the lmtp_lhlo_timeout parameter, and added end-of-life info
for the obsolete proxy_tls_session_cache_timeout parameter.
File: proto/postconf.proto.
+
+20250104
+
+ Cleanup: the SMTP client complained about "missing
+ trw_set_tls_policy call" when a destination had a TLSRPT
+ policy, but TLS was disabled. File: smtp/smtp_connect.c.
+
+ Logging: the Postfix SMTP server now logs the queue ID or
+ "NOQUEUE" when an SMTP session terminates abnormally (too
+ many errors, I/O timeout, lost connection). File: smtpd/smtpd.c.
+
+ Cleanup: improved error handling when the sqlite: client
+ tries to open a non-existent database: do not attempt to
+ create a read-write database file; and do log the underlying
+ system error (example: No such file or directory). Michael
+ Tokarev.File: global/dict_sqlite.c.
+
+ Feature: automatic RFC 2047 encoding for non-ASCII full
+ name information when Postfix generates a From: message
+ header. Encoding non-ASCII full names can avoid the need
+ to use SMTPUTF8, and therefore can avoid incompatibility
+ with sites that do not support SMTPUTF8.
+
+ The new parameter "full_name_encoding_charset" (default:
+ "utf-8") specifies the character set of the full name in
+ the Postfix sendmail "-F" option, in the Postfix sendmail
+ "NAME" environment variable, or in the GECOS field of the
+ UNIX password database.
+
+ The encoded result looks like "=?charset?Q?gibberish?= for
+ quoted-printable encoding, or "=?charset?B?gibberish?= for
+ base64 encoding. Postfix uses quoted-printable for a full
+ name that is short or mostly ASCII, and uses base64 otherwise.
+
+ Files: mantools/postlink, proto/postconf.proto, cleanup/cleanup.c,
+ cleanup/cleanup_init.c, cleanup/cleanup_message.c,
+ global/ascii_header_text.c, global/ascii_header_text.h,
+ global/mail_params.h, global/rfc2047_code.c, global/rfc2047_code.h,
+ util/clean_ascii_cntrl_space.c, util/clean_ascii_cntrl_space.h.
license of their choice. Those who are more comfortable with the
IPL can continue with that license.
+[Feature 20250105]
+
+Support for automatic RFC 2047 encoding of non-ASCII "full name"
+information in Postfix-generated From: message headers. Encoding
+non-ASCII full names can avoid the need to use SMTPUTF8, and therefore
+can avoid incompatibility with sites that do not support SMTPUTF8.
+
+Background: when a message without a From: header is submitted with the
+Postfix sendmail(1) command, Postfix will add a From: header and will
+try to use the sender's full name specified with the Postfix sendmail(1)
+"-F" option, with the sendmail(1) "NAME" environment variable, or
+with the GECOS field in the UNIX password database.
+
+This introduces a new configuration parameter "full_name_encoding_charset"
+(default: utf8) which specifies the character set of the full name
+information in the Postfix sendmail(1) "-F" option or "NAME"
+environment variable, or in the GECOS field in the UNIX password
+database.
+
+[Incompat 20250105]
+
+The SMTP server now logs the queue ID (or "NOQUEUE") when a connection
+ends abnormally (timeout, lost connection, or too many errors).
+
+[Feature 20250105]
+
+The SMTP server now logs the queue ID (or "NOQUEUE") when a connection
+ends abnormally (timeout, lost connection, or too many errors).
+
[Feature 20241104]
The cleanup server now logs "queueid: canceled" when a message
<b><a href="postconf.5.html#enable_long_queue_ids">enable_long_queue_ids</a> (no)</b>
Enable long, non-repeating, queue IDs (queue file names).
+<b><a name="header_formatting_controls">HEADER FORMATTING CONTROLS</a></b>
Available in Postfix version 3.0 and later:
<b><a href="postconf.5.html#message_drop_headers">message_drop_headers</a> (bcc, content-length, resent-bcc, return-path)</b>
after applying <a href="header_checks.5.html"><b>header_checks</b>(5)</a> and before invoking Milter
applications.
+ Available in Postfix version 3.3 and later:
+
<b><a href="postconf.5.html#header_from_format">header_from_format</a> (standard)</b>
The format of the Postfix-generated <b>From:</b> header.
+ Available in Postfix version 3.10 and later:
+
+ <b><a href="postconf.5.html#full_name_encoding_charset">full_name_encoding_charset</a> (utf-8)</b>
+ The character set name (also called "charset") that Postfix will
+ output when it automatically generates an <a href="https://tools.ietf.org/html/rfc2047">RFC 2047</a> encoded full
+ name.
+
<b><a name="built-in_content_filtering_controls">BUILT-IN CONTENT FILTERING CONTROLS</a></b>
Postfix built-in content filtering is meant to stop a flood of worms or
viruses. It is not a general content filter.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
The maximal number of digits after the decimal point when log-
- ging sub-second delay values.
+ ging delay values.
<b><a href="postconf.5.html#delay_warning_time">delay_warning_time</a> (0h)</b>
The time after which the sender receives a copy of the message
111 8th Avenue
New York, NY 10011, USA
+ Wietse Venema
+ porcupine.org
+
CLEANUP(8)
</pre> </body> </html>
process instance while mail is being forwarded. </p>
+</DD>
+
+<DT><b><a name="full_name_encoding_charset">full_name_encoding_charset</a>
+(default: utf-8)</b></DT><DD>
+
+<p> The character set name (also called "charset") that Postfix
+will output when it automatically generates an <a href="https://tools.ietf.org/html/rfc2047">RFC 2047</a> encoded
+full name. Encoding non-ASCII full names can avoid the need to use
+SMTPUTF8, and therefore can avoid incompatibility with sites that
+do not support SMTPUTF8. </p>
+
+<p> The encoded names look like "=?charset?q?gibberish?=" with
+quoted-printable encoding, or "=?charset?b?gibberish?=" with base64
+encoding. Postfix uses quoted-printable encoding for a full name
+that is short or mostly printable ASCII, and uses base64 otherwise.
+</p>
+
+<p> Background: when a message without a From: header is submitted
+with the Postfix <a href="sendmail.1.html">sendmail(1)</a> command, the Postfix <a href="cleanup.8.html">cleanup(8)</a> daemon
+will add a From: header and will try to use the sender's full name
+specified with the Postfix <a href="sendmail.1.html">sendmail(1)</a> "-F" option, with the Postfix
+<a href="sendmail.1.html">sendmail(1)</a> "NAME" environment variable, or with the GECOS field
+in the UNIX password database. In the latter case, Postfix will
+replace the "&" character with the login name, with a lowercase
+ASCII first character converted to uppercase. </p>
+
+<p> NOTE: Postfix does not convert between character sets; it simply
+encodes the raw bytes in a full name as printable ASCII gibberish.
+The <a href="postconf.5.html#full_name_encoding_charset">full_name_encoding_charset</a> value specifies how a mail reader
+program should display the decoded gibberish. </p>
+
+<p> Specify a valid character set name such as "utf-8" or "iso-8859-1
+(specify the latter for full names that use the Latin1 encoding).
+The character set name is case insensitive. When a character set
+name violates <a href="https://tools.ietf.org/html/rfc2047">RFC 2047</a> syntax, Postfix will log a warning and will
+skip the full name. </p>
+
+<p> This feature is available in Postfix ≥ 3.10. </p>
+
+
</DD>
<DT><b><a name="hash_queue_depth">hash_queue_depth</a>
Available in Postfix version 2.9 - 3.6:
- <b><a href="postconf.5.html#smtpd_per_record_deadline">smtpd_per_record_deadline</a> (normal: no, overload: yes)</b>
+ <b><a href="postconf.5.html#smtpd_per_record_deadline">smtpd_per_record_deadline</a> (normal: no, <a href="STRESS_README.html">overload</a>: yes)</b>
Change the behavior of the <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> and <a href="postconf.5.html#smtpd_starttls_timeout">smtpd_start</a>-
<a href="postconf.5.html#smtpd_starttls_timeout">tls_timeout</a> time limits, from a time limit per read or write
system call, to a time limit to send or receive a complete
Available in Postfix version 3.7 and later:
- <b><a href="postconf.5.html#smtpd_per_request_deadline">smtpd_per_request_deadline</a> (normal: no, overload: yes)</b>
+ <b><a href="postconf.5.html#smtpd_per_request_deadline">smtpd_per_request_deadline</a> (normal: no, <a href="STRESS_README.html">overload</a>: yes)</b>
Change the behavior of the <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> and <a href="postconf.5.html#smtpd_starttls_timeout">smtpd_start</a>-
<a href="postconf.5.html#smtpd_starttls_timeout">tls_timeout</a> time limits, from a time limit per plaintext or TLS
read or write call, to a combined time limit for receiving a
or accepting connections.
<b><a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> (<a href="proxymap.8.html">proxy</a>:unix:passwd.byname $<a href="postconf.5.html#alias_maps">alias_maps</a>)</b>
- Lookup tables with all names or addresses of local recipients: a
- recipient address is local when its domain matches $<a href="postconf.5.html#mydestination">mydestina</a>-
- <a href="postconf.5.html#mydestination">tion</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>.
+ Lookup tables with all names or addresses of valid local recipi-
+ ents.
<b><a href="postconf.5.html#unknown_local_recipient_reject_code">unknown_local_recipient_reject_code</a> (550)</b>
The numerical Postfix SMTP server response code when a recipient
- address is local, and $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> specifies a list of
+ address is local, and $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> specifies a list of
lookup tables that does not match the recipient.
Parameters concerning known/unknown recipients of relay destinations:
<b><a href="postconf.5.html#relay_domains">relay_domains</a> (Postfix</b> ><b>= 3.0: empty, Postfix</b> < <b>3.0: $<a href="postconf.5.html#mydestination">mydestination</a>)</b>
- What destination domains (and subdomains thereof) this system
+ What destination domains (and subdomains thereof) this system
will relay mail to.
<b><a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> (empty)</b>
- Optional lookup tables with all valid addresses in the domains
+ Optional lookup tables with all valid addresses in the domains
that match $<a href="postconf.5.html#relay_domains">relay_domains</a>.
<b><a href="postconf.5.html#unknown_relay_recipient_reject_code">unknown_relay_recipient_reject_code</a> (550)</b>
- The numerical Postfix SMTP server reply code when a recipient
- address matches $<a href="postconf.5.html#relay_domains">relay_domains</a>, and <a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> speci-
- fies a list of lookup tables that does not match the recipient
+ The numerical Postfix SMTP server reply code when a recipient
+ address matches $<a href="postconf.5.html#relay_domains">relay_domains</a>, and <a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> speci-
+ fies a list of lookup tables that does not match the recipient
address.
- Parameters concerning known/unknown recipients in virtual alias
+ Parameters concerning known/unknown recipients in virtual alias
domains:
<b><a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a> ($<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>)</b>
- Postfix is the final destination for the specified list of vir-
+ Postfix is the final destination for the specified list of vir-
tual alias domains, that is, domains for which all addresses are
aliased to addresses in other local or remote domains.
<b><a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> ($<a href="postconf.5.html#virtual_maps">virtual_maps</a>)</b>
Optional lookup tables that are often searched with a full email
- address (including domain) and that apply to all recipients:
- <a href="local.8.html"><b>local</b>(8)</a>, virtual, and remote; this is unlike <a href="postconf.5.html#alias_maps">alias_maps</a> that
- are only searched with an email address localpart (no domain)
+ address (including domain) and that apply to all recipients:
+ <a href="local.8.html"><b>local</b>(8)</a>, virtual, and remote; this is unlike <a href="postconf.5.html#alias_maps">alias_maps</a> that
+ are only searched with an email address localpart (no domain)
and that apply only to <a href="local.8.html"><b>local</b>(8)</a> recipients.
<b><a href="postconf.5.html#unknown_virtual_alias_reject_code">unknown_virtual_alias_reject_code</a> (550)</b>
- The Postfix SMTP server reply code when a recipient address
- matches $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, and $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> speci-
- fies a list of lookup tables that does not match the recipient
+ The Postfix SMTP server reply code when a recipient address
+ matches $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, and $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> speci-
+ fies a list of lookup tables that does not match the recipient
address.
Parameters concerning known/unknown recipients in virtual mailbox
domains:
<b><a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> ($<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>)</b>
- Postfix is the final destination for the specified list of
- domains; mail is delivered via the $<a href="postconf.5.html#virtual_transport">virtual_transport</a> mail
+ Postfix is the final destination for the specified list of
+ domains; mail is delivered via the $<a href="postconf.5.html#virtual_transport">virtual_transport</a> mail
delivery transport.
<b><a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> (empty)</b>
- Optional lookup tables with all valid addresses in the domains
+ Optional lookup tables with all valid addresses in the domains
that match $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>.
<b><a href="postconf.5.html#unknown_virtual_mailbox_reject_code">unknown_virtual_mailbox_reject_code</a> (550)</b>
- The Postfix SMTP server reply code when a recipient address
- matches
$<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>, and $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>
+ The Postfix SMTP server reply code when a recipient address
+ matches
$<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>, and $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>
specifies a list of lookup tables that does not match the recip-
ient address.
control client request rates.
<b><a href="postconf.5.html#line_length_limit">line_length_limit</a> (2048)</b>
- Upon input, long lines are chopped up into pieces of at most
+ Upon input, long lines are chopped up into pieces of at most
this length; upon delivery, long lines are reconstructed.
<b><a href="postconf.5.html#queue_minfree">queue_minfree</a> (0)</b>
tem that is needed to receive mail.
<b><a href="postconf.5.html#message_size_limit">message_size_limit</a> (10240000)</b>
- The maximal size in bytes of a message, including envelope
+ The maximal size in bytes of a message, including envelope
information.
<b><a href="postconf.5.html#smtpd_recipient_limit">smtpd_recipient_limit</a> (1000)</b>
- The maximal number of recipients that the Postfix SMTP server
+ The maximal number of recipients that the Postfix SMTP server
accepts per message delivery request.
- <b><a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> (normal: 300s, overload: 10s)</b>
- When the Postfix SMTP server wants to send an SMTP server
- response, how long the Postfix SMTP server will wait for an
- underlying network write operation to complete; and when the
- Postfix SMTP server Postfix wants to receive an SMTP client
- request, how long the Postfix SMTP server will wait for an
+ <b><a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> (normal: 300s, <a href="STRESS_README.html">overload</a>: 10s)</b>
+ When the Postfix SMTP server wants to send an SMTP server
+ response, how long the Postfix SMTP server will wait for an
+ underlying network write operation to complete; and when the
+ Postfix SMTP server Postfix wants to receive an SMTP client
+ request, how long the Postfix SMTP server will wait for an
underlying network read operation to complete.
<b><a href="postconf.5.html#smtpd_history_flush_threshold">smtpd_history_flush_threshold</a> (100)</b>
- The maximal number of lines in the Postfix SMTP server command
- history before it is flushed upon receipt of EHLO, RSET, or end
+ The maximal number of lines in the Postfix SMTP server command
+ history before it is flushed upon receipt of EHLO, RSET, or end
of DATA.
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#smtpd_peername_lookup">smtpd_peername_lookup</a> (yes)</b>
- Attempt to look up the remote SMTP client hostname, and verify
+ Attempt to look up the remote SMTP client hostname, and verify
that the name matches the client IP address.
The per SMTP client connection count and request rate limits are imple-
- mented in co-operation with the <a href="anvil.8.html"><b>anvil</b>(8)</a> service, and are available in
+ mented in co-operation with the <a href="anvil.8.html"><b>anvil</b>(8)</a> service, and are available in
Postfix version 2.2 and later.
<b><a href="postconf.5.html#smtpd_client_connection_count_limit">smtpd_client_connection_count_limit</a> (50)</b>
- How many simultaneous connections any client is allowed to make
+ How many simultaneous connections any client is allowed to make
to this service.
<b><a href="postconf.5.html#smtpd_client_connection_rate_limit">smtpd_client_connection_rate_limit</a> (0)</b>
- The maximal number of connection attempts any client is allowed
+ The maximal number of connection attempts any client is allowed
to make to this service per time unit.
<b><a href="postconf.5.html#smtpd_client_message_rate_limit">smtpd_client_message_rate_limit</a> (0)</b>
- The maximal number of message delivery requests that any client
- is allowed to make to this service per time unit, regardless of
+ The maximal number of message delivery requests that any client
+ is allowed to make to this service per time unit, regardless of
whether or not Postfix actually accepts those messages.
