mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-22 09:57:34 +00:00
Code Issues Releases Wiki Activity

postfix-3.8-20220527

Browse Source
This commit is contained in:
Wietse Venema 2022-05-27 00:00:00 -05:00 committed by Viktor Dukhovni
parent a646b55ae0
commit fe4e81b23b
15 changed files with 259 additions and 258 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
postfix/HISTORY
View File

@ -26502,3 +26502,34 @@ Apologies for any names omitted.
with the "encoding" configuration file attribute. The default
is "UTF8". Previously the encoding was hard-coded as "LATIN1".
Files: global/dict_pgsql,c, proto/pgsql_table.
20220512
Documentation: in the text for smtpd_reject_unlisted_sender
and smtpd_reject_unlisted_recipient, refer to the address
class validation in ADDRESS_CLASS_README, instead of repeating
that information in postconf(5). File: proto/postconf.proto.
20220515
Documentation: the text for reject_xxx_sender_login_mismatch
was not optimal for clarity. As new features were added
over time, they were documented in terms of the existing
features. File: proto/postconf.proto.
Documentation: minor tweaks in ADDRESS_CLASS_README. File:
proto/ADDRESS_CLASS_README.html.
20220523
Documentation: add the Postfix >= 3.7 postlog(1) command
to the list of programs that can have set-gid permissions.
File: proto/MAILLOG_README.html.
20220527
Internal documentation: update the timeline annotations of
Milter protocol features. File: milter/milter8.c.
Documentation: edit text for clarity. File:
proto/MILTER_README.html.

31
postfix/README_FILES/ADDRESS_CLASS_README
View File

@ -25,13 +25,13 @@ important for the operation of Postfix.
An address class is defined by three items.
* The list of domains that are a member of the class: for example, all local
domains, or all relay domains.
* The list of domains that are a member of that address class: for example,
all local domains, or all relay domains.
* The default delivery transport. For example, the local, virtual or relay
delivery transport (delivery transports are defined in master.cf). This
helps to keep Postfix configurations simple, by avoiding the need for
explicit routing information in transport maps.
* The default delivery transport for that address class. For example, the
local, virtual or relay delivery transport (delivery transports are defined
in master.cf). This helps to keep Postfix configurations simple, by
avoiding the need for explicit routing information in transport maps.
* The list of valid recipient addresses for that address class. The Postfix
SMTP server rejects invalid recipients with "User unknown in <name of
@ -48,9 +48,9 @@ The local domain class.
* Purpose: final delivery for traditional UNIX system accounts and
traditional Sendmail-style aliases. This is typically used for the
canonical domains of the machine. For a discussion of the difference
between canonical domains, hosted domains and other domains, see the
VIRTUAL_README file.
canonical domains of the machine (for example, $myhostname, $mydomain). For
a discussion of the difference between canonical domains, hosted domains
and other domains, see the VIRTUAL_README file.
* Domain names are listed with the mydestination parameter. This domain class
also includes mail for user@[ipaddress] when the IP address is listed with
@ -68,9 +68,10 @@ The local domain class.
The virtual alias domain class.
* Purpose: hosted domains where each recipient address is aliased to a local
UNIX system account or to a remote address. A virtual alias example is
given in the VIRTUAL_README file.
* Purpose: hosted domains where each recipient address is aliased to an
address in a different domain, for example, a local UNIX system account or
a remote address. A virtual alias example is given in the VIRTUAL_README
file.
* Domain names are listed in virtual_alias_domains. The default value is
$virtual_alias_maps for Postfix 1.1 compatibility.
@ -81,7 +82,7 @@ The virtual alias domain class.
compatibility.
* There is no mail delivery transport parameter. Every address must be
aliased to some other address.
aliased to an address in some other domain.
The virtual mailbox domain class.
@ -158,8 +159,8 @@ earlier Postfix versions:
mail (and bounced undeliverable mail) out of the mail queue. This is
controlled by the smtpd_reject_unlisted_recipient configuration parameter.
* As of Postfix version 2.1, the SMTP server also rejects unknown sender
addresses (i.e. addresses that it would reject as unknown recipient
* As of Postfix version 2.1, the SMTP server can also reject unknown sender
addresses (i.e. addresses that it would reject as an unknown recipient
addresses). Sender "egress filtering" can help to slow down an email worm
explosion. This is controlled by the smtpd_reject_unlisted_sender
configuration parameter.

4
postfix/README_FILES/MAILLOG_README
View File

@ -108,6 +108,6 @@ Limitations:
$maillog_file (also, logging to stdout would interfere with the operation
of some of these programs). These programs can log to postlogd(8) if they
are run by the super-user, or if their executable file has set-gid
permission. Do not set this permission on programs other than postdrop(1)
and postqueue(1).
permission. Do not set this permission on programs other than postdrop(1),
postqueue(1), and (Postfix >= 3.7) postlog(1).

