Bugfix: the test for "no debugger_command" was wrong.
Leandro Santi. File: global/debugger_command.c.
-20040117
+20041117
Robustness: the master-child protocol now includes a process
generation number besides the child process ID. The process
mailbox dotlock files on all systems, and creates dotlock
files before opening mailbox files. Files: util/sys_defs.h.
+20070301
+
+ Workaround: updated workaround for broken Solaris accept().
+ File: util/inet_listen.c.
+
+ Workaround: on some FreeBSD versions, accept(2) can fail
+ with a bogus EINVAL error. We now allow accept(2) to fail
+ for a limited number of times before terminating the process.
+ Files: master/single_server.c, master/multi_server.c.
+
+20070306
+
+ Bugfix (introduced with Postfix 2.3 Milter support): postdrop
+ reported "illegal seek" instead of "file too large". File:
+ postdrop/postdrop.c.
+
+20070310
+
+ Cleanup: specify "undisclosed_recipients_header =" to disable
+ Postfix's "To: undisclosed-recipients:;" header for mail
+ that lists no recipient. The To: header is not required as
+ of RFC 2822. The undisclosed_recipients_header parameter
+ value can now be an empty string, a value that was not
+ allowed with earlier Postfix versions. With Postfix 2.5 it
+ will be empty by default. Files: cleanup/cleanup.c,
+ cleanup/cleanup_message.c.
+
+20070312
+
+ Backwards compatibility: don't pad short message header
+ records when Milter support is turned off. This maintains
+ compatibility with Postfix versions that pre-date Milter
+ support. File: cleanup/cleanup_out.c.
+
+20070314
+
+ Bitrot: move the "don't run this daemon by hand" message
+ before other tests. Files: master/*server.c.
+
+20070315
+
+ Bitrot: New OpenLDAP APIs deprecate simplified interfaces,
+ that are the only ones available in Sun's LDAP SDK. Define
+ suitable macros that work with new OpenLDAP and Sun's code.
+ Victor Duchovni, Morgan Stanley. File: src/global/dict_ldap.c
+
+ Cleanup: new "leaf" and "terminal" result attributes support
+ fine-tuning of LDAP group expansion, and provide a solution
+ for the problem case where DN recursion returns both the
+ group address and the addresses of the member objects.
+ Victor Duchovni, Morgan Stanley. Files: src/global/dict_ldap.c,
+ proto/LDAP_README.html, proto/ldap_table
+
+20070317
+
+ Idioten Sicherheit: stamp every executable file and every
+ core dump file with "mail_version=xxxxx". Adding version
+ stamps and checks to every IPC message is too much change
+ after code freeze, and requires too much time for testing.
+ File: src/global/mail_version.h and every main program file.
+
+20070320
+
+ Bugfix (introduced between 20070120 and 20070121): the
+ cleanup server stored no "delayed mail warning" queue file
+ records with "sendmail -t", and no header_checks filter/redirect
+ records or content encoding records with other mail. File:
+ global/rec_type.h.
+
Wish list:
+ Bind all deliveries to the same local delivery process,
+ making Postfix perform as poorly as monolithic mailers,
+ but giving a possibility to eliminate duplicate deliveries.
+
+ Maybe declare loop when resolve_local(mxhost) is true?
+
Update message content length when adding/removing headers.
Need scache size limit.
am using now.
Update MILTER_README with Martinec info.
+ http://www.ijs.si/software/amavisd/amavisd-new-docs.html#dkim
Make postcat header/body aware so people can grep headers.
W\bWA\bAR\bRN\bNI\bIN\bNG\bG
The sender/recipient address verification feature described in this document is
-suitable only for low-traffic sites. It performs poorly under high load and may
-cause your site to be blacklisted by some providers. See the "Limitations"
-section below for details.
+suitable only for low-traffic sites. It performs poorly under high load;
+excessive sender address verification activity may even cause your site to be
+blacklisted by some providers. See the "Limitations" section below for details.
W\bWh\bha\bat\bt P\bPo\bos\bst\btf\bfi\bix\bx a\bad\bdd\bdr\bre\bes\bss\bs v\bve\ber\bri\bif\bfi\bic\bca\bat\bti\bio\bon\bn c\bca\ban\bn d\bdo\bo f\bfo\bor\br y\byo\bou\bu
in tcp_table(5). The lookup table name is "tcp:host:port" where "host"
specifies a symbolic hostname or a numeric IP address, and "port"
specifies a symbolic service name or a numeric port number. This
- protocol is not available up to and including Postfix version 2.2.
+ protocol is not available up to and including Postfix version 2.4.
u\bun\bni\bix\bx (read-only)
A limited way to query the UNIX authentication database. The following
tables are implemented:
* Configuring LDAP lookups
* Example: aliases
* Example: virtual domains/addresses
+ * Example: expanding LDAP groups
* Other uses of LDAP lookups
* Notes and things to think about
* Feedback
and in ldap:/etc/postfix/ldap-aliases.cf you have:
- server_host = ldap.my.com
- search_base = dc=my, dc=com
+ server_host = ldap.example.com
+ search_base = dc=example, dc=com
Upon receiving mail for a local address "ldapuser" that isn't found in the /
etc/aliases database, Postfix will search the LDAP server listening at port 389
-on ldap.my.com. It will bind anonymously, search for any directory entries
+on ldap.example.com. It will bind anonymously, search for any directory entries
whose mailacceptinggeneralid attribute is "ldapuser", read the "maildrop"
attributes of those found, and build a list of their maildrops, which will be
treated as RFC822 addresses to which the message will be delivered.
attributes are fully qualified with their virtual domains. Finally, if you want
to designate a directory entry as the default user for a virtual domain, just
give it an additional mailacceptinggeneralid (or the equivalent in your
-directory) of "@virtual.dom". That's right, no user part. If you don't want a
+directory) of "@fake.dom". That's right, no user part. If you don't want a
catchall user, omit this step and mail to unknown users in the domain will
simply bounce.
Normal users might simply have one mailacceptinggeneralid and maildrop, e.g.
"normaluser@fake.dom" and "normaluser@real.dom".
+E\bEx\bxa\bam\bmp\bpl\ble\be:\b: e\bex\bxp\bpa\ban\bnd\bdi\bin\bng\bg L\bLD\bDA\bAP\bP g\bgr\bro\bou\bup\bps\bs
+
+LDAP is frequently used to store group member information, and Postfix supports
+expanding a group's email address to the list of email addresses of the group
+members. There are a number of ways of handling LDAP groups, which will be
+illustrated via the mock LDAP entries and implied schema below. This shows two
+group entries "agroup" and "bgroup" and four user entries "auser", "buser",
+"cuser" and "duser". The group "agroup" has the users "auser" (1) and "buser"
+(2) as members via DN references in the multi-valued attribute "memberdn", and
+direct email addresses of two external users "auser@example.org" (3) and
+"buser@example.org" (4) stored in the multi-valued attribute "memberaddr". The
+same is true of "bgroup" and "cuser"/"duser" (6)/(7)/(8)/(9), but "bgroup" also
+has a "maildrop" attribute of "bgroup@mlm.example.com" (5):
+
+ dn: cn=agroup, dc=example, dc=com
+ objectclass: top
+ objectclass: ldapgroup
+ cn: agroup
+ mail: agroup@example.com
+ 1 -> memberdn: uid=auser, dc=example, dc=com
+ 2 -> memberdn: uid=buser, dc=example, dc=com
+ 3 -> memberaddr: auser@example.org
+ 4 -> memberaddr: buser@example.org
+
+ dn: cn=bgroup, dc=example, dc=com
+ objectclass: top
+ objectclass: ldapgroup
+ cn: bgroup
+ mail: bgroup@example.com
+ 5 -> maildrop: bgroup@mlm.example.com
+ 6 -> memberdn: uid=cuser, dc=example, dc=com
+ 7 -> memberdn: uid=duser, dc=example, dc=com
+ 8 -> memberaddr: cuser@example.org
+ 9 -> memberaddr: duser@example.org
+
+ dn: uid=auser, dc=example, dc=com
+ objectclass: top
+ objectclass: ldapuser
+ uid: auser
+ 10 -> mail: auser@example.com
+ 11 -> maildrop: auser@mailhub.example.com
+
+ dn: uid=buser, dc=example, dc=com
+ objectclass: top
+ objectclass: ldapuser
+ uid: buser
+ 12 -> mail: buser@example.com
+ 13 -> maildrop: buser@mailhub.example.com
+
+ dn: uid=cuser, dc=example, dc=com
+ objectclass: top
+ objectclass: ldapuser
+ uid: cuser
+ 14 -> mail: cuser@example.com
+
+ dn: uid=duser, dc=example, dc=com
+ objectclass: top
+ objectclass: ldapuser
+ uid: duser
+ 15 -> mail: duser@example.com
+
+Our first use case ignores the "memberdn" attributes, and assumes that groups
+hold only direct "memberaddr" strings as in (3), (4), (8) and (9). The goal is
+to map the group address to the list of constituent "memberaddr" values. This
+is simple, ignoring the various connection related settings (hosts, ports, bind
+settings, timeouts, ...) we have:
+
+ simple.cf:
+ ...
+ search_base = dc=example, dc=com
+ query_filter = mail=%s
+ result_attribute = memberaddr
+ $ postmap -q agroup@example.com ldap:simple.cf
+ auser@example.org,buser@example.org
+
+We search "dc=example, dc=com". The "mail" attribute is used in the
+query_filter to locate the right group, the "result_attribute" setting
+described in ldap_table(5) is used to specify that "memberaddr" values from the
+matching group are to be returned as a comma separated list. Always check
+tables using postmap(1) with the "-q" option, before deploying them into
+production use in main.cf.
+
+Our second use case also expands "memberdn" attributes (1), (2), (6) and (7),
+follows the DN references and returns the "maildrop" of the referenced user
+entries. Here we use the "special_result_attribute" setting from ldap_table(5)
+to designate the "memberdn" attribute as holding DNs of the desired member
+entries. The "result_attribute" setting selects which attributes are returned
+from the selected DNs. It is important to choose a result attribute that is not
+also present in the group object, because result attributes are collected from
+both the group and the member DNs. In this case we choose "maildrop" and assume
+for the moment that groups never have a "maildrop" (the "bgroup" "maildrop"
+attribute is for a different use case). The returned data for "auser" and
+"buser" is from items (11) and (13) in the mock data.
+
+ special.cf:
+ ...
+ search_base = dc=example, dc=com
+ query_filter = mail=%s
+ result_attribute = memberaddr, maildrop
+ special_result_attribute = memberdn
+ $ postmap -q agroup@example.com ldap:special.cf
+
+ auser@mailhub.example.com,buser@mailhub.example.com,auser@example.org,buser@example.org
+
+Note: if the desired member object result attribute is always also present in
+the group, you get suprising results, the expansion also returns the address of
+the group. This is a known limitation of Postfix releases prior to 2.4, and is
+addressed in the new with Postfix 2.4 "leaf_result_attribute" feature described
+in ldap_table(5).
+
+Our third use case has some groups that are expanded immediately, and other
+groups that are forwarded to a dedicated mailing list manager host for delayed
+expansion. This uses two LDAP tables, one for users and forwarded groups and a
+second for groups that can be expanded immediately. It is assumed that groups
+that require forwarding are never nested members of groups that are directly
+expanded.
+
+ no_expand.cf:
+ ...
+ search_base = dc=example, dc=com
+ query_filter = mail=%s
+ result_attribute = maildrop
+ expand.cf
+ ...
+ search_base = dc=example, dc=com
+ query_filter = mail=%s
+ result_attribute = memberaddr, maildrop
+ special_result_attribute = memberdn
+ $ postmap -q auser@example.com ldap:no_expand.cf ldap:expand.cf
+ auser@mailhub.example.com
+ $ postmap -q agroup@example.com ldap:no_expand.cf ldap:expand.cf
+
+ auser@mailhub.example.com,buser@mailhub.example.com,auser@example.org,buser@example.org
+ $ postmap -q bgroup@example.com ldap:no_expand.cf ldap:expand.cf
+ bgroup@mlm.example.com
+
+Non-group objects and groups with delayed expansion (those that have a maildrop
+attribute) are rewritten to a single maildrop value. Groups that don't have a
+maildrop are expanded as the second use case. This admits a more elegant
+solution with Postfix 2.4 and later.
+
+Our final use case is the same as the third, but this time uses new features in
+Postfix 2.4. We now are able to use just one LDAP table and no longer need to
+assume that forwarded groups are never nested inside expanded groups.
+
+ fancy.cf:
+ ...
+ search_base = dc=example, dc=com
+ query_filter = mail=%s
+ result_attribute = memberaddr
+ special_result_attribute = memberdn
+ terminal_result_attribute = maildrop
+ leaf_result_attribute = mail
+ $ postmap -q auser@example.com ldap:fancy.cf
+ auser@mailhub.example.com
+ $ postmap -q cuser@example.com ldap:fancy.cf
+ cuser@example.com
+ $ postmap -q agroup@example.com ldap:fancy.cf
+
+ auser@mailhub.example.com,buser@mailhub.example.com,auser@example.org,buser@example.org
+ $ postmap -q bgroup@example.com ldap:fancy.cf
+ bgroup@mlm.example.com
+
+Above, delayed expansion is enabled via "terminal_result_attribute", which, if
+present, is used as the sole result and all other expansion is suppressed.
+Otherwise, the "leaf_result_attribute" is only returned for leaf objects that
+don't have a "special_result_attribute" (non-groups), while the
+"result_attribute" (direct member address of groups) is returned at every level
+of recursive expansion, not just the leaf nodes. This fancy example illustrates
+all the features of Postfix 2.4 group expansion.
+
O\bOt\bth\bhe\ber\br u\bus\bse\bes\bs o\bof\bf L\bLD\bDA\bAP\bP l\blo\boo\bok\bku\bup\bps\bs
Other common uses for LDAP lookups include rewriting senders and recipients
with Postfix's canonical lookups, for example in order to make mail leaving
-your site appear to be coming from "First.Last@site.dom" instead of
-"userid@site.dom".
+your site appear to be coming from "First.Last@example.com" instead of
+"userid@example.com".
N\bNo\bot\bte\bes\bs a\ban\bnd\bd t\bth\bhi\bin\bng\bgs\bs t\bto\bo t\bth\bhi\bin\bnk\bk a\bab\bbo\bou\but\bt
define an entry intended for use as a mailing list that looks like this
(Warning! Schema made up just for this example):
- dn: cn=Accounting Staff List, dc=my, dc=com
+ dn: cn=Accounting Staff List, dc=example, dc=com
cn: Accounting Staff List
- o: my.com
+ o: example.com
objectclass: maillist
mailacceptinggeneralid: accountingstaff
mailacceptinggeneralid: accounting-staff
P\bPu\bur\brp\bpo\bos\bse\be o\bof\bf t\bth\bhi\bis\bs d\bdo\boc\bcu\bum\bme\ben\bnt\bt
-This document describes the qshape(1) program which helps the administrator
-understand the Postfix queue message distribution sorted by time and by sender
-or recipient domain. qshape(1) is bundled with the Postfix 2.1 source under the
-"auxiliary" directory.
-
-In order to understand the output of qshape(1), it useful to understand the
-various Postfix queues. To this end the role of each Postfix queue directory is
-described briefly in the "Background info: Postfix queue directories" section
-near the end of this document.
+This document is an introduction to Postfix queue congestion analysis. It
+explains how the qshape(1) program can help to track down the reason for queue
+congestion. qshape(1) is bundled with Postfix 2.1 and later source code, under
+the "auxiliary" directory. This document describes qshape(1) as bundled with
+Postfix 2.4.
This document covers the following topics:
* Example 2: Deferred queue full of dictionary attack bounces
* Example 3: Congestion in the active queue
* Example 4: High volume destination backlog
- * Background info: Postfix queue directories
+ * Postfix queue directories
o The "maildrop" queue
o The "hold" queue
10 and 20 minutes old, 1 between 320 and 640 minutes old and 12 older than
1280 minutes (1440 minutes in a day).
+When the output is a terminal intermediate results showing the top 20 domains
+(-n option) are displayed after every 1000 messages (-N option) and the final
+output also shows only the top 20 domains. This makes qshape useful even when
+the deferred queue is very large and it may otherwise take prohibitively long
+to read the entire deferred queue.
+
By default, qshape shows statistics for the union of both the incoming and
active queues which are the most relevant queues to look at when analyzing
performance.
One can request an alternate list of queues:
- $ qshape deferred | less
- $ qshape incoming active deferred | less
+ $ qshape deferred
+ $ qshape incoming active deferred
this will show the age distribution of the deferred queue or the union of the
incoming active and deferred queues.
The problem destinations or sender domains appear near the top left corner of
the output table. Remember that the active queue can accommodate up to 20000
-($qmgr_message_active_limit) messages. To check wether this limit has been
+($qmgr_message_active_limit) messages. To check whether this limit has been
reached, use:
- $ qshape -s active | head (show sender statistics)
+ $ qshape -s active (show sender statistics)
If the total sender count is below 20000 the active queue is not yet saturated,
any high volume sender domains show near the top of the output.
-The active queue is also limited to at most 20000 recipient addresses
-($qmgr_message_recipient_limit). To check for exhaustion of this limit use:
+With oqmgr(8) the active queue is also limited to at most 20000 recipient
+addresses ($qmgr_message_recipient_limit). To check for exhaustion of this
+limit use:
- $ qshape active | head (show recipient statistics)
+ $ qshape active (show recipient statistics)
Having found the high volume domains, it is often useful to search the logs for
recent messages pertaining to the domains in question.
nature of the errors. The destination will be retried again after the
expiration of a $minimal_backoff_time timer. If the error bursts are frequent
enough it may be that only a small quantity of email is delivered before the
-destination is again marked "dead".
+destination is again marked "dead". In some cases enabling static (not on
+demand) connection caching by listing the appropriate nexthop domain in a table
+included in "smtp_connection_cache_destinations" may help to reduce the error
+rate, because most messages will re-use existing connections.
The MTA that has been observed most frequently to exhibit such bursts of errors
is Microsoft Exchange, which refuses connections under load. Some proxy virus
the client as a "421" error.
Note that it is now possible to configure Postfix to exhibit similarly erratic
-behavior by misconfiguring the anvil(8) server (not included in Postfix 2.1.).
-Do not use anvil(8) for steady-state rate limiting, its purpose is DoS
-prevention and the rate limits set should be very generous!
+behavior by misconfiguring the anvil(8) service. Do not use anvil(8) for
+steady-state rate limiting, its purpose is (unintentional) DoS prevention and
+the rate limits set should be very generous!
-In the long run it is hoped that the Postfix dead host detection and
-concurrency control mechanism will be tuned to be more "noise" tolerant. If one
-finds oneself needing to deliver a high volume of mail to a destination that
-exhibits frequent brief bursts of errors, there is a subtle workaround.
+If one finds oneself needing to deliver a high volume of mail to a destination
+that exhibits frequent brief bursts of errors and connection caching does not
+solve the problem, there is a subtle workaround.
* In master.cf set up a dedicated clone of the "smtp" transport for the
destination in question.
number in the 10-20 range is typical).
* IMPORTANT!!! In main.cf configure a very large initial and destination
- concurrency limit for this transport (say 200).
+ concurrency limit for this transport (say 2000).
/etc/postfix/main.cf:
- initial_destination_concurrency = 200
- transportname_destination_concurrency_limit = 200
+ initial_destination_concurrency = 2000
+ transportname_destination_concurrency_limit = 2000
Where transportname is the name of the master.cf entry in question.
-The effect of this surprising configuration is that up to 200 consecutive
+The effect of this surprising configuration is that up to 2000 consecutive
errors are tolerated without marking the destination dead, while the total
concurrency remains reasonable (10-20 processes). This trick is only for a very
specialized situation: high volume delivery into a channel with multi-error
Hopefully a more elegant solution to these problems will be found in the
future.
-B\bBa\bac\bck\bkg\bgr\bro\bou\bun\bnd\bd i\bin\bnf\bfo\bo:\b: P\bPo\bos\bst\btf\bfi\bix\bx q\bqu\bue\beu\bue\be d\bdi\bir\bre\bec\bct\bto\bor\bri\bie\bes\bs
+P\bPo\bos\bst\btf\bfi\bix\bx q\bqu\bue\beu\bue\be d\bdi\bir\bre\bec\bct\bto\bor\bri\bie\bes\bs
The following sections describe Postfix queues: their purpose, what normal
behavior looks like, and how to diagnose abnormal behavior.
All mail that enters the main Postfix queue does so via the cleanup(8) service.
The cleanup service is responsible for envelope and header rewriting, header
-and body regular expression checks, automatic bcc recipient processing and
-guaranteed insertion of the message into the Postfix "incoming" queue.
+and body regular expression checks, automatic bcc recipient processing, milter
+content processing, and reliable insertion of the message into the Postfix
+"incoming" queue.
In the absence of excessive CPU consumption in cleanup(8) header or body
regular expression checks or other software consuming all available CPU
Congestion in this queue is indicative of an excessive local message submission
rate or perhaps excessive CPU consumption in the cleanup(8) service due to
-excessive body_checks.
+excessive body_checks, or (Postfix >= 2.3) high latency milters.
Note, that once the active queue is full, the cleanup service will attempt to
slow down message injection by pausing $in_flow_delay for each message. In this
case "maildrop" queue congestion may be a consequence of congestion downstream,
rather than a problem in its own right.
-Note also, that one should not attempt to deliver large volumes of mail via the
-pickup(8) service. High volume sites must avoid using content filters that
-reinject scanned mail via Postfix sendmail(1) and postdrop(1).
+Note, you should not attempt to deliver large volumes of mail via the pickup(8)
+service. High volume sites should avoid using "simple" content filters that re-
+inject scanned mail via Postfix sendmail(1) and postdrop(1).
A high arrival rate of locally submitted mail may be an indication of an
uncaught forwarding loop, or a run-away notification program. Try to keep the
delivery attempts are made for messages in the "hold" queue. The postsuper(1)
command can be used to manually release messages into the "deferred" queue.
-Messages can potentially stay in the "hold" queue for a time exceeding the
-normal maximal queue lifetime (after which undelivered messages are bounced
-back to the sender). If such "old" messages need to be released from the "hold"
-queue, they should typically be moved into the "maildrop" queue, so that the
-message gets a new timestamp and is given more than one opportunity to be
-delivered. Messages that are "young" can be moved directly into the "deferred"
-queue.
+Messages can potentially stay in the "hold" queue longer than
+$maximal_queue_lifetime. If such "old" messages need to be released from the
+"hold" queue, they should typically be moved into the "maildrop" queue using
+"postsuper -r", so that the message gets a new timestamp and is given more than
+one opportunity to be delivered. Messages that are "young" can be moved
+directly into the "deferred" queue using "postsuper -H".
The "hold" queue plays little role in Postfix performance, and monitoring of
the "hold" queue is typically more closely motivated by tracking spam and
The incoming queue grows when the message input rate spikes above the rate at
which the queue manager can import messages into the active queue. The main
-factor slowing down the queue manager is transport queries to the trivial-
-rewrite service. If the queue manager is routinely not keeping up, consider not
-using "slow" lookup services (MySQL, LDAP, ...) for transport lookups or
-speeding up the hosts that provide the lookup service.
+factors slowing down the queue manager are disk I/O and lookup queries to the
+trivial-rewrite service. If the queue manager is routinely not keeping up,
+consider not using "slow" lookup services (MySQL, LDAP, ...) for transport
+lookups or speeding up the hosts that provide the lookup service. If the
+problem is I/O starvation, consider striping the queue over more disks, faster
+controllers with a battery write cache, or other hardware improvements. At the
+very least, make sure that the queue directory is mounted with the "noatime"
+option if applicable to the underlying filesystem.
The in_flow_delay parameter is used to clamp the input rate when the queue
manager starts to fall behind. The cleanup(8) service will pause for
is capped by the transport's recipient concurrency limit.
Multiple recipient groups (from one or more messages) are queued for delivery
-via the common transport/nexthop combination. The destination concurrency limit
-for the transports caps the number of simultaneous delivery attempts for each
-nexthop. Transports with a recipient concurrency limit of 1 are special: these
-are grouped by the actual recipient address rather than the nexthop, thereby
-enabling per-recipient concurrency limits rather than per-domain concurrency
-limits. Per-recipient limits are appropriate when performing final delivery to
+grouped by transport/nexthop combination. The d\bde\bes\bst\bti\bin\bna\bat\bti\bio\bon\bn concurrency limit for
+the transports caps the number of simultaneous delivery attempts for each
+nexthop. Transports with a r\bre\bec\bci\bip\bpi\bie\ben\bnt\bt concurrency limit of 1 are special: these
+are grouped by the actual recipient address rather than the nexthop, yielding
+per-recipient concurrency limits rather than per-domain concurrency limits.
+Per-recipient limits are appropriate when performing final delivery to
mailboxes rather than when relaying to a remote server.
Congestion occurs in the active queue when one or more destinations drain
-slower than the corresponding message input rate. If a destination is down for
-some time, the queue manager will mark it dead, and immediately defer all mail
-for the destination without trying to assign it to a delivery agent. In this
-case the messages will quickly leave the active queue and end up in the
-deferred queue. If the destination is instead simply slow, or there is a
-problem causing an excessive arrival rate the active queue will grow and will
-become dominated by mail to the congested destination.
+slower than the corresponding message input rate.
+
+Input into the active queue comes both from new mail in the "incoming" queue,
+and retries of mail in the "deferred" queue. Should the "deferred" queue get
+really large, retries of old mail can dominate the arrival rate of new mail.
+Systems with more CPU, faster disks and more network bandwidth can deal with
+larger deferred queues, but as a rule of thumb the deferred queue scales to
+somewhere between 100,000 and 1,000,000 messages with good performance unlikely
+above that "limit". Systems with queues this large should typically stop
+accepting new mail, or put the backlog "on hold" until the underlying issue is
+fixed (provided that there is enough capacity to handle just the new mail).
+
+When a destination is down for some time, the queue manager will mark it dead,
+and immediately defer all mail for the destination without trying to assign it
+to a delivery agent. In this case the messages will quickly leave the active
+queue and end up in the deferred queue (with Postfix < 2.4, this is done
+directly by the queue manager, with Postfix >= 2.4 this is done via the "retry"
+delivery agent).
+
+When the destination is instead simply slow, or there is a problem causing an
+excessive arrival rate the active queue will grow and will become dominated by
+mail to the congested destination.
The only way to reduce congestion is to either reduce the input rate or
increase the throughput. Increasing the throughput requires either increasing
the system and network are not loaded, raise the "smtp" and/or "relay" process
limits!
-Especially for the "relay" transport, consider lower SMTP connection timeouts
-(1-5 seconds) and higher than default destination concurrency limits. Compute
-the expected latency when 1 out of N of the MX hosts for a high volume site is
-down and not responding, and make sure that the configured concurrency divided
-by this latency exceeds the required steady-state message rate. If the
-destination is managed by you, consider load balancers in front of groups of MX
-hosts. Load balancers have higher uptime and will be able to hide individual MX
-host failures.
-
-If necessary, dedicate and tune custom transports for high volume destinations.
+When a high volume destination is served by multiple MX hosts with typically
+low delivery latency, performance can suffer dramatically when one of the MX
+hosts is unresponsive and SMTP connections to that host timeout. For example,
+if there are 2 equal weight MX hosts, the SMTP connection timeout is 30 seconds
+and one of the MX hosts is down, the average SMTP connection will take
+approximately 15 seconds to complete. With a default per-destination
+concurrency limit of 20 connections, throughput falls to just over 1 message
+per second.
+
+The best way to avoid bottlenecks when one or more MX hosts is non-responsive
+is to use connection caching. Connection caching was introduced with Postfix
+2.2 and is by default enabled on demand for destinations with a backlog of mail
+in the active queue. When connection caching is in effect for a particular
+destination, established connections are re-used to send additional messages,
+this reduces the number of connections made per message delivery and maintains
+good throughput even in the face of partial unavailability of the destination's
+MX hosts.
+
+If connection caching is not available (Postfix < 2.2) or does not provide a
+sufficient latency reduction, especially for the "relay" transport used to
+forward mail to "your own" domains, consider setting lower than default SMTP
+connection timeouts (1-5 seconds) and higher than default destination
+concurrency limits. This will further reduce latency and provide more
+concurrency to maintain throughput should latency rise.
+
+Setting high concurrency limits to domains that are not your own may be viewed
+as hostile by the receiving system, and steps may be taken to prevent you from
+monopolizing the destination system's resources. The defensive measures may
+substantially reduce your throughput or block access entirely. Do not set
+aggressive concurrency limits to remote domains without coordinating with the
+administrators of the target domain.
+
+If necessary, dedicate and tune custom transports for selected high volume
+destinations. The "relay" transport is provided for forwarding mail to domains
+for which your server is a primary or backup MX host. These can make up a
+substantial fraction of your email traffic. Use the "relay" and not the "smtp"
+transport to send email to these domains. Using the "relay" transport allocates
+a separate delivery agent pool to these destinations and allows separate tuning
+of timeouts and concurrency limits.
Another common cause of congestion is unwarranted flushing of the entire
deferred queue. The deferred queue holds messages that are likely to fail to be
-delivered and are also likely to be slow to fail delivery (timeouts). This
-means that the most common reaction to a large deferred queue (flush it!) is
-more than likely counter- productive, and is likely to make the problem worse.
-Do not flush the deferred queue unless you expect that most of its content has
+delivered and are also likely to be slow to fail delivery (time out). As a
+result the most common reaction to a large deferred queue (flush it!) is more
+than likely counter-productive, and typically makes the congestion worse. Do
+not flush the deferred queue unless you expect that most of its content has
recently become deliverable (e.g. relayhost back up after an outage)!
Note that whenever the queue manager is restarted, there may already be
normal incoming queue scan to refill the active queue. The process of moving
all the messages back and forth, redoing transport table (trivial-rewrite(8)
resolve service) lookups, and re-importing the messages back into memory is
-expensive. At all costs, avoid frequent restarts of the queue manager.
+expensive. At all costs, avoid frequent restarts of the queue manager (e.g. via
+frequent execution of "postfix reload").
T\bTh\bhe\be "\b"d\bde\bef\bfe\ber\brr\bre\bed\bd"\b" q\bqu\bue\beu\bue\be
controlled by the queue_run_delay parameter. While a deferred queue scan is in
progress, if an incoming queue scan is also in progress (ideally these are
brief since the incoming queue should be short), the queue manager alternates
-between bringing a new "incoming" message and a new "deferred" message into the
+between looking for messages in the "incoming" queue and in the "deferred"
queue. This "round-robin" strategy prevents starvation of either the incoming
or the deferred queues.
Each deferred queue scan only brings a fraction of the deferred queue back into
the active queue for a retry. This is because each message in the deferred
queue is assigned a "cool-off" time when it is deferred. This is done by time-
-warping the modification times of the queue file into the future. The queue
-file is not eligible for a retry if its modification time is not yet reached.
+warping the modification time of the queue file into the future. The queue file
+is not eligible for a retry if its modification time is not yet reached.
The "cool-off" time is at least $minimal_backoff_time and at most
$maximal_backoff_time. The next retry time is set by doubling the message's age
If a high volume site routinely has large deferred queues, it may be useful to
adjust the queue_run_delay, minimal_backoff_time and maximal_backoff_time to
-provide short enough delays on first failure, with perhaps longer delays after
-multiple failures, to reduce the retransmission rate of old messages and
-thereby reduce the quantity of previously deferred mail in the active queue.
+provide short enough delays on first failure (Postfix >= 2.4 has a sensibly low
+minimal backoff time by default), with perhaps longer delays after multiple
+failures, to reduce the retransmission rate of old messages and thereby reduce
+the quantity of previously deferred mail in the active queue. If you want a
+really low minimal_backoff_time, you may also want to lower queue_run_delay,
+but understand that more frequent scans will increase the demand for disk I/O.
One common cause of large deferred queues is failure to validate recipients at
the SMTP input stage. Since spammers routinely launch dictionary attacks from
unrepliable sender addresses, the bounces for invalid recipient addresses clog
the deferred queue (and at high volumes proportionally clog the active queue).
Recipient validation is strongly recommended through use of the
-local_recipient_maps and relay_recipient_maps parameters.
+local_recipient_maps and relay_recipient_maps parameters. Even when bounces
+drain quickly they inundate innocent victims of forgery with unwanted email. To
+avoid this, do not accept mail for invalid recipients.
When a host with lots of deferred mail is down for some time, it is possible
for the entire deferred queue to reach its retry time simultaneously. This can
lead to a very full active queue once the host comes back up. The phenomenon
can repeat approximately every maximal_backoff_time seconds if the messages are
-again deferred after a brief burst of congestion. Ideally, in the future
-Postfix will add a random offset to the retry time (or use a combination of
-strategies) to reduce the chances of repeated complete deferred queue flushes.
+again deferred after a brief burst of congestion. Perhaps, a future Postfix
+release will add a random offset to the retry time (or use a combination of
+strategies) to reduce the odds of repeated complete deferred queue flushes.
C\bCr\bre\bed\bdi\bit\bts\bs
B\bBu\bui\bil\bld\bdi\bin\bng\bg t\bth\bhe\be C\bCy\byr\bru\bus\bs S\bSA\bAS\bSL\bL l\bli\bib\bbr\bra\bar\bry\by
-Postfix appears to work with cyrus-sasl-1.5.5 or cyrus-sasl-2.1.1, which are
+Postfix appears to work with cyrus-sasl-1.5.x or cyrus-sasl-2.1.x, which are
available from:
ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/
IMPORTANT: if you install the Cyrus SASL libraries as per the default, you will
-have to symlink /usr/lib/sasl -> /usr/local/lib/sasl for version 1.5.5 or /usr/
-lib/sasl2 -> /usr/local/lib/sasl2 for version 2.1.1.
+have to symlink /usr/lib/sasl -> /usr/local/lib/sasl for version 1.5.x or /usr/
+lib/sasl2 -> /usr/local/lib/sasl2 for version 2.1.x.
-Reportedly, Microsoft Internet Explorer version 5 requires the non-standard
-SASL LOGIN authentication method. To enable this authentication method, specify
-``./configure --enable-login''.
+Reportedly, Microsoft Outlook (Express) requires the non-standard LOGIN
+authentication method. To enable this authentication method, specify ``./
+configure --enable-login''.
B\bBu\bui\bil\bld\bdi\bin\bng\bg P\bPo\bos\bst\btf\bfi\bix\bx w\bwi\bit\bth\bh C\bCy\byr\bru\bus\bs S\bSA\bAS\bSL\bL s\bsu\bup\bpp\bpo\bor\brt\bt
On some systems this generates the necessary Makefile definitions:
-(for Cyrus SASL version 1.5.5):
+(for Cyrus SASL version 1.5.x):
% make tidy # if you have left-over files from a previous build
% make makefiles CCARGS="-DUSE_SASL_AUTH -DUSE_CYRUS_SASL \
-I/usr/local/include" AUXLIBS="-L/usr/local/lib -lsasl"
-(for Cyrus SASL version 2.1.1):
+(for Cyrus SASL version 2.1.x):
% make tidy # if you have left-over files from a previous build
% make makefiles CCARGS="-DUSE_SASL_AUTH -DUSE_CYRUS_SASL \
On Solaris 2.x you need to specify run-time link information, otherwise ld.so
will not find the SASL shared library:
-(for Cyrus SASL version 1.5.5):
+(for Cyrus SASL version 1.5.x):
% make tidy # if you have left-over files from a previous build
% make makefiles CCARGS="-DUSE_SASL_AUTH -DUSE_CYRUS_SASL \
-I/usr/local/include" AUXLIBS="-L/usr/local/lib \
-R/usr/local/lib -lsasl"
-(for Cyrus SASL version 2.1.1):
+(for Cyrus SASL version 2.1.x):
% make tidy # if you have left-over files from a previous build
% make makefiles CCARGS="-DUSE_SASL_AUTH -DUSE_CYRUS_SASL \
Older Microsoft SMTP client software implements a non-standard version of the
AUTH protocol syntax, and expects that the SMTP server replies to EHLO with
-"250 AUTH=stuff" instead of "250 AUTH stuff". To accommodate such clients (in
-addition to conformant clients) use the following:
+"250 AUTH=mechanism-list" instead of "250 AUTH mechanism-list". To accommodate
+such clients (in addition to conformant clients) use the following:
/etc/postfix/main.cf:
broken_sasl_auth_clients = yes
C\bCy\byr\bru\bus\bs S\bSA\bAS\bSL\bL c\bco\bon\bnf\bfi\big\bgu\bur\bra\bat\bti\bio\bon\bn f\bfo\bor\br t\bth\bhe\be P\bPo\bos\bst\btf\bfi\bix\bx S\bSM\bMT\bTP\bP s\bse\ber\brv\bve\ber\br
-In /usr/local/lib/sasl/smtpd.conf (Cyrus SASL version 1.5.5) or /usr/local/lib/
-sasl2/smtpd.conf (Cyrus SASL version 2.1.1) you need to specify how the server
-should validate client passwords.
+You need to configure how the Cyrus SASL library should authenticate a client's
+username and password. These settings must be stored in a separate
+configuration file.
+
+The name of the configuration file (default: smtpd.conf) will be constructed
+from a value sent by Postfix to the Cyrus SASL library, which adds the suffix
+.conf. The value is configured using one of the following variables:
+
+ /etc/postfix/main.cf:
+ # Postfix 2.3 and later
+ smtpd_sasl_path = smtpd
+ # Postfix < 2.3
+ smtpd_sasl_application_name = smtpd
+
+Cyrus SASL searches for the configuration file in /usr/local/lib/sasl/ (Cyrus
+SASL version 1.5.5) or /usr/local/lib/sasl2/ (Cyrus SASL version 2.1.x).
Note: some Postfix distributions are modified and look for the smtpd.conf file
-in /etc/postfix.
+in /etc/postfix/sasl.
Note: some Cyrus SASL distributions look for the smtpd.conf file in /etc/sasl2.
- * To authenticate against the UNIX password database, try:
+ * To authenticate against the UNIX password database, use:
- (Cyrus SASL version 1.5.5)
+ (Cyrus SASL version 1.5.x)
/usr/local/lib/sasl/smtpd.conf:
pwcheck_method: pwcheck
- (Cyrus SASL version 2.1.1)
-
- /usr/local/lib/sasl2/smtpd.conf:
- pwcheck_method: pwcheck
-
- The name of the file in /usr/local/lib/sasl (Cyrus SASL version 1.5.5) or /
- usr/local/lib/sasl2 (Cyrus SASL version 2.1.1) used by the SASL library for
- configuration can be set with:
-
- /etc/postfix/main.cf:
- smtpd_sasl_application_name = smtpd (Postfix < 2.3)
- smtpd_sasl_path = smtpd (Postfix 2.3 and later)
-
- The pwcheck daemon is contained in the cyrus-sasl source tarball.
-
- IMPORTANT: postfix processes need to have group read+execute permission for
- the /var/pwcheck directory, otherwise authentication attempts will fail.
+ IMPORTANT: pwcheck establishes a UNIX domain socket in /var/pwcheck and
+ waits for authentication requests. Postfix processes must have
+ read+execute permission to this directory or authentication attempts
+ will fail.
- * Alternately, in Cyrus SASL 1.5.26 and later (including 2.1.1), try:
+ The pwcheck daemon is contained in the cyrus-sasl source tarball.
(Cyrus SASL version 1.5.26)
/usr/local/lib/sasl/smtpd.conf:
pwcheck_method: saslauthd
- (Cyrus SASL version 2.1.1)
+ (Cyrus SASL version 2.1.x)
/usr/local/lib/sasl2/smtpd.conf:
pwcheck_method: saslauthd
+ mech_list: PLAIN LOGIN
The saslauthd daemon is also contained in the cyrus-sasl source tarball. It
is more flexible than the pwcheck daemon, in that it can authenticate
against PAM and various other sources. To use PAM, start saslauthd with "-
a pam".
+ IMPORTANT: saslauthd usually establishes a UNIX domain socket in /var/run/
+ saslauthd and waits for authentication requests. Postfix processes must
+ have read+execute permission to this directory or authentication attempts
+ will fail.
+
+ Note: The directory where saslauthd puts the socket is configurable. See
+ the command-line option "-m /path/to/socket" in the saslauthd --help
+ listing.
+
* To authenticate against Cyrus SASL's own password database:
- (Cyrus SASL version 1.5.5)
+ (Cyrus SASL version 1.5.x)
/usr/local/lib/sasl/smtpd.conf:
- pwcheck_method: sasldb
+ pwcheck_method: sasldb
- (Cyrus SASL version 2.1.1)
+ (Cyrus SASL version 2.1.x)
/usr/local/lib/sasl2/smtpd.conf:
- pwcheck_method: auxprop
+ pwcheck_method: auxprop
+ auxprop_plugin: sasldb
+ mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
This will use the Cyrus SASL password file (default: /etc/sasldb in version
- 1.5.5, or /etc/sasldb2 in version 2.1.1), which is maintained with the
+ 1.5.x, or /etc/sasldb2 in version 2.1.x), which is maintained with the
saslpasswd or saslpasswd2 command (part of the Cyrus SASL software). On
some poorly-supported systems the saslpasswd command needs to be run
multiple times before it stops complaining. The Postfix SMTP server needs
EXAMPLE:
- (Cyrus SASL version 1.5.5)
+ (Cyrus SASL version 1.5.x)
% saslpasswd -c -u `postconf -h myhostname` exampleuser
- (Cyrus SASL version 2.1.1)
+ (Cyrus SASL version 2.1.x)
% saslpasswd2 -c -u `postconf -h myhostname` exampleuser
You can find out SASL's idea about the realms of the users in sasldb with
- sasldblistusers (Cyrus SASL version 1.5.5) or sasldblistusers2 (Cyrus SASL
- version 2.1.1).
+ sasldblistusers (Cyrus SASL version 1.5.x) or sasldblistusers2 (Cyrus SASL
+ version 2.1.x).
On the Postfix side, you can have only one realm per smtpd instance, and
only the users belonging to that realm would be able to authenticate. The
/etc/postfix/main.cf:
smtpd_sasl_local_domain = $myhostname
-IMPORTANT: all users must be able to authenticate using ALL authentication
-mechanisms advertised by Postfix, otherwise the negotiation might end up with
-an unsupported mechanism, and authentication would fail. For example if you
-configure SASL to use saslauthd for authentication against PAM (pluggable
-authentication modules), only the PLAIN and LOGIN mechanisms are supported and
-stand a chance to succeed, yet the SASL library would also advertise other
-mechanisms, such as DIGEST-MD5. This happens because those mechanisms are made
-available by other plugins, and the SASL library have no way to know that your
-only valid authentication source is PAM. Thus you might need to limit the list
-of mechanisms advertised by Postfix.
+IMPORTANT: The Cyrus SASL password verification services pwcheck and saslauthd
+can only support the plaintext mechanisms PLAIN or LOGIN. However, the Cyrus
+SASL library doesn't know this, and will happily advertise other authentication
+mechanisms that the SASL library implements, such as DIGEST-MD5. As a result,
+if an SMTP client chooses any mechanism other than PLAIN or LOGIN while pwcheck
+or saslauthd are used, authentication will fail. Thus you may need to limit the
+list of mechanisms advertised by Postfix.
* With older Cyrus SASL versions you remove the corresponding library files
from the SASL plug-in directory (and again whenever the system is updated).
- * With Cyrus SASL version 2.1.1 or later:
+ * With Cyrus SASL version 2.1.x or later the mech_list variable can specify a
+ list of authentication mechanisms that Cyrus SASL may offer:
/usr/local/lib/sasl2/smtpd.conf:
mech_list: plain login
For the same reasons you might want to limit the list of plugins used for
authentication.
- * With Cyrus SASL version 1.5.5 your only choice is to delete the
+ * With Cyrus SASL version 1.5.x your only choice is to delete the
corresponding library files from the SASL plug-in directory.
- * With SASL version 2.1.1:
+ * With SASL version 2.1.x:
/usr/local/lib/sasl2/smtpd.conf:
- pwcheck_method: auxprop
- auxprop_plugin: sql
+ pwcheck_method: auxprop
+ auxprop_plugin: sql
To run software chrooted with SASL support is an interesting exercise. It
probably is not worth the trouble.
T\bTr\bro\bou\bub\bbl\ble\be s\bsh\bho\boo\bot\bti\bin\bng\bg t\bth\bhe\be S\bSA\bAS\bSL\bL i\bin\bnt\bte\ber\brn\bna\bal\bls\bs
In the Cyrus SASL sources you'll find a subdirectory named "sample". Run make
-there, "su" to the user postfix (or whatever your mail_owner directive is set
-to):
+there, then create a symbolic link from sample.conf to smtpd.conf in your Cyrus
+SASL library directory /usr/local/lib/sasl2. "su" to the user postfix (or
+whatever your mail_owner directive is set to):
% su postfix
-then run the resulting sample server and client in separate terminals. Strace /
-ktrace / truss the server to see what makes it unhappy, and fix the problem.
-Repeat the previous step until you can successfully authenticate with the
-sample client. Only then get back to Postfix.
+then run the resulting sample server and client in separate terminals. The
+sample applications send log messages to the syslog facility auth. Check the
+log to fix the problem or run strace / ktrace / truss on the server to see what
+makes it unhappy. Repeat the previous step until you can successfully
+authenticate with the sample client. Only then get back to Postfix.
E\bEn\bna\bab\bbl\bli\bin\bng\bg S\bSA\bAS\bSL\bL a\bau\but\bth\bhe\ben\bnt\bti\bic\bca\bat\bti\bio\bon\bn i\bin\bn t\bth\bhe\be P\bPo\bos\bst\btf\bfi\bix\bx S\bSM\bMT\bTP\bP c\bcl\bli\bie\ben\bnt\bt
[mail.myisp.net] username:password
[mail.myisp.net]:submission username:password
+The Postfix SASL client password file is opened before the SMTP server enters
+the optional chroot jail, so you can keep the file in /etc/postfix and set
+permissions read / write only for root to keep the username:password
+combinations away from other system users.
+
Postfix version 2.3 supports-per-sender SASL password information. To search
the Postfix SASL password by sender before it searches by destination, specify:
/etc/postfix/main.cf:
smtp_sasl_security_options = noanonymous
-The Postfix SASL client password file is opened before the SMTP server enters
-the optional chroot jail, so you can keep the file in /etc/postfix.
-
Note: Some SMTP servers support authentication mechanisms that, although
available on the client system, may not in practice work or possess the
appropriate credentials to authenticate to the server. It is possible via the
smtp_sasl_mechanism_filter = !gssapi, !external, static:all
In the above example, Postfix will decline to use mechanisms that require
-special infrastructure such as Kerberos.
+special infrastructure such as Kerberos or TLS.
The Postfix SMTP client is backwards compatible with SMTP servers that use the
non-standard "AUTH=method..." syntax in response to the EHLO command; there is
smtpd_sasl_path.
* The Dovecot SMTP server-only plug-in was originally implemented by Timo
Sirainen of Procontrol, Finland.
+ * Patrick Ben Koetter revised this document for Postfix 2.4 and made much
+ needed updates.
With this policy delegation mechanism, a simple greylist policy can be
implemented with only a dozen lines of Perl, as is shown at the end of this
-document. Another example of policy delegation is the SPF policy server by Meng
-Wong at http://spf.pobox.com/. Examples of both policies can be found in the
-Postfix source code, in the directory examples/smtpd-policy.
+document. A complete example can be found in the Postfix source code, in the
+directory examples/smtpd-policy.
+
+Another example of policy delegation is the SPF policy server at http://
+www.openspf.org/Software.
Policy delegation is now the preferred method for adding policies to Postfix.
It's much easier to develop a new feature in few lines of Perl, than trying to
/etc/postfix/main.cf:
smtp_tls_dcert_file = /etc/postfix/client-dsa.pem
- smtp_tls_dkey_file = $smtpd_tls_cert_file
+ smtp_tls_dkey_file = $smtp_tls_dcert_file
To verify a remote SMTP server certificate, the Postfix SMTP client needs to
trust the certificates of the issuing certification authorities. These
$smtp_tls_CApath directory needs to be accessible inside the optional chroot
jail.
-The choice between $smtp_tls_CAfile and $smtpd_tls_CApath is a space/time
+The choice between $smtp_tls_CAfile and $smtp_tls_CApath is a space/time
tradeoff. If there are many trusted CAs, the cost of preloading them all into
memory may not pay off in reduced access time when the certificate is needed.
/etc/postfix/main.cf:
smtp_tls_dcert_file = /etc/postfix/client-dsa.pem
- smtp_tls_dkey_file = $smtpd_tls_cert_file
+ smtp_tls_dkey_file = $smtp_tls_dcert_file
To verify a remote SMTP server certificate, the Postfix SMTP client needs to
trust the certificates of the issuing certification authorities. These
$smtp_tls_CApath directory needs to be accessible inside the optional chroot
jail.
-The choice between $smtp_tls_CAfile and $smtpd_tls_CApath is a space/time
+The choice between $smtp_tls_CAfile and $smtp_tls_CApath is a space/time
tradeoff. If there are many trusted CAs, the cost of preloading them all into
memory may not pay off in reduced access time when the certificate is needed.
M\bMe\bea\bas\bsu\bur\bre\bes\bs a\bag\bga\bai\bin\bns\bst\bt c\bcl\bli\bie\ben\bnt\bts\bs t\bth\bha\bat\bt m\bma\bak\bke\be t\bto\boo\bo m\bma\ban\bny\by c\bco\bon\bnn\bne\bec\bct\bti\bio\bon\bns\bs
-Note: this feature is not included with Postfix version 2.1.
+Note: the anvil(8) service was introduced with Postfix version 2.2.
The Postfix smtpd(8) server can limit the number of simultaneous connections
from the same SMTP client, as well as the number of connections that a client
NEVER list a virtual MAILBOX domain name as a virtual ALIAS domain!
* Lines 4, 7-13: The virtual_mailbox_maps parameter specifies the lookup
- table with all valid recipient addresses. The lookup result is ignored by
- Postfix. In the above example, info@example.com and sales@example.com are
- listed as valid addresses, and mail for anything else is rejected with
- "User unknown". If you intend to use LDAP, MySQL or PgSQL instead of local
- files, be sure to review the "local files versus databases" section at the
- top of this document!
+ table with all valid recipient addresses. The lookup result value is
+ ignored by Postfix. In the above example, info@example.com and
+ sales@example.com are listed as valid addresses; other mail for example.com
+ is rejected with "User unknown" by the Postfix SMTP server. It's left up to
+ the non-Postfix delivery agent to reject non-existent recipients from local
+ submission or from local alias expansion. If you intend to use LDAP, MySQL
+ or PgSQL instead of local files, be sure to review the "local files versus
+ databases" section at the top of this document!
* Line 12: The commented out entry (text after #) shows how one would inform
Postfix of the existence of a catch-all address. Again, the lookup result
# \fBqshape\fR [\fB-s\fR] [\fB-p\fR] [\fB-m \fImin_subdomains\fR]
# [\fB-b \fIbucket_count\fR] [\fB-t \fIbucket_time\fR]
# [\fB-l\fR] [\fB-w \fIterminal_width\fR]
+# [\fB-N \fIbatch_msg_count\fR] [\fB-n \fIbatch_top_domains\fR]
# [\fB-c \fIconfig_directory\fR] [\fIqueue_name\fR ...]
# DESCRIPTION
# The \fBqshape\fR program helps the administrator understand the
# parent domain rows are shown as '.+' followed by the last 16 bytes
# of the domain name. If this is still too narrow to show the domain
# name and all the counters, the terminal_width limit is violated.
+# .IP "\fB-N \fIbatch_msg_count\fR"
+# When the output device is a terminal, intermediate results are
+# shown each "batch_msg_count" messages. This produces usable results
+# in a reasonable time even when the deferred queue is large. The
+# default is to show intermediate results every 1000 messages.
+# .IP "\fB-n \fIbatch_top_domains\fR"
+# When reporting intermediate or final results to a termainal, report
+# only the top "batch_top_domains" domains. The default limit is 20
+# domains.
# .IP "\fB-c \fIconfig_directory\fR"
# The \fBmain.cf\fR configuration file is in the named directory
# instead of the default configuration directory.
use File::Find;
use Getopt::Std;
+my $cls; # Clear screen escape sequence
+my $batch_msg_count; # Interim result frequency
+my $batch_top_domains; # Interim result count
my %opts; # Command line switches
my %q; # domain counts for queues and buckets
my %sub; # subdomain counts for parent domains
warn "$0: $_[0]" unless exists($opts{"h"});
die "Usage: $0 [ -s ] [ -p ] [ -m <min_subdomains> ] [ -l ]\n".
"\t[ -b <bucket_count> ] [ -t <bucket_time> ] [ -w <terminal_width> ]\n".
+ "\t[ -N <batch_msg_count> ] [ -n <batch_top_domains> ]\n".
"\t[ -c <config_directory> ] [ <queue_name> ... ]\n".
"The 's' option shows sender domain counts.\n".
"The 'p' option shows address counts by for parent domains.\n".
"not supported. If necessary, use explicit absolute paths for all queues.\n";
};
- getopts("lhc:psw:b:t:m:", \%opts);
+ getopts("lhc:psw:b:t:m:n:N:", \%opts);
warn "Help message" if (exists $opts{"h"});
@qlist = @ARGV if (@ARGV > 0);
$tick = $opts{"t"} if (exists $opts{"t"} && $opts{"t"} > 0);
$minsub = $opts{"m"} if (exists $opts{"m"} && $opts{"m"} > 0);
+if ( -t STDOUT ) {
+ $batch_msg_count = 1000 unless defined($batch_msg_count = $opts{"N"});
+ $batch_top_domains = 20 unless defined ($batch_top_domains = $opts{"n"});
+ $cls = `clear`;
+} else {
+ $batch_msg_count = 0;
+ $batch_top_domains = 0;
+ $cls = "";
+}
+
sub rec_get {
my ($h) = @_;
my $r = getc($h) || return;
# Collate by age of message in the selected queues.
#
+my $msgs;
sub wanted {
if (my ($t, $s, @r) = qenv($_)) {
my $b = bucket($t, $now);
$new = ! $old;
} while ($opts{"p"} && $a =~ s/^(?:\.)?[^.]+\.(.*\.)/.$1/);
}
+ if ($batch_msg_count > 0 && ++$msgs % $batch_msg_count == 0) {
+ results();
+ }
}
}
-find(\&wanted, @qlist);
my @heads;
-my $fmt = "";
-my $dw = $width;
-
-for (my $i = 0, my $t = 0; $i <= $bnum; ) {
- $q{"TOTAL"}->[$i] ||= 0;
- my $l = length($q{"TOTAL"}->[$i]);
- my $h = ($i == 0) ? "T" : $t;
- $l = length($h) if (length($h) >= $l);
- $l = ($l > 2) ? $l + 1 : 3;
- push(@heads, $h);
- $fmt .= sprintf "%%%ds", $l;
- $dw -= $l;
- if (++$i < $bnum) { $t += ($t && !$opts{"l"}) ? $t : $tick; } else { $t = "$t+"; }
-}
-$dw = $dwidth if ($dw < $dwidth);
+my $fmt;
+my $dw;
sub pdomain {
my ($d, @count) = @_;
printf "$fmt\n", @count;
}
-# Print headings
-#
-pdomain("", @heads);
+sub results {
+ @heads = ();
+ $dw = $width;
+ $fmt = "";
+ for (my $i = 0, my $t = 0; $i <= $bnum; ) {
+ $q{"TOTAL"}->[$i] ||= 0;
+ my $l = length($q{"TOTAL"}->[$i]);
+ my $h = ($i == 0) ? "T" : $t;
+ $l = length($h) if (length($h) >= $l);
+ $l = ($l > 2) ? $l + 1 : 3;
+ push(@heads, $h);
+ $fmt .= sprintf "%%%ds", $l;
+ $dw -= $l;
+ if (++$i < $bnum) { $t += ($t && !$opts{"l"}) ? $t : $tick; } else { $t = "$t+"; }
+ }
+ $dw = $dwidth if ($dw < $dwidth);
-# Show per-domain totals
-#
-foreach my $d (sort { $q{$b}->[0] <=> $q{$a}->[0] ||
- length($a) <=> length($b) } keys %q) {
+ print $cls if ($batch_msg_count > 0);
- # Skip parent domains with < $minsub subdomains.
+ # Print headings
#
- next if ($d =~ /^\./ && $sub{$d} < $minsub);
+ pdomain("", @heads);
- pdomain($d, @{$q{$d}});
+ my $n = 0;
+
+ # Show per-domain totals
+ #
+ foreach my $d (sort { $q{$b}->[0] <=> $q{$a}->[0] ||
+ length($a) <=> length($b) } keys %q) {
+
+ # Skip parent domains with < $minsub subdomains.
+ #
+ next if ($d =~ /^\./ && $sub{$d} < $minsub);
+
+ last if ($batch_top_domains > 0 && ++$n > $batch_top_domains);
+
+ pdomain($d, @{$q{$d}});
+ }
}
+
+find(\&wanted, @qlist);
+results();
# ACCESS(5) ACCESS(5)
#
# NAME
-# access - Postfix access table format
+# access - Postfix SMTP server access table
#
# SYNOPSIS
# postmap /etc/postfix/access
# postmap -q - /etc/postfix/access <inputfile
#
# DESCRIPTION
-# The optional access(5) table directs the Postfix SMTP
-# server to selectively reject or accept mail. Access can be
-# allowed or denied for specific host names, domain names,
-# networks, host addresses or mail addresses.
-#
-# For an example, see the EXAMPLE section at the end of this
-# manual page.
+# The Postfix SMTP server supports access control on remote
+# SMTP client information: host names, network addresses,
+# and envelope sender or recipient addresses. See
+# header_checks(5) or body_checks(5) for access control on
+# the content of email messages.
#
# Normally, the access(5) table is specified as a text file
# that serves as input to the postmap(1) command. The
# result, an indexed file in dbm or db format, is used for
# fast searching by the mail system. Execute the command
-# "postmap /etc/postfix/access" in order to rebuild the
-# indexed file after changing the access table.
+# "postmap /etc/postfix/access" to rebuild an indexed file
+# after changing the corresponding text file.
#
# When the table is provided via other means such as NIS,
# LDAP or SQL, the same lookups are done as for ordinary
# Alternatively, the table can be provided as a regular-
# expression map where patterns are given as regular expres-
# sions, or lookups can be directed to TCP-based server. In
-# that case, the lookups are done in a slightly different
+# those cases, the lookups are done in a slightly different
# way as described below under "REGULAR EXPRESSION TABLES"
-# and "TCP-BASED TABLES".
+# or "TCP-BASED TABLES".
#
# CASE FOLDING
# The search string is folded to lowercase before database
#
# DEFER_IF_REJECT optional text...
# Defer the request if some later restriction would
-# result in a REJECT action. Reply with "450 optional
-# text... when the optional text is specified, other-
-# wise reply with a generic error response message.
+# result in a REJECT action. Reply with "450 4.7.1
+# optional text... when the optional text is speci-
+# fied, otherwise reply with a generic error response
+# message.
#
# This feature is available in Postfix 2.1 and later.
#
# DEFER_IF_PERMIT optional text...
-# Defer the request if some later restriction would
-# result in a an explicit or implicit PERMIT action.
-# Reply with "450 optional text... when the optional
-# text is specified, otherwise reply with a generic
-# error response message.
+# Defer the request if some later restriction would
+# result in a an explicit or implicit PERMIT action.
+# Reply with "450 4.7.1 optional text... when the
+# optional text is specified, otherwise reply with a
+# generic error response message.
#
# This feature is available in Postfix 2.1 and later.
#
# reject_unauth_destination, and so on).
#
# DISCARD optional text...
-# Claim successful delivery and silently discard the
-# message. Log the optional text if specified, oth-
+# Claim successful delivery and silently discard the
+# message. Log the optional text if specified, oth-
# erwise log a generic message.
#
-# Note: this action currently affects all recipients
-# of the message. To discard only one recipient
-# without discarding the entire message, use the
+# Note: this action currently affects all recipients
+# of the message. To discard only one recipient
+# without discarding the entire message, use the
# transport(5) table to direct mail to the discard(8)
# service.
#
# This feature is available in Postfix 2.0 and later.
#
-# DUNNO Pretend that the lookup key was not found. This
-# prevents Postfix from trying substrings of the
-# lookup key (such as a subdomain name, or a network
+# DUNNO Pretend that the lookup key was not found. This
+# prevents Postfix from trying substrings of the
+# lookup key (such as a subdomain name, or a network
# address subnetwork).
#
# This feature is available in Postfix 2.0 and later.
#
# FILTER transport:destination
-# After the message is queued, send the entire mes-
+# After the message is queued, send the entire mes-
# sage through the specified external content filter.
-# The transport:destination syntax is described in
-# the transport(5) manual page. More information
-# about external content filters is in the Postfix
+# The transport:destination syntax is described in
+# the transport(5) manual page. More information
+# about external content filters is in the Postfix
# FILTER_README file.
#
-# Note: this action overrides the main.cf con-
+# Note: this action overrides the main.cf con-
# tent_filter setting, and currently affects all
# recipients of the message.
#
# This feature is available in Postfix 2.0 and later.
#
# HOLD optional text...
-# Place the message on the hold queue, where it will
-# sit until someone either deletes it or releases it
-# for delivery. Log the optional text if specified,
+# Place the message on the hold queue, where it will
+# sit until someone either deletes it or releases it
+# for delivery. Log the optional text if specified,
# otherwise log a generic message.
#
-# Mail that is placed on hold can be examined with
-# the postcat(1) command, and can be destroyed or
+# Mail that is placed on hold can be examined with
+# the postcat(1) command, and can be destroyed or
# released with the postsuper(1) command.
#
-# Note: use "postsuper -r" to release mail that was
-# kept on hold for a significant fraction of $maxi-
+# Note: use "postsuper -r" to release mail that was
+# kept on hold for a significant fraction of $maxi-
# mal_queue_lifetime or $bounce_queue_lifetime, or
-# longer.
