-TTLS_PRNG_SEED_INFO
-TTLS_PRNG_SRC
-TTLS_ROLE
--TTLSRPT_WRAPPER
-TTLS_SCACHE
-TTLS_SCACHE_ENTRY
-TTLS_SERVER_INIT_PROPS
20240808
Typofix in comment. File: global/normalize_mailhost_addr.c.
-
-20240831
-
- Bugfix: require that stable releases have a three-number
- mail_version value. Found by Michael Orlitzky. File:
- mantools/check-snapshot-nonprod.
-
-20240902
-
- Documentation: update the local_login_sender_maps description
- with guidance to enforce that the From: header address
- matches the envelope sender (MAIL FROM) address. File:
- proto/postconf.proto.
-
-
+
20240730
Infrastructure: added argv_addv() function to append an
Infrastructure: added "append to buffer" option to the
hex_encode_opt() function. Files: util/hex_encode.[hc];
+
+20240831
+
+ Bugfix: require that stable releases have a three-number
+ mail_version value. Found by Michael Orlitzky. File:
+ mantools/check-snapshot-nonprod.
+
+20240902
+
+ Documentation: update the local_login_sender_maps description
+ with guidance to enforce that the From: header address
+ matches the envelope sender (MAIL FROM) address. File:
+ proto/postconf.proto.
+
+20240909
+
+ Bitrot: some platforms prefer the pkgconf command over pkg-config,
+ which in turn has superseded icu-config. File: makedefs.
+
+20230910
+
+ Cleanup: the enable_threaded_bounces feature was re-implemented.
+ This simplifies the code and improves the handling of
+ multiline Message-Id: headers (no software should generate
+ those, but...). Files: bounce/bounce_notify_util.c,
+ cleanup/cleanup.h, cleanup/cleanup_extracted.c,
+ cleanup/cleanup_message.c, cleanup/cleanup_state.c,
+ global/mail_proto.h, multiple bounce testfiles.
+
+20240917
+
+ Minor feature: "postcat -f" option to prepend the filename
+ to each output line. This simplifies test data development.
+ File: postcat/postcat.c.
* VIRTUAL_README: Virtual domain hosting
* SASL_README: SASL Authentication
* TLS_README: TLS Encryption and authentication
- * TLSRPT_README: TLSRPT notification
* FORWARD_SECRECY_README: TLS Forward Secrecy
* IPV6_README: IP Version 6 Support
* SMTPUTF8_README: SMTPUTF8 Support
cyrus_sasl_config_path and/or the distribution-specific documentation to
determine the expected location.
- * Some Debian-based Postfix distributions patch Postfix to hardcode a non-
- default search path, making it impossible to set an alternate search path
- via the "cyrus_sasl_config_path" parameter. This is likely to be the case
- when the distribution documents a Postfix-specific path (e.g. /etc/postfix/
- sasl/) that is different from the default value of "cyrus_sasl_config_path"
- (which then is likely to be empty).
+ * Some Debian-based Postfix distributions ignore the "cyrus_sasl_config_path"
+ parameter setting, and force Postfix to open the file /etc/postfix/sasl/
+ smtpd.conf.
N\bNo\bot\bte\be
-------------------------------------------------------------------------------
-T\bTO\bOC\bC
+T\bTa\bab\bbl\ble\be o\bof\bf C\bCo\bon\bnt\bte\ben\bnt\bts\bs
* Introduction
* Building Postfix with TLSRPT support
Example:
- { policy_string = version: STSv1 }, { policy_string = mode: testing },
+ { policy_string = version: STSv1 } { policy_string = mode: testing }
...
This form ignores whitespace after the opening "{", around the "=", and
Example:
- mx_host_pattern=mx1.example.com, mx_host_pattern=mx2.example.com, ...
+ mx_host_pattern=mx1.example.com mx_host_pattern=mx2.example.com ...
* policy_failure=type
C\bCr\bre\bed\bdi\bit\bts\bs
* The TLSRPT client library and report generator are implemented and
- maintained by sys4 (sys4.de).
+ maintained by sys4.
* Wietse Venema implemented the integration with Postfix.
Disable -DSNAPSHOT and -DNONPROD in makedefs.
+ Add tests for Message-ID extraction in the cleanup daemon.
+
+ The postdrop code should be more explicit about what
+ attrributes it will pass through. rec_attr_map() is not
+ supposed to be an approver.
+
Many master.cf services don't expect wakeup calls, resulting
in weird warnings. Maybe the master daemon could signal the
wakeup intent through a child process command-line option,
using FIFOs anymore, and trigger servers could use a proper
(attribute, value) protocol.
+ The Sendmail feature _FFR_MDS_NEGOTIATE allows negotiating
+ a larger milter command data size limit. To be investigated:
+ what parts of the protocol are included in this limit when
+ sending a message header (header name, protocol formatting,
+ etc.) and how this will interact with the Postfix built-in
+ header_size_limit (default: 102400).
+
SEND_ATTR_FUNC should send the name of the object being sent,
so that SCAN_ATTR_FUNC can check it.
<a href="postconf.5.html#cyrus_sasl_config_path">cyrus_sasl_config_path</a></code> and/or the distribution-specific
documentation to determine the expected location. </p> </li>
-<li> <p> Some Debian-based Postfix distributions patch Postfix to
-hardcode a non-default search path, making it impossible to set an
-alternate search path via the "<a href="postconf.5.html#cyrus_sasl_config_path">cyrus_sasl_config_path</a>" parameter. This
-is likely to be the case when the distribution documents a
-Postfix-specific path (e.g. <code>/etc/postfix/sasl/</code>) that is
-different from the default value of "<a href="postconf.5.html#cyrus_sasl_config_path">cyrus_sasl_config_path</a>" (which
-then is likely to be empty). </p> </li>
+<li> <p> Some Debian-based Postfix distributions ignore the
+"<a href="postconf.5.html#cyrus_sasl_config_path">cyrus_sasl_config_path</a>" parameter setting, and force Postfix to
+open the file <code>/etc/postfix/sasl/smtpd.conf</code>. </p> </li>
</ul>
<hr>
-<h2> TOC </h2>
+<h2> Table of Contents </h2>
<ul>
<blockquote>
<pre>
-{ policy_string = version: STSv1 }, { policy_string = mode: testing }, ...
+{ policy_string = version: STSv1 } { policy_string = mode: testing } ...
</pre>
</blockquote>
<blockquote>
<pre>
-mx_host_pattern=mx1.example.com, mx_host_pattern=mx2.example.com, ...
+mx_host_pattern=mx1.example.com mx_host_pattern=mx2.example.com ...
</pre>
</blockquote>
</li>
<ul>
<li> The TLSRPT client library and report generator are implemented
-and maintained by sys4 (sys4.de). </li>
+and maintained by sys4. </li>
<li> Wietse Venema implemented the integration with Postfix.
</li>
address instead of the intended recipient(s). When multiple <b>RE-</b>
<b>DIRECT</b> actions fire, only the last one takes effect.
- Note: this action overrides the FILTER action, and currently
+ Note 1: this action overrides the FILTER action, and currently
overrides all recipients of the message.
+ Note 2: a REDIRECT address is subject to canonicalization (add
+ missing domain) but NOT subject to canonical, masquerade, bcc,
+ or virtual alias mapping.
+
This feature is available in Postfix 2.1 and later.
<b>INFO</b> <i>optional text...</i>
will be sent to the specified address instead of the intended
recipient(s).
- Note: this action overrides the <b>FILTER</b> action, and affects all
+ Note 1: this action overrides the <b>FILTER</b> action, and affects all
recipients of the message. If multiple <b>REDIRECT</b> actions fire,
only the last one is executed.
+ Note 2: a REDIRECT address is subject to canonicalization (add
+ missing domain) but NOT subject to canonical, masquerade, bcc,
+ or virtual alias mapping.
+
This feature is available in Postfix 2.1 and later.
This feature is not supported with smtp header/body checks.
<li> <a href="TLS_README.html"> TLS Encryption and authentication </a>
-<li> <a href="TLSRPT_README.html"> TLSRPT notification </a>
-
<li> <a href="FORWARD_SECRECY_README.html"> TLS Forward Secrecy </a>
<li> <a href="IPV6_README.html"> IP Version 6 Support </a>
<b>-DNO_EAI</b>
Do not build with EAI (SMTPUTF8) support. By default, EAI
- support is compiled in when the "pkg-config" command is
- found, or the deprecated "icu-config" command.
+ support is compiled in when the "pkgconf" or "pkg-config"
+ command are found, or the deprecated "icu-config" com-
+ mand.
<b>-DNO_INLINE</b>
Do not require support for C99 "inline" functions.
- Instead, implement argument typechecks for
- non-(printf/scanf)-like functions with ternary operators
+ Instead, implement argument typechecks for
+ non-(printf/scanf)-like functions with ternary operators
and unreachable code.
<b>-DNO_IPV6</b>
Do not build with IPv6 support. By default, IPv6 support
- is compiled in on platforms that are known to have IPv6
+ is compiled in on platforms that are known to have IPv6
support.
- Note: this directive is for debugging and testing only.
- It is not guaranteed to work on all platforms. If you
- don't want IPv6 support, set "<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4" in
+ Note: this directive is for debugging and testing only.
+ It is not guaranteed to work on all platforms. If you
+ don't want IPv6 support, set "<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4" in
<a href="postconf.5.html">main.cf</a>.
<b>-DNO_IP_CYRUS_SASL_AUTH</b>
- Don't pass remote SMTP client and Postfix SMTP server IP
- address and port information to the Cyrus SASL library.
+ Don't pass remote SMTP client and Postfix SMTP server IP
+ address and port information to the Cyrus SASL library.
This is compatible with Postfix < 3.2.
<b>-DNO_KQUEUE</b>
- Do not build with FreeBSD/NetBSD/OpenBSD/MacOSX KQUEUE
- support. By default, KQUEUE support is compiled in on
+ Do not build with FreeBSD/NetBSD/OpenBSD/MacOSX KQUEUE
+ support. By default, KQUEUE support is compiled in on
platforms that are known to support it.
<b>-DNO_NIS</b>
Disable support for POSIX getpwnam_r/getpwuid_r.
<b>-DNO_RES_NCALLS</b>
- Do not build with the threadsafe resolver(5) API
+ Do not build with the threadsafe resolver(5) API
(res_ninit() etc.).
<b>-DNO_SIGSETJMP</b>
- Use setjmp()/longjmp() instead of sigsetjmp()/sig-
- longjmp(). By default, Postfix uses sigsetjmp()/sig-
+ Use setjmp()/longjmp() instead of sigsetjmp()/sig-
+ longjmp(). By default, Postfix uses sigsetjmp()/sig-
longjmp() when they appear to work.
<b>-DNO_SNPRINTF</b>
- Use sprintf() instead of snprintf(). By default, Postfix
+ Use sprintf() instead of snprintf(). By default, Postfix
uses snprintf() except on ancient systems.
