mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-28 20:57:56 +00:00
Code Issues Releases Wiki Activity

postfix-1.1.6-20020329

Browse Source
This commit is contained in:
Wietse Venema 2002-03-11 00:00:00 -05:00 committed by Viktor Dukhovni
parent 4203d8f1f3
commit fddaffebfb
140 changed files with 3086 additions and 1937 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
postfix/COMPATIBILITY
View File

@ -7,10 +7,10 @@
aliases yes (can enable/disable mail to /file or |command)
bare newlines yes (but will send CRLF)
blacklisting yes (client name/addr; helo hostname; mail from; rcpt to)
content filter yes
content filter yes (see FILTER_README)
db tables yes (compile time option)
dbm tables yes (compile time option)
delivered-to yes
delivered-to yes (configurable with prepend_delivered_header)
dsn not yet (bounces have DSN form)
errors-to: yes
esmtp yes
@ -20,22 +20,22 @@ flock locking yes (runtime configurable)
home mailbox yes
ident lookup no
ldap tables yes (contributed)
luser relay yes
lmtp support yes (client)
luser relay yes
m4 config no
mail to command yes (configurable for .forward, aliases, :include:)
mail to file yes (configurable for .forward, aliases, :include:)
maildir yes
maildir yes (in home, system mailspool, /file/name/ alias)
mailertable yes (it's called transport)
mailq yes
majordomo yes (edit approve script to delete /delivered-to/i)
mime conversion not yet; postfix uses just-send-eight
missing <> yes (most common address forms)
mysql tables yes (contributed)
netinfo tables yes (contributed)
newaliases yes (main alias database only)
nis tables yes
nis+ tables not yet
no <> in smtp yes (most common address forms)
pipeline option yes (server and client)
pop/imap yes (with third-party daemons that use /var[/spool]/mail)
qmqp server yes (with verp support)
@ -44,18 +44,18 @@ return-receipt: not yet
sasl support yes (compile time option)
sendmail -bt no
sendmail -q yes
sendmail -qRxxx yes
sendmail -qRxxx yes (for domains specified in fast_flush_domains)
sendmail -qSxxx no
sendmail -qtime ignored
sendmail -v no
sendmail -v yes (but does not show delivery)
sendmail.cf no (uses table-driven address rewriting)
size option yes, server and client
smarthost yes
smarthost yes (specify relayhost in main.cf)
tcp wrapper no (use built-in blacklist facility)
user+extension yes (also: .forward+extension)
user-extension yes (also: .forward-extension)
user.lock yes (runtime configurable)
uucp support yes (sends user@domain recipients)
verp support yes (delimiters are configurable)
virtual domains yes
virtual domains yes (via local delivery agent and via dedicated delivery agent)
year 2000 safe yes

35
postfix/COPYRIGHT Normal file
View File

@ -0,0 +1,35 @@
Included for the use of the fix_strcasecmp.c module which works
around a Solaris problem.
/*
* Copyright (c) 1987, 1993
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/

261
postfix/HISTORY
View File

@ -5632,7 +5632,7 @@ Apologies for any names omitted.
20011116
Bugfix: consolidated all the command transaction log resets
and eliminated one missing reset (Victor Duchovny, Morgan
and eliminated one missing reset (Victor Duchovni, Morgan
Stanley). File: smtpd/smtpd.c.
20011118
@ -5831,7 +5831,7 @@ Apologies for any names omitted.
Cleanup: proper detection of big number overflow in EHLO
and MAIL FROM size announcements, with input from Victor
Duchovny, Morgan Stanley. Files: global/off_cvt.c,
Duchovni, Morgan Stanley. Files: global/off_cvt.c,
smtpd/smtpd.c, smtp/smtp_proto.c, util/alldig.c.
Forward compatibility: added queue file record types for
@ -5906,7 +5906,7 @@ Apologies for any names omitted.
Cleanup: SMTPD access maps now return DUNNO (undetermined)
instead of OK when a recipient address contains multiple
domains (user@dom1@dom2, etcetera). Victor Duchovny, Morgan
domains (user@dom1@dom2, etcetera). Victor Duchovni, Morgan
Stanley. File: smtpd/smtpd_check.c.
20020106
@ -5920,7 +5920,7 @@ Apologies for any names omitted.
queue directory, still referenced install.cf when setting
maildrop directory group ownership; and the postfix command
did not export the setgid_group parameter to the postfix-script
shell script. Victor Duchovny.
shell script. Victor Duchovni.
Bugfix: postfix-script, when creating a missing public
queue directory, did not set group ownership of the public
@ -5947,7 +5947,7 @@ Apologies for any names omitted.
20020111
Feedback: feedback, bugfixes, and brain-dead shell workarounds
for the install scripts by Victor Duchovny and Simon Mudd.
for the install scripts by Victor Duchovni and Simon Mudd.
20020113
@ -5960,7 +5960,7 @@ Apologies for any names omitted.
Bugfix: alternate_config_directories did not take comma
or whitespace as separators. File: global/mail_conf.c.
Victor Duchovny, Norgan Stanley.
Victor Duchovni, Morgan Stanley.
Bugfix: the rewritten postfix-install script did not chattr
+S the Postfix queue.
@ -5977,8 +5977,257 @@ Apologies for any names omitted.
that the startup shell scripts produce a consistent result.
Files: postconf.c.
20020117
Portability: patch from LaMont Jones for compiling dict_ldap.c
with the Netscape SDK.
Feature: added "r" (recursive chown/chgrp) flag to the
postfix-files database, for more convenient change of
Postfix queue ownership. Files: conf/postfix-files,
conf/post-install.
20020122
Documentation: lots of little fixes.
Documentation: updates for the VIRTUAL_README file by Victor
Duchovni, Morgan Stanley.
Bugfix: postqueue -s dereferenced a null pointer when given
a numerical domain argument. LaMont Jones, HP.
Cleanup: smtpd now logs a warning when permit_sasl_authenticated
is used while SASL authentication is disabled, instead of
simply ignoring the restriction. LaMont Jones, HP. File:
smtpd/smtpd.c.
Safety: when postmap creates a non-existent file, the new
file inherits group/other read permissions from the source
file. Based on code by LaMont Jones, HP. File:
postmap/postmap.c.
20020123
Portability: some Linux systems install libnsl.so without
libnsl.a file, causing an yp_match undefined reference
problem. File: makedefs.
20020124
Portability: post-install now requests that command_directory
is given on the command line when the postconf command is
in an unusual place.
Safety: extra code to detect and report Berkeley DB version
mismatches between compile time and run time. This test
is limited to mismatches in the major version number only.
File: util/dict_db.c. Based on code by Lawrence Greenfield,
Carnegie-Mellon university.
Safety: the postfix command and the master daemon abort if
they are running set-uid.
Documentation: the postmap manual page described an out of
date input file format.
20020129
Workaround: SCO version 3.2 can't ioctl(FIONREAD) a pipe.
Therefore, input mail flow control is disabled by default.
Files: makedefs, global/mail_params.h, conf/main.cf.
Problem reported by Kurt Andersen, Agilent.
20020201
Workaround: changed the default smtpd_null_access_lookup_key
setting to <>, because some Bezerkeloid DB implementations
can't handle null-length lookup keys. File: global/mail_params.h.
Bugfix: backed out a null-length address panic call by
ignoring the problem, like Postfix did in the past. File:
global/resolve_local.c.
Safety: "postfix check" will now warn if /usr/lib/sendmail
and /usr/sbin/sendmail differ, and will propose to replace
one by a symlink to the other. File: conf/postfix-script.
20020204
Sanity: additional permission checks for "postfix check"
that warn for setgid_group group ownership mismatches. by
Matthias Andree, uni-dortmund.de. File: conf/postfix-script.
Bugfix: "postfix check" used a too simplistic way to
recognize file ownership (grepping ls output). It now uses
the recently discovered "find -prune". Peter Bieringer,
Matthias Andree. File: conf/postfix-script.
20020218
Workaround: log a warning and disconnect when an SMTP client
ignores our negative replies and starts sending message
content without permission. File: smtpd/smtpd.c.
20020220
Bugfix: mismatch in the file being locked by dict_dbm and
the file being locked by postmap, so that locks did not
work correctly. Victor Duchovni, Morgan Stanley.
20020222
Workaround: Solaris bug 4380626: strcasecmp() and strncasecmp()
produce incorrect results with 8-bit characters. For example,
non-ASCII characters could compare equal to ASCII characters,
and that could result in any number of security problems.
Files: util/strcasecmp.c, COPYRIGHT (the BSD license).
Bugfix: off-by-one error, causing a null byte to be written
outside dynamically allocated memory in the queue manager
with addresses of exactly 100 bytes long, resulting in
SIGSEGV on systems with an "exact fit" malloc routine.
Experienced by Ralf Hildebrandt; diagnosed by Victor
Duchovny. Files: *qmgr/qmgr_message.c. This is not a
security problem.
Bugfix: make all recipient comparisons transitive, because
Solaris qsort() causes SIGSEGV errors otherwise. Victor
Duchovny, Morgan Stanley. File: *qmgr/qmgr_message.c.
20020302
Bugfix: don't strip source route (@domain...:) when the
result would be an empty address. This avoids problems when
append_at_myorigin is set to "no" (which is not supported).
Problem reported by Charles McColgan, Big Fish Communications.
File: trivial-rewrite/rewrite.c.
20020304
Cleanup: postqueue should not not complain when output
fails with "broken pipe".
20020308
Bugfix? reply with 550 not 552 when content is rejected.
552 is reserved for "too much mail".
Documentation: add note to sendmail manual page that running
"sendmail -bs" as $mail_owner enables SMTP server UCE and
access control checks. This is meant for use from inetd etc.
Matthias Andree.
20020311
Bugfix: DBM maps should use different files for locking
and for change detection. Problem reported by Victor
Duchovny, Morgan Stanley. Files: util/dict.h util/dict.c
util/dict_db.c util/dict_dbm.c global/mkmap.c local/alias.c.
20020313
Bugfix: mailq could show addresses with unusual characters
twice. Problem reported by Victor Duchovny, Morgan Stanley.
File: showq/showq.c.
Bugfix: null recipients weren't properly recorded in
bounce/defer logfiles. Such recipient addresses are not
accepted in SMTP mail, but they could appear within locally
submitted mail. File: bounce/bounce_append_service.c.
Workaround: exempt processes running with the real userid
of root from safe_getenv() restrictions. The super-user
is supposed to know what she is doing.
20020318
Workaround: Berkeley DB can't handle null key lookups,
which happen with HELO names ending in ".". Victor Duchovni,
Morgan Stanley. File: smtpd/smtpd_check.c.
Logging: log a hint when mail is deferred because the
soft_bounce parameter is set. People sometimes forget to
turn it off. File: global/bounce.c.
20020319
Cleanup: add a msg_warn() call when fork() fails in
pipe_command(), to make problems easier to investigate.
Chris Wedgwood. File: global/pipe_command.c.
20020320
Feature: smtp_helo_name parameter to specify the hostname
or [ip.address] in HELO or EHLO commands. Files: smtp/smtp.c
smtp/smtp_proto.c.
20020324
Cleanup: more graceful handling of long physical message
header lines upon input. Physical header lines can now
extend up to $header_size_limit characters. When a logical
message header is too long, the excess text is discarded
and Postfix no longer switches to body mode, to avoid
breaking MIME encapsulation. Based on code by Victor
Duchovni, Morgan Stanley. Files: cleanup/cleanup_out.c,
cleanup/cleanup_message.c.
Cleanup: more graceful handling of long physical message
header or body lines upon output by the SMTP client. The
SMTP client output line length is controlled by a new
parameter smtp_line_length_limit (default: 990; specify 0
to disable the limit). Long lines are folded by inserting
<CR> <LF> <SPACE>, to avoid breaking MIME encapsulation.
Based on code by Victor Duchovni, Morgan Stanley. File:
smtp/smtp_proto.c.
20020325
Cleanup: allow additional text after a WARN command in a
header/body_checks pattern file, so that one can change
REJECT+text into WARN+text and vice versa. Based on code
by Fredrik Thulin, Stockholm University.
Cleanup: log a warning when an unknown command is found in
a header/body_checks pattern file, or when additional text
is found after a command that does not expect additional
text. Based on code by Fredrik Thulin, Stockholm University.
Bugfix: sendmail should not recognize "." as the end of
input when the current read operation started in the middle
of a line. Victor Duchovni, Morgan Stanley. File:
sendmail/sendmail.c.
20020328
Portability fix for OPENSTEP and NEXTSTEP by Gerben Wierda.
File: util/sys_defs.h.
20020329
Bugfix: defer_transports broke because the flush server
triggered mail delivery (as if ETRN was sent) while doing
some internal housekeeping of per-destination logfiles.
Problem experienced by LaMont Jones, HP. File: flush/flush.c.
Bugfix: virtual mapping broke for addresses with embedded
whitespace. Fix by Victor Duchovni, Morgan Stanley. File:
cleanup/cleanup_map1n.c.
Feature: configurable service name for the cleanup service.
Files: global/mail_params.[hc].
Feature: SASL version 2 support by Jason Hoos.
Open problems:
Low: sendmail does not store null command-line recipients.
Low: have a configurable list of errno values for mailbox
or maildir delivery that result in deferral rather than
bouncing mail.
Low: don't do user@domain and @domain lookups in
local_recipient_maps queries.

19
postfix/INSTALL
View File

@ -84,7 +84,7 @@ If your system is supported, it is one of
OpenBSD 2.x
Reliant UNIX 5.x
Rhapsody 5.x
SunOS 4.1.x
SunOS 4.1.x (with Postfix 1.1.0)
SunOS 5.4..5.8 (Solaris 2.4..8)
Ultrix 4.x (well, that was long ago)
@ -222,6 +222,11 @@ In order to install or upgrade Postfix:
NB: this group was optional with older Postfix releases; it is
now required.
- Optional: If you want to install symbol-stripped (non-debug) versions
of the Postfix programs and daemons, do:
% strip bin/* libexec/*
- Run one of the following commands as the super-user:
# make install (interactive version, first time install)
@ -276,10 +281,6 @@ and watch your syslog file for any error messages.
Typical logfile names are: /var/log/maillog or /var/log/syslog.
See /etc/syslog.conf for actual logfile names.
When it is run for the first time, the Postfix startup shell script
will create a bunch of subdirectories below the Postfix spool
directory.
In order to inspect the mail queue, use
% sendmail -bp
@ -322,10 +323,6 @@ and watch your syslog file for any error messages.
Typical logfile names are: /var/log/maillog or /var/log/syslog.
See /etc/syslog.conf for actual logfile names.
When it is run for the first time, the Postfix startup shell script
will create a bunch of subdirectories below the Postfix spool
directory.
In order to inspect the mail queue, use
% sendmail -bp
@ -360,10 +357,6 @@ and watch the syslog file for any complaints from the mail system.
Typical logfile names are: /var/log/maillog or /var/log/syslog.
See /etc/syslog.conf for actual logfile names.
When it is run for the first time, the Postfix startup shell script
will create a bunch of subdirectories below the Postfix spool
directory.
See also the "Care and feeding" section 13 below.
10 - Mandatory configuration file edits

8
postfix/Makefile.in
View File

@ -47,14 +47,6 @@ depend_update:
|| exit 1; \
done
cleanmakefiles:
set -e; for i in $(DIRS); do \
(set -e; echo "[$$i]"; cd $$i; rm -f Makefile; \
../cleanup_makefile.pl Makefile.in >Makefile.new; \
rm Makefile.in ; mv Makefile.new Makefile.in); \
done;
rm -f Makefile; (set -e; sh makedefs && cat Makefile.in) >Makefile
tidy: clean
rm -f Makefile */Makefile src/*/Makefile
cp Makefile.init Makefile

25
postfix/README_FILES/DB_README
View File

@ -24,11 +24,17 @@ use something like:
The exact pathnames depend on the DB version that you installed.
For example, Berkeley DB version 2 installs in /usr/local/BerkeleyDB.
Beware, the file format produced by Berkeley DB version 1 is not
Warning: the file format produced by Berkeley DB version 1 is not
compatible with that of versions 2 and 3 (versions 2 and 3 have
the same format). If you switch between DB versions, then you may
have to rebuild all your Postfix DB files.
Warning: if you use Berkeley DB version 2 or later, do not enable
DB 1.85 compatibility mode. Doing so would break fcntl file locking.
Warning: if you use PERL to manipulate Postfix .db files, then you
need to use the same Berkeley DB version in PERL as in Postfix.
Building Postfix on BSD systems with a specific Berkeley DB version
===================================================================
@ -43,15 +49,16 @@ variant of the following commands:
% make makefiles CCARGS=-I/usr/include/db2 AUXLIBS=-ldb2
% make
Beware, the file format produced by Berkeley DB version 1 is not
Warning: the file format produced by Berkeley DB version 1 is not
compatible with that of versions 2 and 3 (versions 2 and 3 have
the same format). If you switch between DB versions, then you may
have to rebuild all your Postfix DB files.
Warning: if you use Berkeley DB version 2 or later, do not enable
DB 1.85 compatibility mode. Doing so would break file locking on
Solaris, HP-UX, UNIXWARE, IRIX and other systems, causing mail to
be lost when you update a table while Postfix is running.
DB 1.85 compatibility mode. Doing so would break fcntl file locking.
Warning: if you use PERL to manipulate Postfix .db files, then you
need to use the same Berkeley DB version in PERL as in Postfix.
Building Postfix on Linux with a specific Berkeley DB version
=============================================================
@ -67,7 +74,13 @@ The reason is that the location of the default db.h include file
changes randomly between vendors and between versions, so that
Postfix has to choose the file for you.
Beware, the file format produced by Berkeley DB version 1 is not
Warning: the file format produced by Berkeley DB version 1 is not
compatible with that of versions 2 and 3 (versions 2 and 3 have
the same format). If you switch between DB versions, then you may
have to rebuild all your Postfix DB files.
Warning: if you use Berkeley DB version 2 or later, do not enable
DB 1.85 compatibility mode. Doing so would break fcntl file locking.
Warning: if you use PERL to manipulate Postfix .db files, then you
need to use the same Berkeley DB version in PERL as in Postfix.

22
postfix/README_FILES/FILTER_README
View File

@ -51,7 +51,7 @@ The /some/where/filter program can be a simple shell script like this:
exit $?
The idea is to first capture the message to file and then run the
content through run a third-party content filter program. If the
content through a third-party content filter program. If the
mail cannot be captured to file, mail delivery is deferred by
terminating with exit status 75 (EX_TEMPFAIL). If the content
filter program finds a problem, the mail is bounced by terminating
@ -211,11 +211,19 @@ a dedicated listener on port localhost 10026:
/etc/postfix/master.cf:
localhost:10026 inet n - n - 10 smtpd
-o content_filter= -o myhostname=localhost.domain.name
-o content_filter=
-o local_recipient_maps=
-o myhostname=localhost.domain.name
This is just another SMTP server. It is configured NOT to request
content filtering for incoming mail, has the same process limit
as the filter master.cf entry, and is configured to use a different
hostname in the greeting message (this is necessary for testing
when I simply use no filtering program and let the SMTP content
filtering interfaces talk directly to each other).
content filtering for incoming mail. The server has the same process
limit as the filter master.cf entry.
The "-o local_recipient_maps=" is a safety in case you have specified
local_recipient_maps in the main.cf file. That setting could
interfere with content filtering.
The SMTP server is configured to use a different hostname in the
greeting message (this is necessary for testing when I simply use
no filtering program and let the SMTP content filtering interfaces
talk directly to each other).

