experienced by Pavol Luptak. Files: pickup/pickup.c,
cleanup/cleanup_extracted.c.
+20020705
+
+ Safety: log a warning when a domain is listed in mydestination
+ and (virtual_maps or virtual_mailbox_maps). This configuration
+ error causes the Postfix SMTP server to reject recipients
+ when the local_recipient_maps feature is enabled. File:
+ smtpd/smtpd_check.c.
+
+200207011
+
+ Portability: in the master daemon, the default now is to
+ enable the signal handler code that writes a byte into a
+ pipe, instead of the signal handler code that sets a global
+ flag and hopes that select() will somehow wake up. File:
+ master/master_sig.c. This is needed for some IRIX and
+ UnixWare versions, but it should also produce a robust
+ result on all other supported systems.
+
+ Performance: the default SMTP connection establishment
+ timeout is now 30 seconds, instead of the system default
+ which can be atrociously large.
+
+20020712
+
+ When DNS lookup fails while delivering mail, report not
+ only the domain name but also the DNS record type. This
+ should clue in people who ask why Postfix can't find a
+ domain while nslookup can. File: dns/dns_lookup.c.
+
+20020713
+
+ Bugfix: undo change made at 20020610 that causes the trivial
+ resolver client to loop when an address consists entirely
+ of @ and . characters. File: trivial-rewrite/resolve.c.
+
+ Cleanup: Postfix no longer strips multiple '.' at the end
+ of a domain name. One '.' is silently tolerated. Files:
+ trivial-rewrite/rewrite.c, trivial-rewrite/resolve.c,
+ global/resolve_local.c. This policy is too distributed.
+
+20020715
+
+ Feature: @domain.tld catch-all map entries for the virtual
+ mail delivery agent. Files: global/virtual8_maps_find.c,
+ virtual/mailbox.c, smtpd/smtpd_check.c.
+
+ Feature: the virtual mail delivery agent now accepts address
+ extensions (user+foo@domain.tld), ignores them when looking
+ up users in its tables, but displays them in Delivered-To:
+ message headers. File: global/virtual8_maps_find.c.
+
+20020716
+
+ Feature: domain names in a masquerade_domains list can now
+ be prefixed with !, in order to disable masquerading for
+ that domain name and for its subdomains. File:
+ cleanup/cleanup_masquerade.c.
+
+20020717
+
+ Bugfix: Mac OS X niscript (Netinfo) update by Gerben Wierda.
+ File: auxiliary/MacOSX/niscript.
+
+ Feature: The SMTP server reject_unknown_whatever restrictions
+ now also attempt to look up AAAA (IPV6 address) records.
+ Jun-ichiro itojun Hagino, IIJ labs. Files: smtpd/smtpd_check.c,
+ dns/dns_lookup.c.
+
Open problems:
+ Medium: should permit_mx_backup defer delivery if DNS
+ has some error of some kind?
+
Medium: old maildrop files are no longer readable by the
pickup service. Log a message that suggests a fix.
% make
produces compiler error messages, it may be time to examine the
-FAQ document (see htlm/faq.html).
+FAQ document (see html/faq.html).
5 - Porting to on an unsupported system
=======================================
% make
produces compiler error messages, it may be time to examine the
-FAQ document (see htlm/faq.html).
+FAQ document (see html/faq.html).
5 - Porting to on an unsupported system
=======================================
a significant barrier against intrusion. The barrier is not
impenetrable, but every little bit helps.
-With the exception of the Postfix local delivery and `pipe' daemons,
+With the exception of the Postfix daemons that deliver mail locally,
every Postfix daemon can run chrooted.
Sites with high security requirements should consider to chroot
pwcheck_method: pwcheck
The pwcheck daemon is contained in the cyrus-sasl source tarball.
+IMPORTANT: postfix processes need to have group read+execute
+permission for the /var/pwcheck directory, otherwise authentication
+attempts will fail.
Alternately, in SASL 1.5.27 and later (including 2.1.1), try:
directory is unconditionally prepended to this path. If the
recipient is not found the mail is bounced.
+ In a lookup table, specify a left-hand side of @domain.tld to
+ match any user in the specified domain that does not have a
+ specific user@domain.tld entry. While searching a lookup table,
+ an address extension (user+foo@domain.tld) is ignored.
+
If a recipient is not found the mail is returned to the sender.
For security reasons, regexp maps are not allowed here, because
Recipients are looked up in this map to determine the UID (owner
privileges) to be used when writing to the target mailbox.
+ In a lookup table, specify a left-hand side of @domain.tld to
+ match any user in the specified domain that does not have a
+ specific user@domain.tld entry. While searching a lookup table,
+ an address extension (user+foo@domain.tld) is ignored.
+
For security reasons, regexp maps are not allowed here, because
their $1 etc. substitutions would open a security hole.
Recipients are looked up in this map to determine the GID (group
privileges) to be used when writing to the target mailbox.
+ In a lookup table, specify a left-hand side of @domain.tld to
+ match any user in the specified domain that does not have a
+ specific user@domain.tld entry. While searching a lookup table,
+ an address extension (user+foo@domain.tld) is ignored.
+
For security reasons, regexp maps are not allowed here, because
their $1 etc. substitutions would open a security hole.
date. Snapshots change only the release date, unless they include
the same bugfixes as a patch release.
+Incompatible changes with Postfix snapshot 1.1.11-20020717
+==========================================================
+
+The default timeout for establishing an SMTP connection has been
+reduced to 30 seconds, because many systems have an atrociously
+large default timeout value.
+
+The Postfix SMTP client now logs a warning when the same domain is
+listed in main.cf:mydestination as well as a Postfix-style virtual
+map. Such a mis-configuration may cause mail for users to be rejected
+with "user unknown".
+
+Postfix no longer strips multiple '.' characters from the end of
+an email address or domain name. Only one '.' is tolerated.
+
+The SMTP server reject_unknown_{sender,recipient}_domain etc.
+restrictions now also attempt to look up AAAA (IPV6 address) records.
+
+Major changes with Postfix snapshot 1.1.11-20020717
+===================================================
+
+The masquerade_domains feature now supports exceptions. Prepend
+a ! character to a domain name in order to not strip its subdomain
+structure. More information in conf/sample-rewrite.cf.
+
+The Postfix virtual delivery agent supports catch-all entries
+(@domain.tld) in lookup tables. These match users that do not
+have a specific user@domain.tld entry. The virtual delivery agent
+now ignores address extensions (user+foo@domain.tld) when searching
+its lookup tables, but displays the extensions in Delivered-To:
+message headers.
+
Incompatible changes with Postfix snapshot 1.1.11-20020610
==========================================================
# system where groups and/or users have been added, this script checks
# if the users/groups are there and if not creates them with free id's.
+# 17 Jul 2002 GW: Fixed two bugs
+# 1. Typo in createuser would always have uid 88 for postfix
+# 2. Add to netinfo domain . instead of / so that it also works on systems
+# where the / domain is actually network-wide (not very useful to add
+# a postfix user to all systems in that netinfo domain...)
