modification time change, when they opened that table for
writing. Files: util/dict.c, util/dict_db.c, util/dict_dbm.c,
util/dict_lmdb.c, util/dict_sdbm.c.
+
+20250728
+
+ Documentation: in the postmap(1) manual page, fix the caveat
+ for the '-h' option. Robert Hansen. File: postmap/postmap.c.
+
+ Documentation: make MULTI_INSTANCE_README terminology
+ (default and non-default instances) consistent with
+ postmulti(1) terminology (primary and secondary instances).
+ Robert Hansen. File: proto/MULTI_INSTANCE_README.html.
+
+ Documentation: clarify vstring(3) handling of functions
+ that expect null-terminated inputs. File: util/vstring.c.
+
+ Bugfix (defect introduced: Postfix 3.6, date 20200710):
+ Postfix TLS client code logged "Untrusted TLS connection"
+ (wrong) instead of "Trusted TLS connection" (right), when
+ a server offered a trusted (valid PKI trust chain) certificate
+ that did not match the expected server name pattern. Viktor
+ Dukhovni. Files: tls/tls_client.c, tls/tls_verify.c.
+
+ Cleanup: the TLS client stores no more than one session
+ ticket per TLS connection (a remote TLS 1.3 server can send
+ multiple tickets). Viktor Dukhovni. File: tls/tls_client.c.
+
+20250729
+
+ Cleanup: more precise handling of session tickets in the
+ Postfix TLS server. Viktor Dukhovni. File: tls/tls_server.c.
+
+ Cleanup: TLS_SESS_STATE.rpt_reported should be a public member.
+ File: tls/tls.h
+
+ Cleanup: document that TLS_SESS_STATE.ticketed is now a
+ dual-purpose field. File: tls/tls.h.
+
+ Support for the 'll' (long long, etc.) and 'j' (intmax_t,
+ etc.) format modifiers. These may appear in the expansion
+ of the C99 PRI?MAX macros. File: util/vbuf_print.c.
+
+ Y2038 compatibility for 32-bit computer systems: 'long'
+ will be too small for the YP_LAST_MODIFIED field in a NIS
+ or NISPLUS mail.aliases map. Jiaying Song, Wind River. File:
+ postalias/postalias.c. There is more time-handling code in
+ Postfix that would need to be converted to int64_t, or to
+ long long which just like time_t is a 64-bit type on many
+ ILP32 and LP64 systems.
* Null-client instances versus service instances
* Multi-instance walk-through
* Components of a Postfix system
- * The default Postfix instance
+ * The primary Postfix instance
* Instance groups
* Multi-instance configuration parameters
* Using the postmulti(1) command
N\bNu\bul\bll\bl-\b-c\bcl\bli\bie\ben\bnt\bt i\bin\bns\bst\bta\ban\bnc\bce\bes\bs v\bve\ber\brs\bsu\bus\bs s\bse\ber\brv\bvi\bic\bce\be i\bin\bns\bst\bta\ban\bnc\bce\bes\bs
In the multi-instance approach to configuring Postfix, the first simplification
-is with the default local-submission Postfix instance.
+is with the primary local-submission Postfix instance.
Most UNIX systems require support for email submission with the sendmail(1)
command so that system processes such as cron jobs can send status reports, and
jobs and other system services. In this regard the border MTA is not different
from other Unix hosts in your environment. For this reason, it will submit
locally-generated email to the internal mail hub. We start the construction of
-the border mail server with the default instance, which will be a local-
+the border mail server with the primary instance, which will be a local-
submission null client:
/etc/postfix/main.cf:
and input instances into a single instance group named "mta".
Just once, when adding the first secondary instance, enable multi-instance
-support in the default (null-client) instance:
+support in the primary (null-client) instance:
# postmulti -e init
The instance configuration directory defaults to /etc/postfix-out, more
precisely, the "postfix-out" subdirectory of the parent directory of the
-default-instance configuration directory. The new instance will be created in a
+primary-instance configuration directory. The new instance will be created in a
"disabled" state:
/etc/postfix-out/main.cf
This instance has a "stock" master.cf file, and its queue and data directories,
also named "postfix-out", will be located in the same parent directories as the
-corresponding directories of the default instance (e.g., /var/spool/postfix-out
+corresponding directories of the primary instance (e.g., /var/spool/postfix-out
and /var/lib/postfix-out).
While this instance is immediately safe to start, it is not yet usefully
The new instance configuration directory defaults to /etc/postfix-in, more
precisely, the "postfix-in" subdirectory of the parent directory of the
-default-instance configuration directory. The new instance will be created in a
+primary-instance configuration directory. The new instance will be created in a
"disabled" state:
/etc/postfix-in/main.cf
main.cf file itself.
Though config_directory cannot be set in main.cf, postfix(1) and most of the
-other command-line Postfix utilities allow you to specify a non-default
+other command-line Postfix utilities allow you to specify a secondary
configuration directory via a command line option (typically -\b-c\bc) or via the
MAIL_CONFIG environment variable. In this way, it is possible to have multiple
configuration directories on the same machine, and to have multiple running
and data directory (specified in the corresponding main.cf file) make up a
Postfix i\bin\bns\bst\bta\ban\bnc\bce\be.
-T\bTh\bhe\be d\bde\bef\bfa\bau\bul\blt\bt P\bPo\bos\bst\btf\bfi\bix\bx i\bin\bns\bst\bta\ban\bnc\bce\be
+T\bTh\bhe\be p\bpr\bri\bim\bma\bar\bry\by P\bPo\bos\bst\btf\bfi\bix\bx i\bin\bns\bst\bta\ban\bnc\bce\be
One Postfix instance is special: this is the instance whose configuration
directory is the default one compiled into the Postfix utilities. The location
of the default configuration directory is typically /etc/postfix, and can be
queried via the "postconf -d config_directory" command. We call the instance
-with this configuration directory the "default instance".