<b>DEBUG=</b><i>debug</i><b>_</b><i>level</i>
- Specifies a non-default debugging level. The default is <b>-g</b>.
+ Specifies a non-default debugging level. The default is <b>-g</b>.
Specify <b>DEBUG=</b> to turn off debugging.
<b>OPT=</b><i>optimization</i><b>_</b><i>level</i>
- Specifies a non-default optimization level. The default is <b>-O</b>.
+ Specifies a non-default optimization level. The default is <b>-O</b>.
Specify <b>OPT=</b> to turn off optimization.
<b>POSTFIX_INSTALL_OPTS=</b><i>-option...</i>
- Specifies options for the postfix-install command, separated by
- whitespace. Currently, the only supported option is
+ Specifies options for the postfix-install command, separated by
+ whitespace. Currently, the only supported option is
<b>-keep-build-mtime</b>.
<b>SHLIB_CFLAGS=</b><i>flags</i>
- Override the compiler flags (typically, "-fPIC") for Postfix
+ Override the compiler flags (typically, "-fPIC") for Postfix
dynamically-linked libraries and database plugins.
This feature was introduced with Postfix 3.0.
<b>SHLIB_RPATH=</b><i>rpath</i>
- Override the runpath (typically, "'-Wl,-rpath,${SHLIB_DIR}'")
+ Override the runpath (typically, "'-Wl,-rpath,${SHLIB_DIR}'")
for Postfix dynamically-linked libraries.
This feature was introduced with Postfix 3.0.
<b>SHLIB_SUFFIX=</b><i>suffix</i>
- Override the filename suffix (typically, ".so") for Postfix
+ Override the filename suffix (typically, ".so") for Postfix
dynamically-linked libraries and database plugins.
This feature was introduced with Postfix 3.0.
<b>shared=yes</b>
<b>shared=no</b>
- Enable (disable) Postfix builds with dynamically-linked
+ Enable (disable) Postfix builds with dynamically-linked
libraries typically named $<a href="postconf.5.html#shlib_directory">shlib_directory</a>/libpostfix-*.so.*.
This feature was introduced with Postfix 3.0.
<b>dynamicmaps=yes</b>
<b>dynamicmaps=no</b>
- Enable (disable) Postfix builds with the configuration file
+ Enable (disable) Postfix builds with the configuration file
$<a href="postconf.5.html#meta_directory">meta_directory</a>/dynamicmaps.cf and dynamically-loadable database
- plugins typically named postfix-*.so.*. The setting "dynam-
- icmaps=yes" implicitly enables Postfix dynamically-linked
+ plugins typically named postfix-*.so.*. The setting "dynam-
+ icmaps=yes" implicitly enables Postfix dynamically-linked
libraries.
This feature was introduced with Postfix 3.0.
<b>pie=yes</b>
- <b>pie=no</b> Enable (disable) Postfix builds with position-independent exe-
+ <b>pie=no</b> Enable (disable) Postfix builds with position-independent exe-
cutables, on platforms where this is supported.
This feature was introduced with Postfix 3.0.
<i>installation</i><b>_</b><i>parameter</i><b>=</b><i>value</i>...
- Override the compiled-in default value of the specified instal-
- lation parameter(s). The following parameters are supported in
+ Override the compiled-in default value of the specified instal-
+ lation parameter(s). The following parameters are supported in
this context:
- <a href="postconf.5.html#command_directory">command_directory</a>
<a href="postconf.5.html#config_directory">config_directory</a> <a href="postconf.5.html#daemon_directory">daemon_directory</a> <a href="postconf.5.html#data_directory">data_direc</a>-
- <a href="postconf.5.html#data_directory">tory</a>
<a href="postconf.5.html#default_database_type">default_database_type</a> <a href="postconf.5.html#html_directory">html_directory</a> <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>
- <a href="postconf.5.html#mailq_path">mailq_path</a>
<a href="postconf.5.html#manpage_directory">manpage_directory</a> <a href="postconf.5.html#meta_directory">meta_directory</a> <a href="postconf.5.html#newaliases_path">newaliases_path</a>
- <a href="postconf.5.html#queue_directory">queue_directory</a>
<a href="postconf.5.html#readme_directory">readme_directory</a> <a href="postconf.5.html#sendmail_path">sendmail_path</a> <a href="postconf.5.html#shlib_directory">shlib_directory</a>
+ <a href="postconf.5.html#command_directory">command_directory</a>
<a href="postconf.5.html#config_directory">config_directory</a> <a href="postconf.5.html#daemon_directory">daemon_directory</a> <a href="postconf.5.html#data_directory">data_direc</a>-
+ <a href="postconf.5.html#data_directory">tory</a>
<a href="postconf.5.html#default_database_type">default_database_type</a> <a href="postconf.5.html#html_directory">html_directory</a> <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>
+ <a href="postconf.5.html#mailq_path">mailq_path</a>
<a href="postconf.5.html#manpage_directory">manpage_directory</a> <a href="postconf.5.html#meta_directory">meta_directory</a> <a href="postconf.5.html#newaliases_path">newaliases_path</a>
+ <a href="postconf.5.html#queue_directory">queue_directory</a>
<a href="postconf.5.html#readme_directory">readme_directory</a> <a href="postconf.5.html#sendmail_path">sendmail_path</a> <a href="postconf.5.html#shlib_directory">shlib_directory</a>
<a href="postconf.5.html#openssl_path">openssl_path</a>
- See the <a href="postconf.5.html">postconf(5)</a> manpage for a description of these parame-
+ See the <a href="postconf.5.html">postconf(5)</a> manpage for a description of these parame-
ters.
This feature was introduced with Postfix 3.0.
<b>WARN=</b><i>warning</i><b>_</b><i>flags</i>
- Specifies non-default gcc compiler warning options for use when
+ Specifies non-default gcc compiler warning options for use when
"make" is invoked in a source subdirectory only.
<b>LICENSE</b>
postcat - show Postfix queue file contents
<b>SYNOPSIS</b>
- <b>postcat</b> [<b>-bdehnoqv</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] [<i>files</i>...]
+ <b>postcat</b> [<b>-bdefhnoqv</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] [<i>files</i>...]
<b>DESCRIPTION</b>
The <a href="postcat.1.html"><b>postcat</b>(1)</a> command prints the contents of the named <i>files</i> in
This feature is available in Postfix 2.7 and later.
+ <b>-f</b> Prepend the file name to each output line.
+
<b>-h</b> Show message header content. The <b>-h</b> option produces output from
the beginning of the message up to, but not including, the first
non-header line.
after Postfix forwards mail internally, or after Postfix generates
mail itself. </p>
+<p> Note: automatic BCC recipients are subject to address
+canonicalization (add missing domain), <a href="postconf.5.html#canonical_maps">canonical_maps</a>, <a href="postconf.5.html#masquerade_domains">masquerade_domains</a>,
+and <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>. </p>
+
</DD>
Specify zero or more directories separated by a colon character,
or an empty value to use Cyrus SASL's built-in search path. </p>
+<p> Note: some Debian-based Postfix distributions ignore the
+"<a href="postconf.5.html#cyrus_sasl_config_path">cyrus_sasl_config_path</a>" parameter setting, and force Postfix to
+open the file <code>/etc/postfix/sasl/smtpd.conf</code>. </p>
+
<p> This feature is available in Postfix 2.5 and later when compiled
with Cyrus SASL 2.1.22 or later. </p>
<p> This feature ignores address extensions in the user-specified
envelope sender address. </p>
+<p> Note: to enforce that the From: header address matches the envelope
+sender (MAIL FROM) address, specify an external filter such as a Milter,
+with the <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a> parameter. For example:
+<a href="https://github.com/magcks/milterfrom">https://github.com/magcks/milterfrom</a>. </p>
+
<p> The following sender patterns are special; these cannot be used
as part of a longer pattern. </p>
after Postfix forwards mail internally, or after Postfix generates
mail itself. </p>
+<p> Note: automatic BCC recipients are subject to address
+canonicalization (add missing domain), <a href="postconf.5.html#canonical_maps">canonical_maps</a>, <a href="postconf.5.html#masquerade_domains">masquerade_domains</a>,
+and <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>. </p>
+
<p>
Example:
</p>
after Postfix forwards mail internally, or after Postfix generates
mail itself. </p>
+<p> Note: automatic BCC recipients are subject to address
+canonicalization (add missing domain), <a href="postconf.5.html#canonical_maps">canonical_maps</a>, <a href="postconf.5.html#masquerade_domains">masquerade_domains</a>,
+and <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>. </p>
+
<p>
Example:
</p>
(default: empty)</b></DT><DD>
<p>
-Optional lookup table with the SASL login names that own the sender
+Optional lookup table with the SASL login names that own the
+envelope sender
(MAIL FROM) addresses.
</p>
+<blockquote> <p> Note: to enforce that the From: header address
+matches the envelope sender (MAIL FROM) address, use an external
+filter such as a Milter, for the submission, submissions, or smtps
+services. For example: <a href="https://github.com/magcks/milterfrom">https://github.com/magcks/milterfrom</a>. </p>
+</blockquote>
+
<p>
Specify zero or more "type:name" lookup tables, separated by
whitespace or comma. Tables will be searched in the specified order
This prevents an authenticated client from using a MAIL FROM address
that they do not explicitly own.
<br>
+Note: to enforce that the From: header address matches the envelope
+sender (MAIL FROM) address, use an external filter such as a Milter,
+for the submission, submissions, or smtps services. For example:
+<a href="https://github.com/magcks/milterfrom">https://github.com/magcks/milterfrom</a>.
+<br>
This feature is available in Postfix version 2.1 and later. </dd>
<dt><b><a name="reject_known_sender_login_mismatch">reject_known_sender_login_mismatch</a></b></dt>
$<a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a>, while still allowing a client to use any
unlisted MAIL FROM address.
<br>
+Note: to enforce that the From: header address matches the envelope
+sender (MAIL FROM) address, use an external filter such as a Milter,
+for the submission, submissions, or smtps services. For example:
+<a href="https://github.com/magcks/milterfrom">https://github.com/magcks/milterfrom</a>.
+<br>
This feature is available in Postfix version 2.11 and later.</dd>
<dt><b><a name="reject_non_fqdn_sender">reject_non_fqdn_sender</a></b></dt>
With SASL enabled, this prevents an unauthenticated client from
using any MAIL FROM address that is listed in $<a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a>.
<br>
+Note: to enforce that the From: header address matches the envelope
+sender (MAIL FROM) address, use an external filter such as a Milter,
+for the submission, submissions, or smtps services. For example:
+<a href="https://github.com/magcks/milterfrom">https://github.com/magcks/milterfrom</a>.