+# longer. Use "postsuper -H" only for mail that will
+# not expire within a few delivery attempts.
#
# Note: this action currently affects all recipients
# of the message.
#
# PREPEND headername: headervalue
# Prepend the specified message header to the mes-
-# sage. When this action is used multiple times, the
-# first prepended header appears before the second
-# etc. prepended header.
-#
-# Note: this action does not support multi-line mes-
-# sage headers.
+# sage. When more than one PREPEND action executes,
+# the first prepended header appears before the sec-
+# ond etc. prepended header.
#
-# Note: this action must be used before the message
-# content is received; it cannot be used in
-# smtpd_end_of_data_restrictions.
+# Note: this action must execute before the message
+# content is received; it cannot execute in the con-
+# text of smtpd_end_of_data_restrictions.
#
# This feature is available in Postfix 2.1 and later.
#
# REDIRECT user@domain
-# After the message is queued, send the message to
+# After the message is queued, send the message to
# the specified address instead of the intended
# recipient(s).
#
-# Note: this action overrides the FILTER action, and
+# Note: this action overrides the FILTER action, and
# currently affects all recipients of the message.
#
# This feature is available in Postfix 2.1 and later.
#
# WARN optional text...
# Log a warning with the optional text, together with
-# client information and if available, with helo,
+# client information and if available, with helo,
# sender, recipient and protocol information.
#
# This feature is available in Postfix 2.1 and later.
#
# ENHANCED STATUS CODES
-# Postfix version 2.3 and later support enhanced status
-# codes as defined in RFC 3463. When an enhanced status
-# code is specified in an access table, it is subject to
-# modification. The following transformations are needed
-# when the same access table is used for client, helo,
-# sender, or recipient access restrictions; they happen
+# Postfix version 2.3 and later support enhanced status
+# codes as defined in RFC 3463. When an enhanced status
+# code is specified in an access table, it is subject to
+# modification. The following transformations are needed
+# when the same access table is used for client, helo,
+# sender, or recipient access restrictions; they happen
# regardless of whether Postfix replies to a MAIL FROM, RCPT
# TO or other SMTP command.
#
-# o When a sender address matches a REJECT action, the
-# Postfix SMTP server will transform a recipient DSN
-# status (e.g., 4.1.1-4.1.6) into the corresponding
+# o When a sender address matches a REJECT action, the
+# Postfix SMTP server will transform a recipient DSN
+# status (e.g., 4.1.1-4.1.6) into the corresponding
# sender DSN status, and vice versa.
#
-# o When non-address information matches a REJECT
-# action (such as the HELO command argument or the
-# client hostname/address), the Postfix SMTP server
-# will transform a sender or recipient DSN status
-# into a generic non-address DSN status (e.g.,
+# o When non-address information matches a REJECT
+# action (such as the HELO command argument or the
+# client hostname/address), the Postfix SMTP server
+# will transform a sender or recipient DSN status
+# into a generic non-address DSN status (e.g.,
# 4.0.0).
#
# REGULAR EXPRESSION TABLES
-# This section describes how the table lookups change when
+# This section describes how the table lookups change when
# the table is given in the form of regular expressions. For
-# a description of regular expression lookup table syntax,
+# a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5).
#
-# Each pattern is a regular expression that is applied to
+# Each pattern is a regular expression that is applied to
# the entire string being looked up. Depending on the appli-
-# cation, that string is an entire client hostname, an
+# cation, that string is an entire client hostname, an
# entire client IP address, or an entire mail address. Thus,
# no parent domain or parent network search is done,
-# user@domain mail addresses are not broken up into their
+# user@domain mail addresses are not broken up into their
# user@ and domain constituent parts, nor is user+foo broken
# up into user and foo.
#
-# Patterns are applied in the order as specified in the ta-
-# ble, until a pattern is found that matches the search
+# Patterns are applied in the order as specified in the ta-
+# ble, until a pattern is found that matches the search
# string.
#
-# Actions are the same as with indexed file lookups, with
-# the additional feature that parenthesized substrings from
+# Actions are the same as with indexed file lookups, with
+# the additional feature that parenthesized substrings from
# the pattern can be interpolated as $1, $2 and so on.
#
# TCP-BASED TABLES
-# This section describes how the table lookups change when
+# This section describes how the table lookups change when
# lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see tcp_ta-
# ble(5). This feature is not available up to and including
-# Postfix version 2.3.
+# Postfix version 2.4.
#
-# Each lookup operation uses the entire query string once.
-# Depending on the application, that string is an entire
+# Each lookup operation uses the entire query string once.
+# Depending on the application, that string is an entire
# client hostname, an entire client IP address, or an entire
-# mail address. Thus, no parent domain or parent network
-# search is done, user@domain mail addresses are not broken
-# up into their user@ and domain constituent parts, nor is
+# mail address. Thus, no parent domain or parent network
+# search is done, user@domain mail addresses are not broken
+# up into their user@ and domain constituent parts, nor is
# user+foo broken up into user and foo.
#
# Actions are the same as with indexed file lookups.
#
# EXAMPLE
-# The following example uses an indexed file, so that the
-# order of table entries does not matter. The example per-
-# mits access by the client at address 1.2.3.4 but rejects
-# all other clients in 1.2.3.0/24. Instead of hash lookup
-# tables, some systems use dbm. Use the command "postconf
-# -m" to find out what lookup tables Postfix supports on
+# The following example uses an indexed file, so that the
+# order of table entries does not matter. The example per-
+# mits access by the client at address 1.2.3.4 but rejects
+# all other clients in 1.2.3.0/24. Instead of hash lookup
+# tables, some systems use dbm. Use the command "postconf
+# -m" to find out what lookup tables Postfix supports on
# your system.
#
# /etc/postfix/main.cf:
# editing the file.
#
# BUGS
-# The table format does not understand quoting conventions.
+# The table format does not understand quoting conventions.
#
# SEE ALSO
# postmap(1), Postfix lookup table manager
# transport(5), transport:nexthop syntax
#
# README FILES
-# Use "postconf readme_directory" or "postconf html_direc-
+# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
# SMTPD_ACCESS_README, built-in SMTP server access control
# DATABASE_README, Postfix lookup table overview
#
# LICENSE
-# The Secure Mailer license must be distributed with this
+# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)
# When the command fails, a limited amount of command
# output is mailed back to the sender. The file
# /usr/include/sysexits.h defines the expected exit
-# status codes. For example, use |"exit 67" to simu-
-# late a "user unknown" error, and |"exit 0" to
+# status codes. For example, use "|exit 67" to simu-
+# late a "user unknown" error, and "|exit 0" to
# implement an expensive black hole.
#
# :include:/file/name
# file that serves as input to the postmap(1) command. The
# result, an indexed file in dbm or db format, is used for
# fast searching by the mail system. Execute the command
-# "postmap /etc/postfix/canonical" in order to rebuild the
-# indexed file after changing the text file.
+# "postmap /etc/postfix/canonical" to rebuild an indexed
+# file after changing the corresponding text file.
#
# When the table is provided via other means such as NIS,
# LDAP or SQL, the same lookups are done as for ordinary
# Alternatively, the table can be provided as a regular-
# expression map where patterns are given as regular expres-
# sions, or lookups can be directed to TCP-based server. In
-# that case, the lookups are done in a slightly different
+# those cases, the lookups are done in a slightly different
# way as described below under "REGULAR EXPRESSION TABLES"
-# and "TCP-BASED TABLES".
+# or "TCP-BASED TABLES".
#
# By default the canonical(5) mapping affects both message
# header addresses (i.e. addresses that appear inside mes-
# addresses produced by legacy mail systems.
#
# The canonical(5) mapping is not to be confused with vir-
-# tual domain support. Use the virtual(5) map for that pur-
-# pose.
-#
-# The canonical(5) mapping is not to be confused with local
-# aliasing. Use the aliases(5) map for that purpose.
+# tual alias support or with local aliasing. To change the
+# destination but not the headers, use the virtual(5) or
+# aliases(5) map instead.
#
# CASE FOLDING
# The search string is folded to lowercase before database
# Replace other addresses in domain by address. This
# form has the lowest precedence.
#
+# Note: @domain is a wild-card. When this form is
+# applied to recipient addresses, the Postfix SMTP
+# server accepts mail for any recipient in domain,
+# regardless of whether that recipient exists. This
+# may turn your mail system into a backscatter source
+# that returns undeliverable spam to innocent people.
+#
# RESULT ADDRESS REWRITING
# The lookup result is subject to address rewriting:
#
# lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see tcp_ta-
# ble(5). This feature is not available up to and including
-# Postfix version 2.3.
+# Postfix version 2.4.
#
# Each lookup operation uses the entire address once. Thus,
# user@domain mail addresses are not broken up into their
# that serves as input to the postmap(1) command. The
# result, an indexed file in dbm or db format, is used for
# fast searching by the mail system. Execute the command
-# "postmap /etc/postfix/generic" in order to rebuild the
-# indexed file after changing the text file.
+# "postmap /etc/postfix/generic" to rebuild an indexed file
+# after changing the corresponding text file.
#
# When the table is provided via other means such as NIS,
# LDAP or SQL, the same lookups are done as for ordinary
# Alternatively, the table can be provided as a regular-
# expression map where patterns are given as regular expres-
# sions, or lookups can be directed to TCP-based server. In
-# that case, the lookups are done in a slightly different
+# those case, the lookups are done in a slightly different
# way as described below under "REGULAR EXPRESSION TABLES"
-# and "TCP-BASED TABLES".
+# or "TCP-BASED TABLES".
#
# CASE FOLDING
# The search string is folded to lowercase before database
# lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see tcp_ta-
# ble(5). This feature is not available up to and including
-# Postfix version 2.3.
+# Postfix version 2.4.
#
# Each lookup operation uses the entire address once. Thus,
# user@domain mail addresses are not broken up into their
# postmap -fq - pcre:/etc/postfix/filename <inputfile
#
# DESCRIPTION
-# Postfix provides a simple built-in content inspection
-# mechanism that examines incoming mail one message header
-# or one message body line at a time. Each input is compared
-# against a list of patterns, and when a match is found the
-# corresponding action is executed. This feature is imple-
-# mented by the Postfix cleanup(8) server.
+# The Postfix cleanup(8) server supports access control on
+# the content of message headers and message body lines.
+# See access(5) for access control on remote SMTP client
+# information.
+#
+# Each message header or message body line is compared
+# against a list of patterns. When a match is found the
+# corresponding action is executed, and the matching process
+# is repeated for the next message header or message body
+# line.
#
# For examples, see the EXAMPLES section at the end of this
# manual page.
# Note: use "postsuper -r" to release mail that was
# kept on hold for a significant fraction of $maxi-
# mal_queue_lifetime or $bounce_queue_lifetime, or
-# longer.
+# longer. Use "postsuper -H" only for mail that will
+# not expire within a few delivery attempts.
#
-# Note: this action affects all recipients of the
+# Note: this action affects all recipients of the
# message.
#
# This feature is available in Postfix 2.0 and later.
#
-# IGNORE Delete the current line from the input and inspect
+# IGNORE Delete the current line from the input and inspect
# the next input line.
#
# PREPEND text...
#
# Notes:
#
-# o The prepended text is output on a separate
+# o The prepended text is output on a separate
# line, immediately before the input that
# triggered the PREPEND action.
#
# o The prepended text is not considered part of
-# the input stream: it is not subject to
+# the input stream: it is not subject to
# header/body checks or address rewriting, and
# it does not affect the way that Postfix adds
# missing message headers.
#
# o When prepending text before a message header
-# line, the prepended text must begin with a
+# line, the prepended text must begin with a
# valid message header label.
#
# o This action cannot be used to prepend multi-
# This feature is available in Postfix 2.1 and later.
#
# REDIRECT user@domain
-# Write a message redirection request to the queue
-# file and inspect the next input line. After the
+# Write a message redirection request to the queue
+# file and inspect the next input line. After the
# message is queued, it will be sent to the specified
# address instead of the intended recipient(s).
#
-# Note: this action overrides the FILTER action, and
-# affects all recipients of the message. If multiple
-# REDIRECT actions fire, only the last one is exe-
+# Note: this action overrides the FILTER action, and
+# affects all recipients of the message. If multiple
+# REDIRECT actions fire, only the last one is exe-
# cuted.
#
# This feature is available in Postfix 2.1 and later.
#
# REPLACE text...
-# Replace the current line with the specified text
+# Replace the current line with the specified text
# and inspect the next input line.
#
# This feature is available in Postfix 2.2 and later.
-# The description below applies to Postfix 2.2.2 and
+# The description below applies to Postfix 2.2.2 and
# later.
#
# Notes:
#
-# o When replacing a message header line, the
-# replacement text must begin with a valid
+# o When replacing a message header line, the
+# replacement text must begin with a valid
# header label.
#
-# o The replaced text remains part of the input
-# stream. Unlike the result from the PREPEND
-# action, a replaced message header may be
-# subject to address rewriting and may affect
-# the way that Postfix adds missing message
+# o The replaced text remains part of the input
+# stream. Unlike the result from the PREPEND
+# action, a replaced message header may be
+# subject to address rewriting and may affect
+# the way that Postfix adds missing message
# headers.
#
# REJECT optional text...
-# Reject the entire message. Reply with optional
+# Reject the entire message. Reply with optional
# text... when the optional text is specified, other-
# wise reply with a generic error message.
#
-# Note: this action disables further header or
-# body_checks inspection of the current message and
+# Note: this action disables further header or
+# body_checks inspection of the current message and
# affects all recipients.
#
# Postfix version 2.3 and later support enhanced sta-
# enhanced status code of "5.7.1".
#
# WARN optional text...
-# Log a warning with the optional text... (or log a
-# generic message) and inspect the next input line.
+# Log a warning with the optional text... (or log a
+# generic message) and inspect the next input line.
# This action is useful for debugging and for testing
# a pattern before applying more drastic actions.
#
# BUGS
-# Many people overlook the main limitations of header and
-# body_checks rules. These rules operate on one logical
-# message header or one body line at a time, and a decision
-# made for one line is not carried over to the next line.
+# Many people overlook the main limitations of header and
+# body_checks rules. These rules operate on one logical
+# message header or one body line at a time, and a decision
+# made for one line is not carried over to the next line.
# If text in the message body is encoded (RFC 2045) then the
-# rules have to specified for the encoded form. Likewise,
+# rules have to specified for the encoded form. Likewise,
# when message headers are encoded (RFC 2047) then the rules
# need to be specified for the encoded form.
#
-# Message headers added by the cleanup(8) daemon itself are
+# Message headers added by the cleanup(8) daemon itself are
# excluded from inspection. Examples of such message headers
# are From:, To:, Message-ID:, Date:.
#
-# Message headers deleted by the cleanup(8) daemon will be
+# Message headers deleted by the cleanup(8) daemon will be
# examined before they are deleted. Examples are: Bcc:, Con-
# tent-Length:, Return-Path:.
#
# body_checks
# Lookup tables with content filter rules for message
# body lines. These filters see one physical line at
-# a time, in chunks of at most $line_length_limit
+# a time, in chunks of at most $line_length_limit
# bytes.
#
# body_checks_size_limit
-# The amount of content per message body segment
+# The amount of content per message body segment
# (attachment) that is subjected to $body_checks fil-
# tering.
#
#
# nested_header_checks (default: $header_checks)
# Lookup tables with content filter rules for message
-# header lines: respectively, these are applied to
-# the initial message headers (not including MIME
-# headers), to the MIME headers anywhere in the mes-
-# sage, and to the initial headers of attached mes-
+# header lines: respectively, these are applied to
+# the initial message headers (not including MIME
+# headers), to the MIME headers anywhere in the mes-
+# sage, and to the initial headers of attached mes-
# sages.
#
-# Note: these filters see one logical message header
-# at a time, even when a message header spans multi-
-# ple lines. Message headers that are longer than
+# Note: these filters see one logical message header
+# at a time, even when a message header spans multi-
+# ple lines. Message headers that are longer than
# $header_size_limit characters are truncated.
#
# disable_mime_input_processing
-# While receiving mail, give no special treatment to
-# MIME related message headers; all text after the
+# While receiving mail, give no special treatment to
+# MIME related message headers; all text after the
# initial message headers is considered to be part of
-# the message body. This means that header_checks is
-# applied to all the initial message headers, and
+# the message body. This means that header_checks is
+# applied to all the initial message headers, and
# that body_checks is applied to the remainder of the
# message.
#
-# Note: when used in this manner, body_checks will
-# process a multi-line message header one line at a
+# Note: when used in this manner, body_checks will
+# process a multi-line message header one line at a
# time.
#
# EXAMPLES
-# Header pattern to block attachments with bad file name
+# Header pattern to block attachments with bad file name
# extensions.
#
# /etc/postfix/main.cf:
# RFC 2047, message header encoding for non-ASCII text
#
# README FILES
-# Use "postconf readme_directory" or "postconf html_direc-
+# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
# DATABASE_README, Postfix lookup table overview
# CONTENT_INSPECTION_README, Postfix content inspection overview
# BACKSCATTER_README, blocking returned forged mail
#
# LICENSE
-# The Secure Mailer license must be distributed with this
+# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)
# Turn on safety nets for new features that could bounce mail that
# would be accepted by a previous Postfix version.
- # This safety net is also documented in LOCAL_RECIPIENT_README.
-# unknown_local=unknown_local_recipient_reject_code
-# has_lrm=`$POSTCONF -c $config_directory -n local_recipient_maps`
-# has_lrjc=`$POSTCONF -c $config_directory -n $unknown_local`
-#
-# if [ -z "$has_lrm" -a -z "$has_lrjc" ]
-# then
-# echo SAFETY: editing main.cf, setting $unknown_local=450.
-# echo See the LOCAL_RECIPIENT_README file for details.
-# $POSTCONF -c $config_directory -e "$unknown_local = 450" || exit 1
-# fi
+ # [The "unknown_local_recipient_reject_code = 450" safety net,
+ # introduced with Postfix 2.0 and deleted after Postfix 2.3.]
# Add missing proxymap service to master.cf.
# file that serves as input to the postmap(1) command. The
# result, an indexed file in dbm or db format, is used for
# fast searching by the mail system. Execute the command
-# "postmap /etc/postfix/relocated" in order to rebuild the
-# indexed file after changing the relocated table.
+# "postmap /etc/postfix/relocated" to rebuild an indexed
+# file after changing the corresponding relocated table.
#
# When the table is provided via other means such as NIS,
# LDAP or SQL, the same lookups are done as for ordinary
# Alternatively, the table can be provided as a regular-
# expression map where patterns are given as regular expres-
# sions, or lookups can be directed to TCP-based server. In
-# that case, the lookups are done in a slightly different
+# those case, the lookups are done in a slightly different
# way as described below under "REGULAR EXPRESSION TABLES"
-# and "TCP-BASED TABLES".
+# or "TCP-BASED TABLES".
#
# Table lookups are case insensitive.
#
# regexp_table(5) or pcre_table(5). For a description of the
# TCP client/server table lookup protocol, see tcp_table(5).
# This feature is not available up to and including Postfix
-# version 2.3.
+# version 2.4.
#
# Each pattern is a regular expression that is applied to
# the entire address being looked up. Thus, user@domain mail
# lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see tcp_ta-
# ble(5). This feature is not available up to and including
-# Postfix version 2.3.
+# Postfix version 2.4.
#
# Each lookup operation uses the entire address once. Thus,
# user@domain mail addresses are not broken up into their
# file that serves as input to the postmap(1) command. The
# result, an indexed file in dbm or db format, is used for
# fast searching by the mail system. Execute the command
-# "postmap /etc/postfix/transport" in order to rebuild the
-# indexed file after changing the transport table.
+# "postmap /etc/postfix/transport" to rebuild an indexed
+# file after changing the corresponding transport table.
#
# When the table is provided via other means such as NIS,
# LDAP or SQL, the same lookups are done as for ordinary
# Alternatively, the table can be provided as a regular-
# expression map where patterns are given as regular expres-
# sions, or lookups can be directed to TCP-based server. In
-# that case, the lookups are done in a slightly different
+# those case, the lookups are done in a slightly different
# way as described below under "REGULAR EXPRESSION TABLES"
-# and "TCP-BASED TABLES".
+# or "TCP-BASED TABLES".
#
# CASE FOLDING
# The search string is folded to lowercase before database
# lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see tcp_ta-
# ble(5). This feature is not available up to and including
-# Postfix version 2.3.
+# Postfix version 2.4.
#
# Each lookup operation uses the entire recipient address
# once. Thus, some.domain.hierarchy is not looked up via
# README FILES
# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
+# ADDRESS_REWRITING_README, address rewriting guide
# DATABASE_README, Postfix lookup table overview
# FILTER_README, external content filter
#
# text file that serves as input to the postmap(1) command.
# The result, an indexed file in dbm or db format, is used
# for fast searching by the mail system. Execute the command
-# "postmap /etc/postfix/virtual" in order to rebuild the
-# indexed file after changing the text file.
+# "postmap /etc/postfix/virtual" to rebuild an indexed file
+# after changing the corresponding text file.
#
# When the table is provided via other means such as NIS,
# LDAP or SQL, the same lookups are done as for ordinary
# Alternatively, the table can be provided as a regular-
# expression map where patterns are given as regular expres-
# sions, or lookups can be directed to TCP-based server. In
-# that case, the lookups are done in a slightly different
+# those case, the lookups are done in a slightly different
# way as described below under "REGULAR EXPRESSION TABLES"
-# and "TCP-BASED TABLES".
+# or "TCP-BASED TABLES".
#
# CASE FOLDING
# The search string is folded to lowercase before database
# Redirect mail for other users in domain to address.
# This form has the lowest precedence.
#
+# Note: @domain is a wild-card. With this form, the
+# Postfix SMTP server accepts mail for any recipient
+# in domain, regardless of whether that recipient
+# exists. This may turn your mail system into a
+# backscatter source that returns undeliverable spam
+# to innocent people.
+#
# RESULT ADDRESS REWRITING
# The lookup result is subject to address rewriting:
#
-# o When the result has the form @otherdomain, the
-# result becomes the same user in otherdomain. This
+# o When the result has the form @otherdomain, the
+# result becomes the same user in otherdomain. This
# works only for the first address in a multi-address
# lookup result.
#
-# o When "append_at_myorigin=yes", append "@$myorigin"
+# o When "append_at_myorigin=yes", append "@$myorigin"
# to addresses without "@domain".
#
# o When "append_dot_mydomain=yes", append ".$mydomain"
#
# ADDRESS EXTENSION
# When a mail address localpart contains the optional recip-
-# ient delimiter (e.g., user+foo@domain), the lookup order
+# ient delimiter (e.g., user+foo@domain), the lookup order
# becomes: user+foo@domain, user@domain, user+foo, user, and
# @domain.
#
-# The propagate_unmatched_extensions parameter controls
-# whether an unmatched address extension (+foo) is propa-
+# The propagate_unmatched_extensions parameter controls
+# whether an unmatched address extension (+foo) is propa-
# gated to the result of table lookup.
#
# VIRTUAL ALIAS DOMAINS
-# Besides virtual aliases, the virtual alias table can also
+# Besides virtual aliases, the virtual alias table can also
# be used to implement virtual alias domains. With a virtual
-# alias domain, all recipient addresses are aliased to
+# alias domain, all recipient addresses are aliased to
# addresses in other domains.
#
# Virtual alias domains are not to be confused with the vir-
# tual mailbox domains that are implemented with the Postfix
# virtual(8) mail delivery agent. With virtual mailbox
-# domains, each recipient address can have its own mailbox.
+# domains, each recipient address can have its own mailbox.
#
-# With a virtual alias domain, the virtual domain has its
-# own user name space. Local (i.e. non-virtual) usernames
-# are not visible in a virtual alias domain. In particular,
-# local aliases(5) and local mailing lists are not visible
+# With a virtual alias domain, the virtual domain has its
+# own user name space. Local (i.e. non-virtual) usernames
+# are not visible in a virtual alias domain. In particular,
+# local aliases(5) and local mailing lists are not visible
# as localname@virtual-alias.domain.
#
# Support for a virtual alias domain looks like:
# /etc/postfix/main.cf:
# virtual_alias_maps = hash:/etc/postfix/virtual
#
-# Note: some systems use dbm databases instead of hash.
-# See the output from "postconf -m" for available data-
+# Note: some systems use dbm databases instead of hash.
+# See the output from "postconf -m" for available data-
# base types.
#
# /etc/postfix/virtual:
# user1@virtual-alias.domain address1
# user2@virtual-alias.domain address2, address3
#
-# The virtual-alias.domain anything entry is required for a
+# The virtual-alias.domain anything entry is required for a
# virtual alias domain. Without this entry, mail is rejected
-# with "relay access denied", or bounces with "mail loops
+# with "relay access denied", or bounces with "mail loops
# back to myself".
#
-# Do not specify virtual alias domain names in the main.cf
+# Do not specify virtual alias domain names in the main.cf
# mydestination or relay_domains configuration parameters.
#
-# With a virtual alias domain, the Postfix SMTP server
-# accepts mail for known-user@virtual-alias.domain, and
-# rejects mail for unknown-user@virtual-alias.domain as
+# With a virtual alias domain, the Postfix SMTP server
+# accepts mail for known-user@virtual-alias.domain, and
+# rejects mail for unknown-user@virtual-alias.domain as
# undeliverable.
#
-# Instead of specifying the virtual alias domain name via
-# the virtual_alias_maps table, you may also specify it via
+# Instead of specifying the virtual alias domain name via
+# the virtual_alias_maps table, you may also specify it via
# the main.cf virtual_alias_domains configuration parameter.
-# This latter parameter uses the same syntax as the main.cf
+# This latter parameter uses the same syntax as the main.cf
# mydestination configuration parameter.
#
# REGULAR EXPRESSION TABLES
-# This section describes how the table lookups change when
+# This section describes how the table lookups change when
# the table is given in the form of regular expressions. For
-# a description of regular expression lookup table syntax,
+# a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5).
#
-# Each pattern is a regular expression that is applied to
+# Each pattern is a regular expression that is applied to
# the entire address being looked up. Thus, user@domain mail
-# addresses are not broken up into their user and @domain
+# addresses are not broken up into their user and @domain
# constituent parts, nor is user+foo broken up into user and
# foo.
#
-# Patterns are applied in the order as specified in the ta-
-# ble, until a pattern is found that matches the search
+# Patterns are applied in the order as specified in the ta-
+# ble, until a pattern is found that matches the search
# string.
#
-# Results are the same as with indexed file lookups, with
-# the additional feature that parenthesized substrings from
+# Results are the same as with indexed file lookups, with
+# the additional feature that parenthesized substrings from
# the pattern can be interpolated as $1, $2 and so on.
#
# TCP-BASED TABLES
-# This section describes how the table lookups change when
+# This section describes how the table lookups change when
# lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see tcp_ta-
# ble(5). This feature is not available up to and including
-# Postfix version 2.3.
+# Postfix version 2.4.
#
# Each lookup operation uses the entire address once. Thus,
-# user@domain mail addresses are not broken up into their
+# user@domain mail addresses are not broken up into their
# user and @domain constituent parts, nor is user+foo broken
# up into user and foo.
#
# Results are the same as with indexed file lookups.
#
# BUGS
-# The table format does not understand quoting conventions.
+# The table format does not understand quoting conventions.
#
# CONFIGURATION PARAMETERS
-# The following main.cf parameters are especially relevant
-# to this topic. See the Postfix main.cf file for syntax
-# details and for default values. Use the "postfix reload"
+# The following main.cf parameters are especially relevant
+# to this topic. See the Postfix main.cf file for syntax
+# details and for default values. Use the "postfix reload"
# command after a configuration change.
#
# virtual_alias_maps
# List of virtual aliasing tables.
#
# virtual_alias_domains
-# List of virtual alias domains. This uses the same
+# List of virtual alias domains. This uses the same
# syntax as the mydestination parameter.
#
# propagate_unmatched_extensions
-# A list of address rewriting or forwarding mecha-
-# nisms that propagate an address extension from the
-# original address to the result. Specify zero or
-# more of canonical, virtual, alias, forward,
+# A list of address rewriting or forwarding mecha-
+# nisms that propagate an address extension from the
+# original address to the result. Specify zero or
+# more of canonical, virtual, alias, forward,
# include, or generic.
#
# Other parameters of interest:
#
# inet_interfaces
-# The network interface addresses that this system
+# The network interface addresses that this system
# receives mail on. You need to stop and start Post-
# fix when this parameter changes.
#
# mydestination
-# List of domains that this mail system considers
+# List of domains that this mail system considers
# local.
#
# myorigin
-# The domain that is appended to any address that
+# The domain that is appended to any address that
# does not have a domain.
#
# owner_request_special
# canonical(5), canonical address mapping
#
# README FILES
-# Use "postconf readme_directory" or "postconf html_direc-
+# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
-# DATABASE_README, Postfix lookup table overview
# ADDRESS_REWRITING_README, address rewriting guide
+# DATABASE_README, Postfix lookup table overview
# VIRTUAL_README, domain hosting guide
#
# LICENSE
-# The Secure Mailer license must be distributed with this
+# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)
<p> The sender/recipient address verification feature described in this
document is suitable only for low-traffic sites. It performs poorly
-under high load and may cause your site to be blacklisted by some
+under high load; excessive sender address verification activity may
+even cause your site to be blacklisted by some
providers. See the "<a href="#limitations">Limitations</a>" section
below for details. </p>
<blockquote>
<pre>
-/etc/postfix/main.cf:
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#alias_maps">alias_maps</a> = hash:/etc/postfix/aliases (local aliasing)
<a href="postconf.5.html#header_checks">header_checks</a> = <a href="regexp_table.5.html">regexp</a>:/etc/postfix/header_checks (content filtering)
<a href="postconf.5.html#transport_maps">transport_maps</a> = hash:/etc/postfix/transport (routing table)
where "host" specifies a symbolic hostname or a numeric IP address,
and "port" specifies a symbolic service name or a numeric port
number. This protocol is not available up to and including Postfix
-version 2.2. </dd>
+version 2.4. </dd>
<dt> <b>unix</b> (read-only) </dt>
<li><a href="#example_virtual">Example: virtual domains/addresses</a>
+<li><a href="#example_group">Example: expanding LDAP groups</a>
+
<li><a href="#other">Other uses of LDAP lookups</a>
<li><a href="#hmmmm">Notes and things to think about</a>
<h2><a name="config">Configuring LDAP lookups</a></h2>
<p> In order to use LDAP lookups, define an LDAP source
-as a table lookup in main.cf, for example: </p>
+as a table lookup in <a href="postconf.5.html">main.cf</a>, for example: </p>
<blockquote>
<pre>
<h2><a name="example_alias">Example: local(8) aliases</a></h2>
<p> Here's a basic example for using LDAP to look up <a href="local.8.html">local(8)</a>
-aliases. Assume that in main.cf, you have: </p>
+aliases. Assume that in <a href="postconf.5.html">main.cf</a>, you have: </p>
<blockquote>
<pre>
<blockquote>
<pre>
-server_host = ldap.my.com
-search_base = dc=my, dc=com
+server_host = ldap.example.com
+search_base = dc=example, dc=com
</pre>
</blockquote>
<p> Upon receiving mail for a local address "ldapuser" that isn't
found in the /etc/aliases database, Postfix will search the LDAP
-server listening at port 389 on ldap.my.com. It will bind anonymously,
+server listening at port 389 on ldap.example.com. It will bind anonymously,
search for any directory entries whose mailacceptinggeneralid
attribute is "ldapuser", read the "maildrop" attributes of those
found, and build a list of their maildrops, which will be treated
fully qualified with their virtual domains. Finally, if you want
to designate a directory entry as the default user for a virtual
domain, just give it an additional mailacceptinggeneralid (or the
-equivalent in your directory) of "@virtual.dom". That's right, no
+equivalent in your directory) of "@fake.dom". That's right, no
user part. If you don't want a catchall user, omit this step and
mail to unknown users in the domain will simply bounce. </p>
<a href="QSHAPE_README.html#maildrop_queue">maildrop</a>, e.g. "normaluser@fake.dom" and "normaluser@real.dom".
</p>
+<h2><a name="example_group">Example: expanding LDAP groups</a></h2>
+
+<p> LDAP is frequently used to store group member information, and Postfix
+supports expanding a group's email address to the list of email addresses
+of the group members. There are a number of ways of handling LDAP groups,
+which will be illustrated via the mock LDAP entries and implied schema
+below. This shows two group entries "agroup" and "bgroup" and four
+user entries "auser", "buser", "cuser" and "duser". The group "agroup"
+has the users "auser" (1) and "buser" (2) as members via DN references
+in the multi-valued attribute "memberdn", and direct email addresses of
+two external users "auser@example.org" (3) and "buser@example.org" (4)
+stored in the multi-valued attribute "memberaddr". The same is true of
+"bgroup" and "cuser"/"duser" (6)/(7)/(8)/(9), but "bgroup" also has a
+"maildrop" attribute of "bgroup@mlm.example.com" (5): </p>
+
+<blockquote>
+<pre>
+ dn: cn=agroup, dc=example, dc=com
+ objectclass: top
+ objectclass: ldapgroup
+ cn: agroup
+ mail: agroup@example.com
+1 -> memberdn: uid=auser, dc=example, dc=com
+2 -> memberdn: uid=buser, dc=example, dc=com
+3 -> memberaddr: auser@example.org
+4 -> memberaddr: buser@example.org
+</pre>
+<br>
+
+<pre>
+ dn: cn=bgroup, dc=example, dc=com
+ objectclass: top
+ objectclass: ldapgroup
+ cn: bgroup
+ mail: bgroup@example.com
+5 -> maildrop: bgroup@mlm.example.com
+6 -> memberdn: uid=cuser, dc=example, dc=com
+7 -> memberdn: uid=duser, dc=example, dc=com
+8 -> memberaddr: cuser@example.org
+9 -> memberaddr: duser@example.org
+</pre>
+<br>
+
+<pre>
+ dn: uid=auser, dc=example, dc=com
+ objectclass: top
+ objectclass: ldapuser
+ uid: auser
+10 -> mail: auser@example.com
+11 -> maildrop: auser@mailhub.example.com
+</pre>
+<br>
+
+<pre>
+ dn: uid=buser, dc=example, dc=com
+ objectclass: top
+ objectclass: ldapuser
+ uid: buser
+12 -> mail: buser@example.com
+13 -> maildrop: buser@mailhub.example.com
+</pre>
+<br>
+
+<pre>
+ dn: uid=cuser, dc=example, dc=com
+ objectclass: top
+ objectclass: ldapuser
+ uid: cuser
+14 -> mail: cuser@example.com
+</pre>
+<br>
+
+<pre>
+ dn: uid=duser, dc=example, dc=com
+ objectclass: top
+ objectclass: ldapuser
+ uid: duser
+15 -> mail: duser@example.com
+</pre>
+<br>
+
+</blockquote>
+
+<p> Our first use case ignores the "memberdn" attributes, and assumes
+that groups hold only direct "memberaddr" strings as in (3), (4), (8) and
+(9). The goal is to map the group address to the list of constituent
+"memberaddr" values. This is simple, ignoring the various connection
+related settings (hosts, ports, bind settings, timeouts, ...) we have:
+</p>
+
+<blockquote>
+<pre>
+ simple.cf:
+ ...
+ search_base = dc=example, dc=com
+ query_filter = mail=%s
+ result_attribute = memberaddr
+ $ postmap -q agroup@example.com <a href="ldap_table.5.html">ldap</a>:simple.cf
+ auser@example.org,buser@example.org
+</pre>
+</blockquote>
+
+<p> We search "dc=example, dc=com". The "mail" attribute is used in the
+query_filter to locate the right group, the "result_attribute" setting
+described in <a href="ldap_table.5.html">ldap_table(5)</a> is used to specify that "memberaddr" values
+from the matching group are to be returned as a comma separated list.
+Always check tables using <a href="postmap.1.html">postmap(1)</a> with the "-q" option, before
+deploying them into production use in <a href="postconf.5.html">main.cf</a>. </p>
+
+<p> Our second use case also expands "memberdn" attributes (1), (2),
+(6) and (7), follows the DN references and returns the "maildrop" of the
+referenced user entries. Here we use the "special_result_attribute"
+setting from <a href="ldap_table.5.html">ldap_table(5)</a> to designate the "memberdn" attribute
+as holding DNs of the desired member entries. The "result_attribute"
+setting selects which attributes are returned from the selected DNs. It
+is important to choose a result attribute that is not also present in
+the group object, because result attributes are collected from both
+the group and the member DNs. In this case we choose "maildrop" and
+assume for the moment that groups never have a "maildrop" (the "bgroup"
+"maildrop" attribute is for a different use case). The returned data for
+"auser" and "buser" is from items (11) and (13) in the mock data. </p>
+
+<blockquote>
+<pre>
+ special.cf:
+ ...
+ search_base = dc=example, dc=com
+ query_filter = mail=%s
+ result_attribute = memberaddr, maildrop
+ special_result_attribute = memberdn
+ $ postmap -q agroup@example.com <a href="ldap_table.5.html">ldap</a>:special.cf
+ auser@mailhub.example.com,buser@mailhub.example.com,auser@example.org,buser@example.org
+</pre>
+</blockquote>
+
+<p> Note: if the desired member object result attribute is always also
+present in the group, you get suprising results, the expansion also
+returns the address of the group. This is a known limitation of Postfix
+releases prior to 2.4, and is addressed in the new with Postfix 2.4
+"leaf_result_attribute" feature described in <a href="ldap_table.5.html">ldap_table(5)</a>. </p>
+
+<p> Our third use case has some groups that are expanded immediately,
+and other groups that are forwarded to a dedicated mailing list manager
+host for delayed expansion. This uses two LDAP tables, one for users
+and forwarded groups and a second for groups that can be expanded
+immediately. It is assumed that groups that require forwarding are
+never nested members of groups that are directly expanded. </p>
+
+<blockquote>
+<pre>
+ no_expand.cf:
+ ...
+ search_base = dc=example, dc=com
+ query_filter = mail=%s
+ result_attribute = maildrop
+ expand.cf
+ ...
+ search_base = dc=example, dc=com
+ query_filter = mail=%s
+ result_attribute = memberaddr, maildrop
+ special_result_attribute = memberdn
+ $ postmap -q auser@example.com <a href="ldap_table.5.html">ldap</a>:no_expand.cf <a href="ldap_table.5.html">ldap</a>:expand.cf
+ auser@mailhub.example.com
+ $ postmap -q agroup@example.com <a href="ldap_table.5.html">ldap</a>:no_expand.cf <a href="ldap_table.5.html">ldap</a>:expand.cf
+ auser@mailhub.example.com,buser@mailhub.example.com,auser@example.org,buser@example.org
+ $ postmap -q bgroup@example.com <a href="ldap_table.5.html">ldap</a>:no_expand.cf <a href="ldap_table.5.html">ldap</a>:expand.cf
+ bgroup@mlm.example.com
+</pre>
+</blockquote>
+
+<p> Non-group objects and groups with delayed expansion (those that have a
+maildrop attribute) are rewritten to a single maildrop value. Groups that
+don't have a maildrop are expanded as the second use case. This admits
+a more elegant solution with Postfix 2.4 and later. </p>
+
+<p> Our final use case is the same as the third, but this time uses new
+features in Postfix 2.4. We now are able to use just one LDAP table and
+no longer need to assume that forwarded groups are never nested inside
+expanded groups. </p>
+
+<blockquote>
+<pre>
+ fancy.cf:
+ ...
+ search_base = dc=example, dc=com
+ query_filter = mail=%s
+ result_attribute = memberaddr
+ special_result_attribute = memberdn
+ terminal_result_attribute = maildrop
+ leaf_result_attribute = mail
+ $ postmap -q auser@example.com <a href="ldap_table.5.html">ldap</a>:fancy.cf
+ auser@mailhub.example.com
+ $ postmap -q cuser@example.com <a href="ldap_table.5.html">ldap</a>:fancy.cf
+ cuser@example.com
+ $ postmap -q agroup@example.com <a href="ldap_table.5.html">ldap</a>:fancy.cf
+ auser@mailhub.example.com,buser@mailhub.example.com,auser@example.org,buser@example.org
+ $ postmap -q bgroup@example.com <a href="ldap_table.5.html">ldap</a>:fancy.cf
+ bgroup@mlm.example.com
+</pre>
+</blockquote>
+
+<p> Above, delayed expansion is enabled via "terminal_result_attribute",
+which, if present, is used as the sole result and all other expansion is
+suppressed. Otherwise, the "leaf_result_attribute" is only returned for
+leaf objects that don't have a "special_result_attribute" (non-groups),
+while the "result_attribute" (direct member address of groups) is returned
+at every level of recursive expansion, not just the leaf nodes. This fancy
+example illustrates all the features of Postfix 2.4 group expansion. </p>
+
<h2><a name="other">Other uses of LDAP lookups</a></h2>
Other common uses for LDAP lookups include rewriting senders and
recipients with Postfix's canonical lookups, for example in order
to make mail leaving your site appear to be coming from
-"First.Last@site.dom" instead of "userid@site.dom".
+"First.Last@example.com" instead of "userid@example.com".
<h2><a name="hmmmm">Notes and things to think about</a></h2>
<blockquote>
<pre>
-dn: cn=Accounting Staff List, dc=my, dc=com
+dn: cn=Accounting Staff List, dc=example, dc=com
cn: Accounting Staff List
-o: my.com
+o: example.com
objectclass: maillist
mailacceptinggeneralid: accountingstaff
mailacceptinggeneralid: accounting-staff
external files (<a href="ldap_table.5.html">ldap</a>:/path/ldap.cf) needed to securely store
passwords for plain auth.
-<li>Liviu Daia revised the configuration interface and added the main.cf
+<li>Liviu Daia revised the configuration interface and added the <a href="postconf.5.html">main.cf</a>
configuration feature.</li>
<li>Liviu Daia with further refinements from Jose Luis Tallon and
<h2>Purpose of this document </h2>
-<p> This document describes the <a href="qshape.1.html">qshape(1)</a> program which helps the
-administrator understand the Postfix queue message distribution
-sorted by time and by sender or recipient domain. <a href="qshape.1.html">qshape(1)</a> is
-bundled with the Postfix 2.1 source under the "auxiliary" directory.
-</p>
-
-<p> In order to understand the output of <a href="qshape.1.html">qshape(1)</a>, it useful to
-understand the various Postfix queues. To this end the role of each
-Postfix queue directory is described briefly in the "Background
-info: Postfix queue directories" section near the end of this
-document. </p>
+<p> This document is an introduction to Postfix queue congestion analysis.
+It explains how the <a href="qshape.1.html">qshape(1)</a> program can help to track down the
+reason for queue congestion. <a href="qshape.1.html">qshape(1)</a> is bundled with Postfix
+2.1 and later source code, under the "auxiliary" directory. This
+document describes <a href="qshape.1.html">qshape(1)</a> as bundled with Postfix 2.4. </p>
<p> This document covers the following topics: </p>
<li><a href="#backlog">Example 4: High volume destination backlog</a>
-<li><a href="#queues">Background info: Postfix queue directories</a>
+<li><a href="#queues">Postfix queue directories</a>
<ul>
<h2><a name="qshape">Introducing the qshape tool</a></h2>
-
<p> When mail is draining slowly or the queue is unexpectedly large,
run <a href="qshape.1.html">qshape(1)</a> as the super-user (root) to help zero in on the problem.
The <a href="qshape.1.html">qshape(1)</a> program displays a tabular view of the Postfix queue
</ul>
+<p> When the output is a terminal intermediate results showing the top 20
+domains (-n option) are displayed after every 1000 messages (-N option)
+and the final output also shows only the top 20 domains. This makes
+qshape useful even when the <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> is very large and it may
+otherwise take prohibitively long to read the entire <a href="QSHAPE_README.html#deferred_queue">deferred queue</a>. </p>
+
<p> By default, qshape shows statistics for the union of both the
<a href="QSHAPE_README.html#incoming_queue">incoming</a> and <a href="QSHAPE_README.html#active_queue">active queues</a> which are the most relevant queues to
look at when analyzing performance. </p>
<blockquote>
<pre>
-$ qshape deferred | less
-$ qshape incoming active deferred | less
+$ qshape deferred
+$ qshape incoming active deferred
</pre>
</blockquote>
<p> The problem destinations or sender domains appear near the top
left corner of the output table. Remember that the <a href="QSHAPE_README.html#active_queue">active queue</a>
can accommodate up to 20000 ($<a href="postconf.5.html#qmgr_message_active_limit">qmgr_message_active_limit</a>) messages.
-To check wether this limit has been reached, use: </p>
+To check whether this limit has been reached, use: </p>
<blockquote>
<pre>
-$ qshape -s active | head <i>(show sender statistics)</i>
+$ qshape -s active <i>(show sender statistics)</i>
</pre>
</blockquote>
not yet saturated, any high volume sender domains show near the
top of the output.
-<p> The <a href="QSHAPE_README.html#active_queue">active queue</a> is also limited to at most 20000 recipient
-addresses ($<a href="postconf.5.html#qmgr_message_recipient_limit">qmgr_message_recipient_limit</a>). To check for exhaustion
-of this limit use: </p>
+<p> With <a href="qmgr.8.html">oqmgr(8)</a> the <a href="QSHAPE_README.html#active_queue">active queue</a> is also limited to at most 20000
+recipient addresses ($<a href="postconf.5.html#qmgr_message_recipient_limit">qmgr_message_recipient_limit</a>). To check for
+exhaustion of this limit use: </p>
<blockquote>
<pre>
-$ qshape active | head <i>(show recipient statistics)</i>
+$ qshape active <i>(show recipient statistics)</i>
</pre>
</blockquote>
take measures to ensure that the mail is deferred instead or even
add an <a href="access.5.html">access(5)</a> rule asking the sender to try again later. </p>
-<p> If a high volume destination exhibits frequent bursts of
-consecutive connections refused by all MX hosts or "421 Server busy
-errors", it is possible for the queue manager to mark the destination
-as "dead" despite the transient nature of the errors. The destination
-will be retried again after the expiration of a $<a href="postconf.5.html#minimal_backoff_time">minimal_backoff_time</a>
-timer. If the error bursts are frequent enough it may be that only
-a small quantity of email is delivered before the destination is
-again marked "dead". </p>
+<p> If a high volume destination exhibits frequent bursts of consecutive
+connections refused by all MX hosts or "421 Server busy errors", it
+is possible for the queue manager to mark the destination as "dead"
+despite the transient nature of the errors. The destination will be
+retried again after the expiration of a $<a href="postconf.5.html#minimal_backoff_time">minimal_backoff_time</a> timer.
+If the error bursts are frequent enough it may be that only a small
+quantity of email is delivered before the destination is again marked
+"dead". In some cases enabling static (not on demand) connection
+caching by listing the appropriate nexthop domain in a table included in
+"<a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a>" may help to reduce the error rate,
+because most messages will re-use existing connections. </p>
<p> The MTA that has been observed most frequently to exhibit such
bursts of errors is Microsoft Exchange, which refuses connections
server propagate the refused connection to the client as a "421"
error. </p>
-<p> Note that it is now possible to configure Postfix to exhibit
-similarly erratic behavior by misconfiguring the <a href="anvil.8.html">anvil(8)</a> server
-(not included in Postfix 2.1.). Do not use <a href="anvil.8.html">anvil(8)</a> for steady-state
-rate limiting, its purpose is DoS prevention and the rate limits
-set should be very generous! </p>
+<p> Note that it is now possible to configure Postfix to exhibit similarly
+erratic behavior by misconfiguring the <a href="anvil.8.html">anvil(8)</a> service. Do not use
+<a href="anvil.8.html">anvil(8)</a> for steady-state rate limiting, its purpose is (unintentional)
+DoS prevention and the rate limits set should be very generous! </p>
-<p> In the long run it is hoped that the Postfix dead host detection
-and concurrency control mechanism will be tuned to be more "noise"
-tolerant. If one finds oneself needing to deliver a high volume
-of mail to a destination that exhibits frequent brief bursts of
-errors, there is a subtle workaround. </p>
+<p> If one finds oneself needing to deliver a high volume of mail to a
+destination that exhibits frequent brief bursts of errors and connection
+caching does not solve the problem, there is a subtle workaround. </p>
<ul>
-<li> <p> In master.cf set up a dedicated clone of the "smtp"
+<li> <p> In <a href="master.5.html">master.cf</a> set up a dedicated clone of the "smtp"
transport for the destination in question. </p>
-<li> <p> In master.cf configure a reasonable process limit for the
+<li> <p> In <a href="master.5.html">master.cf</a> configure a reasonable process limit for the
transport (a number in the 10-20 range is typical). </p>
-<li> <p> IMPORTANT!!! In main.cf configure a very large initial
-and destination concurrency limit for this transport (say 200). </p>
+<li> <p> IMPORTANT!!! In <a href="postconf.5.html">main.cf</a> configure a very large initial
+and destination concurrency limit for this transport (say 2000). </p>
<pre>
-/etc/postfix/main.cf:
- <a href="postconf.5.html#initial_destination_concurrency">initial_destination_concurrency</a> = 200
- <i>transportname</i>_destination_concurrency_limit = 200
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#initial_destination_concurrency">initial_destination_concurrency</a> = 2000
+ <i>transportname</i>_destination_concurrency_limit = 2000
</pre>
-<p> Where <i>transportname</i> is the name of the master.cf entry
+<p> Where <i>transportname</i> is the name of the <a href="master.5.html">master.cf</a> entry
in question. </p>
</ul>
-<p> The effect of this surprising configuration is that up to 200
+<p> The effect of this surprising configuration is that up to 2000
consecutive errors are tolerated without marking the destination
dead, while the total concurrency remains reasonable (10-20
processes). This trick is only for a very specialized situation:
high volume delivery into a channel with multi-error bursts
that is capable of high throughput, but is repeatedly throttled by
-the bursts of errors.
+the bursts of errors. </p>
<p> When a destination is unable to handle the load even after the
Postfix process limit is reduced to 1, a desperate measure is to
<li> <p> In the transport map entry for the problem destination,
specify a dead host as the primary nexthop. </p>
-<li> <p> In the master.cf entry for the transport specify the
+<li> <p> In the <a href="master.5.html">master.cf</a> entry for the transport specify the
problem destination as the <a href="postconf.5.html#fallback_relay">fallback_relay</a> and specify a small
<a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a> value. </p>
/etc/postfix/transport:
problem.example.com slow:[dead.host]
-/etc/postfix/master.cf:
+/etc/postfix/<a href="master.5.html">master.cf</a>:
# service type private unpriv chroot wakeup maxproc command
slow unix - - n - 1 smtp
-o <a href="postconf.5.html#fallback_relay">fallback_relay</a>=problem.example.com
<p> Hopefully a more elegant solution to these problems will be
found in the future. </p>
-<h2><a name="queues">Background info: Postfix queue directories</a></h2>
+<h2><a name="queues">Postfix queue directories</a></h2>
<p> The following sections describe Postfix queues: their purpose,
what normal behavior looks like, and how to diagnose abnormal
<p> All mail that enters the main Postfix queue does so via the
<a href="cleanup.8.html">cleanup(8)</a> service. The cleanup service is responsible for envelope
and header rewriting, header and body regular expression checks,
-automatic bcc recipient processing and guaranteed insertion of the
-message into the Postfix "<a href="QSHAPE_README.html#incoming_queue">incoming" queue</a>. </p>
+automatic bcc recipient processing, milter content processing, and
+
reliable insertion of the message into the Postfix "<a href="QSHAPE_README.html#incoming_queue">incoming" queue</a>. </p>
<p> In the absence of excessive CPU consumption in <a href="cleanup.8.html">cleanup(8)</a> header
or body regular expression checks or other software consuming all
disk I/O latency (+ CPU if not negligible) of the cleanup service.
</p>
-<p> Congestion in this queue is indicative of an excessive local
-message submission rate or perhaps excessive CPU consumption in
-the <a href="cleanup.8.html">cleanup(8)</a> service due to excessive <a href="postconf.5.html#body_checks">body_checks</a>. </p>
+<p> Congestion in this queue is indicative of an excessive local message
+submission rate or perhaps excessive CPU consumption in the <a href="cleanup.8.html">cleanup(8)</a>
+service due to excessive <a href="postconf.5.html#body_checks">body_checks</a>, or (Postfix ≥ 2.3) high latency
+milters. </p>
<p> Note, that once the <a href="QSHAPE_README.html#active_queue">active queue</a> is full, the cleanup service
will attempt to slow down message injection by pausing $<a href="postconf.5.html#in_flow_delay">in_flow_delay</a>
a consequence of congestion downstream, rather than a problem in
its own right. </p>
-<p> Note also, that one should not attempt to deliver large volumes
-of mail via the <a href="pickup.8.html">pickup(8)</a> service. High volume sites must avoid
-using content filters that reinject scanned mail via Postfix
-
<a href="sendmail.1.html">sendmail(1)</a> and <a href="postdrop.1.html">postdrop(1)</a>. </p>
+<p> Note, you should not attempt to deliver large volumes of mail via
+the <a href="pickup.8.html">pickup(8)</a> service. High volume sites should avoid using "simple"
+content filters that re-inject scanned mail via Postfix <a href="sendmail.1.html">sendmail(1)</a>
+and <a href="postdrop.1.html">postdrop(1)</a>. </p>
<p> A high arrival rate of locally submitted mail may be an indication
of an uncaught forwarding loop, or a run-away notification program.
<p> The administrator can define "smtpd" <a href="access.5.html">access(5)</a> policies, or
<a href="cleanup.8.html">cleanup(8)</a> header/body checks that cause messages to be automatically
diverted from normal processing and placed indefinitely in the
-"<a href="QSHAPE_README.html#hold_queue">hold" queue</a>. Messages placed in the "hold" queue stay there until
+"<a href="QSHAPE_README.html#hold_queue">hold" queue</a>. Messages placed in the "hold" queue stay there until
the administrator intervenes. No periodic delivery attempts are
made for messages in the "<a href="QSHAPE_README.html#hold_queue">hold" queue</a>. The <a href="postsuper.1.html">postsuper(1)</a> command
can be used to manually release messages into the "<a href="QSHAPE_README.html#deferred_queue">deferred" queue</a>.
</p>
-<p> Messages can potentially stay in the "<a href="QSHAPE_README.html#hold_queue">hold" queue</a> for a time
-exceeding the normal maximal queue lifetime (after which undelivered
-messages are bounced back to the sender). If such "old" messages
-need to be released from the "<a href="QSHAPE_README.html#hold_queue">hold" queue</a>, they should typically
-be moved into the "<a href="QSHAPE_README.html#maildrop_queue">maildrop" queue</a>, so that the message gets a new
-timestamp and is given more than one opportunity to be delivered.
-Messages that are "young" can be moved directly into the "deferred"
-queue. </p>
+<p> Messages can potentially stay in the "<a href="QSHAPE_README.html#hold_queue">hold" queue</a> longer than
+$<a href="postconf.5.html#maximal_queue_lifetime">maximal_queue_lifetime</a>. If such "old" messages need to be released from
+the "<a href="QSHAPE_README.html#hold_queue">hold" queue</a>, they should typically be moved into the "maildrop"
+queue using "postsuper -r", so that the message gets a new timestamp and
+is given more than one opportunity to be delivered. Messages that are
+"young" can be moved directly into the "<a href="QSHAPE_README.html#deferred_queue">deferred" queue</a> using
+"postsuper -H". </p>
<p> The "<a href="QSHAPE_README.html#hold_queue">hold" queue</a> plays little role in Postfix performance, and
monitoring of the "<a href="QSHAPE_README.html#hold_queue">hold" queue</a> is typically more closely motivated
<p> The <a href="QSHAPE_README.html#incoming_queue">incoming queue</a> grows when the message input rate spikes
above the rate at which the queue manager can import messages into
-the <a href="QSHAPE_README.html#active_queue">active queue</a>. The main factor slowing down the queue manager
-is transport queries to the trivial-rewrite service. If the queue
+the <a href="QSHAPE_README.html#active_queue">active queue</a>. The main factors slowing down the queue manager
+are disk I/O and lookup queries to the trivial-rewrite service. If the queue
manager is routinely not keeping up, consider not using "slow"
lookup services (MySQL, LDAP, ...) for transport lookups or speeding
-up the hosts that provide the lookup service. </p>
+up the hosts that provide the lookup service. If the problem is I/O
+starvation, consider striping the queue over more disks, faster controllers
+with a battery write cache, or other hardware improvements. At the very
+least, make sure that the queue directory is mounted with the "noatime"
+option if applicable to the underlying filesystem. </p>
<p> The <a href="postconf.5.html#in_flow_delay">in_flow_delay</a> parameter is used to clamp the input rate
when the queue manager starts to fall behind. The <a href="cleanup.8.html">cleanup(8)</a> service
concurrency limit. </p>
<p> Multiple recipient groups (from one or more messages) are queued
-for delivery via the common transport/nexthop combination. The
-destination concurrency limit for the transports caps the number
+for delivery grouped by transport/nexthop combination. The
+<b>destination</b> concurrency limit for the transports caps the number
of simultaneous delivery attempts for each nexthop. Transports with
-a recipient concurrency limit of 1 are special: these are grouped
-by the actual recipient address rather than the nexthop, thereby
-enabling per-recipient concurrency limits rather than per-domain
+a <b>recipient</b> concurrency limit of 1 are special: these are grouped
+by the actual recipient address rather than the nexthop, yielding
+per-recipient concurrency limits rather than per-domain
concurrency limits. Per-recipient limits are appropriate when
performing final delivery to mailboxes rather than when relaying
to a remote server. </p>
<p> Congestion occurs in the <a href="QSHAPE_README.html#active_queue">active queue</a> when one or more destinations
-drain slower than the corresponding message input rate. If a
-destination is down for some time, the queue manager will mark it
-dead, and immediately defer all mail for the destination without
+drain slower than the corresponding message input rate. </p>
+
+<p> Input into the <a href="QSHAPE_README.html#active_queue">active queue</a> comes both from new mail in the "incoming"
+queue, and retries of mail in the "<a href="QSHAPE_README.html#deferred_queue">deferred" queue</a>. Should the "deferred"
+queue get really large, retries of old mail can dominate the arrival
+rate of new mail. Systems with more CPU, faster disks and more network
+bandwidth can deal with larger <a href="QSHAPE_README.html#deferred_queue">deferred queues</a>, but as a rule of thumb
+the <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scales to somewhere between 100,000 and 1,000,000
+messages with good performance unlikely above that "limit". Systems with
+queues this large should typically stop accepting new mail, or put the
+backlog "on hold" until the underlying issue is fixed (provided that
+there is enough capacity to handle just the new mail). </p>
+
+<p> When a destination is down for some time, the queue manager will
+mark it dead, and immediately defer all mail for the destination without
trying to assign it to a delivery agent. In this case the messages
-will quickly leave the <a href="QSHAPE_README.html#active_queue">active queue</a> and end up in the deferred
-queue. If the destination is instead simply slow, or there is a
-problem causing an excessive arrival rate the <a href="QSHAPE_README.html#active_queue">active queue</a> will
-grow and will become dominated by mail to the congested destination.
-</p>
+will quickly leave the <a href="QSHAPE_README.html#active_queue">active queue</a> and end up in the <a href="QSHAPE_README.html#deferred_queue">deferred queue</a>
+(with Postfix < 2.4, this is done directly by the queue manager,
+with Postfix ≥ 2.4 this is done via the "retry" delivery agent). </p>
+
+<p> When the destination is instead simply slow, or there is a problem
+causing an excessive arrival rate the <a href="QSHAPE_README.html#active_queue">active queue</a> will grow and will
+become dominated by mail to the congested destination. </p>
<p> The only way to reduce congestion is to either reduce the input
rate or increase the throughput. Increasing the throughput requires
is draining slowly and the system and network are not loaded, raise
the "smtp" and/or "relay" process limits! </p>
-<p> Especially for the "relay" transport, consider lower SMTP
-connection timeouts (1-5 seconds) and higher than default destination
-concurrency limits. Compute the expected latency when 1 out of N
-of the MX hosts for a high volume site is down and not responding,
-and make sure that the configured concurrency divided by this
-latency exceeds the required steady-state message rate. If the
-destination is managed by you, consider load balancers in front of
-groups of MX hosts. Load balancers have higher uptime and will be
-able to hide individual MX host failures. </p>
-
-<p> If necessary, dedicate and tune custom transports for high
-volume destinations. </p>
-
-<p> Another common cause of congestion is unwarranted flushing of
-the entire <a href="QSHAPE_README.html#deferred_queue">deferred queue</a>. The deferred queue holds messages that
-are likely to fail to be delivered and are also likely to be slow
-to fail delivery (timeouts). This means that the most common reaction
-to a large <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> (flush it!) is more than likely counter-
-productive, and is likely to make the problem worse. Do not flush
-the <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> unless you expect that most of its content has
-recently become deliverable (e.g. <a href="postconf.5.html#relayhost">relayhost</a> back up after an outage)!
-</p>
+<p> When a high volume destination is served by multiple MX hosts with
+typically low delivery latency, performance can suffer dramatically when
+one of the MX hosts is unresponsive and SMTP connections to that host
+timeout. For example, if there are 2 equal weight MX hosts, the SMTP
+connection timeout is 30 seconds and one of the MX hosts is down, the
+average SMTP connection will take approximately 15 seconds to complete.