+
print <<_WARNING
This script massages your netinfo database. This can severely break
sub creategroup
{
my $name = shift;
- open( NIDUMP, "nidump group /|") or die "Cannot run nidump\n";
+ open( NIDUMP, "nidump group .|") or die "Cannot run nidump\n";
my @groups=<NIDUMP>;
close( NIDUMP);
}
die "Cannot find free gid\n" if $tryno == 65536;
warn "Will create $name as gid $tryno\n";
- system "niutil -create / /groups/$name";
- system "niutil -createprop / /groups/$name name $name";
- system "niutil -createprop / /groups/$name gid $tryno";
- system "niutil -createprop / /groups/$name passwd '*'";
+ system "niutil -create . /groups/$name";
+ system "niutil -createprop . /groups/$name name $name";
+ system "niutil -createprop . /groups/$name gid $tryno";
+ system "niutil -createprop . /groups/$name passwd '*'";
return $tryno;
}
{
my $user = shift;
my $group = shift;
- system "niutil -appendprop / /groups/$group users $user";
+ system "niutil -appendprop . /groups/$group users $user";
}
sub readgroups
{
- open( NIDUMP, "nidump group /|") or die "Cannot run nidump\n";
+ open( NIDUMP, "nidump group .|") or die "Cannot run nidump\n";
my @groups=<NIDUMP>;
close( NIDUMP);
return @groups;
sub readusers
{
my @passwd;
- open( NIDUMP, "nidump passwd /|") or die "Cannot run nidump\n";
+ open( NIDUMP, "nidump passwd .|") or die "Cannot run nidump\n";
@passwd=<NIDUMP>;
close( NIDUMP);
return @passwd;
my $home = shift;
my $gid = shift;
- open( NIDUMP, "nidump passwd /|") or die "Cannot run nidump\n";
- my @passwd=<NIDUMP>;
+ open( NIDUMP, "nidump passwd .|") or die "Cannot run nidump\n";
+ my @passwds=<NIDUMP>;
close( NIDUMP);
my $tryno;
}
die "Cannot find free uid\n" if $tryno == 65536;
warn "Will create $name as uid $tryno\n";
- system "niutil -create / /users/$name";
- system "niutil -createprop / /users/$name realname $realname";
- system "niutil -createprop / /users/$name shell $shell";
- system "niutil -createprop / /users/$name uid $tryno";
- system "niutil -createprop / /users/$name gid $gid";
- system "niutil -createprop / /users/$name home $home";
- system "niutil -createprop / /users/$name _shadow_passwd";
- system "niutil -createprop / /users/$name passwd '*'";
+ system "niutil -create . /users/$name";
+ system "niutil -createprop . /users/$name realname $realname";
+ system "niutil -createprop . /users/$name shell $shell";
+ system "niutil -createprop . /users/$name uid $tryno";
+ system "niutil -createprop . /users/$name gid $gid";
+ system "niutil -createprop . /users/$name home $home";
+ system "niutil -createprop . /users/$name _shadow_passwd";
+ system "niutil -createprop . /users/$name passwd '*'";
return $tryno;
}
# a domain-wide alias database that aliases each user to
# user@that.users.mailhost.
#
+# For the sake of consistency between sender and recipient addresses,
+# myorigin also specifies the default domain name that is appended
+# to recipient addresses that have no @domain part.
+#
#myorigin = $myhostname
#myorigin = $mydomain
#fallback_transport =
# The luser_relay parameter specifies an optional destination address
-# for unknown recipients. By default, mail for unknown local recipients
-# is bounced.
+# for unknown recipients. By default, mail for unknown@$mydestination
+# and unknown@[$inet_interfaces] is returned as undeliverable.
#
# The following expansions are done on luser_relay: $user (recipient
# username), $shell (recipient shell), $home (recipient home directory),
#
old-cyrus unix - n n - - pipe
flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
+# Cyrus 2.1.5 (Amos Gouaux)
cyrus unix - n n - - pipe
- user=cyrus argv=/cyrus/bin/deliver -e -r ${recipient} -m ${extension} ${user}
+ user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
home_mailbox =
# The luser_relay parameter specifies an optional destination address
-# for unknown recipients. By default, mail for unknown local recipients
-# is bounced.
+# for unknown recipients. By default, mail for unknown@$mydestination
+# and unknown@[$inet_interfaces] is returned as undeliverable.
#
# The following expansions are done on luser_relay: $user (recipient
# username), $shell (recipient shell), $home (recipient home directory),
#
masquerade_classes = envelope_sender, header_sender, header_recipient
-# The masquerade_domains parameter gives an optional list of domains
-# that must have their subdomain structure stripped off.
+# The masquerade_domains parameter specifies an optional list of
+# domains that must have their subdomain structure stripped off.
+#
+# The list is processed left to right, and processing stops at the
+# first match. Thus,
+#
+# masquerade_domains = foo.example.com example.com
+#
+# strips any.thing.foo.example.com to foo.example.com, but strips
+# any.thing.else.example.com to example.com.
+#
+# A domain name prefixed with ! means do not masquerade this domain
+# or its subdomains. Thus,
+#
+# masquerade_domains = !foo.example.com example.com
+#
+# does not change any.thing.foo.example.com and foo.example.com,
+# but strips any.thing.else.example.com to example.com.
#
# By default, address masquerading is disabled.
#
#
# When no connection can be made within the deadline, the SMTP client
# tries the next address on the mail exchanger list. Specify 0 to
-# disable the timeout.
+# disable the timeout (i.e. use whatever timeout is implemented by
+# the operating system).
#
# Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
# The default time unit is s (seconds).
#
-#smtp_connect_timeout = 30s
-smtp_connect_timeout = 0s
+#smtp_connect_timeout = 0s
+smtp_connect_timeout = 30s
# The smtp_helo_timeout parameter specifies the SMTP client timeout
# for receiving the SMTP greeting banner.
<p>
+For the sake of consistency between sender and recipient addresses,
+<b>myorigin</b> also specifies the default domain name that is
+appended to an unqualified recipient address.
+
+<p>
+
<dl>
<dt> Examples:
of database your Postfix installation can support.
When no <i>file_type</i> is specified, the software uses
- the database type specified via the <b>database</b><i>_</i><b>type</b>
- configuration parameter. The default value for
- this parameter depends on the host environment.
+ the database type specified via the
+ <b>default</b><i>_</i><b>database</b><i>_</i><b>type</b> configuration parameter. The
+ default value for this parameter depends on the
+ host environment.
<i>file_name</i>
- The name of the alias database source file when
+ The name of the alias database source file when
rebuilding a database.
<b>DIAGNOSTICS</b>
- Problems are logged to the standard error stream. No out-
+ Problems are logged to the standard error stream. No out-
put means no problems were detected. Duplicate entries are
skipped and are flagged with a warning.
Enable verbose logging for debugging purposes.