<b><a href="postconf.5.html#smtpd_client_recipient_rate_limit">smtpd_client_recipient_rate_limit</a> (0)</b>
- The maximal number of recipient addresses that any client is
- allowed to send to this service per time unit, regardless of
+ The maximal number of recipient addresses that any client is
+ allowed to send to this service per time unit, regardless of
whether or not Postfix actually accepts those recipients.
<b><a href="postconf.5.html#smtpd_client_event_limit_exceptions">smtpd_client_event_limit_exceptions</a> ($<a href="postconf.5.html#mynetworks">mynetworks</a>)</b>
- Clients that are excluded from smtpd_client_*_count/rate_limit
+ Clients that are excluded from smtpd_client_*_count/rate_limit
restrictions.
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#smtpd_client_new_tls_session_rate_limit">smtpd_client_new_tls_session_rate_limit</a> (0)</b>
- The maximal number of new (i.e., uncached) TLS sessions that a
+ The maximal number of new (i.e., uncached) TLS sessions that a
remote SMTP client is allowed to negotiate with this service per
time unit.
Available in Postfix version 2.9 - 3.6:
- <b><a href="postconf.5.html#smtpd_per_record_deadline">smtpd_per_record_deadline</a> (normal: no, overload: yes)</b>
+ <b><a href="postconf.5.html#smtpd_per_record_deadline">smtpd_per_record_deadline</a> (normal: no, <a href="STRESS_README.html">overload</a>: yes)</b>
Change the behavior of the <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> and <a href="postconf.5.html#smtpd_starttls_timeout">smtpd_start</a>-
- <a href="postconf.5.html#smtpd_starttls_timeout">tls_timeout</a> time limits, from a time limit per read or write
- system call, to a time limit to send or receive a complete
- record (an SMTP command line, SMTP response line, SMTP message
+ <a href="postconf.5.html#smtpd_starttls_timeout">tls_timeout</a> time limits, from a time limit per read or write
+ system call, to a time limit to send or receive a complete
+ record (an SMTP command line, SMTP response line, SMTP message
content line, or TLS protocol message).
Available in Postfix version 3.1 and later:
<b><a href="postconf.5.html#smtpd_client_auth_rate_limit">smtpd_client_auth_rate_limit</a> (0)</b>
- The maximal number of AUTH commands that any client is allowed
- to send to this service per time unit, regardless of whether or
+ The maximal number of AUTH commands that any client is allowed
+ to send to this service per time unit, regardless of whether or
not Postfix actually accepts those commands.
Available in Postfix version 3.7 and later:
- <b><a href="postconf.5.html#smtpd_per_request_deadline">smtpd_per_request_deadline</a> (normal: no, overload: yes)</b>
+ <b><a href="postconf.5.html#smtpd_per_request_deadline">smtpd_per_request_deadline</a> (normal: no, <a href="STRESS_README.html">overload</a>: yes)</b>
Change the behavior of the <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> and <a href="postconf.5.html#smtpd_starttls_timeout">smtpd_start</a>-
- <a href="postconf.5.html#smtpd_starttls_timeout">tls_timeout</a> time limits, from a time limit per plaintext or TLS
- read or write call, to a combined time limit for receiving a
- complete SMTP request and for sending a complete SMTP response.
+ <a href="postconf.5.html#smtpd_starttls_timeout">tls_timeout</a> time limits, from a time limit per plaintext or TLS
+ read or write call, to a combined time limit for receiving a
+ complete SMTP request and for sending a complete SMTP response.
<b><a href="postconf.5.html#smtpd_min_data_rate">smtpd_min_data_rate</a> (500)</b>
- The minimum plaintext data transfer rate in bytes/second for
- DATA and BDAT requests, when deadlines are enabled with
+ The minimum plaintext data transfer rate in bytes/second for
+ DATA and BDAT requests, when deadlines are enabled with
<a href="postconf.5.html#smtpd_per_request_deadline">smtpd_per_request_deadline</a>.
<b><a href="postconf.5.html#header_from_format">header_from_format</a> (standard)</b>
Available in Postfix version 3.8 and later:
<b><a href="postconf.5.html#smtpd_client_ipv4_prefix_length">smtpd_client_ipv4_prefix_length</a> (32)</b>
- Aggregate smtpd_client_*_count and smtpd_client_*_rate statis-
+ Aggregate smtpd_client_*_count and smtpd_client_*_rate statis-
tics by IPv4 network blocks with the specified network prefix.
<b><a href="postconf.5.html#smtpd_client_ipv6_prefix_length">smtpd_client_ipv6_prefix_length</a> (84)</b>
- Aggregate smtpd_client_*_count and smtpd_client_*_rate statis-
+ Aggregate smtpd_client_*_count and smtpd_client_*_rate statis-
tics by IPv6 network blocks with the specified network prefix.
Available in Postfix 3.9, 3.8.1, 3.7.6, 3.6.10, 3.5.20 and later:
<b><a href="postconf.5.html#smtpd_forbid_unauth_pipelining">smtpd_forbid_unauth_pipelining</a> (Postfix</b> ><b>= 3.9: yes)</b>
- Disconnect remote SMTP clients that violate <a href="https://tools.ietf.org/html/rfc2920">RFC 2920</a> (or 5321)
+ Disconnect remote SMTP clients that violate <a href="https://tools.ietf.org/html/rfc2920">RFC 2920</a> (or 5321)
command pipelining constraints.
Available in Postfix 3.9, 3.8.4, 3.7.9, 3.6.13, 3.5.23 and later:
<b><a href="postconf.5.html#smtpd_forbid_bare_newline">smtpd_forbid_bare_newline</a> (Postfix</b> ><b>= 3.9: normalize)</b>
- Reject or restrict input lines from an SMTP client that end in
+ Reject or restrict input lines from an SMTP client that end in
<LF> instead of the standard <CR><LF>.
<b><a href="postconf.5.html#smtpd_forbid_bare_newline_exclusions">smtpd_forbid_bare_newline_exclusions</a> ($<a href="postconf.5.html#mynetworks">mynetworks</a>)</b>
- Exclude
the specified clients from <a href="postconf.5.html#smtpd_forbid_bare_newline">smtpd_forbid_bare_newline</a>
+ Exclude
the specified clients from <a href="postconf.5.html#smtpd_forbid_bare_newline">smtpd_forbid_bare_newline</a>
enforcement.
Available in Postfix 3.9, 3.8.5, 3.7.10, 3.6.14, 3.5.24 and later:
request with "<a href="postconf.5.html#smtpd_forbid_bare_newline">smtpd_forbid_bare_newline</a> = reject".
<b><a name="tarpit_controls">TARPIT CONTROLS</a></b>
- When a remote SMTP client makes errors, the Postfix SMTP server can
- insert delays before responding. This can help to slow down run-away
- software. The behavior is controlled by an error counter that counts
+ When a remote SMTP client makes errors, the Postfix SMTP server can
+ insert delays before responding. This can help to slow down run-away
+ software. The behavior is controlled by an error counter that counts
the number of errors within an SMTP session that a client makes without
delivering mail.
<b><a href="postconf.5.html#smtpd_error_sleep_time">smtpd_error_sleep_time</a> (1s)</b>
- With Postfix version 2.1 and later: the SMTP server response
- delay
after a client has made more than $<a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a>
- errors, and fewer than $<a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> errors, without
+ With Postfix version 2.1 and later: the SMTP server response
+ delay
after a client has made more than $<a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a>
+ errors, and fewer than $<a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> errors, without
delivering mail.
<b><a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a> (10)</b>
- The number of errors a remote SMTP client is allowed to make
- without delivering mail before the Postfix SMTP server slows
+ The number of errors a remote SMTP client is allowed to make
+ without delivering mail before the Postfix SMTP server slows
down all its responses.
- <b><a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> (normal: 20, overload: 1)</b>
- The maximal number of errors a remote SMTP client is allowed to
+ <b><a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> (normal: 20, <a href="STRESS_README.html">overload</a>: 1)</b>
+ The maximal number of errors a remote SMTP client is allowed to
make without delivering mail.
- <b><a href="postconf.5.html#smtpd_junk_command_limit">smtpd_junk_command_limit</a> (normal: 100, overload: 1)</b>
- The number of junk commands (NOOP, VRFY, ETRN or RSET) that a
- remote SMTP client can send before the Postfix SMTP server
+ <b><a href="postconf.5.html#smtpd_junk_command_limit">smtpd_junk_command_limit</a> (normal: 100, <a href="STRESS_README.html">overload</a>: 1)</b>
+ The number of junk commands (NOOP, VRFY, ETRN or RSET) that a
+ remote SMTP client can send before the Postfix SMTP server
starts to increment the error counter with each junk command.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtpd_recipient_overshoot_limit">smtpd_recipient_overshoot_limit</a> (1000)</b>
- The number of recipients that a remote SMTP client can send in
+ The number of recipients that a remote SMTP client can send in
excess of the limit specified with $<a href="postconf.5.html#smtpd_recipient_limit">smtpd_recipient_limit</a>,
- before the Postfix SMTP server increments the per-session error
+ before the Postfix SMTP server increments the per-session error
count for each excess recipient.
<b><a name="access_policy_delegation_controls">ACCESS POLICY DELEGATION CONTROLS</a></b>
- As of version 2.1, Postfix can be configured to delegate access policy
- decisions to an external server that runs outside Postfix. See the
+ As of version 2.1, Postfix can be configured to delegate access policy
+ decisions to an external server that runs outside Postfix. See the
file <a href="SMTPD_POLICY_README.html">SMTPD_POLICY_README</a> for more information.
<b><a href="postconf.5.html#smtpd_policy_service_max_idle">smtpd_policy_service_max_idle</a> (300s)</b>
- The time after which an idle SMTPD policy service connection is
+ The time after which an idle SMTPD policy service connection is
closed.
<b><a href="postconf.5.html#smtpd_policy_service_max_ttl">smtpd_policy_service_max_ttl</a> (1000s)</b>
- The time after which an active SMTPD policy service connection
+ The time after which an active SMTPD policy service connection
is closed.
<b><a href="postconf.5.html#smtpd_policy_service_timeout">smtpd_policy_service_timeout</a> (100s)</b>
- The time limit for connecting to, writing to, or receiving from
+ The time limit for connecting to, writing to, or receiving from
a delegated SMTPD policy server.
Available in Postfix version 3.0 and later:
The default action when an SMTPD policy service request fails.
<b><a href="postconf.5.html#smtpd_policy_service_request_limit">smtpd_policy_service_request_limit</a> (0)</b>
- The maximal number of requests per SMTPD policy service connec-
+ The maximal number of requests per SMTPD policy service connec-
tion, or zero (no limit).
<b><a href="postconf.5.html#smtpd_policy_service_try_limit">smtpd_policy_service_try_limit</a> (2)</b>
- The maximal number of attempts to send an SMTPD policy service
+ The maximal number of attempts to send an SMTPD policy service
request before giving up.
<b><a href="postconf.5.html#smtpd_policy_service_retry_delay">smtpd_policy_service_retry_delay</a> (1s)</b>
- The delay between attempts to resend a failed SMTPD policy ser-
+ The delay between attempts to resend a failed SMTPD policy ser-
vice request.
Available in Postfix version 3.1 and later:
<b><a href="postconf.5.html#smtpd_policy_service_policy_context">smtpd_policy_service_policy_context</a> (empty)</b>
- Optional information that the Postfix SMTP server specifies in
- the "policy_context" attribute of a policy service request
- (originally, to share the same service endpoint among multiple
+ Optional information that the Postfix SMTP server specifies in
+ the "policy_context" attribute of a policy service request
+ (originally, to share the same service endpoint among multiple
<a href="postconf.5.html#check_policy_service">check_policy_service</a> clients).
<b><a name="access_controls">ACCESS CONTROLS</a></b>
- The <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a> document gives an introduction to all the SMTP
+ The <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a> document gives an introduction to all the SMTP
server access control features.
<b><a href="postconf.5.html#smtpd_delay_reject">smtpd_delay_reject</a> (yes)</b>
- Wait until the RCPT TO command before evaluating
+ Wait until the RCPT TO command before evaluating
$<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>, $<a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> and
$<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a>, or wait until the ETRN command
- before evaluating $<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> and
+ before evaluating $<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> and
$<a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a>.
<b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> (see 'postconf -d' output)</b>
- A list of Postfix features where the pattern "example.com" also
- matches subdomains of example.com, instead of requiring an
+ A list of Postfix features where the pattern "example.com" also
+ matches subdomains of example.com, instead of requiring an
explicit ".example.com" pattern.
<b><a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> (empty)</b>
- Optional restrictions that the Postfix SMTP server applies in
+ Optional restrictions that the Postfix SMTP server applies in
the context of a client connection request.
<b><a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> (no)</b>
- Require that a remote SMTP client introduces itself with the
- HELO or EHLO command before sending the MAIL command or other
+ Require that a remote SMTP client introduces itself with the
+ HELO or EHLO command before sending the MAIL command or other
commands that require EHLO negotiation.
<b><a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> (empty)</b>
- Optional restrictions that the Postfix SMTP server applies in
+ Optional restrictions that the Postfix SMTP server applies in
the context of a client HELO command.
<b><a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> (empty)</b>
- Optional restrictions that the Postfix SMTP server applies in
+ Optional restrictions that the Postfix SMTP server applies in
the context of a client MAIL FROM command.
<b><a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> (see 'postconf -d' output)</b>
- Optional restrictions that the Postfix SMTP server applies in
- the context of a client RCPT TO command, after
+ Optional restrictions that the Postfix SMTP server applies in
+ the context of a client RCPT TO command, after
<a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>.
<b><a href="postconf.5.html#smtpd_etrn_restrictions">smtpd_etrn_restrictions</a> (empty)</b>
- Optional restrictions that the Postfix SMTP server applies in
+ Optional restrictions that the Postfix SMTP server applies in
the context of a client ETRN command.
<b><a href="postconf.5.html#allow_untrusted_routing">allow_untrusted_routing</a> (no)</b>
- Forward mail with sender-specified routing
- (user[@%!]remote[@%!]site) from untrusted clients to destina-
+ Forward mail with sender-specified routing
+ (user[@%!]remote[@%!]site) from untrusted clients to destina-
tions matching $<a href="postconf.5.html#relay_domains">relay_domains</a>.
<b><a href="postconf.5.html#smtpd_restriction_classes">smtpd_restriction_classes</a> (empty)</b>
User-defined aliases for groups of access restrictions.
<b><a href="postconf.5.html#smtpd_null_access_lookup_key">smtpd_null_access_lookup_key</a> (</b><><b>)</b>
- The lookup key to be used in SMTP <a href="access.5.html"><b>access</b>(5)</a> tables instead of
+ The lookup key to be used in SMTP <a href="access.5.html"><b>access</b>(5)</a> tables instead of
the null sender address.
<b><a href="postconf.5.html#permit_mx_backup_networks">permit_mx_backup_networks</a> (empty)</b>
- Restrict the use of the <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> SMTP access feature to
+ Restrict the use of the <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> SMTP access feature to
only domains whose primary MX hosts match the listed networks.
Available in Postfix version 2.0 and later:
applies in the context of the SMTP DATA command.
<b><a href="postconf.5.html#smtpd_expansion_filter">smtpd_expansion_filter</a> (see 'postconf -d' output)</b>
- What characters are allowed in $name expansions of RBL reply
+ What characters are allowed in $name expansions of RBL reply
templates.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtpd_reject_unlisted_sender">smtpd_reject_unlisted_sender</a> (no)</b>
- Request that the Postfix SMTP server rejects mail from unknown
- sender
addresses, even when no explicit <a href="postconf.5.html#reject_unlisted_sender">reject_unlisted_sender</a>
+ Request that the Postfix SMTP server rejects mail from unknown
+ sender
addresses, even when no explicit <a href="postconf.5.html#reject_unlisted_sender">reject_unlisted_sender</a>
access restriction is specified.
<b><a href="postconf.5.html#smtpd_reject_unlisted_recipient">smtpd_reject_unlisted_recipient</a> (yes)</b>
- Request that the Postfix SMTP server rejects mail for unknown
- recipient addresses, even when no explicit
+ Request that the Postfix SMTP server rejects mail for unknown
+ recipient addresses, even when no explicit
<a href="postconf.5.html#reject_unlisted_recipient">reject_unlisted_recipient</a> access restriction is specified.
