--- /dev/null
+Enabling the Postfix fast ETRN service
+======================================
+
+Add an entry to the master.cf file for the new flush daemon:
+
+ /etc/postfix/master.cf:
+ flush unix n - n - 0 flushd
+
+Configure a list of domains that have fast ETRN service and
+what clients can use the service:
+
+ /etc/postfix/etrn:
+ domain.name permit_mynetworks
+
+Run the postmap command:
+
+ # postmap /etc/postfix/etrn
+
+Create any missing directories that are needed for fast ETRN service:
+
+ # postfix check
+
+Configure Postfix to use the fast ETRN service:
+
+ /etc/postfix/main.cf:
+ etrn_maps = hash:/etc/postfix/etrn
+
+(specify dbm instead of hash if your machine uses DBM databases
+rather than DB).
+
+Refresh Postfix:
+
+ # postfix reload
First implementation of a logfile-based fast flush server,
which is the basis for ETRN and "sendmail -qRsite".
+
+20000928
+
+ Bugfix: the stricter dns_lookup() argument checks revealed
+ that Postfix was doing DNS lookups for domain literals
+ ([ip.address]) when expanding aliases in MAIL FROM and RCPT
+ TO address parameters. Reported by Jim Littlefield. File:
+ smtp/smtp_unalias.c.
+
+ Documentation: added text on the biff=yes/no parameter to
+ conf/sample-local.cf (text provided by Paul Wagland,
+ relational-consultancy.com.
+
+ Robustness? Log errors from SASL library code as warnings
+ not as fatal errors. Files: smtp*/*glue.c.
Incompatible changes with snapshot-20000924
===========================================
+After building and installing, you need to "postfix check"
+and "postfix reload".
+
+The ETRN service is no longer enabled by default. You need to
+configure what domains and what clients can use ETRN. See the
+ETRN_README file for more information.
+
+The smtpd_etrn_restrictions are gone.
+
+The "flush" queue should be listed in "hash_queue_names".
+
+Incompatible changes with snapshot-20000924
+===========================================
+
The postmaster address in the "sorry" text at the top of bounced
mail is now just postmaster, not postmaster@sending.machine. The
idea is to refer users to their own postmaster.
--- /dev/null
+#
+# ETRN(5) ETRN(5)
+#
+# NAME
+# etrn - format of Postfix etrn table
+#
+# SYNOPSIS
+# etrn_maps = hash:/etc/postfix/etrn
+# etrn_maps = dbm:/etc/postfix/etrn
+#
+# postmap /etc/postfix/etrn
+#
+# DESCRIPTION
+# The optional etrn file specifies what destination domain
+# names can be specified in SMTP ETRN commands. This infor-
+# mation is used by the smtpd(8) and flushd(8) daemon.
+#
+# Normally, the file serves as input to the postmap(1) com-
+# mand. The result, an indexed file in dbm or db format, is
+# used for fast searching by the mail system. Execute the
+# command postmap /etc/postfix/etrn in order to rebuild the
+# indexed file after changing the etrn table.
+#
+# When the table is provided via other means such as NIS,
+# LDAP, SQL, or as regular expressions, the same lookups are
+# done as for ordinary indexed files.
+#
+# TABLE FORMAT
+# The format of the etrn table is as follows:
+#
+# blanks and comments
+# Blank lines are ignored, as are lines beginning
+# with `#'.
+#
+# domain restrictions
+# The left-hand side, domain, specifies a destination
+# domain name that can be specified in ETRN commands.
+#
+# The right-hand side specifies one or more access
+# restrictions. Restrictions are processed in the
+# given order and the search stops at the first
+# match.
+#
+# reject_unknown_client
+# Reject the request if the client hostname is
+# unknown.
+#
+# permit_mynetworks
+# Permit the request if the client address
+# matches $mynetworks.
+#
+# reject_maps_rbl
+# Reject the request if the reverse client
+# network address is listed under
+# $maps_rbl_domains.
+#
+# reject Reject the request. Place this at the end of
+#
+# 1
+#
+# ETRN(5) ETRN(5)
+#
+# a restriction list.
+#
+# permit Permit the request. Place this at the end of
+# a restriction list.
+#
+# CONFIGURATION PARAMETERS
+# The following main.cf parameters are especially relevant
+# to this topic. See the Postfix main.cf file for syntax
+# details and for default values. Use the postfix reload
+# command after a configuration change.
+#
+# etrn_maps
+# Tables that specify what domains have ETRN service.
+# For each table entry, the left-hand side specifies
+# a destination domain name that can be specified in
+# an ETRN request, and the right-hand side specifies
+# a list of access restrictions for SMTP clients that
+# issue ETRN for the domain.
+#
+# fast_flush_maps
+# The table with names of destinations that this MTA
+# provides the fast flush service for. By default,
+# this is set to $etrn_maps.
+#
+# relay_domains
+# The list of domains that this MTA is willing to
+# forward mail from or to. This defaults to $mydesti-
+# nation, $fast_flush_maps.
+#
+# SEE ALSO
+# smtpd(8) Postfix SMTP server
+# flushd(1) Postfix fast flush service
+# sendmail(5) sendmail-compatible interface
+# pcre_table(5) format of PCRE tables
+# regexp_table(5) format of POSIX regular expression tables
+#
+# LICENSE
+# The Secure Mailer license must be distributed with this
+# software.
+#
+# AUTHOR(S)
+# Wietse Venema
+# IBM T.J. Watson Research
+# P.O. Box 704
+# Yorktown Heights, NY 10598, USA
+#
+# 2
+#
defer unix - - n - 0 bounce
smtp unix - - n - - smtp
showq unix n - n - - showq
-flush unix n - n - - flushd
+flush unix n - n - 0 flushd
error unix - - n - - error
local unix - n n - - local
lmtp unix - - n - - lmtp
# See the sample-aliases.cf file for parameters that are specific to
# alias database lookup.
+# The biff parameter specifies whether or not to contact the biff
+# server. This server sends "new mail" notifications to users who
+# have requested new mail notification with "biff y".
+#
+# For compatibility reasons this feature is on by default. On systems
+# with lots of interactive users, this "protocol" can be a real
+# performance pig. Specify "biff = no" to disable.
+#
+# biff = no
+biff = yes
+
#
# OVERRIDE LOCAL TRANSPORT
#
#
double_bounce_sender = double-bounce
+# The fast_flush_maps parameter specifies what destination domain
+# names can be used in SMTP ETRN requests and in "sendmail -qRdomain.name"
+# commands. By default, the value is $etrn_maps, the set of domain names
+# that can be used in SMTP ETRN requests (see sample-smtpd.cf).
+#
+# The fast_flush_maps parameter is also used in the default settings
+# of the relay_domains configuration parameter.
+#
+fast_flush_maps =
+
# The hash_queue_depth parameter specifies the number of subdirectory
# levels below the queue directories listed in the hash_queue_names
# parameter.
#
#disable_vrfy_command = no
+# The etrn_maps parameter specifies what domains have ETRN service.
+# For each table entry, the left-hand side specifies a destination
+# domain name, and the right-hand side specifies a list of access
+# restrictions for clients that issue ETRN for the domain.
+#
+# The default is to disallow ETRN commands. The following restrictions
+# are available:
+#
+# reject_unknown_client: reject the request if the client hostname is unknown.
+# permit_mynetworks: permit if the client address matches $mynetworks.
+# reject_maps_rbl: reject if the reverse client network address
+# is listed under $maps_rbl_domains.
+# reject: reject the request. Place this at the end of a restriction.
+# permit: permit the request. Place this at the end of a restriction.
+#
+# etrn_maps is also the default value for the fast_flush_maps parameter
+# which controls the fast flush service which is used for ETRN and for
+# "sendmail -qRdomain.name"
+#
+etrn_maps =
+
# The smtpd_banner parameter specifies the text that follows the 220
# status code in the SMTP greeting banner. Some people like to see
# the mail version advertised. By default, Postfix shows no version.
# smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
smtpd_banner = $myhostname ESMTP $mail_name
-# The smtpd_etrn_restrictions parameter restricts what clients are
-# allowed to issue the ETRN command. The present Postfix ETRN differs
-# from other ETRN implementations in that it flushes mail for all
-# destinations. This will change in the future.
