==================================
Postfix aims to be an alternative to the widely-used sendmail
-program. Sendmail is responsible for 70% of all e-mail delivered
-on the Internet. With an estimated 100 million users, that's an
-estimated 10 billion (10^10) messages daily. A stunning number.
+program.
Although IBM supported the Postfix development, it abstains from
control over its evolution. The goal is to have Postfix installed
Roadmap of the Postfix source distribution
==========================================
-Point your browser at html/index.html for Postfix documentation,
-for manual pages, and for the unavoidable Postfix FAQ. Expect to
-see updated versions on-line at http://www.postfix.org/
-
-Point your MANPATH environment variable at the `man' directory (use
-an absolute path) for UNIX-style on-line manual pages. These pages
-are also available through the HTML interface, which allows you to
-navigate faster.
-
The RELEASE_NOTES file describes new features, and lists incompatible
changes with respect to previous Postfix versions.
The HISTORY file gives a detailed log of changes to the software.
+Point your browser at html/index.html for Postfix documentation,
+for manual pages, and for the unavoidable Postfix FAQ. Expect to
+see updated versions on-line at http://www.postfix.org/
+
+Point your MANPATH environment variable at the `man' directory (use
+an absolute path) for UNIX-style on-line manual pages. These pages
+are also available through the HTML interface, which allows you to
+navigate faster.
+
The PORTING file discusses how to go about porting Postfix to other
-UNIX platforms. Some people are looking into a port to Windows NT.
-We'll see. This software uses every trick in the book that I learned
-about UNIX.
+UNIX platforms.
The TODO file lists things that still need to be done. If you want
to set your teeth into one of those problems, drop me a note at
20010203
- Update: null candidate patch from Patrick Rak. Files:
+ Update: null candidate patch from Patrik Rak. Files:
nqmgr/qmgr_entry.c nqmgr/qmgr_job.c nqmgr/qmgr_message.c.
Cleanup: added one gruesome command to the postlink script
Laid the ground work for logging of table accesses. This
will give more insight into how Postfix uses its lookup
tables. User interface comes later. File: util/dict_debug.c.
+
+20010215
+
+ The showq output format assumes queue IDs of up to 10
+ characters. It can be more with large file systems.
+ Workaround for 11 character queue IDs by Lamont Jones.
+ File: showq/showq.c.
+
+20010216
+
+ Bugfix: the pipe delivery agent expanded $size as if it
+ were a recipient, instead of expanding it as $nexthop or
+ as $sender. Reported by Michael Tokarev. File: pipe/pipe.c.
+
+20010221
+
+ Bugfix: poor LMTP performance for domains that are listed
+ in $mydestination, because Postfix would send one recipient
+ at a time, with multiple deliveries of recipients of the
+ same message in parallel; a similar problem could exist
+ with firewall relay hosts that forward mail for $mydestination
+ to an inside machine. This behavior is now changed to depend
+ on the transport-specific xxx_destination_recipient_limit
+ parameter. This also means that you can now get qmail behavior
+ for SMTP deliveries by setting smtp_destination_recipient_limit=1.
+ File: {qmgr,nqmgr}/qmgr_message.c.
+
+ Workaround: Solaris socketpair() can fail with EINTR. Added
+ a sane_socketpair.c module that joins the ranks of the other
+ sane_whatever workarounds. Reported by Andrew McNamara.
+ File: util/sane_socketpair.[hc]
+
+20010222
+
+ Documentation: the default main.cf file has a prominent
+ warning that mynetworks should be properly configured in
+ order to reject unauthorized mail relay requests from
+ strangers.
+
+ Documentation: the INSTALL document, section "mandatory
+ configuration file edits" has a section that explains that
+ mynetworks should be properly configured in order to reject
+ unauthorized mail relay requests from strangers.
Linux RedHat 4.x
Linux RedHat 5.x
Linux RedHat 6.x
+ Linux RedHat 7.x
Linux Slackware 3.5
Linux Slackware 4.0
Linux Slackware 7.0
Linux SuSE 5.x
Linux SuSE 6.x
+ Linux SuSE 7.x
Mac OS X server
NEXTSTEP 3.x
NetBSD 1.x
Rhapsody 5.x
SunOS 4.1.x
SunOS 5.4..5.8 (Solaris 2.4..8)
- Ultrix 4.x
+ Ultrix 4.x (well, that was long ago)
or something closely resemblant.
- Run the INSTALL.sh script as the super-user:
- # sh INSTALL.sh
+ # make install (interactive version, first time install)
+ # make install </dev/null (non-interactive version, for upgrades)
The INSTALL.sh script offers suggestions for pathnames that you
can override, either by editing INSTALL.sh or by specifying your
configuration language uses lazy evaluation, and does not look at
a parameter value until it is needed at runtime.
-First of all, you must specify what domain will be appended to a
-local address. The "myorigin" parameter defaults to the local
-hostname, but that is probably OK only for very small sites.
+First of all, you must specify what domain will be appended to an
+unqualified address (i.e. an address without @domain.name). The
+"myorigin" parameter defaults to the local hostname, but that is
+probably OK only for very small sites.
Some examples:
In the first case, local mail goes out as user@$myhostname, in
the second case the sender address is user@$mydomain.
-Next you need to specify what mail addresses are local to the
-Postfix system.
+Next you need to specify what mail addresses Postfix should deliver
+locally.
Some examples:
appropriate for the mailserver for an entire domain. The third
example should be used when running on a virtual host interface.
+If your machine is on an open network then you must specify what
+client IP addresses are authorized to relay their mail through your
+machine. The default setting includes all class A, B or C networks
+that the machine is attached to. Often, that gives relay permission
+to too many clients. My own settings are:
+
+ mynetworks = 168.100.189.0/28, 127.0.0.0/8
+
If you're behind a firewall, you should set up a relayhost. If
you can, specify the organizational domain name so that Postfix
can use DNS lookups, and so that it can fall back to a secondary
Finally, if you haven't used Sendmail prior to using Postfix, you
will have to build the alias database (with: sendmail -bi, or:
newaliases). Be sure to set up aliases for root and postmaster that
-forward mail to a real person.
+forward mail to a real person. Postfix has a sample aliases file
+the conf/aliases.
11 - To chroot or not to chroot
==============================
With the exception of the Postfix local delivery and `pipe' daemons,
every Postfix daemon can run chrooted.
-By default, no Postfix daemon runs chrooted. In order to enable
-chroot operation, edit the file /etc/postfix/master.cf. It is
-highly recommended to chroot the daemons that talk to the network:
-the smtp and smtpd processes.
+Sites with high security requirements should consider to chroot
+all daemons that talk to the network: the smtp and smtpd processes,
+and perhaps also the lmtp client.
+
+The default /etc/postfix/master.cf file specifies that no Postfix
+daemon runs chrooted. In order to enable chroot operation, edit
+the file /etc/postfix/master.cf. Instructions are in the file.
Note that a chrooted daemon resolves all filenames relative to the
Postfix queue directory (/var/spool/postfix). For successful use
% make makefiles CCARGS="-I/usr/local/include -DHAS_LDAP" \
AUXLIBS="-L/usr/local/lib -lldap -L/usr/local/lib -llber"
+On Solaris 2.x you may have to specify run-time link information,
+otherwise ld.so will not find some of the shared libraries:
+
+ % make tidy
+ % make makefiles CCARGS="-I/usr/local/include -DHAS_LDAP" \
+ AUXLIBS="-L/usr/local/lib -R/usr/local/lib -lldap \
+ -L/usr/local/lib -R/usr/local/lib -llber"
+
The 'make tidy' command is needed only if you have previously built
Postfix without LDAP support.
[This file still needs to be updated - some information is obsolete]
-Postfix LMTP support
-====================
+1 - Postfix LMTP support
+========================
LMTP stands for Local Mail Transfer Protocol, and is detailed in
-RFC2033. This protocol is used to communicate with the final
+RFC2033. Postfix uses this protocol to communicate with the final
delivery agent, which may run on the local host or a remote host.