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> (<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>,</b>
<b><a href="postconf.5.html#defer_unauth_destination">defer_unauth_destination</a>)</b>
Access restrictions for mail relay control that the Postfix SMTP
- server applies in the context of the RCPT TO command, before
+ server applies in the context of the RCPT TO command, before
<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>.
<b><a name="sender_and_recipient_address_verification_controls">SENDER AND RECIPIENT ADDRESS VERIFICATION CONTROLS</a></b>
- Postfix version 2.1 introduces sender and recipient address verifica-
+ Postfix version 2.1 introduces sender and recipient address verifica-
tion. This feature is implemented by sending probe email messages that
are not actually delivered. This feature is requested via the
- <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a> and <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> access
- restrictions. The status of verification probes is maintained by the
- <a href="verify.8.html"><b>verify</b>(8)</a> server. See the file <a href="ADDRESS_VERIFICATION_README.html">ADDRESS_VERIFICATION_README</a> for infor-
- mation about how to configure and operate the Postfix sender/recipient
+ <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a> and <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> access
+ restrictions. The status of verification probes is maintained by the
+ <a href="verify.8.html"><b>verify</b>(8)</a> server. See the file <a href="ADDRESS_VERIFICATION_README.html">ADDRESS_VERIFICATION_README</a> for infor-
+ mation about how to configure and operate the Postfix sender/recipient
address verification service.
- <b><a href="postconf.5.html#address_verify_poll_count">address_verify_poll_count</a> (normal: 3, overload: 1)</b>
+ <b><a href="postconf.5.html#address_verify_poll_count">address_verify_poll_count</a> (normal: 3, <a href="STRESS_README.html">overload</a>: 1)</b>
How many times to query the <a href="verify.8.html"><b>verify</b>(8)</a> service for the completion
of an address verification request in progress.
fication request in progress.
<b><a href="postconf.5.html#address_verify_sender">address_verify_sender</a> ($<a href="postconf.5.html#double_bounce_sender">double_bounce_sender</a>)</b>
- The sender address to use in address verification probes; prior
+ The sender address to use in address verification probes; prior
to Postfix 2.5 the default was "postmaster".
<b><a href="postconf.5.html#unverified_sender_reject_code">unverified_sender_reject_code</a> (450)</b>
address is rejected by the <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a> restriction.
<b><a href="postconf.5.html#unverified_recipient_reject_code">unverified_recipient_reject_code</a> (450)</b>
- The numerical Postfix SMTP server response when a recipient
- address is rejected by the <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> restric-
+ The numerical Postfix SMTP server response when a recipient
+ address is rejected by the <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> restric-
tion.
Available in Postfix version 2.6 and later:
<b><a href="postconf.5.html#unverified_sender_defer_code">unverified_sender_defer_code</a> (450)</b>
- The numerical Postfix SMTP server response code when a sender
+ The numerical Postfix SMTP server response code when a sender
address probe fails due to a temporary error condition.
<b><a href="postconf.5.html#unverified_recipient_defer_code">unverified_recipient_defer_code</a> (450)</b>
- The numerical Postfix SMTP server response when a recipient
+ The numerical Postfix SMTP server response when a recipient
address probe fails due to a temporary error condition.
<b><a href="postconf.5.html#unverified_sender_reject_reason">unverified_sender_reject_reason</a> (empty)</b>
<a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a>.
<b><a href="postconf.5.html#unverified_sender_tempfail_action">unverified_sender_tempfail_action</a> ($<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b>
- The
Postfix SMTP server's action when <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a>
+ The
Postfix SMTP server's action when <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a>
fails due to a temporary error condition.
<b><a href="postconf.5.html#unverified_recipient_tempfail_action">unverified_recipient_tempfail_action</a> ($<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b>
- The
Postfix SMTP server's action when <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipi</a>-
+ The
Postfix SMTP server's action when <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipi</a>-
<a href="postconf.5.html#reject_unverified_recipient">ent</a> fails due to a temporary error condition.
Available with Postfix 2.9 and later:
<b><a href="postconf.5.html#address_verify_sender_ttl">address_verify_sender_ttl</a> (0s)</b>
- The time between changes in the time-dependent portion of
+ The time between changes in the time-dependent portion of
address verification probe sender addresses.
<b><a name="access_control_responses">ACCESS CONTROL RESPONSES</a></b>
map "reject" action.
<b><a href="postconf.5.html#defer_code">defer_code</a> (450)</b>
- The numerical Postfix SMTP server response code when a remote
+ The numerical Postfix SMTP server response code when a remote
SMTP client request is rejected by the "defer" restriction.
<b><a href="postconf.5.html#invalid_hostname_reject_code">invalid_hostname_reject_code</a> (501)</b>
- The numerical Postfix SMTP server response code when the client
- HELO or EHLO command parameter is rejected by the
+ The numerical Postfix SMTP server response code when the client
+ HELO or EHLO command parameter is rejected by the
<a href="postconf.5.html#reject_invalid_helo_hostname">reject_invalid_helo_hostname</a> restriction.
<b><a href="postconf.5.html#maps_rbl_reject_code">maps_rbl_reject_code</a> (554)</b>
- The numerical Postfix SMTP server response code when a remote
- SMTP
client request is blocked by the <a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a>,
+ The numerical Postfix SMTP server response code when a remote
+ SMTP
client request is blocked by the <a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a>,
<a href="postconf.5.html#reject_rhsbl_client">reject_rhsbl_client</a>, <a href="postconf.5.html#reject_rhsbl_reverse_client">reject_rhsbl_reverse_client</a>,
<a href="postconf.5.html#reject_rhsbl_sender">reject_rhsbl_sender</a> or <a href="postconf.5.html#reject_rhsbl_recipient">reject_rhsbl_recipient</a> restriction.
<b><a href="postconf.5.html#non_fqdn_reject_code">non_fqdn_reject_code</a> (504)</b>
- The numerical Postfix SMTP server reply code when a client
- request
is rejected by the <a href="postconf.5.html#reject_non_fqdn_helo_hostname">reject_non_fqdn_helo_hostname</a>,
+ The numerical Postfix SMTP server reply code when a client
+ request
is rejected by the <a href="postconf.5.html#reject_non_fqdn_helo_hostname">reject_non_fqdn_helo_hostname</a>,
<a href="postconf.5.html#reject_non_fqdn_sender">reject_non_fqdn_sender</a> or <a href="postconf.5.html#reject_non_fqdn_recipient">reject_non_fqdn_recipient</a> restriction.
<b><a href="postconf.5.html#plaintext_reject_code">plaintext_reject_code</a> (450)</b>
- The numerical Postfix SMTP server response code when a request
+ The numerical Postfix SMTP server response code when a request
is rejected by the <b><a href="postconf.5.html#reject_plaintext_session">reject_plaintext_session</a></b> restriction.
<b><a href="postconf.5.html#reject_code">reject_code</a> (554)</b>
- The numerical Postfix SMTP server response code when a remote
+ The numerical Postfix SMTP server response code when a remote
SMTP client request is rejected by the "reject" restriction.
<b><a href="postconf.5.html#relay_domains_reject_code">relay_domains_reject_code</a> (554)</b>
- The numerical Postfix SMTP server response code when a client
- request is rejected by the <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> recipient
+ The numerical Postfix SMTP server response code when a client
+ request is rejected by the <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> recipient
restriction.
<b><a href="postconf.5.html#unknown_address_reject_code">unknown_address_reject_code</a> (450)</b>
a sender or recipient address because its domain is unknown.
<b><a href="postconf.5.html#unknown_client_reject_code">unknown_client_reject_code</a> (450)</b>
- The numerical Postfix SMTP server response code when a client
- without valid address <=> name mapping is rejected by the
+ The numerical Postfix SMTP server response code when a client
+ without valid address <=> name mapping is rejected by the
<a href="postconf.5.html#reject_unknown_client_hostname">reject_unknown_client_hostname</a> restriction.
<b><a href="postconf.5.html#unknown_hostname_reject_code">unknown_hostname_reject_code</a> (450)</b>
- The numerical Postfix SMTP server response code when the host-
- name specified with the HELO or EHLO command is rejected by the
+ The numerical Postfix SMTP server response code when the host-
+ name specified with the HELO or EHLO command is rejected by the
<a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_hostname</a> restriction.
Available in Postfix version 2.0 and later:
<b><a href="postconf.5.html#default_rbl_reply">default_rbl_reply</a> (see 'postconf -d' output)</b>
- The default Postfix SMTP server response template for a request
+ The default Postfix SMTP server response template for a request
that is rejected by an RBL-based restriction.
<b><a href="postconf.5.html#multi_recipient_bounce_reject_code">multi_recipient_bounce_reject_code</a> (550)</b>
- The numerical Postfix SMTP server response code when a remote
- SMTP
client request is blocked by the <a href="postconf.5.html#reject_multi_recipient_bounce">reject_multi_recipi</a>-
+ The numerical Postfix SMTP server response code when a remote
+ SMTP
client request is blocked by the <a href="postconf.5.html#reject_multi_recipient_bounce">reject_multi_recipi</a>-
<a href="postconf.5.html#reject_multi_recipient_bounce">ent_bounce</a> restriction.
<b><a href="postconf.5.html#rbl_reply_maps">rbl_reply_maps</a> (empty)</b>
<b><a href="postconf.5.html#access_map_defer_code">access_map_defer_code</a> (450)</b>
The numerical Postfix SMTP server response code for an <a href="access.5.html"><b>access</b>(5)</a>
- map "defer" action, including "<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>" or
+ map "defer" action, including "<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>" or
"<a href="postconf.5.html#defer_if_reject">defer_if_reject</a>".
<b><a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a> (<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>)</b>
- The Postfix SMTP server's action when a reject-type restriction
+ The Postfix SMTP server's action when a reject-type restriction
fails due to a temporary error condition.
<b><a href="postconf.5.html#unknown_helo_hostname_tempfail_action">unknown_helo_hostname_tempfail_action</a> ($<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b>
- The
Postfix SMTP server's action when <a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_host</a>-
+ The
Postfix SMTP server's action when <a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_host</a>-
<a href="postconf.5.html#reject_unknown_helo_hostname">name</a> fails due to a temporary error condition.
<b><a href="postconf.5.html#unknown_address_tempfail_action">unknown_address_tempfail_action</a> ($<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b>
- The Postfix SMTP server's action when
- <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a>
or <a href="postconf.5.html#reject_unknown_recipient_domain">reject_unknown_recipient_domain</a>
+ The Postfix SMTP server's action when
+ <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a>
or <a href="postconf.5.html#reject_unknown_recipient_domain">reject_unknown_recipient_domain</a>
fail due to a temporary error condition.
<b><a name="miscellaneous_controls">MISCELLANEOUS CONTROLS</a></b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to handle a
+ How much time a Postfix daemon process may take to handle a
request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
The location of all postfix administrative commands.
<b><a href="postconf.5.html#double_bounce_sender">double_bounce_sender</a> (double-bounce)</b>
- The sender address of postmaster notifications that are gener-
+ The sender address of postmaster notifications that are gener-
ated by the mail system.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
- The time limit for sending or receiving information over an
+ The time limit for sending or receiving information over an
internal communication channel.
<b><a href="postconf.5.html#mail_name">mail_name</a> (Postfix)</b>
- The mail system name that is displayed in Received: headers, in
+ The mail system name that is displayed in Received: headers, in
the SMTP greeting banner, and in bounced mail.
<b><a href="postconf.5.html#mail_owner">mail_owner</a> (postfix)</b>
- The UNIX system account that owns the Postfix queue and most
+ The UNIX system account that owns the Postfix queue and most
Postfix daemon processes.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix daemon process
+ The maximum amount of time that an idle Postfix daemon process
waits for an incoming connection before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
The internet hostname of this mail system.
<b><a href="postconf.5.html#mynetworks">mynetworks</a> (see 'postconf -d' output)</b>
- The list of "trusted" remote SMTP clients that have more privi-
+ The list of "trusted" remote SMTP clients that have more privi-
leges than "strangers".
<b><a href="postconf.5.html#myorigin">myorigin</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
- The domain name that locally-posted mail appears to come from,
+ The domain name that locally-posted mail appears to come from,
and that locally posted mail is delivered to.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
The location of the Postfix top-level queue directory.
<b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> (empty)</b>
- The set of characters that can separate an email address local-
+ The set of characters that can separate an email address local-
part, user name, or a .forward file name from its extension.
<b><a href="postconf.5.html#smtpd_banner">smtpd_banner</a> ($<a href="postconf.5.html#myhostname">myhostname</a> ESMTP $<a href="postconf.5.html#mail_name">mail_name</a>)</b>
- The text that follows the 220 status code in the SMTP greeting
+ The text that follows the 220 status code in the SMTP greeting
banner.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- A prefix that is prepended to the process name in syslog
+ A prefix that is prepended to the process name in syslog
records, so that, for example, "smtpd" becomes "prefix/smtpd".
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtpd_forbidden_commands">smtpd_forbidden_commands</a> (CONNECT GET POST <a href="regexp_table.5.html">regexp</a>:{{/^[^A-Z]/ Bogus}})</b>
- List of commands that cause the Postfix SMTP server to immedi-
+ List of commands that cause the Postfix SMTP server to immedi-
ately terminate the session with a 221 code.
Available in Postfix version 2.5 and later:
Available in Postfix 3.4 and later:
<b><a href="postconf.5.html#smtpd_reject_footer_maps">smtpd_reject_footer_maps</a> (empty)</b>
- Lookup tables, indexed by the complete Postfix SMTP server 4xx
+ Lookup tables, indexed by the complete Postfix SMTP server 4xx
or 5xx response, with reject footer templates.
<b><a name="see_also">SEE ALSO</a></b>
111 8th Avenue
New York, NY 10011, USA
+ Wietse Venema
+ porcupine.org
+
SASL support originally by:
Till Franke
SuSE Rhein/Main AG
or .forward files. When an alias or .forward file changes the
Delivered\-To: address, it ties up one queue file and one cleanup
process instance while mail is being forwarded.
+.SH full_name_encoding_charset (default: utf\-8)
+The character set name (also called "charset") that Postfix
+will output when it automatically generates an RFC 2047 encoded
+full name. Encoding non\-ASCII full names can avoid the need to use
+SMTPUTF8, and therefore can avoid incompatibility with sites that
+do not support SMTPUTF8.
+.PP
+The encoded names look like "=?charset?q?gibberish?=" with
+quoted\-printable encoding, or "=?charset?b?gibberish?=" with base64
+encoding. Postfix uses quoted\-printable encoding for a full name
+that is short or mostly printable ASCII, and uses base64 otherwise.
+.PP
+Background: when a message without a From: header is submitted
+with the Postfix \fBsendmail\fR(1) command, the Postfix \fBcleanup\fR(8) daemon
+will add a From: header and will try to use the sender's full name
+specified with the Postfix \fBsendmail\fR(1) "\-F" option, with the Postfix
+\fBsendmail\fR(1) "NAME" environment variable, or with the GECOS field
+in the UNIX password database. In the latter case, Postfix will
+replace the "&" character with the login name, with a lowercase
+ASCII first character converted to uppercase.
+.PP
+NOTE: Postfix does not convert between character sets; it simply
+encodes the raw bytes in a full name as printable ASCII gibberish.
+The full_name_encoding_charset value specifies how a mail reader
+program should display the decoded gibberish.
+.PP
+Specify a valid character set name such as "utf\-8" or "iso\-8859\-1
+(specify the latter for full names that use the Latin1 encoding).
+The character set name is case insensitive. When a character set
+name violates RFC 2047 syntax, Postfix will log a warning and will
+skip the full name.
+.PP
+This feature is available in Postfix >= 3.10.
.SH hash_queue_depth (default: 1)
The number of subdirectory levels for queue directories listed with
the hash_queue_names parameter. Queue hashing is implemented by
Available in Postfix version 2.9 and later:
.IP "\fBenable_long_queue_ids (no)\fR"
Enable long, non\-repeating, queue IDs (queue file names).