-#
-# The default is to allow ETRN from any host. The following restrictions
-# are available:
-#
-# reject_unknown_client: reject the request if the client hostname is unknown.
-# permit_mynetworks: permit if the client address matches $mynetworks.
-# check_client_access maptype:mapname
-# maptype:mapname: look up client name, parent domains, client address,
-# or networks obtained by stripping octets.
-# Reject if result is REJECT or "[45]xx text"
-# Permit otherwise.
-# reject_maps_rbl: reject if the reverse client network address
-# is listed under $maps_rbl_domains.
-# reject: reject the request. Place this at the end of a restriction.
-# permit: permit the request. Place this at the end of a restriction.
-smtpd_etrn_restrictions =
-
# The smtpd_recipient_limit parameter restricts the number of recipients
# that the SMTP server accepts per message delivery.
#
# permit_mx_backup restriction, in the description of the
# smtpd_recipient_restrictions parameter.
#
-relay_domains = $mydestination
+relay_domains = $mydestination $fast_flush_maps
#
# RESPONSE CODES
postlog.1.html postdrop.1.html postmap.1.html sendmail.1.html \
postsuper.1.html
CONFIG = access.5.html aliases.5.html canonical.5.html relocated.5.html \
- transport.5.html virtual.5.html pcre_table.5.html regexp_table.5.html
+ transport.5.html virtual.5.html pcre_table.5.html regexp_table.5.html \
+ etrn.5.html
update: $(DAEMONS) $(COMMANDS) $(CONFIG)
canonical.5.html: ../proto/canonical
srctoman - $? | nroff -man | man2html | postlink >$@
+etrn.5.html: ../proto/etrn
+ srctoman - $? | nroff -man | man2html | postlink >$@
+
pcre_table.5.html: ../proto/pcre_table
srctoman - $? | nroff -man | man2html | postlink >$@
--- /dev/null
+<html> <head> </head> <body> <pre>
+
+
+
+ETRN(5) ETRN(5)
+
+
+<b>NAME</b>
+ etrn - format of Postfix etrn table
+
+<b>SYNOPSIS</b>
+ <b>etrn</b><i>_</i><b>maps</b> <b>=</b> <b>hash:/etc/postfix/etrn</b>
+ <b>etrn</b><i>_</i><b>maps</b> <b>=</b> <b>dbm:/etc/postfix/etrn</b>
+
+ <b>postmap</b> <b>/etc/postfix/etrn</b>
+
+<b>DESCRIPTION</b>
+ The optional <b>etrn</b> file specifies what destination domain
+ names can be specified in SMTP <b>ETRN</b> commands. This infor-
+ mation is used by the <a href="smtpd.8.html"><b>smtpd</b>(8)</a> and <a href="flushd.8.html"><b>flushd</b>(8)</a> daemon.
+
+ Normally, the file serves as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> com-
+ mand. The result, an indexed file in <b>dbm</b> or <b>db</b> format, is
+ used for fast searching by the mail system. Execute the
+ command <b>postmap</b> <b>/etc/postfix/etrn</b> in order to rebuild the
+ indexed file after changing the etrn table.
+
+ When the table is provided via other means such as NIS,
+ LDAP, SQL, or as regular expressions, the same lookups are
+ done as for ordinary indexed files.
+
+<b>TABLE</b> <b>FORMAT</b>
+ The format of the <b>etrn</b> table is as follows:
+
+ blanks and comments
+ Blank lines are ignored, as are lines beginning
+ with `#'.
+
+ <i>domain</i> <i>restrictions</i>
+ The left-hand side, <i>domain</i>, specifies a destination
+ domain name that can be specified in <b>ETRN</b> commands.
+
+ The right-hand side specifies one or more access
+ restrictions. Restrictions are processed in the
+ given order and the search stops at the first
+ match.
+
+ <b>reject</b><i>_</i><b>unknown</b><i>_</i><b>client</b>
+ Reject the request if the client hostname is
+ unknown.
+
+ <b>permit</b><i>_</i><b>mynetworks</b>
+ Permit the request if the client address
+ matches $mynetworks.
+
+ <b>reject</b><i>_</i><b>maps</b><i>_</i><b>rbl</b>
+ Reject the request if the reverse client
+ network address is listed under
+ $maps_rbl_domains.
+
+ <b>reject</b> Reject the request. Place this at the end of
+
+
+
+ 1
+
+
+
+
+
+ETRN(5) ETRN(5)
+
+
+ a restriction list.
+
+ <b>permit</b> Permit the request. Place this at the end of
+ a restriction list.
+
+
+<b>CONFIGURATION</b> <b>PARAMETERS</b>
+ The following <b>main.cf</b> parameters are especially relevant
+ to this topic. See the Postfix <b>main.cf</b> file for syntax
+ details and for default values. Use the <b>postfix</b> <b>reload</b>
+ command after a configuration change.
+
+ <b>etrn</b><i>_</i><b>maps</b>
+ Tables that specify what domains have <b>ETRN</b> service.
+ For each table entry, the left-hand side specifies
+ a destination domain name that can be specified in
+ an <b>ETRN</b> request, and the right-hand side specifies
+ a list of access restrictions for SMTP clients that
+ issue <b>ETRN</b> for the domain.
+
+ <b>fast</b><i>_</i><b>flush</b><i>_</i><b>maps</b>
+ The table with names of destinations that this MTA
+ provides the fast flush service for. By default,
+ this is set to $<b>etrn</b><i>_</i><b>maps</b>.
+
+ <b>relay</b><i>_</i><b>domains</b>
+ The list of domains that this MTA is willing to
+ forward mail from or to. This defaults to <b>$mydesti-</b>
+ <b>nation,</b> <b>$fast</b><i>_</i><b>flush</b><i>_</i><b>maps</b>.
+
+<b>SEE</b> <b>ALSO</b>
+ <a href="smtpd.8.html">smtpd(8)</a> Postfix SMTP server
+ flushd(1) Postfix fast flush service
+ sendmail(5) sendmail-compatible interface
+ <a href="pcre_table.5.html">pcre_table(5)</a> format of PCRE tables
+ <a href="regexp_table.5.html">regexp_table(5)</a> format of POSIX regular expression tables
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this
+ software.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+
+
+
+
+
+
+
+
+
+
+ 2
+
+
+</pre> </body> </html>
This server implements the following requests:
- FLUSH_REQ_ADD sitename queue_id
- Append a record to the per-site fast flush logfile
- for the specified queue ID.
+ <b>FLUSH</b><i>_</i><b>REQ</b><i>_</i><b>ADD</b> <i>sitename</i> <i>queue_id</i>
+ Append <i>queue_id</i> to the fast flush logfile for the
+ specified site.
- FLUSH_REQ_SEND sitename
+ <b>FLUSH</b><i>_</i><b>REQ</b><i>_</i><b>SEND</b> <i>sitename</i>
Arrange for the delivery of all messages that are
listed in the fast flush logfile for the specified
site. After the logfile is processed, the file is
The response to the client is one of:
- FLUSH_STAT_OK
+ <b>FLUSH</b><i>_</i><b>STAT</b><i>_</i><b>OK</b>
The request completed normally.
- FLUSH_STAT_BAD
+ <b>FLUSH</b><i>_</i><b>STAT</b><i>_</i><b>BAD</b>
The flush server rejected the request (bad request
name, bad request parameter value).
- FLUSH_STAT_UNKNOWN
+ <b>FLUSH</b><i>_</i><b>STAT</b><i>_</i><b>UNKNOWN</b>
The specified site has no fast flush logfile and is
not configured to have one.
+ Fast flush logfiles are truncated only after a flush
+ request. In order to prevent fast flush logfiles from
+ growing without bounds, and to prevent them from accumu-
+ lating too much outdated information, the flush service
+ generates a pro-active flush request once every every 1000
+ append requests. This should not impact operation.
+
<b>SECURITY</b>
The fast flush server is moderately security-sensitive. It
- does not talk to the network, but it does talk to local
+ does not talk to the network, but it does talk to local
unprivileged users, in order to emulate "sendmail -qRsite"
- behavior. For this reason all strings in a request are
- truncated at ine_length_limit.