<b>CONFIGURATION</b> <b>PARAMETERS</b>
- The following <b>main.cf</b> parameters are especially relevant
- to this program. See the Postfix <b>main.cf</b> file for syntax
+ The following <b>main.cf</b> parameters are especially relevant
+ to this program. See the Postfix <b>main.cf</b> file for syntax
details and for default values.
- <b>database</b><i>_</i><b>type</b>
- Default alias database type. On many UNIX systems,
+ efault_Bdatabase_type
+ Default alias database type. On many UNIX systems,
the default type is either <b>dbm</b> or <b>hash</b>.
<b>berkeley</b><i>_</i><b>db</b><i>_</i><b>create</b><i>_</i><b>buffer</b><i>_</i><b>size</b>
- Amount of buffer memory to be used when creating a
+ Amount of buffer memory to be used when creating a
Berkeley DB <b>hash</b> or <b>btree</b> lookup table.
<b>berkeley</b><i>_</i><b>db</b><i>_</i><b>read</b><i>_</i><b>buffer</b><i>_</i><b>size</b>
- Amount of buffer memory to be used when reading a
+ Amount of buffer memory to be used when reading a
Berkeley DB <b>hash</b> or <b>btree</b> lookup table.
<b>STANDARDS</b>
<a href="sendmail.1.html">sendmail(1)</a> mail posting and compatibility interface.
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
of database your Postfix installation can support.
When no <i>file_type</i> is specified, the software uses
- the database type specified via the <b>database</b><i>_</i><b>type</b>
- configuration parameter.
+ the database type specified via the
+ <b>default</b><i>_</i><b>database</b><i>_</i><b>type</b> configuration parameter.
<i>file_name</i>
The name of the lookup table source file when
Enable verbose logging for debugging purposes.
<b>CONFIGURATION</b> <b>PARAMETERS</b>
- <b>database</b><i>_</i><b>type</b>
+ <b>default</b><i>_</i><b>database</b><i>_</i><b>type</b>
Default output database type. On many UNIX sys-
tems, the default database type is either <b>hash</b> or
<b>dbm</b>.
<p>
Address masquerading is disabled by default. To enable, edit the
-<b>masquerade_domains</b> parameter in the <b>main.cf</b>
-file and specify one or more domain names separated by whitespace
-or commas. For example:
+<b>masquerade_domains</b> parameter in the <b>main.cf</b> file and
+specify one or more domain names separated by whitespace or commas.
+The list is processed left to right, and processing stops at the
+first match. Thus,
-<dl>
+<blockquote>
-<dd><b>masquerade_domains = $mydomain</b>
+<b>masquerade_domains = foo.example.com example.com</b>
-</dl>
+</blockquote>
+
+strips any.thing.foo.example.com to foo.example.com, but strips
+any.thing.else.example.com to example.com.
<p>
-In this example, addresses of the form <i>user@host.$mydomain</i>
-would be rewritten to <i>user@$mydomain</i>.
+A domain name prefixed with ! means do not masquerade this domain
+or its subdomains. Thus,
+
+<blockquote>
+
+<b>masquerade_domains = !foo.example.com example.com</b>
+
+</blockquote>
+
+does not change any.thing.foo.example.com and foo.example.com,
+but strips any.thing.else.example.com to example.com.
<p>
program processes the file(s) specified with the
<b>alias</b><i>_</i><b>database</b> configuration parameter. If no
alias database type is specified, the program uses
- the type specified with the <b>database</b><i>_</i><b>type</b> configu-
- ration parameter. This mode of operation is imple-
- mented by running the <a href="postalias.1.html"><b>postalias</b>(1)</a> command.
+ the type specified with the <b>default</b><i>_</i><b>database</b><i>_</i><b>type</b>
+ configuration parameter. This mode of operation is
+
implemented by running the <a href="postalias.1.html"><b>postalias</b>(1)</a> command.
Note: it may take a minute or so before an alias
database update becomes visible. Use the <b>postfix</b>
The amount of original message context that is sent
along with a non-delivery notification.
- <b>database</b><i>_</i><b>type</b>
+ <b>default</b><i>_</i><b>database</b><i>_</i><b>type</b>
Default alias etc. database type. On many UNIX sys-
tems the default type is either <b>dbm</b> or <b>hash</b>.
<html> <head> </head> <body> <pre>
-
VIRTUAL(8) VIRTUAL(8)
<b>NAME</b>
The <b>virtual</b><i>_</i><b>minimum</b><i>_</i><b>uid</b> parameter imposes a lower bound on
numerical user ID values that may be specified in any <b>vir-</b>
- <b>tual</b><i>_</i><b>owner</b><i>_</i><b>maps</b> or <b>virtual</b><i>_</i><b>uid</b><i>_</i><b>maps</b>.
+ <b>tual</b><i>_</i><b>uid</b><i>_</i><b>maps</b>.
<b>SECURITY</b>
The virtual delivery agent is not security sensitive, pro-
delivery is carried out, otherwise the path is
assumed to specify a UNIX-style mailbox file.
+ While searching a lookup table, an address exten-
+ sion (<i>user+foo@domain.tld</i>) is ignored.
+
+ In a lookup table, specify a left-hand side of
+ <i>@domain.tld</i> to match any user in the specified
+ domain that does not have a specific
+ <i>user@domain.tld</i> entry.
+
Note that <b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>base</b> is unconditionally
prepended to this path.
the user ID to be used when writing to the target
mailbox.
+ While searching a lookup table, an address exten-
+ sion (<i>user+foo@domain.tld</i>) is ignored.
+
+ In a lookup table, specify a left-hand side of
+ <i>@domain.tld</i> to match any user in the specified
+ domain that does not have a specific
+ <i>user@domain.tld</i> entry.
+
<b>virtual</b><i>_</i><b>gid</b><i>_</i><b>maps</b> (regexp maps disallowed)
Recipients are looked up in these maps to determine
the group ID to be used when writing to the target
mailbox.
+ While searching a lookup table, an address exten-
+ sion (<i>user+foo@domain.tld</i>) is ignored.
+
+ In a lookup table, specify a left-hand side of
+ <i>@domain.tld</i> to match any user in the specified
+ domain that does not have a specific
+ <i>user@domain.tld</i> entry.
+
<b>Locking</b> <b>controls</b>
<b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>lock</b>
How to lock UNIX-style mailboxes: one or more of
Level 3, 213 Miller St
North Sydney 2060, NSW, Australia
- 1
-
+ VIRTUAL(8)
</pre> </body> </html>
your Postfix installation can support.
When no \fIfile_type\fR is specified, the software uses the database
-type specified via the \fBdatabase_type\fR configuration parameter.
+type specified via the \fBdefault_database_type\fR configuration
+parameter.
The default value for this parameter depends on the host environment.
.RE
.IP \fIfile_name\fR
The following \fBmain.cf\fR parameters are especially relevant to
this program. See the Postfix \fBmain.cf\fR file for syntax details
and for default values.
-.IP \fBdatabase_type\fR
+.IP \fdefault_Bdatabase_type\fR
Default alias database type. On many UNIX systems, the default type
is either \fBdbm\fR or \fBhash\fR.