504
postfix/README_FILES/INSTALL Normal file
View File

@ -0,0 +1,504 @@
1 - Purpose of this document
============================
This document describes how to build, install and configure a
Postfix system so that it can do one of the following:
- Send mail only, without changing an existing sendmail
installation.
- Send and receive mail via a virtual host interface, still
without any change to an existing sendmail installation.
- Replace sendmail altogether.
2 - Typographical conventions
=============================
In the instructions below, a command written as
# command
should be executed as the superuser.
A command written as
% command
should be executed as an unprivileged user.
3 - Documentation
=================
Documentation is available as HTML web pages (point your browser
to html/index.html) and as UNIX-style man pages (point your MANPATH
environment variable to the `man' subdirectory; be sure to use an
absolute path).
The sample configuration files in the `conf' directory have extensive
comments, but they may not describe every nuance of every feature.
Many files have their own built-in manual page. Tools to extract
those embedded manual pages are available in the mantools directory.
4 - Building on a supported system
==================================
If your system is supported, it is one of
AIX 3.2.5
AIX 4.1.x
AIX 4.2.0
BSD/OS 2.x
BSD/OS 3.x
BSD/OS 4.x
Darwin 1.x
FreeBSD 2.x
FreeBSD 3.x
FreeBSD 4.x
FreeBSD 5.x
HP-UX 9.x
HP-UX 10.x
HP-UX 11.x
IRIX 5.x
IRIX 6.x
Linux Debian 1.3.1
Linux Debian 2.x
Linux RedHat 4.x
Linux RedHat 5.x
Linux RedHat 6.x
Linux RedHat 7.x
Linux Slackware 3.x
Linux Slackware 4.x
Linux Slackware 7.x
Linux SuSE 5.x
Linux SuSE 6.x
Linux SuSE 7.x
Mac OS X
NEXTSTEP 3.x
NetBSD 1.x
OPENSTEP 4.x
OSF1.V3 (Digital UNIX)
OSF1.V4 aka Digital UNIX V4
OSF1.V5 aka Digital UNIX V5
OpenBSD 2.x
Reliant UNIX 5.x
Rhapsody 5.x
SunOS 4.1.x (with Postfix 1.1.0)
SunOS 5.4..5.8 (Solaris 2.4..8)
Ultrix 4.x (well, that was long ago)
or something closely resemblant.
On Solaris, the "make" command and other utilities for software
development are in /usr/ccs/bin, so you MUST have /usr/ccs/bin in
your command search path.
If you need to build Postfix for multiple architectures, use the
lndir command to build a shadow tree with symbolic links to the
source files. lndir is part of X11R6.
If at any time in the build process you get messages like: "make:
don't know how to ..." you should be able to recover by running
the following command from the Postfix top-level directory:
% make -f Makefile.init makefiles
If you copied the Postfix source code after building it on another
machine, it is a good idea to cd into the top-level directory and
% make tidy
first. This will get rid of any system dependencies left over from
compiling the software elsewhere.
To build with GCC, or with the native compiler if people told me
that is better for your system, just cd into the top-level Postfix
directory of the source tree and type:
% make
To build with a non-default compiler, you need to specify the name
of the compiler:
% make makefiles CC=/opt/SUNWspro/bin/cc (Solaris)
% make
% make makefiles CC="/opt/ansic/bin/cc -Ae" (HP-UX)
% make
% make makefiles CC="purify cc"
% make
and so on. In some cases, optimization is turned off automatically.
In order to build with non-default settings, for example, with a
configuration directory other than /etc/postfix, use:
% make makefiles CCARGS=-DDEF_CONFIG_DIR=\\\\\\\"/some/where\\\\\\\"
% make
That's seven backslashes :-) But at least this works with sh and csh.
In order to build Postfix for very large applications, where you
expect to run more than 1000 delivery processes, you may need to
override the definition of the FD_SETSIZE macro to make select()
work correctly:
% make makefiles CCARGS=-DFD_SETSIZE=2048
In any case, if the command
% make
produces compiler error messages, it may be time to examine the
FAQ document (see htlm/faq.html).
5 - Porting to on an unsupported system
=======================================
- Each system type is identified by a unique name. Examples:
SUNOS5, FREEBSD4, and so on. Choose a SYSTEMTYPE name for the new
system. You must use a name that includes at least the major version
of the operating system (such as SUNOS4 or LINUX2), so that different
releases of the same system can be supported without confusion.
- Add a case statement to the "makedefs" shell script in the
top-level directory that recognizes the new system reliably, and
that emits the right system-specific information. Be sure to make
the code robust against user PATH settings; if the system offers
multiple UNIX flavors (e.g. BSD and SYSV) be sure to build for the
native flavor, not the emulated one.
- Add an #ifdef SYSTEMTYPE section to the central util/sys_defs.h
include file. You may have to invent new feature macros. Please
choose sensible feature macro names such as HAS_DBM or
FIONREAD_IN_SYS_FILIO_H. I strongly recommend against #ifdef
SYSTEMTYPE dependencies in individual source files. This may seem
to be the quickest solution, but it will create a mess that becomes
increasingly difficult to maintain over time. Moreover, with the
next port you'd have to place #ifdefs all over the source code
again.
6 - Installing the software after successful compilation
========================================================
This text describes how to install Postfix from source code. See
the PACKAGE_README file if you are building a package for distribution
to other systems.
IMPORTANT: if you are REPLACING an existing sendmail installation
with Postfix, you may need to keep the old sendmail program running
for some time in order to flush the mail queue. As superuser,
execute the following commands (your sendmail, newaliases and mailq
programs may be in a different place):
# mv /usr/sbin/sendmail /usr/sbin/sendmail.OFF
# mv /usr/bin/newaliases /usr/bin/newaliases.OFF
# mv /usr/bin/mailq /usr/bin/mailq.OFF
# chmod 755 /usr/sbin/sendmail.OFF /usr/bin/newaliases.OFF \
/usr/bin/mailq.OFF
In order to install or upgrade Postfix:
- Create a user account "postfix" with a user id and group id that
are not used by any other user account. Preferably, this is an
account that no-one can log into. The account does not need an
executable login shell, and needs no existing home directory.
My password file entry looks like this:
postfix:*:12345:12345:postfix:/no/where:/no/shell
- Make sure there is a corresponding alias in /etc/aliases:
postfix: root
- Create a group "postdrop" with a group id that is not used by
any other user account. Not even by the postfix user account.
My group file entry looks like:
postdrop:*:54321:
NB: this group was optional with older Postfix releases; it is
now required.
- Optional: If you want to install symbol-stripped (non-debug) versions
of the Postfix programs and daemons, do:
% strip bin/* libexec/*
- Run one of the following commands as the super-user:
# make install (interactive version, first time install)
# make upgrade (non-interactive version, for upgrades)
The non-interactive version needs the /etc/postfix/main.cf file
from a previous installation. If the file does not exist, use
interactive installation instead.
The interactive version offers suggestions for pathnames that
you can override interactively, and stores your preferences in
/etc/postfix/main.cf for convenient future upgrades.
- Proceed to the section on how you wish to run Postfix on your
particular machine:
- Send mail only, without changing an existing sendmail
installation (section 7).
- Send and receive mail via a virtual host interface, still
without any change to an existing sendmail installation
(section 8).
- Replace sendmail altogether (section 9).
7 - Configuring Postfix to send mail only
=========================================
If you are going to use Postfix to send mail only, there is no need
to change your existing sendmail setup. Instead, set up your mail
user agent so that it calls the Postfix sendmail program directly.
Follow the instructions in the "Mandatory configuration file edits"
in section 10, and review the "To chroot or not to chroot" text in
section 11.
You MUST comment out the `smtp inet' entry in /etc/postfix/master.cf,
in order to avoid conflicts with the real sendmail.
Start the Postfix system:
# postfix start
or, if you feel nostalgic, use the Postfix sendmail command:
# sendmail -bd -qwhatever
and watch your syslog file for any error messages.
% egrep '(reject|warning|error|fatal|panic):' /some/log/file
Typical logfile names are: /var/log/maillog or /var/log/syslog.
See /etc/syslog.conf for actual logfile names.
In order to inspect the mail queue, use
% sendmail -bp
See also the "Care and feeding" section 13 below.
8 - Configuring Postfix to send and receive mail (virtual interface)
====================================================================
Alternatively, you can use the Postfix system to send AND receive
mail while leaving your sendmail setup intact, by running Postfix
on a virtual interface address. Simply configure your mail user
agent to directly invoke the Postfix sendmail program.
The examples/virtual-setup directory gives instructions for setting
up virtual interfaces for a variety of UNIX versions.
In the /etc/postfix/main.cf file, I would specify
myhostname = virtual.host.name
inet_interfaces = $myhostname
mydestination = $myhostname
Follow the instructions in the "Mandatory configuration file edits"
in section 10, and review the "To chroot or not to chroot" text in
section 11.
Start the mail system:
# postfix start
or, if you feel nostalgic, use the Postfix sendmail program:
# sendmail -bd -qwhatever
and watch your syslog file for any error messages.
% egrep '(reject|warning|error|fatal|panic):' /some/log/file
Typical logfile names are: /var/log/maillog or /var/log/syslog.
See /etc/syslog.conf for actual logfile names.
In order to inspect the mail queue, use
% sendmail -bp
See also the "Care and feeding" section 13 below.
9 - Turning off sendmail forever
================================
Prior to installing Postfix you should save the existing sendmail
program files as described in section 6.
Be sure to keep the old sendmail running for at least a couple
days to flush any unsent mail. To do so, stop the sendmail daemon
and restart it as:
# /usr/sbin/sendmail.OFF -q
After you have visited the "Mandatory configuration file edits"
section below, you can start the Postfix system with
# postfix start
But the good old sendmail way works just as well:
# sendmail -bd -qwhatever
and watch the syslog file for any complaints from the mail system.
% egrep '(reject|warning|error|fatal|panic):' /some/log/file
Typical logfile names are: /var/log/maillog or /var/log/syslog.
See /etc/syslog.conf for actual logfile names.
See also the "Care and feeding" section 13 below.
10 - Mandatory configuration file edits
=======================================
By default, Postfix configuration files are in /etc/postfix, and
must be owned by root. Giving someone else write permission to
main.cf or master.cf means giving root privileges to that person.
Whenever you make a change to a config file, execute the following
command in order to refresh a running mail system:
# postfix reload
In /etc/postfix/main.cf you will have to set up a minimal number of
configuration parameters. Postfix configuration parameters
resemble shell variables. You specify a variable as
parameter = value
and you use it by putting a $ in front of its name:
other_parameter = $parameter
You can use $parameter before it is given a value. The Postfix
configuration language uses lazy evaluation, and does not look at
a parameter value until it is needed at runtime.
First of all, you must specify what domain will be appended to an
unqualified address (i.e. an address without @domain.name). The
"myorigin" parameter defaults to the local hostname, but that is
probably OK only for very small sites.
Some examples:
myorigin = $myhostname
myorigin = $mydomain
In the first case, local mail goes out as user@$myhostname, in
the second case the sender address is user@$mydomain.
Next you need to specify what mail addresses Postfix should deliver
locally.
Some examples:
mydestination = $myhostname, localhost.$mydomain
mydestination = $myhostname, localhost.$mydomain, $mydomain
mydestination = $myhostname
The first example is appropriate for a workstation, the second is
appropriate for the mailserver for an entire domain. The third
example should be used when running on a virtual host interface.
If your machine is on an open network then you must specify what
client IP addresses are authorized to relay their mail through your
machine. The default setting includes all class A, B or C networks
that the machine is attached to. Often, that gives relay permission
to too many clients. My own settings are:
mynetworks = 168.100.189.0/28, 127.0.0.0/8
If you're behind a firewall, you should set up a relayhost. If
you can, specify the organizational domain name so that Postfix
can use DNS lookups, and so that it can fall back to a secondary
MX host when the primary MX host is down. Otherwise just specify
a hard-coded hostname.
Some examples:
relayhost = $mydomain
relayhost = mail.$mydomain
relayhost = [mail.$mydomain]
The form enclosed with [] eliminates DNS MX lookups.
By default, the SMTP client will do DNS lookups for sender and
recipient addresses even when you specify a relay host. If your
machine has no access to a DNS server, turn off SMTP client DNS
lookups like this:
disable_dns_lookups = yes
The FAQ (html/faq.html) has more hints and tips for firewalled
and/or dial-up networks.
Finally, if you haven't used Sendmail prior to using Postfix, you
will have to build the alias database (with: sendmail -bi, or:
newaliases). Be sure to set up aliases for root and postmaster that
forward mail to a real person. Postfix has a sample aliases file
conf/aliases that you can adapt to local conditions.
11 - To chroot or not to chroot
===============================
Postfix can run most daemon processes in a chroot jail, that is,
the processes run at a fixed low privilege and with access only to
the Postfix queue directories (/var/spool/postfix). This provides
a significant barrier against intrusion. The barrier is not
impenetrable, but every little bit helps.
With the exception of the Postfix local delivery and `pipe' daemons,
every Postfix daemon can run chrooted.
Sites with high security requirements should consider to chroot
all daemons that talk to the network: the smtp and smtpd processes,
and perhaps also the lmtp client.
The default /etc/postfix/master.cf file specifies that no Postfix
daemon runs chrooted. In order to enable chroot operation, edit
the file /etc/postfix/master.cf. Instructions are in the file.
Note that a chrooted daemon resolves all filenames relative to the
Postfix queue directory (/var/spool/postfix). For successful use
of a chroot jail, most UNIX systems require you to bring in some
files or device nodes. The examples/chroot-setup directory has a
collection of scripts that help you set up chroot environments for
Postfix systems.
12 - Care and feeding of the Postfix system
===========================================
The Postfix programs log all problems to the syslog daemon. The
names of logfiles are specified in /etc/syslog.conf. Note: the
syslogd will not create files. You must create them ahead of time
before (re)starting syslogd. At the very least you need something
like:
mail.err /dev/console
mail.debug /var/log/maillog
Hopefully, the number of problems will be small, but it is a good
idea to run every night before the syslog files are rotated:
# postfix check
# egrep '(reject|warning|error|fatal|panic):' /some/log/file
Typical logfile names are: /var/log/maillog or /var/log/syslog.
See /etc/syslog.conf for actual logfile names.
The first line (postfix check) causes Postfix to report file
permission/ownership discrepancies.
The second line looks for problem reports from the mail software,
and reports how effective the anti-relay and anti-UCE blocks are.

17
postfix/README_FILES/NFS_README
View File

@ -5,29 +5,24 @@
> or not.
Postfix jumps several hoops in order to deal with NFS-specific
brain damage, however some operations can fail irrecoverably. This
is why Wietse makes no promises about Postfix reliability on NFS.
problems. Thus, Postfix on NFS is slightly less reliable than
Postfix on a local disk. That is not a problem in Postfix; the
problem is in NFS and affects other MTAs as well.
For queue locking, NFS is not an issue because you cannot share
Postfix queues between Postfix instances anyawy.
For mailbox locking, some systems use flock() by default (use:
``postconf mailbox_delivery_lock'' and ``postconf virtual_mailbox_lock''
to find out about your system). flock() does not work over NFS.
This causes loss of mail when multiple hosts access the same
mailboxes.
Postfix queues with other Postfix instances.
In order to have mailbox locking over NFS you have to configure
everything to use fcntl() locks for mailbox access (or switch to
maildir style, which needs no application-level lock controls).
To turn on fcntl locks with Postfix you specify:
To turn on fcntl mailbox locks with Postfix you specify:
virtual_mailbox_lock = fcntl
mailbox_delivery_lock = fcntl
This is useful only if all mailbox access software uses fcntl()
locks. I have no information on how well fcntl() locks work on NFS.
locks.
You can also "play safe" and throw in username.lock files:

25
postfix/README_FILES/PACKAGE_README
View File

@ -22,27 +22,14 @@ top of main.cf that advises the user of the existence of the
sample-xxx files. Without the sample-xxx files, Postfix will be
much more difficult to configure.
Postfix Installation parameter defaults
=======================================
Postfix Installation parameters
===============================
Postfix installation is controlled by a dozen installation parameters.
See the postfix-install and post-install files for details. Built-in
default settings can be changed at compile time with:
% make makefiles CCARGS=whatever
Names of C symbolic constants and their meaning:
DEF_CONFIG_DIR default configuration directory
DEF_QUEUE_DIR default queue directory
DEF_DAEMON_DIR default daemon directory
DEF_COMMAND_DIR default command directory
DEF_SENDMAIL_PATH default Postfix sendmail command
DEF_MAILQ_PATH default Postfix mailq command
DEF_NEWALIAS_PATH default Postfix newaliases command
DEF_MANPAGE_DIR default manual page directory
DEF_SAMPLE_DIR default directory for sample configuration files
DEF_README_DIR default directory for README files
See the postfix-install and post-install files for details. Most
parameters have system-dependent default settings that aren't
configurable at compile time. This will hopefully be rectified in
a later release.
Preparing a pre-built package for distribution to other systems
===============================================================