+ behavior. For this reason all strings in a request are
+ truncated at <i>line_length_limit</i>.
The fast flush server can run chrooted at fixed low privi-
lege.
-<b>DIAGNOSTICS</b>
- Problems and transactions are logged to <b>syslogd</b>(8).
-
-<b>BUGS</b>
- In reality, this server schedules delivery of messages,
- regardless of their destination. This limitation is due to
- the fact that one queue runner has to handle mail for
FLUSHD(8) FLUSHD(8)
- multiple destinations.
+<b>DIAGNOSTICS</b>
+ Problems and transactions are logged to <b>syslogd</b>(8).
+
+<b>BUGS</b>
+ In reality, this server schedules delivery of messages,
+ regardless of their destination. This limitation is due to
+ the fact that one queue runner has to handle mail for mul-
+ tiple destinations.
<b>CONFIGURATION</b> <b>PARAMETERS</b>
- The following <b>main.cf</b> parameters are especially relevant
- to this program. See the Postfix <b>main.cf</b> file for syntax
- details and for default values. Use the <b>postfix</b> <b>reload</b>
+ The following <b>main.cf</b> parameters are especially relevant
+ to this program. See the Postfix <b>main.cf</b> file for syntax
+ details and for default values. Use the <b>postfix</b> <b>reload</b>
command after a configuration change.
+ <b>etrn</b><i>_</i><b>maps</b>
+ Tables that specify what domains have <b>ETRN</b> service.
+ For each table entry, the left-hand side specifies
+ a destination domain name that can be specified in
+ an <b>ETRN</b> request, and the right-hand side specifies
+ a list of access restrictions for SMTP clients that
+ issue <b>ETRN</b> for the domain.
+
<b>fast</b><i>_</i><b>flush</b><i>_</i><b>maps</b>
The table with names of destinations that this MTA
- provides the fast flush service for, and with
- clients that may issue the ETRN command for those
- destinations. Postfix maintains fast flush logfiles
- only for destinations listed in this table.
+ provides the fast flush service for. By default,
+ this is set to $<b>etrn</b><i>_</i><b>maps</b>.
<b>line</b><i>_</i><b>length</b><i>_</i><b>limit</b>
Maximal length of strings in a fast flush client
request.
<b>SEE</b> <b>ALSO</b>
- <a href="smtp.8.html">smtp(8)</a> Postfix SMTP client
- smtpd) Postfix SMTP server
+ <a href="smtpd.8.html">smtpd(8)</a> Postfix SMTP server
<a href="qmgr.8.html">qmgr(8)</a> Postfix queue manager
syslogd(8) system logging
-
-
-
-
-
-
-
-
-
-
-
-
queued for the named <i>site</i>. This functionality is
available only for sites that are configured for
the <b>fast</b> <b>flush</b> service support as described in
- <b>flushd</b>(8). For other sites, this command is
+ <b>flushd</b>(8). For other sites, use the slower
SENDMAIL(1) SENDMAIL(1)
- equivalent to using the slower <b>sendmail</b> <b>-q</b> instead.
+ <b>sendmail</b> <b>-q</b> command instead.
<b>-qS</b><i>site</i>
- The site name is ignored. This command is equiva-
- lent to using the slower <b>sendmail</b> <b>-q</b> instead.
+ This command is not implemented. Use the slower
+ <b>sendmail</b> <b>-q</b> command instead.
- <b>-t</b> Extract recipients from message headers. This
- requires that no recipients be specified on the
+ <b>-t</b> Extract recipients from message headers. This
+ requires that no recipients be specified on the
command line.
<b>-v</b> Enable verbose logging for debugging purposes. Mul-
- tiple <b>-v</b> options make the software increasingly
+ tiple <b>-v</b> options make the software increasingly
verbose.
<b>SECURITY</b>
- By design, this program is not set-user (or group) id.
- However, it must handle data from untrusted users or
- untrusted machines. Thus, the usual precautions need to
+ By design, this program is not set-user (or group) id.
+ However, it must handle data from untrusted users or
+ untrusted machines. Thus, the usual precautions need to
be taken against malicious inputs.
<b>DIAGNOSTICS</b>
- Problems are logged to <b>syslogd</b>(8) and to the standard
+ Problems are logged to <b>syslogd</b>(8) and to the standard
error stream.
<b>ENVIRONMENT</b>
<b>MAIL</b><i>_</i><b>DEBUG</b>
Enable debugging with an external command, as spec-
- ified with the <b>debugger</b><i>_</i><b>command</b> configuration
+ ified with the <b>debugger</b><i>_</i><b>command</b> configuration
parameter.
<b>FILES</b>
/etc/postfix, configuration files
<b>CONFIGURATION</b> <b>PARAMETERS</b>
- See the Postfix <b>main.cf</b> file for syntax details and for
- default values. Use the <b>postfix</b> <b>reload</b> command after a
+ See the Postfix <b>main.cf</b> file for syntax details and for
+ default values. Use the <b>postfix</b> <b>reload</b> command after a
configuration change.
<b>alias</b><i>_</i><b>database</b>
- Default alias database(s) for <b>newaliases</b>. The
- default value for this parameter is system-spe-
+ Default alias database(s) for <b>newaliases</b>. The
+ default value for this parameter is system-spe-
cific.
<b>bounce</b><i>_</i><b>size</b><i>_</i><b>limit</b>
initialized.
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>level</b>
- Increment in verbose logging level when a remote
+ Increment in verbose logging level when a remote
host matches a pattern in the <b>debug</b><i>_</i><b>peer</b><i>_</i><b>list</b>
parameter.
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>list</b>
- List of domain or network patterns. When a remote
- host matches a pattern, increase the verbose log-
- ging level by the amount specified in the
+ List of domain or network patterns. When a remote
+ host matches a pattern, increase the verbose log-
+ ging level by the amount specified in the
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>level</b> parameter.
+ <b>etrn</b><i>_</i><b>maps</b>
+ Tables that specify what domains have <b>ETRN</b> service.
+ For each table entry, the left-hand side specifies
+ a destination domain name that can be specified in
+ an <b>ETRN</b> request, and the right-hand side specifies
+ a list of access restrictions for SMTP clients that
+ issue <b>ETRN</b> for the domain.
+
+ <b>fast</b><i>_</i><b>flush</b><i>_</i><b>maps</b>
+ The table with names of destinations that this MTA
+ provides the fast flush service for. By default,
+ this is set to $<b>etrn</b><i>_</i><b>maps</b>.
+
<b>fork</b><i>_</i><b>attempts</b>
Number of attempts to <b>fork</b>() a process before giv-
ing up.
Directory with Postfix daemon programs (default:
<b>$program</b><i>_</i><b>directory</b>).
+
+
+ 5
+
+
+
+
+
+SENDMAIL(1) SENDMAIL(1)
+
+
<b>queue</b><i>_</i><b>directory</b>
Top-level directory of the Postfix queue. This is
also the root directory of Postfix daemons that run
<b>SEE</b> <b>ALSO</b>
<a href="pickup.8.html">pickup(8)</a> mail pickup daemon
<a href="postalias.1.html">postalias(1)</a> maintain alias database
-
-
-
- 5
-
-
-
-
-
-SENDMAIL(1) SENDMAIL(1)
-
-
<a href="postdrop.1.html">postdrop(1)</a> privileged posting agent
<a href="postfix.1.html">postfix(1)</a> mail system control
<a href="postkick.1.html">postkick(1)</a> kick a Postfix daemon
-
-
-
-
-
-
-
-
-
-
-
-
system is not running.
The SMTP server implements a variety of policies for con-
- nection requests, and for parameters given to <b>HELO,</b> <b>MAIL</b>
- <b>FROM,</b> <b>VRFY</b> and <b>RCPT</b> <b>TO</b> commands. They are detailed below
- and in the <b>main.cf</b> configuration file.
+ nection requests, and for parameters given to <b>HELO,</b> <b>ETRN,</b>
+ <b>MAIL</b> <b>FROM,</b> <b>VRFY</b>, and <b>RCPT</b> <b>TO</b> commands. They are detailed
+ below and in the <b>main.cf</b> configuration file.