.IP \fBberkeley_db_create_buffer_size\fR
your Postfix installation can support.
When no \fIfile_type\fR is specified, the software uses the database
-type specified via the \fBdatabase_type\fR configuration parameter.
+type specified via the \fBdefault_database_type\fR configuration
+parameter.
.RE
.IP \fIfile_name\fR
The name of the lookup table source file when rebuilding a database.
.nf
.ad
.fi
-.IP \fBdatabase_type\fR
+.IP \fBdefault_database_type\fR
Default output database type.
On many UNIX systems, the default database type is either \fBhash\fR
or \fBdbm\fR.
the \fB-oA\fR option, see below), the program processes the file(s)
specified with the \fBalias_database\fR configuration parameter.
If no alias database type is specified, the program uses the type
-specified with the \fBdatabase_type\fR configuration parameter.
+specified with the \fBdefault_database_type\fR configuration parameter.
This mode of operation is implemented by running the \fBpostalias\fR(1)
command.
.sp
.IP \fBbounce_size_limit\fR
The amount of original message context that is sent along
with a non-delivery notification.
-.IP \fBdatabase_type\fR
+.IP \fBdefault_database_type\fR
Default alias etc. database type. On many UNIX systems the
default type is either \fBdbm\fR or \fBhash\fR.
.IP \fBdebugger_command\fR
The \fBvirtual_minimum_uid\fR parameter imposes a lower bound on
numerical user ID values that may be specified in any
-\fBvirtual_owner_maps\fR or \fBvirtual_uid_maps\fR.
+\fBvirtual_uid_maps\fR.
.SH SECURITY
.na
.nf
("/"), maildir-style delivery is carried out, otherwise the
path is assumed to specify a UNIX-style mailbox file.
+While searching a lookup table, an address extension
+(\fIuser+foo@domain.tld\fR) is ignored.
+
+In a lookup table, specify a left-hand side of \fI@domain.tld\fR
+to match any user in the specified domain that does not have a
+specific \fIuser@domain.tld\fR entry.
+
Note that \fBvirtual_mailbox_base\fR is unconditionally prepended
to this path.
.IP \fBvirtual_minimum_uid\fR
.IP "\fBvirtual_uid_maps\fR (regexp maps disallowed)"
Recipients are looked up in these maps to determine the user ID to be
used when writing to the target mailbox.
+
+While searching a lookup table, an address extension
+(\fIuser+foo@domain.tld\fR) is ignored.
+
+In a lookup table, specify a left-hand side of \fI@domain.tld\fR
+to match any user in the specified domain that does not have a
+specific \fIuser@domain.tld\fR entry.
.IP "\fBvirtual_gid_maps\fR (regexp maps disallowed)"
Recipients are looked up in these maps to determine the group ID to be
used when writing to the target mailbox.
+
+While searching a lookup table, an address extension
+(\fIuser+foo@domain.tld\fR) is ignored.
+
+In a lookup table, specify a left-hand side of \fI@domain.tld\fR
+to match any user in the specified domain that does not have a
+specific \fIuser@domain.tld\fR entry.
.SH "Locking controls"
.ad
.fi
-Wunused
DEFS = -I. -I$(INC_DIR) -D$(SYSTYPE)
CFLAGS = $(DEBUG) $(OPT) $(DEFS)
-TESTPROG=
+TESTPROG= cleanup_masquerade
PROG = cleanup
INC_DIR = ../../include
LIBS = ../../lib/libmaster.a ../../lib/libglobal.a ../../lib/libutil.a
tidy: clean
+cleanup_masquerade: cleanup_masquerade.o
+ mv cleanup_masquerade.o junk
+ $(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIBS) $(SYSLIBS)
+ mv junk cleanup_masquerade.o
+
+tests: cleanup_masquerade_test
+
+cleanup_masquerade_test: cleanup_masquerade cleanup_masq.ref
+ rm -f cleanup_masq.tmp
+ ./cleanup_masquerade '' a.b.c,b.c xxx@aa.a.b.c >>cleanup_masq.tmp
+ ./cleanup_masquerade 'xxx' a.b.c,b.c xxx@aa.a.b.c >>cleanup_masq.tmp
+ ./cleanup_masquerade 'yyy' a.b.c,b.c xxx@aa.a.b.c >>cleanup_masq.tmp
+ ./cleanup_masquerade '' !a.b.c,b.c xxx@aa.a.b.c >>cleanup_masq.tmp
+ ./cleanup_masquerade '' a.b.c,b.c xxx@a.b.c >>cleanup_masq.tmp
+ ./cleanup_masquerade '' !a.b.c,b.c xxx@a.b.c >>cleanup_masq.tmp
+ ./cleanup_masquerade '' a.b.c,b.c xxx@aaa.b.c >>cleanup_masq.tmp
+ ./cleanup_masquerade '' a.b.c,b.c xxx@b.c >>cleanup_masq.tmp
+ diff cleanup_masq.ref cleanup_masq.tmp
+ rm -f cleanup_masq.tmp
+
depend: $(MAKES)
(sed '1,/^# do not edit/!d' Makefile.in; \
set -e; for i in [a-z][a-z0-9]*.c; do \
--- /dev/null
+----------
+exceptions:
+masq_list: a.b.c,b.c
+address: xxx@aa.a.b.c
+result: xxx@a.b.c
+----------
+exceptions: xxx
+masq_list: a.b.c,b.c
+address: xxx@aa.a.b.c
+result: xxx@aa.a.b.c
+----------
+exceptions: yyy
+masq_list: a.b.c,b.c
+address: xxx@aa.a.b.c
+result: xxx@a.b.c
+----------
+exceptions:
+masq_list: !a.b.c,b.c
+address: xxx@aa.a.b.c
+result: xxx@aa.a.b.c
+----------
+exceptions:
+masq_list: a.b.c,b.c
+address: xxx@a.b.c
+result: xxx@a.b.c
+----------
+exceptions:
+masq_list: !a.b.c,b.c
+address: xxx@a.b.c
+result: xxx@a.b.c
+----------
+exceptions:
+masq_list: a.b.c,b.c
+address: xxx@aaa.b.c
+result: xxx@b.c
+----------
+exceptions:
+masq_list: a.b.c,b.c
+address: xxx@b.c
+result: xxx@b.c
char *domain;
int domain_len;
char **masqp;
+ char *masq;
int masq_len;
char *parent;
+ int truncate;
/* Stuff for excluded names. */
static HTABLE *masq_except_table = 0;
* the domain in the address and terminate. If the domain matches a
* masquerade domain, leave it alone. Order of specification matters.