30
postfix/README_FILES/MILTER_README
View File

@ -82,10 +82,10 @@ Postfix architecture).
BBuuiillddiinngg MMiilltteerr aapppplliiccaattiioonnss
Milter applications have been written in C, JAVA and Perl, but this document
deals with C applications only. For these, you need an object library that
implements the Sendmail 8 Milter protocol. Postfix currently does not provide
such a library, but Sendmail does.
Milter applications have been written in C, Haskell, Java, Perl, Python, Rust,
and more, but this document covers C applications only. For these, you need an
object library that implements the Sendmail 8 Milter protocol. Postfix
currently does not provide such a library, but Sendmail does.
Some systems install the Sendmail libmilter library by default. With other
systems, libmilter may be provided by a package (called "sendmail-devel" on
@ -148,9 +148,9 @@ section.
You specify SMTP-only Milter applications (there can be more than one) with the
smtpd_milters parameter. Each Milter application is identified by the name of
its listening socket; other Milter configuration options will be discussed in
later sections. Milter applications are applied in the order as specified, and
the first Milter application that rejects a command will override the responses
from other Milter applications.
later sections. Postfix sends commands to each Milter application in the order
as configured with smtpd_milters. When a Milter application rejects a command,
that will override responses from other Milter applications.
/etc/postfix/main.cf:
# Milters for mail that arrives via the smtpd(8) server.
@ -192,9 +192,9 @@ Instead, keep Postfix's own Received: message header and use the header_checks
You specify non-SMTP Milter applications with the non_smtpd_milters parameter.
This parameter uses the same syntax as the smtpd_milters parameter in the
previous section. As with the SMTP-only filters, you can specify more than one
Milter application; they are applied in the order as specified, and the first
Milter application that rejects a command will override the responses from the
other applications.
Milter application. Postfix sends commands to each Milter application in the
order as configured with non_smtpd_milters. When a Milter application rejects a
command, that will override responses from other Milter applications.
/etc/postfix/main.cf:
# Milters for non-SMTP mail.
@ -470,9 +470,9 @@ Sendmail. See the workarounds section below for solutions.
WWhhaatt mmaaccrrooss wwiillll PPoossttffiixx sseenndd ttoo MMiilltteerrss??
Postfix sends specific sets of macros at different Milter protocol stages. The
sets are configured with the parameters as shown in the table below (EOH = end
of headers; EOM = end of message). The protocol version is a number that
Postfix sends at the beginning of the Milter protocol handshake.
names of these macros are configured with the parameters shown in the table
below (EOH = end of headers; EOM = end of message). Some lists require a
minimum Milter protocol version.
As of Sendmail 8.14.0, Milter applications can specify what macros they want to
receive at different Milter protocol stages. An application-specified list
@ -643,6 +643,6 @@ the CONTENT_INSPECTION_README document for a discussion.
The solution is to use Postfix version 2.4 or later.
* Most Milter configuration options are global. Future Postfix versions may
support per-Milter timeouts, per-Milter error handling, etc.
* Postfix versions before 3.0 did not support per-Milter timeouts, per-Milter
error handling, etc.

19
postfix/html/ADDRESS_CLASS_README.html
View File

@ -50,10 +50,11 @@ address classes are very important for the operation of Postfix. </p>
<ul>
<li> <p> The list of domains that are a member of the class: for
example, all <a href="ADDRESS_CLASS_README.html#local_domain_class">local domains</a>, or all <a href="ADDRESS_CLASS_README.html#relay_domain_class">relay domains</a>. </p>
<li> <p> The list of domains that are a member of that address
class: for example, all <a href="ADDRESS_CLASS_README.html#local_domain_class">local domains</a>, or all <a href="ADDRESS_CLASS_README.html#relay_domain_class">relay domains</a>. </p>
<li> <p> The default delivery transport. For example, the local,
<li> <p> The default delivery transport for that address class. For
example, the local,
virtual or relay delivery transport (delivery transports are defined
in <a href="master.5.html">master.cf</a>). This helps to keep Postfix configurations simple,
by avoiding the need for explicit routing information in transport
@ -80,7 +81,8 @@ are. </p>
<li> <p> Purpose: final delivery for traditional UNIX system accounts
and traditional Sendmail-style aliases. This is typically used for
the <a href="VIRTUAL_README.html#canonical">canonical domains</a> of the machine. For a discussion of the
the <a href="VIRTUAL_README.html#canonical">canonical domains</a> of the machine (for example, $<a href="postconf.5.html#myhostname">myhostname</a>,
$<a href="postconf.5.html#mydomain">mydomain</a>). For a discussion of the
difference between <a href="VIRTUAL_README.html#canonical">canonical domains</a>, <a href="VIRTUAL_README.html#canonical">hosted domains</a> and other
domains, see the <a href="VIRTUAL_README.html">VIRTUAL_README</a> file. </p>
@ -108,7 +110,8 @@ class. </p>
<ul>
<li> <p> Purpose: <a href="VIRTUAL_README.html#canonical">hosted domains</a> where each recipient address is
aliased to a local UNIX system account or to a remote address. A
aliased to an address in a different domain, for example, a local
UNIX system account or a remote address. A
<a href="VIRTUAL_README.html#virtual_alias">virtual alias example</a> is given in the <a href="VIRTUAL_README.html">VIRTUAL_README</a> file. </p>
<li> <p> Domain names are listed in <a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>. The
@ -121,7 +124,7 @@ parameter. The Postfix SMTP server rejects invalid recipients with
$<a href="postconf.5.html#virtual_maps">virtual_maps</a> for Postfix 1.1 compatibility. </p>
<li> <p> There is no mail delivery transport parameter. Every
address must be aliased to some other address. </p>
address must be aliased to an address in some other domain. </p>
</ul>
@ -223,9 +226,9 @@ is needed to keep undeliverable mail (and bounced undeliverable
mail) out of the mail queue. This is controlled by the
<a href="postconf.5.html#smtpd_reject_unlisted_recipient">smtpd_reject_unlisted_recipient</a> configuration parameter. </p>
<li> <p> As of Postfix version 2.1, the SMTP server also rejects
<li> <p> As of Postfix version 2.1, the SMTP server can also reject
unknown sender addresses (i.e. addresses that it would reject as
unknown recipient addresses). Sender "egress filtering" can help
an unknown recipient addresses). Sender "egress filtering" can help
to slow down an email worm explosion. This is controlled by the
<a href="postconf.5.html#smtpd_reject_unlisted_sender">smtpd_reject_unlisted_sender</a> configuration parameter. </p>