<b>SECURITY</b>
The SMTP server is moderately security-sensitive. It talks
<a href="http://www.faqs.org/rfcs/rfc1652.html">RFC 1652</a> (8bit-MIME transport)
<a href="http://www.faqs.org/rfcs/rfc1854.html">RFC 1854</a> (SMTP Pipelining)
<a href="http://www.faqs.org/rfcs/rfc1870.html">RFC 1870</a> (Message Size Declaration)
- <a href="http://www.faqs.org/rfcs/rfc1985.html">RFC 1985</a> (ETRN command) (partial)
+ <a href="http://www.faqs.org/rfcs/rfc1985.html">RFC 1985</a> (ETRN command)
<a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a> (AUTH command)
<b>DIAGNOSTICS</b>
the postmaster is notified of bounces, protocol problems,
policy violations, and of other trouble.
-<b>BUGS</b>
- <a href="http://www.faqs.org/rfcs/rfc1985.html">RFC 1985</a> is implemented by forcing delivery of all
- deferred mail.
-
<b>CONFIGURATION</b> <b>PARAMETERS</b>
- The following <b>main.cf</b> parameters are especially relevant
- to this program. See the Postfix <b>main.cf</b> file for syntax
+ The following <b>main.cf</b> parameters are especially relevant
+ to this program. See the Postfix <b>main.cf</b> file for syntax
+ details and for default values. Use the <b>postfix</b> <b>reload</b>
+ command after a configuration change.
+
+
SMTPD(8) SMTPD(8)
- details and for default values. Use the <b>postfix</b> <b>reload</b>
- command after a configuration change.
-
<b>Compatibility</b> <b>controls</b>
<b>strict</b><i>_</i><b>rfc821</b><i>_</i><b>envelopes</b>
- Disallow non-<a href="http://www.faqs.org/rfcs/rfc821.html">RFC 821</a> style addresses in envelopes.
- For example, allow <a href="http://www.faqs.org/rfcs/rfc822.html">RFC822</a>-style address forms with
+ Disallow non-<a href="http://www.faqs.org/rfcs/rfc821.html">RFC 821</a> style addresses in envelopes.
+ For example, allow <a href="http://www.faqs.org/rfcs/rfc822.html">RFC822</a>-style address forms with
comments, like Sendmail does.
<b>Content</b> <b>inspection</b> <b>controls</b>
<b>content</b><i>_</i><b>filter</b>
- The name of a mail delivery transport that filters
+ The name of a mail delivery transport that filters
mail and that either bounces mail or re-injects the
- result back into Postfix. This parameter uses the
- same syntax as the right-hand side of a Postfix
+ result back into Postfix. This parameter uses the
+ same syntax as the right-hand side of a Postfix
transport table.
<b>Authenication</b> <b>controls</b>
<b>enable</b><i>_</i><b>sasl</b><i>_</i><b>authentication</b>
- Enable per-session authentication as per <a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a>
- (SASL). This functionality is available only when
+ Enable per-session authentication as per <a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a>
+ (SASL). This functionality is available only when
explicitly selected at program build time and
explicitly enabled at runtime.
<b>Miscellaneous</b>
<b>always</b><i>_</i><b>bcc</b>
- Address to send a copy of each message that enters
+ Address to send a copy of each message that enters
the system.
<b>command</b><i>_</i><b>directory</b>
<b>$program</b><i>_</i><b>directory</b>).
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>level</b>
- Increment in verbose logging level when a remote
+ Increment in verbose logging level when a remote
host matches a pattern in the <b>debug</b><i>_</i><b>peer</b><i>_</i><b>list</b>
+ parameter.
+
+
SMTPD(8) SMTPD(8)
- parameter.
-
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>list</b>
- List of domain or network patterns. When a remote
- host matches a pattern, increase the verbose log-
- ging level by the amount specified in the
+ List of domain or network patterns. When a remote
+ host matches a pattern, increase the verbose log-
+ ging level by the amount specified in the
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>level</b> parameter.
<b>error</b><i>_</i><b>notice</b><i>_</i><b>recipient</b>
- Recipient of protocol/policy/resource/software
+ Recipient of protocol/policy/resource/software
error notices.
+ <b>etrn</b><i>_</i><b>maps</b>
+ Tables that specify what domains have <b>ETRN</b> service.
+ For each table entry, the left-hand side specifies
+ a destination domain name that can be specified in
+ an <b>ETRN</b> request, and the right-hand side specifies
+ a list of access restrictions for clients that
+ issue <b>ETRN</b> for the domain.
+
<b>hopcount</b><i>_</i><b>limit</b>
Limit the number of <b>Received:</b> message headers.
receive a client request.
<b>Resource</b> <b>controls</b>
- <b>line</b><i>_</i><b>length</b><i>_</i><b>limit</b>
- Limit the amount of memory in bytes used for the
- handling of partial input lines.
- <b>message</b><i>_</i><b>size</b><i>_</i><b>limit</b>
- Limit the total size in bytes of a message, includ-
- ing on-disk storage for envelope information.
SMTPD(8) SMTPD(8)
+ <b>line</b><i>_</i><b>length</b><i>_</i><b>limit</b>
+ Limit the amount of memory in bytes used for the
+ handling of partial input lines.
+
+ <b>message</b><i>_</i><b>size</b><i>_</i><b>limit</b>
+ Limit the total size in bytes of a message, includ-
+ ing on-disk storage for envelope information.
+
<b>queue</b><i>_</i><b>minfree</b>
Minimal amount of free space in bytes in the queue
file system for the SMTP server to accept any mail
Restrict what recipient addresses are allowed in
<b>RCPT</b> <b>TO</b> commands.
- <b>smtpd</b><i>_</i><b>etrn</b><i>_</i><b>restrictions</b>
- Restrict what domain names can be used in <b>ETRN</b> com-
- mands, and what clients may issue <b>ETRN</b> commands.
-
- <b>allow</b><i>_</i><b>untrusted</b><i>_</i><b>routing</b>
- Allow untrusted clients to specify addresses with
- sender-specified routing. Enabling this opens up
- nasty relay loopholes involving trusted backup MX
SMTPD(8) SMTPD(8)
+ <b>allow</b><i>_</i><b>untrusted</b><i>_</i><b>routing</b>
+ Allow untrusted clients to specify addresses with
+ sender-specified routing. Enabling this opens up
+ nasty relay loopholes involving trusted backup MX
hosts.
<b>restriction</b><i>_</i><b>classes</b>
- Declares the name of zero or more parameters that
- contain a list of UCE restrictions. The names of
- these parameters can then be used instead of the
+ Declares the name of zero or more parameters that
+ contain a list of UCE restrictions. The names of
+ these parameters can then be used instead of the
restriction lists that they represent.
<b>maps</b><i>_</i><b>rbl</b><i>_</i><b>domains</b>
- List of DNS domains that publish the addresses of
+ List of DNS domains that publish the addresses of
blacklisted hosts.
<b>relay</b><i>_</i><b>domains</b>
- Restrict what domains or networks this mail system
+ Restrict what domains or networks this mail system
will relay mail from or to.
<b>UCE</b> <b>control</b> <b>responses</b>
<b>access</b><i>_</i><b>map</b><i>_</i><b>reject</b><i>_</i><b>code</b>
- Server response when a client violates an access
+ Server response when a client violates an access
database restriction.
<b>invalid</b><i>_</i><b>hostname</b><i>_</i><b>reject</b><i>_</i><b>code</b>
- Server response when a client violates the
+ Server response when a client violates the
<b>reject</b><i>_</i><b>invalid</b><i>_</i><b>hostname</b> restriction.
<b>maps</b><i>_</i><b>rbl</b><i>_</i><b>reject</b><i>_</i><b>code</b>
- Server response when a client violates the
+ Server response when a client violates the
<b>maps</b><i>_</i><b>rbl</b><i>_</i><b>domains</b> restriction.
<b>reject</b><i>_</i><b>code</b>
- Response code when the client matches a <b>reject</b>
+ Response code when the client matches a <b>reject</b>
restriction.
<b>relay</b><i>_</i><b>domains</b><i>_</i><b>reject</b><i>_</i><b>code</b>
- Server response when a client attempts to violate
+ Server response when a client attempts to violate
the mail relay policy.
