TODO: unit test coverage.
-20211218
+20251218
Feature: the postqueue command now also lists recipients
in bounce logfiles (in JSON output, this uses a new object
returned to the sender. Files: showq/showq.c,
postqueue/showq_compat.c, postqueue/showq_json.c.
- Wordsmiting: after a queue manager request failure to
+ Wordsmithing: after a queue manager request failure to
generate a verp-style delivery status notification, log
"verp-bounce failed" instead of "verp failed". File:
global/abounce.c.
+
+20251219
+
+ Documentation: added multi_instance_directories to the list
+ of parameters that can authorize a non-default configuration
+ directory name, and made the descriptions consistent with
+ each other. Files: global/mail_conf.c, postdrop/postdrop.c,
+ postlog/postlog.c, postqueue/postqueue.c.
+
+ Bugfix (defect introduced: 20251218): showq/postqueue
+ protocol mismatch, caused by a missing update for a code
+ path in the showq daemon. Problem reported by Florian
+ Piekert, diagnosed by John Fawcett. File: showq/showq.c.
<b><a name="environment">ENVIRONMENT</a></b>
MAIL_CONFIG
Directory with the <a href="postconf.5.html"><b>main.cf</b></a> file. In order to avoid exploitation
- of set-group ID privileges, a non-standard directory is allowed
+ of set-group ID privileges, a non-default directory is allowed
only if:
- <b>o</b> The name is listed in the standard <a href="postconf.5.html"><b>main.cf</b></a> file with the
- <b><a href="postconf.5.html#alternate_config_directories">alternate_config_directories</a></b> configuration parameter.
+ <b>o</b> The name is listed in the default <a href="postconf.5.html"><b>main.cf</b></a> file with the
+ <b><a href="postconf.5.html#alternate_config_directories">alternate_config_directories</a></b> or <b><a href="postconf.5.html#multi_instance_directories">multi_instance_directo</a>-</b>
+ <b><a href="postconf.5.html#multi_instance_directories">ries</a></b> configuration parameter.
<b>o</b> The command is invoked by the super-user.
<b><a name="configuration_parameters">CONFIGURATION PARAMETERS</a></b>
- The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
- gram.
The text below provides only a parameter summary. See <a href="postconf.5.html"><b>post-</b></a>
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
+ gram.
The text below provides only a parameter summary. See <a href="postconf.5.html"><b>post-</b></a>
<a href="postconf.5.html"><b>conf</b>(5)</a> for more details including examples.
<b><a href="postconf.5.html#alternate_config_directories">alternate_config_directories</a> (empty)</b>
A list of non-default Postfix configuration directories that may
- be specified with "-c <a href="postconf.5.html#config_directory">config_directory</a>" on the command line (in
- the case of <a href="sendmail.1.html"><b>sendmail</b>(1)</a>, with the "-C" option), or via the
+ be specified with "-c <a href="postconf.5.html#config_directory">config_directory</a>" on the command line (in
+ the case of <a href="sendmail.1.html"><b>sendmail</b>(1)</a>, with the "-C" option), or via the
MAIL_CONFIG environment parameter.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
<b><a href="postconf.5.html#import_environment">import_environment</a> (see 'postconf -d' output)</b>
- The list of environment variables that a privileged Postfix
- process will import from a non-Postfix parent process, or
+ The list of environment variables that a privileged Postfix
+ process will import from a non-Postfix parent process, or
name=value environment overrides.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- A prefix that is prepended to the process name in syslog
+ A prefix that is prepended to the process name in syslog
records, so that, for example, "smtpd" becomes "prefix/smtpd".
<b><a href="postconf.5.html#trigger_timeout">trigger_timeout</a> (10s)</b>
- The time limit for sending a trigger to a Postfix daemon (for
+ The time limit for sending a trigger to a Postfix daemon (for
example, the <a href="pickup.8.html"><b>pickup</b>(8)</a> or <a href="qmgr.8.html"><b>qmgr</b>(8)</a> daemon).
