Cleanup: HOLD action executes only once, to reduce noise
in the logfile. Files: cleanup/cleanup_message.c, smtpd/smtpd.c.
-Open problems:
+20050806
+
+ Workaround: accept(2) fails with EPROTO when the client
+ already disconnected (SunOS 5.5.1). File: sane_accept.c.
+
+20050815
+
+ Workaround: old Solaris compilers can't link an archive
+ without globally visible symbols. File: tls/tls_misc.c.
+
+20050825
+
+ Feature: message_reject_characters and message_strip_characters
+ specify what characters in message content Postfix will
+ reject or remove. Based on patch by John Fawcett. Files:
+ cleanup/cleanup_message.c, cleanup/cleanup_init.c.
+
+ Safety: when the cleanup server rejects the content of mail
+ that is submitted with the Postfix sendmail command, or
+ re-queued with "postsuper -r", strip the message body from
+ the bounce message to reduce the risks from harmful content.
+ Files: cleanup/cleanup_envelope.c, cleanup/cleanup_bounce.c.
- Med: when the cleanup server bounces local mail that should
- be content inspected, the resulting DSN should be content
- inspected, otherwise a local user can bypass content
- inspection.
+ Feature: the smtpd_proxy_filter parameter value can now be
+ prefixed with "unix:" (for UNIX-domain socket) and "inet:"
+ (for TCP socket). TCP sockets are the default. Patch by
+ Edwin Kremer. File: smtpd/smtpd_proxy.c.
+
+20050828
+
+ Bugfix: after adding DSN support, error notification was
+ broken for too large mail that was submitted with the Postfix
+ sendmail command, forwarded by the local(8) delivery agent,
+ or re-queued with "postsuper -r". The message would be saved
+ to the "corrupt" queue.
+
+ The mistake was to leave the truncated message in the
+ incoming queue and to ask the queue manager to notify the
+ sender; this was not possible because the queue manager
+ cannot (and should not) handle truncated queue files.
+
+ The fix is to have the cleanup server send the bounce
+ message, just like it did before DSN support was added. As
+ a side effect, Postfix will no longer send DSN_SUCCESS
+ notices after virtual aliasing, when the cleanup server
+ bounces all the recipients of the message anyway. This
+ could be called a feature. File: cleanup/cleanup_bounce.c.
+
+ Also needed for this fix: a new vstream_fpurge() routine
+ that discards unread/written data from a VSTREAM. It's
+ needed before cleanup_bounce() can seek to the start of the
+ queue file after a file size error. File: util/vstream.c.
+
+Open problems:
Look for systems with XPG basename() declared in <libgen.h>,
and prepare for phasing out the Postfix-supplied one.
P\bPo\bos\bst\btf\bfi\bix\bx V\bVE\bER\bRP\bP s\bsu\bup\bpp\bpo\bor\brt\bt c\bco\bom\bmp\bpa\bat\bti\bib\bbi\bil\bli\bit\bty\by
-With Postfix versions before 2.3, the sendmail(1) commands uses the -V command-
+With Postfix versions before 2.3, the sendmail(1) command uses the -V command-
line option to request VERP-style delivery. In order to request VERP style
delivery with Postfix 2.3 and later, you must specify -XV instead of -V.
The main feature of interest is that IPv6 uses 128-bit IP addresses instead of
the 32-bit addresses used by IPv4. It can therefore accommodate a much larger
number of hosts and networks without ugly kluges such as NAT. A side benefit of
-the much larger address space is that it makes network scanning unpractical.
+the much larger address space is that it makes random network scanning
+unpractical.
Postfix uses the same SMTP protocol over IPv6 as it already uses over the older
IPv4 network, and does AAAA record lookups in the DNS in addition to the older
If you upgrade from Postfix 2.1 or earlier, read RELEASE_NOTES-2.2
before proceeding.
+Incompatibility with snapshot 20050828
+======================================
+
+When a header/body_checks or message_reject_characters rule rejects
+mail that was submitted with the Postfix sendmail command (or
+re-queued with "postsuper -r"), the returned message is now limited
+to just the message headers, to avoid the risk of exposure to harmful
+content in the message body or attachments.
+
+When the cleanup server rejects the content or size of mail that
+was submitted with the Postfix sendmail command, forwarded with the
+local(8) delivery agent, or that was re-queued with "postsuper -r",
+Postfix no longer sends DSN SUCCESS notification of virtual alias
+expansions. Since all the recipients are reported as failed, the
+SUCCESS notification seems redundant.
+
+Major changes with snapshot 20050828
+====================================
+
+Configurable filters to reject or remove unwanted characters in
+email content. The message_reject_characters and message_strip_characters
+parameters understand the usual C-like escape sequences: \a \b \f
+\n \r \t \v \ddd (up to three octal digits) and \\.
+
Incompatibility with snapshot 20050726
======================================
# By default the canonical(5) mapping affects both message
# header addresses (i.e. addresses that appear inside mes-
# sages) and message envelope addresses (for example, the
-# addresses that are used in SMTP protocol commands). Think
-# Sendmail rule set S3, if you like. This is controlled
-# with the canonical_classes parameter.
+# addresses that are used in SMTP protocol commands). This
+# is controlled with the canonical_classes parameter.
#
# NOTE: Postfix versions 2.2 and later rewrite message head-
-# ers from remote SMTP clients only if the client matches
+# ers from remote SMTP clients only if the client matches
# the local_header_rewrite_clients parameter, or if the
# remote_header_rewrite_domain configuration parameter spec-
-# ifies a non-empty value. To get the behavior before Post-
-# fix 2.2, specify "local_header_rewrite_clients =
+# ifies a non-empty value. To get the behavior before Post-
+# fix 2.2, specify "local_header_rewrite_clients =
# static:all".
#
# Typically, one would use the canonical(5) table to replace
-# login names by Firstname.Lastname, or to clean up
+# login names by Firstname.Lastname, or to clean up
# addresses produced by legacy mail systems.
#
-# The canonical(5) mapping is not to be confused with vir-
-# tual domain support. Use the virtual(5) map for that pur-
+# The canonical(5) mapping is not to be confused with vir-
+# tual domain support. Use the virtual(5) map for that pur-
# pose.
#
-# The canonical(5) mapping is not to be confused with local
+# The canonical(5) mapping is not to be confused with local
# aliasing. Use the aliases(5) map for that purpose.
#
# TABLE FORMAT
# The input format for the postmap(1) command is as follows:
#
# pattern result
-# When pattern matches a mail address, replace it by
+# When pattern matches a mail address, replace it by
# the corresponding result.
#
# blank lines and comments
-# Empty lines and whitespace-only lines are ignored,
-# as are lines whose first non-whitespace character
+# Empty lines and whitespace-only lines are ignored,
+# as are lines whose first non-whitespace character
# is a `#'.
#
# multi-line text
-# A logical line starts with non-whitespace text. A
-# line that starts with whitespace continues a logi-
+# A logical line starts with non-whitespace text. A
+# line that starts with whitespace continues a logi-
# cal line.
#
# TABLE SEARCH ORDER
# With lookups from indexed files such as DB or DBM, or from
-# networked tables such as NIS, LDAP or SQL, patterns are
+# networked tables such as NIS, LDAP or SQL, patterns are
# tried in the order as listed below:
#
# user@domain address
-# Replace user@domain by address. This form has the
+# Replace user@domain by address. This form has the
# highest precedence.
#
-# This is useful to clean up addresses produced by
-# legacy mail systems. It can also be used to pro-
-# duce Firstname.Lastname style addresses, but see
+# This is useful to clean up addresses produced by
+# legacy mail systems. It can also be used to pro-
+# duce Firstname.Lastname style addresses, but see
# below for a simpler solution.
#
# user address
-# Replace user@site by address when site is equal to
-# $myorigin, when site is listed in $mydestination,
-# or when it is listed in $inet_interfaces or
+# Replace user@site by address when site is equal to
+# $myorigin, when site is listed in $mydestination,
+# or when it is listed in $inet_interfaces or
# $proxy_interfaces.
#
-# This form is useful for replacing login names by
+# This form is useful for replacing login names by
# Firstname.Lastname.
#
# @domain address
# RESULT ADDRESS REWRITING
# The lookup result is subject to address rewriting:
#
-# o When the result has the form @otherdomain, the
+# o When the result has the form @otherdomain, the
# result becomes the same user in otherdomain.
#
-# o When "append_at_myorigin=yes", append "@$myorigin"
+# o When "append_at_myorigin=yes", append "@$myorigin"
# to addresses without "@domain".
#
# o When "append_dot_mydomain=yes", append ".$mydomain"
#
# ADDRESS EXTENSION
# When a mail address localpart contains the optional recip-
-# ient delimiter (e.g., user+foo@domain), the lookup order
+# ient delimiter (e.g., user+foo@domain), the lookup order
# becomes: user+foo@domain, user@domain, user+foo, user, and
# @domain.
#
-# The propagate_unmatched_extensions parameter controls
-# whether an unmatched address extension (+foo) is propa-
+# The propagate_unmatched_extensions parameter controls
+# whether an unmatched address extension (+foo) is propa-
# gated to the result of table lookup.
#
# REGULAR EXPRESSION TABLES
-# This section describes how the table lookups change when
+# This section describes how the table lookups change when
# the table is given in the form of regular expressions. For
-# a description of regular expression lookup table syntax,
+# a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5).
#
-# Each pattern is a regular expression that is applied to
+# Each pattern is a regular expression that is applied to
# the entire address being looked up. Thus, user@domain mail
-# addresses are not broken up into their user and @domain
+# addresses are not broken up into their user and @domain
# constituent parts, nor is user+foo broken up into user and
# foo.
#
-# Patterns are applied in the order as specified in the ta-
-# ble, until a pattern is found that matches the search
+# Patterns are applied in the order as specified in the ta-
+# ble, until a pattern is found that matches the search
# string.
#
-# Results are the same as with indexed file lookups, with
-# the additional feature that parenthesized substrings from
+# Results are the same as with indexed file lookups, with
+# the additional feature that parenthesized substrings from
# the pattern can be interpolated as $1, $2 and so on.
#
# TCP-BASED TABLES
-# This section describes how the table lookups change when
+# This section describes how the table lookups change when
# lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see tcp_ta-
# ble(5). This feature is not available up to and including
# Postfix version 2.2.
#
# Each lookup operation uses the entire address once. Thus,
-# user@domain mail addresses are not broken up into their
+# user@domain mail addresses are not broken up into their
# user and @domain constituent parts, nor is user+foo broken
# up into user and foo.
#
# Results are the same as with indexed file lookups.
#
# BUGS
-# The table format does not understand quoting conventions.
+# The table format does not understand quoting conventions.
#
# CONFIGURATION PARAMETERS
-# The following main.cf parameters are especially relevant.
-# The text below provides only a parameter summary. See
+# The following main.cf parameters are especially relevant.
+# The text below provides only a parameter summary. See
# postconf(5) for more details including examples.
#
# canonical_classes
-# What addresses are subject to canonical address
+# What addresses are subject to canonical address
# mapping.
#
# canonical_maps
# header sender addresses.
#
# propagate_unmatched_extensions
-# A list of address rewriting or forwarding mecha-
-# nisms that propagate an address extension from the
-# original address to the result. Specify zero or
-# more of canonical, virtual, alias, forward,
+# A list of address rewriting or forwarding mecha-
+# nisms that propagate an address extension from the
+# original address to the result. Specify zero or
+# more of canonical, virtual, alias, forward,
# include, or generic.
#
# Other parameters of interest:
#
# inet_interfaces
-# The network interface addresses that this system
+# The network interface addresses that this system
# receives mail on. You need to stop and start Post-
# fix when this parameter changes.
#
# local_header_rewrite_clients
# Rewrite message header addresses in mail from these
-# clients and update incomplete addresses with the
+# clients and update incomplete addresses with the
# domain name in $myorigin or $mydomain; either don't
-# rewrite message headers from other clients at all,
-# or rewrite message headers and update incomplete
-# addresses with the domain specified in the
+# rewrite message headers from other clients at all,
+# or rewrite message headers and update incomplete
+# addresses with the domain specified in the
# remote_header_rewrite_domain parameter.
#
# proxy_interfaces
# tor.
#
# masquerade_classes
-# List of address classes subject to masquerading:
-# zero or more of envelope_sender, envelope_recipi-
+# List of address classes subject to masquerading:
+# zero or more of envelope_sender, envelope_recipi-
# ent, header_sender, header_recipient.
#
# masquerade_domains
-# List of domains that hide their subdomain struc-
+# List of domains that hide their subdomain struc-
# ture.
#
# masquerade_exceptions
-# List of user names that are not subject to address
+# List of user names that are not subject to address
# masquerading.
#
# mydestination
-# List of domains that this mail system considers
+# List of domains that this mail system considers
# local.
#
# myorigin
# addresses.
#
# remote_header_rewrite_domain
-# Don't rewrite message headers from remote clients
+# Don't rewrite message headers from remote clients
# at all when this parameter is empty; otherwise, re-
-# write message headers and append the specified
+# write message headers and append the specified
# domain name to incomplete addresses.
#
# SEE ALSO
# virtual(5), virtual aliasing
#
# README FILES
-# Use "postconf readme_directory" or "postconf html_direc-
+# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
# DATABASE_README, Postfix lookup table overview
# ADDRESS_REWRITING_README, address rewriting guide
#
# LICENSE
-# The Secure Mailer license must be distributed with this
+# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)
# address can have its own mailbox.
#
# Virtual aliasing is applied only to recipient envelope
-# addresses, and does not affect message headers. Think
-# Sendmail rule set S0, if you like. Use canonical(5) map-
-# ping to rewrite header and envelope addresses in general.