This protocol opens up interesting possibilities: one Postfix front
end machine can drive multiple mailbox back end machines over LMTP.
-As the mail load increases you add Postfix front end systems and
-LMTP mailbox back end systems. You can use LDAP or mysql to share
-the user database among the front end and back end systems.
+As the mail load increases, you add more Postfix front end systems
+and more LMTP mailbox back end systems. This is the model that I
+had in mind when I began drafting the design for Postfix - a scalable
+architecture that allows you to keep adding SMTP servers and mailbox
+servers painlessly.
+
+Such a distributed architecture needs glue to keep things together.
+You can use a networked database LDAP or mysql to share the user
+database among the front end and back end systems. Use a replicated
+database so that no machine becomes a single point of failure for
+the entire mail infrastructure.
Postfix LMTP support is based on a modified version of the Postfix
SMTP client. The initial version was by Philip A. Prindeville of
present shape.
-Overview
-========
+2 - Overview
+============
Most of the examples in this document involve the CMU Cyrus IMAP/POP
server, available from:
http://asg.web.cmu.edu/cyrus/
-While certainly not the only application that could make use of LMTP,
-it tends to be the most discussed. These examples are based on the
-forthcoming Cyrus 2.0.10, at least at the time of writing. The 2.x
-branch of Cyrus places greater emphasis on LMTP delivery than the
-previous releases. Those using older releases of Cyrus can find a
-discussion in the appendix of this document.
+While certainly not the only application that could make use of
+LMTP, it tends to be the most discussed. These examples are based
+on the forthcoming Cyrus 2.0.10, at least at the time of writing.
+The 2.x branch of Cyrus places greater emphasis on LMTP delivery
+than the previous releases. Those using older releases of Cyrus
+can find a discussion in the appendix of this document.
There are a variety of ways LMTP delivery can be configured in
-Postfix. The two basic flavors are delivery over UNIX-domain sockets
-and delivery over TCP sockets. Both flavors can be specified in
-either the Postfix main.cf or in a transport map. The best approach
-to use depends upon the arrangement of your servers and the desired
-level of parallelization. Please be sure to study this entire
-document as there are trade-offs in convenience and performance with
-these different approaches.
+Postfix. The two basic flavors are delivery over UNIX-domain
+sockets and delivery over TCP sockets.
+
+ o Connections over UNIX-domain sockets limit delivery to LMTP
+ servers running on the same machine.
+
+ o Connections over TCP sockets allow you to deliver to LMTP
+ servers across a local network.
The precise syntax for UNIX-domain and TCP connection endpoints is
-given in the lmtp(8) manual page.
+given in the lmtp(8) manual page. Examples are also given in the
+text below.
+Both socket flavors can be specified in either the Postfix main.cf
+file (see section 5) or in a Postfix transport map (section 6).
+What is the best approach for you depends upon the arrangement of
+your servers and the desired level of parallelization.
-Using main.cf configuration
-===========================
+Please be sure to study this entire document as there are trade-offs
+in convenience and in performance with these different approaches.
-This is the simplest LMTP configuration.
+3 - LMTP over UNIX-domain sockets
+=================================
-1. Delivery mechanisms
+A UNIX-domain socket is specified as the socket type ("unix") and
+a name in the local file system:
- Postfix supports three mechanisms to deliver mail over LMTP.
- Each method can use UNIX-domain or TCP sockets as described in
- a later section.
+ unix:/path/name
- mailbox_transport = lmtp:unix:/path/name (UNIX-domain socket)
- mailbox_transport = lmtp:hostname:port (TCP socket)
+The "/path/name" part should be the name of a socket created by
+the LMTP server on the local machine. See the specific examples
+later in this document.
- The Postfix local delivery agent expands aliases and .forward
- files, and delegates mailbox delivery to the LMTP server.
+NOTE:
- local_transport = lmtp:unix:/path/name (UNIX-domain socket)
- local_transport = lmtp:hostname:port (TCP socket)
+ If you run the lmtp client chrooted, the interpretation of the
+ /path/name is relative to the Postfix queue directory (typically,
+ /var/spool/postfix).
- Mail that resolves as local is directly given to the LMTP
- server. The mail is not processed by the Postfix local
- delivery agent; therefore aliases and .forward files are
- not expanded.
+ By default, the Postfix LMTP client does not run chrooted.
+ With LMTP delivery to the local machine there is no good reason
+ to run the Postfix LMTP client chrooted.
- fallback_transport = lmtp:unix:/path/name (UNIX-domain socket)
- fallback_transport = lmtp:hostname:port (TCP socket)
+4 - LMTP over TCP sockets
+=========================
- The Postfix local delivery agent expands aliases and .forward
- files, and delivers to /var[/spool]/mail/$user for users
- that have a UNIX account. Mail for other local users is
- delegated to the LMTP server.
+A TCP destination is specified as the socket type ("inet"), the
+destination hostname and the TCP port:
-2. LMTP over UNIX-domain sockets.
+ inet:hostname:port
- The UNIX-domain socket is specified as a name in the local file
- system. This "/path/name" should be the socket created by the
- LMTP server on the local machine. See the specific examples
- later in this document.
+The "inet:" part can be omitted, as it is the default socket type.
- NOTE:
+The destination port can be omitted as well. Currently the default
+TCP port number for this type of connection is 24, but this can be
+customized in the "/etc/services" file. Specific examples are
+given later in this document.
- If you run the lmtp client chrooted, the interpretation of
- the /path/name is relative to the Postfix queue directory
- (typically, /var/spool/postfix).
+NOTE:
- By default, the Postfix LMTP client does not run chrooted.
- With LMTP delivery to the local machine there is no good
- reason to run the Postfix LMTP client chrooted.
+ With connections over TCP sockets, later Cyrus LMTP server
+ implementations insist on SASL-style authentication. This means
+ that Postfix must be built with SASL support (see SASL_README).
+ The examples below show how to enable this in the Postfix LMTP
+ client.
-3. LMTP over TCP sockets.
+ Some Cyrus LMTP server implementations do not allow SASL-style
+ authentication via plaintext passwords. You will have to jump
+ some extra hoops in order to enable MD5 password support, or
+ you will have to wait until this restriction is relaxed.
- Currently the default TCP port number for this type of connection
- is 24, but this can be customized in the "/etc/services" file.
- Specific examples are given later in this document.
- NOTE:
+5 - Configuring LMTP using main.cf configuration
+================================================
- With connections over TCP sockets, later Cyrus implementations
- insist on SASL-style authentication. This means that Postfix
- must be built with SASL support (see SASL_README). The
- examples below show how to enable this in the Postfix LMTP
- client.
+This is the simplest LMTP configuration.
-Examples:
+5.1 - Delivery mechanisms
+-------------------------
-1. LMTP over UNIX-domain sockets.
+Postfix main.cf supports three mechanisms to deliver mail over
+LMTP. Each method can use UNIX-domain or TCP sockets as described
+in a later section.
- To utilize UNIX-domain sockets for the communication between
- Postfix and Cyrus, the corresponding configuration files should
- look something like this:
+main.cf mechanism 1
+-------------------
- /etc/cyrus.conf:
+mailbox_transport = lmtp:unix:/path/name (UNIX-domain socket example)
+mailbox_transport = lmtp:hostname:port (TCP socket example)
- SERVICES {
- ...
- lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=1
- ...
- }
+Mail that resolves as local (domain is listed in $mydestination)
+is given to the Postfix local delivery agent. The Postfix local
+delivery agent expands aliases and .forward files, and delegates
+mailbox delivery to the LMTP server.
- /etc/postfix/main.cf:
+main.cf mechanism 2
+-------------------
- mailbox_transport = lmtp:unix:/var/imap/socket/lmtp
+local_transport = lmtp:unix:/path/name (UNIX-domain socket example)
+local_transport = lmtp:hostname:port (TCP socket example)
- In this case, the Postfix local delivery agent expands aliases
- and .forward files, and delegates mailbox delivery to the Cyrus
- lmtpd server via the socket "/var/imap/socket/lmtp".