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#authorized_submit_users">authorized_submit_users</a> (<a href="DATABASE_README.html#types">static</a>:anyone)</b>
- List
of users who are authorized to submit mail with the <a href="sendmail.1.html"><b>send-</b></a>
+ List
of users who are authorized to submit mail with the <a href="sendmail.1.html"><b>send-</b></a>
<a href="sendmail.1.html"><b>mail</b>(1)</a> command (and with the privileged <a href="postdrop.1.html"><b>postdrop</b>(1)</a> helper com-
mand).
Available in Postfix version 3.6 and later:
<b><a href="postconf.5.html#local_login_sender_maps">local_login_sender_maps</a> (<a href="DATABASE_README.html#types">static</a>:*)</b>
- A list of lookup tables that are searched by the UNIX login
+ A list of lookup tables that are searched by the UNIX login
name, and that return a list of allowed envelope sender patterns
separated by space or comma.
<b><a href="postconf.5.html#empty_address_local_login_sender_maps_lookup_key">empty_address_local_login_sender_maps_lookup_key</a> (</b><><b>)</b>
- The lookup key to be used in <a href="postconf.5.html#local_login_sender_maps">local_login_sender_maps</a> tables,
+ The lookup key to be used in <a href="postconf.5.html#local_login_sender_maps">local_login_sender_maps</a> tables,
instead of the null sender address.
<b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> (empty)</b>
- The set of characters that can separate an email address local-
+ The set of characters that can separate an email address local-
part, user name, or a .forward file name from its extension.
<b><a name="files">FILES</a></b>
The following options are implemented:
<b>-c</b> <i>config</i><b>_</b><i>dir</i>
- Read the <a href="postconf.5.html"><b>main.cf</b></a> configuration file in the named directory
- instead of the default configuration directory.
+ The <a href="postconf.5.html"><b>main.cf</b></a> configuration file is in the named directory instead
+ of the default configuration directory. See also the MAIL_CONFIG
+ environment setting below.
<b>-i</b> (obsolete)
- Include the process ID in the logging tag. This flag is ignored
+ Include the process ID in the logging tag. This flag is ignored
as of Postfix 3.4, where the PID is always included.
<b>-p</b> <i>priority</i> (default: <b>info</b>)
- Specifies the logging severity: <b>info</b>, <b>warn</b>, <b>error</b>, <b>fatal</b>, or
- <b>panic</b>. With Postfix 3.1 and later, the program will pause for 1
- second after reporting a <b>fatal</b> or <b>panic</b> condition, just like
+ Specifies the logging severity: <b>info</b>, <b>warn</b>, <b>error</b>, <b>fatal</b>, or
+ <b>panic</b>. With Postfix 3.1 and later, the program will pause for 1
+ second after reporting a <b>fatal</b> or <b>panic</b> condition, just like
other Postfix programs.
- <b>-t</b> <i>tag</i> Specifies the logging tag, that is, the identifying name that
- appears at the beginning of each logging record. A default tag
+ <b>-t</b> <i>tag</i> Specifies the logging tag, that is, the identifying name that
+ appears at the beginning of each logging record. A default tag
is used when none is specified.
- <b>-v</b> Enable verbose logging for debugging purposes. Multiple <b>-v</b>
+ <b>-v</b> Enable verbose logging for debugging purposes. Multiple <b>-v</b>
options make the software increasingly verbose.
<b><a name="security">SECURITY</a></b>
- The <a href="postlog.1.html"><b>postlog</b>(1)</a> command is designed to run with set-groupid privileges,
- so that it can connect to the <a href="postlogd.8.html"><b>postlogd</b>(8)</a> daemon process (Postfix 3.7
- and later; earlier implementations of this command must not have
+ The <a href="postlog.1.html"><b>postlog</b>(1)</a> command is designed to run with set-groupid privileges,
+ so that it can connect to the <a href="postlogd.8.html"><b>postlogd</b>(8)</a> daemon process (Postfix 3.7
+ and later; earlier implementations of this command must not have
set-groupid or set-userid permissions).