+# addresses, and does not affect message headers. Use
+# canonical(5) mapping to rewrite header and envelope
+# addresses in general.
#
-# Normally, the virtual(5) alias table is specified as a
-# text file that serves as input to the postmap(1) command.
-# The result, an indexed file in dbm or db format, is used
+# Normally, the virtual(5) alias table is specified as a
+# text file that serves as input to the postmap(1) command.
+# The result, an indexed file in dbm or db format, is used
# for fast searching by the mail system. Execute the command
-# "postmap /etc/postfix/virtual" in order to rebuild the
+# "postmap /etc/postfix/virtual" in order to rebuild the
# indexed file after changing the text file.
#
-# When the table is provided via other means such as NIS,
-# LDAP or SQL, the same lookups are done as for ordinary
+# When the table is provided via other means such as NIS,
+# LDAP or SQL, the same lookups are done as for ordinary
# indexed files.
#
-# Alternatively, the table can be provided as a regular-
+# Alternatively, the table can be provided as a regular-
# expression map where patterns are given as regular expres-
-# sions, or lookups can be directed to TCP-based server. In
-# that case, the lookups are done in a slightly different
-# way as described below under "REGULAR EXPRESSION TABLES"
+# sions, or lookups can be directed to TCP-based server. In
+# that case, the lookups are done in a slightly different
+# way as described below under "REGULAR EXPRESSION TABLES"
# and "TCP-BASED TABLES".
#
# TABLE FORMAT
# The input format for the postmap(1) command is as follows:
#
# pattern result
-# When pattern matches a mail address, replace it by
+# When pattern matches a mail address, replace it by
# the corresponding result.
#
# blank lines and comments
-# Empty lines and whitespace-only lines are ignored,
-# as are lines whose first non-whitespace character
+# Empty lines and whitespace-only lines are ignored,
+# as are lines whose first non-whitespace character
# is a `#'.
#
# multi-line text
-# A logical line starts with non-whitespace text. A
-# line that starts with whitespace continues a logi-
+# A logical line starts with non-whitespace text. A
+# line that starts with whitespace continues a logi-
# cal line.
#
# TABLE SEARCH ORDER
# With lookups from indexed files such as DB or DBM, or from
-# networked tables such as NIS, LDAP or SQL, patterns are
+# networked tables such as NIS, LDAP or SQL, patterns are
# tried in the order as listed below:
#
# user@domain address, address, ...
-# Redirect mail for user@domain to address. This
+# Redirect mail for user@domain to address. This
# form has the highest precedence.
#
# user address, address, ...
# Redirect mail for user@site to address when site is
-# equal to $myorigin, when site is listed in $mydes-
-# tination, or when it is listed in $inet_interfaces
+# equal to $myorigin, when site is listed in $mydes-
+# tination, or when it is listed in $inet_interfaces
# or $proxy_interfaces.
#
-# This functionality overlaps with functionality of
-# the local aliases(5) database. The difference is
+# This functionality overlaps with functionality of
+# the local aliases(5) database. The difference is
# that virtual(5) mapping can be applied to non-local
# addresses.
#
# RESULT ADDRESS REWRITING
# The lookup result is subject to address rewriting:
#
-# o When the result has the form @otherdomain, the
-# result becomes the same user in otherdomain. This
+# o When the result has the form @otherdomain, the
+# result becomes the same user in otherdomain. This
# works only for the first address in a multi-address
# lookup result.
#
-# o When "append_at_myorigin=yes", append "@$myorigin"
+# o When "append_at_myorigin=yes", append "@$myorigin"
# to addresses without "@domain".
#
# o When "append_dot_mydomain=yes", append ".$mydomain"
#
# ADDRESS EXTENSION
# When a mail address localpart contains the optional recip-
-# ient delimiter (e.g., user+foo@domain), the lookup order
+# ient delimiter (e.g., user+foo@domain), the lookup order
# becomes: user+foo@domain, user@domain, user+foo, user, and
# @domain.
#
-# The propagate_unmatched_extensions parameter controls
-# whether an unmatched address extension (+foo) is propa-
+# The propagate_unmatched_extensions parameter controls
+# whether an unmatched address extension (+foo) is propa-
# gated to the result of table lookup.
#
# VIRTUAL ALIAS DOMAINS
-# Besides virtual aliases, the virtual alias table can also
+# Besides virtual aliases, the virtual alias table can also
# be used to implement virtual alias domains. With a virtual
-# alias domain, all recipient addresses are aliased to
+# alias domain, all recipient addresses are aliased to
# addresses in other domains.
#
# Virtual alias domains are not to be confused with the vir-
# tual mailbox domains that are implemented with the Postfix
# virtual(8) mail delivery agent. With virtual mailbox
-# domains, each recipient address can have its own mailbox.
+# domains, each recipient address can have its own mailbox.
#
-# With a virtual alias domain, the virtual domain has its
-# own user name space. Local (i.e. non-virtual) usernames
-# are not visible in a virtual alias domain. In particular,
-# local aliases(5) and local mailing lists are not visible
+# With a virtual alias domain, the virtual domain has its
+# own user name space. Local (i.e. non-virtual) usernames
+# are not visible in a virtual alias domain. In particular,
+# local aliases(5) and local mailing lists are not visible
# as localname@virtual-alias.domain.
#
# Support for a virtual alias domain looks like:
# /etc/postfix/main.cf:
# virtual_alias_maps = hash:/etc/postfix/virtual
#
-# Note: some systems use dbm databases instead of hash.
-# See the output from "postconf -m" for available data-
+# Note: some systems use dbm databases instead of hash.
+# See the output from "postconf -m" for available data-
# base types.
#
# /etc/postfix/virtual:
# user1@virtual-alias.domain address1
# user2@virtual-alias.domain address2, address3
#
-# The virtual-alias.domain anything entry is required for a
+# The virtual-alias.domain anything entry is required for a
# virtual alias domain. Without this entry, mail is rejected
-# with "relay access denied", or bounces with "mail loops
+# with "relay access denied", or bounces with "mail loops
# back to myself".
#
-# Do not specify virtual alias domain names in the main.cf
+# Do not specify virtual alias domain names in the main.cf
# mydestination or relay_domains configuration parameters.
#
-# With a virtual alias domain, the Postfix SMTP server
-# accepts mail for known-user@virtual-alias.domain, and
-# rejects mail for unknown-user@virtual-alias.domain as
+# With a virtual alias domain, the Postfix SMTP server
+# accepts mail for known-user@virtual-alias.domain, and
+# rejects mail for unknown-user@virtual-alias.domain as
# undeliverable.
#
-# Instead of specifying the virtual alias domain name via
-# the virtual_alias_maps table, you may also specify it via
+# Instead of specifying the virtual alias domain name via
+# the virtual_alias_maps table, you may also specify it via
# the main.cf virtual_alias_domains configuration parameter.
-# This latter parameter uses the same syntax as the main.cf
+# This latter parameter uses the same syntax as the main.cf
# mydestination configuration parameter.
#
# REGULAR EXPRESSION TABLES
-# This section describes how the table lookups change when
+# This section describes how the table lookups change when
# the table is given in the form of regular expressions. For
-# a description of regular expression lookup table syntax,
+# a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5).
#
-# Each pattern is a regular expression that is applied to
+# Each pattern is a regular expression that is applied to
# the entire address being looked up. Thus, user@domain mail
-# addresses are not broken up into their user and @domain
+# addresses are not broken up into their user and @domain
# constituent parts, nor is user+foo broken up into user and
# foo.
#
-# Patterns are applied in the order as specified in the ta-
-# ble, until a pattern is found that matches the search
+# Patterns are applied in the order as specified in the ta-
+# ble, until a pattern is found that matches the search
# string.
#
-# Results are the same as with indexed file lookups, with
-# the additional feature that parenthesized substrings from
+# Results are the same as with indexed file lookups, with
+# the additional feature that parenthesized substrings from
# the pattern can be interpolated as $1, $2 and so on.
#
# TCP-BASED TABLES
-# This section describes how the table lookups change when
+# This section describes how the table lookups change when
# lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see tcp_ta-
# ble(5). This feature is not available up to and including
# Postfix version 2.2.
#
# Each lookup operation uses the entire address once. Thus,
-# user@domain mail addresses are not broken up into their
+# user@domain mail addresses are not broken up into their
# user and @domain constituent parts, nor is user+foo broken
# up into user and foo.
#
# Results are the same as with indexed file lookups.
#
# BUGS
-# The table format does not understand quoting conventions.
+# The table format does not understand quoting conventions.
#
# CONFIGURATION PARAMETERS
-# The following main.cf parameters are especially relevant
-# to this topic. See the Postfix main.cf file for syntax
-# details and for default values. Use the "postfix reload"
+# The following main.cf parameters are especially relevant
+# to this topic. See the Postfix main.cf file for syntax
+# details and for default values. Use the "postfix reload"
# command after a configuration change.
#
# virtual_alias_maps
# List of virtual aliasing tables.
#
# virtual_alias_domains
-# List of virtual alias domains. This uses the same
+# List of virtual alias domains. This uses the same
# syntax as the mydestination parameter.
#
# propagate_unmatched_extensions
-# A list of address rewriting or forwarding mecha-
-# nisms that propagate an address extension from the
-# original address to the result. Specify zero or
-# more of canonical, virtual, alias, forward,
+# A list of address rewriting or forwarding mecha-
+# nisms that propagate an address extension from the
+# original address to the result. Specify zero or
+# more of canonical, virtual, alias, forward,
# include, or generic.
#
# Other parameters of interest:
#
# inet_interfaces
-# The network interface addresses that this system
+# The network interface addresses that this system
# receives mail on. You need to stop and start Post-
# fix when this parameter changes.
#
# mydestination
-# List of domains that this mail system considers
+# List of domains that this mail system considers
# local.
#
# myorigin
-# The domain that is appended to any address that
+# The domain that is appended to any address that
# does not have a domain.
#
# owner_request_special
# canonical(5), canonical address mapping
#
# README FILES
-# Use "postconf readme_directory" or "postconf html_direc-
+# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
# DATABASE_README, Postfix lookup table overview
# ADDRESS_REWRITING_README, address rewriting guide
# VIRTUAL_README, domain hosting guide
#
# LICENSE
-# The Secure Mailer license must be distributed with this
+# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)
<h2> <a name="compat">Postfix VERP support compatibility</a> </h2>
-<p> With Postfix versions before 2.3, the <a href="sendmail.1.html">sendmail(1)</a> commands uses
+<p> With Postfix versions before 2.3, the <a href="sendmail.1.html">sendmail(1)</a> command uses
the -V command-line option to request VERP-style delivery. In order
to request VERP style delivery with Postfix 2.3 and later, you must
specify -XV instead of -V. </p>
addresses instead of the 32-bit addresses used by IPv4. It can
therefore accommodate a much larger number of hosts and networks
without ugly kluges such as NAT. A side benefit of the much larger
-address space is that it makes network scanning unpractical. </p>
+address space is that it makes random network scanning unpractical.
+</p>
<p> Postfix uses the same SMTP protocol over IPv6 as it already
uses over the older IPv4 network, and does AAAA record lookups in
By default the <a href="canonical.5.html"><b>canonical</b>(5)</a> mapping affects both message
header addresses (i.e. addresses that appear inside mes-
sages) and message envelope addresses (for example, the
- addresses that are used in SMTP protocol commands). Think
- Sendmail rule set <b>S3</b>, if you like. This is controlled
- with the <b><a href="postconf.5.html#canonical_classes">canonical_classes</a></b> parameter.
+ addresses that are used in SMTP protocol commands). This
+ is controlled with the <b><a href="postconf.5.html#canonical_classes">canonical_classes</a></b> parameter.
NOTE: Postfix versions 2.2 and later rewrite message head-
- ers from remote SMTP clients only if the client matches
+ ers from remote SMTP clients only if the client matches
the <a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter, or if the
<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> configuration parameter spec-
- ifies a non-empty value. To get the behavior before Post-
- fix 2.2, specify "<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> =
+ ifies a non-empty value. To get the behavior before Post-
+ fix 2.2, specify "<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> =
static:all".
Typically, one would use the <a href="canonical.5.html"><b>canonical</b>(5)</a> table to replace
- login names by <i>Firstname.Lastname</i>, or to clean up
+ login names by <i>Firstname.Lastname</i>, or to clean up
addresses produced by legacy mail systems.
- The <a href="canonical.5.html"><b>canonical</b>(5)</a> mapping is not to be confused with <i>vir-</i>
- <i>tual domain</i> support. Use the <a href="virtual.5.html"><b>virtual</b>(5)</a> map for that pur-
+ The <a href="canonical.5.html"><b>canonical</b>(5)</a> mapping is not to be confused with <i>vir-</i>
+ <i>tual domain</i> support. Use the <a href="virtual.5.html"><b>virtual</b>(5)</a> map for that pur-
pose.
- The <a href="canonical.5.html"><b>canonical</b>(5)</a> mapping is not to be confused with local
+ The <a href="canonical.5.html"><b>canonical</b>(5)</a> mapping is not to be confused with local
aliasing. Use the <a href="aliases.5.html"><b>aliases</b>(5)</a> map for that purpose.