+With a default per-destination concurrency limit of 20 connections,
+throughput falls to just over 1 message per second. </p>
+
+<p> The best way to avoid bottlenecks when one or more MX hosts is
+non-responsive is to use connection caching. Connection caching was
+introduced with Postfix 2.2 and is by default enabled on demand for
+destinations with a backlog of mail in the <a href="QSHAPE_README.html#active_queue">active queue</a>. When connection
+caching is in effect for a particular destination, established connections
+are re-used to send additional messages, this reduces the number of
+connections made per message delivery and maintains good throughput even
+in the face of partial unavailability of the destination's MX hosts. </p>
+
+<p> If connection caching is not available (Postfix < 2.2) or does
+not provide a sufficient latency reduction, especially for the "relay"
+transport used to forward mail to "your own" domains, consider setting
+lower than default SMTP connection timeouts (1-5 seconds) and higher
+than default destination concurrency limits. This will further reduce
+latency and provide more concurrency to maintain throughput should
+latency rise. </p>
+
+<p> Setting high concurrency limits to domains that are not your own may
+be viewed as hostile by the receiving system, and steps may be taken
+to prevent you from monopolizing the destination system's resources.
+The defensive measures may substantially reduce your throughput or block
+access entirely. Do not set aggressive concurrency limits to remote
+domains without coordinating with the administrators of the target
+domain. </p>
+
+<p> If necessary, dedicate and tune custom transports for selected high
+volume destinations. The "relay" transport is provided for forwarding mail
+to domains for which your server is a primary or backup MX host. These can
+make up a substantial fraction of your email traffic. Use the "relay" and
+not the "smtp" transport to send email to these domains. Using the "relay"
+transport allocates a separate delivery agent pool to these destinations
+and allows separate tuning of timeouts and concurrency limits. </p>
+
+<p> Another common cause of congestion is unwarranted flushing of the
+entire <a href="QSHAPE_README.html#deferred_queue">deferred queue</a>. The deferred queue holds messages that are likely
+to fail to be delivered and are also likely to be slow to fail delivery
+(time out). As a result the most common reaction to a large <a href="QSHAPE_README.html#deferred_queue">deferred queue</a>
+(flush it!) is more than likely counter-productive, and typically makes
+the congestion worse. Do not flush the <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> unless you expect
+that most of its content has recently become deliverable (e.g. <a href="postconf.5.html#relayhost">relayhost</a>
+back up after an outage)! </p>
<p> Note that whenever the queue manager is restarted, there may
already be messages in the <a href="QSHAPE_README.html#active_queue">active queue</a> directory, but the "real"
the messages back and forth, redoing transport table (<a href="trivial-rewrite.8.html">trivial-rewrite(8)</a>
resolve service) lookups, and re-importing the messages back into
memory is expensive. At all costs, avoid frequent restarts of the
-queue manager. </p>
+queue manager (e.g. via frequent execution of "postfix reload"). </p>
<h3> <a name="deferred_queue"> The "deferred" queue </a> </h3>
might succeed later), the message is placed in the <a href="QSHAPE_README.html#deferred_queue">deferred queue</a>.
</p>
-<p> The queue manager scans the <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> periodically. The
-scan interval is controlled by the <a href="postconf.5.html#queue_run_delay">queue_run_delay</a> parameter.
-While a <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scan is in progress, if an <a href="QSHAPE_README.html#incoming_queue">incoming queue</a>
-scan is also in progress (ideally these are brief since the incoming
-queue should be short), the queue manager alternates between bringing
-a new "incoming" message and a new "deferred" message into the
-queue. This "round-robin" strategy prevents starvation of either
-the <a href="QSHAPE_README.html#incoming_queue">incoming</a> or the <a href="QSHAPE_README.html#deferred_queue">deferred queues</a>. </p>
+<p> The queue manager scans the <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> periodically. The scan
+interval is controlled by the <a href="postconf.5.html#queue_run_delay">queue_run_delay</a> parameter. While a deferred
+queue scan is in progress, if an <a href="QSHAPE_README.html#incoming_queue">incoming queue</a> scan is also in progress
+(ideally these are brief since the <a href="QSHAPE_README.html#incoming_queue">incoming queue</a> should be short), the
+queue manager alternates between looking for messages in the "incoming"
+queue and in the "<a href="QSHAPE_README.html#deferred_queue">deferred" queue</a>. This "round-robin" strategy prevents
+starvation of either the <a href="QSHAPE_README.html#incoming_queue">incoming</a> or the <a href="QSHAPE_README.html#deferred_queue">deferred queues</a>. </p>
<p> Each <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scan only brings a fraction of the deferred
queue back into the <a href="QSHAPE_README.html#active_queue">active queue</a> for a retry. This is because each
message in the <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> is assigned a "cool-off" time when
it is deferred. This is done by time-warping the modification
-times of the queue file into the future. The queue file is not
+time of the queue file into the future. The queue file is not
eligible for a retry if its modification time is not yet reached.
</p>
retried more often than old messages. </p>
<p> If a high volume site routinely has large <a href="QSHAPE_README.html#deferred_queue">deferred queues</a>, it
-may be useful to adjust the <a href="postconf.5.html#queue_run_delay">queue_run_delay</a>, <a href="postconf.5.html#minimal_backoff_time">minimal_backoff_time</a>
-and <a href="postconf.5.html#maximal_backoff_time">maximal_backoff_time</a> to provide short enough delays on first
-failure, with perhaps longer delays after multiple failures, to
-reduce the retransmission rate of old messages and thereby reduce
-the quantity of previously deferred mail in the <a href="QSHAPE_README.html#active_queue">active queue</a>. </p>
+may be useful to adjust the <a href="postconf.5.html#queue_run_delay">queue_run_delay</a>, <a href="postconf.5.html#minimal_backoff_time">minimal_backoff_time</a> and
+<a href="postconf.5.html#maximal_backoff_time">maximal_backoff_time</a> to provide short enough delays on first failure
+(Postfix ≥ 2.4 has a sensibly low minimal backoff time by default),
+with perhaps longer delays after multiple failures, to reduce the
+retransmission rate of old messages and thereby reduce the quantity
+of previously deferred mail in the <a href="QSHAPE_README.html#active_queue">active queue</a>. If you want a really
+low <a href="postconf.5.html#minimal_backoff_time">minimal_backoff_time</a>, you may also want to lower <a href="postconf.5.html#queue_run_delay">queue_run_delay</a>,
+but understand that more frequent scans will increase the demand for
+disk I/O. </p>
<p> One common cause of large <a href="QSHAPE_README.html#deferred_queue">deferred queues</a> is failure to validate
recipients at the SMTP input stage. Since spammers routinely launch
dictionary attacks from unrepliable sender addresses, the bounces
-for invalid recipient addresses clog the <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> (and at
-high volumes proportionally clog the <a href="QSHAPE_README.html#active_queue">active queue</a>). Recipient
-validation is strongly recommended through use of the <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>
-and <a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> parameters. </p>
+for invalid recipient addresses clog the <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> (and at high
+volumes proportionally clog the <a href="QSHAPE_README.html#active_queue">active queue</a>). Recipient validation
+is strongly recommended through use of the <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> and
+<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> parameters. Even when bounces drain quickly they
+inundate innocent victims of forgery with unwanted email. To avoid
+this, do not accept mail for invalid recipients. </p>
<p> When a host with lots of deferred mail is down for some time,
it is possible for the entire <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> to reach its retry
time simultaneously. This can lead to a very full <a href="QSHAPE_README.html#active_queue">active queue</a> once
the host comes back up. The phenomenon can repeat approximately
every <a href="postconf.5.html#maximal_backoff_time">maximal_backoff_time</a> seconds if the messages are again deferred
-after a brief burst of congestion. Ideally, in the future Postfix
+after a brief burst of congestion. Perhaps, a future Postfix release
will add a random offset to the retry time (or use a combination
-of strategies) to reduce the chances of repeated complete deferred
+of strategies) to reduce the odds of repeated complete deferred
queue flushes. </p>
<h2><a name="credits">Credits</a></h2>
<h2><a name="build_sasl">Building the Cyrus SASL library</a></h2>
-<p> Postfix appears to work with cyrus-sasl-1.5.5 or cyrus-sasl-2.1.1,
+<p> Postfix appears to work with cyrus-sasl-1.5.x or cyrus-sasl-2.1.x,
which are available from: </p>
<blockquote>
<p> IMPORTANT: if you install the Cyrus SASL libraries as per the
default, you will have to symlink /usr/lib/sasl -> /usr/local/lib/sasl
-for version 1.5.5 or /usr/lib/sasl2 -> /usr/local/lib/sasl2 for
-version 2.1.1. </p>
+for version 1.5.x or /usr/lib/sasl2 -> /usr/local/lib/sasl2 for
+version 2.1.x. </p>
-<p> Reportedly, Microsoft Internet Explorer version 5 requires the
-non-standard SASL LOGIN authentication method. To enable this
+<p> Reportedly, Microsoft Outlook (Express) requires the
+non-standard LOGIN authentication method. To enable this
authentication method, specify ``./configure --enable-login''. </p>
<h2><a name="build_postfix">Building Postfix with Cyrus SASL support</a></h2>
<dl>
-<dt> (for Cyrus SASL version 1.5.5):
+<dt> (for Cyrus SASL version 1.5.x):
<dd>
<pre>
% make tidy # if you have left-over files from a previous build
-I/usr/local/include" AUXLIBS="-L/usr/local/lib -lsasl"
</pre>
-<dt> (for Cyrus SASL version 2.1.1):
+<dt> (for Cyrus SASL version 2.1.x):
<dd>
<pre>
% make tidy # if you have left-over files from a previous build
<dl>
-<dt> (for Cyrus SASL version 1.5.5):
+<dt> (for Cyrus SASL version 1.5.x):
<dd>
<pre>
% make tidy # if you have left-over files from a previous build
-R/usr/local/lib -lsasl"
</pre>
-<dt> (for Cyrus SASL version 2.1.1):
+<dt> (for Cyrus SASL version 2.1.x):
<dd>
<pre>
% make tidy # if you have left-over files from a previous build
<p> Older Microsoft SMTP client software implements a non-standard
version of the AUTH protocol syntax, and expects that the SMTP
-server replies to EHLO with "250 AUTH=stuff" instead of "250 AUTH
-stuff". To accommodate such clients (in addition to conformant
+server replies to EHLO with "250 AUTH=mechanism-list" instead of
+"250 AUTH mechanism-list". To accommodate such clients (in addition
+to conformant
clients) use the following: </p>
<blockquote>
<h2><a name="server_cyrus">Cyrus SASL configuration for the Postfix
SMTP server</a></h2>
-<p> In /usr/local/lib/sasl/smtpd.conf (Cyrus SASL version 1.5.5) or
-/usr/local/lib/sasl2/smtpd.conf (Cyrus SASL version 2.1.1) you need to
-specify how the server should validate client passwords. </p>
+<p> You need to configure how the Cyrus SASL library should
+authenticate a client's username and password. These settings must
+be stored in a separate configuration file. </p>
+
+<p> The name of the configuration file (default: smtpd.conf) will
+be constructed from a value sent by Postfix to the Cyrus SASL
+library, which adds the suffix .conf. The value is configured using
+one of the following variables: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ # Postfix 2.3 and later
+ <a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a> = smtpd
+ # Postfix < 2.3
+ smtpd_sasl_application_name = smtpd
+</pre>
+</blockquote>
+
+<p> Cyrus SASL searches for the configuration file in /usr/local/lib/sasl/
+(Cyrus SASL version 1.5.5) or /usr/local/lib/sasl2/ (Cyrus SASL
+version 2.1.x). </p>
<p> Note: some Postfix distributions are modified and look for
-the smtpd.conf file in /etc/postfix. </p>
+the smtpd.conf file in /etc/postfix/sasl. </p>
<p> Note: some Cyrus SASL distributions look for the smtpd.conf
file in /etc/sasl2. </p>
<ul>
-<li> <p> To authenticate against the UNIX password database, try: </p>
+<li> <p> To authenticate against the UNIX password database, use: </p>
<dl>
-<dt> (Cyrus SASL version 1.5.5)
+<dt> (Cyrus SASL version 1.5.x)
<dd>
<pre>
/usr/local/lib/sasl/smtpd.conf:
</pre>
-<dt> (Cyrus SASL version 2.1.1)
-<dd>
-<pre>
-/usr/local/lib/sasl2/smtpd.conf:
- pwcheck_method: pwcheck
-</pre>
-
-</dl>
-
-<p> The name of the file in /usr/local/lib/sasl (Cyrus SASL version
-1.5.5) or /usr/local/lib/sasl2 (Cyrus SASL version 2.1.1) used by
-the SASL
-library for configuration can be set with: </p>
-
-<blockquote>
-<pre>
-/etc/postfix/<a href="postconf.5.html">main.cf</a>:
- smtpd_sasl_application_name = smtpd (Postfix < 2.3)
- <a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a> = smtpd (Postfix 2.3 and later)
-</pre>
-</blockquote>
+<p> IMPORTANT: pwcheck establishes a UNIX domain socket in /var/pwcheck
+and waits for authentication requests. Postfix processes must have
+read+execute permission to this directory or authentication attempts
+will fail. </p>
<p> The pwcheck daemon is contained in the cyrus-sasl source tarball. </p>
-<p> IMPORTANT: postfix processes need to have group read+execute
-permission for the /var/pwcheck directory, otherwise authentication
-attempts will fail. </p>
-
-<li> <p> Alternately, in Cyrus SASL 1.5.26 and later (including
-2.1.1), try: </p>
-
-<dl>
-
<dt> (Cyrus SASL version 1.5.26)
<dd>
<pre>
pwcheck_method: saslauthd
</pre>
-<dt> (Cyrus SASL version 2.1.1)
+<dt> (Cyrus SASL version 2.1.x)
<dd>
<pre>
/usr/local/lib/sasl2/smtpd.conf:
pwcheck_method: saslauthd
+ mech_list: PLAIN LOGIN
</pre>
</dl>
can authenticate against PAM and various other sources. To use PAM,
start saslauthd with "-a pam". </p>
+<p> IMPORTANT: saslauthd usually establishes a UNIX domain socket
+in /var/run/saslauthd and waits for authentication requests. Postfix
+processes must have read+execute permission to this directory or
+authentication attempts will fail. </p>
+
+<p> Note: The directory where saslauthd puts the socket is configurable.
+See the command-line option "-m /path/to/socket" in the saslauthd
+--help listing. </p>
+
<li> <p> To authenticate against Cyrus SASL's own password database: </p>
<dl>
-<dt> (Cyrus SASL version 1.5.5)
+<dt> (Cyrus SASL version 1.5.x)
<dd>
<pre>
/usr/local/lib/sasl/smtpd.conf:
- pwcheck_method: sasldb
+ pwcheck_method: sasldb
</pre>
-<dt> (Cyrus SASL version 2.1.1)
+<dt> (Cyrus SASL version 2.1.x)
<dd>
<pre>
/usr/local/lib/sasl2/smtpd.conf:
- pwcheck_method: auxprop
+ pwcheck_method: auxprop
+ auxprop_plugin: sasldb
+ mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
</pre>
</dl>
<p> This will use the Cyrus SASL password file (default: /etc/sasldb in
-version 1.5.5, or /etc/sasldb2 in version 2.1.1), which is maintained
+version 1.5.x, or /etc/sasldb2 in version 2.1.x), which is maintained
with the saslpasswd or saslpasswd2 command (part of the Cyrus SASL
software). On some poorly-supported systems the saslpasswd command needs
to be run multiple times before it stops complaining. The Postfix SMTP
<p> EXAMPLE: </p>
<dl>
-<dt> (Cyrus SASL version 1.5.5)
+<dt> (Cyrus SASL version 1.5.x)
<dd>
<pre>
% saslpasswd -c -u `postconf -h <a href="postconf.5.html#myhostname">myhostname</a>` exampleuser
</pre>
-<dt> (Cyrus SASL version 2.1.1)
+<dt> (Cyrus SASL version 2.1.x)
<dd>
<pre>
% saslpasswd2 -c -u `postconf -h <a href="postconf.5.html#myhostname">myhostname</a>` exampleuser
</dl>
<p> You can find out SASL's idea about the realms of the users
-in sasldb with <i>sasldblistusers</i> (Cyrus SASL version 1.5.5) or
-<i>sasldblistusers2</i> (Cyrus SASL version 2.1.1). </p>
+in sasldb with <i>sasldblistusers</i> (Cyrus SASL version 1.5.x) or
+<i>sasldblistusers2</i> (Cyrus SASL version 2.1.x). </p>
<p> On the Postfix side, you can have only one realm per smtpd
instance, and only the users belonging to that realm would be able to
</ul>
-<p> IMPORTANT: all users must be able to authenticate using ALL
-authentication mechanisms advertised by Postfix, otherwise the
-negotiation might end up with an unsupported mechanism, and
-authentication would fail. For example if you configure SASL to
-use <i>saslauthd</i> for authentication against PAM (pluggable
-authentication modules), only the PLAIN and LOGIN mechanisms are
-supported and stand a chance to succeed, yet the SASL library would also
-advertise other mechanisms, such as DIGEST-MD5. This happens because
-those mechanisms are made available by other plugins, and the SASL
-library have no way to know that your only valid authentication source
-is PAM. Thus you might need to limit the list of mechanisms advertised
-by Postfix. </p>
+<p> IMPORTANT: The Cyrus SASL password verification services pwcheck
+and saslauthd can only support the plaintext mechanisms PLAIN or
+LOGIN. However, the Cyrus SASL library doesn't know this, and will
+happily advertise other authentication mechanisms that the SASL
+library implements, such as DIGEST-MD5. As a result, if an SMTP
+client chooses any mechanism other than PLAIN or LOGIN while pwcheck
+or saslauthd are used, authentication will fail. Thus you may need
+to limit the list of mechanisms advertised by Postfix. </p>
<ul>
library files from the SASL plug-in directory (and again whenever
the system is updated). </p>
-<li> <p> With Cyrus SASL version 2.1.1 or later: </p>
+<li> <p> With Cyrus SASL version 2.1.x or later the mech_list variable
+can specify a list of authentication mechanisms that Cyrus SASL may
+offer: </p>
<blockquote>
<pre>
<ul>
-<li> <p> With Cyrus SASL version 1.5.5 your only choice is to
+<li> <p> With Cyrus SASL version 1.5.x your only choice is to
delete the corresponding library files from the SASL plug-in
directory. </p>
-<li> <p> With SASL version 2.1.1: </p>
+<li> <p> With SASL version 2.1.x: </p>
<blockquote>
<pre>
/usr/local/lib/sasl2/smtpd.conf:
- pwcheck_method: auxprop
- auxprop_plugin: sql
+ pwcheck_method: auxprop
+ auxprop_plugin: sql
</pre>
</blockquote>
<h2><a name="debugging">Trouble shooting the SASL internals</a></h2>
<p> In the Cyrus SASL sources you'll find a subdirectory named
-"sample". Run make there, "su" to the user <i>postfix</i> (or
-whatever your <i><a href="postconf.5.html#mail_owner">mail_owner</a></i> directive is set to):
+"sample". Run make there, then create a symbolic link from sample.conf
+to smtpd.conf in your Cyrus SASL library directory /usr/local/lib/sasl2.
+"su" to the user <i>postfix</i> (or whatever your <i><a href="postconf.5.html#mail_owner">mail_owner</a></i>
+directive is set to): </p>
<blockquote>
<pre>
</blockquote>
<p> then run the resulting sample server and client in separate
-terminals. Strace / ktrace / truss the server to see what makes
-it unhappy, and fix the problem. Repeat the previous step until
-you can successfully authenticate with the sample client. Only
-then get back to Postfix. </p>
+terminals. The sample applications send log messages to the syslog
+facility auth. Check the log to fix the problem or run strace /
+ktrace / truss on the server to see what makes it unhappy. Repeat
+the previous step until you can successfully authenticate with the
+sample client. Only then get back to Postfix. </p>
<h2><a name="client_sasl">Enabling SASL authentication in the
Postfix SMTP client</a></h2>
</pre>
</blockquote>
+<p> The Postfix SASL client password file is opened before the SMTP
+server enters the optional chroot jail, so you can keep the file
+in /etc/postfix and set permissions read / write only for root to
+keep the username:password combinations away from other system
+users. </p>
+
<p> Postfix version 2.3 supports-per-sender SASL password
information. To search the Postfix SASL password by sender
before it searches by destination, specify: </p>
</pre>
</blockquote>
-<p> The Postfix SASL client password file is opened before the SMTP server
-enters the optional chroot jail, so you can keep the file in
-/etc/postfix. </p>
-
<p> Note: Some SMTP servers support authentication mechanisms that,
although available on the client system, may not in practice work or
possess the appropriate credentials to authenticate to the server. It
</blockquote>
<p> In the above example, Postfix will decline to use mechanisms
-that require special infrastructure such as Kerberos. </p>
+that require special infrastructure such as Kerberos or TLS. </p>
<p> The Postfix SMTP client is backwards compatible with SMTP
servers that use the non-standard "AUTH=method..." syntax in response
<li> The Dovecot SMTP server-only plug-in was originally implemented by
Timo Sirainen of Procontrol, Finland.
+<li> Patrick Ben Koetter revised this document for Postfix 2.4 and
+made much needed updates.
+
</ul>
</body>
<p> With this policy delegation mechanism, a simple <a href="#greylist">
greylist </a> policy can be implemented with only a dozen lines of
-Perl, as is shown at the end of this document. Another example of
-policy delegation is the SPF policy server by Meng Wong at
-<a href="http://spf.pobox.com/">http://spf.pobox.com/</a>. Examples of both policies can be found in
-the Postfix source code, in the directory examples/smtpd-policy.
-</p>
+Perl, as is shown at the end of this document. A complete example
+can be found in the Postfix source code, in the directory
+examples/smtpd-policy. </p>
+
+<p> Another example of policy delegation is the SPF policy server
+at <a href="http://www.openspf.org/Software">http://www.openspf.org/Software</a>. </p>
<p> Policy delegation is now the preferred method for adding policies
to Postfix. It's much easier to develop a new feature in few lines
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> = /etc/postfix/client-dsa.pem
- <a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a> = $<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>
+ <a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a> = $<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>
</pre>
</blockquote>
is needed. Thus, the $<a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> directory needs to be accessible
inside the optional chroot jail. </p>
-<p> The choice between $<a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> and $<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> is
+<p> The choice between $<a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> and $<a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> is
a space/time tradeoff. If there are many trusted CAs, the cost of
preloading them all into memory may not pay off in reduced access time
when the certificate is needed. </p>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> = /etc/postfix/client-dsa.pem
- <a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a> = $<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>
+ <a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a> = $<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>
</pre>
</blockquote>
is needed. Thus, the $<a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> directory needs to be accessible
inside the optional chroot jail. </p>
-<p> The choice between $<a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> and $<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> is
+<p> The choice between $<a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> and $<a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> is
a space/time tradeoff. If there are many trusted CAs, the cost of
preloading them all into memory may not pay off in reduced access time
when the certificate is needed. </p>
the DNS requests or replies. </p>
<li> <p> If the number of <a href="smtpd.8.html">smtpd(8)</a> processes has reached the process
-limit as specified in master.cf, new SMTP clients must wait until
+limit as specified in <a href="master.5.html">master.cf</a>, new SMTP clients must wait until
a process becomes available. Increase the number of processes if
memory permits. See the instructions given under "<a
href="#proc_limit">Tuning the number of Postfix processes</a>".
<blockquote>
<pre>
-/etc/postfix/main.cf:
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
# Not needed with Postfix 2.1
<a href="postconf.5.html#smtpd_error_sleep_time">smtpd_error_sleep_time</a> = 0
</pre>
<h2><a name="conn_limit">Measures against clients that make too many connections</a></h2>
-<p> Note: this feature is not included with Postfix version 2.1. </p>
+<p> Note: the <a href="anvil.8.html">anvil(8)</a> service was introduced with Postfix version
+2.2. </p>
<p> The Postfix <a href="smtpd.8.html">smtpd(8)</a> server can limit the number of simultaneous
connections from the same SMTP client, as well as the number of
<li> <p> The <a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concurrency_limit</a> parameter (default:
20) controls how many messages may be sent to the same destination
simultaneously. You can override this setting for specific message
-delivery transports by taking the name of the master.cf entry
+delivery transports by taking the name of the <a href="master.5.html">master.cf</a> entry
and appending "_destination_concurrency_limit". </p>
</ul>
more, but not all MX hosts are down. </p>
<p> If necessary, set a higher transport_destination_concurrency_limit
-(in main.cf since this is a queue manager parameter) and a lower
-smtp_connection_timeout (with a "-o" override in master.cf since
+(in <a href="postconf.5.html">main.cf</a> since this is a queue manager parameter) and a lower
+smtp_connection_timeout (with a "-o" override in <a href="master.5.html">master.cf</a> since
this parameter has no per-transport name) for the relay transport
and any transports dedicated for specific high volume destinations.
</p>
little memory, as well as networks with low bandwidth. </p>
<p> You can change the global process limit by specifying a
-non-default <a href="postconf.5.html#default_process_limit">default_process_limit</a> in the main.cf file. For example,
+non-default <a href="postconf.5.html#default_process_limit">default_process_limit</a> in the <a href="postconf.5.html">main.cf</a> file. For example,
to run up to 10 smtp client processes, 10 smtp server processes,
and so on: </p>
<blockquote>
<pre>
-/etc/postfix/main.cf:
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#default_process_limit">default_process_limit</a> = 10
</pre>
</blockquote>
<p> You need to execute "postfix reload" to make the change effective.
The limits are enforced by the Postfix <a href="master.8.html">master(8)</a> daemon which does
-not automatically read main.cf when it changes. </p>
+not automatically read <a href="postconf.5.html">main.cf</a> when it changes. </p>
<p> You can override the process limit for specific Postfix daemons
-by editing the master.cf file. For example, if you do not wish to
+by editing the <a href="master.5.html">master.cf</a> file. For example, if you do not wish to
receive 100 SMTP messages at the same time, but do not want to
change the process limits for local mail deliveries, you could
specify: </p>
<blockquote>
<pre>
-/etc/postfix/master.cf:
+/etc/postfix/<a href="master.5.html">master.cf</a>:
# ====================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
<blockquote>
<pre>
-/etc/postfix/main.cf:
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#mydestination">mydestination</a> = $<a href="postconf.5.html#myhostname">myhostname</a> localhost.$<a href="postconf.5.html#mydomain">mydomain</a> ... example.com
</pre>
</blockquote>
<blockquote>
<pre>
- 1 /etc/postfix/main.cf:
+ 1 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
2 <a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a> = example.com ...other <a href="VIRTUAL_README.html#canonical">hosted domains</a>...
3 <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = hash:/etc/postfix/virtual
4
- 5 /etc/postfix/virtual:
+ 5 /etc/postfix/<a href="virtual.8.html">virtual</a>:
6 postmaster@example.com postmaster
7 info@example.com joe
8 sales@example.com jane
<p>Execute the command "<b>postmap /etc/postfix/virtual</b>" after
changing the virtual file, and execute the command "<b>postfix
-reload</b>" after changing the main.cf file. </p>
+reload</b>" after changing the <a href="postconf.5.html">main.cf</a> file. </p>
<p> Note: virtual aliases can resolve to a local address or to a
remote address, or both. They don't have to resolve to UNIX system
<blockquote>
<pre>
- 1 /etc/postfix/main.cf:
+ 1 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
2 <a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> = example.com ...more domains...
3 <a href="postconf.5.html#virtual_mailbox_base">virtual_mailbox_base</a> = /var/mail/vhosts
4 <a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> = hash:/etc/postfix/vmailbox
14 # @example.com example.com/catchall
15 ...virtual mailboxes for more domains...
16
-17 /etc/postfix/virtual:
+17 /etc/postfix/<a href="virtual.8.html">virtual</a>:
18 postmaster@example.com postmaster
</pre>
</blockquote>
You can use the same mechanism to redirect an address to a remote
address. </p>
-<li> <p> Line 18: This example assumes that in
main.cf, $<a href="postconf.5.html#myorigin">myorigin</a>
+<li> <p> Line 18: This example assumes that in
<a href="postconf.5.html">main.cf</a>, $<a href="postconf.5.html#myorigin">myorigin</a>
is listed under the <a href="postconf.5.html#mydestination">mydestination</a> parameter setting. If that is
not the case, specify an explicit domain name on the right-hand
side of the virtual alias table entries or else mail will go to
<p> Execute the command "<b>postmap /etc/postfix/virtual</b>" after
changing the virtual file, execute "<b>postmap /etc/postfix/vmailbox</b>"
after changing the vmailbox file, and execute the command "<b>postfix
-reload</b>" after changing the main.cf file. </p>
+reload</b>" after changing the <a href="postconf.5.html">main.cf</a> file. </p>
<p> Note: mail delivery happens with the recipient's UID/GID
privileges specified with <a href="postconf.5.html#virtual_uid_maps">virtual_uid_maps</a> and <a href="postconf.5.html#virtual_gid_maps">virtual_gid_maps</a>.
<blockquote>
<pre>
- 1 /etc/postfix/main.cf:
+ 1 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
2 <a href="postconf.5.html#virtual_transport">virtual_transport</a> = ...see below...
3 <a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> = example.com ...more domains...
4 <a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> = hash:/etc/postfix/vmailbox
12 # @example.com whatever
13 ...virtual mailboxes for more domains...
14
-15 /etc/postfix/virtual:
+15 /etc/postfix/<a href="virtual.8.html">virtual</a>:
16 postmaster@example.com postmaster
</pre>
</blockquote>
<li> <p> Line 2: With delivery to a non-Postfix mailbox store for
<a href="VIRTUAL_README.html#canonical">hosted domains</a>, the <a href="postconf.5.html#virtual_transport">virtual_transport</a> parameter usually specifies
-the Postfix LMTP client, or the name of a master.cf entry that
+the Postfix LMTP client, or the name of a <a href="master.5.html">master.cf</a> entry that
executes non-Postfix software via the pipe delivery agent. Typical
examples (use only one): </p>
<p> Postfix comes ready with support for LMTP. And an example
maildrop delivery method is already defined in the default Postfix
-
master.cf file. See the <a href="MAILDROP_README.html">MAILDROP_README</a> document for more details.
+
<a href="master.5.html">master.cf</a> file. See the <a href="MAILDROP_README.html">MAILDROP_README</a> document for more details.
</p>
<li> <p> Line 3: The <a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> setting tells Postfix
<li> <p> Lines 4, 7-13: The <a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> parameter specifies
the lookup table with all valid recipient addresses. The lookup
-result is ignored by Postfix. In the above example, info@example.com
-and sales@example.com are listed as valid addresses, and mail for
-anything else is rejected with "User unknown". If you intend to
+result value is ignored by Postfix. In the above example,
+info@example.com
+and sales@example.com are listed as valid addresses; other mail for
+example.com is rejected with "User unknown" by the Postfix SMTP
+server. It's left up to the non-Postfix delivery agent to reject
+non-existent recipients from local submission or from local alias
+expansion. If you intend to
use LDAP, MySQL or PgSQL instead of local files, be sure to review
the <a href="#local_vs_database"> "local files versus databases"</a>
section at the top of this document! </p>
postmaster. You can use the same mechanism to redirect any addresses
to a local or remote address. </p>
-<li> <p> Line 16: This example assumes that in
main.cf, $<a href="postconf.5.html#myorigin">myorigin</a>
+<li> <p> Line 16: This example assumes that in
<a href="postconf.5.html">main.cf</a>, $<a href="postconf.5.html#myorigin">myorigin</a>
is listed under the <a href="postconf.5.html#mydestination">mydestination</a> parameter setting. If that is
not the case, specify an explicit domain name on the right-hand
side of the virtual alias table entries or else mail will go to
<p> Execute the command "<b>postmap /etc/postfix/virtual</b>" after
changing the virtual file, execute "<b>postmap /etc/postfix/vmailbox</b>"
after changing the vmailbox file, and execute the command "<b>postfix
-reload</b>" after changing the main.cf file. </p>
+reload</b>" after changing the <a href="postconf.5.html">main.cf</a> file. </p>
<h2><a name="forwarding">Mail forwarding domains</a></h2>
<blockquote>
<pre>
- 1 /etc/postfix/main.cf:
+ 1 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
2 <a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a> = example.com ...other <a href="VIRTUAL_README.html#canonical">hosted domains</a>...
3 <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = hash:/etc/postfix/virtual
4
- 5 /etc/postfix/virtual:
+ 5 /etc/postfix/<a href="virtual.8.html">virtual</a>:
6 postmaster@example.com postmaster
7 joe@example.com joe@somewhere
8 jane@example.com jane@somewhere-else
<p> Execute the command "<b>postmap /etc/postfix/virtual</b>" after
changing the virtual file, and execute the command "<b>postfix
-reload</b>" after changing the main.cf file. </p>
+reload</b>" after changing the <a href="postconf.5.html">main.cf</a> file. </p>
<p> More details about the virtual alias file are given in the
<a href="virtual.5.html">virtual(5)</a> manual page, including multiple addresses on the right-hand
<blockquote>
<pre>
-/etc/postfix/main.cf:
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = hash:/etc/postfix/virtual
-/etc/postfix/virtual:
+/etc/postfix/<a href="virtual.8.html">virtual</a>:
listname-request@example.com listname-request
listname@example.com listname
owner-listname@example.com owner-listname
</pre>
</blockquote>
-<p> This example assumes that in
main.cf, $<a href="postconf.5.html#myorigin">myorigin</a> is listed under
+<p> This example assumes that in
<a href="postconf.5.html">main.cf</a>, $<a href="postconf.5.html#myorigin">myorigin</a> is listed under
the <a href="postconf.5.html#mydestination">mydestination</a> parameter setting. If that is not the case,
specify an explicit domain name on the right-hand side of the
virtual alias table entries or else mail will go to the wrong
<blockquote>
<pre>
-/etc/postfix/main.cf:
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = hash:/etc/postfix/virtual
-/etc/postfix/virtual:
+/etc/postfix/<a href="virtual.8.html">virtual</a>:
user@domain.tld user@domain.tld, user@domain.tld@autoreply.<a href="postconf.5.html#mydomain">mydomain</a>.tld
</pre>
</blockquote>
<blockquote>
<pre>
-/etc/postfix/main.cf:
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#transport_maps">transport_maps</a> = hash:/etc/postfix/transport
/etc/postfix/transport:
autoreply.<a href="postconf.5.html#mydomain">mydomain</a>.tld autoreply:
-/etc/postfix/master.cf:
+/etc/postfix/<a href="master.5.html">master.cf</a>:
# =============================================================
# service type private unpriv chroot wakeup maxproc command
# (yes) (yes) (yes) (never) (100)
the user@domain.tld recipient address on the command line. </p>
<p> For more information, see the <a href="pipe.8.html">pipe(8)</a> manual page, and the
-comments in the Postfix master.cf file. </p>
+comments in the Postfix <a href="master.5.html">master.cf</a> file. </p>
</body>
ACCESS(5) ACCESS(5)
<b>NAME</b>
- access - Postfix access table format
+ access - Postfix SMTP server access table
<b>SYNOPSIS</b>
<b>postmap /etc/postfix/access</b>
<b>postmap -q - /etc/postfix/access</b> <<i>inputfile</i>
<b>DESCRIPTION</b>
- The optional <a href="access.5.html"><b>access</b>(5)</a> table directs the Postfix SMTP
- server to selectively reject or accept mail. Access can be
- allowed or denied for specific host names, domain names,
- networks, host addresses or mail addresses.
-
- For an example, see the EXAMPLE section at the end of this
- manual page.
+ The Postfix SMTP server supports access control on remote
+ SMTP client information: host names, network addresses,
+ and envelope sender or recipient addresses. See
+ <b><a href="postconf.5.html#header_checks">header_checks</a></b>(5) or <b><a href="postconf.5.html#body_checks">body_checks</a></b>(5) for access control on
+ the content of email messages.
Normally, the <a href="access.5.html"><b>access</b>(5)</a> table is specified as a text file
that serves as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> command. The
result, an indexed file in <b>dbm</b> or <b>db</b> format, is used for
fast searching by the mail system. Execute the command
- "<b>postmap /etc/postfix/access</b>" in order to rebuild the
- indexed file after changing the access table.
+ "<b>postmap /etc/postfix/access</b>" to rebuild an indexed file
+ after changing the corresponding text file.
When the table is provided via other means such as NIS,
LDAP or SQL, the same lookups are done as for ordinary
Alternatively, the table can be provided as a regular-
expression map where patterns are given as regular expres-
sions, or lookups can be directed to TCP-based server. In
- that case, the lookups are done in a slightly different
+ those cases, the lookups are done in a slightly different
way as described below under "REGULAR EXPRESSION TABLES"
- and "TCP-BASED TABLES".
+ or "TCP-BASED TABLES".
<b>CASE FOLDING</b>
The search string is folded to lowercase before database
<b>DEFER_IF_REJECT</b> <i>optional text...</i>
Defer the request if some later restriction would
- result in a REJECT action. Reply with "<b>450</b> <i>optional</i>
- <i>text...</i> when the optional text is specified, other-
- wise reply with a generic error response message.
+ result in a REJECT action. Reply with "<b>450 4.7.1</b>
+ <i>optional text...</i> when the optional text is speci-
+ fied, otherwise reply with a generic error response
+ message.
This feature is available in Postfix 2.1 and later.
<b>DEFER_IF_PERMIT</b> <i>optional text...</i>
- Defer the request if some later restriction would
- result in a an explicit or implicit PERMIT action.
- Reply with "<b>450</b> <i>optional text...</i> when the optional
- text is specified, otherwise reply with a generic
- error response message.
+ Defer the request if some later restriction would
+ result in a an explicit or implicit PERMIT action.
+ Reply with "<b>450 4.7.1</b> <i>optional text...</i> when the
+ optional text is specified, otherwise reply with a
+ generic error response message.
This feature is available in Postfix 2.1 and later.
<b><a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a></b>, and so on).
<b>DISCARD</b> <i>optional text...</i>
- Claim successful delivery and silently discard the
- message. Log the optional text if specified, oth-
+ Claim successful delivery and silently discard the
+ message. Log the optional text if specified, oth-
erwise log a generic message.
- Note: this action currently affects all recipients
- of the message. To discard only one recipient
- without discarding the entire message, use the
+ Note: this action currently affects all recipients
+ of the message. To discard only one recipient
+ without discarding the entire message, use the
<a href="transport.5.html">transport(5)</a> table to direct mail to the <a href="discard.8.html">discard(8)</a>
service.
This feature is available in Postfix 2.0 and later.
- <b>DUNNO</b> Pretend that the lookup key was not found. This
- prevents Postfix from trying substrings of the
- lookup key (such as a subdomain name, or a network
+ <b>DUNNO</b> Pretend that the lookup key was not found. This
+ prevents Postfix from trying substrings of the
+ lookup key (such as a subdomain name, or a network
address subnetwork).
This feature is available in Postfix 2.0 and later.
<b>FILTER</b> <i>transport:destination</i>
- After the message is queued, send the entire mes-
+ After the message is queued, send the entire mes-
sage through the specified external content filter.
- The <i>transport:destination</i> syntax is described in
- the <a href="transport.5.html"><b>transport</b>(5)</a> manual page. More information
- about external content filters is in the Postfix
+ The <i>transport:destination</i> syntax is described in
+ the <a href="transport.5.html"><b>transport</b>(5)</a> manual page. More information
+ about external content filters is in the Postfix
<a href="FILTER_README.html">FILTER_README</a> file.
- Note:
this action overrides the <a href="postconf.5.html"><b>main.cf</a> <a href="postconf.5.html#content_filter">con</a>-</b>
+ Note:
this action overrides the <a href="postconf.5.html"><b>main.cf</a> <a href="postconf.5.html#content_filter">con</a>-</b>
<b><a href="postconf.5.html#content_filter">tent_filter</a></b> setting, and currently affects all
recipients of the message.
This feature is available in Postfix 2.0 and later.
<b>HOLD</b> <i>optional text...</i>
- Place the message on the <b>hold</b> queue, where it will
- sit until someone either deletes it or releases it
- for delivery. Log the optional text if specified,
+ Place the message on the <b>hold</b> queue, where it will
+ sit until someone either deletes it or releases it
+ for delivery. Log the optional text if specified,
otherwise log a generic message.
- Mail that is placed on hold can be examined with
- the <a href="postcat.1.html"><b>postcat</b>(1)</a> command, and can be destroyed or
+ Mail that is placed on hold can be examined with
+ the <a href="postcat.1.html"><b>postcat</b>(1)</a> command, and can be destroyed or
released with the <a href="postsuper.1.html"><b>postsuper</b>(1)</a> command.
- Note: use "<b>postsuper -r</b>" to release mail that was
- kept
on hold for a significant fraction of <b>$<a href="postconf.5.html#maximal_queue_lifetime">maxi</a>-</b>
+ Note: use "<b>postsuper -r</b>" to release mail that was
+ kept
on hold for a significant fraction of <b>$<a href="postconf.5.html#maximal_queue_lifetime">maxi</a>-</b>
<b><a href="postconf.5.html#maximal_queue_lifetime">mal_queue_lifetime</a></b> or <b>$<a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a></b>, or
- longer.
+ longer. Use "<b>postsuper -H</b>" only for mail that will
+ not expire within a few delivery attempts.
Note: this action currently affects all recipients
of the message.
<b>PREPEND</b> <i>headername: headervalue</i>
Prepend the specified message header to the mes-
- sage. When this action is used multiple times, the
- first prepended header appears before the second
- etc. prepended header.
-
- Note: this action does not support multi-line mes-
- sage headers.
+ sage. When more than one PREPEND action executes,
+ the first prepended header appears before the sec-
+ ond etc. prepended header.
- Note: this action must be used before the message
- content is received; it cannot be used in
- <b><a href="postconf.5.html#smtpd_end_of_data_restrictions">smtpd_end_of_data_restrictions</a></b>.
+ Note: this action must execute before the message
+ content is received; it cannot execute in the con-
+
text of <b><a href="postconf.5.html#smtpd_end_of_data_restrictions">smtpd_end_of_data_restrictions</a></b>.
This feature is available in Postfix 2.1 and later.
<b>REDIRECT</b> <i>user@domain</i>
- After the message is queued, send the message to
+ After the message is queued, send the message to
the specified address instead of the intended
recipient(s).
- Note: this action overrides the FILTER action, and
+ Note: this action overrides the FILTER action, and
currently affects all recipients of the message.
This feature is available in Postfix 2.1 and later.
<b>WARN</b> <i>optional text...</i>
Log a warning with the optional text, together with
- client information and if available, with helo,
+ client information and if available, with helo,
sender, recipient and protocol information.
This feature is available in Postfix 2.1 and later.
<b>ENHANCED STATUS CODES</b>
- Postfix version 2.3 and later support enhanced status
- codes as defined in <a href="http://www.faqs.org/rfcs/rfc3463.html">RFC 3463</a>. When an enhanced status
- code is specified in an access table, it is subject to
- modification. The following transformations are needed
- when the same access table is used for client, helo,
- sender, or recipient access restrictions; they happen
+ Postfix version 2.3 and later support enhanced status
+ codes as defined in <a href="http://www.faqs.org/rfcs/rfc3463.html">RFC 3463</a>. When an enhanced status
+ code is specified in an access table, it is subject to
+ modification. The following transformations are needed
+ when the same access table is used for client, helo,
+ sender, or recipient access restrictions; they happen
regardless of whether Postfix replies to a MAIL FROM, RCPT
TO or other SMTP command.
- <b>o</b> When a sender address matches a REJECT action, the
- Postfix SMTP server will transform a recipient DSN
- status (e.g., 4.1.1-4.1.6) into the corresponding
+ <b>o</b> When a sender address matches a REJECT action, the
+ Postfix SMTP server will transform a recipient DSN
+ status (e.g., 4.1.1-4.1.6) into the corresponding
sender DSN status, and vice versa.
- <b>o</b> When non-address information matches a REJECT
- action (such as the HELO command argument or the
- client hostname/address), the Postfix SMTP server
- will transform a sender or recipient DSN status
- into a generic non-address DSN status (e.g.,
+ <b>o</b> When non-address information matches a REJECT
+ action (such as the HELO command argument or the
+ client hostname/address), the Postfix SMTP server
+ will transform a sender or recipient DSN status
+ into a generic non-address DSN status (e.g.,
4.0.0).
<b>REGULAR EXPRESSION TABLES</b>
- This section describes how the table lookups change when
+ This section describes how the table lookups change when
the table is given in the form of regular expressions. For
- a description of regular expression lookup table syntax,
+ a description of regular expression lookup table syntax,
see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
- Each pattern is a regular expression that is applied to
+ Each pattern is a regular expression that is applied to
the entire string being looked up. Depending on the appli-
- cation, that string is an entire client hostname, an
+ cation, that string is an entire client hostname, an
entire client IP address, or an entire mail address. Thus,
no parent domain or parent network search is done,
- <i>user@domain</i> mail addresses are not broken up into their
+ <i>user@domain</i> mail addresses are not broken up into their
<i>user@</i> and <i>domain</i> constituent parts, nor is <i>user+foo</i> broken
up into <i>user</i> and <i>foo</i>.
- Patterns are applied in the order as specified in the ta-
- ble, until a pattern is found that matches the search
+ Patterns are applied in the order as specified in the ta-
+ ble, until a pattern is found that matches the search
string.
- Actions are the same as with indexed file lookups, with
- the additional feature that parenthesized substrings from
+ Actions are the same as with indexed file lookups, with
+ the additional feature that parenthesized substrings from
the pattern can be interpolated as <b>$1</b>, <b>$2</b> and so on.
<b>TCP-BASED TABLES</b>
- This section describes how the table lookups change when
+ This section describes how the table lookups change when
lookups are directed to a TCP-based server. For a descrip-
tion of the TCP client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_ta-</b></a>
<a href="tcp_table.5.html"><b>ble</b>(5)</a>. This feature is not available up to and including
- Postfix version 2.3.
+ Postfix version 2.4.
- Each lookup operation uses the entire query string once.
- Depending on the application, that string is an entire
+ Each lookup operation uses the entire query string once.
+ Depending on the application, that string is an entire
client hostname, an entire client IP address, or an entire
- mail address. Thus, no parent domain or parent network
- search is done, <i>user@domain</i> mail addresses are not broken
- up into their <i>user@</i> and <i>domain</i> constituent parts, nor is
+ mail address. Thus, no parent domain or parent network
+ search is done, <i>user@domain</i> mail addresses are not broken
+ up into their <i>user@</i> and <i>domain</i> constituent parts, nor is
<i>user+foo</i> broken up into <i>user</i> and <i>foo</i>.
Actions are the same as with indexed file lookups.
<b>EXAMPLE</b>
- The following example uses an indexed file, so that the
- order of table entries does not matter. The example per-
- mits access by the client at address 1.2.3.4 but rejects
- all other clients in 1.2.3.0/24. Instead of <b>hash</b> lookup
- tables, some systems use <b>dbm</b>. Use the command "<b>postconf</b>
- <b>-m</b>" to find out what lookup tables Postfix supports on
+ The following example uses an indexed file, so that the
+ order of table entries does not matter. The example per-
+ mits access by the client at address 1.2.3.4 but rejects
+ all other clients in 1.2.3.0/24. Instead of <b>hash</b> lookup
+ tables, some systems use <b>dbm</b>. Use the command "<b>postconf</b>
+ <b>-m</b>" to find out what lookup tables Postfix supports on
your system.
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
editing the file.
<b>BUGS</b>
- The table format does not understand quoting conventions.
+ The table format does not understand quoting conventions.
<b>SEE ALSO</b>
<a href="postmap.1.html">postmap(1)</a>, Postfix lookup table manager
<a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
When the command fails, a limited amount of command
output is mailed back to the sender. The file
<b>/usr/include/sysexits.h</b> defines the expected exit
- status codes. For example, use <b>|"exit 67"</b> to simu-
- late a "user unknown" error, and <b>|"exit 0"</b> to
+ status codes. For example, use <b>"|exit 67"</b> to simu-
+ late a "user unknown" error, and <b>"|exit 0"</b> to
implement an expensive black hole.
<b>:include:</b><i>/file/name</i>
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
The maximum amount of time that an idle Postfix
- daemon process waits for the next service request
- before exiting.
+ daemon process waits for an incoming connection
+ before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of connection requests before a
- Postfix daemon process terminates.
+ The maximal number of incoming connections that a
+ Postfix daemon process will service before termi-
+ nating voluntarily.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
+ The process ID of a Postfix command or daemon
process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
+ The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
+ The mail system name that is prepended to the
+ process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
<b>SEE ALSO</b>
<a href="TUNING_README.html">TUNING_README</a>, performance tuning
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>HISTORY</b>
bounce template formats.
<b>GENERAL PROCEDURE</b>
- To create customized bounce template file, create a tempo-
- rary copy of the file <b>/etc/postfix/bounce.cf.default</b> and
+ To create a customized bounce template file, create a tem-
+ porary copy of the file <b>/etc/postfix/bounce.cf.default</b> and
edit the temporary file.
To preview the results of $<i>name</i> expansions in the template
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
The maximum amount of time that an idle Postfix
- daemon process waits for the next service request
- before exiting.
+ daemon process waits for an incoming connection
+ before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of connection requests before a
- Postfix daemon process terminates.
+ The maximal number of incoming connections that a
+ Postfix daemon process will service before termi-
+ nating voluntarily.
<b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
- The list of error classes that are reported to the
+ The list of error classes that are reported to the
postmaster.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
+ The process ID of a Postfix command or daemon
process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
+ The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
+ The location of the Postfix top-level queue direc-
tory.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
+ The mail system name that is prepended to the
+ process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
<b>FILES</b>
syslogd(8), system logging
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
file that serves as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> command. The
result, an indexed file in <b>dbm</b> or <b>db</b> format, is used for
fast searching by the mail system. Execute the command
- "<b>postmap /etc/postfix/canonical</b>" in order to rebuild the
- indexed file after changing the text file.
+ "<b>postmap /etc/postfix/canonical</b>" to rebuild an indexed
+ file after changing the corresponding text file.
When the table is provided via other means such as NIS,
LDAP or SQL, the same lookups are done as for ordinary
Alternatively, the table can be provided as a regular-
expression map where patterns are given as regular expres-
sions, or lookups can be directed to TCP-based server. In
- that case, the lookups are done in a slightly different
+ those cases, the lookups are done in a slightly different
way as described below under "REGULAR EXPRESSION TABLES"
- and "TCP-BASED TABLES".
+ or "TCP-BASED TABLES".
By default the <a href="canonical.5.html"><b>canonical</b>(5)</a> mapping affects both message
header addresses (i.e. addresses that appear inside mes-
addresses produced by legacy mail systems.
The <a href="canonical.5.html"><b>canonical</b>(5)</a> mapping is not to be confused with <i>vir-</i>
- <i>tual domain</i> support. Use the <a href="virtual.5.html"><b>virtual</b>(5)</a> map for that pur-
- pose.
-
- The <a href="canonical.5.html"><b>canonical</b>(5)</a> mapping is not to be confused with local
- aliasing. Use the <a href="aliases.5.html"><b>aliases</b>(5)</a> map for that purpose.
+ <i>tual alias</i> support or with local aliasing. To change the
+ destination but not the headers, use the <a href="virtual.5.html"><b>virtual</b>(5)</a> or
+ <a href="aliases.5.html"><b>aliases</b>(5)</a> map instead.
<b>CASE FOLDING</b>
The search string is folded to lowercase before database
Replace other addresses in <i>domain</i> by <i>address</i>. This
form has the lowest precedence.
+ Note: @<i>domain</i> is a wild-card. When this form is
+ applied to recipient addresses, the Postfix SMTP
+ server accepts mail for any recipient in <i>domain</i>,
+ regardless of whether that recipient exists. This
+ may turn your mail system into a backscatter source
+ that returns undeliverable spam to innocent people.
+
<b>RESULT ADDRESS REWRITING</b>
The lookup result is subject to address rewriting:
lookups are directed to a TCP-based server. For a descrip-
tion of the TCP client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_ta-</b></a>
<a href="tcp_table.5.html"><b>ble</b>(5)</a>. This feature is not available up to and including
- Postfix version 2.3.
+ Postfix version 2.4.
Each lookup operation uses the entire address once. Thus,
<i>user@domain</i> mail addresses are not broken up into their
The Postfix mail system uses optional lookup tables.
These tables are usually in <b>dbm</b> or <b>db</b> format. Alterna-
tively, lookup tables can be specified in CIDR (Classless
- Inter-Domain Routing) form.
+ Inter-Domain Routing) form. In this case, each input is
+ compared against a list of patterns. When a match is
+ found, the corresponding result is returned and the search
+ is terminated.
- To find out what types of lookup tables your Postfix sys-
+ To find out what types of lookup tables your Postfix sys-
tem supports use the "<b>postconf -m</b>" command.
- To test lookup tables, use the "<b>postmap -q</b>" command as
+ To test lookup tables, use the "<b>postmap -q</b>" command as
described in the SYNOPSIS above.
<b>TABLE FORMAT</b>
The general form of a Postfix CIDR table is:
<i>network</i><b>_</b><i>address</i><b>/</b><i>network</i><b>_</b><i>mask result</i>
- When a search string matches the specified network
- block, use the corresponding <i>result</i> value. Specify
- 0.0.0.0/0 to match every IPv4 address, and ::/0 to
+ When a search string matches the specified network
+ block, use the corresponding <i>result</i> value. Specify
+ 0.0.0.0/0 to match every IPv4 address, and ::/0 to
match every IPv6 address.
An IPv4 network address is a sequence of four deci-
- mal octets separated by ".", and an IPv6 network
+ mal octets separated by ".", and an IPv6 network
address is a sequence of three to eight hexadecimal
octet pairs separated by ":".
- Before comparisons are made, lookup keys and table
+ Before comparisons are made, lookup keys and table
entries are converted from string to binary. There-
- fore table entries will be matched regardless of
+ fore table entries will be matched regardless of
redundant zero characters.
- Note: address information may be enclosed inside
+ Note: address information may be enclosed inside
"[]" but this form is not recommended.
IPv6 support is available in Postfix 2.2 and later.
<i>network</i><b>_</b><i>address result</i>
- When a search string matches the specified network
+ When a search string matches the specified network
address, use the corresponding <i>result</i> value.
blank lines and comments
- Empty lines and whitespace-only lines are ignored,
- as are lines whose first non-whitespace character
+ Empty lines and whitespace-only lines are ignored,
+ as are lines whose first non-whitespace character
is a `#'.
multi-line text
- A logical line starts with non-whitespace text. A
- line that starts with whitespace continues a logi-
+ A logical line starts with non-whitespace text. A
+ line that starts with whitespace continues a logi-
cal line.
<b>TABLE SEARCH ORDER</b>
- Patterns are applied in the order as specified in the ta-
- ble, until a pattern is found that matches the search
+ Patterns are applied in the order as specified in the ta-
+ ble, until a pattern is found that matches the search
string.
<b>EXAMPLE SMTPD ACCESS MAP</b>
- /etc/postfix/main.cf:
+ /etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> = ... <a href="cidr_table.5.html">cidr</a>:/etc/postfix/client.cidr ...
/etc/postfix/client.<a href="cidr_table.5.html">cidr</a>:
<b>AUTHOR(S)</b>
The CIDR table lookup code was originally written by:
Jozsef Kadlecsik
- kadlec@blackhole.kfki.hu
KFKI Research Institute for Particle and Nuclear Physics
POB. 49
1525 Budapest, Hungary
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
The maximum amount of time that an idle Postfix
- daemon process waits for the next service request
- before exiting.
+ daemon process waits for an incoming connection
+ before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of connection requests before a
- Postfix daemon process terminates.
+ The maximal number of incoming connections that a
+ Postfix daemon process will service before termi-
+ nating voluntarily.
<b><a href="postconf.5.html#myhostname">myhostname</a> (see 'postconf -d' output)</b>
The internet hostname of this mail system.
<b><a href="postconf.5.html#myorigin">myorigin</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
The domain name that locally-posted mail appears to
- come from, and that locally posted mail is deliv-
+ come from, and that locally posted mail is deliv-
ered to.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
+ The process ID of a Postfix command or daemon
process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
+ The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
+ The location of the Postfix top-level queue direc-
tory.
<b><a href="postconf.5.html#soft_bounce">soft_bounce</a> (no)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
+ The mail system name that is prepended to the
+ process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#enable_original_recipient">enable_original_recipient</a> (yes)</b>
- Enable support for the X-Original-To message
+ Enable support for the X-Original-To message
header.
<b>FILES</b>
<a href="CONTENT_INSPECTION_README.html">CONTENT_INSPECTION_README</a> content inspection
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
The maximum amount of time that an idle Postfix
- daemon process waits for the next service request
- before exiting.
+ daemon process waits for an incoming connection
+ before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of connection requests before a
- Postfix daemon process terminates.
+ The maximal number of incoming connections that a
+ Postfix daemon process will service before termi-
+ nating voluntarily.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
+ The process ID of a Postfix command or daemon
process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
+ The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
+ The location of the Postfix top-level queue direc-
tory.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
+ The mail system name that is prepended to the
+ process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
<b>SEE ALSO</b>
syslogd(8), system logging
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>HISTORY</b>
<b>DESCRIPTION</b>
The Postfix <a href="error.8.html"><b>error</b>(8)</a> delivery agent processes delivery
requests from the queue manager. Each request specifies a
- queue file, a sender address, a domain or host name that
- is treated as the reason for non-delivery, and recipient
+ queue file, a sender address, the reason for non-delivery
+ (specified as the next-hop destination), and recipient
information. The reason may be prefixed with an RFC
3463-compatible detail code. This program expects to be
run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
The maximum amount of time that an idle Postfix
- daemon process waits for the next service request
- before exiting.
+ daemon process waits for an incoming connection
+ before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of connection requests before a
- Postfix daemon process terminates.
+ The maximal number of incoming connections that a
+ Postfix daemon process will service before termi-
+ nating voluntarily.
<b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
- The list of error classes that are reported to the
+ The list of error classes that are reported to the
postmaster.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
+ The process ID of a Postfix command or daemon
process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
+ The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
+ The location of the Postfix top-level queue direc-
tory.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
+ The mail system name that is prepended to the
+ process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
<b>SEE ALSO</b>
syslogd(8), system logging
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
The maximum amount of time that an idle Postfix
- daemon process waits for the next service request
- before exiting.
+ daemon process waits for an incoming connection
+ before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of connection requests before a
- Postfix daemon process terminates.
+ The maximal number of incoming connections that a
+ Postfix daemon process will service before termi-
+ nating voluntarily.
- <b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> (see 'postconf -d' out-</b>
+ <b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> (see 'postconf -d' out-</b>
<b>put)</b>
What Postfix features match subdomains of
"domain.tld" automatically, instead of requiring an
explicit ".domain.tld" pattern.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
+ The process ID of a Postfix command or daemon
process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
+ The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
+ The location of the Postfix top-level queue direc-
tory.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
+ The mail system name that is prepended to the
+ process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
<b>FILES</b>
<a href="ETRN_README.html">ETRN_README</a>, Postfix ETRN howto
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>HISTORY</b>
that serves as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> command. The
result, an indexed file in <b>dbm</b> or <b>db</b> format, is used for
fast searching by the mail system. Execute the command
- "<b>postmap /etc/postfix/generic</b>" in order to rebuild the
- indexed file after changing the text file.
+ "<b>postmap /etc/postfix/generic</b>" to rebuild an indexed file
+ after changing the corresponding text file.
When the table is provided via other means such as NIS,
LDAP or SQL, the same lookups are done as for ordinary
Alternatively, the table can be provided as a regular-
expression map where patterns are given as regular expres-
sions, or lookups can be directed to TCP-based server. In
- that case, the lookups are done in a slightly different
+ those case, the lookups are done in a slightly different
way as described below under "REGULAR EXPRESSION TABLES"
- and "TCP-BASED TABLES".
+ or "TCP-BASED TABLES".
<b>CASE FOLDING</b>
The search string is folded to lowercase before database
lookups are directed to a TCP-based server. For a descrip-
tion of the TCP client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_ta-</b></a>
<a href="tcp_table.5.html"><b>ble</b>(5)</a>. This feature is not available up to and including
- Postfix version 2.3.
+ Postfix version 2.4.
Each lookup operation uses the entire address once. Thus,
<i>user@domain</i> mail addresses are not broken up into their
<b>postmap -fq - <a href="pcre_table.5.html">pcre</a>:/etc/postfix/</b><i>filename</i> <<i>inputfile</i>
<b>DESCRIPTION</b>
- Postfix provides a simple built-in content inspection
- mechanism that examines incoming mail one message header
- or one message body line at a time. Each input is compared
- against a list of patterns, and when a match is found the
- corresponding action is executed. This feature is imple-
- mented by the Postfix <a href="cleanup.8.html"><b>cleanup</b>(8)</a> server.
+ The Postfix <a href="cleanup.8.html"><b>cleanup</b>(8)</a> server supports access control on
+ the content of message headers and message body lines.
+ See <a href="access.5.html"><b>access</b>(5)</a> for access control on remote SMTP client
+ information.
+
+ Each message header or message body line is compared
+ against a list of patterns. When a match is found the
+ corresponding action is executed, and the matching process
+ is repeated for the next message header or message body
+ line.
For examples, see the EXAMPLES section at the end of this
manual page.
mation about external content filters is in the
Postfix <a href="FILTER_README.html">FILTER_README</a> file.
- Note: this action overrides the <
b>main.cf <a href="postconf.5.html#content_filter">con</a>-</b>
+ Note: this action overrides the <
a href="postconf.5.html"><b>main.cf</a> <a href="postconf.5.html#content_filter">con</a>-</b>
<b><a href="postconf.5.html#content_filter">tent_filter</a></b> setting, and affects all recipients of
the message. In the case that multiple <b>FILTER</b>
actions fire, only the last one is executed.
Note: use "<b>postsuper -r</b>" to release mail that was
kept on hold for a significant fraction of <b>$<a href="postconf.5.html#maximal_queue_lifetime">maxi</a>-</b>
<b><a href="postconf.5.html#maximal_queue_lifetime">mal_queue_lifetime</a></b> or <b>$<a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a></b>, or
- longer.
