mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-23 02:17:44 +00:00
Code Issues Releases Wiki Activity

postfix-3.8-20220527

Browse Source
This commit is contained in:
Wietse Venema 2022-05-27 00:00:00 -05:00 committed by Viktor Dukhovni
parent a646b55ae0
commit fe4e81b23b
15 changed files with 259 additions and 258 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
postfix/HISTORY
View File

@ -26502,3 +26502,34 @@ Apologies for any names omitted.
with the "encoding" configuration file attribute. The default with the "encoding" configuration file attribute. The default
is "UTF8". Previously the encoding was hard-coded as "LATIN1". is "UTF8". Previously the encoding was hard-coded as "LATIN1".
Files: global/dict_pgsql,c, proto/pgsql_table. Files: global/dict_pgsql,c, proto/pgsql_table.
20220512
Documentation: in the text for smtpd_reject_unlisted_sender
and smtpd_reject_unlisted_recipient, refer to the address
class validation in ADDRESS_CLASS_README, instead of repeating
that information in postconf(5). File: proto/postconf.proto.
20220515
Documentation: the text for reject_xxx_sender_login_mismatch
was not optimal for clarity. As new features were added
over time, they were documented in terms of the existing
features. File: proto/postconf.proto.
Documentation: minor tweaks in ADDRESS_CLASS_README. File:
proto/ADDRESS_CLASS_README.html.
20220523
Documentation: add the Postfix >= 3.7 postlog(1) command
to the list of programs that can have set-gid permissions.
File: proto/MAILLOG_README.html.
20220527
Internal documentation: update the timeline annotations of
Milter protocol features. File: milter/milter8.c.
Documentation: edit text for clarity. File:
proto/MILTER_README.html.

31
postfix/README_FILES/ADDRESS_CLASS_README
View File

@ -25,13 +25,13 @@ important for the operation of Postfix.
An address class is defined by three items. An address class is defined by three items.
* The list of domains that are a member of the class: for example, all local * The list of domains that are a member of that address class: for example,
domains, or all relay domains. all local domains, or all relay domains.
* The default delivery transport. For example, the local, virtual or relay * The default delivery transport for that address class. For example, the
delivery transport (delivery transports are defined in master.cf). This local, virtual or relay delivery transport (delivery transports are defined
helps to keep Postfix configurations simple, by avoiding the need for in master.cf). This helps to keep Postfix configurations simple, by
explicit routing information in transport maps. avoiding the need for explicit routing information in transport maps.
* The list of valid recipient addresses for that address class. The Postfix * The list of valid recipient addresses for that address class. The Postfix
SMTP server rejects invalid recipients with "User unknown in <name of SMTP server rejects invalid recipients with "User unknown in <name of
@ -48,9 +48,9 @@ The local domain class.
* Purpose: final delivery for traditional UNIX system accounts and * Purpose: final delivery for traditional UNIX system accounts and
traditional Sendmail-style aliases. This is typically used for the traditional Sendmail-style aliases. This is typically used for the
canonical domains of the machine. For a discussion of the difference canonical domains of the machine (for example, $myhostname, $mydomain). For
between canonical domains, hosted domains and other domains, see the a discussion of the difference between canonical domains, hosted domains
VIRTUAL_README file. and other domains, see the VIRTUAL_README file.
* Domain names are listed with the mydestination parameter. This domain class * Domain names are listed with the mydestination parameter. This domain class
also includes mail for user@[ipaddress] when the IP address is listed with also includes mail for user@[ipaddress] when the IP address is listed with
@ -68,9 +68,10 @@ The local domain class.
The virtual alias domain class. The virtual alias domain class.
* Purpose: hosted domains where each recipient address is aliased to a local * Purpose: hosted domains where each recipient address is aliased to an
UNIX system account or to a remote address. A virtual alias example is address in a different domain, for example, a local UNIX system account or
given in the VIRTUAL_README file. a remote address. A virtual alias example is given in the VIRTUAL_README
file.
* Domain names are listed in virtual_alias_domains. The default value is * Domain names are listed in virtual_alias_domains. The default value is
$virtual_alias_maps for Postfix 1.1 compatibility. $virtual_alias_maps for Postfix 1.1 compatibility.
@ -81,7 +82,7 @@ The virtual alias domain class.
compatibility. compatibility.
* There is no mail delivery transport parameter. Every address must be * There is no mail delivery transport parameter. Every address must be
aliased to some other address. aliased to an address in some other domain.
The virtual mailbox domain class. The virtual mailbox domain class.
@ -158,8 +159,8 @@ earlier Postfix versions:
mail (and bounced undeliverable mail) out of the mail queue. This is mail (and bounced undeliverable mail) out of the mail queue. This is
controlled by the smtpd_reject_unlisted_recipient configuration parameter. controlled by the smtpd_reject_unlisted_recipient configuration parameter.
* As of Postfix version 2.1, the SMTP server also rejects unknown sender * As of Postfix version 2.1, the SMTP server can also reject unknown sender
addresses (i.e. addresses that it would reject as unknown recipient addresses (i.e. addresses that it would reject as an unknown recipient
addresses). Sender "egress filtering" can help to slow down an email worm addresses). Sender "egress filtering" can help to slow down an email worm
explosion. This is controlled by the smtpd_reject_unlisted_sender explosion. This is controlled by the smtpd_reject_unlisted_sender
configuration parameter. configuration parameter.

4
postfix/README_FILES/MAILLOG_README
View File

@ -108,6 +108,6 @@ Limitations:
$maillog_file (also, logging to stdout would interfere with the operation $maillog_file (also, logging to stdout would interfere with the operation
of some of these programs). These programs can log to postlogd(8) if they of some of these programs). These programs can log to postlogd(8) if they
are run by the super-user, or if their executable file has set-gid are run by the super-user, or if their executable file has set-gid
permission. Do not set this permission on programs other than postdrop(1) permission. Do not set this permission on programs other than postdrop(1),
and postqueue(1). postqueue(1), and (Postfix >= 3.7) postlog(1).

