syntax as the mydestination parameter. Default settings
are backwards compatible with Postfix 1.1.
- Cleanup: just like $mydestination+$inet_interfaces control
+ Concept: just like $mydestination+$inet_interfaces control
what routes to $local_transport, $virtual_mailbox_domains
now controls what routes to $virtual_transport (default
transport: virtual), and $relay_domains now controls what
routes to $relay_transport (default transport: relay, a
clone of the smtp transport). Everything else routes to
$default_transport as before. This eliminates the need
- for transport maps for virtual(8) domains, and avoids
- performance problems with inbound relay mail. This was
- improvement was suggested by Victor Duchovni. File:
+ for transport map entries for every virtual(8) domain, and
+ avoids performance problems with inbound relay mail. This
+ was improvement was suggested by Victor Duchovni. File:
trivial-rewrite/resolve.c.
20021206
20021207
- Performance: apparently, RFC 2821 blesses the use of CNAME
- domain names in SMTP commands. This speeds things up a bit.
- File: smtp/smtp_proto.c.
+ Cleanup: deleted the description of sendmail-style virtual
+ domains from the virtual(5) manual page. This part of
+ Postfix was too confusing.
+
+ Performance: RFC 2821 blesses the use of CNAME domain names
+ in MAIL FROM and RCPT TO. Not having to expand CNAME domain
+ names speeds things up a bit. File: smtp/smtp_proto.c.
Workaround: exclude error mailer destinations from transport
- table lookups. File: trivial-rewrite/resolve.c.
-
- Cleanup: relocated_maps lookups moved to the trivial-rewrite
- server. The queue manager no longer does any map lookups,
- so it won't restart when maps change. This required that
- resolver clients be prepared for the case that the resolver
- reports it is unable to access a lookup table. This also
- required that trivial-rewrite be running as multiple
- processes to reduce the impact of table lookup latencies.
- Files: *qmgr/qmgr_message.c, trivial-rewrite/resolve.c,
- local/resolve.c, smtpd/smtpd_check.c, master/multi-server.c.
-
- Workaround: don't discard all DNS lookup results when one
- has a malformed name or address. File: dns/dns_lookups.c.
+ mapping lookups :-(. File: trivial-rewrite/resolve.c.
+
+ Cleanup: relocated_maps lookups are now moved to the
+ trivial-rewrite server. As of now, the queue manager no
+ longer does any map lookups, so it won't restart when maps
+ change. Files: *qmgr/qmgr_message.c, trivial-rewrite/resolve.c.
+
+ Robustness: because the trivial-rewrite server now does
+ many more table lookups, some of which are often LDAP or
+ SQL based, trivial-rewrite clients must be be prepared for
+ the case that the resolver reports a failure while processing
+ a request (when it was unable to access a lookup table).
+ Files: trivial-rewrite/resolve.c, local/resolve.c,
+ smtpd/smtpd_check.c.
+
+ Robustness: moving possible LDAP or SQL table lookups into
+ the trivial-rewrite server also required that trivial-rewrite
+ be running as multiple processes to reduce lookup latencies.
+ Files: master/multi-server.c.
+
+ Workaround: don't discard all the DNS lookup results when
+ only one of the results has a malformed name or address.
+ File: dns/dns_lookup.c.
+
+200201208
+
+ Cleanup: with the preliminary address domain classification
+ concept as implemented by the trivial-rewrite address
+ resolver, a lot of table lookups could be eliminated from
+ the SMTP server. Files: smtpd/smtpd_check.c.
+
+ Feature: new relay_recipient_maps parameter, for optional
+ maps with all the recipients in the domains that match
+ $relay_domains (so you can reject mail for unknown relay
+ recipients). This is for consistency with virtual_xx_maps
+ and virtual_xx_domains, and with local_recipient_maps and
+ the local delivery agent. File: smtpd/smtpd_check.c.
Open problems:
You can use the virtual delivery agent for mailbox delivery of some
or all domains that are handled by a machine.
-This mechanism is different from virtual domains that are implemented
-by translating each virtual address into a real local user. For
-that, see the virtual(5) manual page.
+This mechanism is different from simulated virtual domains that
+are implemented by translating each virtual address into a real
+local user. For that, see the virtual(5) manual page.
This is what Andrew McNamara wrote when he made the virtual delivery
agent available.
If a recipient is not found the mail is returned to the sender.
- For security reasons, regexp maps are not allowed here, because
- their $1 etc. substitutions would open a security hole.
+ For security reasons, regular expression maps are allowed but
+ regular expression substitution of $1 etc. is disallowed,
+ because that would open a security hole.
The mail administrator is expected to create and chown recipient
mailbox files or maildir directories ahead of time.
specific user@domain.tld entry. While searching a lookup table,
an address extension (user+foo@domain.tld) is ignored.
- For security reasons, regexp maps are not allowed here, because
- their $1 etc. substitutions would open a security hole.
+ For security reasons, regular expression maps are allowed but
+ regular expression substitution of $1 etc. is disallowed,
+ because that would open a security hole.
Specify a static map if all mailboxes should be owned by the same
UID. For example, to specify that all mailboxes are owned by the
specific user@domain.tld entry. While searching a lookup table,
an address extension (user+foo@domain.tld) is ignored.
- For security reasons, regexp maps are not allowed here, because
- their $1 etc. substitutions would open a security hole.
+ For security reasons, regular expression maps are allowed but
+ regular expression substitution of $1 etc. is disallowed,
+ because that would open a security hole.
Specify a static map if all mailboxes should be owned by the same
GID. For example, to specify that all mailboxes are owned by the
Incompatible changes with Postfix snapshot 1.1.12-200212XX
==========================================================
-The default hash_queue_depth setting is reduced to 1 level of
-subdirectories. This improves "mailq" performance on most systems,
-but results in poorer worst-case performance on systems with lots
-of mail in the queue.
+Postfix now uses the "relay" mail delivery transport for relayed
+mail (domains matching relay_domains). This may affect your
+defer_transports settings. The old "smtp" transport is now the
+default mail delivery transport for domains that do not match
+relay_domains or any local or virtual domain name.
+
+The "virtual_maps" configuration parameter is now called
+"virtual_alias_maps", for consistency with "virtual_mailbox_maps".
+Default settings are backwards compatible with Postfix 1.1.
+
+Postfix-style virtual domains are now called simulated virtual
+domains. Sendmail-style virtual domains are no longer documented.
+This part of Postfix was too confusing.
+
+The default queue directory hash_queue_depth setting is reduced to
+1 level of subdirectories per Postfix queue. This improves "mailq"
+performance on most systems, but can result in poorer worst-case
+performance on systems with lots of mail in the queue.
+
+The "reject_maps_rbl" restriction is going away. The SMTP server
+logs a warning and suggests using the more flexible "reject_rbl_client"
+instead.
+
+The "check_relay_domains" restriction is going away. The SMTP server
+logs a warning and suggests using "reject_unauth_destination"
+instead.
+
+Major changes with Postfix snapshot 1.1.11-200212XX
+===================================================
+
+This release introduces separation of lookup tables for addresses
+and for domain names of virtual domains.
+
+- virtual_maps is replaced by virtual_alias_maps (for address
+ lookups) and virtual_alias_domains (for the names of what were
+ formerly called "Postfix-style virtual domains").
+
+ For backwards compatibility with Postfix version 1.1, the new
+ virtual_alias_maps parameter defaults to $virtual_maps, and the
+ new virtual_alias_domains parameter defaults to $virtual_alias_maps.
+
+- virtual_mailbox_maps now has a companion parameter called
+ virtual_mailbox_domains (for the names of domains served by the
+ virtual delivery agent). virtual_mailbox_maps is now used for
+ address lookups only.
+
+ For backwards compatibility with Postfix version 1.1,, the new
+ virtual_mailbox_domains parameter defaults to $virtual_mailbox_maps.
+
+This release introduces the concept of address domain classes, each
+having its own default mail delivery transport:
+
+ Destination matches Default transport Default name
+ --------------------------------------------------------------
+ $mydestination or
+ $inet_interfaces $local_transport local
+ $virtual_alias_domains (not applicable) (not applicable)
+ $virtual_mailbox_domains $virtual_transport virtual
+ $relay_domains $relay_transport relay
+ other $default_transport smtp
+
+The benefits of these changes are that:
+
+- You no longer need to specify all the virtual(8) domains in the
+ Postfix transport map.
+
+- A lot of table lookups could be eliminated from the SMTP server's
+ mail relay control and unknown user blocking code.
+
+Better handling of unknown recipients. Each address domain class
+now has its own table with known recipients, so that you can reject
+mail for unknown addresses consistently.
+
+ Destination matches Recipients defined by Remarks
+ --------------------------------------------------------------
+ $mydestination or
+ $inet_interfaces $local_recipient_maps optional
+ $virtual_alias_domains $virtual_alias_maps none
+ $virtual_mailbox_domains $virtual_mailbox_maps none
+ $relay_domains $relay_recipient_maps optional
+ other (not applicable) (not applicable)
-The check_relay_domains restriction is going away. The SMTP server
-logs a warning and suggests using reject_unauth_destination instead.
+Finally, regular expression maps are now allowed with local delivery
+agent alias tables and with all virtual delivery agent lookup tables.
+However, regular expression substitution of $1 etc. is still
+forbidden for security reasons.
Incompatible changes with Postfix snapshot 1.1.11-20021108
==========================================================
attachments. This is much more efficient than previous versions
that recognized MIME headers via body_checks. MIME headers are
now processed one multi-line header at a time, instead of one body
-line at a time.
+line at a time.
In fact, Postfix now has three classes of header patterns:
header_checks (for primary message headers except MIME headers),
required to turn on maildir delivery.
- Incremental updates of aliases and maps. Specify "postmap -i
-mapname" and it will read new entries from stdin.
+mapname" and it will read new entries from stdin.
- Newaliases will now update more than one alias database.
Specify the names with the main.cf "alias_database" parameter.
# trap decode to catch security attacks
decode: root
-#
# ALIASES(5) ALIASES(5)
#
# NAME
# Delimiter that separates recipients from address
# extensions.
#
+# BUGS
+# Regular expression alias lookup tables are allowed, but
+# substitution of $1 etc. is forbidden because that would
+# open a security loophole.
+#
# STANDARDS
# RFC 822 (ARPA Internet Text Messages)
#
# SEE ALSO
# local(8) local delivery agent
-# postalias(1) alias database management
+# newaliases(1) alias database management
+# regexp_table(5) POSIX regular expression table format
+# pcre_table(5) Perl Compatible Regular Expression table format
#
# LICENSE
# The Secure Mailer license must be distributed with this
# P.O. Box 704
# Yorktown Heights, NY 10598, USA
#
-# 1
-#
+# ALIASES(5)
#proxy_interfaces = 1.2.3.4
# The mydestination parameter specifies the list of domains that this
-# machine considers itself the final destination for. That includes
-# Sendmail-style virtual domains hosted on this machine.
+# machine considers itself the final destination for.
#
-# Do not include Postfix-style virtual domains - those domains are
-# specified elsewhere (see sample-virtual.cf, and sample-transport.cf).
+# These domains are routed to the delivery agent specified with the
+# local_transport parameter setting.
#
# The default is $myhostname + localhost.$mydomain. On a mail domain
-# gateway, you should also include $mydomain. Do not specify the
-# names of domains that this machine is backup MX host for. Specify
-# those names via the relay_domains or permit_mx_backup settings for
-# the SMTP server (see sample-smtpd.cf).
+# gateway, you should also include $mydomain.
+#
+# Do not specify the names of virtual domains - those domains are
+# specified elsewhere (see sample-virtual.cf).
+#
+# Do not specify the names of domains that this machine is backup MX
+# host for. Specify those names via the relay_domains settings for
+# the SMTP server, or use permit_mx_backup if you are lazy (see
+# sample-smtpd.cf).
#
# The local machine is always the final destination for mail addressed
# to user@[the.net.work.address] of an interface that the mail system
#relayhost = uucphost
#relayhost = [an.ip.add.ress]
+# REJECTING UNKNOWN RELAY USERS
+#
+# The relay_recipient_maps parameter specifies optional lookup tables
+# with all addresses in the domains that match $relay_domains.
+#
+# If this parameter is defined, then the SMTP server will reject
+# mail for unknown relay users.
+#
+#relay_recipient_maps = hash:/etc/postfix/relay_recipients
+
# REJECTING UNKNOWN LOCAL USERS
#
# The local_recipient_maps parameter specifies optional lookup tables
#
# The alias_maps parameter specifies the list of alias databases used
# by the local delivery agent. The default list is system dependent.
+#
# On systems with NIS, the default is to search the local alias
# database, then the NIS alias database. See aliases(5) for syntax
# details.
#default_database_type = dbm
# The default_transport parameter specifies the default message
-# delivery transport to use when no transport is explicitly given in
+# delivery transport for domains that do not match mydestination,
+# inet_interfaces, virtual_alias_domains, virtual_mailbox_domains,
+# relay_domains, and for which no transport is explicitly given in
# the optional transport(5) table.
#
# Specify a string of the form transport:nexthop, where transport is
max_use = 100
# The mydestination parameter specifies the list of domains that this
-# machine considers itself the final destination for. That includes
-# Sendmail-style virtual domains hosted on this machine.
+# machine considers itself the final destination for.
#
-# Do not include Postfix-style virtual domains - those domains are
-# specified elsewhere (see sample-virtual.cf, and sample-transport.cf).
+# These domains are routed to the delivery agent specified with the
+# local_transport parameter setting.
#
# The default is $myhostname + localhost.$mydomain. On a mail domain
-# gateway, you should also include $mydomain. Do not specify the
-# names of domains that this machine is backup MX host for. Specify
-# those names via the relay_domains or permit_mx_backup settings for
-# the SMTP server (see sample-smtpd.cf).
+# gateway, you should also include $mydomain.
+#
+# Do not specify the names of virtual domains - those domains are
+# specified elsewhere (see sample-virtual.cf).
+#
+# Do not specify the names of domains that this machine is backup MX
+# host for. Specify those names via the relay_domains settings for
+# the SMTP server, or use permit_mx_backup if you are lazy (see
+# sample-smtpd.cf).
#
# The local machine is always the final destination for mail addressed
# to user@[the.net.work.address] of an interface that the mail system
# and restricts what destination domains (and subdomains thereof)
# this system will relay mail to.
#
+# These domains are routed to the delivery agent specified with the
+# relay_transport parameter setting.
+#
# By default, Postfix relays mail
# - from trusted clients whose IP address matches $mynetworks,
# - from untrusted clients to destinations that match $relay_domains
# This file contains example settings of Postfix configuration
# parameters that control virtual alias database lookups.
-# This file describes settings for simulated virtual domains. These
-# are domains for which all mail is aliased to one or more local or
-# remote addresses. For details, see the virtual(5) manual page.
+# This file describes configuration settings that can be used for
+# aliasing and for implementing SIMULATED VIRTUAL DOMAINS (domains
+# for which all mail is aliased to one or more local or remote
+# addresses). For details, see the virtual(5) manual page.
#
-# If you need virtual domains where each virtual address can have
-# its own mailbox, then you should use the virtual(8) delivery agent
-# instead. For details, see the VIRTUAL_README file.
+# If you need TRUE VIRTUAL DOMAINS (domains where each virtual address
+# can have its own mailbox), then you should use the virtual(8)
+# delivery agent instead. For details, see the VIRTUAL_README file.