<b>unknown</b><i>_</i><b>address</b><i>_</i><b>reject</b><i>_</i><b>code</b>
- Server response when a client violates the
+ Server response when a client violates the
<b>reject</b><i>_</i><b>unknown</b><i>_</i><b>address</b> restriction.
<b>unknown</b><i>_</i><b>client</b><i>_</i><b>reject</b><i>_</i><b>code</b>
- Server response when a client without address to
- name mapping violates the <b>reject</b><i>_</i><b>unknown</b><i>_</i><b>clients</b>
+ Server response when a client without address to
+ name mapping violates the <b>reject</b><i>_</i><b>unknown</b><i>_</i><b>clients</b>
restriction.
<b>unknown</b><i>_</i><b>hostname</b><i>_</i><b>reject</b><i>_</i><b>code</b>
- Server response when a client violates the
+ Server response when a client violates the
<b>reject</b><i>_</i><b>unknown</b><i>_</i><b>hostname</b> restriction.
-<b>SEE</b> <b>ALSO</b>
- <a href="cleanup.8.html">cleanup(8)</a> message canonicalization
- <a href="master.8.html">master(8)</a> process manager
- syslogd(8) system logging
SMTPD(8) SMTPD(8)
+<b>SEE</b> <b>ALSO</b>
+ <a href="cleanup.8.html">cleanup(8)</a> message canonicalization
+ <a href="master.8.html">master(8)</a> process manager
+ syslogd(8) system logging
+
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
-
-
-
-
-
<dt>Default:
<dd><b>relay_domains = <a href="basic.html#mydestination">
-$mydestination</a></b>
+$mydestination $fast_flush_maps</a></b>
+
+<p>
+
+(The <b>$fast_flush_maps</b> parameter specifies, among others,
+what destinations can be used in SMTP ETRN requests or in <b>sendmail
+-qR</b><i>sitename</i> commands. This parameter defaults to
+<b>$etrn_maps</b>, the list of destinations that can be used in
+SMTP ETRN requests. More details in the <a href="etrn.5.html">etrn</a>
+manual page.)
<p>
man1/postmap.1 man1/sendmail.1 man1/mailq.1 man1/newaliases.1 \
man1/postsuper.1
CONFIG = man5/access.5 man5/aliases.5 man5/canonical.5 man5/relocated.5 \
- man5/transport.5 man5/virtual.5 man5/pcre_table.5 man5/regexp_table.5
+ man5/transport.5 man5/virtual.5 man5/pcre_table.5 man5/regexp_table.5 \
+ man5/etrn.5
update: $(DAEMONS) $(COMMANDS) $(CONFIG)
man5/canonical.5: ../proto/canonical
../mantools/srctoman - $? >$@
+man5/etrn.5: ../proto/etrn
+ ../mantools/srctoman - $? >$@
+
man5/pcre_table.5: ../proto/pcre_table
../mantools/srctoman - $? >$@
\fIsite\fR.
This functionality is available only for sites that are configured
for the \fBfast flush\fR service support as described in
-\fBflushd\fR(8). For other sites, this command is equivalent to
-using the slower \fBsendmail -q\fR instead.
+\fBflushd\fR(8). For other sites, use the slower \fBsendmail -q\fR
+command instead.
.IP \fB-qS\fIsite\fR
-The site name is ignored. This command is equivalent to using
-the slower \fBsendmail -q\fR instead.
+This command is not implemented. Use the slower \fBsendmail -q\fR
+command instead.
.IP \fB-t\fR
Extract recipients from message headers. This requires that no
recipients be specified on the command line.
List of domain or network patterns. When a remote host matches
a pattern, increase the verbose logging level by the amount
specified in the \fBdebug_peer_level\fR parameter.
+.IP \fBetrn_maps\fR
+Tables that specify what domains have \fBETRN\fR service. For each
+table entry, the left-hand side specifies a destination domain name
+that can be specified in an \fBETRN\fR request, and the right-hand
+side specifies a list of access restrictions for SMTP clients that
+issue \fBETRN\fR for the domain.
+.IP \fBfast_flush_maps\fR
+The table with names of destinations that this MTA provides the
+fast flush service for. By default, this is set to $\fBetrn_maps\fR.
.IP \fBfork_attempts\fR
Number of attempts to \fBfork\fR() a process before giving up.
.IP \fBfork_delay\fR
--- /dev/null
+.TH ETRN 5
+.ad
+.fi
+.SH NAME
+etrn
+\-
+format of Postfix etrn table
+.SH SYNOPSIS
+.na
+.nf
+\fBetrn_maps = hash:/etc/postfix/etrn\fR
+\fBetrn_maps = dbm:/etc/postfix/etrn\fR
+
+\fBpostmap /etc/postfix/etrn\fR
+.SH DESCRIPTION
+.ad
+.fi
+The optional \fBetrn\fR file specifies what destination domain
+names can be specified in SMTP \fBETRN\fR commands. This information
+is used by the \fBsmtpd\fR(8) and \fBflushd\fR(8) daemon.
+
+Normally, the file serves as input to the \fBpostmap\fR(1) command.
+The result, an indexed file in \fBdbm\fR or \fBdb\fR format,
+is used for fast searching by the mail system. Execute the command
+\fBpostmap /etc/postfix/etrn\fR in order to rebuild the indexed
+file after changing the etrn table.
+
+When the table is provided via other means such as NIS, LDAP,
+SQL, or as regular expressions, the same lookups are done as
+for ordinary indexed files.
+.SH TABLE FORMAT
+.na
+.nf
+.ad
+.fi
+The format of the \fBetrn\fR table is as follows:
+.IP "blanks and comments"
+Blank lines are ignored, as are lines beginning with `#'.
+.IP "\fIdomain restrictions\fR"
+The left-hand side, \fIdomain\fR, specifies a destination domain
+name that can be specified in \fBETRN\fR commands.
+.sp
+The right-hand side specifies one or more access restrictions.
+Restrictions are processed in the given order and the search
+stops at the first match.
+.RS
+.IP \fBreject_unknown_client\fR
+Reject the request if the client hostname is unknown.
+.IP \fBpermit_mynetworks\fR
+Permit the request if the client address matches $mynetworks.
+.IP \fBreject_maps_rbl\fR
+Reject the request if the reverse client network address
+is listed under $maps_rbl_domains.
+.IP \fBreject\fR
+Reject the request. Place this at the end of a restriction list.
+.IP \fBpermit\fR
+Permit the request. Place this at the end of a restriction list.
+.RE
+.PP
+.SH CONFIGURATION PARAMETERS
+.na
+.nf
+.ad
+.fi
+The following \fBmain.cf\fR parameters are especially relevant to
+this topic. See the Postfix \fBmain.cf\fR file for syntax details
+and for default values. Use the \fBpostfix reload\fR command after
+a configuration change.
+.IP \fBetrn_maps\fR
+Tables that specify what domains have \fBETRN\fR service. For each
+table entry, the left-hand side specifies a destination domain name
+that can be specified in an \fBETRN\fR request, and the right-hand
+side specifies a list of access restrictions for SMTP clients that
+issue \fBETRN\fR for the domain.
+.IP \fBfast_flush_maps\fR
+The table with names of destinations that this MTA provides the
+fast flush service for. By default, this is set to $\fBetrn_maps\fR.
+.IP \fBrelay_domains\fR
+The list of domains that this MTA is willing to forward mail from
+or to. This defaults to \fB$mydestination, $fast_flush_maps\fR.
+.SH SEE ALSO
+.na
+.nf
+smtpd(8) Postfix SMTP server
+flushd(1) Postfix fast flush service
+sendmail(5) sendmail-compatible interface
+pcre_table(5) format of PCRE tables
+regexp_table(5) format of POSIX regular expression tables
+.SH LICENSE
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH AUTHOR(S)
+.na
+.nf
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
manager.
This server implements the following requests:
-.IP "FLUSH_REQ_ADD sitename queue_id"
-Append a record to the per-site fast flush logfile for the specified
-queue ID.
-.IP "FLUSH_REQ_SEND sitename"
+.IP "\fBFLUSH_REQ_ADD\fI sitename queue_id\fR"
+Append \fIqueue_id\fR to the fast flush logfile for the
+specified site.