+<br>
This feature is available in Postfix version 2.1 and later.</dd>
<dt><b><a name="reject_unknown_sender_domain">reject_unknown_sender_domain</a></b></dt>
# are known to support it.
# .IP \fB-DNO_EAI\fR
# Do not build with EAI (SMTPUTF8) support. By default, EAI
-# support is compiled in when the "pkg-config" command is
+# support is compiled in when the "pkgconf" or "pkg-config"
+# command are
# found, or the deprecated "icu-config" command.
# .IP \fB-DNO_INLINE\fR
# Do not require support for C99 "inline" functions. Instead,
case "$CCARGS" in
*-DNO_EAI*) CCARGS="$CCARGS "'-DDEF_SMTPUTF8_ENABLE=\"no\"';;
*) icu_cppflags=`((pkg-config --cflags icu-uc icu-i18n) ||
+ (pkgconf --cflags icu-uc icu-i18n) ||
(icu-config --cppflags)) 2>/dev/null` && {
icu_ldflags=`((pkg-config --libs icu-uc icu-i18n) ||
+ (pkgconf --libs icu-uc icu-i18n) ||
(icu-config --ldflags)) 2>/dev/null` && {
trap 'rm -f makedefs.test makedefs.test.[co]' 1 2 3 15
cat >makedefs.test.c <<'EOF'
are known to support it.
.IP \fB\-DNO_EAI\fR
Do not build with EAI (SMTPUTF8) support. By default, EAI
-support is compiled in when the "pkg\-config" command is
+support is compiled in when the "pkgconf" or "pkg\-config"
+command are
found, or the deprecated "icu\-config" command.
.IP \fB\-DNO_INLINE\fR
Do not require support for C99 "inline" functions. Instead,
.SH "SYNOPSIS"
.na
.nf
-\fBpostcat\fR [\fB\-bdehnoqv\fR] [\fB\-c \fIconfig_dir\fR] [\fIfiles\fR...]
+\fBpostcat\fR [\fB\-bdefhnoqv\fR] [\fB\-c \fIconfig_dir\fR] [\fIfiles\fR...]
.SH DESCRIPTION
.ad
.fi
Show message envelope content.
.sp
This feature is available in Postfix 2.7 and later.
+.IP \fB\-f\fR
+Prepend the file name to each output line.
.IP \fB\-h\fR
Show message header content. The \fB\-h\fR option produces
output from the beginning of the message up to, but not
address instead of the intended recipient(s). When multiple
\fBREDIRECT\fR actions fire, only the last one takes effect.
.sp
-Note: this action overrides the FILTER action, and currently
+Note 1: this action overrides the FILTER action, and currently
overrides all recipients of the message.
.sp
+Note 2: a REDIRECT address is subject to canonicalization
+(add missing domain) but NOT subject to canonical, masquerade,
+bcc, or virtual alias mapping.
+.sp
This feature is available in Postfix 2.1 and later.
.IP "\fBINFO \fIoptional text...\fR
Log an informational record with the optional text, together
it will be sent to the specified address instead of the
intended recipient(s).
.sp
-Note: this action overrides the \fBFILTER\fR action, and affects
+Note 1: this action overrides the \fBFILTER\fR action, and affects
all recipients of the message. If multiple \fBREDIRECT\fR actions
fire, only the last one is executed.
.sp
+Note 2: a REDIRECT address is subject to canonicalization
+(add missing domain) but NOT subject to canonical, masquerade,
+bcc, or virtual alias mapping.
+.sp
This feature is available in Postfix 2.1 and later.
.sp
This feature is not supported with smtp header/body checks.
To avoid mailer loops, automatic BCC recipients are not generated
after Postfix forwards mail internally, or after Postfix generates
mail itself.
+.PP
+Note: automatic BCC recipients are subject to address
+canonicalization (add missing domain), canonical_maps, masquerade_domains,
+and virtual_alias_maps.
.SH anvil_rate_time_unit (default: 60s)
The time unit over which client connection rates and other rates
are calculated.
Specify zero or more directories separated by a colon character,
or an empty value to use Cyrus SASL's built\-in search path.
.PP
+Note: some Debian\-based Postfix distributions ignore the
+"cyrus_sasl_config_path" parameter setting, and force Postfix to
+open the file <code>/etc/postfix/sasl/smtpd.conf</code>.
+.PP
This feature is available in Postfix 2.5 and later when compiled
with Cyrus SASL 2.1.22 or later.
.SH daemon_directory (default: see "postconf \-d" output)
This feature ignores address extensions in the user\-specified
envelope sender address.
.PP
+Note: to enforce that the From: header address matches the envelope
+sender (MAIL FROM) address, specify an external filter such as a Milter,
+with the non_smtpd_milters parameter. For example:
+https://github.com/magcks/milterfrom.
+.PP
The following sender patterns are special; these cannot be used
as part of a longer pattern.
.IP "\fB * \fR
after Postfix forwards mail internally, or after Postfix generates
mail itself.
.PP
+Note: automatic BCC recipients are subject to address
+canonicalization (add missing domain), canonical_maps, masquerade_domains,
+and virtual_alias_maps.
+.PP
Example:
.PP
.nf
after Postfix forwards mail internally, or after Postfix generates
mail itself.
.PP
+Note: automatic BCC recipients are subject to address
+canonicalization (add missing domain), canonical_maps, masquerade_domains,
+and virtual_alias_maps.
+.PP
Example:
.PP
.nf
.PP
This feature is available in Postfix 2.3 and later.
.SH smtpd_sender_login_maps (default: empty)
-Optional lookup table with the SASL login names that own the sender
+Optional lookup table with the SASL login names that own the
+envelope sender
(MAIL FROM) addresses.
+.sp
+.in +4
+Note: to enforce that the From: header address
+matches the envelope sender (MAIL FROM) address, use an external
+filter such as a Milter, for the submission, submissions, or smtps
+services. For example: https://github.com/magcks/milterfrom.
+.in -4
.PP
Specify zero or more "type:name" lookup tables, separated by
whitespace or comma. Tables will be searched in the specified order
This prevents an authenticated client from using a MAIL FROM address
that they do not explicitly own.
.br
+Note: to enforce that the From: header address matches the envelope
+sender (MAIL FROM) address, use an external filter such as a Milter,
+for the submission, submissions, or smtps services. For example:
+https://github.com/magcks/milterfrom.
+.br
This feature is available in Postfix version 2.1 and later.
.br
.IP "\fBreject_known_sender_login_mismatch\fR"
$smtpd_sender_login_maps, while still allowing a client to use any
unlisted MAIL FROM address.
.br
+Note: to enforce that the From: header address matches the envelope
+sender (MAIL FROM) address, use an external filter such as a Milter,
+for the submission, submissions, or smtps services. For example:
+https://github.com/magcks/milterfrom.
+.br
This feature is available in Postfix version 2.11 and later.
.br
.IP "\fBreject_non_fqdn_sender\fR"
With SASL enabled, this prevents an unauthenticated client from
using any MAIL FROM address that is listed in $smtpd_sender_login_maps.
.br
+Note: to enforce that the From: header address matches the envelope
+sender (MAIL FROM) address, use an external filter such as a Milter,
+for the submission, submissions, or smtps services. For example:
+https://github.com/magcks/milterfrom.
+.br
This feature is available in Postfix version 2.1 and later.
.br
.IP "\fBreject_unknown_sender_domain\fR"
<hr>
-<h2> TOC </h2>
+<h2> Table of Contents </h2>
<ul>
<blockquote>
<pre>
-{ policy_string = version: STSv1 }, { policy_string = mode: testing }, ...
+{ policy_string = version: STSv1 } { policy_string = mode: testing } ...
</pre>
</blockquote>
<blockquote>
<pre>
-mx_host_pattern=mx1.example.com, mx_host_pattern=mx2.example.com, ...
+mx_host_pattern=mx1.example.com mx_host_pattern=mx2.example.com ...
</pre>
</blockquote>
</li>
<ul>
<li> The TLSRPT client library and report generator are implemented
-and maintained by sys4 (sys4.de). </li>
+and maintained by sys4. </li>
<li> Wietse Venema implemented the integration with Postfix.
</li>
an unknown or unimplemented command File smtpd smtpd c
inside more consistent Files proto master pipe pipe c
unimplemented commands in the SMTP server File smtpd smtpd c
+ cleanup cleanup h cleanup cleanup_extracted c
+ File postcat postcat c
CCARGS CCARGS DHAS_MONGODB I usr include libmongoc 1 0
dt dt dd 2 Also enable verbose logging in the Postfix TLS
Postfix Postfix legacy TLS Support
+ A good socket location would be under queue_directory run tlsrpt or queue_directory var run tlsrpt These can then be configured in Postfix as a relative pathname run tlsrpt tlsrpt sock or var run tlsrpt tlsrpt sock so that the same name will
snd
sts
tlsrprt
+bdefhnoqv
mozilla
Dilyan
Palauzov
+pkgconf
+testfiles
test: $(TESTPROG)
tests: update template_test obs_template_test 2template_test \
- with-msgid-with-long-line_test \
- with-msgid-with-eoh-event_test \
- with-msgid-no-eoh-event_test \
- no-msgid-with-eoh-event_test \
- no-msgid-no-eoh-event_test \
- with-msgid-with-filter_test
+ with-message-id_test no-message-id_test
root_tests:
echo myhostname=example.com >>main.cf
echo header_from_format=standard >>main.cf
touch -t 197101010000 main.cf
- MAIL_CONFIG=. ./$(PROG) -SVzndump_templates >template_test.tmp
+ MAIL_CONFIG=. $(SHLIB_ENV) $(VALGRIND) ./$(PROG) -SVzndump_templates >template_test.tmp
diff template_test.ref template_test.tmp
- MAIL_CONFIG=. ./$(PROG) -SVzndump_templates \
+ MAIL_CONFIG=. $(SHLIB_ENV) $(VALGRIND) ./$(PROG) -SVzndump_templates \
-o bounce_template_file=template_test.ref > template_test.tmp
diff template_test.ref template_test.tmp
rm -f template_test.tmp main.cf
echo myhostname=example.com >>main.cf
echo header_from_format=obsolete >>main.cf
touch -t 197101010000 main.cf
- MAIL_CONFIG=. ./$(PROG) -SVzndump_templates >template_test.tmp
+ MAIL_CONFIG=. $(SHLIB_ENV) $(VALGRIND) ./$(PROG) -SVzndump_templates >template_test.tmp
diff obs_template_test.ref template_test.tmp
rm -f template_test.tmp main.cf
echo queue_directory=. >main.cf
echo myhostname=example.com >>main.cf
touch -t 197101010000 main.cf
- MAIL_CONFIG=. ./$(PROG) -SVzndump_templates \
+ MAIL_CONFIG=. $(SHLIB_ENV) $(VALGRIND) ./$(PROG) -SVzndump_templates \
-o bounce_template_file=2template_test.in > template_test.tmp
diff template_test.ref template_test.tmp
rm -f template_test.tmp main.cf
-with-msgid-with-long-line_test: bounce_notify_util_tester \
- msgfile-with-msgid-with-long-line logfile-with-msgid-with-long-line \
- with-msgid-with-long-line-no-thread.ref \
- with-msgid-with-long-line-with-thread.ref
+# This tests only the handling of an extracted message ID. The
+# tests for extracting a message ID belong with the cleanup code.
