a 4xx temporary error code when, for example, an LDAP or
mysql server was unavailable. Remotely based on a fix by
Robert Kiessling @ de.easynet.net. File: smtpd/smtpd_check.c.
+
+20010501
+
+ Bugfix: The SMTP server's 550 in reply to DATA should be
+ a 554 response. And it wasn't Sendmail. Claus Assman.
+
+ Bugfix: the INSTALL.sh test for non-interactive upgrade
+ broke rooted installations that specify settings via the
+ environment. Simon Mudd.
+
+ Bugfix: mailq output is now really flushed one message at
+ a time. File: sendmail/sendmail.c.
+
+20010507
+
+ Bugfix: with soft_bounce=yes, the SMTP server would log
+ 5xx replies even though it would send 4xx replies to the
+ client (Phil Howard, ipal.net). File: smtpd/smtpd_check.c.
+
+20010523
+
+ Bugfix: postsuper's temporary file detection logic needed
+ fixing.
+
+ Bugfix: memory leak in the LDAP client module. Alain
+ Thivillon, France Teaser - Groupe Firstream.
+
+20010525
+
+ Bugfix: the SMTP and LMTP clients claimed that a queue file
+ needed to be delivered again (even when all recipients were
+ erased from the queue file) when no QUIT or RSET reply was
+ received (by default, this does not happen with SMTP mail
+ because the SMTP client does not wait for QUIT replies and
+ does not send RSET to deliver mail). As a result of the
+ same bug the LMTP client followed a dangling pointer when
+ sending QUIT after process idle timeout while the LMTP
+ server had disconnected. Files: smtp/smtp_proto.c,
+ lmtp/lmtp_proto.c.
done
}
-test -f $CONFIG_DIRECTORY/install.cf && . $CONFIG_DIRECTORY/install.cf || {
- test -t 0 || {
- echo Non-interactive install needs the $CONFIG_DIRECTORY/install.cf 1>&2
- echo file from a previous Postfix installation. 1>&2
- echo 1>&2
- echo Use interactive installation instead. 1>&2
- exit 1
- }
-}
+if [ -f $CONFIG_DIRECTORY/install.cf ]
+then
+ . $CONFIG_DIRECTORY/install.cf
+elif [ ! -t 0 -a -z "$install_root" ]
+then
+ echo Non-interactive install needs the $CONFIG_DIRECTORY/install.cf 1>&2
+ echo file from a previous Postfix installation. 1>&2
+ echo 1>&2
+ echo Use interactive installation instead. 1>&2
+ exit 1
+fi
# Override default settings.
foo.com username:password
bar.com username
+Note: some SMTP servers support PLAIN or LOGIN authentication only.
+By default, the Postfix SMTP client does not use authentication
+methods that send plaintext passwords, and defers delivery with
+the following error message: "Authentication failed: cannot SASL
+authenticate to server". To enable plaintext authentication specify,
+for example:
+
+ /etc/postfix/main.cf:
+ smtp_sasl_security_options =
+
The SASL client password file is opened before the SMTP server
enters the optional chroot jail, so you can keep the file in
/etc/postfix.
#inet_interfaces = $myhostname, localhost
# The mydestination parameter specifies the list of domains that this
-# machine considers itself the final destination for. That does not
-# include domains that are hosted on this machine. Those domains are
+# machine considers itself the final destination for. That includes
+# Sendmail-style virtual domains hosted on this machine.
+#
+# Do not include Postfix-style virtual domains - those domains are
# specified elsewhere (see sample-virtual.cf, and sample-transport.cf).
#
# The default is $myhostname + localhost.$mydomain. On a mail domain
# parameters that control LDAP lookups. Source code for LDAP
# lookup is available separately from http://www.postfix.org/
-# The ldap_lookup_timeout parameter specifies the timeout for LDAP
-# database lookups.
+# The ldap_timeout parameter specifies the timeout for LDAP database
+# lookups.
#
#ldap_timeout = 10
max_use = 100
# The mydestination parameter specifies the list of domains that this
-# machine considers itself the final destination for.
+# machine considers itself the final destination for. That includes
+# Sendmail-style virtual domains hosted on this machine.
+#
+# Do not include Postfix-style virtual domains - those domains are
+# specified elsewhere (see sample-virtual.cf, and sample-transport.cf).
#
# The default is $myhostname + localhost.$mydomain. On a mail domain
# gateway, you should also include $mydomain. Do not specify the
# network address, and reject service if it is listed below any of
# the following domains.
#
-#maps_rbl_domains = blackholes.mail-abuse.org dialups.mail-abuse.org
+#maps_rbl_domains = blackholes.mail-abuse.org relays.mail-abuse.org
maps_rbl_domains = blackholes.mail-abuse.org
# The relay_domains parameter restricts what client hostname domains
My Postfix server is too slow. When I telnet to the SMTP port
(<tt>telnet hostname 25</tt>), the response comes after 40 seconds.