# The virtual_alias_maps parameter specifies optional lookup tables to
-# redirect specific addresses or even complete domains to another
+# alias specific addresses or even complete domains to another
# address. This is typically used to simulate virtual domain support.
#
-# By default, no address redirection is done.
+# By default, no address aliasing is done.
#
# If you use this feature, run "postmap /etc/postfix/virtual" to
# build the necessary DBM or DB file after change.
# "do not change": use the delivery transport and nexthop
# information that would be used if no match were found.
#
+# TRANSPORT FIELD
+# The transport field specifies the name of a mail delivery
+# transport (the first name of a mail delivery service entry
+# in the Postfix master.cf file).
+#
+# When a null transport field is specified, Postfix uses one
+# of the following transports:
+#
+# $local_transport
+# The domain matches $mydestination or $inet_inter-
+# faces.
+#
+# $virtual_transport
+# The domain matches $virtual_mailbox_domains.
+#
+# $relay_transport
+# The domain matches $relay_transport.
+#
+# $default_transport
+# All other non-local, non-virtual destinations.
+#
+# NEXTHOP FIELD
# The interpretation of the nexthop field is transport
# dependent. In the case of SMTP, specify host:service for a
# non-default server port, and use [host] or [host]:port in
# form can also be used with IP addresses instead of host-
# names.
#
+# LOOKUP ORDER
# With lookups from indexed files such as DB or DBM, or from
# networked tables such as NIS, LDAP or SQL, patterns are
# tried in the order as listed below:
#
# foo.org slow:
#
-# When no transport is specified, Postfix uses either
-# $local_transport or $default_transport, depending on
-# whether the destination matches $mydestination. The fol-
-# lowing sends all mail for foo.org and its subdomains to
-# host gateway.foo.org:
+# When no transport is specified, Postfix uses the transport
+# that matches the address domain class (see TRANSPORT FIELD
+# discussion above). The following sends all mail for
+# foo.org and its subdomains to host gateway.foo.org:
#
# foo.org :[gateway.foo.org]
# .foo.org :[gateway.foo.org]
#
-# In the above example, the [] are used to suppress MX
-# lookups. The result would likely point to your local
+# In the above example, the [] are used to suppress MX
+# lookups. The result would likely point to your local
# machine.
#
-# In the case of delivery via SMTP, one may specify host-
+# In the case of delivery via SMTP, one may specify host-
# name:service instead of just a host:
#
# foo.org smtp:bar.org:2025
#
-# This directs mail for user@foo.org to host bar.org port
-# 2025. Instead of a numerical port a symbolic name may be
-# used. Specify [] around the hostname in order to disable
+# This directs mail for user@foo.org to host bar.org port
+# 2025. Instead of a numerical port a symbolic name may be
+# used. Specify [] around the hostname in order to disable
# MX lookups.
#
# The error mailer can be used to bounce mail:
#
-# .foo.org error:mail for *.foo.org is not deliv-
+# .foo.org error:mail for *.foo.org is not deliv-
# erable
#
-# This causes all mail for user@anything.foo.org to be
+# This causes all mail for user@anything.foo.org to be
# bounced.
#
# REGULAR EXPRESSION TABLES
-# This section describes how the table lookups change when
+# This section describes how the table lookups change when
# the table is given in the form of regular expressions. For
-# a description of regular expression lookup table syntax,
+# a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5).
#
-# Each pattern is a regular expression that is applied to
+# Each pattern is a regular expression that is applied to
# the entire domain being looked up. Thus, some.domain.hier-
# archy is not broken up into parent domains.
#
-# Patterns are applied in the order as specified in the
-# table, until a pattern is found that matches the search
+# Patterns are applied in the order as specified in the
+# table, until a pattern is found that matches the search
# string.
#
-# Results are the same as with indexed file lookups, with
-# the additional feature that parenthesized substrings from
+# Results are the same as with indexed file lookups, with
+# the additional feature that parenthesized substrings from
# the pattern can be interpolated as $1, $2 and so on.
#
# CONFIGURATION PARAMETERS
-# The following main.cf parameters are especially relevant
-# to this topic. See the Postfix main.cf file for syntax
-# details and for default values. Use the postfix reload
+# The following main.cf parameters are especially relevant
+# to this topic. See the Postfix main.cf file for syntax
+# details and for default values. Use the postfix reload
# command after a configuration change.
#
# parent_domain_matches_subdomains
-# List of Postfix features that use domain.tld pat-
-# terns to match sub.domain.tld (as opposed to
+# List of Postfix features that use domain.tld pat-
+# terns to match sub.domain.tld (as opposed to
# requiring .domain.tld patterns).
#
# transport_maps
# Other parameters of interest:
#
# local_transport
-# The mail delivery transport to use when no trans-
-# port is explicitly specified, and the destination
-# matches $mydestination.
+# The default mail delivery transport when the desti-
+# nation matches $mydestination or $inet_interfaces.
+#
+# virtual_transport
+# The default mail delivery transport when the desti-
+# nation matches virtual_mailbox_domains.
+#
+# relay_transport
+# The default mail delivery transport when the desti-
+# nation matches relay_domains.
#
# default_transport
-# The mail delivery transport to use when no trans-
-# port is explicitly specified, and the destination
-# does not match $mydestination.
+# The default mail delivery transport when the desti-
+# nation does not match a local, virtual or relay
+# destination.
#
# mydestination
# The destinations that are given to $local_transport
#
# relayhost
# The default host for destinations that do not match
-# $mydestination.
+# $mydestination, $inet_interfaces, vir-
+# tual_alias_domains or virtual_mailbox_domains.
#
# SEE ALSO
# postmap(1) create mapping table
#
# DESCRIPTION
# The optional virtual alias table specifies address alias-
-# ing for local and non-local recipients. Virtual aliasing
-# is used by the cleanup(8) daemon. Virtual aliasing is
-# recursive.
+# ing for arbitrary local or non-local recipient addresses.
+# Virtual aliasing is recursive, and is done by the Postfix
+# cleanup(8) daemon.
+#
+# The main applications of virtual aliasing are:
+#
+# o To redirect mail from one address to one or more
+# other addresses.
+#
+# o To simulate virtual domains where all virtual
+# addresses are aliased to non-virtual addresses.
#
# Virtual aliasing is applied only to recipient envelope
# addresses, and does not affect message headers. Think
# With a simulated virtual domain, the virtual domain has
# its own user name space. Local (i.e. non-virtual) user-
# names are not visible in a simulated virtual domain. In
-# particular, local aliases(5) and mailing lists are not
-# visible as localname@virtual.domain.
+# particular, local aliases(5) and local mailing lists are
+# not visible as localname@simulated.domain.
#
# Support for a simulated virtual domain looks like:
#
# types.
#
# /etc/postfix/virtual:
-# virtual.domain anything (right-hand content does not matter)
-# postmaster@virtual.domain postmaster
-# user1@virtual.domain address1
-# user2@virtual.domain address2, address3
+# simulated.domain anything (right-hand content does not matter)
+# postmaster@simulated.domain postmaster
+# user1@simulated.domain address1
+# user2@simulated.domain address2, address3
#
-# The virtual.domain anything entry is required for a simu-
-# lated virtual domain. Without this entry, mail will be
+# The simulated.domain anything entry is required for a sim-
+# ulated virtual domain. Without this entry, mail will be
# rejected with a "relay access denied" error condition.
#
# Do not list a simulated virtual domain name in the main.cf
# mydestination configuration parameter.
#
# With a simulated virtual domain, the Postfix SMTP server
-# accepts mail for known-user@virtual.domain, and rejects
-# mail for unknown-user@virtual.domain as undeliverable.
+# accepts mail for known-user@simulated.domain, and rejects
+# mail for unknown-user@simulated.domain as undeliverable.
#
# Instead of specifying the simulated virtual domain name
# via the virtual_alias_maps table, you may also specify it
# local.
#
# myorigin
-# The domain that is appended to locally-posted mail.
+# The domain that is appended to any address that
+# does not have a domain.
#
# owner_request_special
# Give special treatment to owner-xxx and xxx-request
# SEE ALSO
# cleanup(8) canonicalize and enqueue mail
# postmap(1) create mapping table
-# pcre_table(5) format of PCRE tables
-# regexp_table(5) format of POSIX regular expression tables
+# regexp_table(5) POSIX regular expression table format
+# pcre_table(5) Perl Compatible Regular Expression table format
#
# LICENSE
# The Secure Mailer license must be distributed with this
<html> <head> </head> <body> <pre>
-
ALIASES(5) ALIASES(5)
<b>NAME</b>
Delimiter that separates recipients from address
extensions.
+<b>BUGS</b>
+ Regular expression alias lookup tables are allowed, but
+ substitution of $1 etc. is forbidden because that would
+ open a security loophole.
+
<b>STANDARDS</b>
<a href="http://www.faqs.org/rfcs/rfc822.html">RFC 822</a> (ARPA Internet Text Messages)
<b>SEE</b> <b>ALSO</b>
<a href="local.8.html">local(8)</a> local delivery agent
- <a href="postalias.1.html">postalias(1)</a> alias database management
+ <a href="newaliases.1.html">newaliases(1)</a> alias database management
+ <a href="regexp_table.5.html">regexp_table(5)</a> POSIX regular expression table format
+ <a href="pcre_table.5.html">pcre_table(5)</a> Perl Compatible Regular Expression table format
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
P.O. Box 704
Yorktown Heights, NY 10598, USA
- 1
-
+ ALIASES(5)
</pre> </body> </html>
<a href="qmgr.8.html">qmgr(8)</a> queue manager daemon
syslogd(8) system logging
<a href="trivial-rewrite.8.html">trivial-rewrite(8)</a> address rewriting
- <a href="virtual.5.html">virtual(5)</a> virtual address lookup table format
+ <a href="virtual.5.html">virtual(5)</a> virtual alias lookup table format
<b>FILES</b>
/etc/postfix/canonical*, canonical mapping table
$<b>config</b><i>_</i><b>directory/master.cf</b>, Postfix daemon processes
<b>SEE</b> <b>ALSO</b>
- <a href="master.8.html">master(8)</a> Postfix master program
+ <a href="postconf.1.html">postconf(1)</a> Postfix configuration management
+ <a href="postsuper.1.html">postsuper(1)</a> Postfix housekeeping
+ <a href="sendmail.1.html">sendmail(1)</a> Sendmail-compatible interface
+ <a href="postmap.1.html">postmap(1)</a> Postfix lookup table management
+ <a href="master.8.html">master(8)</a> Postfix master daemon
+ The respective manual pages for the daemon processes spec-
+ ified in the <b>master.cf</b> file, and the manual pages refer-
+ enced by those manual pages.
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
defined, then the SMTP server rejects mail for
unknown local users.
+ <b>relay</b><i>_</i><b>recipient</b><i>_</i><b>maps</b>
+ List of maps that define all the email addresses in
+ the domains that match <b>$relay</b><i>_</i><b>domains</b>. If this
+ parameter is defined, then the SMTP server rejects
+ mail for unknown relay recipients.
+
<b>notify</b><i>_</i><b>classes</b>
List of error classes. Of special interest are:
- <b>policy</b> When a client violates any policy, mail a
+ <b>policy</b> When a client violates any policy, mail a
transcript of the entire SMTP session to the
postmaster.
<b>protocol</b>
- When a client violates the SMTP protocol or
+ When a client violates the SMTP protocol or
issues an unimplemented command, mail a
transcript of the entire SMTP session to the
postmaster.
<b>smtpd</b><i>_</i><b>banner</b>
- Text that follows the <b>220</b> status code in the SMTP
+ Text that follows the <b>220</b> status code in the SMTP
greeting banner.
<b>smtpd</b><i>_</i><b>expansion</b><i>_</i><b>filter</b>
expansion of rbl template responses and other text.
<b>smtpd</b><i>_</i><b>recipient</b><i>_</i><b>limit</b>
- Restrict the number of recipients that the SMTP
+ Restrict the number of recipients that the SMTP
server accepts per message delivery.
<b>smtpd</b><i>_</i><b>timeout</b>
- Limit the time to send a server response and to
+ Limit the time to send a server response and to
receive a client request.
<b>soft</b><i>_</i><b>bounce</b>
- Change hard (5xx) reject responses into soft (4xx)
- reject responses. This can be useful for testing
+ Change hard (5xx) reject responses into soft (4xx)
+ reject responses. This can be useful for testing
purposes.
<b>verp</b><i>_</i><b>delimiter</b><i>_</i><b>filter</b>
- The characters that Postfix accepts as VERP delim-
+ The characters that Postfix accepts as VERP delim-
iter characters.
<b>Resource</b> <b>controls</b>
<b>line</b><i>_</i><b>length</b><i>_</i><b>limit</b>
- Limit the amount of memory in bytes used for the
+ Limit the amount of memory in bytes used for the
handling of partial input lines.
<b>message</b><i>_</i><b>size</b><i>_</i><b>limit</b>
ing on-disk storage for envelope information.
<b>queue</b><i>_</i><b>minfree</b>
- Minimal amount of free space in bytes in the queue
- file system for the SMTP server to accept any mail
+ Minimal amount of free space in bytes in the queue
+ file system for the SMTP server to accept any mail
at all.
<b>smtpd</b><i>_</i><b>history</b><i>_</i><b>flush</b><i>_</i><b>threshold</b>
<b>smtpd</b><i>_</i><b>soft</b><i>_</i><b>error</b><i>_</i><b>limit</b>
When an SMTP client has made this number of errors,
- wait <i>error_count</i> seconds before responding to any
+ wait <i>error_count</i> seconds before responding to any
client request.
<b>smtpd</b><i>_</i><b>hard</b><i>_</i><b>error</b><i>_</i><b>limit</b>
- Disconnect after a client has made this number of
+ Disconnect after a client has made this number of
errors.
<b>smtpd</b><i>_</i><b>junk</b><i>_</i><b>command</b><i>_</i><b>limit</b>
Limit the number of times a client can issue a junk
- command such as NOOP, VRFY, ETRN or RSET in one
- SMTP session before it is penalized with tarpit
+ command such as NOOP, VRFY, ETRN or RSET in one
+ SMTP session before it is penalized with tarpit
delays.
<b>UCE</b> <b>control</b> <b>restrictions</b>
<b>parent</b><i>_</i><b>domain</b><i>_</i><b>matches</b><i>_</i><b>subdomains</b>
- List of Postfix features that use <i>domain.tld</i> pat-
- terns to match <i>sub.domain.tld</i> (as opposed to
+ List of Postfix features that use <i>domain.tld</i> pat-
+ terns to match <i>sub.domain.tld</i> (as opposed to
requiring <i>.domain.tld</i> patterns).
<b>smtpd</b><i>_</i><b>client</b><i>_</i><b>restrictions</b>
tem.
<b>smtpd</b><i>_</i><b>helo</b><i>_</i><b>required</b>
- Require that clients introduce themselves at the
+ Require that clients introduce themselves at the
beginning of an SMTP session.
<b>smtpd</b><i>_</i><b>helo</b><i>_</i><b>restrictions</b>
- Restrict what client hostnames are allowed in <b>HELO</b>
+ Restrict what client hostnames are allowed in <b>HELO</b>
and <b>EHLO</b> commands.