+with this configuration directory the "primary instance".
-The default instance is responsible for local mail submission. The setgid
+The primary instance is responsible for local mail submission. The setgid
postdrop(1) utility is used by the sendmail(1) local submission program to
spool messages into the m\bma\bai\bil\bld\bdr\bro\bop\bp sub-directory of the queue directory of the
-default instance.
+primary instance.
Even in the rare case when "sendmail -C" is used to submit local mail into a
-non-default Postfix instance, for security reasons, postdrop(1) will consult
-the default main.cf file to check the validity of the requested non-default
+secondary Postfix instance, for security reasons, postdrop(1) will consult the
+primary main.cf file to check the validity of the requested non-default
configuration directory.
-So, while in most other respects, all instances are equal, the default instance
-is "more equal than others". You may choose to create additional instances, but
-you must have at least the default instance, with its configuration directory
+So, while in most other respects, all instances are equal, the primary instance
+is "more equal than others". You may choose to create secondary instances, but
+you must have at least the primary instance, with its configuration directory
in the default compiled-in location.
I\bIn\bns\bst\bta\ban\bnc\bce\be g\bgr\bro\bou\bup\bps\bs
the content filter usually has its own start/stop procedure that is separate
from any Postfix instance).
-The default instance main.cf file's $multi_instance_directories configuration
+The primary instance main.cf file's $multi_instance_directories configuration
parameter lists the configuration directories of all secondary (non-default)
-instances. Together with the default instance, these secondary instances are
+instances. Together with the primary instance, these secondary instances are
managed by the multi-instance manager. Instances are started in the order
listed, and stopped in the opposite order. For instances that are members of a
service "group", you should arrange to start the service back-to-front, with
M\bMu\bul\blt\bti\bi-\b-i\bin\bns\bst\bta\ban\bnc\bce\be c\bco\bon\bnf\bfi\big\bgu\bur\bra\bat\bti\bio\bon\bn p\bpa\bar\bra\bam\bme\bet\bte\ber\brs\bs
multi_instance_wrapper
- This default-instance configuration parameter must be set to a suitable
+ This primary-instance configuration parameter must be set to a suitable
multi-instance manager's "wrapper" program that controls the starting,
stopping, etc. of a multi-instance Postfix system. To use the postmulti(1)
manager described in this document, this parameter should be set with the
"postmulti -e init" command.
multi_instance_directories
- This default-instance configuration parameter specifies an optional list of
+ This primary-instance configuration parameter specifies an optional list of
the secondary instances controlled via the multi-instance manager.
- Instances are listed in their "start" order, with the default instance
+ Instances are listed in their "start" order, with the primary instance
always started first (if enabled). If $multi_instance_directories is left
empty, the postfix(1) command runs with multi-instance support turned off,
and none of the multi_instance_ configuration parameters will have any
Before postmulti(1) is used for the first time, you must install it as the
multi_instance_wrapper for your Postfix system and enable multi-instance
-operation of the default Postfix instance. You can then proceed to add new or
+operation of the primary Postfix instance. You can then proceed to add new or
existing instances to the multi-instance configuration. This initial
installation is accomplished as follows:
# postmulti -e init
-This updates the default instance main.cf file as follows:
+This updates the primary instance main.cf file as follows:
# Use postmulti(1) as a postfix-wrapper(5)
#
multi_instance_wrapper = ${command_directory}/postmulti -p --
- # Configure the default instance to start when in multi-instance mode
+ # Configure the primary instance to start when in multi-instance mode
#
multi_instance_enable = yes
-If you prefer, you can make these changes by editing the default main.cf
+If you prefer, you can make these changes by editing the primary main.cf
directly, or by using "postconf -e".
L\bLi\bis\bst\bti\bin\bng\bg m\bma\ban\bna\bag\bge\bed\bd i\bin\bns\bst\bta\ban\bnc\bce\bes\bs
-The list of managed instances consists of the default instance and the
-additional instances whose configuration directories are listed (in start
-order) under the multi_instance_directories parameter of the default main.cf
+The list of managed instances consists of the primary instance and the
+secondary instances whose configuration directories are listed (in start order)
+under the multi_instance_directories parameter of the primary main.cf
configuration file.
You can list selected instances, groups of instances or all instances by
specifying only the instance matching options with the "-l" option. The "-a"
option is assumed if no other instance selection options are specified (this
behavior changes with the "-e" option). As a special case, even if it has an
-explicit name, the default instance can always be selected via "-i -".
+explicit name, the primary instance can always be selected via "-i -".
# postmulti -l -a
# postmulti -l -g a_group
When selecting an existing instance via the "-i" option, you can always use the
full pathname of its configuration directory instead of the instance (short)
-name. This is the only way to select a non-default nameless instance. The
-default instance can be selected via "-i -", whether it has a name or not.
+name. This is the only way to select a secondary nameless instance. The primary
+instance can be selected via "-i -", whether it has a name or not.
To list instances in reverse start order, include the "-R" option together with
the instance selection options.
C\bCr\bre\bea\bat\bti\bin\bng\bg a\ba n\bne\bew\bw P\bPo\bos\bst\btf\bfi\bix\bx i\bin\bns\bst\bta\ban\bnc\bce\be
-The postmulti(1) command can be used to create additional Postfix instances.