+.SH "HEADER FORMATTING CONTROLS"
+.na
+.nf
+.ad
+.fi
.PP
Available in Postfix version 3.0 and later:
.IP "\fBmessage_drop_headers (bcc, content\-length, resent\-bcc, return\-path)\fR"
Names of message headers that the \fBcleanup\fR(8) daemon will remove
after applying \fBheader_checks\fR(5) and before invoking Milter applications.
+.PP
+Available in Postfix version 3.3 and later:
.IP "\fBheader_from_format (standard)\fR"
The format of the Postfix\-generated \fBFrom:\fR header.
+.PP
+Available in Postfix version 3.10 and later:
+.IP "\fBfull_name_encoding_charset (utf\-8)\fR"
+The character set name (also called "charset") that Postfix
+will output when it automatically generates an RFC 2047 encoded
+full name.
.SH "BUILT-IN CONTENT FILTERING CONTROLS"
.na
.nf
request before it is terminated by a built\-in watchdog timer.
.IP "\fBdelay_logging_resolution_limit (2)\fR"
The maximal number of digits after the decimal point when logging
-sub\-second delay values.
+delay values.
.IP "\fBdelay_warning_time (0h)\fR"
The time after which the sender receives a copy of the message
headers of mail that is still queued.
Google, Inc.
111 8th Avenue
New York, NY 10011, USA
+
+Wietse Venema
+porcupine.org
The Internet protocols Postfix will attempt to use when making
or accepting connections.
.IP "\fBlocal_recipient_maps (proxy:unix:passwd.byname $alias_maps)\fR"
-Lookup tables with all names or addresses of local recipients:
-a recipient address is local when its domain matches $mydestination,
-$inet_interfaces or $proxy_interfaces.
+Lookup tables with all names or addresses of valid local
+recipients.
.IP "\fBunknown_local_recipient_reject_code (550)\fR"
The numerical Postfix SMTP server response code when a recipient
address is local, and $local_recipient_maps specifies a list of
111 8th Avenue
New York, NY 10011, USA
+Wietse Venema
+porcupine.org
+
SASL support originally by:
Till Franke
SuSE Rhein/Main AG
s;\ballow_srv_lookup_fallback\b;<a href="postconf.5.html#allow_srv_lookup_fallback">$&</a>;g;
s;\bignore_srv_lookup_error\b;<a href="postconf.5.html#ignore_srv_lookup_error">$&</a>;g;
+ s;\bfull_name_encoding_charset\b;<a href="postconf.5.html#full_name_encoding_charset">$&</a>;g;
+
# Service-defined parameters...
s;\bpolicy_time_limit\b;<a href="postconf.5.html#transport_time_limit">$&</a>;g;
</p>
<p> This feature is available in Postfix ≥ 3.10. </p>
+
+%PARAM full_name_encoding_charset utf-8
+
+<p> The character set name (also called "charset") that Postfix
+will output when it automatically generates an RFC 2047 encoded
+full name. Encoding non-ASCII full names can avoid the need to use
+SMTPUTF8, and therefore can avoid incompatibility with sites that
+do not support SMTPUTF8. </p>
+
+<p> The encoded names look like "=?charset?q?gibberish?=" with
+quoted-printable encoding, or "=?charset?b?gibberish?=" with base64
+encoding. Postfix uses quoted-printable encoding for a full name
+that is short or mostly printable ASCII, and uses base64 otherwise.
+</p>
+
+<p> Background: when a message without a From: header is submitted
+with the Postfix sendmail(1) command, the Postfix cleanup(8) daemon
+will add a From: header and will try to use the sender's full name
+specified with the Postfix sendmail(1) "-F" option, with the Postfix
+sendmail(1) "NAME" environment variable, or with the GECOS field
+in the UNIX password database. In the latter case, Postfix will
+replace the "&" character with the login name, with a lowercase
+ASCII first character converted to uppercase. </p>
+
+<p> NOTE: Postfix does not convert between character sets; it simply
+encodes the raw bytes in a full name as printable ASCII gibberish.
+The full_name_encoding_charset value specifies how a mail reader
+program should display the decoded gibberish. </p>
+
+<p> Specify a valid character set name such as "utf-8" or "iso-8859-1
+(specify the latter for full names that use the Latin1 encoding).
+The character set name is case insensitive. When a character set
+name violates RFC 2047 syntax, Postfix will log a warning and will
+skip the full name. </p>
+
+<p> This feature is available in Postfix ≥ 3.10. </p>
ccformat
xxsql
MEMCACHE
+GECOS
+iso
ORCPT
RET
additional_info additional_info
ignored ignored
USE_TLSRPT USE_TLSRPT
+encoded encoded text can contain only alpha digit
a dependency for html html File html Makefile in
master dgram_server c master mail_server h postlogd postlogd c
reload etc File spawn spawn c
+ proto postconf proto cleanup cleanup c cleanup cleanup_init c
logging to the standard error stream File postlog postlog c
+ Files mantools postlink proto postconf proto cleanup cleanup c
+ many errors I O timeout lost connection File smtpd smtpd c
WS
isspace
ws
+Charset
+atext
+qp
+cntrl
cleanup_masquerade.o: cleanup.h
cleanup_masquerade.o: cleanup_masquerade.c
cleanup_message.o: ../../include/argv.h
+cleanup_message.o: ../../include/ascii_header_text.h
cleanup_message.o: ../../include/attr.h
cleanup_message.o: ../../include/been_here.h
cleanup_message.o: ../../include/check_arg.h
cleanup_message.o: ../../include/rec_type.h
cleanup_message.o: ../../include/record.h
cleanup_message.o: ../../include/resolve_clnt.h
+cleanup_message.o: ../../include/rfc2047_code.h
cleanup_message.o: ../../include/split_at.h
cleanup_message.o: ../../include/string_list.h
cleanup_message.o: ../../include/stringops.h
cleanup_message.o: ../../include/sys_defs.h
cleanup_message.o: ../../include/tok822.h
+cleanup_message.o: ../../include/clean_ascii_cntrl_space.h
cleanup_message.o: ../../include/vbuf.h
cleanup_message.o: ../../include/vstream.h
cleanup_message.o: ../../include/vstring.h
/* Available in Postfix version 2.9 and later:
/* .IP "\fBenable_long_queue_ids (no)\fR"
/* Enable long, non-repeating, queue IDs (queue file names).
+/* HEADER FORMATTING CONTROLS
+/* .ad
+/* .fi
/* .PP
/* Available in Postfix version 3.0 and later:
/* .IP "\fBmessage_drop_headers (bcc, content-length, resent-bcc, return-path)\fR"
/* Names of message headers that the \fBcleanup\fR(8) daemon will remove
/* after applying \fBheader_checks\fR(5) and before invoking Milter applications.
+/* .PP
+/* Available in Postfix version 3.3 and later:
/* .IP "\fBheader_from_format (standard)\fR"
/* The format of the Postfix-generated \fBFrom:\fR header.
+/* .PP
+/* Available in Postfix version 3.10 and later:
+/* .IP "\fBfull_name_encoding_charset (utf-8)\fR"
+/* The character set name (also called "charset") that Postfix
+/* will output when it automatically generates an RFC 2047 encoded
+/* full name.
/* BUILT-IN CONTENT FILTERING CONTROLS
/* .ad
/* .fi
/* request before it is terminated by a built-in watchdog timer.
/* .IP "\fBdelay_logging_resolution_limit (2)\fR"
/* The maximal number of digits after the decimal point when logging
-/* sub-second delay values.
+/* delay values.
/* .IP "\fBdelay_warning_time (0h)\fR"
/* The time after which the sender receives a copy of the message
/* headers of mail that is still queued.
/* Google, Inc.
/* 111 8th Avenue
/* New York, NY 10011, USA
+/*
+/* Wietse Venema
+/* porcupine.org
/*--*/
/* System library. */
VSTRING *attr_buf; /* storage for named attribute */
VSTRING *temp1; /* scratch buffer, local use only */
VSTRING *temp2; /* scratch buffer, local use only */
+ VSTRING *temp3; /* scratch buffer, local use only */
VSTRING *stripped_buf; /* character stripped input */
VSTREAM *src; /* current input stream */
VSTREAM *dst; /* current output stream */
int var_always_add_hdrs; /* always add missing headers */
int var_virt_addrlen_limit; /* stop exponential growth */
char *var_hfrom_format; /* header_from_format */
+char *var_full_name_encoding_charset; /* in =?charset?encoding?gibberish=? */
int var_force_mime_iconv; /* force mime downgrade on input */
int var_cleanup_mask_stray_cr_lf; /* replace stray CR or LF with space */
VAR_MILT_HEAD_CHECKS, DEF_MILT_HEAD_CHECKS, &var_milt_head_checks, 0, 0,
VAR_MILT_MACRO_DEFLTS, DEF_MILT_MACRO_DEFLTS, &var_milt_macro_deflts, 0, 0,
VAR_HFROM_FORMAT, DEF_HFROM_FORMAT, &var_hfrom_format, 1, 0,
+ VAR_FULL_NAME_ENCODING_CHARSET, DEF_FULL_NAME_ENCODING_CHARSET, &var_full_name_encoding_charset, 1, 0,
0,
};
/* Google, Inc.
/* 111 8th Avenue
/* New York, NY 10011, USA
+/*
+/* Wietse Venema
+/* porcupine.org
/*--*/
/* System library. */
#include <mymalloc.h>
#include <stringops.h>
#include <nvtable.h>
+#include <clean_ascii_cntrl_space.h>
/* Global library. */
+#include <ascii_header_text.h>
#include <record.h>
#include <rec_type.h>
#include <cleanup_user.h>
#include <conv_time.h>
#include <info_log_addr_form.h>
#include <hfrom_format.h>
+#include <rfc2047_code.h>
/* Application-specific. */
}
}
+/* get_fullname_hdr_text - helper wrapper */
+
+static char *get_fullname_hdr_text(VSTRING *result, const char *raw_name,
+ const char *separator)
+{
+ VSTRING *sanitized;
+ char *ret;
+
+ if (raw_name == 0 || *raw_name == 0)
+ return (0);
+
+ /*
+ * TODO(wietse) in the ASCII-only path, add support to insert newline
+ * instead of space, to enable header folding with cleanup_fold_header().
+ */
+ sanitized = vstring_alloc(100);
+ if (clean_ascii_cntrl_space(sanitized, raw_name, strlen(raw_name)) == 0) {
+ ret = 0;
+ } else if (allascii(vstring_str(sanitized))) {
+ ret = make_ascii_header_text(result,
+ cleanup_hfrom_format == HFROM_FORMAT_CODE_STD ?
+ HDR_TEXT_FLAG_PHRASE :
+ HDR_TEXT_FLAG_COMMENT,
+ vstring_str(sanitized));
+ } else {
+ ret = rfc2047_encode(result,
+ cleanup_hfrom_format == HFROM_FORMAT_CODE_STD ?
+ RFC2047_HEADER_CONTEXT_PHRASE :
+ RFC2047_HEADER_CONTEXT_COMMENT,
+ var_full_name_encoding_charset,
+ vstring_str(sanitized),
+ VSTRING_LEN(sanitized), separator);
+ }
+ vstring_free(sanitized);
+ return (ret);
+}
+
/* cleanup_header_done_callback - insert missing message headers */
static void cleanup_header_done_callback(void *context)
CLEANUP_STATE *state = (CLEANUP_STATE *) context;
char time_stamp[1024]; /* XXX locale dependent? */
struct tm *tp;
- TOK822 *token;
- TOK822 *dummy_token;
time_t tv;
/*
if ((state->hdr_rewrite_context || var_always_add_hdrs)
&& (state->headers_seen & (1 << (state->resent[0] ?
HDR_RESENT_FROM : HDR_FROM))) == 0) {
+ char *fullname;
+
quote_822_local(state->temp1, *state->sender ?
state->sender : MAIL_ADDR_MAIL_DAEMON);
- if (*state->sender && state->fullname && *state->fullname) {
- char *cp;
-
- /* Enforce some sanity on full name content. */
- while ((cp = strchr(state->fullname, '\r')) != 0
- || (cp = strchr(state->fullname, '\n')) != 0)
- *cp = ' ';
+ if (*state->sender != 0
+ && (fullname = get_fullname_hdr_text(state->temp3,
+ state->fullname, "\n")) != 0
+ && *fullname != 0) {
/*
- * "From: phrase <route-addr>". Quote the phrase if it contains
- * specials or the "%!" legacy address operators.
+ * "From: phrase <addr-spec>".
*/
if (cleanup_hfrom_format == HFROM_FORMAT_CODE_STD) {
- vstring_sprintf(state->temp2, "%sFrom: ", state->resent);
- if (state->fullname[strcspn(state->fullname,
- "%!" LEX_822_SPECIALS)] == 0) {
- /* Normalize whitespace. */
- token = tok822_scan_limit(state->fullname, &dummy_token,
- var_token_limit);
- } else {
- token = tok822_alloc(TOK822_QSTRING, state->fullname);
- }
- if (token) {
- tok822_externalize(state->temp2, token, TOK822_STR_NONE);
- tok822_free_tree(token);
- vstring_strcat(state->temp2, " ");
- }
- vstring_sprintf_append(state->temp2, "<%s>",
- vstring_str(state->temp1));
+ vstring_sprintf(state->temp2, "%sFrom: %s\n<%s>",
+ state->resent, fullname,
+ vstring_str(state->temp1));
}
/*
* "From: addr-spec (ctext)". This is the obsolete form.
*/
else {
- vstring_sprintf(state->temp2, "%sFrom: %s ",
- state->resent, vstring_str(state->temp1));
- vstring_sprintf(state->temp1, "(%s)", state->fullname);
- token = tok822_parse(vstring_str(state->temp1));
- tok822_externalize(state->temp2, token, TOK822_STR_NONE);
- tok822_free_tree(token);
+ vstring_sprintf(state->temp2, "%sFrom: %s\n(%s)",
+ state->resent, vstring_str(state->temp1),
+ fullname);
}
}
vstring_sprintf(state->temp2, "%sFrom: %s",
state->resent, vstring_str(state->temp1));
}
- cleanup_out_header(state, state->temp2);
+ cleanup_fold_header(state, state->temp2);
}
/*
/* Google, Inc.