<b>smtpd</b><i>_</i><b>sender</b><i>_</i><b>restrictions</b>
- Restrict what sender addresses are allowed in <b>MAIL</b>
+ Restrict what sender addresses are allowed in <b>MAIL</b>
<b>FROM</b> commands.
<b>smtpd</b><i>_</i><b>recipient</b><i>_</i><b>restrictions</b>
- Restrict what recipient addresses are allowed in
+ Restrict what recipient addresses are allowed in
<b>RCPT</b> <b>TO</b> commands.
<b>smtpd</b><i>_</i><b>etrn</b><i>_</i><b>restrictions</b>
mands, and what clients may issue <b>ETRN</b> commands.
<b>smtpd</b><i>_</i><b>data</b><i>_</i><b>restrictions</b>
- Restrictions on the <b>DATA</b> command. Currently, the
- only restriction that makes sense here is
+ Restrictions on the <b>DATA</b> command. Currently, the
+ only restriction that makes sense here is
<b>reject</b><i>_</i><b>unauth</b><i>_</i><b>pipelining</b>.
<b>allow</b><i>_</i><b>untrusted</b><i>_</i><b>routing</b>
- Allow untrusted clients to specify addresses with
- sender-specified routing. Enabling this opens up
- nasty relay loopholes involving trusted backup MX
+ Allow untrusted clients to specify addresses with
+ sender-specified routing. Enabling this opens up
+ nasty relay loopholes involving trusted backup MX
hosts.
<b>smtpd</b><i>_</i><b>restriction</b><i>_</i><b>classes</b>
- Declares the name of zero or more parameters that
- contain a list of UCE restrictions. The names of
- these parameters can then be used instead of the
+ Declares the name of zero or more parameters that
+ contain a list of UCE restrictions. The names of
+ these parameters can then be used instead of the
restriction lists that they represent.
<b>smtpd</b><i>_</i><b>null</b><i>_</i><b>access</b><i>_</i><b>lookup</b><i>_</i><b>key</b>
- The lookup key to be used in SMTPD access tables
- instead of the null sender address. A null sender
+ The lookup key to be used in SMTPD access tables
+ instead of the null sender address. A null sender
address cannot be looked up.
<b>maps</b><i>_</i><b>rbl</b><i>_</i><b>domains</b> (deprecated)
- List of DNS domains that publish the addresses of
+ List of DNS domains that publish the addresses of
blacklisted hosts. This is used with the deprecated
<b>reject</b><i>_</i><b>maps</b><i>_</i><b>rbl</b> restriction.
<b>permit</b><i>_</i><b>mx</b><i>_</i><b>backup</b><i>_</i><b>networks</b>
- Only domains whose primary MX hosts match the
- listed networks are eligible for the <b>per-</b>
+ Only domains whose primary MX hosts match the
+ listed networks are eligible for the <b>per-</b>
<b>mit</b><i>_</i><b>mx</b><i>_</i><b>backup</b> feature.
<b>relay</b><i>_</i><b>domains</b>
- Restrict what domains or networks this mail system
- will relay mail from or to.
+ Restrict what domains this mail system will relay
+ mail to. The domains are routed to the delivery
+ agent specified with the <b>relay</b><i>_</i><b>transport</b> setting.
<b>UCE</b> <b>control</b> <b>responses</b>
<b>access</b><i>_</i><b>map</b><i>_</i><b>reject</b><i>_</i><b>code</b>
<b>reject</b><i>_</i><b>unknown</b><i>_</i><b>hostname</b> restriction.
<b>SEE</b> <b>ALSO</b>
+ <a href="trivial-rewrite.8.html">trivial-rewrite(8)</a> address resolver
<a href="cleanup.8.html">cleanup(8)</a> message canonicalization
<a href="master.8.html">master(8)</a> process manager
syslogd(8) system logging
"do not change": use the delivery transport and nexthop
information that would be used if no match were found.
- The interpretation of the <i>nexthop</i> field is transport
+<b>TRANSPORT</b> <b>FIELD</b>
+ The transport field specifies the name of a mail delivery
+ transport (the first name of a mail delivery service entry
+ in the Postfix <b>master.cf</b> file).
+
+ When a null transport field is specified, Postfix uses one
+ of the following transports:
+
+ <b>$local</b><i>_</i><b>transport</b>
+ The domain matches <b>$mydestination</b> or <b>$inet</b><i>_</i><b>inter-</b>
+ <b>faces</b>.
+
+ <b>$virtual</b><i>_</i><b>transport</b>
+ The domain matches <b>$virtual</b><i>_</i><b>mailbox</b><i>_</i><b>domains</b>.
+
+ <b>$relay</b><i>_</i><b>transport</b>
+ The domain matches <b>$relay</b><i>_</i><b>transport</b>.
+
+ <b>$default</b><i>_</i><b>transport</b>
+ All other non-local, non-virtual destinations.
+
+<b>NEXTHOP</b> <b>FIELD</b>
+ The interpretation of the nexthop field is transport
dependent. In the case of SMTP, specify <i>host</i>:<i>service</i> for a
non-default server port, and use [<i>host</i>] or [<i>host</i>]:<i>port</i> in
order to disable MX (mail exchanger) DNS lookups. The []
form can also be used with IP addresses instead of host-
names.
+<b>LOOKUP</b> <b>ORDER</b>
With lookups from indexed files such as DB or DBM, or from
networked tables such as NIS, LDAP or SQL, patterns are
tried in the order as listed below:
<b>foo.org</b> <b>uucp:foo</b>
<b>.foo.org</b> <b>uucp:foo</b>
- When no <i>nexthop</i> host name is specified, the destination
+ When no nexthop host name is specified, the destination
domain name is used instead. For example, the following
directs mail for <i>user</i>@<b>foo.org</b> via the <b>slow</b> transport to a
mail exchanger for <b>foo.org</b>. The <b>slow</b> transport could be
<b>foo.org</b> <b>slow:</b>
- When no <i>transport</i> is specified, Postfix uses either
- <b>$local</b><i>_</i><b>transport</b> or <b>$default</b><i>_</i><b>transport</b>, depending on
- whether the destination matches <b>$mydestination</b>. The fol-
- lowing sends all mail for <b>foo.org</b> and its subdomains to
- host <b>gateway.foo.org</b>:
+ When no transport is specified, Postfix uses the transport
+ that matches the address domain class (see TRANSPORT FIELD
+ discussion above). The following sends all mail for
+ <b>foo.org</b> and its subdomains to host <b>gateway.foo.org</b>:
<b>foo.org</b> <b>:[gateway.foo.org]</b>
<b>.foo.org</b> <b>:[gateway.foo.org]</b>
- In the above example, the [] are used to suppress MX
- lookups. The result would likely point to your local
+ In the above example, the [] are used to suppress MX
+ lookups. The result would likely point to your local
machine.
- In the case of delivery via SMTP, one may specify <i>host-</i>
+ In the case of delivery via SMTP, one may specify <i>host-</i>
<i>name</i>:<i>service</i> instead of just a host:
<b>foo.org</b> <b>smtp:bar.org:2025</b>
- This directs mail for <i>user</i>@<b>foo.org</b> to host <b>bar.org</b> port
- <b>2025</b>. Instead of a numerical port a symbolic name may be
- used. Specify [] around the hostname in order to disable
+ This directs mail for <i>user</i>@<b>foo.org</b> to host <b>bar.org</b> port
+ <b>2025</b>. Instead of a numerical port a symbolic name may be
+ used. Specify [] around the hostname in order to disable
MX lookups.
The error mailer can be used to bounce mail:
- <b>.foo.org</b> <b>error:mail</b> <b>for</b> <b>*.foo.org</b> <b>is</b> <b>not</b> <b>deliv-</b>
+ <b>.foo.org</b> <b>error:mail</b> <b>for</b> <b>*.foo.org</b> <b>is</b> <b>not</b> <b>deliv-</b>
<b>erable</b>
- This causes all mail for <i>user</i>@<i>anything</i><b>.foo.org</b> to be
+ This causes all mail for <i>user</i>@<i>anything</i><b>.foo.org</b> to be
bounced.
<b>REGULAR</b> <b>EXPRESSION</b> <b>TABLES</b>
- This section describes how the table lookups change when
+ This section describes how the table lookups change when
the table is given in the form of regular expressions. For
- a description of regular expression lookup table syntax,
+ a description of regular expression lookup table syntax,
see <a href="regexp_table.5.html"><b>regexp</b><i>_</i><b>table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre</b><i>_</i><b>table</b>(5)</a>.
- Each pattern is a regular expression that is applied to
+ Each pattern is a regular expression that is applied to
the entire domain being looked up. Thus, <i>some.domain.hier-</i>
<i>archy</i> is not broken up into parent domains.
- Patterns are applied in the order as specified in the
- table, until a pattern is found that matches the search
+ Patterns are applied in the order as specified in the
+ table, until a pattern is found that matches the search
string.
- Results are the same as with indexed file lookups, with
- the additional feature that parenthesized substrings from
+ Results are the same as with indexed file lookups, with
+ the additional feature that parenthesized substrings from
the pattern can be interpolated as <b>$1</b>, <b>$2</b> and so on.
<b>CONFIGURATION</b> <b>PARAMETERS</b>
- The following <b>main.cf</b> parameters are especially relevant
- to this topic. See the Postfix <b>main.cf</b> file for syntax
- details and for default values. Use the <b>postfix</b> <b>reload</b>
+ The following <b>main.cf</b> parameters are especially relevant
+ to this topic. See the Postfix <b>main.cf</b> file for syntax
+ details and for default values. Use the <b>postfix</b> <b>reload</b>
command after a configuration change.
<b>parent</b><i>_</i><b>domain</b><i>_</i><b>matches</b><i>_</i><b>subdomains</b>
- List of Postfix features that use <i>domain.tld</i> pat-
- terns to match <i>sub.domain.tld</i> (as opposed to
+ List of Postfix features that use <i>domain.tld</i> pat-
+ terns to match <i>sub.domain.tld</i> (as opposed to
requiring <i>.domain.tld</i> patterns).
<b>transport</b><i>_</i><b>maps</b>
Other parameters of interest:
<b>local</b><i>_</i><b>transport</b>
- The mail delivery transport to use when no trans-
- port is explicitly specified, and the destination
- matches <b>$mydestination</b>.
+ The default mail delivery transport when the desti-
+ nation matches <b>$mydestination</b> or <b>$inet</b><i>_</i><b>interfaces</b>.
+
+ <b>virtual</b><i>_</i><b>transport</b>
+ The default mail delivery transport when the desti-
+ nation matches <b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>domains</b>.
+
+ <b>relay</b><i>_</i><b>transport</b>
+ The default mail delivery transport when the desti-
+ nation matches <b>relay</b><i>_</i><b>domains</b>.
<b>default</b><i>_</i><b>transport</b>
- The mail delivery transport to use when no trans-
- port is explicitly specified, and the destination
- does not match <b>$mydestination</b>.
+ The default mail delivery transport when the desti-
+ nation does not match a local, virtual or relay
+ destination.
<b>mydestination</b>
The destinations that are given to <b>$local</b><i>_</i><b>transport</b>
<b>relayhost</b>
The default host for destinations that do not match
- <b>$mydestination</b>.
+ <b>$mydestination</b>, <b>$inet</b><i>_</i><b>interfaces</b>, <b>vir-</b>
+ <b>tual</b><i>_</i><b>alias</b><i>_</i><b>domains</b> or <b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>domains</b>.
<b>SEE</b> <b>ALSO</b>
<a href="postmap.1.html">postmap(1)</a> create mapping table
<b>DESCRIPTION</b>
The optional <b>virtual</b> alias table specifies address alias-
- ing for local and non-local recipients. Virtual aliasing
- is used by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon. Virtual aliasing is
- recursive.
+ ing for arbitrary local or non-local recipient addresses.
+ Virtual aliasing is recursive, and is done by the Postfix
+ <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon.
+
+ The main applications of virtual aliasing are:
+
+ <b>o</b> To redirect mail from one address to one or more
+ other addresses.
+
+ <b>o</b> To simulate virtual domains where all virtual
+ addresses are aliased to non-virtual addresses.
Virtual aliasing is applied only to recipient envelope
addresses, and does not affect message headers. Think
With a simulated virtual domain, the virtual domain has
its own user name space. Local (i.e. non-virtual) user-
names are not visible in a simulated virtual domain. In
- particular, local <a href="aliases.5.html"><b>aliases</b>(5)</a> and mailing lists are not
- visible as <i>localname@virtual.domain</i>.
+ particular, local <a href="aliases.5.html"><b>aliases</b>(5)</a> and local mailing lists are
+ not visible as <i>localname@simulated.domain</i>.
Support for a simulated virtual domain looks like:
types.
/etc/postfix/virtual:
- <i>virtual.domain</i> <i>anything</i> (right-hand content does not matter)
- <i>postmaster@virtual.domain</i> <i>postmaster</i>
- <i>user1@virtual.domain</i> <i>address1</i>
- <i>user2@virtual.domain</i> <i>address2,</i> <i>address3</i>
+ <i>simulated.domain</i> <i>anything</i> (right-hand content does not matter)
+ <i>postmaster@simulated.domain</i> <i>postmaster</i>
+ <i>user1@simulated.domain</i> <i>address1</i>
+ <i>user2@simulated.domain</i> <i>address2,</i> <i>address3</i>
- The <i>virtual.domain</i> <i>anything</i> entry is required for a simu-
- lated virtual domain. Without this entry, mail will be
+ The <i>simulated.domain</i> <i>anything</i> entry is required for a sim-
+ ulated virtual domain. Without this entry, mail will be
rejected with a "relay access denied" error condition.
Do not list a simulated virtual domain name in the <b>main.cf</b>
<b>mydestination</b> configuration parameter.
With a simulated virtual domain, the Postfix SMTP server
- accepts mail for <i>known-user@virtual.domain</i>, and rejects
- mail for <i>unknown-user</i>@<i>virtual.domain</i> as undeliverable.
+ accepts mail for <i>known-user@simulated.domain</i>, and rejects
+ mail for <i>unknown-user</i>@<i>simulated.domain</i> as undeliverable.
Instead of specifying the simulated virtual domain name
via the <b>virtual</b><i>_</i><b>alias</b><i>_</i><b>maps</b> table, you may also specify it
local.
<b>myorigin</b>
- The domain that is appended to locally-posted mail.
+ The domain that is appended to any address that
+ does not have a domain.
<b>owner</b><i>_</i><b>request</b><i>_</i><b>special</b>
Give special treatment to <b>owner-</b><i>xxx</i> and <i>xxx</i><b>-request</b>
<b>SEE</b> <b>ALSO</b>
<a href="cleanup.8.html">cleanup(8)</a> canonicalize and enqueue mail
<a href="postmap.1.html">postmap(1)</a> create mapping table
- <a href="pcre_table.5.html">pcre_table(5)</a> format of PCRE tables
- <a href="regexp_table.5.html">regexp_table(5)</a> format of POSIX regular expression tables
+ <a href="regexp_table.5.html">regexp_table(5)</a> POSIX regular expression table format
+ <a href="pcre_table.5.html">pcre_table(5)</a> Perl Compatible Regular Expression table format
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
boxes. While it could be set to "/", this setting
isn't recommended.