3
postfix/html/MAILLOG_README.html
View File

@ -174,7 +174,8 @@ to $<a href="postconf.5.html#maillog_file">maillog_file</a> (also, logging to st
operation of some of these programs). These programs can log to
<a href="postlogd.8.html">postlogd(8)</a> if they are run by the super-user, or if their executable
file has set-gid permission. Do not set this permission on programs
other than <a href="postdrop.1.html">postdrop(1)</a> and <a href="postqueue.1.html">postqueue(1)</a>.
other than <a href="postdrop.1.html">postdrop(1)</a>, <a href="postqueue.1.html">postqueue(1)</a>, and (Postfix &ge; 3.7)
<a href="postlog.1.html">postlog(1)</a>.
</ul>

33
postfix/html/MILTER_README.html
View File

@ -194,8 +194,9 @@ href="QSHAPE_README.html#incoming_queue"> incoming </a> </td>
<h2><a name="building">Building Milter applications</a></h2>
<p> Milter applications have been written in C, JAVA and Perl, but
this document deals with C applications only. For these, you need
<p> Milter applications have been written in C, Haskell, Java, Perl,
Python, Rust, and more, but
this document covers C applications only. For these, you need
an object library that implements the Sendmail 8 Milter protocol.
Postfix currently does not provide such a library, but Sendmail
does. </p>
@ -286,10 +287,10 @@ information. </blockquote>
<p> You specify SMTP-only Milter applications (there can be more
than one) with the <a href="postconf.5.html#smtpd_milters">smtpd_milters</a> parameter. Each Milter application
is identified by the name of its listening socket; other Milter
configuration options will be discussed in later sections. Milter
applications are applied in the order as specified, and the first
Milter application that rejects a command will override the responses
from other Milter applications. </p>
configuration options will be discussed in later sections. Postfix
sends commands to each Milter application in the order as configured
with <a href="postconf.5.html#smtpd_milters">smtpd_milters</a>. When a Milter application rejects a command,
that will override responses from other Milter applications. </p>
<blockquote>
<pre>
@ -348,10 +349,10 @@ information. </p>
<p> You specify non-SMTP Milter applications with the <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>
parameter. This parameter uses the same syntax as the <a href="postconf.5.html#smtpd_milters">smtpd_milters</a>
parameter in the previous section. As with the SMTP-only filters,
you can specify more than one Milter application; they are applied
in the order as specified, and the first Milter application that
rejects a command will override the responses from the other
applications. </p>
you can specify more than one Milter application. Postfix sends
commands to each Milter application in the order as configured with
<a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>. When a Milter application rejects a command,
that will override responses from other Milter applications. </p>
<blockquote>
<pre>
@ -705,10 +706,9 @@ With rejected recipient: "error" </td> </tr>
<h3><a name="send-macros">What macros will Postfix send to Milters?</a></h3>
<p> Postfix sends specific sets of macros at different Milter protocol
stages. The sets are configured with the parameters as shown in the
table below (EOH = end of headers; EOM = end of message). The
protocol version is a number that Postfix sends at the beginning
of the Milter protocol handshake. </p>
stages. The names of these macros are configured with the parameters
shown in the table below (EOH = end of headers; EOM = end of message).
Some lists require a minimum Milter protocol version. </p>
<p> As of Sendmail 8.14.0, Milter applications can specify what
macros they want to receive at different Milter protocol stages.
@ -941,9 +941,8 @@ st_optionneg[134563840]: 0x3d does not fulfill action requirements 0x1e
<p> The solution is to use Postfix version 2.4 or later. </p>
<li> <p> Most Milter configuration options are global. Future Postfix
versions may support per-Milter timeouts, per-Milter error handling,
etc. </p>
<li> <p> Postfix versions before 3.0 did not support per-Milter
timeouts, per-Milter error handling, etc. </p>
</ul>

