-The official Postfix release is called 2.1.x where 2=major release
-number, 1=minor release number, x=patchlevel. Snapshot releases
-are now called 2.2-yyyymmdd where yyyymmdd is the release date
-(yyyy=year, mm=month, dd=day). The mail_release_date configuration
-parameter contains the release date (both for official release and
-snapshot release). Patches are issued for the official release
-and change the patchlevel and the release date. Patches are never
-issued for snapshot releases.
-
-Major changes with snapshot Postfix-2.2-20050212
-================================================
-
-When header address rewriting is enabled, Postfix now updates a
-message header only when at least one address in that header
-is modified. Older Postfix versions first parse and then unparse
-a header so that there may be subtle changes in formatting, such
-as the amount of whitespace between tokens, or in capitalization
-of header labels such as FROM:/CC: because they are not replaced
-by From:/Cc:.
-
-Major changes with snapshot Postfix-2.2-20050211
-================================================
-
-The "generics" table feature is renamed to "generic", for consistency
-with other Postfix table names which are also singular.
-
-Major changes with snapshot Postfix-2.2-20050209
-================================================
-
-The policy delegation protocol now supplies TLS client certificate
-information after successful verification. The new attribute names
-are ccert_subject, ccert_issuer and ccert_fingerprint.
-
-Major changes with snapshot Postfix-2.2-20050208
-================================================
+The stable Postfix release is called postfix-2.2.x where 2=major
+release number, 2=minor release number, x=patchlevel. The stable
+release never changes except for patches that address bugs or
+emergencies. Patches change the patchlevel and the release date.
-New "check_ccert_maps maptype:mapname" feature to enforce access
-control based on (hexadecimal) client certificate fingerprints.
+New features are developed in snapshot releases. These are called
+postfix-2.3-yyyymmdd where yyyymmdd is the release date (yyyy=year,
+mm=month, dd=day). Patches are never issued for snapshot releases;
+instead, a new snapshot is released.
-Major changes with snapshot Postfix-2.2-20050206
-================================================
+The mail_release_date configuration parameter (format: yyyymmdd)
+specifies the release date of a stable release or snapshot release.
-Support for address rewriting in outgoing SMTP mail. This is useful
-for sites that have no valid Internet domain name, and that use a
-domain name such as localdomain.local instead. Mail addresses that
-use such domain names are often rejected by mail servers.
+Main changes with Postfix version 2.2
+-------------------------------------
-The new smtp_generic_maps feature allows you to replace local mail
-addresses by valid Internet addresses when mail is sent across the
-Internet. It has no effect on mail that is sent between accounts
-on the local machine. The syntax is described in generic(5) and
-a detailed example is in the STANDARD_CONFIGURATION_README file.
+This is a summary of the changes. These and more are detailed in
+the following sections of this document.
-Example:
+- TLS and IPv6 support are now built into Postfix, based on code
+from third-party patches.
-/etc/postfix/main.cf:
- smtp_generic_maps = hash:/etc/postfix/generic
+- SMTP client-side connection reuse. This can dramatically speed
+up deliveries to high-volume destinations that have good and
+non-responding mail servers.
-/etc/postfix/generic:
- you@localdomain.local youraccount@yourisp.net
- her@localdomain.local heraccount@herisp.net
- @localdomain.local youraccount+local@yourisp.net
+- By default, message header address rewriting is now disabled for
+SMTP mail from other systems. Thus, spam from poorly written
+software no longer looks like it came from a local user.
-When mail is sent to a remote host via SMTP, this replaces your
-local mail address you@localdomain.local by your ISP mail address,
-replaces her@localdomain.local by her ISP mail address, and replaces
-all other local addresses by your ISP account, with an address
-extension of +local (this example assumes that the ISP supports
-"+" style address extensions).
+- When your machine does not have its own domain name, Postfix can
+now replace your "home network" email address by your ISP account
+in outgoing SMTP mail, while leaving your email address unchanged
+when sending mail to someone on the local machine.
-Major changes with snapshot Postfix-2.2-20050205
-================================================
+- Compatibility workarounds: you can now selectively turn off ESMTP
+features such as AUTH or STARTTLS in the Postfix SMTP client or
+server, without having to "dumb down" other mail deliveries, and
+without having to use transport maps for outgoing mail.
-REPLACE action in header_checks and body_checks. See header_checks(5)
-for details.
+- Remote SMTP client resource control (the anvil server). This
+allows you to limit the number of connections, or the number of
+MAIL FROM and RCPT TO commands that an SMTP client can send per
+unit time.
-Incompatible changes with snapshot Postfix-2.2-20050203
-=======================================================
+- Support for CDB, SDBM and NIS+ databases is now built into Postfix
+(but the CDB and SDBM libraries are not).
-Postfix rewrites message header addresses only in mail that originates
-from the local machine. Specify "local_header_rewrite_clients =
-static:all" to get the old behavior of Postfix 2.1 and earlier.
+- New SMTP access control features, and more.
-All "postfix start" file permission checks are run in the foreground
-while Postfix is started.
+Major changes - critical
+------------------------
-Major changes with snapshot Postfix-2.2-20050203
-================================================
+BEFORE upgrading from an older release you MUST stop Postfix, unless
+you're running a Postfix 2.2 snapshot release that already has
+Postfix 2.2 IPV6 and TLS support.
-To create a ready-to-install package for distribution to other
-systems use "make package" or "make non-interactive-package",
-instead of invoking the postfix-install script by hand (which is
-deprecated). See the PACKAGE_README file for details.
+AFTER upgrading from an older release DO NOT copy the old
+master.cf/main.cf files over the new files. Instead, you MUST let
+the Postfix installation procedure update the existing configuration
+files with new service entries.
-New "permit_inet_interfaces" access restriction to allow access
-from local IP addresses only. This is used for the default, purist,
-setting of local_header_rewrite_clients in the previous paragraph.
+[Incompat 20041118] The master-child protocol has changed. The
+Postfix master daemon will log warnings about partial status updates
+if you don't stop and start Postfix.
-New "sleep time-in-seconds" pseudo access restriction to block
-zombie clients with reject_unauthorized_pipelining before the
-Postfix SMTP server sends the SMTP greeting. See postconf(5)
-for example.
+[Incompat 20041023, 20041009] The queue manager to delivery agent
+protocol has changed. Mail will remain queued if you do not restart
+the queue manager.
-Safety: Postfix no longer tries to send mail to the fallback_relay
-when the local machine is MX host for the mail destination. See
-the postconf(5) description of fallback_relay for details.
+[Incompat 20050111] The upgrade procedure adds the tlsmgr service
+to the master.cf file. This service entry is not compatible with
+the Postfix/TLS patch.
-Incompatible changes with snapshot Postfix-2.2-20050117
-=======================================================
+[Feature 20040919] The upgrade procedure adds the discard service
+to the master.cf file.
-Only the deferred and defer queue directories are hashed by default,
-instead of eight queue directories. With modern file systems, this
-speeds up Postfix boot time without compromising performance under
-high load too much. Hashing is now turned on only for the defer and
-deferred queue directories, because those contain lots of mail when
-undeliverable mail is backing up.
+[Feature 20040720] The upgrade procedure adds the scache (connection
+cache) service to the master.cf file.
-The SMTP server now requires that IPv6 addresses in SMTP commands
-are specified as [ipv6:ipv6address], as described in RFC 2821.
+Major changes - IPv6 support
+----------------------------
-Incompatible changes with snapshot Postfix-2.2-20050111+IPV6
-============================================================
+[Feature 20050111] Postfix version 2.2 IP version 6 support based
+on the Postfix/IPv6 patch by Dean Strik and others. IPv6 support
+is always compiled into Postfix on systems that have Postfix
+compatible IPv6 support. On other systems Postfix will simply use
+IP version 4 just like it did before. See the IPV6_README document
+for what systems are supported, and how to turn on IPv6 in main.cf.
-Postfix version 2.2 IP version 6 support is based on the Postfix/IPv6
-patch by Dean Strik, but differs in a few minor ways.
+[Incompat 20050111] Postfix version 2.2 IPv6 support differs from
+the Postfix/IPv6 patch by Dean Strik in a few minor ways.
- Network protocol support including DNS lookup is selected with
the inet_protocols parameter instead of the inet_interfaces parameter.
-This is needed so that Postfix will not attempt to deliver mail
-via IPv6 when the system has no IPv6 connectivity.
+This is needed so that Postfix will not attempt to deliver mail via
+IPv6 when the system has no IPv6 connectivity.
- The lmtp_bind_address6 feature was omitted. The Postfix LMTP
client will be absorbed into the SMTP client, so there is no reason
to keep adding features to the LMTP client.
-- The cidr-based address matching code was rewritten. The new
+- The CIDR-based address matching code was rewritten. The new
behavior is believed to be closer to expectation. The results may
be incompatible with that of the Postfix/IPv6 patch.
-Major changes with snapshot Postfix-2.2-20050111+IPV6
-=====================================================
+[Incompat 20050117] The Postfix SMTP server now requires that IPv6
+addresses in SMTP commands are specified as [ipv6:ipv6address], as
+described in RFC 2821.
-Postfix version 2.2 IP version 6 support based on the Postfix/IPv6
-patch by Dean Strik and others. IP version 6 support is selected
-in main.cf; it is not selected at compile time as with TLS or SASL.
+Major changes - TLS support
+---------------------------
-IP version 6 support is always compiled into Postfix on systems
-that have Postfix compatible IP version 6 support. On other systems
-Postfix will simply use IP version 4 just like it did before. See
-the IPV6_README document for what systems are supported, and how
-to turn on IPv6 in main.cf.
+[Feature 20041210] Postfix version 2.2 TLS support, based on the
+Postfix/TLS patch by Lutz Jaenicke. TLS support is not compiled
+in by default. For more information about Postfix 2.2 TLS support,
+see the TLS_README document.
-Incompatible changes with snapshot Postfix-2.2-20041210+TLS
-===========================================================
+[Feature 20050209] The Postfix SMTP server policy delegation protocol
+now supplies TLS client certificate information after successful
+verification. The new policy delegation protocol attribute names
+are ccert_subject, ccert_issuer and ccert_fingerprint.
-Postfix version 2.2 TLS support is based on the Postfix/TLS patch
-by Lutz Jaenicke, but differs in a few minor ways.