<b><a name="environment">ENVIRONMENT</a></b>
MAIL_CONFIG
- Directory with the <a href="postconf.5.html"><b>main.cf</b></a> file.
+ Directory with the <a href="postconf.5.html"><b>main.cf</b></a> file. In order to avoid exploitation
+ of set-group ID privileges, a non-default directory is allowed
+ only if:
+
+ <b>o</b> The name is listed in the default <a href="postconf.5.html"><b>main.cf</b></a> file with the
+ <b><a href="postconf.5.html#alternate_config_directories">alternate_config_directories</a></b> or <b><a href="postconf.5.html#multi_instance_directories">multi_instance_directo</a>-</b>
+ <b><a href="postconf.5.html#multi_instance_directories">ries</a></b> configuration parameter.
+
+ <b>o</b> The command is invoked by the super-user.
<b><a name="configuration_parameters">CONFIGURATION PARAMETERS</a></b>
- The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
gram.
- The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
more details including examples.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
<b><a href="postconf.5.html#import_environment">import_environment</a> (see 'postconf -d' output)</b>
- The list of environment variables that a privileged Postfix
- process will import from a non-Postfix parent process, or
+ The list of environment variables that a privileged Postfix
+ process will import from a non-Postfix parent process, or
name=value environment overrides.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- A prefix that is prepended to the process name in syslog
+ A prefix that is prepended to the process name in syslog
records, so that, for example, "smtpd" becomes "prefix/smtpd".
Available in Postfix 3.4 and later:
<b><a href="postconf.5.html#maillog_file">maillog_file</a> (empty)</b>
- The name of an optional logfile that is written by the Postfix
+ The name of an optional logfile that is written by the Postfix
<a href="postlogd.8.html"><b>postlogd</b>(8)</a> service.
<b><a href="postconf.5.html#postlog_service_name">postlog_service_name</a> (postlog)</b>
Available in Postfix 3.9 and later:
<b><a href="postconf.5.html#maillog_file_permissions">maillog_file_permissions</a> (0600)</b>
- The file access permissions that will be set when the file
+ The file access permissions that will be set when the file
$<a href="postconf.5.html#maillog_file">maillog_file</a> is created for the first time, or when the file is
created after an existing file is rotated.
<b><a name="environment">ENVIRONMENT</a></b>
MAIL_CONFIG
Directory with the <a href="postconf.5.html"><b>main.cf</b></a> file. In order to avoid exploitation
- of set-group ID privileges, a non-standard directory is allowed
+ of set-group ID privileges, a non-default directory is allowed
only if:
- <b>o</b> The name is listed in the standard <a href="postconf.5.html"><b>main.cf</b></a> file with the
- <b><a href="postconf.5.html#alternate_config_directories">alternate_config_directories</a></b> configuration parameter.
+ <b>o</b> The name is listed in the default <a href="postconf.5.html"><b>main.cf</b></a> file with the
+ <b><a href="postconf.5.html#alternate_config_directories">alternate_config_directories</a></b> or <b><a href="postconf.5.html#multi_instance_directories">multi_instance_directo</a>-</b>
+ <b><a href="postconf.5.html#multi_instance_directories">ries</a></b> configuration parameter.
<b>o</b> The command is invoked by the super-user.
<b><a name="configuration_parameters">CONFIGURATION PARAMETERS</a></b>
- The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
- gram.
The text below provides only a parameter summary. See <a href="postconf.5.html"><b>post-</b></a>
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
+ gram.
The text below provides only a parameter summary. See <a href="postconf.5.html"><b>post-</b></a>
<a href="postconf.5.html"><b>conf</b>(5)</a> for more details including examples.