+ longer. Use "<b>postsuper -H</b>" only for mail that will
+ not expire within a few delivery attempts.
- Note: this action affects all recipients of the
+ Note: this action affects all recipients of the
message.
This feature is available in Postfix 2.0 and later.
- <b>IGNORE</b> Delete the current line from the input and inspect
+ <b>IGNORE</b> Delete the current line from the input and inspect
the next input line.
<b>PREPEND</b> <i>text...</i>
Notes:
- <b>o</b> The prepended text is output on a separate
+ <b>o</b> The prepended text is output on a separate
line, immediately before the input that
triggered the <b>PREPEND</b> action.
<b>o</b> The prepended text is not considered part of
- the input stream: it is not subject to
+ the input stream: it is not subject to
header/body checks or address rewriting, and
it does not affect the way that Postfix adds
missing message headers.
<b>o</b> When prepending text before a message header
- line, the prepended text must begin with a
+ line, the prepended text must begin with a
valid message header label.
<b>o</b> This action cannot be used to prepend multi-
This feature is available in Postfix 2.1 and later.
<b>REDIRECT</b> <i>user@domain</i>
- Write a message redirection request to the queue
- file and inspect the next input line. After the
+ Write a message redirection request to the queue
+ file and inspect the next input line. After the
message is queued, it will be sent to the specified
address instead of the intended recipient(s).
- Note: this action overrides the <b>FILTER</b> action, and
- affects all recipients of the message. If multiple
- <b>REDIRECT</b> actions fire, only the last one is exe-
+ Note: this action overrides the <b>FILTER</b> action, and
+ affects all recipients of the message. If multiple
+ <b>REDIRECT</b> actions fire, only the last one is exe-
cuted.
This feature is available in Postfix 2.1 and later.
<b>REPLACE</b> <i>text...</i>
- Replace the current line with the specified text
+ Replace the current line with the specified text
and inspect the next input line.
This feature is available in Postfix 2.2 and later.
- The description below applies to Postfix 2.2.2 and
+ The description below applies to Postfix 2.2.2 and
later.
Notes:
- <b>o</b> When replacing a message header line, the
- replacement text must begin with a valid
+ <b>o</b> When replacing a message header line, the
+ replacement text must begin with a valid
header label.
- <b>o</b> The replaced text remains part of the input
- stream. Unlike the result from the <b>PREPEND</b>
- action, a replaced message header may be
- subject to address rewriting and may affect
- the way that Postfix adds missing message
+ <b>o</b> The replaced text remains part of the input
+ stream. Unlike the result from the <b>PREPEND</b>
+ action, a replaced message header may be
+ subject to address rewriting and may affect
+ the way that Postfix adds missing message
headers.
<b>REJECT</b> <i>optional text...</i>
- Reject the entire message. Reply with <i>optional</i>
+ Reject the entire message. Reply with <i>optional</i>
<i>text...</i> when the optional text is specified, other-
wise reply with a generic error message.
- Note: this action disables further header or
- <a href="postconf.5.html#body_checks">body_checks</a> inspection of the current message and
+ Note: this action disables further header or
+ <a href="postconf.5.html#body_checks">body_checks</a> inspection of the current message and
affects all recipients.
Postfix version 2.3 and later support enhanced sta-
enhanced status code of "5.7.1".
<b>WARN</b> <i>optional text...</i>
- Log a warning with the <i>optional text...</i> (or log a
- generic message) and inspect the next input line.
+ Log a warning with the <i>optional text...</i> (or log a
+ generic message) and inspect the next input line.
This action is useful for debugging and for testing
a pattern before applying more drastic actions.
<b>BUGS</b>
- Many people overlook the main limitations of header and
- <a href="postconf.5.html#body_checks">body_checks</a> rules. These rules operate on one logical
- message header or one body line at a time, and a decision
- made for one line is not carried over to the next line.
+ Many people overlook the main limitations of header and
+ <a href="postconf.5.html#body_checks">body_checks</a> rules. These rules operate on one logical
+ message header or one body line at a time, and a decision
+ made for one line is not carried over to the next line.
If text in the message body is encoded (<a href="http://www.faqs.org/rfcs/rfc2045.html">RFC 2045</a>) then the
- rules have to specified for the encoded form. Likewise,
+ rules have to specified for the encoded form. Likewise,
when message headers are encoded (<a href="http://www.faqs.org/rfcs/rfc2047.html">RFC 2047</a>) then the rules
need to be specified for the encoded form.
- Message headers added by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon itself are
+ Message headers added by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon itself are
excluded from inspection. Examples of such message headers
are <b>From:</b>, <b>To:</b>, <b>Message-ID:</b>, <b>Date:</b>.
- Message headers deleted by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon will be
+ Message headers deleted by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon will be
examined before they are deleted. Examples are: <b>Bcc:, Con-</b>
<b>tent-Length:</b>, <b>Return-Path:</b>.
<b><a href="postconf.5.html#body_checks">body_checks</a></b>
Lookup tables with content filter rules for message
body lines. These filters see one physical line at
- a
time, in chunks of at most <b>$<a href="postconf.5.html#line_length_limit">line_length_limit</a></b>
+ a
time, in chunks of at most <b>$<a href="postconf.5.html#line_length_limit">line_length_limit</a></b>
bytes.
<b><a href="postconf.5.html#body_checks_size_limit">body_checks_size_limit</a></b>
- The amount of content per message body segment
+ The amount of content per message body segment
(attachment) that is subjected to <b>$<a href="postconf.5.html#body_checks">body_checks</a></b> fil-
tering.
<b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a></b> (default: <b>$<a href="postconf.5.html#header_checks">header_checks</a></b>)
Lookup tables with content filter rules for message
- header lines: respectively, these are applied to
- the initial message headers (not including MIME
- headers), to the MIME headers anywhere in the mes-
- sage, and to the initial headers of attached mes-
+ header lines: respectively, these are applied to
+ the initial message headers (not including MIME
+ headers), to the MIME headers anywhere in the mes-
+ sage, and to the initial headers of attached mes-
sages.
- Note: these filters see one logical message header
- at a time, even when a message header spans multi-
- ple lines. Message headers that are longer than
+ Note: these filters see one logical message header
+ at a time, even when a message header spans multi-
+ ple lines. Message headers that are longer than
<b>$<a href="postconf.5.html#header_size_limit">header_size_limit</a></b> characters are truncated.
<b><a href="postconf.5.html#disable_mime_input_processing">disable_mime_input_processing</a></b>
- While receiving mail, give no special treatment to
- MIME related message headers; all text after the
+ While receiving mail, give no special treatment to
+ MIME related message headers; all text after the
initial message headers is considered to be part of
- the message body. This means that <b><a href="postconf.5.html#header_checks">header_checks</a></b> is
- applied to all the initial message headers, and
+ the message body. This means that <b><a href="postconf.5.html#header_checks">header_checks</a></b> is
+ applied to all the initial message headers, and
that <b><a href="postconf.5.html#body_checks">body_checks</a></b> is applied to the remainder of the
message.
- Note: when used in this manner, <b><a href="postconf.5.html#body_checks">body_checks</a></b> will
- process a multi-line message header one line at a
+ Note: when used in this manner, <b><a href="postconf.5.html#body_checks">body_checks</a></b> will
+ process a multi-line message header one line at a
time.
<b>EXAMPLES</b>
- Header pattern to block attachments with bad file name
+ Header pattern to block attachments with bad file name
extensions.
- /etc/postfix/main.cf:
+ /etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#header_checks">header_checks</a> = <a href="regexp_table.5.html">regexp</a>:/etc/postfix/header_checks
/etc/postfix/header_checks:
Body pattern to stop a specific HTML browser vulnerability
exploit.
- /etc/postfix/main.cf:
+ /etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#body_checks">body_checks</a> = <a href="regexp_table.5.html">regexp</a>:/etc/postfix/body_checks
/etc/postfix/body_checks:
<a href="BACKSCATTER_README.html">BACKSCATTER_README</a>, blocking returned forged mail
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
In order to use LDAP lookups, define an LDAP source as a
lookup table in <a href="postconf.5.html">main.cf</a>, for example:
+
<a href="postconf.5.html#alias_maps">alias_maps</a> = <a href="ldap_table.5.html">ldap</a>:/etc/postfix/ldap-aliases.cf
The file /etc/postfix/ldap-aliases.cf has the same format
For example, NEVER do this in a map defining $<a href="postconf.5.html#mydestination">mydestina</a>-
<a href="postconf.5.html#mydestination">tion</a>:
+
query_filter = domain=*
result_attribute = domain
Do this instead:
+
query_filter = domain=%s
result_attribute = domain
<b>server_host (default: localhost)</b>
The name of the host running the LDAP server, e.g.
+
server_host = ldap.example.com
Depending on the LDAP client library you're using,
the first one fail. It should also be possible to
give each server in the list a different port
(overriding <b>server_port</b> below), by naming them like
+
server_host = ldap.example.com:1444
With OpenLDAP, a (list of) LDAP URLs can be used to
specify both the hostname(s) and the port(s):
+
server_host = <a href="ldap_table.5.html">ldap</a>://ldap.example.com:1444
<a href="ldap_table.5.html">ldap</a>://ldap2.example.com:1444
supported, including connections over UNIX domain
sockets, and LDAP SSL (the last one provided that
OpenLDAP was compiled with support for SSL):
+
server_host = ldapi://%2Fsome%2Fpath
ldaps://ldap.example.com:636
<b>server_port (default: 389)</b>
The port the LDAP server listens on, e.g.
+
server_port = 778
<b>timeout (default: 10 seconds)</b>
The number of seconds a search can take before tim-
ing out, e.g.
+
timeout = 5
<b>search_base (No default; you must configure this)</b>
The <a href="http://www.faqs.org/rfcs/rfc2253.html">RFC2253</a> base DN at which to conduct the search,
e.g.
+
search_base = dc=your, dc=com
With Postfix 2.2 and later this parameter supports
The <a href="http://www.faqs.org/rfcs/rfc2254.html">RFC2254</a> filter used to search the directory,
where <b>%s</b> is a substitute for the address Postfix is
trying to resolve, e.g.
+
query_filter = (&(mail=%s)(paid_up=true))
This parameter supports the following '%' expan-
lookups, bare domain lookups and "@domain" lookups
are not performed. This can significantly reduce
the query load on the LDAP server.
+
domain = postfix.org, hash:/etc/postfix/search-
domains
The attribute(s) Postfix will read from any direc-
tory entries returned by the lookup, to be resolved
to an email address.
+
result_attribute = mailbox, maildrop
- <b>special_result_attribute (No default)</b>
+ <b>special_result_attribute (default: empty)</b>
The attribute(s) of directory entries that can con-
tain DNs or URLs. If found, a recursive subsequent
search is done using their values.
- special_result_attribute = member
+
+ special_result_attribute = memberdn
DN recursion retrieves the same result_attributes
as the main query, including the special attributes
map's special result attributes, these are also
retrieved and used recursively.
+ <b>terminal_result_attribute (default: empty)</b>
+ When one or more terminal result attributes are
+ found in an LDAP entry, all other result attributes
+ are ignored and only the terminal result attributes
+ are returned. This is useful for delegating expan-
+ sion of group members to a particular host, by
+ using an optional "maildrop" attribute on selected
+ groups to route the group to a specific host, where
+ the group is expanded, possibly via mailing-list
+ manager or other special processing.
+
+ terminal_result_attribute = maildrop
+
+ This feature is available with Postfix 2.4 or
+ later.
+
+ <b>leaf_result_attribute (default: empty)</b>
+ When one or more special result attributes are
+ found in a non-terminal (see above) LDAP entry,
+ leaf result attributes are excluded from the expan-
+ sion of that entry. This is useful when expanding
+ groups and the desired mail address attribute(s) of
+ the member objects obtained via DN or URI recursion
+ are also present in the group object. To only
+ return the attribute values from the leaf objects
+ and not the containing group, add the attribute to
+ the leaf_result_attribute list, and not the
+ result_attribute list, which is always expanded.
+ Note, the default value of "result_attribute" is
+ not empty, you may want to set it explicitly empty
+ when using "leaf_result_attribute" to expand the
+ group to a list of member DN addresses. If groups
+ have both member DN references AND attributes that
+ hold multiple string valued rfc822 addresses, then
+ the string attributes go in "result_attribute".
+ The attributes that represent the email addresses
+ of objects referenced via a DN (or LDAP URI) go in
+ "leaf_result_attribute".
+
+ result_attribute = memberaddr
+ special_result_attribute = memberdn
+ terminal_result_attribute = maildrop
+ leaf_result_attribute = mail
+
+ This feature is available with Postfix 2.4 or
+ later.
+
<b>scope (default: sub)</b>
The LDAP search scope: <b>sub</b>, <b>base</b>, or <b>one</b>. These
translate into LDAP_SCOPE_SUBTREE, LDAP_SCOPE_BASE,
Whether or not to bind to the LDAP server. Newer
LDAP implementations don't require clients to bind,
which saves time. Example:
+
bind = no
If you do need to bind, you might consider config-
<b>bind_dn (default: empty)</b>
If you do have to bind, do it with this distin-
guished name. Example:
+
bind_dn = uid=postfix, dc=your, dc=com
<b>bind_pw (default: empty)</b>
because <a href="postconf.5.html">main.cf</a> needs to be world readable to allow
local accounts to submit mail via the sendmail com-
mand. Example:
+
bind_pw = postfixpw
<b>cache (IGNORED with a warning)</b>
LDAP SSL service can be requested by using a LDAP SSL URL
in the server_host parameter:
+
server_host = ldaps://ldap.example.com:636
STARTTLS can be turned on with the start_tls parameter:
+
start_tls = yes
Both forms require LDAP protocol version 3, which has to
be set explicitly with:
+
version = 3
If any of the Postfix programs querying the map is config-
<b>EXAMPLE</b>
Here's a basic example for using LDAP to look up <a href="local.8.html">local(8)</a>
aliases. Assume that in <a href="postconf.5.html">main.cf</a>, you have:
+
<a href="postconf.5.html#alias_maps">alias_maps</a> = hash:/etc/aliases,
<a href="ldap_table.5.html">ldap</a>:/etc/postfix/ldap-aliases.cf
and in <a href="ldap_table.5.html">ldap</a>:/etc/postfix/ldap-aliases.cf you have:
- server_host = ldap.my.com
- search_base = dc=my, dc=com
+
+ server_host = ldap.example.com
+ search_base = dc=example, dc=com
Upon receiving mail for a local address "ldapuser" that
isn't found in the /etc/aliases database, Postfix will
- search the LDAP server listening at port 389 on
- ldap.my.com. It will bind anonymously, search for any
- directory entries whose mailacceptinggeneralid attribute
- is "ldapuser", read the "maildrop" attributes of those
- found, and build a list of their maildrops, which will be
- treated as <a href="http://www.faqs.org/rfcs/rfc822.html">RFC822</a> addresses to which the message will be
- delivered.
+ search the LDAP server listening at port 389 on ldap.exam-
+ ple.com. It will bind anonymously, search for any direc-
+ tory entries whose mailacceptinggeneralid attribute is
+ "ldapuser", read the "maildrop" attributes of those found,
+ and build a list of their maildrops, which will be treated
+ as <a href="http://www.faqs.org/rfcs/rfc822.html">RFC822</a> addresses to which the message will be deliv-
+ ered.
<b>SEE ALSO</b>
<a href="postmap.1.html">postmap(1)</a>, Postfix lookup table manager
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
The maximum amount of time that an idle Postfix
- daemon process waits for the next service request
- before exiting.
+ daemon process waits for an incoming connection
+ before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of connection requests before a
- Postfix daemon process terminates.
+ The maximal number of incoming connections that a
+ Postfix daemon process will service before termi-
+ nating voluntarily.
<b><a href="postconf.5.html#prepend_delivered_header">prepend_delivered_header</a> (command, file, forward)</b>
- The message delivery contexts where the Postfix
- <a href="local.8.html"><b>local</b>(8)</a> delivery agent prepends a Delivered-To:
- message header with the address that the mail was
+ The message delivery contexts where the Postfix
+ <a href="local.8.html"><b>local</b>(8)</a> delivery agent prepends a Delivered-To:
+ message header with the address that the mail was
delivered to.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
+ The process ID of a Postfix command or daemon
process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
+ The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a> (canonical, virtual)</b>
- What address lookup tables copy an address exten-
+ What address lookup tables copy an address exten-
sion from the lookup key to the lookup result.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
+ The location of the Postfix top-level queue direc-
tory.
<b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> (empty)</b>
sions (user+foo).
<b><a href="postconf.5.html#require_home_directory">require_home_directory</a> (no)</b>
- Whether or not a <a href="local.8.html"><b>local</b>(8)</a> recipient's home direc-
- tory must exist before mail delivery is attempted.
+ Whether or not a <a href="local.8.html"><b>local</b>(8)</a> recipient's home direc-
+ tory must exist before mail delivery is attempted.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
+ The mail system name that is prepended to the
+ process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
<b>FILES</b>
syslogd(8), system logging
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>HISTORY</b>
The <b>Delivered-To:</b> message header appears in the <b>qmail</b> sys-
tem by Daniel Bernstein.
- The <i>maildir</i> structure appears in the <b>qmail</b> system by
+ The <i>maildir</i> structure appears in the <b>qmail</b> system by
Daniel Bernstein.
<b>AUTHOR(S)</b>
number server.
The behavior of the <a href="master.8.html"><b>master</b>(8)</a> daemon is controlled by the
- <
b>master.cf</b> configuration file, as described in <a href="master.5.html"><b>master</b>(5)</a>.
+ <
a href="master.5.html"><b>master.cf</b></a> configuration file, as described in <a href="master.5.html"><b>master</b>(5)</a>.
Options:
<b>-c</b> <i>config</i><b>_</b><i>dir</i>
- Read the <b>main.cf</b> and <b>master.cf</b> configuration files
+ Read the <a href="postconf.5.html"><b>main.cf</b></a> and <a href="master.5.html"><b>master.cf</b></a> configuration files
in the named directory instead of the default con-
figuration directory. This also overrides the con-
figuration files for other Postfix daemon pro-
<b>-D</b> After initialization, run a debugger on the master
process. The debugging command is specified with
- the <b><a href="postconf.5.html#debugger_command">debugger_command</a></b> in the <b>main.cf</b> global configu-
+ the <b><a href="postconf.5.html#debugger_command">debugger_command</a></b> in the <a href="postconf.5.html"><b>main.cf</b></a> global configu-
ration file.
<b>-d</b> Do not redirect stdin, stdout or stderr to
<b>SIGHUP</b> Upon receipt of a <b>HUP</b> signal (e.g., after "<b>postfix</b>
<b>reload</b>"), the master process re-reads its configu-
ration files. If a service has been removed from
- the <b>master.cf</b> file, its running processes are ter-
+ the <a href="master.5.html"><b>master.cf</b></a> file, its running processes are ter-
minated immediately. Otherwise, running processes
are allowed to terminate as soon as is convenient,
so that changes in configuration settings affect
<b>MAIL_DEBUG</b>
After initialization, start a debugger as specified
with the <b><a href="postconf.5.html#debugger_command">debugger_command</a></b> configuration parameter
- in the <b>main.cf</b> configuration file.
+ in the <a href="postconf.5.html"><b>main.cf</b></a> configuration file.
<b>MAIL_CONFIG</b>
Directory with Postfix configuration files.
<b>CONFIGURATION PARAMETERS</b>
Unlike most Postfix daemon processes, the <a href="master.8.html"><b>master</b>(8)</a> server
- does not automatically pick up changes to <b>main.cf</b>. Changes
- to <b>master.cf</b> are never picked up automatically. Use the
+ does not automatically pick up changes to <a href="postconf.5.html"><b>main.cf</b></a>. Changes
+ to <a href="master.5.html"><b>master.cf</b></a> are never picked up automatically. Use the
"<b>postfix reload</b>" command after a configuration change.
<b>RESOURCE AND RATE CONTROLS</b>
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
The maximum amount of time that an idle Postfix
- daemon process waits for the next service request
- before exiting.
+ daemon process waits for an incoming connection
+ before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of connection requests before a
- Postfix daemon process terminates.
+ The maximal number of incoming connections that a
+ Postfix daemon process will service before termi-
+ nating voluntarily.
<b><a href="postconf.5.html#service_throttle_time">service_throttle_time</a> (60s)</b>
How long the Postfix <a href="master.8.html"><b>master</b>(8)</a> waits before forking
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix main.cf and
- master.cf configuration files.
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
+ <a href="master.5.html">master.cf</a> configuration files.
<b><a href="postconf.5.html#daemon_directory">daemon_directory</a> (see 'postconf -d' output)</b>
- The directory with Postfix support programs and
+ The directory with Postfix support programs and
daemon programs.
<b><a href="postconf.5.html#debugger_command">debugger_command</a> (empty)</b>
tem receives mail on.
<b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (ipv4)</b>
- The Internet protocols Postfix will attempt to use
+ The Internet protocols Postfix will attempt to use
when making or accepting connections.
<b><a href="postconf.5.html#import_environment">import_environment</a> (see 'postconf -d' output)</b>
- The list of environment parameters that a Postfix
+ The list of environment parameters that a Postfix
process will import from a non-Postfix parent
process.
and most Postfix daemon processes.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
+ The process ID of a Postfix command or daemon
process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
+ The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
+ The location of the Postfix top-level queue direc-
tory.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
+ The mail system name that is prepended to the
+ process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
<b>FILES</b>
- /etc/postfix/main.cf, global configuration file.
- /etc/postfix/master.cf, master server configuration file.
+ /etc/postfix/<a href="postconf.5.html">main.cf</a>, global configuration file.
+ /etc/postfix/<a href="master.5.html">master.cf</a>, master server configuration file.
/var/spool/postfix/pid/master.pid, master lock file.
<b>SEE ALSO</b>
<a href="qmgr.8.html">qmgr(8)</a>, queue manager
<a href="verify.8.html">verify(8)</a>, address verification
- <a href="master.5.html">master(5)</a>, master.cf configuration file syntax
- <a href="postconf.5.html">postconf(5)</a>, main.cf configuration parameter syntax
+ <a href="master.5.html">master(5)</a>, <a href="master.5.html">master.cf</a> configuration file syntax
+ <a href="postconf.5.html">postconf(5)</a>, <a href="postconf.5.html">main.cf</a> configuration parameter syntax
syslogd(8), system logging
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
Alternatively, lookup tables can be specified in Perl Com-
patible Regular Expression form. In this case, each input
- is compared against a list of patterns, and when a match
- is found the corresponding result is returned.
+ is compared against a list of patterns. When a match is
+ found, the corresponding result is returned and the search
+ is terminated.
- To find out what types of lookup tables your Postfix sys-
+ To find out what types of lookup tables your Postfix sys-
tem supports use the "<b>postconf -m</b>" command.
- To test lookup tables, use the "<b>postmap -fq</b>" command as
+ To test lookup tables, use the "<b>postmap -fq</b>" command as
described in the SYNOPSIS above.
<b>TABLE FORMAT</b>
responding <i>result</i> value.
<b>!/</b><i>pattern</i><b>/</b><i>flags result</i>
- When <i>pattern</i> does <b>not</b> match the input string, use
+ When <i>pattern</i> does <b>not</b> match the input string, use
the corresponding <i>result</i> value.
<b>if /</b><i>pattern</i><b>/</b><i>flags</i>
<b>endif</b> Match the input string against the patterns between
- <b>if</b> and <b>endif</b>, if and only if the input string also
+ <b>if</b> and <b>endif</b>, if and only if the input string also
matches <i>pattern</i>. The <b>if</b>..<b>endif</b> can nest.
- Note: do not prepend whitespace to patterns inside
+ Note: do not prepend whitespace to patterns inside
<b>if</b>..<b>endif</b>.
This feature is available in Postfix 2.1 and later.
<b>if !/</b><i>pattern</i><b>/</b><i>flags</i>
<b>endif</b> Match the input string against the patterns between
- <b>if</b> and <b>endif</b>, if and only if the input string does
+ <b>if</b> and <b>endif</b>, if and only if the input string does
<b>not</b> match <i>pattern</i>. The <b>if</b>..<b>endif</b> can nest.
- Note: do not prepend whitespace to patterns inside
+ Note: do not prepend whitespace to patterns inside
<b>if</b>..<b>endif</b>.
This feature is available in Postfix 2.1 and later.
blank lines and comments
- Empty lines and whitespace-only lines are ignored,
- as are lines whose first non-whitespace character
+ Empty lines and whitespace-only lines are ignored,
+ as are lines whose first non-whitespace character
is a `#'.
multi-line text
- A logical line starts with non-whitespace text. A
- line that starts with whitespace continues a logi-
+ A logical line starts with non-whitespace text. A
+ line that starts with whitespace continues a logi-
cal line.
Each pattern is a perl-like regular expression. The
- expression delimiter can be any character, except white-
- space or characters that have special meaning (tradition-
- ally the forward slash is used). The regular expression
+ expression delimiter can be any character, except white-
+ space or characters that have special meaning (tradition-
+ ally the forward slash is used). The regular expression
can contain whitespace.
By default, matching is case-insensitive, and newlines are
- not treated as special characters. The behavior is con-
- trolled by flags, which are toggled by appending one or
+ not treated as special characters. The behavior is con-
+ trolled by flags, which are toggled by appending one or
more of the following characters after the pattern:
<b>i</b> (default: on)
- Toggles the case sensitivity flag. By default,
+ Toggles the case sensitivity flag. By default,
matching is case insensitive.
<b>m</b> (default: off)
- Toggles the PCRE_MULTILINE flag. When this flag is
- on, the <b>^</b> and <b>$</b> metacharacters match immediately
- after and immediately before a newline character,
- respectively, in addition to matching at the start
+ Toggles the PCRE_MULTILINE flag. When this flag is
+ on, the <b>^</b> and <b>$</b> metacharacters match immediately
+ after and immediately before a newline character,
+ respectively, in addition to matching at the start
and end of the subject string.
<b>s</b> (default: on)
Toggles the PCRE_DOTALL flag. When this flag is on,
the <b>.</b> metacharacter matches the newline character.
With Postfix versions prior to 2.0, The flag is off
- by default, which is inconvenient for multi-line
+ by default, which is inconvenient for multi-line
message header matching.
<b>x</b> (default: off)
- Toggles the pcre extended flag. When this flag is
- on, whitespace in the pattern (other than in a
+ Toggles the pcre extended flag. When this flag is
+ on, whitespace in the pattern (other than in a
character class) and characters between a <b>#</b> outside
- a character class and the next newline character
- are ignored. An escaping backslash can be used to
- include a whitespace or <b>#</b> character as part of the
+ a character class and the next newline character
+ are ignored. An escaping backslash can be used to
+ include a whitespace or <b>#</b> character as part of the
pattern.
<b>A</b> (default: off)
- Toggles the PCRE_ANCHORED flag. When this flag is
- on, the pattern is forced to be "anchored", that
+ Toggles the PCRE_ANCHORED flag. When this flag is
+ on, the pattern is forced to be "anchored", that
is, it is constrained to match only at the start of
- the string which is being searched (the "subject
- string"). This effect can also be achieved by
+ the string which is being searched (the "subject
+ string"). This effect can also be achieved by
appropriate constructs in the pattern itself.
<b>E</b> (default: off)
- Toggles the PCRE_DOLLAR_ENDONLY flag. When this
- flag is on, a <b>$</b> metacharacter in the pattern
- matches only at the end of the subject string.
- Without this flag, a dollar also matches immedi-
+ Toggles the PCRE_DOLLAR_ENDONLY flag. When this
+ flag is on, a <b>$</b> metacharacter in the pattern
+ matches only at the end of the subject string.
+ Without this flag, a dollar also matches immedi-
ately before the final character if it is a newline
character (but not before any other newline charac-
- ters). This flag is ignored if PCRE_MULTILINE flag
+ ters). This flag is ignored if PCRE_MULTILINE flag
is set.
<b>U</b> (default: off)
Toggles the ungreedy matching flag. When this flag
- is on, the pattern matching engine inverts the
- "greediness" of the quantifiers so that they are
- not greedy by default, but become greedy if fol-
- lowed by "?". This flag can also set by a (?U)
+ is on, the pattern matching engine inverts the
+ "greediness" of the quantifiers so that they are
+ not greedy by default, but become greedy if fol-
+ lowed by "?". This flag can also set by a (?U)
modifier within the pattern.
<b>X</b> (default: off)
Toggles the PCRE_EXTRA flag. When this flag is on,
- any backslash in a pattern that is followed by a
+ any backslash in a pattern that is followed by a
letter that has no special meaning causes an error,
thus reserving these combinations for future expan-
sion.
<b>SEARCH ORDER</b>
- Patterns are applied in the order as specified in the ta-
- ble, until a pattern is found that matches the input
+ Patterns are applied in the order as specified in the ta-
+ ble, until a pattern is found that matches the input
string.
- Each pattern is applied to the entire input string.
- Depending on the application, that string is an entire
+ Each pattern is applied to the entire input string.
+ Depending on the application, that string is an entire
client hostname, an entire client IP address, or an entire
- mail address. Thus, no parent domain or parent network
- search is done, and <i>user@domain</i> mail addresses are not
- broken up into their <i>user</i> and <i>domain</i> constituent parts,
+ mail address. Thus, no parent domain or parent network
+ search is done, and <i>user@domain</i> mail addresses are not
+ broken up into their <i>user</i> and <i>domain</i> constituent parts,
nor is <i>user+foo</i> broken up into <i>user</i> and <i>foo</i>.
<b>TEXT SUBSTITUTION</b>
- Substitution of substrings from the matched expression
- into the result string is possible using the conventional
- perl syntax ($1, $2, etc.); specify $$ to produce a $
- character as output. The macros in the result string may
+ Substitution of substrings from the matched expression
+ into the result string is possible using the conventional
+ perl syntax ($1, $2, etc.); specify $$ to produce a $
+ character as output. The macros in the result string may
need to be written as ${n} or $(n) if they aren't followed
by whitespace.
- Note: since negated patterns (those preceded by <b>!</b>) return
+ Note: since negated patterns (those preceded by <b>!</b>) return
a result when the expression does not match, substitutions
are not available for negated patterns.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
The maximum amount of time that an idle Postfix
- daemon process waits for the next service request
- before exiting.
+ daemon process waits for an incoming connection
+ before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of connection requests before a
- Postfix daemon process terminates.
+ The maximal number of incoming connections that a
+ Postfix daemon process will service before termi-
+ nating voluntarily.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
+ The process ID of a Postfix command or daemon
process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
+ The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
+ The location of the Postfix top-level queue direc-
tory.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
+ The mail system name that is prepended to the
+ process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
<b>SEE ALSO</b>
syslogd(8), system logging
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
ware.
<b>null_sender</b>=<i>replacement</i> (default: MAILER-DAEMON)
- Replace the null sender address, which is typically
- used for delivery status notifications, with the
- specified text when expanding the <b>$sender</b> command-
- line macro, and when generating a From_ or Return-
- Path: message header.
+ Replace the null sender address (typically used for
+ delivery status notifications) with the specified
+ text when expanding the <b>$sender</b> command-line macro,
+ and when generating a From_ or Return-Path: message
+ header.
If the null sender replacement text is a non-empty
string then it is affected by the <b>q</b> flag for
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
The maximum amount of time that an idle Postfix
- daemon process waits for the next service request
- before exiting.
+ daemon process waits for an incoming connection
+ before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of connection requests before a
- Postfix daemon process terminates.
+ The maximal number of incoming connections that a
+ Postfix daemon process will service before termi-
+ nating voluntarily.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
+ The process ID of a Postfix command or daemon
process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
+ The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
+ The location of the Postfix top-level queue direc-
tory.
<b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> (empty)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
+ The mail system name that is prepended to the
+ process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
<b>SEE ALSO</b>
syslogd(8), system logging
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
<ul>
-<li> a = time before the queue manager, including message transmission
+<li> a = time from message arrival to last <a href="QSHAPE_README.html#active_queue">active queue</a> entry
-<li> b = time in queue manager
+<li> b = time from last <a href="QSHAPE_README.html#active_queue">active queue</a> entry to connection setup
<li> c = time in connection setup, including DNS, EHLO and TLS
</DD>
<DT><b><a name="lmtp_discard_lhlo_keywords">lmtp_discard_lhlo_keywords</a>
-(default: $<a href="postconf.5.html#myhostname">myhostname</a>)</b></DT><DD>
+(default: empty)</b></DT><DD>
<p> A case insensitive list of LHLO keywords (pipelining, starttls,
auth, etc.) that the LMTP client will ignore in the LHLO response
(default: 100s)</b></DT><DD>
<p>
-The maximum amount of time that an idle Postfix daemon process
-waits for the next service request before exiting. This parameter
+The maximum amount of time that an idle Postfix daemon process waits
+for an incoming connection before terminating voluntarily. This
+parameter
is ignored by the Postfix queue manager and by other long-lived
Postfix daemon processes.
</p>
(default: 100)</b></DT><DD>
<p>
-The maximal number of connection requests before a Postfix daemon
-process terminates. This parameter is ignored by the Postfix queue
+The maximal number of incoming connections that a Postfix daemon
+process will service before terminating voluntarily. This parameter
+is ignored by the Postfix queue
manager and by other long-lived Postfix daemon processes.
</p>
<p> Optional lookup tables with all valid addresses in the domains
that match $<a href="postconf.5.html#relay_domains">relay_domains</a>. Specify @domain as a wild-card for
-domains that do not have a valid recipient list. Technically, tables
+domains that have no valid recipient list, and become a source of
+backscatter mail: Postfix accepts spam for non-existent recipients
+and then floods innocent people with undeliverable mail. Technically,
+tables
listed with $<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> are used as lists: Postfix needs
to know only if a lookup string is found or not, but it does not
use the result from table lookup. </p>
(default: empty)</b></DT><DD>
<p> File with the Postfix SMTP client RSA certificate in PEM format.
-This file may also contain the client private key, and these may
-be the same as the server certificate and key file. </p>
+This file may also contain the Postfix SMTP client private RSA key,
+and these may be the same as the Postfix SMTP server RSA certificate and key
+file. </p>
<p> Do not configure client certificates unless you <b>must</b> present
client TLS certificates to one or more servers. Client certificates are
<p> In order to verify certificates, the CA certificate (in case
of a certificate chain, all CA certificates) must be available.
-You should add these certificates to the server certificate, the
-server certificate first, then the issuing CA(s). </p>
+You should add these certificates to the client certificate, the
+client certificate first, then the issuing CA(s). </p>
<p> Example: the certificate for "client.dom.ain" was issued by
"intermediate CA" which itself has a certificate of "root CA".
Create the client.pem file with "cat client_cert.pem intermediate_CA.pem
root_CA.pem > client.pem". </p>
-<p> If you want to accept remote SMTP server certificates issued
-by these CAs yourself, you can also add the CA certificates to the
-<a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a>, in which case it is not necessary to have them in
-
the <a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> or <a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>. </p>
+<p> If you also want to verify remote SMTP server certificates issued by
+these CAs, you can also add the CA certificates to the <a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a>,
+in which case it is not necessary to have them in the <a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>
+or <a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>. </p>
-<p> A certificate supplied here must be usable as SSL client certificate and
-hence pass the "openssl verify -purpose sslclient ..." test. </p>
+<p> A certificate supplied here must be usable as an SSL client certificate
+and hence pass the "openssl verify -purpose sslclient ..." test. </p>
<p> Example: </p>
(default: empty)</b></DT><DD>
<p> File with the Postfix SMTP client DSA certificate in PEM format.
-This file may also contain the server private key. </p>
+This file may also contain the Postfix SMTP client private DSA key. </p>
<p> See the discussion under <a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> for more details.
</p>
(default: $<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>)</b></DT><DD>
<p> File with the Postfix SMTP client DSA private key in PEM format.
-The private key must not be encrypted. In other words, the key must
-be accessible without password. </p>
+This file may be combined with the Postfix SMTP client DSA certificate
+file specified with $<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>. </p>
-<p> This file may be combined with the server certificate file
-specified with $<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>. </p>
+<p> The private key must be accessible without a pass-phrase, i.e. it
+must not be encrypted, but file permissions should grant read/write
+access only to the system superuser account ("root"). </p>
<p> This feature is available in Postfix 2.2 and later. </p>
(default: $<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>)</b></DT><DD>
<p> File with the Postfix SMTP client RSA private key in PEM format.
-This file may be combined with the client certificate file specified
-with $<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>. </p>
+This file may be combined with the Postfix SMTP client RSA certificate
+
file specified with $<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>. </p>
-<p> The private key must not be encrypted. In other words, the key
-must be accessible without password. </p>
+<p> The private key must be accessible without a pass-phrase, i.e. it
+must not be encrypted, but file permissions should grant read/write
+access only to the system superuser account ("root"). </p>
<p> Example: </p>
(default: empty)</b></DT><DD>
<p> File with the Postfix SMTP server RSA certificate in PEM format.
-This file may also contain the server private key. </p>
+This file may also contain the Postfix SMTP server private RSA key. </p>
<p> Public Internet MX hosts without certificates signed by a "reputable"
CA must generate, and be prepared to present to most clients, a
Create the server.pem file with "cat server_cert.pem intermediate_CA.pem
root_CA.pem > server.pem". </p>
-<p> If you want to accept certificates issued by these CAs yourself,
-you can also add the CA certificates to the <a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a>, in
-which case it is not necessary to have them in the <a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>
-or <a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>. </p>
+<p> If you also want to verify client certificates issued by these
+CAs, you can add the CA certificates to the <a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a>, in which
+case it is not necessary to have them in the <a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> or
+<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>. </p>
-<p> A certificate supplied here must be usable as SSL server
-certificate and hence pass the "openssl verify -purpose sslserver
-..." test. </p>
+<p> A certificate supplied here must be usable as an SSL server certificate
+and hence pass the "openssl verify -purpose sslserver ..." test. </p>
<p> Example: </p>
(default: empty)</b></DT><DD>
<p> File with the Postfix SMTP server DSA certificate in PEM format.
-This file may also contain the server private key. <p>
+This file may also contain the
Postfix SMTP server private key. <p>
<p> See the discussion under <a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> for more details.
</p>
(default: $<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>)</b></DT><DD>
<p> File with the Postfix SMTP server DSA private key in PEM format.
-This file may be combined with the server certificate file specified
-with $<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>. </p>
+This file may be combined with the Postfix SMTP server DSA certificate
+
file specified with $<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>. </p>
-<p> The private key must not be encrypted. In other words, the key
-must be accessible without password. </p>
+<p> The private key must be accessible without a pass-phrase, i.e. it
+must not be encrypted, but file permissions should grant read/write
+access only to the system superuser account ("root"). </p>
<p> This feature is available in Postfix 2.2 and later. </p>
(default: $<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>)</b></DT><DD>
<p> File with the Postfix SMTP server RSA private key in PEM format.
-This file may be combined with the server certificate file specified
+This file may be combined with the Postfix SMTP server certificate
+file specified
with $<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>. </p>
-<p> The private key must not be encrypted. In other words, the key
-must be accessible without password. </p>
+<p> The private key must be accessible without a pass-phrase, i.e. it
+must not be encrypted, but file permissions should grant read/write
+access only to the system superuser account ("root"). </p>
</DD>
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
The maximum amount of time that an idle Postfix
- daemon process waits for the next service request
- before exiting.
+ daemon process waits for an incoming connection
+ before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of connection requests before a
- Postfix daemon process terminates.
+ The maximal number of incoming connections that a
+ Postfix daemon process will service before termi-
+ nating voluntarily.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
+ The process ID of a Postfix command or daemon
process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
+ The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#proxy_read_maps">proxy_read_maps</a> (see 'postconf -d' output)</b>
- The lookup tables that the <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server is
+ The lookup tables that the <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server is
allowed to access.
<b>SEE ALSO</b>
<a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>HISTORY</b>
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
The maximum amount of time that an idle Postfix
- daemon process waits for the next service request
- before exiting.
+ daemon process waits for an incoming connection
+ before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of connection requests before a
- Postfix daemon process terminates.
+ The maximal number of incoming connections that a
+ Postfix daemon process will service before termi-
+ nating voluntarily.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
+ The process ID of a Postfix command or daemon
process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
+ The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#qmqpd_authorized_clients">qmqpd_authorized_clients</a> (empty)</b>
- What clients are allowed to connect to the QMQP
+ What clients are allowed to connect to the QMQP
server port.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
+ The location of the Postfix top-level queue direc-
tory.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
+ The mail system name that is prepended to the
+ process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
<b><a href="postconf.5.html#verp_delimiter_filter">verp_delimiter_filter</a> (-=+)</b>
- The characters Postfix accepts as VERP delimiter
- characters on the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command line
+ The characters Postfix accepts as VERP delimiter
+ characters on the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command line
and in SMTP commands.
<b>SEE ALSO</b>
<a href="QMQP_README.html">QMQP_README</a>, Postfix ezmlm-idx howto.
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>HISTORY</b>
<b>qshape</b> [<b>-s</b>] [<b>-p</b>] [<b>-m</b> <i>min</i><b>_</b><i>subdomains</i>]
[<b>-b</b> <i>bucket</i><b>_</b><i>count</i>] [<b>-t</b> <i>bucket</i><b>_</b><i>time</i>]
[<b>-l</b>] [<b>-w</b> <i>terminal</i><b>_</b><i>width</i>]
+ [<b>-N</b> <i>batch</i><b>_</b><i>msg</i><b>_</b><i>count</i>] [<b>-n</b> <i>batch</i><b>_</b><i>top</i><b>_</b><i>domains</i>]
[<b>-c</b> <i>config</i><b>_</b><i>directory</i>] [<i>queue</i><b>_</b><i>name</i> ...]
<b>DESCRIPTION</b>
narrow to show the domain name and all the coun-
ters, the terminal_width limit is violated.
+ <b>-N</b> <i>batch</i><b>_</b><i>msg</i><b>_</b><i>count</i>
+ When the output device is a terminal, intermediate
+ results are shown each "batch_msg_count" messages.
+ This produces usable results in a reasonable time
+ even when the <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> is large. The default
+ is to show intermediate results every 1000 mes-
+ sages.
+
+ <b>-n</b> <i>batch</i><b>_</b><i>top</i><b>_</b><i>domains</i>
+ When reporting intermediate or final results to a
+ termainal, report only the top "batch_top_domains"
+ domains. The default limit is 20 domains.
+
<b>-c</b> <i>config</i><b>_</b><i>directory</i>
- The <a href="postconf.5.html"><b>main.cf</b></a> configuration file is in the named
+ The <a href="postconf.5.html"><b>main.cf</b></a> configuration file is in the named
directory instead of the default configuration
directory.
Arguments:
<i>queue</i><b>_</b><i>name</i>
- By default <b>qshape</b> displays the combined distribu-
- tion of the <a href="QSHAPE_README.html#incoming_queue">incoming</a> and <a href="QSHAPE_README.html#active_queue">active queues</a>. To display
- a different set of queues, just list their direc-
+ By default <b>qshape</b> displays the combined distribu-
+ tion of the <a href="QSHAPE_README.html#incoming_queue">incoming</a> and <a href="QSHAPE_README.html#active_queue">active queues</a>. To display
+ a different set of queues, just list their direc-
tory names on the command line. Absolute paths are
- used as is, other paths are taken relative to the
- <a href="postconf.5.html"><b>main.cf</a> <a href="postconf.5.html#queue_directory">queue_directory</a></b> parameter setting. While
- <a href="postconf.5.html"><b>main.cf</b></a> supports the use of <i>$variable</i> expansion in
- the definition of the <b><a href="postconf.5.html#queue_directory">queue_directory</a></b> parameter,
- the <b>qshape</b> program does not. If you must use vari-
+ used as is, other paths are taken relative to the
+ <a href="postconf.5.html"><b>main.cf</a> <a href="postconf.5.html#queue_directory">queue_directory</a></b> parameter setting. While
+ <a href="postconf.5.html"><b>main.cf</b></a> supports the use of <i>$variable</i> expansion in
+ the definition of the <b><a href="postconf.5.html#queue_directory">queue_directory</a></b> parameter,
+ the <b>qshape</b> program does not. If you must use vari-
able expansions in the <b><a href="postconf.5.html#queue_directory">queue_directory</a></b> setting, you
- must specify an explicit absolute path for each
- queue subdirectory even if you want the default
+ must specify an explicit absolute path for each
+ queue subdirectory even if you want the default
<a href="QSHAPE_README.html#incoming_queue">incoming</a> and <a href="QSHAPE_README.html#active_queue">active queue</a> distribution.
<b>SEE ALSO</b>
$<a href="postconf.5.html#queue_directory">queue_directory</a>/deferred/, messages postponed for later delivery.
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
Alternatively, lookup tables can be specified in POSIX
regular expression form. In this case, each input is com-
- pared against a list of patterns, and when a match is
- found the corresponding result is returned.
+ pared against a list of patterns. When a match is found,
+ the corresponding result is returned and the search is
+ terminated.
- To find out what types of lookup tables your Postfix sys-
+ To find out what types of lookup tables your Postfix sys-
tem supports use the "<b>postconf -m</b>" command.
- To test lookup tables, use the "<b>postmap -fq</b>" command as
+ To test lookup tables, use the "<b>postmap -fq</b>" command as
described in the SYNOPSIS above.
<b>TABLE FORMAT</b>
responding <i>result</i> value.
<b>!/</b><i>pattern</i><b>/</b><i>flags result</i>
- When <i>pattern</i> does <b>not</b> match the input string, use
+ When <i>pattern</i> does <b>not</b> match the input string, use
the corresponding <i>result</i> value.
<b>if /</b><i>pattern</i><b>/</b><i>flags</i>
<b>if</b> and <b>endif</b>, if and only if that same input string
also matches <i>pattern</i>. The <b>if</b>..<b>endif</b> can nest.
- Note: do not prepend whitespace to patterns inside
+ Note: do not prepend whitespace to patterns inside
<b>if</b>..<b>endif</b>.
This feature is available in Postfix 2.1 and later.
<b>endif</b> Match the input string against the patterns between
<b>if</b> and <b>endif</b>, if and only if that same input string
- does <b>not</b> match <i>pattern</i>. The <b>if</b>..<b>endif</b> can nest.
+ does <b>not</b> match <i>pattern</i>. The <b>if</b>..<b>endif</b> can nest.
matches <i>pattern</i>. The <b>if</b>..<b>endif</b> can nest.
- Note: do not prepend whitespace to patterns inside
+ Note: do not prepend whitespace to patterns inside
<b>if</b>..<b>endif</b>.
This feature is available in Postfix 2.1 and later.
blank lines and comments
- Empty lines and whitespace-only lines are ignored,
- as are lines whose first non-whitespace character
+ Empty lines and whitespace-only lines are ignored,
+ as are lines whose first non-whitespace character
is a `#'.
multi-line text
- A logical line starts with non-whitespace text. A
- line that starts with whitespace continues a logi-
+ A logical line starts with non-whitespace text. A
+ line that starts with whitespace continues a logi-
cal line.
- Each pattern is a POSIX regular expression enclosed by a
+ Each pattern is a POSIX regular expression enclosed by a
pair of delimiters. The regular expression syntax is docu-
- mented in <b>re_format</b>(7) with 4.4BSD, in <b>regex</b>(5) with
+ mented in <b>re_format</b>(7) with 4.4BSD, in <b>regex</b>(5) with
Solaris, and in <b>regex</b>(7) with Linux. Other systems may use
other document names.
- The expression delimiter can be any character, except
+ The expression delimiter can be any character, except
whitespace or characters that have special meaning (tradi-
- tionally the forward slash is used). The regular expres-
+ tionally the forward slash is used). The regular expres-
sion can contain whitespace.
By default, matching is case-insensitive, and newlines are
- not treated as special characters. The behavior is con-
- trolled by flags, which are toggled by appending one or
+ not treated as special characters. The behavior is con-
+ trolled by flags, which are toggled by appending one or
more of the following characters after the pattern:
<b>i</b> (default: on)
- Toggles the case sensitivity flag. By default,
+ Toggles the case sensitivity flag. By default,
matching is case insensitive.
<b>x</b> (default: on)
- Toggles the extended expression syntax flag. By
- default, support for extended expression syntax is
+ Toggles the extended expression syntax flag. By
+ default, support for extended expression syntax is
enabled.
<b>m</b> (default: off)
- Toggle the multi-line mode flag. When this flag is
- on, the <b>^</b> and <b>$</b> metacharacters match immediately
- after and immediately before a newline character,
- respectively, in addition to matching at the start
+ Toggle the multi-line mode flag. When this flag is
+ on, the <b>^</b> and <b>$</b> metacharacters match immediately
+ after and immediately before a newline character,
+ respectively, in addition to matching at the start
and end of the input string.
<b>TABLE SEARCH ORDER</b>
- Patterns are applied in the order as specified in the ta-
- ble, until a pattern is found that matches the input
+ Patterns are applied in the order as specified in the ta-
+ ble, until a pattern is found that matches the input
string.
- Each pattern is applied to the entire input string.
- Depending on the application, that string is an entire
+ Each pattern is applied to the entire input string.
+ Depending on the application, that string is an entire
client hostname, an entire client IP address, or an entire
- mail address. Thus, no parent domain or parent network
- search is done, and <i>user@domain</i> mail addresses are not
- broken up into their <i>user</i> and <i>domain</i> constituent parts,
+ mail address. Thus, no parent domain or parent network
+ search is done, and <i>user@domain</i> mail addresses are not
+ broken up into their <i>user</i> and <i>domain</i> constituent parts,
nor is <i>user+foo</i> broken up into <i>user</i> and <i>foo</i>.
<b>TEXT SUBSTITUTION</b>
- Substitution of substrings from the matched expression
- into the result string is possible using $1, $2, etc.;
+ Substitution of substrings from the matched expression
+ into the result string is possible using $1, $2, etc.;
specify $$ to produce a $ character as output. The macros
- in the result string may need to be written as ${n} or
+ in the result string may need to be written as ${n} or
$(n) if they aren't followed by whitespace.
- Note: since negated patterns (those preceded by <b>!</b>) return
+ Note: since negated patterns (those preceded by <b>!</b>) return
a result when the expression does not match, substitutions
are not available for negated patterns.
file that serves as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> command. The
result, an indexed file in <b>dbm</b> or <b>db</b> format, is used for
fast searching by the mail system. Execute the command
- "<b>postmap /etc/postfix/relocated</b>" in order to rebuild the
- indexed file after changing the relocated table.
+ "<b>postmap /etc/postfix/relocated</b>" to rebuild an indexed
+ file after changing the corresponding relocated table.
When the table is provided via other means such as NIS,
LDAP or SQL, the same lookups are done as for ordinary
Alternatively, the table can be provided as a regular-
expression map where patterns are given as regular expres-
sions, or lookups can be directed to TCP-based server. In
- that case, the lookups are done in a slightly different
+ those case, the lookups are done in a slightly different
way as described below under "REGULAR EXPRESSION TABLES"
- and "TCP-BASED TABLES".
+ or "TCP-BASED TABLES".
Table lookups are case insensitive.
<a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>. For a description of the
TCP client/server table lookup protocol, see <a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>.
This feature is not available up to and including Postfix
- version 2.3.
+ version 2.4.
Each pattern is a regular expression that is applied to
the entire address being looked up. Thus, <i>user@domain</i> mail
lookups are directed to a TCP-based server. For a descrip-
tion of the TCP client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_ta-</b></a>
<a href="tcp_table.5.html"><b>ble</b>(5)</a>. This feature is not available up to and including
- Postfix version 2.3.
+ Postfix version 2.4.
Each lookup operation uses the entire address once. Thus,
<i>user@domain</i> mail addresses are not broken up into their
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
The maximum amount of time that an idle Postfix
- daemon process waits for the next service request
- before exiting.
+ daemon process waits for an incoming connection
+ before terminating voluntarily.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
The process ID of a Postfix command or daemon
<b>SECURITY</b>
By design, this program is not set-user (or group) id.
- However, it must handle data from untrusted users or
- untrusted machines. Thus, the usual precautions need to
- be taken against malicious inputs.
+ However, it must handle data from untrusted, possibly
+ remote, users. Thus, the usual precautions need to be
+ taken against malicious inputs.
<b>DIAGNOSTICS</b>
Problems are logged to <b>syslogd</b>(8) and to the standard
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
The maximum amount of time that an idle Postfix
- daemon process waits for the next service request
- before exiting.
+ daemon process waits for an incoming connection
+ before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of connection requests before a
- Postfix daemon process terminates.
+ The maximal number of incoming connections that a
+ Postfix daemon process will service before termi-
+ nating voluntarily.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
+ The process ID of a Postfix command or daemon
process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
+ The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
+ The location of the Postfix top-level queue direc-
tory.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
+ The mail system name that is prepended to the
+ process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
<b>FILES</b>
syslogd(8), system logging
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
By default, connection caching is enabled temporarily for
destinations that have a high volume of mail in the active
- queue. Session caching can be enabled permanently for spe-
- cific destinations.
+ queue. Connection caching can be enabled permanently for
+ specific destinations.
<b>SMTP DESTINATION SYNTAX</b>
SMTP destinations have the following form:
LMTP client will ignore in the LHLO response from a
remote LMTP server.
- <b><a href="postconf.5.html#lmtp_discard_lhlo_keywords">lmtp_discard_lhlo_keywords</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
+ <b><a href="postconf.5.html#lmtp_discard_lhlo_keywords">lmtp_discard_lhlo_keywords</a> (empty)</b>
A case insensitive list of LHLO keywords (pipelin-
ing, starttls, auth, etc.) that the LMTP client
will ignore in the LHLO response from a remote LMTP
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
The maximum amount of time that an idle Postfix
- daemon process waits for the next service request
- before exiting.
+ daemon process waits for an incoming connection
+ before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of connection requests before a
- Postfix daemon process terminates.
+ The maximal number of incoming connections that a
+ Postfix daemon process will service before termi-
+ nating voluntarily.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
+ The process ID of a Postfix command or daemon
process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
+ The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b>
The network interface addresses that this mail sys-
- tem receives mail on by way of a proxy or network
+ tem receives mail on by way of a proxy or network
address translation unit.
<b><a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> (empty)</b>
- An optional numerical network address that the
- Postfix SMTP client should bind to when making an
+ An optional numerical network address that the
+ Postfix SMTP client should bind to when making an
IPv4 connection.
<b><a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> (empty)</b>
- An optional numerical network address that the
- Postfix SMTP client should bind to when making an
+ An optional numerical network address that the
+ Postfix SMTP client should bind to when making an
IPv6 connection.
<b><a href="postconf.5.html#smtp_helo_name">smtp_helo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
- The hostname to send in the SMTP EHLO or HELO com-
+ The hostname to send in the SMTP EHLO or HELO com-
mand.
<b><a href="postconf.5.html#lmtp_lhloname">lmtp_lhlo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
The hostname to send in the LMTP LHLO command.
<b><a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a> (dns)</b>
- What mechanisms when the Postfix SMTP client uses
+ What mechanisms when the Postfix SMTP client uses
to look up a host's IP address.
<b><a href="postconf.5.html#smtp_randomize_addresses">smtp_randomize_addresses</a> (yes)</b>
- Randomize the order of equal-preference MX host
+ Randomize the order of equal-preference MX host
addresses.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
+ The mail system name that is prepended to the
+ process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
Available with Postfix 2.2 and earlier:
<b><a href="postconf.5.html#fallback_relay">fallback_relay</a> (empty)</b>
- Optional list of relay hosts for SMTP destinations
+ Optional list of relay hosts for SMTP destinations
that can't be found or that are unreachable.
Available with Postfix 2.3 and later:
<b><a href="postconf.5.html#smtp_fallback_relay">smtp_fallback_relay</a> ($<a href="postconf.5.html#fallback_relay">fallback_relay</a>)</b>
- Optional list of relay hosts for SMTP destinations
+ Optional list of relay hosts for SMTP destinations
that can't be found or that are unreachable.
<b>SEE ALSO</b>
<a href="TLS_README.html">TLS_README</a>, Postfix STARTTLS howto
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
The maximum amount of time that an idle Postfix
- daemon process waits for the next service request
- before exiting.
+ daemon process waits for an incoming connection
+ before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of connection requests before a
- Postfix daemon process terminates.
+ The maximal number of incoming connections that a
+ Postfix daemon process will service before termi-
+ nating voluntarily.
<b><a href="postconf.5.html#myhostname">myhostname</a> (see 'postconf -d' output)</b>
The internet hostname of this mail system.
<b><a href="postconf.5.html#mynetworks">mynetworks</a> (see 'postconf -d' output)</b>
- The list of "trusted" SMTP clients that have more
+ The list of "trusted" SMTP clients that have more
privileges than "strangers".
<b><a href="postconf.5.html#myorigin">myorigin</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
The domain name that locally-posted mail appears to
- come from, and that locally posted mail is deliv-
+ come from, and that locally posted mail is deliv-
ered to.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
+ The process ID of a Postfix command or daemon
process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
+ The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
+ The location of the Postfix top-level queue direc-
tory.
<b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> (empty)</b>
sions (user+foo).
<b><a href="postconf.5.html#smtpd_banner">smtpd_banner</a> ($<a href="postconf.5.html#myhostname">myhostname</a> ESMTP $<a href="postconf.5.html#mail_name">mail_name</a>)</b>
- The text that follows the 220 status code in the
+ The text that follows the 220 status code in the
SMTP greeting banner.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
+ The mail system name that is prepended to the
+ process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtpd_forbidden_commands">smtpd_forbidden_commands</a> (CONNECT, GET, POST)</b>
- List of commands that causes the Postfix SMTP
- server to immediately terminate the session with a
+ List of commands that causes the Postfix SMTP
+ server to immediately terminate the session with a
221 code.
<b>SEE ALSO</b>
<a href="XFORWARD_README.html">XFORWARD_README</a>, Postfix XFORWARD extension
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
The maximum amount of time that an idle Postfix
- daemon process waits for the next service request
- before exiting.
+ daemon process waits for an incoming connection
+ before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of connection requests before a
- Postfix daemon process terminates.
+ The maximal number of incoming connections that a
+ Postfix daemon process will service before termi-
+ nating voluntarily.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
+ The process ID of a Postfix command or daemon
process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
+ The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
+ The location of the Postfix top-level queue direc-
tory.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
+ The mail system name that is prepended to the
+ process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
<b>SEE ALSO</b>
syslogd(8), system logging
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
file that serves as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> command. The
result, an indexed file in <b>dbm</b> or <b>db</b> format, is used for
fast searching by the mail system. Execute the command
- "<b>postmap /etc/postfix/transport</b>" in order to rebuild the
- indexed file after changing the transport table.
+ "<b>postmap /etc/postfix/transport</b>" to rebuild an indexed
+ file after changing the corresponding transport table.
When the table is provided via other means such as NIS,
LDAP or SQL, the same lookups are done as for ordinary
Alternatively, the table can be provided as a regular-
expression map where patterns are given as regular expres-
sions, or lookups can be directed to TCP-based server. In
- that case, the lookups are done in a slightly different
+ those case, the lookups are done in a slightly different
way as described below under "REGULAR EXPRESSION TABLES"
- and "TCP-BASED TABLES".
+ or "TCP-BASED TABLES".
<b>CASE FOLDING</b>
The search string is folded to lowercase before database
lookups are directed to a TCP-based server. For a descrip-
tion of the TCP client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_ta-</b></a>
<a href="tcp_table.5.html"><b>ble</b>(5)</a>. This feature is not available up to and including
- Postfix version 2.3.
+ Postfix version 2.4.
Each lookup operation uses the entire recipient address
once. Thus, <i>some.domain.hierarchy</i> is not looked up via
<a href="postmap.1.html">postmap(1)</a>, Postfix lookup table manager
<b>README FILES</b>
+ <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a>, address rewriting guide
<a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
<a href="FILTER_README.html">FILTER_README</a>, external content filter
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
The maximum amount of time that an idle Postfix
- daemon process waits for the next service request
- before exiting.
+ daemon process waits for an incoming connection
+ before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of connection requests before a
- Postfix daemon process terminates.
+ The maximal number of incoming connections that a
+ Postfix daemon process will service before termi-
+ nating voluntarily.
<b><a href="postconf.5.html#relocated_maps">relocated_maps</a> (empty)</b>
Optional lookup tables with new contact information
for users or domains that no longer exist.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
+ The process ID of a Postfix command or daemon
process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
+ The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
+ The location of the Postfix top-level queue direc-
tory.
<b><a href="postconf.5.html#show_user_unknown_table_name">show_user_unknown_table_name</a> (yes)</b>
- Display the name of the recipient table in the
+ Display the name of the recipient table in the
"User unknown" responses.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
+ The mail system name that is prepended to the
+ process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
Available in Postfix version 2.0 and later:
<b><a href="postconf.5.html#helpful_warnings">helpful_warnings</a> (yes)</b>
- Log warnings about problematic configuration set-
+ Log warnings about problematic configuration set-
tings, and provide helpful suggestions.
<b>SEE ALSO</b>
<a href="ADDRESS_VERIFICATION_README.html">ADDRESS_VERIFICATION_README</a>, Postfix address verification
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
text file that serves as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> command.
The result, an indexed file in <b>dbm</b> or <b>db</b> format, is used
for fast searching by the mail system. Execute the command
- "<b>postmap /etc/postfix/virtual</b>" in order to rebuild the
- indexed file after changing the text file.
+ "<b>postmap /etc/postfix/virtual</b>" to rebuild an indexed file
+ after changing the corresponding text file.
When the table is provided via other means such as NIS,
LDAP or SQL, the same lookups are done as for ordinary
Alternatively, the table can be provided as a regular-
expression map where patterns are given as regular expres-
sions, or lookups can be directed to TCP-based server. In
- that case, the lookups are done in a slightly different
+ those case, the lookups are done in a slightly different
way as described below under "REGULAR EXPRESSION TABLES"
- and "TCP-BASED TABLES".
+ or "TCP-BASED TABLES".