+[Feature 20050208] New "check_ccert_maps maptype:mapname" feature
+to enforce access control based on hexadecimal client certificate
+fingerprints.
+
+[Incompat 20041210] Postfix version 2.2 TLS support differs from
+the Postfix/TLS patch by Lutz Jaenicke in a few minor ways.
- main.cf: Use btree instead of sdbm for TLS session cache databases.
Session caches are now accessed only by the tlsmgr(8) process,
- so there are no more concurrency issues. Although Postfix still
- has an sdbm client, the sdbm library (1000 lines of code) is no
- longer included with Postfix/TLS.
+ so there are no concurrency issues. Although Postfix still has
+ an SDBM client, the SDBM library (1000 lines of code) is no longer
+ included with Postfix.
TLS session caches can use any database that can store objects
of several kbytes or more, and that implements the sequence
NOTE: You cannot use dbm databases. TLS session objects are too
large.
-- master.cf: Specify unix instead of fifo as the tlsmgr service type.
+- master.cf: Specify unix instead of fifo for the tlsmgr service type.
+ This change is automatically made by the Postfix upgrade procedure.
- The smtp(8) and smtpd(8) processes now use a client-server protocol
+ The smtp(8) and smtpd(8) processes use a client-server protocol
in order to access the tlsmgr(8)'s pseudo-random number generation
(PRNG) pool, and in order to access the TLS session cache databases.
Such a protocol cannot be run across fifos.
-Major changes with snapshot Postfix-2.2-20041210+TLS
-=====================================================
-
-TLS support based on the Postfix/TLS patch by Lutz Jaenicke. This
-is not compiled in by default. To build Postfix with TLS support,
-see the TLS_README document.
-
-Major changes with snapshot Postfix-2.2-20041218
-================================================
-
-Fine control for SMTP inter-operability problems, by discarding
-keywords sent or received with the EHLO handshake. Typically one
-would discard "pipelining", "starttls", or "auth". Specify a list
-of EHLO keywords with the smtp(d)_discard_ehlo_keywords parameters,
-or specify one or more lookup tables, indexed by remote network
-address, with the smtp(d)_discard_ehlo_keyword_address_maps
-parameters. Note: this only discards words from the EHLO conversation;
-it does not turn off the actual features in the SMTP server.
-
-More client attributes for delivery to command with the local(8)
-and pipe(8) delivery agents: client_hostname, client_address,
-client_protocol, client_helo, sasl_method, sasl_sender, and
-sasl_username. With local(8), attribute names must be specified
-in upper case.
-
-Major changes with snapshot Postfix-2.2-20041210
-================================================
-
-You can now dump an entire database with the new postmap/postalias
-"-s" option. This works only for database types with Postfix sequence
-operator support: hash, btree, dbm, and sdbm.
-
-Major changes with snapshot Postfix-2.2-20041208
-================================================
-
-Support for CDB databases by Michael Tokarev. This supports both
-Michael's tinycdb and Daniel Bernstein's cdb implementations, but
-neither of the two implementations is bundled with Postfix.
-
-Incompatible changes with snapshot Postfix-2.2-20041118
-=======================================================
+Major changes - SMTP client connection cache
+--------------------------------------------
-You must restart Postfix, because the master-child protocol has
-changed. Postfix will log warnings about partial status updates
-if you forget to restart the master.
+[Feature 20040720] SMTP client-side connection caching. Instead of
+disconnecting immediately after a mail transaction, the Postfix
+SMTP client can save the open connection to the scache(8) connection
+cache daemon, so that any SMTP client process can reuse that session
+for another mail transaction. See the CONNECTION_CACHE_README
+document for a description of configuration and implementation.
-Major changes with snapshot Postfix-2.2-20041118
-================================================
-
-New "smtpd_end_of_data_restrictions" feature that is invoked after
-the client terminates the SMTP DATA command. The syntax is the same
-as with "smtpd_data_restrictions", but the message size is the
-actual byte count of the message content.
-
-Incompatible changes with snapshot Postfix-2.2-20041030
-=======================================================
-
-The SMTP session cache is renamed to connection cache, to avoid
-confusion with the TLS session cache. Thus, all session_cache_mumble
-parameters are now called connection_cache_mumble.
-
-Incompatible changes with snapshot Postfix-2.2-20041023
-=======================================================
-
-You must reload or stop/start Postfix, because the queue manager
-to delivery agent protocol has changed. If you forget this, mail
-will remain queued until the queue manager is restarted.
-
-Support for the non-standard Errors-To: return addresses is removed.
-It was already disabled by default with Postfix version 2.1. Since
-Errors-To: is non-standard, there was no guarantee that it would
-have effect with other MTAs.
-
-Major changes with snapshot Postfix-2.2-20041023
-================================================
-
-The NIS+ client by Geoff Gibbs is now part of the Postfix source
-tree. Details are given in the nisplus_table(5) manual page.
+This feature introduces the scache (connection cache) server, which
+is added to your master.cf file when you upgrade Postfix.
-By default, Postfix no longer appends its own domain to addresses
-in message headers from remote clients. Thus, spam from poorly
-written software no longer looks like it came from a local user.
+[Feature 20040729] Opportunistic SMTP connection caching. When a
+destination has a high volume of mail in the active queue, SMTP
+connection caching is enabled automatically. This is controlled
+with a new configuration parameter "smtp_connection_cache_on_demand"
+(default: yes).
+
+[Feature 20040723] Per-destination SMTP connection caching. This
+is enabled with the smtp_connection_cache_destinations parameter.
+The parameter requires "bare" domain names or IP addresses without
+"[]" or TCP port, to avoid a syntax conflict between host:port and
+maptype:mapname entries.
+
+[Feature 20040721] The scache(8) connection cache manager logs cache
+hit and miss statistics every $connection_cache_status_update_time
+seconds (default: 600s). It reports the hit and miss rates for
+lookups by domain, as well as for lookups by network address.
+
+Major changes - address rewriting
+---------------------------------
+
+[Feature 20050206] Support for address rewriting in outgoing SMTP
+mail (headers and envelopes). This is useful for sites that have a
+fantasy Internet domain name such as localdomain.local. Mail
+addresses that use fantasy domain names are often rejected by mail
+servers.
+
+The smtp_generic_maps feature allows you to replace a local mail
+address (user@localdomain.local) by a valid Internet address
+(account@isp.example) when mail is sent across the Internet. The
+feature has no effect on mail that is sent between accounts on the
+local machine. The syntax is described in generic(5) and a detailed
+example is in the STANDARD_CONFIGURATION_README document, the section
+titled "Postfix on hosts without a real Internet hostname".
+
+[Feature 20041023] By default, Postfix no longer appends its own
+domain to addresses in message headers from remote clients. Thus,
+spam from poorly written software no longer looks like it came from
+a local user.
Postfix either does not rewrite remote message headers at all, or
it rewrites headers and appends the domain name that is specified
By default, Postfix considers an SMTP client local (and thus updates
message header addresses with the Postfix's own domain) when the
-client IP address matches mynetworks, or when the client is SASL
-or TLS authenticated.
+client IP address matches the local machine's interface addresses,
+or when mail is submitted with the Postfix sendmail(1) command.
-If you want to include other clients via a pop-before-smtp table,
-then you have to specify that via the new local_header_rewrite_clients
-parameter:
+If you must rewrite headers from other clients then you can specify,
+for example,
/etc/postfix/main.cf:
local_header_rewrite_clients = permit_mynetworks,
permit_sasl_authenticated, permit_tls_clientcerts,
check_address_map hash:/etc/postfix/pop-before-smtp
-As before, Postfix appends local domain information to envelope
-addresses (as opposed to header addresses), because an unqualified
-envelope address is effectively local for the purpose of delivery,
-and for the purpose of replying to it.
+Postfix always appends local domain information to envelope addresses
+(as opposed to header addresses), because an unqualified envelope
+address is effectively local for the purpose of delivery, and for
+the purpose of replying to it.
Full details are given in ADDRESS_REWRITING_README, and in the
postconf(5) manual. For best results, point your browser at the
ADDRESS_REWRITING_README.html file and navigate to the section
-titled "To rewrite or not to rewrite, or to label as invalid".
-
-Incompatible changes with snapshot Postfix-2.2-20041009
-=======================================================
-
-You must reload or stop/start Postfix, because the queue manager
-to delivery agent protocol has changed. If you forget this, mail
-will remain queued until the queue manager is restarted.
-
-The smtpd_client_connection_limit_exceptions parameter is renamed
-to smtpd_client_event_limit_exceptions. Besides connections it now
-also applies to per-client message rate and recipient rate limits.
-
-Major changes with snapshot Postfix-2.2-20041009
-================================================
-
-Per SMTP client message rate and recipient rate limits. These limit
-the number of MAIL FROM or RCPT TO requests regardless of whether
-or not Postfix would have accepted them otherwise. The user interface
-(smtpd_client_message_rate_limit and smtpd_client_recipient_rate_limit)
-is similar to that of the existing per SMTP client connection rate
-limit, and the same warnings apply: these features are to be used
-to stop abuse, and must not be used to regulate legitimate mail.
-More details can be found in the postconf(5) manual.
-
-Incompatible changes with snapshot Postfix-2.2-20040919
-=======================================================
-
-This snapshot adds a discard service to the master.cf file.
-
-Major changes with snapshot Postfix-2.2-20040919
-================================================
-
-A new discard(8) mail delivery agent that makes throwing away mail
-easier and more efficient. It's the Postfix equivalent of /dev/null
-for deliveries. On the input side, Postfix already has a /dev/null
-equivalent in the form of the DISCARD action in access maps and
-header_body_checks.
-
-Access control for local mail submission, for listing the queue
-and for flushing the queue. These features are controlled with
-authorized_submit_users, authorized_mailq_users, and with
-authorized_flush_users, respectively. The last two controls are
-always permitted for the super-user and for the mail system owner.
-More information is in the postconf(5) manual.
-
-Incompatible changes with snapshot Postfix-2.2-20040829
-=======================================================
-
-When no recipients are specified on the command line or via the -t
-option, the Postfix sendmail command terminates with status EX_USAGE
-and produces an error message instead of accepting the mail first
-and bouncing it later. This gives more direct feedback in case of
-a common client configuration error.