100
postfix/html/postconf.5.html
View File

@ -16612,28 +16612,11 @@ access restriction is specified. This prevents the Postfix queue
from filling up with undeliverable MAILER-DAEMON messages.
</p>
<p> An address is considered "unknown" when it does not match a
<a href="virtual.5.html">virtual(5)</a> alias or a <a href="canonical.5.html">canonical(5)</a> mapping, and one of the following
conditions holds: </p>
<ul>
<li> The recipient domain matches $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>
or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>, but the recipient is not listed in
$<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>, and $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> is not null.
<li> The recipient domain matches $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a> but the
recipient is not listed in $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>.
<li> The recipient domain matches $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> but the
recipient is not listed in $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>, and $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>
is not null.
<li> The recipient domain matches $<a href="postconf.5.html#relay_domains">relay_domains</a> but the recipient
is not listed in $<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a>, and $<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a>
is not null.
</ul>
<p> An address is considered "unknown" when 1) it does not match a
<a href="virtual.5.html">virtual(5)</a> alias or <a href="canonical.5.html">canonical(5)</a> mapping, and 2) the address is not
valid for its address class. For a definition of class-based address
validation, see <a href="ADDRESS_CLASS_README.html#classes">
ADDRESS_CLASS_README</a>. </p>
<p>
This feature is available in Postfix 2.1 and later.
@ -16650,28 +16633,11 @@ sender addresses, even when no explicit <a href="postconf.5.html#reject_unlisted
access restriction is specified. This can slow down an explosion
of forged mail from worms or viruses. </p>
<p> An address is considered "unknown" when it does not match a
<a href="virtual.5.html">virtual(5)</a> alias or a <a href="canonical.5.html">canonical(5)</a> mapping, and one of the following
conditions holds: </p>
<ul>
<li> The sender domain matches $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or
$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>, but the sender is not listed in
$<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>, and $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> is not null.
<li> The sender domain matches $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a> but the sender
is not listed in $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>.
<li> The sender domain matches $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> but the
sender is not listed in $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>, and $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>
is not null.
<li> The sender domain matches $<a href="postconf.5.html#relay_domains">relay_domains</a> but the sender is
not listed in $<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a>, and $<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> is
not null.
</ul>
<p> An address is considered "unknown" when 1) it does not match a
<a href="virtual.5.html">virtual(5)</a> alias or <a href="canonical.5.html">canonical(5)</a> mapping, and 2) the address is not
valid for its address class. For a definition of class-based address
validation, see <a href="ADDRESS_CLASS_README.html#classes">
ADDRESS_CLASS_README</a>. </p>
<p>
This feature is available in Postfix 2.1 and later.
@ -17215,15 +17181,30 @@ feature is available in Postfix 2.1 and later. </dd>
<dt><b><a name="reject_authenticated_sender_login_mismatch">reject_authenticated_sender_login_mismatch</a></b></dt>
<dd>Enforces the <a href="postconf.5.html#reject_sender_login_mismatch">reject_sender_login_mismatch</a> restriction for
authenticated clients only. This feature is available in
Postfix version 2.1 and later. </dd>
<dd> Reject the request when the client is authenticated with SASL,
but either the MAIL FROM address is not listed in $<a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a>,
or the SASL login name is not an owner for that address.
<br>
This prevents an authenticated client from using a MAIL FROM address
that they do not explicitly own.
<br>
This feature is available in Postfix version 2.1 and later. </dd>
<dt><b><a name="reject_known_sender_login_mismatch">reject_known_sender_login_mismatch</a></b></dt>
<dd>Apply the <a href="postconf.5.html#reject_sender_login_mismatch">reject_sender_login_mismatch</a> restriction only to MAIL
FROM addresses that are known in $<a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a>. This
feature is available in Postfix version 2.11 and later. </dd>
<dd> When the client is authenticated with SASL, reject the request
when the MAIL FROM address is listed in $<a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a>,
but the SASL login name is not an owner for that address.
<br>
When the client is not authenticated with SASL, reject the request
when SASL is enabled, and the MAIL FROM address is listed in
$<a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a>.
<br>
This protects any MAIL FROM address that is listed in
$<a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a>, while still allowing a client to use any
unlisted MAIL FROM address.
<br>
This feature is available in Postfix version 2.11 and later.</dd>
<dt><b><a name="reject_non_fqdn_sender">reject_non_fqdn_sender</a></b></dt>
@ -17251,17 +17232,20 @@ This feature is available in Postfix 2.0 and later.</dd>
<dt><b><a name="reject_sender_login_mismatch">reject_sender_login_mismatch</a></b></dt>
<dd>Reject the request when $<a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a> specifies an
owner for the MAIL FROM address, but the client is not (SASL) logged
in as that MAIL FROM address owner; or when the client is (SASL)
logged in, but the client login name doesn't own the MAIL FROM
address according to $<a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a>.</dd>
<dd> As of Postfix 2.1, this is an alias for
"<a href="postconf.5.html#reject_authenticated_sender_login_mismatch">reject_authenticated_sender_login_mismatch</a>,
<a href="postconf.5.html#reject_unauthenticated_sender_login_mismatch">reject_unauthenticated_sender_login_mismatch</a>".</dd>
<dt><b><a name="reject_unauthenticated_sender_login_mismatch">reject_unauthenticated_sender_login_mismatch</a></b></dt>
<dd>Enforces the <a href="postconf.5.html#reject_sender_login_mismatch">reject_sender_login_mismatch</a> restriction for
unauthenticated clients only. This feature is available in
Postfix version 2.1 and later. </dd>
<dd> Reject the request when SASL is enabled, the MAIL FROM address
is listed in $<a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a>, but the client is not
authenticated with SASL.
<br>
With SASL enabled, this prevents an unauthenticated client from
using any MAIL FROM address that is listed in $<a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a>.
<br>
This feature is available in Postfix version 2.1 and later.</dd>
<dt><b><a name="reject_unknown_sender_domain">reject_unknown_sender_domain</a></b></dt>