+with-message-id_test: bounce_notify_util_tester \
+ msgfile-with-message-id logfile-with-message-id \
+ with-message-id-no-thread.ref \
+ with-message-id-with-thread.ref
rm -rf queue main.cf
echo 'enable_threaded_bounces = no' >main.cf
echo 'queue_directory = queue' >>main.cf
echo 'myhostname = mail.example' >>main.cf
touch -t 197101010000 main.cf
mkdir -p queue/active queue/bounce
- cp logfile-with-msgid-with-long-line queue/bounce/msgid
- cp msgfile-with-msgid-with-long-line queue/active/msgid
+ cp logfile-with-message-id queue/bounce/msgid
+ cp msgfile-with-message-id queue/active/msgid
$(SHLIB_ENV) $(VALGRIND) ./bounce_notify_util_tester \
-c. bounce active msgid 2>&1 | \
sed 's;msgid.[0-9]*/mail.example;msgid.unix-time/mail.example;' \
- > with-msgid-with-long-line-no-thread.tmp
- diff with-msgid-with-long-line-no-thread.ref with-msgid-with-long-line-no-thread.tmp
- rm -f with-msgid-with-long-line-no-thread.tmp
+ > with-message-id-no-thread.tmp
+ diff with-message-id-no-thread.ref with-message-id-no-thread.tmp
+ rm -f with-message-id-no-thread.tmp
:
rm -rf queue main.cf
echo 'enable_threaded_bounces = yes' >main.cf
echo 'myhostname = mail.example' >>main.cf
touch -t 197101010000 main.cf
mkdir -p queue/active queue/bounce
- cp logfile-with-msgid-with-long-line queue/bounce/msgid
- cp msgfile-with-msgid-with-long-line queue/active/msgid
+ cp logfile-with-message-id queue/bounce/msgid
+ cp msgfile-with-message-id queue/active/msgid
$(SHLIB_ENV) $(VALGRIND) ./bounce_notify_util_tester \
-c. bounce active msgid 2>&1 | \
sed 's;msgid.[0-9]*/mail.example;msgid.unix-time/mail.example;' \
- > with-msgid-with-long-line-with-thread.tmp
- diff with-msgid-with-long-line-with-thread.ref with-msgid-with-long-line-with-thread.tmp
- rm -f with-msgid-with-long-line-with-thread.tmp
+ > with-message-id-with-thread.tmp
+ diff with-message-id-with-thread.ref with-message-id-with-thread.tmp
+ rm -f with-message-id-with-thread.tmp
rm -rf queue main.cf
-with-msgid-with-eoh-event_test: bounce_notify_util_tester \
- msgfile-with-msgid-with-eoh-event logfile-with-msgid-with-eoh-event \
- with-msgid-with-eoh-event-no-thread.ref \
- with-msgid-with-eoh-event-with-thread.ref
+no-message-id_test: bounce_notify_util_tester \
+ msgfile-no-message-id logfile-no-message-id \
+ no-message-id-no-thread.ref \
+ no-message-id-with-thread.ref
rm -rf queue main.cf
echo 'enable_threaded_bounces = no' >main.cf
echo 'queue_directory = queue' >>main.cf
echo 'myhostname = mail.example' >>main.cf
touch -t 197101010000 main.cf
mkdir -p queue/active queue/bounce
- cp logfile-with-msgid-with-eoh-event queue/bounce/msgid
- cp msgfile-with-msgid-with-eoh-event queue/active/msgid
+ cp logfile-no-message-id queue/bounce/msgid
+ cp msgfile-no-message-id queue/active/msgid
$(SHLIB_ENV) $(VALGRIND) ./bounce_notify_util_tester \
-c. bounce active msgid 2>&1 | \
sed 's;msgid.[0-9]*/mail.example;msgid.unix-time/mail.example;' \
- > with-msgid-with-eoh-event-no-thread.tmp
- diff with-msgid-with-eoh-event-no-thread.ref with-msgid-with-eoh-event-no-thread.tmp
- rm -f with-msgid-with-eoh-event-no-thread.tmp
+ > no-message-id-no-thread.tmp
+ diff no-message-id-no-thread.ref no-message-id-no-thread.tmp
+ rm -f no-message-id-no-thread.tmp
:
rm -rf queue main.cf
echo 'enable_threaded_bounces = yes' >main.cf
echo 'myhostname = mail.example' >>main.cf
touch -t 197101010000 main.cf
mkdir -p queue/active queue/bounce
- cp logfile-with-msgid-with-eoh-event queue/bounce/msgid
- cp msgfile-with-msgid-with-eoh-event queue/active/msgid
+ cp logfile-no-message-id queue/bounce/msgid
+ cp msgfile-no-message-id queue/active/msgid
$(SHLIB_ENV) $(VALGRIND) ./bounce_notify_util_tester \
-c. bounce active msgid 2>&1 | \
sed 's;msgid.[0-9]*/mail.example;msgid.unix-time/mail.example;' \
- > with-msgid-with-eoh-event-with-thread.tmp
- diff with-msgid-with-eoh-event-with-thread.ref with-msgid-with-eoh-event-with-thread.tmp
- rm -f with-msgid-with-eoh-event-with-thread.tmp
- rm -rf queue main.cf
-
-with-msgid-no-eoh-event_test: bounce_notify_util_tester \
- msgfile-with-msgid-no-eoh-event logfile-with-msgid-no-eoh-event \
- with-msgid-no-eoh-event-no-thread.ref \
- with-msgid-no-eoh-event-with-thread.ref
- rm -rf queue main.cf
- echo 'enable_threaded_bounces = no' >main.cf
- echo 'queue_directory = queue' >>main.cf
- echo 'myhostname = mail.example' >>main.cf
- touch -t 197101010000 main.cf
- mkdir -p queue/active queue/bounce
- cp logfile-with-msgid-no-eoh-event queue/bounce/msgid
- cp msgfile-with-msgid-no-eoh-event queue/active/msgid
- $(SHLIB_ENV) $(VALGRIND) ./bounce_notify_util_tester \
- -c. bounce active msgid 2>&1 | \
- sed 's;msgid.[0-9]*/mail.example;msgid.unix-time/mail.example;' \
- > with-msgid-no-eoh-event-no-thread.tmp
- diff with-msgid-no-eoh-event-no-thread.ref with-msgid-no-eoh-event-no-thread.tmp
- rm -f with-msgid-no-eoh-event-no-thread.tmp
- :
- rm -rf queue main.cf
- echo 'enable_threaded_bounces = yes' >main.cf
- echo 'queue_directory = queue' >>main.cf
- echo 'myhostname = mail.example' >>main.cf
- touch -t 197101010000 main.cf
- mkdir -p queue/active queue/bounce
- cp logfile-with-msgid-no-eoh-event queue/bounce/msgid
- cp msgfile-with-msgid-no-eoh-event queue/active/msgid
- $(SHLIB_ENV) $(VALGRIND) ./bounce_notify_util_tester \
- -c. bounce active msgid 2>&1 | \
- sed 's;msgid.[0-9]*/mail.example;msgid.unix-time/mail.example;' \
- > with-msgid-no-eoh-event-with-thread.tmp
- diff with-msgid-no-eoh-event-with-thread.ref with-msgid-no-eoh-event-with-thread.tmp
- rm -f with-msgid-no-eoh-event-with-thread.tmp
- rm -rf queue main.cf
-
-no-msgid-with-eoh-event_test: bounce_notify_util_tester \
- msgfile-no-msgid-with-eoh-event logfile-no-msgid-with-eoh-event \
- no-msgid-with-eoh-event-no-thread.ref \
- no-msgid-with-eoh-event-with-thread.ref
- rm -rf queue main.cf
- echo 'enable_threaded_bounces = no' >main.cf
- echo 'queue_directory = queue' >>main.cf
- echo 'myhostname = mail.example' >>main.cf
- touch -t 197101010000 main.cf
- mkdir -p queue/active queue/bounce
- cp logfile-no-msgid-with-eoh-event queue/bounce/msgid
- cp msgfile-no-msgid-with-eoh-event queue/active/msgid
- $(SHLIB_ENV) $(VALGRIND) ./bounce_notify_util_tester \
- -c. bounce active msgid 2>&1 | \
- sed 's;msgid.[0-9]*/mail.example;msgid.unix-time/mail.example;' \
- > no-msgid-with-eoh-event-no-thread.tmp
- diff no-msgid-with-eoh-event-no-thread.ref no-msgid-with-eoh-event-no-thread.tmp
- rm -f no-msgid-with-eoh-event-no-thread.tmp
- :
- rm -rf queue main.cf
- echo 'enable_threaded_bounces = yes' >main.cf
- echo 'queue_directory = queue' >>main.cf
- echo 'myhostname = mail.example' >>main.cf
- touch -t 197101010000 main.cf
- mkdir -p queue/active queue/bounce
- cp logfile-no-msgid-with-eoh-event queue/bounce/msgid
- cp msgfile-no-msgid-with-eoh-event queue/active/msgid
- $(SHLIB_ENV) $(VALGRIND) ./bounce_notify_util_tester \
- -c. bounce active msgid 2>&1 | \
- sed 's;msgid.[0-9]*/mail.example;msgid.unix-time/mail.example;' \
- > no-msgid-with-eoh-event-with-thread.tmp
- diff no-msgid-with-eoh-event-with-thread.ref no-msgid-with-eoh-event-with-thread.tmp
- rm -f no-msgid-with-eoh-event-with-thread.tmp
- rm -rf queue main.cf
-
-no-msgid-no-eoh-event_test: bounce_notify_util_tester \
- msgfile-no-msgid-no-eoh-event logfile-no-msgid-no-eoh-event \
- no-msgid-no-eoh-event-no-thread.ref \
- no-msgid-no-eoh-event-with-thread.ref
- rm -rf queue main.cf
- echo 'enable_threaded_bounces = no' >main.cf
- echo 'queue_directory = queue' >>main.cf
- echo 'myhostname = mail.example' >>main.cf
- touch -t 197101010000 main.cf
- mkdir -p queue/active queue/bounce
- cp logfile-no-msgid-no-eoh-event queue/bounce/msgid
- cp msgfile-no-msgid-no-eoh-event queue/active/msgid
- $(SHLIB_ENV) $(VALGRIND) ./bounce_notify_util_tester \
- -c. bounce active msgid 2>&1 | \
- sed 's;msgid.[0-9]*/mail.example;msgid.unix-time/mail.example;' \
- > no-msgid-no-eoh-event-no-thread.tmp
- diff no-msgid-no-eoh-event-no-thread.ref no-msgid-no-eoh-event-no-thread.tmp
- rm -f no-msgid-no-eoh-event-no-thread.tmp
- :
- rm -rf queue main.cf
- echo 'enable_threaded_bounces = yes' >main.cf
- echo 'queue_directory = queue' >>main.cf
- echo 'myhostname = mail.example' >>main.cf
- touch -t 197101010000 main.cf
- mkdir -p queue/active queue/bounce
- cp logfile-no-msgid-no-eoh-event queue/bounce/msgid
- cp msgfile-no-msgid-no-eoh-event queue/active/msgid
- $(SHLIB_ENV) $(VALGRIND) ./bounce_notify_util_tester \
- -c. bounce active msgid 2>&1 | \
- sed 's;msgid.[0-9]*/mail.example;msgid.unix-time/mail.example;' \
- > no-msgid-no-eoh-event-with-thread.tmp
- diff no-msgid-no-eoh-event-with-thread.ref no-msgid-no-eoh-event-with-thread.tmp
- rm -f no-msgid-no-eoh-event-with-thread.tmp
- rm -rf queue main.cf
-
-with-msgid-with-filter_test: bounce_notify_util_tester \
- msgfile-with-msgid-with-filter logfile-with-msgid-with-filter \
- with-msgid-with-filter-no-thread.ref \
- with-msgid-with-filter-with-thread.ref
- rm -rf queue main.cf
- echo 'enable_threaded_bounces = no' >main.cf
- echo 'queue_directory = queue' >>main.cf
- echo 'myhostname = mail.example' >>main.cf
- touch -t 197101010000 main.cf
- mkdir -p queue/active queue/bounce
- cp logfile-with-msgid-with-filter queue/bounce/msgid
- cp msgfile-with-msgid-with-filter queue/active/msgid