<b>CASE FOLDING</b>
The search string is folded to lowercase before database
Redirect mail for other users in <i>domain</i> to <i>address</i>.
This form has the lowest precedence.
+ Note: @<i>domain</i> is a wild-card. With this form, the
+ Postfix SMTP server accepts mail for any recipient
+ in <i>domain</i>, regardless of whether that recipient
+ exists. This may turn your mail system into a
+ backscatter source that returns undeliverable spam
+ to innocent people.
+
<b>RESULT ADDRESS REWRITING</b>
The lookup result is subject to address rewriting:
- <b>o</b> When the result has the form @<i>otherdomain</i>, the
- result becomes the same <i>user</i> in <i>otherdomain</i>. This
+ <b>o</b> When the result has the form @<i>otherdomain</i>, the
+ result becomes the same <i>user</i> in <i>otherdomain</i>. This
works only for the first address in a multi-address
lookup result.
- <b>o</b> When
"<b><a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a>=yes</b>", append "<b>@$<a href="postconf.5.html#myorigin">myorigin</a></b>"
+ <b>o</b> When
"<b><a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a>=yes</b>", append "<b>@$<a href="postconf.5.html#myorigin">myorigin</a></b>"
to addresses without "@domain".
<b>o</b> When "<b><a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a>=yes</b>", append "<b>.$<a href="postconf.5.html#mydomain">mydomain</a></b>"
<b>ADDRESS EXTENSION</b>
When a mail address localpart contains the optional recip-
- ient delimiter (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order
+ ient delimiter (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order
becomes: <i>user+foo</i>@<i>domain</i>, <i>user</i>@<i>domain</i>, <i>user+foo</i>, <i>user</i>, and
@<i>domain</i>.
- The <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b> parameter controls
- whether an unmatched address extension (<i>+foo</i>) is propa-
+ The <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b> parameter controls
+ whether an unmatched address extension (<i>+foo</i>) is propa-
gated to the result of table lookup.
<b>VIRTUAL ALIAS DOMAINS</b>
- Besides virtual aliases, the virtual alias table can also
+ Besides virtual aliases, the virtual alias table can also
be used to implement <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domains</a>. With a virtual
- alias domain, all recipient addresses are aliased to
+ alias domain, all recipient addresses are aliased to
addresses in other domains.
Virtual alias domains are not to be confused with the vir-
tual mailbox domains that are implemented with the Postfix
<a href="virtual.8.html"><b>virtual</b>(8)</a> mail delivery agent. With virtual mailbox
- domains, each recipient address can have its own mailbox.
+ domains, each recipient address can have its own mailbox.
- With a <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a>, the virtual domain has its
- own user name space. Local (i.e. non-virtual) usernames
- are not visible in a <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a>. In particular,
- local <a href="aliases.5.html"><b>aliases</b>(5)</a> and local mailing lists are not visible
+ With a virtual alias domain, the virtual domain has its
+ own user name space. Local (i.e. non-virtual) usernames
+ are not visible in a <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a>. In particular,
+ local <a href="aliases.5.html"><b>aliases</b>(5)</a> and local mailing lists are not visible
as <i>localname@virtual-alias.domain</i>.
Support for a <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a> looks like:
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = hash:/etc/postfix/virtual
- Note: some systems use <b>dbm</b> databases instead of <b>hash</b>.
- See the output from "<b>postconf -m</b>" for available data-
+ Note: some systems use <b>dbm</b> databases instead of <b>hash</b>.
+ See the output from "<b>postconf -m</b>" for available data-
base types.
/etc/postfix/<a href="virtual.8.html">virtual</a>:
<i>user1@virtual-alias.domain address1</i>
<i>user2@virtual-alias.domain address2, address3</i>
- The <i>virtual-alias.domain anything</i> entry is required for a
+ The <i>virtual-alias.domain anything</i> entry is required for a
<a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a>. <b>Without this entry, mail is rejected</b>
- <b>with "relay access denied", or bounces with "mail loops</b>
+ <b>with "relay access denied", or bounces with "mail loops</b>
<b>back to myself".</b>
- Do
not specify <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a> names in the <a href="postconf.5.html"><b>main.cf</b></a>
+ Do
not specify <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a> names in the <a href="postconf.5.html"><b>main.cf</b></a>
<b><a href="postconf.5.html#mydestination">mydestination</a></b> or <b><a href="postconf.5.html#relay_domains">relay_domains</a></b> configuration parameters.
- With a virtual alias domain, the Postfix SMTP server
- accepts mail for <i>known-user@virtual-alias.domain</i>, and
- rejects mail for <i>unknown-user</i>@<i>virtual-alias.domain</i> as
+ With a virtual alias domain, the Postfix SMTP server
+ accepts mail for <i>known-user@virtual-alias.domain</i>, and
+ rejects mail for <i>unknown-user</i>@<i>virtual-alias.domain</i> as
undeliverable.
- Instead of specifying the <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a> name via
- the <b><a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a></b> table, you may also specify it via
+ Instead of specifying the virtual alias domain name via
+ the <b><a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a></b> table, you may also specify it via
the <a href="postconf.5.html"><b>main.cf</a> <a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a></b> configuration parameter.
- This
latter parameter uses the same syntax as the <a href="postconf.5.html"><b>main.cf</b></a>
+ This
latter parameter uses the same syntax as the <a href="postconf.5.html"><b>main.cf</b></a>
<b><a href="postconf.5.html#mydestination">mydestination</a></b> configuration parameter.
<b>REGULAR EXPRESSION TABLES</b>
- This section describes how the table lookups change when
+ This section describes how the table lookups change when
the table is given in the form of regular expressions. For
- a description of regular expression lookup table syntax,
+ a description of regular expression lookup table syntax,
see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
- Each pattern is a regular expression that is applied to
+ Each pattern is a regular expression that is applied to
the entire address being looked up. Thus, <i>user@domain</i> mail
- addresses are not broken up into their <i>user</i> and <i>@domain</i>
+ addresses are not broken up into their <i>user</i> and <i>@domain</i>
constituent parts, nor is <i>user+foo</i> broken up into <i>user</i> and
<i>foo</i>.
- Patterns are applied in the order as specified in the ta-
- ble, until a pattern is found that matches the search
+ Patterns are applied in the order as specified in the ta-
+ ble, until a pattern is found that matches the search
string.
- Results are the same as with indexed file lookups, with
- the additional feature that parenthesized substrings from
+ Results are the same as with indexed file lookups, with
+ the additional feature that parenthesized substrings from
the pattern can be interpolated as <b>$1</b>, <b>$2</b> and so on.
<b>TCP-BASED TABLES</b>
- This section describes how the table lookups change when
+ This section describes how the table lookups change when
lookups are directed to a TCP-based server. For a descrip-
tion of the TCP client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_ta-</b></a>
<a href="tcp_table.5.html"><b>ble</b>(5)</a>. This feature is not available up to and including
- Postfix version 2.3.
+ Postfix version 2.4.
Each lookup operation uses the entire address once. Thus,
- <i>user@domain</i> mail addresses are not broken up into their
+ <i>user@domain</i> mail addresses are not broken up into their
<i>user</i> and <i>@domain</i> constituent parts, nor is <i>user+foo</i> broken
up into <i>user</i> and <i>foo</i>.
Results are the same as with indexed file lookups.
<b>BUGS</b>
- The table format does not understand quoting conventions.
+ The table format does not understand quoting conventions.
<b>CONFIGURATION PARAMETERS</b>
- The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant
- to this topic. See the Postfix <a href="postconf.5.html"><b>main.cf</b></a> file for syntax
- details and for default values. Use the "<b>postfix reload</b>"
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant
+ to this topic. See the Postfix <a href="postconf.5.html"><b>main.cf</b></a> file for syntax
+ details and for default values. Use the "<b>postfix reload</b>"
command after a configuration change.
<b><a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a></b>
List of virtual aliasing tables.
<b><a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a></b>
- List of <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domains</a>. This uses the same
+ List of <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domains</a>. This uses the same
syntax as the <b><a href="postconf.5.html#mydestination">mydestination</a></b> parameter.
<b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b>
- A list of address rewriting or forwarding mecha-
- nisms that propagate an address extension from the
- original address to the result. Specify zero or
- more of <b>canonical</b>, <b>virtual</b>, <b>alias</b>, <b>forward</b>,
+ A list of address rewriting or forwarding mecha-
+ nisms that propagate an address extension from the
+ original address to the result. Specify zero or
+ more of <b>canonical</b>, <b>virtual</b>, <b>alias</b>, <b>forward</b>,
<b>include</b>, or <b>generic</b>.
Other parameters of interest:
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b>
- The network interface addresses that this system
+ The network interface addresses that this system
receives mail on. You need to stop and start Post-
fix when this parameter changes.
<b><a href="postconf.5.html#mydestination">mydestination</a></b>
- List of domains that this mail system considers
+ List of domains that this mail system considers
local.
<b><a href="postconf.5.html#myorigin">myorigin</a></b>
- The domain that is appended to any address that
+ The domain that is appended to any address that
does not have a domain.
<b><a href="postconf.5.html#owner_request_special">owner_request_special</a></b>
<a href="canonical.5.html">canonical(5)</a>, canonical address mapping
<b>README FILES</b>
- <a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
<a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a>, address rewriting guide
+ <a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
<a href="VIRTUAL_README.html">VIRTUAL_README</a>, domain hosting guide
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
The maximum amount of time that an idle Postfix
- daemon process waits for the next service request
- before exiting.
+ daemon process waits for an incoming connection
+ before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of connection requests before a
- Postfix daemon process terminates.
+ The maximal number of incoming connections that a
+ Postfix daemon process will service before termi-
+ nating voluntarily.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
+ The process ID of a Postfix command or daemon
process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
+ The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
+ The location of the Postfix top-level queue direc-
tory.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
+ The mail system name that is prepended to the
+ process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
<b>SEE ALSO</b>
<a href="VIRTUAL_README.html">VIRTUAL_README</a>, domain hosting howto
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>HISTORY</b>
- This delivery agent was originally based on the Postfix
- local delivery agent. Modifications mainly consisted of
- removing code that either was not applicable or that was
- not safe in this context: aliases, ~user/.forward files,
+ This delivery agent was originally based on the Postfix
+ local delivery agent. Modifications mainly consisted of
+ removing code that either was not applicable or that was
+ not safe in this context: aliases, ~user/.forward files,
delivery to "|command" or to /file/name.
The <b>Delivered-To:</b> message header appears in the <b>qmail</b> sys-
tem by Daniel Bernstein.
- The <b>maildir</b> structure appears in the <b>qmail</b> system by
+ The <b>maildir</b> structure appears in the <b>qmail</b> system by
Daniel Bernstein.
<b>AUTHOR(S)</b>
\fBqshape\fR [\fB-s\fR] [\fB-p\fR] [\fB-m \fImin_subdomains\fR]
[\fB-b \fIbucket_count\fR] [\fB-t \fIbucket_time\fR]
[\fB-l\fR] [\fB-w \fIterminal_width\fR]
+ [\fB-N \fIbatch_msg_count\fR] [\fB-n \fIbatch_top_domains\fR]
[\fB-c \fIconfig_directory\fR] [\fIqueue_name\fR ...]
.SH DESCRIPTION
.ad
parent domain rows are shown as '.+' followed by the last 16 bytes
of the domain name. If this is still too narrow to show the domain
name and all the counters, the terminal_width limit is violated.
+.IP "\fB-N \fIbatch_msg_count\fR"
+When the output device is a terminal, intermediate results are
+shown each "batch_msg_count" messages. This produces usable results
+in a reasonable time even when the deferred queue is large. The
+default is to show intermediate results every 1000 messages.
+.IP "\fB-n \fIbatch_top_domains\fR"
+When reporting intermediate or final results to a termainal, report
+only the top "batch_top_domains" domains. The default limit is 20
+domains.
.IP "\fB-c \fIconfig_directory\fR"
The \fBmain.cf\fR configuration file is in the named directory
instead of the default configuration directory.
.ad
.fi
By design, this program is not set-user (or group) id. However,
-it must handle data from untrusted users or untrusted machines.
+it must handle data from untrusted, possibly remote, users.
Thus, the usual precautions need to be taken against malicious
inputs.
.SH DIAGNOSTICS
.SH NAME
access
\-
-Postfix access table format
+Postfix SMTP server access table
.SH "SYNOPSIS"
.na
.nf
.SH DESCRIPTION
.ad
.fi
-The optional \fBaccess\fR(5) table directs the Postfix SMTP server
-to selectively reject or accept mail. Access can be allowed or
-denied for specific host names, domain names, networks, host
-addresses or mail addresses.
-
-For an example, see the EXAMPLE section at the end of this
-manual page.
+The Postfix SMTP server supports access control on remote
+SMTP client information: host names, network addresses, and
+envelope sender
+or recipient addresses. See \fBheader_checks\fR(5) or
+\fBbody_checks\fR(5) for access control on the content of
+email messages.
Normally, the \fBaccess\fR(5) table is specified as a text file
that serves as input to the \fBpostmap\fR(1) command.
The result, an indexed file in \fBdbm\fR or \fBdb\fR format,
-is used for fast searching by the mail system. Execute the command
-"\fBpostmap /etc/postfix/access\fR" in order to rebuild the indexed
-file after changing the access table.
+is used for fast searching by the mail system. Execute the
+command "\fBpostmap /etc/postfix/access\fR" to rebuild an
+indexed file after changing the corresponding text file.
When the table is provided via other means such as NIS, LDAP
or SQL, the same lookups are done as for ordinary indexed files.
Alternatively, the table can be provided as a regular-expression
map where patterns are given as regular expressions, or lookups
-can be directed to TCP-based server. In that case, the lookups are
-done in a slightly different way as described below under
-"REGULAR EXPRESSION TABLES" and "TCP-BASED TABLES".
+can be directed to TCP-based server. In those cases, the lookups
+are done in a slightly different way as described below under
+"REGULAR EXPRESSION TABLES" or "TCP-BASED TABLES".
.SH "CASE FOLDING"
.na
.nf
specified, otherwise reply with a generic error response message.
.IP "\fBDEFER_IF_REJECT \fIoptional text...\fR
Defer the request if some later restriction would result in a
-REJECT action. Reply with "\fB450\fI optional text...\fR when the
+REJECT action. Reply with "\fB450 4.7.1 \fI optional
+text...\fR when the
optional text is specified, otherwise reply with a generic error
response message.
.sp
.IP "\fBDEFER_IF_PERMIT \fIoptional text...\fR
Defer the request if some later restriction would result in a
an explicit or implicit PERMIT action.
-Reply with "\fB450\fI optional text...\fR when the
+Reply with "\fB450 4.7.1 \fI optional text...\fR when the
optional text is specified, otherwise reply with a generic error
response message.
.sp
.sp
Note: use "\fBpostsuper -r\fR" to release mail that was kept on
hold for a significant fraction of \fB$maximal_queue_lifetime\fR
-or \fB$bounce_queue_lifetime\fR, or longer.
+or \fB$bounce_queue_lifetime\fR, or longer. Use "\fBpostsuper -H\fR"
+only for mail that will not expire within a few delivery attempts.
.sp
Note: this action currently affects all recipients of the message.
.sp
This feature is available in Postfix 2.0 and later.
.IP "\fBPREPEND \fIheadername: headervalue\fR"
Prepend the specified message header to the message.
-When this action is used multiple times, the first prepended
-header appears before the second etc. prepended header.
-.sp
-Note: this action does not support multi-line message headers.
+When more than one PREPEND action executes, the first
+prepended header appears before the second etc. prepended
+header.
.sp
-Note: this action must be used before the message content
-is received; it cannot be used in \fBsmtpd_end_of_data_restrictions\fR.
+Note: this action must execute before the message content
+is received; it cannot execute in the context of
+\fBsmtpd_end_of_data_restrictions\fR.
.sp
This feature is available in Postfix 2.1 and later.
.IP "\fBREDIRECT \fIuser@domain\fR"
This section describes how the table lookups change when lookups
are directed to a TCP-based server. For a description of the TCP
client/server lookup protocol, see \fBtcp_table\fR(5).
-This feature is not available up to and including Postfix version 2.3.
+This feature is not available up to and including Postfix version 2.4.
Each lookup operation uses the entire query string once.
Depending on the application, that string is an entire client
When the command fails, a limited amount of command output is
mailed back to the sender. The file \fB/usr/include/sysexits.h\fR
defines the expected exit status codes. For example, use
-\fB|"exit 67"\fR to simulate a "user unknown" error, and
-\fB|"exit 0"\fR to implement an expensive black hole.
+\fB"|exit 67"\fR to simulate a "user unknown" error, and
+\fB"|exit 0"\fR to implement an expensive black hole.
.IP \fB:include:\fI/file/name\fR
Mail is sent to the destinations listed in the named file.
Lines in \fB:include:\fR files have the same syntax
.nf
.ad
.fi
-To create customized bounce template file, create a temporary
+To create a customized bounce template file, create a
+temporary
copy of the file \fB/etc/postfix/bounce.cf.default\fR and
edit the temporary file.
that serves as input to the \fBpostmap\fR(1) command.
The result, an indexed file in \fBdbm\fR or \fBdb\fR format,
is used for fast searching by the mail system. Execute the command
-"\fBpostmap /etc/postfix/canonical\fR" in order to rebuild the indexed
-file after changing the text file.
+"\fBpostmap /etc/postfix/canonical\fR" to rebuild an indexed
+file after changing the corresponding text file.
When the table is provided via other means such as NIS, LDAP
or SQL, the same lookups are done as for ordinary indexed files.
Alternatively, the table can be provided as a regular-expression
map where patterns are given as regular expressions, or lookups
-can be directed to TCP-based server. In that case, the lookups are
-done in a slightly different way as described below under
-"REGULAR EXPRESSION TABLES" and "TCP-BASED TABLES".
+can be directed to TCP-based server. In those cases, the lookups
+are done in a slightly different way as described below under
+"REGULAR EXPRESSION TABLES" or "TCP-BASED TABLES".
By default the \fBcanonical\fR(5) mapping affects both message
header addresses (i.e. addresses that appear inside messages)
by legacy mail systems.
The \fBcanonical\fR(5) mapping is not to be confused with \fIvirtual
-domain\fR support. Use the \fBvirtual\fR(5) map for that purpose.
-
-The \fBcanonical\fR(5) mapping is not to be confused with local aliasing.
-Use the \fBaliases\fR(5) map for that purpose.
+alias\fR support or with local aliasing. To change the destination
+but not the headers, use the \fBvirtual\fR(5) or \fBaliases\fR(5)
+map instead.
.SH "CASE FOLDING"
.na
.nf
.IP "@\fIdomain address\fR"
Replace other addresses in \fIdomain\fR by \fIaddress\fR.
This form has the lowest precedence.
+.sp
+Note: @\fIdomain\fR is a wild-card. When this form is applied
+to recipient addresses, the Postfix SMTP server accepts
+mail for any recipient in \fIdomain\fR, regardless of whether
+that recipient exists. This may turn your mail system into
+a backscatter source that returns undeliverable spam to
+innocent people.
.SH "RESULT ADDRESS REWRITING"
.na
.nf
This section describes how the table lookups change when lookups
are directed to a TCP-based server. For a description of the TCP
client/server lookup protocol, see \fBtcp_table\fR(5).
-This feature is not available up to and including Postfix version 2.3.
+This feature is not available up to and including Postfix version 2.4.
Each lookup operation uses the entire address once. Thus,
\fIuser@domain\fR mail addresses are not broken up into their
The Postfix mail system uses optional lookup tables.
These tables are usually in \fBdbm\fR or \fBdb\fR format.
Alternatively, lookup tables can be specified in CIDR
-(Classless Inter-Domain Routing) form.
+(Classless Inter-Domain Routing) form. In this case, each
+input is compared against a list of patterns. When a match
+is found, the corresponding result is returned and the search
+is terminated.
To find out what types of lookup tables your Postfix system
supports use the "\fBpostconf -m\fR" command.
.nf
The CIDR table lookup code was originally written by:
Jozsef Kadlecsik
-kadlec@blackhole.kfki.hu
KFKI Research Institute for Particle and Nuclear Physics
POB. 49
1525 Budapest, Hungary
command. The result, an indexed file in \fBdbm\fR or
\fBdb\fR format, is used for fast searching by the mail
system. Execute the command "\fBpostmap /etc/postfix/generic\fR"
-in order to rebuild the indexed file after changing the
+to rebuild an indexed file after changing the corresponding
text file.
When the table is provided via other means such as NIS, LDAP
Alternatively, the table can be provided as a regular-expression
map where patterns are given as regular expressions, or lookups
-can be directed to TCP-based server. In that case, the lookups are
-done in a slightly different way as described below under
-"REGULAR EXPRESSION TABLES" and "TCP-BASED TABLES".
+can be directed to TCP-based server. In those case, the lookups
+are done in a slightly different way as described below under
+"REGULAR EXPRESSION TABLES" or "TCP-BASED TABLES".
.SH "CASE FOLDING"
.na
.nf
This section describes how the table lookups change when lookups
are directed to a TCP-based server. For a description of the TCP
client/server lookup protocol, see \fBtcp_table\fR(5).
-This feature is not available up to and including Postfix version 2.3.
+This feature is not available up to and including Postfix version 2.4.
Each lookup operation uses the entire address once. Thus,
\fIuser@domain\fR mail addresses are not broken up into their
.SH DESCRIPTION
.ad
.fi
-Postfix provides a simple built-in content inspection mechanism that
-examines incoming mail one message header or one message body line
-at a time. Each input is compared against a list of patterns, and
-when a match is found the corresponding action is executed.
-This feature is implemented by the Postfix \fBcleanup\fR(8) server.
+The Postfix \fBcleanup\fR(8) server supports access control
+on the content of message headers and message body lines.
+See \fBaccess\fR(5) for access control on remote SMTP client
+information.
+
+Each message header or message body line is compared against
+a list of patterns.
+When a match is found the corresponding action is executed, and
+the matching process is repeated for the next message header or
+message body line.
For examples, see the EXAMPLES section at the end of this
manual page.
.sp
Note: use "\fBpostsuper -r\fR" to release mail that was kept on
hold for a significant fraction of \fB$maximal_queue_lifetime\fR
-or \fB$bounce_queue_lifetime\fR, or longer.
+or \fB$bounce_queue_lifetime\fR, or longer. Use "\fBpostsuper -H\fR"
+only for mail that will not expire within a few delivery attempts.
.sp
Note: this action affects all recipients of the message.
.sp
In order to use LDAP lookups, define an LDAP source as a lookup
table in main.cf, for example:
+
.ti +4
alias_maps = ldap:/etc/postfix/ldap-aliases.cf
return the key itself.
For example, NEVER do this in a map defining $mydestination:
+
.in +4
query_filter = domain=*
.br
.in -4
Do this instead:
+
.in +4
query_filter = domain=%s
.br
strings.
.IP "\fBserver_host (default: localhost)\fR"
The name of the host running the LDAP server, e.g.
+
.ti +4
server_host = ldap.example.com
trying them in order should the first one fail. It should also
be possible to give each server in the list a different port
(overriding \fBserver_port\fR below), by naming them like
+
.ti +4
server_host = ldap.example.com:1444
With OpenLDAP, a (list of) LDAP URLs can be used to specify both
the hostname(s) and the port(s):
+
.ti +4
server_host = ldap://ldap.example.com:1444
.ti +8
including connections over UNIX domain sockets, and LDAP SSL
(the last one provided that OpenLDAP was compiled with support
for SSL):
+
.ti +4
server_host = ldapi://%2Fsome%2Fpath
.ti +8
ldaps://ldap.example.com:636
.IP "\fBserver_port (default: 389)\fR"
The port the LDAP server listens on, e.g.
+
.ti +4
server_port = 778
.IP "\fBtimeout (default: 10 seconds)\fR"
The number of seconds a search can take before timing out, e.g.
+
.ti +4
timeout = 5
.IP "\fBsearch_base (No default; you must configure this)\fR"
The RFC2253 base DN at which to conduct the search, e.g.
+
.ti +4
search_base = dc=your, dc=com
.IP
The RFC2254 filter used to search the directory, where \fB%s\fR
is a substitute for the address Postfix is trying to resolve,
e.g.
+
.ti +4
query_filter = (&(mail=%s)(paid_up=true))
are eligible for lookup: 'user' lookups, bare domain lookups
and "@domain" lookups are not performed. This can significantly
reduce the query load on the LDAP server.
+
.ti +4
domain = postfix.org, hash:/etc/postfix/searchdomains
The attribute(s) Postfix will read from any directory
entries returned by the lookup, to be resolved to an email
address.
+
.ti +4
result_attribute = mailbox, maildrop
-.IP "\fBspecial_result_attribute (No default)\fR"
+.IP "\fBspecial_result_attribute (default: empty)\fR"
The attribute(s) of directory entries that can contain DNs
or URLs. If found, a recursive subsequent search is done
using their values.
+
.ti +4
-special_result_attribute = member
+special_result_attribute = memberdn
DN recursion retrieves the same result_attributes as the
main query, including the special attributes for further
listed in "result_attribute". If the URI lists any of the
map's special result attributes, these are also retrieved
and used recursively.
+.IP "\fBterminal_result_attribute (default: empty)\fR"
+When one or more terminal result attributes are found in an LDAP
+entry, all other result attributes are ignored and only the terminal
+result attributes are returned. This is useful for delegating expansion
+of group members to a particular host, by using an optional "maildrop"
+attribute on selected groups to route the group to a specific host,
+where the group is expanded, possibly via mailing-list manager or
+other special processing.
+
+.ti +4
+terminal_result_attribute = maildrop
+
+This feature is available with Postfix 2.4 or later.
+.IP "\fBleaf_result_attribute (default: empty)\fR"
+When one or more special result attributes are found in a non-terminal
+(see above) LDAP entry, leaf result attributes are excluded from the
+expansion of that entry. This is useful when expanding groups and the
+desired mail address attribute(s) of the member objects obtained via
+DN or URI recursion are also present in the group object. To only
+return the attribute values from the leaf objects and not the
+containing group, add the attribute to the leaf_result_attribute list,
+and not the result_attribute list, which is always expanded. Note,
+the default value of "result_attribute" is not empty, you may want to
+set it explicitly empty when using "leaf_result_attribute" to expand
+the group to a list of member DN addresses. If groups have both
+member DN references AND attributes that hold multiple string valued
+rfc822 addresses, then the string attributes go in "result_attribute".
+The attributes that represent the email addresses of objects
+referenced via a DN (or LDAP URI) go in "leaf_result_attribute".
+
+.in +4
+result_attribute = memberaddr
+.br
+special_result_attribute = memberdn
+.br
+terminal_result_attribute = maildrop
+.br
+leaf_result_attribute = mail
+.in -4
+
+This feature is available with Postfix 2.4 or later.
.IP "\fBscope (default: sub)\fR"
The LDAP search scope: \fBsub\fR, \fBbase\fR, or \fBone\fR.
These translate into LDAP_SCOPE_SUBTREE, LDAP_SCOPE_BASE,
Whether or not to bind to the LDAP server. Newer LDAP
implementations don't require clients to bind, which saves
time. Example:
+
.ti +4
bind = no
the clear.
.IP "\fBbind_dn (default: empty)\fR"
If you do have to bind, do it with this distinguished name. Example:
+
.ti +4
bind_dn = uid=postfix, dc=your, dc=com
.IP "\fBbind_pw (default: empty)\fR"
password. This is because main.cf needs to be world readable
to allow local accounts to submit mail via the sendmail
command. Example:
+
.ti +4
bind_pw = postfixpw
.IP "\fBcache (IGNORED with a warning)\fR"
LDAP SSL service can be requested by using a LDAP SSL URL
in the server_host parameter:
+
.ti +4
server_host = ldaps://ldap.example.com:636
STARTTLS can be turned on with the start_tls parameter:
+
.ti +4
start_tls = yes
Both forms require LDAP protocol version 3, which has to be set
explicitly with:
+
.ti +4
version = 3
Here's a basic example for using LDAP to look up local(8)
aliases.
Assume that in main.cf, you have:
+
.ti +4
alias_maps = hash:/etc/aliases,
.ti +8
ldap:/etc/postfix/ldap-aliases.cf
and in ldap:/etc/postfix/ldap-aliases.cf you have:
+
.in +4
-server_host = ldap.my.com
+server_host = ldap.example.com
.br
-search_base = dc=my, dc=com
+search_base = dc=example, dc=com
.in -4
Upon receiving mail for a local address "ldapuser" that
isn't found in the /etc/aliases database, Postfix will
-search the LDAP server listening at port 389 on ldap.my.com.
+search the LDAP server listening at port 389 on ldap.example.com.
It will bind anonymously, search for any directory entries
whose mailacceptinggeneralid attribute is "ldapuser", read
the "maildrop" attributes of those found, and build a list
Alternatively, lookup tables can be specified in Perl Compatible
Regular Expression form. In this case, each input is compared
-against a list of patterns, and when a match is found the
-corresponding result is returned.
+against a list of patterns. When a match is found, the
+corresponding result is returned and the search is terminated.
To find out what types of lookup tables your Postfix system
supports use the "\fBpostconf -m\fR" command.
.PP
The format of the "delays=a/b/c/d" logging is as follows:
.IP \(bu
-a = time before the queue manager, including message transmission
+a = time from message arrival to last active queue entry
.IP \(bu
-b = time in queue manager
+b = time from last active queue entry to connection setup
.IP \(bu
c = time in connection setup, including DNS, EHLO and TLS
.IP \(bu
smtpd_discard_ehlo_keyword_address_maps.
.PP
This feature is available in Postfix 2.3 and later.
-.SH lmtp_discard_lhlo_keywords (default: $myhostname)
+.SH lmtp_discard_lhlo_keywords (default: empty)
A case insensitive list of LHLO keywords (pipelining, starttls,
auth, etc.) that the LMTP client will ignore in the LHLO response
from a remote LMTP server.
.ad
.ft R
.SH max_idle (default: 100s)
-The maximum amount of time that an idle Postfix daemon process
-waits for the next service request before exiting. This parameter
+The maximum amount of time that an idle Postfix daemon process waits
+for an incoming connection before terminating voluntarily. This
+parameter
is ignored by the Postfix queue manager and by other long-lived
Postfix daemon processes.
.PP
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
.SH max_use (default: 100)
-The maximal number of connection requests before a Postfix daemon
-process terminates. This parameter is ignored by the Postfix queue
+The maximal number of incoming connections that a Postfix daemon
+process will service before terminating voluntarily. This parameter
+is ignored by the Postfix queue
manager and by other long-lived Postfix daemon processes.
.SH maximal_backoff_time (default: 4000s)
The maximal time between attempts to deliver a deferred message.
.SH relay_recipient_maps (default: empty)
Optional lookup tables with all valid addresses in the domains
that match $relay_domains. Specify @domain as a wild-card for
-domains that do not have a valid recipient list. Technically, tables
+domains that have no valid recipient list, and become a source of
+backscatter mail: Postfix accepts spam for non-existent recipients
+and then floods innocent people with undeliverable mail. Technically,
+tables
listed with $relay_recipient_maps are used as lists: Postfix needs
to know only if a lookup string is found or not, but it does not
use the result from table lookup.
This feature is available in Postfix 2.2 and later.
.SH smtp_tls_cert_file (default: empty)
File with the Postfix SMTP client RSA certificate in PEM format.
-This file may also contain the client private key, and these may
-be the same as the server certificate and key file.
+This file may also contain the Postfix SMTP client private RSA key,
+and these may be the same as the Postfix SMTP server RSA certificate and key
+file.
.PP
Do not configure client certificates unless you \fBmust\fR present
client TLS certificates to one or more servers. Client certificates are
.PP
In order to verify certificates, the CA certificate (in case
of a certificate chain, all CA certificates) must be available.
-You should add these certificates to the server certificate, the
-server certificate first, then the issuing CA(s).
+You should add these certificates to the client certificate, the
+client certificate first, then the issuing CA(s).
.PP
Example: the certificate for "client.dom.ain" was issued by
"intermediate CA" which itself has a certificate of "root CA".
Create the client.pem file with "cat client_cert.pem intermediate_CA.pem
root_CA.pem > client.pem".
.PP
-If you want to accept remote SMTP server certificates issued
-by these CAs yourself, you can also add the CA certificates to the
-smtp_tls_CAfile, in which case it is not necessary to have them in
-the smtp_tls_cert_file or smtp_tls_dcert_file.
+If you also want to verify remote SMTP server certificates issued by
+these CAs, you can also add the CA certificates to the smtp_tls_CAfile,
+in which case it is not necessary to have them in the smtp_tls_cert_file
+or smtp_tls_dcert_file.
.PP
-A certificate supplied here must be usable as SSL client certificate and
-hence pass the "openssl verify -purpose sslclient ..." test.
+A certificate supplied here must be usable as an SSL client certificate
+and hence pass the "openssl verify -purpose sslclient ..." test.
.PP
Example:
.PP
Postfix 2.3 and later; use smtp_tls_mandatory_ciphers instead.
.SH smtp_tls_dcert_file (default: empty)
File with the Postfix SMTP client DSA certificate in PEM format.
-This file may also contain the server private key.
+This file may also contain the Postfix SMTP client private DSA key.
.PP
See the discussion under smtp_tls_cert_file for more details.
.PP
This feature is available in Postfix 2.2 and later.
.SH smtp_tls_dkey_file (default: $smtp_tls_dcert_file)
File with the Postfix SMTP client DSA private key in PEM format.
-The private key must not be encrypted. In other words, the key must
-be accessible without password.
+This file may be combined with the Postfix SMTP client DSA certificate
+file specified with $smtp_tls_dcert_file.
.PP
-This file may be combined with the server certificate file
-specified with $smtp_tls_cert_file.
+The private key must be accessible without a pass-phrase, i.e. it
+must not be encrypted, but file permissions should grant read/write
+access only to the system superuser account ("root").
.PP
This feature is available in Postfix 2.2 and later.
.SH smtp_tls_enforce_peername (default: yes)
This feature is available in Postfix 2.3 and later.
.SH smtp_tls_key_file (default: $smtp_tls_cert_file)
File with the Postfix SMTP client RSA private key in PEM format.
-This file may be combined with the client certificate file specified
-with $smtp_tls_cert_file.
+This file may be combined with the Postfix SMTP client RSA certificate
+file specified with $smtp_tls_cert_file.
.PP
-The private key must not be encrypted. In other words, the key
-must be accessible without password.
+The private key must be accessible without a pass-phrase, i.e. it
+must not be encrypted, but file permissions should grant read/write
+access only to the system superuser account ("root").
.PP
Example:
.PP
This feature is available in Postfix 2.2 and later.
.SH smtpd_tls_cert_file (default: empty)
File with the Postfix SMTP server RSA certificate in PEM format.
-This file may also contain the server private key.
+This file may also contain the Postfix SMTP server private RSA key.
.PP
Public Internet MX hosts without certificates signed by a "reputable"
CA must generate, and be prepared to present to most clients, a
Create the server.pem file with "cat server_cert.pem intermediate_CA.pem
root_CA.pem > server.pem".
.PP
-If you want to accept certificates issued by these CAs yourself,
-you can also add the CA certificates to the smtpd_tls_CAfile, in
-which case it is not necessary to have them in the smtpd_tls_dcert_file
-or smtpd_tls_cert_file.
+If you also want to verify client certificates issued by these
+CAs, you can add the CA certificates to the smtpd_tls_CAfile, in which
+case it is not necessary to have them in the smtpd_tls_cert_file or
+smtpd_tls_dcert_file.
.PP
-A certificate supplied here must be usable as SSL server
-certificate and hence pass the "openssl verify -purpose sslserver
-\e&..." test.
+A certificate supplied here must be usable as an SSL server certificate
+and hence pass the "openssl verify -purpose sslserver ..." test.
.PP
Example:
.PP
Postfix 2.3 and later; use smtpd_tls_mandatory_ciphers instead.
.SH smtpd_tls_dcert_file (default: empty)
File with the Postfix SMTP server DSA certificate in PEM format.
-This file may also contain the server private key.
+This file may also contain the Postfix SMTP server private key.
.PP
See the discussion under smtpd_tls_cert_file for more details.
.PP
This feature is available with Postfix version 2.2.
.SH smtpd_tls_dkey_file (default: $smtpd_tls_dcert_file)
File with the Postfix SMTP server DSA private key in PEM format.
-This file may be combined with the server certificate file specified
-with $smtpd_tls_dcert_file.
+This file may be combined with the Postfix SMTP server DSA certificate
+file specified with $smtpd_tls_dcert_file.
.PP
-The private key must not be encrypted. In other words, the key
-must be accessible without password.
+The private key must be accessible without a pass-phrase, i.e. it
+must not be encrypted, but file permissions should grant read/write
+access only to the system superuser account ("root").
.PP
This feature is available in Postfix 2.2 and later.
.SH smtpd_tls_exclude_ciphers (default: empty)
This feature is available in Postfix 2.3 and later.
.SH smtpd_tls_key_file (default: $smtpd_tls_cert_file)
File with the Postfix SMTP server RSA private key in PEM format.
-This file may be combined with the server certificate file specified
+This file may be combined with the Postfix SMTP server certificate
+file specified
with $smtpd_tls_cert_file.
.PP
-The private key must not be encrypted. In other words, the key
-must be accessible without password.
+The private key must be accessible without a pass-phrase, i.e. it
+must not be encrypted, but file permissions should grant read/write
+access only to the system superuser account ("root").
.SH smtpd_tls_loglevel (default: 0)
Enable additional Postfix SMTP server logging of TLS activity.
Each logging level also includes the information that is logged at
Alternatively, lookup tables can be specified in POSIX regular
expression form. In this case, each input is compared against a
-list of patterns, and when a match is found the corresponding
-result is returned.
+list of patterns. When a match is found, the corresponding
+result is returned and the search is terminated.
To find out what types of lookup tables your Postfix system
supports use the "\fBpostconf -m\fR" command.
that serves as input to the \fBpostmap\fR(1) command.
The result, an indexed file in \fBdbm\fR or \fBdb\fR format,
is used for fast searching by the mail system. Execute the command
-"\fBpostmap /etc/postfix/relocated\fR" in order to rebuild the indexed
-file after changing the relocated table.
+"\fBpostmap /etc/postfix/relocated\fR" to rebuild an indexed
+file after changing the corresponding relocated table.
When the table is provided via other means such as NIS, LDAP
or SQL, the same lookups are done as for ordinary indexed files.
Alternatively, the table can be provided as a regular-expression
map where patterns are given as regular expressions, or lookups
-can be directed to TCP-based server. In that case, the lookups are
-done in a slightly different way as described below under
-"REGULAR EXPRESSION TABLES" and "TCP-BASED TABLES".
+can be directed to TCP-based server. In those case, the lookups
+are done in a slightly different way as described below under
+"REGULAR EXPRESSION TABLES" or "TCP-BASED TABLES".
Table lookups are case insensitive.
.SH "CASE FOLDING"
expression lookup table syntax, see \fBregexp_table\fR(5) or
\fBpcre_table\fR(5). For a description of the TCP client/server
table lookup protocol, see \fBtcp_table\fR(5).
-This feature is not available up to and including Postfix version 2.3.
+This feature is not available up to and including Postfix version 2.4.
Each pattern is a regular expression that is applied to the entire
address being looked up. Thus, \fIuser@domain\fR mail addresses are not
This section describes how the table lookups change when lookups
are directed to a TCP-based server. For a description of the TCP
client/server lookup protocol, see \fBtcp_table\fR(5).
-This feature is not available up to and including Postfix version 2.3.
+This feature is not available up to and including Postfix version 2.4.
Each lookup operation uses the entire address once. Thus,
\fIuser@domain\fR mail addresses are not broken up into their
that serves as input to the \fBpostmap\fR(1) command.
The result, an indexed file in \fBdbm\fR or \fBdb\fR format, is used
for fast searching by the mail system. Execute the command
-"\fBpostmap /etc/postfix/transport\fR" in order to rebuild the indexed
-file after changing the transport table.
+"\fBpostmap /etc/postfix/transport\fR" to rebuild an indexed
+file after changing the corresponding transport table.
When the table is provided via other means such as NIS, LDAP
or SQL, the same lookups are done as for ordinary indexed files.
Alternatively, the table can be provided as a regular-expression
map where patterns are given as regular expressions, or lookups
-can be directed to TCP-based server. In that case, the lookups are
-done in a slightly different way as described below under
-"REGULAR EXPRESSION TABLES" and "TCP-BASED TABLES".
+can be directed to TCP-based server. In those case, the lookups
+are done in a slightly different way as described below under
+"REGULAR EXPRESSION TABLES" or "TCP-BASED TABLES".
.SH "CASE FOLDING"
.na
.nf
This section describes how the table lookups change when lookups
are directed to a TCP-based server. For a description of the TCP
client/server lookup protocol, see \fBtcp_table\fR(5).
-This feature is not available up to and including Postfix version 2.3.
+This feature is not available up to and including Postfix version 2.4.
Each lookup operation uses the entire recipient address once. Thus,
\fIsome.domain.hierarchy\fR is not looked up via its parent domains,
"\fBpostconf html_directory\fR" to locate this information.
.na
.nf
+ADDRESS_REWRITING_README, address rewriting guide
DATABASE_README, Postfix lookup table overview
FILTER_README, external content filter
.SH "LICENSE"
that serves as input to the \fBpostmap\fR(1) command.
The result, an indexed file in \fBdbm\fR or \fBdb\fR format,
is used for fast searching by the mail system. Execute the command
-"\fBpostmap /etc/postfix/virtual\fR" in order to rebuild the indexed
-file after changing the text file.
+"\fBpostmap /etc/postfix/virtual\fR" to rebuild an indexed
+file after changing the corresponding text file.
When the table is provided via other means such as NIS, LDAP
or SQL, the same lookups are done as for ordinary indexed files.
Alternatively, the table can be provided as a regular-expression
map where patterns are given as regular expressions, or lookups
-can be directed to TCP-based server. In that case, the lookups are
-done in a slightly different way as described below under
-"REGULAR EXPRESSION TABLES" and "TCP-BASED TABLES".
+can be directed to TCP-based server. In those case, the lookups
+are done in a slightly different way as described below under
+"REGULAR EXPRESSION TABLES" or "TCP-BASED TABLES".
.SH "CASE FOLDING"
.na
.nf
.IP "@\fIdomain address, address, ...\fR"
Redirect mail for other users in \fIdomain\fR to \fIaddress\fR.
This form has the lowest precedence.
+.sp
+Note: @\fIdomain\fR is a wild-card. With this form, the
+Postfix SMTP server accepts
+mail for any recipient in \fIdomain\fR, regardless of whether
+that recipient exists. This may turn your mail system into
+a backscatter source that returns undeliverable spam to
+innocent people.
.SH "RESULT ADDRESS REWRITING"
.na
.nf
This section describes how the table lookups change when lookups
are directed to a TCP-based server. For a description of the TCP
client/server lookup protocol, see \fBtcp_table\fR(5).
-This feature is not available up to and including Postfix version 2.3.
+This feature is not available up to and including Postfix version 2.4.
Each lookup operation uses the entire address once. Thus,
\fIuser@domain\fR mail addresses are not broken up into their
"\fBpostconf html_directory\fR" to locate this information.
.na
.nf
-DATABASE_README, Postfix lookup table overview
ADDRESS_REWRITING_README, address rewriting guide
+DATABASE_README, Postfix lookup table overview
VIRTUAL_README, domain hosting guide
.SH "LICENSE"
.na
The time limit for sending or receiving information over an internal
communication channel.
.IP "\fBmax_idle (100s)\fR"
-The maximum amount of time that an idle Postfix daemon process
-waits for the next service request before exiting.
+The maximum amount of time that an idle Postfix daemon process waits
+for an incoming connection before terminating voluntarily.
.IP "\fBmax_use (100)\fR"
-The maximal number of connection requests before a Postfix daemon
-process terminates.
+The maximal number of incoming connections that a Postfix daemon
+process will service before terminating voluntarily.
.IP "\fBprocess_id (read-only)\fR"
The process ID of a Postfix command or daemon process.
.IP "\fBprocess_name (read-only)\fR"
The mail system name that is displayed in Received: headers, in
the SMTP greeting banner, and in bounced mail.
.IP "\fBmax_idle (100s)\fR"
-The maximum amount of time that an idle Postfix daemon process
-waits for the next service request before exiting.
+The maximum amount of time that an idle Postfix daemon process waits
+for an incoming connection before terminating voluntarily.
.IP "\fBmax_use (100)\fR"
-The maximal number of connection requests before a Postfix daemon
-process terminates.
+The maximal number of incoming connections that a Postfix daemon
+process will service before terminating voluntarily.
.IP "\fBnotify_classes (resource, software)\fR"
The list of error classes that are reported to the postmaster.
.IP "\fBprocess_id (read-only)\fR"
The time limit for sending or receiving information over an internal
communication channel.
.IP "\fBmax_idle (100s)\fR"
-The maximum amount of time that an idle Postfix daemon process
-waits for the next service request before exiting.
+The maximum amount of time that an idle Postfix daemon process waits
+for an incoming connection before terminating voluntarily.
.IP "\fBmax_use (100)\fR"
-The maximal number of connection requests before a Postfix daemon
-process terminates.
+The maximal number of incoming connections that a Postfix daemon
+process will service before terminating voluntarily.
.IP "\fBmyhostname (see 'postconf -d' output)\fR"
The internet hostname of this mail system.
.IP "\fBmyorigin ($myhostname)\fR"
The time limit for sending or receiving information over an internal
communication channel.
.IP "\fBmax_idle (100s)\fR"
-The maximum amount of time that an idle Postfix daemon process
-waits for the next service request before exiting.
+The maximum amount of time that an idle Postfix daemon process waits
+for an incoming connection before terminating voluntarily.
.IP "\fBmax_use (100)\fR"
-The maximal number of connection requests before a Postfix daemon
-process terminates.
+The maximal number of incoming connections that a Postfix daemon
+process will service before terminating voluntarily.
.IP "\fBprocess_id (read-only)\fR"
The process ID of a Postfix command or daemon process.
.IP "\fBprocess_name (read-only)\fR"
The Postfix \fBerror\fR(8) delivery agent processes delivery
requests from
the queue manager. Each request specifies a queue file, a sender
-address, a domain or host name that is treated as the reason for
-non-delivery, and recipient information.
+address, the reason for non-delivery (specified as the
+next-hop destination), and recipient information.
The reason may be prefixed with an RFC 3463-compatible detail code.
This program expects to be run from the \fBmaster\fR(8) process
manager.
The time limit for sending or receiving information over an internal
communication channel.
.IP "\fBmax_idle (100s)\fR"
-The maximum amount of time that an idle Postfix daemon process
-waits for the next service request before exiting.
+The maximum amount of time that an idle Postfix daemon process waits
+for an incoming connection before terminating voluntarily.
.IP "\fBmax_use (100)\fR"
-The maximal number of connection requests before a Postfix daemon
-process terminates.
+The maximal number of incoming connections that a Postfix daemon
+process will service before terminating voluntarily.
.IP "\fBnotify_classes (resource, software)\fR"
The list of error classes that are reported to the postmaster.
.IP "\fBprocess_id (read-only)\fR"
The time limit for sending or receiving information over an internal
communication channel.
.IP "\fBmax_idle (100s)\fR"
-The maximum amount of time that an idle Postfix daemon process
-waits for the next service request before exiting.
+The maximum amount of time that an idle Postfix daemon process waits
+for an incoming connection before terminating voluntarily.
.IP "\fBmax_use (100)\fR"
-The maximal number of connection requests before a Postfix daemon
-process terminates.
+The maximal number of incoming connections that a Postfix daemon
+process will service before terminating voluntarily.
.IP "\fBparent_domain_matches_subdomains (see 'postconf -d' output)\fR"
What Postfix features match subdomains of "domain.tld" automatically,
instead of requiring an explicit ".domain.tld" pattern.
.IP "\fBlocal_command_shell (empty)\fR"
Optional shell program for \fBlocal\fR(8) delivery to non-Postfix command.
.IP "\fBmax_idle (100s)\fR"
-The maximum amount of time that an idle Postfix daemon process
-waits for the next service request before exiting.
+The maximum amount of time that an idle Postfix daemon process waits
+for an incoming connection before terminating voluntarily.
.IP "\fBmax_use (100)\fR"
-The maximal number of connection requests before a Postfix daemon
-process terminates.
+The maximal number of incoming connections that a Postfix daemon
+process will service before terminating voluntarily.
.IP "\fBprepend_delivered_header (command, file, forward)\fR"
The message delivery contexts where the Postfix \fBlocal\fR(8) delivery
agent prepends a Delivered-To: message header with the address
The default maximal number of Postfix child processes that provide
a given service.
.IP "\fBmax_idle (100s)\fR"
-The maximum amount of time that an idle Postfix daemon process
-waits for the next service request before exiting.
+The maximum amount of time that an idle Postfix daemon process waits
+for an incoming connection before terminating voluntarily.
.IP "\fBmax_use (100)\fR"
-The maximal number of connection requests before a Postfix daemon
-process terminates.
+The maximal number of incoming connections that a Postfix daemon
+process will service before terminating voluntarily.
.IP "\fBservice_throttle_time (60s)\fR"
How long the Postfix \fBmaster\fR(8) waits before forking a server that
appears to be malfunctioning.
Upon input, long lines are chopped up into pieces of at most
this length; upon delivery, long lines are reconstructed.
.IP "\fBmax_idle (100s)\fR"
-The maximum amount of time that an idle Postfix daemon process
-waits for the next service request before exiting.
+The maximum amount of time that an idle Postfix daemon process waits
+for an incoming connection before terminating voluntarily.
.IP "\fBmax_use (100)\fR"
-The maximal number of connection requests before a Postfix daemon
-process terminates.
+The maximal number of incoming connections that a Postfix daemon
+process will service before terminating voluntarily.
.IP "\fBprocess_id (read-only)\fR"
The process ID of a Postfix command or daemon process.
.IP "\fBprocess_name (read-only)\fR"
by, for example, \fBUUCP\fR software.
.RE
.IP "\fBnull_sender\fR=\fIreplacement\fR (default: MAILER-DAEMON)"
-Replace the null sender address, which is typically used
-for delivery status notifications, with the specified text
+Replace the null sender address (typically used for delivery
+status notifications) with the specified text
when expanding the \fB$sender\fR command-line macro, and
when generating a From_ or Return-Path: message header.
The UNIX system account that owns the Postfix queue and most Postfix
daemon processes.
.IP "\fBmax_idle (100s)\fR"
-The maximum amount of time that an idle Postfix daemon process
-waits for the next service request before exiting.
+The maximum amount of time that an idle Postfix daemon process waits
+for an incoming connection before terminating voluntarily.
.IP "\fBmax_use (100)\fR"
-The maximal number of connection requests before a Postfix daemon
-process terminates.
+The maximal number of incoming connections that a Postfix daemon
+process will service before terminating voluntarily.
.IP "\fBprocess_id (read-only)\fR"
The process ID of a Postfix command or daemon process.
.IP "\fBprocess_name (read-only)\fR"
The time limit for sending or receiving information over an internal
communication channel.
.IP "\fBmax_idle (100s)\fR"
-The maximum amount of time that an idle Postfix daemon process
-waits for the next service request before exiting.
+The maximum amount of time that an idle Postfix daemon process waits
+for an incoming connection before terminating voluntarily.
.IP "\fBmax_use (100)\fR"
-The maximal number of connection requests before a Postfix daemon
-process terminates.
+The maximal number of incoming connections that a Postfix daemon
+process will service before terminating voluntarily.
.IP "\fBprocess_id (read-only)\fR"
The process ID of a Postfix command or daemon process.
.IP "\fBprocess_name (read-only)\fR"
The time limit for sending or receiving information over an internal
communication channel.
.IP "\fBmax_idle (100s)\fR"
-The maximum amount of time that an idle Postfix daemon process
-waits for the next service request before exiting.
+The maximum amount of time that an idle Postfix daemon process waits
+for an incoming connection before terminating voluntarily.
.IP "\fBmax_use (100)\fR"
-The maximal number of connection requests before a Postfix daemon
-process terminates.
+The maximal number of incoming connections that a Postfix daemon
+process will service before terminating voluntarily.
.IP "\fBprocess_id (read-only)\fR"
The process ID of a Postfix command or daemon process.
.IP "\fBprocess_name (read-only)\fR"
The time limit for sending or receiving information over an internal
communication channel.
.IP "\fBmax_idle (100s)\fR"
-The maximum amount of time that an idle Postfix daemon process
-waits for the next service request before exiting.
+The maximum amount of time that an idle Postfix daemon process waits
+for an incoming connection before terminating voluntarily.
.IP "\fBprocess_id (read-only)\fR"
The process ID of a Postfix command or daemon process.
.IP "\fBprocess_name (read-only)\fR"
The time limit for sending or receiving information over an internal
communication channel.
.IP "\fBmax_idle (100s)\fR"
-The maximum amount of time that an idle Postfix daemon process
-waits for the next service request before exiting.
+The maximum amount of time that an idle Postfix daemon process waits
+for an incoming connection before terminating voluntarily.
.IP "\fBmax_use (100)\fR"
-The maximal number of connection requests before a Postfix daemon
-process terminates.
+The maximal number of incoming connections that a Postfix daemon
+process will service before terminating voluntarily.
.IP "\fBprocess_id (read-only)\fR"
The process ID of a Postfix command or daemon process.
.IP "\fBprocess_name (read-only)\fR"
By default, connection caching is enabled temporarily for
destinations that have a high volume of mail in the active
-queue. Session caching can be enabled permanently for
+queue. Connection caching can be enabled permanently for
specific destinations.
.SH "SMTP DESTINATION SYNTAX"
.na
case insensitive lists of LHLO keywords (pipelining, starttls,
auth, etc.) that the LMTP client will ignore in the LHLO response
from a remote LMTP server.
-.IP "\fBlmtp_discard_lhlo_keywords ($myhostname)\fR"
+.IP "\fBlmtp_discard_lhlo_keywords (empty)\fR"
A case insensitive list of LHLO keywords (pipelining, starttls,
auth, etc.) that the LMTP client will ignore in the LHLO response
from a remote LMTP server.
.IP "\fBlmtp_tcp_port (24)\fR"
The default TCP port that the Postfix LMTP client connects to.
.IP "\fBmax_idle (100s)\fR"
-The maximum amount of time that an idle Postfix daemon process
-waits for the next service request before exiting.
+The maximum amount of time that an idle Postfix daemon process waits
+for an incoming connection before terminating voluntarily.
.IP "\fBmax_use (100)\fR"
-The maximal number of connection requests before a Postfix daemon
-process terminates.
+The maximal number of incoming connections that a Postfix daemon
+process will service before terminating voluntarily.
.IP "\fBprocess_id (read-only)\fR"
The process ID of a Postfix command or daemon process.
.IP "\fBprocess_name (read-only)\fR"
The UNIX system account that owns the Postfix queue and most Postfix
daemon processes.
.IP "\fBmax_idle (100s)\fR"
-The maximum amount of time that an idle Postfix daemon process
-waits for the next service request before exiting.
+The maximum amount of time that an idle Postfix daemon process waits
+for an incoming connection before terminating voluntarily.
.IP "\fBmax_use (100)\fR"
-The maximal number of connection requests before a Postfix daemon
-process terminates.
+The maximal number of incoming connections that a Postfix daemon
+process will service before terminating voluntarily.
.IP "\fBmyhostname (see 'postconf -d' output)\fR"
The internet hostname of this mail system.
.IP "\fBmynetworks (see 'postconf -d' output)\fR"
The UNIX system account that owns the Postfix queue and most Postfix
daemon processes.
.IP "\fBmax_idle (100s)\fR"
-The maximum amount of time that an idle Postfix daemon process
-waits for the next service request before exiting.
+The maximum amount of time that an idle Postfix daemon process waits
+for an incoming connection before terminating voluntarily.
.IP "\fBmax_use (100)\fR"
-The maximal number of connection requests before a Postfix daemon
-process terminates.
+The maximal number of incoming connections that a Postfix daemon
+process will service before terminating voluntarily.
.IP "\fBprocess_id (read-only)\fR"
The process ID of a Postfix command or daemon process.
.IP "\fBprocess_name (read-only)\fR"
The time limit for sending or receiving information over an internal
communication channel.
.IP "\fBmax_idle (100s)\fR"
-The maximum amount of time that an idle Postfix daemon process
-waits for the next service request before exiting.
+The maximum amount of time that an idle Postfix daemon process waits
+for an incoming connection before terminating voluntarily.
.IP "\fBmax_use (100)\fR"
-The maximal number of connection requests before a Postfix daemon
-process terminates.
+The maximal number of incoming connections that a Postfix daemon
+process will service before terminating voluntarily.
.IP "\fBrelocated_maps (empty)\fR"
Optional lookup tables with new contact information for users or
domains that no longer exist.
The time limit for sending or receiving information over an internal
communication channel.
.IP "\fBmax_idle (100s)\fR"
-The maximum amount of time that an idle Postfix daemon process
-waits for the next service request before exiting.
+The maximum amount of time that an idle Postfix daemon process waits
+for an incoming connection before terminating voluntarily.
.IP "\fBmax_use (100)\fR"
-The maximal number of connection requests before a Postfix daemon
-process terminates.
+The maximal number of incoming connections that a Postfix daemon
+process will service before terminating voluntarily.
.IP "\fBprocess_id (read-only)\fR"
The process ID of a Postfix command or daemon process.
.IP "\fBprocess_name (read-only)\fR"
<p> The sender/recipient address verification feature described in this
document is suitable only for low-traffic sites. It performs poorly
-under high load and may cause your site to be blacklisted by some
+under high load; excessive sender address verification activity may
+even cause your site to be blacklisted by some
providers. See the "<a href="#limitations">Limitations</a>" section
below for details. </p>
where "host" specifies a symbolic hostname or a numeric IP address,
and "port" specifies a symbolic service name or a numeric port
number. This protocol is not available up to and including Postfix
-version 2.2. </dd>
+version 2.4. </dd>
<dt> <b>unix</b> (read-only) </dt>
<li><a href="#example_virtual">Example: virtual domains/addresses</a>
+<li><a href="#example_group">Example: expanding LDAP groups</a>
+
<li><a href="#other">Other uses of LDAP lookups</a>
<li><a href="#hmmmm">Notes and things to think about</a>
<blockquote>
<pre>
-server_host = ldap.my.com
-search_base = dc=my, dc=com
+server_host = ldap.example.com
+search_base = dc=example, dc=com
</pre>
</blockquote>
<p> Upon receiving mail for a local address "ldapuser" that isn't
found in the /etc/aliases database, Postfix will search the LDAP
-server listening at port 389 on ldap.my.com. It will bind anonymously,
+server listening at port 389 on ldap.example.com. It will bind anonymously,
search for any directory entries whose mailacceptinggeneralid
attribute is "ldapuser", read the "maildrop" attributes of those
found, and build a list of their maildrops, which will be treated
fully qualified with their virtual domains. Finally, if you want
to designate a directory entry as the default user for a virtual
domain, just give it an additional mailacceptinggeneralid (or the
-equivalent in your directory) of "@virtual.dom". That's right, no
+equivalent in your directory) of "@fake.dom". That's right, no
user part. If you don't want a catchall user, omit this step and
mail to unknown users in the domain will simply bounce. </p>
maildrop, e.g. "normaluser@fake.dom" and "normaluser@real.dom".
</p>
+<h2><a name="example_group">Example: expanding LDAP groups</a></h2>
+
+<p> LDAP is frequently used to store group member information, and Postfix
+supports expanding a group's email address to the list of email addresses
+of the group members. There are a number of ways of handling LDAP groups,
+which will be illustrated via the mock LDAP entries and implied schema
+below. This shows two group entries "agroup" and "bgroup" and four
+user entries "auser", "buser", "cuser" and "duser". The group "agroup"
+has the users "auser" (1) and "buser" (2) as members via DN references
+in the multi-valued attribute "memberdn", and direct email addresses of
+two external users "auser@example.org" (3) and "buser@example.org" (4)
+stored in the multi-valued attribute "memberaddr". The same is true of
+"bgroup" and "cuser"/"duser" (6)/(7)/(8)/(9), but "bgroup" also has a
+"maildrop" attribute of "bgroup@mlm.example.com" (5): </p>
+
+<blockquote>
+<pre>
+ dn: cn=agroup, dc=example, dc=com
+ objectclass: top
+ objectclass: ldapgroup
+ cn: agroup
+ mail: agroup@example.com
+1 -> memberdn: uid=auser, dc=example, dc=com
+2 -> memberdn: uid=buser, dc=example, dc=com
+3 -> memberaddr: auser@example.org
+4 -> memberaddr: buser@example.org
+</pre>
+<br>
+
+<pre>
+ dn: cn=bgroup, dc=example, dc=com
+ objectclass: top
+ objectclass: ldapgroup
+ cn: bgroup
+ mail: bgroup@example.com
+5 -> maildrop: bgroup@mlm.example.com
+6 -> memberdn: uid=cuser, dc=example, dc=com
+7 -> memberdn: uid=duser, dc=example, dc=com
+8 -> memberaddr: cuser@example.org
+9 -> memberaddr: duser@example.org
+</pre>
+<br>
+
+<pre>
+ dn: uid=auser, dc=example, dc=com
+ objectclass: top
+ objectclass: ldapuser
+ uid: auser
+10 -> mail: auser@example.com
+11 -> maildrop: auser@mailhub.example.com
+</pre>
+<br>
+
+<pre>
+ dn: uid=buser, dc=example, dc=com
+ objectclass: top
+ objectclass: ldapuser
+ uid: buser
+12 -> mail: buser@example.com
+13 -> maildrop: buser@mailhub.example.com
+</pre>
+<br>
+
+<pre>
+ dn: uid=cuser, dc=example, dc=com
+ objectclass: top
+ objectclass: ldapuser
+ uid: cuser
+14 -> mail: cuser@example.com
+</pre>
+<br>
+
+<pre>
+ dn: uid=duser, dc=example, dc=com
+ objectclass: top
+ objectclass: ldapuser
+ uid: duser
+15 -> mail: duser@example.com
+</pre>
+<br>
+
+</blockquote>
+
+<p> Our first use case ignores the "memberdn" attributes, and assumes
+that groups hold only direct "memberaddr" strings as in (3), (4), (8) and
+(9). The goal is to map the group address to the list of constituent
+"memberaddr" values. This is simple, ignoring the various connection
+related settings (hosts, ports, bind settings, timeouts, ...) we have:
+</p>
+
+<blockquote>
+<pre>
+ simple.cf:
+ ...