<b>TABLE FORMAT</b>
The input format for the <a href="postmap.1.html"><b>postmap</b>(1)</a> command is as follows:
<i>pattern result</i>
- When <i>pattern</i> matches a mail address, replace it by
+ When <i>pattern</i> matches a mail address, replace it by
the corresponding <i>result</i>.
blank lines and comments
- Empty lines and whitespace-only lines are ignored,
- as are lines whose first non-whitespace character
+ Empty lines and whitespace-only lines are ignored,
+ as are lines whose first non-whitespace character
is a `#'.
multi-line text
- A logical line starts with non-whitespace text. A
- line that starts with whitespace continues a logi-
+ A logical line starts with non-whitespace text. A
+ line that starts with whitespace continues a logi-
cal line.
<b>TABLE SEARCH ORDER</b>
With lookups from indexed files such as DB or DBM, or from
- networked tables such as NIS, LDAP or SQL, patterns are
+ networked tables such as NIS, LDAP or SQL, patterns are
tried in the order as listed below:
<i>user</i>@<i>domain address</i>
- Replace <i>user</i>@<i>domain</i> by <i>address</i>. This form has the
+ Replace <i>user</i>@<i>domain</i> by <i>address</i>. This form has the
highest precedence.
- This is useful to clean up addresses produced by
- legacy mail systems. It can also be used to pro-
- duce <i>Firstname.Lastname</i> style addresses, but see
+ This is useful to clean up addresses produced by
+ legacy mail systems. It can also be used to pro-
+ duce <i>Firstname.Lastname</i> style addresses, but see
below for a simpler solution.
<i>user address</i>
- Replace <i>user</i>@<i>site</i> by <i>address</i> when <i>site</i> is equal to
- $<b><a href="postconf.5.html#myorigin">myorigin</a></b>,
when <i>site</i> is listed in $<b><a href="postconf.5.html#mydestination">mydestination</a></b>,
- or when it is listed in $<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b> or
+ Replace <i>user</i>@<i>site</i> by <i>address</i> when <i>site</i> is equal to
+ $<b><a href="postconf.5.html#myorigin">myorigin</a></b>,
when <i>site</i> is listed in $<b><a href="postconf.5.html#mydestination">mydestination</a></b>,
+ or when it is listed in $<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b> or
$<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a></b>.
- This form is useful for replacing login names by
+ This form is useful for replacing login names by
<i>Firstname.Lastname</i>.
@<i>domain address</i>
<b>RESULT ADDRESS REWRITING</b>
The lookup result is subject to address rewriting:
- <b>o</b> When the result has the form @<i>otherdomain</i>, the
+ <b>o</b> When the result has the form @<i>otherdomain</i>, the
result becomes the same <i>user</i> in <i>otherdomain</i>.
- <b>o</b> When
"<b><a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a>=yes</b>", append "<b>@$<a href="postconf.5.html#myorigin">myorigin</a></b>"
+ <b>o</b> When
"<b><a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a>=yes</b>", append "<b>@$<a href="postconf.5.html#myorigin">myorigin</a></b>"
to addresses without "@domain".
<b>o</b> When "<b><a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a>=yes</b>", append "<b>.$<a href="postconf.5.html#mydomain">mydomain</a></b>"
<b>ADDRESS EXTENSION</b>
When a mail address localpart contains the optional recip-
- ient delimiter (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order
+ ient delimiter (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order
becomes: <i>user+foo</i>@<i>domain</i>, <i>user</i>@<i>domain</i>, <i>user+foo</i>, <i>user</i>, and
@<i>domain</i>.
- The <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b> parameter controls
- whether an unmatched address extension (<i>+foo</i>) is propa-
+ The <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b> parameter controls
+ whether an unmatched address extension (<i>+foo</i>) is propa-
gated to the result of table lookup.
<b>REGULAR EXPRESSION TABLES</b>
- This section describes how the table lookups change when
+ This section describes how the table lookups change when
the table is given in the form of regular expressions. For
- a description of regular expression lookup table syntax,
+ a description of regular expression lookup table syntax,
see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
- Each pattern is a regular expression that is applied to
+ Each pattern is a regular expression that is applied to
the entire address being looked up. Thus, <i>user@domain</i> mail
- addresses are not broken up into their <i>user</i> and <i>@domain</i>
+ addresses are not broken up into their <i>user</i> and <i>@domain</i>
constituent parts, nor is <i>user+foo</i> broken up into <i>user</i> and
<i>foo</i>.
- Patterns are applied in the order as specified in the ta-
- ble, until a pattern is found that matches the search
+ Patterns are applied in the order as specified in the ta-
+ ble, until a pattern is found that matches the search
string.
- Results are the same as with indexed file lookups, with
- the additional feature that parenthesized substrings from
+ Results are the same as with indexed file lookups, with
+ the additional feature that parenthesized substrings from
the pattern can be interpolated as <b>$1</b>, <b>$2</b> and so on.
<b>TCP-BASED TABLES</b>
- This section describes how the table lookups change when
+ This section describes how the table lookups change when
lookups are directed to a TCP-based server. For a descrip-
tion of the TCP client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_ta-</b></a>
<a href="tcp_table.5.html"><b>ble</b>(5)</a>. This feature is not available up to and including
Postfix version 2.2.
Each lookup operation uses the entire address once. Thus,
- <i>user@domain</i> mail addresses are not broken up into their
+ <i>user@domain</i> mail addresses are not broken up into their
<i>user</i> and <i>@domain</i> constituent parts, nor is <i>user+foo</i> broken
up into <i>user</i> and <i>foo</i>.
Results are the same as with indexed file lookups.
<b>BUGS</b>
- The table format does not understand quoting conventions.
+ The table format does not understand quoting conventions.
<b>CONFIGURATION PARAMETERS</b>
- The following <b>main.cf</b> parameters are especially relevant.
- The text below provides only a parameter summary. See
+ The following <b>main.cf</b> parameters are especially relevant.
+ The text below provides only a parameter summary. See
<a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
<b><a href="postconf.5.html#canonical_classes">canonical_classes</a></b>
- What addresses are subject to canonical address
+ What addresses are subject to canonical address
mapping.
<b><a href="postconf.5.html#canonical_maps">canonical_maps</a></b>
header sender addresses.
<b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b>
- A list of address rewriting or forwarding mecha-
- nisms that propagate an address extension from the
- original address to the result. Specify zero or
- more of <b>canonical</b>, <b>virtual</b>, <b>alias</b>, <b>forward</b>,
+ A list of address rewriting or forwarding mecha-
+ nisms that propagate an address extension from the
+ original address to the result. Specify zero or
+ more of <b>canonical</b>, <b>virtual</b>, <b>alias</b>, <b>forward</b>,
<b>include</b>, or <b>generic</b>.
Other parameters of interest:
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b>
- The network interface addresses that this system
+ The network interface addresses that this system
receives mail on. You need to stop and start Post-
fix when this parameter changes.
<b><a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a></b>
Rewrite message header addresses in mail from these
- clients and update incomplete addresses with the
+ clients and update incomplete addresses with the
domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a>; either don't
- rewrite message headers from other clients at all,
- or rewrite message headers and update incomplete
- addresses with the domain specified in the
+ rewrite message headers from other clients at all,
+ or rewrite message headers and update incomplete
+ addresses with the domain specified in the
<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter.
<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a></b>
tor.
<b><a href="postconf.5.html#masquerade_classes">masquerade_classes</a></b>
- List of address classes subject to masquerading:
- zero or more of <b>envelope_sender</b>, <b>envelope_recipi-</b>
+ List of address classes subject to masquerading:
+ zero or more of <b>envelope_sender</b>, <b>envelope_recipi-</b>
<b>ent</b>, <b>header_sender</b>, <b>header_recipient</b>.
<b><a href="postconf.5.html#masquerade_domains">masquerade_domains</a></b>
- List of domains that hide their subdomain struc-
+ List of domains that hide their subdomain struc-
ture.
<b><a href="postconf.5.html#masquerade_exceptions">masquerade_exceptions</a></b>
- List of user names that are not subject to address
+ List of user names that are not subject to address
masquerading.
<b><a href="postconf.5.html#mydestination">mydestination</a></b>
- List of domains that this mail system considers
+ List of domains that this mail system considers
local.
<b><a href="postconf.5.html#myorigin">myorigin</a></b>
addresses.
<b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a></b>
- Don't rewrite message headers from remote clients
+ Don't rewrite message headers from remote clients
at all when this parameter is empty; otherwise, re-
- write message headers and append the specified
+ write message headers and append the specified
domain name to incomplete addresses.
<b>SEE ALSO</b>
<a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a>, address rewriting guide
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
non-MIME message headers in attached messages, as
described in the <b><a href="postconf.5.html#header_checks">header_checks</a></b>(5) manual page.
+ Available in Postfix version 2.3 and later:
+
+ <b><a href="postconf.5.html#message_reject_characters">message_reject_characters</a> (empty)</b>
+ The set of characters that Postfix will reject in
+ message content.
+
+ <b><a href="postconf.5.html#message_strip_characters">message_strip_characters</a> (empty)</b>
+ The set of characters that Postfix will remove from
+ message content.
+
<b>MIME PROCESSING CONTROLS</b>
Available in Postfix version 2.0 and later:
NOTE: DO NOT define this parameter for <a href="local.8.html">local(8)</a>
aliases.
+ This feature is available in Postfix 2.1 and later.
+
<b>result_attribute (default: maildrop)</b>
- The attribute(s) Postfix will read from any direc-
+ The attribute(s) Postfix will read from any direc-
tory entries returned by the lookup, to be resolved
to an email address.
result_attribute = mailbox, maildrop
<b>special_result_attribute (No default)</b>
The attribute(s) of directory entries that can con-
- tain DNs or URLs. If found, a recursive subsequent
+ tain DNs or URLs. If found, a recursive subsequent
search is done using their values.
special_result_attribute = member
- DN recursion retrieves the same result_attributes
+ DN recursion retrieves the same result_attributes
as the main query, including the special attributes
- for further recursion. URI processing retrieves
- only those attributes that are included in the URI
- definition and are *also* listed in
- "result_attribute". If the URI lists any of the
- map's special result attributes, these are also
+ for further recursion. URI processing retrieves
+ only those attributes that are included in the URI
+ definition and are *also* listed in
+ "result_attribute". If the URI lists any of the
+ map's special result attributes, these are also
retrieved and used recursively.
<b>scope (default: sub)</b>
- The LDAP search scope: <b>sub</b>, <b>base</b>, or <b>one</b>. These
+ The LDAP search scope: <b>sub</b>, <b>base</b>, or <b>one</b>. These
translate into LDAP_SCOPE_SUBTREE, LDAP_SCOPE_BASE,
and LDAP_SCOPE_ONELEVEL.
<b>bind (default: yes)</b>
- Whether or not to bind to the LDAP server. Newer
+ Whether or not to bind to the LDAP server. Newer
LDAP implementations don't require clients to bind,
which saves time. Example:
bind = no
- If you do need to bind, you might consider config-
- uring Postfix to connect to the local machine on a
- port that's an SSL tunnel to your LDAP server. If
- your LDAP server doesn't natively support SSL, put
+ If you do need to bind, you might consider config-
+ uring Postfix to connect to the local machine on a
+ port that's an SSL tunnel to your LDAP server. If
+ your LDAP server doesn't natively support SSL, put
a tunnel (wrapper, proxy, whatever you want to call
- it) on that system too. This should prevent the
- password from traversing the network in the clear.
+ it) on that system too. This should prevent the
+ password from traversing the network in the clear.
<b>bind_dn (default: empty)</b>
- If you do have to bind, do it with this distin-
+ If you do have to bind, do it with this distin-
guished name. Example:
bind_dn = uid=postfix, dc=your, dc=com
<b>bind_pw (default: empty)</b>
- The password for the distinguished name above. If
+ The password for the distinguished name above. If
you have to use this, you probably want to make the
map configuration file readable only by the Postfix
- user. When using the obsolete <a href="ldap_table.5.html">ldap</a>:ldapsource syn-
+ user. When using the obsolete <a href="ldap_table.5.html">ldap</a>:ldapsource syn-
tax, with map parameters in main.cf, it is not pos-
- sible to securely store the bind password. This is
+ sible to securely store the bind password. This is
because main.cf needs to be world readable to allow
local accounts to submit mail via the sendmail com-
mand. Example:
<b>cache_expiry (IGNORED with a warning)</b>
<b>cache_size (IGNORED with a warning)</b>
- The above parameters are NO LONGER SUPPORTED by
+ The above parameters are NO LONGER SUPPORTED by
Postfix. Cache support has been dropped from
OpenLDAP as of release 2.1.13.
<b>recursion_limit (default: 1000)</b>
- A limit on the nesting depth of DN and URL special
- result attribute evaluation. The limit must be a
+ A limit on the nesting depth of DN and URL special
+ result attribute evaluation. The limit must be a
non-zero positive number.
<b>expansion_limit (default: 0)</b>
- A limit on the total number of result elements
- returned (as a comma separated list) by a lookup
- against the map. A setting of zero disables the
- limit. Lookups fail with a temporary error if the
- limit is exceeded. Setting the limit to 1 ensures
+ A limit on the total number of result elements
+ returned (as a comma separated list) by a lookup
+ against the map. A setting of zero disables the
+ limit. Lookups fail with a temporary error if the
+ limit is exceeded. Setting the limit to 1 ensures
that lookups do not return multiple values.