-
-Major changes with snapshot Postfix-2.2-20040827
-================================================
-
-Easier use of the proxymap service with the virtual(8) delivery
-agent. As of now, the virtual(8) delivery agent will silently open
-maps directly when they can't be proxied. This means you can now
-specify "virtual_mailbox_maps = proxy:mysql:whatever" without
-triggering fatal errors in the virtual(8) delivery agent.
-
-Better SMTP client control over the use of SASL mechanisms. New
-smtp_sasl_mechanism_filter mechanism to shorten the list of SASL
-mechanisms from a remote server to just those that the local SASL
-library can actually use.
-
-Finer control over canonical mapping with canonical_classes,
-sender_canonical_classes and recipient_canonical_classes. These
-specify one or more of envelope_sender, header_sender, envelope_recipient
-or header_recipient. The default settings are backwards compatible.
-
-Incompatible changes with snapshot Postfix-2.2-20040729
-=======================================================
-
-SMTP session caching is enabled temporarily when a destination has
-a high volume of mail in the active queue. To disable, specify
-"smtp_connection_cache_on_demand = no".
-
-Major changes with snapshot Postfix-2.2-20040729
-================================================
-
-Opportunistic SMTP session caching. When a destination has a high
-volume of mail in the active queue, SMTP session caching is enabled
-temporarily. This is controlled with a new configuration parameter
-"smtp_connection_cache_on_demand" (default: yes).
-
-Incompatible changes with snapshot Postfix-2.2-20040723
-=======================================================
-
-Permanent SMTP session caching is now enabled with the
-smtp_session_cache_destinations parameter. This requires "bare"
-domain names without "[]" or TCP port. The change eliminates a
-syntax conflict between host:port and maptype:mapname, and simplifies
-the user interface, at the cost of a minor loss of control over
-what sessions are cached.
-
-Major changes with snapshot Postfix-2.2-20040721
-================================================
-
-The session cache manager now logs cache hit and miss statistics
-every $session_cache_status_update_time seconds (default: 600s).
-It reports the hit and miss rates for lookups by domain, as well
-as for lookups by network address.
-
-Hit rates for cache lookups by domain will tell you how useful
-session caching is.
-
-Cache lookups by network address will always fail, unless you're
-sending mail to different domains that share the same MX host.
-
-Incompatible changes with snapshot Postfix-2.2-20040720
-=======================================================
-
-The default SMTP/LMTP timeouts for sending RSET are reduced to 20s.
-
-Major changes with snapshot Postfix-2.2-20040720
-================================================
-
-Selective permanent SMTP session caching. Instead of disconnecting
-immediately after a mail transaction, the SMTP client can save the
-open session to a session cache daemon, so that any SMTP client
-process can use that session for another mail transaction.
-
-This feature introduces the scache (session cache) server, which
-is added to your master.cf file when you upgrade Postfix.
-
-*** You need to execute "postfix reload" when upgrading from Postfix
-*** version 2.1 or later.
-
-*** You need to execute "postfix stop" when upgrading from Postfix
-*** version 2.0 or earlier. Execute "postfix start" when done.
-
-Session caching is enabled with the new smtp_connection_cache_destinations
-parameter. Specify a list of destinations or lookup tables:
-
-- if mail is sent without relay host: a domain (the right-hand side
-of an email address),
-
-- if mail is sent via a relay host, the relay host (without [],
-and without non-default TCP port) that is specified in main.cf or
-in the transport map,
-
-- a /file/name with domains and/or relay hosts,
-
-- a type:table with domains and/or relay hosts on the left-hand
-side; the right-hand side result from type:table lookups is ignored.
-
-The following optimizes deliveries to hosts that your machine relays
-mail to:
-
- smtp_connection_cache_destinations = $relay_domains $relayhost
-
-A setting that tries to optimize deliveries to problem sites:
-
- smtp_connection_cache_destinations = hotmail.com...
-
-Cached SMTP sessions are allowed to remain unused for only a limited
-amount of time (smtp_connection_cache_time_limit, default: 2
-seconds). This limits the impact on remote server resources.
-Specify larger values only with permission from the remote sites.
-
-To avoid triggering remote problems, the same SMTP session is used
-only a limited number of times (smtp_connection_cache_reuse_limit,
-default: 10).
+titled " To rewrite message headers or not, or to label as invalid".
+
+[Incompat 20050212] When header address rewriting is enabled, Postfix
+now updates a message header only when at least one address in that
+header is modified. Older Postfix versions first parse and then
+un-parse a header so that there may be subtle changes in formatting,
+such as the amount of whitespace between tokens.
+
+[Incompat 20050227] When header address rewriting is enabled, Postfix
+no longer changes header label capitalization, i.e. FROM: or CC:
+are no longer replaced by From: or Cc:.
+
+[Feature 20040827] Finer control over canonical mapping with
+canonical_classes, sender_canonical_classes and
+recipient_canonical_classes. These specify one or more of
+envelope_sender, header_sender, envelope_recipient or header_recipient.
+The default settings are backwards compatible.
+
+Major changes - SMTP compatibility controls
+-------------------------------------------
+
+[Feature 20041218] Fine control for SMTP inter-operability problems,
+by discarding keywords that are sent or received with the EHLO
+handshake. Typically one would discard "pipelining", "starttls",
+or "auth" to work around systems with a broken implementation.
+Specify a list of EHLO keywords with the smtp(d)_discard_ehlo_keywords
+parameters, or specify one or more lookup tables, indexed by remote
+network address, with the smtp(d)_discard_ehlo_keyword_address_maps
+parameters.
+
+Note: this feature only discards words from the EHLO conversation;
+it does not turn off the actual features in the SMTP server.
-Robustness note: to prevent mail from being delivered to the wrong
-server, the session caching feature explicitly labels each cached
-session with destination domain and IP address information. A
-session cache lookup succeeds only when the correct information is
-specified.
+Major changes - database support
+--------------------------------
+
+[Feature 20041210] You can now dump an entire database with the new
+postmap/postalias "-s" option. This works only for database types
+with Postfix sequence operator support: hash, btree, dbm, and sdbm.
+
+[Feature 20041208] Support for CDB databases by Michael Tokarev.
+This supports both Michael's tinycdb and Daniel Bernstein's cdb
+implementations, but neither of the two implementations is bundled
+with Postfix.
+
+[Feature 20041023] The NIS+ client by Geoff Gibbs is now part of
+the Postfix source tree. Details are given in the nisplus_table(5)
+manual page.
+
+[Feature 20040827] Easier use of the proxymap(8) service with the
+virtual(8) delivery agent. The virtual(8) delivery agent will
+silently open maps directly when those maps can't be proxied for
+security reasons. This means you can now specify "virtual_mailbox_maps
+= proxy:mysql:whatever" without triggering a fatal error in the
+virtual(8) delivery agent.
+
+Major changes - remote SMTP client resource control
+---------------------------------------------------
+
+[Incompat 20041009] The smtpd_client_connection_limit_exceptions
+parameter is renamed to smtpd_client_event_limit_exceptions. Besides
+connections it now also applies to per-client message rate and
+recipient rate limits.
+
+[Feature 20041009] Per SMTP client message rate and recipient rate
+limits. These limit the number of MAIL FROM or RCPT TO requests
+regardless of whether or not Postfix would have accepted them
+otherwise. The user interface (smtpd_client_message_rate_limit and
+smtpd_client_recipient_rate_limit) is similar to that of the existing
+per SMTP client connection rate limit, and the same warnings apply:
+these features are to be used to stop abuse, and must not be used
+to regulate legitimate mail. More details can be found in the
+postconf(5) manual.
+
+Major changes - remote SMTP client access control
+-------------------------------------------------
+
+[Feature 20050209] The Postfix SMTP server policy delegation protocol
+now supplies TLS client certificate information after successful
+verification. The new policy delegation protocol attribute names
+are ccert_subject, ccert_issuer and ccert_fingerprint.
-Limitations:
+[Feature 20050208] New "check_ccert_maps maptype:mapname" feature
+to enforce access control based on hexadecimal client certificate
+fingerprints.
+
+[Feature 20050203] New "permit_inet_interfaces" access restriction
+to allow access from local IP addresses only. This is used for the
+default, purist, setting of local_header_rewrite_clients (rewrite
+only headers in mail from this machine).
+
+[Feature 20050203] New "sleep time-in-seconds" pseudo access
+restriction to block zombie clients with reject_unauthorized_pipelining
+before the Postfix SMTP server sends the SMTP greeting. See postconf(5)
+for example. This feature is not available the stable Postfix 2.2
+release, but it is documented here so that it will not get lost.
+
+[Feature 20041118] New "smtpd_end_of_data_restrictions" feature
+that is invoked after the client terminates the SMTP DATA command.
+The syntax is the same as with "smtpd_data_restrictions". In the
+SMTPD policy delegation request, the message size is the actual
+byte count of the message content, instead of the message size
+announced by the client in the MAIL FROM command.
+
+Major changes - SASL authentication
+-----------------------------------
+
+[Feature 20040827] Better SMTP client control over the use of SASL
+mechanisms. New smtp_sasl_mechanism_filter mechanism to shorten the
+list of SASL mechanisms from a remote server to just those that the
+local SASL library can actually use.
+
+Major changes - header/body patterns
+------------------------------------
+
+[Feature 20050205] REPLACE action in header_checks and body_checks,
+to replace a message header or body line. See header_checks(5) for
+details.
+
+Major changes - local delivery
+------------------------------
+
+[Feature 20040621] Control over the working directory when executing
+an external command. With the pipe(8) mailer, specify directory=pathname,
+and with local(8) specify "command_execution_directory = expression"
+where "expression" is subject to $home etc. macro expansion. The
+result of macro expansion is restricted by the set of characters
+specified with execution_directory_expansion_filter.
-- SMTP session caching does not work with TLS (the necessary support
-for object passivation and re-activation does not exist without
-closing the connection).
+Major changes - mail delivery attributes
+----------------------------------------
-- SMTP session caching assumes that SASL credentials are valid for
-all hostnames or domain names that map onto the same IP address
-and TCP port.