- <b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>maps</b> (regexp maps disallowed)
+ <b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>maps</b>
Recipients are looked up in these maps to determine
the path to their mailbox or maildir. If the
returned path ends in a slash ("/"), maildir-style
Note that <b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>base</b> is unconditionally
prepended to this path.
+ For security reasons, regular expression maps are
+ allowed but regular expression substitution of $1
+ etc. is disallowed, because that would open a secu-
+ rity hole.
+
<b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>domains</b>
- The list of domains that should be delivered via
- the Postfix virtual delivery agent. This uses the
+ The list of domains that should be delivered via
+ the Postfix virtual delivery agent. This uses the
same syntax as the <b>mydestination</b> configuration
parameter.
<b>virtual</b><i>_</i><b>minimum</b><i>_</i><b>uid</b>
- Specifies a minimum uid that will be accepted as a
- return from a <b>virtual</b><i>_</i><b>owner</b><i>_</i><b>maps</b> or <b>vir-</b>
- <b>tual</b><i>_</i><b>uid</b><i>_</i><b>maps</b> lookup. Returned values less than
- this will be rejected, and the message will be
+ Specifies a minimum uid that will be accepted as a
+ return from a <b>virtual</b><i>_</i><b>owner</b><i>_</i><b>maps</b> or <b>vir-</b>
+ <b>tual</b><i>_</i><b>uid</b><i>_</i><b>maps</b> lookup. Returned values less than
+ this will be rejected, and the message will be
deferred.
- <b>virtual</b><i>_</i><b>uid</b><i>_</i><b>maps</b> (regexp maps disallowed)
+ <b>virtual</b><i>_</i><b>uid</b><i>_</i><b>maps</b>
Recipients are looked up in these maps to determine
- the user ID to be used when writing to the target
+ the user ID to be used when writing to the target
mailbox.
- While searching a lookup table, an address exten-
+ While searching a lookup table, an address exten-
sion (<i>user+foo@domain.tld</i>) is ignored.
- In a lookup table, specify a left-hand side of
- <i>@domain.tld</i> to match any user in the specified
- domain that does not have a specific
+ In a lookup table, specify a left-hand side of
+ <i>@domain.tld</i> to match any user in the specified
+ domain that does not have a specific
<i>user@domain.tld</i> entry.
- <b>virtual</b><i>_</i><b>gid</b><i>_</i><b>maps</b> (regexp maps disallowed)
+ For security reasons, regular expression maps are
+ allowed but regular expression substitution of $1
+ etc. is disallowed, because that would open a secu-
+ rity hole.
+
+ <b>virtual</b><i>_</i><b>gid</b><i>_</i><b>maps</b>
Recipients are looked up in these maps to determine
the group ID to be used when writing to the target
mailbox.
domain that does not have a specific
<i>user@domain.tld</i> entry.
+ For security reasons, regular expression maps are
+ allowed but regular expression substitution of $1
+ etc. is disallowed, because that would open a secu-
+ rity hole.
+
<b>Locking</b> <b>controls</b>
<b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>lock</b>
- How to lock UNIX-style mailboxes: one or more of
- <b>flock</b>, <b>fcntl</b> or <b>dotlock</b>. The <b>dotlock</b> method
- requires that the recipient UID or GID has write
+ How to lock UNIX-style mailboxes: one or more of
+ <b>flock</b>, <b>fcntl</b> or <b>dotlock</b>. The <b>dotlock</b> method
+ requires that the recipient UID or GID has write
access to the parent directory of the mailbox file.
- This setting is ignored with <b>maildir</b> style deliv-
+ This setting is ignored with <b>maildir</b> style deliv-
ery, because such deliveries are safe without
explicit locks.
- Use the command <b>postconf</b> <b>-l</b> to find out what lock-
+ Use the command <b>postconf</b> <b>-l</b> to find out what lock-
ing methods are available on your system.
<b>deliver</b><i>_</i><b>lock</b><i>_</i><b>attempts</b>
- Limit the number of attempts to acquire an exclu-
+ Limit the number of attempts to acquire an exclu-
sive lock on a UNIX-style mailbox file.
<b>deliver</b><i>_</i><b>lock</b><i>_</i><b>delay</b>
Time (default: seconds) between successive attempts
- to acquire an exclusive lock on a UNIX-style mail-
- box file. The actual delay is slightly randomized.
+ to acquire an exclusive lock on a UNIX-style mail-
+ box file. The actual delay is slightly randomized.
<b>stale</b><i>_</i><b>lock</b><i>_</i><b>time</b>
- Limit the time after which a stale lockfile is
- removed (applicable to UNIX-style mailboxes only).
+ Limit the time after which a stale lockfile is
+ removed (applicable to UNIX-style mailboxes only).
<b>Resource</b> <b>controls</b>
<b>virtual</b><i>_</i><b>destination</b><i>_</i><b>concurrency</b><i>_</i><b>limit</b>
Limit the number of parallel deliveries to the same
domain via the <b>virtual</b> delivery agent. The default
limit is taken from the <b>default</b><i>_</i><b>destination</b><i>_</i><b>concur-</b>
- <b>rency</b><i>_</i><b>limit</b> parameter. The limit is enforced by
+ <b>rency</b><i>_</i><b>limit</b> parameter. The limit is enforced by
the Postfix queue manager.
<b>virtual</b><i>_</i><b>destination</b><i>_</i><b>recipient</b><i>_</i><b>limit</b>
Limit the number of recipients per message delivery
- via the <b>virtual</b> delivery agent. The default limit
- is taken from the <b>default</b><i>_</i><b>destination</b><i>_</i><b>recipi-</b>
- <b>ent</b><i>_</i><b>limit</b> parameter. The limit is enforced by the
+ via the <b>virtual</b> delivery agent. The default limit
+ is taken from the <b>default</b><i>_</i><b>destination</b><i>_</i><b>recipi-</b>
+ <b>ent</b><i>_</i><b>limit</b> parameter. The limit is enforced by the
Postfix queue manager.
<b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>limit</b>
- The maximal size in bytes of a mailbox or maildir
+ The maximal size in bytes of a mailbox or maildir
file. Set to zero to disable the limit.
<b>HISTORY</b>
- This agent was originally based on the Postfix local
+ This agent was originally based on the Postfix local
delivery agent. Modifications mainly consisted of removing
- code that either was not applicable or that was not safe
- in this context: aliases, ~user/.forward files, delivery
+ code that either was not applicable or that was not safe
+ in this context: aliases, ~user/.forward files, delivery
to "|command" or to /file/name.
- The <b>Delivered-To:</b> header appears in the <b>qmail</b> system by
+ The <b>Delivered-To:</b> header appears in the <b>qmail</b> system by
Daniel Bernstein.
- The <b>maildir</b> structure appears in the <b>qmail</b> system by
+ The <b>maildir</b> structure appears in the <b>qmail</b> system by
Daniel Bernstein.
<b>SEE</b> <b>ALSO</b>
+ <a href="regexp_table.5.html">regexp_table(5)</a> POSIX regular expression table format
+ <a href="pcre_table.5.html">pcre_table(5)</a> Perl Compatible Regular Expression table format
<a href="bounce.8.html">bounce(8)</a> non-delivery status reports
syslogd(8) system logging
<a href="qmgr.8.html">qmgr(8)</a> queue manager
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
.SH SEE ALSO
.na
.nf
-master(8) Postfix master program
+postconf(1) Postfix configuration management
+postsuper(1) Postfix housekeeping
+sendmail(1) Sendmail-compatible interface
+postmap(1) Postfix lookup table management
+master(8) Postfix master daemon
+.ad
+.fi
+The respective manual pages for the daemon processes
+specified in the \fBmaster.cf\fR file, and the manual
+pages referenced by those manual pages.
.SH LICENSE
.na
.nf
addresses.
.IP \fBrecipient_delimiter\fR
Delimiter that separates recipients from address extensions.
+.SH BUGS
+.ad
+.fi
+Regular expression alias lookup tables are allowed, but
+substitution of $1 etc. is forbidden because that would
+open a security loophole.
.SH STANDARDS
.na
.nf
.na
.nf
local(8) local delivery agent
-postalias(1) alias database management
+newaliases(1) alias database management
+regexp_table(5) POSIX regular expression table format
+pcre_table(5) Perl Compatible Regular Expression table format
.SH LICENSE
.na
.nf
or \fInexthop\fR field means "do not change": use the delivery
transport and nexthop information that would be used if no
match were found.
-.PP
-The interpretation of the \fInexthop\fR field is transport
+.SH TRANSPORT FIELD
+.ad
+.fi
+The transport field specifies the name of a mail delivery transport
+(the first name of a mail delivery service entry in the Postfix
+\fBmaster.cf\fR file).
+
+When a null transport field is specified, Postfix uses one of the
+following transports:
+.IP \fB$local_transport\fR
+The domain matches \fB$mydestination\fR or \fB$inet_interfaces\fR.
+.IP \fB$virtual_transport\fR
+The domain matches \fB$virtual_mailbox_domains\fR.
+.IP \fB$relay_transport\fR
+The domain matches \fB$relay_transport\fR.
+.IP \fB$default_transport\fR
+All other non-local, non-virtual destinations.
+.SH NEXTHOP FIELD
+.ad
+.fi
+The interpretation of the nexthop field is transport
dependent. In the case of SMTP, specify \fIhost\fR:\fIservice\fR for a
non-default server port, and use [\fIhost\fR] or [\fIhost\fR]:\fIport\fR
in order to disable MX (mail exchanger) DNS lookups. The [] form
can also be used with IP addresses instead of hostnames.
-.PP
+.SH LOOKUP ORDER
+.ad
+.fi
With lookups from indexed files such as DB or DBM, or from networked
tables such as NIS, LDAP or SQL, patterns are tried in the order as
listed below:
.ti +5
\fB\&.foo.org uucp:foo\fR
-When no \fInexthop\fR host name is specified, the destination domain
+When no nexthop host name is specified, the destination domain
name is used instead. For example, the following directs mail for
\fIuser\fR@\fBfoo.org\fR via the \fBslow\fR transport to a mail
exchanger for \fBfoo.org\fR. The \fBslow\fR transport could be
.ti +5
\fBfoo.org slow:\fR
-When no \fItransport\fR is specified, Postfix uses either
-\fB$local_transport\fR or \fB$default_transport\fR, depending
-on whether the destination matches \fB$mydestination\fR.
-The following sends all mail for \fBfoo.org\fR and its
+When no transport is specified, Postfix uses the transport that
+matches the address domain class (see TRANSPORT FIELD discussion
+above). The following sends all mail for \fBfoo.org\fR and its
subdomains to host \fBgateway.foo.org\fR:
.ti +5
.PP
Other parameters of interest:
.IP \fBlocal_transport\fR
-The mail delivery transport to use when no transport is explicitly
-specified, and the destination matches \fB$mydestination\fR.
+The default mail delivery transport when the destination matches
+\fB$mydestination\fR or \fB$inet_interfaces\fR.
+.IP \fBvirtual_transport\fR
+The default mail delivery transport when the destination matches
+\fBvirtual_mailbox_domains\fR.
+.IP \fBrelay_transport\fR
+The default mail delivery transport when the destination matches
+\fBrelay_domains\fR.
.IP \fBdefault_transport\fR
-The mail delivery transport to use when no transport is explicitly
-specified, and the destination does not match \fB$mydestination\fR.
+The default mail delivery transport when the destination does not
+match a local, virtual or relay destination.
.IP \fBmydestination\fR
The destinations that are given to \fB$local_transport\fR
by default.
.IP \fBrelayhost\fR
The default host for destinations that do not match
-\fB$mydestination\fR.
+\fB$mydestination\fR, \fB$inet_interfaces\fR,
+\fBvirtual_alias_domains\fR or \fBvirtual_mailbox_domains\fR.
.SH SEE ALSO
.na
.nf
.ad
.fi
The optional \fBvirtual\fR alias table specifies address aliasing
-for local and non-local recipients. Virtual aliasing is used
-by the \fBcleanup\fR(8) daemon. Virtual aliasing is recursive.
-
+for arbitrary local or non-local recipient addresses. Virtual aliasing
+is recursive, and is done by the Postfix \fBcleanup\fR(8) daemon.
+
+The main applications of virtual aliasing are:
+.IP \(bu
+To redirect mail from one address to one or more other addresses.
+.IP \(bu
+To simulate virtual domains where all virtual addresses are aliased
+to non-virtual addresses.
+.PP
Virtual aliasing is applied only to recipient
envelope addresses, and does not affect message headers.
Think Sendmail rule set \fBS0\fR, if you like. Use \fBcanonical\fR(5)
With a simulated virtual domain, the virtual domain has its
own user name space. Local (i.e. non-virtual) usernames are not
visible in a simulated virtual domain. In particular, local
-\fBaliases\fR(5) and mailing lists are not visible as
-\fIlocalname@virtual.domain\fR.
+\fBaliases\fR(5) and local mailing lists are not visible as
+\fIlocalname@simulated.domain\fR.
Support for a simulated virtual domain looks like:
/etc/postfix/virtual:
.nf
.na
-\fIvirtual.domain anything\fR (right-hand content does not matter)
-\fIpostmaster@virtual.domain postmaster\fR
-\fIuser1@virtual.domain address1\fR
-\fIuser2@virtual.domain address2, address3\fR
+\fIsimulated.domain anything\fR (right-hand content does not matter)
+\fIpostmaster@simulated.domain postmaster\fR
+\fIuser1@simulated.domain address1\fR
+\fIuser2@simulated.domain address2, address3\fR
.fi
.in -4
.ad
.fi
.sp
-The \fIvirtual.domain anything\fR entry is required for a
+The \fIsimulated.domain anything\fR entry is required for a
simulated virtual domain. Without this entry, mail will
be rejected with a "relay access denied" error condition.
mydestination\fR configuration parameter.
With a simulated virtual domain, the Postfix SMTP server
-accepts mail for \fIknown-user@virtual.domain\fR, and rejects
-mail for \fIunknown-user\fR@\fIvirtual.domain\fR as undeliverable.
+accepts mail for \fIknown-user@simulated.domain\fR, and rejects
+mail for \fIunknown-user\fR@\fIsimulated.domain\fR as undeliverable.
Instead of specifying the simulated virtual domain name via
the \fBvirtual_alias_maps\fR table, you may also specify it via
.IP \fBmydestination\fR
List of domains that this mail system considers local.
.IP \fBmyorigin\fR
-The domain that is appended to locally-posted mail.
+The domain that is appended to any address that does not have a domain.
.IP \fBowner_request_special\fR
Give special treatment to \fBowner-\fIxxx\fR and \fIxxx\fB-request\fR
addresses.
.nf
cleanup(8) canonicalize and enqueue mail
postmap(1) create mapping table
-pcre_table(5) format of PCRE tables
-regexp_table(5) format of POSIX regular expression tables
+regexp_table(5) POSIX regular expression table format
+pcre_table(5) Perl Compatible Regular Expression table format
.SH LICENSE
.na
.nf
qmgr(8) queue manager daemon
syslogd(8) system logging
trivial-rewrite(8) address rewriting
-virtual(5) virtual address lookup table format
+virtual(5) virtual alias lookup table format
.SH FILES
.na
.nf
List of maps with user names that are local to \fB$myorigin\fR
or \fB$inet_interfaces\fR. If this parameter is defined,
then the SMTP server rejects mail for unknown local users.