<b><a href="postconf.5.html#alternate_config_directories">alternate_config_directories</a> (empty)</b>
A list of non-default Postfix configuration directories that may
- be specified with "-c <a href="postconf.5.html#config_directory">config_directory</a>" on the command line (in
- the case of <a href="sendmail.1.html"><b>sendmail</b>(1)</a>, with the "-C" option), or via the
+ be specified with "-c <a href="postconf.5.html#config_directory">config_directory</a>" on the command line (in
+ the case of <a href="sendmail.1.html"><b>sendmail</b>(1)</a>, with the "-C" option), or via the
MAIL_CONFIG environment parameter.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
<b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
tion logfiles with mail that is queued to those destinations.
<b><a href="postconf.5.html#import_environment">import_environment</a> (see 'postconf -d' output)</b>
- The list of environment variables that a privileged Postfix
- process will import from a non-Postfix parent process, or
+ The list of environment variables that a privileged Postfix
+ process will import from a non-Postfix parent process, or
name=value environment overrides.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- A prefix that is prepended to the process name in syslog
+ A prefix that is prepended to the process name in syslog
records, so that, for example, "smtpd" becomes "prefix/smtpd".
<b><a href="postconf.5.html#trigger_timeout">trigger_timeout</a> (10s)</b>
- The time limit for sending a trigger to a Postfix daemon (for
+ The time limit for sending a trigger to a Postfix daemon (for
example, the <a href="pickup.8.html"><b>pickup</b>(8)</a> or <a href="qmgr.8.html"><b>qmgr</b>(8)</a> daemon).
Available in Postfix version 2.2 and later:
.fi
.IP MAIL_CONFIG
Directory with the \fBmain.cf\fR file. In order to avoid exploitation
-of set\-group ID privileges, a non\-standard directory is allowed only
+of set\-group ID privileges, a non\-default directory is allowed only
if:
.RS
.IP \(bu
-The name is listed in the standard \fBmain.cf\fR file with the
-\fBalternate_config_directories\fR configuration parameter.
+The name is listed in the default \fBmain.cf\fR file with the
+\fBalternate_config_directories\fR or
+\fBmulti_instance_directories\fR configuration parameter.
.IP \(bu
The command is invoked by the super\-user.
.RE
The following options are implemented:
.IP "\fB\-c \fIconfig_dir\fR"
-Read the \fBmain.cf\fR configuration file in the named directory
-instead of the default configuration directory.
+The \fBmain.cf\fR configuration file is in the named directory
+instead of the default configuration directory. See also the
+MAIL_CONFIG environment setting below.
.IP "\fB\-i\fR (obsolete)"
Include the process ID in the logging tag. This flag is ignored as
of Postfix 3.4, where the PID is always included.
.ad
.fi
.IP MAIL_CONFIG
-Directory with the \fBmain.cf\fR file.
+Directory with the \fBmain.cf\fR file. In order to avoid exploitation
+of set\-group ID privileges, a non\-default directory is allowed only
+if:
+.RS
+.IP \(bu
+The name is listed in the default \fBmain.cf\fR file with the
+\fBalternate_config_directories\fR or
+\fBmulti_instance_directories\fR configuration parameter.
+.IP \(bu
+The command is invoked by the super\-user.
+.RE
.SH "CONFIGURATION PARAMETERS"
.na
.nf
.fi
.IP MAIL_CONFIG
Directory with the \fBmain.cf\fR file. In order to avoid exploitation
-of set\-group ID privileges, a non\-standard directory is allowed only
+of set\-group ID privileges, a non\-default directory is allowed only
if:
.RS
.IP \(bu
-The name is listed in the standard \fBmain.cf\fR file with the
-\fBalternate_config_directories\fR configuration parameter.
+The name is listed in the default \fBmain.cf\fR file with the
+\fBalternate_config_directories\fR or
+\fBmulti_instance_directories\fR configuration parameter.
.IP \(bu
The command is invoked by the super\-user.