+[Feature 20041218] More client attributes for delivery to command
+with the local(8) and pipe(8) delivery agents: client_hostname,
+client_address, client_protocol, client_helo, sasl_method, sasl_sender,
+and sasl_username. With local(8), attribute names must be specified
+in upper case.
-Major changes with snapshot Postfix-2.2-20040621
-================================================
+Major changes - package creation
+--------------------------------
+
+[Feature 20050203] To create a ready-to-install package for
+distribution to other systems you can now use "make package" or
+"make non-interactive-package", instead of invoking the internal
+postfix-install script by hand. See the PACKAGE_README file for
+details.
+
+Major changes - performance
+---------------------------
+
+[Incompat 20050117] Only the deferred and defer queue directories
+are now hashed by default, instead of eight queue directories. This
+may speed up Postfix boot time on low-traffic systems without
+compromising performance under high load too much. Hashing must be
+turned on for the defer and deferred queue directories, because
+those directories contain lots of files when undeliverable mail is
+backing up.
+
+[Incompat 20040720] The default SMTP/LMTP timeouts for sending RSET
+are reduced to 20s.
+
+Major changes - miscellaneous
+-----------------------------
+
+[Feature 20050203] Safety: Postfix no longer tries to send mail to
+the fallback_relay when the local machine is MX host for the mail
+destination. See the postconf(5) description of the fallback_relay
+feature for details.
+
+[Incompat 20041023] Support for the non-standard Errors-To: return
+addresses is now removed from Postfix. It was already disabled by
+default with Postfix version 2.1. Since Errors-To: is non-standard,
+there was no guarantee that it would have the desired effect with
+other MTAs.
+
+[Feature 20040919] A new discard(8) mail delivery agent that makes
+throwing away mail easier and more efficient. It's the Postfix
+equivalent of /dev/null for mail deliveries. On the mail receiving
+side, Postfix already has a /dev/null equivalent in the form of the
+DISCARD action in access maps and header_body_checks.
+
+[Feature 20040919] Access control for local mail submission, for
+listing the queue, and for flushing the queue. These features are
+controlled with authorized_submit_users, authorized_mailq_users,
+and with authorized_flush_users, respectively. The last two controls
+are always permitted for the super-user and for the mail system
+owner. More information is in the postconf(5) manual.
+
+[Incompat 20040829] When no recipients are specified on the command
+line or via the -t option, the Postfix sendmail command terminates
+with status EX_USAGE and produces an error message instead of
+accepting the mail first and bouncing it later. This gives more
+direct feedback in case of a common client configuration error.
-Control over the working directory when executing an external
-command. With the pipe(8) mailer, specify directory=pathname, and
-with local(8) specify "command_execution_directory = expression"
-where "expression" is subject to $home etc. macro expansion. The
-result of macro expansion is restricted by the set of characters
-specified with execution_directory_expansion_filter.
+++ /dev/null
-The stable Postfix release is called postfix-2.2.x where 2=major
-release number, 2=minor release number, x=patchlevel. The stable
-release never changes except for patches that address bugs or
-emergencies. Patches change the patchlevel and the release date.
-
-New features are developed in snapshot releases. These are called
-postfix-2.3-yyyymmdd where yyyymmdd is the release date (yyyy=year,
-mm=month, dd=day). Patches are never issued for snapshot releases;
-instead, a new snapshot is released.
-
-The mail_release_date configuration parameter (format: yyyymmdd)
-specifies the release date of a stable release or snapshot release.
-
-Main changes with Postfix version 2.2
--------------------------------------
-
-This is a summary of the changes. These and more are detailed in
-the following sections of this document.
-
-- TLS and IPv6 support are now built into Postfix, based on code
-from third-party patches.
-
-- SMTP client-side connection reuse. This can dramatically speed
-up deliveries to high-volume destinations that have good and
-non-responding mail servers.
-
-- By default, message header address rewriting is now disabled for
-SMTP mail from other systems. Thus, spam from poorly written
-software no longer looks like it came from a local user.
-
-- When your machine does not have its own domain name, Postfix can
-now replace your "home network" email address by your ISP account
-in outgoing SMTP mail, while leaving your email address unchanged
-when sending mail to someone on the local machine.
-
-- Compatibility workarounds: you can now selectively turn off ESMTP
-features such as AUTH or STARTTLS in the Postfix SMTP client or
-server, without having to "dumb down" other mail deliveries, and
-without having to use transport maps for outgoing mail.
-
-- Remote SMTP client resource control (the anvil server). This
-allows you to limit the number of connections, or the number of
-MAIL FROM and RCPT TO commands that an SMTP client can send per
-unit time.
-
-- Support for CDB, SDBM and NIS+ databases is now built into Postfix
-(but the CDB and SDBM libraries are not).
-
-- New SMTP access control features, and more.
-
-Major changes - critical
-------------------------
-
-BEFORE upgrading from an older release you MUST stop Postfix, unless
-you're running a Postfix 2.2 snapshot release that already has
-Postfix 2.2 IPV6 and TLS support.
-
-AFTER upgrading from an older release DO NOT copy the old
-master.cf/main.cf files over the new files. Instead, you MUST let
-the Postfix installation procedure update the existing configuration
-files with new service entries.
-
-[Incompat 20041118] The master-child protocol has changed. The
-Postfix master daemon will log warnings about partial status updates
-if you don't stop and start Postfix.
-
-[Incompat 20041023, 20041009] The queue manager to delivery agent
-protocol has changed. Mail will remain queued if you do not restart
-the queue manager.
-
-[Incompat 20050111] The upgrade procedure adds the tlsmgr service
-to the master.cf file. This service entry is not compatible with
-the Postfix/TLS patch.
-
-[Feature 20040919] The upgrade procedure adds the discard service
-to the master.cf file.
-
-[Feature 20040720] The upgrade procedure adds the scache (connection
-cache) service to the master.cf file.
-
-Major changes - IPv6 support
-----------------------------
-
-[Feature 20050111] Postfix version 2.2 IP version 6 support based
-on the Postfix/IPv6 patch by Dean Strik and others. IPv6 support
-is always compiled into Postfix on systems that have Postfix
-compatible IPv6 support. On other systems Postfix will simply use
-IP version 4 just like it did before. See the IPV6_README document
-for what systems are supported, and how to turn on IPv6 in main.cf.
-
-[Incompat 20050111] Postfix version 2.2 IPv6 support differs from
-the Postfix/IPv6 patch by Dean Strik in a few minor ways.
-
-- Network protocol support including DNS lookup is selected with
-the inet_protocols parameter instead of the inet_interfaces parameter.
-This is needed so that Postfix will not attempt to deliver mail via
-IPv6 when the system has no IPv6 connectivity.
-
-- The lmtp_bind_address6 feature was omitted. The Postfix LMTP
-client will be absorbed into the SMTP client, so there is no reason
-to keep adding features to the LMTP client.
-
-- The CIDR-based address matching code was rewritten. The new
-behavior is believed to be closer to expectation. The results may
-be incompatible with that of the Postfix/IPv6 patch.
-
-[Incompat 20050117] The Postfix SMTP server now requires that IPv6
-addresses in SMTP commands are specified as [ipv6:ipv6address], as
-described in RFC 2821.
-
-Major changes - TLS support
----------------------------
-
-[Feature 20041210] Postfix version 2.2 TLS support, based on the
-Postfix/TLS patch by Lutz Jaenicke. TLS support is not compiled
-in by default. For more information about Postfix 2.2 TLS support,
-see the TLS_README document.
-
-[Feature 20050209] The Postfix SMTP server policy delegation protocol
-now supplies TLS client certificate information after successful
-verification. The new policy delegation protocol attribute names
-are ccert_subject, ccert_issuer and ccert_fingerprint.
-
-[Feature 20050208] New "check_ccert_maps maptype:mapname" feature
-to enforce access control based on hexadecimal client certificate
-fingerprints.
-
-[Incompat 20041210] Postfix version 2.2 TLS support differs from
-the Postfix/TLS patch by Lutz Jaenicke in a few minor ways.
-
-- main.cf: Use btree instead of sdbm for TLS session cache databases.
-
- Session caches are now accessed only by the tlsmgr(8) process,
- so there are no concurrency issues. Although Postfix still has
- an SDBM client, the SDBM library (1000 lines of code) is no longer
- included with Postfix.
-
- TLS session caches can use any database that can store objects
- of several kbytes or more, and that implements the sequence
- operation. In most cases, btree databases should be adequate.
-
- NOTE: You cannot use dbm databases. TLS session objects are too
- large.
-
-- master.cf: Specify unix instead of fifo for the tlsmgr service type.
- This change is automatically made by the Postfix upgrade procedure.
-
- The smtp(8) and smtpd(8) processes use a client-server protocol
- in order to access the tlsmgr(8)'s pseudo-random number generation
- (PRNG) pool, and in order to access the TLS session cache databases.
- Such a protocol cannot be run across fifos.
-
-Major changes - SMTP client connection cache
---------------------------------------------
-
-[Feature 20040720] SMTP client-side connection caching. Instead of
-disconnecting immediately after a mail transaction, the Postfix
-SMTP client can save the open connection to the scache(8) connection
-cache daemon, so that any SMTP client process can reuse that session
-for another mail transaction. See the CONNECTION_CACHE_README
-document for a description of configuration and implementation.
-
-This feature introduces the scache (connection cache) server, which
-is added to your master.cf file when you upgrade Postfix.
-
-[Feature 20040729] Opportunistic SMTP connection caching. When a
-destination has a high volume of mail in the active queue, SMTP
-connection caching is enabled automatically. This is controlled
-with a new configuration parameter "smtp_connection_cache_on_demand"
-(default: yes).
-
-[Feature 20040723] Per-destination SMTP connection caching. This
-is enabled with the smtp_connection_cache_destinations parameter.
-The parameter requires "bare" domain names or IP addresses without
-"[]" or TCP port, to avoid a syntax conflict between host:port and
-maptype:mapname entries.
-
-[Feature 20040721] The scache(8) connection cache manager logs cache
-hit and miss statistics every $connection_cache_status_update_time
-seconds (default: 600s). It reports the hit and miss rates for
-lookups by domain, as well as for lookups by network address.