30
postfix/README_FILES/MILTER_README
View File

@ -82,10 +82,10 @@ Postfix architecture).
BBuuiillddiinngg MMiilltteerr aapppplliiccaattiioonnss BBuuiillddiinngg MMiilltteerr aapppplliiccaattiioonnss
Milter applications have been written in C, JAVA and Perl, but this document Milter applications have been written in C, Haskell, Java, Perl, Python, Rust,
deals with C applications only. For these, you need an object library that and more, but this document covers C applications only. For these, you need an
implements the Sendmail 8 Milter protocol. Postfix currently does not provide object library that implements the Sendmail 8 Milter protocol. Postfix
such a library, but Sendmail does. currently does not provide such a library, but Sendmail does.
Some systems install the Sendmail libmilter library by default. With other Some systems install the Sendmail libmilter library by default. With other
systems, libmilter may be provided by a package (called "sendmail-devel" on systems, libmilter may be provided by a package (called "sendmail-devel" on
@ -148,9 +148,9 @@ section.
You specify SMTP-only Milter applications (there can be more than one) with the You specify SMTP-only Milter applications (there can be more than one) with the
smtpd_milters parameter. Each Milter application is identified by the name of smtpd_milters parameter. Each Milter application is identified by the name of
its listening socket; other Milter configuration options will be discussed in its listening socket; other Milter configuration options will be discussed in
later sections. Milter applications are applied in the order as specified, and later sections. Postfix sends commands to each Milter application in the order
the first Milter application that rejects a command will override the responses as configured with smtpd_milters. When a Milter application rejects a command,
from other Milter applications. that will override responses from other Milter applications.
/etc/postfix/main.cf: /etc/postfix/main.cf:
# Milters for mail that arrives via the smtpd(8) server. # Milters for mail that arrives via the smtpd(8) server.
@ -192,9 +192,9 @@ Instead, keep Postfix's own Received: message header and use the header_checks
You specify non-SMTP Milter applications with the non_smtpd_milters parameter. You specify non-SMTP Milter applications with the non_smtpd_milters parameter.
This parameter uses the same syntax as the smtpd_milters parameter in the This parameter uses the same syntax as the smtpd_milters parameter in the
previous section. As with the SMTP-only filters, you can specify more than one previous section. As with the SMTP-only filters, you can specify more than one
Milter application; they are applied in the order as specified, and the first Milter application. Postfix sends commands to each Milter application in the
Milter application that rejects a command will override the responses from the order as configured with non_smtpd_milters. When a Milter application rejects a
other applications. command, that will override responses from other Milter applications.
/etc/postfix/main.cf: /etc/postfix/main.cf:
# Milters for non-SMTP mail. # Milters for non-SMTP mail.
@ -470,9 +470,9 @@ Sendmail. See the workarounds section below for solutions.
WWhhaatt mmaaccrrooss wwiillll PPoossttffiixx sseenndd ttoo MMiilltteerrss?? WWhhaatt mmaaccrrooss wwiillll PPoossttffiixx sseenndd ttoo MMiilltteerrss??
Postfix sends specific sets of macros at different Milter protocol stages. The Postfix sends specific sets of macros at different Milter protocol stages. The
sets are configured with the parameters as shown in the table below (EOH = end names of these macros are configured with the parameters shown in the table
of headers; EOM = end of message). The protocol version is a number that below (EOH = end of headers; EOM = end of message). Some lists require a
Postfix sends at the beginning of the Milter protocol handshake. minimum Milter protocol version.
As of Sendmail 8.14.0, Milter applications can specify what macros they want to As of Sendmail 8.14.0, Milter applications can specify what macros they want to
receive at different Milter protocol stages. An application-specified list receive at different Milter protocol stages. An application-specified list
@ -643,6 +643,6 @@ the CONTENT_INSPECTION_README document for a discussion.
The solution is to use Postfix version 2.4 or later. The solution is to use Postfix version 2.4 or later.
* Most Milter configuration options are global. Future Postfix versions may * Postfix versions before 3.0 did not support per-Milter timeouts, per-Milter
support per-Milter timeouts, per-Milter error handling, etc. error handling, etc.

19
postfix/html/ADDRESS_CLASS_README.html
View File

@ -50,10 +50,11 @@ address classes are very important for the operation of Postfix. </p>
<ul> <ul>
<li> <p> The list of domains that are a member of the class: for <li> <p> The list of domains that are a member of that address
example, all <a href="ADDRESS_CLASS_README.html#local_domain_class">local domains</a>, or all <a href="ADDRESS_CLASS_README.html#relay_domain_class">relay domains</a>. </p> class: for example, all <a href="ADDRESS_CLASS_README.html#local_domain_class">local domains</a>, or all <a href="ADDRESS_CLASS_README.html#relay_domain_class">relay domains</a>. </p>
<li> <p> The default delivery transport. For example, the local, <li> <p> The default delivery transport for that address class. For
example, the local,
virtual or relay delivery transport (delivery transports are defined virtual or relay delivery transport (delivery transports are defined
in <a href="master.5.html">master.cf</a>). This helps to keep Postfix configurations simple, in <a href="master.5.html">master.cf</a>). This helps to keep Postfix configurations simple,
by avoiding the need for explicit routing information in transport by avoiding the need for explicit routing information in transport
@ -80,7 +81,8 @@ are. </p>
<li> <p> Purpose: final delivery for traditional UNIX system accounts <li> <p> Purpose: final delivery for traditional UNIX system accounts
and traditional Sendmail-style aliases. This is typically used for and traditional Sendmail-style aliases. This is typically used for
the <a href="VIRTUAL_README.html#canonical">canonical domains</a> of the machine. For a discussion of the the <a href="VIRTUAL_README.html#canonical">canonical domains</a> of the machine (for example, $<a href="postconf.5.html#myhostname">myhostname</a>,
$<a href="postconf.5.html#mydomain">mydomain</a>). For a discussion of the
difference between <a href="VIRTUAL_README.html#canonical">canonical domains</a>, <a href="VIRTUAL_README.html#canonical">hosted domains</a> and other difference between <a href="VIRTUAL_README.html#canonical">canonical domains</a>, <a href="VIRTUAL_README.html#canonical">hosted domains</a> and other
domains, see the <a href="VIRTUAL_README.html">VIRTUAL_README</a> file. </p> domains, see the <a href="VIRTUAL_README.html">VIRTUAL_README</a> file. </p>
@ -108,7 +110,8 @@ class. </p>
<ul> <ul>
<li> <p> Purpose: <a href="VIRTUAL_README.html#canonical">hosted domains</a> where each recipient address is <li> <p> Purpose: <a href="VIRTUAL_README.html#canonical">hosted domains</a> where each recipient address is
aliased to a local UNIX system account or to a remote address. A aliased to an address in a different domain, for example, a local
UNIX system account or a remote address. A
<a href="VIRTUAL_README.html#virtual_alias">virtual alias example</a> is given in the <a href="VIRTUAL_README.html">VIRTUAL_README</a> file. </p> <a href="VIRTUAL_README.html#virtual_alias">virtual alias example</a> is given in the <a href="VIRTUAL_README.html">VIRTUAL_README</a> file. </p>
<li> <p> Domain names are listed in <a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>. The <li> <p> Domain names are listed in <a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>. The
@ -121,7 +124,7 @@ parameter. The Postfix SMTP server rejects invalid recipients with
$<a href="postconf.5.html#virtual_maps">virtual_maps</a> for Postfix 1.1 compatibility. </p> $<a href="postconf.5.html#virtual_maps">virtual_maps</a> for Postfix 1.1 compatibility. </p>
<li> <p> There is no mail delivery transport parameter. Every <li> <p> There is no mail delivery transport parameter. Every
address must be aliased to some other address. </p> address must be aliased to an address in some other domain. </p>
</ul> </ul>
@ -223,9 +226,9 @@ is needed to keep undeliverable mail (and bounced undeliverable
mail) out of the mail queue. This is controlled by the mail) out of the mail queue. This is controlled by the
<a href="postconf.5.html#smtpd_reject_unlisted_recipient">smtpd_reject_unlisted_recipient</a> configuration parameter. </p> <a href="postconf.5.html#smtpd_reject_unlisted_recipient">smtpd_reject_unlisted_recipient</a> configuration parameter. </p>
<li> <p> As of Postfix version 2.1, the SMTP server also rejects <li> <p> As of Postfix version 2.1, the SMTP server can also reject
unknown sender addresses (i.e. addresses that it would reject as unknown sender addresses (i.e. addresses that it would reject as
unknown recipient addresses). Sender "egress filtering" can help an unknown recipient addresses). Sender "egress filtering" can help
to slow down an email worm explosion. This is controlled by the to slow down an email worm explosion. This is controlled by the
<a href="postconf.5.html#smtpd_reject_unlisted_sender">smtpd_reject_unlisted_sender</a> configuration parameter. </p> <a href="postconf.5.html#smtpd_reject_unlisted_sender">smtpd_reject_unlisted_sender</a> configuration parameter. </p>