+Mail that resolves as local (domain is listed in $mydestination)
+is directly given to the LMTP server. The mail is not processed
+by the Postfix local delivery agent; therefore aliases and .forward
+files are not processed.
-2. LMTP over TCP sockets.
+main.cf mechanism 3
+-------------------
- For this example, suppose the following files are configured
- thusly:
+fallback_transport = lmtp:unix:/path/name (UNIX-domain socket example)
+fallback_transport = lmtp:hostname:port (TCP socket example)
- /etc/cyrus.conf:
+Mail that resolves as local (domain is listed in $mydestination)
+is given to the Postfix local delivery agent. The Postfix local
+delivery agent processes aliases and .forward files, and delivers
+to /var[/spool]/mail/$user for users that have a UNIX account.
+Mail for other local users is delegated to the LMTP server.
- SERVICES {
- ...
- lmtp cmd="lmtpd" listen="127.0.0.1:lmtp" prefork=0
- ...
- }
+5.2 - Examples
+--------------
- /etc/services:
+5.2.1 - LMTP over UNIX-domain sockets
+-------------------------------------
- lmtp 24/tcp
+To utilize UNIX-domain sockets for the communication between
+Postfix and Cyrus, the corresponding configuration files should
+look something like this:
- /etc/postfix/main.cf:
+/etc/cyrus.conf:
- mailbox_transport = lmtp:localhost
- lmtp_sasl_auth_enable = yes
- lmtp_sasl_password_maps = hash:/etc/postfix/lmtp_sasl_pass
+ SERVICES {
+ ...
+ lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=1
+ ...
+ }
- /etc/postfix/master.cf:
+/etc/postfix/main.cf:
- lmtp unix - - n - - lmtp
+ mailbox_transport = lmtp:unix:/var/imap/socket/lmtp
- /etc/postfix/lmtp_sasl_pass:
- localhost.my.domain username:password
+In this case, the Postfix local delivery agent expands aliases
+and .forward files, and delegates mailbox delivery to the Cyrus
+lmtpd server via the socket "/var/imap/socket/lmtp".
- Instead of "hash", use the map type of your choice. Some
- systems use "dbm" instead. Use "postconf -m" to find out what
- map types are supported.
+5.2.2 - LMTP over TCP sockets
+-----------------------------
- With the above settings, the Postfix local delivery agent
- expands aliases and .forward files, and delegates mailbox
- delivery to the the Cyrus LMTP server. Postfix makes a
- connection to port 24 on the local host, subsequently
- transmitting the message to the lmtpd server managed by the
- Cyrus master process.
+For this example, suppose the following files are configured
+thusly:
+/etc/cyrus.conf:
+
+ SERVICES {
+ ...
+ lmtp cmd="lmtpd" listen="127.0.0.1:lmtp" prefork=0
+ ...
+ }
+
+/etc/services:
+
+ lmtp 24/tcp
+
+/etc/postfix/main.cf:
+
+ mailbox_transport = lmtp:localhost
+ lmtp_sasl_auth_enable = yes
+ lmtp_sasl_password_maps = hash:/etc/postfix/lmtp_sasl_pass
+
+/etc/postfix/master.cf:
+
+ lmtp unix - - n - - lmtp
+
+/etc/postfix/lmtp_sasl_pass:
+ localhost.my.domain username:password
+
+Instead of "hash", use the map type of your choice. Some systems
+use "dbm" instead. Use "postconf -m" to find out what map types
+are supported.
+
+With the above settings, the Postfix local delivery agent expands
+aliases and .forward files, and delegates mailbox delivery to the
+the Cyrus LMTP server. Postfix makes a connection to port 24 on
+the local host, subsequently transmitting the message to the lmtpd
+server managed by the Cyrus master process.
-Using transport map configuration
-=================================
+
+6 - Configuring LMTP using transport map configuration
+======================================================
This approach is quite similar to specifying the LMTP service in
the Postfix main.cf configuration file. However, now we will use
transport_maps = hash:/etc/postfix/transport
+For details of the Cyrus LMTP server configuration, see section 5.
+
Instead of "hash", use the map type of your choice. Some systems use
"dbm" instead. Use "postconf -m" to find out what map types are
supported.
-Performance considerations
-==========================
+7 - Performance considerations
+==============================
Hopefully the preceding discussion has seemed pretty straight
forward. Now things get interesting. After reading the following
-you will see that there are more factors to consider when setting up
-LMTP services.
+you will see that there are more factors to consider when setting
+up LMTP services.
-Single instance message store
-=============================
+8 - Single instance message store
+=================================
Presently this topic is more pertinent to sites running Cyrus, but
may be a factor with other applications as well.
Since 1.6.22, Cyrus has had the feature that if a message containing
-multiple recipients is received via the LMTP protocol, and all these
-recipients were on the same Cyrus partition, only one instance of
-this message would be written to the file system. The other
+multiple recipients is received via the LMTP protocol, and all
+these recipients were on the same Cyrus partition, only one instance
+of this message would be written to the file system. The other
recipients would then see a hard link of this single instance.
-Depending on your user base, this can be considerable motivation to
-using LMTP.
-
-However, there is a catch: currently the Postfix local delivery
-mechanisms are only designed to handle one recipient at a time, which
-in most cases is more than adequate. So, if you wish to support
-single instance message store delivery, you will have to use a
-transport table to map these users to the appropriate LMTP
-destination.
-
-While the simplest thing to do would be to list the entire domain in
-the transport map for LMTP delivery, this by-passes alias expansion
-for otherwise local addresses. If the site is to run software via
-aliases, like most Mailing List Management (MLM) software, a more
-complex solution is required. Fortunately, a virtual table should do
-the trick.
+Depending on your user base, this can be considerable motivation
+to using LMTP.
+
+However, there is a catch: the Postfix local delivery agent is
+designed to deliver one recipient at a time, which in most cases
+is more than adequate. So, if you wish to support single instance
+message store delivery, you will have to use a virtual table to
+map these users to the appropriate LMTP destination (at the time
+of writing, the Postfix transport table supports only per-domain
+routing, and not per-recipient routing).
+
+While the simplest thing to do would be to list the entire domain
+in the transport map for LMTP delivery, this by-passes alias
+expansion for otherwise local addresses (see section 5.1, delivery
+mechanism 2). If the site is to run software via aliases, like
+most Mailing List Management (MLM) software, a more complex solution
+is required. A virtual table should do the trick.
As an example, suppose we wanted to support single instance message
-store delivery for the domain "example.org". The configuration files
-for this domain could look something like this:
+store delivery for the hosted (not local) domain "example.org".
+The configuration files for this domain could look something like
+this:
/etc/postfix/virtual:
Breaking things down, we begin with the address "mlist@example.org",
which represents a mailing list. By placing an entry in the virtual
map to direct this mail to "mlist@localhost", we can override the
-transport map that would by default route all "@example.org" mail to
-a LMTP server via a UNIX-domain socket.
+transport map that would by default route all "@example.org" mail
+to a LMTP server via a UNIX-domain socket.
-To summarize, all mail that is to be processed by an alias entry must
-first be diverted with a virtual table entry so that it does not fall
-into the more general routing established by the transport table.
+To summarize, all mail that is to be processed by an alias entry
+must first be diverted with a virtual table entry so that it does
+not fall into the more general routing established by the transport
+table.
-Improving connection caching performance
-========================================
+9 - Improving connection caching performance
+============================================
After delivering a message via LMTP, Postfix will keep the connection
open for a while, so that it can be reused for a subsequent delivery.
This reduces overhead of LMTP servers that create one process per
-connection.
+connection.
For LMTP connection caching to work, the Postfix LMTP client should
not switch destination hosts. This is no problem when you run only
can be an issue.
You can prevent the LMTP client from switching between servers by
-configuring a separate mail delivery transport for each LMTP server:
+configuring a separate LMTP delivery transport for each LMTP server:
/etc/postfix/master.cf:
bar.com lmtp2:lmtp2host
-Appendix: Older Cyrus versions
-==============================
+10 - Appendix: Older Cyrus versions
+===================================
First of all, if you are using a Cyrus 2.x version prior to 2.0.10,
it would be good to upgrade. The previous 2.x releases were beta
configuration is the lack of mention of the UNIX-domain sockets.