+.IP "\fBFLUSH_REQ_SEND\fI sitename\fR"
Arrange for the delivery of all messages that are listed in the fast
flush logfile for the specified site. After the logfile is processed,
the file is truncated to length zero.
.PP
The response to the client is one of:
-.IP FLUSH_STAT_OK
+.IP \fBFLUSH_STAT_OK\fR
The request completed normally.
-.IP FLUSH_STAT_BAD
+.IP \fBFLUSH_STAT_BAD\fR
The flush server rejected the request (bad request name, bad
request parameter value).
-.IP FLUSH_STAT_UNKNOWN
+.IP \fBFLUSH_STAT_UNKNOWN\fR
The specified site has no fast flush logfile and is not configured
to have one.
+.PP
+Fast flush logfiles are truncated only after a flush request. In
+order to prevent fast flush logfiles from growing without bounds,
+and to prevent them from accumulating too much outdated information,
+the flush service generates a pro-active flush request once every
+every 1000 append requests. This should not impact operation.
.SH SECURITY
.na
.nf
The fast flush server is moderately security-sensitive. It does not
talk to the network, but it does talk to local unprivileged users, in
order to emulate "sendmail -qRsite" behavior. For this reason all
-strings in a request are truncated at \fline_length_limit\fR.
+strings in a request are truncated at \fIline_length_limit\fR.
The fast flush server can run chrooted at fixed low privilege.
.SH DIAGNOSTICS
this program. See the Postfix \fBmain.cf\fR file for syntax details
and for default values. Use the \fBpostfix reload\fR command after
a configuration change.
+.IP \fBetrn_maps\fR
+Tables that specify what domains have \fBETRN\fR service. For each
+table entry, the left-hand side specifies a destination domain name
+that can be specified in an \fBETRN\fR request, and the right-hand
+side specifies a list of access restrictions for SMTP clients that
+issue \fBETRN\fR for the domain.
.IP \fBfast_flush_maps\fR
The table with names of destinations that this MTA provides the
-fast flush service for, and with clients that may issue the ETRN
-command for those destinations. Postfix maintains fast flush logfiles
-only for destinations listed in this table.
+fast flush service for. By default, this is set to $\fBetrn_maps\fR.
.IP \fBline_length_limit\fR
Maximal length of strings in a fast flush client request.
.SH SEE ALSO
.na
.nf
-smtp(8) Postfix SMTP client
-smtpd) Postfix SMTP server
+smtpd(8) Postfix SMTP server
qmgr(8) Postfix queue manager
syslogd(8) system logging
.SH LICENSE
system is not running.
The SMTP server implements a variety of policies for connection
-requests, and for parameters given to \fBHELO, MAIL FROM, VRFY\fR
+requests, and for parameters given to \fBHELO, ETRN, MAIL FROM, VRFY\fR,
and \fBRCPT TO\fR commands. They are detailed below and in the
\fBmain.cf\fR configuration file.
.SH SECURITY
RFC 1652 (8bit-MIME transport)
RFC 1854 (SMTP Pipelining)
RFC 1870 (Message Size Declaration)
-RFC 1985 (ETRN command) (partial)
+RFC 1985 (ETRN command)
RFC 2554 (AUTH command)
.SH DIAGNOSTICS
.ad
Depending on the setting of the \fBnotify_classes\fR parameter,
the postmaster is notified of bounces, protocol problems,
policy violations, and of other trouble.
-.SH BUGS
-.ad
-.fi
-RFC 1985 is implemented by forcing delivery of all deferred mail.
.SH CONFIGURATION PARAMETERS
.na
.nf
specified in the \fBdebug_peer_level\fR parameter.
.IP \fBerror_notice_recipient\fR
Recipient of protocol/policy/resource/software error notices.
+.IP \fBetrn_maps\fR
+Tables that specify what domains have \fBETRN\fR service. For
+each table entry, the left-hand side specifies a destination
+domain name that can be specified in an \fBETRN\fR request, and
+the right-hand side specifies a list of access restrictions for
+clients that issue \fBETRN\fR for the domain.
.IP \fBhopcount_limit\fR
Limit the number of \fBReceived:\fR message headers.
.IP \fBlocal_recipient_maps\fR
Restrict what sender addresses are allowed in \fBMAIL FROM\fR commands.
.IP \fBsmtpd_recipient_restrictions\fR
Restrict what recipient addresses are allowed in \fBRCPT TO\fR commands.
-.IP \fBsmtpd_etrn_restrictions\fR
-Restrict what domain names can be used in \fBETRN\fR commands,
-and what clients may issue \fBETRN\fR commands.
.IP \fBallow_untrusted_routing\fR
Allow untrusted clients to specify addresses with sender-specified
routing. Enabling this opens up nasty relay loopholes involving
CONFIG = ../conf/access ../conf/aliases ../conf/canonical ../conf/relocated \
../conf/transport ../conf/virtual ../conf/pcre_table \
- ../conf/regexp_table
+ ../conf/regexp_table ../conf/etrn
update: $(CONFIG)
../conf/canonical: canonical
srctoman - $? | nroff -man | col -bx | uniq | sed 's/^/# /' >$@
+../conf/etrn: etrn
+ srctoman - $? | nroff -man | col -bx | uniq | sed 's/^/# /' >$@
+
../conf/pcre_table: pcre_table
srctoman - $? | nroff -man | col -bx | uniq | sed 's/^/# /' >$@
--- /dev/null
+#++
+# NAME
+# etrn 5
+# SUMMARY
+# format of Postfix etrn table
+# SYNOPSIS
+# \fBetrn_maps = hash:/etc/postfix/etrn\fR
+# \fBetrn_maps = dbm:/etc/postfix/etrn\fR
+#
+# \fBpostmap /etc/postfix/etrn\fR
+# DESCRIPTION
+# The optional \fBetrn\fR file specifies what destination domain
+# names can be specified in SMTP \fBETRN\fR commands. This information
+# is used by the \fBsmtpd\fR(8) and \fBflushd\fR(8) daemon.
+#
+# Normally, the file serves as input to the \fBpostmap\fR(1) command.
+# The result, an indexed file in \fBdbm\fR or \fBdb\fR format,
+# is used for fast searching by the mail system. Execute the command
+# \fBpostmap /etc/postfix/etrn\fR in order to rebuild the indexed
+# file after changing the etrn table.
+#
+# When the table is provided via other means such as NIS, LDAP,
+# SQL, or as regular expressions, the same lookups are done as
+# for ordinary indexed files.
+# TABLE FORMAT
+# .ad
+# .fi
+# The format of the \fBetrn\fR table is as follows:
+# .IP "blanks and comments"
+# Blank lines are ignored, as are lines beginning with `#'.
+# .IP "\fIdomain restrictions\fR"
+# The left-hand side, \fIdomain\fR, specifies a destination domain
+# name that can be specified in \fBETRN\fR commands.
+# .sp
+# The right-hand side specifies one or more access restrictions.
+# Restrictions are processed in the given order and the search
+# stops at the first match.
+# .RS
+# .IP \fBreject_unknown_client\fR
+# Reject the request if the client hostname is unknown.
+# .IP \fBpermit_mynetworks\fR
+# Permit the request if the client address matches $mynetworks.
+# .IP \fBreject_maps_rbl\fR
+# Reject the request if the reverse client network address
+# is listed under $maps_rbl_domains.
+# .IP \fBreject\fR
+# Reject the request. Place this at the end of a restriction list.
+# .IP \fBpermit\fR
+# Permit the request. Place this at the end of a restriction list.
+# .RE
+# .PP
+# CONFIGURATION PARAMETERS
+# .ad
+# .fi
+# The following \fBmain.cf\fR parameters are especially relevant to
+# this topic. See the Postfix \fBmain.cf\fR file for syntax details
+# and for default values. Use the \fBpostfix reload\fR command after
+# a configuration change.
+# .IP \fBetrn_maps\fR
+# Tables that specify what domains have \fBETRN\fR service. For each
+# table entry, the left-hand side specifies a destination domain name
+# that can be specified in an \fBETRN\fR request, and the right-hand
+# side specifies a list of access restrictions for SMTP clients that
+# issue \fBETRN\fR for the domain.
