libexec/* + +- Run one of the following commands as the super-user: + + # make install (interactive version, first time install) + # make upgrade (non-interactive version, for upgrades) + + The non-interactive version needs the /etc/postfix/main.cf file + from a previous installation. If the file does not exist, use + interactive installation instead. + + The interactive version offers suggestions for pathnames that + you can override interactively, and stores your preferences in + /etc/postfix/main.cf for convenient future upgrades. + +- Proceed to the section on how you wish to run Postfix on your + particular machine: + + - Send mail only, without changing an existing sendmail + installation (section 7). + + - Send and receive mail via a virtual host interface, still + without any change to an existing sendmail installation + (section 8). + + - Replace sendmail altogether (section 9). + +7 - Configuring Postfix to send mail only +========================================= + +If you are going to use Postfix to send mail only, there is no need +to change your existing sendmail setup. Instead, set up your mail +user agent so that it calls the Postfix sendmail program directly. + +Follow the instructions in the "Mandatory configuration file edits" +in section 10, and review the "To chroot or not to chroot" text in +section 11. + +You MUST comment out the `smtp inet' entry in /etc/postfix/master.cf, +in order to avoid conflicts with the real sendmail. + +Start the Postfix system: + + # postfix start + +or, if you feel nostalgic, use the Postfix sendmail command: + + # sendmail -bd -qwhatever + +and watch your syslog file for any error messages. + + % egrep '(reject|warning|error|fatal|panic):' /some/log/file + +Typical logfile names are: /var/log/maillog or /var/log/syslog. +See /etc/syslog.conf for actual logfile names. + +In order to inspect the mail queue, use + + % sendmail -bp + +See also the "Care and feeding" section 13 below. + +8 - Configuring Postfix to send and receive mail (virtual interface) +==================================================================== + +Alternatively, you can use the Postfix system to send AND receive +mail while leaving your sendmail setup intact, by running Postfix +on a virtual interface address. Simply configure your mail user +agent to directly invoke the Postfix sendmail program. + +The examples/virtual-setup directory gives instructions for setting +up virtual interfaces for a variety of UNIX versions. + +In the /etc/postfix/main.cf file, I would specify + + myhostname = virtual.host.name + inet_interfaces = $myhostname + mydestination = $myhostname + +Follow the instructions in the "Mandatory configuration file edits" +in section 10, and review the "To chroot or not to chroot" text in +section 11. + +Start the mail system: + + # postfix start + +or, if you feel nostalgic, use the Postfix sendmail program: + + # sendmail -bd -qwhatever + +and watch your syslog file for any error messages. + + % egrep '(reject|warning|error|fatal|panic):' /some/log/file + +Typical logfile names are: /var/log/maillog or /var/log/syslog. +See /etc/syslog.conf for actual logfile names. + +In order to inspect the mail queue, use + + % sendmail -bp + +See also the "Care and feeding" section 13 below. + +9 - Turning off sendmail forever +================================ + +Prior to installing Postfix you should save the existing sendmail +program files as described in section 6. + +Be sure to keep the old sendmail running for at least a couple +days to flush any unsent mail. To do so, stop the sendmail daemon +and restart it as: + + # /usr/sbin/sendmail.OFF -q + +After you have visited the "Mandatory configuration file edits" +section below, you can start the Postfix system with + + # postfix start + +But the good old sendmail way works just as well: + + # sendmail -bd -qwhatever + +and watch the syslog file for any complaints from the mail system. + + % egrep '(reject|warning|error|fatal|panic):' /some/log/file + +Typical logfile names are: /var/log/maillog or /var/log/syslog. +See /etc/syslog.conf for actual logfile names. + +See also the "Care and feeding" section 13 below. + +10 - Mandatory configuration file edits +======================================= + +By default, Postfix configuration files are in /etc/postfix, and +must be owned by root. Giving someone else write permission to +main.cf or master.cf means giving root privileges to that person. + +Whenever you make a change to a config file, execute the following +command in order to refresh a running mail system: + + # postfix reload + +In /etc/postfix/main.cf you will have to set up a minimal number of +configuration parameters. Postfix configuration parameters +resemble shell variables. You specify a variable as + + parameter = value + +and you use it by putting a $ in front of its name: + + other_parameter = $parameter + +You can use $parameter before it is given a value. The Postfix +configuration language uses lazy evaluation, and does not look at +a parameter value until it is needed at runtime. + +First of all, you must specify what domain will be appended to an +unqualified address (i.e. an address without @domain.name). The +"myorigin" parameter defaults to the local hostname, but that is +probably OK only for very small sites. + +Some examples: + + myorigin = $myhostname + myorigin = $mydomain + +In the first case, local mail goes out as user@$myhostname, in +the second case the sender address is user@$mydomain. + +Next you need to specify what mail addresses Postfix should deliver +locally. + +Some examples: + + mydestination = $myhostname, localhost.$mydomain + mydestination = $myhostname, localhost.$mydomain, $mydomain + mydestination = $myhostname + +The first example is appropriate for a workstation, the second is +appropriate for the mailserver for an entire domain. The third +example should be used when running on a virtual host interface. + +If your machine is on an open network then you must specify what +client IP addresses are authorized to relay their mail through your +machine. The default setting includes all class A, B or C networks +that the machine is attached to. Often, that gives relay permission +to too many clients. My own settings are: + + mynetworks = 168.100.189.0/28, 127.0.0.0/8 + +If you're behind a firewall, you should set up a relayhost. If +you can, specify the organizational domain name so that Postfix +can use DNS lookups, and so that it can fall back to a secondary +MX host when the primary MX host is down. Otherwise just specify +a hard-coded hostname. + +Some examples: + + relayhost = $mydomain + relayhost = mail.$mydomain + relayhost = [mail.$mydomain] + +The form enclosed with [] eliminates DNS MX lookups. + +By default, the SMTP client will do DNS lookups for sender and +recipient addresses even when you specify a relay host. If your +machine has no access to a DNS server, turn off SMTP client DNS +lookups like this: + + disable_dns_lookups = yes + +The FAQ (html/faq.html) has more hints and tips for firewalled +and/or dial-up networks. + +Finally, if you haven't used Sendmail prior to using Postfix, you +will have to build the alias database (with: sendmail -bi, or: +newaliases). Be sure to set up aliases for root and postmaster that +forward mail to a real person. Postfix has a sample aliases file +conf/aliases that you can adapt to local conditions. + +11 - To chroot or not to chroot +=============================== + +Postfix can run most daemon processes in a chroot jail, that is, +the processes run at a fixed low privilege and with access only to +the Postfix queue directories (/var/spool/postfix). This provides +a significant barrier against intrusion. The barrier is not +impenetrable, but every little bit helps. + +With the exception of the Postfix local delivery and `pipe' daemons, +every Postfix daemon can run chrooted. + +Sites with high security requirements should consider to chroot +all daemons that talk to the network: the smtp and smtpd processes, +and perhaps also the lmtp client. + +The default /etc/postfix/master.cf file specifies that no Postfix +daemon runs chrooted. In order to enable chroot operation, edit +the file /etc/postfix/master.cf. Instructions are in the file. + +Note that a chrooted daemon resolves all filenames relative to the +Postfix queue directory (/var/spool/postfix). For successful use +of a chroot jail, most UNIX systems require you to bring in some +files or device nodes. The examples/chroot-setup directory has a +collection of scripts that help you set up chroot environments for +Postfix systems. + +12 - Care and feeding of the Postfix system +=========================================== + +The Postfix programs log all problems to the syslog daemon. The +names of logfiles are specified in /etc/syslog.conf. Note: the +syslogd will not create files. You must create them ahead of time +before (re)starting syslogd. At the very least you need something +like: + + mail.err /dev/console + mail.debug /var/log/maillog + +Hopefully, the number of problems will be small, but it is a good +idea to run every night before the syslog files are rotated: + + # postfix check + # egrep '(reject|warning|error|fatal|panic):' /some/log/file + +Typical logfile names are: /var/log/maillog or /var/log/syslog. +See /etc/syslog.conf for actual logfile names. + +The first line (postfix check) causes Postfix to report file +permission/ownership discrepancies. + +The second line looks for problem reports from the mail software, +and reports how effective the anti-relay and anti-UCE blocks are. diff --git a/postfix/README_FILES/NFS_README b/postfix/README_FILES/NFS_README index ac489de7d..06ce4ecb8 100644 --- a/postfix/README_FILES/NFS_README +++ b/postfix/README_FILES/NFS_README @@ -5,29 +5,24 @@ > or not. Postfix jumps several hoops in order to deal with NFS-specific -brain damage, however some operations can fail irrecoverably. This -is why Wietse makes no promises about Postfix reliability on NFS. +problems. Thus, Postfix on NFS is slightly less reliable than +Postfix on a local disk. That is not a problem in Postfix; the +problem is in NFS and affects other MTAs as well. For queue locking, NFS is not an issue because you cannot share -Postfix queues between Postfix instances anyawy. - -For mailbox locking, some systems use flock() by default (use: -``postconf mailbox_delivery_lock'' and ``postconf virtual_mailbox_lock'' -to find out about your system). flock() does not work over NFS. -This causes loss of mail when multiple hosts access the same -mailboxes. +Postfix queues with other Postfix instances. In order to have mailbox locking over NFS you have to configure everything to use fcntl() locks for mailbox access (or switch to maildir style, which needs no application-level lock controls). -To turn on fcntl locks with Postfix you specify: +To turn on fcntl mailbox locks with Postfix you specify: virtual_mailbox_lock = fcntl mailbox_delivery_lock = fcntl This is useful only if all mailbox access software uses fcntl() -locks. I have no information on how well fcntl() locks work on NFS. +locks. You can also "play safe" and throw in username.lock files: diff --git a/postfix/README_FILES/PACKAGE_README b/postfix/README_FILES/PACKAGE_README index cc1e9a7c8..11113515b 100644 --- a/postfix/README_FILES/PACKAGE_README +++ b/postfix/README_FILES/PACKAGE_README @@ -22,27 +22,14 @@ top of main.cf that advises the user of the existence of the sample-xxx files. Without the sample-xxx files, Postfix will be much more difficult to configure. -Postfix Installation parameter defaults -======================================= +Postfix Installation parameters +=============================== Postfix installation is controlled by a dozen installation parameters. -See the postfix-install and post-install files for details. Built-in -default settings can be changed at compile time with: - - % make makefiles CCARGS=whatever - -Names of C symbolic constants and their meaning: - - DEF_CONFIG_DIR default configuration directory - DEF_QUEUE_DIR default queue directory - DEF_DAEMON_DIR default daemon directory - DEF_COMMAND_DIR default command directory - DEF_SENDMAIL_PATH default Postfix sendmail command - DEF_MAILQ_PATH default Postfix mailq command - DEF_NEWALIAS_PATH default Postfix newaliases command - DEF_MANPAGE_DIR default manual page directory - DEF_SAMPLE_DIR default directory for sample configuration files - DEF_README_DIR default directory for README files +See the postfix-install and post-install files for details. Most +parameters have system-dependent default settings that aren't +configurable at compile time. This will hopefully be rectified in +a later release. Preparing a pre-built package for distribution to other systems =============================================================== diff --git a/postfix/README_FILES/SASL_README b/postfix/README_FILES/SASL_README index e334ca9fc..ccc22a2fb 100644 --- a/postfix/README_FILES/SASL_README +++ b/postfix/README_FILES/SASL_README @@ -26,13 +26,22 @@ RedHat 6.1, SASL 1.5.5 insisted on write access to /etc/sasldb. Note that this seems to be related to the auto_transition switch in SASL. Note also that the Cyrus SASL documentation says that it is pointless to enable that if you use "sasldb" for "pwcheck_method". +Later versions of the SASL 1.5.x series should also work. + +Postfix+SASL 2.1.1 appears to work on Mandrake Linux 8.1 (pwcheck_method +set to saslauthd or auxprop). Note that the 'auxprop' pwcheck_method +replaces the 'sasldb' method from SASL 1.5.x. Postfix may need +write access to /etc/sasldb2 if you use the auto_transition feature, +or if you use an authentication mechanism such as OTP (one-time +passwords) that needs to update secrets in the database. Introduction ============ The Postfix SASL support (RFC 2554) was originally implemented by Till Franke of SuSE Rhein/Main AG. The present code is a trimmed-down -version with only the bare necessities. +version with only the bare necessities. Support for SASL version 2 +was contributed by Jason Hoos. When receiving mail, Postfix logs the client-provided username, authentication method, and sender address to the maillog file, and @@ -50,21 +59,20 @@ to the server. Building the SASL library ========================= -Postfix appears to work with cyrus-sasl-1.5.5, which is available -from: +Postfix appears to work with cyrus-sasl-1.5.5 or cyrus-sasl-2.1.1, +which are available from: ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/ -IMPORTANT: if you install the Cyrus SASL libraries as per the default, -you will have to symlink /usr/lib/sasl -> /usr/local/lib/sasl. +IMPORTANT: if you install the Cyrus SASL libraries as per the +default, you will have to symlink /usr/lib/sasl -> /usr/local/lib/sasl +for version 1.5.5 or /usr/lib/sasl2 -> /usr/local/lib/sasl2 for +version 2.1.1. Reportedly, Microsoft Internet Explorer version 5 requires the non-standard SASL LOGIN authentication method. To enable this authentication method, specify ``./configure --enable-login''. -If you install the Cyrus SASL libraries as per the default, you -will have to symlink /usr/lib/sasl -> /usr/local/lib/sasl. - Building Postfix with SASL authentication support ================================================= @@ -74,17 +82,29 @@ and that the Cyrus SASL libraries are in /usr/local/lib. On some systems this generates the necessary Makefile definitions: +(for SASL version 1.5.5): % make tidy # if you have left-over files from a previous build % make makefiles CCARGS="-DUSE_SASL_AUTH -I/usr/local/include" \ AUXLIBS="-L/usr/local/lib -lsasl" +(for SASL version 2.1.1): + % make tidy # if you have left-over files from a previous build + % make makefiles CCARGS="-DUSE_SASL_AUTH -I/usr/local/include/sasl" \ + AUXLIBS="-L/usr/local/lib -lsasl2" + On Solaris 2.x you need to specify run-time link information, otherwise ld.so will not find the SASL shared library: +(for SASL version 1.5.5): % make tidy # if you have left-over files from a previous build % make makefiles CCARGS="-DUSE_SASL_AUTH -I/usr/local/include" \ AUXLIBS="-L/usr/local/lib -R/usr/local/lib -lsasl" +(for SASL version 2.1.1): + % make tidy # if you have left-over files from a previous build + % make makefiles CCARGS="-DUSE_SASL_AUTH -I/usr/local/include/sasl" \ + AUXLIBS="-L/usr/local/lib -R/usr/local/lib -lsasl2" + Enabling SASL authentication in the Postfix SMTP server ======================================================= @@ -101,23 +121,49 @@ In order to allow mail relaying by authenticated clients: smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated ... -In /usr/local/lib/sasl/smtpd.conf you need to specify how the server -should validate client passwords. +In /usr/local/lib/sasl/smtpd.conf (SASL version 1.5.5) or +/usr/local/lib/sasl2/smtpd.conf (SASL version 2.1.1) you need to +specify how the server should validate client passwords. In order to authenticate against the UNIX password database, try: +(SASL version 1.5.5) /usr/local/lib/sasl/smtpd.conf: pwcheck_method: pwcheck +(SASL version 2.1.1) + /usr/local/lib/sasl2/smtpd.conf: + pwcheck_method: pwcheck + The pwcheck daemon is contained in the cyrus-sasl source tarball. +Alternately, in SASL 1.5.27 and later (including 2.1.1), try: + +(SASL version 1.5.5) + /usr/local/lib/sasl/smtpd.conf: + pwcheck_method: saslauthd + +(SASL version 2.1.1) + /usr/local/lib/sasl2/smtpd.conf: + pwcheck_method: saslauthd + +The saslauthd daemon is also contained in the cyrus-sasl source +tarball. It is more flexible than the pwcheck daemon, in that it +can authenticate against PAM and various other sources. + In order to authenticate against SASL's own password database: +(SASL version 1.5.5) /usr/local/lib/sasl/smtpd.conf: pwcheck_method: sasldb -This will use the SASL password file (default: /etc/sasldb), which -is maintained with the saslpasswd command (part of the Cyrus SASL +(SASL version 2.1.1) + /usr/local/lib/sasl2/smtpd.conf: + pwcheck_method: auxprop + +This will use the SASL password file (default: /etc/sasldb in +version 1.5.5, or /etc/sasldb2 in version 2.1.1), which is maintained +with the saslpasswd or saslpasswd2 command (part of the Cyrus SASL software). On some poorly-supported systems the saslpasswd command needs to be run multiple times before it stops complaining. The Postfix SMTP server needs read access to the sasldb file - you may diff --git a/postfix/README_FILES/VIRTUAL_README b/postfix/README_FILES/VIRTUAL_README index 5f845dbcb..0a648ab08 100644 --- a/postfix/README_FILES/VIRTUAL_README +++ b/postfix/README_FILES/VIRTUAL_README @@ -147,24 +147,20 @@ types. virtual_uid_maps = hash:/etc/postfix/vuid virtual_gid_maps = hash:/etc/postfix/vgid - # All domains that have final delivery on this machine + # All domains that are listed in $mydestination are delivered + # with $local_transport, which is the virtual delivery agent. - mydestination = $myhostname virtual1.domain virtual2.domain + mydestination = + $myhostname localhost.$mydomain virtual1.domain virtual2.domain - # Reject unknown recipients at the SMTP port - - local_recipient_maps = $virtual_mailbox_maps - - # Define a virtual delivery agent if the entry doesn't already exist +Define a virtual delivery agent if the entry doesn't already exist: /etc/postfix/master.cf: virtual unix - n n - - virtual - # Example recipients, one UNIX-style mailbox, one qmail-style maildir: +Example recipients, one UNIX-style mailbox, one qmail-style maildir: /etc/postfix/vmailbox: - virtual1.domain dummy to prevent relay access denied errors - virtual2.domain dummy to prevent relay access denied errors test1@virtual1.domain test1 test2@virtual2.domain test2/ @@ -209,33 +205,30 @@ types. virtual_gid_maps = static:5000 transport_maps = hash:/etc/postfix/transport - # All domains that have final delivery on this machine + # All domains that are delivered by the local delivery agent. - mydestination = - $myhostname $localhost.$mydomain virtual1.domain virtual2.domain + mydestination = $myhostname $localhost.$mydomain - # Reject unknown local and virtual recipients at the SMTP port + # Reject unknown local recipients at the SMTP port. - local_recipient_maps = - unix:passwd.byname $alias_maps $virtual_mailbox_maps + local_recipient_maps = unix:passwd.byname $alias_maps - # Define a virtual delivery agent if the entry doesn't already exist +Define a virtual delivery agent if the entry doesn't already exist: /etc/postfix/master.cf: virtual unix - n n - - virtual - # Route specific domains to the virtual delivery agent; by default, - # mail for domains in $mydestination goes to the local delivery agent +Route virtual domains to the virtual delivery agent: /etc/postfix/transport: virtual1.domain virtual virtual2.domain virtual - # Example recipients, one UNIX-style mailbox, one qmail-style maildir: +Example recipients, one UNIX-style mailbox, one qmail-style maildir: /etc/postfix/vmailbox: - virtual1.domain dummy to prevent relay access denied errors - virtual2.domain dummy to prevent relay access denied errors + virtual1.domain required to prevent relay access denied errors + virtual2.domain required to prevent relay access denied errors test1@virtual1.domain test1 test2@virtual2.domain test2/ diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index a52c9e849..714eeb993 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -1,454 +1,401 @@ -Incompatible changes with snapshot-20020115 -=========================================== +In the text below, incompatible changes are labeled with the Postfix +snapshot that introduced the change. If you upgrade from a later +Postfix version, then you do not have to worry about that particular +incompatibility. -Another revision of installation procedures. The location of the -sample-xxx and XXX_README files is now specified with the -sample_directory and readme_directory parameters. +Official Postfix releases are called a.b.c where a=major release +number, b=minor release number, c=patchlevel. Snapshot releases +are now called a.b.c-yyyymmdd where yyyymmdd is the release date +(yyyy=year, mm=month, dd=day). The mail_release_date configuration +parameter contains the release date (both for official release and +snapshot release). Patches change the patchlevel and the release +date. Snapshots change only the release date, unless they include +the same bugfix as a patch release. -Incompatible changes with snapshot-20020113 -=========================================== +Incompatible changes with Postfix version 1.1.X (released XXXXXXXX) +=================================================================== -Another revision of installation procedures. The command interface -of the postfix-install and $config_directory/post-install scripts -has changed; see embedded documentation. postfix-install no longer has -hard-coded commands to install files: $config_directory/postfix-files -now controls what files are installed. The post-install script now -automatically saves installation parameters to the main.cf file. +The Postfix SMTP client now breaks message header or body lines +that are longer than $smtp_line_length_limit characters (default: +990). Earlier Postfix versions broke lines at $line_length_limit +characters (default: 2048). Postfix versions before 20010611 did +not break long lines at all. Reportedly, some mail servers refuse +to receive mail with lines that exceed the 1000 character limit +that is specified by the SMTP standard. -Incompatible changes with snapshot-20020111 -=========================================== +The Postfix SMTP client now breaks long message header or body +lines by inserting . Earlier Postfix versions +broke long lines by inserting only. This broke MIME +encapsulation, causing MIME attachments to "disappear" with Postfix +versions after 20010611. -Another revision of installation procedures. The command line -interface of the post-install script has changed; see embedded -documentation. The postfix-files file with information about -Postfix files and directories now contains $name variables rather -than directory names, user names and group names. You can now change -parameters such as mail_owner and setgid_group after installing -Postfix, and apply the correct file/directory ownerships and -permissions by executing the post-install script as: +Postfix now discards text when a logical message header exceeds +$header_size_limit characters (default: 102400). Earlier Postfix +versions would place excess text, and all following text, in the +message body. The same thing was done when a physical header line +exceeded $line_length_limit characters (default: 2048). Both +behaviors broke MIME encapsulation, causing MIME attachments to +"disappear" with all previous Postfix versions. - post-install set-permissions setgid_group=groupname +Incompatible changes with Postfix version 1.1.3 (released 20020201) +=================================================================== -Incompatible changes with snapshot-20020110 -=========================================== +In Postfix SMTPD access tables, Postfix now uses <> as the default +lookup key for the null address, in order to work around bugs in +some Berkeley DB implementations. This behavior is controlled with +the smtpd_null_access_lookup_key configuration parameter. -The INSTALL.sh installation procedure is replaced by a postfix-install -script that either installs Postfix on the local system (as root) -or that builds a package (as non-root) for distribution to other -systems. This script creates a file $config_directory/postfix-files -with ownership and permissions of Postfix files/directories. A -new $config_directory/post-install script applies the finishing -touch: it sets file/directory ownership and permissions, edits -existing configuration files, and creates missing queue directories. +On SCO 3.2 UNIX, the input rate flow control is now turned off by +default, because of limitations in the SCO UNIX kernel. -Incompatible changes with snapshot-20020106 -=========================================== +Incompatible changes with Postfix version 1.1.2 (released 20020125) +=================================================================== -Postfix will not run if it detects that the postfix user or group -ID are shared with other accounts on the system. The checks aren't -exhaustive (that would be too resource consuming) but should be -sufficient to encourage packagers and developers to do the right -thing. +Postfix now detects if the run-time Berkeley DB library routines +do not match the major version number of the compile-time include +file that was used for compiling Postfix. The software issues a +warning and aborts in case of a discrepancy. If it didn't, the +software was certain to crash with a segmentation violation. -This release modifies the existing master.cf file. The local pickup -service is now unprivileged, and the cleanup and flush service are -now "public". +Incompatible changes with Postfix version 1.1.1 (released 20020122) +=================================================================== -Should you have to back out to a previous release, then you must -1) edit the master.cf file, make the pickup service "privileged", -and make the cleanup and flush services "private"; 2) "chmod 755 -/var/spool/postfix/public". To revert to a world-writable mail -submission directory, "chmod 1733 /var/spool/postfix/maildrop". +When the postmap command creates a non-existent result file, the +new file inherits the group/other read permissions of the source +file. -If you run multiple Postfix instances on the same machine then you -now have to specify their configuration directories in the default -main.cf file as "alternate_config_directories = /dir1 /dir2 ...". -Otherwise, some Postfix commands will no longer work (namely, the -ones that are now implemented by set-group ID client programs). +Incompatible changes with Postfix version 1.1.0 (released 20020117) +=================================================================== -Postfix SMTP access maps no longer return OK for non-local recipient -mail addresses that contain multiple domains (user@dom1@dom2, -user%dom1@dom2, etcetera); the lookup now returns DUNNO (undetermined). -Non-local multi-domain addresses were already prohibited from -matching the permit_mx_backup and the relay_domains-based restrictions. +Changes are listed in order of decreasing importance, not release +date. -Major changes with snapshot-20020106 -==================================== +[snapshot-20010709] This release introduces a new queue file record +type that is used only for messages that actually use VERP (variable +envelope return path) support. With this sole exception, the queue +file format is entirely backwards compatible with the previous +official Postfix release (20010228, a.k.a. Postfix 1.0.0). -Simplification of the local Postfix security model. +[snapshot-20020106] This release modifies the existing master.cf +file. The local pickup service is now unprivileged, and the cleanup +and flush service are now "public". Should you have to back out to +a previous release, then you must 1) edit the master.cf file, make +the pickup service "privileged", and make the cleanup and flush +services "private"; 2) "chmod 755 /var/spool/postfix/public". To +revert to a world-writable mail submission directory, "chmod 1733 +/var/spool/postfix/maildrop". + +[snapshot-20020106, snapshot-20010808, snapshot-20011103, +snapshot-20011121] You must stop and restart Postfix because of +incompatible changes in the local Postfix security model and in +the Postfix internal protocols. Old and new components will not +work together. + +[snapshot-20020106] Simpler local Postfix security model. - No world-writable maildrop directory. Postfix now always uses the set-gid postdrop command for local mail submissions. The local mail pickup daemon is now an unprivileged process. -- No world-accessible pickup and queue manager server FIFOs. +- No world-accessible pickup and queue manager server FIFOs. -- A new set-gid postqueue command for the queue operations that - used to implemented by the Postfix sendmail command. +- New set-gid postqueue command for the queue list/flush operations + that used to implemented by the Postfix sendmail command. -Simplification of Postfix installation. +[snapshot-20020106..15] Simpler Postfix installation and upgrading. - All installation settings are now kept in the main.cf file, and - better default settings are now generated for sendmail_path etc. + better default settings are now generated for system dependent + pathnames such as sendmail_path etc. The install.cf file is no + longer used, except when upgrading from an older Postfix version. -- Non-default settings can be specified on the INSTALL.sh command +- Non-default installation parameter settings can (but do not have + to) be specified on the "make install" or "make upgrade" command line as name=value arguments. -Incompatible changes with snapshot-20011226 -=========================================== - -Postfix configuration file comments no longer continue on the next -line when that next line starts with whitespace. This change avoids -surprises, but it may cause unexpected behavior with existing, -improperly formatted, configuration files. Caveat user. - -Major changes with snapshot-20011226 -==================================== - -In Postfix configuration files, comment lines are allowed to begin -with whitespace, and multi-line input is no longer terminated by -a comment line, by an all whitespace line, or by an empty line. - -Postfix will now do null address lookups in SMTPD access maps. If -your access maps cannot store or look up null string key values, -specify "smtpd_null_access_lookup_key = <>" and the null sender -address will be looked up as <> instead. - -Incompatible changes with snapshot-20011210 -=========================================== - -Stricter checking of Postfix chroot configurations. The Postfix -startup procedure now warns if "system" directories (etc, bin, lib, -usr) under the Postfix top-level queue directory are not owned by -the super-user (usually the result of well-intended, but misguided, -applications of "chown -R postfix /var/spool/postfix). - -The Postfix sendmail command no longer exits with status 1 when -mail submission fails, but instead returns a sendmail-compatible -status code as defined in /usr/include/sysexits.h. - -Major changes with snapshot-20011210 -==================================== - -Updated LDAP client module by LaMont Jones, with control over -verbose logging of LDAP library routines. - -More usable virtual delivery agent, thanks to a new "static" map -type by Jeff Miller that always returns its map name as the lookup -result. This eliminates the need for per-recipient user ID and -group ID tables. See the VIRTUAL_README file for more details. - -Much-needed documentation on how to configure header/body filters: -sample regexp and pcre lookup tables for header/body filtering, -and updated examples in the regexp_table(5) and pcre_table(5) manual -pages. - -Configurable PIX firewall . bug workaround behavior: -the workaround is turned off when mail is queued for less than -$smtp_pix_workaround_threshold_time seconds (default: 500 seconds) -so that the workaround is normally enabled only for deferred mail. -The delay before sending . is now controlled by the -$smtp_pix_workaround_delay_time setting (default: 10 seconds). - -Major changes with snapshot-20011127 -==================================== - -New parameter smtpd_noop_commands to specify a list of commands -that the Postfix SMTP server treats as NOOP commands (no syntax -check, no state change). This is a workaround for misbehaving -clients that send unsupported commands such as ONEX. - -New header/body_check result "WARN" to make Postfix log a warning -about a header/body line without rejecting the content. - -Major changes with snapshot-20011125 -==================================== - -New parameter smtpd_sender_login_maps that specifies the (SASL) -login name that owns a MAIL FROM sender address. Specify a regexp -table in order to require a simple one-to-one mapping. - -New sender anti-spoofing restriction reject_sender_login_mismatch -that refuses a MAIL FROM address when $smtpd_sender_login_maps -specifies an owner but the client is not (SASL) logged in as the -MAIL FROM address owner, or when a client is (SASL) logged in but -does not own the address according to $smtpd_sender_login_maps. - -Incompatible changes with snapshot-20011121 -=========================================== - -The internal protocols have changed again, so you must "postfix -reload" if upgrading from a previous release. The change is from -base64 encoded strings to null-terminated strings (Postfix now -supports multiple encodings). - -Major changes with snapshot-20011121 -==================================== - -Configurable host/domain name wildcard matching behavior: choice -between "pattern `domain.name' matches string `host.domain.name'" -(to be deprecated in the future) and "pattern `.domain.name' matches -string `host.domain.name'" (to be preferred in the future). The -configuration parameter "parent_domain_matches_subdomains" specifies -which Postfix features use the behavior that will become deprecated. - -New "warn_if_reject" smtpd pseudo restriction that only warns if -the restriction that follows would reject mail. Look for file -records that contain the string "reject_warning". - -Disgusting workaround for a well-known CISCO PIX firewall bug that -causes the .LF> at the end of mail to be lost. The workaround -has no effect for other mail deliveries. - -mailbox_command_maps allows you to configure the external delivery -command per user (local delivery agent only). This feature has -precedence over mailbox_command and home_mailbox settings. - -Major changes with snapshot-20011103 -==================================== - -The protocol between Postfix daemons was replaced by something that -can be extended without breaking everything after each change, and -that can also be used to talk to non-Postfix programs. The format -of the protocols is described in src/util/attr_scan.c. - -In header/body_check files, REJECT can now be followed by text that -is sent to the originator. That feature was stuck waiting for years, -pending the internal protocol revision. - -Incompatible changes with snapshot-20011008 -=========================================== - -The Postfix SMTP server now rejects requests with a generic "try -again later" status (451 Server configuration error) when it detects -an error in smtp_{client,helo,sender,recipient,etrn}_restrictions -settings. More details about the problem are logged to the syslogd; -sending such information to random clients would be inappropriate. - -Postfix no longer flushes the entire mail queue after receiving an -ETRN request for a random domain name. Requests for random domain -names (i.e. names that do not match $fast_flush_domains) are now -rejected instead. - -The permit_mx_backup behavior is back to the behavior before snapshot -20010808. It accepts mail whenever the local MTA is listed in the -DNS as an MX relay host for a destination, even when you never gave -permission to do so. To restrict use of this feature, specify -network address blocks via the permit_mx_backup_networks parameter. -This requires that the primary MX hosts for the given destination -match the specified network blocks. - -Incompatible changes with snapshot-20010808 -=========================================== - -The default setting for the maps_rbl_domains parameter is now -"empty", because mail-abuse.org has become a subscription-based -service. The names of the RBL parameters haven't changed yet. - -The permit_mx_backup feature has changed. It now accepts mail only -when the primary MX hosts for the recipient match the networks that -are specified with the new auth_mx_backup_networks configuration -parameter. Postfix refuses to accept mail when permit_mx_backup -is used while auth_mx_backup_networks is not configured. [This -change was undone with a later release]. - -You must stop and start Postfix in order to switch between Snapshot -20010808 and earlier releases. The protocol between Postfix master -and child processes has changed. - -Major changes with snapshot-20010808 -==================================== - -Specify "disable_verp_bounces = yes" to have Postfix send one -RFC-standard, non-VERP, bounce report for multi-recipient mail, -even when VERP style delivery was requested. This reduces the -explosive behavior of bounces when sending mail to a list. - -Finer control over address masquerading. The masquerade_classes -parameter now controls header and envelope sender and recipient -addresses. With earlier Postfix versions, address masquerading -rewrote all addresses except for the envelope recipient. - -More rational behavior when a regexp or pcre map entry ends in -whitespace (i.e. ignore it, instead of not recognizing REJECT). - -More rational behavior when multiple hosts in $inet_interfaces -happen to have a common IP address (i.e. ignore the duplicate -address, instead of having the Postfix master abort at startup). - -Variable coupling between message receiving rates and message -delivery rates. When the message receiving rate exceeds the message -delivery rate, an SMTP server will pause for $in_flow_delay seconds -before accepting a message. This delay gives Postfix a chance -catch up and access the disk, while still allowing new mail to -arrive. - -This feature is on by default, but currently it has effect only -when mail arrives via a relatively small number of SMTP clients. -The code needs further development. It will change but I have not -enough time now. - -The in_flow_delay feature has effect mainly when your system is -being flooded through a limited number of SMTP connections. This -is useful for mass-mailing applications, because it can avoid the -need to hand-tune the optimal rate for sending mail into Postfix. - -The in_flow_delay feature has negligible effect when mail arrives -via many different SMTP connections. With the default limit of 50 -SMTP server processes and with the default $in_flow_delay of 1 -second, the mail inflow is limited to 50 messages per second more -than the number of messages that are delivered per second. Many -systems saturate at values much smaller than 50 messages per second. - -Incompatible changes with snapshot-20010714 -=========================================== - -Postfix delivery agents now refuse to create a missing maildir or -mail spool subdirectory when its parent directory is world writable. -This is necessary to prevent security problems with maildirs or -with hashed mailboxes under a world writable mail spool directory. - -Major changes with snapshot-20010714 -==================================== - -No major changes. What changes were made result in more polished -VERP (variable envelope return path) support and documentation, -and in updated documentation on how to use Postfix QMQP with the -ezmlm-idx mailing list manager. - -Incompatible changes with snapshot-20010709 -=========================================== - -This release introduces a new queue file record type that is used -only for messages that actually use VERP (variable envelope return -path) support. With this sole exception, the queue file format is -entirely backwards compatible with previous Postfix releases. - -The SMTP client now by default breaks lines > 2048 characters, to -avoid mail delivery problems with fragile SMTP server software. -To get the old behavior back, specify "smtp_break_lines = no" in -the Postfix main.cf file. - -With recipient_delimiter=+ (or any character other than -) Postfix -will now recognize address extensions even with owner-foo+extension -addresses. This change was necessary to make VERP useful for mailing -list bounce processing. - -Major changes with snapshot-20010709 -==================================== - -QMQP server support, so that Postfix can be used as a backend mailer -for the ezmlm-idx mailing list manager. You still need qmail to -drive ezmlm and to process mailing list bounces. The QMQP service -is disabled by default. To enable, follow the instructions in the -QMQP_README file. - -VERP (variable envelope return path) support. This is enabled by -default. See the VERP_README file for instructions. These instructions -need more examples for how to process bounces automatically. - -You can now reject unknown virtual(8) recipients at the SMTP port -by specifying a "domain.name whatever" entry in the tables specified -with virtual_mailbox_maps, similar to Postfix virtual(5) domains. -[virtual(8) is the Postfix virtual delivery agent, virtual(5) is -the Postfix virtual map. The two implement virtual domains in a -very different manner.] - -Specify "mail_spool_directory = /var/mail/" (note the trailing "/" -character) to enable maildir format for /var/mail/username. - -Incompatible changes with snapshot-20010610 -=========================================== - -The Postfix pipe delivery agent no longer automatically case-folds -the expansion of $user, $extension or $mailbox command-line macros. -Specify the 'u' flag to get the old behavior. - -Major changes with snapshot-20010610 -==================================== - -This release includes a workaround for a bug in old versions of -the CISCO PIX firewall software that caused mail to be resent -repeatedly to systems behind such a product. - -The pipe mail delivery agent now supports proper quoting of white -space and other special characters in the expansions of the $sender -and $recipient command-line macros. This was necessary for correct -operation of the "simple" content filter, and is also recommended -for delivery via UUCP or BSMTP. - -The pipe mail delivery agent now supports case folding the localpart -and/or domain part of expansions of the $nexthop, $recipient, $user, -$extension or $mailbox command-line macros. This is recommended -for mail delivery via UUCP. Bug: $nexthop is always case folded -because of problems in the queue manager code. - -Incompatible changes with snapshot-20010525 -=========================================== - -As per RFC 2821, the Postfix SMTP client now always sends EHLO at -the beginning of an SMTP session. Specify "smtp_always_send_ehlo -= no" for the old behavior, which is to send EHLO only when the -server greeting banner contains the word ESMTP. - -As per RFC 2821, an EHLO command in the middle of an SMTP session -resets the Postfix SMTP server state just like RSET. This behavior -cannot be disabled. - -The postfix-script file has changed: "postfix start" no longer does -a "find" on all Postfix directories for core files; instead, the -postsuper command now finds and renames all queue files whose names -do not match their message file inode number. - -Major changes with snapshot-20010525 -==================================== - -This release contains many little revisions of little details in -the light of the new RFC 2821 and RFC 2822 standards. Changes that -may affect interoperability are listed above under "incompatible -changes". Other little details are discussed in comments in the -source code. - -The postsuper queue maintenance tool now renames files whose name -(queue ID) does not match the message file inode number. This is -necessary after a Postfix mail queue is restored from another -machine or from backups. The feature is selected with the -s -option, which is the default. - -The postsuper queue maintenance tool has a new -r (requeue) option -for subjecting some or all queue files to another iteration of -address rewriting. This is useful after the virtual or canonical -maps have changed. - -The postsuper queue maintenance tool was extended with options to -read queue IDs from standard input. This makes the tool easier to -drive from scripts. - -Major changes with snapshot-20010502 -==================================== - -This snapshot release incorporates all the bugfixes of patch 02 -for the official Postfix release 20010228, and adds a few minor -features. - -The Postfix SMTP client now by default randomly shuffles destination -IP addresses of equal preference (whether obtained via MX lookup -or otherwise). Reportedly, this is needed for sites that use -Bernstein's dnscache program. Specify "smtp_randomize_addresses = -no" to disable this behavior. Based on shuffling code by Aleph1. - -"postmap -q -" and "postmap -d -" read key values from standard -input, which makes it easier to drive them from another program. -The same feature was added to the postalias command. - -The postsuper command now has an option to delete queue files. In -principle this command can be used while Postfix is running, but -there is a possibility of deleting the wrong queue file when Postfix -deletes a queue file and reuses the queue ID for a new message. -In that case, postsuper will delete the new message. - -Incompatible changes with snapshot-20010329 -=========================================== +- New postfix-files database (in /etc/postfix) with (pathname, + owner, permission) information about all Postfix-related files. + +- New postfix-install script replaces the awkward INSTALL.sh script. + This is driven by the postfix-files database. It has better + support for building packages for distribution to other systems. + See PACKAGE_README for details. + +- New post-install script (in /etc/postfix) for post-installation + maintenance of directory/file permissions and ownership (this is + used by "postfix check"). Example: + + # postfix stop + # post-install set-permissions mail_owner=username setgid_group=groupname + # postfix start + +[snapshot-20020106] Postfix will not run if it detects that the +postfix user or group ID are shared with other accounts on the +system. The checks aren't exhaustive (that would be too resource +consuming) but should be sufficient to encourage packagers and +developers to do the right thing. To fix the problem, use the above +post-install command, after you have created the appropriate new +mail_owner or setgid_group user or group IDs. + +[snapshot-20020106] If you run multiple Postfix instances on the +same machine you now have to specify their configuration directories +in the default main.cf file as "alternate_config_directories = +/dir1 /dir2 ...". Otherwise, some Postfix commands will no longer +work: the set-group ID postdrop command for mail submission and +the set-group ID postqueue command for queue listing/flushing. + +[snapshot-20010808] The default setting for the maps_rbl_domains +parameter is now "empty", because mail-abuse.org has become a +subscription-based service. The names of the RBL parameters haven't +changed. + +[snapshot-20020106] Postfix SMTP access maps will no longer return +OK for non-local multi-domain recipient mail addresses (user@dom1@dom2, +user%dom1@dom2, etcetera); the lookup now returns DUNNO (undetermined). +Non-local multi-domain recipient addresses were already prohibited +from matching the permit_mx_backup and the relay_domains-based +restrictions. + +[snapshot-20011210] Stricter checking of Postfix chroot configurations. +The Postfix startup procedure now warns if "system" directories +(etc, bin, lib, usr) under the Postfix top-level queue directory +are not owned by the super-user (usually the result of well-intended, +but misguided, applications of "chown -R postfix /var/spool/postfix). + +[snapshot-20011008] The Postfix SMTP server now rejects requests +with a generic "try again later" status (451 Server configuration +error) when it detects an error in smtp_{client, helo, sender, +recipient, etrn}_restrictions settings. More details about the +problem are logged to the syslogd; sending such information to +random clients would be inappropriate. + +[snapshot-20011008] Postfix no longer flushes the entire mail queue +after receiving an ETRN request for a random domain name. Requests +for domains that do not match $fast_flush_domains are now rejected +instead. + +[snapshot-20011226] Postfix configuration file comments no longer +continue on the next line when that next line starts with whitespace. +This change avoids surprises, but it may cause unexpected behavior +with existing, improperly formatted, configuration files. Caveat +user. Comment lines are allowed to begin with whitespace. Multi-line +input is no longer terminated by a comment line, by an all whitespace +line, or by an empty line. + +[snapshot-20010714] Postfix delivery agents now refuse to create +a missing maildir or mail spool subdirectory when its parent +directory is world writable. This is necessary to prevent security +problems with maildirs or with hashed mailboxes under a world +writable mail spool directory. + +[snapshot-20010525] As per RFC 2821, the Postfix SMTP client now +always sends EHLO at the beginning of an SMTP session. Specify +"smtp_always_send_ehlo = no" for the old behavior, which is to send +EHLO only when the server greeting banner contains the word ESMTP. + +[snapshot-20010525] As per RFC 2821, an EHLO command in the middle +of an SMTP session resets the Postfix SMTP server state just like +RSET. This behavior cannot be disabled. + +[snapshot-20010709] The SMTP client now by default breaks lines > +2048 characters, to avoid mail delivery problems with fragile SMTP +server software. To get the old behavior back, specify "smtp_break_lines += no" in the Postfix main.cf file. + +[snapshot-20010709] With recipient_delimiter=+ (or any character +other than -) Postfix will now recognize address extensions even +with owner-foo+extension addresses. This change was necessary to +make VERP useful for mailing list bounce processing. + +[snapshot-20010610] The Postfix pipe delivery agent no longer +automatically case-folds the expansion of $user, $extension or +$mailbox command-line macros. Specify the 'u' flag to get the old +behavior. + +[snapshot-20011210] The Postfix sendmail command no longer exits +with status 1 when mail submission fails, but instead returns a +sendmail-compatible status code as defined in /usr/include/sysexits.h. + +Major changes with Postfix version 1.1.0 (Released 20020117) +============================================================ + +Changes are listed in order of decreasing importance, not release +date. + +The nqmgr queue manager is now bundled with Postfix. It implements +a smarter scheduling strategy that allows ordinary mail to slip +past mailing list mail, resulting in better response. This queue +manager is expected to become the default queue manager shortly. + +[snapshot-20010709, snapshot-20010808] VERP (variable envelope +return path) support. This is enabled by default, including in +the SMTP server. See the VERP_README file for instructions. Specify +"disable_verp_bounces = yes" to have Postfix send one RFC-standard, +non-VERP, bounce report for multi-recipient mail, even when VERP +style delivery was requested. This reduces the explosive behavior +of bounces when sending mail to a list. + +[snapshot-20010709] QMQP server support, so that Postfix can be +used as a backend mailer for the ezmlm-idx mailing list manager. +You still need qmail to drive ezmlm and to process mailing list +bounces. The QMQP service is disabled by default. To enable, follow +the instructions in the QMQP_README file. + +[snapshot-20010709] You can now reject unknown virtual(8) recipients +at the SMTP port by specifying a "domain.name whatever" entry in +the tables specified with virtual_mailbox_maps, similar to Postfix +virtual(5) domains. [virtual(8) is the Postfix virtual delivery +agent, virtual(5) is the Postfix virtual map. The two implement +virtual domains in a very different manner.] + +[snapshot-20011121] Configurable host/domain name wildcard matching +behavior: choice between "pattern `domain.name' matches string +`host.domain.name'" (this is to be deprecated in the future) and +"pattern `.domain.name' matches string `host.domain.name'" (this +is to be preferred in the future). The configuration parameter +"parent_domain_matches_subdomains" specifies which Postfix features +use the behavior that will become deprecated. + +[snapshot-20010808] Variable coupling between message receiving +rates and message delivery rates. When the message receiving rate +exceeds the message delivery rate, an SMTP server will pause for +$in_flow_delay seconds before accepting a message. This delay +gives Postfix a chance catch up and access the disk, while still +allowing new mail to arrive. This feature currently has effect +only when mail arrives via a small number of SMTP clients. + +[snapshot-20010610, snapshot-20011121, snapshot-20011210] Workarounds +for a bug in old versions of the CISCO PIX firewall software that +caused mail to be resent repeatedly. The workaround has no effect +for other mail deliveries. The workaround is turned off when mail +is queued for less than $smtp_pix_workaround_threshold_time seconds +(default: 500 seconds) so that the workaround is normally enabled +only for deferred mail. The delay before sending . is now +controlled by the $smtp_pix_workaround_delay_time setting (default: +10 seconds). + +[snapshot-20011226] Postfix will now do null address lookups in +SMTPD access maps. If your access maps cannot store or look up +null string key values, specify "smtpd_null_access_lookup_key = +<>" and the null sender address will be looked up as <> instead. + +[snapshot-20011210] More usable virtual delivery agent, thanks to +a new "static" map type by Jeff Miller that always returns its map +name as the lookup result. This eliminates the need for per-recipient +user ID and group ID tables. See the VIRTUAL_README file for more +details. + +[snapshot-20011125] Anti-sender spoofing. New main.cf parameter +smtpd_sender_login_maps that specifies the (SASL) login name that +owns a MAIL FROM sender address. Specify a regexp table in order +to require a simple one-to-one mapping. New SMTPD restriction +reject_sender_login_mismatch that refuses a MAIL FROM address when +$smtpd_sender_login_maps specifies an owner but the client is not +(SASL) logged in as the MAIL FROM address owner, or when a client +is (SASL) logged in but does not own the address according to +$smtpd_sender_login_maps. + +[snapshot-20011121] The mailbox_command_maps parameter allows you +to configure the external delivery command per user (local delivery +agent only). This feature has precedence over the mailbox_command +and home_mailbox settings. + +[snapshot-20011121] New "warn_if_reject" smtpd UCE restriction that +only warns if the restriction that follows would reject mail. Look +for file records that contain the string "reject_warning". + +[snapshot-20011127] New header/body_check result "WARN" to make +Postfix log a warning about a header/body line without rejecting +the content. + +[snapshot-20011103] In header/body_check files, REJECT can now be +followed by text that is sent to the originator. That feature was +stuck waiting for years, pending the internal protocol revision. + +[snapshot-20011008] The permit_mx_backup feature allows you to +specify network address blocks via the permit_mx_backup_networks +parameter. This requires that the primary MX hosts for the given +destination match the specified network blocks. When no value is +given for permit_mx_backup_networks, Postfix will accept mail +whenever the local MTA is listed in the DNS as an MX relay host +for a destination, even when you never gave permission to do so. + +[snapshot-20010709] Specify "mail_spool_directory = /var/mail/" +(note the trailing "/" character) to enable maildir format for +/var/mail/username. + +[snapshot-20010808] Finer control over address masquerading. The +masquerade_classes parameter now controls header and envelope sender +and recipient addresses. With earlier Postfix versions, address +masquerading rewrote all addresses except for the envelope recipient. + +[snapshot-20010610] The pipe mail delivery agent now supports proper +quoting of white space and other special characters in the expansions +of the $sender and $recipient command-line macros. This was necessary +for correct operation of the "simple" content filter, and is also +recommended for delivery via UUCP or BSMTP. + +[snapshot-20010610] The pipe mail delivery agent now supports case +folding the localpart and/or domain part of expansions of the +$nexthop, $recipient, $user, $extension or $mailbox command-line +macros. This is recommended for mail delivery via UUCP. Bug: $nexthop +is always case folded because of problems in the queue manager +code. + +[snapshot-20010525] This release contains many little revisions of +little details in the light of the new RFC 2821 and RFC 2822 +standards. Changes that may affect interoperability are listed +above under "incompatible changes". Other little details are +discussed in comments in the source code. + +[snapshot-20010502] The Postfix SMTP client now by default randomly +shuffles destination IP addresses of equal preference (whether +obtained via MX lookup or otherwise). Reportedly, this is needed +for sites that use Bernstein's dnscache program. Specify +"smtp_randomize_addresses = no" to disable this behavior. Based on +shuffling code by Aleph1. + +[snapshot-20011127] New parameter smtpd_noop_commands to specify +a list of commands that the Postfix SMTP server treats as NOOP +commands (no syntax check, no state change). This is a workaround +for misbehaving clients that send unsupported commands such as +ONEX. + +[snapshot-20010502] "postmap -q -" and "postmap -d -" read key +values from standard input, which makes it easier to drive them +from another program. The same feature was added to the postalias +command. + +[snapshot-20010502] The postsuper command now has a command-line +option to delete queue files. In principle this command can be +used while Postfix is running, but there is a possibility of deleting +the wrong queue file when Postfix deletes a queue file and reuses +the queue ID for a new message. In that case, postsuper will delete +the new message. + +[snapshot-20010525] The postsuper queue maintenance tool now renames +files whose name (queue ID) does not match the message file inode +number. This is necessary after a Postfix mail queue is restored +from another machine or from backups. The feature is selected with +the -s option, which is the default, and runs whenever Postfix is +started. + +[snapshot-20010525] The postsuper queue maintenance tool has a new +-r (requeue) option for subjecting some or all queue files to +another iteration of address rewriting. This is useful after the +virtual or canonical maps have changed. + +[snapshot-20010525] The postsuper queue maintenance tool was extended +with options to read queue IDs from standard input. This makes the +tool easier to drive from scripts. + +[snapshot-20010329] Better support for running multiple Postfix +instances on one machine. Each instance can be recognized by its +logging (defaults: "syslog_name = postfix", "syslog_facility = +mail"). + +Major incompatible changes with release-20010228 Patch 01 (a.k.a. Postfix 1.0.1) +================================================================================ This release changes the names of the "fast ETRN" logfiles with delayed mail per destination. These files are maintained by the @@ -458,42 +405,72 @@ populate the new "fast ETRN" logfiles, execute the command "sendmail -q". The old "fast ETRN" logfiles go away by themselves (default: after 7 days). -Major changes with snapshot-20010329 -==================================== +Major incompatible changes with release-20010228 (a.k.a. Postfix 1.0.0) +======================================================================= -Better support for sites that run multiple Postfix instances on -one machine. Each instance can now be recognized by its logging -(default: "syslog_name = postfix"). File: global/mail_task.c. +[snapshot-20010225] POSTFIX NO LONGER RELAYS MAIL FOR CLIENTS IN +THE ENTIRE CLASS A/B/C NETWORK. To get the old behavior, specify +"mynetworks_style = class" in the main.cf file. The default +(mynetworks_style = subnet) is to relay for clients in the local +IP subnet. See conf/main.cf. -Workaround for nqmgr panic due to a race condition that was introduced -with the asynchronous bounce client. +[snapshot-20001005, snapshot-20010225] You must execute "postfix +stop" before installing this release. Some recommended parameter +settings have changed, and a new entry must be added to the master.cf +file before you can start Postfix again. -Workaround for hostile socket implementations that discard data -when a client closes a socket before the server reads the client -data. Postfix now closes the client socket in a background thread -that waits until the server closes the socket first. +1 - The recommended Postfix configuration no longer uses flat + directories for the "incoming" "active", "bounce", and "defer" + queue directories. The "flush" directory for the new "flush" + service directory should not be flat either. -Incompatible changes with snapshot-20010225 -=========================================== + Upon start-up, Postfix checks if the hash_queue_names configuration + parameter is properly set up, and will add any queue directory + names that are missing. -POSTFIX NO LONGER RELAYS MAIL FOR CLIENTS IN THE ENTIRE CLASS A/B/C -NETWORK. To get the old behavior, specify "mynetworks_style = class" -in the main.cf file. The default (mynetworks_style = subnet) is to -relay for clients in the local IP subnet. See conf/main.cf. +2 - In order to improve performance of one-to-one mail deliveries + the queue manager will now look at up to 10000 queue files + (was: 1000). The default qmgr_message_active_limit setting + was changed accordingly. -Incompatible changes with snapshot-20010222 -=========================================== + If you have a non-default qmgr_message_active_limit in main.cf, + you may want adjust it. -The incoming and deferred queue directories are now hashed by -default. This improves the performance considerably under heavy -load, at the cost of a small but noticeable slowdown when one runs -"mailq" on an unloaded system. +3 - The new "flush" service needs to be configured in master.cf. -Postfix no longer automatically delivers recipients one at a time -when their domain is listed in $mydestination. This change solves -delivery performance problems with delivery via LMTP, with virus -scanning, and with firewall relays that