That is because delivery over UNIX-domain sockets is new with Cyrus
2.x, yet another reason to upgrade. :-)
-
-
-
-# Local Variables:
-# mode: text
-# mode: flyspell
-# fill-column: 69
-# End:
-
-
-
-Apart from bugfixes this is expected to become the first non-beta
-Postfix release.
+Incompatible changes with snapshot-20010222
+===========================================
+
+The incoming and deferred queue directories are now hashed by
+default. This improves the performance considerably under heavy
+load, at the cost of a small but noticeable slowdown when one runs
+"mailq" on an unloaded system.
+
+Postfix no longer automatically delivers recipients one at a time
+when their domain is listed in $mydestination. This change solves
+delivery performance problems with delivery via LMTP, and with
+firewall relays that forward all mail for $mydestination to an
+inside host.
+
+The "one recipient at a time" delivery behavior is now controlled
+by the per-transport recipient limit (xxx_destination_recipient_limit,
+where xxx is the name of the delivery mechanism). This parameter
+controls the number of recipients that can be sent in one delivery
+(surprise).
+
+The setting of the per-transport recipient limit also controls the
+meaning of the per-transport destination concurrency limit (named
+xxx_destination_concurrency_limit, where xxx is again the name of
+the delivery mechanism):
+
+ 1) When the per-transport recipient limit is 1 (i.e., send one
+ recipient per delivery), the per-transport destination concurrency
+ limit controls the number of simultaneous deliveries to the
+ same recipient. This is the default behavior for delivery via
+ the Postfix local delivery agent.
+
+ 2) When the per-transport recipient limit is > 1 (i.e., send
+ multiple recipients per delivery), the per-transport destination
+ concurrency limit controls the number of simultaneous deliveries
+ to the same domain. This is the default behavior for all other
+ Postfix delivery agents.
+
+The default settings are: local_destination_recipient_limit = 1,
+local_destination_concurrency_limit = 2. Other delivery transports
+have default recipient limits (50) and have default per-destination
+concurrency limits (10).
Major changes with snapshot-20010202
====================================
postconf -f filename
-more general relocated feature - perhaps better to bounce recipients
+get rid of the relocated feature - perhaps better to bounce recipients
at the SMTP port.
-use $mydomain when hostname is not FQDN.
-
-generic daemon that listens on fifo and runs command
-
make sendmail/smtpd/cleanup output directory/fifo configurable
if postdrop scrutinizes input, skip the overhead in the pickup
daemon.
-luser relay
-
add a threshold to sendmail etc. stderr logging, so that class
"info" messages don't go to stderr.
-need a configurable mailbox locking method with system-specific
-default, so people don't have to recompile just to turn of fcntl()
-locks to work around SUN mailtool.
-
implement an UCE control to accept mail if the sender domain sender
lists us as MX host (rafal wiosna). By the same token, implement
a control to accept mail when the client hostname/parent domain
lists us as their MX host.
-with recipient delimiter enabled, append the unmatched recipient
-of @virtual.domain patterns as extension to right-hand recipient,
-for qmail-like virtual mapping.
-
received: headers should be generated by the cleanup daemon, and
client attributes ("with", "from", etc.) should be passed along
with the message. This guarantees that forwarded/aliased mail gets
stamped with the queue ID.
-trivial-rewrite etc.: after reload, close the listen socket and
-wait until all clients disconnect.
-
-In qmgr_entry.c, turn off random walk by default.
-
toss double-bounce mail even when mail for the local machine is
redirected to another box. See mail_addr_double_bounce().
-represent peer as object, not as name + addr arguments
-
-ignore sender: header when different from envelope?
-
-smtp client: optionally log every MX host contacted
-
remote showq access (cookie in maildrop or print some text to inform
the user)
multiple rewrite processes?
-log relay address in addition to host.
-
gethostbyaddr() uses native name services, which can be slow.
can we detect a client that ignores error responses?
way to block inbound mail based on recipient suffix?
-when client begins with non-SMTP data, log warning
-
-when non-SMTP follows ".", log warning.
-
-On linux syslogd needs -/file/name
-
can Postfix implement one switchboard instead of having all these
little lookup tables?
make canonical/virtual/etc. table lookup order configurable
-allow /file/name or maptype_mapname in $mydestination
-
-make protocol errors soft errore? There are a lot of broken mailers
-out there that sometimes croak and sometimes work.
-
-require @ in sender/rcpt (another restriction)
-
-figure out a way to pump recipients into qmgr before concurrency
-starts to drop.
-
pass on client etc/ attributes along with message to delivery agent
-pass on configurable info into external process environment
-
scrutinize file opens in delivery agents just like in qmgr (better:
open the file and see if someone compromised the vmailer account
and is racing against us).
-cleanup: don't run out of memory with large amounts of bcc addresses
-
-cleanup: permit non-empty extra segment, so that mail posting
-software can pass in bcc recipients.
-
suspend/resume signals + master status (suspended/running) in PID
file. Maybe use FIFO instead. But, that means requests do not
arrive when the master is stuck.
trivial-rewrite: optionally, use DNS to fully qualify hostnames.
-smtp: optionally deal with MX records containing an address instead
-of a name.
-
pickup/cleanup/qmgr/local: add options record to control internal
features such as canonical/virtual mapping, VERPs etcetera.
-smtpd: when deciding if a destination is local, also look at the
-virtual map. Perhaps we should move canonical and virtual lookups
-back into the rewrite service, but under a different name, so they
-do not get in the way if we do not want them.
-
-Queue manager: do not allocate queue slots when a destination
-already has more than some threshold. This is to prevent a dead or
-slow destination from filling up the queue manager's active queue,
-preventing delivery to other destinations. However, such `fairness'
-strategies should not cause Postfix to lose the benchmark race, so
-we must be fair and smart at the same time :-)
-
Add hook for (domain, user database) support. This is needed if
you have lots of real domains and can't afford a separate master.cf
delivery agent entry for each domain.
Add support for DBZ databases, using the code from INN. Reportedly,
GDB handles large numbers of keys poorly.
-Make the number of time bits in the queue ID configurable, or at
-least a little larger.
-
Change the front-end to cleanup protocol so that the front-end
sends the expected message size, and so that the cleanup service
can report if there is enough space. This is useful only for the
order to do this we must extract the alias_maps parameter from the
main.cf file, and create any missing files with the right ownerships.
-SunOS 5.4 sendmail seems to include the null byte in alias keys
-and values, like almost every UNIX system; SunOS 5.5 sendmail does
-not include these nulls. Need to add support for SunOS 5.4. NIS
-alias maps always include the null terminator...
-
implement the return-receipt-to notification service.
-Implement real address rewriting.
-
-default alias for mail to non-existent users. How useful is this
-when the postmaster already gets notices of mail that could not be
-delivered by the local mail system? And how do we pass around the
-original envelope recipient once it has been "aliased" to the
-address for non-existent users?
-
-owner-default alias to capture all mailing list errors. Or perhaps
-they should just set up the appropriate owner-foo aliases in their
-alias database?
-
-make mail_params module the main config interface; no calls from
-config.c to routines in mail_params.c
-
-resolve/rewrite clients should share connection
-
-postfix-script: make sure permissions of queue (and anything below)
-are sane.
-
bounce/defer: provide attribute-value interface, for better logging
(expanded-from etc.) and non-delivery reports.
-Postfix-Options: header, to turn on qmail-like VERPs. But, these
-must be accessible only for locally-posted mail (not mail that
-arrives via UUCP).
-
Maintain per-client short-term host status, so we can slow down
unreasonable clients
hosts" table & move mail from the "hold" queue for that site to
the incoming queue.
-Option to make a copy of all mail passing through the mail system.