<b>size_limit (default: $expansion_limit)</b>
- A limit on the number of LDAP entries returned by
- any single LDAP search performed as part of the
- lookup. A setting of 0 disables the limit. Expan-
- sion of DN and URL references involves nested LDAP
- queries, each of which is separately subjected to
+ A limit on the number of LDAP entries returned by
+ any single LDAP search performed as part of the
+ lookup. A setting of 0 disables the limit. Expan-
+ sion of DN and URL references involves nested LDAP
+ queries, each of which is separately subjected to
this limit.
- Note: even a single LDAP entry can generate multi-
- ple lookup results, via multiple result attributes
- and/or multi-valued result attributes. This limit
- caps the per search resource utilization on the
- LDAP server, not the final multiplicity of the
- lookup result. It is analogous to the "-z" option
+ Note: even a single LDAP entry can generate multi-
+ ple lookup results, via multiple result attributes
+ and/or multi-valued result attributes. This limit
+ caps the per search resource utilization on the
+ LDAP server, not the final multiplicity of the
+ lookup result. It is analogous to the "-z" option
of "ldapsearch".
<b>dereference (default: 0)</b>
- When to dereference LDAP aliases. (Note that this
+ When to dereference LDAP aliases. (Note that this
has nothing do with Postfix aliases.) The permitted
- values are those legal for the OpenLDAP/UM LDAP
+ values are those legal for the OpenLDAP/UM LDAP
implementations:
0 never
3 always
See ldap.h or the ldap_open(3) or ldapsearch(1) man
- pages for more information. And if you're using an
+ pages for more information. And if you're using an
LDAP package that has other possible values, please
- bring it to the attention of the postfix-
+ bring it to the attention of the postfix-
users@postfix.org mailing list.
<b>chase_referrals (default: 0)</b>
- Sets (or clears) LDAP_OPT_REFERRALS (requires LDAP
+ Sets (or clears) LDAP_OPT_REFERRALS (requires LDAP
version 3 support).
<b>version (default: 2)</b>
Specifies the LDAP protocol version to use.
<b>debuglevel (default: 0)</b>
- What level to set for debugging in the OpenLDAP
+ What level to set for debugging in the OpenLDAP
libraries.
<b>LDAP SSL AND STARTTLS PARAMETERS</b>
- If you're using the OpenLDAP libraries compiled with SSL
- support, Postfix can connect to LDAP SSL servers and can
+ If you're using the OpenLDAP libraries compiled with SSL
+ support, Postfix can connect to LDAP SSL servers and can
issue the STARTTLS command.
- LDAP SSL service can be requested by using a LDAP SSL URL
+ LDAP SSL service can be requested by using a LDAP SSL URL
in the server_host parameter:
server_host = ldaps://ldap.example.com:636
STARTTLS can be turned on with the start_tls parameter:
start_tls = yes
- Both forms require LDAP protocol version 3, which has to
+ Both forms require LDAP protocol version 3, which has to
be set explicitly with:
version = 3
If any of the Postfix programs querying the map is config-
- ured in master.cf to run chrooted, all the certificates
+ ured in master.cf to run chrooted, all the certificates
and keys involved have to be copied to the chroot jail. Of
- course, the private keys should only be readable by the
+ course, the private keys should only be readable by the
user "postfix".
- The following parameters are relevant to LDAP SSL and
+ The following parameters are relevant to LDAP SSL and
STARTTLS:
<b>start_tls (default: no)</b>
Whether or not to issue STARTTLS upon connection to
- the server. Don't set this with LDAP SSL (the SSL
+ the server. Don't set this with LDAP SSL (the SSL
session is setup automatically when the TCP connec-
tion is opened).
- <b>tls_ca_cert_dir (No default; set either this or</b>
+ <b>tls_ca_cert_dir (No default; set either this or</b>
<b>tls_ca_cert_file)</b>
Directory containing X509 Certificate Authority
- certificates in PEM format which are to be recog-
- nized by the client in SSL/TLS connections. The
- files each contain one CA certificate. The files
- are looked up by the CA subject name hash value,
- which must hence be available. If more than one CA
- certificate with the same name hash value exist,
- the extension must be different (e.g. 9d66eef0.0,
- 9d66eef0.1 etc). The search is performed in the
- ordering of the extension number, regardless of
+ certificates in PEM format which are to be recog-
+ nized by the client in SSL/TLS connections. The
+ files each contain one CA certificate. The files
+ are looked up by the CA subject name hash value,
+ which must hence be available. If more than one CA
+ certificate with the same name hash value exist,
+ the extension must be different (e.g. 9d66eef0.0,
+ 9d66eef0.1 etc). The search is performed in the
+ ordering of the extension number, regardless of
other properties of the certificates. Use the
c_rehash utility (from the OpenSSL distribution) to
create the necessary links.
- <b>tls_ca_cert_file (No default; set either this or</b>
+ <b>tls_ca_cert_file (No default; set either this or</b>
<b>tls_ca_cert_dir)</b>
File containing the X509 Certificate Authority cer-
- tificates in PEM format which are to be recognized
- by the client in SSL/TLS connections. This setting
+ tificates in PEM format which are to be recognized
+ by the client in SSL/TLS connections. This setting
takes precedence over tls_ca_cert_dir.
<b>tls_cert (No default; you must set this)</b>
- File containing client's X509 certificate to be
+ File containing client's X509 certificate to be
used by the client in SSL/ TLS connections.
<b>tls_key (No default; you must set this)</b>
- File containing the private key corresponding to
+ File containing the private key corresponding to
the above tls_cert.
<b>tls_require_cert (default: no)</b>
Whether or not to request server's X509 certificate
- and check its validity when establishing SSL/TLS
+ and check its validity when establishing SSL/TLS
connections.
<b>tls_random_file (No default)</b>
- Path of a file to obtain random bits from when
- /dev/[u]random is not available, to be used by the
+ Path of a file to obtain random bits from when
+ /dev/[u]random is not available, to be used by the
client in SSL/TLS connections.
<b>tls_cipher_suite (No default)</b>
Cipher suite to use in SSL/TLS negotiations.
<b>EXAMPLE</b>
- Here's
a basic example for using LDAP to look up <a href="local.8.html">local(8)</a>
+ Here's
a basic example for using LDAP to look up <a href="local.8.html">local(8)</a>
aliases. Assume that in main.cf, you have:
<a href="postconf.5.html#alias_maps">alias_maps</a> = hash:/etc/aliases,
<a href="ldap_table.5.html">ldap</a>:/etc/postfix/ldap-aliases.cf
server_host = ldap.my.com
search_base = dc=my, dc=com
- Upon receiving mail for a local address "ldapuser" that
- isn't found in the /etc/aliases database, Postfix will
- search the LDAP server listening at port 389 on
- ldap.my.com. It will bind anonymously, search for any
- directory entries whose mailacceptinggeneralid attribute
- is "ldapuser", read the "maildrop" attributes of those
- found, and build a list of their maildrops, which will be
- treated as <a href="http://www.faqs.org/rfcs/rfc822.html">RFC822</a> addresses to which the message will be
+ Upon receiving mail for a local address "ldapuser" that
+ isn't found in the /etc/aliases database, Postfix will
+ search the LDAP server listening at port 389 on
+ ldap.my.com. It will bind anonymously, search for any
+ directory entries whose mailacceptinggeneralid attribute
+ is "ldapuser", read the "maildrop" attributes of those
+ found, and build a list of their maildrops, which will be
+ treated as <a href="http://www.faqs.org/rfcs/rfc822.html">RFC822</a> addresses to which the message will be
delivered.
<b>SEE ALSO</b>
<a href="LDAP_README.html">LDAP_README</a>, Postfix LDAP client guide
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
- Carsten Hoeger, Hery Rakotoarisoa, John Hensley, Keith
- Stevenson, LaMont Jones, Liviu Daia, Manuel Guesdon, Mike
- Mattice, Prabhat K Singh, Sami Haahtinen, Samuel Tardieu,
+ Carsten Hoeger, Hery Rakotoarisoa, John Hensley, Keith
+ Stevenson, LaMont Jones, Liviu Daia, Manuel Guesdon, Mike
+ Mattice, Prabhat K Singh, Sami Haahtinen, Samuel Tardieu,
Victor Duchovni, and many others.
LDAP_TABLE(5)
</p>
+</DD>
+
+<DT><b><a name="message_reject_characters">message_reject_characters</a>
+(default: empty)</b></DT><DD>
+
+<p> The set of characters that Postfix will reject in message
+content. The usual C-like escape sequences are recognized: <tt>\a
+\b \f \n \r \t \v \<i>ddd</i></tt> (up to three octal digits) and
+<tt>\\</tt>. </p>
+
+<p> Example: </p>
+
+<pre>
+<a href="postconf.5.html#message_reject_characters">message_reject_characters</a> = \0
+</pre>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
</DD>
<DT><b><a name="message_size_limit">message_size_limit</a>
</p>
+</DD>
+
+<DT><b><a name="message_strip_characters">message_strip_characters</a>
+(default: empty)</b></DT><DD>
+
+<p> The set of characters that Postfix will remove from message
+content. The usual C-like escape sequences are recognized: <tt>\a
+\b \f \n \r \t \v \<i>ddd</i></tt> (up to three octal digits) and
+<tt>\\</tt>. </p>
+
+<p> Example: </p>
+
+<pre>
+<a href="postconf.5.html#message_strip_characters">message_strip_characters</a> = \0
+</pre>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
</DD>
<DT><b><a name="mime_boundary_length_limit">mime_boundary_length_limit</a>
supposed to give the result to another Postfix SMTP server process.
</p>
-<p> Specify host:port. The host can be specified as an IP address
-or as a symbolic name; no MX lookups are done. When no host or
-host: are specified, the local machine is assumed. </p>
+<p> Specify "host:port" or "inet:host:port" for a TCP endpoint, or
+"unix:pathname" for a UNIX-domain endpoint. The host can be specified
+as an IP address or as a symbolic name; no MX lookups are done.
+When no "host" or "host:" are specified, the local machine is
+assumed. Pathname interpretation is relative to the Postfix queue
+directory. </p>
<p> This feature is available in Postfix 2.1 and later. </p>
+<p> The "inet:" and "unix:" prefixes are available in Postfix 2.3
+and later. </p>
+
</DD>
address can have its own mailbox.
Virtual aliasing is applied only to recipient envelope
- addresses, and does not affect message headers. Think
- Sendmail rule set <b>S0</b>, if you like. Use <a href="canonical.5.html"><b>canonical</b>(5)</a> map-
- ping to rewrite header and envelope addresses in general.
+ addresses, and does not affect message headers. Use
+ <a href="canonical.5.html"><b>canonical</b>(5)</a> mapping to rewrite header and envelope
+ addresses in general.
- Normally, the <a href="virtual.5.html"><b>virtual</b>(5)</a> alias table is specified as a
- text file that serves as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> command.
- The result, an indexed file in <b>dbm</b> or <b>db</b> format, is used
+ Normally, the <a href="virtual.5.html"><b>virtual</b>(5)</a> alias table is specified as a
+ text file that serves as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> command.
+ The result, an indexed file in <b>dbm</b> or <b>db</b> format, is used
for fast searching by the mail system. Execute the command
- "<b>postmap /etc/postfix/virtual</b>" in order to rebuild the
+ "<b>postmap /etc/postfix/virtual</b>" in order to rebuild the
indexed file after changing the text file.
- When the table is provided via other means such as NIS,
- LDAP or SQL, the same lookups are done as for ordinary
+ When the table is provided via other means such as NIS,
+ LDAP or SQL, the same lookups are done as for ordinary
indexed files.
- Alternatively, the table can be provided as a regular-
+ Alternatively, the table can be provided as a regular-
expression map where patterns are given as regular expres-
- sions, or lookups can be directed to TCP-based server. In
- that case, the lookups are done in a slightly different
- way as described below under "REGULAR EXPRESSION TABLES"
+ sions, or lookups can be directed to TCP-based server. In
+ that case, the lookups are done in a slightly different
+ way as described below under "REGULAR EXPRESSION TABLES"
and "TCP-BASED TABLES".
<b>TABLE FORMAT</b>
The input format for the <a href="postmap.1.html"><b>postmap</b>(1)</a> command is as follows:
<i>pattern result</i>
- When <i>pattern</i> matches a mail address, replace it by
+ When <i>pattern</i> matches a mail address, replace it by
the corresponding <i>result</i>.
blank lines and comments
- Empty lines and whitespace-only lines are ignored,
- as are lines whose first non-whitespace character
+ Empty lines and whitespace-only lines are ignored,
+ as are lines whose first non-whitespace character
is a `#'.
multi-line text
- A logical line starts with non-whitespace text. A
- line that starts with whitespace continues a logi-
+ A logical line starts with non-whitespace text. A
+ line that starts with whitespace continues a logi-
cal line.
<b>TABLE SEARCH ORDER</b>
With lookups from indexed files such as DB or DBM, or from
- networked tables such as NIS, LDAP or SQL, patterns are
+ networked tables such as NIS, LDAP or SQL, patterns are
tried in the order as listed below:
<i>user</i>@<i>domain address, address, ...</i>
- Redirect mail for <i>user</i>@<i>domain</i> to <i>address</i>. This
+ Redirect mail for <i>user</i>@<i>domain</i> to <i>address</i>. This
form has the highest precedence.