3
postfix/html/MAILLOG_README.html
View File

@ -174,7 +174,8 @@ to $<a href="postconf.5.html#maillog_file">maillog_file</a> (also, logging to st
operation of some of these programs). These programs can log to operation of some of these programs). These programs can log to
<a href="postlogd.8.html">postlogd(8)</a> if they are run by the super-user, or if their executable <a href="postlogd.8.html">postlogd(8)</a> if they are run by the super-user, or if their executable
file has set-gid permission. Do not set this permission on programs file has set-gid permission. Do not set this permission on programs
other than <a href="postdrop.1.html">postdrop(1)</a> and <a href="postqueue.1.html">postqueue(1)</a>. other than <a href="postdrop.1.html">postdrop(1)</a>, <a href="postqueue.1.html">postqueue(1)</a>, and (Postfix &ge; 3.7)
<a href="postlog.1.html">postlog(1)</a>.
</ul> </ul>

33
postfix/html/MILTER_README.html
View File

@ -194,8 +194,9 @@ href="QSHAPE_README.html#incoming_queue"> incoming </a> </td>
<h2><a name="building">Building Milter applications</a></h2> <h2><a name="building">Building Milter applications</a></h2>
<p> Milter applications have been written in C, JAVA and Perl, but <p> Milter applications have been written in C, Haskell, Java, Perl,
this document deals with C applications only. For these, you need Python, Rust, and more, but
this document covers C applications only. For these, you need
an object library that implements the Sendmail 8 Milter protocol. an object library that implements the Sendmail 8 Milter protocol.
Postfix currently does not provide such a library, but Sendmail Postfix currently does not provide such a library, but Sendmail
does. </p> does. </p>
@ -286,10 +287,10 @@ information. </blockquote>
<p> You specify SMTP-only Milter applications (there can be more <p> You specify SMTP-only Milter applications (there can be more
than one) with the <a href="postconf.5.html#smtpd_milters">smtpd_milters</a> parameter. Each Milter application than one) with the <a href="postconf.5.html#smtpd_milters">smtpd_milters</a> parameter. Each Milter application
is identified by the name of its listening socket; other Milter is identified by the name of its listening socket; other Milter
configuration options will be discussed in later sections. Milter configuration options will be discussed in later sections. Postfix
applications are applied in the order as specified, and the first sends commands to each Milter application in the order as configured
Milter application that rejects a command will override the responses with <a href="postconf.5.html#smtpd_milters">smtpd_milters</a>. When a Milter application rejects a command,
from other Milter applications. </p> that will override responses from other Milter applications. </p>
<blockquote> <blockquote>
<pre> <pre>
@ -348,10 +349,10 @@ information. </p>
<p> You specify non-SMTP Milter applications with the <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a> <p> You specify non-SMTP Milter applications with the <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>
parameter. This parameter uses the same syntax as the <a href="postconf.5.html#smtpd_milters">smtpd_milters</a> parameter. This parameter uses the same syntax as the <a href="postconf.5.html#smtpd_milters">smtpd_milters</a>
parameter in the previous section. As with the SMTP-only filters, parameter in the previous section. As with the SMTP-only filters,
you can specify more than one Milter application; they are applied you can specify more than one Milter application. Postfix sends
in the order as specified, and the first Milter application that commands to each Milter application in the order as configured with
rejects a command will override the responses from the other <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>. When a Milter application rejects a command,
applications. </p> that will override responses from other Milter applications. </p>
<blockquote> <blockquote>
<pre> <pre>
@ -705,10 +706,9 @@ With rejected recipient: "error" </td> </tr>
<h3><a name="send-macros">What macros will Postfix send to Milters?</a></h3> <h3><a name="send-macros">What macros will Postfix send to Milters?</a></h3>
<p> Postfix sends specific sets of macros at different Milter protocol <p> Postfix sends specific sets of macros at different Milter protocol
stages. The sets are configured with the parameters as shown in the stages. The names of these macros are configured with the parameters
table below (EOH = end of headers; EOM = end of message). The shown in the table below (EOH = end of headers; EOM = end of message).
protocol version is a number that Postfix sends at the beginning Some lists require a minimum Milter protocol version. </p>
of the Milter protocol handshake. </p>
<p> As of Sendmail 8.14.0, Milter applications can specify what <p> As of Sendmail 8.14.0, Milter applications can specify what
macros they want to receive at different Milter protocol stages. macros they want to receive at different Milter protocol stages.
@ -941,9 +941,8 @@ st_optionneg[134563840]: 0x3d does not fulfill action requirements 0x1e
<p> The solution is to use Postfix version 2.4 or later. </p> <p> The solution is to use Postfix version 2.4 or later. </p>
<li> <p> Most Milter configuration options are global. Future Postfix <li> <p> Postfix versions before 3.0 did not support per-Milter
versions may support per-Milter timeouts, per-Milter error handling, timeouts, per-Milter error handling, etc. </p>
etc. </p>
</ul> </ul>