-New instances are created with local submission and all "inet" services
-disabled via the following non-default parameter settings in the main.cf file:
+The postmulti(1) command can be used to create secondary Postfix instances. New
+instances are created with local submission and all "inet" services disabled
+via the following non-default parameter settings in the main.cf file:
authorized_submit_users =
master_service_disable = inet
you can do away with one or both of the above safety measures.
The postmulti(1) command encourages a preferred way of organizing the
-configuration directories, queue directories and data directories of non-
-default instances. If the default instance settings are:
+configuration directories, queue directories and data directories of secondary
+instances. If the primary instance settings are:
config_directory = /conf-path/postfix
queue_directory = /queue-path/postfix
instances are appended to the instance list. You can use the "-i" or "-g" or "-
a" options to insert the new instance before the specified instance or group,
or at the beginning of the instance list (multi_instance_directories parameter
-of the default instance).
+of the primary instance).
If you do specify a name (use "-I" with a name that is not "-") for the new
instance, you may omit any of the 3 instance installation parameters whose
<li><a href="#parts"> Components of a Postfix system </a>
-<li><a href="#default"> The default Postfix instance </a>
+<li><a href="#default"> The primary Postfix instance </a>
<li><a href="#group"> Instance groups </a>
<h2><a name="split"> Null-client instances versus service instances </a></h2>
<p> In the multi-instance approach to configuring Postfix, the first
-simplification is with the default local-submission Postfix instance.
+simplification is with the primary local-submission Postfix instance.
</p>
<p> Most UNIX systems require support for email submission with the
regard the border MTA is not different from other Unix hosts in
your environment. For this reason, it will submit locally-generated
email to the internal mail hub. We start the construction of the
-border mail server with the <a href="#default_instance">default</a>
+border mail server with the <a href="#default">primary</a>
instance, which will be a local-submission <a
href="STANDARD_CONFIGURATION_README.html#null_client">null client</a>:
</p>
input instances into a single instance group named "mta". </p>
<p> Just once, when adding the first secondary instance, enable
-multi-instance support in the default (null-client) instance: </p>
+multi-instance support in the primary (null-client) instance: </p>
<blockquote>
<pre>
<p> The instance configuration directory defaults to /etc/postfix-out,
more precisely, the "postfix-out" subdirectory of the parent directory
-of the default-instance configuration directory. The new instance will
+of the primary-instance configuration directory. The new instance will
be created in a "disabled" state: </p>
<blockquote>
<p> This instance has a "stock" <a href="master.5.html">master.cf</a> file, and its queue and
data directories, also named "postfix-out", will be located in the
same parent directories as the corresponding directories of the
-default instance (e.g., /var/spool/postfix-out and /var/lib/postfix-out).
+primary instance (e.g., /var/spool/postfix-out and /var/lib/postfix-out).
</p>
<p> While this instance is immediately safe to start, it is not yet
<p> The new instance configuration directory defaults to /etc/postfix-in,
more precisely, the "postfix-in" subdirectory of the parent directory
-of the default-instance configuration directory. The new instance will
+of the primary-instance configuration directory. The new instance will
be created in a "disabled" state: </p>
<blockquote>
<p> Though <a href="postconf.5.html#config_directory">config_directory</a> cannot be set in <a href="postconf.5.html">main.cf</a>, <a href="postfix.1.html">postfix(1)</a> and
most of the other command-line Postfix utilities allow you to specify a
-non-default configuration directory via a command line option (typically
+secondary configuration directory via a command line option (typically
<b>-c</b>) or via the MAIL_CONFIG environment variable. In this way,
it is possible to have multiple configuration directories on the same
machine, and to have multiple running <a href="master.8.html">master(8)</a> daemons each with its
directory and data directory (specified in the corresponding <a href="postconf.5.html">main.cf</a> file)
make up a Postfix <b>instance</b>. </p>
-<h2><a name="default"> The default Postfix instance </a></h2>
+<h2><a name="default"> The primary Postfix instance </a></h2>
<p> One Postfix instance is special: this is the instance whose
configuration directory is the default one compiled into the Postfix
utilities. The location of the default configuration directory is
typically /etc/postfix, and can be queried via the "postconf -d
<a href="postconf.5.html#config_directory">config_directory</a>" command. We call the instance with this configuration
-directory the "default instance". </p>
+directory the "primary instance". </p>
-<p> The default instance is responsible for local mail submission. The
+<p> The primary instance is responsible for local mail submission. The
setgid <a href="postdrop.1.html">postdrop(1)</a> utility is used by the <a href="sendmail.1.html">sendmail(1)</a> local submission
program to spool messages into the <b>maildrop</b> sub-directory of the
-queue directory of the default instance. </p>
+queue directory of the primary instance. </p>
<p> Even in the rare case when "sendmail -C" is used to submit local mail
-into a
non-default Postfix instance, for security reasons, <a href="postdrop.1.html">postdrop(1)</a>
-will consult the
default <a href="postconf.5.html">main.cf</a> file to check the validity of the
+into a
secondary Postfix instance, for security reasons, <a href="postdrop.1.html">postdrop(1)</a>
+will consult the
primary <a href="postconf.5.html">main.cf</a> file to check the validity of the
requested non-default configuration directory. </p>
<p> So, while in most other respects, all instances are equal, the
-default instance is "more equal than others". You may choose to create
-additional instances, but you must have at least the default instance,
+primary instance is "more equal than others". You may choose to create
+secondary instances, but you must have at least the primary instance,
with its configuration directory in the default compiled-in location. </p>
<h2><a name="group"> Instance groups </a></h2>
its own start/stop procedure that is separate from any Postfix
instance). </p>
-<p> The
default instance <a href="postconf.5.html">main.cf</a> file's $<a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a>
+<p> The
primary instance <a href="postconf.5.html">main.cf</a> file's $<a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a>
configuration parameter lists the configuration directories of all
-secondary (non-default) instances. Together with the default instance,
+secondary (non-default) instances. Together with the primary instance,
these secondary instances are managed by the multi-instance manager.