forward all mail for -$mydestination to an inside host. + Upon start-up, Postfix checks if the new "flush" service is + configured in the master.cf file, and will add an entry if it + is missing. + +Should you wish to back out to a previous Postfix release there is +no need to undo the above queue configuration changes. + +[snapshot-20000921] The protocol between queue manager and delivery +agents has changed. This means that you cannot mix the Postfix +queue manager or delivery agents with those of Postfix versions +prior to 20000921. This change does not affect Postfix queue file +formats. + +[snapshot-20000529] This release introduces an incompatible queue +file format change ONLY when content filtering is enabled (see text +in FILTER_README). Old Postfix queue files will work fine, but +queue files with the new content filtering info will not work with +Postfix versions before 20000529. Postfix logs a warning and moves +incompatible queue files to the "corrupt" mail queue subdirectory. + +Minor incompatible changes with release-20010228 +================================================ + +[snapshot-20010225] The incoming and deferred queue directories +are now hashed by default. This improves the performance considerably +under heavy load, at the cost of a small but noticeable slowdown +when one runs "mailq" on an unloaded system. + +[snapshot-20010222] Postfix no longer automatically delivers +recipients one at a time when their domain is listed in $mydestination. +This change solves delivery performance problems with delivery via +LMTP, with virus scanning, and with firewall relays that forward +all mail for $mydestination to an inside host. The "one recipient at a time" delivery behavior is now controlled by the per-transport recipient limit (xxx_destination_recipient_limit, @@ -518,134 +495,132 @@ the delivery mechanism): to the same domain. This is the default behavior for all other Postfix delivery agents. -The default settings are: local_destination_recipient_limit = 1, -local_destination_concurrency_limit = 2. Other delivery transports -have default recipient limits (50) and have default per-destination -concurrency limits (10). +[snapshot-20010128] The Postfix local delivery agent now enforces +mailbox file size limits (default: mailbox_size_limit = 51200000). +This limit affects all file write access by the local delivery +agent or by a process run by the local delivery agent. The purpose +of this parameter is to act as a safety for run-away software. It +cannot be a substitute for a file quota management system. Specify +a limit of 0 to disable. -Major changes with snapshot-20010202 -==================================== +[snapshot-20010128] REJECT in header/body_checks is now flagged as +policy violation rather than bounce, for consistency in postmaster +notifications. -The mailbox file size limits for the local and virtual delivery -agents can be disabled by setting mailbox_size_limit and/or -virtual_mailbox_limit to zero. +[snapshot-20010128] The default RBL (real-time blackhole lists) +domain examples have been changed from *.vix.com to *.mail-abuse.org. -Incompatible changes with snapshot-20010128 -=========================================== +[snapshot-20001210] Several interfaces of libutil and libglobal +routines have changed. This may break third-party code written +for Postfix. In particular, the safe_open() routine has changed, +the way the preferred locking method is specified in the sys_defs.h +file, as well as all routines that perform file locking. When +compiling third-party code written for Postfix, the incompatibilities +will be detected by the compiler provided that #include file +dependencies are properly maintained. -If this release does not work for you, you can go back to a previous -Postfix version without losing your mail, subject to the "incompatible -changes" listed for previous Postfix releases below. +[snapshot-20001210] When delivering to /file/name (as directed in +an alias or .forward file), the local delivery agent now logs a +warning when it is unable to create a /file/name.lock file. Mail +is still delivered as before. -REJECT in header/body_checks is now flagged as policy violation -rather than bounce, for consistency in postmaster notifications. +[snapshot-20001210] The "sun_mailtool_compatibility" feature is +going away (a compatibility mode that turns off kernel locks on +mailbox files). It still works, but a warning is logged. Instead +of using "sun_mailtool_compatibility", specify the mailbox locking +strategy as "mailbox_delivery_lock = dotlock". -New mailbox size limit for local delivery (default: 50MBytes). This -limit affects all file write access by the local delivery agent or -by a process run by the local delivery agent. The purpose of this -parameter is to act as a safety for run-away software. It cannot -be a substitute for a file quota management system. +[snapshot-20001210] The Postfix SMTP client now skips SMTP server +replies that do not start with "CODE SPACE" or with "CODE HYPHEN" +and flags them as protocol errors. Older Postfix SMTP clients +silently treated "CODE TEXT" as "CODE SPACE TEXT", i.e. as a valid +SMTP reply. -The default RBL (real-time blackhole lists) domain examples have -been updated from *.vix.com to *.mail-abuse.org. +[snapshot-20001121] On RedHat Linux 7.0, you must install the +db3-devel RPM before you can compile the Postfix source code. -Major changes with snapshot-20010128 -==================================== +[snapshot-20000924] The postmaster address in the "sorry" text at +the top of bounced mail is now just postmaster, not postmaster@machine. +The idea is to refer users to their own postmaster. -Updated nqmgr (experimental queue manager with clever queuing -strategy) by Patrik Rak. This code is still new. Once it stops -changing (for a long time!) it will become part of the non-beta -release. +[snapshot-20000921] The notation of [host:port] in transport tables +etc. is going away but it is still supported. The preferred form +is now [host]:port. This change is necessary to support IPV6 +address forms which use ":" as part of a numeric IP address. In a +future release, Postfix will log a warning when it encounters the +[host:port] form. -Virtual mailbox delivery agent by Andrew McNamara. This delivery -agent can deliver mail for any number of domains. See the file -VIRTUAL_README for detailed examples. This code is still new. Once -it stops changing it will become part of the non-beta release. +[snapshot-20000921] In mail headers, Errors-To:, Reply-To: and +Return-Receipt: addresses are now rewritten as a sender address +(was: recipient). -Many "valid_hostname" warnings were eliminated. The warnings that -were not eliminated were replaced by something more informative. +[snapshot-20000921] Postfix no longer inserts Sender: message +headers. -SASL support (RFC 2554) for the LMTP delivery agent. This is required -by recent Cyrus implementations when delivering mail over TCP -sockets. The LMTP_README file has been updated but still contains -some obsolete information. +[snapshot-20000921] The queue manager now logs the original number +of recipients when opening a queue file (example: from=<>, size=3502, +nrcpt=1). -Workarounds for non-standard RFC 2554 (AUTH command) implementations. -Specify "broken_sasl_auth_clients = yes" to enable SMTP server -support for old Microsoft client applications. The Postfix SMTP -client supports non-standard RFC 2554 servers by default. +[snapshot-20000921] The local delivery agent no longer appends a +blank line to mail that is delivered to external command. -Major changes with snapshot-20001217 -==================================== +[snapshot-20000921] The pipe delivery agent no longer appends a +blank line when the F flag is specified (in the master.cf file). +Specify the B flag if you need that blank line. -This release involves little change in functionality and a lot of -small changes to lots of files. The code is put out as a separate -snapshot release so that I have a tested baseline for further work. +[snapshot-20000507] As required by RFC 822, Postfix now inserts a +generic destination message header when no destination header is +present. The text is specified via the undisclosed_recipients_header +configuration parameter (default: "To: undisclosed-recipients:;"). -All time-related configuration parameters now accept a one-letter -suffix to indicate the time unit (s: second, m: minute, h: hour, -d: day, w: week). The exceptions are the LDAP and MYSQL modules -which are maintained separately. +[snapshot-20000507] The Postfix sendmail command treats a line with +only `.' as the end of input, for the sake of sendmail compatibility. +To disable this feature, specify the sendmail-compatible `-i' or +`-oi' flags on the sendmail command line. -The mysql client was partially rewritten in order to elimimate some -memory allocation/deallocation problems. The code needs more work, -and needs to be tested in a real production environment. +[snapshot-20000507] For the sake of Sendmail compatibility, the +Postfix SMTP client skips over SMTP servers that greet with a 4XX +or 5XX reply code, treating them as unreachable servers. To obtain +prior behavior (4XX=retry, 5XX=bounce), specify "smtp_skip_4xx_greeting += no" and "smtp_skip_5xx_greeting = no". -The local_transport and default_transport configuration parameters -can now be specified in transport:destination notation, just like -the mailbox_transport and fallback_transport parameters. The -:destination part is optional. However, these parameters take only -one destination, unlike relayhost and fallback-relay which take -any number of destinations. +Major changes with release-20010228 +=================================== -Incompatible changes with snapshot-20001210 -=========================================== +Postfix produces DSN formatted bounced/delayed mail notifications. +The human-readable text still exists, so that users will not have +to be unnecessarily confused by all the ugliness of RFC 1894. Full +DSN support will be later. -If this release does not work for you, you can go back to a previous -Postfix version without losing your mail, subject to the "incompatible -changes" listed for previous Postfix releases below. +This release introduces full content filtering through an external +process. This involves an incompatible change in queue file format. +Mail is delivered to content filtering software via an existing +mail delivery agent, and is re-injected into Postfix via an existing +mail submission agent. See examples in the FILTER_README file. +Depending on how the filter is implemented, you can expect to lose +a factor of 2 to 4 in delivery performance of SMTP transit mail, +more if the content filtering software needs lots of CPU or memory. -When delivering to /file/name (as directed in an alias or .forward -file), the local delivery agent now logs a warning when it is unable -to create a /file/name.lock file. Mail is still delivered as before. +Specify "body_checks = regexp:/etc/postfix/body_checks" for a quick +and dirty emergency content filter that looks at non-header lines +one line at a time (including MIME headers inside the message body). +Details in conf/sample-filter.cf. -The "sun_mailtool_compatibility" feature is going away (a compatibility -mode that turns off kernel locks on mailbox files). It still works, -but a warning is logged. Instead of using "sun_mailtool_compatibility", -specify the mailbox locking strategy as "mailbox_delivery_lock = -dotlock". +The header_checks and body_checks features can be used to strip +out unwanted data. Specify IGNORE on the right-hand side and the +data will disappear from the mail. -The Postfix SMTP client now skips SMTP server replies that do not -start with "CODE SPACE" or with "CODE HYPHEN" and flags them as -protocol errors. Older Postfix SMTP clients silently treated "CODE -TEXT" as "CODE SPACE TEXT", i.e. as a valid SMTP reply. +Support for SASL (RFC 2554) authentication in the SMTP server and +in the SMTP and LMTP clients. See the SASL_README file for more +details. This file still needs better examples. -This snapshot does not yet change default relay settings. That -change alone affects a dozen files, most of which documentation. -This may be an incompatibility with some people's expectations, -but such are my rules - between code freeze and release no major -functionality changes are allowed. +Postfix now ships with an LMTP delivery agent that can deliver over +local/remote TCP sockets and over local UNIX-domain sockets. The +LMTP_README file gives example, but still needs to be revised. -Several interfaces of libutil and libglobal routines have changed. -This may break third-party code written for Postfix. In particular, -the safe_open() routine has changed, the way the preferred locking -method is specified in the sys_defs.h file, as well as all routines -that perform file locking. When compiling third-party code written -for Postfix, the incompatibilities will be detected by the compiler -provided that #include file dependencies are properly maintained. - -Major changes with snapshot-20001210 -==================================== - -This snapshot includes bugfixes that were already released as -patches 12 and 13 for the 19991231 "stable" release: - - - The queue manager could deadlock for 10 seconds when bouncing - mail under extreme load from one-to-one mass mailings. - - - Local delivery performance was substandard, because the per-user - concurrency limit accidentally applied to the entire local - domain. +Fast "ETRN" and "sendmail -qR". Postfix maintains per-destination +logfiles with information about what mail is queued for selected +destinations. See the file ETRN_README for details. The mailbox locking style is now fully configurable at runtime. The new configuration parameter is called "mailbox_delivery_lock". @@ -656,11 +631,14 @@ mailbox locking style is system dependent. This change affects all mailbox and all "/file/name" deliveries by the Postfix local delivery agent. -The new "import_environment" and "export_environment" configuration -parameters now provide explicit control over what environment -variables Postfix will import, and what environment variables -Postfix will pass on to a non-Postfix process. This is better than -hard-coding my debugging environment into public releases. +Minor changes with release-20010228 +=================================== + +You can now specify multiple SMTP destinations in the relayhost +and fallback_relay configuration parameters. The destinations are +tried in the specified order. Specify host or host:port (perform +MX record lookups), [host] or [host]:port (no MX record lookups), +[address] or [address]:port (numerical IP address). The "mailbox_transport" and "fallback_transport" parameters now understand the form "transport:nexthop", with suitable defaults @@ -668,25 +646,12 @@ when either transport or nexthop are omitted, just like in the Postfix transport map. This allows you to specify for example, "mailbox_transport = lmtp:unix:/file/name". -The MYSQL client now supports server connections over UNIX-domain -sockets. Code provided by Piotr Klaban. See the file MYSQL_README -for examples of "host" syntax. - -Incompatible changes with snapshot-20001121 -=========================================== - -If this release does not work for you, you can go back to a previous -Postfix version without losing your mail, subject to the "incompatible -changes" listed for previous Postfix releases below. - -Major changes with snapshot-20001121 -==================================== - -Support for RedHat Linux 7.0. On RedHat Linux 7.0, you must install -the db3-devel RPM before you can compile the Postfix source code. - -The mailbox_transport feature works again. It was broken when the -"require_home_directory" feature was added. +The local_transport and default_transport configuration parameters +can now be specified in transport:destination notation, just like +the mailbox_transport and fallback_transport parameters. The +:destination part is optional. However, these parameters take only +one destination, unlike relayhost and fallback-relay which take +any number of destinations. More general virtual domain support. Postfix now supports both Sendmail-style virtual domains and Postfix-style virtual domains. @@ -705,270 +670,43 @@ in main.cf to prevent the SMTP server from bouncing mail while you are testing configurations. Until this release the SMTP server was not aware of soft bounces. -Incompatible changes with snapshot-20001029 -=========================================== +Workarounds for non-standard RFC 2554 (AUTH command) implementations. +Specify "broken_sasl_auth_clients = yes" to enable SMTP server +support for old Microsoft client applications. The Postfix SMTP +client supports non-standard RFC 2554 servers by default. -If this release does not work for you, you can go back to a previous -Postfix version without losing your mail, subject to the "incompatible -changes" listed for previous Postfix releases below. +All time-related configuration parameters now accept a one-letter +suffix to indicate the time unit (s: second, m: minute, h: hour, +d: day, w: week). The exceptions are the LDAP and MYSQL modules +which are maintained separately. -Berkeley DB support has changed for Solaris, HP-UX, UNIXWARE, IRIX. -On these systems, Postfix must no longer use DB 1.85 compatibility -mode, because that mode loses the file lock while building a table, -so that table lookups fail and mail is lost. See the DB_README file -for instructions on how to build Postfix with third-party Berkeley -DB support. - -The "fast ETRN" policy configuration has changed. You now specify -the list of eligible "fast ETRN" domains with the fast_flush_domains -parameter (default: $relay_domains). In order to disable the feature, -specify an empty value (fast_flush_domains =). - -Major changes with snapshot-20001029 -==================================== - -This release ships with an updated LDAP client module that has better -group support by Lamont Jones, and that has several other enhancements. -Review the LDAP_README file for more information. - -The LMTP client can now make connections over UNIX-domain sockets -in addition to IPV4. For connections over UNIX-domain sockets, -specify a transport table entry like: - - domain.name lmtp:unix:/path/name - -IPV4-based servers are still the default. The LMTP_README file -still needs to be revised to account for this change. This is -best done by someone who actually uses the Postfix LMTP client. - -You can now specify multiple SMTP destinations in the relayhost -and fallback_relay configuration parameters. The destinations are -tried in the specified order. Specify host or host:port (perform -MX record lookups), [host] or [host]:port (no MX record lookups), -[address] or [address]:port (numerical IP address). - -Incompatible changes with snapshot-20001005 -=========================================== - -If this release does not work for you, you can go back to a previous -Postfix version without losing your mail, subject to the "incompatible -changes" listed for previous Postfix releases below. - -You must execute "postfix stop" before installing this release. -Some recommended parameter settings have changed, and a new entry -must be added to the master.cf file before you can start Postfix -again. - -1 - The recommended Postfix configuration no longer uses flat - directories for the "active", "bounce", and "defer" queue - directories. The "flush" directory for the new "flush" service - directory should not be flat either. - - Upon start-up, Postfix checks if the hash_queue_names configuration - parameter is properly set up, and will add any queue directory - names that are missing. - -2 - In order to improve performance of one-to-one mail deliveries - the queue manager will now look at up to 10000 queue files - (was: 1000). The default qmgr_message_active_limit setting - was changed accordingly. - - If you have a non-default qmgr_message_active_limit in main.cf, - you may want adjust it. - -3 - The new "flush" service needs to be configured in master.cf. - - Upon start-up, Postfix checks if the new "flush" service is - configured in the master.cf file, and will add an entry if it - is missing. - -Should you wish to back out to a previous Postfix release there is -no need to undo the above changes. - -Major changes with snapshot-20001005 -==================================== +New "import_environment" and "export_environment" configuration +parameters provide explicit control over what environment variables +Postfix will import, and what environment variables Postfix will +pass on to a non-Postfix process. In order to improve performance of one-to-one deliveries, Postfix by default now looks at up to 10000 messages at a time (was: 1000). -Until now, Postfix did a rather lame effort at implementing the -SMTP ETRN command - it attempted to deliver all mail in the queue, -regardless of its destination. This is slow if your mail server -queues mail for lots of different destinations. - -This release introduces fast "ETRN" and "sendmail -qR". These -deliver only mail that is queued for the specified destination, -without requiring Postfix to open every file in the mail queue. - -Postfix now maintains per-destination logfiles with information -about what mail is queued for specific destinations. By default, -these logfiles are maintained only for destinations that Postfix -is willing to relay to (as controlled by the relay_domains parameter). - -The maintenance policy for deferred mail logfiles is selected with -the "fast_flush_policy" configuration parameter. Possible values -are: "all" (maintain logs for all destinations), "relay" (maintain -logs for relay destinations) or "none" (maintain no logs). - -Postfix falls back to the old slow ETRN for destinations that are -not eligible for the fast "ETRN" and "sendmail -qR" service. - -See the file ETRN_README for details. - -Incompatible changes with snapshot-20000924 -=========================================== - -The postmaster address in the "sorry" text at the top of bounced -mail is now just postmaster, not postmaster@sending.machine. The -idea is to refer users to their own postmaster. - -Major changes with snapshot-20000924 -==================================== - -DSN formatted bounced/delayed mail notifications, finally. The -human-readable text still exists, so that users will not have to -be unnecessarily confused by all the ugliness of RFC 1894. - -Major changes with snapshot-20000923 -==================================== - -The nqmgr (experimental smarter queue manager) has been updated. -It no longer worked after the change in queue manager to delivery -agent protocol. - Specify "syslog_facility = log_local1" etc. to separate the logging from multiple Postfix instances. However, a non-default logging facility takes effect only after process initialization. Errors during command-line parsing are still logged with the default syslog facility, as are errors while processing the main.cf file. -Incompatible changes with snapshot-20000921 -=========================================== - -After "make install" you need to execute "postfix reload". The -protocol between queue manager and delivery agents has changed. -This does not affect the format of existing queue files. You just -cannot mix this Postfix version's queue managers or delivery agents -with older Postfix versions. - -The notation of [host:port] in transport tables etc. is going away -but it is still supported. The preferred form is now [host]:port. -This change is necessary to support IPV6 address forms which use -":" as part of a numeric IP address. In a future release, Postfix -will log a warning when it encounters the [host:port] form. - -In mail headers, Errors-To:, Reply-To: and Return-Receipt: addresses -are now rewritten as a sender address (was: recipient). - -Postfix no longer inserts Sender: message headers. - -The queue manager now logs the original number of recipients when -opening a queue file (example: from=<>, size=3502, nrcpt=1). - -The local delivery agent no longer appends a blank line to mail -that is delivered to external command. - -The pipe delivery agent no longer appends a blank line when the F -flag is specified (in the master.cf file). Specify the B flag if -you need that blank line. - -Major changes with snapshot-20000921 -==================================== - Postfix now strips out Content-Length: headers in incoming mail to avoid confusion in mail user agents. -The header_checks and body_checks features can now be used to strip -out unwanted data. Specify IGNORE and the data will disappear. - Specify "require_home_directory = yes" to prevent mail from being -delivered to a user whose home directory is not mounted. +delivered to a user whose home directory is not mounted. This +feature is implemented by the Postfix local delivery agent. The pipe mailer has a size limit (size=nnn) command-line argument. -Incompatible changes with snapshot-20000531 -=========================================== - -All references to "content inspection" have been replaced by "content -filtering", in anticipation of hooks for true content inspection -that does not re-inject mail back into Postfix. - -Incompatible changes with snapshot-20000529 -=========================================== - -This version introduces an incompatible queue file format change -when content filtering is enabled. Old Postfix queue files will -work fine, but new queue files with content filtering info will -not work with old Postfix versions. They log a warning and move -incompatible queue files to the "corrupt" mail queue subdirectory. - -Major changes with snapshot-20000529 -==================================== - -This version introduces full content filtering through an external -process. This involves an incompatible change in queue file format. -Mail is delivered to content filtering software via an existing -mail delivery agent, and is re-injected into Postfix via an existing -mail submission agent. See examples in the FILTER_README file. -Depending on how the filter is implemented, you can expect to lose -a factor of 2 to 4 in delivery performance of SMTP transit mail, -more if the content filtering software needs lots of CPU or memory. - -Major changes with snapshot-20000528 -==================================== - -Specify "body_checks = regexp:/etc/postfix/body_checks" for a quick -and dirty emergency content filter that looks at non-header lines -one line at a time (including MIME headers inside the message body). -Details in conf/sample-filter.cf. - -This version introduces a new queue manager with a clever scheduler -by Patrik Rak that allow mailing list deliveries be pre-empted by -non-list mail, while preserving correct average delivery delays. -The queue manager is build as nqmgr. It needs further testing. - -Major changes with snapshot-20000514 -==================================== - -LaMont Jones and Patrik Rak reported two different scenarios in -which pipelined SMTP sessions could time out forever. Postfix now -automatically flushes delayed SMTP commands/replies to prevent -sender delays from accumulating too much. For example, client-side -delays happen when a client does DNS lookups to replace hostname -aliases in a MAIL FROM or RCPT TO commands; server-side delays -happen when an UCE restriction involves DNS lookup, or when a server -generates a tarpit delay. - -Incompatible changes with snapshot-20000507 -=========================================== - -As required by RFC 822, Postfix now inserts a generic destination -message header when no destination header is present. The text is -specified via the undisclosed_recipients_header configuration -parameter (default: "To: undisclosed-recipients:;"). - -The Postfix sendmail command treats a line with only `.' as -the end of input, for the sake of sendmail compatibility. To disable -this feature, specify the sendmail-compatible `-i' or `-oi' flags -on the sendmail command line. - -For the sake of Sendmail compatibility, the Postfix SMTP client -skips over SMTP servers that greet with a 4XX or 5XX reply code, -treating them as unreachable servers. To obtain prior behavior -(4XX=retry, 5XX=bounce), specify "smtp_skip_4xx_greeting = no" and -"smtp_skip_5xx_greeting = no". - -The read/write interface underneath VSTREAMs has been extended with -parameters that specify a read/write timeout and application context. -This should make it easier to plug in encryption modules such as TLS. - -Major changes with snapshot-20000507 -==================================== - -Better documentation of Postfix lookup tables, including descriptions -of how to use regular expressions in Postfix lookup tables. - -Updated mysql and LDAP client code with fixes and improvements. +The pipe delivery agent has a configurable end-of-line attribute. +Specify "pipe ... eol=\r\n" for delivery mechanisms that require +CRLF record delimiters. The eol attribute understands the following +C-style escape sequences: \a \b \f \n \r \t \v \nnn \\. In master.cf you can selectively override main.cf configuration parameters, for example: "smtpd -o myhostname=foo.com". @@ -978,35 +716,6 @@ connections to a specific local interface. Or override the default setting in master.cf with "smtp -o smtp_bind_address=x.x.x.x". For now, you must specify a numeric IP address. -Preliminary LMTP client support over TCP with connection caching. -Support for LMTP over UNIX-domain sockets will be added later as -an enhancement to the transport table syntax. See the LMTP_README -file for more details. - -By the way, LMTP client-side connection caching is a good example -for how to do the same in the SMTP client. - -Preliminary support for SASL authentication, both in the SMTP server -and in the SMTP client. See the SASL_README file for more details. - -The pipe delivery agent has a configurable end-of-line attribute. -Specify "pipe ... eol=\r\n" for delivery mechanisms that require -CRLF record delimiters. The eol attribute understands the following -C-style escape sequences: \a \b \f \n \r \t \v \nnn \\. - -Incompatible changes with snapshot-20000309 -=========================================== - -This release is mainly to have a reference point after reorganizing -the cleanup daemon, and before adding some major contributions from -other people. - -Major changes with snapshot-20000309 -==================================== - -Questionable feature: with "smtp_skip_5xx_greeting = yes", Postfix -emulates behavior found in some other MTAs. - Questionable feature: with "smtp_always_send_ehlo = yes", the SMTP client sends EHLO regardless of the content of the SMTP server's greeting. @@ -1015,60 +724,9 @@ Specify "-d key" to postalias or postmap in order to remove one key. This still needs to be generalized to multi-key removal (e.g., read keys from stdin). -The manual pages in Postfix configuration files no longer contain -troff formatting codes. The text is now generated from prototype -files in a new "proto" subdirectory. - -Incompatible changes with postfix-19991231: -=========================================== - -- The SMTP server no longer forwards mail from untrusted clients -with sender-specified routing (stuff[@%!]stuff[@%!]stuff) through -destinations that are authorized by the relay_domains parameter. -This closes a loophole that exploits trust relationships between -hosts. Example: a trusted backup MX host forwards junk mail to -a primary MX host which forwards the junk to the Internet. Specify -"allow_untrusted_routing = yes" to restore the old behavior. - -- The SMTP server no longer forwards mail with sender-specified -routing (stuff[@%!]stuff[@%!]stuff) through destinations that are -authorized by the permit_mx_backup feature. This change is under -control by the allow_untrusted_routing parameter discussed above. - -- In order to support the above, the data structure and protocol -of the trivial-rewrite service was changed. This means you must -re-compile and re-link existing software that uses the Postfix -resolve_clnt interface. - -- As a side effect of the above, an address from an untrusted client -with @ in the localpart (user@remote@here) no longer bounces with -"user unknown" but instead is rejected with "relay access denied". - -- Incompatible SMTPD access map changes: - - An all-numeric right-hand side now means OK. This is for better - cooperation with out-of-band authentication mechanisms such as - POP before SMTP etc. - - An empty right-hand sides still mean OK, but Postfix will log a - warning in order to discourage such usage. - - You can no longer use virtual, canonical or aliases tables as - SMTPD access maps. Use the local_recipient_maps feature instead. - -- Recipient addresses may no longer begin with `-'. In order to -get the old behavior, specify "allow_min_user = yes" in main.cf. - -- Incompatible transport map changes: - - Transport map entries override mydestination. If you use transport - maps, it is better to always have explicit entries for all domain - names you have in $mydestination. See the html/faq.html sections - for firewalls and intranets. - - The nexthop information given to a local delivery agent may have - changed. This information was never intended to be used as a - next-hop destination. +Comments in Postfix configuration files no longer contain troff +formatting codes. The text is now generated from prototype files +in a new "proto" subdirectory. Major changes with postfix-19991231: ==================================== diff --git a/postfix/TODO b/postfix/TODO deleted file mode 100644 index 04708b4df..000000000 --- a/postfix/TODO +++ /dev/null @@ -1,160 +0,0 @@ - -one queue per rcpt hurts when delivering to agents that don't -get stuck on shell commands or mailbox locks - -xxx: bounced as yyy (bounced mail); xxx forwarded as zzz (mail -expanded via :include:). - -postconf -f filename - -get rid of the relocated feature - perhaps better to bounce recipients -at the SMTP port. - -make sendmail/smtpd/cleanup output directory/fifo configurable - -if postdrop scrutinizes input, skip the overhead in the pickup -daemon. - -add a threshold to sendmail etc. stderr logging, so that class -"info" messages don't go to stderr. - -implement an UCE control to accept mail if the sender domain sender -lists us as MX host (rafal wiosna). By the same token, implement -a control to accept mail when the client hostname/parent domain -lists us as their MX host. - -received: headers should be generated by the cleanup daemon, and -client attributes ("with", "from", etc.) should be passed along -with the message. This guarantees that forwarded/aliased mail gets -stamped with the queue ID. - -toss double-bounce mail even when mail for the local machine is -redirected to another box. See mail_addr_double_bounce(). - -remote showq access (cookie in maildrop or print some text to inform -the user) - -defer: explain mail was bounced after N days - -multiple rewrite processes? - -gethostbyaddr() uses native name services, which can be slow. - -can we detect a client that ignores error responses? - -way to block inbound mail based on recipient suffix? - -can Postfix implement one switchboard instead of having all these -little lookup tables? - -make canonical/virtual/etc. table lookup order configurable - -pass on client etc/ attributes along with message to delivery agent - -scrutinize file opens in delivery agents just like in qmgr (better: -open the file and see if someone compromised the vmailer account -and is racing against us). - -suspend/resume signals + master status (suspended/running) in PID -file. Maybe use FIFO instead. But, that means requests do not -arrive when the master is stuck. - -postedit queue-id command... - -more flexible mail queue list command - -multiple queues may make ETRN processing less painful because there -is less delayed mail to plow through. - -qmgr: configurable incoming/deferred mixing ratio so we can prioritize -new mail over old mail - -Replace [my.own.ip.addr] by domain name so that delivered-to has -the desired effect. - -Received: header and bounce text will be configurable with ${name} -macros. This requires that everything must cope with newlines in -config parameters (including the SMTP greeting bannner, yuck). - -Pass along the client hostname/posting user with queue files, to -be logged by the queue manager. - -showq: don't use mail_open_ok() - it assumes coordinated queue -access. - -trivial-rewrite: optionally, use DNS to fully qualify hostnames. - -pickup/cleanup/qmgr/local: add options record to control internal -features such as canonical/virtual mapping, VERPs etcetera. - -Add hook for (domain, user database) support. This is needed if -you have lots of real domains and can't afford a separate master.cf -delivery agent entry for each domain. - -Add support for DBZ databases, using the code from INN. Reportedly, -GDB handles large numbers of keys poorly. - -Change the front-end to cleanup protocol so that the front-end -sends the expected message size, and so that the cleanup service -can report if there is enough space. This is useful only for the -SMTP server, because pickup can't produce bounce requests: the -bounce service can't read the maildrop file. - -On systems with functional UNIX-domain sockets, use that instead -of FIFOs to trigger the pickup and qmgr services. This allows for -some coupling between front-end programs and queue manager, so that -a burst of inbound mail does not lock out the queue manager from -accessing the queue, causing outbound delivery to stop. - -There is a need to run `master' services outside the "master" -environment, either for testing (new config files) or for production. -For consistency reasons, programs file names should be taken from -the master.cf file. - - - The showq service. Used by the super user when the mail system - is down. - - - The smtpd service for "sendmail -bs" emulation. Used by some - mail posting agents. Output to the maildrop, so that messages - can be posted even when the mail system is down. - - - The rewrite engine for "sendmail -bt" emulation, for off-line - testing of configuration files. Requires a method to override - the location of the rewriting rules file. Or, perhaps there - should be an official place (/etc/vmailer/testbed?) for playing - with config files. - -postfix-script: detect and/or build missing alias database. In -order to do this we must extract the alias_maps parameter from the -main.cf file, and create any missing files with the right ownerships. - -implement the return-receipt-to notification service. - -bounce/defer: provide attribute-value interface, for better logging -(expanded-from etc.) and non-delivery reports. - -Maintain per-client short-term host status, so we can slow down -unreasonable clients - -Make archiving delivered mail a REAL option (queue manager). What -about one archive per day. The magic could be put into the mail -queue name routines. Just make it aware of the date. - -Will the mail system be faster when we avoid moving new messages -incoming->active? How would one detect the arrival of new files? - -pickup: pass file descriptor to cleanup instead of copying data. -This violates the principle that all front-end programs protect -the mail system against unreasonably-long inputs. - -True ETRN means kick the host out of the queue manager's "dead -hosts" table & move mail from the "hold" queue for that site to -the incoming queue. - -postfix-script: make sure that each queue file matches its file id -or we might lose mail. - -postfix-script: do database fixups as the unprivileged user - -Maintain a pool of pre-allocated queue files, to eliminate file -creation and deletion overhead. diff --git a/postfix/conf/access b/postfix/conf/access index 21a30fa37..4bc39ca06 100644 --- a/postfix/conf/access +++ b/postfix/conf/access @@ -1,4 +1,3 @@ -# # ACCESS(5) ACCESS(5) # # NAME @@ -68,31 +67,32 @@ # user@ Matches all mail addresses with the specified user # part. # -# Note: lookup of the null sender address may not be possi- -# ble with all supported types of lookup table. A workaround -# is to specify smtpd_null_access_lookup_key = <> in the -# Postfix main.cf file, and to specify <> as the left-hand -# field in the access table. +# Note: lookup of the null sender address is not possible +# with some types of lookup table. By default, Postfix uses +# <> as the lookup key for such addresses. The value is +# specified with the workaround is to specify +# smtpd_null_access_lookup_key parameter in the Postfix +# main.cf file. # # ADDRESS EXTENSION # When a mail address localpart contains the optional recip- -# ient delimiter (e.g., user+foo@domain), the lookup order -# becomes: user+foo@domain, user@domain, domain, user+foo@, +# ient delimiter (e.g., user+foo@domain), the lookup order +# becomes: user+foo@domain, user@domain, domain, user+foo@, # and user@. # # HOST NAME/ADDRESS PATTERNS # With lookups from indexed files such as DB or DBM, or from -# networked tables such as NIS, LDAP or SQL, the following +# networked tables such as NIS, LDAP or SQL, the following # lookup patterns are examined in the order as listed: # # domain.name # Matches domain.name. # -# The pattern domain.name also matches subdomains, +# The pattern domain.name also matches subdomains, # but only when the string smtpd_access_maps is -# listed in the Postfix parent_domain_matches_subdo- -# mains configuration setting. Otherwise, specify -# .domain.name (note the initial dot) in order to +# listed in the Postfix parent_domain_matches_subdo- +# mains configuration setting. Otherwise, specify +# .domain.name (note the initial dot) in order to # match subdomains. # # net.work.addr.ess @@ -101,13 +101,13 @@ # # net.work # -# net Matches any host address in the specified network. -# A network address is a sequence of one or more +# net Matches any host address in the specified network. +# A network address is a sequence of one or more # octets separated by ".". # # ACTIONS # [45]NN text -# Reject the address etc. that matches the pattern, +# Reject the address etc. that matches the pattern, # and respond with the numerical code and text. # # REJECT Reject the address etc. that matches the pattern. A @@ -115,35 +115,40 @@ # # OK Accept the address etc. that matches the pattern. # +# all-numerical +# An all-numerical result is treated as OK. This for- +# mat is generated by address-based relay authoriza- +# tion schemes. +# # restriction... # Apply the named UCE restriction(s) (permit, reject, # reject_unauth_destination, and so on). # # REGULAR EXPRESSION TABLES -# This section describes how the table lookups change when +# This section describes how the table lookups change when # the table is given in the form of regular expressions. For -# a description of regular expression lookup table syntax, +# a description of regular expression lookup table syntax, # see regexp_table(5) or pcre_table(5). # -# Each pattern is a regular expression that is applied to +# Each pattern is a regular expression that is applied to # the entire string being looked up. Depending on the appli- -# cation, that string is an entire client hostname, an +# cation, that string is an entire client hostname, an # entire client IP address, or an entire mail address. Thus, # no parent domain or parent network search is done, -# user@domain mail addresses are not broken up into their +# user@domain mail addresses are not broken up into their # user@ and domain constituent parts, nor is user+foo broken # up into user and foo. # -# Patterns are applied in the order as specified in the -# table, until a pattern is found that matches the search +# Patterns are applied in the order as specified in the +# table, until a pattern is found that matches the search # string. # -# Actions are the same as with indexed file lookups, with -# the additional feature that parenthesized substrings from +# Actions are the same as with indexed file lookups, with +# the additional feature that parenthesized substrings from # the pattern can be interpolated as $1, $2 and so on. # # BUGS -# The table format does not understand quoting conventions. +# The table format does not understand quoting conventions. # # SEE ALSO # postmap(1) create mapping table @@ -152,7 +157,7 @@ # regexp_table(5) format of POSIX regular expression tables # # LICENSE -# The Secure Mailer license must be distributed with this +# The Secure Mailer license must be distributed with this # software. # # AUTHOR(S) @@ -161,5 +166,4 @@ # P.O. Box 704 # Yorktown Heights, NY 10598, USA # -# 1 -# +# ACCESS(5) diff --git a/postfix/conf/aliases b/postfix/conf/aliases index 854d83544..9e43ebc24 100644 --- a/postfix/conf/aliases +++ b/postfix/conf/aliases @@ -1,4 +1,8 @@ # +# Sample aliases file. Install in the location as specified by the +# output from the command "postconf alias_maps". Typical path names +# are /etc/aliases or /etc/mail/aliases. +# # >>>>>>>>>> The program "newaliases" must be run after # >> NOTE >> this file is updated for any changes to # >>>>>>>>>> show through to Postfix. diff --git a/postfix/conf/main.cf b/postfix/conf/main.cf index c90780737..ed330c676 100644 --- a/postfix/conf/main.cf +++ b/postfix/conf/main.cf @@ -225,9 +225,10 @@ mail_owner = postfix # REJECTING UNKNOWN LOCAL USERS # # The local_recipient_maps parameter specifies optional lookup tables -# with all users that are local with respect to $mydestination and -# $inet_interfaces. If this parameter is defined, then the SMTP server -# will reject mail for unknown local users. +# with all names (not addresses) of users that are local with respect +# to $mydestination and $inet_interfaces. If this parameter is +# defined, then the SMTP server will reject mail for unknown local +# users. # # If you use the default Postfix local delivery agent for local # delivery, uncomment the definition below. @@ -238,15 +239,12 @@ mail_owner = postfix # #local_recipient_maps = $alias_maps unix:passwd.byname -# If you use both the Postfix local and virtual delivery agents, specify: -# -#local_recipient_maps = $alias_maps unix:passwd.byname $virtual_mailbox_maps - # INPUT RATE CONTROL # # The in_flow_delay configuration parameter implements mail input -# flow control. This feature is turned off by default because it -# needs further development. +# flow control. This feature is turned on by default, although it +# still needs further development (it's disabled on SCO UNIX due +# to an SCO bug). # # A Postfix process will pause for $in_flow_delay seconds before # accepting a new message, when the message arrival rate exceeds the @@ -256,7 +254,7 @@ mail_owner = postfix # # Specify 0 to disable the feature. Valid delays are 0..10. # -#in_flow_delay = 1 +#in_flow_delay = 1s # ADDRESS REWRITING # @@ -419,6 +417,7 @@ mail_owner = postfix # REJECT text.... The text is sent to the originator. # IGNORE the header line is silently discarded. # WARN the header is logged (not rejected) with a warning message. +# WARN text... as above, and the text is logged, too. # # These patterns do not apply to MIME headers in the message body. # diff --git a/postfix/conf/master.cf b/postfix/conf/master.cf index 622615671..2e5068f11 100644 --- a/postfix/conf/master.cf +++ b/postfix/conf/master.cf @@ -24,9 +24,9 @@ # Chroot: whether or not the service runs chrooted to the mail queue # directory (pathname is controlled by the queue_directory configuration # variable in the main.cf file). Presently, all Postfix daemons can run -# chrooted, except for the pipe and local daemons. The files in the -# examples/chroot-setup subdirectory describe how to set up a Postfix -# chroot environment for your type of machine. +# chrooted, except for the pipe, virtual and local delivery daemons. +# The files in the examples/chroot-setup subdirectory describe how +# to set up a Postfix chroot environment for your type of machine. # # Wakeup time: automatically wake up the named service after the # specified number of seconds. A ? at the end of the wakeup time diff --git a/postfix/conf/post-install b/postfix/conf/post-install index 933801cae..3feeb4a2e 100644 --- a/postfix/conf/post-install +++ b/postfix/conf/post-install @@ -234,6 +234,12 @@ else POSTCONF="postconf" fi +$POSTCONF -d mail_version >/dev/null 2>/dev/null || { + echo $0: Error: no $POSTCONF command found. 1>&2 + echo Re-run this command as $0 command_directory=/some/where. 1>&2 + exit 1 +} + test -n "$config_directory" || config_directory=`$POSTCONF -d -h config_directory` || exit 1 @@ -304,12 +310,12 @@ test -f $config_directory/main.cf && { case $manpage_directory in no) echo $0: Error: manpage_directory no longer accepts \"no\" values. 1>&2 - echo Try again with \"$0 manpage_directory=/pathname $*\". 1>&2; exit 1;; + echo Try again with \"$0 manpage_directory=/pathname ...\". 1>&2; exit 1;; esac case $setgid_group in no) echo $0: Error: setgid_group no longer accepts \"no\" values. 1>&2 - echo Try again with \"$0 setgid_group=groupname $*\" 1>&2; exit 1;; + echo Try again with \"$0 setgid_group=groupname ...\" 1>&2; exit 1;; esac for path in "$daemon_directory" "$command_directory" "$queue_directory" \ @@ -426,6 +432,7 @@ test -n "$create" && { # Pick up the flags. case $flags in *u*) upgrade_flag=1;; *) upgrade_flag=;; esac case $flags in *c*) create_flag=1;; *) create_flag=;; esac + case $flags in *r*) recursive="-R";; *) recursive=;; esac # Create missing directories with proper owner/group/mode settings. if [ -n "$create" -a "$type" = "d" -a -n "$create_flag" -a ! -d "$path" ] then @@ -442,8 +449,8 @@ test -n "$create" && { set_permission=1 fi test -n "$set_permission" && { - chown $owner $path || exit 1 - test -z "$group" || chgrp $group $path || exit 1 + chown $recursive $owner $path || exit 1 + test -z "$group" || chgrp $recursive $group $path || exit 1 chmod $mode $path || exit 1 } done diff --git a/postfix/conf/postfix-files b/postfix/conf/postfix-files index 334d2aac9..095d61654 100644 --- a/postfix/conf/postfix-files +++ b/postfix/conf/postfix-files @@ -29,24 +29,27 @@ # p=preserve existing file, do not replace (postfix-install). # u=update owner/group/mode (post-install upgrade-permissions). # c=create missing directory (post-install create-missing). +# r=apply owner/group recursively (post-install set/upgrade-permissions). # # Note: the "u" flag is for upgrading the permissions of existing files -# or directories after changes in Postfix architecture. +# or directories after changes in Postfix architecture. For robustness +# it is a good idea to "u" all the files that have special ownership or +# permissions, so that running "make install" fixes any glitches. # $config_directory:d:root:-:755:u $daemon_directory:d:root:-:755:u $queue_directory:d:root:-:755:uc $sample_directory:d:root:-:755 $readme_directory:d:root:-:755 -$queue_directory/active:d:$mail_owner:-:700:uc -$queue_directory/bounce:d:$mail_owner:-:700:uc -$queue_directory/corrupt:d:$mail_owner:-:700:uc -$queue_directory/defer:d:$mail_owner:-:700:uc -$queue_directory/deferred:d:$mail_owner:-:700:uc -$queue_directory/flush:d:$mail_owner:-:700:uc -$queue_directory/incoming:d:$mail_owner:-:700:uc +$queue_directory/active:d:$mail_owner:-:700:ucr +$queue_directory/bounce:d:$mail_owner:-:700:ucr +$queue_directory/corrupt:d:$mail_owner:-:700:ucr +$queue_directory/defer:d:$mail_owner:-:700:ucr +$queue_directory/deferred:d:$mail_owner:-:700:ucr +$queue_directory/flush:d:$mail_owner:-:700:ucr +$queue_directory/incoming:d:$mail_owner:-:700:ucr $queue_directory/private:d:$mail_owner:-:700:uc -$queue_directory/saved:d:$mail_owner:-:700:uc +$queue_directory/saved:d:$mail_owner:-:700:ucr $queue_directory/maildrop:d:$mail_owner:$setgid_group:730:uc $queue_directory/public:d:$mail_owner:$setgid_group:710:uc $queue_directory/pid:d:root:-:755:uc @@ -77,8 +80,8 @@ $command_directory/postlock:f:root:-:755 $command_directory/postlog:f:root:-:755 $command_directory/postmap:f:root:-:755 $command_directory/postsuper:f:root:-:755 -$command_directory/postdrop:f:root:$setgid_group:2755 -$command_directory/postqueue:f:root:$setgid_group:2755 +$command_directory/postdrop:f:root:$setgid_group:2755:u +$command_directory/postqueue:f:root:$setgid_group:2755:u $sendmail_path:f:root:-:755 $newaliases_path:l:root:-:755 $mailq_path:l:root:-:755 @@ -168,6 +171,7 @@ $readme_directory/DB_README:f:root:-:644 $readme_directory/DEBUG_README:f:root:-:644 $readme_directory/ETRN_README:f:root:-:644 $readme_directory/FILTER_README:f:root:-:644 +$readme_directory/INSTALL:f:root:-:644 $readme_directory/LDAP_README:f:root:-:644 $readme_directory/LINUX_README:f:root:-:644 $readme_directory/LMTP_README:f:root:-:644 diff --git a/postfix/conf/postfix-script b/postfix/conf/postfix-script index 9b53a4d62..e1558eb93 100644 --- a/postfix/conf/postfix-script +++ b/postfix/conf/postfix-script @@ -174,6 +174,15 @@ check) ! \( -type p -o -type s \) ! -user $mail_owner \ -exec $WARN not owned by $mail_owner: {} \; + find $queue_directory/public $queue_directory/maildrop \ + $command_directory/postqueue $command_directory/postdrop \ + -prune ! -group $setgid_group \ + -exec $WARN not owned by group $setgid_group: {} \; + + find $command_directory/postqueue $command_directory/postdrop \ + -prune ! -perm -02111 \ + -exec $WARN not set-gid: {} \; + for name in `ls -d $queue_directory/* | \ egrep '/(bin|etc|lib|usr)$'` ; \ do \ @@ -181,11 +190,11 @@ check) -exec $WARN not owned by root: {} \; ; \ done - for dir in $queue_directory/maildrop - do - ls -lLd $dir | (grep " $mail_owner " >/dev/null || - $WARN not owned by $mail_owner: $dir) - done + # WARNING: this should not descend into the maildrop directory. + # maildrop is the least trusted Postfix directory. + + find $queue_directory/maildrop/. -prune ! -user $mail_owner \ + -exec $WARN not owned by $mail_owner: $queue_directory/maildrop \; for dir in bin etc lib sbin usr do @@ -212,6 +221,14 @@ check) find corrupt -type f -exec $WARN damaged message: {} \; # XXX also: look for weird stuff, weird permissions, etc. + + test -f /usr/sbin/sendmail -a -f /usr/lib/sendmail && { + cmp -s /usr/sbin/sendmail /usr/lib/sendmail || { + $WARN /usr/lib/sendmail and /usr/sbin/sendmail differ + $WARN Replace one by a symbolic link to the other + } + } + exit 0 ;; *) diff --git a/postfix/conf/sample-auth.cf b/postfix/conf/sample-auth.cf index 00920bde7..5ab638e11 100644 --- a/postfix/conf/sample-auth.cf +++ b/postfix/conf/sample-auth.cf @@ -23,7 +23,8 @@ # # In order to enable server-side authentication, build Postfix with # SASL support, and install a configuration file /usr/lib/sasl/smtpd.conf -# with as contents, for example, +# (SASL version 1) or /usr/lib/sasl2/smtpd.conf (SASL version 2) with +# as contents, for example, # # pwcheck_method: sasldb # @@ -51,6 +52,10 @@ smtpd_sasl_auth_enable = no # nodictionary: disallow methods subject to passive (dictionary) attack # noanonymous: disallow methods that allow anonymous authentication # +# An additional option is available in SASL version 2: +# +# mutual_auth: only allow methods that provide mutual authentication +# # By default, the Postfix SMTP server accepts plaintext passwords but # not anonymous logins. # @@ -104,6 +109,10 @@ smtp_sasl_password_maps = hash:/etc/postfix/saslpass # nodictionary: disallow methods subject to passive (dictionary) attack # noanonymous: disallow methods that allow anonymous authentication # +# An additional option is available in SASL version 2: +# +# mutual_auth: only allow methods that provide mutual authentication +# # By default, the Postfix SMTP client will not use plaintext passwords. # #smtp_sasl_security_options = diff --git a/postfix/conf/sample-filter.cf b/postfix/conf/sample-filter.cf index 8b9c96038..ce154d2f7 100644 --- a/postfix/conf/sample-filter.cf +++ b/postfix/conf/sample-filter.cf @@ -15,6 +15,7 @@ # REJECT text.... The text is sent to the originator. # IGNORE the header line is silently discarded. # WARN the header is logged (not rejected) with a warning message. +# WARN text... as above, and the text is logged, too. # # These patterns do not apply to MIME headers in the message body. # @@ -34,5 +35,6 @@ header_checks = regexp:/etc/postfix/header_checks # REJECT text.... The text is sent to the originator. # IGNORE the body line is silently discarded. # WARN the body line is logged (not rejected) with a warning message. +# WARN text... as above, and the text is logged, too. # body_checks = regexp:/etc/postfix/body_checks diff --git a/postfix/conf/sample-local.cf b/postfix/conf/sample-local.cf index a64e531f9..5e61971bb 100644 --- a/postfix/conf/sample-local.cf +++ b/postfix/conf/sample-local.cf @@ -137,7 +137,7 @@ home_mailbox = # The mail_spool_directory parameter specifies the directory where # UNIX-style mailboxes are kept. The default setting depends on the -# system type. +# system type. Specify a name ending in / for maildir-style delivery. # #mail_spool_directory = /var/mail #mail_spool_directory = /var/spool/mail diff --git a/postfix/conf/sample-pcre-body.cf b/postfix/conf/sample-pcre-body.cf index df3c6e03b..d6cf323e3 100644 --- a/postfix/conf/sample-pcre-body.cf +++ b/postfix/conf/sample-pcre-body.cf @@ -25,6 +25,7 @@ # REJECT text.... The text is sent to the originator. # IGNORE The line is silently discarded. # WARN The line is logged (not rejected) with a warning. +# WARN text.... As above, and the text is logged, too. # # Substitution of sub-strings from the matched expression is # possible using the conventional perl syntax. The macros in the diff --git a/postfix/conf/sample-pcre-header.cf b/postfix/conf/sample-pcre-header.cf index 6e5af4178..a2bf1f5ab 100644 --- a/postfix/conf/sample-pcre-header.cf +++ b/postfix/conf/sample-pcre-header.cf @@ -25,6 +25,7 @@ # REJECT text.... The text is sent to the originator. # IGNORE The header line is silently discarded. # WARN The header is logged (not rejected) with a warning. +# WARN text.... As above, and the text is logged, too. # # Substitution of sub-strings from the matched expression is # possible using the conventional perl syntax. The macros in the diff --git a/postfix/conf/sample-regexp-body.cf b/postfix/conf/sample-regexp-body.cf index f9d3172da..d340cf3f5 100644 --- a/postfix/conf/sample-regexp-body.cf +++ b/postfix/conf/sample-regexp-body.cf @@ -21,3 +21,4 @@ # REJECT text.... The text is sent to the originator. # IGNORE The header line is silently discarded. # WARN The header is logged (not rejected) with a warning. +# WARN text.... As above, and the text is logged, too. diff --git a/postfix/conf/sample-regexp-header.cf b/postfix/conf/sample-regexp-header.cf index 6d46bdad2..9552f1eed 100644 --- a/postfix/conf/sample-regexp-header.cf +++ b/postfix/conf/sample-regexp-header.cf @@ -22,6 +22,7 @@ # REJECT text.... The text is sent to the originator. # IGNORE the header line is silently discarded. # WARN the header is logged (not rejected) with a warning. +# WARN text... As above, and the text is logged, too. /^Subject: Make Money Fast/ REJECT /^To: friend@public.com/ REJECT diff --git a/postfix/conf/sample-smtp.cf b/postfix/conf/sample-smtp.cf index d2648e42c..ad5a3a880 100644 --- a/postfix/conf/sample-smtp.cf +++ b/postfix/conf/sample-smtp.cf @@ -65,13 +65,25 @@ smtp_never_send_ehlo = no # #smtp_bind_address=111.222.333.444 -# The smtp_break_lines parameter controls whether the SMTP client -# will break lines longer than $line_length_limit characters. +# The smtp_line_length_limit parameter controls the length of +# message header and body lines that Postfix will send via SMTP. +# Lines that are longer are broken by inserting . # -# By default, line breaking is turned on, because some fragile SMTP -# server implementations cannot receive mail with long lines. +# By default, the line length is limited to 990 characters, because +# some server implementations cannot receive mail with long lines. # -#smtp_break_lines = yes +#smtp_line_length_limit = 990 + +# The smtp_helo_name parameter specifies the hostname to send along +# in the EHLO or HELO command. +# +# The default value is the machine hostname. Specify a hostname or +# [ip.address]. This can be used in the main.cf file, or in the +# master.cf file, for example: +# +# smtp ... smtp -o smtp_helo_name=foo.bar.com +# +#smtp_helo_name = $myhostname # The smtp_skip_4xx_greeting parameter controls what happens when # an SMTP server greets us with a 4XX status code (go away, try diff --git a/postfix/conf/sample-smtpd.cf b/postfix/conf/sample-smtpd.cf index 2882009b6..cb36e4dc7 100644 --- a/postfix/conf/sample-smtpd.cf +++ b/postfix/conf/sample-smtpd.cf @@ -440,7 +440,7 @@ relay_domains = $mydestination # The access_map_reject_code parameter specifies the SMTP server # response code when a client violates an access map restriction. # -# Do not change this unless you have a complete understanding of RFC 822. +# Do not change this unless you have a complete understanding of RFC 821. # access_map_reject_code = 550 @@ -448,28 +448,28 @@ access_map_reject_code = 550 # response when a client violates the reject_invalid_hostname anti-UCE # restriction. # -# Do not change this unless you have a complete understanding of RFC 822. +# Do not change this unless you have a complete understanding of RFC 821. # invalid_hostname_reject_code = 501 # The maps_rbl_reject_code parameter specifies the SMTP server response # when a client violates the maps_rbl_domains restriction. # -# Do not change this unless you have a complete understanding of RFC 822. +# Do not change this unless you have a complete understanding of RFC 821. # maps_rbl_reject_code = 550 # The reject_code parameter specifies the SMTP server response code # when an SMTP client matches a reject restriction. # -# Do not change this unless you have a complete understanding of RFC 822. +# Do not change this unless you have a complete understanding of RFC 821. # reject_code = 550 # The relay_domains_reject_code parameter specifies the SMTP server # response when a client attempts to violate the mail relay policy. # -# Do not change this unless you have a complete understanding of RFC 822. +# Do not change this unless you have a complete understanding of RFC 821. # relay_domains_reject_code = 550 @@ -477,7 +477,7 @@ relay_domains_reject_code = 550 # response when a client violates the reject_unknown_sender_domain # or reject_unknown_recipient_domain restrictions. # -# Do not change this unless you have a complete understanding of RFC 822. +# Do not change this unless you have a complete understanding of RFC 821. # unknown_address_reject_code = 450 @@ -485,7 +485,7 @@ unknown_address_reject_code = 450 # response when a client without address to name mapping violates # the reject_unknown_clients restriction. # -# Do not change this unless you have a complete understanding of RFC 822. +# Do not change this unless you have a complete understanding of RFC 821. # unknown_client_reject_code = 450 @@ -493,6 +493,6 @@ unknown_client_reject_code = 450 # response when a client violates the reject_unknown_hostname # restriction. # -# Do not change this unless you have a complete understanding of RFC 822. +# Do not change this unless you have a complete understanding of RFC 821. # unknown_hostname_reject_code = 450 diff --git a/postfix/conf/transport b/postfix/conf/transport index 4a21ac694..3d6e07f0d 100644 --- a/postfix/conf/transport +++ b/postfix/conf/transport @@ -148,7 +148,7 @@ # details and for default values. Use the postfix reload # command after a configuration change. # -# parent_domain_matches_subdomains (versions >= 20011119) +# parent_domain_matches_subdomains # List of Postfix features that use domain.name pat- # terns to match sub.domain.name (as opposed to # requiring .domain.name patterns). diff --git a/postfix/examples/chroot-setup/LINUX2 b/postfix/examples/chroot-setup/LINUX2 index dc9419db1..f63c22c17 100644 --- a/postfix/examples/chroot-setup/LINUX2 +++ b/postfix/examples/chroot-setup/LINUX2 @@ -39,7 +39,6 @@ # remove /etc/localtime in case it's a broken symlink # restrict find to maxdepth 1 (faster) -# $Log: LINUX2,v $ # Revision 1.4 2001/01/15 09:36:35 emma # add note it was successfully tested on Debian sid # diff --git a/postfix/html/access.5.html b/postfix/html/access.5.html index ce041680b..c393a7fee 100644 --- a/postfix/html/access.5.html +++ b/postfix/html/access.5.html @@ -1,5 +1,4 @@ 
-
 ACCESS(5)                                               ACCESS(5)
 