/* 111 8th Avenue
/* New York, NY 10011, USA
+/*
+/* Wietse Venema
+/* porcupine.org
/*--*/
/* System library. */
state->attr_buf = vstring_alloc(10);
state->temp1 = vstring_alloc(10);
state->temp2 = vstring_alloc(10);
+ state->temp3 = vstring_alloc(10);
if (cleanup_strip_chars)
state->stripped_buf = vstring_alloc(10);
state->src = src;
vstring_free(state->attr_buf);
vstring_free(state->temp1);
vstring_free(state->temp2);
+ vstring_free(state->temp3);
if (cleanup_strip_chars)
vstring_free(state->stripped_buf);
if (state->fullname)
normalize_mailhost_addr.c map_search.c reject_deliver_request.c \
info_log_addr_form.c sasl_mech_filter.c login_sender_match.c \
test_main.c compat_level.c config_known_tcp_ports.c \
- hfrom_format.c
+ hfrom_format.c rfc2047_code.c ascii_header_text.c
OBJS = abounce.o anvil_clnt.o been_here.o bounce.o bounce_log.o \
canon_addr.o cfg_parser.o cleanup_strerror.o cleanup_strflags.o \
clnt_stream.o conv_time.o db_common.o debug_peer.o debug_process.o \
normalize_mailhost_addr.o map_search.o reject_deliver_request.o \
info_log_addr_form.o sasl_mech_filter.o login_sender_match.o \
test_main.o compat_level.o config_known_tcp_ports.o \
- hfrom_format.o
+ hfrom_format.o rfc2047_code.o ascii_header_text.o
# MAP_OBJ is for maps that may be dynamically loaded with dynamicmaps.cf.
# When hard-linking these maps, makedefs sets NON_PLUGIN_MAP_OBJ=$(MAP_OBJ),
# otherwise it sets the PLUGIN_* macros.
maillog_client.h normalize_mailhost_addr.h map_search.h \
info_log_addr_form.h sasl_mech_filter.h login_sender_match.h \
test_main.h compat_level.h config_known_tcp_ports.h \
- hfrom_format.h
+ hfrom_format.h rfc2047_code.h ascii_header_text.h
TESTSRC = rec2stream.c stream2rec.c recdump.c
DEFS = -I. -I$(INC_DIR) -D$(SYSTYPE)
CFLAGS = $(DEBUG) $(OPT) $(DEFS)
mail_version mail_dict server_acl uxtext mail_parm_split \
fold_addr smtp_reply_footer mail_addr_map normalize_mailhost_addr \
haproxy_srvr map_search delivered_hdr login_sender_match \
- compat_level config_known_tcp_ports hfrom_format
+ compat_level config_known_tcp_ports hfrom_format rfc2047_code \
+ ascii_header_text
LIBS = ../../lib/lib$(LIB_PREFIX)util$(LIB_SUFFIX)
LIB_DIR = ../../lib
hfrom_format: hfrom_format.c $(LIB) $(LIBS)
$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
+rfc2047_code: rfc2047_code.c $(LIB) $(LIBS)
+ $(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
+
+ascii_header_text: ascii_header_text.c $(LIB) $(LIBS)
+ $(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
+
config_known_tcp_ports: config_known_tcp_ports.c $(LIB) $(LIBS)
$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
mail_addr_find_test mail_addr_map_test quote_822_local_test \
normalize_mailhost_addr_test haproxy_srvr_test map_search_test \
delivered_hdr_test login_sender_match_test compat_level_test \
- config_known_tcp_ports_test hfrom_format_test
+ config_known_tcp_ports_test hfrom_format_test rfc2047_code_test \
+ ascii_header_text_test
mime_tests: mime_test mime_nest mime_8bit mime_dom mime_trunc mime_cvt \
mime_cvt2 mime_cvt3 mime_garb1 mime_garb2 mime_garb3 mime_garb4
diff hfrom_format.ref hfrom_format.tmp
rm -f hfrom_format.tmp
+rfc2047_code_test: update rfc2047_code
+ $(SHLIB_ENV) $(VALGRIND) ./rfc2047_code
+
+ascii_header_text_test: update ascii_header_text
+ $(SHLIB_ENV) $(VALGRIND) ./ascii_header_text
+
clean:
rm -f *.o $(LIB) *core $(TESTPROG) junk $(MAPS)
anvil_clnt.o: anvil_clnt.h
anvil_clnt.o: mail_params.h
anvil_clnt.o: mail_proto.h
+ascii_header_text.o: ../../include/check_arg.h
+ascii_header_text.o: ../../include/msg.h
+ascii_header_text.o: ../../include/stringops.h
+ascii_header_text.o: ../../include/sys_defs.h
+ascii_header_text.o: ../../include/vbuf.h
+ascii_header_text.o: ../../include/vstring.h
+ascii_header_text.o: ascii_header_text.c
+ascii_header_text.o: ascii_header_text.h
+ascii_header_text.o: lex_822.h
+ascii_header_text.o: mail_params.h
+ascii_header_text.o: resolve_clnt.h
+ascii_header_text.o: tok822.h
attr_override.o: ../../include/check_arg.h
attr_override.o: ../../include/msg.h
attr_override.o: ../../include/stringops.h
rewrite_clnt.o: quote_flags.h
rewrite_clnt.o: rewrite_clnt.c
rewrite_clnt.o: rewrite_clnt.h
+rfc2047_code.o: ../../include/base64_code.h
+rfc2047_code.o: ../../include/check_arg.h
+rfc2047_code.o: ../../include/msg.h
+rfc2047_code.o: ../../include/stringops.h
+rfc2047_code.o: ../../include/sys_defs.h
+rfc2047_code.o: ../../include/vbuf.h
+rfc2047_code.o: ../../include/vstring.h
+rfc2047_code.o: lex_822.h
+rfc2047_code.o: rfc2047_code.c
+rfc2047_code.o: rfc2047_code.h
safe_ultostr.o: ../../include/check_arg.h
safe_ultostr.o: ../../include/msg.h
safe_ultostr.o: ../../include/mymalloc.h
--- /dev/null
+/*++
+/* NAME
+/* ascii_header_text 3h
+/* SUMMARY
+/* message header content formatting
+/* SYNOPSIS
+/* #include <ascii_header_text.h>
+/*
+/* char *make_ascii_header_text(
+/* VSTRING *result,
+/* int flags,
+/* const char *str)
+/* DESCRIPTION
+/* make_ascii_header_text() takes an ASCII input string and formats
+/* the content for use in a header phrase or comment.
+/*
+/* The result value is a pointer to the result buffer string content,
+/* or null to indicate that no output was produced (the input was
+/* empty, or all ASCII whitespace).
+/*
+/* Arguments:
+/* .IP result
+/* The buffer that the output will overwrite. The result is
+/* null-terminated.
+/* .IP flags
+/* One of HDR_FLAG_PHRASE or HDR_FLAG_COMMENT is required. Other
+/* flags are optional.
+/* .RS
+/* .IP HDR_TEXT_FLAG_PHRASE
+/* Generate header content that will be used as a phrase, for
+/* example the full name content in "From: full-name <addr-spec>".
+/* .IP HDR_TEXT_FLAG_COMMENT
+/* Generate header content that will be used as a comment, for
+/* example the full name in "From: addr-spec (full-name)".
+/* .RE
+/* .IP str
+/* Pointer to null-terminated input storage.
+/* DIAGNOSTICS
+/* Panic: invalid flags argument.
+/* SEE ALSO
+/* rfc2047_code(3), encode header content
+/* LICENSE
+/* .ad
+/* .fi
+/* The Secure Mailer license must be distributed with this software.
+/* AUTHOR(S)
+/* Wietse Venema
+/* IBM T.J. Watson Research
+/* P.O. Box 704
+/* Yorktown Heights, NY 10598, USA
+/*
+/* Wietse Venema
+/* Google, Inc.
+/* 111 8th Avenue
+/* New York, NY 10011, USA
+/*
+/* Wietse Venema
+/* porcupine.org
+/*--*/
+
+ /*
+ * System library.
+ */
+#include <sys_defs.h>
+#include <ctype.h>
+#include <string.h>
+
+ /*
+ * Utility library.
+ */
+#include <ascii_header_text.h>
+#include <msg.h>
+#include <stringops.h>
+#include <vstring.h>
+
+ /*
+ * Global library.
+ */
+#include <lex_822.h>
+#include <mail_params.h>
+#include <tok822.h>
+
+ /*
+ * Self.
+ */
+#include <ascii_header_text.h>
+
+ /*
+ * SLMs.
+ */
+#define STR vstring_str
+#define LEN VSTRING_LEN
+
+/* make_ascii_header_text - make header text for phrase or comment */
+
+char *make_ascii_header_text(VSTRING *result, int flags, const char *str)
+{
+ const char myname[] = "make_ascii_header_text";
+ const char *cp;
+ int ch;
+ int target;
+
+ /*
+ * Quote or escape ASCII-only content. This factors out code from the
+ * Postfix 2.9 cleanup daemon, without introducing visible changes for
+ * text that contains only non-control characters and well-formed
+ * comments. See TODO()s for some basic improvements that would allow
+ * long inputs to be folded over multiple lines.
+ */
+ VSTRING_RESET(result);
+ switch (target = (flags & HDR_TEXT_MASK_TARGET)) {
+
+ /*
+ * Generate text for a phrase (for example, the full name in "From:
+ * full-name <addr-spec>").
+ *
+ * TODO(wietse) add a tok822_externalize() option to replace whitespace
+ * between phrase tokens with newline, so that a long full name can
+ * be folded. This is a user-visible change; do this early in a
+ * development cycle to find out if this breaks compatibility.
+ */
+ case HDR_TEXT_FLAG_PHRASE:{
+ TOK822 *dummy_token;
+ TOK822 *token;
+
+ if (str[strcspn(str, "%!" LEX_822_SPECIALS)] == 0) {
+ token = tok822_scan_limit(str, &dummy_token,
+ var_token_limit);
+ } else {
+ token = tok822_alloc(TOK822_QSTRING, str);
+ }
+ if (token) {
+ tok822_externalize(result, token, TOK822_STR_NONE);
+ tok822_free_tree(token);
+ VSTRING_TERMINATE(result);
+ return (STR(result));
+ } else {
+ /* No output was generated. */
+ return (0);
+ }
+ }
+ break;
+
+ /*
+ * Generate text for comment content, for example, the full name in
+ * "From: addr-spec (full-name)". We do not quote "(", ")", or "\" as
+ * that would be a user-visible change, but we do fix unbalanced
+ * parentheses or a backslash at the end.
+ *
+ * TODO(wietse): Replace whitespace with newline, so that a long full
+ * name can be folded). This is a user-visible change; do this early
+ * in a development cycle to find out if this breaks compatibility.
+ */
+ case HDR_TEXT_FLAG_COMMENT:{
+ int pc;
+
+ for (pc = 0, cp = str; (ch = *cp) != 0; cp++) {
+ if (ch == '\\') {
+ if (cp[1] == 0)
+ continue;
+ VSTRING_ADDCH(result, ch);
+ ch = *++cp;
+ } else if (ch == '(') {
+ pc++;
+ } else if (ch == ')') {
+ if (pc < 1)
+ continue;
+ pc--;
+ }
+ VSTRING_ADDCH(result, ch);
+ }
+ while (pc-- > 0)
+ VSTRING_ADDCH(result, ')');
+ VSTRING_TERMINATE(result);
+ return (LEN(result) && !allspace(STR(result)) ? STR(result) : 0);
+ }
+ break;
+ default:
+ msg_panic("%s: unknown target '0x%x'", myname, target);
+ }
+}
+
+#ifdef TEST
+
+#include <stdlib.h>
+#include <string.h>
+#include <msg.h>
+#include <msg_vstream.h>
+
+ /*
+ * Test structure. Some tests generate their own.
+ */
+typedef struct TEST_CASE {
+ const char *label;
+ int (*action) (const struct TEST_CASE *);
+ int flags;
+ const char *input;
+ const char *exp_output;
+} TEST_CASE;
+
+#define PASS (0)
+#define FAIL (1)
+
+#define NO_OUTPUT ((char *) 0)
+
+static int test_make_ascii_header_text(const TEST_CASE *tp)
+{
+ static VSTRING *result;
+ const char *got;
+
+ if (result == 0)
+ result = vstring_alloc(100);
+
+ got = make_ascii_header_text(result, tp->flags, tp->input);
+
+ if (!got != !tp->exp_output) {
+ msg_warn("got result ``%s'', want ``%s''",
+ got ? got : "null",
+ tp->exp_output ? tp->exp_output : "null");
+ return (FAIL);
+ }
+ if (got && strcmp(got, tp->exp_output) != 0) {
+ msg_warn("got result ``%s'', want ``%s''", got, tp->exp_output);
+ return (FAIL);
+ }
+ return (PASS);
+}
+
+static const TEST_CASE test_cases[] = {
+
+ /*
+ * Phrase tests.
+ */
+ {"phrase_without_special",
+ test_make_ascii_header_text,
+ HDR_TEXT_FLAG_PHRASE, "abc def", "abc def"
+ },
+ {"phrase_with_special",
+ test_make_ascii_header_text,
+ HDR_TEXT_FLAG_PHRASE, "foo@bar", "\"foo@bar\""
+ },
+ {"phrase_with_space_only",
+ test_make_ascii_header_text,
+ HDR_TEXT_FLAG_PHRASE, " ", NO_OUTPUT
+ },
+ {"phrase_empty",
+ test_make_ascii_header_text,
+ HDR_TEXT_FLAG_PHRASE, "", NO_OUTPUT
+ },
+
+ /*
+ * Comment tests.
+ */
+ {"comment_with_unopened_parens",
+ test_make_ascii_header_text,
+ HDR_TEXT_FLAG_COMMENT, ")foo )bar", "foo bar"
+ },
+ {"comment_with_unclosed_parens",
+ test_make_ascii_header_text,
+ HDR_TEXT_FLAG_COMMENT, "(foo (bar", "(foo (bar))"
+ },
+ {"comment_with_backslash_in_text",
+ test_make_ascii_header_text,
+ HDR_TEXT_FLAG_COMMENT, "foo\\bar", "foo\\bar"
+ },
+ {"comment_with_backslash_at_end",
+ test_make_ascii_header_text,
+ HDR_TEXT_FLAG_COMMENT, "foo\\", "foo"
+ },
+ {"comment_with_backslash_backslash_at_end",
+ test_make_ascii_header_text,
+ HDR_TEXT_FLAG_COMMENT, "foo\\\\", "foo\\\\"
+ },
+ {"comment_with_space_only",
+ test_make_ascii_header_text,
+ HDR_TEXT_FLAG_COMMENT, " ", NO_OUTPUT
+ },
+ {"comment_empty",
+ test_make_ascii_header_text,
+ HDR_TEXT_FLAG_COMMENT, "", NO_OUTPUT
+ },
+ {0},
+};
+
+int main(int argc, char **argv)
+{
+ const TEST_CASE *tp;
+ int pass = 0;
+ int fail = 0;
+
+ msg_vstream_init(sane_basename((VSTRING *) 0, argv[0]), VSTREAM_ERR);
+
+ for (tp = test_cases; tp->label != 0; tp++) {
+ int test_failed;
+
+ msg_info("RUN %s", tp->label);
+ test_failed = tp->action(tp);
+ if (test_failed) {
+ msg_info("FAIL %s", tp->label);
+ fail++;
+ } else {
+ msg_info("PASS %s", tp->label);
+ pass++;
+ }
+ }
+ msg_info("PASS=%d FAIL=%d", pass, fail);
+ exit(fail != 0);
+}
+
+#endif
--- /dev/null
+#ifndef _ASCII_HEADER_TEXT_H_INCLUDED_
+#define _ASCII_HEADER_TEXT_H_INCLUDED_
+
+/*++
+/* NAME
+/* ascii_header_text 3h
+/* SUMMARY
+/* message header content formatting
+/* SYNOPSIS
+/* #include <ascii_header_text.h>
+/* DESCRIPTION
+/* .nf
+
+ /*
+ * System library.
+ */
+#include <sys_defs.h>
+
+ /*
+ * Utility library
+ */
+#include <vstring.h>
+
+ /*
+ * External API.
+ */
+#define HDR_TEXT_FLAG_COMMENT (1<<0) /* Generate comment content */
+#define HDR_TEXT_FLAG_PHRASE (1<<1) /* Generate phrase content */
+#define HDR_TEXT_FLAG_FOLD (1<<2) /* Generate header folding hints */
+
+#define HDR_TEXT_MASK_TARGET \
+ (HDR_TEXT_FLAG_COMMENT | HDR_TEXT_FLAG_PHRASE)
+
+extern char *make_ascii_header_text(VSTRING *result, int flags, const char *in);
+
+/* LICENSE
+/* .ad
+/* .fi
+/* The Secure Mailer license must be distributed with this software.
+/* AUTHOR(S)
+/* Wietse Venema
+/* IBM T.J. Watson Research
+/* P.O. Box 704
+/* Yorktown Heights, NY 10598, USA
+/*
+/* Wietse Venema
+/* Google, Inc.
+/* 111 8th Avenue
+/* New York, NY 10011, USA
+/*
+/* Wietse Venema
+/* porcupine.org
+/*--*/
+
+#endif
+
#if !defined(SQLITE_VERSION_NUMBER) || (SQLITE_VERSION_NUMBER < 3005004)
#define sqlite3_prepare_v2 sqlite3_prepare
#endif
+#if !defined(SQLITE_VERSION_NUMBER) || (SQLITE_VERSION_NUMBER < 3005000)
+#define sqlite3_open_v2(fname,ppDB,flags,zVfs) sqlite_open(fname,ppDB)
+#endif
/* Utility library. */
dict_sqlite->parser = parser;
sqlite_parse_config(dict_sqlite, name);
- if (sqlite3_open(dict_sqlite->dbpath, &dict_sqlite->db))
- msg_fatal("%s:%s: Can't open database: %s\n",
- DICT_TYPE_SQLITE, name, sqlite3_errmsg(dict_sqlite->db));
+ if (sqlite3_open_v2(dict_sqlite->dbpath, &dict_sqlite->db,
+ SQLITE_OPEN_READONLY, NULL) != SQLITE_OK) {
+ DICT *dict = dict_surrogate(DICT_TYPE_SQLITE, name, open_flags,
+ dict_flags, "%s:%s: open database %s: %s: %m",
+ DICT_TYPE_SQLITE, name, dict_sqlite->dbpath,
+ sqlite3_errmsg(dict_sqlite->db));
+ dict_sqlite_close(&dict_sqlite->dict);
+ return dict;
+ }
dict_sqlite->dict.owner = cfg_get_owner(dict_sqlite->parser);
return (DICT_DEBUG (&dict_sqlite->dict));
#define DEF_LMTP_TLSRPT_SKIP_REUSED_HS DEF_SMTP_TLSRPT_SKIP_REUSED_HS
extern int var_smtp_tlsrpt_skip_reused_hs;
+ /*
+ * RFC 2047 encoding of full name info.