-On the other hand, when I telnet to the the POP port (<tt>telnet
+On the other hand, when I telnet to the POP port (<tt>telnet
hostname 110</tt>) the response comes with no delay.
</blockquote>
Some people read the RFCs such that one IP address can have multiple
PTR records, but that makes PTR records even less useful than they
already are. And in any case, having multiple names per IP address
-would only worsen the problem of finding out the "official name"
-of a machine's IP address.
+only worsens the problem of finding out the SMTP client hostname.
+
+<hr>
<a name="open_relay"><h3>Help! Postfix is an open relay</h3>
users are restricted in where they can send mail, and the other
table defines what destinations are local. It is left as an exercise
for the reader to change this into a scheme where only some users
-have permission to send send mail to off-site destinations, and
+have permission to send mail to off-site destinations, and
where most users are restricted.
<p>
<p>
<li>Execute the command <b>postmap /etc/postfix/virtual</b> whenever
-you edit the the <b>virtual</b> table.
+you edit the <b>virtual</b> table.
<p>
/* #include <mail_conf.h>
/*
/* int get_mail_conf_bool(name, defval)
-/* const char *path;
/* const char *name;
/* int defval;
/*
/* int get_mail_conf_bool_fn(name, defval)
-/* const char *path;
/* const char *name;
/* int (*defval)();
/*
* Version of this program.
*/
#define VAR_MAIL_VERSION "mail_version"
-#define DEF_MAIL_VERSION "Postfix-20010228-pl02"
+#define DEF_MAIL_VERSION "Postfix-20010228-pl03"
extern char *var_mail_version;
/* LICENSE
result = state->status;
lmtp_chat_reset(state);
+ /*
+ * XXX State persists until idle timeout, but these fields will be
+ * dangling pointers. Nuke them.
+ */
+ state->request = 0;
+ state->src = 0;
+
return (result);
}
* same code that implements command pipelining, so that we can borrow from
* the existing code for exception handling and error reporting.
*
+ * Client states that are associated with sending mail (up to and including
+ * SMTP_STATE_DOT) must have smaller numerical values than the non-sending
+ * states (SMTP_STATE_ABORT .. SMTP_STATE_LAST).
*/
#define LMTP_STATE_MAIL 0
#define LMTP_STATE_RCPT 1
#define SENDER_IN_WAIT_STATE \
(send_state == LMTP_STATE_DOT || send_state == LMTP_STATE_LAST)
+#define SENDING_MAIL \
+ (recv_state <= LMTP_STATE_DOT)
+
/*
* Pipelining support requires two loops: one loop for sending and one
* for receiving. Each loop has its own independent state. Most of the
smtp_timeout_setup(state->session->stream,
*xfer_timeouts[recv_state]);
if ((except = vstream_setjmp(state->session->stream)) != 0)
- RETURN(lmtp_stream_except(state, except,
- xfer_states[recv_state]));
+ RETURN(SENDING_MAIL ? lmtp_stream_except(state, except,
+ xfer_states[recv_state]) : -1);
resp = lmtp_chat_resp(state);
/*
}
/*
- * Skip temporary files that aren't old enough.
+ * Skip over files with illegal names. The library routines
+ * refuse to operate on them.
*/
if (mail_queue_id_ok(path) == 0)
continue;
+ /*
+ * Skip temporary files that aren't old enough.
+ */
+ if (qp->perms == MAIL_QUEUE_STAT_READY
+ && (st.st_mode & S_IRWXU) != qp->perms)
+ continue;
+
/*
* See if this file sits in the right place in the file system
* hierarchy. Its place may be wrong after a change to the
/* the reason for failure is shown. This mode of operation is implemented
/* by connecting to the \fBshowq\fR(8) daemon.
/* .IP \fBnewaliases\fR
-/* Initialize the alias database. If no alias database type is
-/* specified, the program uses the type specified in the
-/* \fBdatabase_type\fR configuration parameter; if no input file
-/* is specified, the program processes the file(s) specified with the
-/* \fBalias_database\fR configuration parameter. This mode of operation
-/* is implemented by running the \fBpostalias\fR(1) command.
+/* Initialize the alias database. If no input file is specified (with
+/* the \fB-oA\fR option, see below), the program processes the file(s)
+/* specified with the \fBalias_database\fR configuration parameter.
+/* If no alias database type is specified, the program uses the type
+/* specified with the \fBdatabase_type\fR configuration parameter.