+ search_base = dc=example, dc=com
+ query_filter = mail=%s
+ result_attribute = memberaddr
+ $ postmap -q agroup@example.com ldap:simple.cf
+ auser@example.org,buser@example.org
+</pre>
+</blockquote>
+
+<p> We search "dc=example, dc=com". The "mail" attribute is used in the
+query_filter to locate the right group, the "result_attribute" setting
+described in ldap_table(5) is used to specify that "memberaddr" values
+from the matching group are to be returned as a comma separated list.
+Always check tables using postmap(1) with the "-q" option, before
+deploying them into production use in main.cf. </p>
+
+<p> Our second use case also expands "memberdn" attributes (1), (2),
+(6) and (7), follows the DN references and returns the "maildrop" of the
+referenced user entries. Here we use the "special_result_attribute"
+setting from ldap_table(5) to designate the "memberdn" attribute
+as holding DNs of the desired member entries. The "result_attribute"
+setting selects which attributes are returned from the selected DNs. It
+is important to choose a result attribute that is not also present in
+the group object, because result attributes are collected from both
+the group and the member DNs. In this case we choose "maildrop" and
+assume for the moment that groups never have a "maildrop" (the "bgroup"
+"maildrop" attribute is for a different use case). The returned data for
+"auser" and "buser" is from items (11) and (13) in the mock data. </p>
+
+<blockquote>
+<pre>
+ special.cf:
+ ...
+ search_base = dc=example, dc=com
+ query_filter = mail=%s
+ result_attribute = memberaddr, maildrop
+ special_result_attribute = memberdn
+ $ postmap -q agroup@example.com ldap:special.cf
+ auser@mailhub.example.com,buser@mailhub.example.com,auser@example.org,buser@example.org
+</pre>
+</blockquote>
+
+<p> Note: if the desired member object result attribute is always also
+present in the group, you get suprising results, the expansion also
+returns the address of the group. This is a known limitation of Postfix
+releases prior to 2.4, and is addressed in the new with Postfix 2.4
+"leaf_result_attribute" feature described in ldap_table(5). </p>
+
+<p> Our third use case has some groups that are expanded immediately,
+and other groups that are forwarded to a dedicated mailing list manager
+host for delayed expansion. This uses two LDAP tables, one for users
+and forwarded groups and a second for groups that can be expanded
+immediately. It is assumed that groups that require forwarding are
+never nested members of groups that are directly expanded. </p>
+
+<blockquote>
+<pre>
+ no_expand.cf:
+ ...
+ search_base = dc=example, dc=com
+ query_filter = mail=%s
+ result_attribute = maildrop
+ expand.cf
+ ...
+ search_base = dc=example, dc=com
+ query_filter = mail=%s
+ result_attribute = memberaddr, maildrop
+ special_result_attribute = memberdn
+ $ postmap -q auser@example.com ldap:no_expand.cf ldap:expand.cf
+ auser@mailhub.example.com
+ $ postmap -q agroup@example.com ldap:no_expand.cf ldap:expand.cf
+ auser@mailhub.example.com,buser@mailhub.example.com,auser@example.org,buser@example.org
+ $ postmap -q bgroup@example.com ldap:no_expand.cf ldap:expand.cf
+ bgroup@mlm.example.com
+</pre>
+</blockquote>
+
+<p> Non-group objects and groups with delayed expansion (those that have a
+maildrop attribute) are rewritten to a single maildrop value. Groups that
+don't have a maildrop are expanded as the second use case. This admits
+a more elegant solution with Postfix 2.4 and later. </p>
+
+<p> Our final use case is the same as the third, but this time uses new
+features in Postfix 2.4. We now are able to use just one LDAP table and
+no longer need to assume that forwarded groups are never nested inside
+expanded groups. </p>
+
+<blockquote>
+<pre>
+ fancy.cf:
+ ...
+ search_base = dc=example, dc=com
+ query_filter = mail=%s
+ result_attribute = memberaddr
+ special_result_attribute = memberdn
+ terminal_result_attribute = maildrop
+ leaf_result_attribute = mail
+ $ postmap -q auser@example.com ldap:fancy.cf
+ auser@mailhub.example.com
+ $ postmap -q cuser@example.com ldap:fancy.cf
+ cuser@example.com
+ $ postmap -q agroup@example.com ldap:fancy.cf
+ auser@mailhub.example.com,buser@mailhub.example.com,auser@example.org,buser@example.org
+ $ postmap -q bgroup@example.com ldap:fancy.cf
+ bgroup@mlm.example.com
+</pre>
+</blockquote>
+
+<p> Above, delayed expansion is enabled via "terminal_result_attribute",
+which, if present, is used as the sole result and all other expansion is
+suppressed. Otherwise, the "leaf_result_attribute" is only returned for
+leaf objects that don't have a "special_result_attribute" (non-groups),
+while the "result_attribute" (direct member address of groups) is returned
+at every level of recursive expansion, not just the leaf nodes. This fancy
+example illustrates all the features of Postfix 2.4 group expansion. </p>
+
<h2><a name="other">Other uses of LDAP lookups</a></h2>
Other common uses for LDAP lookups include rewriting senders and
recipients with Postfix's canonical lookups, for example in order
to make mail leaving your site appear to be coming from
-"First.Last@site.dom" instead of "userid@site.dom".
+"First.Last@example.com" instead of "userid@example.com".
<h2><a name="hmmmm">Notes and things to think about</a></h2>
<blockquote>
<pre>
-dn: cn=Accounting Staff List, dc=my, dc=com
+dn: cn=Accounting Staff List, dc=example, dc=com
cn: Accounting Staff List
-o: my.com
+o: example.com
objectclass: maillist
mailacceptinggeneralid: accountingstaff
mailacceptinggeneralid: accounting-staff
<h2>Purpose of this document </h2>
-<p> This document describes the qshape(1) program which helps the
-administrator understand the Postfix queue message distribution
-sorted by time and by sender or recipient domain. qshape(1) is
-bundled with the Postfix 2.1 source under the "auxiliary" directory.
-</p>
-
-<p> In order to understand the output of qshape(1), it useful to
-understand the various Postfix queues. To this end the role of each
-Postfix queue directory is described briefly in the "Background
-info: Postfix queue directories" section near the end of this
-document. </p>
+<p> This document is an introduction to Postfix queue congestion analysis.
+It explains how the qshape(1) program can help to track down the
+reason for queue congestion. qshape(1) is bundled with Postfix
+2.1 and later source code, under the "auxiliary" directory. This
+document describes qshape(1) as bundled with Postfix 2.4. </p>
<p> This document covers the following topics: </p>
<li><a href="#backlog">Example 4: High volume destination backlog</a>
-<li><a href="#queues">Background info: Postfix queue directories</a>
+<li><a href="#queues">Postfix queue directories</a>
<ul>
<h2><a name="qshape">Introducing the qshape tool</a></h2>
-
<p> When mail is draining slowly or the queue is unexpectedly large,
run qshape(1) as the super-user (root) to help zero in on the problem.
The qshape(1) program displays a tabular view of the Postfix queue
</ul>
+<p> When the output is a terminal intermediate results showing the top 20
+domains (-n option) are displayed after every 1000 messages (-N option)
+and the final output also shows only the top 20 domains. This makes
+qshape useful even when the deferred queue is very large and it may
+otherwise take prohibitively long to read the entire deferred queue. </p>
+
<p> By default, qshape shows statistics for the union of both the
incoming and active queues which are the most relevant queues to
look at when analyzing performance. </p>
<blockquote>
<pre>
-$ qshape deferred | less
-$ qshape incoming active deferred | less
+$ qshape deferred
+$ qshape incoming active deferred
</pre>
</blockquote>
<p> The problem destinations or sender domains appear near the top
left corner of the output table. Remember that the active queue
can accommodate up to 20000 ($qmgr_message_active_limit) messages.
-To check wether this limit has been reached, use: </p>
+To check whether this limit has been reached, use: </p>
<blockquote>
<pre>
-$ qshape -s active | head <i>(show sender statistics)</i>
+$ qshape -s active <i>(show sender statistics)</i>
</pre>
</blockquote>
not yet saturated, any high volume sender domains show near the
top of the output.
-<p> The active queue is also limited to at most 20000 recipient
-addresses ($qmgr_message_recipient_limit). To check for exhaustion
-of this limit use: </p>
+<p> With oqmgr(8) the active queue is also limited to at most 20000
+recipient addresses ($qmgr_message_recipient_limit). To check for
+exhaustion of this limit use: </p>
<blockquote>
<pre>
-$ qshape active | head <i>(show recipient statistics)</i>
+$ qshape active <i>(show recipient statistics)</i>
</pre>
</blockquote>
take measures to ensure that the mail is deferred instead or even
add an access(5) rule asking the sender to try again later. </p>
-<p> If a high volume destination exhibits frequent bursts of
-consecutive connections refused by all MX hosts or "421 Server busy
-errors", it is possible for the queue manager to mark the destination
-as "dead" despite the transient nature of the errors. The destination
-will be retried again after the expiration of a $minimal_backoff_time
-timer. If the error bursts are frequent enough it may be that only
-a small quantity of email is delivered before the destination is
-again marked "dead". </p>
+<p> If a high volume destination exhibits frequent bursts of consecutive
+connections refused by all MX hosts or "421 Server busy errors", it
+is possible for the queue manager to mark the destination as "dead"
+despite the transient nature of the errors. The destination will be
+retried again after the expiration of a $minimal_backoff_time timer.
+If the error bursts are frequent enough it may be that only a small
+quantity of email is delivered before the destination is again marked
+"dead". In some cases enabling static (not on demand) connection
+caching by listing the appropriate nexthop domain in a table included in
+"smtp_connection_cache_destinations" may help to reduce the error rate,
+because most messages will re-use existing connections. </p>
<p> The MTA that has been observed most frequently to exhibit such
bursts of errors is Microsoft Exchange, which refuses connections
server propagate the refused connection to the client as a "421"
error. </p>
-<p> Note that it is now possible to configure Postfix to exhibit
-similarly erratic behavior by misconfiguring the anvil(8) server
-(not included in Postfix 2.1.). Do not use anvil(8) for steady-state
-rate limiting, its purpose is DoS prevention and the rate limits
-set should be very generous! </p>
+<p> Note that it is now possible to configure Postfix to exhibit similarly
+erratic behavior by misconfiguring the anvil(8) service. Do not use
+anvil(8) for steady-state rate limiting, its purpose is (unintentional)
+DoS prevention and the rate limits set should be very generous! </p>
-<p> In the long run it is hoped that the Postfix dead host detection
-and concurrency control mechanism will be tuned to be more "noise"
-tolerant. If one finds oneself needing to deliver a high volume
-of mail to a destination that exhibits frequent brief bursts of
-errors, there is a subtle workaround. </p>
+<p> If one finds oneself needing to deliver a high volume of mail to a
+destination that exhibits frequent brief bursts of errors and connection
+caching does not solve the problem, there is a subtle workaround. </p>
<ul>
transport (a number in the 10-20 range is typical). </p>
<li> <p> IMPORTANT!!! In main.cf configure a very large initial
-and destination concurrency limit for this transport (say 200). </p>
+and destination concurrency limit for this transport (say 2000). </p>
<pre>
/etc/postfix/main.cf:
- initial_destination_concurrency = 200
- <i>transportname</i>_destination_concurrency_limit = 200
+ initial_destination_concurrency = 2000
+ <i>transportname</i>_destination_concurrency_limit = 2000
</pre>
<p> Where <i>transportname</i> is the name of the master.cf entry
</ul>
-<p> The effect of this surprising configuration is that up to 200
+<p> The effect of this surprising configuration is that up to 2000
consecutive errors are tolerated without marking the destination
dead, while the total concurrency remains reasonable (10-20
processes). This trick is only for a very specialized situation:
high volume delivery into a channel with multi-error bursts
that is capable of high throughput, but is repeatedly throttled by
-the bursts of errors.
+the bursts of errors. </p>
<p> When a destination is unable to handle the load even after the
Postfix process limit is reduced to 1, a desperate measure is to
<p> Hopefully a more elegant solution to these problems will be
found in the future. </p>
-<h2><a name="queues">Background info: Postfix queue directories</a></h2>
+<h2><a name="queues">Postfix queue directories</a></h2>
<p> The following sections describe Postfix queues: their purpose,
what normal behavior looks like, and how to diagnose abnormal
<p> All mail that enters the main Postfix queue does so via the
cleanup(8) service. The cleanup service is responsible for envelope
and header rewriting, header and body regular expression checks,
-automatic bcc recipient processing and guaranteed insertion of the
-message into the Postfix "incoming" queue. </p>
+automatic bcc recipient processing, milter content processing, and
+reliable insertion of the message into the Postfix "incoming" queue. </p>
<p> In the absence of excessive CPU consumption in cleanup(8) header
or body regular expression checks or other software consuming all
disk I/O latency (+ CPU if not negligible) of the cleanup service.
</p>
-<p> Congestion in this queue is indicative of an excessive local
-message submission rate or perhaps excessive CPU consumption in
-the cleanup(8) service due to excessive body_checks. </p>
+<p> Congestion in this queue is indicative of an excessive local message
+submission rate or perhaps excessive CPU consumption in the cleanup(8)
+service due to excessive body_checks, or (Postfix ≥ 2.3) high latency
+milters. </p>
<p> Note, that once the active queue is full, the cleanup service
will attempt to slow down message injection by pausing $in_flow_delay
a consequence of congestion downstream, rather than a problem in
its own right. </p>
-<p> Note also, that one should not attempt to deliver large volumes
-of mail via the pickup(8) service. High volume sites must avoid
-using content filters that reinject scanned mail via Postfix
-sendmail(1) and postdrop(1). </p>
+<p> Note, you should not attempt to deliver large volumes of mail via
+the pickup(8) service. High volume sites should avoid using "simple"
+content filters that re-inject scanned mail via Postfix sendmail(1)
+and postdrop(1). </p>
<p> A high arrival rate of locally submitted mail may be an indication
of an uncaught forwarding loop, or a run-away notification program.
<p> The administrator can define "smtpd" access(5) policies, or
cleanup(8) header/body checks that cause messages to be automatically
diverted from normal processing and placed indefinitely in the
-"hold" queue. Messages placed in the "hold" queue stay there until
+"hold" queue. Messages placed in the "hold" queue stay there until
the administrator intervenes. No periodic delivery attempts are
made for messages in the "hold" queue. The postsuper(1) command
can be used to manually release messages into the "deferred" queue.
</p>
-<p> Messages can potentially stay in the "hold" queue for a time
-exceeding the normal maximal queue lifetime (after which undelivered
-messages are bounced back to the sender). If such "old" messages
-need to be released from the "hold" queue, they should typically
-be moved into the "maildrop" queue, so that the message gets a new
-timestamp and is given more than one opportunity to be delivered.
-Messages that are "young" can be moved directly into the "deferred"
-queue. </p>
+<p> Messages can potentially stay in the "hold" queue longer than
+$maximal_queue_lifetime. If such "old" messages need to be released from
+the "hold" queue, they should typically be moved into the "maildrop"
+queue using "postsuper -r", so that the message gets a new timestamp and
+is given more than one opportunity to be delivered. Messages that are
+"young" can be moved directly into the "deferred" queue using
+"postsuper -H". </p>
<p> The "hold" queue plays little role in Postfix performance, and
monitoring of the "hold" queue is typically more closely motivated
<p> The incoming queue grows when the message input rate spikes
above the rate at which the queue manager can import messages into
-the active queue. The main factor slowing down the queue manager
-is transport queries to the trivial-rewrite service. If the queue
+the active queue. The main factors slowing down the queue manager
+are disk I/O and lookup queries to the trivial-rewrite service. If the queue
manager is routinely not keeping up, consider not using "slow"
lookup services (MySQL, LDAP, ...) for transport lookups or speeding
-up the hosts that provide the lookup service. </p>
+up the hosts that provide the lookup service. If the problem is I/O
+starvation, consider striping the queue over more disks, faster controllers
+with a battery write cache, or other hardware improvements. At the very
+least, make sure that the queue directory is mounted with the "noatime"
+option if applicable to the underlying filesystem. </p>
<p> The in_flow_delay parameter is used to clamp the input rate
when the queue manager starts to fall behind. The cleanup(8) service
concurrency limit. </p>
<p> Multiple recipient groups (from one or more messages) are queued
-for delivery via the common transport/nexthop combination. The
-destination concurrency limit for the transports caps the number
+for delivery grouped by transport/nexthop combination. The
+<b>destination</b> concurrency limit for the transports caps the number
of simultaneous delivery attempts for each nexthop. Transports with
-a recipient concurrency limit of 1 are special: these are grouped
-by the actual recipient address rather than the nexthop, thereby
-enabling per-recipient concurrency limits rather than per-domain
+a <b>recipient</b> concurrency limit of 1 are special: these are grouped
+by the actual recipient address rather than the nexthop, yielding
+per-recipient concurrency limits rather than per-domain
concurrency limits. Per-recipient limits are appropriate when
performing final delivery to mailboxes rather than when relaying
to a remote server. </p>
<p> Congestion occurs in the active queue when one or more destinations
-drain slower than the corresponding message input rate. If a
-destination is down for some time, the queue manager will mark it
-dead, and immediately defer all mail for the destination without
+drain slower than the corresponding message input rate. </p>
+
+<p> Input into the active queue comes both from new mail in the "incoming"
+queue, and retries of mail in the "deferred" queue. Should the "deferred"
+queue get really large, retries of old mail can dominate the arrival
+rate of new mail. Systems with more CPU, faster disks and more network
+bandwidth can deal with larger deferred queues, but as a rule of thumb
+the deferred queue scales to somewhere between 100,000 and 1,000,000
+messages with good performance unlikely above that "limit". Systems with
+queues this large should typically stop accepting new mail, or put the
+backlog "on hold" until the underlying issue is fixed (provided that
+there is enough capacity to handle just the new mail). </p>
+
+<p> When a destination is down for some time, the queue manager will
+mark it dead, and immediately defer all mail for the destination without
trying to assign it to a delivery agent. In this case the messages
-will quickly leave the active queue and end up in the deferred
-queue. If the destination is instead simply slow, or there is a
-problem causing an excessive arrival rate the active queue will
-grow and will become dominated by mail to the congested destination.
-</p>
+will quickly leave the active queue and end up in the deferred queue
+(with Postfix < 2.4, this is done directly by the queue manager,
+with Postfix ≥ 2.4 this is done via the "retry" delivery agent). </p>
+
+<p> When the destination is instead simply slow, or there is a problem
+causing an excessive arrival rate the active queue will grow and will
+become dominated by mail to the congested destination. </p>
<p> The only way to reduce congestion is to either reduce the input
rate or increase the throughput. Increasing the throughput requires
is draining slowly and the system and network are not loaded, raise
the "smtp" and/or "relay" process limits! </p>
-<p> Especially for the "relay" transport, consider lower SMTP
-connection timeouts (1-5 seconds) and higher than default destination
-concurrency limits. Compute the expected latency when 1 out of N
-of the MX hosts for a high volume site is down and not responding,
-and make sure that the configured concurrency divided by this
-latency exceeds the required steady-state message rate. If the
-destination is managed by you, consider load balancers in front of
-groups of MX hosts. Load balancers have higher uptime and will be
-able to hide individual MX host failures. </p>
-
-<p> If necessary, dedicate and tune custom transports for high
-volume destinations. </p>
-
-<p> Another common cause of congestion is unwarranted flushing of
-the entire deferred queue. The deferred queue holds messages that
-are likely to fail to be delivered and are also likely to be slow
-to fail delivery (timeouts). This means that the most common reaction
-to a large deferred queue (flush it!) is more than likely counter-
-productive, and is likely to make the problem worse. Do not flush
-the deferred queue unless you expect that most of its content has
-recently become deliverable (e.g. relayhost back up after an outage)!
-</p>
+<p> When a high volume destination is served by multiple MX hosts with
+typically low delivery latency, performance can suffer dramatically when
+one of the MX hosts is unresponsive and SMTP connections to that host
+timeout. For example, if there are 2 equal weight MX hosts, the SMTP
+connection timeout is 30 seconds and one of the MX hosts is down, the
+average SMTP connection will take approximately 15 seconds to complete.
+With a default per-destination concurrency limit of 20 connections,
+throughput falls to just over 1 message per second. </p>
+
+<p> The best way to avoid bottlenecks when one or more MX hosts is
+non-responsive is to use connection caching. Connection caching was
+introduced with Postfix 2.2 and is by default enabled on demand for
+destinations with a backlog of mail in the active queue. When connection
+caching is in effect for a particular destination, established connections
+are re-used to send additional messages, this reduces the number of
+connections made per message delivery and maintains good throughput even
+in the face of partial unavailability of the destination's MX hosts. </p>
+
+<p> If connection caching is not available (Postfix < 2.2) or does
+not provide a sufficient latency reduction, especially for the "relay"
+transport used to forward mail to "your own" domains, consider setting
+lower than default SMTP connection timeouts (1-5 seconds) and higher
+than default destination concurrency limits. This will further reduce
+latency and provide more concurrency to maintain throughput should
+latency rise. </p>
+
+<p> Setting high concurrency limits to domains that are not your own may
+be viewed as hostile by the receiving system, and steps may be taken
+to prevent you from monopolizing the destination system's resources.
+The defensive measures may substantially reduce your throughput or block
+access entirely. Do not set aggressive concurrency limits to remote
+domains without coordinating with the administrators of the target
+domain. </p>
+
+<p> If necessary, dedicate and tune custom transports for selected high
+volume destinations. The "relay" transport is provided for forwarding mail
+to domains for which your server is a primary or backup MX host. These can
+make up a substantial fraction of your email traffic. Use the "relay" and
+not the "smtp" transport to send email to these domains. Using the "relay"
+transport allocates a separate delivery agent pool to these destinations
+and allows separate tuning of timeouts and concurrency limits. </p>
+
+<p> Another common cause of congestion is unwarranted flushing of the
+entire deferred queue. The deferred queue holds messages that are likely
+to fail to be delivered and are also likely to be slow to fail delivery
+(time out). As a result the most common reaction to a large deferred queue
+(flush it!) is more than likely counter-productive, and typically makes
+the congestion worse. Do not flush the deferred queue unless you expect
+that most of its content has recently become deliverable (e.g. relayhost
+back up after an outage)! </p>
<p> Note that whenever the queue manager is restarted, there may
already be messages in the active queue directory, but the "real"
the messages back and forth, redoing transport table (trivial-rewrite(8)
resolve service) lookups, and re-importing the messages back into
memory is expensive. At all costs, avoid frequent restarts of the
-queue manager. </p>
+queue manager (e.g. via frequent execution of "postfix reload"). </p>
<h3> <a name="deferred_queue"> The "deferred" queue </a> </h3>
might succeed later), the message is placed in the deferred queue.
</p>
-<p> The queue manager scans the deferred queue periodically. The
-scan interval is controlled by the queue_run_delay parameter.
-While a deferred queue scan is in progress, if an incoming queue
-scan is also in progress (ideally these are brief since the incoming
-queue should be short), the queue manager alternates between bringing
-a new "incoming" message and a new "deferred" message into the
-queue. This "round-robin" strategy prevents starvation of either
-the incoming or the deferred queues. </p>
+<p> The queue manager scans the deferred queue periodically. The scan
+interval is controlled by the queue_run_delay parameter. While a deferred
+queue scan is in progress, if an incoming queue scan is also in progress
+(ideally these are brief since the incoming queue should be short), the
+queue manager alternates between looking for messages in the "incoming"
+queue and in the "deferred" queue. This "round-robin" strategy prevents
+starvation of either the incoming or the deferred queues. </p>
<p> Each deferred queue scan only brings a fraction of the deferred
queue back into the active queue for a retry. This is because each
message in the deferred queue is assigned a "cool-off" time when
it is deferred. This is done by time-warping the modification
-times of the queue file into the future. The queue file is not
+time of the queue file into the future. The queue file is not
eligible for a retry if its modification time is not yet reached.
</p>
retried more often than old messages. </p>
<p> If a high volume site routinely has large deferred queues, it
-may be useful to adjust the queue_run_delay, minimal_backoff_time
-and maximal_backoff_time to provide short enough delays on first
-failure, with perhaps longer delays after multiple failures, to
-reduce the retransmission rate of old messages and thereby reduce
-the quantity of previously deferred mail in the active queue. </p>
+may be useful to adjust the queue_run_delay, minimal_backoff_time and
+maximal_backoff_time to provide short enough delays on first failure
+(Postfix ≥ 2.4 has a sensibly low minimal backoff time by default),
+with perhaps longer delays after multiple failures, to reduce the
+retransmission rate of old messages and thereby reduce the quantity
+of previously deferred mail in the active queue. If you want a really
+low minimal_backoff_time, you may also want to lower queue_run_delay,
+but understand that more frequent scans will increase the demand for
+disk I/O. </p>
<p> One common cause of large deferred queues is failure to validate
recipients at the SMTP input stage. Since spammers routinely launch
dictionary attacks from unrepliable sender addresses, the bounces
-for invalid recipient addresses clog the deferred queue (and at
-high volumes proportionally clog the active queue). Recipient
-validation is strongly recommended through use of the local_recipient_maps
-and relay_recipient_maps parameters. </p>
+for invalid recipient addresses clog the deferred queue (and at high
+volumes proportionally clog the active queue). Recipient validation
+is strongly recommended through use of the local_recipient_maps and
+relay_recipient_maps parameters. Even when bounces drain quickly they
+inundate innocent victims of forgery with unwanted email. To avoid
+this, do not accept mail for invalid recipients. </p>
<p> When a host with lots of deferred mail is down for some time,
it is possible for the entire deferred queue to reach its retry
time simultaneously. This can lead to a very full active queue once
the host comes back up. The phenomenon can repeat approximately
every maximal_backoff_time seconds if the messages are again deferred
-after a brief burst of congestion. Ideally, in the future Postfix
+after a brief burst of congestion. Perhaps, a future Postfix release
will add a random offset to the retry time (or use a combination
-of strategies) to reduce the chances of repeated complete deferred
+of strategies) to reduce the odds of repeated complete deferred
queue flushes. </p>
<h2><a name="credits">Credits</a></h2>
<h2><a name="build_sasl">Building the Cyrus SASL library</a></h2>
-<p> Postfix appears to work with cyrus-sasl-1.5.5 or cyrus-sasl-2.1.1,
+<p> Postfix appears to work with cyrus-sasl-1.5.x or cyrus-sasl-2.1.x,
which are available from: </p>
<blockquote>
<p> IMPORTANT: if you install the Cyrus SASL libraries as per the
default, you will have to symlink /usr/lib/sasl -> /usr/local/lib/sasl
-for version 1.5.5 or /usr/lib/sasl2 -> /usr/local/lib/sasl2 for
-version 2.1.1. </p>
+for version 1.5.x or /usr/lib/sasl2 -> /usr/local/lib/sasl2 for
+version 2.1.x. </p>
-<p> Reportedly, Microsoft Internet Explorer version 5 requires the
-non-standard SASL LOGIN authentication method. To enable this
+<p> Reportedly, Microsoft Outlook (Express) requires the
+non-standard LOGIN authentication method. To enable this
authentication method, specify ``./configure --enable-login''. </p>
<h2><a name="build_postfix">Building Postfix with Cyrus SASL support</a></h2>
<dl>
-<dt> (for Cyrus SASL version 1.5.5):
+<dt> (for Cyrus SASL version 1.5.x):
<dd>
<pre>
% make tidy # if you have left-over files from a previous build
-I/usr/local/include" AUXLIBS="-L/usr/local/lib -lsasl"
</pre>
-<dt> (for Cyrus SASL version 2.1.1):
+<dt> (for Cyrus SASL version 2.1.x):
<dd>
<pre>
% make tidy # if you have left-over files from a previous build
<dl>
-<dt> (for Cyrus SASL version 1.5.5):
+<dt> (for Cyrus SASL version 1.5.x):
<dd>
<pre>
% make tidy # if you have left-over files from a previous build
-R/usr/local/lib -lsasl"
</pre>
-<dt> (for Cyrus SASL version 2.1.1):
+<dt> (for Cyrus SASL version 2.1.x):
<dd>
<pre>
% make tidy # if you have left-over files from a previous build
<p> Older Microsoft SMTP client software implements a non-standard
version of the AUTH protocol syntax, and expects that the SMTP
-server replies to EHLO with "250 AUTH=stuff" instead of "250 AUTH
-stuff". To accommodate such clients (in addition to conformant
+server replies to EHLO with "250 AUTH=mechanism-list" instead of
+"250 AUTH mechanism-list". To accommodate such clients (in addition
+to conformant
clients) use the following: </p>
<blockquote>
<h2><a name="server_cyrus">Cyrus SASL configuration for the Postfix
SMTP server</a></h2>
-<p> In /usr/local/lib/sasl/smtpd.conf (Cyrus SASL version 1.5.5) or
-/usr/local/lib/sasl2/smtpd.conf (Cyrus SASL version 2.1.1) you need to
-specify how the server should validate client passwords. </p>
+<p> You need to configure how the Cyrus SASL library should
+authenticate a client's username and password. These settings must
+be stored in a separate configuration file. </p>
+
+<p> The name of the configuration file (default: smtpd.conf) will
+be constructed from a value sent by Postfix to the Cyrus SASL
+library, which adds the suffix .conf. The value is configured using
+one of the following variables: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/main.cf:
+ # Postfix 2.3 and later
+ smtpd_sasl_path = smtpd
+ # Postfix < 2.3
+ smtpd_sasl_application_name = smtpd
+</pre>
+</blockquote>
+
+<p> Cyrus SASL searches for the configuration file in /usr/local/lib/sasl/
+(Cyrus SASL version 1.5.5) or /usr/local/lib/sasl2/ (Cyrus SASL
+version 2.1.x). </p>
<p> Note: some Postfix distributions are modified and look for
-the smtpd.conf file in /etc/postfix. </p>
+the smtpd.conf file in /etc/postfix/sasl. </p>
<p> Note: some Cyrus SASL distributions look for the smtpd.conf
file in /etc/sasl2. </p>
<ul>
-<li> <p> To authenticate against the UNIX password database, try: </p>
+<li> <p> To authenticate against the UNIX password database, use: </p>
<dl>
-<dt> (Cyrus SASL version 1.5.5)
+<dt> (Cyrus SASL version 1.5.x)
<dd>
<pre>
/usr/local/lib/sasl/smtpd.conf:
</pre>
-<dt> (Cyrus SASL version 2.1.1)
-<dd>
-<pre>
-/usr/local/lib/sasl2/smtpd.conf:
- pwcheck_method: pwcheck
-</pre>
-
-</dl>
-
-<p> The name of the file in /usr/local/lib/sasl (Cyrus SASL version
-1.5.5) or /usr/local/lib/sasl2 (Cyrus SASL version 2.1.1) used by
-the SASL
-library for configuration can be set with: </p>
-
-<blockquote>
-<pre>
-/etc/postfix/main.cf:
- smtpd_sasl_application_name = smtpd (Postfix < 2.3)
- smtpd_sasl_path = smtpd (Postfix 2.3 and later)
-</pre>
-</blockquote>
+<p> IMPORTANT: pwcheck establishes a UNIX domain socket in /var/pwcheck
+and waits for authentication requests. Postfix processes must have
+read+execute permission to this directory or authentication attempts
+will fail. </p>
<p> The pwcheck daemon is contained in the cyrus-sasl source tarball. </p>
-<p> IMPORTANT: postfix processes need to have group read+execute
-permission for the /var/pwcheck directory, otherwise authentication
-attempts will fail. </p>
-
-<li> <p> Alternately, in Cyrus SASL 1.5.26 and later (including
-2.1.1), try: </p>
-
-<dl>
-
<dt> (Cyrus SASL version 1.5.26)
<dd>
<pre>
pwcheck_method: saslauthd
</pre>
-<dt> (Cyrus SASL version 2.1.1)
+<dt> (Cyrus SASL version 2.1.x)
<dd>
<pre>
/usr/local/lib/sasl2/smtpd.conf:
pwcheck_method: saslauthd
+ mech_list: PLAIN LOGIN
</pre>
</dl>
can authenticate against PAM and various other sources. To use PAM,
start saslauthd with "-a pam". </p>
+<p> IMPORTANT: saslauthd usually establishes a UNIX domain socket
+in /var/run/saslauthd and waits for authentication requests. Postfix
+processes must have read+execute permission to this directory or
+authentication attempts will fail. </p>
+
+<p> Note: The directory where saslauthd puts the socket is configurable.
+See the command-line option "-m /path/to/socket" in the saslauthd
+--help listing. </p>
+
<li> <p> To authenticate against Cyrus SASL's own password database: </p>
<dl>
-<dt> (Cyrus SASL version 1.5.5)
+<dt> (Cyrus SASL version 1.5.x)
<dd>
<pre>
/usr/local/lib/sasl/smtpd.conf:
- pwcheck_method: sasldb
+ pwcheck_method: sasldb
</pre>
-<dt> (Cyrus SASL version 2.1.1)
+<dt> (Cyrus SASL version 2.1.x)
<dd>
<pre>
/usr/local/lib/sasl2/smtpd.conf:
- pwcheck_method: auxprop
+ pwcheck_method: auxprop
+ auxprop_plugin: sasldb
+ mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
</pre>
</dl>
<p> This will use the Cyrus SASL password file (default: /etc/sasldb in
-version 1.5.5, or /etc/sasldb2 in version 2.1.1), which is maintained
+version 1.5.x, or /etc/sasldb2 in version 2.1.x), which is maintained
with the saslpasswd or saslpasswd2 command (part of the Cyrus SASL
software). On some poorly-supported systems the saslpasswd command needs
to be run multiple times before it stops complaining. The Postfix SMTP
<p> EXAMPLE: </p>
<dl>
-<dt> (Cyrus SASL version 1.5.5)
+<dt> (Cyrus SASL version 1.5.x)
<dd>
<pre>
% saslpasswd -c -u `postconf -h myhostname` exampleuser
</pre>
-<dt> (Cyrus SASL version 2.1.1)
+<dt> (Cyrus SASL version 2.1.x)
<dd>
<pre>
% saslpasswd2 -c -u `postconf -h myhostname` exampleuser
</dl>
<p> You can find out SASL's idea about the realms of the users
-in sasldb with <i>sasldblistusers</i> (Cyrus SASL version 1.5.5) or
-<i>sasldblistusers2</i> (Cyrus SASL version 2.1.1). </p>
+in sasldb with <i>sasldblistusers</i> (Cyrus SASL version 1.5.x) or
+<i>sasldblistusers2</i> (Cyrus SASL version 2.1.x). </p>
<p> On the Postfix side, you can have only one realm per smtpd
instance, and only the users belonging to that realm would be able to
</ul>
-<p> IMPORTANT: all users must be able to authenticate using ALL
-authentication mechanisms advertised by Postfix, otherwise the
-negotiation might end up with an unsupported mechanism, and
-authentication would fail. For example if you configure SASL to
-use <i>saslauthd</i> for authentication against PAM (pluggable
-authentication modules), only the PLAIN and LOGIN mechanisms are
-supported and stand a chance to succeed, yet the SASL library would also
-advertise other mechanisms, such as DIGEST-MD5. This happens because
-those mechanisms are made available by other plugins, and the SASL
-library have no way to know that your only valid authentication source
-is PAM. Thus you might need to limit the list of mechanisms advertised
-by Postfix. </p>
+<p> IMPORTANT: The Cyrus SASL password verification services pwcheck
+and saslauthd can only support the plaintext mechanisms PLAIN or
+LOGIN. However, the Cyrus SASL library doesn't know this, and will
+happily advertise other authentication mechanisms that the SASL
+library implements, such as DIGEST-MD5. As a result, if an SMTP
+client chooses any mechanism other than PLAIN or LOGIN while pwcheck
+or saslauthd are used, authentication will fail. Thus you may need
+to limit the list of mechanisms advertised by Postfix. </p>
<ul>
library files from the SASL plug-in directory (and again whenever
the system is updated). </p>
-<li> <p> With Cyrus SASL version 2.1.1 or later: </p>
+<li> <p> With Cyrus SASL version 2.1.x or later the mech_list variable
+can specify a list of authentication mechanisms that Cyrus SASL may
+offer: </p>
<blockquote>
<pre>
<ul>
-<li> <p> With Cyrus SASL version 1.5.5 your only choice is to
+<li> <p> With Cyrus SASL version 1.5.x your only choice is to
delete the corresponding library files from the SASL plug-in
directory. </p>
-<li> <p> With SASL version 2.1.1: </p>
+<li> <p> With SASL version 2.1.x: </p>
<blockquote>
<pre>
/usr/local/lib/sasl2/smtpd.conf:
- pwcheck_method: auxprop
- auxprop_plugin: sql
+ pwcheck_method: auxprop
+ auxprop_plugin: sql
</pre>
</blockquote>
<h2><a name="debugging">Trouble shooting the SASL internals</a></h2>
<p> In the Cyrus SASL sources you'll find a subdirectory named
-"sample". Run make there, "su" to the user <i>postfix</i> (or
-whatever your <i>mail_owner</i> directive is set to):
+"sample". Run make there, then create a symbolic link from sample.conf
+to smtpd.conf in your Cyrus SASL library directory /usr/local/lib/sasl2.
+"su" to the user <i>postfix</i> (or whatever your <i>mail_owner</i>
+directive is set to): </p>
<blockquote>
<pre>
</blockquote>
<p> then run the resulting sample server and client in separate
-terminals. Strace / ktrace / truss the server to see what makes
-it unhappy, and fix the problem. Repeat the previous step until
-you can successfully authenticate with the sample client. Only
-then get back to Postfix. </p>
+terminals. The sample applications send log messages to the syslog
+facility auth. Check the log to fix the problem or run strace /
+ktrace / truss on the server to see what makes it unhappy. Repeat
+the previous step until you can successfully authenticate with the
+sample client. Only then get back to Postfix. </p>
<h2><a name="client_sasl">Enabling SASL authentication in the
Postfix SMTP client</a></h2>
</pre>
</blockquote>
+<p> The Postfix SASL client password file is opened before the SMTP
+server enters the optional chroot jail, so you can keep the file
+in /etc/postfix and set permissions read / write only for root to
+keep the username:password combinations away from other system
+users. </p>
+
<p> Postfix version 2.3 supports-per-sender SASL password
information. To search the Postfix SASL password by sender
before it searches by destination, specify: </p>
</pre>
</blockquote>
-<p> The Postfix SASL client password file is opened before the SMTP server
-enters the optional chroot jail, so you can keep the file in
-/etc/postfix. </p>
-
<p> Note: Some SMTP servers support authentication mechanisms that,
although available on the client system, may not in practice work or
possess the appropriate credentials to authenticate to the server. It
</blockquote>
<p> In the above example, Postfix will decline to use mechanisms
-that require special infrastructure such as Kerberos. </p>
+that require special infrastructure such as Kerberos or TLS. </p>
<p> The Postfix SMTP client is backwards compatible with SMTP
servers that use the non-standard "AUTH=method..." syntax in response
<li> The Dovecot SMTP server-only plug-in was originally implemented by
Timo Sirainen of Procontrol, Finland.
+<li> Patrick Ben Koetter revised this document for Postfix 2.4 and
+made much needed updates.
+
</ul>
</body>
<p> With this policy delegation mechanism, a simple <a href="#greylist">
greylist </a> policy can be implemented with only a dozen lines of
-Perl, as is shown at the end of this document. Another example of
-policy delegation is the SPF policy server by Meng Wong at
-http://spf.pobox.com/. Examples of both policies can be found in
-the Postfix source code, in the directory examples/smtpd-policy.
-</p>
+Perl, as is shown at the end of this document. A complete example
+can be found in the Postfix source code, in the directory
+examples/smtpd-policy. </p>
+
+<p> Another example of policy delegation is the SPF policy server
+at http://www.openspf.org/Software. </p>
<p> Policy delegation is now the preferred method for adding policies
to Postfix. It's much easier to develop a new feature in few lines
<pre>
/etc/postfix/main.cf:
smtp_tls_dcert_file = /etc/postfix/client-dsa.pem
- smtp_tls_dkey_file = $smtpd_tls_cert_file
+ smtp_tls_dkey_file = $smtp_tls_dcert_file
</pre>
</blockquote>
is needed. Thus, the $smtp_tls_CApath directory needs to be accessible
inside the optional chroot jail. </p>
-<p> The choice between $smtp_tls_CAfile and $smtpd_tls_CApath is
+<p> The choice between $smtp_tls_CAfile and $smtp_tls_CApath is
a space/time tradeoff. If there are many trusted CAs, the cost of
preloading them all into memory may not pay off in reduced access time
when the certificate is needed. </p>
<pre>
/etc/postfix/main.cf:
smtp_tls_dcert_file = /etc/postfix/client-dsa.pem
- smtp_tls_dkey_file = $smtpd_tls_cert_file
+ smtp_tls_dkey_file = $smtp_tls_dcert_file
</pre>
</blockquote>
is needed. Thus, the $smtp_tls_CApath directory needs to be accessible
inside the optional chroot jail. </p>
-<p> The choice between $smtp_tls_CAfile and $smtpd_tls_CApath is
+<p> The choice between $smtp_tls_CAfile and $smtp_tls_CApath is
a space/time tradeoff. If there are many trusted CAs, the cost of
preloading them all into memory may not pay off in reduced access time
when the certificate is needed. </p>
<h2><a name="conn_limit">Measures against clients that make too many connections</a></h2>
-<p> Note: this feature is not included with Postfix version 2.1. </p>
+<p> Note: the anvil(8) service was introduced with Postfix version
+2.2. </p>
<p> The Postfix smtpd(8) server can limit the number of simultaneous
connections from the same SMTP client, as well as the number of
<li> <p> Lines 4, 7-13: The virtual_mailbox_maps parameter specifies
the lookup table with all valid recipient addresses. The lookup
-result is ignored by Postfix. In the above example, info@example.com
-and sales@example.com are listed as valid addresses, and mail for
-anything else is rejected with "User unknown". If you intend to
+result value is ignored by Postfix. In the above example,
+info@example.com
+and sales@example.com are listed as valid addresses; other mail for
+example.com is rejected with "User unknown" by the Postfix SMTP
+server. It's left up to the non-Postfix delivery agent to reject
+non-existent recipients from local submission or from local alias
+expansion. If you intend to
use LDAP, MySQL or PgSQL instead of local files, be sure to review
the <a href="#local_vs_database"> "local files versus databases"</a>
section at the top of this document! </p>
# NAME
# access 5
# SUMMARY
-# Postfix access table format
+# Postfix SMTP server access table
# SYNOPSIS
# \fBpostmap /etc/postfix/access\fR
#
#
# \fBpostmap -q - /etc/postfix/access <\fIinputfile\fR
# DESCRIPTION
-# The optional \fBaccess\fR(5) table directs the Postfix SMTP server
-# to selectively reject or accept mail. Access can be allowed or
-# denied for specific host names, domain names, networks, host
-# addresses or mail addresses.
-#
-# For an example, see the EXAMPLE section at the end of this
-# manual page.
+# The Postfix SMTP server supports access control on remote
+# SMTP client information: host names, network addresses, and
+# envelope sender
+# or recipient addresses. See \fBheader_checks\fR(5) or
+# \fBbody_checks\fR(5) for access control on the content of
+# email messages.
#
# Normally, the \fBaccess\fR(5) table is specified as a text file
# that serves as input to the \fBpostmap\fR(1) command.
# The result, an indexed file in \fBdbm\fR or \fBdb\fR format,
-# is used for fast searching by the mail system. Execute the command
-# "\fBpostmap /etc/postfix/access\fR" in order to rebuild the indexed
-# file after changing the access table.
+# is used for fast searching by the mail system. Execute the
+# command "\fBpostmap /etc/postfix/access\fR" to rebuild an
+# indexed file after changing the corresponding text file.
#
# When the table is provided via other means such as NIS, LDAP
# or SQL, the same lookups are done as for ordinary indexed files.
#
# Alternatively, the table can be provided as a regular-expression
# map where patterns are given as regular expressions, or lookups
-# can be directed to TCP-based server. In that case, the lookups are
-# done in a slightly different way as described below under
-# "REGULAR EXPRESSION TABLES" and "TCP-BASED TABLES".
+# can be directed to TCP-based server. In those cases, the lookups
+# are done in a slightly different way as described below under
+# "REGULAR EXPRESSION TABLES" or "TCP-BASED TABLES".
# CASE FOLDING
# .ad
# .fi
# specified, otherwise reply with a generic error response message.
# .IP "\fBDEFER_IF_REJECT \fIoptional text...\fR
# Defer the request if some later restriction would result in a
-# REJECT action. Reply with "\fB450\fI optional text...\fR when the
+# REJECT action. Reply with "\fB450 4.7.1 \fI optional
+# text...\fR when the
# optional text is specified, otherwise reply with a generic error
# response message.
# .sp
# .IP "\fBDEFER_IF_PERMIT \fIoptional text...\fR
# Defer the request if some later restriction would result in a
# an explicit or implicit PERMIT action.
-# Reply with "\fB450\fI optional text...\fR when the
+# Reply with "\fB450 4.7.1 \fI optional text...\fR when the
# optional text is specified, otherwise reply with a generic error
# response message.
# .sp
# .sp
# Note: use "\fBpostsuper -r\fR" to release mail that was kept on
# hold for a significant fraction of \fB$maximal_queue_lifetime\fR
-# or \fB$bounce_queue_lifetime\fR, or longer.
+# or \fB$bounce_queue_lifetime\fR, or longer. Use "\fBpostsuper -H\fR"
+# only for mail that will not expire within a few delivery attempts.
# .sp
# Note: this action currently affects all recipients of the message.
# .sp
# This feature is available in Postfix 2.0 and later.
# .IP "\fBPREPEND \fIheadername: headervalue\fR"
# Prepend the specified message header to the message.
-# When this action is used multiple times, the first prepended
-# header appears before the second etc. prepended header.
-# .sp
-# Note: this action does not support multi-line message headers.
+# When more than one PREPEND action executes, the first
+# prepended header appears before the second etc. prepended
+# header.
# .sp
-# Note: this action must be used before the message content
-# is received; it cannot be used in \fBsmtpd_end_of_data_restrictions\fR.
+# Note: this action must execute before the message content
+# is received; it cannot execute in the context of
+# \fBsmtpd_end_of_data_restrictions\fR.
# .sp
# This feature is available in Postfix 2.1 and later.
# .IP "\fBREDIRECT \fIuser@domain\fR"
# This section describes how the table lookups change when lookups
# are directed to a TCP-based server. For a description of the TCP
# client/server lookup protocol, see \fBtcp_table\fR(5).
-# This feature is not available up to and including Postfix version 2.3.
+# This feature is not available up to and including Postfix version 2.4.
#
# Each lookup operation uses the entire query string once.
# Depending on the application, that string is an entire client
# When the command fails, a limited amount of command output is
# mailed back to the sender. The file \fB/usr/include/sysexits.h\fR
# defines the expected exit status codes. For example, use
-# \fB|"exit 67"\fR to simulate a "user unknown" error, and
-# \fB|"exit 0"\fR to implement an expensive black hole.
+# \fB"|exit 67"\fR to simulate a "user unknown" error, and
+# \fB"|exit 0"\fR to implement an expensive black hole.
# .IP \fB:include:\fI/file/name\fR
# Mail is sent to the destinations listed in the named file.
# Lines in \fB:include:\fR files have the same syntax
# GENERAL PROCEDURE
# .ad
# .fi
-# To create customized bounce template file, create a temporary
+# To create a customized bounce template file, create a
+# temporary
# copy of the file \fB/etc/postfix/bounce.cf.default\fR and
# edit the temporary file.
#
# that serves as input to the \fBpostmap\fR(1) command.
# The result, an indexed file in \fBdbm\fR or \fBdb\fR format,
# is used for fast searching by the mail system. Execute the command
-# "\fBpostmap /etc/postfix/canonical\fR" in order to rebuild the indexed
-# file after changing the text file.
+# "\fBpostmap /etc/postfix/canonical\fR" to rebuild an indexed
+# file after changing the corresponding text file.
#
# When the table is provided via other means such as NIS, LDAP
# or SQL, the same lookups are done as for ordinary indexed files.
#
# Alternatively, the table can be provided as a regular-expression
# map where patterns are given as regular expressions, or lookups
-# can be directed to TCP-based server. In that case, the lookups are
-# done in a slightly different way as described below under
-# "REGULAR EXPRESSION TABLES" and "TCP-BASED TABLES".
+# can be directed to TCP-based server. In those cases, the lookups
+# are done in a slightly different way as described below under
+# "REGULAR EXPRESSION TABLES" or "TCP-BASED TABLES".
#
# By default the \fBcanonical\fR(5) mapping affects both message
# header addresses (i.e. addresses that appear inside messages)
# by legacy mail systems.
#
# The \fBcanonical\fR(5) mapping is not to be confused with \fIvirtual
-# domain\fR support. Use the \fBvirtual\fR(5) map for that purpose.
-#
-# The \fBcanonical\fR(5) mapping is not to be confused with local aliasing.
-# Use the \fBaliases\fR(5) map for that purpose.
+# alias\fR support or with local aliasing. To change the destination
+# but not the headers, use the \fBvirtual\fR(5) or \fBaliases\fR(5)
+# map instead.
# CASE FOLDING
# .ad
# .fi
# .IP "@\fIdomain address\fR"
# Replace other addresses in \fIdomain\fR by \fIaddress\fR.
# This form has the lowest precedence.
+# .sp
+# Note: @\fIdomain\fR is a wild-card. When this form is applied
+# to recipient addresses, the Postfix SMTP server accepts
+# mail for any recipient in \fIdomain\fR, regardless of whether
+# that recipient exists. This may turn your mail system into
+# a backscatter source that returns undeliverable spam to
+# innocent people.
# RESULT ADDRESS REWRITING
# .ad
# .fi
# This section describes how the table lookups change when lookups
# are directed to a TCP-based server. For a description of the TCP
# client/server lookup protocol, see \fBtcp_table\fR(5).
-# This feature is not available up to and including Postfix version 2.3.
+# This feature is not available up to and including Postfix version 2.4.
#
# Each lookup operation uses the entire address once. Thus,
# \fIuser@domain\fR mail addresses are not broken up into their
# The Postfix mail system uses optional lookup tables.
# These tables are usually in \fBdbm\fR or \fBdb\fR format.
# Alternatively, lookup tables can be specified in CIDR
-# (Classless Inter-Domain Routing) form.
+# (Classless Inter-Domain Routing) form. In this case, each
+# input is compared against a list of patterns. When a match
+# is found, the corresponding result is returned and the search
+# is terminated.
#
# To find out what types of lookup tables your Postfix system
# supports use the "\fBpostconf -m\fR" command.
# AUTHOR(S)
# The CIDR table lookup code was originally written by:
# Jozsef Kadlecsik
-# kadlec@blackhole.kfki.hu
# KFKI Research Institute for Particle and Nuclear Physics
# POB. 49
# 1525 Budapest, Hungary
# command. The result, an indexed file in \fBdbm\fR or
# \fBdb\fR format, is used for fast searching by the mail
# system. Execute the command "\fBpostmap /etc/postfix/generic\fR"
-# in order to rebuild the indexed file after changing the
+# to rebuild an indexed file after changing the corresponding
# text file.
#
# When the table is provided via other means such as NIS, LDAP
#
# Alternatively, the table can be provided as a regular-expression
# map where patterns are given as regular expressions, or lookups
-# can be directed to TCP-based server. In that case, the lookups are
-# done in a slightly different way as described below under
-# "REGULAR EXPRESSION TABLES" and "TCP-BASED TABLES".
+# can be directed to TCP-based server. In those case, the lookups
+# are done in a slightly different way as described below under
+# "REGULAR EXPRESSION TABLES" or "TCP-BASED TABLES".
# CASE FOLDING
# .ad
# .fi
# This section describes how the table lookups change when lookups
# are directed to a TCP-based server. For a description of the TCP
# client/server lookup protocol, see \fBtcp_table\fR(5).
-# This feature is not available up to and including Postfix version 2.3.
+# This feature is not available up to and including Postfix version 2.4.
#
# Each lookup operation uses the entire address once. Thus,
# \fIuser@domain\fR mail addresses are not broken up into their
# .br
# \fBpostmap -fq - pcre:/etc/postfix/\fIfilename\fR <\fIinputfile\fR
# DESCRIPTION
-# Postfix provides a simple built-in content inspection mechanism that
-# examines incoming mail one message header or one message body line
-# at a time. Each input is compared against a list of patterns, and
-# when a match is found the corresponding action is executed.
-# This feature is implemented by the Postfix \fBcleanup\fR(8) server.
+# The Postfix \fBcleanup\fR(8) server supports access control
+# on the content of message headers and message body lines.
+# See \fBaccess\fR(5) for access control on remote SMTP client
+# information.
+#
+# Each message header or message body line is compared against
+# a list of patterns.
+# When a match is found the corresponding action is executed, and
+# the matching process is repeated for the next message header or
+# message body line.
#
# For examples, see the EXAMPLES section at the end of this
# manual page.
# .sp
# Note: use "\fBpostsuper -r\fR" to release mail that was kept on
# hold for a significant fraction of \fB$maximal_queue_lifetime\fR
-# or \fB$bounce_queue_lifetime\fR, or longer.
+# or \fB$bounce_queue_lifetime\fR, or longer. Use "\fBpostsuper -H\fR"
+# only for mail that will not expire within a few delivery attempts.
# .sp
# Note: this action affects all recipients of the message.
# .sp
#
# In order to use LDAP lookups, define an LDAP source as a lookup
# table in main.cf, for example:
+#
# .ti +4
# alias_maps = ldap:/etc/postfix/ldap-aliases.cf
#
# return the key itself.
#
# For example, NEVER do this in a map defining $mydestination:
+#
# .in +4
# query_filter = domain=*
# .br
# .in -4
#
# Do this instead:
+#
# .in +4
# query_filter = domain=%s
# .br
# strings.
# .IP "\fBserver_host (default: localhost)\fR"
# The name of the host running the LDAP server, e.g.
+#
# .ti +4
# server_host = ldap.example.com
#
# trying them in order should the first one fail. It should also
# be possible to give each server in the list a different port
# (overriding \fBserver_port\fR below), by naming them like
+#
# .ti +4
# server_host = ldap.example.com:1444
#
# With OpenLDAP, a (list of) LDAP URLs can be used to specify both
# the hostname(s) and the port(s):
+#
# .ti +4
# server_host = ldap://ldap.example.com:1444
# .ti +8
# including connections over UNIX domain sockets, and LDAP SSL
# (the last one provided that OpenLDAP was compiled with support
# for SSL):
+#
# .ti +4
# server_host = ldapi://%2Fsome%2Fpath
# .ti +8
# ldaps://ldap.example.com:636
# .IP "\fBserver_port (default: 389)\fR"
# The port the LDAP server listens on, e.g.
+#
# .ti +4
# server_port = 778
# .IP "\fBtimeout (default: 10 seconds)\fR"
# The number of seconds a search can take before timing out, e.g.
+#
# .ti +4
# timeout = 5
# .IP "\fBsearch_base (No default; you must configure this)\fR"
# The RFC2253 base DN at which to conduct the search, e.g.
+#
# .ti +4
# search_base = dc=your, dc=com
# .IP
# The RFC2254 filter used to search the directory, where \fB%s\fR
# is a substitute for the address Postfix is trying to resolve,
# e.g.
+#
# .ti +4
# query_filter = (&(mail=%s)(paid_up=true))
#
# are eligible for lookup: 'user' lookups, bare domain lookups
# and "@domain" lookups are not performed. This can significantly
# reduce the query load on the LDAP server.
+#
# .ti +4
# domain = postfix.org, hash:/etc/postfix/searchdomains
#
# The attribute(s) Postfix will read from any directory
# entries returned by the lookup, to be resolved to an email
# address.
+#
# .ti +4
# result_attribute = mailbox, maildrop
-# .IP "\fBspecial_result_attribute (No default)\fR"
+# .IP "\fBspecial_result_attribute (default: empty)\fR"
# The attribute(s) of directory entries that can contain DNs
# or URLs. If found, a recursive subsequent search is done
# using their values.
+#
# .ti +4
-# special_result_attribute = member
+# special_result_attribute = memberdn
#
# DN recursion retrieves the same result_attributes as the
# main query, including the special attributes for further
# listed in "result_attribute". If the URI lists any of the
# map's special result attributes, these are also retrieved
# and used recursively.
+# .IP "\fBterminal_result_attribute (default: empty)\fR"
+# When one or more terminal result attributes are found in an LDAP
+# entry, all other result attributes are ignored and only the terminal
+# result attributes are returned. This is useful for delegating expansion
+# of group members to a particular host, by using an optional "maildrop"
+# attribute on selected groups to route the group to a specific host,
+# where the group is expanded, possibly via mailing-list manager or
+# other special processing.
+#
+# .ti +4
+# terminal_result_attribute = maildrop
+#
+# This feature is available with Postfix 2.4 or later.
+# .IP "\fBleaf_result_attribute (default: empty)\fR"
+# When one or more special result attributes are found in a non-terminal
+# (see above) LDAP entry, leaf result attributes are excluded from the
+# expansion of that entry. This is useful when expanding groups and the
+# desired mail address attribute(s) of the member objects obtained via
+# DN or URI recursion are also present in the group object. To only
+# return the attribute values from the leaf objects and not the
+# containing group, add the attribute to the leaf_result_attribute list,
+# and not the result_attribute list, which is always expanded. Note,
+# the default value of "result_attribute" is not empty, you may want to
+# set it explicitly empty when using "leaf_result_attribute" to expand
+# the group to a list of member DN addresses. If groups have both
+# member DN references AND attributes that hold multiple string valued
+# rfc822 addresses, then the string attributes go in "result_attribute".
+# The attributes that represent the email addresses of objects
+# referenced via a DN (or LDAP URI) go in "leaf_result_attribute".
+#
+# .in +4
+# result_attribute = memberaddr
+# .br
+# special_result_attribute = memberdn
+# .br
+# terminal_result_attribute = maildrop
+# .br
+# leaf_result_attribute = mail
+# .in -4
+#
+# This feature is available with Postfix 2.4 or later.
# .IP "\fBscope (default: sub)\fR"
# The LDAP search scope: \fBsub\fR, \fBbase\fR, or \fBone\fR.
# These translate into LDAP_SCOPE_SUBTREE, LDAP_SCOPE_BASE,
# Whether or not to bind to the LDAP server. Newer LDAP
# implementations don't require clients to bind, which saves
# time. Example:
+#
# .ti +4
# bind = no
#
# the clear.
# .IP "\fBbind_dn (default: empty)\fR"
# If you do have to bind, do it with this distinguished name. Example:
+#
# .ti +4
# bind_dn = uid=postfix, dc=your, dc=com
# .IP "\fBbind_pw (default: empty)\fR"
# password. This is because main.cf needs to be world readable
# to allow local accounts to submit mail via the sendmail
# command. Example:
+#
# .ti +4
# bind_pw = postfixpw
# .IP "\fBcache (IGNORED with a warning)\fR"
#
# LDAP SSL service can be requested by using a LDAP SSL URL
# in the server_host parameter:
+#
# .ti +4
# server_host = ldaps://ldap.example.com:636
#
# STARTTLS can be turned on with the start_tls parameter:
+#
# .ti +4
# start_tls = yes
#
# Both forms require LDAP protocol version 3, which has to be set
# explicitly with:
+#
# .ti +4
# version = 3
#
# Here's a basic example for using LDAP to look up local(8)
# aliases.
# Assume that in main.cf, you have:
+#
# .ti +4
# alias_maps = hash:/etc/aliases,
# .ti +8
# ldap:/etc/postfix/ldap-aliases.cf
#
# and in ldap:/etc/postfix/ldap-aliases.cf you have:
+#
# .in +4
-# server_host = ldap.my.com
+# server_host = ldap.example.com
# .br
-# search_base = dc=my, dc=com
+# search_base = dc=example, dc=com
# .in -4
#
# Upon receiving mail for a local address "ldapuser" that
# isn't found in the /etc/aliases database, Postfix will
-# search the LDAP server listening at port 389 on ldap.my.com.
+# search the LDAP server listening at port 389 on ldap.example.com.
# It will bind anonymously, search for any directory entries
# whose mailacceptinggeneralid attribute is "ldapuser", read
# the "maildrop" attributes of those found, and build a list
#
# Alternatively, lookup tables can be specified in Perl Compatible
# Regular Expression form. In this case, each input is compared
-# against a list of patterns, and when a match is found the
-# corresponding result is returned.
+# against a list of patterns. When a match is found, the
+# corresponding result is returned and the search is terminated.
#
# To find out what types of lookup tables your Postfix system
# supports use the "\fBpostconf -m\fR" command.
%PARAM max_idle 100s
<p>
-The maximum amount of time that an idle Postfix daemon process
-waits for the next service request before exiting. This parameter
+The maximum amount of time that an idle Postfix daemon process waits
+for an incoming connection before terminating voluntarily. This
+parameter
is ignored by the Postfix queue manager and by other long-lived
Postfix daemon processes.
</p>
%PARAM max_use 100
<p>
-The maximal number of connection requests before a Postfix daemon
-process terminates. This parameter is ignored by the Postfix queue
+The maximal number of incoming connections that a Postfix daemon
+process will service before terminating voluntarily. This parameter
+is ignored by the Postfix queue
manager and by other long-lived Postfix daemon processes.