- $(SHLIB_ENV) $(VALGRIND) ./bounce_notify_util_tester \
- -c. bounce active msgid 2>&1 | \
- sed 's;msgid.[0-9]*/mail.example;msgid.unix-time/mail.example;' \
- > with-msgid-with-filter-no-thread.tmp
- diff with-msgid-with-filter-no-thread.ref with-msgid-with-filter-no-thread.tmp
- rm -f with-msgid-with-filter-no-thread.tmp
- :
- rm -rf queue main.cf
- echo 'enable_threaded_bounces = yes' >main.cf
- echo 'queue_directory = queue' >>main.cf
- echo 'myhostname = mail.example' >>main.cf
- touch -t 197101010000 main.cf
- mkdir -p queue/active queue/bounce
- cp logfile-with-msgid-with-filter queue/bounce/msgid
- cp msgfile-with-msgid-with-filter queue/active/msgid
- $(SHLIB_ENV) $(VALGRIND) ./bounce_notify_util_tester \
- -c. bounce active msgid 2>&1 | \
- sed 's;msgid.[0-9]*/mail.example;msgid.unix-time/mail.example;' \
- > with-msgid-with-filter-with-thread.tmp
- diff with-msgid-with-filter-with-thread.ref with-msgid-with-filter-with-thread.tmp
- rm -f with-msgid-with-filter-with-thread.tmp
+ > no-message-id-with-thread.tmp
+ diff no-message-id-with-thread.ref no-message-id-with-thread.tmp
+ rm -f no-message-id-with-thread.tmp
rm -rf queue main.cf
depend: $(MAKES)
{
BOUNCE_INFO *bounce_info;
int rec_type;
- int prev_type;
- int all_headers_seen = 0;
int skip_message_segment = 0;
- int in_envelope = 1;
/*
* Bundle up a bunch of parameters and initialize information that will
DELIVER_LOCK_MODE) < 0)
msg_fatal("cannot get shared lock on %s: %m",
VSTREAM_PATH(bounce_info->orig_fp));
- for (prev_type = 0;
- (rec_type = rec_get(bounce_info->orig_fp, bounce_info->buf, 0)) > 0;
- prev_type = rec_type) {
+ while ((rec_type =
+ rec_get(bounce_info->orig_fp, bounce_info->buf, 0)) > 0) {
/*
* Postfix version dependent: data offset in SIZE record.
msg_warn("%s: no sender before message content record",
bounce_info->queue_id);
bounce_info->orig_offs = vstream_ftell(bounce_info->orig_fp);
- if (var_threaded_bounce == 0)
- skip_message_segment = 1;
- else
- in_envelope = 0;
+ skip_message_segment = 1;
}
/*
- * Extract Message-ID for threaded bounces.
+ * Extract Message-ID from extracted segment, for use in threaded
+ * bounces.
*/
- else if (in_envelope == 0
- && (rec_type == REC_TYPE_NORM || rec_type == REC_TYPE_CONT)) {
- const HEADER_OPTS *hdr;
- char *cp;
-
- /*
- * Skip records that we cannot use. Degrade if we could not
- * skip over the message content.
- */
- if (var_threaded_bounce == 0 || all_headers_seen
- || prev_type == REC_TYPE_CONT) {
- /* void */ ;
- }
-
- /*
- * Extract message-id header value.
- */
- else if (is_header(STR(bounce_info->buf))) {
- if ((hdr = header_opts_find(
- vstring_str(bounce_info->buf))) != 0
- && hdr->type == HDR_MESSAGE_ID) {
- vstring_truncate(bounce_info->buf,
- trimblanks(STR(bounce_info->buf),
- LEN(bounce_info->buf))
- - STR(bounce_info->buf));
- cp = STR(bounce_info->buf) + strlen(hdr->name) + 1;
- while (ISSPACE(*cp))
- cp++;
- if (*cp == '<' && vstring_end(bounce_info->buf)[-1] == '>')
- vstring_strcpy(bounce_info->orig_msgid, cp);
- else
- msg_warn("%s: ignoring malformed Message-ID",
- bounce_info->queue_id);
+ else if (rec_type == REC_TYPE_ATTR && var_threaded_bounce) {
+ char *cp = STR(bounce_info->buf);
+ ssize_t len = sizeof(MAIL_ATTR_MESSAGE_ID);
+ char *err;
+
+ if (strncmp(cp, MAIL_ATTR_MESSAGE_ID "=", len) == 0) {
+ cp += len;
+ if ((err = extpar(&cp, "<>", EXTPAR_FLAG_NONE)) != 0) {
+ msg_warn("%s: malformed Message-ID attribute: %s",
+ bounce_info->queue_id, err);
+ myfree(err);
+ } else {
+ vstring_sprintf(bounce_info->orig_msgid, "<%s>", cp);
}
}
-
- /*
- * Skip remainder of multiline header.
- */
- else if (ISSPACE(*STR(bounce_info->buf))) {
- /* void */ ;
- }
-
- /*
- * Start of body.
- */
- else {
- all_headers_seen = 1;
- skip_message_segment = 1;
- }
- }
-
- /*
- * In case we ever want to process records from the extracted
- * segment, and in case there was no "start of body" event.
- */
- else if (rec_type == REC_TYPE_XTRA) {
- if (VSTRING_LEN(bounce_info->orig_msgid) == 0)
- if (var_threaded_bounce)
- all_headers_seen = 1;
- in_envelope = 1;
}
/*
if (bounce_info->orig_offs > 0
&& bounce_info->arrival_time > 0
&& VSTRING_LEN(bounce_info->sender) > 0
- && (var_threaded_bounce == 0 || all_headers_seen
+ && (var_threaded_bounce == 0
|| VSTRING_LEN(bounce_info->orig_msgid) > 0)) {
break;
}
recipient = rcpt-address
original_recipient = rcpt-orig_addr
-offset = 272
+offset = 281
notify_flags = rcpt-dsn_notify
status = dsn-status
action = dsn-action
--- /dev/null
+
+recipient = rcpt-address
+original_recipient = rcpt-orig_addr
+offset = 280
+notify_flags = rcpt-dsn_notify
+status = dsn-status
+action = dsn-action
+diag_type = dsn-dtype
+diag_text = dsn-dtext
+mta_type = dsn-mtype
+mta_mname = dsn-mname
+reason = dsn-reason
+
Original-Envelope-Id: TEST-ENVID
X-Postfix-Queue-ID: msgid
X-Postfix-Sender: rfc822; sender@sender.example
-Arrival-Date: Sat, 05 Dec 2020 13:31:48 -0500 (EST)
+Arrival-Date: Wed, 11 Sep 2024 18:05:54 -0400 (EDT)
Final-Recipient: rfc822; rcpt-address
Original-Recipient: rfc822; rcpt-orig_addr
Content-Type: message/rfc822
Return-Path: <sender@sender.example>
-Received: by wzv.porcupine.org (Postfix, from userid 0)
- id 4CpJ7m6tprz4w4Y; Sat, 5 Dec 2020 18:31:48 +0000 (UTC)
-From: <sender@sender.example>
-To: <recipient@recipient.example>
-Message-Id: <12345@mta-name.example>
-Subject: with-msgid-no-eoh-event
+Received: by wzv.porcupine.org (Postfix, from userid 1000)
+ id 4X3vqF3bwhz5Yqq; Wed, 11 Sep 2024 18:05:54 -0400 (EDT)
+From: sender@sender.example
+To: recipient@recipient.example
+Subject: no-message-id
+
+asdasdd
--msgid.unix-time/mail.example--
Original-Envelope-Id: TEST-ENVID
X-Postfix-Queue-ID: msgid
X-Postfix-Sender: rfc822; sender@sender.example
-Arrival-Date: Sun, 29 Nov 2020 10:30:41 -0500 (EST)
+Arrival-Date: Wed, 11 Sep 2024 18:05:54 -0400 (EDT)
Final-Recipient: rfc822; rcpt-address
Original-Recipient: rfc822; rcpt-orig_addr
Content-Type: message/rfc822
Return-Path: <sender@sender.example>
-Received: by wzv.porcupine.org (Postfix, from userid 0)
- id 4CkXPY0myNz4w4g; Sun, 29 Nov 2020 15:30:41 +0000 (UTC)
-From: <sender@sender.example>
-To: <recipient@recipient.example>
-Message-Id: <12345@mta-name.example>
-Subject: with-msgid-no-eoh-event
-Date: Sun, 29 Nov 2020 15:30:41 +0000 (UTC)
+Received: by wzv.porcupine.org (Postfix, from userid 1000)
+ id 4X3vqF3bwhz5Yqq; Wed, 11 Sep 2024 18:05:54 -0400 (EDT)
+From: sender@sender.example
+To: recipient@recipient.example
+Subject: no-message-id
+
+asdasdd
--msgid.unix-time/mail.example--
Original-Envelope-Id: TEST-ENVID
X-Postfix-Queue-ID: msgid
X-Postfix-Sender: rfc822; sender@sender.example
-Arrival-Date: Sun, 29 Nov 2020 10:30:41 -0500 (EST)
+Arrival-Date: Wed, 11 Sep 2024 18:05:54 -0400 (EDT)
Final-Recipient: rfc822; rcpt-address
Original-Recipient: rfc822; rcpt-orig_addr
Content-Type: message/rfc822
Return-Path: <sender@sender.example>
-Received: by wzv.porcupine.org (Postfix, from userid 0)
- id 4CkXPY10M8z4w4l; Sun, 29 Nov 2020 15:30:41 +0000 (UTC)
-From: <sender@sender.example>
-To: <recipient@recipient.example>
-Message-Id: <12345@mta-name.example>
-Subject: with-msgid-with-eoh-event
-Date: Sun, 29 Nov 2020 15:30:41 +0000 (UTC)
-
-body text
+Received: by wzv.porcupine.org (Postfix, from userid 1000)
+ id 4X3vqF3RdBz5Yqn; Wed, 11 Sep 2024 18:05:54 -0400 (EDT)
+From: sender@sender.example
+To: recipient@recipient.example
+Subject: existing-message-id
+Message-Id: <existing>
+Date: Wed, 11 Sep 2024 18:05:54 -0400 (EDT)
+
+asdasdd
--msgid.unix-time/mail.example--
From: Mail Delivery System <MAILER-DAEMON>
Subject: Undelivered Mail Returned to Sender
To: test-recipient
-References: <12345@mta-name.example>
-In-Reply-To: <12345@mta-name.example>
+References: <existing>
+In-Reply-To: <existing>
Auto-Submitted: auto-replied
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
Original-Envelope-Id: TEST-ENVID
X-Postfix-Queue-ID: msgid
X-Postfix-Sender: rfc822; sender@sender.example
-Arrival-Date: Sat, 05 Dec 2020 13:31:48 -0500 (EST)
+Arrival-Date: Wed, 11 Sep 2024 18:05:54 -0400 (EDT)
Final-Recipient: rfc822; rcpt-address
Original-Recipient: rfc822; rcpt-orig_addr
Content-Type: message/rfc822
Return-Path: <sender@sender.example>
-Received: by wzv.porcupine.org (Postfix, from userid 0)
- id 4CpJ7m6tprz4w4Y; Sat, 5 Dec 2020 18:31:48 +0000 (UTC)
-From: <sender@sender.example>
-To: <recipient@recipient.example>
-Message-Id: <12345@mta-name.example>
-Subject: with-msgid-no-eoh-event
+Received: by wzv.porcupine.org (Postfix, from userid 1000)
+ id 4X3vqF3RdBz5Yqn; Wed, 11 Sep 2024 18:05:54 -0400 (EDT)
+From: sender@sender.example
+To: recipient@recipient.example
+Subject: existing-message-id
+Message-Id: <existing>
+Date: Wed, 11 Sep 2024 18:05:54 -0400 (EDT)
+
+asdasdd
--msgid.unix-time/mail.example--
+++ /dev/null
-From: Mail Delivery System <MAILER-DAEMON>
-Subject: Undelivered Mail Returned to Sender
-To: test-recipient
-References: <12345@mta-name.example>
-In-Reply-To: <12345@mta-name.example>
-Auto-Submitted: auto-replied
-MIME-Version: 1.0
-Content-Type: multipart/report; report-type=delivery-status;
- boundary="msgid.unix-time/mail.example"
-Content-Transfer-Encoding: 7bit
-
-This is a MIME-encapsulated message.