 NAME
@@ -69,31 +68,32 @@ ACCESS(5)                                               ACCESS(5)
        user@  Matches  all mail addresses with the specified user
               part.
 
-       Note: lookup of the null sender address may not be  possi-
-       ble with all supported types of lookup table. A workaround
-       is to specify smtpd_null_access_lookup_key  =  <>  in  the
-       Postfix  main.cf  file, and to specify <> as the left-hand
-       field in the access table.
+       Note: lookup of the null sender address  is  not  possible
+       with  some types of lookup table. By default, Postfix uses
+       <> as the lookup key for  such  addresses.  The  value  is
+       specified    with    the    workaround   is   to   specify
+       smtpd_null_access_lookup_key  parameter  in  the   Postfix
+       main.cf file.
 
 ADDRESS EXTENSION
        When a mail address localpart contains the optional recip-
-       ient  delimiter  (e.g., user+foo@domain), the lookup order
-       becomes: user+foo@domain, user@domain, domain,  user+foo@,
+       ient delimiter (e.g., user+foo@domain), the  lookup  order
+       becomes:  user+foo@domain, user@domain, domain, user+foo@,
        and user@.
 
 HOST NAME/ADDRESS PATTERNS
        With lookups from indexed files such as DB or DBM, or from
-       networked tables such as NIS, LDAP or SQL,  the  following
+       networked  tables  such as NIS, LDAP or SQL, the following
        lookup patterns are examined in the order as listed:
 
        domain.name
               Matches domain.name.
 
-              The  pattern  domain.name  also matches subdomains,
+              The pattern domain.name  also  matches  subdomains,
               but  only  when  the  string  smtpd_access_maps  is
-              listed  in the Postfix parent_domain_matches_subdo-
-              mains configuration  setting.   Otherwise,  specify
-              .domain.name  (note  the  initial  dot) in order to
+              listed in the Postfix  parent_domain_matches_subdo-
+              mains  configuration  setting.   Otherwise, specify
+              .domain.name (note the initial  dot)  in  order  to
               match subdomains.
 
        net.work.addr.ess
@@ -102,13 +102,13 @@ ACCESS(5)                                               ACCESS(5)
 
        net.work
 
-       net    Matches any host address in the specified  network.
-              A  network  address  is  a  sequence of one or more
+       net    Matches  any host address in the specified network.
+              A network address is a  sequence  of  one  or  more
               octets separated by ".".
 
 ACTIONS
        [45]NN text
-              Reject the address etc. that matches  the  pattern,
+              Reject  the  address etc. that matches the pattern,
               and respond with the numerical code and text.
 
        REJECT Reject the address etc. that matches the pattern. A
@@ -116,35 +116,40 @@ ACCESS(5)                                               ACCESS(5)
 
        OK     Accept the address etc. that matches the pattern.
 
+       all-numerical
+              An all-numerical result is treated as OK. This for-
+              mat is generated by address-based relay  authoriza-
+              tion schemes.
+
        restriction...
               Apply the named UCE restriction(s) (permit, reject,
               reject_unauth_destination, and so on).
 
 REGULAR EXPRESSION TABLES
-       This  section  describes how the table lookups change when
+       This section describes how the table lookups  change  when
        the table is given in the form of regular expressions. For
-       a  description  of regular expression lookup table syntax,
+       a description of regular expression lookup  table  syntax,
        see regexp_table(5) or pcre_table(5).
 
-       Each pattern is a regular expression that  is  applied  to
+       Each  pattern  is  a regular expression that is applied to
        the entire string being looked up. Depending on the appli-
-       cation, that string  is  an  entire  client  hostname,  an
+       cation,  that  string  is  an  entire  client hostname, an
        entire client IP address, or an entire mail address. Thus,
        no  parent  domain  or  parent  network  search  is  done,
-       user@domain  mail  addresses  are not broken up into their
+       user@domain mail addresses are not broken  up  into  their
        user@ and domain constituent parts, nor is user+foo broken
        up into user and foo.
 
-       Patterns  are  applied  in  the  order as specified in the
-       table, until a pattern is found that  matches  the  search
+       Patterns are applied in the  order  as  specified  in  the
+       table,  until  a  pattern is found that matches the search
        string.
 
-       Actions  are  the  same as with indexed file lookups, with
-       the additional feature that parenthesized substrings  from
+       Actions are the same as with indexed  file  lookups,  with
+       the  additional feature that parenthesized substrings from
        the pattern can be interpolated as $1, $2 and so on.
 
 BUGS
-       The  table format does not understand quoting conventions.
+       The table format does not understand quoting  conventions.
 
 SEE ALSO
        postmap(1) create mapping table
@@ -153,7 +158,7 @@ ACCESS(5)                                               ACCESS(5)
        regexp_table(5) format of POSIX regular expression tables
 
 LICENSE
-       The Secure Mailer license must be  distributed  with  this
+       The  Secure  Mailer  license must be distributed with this
        software.
 