70
postfix/README_FILES/SASL_README
View File

@ -26,13 +26,22 @@ RedHat 6.1, SASL 1.5.5 insisted on write access to /etc/sasldb.
Note that this seems to be related to the auto_transition switch in
SASL. Note also that the Cyrus SASL documentation says that it is
pointless to enable that if you use "sasldb" for "pwcheck_method".
Later versions of the SASL 1.5.x series should also work.
Postfix+SASL 2.1.1 appears to work on Mandrake Linux 8.1 (pwcheck_method
set to saslauthd or auxprop). Note that the 'auxprop' pwcheck_method
replaces the 'sasldb' method from SASL 1.5.x. Postfix may need
write access to /etc/sasldb2 if you use the auto_transition feature,
or if you use an authentication mechanism such as OTP (one-time
passwords) that needs to update secrets in the database.
Introduction
============
The Postfix SASL support (RFC 2554) was originally implemented by
Till Franke of SuSE Rhein/Main AG. The present code is a trimmed-down
version with only the bare necessities.
version with only the bare necessities. Support for SASL version 2
was contributed by Jason Hoos.
When receiving mail, Postfix logs the client-provided username,
authentication method, and sender address to the maillog file, and
@ -50,21 +59,20 @@ to the server.
Building the SASL library
=========================
Postfix appears to work with cyrus-sasl-1.5.5, which is available
from:
Postfix appears to work with cyrus-sasl-1.5.5 or cyrus-sasl-2.1.1,
which are available from:
ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/
IMPORTANT: if you install the Cyrus SASL libraries as per the default,
you will have to symlink /usr/lib/sasl -> /usr/local/lib/sasl.
IMPORTANT: if you install the Cyrus SASL libraries as per the
default, you will have to symlink /usr/lib/sasl -> /usr/local/lib/sasl
for version 1.5.5 or /usr/lib/sasl2 -> /usr/local/lib/sasl2 for
version 2.1.1.
Reportedly, Microsoft Internet Explorer version 5 requires the
non-standard SASL LOGIN authentication method. To enable this
authentication method, specify ``./configure --enable-login''.
If you install the Cyrus SASL libraries as per the default, you
will have to symlink /usr/lib/sasl -> /usr/local/lib/sasl.
Building Postfix with SASL authentication support
=================================================
@ -74,17 +82,29 @@ and that the Cyrus SASL libraries are in /usr/local/lib.
On some systems this generates the necessary Makefile definitions:
(for SASL version 1.5.5):
% make tidy # if you have left-over files from a previous build
% make makefiles CCARGS="-DUSE_SASL_AUTH -I/usr/local/include" \
AUXLIBS="-L/usr/local/lib -lsasl"
(for SASL version 2.1.1):
% make tidy # if you have left-over files from a previous build
% make makefiles CCARGS="-DUSE_SASL_AUTH -I/usr/local/include/sasl" \
AUXLIBS="-L/usr/local/lib -lsasl2"
On Solaris 2.x you need to specify run-time link information,
otherwise ld.so will not find the SASL shared library:
(for SASL version 1.5.5):
% make tidy # if you have left-over files from a previous build
% make makefiles CCARGS="-DUSE_SASL_AUTH -I/usr/local/include" \
AUXLIBS="-L/usr/local/lib -R/usr/local/lib -lsasl"
(for SASL version 2.1.1):
% make tidy # if you have left-over files from a previous build
% make makefiles CCARGS="-DUSE_SASL_AUTH -I/usr/local/include/sasl" \
AUXLIBS="-L/usr/local/lib -R/usr/local/lib -lsasl2"
Enabling SASL authentication in the Postfix SMTP server
=======================================================
@ -101,23 +121,49 @@ In order to allow mail relaying by authenticated clients:
smtpd_recipient_restrictions =
permit_mynetworks permit_sasl_authenticated ...
In /usr/local/lib/sasl/smtpd.conf you need to specify how the server
should validate client passwords.
In /usr/local/lib/sasl/smtpd.conf (SASL version 1.5.5) or
/usr/local/lib/sasl2/smtpd.conf (SASL version 2.1.1) you need to
specify how the server should validate client passwords.
In order to authenticate against the UNIX password database, try:
(SASL version 1.5.5)
/usr/local/lib/sasl/smtpd.conf:
pwcheck_method: pwcheck
(SASL version 2.1.1)
/usr/local/lib/sasl2/smtpd.conf:
pwcheck_method: pwcheck
The pwcheck daemon is contained in the cyrus-sasl source tarball.
Alternately, in SASL 1.5.27 and later (including 2.1.1), try:
(SASL version 1.5.5)
/usr/local/lib/sasl/smtpd.conf:
pwcheck_method: saslauthd
(SASL version 2.1.1)
/usr/local/lib/sasl2/smtpd.conf:
pwcheck_method: saslauthd
The saslauthd daemon is also contained in the cyrus-sasl source
tarball. It is more flexible than the pwcheck daemon, in that it
can authenticate against PAM and various other sources.
In order to authenticate against SASL's own password database:
(SASL version 1.5.5)
/usr/local/lib/sasl/smtpd.conf:
pwcheck_method: sasldb
This will use the SASL password file (default: /etc/sasldb), which
is maintained with the saslpasswd command (part of the Cyrus SASL
(SASL version 2.1.1)
/usr/local/lib/sasl2/smtpd.conf:
pwcheck_method: auxprop
This will use the SASL password file (default: /etc/sasldb in
version 1.5.5, or /etc/sasldb2 in version 2.1.1), which is maintained
with the saslpasswd or saslpasswd2 command (part of the Cyrus SASL
software). On some poorly-supported systems the saslpasswd command
needs to be run multiple times before it stops complaining. The
Postfix SMTP server needs read access to the sasldb file - you may

37
postfix/README_FILES/VIRTUAL_README
View File

@ -147,24 +147,20 @@ types.
virtual_uid_maps = hash:/etc/postfix/vuid
virtual_gid_maps = hash:/etc/postfix/vgid
# All domains that have final delivery on this machine
# All domains that are listed in $mydestination are delivered
# with $local_transport, which is the virtual delivery agent.
mydestination = $myhostname virtual1.domain virtual2.domain
mydestination =
$myhostname localhost.$mydomain virtual1.domain virtual2.domain
# Reject unknown recipients at the SMTP port
local_recipient_maps = $virtual_mailbox_maps
# Define a virtual delivery agent if the entry doesn't already exist
Define a virtual delivery agent if the entry doesn't already exist:
/etc/postfix/master.cf:
virtual unix - n n - - virtual
# Example recipients, one UNIX-style mailbox, one qmail-style maildir:
Example recipients, one UNIX-style mailbox, one qmail-style maildir:
/etc/postfix/vmailbox:
virtual1.domain dummy to prevent relay access denied errors
virtual2.domain dummy to prevent relay access denied errors
test1@virtual1.domain test1
test2@virtual2.domain test2/
@ -209,33 +205,30 @@ types.
virtual_gid_maps = static:5000
transport_maps = hash:/etc/postfix/transport
# All domains that have final delivery on this machine
# All domains that are delivered by the local delivery agent.
mydestination =
$myhostname $localhost.$mydomain virtual1.domain virtual2.domain
mydestination = $myhostname $localhost.$mydomain
# Reject unknown local and virtual recipients at the SMTP port
# Reject unknown local recipients at the SMTP port.
local_recipient_maps =
unix:passwd.byname $alias_maps $virtual_mailbox_maps
local_recipient_maps = unix:passwd.byname $alias_maps
# Define a virtual delivery agent if the entry doesn't already exist
Define a virtual delivery agent if the entry doesn't already exist:
/etc/postfix/master.cf:
virtual unix - n n - - virtual
# Route specific domains to the virtual delivery agent; by default,
# mail for domains in $mydestination goes to the local delivery agent
Route virtual domains to the virtual delivery agent:
/etc/postfix/transport:
virtual1.domain virtual
virtual2.domain virtual
# Example recipients, one UNIX-style mailbox, one qmail-style maildir:
Example recipients, one UNIX-style mailbox, one qmail-style maildir:
/etc/postfix/vmailbox:
virtual1.domain dummy to prevent relay access denied errors
virtual2.domain dummy to prevent relay access denied errors
virtual1.domain required to prevent relay access denied errors
virtual2.domain required to prevent relay access denied errors
test1@virtual1.domain test1
test2@virtual2.domain test2/

1468
postfix/RELEASE_NOTES
View File

File diff suppressed because it is too large Load Diff

160
postfix/TODO
View File

@ -1,160 +0,0 @@
one queue per rcpt hurts when delivering to agents that don't
get stuck on shell commands or mailbox locks
xxx: bounced as yyy (bounced mail); xxx forwarded as zzz (mail
expanded via :include:).
postconf -f filename
get rid of the relocated feature - perhaps better to bounce recipients
at the SMTP port.
make sendmail/smtpd/cleanup output directory/fifo configurable
if postdrop scrutinizes input, skip the overhead in the pickup
daemon.
add a threshold to sendmail etc. stderr logging, so that class
"info" messages don't go to stderr.
implement an UCE control to accept mail if the sender domain sender
lists us as MX host (rafal wiosna). By the same token, implement
a control to accept mail when the client hostname/parent domain
lists us as their MX host.
received: headers should be generated by the cleanup daemon, and
client attributes ("with", "from", etc.) should be passed along
with the message. This guarantees that forwarded/aliased mail gets
stamped with the queue ID.
toss double-bounce mail even when mail for the local machine is
redirected to another box. See mail_addr_double_bounce().
remote showq access (cookie in maildrop or print some text to inform
the user)
defer: explain mail was bounced after N days
multiple rewrite processes?
gethostbyaddr() uses native name services, which can be slow.
can we detect a client that ignores error responses?
way to block inbound mail based on recipient suffix?
can Postfix implement one switchboard instead of having all these
little lookup tables?
make canonical/virtual/etc. table lookup order configurable
pass on client etc/ attributes along with message to delivery agent
scrutinize file opens in delivery agents just like in qmgr (better:
open the file and see if someone compromised the vmailer account
and is racing against us).
suspend/resume signals + master status (suspended/running) in PID
file. Maybe use FIFO instead. But, that means requests do not
arrive when the master is stuck.
postedit queue-id command...
more flexible mail queue list command
multiple queues may make ETRN processing less painful because there
is less delayed mail to plow through.
qmgr: configurable incoming/deferred mixing ratio so we can prioritize
new mail over old mail
Replace [my.own.ip.addr] by domain name so that delivered-to has
the desired effect.
Received: header and bounce text will be configurable with ${name}
macros. This requires that everything must cope with newlines in
config parameters (including the SMTP greeting bannner, yuck).
Pass along the client hostname/posting user with queue files, to
be logged by the queue manager.
showq: don't use mail_open_ok() - it assumes coordinated queue
access.
trivial-rewrite: optionally, use DNS to fully qualify hostnames.
pickup/cleanup/qmgr/local: add options record to control internal
features such as canonical/virtual mapping, VERPs etcetera.
Add hook for (domain, user database) support. This is needed if
you have lots of real domains and can't afford a separate master.cf
delivery agent entry for each domain.
Add support for DBZ databases, using the code from INN. Reportedly,
GDB handles large numbers of keys poorly.
Change the front-end to cleanup protocol so that the front-end
sends the expected message size, and so that the cleanup service
can report if there is enough space. This is useful only for the
SMTP server, because pickup can't produce bounce requests: the
bounce service can't read the maildrop file.
On systems with functional UNIX-domain sockets, use that instead
of FIFOs to trigger the pickup and qmgr services. This allows for
some coupling between front-end programs and queue manager, so that
a burst of inbound mail does not lock out the queue manager from
accessing the queue, causing outbound delivery to stop.
There is a need to run `master' services outside the "master"
environment, either for testing (new config files) or for production.
For consistency reasons, programs file names should be taken from
the master.cf file.
- The showq service. Used by the super user when the mail system
is down.
- The smtpd service for "sendmail -bs" emulation. Used by some
mail posting agents. Output to the maildrop, so that messages
can be posted even when the mail system is down.
- The rewrite engine for "sendmail -bt" emulation, for off-line
testing of configuration files. Requires a method to override
the location of the rewriting rules file. Or, perhaps there
should be an official place (/etc/vmailer/testbed?) for playing
with config files.
postfix-script: detect and/or build missing alias database. In
order to do this we must extract the alias_maps parameter from the
main.cf file, and create any missing files with the right ownerships.
implement the return-receipt-to notification service.
bounce/defer: provide attribute-value interface, for better logging
(expanded-from etc.) and non-delivery reports.
Maintain per-client short-term host status, so we can slow down
unreasonable clients
Make archiving delivered mail a REAL option (queue manager). What
about one archive per day. The magic could be put into the mail
queue name routines. Just make it aware of the date.
Will the mail system be faster when we avoid moving new messages
incoming->active? How would one detect the arrival of new files?
pickup: pass file descriptor to cleanup instead of copying data.
This violates the principle that all front-end programs protect
the mail system against unreasonably-long inputs.
True ETRN means kick the host out of the queue manager's "dead
hosts" table & move mail from the "hold" queue for that site to
the incoming queue.
postfix-script: make sure that each queue file matches its file id
or we might lose mail.
postfix-script: do database fixups as the unprivileged user
Maintain a pool of pre-allocated queue files, to eliminate file
creation and deletion overhead.

20
postfix/conf/access
View File

@ -1,4 +1,3 @@
#
# ACCESS(5) ACCESS(5)
#
# NAME
@ -68,11 +67,12 @@
# user@ Matches all mail addresses with the specified user
# part.
#
# Note: lookup of the null sender address may not be possi-
# ble with all supported types of lookup table. A workaround
# is to specify smtpd_null_access_lookup_key = <> in the
# Postfix main.cf file, and to specify <> as the left-hand
# field in the access table.
# Note: lookup of the null sender address is not possible
# with some types of lookup table. By default, Postfix uses
# <> as the lookup key for such addresses. The value is
# specified with the workaround is to specify
# smtpd_null_access_lookup_key parameter in the Postfix
# main.cf file.
#
# ADDRESS EXTENSION
# When a mail address localpart contains the optional recip-
@ -115,6 +115,11 @@
#
# OK Accept the address etc. that matches the pattern.
#
# all-numerical
# An all-numerical result is treated as OK. This for-
# mat is generated by address-based relay authoriza-
# tion schemes.
#
# restriction...
# Apply the named UCE restriction(s) (permit, reject,
# reject_unauth_destination, and so on).
@ -161,5 +166,4 @@
# P.O. Box 704
# Yorktown Heights, NY 10598, USA
#
# 1
#
# ACCESS(5)

4
postfix/conf/aliases
View File

@ -1,4 +1,8 @@
#
# Sample aliases file. Install in the location as specified by the
# output from the command "postconf alias_maps". Typical path names
# are /etc/aliases or /etc/mail/aliases.
#
# >>>>>>>>>> The program "newaliases" must be run after
# >> NOTE >> this file is updated for any changes to
# >>>>>>>>>> show through to Postfix.

19
postfix/conf/main.cf
View File

@ -225,9 +225,10 @@ mail_owner = postfix
# REJECTING UNKNOWN LOCAL USERS
#
# The local_recipient_maps parameter specifies optional lookup tables
# with all users that are local with respect to $mydestination and
# $inet_interfaces. If this parameter is defined, then the SMTP server
# will reject mail for unknown local users.
# with all names (not addresses) of users that are local with respect
# to $mydestination and $inet_interfaces. If this parameter is
# defined, then the SMTP server will reject mail for unknown local
# users.
#
# If you use the default Postfix local delivery agent for local
# delivery, uncomment the definition below.
@ -238,15 +239,12 @@ mail_owner = postfix
#
#local_recipient_maps = $alias_maps unix:passwd.byname
# If you use both the Postfix local and virtual delivery agents, specify:
#
#local_recipient_maps = $alias_maps unix:passwd.byname $virtual_mailbox_maps
# INPUT RATE CONTROL
#
# The in_flow_delay configuration parameter implements mail input
# flow control. This feature is turned off by default because it
# needs further development.
# flow control. This feature is turned on by default, although it
# still needs further development (it's disabled on SCO UNIX due
# to an SCO bug).
#
# A Postfix process will pause for $in_flow_delay seconds before
# accepting a new message, when the message arrival rate exceeds the
@ -256,7 +254,7 @@ mail_owner = postfix
#
# Specify 0 to disable the feature. Valid delays are 0..10.
#
#in_flow_delay = 1
#in_flow_delay = 1s
# ADDRESS REWRITING
#
@ -419,6 +417,7 @@ mail_owner = postfix
# REJECT text.... The text is sent to the originator.
# IGNORE the header line is silently discarded.
# WARN the header is logged (not rejected) with a warning message.
# WARN text... as above, and the text is logged, too.
#
# These patterns do not apply to MIME headers in the message body.
#

6
postfix/conf/master.cf
View File

@ -24,9 +24,9 @@
# Chroot: whether or not the service runs chrooted to the mail queue
# directory (pathname is controlled by the queue_directory configuration
# variable in the main.cf file). Presently, all Postfix daemons can run
# chrooted, except for the pipe and local daemons. The files in the
# examples/chroot-setup subdirectory describe how to set up a Postfix
# chroot environment for your type of machine.
# chrooted, except for the pipe, virtual and local delivery daemons.
# The files in the examples/chroot-setup subdirectory describe how
# to set up a Postfix chroot environment for your type of machine.
#
# Wakeup time: automatically wake up the named service after the
# specified number of seconds. A ? at the end of the wakeup time

15
postfix/conf/post-install
View File

@ -234,6 +234,12 @@ else
POSTCONF="postconf"
fi
$POSTCONF -d mail_version >/dev/null 2>/dev/null || {
echo $0: Error: no $POSTCONF command found. 1>&2
echo Re-run this command as $0 command_directory=/some/where. 1>&2
exit 1
}
test -n "$config_directory" ||
config_directory=`$POSTCONF -d -h config_directory` || exit 1
@ -304,12 +310,12 @@ test -f $config_directory/main.cf && {
case $manpage_directory in
no) echo $0: Error: manpage_directory no longer accepts \"no\" values. 1>&2
echo Try again with \"$0 manpage_directory=/pathname $*\". 1>&2; exit 1;;
echo Try again with \"$0 manpage_directory=/pathname ...\". 1>&2; exit 1;;
esac
case $setgid_group in
no) echo $0: Error: setgid_group no longer accepts \"no\" values. 1>&2
echo Try again with \"$0 setgid_group=groupname $*\" 1>&2; exit 1;;
echo Try again with \"$0 setgid_group=groupname ...\" 1>&2; exit 1;;
esac
for path in "$daemon_directory" "$command_directory" "$queue_directory" \
@ -426,6 +432,7 @@ test -n "$create" && {
# Pick up the flags.
case $flags in *u*) upgrade_flag=1;; *) upgrade_flag=;; esac
case $flags in *c*) create_flag=1;; *) create_flag=;; esac
case $flags in *r*) recursive="-R";; *) recursive=;; esac
# Create missing directories with proper owner/group/mode settings.
if [ -n "$create" -a "$type" = "d" -a -n "$create_flag" -a ! -d "$path" ]
then
@ -442,8 +449,8 @@ test -n "$create" && {
set_permission=1
fi
test -n "$set_permission" && {
chown $owner $path || exit 1
test -z "$group" || chgrp $group $path || exit 1
chown $recursive $owner $path || exit 1
test -z "$group" || chgrp $recursive $group $path || exit 1
chmod $mode $path || exit 1
}
done

26
postfix/conf/postfix-files
View File

@ -29,24 +29,27 @@
# p=preserve existing file, do not replace (postfix-install).
# u=update owner/group/mode (post-install upgrade-permissions).
# c=create missing directory (post-install create-missing).
# r=apply owner/group recursively (post-install set/upgrade-permissions).
#
# Note: the "u" flag is for upgrading the permissions of existing files
# or directories after changes in Postfix architecture.
# or directories after changes in Postfix architecture. For robustness
# it is a good idea to "u" all the files that have special ownership or
# permissions, so that running "make install" fixes any glitches.
#
$config_directory:d:root:-:755:u
$daemon_directory:d:root:-:755:u
$queue_directory:d:root:-:755:uc
$sample_directory:d:root:-:755
$readme_directory:d:root:-:755
$queue_directory/active:d:$mail_owner:-:700:uc
$queue_directory/bounce:d:$mail_owner:-:700:uc
$queue_directory/corrupt:d:$mail_owner:-:700:uc
$queue_directory/defer:d:$mail_owner:-:700:uc
$queue_directory/deferred:d:$mail_owner:-:700:uc
$queue_directory/flush:d:$mail_owner:-:700:uc
$queue_directory/incoming:d:$mail_owner:-:700:uc
$queue_directory/active:d:$mail_owner:-:700:ucr
$queue_directory/bounce:d:$mail_owner:-:700:ucr
$queue_directory/corrupt:d:$mail_owner:-:700:ucr
$queue_directory/defer:d:$mail_owner:-:700:ucr
$queue_directory/deferred:d:$mail_owner:-:700:ucr
$queue_directory/flush:d:$mail_owner:-:700:ucr
$queue_directory/incoming:d:$mail_owner:-:700:ucr
$queue_directory/private:d:$mail_owner:-:700:uc
$queue_directory/saved:d:$mail_owner:-:700:uc
$queue_directory/saved:d:$mail_owner:-:700:ucr
$queue_directory/maildrop:d:$mail_owner:$setgid_group:730:uc
$queue_directory/public:d:$mail_owner:$setgid_group:710:uc
$queue_directory/pid:d:root:-:755:uc
@ -77,8 +80,8 @@ $command_directory/postlock:f:root:-:755
$command_directory/postlog:f:root:-:755
$command_directory/postmap:f:root:-:755
$command_directory/postsuper:f:root:-:755
$command_directory/postdrop:f:root:$setgid_group:2755
$command_directory/postqueue:f:root:$setgid_group:2755
$command_directory/postdrop:f:root:$setgid_group:2755:u
$command_directory/postqueue:f:root:$setgid_group:2755:u
$sendmail_path:f:root:-:755
$newaliases_path:l:root:-:755
$mailq_path:l:root:-:755
@ -168,6 +171,7 @@ $readme_directory/DB_README:f:root:-:644
$readme_directory/DEBUG_README:f:root:-:644
$readme_directory/ETRN_README:f:root:-:644
$readme_directory/FILTER_README:f:root:-:644
$readme_directory/INSTALL:f:root:-:644
$readme_directory/LDAP_README:f:root:-:644
$readme_directory/LINUX_README:f:root:-:644
$readme_directory/LMTP_README:f:root:-:644