Instances are started in the order listed, and stopped in the
opposite order. For instances that are members of a service "group",
<dt> <a href="postconf.5.html#multi_instance_wrapper">multi_instance_wrapper</a> </dt>
-<dd> <p> This default-instance configuration parameter must be set
+<dd> <p> This primary-instance configuration parameter must be set
to a suitable multi-instance manager's "wrapper" program that
controls the starting, stopping, etc. of a multi-instance Postfix
system. To use the <a href="postmulti.1.html">postmulti(1)</a> manager described in this document,
<dt> <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> </dt>
-<dd> <p> This default-instance configuration parameter specifies
+<dd> <p> This primary-instance configuration parameter specifies
an optional list of the secondary instances controlled via the
multi-instance manager. Instances are listed in their "start" order,
-with the default instance always started first (if enabled). If
+with the primary instance always started first (if enabled). If
$<a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> is left empty, the <a href="postfix.1.html">postfix(1)</a> command
runs with multi-instance support turned off, and none of the
multi_instance_ configuration parameters will have any effect. </p>
<p> Before <a href="postmulti.1.html">postmulti(1)</a> is used for the first time, you must install
it as the <a href="postconf.5.html#multi_instance_wrapper">multi_instance_wrapper</a> for your Postfix system and enable
-multi-instance operation of the default Postfix instance. You can then
+multi-instance operation of the primary Postfix instance. You can then
proceed to add <a href="#create">new</a> or <a href="#import">existing</a>
instances to the multi-instance configuration. This initial installation
is accomplished as follows: </p>
</pre>
</blockquote>
-<p> This updates the
default instance <a href="postconf.5.html">main.cf</a> file as follows: </p>
+<p> This updates the
primary instance <a href="postconf.5.html">main.cf</a> file as follows: </p>
<blockquote>
<pre>
#
<a href="postconf.5.html#multi_instance_wrapper">multi_instance_wrapper</a> = ${<a href="postconf.5.html#command_directory">command_directory</a>}/postmulti -p --
- # Configure the default instance to start when in multi-instance mode
+ # Configure the primary instance to start when in multi-instance mode
#
<a href="postconf.5.html#multi_instance_enable">multi_instance_enable</a> = yes
</pre>
</blockquote>
-<p> If you prefer, you can make these changes by editing the default
+<p> If you prefer, you can make these changes by editing the primary
<a href="postconf.5.html">main.cf</a> directly, or by using "postconf -e". </p>
<h3><a name="list"> Listing managed instances </a></h3>
-<p> The list of managed instances consists of the default instance and
-the additional instances whose configuration directories are listed
+<p> The list of managed instances consists of the primary instance and
+the secondary instances whose configuration directories are listed
(in start order) under the <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> parameter of the
-
default <a href="postconf.5.html">main.cf</a> configuration file. </p>
+
primary <a href="postconf.5.html">main.cf</a> configuration file. </p>
<p> You can list selected instances, groups of instances or all
instances by specifying only the instance matching options with the
"-l" option. The "-a" option is assumed if no other instance
selection options are specified (this behavior changes with the
"-e" option). As a special case, even if it has an explicit name,
-the default instance can always be selected via "-i -". </p>
+the primary instance can always be selected via "-i -". </p>
<blockquote>
<pre>
<p> When selecting an existing instance via the "-i" option, you
can always use the full pathname of its configuration directory
instead of the instance (short) name. This is the only way to select
-a non-default nameless instance. The default instance can be selected
+a secondary nameless instance. The primary instance can be selected
via "-i -", whether it has a name or not. </p>
<p> To list instances in reverse start order, include the "-R"
<h3><a name="create"> Creating a new Postfix instance </a></h3>
-<p> The <a href="postmulti.1.html">postmulti(1)</a> command can be used to create additional Postfix
+<p> The <a href="postmulti.1.html">postmulti(1)</a> command can be used to create secondary Postfix
instances. New instances are created with local submission and all "inet"
services disabled via the following non-default parameter settings in
the <a href="postconf.5.html">main.cf</a> file: </p>
<p> The <a href="postmulti.1.html">postmulti(1)</a> command encourages a preferred way of organizing
the configuration directories, queue directories and data directories
-of non-default instances. If the default instance settings are: </p>
+of secondary instances. If the primary instance settings are: </p>
<blockquote>
<pre>
to the instance list. You can use the "-i" or "-g" or "-a" options to
insert the new instance before the specified instance or group, or at
the beginning of the instance list (<a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> parameter
-of the default instance). </p>
+of the primary instance). </p>
<p> If you do specify a name (use "-I" with a name that is not "-")
for the new instance, you may omit any of the 3 instance installation
also generates header-style lookup keys for attachment MIME
headers and for attached message/* headers.
- NOTE: with "<a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> = yes", the <b>-b</b> option option dis-
+ NOTE: with "<a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> = yes", the <b>-h</b> option option dis-
ables UTF-8 syntax checks on query keys and lookup results.
Specify the <b>-U</b> option to force UTF-8 syntax checks anyway.
generates header\-style lookup keys for attachment MIME
headers and for attached message/* headers.