 AUTHOR(S)
@@ -162,6 +167,5 @@ ACCESS(5)                                               ACCESS(5)
        P.O. Box 704
        Yorktown Heights, NY 10598, USA
 
-                                                                1
-
+                                                        ACCESS(5)
diff --git a/postfix/html/backstage.html b/postfix/html/backstage.html index 577a3c032..5ee7aeef8 100644 --- a/postfix/html/backstage.html +++ b/postfix/html/backstage.html @@ -62,8 +62,7 @@ href="mailq.1.html">mailq command.
  • The flush daemon improves the performance of the SMTP ETRN request, and of its command-line equivalent, sendmail -qRdestination, for selected -destinations. For other destinations, Postfix silently falls -back to the equivalent of sendmail -q. +destinations.

    diff --git a/postfix/html/flush.8.html b/postfix/html/flush.8.html index 19b8ab68c..93223e406 100644 --- a/postfix/html/flush.8.html +++ b/postfix/html/flush.8.html @@ -136,7 +136,7 @@ FLUSH(8) FLUSH(8) updated in this amount of time (default time unit: days). - parent_domain_matches_subdomains (versions >= 20011119) + parent_domain_matches_subdomains List of Postfix features that use domain.name pat- terns to match sub.domain.name (as opposed to requiring .domain.name patterns). diff --git a/postfix/html/local.8.html b/postfix/html/local.8.html index 817c59af8..d08a2ffa5 100644 --- a/postfix/html/local.8.html +++ b/postfix/html/local.8.html @@ -84,66 +84,67 @@ LOCAL(8) LOCAL(8) The default per-user mailbox is a file in the UNIX mail spool directory (/var/mail/user or /var/spool/mail/user); the location can be specified with the mail_spool_direc- - tory configuration parameter. + tory configuration parameter. Specify a name ending in / + for qmail-compatible maildir delivery. - Alternatively, the per-user mailbox can be a file in the - user's home directory with a name specified via the - home_mailbox configuration parameter. Specify a relative + Alternatively, the per-user mailbox can be a file in the + user's home directory with a name specified via the + home_mailbox configuration parameter. Specify a relative path name. Specify a name ending in / for qmail-compatible maildir delivery. - Mailbox delivery can be delegated to an external command - specified with the mailbox_command configuration parame- - ter. The command executes with the privileges of the - recipient user (exception: in case of delivery as root, - the command executes with the privileges of + Mailbox delivery can be delegated to an external command + specified with the mailbox_command configuration parame- + ter. The command executes with the privileges of the + recipient user (exception: in case of delivery as root, + the command executes with the privileges of default_privs). - Mailbox delivery can be delegated to alternative message - transports specified in the master.cf file. The mail- - box_transport configuration parameter specifies a message - transport that is to be used for all local recipients, - regardless of whether they are found in the UNIX passwd - database. The fallback_transport parameter specifies a + Mailbox delivery can be delegated to alternative message + transports specified in the master.cf file. The mail- + box_transport configuration parameter specifies a message + transport that is to be used for all local recipients, + regardless of whether they are found in the UNIX passwd + database. The fallback_transport parameter specifies a message transport for recipients that are not found in the UNIX passwd database. In the case of UNIX-style mailbox delivery, the local dae- mon prepends a "From sender time_stamp" envelope header to - each message, prepends an optional Delivered-To: header - with the envelope recipient address, prepends a Return- - Path: header with the envelope sender address, prepends a - > character to lines beginning with "From ", and appends + each message, prepends an optional Delivered-To: header + with the envelope recipient address, prepends a Return- + Path: header with the envelope sender address, prepends a + > character to lines beginning with "From ", and appends an empty line. The mailbox is locked for exclusive access - while delivery is in progress. In case of problems, an - attempt is made to truncate the mailbox to its original + while delivery is in progress. In case of problems, an + attempt is made to truncate the mailbox to its original length. In the case of maildir delivery, the local daemon prepends an optional Delivered-To: header with the envelope recipi- - ent address and prepends a Return-Path: header with the + ent address and prepends a Return-Path: header with the envelope sender address. EXTERNAL COMMAND DELIVERY - The allow_mail_to_commands configuration parameter - restricts delivery to external commands. The default set- - ting (alias, forward) forbids command destinations in + The allow_mail_to_commands configuration parameter + restricts delivery to external commands. The default set- + ting (alias, forward) forbids command destinations in :include: files. - The command is executed directly where possible. Assis- - tance by the shell (/bin/sh on UNIX systems) is used only - when the command contains shell magic characters, or when + The command is executed directly where possible. Assis- + tance by the shell (/bin/sh on UNIX systems) is used only + when the command contains shell magic characters, or when the command invokes a shell built-in command. - A limited amount of command output (standard output and - standard error) is captured for inclusion with non-deliv- - ery status reports. A command is forcibly terminated if - it does not complete within command_time_limit seconds. - Command exit status codes are expected to follow the con- + A limited amount of command output (standard output and + standard error) is captured for inclusion with non-deliv- + ery status reports. A command is forcibly terminated if + it does not complete within command_time_limit seconds. + Command exit status codes are expected to follow the con- ventions defined in <sysexits.h>. - A limited amount of message context is exported via envi- - ronment variables. Characters that may have special mean- + A limited amount of message context is exported via envi- + ronment variables. Characters that may have special mean- ing to the shell are replaced by underscores. The list of acceptable characters is specified with the command_expan- sion_filter configuration parameter. @@ -175,45 +176,45 @@ LOCAL(8) LOCAL(8) The current working directory is the mail queue directory. The local daemon prepends a "From sender time_stamp" enve- - lope header to each message, prepends an optional Deliv- + lope header to each message, prepends an optional Deliv- ered-To: header with the recipient envelope address, - prepends a Return-Path: header with the sender envelope + prepends a Return-Path: header with the sender envelope address, and appends no empty line. EXTERNAL FILE DELIVERY - The delivery format depends on the destination filename - syntax. The default is to use UNIX-style mailbox format. - Specify a name ending in / for qmail-compatible maildir + The delivery format depends on the destination filename + syntax. The default is to use UNIX-style mailbox format. + Specify a name ending in / for qmail-compatible maildir delivery. - The allow_mail_to_files configuration parameter restricts - delivery to external files. The default setting (alias, + The allow_mail_to_files configuration parameter restricts + delivery to external files. The default setting (alias, forward) forbids file destinations in :include: files. In the case of UNIX-style mailbox delivery, the local dae- mon prepends a "From sender time_stamp" envelope header to - each message, prepends an optional Delivered-To: header - with the recipient envelope address, prepends a > charac- - ter to lines beginning with "From ", and appends an empty - line. The envelope sender address is available in the - Return-Path: header. When the destination is a regular - file, it is locked for exclusive access while delivery is - in progress. In case of problems, an attempt is made to + each message, prepends an optional Delivered-To: header + with the recipient envelope address, prepends a > charac- + ter to lines beginning with "From ", and appends an empty + line. The envelope sender address is available in the + Return-Path: header. When the destination is a regular + file, it is locked for exclusive access while delivery is + in progress. In case of problems, an attempt is made to truncate a regular file to its original length. In the case of maildir delivery, the local daemon prepends an optional Delivered-To: header with the envelope recipi- - ent address. The envelope sender address is available in + ent address. The envelope sender address is available in the Return-Path: header. ADDRESS EXTENSION - The optional recipient_delimiter configuration parameter - specifies how to separate address extensions from local + The optional recipient_delimiter configuration parameter + specifies how to separate address extensions from local recipient names. - For example, with "recipient_delimiter = +", mail for - name+foo is delivered to the alias name+foo or to the - alias name, to the destinations listed in ~name/.for- + For example, with "recipient_delimiter = +", mail for + name+foo is delivered to the alias name+foo or to the + alias name, to the destinations listed in ~name/.for- ward+foo or in ~name/.forward, to the mailbox owned by the user name, or it is sent back as undeliverable. @@ -221,10 +222,10 @@ LOCAL(8) LOCAL(8) ered-To: name+foo' header line. DELIVERY RIGHTS - Deliveries to external files and external commands are + Deliveries to external files and external commands are made with the rights of the receiving user on whose behalf - the delivery is made. In the absence of a user context, - the local daemon uses the owner rights of the :include: + the delivery is made. In the absence of a user context, + the local daemon uses the owner rights of the :include: file or alias database. When those files are owned by the superuser, delivery is made with the rights specified with the default_privs configuration parameter. @@ -233,42 +234,42 @@ LOCAL(8) LOCAL(8) RFC 822 (ARPA Internet Text Messages) DIAGNOSTICS - Problems and transactions are logged to syslogd(8). Cor- - rupted message files are marked so that the queue manager + Problems and transactions are logged to syslogd(8). Cor- + rupted message files are marked so that the queue manager can move them to the corrupt queue afterwards. - Depending on the setting of the notify_classes parameter, - the postmaster is notified of bounces and of other trou- + Depending on the setting of the notify_classes parameter, + the postmaster is notified of bounces and of other trou- ble. BUGS - For security reasons, the message delivery status of - external commands or of external files is never check- + For security reasons, the message delivery status of + external commands or of external files is never check- pointed to file. As a result, the program may occasionally deliver more than once to a command or external file. Bet- ter safe than sorry. - Mutually-recursive aliases or ~/.forward files are not - detected early. The resulting mail forwarding loop is + Mutually-recursive aliases or ~/.forward files are not + detected early. The resulting mail forwarding loop is broken by the use of the Delivered-To: message header. CONFIGURATION PARAMETERS - The following main.cf parameters are especially relevant - to this program. See the Postfix main.cf file for syntax - details and for default values. Use the postfix reload + The following main.cf parameters are especially relevant + to this program. See the Postfix main.cf file for syntax + details and for default values. Use the postfix reload command after a configuration change. Miscellaneous alias_maps List of alias databases. - biff Enable or disable notification of new mail via the + biff Enable or disable notification of new mail via the comsat network service. expand_owner_alias When delivering to an alias that has an owner- com- - panion alias, set the envelope sender address to - the right-hand side of the owner alias, instead + panion alias, set the envelope sender address to + the right-hand side of the owner alias, instead using of the left-hand side address. export_environment @@ -280,10 +281,10 @@ LOCAL(8) LOCAL(8) ject to $name expansion. local_command_shell - Shell to use for external command execution (for - example, /some/where/smrsh -c). When a shell is + Shell to use for external command execution (for + example, /some/where/smrsh -c). When a shell is specified, it is invoked even when the command con- - tains no shell built-in commands or meta charac- + tains no shell built-in commands or meta charac- ters. owner_request_special @@ -291,10 +292,10 @@ LOCAL(8) LOCAL(8) addresses. prepend_delivered_header - Prepend an optional Delivered-To: header upon - external forwarding, delivery to command or file. - Specify zero or more of: command, file, forward. - Turning off Delivered-To: when forwarding mail is + Prepend an optional Delivered-To: header upon + external forwarding, delivery to command or file. + Specify zero or more of: command, file, forward. + Turning off Delivered-To: when forwarding mail is not recommended. recipient_delimiter @@ -302,28 +303,29 @@ LOCAL(8) LOCAL(8) require_home_directory Require that a recipient's home directory is acces- - sible by the recipient before attempting delivery. + sible by the recipient before attempting delivery. Defer delivery otherwise. Mailbox delivery fallback_transport Message transport for recipients that are not found - in the UNIX passwd database. This parameter over- + in the UNIX passwd database. This parameter over- rides luser_relay. home_mailbox - Pathname of a mailbox relative to a user's home + Pathname of a mailbox relative to a user's home directory. Specify a path ending in / for maildir- style delivery. luser_relay - Destination (@domain or address) for non-existent - users. The address is subjected to $name expan- + Destination (@domain or address) for non-existent + users. The address is subjected to $name expan- sion. mail_spool_directory - Directory with UNIX-style mailboxes. The default - pathname is system dependent. + Directory with UNIX-style mailboxes. The default + pathname is system dependent. Specify a path end- + ing in / for maildir-style delivery. mailbox_command External command to use for mailbox delivery. The diff --git a/postfix/html/master.8.html b/postfix/html/master.8.html index 82c09b554..3f9526b3a 100644 --- a/postfix/html/master.8.html +++ b/postfix/html/master.8.html @@ -1,5 +1,4 @@ 

    -
 MASTER(8)                                               MASTER(8)
 
 NAME
@@ -151,6 +150,5 @@ MASTER(8)                                               MASTER(8)
        P.O. Box 704
        Yorktown Heights, NY 10598, USA
 
-                                                                1
-
+                                                        MASTER(8)
    diff --git a/postfix/html/nqmgr.8.html b/postfix/html/nqmgr.8.html index 405e14d2f..6d2af0cf8 100644 --- a/postfix/html/nqmgr.8.html +++ b/postfix/html/nqmgr.8.html @@ -1,5 +1,4 @@ 
    -
 NQMGR(8)                                                 NQMGR(8)
 
 NAME
@@ -224,7 +223,7 @@ NQMGR(8)                                                 NQMGR(8)
               transport can have.
 
 Timing controls
-       min_backoff
+       minimal_backoff_time
               Minimal  time  in seconds between delivery attempts
               of a deferred message.
 
@@ -232,7 +231,7 @@ NQMGR(8)                                                 NQMGR(8)
               destination  is  kept  in the short-term, in-memory
               destination status cache.
 
-       max_backoff
+       maximal_backoff_time
               Maximal time in seconds between  delivery  attempts
               of a deferred message.
 
@@ -338,6 +337,5 @@ NQMGR(8)                                                 NQMGR(8)
        Modra 6
        155 00, Prague, Czech Republic
 
-                                                                1
-
+                                                         NQMGR(8)
    diff --git a/postfix/html/postfix.1.html b/postfix/html/postfix.1.html index 39b37cbde..2254bd621 100644 --- a/postfix/html/postfix.1.html +++ b/postfix/html/postfix.1.html @@ -1,5 +1,4 @@ 
    -
 POSTFIX(1)                                             POSTFIX(1)
 
 NAME
@@ -154,6 +153,5 @@ POSTFIX(1)                                             POSTFIX(1)
        P.O. Box 704
        Yorktown Heights, NY 10598, USA
 
-                                                                1
-
+                                                       POSTFIX(1)
    diff --git a/postfix/html/postmap.1.html b/postfix/html/postmap.1.html index 612989201..925818342 100644 --- a/postfix/html/postmap.1.html +++ b/postfix/html/postmap.1.html @@ -16,6 +16,10 @@ POSTMAP(1) POSTMAP(1) makemap file_type file_name < file_name + If the result files do not exist they will be created with + the same group and other read permissions as the source + file. + While the table update is in progress, signal delivery is postponed, and an exclusive, advisory, lock is placed on the entire table, in order to avoid surprises in spectator @@ -27,79 +31,74 @@ POSTMAP(1) POSTMAP(1) key whitespace value - o A line that starts with whitespace (space or tab) - is a continuation of the previous line. An empty - line terminates the previous line, as does a line - that starts with non-whitespace (text or comment). - A comment line that starts with whitespace does not - terminate multi-line text. + o Empty lines and whitespace-only lines are ignored, + as are lines whose first non-whitespace character + is a `#'. - o The # is recognized as the start of a comment, but - only when it is the first non-whitespace character - on a line. A comment terminates at the end of the - line, even when the next line starts with whites- - pace. + o A logical line starts with non-whitespace text. A + line that starts with whitespace continues a logi- + cal line. - The key and value are processed as is, except that sur- - rounding white space is stripped off. Unlike with Postfix - alias databases, quotes cannot be used to protect lookup - keys that contain special characters such as `#' or + The key and value are processed as is, except that sur- + rounding white space is stripped off. Unlike with Postfix + alias databases, quotes cannot be used to protect lookup + keys that contain special characters such as `#' or whitespace. The key is mapped to lowercase to make mapping lookups case insensitive. Options: - -N Include the terminating null character that termi- - nates lookup keys and values. By default, Postfix + -N Include the terminating null character that termi- + nates lookup keys and values. By default, Postfix does whatever is the default for the host operating system. -c config_dir - Read the main.cf configuration file in the named + Read the main.cf configuration file in the named directory instead of the default configuration directory. - -d key Search the specified maps for key and remove one - entry per map. The exit status is zero when the + -d key Search the specified maps for key and remove one + entry per map. The exit status is zero when the requested information was found. If a key value of - is specified, the program reads key values from the standard input stream. The exit - status is zero when at least one of the requested + status is zero when at least one of the requested keys was found. -f Do not fold the lookup key to lower case while cre- ating or querying a map. - -i Incremental mode. Read entries from standard input + -i Incremental mode. Read entries from standard input and do not truncate an existing database. By - default, postmap creates a new database from the + default, postmap creates a new database from the entries in file_name. - -n Don't include the terminating null character that - terminates lookup keys and values. By default, - Postfix does whatever is the default for the host + -n Don't include the terminating null character that + terminates lookup keys and values. By default, + Postfix does whatever is the default for the host operating system. - -q key Search the specified maps for key and print the - first value found on the standard output stream. + -q key Search the specified maps for key and print the + first value found on the standard output stream. The exit status is zero when the requested informa- tion was found. If a key value of - is specified, the program reads - key values from the standard input stream and - prints one line of key value output for each key - that was found. The exit status is zero when at + key values from the standard input stream and + prints one line of key value output for each key + that was found. The exit status is zero when at least one of the requested keys was found. - -r When updating a table, do not warn about duplicate + -r When updating a table, do not warn about duplicate entries; silently replace them. -v Enable verbose logging for debugging purposes. Mul- - tiple -v options make the software increasingly + tiple -v options make the software increasingly verbose. - -w When updating a table, do not warn about duplicate + -w When updating a table, do not warn about duplicate entries; silently ignore them. Arguments: @@ -107,25 +106,25 @@ POSTMAP(1) POSTMAP(1) file_type The type of database to be produced. - btree The output file is a btree file, named - file_name.db. This is available only on - systems with support for db databases. - - dbm The output consists of two files, named - file_name.pag and file_name.dir. This is - available only on systems with support for - dbm databases. - - hash The output file is a hashed file, named + btree The output file is a btree file, named file_name.db. This is available only on systems with support for db databases. - When no file_type is specified, the software uses - the database type specified via the database_type + dbm The output consists of two files, named + file_name.pag and file_name.dir. This is + available only on systems with support for + dbm databases. + + hash The output file is a hashed file, named + file_name.db. This is available only on + systems with support for db databases. + + When no file_type is specified, the software uses + the database type specified via the database_type configuration parameter. file_name - The name of the lookup table source file when + The name of the lookup table source file when rebuilding a database. DIAGNOSTICS @@ -133,8 +132,8 @@ POSTMAP(1) POSTMAP(1) stream. No output means no problems. Duplicate entries are skipped and are flagged with a warning. - postmap terminates with zero exit status in case of suc- - cess (including successful postmap -q lookup) and termi- + postmap terminates with zero exit status in case of suc- + cess (including successful postmap -q lookup) and termi- nates with non-zero exit status in case of failure. ENVIRONMENT @@ -146,12 +145,12 @@ POSTMAP(1) POSTMAP(1) CONFIGURATION PARAMETERS database_type - Default output database type. On many UNIX sys- - tems, the default database type is either hash or + Default output database type. On many UNIX sys- + tems, the default database type is either hash or dbm. LICENSE - The Secure Mailer license must be distributed with this + The Secure Mailer license must be distributed with this software. AUTHOR(S) diff --git a/postfix/html/postqueue.1.html b/postfix/html/postqueue.1.html index 592c5117b..c5ba1927a 100644 --- a/postfix/html/postqueue.1.html +++ b/postfix/html/postqueue.1.html @@ -1,5 +1,4 @@ 
    -
 POSTQUEUE(1)                                         POSTQUEUE(1)
 
 NAME
@@ -18,7 +17,8 @@ POSTQUEUE(1)                                         POSTQUEUE(1)
 
        The following options are recognized:
 
-       -c     The main.cf configuration  file  is  in  the  named
+       -c config_dir
+              The main.cf configuration  file  is  in  the  named
               directory  instead  of  the  default  configuration
               directory. See  also  the  MAIL_CONFIG  environment
               setting below.
@@ -109,6 +109,5 @@ POSTQUEUE(1)                                         POSTQUEUE(1)
        P.O. Box 704
        Yorktown Heights, NY 10598, USA
 
-                                                                1
-
+                                                     POSTQUEUE(1)
    diff --git a/postfix/html/postsuper.1.html b/postfix/html/postsuper.1.html index e7841ff66..d4dbb09a5 100644 --- a/postfix/html/postsuper.1.html +++ b/postfix/html/postsuper.1.html @@ -21,7 +21,7 @@ POSTSUPER(1) POSTSUPER(1) Options: - -d queue_id (Postfix versions >= 20010525) + -d queue_id Delete one message with the named queue ID from the named mail queue(s) (default: incoming, active and deferred). If a queue_id of - is specified, the @@ -59,7 +59,7 @@ POSTSUPER(1) POSTSUPER(1) -p Purge old temporary files that are left over after system or software crashes. - -r queue_id (Postfix versions >= 20010525) + -r queue_id Requeue the message with the named queue ID from the named mail queue(s) (default: incoming, active and deferred). To requeue multiple messages, spec- @@ -88,46 +88,45 @@ POSTSUPER(1) POSTSUPER(1) recommended to perform this operation once before Postfix startup. - o (Postfix versions >= 20010525) Rename files - whose name does not match the message file - inode number. This operation is necessary - after restoring a mail queue from a differ- - ent machine, or from backup media. + o Rename files whose name does not match the + message file inode number. This operation is + necessary after restoring a mail queue from + a different machine, or from backup media. o Move queue files that are in the wrong place in the file system hierarchy and remove sub- directories that are no longer needed. File - position rearrangements are necessary after + position rearrangements are necessary after a change in the hash_queue_names and/or hash_queue_depth configuration parameters. -v Enable verbose logging for debugging purposes. Mul- - tiple -v options make the software increasingly + tiple -v options make the software increasingly verbose. DIAGNOSTICS - Problems are reported to the standard error stream and to + Problems are reported to the standard error stream and to syslogd. - postsuper reports the number of messages deleted with -d, + postsuper reports the number of messages deleted with -d, the number of messages requeued with -r, and the number of - messages whose queue file name was fixed with -s. The + messages whose queue file name was fixed with -s. The report is written to the standard error stream and to sys- logd. CONFIGURATION PARAMETERS - See the Postfix main.cf file for syntax details and for + See the Postfix main.cf file for syntax details and for default values. hash_queue_depth Number of subdirectory levels for hashed queues. hash_queue_names - The names of queues that are organized into multi- + The names of queues that are organized into multi- ple levels of subdirectories. LICENSE - The Secure Mailer license must be distributed with this + The Secure Mailer license must be distributed with this software. AUTHOR(S) diff --git a/postfix/html/qmgr.8.html b/postfix/html/qmgr.8.html index 6cc03ee15..2ca5e6b72 100644 --- a/postfix/html/qmgr.8.html +++ b/postfix/html/qmgr.8.html @@ -1,5 +1,4 @@ 
    -
 QMGR(8)                                                   QMGR(8)
 
 NAME
@@ -193,7 +192,7 @@ QMGR(8)                                                   QMGR(8)
               term, in-memory destination cache.
 
 Timing controls
-       min_backoff
+       minimal_backoff_time
               Minimal time in seconds between  delivery  attempts
               of a deferred message.
 
@@ -201,7 +200,7 @@ QMGR(8)                                                   QMGR(8)
               destination is kept in  the  short-term,  in-memory
               destination status cache.
 
-       max_backoff
+       maximal_backoff_time
               Maximal  time  in seconds between delivery attempts
               of a deferred message.
 
@@ -287,6 +286,5 @@ QMGR(8)                                                   QMGR(8)
        P.O. Box 704
        Yorktown Heights, NY 10598, USA
 
-                                                                1
-
+                                                          QMGR(8)
    diff --git a/postfix/html/qmqpd.8.html b/postfix/html/qmqpd.8.html index 5d5792ef3..37fc7294a 100644 --- a/postfix/html/qmqpd.8.html +++ b/postfix/html/qmqpd.8.html @@ -1,5 +1,4 @@ 
    -
 QMQPD(8)                                                 QMQPD(8)
 
 NAME
@@ -117,6 +116,5 @@ QMQPD(8)                                                 QMQPD(8)
        P.O. Box 704
        Yorktown Heights, NY 10598, USA
 
-                                                                1
-
+                                                         QMQPD(8)
    diff --git a/postfix/html/security.html b/postfix/html/security.html index 6d2ae47c4..c3264f175 100644 --- a/postfix/html/security.html +++ b/postfix/html/security.html @@ -82,8 +82,8 @@ per-process file system name spaces. Initially, the maildrop queue directory was world-writable, so that local processes could submit mail without assistance from a set-uid or set-gid command or from a mail daemon process. The -maildrop directory was never used for mail coming in via the network, -and its queue files were never not readable for other users. +maildrop directory was not used for mail coming in via the network, +and its queue files were not readable for unprivileged users.

    diff --git a/postfix/html/sendmail.1.html b/postfix/html/sendmail.1.html index fba1afd8f..9daf15bd5 100644 --- a/postfix/html/sendmail.1.html +++ b/postfix/html/sendmail.1.html @@ -1,5 +1,4 @@ 

    -
 SENDMAIL(1)                                           SENDMAIL(1)
 
 NAME
@@ -125,20 +124,25 @@ SENDMAIL(1)                                           SENDMAIL(1)
 
        -bs    Stand-alone SMTP server mode.  Read  SMTP  commands
               from  standard  input, and write responses to stan-
-              dard output.  This mode of operation is implemented
-              by running the smtpd(8) daemon.
+              dard output.  In stand-alone SMTP server mode,  UCE
+              restrictions  and  access  controls are disabled by
+              default. To enable them, run  the  process  as  the
+              mail_owner user.
+
+              This  mode  of  operation is implemented by running
+              the smtpd(8) daemon.
 
        -f sender
               Set  the  envelope  sender  address.  This  is  the
               address where delivery problems are sent to, unless
-              the  message contains an Errors-To: message header.
+              the message contains an Errors-To: message  header.
 
        -h hop_count (ignored)
-              Hop count limit. Use the hopcount_limit  configura-
+              Hop  count limit. Use the hopcount_limit configura-
               tion parameter instead.
 
-       -i     When  reading  a message from standard input, don't
-              treat a line with only a . character as the end  of
+       -i     When reading a message from standard  input,  don't
+              treat  a line with only a . character as the end of
               input.
 
        -m (ignored)
@@ -148,67 +152,67 @@ SENDMAIL(1)                                           SENDMAIL(1)
               Backwards compatibility.
 
        -oAalias_database
-              Non-default  alias  database.  Specify  pathname or
+              Non-default alias  database.  Specify  pathname  or
               type:pathname. See postalias(1) for details.
 
        -o7 (ignored)
 
        -o8 (ignored)
-              The message body type.  Currently,  Postfix  imple-
+              The  message  body  type. Currently, Postfix imple-
               ments just-send-eight.
 
-       -oi    When  reading  a message from standard input, don't
-              treat a line with only a . character as the end  of
+       -oi    When reading a message from standard  input,  don't
+              treat  a line with only a . character as the end of
               input.
 
        -om (ignored)
-              The  sender  is  never  eliminated  from alias etc.
+              The sender is  never  eliminated  from  alias  etc.
               expansions.
 
        -o x value (ignored)
-              Set option x to value. Use the equivalent  configu-
+              Set  option x to value. Use the equivalent configu-
               ration parameter in main.cf instead.
 
        -r sender
               Set  the  envelope  sender  address.  This  is  the
               address where delivery problems are sent to, unless
-              the  message contains an Errors-To: message header.
+              the message contains an Errors-To: message  header.
 
-       -q     Attempt to deliver all queued mail. This is  imple-
+       -q     Attempt  to deliver all queued mail. This is imple-
               mented by executing the postqueue(1) command.
 
        -qinterval (ignored)
-              The   interval   between   queue   runs.   Use  the
+              The  interval   between   queue   runs.   Use   the
               queue_run_delay configuration parameter instead.
 
        -qRsite
-              Schedule immediate delivery of  all  mail  that  is
+              Schedule  immediate  delivery  of  all mail that is
               queued for the named site. This option accepts only
-              site names that are eligible for the  "fast  flush"
-              service,   and  is  implemented  by  executing  the
+              site  names  that are eligible for the "fast flush"
+              service,  and  is  implemented  by  executing   the
               postqueue(1) command.  See flush(8) for more infor-
               mation about the "fast flush" service.
 
        -qSsite
-              This  command  is  not  implemented. Use the slower
+              This command is not  implemented.  Use  the  slower
               sendmail -q command instead.
 
-       -t     Extract  recipients  from  message  headers.   This
-              requires  that  no  recipients  be specified on the
+       -t     Extract   recipients  from  message  headers.  This
+              requires that no recipients  be  specified  on  the
               command line.
 
        -v     Enable verbose logging for debugging purposes. Mul-
-              tiple  -v  options  make  the software increasingly
+              tiple -v options  make  the  software  increasingly
               verbose.
 
 SECURITY
-       By design, this program is not  set-user  (or  group)  id.
-       However,  it  must  handle  data  from  untrusted users or
-       untrusted machines.  Thus, the usual precautions  need  to
+       By  design,  this  program  is not set-user (or group) id.
+       However, it must  handle  data  from  untrusted  users  or
+       untrusted  machines.   Thus, the usual precautions need to
        be taken against malicious inputs.
 
 DIAGNOSTICS
-       Problems  are  logged  to  syslogd(8)  and to the standard
+       Problems are logged to  syslogd(8)  and  to  the  standard
        error stream.
 
 ENVIRONMENT
@@ -220,7 +224,7 @@ SENDMAIL(1)                                           SENDMAIL(1)
 
        MAIL_DEBUG
               Enable debugging with an external command, as spec-
-              ified   with   the  debugger_command  configuration
+              ified  with  the   debugger_command   configuration
               parameter.
 
 FILES
@@ -228,13 +232,13 @@ SENDMAIL(1)                                           SENDMAIL(1)
        /etc/postfix, configuration files
 
 CONFIGURATION PARAMETERS
-       See the Postfix main.cf file for syntax  details  and  for
-       default  values.  Use  the  postfix reload command after a
+       See  the  Postfix  main.cf file for syntax details and for
+       default values. Use the postfix  reload  command  after  a
        configuration change.
 
        alias_database
-              Default  alias  database(s)  for  newaliases.   The
-              default  value  for  this  parameter is system-spe-
+              Default   alias  database(s)  for  newaliases.  The
+              default value for  this  parameter  is  system-spe-
               cific.
 
        bounce_size_limit
@@ -250,62 +254,62 @@ SENDMAIL(1)                                           SENDMAIL(1)
               initialized.
 
        debug_peer_level
-              Increment  in  verbose  logging level when a remote
+              Increment in verbose logging level  when  a  remote
               host  matches  a  pattern  in  the  debug_peer_list
               parameter.
 
        debug_peer_list
-              List  of  domain or network patterns. When a remote
-              host matches a pattern, increase the  verbose  log-
-              ging   level   by   the  amount  specified  in  the
+              List of domain or network patterns. When  a  remote
+              host  matches  a pattern, increase the verbose log-
+              ging  level  by  the  amount   specified   in   the
               debug_peer_level parameter.
 
        default_verp_delimiters
-              The VERP delimiter characters that  are  used  when
-              the  -V  command  line  option is specified without
+              The  VERP  delimiter  characters that are used when
+              the -V command line  option  is  specified  without
               delimiter characters.
 
        fast_flush_domains
               List of domains that will receive "fast flush" ser-
-              vice  (default:  all  domains  that  this system is
-              willing to relay mail to). This list specifies  the
-              domains  that  Postfix  accepts  in  the  SMTP ETRN
+              vice (default: all  domains  that  this  system  is
+              willing  to relay mail to). This list specifies the
+              domains that  Postfix  accepts  in  the  SMTP  ETRN
               request and in the sendmail -qR command.
 
        fork_attempts
-              Number of attempts to fork() a process before  giv-
+              Number  of attempts to fork() a process before giv-
               ing up.
 
        fork_delay
-              Delay   in   seconds   between   successive  fork()
+              Delay  in   seconds   between   successive   fork()
               attempts.
 
        hopcount_limit
               Limit the number of Received: message headers.
 
        mail_owner
-              The owner of the mail queue  and  of  most  Postfix
+              The  owner  of  the  mail queue and of most Postfix
               processes.
 
        command_directory
-              Directory  with  Postfix support commands (default:
+              Directory with Postfix support  commands  (default:
               $program_directory).
 
        daemon_directory
-              Directory with Postfix  daemon  programs  (default:
+              Directory  with  Postfix  daemon programs (default:
               $program_directory).
 
        queue_directory
-              Top-level  directory  of the Postfix queue. This is
+              Top-level directory of the Postfix queue.  This  is
               also the root directory of Postfix daemons that run
               chrooted.
 
        queue_run_delay
-              The  time  between successive scans of the deferred
+              The time between successive scans of  the  deferred
               queue.
 
        verp_delimiter_filter
-              The characters that Postfix accepts as VERP  delim-
+              The  characters that Postfix accepts as VERP delim-
               iter characters.
 
 SEE ALSO
@@ -320,7 +324,7 @@ SENDMAIL(1)                                           SENDMAIL(1)
        syslogd(8) system logging
 
 LICENSE
-       The  Secure  Mailer  license must be distributed with this
+       The Secure Mailer license must be  distributed  with  this
        software.
 
 AUTHOR(S)
@@ -329,6 +333,5 @@ SENDMAIL(1)                                           SENDMAIL(1)
        P.O. Box 704
        Yorktown Heights, NY 10598, USA
 
-                                                                1
-
+                                                      SENDMAIL(1)
    diff --git a/postfix/html/showq.8.html b/postfix/html/showq.8.html index cec8cf9f1..a9de2ae8f 100644 --- a/postfix/html/showq.8.html +++ b/postfix/html/showq.8.html @@ -1,5 +1,4 @@ 
    -
 SHOWQ(8)                                                 SHOWQ(8)
 
 NAME
@@ -51,6 +50,5 @@ SHOWQ(8)                                                 SHOWQ(8)
        P.O. Box 704
        Yorktown Heights, NY 10598, USA
 
-                                                                1
-
+                                                         SHOWQ(8)
    diff --git a/postfix/html/smtp.8.html b/postfix/html/smtp.8.html index 0e166ab1b..047b3ddc9 100644 --- a/postfix/html/smtp.8.html +++ b/postfix/html/smtp.8.html @@ -1,5 +1,4 @@ 
    -
 SMTP(8)                                                   SMTP(8)
 
 NAME
@@ -121,40 +120,43 @@ SMTP(8)                                                   SMTP(8)
               Numerical source network address to  bind  to  when
               making a connection.
 
-       smtp_break_lines
-              Break  lines  >  $line_length_limit  into  multiple
-              shorter lines.  Some SMTP servers misbehave on long
-              lines.
+       smtp_line_length_limit
+              Length  limit  for SMTP message content lines. Zero
+              means no limit.  Some  SMTP  servers  misbehave  on
+              long lines.
+
+       smtp_helo_name
+              The  hostname to be used in HELO and EHLO commands.
 
        smtp_skip_4xx_greeting
-              Skip  servers that greet us with a 4xx status code.
+              Skip servers that greet us with a 4xx status  code.
 
        smtp_skip_5xx_greeting
-              Skip servers that greet us with a 5xx status  code.
+              Skip  servers that greet us with a 5xx status code.
 
        smtp_skip_quit_response
-              Do  not  wait for the server response after sending
+              Do not wait for the server response  after  sending
               QUIT.
 
        smtp_pix_workaround_delay_time
-              The time to pause before sending  .<CR><LF>,  while
-              working    around    the    CISCO    PIX   firewall
+              The  time  to pause before sending .<CR><LF>, while
+              working   around    the    CISCO    PIX    firewall
               <CR><LF>.<CR><LF> bug.
 
        smtp_pix_workaround_threshold_time
-              The time a message must be queued before the  CISCO
-              PIX  firewall  <CR><LF>.<CR><LF>  bug workaround is
+              The  time a message must be queued before the CISCO
+              PIX firewall <CR><LF>.<CR><LF>  bug  workaround  is
               turned on.
 
 Authentication controls
-       smtp_enable_sasl_auth
-              Enable per-session authentication as per  RFC  2554
-              (SASL).   By default, Postfix is built without SASL
+       smtp_sasl_auth_enable
+              Enable  per-session  authentication as per RFC 2554
+              (SASL).  By default, Postfix is built without  SASL
               support.
 
        smtp_sasl_password_maps
               Lookup tables with per-host or domain name:password
-              entries.   No  entry for a host means no attempt to
+              entries.  No entry for a host means no  attempt  to
               authenticate.
 
        smtp_sasl_security_options
@@ -178,47 +180,47 @@ SMTP(8)                                                   SMTP(8)
 Resource controls
        smtp_destination_concurrency_limit
               Limit the number of parallel deliveries to the same
-              destination.   The  default limit is taken from the
+              destination.  The default limit is taken  from  the
               default_destination_concurrency_limit parameter.
 
        smtp_destination_recipient_limit
-              Limit the number of recipients per  message  deliv-
-              ery.    The   default   limit  is  taken  from  the
+              Limit  the  number of recipients per message deliv-
+              ery.   The  default  limit  is   taken   from   the
               default_destination_recipient_limit parameter.
 
 Timeout controls
-       The default time unit is seconds; an  explicit  time  unit
-       can  be  specified by appending a one-letter suffix to the
-       value: s (seconds), m (minutes), h (hours), d (days) or  w
+       The  default  time  unit is seconds; an explicit time unit
+       can be specified by appending a one-letter suffix  to  the
+       value:  s (seconds), m (minutes), h (hours), d (days) or w
        (weeks).
 
        smtp_connect_timeout
-              Timeout  for  completing  a TCP connection. When no
-              connection can be made  within  the  deadline,  the
-              SMTP  client  tries  the  next  address on the mail
+              Timeout for completing a TCP  connection.  When  no
+              connection  can  be  made  within the deadline, the
+              SMTP client tries the  next  address  on  the  mail
               exchanger list.
 
        smtp_helo_timeout
-              Timeout for receiving  the  SMTP  greeting  banner.
-              When  the server drops the connection without send-
+              Timeout  for  receiving  the  SMTP greeting banner.
+              When the server drops the connection without  send-
               ing a greeting banner, or when it sends no greeting
-              banner  within  the deadline, the SMTP client tries
+              banner within the deadline, the SMTP  client  tries
               the next address on the mail exchanger list.
 
        smtp_helo_timeout
-              Timeout for  sending  the  HELO  command,  and  for
+              Timeout  for  sending  the  HELO  command,  and for
               receiving the server response.
 
        smtp_mail_timeout
-              Timeout  for sending the MAIL FROM command, and for
+              Timeout for sending the MAIL FROM command, and  for
               receiving the server response.
 
        smtp_rcpt_timeout
-              Timeout for sending the RCPT TO  command,  and  for
+              Timeout  for  sending  the RCPT TO command, and for
               receiving the server response.
 
        smtp_data_init_timeout
-              Timeout  for  sending  the  DATA  command,  and for
+              Timeout for  sending  the  DATA  command,  and  for
               receiving the server response.
 
        smtp_data_xfer_timeout
@@ -226,12 +228,12 @@ SMTP(8)                                                   SMTP(8)
 
        smtp_data_done_timeout
               Timeout  for  sending  the  "."  command,  and  for
-              receiving  the server response. When no response is
-              received, a warning is logged that the mail may  be
+              receiving the server response. When no response  is
+              received,  a warning is logged that the mail may be
               delivered multiple times.
 
        smtp_quit_timeout
-              Timeout  for  sending  the  QUIT  command,  and for
+              Timeout for  sending  the  QUIT  command,  and  for
               receiving the server response.
 
 SEE ALSO
@@ -241,7 +243,7 @@ SMTP(8)                                                   SMTP(8)
        syslogd(8) system logging
 
 LICENSE
-       The Secure Mailer license must be  distributed  with  this
+       The  Secure  Mailer  license must be distributed with this
        software.
 
 AUTHOR(S)
@@ -250,6 +252,5 @@ SMTP(8)                                                   SMTP(8)
        P.O. Box 704
        Yorktown Heights, NY 10598, USA
 
-                                                                1
-
+                                                          SMTP(8)
    diff --git a/postfix/html/smtpd.8.html b/postfix/html/smtpd.8.html index 0bb0e5629..7c0ae5fe5 100644 --- a/postfix/html/smtpd.8.html +++ b/postfix/html/smtpd.8.html @@ -1,5 +1,4 @@ 
    -
 SMTPD(8)                                                 SMTPD(8)
 
 NAME
@@ -227,7 +226,7 @@ SMTPD(8)                                                 SMTPD(8)
               delays.
 
 UCE control restrictions
-       parent_domain_matches_subdomains (versions >= 20011119)
+       parent_domain_matches_subdomains
               List of Postfix features that use domain.name  pat-
               terns  to  match  sub.domain.name  (as  opposed  to
               requiring .domain.name patterns).
@@ -335,6 +334,5 @@ SMTPD(8)                                                 SMTPD(8)
        P.O. Box 704
        Yorktown Heights, NY 10598, USA
 
-                                                                1
-
+                                                         SMTPD(8)
    diff --git a/postfix/html/transport.5.html b/postfix/html/transport.5.html index 48da226d5..737c09c1e 100644 --- a/postfix/html/transport.5.html +++ b/postfix/html/transport.5.html @@ -149,7 +149,7 @@ TRANSPORT(5) TRANSPORT(5) details and for default values. Use the postfix reload command after a configuration change. - parent_domain_matches_subdomains (versions >= 20011119) + parent_domain_matches_subdomains List of Postfix features that use domain.name pat- terns to match sub.domain.name (as opposed to requiring .domain.name patterns). diff --git a/postfix/html/trivial-rewrite.8.html b/postfix/html/trivial-rewrite.8.html index f2bf17443..92f478d06 100644 --- a/postfix/html/trivial-rewrite.8.html +++ b/postfix/html/trivial-rewrite.8.html @@ -110,7 +110,7 @@ TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8) Syntax is transport:nexthop; see transport(5) for details. The :nexthop part is optional. - parent_domain_matches_subdomains (versions >= 20011119) + parent_domain_matches_subdomains List of Postfix features that use domain.name pat- terns to match sub.domain.name (as opposed to requiring .domain.name patterns). diff --git a/postfix/html/uce.html b/postfix/html/uce.html index 902aa6ad2..bde7921b6 100644 --- a/postfix/html/uce.html +++ b/postfix/html/uce.html @@ -48,6 +48,10 @@ command.

    +

  • Body filtering + +

    +

  • Client hostname/address restrictions @@ -93,8 +97,9 @@ restrictions

    Header filtering

    -The header_checks parameter restricts what -is allowed in message headers. +The header_checks parameter restricts what is allowed in +message headers. Patterns are applied to entire logical message +headers, even when a header spans multiple lines of text.

    @@ -124,6 +129,8 @@ the originator.

    WARN
    Log (but do not reject) the header with a warning. +
    WARN text...
    As above, and also log the text. +

    @@ -151,6 +158,70 @@ mail still to be rejected.