27
postfix/conf/postfix-script
View File

@ -174,6 +174,15 @@ check)
! \( -type p -o -type s \) ! -user $mail_owner \
-exec $WARN not owned by $mail_owner: {} \;
find $queue_directory/public $queue_directory/maildrop \
$command_directory/postqueue $command_directory/postdrop \
-prune ! -group $setgid_group \
-exec $WARN not owned by group $setgid_group: {} \;
find $command_directory/postqueue $command_directory/postdrop \
-prune ! -perm -02111 \
-exec $WARN not set-gid: {} \;
for name in `ls -d $queue_directory/* | \
egrep '/(bin|etc|lib|usr)$'` ; \
do \
@ -181,11 +190,11 @@ check)
-exec $WARN not owned by root: {} \; ; \
done
for dir in $queue_directory/maildrop
do
ls -lLd $dir | (grep " $mail_owner " >/dev/null ||
$WARN not owned by $mail_owner: $dir)
done
# WARNING: this should not descend into the maildrop directory.
# maildrop is the least trusted Postfix directory.
find $queue_directory/maildrop/. -prune ! -user $mail_owner \
-exec $WARN not owned by $mail_owner: $queue_directory/maildrop \;
for dir in bin etc lib sbin usr
do
@ -212,6 +221,14 @@ check)
find corrupt -type f -exec $WARN damaged message: {} \;
# XXX also: look for weird stuff, weird permissions, etc.
test -f /usr/sbin/sendmail -a -f /usr/lib/sendmail && {
cmp -s /usr/sbin/sendmail /usr/lib/sendmail || {
$WARN /usr/lib/sendmail and /usr/sbin/sendmail differ
$WARN Replace one by a symbolic link to the other
}
}
exit 0
;;
*)

11
postfix/conf/sample-auth.cf
View File

@ -23,7 +23,8 @@
#
# In order to enable server-side authentication, build Postfix with
# SASL support, and install a configuration file /usr/lib/sasl/smtpd.conf
# with as contents, for example,
# (SASL version 1) or /usr/lib/sasl2/smtpd.conf (SASL version 2) with
# as contents, for example,
#
# pwcheck_method: sasldb
#
@ -51,6 +52,10 @@ smtpd_sasl_auth_enable = no
# nodictionary: disallow methods subject to passive (dictionary) attack
# noanonymous: disallow methods that allow anonymous authentication
#
# An additional option is available in SASL version 2:
#
# mutual_auth: only allow methods that provide mutual authentication
#
# By default, the Postfix SMTP server accepts plaintext passwords but
# not anonymous logins.
#
@ -104,6 +109,10 @@ smtp_sasl_password_maps = hash:/etc/postfix/saslpass
# nodictionary: disallow methods subject to passive (dictionary) attack
# noanonymous: disallow methods that allow anonymous authentication
#
# An additional option is available in SASL version 2:
#
# mutual_auth: only allow methods that provide mutual authentication
#
# By default, the Postfix SMTP client will not use plaintext passwords.
#
#smtp_sasl_security_options =

2
postfix/conf/sample-filter.cf
View File

@ -15,6 +15,7 @@
# REJECT text.... The text is sent to the originator.
# IGNORE the header line is silently discarded.
# WARN the header is logged (not rejected) with a warning message.
# WARN text... as above, and the text is logged, too.
#
# These patterns do not apply to MIME headers in the message body.
#
@ -34,5 +35,6 @@ header_checks = regexp:/etc/postfix/header_checks
# REJECT text.... The text is sent to the originator.
# IGNORE the body line is silently discarded.
# WARN the body line is logged (not rejected) with a warning message.
# WARN text... as above, and the text is logged, too.
#
body_checks = regexp:/etc/postfix/body_checks

2
postfix/conf/sample-local.cf
View File

@ -137,7 +137,7 @@ home_mailbox =
# The mail_spool_directory parameter specifies the directory where
# UNIX-style mailboxes are kept. The default setting depends on the
# system type.
# system type. Specify a name ending in / for maildir-style delivery.
#
#mail_spool_directory = /var/mail
#mail_spool_directory = /var/spool/mail

1
postfix/conf/sample-pcre-body.cf
View File

@ -25,6 +25,7 @@
# REJECT text.... The text is sent to the originator.
# IGNORE The line is silently discarded.
# WARN The line is logged (not rejected) with a warning.
# WARN text.... As above, and the text is logged, too.
#
# Substitution of sub-strings from the matched expression is
# possible using the conventional perl syntax. The macros in the

1
postfix/conf/sample-pcre-header.cf
View File

@ -25,6 +25,7 @@
# REJECT text.... The text is sent to the originator.
# IGNORE The header line is silently discarded.
# WARN The header is logged (not rejected) with a warning.
# WARN text.... As above, and the text is logged, too.
#
# Substitution of sub-strings from the matched expression is
# possible using the conventional perl syntax. The macros in the

1
postfix/conf/sample-regexp-body.cf
View File

@ -21,3 +21,4 @@
# REJECT text.... The text is sent to the originator.
# IGNORE The header line is silently discarded.
# WARN The header is logged (not rejected) with a warning.
# WARN text.... As above, and the text is logged, too.

1
postfix/conf/sample-regexp-header.cf
View File

@ -22,6 +22,7 @@
# REJECT text.... The text is sent to the originator.
# IGNORE the header line is silently discarded.
# WARN the header is logged (not rejected) with a warning.
# WARN text... As above, and the text is logged, too.
/^Subject: Make Money Fast/ REJECT
/^To: friend@public.com/ REJECT

22
postfix/conf/sample-smtp.cf
View File

@ -65,13 +65,25 @@ smtp_never_send_ehlo = no
#
#smtp_bind_address=111.222.333.444
# The smtp_break_lines parameter controls whether the SMTP client
# will break lines longer than $line_length_limit characters.
# The smtp_line_length_limit parameter controls the length of
# message header and body lines that Postfix will send via SMTP.
# Lines that are longer are broken by inserting <CR> <LF> <SPACE>.
#
# By default, line breaking is turned on, because some fragile SMTP
# server implementations cannot receive mail with long lines.
# By default, the line length is limited to 990 characters, because
# some server implementations cannot receive mail with long lines.
#
#smtp_break_lines = yes
#smtp_line_length_limit = 990
# The smtp_helo_name parameter specifies the hostname to send along
# in the EHLO or HELO command.
#
# The default value is the machine hostname. Specify a hostname or
# [ip.address]. This can be used in the main.cf file, or in the
# master.cf file, for example:
#
# smtp ... smtp -o smtp_helo_name=foo.bar.com
#
#smtp_helo_name = $myhostname
# The smtp_skip_4xx_greeting parameter controls what happens when
# an SMTP server greets us with a 4XX status code (go away, try

16
postfix/conf/sample-smtpd.cf
View File

@ -440,7 +440,7 @@ relay_domains = $mydestination
# The access_map_reject_code parameter specifies the SMTP server
# response code when a client violates an access map restriction.
#
# Do not change this unless you have a complete understanding of RFC 822.
# Do not change this unless you have a complete understanding of RFC 821.
#
access_map_reject_code = 550
@ -448,28 +448,28 @@ access_map_reject_code = 550
# response when a client violates the reject_invalid_hostname anti-UCE
# restriction.
#
# Do not change this unless you have a complete understanding of RFC 822.
# Do not change this unless you have a complete understanding of RFC 821.
#
invalid_hostname_reject_code = 501
# The maps_rbl_reject_code parameter specifies the SMTP server response
# when a client violates the maps_rbl_domains restriction.
#
# Do not change this unless you have a complete understanding of RFC 822.
# Do not change this unless you have a complete understanding of RFC 821.
#
maps_rbl_reject_code = 550
# The reject_code parameter specifies the SMTP server response code
# when an SMTP client matches a reject restriction.
#
# Do not change this unless you have a complete understanding of RFC 822.
# Do not change this unless you have a complete understanding of RFC 821.
#
reject_code = 550
# The relay_domains_reject_code parameter specifies the SMTP server
# response when a client attempts to violate the mail relay policy.
#
# Do not change this unless you have a complete understanding of RFC 822.
# Do not change this unless you have a complete understanding of RFC 821.
#
relay_domains_reject_code = 550
@ -477,7 +477,7 @@ relay_domains_reject_code = 550
# response when a client violates the reject_unknown_sender_domain
# or reject_unknown_recipient_domain restrictions.
#
# Do not change this unless you have a complete understanding of RFC 822.
# Do not change this unless you have a complete understanding of RFC 821.
#
unknown_address_reject_code = 450
@ -485,7 +485,7 @@ unknown_address_reject_code = 450
# response when a client without address to name mapping violates
# the reject_unknown_clients restriction.
#
# Do not change this unless you have a complete understanding of RFC 822.
# Do not change this unless you have a complete understanding of RFC 821.
#
unknown_client_reject_code = 450
@ -493,6 +493,6 @@ unknown_client_reject_code = 450
# response when a client violates the reject_unknown_hostname
# restriction.
#
# Do not change this unless you have a complete understanding of RFC 822.
# Do not change this unless you have a complete understanding of RFC 821.
#
unknown_hostname_reject_code = 450

2
postfix/conf/transport
View File

@ -148,7 +148,7 @@
# details and for default values. Use the postfix reload
# command after a configuration change.
#
# parent_domain_matches_subdomains (versions >= 20011119)
# parent_domain_matches_subdomains
# List of Postfix features that use domain.name pat-
# terns to match sub.domain.name (as opposed to
# requiring .domain.name patterns).

1
postfix/examples/chroot-setup/LINUX2
View File

@ -39,7 +39,6 @@
# remove /etc/localtime in case it's a broken symlink
# restrict find to maxdepth 1 (faster)
# $Log: LINUX2,v $
# Revision 1.4 2001/01/15 09:36:35 emma
# add note it was successfully tested on Debian sid
#

20
postfix/html/access.5.html
View File

@ -1,5 +1,4 @@
<html> <head> </head> <body> <pre>
ACCESS(5) ACCESS(5)
<b>NAME</b>
@ -69,11 +68,12 @@ ACCESS(5) ACCESS(5)
<i>user</i>@ Matches all mail addresses with the specified user
part.
Note: lookup of the null sender address may not be possi-
ble with all supported types of lookup table. A workaround
is to specify <b>smtpd</b><i>_</i><b>null</b><i>_</i><b>access</b><i>_</i><b>lookup</b><i>_</i><b>key</b> <b>=</b> &lt;&gt; in the
Postfix <b>main.cf</b> file, and to specify &lt;&gt; as the left-hand
field in the access table.
Note: lookup of the null sender address is not possible
with some types of lookup table. By default, Postfix uses
&lt;&gt; as the lookup key for such addresses. The value is
specified with the workaround is to specify
<b>smtpd</b><i>_</i><b>null</b><i>_</i><b>access</b><i>_</i><b>lookup</b><i>_</i><b>key</b> parameter in the Postfix
<b>main.cf</b> file.
<b>ADDRESS</b> <b>EXTENSION</b>
When a mail address localpart contains the optional recip-
@ -116,6 +116,11 @@ ACCESS(5) ACCESS(5)
<b>OK</b> Accept the address etc. that matches the pattern.
<i>all-numerical</i>
An all-numerical result is treated as OK. This for-
mat is generated by address-based relay authoriza-
tion schemes.
<i>restriction...</i>
Apply the named UCE restriction(s) (<b>permit</b>, reject,
<b>reject</b><i>_</i><b>unauth</b><i>_</i><b>destination</b>, and so on).
@ -162,6 +167,5 @@ ACCESS(5) ACCESS(5)
P.O. Box 704
Yorktown Heights, NY 10598, USA
1
ACCESS(5)
</pre> </body> </html>

3
postfix/html/backstage.html
View File

@ -62,8 +62,7 @@ href="mailq.1.html">mailq</a> command.
<li>The <a href="flush.8.html">flush</a> daemon improves the
performance of the SMTP <b>ETRN</b> request, and of its command-line
equivalent, <b>sendmail -qR</b><i>destination</i>, for selected
destinations. For other destinations, Postfix silently falls
back to the equivalent of <b>sendmail -q</b>.
destinations.
<p>

2
postfix/html/flush.8.html
View File

@ -136,7 +136,7 @@ FLUSH(8) FLUSH(8)
updated in this amount of time (default time unit:
days).
<b>parent</b><i>_</i><b>domain</b><i>_</i><b>matches</b><i>_</i><b>subdomains</b> (versions &gt;= 20011119)
<b>parent</b><i>_</i><b>domain</b><i>_</i><b>matches</b><i>_</i><b>subdomains</b>
List of Postfix features that use <i>domain.name</i> pat-
terns to match <i>sub.domain.name</i> (as opposed to
requiring <i>.domain.name</i> patterns).

6
postfix/html/local.8.html
View File

@ -84,7 +84,8 @@ LOCAL(8) LOCAL(8)
The default per-user mailbox is a file in the UNIX mail
spool directory (<b>/var/mail/</b><i>user</i> or <b>/var/spool/mail/</b><i>user</i>);
the location can be specified with the <b>mail</b><i>_</i><b>spool</b><i>_</i><b>direc-</b>
<b>tory</b> configuration parameter.
<b>tory</b> configuration parameter. Specify a name ending in <b>/</b>
for <b>qmail</b>-compatible <b>maildir</b> delivery.
Alternatively, the per-user mailbox can be a file in the
user's home directory with a name specified via the
@ -323,7 +324,8 @@ LOCAL(8) LOCAL(8)
<b>mail</b><i>_</i><b>spool</b><i>_</i><b>directory</b>
Directory with UNIX-style mailboxes. The default
pathname is system dependent.
pathname is system dependent. Specify a path end-
ing in <b>/</b> for maildir-style delivery.
<b>mailbox</b><i>_</i><b>command</b>
External command to use for mailbox delivery. The

4
postfix/html/master.8.html
View File

@ -1,5 +1,4 @@
<html> <head> </head> <body> <pre>
MASTER(8) MASTER(8)
<b>NAME</b>
@ -151,6 +150,5 @@ MASTER(8) MASTER(8)
P.O. Box 704
Yorktown Heights, NY 10598, USA
1
MASTER(8)
</pre> </body> </html>

8
postfix/html/nqmgr.8.html
View File

@ -1,5 +1,4 @@
<html> <head> </head> <body> <pre>
NQMGR(8) NQMGR(8)
<b>NAME</b>
@ -224,7 +223,7 @@ NQMGR(8) NQMGR(8)
<i>transport</i> can have.
<b>Timing</b> <b>controls</b>
<b>min</b><i>_</i><b>backoff</b>
<b>minimal</b><i>_</i><b>backoff</b><i>_</i><b>time</b>
Minimal time in seconds between delivery attempts
of a deferred message.
@ -232,7 +231,7 @@ NQMGR(8) NQMGR(8)
destination is kept in the short-term, in-memory
destination status cache.
<b>max</b><i>_</i><b>backoff</b>
<b>maximal</b><i>_</i><b>backoff</b><i>_</i><b>time</b>
Maximal time in seconds between delivery attempts
of a deferred message.
@ -338,6 +337,5 @@ NQMGR(8) NQMGR(8)
Modra 6
155 00, Prague, Czech Republic
1
NQMGR(8)
</pre> </body> </html>

4
postfix/html/postfix.1.html
View File

@ -1,5 +1,4 @@
<html> <head> </head> <body> <pre>
POSTFIX(1) POSTFIX(1)
<b>NAME</b>
@ -154,6 +153,5 @@ POSTFIX(1) POSTFIX(1)
P.O. Box 704
Yorktown Heights, NY 10598, USA
1
POSTFIX(1)
</pre> </body> </html>

21
postfix/html/postmap.1.html
View File

@ -16,6 +16,10 @@ POSTMAP(1) POSTMAP(1)
<b>makemap</b> <i>file_type</i> <i>file_name</i> &lt; <i>file_name</i>
If the result files do not exist they will be created with
the same group and other read permissions as the source
file.
While the table update is in progress, signal delivery is
postponed, and an exclusive, advisory, lock is placed on
the entire table, in order to avoid surprises in spectator
@ -27,18 +31,13 @@ POSTMAP(1) POSTMAP(1)
<i>key</i> whitespace <i>value</i>
<b>o</b> A line that starts with whitespace (space or tab)
is a continuation of the previous line. An empty
line terminates the previous line, as does a line
that starts with non-whitespace (text or comment).
A comment line that starts with whitespace does not
terminate multi-line text.
<b>o</b> Empty lines and whitespace-only lines are ignored,
as are lines whose first non-whitespace character
is a `#'.
<b>o</b> The <b>#</b> is recognized as the start of a comment, but
only when it is the first non-whitespace character
on a line. A comment terminates at the end of the
line, even when the next line starts with whites-
pace.
<b>o</b> A logical line starts with non-whitespace text. A
line that starts with whitespace continues a logi-
cal line.
The <i>key</i> and <i>value</i> are processed as is, except that sur-
rounding white space is stripped off. Unlike with Postfix

7
postfix/html/postqueue.1.html
View File

@ -1,5 +1,4 @@
<html> <head> </head> <body> <pre>
POSTQUEUE(1) POSTQUEUE(1)
<b>NAME</b>
@ -18,7 +17,8 @@ POSTQUEUE(1) POSTQUEUE(1)
The following options are recognized:
<b>-c</b> The <b>main.cf</b> configuration file is in the named
<b>-c</b> <i>config_dir</i>
The <b>main.cf</b> configuration file is in the named
directory instead of the default configuration
directory. See also the MAIL_CONFIG environment
setting below.
@ -109,6 +109,5 @@ POSTQUEUE(1) POSTQUEUE(1)
P.O. Box 704
Yorktown Heights, NY 10598, USA
1
POSTQUEUE(1)
</pre> </body> </html>

13
postfix/html/postsuper.1.html
View File

@ -21,7 +21,7 @@ POSTSUPER(1) POSTSUPER(1)
Options:
<b>-d</b> <i>queue_id</i> (Postfix versions &gt;= 20010525)
<b>-d</b> <i>queue_id</i>
Delete one message with the named queue ID from the
named mail queue(s) (default: <b>incoming</b>, <b>active</b> and
<b>deferred</b>). If a <i>queue_id</i> of <b>-</b> is specified, the
@ -59,7 +59,7 @@ POSTSUPER(1) POSTSUPER(1)
<b>-p</b> Purge old temporary files that are left over after
system or software crashes.
<b>-r</b> <i>queue_id</i> (Postfix versions &gt;= 20010525)
<b>-r</b> <i>queue_id</i>
Requeue the message with the named queue ID from
the named mail queue(s) (default: <b>incoming</b>, <b>active</b>
and <b>deferred</b>). To requeue multiple messages, spec-
@ -88,11 +88,10 @@ POSTSUPER(1) POSTSUPER(1)
recommended to perform this operation once before
Postfix startup.
<b>o</b> (Postfix versions &gt;= 20010525) Rename files
whose name does not match the message file
inode number. This operation is necessary
after restoring a mail queue from a differ-
ent machine, or from backup media.
<b>o</b> Rename files whose name does not match the
message file inode number. This operation is
necessary after restoring a mail queue from
a different machine, or from backup media.
<b>o</b> Move queue files that are in the wrong place
in the file system hierarchy and remove sub-