+# .IP \fBfast_flush_maps\fR
+# The table with names of destinations that this MTA provides the
+# fast flush service for. By default, this is set to $\fBetrn_maps\fR.
+# .IP \fBrelay_domains\fR
+# The list of domains that this MTA is willing to forward mail from
+# or to. This defaults to \fB$mydestination, $fast_flush_maps\fR.
+# SEE ALSO
+# smtpd(8) Postfix SMTP server
+# flushd(1) Postfix fast flush service
+# sendmail(5) sendmail-compatible interface
+# pcre_table(5) format of PCRE tables
+# regexp_table(5) format of POSIX regular expression tables
+# LICENSE
+# .ad
+# .fi
+# The Secure Mailer license must be distributed with this software.
+# AUTHOR(S)
+# Wietse Venema
+# IBM T.J. Watson Research
+# P.O. Box 704
+# Yorktown Heights, NY 10598, USA
+#--
+
+# By default, this file is not used. See sample-smtpd.cf
--- /dev/null
+been_here_xt 2 0
+bounce_append 5 0
+cleanup_out_format 1 0
+defer_append 5 0
+mail_command 1 0
+mail_print 1 0
+msg_error 0 0
+msg_fatal 0 0
+msg_info 0 0
+msg_panic 0 0
+msg_warn 0 0
+opened 4 0
+post_mail_fprintf 1 0
+qmgr_message_bounce 2 0
+rec_fprintf 2 0
+sent 4 0
+smtp_cmd 1 0
+smtp_mesg_fail 2 0
+smtp_printf 1 0
+smtp_rcpt_fail 3 0
+smtp_site_fail 2 0
+udp_syslog 1 0
+vstream_fprintf 1 0
+vstream_printf 0 0
+vstring_sprintf 1 0
/* manager.
/*
/* This server implements the following requests:
-/* .IP "FLUSH_REQ_ADD sitename queue_id"
-/* Append a record to the per-site fast flush logfile for the specified
-/* queue ID.
-/* .IP "FLUSH_REQ_SEND sitename"
-/* Arrange for the delivery of all messages that are listed in the fast
-/* flush logfile for the specified site. After the logfile is processed,
+/* .IP "\fBFLUSH_REQ_ADD\fI sitename queue_id\fR"
+/* Append \fIqueue_id\fR to the fast flush logfile for the
+/* specified site.
+/* .IP "\fBFLUSH_REQ_SEND\fI sitename\fR"
+/* Arrange for the delivery of all messages that are listed in the fast
+/* flush logfile for the specified site. After the logfile is processed,
/* the file is truncated to length zero.
/* .PP
/* The response to the client is one of:
-/* .IP FLUSH_STAT_OK
+/* .IP \fBFLUSH_STAT_OK\fR
/* The request completed normally.
-/* .IP FLUSH_STAT_BAD
+/* .IP \fBFLUSH_STAT_BAD\fR
/* The flush server rejected the request (bad request name, bad
/* request parameter value).
-/* .IP FLUSH_STAT_UNKNOWN
+/* .IP \fBFLUSH_STAT_UNKNOWN\fR
/* The specified site has no fast flush logfile and is not configured
/* to have one.
+/* .PP
+/* Fast flush logfiles are truncated only after a flush request. In
+/* order to prevent fast flush logfiles from growing without bounds,
+/* and to prevent them from accumulating too much outdated information,
+/* the flush service generates a pro-active flush request once every
+/* every 1000 append requests. This should not impact operation.
/* SECURITY
/* .ad
/* .fi
/* The fast flush server is moderately security-sensitive. It does not
/* talk to the network, but it does talk to local unprivileged users, in
/* order to emulate "sendmail -qRsite" behavior. For this reason all
-/* strings in a request are truncated at \fline_length_limit\fR.
+/* strings in a request are truncated at \fIline_length_limit\fR.
/*
/* The fast flush server can run chrooted at fixed low privilege.
/* DIAGNOSTICS
/* this program. See the Postfix \fBmain.cf\fR file for syntax details
/* and for default values. Use the \fBpostfix reload\fR command after
/* a configuration change.
+/* .IP \fBetrn_maps\fR
+/* Tables that specify what domains have \fBETRN\fR service. For each
+/* table entry, the left-hand side specifies a destination domain name
+/* that can be specified in an \fBETRN\fR request, and the right-hand
+/* side specifies a list of access restrictions for SMTP clients that
+/* issue \fBETRN\fR for the domain.
/* .IP \fBfast_flush_maps\fR
/* The table with names of destinations that this MTA provides the
-/* fast flush service for, and with clients that may issue the ETRN
-/* command for those destinations. Postfix maintains fast flush logfiles
-/* only for destinations listed in this table.
+/* fast flush service for. By default, this is set to $\fBetrn_maps\fR.
/* .IP \fBline_length_limit\fR
/* Maximal length of strings in a fast flush client request.
/* SEE ALSO
-/* smtp(8) Postfix SMTP client
-/* smtpd) Postfix SMTP server
+/* smtpd(8) Postfix SMTP server
/* qmgr(8) Postfix queue manager
/* syslogd(8) system logging
/* LICENSE
/*
* Tunable parameters.
*/
+char *var_etrn_maps;
char *var_fflush_maps;
/* Application-specific. */
* Open or create the logfile. We allow for the fact that a logfile
* exists for a site that is no longer listed in the fast flush maps.
*/
- if ((log = mail_queue_open(MAIL_QUEUE_FLUSH, site, O_WRONLY, 0600)) == 0) {
+ if ((log = mail_queue_open(MAIL_QUEUE_FLUSH, site, O_APPEND | O_WRONLY, 0600)) == 0) {
if (errno != ENOENT)
msg_fatal("%s: open fast flush log for site %s: %m", myname, site);
if (maps_find(fflush_maps, site, 0) == 0) {
msg_warn("no fast flush support configured for site %s", site);
return (FLUSH_STAT_UNKNOWN);
}
- log = mail_queue_open(MAIL_QUEUE_FLUSH, site, O_CREAT | O_WRONLY, 0600);
+ log = mail_queue_open(MAIL_QUEUE_FLUSH, site, O_CREAT | O_APPEND | O_WRONLY, 0600);
if (log == 0)
msg_fatal("%s: open fast flush log for site %s: %m", myname, site);
}
* This is the part that dominates running time: schedule the listed
* queue files for delivery by updating their file time stamps. This
* should take no more than a couple seconds under normal conditions
- * (sites that receive millions of messages in a day do not use fast
- * flush routinely). Filter out duplicate names to avoid hammering the
- * file system, with some finite limit on the amount of memory that we
- * are willing to sacrifice. Graceful degradation.
+ * (sites that receive millions of messages in a day should not use fast
+ * flush service). Filter out duplicate names to avoid hammering the file
+ * system, with some finite limit on the amount of memory that we are
+ * willing to sacrifice. Graceful degradation.
*/
queue_id = vstring_alloc(10);
queue_file = vstring_alloc(10);
VSTRING *site = vstring_alloc(10);
VSTRING *queue_id;
int status = FLUSH_STAT_BAD;
+ static int counter;
/*
* Sanity check. This service takes no command-line arguments.
}
}
mail_print(client_stream, "%d", status);
+
+ /*
+ * Once in a while we generate a pro-active flush request to ensure that
+ * the logfile does not grow unreasonably, and to ensure that it does not
+ * contain too much outdated information. Flush our reply to the client
+ * so that it does not have to wait while the pro-active flush happens.
+ */
+ if (status == FLUSH_STAT_OK && STREQ(STR(request), FLUSH_REQ_ADD)
+ && (++counter + event_time() + getpid()) % 1000 == 0) {
+ vstream_fflush(client_stream);
+ if (msg_verbose)
+ msg_info("site %s: time for a pro-active flush", STR(site));
+ (void) flush_site(STR(site));
+ }
vstring_free(site);
vstring_free(request);
}
int main(int argc, char **argv)
{
static CONFIG_STR_TABLE str_table[] = {
+ VAR_ETRN_MAPS, DEF_ETRN_MAPS, &var_etrn_maps, 0, 0,
VAR_FFLUSH_MAPS, DEF_FFLUSH_MAPS, &var_fflush_maps, 0, 0,
0,
};
* subdirectories, and how deep the forest is.