-
---msgid.unix-time/mail.example
-Content-Description: Notification
-Content-Type: text/plain; charset=us-ascii
-
-
-<rcpt-address> (expanded from <rcpt-orig_addr>): dsn-reason
-
---msgid.unix-time/mail.example
-Content-Description: Delivery report
-Content-Type: message/delivery-status
-
-Reporting-MTA: dns; mail.example
-Original-Envelope-Id: TEST-ENVID
-X-Postfix-Queue-ID: msgid
-X-Postfix-Sender: rfc822; sender@sender.example
-Arrival-Date: Sun, 29 Nov 2020 10:30:41 -0500 (EST)
-
-Final-Recipient: rfc822; rcpt-address
-Original-Recipient: rfc822; rcpt-orig_addr
-Action: failed
-Status: dsn-status
-Remote-MTA: dsn-mtype; dsn-mname
-Diagnostic-Code: dsn-dtype; dsn-dtext
-
---msgid.unix-time/mail.example
-Content-Description: Undelivered Message
-Content-Type: message/rfc822
-
-Return-Path: <sender@sender.example>
-Received: by wzv.porcupine.org (Postfix, from userid 0)
- id 4CkXPY0myNz4w4g; Sun, 29 Nov 2020 15:30:41 +0000 (UTC)
-From: <sender@sender.example>
-To: <recipient@recipient.example>
-Message-Id: <12345@mta-name.example>
-Subject: with-msgid-no-eoh-event
-Date: Sun, 29 Nov 2020 15:30:41 +0000 (UTC)
-
---msgid.unix-time/mail.example--
+++ /dev/null
-From: Mail Delivery System <MAILER-DAEMON>
-Subject: Undelivered Mail Returned to Sender
-To: test-recipient
-References: <12345@mta-name.example>
-In-Reply-To: <12345@mta-name.example>
-Auto-Submitted: auto-replied
-MIME-Version: 1.0
-Content-Type: multipart/report; report-type=delivery-status;
- boundary="msgid.unix-time/mail.example"
-Content-Transfer-Encoding: 7bit
-
-This is a MIME-encapsulated message.
-
---msgid.unix-time/mail.example
-Content-Description: Notification
-Content-Type: text/plain; charset=us-ascii
-
-
-<rcpt-address> (expanded from <rcpt-orig_addr>): dsn-reason
-
---msgid.unix-time/mail.example
-Content-Description: Delivery report
-Content-Type: message/delivery-status
-
-Reporting-MTA: dns; mail.example
-Original-Envelope-Id: TEST-ENVID
-X-Postfix-Queue-ID: msgid
-X-Postfix-Sender: rfc822; sender@sender.example
-Arrival-Date: Sun, 29 Nov 2020 10:30:41 -0500 (EST)
-
-Final-Recipient: rfc822; rcpt-address
-Original-Recipient: rfc822; rcpt-orig_addr
-Action: failed
-Status: dsn-status
-Remote-MTA: dsn-mtype; dsn-mname
-Diagnostic-Code: dsn-dtype; dsn-dtext
-
---msgid.unix-time/mail.example
-Content-Description: Undelivered Message
-Content-Type: message/rfc822
-
-Return-Path: <sender@sender.example>
-Received: by wzv.porcupine.org (Postfix, from userid 0)
- id 4CkXPY10M8z4w4l; Sun, 29 Nov 2020 15:30:41 +0000 (UTC)
-From: <sender@sender.example>
-To: <recipient@recipient.example>
-Message-Id: <12345@mta-name.example>
-Subject: with-msgid-with-eoh-event
-Date: Sun, 29 Nov 2020 15:30:41 +0000 (UTC)
-
-body text
-
---msgid.unix-time/mail.example--
+++ /dev/null
-From: Mail Delivery System <MAILER-DAEMON>
-Subject: Undelivered Mail Returned to Sender
-To: test-recipient
-Auto-Submitted: auto-replied
-MIME-Version: 1.0
-Content-Type: multipart/report; report-type=delivery-status;
- boundary="msgid.unix-time/mail.example"
-Content-Transfer-Encoding: 7bit
-
-This is a MIME-encapsulated message.
-
---msgid.unix-time/mail.example
-Content-Description: Notification
-Content-Type: text/plain; charset=us-ascii
-
-
-<rcpt-address> (expanded from <rcpt-orig_addr>): dsn-reason
-
---msgid.unix-time/mail.example
-Content-Description: Delivery report
-Content-Type: message/delivery-status
-
-Reporting-MTA: dns; mail.example
-Original-Envelope-Id: TEST-ENVID
-X-Postfix-Queue-ID: msgid
-X-Postfix-Sender: rfc822; sender@sender.example
-Arrival-Date: Sun, 29 Nov 2020 10:30:41 -0500 (EST)
-
-Final-Recipient: rfc822; rcpt-address
-Original-Recipient: rfc822; rcpt-orig_addr
-Action: failed
-Status: dsn-status
-Remote-MTA: dsn-mtype; dsn-mname
-Diagnostic-Code: dsn-dtype; dsn-dtext
-
---msgid.unix-time/mail.example
-Content-Description: Undelivered Message
-Content-Type: message/rfc822
-
-Return-Path: <sender@sender.example>
-Received: by wzv.porcupine.org (Postfix, from userid 0)
- id 4CkXPY194lz4w4n; Sun, 29 Nov 2020 15:30:41 +0000 (UTC)
-From: <sender@sender.example>
-To: <recipient@recipient.example>
-Whatever: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-Message-Id: <12345@mta-name.example>
-Subject: with-msgid-with-long-line
-Date: Sun, 29 Nov 2020 15:30:41 +0000 (UTC)
-
---msgid.unix-time/mail.example--
+++ /dev/null
-From: Mail Delivery System <MAILER-DAEMON>
-Subject: Undelivered Mail Returned to Sender
-To: test-recipient
-References: <12345@mta-name.example>
-In-Reply-To: <12345@mta-name.example>
-Auto-Submitted: auto-replied
-MIME-Version: 1.0
-Content-Type: multipart/report; report-type=delivery-status;
- boundary="msgid.unix-time/mail.example"
-Content-Transfer-Encoding: 7bit
-
-This is a MIME-encapsulated message.
-
---msgid.unix-time/mail.example
-Content-Description: Notification
-Content-Type: text/plain; charset=us-ascii
-
-
-<rcpt-address> (expanded from <rcpt-orig_addr>): dsn-reason
-
---msgid.unix-time/mail.example
-Content-Description: Delivery report
-Content-Type: message/delivery-status
-
-Reporting-MTA: dns; mail.example
-Original-Envelope-Id: TEST-ENVID
-X-Postfix-Queue-ID: msgid
-X-Postfix-Sender: rfc822; sender@sender.example
-Arrival-Date: Sun, 29 Nov 2020 10:30:41 -0500 (EST)
-
-Final-Recipient: rfc822; rcpt-address
-Original-Recipient: rfc822; rcpt-orig_addr
-Action: failed
-Status: dsn-status
-Remote-MTA: dsn-mtype; dsn-mname
-Diagnostic-Code: dsn-dtype; dsn-dtext
-
---msgid.unix-time/mail.example
-Content-Description: Undelivered Message
-Content-Type: message/rfc822
-
-Return-Path: <sender@sender.example>
-Received: by wzv.porcupine.org (Postfix, from userid 0)
- id 4CkXPY194lz4w4n; Sun, 29 Nov 2020 15:30:41 +0000 (UTC)
-From: <sender@sender.example>
-To: <recipient@recipient.example>
-Whatever: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-Message-Id: <12345@mta-name.example>
-Subject: with-msgid-with-long-line
-Date: Sun, 29 Nov 2020 15:30:41 +0000 (UTC)
-
---msgid.unix-time/mail.example--
char *hdr_rewrite_context; /* header rewrite context */
char *filter; /* from header/body patterns */
char *redirect; /* from header/body patterns */
+ char *message_id; /* from Message-ID header */
char *dsn_envid; /* DSN envelope ID */
int dsn_ret; /* DSN full/hdrs */
int dsn_notify; /* DSN never/delay/fail/success */
cleanup_out_string(state, REC_TYPE_FILT, state->filter);
if (state->redirect != 0)
cleanup_out_string(state, REC_TYPE_RDR, state->redirect);
+ if (state->message_id != 0) {
+ cleanup_out_format(state, REC_TYPE_ATTR, "%s=%s",
+ MAIL_ATTR_MESSAGE_ID, state->message_id);
+ }
if ((encoding = nvtable_find(state->attr, MAIL_ATTR_ENCODING)) != 0)
cleanup_out_format(state, REC_TYPE_ATTR, "%s=%s",
MAIL_ATTR_ENCODING, encoding);
cleanup_addr_bcc(state, var_always_bcc);
/*
- * Flush non-Milter header/body_checks BCC recipients. Clear hbc_rcpt
- * so that it can be used for other purposes.