8
postfix/html/qmgr.8.html
View File

@ -1,5 +1,4 @@
<html> <head> </head> <body> <pre>
QMGR(8) QMGR(8)
<b>NAME</b>
@ -193,7 +192,7 @@ QMGR(8) QMGR(8)
term, in-memory destination cache.
<b>Timing</b> <b>controls</b>
<b>min</b><i>_</i><b>backoff</b>
<b>minimal</b><i>_</i><b>backoff</b><i>_</i><b>time</b>
Minimal time in seconds between delivery attempts
of a deferred message.
@ -201,7 +200,7 @@ QMGR(8) QMGR(8)
destination is kept in the short-term, in-memory
destination status cache.
<b>max</b><i>_</i><b>backoff</b>
<b>maximal</b><i>_</i><b>backoff</b><i>_</i><b>time</b>
Maximal time in seconds between delivery attempts
of a deferred message.
@ -287,6 +286,5 @@ QMGR(8) QMGR(8)
P.O. Box 704
Yorktown Heights, NY 10598, USA
1
QMGR(8)
</pre> </body> </html>

4
postfix/html/qmqpd.8.html
View File

@ -1,5 +1,4 @@
<html> <head> </head> <body> <pre>
QMQPD(8) QMQPD(8)
<b>NAME</b>
@ -117,6 +116,5 @@ QMQPD(8) QMQPD(8)
P.O. Box 704
Yorktown Heights, NY 10598, USA
1
QMQPD(8)
</pre> </body> </html>

4
postfix/html/security.html
View File

@ -82,8 +82,8 @@ per-process file system name spaces.
Initially, the <b>maildrop</b> queue directory was world-writable,
so that local processes could submit mail without assistance from
a set-uid or set-gid command or from a mail daemon process. The
maildrop directory was never used for mail coming in via the network,
and its queue files were never not readable for other users.
maildrop directory was not used for mail coming in via the network,
and its queue files were not readable for unprivileged users.
<p>

13
postfix/html/sendmail.1.html
View File

@ -1,5 +1,4 @@
<html> <head> </head> <body> <pre>
SENDMAIL(1) SENDMAIL(1)
<b>NAME</b>
@ -125,8 +124,13 @@ SENDMAIL(1) SENDMAIL(1)
<b>-bs</b> Stand-alone SMTP server mode. Read SMTP commands
from standard input, and write responses to stan-
dard output. This mode of operation is implemented
by running the <a href="smtpd.8.html"><b>smtpd</b>(8)</a> daemon.
dard output. In stand-alone SMTP server mode, UCE
restrictions and access controls are disabled by
default. To enable them, run the process as the
<b>mail</b><i>_</i><b>owner</b> user.
This mode of operation is implemented by running
the <a href="smtpd.8.html"><b>smtpd</b>(8)</a> daemon.
<b>-f</b> <i>sender</i>
Set the envelope sender address. This is the
@ -329,6 +333,5 @@ SENDMAIL(1) SENDMAIL(1)
P.O. Box 704
Yorktown Heights, NY 10598, USA
1
SENDMAIL(1)
</pre> </body> </html>

4
postfix/html/showq.8.html
View File

@ -1,5 +1,4 @@
<html> <head> </head> <body> <pre>
SHOWQ(8) SHOWQ(8)
<b>NAME</b>
@ -51,6 +50,5 @@ SHOWQ(8) SHOWQ(8)
P.O. Box 704
Yorktown Heights, NY 10598, USA
1
SHOWQ(8)
</pre> </body> </html>

17
postfix/html/smtp.8.html
View File

@ -1,5 +1,4 @@
<html> <head> </head> <body> <pre>
SMTP(8) SMTP(8)
<b>NAME</b>
@ -121,10 +120,13 @@ SMTP(8) SMTP(8)
Numerical source network address to bind to when
making a connection.
<b>smtp</b><i>_</i><b>break</b><i>_</i><b>lines</b>
Break lines &gt; <b>$line</b><i>_</i><b>length</b><i>_</i><b>limit</b> into multiple
shorter lines. Some SMTP servers misbehave on long
lines.
<b>smtp</b><i>_</i><b>line</b><i>_</i><b>length</b><i>_</i><b>limit</b>
Length limit for SMTP message content lines. Zero
means no limit. Some SMTP servers misbehave on
long lines.
<b>smtp</b><i>_</i><b>helo</b><i>_</i><b>name</b>
The hostname to be used in HELO and EHLO commands.
<b>smtp</b><i>_</i><b>skip</b><i>_</i><b>4xx</b><i>_</i><b>greeting</b>
Skip servers that greet us with a 4xx status code.
@ -147,7 +149,7 @@ SMTP(8) SMTP(8)
turned on.
<b>Authentication</b> <b>controls</b>
<b>smtp</b><i>_</i><b>enable</b><i>_</i><b>sasl</b><i>_</i><b>auth</b>
<b>smtp</b><i>_</i><b>sasl</b><i>_</i><b>auth</b><i>_</i><b>enable</b>
Enable per-session authentication as per <a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a>
(SASL). By default, Postfix is built without SASL
support.
@ -250,6 +252,5 @@ SMTP(8) SMTP(8)
P.O. Box 704
Yorktown Heights, NY 10598, USA
1
SMTP(8)
</pre> </body> </html>

6
postfix/html/smtpd.8.html
View File

@ -1,5 +1,4 @@
<html> <head> </head> <body> <pre>
SMTPD(8) SMTPD(8)
<b>NAME</b>
@ -227,7 +226,7 @@ SMTPD(8) SMTPD(8)
delays.
<b>UCE</b> <b>control</b> <b>restrictions</b>
<b>parent</b><i>_</i><b>domain</b><i>_</i><b>matches</b><i>_</i><b>subdomains</b> (versions &gt;= 20011119)
<b>parent</b><i>_</i><b>domain</b><i>_</i><b>matches</b><i>_</i><b>subdomains</b>
List of Postfix features that use <i>domain.name</i> pat-
terns to match <i>sub.domain.name</i> (as opposed to
requiring <i>.domain.name</i> patterns).
@ -335,6 +334,5 @@ SMTPD(8) SMTPD(8)
P.O. Box 704
Yorktown Heights, NY 10598, USA
1
SMTPD(8)
</pre> </body> </html>

2
postfix/html/transport.5.html
View File

@ -149,7 +149,7 @@ TRANSPORT(5) TRANSPORT(5)
details and for default values. Use the <b>postfix</b> <b>reload</b>
command after a configuration change.
<b>parent</b><i>_</i><b>domain</b><i>_</i><b>matches</b><i>_</i><b>subdomains</b> (versions &gt;= 20011119)
<b>parent</b><i>_</i><b>domain</b><i>_</i><b>matches</b><i>_</i><b>subdomains</b>
List of Postfix features that use <i>domain.name</i> pat-
terns to match <i>sub.domain.name</i> (as opposed to
requiring <i>.domain.name</i> patterns).

2
postfix/html/trivial-rewrite.8.html
View File

@ -110,7 +110,7 @@ TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8)
Syntax is <i>transport</i>:<i>nexthop</i>; see <a href="transport.5.html"><b>transport</b>(5)</a> for
details. The :<i>nexthop</i> part is optional.
<b>parent</b><i>_</i><b>domain</b><i>_</i><b>matches</b><i>_</i><b>subdomains</b> (versions &gt;= 20011119)
<b>parent</b><i>_</i><b>domain</b><i>_</i><b>matches</b><i>_</i><b>subdomains</b>
List of Postfix features that use <i>domain.name</i> pat-
terns to match <i>sub.domain.name</i> (as opposed to
requiring <i>.domain.name</i> patterns).

81
postfix/html/uce.html
View File

@ -48,6 +48,10 @@ command.
<p>
<li> <a href="#body_checks">Body filtering</a>
<p>
<li> <a href="#smtpd_client_restrictions">Client hostname/address
restrictions</a>
@ -93,8 +97,9 @@ restrictions</a>
<h2> Header filtering</h2>
The <b>header_checks</b> parameter restricts what
is allowed in message headers.
The <b>header_checks</b> parameter restricts what is allowed in
message headers. Patterns are applied to entire logical message
headers, even when a header spans multiple lines of text.
<p>
@ -124,6 +129,8 @@ the originator.
<dt>WARN <dd> Log (but do not reject) the header with a warning.
<dt>WARN text... <dd> As above, and also log the text.
</dl>
<p>
@ -151,6 +158,70 @@ mail still to be rejected.</i>
<p>
<a name="body_checks">
<h2> Body filtering</h2>
The <b>body_checks</b> parameter restricts what text is
is allowed in message body lines (including MIME headers
within the message body).
<p>
Note: the message body is matched one line at a time.
There is no multi-line concept as with message headers.
<p>
<dl>
<dt>Default:
<dd>Allow anything in message body lines.
<p>
<dt>Syntax:
<dd>Specify a list of zero or more lookup tables. Whenever a body
line matches a table, the action depends on the lookup result:
<p>
<dl>
<dt>REJECT <dd> Reject the message, and log the matched line.
<dt>REJECT text... <dd> As above, and also send the text to
the originator.
<dt>IGNORE <dd> Delete the matched line from the message.
<dt>WARN <dd> Log (but do not reject) the matched line with a warning.
<dt>WARN text... <dd> As above, and also log the text.
</dl>
<p>
<i>At present, specifying a pattern with OK serves no useful
purpose. A rule ending in OK affects only the line being matched.
The next line may still result in a REJECT match, causing the
mail still to be rejected.</i>
</dl>
<p>
<dt>Examples (main.cf):
<dd> <b>body_checks = regexp:/etc/postfix/body_checks</b>
<dd> <b>body_checks = pcre:/etc/postfix/body_checks</b>
<p>
<a name="smtpd_client_restrictions">
<h2> Client hostname/address restrictions</h2>
@ -162,7 +233,7 @@ clients this system accepts SMTP connections from.
By default, this restriction is applied when the client sends the
RCPT TO command. In order to have the restriction take effect
as soon as possible, specify <b>smtpd_delay_reject = yes</b> in
as soon as possible, specify <b>smtpd_delay_reject = no</b> in
the Postfix <b>main.cf</b> configuration file. Doing so may cause
unexpected results with poorly implemented client software.
@ -560,7 +631,7 @@ response code to rejected requests (default: <b>504</b>).
<a name="reject_sender_login_mismatch">
<dt> <b>reject_sender_login_mismatch</b> (Postfix versions >= 20011125)
<dt> <b>reject_sender_login_mismatch</b>
<dd> Reject the request when <a href="#smtpd_sender_login_maps">
$smtpd_sender_owner_maps</a> specifies an owner for the MAIL FROM
@ -1021,7 +1092,7 @@ specifies the response code to rejected requests (default:
<a name="warn_if_reject">
<dt> <b>warn_if_reject</b> (Postfix versions 20011119 and later)
<dt> <b>warn_if_reject</b>
<dd> Change the meaning of the next restriction, so that it logs
a warning instead of rejecting a request (look for logfile records
that contain "reject_warning"). This is useful for testing new

13
postfix/makedefs
View File

@ -61,14 +61,13 @@ case "$SYSTEM.$RELEASE" in
SCO_SV.3.2) SYSTYPE=SCO5
# Use the native compiler by default
: ${CC="/usr/bin/cc -b elf"}
: ${DEBUG=}
CCARGS="-DPIPES_CANT_FIONREAD $CCARGS"
SYSLIBS="-lsocket -ldbm"
RANLIB=echo
;;
UnixWare.5*) SYSTYPE=UW7
# Use the native compiler by default
: ${CC=/usr/bin/cc}
: ${DEBUG=}
RANLIB=echo
SYSLIBS="-lresolv -lsocket -lnsl"
;;
@ -118,6 +117,11 @@ case "$SYSTEM.$RELEASE" in
5.[0-4]) CCARGS="$CCARGS -DMISSING_USLEEP";;
*) CCARGS="$CCARGS -DHAS_POSIX_REGEXP";;
esac
# Work around broken str*casecmp(). Do it all here instead
# of having half the solution in the sys_defs.h file.
CCARGS="$CCARGS -Dstrcasecmp=fix_strcasecmp \
-Dstrncasecmp=fix_strncasecmp"
STRCASE="strcasecmp.o"
# Avoid common types of braindamage
case "$LD_LIBRARY_PATH" in
?*) echo "Don't set LD_LIBRARY_PATH" 1>&2; exit 1;;
@ -196,7 +200,9 @@ case "$SYSTEM.$RELEASE" in
SYSLIBS="-ldb"
for name in nsl resolv $GDBM_LIBS
do
test -f /usr/lib/lib$name.a && SYSLIBS="$SYSLIBS -l$name"
test -e /usr/lib/lib$name.a -o -e /usr/lib/lib$name.so \
-o -e /lib/lib$name.a -o -e /lib/lib$name.so \
&& SYSLIBS="$SYSLIBS -l$name"
done
;;
IRIX*.5.*) SYSTYPE=IRIX5
@ -302,5 +308,6 @@ CC = $CC $CCARGS
OPT = $OPT
DEBUG = $DEBUG
AWK = $AWK
STRCASE = $STRCASE
EXPORT = AUXLIBS="$AUXLIBS" CCARGS="$CCARGS" OPT="$OPT" DEBUG="$DEBUG"
EOF

15
postfix/man/man1/postmap.1
View File

@ -22,6 +22,9 @@ file formats are expected to be compatible with:
.ti +4
\fBmakemap \fIfile_type\fR \fIfile_name\fR < \fIfile_name\fR
If the result files do not exist they will be created with the
same group and other read permissions as the source file.
While the table update is in progress, signal delivery is
postponed, and an exclusive, advisory, lock is placed on the
entire table, in order to avoid surprises in spectator
@ -34,15 +37,11 @@ A table entry has the form
.ti +5
\fIkey\fR whitespace \fIvalue\fR
.IP \(bu
A line that starts with whitespace (space or tab) is a continuation
of the previous line. An empty line terminates the previous line,
as does a line that starts with non-whitespace (text or comment). A
comment line that starts with whitespace does not terminate multi-line
text.
Empty lines and whitespace-only lines are ignored, as
are lines whose first non-whitespace character is a `#'.
.IP \(bu
The \fB#\fR is recognized as the start of a comment, but only when it is
the first non-whitespace character on a line. A comment terminates
at the end of the line, even when the next line starts with whitespace.
A logical line starts with non-whitespace text. A line that
starts with whitespace continues a logical line.
.PP
The \fIkey\fR and \fIvalue\fR are processed as is, except that
surrounding white space is stripped off. Unlike with Postfix alias

2
postfix/man/man1/postqueue.1
View File

@ -21,7 +21,7 @@ for queue management. It implements all the operations that are
traditionally available via the \fBsendmail\fR(1) command.
The following options are recognized:
.IP \fB-c \fIconfig_dir\fR
.IP "\fB-c \fIconfig_dir\fR"
The \fBmain.cf\fR configuration file is in the named directory
instead of the default configuration directory. See also the
MAIL_CONFIG environment setting below.

5
postfix/man/man1/postsuper.1
View File

@ -24,7 +24,7 @@ directories - this includes the \fBincoming\fR, \fBactive\fR and
\fBdefer\fR and \fBflush\fR directories with log files.
Options:
.IP "\fB-d \fIqueue_id\fR (Postfix versions >= 20010525)"
.IP "\fB-d \fIqueue_id\fR"
Delete one message with the named queue ID from the named
mail queue(s) (default: \fBincoming\fR, \fBactive\fR and
\fBdeferred\fR).
@ -62,7 +62,7 @@ message that it should have deleted.
.IP \fB-p\fR
Purge old temporary files that are left over after system or
software crashes.
.IP "\fB-r \fIqueue_id\fR (Postfix versions >= 20010525)"
.IP "\fB-r \fIqueue_id\fR"
Requeue the message with the named queue ID from the named
mail queue(s) (default: \fBincoming\fR, \fBactive\fR and
\fBdeferred\fR).
@ -90,7 +90,6 @@ Structure check and structure repair. It is highly recommended
to perform this operation once before Postfix startup.
.RS
.IP \(bu
(Postfix versions >= 20010525)
Rename files whose name does not match the message file inode
number. This operation is necessary after restoring a mail queue
from a different machine, or from backup media.

4
postfix/man/man1/sendmail.1
View File

@ -111,6 +111,10 @@ List the mail queue. See the \fBmailq\fR command above.
.IP \fB-bs\fR
Stand-alone SMTP server mode. Read SMTP commands from
standard input, and write responses to standard output.
In stand-alone SMTP server mode, UCE restrictions and
access controls are disabled by default. To enable them,
run the process as the \fBmail_owner\fR user.
.sp
This mode of operation is implemented by running the
\fBsmtpd\fR(8) daemon.
.IP "\fB-f \fIsender\fR"

13
postfix/man/man5/access.5
View File

@ -66,11 +66,11 @@ order to match subdomains.
.IP \fIuser\fR@
Matches all mail addresses with the specified user part.
.PP
Note: lookup of the null sender address may not be possible with
all supported types of lookup table. A workaround is to specify
\fBsmtpd_null_access_lookup_key = <>\fR in the Postfix \fBmain.cf\fR
file, and to specify \fB<>\fR as the left-hand field in the access
table.
Note: lookup of the null sender address is not possible with
some types of lookup table. By default, Postfix uses \fB<>\fR
as the lookup key for such addresses. The value is specified with
the workaround is to specify \fBsmtpd_null_access_lookup_key\fR
parameter in the Postfix \fBmain.cf\fR file.
.SH ADDRESS EXTENSION
.na
.nf
@ -115,6 +115,9 @@ Reject the address etc. that matches the pattern. A generic
error response message is generated.
.IP \fBOK\fR
Accept the address etc. that matches the pattern.
.IP \fIall-numerical\fR
An all-numerical result is treated as OK. This format is
generated by address-based relay authorization schemes.
.IP \fIrestriction...\fR
Apply the named UCE restriction(s) (\fBpermit\fR, \fRreject\fR,
\fBreject_unauth_destination\fR, and so on).

2
postfix/man/man5/transport.5
View File

@ -155,7 +155,7 @@ The following \fBmain.cf\fR parameters are especially relevant to
this topic. See the Postfix \fBmain.cf\fR file for syntax details
and for default values. Use the \fBpostfix reload\fR command after
a configuration change.
.IP "\fBparent_domain_matches_subdomains\fR (versions >= 20011119)"
.IP \fBparent_domain_matches_subdomains\fR
List of Postfix features that use \fIdomain.name\fR patterns
to match \fIsub.domain.name\fR (as opposed to
requiring \fI.domain.name\fR patterns).

2
postfix/man/man8/flush.8
View File

@ -126,7 +126,7 @@ a send request for the corresponding destination.
.IP \fBfast_flush_purge_time\fR
Remove an empty "fast flush" logfile that was not updated in
this amount of time (default time unit: days).
.IP "\fBparent_domain_matches_subdomains\fR (versions >= 20011119)"
.IP \fBparent_domain_matches_subdomains\fR
List of Postfix features that use \fIdomain.name\fR patterns
to match \fIsub.domain.name\fR (as opposed to
requiring \fI.domain.name\fR patterns).