-
-The message ID is built by concatenating the time of day in seconds
-with the queue id. We must ensure that a queue id is unique for at
-least one second, otherwise multiple messages will have the same
-message ID. Queue ids will always collide after a while. The NFS
-generation number for the queue file would be useful, but there is
-no portable interface to get it, and we cannot depend on the system
-having NFS support enabled. If a 1-microsecond resolution is
-sufficient, we could compose the queue ID from the inode number
-plus 6 decimal digits or 5 hex ones for the time in microseconds.
-Or, use a smarter encoding with more bits per character.
-
postfix-script: make sure that each queue file matches its file id
or we might lose mail.
postfix-script: do database fixups as the unprivileged user
-Put a version file in the conf directory or add option to vmail
-control command to print the version (requires vmconf tool that
-can query main.cf.).
-
Maintain a pool of pre-allocated queue files, to eliminate file
creation and deletion overhead.
You can use the virtual delivery agent for mailbox delivery of some
or all domains that are handled by a machine.
+This mechanism is different from virtual domains that are implemented
+by translating each virtual address into a real local user. For
+that, see the virtual(5) manual page.
+
This is what Andrew McNamara wrote when he made the virtual delivery
agent available.
maps, and the mailbox location map can specify either mailbox or
maildir delivery (controlled by trailing slash on mailbox name).
-The agent does not support aliases or .forwards (use the virtual
-table instead), and therefore doesn't support file or program
-aliases. This choice was made to simplify and streamline the code
-(it allowed me to dispense with 70% of local's code - mostly the
-bits that are a security headache) - if you need this functionality,
-this agent isn't for you.
+The agent does not support user+foo address extensions, aliases or
+.forward files (use the virtual table instead), and therefore
+doesn't support file or program aliases. This choice was made to
+simplify and streamline the code (it allowed me to dispense with
+70% of local's code - mostly the bits that are a security headache)
+- if you need this functionality, this agent isn't for you.
It also doesn't support writing to a common spool as root and then
chowning the mailbox to the user - I felt this functionality didn't
[End of Andrew McNamara's words]
The result is the most secure local delivery agent that you will
-find with Postfix. All deliveries are done with the privileges of
-the recipient.
+find with Postfix.
This delivery agent requires three different lookup tables in order
to define its recipients. This is because Postfix table lookups
If a recipient is not found the mail is returned to the sender.
- For security reasons, regexp maps are not allowed here.
+ For security reasons, regexp maps are not allowed here, because
+ their $1 etc. substitutions would open a security hole.
The mail administrator is expected to create and chown recipient
mailbox files or maildir directories ahead of time.
Recipients are looked up in this map to determine the UID (owner
privileges) to be used when writing to the target mailbox.
- For security reasons, regexp maps are not allowed here.
+ For security reasons, regexp maps are not allowed here, because
+ their $1 etc. substitutions would open a security hole.
virtual_gid_maps
Recipients are looked up in this map to determine the GID (group
privileges) to be used when writing to the target mailbox.
- For security reasons, regexp maps are not allowed here.
+ For security reasons, regexp maps are not allowed here, because
+ their $1 etc. substitutions would open a security hole.
virtual_mailbox_lock
==============================================================
This example does not use the Postfix local delivery agent at all.
-With this configuration Postfix does no alias expansion, no .forward
-file expansion, and no lookups of recipients in /etc/passwd.
+With this configuration Postfix does no user+foo address extension,
+no alias expansion, no .forward file expansion, and no lookups of
+recipients in /etc/passwd.
Instead of "hash" specify "dbm" or "btree", depending on your system
type. The command "postconf -m" displays possible lookup table
# a name matches a lookup key. Continue long lines by starting the
# next line with whitespace.
#
-# DO NOT LIST VIRTUAL DOMAINS HERE. LIST THEM IN THE VIRTUAL FILE
-# INSTEAD. BE SURE TO READ THE ENTIRE VIRTUAL MANUAL PAGE.
-#
#mydestination = $myhostname, localhost.$mydomain
#mydestination = $myhostname, localhost.$mydomain $mydomain
#mydestination = $myhostname, localhost.$mydomain, $mydomain,
# mail.$mydomain, www.$mydomain, ftp.$mydomain
+# RELAY CONTROL
+
+# The mynetworks parameter specifies the list of networks that make
+# up the local neighborhood. The list is used by the anti-UCE software
+# to distinguish local clients from strangers. See permit_mynetworks
+# and smtpd_recipient_restrictions in the file sample-smtpd.cf file.
+#
+# The default is a list of all networks attached to the machine: a
+# complete class A network (X.0.0.0/8), a complete class B network
+# (X.X.0.0/16), and so on.
+#
+# YOU MUST CHANGE THIS DEFAULT SETTING IF YOUR ADDRESS BLOCK IS PART
+# OF A LARGER ADDRESS RANGE THAT IS OWNED BY YOUR PROVIDER - IT WOULD
+# CAUSE POSTFIX TO RELAY MAIL FROM ALL THEIR CUSTOMERS.
+#
+# If you need stricter control than the default, specify a list of
+# network/mask patterns, where the mask specifies the number of bits
+# in the network part of a host address.
+#
+# You can also specify the absolute pathname of a pattern file instead
+# of listing the patterns here.
+#
+#mynetworks = 168.100.189.0/28, 127.0.0.0/8
+#mynetworks = $config_directory/mynetworks
+
+# The relay_domains parameter restricts what clients this mail system
+# will relay mail from, or what destinations this system will relay
+# mail to. See the smtpd_recipient_restrictions restriction in the
+# file sample-smtpd.cf for detailed information.
+#
+# By default, Postfix relays mail
+# - from "trusted" clients whose IP address matches $mynetworks,
+# - from "trusted" clients matching $relay_domains or subdomains thereof,
+# - from untrusted clients to destinations that match $relay_domains
+# or subdomains thereof, except addresses with sender-specified routing.
+# The default relay_domains value is $mydestination.
+#
+# In addition to the above, the Postfix SMTP server by default accepts mail
+# that Postfix is final destination for:
+# - destinations that match $inet_interfaces,
+# - destinations that match $mydestination
+# - destinations that match $virtual_maps.
+# These destinations do not need to be listed in $relay_domains.
+#
+# Specify a list of hosts or domains, /file/name patterns or type:name
+# lookup tables, separated by commas and/or whitespace. Continue
+# long lines by starting the next line with whitespace. A file name
+# is replaced by its contents; a type:name table is matched when a
+# (parent) domain appears as lookup key.
+#
+# NOTE: Postfix will not automatically forward mail for domains that
+# list this system as their primary or backup MX host. See the
+# permit_mx_backup restriction in the file sample-smtpd.cf.
+#
+#relay_domains = $mydestination
+
# INTERNET OR INTRANET
# The relayhost parameter specifies the default host to send mail to
#header_checks = regexp:/etc/postfix/filename
#header_checks = pcre:/etc/postfix/filename
-# The relay_domains parameter restricts what clients this mail system
-# will relay mail from, or what destinations this system will relay
-# mail to. See the smtpd_recipient_restrictions restriction in the
-# file sample-smtpd.cf.
-#
-# By default, Postfix relays mail
-# - from trusted clients whose IP address matches $mynetworks,
-# - from trusted clients matching $relay_domains or subdomains thereof,
-# - from untrusted clients to destinations that match $relay_domains
-# or subdomains thereof, except addresses with sender-specified routing.
-# The default relay_domains value is $mydestination.
-#
-# In addition to the above, the Postfix SMTP server by default accepts mail
-# that Postfix is final destination for:
-# - destinations that match $inet_interfaces,
-# - destinations that match $mydestination
-# - destinations that match $virtual_maps.
-# These destinations do not need to be listed in $relay_domains.
-#
-# Specify a list of hosts or domains, /file/name patterns or type:name
-# lookup tables, separated by commas and/or whitespace. Continue
-# long lines by starting the next line with whitespace. A file name
-# is replaced by its contents; a type:name table is matched when a
-# (parent) domain appears as lookup key.
-#
-# NOTE: Postfix will not automatically forward mail for domains that
-# list this system as their primary or backup MX host. See the
-# permit_mx_backup restriction in the file sample-smtpd.cf.