94
postfix/man/man5/postconf.5
View File

@ -11490,25 +11490,11 @@ recipient addresses, even when no explicit reject_unlisted_recipient
access restriction is specified. This prevents the Postfix queue
from filling up with undeliverable MAILER\-DAEMON messages.
.PP
An address is considered "unknown" when it does not match a
\fBvirtual\fR(5) alias or a \fBcanonical\fR(5) mapping, and one of the following
conditions holds:
.IP \(bu
The recipient domain matches $mydestination, $inet_interfaces
or $proxy_interfaces, but the recipient is not listed in
$local_recipient_maps, and $local_recipient_maps is not null.
.IP \(bu
The recipient domain matches $virtual_alias_domains but the
recipient is not listed in $virtual_alias_maps.
.IP \(bu
The recipient domain matches $virtual_mailbox_domains but the
recipient is not listed in $virtual_mailbox_maps, and $virtual_mailbox_maps
is not null.
.IP \(bu
The recipient domain matches $relay_domains but the recipient
is not listed in $relay_recipient_maps, and $relay_recipient_maps
is not null.
.br
An address is considered "unknown" when 1) it does not match a
\fBvirtual\fR(5) alias or \fBcanonical\fR(5) mapping, and 2) the address is not
valid for its address class. For a definition of class\-based address
validation, see
ADDRESS_CLASS_README.
.PP
This feature is available in Postfix 2.1 and later.
.SH smtpd_reject_unlisted_sender (default: no)
@ -11517,25 +11503,11 @@ sender addresses, even when no explicit reject_unlisted_sender
access restriction is specified. This can slow down an explosion
of forged mail from worms or viruses.
.PP
An address is considered "unknown" when it does not match a
\fBvirtual\fR(5) alias or a \fBcanonical\fR(5) mapping, and one of the following
conditions holds:
.IP \(bu
The sender domain matches $mydestination, $inet_interfaces or
$proxy_interfaces, but the sender is not listed in
$local_recipient_maps, and $local_recipient_maps is not null.
.IP \(bu
The sender domain matches $virtual_alias_domains but the sender
is not listed in $virtual_alias_maps.
.IP \(bu
The sender domain matches $virtual_mailbox_domains but the
sender is not listed in $virtual_mailbox_maps, and $virtual_mailbox_maps
is not null.
.IP \(bu
The sender domain matches $relay_domains but the sender is
not listed in $relay_recipient_maps, and $relay_recipient_maps is
not null.
.br
An address is considered "unknown" when 1) it does not match a
\fBvirtual\fR(5) alias or \fBcanonical\fR(5) mapping, and 2) the address is not
valid for its address class. For a definition of class\-based address
validation, see
ADDRESS_CLASS_README.
.PP
This feature is available in Postfix 2.1 and later.
.SH smtpd_relay_before_recipient_restrictions (default: see "postconf \-d" output)
@ -11921,14 +11893,29 @@ use DUNNO in order to exclude specific hosts from denylists. This
feature is available in Postfix 2.1 and later.
.br
.IP "\fBreject_authenticated_sender_login_mismatch\fR"
Enforces the reject_sender_login_mismatch restriction for
authenticated clients only. This feature is available in
Postfix version 2.1 and later.
Reject the request when the client is authenticated with SASL,
but either the MAIL FROM address is not listed in $smtpd_sender_login_maps,
or the SASL login name is not an owner for that address.
.br
This prevents an authenticated client from using a MAIL FROM address
that they do not explicitly own.
.br
This feature is available in Postfix version 2.1 and later.
.br
.IP "\fBreject_known_sender_login_mismatch\fR"
Apply the reject_sender_login_mismatch restriction only to MAIL
FROM addresses that are known in $smtpd_sender_login_maps. This
feature is available in Postfix version 2.11 and later.
When the client is authenticated with SASL, reject the request
when the MAIL FROM address is listed in $smtpd_sender_login_maps,
but the SASL login name is not an owner for that address.
.br
When the client is not authenticated with SASL, reject the request
when SASL is enabled, and the MAIL FROM address is listed in
$smtpd_sender_login_maps.
.br
This protects any MAIL FROM address that is listed in
$smtpd_sender_login_maps, while still allowing a client to use any
unlisted MAIL FROM address.
.br
This feature is available in Postfix version 2.11 and later.
.br
.IP "\fBreject_non_fqdn_sender\fR"
Reject the request when the MAIL FROM address specifies a
@ -11957,16 +11944,19 @@ specifies tables with server replies indexed by \fIrbl_domain\fR.
This feature is available in Postfix 2.0 and later.
.br
.IP "\fBreject_sender_login_mismatch\fR"
Reject the request when $smtpd_sender_login_maps specifies an
owner for the MAIL FROM address, but the client is not (SASL) logged
in as that MAIL FROM address owner; or when the client is (SASL)
logged in, but the client login name doesn't own the MAIL FROM
address according to $smtpd_sender_login_maps.
As of Postfix 2.1, this is an alias for
"reject_authenticated_sender_login_mismatch,
reject_unauthenticated_sender_login_mismatch".
.br
.IP "\fBreject_unauthenticated_sender_login_mismatch\fR"
Enforces the reject_sender_login_mismatch restriction for
unauthenticated clients only. This feature is available in
Postfix version 2.1 and later.
Reject the request when SASL is enabled, the MAIL FROM address
is listed in $smtpd_sender_login_maps, but the client is not
authenticated with SASL.
.br
With SASL enabled, this prevents an unauthenticated client from
using any MAIL FROM address that is listed in $smtpd_sender_login_maps.
.br
This feature is available in Postfix version 2.1 and later.
.br
.IP "\fBreject_unknown_sender_domain\fR"
Reject the request when Postfix is not the final destination for