4
postfix/man/man8/local.8
View File

@ -96,7 +96,8 @@ mail arrives for a recipient that is already listed in a
The default per-user mailbox is a file in the UNIX mail spool
directory (\fB/var/mail/\fIuser\fR or \fB/var/spool/mail/\fIuser\fR);
the location can be specified with the \fBmail_spool_directory\fR
configuration parameter.
configuration parameter. Specify a name ending in \fB/\fR for
\fBqmail\fR-compatible \fBmaildir\fR delivery.
Alternatively, the per-user mailbox can be a file in the user's home
directory with a name specified via the \fBhome_mailbox\fR
@ -334,6 +335,7 @@ The \fIaddress\fR is subjected to \fI$name\fR expansion.
.IP \fBmail_spool_directory\fR
Directory with UNIX-style mailboxes. The default pathname is system
dependent.
Specify a path ending in \fB/\fR for maildir-style delivery.
.IP \fBmailbox_command\fR
External command to use for mailbox delivery. The command executes
with the recipient privileges (exception: root). The string is subject

4
postfix/man/man8/nqmgr.8
View File

@ -208,13 +208,13 @@ messages delivered by the transport \fItransport\fR can have.
.SH "Timing controls"
.ad
.fi
.IP \fBmin_backoff\fR
.IP \fBminimal_backoff_time\fR
Minimal time in seconds between delivery attempts
of a deferred message.
.sp
This parameter also limits the time an unreachable destination
is kept in the short-term, in-memory destination status cache.
.IP \fBmax_backoff\fR
.IP \fBmaximal_backoff_time\fR
Maximal time in seconds between delivery attempts
of a deferred message.
.IP \fBmaximal_queue_lifetime\fR

4
postfix/man/man8/qmgr.8
View File

@ -189,13 +189,13 @@ destination cache.
.SH "Timing controls"
.ad
.fi
.IP \fBmin_backoff\fR
.IP \fBminimal_backoff_time\fR
Minimal time in seconds between delivery attempts
of a deferred message.
.sp
This parameter also limits the time an unreachable destination
is kept in the short-term, in-memory destination status cache.
.IP \fBmax_backoff\fR
.IP \fBmaximal_backoff_time\fR
Maximal time in seconds between delivery attempts
of a deferred message.
.IP \fBmaximal_queue_lifetime\fR

8
postfix/man/man8/smtp.8
View File

@ -113,9 +113,11 @@ Always send EHLO at the start of a connection.
Never send EHLO at the start of a connection.
.IP \fBsmtp_bind_address\fR
Numerical source network address to bind to when making a connection.
.IP \fBsmtp_break_lines\fR
Break lines > \fB$line_length_limit\fR into multiple shorter lines.
.IP \fBsmtp_line_length_limit\fR
Length limit for SMTP message content lines. Zero means no limit.
Some SMTP servers misbehave on long lines.
.IP \fBsmtp_helo_name\fR
The hostname to be used in HELO and EHLO commands.
.IP \fBsmtp_skip_4xx_greeting\fR
Skip servers that greet us with a 4xx status code.
.IP \fBsmtp_skip_5xx_greeting\fR
@ -129,7 +131,7 @@ around the CISCO PIX firewall <CR><LF>.<CR><LF> bug.
The time a message must be queued before the CISCO PIX firewall
<CR><LF>.<CR><LF> bug workaround is turned on.
.SH "Authentication controls"
.IP \fBsmtp_enable_sasl_auth\fR
.IP \fBsmtp_sasl_auth_enable\fR
Enable per-session authentication as per RFC 2554 (SASL).
By default, Postfix is built without SASL support.
.IP \fBsmtp_sasl_password_maps\fR

2
postfix/man/man8/smtpd.8
View File

@ -194,7 +194,7 @@ it is penalized with tarpit delays.
.SH "UCE control restrictions"
.ad
.fi
.IP "\fBparent_domain_matches_subdomains\fR (versions >= 20011119)"
.IP \fBparent_domain_matches_subdomains\fR
List of Postfix features that use \fIdomain.name\fR patterns
to match \fIsub.domain.name\fR (as opposed to
requiring \fI.domain.name\fR patterns).

2
postfix/man/man8/trivial-rewrite.8
View File

@ -108,7 +108,7 @@ The default transport is \fBsmtp\fR.
.sp
Syntax is \fItransport\fR:\fInexthop\fR; see \fBtransport\fR(5)
for details. The :\fInexthop\fR part is optional.
.IP "\fBparent_domain_matches_subdomains\fR (versions >= 20011119)"
.IP \fBparent_domain_matches_subdomains\fR
List of Postfix features that use \fIdomain.name\fR patterns
to match \fIsub.domain.name\fR (as opposed to
requiring \fI.domain.name\fR patterns).

5
postfix/postfix-install
View File

@ -88,6 +88,7 @@
# The destination directory for Postfix daemon programs. This directory
# should not be in the command search path of any users.
# The built-in default directory name is /usr/libexec/postfix.
# This parameter setting is recorded in the installed main.cf file.
# .IP command_directory
# The destination directory for Postfix administrative commands. This
# directory should be in the command search path of adminstrative users.
@ -173,7 +174,7 @@ do
case $arg in
*=*) IFS= eval $arg; IFS="$BACKUP_IFS";;
-non-int*) non_interactive=1;;
*) echo $0: Error: $USAGE 1>&2; exit 1;;
*) echo "$0: Error: $USAGE" 1>&2; exit 1;;
esac
shift
done
@ -530,7 +531,7 @@ MANPAGE_DIRECTORY=$install_root$manpage_directory
SAMPLE_DIRECTORY=$install_root$sample_directory
README_DIRECTORY=$install_root$readme_directory
# Avoid repeated tests for existence of these.
# Avoid repeated tests for existence of these; default permissions suffice.
test -d $DAEMON_DIRECTORY || mkdir -p $DAEMON_DIRECTORY || exit 1
test -d $COMMAND_DIRECTORY || mkdir -p $COMMAND_DIRECTORY || exit 1

13
postfix/proto/access
View File

@ -56,11 +56,11 @@
# .IP \fIuser\fR@
# Matches all mail addresses with the specified user part.
# .PP
# Note: lookup of the null sender address may not be possible with
# all supported types of lookup table. A workaround is to specify
# \fBsmtpd_null_access_lookup_key = <>\fR in the Postfix \fBmain.cf\fR
# file, and to specify \fB<>\fR as the left-hand field in the access
# table.
# Note: lookup of the null sender address is not possible with
# some types of lookup table. By default, Postfix uses \fB<>\fR
# as the lookup key for such addresses. The value is specified with
# the workaround is to specify \fBsmtpd_null_access_lookup_key\fR
# parameter in the Postfix \fBmain.cf\fR file.
# ADDRESS EXTENSION
# .fi
# .ad
@ -99,6 +99,9 @@
# error response message is generated.
# .IP \fBOK\fR
# Accept the address etc. that matches the pattern.
# .IP \fIall-numerical\fR
# An all-numerical result is treated as OK. This format is
# generated by address-based relay authorization schemes.
# .IP \fIrestriction...\fR
# Apply the named UCE restriction(s) (\fBpermit\fR, \fRreject\fR,
# \fBreject_unauth_destination\fR, and so on).

4
postfix/proto/aliases0
View File

@ -1,4 +1,8 @@
#
# Sample aliases file. Install in the location as specified by the
# output from the command "postconf alias_maps". Typical path names
# are /etc/aliases or /etc/mail/aliases.
#
# >>>>>>>>>> The program "newaliases" must be run after
# >> NOTE >> this file is updated for any changes to
# >>>>>>>>>> show through to Postfix.

2
postfix/proto/transport
View File

@ -141,7 +141,7 @@
# this topic. See the Postfix \fBmain.cf\fR file for syntax details
# and for default values. Use the \fBpostfix reload\fR command after
# a configuration change.
# .IP "\fBparent_domain_matches_subdomains\fR (versions >= 20011119)"
# .IP \fBparent_domain_matches_subdomains\fR
# List of Postfix features that use \fIdomain.name\fR patterns
# to match \fIsub.domain.name\fR (as opposed to
# requiring \fI.domain.name\fR patterns).

8
postfix/src/bounce/bounce_append_service.c
View File

@ -91,6 +91,12 @@ int bounce_append_service(char *service, char *queue_id,
* file format because we do not need anything more complicated. As a
* benefit, we can still recover some data when the file is a little
* garbled.
*
* XXX addresses in defer logfiles are in printable quoted form, while
* addresses in message envelope records are in raw unquoted form. This
* may change once we replace the present ad-hoc bounce/defer logfile
* format by one that is transparent for control etc. characters. See
* also: showq/showq.c.
*/
if ((orig_length = vstream_fseek(log, 0L, SEEK_END)) < 0)
msg_fatal("seek file %s %s: %m", service, queue_id);
@ -98,6 +104,8 @@ int bounce_append_service(char *service, char *queue_id,
if (*recipient)
vstream_fprintf(log, "<%s>: ",
printable(vstring_str(quote_822_local(in_buf, recipient)), '?'));
else
vstream_fprintf(log, "<>: ");
vstream_fputs(printable(why, '?'), log);
vstream_fputs("\n\n", log);

1
postfix/src/cleanup/Makefile.in
View File

@ -265,6 +265,7 @@ cleanup_out.o: ../../include/vstream.h
cleanup_out.o: ../../include/record.h
cleanup_out.o: ../../include/rec_type.h
cleanup_out.o: ../../include/cleanup_user.h
cleanup_out.o: ../../include/mail_params.h
cleanup_out.o: cleanup.h
cleanup_out.o: ../../include/argv.h
cleanup_out.o: ../../include/maps.h

1
postfix/src/cleanup/cleanup.h
View File

@ -47,6 +47,7 @@ typedef struct CLEANUP_STATE {
int err_mask; /* allowed badness */
VSTRING *header_buf; /* multi-record header */
int headers_seen; /* which headers were seen */
int prev_header_type; /* multi-record physical header line */
int hop_count; /* count of received: headers */
ARGV *recipients; /* recipients from regular headers */
ARGV *resent_recip; /* recipients from resent headers */

2
postfix/src/cleanup/cleanup_api.c
View File

@ -125,7 +125,7 @@ CLEANUP_STATE *cleanup_open(void)
* that the runtime error handler can clean up in case of problems.
*/
state->handle = mail_stream_file(MAIL_QUEUE_INCOMING,
MAIL_CLASS_PUBLIC, MAIL_SERVICE_QUEUE, 0);
MAIL_CLASS_PUBLIC, var_queue_service, 0);
state->dst = state->handle->stream;
cleanup_path = mystrdup(VSTREAM_PATH(state->dst));
state->queue_id = mystrdup(state->handle->id);

3
postfix/src/cleanup/cleanup_map1n.c
View File

@ -112,7 +112,8 @@ ARGV *cleanup_map1n_internal(CLEANUP_STATE *state, char *addr,
state->queue_id, maps->title, addr);
break;
}
if ((lookup = mail_addr_map(maps, argv->argv[arg], propagate)) != 0) {
quote_822_local(state->temp1, argv->argv[arg]);
if ((lookup = mail_addr_map(maps, STR(state->temp1), propagate)) != 0) {
saved_lhs = mystrdup(argv->argv[arg]);
for (i = 0; i < lookup->argc; i++) {
unquote_822_local(state->temp1, lookup->argv[i]);

134
postfix/src/cleanup/cleanup_message.c
View File

@ -254,31 +254,52 @@ static void cleanup_rewrite_recip(CLEANUP_STATE *state, HEADER_OPTS *hdr_opts)
cleanup_fold_header(state);
}
/* cleanup_check_reject - parse and match header/body REJECT line */
/* cleanup_act - act upon a header/body match */
static int cleanup_check_reject(CLEANUP_STATE *state, const char *value)
static int cleanup_act(CLEANUP_STATE *state, char *context, char *buf,
const char *value, const char *map_class)
{
const char *reason = value + strcspn(value, " \t");
const char *optional_text = value + strcspn(value, " \t");
int command_len = optional_text - value;
/*
* See if they spelled REJECT right.
*
* XXX The reason should be set only if we have a more severe error than
* anything that was found before. This calls for a cleanup_set_error()
* routine that takes an error code and an optional text.
*/
if (strncasecmp(value, "REJECT", reason - value) == 0) {
if (state->reason == 0) {
while (*reason && ISSPACE(*reason))
reason++;
state->reason = mystrdup(*reason ? reason :
while (*optional_text && ISSPACE(*optional_text))
optional_text++;
#define STREQUAL(x,y,l) (strncasecmp((x), (y), (l)) == 0 && (y)[l] == 0)
#define CLEANUP_ACT_KEEP 1
#define CLEANUP_ACT_DROP 0
if (STREQUAL(value, "REJECT", command_len)) {
if (state->reason == 0)
state->reason = mystrdup(*optional_text ? optional_text :
cleanup_strerror(CLEANUP_STAT_CONT));
}
state->errs |= CLEANUP_STAT_CONT;
return (1);
} else {
return (0);
msg_info("%s: reject: %s %.200s; from=<%s> to=<%s>: %s",
state->queue_id, context, buf, state->sender,
state->recip ? state->recip : "unknown",
state->reason);
return (CLEANUP_ACT_KEEP);
}
if (STREQUAL(value, "WARN", command_len)) {
msg_info("%s: warning: %s %.200s; from=<%s> to=<%s>: %s",
state->queue_id, context, buf, state->sender,
state->recip ? state->recip : "unknown",
*optional_text ? optional_text :
cleanup_strerror(CLEANUP_STAT_CONT));
return (CLEANUP_ACT_KEEP);
}
if (*optional_text)
msg_warn("unexpected text after command in %s map: %s",
map_class, value);
if (STREQUAL(value, "IGNORE", command_len))
return (CLEANUP_ACT_DROP);
if (STREQUAL(value, "OK", command_len))
return (CLEANUP_ACT_KEEP);
msg_warn("unknown command in %s map: %s", map_class, value);
return (CLEANUP_ACT_KEEP);
}
/* cleanup_header - process one complete header line */
@ -296,25 +317,16 @@ static void cleanup_header(CLEANUP_STATE *state)
const char *value;
if ((value = maps_find(cleanup_header_checks, header, 0)) != 0) {
if (cleanup_check_reject(state, value) != 0) {
msg_info("%s: reject: header %.200s; from=<%s> to=<%s>: %s",
state->queue_id, header, state->sender,
state->recip ? state->recip : "unknown",
state->reason);
} else if (strcasecmp(value, "IGNORE") == 0) {
if (cleanup_act(state, "header", header, value, VAR_HEADER_CHECKS)
== CLEANUP_ACT_DROP)
return;
} else if (strcasecmp(value, "WARN") == 0) {
msg_info("%s: warning: header %.200s; from=<%s> to=<%s>",
state->queue_id, header, state->sender,
state->recip ? state->recip : "unknown");
}
}
}
/*
* If this is an "unknown" header, just copy it to the output without
* even bothering to fold long lines. XXX Should split header lines that
* do not fit a REC_TYPE_NORM record.
* even bothering to fold long lines. cleanup_out() will split long
* headers that do not fit in a REC_TYPE_NORM record.
*/
if ((hdr_opts = header_opts_find(vstring_str(state->header_buf))) == 0) {
cleanup_out_header(state);
@ -506,23 +518,36 @@ static void cleanup_message_header(CLEANUP_STATE *state, int type, char *buf, in
/*
* First, deal with header information that we have accumulated from
* previous input records. A whole record that starts with whitespace is
* a continuation of previous data.
* previous input records.
*
* XXX Silently switch to body processing when some message header requires
* an unreasonable amount of storage, or when a message header record
* does not fit in a REC_TYPE_NORM type record.
* If a physical header line exceeds the capacity of a Postfix queue file
* record, reconstruct the long line from multiple records (up to the
* header size limit), and break the long line up into multiple Postfix
* records upon output to the queue file. Discard text that does not fit
* in a header buffer, so as to avoid breaking MIME formatting.
*
* It is left up to delivery agents to glue long lines back together and to
* enforce an appropriate output line length limit.
*/
if (VSTRING_LEN(state->header_buf) > 0) {
if ((VSTRING_LEN(state->header_buf) >= var_header_limit
|| type == REC_TYPE_CONT)) {
if (type != REC_TYPE_XTRA) {
if (state->prev_header_type == REC_TYPE_CONT) {
if (VSTRING_LEN(state->header_buf) < var_header_limit)
vstring_strcat(state->header_buf, buf);
else
state->errs |= CLEANUP_STAT_HOVFL;
} else if (type == REC_TYPE_NORM && ISSPACE(*buf)) {
state->prev_header_type = type;
return;
}
if (ISSPACE(*buf)) {
if (VSTRING_LEN(state->header_buf) < var_header_limit) {
VSTRING_ADDCH(state->header_buf, '\n');
vstring_strcat(state->header_buf, buf);
} else
state->errs |= CLEANUP_STAT_HOVFL;
state->prev_header_type = type;
return;
} else {
/* Body record or end of message segment. */ ;
}
}
/*
@ -535,14 +560,11 @@ static void cleanup_message_header(CLEANUP_STATE *state, int type, char *buf, in
}
/*
* Switch to body processing if this is not a header or if the saved
* header would require an unreasonable amount of storage. Generate
* missing headers. Add one blank line when the message headers are
* immediately followed by a non-empty message body.
* Switch to body processing if this is not a header. Generate missing
* headers. Add one blank line when the message headers are immediately
* followed by a non-empty message body.
*/
if (((state->errs & CLEANUP_STAT_HOVFL)
|| type != REC_TYPE_NORM
|| !is_header(buf))) {
if (type == REC_TYPE_XTRA || !is_header(buf)) {
cleanup_missing_headers(state);
if (type != REC_TYPE_XTRA && *buf) /* output blank line */
cleanup_out_string(state, REC_TYPE_NORM, "");
@ -555,6 +577,7 @@ static void cleanup_message_header(CLEANUP_STATE *state, int type, char *buf, in
*/
else {
vstring_strcpy(state->header_buf, buf);
state->prev_header_type = type;
}
}
@ -580,18 +603,9 @@ static void cleanup_message_body(CLEANUP_STATE *state, int type, char *buf, int
const char *value;
if ((value = maps_find(cleanup_body_checks, buf, 0)) != 0) {
if (cleanup_check_reject(state, value) != 0) {
msg_info("%s: reject: body %.200s; from=<%s> to=<%s>: %s",
state->queue_id, buf, state->sender,
state->recip ? state->recip : "unknown",
state->reason);
} else if (strcasecmp(value, "IGNORE") == 0) {
if (cleanup_act(state, "body", buf, value, VAR_BODY_CHECKS)
== CLEANUP_ACT_DROP)
return;
} else if (strcasecmp(value, "WARN") == 0) {
msg_info("%s: warning: body %.200s; from=<%s> to=<%s>",
state->queue_id, buf, state->sender,
state->recip ? state->recip : "unknown");
}
}
}
cleanup_out(state, type, buf, len);

33
postfix/src/cleanup/cleanup_out.c
View File

@ -77,6 +77,7 @@
#include <record.h>
#include <rec_type.h>
#include <cleanup_user.h>
#include <mail_params.h>
/* Application-specific. */
@ -86,8 +87,35 @@
void cleanup_out(CLEANUP_STATE *state, int type, char *string, int len)
{
if (CLEANUP_OUT_OK(state)) {
if (rec_put(state->dst, type, string, len) < 0) {
int err = 0;
/*
* Long message header lines have to be read and written as multiple
* records. Other header/body content, and envelope data, is copied one
* record at a time. Be sure to not skip a zero-length request.
*
* XXX We don't know if we're writing a message header or not, but that is
* not a problem. A REC_TYPE_NORM or REC_TYPE_CONT record can always be
* chopped up into an equivalent set of REC_TYPE_CONT plus REC_TYPE_NORM
* records.
*/
if (CLEANUP_OUT_OK(state) == 0)
return;
#define TEXT_RECORD(t) ((t) == REC_TYPE_NORM || (t) == REC_TYPE_CONT)
do {
if (len > var_line_limit && TEXT_RECORD(type)) {
err = rec_put(state->dst, REC_TYPE_CONT, string, var_line_limit);
string += var_line_limit;
len -= var_line_limit;
} else {
err = rec_put(state->dst, type, string, len);
break;
}
} while (len > 0 && err >= 0);
if (err < 0) {
if (errno == EFBIG) {
msg_warn("%s: queue file size limit exceeded",
state->queue_id);
@ -98,7 +126,6 @@ void cleanup_out(CLEANUP_STATE *state, int type, char *string, int len)
}
}
}
}
/* cleanup_out_string - output string to one single record */