+ */
+#define VAR_FULL_NAME_ENCODING_CHARSET "full_name_encoding_charset"
+#define DEF_FULL_NAME_ENCODING_CHARSET "utf-8"
+extern char *var_full_name_encoding_charset;
+
/* LICENSE
/* .ad
/* .fi
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20250103"
+#define MAIL_RELEASE_DATE "20250105"
#define MAIL_VERSION_NUMBER "3.10"
#ifdef SNAPSHOT
--- /dev/null
+/*++
+/* NAME
+/* rfc2047_code 3
+/* SUMMARY
+/* non-ASCII header content encoding
+/* SYNOPSIS
+/* #include <rfc2047_code.h>
+/*
+/* int rfc2047_encode(
+/* VSTRING *result,
+/* int header_context,
+/* const char *charset,
+/* const char *in,
+/* ssize_t len,
+/* const char *out_separator)
+/* DESCRIPTION
+/* rfc2047_encode() encodes the input for the specified header
+/* context, producing one or more encoded-word instances. The
+/* result is the string value of the result buffer, or null in case
+/* of error.
+/*
+/* rfc2047_encode() uses quoted-printable if the input is shorter
+/* than 20 bytes, or if fewer than 1/2 of the input bytes need to
+/* be encoded; otherwise it uses base64.
+/*
+/* rfc2047_encode() limits the length of an encoded-word as required
+/* by RFC 2047, and produces as many encoded-word instances as
+/* needed, separated with a caller-specified separator.
+/*
+/* Arguments:
+/* .IP result
+/* The buffer that the output will overwrite. The result is
+/* null-terminated.
+/* .IP header_context
+/* Specify one of:
+/* .RS
+/* .IP RFC2047_HEADER_CONTEXT_COMMENT
+/* The result will be used as 'comment' text, i.e. the result will
+/* later be enclosed with "(" and ")".
+/* .IP RFC2047_HEADER_CONTEXT_PHRASE
+/* The result will be used as 'phrase' text, for example, the full
+/* name for an email address. The input must not be a quoted string.
+/* rfc2047_encode() logs a warning and returns null if the input
+/* begins with a double quote.
+/* .RE
+/* .IP charset
+/* Null-terminated character array with a valid character set name.
+/* rfc2047_encode() logs a warning and returns null if a charset
+/* value does not meet RFC 2047 syntax requirements.
+/* .IP in
+/* Pointer to input storage.
+/* .IP len
+/* The number of input bytes. rfc2047_encode() logs a warning and
+/* returns null if this length is < 1.
+/* .IP out_separator
+/* Folding white-space text that will be inserted between
+/* multiple encoded-word instances in rfc2047_encode()
+/* output. rfc2047_encode() logs a warning and returns null if this
+/* argument does not specify whitespace text.
+/* DIAGNOSTICS
+/* rfc2047_encode() returns null in case of error. See above for
+/* specific error cases.
+/* BUGS
+/* The thresholds for switching from quoted-printable to base64
+/* encoding are arbitrary. What is optimal for one observer may be
+/* suspicious for a different one.
+/* SEE ALSO
+/* RFC 2047, Message Header Extensions for Non-ASCII Text
+/* LICENSE
+/* .ad
+/* .fi
+/* The Secure Mailer license must be distributed with this software.
+/* AUTHOR(S)
+/* Wietse Venema
+/* porcupine.org
+/*--*/
+
+ /*
+ * System library.
+ */
+#include <sys_defs.h>
+#include <string.h>
+#include <ctype.h>
+
+ /*
+ * Utility library.
+ */
+#include <stringops.h>
+#include <base64_code.h>
+#include <msg.h>
+
+ /*
+ * Global library.
+ */
+#include <lex_822.h>
+#include <rfc2047_code.h>
+
+ /*
+ * The general form of an encoded-word is =?charset?encoding?encoded-text?=
+ * where charset and encoding are case insensitive, and encoding is B or Q.
+ */
+
+ /*
+ * What ASCII characters are allowed in the 'charset' or 'encoding' tokens
+ * of an encoded-word.
+ */
+#define RFC2047_ESPECIALS_STR "()<>@,;:\\\"/[]?.="
+#define RFC2047_ALLOWED_TOKEN_CHAR(c) \
+ (isascii(c) && !iscntrl(c) && ch != ' ' \
+ && !strchr(RFC2047_ESPECIALS_STR, ch))
+
+ /*
+ * Common definitions for the base64 and quoted-printable encoders.
+ */
+#define ENC_WORD_MAX_LEN 75 /* =?charset?encoding?encoded?= */
+#define ENC_WORD_PROLOG_FMT "=?%s?%c?" /* =?charset?encoding? */
+#define ENC_WORD_EPILOG_STR "?="
+#define ENC_WORD_EPILOG_LEN (sizeof(ENC_WORD_EPILOG_STR) - 1)
+#define ENC_WORD_ENCODING_B64 'B'
+#define ENC_WORD_ENCODING_QP 'Q'
+
+ /*
+ * Per RFC 2047 section 1, an encoded-word contains only printable ASCII
+ * characters. Therefore, the quoted-printable encoder must always encode
+ * ASCII SPACE, ASCII control characters, and non-ASCII byte values.
+ *
+ * Per RFC 2047 section 4.2.(2), the quoted-printable encoder must always
+ * encode the "=", "?" and "_" characters.
+ *
+ * Per RFC 2047 section 5.(1) these rules are sufficient for header fields that
+ * contain unstructured text such as Subject, X- custom headers, etc.
+ */
+#define QP_ENCODE_ASCII_NON_CNTRL " =?_"
+
+ /*
+ * Per RFC 2047 section 5.(2) the quoted-printable encoder for comment text
+ * also needs to encode "(", ")", and "\".
+ */
+#define QP_ENCODE_ASCII_NON_CNTRL_COMMENT_FIELD \
+ (QP_ENCODE_ASCII_NON_CNTRL "()\\")
+
+ /*
+ * Per RFC 2047 section 5.(3) as amended by erratum(4): when used as a
+ * replacement for a 'word' entity within a 'phrase', a "Q"-encoded
+ * encoded-text can contain only alpha digit "!", "*", "+", "-", "/", "="
+ * (only if followed by two hexadecimal digits), and "_". I.e not " # $ % &
+ * ' ( ) , . : ; < > ? [ \ ] ^ ` { | } ~.
+ *
+ * In other words they require encoding not only RFC 5322 specials and
+ * characters reserved for encoded-word formatting, but they also disallow
+ * characters that RFC 5322 allows in atext: # $ % & ' ^ ` { | } ~.
+ */
+#define QP_ENCODE_ASCII_NON_CNTRL_PHRASE_WORD \
+ (QP_ENCODE_ASCII_NON_CNTRL LEX_822_SPECIALS "#$%&'?^`{|}~")
+
+ /*
+ * Considering the above discussion, why don't we just always base64 encode
+ * the input? Because results from a web search suggest that some spam
+ * filters penalize base64 encoding in headers.
+ */
+
+/* rfc204_b64_encode_append - encode header_entity with base64 */
+
+static char *rfc204_b64_encode(VSTRING *result,
+ const char *charset,
+ const char *in, ssize_t len,
+ const char *out_separator)
+{
+ const char *cp;
+ const char *in_end;
+
+ /*
+ * Convert the input into one or more encoded-word's of at most 75 bytes,
+ * separated with a caller-specified output separator.
+ */
+ VSTRING_RESET(result);
+ for (cp = in, in_end = in + len; cp < in_end; /* see below */ ) {
+ ssize_t enc_word_start, enc_word_prolog_len, space_avail, todo;
+
+ /* Start an encoded-word. */
+ enc_word_start = VSTRING_LEN(result);
+ vstring_sprintf_append(result, ENC_WORD_PROLOG_FMT, charset,
+ ENC_WORD_ENCODING_B64);
+ enc_word_prolog_len = VSTRING_LEN(result) - enc_word_start;
+ space_avail = ENC_WORD_MAX_LEN - ENC_WORD_EPILOG_LEN
+ - enc_word_prolog_len;
+
+ /* Fill in the encoded-text portion. */
+ todo = 3 * (space_avail >> 2);
+ if (todo > in_end - cp)
+ todo = in_end - cp;
+ (void) base64_encode_opt(result, cp, todo, BASE64_FLAG_APPEND);
+
+ /* Finish the encoded-word. */
+ (void) vstring_strcat(result, ENC_WORD_EPILOG_STR);
+
+ /* Are we done yet? */
+ if ((cp += todo) < in_end)
+ vstring_strcat(result, out_separator);
+ }
+ return (vstring_str(result));
+}
+
+/* rfc2047_qp_encode - encode header_entity with quoted-printable */
+
+static char *rfc2047_qp_encode(VSTRING *result,
+ const char *charset,
+ const char *specials,
+ const char *in, ssize_t len,
+ const char *out_separator)
+{
+ const char *cp;
+ const char *in_end;
+
+ VSTRING_RESET(result);
+ for (cp = in, in_end = in + len; cp < in_end; /* see below */ ) {
+ ssize_t enc_word_start, enc_word_prolog_len, space_avail;
+ int ch;
+
+ /* Start an encoded-word. */
+ enc_word_start = VSTRING_LEN(result);
+ vstring_sprintf_append(result, ENC_WORD_PROLOG_FMT, charset,
+ ENC_WORD_ENCODING_QP);
+ enc_word_prolog_len = VSTRING_LEN(result) - enc_word_start;
+ space_avail = ENC_WORD_MAX_LEN - ENC_WORD_EPILOG_LEN
+ - enc_word_prolog_len;
+
+ /* Fill in the encoded-text portion. */
+ for ( /* void */ ; cp < in_end && space_avail > 0; cp++) {
+ ch = *(unsigned char *) cp;
+ if (ch == 0x20) {
+ VSTRING_ADDCH(result, '_');
+ space_avail -= 1;
+ } else if (!isascii(ch) || iscntrl(ch) || strchr(specials, ch)) {
+ if (space_avail < 3)
+ /* Try again in the next encoded-word. */
+ break;
+ vstring_sprintf_append(result, "=%02X", ch);
+ space_avail -= 3;
+ } else {
+ VSTRING_ADDCH(result, ch);
+ space_avail -= 1;
+ }
+ }
+
+ /* Finish the encoded-word and null-terminate the result. */
+ (void) vstring_strcat(result, ENC_WORD_EPILOG_STR);
+
+ /* Are we done yet? */
+ if (cp < in_end)
+ vstring_strcat(result, out_separator);
+ }
+ return (vstring_str(result));
+}
+
+/* rfc2047_encode - encode header text field */
+
+char *rfc2047_encode(VSTRING *result, int header_context,
+ const char *charset,
+ const char *in, ssize_t len,
+ const char *out_separator)
+{
+ const char myname[] = "rfc2047_encode";
+ const unsigned char *cp;
+ int ch;
+ const char *qp_encoding_specials;
+
+ /*
+ * Sanity check the null-terminated charset name. This content is
+ * configurable in Postfix, but there is no need to terminate the
+ * process.
+ */
+ if (*charset == 0) {
+ msg_warn("%s: encoder called with empty charset name", myname);
+ return (0);
+ }
+ for (cp = (const unsigned char *) charset; (ch = *cp) != 0; cp++) {
+ if (!RFC2047_ALLOWED_TOKEN_CHAR(ch)) {
+ msg_warn("%s: invalid character: 0x%x in charset name: '%s'",
+ myname, ch, charset);
+ return (0);
+ }
+ }
+
+ /*
+ * Sanity check the input size. This may be partly user controlled, so
+ * don't panic.
+ */
+ if (len < 1) {
+ msg_warn("%s: encoder called with empty input", myname);
+ return (0);
+ }
+ if (!allspace(out_separator)) {
+ msg_warn("%s: encoder called with non-whitespace separator: '%s'",
+ myname, out_separator);
+ return (0);
+ }
+
+ /*
+ * The RFC 2047 rules for quoted-printable encoding differ for comment
+ * text and phrase text.
+ */
+ switch (header_context) {
+ case RFC2047_HEADER_CONTEXT_COMMENT:
+ qp_encoding_specials = QP_ENCODE_ASCII_NON_CNTRL_COMMENT_FIELD;
+ break;
+ case RFC2047_HEADER_CONTEXT_PHRASE:
+ qp_encoding_specials = QP_ENCODE_ASCII_NON_CNTRL_PHRASE_WORD;
+ if (*in == '"') {
+ msg_warn("%s: encoder called with quoted word as input: '%s'",
+ myname, in);
+ return (0);
+ }
+ break;
+ default:
+ msg_panic("%s: unexpected header_context: 0x%x",
+ myname, header_context);
+ }
+
+ /*
+ * Choose between quoted-printable or base64 encoding.
+ *
+ * Header strings are short, so making multiple passes over the input is
+ * not a disaster. How many bytes would the encoder produce using
+ * quoted-printable? We don't optimize for the shortest encoding but for
+ * compromised readability. If the input is not short, and more than 1/2
+ * of the input bytes need to be encoded, then the content is mostly not
+ * printable ASCII, and quoted-printable output is mostly not readable.
+ * But, naive spam filters may treat base64 in headers with suspicion.
+ */
+ if (len >= 20) {
+ int need_to_qp = 0;
+ int threshold = len / 2;
+ const unsigned char *end = (const unsigned char *) in + len;
+
+ for (cp = (const unsigned char *) in; cp < end; cp++) {
+ ch = *cp;
+ need_to_qp += (!isascii(ch) || isspace(ch) || iscntrl(ch)
+ || strchr(qp_encoding_specials, ch));
+ if (need_to_qp >= threshold)
+ return (rfc204_b64_encode(result, charset, in, len,
+ out_separator));
+ }
+ }
+ return (rfc2047_qp_encode(result, charset, qp_encoding_specials,
+ in, len, out_separator));
+}
+
+#ifdef TEST
+#include <sys/select.h> /* fd_set */
+#include <stdlib.h>
+#include <msg.h>
+#include <msg_vstream.h>
+#include <stringops.h>
+
+ /*
+ * TODO(wietse) make this a proper VSTREAM interface. Instead of temporarily
+ * swapping streams, we could temporarily swap the stream's write function.
+ */
+
+/* vstream_swap - capture output for testing */
+
+static void vstream_swap(VSTREAM *one, VSTREAM *two)
+{
+ VSTREAM save;
+
+ save = *one;
+ *one = *two;
+ *two = save;
+}
+
+/* override the printable() call in msg output, it breaks our tests */
+
+char *printable_except(char *string, int replacement, const char *except)
+{
+ return (string);
+}
+
+ /*
+ * Test structure. Some tests generate their own.