*/
- for (masqp = masq_domains->argv; *masqp; masqp++) {
- masq_len = strlen(*masqp);
+ for (masqp = masq_domains->argv; (masq = *masqp) != 0; masqp++) {
+ for (truncate = 1; *masq == '!'; masq++)
+ truncate = !truncate;
+ masq_len = strlen(masq);
+ if (masq_len == 0)
+ continue;
if (masq_len == domain_len) {
- if (strcasecmp(*masqp, domain) == 0)
+ if (strcasecmp(masq, domain) == 0)
break;
} else if (masq_len < domain_len) {
parent = domain + domain_len - masq_len;
- if (parent[-1] == '.' && strcasecmp(*masqp, parent) == 0) {
- if (msg_verbose)
- msg_info("masquerade: %s -> %s", domain, *masqp);
- vstring_truncate(addr, domain - STR(addr));
- vstring_strcat(addr, *masqp);
+ if (parent[-1] == '.' && strcasecmp(masq, parent) == 0) {
+ if (truncate) {
+ if (msg_verbose)
+ msg_info("masquerade: %s -> %s", domain, masq);
+ vstring_truncate(addr, domain - STR(addr));
+ vstring_strcat(addr, masq);
+ }
break;
}
}
vstring_free(temp);
}
+
+ /*
+ * Code for stand-alone testing. Instead of using main.cf, specify the strip
+ * list and the candidate domain on the command line. Specify null arguments
+ * for data that should be empty.
+ */
+#ifdef TEST
+
+#include <vstream.h>
+
+char *var_masq_exceptions;
+
+int main(int argc, char **argv)
+{
+ VSTRING *addr;
+ ARGV *masq_domains;
+
+ if (argc != 4)
+ msg_fatal("usage: %s exceptions masquerade_list address", argv[0]);
+
+ var_masq_exceptions = argv[1];
+ masq_domains = argv_split(argv[2], " ,\t\r\n");
+ addr = vstring_alloc(1);
+ if (strchr(argv[3], '@') == 0)
+ msg_fatal("address must be in user@domain form");
+ vstring_strcpy(addr, argv[3]);
+
+ vstream_printf("----------\n");
+ vstream_printf("exceptions: %s\n", argv[1]);
+ vstream_printf("masq_list: %s\n", argv[2]);
+ vstream_printf("address: %s\n", argv[3]);
+
+ cleanup_masquerade_external(addr, masq_domains);
+
+ vstream_printf("result: %s\n", STR(addr));
+ vstream_fflush(VSTREAM_OUT);
+
+ vstring_free(addr);
+ argv_free(masq_domains);
+
+ return (0);
+}
+
+#endif
} DNS_REPLY;
#define INET_ADDR_LEN 4 /* XXX */
+#define INET6_ADDR_LEN 16 /* XXX */
/* dns_query - query name server and pre-parse the reply */
len = res_search((char *) name, C_IN, type, reply->buf, sizeof(reply->buf));
if (len < 0) {
if (why)
- vstring_sprintf(why, "Name service error for %s: %s",
- name, dns_strerror(h_errno));
+ vstring_sprintf(why, "Name service error for name=%s type=%s: %s",
+ name, dns_strtype(type), dns_strerror(h_errno));
if (msg_verbose)
msg_info("dns_query: %s (%s): %s",
name, dns_strtype(type), dns_strerror(h_errno));
memcpy(temp, pos, fixed->length);
data_len = fixed->length;
break;
+#ifdef T_AAAA
+ case T_AAAA:
+ if (fixed->length != INET6_ADDR_LEN) {
+ msg_warn("extract_answer: bad address length: %d", fixed->length);
+ return (0);
+ }
+ if (fixed->length > sizeof(temp))
+ msg_panic("dns_get_rr: length %d > DNS_NAME_LEN",
+ fixed->length);
+ memcpy(temp, pos, fixed->length);
+ data_len = fixed->length;
+ break;
+#endif
case T_TXT:
data_len = MIN2(pos[0] + 1, MIN2(fixed->length + 1, sizeof(temp)));
for (src = pos + 1, dst = (unsigned char *) (temp);
tok822_resolve.c tok822_rewrite.c tok822_tree.c xtext.c bounce_log.c \
flush_clnt.c mail_conf_time.c mbox_conf.c mbox_open.c abounce.c \
verp_sender.c match_parent_style.c mime_state.c header_token.c \
- strip_addr.c
+ strip_addr.c virtual8_maps_find.c
OBJS = been_here.o bounce.o canon_addr.o cleanup_strerror.o clnt_stream.o \
debug_peer.o debug_process.o defer.o deliver_completed.o \
deliver_flock.o deliver_pass.o deliver_request.o domain_list.o \
tok822_resolve.o tok822_rewrite.o tok822_tree.o xtext.o bounce_log.o \
flush_clnt.o mail_conf_time.o mbox_conf.o mbox_open.o abounce.o \
verp_sender.o match_parent_style.o mime_state.o header_token.o \
- strip_addr.o
+ strip_addr.o virtual8_maps_find.o
HDRS = been_here.h bounce.h canon_addr.h cleanup_user.h clnt_stream.h \
config.h debug_peer.h debug_process.h defer.h deliver_completed.h \
deliver_flock.h deliver_pass.h deliver_request.h domain_list.h \
sys_exits.h timed_ipc.h tok822.h xtext.h bounce_log.h flush_clnt.h \
mbox_conf.h mbox_open.h abounce.h qmqp_proto.h verp_sender.h \
match_parent_style.h quote_flags.h mime_state.h header_token.h \
- lex_822.h strip_addr.h
+ lex_822.h strip_addr.h virtual8.h
TESTSRC = rec2stream.c stream2rec.c recdump.c
WARN = -W -Wformat -Wimplicit -Wmissing-prototypes \
-Wparentheses -Wstrict-prototypes -Wswitch -Wuninitialized \
verp_sender.o: ../../include/vbuf.h
verp_sender.o: mail_params.h
verp_sender.o: verp_sender.h
+virtual8_maps_find.o: virtual8_maps_find.c
+virtual8_maps_find.o: ../../include/sys_defs.h
+virtual8_maps_find.o: ../../include/msg.h
+virtual8_maps_find.o: ../../include/mymalloc.h
+virtual8_maps_find.o: maps.h
+virtual8_maps_find.o: ../../include/dict.h
+virtual8_maps_find.o: ../../include/vstream.h
+virtual8_maps_find.o: ../../include/vbuf.h
+virtual8_maps_find.o: ../../include/argv.h
+virtual8_maps_find.o: mail_params.h
+virtual8_maps_find.o: strip_addr.h
+virtual8_maps_find.o: virtual8.h
xtext.o: xtext.c
xtext.o: ../../include/sys_defs.h
xtext.o: ../../include/vstream.h
-#ifndef _SPACE_822_H_INCLUDED_
-#define _SPACE_822_H_INCLUDED_
+#ifndef _LEX_822_H_INCLUDED_
+#define _LEX_822_H_INCLUDED_
/*++
/* NAME
extern char *var_bestmx_transp;
#define VAR_SMTP_CONN_TMOUT "smtp_connect_timeout"
-#define DEF_SMTP_CONN_TMOUT "0s"
+#define DEF_SMTP_CONN_TMOUT "30s"
extern int var_smtp_conn_tmout;
#define VAR_SMTP_HELO_TMOUT "smtp_helo_timeout"
* Patches change the patchlevel and the release date. Snapshots change the
* release date only, unless they include the same bugfix as a patch release.