+ * Flush non-Milter header/body_checks BCC recipients. Clear hbc_rcpt so
+ * that it can be used for other purposes.
*/
if (state->hbc_rcpt) {
if (CLEANUP_OUT_OK(state) && state->recip != 0) {
*/
else {
state->headers_seen |= (1 << hdr_opts->type);
- if (hdr_opts->type == HDR_MESSAGE_ID)
+ if (hdr_opts->type == HDR_MESSAGE_ID) {
+ ssize_t len;
+
msg_info("%s: message-id=%s", state->queue_id, hdrval);
+ if (state->message_id == 0 && (len = balpar(hdrval, "<>")) > 0)
+ /* This Message ID may end up in threaded bounces. */
+ state->message_id = printable(mystrndup(hdrval, len), ' ');
+ }
if (hdr_opts->type == HDR_RESENT_MESSAGE_ID)
msg_info("%s: resent-message-id=%s", state->queue_id, hdrval);
if (hdr_opts->type == HDR_RECEIVED) {
vstring_str(state->temp1));
state->headers_seen |= (1 << (state->resent[0] ?
HDR_RESENT_MESSAGE_ID : HDR_MESSAGE_ID));
+ if (state->resent[0] == 0 && state->message_id == 0)
+ state->message_id = concatenate("<", vstring_str(state->temp1),
+ ">", (char *) 0);
+
}
if ((state->headers_seen & (1 << HDR_MESSAGE_ID)) == 0)
msg_info("%s: message-id=<>", state->queue_id);
state->hdr_rewrite_context = MAIL_ATTR_RWR_LOCAL;
state->filter = 0;
state->redirect = 0;
+ state->message_id = 0;
state->dsn_envid = 0;
state->dsn_ret = 0;
state->dsn_notify = 0;
myfree(state->filter);
if (state->redirect)
myfree(state->redirect);
+ if (state->message_id)
+ myfree(state->message_id);
if (state->dsn_envid)
myfree(state->dsn_envid);
if (state->dsn_orcpt)
#define MAIL_ATTR_ORG_NONE "unknown" /* origin unknown */
#define MAIL_ATTR_ORG_LOCAL "local" /* local submission */
+#define MAIL_ATTR_MESSAGE_ID "message_id" /* Used for threaded bounce */
+
/*
* XCLIENT/XFORWARD in SMTP.
*/
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20240902"
+#define MAIL_RELEASE_DATE "20240917"
#define MAIL_VERSION_NUMBER "3.10"
#ifdef SNAPSHOT
/* SUMMARY
/* show Postfix queue file contents
/* SYNOPSIS
-/* \fBpostcat\fR [\fB-bdehnoqv\fR] [\fB-c \fIconfig_dir\fR] [\fIfiles\fR...]
+/* \fBpostcat\fR [\fB-bdefhnoqv\fR] [\fB-c \fIconfig_dir\fR] [\fIfiles\fR...]
/* DESCRIPTION
/* The \fBpostcat\fR(1) command prints the contents of the
/* named \fIfiles\fR in human-readable form. The files are
/* Show message envelope content.
/* .sp
/* This feature is available in Postfix 2.7 and later.
+/* .IP \fB-f\fR
+/* Prepend the file name to each output line.
/* .IP \fB-h\fR
/* Show message header content. The \fB-h\fR option produces
/* output from the beginning of the message up to, but not
#define PC_FLAG_PRINT_RTYPE_DEC (1<<5) /* print decimal record type */
#define PC_FLAG_PRINT_RTYPE_SYM (1<<6) /* print symbolic record type */
#define PC_FLAG_RAW (1<<7) /* don't follow pointers */
+#define PC_FLAG_PRINT_PATHNAME (1<<8) /* print pathname */
#define PC_MASK_PRINT_TEXT (PC_FLAG_PRINT_HEADER | PC_FLAG_PRINT_BODY)
#define PC_MASK_PRINT_ALL (PC_FLAG_PRINT_ENV | PC_MASK_PRINT_TEXT)
* changed.
*/
#define PRINT_MARKER(flags, fp, offset, type, text) do { \
+ if ((flags) & PC_FLAG_PRINT_PATHNAME) \
+ vstream_printf("%s: ", VSTREAM_PATH(fp)); \
if ((flags) & PC_FLAG_PRINT_OFFSET) \
vstream_printf("%9lu ", (unsigned long) (offset)); \
if (flags & PC_FLAG_PRINT_RTYPE_DEC) \
} while (0)
#define PRINT_RECORD(flags, offset, type, value) do { \
+ if ((flags) & PC_FLAG_PRINT_PATHNAME) \
+ vstream_printf("%s: ", VSTREAM_PATH(fp)); \
if ((flags) & PC_FLAG_PRINT_OFFSET) \
vstream_printf("%9lu ", (unsigned long) (offset)); \
if (flags & PC_FLAG_PRINT_RTYPE_DEC) \
*/
if (do_print == 0)
continue;
+ if (flags & PC_FLAG_PRINT_PATHNAME)
+ vstream_printf("%s: ", VSTREAM_PATH(fp));
if (flags & PC_FLAG_PRINT_OFFSET)
vstream_printf("%9lu ", (unsigned long) offset);
if (flags & PC_FLAG_PRINT_RTYPE_DEC)
/*
* Parse JCL.
*/
- while ((ch = GETOPT(argc, argv, "bc:dehoqrs:v")) > 0) {
+ while ((ch = GETOPT(argc, argv, "bc:defhoqrs:v")) > 0) {
switch (ch) {
case 'b':
flags |= PC_FLAG_PRINT_BODY;
case 'd':
flags |= PC_FLAG_PRINT_RTYPE_DEC;
break;
+ case 'f':
+ flags |= PC_FLAG_PRINT_PATHNAME;
+ break;
case 'e':
flags |= PC_FLAG_PRINT_ENV;
break;
var_disable_dns = (smtp_dns_support == SMTP_DNS_DISABLED);
}
+#if !defined(USE_TLS) || !defined(USE_TLSRPT)
+ if (var_smtp_tlsrpt_enable)
+ msg_warn("TLSRPT is selected, but TLSRPT is not compiled in");
+#endif
#ifdef USE_TLS
+#ifdef USE_TLSRPT
+ if (var_smtp_tlsrpt_enable) {
+ if (smtp_mode) {
+ if (smtp_tlsrpt_post_jail(VAR_SMTP_TLSRPT_SOCKNAME,
+ var_smtp_tlsrpt_sockname) < 0)
+ var_smtp_tlsrpt_enable = 0;
+ } else {
+ msg_warn("TLSRPT support is not implemented for LMTP");
+ var_smtp_tlsrpt_enable = 0;
+ }
+ }
+#endif /* USE_TLSRPT */
if (smtp_mode) {
smtp_tls_insecure_mx_policy =
tls_level_lookup(var_smtp_tls_insecure_mx_policy);
mdalg = var_smtp_tls_fpt_dgst);
smtp_tls_list_init();
tls_dane_loglevel(VAR_LMTP_SMTP(TLS_LOGLEVEL), var_smtp_tls_loglevel);
-#ifdef USE_TLSRPT
- if (var_smtp_tlsrpt_enable) {
- if (smtp_mode) {
- if (smtp_tlsrpt_pre_jail(VAR_SMTP_TLSRPT_SOCKNAME,
- var_smtp_tlsrpt_sockname) < 0)
- var_smtp_tlsrpt_enable = 0;
- } else {
- msg_warn("TLSRPT support is not implemented for LMTP");
- var_smtp_tlsrpt_enable = 0;
- }
- }
-#else /* no USE_TLSRPT */
- if (var_smtp_tlsrpt_enable)
- msg_warn("TLSRPT is selected, but TLSRPT is not compiled in");
-#endif /* USE_TLSRPT */
#else
msg_warn("TLS has been selected, but TLS support is not compiled in");
#endif
* smtp_tlsrpt.c.
*/
#if defined(USE_TLS) && defined(USE_TLSRPT)
-extern int smtp_tlsrpt_pre_jail(const char *sockname_pname, const char *sockname_pval);
+extern int smtp_tlsrpt_post_jail(const char *sockname_pname, const char *sockname_pval);
extern void smtp_tlsrpt_create_wrapper(SMTP_STATE *state, const char *domain);
extern void smtp_tlsrpt_set_tls_policy(SMTP_STATE *state);
extern void smtp_tlsrpt_set_tcp_connection(SMTP_STATE *state);
state->iterator->host = vstring_alloc(100);
state->iterator->addr = vstring_alloc(100);
state->iterator->saved_dest = vstring_alloc(100);
-#ifdef TLSRPT
+#ifdef USE_TLSRPT
state->tlsrpt = 0;
#endif
if (var_smtp_cache_conn) {
INVALID_RETURN(tls->why, site_level);
}
if (tls->ext_policy_type == 0) {
- if (tls->ext_policy_ttl || tls->ext_policy_strings
+ if (tls->ext_policy_ttl != EXT_POLICY_TTL_UNSET
+ || tls->ext_policy_strings
|| tls->ext_policy_domain || tls->ext_mx_host_patterns
|| tls->ext_policy_failure) {
msg_warn("%s: built-in policy has unexpected attribute "
/* SYNOPSIS
/* #include <smtp_tlsrpt.h>
/*
-/* int smtp_tlsrpt_pre_jail(
+/* int smtp_tlsrpt_post_jail(
/* const char *sockname_pname,
/* const char *sockname_pval)
/*
/* can report a TLS error to a TLSRPT library. The SMTP protocol
/* engine uses the information to report a TLS error or success.