-#
-#relay_domains = $mydestination
-
-# The mynetworks parameter specifies the list of networks that are
-# local to this machine. The list is used by the anti-UCE software
-# to distinguish local clients from strangers. See permit_mynetworks
-# and smtpd_recipient_restrictions in the file sample-smtpd.cf file.
-#
-# The default is a list of all networks attached to the machine: a
-# complete class A network (X.0.0.0/8), a complete class B network
-# (X.X.0.0/16), and so on. If you want stricter control, specify a
-# list of network/mask patterns, where the mask specifies the number
-# of bits in the network part of a host address. You can also specify
-# the absolute pathname of a pattern file instead of listing the
-# patterns here.
-#
-#mynetworks = 168.100.189.0/28, 127.0.0.0/8
-#mynetworks = $config_directory/mynetworks
-
# FAST ETRN SERVICE
#
# Postfix maintains per-destination logfiles with information about
exit 1
}
$INFO refreshing the Postfix mail system
+ $command_directory/postsuper active || exit 1
kill -HUP `sed 1q pid/master.pid`
+ $command_directory/postsuper &
;;
flush)
# See if all queue files are in the right place.
- $command_directory/postsuper || exit 1
+ $command_directory/postsuper active
+ $command_directory/postsuper &
find corrupt -type f -exec $WARN damaged message: {} \;
exit 1
}
$INFO refreshing the Postfix mail system
+ $command_directory/postsuper active || exit 1
kill -HUP `sed 1q pid/master.pid`
+ $command_directory/postsuper &
;;
flush)
# See if all queue files are in the right place.
-
- $command_directory/postsuper || exit 1
+ $command_directory/postsuper active
+ $command_directory/postsuper &
find corrupt -type f -exec $WARN damaged message: {} \;
<li><a href="#sendmail_incompatibility">Sendmail incompatibility</a>
+<li><a href="#moby">Running hundreds of Postfix processes</a>
+
<li><a href="#performance">Postfix performance</a>
<li><a href="#receiving">Receiving mail via the network</a>
</ul>
+<a name="moby"><h3>Running hundreds of Postfix processes</h3>
+
+<ul>
+
+<li><a href="#moby-freebsd">Running hundreds of Postfix processes on FreeBSD</a>
+
+<li><a href="#moby-linux">Running hundreds of Postfix processes on Linux</a>
+
+</ul>
+
+
<a name="performance"><h3>Postfix performance</h3>
+<ul>
+
+<li><a href="#incoming">Too much mail in the incoming queue</a>
+
+<li><a href="#delay">Postfix responds slowly to incoming SMTP connections</a>
+
+</ul>
+
+
<ul>
<li><a href="#incoming">Too much mail in the incoming queue</a>
<p>
How to set up Postfix on the firewall machine so that it relays
-mail for <i>my.domain</i> to a gateway machine on the inside, and
-so that it refuses mail for <i>*.my.domain</i>? The problem is that
-the
standard <a href="uce.html#relay_domains">relay_domains</a>
-mail relaying restriction allows mail to <i>*.my.domain</i> when
-you specify <i>my.domain</i>.
+mail for <i>domain.com</i> to a gateway machine on the inside, and
+so that it refuses mail for <i>*.domain.com</i>? The problem is that
+the
default <a href="uce.html#relay_domains">relay_domains</a>
+mail relaying restriction allows mail to <i>*.domain.com</i> when
+you specify <i>domain.com</i>.
<p>
<ul>
-<li>Specify a null <a href="uce.html#relay_domains">relay_domains</a>
-parameter plus a <a href="transport.5.html">transport</a> table to
-route mail for <i>my.domain</i> to the inside machine:
+<li>Specify a <a href="transport.5.html">transport</a> table to
+route mail for <i>domain.com</i> to the inside machine.
+
+<p>
+
+Specify explicit settings for <a
+href="uce.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>
+and for <a href="basic.html#mynetworks">mynetworks</a> that allow
+local systems to send mail anywhere, and that allow remote systems
+to send mail only to <i>user@domain.com</i>.
<p>
<pre>
/etc/postfix/main.cf:
- mydestination = $myhostname, my.domain, localhost.my.domain
- relay_domains =
+ myorigin = domain.com
+ mydestination = domain.com
transport_maps = hash:/etc/postfix/transport
+ mynetworks = 12.34.56.0/24
+ smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination
/etc/postfix/transport:
- my.domain smtp:inside-gateway.my.domain (forwards user@domain)
- .my.domain smtp:inside-gateway.my.domain (forwards user@firewall)
+ domain.com smtp:inside-gateway.domain.com (forwards user@domain)
/etc/postfix/master.cf:
Comment out the local delivery agent
<hr>
+<a name="moby-freebsd"><h3>Running hundreds of Postfix processes on FreeBSD</h3></a>
+
+With hundreds of Postfix processes, the kernel will eventually
+run out of file handles; after that, it will run out of sockets.
+
+<p>
+
+To set kernel parameters at boot time, add the following lines to
+the <b>/boot/loader.conf</b> file (this is specific to FreeBSD 4.x):
+
+<p>
+
+<blockquote>
+<pre>
+kern.ipc.maxsockets="5000"
+kern.maxfiles="16384"
+kern.maxfilesperproc="16384"
+kern.ipc.nmbclusters="65536"
+</pre>
+</blockquote>
+
+<p>
+
+To set kernel parameters at run time execute the following commands
+as root (this is specific to FreeBSD 4.x):
+
+<p>
+
+<blockquote>
+<pre>
+# sysctl -w kern.ipc.maxsockets=5000
+# sysctl -w kern.maxfiles=16384
+# sysctl -w kern.maxfilesperproc=16384
+# sysctl -w kern.ipc.nmbclusters=65536
+</pre>
+</blockquote>
+
+<hr>
+
+<a name="moby-linux"><h3>Running hundreds of Postfix processes on Linux</h3></a>
+
+When you increase the number of Postfix processes into the hundreds,
+the kernel will eventually run out of file handles; after that it
+is likely to run out of process slots.
+
+<p>
+
+To set parameters at boot time on Linux systems that have
+<b>/etc/sysctl.conf</b>, add the following lines:
+
+<p>
+
+<blockquote>
+<pre>
+fs.file-max = 16384
+kernel.threads-max = 2048
+</pre>
+</blockquote>
+
+<p>
+
+To set kernel parameters at run time, execute the following
+commands as <b>root</b>:
+
+<p>
+
+<blockquote>
+<pre>
+# echo 16384 > /proc/sys/fs/file-max
+# echo 2048 > /proc/sys/kernel/threads-max
+</pre>
+</blockquote>
+
+<hr>
+
<a name="incoming"><h3>Too much mail in the incoming queue</h3></a>
<blockquote>
<pre>
/etc/postfix/master.cf:
- fax unix - n n - - pipe
+ fax unix - n n - 1 pipe
flags= user=fax argv=/usr/bin/faxmail -d -n ${user}
/etc/postfix/transport:
<p>
+The process limit of 1 in the <b>master.cf</b> file is necessary
+with fax software that cannot handle multiple requests at the same
+time. It won't hurt otherwise.
+
+<p>
+
The <b>fax_destination_recipient_limit</b> entry (by Simon, Mr.
Simix) is necessary with fax software that can't have more than
one destination on its command line. It won't hurt otherwise.
<p>
-Note: be sure to not advertise <b>fax.your.domain</b> in the DNS...
+Note: be sure to not advertise <b>fax.your.domain</b> in the DNS :-)
<hr>
<p>
-Do not use the above command on a running Postfix system, because
-it can delete files that belong to new mail that arrives while you
-are deleting queue files.
+Do not use the above <b>find</b> command on a running Postfix
+system, because it can delete files that belong to new mail that
+arrives while you are deleting queue files.
<hr>
specified in the Postfix <a href="transport.5.html"><b>transport</b>(5)</a> table, has the form:
<b>unix</b>:<i>pathname</i>
- Connect to the UNIX-domain server that is bound to
- the specified <i>pathname</i>. If the process runs
- chrooted, an absolute pathname is interpreted rela-
- tive to the changed root directory.