-
-Major changes - address rewriting
----------------------------------
-
-[Feature 20050206] Support for address rewriting in outgoing SMTP
-mail (headers and envelopes). This is useful for sites that have a
-fantasy Internet domain name such as localdomain.local. Mail
-addresses that use fantasy domain names are often rejected by mail
-servers.
-
-The smtp_generic_maps feature allows you to replace a local mail
-address (user@localdomain.local) by a valid Internet address
-(account@isp.example) when mail is sent across the Internet. The
-feature has no effect on mail that is sent between accounts on the
-local machine. The syntax is described in generic(5) and a detailed
-example is in the STANDARD_CONFIGURATION_README document, the section
-titled "Postfix on hosts without a real Internet hostname".
-
-[Feature 20041023] By default, Postfix no longer appends its own
-domain to addresses in message headers from remote clients. Thus,
-spam from poorly written software no longer looks like it came from
-a local user.
-
-Postfix either does not rewrite remote message headers at all, or
-it rewrites headers and appends the domain name that is specified
-with the remote_header_rewrite_domain parameter (like "domain.invalid").
-
-To get the behavior of earlier Postfix versions (always append
-Postfix's own domain to incomplete addresses in message headers)
-specify:
-
-/etc/postfix/main.cf:
- local_header_rewrite_clients = static:all
-
-Postfix always appends its own domain information to addresses in
-message headers from Postfix sendmail and from local SMTP clients.
-
-By default, Postfix considers an SMTP client local (and thus updates
-message header addresses with the Postfix's own domain) when the
-client IP address matches the local machine's interface addresses,
-or when mail is submitted with the Postfix sendmail(1) command.
-
-If you must rewrite headers from other clients then you can specify,
-for example,
-
-/etc/postfix/main.cf:
- local_header_rewrite_clients = permit_mynetworks,
- permit_sasl_authenticated, permit_tls_clientcerts,
- check_address_map hash:/etc/postfix/pop-before-smtp
-
-Postfix always appends local domain information to envelope addresses
-(as opposed to header addresses), because an unqualified envelope
-address is effectively local for the purpose of delivery, and for
-the purpose of replying to it.
-
-Full details are given in ADDRESS_REWRITING_README, and in the
-postconf(5) manual. For best results, point your browser at the
-ADDRESS_REWRITING_README.html file and navigate to the section
-titled " To rewrite message headers or not, or to label as invalid".
-
-[Incompat 20050212] When header address rewriting is enabled, Postfix
-now updates a message header only when at least one address in that
-header is modified. Older Postfix versions first parse and then
-un-parse a header so that there may be subtle changes in formatting,
-such as the amount of whitespace between tokens.
-
-[Incompat 20050227] When header address rewriting is enabled, Postfix
-no longer changes header label capitalization, i.e. FROM: or CC:
-are no longer replaced by From: or Cc:.
-
-[Feature 20040827] Finer control over canonical mapping with
-canonical_classes, sender_canonical_classes and
-recipient_canonical_classes. These specify one or more of
-envelope_sender, header_sender, envelope_recipient or header_recipient.
-The default settings are backwards compatible.
-
-Major changes - SMTP compatibility controls
--------------------------------------------
-
-[Feature 20041218] Fine control for SMTP inter-operability problems,
-by discarding keywords that are sent or received with the EHLO
-handshake. Typically one would discard "pipelining", "starttls",
-or "auth" to work around systems with a broken implementation.
-Specify a list of EHLO keywords with the smtp(d)_discard_ehlo_keywords
-parameters, or specify one or more lookup tables, indexed by remote
-network address, with the smtp(d)_discard_ehlo_keyword_address_maps
-parameters.
-
-Note: this feature only discards words from the EHLO conversation;
-it does not turn off the actual features in the SMTP server.
-
-Major changes - database support
---------------------------------
-
-[Feature 20041210] You can now dump an entire database with the new
-postmap/postalias "-s" option. This works only for database types
-with Postfix sequence operator support: hash, btree, dbm, and sdbm.
-
-[Feature 20041208] Support for CDB databases by Michael Tokarev.
-This supports both Michael's tinycdb and Daniel Bernstein's cdb
-implementations, but neither of the two implementations is bundled
-with Postfix.
-
-[Feature 20041023] The NIS+ client by Geoff Gibbs is now part of
-the Postfix source tree. Details are given in the nisplus_table(5)
-manual page.
-
-[Feature 20040827] Easier use of the proxymap(8) service with the
-virtual(8) delivery agent. The virtual(8) delivery agent will
-silently open maps directly when those maps can't be proxied for
-security reasons. This means you can now specify "virtual_mailbox_maps
-= proxy:mysql:whatever" without triggering a fatal error in the
-virtual(8) delivery agent.
-
-Major changes - remote SMTP client resource control
----------------------------------------------------
-
-[Incompat 20041009] The smtpd_client_connection_limit_exceptions
-parameter is renamed to smtpd_client_event_limit_exceptions. Besides
-connections it now also applies to per-client message rate and
-recipient rate limits.
-
-[Feature 20041009] Per SMTP client message rate and recipient rate
-limits. These limit the number of MAIL FROM or RCPT TO requests
-regardless of whether or not Postfix would have accepted them
-otherwise. The user interface (smtpd_client_message_rate_limit and
-smtpd_client_recipient_rate_limit) is similar to that of the existing
-per SMTP client connection rate limit, and the same warnings apply:
-these features are to be used to stop abuse, and must not be used
-to regulate legitimate mail. More details can be found in the
-postconf(5) manual.
-
-Major changes - remote SMTP client access control
--------------------------------------------------
-
-[Feature 20050209] The Postfix SMTP server policy delegation protocol
-now supplies TLS client certificate information after successful
-verification. The new policy delegation protocol attribute names
-are ccert_subject, ccert_issuer and ccert_fingerprint.
-
-[Feature 20050208] New "check_ccert_maps maptype:mapname" feature
-to enforce access control based on hexadecimal client certificate
-fingerprints.
-
-[Feature 20050203] New "permit_inet_interfaces" access restriction
-to allow access from local IP addresses only. This is used for the
-default, purist, setting of local_header_rewrite_clients (rewrite
-only headers in mail from this machine).
-
-[Feature 20050203] New "sleep time-in-seconds" pseudo access
-restriction to block zombie clients with reject_unauthorized_pipelining
-before the Postfix SMTP server sends the SMTP greeting. See postconf(5)
-for example. This feature is not available the stable Postfix 2.2
-release, but it is documented here so that it will not get lost.
-
-[Feature 20041118] New "smtpd_end_of_data_restrictions" feature
-that is invoked after the client terminates the SMTP DATA command.
-The syntax is the same as with "smtpd_data_restrictions". In the
-SMTPD policy delegation request, the message size is the actual
-byte count of the message content, instead of the message size
-announced by the client in the MAIL FROM command.
-
-Major changes - SASL authentication
------------------------------------
-
-[Feature 20040827] Better SMTP client control over the use of SASL
-mechanisms. New smtp_sasl_mechanism_filter mechanism to shorten the
-list of SASL mechanisms from a remote server to just those that the
-local SASL library can actually use.
-
-Major changes - header/body patterns
-------------------------------------
-
-[Feature 20050205] REPLACE action in header_checks and body_checks,
-to replace a message header or body line. See header_checks(5) for
-details.
-
-Major changes - local delivery
-------------------------------
-
-[Feature 20040621] Control over the working directory when executing
-an external command. With the pipe(8) mailer, specify directory=pathname,
-and with local(8) specify "command_execution_directory = expression"
-where "expression" is subject to $home etc. macro expansion. The
-result of macro expansion is restricted by the set of characters
-specified with execution_directory_expansion_filter.
-
-Major changes - mail delivery attributes
-----------------------------------------
-
-[Feature 20041218] More client attributes for delivery to command
-with the local(8) and pipe(8) delivery agents: client_hostname,
-client_address, client_protocol, client_helo, sasl_method, sasl_sender,
-and sasl_username. With local(8), attribute names must be specified
-in upper case.
-
-Major changes - package creation
---------------------------------
-
-[Feature 20050203] To create a ready-to-install package for
-distribution to other systems you can now use "make package" or
-"make non-interactive-package", instead of invoking the internal
-postfix-install script by hand. See the PACKAGE_README file for
-details.
-
-Major changes - performance
----------------------------
-
-[Incompat 20050117] Only the deferred and defer queue directories
-are now hashed by default, instead of eight queue directories. This
-may speed up Postfix boot time on low-traffic systems without
-compromising performance under high load too much. Hashing must be
-turned on for the defer and deferred queue directories, because
-those directories contain lots of files when undeliverable mail is
-backing up.
-
-[Incompat 20040720] The default SMTP/LMTP timeouts for sending RSET
-are reduced to 20s.
-
-Major changes - miscellaneous
------------------------------
-
-[Feature 20050203] Safety: Postfix no longer tries to send mail to
-the fallback_relay when the local machine is MX host for the mail
-destination. See the postconf(5) description of the fallback_relay
-feature for details.
-
-[Incompat 20041023] Support for the non-standard Errors-To: return
-addresses is now removed from Postfix. It was already disabled by
-default with Postfix version 2.1. Since Errors-To: is non-standard,
-there was no guarantee that it would have the desired effect with
-other MTAs.
-
-[Feature 20040919] A new discard(8) mail delivery agent that makes
-throwing away mail easier and more efficient. It's the Postfix
-equivalent of /dev/null for mail deliveries. On the mail receiving
-side, Postfix already has a /dev/null equivalent in the form of the
-DISCARD action in access maps and header_body_checks.
-
-[Feature 20040919] Access control for local mail submission, for
-listing the queue, and for flushing the queue. These features are
-controlled with authorized_submit_users, authorized_mailq_users,
-and with authorized_flush_users, respectively. The last two controls
-are always permitted for the super-user and for the mail system
-owner. More information is in the postconf(5) manual.
-
-[Incompat 20040829] When no recipients are specified on the command
-line or via the -t option, the Postfix sendmail command terminates
-with status EX_USAGE and produces an error message instead of
-accepting the mail first and bouncing it later. This gives more
-direct feedback in case of a common client configuration error.