19
postfix/proto/ADDRESS_CLASS_README.html
View File

@ -50,10 +50,11 @@ address classes are very important for the operation of Postfix. </p>
<ul>
<li> <p> The list of domains that are a member of the class: for
example, all local domains, or all relay domains. </p>
<li> <p> The list of domains that are a member of that address
class: for example, all local domains, or all relay domains. </p>
<li> <p> The default delivery transport. For example, the local,
<li> <p> The default delivery transport for that address class. For
example, the local,
virtual or relay delivery transport (delivery transports are defined
in master.cf). This helps to keep Postfix configurations simple,
by avoiding the need for explicit routing information in transport
@ -80,7 +81,8 @@ are. </p>
<li> <p> Purpose: final delivery for traditional UNIX system accounts
and traditional Sendmail-style aliases. This is typically used for
the canonical domains of the machine. For a discussion of the
the canonical domains of the machine (for example, $myhostname,
$mydomain). For a discussion of the
difference between canonical domains, hosted domains and other
domains, see the VIRTUAL_README file. </p>
@ -108,7 +110,8 @@ class. </p>
<ul>
<li> <p> Purpose: hosted domains where each recipient address is
aliased to a local UNIX system account or to a remote address. A
aliased to an address in a different domain, for example, a local
UNIX system account or a remote address. A
virtual alias example is given in the VIRTUAL_README file. </p>
<li> <p> Domain names are listed in virtual_alias_domains. The
@ -121,7 +124,7 @@ parameter. The Postfix SMTP server rejects invalid recipients with
$virtual_maps for Postfix 1.1 compatibility. </p>
<li> <p> There is no mail delivery transport parameter. Every
address must be aliased to some other address. </p>
address must be aliased to an address in some other domain. </p>
</ul>
@ -223,9 +226,9 @@ is needed to keep undeliverable mail (and bounced undeliverable
mail) out of the mail queue. This is controlled by the
smtpd_reject_unlisted_recipient configuration parameter. </p>
<li> <p> As of Postfix version 2.1, the SMTP server also rejects
<li> <p> As of Postfix version 2.1, the SMTP server can also reject
unknown sender addresses (i.e. addresses that it would reject as
unknown recipient addresses). Sender "egress filtering" can help
an unknown recipient addresses). Sender "egress filtering" can help
to slow down an email worm explosion. This is controlled by the
smtpd_reject_unlisted_sender configuration parameter. </p>

3
postfix/proto/MAILLOG_README.html
View File

@ -174,7 +174,8 @@ to $maillog_file (also, logging to stdout would interfere with the
operation of some of these programs). These programs can log to
postlogd(8) if they are run by the super-user, or if their executable
file has set-gid permission. Do not set this permission on programs
other than postdrop(1) and postqueue(1).
other than postdrop(1), postqueue(1), and (Postfix &ge; 3.7)
postlog(1).
</ul>

33
postfix/proto/MILTER_README.html
View File

@ -194,8 +194,9 @@ href="QSHAPE_README.html#incoming_queue"> incoming </a> </td>
<h2><a name="building">Building Milter applications</a></h2>
<p> Milter applications have been written in C, JAVA and Perl, but
this document deals with C applications only. For these, you need
<p> Milter applications have been written in C, Haskell, Java, Perl,
Python, Rust, and more, but
this document covers C applications only. For these, you need
an object library that implements the Sendmail 8 Milter protocol.
Postfix currently does not provide such a library, but Sendmail
does. </p>
@ -286,10 +287,10 @@ information. </blockquote>
<p> You specify SMTP-only Milter applications (there can be more
than one) with the smtpd_milters parameter. Each Milter application
is identified by the name of its listening socket; other Milter
configuration options will be discussed in later sections. Milter
applications are applied in the order as specified, and the first
Milter application that rejects a command will override the responses
from other Milter applications. </p>
configuration options will be discussed in later sections. Postfix
sends commands to each Milter application in the order as configured
with smtpd_milters. When a Milter application rejects a command,
that will override responses from other Milter applications. </p>
<blockquote>
<pre>
@ -348,10 +349,10 @@ information. </p>
<p> You specify non-SMTP Milter applications with the non_smtpd_milters
parameter. This parameter uses the same syntax as the smtpd_milters
parameter in the previous section. As with the SMTP-only filters,
you can specify more than one Milter application; they are applied
in the order as specified, and the first Milter application that
rejects a command will override the responses from the other
applications. </p>
you can specify more than one Milter application. Postfix sends
commands to each Milter application in the order as configured with
non_smtpd_milters. When a Milter application rejects a command,
that will override responses from other Milter applications. </p>
<blockquote>
<pre>
@ -705,10 +706,9 @@ With rejected recipient: "error" </td> </tr>
<h3><a name="send-macros">What macros will Postfix send to Milters?</a></h3>
<p> Postfix sends specific sets of macros at different Milter protocol
stages. The sets are configured with the parameters as shown in the
table below (EOH = end of headers; EOM = end of message). The
protocol version is a number that Postfix sends at the beginning
of the Milter protocol handshake. </p>
stages. The names of these macros are configured with the parameters
shown in the table below (EOH = end of headers; EOM = end of message).
Some lists require a minimum Milter protocol version. </p>
<p> As of Sendmail 8.14.0, Milter applications can specify what
macros they want to receive at different Milter protocol stages.
@ -941,9 +941,8 @@ st_optionneg[134563840]: 0x3d does not fulfill action requirements 0x1e
<p> The solution is to use Postfix version 2.4 or later. </p>
<li> <p> Most Milter configuration options are global. Future Postfix
versions may support per-Milter timeouts, per-Milter error handling,
etc. </p>
<li> <p> Postfix versions before 3.0 did not support per-Milter
timeouts, per-Milter error handling, etc. </p>
</ul>