102
postfix/html/postconf.5.html
View File

@ -16612,28 +16612,11 @@ access restriction is specified. This prevents the Postfix queue
from filling up with undeliverable MAILER-DAEMON messages. from filling up with undeliverable MAILER-DAEMON messages.
</p> </p>
<p> An address is considered "unknown" when it does not match a <p> An address is considered "unknown" when 1) it does not match a
<a href="virtual.5.html">virtual(5)</a> alias or a <a href="canonical.5.html">canonical(5)</a> mapping, and one of the following <a href="virtual.5.html">virtual(5)</a> alias or <a href="canonical.5.html">canonical(5)</a> mapping, and 2) the address is not
conditions holds: </p> valid for its address class. For a definition of class-based address
validation, see <a href="ADDRESS_CLASS_README.html#classes">
<ul> ADDRESS_CLASS_README</a>. </p>
<li> The recipient domain matches $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>
or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>, but the recipient is not listed in
$<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>, and $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> is not null.
<li> The recipient domain matches $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a> but the
recipient is not listed in $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>.
<li> The recipient domain matches $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> but the
recipient is not listed in $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>, and $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>
is not null.
<li> The recipient domain matches $<a href="postconf.5.html#relay_domains">relay_domains</a> but the recipient
is not listed in $<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a>, and $<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a>
is not null.
</ul>
<p> <p>
This feature is available in Postfix 2.1 and later. This feature is available in Postfix 2.1 and later.
@ -16648,30 +16631,13 @@ This feature is available in Postfix 2.1 and later.
<p> Request that the Postfix SMTP server rejects mail from unknown <p> Request that the Postfix SMTP server rejects mail from unknown
sender addresses, even when no explicit <a href="postconf.5.html#reject_unlisted_sender">reject_unlisted_sender</a> sender addresses, even when no explicit <a href="postconf.5.html#reject_unlisted_sender">reject_unlisted_sender</a>
access restriction is specified. This can slow down an explosion access restriction is specified. This can slow down an explosion
of forged mail from worms or viruses. </p> of forged mail from worms or viruses. </p>
<p> An address is considered "unknown" when it does not match a <p> An address is considered "unknown" when 1) it does not match a
<a href="virtual.5.html">virtual(5)</a> alias or a <a href="canonical.5.html">canonical(5)</a> mapping, and one of the following <a href="virtual.5.html">virtual(5)</a> alias or <a href="canonical.5.html">canonical(5)</a> mapping, and 2) the address is not
conditions holds: </p> valid for its address class. For a definition of class-based address
validation, see <a href="ADDRESS_CLASS_README.html#classes">
<ul> ADDRESS_CLASS_README</a>. </p>
<li> The sender domain matches $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or
$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>, but the sender is not listed in
$<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>, and $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> is not null.
<li> The sender domain matches $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a> but the sender
is not listed in $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>.
<li> The sender domain matches $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> but the
sender is not listed in $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>, and $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>
is not null.
<li> The sender domain matches $<a href="postconf.5.html#relay_domains">relay_domains</a> but the sender is
not listed in $<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a>, and $<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> is
not null.
</ul>
<p> <p>
This feature is available in Postfix 2.1 and later. This feature is available in Postfix 2.1 and later.
@ -17215,15 +17181,30 @@ feature is available in Postfix 2.1 and later. </dd>
<dt><b><a name="reject_authenticated_sender_login_mismatch">reject_authenticated_sender_login_mismatch</a></b></dt> <dt><b><a name="reject_authenticated_sender_login_mismatch">reject_authenticated_sender_login_mismatch</a></b></dt>
<dd>Enforces the <a href="postconf.5.html#reject_sender_login_mismatch">reject_sender_login_mismatch</a> restriction for <dd> Reject the request when the client is authenticated with SASL,
authenticated clients only. This feature is available in but either the MAIL FROM address is not listed in $<a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a>,
Postfix version 2.1 and later. </dd> or the SASL login name is not an owner for that address.
<br>
This prevents an authenticated client from using a MAIL FROM address
that they do not explicitly own.
<br>
This feature is available in Postfix version 2.1 and later. </dd>
<dt><b><a name="reject_known_sender_login_mismatch">reject_known_sender_login_mismatch</a></b></dt> <dt><b><a name="reject_known_sender_login_mismatch">reject_known_sender_login_mismatch</a></b></dt>
<dd>Apply the <a href="postconf.5.html#reject_sender_login_mismatch">reject_sender_login_mismatch</a> restriction only to MAIL <dd> When the client is authenticated with SASL, reject the request
FROM addresses that are known in $<a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a>. This when the MAIL FROM address is listed in $<a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a>,
feature is available in Postfix version 2.11 and later. </dd> but the SASL login name is not an owner for that address.
<br>
When the client is not authenticated with SASL, reject the request
when SASL is enabled, and the MAIL FROM address is listed in
$<a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a>.
<br>
This protects any MAIL FROM address that is listed in
$<a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a>, while still allowing a client to use any
unlisted MAIL FROM address.
<br>
This feature is available in Postfix version 2.11 and later.</dd>
<dt><b><a name="reject_non_fqdn_sender">reject_non_fqdn_sender</a></b></dt> <dt><b><a name="reject_non_fqdn_sender">reject_non_fqdn_sender</a></b></dt>
@ -17251,17 +17232,20 @@ This feature is available in Postfix 2.0 and later.</dd>
<dt><b><a name="reject_sender_login_mismatch">reject_sender_login_mismatch</a></b></dt> <dt><b><a name="reject_sender_login_mismatch">reject_sender_login_mismatch</a></b></dt>
<dd>Reject the request when $<a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a> specifies an <dd> As of Postfix 2.1, this is an alias for
owner for the MAIL FROM address, but the client is not (SASL) logged "<a href="postconf.5.html#reject_authenticated_sender_login_mismatch">reject_authenticated_sender_login_mismatch</a>,
in as that MAIL FROM address owner; or when the client is (SASL) <a href="postconf.5.html#reject_unauthenticated_sender_login_mismatch">reject_unauthenticated_sender_login_mismatch</a>".</dd>
logged in, but the client login name doesn't own the MAIL FROM
address according to $<a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a>.</dd>
<dt><b><a name="reject_unauthenticated_sender_login_mismatch">reject_unauthenticated_sender_login_mismatch</a></b></dt> <dt><b><a name="reject_unauthenticated_sender_login_mismatch">reject_unauthenticated_sender_login_mismatch</a></b></dt>
<dd>Enforces the <a href="postconf.5.html#reject_sender_login_mismatch">reject_sender_login_mismatch</a> restriction for <dd> Reject the request when SASL is enabled, the MAIL FROM address
unauthenticated clients only. This feature is available in is listed in $<a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a>, but the client is not
Postfix version 2.1 and later. </dd> authenticated with SASL.
<br>
With SASL enabled, this prevents an unauthenticated client from
using any MAIL FROM address that is listed in $<a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a>.
<br>
This feature is available in Postfix version 2.1 and later.</dd>
<dt><b><a name="reject_unknown_sender_domain">reject_unknown_sender_domain</a></b></dt> <dt><b><a name="reject_unknown_sender_domain">reject_unknown_sender_domain</a></b></dt>