+ Connect to the local UNIX-domain server that is
+ bound to the specified <i>pathname</i>. If the process
+ runs chrooted, an absolute pathname is interpreted
+ relative to the changed root directory.
<b>inet</b>:<i>host</i>, <b>inet:</b><i>host</i>:<i>port</i> (symbolic host)
<b>inet</b>:[<i>addr</i>], <b>inet</b>:[<i>addr</i>]:<i>port</i> (numeric host)
Connect to the specified IPV4 TCP port on the spec-
- ified host. If no port is specified, connect to the
- port defined as <b>lmtp</b> in <b>services</b>(4). If no such
- service is found, the <b>lmtp</b><i>_</i><b>tcp</b><i>_</i><b>port</b> configuration
- parameter (default value of 24) will be used.
+ ified local or remote host. If no port is speci-
+ fied, connect to the port defined as <b>lmtp</b> in <b>ser-</b>
+ <b>vices</b>(4). If no such service is found, the
+ <b>lmtp</b><i>_</i><b>tcp</b><i>_</i><b>port</b> configuration parameter (default
+ value of 24) will be used.
- The LMTP client does not perform MX (mail
+ The LMTP client does not perform MX (mail
exchanger) lookups since those are defined only for
mail delivery via SMTP.
<b>SECURITY</b>
The LMTP client is moderately security-sensitive. It talks
- to LMTP servers and to DNS servers on the network. The
+ to LMTP servers and to DNS servers on the network. The
LMTP client can be run chrooted at fixed low privilege.
<b>STANDARDS</b>
<a href="http://www.faqs.org/rfcs/rfc821.html">RFC 821</a> (SMTP protocol)
<a href="http://www.faqs.org/rfcs/rfc1651.html">RFC 1651</a> (SMTP service extensions)
- <a href="http://www.faqs.org/rfcs/rfc1870.html">RFC 1870</a> (Message Size Declaration)
LMTP(8) LMTP(8)
+ <a href="http://www.faqs.org/rfcs/rfc1870.html">RFC 1870</a> (Message Size Declaration)
<a href="http://www.faqs.org/rfcs/rfc2033.html">RFC 2033</a> (LMTP protocol)
<a href="http://www.faqs.org/rfcs/rfc2197.html">RFC 2197</a> (Pipelining)
<a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a> (AUTH command)
<b>DIAGNOSTICS</b>
- Problems and transactions are logged to <b>syslogd</b>(8). Cor-
- rupted message files are marked so that the queue manager
+ Problems and transactions are logged to <b>syslogd</b>(8). Cor-
+ rupted message files are marked so that the queue manager
can move them to the <b>corrupt</b> queue for further inspection.
- Depending on the setting of the <b>notify</b><i>_</i><b>classes</b> parameter,
- the postmaster is notified of bounces, protocol problems,
+ Depending on the setting of the <b>notify</b><i>_</i><b>classes</b> parameter,
+ the postmaster is notified of bounces, protocol problems,
and of other trouble.
<b>BUGS</b>
<b>CONFIGURATION</b> <b>PARAMETERS</b>
- The following <b>main.cf</b> parameters are especially relevant
- to this program. See the Postfix <b>main.cf</b> file for syntax
- details and for default values. Use the <b>postfix</b> <b>reload</b>
+ The following <b>main.cf</b> parameters are especially relevant
+ to this program. See the Postfix <b>main.cf</b> file for syntax
+ details and for default values. Use the <b>postfix</b> <b>reload</b>
command after a configuration change.
<b>Miscellaneous</b>
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>level</b>
- Verbose logging level increment for hosts that
+ Verbose logging level increment for hosts that
match a pattern in the <b>debug</b><i>_</i><b>peer</b><i>_</i><b>list</b> parameter.
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>list</b>
- List of domain or network patterns. When a remote
- host matches a pattern, increase the verbose log-
- ging level by the amount specified in the
+ List of domain or network patterns. When a remote
+ host matches a pattern, increase the verbose log-
+ ging level by the amount specified in the
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>level</b> parameter.
<b>error</b><i>_</i><b>notice</b><i>_</i><b>recipient</b>
- Recipient of protocol/policy/resource/software
+ Recipient of protocol/policy/resource/software
error notices.
<b>notify</b><i>_</i><b>classes</b>
- When this parameter includes the <b>protocol</b> class,
- send mail to the postmaster with transcripts of
+ When this parameter includes the <b>protocol</b> class,
+ send mail to the postmaster with transcripts of
LMTP sessions with protocol errors.
<b>lmtp</b><i>_</i><b>skip</b><i>_</i><b>quit</b><i>_</i><b>response</b>
- Do not wait for the server response after sending
+ Do not wait for the server response after sending
QUIT.
<b>lmtp</b><i>_</i><b>tcp</b><i>_</i><b>port</b>
- The TCP port to be used when connecting to a LMTP
- server. Used as backup if the <b>lmtp</b> service is not
+ The TCP port to be used when connecting to a LMTP
+ server. Used as backup if the <b>lmtp</b> service is not
found in <b>services</b>(4).
<b>Authentication</b> <b>controls</b>
<b>lmtp</b><i>_</i><b>enable</b><i>_</i><b>sasl</b><i>_</i><b>auth</b>
- Enable per-session authentication as per <a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a>
- (SASL). By default, Postfix is built without SASL
- support.
+ Enable per-session authentication as per <a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a>
+ (SASL). By default, Postfix is built without SASL
LMTP(8) LMTP(8)
+ support.
+
<b>lmtp</b><i>_</i><b>sasl</b><i>_</i><b>password</b><i>_</i><b>maps</b>
Lookup tables with per-host or domain <i>name</i>:<i>password</i>
- entries. No entry for a host means no attempt to
+ entries. No entry for a host means no attempt to
authenticate.
<b>lmtp</b><i>_</i><b>sasl</b><i>_</i><b>security</b><i>_</i><b>options</b>
<b>Resource</b> <b>controls</b>
<b>lmtp</b><i>_</i><b>cache</b><i>_</i><b>connection</b>
- Should we cache the connection to the LMTP server?
- The effectiveness of cached connections will be
- determined by the number of LMTP servers in use,
- and the concurrency limit specified for the LMTP
+ Should we cache the connection to the LMTP server?
+ The effectiveness of cached connections will be
+ determined by the number of LMTP servers in use,
+ and the concurrency limit specified for the LMTP
client. Cached connections are closed under any of
the following conditions:
- <b>o</b> The LMTP client idle time limit is reached.
- This limit is specified with the Postfix
+ <b>o</b> The LMTP client idle time limit is reached.
+ This limit is specified with the Postfix
<b>max</b><i>_</i><b>idle</b> configuration parameter.
- <b>o</b> A delivery request specifies a different
+ <b>o</b> A delivery request specifies a different
destination than the one currently cached.
<b>o</b> The per-process limit on the number of
delivery requests is reached. This limit is
- specified with the Postfix <b>max</b><i>_</i><b>use</b> configu-
+ specified with the Postfix <b>max</b><i>_</i><b>use</b> configu-
ration parameter.
- <b>o</b> Upon the onset of another delivery request,
- the LMTP server associated with the current
- session does not respond to the <b>RSET</b> com-
+ <b>o</b> Upon the onset of another delivery request,
+ the LMTP server associated with the current
+ session does not respond to the <b>RSET</b> com-
mand.
<i>transport_</i><b>destination</b><i>_</i><b>concurrency</b><i>_</i><b>limit</b>
Limit the number of parallel deliveries to the same
- destination via this mail delivery transport.
- <i>transport</i> is the name of the service as specified
- in the <b>master.cf</b> file. The default limit is taken
+ destination via this mail delivery transport.
LMTP(8) LMTP(8)
- from the <b>default</b><i>_</i><b>destination</b><i>_</i><b>concurrency</b><i>_</i><b>limit</b>
+ <i>transport</i> is the name of the service as specified
+ in the <b>master.cf</b> file. The default limit is taken
+ from the <b>default</b><i>_</i><b>destination</b><i>_</i><b>concurrency</b><i>_</i><b>limit</b>
parameter.