1
postfix/src/cleanup/cleanup_state.c
View File

@ -72,6 +72,7 @@ CLEANUP_STATE *cleanup_state_alloc(void)
state->err_mask = 0;
state->header_buf = vstring_alloc(100);
state->headers_seen = 0;
state->prev_header_type = 0;
state->hop_count = 0;
state->recipients = argv_alloc(2);
state->resent_recip = argv_alloc(2);

36
postfix/src/flush/flush.c
View File

@ -110,7 +110,7 @@
/* .IP \fBfast_flush_purge_time\fR
/* Remove an empty "fast flush" logfile that was not updated in
/* this amount of time (default time unit: days).
/* .IP "\fBparent_domain_matches_subdomains\fR (versions >= 20011119)"
/* .IP \fBparent_domain_matches_subdomains\fR
/* List of Postfix features that use \fIdomain.name\fR patterns
/* to match \fIsub.domain.name\fR (as opposed to
/* requiring \fI.domain.name\fR patterns).
@ -203,7 +203,15 @@ static DOMAIN_LIST *flush_domains;
* name space: domain names versus safe-to-use pathnames.
*/
static int flush_add_path(const char *, const char *);
static int flush_send_path(const char *);
static int flush_send_path(const char *, int);
/*
* Do we only refresh the per-destination logfile, or do we really request
* mail delivery as if someone sent ETRN? If the latter, we must override
* information about unavailable hosts or unavailable transports.
*/
#define REFRESH_ONLY 0
#define REFRESH_AND_DELIVER 1
/* flush_site_to_path - convert domain or [addr] to harmless string */
@ -318,7 +326,7 @@ static int flush_add_path(const char *path, const char *queue_id)
/* flush_send_service - flush mail queued for site */
static int flush_send_service(const char *site)
static int flush_send_service(const char *site, int how)
{
char *myname = "flush_send_service";
VSTRING *site_path;
@ -337,7 +345,7 @@ static int flush_send_service(const char *site)
* Map site name to path name and flush the log.
*/
site_path = flush_site_to_path((VSTRING *) 0, site);
status = flush_send_path(STR(site_path));
status = flush_send_path(STR(site_path), how);
vstring_free(site_path);
return (status);
@ -345,17 +353,20 @@ static int flush_send_service(const char *site)
/* flush_send_path - flush logfile file */
static int flush_send_path(const char *path)
static int flush_send_path(const char *path, int how)
{
const char *myname = "flush_send_path";
VSTRING *queue_id;
VSTRING *queue_file;
VSTREAM *log;
struct utimbuf tbuf;
static char qmgr_trigger[] = {
static char qmgr_deliver_trigger[] = {
QMGR_REQ_SCAN_INCOMING, /* scan incoming queue */
QMGR_REQ_FLUSH_DEAD, /* flush dead site/transport cache */
};
static char qmgr_refresh_trigger[] = {
QMGR_REQ_SCAN_INCOMING, /* scan incoming queue */
};
HTABLE *dup_filter;
int count;
@ -463,8 +474,12 @@ static int flush_send_path(const char *path)
if (count > 0) {
if (msg_verbose)
msg_info("%s: requesting delivery for logfile %s", myname, path);
mail_trigger(MAIL_CLASS_PUBLIC, MAIL_SERVICE_QUEUE,
qmgr_trigger, sizeof(qmgr_trigger));
if (how == REFRESH_ONLY)
mail_trigger(MAIL_CLASS_PUBLIC, var_queue_service,
qmgr_refresh_trigger, sizeof(qmgr_refresh_trigger));
else
mail_trigger(MAIL_CLASS_PUBLIC, var_queue_service,
qmgr_deliver_trigger, sizeof(qmgr_deliver_trigger));
}
return (FLUSH_STAT_OK);
}
@ -503,7 +518,7 @@ static int flush_refresh_service(int max_age)
} else if (st.st_atime + max_age < event_time()) {
if (msg_verbose)
msg_info("%s: flush logfile %s", myname, site_path);
flush_send_path(site_path);
flush_send_path(site_path, REFRESH_ONLY);
} else {
if (msg_verbose)
msg_info("%s: skip logfile %s, unread for <%d hours(s) ",
@ -608,7 +623,8 @@ static void flush_service(VSTREAM *client_stream, char *unused_service,
if (attr_scan(client_stream, ATTR_FLAG_STRICT,
ATTR_TYPE_STR, MAIL_ATTR_SITE, site,
ATTR_TYPE_END) == 1)
status = flush_send_service(lowercase(STR(site)));
status = flush_send_service(lowercase(STR(site)),
REFRESH_AND_DELIVER);
attr_print(client_stream, ATTR_FLAG_NONE,
ATTR_TYPE_NUM, MAIL_ATTR_STATUS, status,
ATTR_TYPE_END);

11
postfix/src/global/abounce.c
View File

@ -126,6 +126,7 @@
/* Global library. */
#include <mail_params.h>
#include <mail_proto.h>
#include <abounce.h>
@ -220,7 +221,7 @@ void abounce_flush_verp(int flags, const char *queue, const char *id,
const char *sender, const char *verp,
ABOUNCE_FN callback, char *context)
{
abounce_request_verp(MAIL_CLASS_PRIVATE, MAIL_SERVICE_BOUNCE,
abounce_request_verp(MAIL_CLASS_PRIVATE, var_bounce_service,
BOUNCE_CMD_VERP, flags, queue, id, sender, verp,
callback, context);
}
@ -231,7 +232,7 @@ void adefer_flush_verp(int flags, const char *queue, const char *id,
const char *sender, const char *verp,
ABOUNCE_FN callback, char *context)
{
abounce_request_verp(MAIL_CLASS_PRIVATE, MAIL_SERVICE_DEFER,
abounce_request_verp(MAIL_CLASS_PRIVATE, var_defer_service,
BOUNCE_CMD_VERP, flags, queue, id, sender, verp,
callback, context);
}
@ -278,7 +279,7 @@ static void abounce_request(const char *class, const char *service,
void abounce_flush(int flags, const char *queue, const char *id,
const char *sender, ABOUNCE_FN callback, char *context)
{
abounce_request(MAIL_CLASS_PRIVATE, MAIL_SERVICE_BOUNCE, BOUNCE_CMD_FLUSH,
abounce_request(MAIL_CLASS_PRIVATE, var_bounce_service, BOUNCE_CMD_FLUSH,
flags, queue, id, sender, callback, context);
}
@ -287,7 +288,7 @@ void abounce_flush(int flags, const char *queue, const char *id,
void adefer_flush(int flags, const char *queue, const char *id,
const char *sender, ABOUNCE_FN callback, char *context)
{
abounce_request(MAIL_CLASS_PRIVATE, MAIL_SERVICE_DEFER, BOUNCE_CMD_FLUSH,
abounce_request(MAIL_CLASS_PRIVATE, var_defer_service, BOUNCE_CMD_FLUSH,
flags, queue, id, sender, callback, context);
}
@ -296,6 +297,6 @@ void adefer_flush(int flags, const char *queue, const char *id,
void adefer_warn(int flags, const char *queue, const char *id,
const char *sender, ABOUNCE_FN callback, char *context)
{
abounce_request(MAIL_CLASS_PRIVATE, MAIL_SERVICE_DEFER, BOUNCE_CMD_WARN,
abounce_request(MAIL_CLASS_PRIVATE, var_defer_service, BOUNCE_CMD_WARN,
flags, queue, id, sender, callback, context);
}

9
postfix/src/global/bounce.c
View File

@ -143,16 +143,17 @@ int vbounce_append(int flags, const char *id, const char *recipient,
delay = time((time_t *) 0) - entry;
vstring_vsprintf(why, fmt, ap);
if (mail_command_client(MAIL_CLASS_PRIVATE, var_soft_bounce ?
MAIL_SERVICE_DEFER : MAIL_SERVICE_BOUNCE,
var_defer_service : var_bounce_service,
ATTR_TYPE_NUM, MAIL_ATTR_NREQ, BOUNCE_CMD_APPEND,
ATTR_TYPE_NUM, MAIL_ATTR_FLAGS, flags,
ATTR_TYPE_STR, MAIL_ATTR_QUEUEID, id,
ATTR_TYPE_STR, MAIL_ATTR_RECIP, recipient,
ATTR_TYPE_STR, MAIL_ATTR_WHY, vstring_str(why),
ATTR_TYPE_END) == 0) {
msg_info("%s: to=<%s>, relay=%s, delay=%d, status=%s (%s)",
msg_info("%s: to=<%s>, relay=%s, delay=%d, status=%s (%s%s)",
id, recipient, relay, delay, var_soft_bounce ? "deferred" :
"bounced", vstring_str(why));
"bounced", var_soft_bounce ? "SOFT BOUNCE - " : "",
vstring_str(why));
status = (var_soft_bounce ? -1 : 0);
} else if ((flags & BOUNCE_FLAG_CLEAN) == 0) {
status = defer_append(flags, id, recipient, "bounce", delay,
@ -176,7 +177,7 @@ int bounce_flush(int flags, const char *queue, const char *id,
*/
if (var_soft_bounce)
return (-1);
if (mail_command_client(MAIL_CLASS_PRIVATE, MAIL_SERVICE_BOUNCE,
if (mail_command_client(MAIL_CLASS_PRIVATE, var_bounce_service,
ATTR_TYPE_NUM, MAIL_ATTR_NREQ, BOUNCE_CMD_FLUSH,
ATTR_TYPE_NUM, MAIL_ATTR_FLAGS, flags,
ATTR_TYPE_STR, MAIL_ATTR_QUEUE, queue,

7
postfix/src/global/defer.c
View File

@ -113,6 +113,7 @@
/* Global library. */
#include "mail_params.h"
#include "mail_queue.h"
#include "mail_proto.h"
#include "flush_clnt.h"
@ -145,7 +146,7 @@ int vdefer_append(int flags, const char *id, const char *recipient,
const char *rcpt_domain;
vstring_vsprintf(why, fmt, ap);
if (mail_command_client(MAIL_CLASS_PRIVATE, MAIL_SERVICE_DEFER,
if (mail_command_client(MAIL_CLASS_PRIVATE, var_defer_service,
ATTR_TYPE_NUM, MAIL_ATTR_NREQ, BOUNCE_CMD_APPEND,
ATTR_TYPE_NUM, MAIL_ATTR_FLAGS, flags,
ATTR_TYPE_STR, MAIL_ATTR_QUEUEID, id,
@ -179,7 +180,7 @@ int vdefer_append(int flags, const char *id, const char *recipient,
int defer_flush(int flags, const char *queue, const char *id,
const char *sender)
{
if (mail_command_client(MAIL_CLASS_PRIVATE, MAIL_SERVICE_DEFER,
if (mail_command_client(MAIL_CLASS_PRIVATE, var_defer_service,
ATTR_TYPE_NUM, MAIL_ATTR_NREQ, BOUNCE_CMD_FLUSH,
ATTR_TYPE_NUM, MAIL_ATTR_FLAGS, flags,
ATTR_TYPE_STR, MAIL_ATTR_QUEUE, queue,
@ -198,7 +199,7 @@ int defer_flush(int flags, const char *queue, const char *id,
int defer_warn(int flags, const char *queue, const char *id,
const char *sender)
{
if (mail_command_client(MAIL_CLASS_PRIVATE, MAIL_SERVICE_DEFER,
if (mail_command_client(MAIL_CLASS_PRIVATE, var_defer_service,
ATTR_TYPE_NUM, MAIL_ATTR_NREQ, BOUNCE_CMD_WARN,
ATTR_TYPE_NUM, MAIL_ATTR_FLAGS, flags,
ATTR_TYPE_STR, MAIL_ATTR_QUEUE, queue,

8
postfix/src/global/flush_clnt.c
View File

@ -100,7 +100,7 @@ int flush_purge(void)
if (*var_fflush_domains == 0)
status = FLUSH_STAT_DENY;
else
status = mail_command_client(MAIL_CLASS_PUBLIC, MAIL_SERVICE_FLUSH,
status = mail_command_client(MAIL_CLASS_PUBLIC, var_flush_service,
ATTR_TYPE_STR, MAIL_ATTR_REQ, FLUSH_REQ_PURGE,
ATTR_TYPE_END);
@ -126,7 +126,7 @@ int flush_refresh(void)
if (*var_fflush_domains == 0)
status = FLUSH_STAT_DENY;
else
status = mail_command_client(MAIL_CLASS_PUBLIC, MAIL_SERVICE_FLUSH,
status = mail_command_client(MAIL_CLASS_PUBLIC, var_flush_service,
ATTR_TYPE_STR, MAIL_ATTR_REQ, FLUSH_REQ_REFRESH,
ATTR_TYPE_END);
@ -152,7 +152,7 @@ int flush_send(const char *site)
if (*var_fflush_domains == 0)
status = FLUSH_STAT_DENY;
else
status = mail_command_client(MAIL_CLASS_PUBLIC, MAIL_SERVICE_FLUSH,
status = mail_command_client(MAIL_CLASS_PUBLIC, var_flush_service,
ATTR_TYPE_STR, MAIL_ATTR_REQ, FLUSH_REQ_SEND,
ATTR_TYPE_STR, MAIL_ATTR_SITE, site,
ATTR_TYPE_END);
@ -179,7 +179,7 @@ int flush_add(const char *site, const char *queue_id)
if (*var_fflush_domains == 0)
status = FLUSH_STAT_DENY;
else
status = mail_command_client(MAIL_CLASS_PUBLIC, MAIL_SERVICE_FLUSH,
status = mail_command_client(MAIL_CLASS_PUBLIC, var_flush_service,
ATTR_TYPE_STR, MAIL_ATTR_REQ, FLUSH_REQ_ADD,
ATTR_TYPE_STR, MAIL_ATTR_SITE, site,
ATTR_TYPE_STR, MAIL_ATTR_QUEUEID, queue_id,

3
postfix/src/global/mail_flush.c
View File

@ -33,6 +33,7 @@
/* Global library. */
#include <mail_params.h>
#include <mail_proto.h>
#include <mail_flush.h>
@ -50,6 +51,6 @@ int mail_flush_deferred(void)
/*
* Trigger the flush queue service.
*/
return (mail_trigger(MAIL_CLASS_PUBLIC, MAIL_SERVICE_QUEUE,
return (mail_trigger(MAIL_CLASS_PUBLIC, var_queue_service,
qmgr_trigger, sizeof(qmgr_trigger)));
}

30
postfix/src/global/mail_params.c
View File

@ -42,6 +42,7 @@
/* int var_line_limit;
/* char *var_alias_db_map;
/* int var_message_limit;
/* char *var_mail_release;
/* char *var_mail_version;
/* int var_ipc_idle_limit;
/* char *var_db_type;
@ -75,6 +76,15 @@
/* int var_debug_peer_level;
/* int var_in_flow_delay;
/* int var_fault_inj_code;
/* char *var_bounce_service;
/* char *var_cleanup_service;
/* char *var_defer_service;
/* char *var_pickup_service;
/* char *var_queue_service;
/* char *var_rewrite_service;
/* char *var_showq_service;
/* char *var_error_service;
/* char *var_flush_service;
/*
/* void mail_params_init()
/* DESCRIPTION
@ -170,6 +180,7 @@ char *var_double_bounce_sender;
int var_line_limit;
char *var_alias_db_map;
int var_message_limit;
char *var_mail_release;
char *var_mail_version;
int var_ipc_idle_limit;
char *var_db_type;
@ -203,6 +214,15 @@ char *var_export_environ;
char *var_debug_peer_list;
int var_debug_peer_level;
int var_fault_inj_code;
char *var_bounce_service;
char *var_cleanup_service;
char *var_defer_service;
char *var_pickup_service;
char *var_queue_service;
char *var_rewrite_service;
char *var_showq_service;
char *var_error_service;
char *var_flush_service;
#define MAIN_CONF_FILE "main.cf"
@ -395,6 +415,7 @@ void mail_params_init()
VAR_DOUBLE_BOUNCE, DEF_DOUBLE_BOUNCE, &var_double_bounce_sender, 1, 0,
VAR_DEFAULT_PRIVS, DEF_DEFAULT_PRIVS, &var_default_privs, 1, 0,
VAR_ALIAS_DB_MAP, DEF_ALIAS_DB_MAP, &var_alias_db_map, 0, 0,
VAR_MAIL_RELEASE, DEF_MAIL_RELEASE, &var_mail_release, 1, 0,
VAR_MAIL_VERSION, DEF_MAIL_VERSION, &var_mail_version, 1, 0,
VAR_DB_TYPE, DEF_DB_TYPE, &var_db_type, 1, 0,
VAR_HASH_QUEUE_NAMES, DEF_HASH_QUEUE_NAMES, &var_hash_queue_names, 1, 0,
@ -410,6 +431,15 @@ void mail_params_init()
VAR_VERP_FILTER, DEF_VERP_FILTER, &var_verp_filter, 1, 0,
VAR_PAR_DOM_MATCH, DEF_PAR_DOM_MATCH, &var_par_dom_match, 0, 0,
VAR_CONFIG_DIRS, DEF_CONFIG_DIRS, &var_config_dirs, 0, 0,
VAR_BOUNCE_SERVICE, DEF_BOUNCE_SERVICE, &var_bounce_service, 1, 0,
VAR_CLEANUP_SERVICE, DEF_CLEANUP_SERVICE, &var_cleanup_service, 1, 0,
VAR_DEFER_SERVICE, DEF_DEFER_SERVICE, &var_defer_service, 1, 0,
VAR_PICKUP_SERVICE, DEF_PICKUP_SERVICE, &var_pickup_service, 1, 0,
VAR_QUEUE_SERVICE, DEF_QUEUE_SERVICE, &var_queue_service, 1, 0,
VAR_REWRITE_SERVICE, DEF_REWRITE_SERVICE, &var_rewrite_service, 1, 0,
VAR_SHOWQ_SERVICE, DEF_SHOWQ_SERVICE, &var_showq_service, 1, 0,
VAR_ERROR_SERVICE, DEF_ERROR_SERVICE, &var_error_service, 1, 0,
VAR_FLUSH_SERVICE, DEF_FLUSH_SERVICE, &var_flush_service, 1, 0,
0,
};
static CONFIG_STR_FN_TABLE function_str_defaults_2[] = {