100
postfix/proto/postconf.proto
View File

@ -6680,15 +6680,30 @@ feature is available in Postfix 2.1 and later. </dd>
<dt><b><a name="reject_authenticated_sender_login_mismatch">reject_authenticated_sender_login_mismatch</a></b></dt>
<dd>Enforces the reject_sender_login_mismatch restriction for
authenticated clients only. This feature is available in
Postfix version 2.1 and later. </dd>
<dd> Reject the request when the client is authenticated with SASL,
but either the MAIL FROM address is not listed in $smtpd_sender_login_maps,
or the SASL login name is not an owner for that address.
<br>
This prevents an authenticated client from using a MAIL FROM address
that they do not explicitly own.
<br>
This feature is available in Postfix version 2.1 and later. </dd>
<dt><b><a name="reject_known_sender_login_mismatch">reject_known_sender_login_mismatch</a></b></dt>
<dd>Apply the reject_sender_login_mismatch restriction only to MAIL
FROM addresses that are known in $smtpd_sender_login_maps. This
feature is available in Postfix version 2.11 and later. </dd>
<dd> When the client is authenticated with SASL, reject the request
when the MAIL FROM address is listed in $smtpd_sender_login_maps,
but the SASL login name is not an owner for that address.
<br>
When the client is not authenticated with SASL, reject the request
when SASL is enabled, and the MAIL FROM address is listed in
$smtpd_sender_login_maps.
<br>
This protects any MAIL FROM address that is listed in
$smtpd_sender_login_maps, while still allowing a client to use any
unlisted MAIL FROM address.
<br>
This feature is available in Postfix version 2.11 and later.</dd>
<dt><b><a name="reject_non_fqdn_sender">reject_non_fqdn_sender</a></b></dt>
@ -6716,17 +6731,20 @@ This feature is available in Postfix 2.0 and later.</dd>
<dt><b><a name="reject_sender_login_mismatch">reject_sender_login_mismatch</a></b></dt>
<dd>Reject the request when $smtpd_sender_login_maps specifies an
owner for the MAIL FROM address, but the client is not (SASL) logged
in as that MAIL FROM address owner; or when the client is (SASL)
logged in, but the client login name doesn't own the MAIL FROM
address according to $smtpd_sender_login_maps.</dd>
<dd> As of Postfix 2.1, this is an alias for
"reject_authenticated_sender_login_mismatch,
reject_unauthenticated_sender_login_mismatch".</dd>
<dt><b><a name="reject_unauthenticated_sender_login_mismatch">reject_unauthenticated_sender_login_mismatch</a></b></dt>
<dd>Enforces the reject_sender_login_mismatch restriction for
unauthenticated clients only. This feature is available in
Postfix version 2.1 and later. </dd>
<dd> Reject the request when SASL is enabled, the MAIL FROM address
is listed in $smtpd_sender_login_maps, but the client is not
authenticated with SASL.
<br>
With SASL enabled, this prevents an unauthenticated client from
using any MAIL FROM address that is listed in $smtpd_sender_login_maps.
<br>
This feature is available in Postfix version 2.1 and later.</dd>
<dt><b><a name="reject_unknown_sender_domain">reject_unknown_sender_domain</a></b></dt>
@ -8750,28 +8768,11 @@ access restriction is specified. This prevents the Postfix queue
from filling up with undeliverable MAILER-DAEMON messages.
</p>
<p> An address is considered "unknown" when it does not match a
virtual(5) alias or a canonical(5) mapping, and one of the following
conditions holds: </p>
<ul>
<li> The recipient domain matches $mydestination, $inet_interfaces
or $proxy_interfaces, but the recipient is not listed in
$local_recipient_maps, and $local_recipient_maps is not null.
<li> The recipient domain matches $virtual_alias_domains but the
recipient is not listed in $virtual_alias_maps.
<li> The recipient domain matches $virtual_mailbox_domains but the
recipient is not listed in $virtual_mailbox_maps, and $virtual_mailbox_maps
is not null.
<li> The recipient domain matches $relay_domains but the recipient
is not listed in $relay_recipient_maps, and $relay_recipient_maps
is not null.
</ul>
<p> An address is considered "unknown" when 1) it does not match a
virtual(5) alias or canonical(5) mapping, and 2) the address is not
valid for its address class. For a definition of class-based address
validation, see <a href="ADDRESS_CLASS_README.html#classes">
ADDRESS_CLASS_README</a>. </p>
<p>
This feature is available in Postfix 2.1 and later.
@ -8784,28 +8785,11 @@ sender addresses, even when no explicit reject_unlisted_sender
access restriction is specified. This can slow down an explosion
of forged mail from worms or viruses. </p>
<p> An address is considered "unknown" when it does not match a
virtual(5) alias or a canonical(5) mapping, and one of the following
conditions holds: </p>
<ul>
<li> The sender domain matches $mydestination, $inet_interfaces or
$proxy_interfaces, but the sender is not listed in
$local_recipient_maps, and $local_recipient_maps is not null.
<li> The sender domain matches $virtual_alias_domains but the sender
is not listed in $virtual_alias_maps.
<li> The sender domain matches $virtual_mailbox_domains but the
sender is not listed in $virtual_mailbox_maps, and $virtual_mailbox_maps
is not null.
<li> The sender domain matches $relay_domains but the sender is
not listed in $relay_recipient_maps, and $relay_recipient_maps is
not null.
</ul>
<p> An address is considered "unknown" when 1) it does not match a
virtual(5) alias or canonical(5) mapping, and 2) the address is not
valid for its address class. For a definition of class-based address
validation, see <a href="ADDRESS_CLASS_README.html#classes">
ADDRESS_CLASS_README</a>. </p>
<p>
This feature is available in Postfix 2.1 and later.