.sp
-NOTE: with "smtputf8_enable = yes", the \fB\-b\fR option
+NOTE: with "smtputf8_enable = yes", the \fB\-h\fR option
option disables UTF\-8 syntax checks on query keys and
lookup results. Specify the \fB\-U\fR option to force UTF\-8
syntax checks anyway.
<li><a href="#parts"> Components of a Postfix system </a>
-<li><a href="#default"> The default Postfix instance </a>
+<li><a href="#default"> The primary Postfix instance </a>
<li><a href="#group"> Instance groups </a>
<h2><a name="split"> Null-client instances versus service instances </a></h2>
<p> In the multi-instance approach to configuring Postfix, the first
-simplification is with the default local-submission Postfix instance.
+simplification is with the primary local-submission Postfix instance.
</p>
<p> Most UNIX systems require support for email submission with the
regard the border MTA is not different from other Unix hosts in
your environment. For this reason, it will submit locally-generated
email to the internal mail hub. We start the construction of the
-border mail server with the <a href="#default_instance">default</a>
+border mail server with the <a href="#default">primary</a>
instance, which will be a local-submission <a
href="STANDARD_CONFIGURATION_README.html#null_client">null client</a>:
</p>
input instances into a single instance group named "mta". </p>
<p> Just once, when adding the first secondary instance, enable
-multi-instance support in the default (null-client) instance: </p>
+multi-instance support in the primary (null-client) instance: </p>
<blockquote>
<pre>
<p> The instance configuration directory defaults to /etc/postfix-out,
more precisely, the "postfix-out" subdirectory of the parent directory
-of the default-instance configuration directory. The new instance will
+of the primary-instance configuration directory. The new instance will
be created in a "disabled" state: </p>
<blockquote>
<p> This instance has a "stock" master.cf file, and its queue and
data directories, also named "postfix-out", will be located in the
same parent directories as the corresponding directories of the
-default instance (e.g., /var/spool/postfix-out and /var/lib/postfix-out).
+primary instance (e.g., /var/spool/postfix-out and /var/lib/postfix-out).
</p>
<p> While this instance is immediately safe to start, it is not yet
<p> The new instance configuration directory defaults to /etc/postfix-in,
more precisely, the "postfix-in" subdirectory of the parent directory
-of the default-instance configuration directory. The new instance will
+of the primary-instance configuration directory. The new instance will
be created in a "disabled" state: </p>
<blockquote>
<p> Though config_directory cannot be set in main.cf, postfix(1) and
most of the other command-line Postfix utilities allow you to specify a
-non-default configuration directory via a command line option (typically
+secondary configuration directory via a command line option (typically
<b>-c</b>) or via the MAIL_CONFIG environment variable. In this way,
it is possible to have multiple configuration directories on the same
machine, and to have multiple running master(8) daemons each with its
directory and data directory (specified in the corresponding main.cf file)
make up a Postfix <b>instance</b>. </p>
-<h2><a name="default"> The default Postfix instance </a></h2>
+<h2><a name="default"> The primary Postfix instance </a></h2>
<p> One Postfix instance is special: this is the instance whose
configuration directory is the default one compiled into the Postfix
utilities. The location of the default configuration directory is
typically /etc/postfix, and can be queried via the "postconf -d
config_directory" command. We call the instance with this configuration
-directory the "default instance". </p>
+directory the "primary instance". </p>
-<p> The default instance is responsible for local mail submission. The
+<p> The primary instance is responsible for local mail submission. The
setgid postdrop(1) utility is used by the sendmail(1) local submission
program to spool messages into the <b>maildrop</b> sub-directory of the
-queue directory of the default instance. </p>
+queue directory of the primary instance. </p>
<p> Even in the rare case when "sendmail -C" is used to submit local mail
-into a non-default Postfix instance, for security reasons, postdrop(1)
-will consult the default main.cf file to check the validity of the
+into a secondary Postfix instance, for security reasons, postdrop(1)
+will consult the primary main.cf file to check the validity of the
requested non-default configuration directory. </p>
<p> So, while in most other respects, all instances are equal, the
-default instance is "more equal than others". You may choose to create
-additional instances, but you must have at least the default instance,
+primary instance is "more equal than others". You may choose to create
+secondary instances, but you must have at least the primary instance,
with its configuration directory in the default compiled-in location. </p>
<h2><a name="group"> Instance groups </a></h2>
its own start/stop procedure that is separate from any Postfix
instance). </p>
-<p> The default instance main.cf file's $multi_instance_directories
+<p> The primary instance main.cf file's $multi_instance_directories
configuration parameter lists the configuration directories of all
-secondary (non-default) instances. Together with the default instance,
+secondary (non-default) instances. Together with the primary instance,
these secondary instances are managed by the multi-instance manager.