-
$manpage_directory/man5/postconf.5:f:root:-:644
$manpage_directory/man5/regexp_table.5:f:root:-:644
$manpage_directory/man5/relocated.5:f:root:-:644
-$manpage_directory/man5/tcp_table.5:f:root:-:644
+$manpage_directory/man5/tcp_table.5:f:root:-:644:o
$manpage_directory/man5/transport.5:f:root:-:644
$manpage_directory/man5/virtual.5:f:root:-:644
$manpage_directory/man8/bounce.8:f:root:-:644
$html_directory/smtp.8.html:f:root:-:644
$html_directory/smtpd.8.html:f:root:-:644
$html_directory/spawn.8.html:f:root:-:644
-$html_directory/tcp_table.5.html:f:root:-:644
+$html_directory/tcp_table.5.html:f:root:-:644:o
$html_directory/trace.8.html:f:root:-:644
$html_directory/transport.5.html:f:root:-:644
$html_directory/trivial-rewrite.8.html:f:root:-:644
<dt> <b>tcp</b> </dt>
<dd> Access information through a TCP/IP server. The protocol is
-described in <a href="tcp_table.5.html">tcp_table(5)</a>. The lookup table name is "<a href="tcp_table.5.html">tcp</a>:host:port"
+described in tcp_table(5). The lookup table name is "tcp:host:port"
where "host" specifies a symbolic hostname or a numeric IP address,
and "port" specifies a symbolic service name or a numeric port
number. This protocol is not available up to and including Postfix
qshape.1.html
CONFIG = access.5.html aliases.5.html canonical.5.html relocated.5.html \
transport.5.html virtual.5.html pcre_table.5.html regexp_table.5.html \
- cidr_table.5.html tcp_table.5.html header_checks.5.html \
+ cidr_table.5.html header_checks.5.html \
ldap_table.5.html mysql_table.5.html pgsql_table.5.html \
master.5.html nisplus_table.5.html generic.5.html
OTHER = postfix-manuals.html
<b>TCP-BASED TABLES</b>
This section describes how the table lookups change when
lookups are directed to a TCP-based server. For a descrip-
- tion of the TCP client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_ta-</b></a>
- <a href="tcp_table.5.html"><b>ble</b>(5)</a>. This feature is not available up to and including
+ tion of the TCP client/server lookup protocol, see <b>tcp_ta-</b>
+ <b>ble</b>(5). This feature is not available up to and including
Postfix version 2.2.
Each lookup operation uses the entire query string once.
<b>TCP-BASED TABLES</b>
This section describes how the table lookups change when
lookups are directed to a TCP-based server. For a descrip-
- tion of the TCP client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_ta-</b></a>
- <a href="tcp_table.5.html"><b>ble</b>(5)</a>. This feature is not available up to and including
+ tion of the TCP client/server lookup protocol, see <b>tcp_ta-</b>
+ <b>ble</b>(5). This feature is not available up to and including
Postfix version 2.2.
Each lookup operation uses the entire address once. Thus,
<b>TCP-BASED TABLES</b>
This section describes how the table lookups change when
lookups are directed to a TCP-based server. For a descrip-
- tion of the TCP client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_ta-</b></a>
- <a href="tcp_table.5.html"><b>ble</b>(5)</a>. This feature is not available up to and including
+ tion of the TCP client/server lookup protocol, see <b>tcp_ta-</b>
+ <b>ble</b>(5). This feature is not available up to and including
Postfix version 2.2.
Each lookup operation uses the entire address once. Thus,
<b>tcp</b> (read-only)
Perform lookups using a simple request-reply
- protocol that is described in <a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>.
+ protocol that is described in <b>tcp_table</b>(5).
This feature is not included with Postfix
2.2.
<li> <a href="regexp_table.5.html">regexp_table(5)</a>, Associate POSIX regexp pattern with value
-<li> <a href="tcp_table.5.html">tcp_table(5)</a>, Postfix client-server table lookup
-
</ul>
<h2> Daemon processes </h2>
<a href="pcre_table.5.html">pcre_table(5)</a>, Associate PCRE pattern with value
<a href="pgsql_table.5.html">pgsql_table(5)</a>, Postfix PostgreSQL client
<a href="regexp_table.5.html">regexp_table(5)</a>, Associate POSIX regexp pattern with value
- <a href="tcp_table.5.html">tcp_table(5)</a>, Postfix client-server table lookup
Daemon processes:
<a href="anvil.8.html">anvil(8)</a>, Postfix connection/rate limiting
when lookups are directed to a TCP-based server. For a
description of regular expression lookup table syntax, see
<a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>. For a description of the
- TCP client/server table lookup protocol, see <a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>.
+ TCP client/server table lookup protocol, see <b>tcp_table</b>(5).
This feature is not available up to and including Postfix
version 2.2.
<b>TCP-BASED TABLES</b>
This section describes how the table lookups change when
lookups are directed to a TCP-based server. For a descrip-
- tion of the TCP client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_ta-</b></a>
- <a href="tcp_table.5.html"><b>ble</b>(5)</a>. This feature is not available up to and including
+ tion of the TCP client/server lookup protocol, see <b>tcp_ta-</b>
+ <b>ble</b>(5). This feature is not available up to and including
Postfix version 2.2.
Each lookup operation uses the entire address once. Thus,
+++ /dev/null
-<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
- "http://www.w3.org/TR/html4/loose.dtd">
-<html> <head>
-<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
-<title> Postfix manual - tcp_table(5) </title>
-</head> <body> <pre>
-TCP_TABLE(5) TCP_TABLE(5)
-
-<b>NAME</b>
- tcp_table - Postfix client/server table lookup protocol
-
-<b>SYNOPSIS</b>
- <b>postmap -q "</b><i>string</i><b>" <a href="tcp_table.5.html">tcp</a>:</b><i>host:port</i>
-
- <b>postmap -q - <a href="tcp_table.5.html">tcp</a>:</b><i>host:port</i> <<i>inputfile</i>
-
-<b>DESCRIPTION</b>
- The Postfix mail system uses optional tables for address
- rewriting or mail routing. These tables are usually in <b>dbm</b>
- or <b>db</b> format. Alternatively, table lookups can be directed
- to a TCP server.
-
- To find out what types of lookup tables your Postfix sys-
- tem supports use the "<b>postconf -m</b>" command.
-
- To test lookup tables, use the "<b>postmap -q</b>" command as
- described in the SYNOPSIS above.
-
-<b>PROTOCOL DESCRIPTION</b>
- The TCP map class implements a very simple protocol: the
- client sends a request, and the server sends one reply.
- Requests and replies are sent as one line of ASCII text,
- terminated by the ASCII newline character. Request and
- reply parameters (see below) are separated by whitespace.
-
- Send and receive operations must complete in 100 seconds.
-
-<b>REQUEST FORMAT</b>
- Each request specifies a command, a lookup key, and possi-
- bly a lookup result.
-
- <b>get</b> SPACE <i>key</i> NEWLINE
- Look up data under the specified key.
-
- <b>put</b> SPACE <i>key</i> SPACE <i>value</i> NEWLINE
- This request is currently not implemented.
-
-<b>REPLY FORMAT</b>
- Each reply specifies a status code and text. Replies must
- be no longer than 4096 characters including the newline
- terminator.
-
- <b>500</b> SPACE <i>text</i> NEWLINE
- In case of a lookup request, the requested data
- does not exist. In case of an update request, the
- request was rejected. The text describes the
- nature of the problem.
-
- <b>400</b> SPACE <i>text</i> NEWLINE
- This indicates an error condition. The text
- describes the nature of the problem. The client
- should retry the request later.
-
- <b>200</b> SPACE <i>text</i> NEWLINE
- The request was successful. In the case of a lookup
- request, the text contains an encoded version of
- the requested data.
-
-<b>ENCODING</b>
- In request and reply parameters, the character %, each
- non-printing character, and each whitespace character must
- be replaced by %XX, where XX is the corresponding ASCII
- hexadecimal character value. The hexadecimal codes can be
- specified in any case (upper, lower, mixed).
-
- The Postfix client always encodes a request. The server
- may omit the encoding as long as the reply is guaranteed
- to not contain the % or NEWLINE character.
-
-<b>SECURITY</b>
- Do not use TCP lookup tables for security critical pur-
- poses. The client-server connection is not protected and
- the server is not authenticated.
-
-<b>BUGS</b>
- Only the lookup method is currently implemented.
-
- The client does not hang up when the connection is idle
- for a long time.
-
-<b>SEE ALSO</b>
- <a href="postmap.1.html">postmap(1)</a>, Postfix lookup table manager
- <a href="regexp_table.5.html">regexp_table(5)</a>, format of regular expression tables
- <a href="pcre_table.5.html">pcre_table(5)</a>, format of PCRE tables
- <a href="cidr_table.5.html">cidr_table(5)</a>, format of CIDR tables
-
-<b>README FILES</b>
- <a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
-
-<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
-
-<b>AUTHOR(S)</b>
- Wietse Venema
- IBM T.J. Watson Research
- P.O. Box 704
- Yorktown Heights, NY 10598, USA
-
- TCP_TABLE(5)
-</pre> </body> </html>
<b>TCP-BASED TABLES</b>
This section describes how the table lookups change when
lookups are directed to a TCP-based server. For a descrip-
- tion of the TCP client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_ta-</b></a>
- <a href="tcp_table.5.html"><b>ble</b>(5)</a>. This feature is not available up to and including
+ tion of the TCP client/server lookup protocol, see <b>tcp_ta-</b>
+ <b>ble</b>(5). This feature is not available up to and including
Postfix version 2.2.
Each lookup operation uses the entire recipient address
<b>TCP-BASED TABLES</b>
This section describes how the table lookups change when
lookups are directed to a TCP-based server. For a descrip-
- tion of the TCP client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_ta-</b></a>
- <a href="tcp_table.5.html"><b>ble</b>(5)</a>. This feature is not available up to and including
+ tion of the TCP client/server lookup protocol, see <b>tcp_ta-</b>
+ <b>ble</b>(5). This feature is not available up to and including
Postfix version 2.2.