+.IP \fBrelay_recipient_maps\fR
+List of maps that define all the email addresses in the domains
+that match \fB$relay_domains\fR. If this parameter is defined,
+then the SMTP server rejects mail for unknown relay recipients.
.IP \fBnotify_classes\fR
List of error classes. Of special interest are:
.RS
Only domains whose primary MX hosts match the listed networks
are eligible for the \fBpermit_mx_backup\fR feature.
.IP \fBrelay_domains\fR
-Restrict what domains or networks this mail system will relay
-mail from or to.
+Restrict what domains this mail system will relay
+mail to. The domains are routed to the delivery agent
+specified with the \fBrelay_transport\fR setting.
.SH "UCE control responses"
.ad
.fi
.SH SEE ALSO
.na
.nf
+trivial-rewrite(8) address resolver
cleanup(8) message canonicalization
master(8) process manager
syslogd(8) system logging
This is a safety measure to ensure that an out of control map in
\fBvirtual_mailbox_maps\fR doesn't litter the filesystem with mailboxes.
While it could be set to "/", this setting isn't recommended.
-.IP "\fBvirtual_mailbox_maps\fR (regexp maps disallowed)"
+.IP \fBvirtual_mailbox_maps\fR
Recipients are looked up in these maps to determine the path to
their mailbox or maildir. If the returned path ends in a slash
("/"), maildir-style delivery is carried out, otherwise the
Note that \fBvirtual_mailbox_base\fR is unconditionally prepended
to this path.
+
+For security reasons, regular expression maps are allowed but
+regular expression substitution of $1 etc. is disallowed,
+because that would open a security hole.
.IP \fBvirtual_mailbox_domains\fR
The list of domains that should be delivered via the Postfix virtual
delivery agent. This uses the same syntax as the \fBmydestination\fR
a \fBvirtual_owner_maps\fR or \fBvirtual_uid_maps\fR lookup.
Returned values less than this will be rejected, and the message
will be deferred.
-.IP "\fBvirtual_uid_maps\fR (regexp maps disallowed)"
+.IP \fBvirtual_uid_maps\fR
Recipients are looked up in these maps to determine the user ID to be
used when writing to the target mailbox.
In a lookup table, specify a left-hand side of \fI@domain.tld\fR
to match any user in the specified domain that does not have a
specific \fIuser@domain.tld\fR entry.
-.IP "\fBvirtual_gid_maps\fR (regexp maps disallowed)"
+
+For security reasons, regular expression maps are allowed but
+regular expression substitution of $1 etc. is disallowed,
+because that would open a security hole.
+.IP \fBvirtual_gid_maps\fR
Recipients are looked up in these maps to determine the group ID to be
used when writing to the target mailbox.
In a lookup table, specify a left-hand side of \fI@domain.tld\fR
to match any user in the specified domain that does not have a
specific \fIuser@domain.tld\fR entry.
+
+For security reasons, regular expression maps are allowed but
+regular expression substitution of $1 etc. is disallowed,
+because that would open a security hole.
.SH "Locking controls"
.ad
.fi
.SH SEE ALSO
.na
.nf
+regexp_table(5) POSIX regular expression table format
+pcre_table(5) Perl Compatible Regular Expression table format
bounce(8) non-delivery status reports
syslogd(8) system logging
qmgr(8) queue manager
rm -f $(CONFIG)
../conf/access: access
- srctoman - $? | $(AWK) | nroff -man | col -bx | uniq | sed 's/^/# /' >$@
+ ../mantools/srctoman - $? | $(AWK) | nroff -man | col -bx | uniq | sed 's/^/# /' >$@
../conf/aliases: aliases0 aliases
- (cat aliases0; srctoman - aliases | $(AWK) | nroff -man | col -bx | uniq | sed 's/^/# /') >$@
+ (cat aliases0; ../mantools/srctoman - aliases | $(AWK) | nroff -man | col -bx | uniq | sed 's/^/# /') >$@
../conf/canonical: canonical
- srctoman - $? | $(AWK) | nroff -man | col -bx | uniq | sed 's/^/# /' >$@
+ ../mantools/srctoman - $? | $(AWK) | nroff -man | col -bx | uniq | sed 's/^/# /' >$@
../conf/pcre_table: pcre_table
- srctoman - $? | $(AWK) | nroff -man | col -bx | uniq | sed 's/^/# /' >$@
+ ../mantools/srctoman - $? | $(AWK) | nroff -man | col -bx | uniq | sed 's/^/# /' >$@
../conf/regexp_table: regexp_table
- srctoman - $? | $(AWK) | nroff -man | col -bx | uniq | sed 's/^/# /' >$@
+ ../mantools/srctoman - $? | $(AWK) | nroff -man | col -bx | uniq | sed 's/^/# /' >$@
../conf/relocated: relocated
- srctoman - $? | $(AWK) | nroff -man | col -bx | uniq | sed 's/^/# /' >$@
+ ../mantools/srctoman - $? | $(AWK) | nroff -man | col -bx | uniq | sed 's/^/# /' >$@
../conf/transport: transport
- srctoman - $? | $(AWK) | nroff -man | col -bx | uniq | sed 's/^/# /' >$@
+ ../mantools/srctoman - $? | $(AWK) | nroff -man | col -bx | uniq | sed 's/^/# /' >$@
../conf/virtual: virtual
- srctoman - $? | $(AWK) | nroff -man | col -bx | uniq | sed 's/^/# /' >$@
+ ../mantools/srctoman - $? | $(AWK) | nroff -man | col -bx | uniq | sed 's/^/# /' >$@
# addresses.
# .IP \fBrecipient_delimiter\fR
# Delimiter that separates recipients from address extensions.
+# BUGS
+# Regular expression alias lookup tables are allowed, but
+# substitution of $1 etc. is forbidden because that would
+# open a security loophole.
# STANDARDS
# RFC 822 (ARPA Internet Text Messages)
# SEE ALSO
# local(8) local delivery agent
-# postalias(1) alias database management
+# newaliases(1) alias database management
+# regexp_table(5) POSIX regular expression table format
+# pcre_table(5) Perl Compatible Regular Expression table format
# LICENSE
# .ad
# .fi
# >>>>>>>>>> show through to Postfix.
#
+# Person who should get root's mail. Don't receive mail as root!
+#root: you
+
# Basic system aliases -- these MUST be present
MAILER-DAEMON: postmaster
postmaster: root
# trap decode to catch security attacks
decode: root
-# Person who should get root's mail
-#root: you
-
# or \fInexthop\fR field means "do not change": use the delivery
# transport and nexthop information that would be used if no
# match were found.
-# .PP
-# The interpretation of the \fInexthop\fR field is transport
+# .SH TRANSPORT FIELD
+# .ad
+# .fi
+# The transport field specifies the name of a mail delivery transport
+# (the first name of a mail delivery service entry in the Postfix
+# \fBmaster.cf\fR file).
+#
+# When a null transport field is specified, Postfix uses one of the
+# following transports:
+# .IP \fB$local_transport\fR
+# The domain matches \fB$mydestination\fR or \fB$inet_interfaces\fR.
+# .IP \fB$virtual_transport\fR
+# The domain matches \fB$virtual_mailbox_domains\fR.
+# .IP \fB$relay_transport\fR
+# The domain matches \fB$relay_transport\fR.
+# .IP \fB$default_transport\fR
+# All other non-local, non-virtual destinations.
+# .SH NEXTHOP FIELD
+# .ad
+# .fi
+# The interpretation of the nexthop field is transport
# dependent. In the case of SMTP, specify \fIhost\fR:\fIservice\fR for a
# non-default server port, and use [\fIhost\fR] or [\fIhost\fR]:\fIport\fR
# in order to disable MX (mail exchanger) DNS lookups. The [] form
# can also be used with IP addresses instead of hostnames.
-# .PP
+# .SH LOOKUP ORDER
+# .ad
+# .fi
# With lookups from indexed files such as DB or DBM, or from networked
# tables such as NIS, LDAP or SQL, patterns are tried in the order as
# listed below:
# .ti +5
# \fB\&.foo.org uucp:foo\fR
#
-# When no \fInexthop\fR host name is specified, the destination domain
+# When no nexthop host name is specified, the destination domain
# name is used instead. For example, the following directs mail for
# \fIuser\fR@\fBfoo.org\fR via the \fBslow\fR transport to a mail
# exchanger for \fBfoo.org\fR. The \fBslow\fR transport could be
# .ti +5
# \fBfoo.org slow:\fR
#
-# When no \fItransport\fR is specified, Postfix uses either
-# \fB$local_transport\fR or \fB$default_transport\fR, depending
-# on whether the destination matches \fB$mydestination\fR.
-# The following sends all mail for \fBfoo.org\fR and its
+# When no transport is specified, Postfix uses the transport that
+# matches the address domain class (see TRANSPORT FIELD discussion
+# above). The following sends all mail for \fBfoo.org\fR and its
# subdomains to host \fBgateway.foo.org\fR:
#
# .ti +5
# .PP
# Other parameters of interest:
# .IP \fBlocal_transport\fR
-# The mail delivery transport to use when no transport is explicitly
-# specified, and the destination matches \fB$mydestination\fR.
+# The default mail delivery transport when the destination matches
+# \fB$mydestination\fR or \fB$inet_interfaces\fR.
+# .IP \fBvirtual_transport\fR
+# The default mail delivery transport when the destination matches
+# \fBvirtual_mailbox_domains\fR.
+# .IP \fBrelay_transport\fR
+# The default mail delivery transport when the destination matches
+# \fBrelay_domains\fR.
# .IP \fBdefault_transport\fR
-# The mail delivery transport to use when no transport is explicitly
-# specified, and the destination does not match \fB$mydestination\fR.
+# The default mail delivery transport when the destination does not
+# match a local, virtual or relay destination.
# .IP \fBmydestination\fR
# The destinations that are given to \fB$local_transport\fR
# by default.
# .IP \fBrelayhost\fR
# The default host for destinations that do not match
-# \fB$mydestination\fR.
+# \fB$mydestination\fR, \fB$inet_interfaces\fR,
+# \fBvirtual_alias_domains\fR or \fBvirtual_mailbox_domains\fR.
# SEE ALSO
# postmap(1) create mapping table
# trivial-rewrite(8) rewrite and resolve addresses
# \fBpostmap -q - /etc/postfix/virtual <\fIinputfile\fR
# DESCRIPTION
# The optional \fBvirtual\fR alias table specifies address aliasing
-# for local and non-local recipients. Virtual aliasing is used
-# by the \fBcleanup\fR(8) daemon. Virtual aliasing is recursive.
-#
+# for arbitrary local or non-local recipient addresses. Virtual aliasing
+# is recursive, and is done by the Postfix \fBcleanup\fR(8) daemon.
+#
+# The main applications of virtual aliasing are:
+# .IP \(bu
+# To redirect mail from one address to one or more other addresses.
+# .IP \(bu
+# To simulate virtual domains where all virtual addresses are aliased
+# to non-virtual addresses.
+# .PP
# Virtual aliasing is applied only to recipient
# envelope addresses, and does not affect message headers.
# Think Sendmail rule set \fBS0\fR, if you like. Use \fBcanonical\fR(5)
# With a simulated virtual domain, the virtual domain has its
# own user name space. Local (i.e. non-virtual) usernames are not
# visible in a simulated virtual domain. In particular, local
-# \fBaliases\fR(5) and mailing lists are not visible as
-# \fIlocalname@virtual.domain\fR.
+# \fBaliases\fR(5) and local mailing lists are not visible as
+# \fIlocalname@simulated.domain\fR.
#
# Support for a simulated virtual domain looks like:
#
# /etc/postfix/virtual:
# .nf
# .na
-# \fIvirtual.domain anything\fR (right-hand content does not matter)
-# \fIpostmaster@virtual.domain postmaster\fR
-# \fIuser1@virtual.domain address1\fR
-# \fIuser2@virtual.domain address2, address3\fR
+# \fIsimulated.domain anything\fR (right-hand content does not matter)
+# \fIpostmaster@simulated.domain postmaster\fR
+# \fIuser1@simulated.domain address1\fR
+# \fIuser2@simulated.domain address2, address3\fR
# .fi
# .in -4
# .ad
# .fi
# .sp
-# The \fIvirtual.domain anything\fR entry is required for a
+# The \fIsimulated.domain anything\fR entry is required for a
# simulated virtual domain. Without this entry, mail will
# be rejected with a "relay access denied" error condition.
#
# mydestination\fR configuration parameter.
#
# With a simulated virtual domain, the Postfix SMTP server
-# accepts mail for \fIknown-user@virtual.domain\fR, and rejects
-# mail for \fIunknown-user\fR@\fIvirtual.domain\fR as undeliverable.
+# accepts mail for \fIknown-user@simulated.domain\fR, and rejects
+# mail for \fIunknown-user\fR@\fIsimulated.domain\fR as undeliverable.
#
# Instead of specifying the simulated virtual domain name via
# the \fBvirtual_alias_maps\fR table, you may also specify it via
# .IP \fBmydestination\fR
# List of domains that this mail system considers local.
# .IP \fBmyorigin\fR
-# The domain that is appended to locally-posted mail.
+# The domain that is appended to any address that does not have a domain.
# .IP \fBowner_request_special\fR
# Give special treatment to \fBowner-\fIxxx\fR and \fIxxx\fB-request\fR
# addresses.
# SEE ALSO
# cleanup(8) canonicalize and enqueue mail
# postmap(1) create mapping table
-# pcre_table(5) format of PCRE tables
-# regexp_table(5) format of POSIX regular expression tables
+# regexp_table(5) POSIX regular expression table format
+# pcre_table(5) Perl Compatible Regular Expression table format
# LICENSE
# .ad
# .fi
/* qmgr(8) queue manager daemon
/* syslogd(8) system logging
/* trivial-rewrite(8) address rewriting
-/* virtual(5) virtual address lookup table format
+/* virtual(5) virtual alias lookup table format
/* FILES
/* /etc/postfix/canonical*, canonical mapping table
/* /etc/postfix/virtual*, virtual mapping table
DNS_RR *rr;
int resource_found = 0;
int cname_found = 0;
- int default_status = DNS_NOTFOUND;
+ int not_found_status = DNS_NOTFOUND;
/*
* Initialize. Skip over the name server query if we haven't yet.
resource_found++;
*rrlist = dns_rr_append(*rrlist, rr);
} else
- default_status = DNS_RETRY;
+ not_found_status = DNS_RETRY;
} else
resource_found++;
} else if (fixed.type == T_CNAME) { /* cname resource */
return (DNS_OK);
if (cname_found)
return (DNS_RECURSE);
- return (default_status);
+ return (not_found_status);
}
/* dns_lookup - DNS lookup user interface */
switch (status) {
default:
if (why)
- vstring_sprintf(why, "%s: Malformed name server reply", name);
+ vstring_sprintf(why, "Name service error for name=%s type=%s: "
+ "Malformed name server reply",
+ name, dns_strtype(type));
case DNS_NOTFOUND:
case DNS_OK:
return (status);
/* char *var_syslog_facility;
/* char *var_relay_domains;
/* char *var_fflush_domains;
-/* char *var_def_transport;
/* char *var_mynetworks_style;
/* char *var_verp_delims;
/* char *var_verp_filter;
char *var_syslog_facility;
char *var_relay_domains;
char *var_fflush_domains;
-char *var_def_transport;
char *var_mynetworks_style;
char *var_verp_delims;
char *var_verp_filter;
VAR_FFLUSH_DOMAINS, DEF_FFLUSH_DOMAINS, &var_fflush_domains, 0, 0,
VAR_EXPORT_ENVIRON, DEF_EXPORT_ENVIRON, &var_export_environ, 0, 0,
VAR_IMPORT_ENVIRON, DEF_IMPORT_ENVIRON, &var_import_environ, 0, 0,
- VAR_DEF_TRANSPORT, DEF_DEF_TRANSPORT, &var_def_transport, 0, 0,
VAR_MYNETWORKS_STYLE, DEF_MYNETWORKS_STYLE, &var_mynetworks_style, 1, 0,
VAR_DEBUG_PEER_LIST, DEF_DEBUG_PEER_LIST, &var_debug_peer_list, 0, 0,
VAR_VERP_DELIMS, DEF_VERP_DELIMS, &var_verp_delims, 2, 2,
#define DEF_RELAY_TRANSPORT MAIL_SERVICE_RELAY
extern char *var_relay_transport;
+#define VAR_RELAY_RCPT_MAPS "relay_recipient_maps"
+#define DEF_RELAY_RCPT_MAPS ""
+extern char *var_relay_rcpt_maps;
+
#define VAR_CLIENT_CHECKS "smtpd_client_restrictions"
#define DEF_CLIENT_CHECKS ""
extern char *var_client_checks;
* Patches change the patchlevel and the release date. Snapshots change the
* release date only, unless they include the same bugfix as a patch release.