94
postfix/man/man5/postconf.5
View File

@ -11490,25 +11490,11 @@ recipient addresses, even when no explicit reject_unlisted_recipient
access restriction is specified. This prevents the Postfix queue access restriction is specified. This prevents the Postfix queue
from filling up with undeliverable MAILER\-DAEMON messages. from filling up with undeliverable MAILER\-DAEMON messages.
.PP .PP
An address is considered "unknown" when it does not match a An address is considered "unknown" when 1) it does not match a
\fBvirtual\fR(5) alias or a \fBcanonical\fR(5) mapping, and one of the following \fBvirtual\fR(5) alias or \fBcanonical\fR(5) mapping, and 2) the address is not
conditions holds: valid for its address class. For a definition of class\-based address
.IP \(bu validation, see
The recipient domain matches $mydestination, $inet_interfaces ADDRESS_CLASS_README.
or $proxy_interfaces, but the recipient is not listed in
$local_recipient_maps, and $local_recipient_maps is not null.
.IP \(bu
The recipient domain matches $virtual_alias_domains but the
recipient is not listed in $virtual_alias_maps.
.IP \(bu
The recipient domain matches $virtual_mailbox_domains but the
recipient is not listed in $virtual_mailbox_maps, and $virtual_mailbox_maps
is not null.
.IP \(bu
The recipient domain matches $relay_domains but the recipient
is not listed in $relay_recipient_maps, and $relay_recipient_maps
is not null.
.br
.PP .PP
This feature is available in Postfix 2.1 and later. This feature is available in Postfix 2.1 and later.
.SH smtpd_reject_unlisted_sender (default: no) .SH smtpd_reject_unlisted_sender (default: no)
@ -11517,25 +11503,11 @@ sender addresses, even when no explicit reject_unlisted_sender
access restriction is specified. This can slow down an explosion access restriction is specified. This can slow down an explosion
of forged mail from worms or viruses. of forged mail from worms or viruses.
.PP .PP
An address is considered "unknown" when it does not match a An address is considered "unknown" when 1) it does not match a
\fBvirtual\fR(5) alias or a \fBcanonical\fR(5) mapping, and one of the following \fBvirtual\fR(5) alias or \fBcanonical\fR(5) mapping, and 2) the address is not
conditions holds: valid for its address class. For a definition of class\-based address
.IP \(bu validation, see
The sender domain matches $mydestination, $inet_interfaces or ADDRESS_CLASS_README.
$proxy_interfaces, but the sender is not listed in
$local_recipient_maps, and $local_recipient_maps is not null.
.IP \(bu
The sender domain matches $virtual_alias_domains but the sender
is not listed in $virtual_alias_maps.
.IP \(bu
The sender domain matches $virtual_mailbox_domains but the
sender is not listed in $virtual_mailbox_maps, and $virtual_mailbox_maps
is not null.
.IP \(bu
The sender domain matches $relay_domains but the sender is
not listed in $relay_recipient_maps, and $relay_recipient_maps is
not null.
.br
.PP .PP
This feature is available in Postfix 2.1 and later. This feature is available in Postfix 2.1 and later.
.SH smtpd_relay_before_recipient_restrictions (default: see "postconf \-d" output) .SH smtpd_relay_before_recipient_restrictions (default: see "postconf \-d" output)
@ -11921,14 +11893,29 @@ use DUNNO in order to exclude specific hosts from denylists. This
feature is available in Postfix 2.1 and later. feature is available in Postfix 2.1 and later.
.br .br
.IP "\fBreject_authenticated_sender_login_mismatch\fR" .IP "\fBreject_authenticated_sender_login_mismatch\fR"
Enforces the reject_sender_login_mismatch restriction for Reject the request when the client is authenticated with SASL,
authenticated clients only. This feature is available in but either the MAIL FROM address is not listed in $smtpd_sender_login_maps,
Postfix version 2.1 and later. or the SASL login name is not an owner for that address.
.br
This prevents an authenticated client from using a MAIL FROM address
that they do not explicitly own.
.br
This feature is available in Postfix version 2.1 and later.
.br .br
.IP "\fBreject_known_sender_login_mismatch\fR" .IP "\fBreject_known_sender_login_mismatch\fR"
Apply the reject_sender_login_mismatch restriction only to MAIL When the client is authenticated with SASL, reject the request
FROM addresses that are known in $smtpd_sender_login_maps. This when the MAIL FROM address is listed in $smtpd_sender_login_maps,
feature is available in Postfix version 2.11 and later. but the SASL login name is not an owner for that address.
.br
When the client is not authenticated with SASL, reject the request
when SASL is enabled, and the MAIL FROM address is listed in
$smtpd_sender_login_maps.
.br
This protects any MAIL FROM address that is listed in
$smtpd_sender_login_maps, while still allowing a client to use any
unlisted MAIL FROM address.
.br
This feature is available in Postfix version 2.11 and later.
.br .br
.IP "\fBreject_non_fqdn_sender\fR" .IP "\fBreject_non_fqdn_sender\fR"
Reject the request when the MAIL FROM address specifies a Reject the request when the MAIL FROM address specifies a
@ -11957,16 +11944,19 @@ specifies tables with server replies indexed by \fIrbl_domain\fR.
This feature is available in Postfix 2.0 and later. This feature is available in Postfix 2.0 and later.
.br .br
.IP "\fBreject_sender_login_mismatch\fR" .IP "\fBreject_sender_login_mismatch\fR"
Reject the request when $smtpd_sender_login_maps specifies an As of Postfix 2.1, this is an alias for
owner for the MAIL FROM address, but the client is not (SASL) logged "reject_authenticated_sender_login_mismatch,
in as that MAIL FROM address owner; or when the client is (SASL) reject_unauthenticated_sender_login_mismatch".
logged in, but the client login name doesn't own the MAIL FROM
address according to $smtpd_sender_login_maps.
.br .br
.IP "\fBreject_unauthenticated_sender_login_mismatch\fR" .IP "\fBreject_unauthenticated_sender_login_mismatch\fR"
Enforces the reject_sender_login_mismatch restriction for Reject the request when SASL is enabled, the MAIL FROM address
unauthenticated clients only. This feature is available in is listed in $smtpd_sender_login_maps, but the client is not
Postfix version 2.1 and later. authenticated with SASL.
.br
With SASL enabled, this prevents an unauthenticated client from
using any MAIL FROM address that is listed in $smtpd_sender_login_maps.
.br
This feature is available in Postfix version 2.1 and later.
.br .br
.IP "\fBreject_unknown_sender_domain\fR" .IP "\fBreject_unknown_sender_domain\fR"
Reject the request when Postfix is not the final destination for Reject the request when Postfix is not the final destination for