Instances are started in the order listed, and stopped in the
opposite order. For instances that are members of a service "group",
<dt> multi_instance_wrapper </dt>
-<dd> <p> This default-instance configuration parameter must be set
+<dd> <p> This primary-instance configuration parameter must be set
to a suitable multi-instance manager's "wrapper" program that
controls the starting, stopping, etc. of a multi-instance Postfix
system. To use the postmulti(1) manager described in this document,
<dt> multi_instance_directories </dt>
-<dd> <p> This default-instance configuration parameter specifies
+<dd> <p> This primary-instance configuration parameter specifies
an optional list of the secondary instances controlled via the
multi-instance manager. Instances are listed in their "start" order,
-with the default instance always started first (if enabled). If
+with the primary instance always started first (if enabled). If
$multi_instance_directories is left empty, the postfix(1) command
runs with multi-instance support turned off, and none of the
multi_instance_ configuration parameters will have any effect. </p>
<p> Before postmulti(1) is used for the first time, you must install
it as the multi_instance_wrapper for your Postfix system and enable
-multi-instance operation of the default Postfix instance. You can then
+multi-instance operation of the primary Postfix instance. You can then
proceed to add <a href="#create">new</a> or <a href="#import">existing</a>
instances to the multi-instance configuration. This initial installation
is accomplished as follows: </p>
</pre>
</blockquote>
-<p> This updates the default instance main.cf file as follows: </p>
+<p> This updates the primary instance main.cf file as follows: </p>
<blockquote>
<pre>
#
multi_instance_wrapper = ${command_directory}/postmulti -p --
- # Configure the default instance to start when in multi-instance mode
+ # Configure the primary instance to start when in multi-instance mode
#
multi_instance_enable = yes
</pre>
</blockquote>
-<p> If you prefer, you can make these changes by editing the default
+<p> If you prefer, you can make these changes by editing the primary
main.cf directly, or by using "postconf -e". </p>
<h3><a name="list"> Listing managed instances </a></h3>
-<p> The list of managed instances consists of the default instance and
-the additional instances whose configuration directories are listed
+<p> The list of managed instances consists of the primary instance and
+the secondary instances whose configuration directories are listed
(in start order) under the multi_instance_directories parameter of the
-default main.cf configuration file. </p>
+primary main.cf configuration file. </p>
<p> You can list selected instances, groups of instances or all
instances by specifying only the instance matching options with the
"-l" option. The "-a" option is assumed if no other instance
selection options are specified (this behavior changes with the
"-e" option). As a special case, even if it has an explicit name,
-the default instance can always be selected via "-i -". </p>
+the primary instance can always be selected via "-i -". </p>
<blockquote>
<pre>
<p> When selecting an existing instance via the "-i" option, you
can always use the full pathname of its configuration directory
instead of the instance (short) name. This is the only way to select
-a non-default nameless instance. The default instance can be selected
+a secondary nameless instance. The primary instance can be selected
via "-i -", whether it has a name or not. </p>
<p> To list instances in reverse start order, include the "-R"
<h3><a name="create"> Creating a new Postfix instance </a></h3>
-<p> The postmulti(1) command can be used to create additional Postfix
+<p> The postmulti(1) command can be used to create secondary Postfix
instances. New instances are created with local submission and all "inet"
services disabled via the following non-default parameter settings in
the main.cf file: </p>
<p> The postmulti(1) command encourages a preferred way of organizing
the configuration directories, queue directories and data directories
-of non-default instances. If the default instance settings are: </p>
+of secondary instances. If the primary instance settings are: </p>
<blockquote>
<pre>
to the instance list. You can use the "-i" or "-g" or "-a" options to
insert the new instance before the specified instance or group, or at
the beginning of the instance list (multi_instance_directories parameter
-of the default instance). </p>
+of the primary instance). </p>
<p> If you do specify a name (use "-I" with a name that is not "-")
for the new instance, you may omit any of the 3 instance installation
PRELOAD
rhansen
XDG
+crosstalk
encoded encoded text can contain only alpha digit
ossl_digest_new ossl_digest_new returns NULL after error ossl_digest_data
Richard Hansen rhansen rhansen org
+ long long or long integer
client Files dict h dict_proxy c proxymap proxymap c
cross talk between different clients File proxymap proxymap c
postscreen postscreen c
+ for the h option Robert Hansen File postmap postmap c
+ Support for the ll long long etc and j intmax_t
+ postalias postalias c There is more time handling code in
+ long long which just like time_t is a 64 bit type on many
+ File tls tls h
+ dual purpose field File tls tls h
OSSL
ossl
deduplicates
+intmax
+lflag
XDG
ENOTSOCK
FustÃ
+Jiaying
+PRI
+YP
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20250717"
+#define MAIL_RELEASE_DATE "20250729"
#define MAIL_VERSION_NUMBER "3.11"
#ifdef SNAPSHOT
* this information MUST be written without a trailing null appended to
* key or value.
*/
+#if (defined(HAS_NIS) || defined(HAS_NISPLUS))
mkmap->dict->flags &= ~DICT_FLAG_TRY1NULL;
mkmap->dict->flags |= DICT_FLAG_TRY0NULL;
- vstring_sprintf(value_buffer, "%010ld", (long) time((time_t *) 0));
-#if (defined(HAS_NIS) || defined(HAS_NISPLUS))
+ vstring_sprintf(value_buffer, "%010" PRId64, (int64_t) time((time_t *) 0));
mkmap->dict->flags &= ~DICT_FLAG_FOLD_FIX;
mkmap_append(mkmap, "YP_LAST_MODIFIED", STR(value_buffer));
mkmap_append(mkmap, "YP_MASTER_NAME", var_myhostname);
/* generates header-style lookup keys for attachment MIME
/* headers and for attached message/* headers.