*/
-#define MAIL_RELEASE_DATE "20021207"
+#define MAIL_RELEASE_DATE "20021208"
#define VAR_MAIL_VERSION "mail_version"
#define DEF_MAIL_VERSION "1.1.12-" MAIL_RELEASE_DATE
/* locking. Dictionaries are opened read-only, and in-memory
/* dictionary instances are shared.
/*
+/* Lookups are case sensitive.
+/*
/* maps_create() takes list of type:name pairs and opens the
/* named dictionaries.
/* The result is a handle that must be specified along with all
/* The address resolved to something that has invalid syntax.
/* .IP RESOLVE_FLAG_FAIL
/* The request could not be completed.
+/* .PP
+/* In addition, the address domain class is returned by setting
+/* one of the following flags (this is preliminary code awaiting
+/* more permanent implementation of address domain class handling):
+/* .IP RESOLVE_CLASS_LOCAL
+/* The address domain matches $mydestination or $inet_interfaces.
+/* .IP RESOLVE_CLASS_ALIAS
+/* The address domain matches $virtual_alias_domains (simulated
+/* virtual domains, where each address is redirected to a real
+/* local or remote address).
+/* .IP RESOLVE_CLASS_VIRTUAL
+/* The address domain matches $virtual_mailbox_domains (true
+/* virtual domains where each address can have its own mailbox).
+/* .IP RESOLVE_CLASS_RELAY
+/* The address domain matches $relay_domains, i.e. this is an
+/* authorized mail relay destination.
+/* .IP RESOLVE_CLASS_DEFAULT
+/* The address matches none of the above. Access to this domain
+/* should be limited to authorized senders only.
+/* .PP
+/* For convenience, the constant RESOLVE_CLASS_FINAL includes all
+/* cases where the local machine is the final destination.
/* DIAGNOSTICS
/* Warnings: communication failure. Fatal error: mail system is down.
/* SEE ALSO
#define RESOLVE_FLAG_FAIL (1<<3) /* request failed */
#define RESOLVE_CLASS_LOCAL (1<<8) /* mydestination/inet_interfaces */
-#define RESOLVE_CLASS_ERROR (1<<9) /* virtual_alias_domains */
+#define RESOLVE_CLASS_ALIAS (1<<9) /* virtual_alias_domains */
#define RESOLVE_CLASS_VIRTUAL (1<<10) /* virtual_mailbox_domains */
#define RESOLVE_CLASS_RELAY (1<<11) /* relay_domains */
#define RESOLVE_CLASS_DEFAULT (1<<12) /* raise reject_unauth_destination */
+#define RESOLVE_CLASS_FINAL \
+ (RESOLVE_CLASS_LOCAL | RESOLVE_CLASS_ALIAS | RESOLVE_CLASS_VIRTUAL)
+
typedef struct RESOLVE_REPLY {
VSTRING *transport;
VSTRING *nexthop;
/* agent. The code is made available as a library module so that
/* other programs can perform compatible queries.
/*
+/* Lookups are case sensitive.
+/*
/* virtual8_maps_create() takes list of type:name pairs and opens the
/* named dictionaries.
/* The result is a handle that must be specified along with all
}
/*
- * Look up the full address.
+ * Look up the full address. Allow regexp table searches.
*/
if (bare == 0) {
result = maps_find(maps, recipient, DICT_FLAG_NONE);
var_rcpt_delim = "+";
var_double_bounce_sender = DEF_DOUBLE_BOUNCE;
- maps = maps_create("testmap", argv[1], DICT_FLAG_LOCK);
+ maps = virtual8_maps_create("testmap", argv[1], DICT_FLAG_LOCK);
buffer = vstring_alloc(1);
while (vstring_fgets_nonl(buffer, VSTREAM_IN)) {
vstream_printf("%s -> %s\n", STR(buffer), result ? result : "(none)");
vstream_fflush(VSTREAM_OUT);
}
- maps_free(maps);
+ virtual8_maps_free(maps);
vstring_free(buffer);
return (0);
}
* With aliases that have an owner- alias, the latter is used to set the
* sender and owner attributes. Otherwise, the owner attribute is reset
* (the alias is globally visible and could be sent to by anyone).
- *
- * Don't allow regexp substitutions.
*/
for (cpp = alias_maps->argv->argv; *cpp; cpp++) {
if ((dict = dict_handle(*cpp)) == 0)
tok822_rewrite(addr, REWRITE_CANON);
tok822_resolve(addr, &reply);
+ /*
+ * First, a healthy portion of error handling.
+ */
if (reply.flags & RESOLVE_FLAG_FAIL) {
status = defer_append(BOUNCE_FLAG_KEEP, /* XXX */
BOUNCE_ATTR(state.msg_attr),
"address resolver failure");
+ } else if (reply.flags & RESOLVE_FLAG_ERROR) {
+ status = bounce_append(BOUNCE_FLAG_KEEP,/* XXX */
+ BOUNCE_ATTR(state.msg_attr),
+ "bad recipient address syntax: %s",
+ STR(reply.recipient));
} else {
/*
/*
* Do not bother the application when the client disconnected.
*/
- if (master_notify(var_pid, MASTER_STAT_TAKEN) < 0)
- multi_server_abort(EVENT_NULL_TYPE, EVENT_NULL_CONTEXT);
if (peekfd(vstream_fileno(stream)) > 0) {
+ if (master_notify(var_pid, MASTER_STAT_TAKEN) < 0)
+ multi_server_abort(EVENT_NULL_TYPE, EVENT_NULL_CONTEXT);
multi_server_service(stream, multi_server_name, multi_server_argv);
+ if (master_notify(var_pid, MASTER_STAT_AVAIL) < 0)
+ multi_server_abort(EVENT_NULL_TYPE, EVENT_NULL_CONTEXT);
} else {
multi_server_disconnect(stream);
}
- if (master_notify(var_pid, MASTER_STAT_AVAIL) < 0)
- multi_server_abort(EVENT_NULL_TYPE, EVENT_NULL_CONTEXT);
if (client_count == 0 && var_idle_limit > 0)
event_request_timer(multi_server_timeout, (char *) 0, var_idle_limit);
}
* Illustrated volume 2 page 532. We avoid select() collisions with an
* external lock file.
*/
+
+ /*
+ * XXX Can't compete for exclusive access to the listen socket because we
+ * also have to monitor existing client connections for service requests.
+ */
+#if 0
if (stream == 0 && !alone) {
lock_path = concatenate(DEF_PID_DIR, "/", transport,
".", service_name, (char *) 0);
myfree(lock_path);
vstring_free(why);
}
+#endif
/*
* Set up call-back info.
/* $\fBconfig_directory/main.cf\fR, configuration parameters
/* $\fBconfig_directory/master.cf\fR, Postfix daemon processes
/* SEE ALSO
-/* master(8) Postfix master program
+/* postconf(1) Postfix configuration management
+/* postsuper(1) Postfix housekeeping
+/* sendmail(1) Sendmail-compatible interface
+/* postmap(1) Postfix lookup table management
+/* master(8) Postfix master daemon
+/* .ad
+/* .fi
+/* The respective manual pages for the daemon processes
+/* specified in the \fBmaster.cf\fR file, and the manual
+/* pages referenced by those manual pages.
/* LICENSE
/* .ad
/* .fi
if (defer_xport_argv == 0)
defer_xport_argv = argv_split(var_defer_xports, " \t\r\n,");
for (cpp = defer_xport_argv->argv; *cpp; cpp++)
- if (strcasecmp(*cpp, STR(reply.transport)) == 0)
+ if (strcmp(*cpp, STR(reply.transport)) == 0)
break;
if (*cpp) {
qmgr_defer_recipient(message, recipient, "deferred transport");
SHELL = /bin/sh
SRCS = smtp.c smtp_connect.c smtp_proto.c smtp_chat.c smtp_session.c \
- smtp_addr.c smtp_trouble.c smtp_unalias.c smtp_state.c \
+ smtp_addr.c smtp_trouble.c smtp_state.c \
smtp_sasl_proto.c smtp_sasl_glue.c
OBJS = smtp.o smtp_connect.o smtp_proto.o smtp_chat.o smtp_session.o \
- smtp_addr.o smtp_trouble.o smtp_unalias.o smtp_state.o \
+ smtp_addr.o smtp_trouble.o smtp_state.o \
smtp_sasl_proto.o smtp_sasl_glue.o
HDRS = smtp.h smtp_sasl.h
TESTSRC =
/* List of maps with user names that are local to \fB$myorigin\fR
/* or \fB$inet_interfaces\fR. If this parameter is defined,
/* then the SMTP server rejects mail for unknown local users.
+/* .IP \fBrelay_recipient_maps\fR
+/* List of maps that define all the email addresses in the domains
+/* that match \fB$relay_domains\fR. If this parameter is defined,
+/* then the SMTP server rejects mail for unknown relay recipients.
/* .IP \fBnotify_classes\fR
/* List of error classes. Of special interest are:
/* .RS
/* Only domains whose primary MX hosts match the listed networks
/* are eligible for the \fBpermit_mx_backup\fR feature.
/* .IP \fBrelay_domains\fR
-/* Restrict what domains or networks this mail system will relay
-/* mail from or to.
+/* Restrict what domains this mail system will relay
+/* mail to. The domains are routed to the delivery agent
+/* specified with the \fBrelay_transport\fR setting.
/* .SH "UCE control responses"
/* .ad
/* .fi
/* Response code when a client violates the \fBreject_unknown_hostname\fR
/* restriction.
/* SEE ALSO
+/* trivial-rewrite(8) address resolver
/* cleanup(8) message canonicalization
/* master(8) process manager
/* syslogd(8) system logging
char *var_canonical_maps;
char *var_rcpt_canon_maps;
char *var_virt_alias_maps;
-char *var_virt_alias_doms;
char *var_virt_mailbox_maps;
char *var_virt_mailbox_doms;
-char *var_relocated_maps;
char *var_alias_maps;
char *var_local_rcpt_maps;
bool var_allow_untrust_route;
int var_smtpd_hist_thrsh;
char *var_smtpd_exp_filter;
char *var_def_rbl_reply;
+char *var_def_transport;
+char *var_error_transport;
+char *var_local_transport;
+char *var_relay_transport;
+char *var_virt_transport;
+char *var_relay_rcpt_maps;
/*
* Silly little macros.
VAR_CANONICAL_MAPS, DEF_CANONICAL_MAPS, &var_canonical_maps, 0, 0,
VAR_RCPT_CANON_MAPS, DEF_RCPT_CANON_MAPS, &var_rcpt_canon_maps, 0, 0,
VAR_VIRT_ALIAS_MAPS, DEF_VIRT_ALIAS_MAPS, &var_virt_alias_maps, 0, 0,
- VAR_VIRT_ALIAS_DOMS, DEF_VIRT_ALIAS_DOMS, &var_virt_alias_doms, 0, 0,
VAR_VIRT_MAILBOX_MAPS, DEF_VIRT_MAILBOX_MAPS, &var_virt_mailbox_maps, 0, 0,
VAR_VIRT_MAILBOX_DOMS, DEF_VIRT_MAILBOX_DOMS, &var_virt_mailbox_doms, 0, 0,
- VAR_RELOCATED_MAPS, DEF_RELOCATED_MAPS, &var_relocated_maps, 0, 0,
VAR_ALIAS_MAPS, DEF_ALIAS_MAPS, &var_alias_maps, 0, 0,
VAR_LOCAL_RCPT_MAPS, DEF_LOCAL_RCPT_MAPS, &var_local_rcpt_maps, 0, 0,
VAR_SMTPD_SASL_OPTS, DEF_SMTPD_SASL_OPTS, &var_smtpd_sasl_opts, 0, 0,
VAR_SMTPD_SND_AUTH_MAPS, DEF_SMTPD_SND_AUTH_MAPS, &var_smtpd_snd_auth_maps, 0, 0,
VAR_SMTPD_NOOP_CMDS, DEF_SMTPD_NOOP_CMDS, &var_smtpd_noop_cmds, 0, 0,
VAR_SMTPD_NULL_KEY, DEF_SMTPD_NULL_KEY, &var_smtpd_null_key, 0, 0,
+ VAR_DEF_TRANSPORT, DEF_DEF_TRANSPORT, &var_def_transport, 1, 0,
+ VAR_ERROR_TRANSPORT, DEF_ERROR_TRANSPORT, &var_error_transport, 1, 0,
+ VAR_LOCAL_TRANSPORT, DEF_LOCAL_TRANSPORT, &var_local_transport, 1, 0,
+ VAR_RELAY_TRANSPORT, DEF_RELAY_TRANSPORT, &var_relay_transport, 1, 0,
+ VAR_VIRT_TRANSPORT, DEF_VIRT_TRANSPORT, &var_virt_transport, 1, 0,
+ VAR_RELAY_RCPT_MAPS, DEF_RELAY_RCPT_MAPS, &var_relay_rcpt_maps, 0, 0,
0,
};
static CONFIG_RAW_TABLE raw_table[] = {
/* default template is used. The \fImaps_rbl_reject_code\fR
/* configuration parameter specifies the reject status code used in
/* the default template (default: 554).
-/* .IP reject_maps_rbl
-/* Look up the reversed client network address in the real-time blackhole
-/* DNS zones below the domains listed in the "maps_rbl_domains"
-/* configuration parameter. This is equivalent to using
-/* "reject_rbl_client" once for each such domain.
/* .IP permit_naked_ip_address
/* Permit the use of a naked IP address (without enclosing [])
/* in HELO/EHLO commands.
static MAPS *canonical_maps;
static MAPS *virt_alias_maps;
static MAPS *virt_mailbox_maps;
+static MAPS *relay_rcpt_maps;
+
+#ifdef TEST
static MAPS *relocated_maps;
static STRING_LIST *virt_alias_doms;
static STRING_LIST *virt_mailbox_doms;
+#endif
+
/*
* Response templates for various rbl domains.