<i>user address, address, ...</i>
Redirect mail for <i>user</i>@<i>site</i> to <i>address</i> when <i>site</i> is
- equal
to $<b><a href="postconf.5.html#myorigin">myorigin</a></b>, when <i>site</i> is listed in $<b><a href="postconf.5.html#mydestination">mydes</a>-</b>
- <b><a href="postconf.5.html#mydestination">tination</a></b>,
or when it is listed in $<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b>
+ equal
to $<b><a href="postconf.5.html#myorigin">myorigin</a></b>, when <i>site</i> is listed in $<b><a href="postconf.5.html#mydestination">mydes</a>-</b>
+ <b><a href="postconf.5.html#mydestination">tination</a></b>,
or when it is listed in $<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b>
or $<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a></b>.
- This functionality overlaps with functionality of
- the local <i>aliases</i>(5) database. The difference is
+ This functionality overlaps with functionality of
+ the local <i>aliases</i>(5) database. The difference is
that <a href="virtual.5.html"><b>virtual</b>(5)</a> mapping can be applied to non-local
addresses.
<b>RESULT ADDRESS REWRITING</b>
The lookup result is subject to address rewriting:
- <b>o</b> When the result has the form @<i>otherdomain</i>, the
- result becomes the same <i>user</i> in <i>otherdomain</i>. This
+ <b>o</b> When the result has the form @<i>otherdomain</i>, the
+ result becomes the same <i>user</i> in <i>otherdomain</i>. This
works only for the first address in a multi-address
lookup result.
- <b>o</b> When
"<b><a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a>=yes</b>", append "<b>@$<a href="postconf.5.html#myorigin">myorigin</a></b>"
+ <b>o</b> When
"<b><a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a>=yes</b>", append "<b>@$<a href="postconf.5.html#myorigin">myorigin</a></b>"
to addresses without "@domain".
<b>o</b> When "<b><a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a>=yes</b>", append "<b>.$<a href="postconf.5.html#mydomain">mydomain</a></b>"
<b>ADDRESS EXTENSION</b>
When a mail address localpart contains the optional recip-
- ient delimiter (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order
+ ient delimiter (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order
becomes: <i>user+foo</i>@<i>domain</i>, <i>user</i>@<i>domain</i>, <i>user+foo</i>, <i>user</i>, and
@<i>domain</i>.
- The <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b> parameter controls
- whether an unmatched address extension (<i>+foo</i>) is propa-
+ The <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b> parameter controls
+ whether an unmatched address extension (<i>+foo</i>) is propa-
gated to the result of table lookup.
<b>VIRTUAL ALIAS DOMAINS</b>
- Besides virtual aliases, the virtual alias table can also
+ Besides virtual aliases, the virtual alias table can also
be used to implement <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domains</a>. With a virtual
- alias domain, all recipient addresses are aliased to
+ alias domain, all recipient addresses are aliased to
addresses in other domains.
Virtual alias domains are not to be confused with the vir-
tual mailbox domains that are implemented with the Postfix
<a href="virtual.8.html"><b>virtual</b>(8)</a> mail delivery agent. With virtual mailbox
- domains, each recipient address can have its own mailbox.
+ domains, each recipient address can have its own mailbox.
- With a <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a>, the virtual domain has its
- own user name space. Local (i.e. non-virtual) usernames
- are not visible in a <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a>. In particular,
- local <a href="aliases.5.html"><b>aliases</b>(5)</a> and local mailing lists are not visible
+ With a virtual alias domain, the virtual domain has its
+ own user name space. Local (i.e. non-virtual) usernames
+ are not visible in a <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a>. In particular,
+ local <a href="aliases.5.html"><b>aliases</b>(5)</a> and local mailing lists are not visible
as <i>localname@virtual-alias.domain</i>.
Support for a <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a> looks like:
/etc/postfix/main.cf:
<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = hash:/etc/postfix/virtual
- Note: some systems use <b>dbm</b> databases instead of <b>hash</b>.
- See the output from "<b>postconf -m</b>" for available data-
+ Note: some systems use <b>dbm</b> databases instead of <b>hash</b>.
+ See the output from "<b>postconf -m</b>" for available data-
base types.
/etc/postfix/virtual:
<i>user1@virtual-alias.domain address1</i>
<i>user2@virtual-alias.domain address2, address3</i>
- The <i>virtual-alias.domain anything</i> entry is required for a
+ The <i>virtual-alias.domain anything</i> entry is required for a
<a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a>. <b>Without this entry, mail is rejected</b>
- <b>with "relay access denied", or bounces with "mail loops</b>
+ <b>with "relay access denied", or bounces with "mail loops</b>
<b>back to myself".</b>
- Do not specify <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a> names in the <b>main.cf</b>
+ Do not specify <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a> names in the <b>main.cf</b>
<b><a href="postconf.5.html#mydestination">mydestination</a></b> or <b><a href="postconf.5.html#relay_domains">relay_domains</a></b> configuration parameters.
- With a virtual alias domain, the Postfix SMTP server
- accepts mail for <i>known-user@virtual-alias.domain</i>, and
- rejects mail for <i>unknown-user</i>@<i>virtual-alias.domain</i> as
+ With a virtual alias domain, the Postfix SMTP server
+ accepts mail for <i>known-user@virtual-alias.domain</i>, and
+ rejects mail for <i>unknown-user</i>@<i>virtual-alias.domain</i> as
undeliverable.
- Instead of specifying the <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a> name via
- the <b><a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a></b> table, you may also specify it via
+ Instead of specifying the virtual alias domain name via
+ the <b><a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a></b> table, you may also specify it via
the <b>main.cf <a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a></b> configuration parameter.
- This latter parameter uses the same syntax as the <b>main.cf</b>
+ This latter parameter uses the same syntax as the <b>main.cf</b>
<b><a href="postconf.5.html#mydestination">mydestination</a></b> configuration parameter.
<b>REGULAR EXPRESSION TABLES</b>
- This section describes how the table lookups change when
+ This section describes how the table lookups change when
the table is given in the form of regular expressions. For
- a description of regular expression lookup table syntax,
+ a description of regular expression lookup table syntax,
see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
- Each pattern is a regular expression that is applied to
+ Each pattern is a regular expression that is applied to
the entire address being looked up. Thus, <i>user@domain</i> mail
- addresses are not broken up into their <i>user</i> and <i>@domain</i>
+ addresses are not broken up into their <i>user</i> and <i>@domain</i>
constituent parts, nor is <i>user+foo</i> broken up into <i>user</i> and
<i>foo</i>.
- Patterns are applied in the order as specified in the ta-
- ble, until a pattern is found that matches the search
+ Patterns are applied in the order as specified in the ta-
+ ble, until a pattern is found that matches the search
string.
- Results are the same as with indexed file lookups, with
- the additional feature that parenthesized substrings from
+ Results are the same as with indexed file lookups, with
+ the additional feature that parenthesized substrings from
the pattern can be interpolated as <b>$1</b>, <b>$2</b> and so on.
<b>TCP-BASED TABLES</b>
- This section describes how the table lookups change when
+ This section describes how the table lookups change when
lookups are directed to a TCP-based server. For a descrip-
tion of the TCP client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_ta-</b></a>
<a href="tcp_table.5.html"><b>ble</b>(5)</a>. This feature is not available up to and including
Postfix version 2.2.
Each lookup operation uses the entire address once. Thus,
- <i>user@domain</i> mail addresses are not broken up into their
+ <i>user@domain</i> mail addresses are not broken up into their
<i>user</i> and <i>@domain</i> constituent parts, nor is <i>user+foo</i> broken
up into <i>user</i> and <i>foo</i>.
Results are the same as with indexed file lookups.
<b>BUGS</b>
- The table format does not understand quoting conventions.
+ The table format does not understand quoting conventions.
<b>CONFIGURATION PARAMETERS</b>
- The following <b>main.cf</b> parameters are especially relevant
- to this topic. See the Postfix <b>main.cf</b> file for syntax
- details and for default values. Use the "<b>postfix reload</b>"
+ The following <b>main.cf</b> parameters are especially relevant
+ to this topic. See the Postfix <b>main.cf</b> file for syntax
+ details and for default values. Use the "<b>postfix reload</b>"
command after a configuration change.
<b><a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a></b>
List of virtual aliasing tables.
<b><a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a></b>
- List of <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domains</a>. This uses the same
+ List of <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domains</a>. This uses the same
syntax as the <b><a href="postconf.5.html#mydestination">mydestination</a></b> parameter.
<b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b>
- A list of address rewriting or forwarding mecha-
- nisms that propagate an address extension from the
- original address to the result. Specify zero or
- more of <b>canonical</b>, <b>virtual</b>, <b>alias</b>, <b>forward</b>,
+ A list of address rewriting or forwarding mecha-
+ nisms that propagate an address extension from the
+ original address to the result. Specify zero or
+ more of <b>canonical</b>, <b>virtual</b>, <b>alias</b>, <b>forward</b>,
<b>include</b>, or <b>generic</b>.
Other parameters of interest:
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b>
- The network interface addresses that this system
+ The network interface addresses that this system
receives mail on. You need to stop and start Post-
fix when this parameter changes.
<b><a href="postconf.5.html#mydestination">mydestination</a></b>
- List of domains that this mail system considers
+ List of domains that this mail system considers
local.
<b><a href="postconf.5.html#myorigin">myorigin</a></b>
- The domain that is appended to any address that
+ The domain that is appended to any address that
does not have a domain.
<b><a href="postconf.5.html#owner_request_special">owner_request_special</a></b>
<a href="VIRTUAL_README.html">VIRTUAL_README</a>, domain hosting guide
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
By default the \fBcanonical\fR(5) mapping affects both message
header addresses (i.e. addresses that appear inside messages)
and message envelope addresses (for example, the addresses
-that are used in SMTP protocol commands). Think Sendmail
-rule set \fBS3\fR, if you like. This is controlled with
+that are used in SMTP protocol commands). This is controlled with
the \fBcanonical_classes\fR parameter.
NOTE: Postfix versions 2.2 and later rewrite message headers
for LDAP lookups.
NOTE: DO NOT define this parameter for local(8) aliases.
+
+This feature is available in Postfix 2.1 and later.
.IP "\fBresult_attribute (default: maildrop)\fR"
The attribute(s) Postfix will read from any directory
entries returned by the lookup, to be resolved to an email
Specify a list of network/netmask patterns, separated by commas
and/or whitespace. The mask specifies the number of bits in the
network part of a host address. You can also specify hostnames or
-\&.domain names (the initial dot causes the domain to match any name
+\e&.domain names (the initial dot causes the domain to match any name
below it), "/file/name" or "type:table" patterns. A "/file/name"
pattern is replaced by its contents; a "type:table" lookup table
is matched when a table entry matches a lookup string (the lookup
The default time unit is d (days).
.PP
Specify 0 when mail delivery should be tried only once.
+.SH message_reject_characters (default: empty)
+The set of characters that Postfix will reject in message
+content. The usual C-like escape sequences are recognized: \ea
+\eb \ef \en \er \et \ev \e\fIddd\fR (up to three octal digits) and
+\e\e.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+message_reject_characters = \e0
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.3 and later.
.SH message_size_limit (default: 10240000)
The maximal size in bytes of a message, including envelope information.
+.SH message_strip_characters (default: empty)
+The set of characters that Postfix will remove from message
+content. The usual C-like escape sequences are recognized: \ea
+\eb \ef \en \er \et \ev \e\fIddd\fR (up to three octal digits) and
+\e\e.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+message_strip_characters = \e0
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.3 and later.
.SH mime_boundary_length_limit (default: 2048)
The maximal length of MIME multipart boundary strings. The MIME
processor is unable to distinguish between boundary strings that
Specify a list of network/netmask patterns, separated by commas
and/or whitespace. The mask specifies the number of bits in the
network part of a host address. You can also specify hostnames or
-\&.domain names (the initial dot causes the domain to match any name
+\e&.domain names (the initial dot causes the domain to match any name
below it), "/file/name" or "type:table" patterns. A "/file/name"
pattern is replaced by its contents; a "type:table" lookup table
is matched when a table entry matches a lookup string (the lookup
Specify a list of network/netmask patterns, separated by commas
and/or whitespace. The mask specifies the number of bits in the
network part of a host address. You can also specify hostnames or
-\&.domain names (the initial dot causes the domain to match any name
+\e&.domain names (the initial dot causes the domain to match any name
below it), "/file/name" or "type:table" patterns. A "/file/name"
pattern is replaced by its contents; a "type:table" lookup table
is matched when a table entry matches a lookup string (the lookup
Specify a list of network/netmask patterns, separated by commas
and/or whitespace. The mask specifies the number of bits in the
network part of a host address. You can also specify hostnames or
-\&.domain names (the initial dot causes the domain to match any name
+\e&.domain names (the initial dot causes the domain to match any name
below it), "/file/name" or "type:table" patterns. A "/file/name"
pattern is replaced by its contents; a "type:table" lookup table
is matched when a table entry matches a lookup string (the lookup
The proxy receives all mail from the Postfix SMTP server, and is
supposed to give the result to another Postfix SMTP server process.
.PP
-Specify host:port. The host can be specified as an IP address
-or as a symbolic name; no MX lookups are done. When no host or
-host: are specified, the local machine is assumed.
+Specify "host:port" or "inet:host:port" for a TCP endpoint, or
+"unix:pathname" for a UNIX-domain endpoint. The host can be specified
+as an IP address or as a symbolic name; no MX lookups are done.