/* .sp
-/* NOTE: with "smtputf8_enable = yes", the \fB-b\fR option
+/* NOTE: with "smtputf8_enable = yes", the \fB-h\fR option
/* option disables UTF-8 syntax checks on query keys and
/* lookup results. Specify the \fB-U\fR option to force UTF-8
/* syntax checks anyway.
const char *srvr_sig_curve; /* server's ECDSA curve name */
int srvr_sig_bits; /* server's RSA signature key bits */
const char *srvr_sig_dgst; /* server's signature digest */
+ int rpt_reported; /* Failure was reported with TLSRPT */
/* Private. */
SSL *con;
char *cache_type; /* tlsmgr(8) cache type if enabled */
- int ticketed; /* Session ticket issued */
+ int ticketed; /* Issued (server) or cached (client) */
char *serverid; /* unique server identifier */
char *namaddr; /* nam[addr] for logging */
int log_mask; /* What to log */
int errordepth; /* Chain depth of error cert */
int errorcode; /* First error at error depth */
int must_fail; /* Failed to load trust settings */
- int rpt_reported; /* Failure was reported with TLSRPT */
char *ffail_type; /* Forced verification failure */
+ /* End of Private members. */
} TLS_SESS_STATE;
/*
msg_panic("%s: null session cache type in new session callback",
myname);
- if (TLScontext->log_mask & TLS_LOG_CACHE)
- /* serverid contains transport:addr:port information */
- msg_info("save session %s to %s cache",
- TLScontext->serverid, TLScontext->cache_type);
-
- /*
+ /*-
+ * Store only the first ticket for a given connection.
+ * - Even if the server offers multiple tickets, we have no mechanism to
+ * store or use multiple concurrent tickets for the same nexthop.
+ *
* Passivate and save the session object. Errors are non-fatal, since
* caching is only an optimization.
*/
- if ((session_data = tls_session_passivate(session)) != 0) {
+ if (TLScontext->ticketed == 0 &&
+ (session_data = tls_session_passivate(session)) != 0) {
+ TLScontext->ticketed = 1;
+ if (TLScontext->log_mask & TLS_LOG_CACHE)
+ /* serverid contains transport:addr:port information */
+ msg_info("save session %s to %s cache",
+ TLScontext->serverid, TLScontext->cache_type);
+
tls_mgr_update(TLScontext->cache_type, TLScontext->serverid,
STR(session_data), LEN(session_data));
vstring_free(session_data);
tls_dane_log(TLScontext);
}
}
+ } else if (TLS_MUST_MATCH(TLScontext->level) &&
+ TLScontext->errordepth == 0 &&
+ TLScontext->errorcode == X509_V_ERR_HOSTNAME_MISMATCH) {
+ /*
+ * If the only error is a hostname mismatch, the certificate must have
+ * been trusted.
+ */
+ TLScontext->peer_status |= TLS_CERT_FLAG_TRUSTED;
}
/*
if (TLScontext->log_mask & TLS_LOG_CACHE)
msg_info("%s: Decrypting session ticket, key expiration: %ld",
TLScontext->namaddr, (long) key->tout);
+ TLScontext->ticketed = 1;
}
- TLScontext->ticketed = 1;
return (TLS_TKT_ACCEPT);
}
if (TLScontext->log_mask & TLS_LOG_CACHE)
msg_info("%s: Decrypting session ticket, key expiration: %ld",
TLScontext->namaddr, (long) key->tout);
+ TLScontext->ticketed = 1;
}
- TLScontext->ticketed = 1;
return (TLS_TKT_ACCEPT);
}
static void update_error_state(TLS_SESS_STATE *TLScontext, int depth,
X509 *errorcert, int errorcode)
{
- /* No news is good news */
- if (TLScontext->errordepth >= 0 && TLScontext->errordepth <= depth)
- return;
+ /*
+ * Report the error that is closest to the leaf certificate, any errors
+ * higher up the chain are immaterial until the "inner" errors are fixed.
+ *
+ * We special-case "X509_V_ERR_HOSTNAME_MISMATCH" (at depth 0) in order to
+ * distinguish between untrusted certificates and trusted certificates
+ * with a hostname mismatch. Any other error has a higher priority.
+ */
+ if (TLScontext->errordepth >= 0) {
+ if (TLScontext->errordepth <= depth &&
+ TLScontext->errorcode != X509_V_ERR_HOSTNAME_MISMATCH)
+ return;
+ if (errorcode == X509_V_ERR_HOSTNAME_MISMATCH)
+ return;
+ }
/*
* The certificate pointer is stable during the verification callback,
/* Google, Inc.
/* 111 8th Avenue
/* New York, NY 10011, USA
+/*
+/* Wietse Venema
+/* porcupine.org
/*--*/
/* System library. */
#include <float.h> /* range of doubles */
#include <errno.h>
#include <limits.h> /* CHAR_BIT, INT_MAX */
+#include <inttypes.h> /* intmax_t */
/* Application-specific. */
* floating-point numbers, use a similar estimate, and add DBL_MAX_10_EXP
* just to be sure.
*/
+#define IMX_SPACE ((CHAR_BIT * sizeof(intmax_t)) / 2)
+#define LL_SPACE ((CHAR_BIT * sizeof(long long)) / 2)
#define INT_SPACE ((CHAR_BIT * sizeof(long)) / 2)
#define DBL_SPACE ((CHAR_BIT * sizeof(double)) / 2 + DBL_MAX_10_EXP)
#define PTR_SPACE ((CHAR_BIT * sizeof(char *)) / 2)
unsigned char *cp;
int width; /* width and numerical precision */
int prec; /* are signed for overflow defense */
- unsigned long_flag; /* long or plain integer */
+ unsigned long_flag; /* long long, or long integer */
+ unsigned intmax_flag; /* intmax_t */
int ch;
char *s;
int saved_errno = errno; /* VBUF_SPACE() may clobber it */
* strings, since we are ging to let sprintf() do the hard work.
* In regular expression notation, we recognize:
*
- * %-?+?0?([0-9]+|\*)?(\.([0-9]+|\*))?l?[a-zA-Z]
+ * %-?+?0?([0-9]+|\*)?(\.([0-9]+|\*))?l{1,2}?j?[a-zA-Z]
*
* which includes some combinations that do not make sense. Garbage
* in, garbage out.