19
postfix/proto/ADDRESS_CLASS_README.html
View File

@ -50,10 +50,11 @@ address classes are very important for the operation of Postfix. </p>
<ul> <ul>
<li> <p> The list of domains that are a member of the class: for <li> <p> The list of domains that are a member of that address
example, all local domains, or all relay domains. </p> class: for example, all local domains, or all relay domains. </p>
<li> <p> The default delivery transport. For example, the local, <li> <p> The default delivery transport for that address class. For
example, the local,
virtual or relay delivery transport (delivery transports are defined virtual or relay delivery transport (delivery transports are defined
in master.cf). This helps to keep Postfix configurations simple, in master.cf). This helps to keep Postfix configurations simple,
by avoiding the need for explicit routing information in transport by avoiding the need for explicit routing information in transport
@ -80,7 +81,8 @@ are. </p>
<li> <p> Purpose: final delivery for traditional UNIX system accounts <li> <p> Purpose: final delivery for traditional UNIX system accounts
and traditional Sendmail-style aliases. This is typically used for and traditional Sendmail-style aliases. This is typically used for
the canonical domains of the machine. For a discussion of the the canonical domains of the machine (for example, $myhostname,
$mydomain). For a discussion of the
difference between canonical domains, hosted domains and other difference between canonical domains, hosted domains and other
domains, see the VIRTUAL_README file. </p> domains, see the VIRTUAL_README file. </p>
@ -108,7 +110,8 @@ class. </p>
<ul> <ul>
<li> <p> Purpose: hosted domains where each recipient address is <li> <p> Purpose: hosted domains where each recipient address is
aliased to a local UNIX system account or to a remote address. A aliased to an address in a different domain, for example, a local
UNIX system account or a remote address. A
virtual alias example is given in the VIRTUAL_README file. </p> virtual alias example is given in the VIRTUAL_README file. </p>
<li> <p> Domain names are listed in virtual_alias_domains. The <li> <p> Domain names are listed in virtual_alias_domains. The
@ -121,7 +124,7 @@ parameter. The Postfix SMTP server rejects invalid recipients with
$virtual_maps for Postfix 1.1 compatibility. </p> $virtual_maps for Postfix 1.1 compatibility. </p>
<li> <p> There is no mail delivery transport parameter. Every <li> <p> There is no mail delivery transport parameter. Every
address must be aliased to some other address. </p> address must be aliased to an address in some other domain. </p>
</ul> </ul>
@ -223,9 +226,9 @@ is needed to keep undeliverable mail (and bounced undeliverable
mail) out of the mail queue. This is controlled by the mail) out of the mail queue. This is controlled by the
smtpd_reject_unlisted_recipient configuration parameter. </p> smtpd_reject_unlisted_recipient configuration parameter. </p>
<li> <p> As of Postfix version 2.1, the SMTP server also rejects <li> <p> As of Postfix version 2.1, the SMTP server can also reject
unknown sender addresses (i.e. addresses that it would reject as unknown sender addresses (i.e. addresses that it would reject as
unknown recipient addresses). Sender "egress filtering" can help an unknown recipient addresses). Sender "egress filtering" can help
to slow down an email worm explosion. This is controlled by the to slow down an email worm explosion. This is controlled by the
smtpd_reject_unlisted_sender configuration parameter. </p> smtpd_reject_unlisted_sender configuration parameter. </p>

3
postfix/proto/MAILLOG_README.html
View File

@ -174,7 +174,8 @@ to $maillog_file (also, logging to stdout would interfere with the
operation of some of these programs). These programs can log to operation of some of these programs). These programs can log to
postlogd(8) if they are run by the super-user, or if their executable postlogd(8) if they are run by the super-user, or if their executable
file has set-gid permission. Do not set this permission on programs file has set-gid permission. Do not set this permission on programs
other than postdrop(1) and postqueue(1). other than postdrop(1), postqueue(1), and (Postfix &ge; 3.7)
postlog(1).
</ul> </ul>

33
postfix/proto/MILTER_README.html
View File

@ -194,8 +194,9 @@ href="QSHAPE_README.html#incoming_queue"> incoming </a> </td>
<h2><a name="building">Building Milter applications</a></h2> <h2><a name="building">Building Milter applications</a></h2>
<p> Milter applications have been written in C, JAVA and Perl, but <p> Milter applications have been written in C, Haskell, Java, Perl,
this document deals with C applications only. For these, you need Python, Rust, and more, but
this document covers C applications only. For these, you need
an object library that implements the Sendmail 8 Milter protocol. an object library that implements the Sendmail 8 Milter protocol.
Postfix currently does not provide such a library, but Sendmail Postfix currently does not provide such a library, but Sendmail
does. </p> does. </p>
@ -286,10 +287,10 @@ information. </blockquote>
<p> You specify SMTP-only Milter applications (there can be more <p> You specify SMTP-only Milter applications (there can be more
than one) with the smtpd_milters parameter. Each Milter application than one) with the smtpd_milters parameter. Each Milter application
is identified by the name of its listening socket; other Milter is identified by the name of its listening socket; other Milter
configuration options will be discussed in later sections. Milter configuration options will be discussed in later sections. Postfix
applications are applied in the order as specified, and the first sends commands to each Milter application in the order as configured
Milter application that rejects a command will override the responses with smtpd_milters. When a Milter application rejects a command,
from other Milter applications. </p> that will override responses from other Milter applications. </p>
<blockquote> <blockquote>
<pre> <pre>
@ -348,10 +349,10 @@ information. </p>
<p> You specify non-SMTP Milter applications with the non_smtpd_milters <p> You specify non-SMTP Milter applications with the non_smtpd_milters
parameter. This parameter uses the same syntax as the smtpd_milters parameter. This parameter uses the same syntax as the smtpd_milters
parameter in the previous section. As with the SMTP-only filters, parameter in the previous section. As with the SMTP-only filters,
you can specify more than one Milter application; they are applied you can specify more than one Milter application. Postfix sends
in the order as specified, and the first Milter application that commands to each Milter application in the order as configured with
rejects a command will override the responses from the other non_smtpd_milters. When a Milter application rejects a command,
applications. </p> that will override responses from other Milter applications. </p>
<blockquote> <blockquote>
<pre> <pre>
@ -705,10 +706,9 @@ With rejected recipient: "error" </td> </tr>
<h3><a name="send-macros">What macros will Postfix send to Milters?</a></h3> <h3><a name="send-macros">What macros will Postfix send to Milters?</a></h3>
<p> Postfix sends specific sets of macros at different Milter protocol <p> Postfix sends specific sets of macros at different Milter protocol
stages. The sets are configured with the parameters as shown in the stages. The names of these macros are configured with the parameters
table below (EOH = end of headers; EOM = end of message). The shown in the table below (EOH = end of headers; EOM = end of message).
protocol version is a number that Postfix sends at the beginning Some lists require a minimum Milter protocol version. </p>
of the Milter protocol handshake. </p>
<p> As of Sendmail 8.14.0, Milter applications can specify what <p> As of Sendmail 8.14.0, Milter applications can specify what
macros they want to receive at different Milter protocol stages. macros they want to receive at different Milter protocol stages.
@ -941,9 +941,8 @@ st_optionneg[134563840]: 0x3d does not fulfill action requirements 0x1e
<p> The solution is to use Postfix version 2.4 or later. </p> <p> The solution is to use Postfix version 2.4 or later. </p>
<li> <p> Most Milter configuration options are global. Future Postfix <li> <p> Postfix versions before 3.0 did not support per-Milter
versions may support per-Milter timeouts, per-Milter error handling, timeouts, per-Milter error handling, etc. </p>
etc. </p>
</ul> </ul>