*/
-#define MAIL_RELEASE_DATE "20020613"
+#define MAIL_RELEASE_DATE "20020717"
#define VAR_MAIL_VERSION "mail_version"
#define DEF_MAIL_VERSION "1.1.11-" MAIL_RELEASE_DATE
while (vstring_fgets_nonl(buffer, VSTREAM_IN)) {
resolve(STR(buffer), &reply);
}
+ vstring_free(buffer);
}
+ resolve_clnt_free(&reply);
}
#endif
resolve_local_init();
/*
- * Strip one trailing dot.
+ * Strip one trailing dot but not dot-dot.
+ *
+ * XXX This should not be distributed all over the code. Problem is,
+ * addresses can enter the system via multiple paths: networks, local
+ * forward/alias/include files, even as the result of address rewriting.
*/
len = strlen(saved_addr);
if (len == 0)
RETURN(0);
if (saved_addr[len - 1] == '.')
saved_addr[--len] = 0;
+ if (len == 0 || saved_addr[len - 1] == '.')
+ RETURN(0);
/*
* Compare the destination against the list of destinations that we
--- /dev/null
+#ifndef _VIRTUAL8_H_INCLUDED_
+#define _VIRTUAL8_H_INCLUDED_
+
+/*++
+/* NAME
+/* virtual8 3h
+/* SUMMARY
+/* virtual delivery agent compatibility
+/* SYNOPSIS
+/* #include <virtual8.h>
+/* DESCRIPTION
+/* .nf
+
+ /*
+ * Global library.
+ */
+#include <maps.h>
+
+ /*
+ * External interface.
+ */
+extern const char *virtual8_maps_find(MAPS *, const char *);
+
+/* LICENSE
+/* .ad
+/* .fi
+/* The Secure Mailer license must be distributed with this software.
+/* AUTHOR(S)
+/* Wietse Venema
+/* IBM T.J. Watson Research
+/* P.O. Box 704
+/* Yorktown Heights, NY 10598, USA
+/*--*/
+
+#endif
--- /dev/null
+/*++
+/* NAME
+/* virtual8_maps_find 3
+/* SUMMARY
+/* virtual delivery agent map lookups
+/* SYNOPSIS
+/* #include <virtual8.h>
+/*
+/* const char *virtual8_maps_find(maps, recipient)
+/* MAPS *maps;
+/* const char *recipient;
+/* DESCRIPTION
+/* virtual8_maps_find() does user lookups for the virtual delivery
+/* agent. The code is made available as a library routine so that
+/* other programs can perform compatible queries.
+/*
+/* A zero result means that the named user was not found.
+/*
+/* Arguments:
+/* .IP maps
+/* List of pre-opened lookup tables.
+/* .IP recipient
+/* Recipient address. An optional address extension is ignored.
+/* DIAGNOSTICS
+/* The dict_errno variable is non-zero in case of problems.
+/* BUGS
+/* This code is a temporary solution that implements a hard-coded
+/* lookup strategy. In a future version of Postfix, the lookup
+/* strategy should become configurable.
+/* LICENSE
+/* .ad
+/* .fi
+/* The Secure Mailer license must be distributed with this software.
+/* AUTHOR(S)
+/* Wietse Venema
+/* IBM T.J. Watson Research
+/* P.O. Box 704
+/* Yorktown Heights, NY 10598, USA
+/*--*/
+
+/* System library. */
+
+#include <sys_defs.h>
+#include <string.h>
+
+/* Utility library. */
+
+#include <msg.h>
+#include <mymalloc.h>
+
+/* Global library. */
+
+#include <maps.h>
+#include <mail_params.h>
+#include <strip_addr.h>
+#include <virtual8.h>
+
+/* Application-specific. */
+
+/* virtual8_maps_find - lookup for virtual delivery agent */
+
+const char *virtual8_maps_find(MAPS *maps, const char *recipient)
+{
+ const char *ratsign;
+ const char *result;
+ char *bare;
+
+ /*
+ * Look up the address minus the optional extension. This is done first,
+ * to avoid hammering the database with extended address lookups, and to
+ * have straightforward semantics (extensions are always ignored).
+ */
+ if (*var_rcpt_delim
+ && (bare = strip_addr(recipient, (char **) 0, *var_rcpt_delim)) != 0) {
+ result = maps_find(maps, bare, DICT_FLAG_FIXED);
+ myfree(bare);
+ if (result != 0 || dict_errno != 0)
+ return (result);
+ }
+
+ /*
+ * Look up the full address.
+ */
+ result = maps_find(maps, recipient, DICT_FLAG_FIXED);
+ if (result != 0 || dict_errno != 0)
+ return (result);
+
+ /*
+ * Look up the @domain catch-all.
+ */
+ if ((ratsign = strrchr(recipient, '@')) == 0)
+ return (0);
+ return (maps_find(maps, ratsign, DICT_FLAG_FIXED));
+}
master_sig.o: ../../include/msg.h
master_sig.o: ../../include/posix_signals.h
master_sig.o: master.h
+master_sig.o: ../../include/iostuff.h
+master_sig.o: ../../include/events.h
master_spawn.o: master_spawn.c
master_spawn.o: ../../include/sys_defs.h
master_spawn.o: ../../include/msg.h
#include <sys/syscall.h>
#endif
+#ifndef USE_SIG_RETURN
+#define USE_SIG_PIPE
+#endif
+
/* Local stuff. */
#ifdef USE_SIG_PIPE
#include <errno.h>
#include <fcntl.h>
#include <iostuff.h>
+#include <events.h>
int master_sig_pipe[2];
/* master_sigchld - force wakeup from select() */
-static void master_sigchld(int sig)
+static void master_sigchld(int unused_sig)
{
if (write(SIG_PIPE_WRITE_FD, "", 1) != 1)
msg_warn("write to SIG_PIPE_WRITE_FD failed: %m");
/* your Postfix installation can support.
/*
/* When no \fIfile_type\fR is specified, the software uses the database
-/* type specified via the \fBdatabase_type\fR configuration parameter.
+/* type specified via the \fBdefault_database_type\fR configuration
+/* parameter.
/* The default value for this parameter depends on the host environment.
/* .RE
/* .IP \fIfile_name\fR
/* The following \fBmain.cf\fR parameters are especially relevant to
/* this program. See the Postfix \fBmain.cf\fR file for syntax details
/* and for default values.
-/* .IP \fBdatabase_type\fR
+/* .IP \fdefault_Bdatabase_type\fR
/* Default alias database type. On many UNIX systems, the default type
/* is either \fBdbm\fR or \fBhash\fR.
/* .IP \fBberkeley_db_create_buffer_size\fR
/* your Postfix installation can support.
/*
/* When no \fIfile_type\fR is specified, the software uses the database
-/* type specified via the \fBdatabase_type\fR configuration parameter.