72
postfix/src/global/mail_params.h
View File

@ -734,13 +734,17 @@ extern bool var_smtp_never_ehlo;
#define DEF_SMTP_BIND_ADDR ""
extern char *var_smtp_bind_addr;
#define VAR_SMTP_HELO_NAME "smtp_helo_name"
#define DEF_SMTP_HELO_NAME "$myhostname"
extern char *var_smtp_helo_name;
#define VAR_SMTP_RAND_ADDR "smtp_randomize_addresses"
#define DEF_SMTP_RAND_ADDR 1
extern bool var_smtp_rand_addr;
#define VAR_SMTP_BREAK_LINES "smtp_break_lines"
#define DEF_SMTP_BREAK_LINES 1
extern bool var_smtp_break_lines;
#define VAR_SMTP_LINE_LIMIT "smtp_line_length_limit"
#define DEF_SMTP_LINE_LIMIT 990
extern int var_smtp_line_limit;
#define VAR_SMTP_PIX_THRESH "smtp_pix_workaround_threshold_time"
#define DEF_SMTP_PIX_THRESH "500s"
@ -1189,7 +1193,7 @@ extern int var_smtpd_delay_reject;
#define REJECT_UNAUTH_PIPE "reject_unauth_pipelining"
#define VAR_SMTPD_NULL_KEY "smtpd_null_access_lookup_key"
#define DEF_SMTPD_NULL_KEY ""
#define DEF_SMTPD_NULL_KEY "<>"
extern char *var_smtpd_null_key;
/*
@ -1353,7 +1357,11 @@ extern bool var_verp_bounce_off;
* the sending processes get a chance to access the disk.
*/
#define VAR_IN_FLOW_DELAY "in_flow_delay"
#ifdef PIPES_CANT_FIONREAD
#define DEF_IN_FLOW_DELAY "0s"
#else
#define DEF_IN_FLOW_DELAY "1s"
#endif
extern int var_in_flow_delay;
/*
@ -1411,6 +1419,62 @@ extern int var_fault_inj_code;
#define DEF_README_DIR "no"
#endif
/*
* Service names. The transport (TCP, FIFO or UNIX-domain) type is frozen
* because you cannot simply mix them, and accessibility (private/public) is
* frozen for security reasons. We list only the internal services, not the
* externally visible SMTP server, or the delivery agents that can already
* be chosen via transport mappings etc.
*/
#define VAR_BOUNCE_SERVICE "bounce_service_name"
#define DEF_BOUNCE_SERVICE MAIL_SERVICE_BOUNCE
extern char *var_bounce_service;
#define VAR_CLEANUP_SERVICE "cleanup_service_name"
#define DEF_CLEANUP_SERVICE MAIL_SERVICE_CLEANUP
extern char *var_cleanup_service;
#define VAR_DEFER_SERVICE "defer_service_name"
#define DEF_DEFER_SERVICE MAIL_SERVICE_DEFER
extern char *var_defer_service;
#define VAR_PICKUP_SERVICE "pickup_service_name"
#define DEF_PICKUP_SERVICE MAIL_SERVICE_PICKUP
extern char *var_pickup_service;
#define VAR_QUEUE_SERVICE "queue_service_name"
#define DEF_QUEUE_SERVICE MAIL_SERVICE_QUEUE
extern char *var_queue_service;
/* XXX resolve does not exist as a separate service */
#define VAR_REWRITE_SERVICE "rewrite_service_name"
#define DEF_REWRITE_SERVICE MAIL_SERVICE_REWRITE
extern char *var_rewrite_service;
#define VAR_SHOWQ_SERVICE "showq_service_name"
#define DEF_SHOWQ_SERVICE MAIL_SERVICE_SHOWQ
extern char *var_showq_service;
#define VAR_ERROR_SERVICE "error_service_name"
#define DEF_ERROR_SERVICE MAIL_SERVICE_ERROR
extern char *var_error_service;
#define VAR_FLUSH_SERVICE "flush_service_name"
#define DEF_FLUSH_SERVICE MAIL_SERVICE_FLUSH
extern char *var_flush_service;
/*
* Mailbox/maildir delivery errors that cause delivery to be tried again.
*/
#define VAR_MBX_DEFER_ERRS "mailbox_defer_errors"
#define DEF_MBX_DEFER_ERRS "eagain, enospc, estale"
extern char *var_mbx_defer_errs;
#define VAR_MDR_DEFER_ERRS "maildir_defer_errors"
#define DEF_MDR_DEFER_ERRS "enospc, estale"
extern char *var_mdr_defer_errs;
/* LICENSE
/* .ad
/* .fi

21
postfix/src/global/mail_version.h
View File

@ -12,12 +12,29 @@
/* .nf
/*
* Version of this program.
* Version of this program. Official versions are called a.b.c, and
* snapshots are called a.b.c-yyyymmdd, where a=major release number,
* b=minor release number, c=patchlevel, and yyyymmdd is the release date:
* yyyy=year, mm=month, dd=day.
*
* Patches change the patchlevel and the release date. Snapshots change the
* release date only, unless they include the same bugfix as a patch release.
*/
#define VAR_MAIL_VERSION "mail_version"
#define DEF_MAIL_VERSION "Snapshot-20020115"
#ifdef SNAPSHOT
#define DEF_MAIL_VERSION "1.1.5-$mail_release_date"
#else
#define DEF_MAIL_VERSION "1.1.5"
#endif
extern char *var_mail_version;
/*
* Release date.
*/
#define VAR_MAIL_RELEASE "mail_release_date"
#define DEF_MAIL_RELEASE "20020311"
extern char *var_mail_release;
/* LICENSE
/* .ad
/* .fi

3
postfix/src/global/mkmap_open.c
View File

@ -164,7 +164,8 @@ MKMAP *mkmap_open(const char *type, const char *path,
* needed because the underlying routines read as well as write.
*/
mkmap->dict = mkmap->open(path, open_flags, dict_flags);
mkmap->dict->fd = -1; /* XXX just in case */
mkmap->dict->lock_fd = -1; /* XXX just in case */
mkmap->dict->stat_fd = -1; /* XXX just in case */
mkmap->dict->flags |= DICT_FLAG_DUP_WARN;
return (mkmap);
}

2
postfix/src/global/off_cvt.c
View File

@ -74,7 +74,7 @@ off_t off_cvt_string(const char *str)
/*
* Multiplication by numbers > 2 can overflow without producing a smaller
* result mod 2^N (where N is the number of bits in the result type).
* (Victor Duchovny, Morgan Stanley).
* (Victor Duchovni, Morgan Stanley).
*/
for (result = 0; (ch = *(unsigned char *) str) != 0; str++) {
if (!ISDIGIT(ch))

1
postfix/src/global/pipe_command.c
View File

@ -368,6 +368,7 @@ int pipe_command(VSTREAM *src, VSTRING *why,...)
* system a chance to recover, and try again later.
*/
case -1:
msg_warn("fork: %m");
vstring_sprintf(why, "Delivery failed: %m");
return (PIPE_STAT_DEFER);

6
postfix/src/global/post_mail.c
View File

@ -145,7 +145,7 @@ static void post_mail_init(VSTREAM *stream, const char *sender,
|| attr_print(stream, ATTR_FLAG_NONE,
ATTR_TYPE_NUM, MAIL_ATTR_FLAGS, flags,
ATTR_TYPE_END) != 0)
msg_fatal("unable to contact the %s service", MAIL_SERVICE_CLEANUP);
msg_fatal("unable to contact the %s service", var_cleanup_service);
/*
* Generate a minimal envelope section. The cleanup service will add a
@ -173,7 +173,7 @@ VSTREAM *post_mail_fopen(const char *sender, const char *recipient, int flags)
{
VSTREAM *stream;
stream = mail_connect_wait(MAIL_CLASS_PUBLIC, MAIL_SERVICE_CLEANUP);
stream = mail_connect_wait(MAIL_CLASS_PUBLIC, var_cleanup_service);
post_mail_init(stream, sender, recipient, flags);
return (stream);
}
@ -185,7 +185,7 @@ VSTREAM *post_mail_fopen_nowait(const char *sender, const char *recipient,
{
VSTREAM *stream;
if ((stream = mail_connect(MAIL_CLASS_PUBLIC, MAIL_SERVICE_CLEANUP,
if ((stream = mail_connect(MAIL_CLASS_PUBLIC, var_cleanup_service,
BLOCKING)) != 0)
post_mail_init(stream, sender, recipient, flags);
return (stream);

6
postfix/src/global/record.c
View File

@ -113,6 +113,9 @@
int rec_put_type(VSTREAM *stream, int type, long offset)
{
if (type < 0 || type > 255)
msg_panic("rec_put_type: bad record type %d", type);
if (msg_verbose > 2)
msg_info("rec_put_type: %d at %ld", type, offset);
@ -131,6 +134,9 @@ int rec_put(VSTREAM *stream, int type, const char *data, int len)
int len_rest;
int len_byte;
if (type < 0 || type > 255)
msg_panic("rec_put: bad record type %d", type);
if (msg_verbose > 2)
msg_info("rec_put: type %c len %d data %.10s", type, len, data);

2
postfix/src/global/resolve_clnt.c
View File

@ -152,7 +152,7 @@ void resolve_clnt_query(const char *addr, RESOLVE_REPLY *reply)
*/
if (rewrite_clnt_stream == 0)
rewrite_clnt_stream = clnt_stream_create(MAIL_CLASS_PRIVATE,
MAIL_SERVICE_REWRITE, var_ipc_idle_limit);
var_rewrite_service, var_ipc_idle_limit);
for (;;) {
stream = clnt_stream_access(rewrite_clnt_stream);

10
postfix/src/global/resolve_local.c
View File

@ -2,14 +2,14 @@
/* NAME
/* resolve_local 3
/* SUMMARY
/* determine if address resolves to local mail system
/* determine if domain resolves to local mail system
/* SYNOPSIS
/* #include <resolve_local.h>
/*
/* void resolve_local_init()
/*
/* int resolve_local(host)
/* const char *host;
/* int resolve_local(domain)
/* const char *domain;
/* DESCRIPTION
/* resolve_local() determines if the named domain resolves to the
/* local mail system, either by case-insensitive exact match
@ -73,7 +73,7 @@ void resolve_local_init(void)
resolve_local_list = string_list_init(MATCH_FLAG_NONE, var_mydest);
}
/* resolve_local - match address against list of local destinations */
/* resolve_local - match domain against list of local destinations */
int resolve_local(const char *addr)
{
@ -91,6 +91,8 @@ int resolve_local(const char *addr)
* Strip one trailing dot.
*/
len = strlen(saved_addr);
if (len == 0)
RETURN(0);
if (saved_addr[len - 1] == '.')
saved_addr[--len] = 0;

2
postfix/src/global/rewrite_clnt.c
View File

@ -119,7 +119,7 @@ VSTRING *rewrite_clnt(const char *rule, const char *addr, VSTRING *result)
*/
if (rewrite_clnt_stream == 0)
rewrite_clnt_stream = clnt_stream_create(MAIL_CLASS_PRIVATE,
MAIL_SERVICE_REWRITE, var_ipc_idle_limit);
var_rewrite_service, var_ipc_idle_limit);
for (;;) {
stream = clnt_stream_access(rewrite_clnt_stream);

87
postfix/src/lmtp/lmtp_sasl_glue.c
View File

@ -116,6 +116,9 @@ static NAME_MASK lmtp_sasl_sec_mask[] = {
"noactive", SASL_SEC_NOACTIVE,
"nodictionary", SASL_SEC_NODICTIONARY,
"noanonymous", SASL_SEC_NOANONYMOUS,
#if SASL_VERSION_MAJOR >= 2
"mutual_auth", SASL_SEC_MUTUAL_AUTH,
#endif
0,
};
@ -126,6 +129,47 @@ static int lmtp_sasl_sec_opts;
*/
#define STR(x) vstring_str(x)
/*
* Macros to handle API differences between SASLv1 and SASLv2. Specifics:
*
* The SASL_LOG_* constants were renamed in SASLv2.
*
* SASLv2's sasl_client_new takes two new parameters to specify local and
* remote IP addresses for auth mechs that use them.
*
* SASLv2's sasl_client_start function no longer takes the secret parameter.
*
* SASLv2's sasl_decode64 function takes an extra parameter for the length of
* the output buffer.
*
* The other major change is that SASLv2 now takes more responsibility for
* deallocating memory that it allocates internally. Thus, some of the
* function parameters are now 'const', to make sure we don't try to free
* them too. This is dealt with in the code later on.
*/
#if SASL_VERSION_MAJOR < 2
/* SASL version 1.x */
#define SASL_LOG_WARN SASL_LOG_WARNING
#define SASL_LOG_NOTE SASL_LOG_INFO
#define SASL_CLIENT_NEW(srv, fqdn, lport, rport, prompt, secflags, pconn) \
sasl_client_new(srv, fqdn, prompt, secflags, pconn)
#define SASL_CLIENT_START(conn, mechlst, secret, prompt, clout, cllen, mech) \
sasl_client_start(conn, mechlst, secret, prompt, clout, cllen, mech)
#define SASL_DECODE64(in, inlen, out, outmaxlen, outlen) \
sasl_decode64(in, inlen, out, outlen)
#endif
#if SASL_VERSION_MAJOR >= 2
/* SASL version > 2.x */
#define SASL_CLIENT_NEW(srv, fqdn, lport, rport, prompt, secflags, pconn) \
sasl_client_new(srv, fqdn, lport, rport, prompt, secflags, pconn)
#define SASL_CLIENT_START(conn, mechlst, secret, prompt, clout, cllen, mech) \
sasl_client_start(conn, mechlst, prompt, clout, cllen, mech)
#define SASL_DECODE64(in, inlen, out, outmaxlen, outlen) \
sasl_decode64(in, inlen, out, outmaxlen, outlen)
#endif
/*
* Per-host login/password information.
*/
@ -137,14 +181,18 @@ static int lmtp_sasl_log(void *unused_context, int priority,
const char *message)
{
switch (priority) {
case SASL_LOG_ERR:
case SASL_LOG_WARNING:
msg_warn("%s", message);
case SASL_LOG_ERR: /* unusual errors */
case SASL_LOG_WARN: /* non-fatal warnings */
msg_warn("SASL authentication problem: %s", message);
break;
case SASL_LOG_INFO:
case SASL_LOG_NOTE: /* other info */
if (msg_verbose)
msg_info("%s", message);
msg_info("SASL authentication info: %s", message);
break;
#if SASL_VERSION_MAJOR >= 2
case SASL_LOG_FAIL: /* authentication failures */
msg_warn("SASL authentication failure: %s", message);
#endif
}
return (SASL_OK);
}
@ -317,7 +365,12 @@ void lmtp_sasl_start(LMTP_STATE *state)
memcpy((char *) state->sasl_callbacks, callbacks, sizeof(callbacks));
for (cp = state->sasl_callbacks; cp->id != SASL_CB_LIST_END; cp++)
cp->context = (void *) state;
if (sasl_client_new("smtp", state->session->host,
#define NULL_SERVER_ADDR ((char *) 0)
#define NULL_CLIENT_ADDR ((char *) 0)
if (SASL_CLIENT_NEW("smtp", state->session->host,
NULL_CLIENT_ADDR, NULL_SERVER_ADDR,
state->sasl_callbacks, NULL_SECFLAGS,
(sasl_conn_t **) &state->sasl_conn) != SASL_OK)
msg_fatal("per-session SASL client initialization");
@ -354,7 +407,14 @@ int lmtp_sasl_authenticate(LMTP_STATE *state, VSTRING *why)
char *myname = "lmtp_sasl_authenticate";
unsigned enc_length;
unsigned enc_length_out;
#if SASL_VERSION_MAJOR >= 2
const char *clientout;
#else
char *clientout;
#endif
unsigned clientoutlen;
unsigned serverinlen;
LMTP_RESP *resp;
@ -374,7 +434,7 @@ int lmtp_sasl_authenticate(LMTP_STATE *state, VSTRING *why)
/*
* Start the client side authentication protocol.
*/
result = sasl_client_start((sasl_conn_t *) state->sasl_conn,
result = SASL_CLIENT_START((sasl_conn_t *) state->sasl_conn,
state->sasl_mechanism_list,
NO_SASL_SECRET, NO_SASL_INTERACTION,
&clientout, &clientoutlen, &mechanism);
@ -404,7 +464,10 @@ int lmtp_sasl_authenticate(LMTP_STATE *state, VSTRING *why)
STR(state->sasl_encoded), enc_length,
&enc_length_out) != SASL_OK)
msg_panic("%s: sasl_encode64 botch", myname);
#if SASL_VERSION_MAJOR < 2
/* SASL version 1 doesn't free memory that it allocates. */
free(clientout);
#endif
lmtp_chat_cmd(state, "AUTH %s %s", mechanism, STR(state->sasl_encoded));
} else {
lmtp_chat_cmd(state, "AUTH %s", mechanism);
@ -423,8 +486,8 @@ int lmtp_sasl_authenticate(LMTP_STATE *state, VSTRING *why)
(void) mystrtok(&line, "- \t\n"); /* skip over result code */
serverinlen = strlen(line);
VSTRING_SPACE(state->sasl_decoded, serverinlen);
if (sasl_decode64(line, serverinlen,
STR(state->sasl_decoded), &enc_length) != SASL_OK) {
if (SASL_DECODE64(line, serverinlen, STR(state->sasl_decoded),
serverinlen, &enc_length) != SASL_OK) {
vstring_sprintf(why, "malformed SASL challenge from server %s",
state->session->namaddr);
return (-1);
@ -456,7 +519,10 @@ int lmtp_sasl_authenticate(LMTP_STATE *state, VSTRING *why)
STR(state->sasl_encoded), enc_length,
&enc_length_out) != SASL_OK)
msg_panic("%s: sasl_encode64 botch", myname);
#if SASL_VERSION_MAJOR < 2
/* SASL version 1 doesn't free memory that it allocates. */
free(clientout);
#endif
} else {
vstring_strcat(state->sasl_encoded, "");
}
@ -487,7 +553,8 @@ void lmtp_sasl_cleanup(LMTP_STATE *state)
state->sasl_passwd = 0;
}
if (state->sasl_mechanism_list) {
myfree(state->sasl_mechanism_list); /* allocated in lmtp_helo */
/* allocated in lmtp_sasl_helo_auth */
myfree(state->sasl_mechanism_list);
state->sasl_mechanism_list = 0;
}
if (state->sasl_conn) {

4
postfix/src/local/alias.c
View File

@ -113,9 +113,9 @@ static uid_t dict_owner(char *table)
*/
if ((dict = dict_handle(table)) == 0)
msg_panic("%s: can't find dictionary: %s", myname, table);
if (dict->fd < 0)
if (dict->stat_fd < 0)
return (0);
if (fstat(dict->fd, &st) < 0)
if (fstat(dict->stat_fd, &st) < 0)
msg_fatal("%s: fstat dictionary %s: %m", myname, table);
return (st.st_uid);
}

2
postfix/src/local/forward.c
View File

@ -125,7 +125,7 @@ static FORWARD_INFO *forward_open(char *sender)
* "message too large", perhaps some others. The reason not to bounce
* ourselves is that we don't really know who the recipients are.
*/
cleanup = mail_connect(MAIL_CLASS_PUBLIC, MAIL_SERVICE_CLEANUP, BLOCKING);
cleanup = mail_connect(MAIL_CLASS_PUBLIC, var_cleanup_service, BLOCKING);
if (cleanup == 0)
return (0);
close_on_exec(vstream_fileno(cleanup), CLOSE_ON_EXEC);

4
postfix/src/local/local.c
View File

@ -84,7 +84,8 @@
/* The default per-user mailbox is a file in the UNIX mail spool
/* directory (\fB/var/mail/\fIuser\fR or \fB/var/spool/mail/\fIuser\fR);
/* the location can be specified with the \fBmail_spool_directory\fR
/* configuration parameter.
/* configuration parameter. Specify a name ending in \fB/\fR for
/* \fBqmail\fR-compatible \fBmaildir\fR delivery.
/*
/* Alternatively, the per-user mailbox can be a file in the user's home
/* directory with a name specified via the \fBhome_mailbox\fR
@ -306,6 +307,7 @@
/* .IP \fBmail_spool_directory\fR
/* Directory with UNIX-style mailboxes. The default pathname is system
/* dependent.
/* Specify a path ending in \fB/\fR for maildir-style delivery.
/* .IP \fBmailbox_command\fR
/* External command to use for mailbox delivery. The command executes
/* with the recipient privileges (exception: root). The string is subject

1
postfix/src/master/Makefile.in
View File

@ -100,6 +100,7 @@ master.o: ../../include/myflock.h
master.o: ../../include/watchdog.h
master.o: ../../include/clean_env.h
master.o: ../../include/argv.h
master.o: ../../include/safe.h
master.o: ../../include/mail_params.h
master.o: ../../include/debug_process.h
master.o: ../../include/mail_task.h

Some files were not shown because too many files have changed in this diff Show More