+When no "host" or "host:" are specified, the local machine is
+assumed. Pathname interpretation is relative to the Postfix queue
+directory.
.PP
This feature is available in Postfix 2.1 and later.
+.PP
+The "inet:" and "unix:" prefixes are available in Postfix 2.3
+and later.
.SH smtpd_proxy_timeout (default: 100s)
The time limit for connecting to a proxy filter and for sending or
receiving information. When a connection fails the client gets a
.PP
A certificate supplied here must be usable as SSL server
certificate and hence pass the "openssl verify -purpose sslserver
-\&..." test.
+\e&..." test.
.PP
Example:
.PP
.PP
Virtual aliasing is applied only to recipient
envelope addresses, and does not affect message headers.
-Think Sendmail rule set \fBS0\fR, if you like. Use \fBcanonical\fR(5)
+Use \fBcanonical\fR(5)
mapping to rewrite header and envelope addresses in general.
Normally, the \fBvirtual\fR(5) alias table is specified as a text file
Optional lookup tables for content inspection of non-MIME message
headers in attached messages, as described in the \fBheader_checks\fR(5)
manual page.
+.PP
+Available in Postfix version 2.3 and later:
+.IP "\fBmessage_reject_characters (empty)\fR"
+The set of characters that Postfix will reject in message
+content.
+.IP "\fBmessage_strip_characters (empty)\fR"
+The set of characters that Postfix will remove from message
+content.
.SH "MIME PROCESSING CONTROLS"
.na
.nf
$block =~ s/<\/DD>/\n/g;
$block =~ s/<DL>/\n/g;
$block =~ s/<\/DL>/\n/g;
+ $block =~ s/\\/\\e/g;
$block =~ s/<b>/\\fB/g;
$block =~ s/<i>/\\fI/g;
$block =~ s/<\/b>/\\fR/g;
s;\bmax_use\b;<a href="postconf.5.html#max_use">$&</a>;g;
s;\bmaxi[-</bB>]*\n*[ <bB>]*mal_backoff_time\b;<a href="postconf.5.html#maximal_backoff_time">$&</a>;g;
s;\bmaxi[-</bB>]*\n*[ <bB>]*mal_queue_lifetime\b;<a href="postconf.5.html#maximal_queue_lifetime">$&</a>;g;
+ s;\bmessage_reject_characters\b;<a href="postconf.5.html#message_reject_characters">$&</a>;g;
s;\bmessage_size_limit\b;<a href="postconf.5.html#message_size_limit">$&</a>;g;
+ s;\bmessage_strip_characters\b;<a href="postconf.5.html#message_strip_characters">$&</a>;g;
s;\bmime_boundary_length_limit\b;<a href="postconf.5.html#mime_boundary_length_limit">$&</a>;g;
s;\bmime_header_checks\b;<a href="postconf.5.html#mime_header_checks">$&</a>;g;
s;\bmime_nesting_limit\b;<a href="postconf.5.html#mime_nesting_limit">$&</a>;g;
# Do not ask the user for parameter settings. Installation parameters
# are specified via one of the non-interactive methods described
# below.
+# .IP -package
+# Build a ready-to-install package. This requires that a
+# non-default install_root parameter is specified.
# INSTALLATION PARAMETER INPUT METHODS
# .ad
# .fi
<h2> <a name="compat">Postfix VERP support compatibility</a> </h2>
-<p> With Postfix versions before 2.3, the sendmail(1) commands uses
+<p> With Postfix versions before 2.3, the sendmail(1) command uses
the -V command-line option to request VERP-style delivery. In order
to request VERP style delivery with Postfix 2.3 and later, you must
specify -XV instead of -V. </p>
addresses instead of the 32-bit addresses used by IPv4. It can
therefore accommodate a much larger number of hosts and networks
without ugly kluges such as NAT. A side benefit of the much larger
-address space is that it makes network scanning unpractical. </p>
+address space is that it makes random network scanning unpractical.
+</p>
<p> Postfix uses the same SMTP protocol over IPv6 as it already
uses over the older IPv4 network, and does AAAA record lookups in
# By default the \fBcanonical\fR(5) mapping affects both message
# header addresses (i.e. addresses that appear inside messages)
# and message envelope addresses (for example, the addresses
-# that are used in SMTP protocol commands). Think Sendmail
-# rule set \fBS3\fR, if you like. This is controlled with
+# that are used in SMTP protocol commands). This is controlled with
# the \fBcanonical_classes\fR parameter.
#
# NOTE: Postfix versions 2.2 and later rewrite message headers
# for LDAP lookups.
#
# NOTE: DO NOT define this parameter for local(8) aliases.
+#
+# This feature is available in Postfix 2.1 and later.
# .IP "\fBresult_attribute (default: maildrop)\fR"
# The attribute(s) Postfix will read from any directory
# entries returned by the lookup, to be resolved to an email
supposed to give the result to another Postfix SMTP server process.
</p>
-<p> Specify host:port. The host can be specified as an IP address
-or as a symbolic name; no MX lookups are done. When no host or
-host: are specified, the local machine is assumed. </p>
+<p> Specify "host:port" or "inet:host:port" for a TCP endpoint, or
+"unix:pathname" for a UNIX-domain endpoint. The host can be specified
+as an IP address or as a symbolic name; no MX lookups are done.
+When no "host" or "host:" are specified, the local machine is
+assumed. Pathname interpretation is relative to the Postfix queue
+directory. </p>
<p> This feature is available in Postfix 2.1 and later. </p>
+<p> The "inet:" and "unix:" prefixes are available in Postfix 2.3
+and later. </p>
+
%PARAM smtpd_proxy_timeout 100s
<p>
STANDARD_CONFIGURATION_README documents. </p>
<p> This feature is available in Postfix 2.2 and later. </p>
+
+%PARAM message_reject_characters empty
+
+<p> The set of characters that Postfix will reject in message
+content. The usual C-like escape sequences are recognized: <tt>\a
+\b \f \n \r \t \v \<i>ddd</i></tt> (up to three octal digits) and
+<tt>\\</tt>. </p>
+
+<p> Example: </p>
+
+<pre>
+message_reject_characters = \0
+</pre>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+%PARAM message_strip_characters empty
+
+<p> The set of characters that Postfix will remove from message
+content. The usual C-like escape sequences are recognized: <tt>\a
+\b \f \n \r \t \v \<i>ddd</i></tt> (up to three octal digits) and
+<tt>\\</tt>. </p>
+
+<p> Example: </p>
+
+<pre>
+message_strip_characters = \0
+</pre>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
# .PP
# Virtual aliasing is applied only to recipient
# envelope addresses, and does not affect message headers.
-# Think Sendmail rule set \fBS0\fR, if you like. Use \fBcanonical\fR(5)
+# Use \fBcanonical\fR(5)
# mapping to rewrite header and envelope addresses in general.
#
# Normally, the \fBvirtual\fR(5) alias table is specified as a text file
* Notify the originator, subject to DSN NOTIFY restrictions.
*/
if (bounce_info->log_handle->rcpt.dsn_notify != 0 /* compat */
- && (bounce_info->log_handle->rcpt.dsn_notify & DSN_NOTIFY_FAILURE) == 0) {
+ && (bounce_info->log_handle->rcpt.dsn_notify & DSN_NOTIFY_FAILURE) == 0) {
bounce_status = 0;
} else {
verp_sender(verp_buf, verp_delims, recipient,
*/
else {
if (bounce_info->log_handle->rcpt.dsn_notify != 0 /* compat */
- && (bounce_info->log_handle->rcpt.dsn_notify & DSN_NOTIFY_FAILURE) == 0) {
+ && (bounce_info->log_handle->rcpt.dsn_notify & DSN_NOTIFY_FAILURE) == 0) {
bounce_status = 0;
} else {
if ((bounce = post_mail_fopen_nowait(NULL_SENDER, orig_sender,
cleanup_bounce.o: ../../include/been_here.h
cleanup_bounce.o: ../../include/bounce.h
cleanup_bounce.o: ../../include/cleanup_user.h
-cleanup_bounce.o: ../../include/deliver_completed.h
cleanup_bounce.o: ../../include/deliver_request.h
cleanup_bounce.o: ../../include/dict.h
cleanup_bounce.o: ../../include/dsn.h
cleanup_init.o: ../../include/nvtable.h
cleanup_init.o: ../../include/resolve_clnt.h
cleanup_init.o: ../../include/string_list.h
+cleanup_init.o: ../../include/stringops.h
cleanup_init.o: ../../include/sys_defs.h
cleanup_init.o: ../../include/tok822.h
cleanup_init.o: ../../include/vbuf.h
/* Optional lookup tables for content inspection of non-MIME message
/* headers in attached messages, as described in the \fBheader_checks\fR(5)
/* manual page.
+/* .PP
+/* Available in Postfix version 2.3 and later:
+/* .IP "\fBmessage_reject_characters (empty)\fR"
+/* The set of characters that Postfix will reject in message
+/* content.
+/* .IP "\fBmessage_strip_characters (empty)\fR"
+/* The set of characters that Postfix will remove from message
+/* content.
/* MIME PROCESSING CONTROLS
/* .ad
/* .fi
VSTRING *attr_buf; /* storage for named attribute */
VSTRING *temp1; /* scratch buffer, local use only */
VSTRING *temp2; /* scratch buffer, local use only */
+ VSTRING *stripped_buf; /* character stripped input */
VSTREAM *dst; /* current output stream */
MAIL_STREAM *handle; /* mail stream handle */
char *queue_name; /* queue name */
int dsn_ret; /* DSN full/hdrs */
int dsn_notify; /* DSN never/delay/fail/success */
char *dsn_orcpt; /* DSN original recipient */
+ char *verp_delims; /* VERP delimiters (optional) */
} CLEANUP_STATE;
/*
extern MAPS *cleanup_send_bcc_maps;
extern MAPS *cleanup_rcpt_bcc_maps;
+ /*
+ * Character filters.
+ */
+extern VSTRING *cleanup_reject_chars;
+extern VSTRING *cleanup_strip_chars;
+
/*
* Address canonicalization fine control.
*/
extern int cleanup_ext_prop_mask;
/*
- * Saved queue file name, so the file can be removed in case of a fatal
+ * Saved queue file names, so the files can be removed in case of a fatal
* run-time error.
*/
extern char *cleanup_path;
{
int status;
char *junk;
- VSTRING *bounce_junk;
VSTRING *trace_junk;
/*
}
/*
- * If there was an error that requires us to generate a bounce message,
- * create bounce logfile records and reset the error flag in case of
- * success. Leave it up to the queue manager to deliver the bad news. We
- * can't do that ourselves, because there may also be a trace file lying
- * around (with DSN SUCCESS notifications) that also needs to be reported
- * to the sender, and we must be able to undo the entire cleanup request
- * including bounce and trace logfiles if some error happens.
+ * Status sanitization. Always report success when the discard flag was
+ * raised by some user-specified access rule.
+ */
+ if (state->flags & CLEANUP_FLAG_DISCARD)
+ state->errs = 0;
+
+ /*
+ * If there was an error that requires us to generate a bounce message
+ * (mail submitted with the Postfix sendmail command, mail forwarded by
+ * the local(8) delivery agent, or mail re-queued with "postsuper -r"),
+ * send a bounce notification, reset the error flags in case of success,
+ * and request deletion of the the incoming queue file and of the
+ * optional DSN SUCCESS records from virtual alias expansion.
*
- * An incomplete message should never be bounced: it was canceled by the
- * client, and may not even have an address to bounce to.
+ * XXX It would make no sense to knowingly report success after we already
+ * have bounced all recipients, especially because the information in the
+ * DSN SUCCESS notice is completely redundant compared to the information
+ * in the bounce notice (however, both may be incomplete when the queue
+ * file size would exceed the safety limit).
*
- * If we are responsible for generating a bounce message, we must report
- * success to the client unless the bounce message file could not be
- * written (which is just as bad as not being able to write the message
- * queue file in the first place).
+ * An alternative is to keep the DSN SUCCESS records and to delegate bounce
+ * notification to the queue manager, just like we already delegate
+ * success notification. This requires that we leave the undeliverable
+ * message in the incoming queue; versions up to 20050726 did exactly
+ * that. Unfortunately, this broke with over-size queue files, because
+ * the queue manager cannot handle incomplete queue files (and it should
+ * not try to do so).
*/
#define CAN_BOUNCE() \
((state->errs & CLEANUP_STAT_MASK_CANT_BOUNCE) == 0 \
&& state->sender != 0 \
&& (state->flags & CLEANUP_FLAG_BOUNCE) != 0)
- if (state->errs != 0 && (state->flags & CLEANUP_FLAG_DISCARD) == 0
- && CAN_BOUNCE())
+ if (state->errs != 0 && CAN_BOUNCE())
cleanup_bounce(state);
/*
- * If there are no errors, be very picky about queue file write errors
- * because we are about to tell the sender that it can throw away its
- * copy of the message.
- *
* Optionally, place the message on hold, but only if the message was
- * received successfully. This involves renaming the queue file before
- * "finishing" it (or else the queue manager would open it for delivery)
- * and updating our own idea of the queue file name for error recovery
- * and for error reporting purposes.
+ * received successfully and only if it's not being discarded for other
+ * reasons. This involves renaming the queue file before "finishing" it
+ * (or else the queue manager would grab it too early) and updating our
+ * own idea of the queue file name for error recovery and for error
+ * reporting purposes.