.RE
feature feature etc
feature feature etc where
policies policy policy domain If null this defaults to the
+bounce bounce defer trace
smtp smtp c smtpd smtpd c trivial rewrite trivial rewrite c
Files makedefs bounce bounce c cleanup cleanup_init c
Portability makedefs postalias postalias c util dict_debug c
+ returned to the sender Files showq showq c
+ Piekert diagnosed by John Fawcett File showq showq c
+ each other Files global mail_conf c postdrop postdrop c
+ postlog postlog c postqueue postqueue c
jl
Ankit
Kulkarni
+Wordsmithing
/* file, and stores its values into a global configuration
/* dictionary. When the configuration directory name is not
/* trusted, this function requires that the directory name is
-/* authorized with the alternate_config_directories setting
-/* in the default main.cf file.
+/* authorized with the alternate_config_directories or
+/* multi_instance_directories setting in the default main.cf file.
/*
/* This function requires that all configuration directory
/* override mechanisms set the MAIL_CONFIG environment variable,
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20251218"
+#define MAIL_RELEASE_DATE "20251219"
#define MAIL_VERSION_NUMBER "3.11"
#ifdef SNAPSHOT
/* .fi
/* .IP MAIL_CONFIG
/* Directory with the \fBmain.cf\fR file. In order to avoid exploitation
-/* of set-group ID privileges, a non-standard directory is allowed only
+/* of set-group ID privileges, a non-default directory is allowed only
/* if:
/* .RS
/* .IP \(bu
-/* The name is listed in the standard \fBmain.cf\fR file with the
-/* \fBalternate_config_directories\fR configuration parameter.
+/* The name is listed in the default \fBmain.cf\fR file with the
+/* \fBalternate_config_directories\fR or
+/* \fBmulti_instance_directories\fR configuration parameter.
/* .IP \(bu
/* The command is invoked by the super-user.
/* .RE
/*
/* The following options are implemented:
/* .IP "\fB-c \fIconfig_dir\fR"
-/* Read the \fBmain.cf\fR configuration file in the named directory
-/* instead of the default configuration directory.
+/* The \fBmain.cf\fR configuration file is in the named directory
+/* instead of the default configuration directory. See also the
+/* MAIL_CONFIG environment setting below.
/* .IP "\fB-i\fR (obsolete)"
/* Include the process ID in the logging tag. This flag is ignored as
/* of Postfix 3.4, where the PID is always included.
/* .ad
/* .fi
/* .IP MAIL_CONFIG
-/* Directory with the \fBmain.cf\fR file.
+/* Directory with the \fBmain.cf\fR file. In order to avoid exploitation
+/* of set-group ID privileges, a non-default directory is allowed only
+/* if:
+/* .RS
+/* .IP \(bu
+/* The name is listed in the default \fBmain.cf\fR file with the
+/* \fBalternate_config_directories\fR or
+/* \fBmulti_instance_directories\fR configuration parameter.
+/* .IP \(bu
+/* The command is invoked by the super-user.
+/* .RE
/* CONFIGURATION PARAMETERS
/* .ad
/* .fi
/* .fi
/* .IP MAIL_CONFIG
/* Directory with the \fBmain.cf\fR file. In order to avoid exploitation
-/* of set-group ID privileges, a non-standard directory is allowed only
+/* of set-group ID privileges, a non-default directory is allowed only
/* if:
/* .RS
/* .IP \(bu
-/* The name is listed in the standard \fBmain.cf\fR file with the
-/* \fBalternate_config_directories\fR configuration parameter.
+/* The name is listed in the default \fBmain.cf\fR file with the
+/* \fBalternate_config_directories\fR or
+/* \fBmulti_instance_directories\fR configuration parameter.
/* .IP \(bu
/* The command is invoked by the super-user.
/* .RE
SEND_ATTR_STR(MAIL_ATTR_ORCPT, have_orcpt),
SEND_ATTR_STR(MAIL_ATTR_RECIP,
STR(printable_quoted_addr)),
+ SEND_ATTR_STR(MAIL_ATTR_LOG_CLASS, ""),
SEND_ATTR_STR(MAIL_ATTR_WHY, ""),
ATTR_TYPE_END);
have_orcpt = 0;
projects / thirdparty / postfix.git / commitdiff