Each lookup operation uses the entire address once. Thus,
export SYSTYPE AR ARFL RANLIB SYSLIBS CC OPT DEBUG AWK OPTS
# Snapshot only.
-CCARGS="$CCARGS -DSNAPSHOT"
+#CCARGS="$CCARGS -DSNAPSHOT"
sed 's/ / /g' <<EOF
SYSTYPE = $SYSTYPE
man1/postqueue.1 man1/postsuper.1
CONFIG = man5/access.5 man5/aliases.5 man5/canonical.5 man5/relocated.5 \
man5/transport.5 man5/virtual.5 man5/pcre_table.5 man5/regexp_table.5 \
- man5/cidr_table.5 man5/tcp_table.5 man5/header_checks.5 \
+ man5/cidr_table.5 man5/header_checks.5 \
man5/body_checks.5 man5/ldap_table.5 man5/mysql_table.5 \
man5/pgsql_table.5 man5/master.5 man5/nisplus_table.5 \
man5/generic.5
pcre_table(5), Associate PCRE pattern with value
pgsql_table(5), Postfix PostgreSQL client
regexp_table(5), Associate POSIX regexp pattern with value
-tcp_table(5), Postfix client-server table lookup
Daemon processes:
anvil(8), Postfix connection/rate limiting
+++ /dev/null
-.TH TCP_TABLE 5
-.ad
-.fi
-.SH NAME
-tcp_table
-\-
-Postfix client/server table lookup protocol
-.SH "SYNOPSIS"
-.na
-.nf
-\fBpostmap -q "\fIstring\fB" tcp:\fIhost:port\fR
-
-\fBpostmap -q - tcp:\fIhost:port\fR <\fIinputfile\fR
-.SH DESCRIPTION
-.ad
-.fi
-The Postfix mail system uses optional tables for address
-rewriting or mail routing. These tables are usually in
-\fBdbm\fR or \fBdb\fR format. Alternatively, table lookups
-can be directed to a TCP server.
-
-To find out what types of lookup tables your Postfix system
-supports use the "\fBpostconf -m\fR" command.
-
-To test lookup tables, use the "\fBpostmap -q\fR" command as
-described in the SYNOPSIS above.
-.SH "PROTOCOL DESCRIPTION"
-.na
-.nf
-.ad
-.fi
-The TCP map class implements a very simple protocol: the client
-sends a request, and the server sends one reply. Requests and
-replies are sent as one line of ASCII text, terminated by the
-ASCII newline character. Request and reply parameters (see below)
-are separated by whitespace.
-
-Send and receive operations must complete in 100 seconds.
-.SH "REQUEST FORMAT"
-.na
-.nf
-.ad
-.fi
-Each request specifies a command, a lookup key, and possibly a
-lookup result.
-.IP "\fBget\fR SPACE \fIkey\fR NEWLINE"
-Look up data under the specified key.
-.IP "\fBput\fR SPACE \fIkey\fR SPACE \fIvalue\fR NEWLINE"
-This request is currently not implemented.
-.SH "REPLY FORMAT"
-.na
-.nf
-.ad
-.fi
-Each reply specifies a status code and text. Replies must be no
-longer than 4096 characters including the newline terminator.
-.IP "\fB500\fR SPACE \fItext\fR NEWLINE"
-In case of a lookup request, the requested data does not exist.
-In case of an update request, the request was rejected.
-The text describes the nature of the problem.
-.IP "\fB400\fR SPACE \fItext\fR NEWLINE"
-This indicates an error condition. The text describes the nature of
-the problem. The client should retry the request later.
-.IP "\fB200\fR SPACE \fItext\fR NEWLINE"
-The request was successful. In the case of a lookup request,
-the text contains an encoded version of the requested data.
-.SH "ENCODING"
-.na
-.nf
-.ad
-.fi
-In request and reply parameters, the character %, each non-printing
-character, and each whitespace character must be replaced by %XX,
-where XX is the corresponding ASCII hexadecimal character value. The
-hexadecimal codes can be specified in any case (upper, lower, mixed).
-
-The Postfix client always encodes a request.
-The server may omit the encoding as long as the reply
-is guaranteed to not contain the % or NEWLINE character.
-.SH "SECURITY"
-.na
-.nf
-.ad
-.fi
-Do not use TCP lookup tables for security critical purposes.
-The client-server connection is not protected and the server
-is not authenticated.
-.SH BUGS
-.ad
-.fi
-Only the lookup method is currently implemented.
-
-The client does not hang up when the connection is idle for
-a long time.
-.SH "SEE ALSO"
-.na
-.nf
-postmap(1), Postfix lookup table manager
-regexp_table(5), format of regular expression tables
-pcre_table(5), format of PCRE tables
-cidr_table(5), format of CIDR tables
-.SH "README FILES"
-.na
-.nf
-.ad
-.fi
-Use "\fBpostconf readme_directory\fR" or
-"\fBpostconf html_directory\fR" to locate this information.
-.na
-.nf
-DATABASE_README, Postfix lookup table overview
-.SH "LICENSE"
-.na
-.nf
-.ad
-.fi
-The Secure Mailer license must be distributed with this software.
-.SH "AUTHOR(S)"
-.na
-.nf
-Wietse Venema
-IBM T.J. Watson Research
-P.O. Box 704
-Yorktown Heights, NY 10598, USA
s/[<bB>]*vir[-<\/bB>]*\n*[ <bB>]*tual[<\/bB>]*\(5\)/<a href="virtual.5.html">$&<\/a>/g;
s/[<bB>]*vir[-<\/bB>]*\n*[ <bB>]*tual[<\/bB>]*\(8\)/<a href="virtual.8.html">$&<\/a>/g;
s/[<bB>]*cidr_ta[-<\/bB>]*\n*[ <bB>]*ble[<\/bB>]*\(5\)/<a href="cidr_table.5.html">$&<\/a>/g;
- s/[<bB>]*tcp_ta[-<\/bB>]*\n*[ <bB>]*ble[<\/bB>]*\(5\)/<a href="tcp_table.5.html">$&<\/a>/g;
+
#s/[<bB>]*tcp_ta[-<\/bB>]*\n*[ <bB>]*ble[<\/bB>]*\(5\)/<a href="tcp_table.5.html">$&<\/a>/g;
s/[<bB>]*body_checks[<\/bB>]*\(5\)/<a href="header_checks.5.html">$&<\/a>/g;
s/[<bB>]*header_checks[<\/bB>]*\(5\)/<a href="header_checks.5.html">$&<\/a>/g;
s/\b(nisplus):/<a href="nisplus_table.5.html">$1<\/a>:/g;
s/\b(ldap):/<a href="ldap_table.5.html">$1<\/a>:/g;
s/\b(regexp):/<a href="regexp_table.5.html">$1<\/a>:/g;
- s/\b(tcp):/<a href="tcp_table.5.html">$1<\/a>:/g;
+
#s/\b(tcp):/<a href="tcp_table.5.html">$1<\/a>:/g;
# Do nice links for smtp:host:port etc.
+++ /dev/null
-#++
-# NAME
-# tcp_table 5
-# SUMMARY
-# Postfix client/server table lookup protocol
-# SYNOPSIS
-# \fBpostmap -q "\fIstring\fB" tcp:\fIhost:port\fR
-#
-# \fBpostmap -q - tcp:\fIhost:port\fR <\fIinputfile\fR
-# DESCRIPTION
-# The Postfix mail system uses optional tables for address
-# rewriting or mail routing. These tables are usually in
-# \fBdbm\fR or \fBdb\fR format. Alternatively, table lookups
-# can be directed to a TCP server.
-#
-# To find out what types of lookup tables your Postfix system
-# supports use the "\fBpostconf -m\fR" command.
-#
-# To test lookup tables, use the "\fBpostmap -q\fR" command as
-# described in the SYNOPSIS above.
-# PROTOCOL DESCRIPTION
-# .ad
-# .fi
-# The TCP map class implements a very simple protocol: the client
-# sends a request, and the server sends one reply. Requests and
-# replies are sent as one line of ASCII text, terminated by the
-# ASCII newline character. Request and reply parameters (see below)
-# are separated by whitespace.
-#
-# Send and receive operations must complete in 100 seconds.
-# REQUEST FORMAT
-# .ad
-# .fi
-# Each request specifies a command, a lookup key, and possibly a
-# lookup result.
-# .IP "\fBget\fR SPACE \fIkey\fR NEWLINE"
-# Look up data under the specified key.
-# .IP "\fBput\fR SPACE \fIkey\fR SPACE \fIvalue\fR NEWLINE"
-# This request is currently not implemented.
-# REPLY FORMAT
-# .ad
-# .fi
-# Each reply specifies a status code and text. Replies must be no
-# longer than 4096 characters including the newline terminator.
-# .IP "\fB500\fR SPACE \fItext\fR NEWLINE"
-# In case of a lookup request, the requested data does not exist.
-# In case of an update request, the request was rejected.
-# The text describes the nature of the problem.
-# .IP "\fB400\fR SPACE \fItext\fR NEWLINE"
-# This indicates an error condition. The text describes the nature of
-# the problem. The client should retry the request later.
-# .IP "\fB200\fR SPACE \fItext\fR NEWLINE"
-# The request was successful. In the case of a lookup request,
-# the text contains an encoded version of the requested data.
-# ENCODING
-# .ad
-# .fi
-# In request and reply parameters, the character %, each non-printing
-# character, and each whitespace character must be replaced by %XX,
-# where XX is the corresponding ASCII hexadecimal character value. The
-# hexadecimal codes can be specified in any case (upper, lower, mixed).
-#
-# The Postfix client always encodes a request.
-# The server may omit the encoding as long as the reply
-# is guaranteed to not contain the % or NEWLINE character.
-# SECURITY
-# .ad
-# .fi
-# Do not use TCP lookup tables for security critical purposes.
-# The client-server connection is not protected and the server
-# is not authenticated.
-# BUGS
-# Only the lookup method is currently implemented.
-#
-# The client does not hang up when the connection is idle for
-# a long time.
-# SEE ALSO
-# postmap(1), Postfix lookup table manager
-# regexp_table(5), format of regular expression tables
-# pcre_table(5), format of PCRE tables
-# cidr_table(5), format of CIDR tables
-# README FILES
-# .ad
-# .fi
-# Use "\fBpostconf readme_directory\fR" or
-# "\fBpostconf html_directory\fR" to locate this information.
-# .na
-# .nf
-# DATABASE_README, Postfix lookup table overview
-# LICENSE
-# .ad
-# .fi
-# The Secure Mailer license must be distributed with this software.