} else {
prec = -1;
}
- if ((long_flag = (*cp == 'l')) != 0)/* long whatever */
+ long_flag = 0;
+ while (long_flag < 2 && *cp == 'l') { /* long whatever */
+ long_flag += 1;
+ VSTRING_ADDCH(fmt, *cp++);
+ }
+ if ((intmax_flag = (*cp == 'j')) != 0) /* intmax_t whatever */
VSTRING_ADDCH(fmt, *cp++);
if (*cp == 0) /* premature end, punt */
break;
case 's': /* string-valued argument */
if (long_flag)
msg_panic("%s: %%l%c is not supported", myname, *cp);
+ if (intmax_flag)
+ msg_panic("%s: %%j%c is not supported", myname, *cp);
s = va_arg(ap, char *);
if (prec >= 0 || (width > 0 && width > strlen(s))) {
VBUF_SNPRINTF(bp, (width > prec ? width : prec) + INT_SPACE,
case 'c': /* integral-valued argument */
if (long_flag)
msg_panic("%s: %%l%c is not supported", myname, *cp);
+ if (intmax_flag)
+ msg_panic("%s: %%j%c is not supported", myname, *cp);
/* FALLTHROUGH */
case 'd':
case 'u':
case 'o':
case 'x':
case 'X':
- if (long_flag)
+ if (intmax_flag && long_flag)
+ msg_panic("%s: '%s%c' has both 'j' and 'l' modifiers",
+ myname, vstring_str(fmt), *cp);
+ if (intmax_flag)
+ VBUF_SNPRINTF(bp, (width > prec ? width : prec) + IMX_SPACE,
+ vstring_str(fmt), va_arg(ap, intmax_t));
+ else if (long_flag == 2)
+ VBUF_SNPRINTF(bp, (width > prec ? width : prec) + LL_SPACE,
+ vstring_str(fmt), va_arg(ap, long long));
+ else if (long_flag == 1)
VBUF_SNPRINTF(bp, (width > prec ? width : prec) + INT_SPACE,
vstring_str(fmt), va_arg(ap, long));
- else
+ else if (long_flag == 0)
VBUF_SNPRINTF(bp, (width > prec ? width : prec) + INT_SPACE,
vstring_str(fmt), va_arg(ap, int));
+ else
+ msg_panic("%s: bad long_flag: %u", myname, long_flag);
break;
case 'e': /* float-valued argument */
case 'f':
vstring_str(fmt), va_arg(ap, double));
break;
case 'm':
- /* Ignore the 'l' modifier, width and precision. */
+ /* Ignore the 'l' or 'j' modifier, width and precision. */
VBUF_STRCAT(bp, mystrerror(saved_errno));
break;
case 'p':
if (long_flag)
msg_panic("%s: %%l%c is not supported", myname, *cp);
+ if (intmax_flag)
+ msg_panic("%s: %%j%c is not supported", myname, *cp);
VBUF_SNPRINTF(bp, (width > prec ? width : prec) + PTR_SPACE,
vstring_str(fmt), va_arg(ap, char *));
break;
} else {
char *fmt = cp++;
int lflag;
+ int jflag;
/* Determine the vstring_sprintf() argument type. */
cp += strspn(cp, "+-*0123456789.");
- if ((lflag = (*cp == 'l')) != 0)
+ lflag = 0;
+ while (*cp == 'l') {
+ lflag += 1;
+ cp++;
+ }
+ if ((jflag = (*cp == 'j')) != 0)
cp++;
if (cp[1] != 0) {
msg_warn("bad format: \"%s\"", fmt);
case 'u':
case 'x':
case 'X':
- if (lflag)
+ if (jflag) {
+ vstring_sprintf(obuf, fmt, (intmax_t) atoll(val));
+ } else if (lflag == 2) {
+ vstring_sprintf(obuf, fmt, atoll(val));
+ } else if (lflag == 1) {
vstring_sprintf(obuf, fmt, atol(val));
- else
+ } else { /* lflag==0 or bogus */
vstring_sprintf(obuf, fmt, atoi(val));
+ }
msg_info("\"%s\"", vstring_str(obuf));
break;
case 's':
%10ld 123456789
%10.10ld 123456789
+%+lld 123456789
+%-lld 123456789
+%lld 123456789
+%10lld 123456789
+%10.10lld 123456789
+
+%+jd 123456789
+%-jd 123456789
+%jd 123456789
+%10jd 123456789
+%10.10jd 123456789
+
%+lo 123456789
%-lo 123456789
%lo 123456789
./vbuf_print: "123456789"
./vbuf_print: " 123456789"
./vbuf_print: "0123456789"
+./vbuf_print: "+123456789"
+./vbuf_print: "123456789"
+./vbuf_print: "123456789"
+./vbuf_print: " 123456789"
+./vbuf_print: "0123456789"
+./vbuf_print: "+123456789"
+./vbuf_print: "123456789"
+./vbuf_print: "123456789"
+./vbuf_print: " 123456789"
+./vbuf_print: "0123456789"
./vbuf_print: "726746425"
./vbuf_print: "726746425"
./vbuf_print: "726746425"
/* The functions and macros in this module implement arbitrary-length
/* strings and common operations on those strings. The strings do not
/* need to be null terminated and may contain arbitrary binary data.
+/* Operations that expect a null-terminated string as input will
+/* process only the input that precedes the first null byte.
/* The strings manage their own memory and grow automatically when full.
/* The optional string null terminator does not add to the string length.
/*
projects / thirdparty / postfix.git / commitdiff