*/
if (state->errs == 0 && (state->flags & CLEANUP_FLAG_DISCARD) == 0) {
if ((state->flags & CLEANUP_FLAG_HOLD) != 0) {
state->errs = mail_stream_finish(state->handle, (VSTRING *) 0);
} else {
mail_stream_cleanup(state->handle);
- if ((state->flags & CLEANUP_FLAG_DISCARD) != 0)
- state->errs = 0;
}
state->handle = 0;
state->dst = 0;
/*
- * If there was an error, remove the queue file, the optional bounce
- * logfile with undeliverable recipients, and the optional trace file
- * with DSN SUCCESS notifications.
+ * If there was an error, or if the message must be discarded for other
+ * reasons, remove the queue file and the optional trace file with DSN
+ * SUCCESS records from virtual alias expansion.
*/
if (state->errs != 0 || (state->flags & CLEANUP_FLAG_DISCARD) != 0) {
if (cleanup_trace_path)
(void) REMOVE(vstring_str(cleanup_trace_path));
- if (cleanup_bounce_path)
- (void) REMOVE(vstring_str(cleanup_bounce_path));
if (REMOVE(cleanup_path))
msg_warn("remove %s: %m", cleanup_path);
}
*/
trace_junk = cleanup_trace_path;
cleanup_trace_path = 0; /* don't delete upon error */
- bounce_junk = cleanup_bounce_path;
- cleanup_bounce_path = 0; /* don't delete upon error */
junk = cleanup_path;
cleanup_path = 0; /* don't delete upon error */
if (trace_junk)
vstring_free(trace_junk);
- if (bounce_junk)
- vstring_free(bounce_junk);
myfree(junk);
/*
/* cleanup_bounce() updates the bounce log on request by client
/* programs that cannot handle such problems themselves.
/*
-/* Upon successful completion, all error flags are reset.
+/* Upon successful completion, all error flags are reset,
+/* and the message is scheduled for deletion.
/* Otherwise, the CLEANUP_STAT_WRITE error flag is raised.
/*
/* Arguments:
#include <dsn_mask.h>
#include <mail_queue.h>
#include <dsn_attr_map.h>
-#include <deliver_completed.h>
/* Application-specific. */
static void cleanup_bounce_append(CLEANUP_STATE *state, RECIPIENT *rcpt,
DSN *dsn)
{
- const char *myname = "cleanup_bounce_append";
- long last_offset;
-
- if (cleanup_bounce_path == 0) {
- cleanup_bounce_path = vstring_alloc(10);
- (void) mail_queue_path(cleanup_bounce_path, MAIL_QUEUE_BOUNCE,
- state->queue_id);
- }
if (bounce_append(BOUNCE_FLAG_CLEAN, state->queue_id, state->time,
rcpt, "none", dsn) != 0) {
msg_warn("%s: bounce logfile update error", state->queue_id);
state->errs |= CLEANUP_STAT_WRITE;
- } else if (rcpt->offset > 0) {
- if ((last_offset = vstream_ftell(state->dst)) < 0)
- msg_fatal("%s: vstream_ftell %s: %m", myname, cleanup_path);
- deliver_completed(state->dst, rcpt->offset);
- if (vstream_fseek(state->dst, last_offset, SEEK_SET) < 0)
- msg_fatal("%s: seek %s: %m", myname, cleanup_path);
}
}
int rec_type;
int junk;
long curr_offset;
+ const char *encoding;
+ const char *dsn_envid;
+ int dsn_ret;
+ int bounce_err;
/*
* Parse the failure reason if one was given, otherwise use a generic
* Create a bounce logfile with one entry for each final recipient.
* Degrade gracefully in case of no recipients or no queue file.
*
- * We're NOT going to flush the bounce file from the cleanup server; if we
- * need to write trace logfile records, and the trace service fails, we
- * must be able to cancel the entire cleanup request including any trace
- * or bounce logfiles. The queue manager will flush the bounce (and
- * trace) logfile, possibly after it has generated its own success or
- * failure notification records.
- *
* Victor Duchovni observes that the number of recipients in the queue file
* can potentially be very large due to virtual alias expansion. This can
* expand the recipient count by virtual_alias_expansion_limit (default:
* 1000) times.
+ *
+ * After a queue file size error, purge any unwritten data (so that
+ * vstream_fseek() won't fail while trying to flush it) and reset the
+ * stream error flags to avoid false alarms.
*/
+ if (state->errs & CLEANUP_STAT_SIZE) {
+ (void) vstream_fpurge(state->dst);
+ vstream_clearerr(state->dst);
+ }
if (vstream_fseek(state->dst, 0L, SEEK_SET) < 0)
msg_fatal("%s: seek %s: %m", myname, cleanup_path);
/*
* No recipients. Yes, this can happen.
*/
- if (rcpt == 0) {
+ if ((state->errs & CLEANUP_STAT_WRITE) == 0 && rcpt == 0) {
RECIPIENT_ASSIGN(&recipient, 0, "", 0, "", "unknown");
(void) DSN_SIMPLE(&dsn, dsn_status, dsn_text);
cleanup_bounce_append(state, &recipient, &dsn);
}
vstring_free(buf);
- return (state->errs &= CLEANUP_STAT_WRITE);
+ /*
+ * Flush the bounce logfile to the sender. See also qmgr_active.c.
+ */
+ if ((state->errs & CLEANUP_STAT_WRITE) == 0) {
+ if ((encoding = nvtable_find(state->attr, MAIL_ATTR_ENCODING)) == 0)
+ encoding = MAIL_ATTR_ENC_NONE;
+ dsn_envid = state->dsn_envid ?
+ state->dsn_envid : "";
+ dsn_ret = (state->errs & (CLEANUP_STAT_CONT | CLEANUP_STAT_SIZE)) ?
+ DSN_RET_HDRS : state->dsn_ret;
+
+ if (state->verp_delims == 0 || var_verp_bounce_off) {
+ bounce_err =
+ bounce_flush(BOUNCE_FLAG_CLEAN,
+ state->queue_name, state->queue_id,
+ encoding, state->sender, dsn_envid,
+ dsn_ret);
+ } else {
+ bounce_err =
+ bounce_flush_verp(BOUNCE_FLAG_CLEAN,
+ state->queue_name, state->queue_id,
+ encoding, state->sender, dsn_envid,
+ dsn_ret, state->verp_delims);
+ }
+ if (bounce_err != 0) {
+ msg_warn("%s: bounce message failure", state->queue_id);
+ state->errs |= CLEANUP_STAT_WRITE;
+ }
+ }
+
+ /*
+ * Schedule this message (and trace logfile) for deletion when all is
+ * well. When all is not well these files would be deleted too, but the
+ * client would get a different completion status so we have to carefully
+ * maintain the bits anyway.
+ */
+ if ((state->errs &= CLEANUP_STAT_WRITE) == 0)
+ state->flags |= CLEANUP_FLAG_DISCARD;
+
+ return (state->errs);
}
}
return;
}
+ /* XXX Needed for cleanup_bounce(); sanity check usage. */
+ if (type == REC_TYPE_VERP) {
+ if (state->verp_delims == 0) {
+ if (state->sender == 0 || state->sender[0] == 0) {
+ msg_warn("%s: ignoring VERP request for null sender",
+ state->queue_id);
+ } else if (verp_delims_verify(buf) != 0) {
+ msg_warn("%s: ignoring bad VERP request: \"%.100s\"",
+ state->queue_id, buf);
+ } else {
+ state->verp_delims = mystrdup(buf);
+ cleanup_out(state, type, buf, len);
+ }
+ }
+ return;
+ }
if (type == REC_TYPE_ATTR) {
if (state->attr->used >= var_qattr_count_limit) {
msg_warn("%s: message rejected: attribute count exceeds limit %d",
* an upgrade without losing mail.
*/
if (type == REC_TYPE_ATTR) {
- vstring_strcpy(state->attr_buf, buf);
- error_text = split_nameval(STR(state->attr_buf), &attr_name, &attr_value);
- if (error_text != 0) {
- msg_warn("%s: message rejected: malformed attribute: %s: %.100s",
- state->queue_id, error_text, buf);
- state->errs |= CLEANUP_STAT_BAD;
- return;
- }
- /* Zero-length values are place holders for unavailable values. */
- if (*attr_value == 0) {
- msg_warn("%s: spurious null attribute value for \"%s\" -- ignored",
- state->queue_id, attr_name);
- return;
- }
- if ((junk = dsn_attr_map(attr_name)) != 0) {
- buf = attr_value;
- type = junk;
- }
+ vstring_strcpy(state->attr_buf, buf);
+ error_text = split_nameval(STR(state->attr_buf), &attr_name, &attr_value);
+ if (error_text != 0) {
+ msg_warn("%s: message rejected: malformed attribute: %s: %.100s",
+ state->queue_id, error_text, buf);
+ state->errs |= CLEANUP_STAT_BAD;
+ return;
+ }
+ /* Zero-length values are place holders for unavailable values. */
+ if (*attr_value == 0) {
+ msg_warn("%s: spurious null attribute value for \"%s\" -- ignored",
+ state->queue_id, attr_name);
+ return;
+ }
+ if ((junk = dsn_attr_map(attr_name)) != 0) {
+ buf = attr_value;
+ type = junk;
+ }
}
/*
}
}
-/* cleanup_extracted_finish - process one extracted envelope record */
+/* cleanup_extracted_finish - complete the third message segment */
void cleanup_extracted_finish(CLEANUP_STATE *state)
{
/*
/* char *cleanup_path;
/* VSTRING *cleanup_trace_path;
-/* VSTRING *cleanup_bounce_path;
/*
/* void cleanup_all()
/*
/* trace logfile with DSN SUCCESS notifications. This information is
/* used to remove a trace file when the mail transaction is canceled.
/*
-/* cleanup_bounce_path is the same for removing a bounce logfile.
-/*
/* cleanup_all() must be called in case of fatal error, in order
/* to remove an incomplete queue file.
/*
#include <sys_defs.h>
#include <signal.h>
+#include <string.h>
/* Utility library. */
#include <msg.h>
#include <iostuff.h>
#include <name_mask.h>
+#include <stringops.h>
/* Global library. */
* logfiles that need to be cleaned up when the cleanup request is aborted.
*/
VSTRING *cleanup_trace_path;
-VSTRING *cleanup_bounce_path;
/*
* Tunable parameters.
char *var_send_bcc_maps; /* sender auto-bcc maps */
char *var_rcpt_bcc_maps; /* recipient auto-bcc maps */
char *var_remote_rwr_domain; /* header-only surrogate */
+char *var_msg_reject_chars; /* reject these characters */
+char *var_msg_strip_chars; /* strip these characters */
+int var_verp_bounce_off; /* don't verp the bounces */
CONFIG_INT_TABLE cleanup_int_table[] = {
VAR_HOPCOUNT_LIMIT, DEF_HOPCOUNT_LIMIT, &var_hopcount_limit, 1, 0,
CONFIG_BOOL_TABLE cleanup_bool_table[] = {
VAR_ENABLE_ORCPT, DEF_ENABLE_ORCPT, &var_enable_orcpt,
+ VAR_VERP_BOUNCE_OFF, DEF_VERP_BOUNCE_OFF, &var_verp_bounce_off,
0,
};
VAR_SEND_BCC_MAPS, DEF_SEND_BCC_MAPS, &var_send_bcc_maps, 0, 0,
VAR_RCPT_BCC_MAPS, DEF_RCPT_BCC_MAPS, &var_rcpt_bcc_maps, 0, 0,
VAR_REM_RWR_DOMAIN, DEF_REM_RWR_DOMAIN, &var_remote_rwr_domain, 0, 0,
+ VAR_MSG_REJECT_CHARS, DEF_MSG_REJECT_CHARS, &var_msg_reject_chars, 0, 0,
+ VAR_MSG_STRIP_CHARS, DEF_MSG_STRIP_CHARS, &var_msg_strip_chars, 0, 0,
0,
};
MAPS *cleanup_send_bcc_maps;
MAPS *cleanup_rcpt_bcc_maps;
+ /*
+ * Character filters.
+ */
+VSTRING *cleanup_reject_chars;
+VSTRING *cleanup_strip_chars;
+
/*
* Address extension propagation restrictions.
*/
(void) REMOVE(vstring_str(cleanup_trace_path));
cleanup_trace_path = 0;
}
- if (cleanup_bounce_path) {
- (void) REMOVE(vstring_str(cleanup_bounce_path));
- cleanup_bounce_path = 0;
- }
if (cleanup_path) {
(void) REMOVE(cleanup_path);
cleanup_path = 0;
*/
cleanup_ext_prop_mask =
ext_prop_mask(VAR_PROP_EXTENSION, var_prop_extension);
+
+ /*
+ * Setup the filters for characters that should be rejected, and for
+ * characters that should be removed.
+ */
+ if (*var_msg_reject_chars) {
+ cleanup_reject_chars = vstring_alloc(strlen(var_msg_reject_chars));
+ unescape(cleanup_reject_chars, var_msg_reject_chars);
+ }
+ if (*var_msg_strip_chars) {
+ cleanup_strip_chars = vstring_alloc(strlen(var_msg_strip_chars));
+ unescape(cleanup_strip_chars, var_msg_strip_chars);
+ }
}
#define CLEANUP_ACT_CTXT_HEADER "header"
#define CLEANUP_ACT_CTXT_BODY "body"
+#define CLEANUP_ACT_CTXT_ANY "content"
/* cleanup_act - act upon a header/body match */
static void cleanup_message_headerbody(CLEANUP_STATE *state, int type,
const char *buf, ssize_t len)
{
- char *myname = "cleanup_message_headerbody";
+ const char *myname = "cleanup_message_headerbody";
MIME_STATE_DETAIL *detail;
+ const char *cp;
+ char *dst;
+
+ /*
+ * Reject unwanted characters.