/*
-/* smtp_tls_pre_jail() does configuration sanity checks and
+/* smtp_tls_post_jail() does configuration sanity checks and
/* returns 0 if successful, i.e. TLSRPT support is properly
/* configured. Otherwise it returns -1 and logs a warning. Arguments:
/* .IP sockname_pname
static const char smtp_tlsrpt_support[] = "TLSRPT support";
-/* smtp_tlsrpt_pre_jail - pre-jail configuration sanity check */
+/* smtp_tlsrpt_post_jail - post-jail configuration sanity check */
-int smtp_tlsrpt_pre_jail(const char *sockname_pname,
- const char *sockname_pval)
+int smtp_tlsrpt_post_jail(const char *sockname_pname,
+ const char *sockname_pval)
{
if (smtp_dns_support == SMTP_DNS_DISABLED) {
msg_warn("Cannot enable TLRPT support: DNS is disabled");
* Look up TXT records. Ignore records that don't start with the expected
* version ID, and require that there is exactly one such DNS record.
*/
- vstring_sprintf(qname, "_smtp._tls_.%s", adomain);
+ vstring_sprintf(qname, "_smtp._tls.%s", adomain);
dns_status = dns_lookup(STR(qname), T_TXT, res_opt, &rr_list,
(VSTRING *) 0, why);
vstring_free(qname);
}
}
+/* smtp_tlsrpt_set_no_policy - no policy found */
+
+static void smtp_tlsrpt_set_no_policy(SMTP_STATE *state)
+{
+ trw_set_tls_policy(state->tlsrpt, TLSRPT_NO_POLICY_FOUND,
+ /* tls_policy_strings= */ (const char *const *) 0,
+ /* tls_policy_domain= */ (char *) 0,
+ /* mx_host_patterns= */ (const char *const *) 0);
+}
+
/* smtp_tlsrpt_set_dane_policy - add DANE policy properties */
static void smtp_tlsrpt_set_dane_policy(SMTP_STATE *state)
SMTP_TLS_POLICY *tls = state->tls;
tlsrpt_policy_type_t policy_type_val;
- switch (policy_type_val = convert_tlsrpt_policy_type(tls->ext_policy_type)) {
+ if (tls->ext_policy_type == 0)
+ msg_panic("smtp_tlsrpt_set_ext_policy: no policy type");
+
+ switch (policy_type_val =
+ convert_tlsrpt_policy_type(tls->ext_policy_type)) {
case TLSRPT_POLICY_STS:
trw_set_tls_policy(state->tlsrpt, policy_type_val,
(const char *const *) tls->ext_policy_strings->argv,
(const char *const *) tls->ext_mx_host_patterns->argv);
break;
case TLSRPT_NO_POLICY_FOUND:
- trw_set_tls_policy(state->tlsrpt, policy_type_val,
- /* tls_policy_strings= */ (const char *const *) 0,
- /* tls_policy_domain= */ (const char *) 0,
- /* mx_host_patterns= */ (const char *const *) 0);
+ smtp_tlsrpt_set_no_policy(state);
break;
default:
+ /* Policy type must be validated in smtp_tls_policy_maps parser. */
msg_panic("unexpected policy type: \"%s\"",
tls->ext_policy_type);
}
if (TLS_DANE_BASED(tls->level)) { /* Desired by local policy */
if (tls->dane != 0) /* Actual policy */
smtp_tlsrpt_set_dane_policy(state);
+ else /* No policy */
+ smtp_tlsrpt_set_no_policy(state);
} else if (tls->ext_policy_type) {
- smtp_tlsrpt_set_ext_policy(state);
+ smtp_tlsrpt_set_ext_policy(state);
+ } else {
+ smtp_tlsrpt_set_no_policy(state);
}
}
* reason was already reported.
*/
#ifdef USE_TLSRPT
- TLScontext->rpt_reported = trw_is_reported(props->tlsrpt);
+ TLScontext->rpt_reported = props->tlsrpt != 0
+ && trw_is_reported(props->tlsrpt);
#endif
return (TLScontext);
if (n == 0)
dane->flags |= TLS_DANE_FLAG_EMPTY;
} else
- /* TODO(wietse) report non-parsable TLSA records in TLSRPT. */
dane->flags |= TLS_DANE_FLAG_NORRS;
if (rrs)
int have_tlsrpt = 0;
ret = scan_fn(fp, flags | ATTR_FLAG_MORE,
- RECV_ATTR_INT(TLS_ATTR_DANE, &have_tlsrpt),
+ RECV_ATTR_INT(TLS_ATTR_TLSRPT, &have_tlsrpt),
ATTR_TYPE_END);
if (msg_verbose)
msg_info("tls_proxy_client_tlsrpt_scan have_tlsrpt=%d", have_tlsrpt);
VSTRING *rpt_policy_domain = vstring_alloc(100);
VSTRING *rpt_policy_string = vstring_alloc(100);
int tls_policy_type;
- ARGV *tls_policy_strings = argv_alloc(100);
+ ARGV *tls_policy_strings = 0;
VSTRING *tls_policy_domain = vstring_alloc(100);
- ARGV *mx_host_patterns = argv_alloc(100);
+ ARGV *mx_host_patterns = 0;
VSTRING *snd_mta_addr = vstring_alloc(100);
VSTRING *rcv_mta_name = vstring_alloc(100);
VSTRING *rcv_mta_addr = vstring_alloc(100);
VSTRING *rcv_mta_ehlo = vstring_alloc(100);
+ int trw_flags;
ret = scan_fn(fp, flags | ATTR_FLAG_MORE,
RECV_ATTR_STR(TRW_RPT_SOCKET_NAME, rpt_socket_name),
RECV_ATTR_STR(TRW_RPT_POLICY_DOMAIN, rpt_policy_domain),
RECV_ATTR_STR(TRW_RPT_POLICY_STRING, rpt_policy_string),
RECV_ATTR_INT(TRW_TLS_POLICY_TYPE, &tls_policy_type),
- RECV_ATTR_FUNC(argv_attr_scan, tls_policy_strings),
+ RECV_ATTR_FUNC(argv_attr_scan, &tls_policy_strings),
RECV_ATTR_STR(TRW_TLS_POLICY_DOMAIN, tls_policy_domain),
- RECV_ATTR_FUNC(argv_attr_scan, mx_host_patterns),
+ RECV_ATTR_FUNC(argv_attr_scan, &mx_host_patterns),
RECV_ATTR_STR(TRW_SRC_MTA_ADDR, snd_mta_addr),
RECV_ATTR_STR(TRW_DST_MTA_NAME, rcv_mta_name),
RECV_ATTR_STR(TRW_DST_MTA_ADDR, rcv_mta_addr),
RECV_ATTR_STR(TRW_DST_MTA_EHLO, rcv_mta_ehlo),
- RECV_ATTR_INT(TRW_FLAGS, &trw->flags),
+ RECV_ATTR_INT(TRW_FLAGS, &trw_flags),
ATTR_TYPE_END);
/* Always construct a well-formed structure. */
EXPORT_OR_NULL(trw->rcv_mta_name, rcv_mta_name);
EXPORT_OR_NULL(trw->rcv_mta_addr, rcv_mta_addr);
EXPORT_OR_NULL(trw->rcv_mta_ehlo, rcv_mta_ehlo);
+ trw->flags = trw_flags;
ret = (ret == 12 ? 1 : -1);
if (ret != 1) {
trw_free(trw);
ARGV_FREE_IF_SET_AND_CLEAR(trw->tls_policy_strings);
} else {
ARGV_FREE_IF_SET_AND_COPY(trw->tls_policy_strings, tls_policy_strings);
- ARGV_FREE_IF_SET_AND_COPY(trw->tls_policy_strings, mx_host_patterns);
+ ARGV_FREE_IF_SET_AND_COPY(trw->mx_host_patterns, mx_host_patterns);
}
trw->flags = TRW_FLAG_HAVE_TLS_POLICY;
trw_set_tcp_connection(trw, (char *) 0, (char *) 0, (char *) 0);
/*
* Sanity check: usage errors are not a show stopper.
*/
- if ((trw->flags & TRW_FLAG_HAVE_TLS_POLICY) == 0
- || (trw->flags & TRW_FLAG_REPORTED)) {
+ if ((snd_mta_addr || rcv_mta_name || rcv_mta_addr)
+ && ((trw->flags & TRW_FLAG_HAVE_TLS_POLICY) == 0
+ || (trw->flags & TRW_FLAG_REPORTED))) {
msg_warn("%s: missing trw_set_tls_policy call", myname);
return;
}
/*
* Sanity check: usage errors are not a show stopper.
*/
- if ((trw->flags & TRW_FLAG_HAVE_TLS_POLICY) == 0
- || (trw->flags & TRW_FLAG_REPORTED)) {
+ if (rcv_mta_ehlo && ((trw->flags & TRW_FLAG_HAVE_TLS_POLICY) == 0
+ || (trw->flags & TRW_FLAG_REPORTED))) {
msg_warn("%s: missing trw_set_tls_policy call", myname);
return;
}
}
/*
- * Do not report success if errno was zero.
+ * Report a tlsrpt library internal error.
+ */
+ else if (tlsrpt_error_code_is_internal(libtlsrpt_errorcode)) {
+ msg_warn("Could not report TLS handshake result to tlsrpt library:"
+ " %s (error %d)", tlsrpt_strerror(libtlsrpt_errorcode),
+ libtlsrpt_errorcode);
+ return (-1);
+ }
+
+ /*
+ * Report a libc error. Do not report success if errno was zero.
*/
else {
err = tlsrpt_errno_from_error_code(libtlsrpt_errorcode);
trw->rpt_policy_domain,
trw->rpt_policy_string)) == 0) {
if ((res = tlsrpt_init_policy(dr, trw->tls_policy_type,
- trw->tls_policy_domain)) == 0)
- res = tlsrpt_finish_policy(dr, TLSRPT_FINAL_SUCCESS);
+ trw->tls_policy_domain)) == 0) {
+ char **cpp;
+
+ if (trw->tls_policy_strings)
+ for (cpp = trw->tls_policy_strings->argv;
+ res == 0 && *cpp; cpp++)
+ res = tlsrpt_add_policy_string(dr, *cpp);
+ if (trw->mx_host_patterns)
+ for (cpp = trw->mx_host_patterns->argv;
+ res == 0 && *cpp; cpp++)
+ res = tlsrpt_add_mx_host_pattern(dr, *cpp);
+ if (res == 0)
+ res = tlsrpt_finish_policy(dr, TLSRPT_FINAL_SUCCESS);
+ }
if (res == 0) {
res = tlsrpt_finish_delivery_request(&dr);
} else {
* already reported.
*/
#ifdef USE_TLSRPT
- if ((state->flags & TLSP_FLAG_DO_HANDSHAKE)
+ if (state->client_start_props->tlsrpt
+ && (state->flags & TLSP_FLAG_DO_HANDSHAKE)
&& state->is_server_role == 0)
trw_report_failure(state->client_start_props->tlsrpt,
TLSRPT_VALIDATION_FAILURE,
projects / thirdparty / postfix.git / commitdiff