*/
virt_mailbox_maps = virtual8_maps_create(VAR_VIRT_MAILBOX_MAPS,
var_virt_mailbox_maps,
DICT_FLAG_LOCK);
+ relay_rcpt_maps = maps_create(VAR_RELAY_RCPT_MAPS, var_relay_rcpt_maps,
+ DICT_FLAG_LOCK);
+
+#ifdef TEST
relocated_maps = maps_create(VAR_RELOCATED_MAPS, var_relocated_maps,
DICT_FLAG_LOCK);
virt_alias_doms = string_list_init(MATCH_FLAG_NONE, var_virt_alias_doms);
virt_mailbox_doms = string_list_init(MATCH_FLAG_NONE, var_virt_mailbox_doms);
+#endif
access_parent_style = match_parent_style(SMTPD_ACCESS_MAPS);
451, reply_name));
}
-/* check_str_match - reject with temporary failure if dict lookup fails */
-
-static int check_str_match(SMTPD_STATE *state, const char *reply_name,
- STRING_LIST *list, const char *key)
-{
- int result;
-
- dict_errno = 0;
- if ((result = string_list_match(list, key)) == 0
- && dict_errno == DICT_ERR_RETRY)
- reject_dict_retry(state, reply_name);
- return (result);
-}
-
/* checkv8_maps_find - reject with temporary failure if dict lookup fails */
static const char *checkv8_maps_find(SMTPD_STATE *state, const char *reply_name,
return (result);
}
-/* resolve_final - do we do final delivery for the domain? */
-
-static int resolve_final(SMTPD_STATE *state, const char *reply_name,
- const char *domain)
-{
-
- /* If matches $mydestination or $inet_interfaces. */
- if (resolve_local(domain)) {
- if (*var_virt_alias_doms
- && check_str_match(state, reply_name, virt_alias_doms, domain))
- msg_warn("list domain %s in only one of $%s and $%s",
- domain, VAR_MYDEST, VAR_VIRT_ALIAS_DOMS);
- if (*var_virt_mailbox_doms
- && check_str_match(state, reply_name, virt_mailbox_doms, domain))
- msg_warn("list domain %s in only one of $%s and $%s",
- domain, VAR_MYDEST, VAR_VIRT_MAILBOX_DOMS);
- return (1);
- }
- /* If Postfix-style virtual domain. */
- if (*var_virt_alias_doms
- && check_str_match(state, reply_name, virt_alias_doms, domain))
- return (1);
-
- /* If virtual mailbox domain. */
- if (*var_virt_mailbox_doms
- && check_str_match(state, reply_name, virt_mailbox_doms, domain))
- return (1);
-
- return (0);
-}
-
/* reject_unknown_client - fail if client hostname is unknown */
static int reject_unknown_client(SMTPD_STATE *state)
{
char *myname = "permit_auth_destination";
const RESOLVE_REPLY *reply;
- const char *domain;
if (msg_verbose)
msg_info("%s: %s", myname, recipient);
*/
reply = (const RESOLVE_REPLY *)
ctable_locate(smtpd_resolve_cache, recipient);
+ if (reply->flags & RESOLVE_FLAG_FAIL)
+ reject_dict_retry(state, recipient);
/*
* Handle special case that is not supposed to happen.
*/
- if ((domain = strrchr(CONST_STR(reply->recipient), '@')) == 0)
+ if (strrchr(CONST_STR(reply->recipient), '@') == 0)
return (SMTPD_CHECK_OK);
- domain += 1;
/*
* Skip source-routed non-local or virtual mail (uncertain destination).
* Permit final delivery: the destination matches mydestination,
* virtual_alias_domains, or virtual_mailbox_domains.
*/
- if (resolve_final(state, recipient, domain))
+ if (reply->flags & RESOLVE_CLASS_FINAL)
return (SMTPD_CHECK_OK);
/*
* Permit if the destination matches the relay_domains list.
*/
- if (domain_list_match(relay_domains, domain))
+ if (reply->flags & RESOLVE_CLASS_RELAY)
return (SMTPD_CHECK_OK);
/*
*/
reply = (const RESOLVE_REPLY *)
ctable_locate(smtpd_resolve_cache, recipient);
+ if (reply->flags & RESOLVE_FLAG_FAIL)
+ reject_dict_retry(state, recipient);
/*
* If the destination is local, it is acceptable, because we are
/*
* The destination is local, or it is a local virtual destination.
*/
- if (resolve_final(state, recipient, domain))
+ if (reply->flags & RESOLVE_CLASS_FINAL)
return (SMTPD_CHECK_OK);
if (msg_verbose)
/*
* Skip numerical forms that didn't match the local system.
*/
- if (domain[0] == '#'
- || (domain[0] == '[' && domain[strlen(domain) - 1] == ']'))
+ if (domain[0] == '[' && domain[strlen(domain) - 1] == ']')
return (SMTPD_CHECK_DUNNO);
/*
/*
* Skip forms that we can't handle yet.
*/
- if (domain[0] == '#')
- return (SMTPD_CHECK_DUNNO);
if (domain[0] == '[' && domain[strlen(domain) - 1] == ']')
return (SMTPD_CHECK_DUNNO);
* Resolve the address.
*/
reply = (const RESOLVE_REPLY *) ctable_locate(smtpd_resolve_cache, addr);
+ if (reply->flags & RESOLVE_FLAG_FAIL)
+ reject_dict_retry(state, addr);
/*
* Skip local destinations and non-DNS forms.
if ((domain = strrchr(CONST_STR(reply->recipient), '@')) == 0)
return (SMTPD_CHECK_DUNNO);
domain += 1;
- if (resolve_final(state, reply_name, domain))
- return (SMTPD_CHECK_DUNNO);
- if (domain[0] == '#')
+ if (reply->flags & RESOLVE_CLASS_FINAL)
return (SMTPD_CHECK_DUNNO);
if (domain[0] == '[' && domain[strlen(domain) - 1] == ']')
return (SMTPD_CHECK_DUNNO);
* Resolve the address.
*/
reply = (const RESOLVE_REPLY *) ctable_locate(smtpd_resolve_cache, addr);
+ if (reply->flags & RESOLVE_FLAG_FAIL)
+ reject_dict_retry(state, addr);
/*
* Garbage in, garbage out. Every address from canon_addr_internal() and
*/
if ((domain = strrchr(what, '@')) != 0) {
domain += 1;
- if (domain[0] == '#' || domain[0] == '[')
+ if (domain[0] == '[')
return (SMTPD_CHECK_DUNNO);
} else
domain = what;
char *bp = saved_domains;
char *rbl_domain;
int result = SMTPD_CHECK_DUNNO;
+ static int warned;
if (msg_verbose)
msg_info("%s: %s", myname, state->addr);
+ if (warned == 0) {
+ warned++;
+ msg_warn("restriction %s is going away. Please use %s <domain> instead",
+ REJECT_MAPS_RBL, REJECT_RBL_CLIENT);
+ }
while ((rbl_domain = mystrtok(&bp, " \t\r\n,")) != 0) {
result = reject_rbl_addr(state, rbl_domain, state->addr,
SMTPD_NAME_CLIENT);
* the sender address.
*/
reply = (const RESOLVE_REPLY *) ctable_locate(smtpd_resolve_cache, sender);
+ if (reply->flags & RESOLVE_FLAG_FAIL)
+ reject_dict_retry(state, sender);
owner = check_mail_addr_find(state, sender, smtpd_sender_login_maps,
STR(reply->recipient), (char **) 0);
#ifdef USE_SASL_AUTH
char *myname = "smtpd_check_rcptmap";
char *saved_recipient;
const RESOLVE_REPLY *reply;
- const char *domain;
int status;
/*
*/
reply = (const RESOLVE_REPLY *)
ctable_locate(smtpd_resolve_cache, recipient);
+ if (reply->flags & RESOLVE_FLAG_FAIL)
+ reject_dict_retry(state, recipient);
/*
- * Skip non-DNS forms. Skip non-local numerical forms.
+ * Make complex expressions more readable?
*/
- if ((domain = strrchr(CONST_STR(reply->recipient), '@')) == 0)
- SMTPD_CHECK_RCPT_RETURN(0);
- domain += 1;
- if (domain[0] == '#' || domain[0] == '[')
- if (!resolve_local(domain))
- SMTPD_CHECK_RCPT_RETURN(0);
+#define MATCH(map, rcpt) \
+ check_mail_addr_find(state, recipient, map, rcpt, (char **) 0)
-#define NOMATCH(map, rcpt) \
- (check_mail_addr_find(state, recipient, map, rcpt, (char **) 0) == 0)
+#define NOMATCH(map, rcpt) (MATCH(map, rcpt) == 0)
#define NOMATCHV8(map, rcpt) \
(checkv8_maps_find(state, recipient, map, rcpt) == 0)
/*
- * Reject mail to unknown addresses in Postfix-style virtual domains.
+ * XXX We throw up our hands if the address matches a canonical or
+ * virtual alias map. Eventually, the address resolver should give us the
+ * final resolved recipient address, and the SMTP server should write the
+ * final recipient address to the output record stream. See also the next
+ * comment block on recipients in simulated virtual domains.
*/
- if (*var_virt_alias_doms
- && (check_str_match(state, recipient, virt_alias_doms, domain))) {
- if (NOMATCH(rcpt_canon_maps, CONST_STR(reply->recipient))
- && NOMATCH(canonical_maps, CONST_STR(reply->recipient))
- && NOMATCH(relocated_maps, CONST_STR(reply->recipient))
- && NOMATCHV8(virt_mailbox_maps, CONST_STR(reply->recipient))
- && NOMATCH(virt_alias_maps, CONST_STR(reply->recipient))) {
- (void) smtpd_check_reject(state, MAIL_ERROR_BOUNCE,
- "%d <%s>: User unknown", 550, recipient);
- SMTPD_CHECK_RCPT_RETURN(STR(error_text));
- }
- }
+ if (MATCH(rcpt_canon_maps, CONST_STR(reply->recipient))
+ || MATCH(canonical_maps, CONST_STR(reply->recipient))
+ || MATCH(virt_alias_maps, CONST_STR(reply->recipient)))
+ SMTPD_CHECK_RCPT_RETURN(0);
/*
- * Reject mail to unknown addresses in Postfix-style virtual domains.
+ * At this point, anything that resolves to the error mailer is known to
+ * be undeliverable.
+ *
+ * XXX Until the address resolver does final address resolution, known and
+ * unknown recipients in simulated virtual domains will both resolve to
+ * "error:user unknown".
*/
- if (*var_virt_mailbox_doms
- && (check_str_match(state, recipient, virt_mailbox_doms, domain))) {
- if (NOMATCH(rcpt_canon_maps, CONST_STR(reply->recipient))
- && NOMATCH(canonical_maps, CONST_STR(reply->recipient))
- && NOMATCH(relocated_maps, CONST_STR(reply->recipient))
- && NOMATCHV8(virt_mailbox_maps, CONST_STR(reply->recipient))
- && NOMATCH(virt_alias_maps, CONST_STR(reply->recipient))) {
- (void) smtpd_check_reject(state, MAIL_ERROR_BOUNCE,
- "%d <%s>: User unknown", 550, recipient);
- SMTPD_CHECK_RCPT_RETURN(STR(error_text));
- }
+ if (strcmp(STR(reply->transport), var_error_transport) == 0) {
+ (void) smtpd_check_reject(state, MAIL_ERROR_BOUNCE,
+ "%d <%s>: %s", 550,
+ recipient, STR(reply->nexthop));
+ SMTPD_CHECK_RCPT_RETURN(STR(error_text));
}
/*
* Reject mail to unknown addresses in local domains (domains that match
- * $mydestination or $inet_interfaces). Accept mail for addresses in
- * Sendmail-style virtual domains.
- */
- if (*var_local_rcpt_maps && resolve_local(domain)) {
- if (NOMATCH(rcpt_canon_maps, CONST_STR(reply->recipient))
- && NOMATCH(canonical_maps, CONST_STR(reply->recipient))
- && NOMATCH(relocated_maps, CONST_STR(reply->recipient))
- && NOMATCHV8(virt_mailbox_maps, CONST_STR(reply->recipient))
- && NOMATCH(virt_alias_maps, CONST_STR(reply->recipient))
- && NOMATCH(local_rcpt_maps, CONST_STR(reply->recipient))) {
- (void) smtpd_check_reject(state, MAIL_ERROR_BOUNCE,
- "%d <%s>: User unknown", 550, recipient);
- SMTPD_CHECK_RCPT_RETURN(STR(error_text));
- }
+ * $mydestination or $inet_interfaces).
+ *
+ * XXX For now, we throw up our hands when a transport mapping overrides the
+ * default local delivery transport.
+ *
+ * XXX Use the less expensive maps_find() (case is already folded) instead
+ * of the baroque mail_addr_find(). But then we have to strip the domain
+ * and deal with address extensions ourselves.
+ */
+ if ((reply->flags & RESOLVE_CLASS_LOCAL)
+ && *var_local_rcpt_maps
+ && strcmp(STR(reply->transport), var_local_transport) == 0
+ && NOMATCH(local_rcpt_maps, CONST_STR(reply->recipient))) {
+ (void) smtpd_check_reject(state, MAIL_ERROR_BOUNCE,
+ "%d <%s>: User unknown", 550, recipient);
+ SMTPD_CHECK_RCPT_RETURN(STR(error_text));
+ }
+
+ /*
+ * Reject mail to unknown addresses in virtual mailbox domains.
+ *
+ * XXX For now, we throw up our hands when a transport mapping overrides the
+ * default virtual delivery transport.
+ */
+ if ((reply->flags & RESOLVE_CLASS_VIRTUAL)
+ && strcmp(STR(reply->transport), var_virt_transport) == 0
+ && NOMATCHV8(virt_mailbox_maps, CONST_STR(reply->recipient))) {
+ (void) smtpd_check_reject(state, MAIL_ERROR_BOUNCE,
+ "%d <%s>: User unknown", 550, recipient);
+ SMTPD_CHECK_RCPT_RETURN(STR(error_text));
+ }
+
+ /*
+ * Reject mail to unknown addresses in relay domains.
+ *
+ * XXX For now, we throw up our hands when a transport mapping overrides the
+ * default relay transport.