*/
#define VAR_HASH_QUEUE_NAMES "hash_queue_names"
-#define DEF_HASH_QUEUE_NAMES "defer"
+#define DEF_HASH_QUEUE_NAMES "defer,flush"
extern char *var_hash_queue_names;
#define VAR_HASH_QUEUE_DEPTH "hash_queue_depth"
extern char *var_mynetworks;
#define VAR_RELAY_DOMAINS "relay_domains"
-#define DEF_RELAY_DOMAINS "$mydestination"
+#define DEF_RELAY_DOMAINS "$mydestination $fast_flush_maps"
extern char *var_relay_domains;
#define VAR_CLIENT_CHECKS "smtpd_client_restrictions"
extern char *var_filter_xport;
/*
- * Fast flush support.
+ * ETRN and fast flush support.
*/
+#define VAR_ETRN_MAPS "etrn_maps"
+#define DEF_ETRN_MAPS ""
+extern char *var_etrn_maps;
+
#define VAR_FFLUSH_MAPS "fast_flush_maps"
-#define DEF_FFLUSH_MAPS ""
+#define DEF_FFLUSH_MAPS "$etrn_maps"
extern char *var_fflush_maps;
/* LICENSE
/*
* Must be in valid hostname form.
*/
- if (valid_hostname(queue_id))
+ if ((strchr(queue_id, '.') || strchr(queue_id, '-'))
+ && valid_hostname(queue_id))
return (1);
/*
* Version of this program.
*/
#define VAR_MAIL_VERSION "mail_version"
-#define DEF_MAIL_VERSION "Snapshot-20000927"
+#define DEF_MAIL_VERSION "Snapshot-20000928"
extern char *var_mail_version;
/* LICENSE
/* \fIsite\fR.
/* This functionality is available only for sites that are configured
/* for the \fBfast flush\fR service support as described in
-/* \fBflushd\fR(8). For other sites, this command is equivalent to
-/* using the slower \fBsendmail -q\fR instead.
+/* \fBflushd\fR(8). For other sites, use the slower \fBsendmail -q\fR
+/* command instead.
/* .IP \fB-qS\fIsite\fR
-/* The site name is ignored. This command is equivalent to using
-/* the slower \fBsendmail -q\fR instead.
+/* This command is not implemented. Use the slower \fBsendmail -q\fR
+/* command instead.
/* .IP \fB-t\fR
/* Extract recipients from message headers. This requires that no
/* recipients be specified on the command line.
/* List of domain or network patterns. When a remote host matches
/* a pattern, increase the verbose logging level by the amount
/* specified in the \fBdebug_peer_level\fR parameter.
+/* .IP \fBetrn_maps\fR
+/* Tables that specify what domains have \fBETRN\fR service. For each
+/* table entry, the left-hand side specifies a destination domain name
+/* that can be specified in an \fBETRN\fR request, and the right-hand
+/* side specifies a list of access restrictions for SMTP clients that
+/* issue \fBETRN\fR for the domain.
+/* .IP \fBfast_flush_maps\fR
+/* The table with names of destinations that this MTA provides the
+/* fast flush service for. By default, this is set to $\fBetrn_maps\fR.
/* .IP \fBfork_attempts\fR
/* Number of attempts to \fBfork\fR() a process before giving up.
/* .IP \fBfork_delay\fR
case FLUSH_STAT_OK:
break;
case FLUSH_STAT_UNKNOWN:
- msg_warn("No \"sendmail -qR\" support for site %s", site);
- msg_warn("Using the slower \"sendmail -q\" instead");
- flush_queue();
+ msg_fatal("No \"sendmail -qR\" support is configured for %s", site);
break;
case FLUSH_STAT_BAD:
msg_fatal("invalid request: %s", site);
}
} else if (optarg[0] == 'R') {
site_to_flush = optarg + 1;
- } else if (optarg[0] == 'S') {
- msg_warn(
- "-qS is not implemented - using \"sendmail -q\" instead");
- mode = SM_MODE_FLUSHQ;
} else {
msg_fatal("-q%c is not implemented", optarg[0]);
}
const char *message)
{
switch (priority) {
- case SASL_LOG_ERR:
- msg_fatal("%s", message);
- break;
+ case SASL_LOG_ERR:
case SASL_LOG_WARNING:
msg_warn("%s", message);
break;
VSTRING *fqdn;
char *result;
+ if (*name == '[')
+ return (name);
+
/*
* Initialize the cache on the fly. The smtp client is designed to exit
* after servicing a limited number of requests, so there is no need to
/* system is not running.
/*
/* The SMTP server implements a variety of policies for connection
-/* requests, and for parameters given to \fBHELO, MAIL FROM, VRFY\fR
+/* requests, and for parameters given to \fBHELO, ETRN, MAIL FROM, VRFY\fR,
/* and \fBRCPT TO\fR commands. They are detailed below and in the
/* \fBmain.cf\fR configuration file.
/* SECURITY
/* RFC 1652 (8bit-MIME transport)
/* RFC 1854 (SMTP Pipelining)
/* RFC 1870 (Message Size Declaration)
-/* RFC 1985 (ETRN command) (partial)
+/* RFC 1985 (ETRN command)
/* RFC 2554 (AUTH command)
/* DIAGNOSTICS
/* Problems and transactions are logged to \fBsyslogd\fR(8).
/* Depending on the setting of the \fBnotify_classes\fR parameter,
/* the postmaster is notified of bounces, protocol problems,
/* policy violations, and of other trouble.
-/* BUGS
-/* RFC 1985 is implemented by forcing delivery of all deferred mail.
/* CONFIGURATION PARAMETERS
/* .ad
/* .fi
/* specified in the \fBdebug_peer_level\fR parameter.
/* .IP \fBerror_notice_recipient\fR
/* Recipient of protocol/policy/resource/software error notices.
+/* .IP \fBetrn_maps\fR
+/* Tables that specify what domains have \fBETRN\fR service. For
+/* each table entry, the left-hand side specifies a destination
+/* domain name that can be specified in an \fBETRN\fR request, and
+/* the right-hand side specifies a list of access restrictions for
+/* clients that issue \fBETRN\fR for the domain.
/* .IP \fBhopcount_limit\fR
/* Limit the number of \fBReceived:\fR message headers.
/* .IP \fBlocal_recipient_maps\fR
/* Restrict what sender addresses are allowed in \fBMAIL FROM\fR commands.
/* .IP \fBsmtpd_recipient_restrictions\fR
/* Restrict what recipient addresses are allowed in \fBRCPT TO\fR commands.
-/* .IP \fBsmtpd_etrn_restrictions\fR
-/* Restrict what domain names can be used in \fBETRN\fR commands,
-/* and what clients may issue \fBETRN\fR commands.
/* .IP \fBallow_untrusted_routing\fR
/* Allow untrusted clients to specify addresses with sender-specified
/* routing. Enabling this opens up nasty relay loopholes involving
/* .IP "check_recipient_access maptype:mapname"
/* Look up the resolved recipient address in the named access table,
/* any parent domains of the recipient domain, and the localpart@.
+/* .IP "check_etrn_access maptype:mapname"
+/* Look up the client hostname or IP address in the named access table.
+/* This table is used for ETRN command access control only.
/* .IP reject_maps_rbl
/* Look up the reversed client network address in the real-time blackhole
/* DNS zones below the domains listed in the "maps_rbl_domains"
pattern);
msg_warn("do not specify lookup tables inside fast flush maps");
msg_warn("define a restriction class and specify its name instead");
- status = SMTPD_CHECK_OK;
+ status = SMTPD_CHECK_DUNNO;
} else {
restrictions = argv_split(pattern, " \t\r\n");
state->recursion = 0;
const char *message)
{
switch (priority) {
- case SASL_LOG_ERR:
- msg_fatal("%s", message);
- break;
+ case SASL_LOG_ERR:
case SASL_LOG_WARNING:
msg_warn("%s", message);
break;
projects / thirdparty / postfix.git / commitdiff