102
postfix/proto/postconf.proto
View File

@ -6680,15 +6680,30 @@ feature is available in Postfix 2.1 and later. </dd>
<dt><b><a name="reject_authenticated_sender_login_mismatch">reject_authenticated_sender_login_mismatch</a></b></dt> <dt><b><a name="reject_authenticated_sender_login_mismatch">reject_authenticated_sender_login_mismatch</a></b></dt>
<dd>Enforces the reject_sender_login_mismatch restriction for <dd> Reject the request when the client is authenticated with SASL,
authenticated clients only. This feature is available in but either the MAIL FROM address is not listed in $smtpd_sender_login_maps,
Postfix version 2.1 and later. </dd> or the SASL login name is not an owner for that address.
<br>
This prevents an authenticated client from using a MAIL FROM address
that they do not explicitly own.
<br>
This feature is available in Postfix version 2.1 and later. </dd>
<dt><b><a name="reject_known_sender_login_mismatch">reject_known_sender_login_mismatch</a></b></dt> <dt><b><a name="reject_known_sender_login_mismatch">reject_known_sender_login_mismatch</a></b></dt>
<dd>Apply the reject_sender_login_mismatch restriction only to MAIL <dd> When the client is authenticated with SASL, reject the request
FROM addresses that are known in $smtpd_sender_login_maps. This when the MAIL FROM address is listed in $smtpd_sender_login_maps,
feature is available in Postfix version 2.11 and later. </dd> but the SASL login name is not an owner for that address.
<br>
When the client is not authenticated with SASL, reject the request
when SASL is enabled, and the MAIL FROM address is listed in
$smtpd_sender_login_maps.
<br>
This protects any MAIL FROM address that is listed in
$smtpd_sender_login_maps, while still allowing a client to use any
unlisted MAIL FROM address.
<br>
This feature is available in Postfix version 2.11 and later.</dd>
<dt><b><a name="reject_non_fqdn_sender">reject_non_fqdn_sender</a></b></dt> <dt><b><a name="reject_non_fqdn_sender">reject_non_fqdn_sender</a></b></dt>
@ -6716,17 +6731,20 @@ This feature is available in Postfix 2.0 and later.</dd>
<dt><b><a name="reject_sender_login_mismatch">reject_sender_login_mismatch</a></b></dt> <dt><b><a name="reject_sender_login_mismatch">reject_sender_login_mismatch</a></b></dt>
<dd>Reject the request when $smtpd_sender_login_maps specifies an <dd> As of Postfix 2.1, this is an alias for
owner for the MAIL FROM address, but the client is not (SASL) logged "reject_authenticated_sender_login_mismatch,
in as that MAIL FROM address owner; or when the client is (SASL) reject_unauthenticated_sender_login_mismatch".</dd>
logged in, but the client login name doesn't own the MAIL FROM
address according to $smtpd_sender_login_maps.</dd>
<dt><b><a name="reject_unauthenticated_sender_login_mismatch">reject_unauthenticated_sender_login_mismatch</a></b></dt> <dt><b><a name="reject_unauthenticated_sender_login_mismatch">reject_unauthenticated_sender_login_mismatch</a></b></dt>
<dd>Enforces the reject_sender_login_mismatch restriction for <dd> Reject the request when SASL is enabled, the MAIL FROM address
unauthenticated clients only. This feature is available in is listed in $smtpd_sender_login_maps, but the client is not
Postfix version 2.1 and later. </dd> authenticated with SASL.
<br>
With SASL enabled, this prevents an unauthenticated client from
using any MAIL FROM address that is listed in $smtpd_sender_login_maps.
<br>
This feature is available in Postfix version 2.1 and later.</dd>
<dt><b><a name="reject_unknown_sender_domain">reject_unknown_sender_domain</a></b></dt> <dt><b><a name="reject_unknown_sender_domain">reject_unknown_sender_domain</a></b></dt>
@ -8750,28 +8768,11 @@ access restriction is specified. This prevents the Postfix queue
from filling up with undeliverable MAILER-DAEMON messages. from filling up with undeliverable MAILER-DAEMON messages.
</p> </p>
<p> An address is considered "unknown" when it does not match a <p> An address is considered "unknown" when 1) it does not match a
virtual(5) alias or a canonical(5) mapping, and one of the following virtual(5) alias or canonical(5) mapping, and 2) the address is not
conditions holds: </p> valid for its address class. For a definition of class-based address
validation, see <a href="ADDRESS_CLASS_README.html#classes">
<ul> ADDRESS_CLASS_README</a>. </p>
<li> The recipient domain matches $mydestination, $inet_interfaces
or $proxy_interfaces, but the recipient is not listed in
$local_recipient_maps, and $local_recipient_maps is not null.
<li> The recipient domain matches $virtual_alias_domains but the
recipient is not listed in $virtual_alias_maps.
<li> The recipient domain matches $virtual_mailbox_domains but the
recipient is not listed in $virtual_mailbox_maps, and $virtual_mailbox_maps
is not null.
<li> The recipient domain matches $relay_domains but the recipient
is not listed in $relay_recipient_maps, and $relay_recipient_maps
is not null.
</ul>
<p> <p>
This feature is available in Postfix 2.1 and later. This feature is available in Postfix 2.1 and later.
@ -8782,30 +8783,13 @@ This feature is available in Postfix 2.1 and later.
<p> Request that the Postfix SMTP server rejects mail from unknown <p> Request that the Postfix SMTP server rejects mail from unknown
sender addresses, even when no explicit reject_unlisted_sender sender addresses, even when no explicit reject_unlisted_sender
access restriction is specified. This can slow down an explosion access restriction is specified. This can slow down an explosion
of forged mail from worms or viruses. </p> of forged mail from worms or viruses. </p>
<p> An address is considered "unknown" when it does not match a <p> An address is considered "unknown" when 1) it does not match a
virtual(5) alias or a canonical(5) mapping, and one of the following virtual(5) alias or canonical(5) mapping, and 2) the address is not
conditions holds: </p> valid for its address class. For a definition of class-based address
validation, see <a href="ADDRESS_CLASS_README.html#classes">
<ul> ADDRESS_CLASS_README</a>. </p>
<li> The sender domain matches $mydestination, $inet_interfaces or
$proxy_interfaces, but the sender is not listed in
$local_recipient_maps, and $local_recipient_maps is not null.
<li> The sender domain matches $virtual_alias_domains but the sender
is not listed in $virtual_alias_maps.
<li> The sender domain matches $virtual_mailbox_domains but the
sender is not listed in $virtual_mailbox_maps, and $virtual_mailbox_maps
is not null.
<li> The sender domain matches $relay_domains but the sender is
not listed in $relay_recipient_maps, and $relay_recipient_maps is
not null.
</ul>
<p> <p>
This feature is available in Postfix 2.1 and later. This feature is available in Postfix 2.1 and later.