+/* type specified via the \fBdefault_database_type\fR configuration
+/* parameter.
/* .RE
/* .IP \fIfile_name\fR
/* The name of the lookup table source file when rebuilding a database.
/* CONFIGURATION PARAMETERS
/* .ad
/* .fi
-/* .IP \fBdatabase_type\fR
+/* .IP \fBdefault_database_type\fR
/* Default output database type.
/* On many UNIX systems, the default database type is either \fBhash\fR
/* or \fBdbm\fR.
/* the \fB-oA\fR option, see below), the program processes the file(s)
/* specified with the \fBalias_database\fR configuration parameter.
/* If no alias database type is specified, the program uses the type
-/* specified with the \fBdatabase_type\fR configuration parameter.
+/* specified with the \fBdefault_database_type\fR configuration parameter.
/* This mode of operation is implemented by running the \fBpostalias\fR(1)
/* command.
/* .sp
/* .IP \fBbounce_size_limit\fR
/* The amount of original message context that is sent along
/* with a non-delivery notification.
-/* .IP \fBdatabase_type\fR
+/* .IP \fBdefault_database_type\fR
/* Default alias etc. database type. On many UNIX systems the
/* default type is either \fBdbm\fR or \fBhash\fR.
/* .IP \fBdebugger_command\fR
#include <mail_addr_find.h>
#include <match_parent_style.h>
#include <strip_addr.h>
+#include <virtual8.h>
/* Application-specific. */
return (result);
}
+/* checkv8_maps_find - reject with temporary failure if dict lookup fails */
+
+static const char *checkv8_maps_find(SMTPD_STATE *state, const char *reply_name,
+ MAPS *maps, const char *key)
+{
+ const char *result;
+
+ dict_errno = 0;
+ if ((result = virtual8_maps_find(maps, key)) == 0
+ && dict_errno == DICT_ERR_RETRY)
+ reject_dict_retry(state, reply_name);
+ return (result);
+}
+
/* check_mail_addr_find - reject with temporary failure if dict lookup fails */
static const char *check_mail_addr_find(SMTPD_STATE *state,
{
/* If matches $mydestination or $inet_interfaces. */
- if (resolve_local(domain))
+ if (resolve_local(domain)) {
+ if (*var_virtual_maps
+ && check_maps_find(state, reply_name, virtual_maps, domain, 0))
+ msg_warn("list domain %s in only one of $%s and $%s",
+ domain, VAR_MYDEST, VAR_VIRTUAL_MAPS);
+ if (*var_virt_mailbox_maps
+ && checkv8_maps_find(state, reply_name, virt_mailbox_maps, domain))
+ msg_warn("list domain %s in only one of $%s and $%s",
+ domain, VAR_MYDEST, VAR_VIRT_MAILBOX_MAPS);
return (1);
+ }
/* If Postfix-style virtual domain. */
if (*var_virtual_maps
/* If virtual mailbox domain. */
if (*var_virt_mailbox_maps
- && check_maps_find(state, reply_name, virt_mailbox_maps, domain, 0))
+ && checkv8_maps_find(state, reply_name, virt_mailbox_maps, domain))
return (1);
return (0);
/*
* Truncate hostnames ending in dot but not dot-dot.
+ *
+ * XXX This should not be distributed all over the code. Problem is,
+ * addresses can enter the system via multiple paths: networks, local
+ * forward/alias/include files, even as the result of address rewriting.
*/
if ((len = strlen(name)) > 1
&& name[len - 1] == '.'
return (stat);
}
-/* reject_unknown_hostname - fail if name has no A or MX record */
+/* reject_unknown_hostname - fail if name has no A, AAAA or MX record */
static int reject_unknown_hostname(SMTPD_STATE *state, char *name,
char *reply_name, char *reply_class)
if (msg_verbose)
msg_info("%s: %s", myname, name);
+#ifdef T_AAAA
+#define RR_ADDR_TYPES T_A, T_AAAA
+#else
+#define RR_ADDR_TYPES T_A
+#endif
+
dns_status = dns_lookup_types(name, 0, (DNS_RR **) 0, (VSTRING *) 0,
- (VSTRING *) 0, T_A, T_MX, 0);
+ (VSTRING *) 0, RR_ADDR_TYPES, T_MX, 0);
if (dns_status != DNS_OK)
return (smtpd_check_reject(state, MAIL_ERROR_POLICY,
"%d <%s>: %s rejected: Host not found",
return (SMTPD_CHECK_DUNNO);
}
-/* reject_unknown_mailhost - fail if name has no A or MX record */
+/* reject_unknown_mailhost - fail if name has no A, AAAA or MX record */
static int reject_unknown_mailhost(SMTPD_STATE *state, const char *name,
const char *reply_name, const char *reply_class)
msg_info("%s: %s", myname, name);
dns_status = dns_lookup_types(name, 0, (DNS_RR **) 0, (VSTRING *) 0,
- (VSTRING *) 0, T_A, T_MX, 0);
+ (VSTRING *) 0, RR_ADDR_TYPES, T_MX, 0);
if (dns_status != DNS_OK)
return (smtpd_check_reject(state, MAIL_ERROR_POLICY,
"%d <%s>: %s rejected: Domain not found",
#define NOMATCH(map, rcpt) \
(check_mail_addr_find(state, recipient, map, rcpt, (char **) 0) == 0)
+#define NOMATCHV8(map, rcpt) \
+ (checkv8_maps_find(state, recipient, map, rcpt) == 0)
+
/*
* Reject mail to unknown addresses in Postfix-style virtual domains.
*/
if (NOMATCH(rcpt_canon_maps, CONST_STR(reply->recipient))
&& NOMATCH(canonical_maps, CONST_STR(reply->recipient))
&& NOMATCH(relocated_maps, CONST_STR(reply->recipient))
- && NOMATCH(virt_mailbox_maps, CONST_STR(reply->recipient))
+ && NOMATCHV8(virt_mailbox_maps, CONST_STR(reply->recipient))
&& NOMATCH(virtual_maps, CONST_STR(reply->recipient))) {
(void) smtpd_check_reject(state, MAIL_ERROR_BOUNCE,
"%d <%s>: User unknown", 550, recipient);
if (NOMATCH(rcpt_canon_maps, CONST_STR(reply->recipient))
&& NOMATCH(canonical_maps, CONST_STR(reply->recipient))
&& NOMATCH(relocated_maps, CONST_STR(reply->recipient))
- && NOMATCH(virt_mailbox_maps, CONST_STR(reply->recipient))
+ && NOMATCHV8(virt_mailbox_maps, CONST_STR(reply->recipient))
&& NOMATCH(virtual_maps, CONST_STR(reply->recipient))) {
(void) smtpd_check_reject(state, MAIL_ERROR_BOUNCE,
"%d <%s>: User unknown", 550, recipient);
if (NOMATCH(rcpt_canon_maps, CONST_STR(reply->recipient))
&& NOMATCH(canonical_maps, CONST_STR(reply->recipient))
&& NOMATCH(relocated_maps, CONST_STR(reply->recipient))
- && NOMATCH(virt_mailbox_maps, CONST_STR(reply->recipient))
+ && NOMATCHV8(virt_mailbox_maps, CONST_STR(reply->recipient))
&& NOMATCH(virtual_maps, CONST_STR(reply->recipient))
&& NOMATCH(local_rcpt_maps, CONST_STR(reply->recipient))) {
(void) smtpd_check_reject(state, MAIL_ERROR_BOUNCE,
while (tree->head) {
/*
- * Strip trailing dot or @.