2
postfix/src/global/mail_version.h
View File

@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
#define MAIL_RELEASE_DATE "20220509"
#define MAIL_RELEASE_DATE "20220527"
#define MAIL_VERSION_NUMBER "3.8"
#ifdef SNAPSHOT

11
postfix/src/milter/milter8.c
View File

@ -128,6 +128,7 @@
#define SMFIC_OPTNEG 'O' /* Option negotiation */
#define SMFIC_QUIT 'Q' /* QUIT */
#define SMFIC_RCPT 'R' /* RCPT to */
/* Introduced with Sendmail 8.13. */
#define SMFIC_DATA 'T' /* DATA */
#define SMFIC_UNKNOWN 'U' /* Any unknown command */
/* Introduced with Sendmail 8.14. */
@ -146,6 +147,7 @@ static const NAME_CODE smfic_table[] = {
"SMFIC_OPTNEG", SMFIC_OPTNEG,
"SMFIC_QUIT", SMFIC_QUIT,
"SMFIC_RCPT", SMFIC_RCPT,
/* Introduced with Sendmail 8.13. */
"SMFIC_DATA", SMFIC_DATA,
"SMFIC_UNKNOWN", SMFIC_UNKNOWN,
/* Introduced with Sendmail 8.14. */
@ -214,11 +216,12 @@ static const NAME_CODE smfir_table[] = {
#define SMFIP_NOBODY (1L<<4) /* filter does not want body */
#define SMFIP_NOHDRS (1L<<5) /* filter does not want headers */
#define SMFIP_NOEOH (1L<<6) /* filter does not want EOH */
#define SMFIP_NR_HDR (1L<<7) /* filter won't reply for header */
/* Introduced with Sendmail 8.13. */
#define SMFIP_NOHREPL SMFIP_NR_HDR
/* Introduced with Sendmail 8.14. */
#define SMFIP_NR_HDR (1L<<7) /* filter won't reply for header */
#define SMFIP_NOUNKNOWN (1L<<8) /* filter does not want unknown cmd */
#define SMFIP_NODATA (1L<<9) /* filter does not want DATA */
/* Introduced with Sendmail 8.14. */
#define SMFIP_SKIP (1L<<10)/* MTA supports SMFIR_SKIP */
#define SMFIP_RCPT_REJ (1L<<11)/* filter wants rejected RCPTs */
#define SMFIP_NR_CONN (1L<<12)/* filter won't reply for connect */
@ -249,10 +252,10 @@ static const NAME_MASK smfip_table[] = {
"SMFIP_NOBODY", SMFIP_NOBODY,
"SMFIP_NOHDRS", SMFIP_NOHDRS,
"SMFIP_NOEOH", SMFIP_NOEOH,
/* Introduced with Sendmail 8.14. */
"SMFIP_NR_HDR", SMFIP_NR_HDR,
"SMFIP_NOUNKNOWN", SMFIP_NOUNKNOWN,
"SMFIP_NODATA", SMFIP_NODATA,
/* Introduced with Sendmail 8.14. */
"SMFIP_SKIP", SMFIP_SKIP,
"SMFIP_RCPT_REJ", SMFIP_RCPT_REJ,
"SMFIP_NR_CONN", SMFIP_NR_CONN,
@ -276,6 +279,7 @@ static const NAME_MASK smfip_table[] = {
#define SMFIF_ADDRCPT (1L<<2) /* filter may add recipients */
#define SMFIF_DELRCPT (1L<<3) /* filter may delete recipients */
#define SMFIF_CHGHDRS (1L<<4) /* filter may change/delete headers */
/* Introduced with Sendmail 8.13. */
#define SMFIF_QUARANTINE (1L<<5) /* filter may quarantine envelope */
/* Introduced with Sendmail 8.14. */
#define SMFIF_CHGFROM (1L<<6) /* filter may replace sender */
@ -288,6 +292,7 @@ static const NAME_MASK smfif_table[] = {
"SMFIF_ADDRCPT", SMFIF_ADDRCPT,
"SMFIF_DELRCPT", SMFIF_DELRCPT,
"SMFIF_CHGHDRS", SMFIF_CHGHDRS,
/* Introduced with Sendmail 8.13. */
"SMFIF_QUARANTINE", SMFIF_QUARANTINE,
/* Introduced with Sendmail 8.14. */
"SMFIF_CHGFROM", SMFIF_CHGFROM,