    + + +

    Body filtering

    + +The body_checks parameter restricts what text is +is allowed in message body lines (including MIME headers +within the message body). + +

    + +Note: the message body is matched one line at a time. +There is no multi-line concept as with message headers. + +

    + +

    + +
    Default: + +
    Allow anything in message body lines. + +

    + +

    Syntax: + +
    Specify a list of zero or more lookup tables. Whenever a body +line matches a table, the action depends on the lookup result: + +

    + +

    + +
    REJECT
    Reject the message, and log the matched line. + +
    REJECT text...
    As above, and also send the text to +the originator. + +
    IGNORE
    Delete the matched line from the message. + +
    WARN
    Log (but do not reject) the matched line with a warning. + +
    WARN text...
    As above, and also log the text. + +
    + +

    + +At present, specifying a pattern with OK serves no useful +purpose. A rule ending in OK affects only the line being matched. +The next line may still result in a REJECT match, causing the +mail still to be rejected. + +

    + +

    + +

    Examples (main.cf): + +
    body_checks = regexp:/etc/postfix/body_checks + +
    body_checks = pcre:/etc/postfix/body_checks + +

    +

    Client hostname/address restrictions

    @@ -162,7 +233,7 @@ clients this system accepts SMTP connections from. By default, this restriction is applied when the client sends the RCPT TO command. In order to have the restriction take effect -as soon as possible, specify smtpd_delay_reject = yes in +as soon as possible, specify smtpd_delay_reject = no in the Postfix main.cf configuration file. Doing so may cause unexpected results with poorly implemented client software. @@ -560,7 +631,7 @@ response code to rejected requests (default: 504). -
    reject_sender_login_mismatch (Postfix versions >= 20011125) +
    reject_sender_login_mismatch
    Reject the request when $smtpd_sender_owner_maps specifies an owner for the MAIL FROM @@ -1021,7 +1092,7 @@ specifies the response code to rejected requests (default: -
    warn_if_reject (Postfix versions 20011119 and later) +
    warn_if_reject
    Change the meaning of the next restriction, so that it logs a warning instead of rejecting a request (look for logfile records that contain "reject_warning"). This is useful for testing new diff --git a/postfix/makedefs b/postfix/makedefs index c0c258ca7..be453054a 100644 --- a/postfix/makedefs +++ b/postfix/makedefs @@ -61,14 +61,13 @@ case "$SYSTEM.$RELEASE" in SCO_SV.3.2) SYSTYPE=SCO5 # Use the native compiler by default : ${CC="/usr/bin/cc -b elf"} - : ${DEBUG=} + CCARGS="-DPIPES_CANT_FIONREAD $CCARGS" SYSLIBS="-lsocket -ldbm" RANLIB=echo ;; UnixWare.5*) SYSTYPE=UW7 # Use the native compiler by default : ${CC=/usr/bin/cc} - : ${DEBUG=} RANLIB=echo SYSLIBS="-lresolv -lsocket -lnsl" ;; @@ -118,6 +117,11 @@ case "$SYSTEM.$RELEASE" in 5.[0-4]) CCARGS="$CCARGS -DMISSING_USLEEP";; *) CCARGS="$CCARGS -DHAS_POSIX_REGEXP";; esac + # Work around broken str*casecmp(). Do it all here instead + # of having half the solution in the sys_defs.h file. + CCARGS="$CCARGS -Dstrcasecmp=fix_strcasecmp \ + -Dstrncasecmp=fix_strncasecmp" + STRCASE="strcasecmp.o" # Avoid common types of braindamage case "$LD_LIBRARY_PATH" in ?*) echo "Don't set LD_LIBRARY_PATH" 1>&2; exit 1;; @@ -196,7 +200,9 @@ case "$SYSTEM.$RELEASE" in SYSLIBS="-ldb" for name in nsl resolv $GDBM_LIBS do - test -f /usr/lib/lib$name.a && SYSLIBS="$SYSLIBS -l$name" + test -e /usr/lib/lib$name.a -o -e /usr/lib/lib$name.so \ + -o -e /lib/lib$name.a -o -e /lib/lib$name.so \ + && SYSLIBS="$SYSLIBS -l$name" done ;; IRIX*.5.*) SYSTYPE=IRIX5 @@ -302,5 +308,6 @@ CC = $CC $CCARGS OPT = $OPT DEBUG = $DEBUG AWK = $AWK +STRCASE = $STRCASE EXPORT = AUXLIBS="$AUXLIBS" CCARGS="$CCARGS" OPT="$OPT" DEBUG="$DEBUG" EOF diff --git a/postfix/man/man1/postmap.1 b/postfix/man/man1/postmap.1 index 1ff4e6062..d5385d407 100644 --- a/postfix/man/man1/postmap.1 +++ b/postfix/man/man1/postmap.1 @@ -22,6 +22,9 @@ file formats are expected to be compatible with: .ti +4 \fBmakemap \fIfile_type\fR \fIfile_name\fR < \fIfile_name\fR +If the result files do not exist they will be created with the +same group and other read permissions as the source file. + While the table update is in progress, signal delivery is postponed, and an exclusive, advisory, lock is placed on the entire table, in order to avoid surprises in spectator @@ -34,15 +37,11 @@ A table entry has the form .ti +5 \fIkey\fR whitespace \fIvalue\fR .IP \(bu -A line that starts with whitespace (space or tab) is a continuation -of the previous line. An empty line terminates the previous line, -as does a line that starts with non-whitespace (text or comment). A -comment line that starts with whitespace does not terminate multi-line -text. +Empty lines and whitespace-only lines are ignored, as +are lines whose first non-whitespace character is a `#'. .IP \(bu -The \fB#\fR is recognized as the start of a comment, but only when it is -the first non-whitespace character on a line. A comment terminates -at the end of the line, even when the next line starts with whitespace. +A logical line starts with non-whitespace text. A line that +starts with whitespace continues a logical line. .PP The \fIkey\fR and \fIvalue\fR are processed as is, except that surrounding white space is stripped off. Unlike with Postfix alias diff --git a/postfix/man/man1/postqueue.1 b/postfix/man/man1/postqueue.1 index 5ac8d90f6..f66800343 100644 --- a/postfix/man/man1/postqueue.1 +++ b/postfix/man/man1/postqueue.1 @@ -21,7 +21,7 @@ for queue management. It implements all the operations that are traditionally available via the \fBsendmail\fR(1) command. The following options are recognized: -.IP \fB-c \fIconfig_dir\fR +.IP "\fB-c \fIconfig_dir\fR" The \fBmain.cf\fR configuration file is in the named directory instead of the default configuration directory. See also the MAIL_CONFIG environment setting below. diff --git a/postfix/man/man1/postsuper.1 b/postfix/man/man1/postsuper.1 index 599293151..80fc63864 100644 --- a/postfix/man/man1/postsuper.1 +++ b/postfix/man/man1/postsuper.1 @@ -24,7 +24,7 @@ directories - this includes the \fBincoming\fR, \fBactive\fR and \fBdefer\fR and \fBflush\fR directories with log files. Options: -.IP "\fB-d \fIqueue_id\fR (Postfix versions >= 20010525)" +.IP "\fB-d \fIqueue_id\fR" Delete one message with the named queue ID from the named mail queue(s) (default: \fBincoming\fR, \fBactive\fR and \fBdeferred\fR). @@ -62,7 +62,7 @@ message that it should have deleted. .IP \fB-p\fR Purge old temporary files that are left over after system or software crashes. -.IP "\fB-r \fIqueue_id\fR (Postfix versions >= 20010525)" +.IP "\fB-r \fIqueue_id\fR" Requeue the message with the named queue ID from the named mail queue(s) (default: \fBincoming\fR, \fBactive\fR and \fBdeferred\fR). @@ -90,7 +90,6 @@ Structure check and structure repair. It is highly recommended to perform this operation once before Postfix startup. .RS .IP \(bu -(Postfix versions >= 20010525) Rename files whose name does not match the message file inode number. This operation is necessary after restoring a mail queue from a different machine, or from backup media. diff --git a/postfix/man/man1/sendmail.1 b/postfix/man/man1/sendmail.1 index 87fcd219a..10ca278c0 100644 --- a/postfix/man/man1/sendmail.1 +++ b/postfix/man/man1/sendmail.1 @@ -111,6 +111,10 @@ List the mail queue. See the \fBmailq\fR command above. .IP \fB-bs\fR Stand-alone SMTP server mode. Read SMTP commands from standard input, and write responses to standard output. +In stand-alone SMTP server mode, UCE restrictions and +access controls are disabled by default. To enable them, +run the process as the \fBmail_owner\fR user. +.sp This mode of operation is implemented by running the \fBsmtpd\fR(8) daemon. .IP "\fB-f \fIsender\fR" diff --git a/postfix/man/man5/access.5 b/postfix/man/man5/access.5 index 60ee50d9b..0c9644909 100644 --- a/postfix/man/man5/access.5 +++ b/postfix/man/man5/access.5 @@ -66,11 +66,11 @@ order to match subdomains. .IP \fIuser\fR@ Matches all mail addresses with the specified user part. .PP -Note: lookup of the null sender address may not be possible with -all supported types of lookup table. A workaround is to specify -\fBsmtpd_null_access_lookup_key = <>\fR in the Postfix \fBmain.cf\fR -file, and to specify \fB<>\fR as the left-hand field in the access -table. +Note: lookup of the null sender address is not possible with +some types of lookup table. By default, Postfix uses \fB<>\fR +as the lookup key for such addresses. The value is specified with +the workaround is to specify \fBsmtpd_null_access_lookup_key\fR +parameter in the Postfix \fBmain.cf\fR file. .SH ADDRESS EXTENSION .na .nf @@ -115,6 +115,9 @@ Reject the address etc. that matches the pattern. A generic error response message is generated. .IP \fBOK\fR Accept the address etc. that matches the pattern. +.IP \fIall-numerical\fR +An all-numerical result is treated as OK. This format is +generated by address-based relay authorization schemes. .IP \fIrestriction...\fR Apply the named UCE restriction(s) (\fBpermit\fR, \fRreject\fR, \fBreject_unauth_destination\fR, and so on). diff --git a/postfix/man/man5/transport.5 b/postfix/man/man5/transport.5 index eec9204c5..d292c2916 100644 --- a/postfix/man/man5/transport.5 +++ b/postfix/man/man5/transport.5 @@ -155,7 +155,7 @@ The following \fBmain.cf\fR parameters are especially relevant to this topic. See the Postfix \fBmain.cf\fR file for syntax details and for default values. Use the \fBpostfix reload\fR command after a configuration change. -.IP "\fBparent_domain_matches_subdomains\fR (versions >= 20011119)" +.IP \fBparent_domain_matches_subdomains\fR List of Postfix features that use \fIdomain.name\fR patterns to match \fIsub.domain.name\fR (as opposed to requiring \fI.domain.name\fR patterns). diff --git a/postfix/man/man8/flush.8 b/postfix/man/man8/flush.8 index 49d6eca37..4aa4eb46a 100644 --- a/postfix/man/man8/flush.8 +++ b/postfix/man/man8/flush.8 @@ -126,7 +126,7 @@ a send request for the corresponding destination. .IP \fBfast_flush_purge_time\fR Remove an empty "fast flush" logfile that was not updated in this amount of time (default time unit: days). -.IP "\fBparent_domain_matches_subdomains\fR (versions >= 20011119)" +.IP \fBparent_domain_matches_subdomains\fR List of Postfix features that use \fIdomain.name\fR patterns to match \fIsub.domain.name\fR (as opposed to requiring \fI.domain.name\fR patterns). diff --git a/postfix/man/man8/local.8 b/postfix/man/man8/local.8 index 382cb4970..13c2b761d 100644 --- a/postfix/man/man8/local.8 +++ b/postfix/man/man8/local.8 @@ -96,7 +96,8 @@ mail arrives for a recipient that is already listed in a The default per-user mailbox is a file in the UNIX mail spool directory (\fB/var/mail/\fIuser\fR or \fB/var/spool/mail/\fIuser\fR); the location can be specified with the \fBmail_spool_directory\fR -configuration parameter. +configuration parameter. Specify a name ending in \fB/\fR for +\fBqmail\fR-compatible \fBmaildir\fR delivery. Alternatively, the per-user mailbox can be a file in the user's home directory with a name specified via the \fBhome_mailbox\fR @@ -334,6 +335,7 @@ The \fIaddress\fR is subjected to \fI$name\fR expansion. .IP \fBmail_spool_directory\fR Directory with UNIX-style mailboxes. The default pathname is system dependent. +Specify a path ending in \fB/\fR for maildir-style delivery. .IP \fBmailbox_command\fR External command to use for mailbox delivery. The command executes with the recipient privileges (exception: root). The string is subject diff --git a/postfix/man/man8/nqmgr.8 b/postfix/man/man8/nqmgr.8 index 4a36d1df5..84a783f40 100644 --- a/postfix/man/man8/nqmgr.8 +++ b/postfix/man/man8/nqmgr.8 @@ -208,13 +208,13 @@ messages delivered by the transport \fItransport\fR can have. .SH "Timing controls" .ad .fi -.IP \fBmin_backoff\fR +.IP \fBminimal_backoff_time\fR Minimal time in seconds between delivery attempts of a deferred message. .sp This parameter also limits the time an unreachable destination is kept in the short-term, in-memory destination status cache. -.IP \fBmax_backoff\fR +.IP \fBmaximal_backoff_time\fR Maximal time in seconds between delivery attempts of a deferred message. .IP \fBmaximal_queue_lifetime\fR diff --git a/postfix/man/man8/qmgr.8 b/postfix/man/man8/qmgr.8 index c0cb2ad96..44b1492c6 100644 --- a/postfix/man/man8/qmgr.8 +++ b/postfix/man/man8/qmgr.8 @@ -189,13 +189,13 @@ destination cache. .SH "Timing controls" .ad .fi -.IP \fBmin_backoff\fR +.IP \fBminimal_backoff_time\fR Minimal time in seconds between delivery attempts of a deferred message. .sp This parameter also limits the time an unreachable destination is kept in the short-term, in-memory destination status cache. -.IP \fBmax_backoff\fR +.IP \fBmaximal_backoff_time\fR Maximal time in seconds between delivery attempts of a deferred message. .IP \fBmaximal_queue_lifetime\fR diff --git a/postfix/man/man8/smtp.8 b/postfix/man/man8/smtp.8 index c111772b1..00f07b8fd 100644 --- a/postfix/man/man8/smtp.8 +++ b/postfix/man/man8/smtp.8 @@ -113,9 +113,11 @@ Always send EHLO at the start of a connection. Never send EHLO at the start of a connection. .IP \fBsmtp_bind_address\fR Numerical source network address to bind to when making a connection. -.IP \fBsmtp_break_lines\fR -Break lines > \fB$line_length_limit\fR into multiple shorter lines. +.IP \fBsmtp_line_length_limit\fR +Length limit for SMTP message content lines. Zero means no limit. Some SMTP servers misbehave on long lines. +.IP \fBsmtp_helo_name\fR +The hostname to be used in HELO and EHLO commands. .IP \fBsmtp_skip_4xx_greeting\fR Skip servers that greet us with a 4xx status code. .IP \fBsmtp_skip_5xx_greeting\fR @@ -129,7 +131,7 @@ around the CISCO PIX firewall . bug. The time a message must be queued before the CISCO PIX firewall . bug workaround is turned on. .SH "Authentication controls" -.IP \fBsmtp_enable_sasl_auth\fR +.IP \fBsmtp_sasl_auth_enable\fR Enable per-session authentication as per RFC 2554 (SASL). By default, Postfix is built without SASL support. .IP \fBsmtp_sasl_password_maps\fR diff --git a/postfix/man/man8/smtpd.8 b/postfix/man/man8/smtpd.8 index b73163616..73814beda 100644 --- a/postfix/man/man8/smtpd.8 +++ b/postfix/man/man8/smtpd.8 @@ -194,7 +194,7 @@ it is penalized with tarpit delays. .SH "UCE control restrictions" .ad .fi -.IP "\fBparent_domain_matches_subdomains\fR (versions >= 20011119)" +.IP \fBparent_domain_matches_subdomains\fR List of Postfix features that use \fIdomain.name\fR patterns to match \fIsub.domain.name\fR (as opposed to requiring \fI.domain.name\fR patterns). diff --git a/postfix/man/man8/trivial-rewrite.8 b/postfix/man/man8/trivial-rewrite.8 index 410b72a3b..3aa705f57 100644 --- a/postfix/man/man8/trivial-rewrite.8 +++ b/postfix/man/man8/trivial-rewrite.8 @@ -108,7 +108,7 @@ The default transport is \fBsmtp\fR. .sp Syntax is \fItransport\fR:\fInexthop\fR; see \fBtransport\fR(5) for details. The :\fInexthop\fR part is optional. -.IP "\fBparent_domain_matches_subdomains\fR (versions >= 20011119)" +.IP \fBparent_domain_matches_subdomains\fR List of Postfix features that use \fIdomain.name\fR patterns to match \fIsub.domain.name\fR (as opposed to requiring \fI.domain.name\fR patterns). diff --git a/postfix/postfix-install b/postfix/postfix-install index 750254352..964dcdacb 100644 --- a/postfix/postfix-install +++ b/postfix/postfix-install @@ -88,6 +88,7 @@ # The destination directory for Postfix daemon programs. This directory # should not be in the command search path of any users. # The built-in default directory name is /usr/libexec/postfix. +# This parameter setting is recorded in the installed main.cf file. # .IP command_directory # The destination directory for Postfix administrative commands. This # directory should be in the command search path of adminstrative users. @@ -173,7 +174,7 @@ do case $arg in *=*) IFS= eval $arg; IFS="$BACKUP_IFS";; -non-int*) non_interactive=1;; - *) echo $0: Error: $USAGE 1>&2; exit 1;; + *) echo "$0: Error: $USAGE" 1>&2; exit 1;; esac shift done @@ -530,7 +531,7 @@ MANPAGE_DIRECTORY=$install_root$manpage_directory SAMPLE_DIRECTORY=$install_root$sample_directory README_DIRECTORY=$install_root$readme_directory -# Avoid repeated tests for existence of these. +# Avoid repeated tests for existence of these; default permissions suffice. test -d $DAEMON_DIRECTORY || mkdir -p $DAEMON_DIRECTORY || exit 1 test -d $COMMAND_DIRECTORY || mkdir -p $COMMAND_DIRECTORY || exit 1 diff --git a/postfix/proto/access b/postfix/proto/access index 5536b41d5..36713ab09 100644 --- a/postfix/proto/access +++ b/postfix/proto/access @@ -56,11 +56,11 @@ # .IP \fIuser\fR@ # Matches all mail addresses with the specified user part. # .PP -# Note: lookup of the null sender address may not be possible with -# all supported types of lookup table. A workaround is to specify -# \fBsmtpd_null_access_lookup_key = <>\fR in the Postfix \fBmain.cf\fR -# file, and to specify \fB<>\fR as the left-hand field in the access -# table. +# Note: lookup of the null sender address is not possible with +# some types of lookup table. By default, Postfix uses \fB<>\fR +# as the lookup key for such addresses. The value is specified with +# the workaround is to specify \fBsmtpd_null_access_lookup_key\fR +# parameter in the Postfix \fBmain.cf\fR file. # ADDRESS EXTENSION # .fi # .ad @@ -99,6 +99,9 @@ # error response message is generated. # .IP \fBOK\fR # Accept the address etc. that matches the pattern. +# .IP \fIall-numerical\fR +# An all-numerical result is treated as OK. This format is +# generated by address-based relay authorization schemes. # .IP \fIrestriction...\fR # Apply the named UCE restriction(s) (\fBpermit\fR, \fRreject\fR, # \fBreject_unauth_destination\fR, and so on). diff --git a/postfix/proto/aliases0 b/postfix/proto/aliases0 index d6cf7666b..9fcd48f7a 100644 --- a/postfix/proto/aliases0 +++ b/postfix/proto/aliases0 @@ -1,4 +1,8 @@ # +# Sample aliases file. Install in the location as specified by the +# output from the command "postconf alias_maps". Typical path names +# are /etc/aliases or /etc/mail/aliases. +# # >>>>>>>>>> The program "newaliases" must be run after # >> NOTE >> this file is updated for any changes to # >>>>>>>>>> show through to Postfix. diff --git a/postfix/proto/transport b/postfix/proto/transport index c630d44bc..18559faa9 100644 --- a/postfix/proto/transport +++ b/postfix/proto/transport @@ -141,7 +141,7 @@ # this topic. See the Postfix \fBmain.cf\fR file for syntax details # and for default values. Use the \fBpostfix reload\fR command after # a configuration change. -# .IP "\fBparent_domain_matches_subdomains\fR (versions >= 20011119)" +# .IP \fBparent_domain_matches_subdomains\fR # List of Postfix features that use \fIdomain.name\fR patterns # to match \fIsub.domain.name\fR (as opposed to # requiring \fI.domain.name\fR patterns). diff --git a/postfix/src/bounce/bounce_append_service.c b/postfix/src/bounce/bounce_append_service.c index a309ee997..82620f02b 100644 --- a/postfix/src/bounce/bounce_append_service.c +++ b/postfix/src/bounce/bounce_append_service.c @@ -91,6 +91,12 @@ int bounce_append_service(char *service, char *queue_id, * file format because we do not need anything more complicated. As a * benefit, we can still recover some data when the file is a little * garbled. + * + * XXX addresses in defer logfiles are in printable quoted form, while + * addresses in message envelope records are in raw unquoted form. This + * may change once we replace the present ad-hoc bounce/defer logfile + * format by one that is transparent for control etc. characters. See + * also: showq/showq.c. */ if ((orig_length = vstream_fseek(log, 0L, SEEK_END)) < 0) msg_fatal("seek file %s %s: %m", service, queue_id); @@ -98,6 +104,8 @@ int bounce_append_service(char *service, char *queue_id, if (*recipient) vstream_fprintf(log, "<%s>: ", printable(vstring_str(quote_822_local(in_buf, recipient)), '?')); + else + vstream_fprintf(log, "<>: "); vstream_fputs(printable(why, '?'), log); vstream_fputs("\n\n", log); diff --git a/postfix/src/cleanup/Makefile.in b/postfix/src/cleanup/Makefile.in index cec834caa..5a380fcbd 100644 --- a/postfix/src/cleanup/Makefile.in +++ b/postfix/src/cleanup/Makefile.in @@ -265,6 +265,7 @@ cleanup_out.o: ../../include/vstream.h cleanup_out.o: ../../include/record.h cleanup_out.o: ../../include/rec_type.h cleanup_out.o: ../../include/cleanup_user.h +cleanup_out.o: ../../include/mail_params.h cleanup_out.o: cleanup.h cleanup_out.o: ../../include/argv.h cleanup_out.o: ../../include/maps.h diff --git a/postfix/src/cleanup/cleanup.h b/postfix/src/cleanup/cleanup.h index 09d700ed1..62e01f38f 100644 --- a/postfix/src/cleanup/cleanup.h +++ b/postfix/src/cleanup/cleanup.h @@ -47,6 +47,7 @@ typedef struct CLEANUP_STATE { int err_mask; /* allowed badness */ VSTRING *header_buf; /* multi-record header */ int headers_seen; /* which headers were seen */ + int prev_header_type; /* multi-record physical header line */ int hop_count; /* count of received: headers */ ARGV *recipients; /* recipients from regular headers */ ARGV *resent_recip; /* recipients from resent headers */ diff --git a/postfix/src/cleanup/cleanup_api.c b/postfix/src/cleanup/cleanup_api.c index 2da603b91..2f752e459 100644 --- a/postfix/src/cleanup/cleanup_api.c +++ b/postfix/src/cleanup/cleanup_api.c @@ -125,7 +125,7 @@ CLEANUP_STATE *cleanup_open(void) * that the runtime error handler can clean up in case of problems. */ state->handle = mail_stream_file(MAIL_QUEUE_INCOMING, - MAIL_CLASS_PUBLIC, MAIL_SERVICE_QUEUE, 0); + MAIL_CLASS_PUBLIC, var_queue_service, 0); state->dst = state->handle->stream; cleanup_path = mystrdup(VSTREAM_PATH(state->dst)); state->queue_id = mystrdup(state->handle->id); diff --git a/postfix/src/cleanup/cleanup_map1n.c b/postfix/src/cleanup/cleanup_map1n.c index d7176a434..f94e08e27 100644 --- a/postfix/src/cleanup/cleanup_map1n.c +++ b/postfix/src/cleanup/cleanup_map1n.c @@ -112,7 +112,8 @@ ARGV *cleanup_map1n_internal(CLEANUP_STATE *state, char *addr, state->queue_id, maps->title, addr); break; } - if ((lookup = mail_addr_map(maps, argv->argv[arg], propagate)) != 0) { + quote_822_local(state->temp1, argv->argv[arg]); + if ((lookup = mail_addr_map(maps, STR(state->temp1), propagate)) != 0) { saved_lhs = mystrdup(argv->argv[arg]); for (i = 0; i < lookup->argc; i++) { unquote_822_local(state->temp1, lookup->argv[i]); diff --git a/postfix/src/cleanup/cleanup_message.c b/postfix/src/cleanup/cleanup_message.c index fca690451..a0dbcfec7 100644 --- a/postfix/src/cleanup/cleanup_message.c +++ b/postfix/src/cleanup/cleanup_message.c @@ -254,31 +254,52 @@ static void cleanup_rewrite_recip(CLEANUP_STATE *state, HEADER_OPTS *hdr_opts) cleanup_fold_header(state); } -/* cleanup_check_reject - parse and match header/body REJECT line */ +/* cleanup_act - act upon a header/body match */ -static int cleanup_check_reject(CLEANUP_STATE *state, const char *value) +static int cleanup_act(CLEANUP_STATE *state, char *context, char *buf, + const char *value, const char *map_class) { - const char *reason = value + strcspn(value, " \t"); + const char *optional_text = value + strcspn(value, " \t"); + int command_len = optional_text - value; - /* - * See if they spelled REJECT right. - * - * XXX The reason should be set only if we have a more severe error than - * anything that was found before. This calls for a cleanup_set_error() - * routine that takes an error code and an optional text. - */ - if (strncasecmp(value, "REJECT", reason - value) == 0) { - if (state->reason == 0) { - while (*reason && ISSPACE(*reason)) - reason++; - state->reason = mystrdup(*reason ? reason : + while (*optional_text && ISSPACE(*optional_text)) + optional_text++; + +#define STREQUAL(x,y,l) (strncasecmp((x), (y), (l)) == 0 && (y)[l] == 0) +#define CLEANUP_ACT_KEEP 1 +#define CLEANUP_ACT_DROP 0 + + if (STREQUAL(value, "REJECT", command_len)) { + if (state->reason == 0) + state->reason = mystrdup(*optional_text ? optional_text : cleanup_strerror(CLEANUP_STAT_CONT)); - } state->errs |= CLEANUP_STAT_CONT; - return (1); - } else { - return (0); + msg_info("%s: reject: %s %.200s; from=<%s> to=<%s>: %s", + state->queue_id, context, buf, state->sender, + state->recip ? state->recip : "unknown", + state->reason); + return (CLEANUP_ACT_KEEP); } + if (STREQUAL(value, "WARN", command_len)) { + msg_info("%s: warning: %s %.200s; from=<%s> to=<%s>: %s", + state->queue_id, context, buf, state->sender, + state->recip ? state->recip : "unknown", + *optional_text ? optional_text : + cleanup_strerror(CLEANUP_STAT_CONT)); + return (CLEANUP_ACT_KEEP); + } + if (*optional_text) + msg_warn("unexpected text after command in %s map: %s", + map_class, value); + + if (STREQUAL(value, "IGNORE", command_len)) + return (CLEANUP_ACT_DROP); + + if (STREQUAL(value, "OK", command_len)) + return (CLEANUP_ACT_KEEP); + + msg_warn("unknown command in %s map: %s", map_class, value); + return (CLEANUP_ACT_KEEP); } /* cleanup_header - process one complete header line */ @@ -296,25 +317,16 @@ static void cleanup_header(CLEANUP_STATE *state) const char *value; if ((value = maps_find(cleanup_header_checks, header, 0)) != 0) { - if (cleanup_check_reject(state, value) != 0) { - msg_info("%s: reject: header %.200s; from=<%s> to=<%s>: %s", - state->queue_id, header, state->sender, - state->recip ? state->recip : "unknown", - state->reason); - } else if (strcasecmp(value, "IGNORE") == 0) { + if (cleanup_act(state, "header", header, value, VAR_HEADER_CHECKS) + == CLEANUP_ACT_DROP) return; - } else if (strcasecmp(value, "WARN") == 0) { - msg_info("%s: warning: header %.200s; from=<%s> to=<%s>", - state->queue_id, header, state->sender, - state->recip ? state->recip : "unknown"); - } } } /* * If this is an "unknown" header, just copy it to the output without - * even bothering to fold long lines. XXX Should split header lines that - * do not fit a REC_TYPE_NORM record. + * even bothering to fold long lines. cleanup_out() will split long + * headers that do not fit in a REC_TYPE_NORM record. */ if ((hdr_opts = header_opts_find(vstring_str(state->header_buf))) == 0) { cleanup_out_header(state); @@ -506,23 +518,36 @@ static void cleanup_message_header(CLEANUP_STATE *state, int type, char *buf, in /* * First, deal with header information that we have accumulated from - * previous input records. A whole record that starts with whitespace is - * a continuation of previous data. + * previous input records. * - * XXX Silently switch to body processing when some message header requires - * an unreasonable amount of storage, or when a message header record - * does not fit in a REC_TYPE_NORM type record. + * If a physical header line exceeds the capacity of a Postfix queue file + * record, reconstruct the long line from multiple records (up to the + * header size limit), and break the long line up into multiple Postfix + * records upon output to the queue file. Discard text that does not fit + * in a header buffer, so as to avoid breaking MIME formatting. + * + * It is left up to delivery agents to glue long lines back together and to + * enforce an appropriate output line length limit. */ if (VSTRING_LEN(state->header_buf) > 0) { - if ((VSTRING_LEN(state->header_buf) >= var_header_limit - || type == REC_TYPE_CONT)) { - state->errs |= CLEANUP_STAT_HOVFL; - } else if (type == REC_TYPE_NORM && ISSPACE(*buf)) { - VSTRING_ADDCH(state->header_buf, '\n'); - vstring_strcat(state->header_buf, buf); - return; - } else { - /* Body record or end of message segment. */ ; + if (type != REC_TYPE_XTRA) { + if (state->prev_header_type == REC_TYPE_CONT) { + if (VSTRING_LEN(state->header_buf) < var_header_limit) + vstring_strcat(state->header_buf, buf); + else + state->errs |= CLEANUP_STAT_HOVFL; + state->prev_header_type = type; + return; + } + if (ISSPACE(*buf)) { + if (VSTRING_LEN(state->header_buf) < var_header_limit) { + VSTRING_ADDCH(state->header_buf, '\n'); + vstring_strcat(state->header_buf, buf); + } else + state->errs |= CLEANUP_STAT_HOVFL; + state->prev_header_type = type; + return; + } } /* @@ -535,14 +560,11 @@ static void cleanup_message_header(CLEANUP_STATE *state, int type, char *buf, in } /* - * Switch to body processing if this is not a header or if the saved - * header would require an unreasonable amount of storage. Generate - * missing headers. Add one blank line when the message headers are - * immediately followed by a non-empty message body. + * Switch to body processing if this is not a header. Generate missing + * headers. Add one blank line when the message headers are immediately + * followed by a non-empty message body. */ - if (((state->errs & CLEANUP_STAT_HOVFL) - || type != REC_TYPE_NORM - || !is_header(buf))) { + if (type == REC_TYPE_XTRA || !is_header(buf)) { cleanup_missing_headers(state); if (type != REC_TYPE_XTRA && *buf) /* output blank line */ cleanup_out_string(state, REC_TYPE_NORM, ""); @@ -555,6 +577,7 @@ static void cleanup_message_header(CLEANUP_STATE *state, int type, char *buf, in */ else { vstring_strcpy(state->header_buf, buf); + state->prev_header_type = type; } } @@ -580,18 +603,9 @@ static void cleanup_message_body(CLEANUP_STATE *state, int type, char *buf, int const char *value; if ((value = maps_find(cleanup_body_checks, buf, 0)) != 0) { - if (cleanup_check_reject(state, value) != 0) { - msg_info("%s: reject: body %.200s; from=<%s> to=<%s>: %s", - state->queue_id, buf, state->sender, - state->recip ? state->recip : "unknown", - state->reason); - } else if (strcasecmp(value, "IGNORE") == 0) { + if (cleanup_act(state, "body", buf, value, VAR_BODY_CHECKS) + == CLEANUP_ACT_DROP) return; - } else if (strcasecmp(value, "WARN") == 0) { - msg_info("%s: warning: body %.200s; from=<%s> to=<%s>", - state->queue_id, buf, state->sender, - state->recip ? state->recip : "unknown"); - } } } cleanup_out(state, type, buf, len); diff --git a/postfix/src/cleanup/cleanup_out.c b/postfix/src/cleanup/cleanup_out.c index aa9618dcc..a68d27415 100644 --- a/postfix/src/cleanup/cleanup_out.c +++ b/postfix/src/cleanup/cleanup_out.c @@ -77,6 +77,7 @@ #include #include #include +#include /* Application-specific. */ @@ -86,16 +87,42 @@ void cleanup_out(CLEANUP_STATE *state, int type, char *string, int len) { - if (CLEANUP_OUT_OK(state)) { - if (rec_put(state->dst, type, string, len) < 0) { - if (errno == EFBIG) { - msg_warn("%s: queue file size limit exceeded", - state->queue_id); - state->errs |= CLEANUP_STAT_SIZE; - } else { - msg_warn("%s: write queue file: %m", state->queue_id); - state->errs |= CLEANUP_STAT_WRITE; - } + int err = 0; + + /* + * Long message header lines have to be read and written as multiple + * records. Other header/body content, and envelope data, is copied one + * record at a time. Be sure to not skip a zero-length request. + * + * XXX We don't know if we're writing a message header or not, but that is + * not a problem. A REC_TYPE_NORM or REC_TYPE_CONT record can always be + * chopped up into an equivalent set of REC_TYPE_CONT plus REC_TYPE_NORM + * records. + */ + if (CLEANUP_OUT_OK(state) == 0) + return; + +#define TEXT_RECORD(t) ((t) == REC_TYPE_NORM || (t) == REC_TYPE_CONT) + + do { + if (len > var_line_limit && TEXT_RECORD(type)) { + err = rec_put(state->dst, REC_TYPE_CONT, string, var_line_limit); + string += var_line_limit; + len -= var_line_limit; + } else { + err = rec_put(state->dst, type, string, len); + break; + } + } while (len > 0 && err >= 0); + + if (err < 0) { + if (errno == EFBIG) { + msg_warn("%s: queue file size limit exceeded", + state->queue_id); + state->errs |= CLEANUP_STAT_SIZE; + } else { + msg_warn("%s: write queue file: %m", state->queue_id); + state->errs |= CLEANUP_STAT_WRITE; } } } diff --git a/postfix/src/cleanup/cleanup_state.c b/postfix/src/cleanup/cleanup_state.c index 2206d7a42..bfe6bacf9 100644 --- a/postfix/src/cleanup/cleanup_state.c +++ b/postfix/src/cleanup/cleanup_state.c @@ -72,6 +72,7 @@ CLEANUP_STATE *cleanup_state_alloc(void) state->err_mask = 0; state->header_buf = vstring_alloc(100); state->headers_seen = 0; + state->prev_header_type = 0; state->hop_count = 0; state->recipients = argv_alloc(2); state->resent_recip = argv_alloc(2); diff --git a/postfix/src/flush/flush.c b/postfix/src/flush/flush.c index 71258a1a4..3541c3117 100644 --- a/postfix/src/flush/flush.c +++ b/postfix/src/flush/flush.c @@ -110,7 +110,7 @@ /* .IP \fBfast_flush_purge_time\fR /* Remove an empty "fast flush" logfile that was not updated in /* this amount of time (default time unit: days). -/* .IP "\fBparent_domain_matches_subdomains\fR (versions >= 20011119)" +/* .IP \fBparent_domain_matches_subdomains\fR /* List of Postfix features that use \fIdomain.name\fR patterns /* to match \fIsub.domain.name\fR (as opposed to /* requiring \fI.domain.name\fR patterns). @@ -203,7 +203,15 @@ static DOMAIN_LIST *flush_domains; * name space: domain names versus safe-to-use pathnames. */ static int flush_add_path(const char *, const char *); -static int flush_send_path(const char *); +static int flush_send_path(const char *, int); + + /* + * Do we only refresh the per-destination logfile, or do we really request + * mail delivery as if someone sent ETRN? If the latter, we must override + * information about unavailable hosts or unavailable transports. + */ +#define REFRESH_ONLY 0 +#define REFRESH_AND_DELIVER 1 /* flush_site_to_path - convert domain or [addr] to harmless string */ @@ -318,7 +326,7 @@ static int flush_add_path(const char *path, const char *queue_id) /* flush_send_service - flush mail queued for site */ -static int flush_send_service(const char *site) +static int flush_send_service(const char *site, int how) { char *myname = "flush_send_service"; VSTRING *site_path; @@ -337,7 +345,7 @@ static int flush_send_service(const char *site) * Map site name to path name and flush the log. */ site_path = flush_site_to_path((VSTRING *) 0, site); - status = flush_send_path(STR(site_path)); + status = flush_send_path(STR(site_path), how); vstring_free(site_path); return (status); @@ -345,17 +353,20 @@ static int flush_send_service(const char *site) /* flush_send_path - flush logfile file */ -static int flush_send_path(const char *path) +static int flush_send_path(const char *path, int how) { const char *myname = "flush_send_path"; VSTRING *queue_id; VSTRING *queue_file; VSTREAM *log; struct utimbuf tbuf; - static char qmgr_trigger[] = { + static char qmgr_deliver_trigger[] = { QMGR_REQ_SCAN_INCOMING, /* scan incoming queue */ QMGR_REQ_FLUSH_DEAD, /* flush dead site/transport cache */ }; + static char qmgr_refresh_trigger[] = { + QMGR_REQ_SCAN_INCOMING, /* scan incoming queue */ + }; HTABLE *dup_filter; int count; @@ -463,8 +474,12 @@ static int flush_send_path(const char *path) if (count > 0) { if (msg_verbose) msg_info("%s: requesting delivery for logfile %s", myname, path); - mail_trigger(MAIL_CLASS_PUBLIC, MAIL_SERVICE_QUEUE, - qmgr_trigger, sizeof(qmgr_trigger)); + if (how == REFRESH_ONLY) + mail_trigger(MAIL_CLASS_PUBLIC, var_queue_service, + qmgr_refresh_trigger, sizeof(qmgr_refresh_trigger)); + else + mail_trigger(MAIL_CLASS_PUBLIC, var_queue_service, + qmgr_deliver_trigger, sizeof(qmgr_deliver_trigger)); } return (FLUSH_STAT_OK); } @@ -503,7 +518,7 @@ static int flush_refresh_service(int max_age) } else if (st.st_atime + max_age < event_time()) { if (msg_verbose) msg_info("%s: flush logfile %s", myname, site_path); - flush_send_path(site_path); + flush_send_path(site_path, REFRESH_ONLY); } else { if (msg_verbose) msg_info("%s: skip logfile %s, unread for <%d hours(s) ", @@ -608,7 +623,8 @@ static void flush_service(VSTREAM *client_stream, char *unused_service, if (attr_scan(client_stream, ATTR_FLAG_STRICT, ATTR_TYPE_STR, MAIL_ATTR_SITE, site, ATTR_TYPE_END) == 1) - status = flush_send_service(lowercase(STR(site))); + status = flush_send_service(lowercase(STR(site)), + REFRESH_AND_DELIVER); attr_print(client_stream, ATTR_FLAG_NONE, ATTR_TYPE_NUM, MAIL_ATTR_STATUS, status, ATTR_TYPE_END); diff --git a/postfix/src/global/abounce.c b/postfix/src/global/abounce.c index 5cacccf5e..821147886 100644 --- a/postfix/src/global/abounce.c +++ b/postfix/src/global/abounce.c @@ -126,6 +126,7 @@ /* Global library. */ +#include #include #include @@ -220,7 +221,7 @@ void abounce_flush_verp(int flags, const char *queue, const char *id, const char *sender, const char *verp, ABOUNCE_FN callback, char *context) { - abounce_request_verp(MAIL_CLASS_PRIVATE, MAIL_SERVICE_BOUNCE, + abounce_request_verp(MAIL_CLASS_PRIVATE, var_bounce_service, BOUNCE_CMD_VERP, flags, queue, id, sender, verp, callback, context); } @@ -231,7 +232,7 @@ void adefer_flush_verp(int flags, const char *queue, const char *id, const char *sender, const char *verp, ABOUNCE_FN callback, char *context) { - abounce_request_verp(MAIL_CLASS_PRIVATE, MAIL_SERVICE_DEFER, + abounce_request_verp(MAIL_CLASS_PRIVATE, var_defer_service, BOUNCE_CMD_VERP, flags, queue, id, sender, verp, callback, context); } @@ -278,7 +279,7 @@ static void abounce_request(const char *class, const char *service, void abounce_flush(int flags, const char *queue, const char *id, const char *sender, ABOUNCE_FN callback, char *context) { - abounce_request(MAIL_CLASS_PRIVATE, MAIL_SERVICE_BOUNCE, BOUNCE_CMD_FLUSH, + abounce_request(MAIL_CLASS_PRIVATE, var_bounce_service, BOUNCE_CMD_FLUSH, flags, queue, id, sender, callback, context); } @@ -287,7 +288,7 @@ void abounce_flush(int flags, const char *queue, const char *id, void adefer_flush(int flags, const char *queue, const char *id, const char *sender, ABOUNCE_FN callback, char *context) { - abounce_request(MAIL_CLASS_PRIVATE, MAIL_SERVICE_DEFER, BOUNCE_CMD_FLUSH, + abounce_request(MAIL_CLASS_PRIVATE, var_defer_service, BOUNCE_CMD_FLUSH, flags, queue, id, sender, callback, context); } @@ -296,6 +297,6 @@ void adefer_flush(int flags, const char *queue, const char *id, void adefer_warn(int flags, const char *queue, const char *id, const char *sender, ABOUNCE_FN callback, char *context) { - abounce_request(MAIL_CLASS_PRIVATE, MAIL_SERVICE_DEFER, BOUNCE_CMD_WARN, + abounce_request(MAIL_CLASS_PRIVATE, var_defer_service, BOUNCE_CMD_WARN, flags, queue, id, sender, callback, context); } diff --git a/postfix/src/global/bounce.c b/postfix/src/global/bounce.c index 805d4c787..67f97bb99 100644 --- a/postfix/src/global/bounce.c +++ b/postfix/src/global/bounce.c @@ -143,16 +143,17 @@ int vbounce_append(int flags, const char *id, const char *recipient, delay = time((time_t *) 0) - entry; vstring_vsprintf(why, fmt, ap); if (mail_command_client(MAIL_CLASS_PRIVATE, var_soft_bounce ? - MAIL_SERVICE_DEFER : MAIL_SERVICE_BOUNCE, + var_defer_service : var_bounce_service, ATTR_TYPE_NUM, MAIL_ATTR_NREQ, BOUNCE_CMD_APPEND, ATTR_TYPE_NUM, MAIL_ATTR_FLAGS, flags, ATTR_TYPE_STR, MAIL_ATTR_QUEUEID, id, ATTR_TYPE_STR, MAIL_ATTR_RECIP, recipient, ATTR_TYPE_STR, MAIL_ATTR_WHY, vstring_str(why), ATTR_TYPE_END) == 0) { - msg_info("%s: to=<%s>, relay=%s, delay=%d, status=%s (%s)", + msg_info("%s: to=<%s>, relay=%s, delay=%d, status=%s (%s%s)", id, recipient, relay, delay, var_soft_bounce ? "deferred" : - "bounced", vstring_str(why)); + "bounced", var_soft_bounce ? "SOFT BOUNCE - " : "", + vstring_str(why)); status = (var_soft_bounce ? -1 : 0); } else if ((flags & BOUNCE_FLAG_CLEAN) == 0) { status = defer_append(flags, id, recipient, "bounce", delay, @@ -176,7 +177,7 @@ int bounce_flush(int flags, const char *queue, const char *id, */ if (var_soft_bounce) return (-1); - if (mail_command_client(MAIL_CLASS_PRIVATE, MAIL_SERVICE_BOUNCE, + if (mail_command_client(MAIL_CLASS_PRIVATE, var_bounce_service, ATTR_TYPE_NUM, MAIL_ATTR_NREQ, BOUNCE_CMD_FLUSH, ATTR_TYPE_NUM, MAIL_ATTR_FLAGS, flags, ATTR_TYPE_STR, MAIL_ATTR_QUEUE, queue, diff --git a/postfix/src/global/defer.c b/postfix/src/global/defer.c index 40130cfe3..dd331230e 100644 --- a/postfix/src/global/defer.c +++ b/postfix/src/global/defer.c @@ -113,6 +113,7 @@ /* Global library. */ +#include "mail_params.h" #include "mail_queue.h" #include "mail_proto.h" #include "flush_clnt.h" @@ -145,7 +146,7 @@ int vdefer_append(int flags, const char *id, const char *recipient, const char *rcpt_domain; vstring_vsprintf(why, fmt, ap); - if (mail_command_client(MAIL_CLASS_PRIVATE, MAIL_SERVICE_DEFER, + if (mail_command_client(MAIL_CLASS_PRIVATE, var_defer_service, ATTR_TYPE_NUM, MAIL_ATTR_NREQ, BOUNCE_CMD_APPEND, ATTR_TYPE_NUM, MAIL_ATTR_FLAGS, flags, ATTR_TYPE_STR, MAIL_ATTR_QUEUEID, id, @@ -179,7 +180,7 @@ int vdefer_append(int flags, const char *id, const char *recipient, int defer_flush(int flags, const char *queue, const char *id, const char *sender) { - if (mail_command_client(MAIL_CLASS_PRIVATE, MAIL_SERVICE_DEFER, + if (mail_command_client(MAIL_CLASS_PRIVATE, var_defer_service, ATTR_TYPE_NUM, MAIL_ATTR_NREQ, BOUNCE_CMD_FLUSH, ATTR_TYPE_NUM, MAIL_ATTR_FLAGS, flags, ATTR_TYPE_STR, MAIL_ATTR_QUEUE, queue, @@ -198,7 +199,7 @@ int defer_flush(int flags, const char *queue, const char *id, int defer_warn(int flags, const char *queue, const char *id, const char *sender) { - if (mail_command_client(MAIL_CLASS_PRIVATE, MAIL_SERVICE_DEFER, + if (mail_command_client(MAIL_CLASS_PRIVATE, var_defer_service, ATTR_TYPE_NUM, MAIL_ATTR_NREQ, BOUNCE_CMD_WARN, ATTR_TYPE_NUM, MAIL_ATTR_FLAGS, flags, ATTR_TYPE_STR, MAIL_ATTR_QUEUE, queue, diff --git a/postfix/src/global/flush_clnt.c b/postfix/src/global/flush_clnt.c index 8f35b6c5b..714599f5d 100644 --- a/postfix/src/global/flush_clnt.c +++ b/postfix/src/global/flush_clnt.c @@ -100,7 +100,7 @@ int flush_purge(void) if (*var_fflush_domains == 0) status = FLUSH_STAT_DENY; else - status = mail_command_client(MAIL_CLASS_PUBLIC, MAIL_SERVICE_FLUSH, + status = mail_command_client(MAIL_CLASS_PUBLIC, var_flush_service, ATTR_TYPE_STR, MAIL_ATTR_REQ, FLUSH_REQ_PURGE, ATTR_TYPE_END); @@ -126,7 +126,7 @@ int flush_refresh(void) if (*var_fflush_domains == 0) status = FLUSH_STAT_DENY; else - status = mail_command_client(MAIL_CLASS_PUBLIC, MAIL_SERVICE_FLUSH, + status = mail_command_client(MAIL_CLASS_PUBLIC, var_flush_service, ATTR_TYPE_STR, MAIL_ATTR_REQ, FLUSH_REQ_REFRESH, ATTR_TYPE_END); @@ -152,7 +152,7 @@ int flush_send(const char *site) if (*var_fflush_domains == 0) status = FLUSH_STAT_DENY; else - status = mail_command_client(MAIL_CLASS_PUBLIC, MAIL_SERVICE_FLUSH, + status = mail_command_client(MAIL_CLASS_PUBLIC, var_flush_service, ATTR_TYPE_STR, MAIL_ATTR_REQ, FLUSH_REQ_SEND, ATTR_TYPE_STR, MAIL_ATTR_SITE, site, ATTR_TYPE_END); @@ -179,7 +179,7 @@ int flush_add(const char *site, const char *queue_id) if (*var_fflush_domains == 0) status = FLUSH_STAT_DENY; else - status = mail_command_client(MAIL_CLASS_PUBLIC, MAIL_SERVICE_FLUSH, + status = mail_command_client(MAIL_CLASS_PUBLIC, var_flush_service, ATTR_TYPE_STR, MAIL_ATTR_REQ, FLUSH_REQ_ADD, ATTR_TYPE_STR, MAIL_ATTR_SITE, site, ATTR_TYPE_STR, MAIL_ATTR_QUEUEID, queue_id, diff --git a/postfix/src/global/mail_flush.c b/postfix/src/global/mail_flush.c index 5e30e529a..33f765e87 100644 --- a/postfix/src/global/mail_flush.c +++ b/postfix/src/global/mail_flush.c @@ -33,6 +33,7 @@ /* Global library. */ +#include #include #include @@ -50,6 +51,6 @@ int mail_flush_deferred(void) /* * Trigger the flush queue service. */ - return (mail_trigger(MAIL_CLASS_PUBLIC, MAIL_SERVICE_QUEUE, + return (mail_trigger(MAIL_CLASS_PUBLIC, var_queue_service, qmgr_trigger, sizeof(qmgr_trigger))); } diff --git a/postfix/src/global/mail_params.c b/postfix/src/global/mail_params.c index d6c476725..87bd2f1c6 100644 --- a/postfix/src/global/mail_params.c +++ b/postfix/src/global/mail_params.c @@ -42,6 +42,7 @@ /* int var_line_limit; /* char *var_alias_db_map; /* int var_message_limit; +/* char *var_mail_release; /* char *var_mail_version; /* int var_ipc_idle_limit; /* char *var_db_type; @@ -75,6 +76,15 @@ /* int var_debug_peer_level; /* int var_in_flow_delay; /* int var_fault_inj_code; +/* char *var_bounce_service; +/* char *var_cleanup_service; +/* char *var_defer_service; +/* char *var_pickup_service; +/* char *var_queue_service; +/* char *var_rewrite_service; +/* char *var_showq_service; +/* char *var_error_service; +/* char *var_flush_service; /* /* void mail_params_init() /* DESCRIPTION @@ -170,6 +180,7 @@ char *var_double_bounce_sender; int var_line_limit; char *var_alias_db_map; int var_message_limit; +char *var_mail_release; char *var_mail_version; int var_ipc_idle_limit; char *var_db_type; @@ -203,6 +214,15 @@ char *var_export_environ; char *var_debug_peer_list; int var_debug_peer_level; int var_fault_inj_code; +char *var_bounce_service; +char *var_cleanup_service; +char *var_defer_service; +char *var_pickup_service; +char *var_queue_service; +char *var_rewrite_service; +char *var_showq_service; +char *var_error_service; +char *var_flush_service; #define MAIN_CONF_FILE "main.cf" @@ -395,6 +415,7 @@ void mail_params_init() VAR_DOUBLE_BOUNCE, DEF_DOUBLE_BOUNCE, &var_double_bounce_sender, 1, 0, VAR_DEFAULT_PRIVS, DEF_DEFAULT_PRIVS, &var_default_privs, 1, 0, VAR_ALIAS_DB_MAP, DEF_ALIAS_DB_MAP, &var_alias_db_map, 0, 0, + VAR_MAIL_RELEASE, DEF_MAIL_RELEASE, &var_mail_release, 1, 0, VAR_MAIL_VERSION, DEF_MAIL_VERSION, &var_mail_version, 1, 0, VAR_DB_TYPE, DEF_DB_TYPE, &var_db_type, 1, 0, VAR_HASH_QUEUE_NAMES, DEF_HASH_QUEUE_NAMES, &var_hash_queue_names, 1, 0, @@ -410,6 +431,15 @@ void mail_params_init() VAR_VERP_FILTER, DEF_VERP_FILTER, &var_verp_filter, 1, 0, VAR_PAR_DOM_MATCH, DEF_PAR_DOM_MATCH, &var_par_dom_match, 0, 0, VAR_CONFIG_DIRS, DEF_CONFIG_DIRS, &var_config_dirs, 0, 0, + VAR_BOUNCE_SERVICE, DEF_BOUNCE_SERVICE, &var_bounce_service, 1, 0, + VAR_CLEANUP_SERVICE, DEF_CLEANUP_SERVICE, &var_cleanup_service, 1, 0, + VAR_DEFER_SERVICE, DEF_DEFER_SERVICE, &var_defer_service, 1, 0, + VAR_PICKUP_SERVICE, DEF_PICKUP_SERVICE, &var_pickup_service, 1, 0, + VAR_QUEUE_SERVICE, DEF_QUEUE_SERVICE, &var_queue_service, 1, 0, + VAR_REWRITE_SERVICE, DEF_REWRITE_SERVICE, &var_rewrite_service, 1, 0, + VAR_SHOWQ_SERVICE, DEF_SHOWQ_SERVICE, &var_showq_service, 1, 0, + VAR_ERROR_SERVICE, DEF_ERROR_SERVICE, &var_error_service, 1, 0, + VAR_FLUSH_SERVICE, DEF_FLUSH_SERVICE, &var_flush_service, 1, 0, 0, }; static CONFIG_STR_FN_TABLE function_str_defaults_2[] = { diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h index 4009dbdc2..922bc1d25 100644 --- a/postfix/src/global/mail_params.h +++ b/postfix/src/global/mail_params.h @@ -734,13 +734,17 @@ extern bool var_smtp_never_ehlo; #define DEF_SMTP_BIND_ADDR "" extern char *var_smtp_bind_addr; +#define VAR_SMTP_HELO_NAME "smtp_helo_name" +#define DEF_SMTP_HELO_NAME "$myhostname" +extern char *var_smtp_helo_name; + #define VAR_SMTP_RAND_ADDR "smtp_randomize_addresses" #define DEF_SMTP_RAND_ADDR 1 extern bool var_smtp_rand_addr; - -#define VAR_SMTP_BREAK_LINES "smtp_break_lines" -#define DEF_SMTP_BREAK_LINES 1 -extern bool var_smtp_break_lines; + +#define VAR_SMTP_LINE_LIMIT "smtp_line_length_limit" +#define DEF_SMTP_LINE_LIMIT 990 +extern int var_smtp_line_limit; #define VAR_SMTP_PIX_THRESH "smtp_pix_workaround_threshold_time" #define DEF_SMTP_PIX_THRESH "500s" @@ -1189,7 +1193,7 @@ extern int var_smtpd_delay_reject; #define REJECT_UNAUTH_PIPE "reject_unauth_pipelining" #define VAR_SMTPD_NULL_KEY "smtpd_null_access_lookup_key" -#define DEF_SMTPD_NULL_KEY "" +#define DEF_SMTPD_NULL_KEY "<>" extern char *var_smtpd_null_key; /* @@ -1353,7 +1357,11 @@ extern bool var_verp_bounce_off; * the sending processes get a chance to access the disk. */ #define VAR_IN_FLOW_DELAY "in_flow_delay" +#ifdef PIPES_CANT_FIONREAD +#define DEF_IN_FLOW_DELAY "0s" +#else #define DEF_IN_FLOW_DELAY "1s" +#endif extern int var_in_flow_delay; /* @@ -1411,6 +1419,62 @@ extern int var_fault_inj_code; #define DEF_README_DIR "no" #endif + /* + * Service names. The transport (TCP, FIFO or UNIX-domain) type is frozen + * because you cannot simply mix them, and accessibility (private/public) is + * frozen for security reasons. We list only the internal services, not the + * externally visible SMTP server, or the delivery agents that can already + * be chosen via transport mappings etc. + */ +#define VAR_BOUNCE_SERVICE "bounce_service_name" +#define DEF_BOUNCE_SERVICE MAIL_SERVICE_BOUNCE +extern char *var_bounce_service; + +#define VAR_CLEANUP_SERVICE "cleanup_service_name" +#define DEF_CLEANUP_SERVICE MAIL_SERVICE_CLEANUP +extern char *var_cleanup_service; + +#define VAR_DEFER_SERVICE "defer_service_name" +#define DEF_DEFER_SERVICE MAIL_SERVICE_DEFER +extern char *var_defer_service; + +#define VAR_PICKUP_SERVICE "pickup_service_name" +#define DEF_PICKUP_SERVICE MAIL_SERVICE_PICKUP +extern char *var_pickup_service; + +#define VAR_QUEUE_SERVICE "queue_service_name" +#define DEF_QUEUE_SERVICE MAIL_SERVICE_QUEUE +extern char *var_queue_service; + + /* XXX resolve does not exist as a separate service */ + +#define VAR_REWRITE_SERVICE "rewrite_service_name" +#define DEF_REWRITE_SERVICE MAIL_SERVICE_REWRITE +extern char *var_rewrite_service; + +#define VAR_SHOWQ_SERVICE "showq_service_name" +#define DEF_SHOWQ_SERVICE MAIL_SERVICE_SHOWQ +extern char *var_showq_service; + +#define VAR_ERROR_SERVICE "error_service_name" +#define DEF_ERROR_SERVICE MAIL_SERVICE_ERROR +extern char *var_error_service; + +#define VAR_FLUSH_SERVICE "flush_service_name" +#define DEF_FLUSH_SERVICE MAIL_SERVICE_FLUSH +extern char *var_flush_service; + + /* + * Mailbox/maildir delivery errors that cause delivery to be tried again. + */ +#define VAR_MBX_DEFER_ERRS "mailbox_defer_errors" +#define DEF_MBX_DEFER_ERRS "eagain, enospc, estale" +extern char *var_mbx_defer_errs; + +#define VAR_MDR_DEFER_ERRS "maildir_defer_errors" +#define DEF_MDR_DEFER_ERRS "enospc, estale" +extern char *var_mdr_defer_errs; + /* LICENSE /* .ad /* .fi diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 4e9c07d48..6210db5e5 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -12,12 +12,29 @@ /* .nf /* - * Version of this program. + * Version of this program. Official versions are called a.b.c, and + * snapshots are called a.b.c-yyyymmdd, where a=major release number, + * b=minor release number, c=patchlevel, and yyyymmdd is the release date: + * yyyy=year, mm=month, dd=day. + * + * Patches change the patchlevel and the release date. Snapshots change the + * release date only, unless they include the same bugfix as a patch release. */ #define VAR_MAIL_VERSION "mail_version" -#define DEF_MAIL_VERSION "Snapshot-20020115" +#ifdef SNAPSHOT +#define DEF_MAIL_VERSION "1.1.5-$mail_release_date" +#else +#define DEF_MAIL_VERSION "1.1.5" +#endif extern char *var_mail_version; + /* + * Release date. + */ +#define VAR_MAIL_RELEASE "mail_release_date" +#define DEF_MAIL_RELEASE "20020311" +extern char *var_mail_release; + /* LICENSE /* .ad /* .fi diff --git a/postfix/src/global/mkmap_open.c b/postfix/src/global/mkmap_open.c index 593f76317..e2cd16717 100644 --- a/postfix/src/global/mkmap_open.c +++ b/postfix/src/global/mkmap_open.c @@ -124,7 +124,7 @@ void mkmap_close(MKMAP *mkmap) /* mkmap_open - create or truncate database */ MKMAP *mkmap_open(const char *type, const char *path, - int open_flags, int dict_flags) + int open_flags, int dict_flags) { MKMAP *mkmap; MKMAP_OPEN_INFO *mp; @@ -164,7 +164,8 @@ MKMAP *mkmap_open(const char *type, const char *path, * needed because the underlying routines read as well as write. */ mkmap->dict = mkmap->open(path, open_flags, dict_flags); - mkmap->dict->fd = -1; /* XXX just in case */ + mkmap->dict->lock_fd = -1; /* XXX just in case */ + mkmap->dict->stat_fd = -1; /* XXX just in case */ mkmap->dict->flags |= DICT_FLAG_DUP_WARN; return (mkmap); } diff --git a/postfix/src/global/off_cvt.c b/postfix/src/global/off_cvt.c index 5aabb97ca..756b63c8c 100644 --- a/postfix/src/global/off_cvt.c +++ b/postfix/src/global/off_cvt.c @@ -74,7 +74,7 @@ off_t off_cvt_string(const char *str) /* * Multiplication by numbers > 2 can overflow without producing a smaller * result mod 2^N (where N is the number of bits in the result type). - * (Victor Duchovny, Morgan Stanley). + * (Victor Duchovni, Morgan Stanley). */ for (result = 0; (ch = *(unsigned char *) str) != 0; str++) { if (!ISDIGIT(ch)) diff --git a/postfix/src/global/pipe_command.c b/postfix/src/global/pipe_command.c index 11f68b325..7cee11d7f 100644 --- a/postfix/src/global/pipe_command.c +++ b/postfix/src/global/pipe_command.c @@ -368,6 +368,7 @@ int pipe_command(VSTREAM *src, VSTRING *why,...) * system a chance to recover, and try again later. */ case -1: + msg_warn("fork: %m"); vstring_sprintf(why, "Delivery failed: %m"); return (PIPE_STAT_DEFER); diff --git a/postfix/src/global/post_mail.c b/postfix/src/global/post_mail.c index 7c2fb0def..425b1a52d 100644 --- a/postfix/src/global/post_mail.c +++ b/postfix/src/global/post_mail.c @@ -145,7 +145,7 @@ static void post_mail_init(VSTREAM *stream, const char *sender, || attr_print(stream, ATTR_FLAG_NONE, ATTR_TYPE_NUM, MAIL_ATTR_FLAGS, flags, ATTR_TYPE_END) != 0) - msg_fatal("unable to contact the %s service", MAIL_SERVICE_CLEANUP); + msg_fatal("unable to contact the %s service", var_cleanup_service); /* * Generate a minimal envelope section. The cleanup service will add a @@ -173,7 +173,7 @@ VSTREAM *post_mail_fopen(const char *sender, const char *recipient, int flags) { VSTREAM *stream; - stream = mail_connect_wait(MAIL_CLASS_PUBLIC, MAIL_SERVICE_CLEANUP); + stream = mail_connect_wait(MAIL_CLASS_PUBLIC, var_cleanup_service); post_mail_init(stream, sender, recipient, flags); return (stream); } @@ -185,7 +185,7 @@ VSTREAM *post_mail_fopen_nowait(const char *sender, const char *recipient, { VSTREAM *stream; - if ((stream = mail_connect(MAIL_CLASS_PUBLIC, MAIL_SERVICE_CLEANUP, + if ((stream = mail_connect(MAIL_CLASS_PUBLIC, var_cleanup_service, BLOCKING)) != 0) post_mail_init(stream, sender, recipient, flags); return (stream); diff --git a/postfix/src/global/record.c b/postfix/src/global/record.c index 93c41c88b..5e91a9ee5 100644 --- a/postfix/src/global/record.c +++ b/postfix/src/global/record.c @@ -113,6 +113,9 @@ int rec_put_type(VSTREAM *stream, int type, long offset) { + if (type < 0 || type > 255) + msg_panic("rec_put_type: bad record type %d", type); + if (msg_verbose > 2) msg_info("rec_put_type: %d at %ld", type, offset); @@ -131,6 +134,9 @@ int rec_put(VSTREAM *stream, int type, const char *data, int len) int len_rest; int len_byte; + if (type < 0 || type > 255) + msg_panic("rec_put: bad record type %d", type); + if (msg_verbose > 2) msg_info("rec_put: type %c len %d data %.10s", type, len, data); diff --git a/postfix/src/global/resolve_clnt.c b/postfix/src/global/resolve_clnt.c index 563828765..4c884309f 100644 --- a/postfix/src/global/resolve_clnt.c +++ b/postfix/src/global/resolve_clnt.c @@ -152,7 +152,7 @@ void resolve_clnt_query(const char *addr, RESOLVE_REPLY *reply) */ if (rewrite_clnt_stream == 0) rewrite_clnt_stream = clnt_stream_create(MAIL_CLASS_PRIVATE, - MAIL_SERVICE_REWRITE, var_ipc_idle_limit); + var_rewrite_service, var_ipc_idle_limit); for (;;) { stream = clnt_stream_access(rewrite_clnt_stream); diff --git a/postfix/src/global/resolve_local.c b/postfix/src/global/resolve_local.c index 94a5a4dbf..22f2234d9 100644 --- a/postfix/src/global/resolve_local.c +++ b/postfix/src/global/resolve_local.c @@ -2,14 +2,14 @@ /* NAME /* resolve_local 3 /* SUMMARY -/* determine if address resolves to local mail system +/* determine if domain resolves to local mail system /* SYNOPSIS /* #include /* /* void resolve_local_init() /* -/* int resolve_local(host) -/* const char *host; +/* int resolve_local(domain) +/* const char *domain; /* DESCRIPTION /* resolve_local() determines if the named domain resolves to the /* local mail system, either by case-insensitive exact match @@ -73,7 +73,7 @@ void resolve_local_init(void) resolve_local_list = string_list_init(MATCH_FLAG_NONE, var_mydest); } -/* resolve_local - match address against list of local destinations */ +/* resolve_local - match domain against list of local destinations */ int resolve_local(const char *addr) { @@ -91,6 +91,8 @@ int resolve_local(const char *addr) * Strip one trailing dot. */ len = strlen(saved_addr); + if (len == 0) + RETURN(0); if (saved_addr[len - 1] == '.') saved_addr[--len] = 0; diff --git a/postfix/src/global/rewrite_clnt.c b/postfix/src/global/rewrite_clnt.c index 886dc4922..75613e6d5 100644 --- a/postfix/src/global/rewrite_clnt.c +++ b/postfix/src/global/rewrite_clnt.c @@ -119,7 +119,7 @@ VSTRING *rewrite_clnt(const char *rule, const char *addr, VSTRING *result) */ if (rewrite_clnt_stream == 0) rewrite_clnt_stream = clnt_stream_create(MAIL_CLASS_PRIVATE, - MAIL_SERVICE_REWRITE, var_ipc_idle_limit); + var_rewrite_service, var_ipc_idle_limit); for (;;) { stream = clnt_stream_access(rewrite_clnt_stream); diff --git a/postfix/src/lmtp/lmtp_sasl_glue.c b/postfix/src/lmtp/lmtp_sasl_glue.c index ba57156a7..a53c19f9a 100644 --- a/postfix/src/lmtp/lmtp_sasl_glue.c +++ b/postfix/src/lmtp/lmtp_sasl_glue.c @@ -116,6 +116,9 @@ static NAME_MASK lmtp_sasl_sec_mask[] = { "noactive", SASL_SEC_NOACTIVE, "nodictionary", SASL_SEC_NODICTIONARY, "noanonymous", SASL_SEC_NOANONYMOUS, +#if SASL_VERSION_MAJOR >= 2 + "mutual_auth", SASL_SEC_MUTUAL_AUTH, +#endif 0, }; @@ -126,6 +129,47 @@ static int lmtp_sasl_sec_opts; */ #define STR(x) vstring_str(x) + /* + * Macros to handle API differences between SASLv1 and SASLv2. Specifics: + * + * The SASL_LOG_* constants were renamed in SASLv2. + * + * SASLv2's sasl_client_new takes two new parameters to specify local and + * remote IP addresses for auth mechs that use them. + * + * SASLv2's sasl_client_start function no longer takes the secret parameter. + * + * SASLv2's sasl_decode64 function takes an extra parameter for the length of + * the output buffer. + * + * The other major change is that SASLv2 now takes more responsibility for + * deallocating memory that it allocates internally. Thus, some of the + * function parameters are now 'const', to make sure we don't try to free + * them too. This is dealt with in the code later on. + */ + +#if SASL_VERSION_MAJOR < 2 +/* SASL version 1.x */ +#define SASL_LOG_WARN SASL_LOG_WARNING +#define SASL_LOG_NOTE SASL_LOG_INFO +#define SASL_CLIENT_NEW(srv, fqdn, lport, rport, prompt, secflags, pconn) \ + sasl_client_new(srv, fqdn, prompt, secflags, pconn) +#define SASL_CLIENT_START(conn, mechlst, secret, prompt, clout, cllen, mech) \ + sasl_client_start(conn, mechlst, secret, prompt, clout, cllen, mech) +#define SASL_DECODE64(in, inlen, out, outmaxlen, outlen) \ + sasl_decode64(in, inlen, out, outlen) +#endif + +#if SASL_VERSION_MAJOR >= 2 +/* SASL version > 2.x */ +#define SASL_CLIENT_NEW(srv, fqdn, lport, rport, prompt, secflags, pconn) \ + sasl_client_new(srv, fqdn, lport, rport, prompt, secflags, pconn) +#define SASL_CLIENT_START(conn, mechlst, secret, prompt, clout, cllen, mech) \ + sasl_client_start(conn, mechlst, prompt, clout, cllen, mech) +#define SASL_DECODE64(in, inlen, out, outmaxlen, outlen) \ + sasl_decode64(in, inlen, out, outmaxlen, outlen) +#endif + /* * Per-host login/password information. */ @@ -137,14 +181,18 @@ static int lmtp_sasl_log(void *unused_context, int priority, const char *message) { switch (priority) { - case SASL_LOG_ERR: - case SASL_LOG_WARNING: - msg_warn("%s", message); + case SASL_LOG_ERR: /* unusual errors */ + case SASL_LOG_WARN: /* non-fatal warnings */ + msg_warn("SASL authentication problem: %s", message); break; - case SASL_LOG_INFO: + case SASL_LOG_NOTE: /* other info */ if (msg_verbose) - msg_info("%s", message); + msg_info("SASL authentication info: %s", message); break; +#if SASL_VERSION_MAJOR >= 2 + case SASL_LOG_FAIL: /* authentication failures */ + msg_warn("SASL authentication failure: %s", message); +#endif } return (SASL_OK); } @@ -317,7 +365,12 @@ void lmtp_sasl_start(LMTP_STATE *state) memcpy((char *) state->sasl_callbacks, callbacks, sizeof(callbacks)); for (cp = state->sasl_callbacks; cp->id != SASL_CB_LIST_END; cp++) cp->context = (void *) state; - if (sasl_client_new("smtp", state->session->host, + +#define NULL_SERVER_ADDR ((char *) 0) +#define NULL_CLIENT_ADDR ((char *) 0) + + if (SASL_CLIENT_NEW("smtp", state->session->host, + NULL_CLIENT_ADDR, NULL_SERVER_ADDR, state->sasl_callbacks, NULL_SECFLAGS, (sasl_conn_t **) &state->sasl_conn) != SASL_OK) msg_fatal("per-session SASL client initialization"); @@ -354,7 +407,14 @@ int lmtp_sasl_authenticate(LMTP_STATE *state, VSTRING *why) char *myname = "lmtp_sasl_authenticate"; unsigned enc_length; unsigned enc_length_out; + +#if SASL_VERSION_MAJOR >= 2 + const char *clientout; + +#else char *clientout; + +#endif unsigned clientoutlen; unsigned serverinlen; LMTP_RESP *resp; @@ -374,7 +434,7 @@ int lmtp_sasl_authenticate(LMTP_STATE *state, VSTRING *why) /* * Start the client side authentication protocol. */ - result = sasl_client_start((sasl_conn_t *) state->sasl_conn, + result = SASL_CLIENT_START((sasl_conn_t *) state->sasl_conn, state->sasl_mechanism_list, NO_SASL_SECRET, NO_SASL_INTERACTION, &clientout, &clientoutlen, &mechanism); @@ -404,7 +464,10 @@ int lmtp_sasl_authenticate(LMTP_STATE *state, VSTRING *why) STR(state->sasl_encoded), enc_length, &enc_length_out) != SASL_OK) msg_panic("%s: sasl_encode64 botch", myname); +#if SASL_VERSION_MAJOR < 2 + /* SASL version 1 doesn't free memory that it allocates. */ free(clientout); +#endif lmtp_chat_cmd(state, "AUTH %s %s", mechanism, STR(state->sasl_encoded)); } else { lmtp_chat_cmd(state, "AUTH %s", mechanism); @@ -423,8 +486,8 @@ int lmtp_sasl_authenticate(LMTP_STATE *state, VSTRING *why) (void) mystrtok(&line, "- \t\n"); /* skip over result code */ serverinlen = strlen(line); VSTRING_SPACE(state->sasl_decoded, serverinlen); - if (sasl_decode64(line, serverinlen, - STR(state->sasl_decoded), &enc_length) != SASL_OK) { + if (SASL_DECODE64(line, serverinlen, STR(state->sasl_decoded), + serverinlen, &enc_length) != SASL_OK) { vstring_sprintf(why, "malformed SASL challenge from server %s", state->session->namaddr); return (-1); @@ -456,7 +519,10 @@ int lmtp_sasl_authenticate(LMTP_STATE *state, VSTRING *why) STR(state->sasl_encoded), enc_length, &enc_length_out) != SASL_OK) msg_panic("%s: sasl_encode64 botch", myname); +#if SASL_VERSION_MAJOR < 2 + /* SASL version 1 doesn't free memory that it allocates. */ free(clientout); +#endif } else { vstring_strcat(state->sasl_encoded, ""); } @@ -487,7 +553,8 @@ void lmtp_sasl_cleanup(LMTP_STATE *state) state->sasl_passwd = 0; } if (state->sasl_mechanism_list) { - myfree(state->sasl_mechanism_list); /* allocated in lmtp_helo */ + /* allocated in lmtp_sasl_helo_auth */ + myfree(state->sasl_mechanism_list); state->sasl_mechanism_list = 0; } if (state->sasl_conn) { diff --git a/postfix/src/local/alias.c b/postfix/src/local/alias.c index fe1eb46fd..af0fcf355 100644 --- a/postfix/src/local/alias.c +++ b/postfix/src/local/alias.c @@ -113,9 +113,9 @@ static uid_t dict_owner(char *table) */ if ((dict = dict_handle(table)) == 0) msg_panic("%s: can't find dictionary: %s", myname, table); - if (dict->fd < 0) + if (dict->stat_fd < 0) return (0); - if (fstat(dict->fd, &st) < 0) + if (fstat(dict->stat_fd, &st) < 0) msg_fatal("%s: fstat dictionary %s: %m", myname, table); return (st.st_uid); } diff --git a/postfix/src/local/forward.c b/postfix/src/local/forward.c index 5efbf1813..a15cc5592 100644 --- a/postfix/src/local/forward.c +++ b/postfix/src/local/forward.c @@ -125,7 +125,7 @@ static FORWARD_INFO *forward_open(char *sender) * "message too large", perhaps some others. The reason not to bounce * ourselves is that we don't really know who the recipients are. */ - cleanup = mail_connect(MAIL_CLASS_PUBLIC, MAIL_SERVICE_CLEANUP, BLOCKING); + cleanup = mail_connect(MAIL_CLASS_PUBLIC, var_cleanup_service, BLOCKING); if (cleanup == 0) return (0); close_on_exec(vstream_fileno(cleanup), CLOSE_ON_EXEC); diff --git a/postfix/src/local/local.c b/postfix/src/local/local.c index 2d762c638..dc13ca166 100644 --- a/postfix/src/local/local.c +++ b/postfix/src/local/local.c @@ -84,7 +84,8 @@ /* The default per-user mailbox is a file in the UNIX mail spool /* directory (\fB/var/mail/\fIuser\fR or \fB/var/spool/mail/\fIuser\fR); /* the location can be specified with the \fBmail_spool_directory\fR -/* configuration parameter. +/* configuration parameter. Specify a name ending in \fB/\fR for +/* \fBqmail\fR-compatible \fBmaildir\fR delivery. /* /* Alternatively, the per-user mailbox can be a file in the user's home /* directory with a name specified via the \fBhome_mailbox\fR @@ -306,6 +307,7 @@ /* .IP \fBmail_spool_directory\fR /* Directory with UNIX-style mailboxes. The default pathname is system /* dependent. +/* Specify a path ending in \fB/\fR for maildir-style delivery. /* .IP \fBmailbox_command\fR /* External command to use for mailbox delivery. The command executes /* with the recipient privileges (exception: root). The string is subject diff --git a/postfix/src/master/Makefile.in b/postfix/src/master/Makefile.in index 6f73ef3f1..cbb2894bf 100644 --- a/postfix/src/master/Makefile.in +++ b/postfix/src/master/Makefile.in @@ -100,6 +100,7 @@ master.o: ../../include/myflock.h master.o: ../../include/watchdog.h master.o: ../../include/clean_env.h master.o: ../../include/argv.h +master.o: ../../include/safe.h master.o: ../../include/mail_params.h master.o: ../../include/debug_process.h master.o: ../../include/mail_task.h diff --git a/postfix/src/master/master.c b/postfix/src/master/master.c index ad5af3b17..337ba7931 100644 --- a/postfix/src/master/master.c +++ b/postfix/src/master/master.c @@ -154,6 +154,7 @@ #include #include #include +#include /* Global library. */ @@ -240,6 +241,16 @@ int main(int argc, char **argv) */ msg_syslog_init(mail_task(var_procname), LOG_PID, LOG_FACILITY); + /* + * The mail system must be run by the superuser so it can revoke + * privileges for selected operations. That's right - it takes privileges + * to toss privileges. + */ + if (getuid() != 0) + msg_fatal("the master command is reserved for the superuser"); + if (unsafe() != 0) + msg_fatal("the master command must not run as a set-uid process"); + /* * If started from a terminal, get rid of any tty association. This also * means that all errors and warnings must go to the syslog daemon. diff --git a/postfix/src/master/master.h b/postfix/src/master/master.h index d2e472861..8cfdb7937 100644 --- a/postfix/src/master/master.h +++ b/postfix/src/master/master.h @@ -165,8 +165,8 @@ extern void master_delete_children(MASTER_SERV *); /* * master_flow.c */ -void master_flow_init(void); -int master_flow_pipe[2]; +extern void master_flow_init(void); +extern int master_flow_pipe[2]; /* DIAGNOSTICS /* BUGS diff --git a/postfix/src/nqmgr/qmgr.c b/postfix/src/nqmgr/qmgr.c index e259e47aa..1c19eec05 100644 --- a/postfix/src/nqmgr/qmgr.c +++ b/postfix/src/nqmgr/qmgr.c @@ -184,13 +184,13 @@ /* .SH "Timing controls" /* .ad /* .fi -/* .IP \fBmin_backoff\fR +/* .IP \fBminimal_backoff_time\fR /* Minimal time in seconds between delivery attempts /* of a deferred message. /* .sp /* This parameter also limits the time an unreachable destination /* is kept in the short-term, in-memory destination status cache. -/* .IP \fBmax_backoff\fR +/* .IP \fBmaximal_backoff_time\fR /* Maximal time in seconds between delivery attempts /* of a deferred message. /* .IP \fBmaximal_queue_lifetime\fR diff --git a/postfix/src/nqmgr/qmgr_message.c b/postfix/src/nqmgr/qmgr_message.c index f83f7e0d1..d5bde3a3d 100644 --- a/postfix/src/nqmgr/qmgr_message.c +++ b/postfix/src/nqmgr/qmgr_message.c @@ -509,8 +509,17 @@ static int qmgr_message_sort_compare(const void *p1, const void *p2) /* * Compare most significant to least significant recipient attributes. + * The comparison function must be transitive, so NULL values need to be + * assigned an ordinal (we set NULL last). */ - if ((queue1 = rcpt1->queue) != 0 && (queue2 = rcpt2->queue) != 0) { + + queue1 = rcpt1->queue; + queue2 = rcpt2->queue; + if (queue1 != 0 && queue2 == 0) + return (-1); + if (queue1 == 0 && queue2 != 0) + return (1); + if (queue1 != 0 && queue2 != 0) { /* * Compare message transport. @@ -529,8 +538,13 @@ static int qmgr_message_sort_compare(const void *p1, const void *p2) /* * Compare recipient domain. */ - if ((at1 = strrchr(rcpt1->address, '@')) != 0 - && (at2 = strrchr(rcpt2->address, '@')) != 0 + at1 = strrchr(rcpt1->address, '@'); + at2 = strrchr(rcpt2->address, '@'); + if (at1 == 0 && at2 != 0) + return (1); + if (at1 != 0 && at2 == 0) + return (-1); + if (at1 != 0 && at2 != 0 && (result = strcasecmp(at1, at2)) != 0) return (result); @@ -708,7 +722,7 @@ static void qmgr_message_resolve(QMGR_MESSAGE *message) queue = 0; } if (transport->recipient_limit == 1) { - VSTRING_SPACE(reply.nexthop, len + 1); + VSTRING_SPACE(reply.nexthop, len + 2); memmove(STR(reply.nexthop) + len + 1, STR(reply.nexthop), LEN(reply.nexthop) + 1); memcpy(STR(reply.nexthop), STR(reply.recipient), len); diff --git a/postfix/src/pickup/pickup.c b/postfix/src/pickup/pickup.c index 994a6328f..7bf7d5835 100644 --- a/postfix/src/pickup/pickup.c +++ b/postfix/src/pickup/pickup.c @@ -352,7 +352,7 @@ static int pickup_file(PICKUP_INFO *info) */ #define PICKUP_CLEANUP_FLAGS (CLEANUP_FLAG_BOUNCE | CLEANUP_FLAG_FILTER) - cleanup = mail_connect_wait(MAIL_CLASS_PUBLIC, MAIL_SERVICE_CLEANUP); + cleanup = mail_connect_wait(MAIL_CLASS_PUBLIC, var_cleanup_service); if (attr_scan(cleanup, ATTR_FLAG_STRICT, ATTR_TYPE_STR, MAIL_ATTR_QUEUEID, buf, ATTR_TYPE_END) != 1 diff --git a/postfix/src/postconf/Makefile.in b/postfix/src/postconf/Makefile.in index 2c0b7e7d5..35434d4b7 100644 --- a/postfix/src/postconf/Makefile.in +++ b/postfix/src/postconf/Makefile.in @@ -38,7 +38,7 @@ update: ../../bin/$(PROG) $(SAMPLES) ../../bin/$(PROG): $(PROG) cp $(PROG) ../../bin -$(MAKES): $(INC_DIR)/mail_params.h +$(MAKES): $(INC_DIR)/mail_params.h ../global/mail_params.c $(AWK) -f extract.awk ../*/*.c printfck: $(OBJS) $(PROG) diff --git a/postfix/src/postdrop/postdrop.c b/postfix/src/postdrop/postdrop.c index dacd70fde..098614b05 100644 --- a/postfix/src/postdrop/postdrop.c +++ b/postfix/src/postdrop/postdrop.c @@ -280,7 +280,7 @@ int main(int argc, char **argv) * clean up in case of a fatal error or an interrupt. */ dst = mail_stream_file(MAIL_QUEUE_MAILDROP, MAIL_CLASS_PUBLIC, - MAIL_SERVICE_PICKUP, 0444); + var_pickup_service, 0444); attr_print(VSTREAM_OUT, ATTR_FLAG_NONE, ATTR_TYPE_STR, MAIL_ATTR_QUEUEID, dst->id, ATTR_TYPE_END); diff --git a/postfix/src/postfix/Makefile.in b/postfix/src/postfix/Makefile.in index 21f14ef80..45e05f7f9 100644 --- a/postfix/src/postfix/Makefile.in +++ b/postfix/src/postfix/Makefile.in @@ -68,5 +68,6 @@ postfix.o: ../../include/stringops.h postfix.o: ../../include/vstring.h postfix.o: ../../include/clean_env.h postfix.o: ../../include/argv.h +postfix.o: ../../include/safe.h postfix.o: ../../include/mail_conf.h postfix.o: ../../include/mail_params.h diff --git a/postfix/src/postfix/postfix.c b/postfix/src/postfix/postfix.c index dca1876bb..2db1dc24f 100644 --- a/postfix/src/postfix/postfix.c +++ b/postfix/src/postfix/postfix.c @@ -144,6 +144,7 @@ #include #include #include +#include /* Global library. */ @@ -175,7 +176,6 @@ int main(int argc, char **argv) char *script; struct stat st; char *slash; - int uid; int fd; int ch; ARGV *import_env; @@ -220,10 +220,12 @@ int main(int argc, char **argv) * privileges for selected operations. That's right - it takes privileges * to toss privileges. */ - if ((uid = getuid()) != 0) { + if (getuid() != 0) { msg_error("to submit mail, use the Postfix sendmail command"); msg_fatal("the postfix command is reserved for the superuser"); } + if (unsafe() != 0) + msg_fatal("the postfix command must not run as a set-uid process"); /* * Parse switches. diff --git a/postfix/src/postmap/postmap.c b/postfix/src/postmap/postmap.c index a6a98dfae..40579938e 100644 --- a/postfix/src/postmap/postmap.c +++ b/postfix/src/postmap/postmap.c @@ -16,6 +16,9 @@ /* .ti +4 /* \fBmakemap \fIfile_type\fR \fIfile_name\fR < \fIfile_name\fR /* +/* If the result files do not exist they will be created with the +/* same group and other read permissions as the source file. +/* /* While the table update is in progress, signal delivery is /* postponed, and an exclusive, advisory, lock is placed on the /* entire table, in order to avoid surprises in spectator @@ -28,15 +31,11 @@ /* .ti +5 /* \fIkey\fR whitespace \fIvalue\fR /* .IP \(bu -/* A line that starts with whitespace (space or tab) is a continuation -/* of the previous line. An empty line terminates the previous line, -/* as does a line that starts with non-whitespace (text or comment). A -/* comment line that starts with whitespace does not terminate multi-line -/* text. +/* Empty lines and whitespace-only lines are ignored, as +/* are lines whose first non-whitespace character is a `#'. /* .IP \(bu -/* The \fB#\fR is recognized as the start of a comment, but only when it is -/* the first non-whitespace character on a line. A comment terminates -/* at the end of the line, even when the next line starts with whitespace. +/* A logical line starts with non-whitespace text. A line that +/* starts with whitespace continues a logical line. /* .PP /* The \fIkey\fR and \fIvalue\fR are processed as is, except that /* surrounding white space is stripped off. Unlike with Postfix alias @@ -185,6 +184,8 @@ static void postmap(char *map_type, char *path_name, int lineno; char *key; char *value; + struct stat st; + mode_t saved_mask; /* * Initialize. @@ -196,6 +197,14 @@ static void postmap(char *map_type, char *path_name, } else if ((source_fp = vstream_fopen(path_name, O_RDONLY, 0)) == 0) { msg_fatal("open %s: %m", path_name); } + if (fstat(vstream_fileno(source_fp), &st) < 0) + msg_fatal("fstat %s: %m", path_name); + + /* + * Turn off group/other read permissions as indicated in the source file. + */ + if (S_ISREG(st.st_mode)) + saved_mask = umask(022 | (~st.st_mode & 077)); /* * Open the database, optionally create it when it does not exist, @@ -204,6 +213,12 @@ static void postmap(char *map_type, char *path_name, */ mkmap = mkmap_open(map_type, path_name, open_flags, dict_flags); + /* + * And restore the umask, in case it matters. + */ + if (S_ISREG(st.st_mode)) + umask(saved_mask); + /* * Add records to the database. */ diff --git a/postfix/src/postqueue/postqueue.c b/postfix/src/postqueue/postqueue.c index f2a8b52ce..62107bf2f 100644 --- a/postfix/src/postqueue/postqueue.c +++ b/postfix/src/postqueue/postqueue.c @@ -15,7 +15,7 @@ /* traditionally available via the \fBsendmail\fR(1) command. /* /* The following options are recognized: -/* .IP \fB-c \fIconfig_dir\fR +/* .IP "\fB-c \fIconfig_dir\fR" /* The \fBmain.cf\fR configuration file is in the named directory /* instead of the default configuration directory. See also the /* MAIL_CONFIG environment setting below. @@ -104,6 +104,7 @@ #include #include #include +#include /* Utility library. */ @@ -170,13 +171,16 @@ static void show_queue(void) * Connect to the show queue service. Terminate silently when piping into * a program that terminates early. */ - if ((showq = mail_connect(MAIL_CLASS_PUBLIC, MAIL_SERVICE_SHOWQ, BLOCKING)) != 0) { - while ((n = vstream_fread(showq, buf, sizeof(buf))) > 0) + if ((showq = mail_connect(MAIL_CLASS_PUBLIC, var_showq_service, BLOCKING)) != 0) { + while ((n = vstream_fread(showq, buf, sizeof(buf))) > 0) { if (vstream_fwrite(VSTREAM_OUT, buf, n) != n - || vstream_fflush(VSTREAM_OUT) != 0) + || vstream_fflush(VSTREAM_OUT) != 0) { + if (errno == EPIPE) + break; msg_fatal("write error: %m"); - - if (vstream_fclose(showq)) + } + } + if (vstream_fclose(showq) && errno != EPIPE) msg_warn("close: %m"); } @@ -190,7 +194,7 @@ static void show_queue(void) msg_warn("Mail system is down -- accessing queue directly"); argv = argv_alloc(6); - argv_add(argv, MAIL_SERVICE_SHOWQ, "-u", "-S", (char *) 0); + argv_add(argv, var_showq_service, "-u", "-S", (char *) 0); for (n = 0; n < msg_verbose; n++) argv_add(argv, "-v", (char *) 0); argv_terminate(argv); @@ -354,14 +358,14 @@ int main(int argc, char **argv) */ if (site_to_flush != 0) { if (*site_to_flush == '[' - && *(last = optarg + strlen(site_to_flush) - 1) == ']') { + && *(last = site_to_flush + strlen(site_to_flush) - 1) == ']') { *last = 0; - if (!valid_hostaddr(optarg + 1, DONT_GRIPE)) + if (!valid_hostaddr(site_to_flush + 1, DONT_GRIPE)) site_to_flush = 0; *last = ']'; } else { - if (!valid_hostname(optarg, DONT_GRIPE) - && !valid_hostaddr(optarg, DONT_GRIPE)) + if (!valid_hostname(site_to_flush, DONT_GRIPE) + && !valid_hostaddr(site_to_flush, DONT_GRIPE)) site_to_flush = 0; } if (site_to_flush == 0) diff --git a/postfix/src/postsuper/postsuper.c b/postfix/src/postsuper/postsuper.c index 5177125ac..660cf9ca7 100644 --- a/postfix/src/postsuper/postsuper.c +++ b/postfix/src/postsuper/postsuper.c @@ -18,7 +18,7 @@ /* \fBdefer\fR and \fBflush\fR directories with log files. /* /* Options: -/* .IP "\fB-d \fIqueue_id\fR (Postfix versions >= 20010525)" +/* .IP "\fB-d \fIqueue_id\fR" /* Delete one message with the named queue ID from the named /* mail queue(s) (default: \fBincoming\fR, \fBactive\fR and /* \fBdeferred\fR). @@ -56,7 +56,7 @@ /* .IP \fB-p\fR /* Purge old temporary files that are left over after system or /* software crashes. -/* .IP "\fB-r \fIqueue_id\fR (Postfix versions >= 20010525)" +/* .IP "\fB-r \fIqueue_id\fR" /* Requeue the message with the named queue ID from the named /* mail queue(s) (default: \fBincoming\fR, \fBactive\fR and /* \fBdeferred\fR). @@ -84,7 +84,6 @@ /* to perform this operation once before Postfix startup. /* .RS /* .IP \(bu -/* (Postfix versions >= 20010525) /* Rename files whose name does not match the message file inode /* number. This operation is necessary after restoring a mail queue /* from a different machine, or from backup media. diff --git a/postfix/src/qmgr/qmgr.c b/postfix/src/qmgr/qmgr.c index 146b26469..b2ea9ec6f 100644 --- a/postfix/src/qmgr/qmgr.c +++ b/postfix/src/qmgr/qmgr.c @@ -165,13 +165,13 @@ /* .SH "Timing controls" /* .ad /* .fi -/* .IP \fBmin_backoff\fR +/* .IP \fBminimal_backoff_time\fR /* Minimal time in seconds between delivery attempts /* of a deferred message. /* .sp /* This parameter also limits the time an unreachable destination /* is kept in the short-term, in-memory destination status cache. -/* .IP \fBmax_backoff\fR +/* .IP \fBmaximal_backoff_time\fR /* Maximal time in seconds between delivery attempts /* of a deferred message. /* .IP \fBmaximal_queue_lifetime\fR diff --git a/postfix/src/qmgr/qmgr_message.c b/postfix/src/qmgr/qmgr_message.c index 561a73cec..3aa4de849 100644 --- a/postfix/src/qmgr/qmgr_message.c +++ b/postfix/src/qmgr/qmgr_message.c @@ -389,8 +389,17 @@ static int qmgr_message_sort_compare(const void *p1, const void *p2) /* * Compare most significant to least significant recipient attributes. + * The comparison function must be transitive, so NULL values need to be + * assigned an ordinal (we set NULL last). */ - if ((queue1 = rcpt1->queue) != 0 && (queue2 = rcpt2->queue) != 0) { + + queue1 = rcpt1->queue; + queue2 = rcpt2->queue; + if (queue1 != 0 && queue2 == 0) + return (-1); + if (queue1 == 0 && queue2 != 0) + return (1); + if (queue1 != 0 && queue2 != 0) { /* * Compare message transport. @@ -409,8 +418,13 @@ static int qmgr_message_sort_compare(const void *p1, const void *p2) /* * Compare recipient domain. */ - if ((at1 = strrchr(rcpt1->address, '@')) != 0 - && (at2 = strrchr(rcpt2->address, '@')) != 0 + at1 = strrchr(rcpt1->address, '@'); + at2 = strrchr(rcpt2->address, '@'); + if (at1 == 0 && at2 != 0) + return (1); + if (at1 != 0 && at2 == 0) + return (-1); + if (at1 != 0 && at2 != 0 && (result = strcasecmp(at1, at2)) != 0) return (result); @@ -588,7 +602,7 @@ static void qmgr_message_resolve(QMGR_MESSAGE *message) queue = 0; } if (transport->recipient_limit == 1) { - VSTRING_SPACE(reply.nexthop, len + 1); + VSTRING_SPACE(reply.nexthop, len + 2); memmove(STR(reply.nexthop) + len + 1, STR(reply.nexthop), LEN(reply.nexthop) + 1); memcpy(STR(reply.nexthop), STR(reply.recipient), len); diff --git a/postfix/src/qmqpd/qmqpd.c b/postfix/src/qmqpd/qmqpd.c index 002da5141..00cacc506 100644 --- a/postfix/src/qmqpd/qmqpd.c +++ b/postfix/src/qmqpd/qmqpd.c @@ -180,13 +180,13 @@ static void qmqpd_open_file(QMQPD_STATE *state) /* * Connect to the cleanup server. Log client name/address with queue ID. */ - state->dest = mail_stream_service(MAIL_CLASS_PUBLIC, MAIL_SERVICE_CLEANUP); + state->dest = mail_stream_service(MAIL_CLASS_PUBLIC, var_cleanup_service); if (state->dest == 0 || attr_print(state->dest->stream, ATTR_FLAG_NONE, ATTR_TYPE_NUM, MAIL_ATTR_FLAGS, CLEANUP_FLAG_FILTER, ATTR_TYPE_END) != 0) msg_fatal("unable to connect to the %s %s service", - MAIL_CLASS_PUBLIC, MAIL_SERVICE_CLEANUP); + MAIL_CLASS_PUBLIC, var_cleanup_service); state->cleanup = state->dest->stream; state->queue_id = mystrdup(state->dest->id); msg_info("%s: client=%s", state->queue_id, state->namaddr); @@ -196,7 +196,7 @@ static void qmqpd_open_file(QMQPD_STATE *state) * bloody likely, but present for the sake of consistency with all other * Postfix points of entrance). */ - rec_fprintf(state->cleanup, REC_TYPE_TIME, "%ld", state->time); + rec_fprintf(state->cleanup, REC_TYPE_TIME, "%ld", (long) state->time); if (*var_filter_xport) rec_fprintf(state->cleanup, REC_TYPE_FILT, "%s", var_filter_xport); } @@ -432,7 +432,7 @@ static void qmqpd_reply(QMQPD_STATE *state, int log_message, /* qmqpd_send_status - send mail transaction completion status */ -static int qmqpd_send_status(QMQPD_STATE *state) +static void qmqpd_send_status(QMQPD_STATE *state) { /* @@ -472,7 +472,7 @@ static int qmqpd_send_status(QMQPD_STATE *state) /* qmqpd_receive - receive QMQP message+sender+recipients */ -static int qmqpd_receive(QMQPD_STATE *state) +static void qmqpd_receive(QMQPD_STATE *state) { /* diff --git a/postfix/src/sendmail/sendmail.c b/postfix/src/sendmail/sendmail.c index 54cb2443f..ea054f656 100644 --- a/postfix/src/sendmail/sendmail.c +++ b/postfix/src/sendmail/sendmail.c @@ -105,6 +105,10 @@ /* .IP \fB-bs\fR /* Stand-alone SMTP server mode. Read SMTP commands from /* standard input, and write responses to standard output. +/* In stand-alone SMTP server mode, UCE restrictions and +/* access controls are disabled by default. To enable them, +/* run the process as the \fBmail_owner\fR user. +/* .sp /* This mode of operation is implemented by running the /* \fBsmtpd\fR(8) daemon. /* .IP "\fB-f \fIsender\fR" @@ -363,6 +367,7 @@ static void enqueue(const int flags, const char *sender, const char *full_name, uid_t uid = getuid(); int status; int naddr; + int prev_type; /* * Initialize. @@ -386,7 +391,8 @@ static void enqueue(const int flags, const char *sender, const char *full_name, msg_warn("-f option specified malformed sender: %s", sender); } else { if ((sender = username()) == 0) - msg_fatal_status(EX_OSERR, "unable to find out your login name"); + msg_fatal_status(EX_OSERR, "no login name found for user ID %lu", + (unsigned long) uid); saved_sender = mystrdup(sender); } @@ -452,8 +458,8 @@ static void enqueue(const int flags, const char *sender, const char *full_name, rec_fprintf(dst, REC_TYPE_MESG, REC_TYPE_MESG_FORMAT, 0L); skip_from_ = 1; strip_cr = STRIP_CR_DUNNO; - while ((type = rec_streamlf_get(VSTREAM_IN, buf, var_line_limit)) - != REC_TYPE_EOF) { + for (prev_type = 0; (type = rec_streamlf_get(VSTREAM_IN, buf, var_line_limit)) + != REC_TYPE_EOF; prev_type = type) { if (strip_cr == STRIP_CR_DUNNO && type == REC_TYPE_NORM) { if (VSTRING_LEN(buf) > 0 && vstring_end(buf)[-1] == '\r') strip_cr = STRIP_CR_DO; @@ -471,7 +477,8 @@ static void enqueue(const int flags, const char *sender, const char *full_name, if (strip_cr == STRIP_CR_DO && type == REC_TYPE_NORM) if (VSTRING_LEN(buf) > 0 && vstring_end(buf)[-1] == '\r') vstring_truncate(buf, VSTRING_LEN(buf) - 1); - if ((flags & SM_FLAG_AEOF) && VSTRING_LEN(buf) == 1 && *STR(buf) == '.') + if ((flags & SM_FLAG_AEOF) && prev_type != REC_TYPE_CONT + && VSTRING_LEN(buf) == 1 && *STR(buf) == '.') break; if (REC_PUT_BUF(dst, type, buf) < 0) msg_fatal_status(EX_TEMPFAIL, diff --git a/postfix/src/showq/Makefile.in b/postfix/src/showq/Makefile.in index 5c714ef11..b0867ff79 100644 --- a/postfix/src/showq/Makefile.in +++ b/postfix/src/showq/Makefile.in @@ -75,5 +75,7 @@ showq.o: ../../include/mail_scan_dir.h showq.o: ../../include/mail_conf.h showq.o: ../../include/record.h showq.o: ../../include/rec_type.h +showq.o: ../../include/quote_822_local.h +showq.o: ../../include/mail_addr.h showq.o: ../../include/bounce_log.h showq.o: ../../include/mail_server.h diff --git a/postfix/src/showq/showq.c b/postfix/src/showq/showq.c index 97147adea..8a59cbec6 100644 --- a/postfix/src/showq/showq.c +++ b/postfix/src/showq/showq.c @@ -80,6 +80,8 @@ #include #include #include +#include +#include #include /* Single-threaded server skeleton. */ @@ -89,6 +91,7 @@ /* Application-specific. */ int var_dup_filter_limit; +char *var_empty_addr; #define STRING_FORMAT "%-10s %8s %-20s %s\n" #define DATA_FORMAT "%-10s%c%8ld %20.20s %s\n" @@ -96,10 +99,15 @@ int var_dup_filter_limit; static void showq_reasons(VSTREAM *, BOUNCE_LOG *, HTABLE *); +#define STR(x) vstring_str(x) + +/* showq_report - report status of sender and recipients */ + static void showq_report(VSTREAM *client, char *queue, char *id, VSTREAM *qfile, long size) { VSTRING *buf = vstring_alloc(100); + VSTRING *printable_quoted_addr = vstring_alloc(100); int rec_type; time_t arrival_time = 0; char *start; @@ -109,6 +117,13 @@ static void showq_report(VSTREAM *client, char *queue, char *id, char status = (strcmp(queue, MAIL_QUEUE_ACTIVE) == 0 ? '*' : ' '); long offset; + /* + * XXX addresses in defer logfiles are in printable quoted form, while + * addresses in message envelope records are in raw unquoted form. This + * may change once we replace the present ad-hoc bounce/defer logfile + * format by one that is transparent for control etc. characters. See + * also: bounce/bounce_append_service.c. + */ while (!vstream_ferror(client) && (rec_type = rec_get(qfile, buf, 0)) > 0) { start = vstring_str(buf); switch (rec_type) { @@ -121,18 +136,23 @@ static void showq_report(VSTREAM *client, char *queue, char *id, break; case REC_TYPE_FROM: if (*start == 0) - start = "(MAILER-DAEMON)"; + start = var_empty_addr; + quote_822_local(printable_quoted_addr, start); + printable(STR(printable_quoted_addr), '?'); vstream_fprintf(client, DATA_FORMAT, id, status, msg_size > 0 ? msg_size : size, arrival_time > 0 ? asctime(localtime(&arrival_time)) : "??", - printable(start, '?')); + STR(printable_quoted_addr)); break; case REC_TYPE_RCPT: if (*start == 0) /* can't happen? */ - start = "(MAILER-DAEMON)"; - if (dup_filter == 0 || htable_locate(dup_filter, start) == 0) + start = var_empty_addr; + quote_822_local(printable_quoted_addr, start); + printable(STR(printable_quoted_addr), '?'); + if (dup_filter == 0 + || htable_locate(dup_filter, STR(printable_quoted_addr)) == 0) vstream_fprintf(client, STRING_FORMAT, - "", "", "", printable(start, '?')); + "", "", "", STR(printable_quoted_addr)); break; case REC_TYPE_MESG: if ((offset = atol(start)) > 0 @@ -163,6 +183,7 @@ static void showq_report(VSTREAM *client, char *queue, char *id, } } vstring_free(buf); + vstring_free(printable_quoted_addr); if (dup_filter) htable_free(dup_filter, (void (*) (char *)) 0); } @@ -307,8 +328,13 @@ int main(int argc, char **argv) VAR_DUP_FILTER_LIMIT, DEF_DUP_FILTER_LIMIT, &var_dup_filter_limit, 0, 0, 0, }; + CONFIG_STR_TABLE str_table[] = { + VAR_EMPTY_ADDR, DEF_EMPTY_ADDR, &var_empty_addr, 1, 0, + 0, + }; single_server_main(argc, argv, showq_service, MAIL_SERVER_INT_TABLE, int_table, + MAIL_SERVER_STR_TABLE, str_table, 0); } diff --git a/postfix/src/smtp/smtp.c b/postfix/src/smtp/smtp.c index 9c61d89db..c4eddd07f 100644 --- a/postfix/src/smtp/smtp.c +++ b/postfix/src/smtp/smtp.c @@ -97,9 +97,11 @@ /* Never send EHLO at the start of a connection. /* .IP \fBsmtp_bind_address\fR /* Numerical source network address to bind to when making a connection. -/* .IP \fBsmtp_break_lines\fR -/* Break lines > \fB$line_length_limit\fR into multiple shorter lines. +/* .IP \fBsmtp_line_length_limit\fR +/* Length limit for SMTP message content lines. Zero means no limit. /* Some SMTP servers misbehave on long lines. +/* .IP \fBsmtp_helo_name\fR +/* The hostname to be used in HELO and EHLO commands. /* .IP \fBsmtp_skip_4xx_greeting\fR /* Skip servers that greet us with a 4xx status code. /* .IP \fBsmtp_skip_5xx_greeting\fR @@ -113,7 +115,7 @@ /* The time a message must be queued before the CISCO PIX firewall /* . bug workaround is turned on. /* .SH "Authentication controls" -/* .IP \fBsmtp_enable_sasl_auth\fR +/* .IP \fBsmtp_sasl_auth_enable\fR /* Enable per-session authentication as per RFC 2554 (SASL). /* By default, Postfix is built without SASL support. /* .IP \fBsmtp_sasl_password_maps\fR @@ -259,9 +261,10 @@ char *var_smtp_sasl_passwd; bool var_smtp_sasl_enable; char *var_smtp_bind_addr; bool var_smtp_rand_addr; -bool var_smtp_break_lines; int var_smtp_pix_thresh; int var_smtp_pix_delay; +int var_smtp_line_limit; +char *var_smtp_helo_name; /* * Global variables. smtp_errno is set by the address lookup routines and by @@ -413,6 +416,7 @@ int main(int argc, char **argv) VAR_SMTP_SASL_PASSWD, DEF_SMTP_SASL_PASSWD, &var_smtp_sasl_passwd, 0, 0, VAR_SMTP_SASL_OPTS, DEF_SMTP_SASL_OPTS, &var_smtp_sasl_opts, 0, 0, VAR_SMTP_BIND_ADDR, DEF_SMTP_BIND_ADDR, &var_smtp_bind_addr, 0, 0, + VAR_SMTP_HELO_NAME, DEF_SMTP_HELO_NAME, &var_smtp_helo_name, 1, 0, 0, }; static CONFIG_TIME_TABLE time_table[] = { @@ -429,6 +433,7 @@ int main(int argc, char **argv) 0, }; static CONFIG_INT_TABLE int_table[] = { + VAR_SMTP_LINE_LIMIT, DEF_SMTP_LINE_LIMIT, &var_smtp_line_limit, 0, 0, 0, }; static CONFIG_BOOL_TABLE bool_table[] = { @@ -440,7 +445,6 @@ int main(int argc, char **argv) VAR_SMTP_NEVER_EHLO, DEF_SMTP_NEVER_EHLO, &var_smtp_never_ehlo, VAR_SMTP_SASL_ENABLE, DEF_SMTP_SASL_ENABLE, &var_smtp_sasl_enable, VAR_SMTP_RAND_ADDR, DEF_SMTP_RAND_ADDR, &var_smtp_rand_addr, - VAR_SMTP_BREAK_LINES, DEF_SMTP_BREAK_LINES, &var_smtp_break_lines, 0, }; diff --git a/postfix/src/smtp/smtp_proto.c b/postfix/src/smtp/smtp_proto.c index 04e0db3fc..6745c6661 100644 --- a/postfix/src/smtp/smtp_proto.c +++ b/postfix/src/smtp/smtp_proto.c @@ -207,12 +207,12 @@ int smtp_helo(SMTP_STATE *state) * heuristic failed. */ if (state->features & SMTP_FEATURE_ESMTP) { - smtp_chat_cmd(state, "EHLO %s", var_myhostname); + smtp_chat_cmd(state, "EHLO %s", var_smtp_helo_name); if ((resp = smtp_chat_resp(state))->code / 100 != 2) state->features &= ~SMTP_FEATURE_ESMTP; } if ((state->features & SMTP_FEATURE_ESMTP) == 0) { - smtp_chat_cmd(state, "HELO %s", var_myhostname); + smtp_chat_cmd(state, "HELO %s", var_smtp_helo_name); if ((resp = smtp_chat_resp(state))->code / 100 != 2) return (smtp_site_fail(state, resp->code, "host %s refused to talk to me: %s", @@ -296,6 +296,9 @@ int smtp_xfer(SMTP_STATE *state) int sndbuffree; SOCKOPT_SIZE optlen = sizeof(sndbufsize); int mail_from_rejected; + int space_left = var_smtp_line_limit; + int data_left; + char *data_start; /* * Macros for readability. @@ -665,16 +668,38 @@ int smtp_xfer(SMTP_STATE *state) if (prev_type != REC_TYPE_CONT) if (vstring_str(state->scratch)[0] == '.') smtp_fputc('.', session->stream); - if (var_smtp_break_lines) - rec_type = REC_TYPE_NORM; - if (rec_type == REC_TYPE_CONT) - smtp_fwrite(vstring_str(state->scratch), - VSTRING_LEN(state->scratch), - session->stream); - else - smtp_fputs(vstring_str(state->scratch), - VSTRING_LEN(state->scratch), - session->stream); + + /* + * Deal with an impedance mismatch between Postfix queue + * files (record length <= $message_line_length_limit) and + * SMTP (DATA record length <= $smtp_line_length_limit). The + * code below does a little too much work when the SMTP line + * length limit is disabled, but it avoids code duplication, + * and thus, it avoids testing and maintenance problems. + */ + data_left = VSTRING_LEN(state->scratch); + data_start = vstring_str(state->scratch); + do { + if (var_smtp_line_limit > 0 && data_left >= space_left) { + smtp_fputs(data_start, space_left, session->stream); + data_start += space_left; + data_left -= space_left; + space_left = var_smtp_line_limit; + if (data_left > 0 || rec_type == REC_TYPE_CONT) { + smtp_fputc(' ', session->stream); + space_left -= 1; + } + } else { + if (rec_type == REC_TYPE_CONT) { + smtp_fwrite(data_start, data_left, session->stream); + space_left -= data_left; + } else { + smtp_fputs(data_start, data_left, session->stream); + space_left = var_smtp_line_limit; + } + break; + } + } while (data_left > 0); prev_type = rec_type; } diff --git a/postfix/src/smtp/smtp_sasl_glue.c b/postfix/src/smtp/smtp_sasl_glue.c index 0a4e28fe3..a1a7c9952 100644 --- a/postfix/src/smtp/smtp_sasl_glue.c +++ b/postfix/src/smtp/smtp_sasl_glue.c @@ -116,6 +116,9 @@ static NAME_MASK smtp_sasl_sec_mask[] = { "noactive", SASL_SEC_NOACTIVE, "nodictionary", SASL_SEC_NODICTIONARY, "noanonymous", SASL_SEC_NOANONYMOUS, +#if SASL_VERSION_MAJOR >= 2 + "mutual_auth", SASL_SEC_MUTUAL_AUTH, +#endif 0, }; @@ -126,6 +129,47 @@ static int smtp_sasl_sec_opts; */ #define STR(x) vstring_str(x) + /* + * Macros to handle API differences between SASLv1 and SASLv2. Specifics: + * + * The SASL_LOG_* constants were renamed in SASLv2. + * + * SASLv2's sasl_client_new takes two new parameters to specify local and + * remote IP addresses for auth mechs that use them. + * + * SASLv2's sasl_client_start function no longer takes the secret parameter. + * + * SASLv2's sasl_decode64 function takes an extra parameter for the length of + * the output buffer. + * + * The other major change is that SASLv2 now takes more responsibility for + * deallocating memory that it allocates internally. Thus, some of the + * function parameters are now 'const', to make sure we don't try to free + * them too. This is dealt with in the code later on. + */ + +#if SASL_VERSION_MAJOR < 2 +/* SASL version 1.x */ +#define SASL_LOG_WARN SASL_LOG_WARNING +#define SASL_LOG_NOTE SASL_LOG_INFO +#define SASL_CLIENT_NEW(srv, fqdn, lport, rport, prompt, secflags, pconn) \ + sasl_client_new(srv, fqdn, prompt, secflags, pconn) +#define SASL_CLIENT_START(conn, mechlst, secret, prompt, clout, cllen, mech) \ + sasl_client_start(conn, mechlst, secret, prompt, clout, cllen, mech) +#define SASL_DECODE64(in, inlen, out, outmaxlen, outlen) \ + sasl_decode64(in, inlen, out, outlen) +#endif + +#if SASL_VERSION_MAJOR >= 2 +/* SASL version > 2.x */ +#define SASL_CLIENT_NEW(srv, fqdn, lport, rport, prompt, secflags, pconn) \ + sasl_client_new(srv, fqdn, lport, rport, prompt, secflags, pconn) +#define SASL_CLIENT_START(conn, mechlst, secret, prompt, clout, cllen, mech) \ + sasl_client_start(conn, mechlst, prompt, clout, cllen, mech) +#define SASL_DECODE64(in, inlen, out, outmaxlen, outlen) \ + sasl_decode64(in, inlen, out, outmaxlen, outlen) +#endif + /* * Per-host login/password information. */ @@ -137,14 +181,18 @@ static int smtp_sasl_log(void *unused_context, int priority, const char *message) { switch (priority) { - case SASL_LOG_ERR: - case SASL_LOG_WARNING: + case SASL_LOG_ERR: /* unusual errors */ + case SASL_LOG_WARN: /* non-fatal warnings */ msg_warn("SASL authentication problem: %s", message); break; - case SASL_LOG_INFO: + case SASL_LOG_NOTE: /* other info */ if (msg_verbose) msg_info("SASL authentication info: %s", message); break; +#if SASL_VERSION_MAJOR >= 2 + case SASL_LOG_FAIL: /* authentication failures */ + msg_warn("SASL authentication failure: %s", message); +#endif } return (SASL_OK); } @@ -317,7 +365,12 @@ void smtp_sasl_start(SMTP_STATE *state) memcpy((char *) state->sasl_callbacks, callbacks, sizeof(callbacks)); for (cp = state->sasl_callbacks; cp->id != SASL_CB_LIST_END; cp++) cp->context = (void *) state; - if (sasl_client_new("smtp", state->session->host, + +#define NULL_SERVER_ADDR ((char *) 0) +#define NULL_CLIENT_ADDR ((char *) 0) + + if (SASL_CLIENT_NEW("smtp", state->session->host, + NULL_CLIENT_ADDR, NULL_SERVER_ADDR, state->sasl_callbacks, NULL_SECFLAGS, (sasl_conn_t **) &state->sasl_conn) != SASL_OK) msg_fatal("per-session SASL client initialization"); @@ -354,7 +407,14 @@ int smtp_sasl_authenticate(SMTP_STATE *state, VSTRING *why) char *myname = "smtp_sasl_authenticate"; unsigned enc_length; unsigned enc_length_out; + +#if SASL_VERSION_MAJOR >= 2 + const char *clientout; + +#else char *clientout; + +#endif unsigned clientoutlen; unsigned serverinlen; SMTP_RESP *resp; @@ -374,7 +434,7 @@ int smtp_sasl_authenticate(SMTP_STATE *state, VSTRING *why) /* * Start the client side authentication protocol. */ - result = sasl_client_start((sasl_conn_t *) state->sasl_conn, + result = SASL_CLIENT_START((sasl_conn_t *) state->sasl_conn, state->sasl_mechanism_list, NO_SASL_SECRET, NO_SASL_INTERACTION, &clientout, &clientoutlen, &mechanism); @@ -404,7 +464,10 @@ int smtp_sasl_authenticate(SMTP_STATE *state, VSTRING *why) STR(state->sasl_encoded), enc_length, &enc_length_out) != SASL_OK) msg_panic("%s: sasl_encode64 botch", myname); +#if SASL_VERSION_MAJOR < 2 + /* SASL version 1 doesn't free memory that it allocates. */ free(clientout); +#endif smtp_chat_cmd(state, "AUTH %s %s", mechanism, STR(state->sasl_encoded)); } else { smtp_chat_cmd(state, "AUTH %s", mechanism); @@ -423,8 +486,8 @@ int smtp_sasl_authenticate(SMTP_STATE *state, VSTRING *why) (void) mystrtok(&line, "- \t\n"); /* skip over result code */ serverinlen = strlen(line); VSTRING_SPACE(state->sasl_decoded, serverinlen); - if (sasl_decode64(line, serverinlen, - STR(state->sasl_decoded), &enc_length) != SASL_OK) { + if (SASL_DECODE64(line, serverinlen, STR(state->sasl_decoded), + serverinlen, &enc_length) != SASL_OK) { vstring_sprintf(why, "malformed SASL challenge from server %s", state->session->namaddr); return (-1); @@ -456,7 +519,10 @@ int smtp_sasl_authenticate(SMTP_STATE *state, VSTRING *why) STR(state->sasl_encoded), enc_length, &enc_length_out) != SASL_OK) msg_panic("%s: sasl_encode64 botch", myname); +#if SASL_VERSION_MAJOR < 2 + /* SASL version 1 doesn't free memory that it allocates. */ free(clientout); +#endif } else { vstring_strcat(state->sasl_encoded, ""); } @@ -487,7 +553,8 @@ void smtp_sasl_cleanup(SMTP_STATE *state) state->sasl_passwd = 0; } if (state->sasl_mechanism_list) { - myfree(state->sasl_mechanism_list); /* allocated in smtp_helo */ + /* allocated in smtp_sasl_helo_auth */ + myfree(state->sasl_mechanism_list); state->sasl_mechanism_list = 0; } if (state->sasl_conn) { diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c index bf8edc321..38d688727 100644 --- a/postfix/src/smtpd/smtpd.c +++ b/postfix/src/smtpd/smtpd.c @@ -180,7 +180,7 @@ /* .SH "UCE control restrictions" /* .ad /* .fi -/* .IP "\fBparent_domain_matches_subdomains\fR (versions >= 20011119)" +/* .IP \fBparent_domain_matches_subdomains\fR /* List of Postfix features that use \fIdomain.name\fR patterns /* to match \fIsub.domain.name\fR (as opposed to /* requiring \fI.domain.name\fR patterns). @@ -532,13 +532,13 @@ static void mail_open_stream(SMTPD_STATE *state) */ if (SMTPD_STAND_ALONE(state) == 0) { state->dest = mail_stream_service(MAIL_CLASS_PUBLIC, - MAIL_SERVICE_CLEANUP); + var_cleanup_service); if (state->dest == 0 || attr_print(state->dest->stream, ATTR_FLAG_NONE, ATTR_TYPE_NUM, MAIL_ATTR_FLAGS, CLEANUP_FLAG_FILTER, ATTR_TYPE_END) != 0) msg_fatal("unable to connect to the %s %s service", - MAIL_CLASS_PUBLIC, MAIL_SERVICE_CLEANUP); + MAIL_CLASS_PUBLIC, var_cleanup_service); } /* @@ -1038,7 +1038,7 @@ static int data_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv) smtpd_chat_reply(state, "554 Error: too many hops"); } else if ((state->err & CLEANUP_STAT_CONT) != 0) { state->error_mask |= MAIL_ERROR_POLICY; - smtpd_chat_reply(state, "552 Error: %s", LEN(why) ? + smtpd_chat_reply(state, "550 Error: %s", LEN(why) ? STR(why) : "content rejected"); } else if ((state->err & CLEANUP_STAT_WRITE) != 0) { state->error_mask |= MAIL_ERROR_RESOURCE; @@ -1295,6 +1295,7 @@ typedef struct SMTPD_CMD { } SMTPD_CMD; #define SMTPD_CMD_FLAG_LIMIT (1<<0) /* limit usage */ +#define SMTPD_CMD_FLAG_HEADER (1<<1) /* RFC 2822 mail header */ static SMTPD_CMD smtpd_cmd_table[] = { "HELO", helo_cmd, SMTPD_CMD_FLAG_LIMIT, @@ -1312,6 +1313,9 @@ static SMTPD_CMD smtpd_cmd_table[] = { "VRFY", vrfy_cmd, SMTPD_CMD_FLAG_LIMIT, "ETRN", etrn_cmd, SMTPD_CMD_FLAG_LIMIT, "QUIT", quit_cmd, 0, + "Received:", 0, SMTPD_CMD_FLAG_HEADER, + "Subject:", 0, SMTPD_CMD_FLAG_HEADER, + "From:", 0, SMTPD_CMD_FLAG_HEADER, 0, }; @@ -1393,6 +1397,12 @@ static void smtpd_proto(SMTPD_STATE *state) state->error_count++; continue; } + if (cmdp->flags & SMTPD_CMD_FLAG_HEADER) { + msg_warn("%s sent %s header instead of SMTP command: %.100s", + cmdp->name, state->namaddr, vstring_str(state->buffer)); + smtpd_chat_reply(state, "221 Error: I can break rules, too. Goodbye."); + break; + } if (state->access_denied && cmdp->action != quit_cmd) { smtpd_chat_reply(state, "503 Error: access denied for %s", state->namaddr); /* RFC 2821 Sec 3.1 */ @@ -1405,7 +1415,6 @@ static void smtpd_proto(SMTPD_STATE *state) if ((cmdp->flags & SMTPD_CMD_FLAG_LIMIT) && state->junk_cmds++ > var_smtpd_junk_cmd_limit) state->error_count++; - if (cmdp->action == quit_cmd) break; } diff --git a/postfix/src/smtpd/smtpd.h b/postfix/src/smtpd/smtpd.h index 20386ad73..1aa9c21c3 100644 --- a/postfix/src/smtpd/smtpd.h +++ b/postfix/src/smtpd/smtpd.h @@ -68,7 +68,11 @@ typedef struct SMTPD_STATE { off_t msg_size; int junk_cmds; #ifdef USE_SASL_AUTH +#if SASL_VERSION_MAJOR >= 2 + const char *sasl_mechanism_list; +#else char *sasl_mechanism_list; +#endif char *sasl_method; char *sasl_username; char *sasl_sender; diff --git a/postfix/src/smtpd/smtpd_check.c b/postfix/src/smtpd/smtpd_check.c index 968e1ee91..a6eb9245f 100644 --- a/postfix/src/smtpd/smtpd_check.c +++ b/postfix/src/smtpd/smtpd_check.c @@ -1594,12 +1594,16 @@ static int check_domain_access(SMTPD_STATE *state, const char *table, /* * Try the name