2
postfix/src/global/mail_version.h
View File

@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no * Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only. * patchlevel; they change the release date only.
*/ */
#define MAIL_RELEASE_DATE "20220509" #define MAIL_RELEASE_DATE "20220527"
#define MAIL_VERSION_NUMBER "3.8" #define MAIL_VERSION_NUMBER "3.8"
#ifdef SNAPSHOT #ifdef SNAPSHOT

11
postfix/src/milter/milter8.c
View File

@ -128,6 +128,7 @@
#define SMFIC_OPTNEG 'O' /* Option negotiation */ #define SMFIC_OPTNEG 'O' /* Option negotiation */
#define SMFIC_QUIT 'Q' /* QUIT */ #define SMFIC_QUIT 'Q' /* QUIT */
#define SMFIC_RCPT 'R' /* RCPT to */ #define SMFIC_RCPT 'R' /* RCPT to */
/* Introduced with Sendmail 8.13. */
#define SMFIC_DATA 'T' /* DATA */ #define SMFIC_DATA 'T' /* DATA */
#define SMFIC_UNKNOWN 'U' /* Any unknown command */ #define SMFIC_UNKNOWN 'U' /* Any unknown command */
/* Introduced with Sendmail 8.14. */ /* Introduced with Sendmail 8.14. */
@ -146,6 +147,7 @@ static const NAME_CODE smfic_table[] = {
"SMFIC_OPTNEG", SMFIC_OPTNEG, "SMFIC_OPTNEG", SMFIC_OPTNEG,
"SMFIC_QUIT", SMFIC_QUIT, "SMFIC_QUIT", SMFIC_QUIT,
"SMFIC_RCPT", SMFIC_RCPT, "SMFIC_RCPT", SMFIC_RCPT,
/* Introduced with Sendmail 8.13. */
"SMFIC_DATA", SMFIC_DATA, "SMFIC_DATA", SMFIC_DATA,
"SMFIC_UNKNOWN", SMFIC_UNKNOWN, "SMFIC_UNKNOWN", SMFIC_UNKNOWN,
/* Introduced with Sendmail 8.14. */ /* Introduced with Sendmail 8.14. */
@ -214,11 +216,12 @@ static const NAME_CODE smfir_table[] = {
#define SMFIP_NOBODY (1L<<4) /* filter does not want body */ #define SMFIP_NOBODY (1L<<4) /* filter does not want body */
#define SMFIP_NOHDRS (1L<<5) /* filter does not want headers */ #define SMFIP_NOHDRS (1L<<5) /* filter does not want headers */
#define SMFIP_NOEOH (1L<<6) /* filter does not want EOH */ #define SMFIP_NOEOH (1L<<6) /* filter does not want EOH */
#define SMFIP_NR_HDR (1L<<7) /* filter won't reply for header */ /* Introduced with Sendmail 8.13. */
#define SMFIP_NOHREPL SMFIP_NR_HDR #define SMFIP_NOHREPL SMFIP_NR_HDR
/* Introduced with Sendmail 8.14. */
#define SMFIP_NR_HDR (1L<<7) /* filter won't reply for header */
#define SMFIP_NOUNKNOWN (1L<<8) /* filter does not want unknown cmd */ #define SMFIP_NOUNKNOWN (1L<<8) /* filter does not want unknown cmd */
#define SMFIP_NODATA (1L<<9) /* filter does not want DATA */ #define SMFIP_NODATA (1L<<9) /* filter does not want DATA */
/* Introduced with Sendmail 8.14. */
#define SMFIP_SKIP (1L<<10)/* MTA supports SMFIR_SKIP */ #define SMFIP_SKIP (1L<<10)/* MTA supports SMFIR_SKIP */
#define SMFIP_RCPT_REJ (1L<<11)/* filter wants rejected RCPTs */ #define SMFIP_RCPT_REJ (1L<<11)/* filter wants rejected RCPTs */
#define SMFIP_NR_CONN (1L<<12)/* filter won't reply for connect */ #define SMFIP_NR_CONN (1L<<12)/* filter won't reply for connect */
@ -249,10 +252,10 @@ static const NAME_MASK smfip_table[] = {
"SMFIP_NOBODY", SMFIP_NOBODY, "SMFIP_NOBODY", SMFIP_NOBODY,
"SMFIP_NOHDRS", SMFIP_NOHDRS, "SMFIP_NOHDRS", SMFIP_NOHDRS,
"SMFIP_NOEOH", SMFIP_NOEOH, "SMFIP_NOEOH", SMFIP_NOEOH,
/* Introduced with Sendmail 8.14. */
"SMFIP_NR_HDR", SMFIP_NR_HDR, "SMFIP_NR_HDR", SMFIP_NR_HDR,
"SMFIP_NOUNKNOWN", SMFIP_NOUNKNOWN, "SMFIP_NOUNKNOWN", SMFIP_NOUNKNOWN,
"SMFIP_NODATA", SMFIP_NODATA, "SMFIP_NODATA", SMFIP_NODATA,
/* Introduced with Sendmail 8.14. */
"SMFIP_SKIP", SMFIP_SKIP, "SMFIP_SKIP", SMFIP_SKIP,
"SMFIP_RCPT_REJ", SMFIP_RCPT_REJ, "SMFIP_RCPT_REJ", SMFIP_RCPT_REJ,
"SMFIP_NR_CONN", SMFIP_NR_CONN, "SMFIP_NR_CONN", SMFIP_NR_CONN,
@ -276,6 +279,7 @@ static const NAME_MASK smfip_table[] = {
#define SMFIF_ADDRCPT (1L<<2) /* filter may add recipients */ #define SMFIF_ADDRCPT (1L<<2) /* filter may add recipients */
#define SMFIF_DELRCPT (1L<<3) /* filter may delete recipients */ #define SMFIF_DELRCPT (1L<<3) /* filter may delete recipients */
#define SMFIF_CHGHDRS (1L<<4) /* filter may change/delete headers */ #define SMFIF_CHGHDRS (1L<<4) /* filter may change/delete headers */
/* Introduced with Sendmail 8.13. */
#define SMFIF_QUARANTINE (1L<<5) /* filter may quarantine envelope */ #define SMFIF_QUARANTINE (1L<<5) /* filter may quarantine envelope */
/* Introduced with Sendmail 8.14. */ /* Introduced with Sendmail 8.14. */
#define SMFIF_CHGFROM (1L<<6) /* filter may replace sender */ #define SMFIF_CHGFROM (1L<<6) /* filter may replace sender */
@ -288,6 +292,7 @@ static const NAME_MASK smfif_table[] = {
"SMFIF_ADDRCPT", SMFIF_ADDRCPT, "SMFIF_ADDRCPT", SMFIF_ADDRCPT,
"SMFIF_DELRCPT", SMFIF_DELRCPT, "SMFIF_DELRCPT", SMFIF_DELRCPT,
"SMFIF_CHGHDRS", SMFIF_CHGHDRS, "SMFIF_CHGHDRS", SMFIF_CHGHDRS,
/* Introduced with Sendmail 8.13. */
"SMFIF_QUARANTINE", SMFIF_QUARANTINE, "SMFIF_QUARANTINE", SMFIF_QUARANTINE,
/* Introduced with Sendmail 8.14. */ /* Introduced with Sendmail 8.14. */
"SMFIF_CHGFROM", SMFIF_CHGFROM, "SMFIF_CHGFROM", SMFIF_CHGFROM,