</p>
<p> Optional lookup tables with all valid addresses in the domains
that match $relay_domains. Specify @domain as a wild-card for
-domains that do not have a valid recipient list. Technically, tables
+domains that have no valid recipient list, and become a source of
+backscatter mail: Postfix accepts spam for non-existent recipients
+and then floods innocent people with undeliverable mail. Technically,
+tables
listed with $relay_recipient_maps are used as lists: Postfix needs
to know only if a lookup string is found or not, but it does not
use the result from table lookup. </p>
%PARAM smtpd_tls_cert_file
<p> File with the Postfix SMTP server RSA certificate in PEM format.
-This file may also contain the server private key. </p>
+This file may also contain the Postfix SMTP server private RSA key. </p>
<p> Public Internet MX hosts without certificates signed by a "reputable"
CA must generate, and be prepared to present to most clients, a
Create the server.pem file with "cat server_cert.pem intermediate_CA.pem
root_CA.pem > server.pem". </p>
-<p> If you want to accept certificates issued by these CAs yourself,
-you can also add the CA certificates to the smtpd_tls_CAfile, in
-which case it is not necessary to have them in the smtpd_tls_dcert_file
-or smtpd_tls_cert_file. </p>
+<p> If you also want to verify client certificates issued by these
+CAs, you can add the CA certificates to the smtpd_tls_CAfile, in which
+case it is not necessary to have them in the smtpd_tls_cert_file or
+smtpd_tls_dcert_file. </p>
-<p> A certificate supplied here must be usable as SSL server
-certificate and hence pass the "openssl verify -purpose sslserver
-..." test. </p>
+<p> A certificate supplied here must be usable as an SSL server certificate
+and hence pass the "openssl verify -purpose sslserver ..." test. </p>
<p> Example: </p>
%PARAM smtpd_tls_key_file $smtpd_tls_cert_file
<p> File with the Postfix SMTP server RSA private key in PEM format.
-This file may be combined with the server certificate file specified
+This file may be combined with the Postfix SMTP server certificate
+file specified
with $smtpd_tls_cert_file. </p>
-<p> The private key must not be encrypted. In other words, the key
-must be accessible without password. </p>
+<p> The private key must be accessible without a pass-phrase, i.e. it
+must not be encrypted, but file permissions should grant read/write
+access only to the system superuser account ("root"). </p>
%PARAM smtpd_tls_dcert_file
<p> File with the Postfix SMTP server DSA certificate in PEM format.
-This file may also contain the server private key. <p>
+This file may also contain the
Postfix SMTP server private key. <p>
<p> See the discussion under smtpd_tls_cert_file for more details.
</p>
%PARAM smtpd_tls_dkey_file $smtpd_tls_dcert_file
<p> File with the Postfix SMTP server DSA private key in PEM format.
-This file may be combined with the server certificate file specified
-with $smtpd_tls_dcert_file. </p>
+This file may be combined with the Postfix SMTP server DSA certificate
+file specified with $smtpd_tls_dcert_file. </p>
-<p> The private key must not be encrypted. In other words, the key
-must be accessible without password. </p>
+<p> The private key must be accessible without a pass-phrase, i.e. it
+must not be encrypted, but file permissions should grant read/write
+access only to the system superuser account ("root"). </p>
<p> This feature is available in Postfix 2.2 and later. </p>
%PARAM smtp_tls_cert_file
<p> File with the Postfix SMTP client RSA certificate in PEM format.
-This file may also contain the client private key, and these may
-be the same as the server certificate and key file. </p>
+This file may also contain the Postfix SMTP client private RSA key,
+and these may be the same as the Postfix SMTP server RSA certificate and key
+file. </p>
<p> Do not configure client certificates unless you <b>must</b> present
client TLS certificates to one or more servers. Client certificates are
<p> In order to verify certificates, the CA certificate (in case
of a certificate chain, all CA certificates) must be available.
-You should add these certificates to the server certificate, the
-server certificate first, then the issuing CA(s). </p>
+You should add these certificates to the client certificate, the
+client certificate first, then the issuing CA(s). </p>
<p> Example: the certificate for "client.dom.ain" was issued by
"intermediate CA" which itself has a certificate of "root CA".
Create the client.pem file with "cat client_cert.pem intermediate_CA.pem
root_CA.pem > client.pem". </p>
-<p> If you want to accept remote SMTP server certificates issued
-by these CAs yourself, you can also add the CA certificates to the
-smtp_tls_CAfile, in which case it is not necessary to have them in
-the smtp_tls_cert_file or smtp_tls_dcert_file. </p>
+<p> If you also want to verify remote SMTP server certificates issued by
+these CAs, you can also add the CA certificates to the smtp_tls_CAfile,
+in which case it is not necessary to have them in the smtp_tls_cert_file
+or smtp_tls_dcert_file. </p>
-<p> A certificate supplied here must be usable as SSL client certificate and
-hence pass the "openssl verify -purpose sslclient ..." test. </p>
+<p> A certificate supplied here must be usable as an SSL client certificate
+and hence pass the "openssl verify -purpose sslclient ..." test. </p>
<p> Example: </p>
%PARAM smtp_tls_key_file $smtp_tls_cert_file
<p> File with the Postfix SMTP client RSA private key in PEM format.
-This file may be combined with the client certificate file specified
-with $smtp_tls_cert_file. </p>
+This file may be combined with the Postfix SMTP client RSA certificate
+file specified with $smtp_tls_cert_file. </p>
-<p> The private key must not be encrypted. In other words, the key
-must be accessible without password. </p>
+<p> The private key must be accessible without a pass-phrase, i.e. it
+must not be encrypted, but file permissions should grant read/write
+access only to the system superuser account ("root"). </p>
<p> Example: </p>
%PARAM smtp_tls_dkey_file $smtp_tls_dcert_file
<p> File with the Postfix SMTP client DSA private key in PEM format.
-The private key must not be encrypted. In other words, the key must
-be accessible without password. </p>
+This file may be combined with the Postfix SMTP client DSA certificate
+file specified with $smtp_tls_dcert_file. </p>
-<p> This file may be combined with the server certificate file
-specified with $smtp_tls_cert_file. </p>
+<p> The private key must be accessible without a pass-phrase, i.e. it
+must not be encrypted, but file permissions should grant read/write
+access only to the system superuser account ("root"). </p>
<p> This feature is available in Postfix 2.2 and later. </p>
%PARAM smtp_tls_dcert_file
<p> File with the Postfix SMTP client DSA certificate in PEM format.
-This file may also contain the server private key. </p>
+This file may also contain the Postfix SMTP client private DSA key. </p>
<p> See the discussion under smtp_tls_cert_file for more details.
</p>
<ul>
-<li> a = time before the queue manager, including message transmission
+<li> a = time from message arrival to last active queue entry
-<li> b = time in queue manager
+<li> b = time from last active queue entry to connection setup
<li> c = time in connection setup, including DNS, EHLO and TLS
<p> This feature is available in Postfix 2.3 and later. </p>
-%PARAM lmtp_discard_lhlo_keywords $myhostname
+%PARAM lmtp_discard_lhlo_keywords
<p> A case insensitive list of LHLO keywords (pipelining, starttls,
auth, etc.) that the LMTP client will ignore in the LHLO response
#
# Alternatively, lookup tables can be specified in POSIX regular
# expression form. In this case, each input is compared against a
-# list of patterns, and when a match is found the corresponding
-# result is returned.
+# list of patterns. When a match is found, the corresponding
+# result is returned and the search is terminated.
#
# To find out what types of lookup tables your Postfix system
# supports use the "\fBpostconf -m\fR" command.
# that serves as input to the \fBpostmap\fR(1) command.
# The result, an indexed file in \fBdbm\fR or \fBdb\fR format,
# is used for fast searching by the mail system. Execute the command
-# "\fBpostmap /etc/postfix/relocated\fR" in order to rebuild the indexed
-# file after changing the relocated table.
+# "\fBpostmap /etc/postfix/relocated\fR" to rebuild an indexed
+# file after changing the corresponding relocated table.
#
# When the table is provided via other means such as NIS, LDAP
# or SQL, the same lookups are done as for ordinary indexed files.
#
# Alternatively, the table can be provided as a regular-expression
# map where patterns are given as regular expressions, or lookups
-# can be directed to TCP-based server. In that case, the lookups are
-# done in a slightly different way as described below under
-# "REGULAR EXPRESSION TABLES" and "TCP-BASED TABLES".
+# can be directed to TCP-based server. In those case, the lookups
+# are done in a slightly different way as described below under
+# "REGULAR EXPRESSION TABLES" or "TCP-BASED TABLES".
#
# Table lookups are case insensitive.
# CASE FOLDING
# expression lookup table syntax, see \fBregexp_table\fR(5) or
# \fBpcre_table\fR(5). For a description of the TCP client/server
# table lookup protocol, see \fBtcp_table\fR(5).
-# This feature is not available up to and including Postfix version 2.3.
+# This feature is not available up to and including Postfix version 2.4.
#
# Each pattern is a regular expression that is applied to the entire
# address being looked up. Thus, \fIuser@domain\fR mail addresses are not
# This section describes how the table lookups change when lookups
# are directed to a TCP-based server. For a description of the TCP
# client/server lookup protocol, see \fBtcp_table\fR(5).
-# This feature is not available up to and including Postfix version 2.3.
+# This feature is not available up to and including Postfix version 2.4.
#
# Each lookup operation uses the entire address once. Thus,
# \fIuser@domain\fR mail addresses are not broken up into their
# that serves as input to the \fBpostmap\fR(1) command.
# The result, an indexed file in \fBdbm\fR or \fBdb\fR format, is used
# for fast searching by the mail system. Execute the command
-# "\fBpostmap /etc/postfix/transport\fR" in order to rebuild the indexed
-# file after changing the transport table.
+# "\fBpostmap /etc/postfix/transport\fR" to rebuild an indexed
+# file after changing the corresponding transport table.
#
# When the table is provided via other means such as NIS, LDAP
# or SQL, the same lookups are done as for ordinary indexed files.
#
# Alternatively, the table can be provided as a regular-expression
# map where patterns are given as regular expressions, or lookups
-# can be directed to TCP-based server. In that case, the lookups are
-# done in a slightly different way as described below under
-# "REGULAR EXPRESSION TABLES" and "TCP-BASED TABLES".
+# can be directed to TCP-based server. In those case, the lookups
+# are done in a slightly different way as described below under
+# "REGULAR EXPRESSION TABLES" or "TCP-BASED TABLES".
# CASE FOLDING
# .ad
# .fi
# This section describes how the table lookups change when lookups
# are directed to a TCP-based server. For a description of the TCP
# client/server lookup protocol, see \fBtcp_table\fR(5).
-# This feature is not available up to and including Postfix version 2.3.
+# This feature is not available up to and including Postfix version 2.4.
#
# Each lookup operation uses the entire recipient address once. Thus,
# \fIsome.domain.hierarchy\fR is not looked up via its parent domains,
# "\fBpostconf html_directory\fR" to locate this information.
# .na
# .nf
+# ADDRESS_REWRITING_README, address rewriting guide
# DATABASE_README, Postfix lookup table overview
# FILTER_README, external content filter
# LICENSE
# that serves as input to the \fBpostmap\fR(1) command.
# The result, an indexed file in \fBdbm\fR or \fBdb\fR format,
# is used for fast searching by the mail system. Execute the command
-# "\fBpostmap /etc/postfix/virtual\fR" in order to rebuild the indexed
-# file after changing the text file.
+# "\fBpostmap /etc/postfix/virtual\fR" to rebuild an indexed
+# file after changing the corresponding text file.
#
# When the table is provided via other means such as NIS, LDAP
# or SQL, the same lookups are done as for ordinary indexed files.
#
# Alternatively, the table can be provided as a regular-expression
# map where patterns are given as regular expressions, or lookups
-# can be directed to TCP-based server. In that case, the lookups are
-# done in a slightly different way as described below under
-# "REGULAR EXPRESSION TABLES" and "TCP-BASED TABLES".
+# can be directed to TCP-based server. In those case, the lookups
+# are done in a slightly different way as described below under
+# "REGULAR EXPRESSION TABLES" or "TCP-BASED TABLES".
# CASE FOLDING
# .ad
# .fi
# .IP "@\fIdomain address, address, ...\fR"
# Redirect mail for other users in \fIdomain\fR to \fIaddress\fR.
# This form has the lowest precedence.
+# .sp
+# Note: @\fIdomain\fR is a wild-card. With this form, the
+# Postfix SMTP server accepts
+# mail for any recipient in \fIdomain\fR, regardless of whether
+# that recipient exists. This may turn your mail system into
+# a backscatter source that returns undeliverable spam to
+# innocent people.
# RESULT ADDRESS REWRITING
# .ad
# .fi
# This section describes how the table lookups change when lookups
# are directed to a TCP-based server. For a description of the TCP
# client/server lookup protocol, see \fBtcp_table\fR(5).
-# This feature is not available up to and including Postfix version 2.3.
+# This feature is not available up to and including Postfix version 2.4.
#
# Each lookup operation uses the entire address once. Thus,
# \fIuser@domain\fR mail addresses are not broken up into their
# "\fBpostconf html_directory\fR" to locate this information.
# .na
# .nf
-# DATABASE_README, Postfix lookup table overview
# ADDRESS_REWRITING_README, address rewriting guide
+# DATABASE_README, Postfix lookup table overview
# VIRTUAL_README, domain hosting guide
# LICENSE
# .ad
anvil.o: ../../include/mail_params.h
anvil.o: ../../include/mail_proto.h
anvil.o: ../../include/mail_server.h
+anvil.o: ../../include/mail_version.h
anvil.o: ../../include/msg.h
anvil.o: ../../include/mymalloc.h
anvil.o: ../../include/stringops.h
/* The time limit for sending or receiving information over an internal
/* communication channel.
/* .IP "\fBmax_idle (100s)\fR"
-/* The maximum amount of time that an idle Postfix daemon process
-/* waits for the next service request before exiting.
+/* The maximum amount of time that an idle Postfix daemon process waits
+/* for an incoming connection before terminating voluntarily.
/* .IP "\fBmax_use (100)\fR"
-/* The maximal number of connection requests before a Postfix daemon
-/* process terminates.
+/* The maximal number of incoming connections that a Postfix daemon
+/* process will service before terminating voluntarily.
/* .IP "\fBprocess_id (read-only)\fR"
/* The process ID of a Postfix command or daemon process.
/* .IP "\fBprocess_name (read-only)\fR"
#include <mail_conf.h>
#include <mail_params.h>
+#include <mail_version.h>
#include <mail_proto.h>
#include <anvil_clnt.h>
var_idle_limit = var_anvil_time_unit;
}
+MAIL_VERSION_STAMP_DECLARE;
+
/* main - pass control to the multi-threaded skeleton */
int main(int argc, char **argv)
0,
};
+ /*
+ * Fingerprint executables and core dumps.
+ */
+ MAIL_VERSION_STAMP_ALLOCATE;
+
multi_server_main(argc, argv, anvil_service,
MAIL_SERVER_TIME_TABLE, time_table,
MAIL_SERVER_POST_INIT, post_jail_init,
bounce.o: ../../include/mail_proto.h
bounce.o: ../../include/mail_queue.h
bounce.o: ../../include/mail_server.h
+bounce.o: ../../include/mail_version.h
bounce.o: ../../include/msg.h
bounce.o: ../../include/msg_stats.h
bounce.o: ../../include/rcpt_buf.h
bounce_notify_service.o: ../../include/dsn.h
bounce_notify_service.o: ../../include/dsn_buf.h
bounce_notify_service.o: ../../include/dsn_mask.h
+bounce_notify_service.o: ../../include/int_filt.h
bounce_notify_service.o: ../../include/mail_addr.h
bounce_notify_service.o: ../../include/mail_error.h
bounce_notify_service.o: ../../include/mail_params.h
bounce_notify_util.o: ../../include/dsn_buf.h
bounce_notify_util.o: ../../include/dsn_mask.h
bounce_notify_util.o: ../../include/events.h
+bounce_notify_util.o: ../../include/int_filt.h
bounce_notify_util.o: ../../include/iostuff.h
bounce_notify_util.o: ../../include/is_header.h
bounce_notify_util.o: ../../include/lex_822.h
bounce_notify_verp.o: ../../include/dsn.h
bounce_notify_verp.o: ../../include/dsn_buf.h
bounce_notify_verp.o: ../../include/dsn_mask.h
+bounce_notify_verp.o: ../../include/int_filt.h
bounce_notify_verp.o: ../../include/mail_addr.h
bounce_notify_verp.o: ../../include/mail_error.h
bounce_notify_verp.o: ../../include/mail_params.h
bounce_one_service.o: ../../include/dsn.h
bounce_one_service.o: ../../include/dsn_buf.h
bounce_one_service.o: ../../include/dsn_mask.h
+bounce_one_service.o: ../../include/int_filt.h
bounce_one_service.o: ../../include/mail_addr.h
bounce_one_service.o: ../../include/mail_error.h
bounce_one_service.o: ../../include/mail_params.h
bounce_trace_service.o: ../../include/dsn.h
bounce_trace_service.o: ../../include/dsn_buf.h
bounce_trace_service.o: ../../include/dsn_mask.h
+bounce_trace_service.o: ../../include/int_filt.h
bounce_trace_service.o: ../../include/mail_addr.h
bounce_trace_service.o: ../../include/mail_error.h
bounce_trace_service.o: ../../include/mail_params.h
bounce_warn_service.o: ../../include/dsn.h
bounce_warn_service.o: ../../include/dsn_buf.h
bounce_warn_service.o: ../../include/dsn_mask.h
+bounce_warn_service.o: ../../include/int_filt.h
bounce_warn_service.o: ../../include/mail_addr.h
bounce_warn_service.o: ../../include/mail_error.h
bounce_warn_service.o: ../../include/mail_params.h
/* The mail system name that is displayed in Received: headers, in
/* the SMTP greeting banner, and in bounced mail.
/* .IP "\fBmax_idle (100s)\fR"
-/* The maximum amount of time that an idle Postfix daemon process
-/* waits for the next service request before exiting.
+/* The maximum amount of time that an idle Postfix daemon process waits
+/* for an incoming connection before terminating voluntarily.
/* .IP "\fBmax_use (100)\fR"
-/* The maximal number of connection requests before a Postfix daemon
-/* process terminates.
+/* The maximal number of incoming connections that a Postfix daemon
+/* process will service before terminating voluntarily.
/* .IP "\fBnotify_classes (resource, software)\fR"
/* The list of error classes that are reported to the postmaster.
/* .IP "\fBprocess_id (read-only)\fR"
#include <mail_proto.h>
#include <mail_queue.h>
#include <mail_params.h>
+#include <mail_version.h>
#include <mail_conf.h>
#include <bounce.h>
#include <mail_addr.h>
/*
* Special case: dump bounce templates. This is not part of the master(5)
* public interface. This internal interface is used by the postconf
- * command. It was implemented before bounce templates were isolated
- * into modules that could have been called directly.
+ * command. It was implemented before bounce templates were isolated into
+ * modules that could have been called directly.
*/
if (strcmp(service_name, "dump_templates") == 0) {
bounce_templates_dump(VSTREAM_OUT, bounce_templates);
dsn_buf = dsb_create();
}
+MAIL_VERSION_STAMP_DECLARE;
+
/* main - the main program */
int main(int argc, char **argv)
0,
};
+ /*
+ * Fingerprint executables and core dumps.
+ */
+ MAIL_VERSION_STAMP_ALLOCATE;
+
/*
* Pass control to the single-threaded service skeleton.
*/
cleanup.o: ../../include/mail_proto.h
cleanup.o: ../../include/mail_server.h
cleanup.o: ../../include/mail_stream.h
+cleanup.o: ../../include/mail_version.h
cleanup.o: ../../include/maps.h
cleanup.o: ../../include/match_list.h
cleanup.o: ../../include/match_ops.h
/* The time limit for sending or receiving information over an internal
/* communication channel.
/* .IP "\fBmax_idle (100s)\fR"
-/* The maximum amount of time that an idle Postfix daemon process
-/* waits for the next service request before exiting.
+/* The maximum amount of time that an idle Postfix daemon process waits
+/* for an incoming connection before terminating voluntarily.
/* .IP "\fBmax_use (100)\fR"
-/* The maximal number of connection requests before a Postfix daemon
-/* process terminates.
+/* The maximal number of incoming connections that a Postfix daemon
+/* process will service before terminating voluntarily.
/* .IP "\fBmyhostname (see 'postconf -d' output)\fR"
/* The internet hostname of this mail system.
/* .IP "\fBmyorigin ($myhostname)\fR"
#include <mail_params.h>
#include <record.h>
#include <rec_type.h>
+#include <mail_version.h>
/* Single-threaded server skeleton. */
}
}
+MAIL_VERSION_STAMP_DECLARE;
+
/* main - the main program */
int main(int argc, char **argv)
{
+ /*
+ * Fingerprint executables and core dumps.
+ */
+ MAIL_VERSION_STAMP_ALLOCATE;
+
/*
* Clean up an incomplete queue file in case of a fatal run-time error,
* or after receiving SIGTERM from the master at shutdown time.
VAR_BODY_CHECKS, DEF_BODY_CHECKS, &var_body_checks, 0, 0,
VAR_PROP_EXTENSION, DEF_PROP_EXTENSION, &var_prop_extension, 0, 0,
VAR_ALWAYS_BCC, DEF_ALWAYS_BCC, &var_always_bcc, 0, 0,
- VAR_RCPT_WITHELD, DEF_RCPT_WITHELD, &var_rcpt_witheld, 1, 0,
+ VAR_RCPT_WITHELD, DEF_RCPT_WITHELD, &var_rcpt_witheld, 0, 0,
VAR_MASQ_CLASSES, DEF_MASQ_CLASSES, &var_masq_classes, 0, 0,
VAR_SEND_BCC_MAPS, DEF_SEND_BCC_MAPS, &var_send_bcc_maps, 0, 0,
VAR_RCPT_BCC_MAPS, DEF_RCPT_BCC_MAPS, &var_rcpt_bcc_maps, 0, 0,
#define VISIBLE_RCPT ((1 << HDR_TO) | (1 << HDR_RESENT_TO) \
| (1 << HDR_CC) | (1 << HDR_RESENT_CC))
- if ((state->headers_seen & VISIBLE_RCPT) == 0)
+ if ((state->headers_seen & VISIBLE_RCPT) == 0 && *var_rcpt_witheld)
cleanup_out_format(state, REC_TYPE_NORM, "%s", var_rcpt_witheld);
/*
}
if (line == start) {
cleanup_out_string(state, REC_TYPE_NORM, line);
- if (line_len < REC_TYPE_PTR_PAYL_SIZE)
+ if ((state->milters || cleanup_milters)
+ && line_len < REC_TYPE_PTR_PAYL_SIZE)
rec_pad(state->dst, REC_TYPE_DTXT,
REC_TYPE_PTR_PAYL_SIZE - line_len);
} else if (IS_SPACE_TAB(*line)) {
discard.o: ../../include/flush_clnt.h
discard.o: ../../include/mail_queue.h
discard.o: ../../include/mail_server.h
+discard.o: ../../include/mail_version.h
discard.o: ../../include/msg.h
discard.o: ../../include/msg_stats.h
discard.o: ../../include/recipient_list.h
/* The time limit for sending or receiving information over an internal
/* communication channel.
/* .IP "\fBmax_idle (100s)\fR"
-/* The maximum amount of time that an idle Postfix daemon process
-/* waits for the next service request before exiting.
+/* The maximum amount of time that an idle Postfix daemon process waits
+/* for an incoming connection before terminating voluntarily.
/* .IP "\fBmax_use (100)\fR"
-/* The maximal number of connection requests before a Postfix daemon
-/* process terminates.
+/* The maximal number of incoming connections that a Postfix daemon
+/* process will service before terminating voluntarily.
/* .IP "\fBprocess_id (read-only)\fR"
/* The process ID of a Postfix command or daemon process.
/* .IP "\fBprocess_name (read-only)\fR"
#include <flush_clnt.h>
#include <sent.h>
#include <dsn_util.h>
+#include <mail_version.h>
/* Single server skeleton. */
flush_init();
}
+MAIL_VERSION_STAMP_DECLARE;
+
/* main - pass control to the single-threaded skeleton */
int main(int argc, char **argv)
{
+
+ /*
+ * Fingerprint executables and core dumps.
+ */
+ MAIL_VERSION_STAMP_ALLOCATE;
+
single_server_main(argc, argv, discard_service,
MAIL_SERVER_PRE_INIT, pre_init,
0);
error.o: ../../include/mail_proto.h
error.o: ../../include/mail_queue.h
error.o: ../../include/mail_server.h
+error.o: ../../include/mail_version.h
error.o: ../../include/msg.h
error.o: ../../include/msg_stats.h
error.o: ../../include/recipient_list.h
/* The Postfix \fBerror\fR(8) delivery agent processes delivery
/* requests from
/* the queue manager. Each request specifies a queue file, a sender
-/* address, a domain or host name that is treated as the reason for
-/* non-delivery, and recipient information.
+/* address, the reason for non-delivery (specified as the
+/* next-hop destination), and recipient information.
/* The reason may be prefixed with an RFC 3463-compatible detail code.
/* This program expects to be run from the \fBmaster\fR(8) process
/* manager.
/* The time limit for sending or receiving information over an internal
/* communication channel.
/* .IP "\fBmax_idle (100s)\fR"
-/* The maximum amount of time that an idle Postfix daemon process
-/* waits for the next service request before exiting.
+/* The maximum amount of time that an idle Postfix daemon process waits
+/* for an incoming connection before terminating voluntarily.
/* .IP "\fBmax_use (100)\fR"
-/* The maximal number of connection requests before a Postfix daemon
-/* process terminates.
+/* The maximal number of incoming connections that a Postfix daemon
+/* process will service before terminating voluntarily.
/* .IP "\fBnotify_classes (resource, software)\fR"
/* The list of error classes that are reported to the postmaster.
/* .IP "\fBprocess_id (read-only)\fR"
#include <dsn_util.h>
#include <sys_exits.h>
#include <mail_proto.h>
+#include <mail_version.h>
/* Single server skeleton. */
flush_init();
}
+MAIL_VERSION_STAMP_DECLARE;
+
/* main - pass control to the single-threaded skeleton */
int main(int argc, char **argv)
{
+
+ /*
+ * Fingerprint executables and core dumps.
+ */
+ MAIL_VERSION_STAMP_ALLOCATE;
+
single_server_main(argc, argv, error_service,
MAIL_SERVER_PRE_INIT, pre_init,
0);
flush.o: ../../include/mail_queue.h
flush.o: ../../include/mail_scan_dir.h
flush.o: ../../include/mail_server.h
+flush.o: ../../include/mail_version.h
flush.o: ../../include/maps.h
flush.o: ../../include/match_list.h
flush.o: ../../include/match_ops.h
/* The time limit for sending or receiving information over an internal
/* communication channel.
/* .IP "\fBmax_idle (100s)\fR"
-/* The maximum amount of time that an idle Postfix daemon process
-/* waits for the next service request before exiting.
+/* The maximum amount of time that an idle Postfix daemon process waits
+/* for an incoming connection before terminating voluntarily.
/* .IP "\fBmax_use (100)\fR"
-/* The maximal number of connection requests before a Postfix daemon
-/* process terminates.
+/* The maximal number of incoming connections that a Postfix daemon
+/* process will service before terminating voluntarily.
/* .IP "\fBparent_domain_matches_subdomains (see 'postconf -d' output)\fR"
/* What Postfix features match subdomains of "domain.tld" automatically,
/* instead of requiring an explicit ".domain.tld" pattern.
/* Global library. */
#include <mail_params.h>
+#include <mail_version.h>
#include <mail_queue.h>
#include <mail_proto.h>
#include <mail_flush.h>
/* flush_one_file - move one queue file to incoming queue */
static int flush_one_file(const char *queue_id, VSTRING *queue_file,
- struct utimbuf * tbuf, int how)
+ struct utimbuf * tbuf, int how)
{
const char *myname = "flush_one_file";
const char *queue_name;
var_fflush_domains);
}
+MAIL_VERSION_STAMP_DECLARE;
+
/* main - pass control to the single-threaded skeleton */
int main(int argc, char **argv)
0,
};
+ /*
+ * Fingerprint executables and core dumps.
+ */
+ MAIL_VERSION_STAMP_ALLOCATE;
+
single_server_main(argc, argv, flush_service,
MAIL_SERVER_TIME_TABLE, time_table,
MAIL_SERVER_PRE_INIT, pre_jail_init,
msg_fatal("usage: %s [-cr] [-s size] messages directory_entries", myname);
}
+MAIL_VERSION_STAMP_DECLARE;
+
int main(int argc, char **argv)
{
int op_count;
int ch;
int size = 2;
+ /*
+ * Fingerprint executables and core dumps.
+ */
+ MAIL_VERSION_STAMP_ALLOCATE;
+
msg_vstream_init(argv[0], VSTREAM_ERR);
while ((ch = GETOPT(argc, argv, "crs:")) != EOF) {
switch (ch) {
input_transp.o: input_transp.c
input_transp.o: input_transp.h
input_transp.o: mail_params.h
+int_filt.o: ../../include/msg.h
int_filt.o: ../../include/name_mask.h
int_filt.o: ../../include/sys_defs.h
int_filt.o: ../../include/vbuf.h
int_filt.o: ../../include/vstring.h
+int_filt.o: cleanup_user.h
int_filt.o: int_filt.c
int_filt.o: int_filt.h
int_filt.o: mail_params.h
post_mail.o: ../../include/vstream.h
post_mail.o: ../../include/vstring.h
post_mail.o: cleanup_user.h
+post_mail.o: int_filt.h
post_mail.o: mail_date.h
post_mail.o: mail_params.h
post_mail.o: mail_proto.h
/* .IP special_result_attribute
/* The attribute(s) of directory entries that can contain DNs or URLs.
/* If found, a recursive subsequent search is done using their values.
+/* .IP leaf_result_attribute
+/* These are only returned for "leaf" LDAP entries, i.e. those that are
+/* not "terminal" and have no values for any of the "special" result
+/* attributes.
+/* .IP terminal_result_attribute
+/* If found, the LDAP entry is considered a terminal LDAP object, not
+/* subject to further direct or recursive expansion. Only the terminal
+/* result attributes are returned.
/* .IP scope
/* LDAP search scope: sub, base, or one.
/* .IP bind
int scope;
char *search_base;
ARGV *result_attributes;
- int num_attributes; /* rest of list is DN's. */
+ int num_terminal; /* Number of terminal attributes. */
+ int num_leaf; /* Number of leaf attributes */
+ int num_attributes; /* Combined # of non-special attrs */
int bind;
char *bind_dn;
char *bind_pw;
#define DICT_LDAP_CONN(d) ((LDAP_CONN *)((d)->ht->value))
-
+ /*
+ * Bitrot: LDAP_API 3000 and up (OpenLDAP 2.2.x) deprecated ldap_unbind()
+ */
+#if LDAP_API_VERSION >= 3000
+#define dict_ldap_unbind(ld) ldap_unbind_ext((ld), 0, 0)
+#define dict_ldap_abandon(ld, msg) ldap_abandon_ext((ld), (msg), 0, 0)
+#else
+#define dict_ldap_unbind(ld) ldap_unbind(ld)
+#define dict_ldap_abandon(ld, msg) ldap_abandon((ld), (msg))
+#endif
/*
* Quoting rules.
static void dict_ldap_logprint(LDAP_CONST char *data)
{
const char *myname = "dict_ldap_debug";
- char *buf,
- *p;
+ char *buf, *p;
buf = mystrdup(data);
if (*buf) {
myfree(buf);
}
-static int dict_ldap_get_errno(LDAP * ld)
+static int dict_ldap_get_errno(LDAP *ld)
{
int rc;
return rc;
}
-static int dict_ldap_set_errno(LDAP * ld, int rc)
+static int dict_ldap_set_errno(LDAP *ld, int rc)
{
(void) ldap_set_option(ld, LDAP_OPT_ERROR_NUMBER, &rc);
return rc;
return (dict_ldap_get_errno(ld));
if (dict_ldap_get_errno(ld) == LDAP_TIMEOUT) {
- (void) ldap_abandon_ext(ld, msgid, 0, 0);
+ (void) dict_ldap_abandon(ld, msgid);
return (dict_ldap_set_errno(ld, LDAP_TIMEOUT));
}
-
return LDAP_SUCCESS;
}
/* search_st - Synchronous search with timeout */
static int search_st(LDAP *ld, char *base, int scope, char *query,
- char **attrs, int timeout, LDAPMessage **res)
+ char **attrs, int timeout, LDAPMessage **res)
{
struct timeval mytimeval;
int msgid;
mytimeval.tv_usec = 0;
#define WANTVALS 0
-#define USE_SIZE_LIM_OPT -1 /* Any negative value will do */
+#define USE_SIZE_LIM_OPT -1 /* Any negative value will do */
if ((rc = ldap_search_ext(ld, base, scope, query, attrs, WANTVALS, 0, 0,
&mytimeval, USE_SIZE_LIM_OPT,
#if defined(LDAP_OPT_DEBUG_LEVEL) && defined(LBER_OPT_LOG_PRINT_FN)
if (dict_ldap->debuglevel > 0 &&
ber_set_option(NULL, LBER_OPT_LOG_PRINT_FN,
- (LDAP_CONST void *) dict_ldap_logprint) != LBER_OPT_SUCCESS)
+ (LDAP_CONST void *) dict_ldap_logprint) != LBER_OPT_SUCCESS)
msg_warn("%s: Unable to set ber logprint function.", myname);
#if defined(LBER_OPT_DEBUG_LEVEL)
if (ber_set_option(NULL, LBER_OPT_DEBUG_LEVEL,
* This and the rest of the handling of multiple attributes, DNs and URLs
* are thanks to LaMont Jones.
*/
-static void dict_ldap_get_values(DICT_LDAP *dict_ldap, LDAPMessage * res,
- VSTRING *result, const char* name)
+static void dict_ldap_get_values(DICT_LDAP *dict_ldap, LDAPMessage *res,
+ VSTRING *result, const char *name)
{
static int recursion = 0;
static int expansion;
int valcount;
LDAPURLDesc *url;
const char *myname = "dict_ldap_get_values";
+ int is_leaf = 1; /* No recursion via this entry */
+ int is_terminal = 0; /* No expansion via this entry */
if (++recursion == 1)
expansion = 0;
dict_ldap->size_limit);
dict_errno = DICT_ERR_RETRY;
}
+
+ /*
+ * Check for terminal attributes, these preclude expansion of all
+ * other attributes, and DN/URI recursion. Any terminal attributes
+ * are listed first in the attribute array.
+ */
+ if (dict_ldap->num_terminal > 0) {
+ for (i = 0; i < dict_ldap->num_terminal; ++i) {
+ attr = dict_ldap->result_attributes->argv[i];
+ if (!(vals = ldap_get_values_len(dict_ldap->ld, entry, attr)))
+ continue;
+ is_terminal = (ldap_count_values_len(vals) > 0);
+ ldap_value_free_len(vals);
+ if (is_terminal)
+ break;
+ }
+ }
+
+ /*
+ * Check for special attributes, these preclude expansion of
+ * "leaf-only" attributes, and are at the end of the attribute array
+ * after the terminal, leaf and regular attributes.
+ */
+ if (is_terminal == 0 && dict_ldap->num_leaf > 0) {
+ for (i = dict_ldap->num_attributes;
+ dict_ldap->result_attributes->argv[i]; ++i) {
+ attr = dict_ldap->result_attributes->argv[i];
+ if (!(vals = ldap_get_values_len(dict_ldap->ld, entry, attr)))
+ continue;
+ is_leaf = (ldap_count_values_len(vals) == 0);
+ ldap_value_free_len(vals);
+ if (!is_leaf)
+ break;
+ }
+ }
for (attr = ldap_first_attribute(dict_ldap->ld, entry, &ber);
- attr != NULL;
- ldap_memfree(attr), attr = ldap_next_attribute(dict_ldap->ld,
- entry, ber)) {
+ attr != NULL; ldap_memfree(attr),
+ attr = ldap_next_attribute(dict_ldap->ld, entry, ber)) {
+
vals = ldap_get_values_len(dict_ldap->ld, entry, attr);
if (vals == NULL) {
if (msg_verbose)
myname, recursion, attr);
continue;
}
-
valcount = ldap_count_values_len(vals);
/*
* We compute the attribute type (ordinary or special) from its
* index on the "result_attributes" list.
*/
- for (i = 0; dict_ldap->result_attributes->argv[i]; i++) {
- if (strcasecmp(dict_ldap->result_attributes->argv[i], attr) == 0)
+ for (i = 0; dict_ldap->result_attributes->argv[i]; i++)
+ if (strcasecmp(dict_ldap->result_attributes->argv[i],
+ attr) == 0)
break;
- }
/*
* Append each returned address to the result list, possibly
- * recursing (for dn or url attributes).
+ * recursing (for dn or url attributes of non-terminal entries)
*/
- if (i < dict_ldap->num_attributes) {
- /* Ordinary result attribute */
- for (i = 0; i < valcount; i++) {
- if (db_common_expand(dict_ldap->ctx,
- dict_ldap->result_format,
- vals[i]->bv_val,
- name, result, 0)
- && dict_ldap->expansion_limit > 0
- && ++expansion > dict_ldap->expansion_limit) {
- msg_warn("%s[%d]: %s: Expansion limit exceeded for key: '%s'",
- myname, recursion, dict_ldap->parser->name, name);
- dict_errno = DICT_ERR_RETRY;
- break;
+ if (i < dict_ldap->num_attributes || is_terminal) {
+ if (is_terminal && i >= dict_ldap->num_terminal
+ || !is_leaf &&
+ i < dict_ldap->num_terminal + dict_ldap->num_leaf) {
+ if (msg_verbose)
+ msg_info("%s[%d]: skipping %ld value(s) of %s "
+ "attribute %s", myname, recursion, i,
+ is_terminal ? "non-terminal" : "leaf-only",
+ attr);
+ } else {
+ /* Ordinary result attribute */
+ for (i = 0; i < valcount; i++) {
+ if (db_common_expand(dict_ldap->ctx,
+ dict_ldap->result_format,
+ vals[i]->bv_val,
+ name, result, 0)
+ && dict_ldap->expansion_limit > 0
+ && ++expansion > dict_ldap->expansion_limit) {
+ msg_warn("%s[%d]: %s: Expansion limit exceeded "
+ "for key: '%s'", myname, recursion,
+ dict_ldap->parser->name, name);
+ dict_errno = DICT_ERR_RETRY;
+ break;
+ }
}
+ if (dict_errno != 0)
+ continue;
+ if (msg_verbose)
+ msg_info("%s[%d]: search returned %ld value(s) for"
+ " requested result attribute %s",
+ myname, recursion, i, attr);
}
- if (dict_errno != 0)
- continue;
- if (msg_verbose)
- msg_info("%s[%d]: search returned %ld value(s) for"
- " requested result attribute %s",
- myname, recursion, i, attr);
} else if (recursion < dict_ldap->recursion_limit
&& dict_ldap->result_attributes->argv[i]) {
/* Special result attribute */
if (rc == 0) {
rc = search_st(dict_ldap->ld, url->lud_dn,
url->lud_scope, url->lud_filter,
- url->lud_attrs, dict_ldap->timeout,
+ url->lud_attrs, dict_ldap->timeout,
&resloop);
ldap_free_urldesc(url);
}
msg_info("%s: Skipping lookup of '%s'", myname, name);
return (0);
}
-
#define INIT_VSTR(buf, len) do { \
if (buf == 0) \
buf = vstring_alloc(len); \
myname, dict_ldap->parser->name, dict_ldap->size_limit);
/*
- * Expand the search base and query. Skip lookup when the
- * input key lacks sufficient domain components to satisfy
- * all the requested %-substitutions.
- *
- * When the search base is not static, LDAP_NO_SUCH_OBJECT is
- * expected and is therefore treated as a non-error: the lookup
- * returns no results rather than a soft error.
+ * Expand the search base and query. Skip lookup when the input key lacks
+ * sufficient domain components to satisfy all the requested
+ * %-substitutions.
+ *
+ * When the search base is not static, LDAP_NO_SUCH_OBJECT is expected and
+ * is therefore treated as a non-error: the lookup returns no results
+ * rather than a soft error.
*/
if (!db_common_expand(dict_ldap->ctx, dict_ldap->search_base,
- name, 0, base, rfc2253_quote)) {
- if (msg_verbose > 1)
+ name, 0, base, rfc2253_quote)) {
+ if (msg_verbose > 1)
msg_info("%s: %s: Empty expansion for %s", myname,
dict_ldap->parser->name, dict_ldap->search_base);
- return (0);
+ return (0);
}
-
if (!db_common_expand(dict_ldap->ctx, dict_ldap->query,
name, 0, query, rfc2254_quote)) {
- if (msg_verbose > 1)
+ if (msg_verbose > 1)
msg_info("%s: %s: Empty expansion for %s", myname,
dict_ldap->parser->name, dict_ldap->query);
- return (0);
+ return (0);
}
/*
msg_info("%s: Lost connection for LDAP source %s, reopening",
myname, dict_ldap->parser->name);
- ldap_unbind_ext(dict_ldap->ld, 0, 0);
+ dict_ldap_unbind(dict_ldap->ld);
dict_ldap->ld = DICT_LDAP_CONN(dict_ldap)->conn_ld = 0;
dict_ldap_connect(dict_ldap);
return (0);
rc = search_st(dict_ldap->ld, vstring_str(base), dict_ldap->scope,
- vstring_str(query), dict_ldap->result_attributes->argv,
+ vstring_str(query), dict_ldap->result_attributes->argv,
dict_ldap->timeout, &res);
}
-
switch (rc) {
case LDAP_SUCCESS:
+
/*
* Search worked; extract the requested result_attribute.
*/
break;
case LDAP_NO_SUCH_OBJECT:
- /*
- * If the search base is input key dependent, then not finding it,
- * is equivalent to not finding the input key. Sadly, we cannot
- * detect misconfiguration in this case.
+
+ /*
+ * If the search base is input key dependent, then not finding it, is
+ * equivalent to not finding the input key. Sadly, we cannot detect
+ * misconfiguration in this case.
*/
- if (dict_ldap->dynamic_base)
+ if (dict_ldap->dynamic_base)
break;
msg_warn("%s: %s: Search base '%s' not found: %d: %s",
break;
default:
+
/*
* Rats. The search didn't work.
*/
* Tear down the connection so it gets set up from scratch on the
* next lookup.
*/
- ldap_unbind_ext(dict_ldap->ld, 0, 0);
+ dict_ldap_unbind(dict_ldap->ld);
dict_ldap->ld = DICT_LDAP_CONN(dict_ldap)->conn_ld = 0;
/*
if (msg_verbose)
msg_info("%s: Closed connection handle for LDAP source %s",
myname, dict_ldap->parser->name);
- ldap_unbind_ext(conn->conn_ld, 0, 0);
+ dict_ldap_unbind(conn->conn_ld);
}
binhash_delete(conn_hash, ht->key, ht->key_len, myfree);
}
myfree(dict_ldap->search_base);
myfree(dict_ldap->query);
if (dict_ldap->result_format)
- myfree(dict_ldap->result_format);
+ myfree(dict_ldap->result_format);
argv_free(dict_ldap->result_attributes);
myfree(dict_ldap->bind_dn);
myfree(dict_ldap->bind_pw);
dict_ldap->ldap_ssl = 1;
ldap_free_urldesc(url_desc);
if (VSTRING_LEN(url_list) > 0)
- VSTRING_ADDCH(url_list, ' ');
+ VSTRING_ADDCH(url_list, ' ');
vstring_strcat(url_list, h);
} else {
if (VSTRING_LEN(url_list) > 0)
- VSTRING_ADDCH(url_list, ' ');
+ VSTRING_ADDCH(url_list, ' ');
if (strrchr(h, ':'))
vstring_sprintf_append(url_list, "ldap://%s", h);
else
*/
dict_ldap->timeout = cfg_get_int(dict_ldap->parser, "timeout", 10, 0, 0);
-#if 0 /* No benefit from changing this to match the MySQL/PGSQL syntax */
+#if 0 /* No benefit from changing
+ * this to match the
+ * MySQL/PGSQL syntax */
if ((dict_ldap->query =
- cfg_get_str(dict_ldap->parser, "query", 0, 0, 0)) == 0)
+ cfg_get_str(dict_ldap->parser, "query", 0, 0, 0)) == 0)
#endif
- dict_ldap->query =
+ dict_ldap->query =
cfg_get_str(dict_ldap->parser, "query_filter",
"(mailacceptinggeneralid=%s)", 0, 0);
if ((dict_ldap->result_format =
- cfg_get_str(dict_ldap->parser, "result_format", 0, 0, 0)) == 0)
- dict_ldap->result_format =
- cfg_get_str(dict_ldap->parser, "result_filter", "%s", 1, 0);
+ cfg_get_str(dict_ldap->parser, "result_format", 0, 0, 0)) == 0)
+ dict_ldap->result_format =
+ cfg_get_str(dict_ldap->parser, "result_filter", "%s", 1, 0);
/*
- * Must parse all templates before we can use db_common_expand()
- * If data dependent substitutions are found in the search base,
- * treat NO_SUCH_OBJECT search errors as a non-matching key, rather
- * than a fatal run-time error.
+ * Must parse all templates before we can use db_common_expand() If data
+ * dependent substitutions are found in the search base, treat
+ * NO_SUCH_OBJECT search errors as a non-matching key, rather than a
+ * fatal run-time error.
*/
dict_ldap->ctx = 0;
dict_ldap->dynamic_base =
db_common_parse_domain(dict_ldap->parser, dict_ldap->ctx);
/*
- * Maps that use substring keys should only be used with the full
- * input key.
+ * Maps that use substring keys should only be used with the full input
+ * key.
*/
if (db_common_dict_partial(dict_ldap->ctx))
dict_ldap->dict.flags |= DICT_FLAG_PATTERN;
if (dict_flags & DICT_FLAG_FOLD_FIX)
dict_ldap->dict.fold_buf = vstring_alloc(10);
- attr = cfg_get_str(dict_ldap->parser, "result_attribute",
- "maildrop", 0, 0);
+ /* Order matters, first the terminal attributes: */
+ attr = cfg_get_str(dict_ldap->parser, "terminal_result_attribute", "", 0, 0);
dict_ldap->result_attributes = argv_split(attr, " ,\t\r\n");
+ dict_ldap->num_terminal = dict_ldap->result_attributes->argc;
+ myfree(attr);
+
+ /* Order matters, next the leaf-only attributes: */
+ attr = cfg_get_str(dict_ldap->parser, "leaf_result_attribute", "", 0, 0);
+ if (*attr)
+ argv_split_append(dict_ldap->result_attributes, attr, " ,\t\r\n");
+ dict_ldap->num_leaf =
+ dict_ldap->result_attributes->argc - dict_ldap->num_terminal;
+ myfree(attr);
+
+ /* Order matters, next the regular attributes: */
+ attr = cfg_get_str(dict_ldap->parser, "result_attribute", "maildrop", 0, 0);
+ if (*attr)
+ argv_split_append(dict_ldap->result_attributes, attr, " ,\t\r\n");
dict_ldap->num_attributes = dict_ldap->result_attributes->argc;
myfree(attr);
- attr = cfg_get_str(dict_ldap->parser, "special_result_attribute",
- "", 0, 0);
+ /* Order matters, finally the special attributes: */
+ attr = cfg_get_str(dict_ldap->parser, "special_result_attribute", "", 0, 0);
if (*attr)
argv_split_append(dict_ldap->result_attributes, attr, " ,\t\r\n");
myfree(attr);
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20070224"
+#define MAIL_RELEASE_DATE "20070320"
#define MAIL_VERSION_NUMBER "2.4"
#ifdef SNAPSHOT
#define DEF_MAIL_RELEASE MAIL_RELEASE_DATE
extern char *var_mail_release;
+ /*
+ * The following macros stamp executable files as well as core dumps. This
+ * information helps to answer the following questions:
+ *
+ * - What Postfix versions(s) are installed on this machine?
+ *
+ * - Is this installation mixing multiple Postfix versions?
+ *
+ * - What Postfix version generated this core dump?
+ */
+#include <string.h>
+
+#define MAIL_VERSION_STAMP_DECLARE \
+ char *mail_version_stamp
+
+#define MAIL_VERSION_STAMP_ALLOCATE \
+ mail_version_stamp = strdup(VAR_MAIL_VERSION "=" DEF_MAIL_VERSION)
+
/* LICENSE
/* .ad
/* .fi
#define REC_TYPE_CONT 'L' /* long data record */
#define REC_TYPE_NORM 'N' /* normal data record */
-#define REC_TYPE_DTXT 'w' /* deleted data record */
+#define REC_TYPE_DTXT 'w' /* padding (was: deleted data) */
#define REC_TYPE_XTRA 'X' /* start extracted records */
* contains pure recipient sequences only, then the queue manager will not
* have to read all the queue file records before starting delivery. This is
* often the case with list mail, where such optimization is desirable.
+ *
+ * XXX These definitions include the respective segment terminators to avoid
+ * special cases in the cleanup(8) envelope and extracted record processors.
*/
-#define REC_TYPE_ENV_RECIPIENT "DRO/Kon"
-#define REC_TYPE_EXT_RECIPIENT "DRO/Kon"
+#define REC_TYPE_ENV_RECIPIENT "MDRO/Kon"
+#define REC_TYPE_EXT_RECIPIENT "EDRO/Kon"
/*
* The types of records that I expect to see while processing different
local.o: ../../include/mail_conf.h
local.o: ../../include/mail_params.h
local.o: ../../include/mail_server.h
+local.o: ../../include/mail_version.h
local.o: ../../include/maps.h
local.o: ../../include/mbox_conf.h
local.o: ../../include/msg.h
/* .IP "\fBlocal_command_shell (empty)\fR"
/* Optional shell program for \fBlocal\fR(8) delivery to non-Postfix command.
/* .IP "\fBmax_idle (100s)\fR"
-/* The maximum amount of time that an idle Postfix daemon process
-/* waits for the next service request before exiting.
+/* The maximum amount of time that an idle Postfix daemon process waits
+/* for an incoming connection before terminating voluntarily.
/* .IP "\fBmax_use (100)\fR"
-/* The maximal number of connection requests before a Postfix daemon
-/* process terminates.
+/* The maximal number of incoming connections that a Postfix daemon
+/* process will service before terminating voluntarily.
/* .IP "\fBprepend_delivered_header (command, file, forward)\fR"
/* The message delivery contexts where the Postfix \fBlocal\fR(8) delivery
/* agent prepends a Delivered-To: message header with the address
#include <mail_conf.h>
#include <been_here.h>
#include <mail_params.h>
+#include <mail_version.h>
#include <ext_prop.h>
#include <maps.h>
#include <flush_clnt.h>
flush_init();
}
+MAIL_VERSION_STAMP_DECLARE;
+
/* main - pass control to the single-threaded skeleton */
int main(int argc, char **argv)
0,
};
+ /*
+ * Fingerprint executables and core dumps.
+ */
+ MAIL_VERSION_STAMP_ALLOCATE;
+
single_server_main(argc, argv, local_service,
MAIL_SERVER_INT_TABLE, int_table,
MAIL_SERVER_STR_TABLE, str_table,
master_service.o: master_service.c
master_sig.o: ../../include/events.h
master_sig.o: ../../include/iostuff.h
+master_sig.o: ../../include/killme_after.h
master_sig.o: ../../include/msg.h
master_sig.o: ../../include/posix_signals.h
master_sig.o: ../../include/sys_defs.h
/* The default maximal number of Postfix child processes that provide
/* a given service.
/* .IP "\fBmax_idle (100s)\fR"
-/* The maximum amount of time that an idle Postfix daemon process
-/* waits for the next service request before exiting.
+/* The maximum amount of time that an idle Postfix daemon process waits
+/* for an incoming connection before terminating voluntarily.
/* .IP "\fBmax_use (100)\fR"
-/* The maximal number of connection requests before a Postfix daemon
-/* process terminates.
+/* The maximal number of incoming connections that a Postfix daemon
+/* process will service before terminating voluntarily.
/* .IP "\fBservice_throttle_time (60s)\fR"
/* How long the Postfix \fBmaster\fR(8) waits before forking a server that
/* appears to be malfunctioning.
msg_fatal("usage: %s [-c config_dir] [-D (debug)] [-d (don't detach from terminal)] [-e exit_time] [-t (test)] [-v]", me);
}
+MAIL_VERSION_STAMP_DECLARE;
+
/* main - main program */
int main(int argc, char **argv)
WATCHDOG *watchdog;
ARGV *import_env;
+ /*
+ * Fingerprint executables and core dumps.
+ */
+ MAIL_VERSION_STAMP_ALLOCATE;
+
/*
* Initialize.
*/
msg_fatal("select unlock: %m");
if (fd < 0) {
if (errno != EAGAIN)
- msg_fatal("accept connection: %m");
+ msg_error("accept connection: %m");
if (time_left >= 0)
event_request_timer(multi_server_timeout, (char *) 0, time_left);
return;
msg_fatal("select unlock: %m");
if (fd < 0) {
if (errno != EAGAIN)
- msg_fatal("accept connection: %m");
+ msg_error("accept connection: %m");
if (time_left >= 0)
event_request_timer(multi_server_timeout, (char *) 0, time_left);
return;
msg_fatal("select unlock: %m");
if (fd < 0) {
if (errno != EAGAIN)
- msg_fatal("accept connection: %m");
+ msg_error("accept connection: %m");
if (time_left >= 0)
event_request_timer(multi_server_timeout, (char *) 0, time_left);
return;
if (redo_syslog_init)
msg_syslog_init(mail_task(var_procname), LOG_PID, LOG_FACILITY);
+ /*
+ * If not connected to stdin, stdin must not be a terminal.
+ */
+ if (daemon_mode && stream == 0 && isatty(STDIN_FILENO)) {
+ msg_vstream_init(var_procname, VSTREAM_ERR);
+ msg_fatal("do not run this command by hand");
+ }
+
/*
* Application-specific initialization.
*/
if (user_name)
user_name = var_mail_owner;
- /*
- * If not connected to stdin, stdin must not be a terminal.
- */
- if (daemon_mode && stream == 0 && isatty(STDIN_FILENO)) {
- msg_vstream_init(var_procname, VSTREAM_ERR);
- msg_fatal("do not run this command by hand");
- }
-
/*
* Can options be required?
*/
msg_fatal("select unlock: %m");
if (fd < 0) {
if (errno != EAGAIN)
- msg_fatal("accept connection: %m");
+ msg_error("accept connection: %m");
if (time_left >= 0)
event_request_timer(single_server_timeout, (char *) 0, time_left);
return;
msg_fatal("select unlock: %m");
if (fd < 0) {
if (errno != EAGAIN)
- msg_fatal("accept connection: %m");
+ msg_error("accept connection: %m");
if (time_left >= 0)
event_request_timer(single_server_timeout, (char *) 0, time_left);
return;
msg_fatal("select unlock: %m");
if (fd < 0) {
if (errno != EAGAIN)
- msg_fatal("accept connection: %m");
+ msg_error("accept connection: %m");
if (time_left >= 0)
event_request_timer(single_server_timeout, (char *) 0, time_left);
return;
if (redo_syslog_init)
msg_syslog_init(mail_task(var_procname), LOG_PID, LOG_FACILITY);
+ /*
+ * If not connected to stdin, stdin must not be a terminal.
+ */
+ if (daemon_mode && stream == 0 && isatty(STDIN_FILENO)) {
+ msg_vstream_init(var_procname, VSTREAM_ERR);
+ msg_fatal("do not run this command by hand");
+ }
+
/*
* Application-specific initialization.
*/
if (user_name)
user_name = var_mail_owner;
- /*
- * If not connected to stdin, stdin must not be a terminal.
- */
- if (daemon_mode && stream == 0 && isatty(STDIN_FILENO)) {
- msg_vstream_init(var_procname, VSTREAM_ERR);
- msg_fatal("do not run this command by hand");
- }
-
/*
* Can options be required?
*/
msg_fatal("select unlock: %m");
if (fd < 0) {
if (errno != EAGAIN)
- msg_fatal("accept connection: %m");
+ msg_error("accept connection: %m");
if (time_left >= 0)
event_request_timer(trigger_server_timeout, (char *) 0, time_left);
return;
msg_fatal("select unlock: %m");
if (fd < 0) {
if (errno != EAGAIN)
- msg_fatal("accept connection: %m");
+ msg_error("accept connection: %m");
if (time_left >= 0)
event_request_timer(trigger_server_timeout, (char *) 0, time_left);
return;
if (redo_syslog_init)
msg_syslog_init(mail_task(var_procname), LOG_PID, LOG_FACILITY);
+ /*
+ * If not connected to stdin, stdin must not be a terminal.
+ */
+ if (daemon_mode && stream == 0 && isatty(STDIN_FILENO)) {
+ msg_vstream_init(var_procname, VSTREAM_ERR);
+ msg_fatal("do not run this command by hand");
+ }
+
/*
* Application-specific initialization.
*/
if (user_name)
user_name = var_mail_owner;
- /*
- * If not connected to stdin, stdin must not be a terminal.
- */
- if (daemon_mode && stream == 0 && isatty(STDIN_FILENO)) {
- msg_vstream_init(var_procname, VSTREAM_ERR);
- msg_fatal("do not run this command by hand");
- }
-
/*
* Can options be required?
*
milter8.o: ../../include/header_opts.h
milter8.o: ../../include/iostuff.h
milter8.o: ../../include/is_header.h
+milter8.o: ../../include/mail_params.h
milter8.o: ../../include/mail_proto.h
milter8.o: ../../include/mime_state.h
milter8.o: ../../include/msg.h
qmgr.o: ../../include/mail_proto.h
qmgr.o: ../../include/mail_queue.h
qmgr.o: ../../include/mail_server.h
+qmgr.o: ../../include/mail_version.h
qmgr.o: ../../include/master_proto.h
qmgr.o: ../../include/msg.h
qmgr.o: ../../include/recipient_list.h
#include <recipient_list.h>
#include <mail_conf.h>
#include <mail_params.h>
+#include <mail_version.h>
#include <mail_proto.h> /* QMGR_SCAN constants */
#include <mail_flow.h>
#include <flush_clnt.h>
qmgr_deferred_run_event(0, (char *) 0);
}
+MAIL_VERSION_STAMP_DECLARE;
+
/* main - the main program */
int main(int argc, char **argv)
0,
};
+ /*
+ * Fingerprint executables and core dumps.
+ */
+ MAIL_VERSION_STAMP_ALLOCATE;
+
/*
* Use the trigger service skeleton, because no-one else should be
* monitoring our service port while this process runs, and because we do
pickup.o: ../../include/mail_proto.h
pickup.o: ../../include/mail_queue.h
pickup.o: ../../include/mail_server.h
+pickup.o: ../../include/mail_version.h
pickup.o: ../../include/msg.h
pickup.o: ../../include/mymalloc.h
pickup.o: ../../include/rec_attr_map.h
/* Upon input, long lines are chopped up into pieces of at most
/* this length; upon delivery, long lines are reconstructed.
/* .IP "\fBmax_idle (100s)\fR"
-/* The maximum amount of time that an idle Postfix daemon process
-/* waits for the next service request before exiting.
+/* The maximum amount of time that an idle Postfix daemon process waits
+/* for an incoming connection before terminating voluntarily.
/* .IP "\fBmax_use (100)\fR"
-/* The maximal number of connection requests before a Postfix daemon
-/* process terminates.
+/* The maximal number of incoming connections that a Postfix daemon
+/* process will service before terminating voluntarily.
/* .IP "\fBprocess_id (read-only)\fR"
/* The process ID of a Postfix command or daemon process.
/* .IP "\fBprocess_name (read-only)\fR"
#include <lex_822.h>
#include <input_transp.h>
#include <rec_attr_map.h>
+#include <mail_version.h>
/* Single-threaded server skeleton. */
input_transp_mask(VAR_INPUT_TRANSP, var_input_transp);
}
+MAIL_VERSION_STAMP_DECLARE;
+
/* main - pass control to the multi-threaded server skeleton */
int main(int argc, char **argv)
0,
};
+ /*
+ * Fingerprint executables and core dumps.
+ */
+ MAIL_VERSION_STAMP_ALLOCATE;
+
/*
* Use the multi-threaded skeleton, because no-one else should be
* monitoring our service socket while this process runs.
pipe.o: ../../include/mail_copy.h
pipe.o: ../../include/mail_params.h
pipe.o: ../../include/mail_server.h
+pipe.o: ../../include/mail_version.h
pipe.o: ../../include/msg.h
pipe.o: ../../include/msg_stats.h
pipe.o: ../../include/mymalloc.h
/* by, for example, \fBUUCP\fR software.
/* .RE
/* .IP "\fBnull_sender\fR=\fIreplacement\fR (default: MAILER-DAEMON)"
-/* Replace the null sender address, which is typically used
-/* for delivery status notifications, with the specified text
+/* Replace the null sender address (typically used for delivery
+/* status notifications) with the specified text
/* when expanding the \fB$sender\fR command-line macro, and
/* when generating a From_ or Return-Path: message header.
/*
/* The UNIX system account that owns the Postfix queue and most Postfix
/* daemon processes.
/* .IP "\fBmax_idle (100s)\fR"
-/* The maximum amount of time that an idle Postfix daemon process
-/* waits for the next service request before exiting.
+/* The maximum amount of time that an idle Postfix daemon process waits
+/* for an incoming connection before terminating voluntarily.
/* .IP "\fBmax_use (100)\fR"
-/* The maximal number of connection requests before a Postfix daemon
-/* process terminates.