+/* This mode of operation is implemented by running the \fBpostalias\fR(1)
+/* command.
/* .sp
/* Note: it may take a minute or so before an alias database update
/* becomes visible. Use the \fBpostfix reload\fR command to eliminate
signal(SIGPIPE, SIG_DFL);
if ((showq = mail_connect(MAIL_CLASS_PUBLIC, MAIL_SERVICE_SHOWQ, BLOCKING)) != 0) {
while ((n = vstream_fread(showq, buf, sizeof(buf))) > 0)
- if (vstream_fwrite(VSTREAM_OUT, buf, n) != n)
+ if (vstream_fwrite(VSTREAM_OUT, buf, n) != n
+ || vstream_fflush(VSTREAM_OUT) != 0)
msg_fatal("write error: %m");
- if (vstream_fflush(VSTREAM_OUT))
- msg_fatal("write error: %m");
-
if (vstream_fclose(showq))
msg_warn("close: %m");
}
case SM_MODE_NEWALIAS:
if (argv[OPTIND])
msg_fatal("alias initialization mode requires no recipient");
+ if (*var_alias_db_map == 0)
+ return (0);
ext_argv = argv_alloc(2);
argv_add(ext_argv, "postalias", (char *) 0);
for (n = 0; n < msg_verbose; n++)
* By default, the receiver skips the QUIT response. Some SMTP servers
* disconnect after responding to ".", and some SMTP servers wait before
* responding to QUIT.
+ *
+ * Client states that are associated with sending mail (up to and including
+ * SMTP_STATE_DOT) must have smaller numerical values than the non-sending
+ * states (SMTP_STATE_ABORT .. SMTP_STATE_LAST).
*/
#define SMTP_STATE_MAIL 0
#define SMTP_STATE_RCPT 1
#define SENDER_IN_WAIT_STATE \
(send_state == SMTP_STATE_DOT || send_state == SMTP_STATE_LAST)
+#define SENDING_MAIL \
+ (recv_state <= SMTP_STATE_DOT)
+
/*
* We use SMTP command pipelining if the server said it supported it.
* Since we use blocking I/O, RFC 2197 says that we should inspect the
smtp_timeout_setup(state->session->stream,
*xfer_timeouts[recv_state]);
if ((except = vstream_setjmp(state->session->stream)) != 0)
- RETURN(smtp_stream_except(state, except,
- xfer_states[recv_state]));
+ RETURN(SENDING_MAIL ? smtp_stream_except(state, except,
+ xfer_states[recv_state]) : -1);
resp = smtp_chat_resp(state);
/*
state->error_mask |= MAIL_ERROR_PROTOCOL;
smtpd_chat_reply(state, "503 Error: need RCPT command");
} else {
- smtpd_chat_reply(state, "550 Error: no valid recipients");
+ smtpd_chat_reply(state, "554 Error: no valid recipients");
}
return (-1);
}
}
printable(STR(error_text), ' ');
+ /*
+ * XXX The code below also appears in the SMTP server reply output
+ * routine. It is duplicated here in order to avoid discrepancies between
+ * the reply codes that are shown in "reject" logging and the reply codes
+ * that are actually sent to the SMTP client.
+ *
+ * Implementing the soft_bounce safety net in the SMTP server reply output
+ * routine has the advantage that it covers all 5xx replies, including
+ * SMTP protocol or syntax errors, which makes soft_bounce great for
+ * non-destructive tests (especially by people who are paranoid about
+ * losing mail).
+ *
+ * We could eliminate the code duplication and implement the soft_bounce
+ * safety net only in the code below. But then the safety net would cover
+ * the UCE restrictions only. This would be at odds with the documentation
+ * which says soft_bounce changes all 5xx replies into 4xx ones.
+ */
+ if (var_soft_bounce && STR(error_text)[0] == '5')
+ STR(error_text)[0] = '4';
+
/*
* Log what is happening. When the sysadmin discards policy violation
* postmaster notices, this may be the only trace left that service was
ldap_msgfree(res);
if (filter_buf != 0)
vstring_free(filter_buf);
+ if (escaped_name != 0)
+ vstring_free(escaped_name);
/*
* If we had an error, return nothing, Otherwise, return the result, if
/* SYNOPSIS
/* #include <sane_fsops.h>
/*
-/* int sane_link(old, new)
+/* int sane_link(from, to)
/* const char *from;
/* const char *to;
/* DESCRIPTION
/* int fd;
/* DESCRIPTION
/* writable() asks the kernel if the specified file descriptor
-/* is writable, i.e. a read operation would not block.
+/* is writable, i.e. a write operation would not block.
/*
/* Arguments:
/* .IP fd
projects / thirdparty / postfix.git / commitdiff