-# AUTHOR(S)
-# Wietse Venema
-# IBM T.J. Watson Research
-# P.O. Box 704
-# Yorktown Heights, NY 10598, USA
-#--*/
static char *max_rcpt_user;
static time_t max_rcpt_time;
-static int max_newtls;
-static char *max_newtls_user;
-static time_t max_newtls_time;
-
static int max_cache;
static time_t max_cache_time;
int rate; /* connection rate */
int mail; /* message rate */
int rcpt; /* recipient rate */
- int newtls; /* newtls rate */
time_t start; /* time of first rate sample */
} ANVIL_REMOTE;
(remote)->rate = 1; \
(remote)->mail = 0; \
(remote)->rcpt = 0; \
- (remote)->newtls = 0; \
(remote)->start = event_time(); \
} while(0)
(remote)->rate = 1; \
(remote)->mail = 0; \
(remote)->rcpt = 0; \
- (remote)->newtls = 0; \
(remote)->start = _now; \
} else if ((remote)->rate < INT_MAX) { \
(remote)->rate += 1; \
(remote)->rate = 0; \
(remote)->mail = 1; \
(remote)->rcpt = 0; \
- (remote)->newtls = 0; \
(remote)->start = _now; \
} else if ((remote)->mail < INT_MAX) { \
(remote)->mail += 1; \
(remote)->rate = 0; \
(remote)->mail = 0; \
(remote)->rcpt = 1; \
- (remote)->newtls = 0; \
(remote)->start = _now; \
} else if ((remote)->rcpt < INT_MAX) { \
(remote)->rcpt += 1; \
} \
} while(0)
-#define ANVIL_ADD_STARTTLS(remote) \
- do { \
- time_t _now = event_time(); \
- if ((remote)->start + var_anvil_time_unit < _now) { \
- (remote)->rate = 0; \
- (remote)->mail = 0; \
- (remote)->rcpt = 0; \
- (remote)->newtls = 1; \
- (remote)->start = _now; \
- } else if ((remote)->rcpt < INT_MAX) { \
- (remote)->newtls += 1; \
- } \
- } while(0)
-
/* Drop connection from (service, client) state. */
#define ANVIL_REMOTE_DROP_ONE(remote) \
}
}
-/* anvil_remote_newtls - register newtls event */
-
-static void anvil_remote_newtls(VSTREAM *client_stream, const char *ident)
-{
- ANVIL_REMOTE *anvil_remote;
-
- /*
- * Be prepared for "postfix reload" after "connect".
- */
- if ((anvil_remote =
- (ANVIL_REMOTE *) htable_find(anvil_remote_map, ident)) == 0)
- anvil_remote = anvil_remote_conn_update(client_stream, ident);
-
- /*
- * Update newtls rate and respond to local client.
- */
- ANVIL_ADD_STARTTLS(anvil_remote);
- attr_print_plain(client_stream, ATTR_FLAG_NONE,
- ATTR_TYPE_NUM, ANVIL_ATTR_STATUS, ANVIL_STAT_OK,
- ATTR_TYPE_NUM, ANVIL_ATTR_RATE, anvil_remote->newtls,
- ATTR_TYPE_END);
-
- /*
- * Update local statistics.
- */
- if (anvil_remote->newtls > max_newtls) {
- max_newtls = anvil_remote->newtls;
- if (max_newtls_user == 0) {
- max_newtls_user = mystrdup(anvil_remote->ident);
- } else if (!STREQ(max_newtls_user, anvil_remote->ident)) {
- myfree(max_newtls_user);
- max_newtls_user = mystrdup(anvil_remote->ident);
- }
- max_newtls_time = event_time();
- }
-}
-
/* anvil_remote_disconnect - report disconnect event */
static void anvil_remote_disconnect(VSTREAM *client_stream, const char *ident)
anvil_remote_mail(client_stream, STR(ident));
} else if (STREQ(STR(request), ANVIL_REQ_RCPT)) {
anvil_remote_rcpt(client_stream, STR(ident));
- } else if (STREQ(STR(request), ANVIL_REQ_NEWTLS)) {
- anvil_remote_newtls(client_stream, STR(ident));
} else if (STREQ(STR(request), ANVIL_REQ_DISC)) {
anvil_remote_disconnect(client_stream, STR(ident));
} else if (STREQ(STR(request), ANVIL_REQ_LOOKUP)) {
max_rcpt_user, ctime(&max_rcpt_time) + 4);
max_rcpt = 0;
}
- if (max_newtls > 0) {
- msg_info("statistics: max newtls rate %d/%ds for (%s) at %.15s",
- max_newtls, var_anvil_time_unit,
- max_newtls_user, ctime(&max_newtls_time) + 4);
- max_newtls = 0;
- }
if (max_cache > 0) {
msg_info("statistics: max cache size %d at %.15s",
max_cache, ctime(&max_cache_time) + 4);
/* const char *addr;
/* int *rcpts;
/*
-/* int anvil_clnt_newtls(anvil_clnt, service, addr, newtls)
-/* ANVIL_CLNT *anvil_clnt;
-/* const char *service;
-/* const char *addr;
-/* int *newtls;
-/*
/* int anvil_clnt_disconnect(anvil_clnt, service, addr)
/* ANVIL_CLNT *anvil_clnt;
/* const char *service;
/* anvil_clnt_rcpt() registers a RCPT TO event and returns
/* the current RCPT TO rate for the specified client.
/*
-/* anvil_clnt_newtls() registers a request to negotiate a new
-/* (uncached) TLS session and returns the current request rate
-/* for the specified client.
-/*
/* anvil_clnt_disconnect() informs the anvil server that a
/* client has disconnected.
/*
/* .IP rcpts
/* Pointer to storage for the current recipient rate for this
/* remote client.
-/* .IP newtls
-/* Pointer to storage for the current "new TLS session" rate
-/* for this remote client.
/* DIAGNOSTICS
/* anvil_clnt_connect() and anvil_clnt_disconnect() return
/* ANVIL_STAT_OK in case of success, ANVIL_STAT_FAIL otherwise
return (status);
}
-/* anvil_clnt_newtls - heads-up and policy query */
-
-int anvil_clnt_newtls(ANVIL_CLNT *anvil_clnt, const char *service,
- const char *addr, int *newtls)
-{
- char *ident = ANVIL_IDENT(service, addr);
- int status;
-
- if (attr_clnt_request((ATTR_CLNT *)anvil_clnt,
- ATTR_FLAG_NONE, /* Query attributes. */
- ATTR_TYPE_STR, ANVIL_ATTR_REQ, ANVIL_REQ_NEWTLS,
- ATTR_TYPE_STR, ANVIL_ATTR_IDENT, ident,
- ATTR_TYPE_END,
- ATTR_FLAG_MISSING, /* Reply attributes. */
- ATTR_TYPE_NUM, ANVIL_ATTR_STATUS, &status,
- ATTR_TYPE_NUM, ANVIL_ATTR_RATE, newtls,
- ATTR_TYPE_END) != 2)
- status = ANVIL_STAT_FAIL;
- else if (status != ANVIL_STAT_OK)
- status = ANVIL_STAT_FAIL;
- myfree(ident);
- return (status);
-}
-
/* anvil_clnt_disconnect - heads-up only */
-int anvil_clnt_disconnect(ANVIL_CLNT *anvil_clnt, const char *service,
- const char *addr)
+int anvil_clnt_disconnect(ANVIL_CLNT *anvil_clnt, const char *service,
+ const char *addr)
{
char *ident = ANVIL_IDENT(service, addr);
- int status;
+ int status;
- if (attr_clnt_request((ATTR_CLNT *)anvil_clnt,
+ if (attr_clnt_request((ATTR_CLNT *) anvil_clnt,
ATTR_FLAG_NONE, /* Query attributes. */
ATTR_TYPE_STR, ANVIL_ATTR_REQ, ANVIL_REQ_DISC,
ATTR_TYPE_STR, ANVIL_ATTR_IDENT, ident,
ANVIL_REQ_MAIL, ANVIL_REQ_RCPT);
}
-int main(int unused_argc, char **argv)
+int main(int unused_argc, char **argv)
{
VSTRING *inbuf = vstring_alloc(1);
char *bufp;
char *cmd;
- int cmd_len;
+ int cmd_len;
char *service;
char *addr;
- int count;
- int rate;
- int msgs;
- int rcpts;
+ int count;
+ int rate;
+ int msgs;
+ int rcpts;
ANVIL_CLNT *anvil;
msg_vstream_init(argv[0], VSTREAM_ERR);
#define ANVIL_REQ_DISC "disconnect"
#define ANVIL_REQ_MAIL "message"
#define ANVIL_REQ_RCPT "recipient"
-#define ANVIL_REQ_NEWTLS "newtls"
#define ANVIL_REQ_LOOKUP "lookup"
#define ANVIL_ATTR_IDENT "ident"
#define ANVIL_ATTR_COUNT "count"
extern int anvil_clnt_connect(ANVIL_CLNT *, const char *, const char *, int *, int *);
extern int anvil_clnt_mail(ANVIL_CLNT *, const char *, const char *, int *);
extern int anvil_clnt_rcpt(ANVIL_CLNT *, const char *, const char *, int *);
-extern int anvil_clnt_newtls(ANVIL_CLNT *, const char *, const char *, int *);
extern int anvil_clnt_lookup(ANVIL_CLNT *, const char *, const char *, int *, int *, int *, int *);
extern int anvil_clnt_disconnect(ANVIL_CLNT *, const char *, const char *);
extern void anvil_clnt_free(ANVIL_CLNT *);
#ifdef SNAPSHOT
#define DEF_MAIL_VERSION MAIL_VERSION_NUMBER "-" MAIL_RELEASE_DATE
#else
-#define DEF_MAIL_VERSION MAIL_VERSION_NUMBER
+#define DEF_MAIL_VERSION MAIL_VERSION_NUMBER "-RC1"
#endif
extern char *var_mail_version;
/* pcre_table(5), Associate PCRE pattern with value
/* pgsql_table(5), Postfix PostgreSQL client
/* regexp_table(5), Associate POSIX regexp pattern with value
-/* tcp_table(5), Postfix client-server table lookup
/*
/* Daemon processes:
/* anvil(8), Postfix connection/rate limiting
projects / thirdparty / postfix.git / commitdiff