+/* The maximal number of incoming connections that a Postfix daemon
+/* process will service before terminating voluntarily.
/* .IP "\fBprocess_id (read-only)\fR"
/* The process ID of a Postfix command or daemon process.
/* .IP "\fBprocess_name (read-only)\fR"
#include <recipient_list.h>
#include <deliver_request.h>
#include <mail_params.h>
+#include <mail_version.h>
#include <mail_conf.h>
#include <bounce.h>
#include <defer.h>
flush_init();
}
+MAIL_VERSION_STAMP_DECLARE;
+
/* main - pass control to the single-threaded skeleton */
int main(int argc, char **argv)
0,
};
+ /*
+ * Fingerprint executables and core dumps.
+ */
+ MAIL_VERSION_STAMP_ALLOCATE;
+
single_server_main(argc, argv, pipe_service,
MAIL_SERVER_TIME_TABLE, time_table,
MAIL_SERVER_PRE_INIT, pre_init,
postalias.o: ../../include/mail_dict.h
postalias.o: ../../include/mail_params.h
postalias.o: ../../include/mail_task.h
+postalias.o: ../../include/mail_version.h
postalias.o: ../../include/mkmap.h
postalias.o: ../../include/msg.h
postalias.o: ../../include/msg_syslog.h
#include <mail_conf.h>
#include <mail_dict.h>
#include <mail_params.h>
+#include <mail_version.h>
#include <mkmap.h>
#include <mail_task.h>
myname);
}
+MAIL_VERSION_STAMP_DECLARE;
+
int main(int argc, char **argv)
{
char *path_name;
int sequence = 0;
int found;
+ /*
+ * Fingerprint executables and core dumps.
+ */
+ MAIL_VERSION_STAMP_ALLOCATE;
+
/*
* Be consistent with file permissions.
*/
postcat.o: ../../include/mail_params.h
postcat.o: ../../include/mail_proto.h
postcat.o: ../../include/mail_queue.h
+postcat.o: ../../include/mail_version.h
postcat.o: ../../include/msg.h
postcat.o: ../../include/msg_vstream.h
postcat.o: ../../include/rec_type.h
#include <mail_queue.h>
#include <mail_conf.h>
#include <mail_params.h>
+#include <mail_version.h>
#include <mail_proto.h>
/* Application-specific. */
myname);
}
+MAIL_VERSION_STAMP_DECLARE;
+
int main(int argc, char **argv)
{
VSTRING *buffer;
char **cpp;
int tries;
+ /*
+ * Fingerprint executables and core dumps.
+ */
+ MAIL_VERSION_STAMP_ALLOCATE;
+
/*
* To minimize confusion, make sure that the standard file descriptors
* are open before opening anything else. XXX Work around for 44BSD where
}
}
/^(static| )*CONFIG_STR_TABLE .*\{/,/\};/ {
- if ($1 ~ /VAR/) {
+ if ($1 ~ /^VAR/) {
print "char *" substr($3,2,length($3)-2) ";" > "str_vars.h"
if (++stab[$1 $2 $4 $5 $6 $7 $8 $9] == 1) {
print |"sed 's/[ ][ ]*/ /g' > str_table.h"
}
}
/^(static| )*CONFIG_RAW_TABLE .*\{/,/\};/ {
- if ($1 ~ /VAR/) {
+ if ($1 ~ /^VAR/) {
print "char *" substr($3,2,length($3)-2) ";" > "raw_vars.h"
if (++rtab[$1 $2 $4 $5 $6 $7 $8 $9] == 1) {
print |"sed 's/[ ][ ]*/ /g' > raw_table.h"
}
}
/^(static| )*CONFIG_BOOL_TABLE .*\{/,/\};/ {
- if ($1 ~ /VAR/) {
+ if ($1 ~ /^VAR/) {
print "int " substr($3,2,length($3)-2) ";" > "bool_vars.h"
if (++btab[$1 $2 $4 $5 $6 $7 $8 $9] == 1) {
print |"sed 's/[ ][ ]*/ /g' > bool_table.h"
}
}
/^(static| )*CONFIG_TIME_TABLE .*\{/,/\};/ {
- if ($1 ~ /VAR/) {
+ if ($1 ~ /^VAR/) {
print "int " substr($3,2,length($3)-2) ";" > "time_vars.h"
if (++ttab[$1 $2 $4 $5 $6 $7 $8 $9] == 1) {
print |"sed 's/[ ][ ]*/ /g' > time_table.h"
}
}
+MAIL_VERSION_STAMP_DECLARE;
+
/* main */
int main(int argc, char **argv)
int junk;
ARGV *ext_argv = 0;
+ /*
+ * Fingerprint executables and core dumps.
+ */
+ MAIL_VERSION_STAMP_ALLOCATE;
+
/*
* Be consistent with file permissions.
*/
postdrop.o: ../../include/mail_queue.h
postdrop.o: ../../include/mail_stream.h
postdrop.o: ../../include/mail_task.h
+postdrop.o: ../../include/mail_version.h
postdrop.o: ../../include/msg.h
postdrop.o: ../../include/msg_syslog.h
postdrop.o: ../../include/msg_vstream.h
#include <mail_proto.h>
#include <mail_queue.h>
#include <mail_params.h>
+#include <mail_version.h>
#include <mail_conf.h>
#include <mail_task.h>
#include <clean_env.h>
postdrop_sig(0);
}
+MAIL_VERSION_STAMP_DECLARE;
+
/* main - the main program */
int main(int argc, char **argv)
const char *errstr;
char *junk;
struct timeval start;
+ int saved_errno;
+
+ /*
+ * Fingerprint executables and core dumps.
+ */
+ MAIL_VERSION_STAMP_ALLOCATE;
/*
* Be consistent with file permissions.
continue;
}
if (REC_PUT_BUF(dst->stream, rec_type, buf) < 0) {
- while ((rec_type = rec_get(VSTREAM_IN, buf, var_line_limit)) > 0
- && rec_type != REC_TYPE_END)
+ /* rec_get() errors must not clobber errno. */
+ saved_errno = errno;
+ while (rec_get_raw(VSTREAM_IN, buf, var_line_limit,
+ REC_FLAG_NONE) > 0)
/* void */ ;
+ errno = saved_errno;
break;
}
if (rec_type == REC_TYPE_END)
* Finish the file.
*/
if ((status = mail_stream_finish(dst, (VSTRING *) 0)) != 0) {
- postdrop_cleanup();
msg_warn("uid=%ld: %m", (long) uid);
+ postdrop_cleanup();
}
/*
postfix.o: ../../include/clean_env.h
postfix.o: ../../include/mail_conf.h
postfix.o: ../../include/mail_params.h
+postfix.o: ../../include/mail_version.h
postfix.o: ../../include/msg.h
postfix.o: ../../include/msg_syslog.h
postfix.o: ../../include/msg_vstream.h
#include <mail_conf.h>
#include <mail_params.h>
+#include <mail_version.h>
/* Additional installation parameters. */
msg_fatal("setenv: %m");
}
+MAIL_VERSION_STAMP_DECLARE;
+
/* main - run administrative script from controlled environment */
int main(int argc, char **argv)
0,
};
+ /*
+ * Fingerprint executables and core dumps.
+ */
+ MAIL_VERSION_STAMP_ALLOCATE;
+
/*
* Be consistent with file permissions.
*/
postkick.o: ../../include/mail_conf.h
postkick.o: ../../include/mail_params.h
postkick.o: ../../include/mail_proto.h
+postkick.o: ../../include/mail_version.h
postkick.o: ../../include/msg.h
postkick.o: ../../include/msg_vstream.h
postkick.o: ../../include/mymalloc.h
#include <mail_proto.h>
#include <mail_params.h>
+#include <mail_version.h>
#include <mail_conf.h>
static NORETURN usage(char *myname)
msg_fatal("usage: %s [-c config_dir] [-v] class service request", myname);
}
+MAIL_VERSION_STAMP_DECLARE;
+
int main(int argc, char **argv)
{
char *class;
char *slash;
int c;
+ /*
+ * Fingerprint executables and core dumps.
+ */
+ MAIL_VERSION_STAMP_ALLOCATE;
+
/*
* To minimize confusion, make sure that the standard file descriptors
* are open before opening anything else. XXX Work around for 44BSD where
postlock.o: ../../include/iostuff.h
postlock.o: ../../include/mail_conf.h
postlock.o: ../../include/mail_params.h
+postlock.o: ../../include/mail_version.h
postlock.o: ../../include/mbox_conf.h
postlock.o: ../../include/mbox_open.h
postlock.o: ../../include/msg.h
/* Global library. */
#include <mail_params.h>
+#include <mail_version.h>
#include <dot_lockfile.h>
#include <deliver_flock.h>
#include <mail_conf.h>
exit(EX_TEMPFAIL);
}
+MAIL_VERSION_STAMP_DECLARE;
+
/* main - go for it */
int main(int argc, char **argv)
char *lock_style = 0;
MBOX *mp;
+ /*
+ * Fingerprint executables and core dumps.
+ */
+ MAIL_VERSION_STAMP_ALLOCATE;
+
/*
* Be consistent with file permissions.
*/
postlog.o: ../../include/mail_conf.h
postlog.o: ../../include/mail_params.h
postlog.o: ../../include/mail_task.h
+postlog.o: ../../include/mail_version.h
postlog.o: ../../include/msg.h
postlog.o: ../../include/msg_output.h
postlog.o: ../../include/msg_syslog.h
/* Global library. */
#include <mail_params.h> /* XXX right place for LOG_FACILITY? */
+#include <mail_version.h>
#include <mail_conf.h>
#include <mail_task.h>
vstring_free(buf);
}
+MAIL_VERSION_STAMP_DECLARE;
+
/* main - logger */
int main(int argc, char **argv)
int log_flags = 0;
int level = MSG_INFO;
+ /*
+ * Fingerprint executables and core dumps.
+ */
+ MAIL_VERSION_STAMP_ALLOCATE;
+
/*
* Be consistent with file permissions.
*/
postmap.o: ../../include/mail_dict.h
postmap.o: ../../include/mail_params.h
postmap.o: ../../include/mail_task.h
+postmap.o: ../../include/mail_version.h
postmap.o: ../../include/mkmap.h
postmap.o: ../../include/msg.h
postmap.o: ../../include/msg_syslog.h
/* The \fIkey\fR and \fIvalue\fR are processed as is, except that
/* surrounding white space is stripped off. Unlike with Postfix alias
/* databases, quotes cannot be used to protect lookup keys that contain
-/* special characters such as `#' or whitespace.
+/* special characters such as `#' or whitespace.
/*
/* By default the lookup key is mapped to lowercase to make
/* the lookups case insensitive; as of Postfix 2.3 this case
#include <mail_conf.h>
#include <mail_dict.h>
#include <mail_params.h>
+#include <mail_version.h>
#include <mkmap.h>
#include <mail_task.h>
/* postmap_query - query a map and print the result to stdout */
static int postmap_query(const char *map_type, const char *map_name,
- const char *key, int dict_flags)
+ const char *key, int dict_flags)
{
DICT *dict;
const char *value;
/* postmap_deletes - apply multiple requests from stdin */
static int postmap_deletes(VSTREAM *in, char **maps, const int map_count,
- int dict_flags)
+ int dict_flags)
{
int found = 0;
VSTRING *keybuf = vstring_alloc(100);
/* postmap_delete - delete a (key, value) pair from a map */
static int postmap_delete(const char *map_type, const char *map_name,
- const char *key, int dict_flags)
+ const char *key, int dict_flags)
{
DICT *dict;
int status;
/* postmap_seq - print all map entries to stdout */
static void postmap_seq(const char *map_type, const char *map_name,
- int dict_flags)
+ int dict_flags)
{
DICT *dict;
const char *key;
myname);
}
+MAIL_VERSION_STAMP_DECLARE;
+
int main(int argc, char **argv)
{
char *path_name;
int sequence = 0;
int found;
+ /*
+ * Fingerprint executables and core dumps.
+ */
+ MAIL_VERSION_STAMP_ALLOCATE;
+
/*
* Be consistent with file permissions.
*/
usage(argv[0]);
if (strcmp(delkey, "-") == 0)
exit(postmap_deletes(VSTREAM_IN, argv + optind, argc - optind,
- dict_flags | DICT_FLAG_LOCK) == 0);
+ dict_flags | DICT_FLAG_LOCK) == 0);
found = 0;
while (optind < argc) {
if ((path_name = split_at(argv[optind], ':')) != 0) {
found |= postmap_delete(argv[optind], path_name, delkey,
- dict_flags | DICT_FLAG_LOCK);
+ dict_flags | DICT_FLAG_LOCK);
} else {
found |= postmap_delete(var_db_type, argv[optind], delkey,
- dict_flags | DICT_FLAG_LOCK);
+ dict_flags | DICT_FLAG_LOCK);
}
optind++;
}
usage(argv[0]);
if (strcmp(query, "-") == 0)
exit(postmap_queries(VSTREAM_IN, argv + optind, argc - optind,
- dict_flags | DICT_FLAG_LOCK) == 0);
+ dict_flags | DICT_FLAG_LOCK) == 0);
while (optind < argc) {
if ((path_name = split_at(argv[optind], ':')) != 0) {
found = postmap_query(argv[optind], path_name, query,
- dict_flags | DICT_FLAG_LOCK);
+ dict_flags | DICT_FLAG_LOCK);
} else {
found = postmap_query(var_db_type, argv[optind], query,
- dict_flags | DICT_FLAG_LOCK);
+ dict_flags | DICT_FLAG_LOCK);
}
if (found)
exit(0);
while (optind < argc) {
if ((path_name = split_at(argv[optind], ':')) != 0) {
postmap_seq(argv[optind], path_name,
- dict_flags | DICT_FLAG_LOCK);
+ dict_flags | DICT_FLAG_LOCK);
} else {
postmap_seq(var_db_type, argv[optind],
- dict_flags | DICT_FLAG_LOCK);
+ dict_flags | DICT_FLAG_LOCK);
}
exit(0);
}
postqueue.o: ../../include/mail_queue.h
postqueue.o: ../../include/mail_run.h
postqueue.o: ../../include/mail_task.h
+postqueue.o: ../../include/mail_version.h
postqueue.o: ../../include/msg.h
postqueue.o: ../../include/msg_syslog.h
postqueue.o: ../../include/msg_vstream.h
#include <mail_proto.h>
#include <mail_params.h>
+#include <mail_version.h>
#include <mail_conf.h>
#include <mail_task.h>
#include <mail_run.h>
* establish frequent proof of client liveliness with challenge/response, or
* the client needs to restrict expensive requests to privileged users only.
*
- * We don't have this problem with queue listings. The showq server detects
- * an EPIPE error after reporting a few queue entries.
+ * We don't have this problem with queue listings. The showq server detects an
+ * EPIPE error after reporting a few queue entries.
*/
#define PQ_MODE_DEFAULT 0 /* noop */
#define PQ_MODE_MAILQ_LIST 1 /* list mail queue */
msg_fatal_status(EX_USAGE, "usage: postqueue -f | postqueue -i queueid | postqueue -p | postqueue -s site");
}
+MAIL_VERSION_STAMP_DECLARE;
+
/* main - the main program */
int main(int argc, char **argv)
ARGV *import_env;
int bad_site;
+ /*
+ * Fingerprint executables and core dumps.
+ */
+ MAIL_VERSION_STAMP_ALLOCATE;
+
/*
* Be consistent with file permissions.
*/
postsuper.o: ../../include/mail_params.h
postsuper.o: ../../include/mail_queue.h
postsuper.o: ../../include/mail_task.h
+postsuper.o: ../../include/mail_version.h
postsuper.o: ../../include/msg.h
postsuper.o: ../../include/msg_syslog.h
postsuper.o: ../../include/msg_vstream.h
#include <mail_task.h>
#include <mail_conf.h>
#include <mail_params.h>
+#include <mail_version.h>
#include <mail_queue.h>
#include <mail_open_ok.h>
interrupted(0);
}
+MAIL_VERSION_STAMP_DECLARE;
+
int main(int argc, char **argv)
{
int fd;
0,
};
+ /*
+ * Fingerprint executables and core dumps.
+ */
+ MAIL_VERSION_STAMP_ALLOCATE;
+
/*
* Be consistent with file permissions.
*/
proxymap.o: ../../include/mail_params.h
proxymap.o: ../../include/mail_proto.h
proxymap.o: ../../include/mail_server.h
+proxymap.o: ../../include/mail_version.h
proxymap.o: ../../include/msg.h
proxymap.o: ../../include/mymalloc.h
proxymap.o: ../../include/stringops.h
/* The time limit for sending or receiving information over an internal
/* communication channel.
/* .IP "\fBmax_idle (100s)\fR"
-/* The maximum amount of time that an idle Postfix daemon process
-/* waits for the next service request before exiting.
+/* The maximum amount of time that an idle Postfix daemon process waits
+/* for an incoming connection before terminating voluntarily.
/* .IP "\fBmax_use (100)\fR"
-/* The maximal number of connection requests before a Postfix daemon
-/* process terminates.
+/* The maximal number of incoming connections that a Postfix daemon
+/* process will service before terminating voluntarily.
/* .IP "\fBprocess_id (read-only)\fR"
/* The process ID of a Postfix command or daemon process.
/* .IP "\fBprocess_name (read-only)\fR"
#include <mail_conf.h>
#include <mail_params.h>
+#include <mail_version.h>
#include <mail_proto.h>
#include <dict_proxy.h>
}
}
+MAIL_VERSION_STAMP_DECLARE;
+
/* main - pass control to the multi-threaded skeleton */
int main(int argc, char **argv)
0,
};
+ /*
+ * Fingerprint executables and core dumps.
+ */
+ MAIL_VERSION_STAMP_ALLOCATE;
+
multi_server_main(argc, argv, proxymap_service,
MAIL_SERVER_STR_TABLE, str_table,
MAIL_SERVER_POST_INIT, post_jail_init,
qmgr.o: ../../include/mail_proto.h
qmgr.o: ../../include/mail_queue.h
qmgr.o: ../../include/mail_server.h
+qmgr.o: ../../include/mail_version.h
qmgr.o: ../../include/master_proto.h
qmgr.o: ../../include/msg.h
qmgr.o: ../../include/recipient_list.h
#include <recipient_list.h>
#include <mail_conf.h>
#include <mail_params.h>
+#include <mail_version.h>
#include <mail_proto.h> /* QMGR_SCAN constants */
#include <mail_flow.h>
#include <flush_clnt.h>
qmgr_deferred_run_event(0, (char *) 0);
}
+MAIL_VERSION_STAMP_DECLARE;
+
/* main - the main program */
int main(int argc, char **argv)
0,
};
+ /*
+ * Fingerprint executables and core dumps.
+ */
+ MAIL_VERSION_STAMP_ALLOCATE;
+
/*
* Use the trigger service skeleton, because no-one else should be
* monitoring our service port while this process runs, and because we do
qmqpd.o: ../../include/mail_proto.h
qmqpd.o: ../../include/mail_server.h
qmqpd.o: ../../include/mail_stream.h
+qmqpd.o: ../../include/mail_version.h
qmqpd.o: ../../include/match_list.h
qmqpd.o: ../../include/match_ops.h
qmqpd.o: ../../include/match_parent_style.h
/* The time limit for sending or receiving information over an internal
/* communication channel.
/* .IP "\fBmax_idle (100s)\fR"
-/* The maximum amount of time that an idle Postfix daemon process
-/* waits for the next service request before exiting.
+/* The maximum amount of time that an idle Postfix daemon process waits
+/* for an incoming connection before terminating voluntarily.
/* .IP "\fBmax_use (100)\fR"
-/* The maximal number of connection requests before a Postfix daemon
-/* process terminates.
+/* The maximal number of incoming connections that a Postfix daemon
+/* process will service before terminating voluntarily.
/* .IP "\fBprocess_id (read-only)\fR"
/* The process ID of a Postfix command or daemon process.
/* .IP "\fBprocess_name (read-only)\fR"
/* Global library. */
#include <mail_params.h>
+#include <mail_version.h>
#include <record.h>
#include <rec_type.h>
#include <mail_proto.h>
input_transp_mask(VAR_INPUT_TRANSP, var_input_transp);
}
+MAIL_VERSION_STAMP_DECLARE;
+
/* main - the main program */
int main(int argc, char **argv)
0,
};
+ /*
+ * Fingerprint executables and core dumps.
+ */
+ MAIL_VERSION_STAMP_ALLOCATE;
+
/*
* Pass control to the single-threaded service skeleton.
*/
scache.o: ../../include/mail_params.h
scache.o: ../../include/mail_proto.h
scache.o: ../../include/mail_server.h
+scache.o: ../../include/mail_version.h
scache.o: ../../include/msg.h
scache.o: ../../include/ring.h
scache.o: ../../include/scache.h
/* The time limit for sending or receiving information over an internal
/* communication channel.
/* .IP "\fBmax_idle (100s)\fR"
-/* The maximum amount of time that an idle Postfix daemon process
-/* waits for the next service request before exiting.
+/* The maximum amount of time that an idle Postfix daemon process waits
+/* for an incoming connection before terminating voluntarily.
/* .IP "\fBprocess_id (read-only)\fR"
/* The process ID of a Postfix command or daemon process.
/* .IP "\fBprocess_name (read-only)\fR"
/* Global library. */
#include <mail_params.h>
+#include <mail_version.h>
#include <mail_proto.h>
#include <scache.h>
scache_start_time = event_time();
}
+MAIL_VERSION_STAMP_DECLARE;
+
/* main - pass control to the multi-threaded skeleton */
int main(int argc, char **argv)
0,
};
+ /*
+ * Fingerprint executables and core dumps.
+ */
+ MAIL_VERSION_STAMP_ALLOCATE;
+
multi_server_main(argc, argv, scache_service,
MAIL_SERVER_TIME_TABLE, time_table,
MAIL_SERVER_POST_INIT, post_jail_init,
sendmail.o: ../../include/mail_run.h
sendmail.o: ../../include/mail_stream.h
sendmail.o: ../../include/mail_task.h
+sendmail.o: ../../include/mail_version.h
sendmail.o: ../../include/mime_state.h
sendmail.o: ../../include/msg.h
sendmail.o: ../../include/msg_stats.h
/* .ad
/* .fi
/* By design, this program is not set-user (or group) id. However,
-/* it must handle data from untrusted users or untrusted machines.
+/* it must handle data from untrusted, possibly remote, users.
/* Thus, the usual precautions need to be taken against malicious
/* inputs.
/* DIAGNOSTICS
#include <mail_queue.h>
#include <mail_proto.h>
#include <mail_params.h>
+#include <mail_version.h>
#include <record.h>
#include <rec_type.h>
#include <rec_streamlf.h>
exit(EX_TEMPFAIL);
}
+MAIL_VERSION_STAMP_DECLARE;
+
/* main - the main program */
int main(int argc, char **argv)
const char *dsn_envid = 0;
int saved_optind;
+ /*
+ * Fingerprint executables and core dumps.
+ */
+ MAIL_VERSION_STAMP_ALLOCATE;
+
/*
* Be consistent with file permissions.
*/
optind = saved_optind;
mail_conf_read();
if (strcmp(var_syslog_name, DEF_SYSLOG_NAME) != 0)
- msg_syslog_init(mail_task("sendmail"), LOG_PID, LOG_FACILITY);
+ msg_syslog_init(mail_task("sendmail"), LOG_PID, LOG_FACILITY);
get_mail_conf_str_table(str_table);
if (chdir(var_queue_dir))
showq.o: ../../include/mail_queue.h
showq.o: ../../include/mail_scan_dir.h
showq.o: ../../include/mail_server.h
+showq.o: ../../include/mail_version.h
showq.o: ../../include/msg.h
showq.o: ../../include/mymalloc.h
showq.o: ../../include/quote_822_local.h
/* The time limit for sending or receiving information over an internal
/* communication channel.
/* .IP "\fBmax_idle (100s)\fR"
-/* The maximum amount of time that an idle Postfix daemon process
-/* waits for the next service request before exiting.
+/* The maximum amount of time that an idle Postfix daemon process waits
+/* for an incoming connection before terminating voluntarily.
/* .IP "\fBmax_use (100)\fR"
-/* The maximal number of connection requests before a Postfix daemon
-/* process terminates.
+/* The maximal number of incoming connections that a Postfix daemon
+/* process will service before terminating voluntarily.
/* .IP "\fBprocess_id (read-only)\fR"
/* The process ID of a Postfix command or daemon process.
/* .IP "\fBprocess_name (read-only)\fR"
#include <mail_proto.h>
#include <mail_date.h>
#include <mail_params.h>
+#include <mail_version.h>
#include <mail_scan_dir.h>
#include <mail_conf.h>
#include <record.h>
#define SENDER_FORMAT "%-11s %7ld %20.20s %s\n"
#define DROP_FORMAT "%-10s%c %7ld %20.20s (maildrop queue, sender UID %u)\n"
-static void showq_reasons(VSTREAM *, BOUNCE_LOG *, RCPT_BUF *, DSN_BUF *,
-HTABLE *);
+static void showq_reasons(VSTREAM *, BOUNCE_LOG *, RCPT_BUF *, DSN_BUF *,
+ HTABLE *);
#define STR(x) vstring_str(x)
/* showq_reasons - show deferral reasons */
-static void showq_reasons(VSTREAM *client, BOUNCE_LOG *bp, RCPT_BUF *rcpt_buf,
-DSN_BUF *dsn_buf, HTABLE *dup_filter)
+static void showq_reasons(VSTREAM *client, BOUNCE_LOG *bp, RCPT_BUF *rcpt_buf,
+ DSN_BUF *dsn_buf, HTABLE *dup_filter)
{
char *saved_reason = 0;
int padding;
}
}
+MAIL_VERSION_STAMP_DECLARE;
+
/* main - pass control to the single-threaded server skeleton */
int main(int argc, char **argv)
0,
};
+ /*
+ * Fingerprint executables and core dumps.
+ */
+ MAIL_VERSION_STAMP_ALLOCATE;
+
single_server_main(argc, argv, showq_service,
MAIL_SERVER_INT_TABLE, int_table,
MAIL_SERVER_STR_TABLE, str_table,
TESTSRC =
DEFS = -I. -I$(INC_DIR) -D$(SYSTYPE)
CFLAGS = $(DEBUG) $(OPT) $(DEFS)
-TESTPROG= smtp_unalias smtp_map11 legacy levels
+TESTPROG= smtp_unalias smtp_map11
PROG = smtp
INC_DIR = ../../include
LIBS = ../../lib/libmaster.a ../../lib/libtls.a ../../lib/libdns.a \
smtp_map11: smtp_map11.c $(LIBS)
$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIBS) $(SYSLIBS)
-legacy: legacy.c $(LIBS)
- $(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIBS)
-
-levels: levels.c $(LIBS)
- $(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIBS)
-
# This needs trivial-rewrite service and myorigin==mydomain
smtp_map11_test: smtp_map11 map11_map smtp_map11.ref
../postmap/postmap map11_map
@$(EXPORT) make -f Makefile.in Makefile 1>&2
# do not edit below this line - it is generated by 'make depend'
-legacy.o: ../../include/msg.h
-legacy.o: ../../include/stringops.h
-legacy.o: ../../include/sys_defs.h
-legacy.o: ../../include/vbuf.h
-legacy.o: ../../include/vstream.h
-legacy.o: ../../include/vstring.h
-legacy.o: ../../include/vstring_vstream.h
-legacy.o: legacy.c
-levels.o: ../../include/argv.h
-levels.o: ../../include/attr.h
-levels.o: ../../include/deliver_request.h
-levels.o: ../../include/dict.h
-levels.o: ../../include/dsn.h
-levels.o: ../../include/dsn_buf.h
-levels.o: ../../include/htable.h
-levels.o: ../../include/maps.h
-levels.o: ../../include/match_list.h
-levels.o: ../../include/match_ops.h
-levels.o: ../../include/msg.h
-levels.o: ../../include/msg_stats.h
-levels.o: ../../include/name_code.h
-levels.o: ../../include/name_mask.h
-levels.o: ../../include/recipient_list.h
-levels.o: ../../include/resolve_clnt.h
-levels.o: ../../include/scache.h
-levels.o: ../../include/string_list.h
-levels.o: ../../include/stringops.h
-levels.o: ../../include/sys_defs.h
-levels.o: ../../include/tls.h
-levels.o: ../../include/tok822.h
-levels.o: ../../include/vbuf.h
-levels.o: ../../include/vstream.h
-levels.o: ../../include/vstring.h
-levels.o: ../../include/vstring_vstream.h
-levels.o: levels.c
-levels.o: smtp.h
lmtp_params.o: lmtp_params.c
smtp.o: ../../include/argv.h
smtp.o: ../../include/attr.h
smtp.o: ../../include/mail_conf.h
smtp.o: ../../include/mail_params.h
smtp.o: ../../include/mail_server.h
+smtp.o: ../../include/mail_version.h
smtp.o: ../../include/maps.h
smtp.o: ../../include/match_list.h
smtp.o: ../../include/match_ops.h
smtp_chat.o: ../../include/dsn_buf.h
smtp_chat.o: ../../include/dsn_util.h
smtp_chat.o: ../../include/htable.h
+smtp_chat.o: ../../include/int_filt.h
smtp_chat.o: ../../include/line_wrap.h
smtp_chat.o: ../../include/mail_addr.h
smtp_chat.o: ../../include/mail_error.h
+++ /dev/null
- /*
- * The old legacy TLS per-site policy engine, implemented with multiple
- * boolean variables, stripped down for exhaustive comparison with the new
- * legacy policy engine.
- */
-/* System library. */
-
-#include <sys_defs.h>
-#include <string.h>
-#include <stdlib.h>
-
-#ifdef STRCASECMP_IN_STRINGS_H
-#include <strings.h>
-#endif
-
-/* Utility library. */
-
-#include <msg.h>
-#include <vstring.h>
-#include <vstring_vstream.h>
-#include <stringops.h>
-
- /*
- * Global policy variables.
- */
-int var_smtp_enforce_tls;
-int var_smtp_tls_enforce_peername;
-int var_smtp_use_tls;
-
- /*
- * Simplified session structure.
- */
-typedef struct {
- int tls_use_tls;
- int tls_enforce_tls;
- int tls_enforce_peername;
-} SMTP_SESSION;
-
- /*
- * Per-site policies can override main.cf settings.
- */
-typedef struct {
- int dont_use; /* don't use TLS */
- int use; /* useless, see above */
- int enforce; /* must always use TLS */
- int enforce_peername; /* must verify certificate name */
-} SMTP_TLS_SITE_POLICY;
-
-/* smtp_tls_site_policy - look up per-site TLS policy */
-
-static void smtp_tls_site_policy(SMTP_TLS_SITE_POLICY *policy,
- const char *lookup)
-{
-
- /*
- * Initialize the default policy.
- */
- policy->dont_use = 0;
- policy->use = 0;
- policy->enforce = 0;
- policy->enforce_peername = 0;
-
- /*
- * Look up a non-default policy.
- */
- if (strcasecmp(lookup, "-")) {
- if (!strcasecmp(lookup, "NONE"))
- policy->dont_use = 1;
- else if (!strcasecmp(lookup, "MAY"))
- policy->use = 1;
- else if (!strcasecmp(lookup, "MUST"))
- policy->enforce = policy->enforce_peername = 1;
- else if (!strcasecmp(lookup, "MUST_NOPEERMATCH"))
- policy->enforce = 1;
- else
- msg_fatal("unknown TLS policy '%s'", lookup);
- }
-}
-
-static void policy(SMTP_SESSION *session, const char *host, const char *dest)
-{
- SMTP_TLS_SITE_POLICY host_policy;
- SMTP_TLS_SITE_POLICY rcpt_policy;
-
- session->tls_use_tls = session->tls_enforce_tls = 0;
- session->tls_enforce_peername = 0;
-
- /*
- * Override the main.cf TLS policy with an optional per-site policy.
- */
- smtp_tls_site_policy(&host_policy, host);
- smtp_tls_site_policy(&rcpt_policy, dest);
-
- /*
- * Fix 200601: a combined per-site (NONE + MAY) policy changed global
- * MUST into NONE, and all weaker global policies into MAY. This was
- * discovered with exhaustive simulation. Fix verified by comparing
- * exhaustive simulation results with Postfix 2.3 which re-implements
- * per-site policies from the ground up.
- */
-#ifdef FIX200601
- if ((host_policy.dont_use || rcpt_policy.dont_use)
- && (host_policy.use || rcpt_policy.use)) {
- host_policy.use = rcpt_policy.use = 0;
- host_policy.dont_use = rcpt_policy.dont_use = 1;
- }
-#endif
-
- /*
- * Set up TLS enforcement for this session.
- */
- if ((var_smtp_enforce_tls && !host_policy.dont_use && !rcpt_policy.dont_use)
- || host_policy.enforce || rcpt_policy.enforce)
- session->tls_enforce_tls = session->tls_use_tls = 1;
-
- /*
- * Set up peername checking for this session.
- *
- * We want to make sure that a MUST* entry in the tls_per_site table always
- * has precedence. MUST always must lead to a peername check,
- * MUST_NOPEERMATCH must always disable it. Only when no explicit setting
- * has been found, the default will be used.
- *
- * Fix 200601: a per-site MUST_NOPEERMATCH policy could not override a
- * global MUST policy. Fix verified by comparing exhaustive simulation
- * results with Postfix 2.3 which re-implements per-site policy from the
- * ground up.
- */
- if (host_policy.enforce && host_policy.enforce_peername)
- session->tls_enforce_peername = 1;
- else if (rcpt_policy.enforce && rcpt_policy.enforce_peername)
- session->tls_enforce_peername = 1;
- else if (
-#ifdef FIX200601
- !host_policy.enforce && !rcpt_policy.enforce && /* Fix 200601 */
-#endif
- var_smtp_enforce_tls && var_smtp_tls_enforce_peername)
- session->tls_enforce_peername = 1;
- else if ((var_smtp_use_tls && !host_policy.dont_use && !rcpt_policy.dont_use) || host_policy.use || rcpt_policy.use)
- session->tls_use_tls = 1;
-}
-
-static void set_global_policy(const char *global)
-{
- var_smtp_tls_enforce_peername = var_smtp_enforce_tls = var_smtp_use_tls = 0;
-
- if (strcasecmp(global, "must") == 0) {
- var_smtp_enforce_tls = 1; /* XXX */
- var_smtp_tls_enforce_peername = 1;
- } else if (strcasecmp(global, "must_nopeermatch") == 0) {
- var_smtp_enforce_tls = 1;
- } else if (strcasecmp(global, "may") == 0) {
- var_smtp_use_tls = 1;
- } else if (strcasecmp(global, "-") !=0) {
- msg_fatal("unknown global policy: %s", global);
- }
-}
-
-static const char *print_policy(SMTP_SESSION *session)
-{
- if (session->tls_enforce_peername && session->tls_enforce_tls)
- return ("must");
- if (session->tls_enforce_tls)
- return ("must_nopeermatch");
- if (session->tls_use_tls)
- return ("may");
- return ("none");
-}
-
-int main(int argc, char **argv)
-{
- SMTP_SESSION session;
- VSTRING *buf = vstring_alloc(200);
- char *cp;
- const char *global;
- const char *host;
- const char *dest;
- const char *result;
- const char *sep = " \t\r\n";
-
- vstream_printf("%-20s %-20s %-20s %s\n",
- "host", "dest", "global", "result");
- while (vstring_get_nonl(buf, VSTREAM_IN) >= 0) {
- cp = vstring_str(buf);
- if (*cp == 0 || *cp == '#') {
- vstream_printf("%s\n", cp);
- } else {
- if ((host = mystrtok(&cp, sep)) == 0)
- msg_fatal("missing host policy");
- if ((dest = mystrtok(&cp, sep)) == 0)
- msg_fatal("missing nexthop policy");
- if ((global = mystrtok(&cp, sep)) == 0)
- msg_fatal("missing global policy");
- if (mystrtok(&cp, sep) != 0)
- msg_fatal("garbage after global policy");
- set_global_policy(global);
- policy(&session, host, dest);
- result = print_policy(&session);
- vstream_printf("%-20s %-20s %-20s %s\n",
- host, dest, global, result);
- }
- vstream_fflush(VSTREAM_OUT);
- }
- exit(0);
-}
+++ /dev/null
- /*
- * The new legacy TLS per-site policy engine, re-implemented in terms of
- * enforcement levels, stripped down for exhaustive comparisons with the old
- * legacy policy engine.
- *
- * This is the code that will be used in Postfix 2.3 so that sites can upgrade
- * Postfix without being forced to change to the new TLS policy model.
- */
-
-/* System library. */
-
-#include <sys_defs.h>
-#include <string.h>
-#include <stdlib.h>
-
-#ifdef STRCASECMP_IN_STRINGS_H
-#include <strings.h>
-#endif
-
-/* Utility library. */
-
-#include <msg.h>
-#include <vstring.h>
-#include <vstring_vstream.h>
-#include <stringops.h>
-
- /*
- * TLS levels
- */
-#include <tls.h>
-
- /*
- * Application-specific.
- */
-#include <smtp.h>
-
- /*
- * Global policy variables.
- */
-int var_smtp_enforce_tls;
-int var_smtp_tls_enforce_peername;
-int var_smtp_use_tls;
-
-/* smtp_tls_policy_lookup - look up per-site TLS policy */
-
-static void smtp_tls_policy_lookup(int *site_level, const char *lookup)
-{
-
- /*
- * Look up a non-default policy. In case of multiple lookup results, the
- * precedence order is a permutation of the TLS enforcement level order:
- * VERIFY, ENCRYPT, NONE, MAY, NOTFOUND. I.e. we override MAY with a more
- * specific policy including NONE, otherwise we choose the stronger
- * enforcement level.
- */
- if (strcasecmp(lookup, "-")) {
- if (!strcasecmp(lookup, "NONE")) {
- /* NONE overrides MAY or NOTFOUND. */
- if (*site_level <= TLS_LEV_MAY)
- *site_level = TLS_LEV_NONE;
- } else if (!strcasecmp(lookup, "MAY")) {
- /* MAY overrides NOTFOUND but not NONE. */
- if (*site_level < TLS_LEV_NONE)
- *site_level = TLS_LEV_MAY;
- } else if (!strcasecmp(lookup, "MUST_NOPEERMATCH")) {
- if (*site_level < TLS_LEV_ENCRYPT)
- *site_level = TLS_LEV_ENCRYPT;
- } else if (!strcasecmp(lookup, "MUST")) {
- if (*site_level < TLS_LEV_VERIFY)
- *site_level = TLS_LEV_VERIFY;
- } else {
- msg_fatal("unknown TLS policy '%s'", lookup);
- }
- }
-}
-
-static int policy(const char *host, const char *dest)
-{
- int global_level;
- int site_level;
- int tls_level;
-
- /*
- * Compute the global TLS policy. This is the default policy level when
- * no per-site policy exists. It also is used to override a wild-card
- * per-site policy.
- */
- if (var_smtp_enforce_tls)
- global_level = var_smtp_tls_enforce_peername ?
- TLS_LEV_VERIFY : TLS_LEV_ENCRYPT;
- else
- global_level = var_smtp_use_tls ?
- TLS_LEV_MAY : TLS_LEV_NONE;
-
- /*
- * Compute the per-site TLS enforcement level. For compatibility with the
- * original TLS patch, this algorithm is gives equal precedence to host
- * and next-hop policies.
- */
- site_level = TLS_LEV_NOTFOUND;
-
- smtp_tls_policy_lookup(&site_level, dest);
- smtp_tls_policy_lookup(&site_level, host);
-
- /*
- * Override a wild-card per-site policy with a more specific global
- * policy.
- *
- * With the original TLS patch, 1) a per-site ENCRYPT could not override a
- * global VERIFY, and 2) a combined per-site (NONE+MAY) policy produced
- * inconsistent results: it changed a global VERIFY into NONE, while
- * producing MAY with all weaker global policy settings.
- *
- * With the current implementation, a combined per-site (NONE+MAY)
- * consistently overrides global policy with NONE, and global policy can
- * override only a per-site MAY wildcard. That is, specific policies
- * consistently override wildcard policies, and (non-wildcard) per-site
- * policies consistently override global policies.
- */
- if (site_level == TLS_LEV_NOTFOUND
- || (site_level == TLS_LEV_MAY
- && global_level > TLS_LEV_MAY))
- tls_level = global_level;
- else
- tls_level = site_level;
-
- return (tls_level);
-}
-
-static void set_global_policy(const char *global)
-{
- var_smtp_tls_enforce_peername = var_smtp_enforce_tls = var_smtp_use_tls = 0;
-
- if (strcasecmp(global, "must") == 0) {
- var_smtp_enforce_tls = 1; /* XXX */
- var_smtp_tls_enforce_peername = 1;
- } else if (strcasecmp(global, "must_nopeermatch") == 0) {
- var_smtp_enforce_tls = 1;
- } else if (strcasecmp(global, "may") == 0) {
- var_smtp_use_tls = 1;
- } else if (strcasecmp(global, "-") !=0) {
- msg_fatal("unknown global policy: %s", global);
- }
-}
-
-static const char *print_policy(int level)
-{
- if (level == TLS_LEV_VERIFY)
- return ("must");
- if (level == TLS_LEV_ENCRYPT)
- return ("must_nopeermatch");
- if (level == TLS_LEV_MAY)
- return ("may");
- if (level == TLS_LEV_NONE)
- return ("none");
- msg_panic("unknown policy level %d", level);
-}
-
-int main(int argc, char **argv)
-{
- VSTRING *buf = vstring_alloc(200);
- char *cp;
- const char *global;
- const char *host;
- const char *dest;
- const char *result;
- const char *sep = " \t\r\n";
- int level;
-
- vstream_printf("%-20s %-20s %-20s %s\n",
- "host", "dest", "global", "result");
- while (vstring_get_nonl(buf, VSTREAM_IN) > 0) {
- cp = vstring_str(buf);
- if (*cp == 0 || *cp == '#') {
- vstream_printf("%s\n", cp);
- } else {
- if ((host = mystrtok(&cp, sep)) == 0)
- msg_fatal("missing host policy");
- if ((dest = mystrtok(&cp, sep)) == 0)
- msg_fatal("missing nexthop policy");
- if ((global = mystrtok(&cp, sep)) == 0)
- msg_fatal("missing global policy");
- if (mystrtok(&cp, sep) != 0)
- msg_fatal("garbage after global policy");
- set_global_policy(global);
- level = policy(host, dest);
- result = print_policy(level);
- vstream_printf("%-20s %-20s %-20s %s\n",
- host, dest, global, result);
- }
- vstream_fflush(VSTREAM_OUT);
- }
- exit(0);
-}
/*
/* By default, connection caching is enabled temporarily for
/* destinations that have a high volume of mail in the active
-/* queue. Session caching can be enabled permanently for
+/* queue. Connection caching can be enabled permanently for
/* specific destinations.
/* SMTP DESTINATION SYNTAX
/* .ad
/* case insensitive lists of LHLO keywords (pipelining, starttls,
/* auth, etc.) that the LMTP client will ignore in the LHLO response
/* from a remote LMTP server.
-/* .IP "\fBlmtp_discard_lhlo_keywords ($myhostname)\fR"
+/* .IP "\fBlmtp_discard_lhlo_keywords (empty)\fR"
/* A case insensitive list of LHLO keywords (pipelining, starttls,
/* auth, etc.) that the LMTP client will ignore in the LHLO response
/* from a remote LMTP server.
/* .IP "\fBlmtp_tcp_port (24)\fR"
/* The default TCP port that the Postfix LMTP client connects to.
/* .IP "\fBmax_idle (100s)\fR"
-/* The maximum amount of time that an idle Postfix daemon process
-/* waits for the next service request before exiting.
+/* The maximum amount of time that an idle Postfix daemon process waits
+/* for an incoming connection before terminating voluntarily.
/* .IP "\fBmax_use (100)\fR"
-/* The maximal number of connection requests before a Postfix daemon
-/* process terminates.
+/* The maximal number of incoming connections that a Postfix daemon
+/* process will service before terminating voluntarily.
/* .IP "\fBprocess_id (read-only)\fR"
/* The process ID of a Postfix command or daemon process.
/* .IP "\fBprocess_name (read-only)\fR"
#include <deliver_request.h>
#include <mail_params.h>
+#include <mail_version.h>
#include <mail_conf.h>
#include <debug_peer.h>
#include <flush_clnt.h>
}
}
+MAIL_VERSION_STAMP_DECLARE;
+
/* main - pass control to the single-threaded skeleton */
int main(int argc, char **argv)
#include "lmtp_params.c"
int smtp_mode;
+ /*
+ * Fingerprint executables and core dumps.
+ */
+ MAIL_VERSION_STAMP_ALLOCATE;
+
/*
* XXX At this point, var_procname etc. are not initialized.
*/
* Send STARTTLS. Recurse when the server accepts STARTTLS, after
* resetting the SASL and EHLO features lists.
*
- * XXX Reset the SASL mechanism list to avoid spurious warnings. We
- * need a routine to reset the list instead of groping data here.
+ * Reset the SASL mechanism list to avoid spurious warnings.
*
- * XXX Should not there be an smtp_sasl_tls_security_options feature
- * to allow different mechanisms across TLS tunnels than across
- * plain-text connections?
+ * Use the smtp_sasl_tls_security_options feature to allow SASL
+ * mechanisms that may not be allowed with plain-text
+ * connections.
*/
smtp_chat_cmd(session, "STARTTLS");
if ((resp = smtp_chat_resp(session))->code / 100 == 2) {
/* The UNIX system account that owns the Postfix queue and most Postfix
/* daemon processes.
/* .IP "\fBmax_idle (100s)\fR"
-/* The maximum amount of time that an idle Postfix daemon process
-/* waits for the next service request before exiting.
+/* The maximum amount of time that an idle Postfix daemon process waits
+/* for an incoming connection before terminating voluntarily.
/* .IP "\fBmax_use (100)\fR"
-/* The maximal number of connection requests before a Postfix daemon
-/* process terminates.
+/* The maximal number of incoming connections that a Postfix daemon
+/* process will service before terminating voluntarily.
/* .IP "\fBmyhostname (see 'postconf -d' output)\fR"
/* The internet hostname of this mail system.
/* .IP "\fBmynetworks (see 'postconf -d' output)\fR"
anvil_clnt = anvil_clnt_create();
}
+MAIL_VERSION_STAMP_DECLARE;
+
/* main - the main program */
int main(int argc, char **argv)
0,
};
+ /*
+ * Fingerprint executables and core dumps.
+ */
+ MAIL_VERSION_STAMP_ALLOCATE;
+
/*
* Pass control to the single-threaded service skeleton.
*/
qmqp-sink.o: ../../include/inet_proto.h
qmqp-sink.o: ../../include/iostuff.h
qmqp-sink.o: ../../include/listen.h
+qmqp-sink.o: ../../include/mail_version.h
qmqp-sink.o: ../../include/msg.h
qmqp-sink.o: ../../include/msg_vstream.h
qmqp-sink.o: ../../include/mymalloc.h
qmqp-source.o: ../../include/inet_proto.h
qmqp-source.o: ../../include/iostuff.h
qmqp-source.o: ../../include/mail_date.h
+qmqp-source.o: ../../include/mail_version.h
qmqp-source.o: ../../include/msg.h
qmqp-source.o: ../../include/msg_vstream.h
qmqp-source.o: ../../include/myaddrinfo.h
qmqp-source.o: ../../include/vstream.h
qmqp-source.o: ../../include/vstring.h
qmqp-source.o: qmqp-source.c
+smtp-sink.o: ../../include/chroot_uid.h
smtp-sink.o: ../../include/events.h
smtp-sink.o: ../../include/get_hostname.h
smtp-sink.o: ../../include/inet_proto.h
smtp-sink.o: ../../include/iostuff.h
smtp-sink.o: ../../include/listen.h
+smtp-sink.o: ../../include/mail_date.h
+smtp-sink.o: ../../include/mail_version.h
+smtp-sink.o: ../../include/make_dirs.h
smtp-sink.o: ../../include/msg.h
smtp-sink.o: ../../include/msg_vstream.h
+smtp-sink.o: ../../include/myaddrinfo.h
smtp-sink.o: ../../include/mymalloc.h
+smtp-sink.o: ../../include/myrand.h
smtp-sink.o: ../../include/sane_accept.h
smtp-sink.o: ../../include/smtp_stream.h
smtp-sink.o: ../../include/stringops.h
smtp-source.o: ../../include/inet_proto.h
smtp-source.o: ../../include/iostuff.h
smtp-source.o: ../../include/mail_date.h
+smtp-source.o: ../../include/mail_version.h
smtp-source.o: ../../include/msg.h
smtp-source.o: ../../include/msg_vstream.h
smtp-source.o: ../../include/myaddrinfo.h
/* Global library. */
#include <qmqp_proto.h>
+#include <mail_version.h>
/* Application-specific. */
msg_fatal("usage: %s [-cv] [-x time] [host]:port backlog", myname);
}
+MAIL_VERSION_STAMP_DECLARE;
+
int main(int argc, char **argv)
{
int sock;
const char *protocols = INET_PROTO_NAME_ALL;
INET_PROTO_INFO *proto_info;
+ /*
+ * Fingerprint executables and core dumps.
+ */
+ MAIL_VERSION_STAMP_ALLOCATE;
+
/*
* Fix 20051207.
*/
#include <mail_date.h>
#include <qmqp_proto.h>
+#include <mail_version.h>
/* Application-specific. */
msg_fatal("usage: %s -cv -s sess -l msglen -m msgs -C count -M myhostname -f from -t to -R delay -w delay host[:port]", myname);
}
+MAIL_VERSION_STAMP_DECLARE;
+
/* main - parse JCL and start the machine */
int main(int argc, char **argv)
const char *protocols = INET_PROTO_NAME_ALL;
INET_PROTO_INFO *proto_info;
+ /*
+ * Fingerprint executables and core dumps.
+ */
+ MAIL_VERSION_STAMP_ALLOCATE;
+
signal(SIGPIPE, SIG_IGN);
msg_vstream_init(argv[0], VSTREAM_ERR);
#include <smtp_stream.h>
#include <mail_date.h>
+#include <mail_version.h>
/* Application-specific. */
msg_fatal("usage: %s [-468acCeEFLpPv] [-A abort_delay] [-f commands] [-h hostname] [-m max_concurrency] [-n quit_count] [-q commands] [-r commands] [-s commands] [-w delay] [-d dump-template] [-D dump-template] [-R root-dir] [-S start-string] [-u user_privs] [host]:port backlog", myname);
}
+MAIL_VERSION_STAMP_DECLARE;
+
int main(int argc, char **argv)
{
int backlog;
const char *root_dir = 0;
const char *user_privs = 0;
+ /*
+ * Fingerprint executables and core dumps.
+ */
+ MAIL_VERSION_STAMP_ALLOCATE;
+
/*
* Fix 20051207.
*/
#include <smtp_stream.h>
#include <mail_date.h>
+#include <mail_version.h>
/* Application-specific. */
msg_fatal("usage: %s -cdLNov -s sess -l msglen -m msgs -C count -M myhostname -f from -t to -r rcptcount -R delay -w delay host[:port]", myname);
}
+MAIL_VERSION_STAMP_DECLARE;
+
/* main - parse JCL and start the machine */
int main(int argc, char **argv)
const char *protocols = INET_PROTO_NAME_ALL;
INET_PROTO_INFO *proto_info;
+ /*
+ * Fingerprint executables and core dumps.
+ */
+ MAIL_VERSION_STAMP_ALLOCATE;
+
signal(SIGPIPE, SIG_IGN);
msg_vstream_init(argv[0], VSTREAM_ERR);
spawn.o: ../../include/mail_conf.h
spawn.o: ../../include/mail_params.h
spawn.o: ../../include/mail_server.h
+spawn.o: ../../include/mail_version.h
spawn.o: ../../include/msg.h
spawn.o: ../../include/mymalloc.h
spawn.o: ../../include/set_eugid.h
/* The amount of time the command is allowed to run before it is
/* terminated.
/*
-/* Postfix 2.4 and later support a suffix that specifies the
+/* Postfix 2.4 and later support a suffix that specifies the
/* time unit: s (seconds), m (minutes), h (hours), d (days),
/* w (weeks). The default time unit is seconds.
/* MISCELLANEOUS
/* The UNIX system account that owns the Postfix queue and most Postfix
/* daemon processes.
/* .IP "\fBmax_idle (100s)\fR"
-/* The maximum amount of time that an idle Postfix daemon process
-/* waits for the next service request before exiting.
+/* The maximum amount of time that an idle Postfix daemon process waits
+/* for an incoming connection before terminating voluntarily.
/* .IP "\fBmax_use (100)\fR"
-/* The maximal number of connection requests before a Postfix daemon
-/* process terminates.
+/* The maximal number of incoming connections that a Postfix daemon
+/* process will service before terminating voluntarily.
/* .IP "\fBprocess_id (read-only)\fR"
/* The process ID of a Postfix command or daemon process.
/* .IP "\fBprocess_name (read-only)\fR"
#include <timed_wait.h>
#include <set_eugid.h>
+/* Global library. */
+
+#include <mail_version.h>
+
/* Single server skeleton. */
#include <mail_params.h>
static void pre_accept(char *unused_name, char **unused_argv)
{
const char *table;
-
+
if ((table = dict_changed_name()) != 0) {
msg_info("table %s has changed -- restarting", table);
exit(0);
set_eugid(var_owner_uid, var_owner_gid);
}
+MAIL_VERSION_STAMP_DECLARE;
+
/* main - pass control to the single-threaded skeleton */
int main(int argc, char **argv)
0,
};
+ /*
+ * Fingerprint executables and core dumps.
+ */
+ MAIL_VERSION_STAMP_ALLOCATE;
+
single_server_main(argc, argv, spawn_service,
MAIL_SERVER_TIME_TABLE, time_table,
MAIL_SERVER_POST_INIT, drop_privileges,
tlsmgr.o: ../../include/mail_params.h
tlsmgr.o: ../../include/mail_proto.h
tlsmgr.o: ../../include/mail_server.h
+tlsmgr.o: ../../include/mail_version.h
tlsmgr.o: ../../include/master_proto.h
tlsmgr.o: ../../include/msg.h
tlsmgr.o: ../../include/mymalloc.h
#include <mail_conf.h>
#include <mail_params.h>
+#include <mail_version.h>
#include <tls_mgr.h>
#include <mail_proto.h>
tls_prng_exch_update(rand_exch);
}
+MAIL_VERSION_STAMP_DECLARE;
+
/* main - the main program */
int main(int argc, char **argv)
0,
};
+ /*
+ * Fingerprint executables and core dumps.
+ */
+ MAIL_VERSION_STAMP_ALLOCATE;
+
/*
* Use the multi service skeleton, and require that no-one else is
* monitoring our service port while this process runs.
trivial-rewrite.o: ../../include/mail_params.h
trivial-rewrite.o: ../../include/mail_proto.h
trivial-rewrite.o: ../../include/mail_server.h
+trivial-rewrite.o: ../../include/mail_version.h
trivial-rewrite.o: ../../include/maps.h
trivial-rewrite.o: ../../include/msg.h
trivial-rewrite.o: ../../include/resolve_clnt.h
/* The time limit for sending or receiving information over an internal
/* communication channel.
/* .IP "\fBmax_idle (100s)\fR"
-/* The maximum amount of time that an idle Postfix daemon process
-/* waits for the next service request before exiting.
+/* The maximum amount of time that an idle Postfix daemon process waits
+/* for an incoming connection before terminating voluntarily.
/* .IP "\fBmax_use (100)\fR"
-/* The maximal number of connection requests before a Postfix daemon
-/* process terminates.
+/* The maximal number of incoming connections that a Postfix daemon
+/* process will service before terminating voluntarily.
/* .IP "\fBrelocated_maps (empty)\fR"
/* Optional lookup tables with new contact information for users or
/* domains that no longer exist.
/* Global library. */
#include <mail_params.h>
+#include <mail_version.h>
#include <mail_proto.h>
#include <resolve_local.h>
#include <mail_conf.h>
var_idle_limit = 1;
}
+MAIL_VERSION_STAMP_DECLARE;
+
/* main - pass control to the multi-threaded skeleton code */
int main(int argc, char **argv)
0,
};
+ /*
+ * Fingerprint executables and core dumps.
+ */
+ MAIL_VERSION_STAMP_ALLOCATE;
+
multi_server_main(argc, argv, rewrite_service,
MAIL_SERVER_STR_TABLE, str_table,
MAIL_SERVER_BOOL_TABLE, bool_table,
/* attr_scan0(). The stream is not flushed.
/*
/* attr_vprint0() provides an alternate interface that is convenient
-/* for calling from within variadoc functions.
+/* for calling from within variadic functions.
/*
/* Attributes are sent in the requested order as specified with the
/* attr_print0() argument list. This routine satisfies the formatting
/* attr_scan64(). The stream is not flushed.
/*
/* attr_vprint64() provides an alternate interface that is convenient
-/* for calling from within variadoc functions.
+/* for calling from within variadic functions.
/*
/* Attributes are sent in the requested order as specified with the
/* attr_print64() argument list. This routine satisfies the formatting
/* attr_scan_plain(). The stream is not flushed.
/*
/* attr_vprint_plain() provides an alternate interface that is convenient
-/* for calling from within variadoc functions.
+/* for calling from within variadic functions.
/*
/* Attributes are sent in the requested order as specified with the
/* attr_print_plain() argument list. This routine satisfies the formatting
int inet_accept(int fd)
{
- struct sockaddr_in sin;
- SOCKADDR_SIZE len = sizeof(sin);
+ struct sockaddr_storage ss;
+ SOCKADDR_SIZE ss_len = sizeof(ss);
- return (sane_accept(fd, (struct sockaddr *) & sin, &len));
+ return (sane_accept(fd, (struct sockaddr *) & ss, &ss_len));
}
* timer.
*/
#if defined(BROKEN_READ_SELECT_ON_TCP_SOCKET) && defined(SO_KEEPALIVE)
- else if (sa != 0 && sa->sa_family == AF_INET) {
+ else if (sa && (sa->sa_family == AF_INET
+#ifdef HAS_IPV6
+ || sa->sa_family == AF_INET6
+#endif
+ )) {
int on = 1;
(void) setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE,
int accept_fd;
int recv_fd;
- accept_fd = sane_accept(listen_fd, (struct sockaddr *) 0, (int *) 0);
+ accept_fd = sane_accept(listen_fd, (struct sockaddr *) 0, (SOCKADDR_SIZE *) 0);
if (accept_fd < 0) {
if (errno != EAGAIN)
msg_warn("%s: accept connection: %m", myname);
* UNIX-domain connection before closing the connection. This wait needs
* to be time limited.
*/
- fd = sane_accept(info->unixsock, (struct sockaddr *) 0, (int *) 0);
+ fd = sane_accept(info->unixsock, (struct sockaddr *) 0, (SOCKADDR_SIZE *) 0);
if (fd < 0) {
if (errno != EAGAIN)
msg_fatal("%s: accept connection: %m", myname);
verify.o: ../../include/dict_ht.h
verify.o: ../../include/dsn.h
verify.o: ../../include/htable.h
+verify.o: ../../include/int_filt.h
verify.o: ../../include/iostuff.h
verify.o: ../../include/mail_conf.h
verify.o: ../../include/mail_params.h
verify.o: ../../include/mail_proto.h
verify.o: ../../include/mail_server.h
+verify.o: ../../include/mail_version.h
verify.o: ../../include/msg.h
verify.o: ../../include/msg_stats.h
verify.o: ../../include/mymalloc.h
#include <mail_conf.h>
#include <mail_params.h>
+#include <mail_version.h>
#include <mail_proto.h>
#include <post_mail.h>
#include <verify_clnt.h>
setsid();
}
+MAIL_VERSION_STAMP_DECLARE;
+
/* main - pass control to the multi-threaded skeleton */
int main(int argc, char **argv)
0,
};
+ /*
+ * Fingerprint executables and core dumps.
+ */
+ MAIL_VERSION_STAMP_ALLOCATE;
+
multi_server_main(argc, argv, verify_service,
MAIL_SERVER_STR_TABLE, str_table,
MAIL_SERVER_TIME_TABLE, time_table,
virtual.o: ../../include/mail_params.h
virtual.o: ../../include/mail_queue.h
virtual.o: ../../include/mail_server.h
+virtual.o: ../../include/mail_version.h
virtual.o: ../../include/maps.h
virtual.o: ../../include/mbox_conf.h
virtual.o: ../../include/msg.h
/* The time limit for sending or receiving information over an internal
/* communication channel.
/* .IP "\fBmax_idle (100s)\fR"
-/* The maximum amount of time that an idle Postfix daemon process
-/* waits for the next service request before exiting.
+/* The maximum amount of time that an idle Postfix daemon process waits
+/* for an incoming connection before terminating voluntarily.
/* .IP "\fBmax_use (100)\fR"
-/* The maximal number of connection requests before a Postfix daemon
-/* process terminates.
+/* The maximal number of incoming connections that a Postfix daemon
+/* process will service before terminating voluntarily.
/* .IP "\fBprocess_id (read-only)\fR"
/* The process ID of a Postfix command or daemon process.
/* .IP "\fBprocess_name (read-only)\fR"
#include <deliver_request.h>
#include <deliver_completed.h>
#include <mail_params.h>
+#include <mail_version.h>
#include <mail_conf.h>
#include <mail_params.h>
#include <mail_addr_find.h>
flush_init();
}
+MAIL_VERSION_STAMP_DECLARE;
+
/* main - pass control to the single-threaded skeleton */
int main(int argc, char **argv)
0,
};
+ /*
+ * Fingerprint executables and core dumps.
+ */
+ MAIL_VERSION_STAMP_ALLOCATE;
+
single_server_main(argc, argv, local_service,
MAIL_SERVER_INT_TABLE, int_table,
MAIL_SERVER_STR_TABLE, str_table,
projects / thirdparty / postfix.git / commitdiff