and its parent domains. Including top-level domains. + * + * Helo names can end in ".". The test below avoids lookups of the empty + * key, because Berkeley DB cannot deal with it. [Victor Duchovni, Morgan + * Stanley]. */ #define CHK_DOMAIN_RETURN(x,y) { *found = y; myfree(low_domain); return(x); } if ((dict = dict_handle(table)) == 0) msg_panic("%s: dictionary not found: %s", myname, table); - for (name = low_domain; /* void */ ; name = next) { + for (name = low_domain; *name != 0; name = next) { if (flags == 0 || (flags & dict->flags) != 0) { if ((value = dict_get(dict, name)) != 0) CHK_DOMAIN_RETURN(check_table_result(state, table, value, @@ -1758,7 +1762,7 @@ static int check_mail_access(SMTPD_STATE *state, const char *table, /* * Source-routed, non-local, recipient addresses are too suspicious for * returning an "OK" result. The complicated expression below was brought - * to you by the keyboard of Victor Duchovny, Morgan Stanley and hacked + * to you by the keyboard of Victor Duchovni, Morgan Stanley and hacked * up a bit by Wietse. */ #define SUSPICIOUS(domain, reply, state, reply_name, reply_class) \ @@ -2151,11 +2155,13 @@ static int generic_checks(SMTPD_STATE *state, ARGV *restrictions, if (cpp[1] != 0 && state->warn_if_reject == 0) msg_warn("restriction `%s' after `%s' is ignored", cpp[1], CHECK_RELAY_DOMAINS); -#ifdef USE_SASL_AUTH } else if (strcasecmp(name, PERMIT_SASL_AUTH) == 0) { if (var_smtpd_sasl_enable) +#ifdef USE_SASL_AUTH status = permit_sasl_auth(state, SMTPD_CHECK_OK, SMTPD_CHECK_DUNNO); +#else + msg_warn("restriction `%s' ignored: no SASL support", name); #endif } else if (strcasecmp(name, REJECT_UNKNOWN_RCPTDOM) == 0) { if (state->recipient) diff --git a/postfix/src/smtpd/smtpd_sasl_glue.c b/postfix/src/smtpd/smtpd_sasl_glue.c index 716b7873d..8bf54dc55 100644 --- a/postfix/src/smtpd/smtpd_sasl_glue.c +++ b/postfix/src/smtpd/smtpd_sasl_glue.c @@ -110,6 +110,52 @@ */ #define STR(s) vstring_str(s) + /* + * Macros to handle API differences between SASLv1 and SASLv2. Specifics: + * + * The SASL_LOG_* constants were renamed in SASLv2. + * + * SASLv2's sasl_server_new takes two new parameters to specify local and + * remote IP addresses for auth mechs that use them. + * + * SASLv2's sasl_server_start and sasl_server_step no longer have the errstr + * parameter. + * + * SASLv2's sasl_decode64 function takes an extra parameter for the length of + * the output buffer. + * + * The other major change is that SASLv2 now takes more responsibility for + * deallocating memory that it allocates internally. Thus, some of the + * function parameters are now 'const', to make sure we don't try to free + * them too. This is dealt with in the code later on. + */ + +#if SASL_VERSION_MAJOR < 2 +/* SASL version 1.x */ +#define SASL_LOG_WARN SASL_LOG_WARNING +#define SASL_LOG_NOTE SASL_LOG_INFO +#define SASL_SERVER_NEW(srv, fqdn, rlm, lport, rport, cb, secflags, pconn) \ + sasl_server_new(srv, fqdn, rlm, cb, secflags, pconn) +#define SASL_SERVER_START(conn, mech, clin, clinlen, srvout, srvoutlen, err) \ + sasl_server_start(conn, mech, clin, clinlen, srvout, srvoutlen, err) +#define SASL_SERVER_STEP(conn, clin, clinlen, srvout, srvoutlen, err) \ + sasl_server_step(conn, clin, clinlen, srvout, srvoutlen, err) +#define SASL_DECODE64(in, inlen, out, outmaxlen, outlen) \ + sasl_decode64(in, inlen, out, outlen) +#endif + +#if SASL_VERSION_MAJOR >= 2 +/* SASL version > 2.x */ +#define SASL_SERVER_NEW(srv, fqdn, rlm, lport, rport, cb, secflags, pconn) \ + sasl_server_new(srv, fqdn, rlm, lport, rport, cb, secflags, pconn) +#define SASL_SERVER_START(conn, mech, clin, clinlen, srvout, srvoutlen, err) \ + sasl_server_start(conn, mech, clin, clinlen, srvout, srvoutlen) +#define SASL_SERVER_STEP(conn, clin, clinlen, srvout, srvoutlen, err) \ + sasl_server_step(conn, clin, clinlen, srvout, srvoutlen) +#define SASL_DECODE64(in, inlen, out, outmaxlen, outlen) \ + sasl_decode64(in, inlen, out, outmaxlen, outlen) +#endif + /* smtpd_sasl_log - SASL logging callback */ static int smtpd_sasl_log(void *unused_context, int priority, @@ -117,13 +163,18 @@ static int smtpd_sasl_log(void *unused_context, int priority, { switch (priority) { case SASL_LOG_ERR: - case SASL_LOG_WARNING: + case SASL_LOG_WARN: msg_warn("SASL authentication problem: %s", message); break; - case SASL_LOG_INFO: + case SASL_LOG_NOTE: if (msg_verbose) msg_info("SASL authentication info: %s", message); break; +#if SASL_VERSION_MAJOR >= 2 + case SASL_LOG_FAIL: + msg_warn("SASL authentication failure: %s", message); + break; +#endif } return SASL_OK; } @@ -144,12 +195,14 @@ static NAME_MASK smtpd_sasl_mask[] = { "noactive", SASL_SEC_NOACTIVE, "nodictionary", SASL_SEC_NODICTIONARY, "noanonymous", SASL_SEC_NOANONYMOUS, +#if SASL_VERSION_MAJOR >= 2 + "mutual_auth", SASL_SEC_MUTUAL_AUTH, +#endif 0, }; static int smtpd_sasl_opts; - /* smtpd_sasl_initialize - per-process initialization */ void smtpd_sasl_initialize(void) @@ -174,6 +227,8 @@ void smtpd_sasl_connect(SMTPD_STATE *state) { unsigned sasl_mechanism_count; sasl_security_properties_t sec_props; + char *server_address; + char *client_address; /* * Initialize SASL-specific state variables. Use long-lived storage for @@ -195,7 +250,25 @@ void smtpd_sasl_connect(SMTPD_STATE *state) #define NO_SECURITY_LAYERS (0) #define NO_SESSION_CALLBACKS ((sasl_callback_t *) 0) - if (sasl_server_new("smtp", var_myhostname, var_smtpd_sasl_realm, +#if SASL_VERSION_MAJOR >= 2 && defined(USE_SASL_IP_AUTH) + + /* + * Get IP addresses of local and remote endpoints for SASL. + */ +#error "USE_SASL_IP_AUTH is not implemented" + +#else + + /* + * Don't give any IP address information to SASL. SASLv1 doesn't use it, + * and in SASLv2 this will disable any mechaniams that do. + */ + server_address = 0; + client_address = 0; +#endif + + if (SASL_SERVER_NEW("smtp", var_myhostname, var_smtpd_sasl_realm, + server_address, client_address, NO_SESSION_CALLBACKS, NO_SECURITY_LAYERS, &state->sasl_conn) != SASL_OK) msg_fatal("SASL per-connection server initialization"); @@ -239,7 +312,10 @@ void smtpd_sasl_connect(SMTPD_STATE *state) void smtpd_sasl_disconnect(SMTPD_STATE *state) { if (state->sasl_mechanism_list) { +#if SASL_VERSION_MAJOR < 2 + /* SASL version 1 doesn't free memory that it allocates. */ free(state->sasl_mechanism_list); +#endif state->sasl_mechanism_list = 0; } if (state->sasl_conn) { @@ -262,11 +338,22 @@ char *smtpd_sasl_authenticate(SMTPD_STATE *state, unsigned enc_length; unsigned enc_length_out; unsigned reply_len; - char *serverout = 0; unsigned serveroutlen; int result; + +#if SASL_VERSION_MAJOR < 2 + char *serverout = 0; + +#else + const char *serverout = 0; + +#endif + +#if SASL_VERSION_MAJOR < 2 const char *errstr = 0; +#endif + #define IFELSE(e1,e2,e3) ((e1) ? (e2) : (e3)) if (msg_verbose) @@ -288,8 +375,8 @@ char *smtpd_sasl_authenticate(SMTPD_STATE *state, reply_len = strlen(init_response); VSTRING_SPACE(state->sasl_decoded, reply_len); dec_buffer = STR(state->sasl_decoded); - if (sasl_decode64(init_response, reply_len, - dec_buffer, &dec_length) != SASL_OK) + if (SASL_DECODE64(init_response, reply_len, + dec_buffer, reply_len, &dec_length) != SASL_OK) return ("501 Authentication failed: malformed initial response"); if (msg_verbose) msg_info("%s: decoded initial response %s", myname, dec_buffer); @@ -297,7 +384,7 @@ char *smtpd_sasl_authenticate(SMTPD_STATE *state, dec_buffer = 0; dec_length = 0; } - result = sasl_server_start(state->sasl_conn, sasl_method, dec_buffer, + result = SASL_SERVER_START(state->sasl_conn, sasl_method, dec_buffer, dec_length, &serverout, &serveroutlen, &errstr); /* @@ -327,7 +414,10 @@ char *smtpd_sasl_authenticate(SMTPD_STATE *state, if (sasl_encode64(serverout, serveroutlen, STR(state->sasl_encoded), enc_length, &enc_length_out) != SASL_OK) msg_panic("%s: sasl_encode64 botch", myname); +#if SASL_VERSION_MAJOR < 2 + /* SASL version 1 doesn't free memory that it allocates. */ free(serverout); +#endif serverout = 0; smtpd_chat_reply(state, "334 %s", STR(state->sasl_encoded)); @@ -342,21 +432,24 @@ char *smtpd_sasl_authenticate(SMTPD_STATE *state, return ("501 Authentication aborted"); /* XXX */ reply_len = VSTRING_LEN(state->buffer); VSTRING_SPACE(state->sasl_decoded, reply_len); - if (sasl_decode64(vstring_str(state->buffer), reply_len, - STR(state->sasl_decoded), &dec_length) != SASL_OK) + if (SASL_DECODE64(vstring_str(state->buffer), reply_len, + STR(state->sasl_decoded), reply_len, + &dec_length) != SASL_OK) return ("501 Error: malformed authentication response"); if (msg_verbose) msg_info("%s: decoded response: %.*s", myname, (int) dec_length, STR(state->sasl_decoded)); - result = sasl_server_step(state->sasl_conn, STR(state->sasl_decoded), + result = SASL_SERVER_STEP(state->sasl_conn, STR(state->sasl_decoded), dec_length, &serverout, &serveroutlen, &errstr); } /* * Cleanup. What an awful interface. */ +#if SASL_VERSION_MAJOR < 2 if (serverout) free(serverout); +#endif /* * The authentication protocol was completed. @@ -369,8 +462,13 @@ char *smtpd_sasl_authenticate(SMTPD_STATE *state, * accounting purposes. For the sake of completeness we also record the * authentication method that was used. XXX Do not free(serverout). */ +#if SASL_VERSION_MAJOR >= 2 + result = sasl_getprop(state->sasl_conn, SASL_USERNAME, + (const void **) &serverout); +#else result = sasl_getprop(state->sasl_conn, SASL_USERNAME, (void **) &serverout); +#endif if (result != SASL_OK || serverout == 0) msg_panic("%s: sasl_getprop SASL_USERNAME botch", myname); state->sasl_username = mystrdup(serverout); diff --git a/postfix/src/trivial-rewrite/rewrite.c b/postfix/src/trivial-rewrite/rewrite.c index e1ae59cf7..9ff6a12f0 100644 --- a/postfix/src/trivial-rewrite/rewrite.c +++ b/postfix/src/trivial-rewrite/rewrite.c @@ -118,7 +118,8 @@ void rewrite_tree(char *unused_ruleset, TOK822 *tree) * Strip source route. */ if (tree->head->type == '@' - && (colon = tok822_find_type(tree->head, ':')) != 0) + && (colon = tok822_find_type(tree->head, ':')) != 0 + && colon != tree->tail) tok822_free_tree(tok822_sub_keep_after(tree, colon)); /* diff --git a/postfix/src/trivial-rewrite/trivial-rewrite.c b/postfix/src/trivial-rewrite/trivial-rewrite.c index 2b3c808eb..71dc8b2f1 100644 --- a/postfix/src/trivial-rewrite/trivial-rewrite.c +++ b/postfix/src/trivial-rewrite/trivial-rewrite.c @@ -92,7 +92,7 @@ /* .sp /* Syntax is \fItransport\fR:\fInexthop\fR; see \fBtransport\fR(5) /* for details. The :\fInexthop\fR part is optional. -/* .IP "\fBparent_domain_matches_subdomains\fR (versions >= 20011119)" +/* .IP \fBparent_domain_matches_subdomains\fR /* List of Postfix features that use \fIdomain.name\fR patterns /* to match \fIsub.domain.name\fR (as opposed to /* requiring \fI.domain.name\fR patterns). diff --git a/postfix/src/util/Makefile.in b/postfix/src/util/Makefile.in index e483e6c76..0d0315261 100644 --- a/postfix/src/util/Makefile.in +++ b/postfix/src/util/Makefile.in @@ -26,7 +26,7 @@ SRCS = alldig.c argv.c argv_split.c attr_print0.c attr_print64.c \ unix_connect.c unix_listen.c unix_trigger.c unsafe.c username.c \ valid_hostname.c vbuf.c vbuf_print.c vstream.c vstream_popen.c \ vstring.c vstring_vstream.c watchdog.c writable.c write_buf.c \ - write_wait.c + write_wait.c strcasecmp.c OBJS = alldig.o argv.o argv_split.o attr_print0.o attr_print64.o \ attr_scan0.o attr_scan64.o base64_code.o basename.o binhash.o \ chroot_uid.o clean_env.o close_on_exec.o concatenate.o ctable.o \ @@ -54,7 +54,7 @@ OBJS = alldig.o argv.o argv_split.o attr_print0.o attr_print64.o \ unix_connect.o unix_listen.o unix_trigger.o unsafe.o username.o \ valid_hostname.o vbuf.o vbuf_print.o vstream.o vstream_popen.o \ vstring.o vstring_vstream.o watchdog.o writable.o write_buf.o \ - write_wait.o + write_wait.o $(STRCASE) HDRS = argv.h attr.h base64_code.h binhash.h chroot_uid.h clean_env.h \ connect.h ctable.h dict.h dict_db.h dict_dbm.h dict_env.h \ dict_ht.h dict_ldap.h dict_mysql.h dict_ni.h dict_nis.h \ diff --git a/postfix/src/util/dict.c b/postfix/src/util/dict.c index 5fd308879..92fedc57e 100644 --- a/postfix/src/util/dict.c +++ b/postfix/src/util/dict.c @@ -508,11 +508,11 @@ int dict_changed(void) ht_info_list = htable_list(dict_table); for (status = 0, ht = ht_info_list; status == 0 && (h = *ht) != 0; ht++) { dict = ((DICT_NODE *) h->value)->dict; - if (dict->fd < 0) /* not file-based */ + if (dict->stat_fd < 0) /* not file-based */ continue; if (dict->mtime == 0) /* not bloody likely */ msg_warn("%s: table %s: null time stamp", myname, h->key); - if (fstat(dict->fd, &st) < 0) + if (fstat(dict->stat_fd, &st) < 0) msg_fatal("%s: fstat: %m", myname); status = (st.st_mtime != dict->mtime || st.st_nlink == 0); } diff --git a/postfix/src/util/dict.h b/postfix/src/util/dict.h index 1d9d8c4a1..9cad9f0e4 100644 --- a/postfix/src/util/dict.h +++ b/postfix/src/util/dict.h @@ -35,7 +35,8 @@ typedef struct DICT { int (*delete) (struct DICT *, const char *); int (*sequence) (struct DICT *, int, const char **, const char **); void (*close) (struct DICT *); - int fd; /* for dict_update() lock */ + int lock_fd; /* for dict_update() lock */ + int stat_fd; /* change detection */ time_t mtime; /* mod time at open */ } DICT; diff --git a/postfix/src/util/dict_alloc.c b/postfix/src/util/dict_alloc.c index 005e47aef..6ea4980c1 100644 --- a/postfix/src/util/dict_alloc.c +++ b/postfix/src/util/dict_alloc.c @@ -116,7 +116,8 @@ DICT *dict_alloc(const char *dict_type, const char *dict_name, int size) dict->delete = dict_default_delete; dict->sequence = dict_default_sequence; dict->close = dict_default_close; - dict->fd = -1; + dict->lock_fd = -1; + dict->stat_fd = -1; dict->mtime = 0; return dict; } diff --git a/postfix/src/util/dict_db.c b/postfix/src/util/dict_db.c index 69518e10f..9eeb3a780 100644 --- a/postfix/src/util/dict_db.c +++ b/postfix/src/util/dict_db.c @@ -158,7 +158,7 @@ static const char *dict_db_lookup(DICT *dict, const char *name) * Acquire a shared lock. */ if ((dict->flags & DICT_FLAG_LOCK) - && myflock(dict->fd, INTERNAL_LOCK, MYFLOCK_OP_SHARED) < 0) + && myflock(dict->lock_fd, INTERNAL_LOCK, MYFLOCK_OP_SHARED) < 0) msg_fatal("%s: lock dictionary: %m", dict_db->dict.name); /* @@ -198,7 +198,7 @@ static const char *dict_db_lookup(DICT *dict, const char *name) * Release the shared lock. */ if ((dict->flags & DICT_FLAG_LOCK) - && myflock(dict->fd, INTERNAL_LOCK, MYFLOCK_OP_NONE) < 0) + && myflock(dict->lock_fd, INTERNAL_LOCK, MYFLOCK_OP_NONE) < 0) msg_fatal("%s: unlock dictionary: %m", dict_db->dict.name); return (result); @@ -246,7 +246,7 @@ static void dict_db_update(DICT *dict, const char *name, const char *value) * Acquire an exclusive lock. */ if ((dict->flags & DICT_FLAG_LOCK) - && myflock(dict->fd, INTERNAL_LOCK, MYFLOCK_OP_EXCLUSIVE) < 0) + && myflock(dict->lock_fd, INTERNAL_LOCK, MYFLOCK_OP_EXCLUSIVE) < 0) msg_fatal("%s: lock dictionary: %m", dict_db->dict.name); /* @@ -271,7 +271,7 @@ static void dict_db_update(DICT *dict, const char *name, const char *value) * Release the exclusive lock. */ if ((dict->flags & DICT_FLAG_LOCK) - && myflock(dict->fd, INTERNAL_LOCK, MYFLOCK_OP_NONE) < 0) + && myflock(dict->lock_fd, INTERNAL_LOCK, MYFLOCK_OP_NONE) < 0) msg_fatal("%s: unlock dictionary: %m", dict_db->dict.name); } @@ -289,7 +289,7 @@ static int dict_db_delete(DICT *dict, const char *name) * Acquire an exclusive lock. */ if ((dict->flags & DICT_FLAG_LOCK) - && myflock(dict->fd, INTERNAL_LOCK, MYFLOCK_OP_EXCLUSIVE) < 0) + && myflock(dict->lock_fd, INTERNAL_LOCK, MYFLOCK_OP_EXCLUSIVE) < 0) msg_fatal("%s: lock dictionary: %m", dict_db->dict.name); /* @@ -325,7 +325,7 @@ static int dict_db_delete(DICT *dict, const char *name) * Release the exclusive lock. */ if ((dict->flags & DICT_FLAG_LOCK) - && myflock(dict->fd, INTERNAL_LOCK, MYFLOCK_OP_NONE) < 0) + && myflock(dict->lock_fd, INTERNAL_LOCK, MYFLOCK_OP_NONE) < 0) msg_fatal("%s: unlock dictionary: %m", dict_db->dict.name); return status; @@ -367,7 +367,7 @@ static int dict_db_sequence(DICT *dict, const int function, * Acquire an exclusive lock. */ if ((dict->flags & DICT_FLAG_LOCK) - && myflock(dict->fd, INTERNAL_LOCK, MYFLOCK_OP_EXCLUSIVE) < 0) + && myflock(dict->lock_fd, INTERNAL_LOCK, MYFLOCK_OP_EXCLUSIVE) < 0) msg_fatal("%s: lock dictionary: %m", dict_db->dict.name); if ((status = db->seq(db, &db_key, &db_value, db_function)) < 0) @@ -377,7 +377,7 @@ static int dict_db_sequence(DICT *dict, const int function, * Release the exclusive lock. */ if ((dict->flags & DICT_FLAG_LOCK) - && myflock(dict->fd, INTERNAL_LOCK, MYFLOCK_OP_NONE) < 0) + && myflock(dict->lock_fd, INTERNAL_LOCK, MYFLOCK_OP_NONE) < 0) msg_fatal("%s: unlock dictionary: %m", dict_db->dict.name); if (status == 0) { @@ -435,6 +435,23 @@ static DICT *dict_db_open(const char *class, const char *path, int open_flags, #if DB_VERSION_MAJOR > 1 int db_flags; +#endif + + /* + * Mismatches between #include file and library are a common cause for + * trouble. + */ +#if DB_VERSION_MAJOR > 1 + int major_version; + int minor_version; + int patch_version; + + (void) db_version(&major_version, &minor_version, &patch_version); + if (major_version != DB_VERSION_MAJOR) + msg_fatal("incorrect version of Berkeley DB: " + "compiled against %d.%d.%d, linked against %d.%d.%d", + DB_VERSION_MAJOR, DB_VERSION_MINOR, DB_VERSION_PATCH, + major_version, minor_version, patch_version); #endif db_path = concatenate(path, ".db", (char *) 0); @@ -520,8 +537,9 @@ static DICT *dict_db_open(const char *class, const char *path, int open_flags, dict_db->dict.delete = dict_db_delete; dict_db->dict.sequence = dict_db_sequence; dict_db->dict.close = dict_db_close; - dict_db->dict.fd = dbfd; - if (fstat(dict_db->dict.fd, &st) < 0) + dict_db->dict.lock_fd = dbfd; + dict_db->dict.stat_fd = dbfd; + if (fstat(dict_db->dict.stat_fd, &st) < 0) msg_fatal("dict_db_open: fstat: %m"); dict_db->dict.mtime = st.st_mtime; @@ -535,7 +553,8 @@ static DICT *dict_db_open(const char *class, const char *path, int open_flags, && st.st_mtime < time((time_t *) 0) - 100) msg_warn("database %s is older than source file %s", db_path, path); - close_on_exec(dict_db->dict.fd, CLOSE_ON_EXEC); + close_on_exec(dict_db->dict.lock_fd, CLOSE_ON_EXEC); + close_on_exec(dict_db->dict.stat_fd, CLOSE_ON_EXEC); dict_db->dict.flags = dict_flags | DICT_FLAG_FIXED; if ((dict_flags & (DICT_FLAG_TRY1NULL | DICT_FLAG_TRY0NULL)) == 0) dict_db->dict.flags |= (DICT_FLAG_TRY1NULL | DICT_FLAG_TRY0NULL); diff --git a/postfix/src/util/dict_dbm.c b/postfix/src/util/dict_dbm.c index 575d5eb54..23e1d58d2 100644 --- a/postfix/src/util/dict_dbm.c +++ b/postfix/src/util/dict_dbm.c @@ -84,7 +84,7 @@ static const char *dict_dbm_lookup(DICT *dict, const char *name) * Acquire an exclusive lock. */ if ((dict->flags & DICT_FLAG_LOCK) - && myflock(dict->fd, INTERNAL_LOCK, MYFLOCK_OP_SHARED) < 0) + && myflock(dict->lock_fd, INTERNAL_LOCK, MYFLOCK_OP_SHARED) < 0) msg_fatal("%s: lock dictionary: %m", dict_dbm->dict.name); /* @@ -122,7 +122,7 @@ static const char *dict_dbm_lookup(DICT *dict, const char *name) * Release the exclusive lock. */ if ((dict->flags & DICT_FLAG_LOCK) - && myflock(dict->fd, INTERNAL_LOCK, MYFLOCK_OP_NONE) < 0) + && myflock(dict->lock_fd, INTERNAL_LOCK, MYFLOCK_OP_NONE) < 0) msg_fatal("%s: unlock dictionary: %m", dict_dbm->dict.name); return (result); @@ -167,7 +167,7 @@ static void dict_dbm_update(DICT *dict, const char *name, const char *value) * Acquire an exclusive lock. */ if ((dict->flags & DICT_FLAG_LOCK) - && myflock(dict->fd, INTERNAL_LOCK, MYFLOCK_OP_EXCLUSIVE) < 0) + && myflock(dict->lock_fd, INTERNAL_LOCK, MYFLOCK_OP_EXCLUSIVE) < 0) msg_fatal("%s: lock dictionary: %m", dict_dbm->dict.name); /* @@ -189,7 +189,7 @@ static void dict_dbm_update(DICT *dict, const char *name, const char *value) * Release the exclusive lock. */ if ((dict->flags & DICT_FLAG_LOCK) - && myflock(dict->fd, INTERNAL_LOCK, MYFLOCK_OP_NONE) < 0) + && myflock(dict->lock_fd, INTERNAL_LOCK, MYFLOCK_OP_NONE) < 0) msg_fatal("%s: unlock dictionary: %m", dict_dbm->dict.name); } @@ -206,7 +206,7 @@ static int dict_dbm_delete(DICT *dict, const char *name) * Acquire an exclusive lock. */ if ((dict->flags & DICT_FLAG_LOCK) - && myflock(dict->fd, INTERNAL_LOCK, MYFLOCK_OP_EXCLUSIVE) < 0) + && myflock(dict->lock_fd, INTERNAL_LOCK, MYFLOCK_OP_EXCLUSIVE) < 0) msg_fatal("%s: lock dictionary: %m", dict_dbm->dict.name); /* @@ -247,7 +247,7 @@ static int dict_dbm_delete(DICT *dict, const char *name) * Release the exclusive lock. */ if ((dict->flags & DICT_FLAG_LOCK) - && myflock(dict->fd, INTERNAL_LOCK, MYFLOCK_OP_NONE) < 0) + && myflock(dict->lock_fd, INTERNAL_LOCK, MYFLOCK_OP_NONE) < 0) msg_fatal("%s: unlock dictionary: %m", dict_dbm->dict.name); return (status); @@ -270,7 +270,7 @@ static int dict_dbm_sequence(DICT *dict, const int function, * Acquire an exclusive lock. */ if ((dict->flags & DICT_FLAG_LOCK) - && myflock(dict->fd, INTERNAL_LOCK, MYFLOCK_OP_EXCLUSIVE) < 0) + && myflock(dict->lock_fd, INTERNAL_LOCK, MYFLOCK_OP_EXCLUSIVE) < 0) msg_fatal("%s: lock dictionary: %m", dict_dbm->dict.name); /* @@ -291,7 +291,7 @@ static int dict_dbm_sequence(DICT *dict, const int function, * Release the exclusive lock. */ if ((dict->flags & DICT_FLAG_LOCK) - && myflock(dict->fd, INTERNAL_LOCK, MYFLOCK_OP_NONE) < 0) + && myflock(dict->lock_fd, INTERNAL_LOCK, MYFLOCK_OP_NONE) < 0) msg_fatal("%s: unlock dictionary: %m", dict_dbm->dict.name); if (dbm_key.dptr != 0 && dbm_key.dsize > 0) { @@ -379,7 +379,7 @@ DICT *dict_dbm_open(const char *path, int open_flags, int dict_flags) * time domain) locks while rewriting the entire file. */ if (dict_flags & DICT_FLAG_LOCK) { - dbm_path = concatenate(path, ".pag", (char *) 0); + dbm_path = concatenate(path, ".dir", (char *) 0); if ((lock_fd = open(dbm_path, open_flags, 0644)) < 0) msg_fatal("open database %s: %m", dbm_path); if (myflock(lock_fd, INTERNAL_LOCK, MYFLOCK_OP_SHARED) < 0) @@ -404,8 +404,9 @@ DICT *dict_dbm_open(const char *path, int open_flags, int dict_flags) dict_dbm->dict.delete = dict_dbm_delete; dict_dbm->dict.sequence = dict_dbm_sequence; dict_dbm->dict.close = dict_dbm_close; - dict_dbm->dict.fd = dbm_pagfno(dbm); - if (fstat(dict_dbm->dict.fd, &st) < 0) + dict_dbm->dict.lock_fd = dbm_dirfno(dbm); + dict_dbm->dict.stat_fd = dbm_pagfno(dbm); + if (fstat(dict_dbm->dict.stat_fd, &st) < 0) msg_fatal("dict_dbm_open: fstat: %m"); dict_dbm->dict.mtime = st.st_mtime; diff --git a/postfix/src/util/dict_ldap.c b/postfix/src/util/dict_ldap.c index ed41246f0..2cf8936c4 100644 --- a/postfix/src/util/dict_ldap.c +++ b/postfix/src/util/dict_ldap.c @@ -100,6 +100,14 @@ #include #include +/* Handle differences between LDAP SDK's constant definitions */ +#ifndef LDAP_CONST +#define LDAP_CONST const +#endif +#ifndef LDAP_OPT_SUCCESS +#define LDAP_OPT_SUCCESS 0 +#endif + /* Utility library. */ #include "match_list.h" @@ -146,8 +154,10 @@ typedef struct { */ static jmp_buf env; -static void dict_ldap_logprint(LDAP_CONST char *data) { +static void dict_ldap_logprint(LDAP_CONST char *data) +{ char *myname = "dict_ldap_debug"; + msg_info("%s: %s", myname, data); } @@ -165,6 +175,7 @@ static int dict_ldap_connect(DICT_LDAP *dict_ldap) #ifdef LDAP_API_FEATURE_X_MEMCACHE LDAPMemCache *dircache; + #endif #ifdef LDAP_OPT_NETWORK_TIMEOUT @@ -190,8 +201,8 @@ static int dict_ldap_connect(DICT_LDAP *dict_ldap) mytimeval.tv_sec = dict_ldap->timeout; mytimeval.tv_usec = 0; if (ldap_set_option(dict_ldap->ld, LDAP_OPT_NETWORK_TIMEOUT, &mytimeval) != - LDAP_OPT_SUCCESS) - msg_warn("%s: Unable to set network timeout.", myname); + LDAP_OPT_SUCCESS) + msg_warn("%s: Unable to set network timeout.", myname); #else if ((saved_alarm = signal(SIGALRM, dict_ldap_timeout)) == SIG_ERR) { msg_warn("%s: Error setting signal handler for open timeout: %m", @@ -227,19 +238,20 @@ static int dict_ldap_connect(DICT_LDAP *dict_ldap) */ #if (LDAP_API_VERSION >= 2000) if (ldap_set_option(dict_ldap->ld, LDAP_OPT_DEREF, - &(dict_ldap->dereference)) != LDAP_OPT_SUCCESS) + &(dict_ldap->dereference)) != LDAP_OPT_SUCCESS) msg_warn("%s: Unable to set dereference option.", myname); #else dict_ldap->ld->ld_deref = dict_ldap->dereference; #endif #if defined(LDAP_OPT_DEBUG_LEVEL) && defined(LBER_OPT_LOG_PRINT_FN) - if(ber_set_option(NULL, LBER_OPT_LOG_PRINT_FN, - (LDAP_CONST *)dict_ldap_logprint) != LBER_OPT_SUCCESS) - msg_warn("%s: Unable to set ber logprint function.", myname); - if(ldap_set_option(dict_ldap->ld, LDAP_OPT_DEBUG_LEVEL, - &(dict_ldap->debuglevel)) != LDAP_OPT_SUCCESS) - msg_warn("%s: Unable to set LDAP debug level.", myname); + if (dict_ldap->debuglevel > 0 && + ber_set_option(NULL, LBER_OPT_LOG_PRINT_FN, + (LDAP_CONST *) dict_ldap_logprint) != LBER_OPT_SUCCESS) + msg_warn("%s: Unable to set ber logprint function.", myname); + if (ldap_set_option(dict_ldap->ld, LDAP_OPT_DEBUG_LEVEL, + &(dict_ldap->debuglevel)) != LDAP_OPT_SUCCESS) + msg_warn("%s: Unable to set LDAP debug level.", myname); #endif @@ -293,7 +305,7 @@ static int dict_ldap_connect(DICT_LDAP *dict_ldap) } else { if (msg_verbose) msg_info("%s: Caching enabled for %s", - myname, dict_ldap->ldapsource); + myname, dict_ldap->ldapsource); } } #else @@ -400,21 +412,23 @@ static void dict_ldap_get_values(DICT_LDAP *dict_ldap, LDAPMessage * res, 0, &tv, &resloop); } switch (rc) { - case LDAP_SUCCESS: - dict_ldap_get_values(dict_ldap, resloop, result); - break; - case LDAP_NO_SUCH_OBJECT: - /* Go ahead and treat this as though the DN existed - * and just didn't have any result attributes. - */ - msg_warn("%s: DN %s not found, skipping ", myname, - vals[i]); - break; - default: - msg_warn("%s: search error %d: %s ", myname, rc, + case LDAP_SUCCESS: + dict_ldap_get_values(dict_ldap, resloop, result); + break; + case LDAP_NO_SUCH_OBJECT: + + /* + * Go ahead and treat this as though the DN existed + * and just didn't have any result attributes. + */ + msg_warn("%s: DN %s not found, skipping ", myname, + vals[i]); + break; + default: + msg_warn("%s: search error %d: %s ", myname, rc, ldap_err2string(rc)); - dict_errno = DICT_ERR_RETRY; - break; + dict_errno = DICT_ERR_RETRY; + break; } if (resloop != 0) @@ -454,11 +468,12 @@ static const char *dict_ldap_lookup(DICT *dict, const char *name) * load on the LDAP server. */ if (dict_ldap->domain) { - const char *p=strrchr(name,'@'); + const char *p = strrchr(name, '@'); + if (p != 0) - p=p+1; + p = p + 1; else - p=name; + p = name; if (match_list_match(dict_ldap->domain, p) == 0) { if (msg_verbose) msg_info("%s: domain of %s not found in domain list", myname, @@ -566,31 +581,32 @@ static const char *dict_ldap_lookup(DICT *dict, const char *name) /* * Make sure it's %[sud] and not something else. For backward - * compatibilty, treat anything other than %u or %d as %s, with - * a warning. + * compatibilty, treat anything other than %u or %d as %s, with a + * warning. */ if (*(sub) == '%') { - char *u=vstring_str(escaped_name); - char *p=strchr(u,'@'); - switch (*(sub+1)) { - case 'd': - if (p) - vstring_strcat(filter_buf, p+1); - break; - case 'u': - if (p) - vstring_strncat(filter_buf, u, p-u); - else - vstring_strcat(filter_buf, u); - break; - default: - msg_warn - ("%s: Invalid lookup substitution format '%%%c'!", - myname, *(sub + 1)); - /* fall through */ - case 's': + char *u = vstring_str(escaped_name); + char *p = strchr(u, '@'); + + switch (*(sub + 1)) { + case 'd': + if (p) + vstring_strcat(filter_buf, p + 1); + break; + case 'u': + if (p) + vstring_strncat(filter_buf, u, p - u); + else vstring_strcat(filter_buf, u); - break; + break; + default: + msg_warn + ("%s: Invalid lookup substitution format '%%%c'!", + myname, *(sub + 1)); + /* fall through */ + case 's': + vstring_strcat(filter_buf, u); + break; } sub++; } else @@ -614,8 +630,8 @@ static const char *dict_ldap_lookup(DICT *dict, const char *name) if (rc == LDAP_SERVER_DOWN) { if (msg_verbose) - msg_info("%s: Lost connection for LDAP source %s, reopening", - myname, dict_ldap->ldapsource); + msg_info("%s: Lost connection for LDAP source %s, reopening", + myname, dict_ldap->ldapsource); ldap_unbind(dict_ldap->ld); dict_ldap->ld = NULL; @@ -625,7 +641,7 @@ static const char *dict_ldap_lookup(DICT *dict, const char *name) * if dict_ldap_connect() set dict_errno, abort. */ if (dict_errno) - return (0); + return (0); rc = ldap_search_st(dict_ldap->ld, dict_ldap->search_base, dict_ldap->scope, @@ -634,7 +650,6 @@ static const char *dict_ldap_lookup(DICT *dict, const char *name) 0, &tv, &res); } - if (rc == LDAP_SUCCESS) { /* @@ -650,7 +665,7 @@ static const char *dict_ldap_lookup(DICT *dict, const char *name) #if (LDAP_API_VERSION >= 2000) if (ldap_get_option(dict_ldap->ld, LDAP_OPT_ERROR_NUMBER, &rc) != - LDAP_OPT_SUCCESS) + LDAP_OPT_SUCCESS) msg_warn("%s: Unable to get last error number.", myname); if (rc != LDAP_SUCCESS && rc != LDAP_DECODING_ERROR) msg_warn("%s: Had some trouble with entries returned by search: %s", myname, ldap_err2string(rc)); @@ -694,7 +709,7 @@ static const char *dict_ldap_lookup(DICT *dict, const char *name) ldap_msgfree(res); if (filter_buf != 0) vstring_free(filter_buf); - if (escaped_name != 0) + if (escaped_name != 0) vstring_free(escaped_name); /* @@ -956,7 +971,7 @@ DICT *dict_ldap_open(const char *ldapsource, int dummy, int dict_flags) #if defined(LDAP_OPT_DEBUG_LEVEL) && defined(LBER_OPT_LOG_PRINT_FN) vstring_sprintf(config_param, "%s_debuglevel", ldapsource); dict_ldap->debuglevel = get_mail_conf_int(vstring_str(config_param), 0, 0, - 0); + 0); if (msg_verbose) msg_info("%s: %s is %d", myname, vstring_str(config_param), dict_ldap->debuglevel); @@ -978,7 +993,7 @@ DICT *dict_ldap_open(const char *ldapsource, int dummy, int dict_flags) /* * Otherwise, we're all set. Return the new dict_ldap structure. */ - return (DICT_DEBUG(&dict_ldap->dict)); + return (DICT_DEBUG (&dict_ldap->dict)); } #endif diff --git a/postfix/src/util/netstring.c b/postfix/src/util/netstring.c index 63c6faf3b..3f3e73112 100644 --- a/postfix/src/util/netstring.c +++ b/postfix/src/util/netstring.c @@ -257,6 +257,7 @@ VSTRING *netstring_get(VSTREAM *stream, VSTRING *buf, int limit) if (limit && len > limit) netstring_except(stream, NETSTRING_ERR_SIZE); netstring_get_data(stream, buf, len); + return (buf); } /* netstring_put - send string as netstring */ diff --git a/postfix/src/util/safe_getenv.c b/postfix/src/util/safe_getenv.c index 04ca65935..a769d08ed 100644 --- a/postfix/src/util/safe_getenv.c +++ b/postfix/src/util/safe_getenv.c @@ -10,7 +10,8 @@ /* char *name; /* DESCRIPTION /* The \fBsafe_getenv\fR() routine reads the named variable from the -/* environment, provided that the unsafe() routine agrees. +/* environment, provided that either the process runs with the real +/* and effective user ID of root, or that the unsafe() routine agrees. /* SEE ALSO /* unsafe(3), detect non-user privileges /* LICENSE @@ -37,5 +38,6 @@ char *safe_getenv(const char *name) { - return (unsafe() == 0 ? getenv(name) : 0); + return ((getuid() == 0 && geteuid() == 0) || unsafe() == 0 ? + getenv(name) : 0); } diff --git a/postfix/src/util/strcasecmp.c b/postfix/src/util/strcasecmp.c new file mode 100644 index 000000000..6ed467134 --- /dev/null +++ b/postfix/src/util/strcasecmp.c @@ -0,0 +1,66 @@ +/* + * Copyright (c) 1987, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#if defined(LIBC_SCCS) && !defined(lint) +static char sccsid[] = "@(#)strcasecmp.c 8.1 (Berkeley) 6/4/93"; +#endif /* LIBC_SCCS and not lint */ + +#include +#include + +int strcasecmp(const char *s1, const char *s2) +{ + const unsigned char *us1 = (const unsigned char *) s1; + const unsigned char *us2 = (const unsigned char *) s2; + + while (TOLOWER(*us1) == TOLOWER(*us2++)) + if (*us1++ == '\0') + return (0); + return (TOLOWER(*us1) - TOLOWER(*--us2)); +} + +int strncasecmp(const char *s1, const char *s2, size_t n) +{ + if (n != 0) { + const unsigned char *us1 = (const unsigned char *) s1; + const unsigned char *us2 = (const unsigned char *) s2; + + do { + if (TOLOWER(*us1) != TOLOWER(*us2++)) + return (TOLOWER(*us1) - TOLOWER(*--us2)); + if (*us1++ == '\0') + break; + } while (--n != 0); + } + return (0); +} diff --git a/postfix/src/util/sys_defs.h b/postfix/src/util/sys_defs.h index 5a6cd3296..19d10d617 100644 --- a/postfix/src/util/sys_defs.h +++ b/postfix/src/util/sys_defs.h @@ -651,6 +651,7 @@ extern int h_errno; /* It's amazing what is all missing... */ #define isascii(c) ((unsigned)(c)<=0177) extern int opterr; +typedef unsigned short mode_t; #define MISSING_PID_T #define MISSING_STRFTIME_E @@ -701,6 +702,7 @@ extern int opterr; /* It's amazing what is all missing... */ #define isascii(c) ((unsigned)(c)<=0177) extern int opterr; +typedef unsigned short mode_t; #define MISSING_PID_T #define MISSING_STRFTIME_E diff --git a/postfix/src/util/vstream.c b/postfix/src/util/vstream.c index 655bc0a3d..22c59440c 100644 --- a/postfix/src/util/vstream.c +++ b/postfix/src/util/vstream.c @@ -72,6 +72,9 @@ /* int vstream_fileno(stream) /* VSTREAM *stream; /* +/* void *vstream_context(stream) +/* VSTREAM *stream; +/* /* int vstream_ferror(stream) /* VSTREAM *stream; /* @@ -250,6 +253,9 @@ /* a buffered stream. With streams that have separate read/write /* file descriptors, the result is the current descriptor. /* +/* vstream_context() returns the application context that is passed on to +/* the application-specified read/write routines. +/* /* VSTREAM_PATH() is an unsafe macro that returns the name stored /* with vstream_fopen() or with vstream_control(). The macro is /* unsafe because it evaluates some arguments more than once. diff --git a/postfix/src/util/vstream.h b/postfix/src/util/vstream.h index f38259b27..3ec638295 100644 --- a/postfix/src/util/vstream.h +++ b/postfix/src/util/vstream.h @@ -90,6 +90,7 @@ extern VSTREAM *vstream_fdopen(int, int); #define VSTREAM_GETCHAR() VSTREAM_GETC(VSTREAM_IN) #define vstream_fileno(vp) ((vp)->fd) +#define vstream_context(vp) ((vp)->context) #define vstream_ferror(vp) vbuf_error(&(vp)->buf) #define vstream_feof(vp) vbuf_eof(&(vp)->buf) #define vstream_ftimeout(vp) vbuf_timeout(&(vp)->buf)