+ */
+typedef struct TEST_CASE {
+ const char *label;
+ int (*action) (const struct TEST_CASE *);
+ int context;
+ const char *charset;
+ const char *input;
+ ssize_t in_len;
+ const char *out_separator;
+ const char *exp_output;
+ const char *exp_warning;
+} TEST_CASE;
+
+#define PASS (0)
+#define FAIL (1)
+
+#define NO_OUTPUT ((char *) 0)
+
+static int test_rfc2047_encode(const TEST_CASE *tp)
+{
+ static VSTRING *msg_buf;
+ static VSTRING *result;
+ VSTREAM *memory_stream;
+ const char *got;
+
+ if (msg_buf == 0) {
+ msg_buf = vstring_alloc(100);
+ result = vstring_alloc(100);
+ }
+ /* Run the test with custom STDERR stream. */
+ VSTRING_RESET(msg_buf);
+ VSTRING_TERMINATE(msg_buf);
+ if ((memory_stream = vstream_memopen(msg_buf, O_WRONLY)) == 0)
+ msg_fatal("open memory stream: %m");
+ vstream_swap(VSTREAM_ERR, memory_stream);
+ got = rfc2047_encode(result, tp->context, tp->charset, tp->input,
+ tp->in_len != 0 ? tp->in_len : strlen(tp->input),
+ tp->out_separator);
+ vstream_swap(memory_stream, VSTREAM_ERR);
+ if (vstream_fclose(memory_stream))
+ msg_fatal("close memory stream: %m");
+
+ /* Verify the results. */
+ if (tp->exp_warning == 0 && VSTRING_LEN(msg_buf) > 0) {
+ msg_warn("got warning ``%s'', want ``null''", vstring_str(msg_buf));
+ return (FAIL);
+ }
+ if (tp->exp_warning != 0
+ && strcmp(vstring_str(msg_buf), tp->exp_warning) != 0) {
+ msg_warn("got warning ``%s'', want ``%s''",
+ vstring_str(msg_buf), tp->exp_warning);
+ return (FAIL);
+ }
+ if (!got == !tp->exp_warning) {
+ msg_warn("got result ``%s'', and warning ``%s''",
+ got ? got : "null",
+ tp->exp_warning ? tp->exp_warning : "null");
+ return (FAIL);
+ }
+ if (!got != !tp->exp_output) {
+ msg_warn("got result ``%s'', want ``%s''",
+ got ? got : "null",
+ tp->exp_output ? tp->exp_output : "null");
+ return (FAIL);
+ }
+ if (got && strcmp(got, tp->exp_output) != 0) {
+ msg_warn("got result ``%s'', want ``%s''", got, tp->exp_output);
+ return (FAIL);
+ }
+ return (PASS);
+}
+
+ /*
+ * Input/output templates for charset tests.
+ */
+#define CHARSET_INPUT_TEMPLATE "testme"
+#define CHARSET_OUTPUT_SEPARATOR " "
+#define CHARSET_CHARSET_TEMPLATE "utf-8%c"
+#define CHARSET_ALLOW_TEMPLATE "=?utf-8%c?Q?testme?="
+#define CHARSET_REJECT_TEMPLATE \
+ "rfc2047_code: warning: rfc2047_encode: invalid character: " \
+ "0x%x in charset name: 'utf-8%c'\n"
+
+static int validates_charset(const TEST_CASE *tp)
+{
+ VSTRING *charset;
+ VSTRING *exp_output;
+ VSTRING *exp_warning;
+ TEST_CASE test;
+ int ch;
+ int ret;
+ fd_set asciimap;
+
+#define SET_RANGE(map, min, max) do { \
+ int _n; \
+ for (_n = (min); _n <= (max); _n++) \
+ FD_SET(_n, (map)); \
+ } while (0);
+#define SET_SINGLE(map, n) do { \
+ FD_SET(n, (map)); \
+ } while (0);
+
+ /*
+ * Initialize a bitmap with characters that are allowed in a charset
+ * name.
+ */
+ FD_ZERO(&asciimap);
+ SET_SINGLE(&asciimap, '!');
+ SET_RANGE(&asciimap, '#', '\'');
+ SET_RANGE(&asciimap, '*', '+');
+ SET_SINGLE(&asciimap, '-');
+ SET_RANGE(&asciimap, '0', '9');
+ SET_RANGE(&asciimap, 'A', 'Z');
+ SET_RANGE(&asciimap, '^', '~');
+
+ charset = vstring_alloc(10);
+ exp_output = vstring_alloc(100);
+ exp_warning = vstring_alloc(100);
+
+ test.label = tp->label;
+ test.action = 0;
+ test.context = RFC2047_HEADER_CONTEXT_COMMENT;
+ test.input = CHARSET_INPUT_TEMPLATE;
+ test.in_len = 0;
+ test.out_separator = CHARSET_OUTPUT_SEPARATOR;
+
+ /* TODO: 0x0 in charset. */
+ for (ret = 0, ch = 0x1; ret == 0 && ch <= 0xff; ch++) {
+ vstring_sprintf(charset, CHARSET_CHARSET_TEMPLATE, ch);
+ test.charset = vstring_str(charset);
+ if (FD_ISSET(ch, &asciimap)) {
+ vstring_sprintf(exp_output, CHARSET_ALLOW_TEMPLATE, ch);
+ test.exp_output = vstring_str(exp_output);
+ test.exp_warning = 0;
+ } else {
+ test.exp_output = 0;
+ vstring_sprintf(exp_warning, CHARSET_REJECT_TEMPLATE, ch, ch);
+ test.exp_warning = vstring_str(exp_warning);
+ }
+ ret = test_rfc2047_encode(&test);
+ }
+
+ vstring_free(charset);
+ vstring_free(exp_output);
+ vstring_free(exp_warning);
+ return (ret == 0 ? PASS : FAIL);
+}
+
+ /*
+ * Specify an explicit input length, so that we can input a null byte.
+ */
+#define ENCODE_INPUT_TEMPLATE "testme %c"
+#define ENCODE_INPUT_LEN (sizeof(ENCODE_INPUT_TEMPLATE) - 2)
+#define ENCODE_OUTPUT_SEPARATOR "\n"
+#define ENCODE_CHARSET "utf-8"
+#define ENCODE_AS_SELF_TEMPLATE "=?utf-8?Q?testme_%c?="
+#define ENCODE_AS_QP_TEMPLATE "=?utf-8?Q?testme_=%02X?="
+#define ENCODE_AS_CTRL_TEMPLATE "=?utf-8?Q?testme_?="
+
+ /*
+ * TODO(wietse) split into 'encodes non-control text' and 'rejects control
+ * text'1
+ */
+
+static int encodes_text(const char *label,
+ int context,
+ const char *specials)
+{
+ VSTRING *input;
+ VSTRING *exp_output;
+ TEST_CASE test;
+ int ch;
+ int ret;
+ fd_set asciimap;
+ const char *cp;
+
+ /*
+ * Initialize a bitmap with characters that need no encoding.
+ */
+ FD_ZERO(&asciimap);
+ SET_RANGE(&asciimap, 0x20, 0x7e); /* ASCII non-controls */
+ for (cp = specials; (ch = *(unsigned char *) cp) != 0; cp++)
+ FD_CLR(ch, &asciimap);
+
+ input = vstring_alloc(100);
+ exp_output = vstring_alloc(100);
+
+ /*
+ * TODO(wietse) We don't use VSTRING_LEN(input) to determine how much
+ * output was written. When the output contains a null byte,
+ * VSTRING_LEN(input) will be smaller than ENCODE_INPUT_LEN because
+ * vbuf_print() still supports systems without snprintf() and relies on
+ * the equivalent of strlen() to find out how much was written.
+ */
+ test.label = label;
+ test.action = 0;
+ test.context = context;
+ test.charset = "utf-8";
+ test.in_len = ENCODE_INPUT_LEN;
+ test.out_separator = ENCODE_OUTPUT_SEPARATOR;
+ test.exp_warning = 0;
+
+ for (ret = 0, ch = 0x0; ret == 0 && ch <= 0xff; ch++) {
+ vstring_sprintf(input, ENCODE_INPUT_TEMPLATE, ch);
+ test.input = vstring_str(input);
+ if (FD_ISSET(ch, &asciimap)) {
+ vstring_sprintf(exp_output, ENCODE_AS_SELF_TEMPLATE, ch);
+ } else if (ch == ' ') {
+ vstring_sprintf(exp_output, ENCODE_AS_SELF_TEMPLATE, '_');
+ } else {
+ vstring_sprintf(exp_output, ENCODE_AS_QP_TEMPLATE, ch);
+ }
+ test.exp_output = vstring_str(exp_output);
+ ret = test_rfc2047_encode(&test);
+ }
+
+ vstring_free(input);
+ vstring_free(exp_output);
+ return (ret == 0 ? PASS : FAIL);
+}
+
+static int encodes_comment_text(const TEST_CASE *tp)
+{
+ const char specials[] = {
+ /* RFC 2047 encoded-word formatting. */
+ ' ', '_', '=', '?',
+
+ /* Not allowed in RFC 5322 ctext. */
+ '(', ')', '\\',
+
+ 0,
+ };
+
+ return (encodes_text(tp->label, RFC2047_HEADER_CONTEXT_COMMENT, specials));
+}
+
+static int encodes_phrase_text(const TEST_CASE *tp)
+{
+ const char specials[] = {
+ /* RFC 2047 encoded-word formatting. */
+ ' ', '_', '=', '?',
+
+ /* RFC 5322 specials. */
+ '"', '(', ')', ',', '.', ':', ';', '<', '>', '@', '[', '\\', ']',
+
+ /* Not allowed in RFC 2047 section 5(3). */
+ '#', '$', '%', '&', '\'', '^', '`', '{', '|', '}', '~',
+
+ 0,
+ };
+
+ return (encodes_text(tp->label, RFC2047_HEADER_CONTEXT_PHRASE, specials));
+}
+
+static const TEST_CASE test_cases[] = {
+
+ /*
+ * Smoke test. If this fails then all bets are off.
+ */
+ {"comment_needs_no_encoding",
+ test_rfc2047_encode,
+ RFC2047_HEADER_CONTEXT_COMMENT, "utf-8",
+ "testme", 0, " ", "=?utf-8?Q?testme?="
+ },
+
+ /*
+ * Charset validation.
+ */
+ {"validates_charset_not_empty", test_rfc2047_encode,
+ RFC2047_HEADER_CONTEXT_COMMENT, /* charset= */ "",
+ "testme", 0, " ", NO_OUTPUT, "rfc2047_code: warning: rfc2047_encode: "
+ "encoder called with empty charset name\n"
+ },
+ {"validates_charset", validates_charset},
+ {"encodes_comment_text", encodes_comment_text},
+ {"encodes_long_comment_text", test_rfc2047_encode,
+ RFC2047_HEADER_CONTEXT_COMMENT, "utf-8",
+ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
+ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
+ 0, "\n",
+ "=?utf-8?Q?AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
+ "AAAAAAAAAAAAA?=\n=?utf-8?Q?AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
+ "AAAAAAAAAAAAAAAAAAAAAAAA?="
+ },
+
+ /*
+ * Encoding validation.
+ */
+ {"validates_input_not_empty", test_rfc2047_encode,
+ RFC2047_HEADER_CONTEXT_COMMENT, "utf-8",
+ /* input= */ "", 0, " ", NO_OUTPUT, "rfc2047_code: warning: "
+ "rfc2047_encode: encoder called with empty input\n"
+ },
+ {"validates_whitespace_separator", test_rfc2047_encode,
+ RFC2047_HEADER_CONTEXT_COMMENT, "utf-8",
+ "whatever", 0, "foo", NO_OUTPUT, "rfc2047_code: warning: "
+ "rfc2047_encode: encoder called with non-whitespace separator: "
+ "'foo'\n"
+ },
+ {"validates_non_quoted_word", test_rfc2047_encode,
+ RFC2047_HEADER_CONTEXT_PHRASE, "utf-8",
+ "\"whatever", 0, " ", NO_OUTPUT, "rfc2047_code: warning: "
+ "rfc2047_encode: encoder called with quoted word as input: "
+ "'\"whatever'\n"
+ },
+ {"encodes_phrase_text", encodes_phrase_text},
+ {"encodes_long_phrase_text", test_rfc2047_encode,
+ RFC2047_HEADER_CONTEXT_PHRASE, "utf-8",
+ "000102030405060708091011121314151617181920212223242526272829"
+ "303132333435363738394041424344454647484950515253545556575859"
+ "606162636465666768697071727374757677787980818283848586878889",
+ 0, "\n",
+ "=?utf-8?Q?00010203040506070809101112131415161718192021222324"
+ "2526272829303?=\n=?utf-8?Q?132333435363738394041424344454647"
+ "484950515253545556575859606162?=\n=?utf-8?Q?6364656667686970"
+ "71727374757677787980818283848586878889?="
+ },
+ {"encodes_mostly_ascii_as_qp", test_rfc2047_encode,
+ RFC2047_HEADER_CONTEXT_PHRASE, "utf-8",
+ "some non-ascii Δημοσ embedded in ascii", 0, "\n",
+ "=?utf-8?Q?some_non-ascii_=CE=94=CE=B7=CE=BC=CE=BF=CF=83_embe"
+ "dded_in_ascii?="
+ },
+ {"encodes_whole_qp_triplets_1x", test_rfc2047_encode,
+ RFC2047_HEADER_CONTEXT_PHRASE, "utf-8",
+ "x some small amount of non-ascii Δημοσ embedded in ascii", 0, "\n",
+ "=?utf-8?Q?x_some_small_amount_of_non-ascii_=CE=94=CE=B7=CE=BC=CE=B"
+ "F=CF=83?=\n=?utf-8?Q?_embedded_in_ascii?="
+ },
+ {"encodes_whole_qp_triplets_2x", test_rfc2047_encode,
+ RFC2047_HEADER_CONTEXT_PHRASE, "utf-8",
+ "xx some small amount of non-ascii Δημοσ embedded in ascii", 0, "\n",
+ "=?utf-8?Q?xx_some_small_amount_of_non-ascii_=CE=94=CE=B7=CE=BC=CE=B"
+ "F=CF?=\n=?utf-8?Q?=83_embedded_in_ascii?="
+ },
+ {"encodes_mostly_non_ascii_as_b64", test_rfc2047_encode,
+ RFC2047_HEADER_CONTEXT_PHRASE, "utf-8",
+ "mostly non-ascii Δημοσθένους", 0, "\n",
+ "=?utf-8?B?bW9zdGx5IG5vbi1hc2NpaSDOlM63zrzOv8+DzrjhvbPOvc6/z4XPgg==?="
+ },
+ {"encodes_whole_b64_quads_4x", test_rfc2047_encode,
+ RFC2047_HEADER_CONTEXT_PHRASE, "utf-8",
+ "xxxx mostly non-ascii Δημοσθένους", 0, "\n",
+ "=?utf-8?B?eHh4eCBtb3N0bHkgbm9uLWFzY2lpIM6UzrfOvM6/z4POuOG9s869zr/Phc"
+ "+C?="
+ },
+ {"encodes_whole_b64_quads_5x", test_rfc2047_encode,
+ RFC2047_HEADER_CONTEXT_PHRASE, "utf-8",
+ "xxxxx mostly non-ascii Δημοσθένους", 0, "\n",
+ "=?utf-8?B?eHh4eHggbW9zdGx5IG5vbi1hc2NpaSDOlM63zrzOv8+DzrjhvbPOvc6/z4"
+ "XP?=\n=?utf-8?B?gg==?="
+ },
+ {0},
+};
+
+int main(int argc, char **argv)
+{
+ const TEST_CASE *tp;
+ int pass = 0;
+ int fail = 0;
+
+ msg_vstream_init(sane_basename((VSTRING *) 0, argv[0]), VSTREAM_ERR);
+
+ for (tp = test_cases; tp->label != 0; tp++) {
+ int test_failed;
+
+ msg_info("RUN %s", tp->label);
+ test_failed = tp->action(tp);
+ if (test_failed) {
+ msg_info("FAIL %s", tp->label);
+ fail++;
+ } else {
+ msg_info("PASS %s", tp->label);
+ pass++;
+ }
+ }
+ msg_info("PASS=%d FAIL=%d", pass, fail);
+ exit(fail != 0);
+}
+
+#endif
--- /dev/null
+#ifndef _RFC2047_ENCODE_H_INCLUDED_
+#define _RFC2047_ENCODE_H_INCLUDED_
+
+/*++
+/* NAME
+/* rfc2047_code 3h
+/* SUMMARY
+/* non-ASCII header content encoding
+/* SYNOPSIS
+/* #include <rfc2047_code.h>
+/* DESCRIPTION
+/* .nf
+
+ /*
+ * Utility library.
+ */
+#include <vstring.h>
+
+ /*
+ * External API.
+ */
+#define RFC2047_HEADER_CONTEXT_COMMENT (1)
+#define RFC2047_HEADER_CONTEXT_PHRASE (2)
+
+extern char *rfc2047_encode(VSTRING *result, int header_context,
+ const char *charset,
+ const char *in, ssize_t len,
+ const char *out_separator);
+
+/* LICENSE
+/* .ad
+/* .fi
+/* The Secure Mailer license must be distributed with this software.
+/* AUTHOR(S)
+/* Wietse Venema
+/* porcupine.org
+/*--*/
+
+#endif
*/
#ifdef USE_TLSRPT
if (smtp_mode && var_smtp_tlsrpt_enable
+ && state->tls->level > TLS_LEV_NONE
&& !valid_hostaddr(domain, DONT_GRIPE))
smtp_tlsrpt_create_wrapper(state, domain);
else
* problem, then we must report correct information.