+ *
+ * XXX Possible optimization: simplify the loop when the "reject" set
+ * contains only one character.
+ */
+ if ((state->flags & CLEANUP_FLAG_FILTER) && cleanup_reject_chars) {
+ for (cp = buf; cp < buf + len; cp++) {
+ if (memchr(vstring_str(cleanup_reject_chars),
+ *(const unsigned char *) cp,
+ VSTRING_LEN(cleanup_reject_chars))) {
+ cleanup_act(state, CLEANUP_ACT_CTXT_ANY,
+ buf, "REJECT disallowed character",
+ "character reject");
+ return;
+ }
+ }
+ }
+
+ /*
+ * Strip unwanted characters. Don't overwrite the input.
+ *
+ * XXX Possible optimization: simplify the loop when the "strip" set
+ * contains only one character.
+ *
+ * XXX Possible optimization: copy the input only if we really have to.
+ */
+ if ((state->flags & CLEANUP_FLAG_FILTER) && cleanup_strip_chars) {
+ VSTRING_RESET(state->stripped_buf);
+ VSTRING_SPACE(state->stripped_buf, len + 1);
+ dst = vstring_str(state->stripped_buf);
+ for (cp = buf; cp < buf + len; cp++)
+ if (!memchr(vstring_str(cleanup_strip_chars),
+ *(const unsigned char *) cp,
+ VSTRING_LEN(cleanup_strip_chars)))
+ *dst++ = *cp;
+ *dst = 0;
+ buf = vstring_str(state->stripped_buf);
+ len = dst - buf;
+ }
/*
* Copy text record to the output.
state->attr_buf = vstring_alloc(10);
state->temp1 = vstring_alloc(10);
state->temp2 = vstring_alloc(10);
+ if (cleanup_strip_chars)
+ state->stripped_buf = vstring_alloc(10);
state->dst = 0;
state->handle = 0;
state->queue_name = 0;
state->dsn_ret = 0;
state->dsn_notify = 0;
state->dsn_orcpt = 0;
+ state->verp_delims = 0;
return (state);
}
vstring_free(state->attr_buf);
vstring_free(state->temp1);
vstring_free(state->temp2);
+ if (cleanup_strip_chars)
+ vstring_free(state->stripped_buf);
if (state->fullname)
myfree(state->fullname);
if (state->sender)
myfree(state->dsn_envid);
if (state->dsn_orcpt)
myfree(state->dsn_orcpt);
+ if (state->verp_delims)
+ myfree(state->verp_delims);
myfree((char *) state);
}
/* const char *dsn_envid;
/* int dsn_ret;
/*
+/* int bounce_flush_verp(flags, queue, id, encoding, sender,
+/* dsn_envid, dsn_ret, verp_delims)
+/* int flags;
+/* const char *queue;
+/* const char *id;
+/* const char *encoding;
+/* const char *sender;
+/* const char *dsn_envid;
+/* int dsn_ret;
+/* const char *verp_delims;
+/*
/* int bounce_one(flags, queue, id, encoding, sender, envid, ret,
/* entry, recipient, relay, dsn)
/* int flags;
/* built with bounce_append(). The bounce logfile is removed
/* upon successful completion.
/*
+/* bounce_flush_verp() is like bounce_flush(), but sends one
+/* notification per recipient, with the failed recipient encoded
+/* into the sender address.
+/*
/* bounce_one() bounces one recipient and immediately sends a
/* notification to the sender. This procedure does not append
/* the recipient and dsn_text to the per-message bounce log, and
/* Optional DSN return full/headers option.
/* .IP dsn
/* Delivery status. See dsn(3). The specified action is ignored.
+/* .IP verp_delims
+/* VERP delimiter characters, used when encoding the failed
+/* sender into the envelope sender address.
/* DIAGNOSTICS
/* In case of success, these functions log the action, and return a
/* zero value. Otherwise, the functions return a non-zero result,
}
}
+/* bounce_flush_verp - verpified notification */
+
+int bounce_flush_verp(int flags, const char *queue, const char *id,
+ const char *encoding, const char *sender,
+ const char *dsn_envid, int dsn_ret,
+ const char *verp_delims)
+{
+
+ /*
+ * When we're pretending that we can't bounce, don't send a bounce
+ * message.
+ */
+ if (var_soft_bounce)
+ return (-1);
+ if (mail_command_client(MAIL_CLASS_PRIVATE, var_bounce_service,
+ ATTR_TYPE_NUM, MAIL_ATTR_NREQ, BOUNCE_CMD_VERP,
+ ATTR_TYPE_NUM, MAIL_ATTR_FLAGS, flags,
+ ATTR_TYPE_STR, MAIL_ATTR_QUEUE, queue,
+ ATTR_TYPE_STR, MAIL_ATTR_QUEUEID, id,
+ ATTR_TYPE_STR, MAIL_ATTR_ENCODING, encoding,
+ ATTR_TYPE_STR, MAIL_ATTR_SENDER, sender,
+ ATTR_TYPE_STR, MAIL_ATTR_DSN_ENVID, dsn_envid,
+ ATTR_TYPE_NUM, MAIL_ATTR_DSN_RET, dsn_ret,
+ ATTR_TYPE_STR, MAIL_ATTR_VERPDL, verp_delims,
+ ATTR_TYPE_END) == 0) {
+ return (0);
+ } else if ((flags & BOUNCE_FLAG_CLEAN) == 0) {
+ msg_info("%s: status=deferred (bounce failed)", id);
+ return (-1);
+ } else {
+ return (-1);
+ }
+}
+
/* bounce_one - send notice for one recipient */
int bounce_one(int flags, const char *queue, const char *id,
const char *, DSN *);
extern int bounce_flush(int, const char *, const char *, const char *,
const char *, const char *, int);
+extern int bounce_flush_verp(int, const char *, const char *, const char *,
+ const char *, const char *, int, const char *);
extern int bounce_one(int, const char *, const char *, const char *,
const char *, const char *,
int, time_t, RECIPIENT *,
*/
extern const char null_format_string[1];
+ /*
+ * Characters to reject or strip.
+ */
+#define VAR_MSG_REJECT_CHARS "message_reject_characters"
+#define DEF_MSG_REJECT_CHARS ""
+extern char *var_msg_reject_chars;
+
+#define VAR_MSG_STRIP_CHARS "message_strip_characters"
+#define DEF_MSG_STRIP_CHARS ""
+extern char *var_msg_strip_chars;
+
/* LICENSE
/* .ad
/* .fi
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20050726"
+#define MAIL_RELEASE_DATE "20050829"
#define MAIL_VERSION_NUMBER "2.3"
#ifdef SNAPSHOT
*
* Bounces are sent asynchronously to avoid stalling while the cleanup
* daemon waits for the qmgr to accept the "new mail" trigger.
+ *
+ * See also code in cleanup_bounce.c.
*/
if (stat(mail_queue_path((VSTRING *) 0, MAIL_QUEUE_BOUNCE, message->queue_id), &st) == 0) {
if (st.st_size == 0) {
*
* Bounces are sent asynchronously to avoid stalling while the cleanup
* daemon waits for the qmgr to accept the "new mail" trigger.
+ *
+ * See also code in cleanup_bounce.c.
*/
if (stat(mail_queue_path((VSTRING *) 0, MAIL_QUEUE_BOUNCE, message->queue_id), &st) == 0) {
if (st.st_size == 0) {
0, 0,
};
CLEANUP_STAT_DETAIL *detail;
+ int (*connect_fn) (const char *, int, int);
+ const char *endpoint;
/*
* This buffer persists beyond the end of a proxy session so we can
if (state->proxy_buffer == 0)
state->proxy_buffer = vstring_alloc(10);
+ /*
+ * Find connection method (default inet)
+ */
+ if (strncasecmp("unix:", service, 5) == 0) {
+ endpoint = service + 5;
+ connect_fn = unix_connect;
+ } else {
+ if (strncasecmp("inet:", service, 5) == 0)
+ endpoint = service + 5;
+ else
+ endpoint = service;
+ connect_fn = inet_connect;
+ }
+
/*
* Connect to proxy.
*/
- if ((fd = inet_connect(service, BLOCKING, timeout)) < 0) {
+ if ((fd = connect_fn(endpoint, BLOCKING, timeout)) < 0) {
state->error_mask |= MAIL_ERROR_SOFTWARE;
state->err |= CLEANUP_STAT_PROXY;
msg_warn("connect to proxy service %s: %m", service);
TLScontext_t *TLScontext;
/*
- * PORTABILITY: Do not assume that null pointers are all-zero bits.
- * Use explicit assignments to initialize pointers.
+ * PORTABILITY: Do not assume that null pointers are all-zero bits. Use
+ * explicit assignments to initialize pointers.
*
* See the C language FAQ item 5.17, or if you have time to burn,
* http://www.google.com/search?q=zero+bit+null+pointer
return (ret);
}
+#else
+
+ /*
+ * Broken linker workaround.
+ */
+int tls_dummy_for_broken_linkers;
+
#endif
EWOULDBLOCK,
ENOBUFS, /* HPUX11 */
ECONNABORTED,
+#ifdef EPROTO
+ EPROTO, /* SunOS 5.5.1 */
+#endif
0,
};
int count;
* hosed beyond recovery. There is no point treating this as a beneficial
* error result because the program would go into a tight loop.
*
+ * XXX Solaris 2.5.1 accept() returns EPROTO when a TCP client has
+ * disconnected in the mean time. Since there is no connection, it is
+ * safe to map the error code onto EAGAIN.
+ *
* XXX LINUX < 2.1 accept() wakes up before the three-way handshake is
* complete, so it can fail with ECONNRESET and other "false alarm"
* indications.
/* int vstream_fflush(stream)
/* VSTREAM *stream;
/*
+/* int vstream_fpurge(stream)
+/* VSTREAM *stream;
+/*
/* ssize_t vstream_fread(stream, buf, len)
/* VSTREAM *stream;
/* char *buf;
/* vstream_fflush() returns 0 in case of success, VSTREAM_EOF in
/* case of problems. It is an error to flush a read-only stream.
/*
+/* vstream_fpurge() discards the contents of the stream buffer.
+/* In the case of a double-buffered stream, it discards the
+/* content of both the read and write buffers.
+/* vstream_fpurge() returns 0 in case of success, VSTREAM_EOF in
+/* case of problems.
+/*
/* vstream_fread() and vstream_fwrite() perform unformatted I/O
/* on the named stream. The result value is the number of bytes
/* transferred. A short count is returned in case of end-of-file
return (vstream_ferror(stream) ? VSTREAM_EOF : 0); /* mmap() may fail */
}
+/* vstream_fpurge - discard unread or unwritten content */
+
+int vstream_fpurge(VSTREAM *stream)
+{
+ const char *myname = "vstream_fpurge";
+ VBUF *bp = &stream->buf;
+
+ /*
+ * To discard all unread contents, position the read buffer at its end,
+ * so that we skip over any unread data, and so that the next read
+ * operation will refill the buffer.
+ *
+ * To discard all unwritten content, position the write buffer at its
+ * beginning, so that the next write operation clobbers any unwritten
+ * data.
+ */
+ switch (bp->flags & (VSTREAM_FLAG_READ_DOUBLE | VSTREAM_FLAG_WRITE)) {
+ case VSTREAM_FLAG_READ_DOUBLE:
+ VSTREAM_BUF_AT_START(&stream->write_buf);
+ /* FALLTHROUGH */
+ case VSTREAM_FLAG_READ:
+ VSTREAM_BUF_AT_END(bp);
+ break;
+ case VSTREAM_FLAG_DOUBLE:
+ VSTREAM_BUF_AT_START(&stream->write_buf);
+ VSTREAM_BUF_AT_END(&stream->read_buf);
+ break;
+ case VSTREAM_FLAG_WRITE_DOUBLE:
+ VSTREAM_BUF_AT_END(&stream->read_buf);
+ /* FALLTHROUGH */
+ case VSTREAM_FLAG_WRITE:
+ VSTREAM_BUF_AT_START(bp);
+ break;
+ case VSTREAM_FLAG_READ_DOUBLE | VSTREAM_FLAG_WRITE:
+ case VSTREAM_FLAG_READ | VSTREAM_FLAG_WRITE:
+ msg_panic("%s: read/write stream", myname);
+ }
+
+ /*
+ * Invalidate the cached file seek position.
+ */
+ bp->flags &= ~VSTREAM_FLAG_SEEK;
+ stream->offset = 0;
+
+ return (0);
+}
+
/* vstream_fseek - change I/O position */
off_t vstream_fseek(VSTREAM *stream, off_t offset, int whence)
extern int vstream_fclose(VSTREAM *);
extern off_t vstream_fseek(VSTREAM *, off_t, int);
extern off_t vstream_ftell(VSTREAM *);
+extern int vstream_fpurge(VSTREAM *);
extern int vstream_fflush(VSTREAM *);
extern int vstream_fputs(const char *, VSTREAM *);
extern VSTREAM *vstream_fdopen(int, int);
projects / thirdparty / postfix.git / commitdiff