+ * Strip trailing dot at end of domain, but not dot-dot. This merely
+ * makes diagnostics more accurate by leaving bogus addresses alone.
*/
- if (tree->tail->type == '.' || tree->tail->type == '@') {
+ if (tree->tail->type == '.'
+ && tok822_rfind_type(tree->tail, '@') != 0
+ && tree->tail->prev->type != '.')
+ tok822_free_tree(tok822_sub_keep_before(tree, tree->tail));
+
+ /*
+ * Strip trailing @.
+ */
+ if (tree->tail->type == '@') {
tok822_free_tree(tok822_sub_keep_before(tree, tree->tail));
continue;
}
if (saved_domain) {
tok822_sub_append(tree, saved_domain);
saved_domain = 0;
- } else if (tree->head) {
+ } else { /* Aargh! Always! */
tok822_sub_append(tree, tok822_alloc('@', (char *) 0));
tok822_sub_append(tree, tok822_scan(var_myhostname, (TOK822 **) 0));
}
}
/*
- * Strip trailing dot.
+ * Strip trailing dot at end of domain, but not dot-dot. This merely
+ * makes diagnostics more accurate by leaving bogus addresses alone.
*/
- if (tree->tail->type == '.')
+ if (tree->tail->type == '.'
+ && tok822_rfind_type(tree->tail, '@') != 0
+ && tree->tail->prev->type != '.')
tok822_free_tree(tok822_sub_keep_before(tree, tree->tail));
}
}
for (count = 0; (err = accept_warn_errors[count]) != 0; count++) {
if (errno == err) {
+#if 0
msg_warn("accept: %m");
+#endif
errno = EAGAIN;
break;
}
mailbox.o: ../../include/bounce.h
mailbox.o: ../../include/sent.h
mailbox.o: ../../include/mail_params.h
-mailbox.o: virtual.h
-mailbox.o: ../../include/deliver_request.h
-mailbox.o: ../../include/recipient_list.h
+mailbox.o: ../../include/virtual8.h
mailbox.o: ../../include/maps.h
mailbox.o: ../../include/dict.h
mailbox.o: ../../include/argv.h
+mailbox.o: virtual.h
+mailbox.o: ../../include/deliver_request.h
+mailbox.o: ../../include/recipient_list.h
mailbox.o: ../../include/mbox_conf.h
maildir.o: maildir.c
maildir.o: ../../include/sys_defs.h
#include <defer.h>
#include <sent.h>
#include <mail_params.h>
+#include <virtual8.h>
#ifndef EDQUOT
#define EDQUOT EFBIG
* Look up the mailbox location. Bounce if not found, defer in case of
* trouble.
*/
- mailbox_res = maps_find(virtual_mailbox_maps, state.msg_attr.user,
- DICT_FLAG_FIXED);
+ mailbox_res = virtual8_maps_find(virtual_mailbox_maps, state.msg_attr.user);
if (mailbox_res == 0) {
if (dict_errno == 0)
return (NO);
/*
* Look up the mailbox owner rights. Defer in case of trouble.
*/
- if ((uid_res = maps_find(virtual_uid_maps, state.msg_attr.user,
- DICT_FLAG_FIXED)) == 0) {
+ uid_res = virtual8_maps_find(virtual_uid_maps, state.msg_attr.user);
+ if (uid_res == 0) {
*statusp = defer_append(BOUNCE_FLAG_KEEP, BOUNCE_ATTR(state.msg_attr),
"recipient %s: uid not found in %s",
state.msg_attr.user, virtual_uid_maps->title);
/*
* Look up the mailbox group rights. Defer in case of trouble.
*/
- if ((gid_res = maps_find(virtual_gid_maps, state.msg_attr.user,
- DICT_FLAG_FIXED)) == 0) {
+ gid_res = virtual8_maps_find(virtual_gid_maps, state.msg_attr.user);
+ if (gid_res == 0) {
*statusp = defer_append(BOUNCE_FLAG_KEEP, BOUNCE_ATTR(state.msg_attr),
"recipient %s: gid not found in %s",
state.msg_attr.user, virtual_gid_maps->title);
(unsigned) usr_attr.uid, (unsigned) usr_attr.gid);
/*
- * Deliver to mailbox or to external command.
+ * Deliver to mailbox or to maildir.
*/
#define LAST_CHAR(s) (s[strlen(s) - 1])
/*
/* The \fBvirtual_minimum_uid\fR parameter imposes a lower bound on
/* numerical user ID values that may be specified in any
-/* \fBvirtual_owner_maps\fR or \fBvirtual_uid_maps\fR.
+/* \fBvirtual_uid_maps\fR.
/* SECURITY
/* .ad
/* .fi
/* ("/"), maildir-style delivery is carried out, otherwise the
/* path is assumed to specify a UNIX-style mailbox file.
/*
+/* While searching a lookup table, an address extension
+/* (\fIuser+foo@domain.tld\fR) is ignored.
+/*
+/* In a lookup table, specify a left-hand side of \fI@domain.tld\fR
+/* to match any user in the specified domain that does not have a
+/* specific \fIuser@domain.tld\fR entry.
+/*
/* Note that \fBvirtual_mailbox_base\fR is unconditionally prepended
/* to this path.
/* .IP \fBvirtual_minimum_uid\fR
/* .IP "\fBvirtual_uid_maps\fR (regexp maps disallowed)"
/* Recipients are looked up in these maps to determine the user ID to be
/* used when writing to the target mailbox.
+/*
+/* While searching a lookup table, an address extension
+/* (\fIuser+foo@domain.tld\fR) is ignored.
+/*
+/* In a lookup table, specify a left-hand side of \fI@domain.tld\fR
+/* to match any user in the specified domain that does not have a
+/* specific \fIuser@domain.tld\fR entry.
/* .IP "\fBvirtual_gid_maps\fR (regexp maps disallowed)"
/* Recipients are looked up in these maps to determine the group ID to be
/* used when writing to the target mailbox.
+/*
+/* While searching a lookup table, an address extension
+/* (\fIuser+foo@domain.tld\fR) is ignored.
+/*
+/* In a lookup table, specify a left-hand side of \fI@domain.tld\fR
+/* to match any user in the specified domain that does not have a
+/* specific \fIuser@domain.tld\fR entry.
/* .SH "Locking controls"
/* .ad
/* .fi
projects / thirdparty / postfix.git / commitdiff