+ */
+ if ((reply->flags & RESOLVE_CLASS_RELAY)
+ && *var_relay_rcpt_maps
+ && strcmp(STR(reply->transport), var_relay_transport) == 0
+ && NOMATCH(relay_rcpt_maps, CONST_STR(reply->recipient))) {
+ (void) smtpd_check_reject(state, MAIL_ERROR_BOUNCE,
+ "%d <%s>: User unknown", 550, recipient);
+ SMTPD_CHECK_RCPT_RETURN(STR(error_text));
}
/*
char *var_rbl_reply_maps;
char *var_smtpd_exp_filter;
char *var_def_rbl_reply;
+char *var_local_transport;
+char *var_error_transport;
+char *var_virt_transport;
+char *var_relay_transport;
+char *var_def_transport;
+char *var_relay_rcpt_maps;
typedef struct {
char *name;
char **target;
} STRING_TABLE;
+#undef DEF_VIRT_ALIAS_MAPS
+#define DEF_VIRT_ALIAS_MAPS ""
+
static STRING_TABLE string_table[] = {
VAR_MAPS_RBL_DOMAINS, DEF_MAPS_RBL_DOMAINS, &var_maps_rbl_domains,
VAR_MYORIGIN, DEF_MYORIGIN, &var_myorigin,
VAR_RBL_REPLY_MAPS, DEF_RBL_REPLY_MAPS, &var_rbl_reply_maps,
VAR_SMTPD_EXP_FILTER, DEF_SMTPD_EXP_FILTER, &var_smtpd_exp_filter,
VAR_DEF_RBL_REPLY, DEF_DEF_RBL_REPLY, &var_def_rbl_reply,
+ VAR_LOCAL_TRANSPORT, DEF_LOCAL_TRANSPORT, &var_local_transport,
+ VAR_ERROR_TRANSPORT, DEF_ERROR_TRANSPORT, &var_error_transport,
+ VAR_VIRT_TRANSPORT, DEF_VIRT_TRANSPORT, &var_virt_transport,
+ VAR_RELAY_TRANSPORT, DEF_RELAY_TRANSPORT, &var_relay_transport,
+ VAR_DEF_TRANSPORT, DEF_DEF_TRANSPORT, &var_def_transport,
+ VAR_RELAY_RCPT_MAPS, DEF_RELAY_RCPT_MAPS, &var_relay_rcpt_maps,
0,
};
STRING_TABLE *sp;
for (sp = string_table; sp->name; sp++)
- sp->target[0] = mystrdup(sp->defval[0] == '$' ? "" : sp->defval);
+ sp->target[0] = mystrdup(sp->defval);
}
/* string_update - update string parameter */
void resolve_clnt_query(const char *addr, RESOLVE_REPLY *reply)
{
+ const char *domain;
+
if (addr == CONST_STR(reply->recipient))
msg_panic("resolve_clnt_query: result clobbers input");
- vstring_strcpy(reply->transport, "foo");
- vstring_strcpy(reply->nexthop, "foo");
if (strchr(addr, '%'))
msg_fatal("%s: address rewriting is disabled", addr);
+ if ((domain = strrchr(addr, '@')) == 0)
+ msg_fatal("%s: unqualified address", addr);
+ domain += 1;
+ if (resolve_local(domain)) {
+ reply->flags = RESOLVE_CLASS_LOCAL;
+ vstring_strcpy(reply->transport, var_local_transport);
+ vstring_strcpy(reply->nexthop, domain);
+ } else if (string_list_match(virt_alias_doms, domain)) {
+ reply->flags = RESOLVE_CLASS_ALIAS;
+ vstring_strcpy(reply->transport, var_error_transport);
+ vstring_strcpy(reply->nexthop, "user unknown");
+ } else if (string_list_match(virt_mailbox_doms, domain)) {
+ reply->flags = RESOLVE_CLASS_VIRTUAL;
+ vstring_strcpy(reply->transport, var_virt_transport);
+ vstring_strcpy(reply->nexthop, domain);
+ } else if (domain_list_match(relay_domains, domain)) {
+ reply->flags = RESOLVE_CLASS_RELAY;
+ vstring_strcpy(reply->transport, var_relay_transport);
+ vstring_strcpy(reply->nexthop, domain);
+ } else {
+ reply->flags = RESOLVE_CLASS_DEFAULT;
+ vstring_strcpy(reply->transport, var_def_transport);
+ vstring_strcpy(reply->nexthop, domain);
+ }
vstring_strcpy(reply->recipient, addr);
}
resp = 0;
break;
}
+ if (strcasecmp(args->argv[0], "relay_recipient_maps") == 0) {
+ UPDATE_STRING(var_relay_rcpt_maps, args->argv[1]);
+ UPDATE_MAPS(relay_rcpt_maps, VAR_LOCAL_RCPT_MAPS,
+ var_relay_rcpt_maps, DICT_FLAG_LOCK);
+ resp = 0;
+ break;
+ }
if (strcasecmp(args->argv[0], "canonical_maps") == 0) {
UPDATE_STRING(var_canonical_maps, args->argv[1]);
UPDATE_MAPS(canonical_maps, VAR_CANONICAL_MAPS,
>>> client foo 123.123.123.123
OK
>>> rcpt foo@watson.ibm.com
+./smtpd_check: warning: the "check_relay_domains" restriction is going away; use "reject_unauth_destination" instead
./smtpd_check: <queue id>: reject: RCPT from foo[123.123.123.123]: 554 <foo@watson.ibm.com>: Recipient address rejected: Relay access denied; from=<foo@friend.bad.domain> to=<foo@watson.ibm.com> proto=SMTP helo=<123.123.123.123>
554 <foo@watson.ibm.com>: Recipient address rejected: Relay access denied
>>> rcpt foo@porcupine.org
>>> client_restrictions reject_maps_rbl
OK
>>> client spike.porcupine.org 168.100.189.2
+./smtpd_check: warning: restriction reject_maps_rbl is going away. Please use reject_rbl_client <domain> instead
OK
>>> client foo 127.0.0.2
./smtpd_check: <queue id>: reject: CONNECT from foo[127.0.0.2]: 554 Service unavailable; Client host [127.0.0.2] blocked using blackholes.mail-abuse.org; Blackholed - see <URL:http://mail-abuse.org/cgi-bin/lookup?127.0.0.2>; from=<foo@friend.bad.domain> proto=SMTP helo=<123.123.123.123>
>>> client foo 123.123.123.123
OK
>>> rcpt foo@watson.ibm.com
+./smtpd_check: warning: the "check_relay_domains" restriction is going away; use "reject_unauth_destination" instead
./smtpd_check: <queue id>: reject: RCPT from foo[123.123.123.123]: 554 <foo@watson.ibm.com>: Recipient address rejected: Relay access denied; from=<foo@friend.bad.domain> to=<foo@watson.ibm.com> proto=SMTP helo=<friend.bad.domain>
554 <foo@watson.ibm.com>: Recipient address rejected: Relay access denied
>>> rcpt foo@porcupine.org
>>> client_restrictions reject_maps_rbl
OK
>>> client spike.porcupine.org 168.100.189.2
+./smtpd_check: warning: restriction reject_maps_rbl is going away. Please use reject_rbl_client <domain> instead
OK
>>> client foo 127.0.0.2
./smtpd_check: <queue id>: reject: CONNECT from foo[127.0.0.2]: 554 Service unavailable; Client host [127.0.0.2] blocked using blackholes.mail-abuse.org; Blackholed - see <URL:http://mail-abuse.org/cgi-bin/lookup?127.0.0.2>; from=<foo@friend.bad.domain> proto=SMTP helo=<friend.bad.domain>
>>> client spike.porcupine.org 168.100.189.2
OK
>>> rcpt rname@rdomain
+./smtpd_check: warning: restriction reject_maps_rbl is going away. Please use reject_rbl_client <domain> instead
OK
>>> client foo 127.0.0.2
OK
TOK822 *saved_domain = 0;
TOK822 *domain = 0;
char *destination;
- const char *blame;
+ const char *blame = 0;
*flags = 0;
if (virt_alias_doms
&& string_list_match(virt_alias_doms, STR(nexthop))) {
vstring_strcpy(channel, var_error_transport);
- vstring_strcpy(nexthop, "unknown user");
+ vstring_strcpy(nexthop, "User unknown");
blame = VAR_ERROR_TRANSPORT;
- *flags |= RESOLVE_CLASS_ERROR;
+ *flags |= RESOLVE_CLASS_ALIAS;
} else if (dict_errno != 0) {
msg_warn("%s lookup failure", VAR_VIRT_ALIAS_DOMS);
*flags |= RESOLVE_FLAG_FAIL;
/*
* Sanity checks.
*/
- if (*STR(channel) == 0)
- msg_fatal("file %s/%s: parameter %s: null transport is not allowed",
- var_config_dir, MAIN_CONF_FILE, blame);
- if (*STR(nexthop) == 0)
- msg_panic("%s: null nexthop", myname);
+ if ((*flags & RESOLVE_FLAG_FAIL) == 0) {
+ if (*STR(channel) == 0) {
+ if (blame == 0)
+ msg_panic("%s: null blame", myname);
+ msg_warn("file %s/%s: parameter %s: null transport is not allowed",
+ var_config_dir, MAIN_CONF_FILE, blame);
+ *flags |= RESOLVE_FLAG_FAIL;
+ }
+ if (*STR(nexthop) == 0)
+ msg_panic("%s: null nexthop", myname);
+ }
/*
* Bounce recipients that have moved. We do it here instead of in the
IGNORE_ADDR_EXTENSION)) != 0) {
vstring_strcpy(channel, var_error_transport);
vstring_sprintf(nexthop, "user has moved to %s", newloc);
- *flags |= RESOLVE_CLASS_ERROR;
} else if (dict_errno != 0) {
msg_warn("%s lookup failure", VAR_RELOCATED_MAPS);
*flags |= RESOLVE_FLAG_FAIL;
*
* XXX Don't override the error transport :-(
*/
- if ((*flags & RESOLVE_FLAG_FAIL) == 0
- && (*flags & RESOLVE_CLASS_ERROR) != 0
- && *var_transport_maps) {
+ if ((*flags & RESOLVE_FLAG_FAIL) == 0
+ && *var_transport_maps
+ && strcmp(STR(channel), var_error_transport) != 0) {
if (transport_lookup(STR(nextrcpt), channel, nexthop) == 0
&& dict_errno != 0) {
msg_warn("%s lookup failure", VAR_TRANSPORT_MAPS);
/*
* Look up an entry with extreme prejedice.
+ *
+ * XXX Should report lookup failure status to caller instead of aborting.
*/
if ((value = maps_find(transport_path, key, flags)) == 0) {
if (dict_errno != 0)
char *var_virt_alias_doms;
char *var_virt_mailbox_doms;
char *var_relocated_maps;
+char *var_def_transport;
/* rewrite_service - read request and send reply */
{
static CONFIG_STR_TABLE str_table[] = {
VAR_TRANSPORT_MAPS, DEF_TRANSPORT_MAPS, &var_transport_maps, 0, 0,
- VAR_LOCAL_TRANSPORT, DEF_LOCAL_TRANSPORT, &var_local_transport, 0, 0,
- VAR_ERROR_TRANSPORT, DEF_ERROR_TRANSPORT, &var_error_transport, 0, 0,
- VAR_VIRT_TRANSPORT, DEF_VIRT_TRANSPORT, &var_virt_transport, 0, 0,
- VAR_RELAY_TRANSPORT, DEF_RELAY_TRANSPORT, &var_relay_transport, 0, 0,
+ VAR_LOCAL_TRANSPORT, DEF_LOCAL_TRANSPORT, &var_local_transport, 1, 0,
+ VAR_ERROR_TRANSPORT, DEF_ERROR_TRANSPORT, &var_error_transport, 1, 0,
+ VAR_VIRT_TRANSPORT, DEF_VIRT_TRANSPORT, &var_virt_transport, 1, 0,
+ VAR_RELAY_TRANSPORT, DEF_RELAY_TRANSPORT, &var_relay_transport, 1, 0,
VAR_XPORT_NULL_KEY, DEF_XPORT_NULL_KEY, &var_xport_null_key, 1, 0,
VAR_VIRT_ALIAS_MAPS, DEF_VIRT_ALIAS_MAPS, &var_virt_alias_maps, 0, 0,
VAR_VIRT_ALIAS_DOMS, DEF_VIRT_ALIAS_DOMS, &var_virt_alias_doms, 0, 0,
VAR_VIRT_MAILBOX_MAPS, DEF_VIRT_MAILBOX_MAPS, &var_virt_mailbox_maps, 0, 0,
VAR_VIRT_MAILBOX_DOMS, DEF_VIRT_MAILBOX_DOMS, &var_virt_mailbox_doms, 0, 0,
+ VAR_DEF_TRANSPORT, DEF_DEF_TRANSPORT, &var_def_transport, 1, 0,
VAR_VIRT_TRANSPORT, DEF_VIRT_TRANSPORT, &var_virt_transport, 1, 0,
VAR_RELAY_TRANSPORT, DEF_RELAY_TRANSPORT, &var_relay_transport, 1, 0,
VAR_RELOCATED_MAPS, DEF_RELOCATED_MAPS, &var_relocated_maps, 0, 0,
if (type == MAC_PARSE_VARNAME) {
if (ctxt->flags & DICT_FLAG_NO_REGSUB) {
msg_warn("pcre map %s, line %d: "
- "regular expression substitution is not allowed"
+ "regular expression substitution is not allowed",
ctxt->mapname, ctxt->lineno);
return (MAC_PARSE_ERROR);
}
/* This is a safety measure to ensure that an out of control map in
/* \fBvirtual_mailbox_maps\fR doesn't litter the filesystem with mailboxes.
/* While it could be set to "/", this setting isn't recommended.
-/* .IP "\fBvirtual_mailbox_maps\fR (regexp maps disallowed)"
+/* .IP \fBvirtual_mailbox_maps\fR
/* Recipients are looked up in these maps to determine the path to
/* their mailbox or maildir. If the returned path ends in a slash
/* ("/"), maildir-style delivery is carried out, otherwise the
/*
/* Note that \fBvirtual_mailbox_base\fR is unconditionally prepended
/* to this path.
+/*
+/* For security reasons, regular expression maps are allowed but
+/* regular expression substitution of $1 etc. is disallowed,
+/* because that would open a security hole.
/* .IP \fBvirtual_mailbox_domains\fR
/* The list of domains that should be delivered via the Postfix virtual
/* delivery agent. This uses the same syntax as the \fBmydestination\fR
/* a \fBvirtual_owner_maps\fR or \fBvirtual_uid_maps\fR lookup.
/* Returned values less than this will be rejected, and the message
/* will be deferred.
-/* .IP "\fBvirtual_uid_maps\fR (regexp maps disallowed)"
+/* .IP \fBvirtual_uid_maps\fR
/* Recipients are looked up in these maps to determine the user ID to be
/* used when writing to the target mailbox.
/*
/* In a lookup table, specify a left-hand side of \fI@domain.tld\fR
/* to match any user in the specified domain that does not have a
/* specific \fIuser@domain.tld\fR entry.
-/* .IP "\fBvirtual_gid_maps\fR (regexp maps disallowed)"
+/*
+/* For security reasons, regular expression maps are allowed but
+/* regular expression substitution of $1 etc. is disallowed,
+/* because that would open a security hole.
+/* .IP \fBvirtual_gid_maps\fR
/* Recipients are looked up in these maps to determine the group ID to be
/* used when writing to the target mailbox.
/*
/* In a lookup table, specify a left-hand side of \fI@domain.tld\fR
/* to match any user in the specified domain that does not have a
/* specific \fIuser@domain.tld\fR entry.
+/*
+/* For security reasons, regular expression maps are allowed but
+/* regular expression substitution of $1 etc. is disallowed,
+/* because that would open a security hole.
/* .SH "Locking controls"
/* .ad
/* .fi
/* The \fBmaildir\fR structure appears in the \fBqmail\fR system
/* by Daniel Bernstein.
/* SEE ALSO
+/* regexp_table(5) POSIX regular expression table format
+/* pcre_table(5) Perl Compatible Regular Expression table format
/* bounce(8) non-delivery status reports
/* syslogd(8) system logging
/* qmgr(8) queue manager
projects / thirdparty / postfix.git / commitdiff