*/
#ifdef USE_TLSRPT
- if (state->tlsrpt && state->tls->level > TLS_LEV_NONE) {
+ if (state->tlsrpt) {
smtp_tlsrpt_set_tls_policy(state);
smtp_tlsrpt_set_tcp_connection(state);
}
/* The Internet protocols Postfix will attempt to use when making
/* or accepting connections.
/* .IP "\fBlocal_recipient_maps (proxy:unix:passwd.byname $alias_maps)\fR"
-/* Lookup tables with all names or addresses of local recipients:
-/* a recipient address is local when its domain matches $mydestination,
-/* $inet_interfaces or $proxy_interfaces.
+/* Lookup tables with all names or addresses of valid local
+/* recipients.
/* .IP "\fBunknown_local_recipient_reject_code (550)\fR"
/* The numerical Postfix SMTP server response code when a recipient
/* address is local, and $local_recipient_maps specifies a list of
/* 111 8th Avenue
/* New York, NY 10011, USA
/*
+/* Wietse Venema
+/* porcupine.org
+/*
/* SASL support originally by:
/* Till Franke
/* SuSE Rhein/Main AG
* troubles.
*/
if (state->reason && state->where) {
+ const char *queue_id_or_noqueue = (state->queue_id ?
+ state->queue_id : "NOQUEUE");
+
if (strcmp(state->where, SMTPD_AFTER_DATA) == 0) {
- msg_info("%s after %s (%lu bytes) from %s", /* 2.5 compat */
+ msg_info("%s: %s after %s (%lu bytes) from %s", /* 2.5 compat */
+ queue_id_or_noqueue,
state->reason, SMTPD_CMD_DATA, /* 2.5 compat */
(long) (state->act_size + vstream_peek(state->client)),
state->namaddr);
} else if (strcmp(state->where, SMTPD_AFTER_BDAT) == 0) {
- msg_info("%s after %s (%lu bytes) from %s",
+ msg_info("%s: %s after %s (%lu bytes) from %s",
+ queue_id_or_noqueue,
state->reason, SMTPD_CMD_BDAT,
(long) (state->act_size + VSTRING_LEN(state->buffer)
+ VSTRING_LEN(state->bdat_get_buffer)),
state->namaddr);
} else if (strcmp(state->where, SMTPD_AFTER_EOM)
|| strcmp(state->reason, REASON_LOST_CONNECTION)) {
- msg_info("%s after %s from %s",
+ msg_info("%s: %s after %s from %s",
+ queue_id_or_noqueue,
state->reason, state->where, state->namaddr);
}
}
tls_proxy_server_scan.o: tls.h
tls_proxy_server_scan.o: tls_proxy.h
tls_proxy_server_scan.o: tls_proxy_server_scan.c
-tls_rsa.o: tls_rsa.c
tls_scache.o: ../../include/argv.h
tls_scache.o: ../../include/check_arg.h
tls_scache.o: ../../include/dict.h
sane_strtol.c hash_fnv.c ldseed.c mkmap_cdb.c mkmap_db.c mkmap_dbm.c \
mkmap_fail.c mkmap_lmdb.c mkmap_open.c mkmap_sdbm.c inet_prefix_top.c \
inet_addr_sizes.c quote_for_json.c mystrerror.c \
- sane_sockaddr_to_hostaddr.c normalize_ws.c valid_uri_scheme.c
+ sane_sockaddr_to_hostaddr.c normalize_ws.c valid_uri_scheme.c \
+ clean_ascii_cntrl_space.c
OBJS = alldig.o allprint.o argv.o argv_split.o attr_clnt.o attr_print0.o \
attr_print64.o attr_print_plain.o attr_scan0.o attr_scan64.o \
attr_scan_plain.o auto_clnt.o base64_code.o basename.o binhash.o \
sane_strtol.o hash_fnv.o ldseed.o mkmap_db.o mkmap_dbm.o \
mkmap_fail.o mkmap_open.o inet_prefix_top.o inet_addr_sizes.o \
quote_for_json.o mystrerror.o sane_sockaddr_to_hostaddr.o \
- normalize_ws.o valid_uri_scheme.o
+ normalize_ws.o valid_uri_scheme.o clean_ascii_cntrl_space.o
# MAP_OBJ is for maps that may be dynamically loaded with dynamicmaps.cf.
# When hard-linking these, makedefs sets NON_PLUGIN_MAP_OBJ=$(MAP_OBJ),
# otherwise it sets the PLUGIN_* macros.
valid_utf8_hostname.h midna_domain.h dict_union.h dict_inline.h \
check_arg.h argv_attr.h msg_logger.h logwriter.h byte_mask.h \
known_tcp_ports.h sane_strtol.h hash_fnv.h ldseed.h mkmap.h \
- inet_prefix_top.h inet_addr_sizes.h valid_uri_scheme.h
+ inet_prefix_top.h inet_addr_sizes.h valid_uri_scheme.h \
+ clean_ascii_cntrl_space.h
TESTSRC = fifo_open.c fifo_rdwr_bug.c fifo_rdonly_bug.c select_bug.c \
stream_test.c dup2_pass_on_exec.c
DEFS = -I. -D$(SYSTYPE)
vbuf_print split_qnameval vstream msg_logger byte_mask \
known_tcp_ports dict_stream find_inet binhash hash_fnv argv \
clean_env inet_prefix_top printable readlline quote_for_json \
- normalize_ws valid_uri_scheme
+ normalize_ws valid_uri_scheme clean_ascii_cntrl_space
PLUGIN_MAP_SO = $(LIB_PREFIX)pcre$(LIB_SUFFIX) $(LIB_PREFIX)lmdb$(LIB_SUFFIX) \
$(LIB_PREFIX)cdb$(LIB_SUFFIX) $(LIB_PREFIX)sdbm$(LIB_SUFFIX)
HTABLE_FIX = NORANDOMIZE=1
$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(SYSLIBS)
mv junk $@.o
+clean_ascii_cntrl_space: $(LIB)
+ mv $@.o junk
+ $(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(SYSLIBS)
+ mv junk $@.o
+
tests: all valid_hostname_test mac_expand_test dict_test unescape_test \
hex_quote_test ctable_test inet_addr_list_test base64_code_test \
attr_scan64_test attr_scan0_test host_port_test dict_tests \
vstream_test byte_mask_tests mystrtok_test known_tcp_ports_test \
binhash_test argv_test inet_prefix_top_test printable_test \
valid_utf8_string_test readlline_test quote_for_json_test \
- normalize_ws_test valid_uri_scheme_test
+ normalize_ws_test valid_uri_scheme_test clean_ascii_cntrl_space_test
dict_tests: all dict_test \
dict_pcre_tests dict_cidr_test dict_thash_test dict_static_test \
valid_uri_scheme_test: valid_uri_scheme
$(SHLIB_ENV) ${VALGRIND} ./valid_uri_scheme
+clean_ascii_cntrl_space_test: clean_ascii_cntrl_space
+ $(SHLIB_ENV) ${VALGRIND} ./clean_ascii_cntrl_space
+
depend: $(MAKES)
(sed '1,/^# do not edit/!d' Makefile.in; \
set -e; for i in [a-z][a-z0-9]*.c; do \
trimblanks.o: trimblanks.c
trimblanks.o: vbuf.h
trimblanks.o: vstring.h
+clean_ascii_cntrl_space.o: check_arg.h
+clean_ascii_cntrl_space.o: stringops.h
+clean_ascii_cntrl_space.o: sys_defs.h
+clean_ascii_cntrl_space.o: clean_ascii_cntrl_space.c
+clean_ascii_cntrl_space.o: clean_ascii_cntrl_space.h
+clean_ascii_cntrl_space.o: vbuf.h
+clean_ascii_cntrl_space.o: vstream.h
+clean_ascii_cntrl_space.o: vstring.h
unescape.o: check_arg.h
unescape.o: stringops.h
unescape.o: sys_defs.h
--- /dev/null
+/*++
+/* NAME
+/* clean_ascii_cntrl_space 3h
+/* SUMMARY
+/* censor control characters and normalize whitespace
+/* SYNOPSIS
+/* #include <clean_ascii_cntrl_space.h>
+/*
+/* char *clean_ascii_cntrl_space(
+/* VSTRING *result,
+/* const char *str,
+/* ssize_t len)
+/* DESCRIPTION
+/* clean_ascii_cntrl_space() sanitizes input by replacing ASCII
+/* control characters with ASCII SPACE, by replacing a sequence
+/* of multiple ASCII SPACE characters with one ASCII SPACE, and by
+/* eliminating leading and trailing ASCII SPACE.
+/*
+/* The result value is a pointer to the result buffer's string
+/* content, or null when no output was generated (for example
+/* all input characters were ASCII SPACE, or were replaced with
+/* ASCII SPACE).
+/*
+/* Arguments:
+/* .IP result
+/* The buffer that the output will overwrite. The result is
+/* null-terminated.
+/* .IP str
+/* Pointer to input storage.
+/* .IP len
+/* The number of input bytes.
+/* LICENSE
+/* .ad
+/* .fi
+/* The Secure Mailer license must be distributed with this software.
+/* AUTHOR(S)
+/* Wietse Venema
+/* porcupine.org
+/*--*/
+
+ /*
+ * System library.
+ */
+#include <sys_defs.h>
+#include <ctype.h>
+
+ /*
+ * Utility library.
+ */
+#include <stringops.h>
+#include <vstring.h>
+#include <clean_ascii_cntrl_space.h>
+
+ /*
+ * SLMs.
+ */
+#define STR vstring_str
+#define LEN VSTRING_LEN
+#define END vstring_end
+
+/* clean_ascii_cntrl_space - replace control characters, normalize whitespace */
+
+char *clean_ascii_cntrl_space(VSTRING *result, const char *str, ssize_t len)
+{
+ const char *cp;
+ const char *str_end;
+ int ch, prev_ch;
+
+ VSTRING_RESET(result);
+ for (cp = str, prev_ch = ' ', str_end = str + len; cp < str_end; cp++) {
+ ch = *(unsigned char *) cp;
+ if (ISCNTRL(ch))
+ ch = ' ';
+ if (ch == ' ' && (prev_ch == ' ' || cp[1] == 0))
+ continue;
+ VSTRING_ADDCH(result, ch);
+ prev_ch = ch;
+ }
+ if (LEN(result) > 0 && END(result)[-1] == ' ')
+ vstring_truncate(result, LEN(result) - 1);
+ VSTRING_TERMINATE(result);
+ return ((LEN(result) == 0 || allspace(STR(result))) ? 0 : STR(result));
+}
+
+#ifdef TEST
+#include <stdlib.h>
+#include <string.h>
+
+#include <msg.h>
+#include <msg_vstream.h>
+#include <clean_ascii_cntrl_space.h>
+
+ /*
+ * Test structure. Some tests generate their own.
+ */
+typedef struct TEST_CASE {
+ const char *label;
+ int (*action) (const struct TEST_CASE *);
+ const char *input;
+ ssize_t inlen;
+ const char *exp_output;
+} TEST_CASE;
+
+#define NO_OUTPUT ((char *) 0)
+
+#define PASS (0)
+#define FAIL (1)
+
+static VSTRING *input;
+static VSTRING *exp_output;
+
+static int test_clean_ascii_cntrl_space(const TEST_CASE *tp)
+{
+ static VSTRING *result;
+ const char *got;
+
+ if (result == 0)
+ result = vstring_alloc(100);
+
+ got = clean_ascii_cntrl_space(result, tp->input, tp->inlen);
+
+ if (!got != !tp->exp_output) {
+ msg_warn("got result ``%s'', want ``%s''",
+ got ? got : "null",
+ tp->exp_output ? tp->exp_output : "null");
+ return (FAIL);
+ }
+ if (got && strcmp(got, tp->exp_output) != 0) {
+ msg_warn("got result ``%s'', want ``%s''", got, tp->exp_output);
+ return (FAIL);
+ }
+ return (PASS);
+}
+
+static int passes_all_non_controls(const TEST_CASE *tp)
+{
+ TEST_CASE test;
+ int ch;
+
+ VSTRING_RESET(input);
+ for (ch = 0x21; ch < 0x7f; ch++)
+ VSTRING_ADDCH(input, ch);
+ VSTRING_TERMINATE(input);
+ test.label = tp->label;
+ test.action = test_clean_ascii_cntrl_space;
+ test.input = STR(input);
+ test.inlen = strlen(STR(input));
+ test.exp_output = test.input;
+ return (test_clean_ascii_cntrl_space(&test));
+}
+
+static int replaces_all_controls(const TEST_CASE *tp)
+{
+ TEST_CASE test;
+ int ch;
+
+ test.label = tp->label;
+ test.action = test_clean_ascii_cntrl_space;
+
+ for (ch = 1; ch <= 0x7f; ch++) {
+ if (ch == 0x20)
+ ch = 0x7f;
+ vstring_sprintf(input, "0x%02x>%c<", ch, ch);
+ test.input = STR(input);
+ test.inlen = LEN(input);
+ vstring_sprintf(exp_output, "0x%02x> <", ch);
+ test.exp_output = STR(exp_output);
+ if (test_clean_ascii_cntrl_space(&test) != PASS)
+ return (FAIL);
+ }
+ return (PASS);
+}
+
+static const TEST_CASE test_cases[] = {
+ {"passes_all_non_controls",
+ passes_all_non_controls,
+ },
+ {"replaces_all_controls",
+ replaces_all_controls,
+ },
+ {"collapses_multiple_controls",
+ test_clean_ascii_cntrl_space,
+ "x\x01\x02yx", 4, "x y"
+ },
+ {"collapses_control_space",
+ test_clean_ascii_cntrl_space,
+ "x\x01 y", 4, "x y"
+ },
+ {"collapses_space_control",
+ test_clean_ascii_cntrl_space,
+ "x \x01y", 4, "x y"
+ },
+ {"collapses_multiple_space",
+ test_clean_ascii_cntrl_space,
+ "x y", 4, "x y"
+ },
+ {"strips_leading_control_space",
+ test_clean_ascii_cntrl_space,
+ "\x01 xy", 4, "xy",
+ },
+ {"strips_leading_space_control",
+ test_clean_ascii_cntrl_space,
+ " \x01xy", 4, "xy",
+ },
+ {"strips_trailing_space_control",
+ test_clean_ascii_cntrl_space,
+ "x \x01", 5, "x",
+ },
+ {"strips_trailing_control_space",
+ test_clean_ascii_cntrl_space,
+ "x\x01\x01 ", 5, "x",
+ },
+ {0},
+};
+
+int main(int argc, char **argv)
+{
+ const TEST_CASE *tp;
+ int pass = 0;
+ int fail = 0;
+
+ msg_vstream_init(sane_basename((VSTRING *) 0, argv[0]), VSTREAM_ERR);
+
+ input = vstring_alloc(300);
+ exp_output = vstring_alloc(300);
+
+ for (tp = test_cases; tp->label != 0; tp++) {
+ int test_failed;
+
+ msg_info("RUN %s", tp->label);
+ test_failed = tp->action(tp);
+ if (test_failed) {
+ msg_info("FAIL %s", tp->label);
+ fail++;
+ } else {
+ msg_info("PASS %s", tp->label);
+ pass++;
+ }
+ }
+ msg_info("PASS=%d FAIL=%d", pass, fail);
+ exit(fail != 0);
+}
+
+#endif
--- /dev/null
+#ifndef _UNCNTRL_H_INCLUDED_
+#define _UNCNTRL_H_INCLUDED_
+
+/*++
+/* NAME
+/* clean_ascii_cntrl_space 3h
+/* SUMMARY
+/* sane control character removal
+/* SYNOPSIS
+/* #include <clean_ascii_cntrl_space.h>
+/* DESCRIPTION
+/* .nf
+
+ /*
+ * Utility library.
+ */
+#include <vstream.h>
+
+ /*
+ * External interface.
+ */
+extern char *clean_ascii_cntrl_space(VSTRING *result, const char *input, ssize_t len);
+
+/* LICENSE
+/* .ad
+/* .fi
+/* The Secure Mailer license must be distributed with this software.
+/* AUTHOR(S)
+/* Wietse Venema
+/* porcupine.org
+/*--*/
+
+#endif
projects / thirdparty / postfix.git / commitdiff