<i>transport_</i><b>destination</b><i>_</i><b>recipient</b><i>_</i><b>limit</b>
Limit the number of recipients per message delivery
- via this mail delivery transport. <i>transport</i> is the
- name of the service as specified in the <b>master.cf</b>
- file. The default limit is taken from the
+ via this mail delivery transport. <i>transport</i> is the
+ name of the service as specified in the <b>master.cf</b>
+ file. The default limit is taken from the
<b>default</b><i>_</i><b>destination</b><i>_</i><b>recipient</b><i>_</i><b>limit</b> parameter.
- This parameter becomes significant if the LMTP
- client is used for local delivery. Some LMTP
- servers can optimize delivery of the same message
+ This parameter becomes significant if the LMTP
+ client is used for local delivery. Some LMTP
+ servers can optimize delivery of the same message
to multiple recipients. The default limit for local
mail delivery is 1.
Setting this parameter to 0 will lead to an
- unbounded number of recipients per delivery. How-
- ever, this could be risky since it may make the
- machine vulnerable to running out of resources if
- messages are encountered with an inordinate number
- of recipients. Exercise care when setting this
+ unbounded number of recipients per delivery. How-
+ ever, this could be risky since it may make the
+ machine vulnerable to running out of resources if
+ messages are encountered with an inordinate number
+ of recipients. Exercise care when setting this
parameter.
<b>Timeout</b> <b>controls</b>
- The default time unit is seconds; an explicit time unit
- can be specified by appending a one-letter suffix to the
- value: s (seconds), m (minutes), h (hours), d (days) or w
+ The default time unit is seconds; an explicit time unit
+ can be specified by appending a one-letter suffix to the
+ value: s (seconds), m (minutes), h (hours), d (days) or w
(weeks).
<b>lmtp</b><i>_</i><b>connect</b><i>_</i><b>timeout</b>
Timeout for opening a connection to the LMTP
- server. If no connection can be made within the
+ server. If no connection can be made within the
deadline, the message is deferred.
<b>lmtp</b><i>_</i><b>lhlo</b><i>_</i><b>timeout</b>
- Timeout for sending the <b>LHLO</b> command, and for
+ Timeout for sending the <b>LHLO</b> command, and for
receiving the server response.
<b>lmtp</b><i>_</i><b>mail</b><i>_</i><b>timeout</b>
- Timeout for sending the <b>MAIL</b> <b>FROM</b> command, and for
+ Timeout for sending the <b>MAIL</b> <b>FROM</b> command, and for
receiving the server response.
<b>lmtp</b><i>_</i><b>rcpt</b><i>_</i><b>timeout</b>
- Timeout for sending the <b>RCPT</b> <b>TO</b> command, and for
+ Timeout for sending the <b>RCPT</b> <b>TO</b> command, and for
receiving the server response.
<b>lmtp</b><i>_</i><b>data</b><i>_</i><b>init</b><i>_</i><b>timeout</b>
- Timeout for sending the <b>DATA</b> command, and for
+ Timeout for sending the <b>DATA</b> command, and for
receiving the server response.
- <b>lmtp</b><i>_</i><b>data</b><i>_</i><b>xfer</b><i>_</i><b>timeout</b>
- Timeout for sending the message content.
LMTP(8) LMTP(8)
+ <b>lmtp</b><i>_</i><b>data</b><i>_</i><b>xfer</b><i>_</i><b>timeout</b>
+ Timeout for sending the message content.
+
<b>lmtp</b><i>_</i><b>data</b><i>_</i><b>done</b><i>_</i><b>timeout</b>
Timeout for sending the "<b>.</b>" command, and for
- receiving the server response. When no response is
- received, a warning is logged that the mail may be
+ receiving the server response. When no response is
+ received, a warning is logged that the mail may be
delivered multiple times.
<b>lmtp</b><i>_</i><b>rset</b><i>_</i><b>timeout</b>
- Timeout for sending the <b>RSET</b> command, and for
+ Timeout for sending the <b>RSET</b> command, and for
receiving the server response.
<b>lmtp</b><i>_</i><b>quit</b><i>_</i><b>timeout</b>
- Timeout for sending the <b>QUIT</b> command, and for
+ Timeout for sending the <b>QUIT</b> command, and for
receiving the server response.
<b>SEE</b> <b>ALSO</b>
syslogd(8) system logging
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
-
-
-
5
<b>Security</b> <b>controls</b>
<b>allow</b><i>_</i><b>mail</b><i>_</i><b>to</b><i>_</i><b>commands</b>
Restrict the usage of mail delivery to external
- command.
+ command. Specify zero or more of: <b>alias</b>, <b>forward</b>,
+ <b>include</b>.
<b>allow</b><i>_</i><b>mail</b><i>_</i><b>to</b><i>_</i><b>files</b>
- Restrict the usage of mail delivery to external
- file.
+ Restrict the usage of mail delivery to external
+ file. Specify zero or more of: <b>alias</b>, <b>forward</b>,
+ <b>include</b>.
<b>command</b><i>_</i><b>expansion</b><i>_</i><b>filter</b>
What characters are allowed to appear in $name
-
-
8
RANLIB=echo
SYSLIBS="-lresolv -lsocket -lnsl"
;;
-Rhapsody.5*|Darwin.1.2*)
+Rhapsody.5*|Darwin.1.*)
SYSTYPE=RHAPSODY5
# Use the native compiler by default
: ${CC=cc}
delivery request. The destination, usually specified in the Postfix
\fBtransport\fR(5) table, has the form:
.IP \fBunix\fR:\fIpathname\fR
-Connect to the UNIX-domain server that is bound to the specified
+Connect to the local UNIX-domain server that is bound to the specified
\fIpathname\fR. If the process runs chrooted, an absolute pathname
is interpreted relative to the changed root directory.
.IP "\fBinet\fR:\fIhost\fR, \fBinet\fB:\fIhost\fR:\fIport\fR (symbolic host)"
.IP "\fBinet\fR:[\fIaddr\fR], \fBinet\fR:[\fIaddr\fR]:\fIport\fR (numeric host)"
-Connect to the specified IPV4 TCP port on the specified host. If no
-port is specified, connect to the port defined as \fBlmtp\fR in
-\fBservices\fR(4).
+Connect to the specified IPV4 TCP port on the specified local or
+remote host. If no port is specified, connect to the port defined as
+\fBlmtp\fR in \fBservices\fR(4).
If no such service is found, the \fBlmtp_tcp_port\fR configuration
parameter (default value of 24) will be used.
.fi
.IP \fBallow_mail_to_commands\fR
Restrict the usage of mail delivery to external command.
+Specify zero or more of: \fBalias\fR, \fBforward\fR, \fBinclude\fR.
.IP \fBallow_mail_to_files\fR
Restrict the usage of mail delivery to external file.
+Specify zero or more of: \fBalias\fR, \fBforward\fR, \fBinclude\fR.
.IP \fBcommand_expansion_filter\fR
What characters are allowed to appear in $name expansions of
mailbox_command. Illegal characters are replaced by underscores.
* subdirectories, and how deep the forest is.
*/
#define VAR_HASH_QUEUE_NAMES "hash_queue_names"
-#define DEF_HASH_QUEUE_NAMES "active,bounce,defer,flush"
+#define DEF_HASH_QUEUE_NAMES "incoming,active,deferred,bounce,defer,flush"
extern char *var_hash_queue_names;
#define VAR_HASH_QUEUE_DEPTH "hash_queue_depth"
#define REJECT_INVALID_HOSTNAME "reject_invalid_hostname"
#define VAR_BAD_NAME_CODE "invalid_hostname_reject_code"
-#define DEF_BAD_NAME_CODE 501
+#define DEF_BAD_NAME_CODE 501 /* SYNTAX */
extern int var_bad_name_code;
#define REJECT_UNKNOWN_HOSTNAME "reject_unknown_hostname"
#define REJECT_NON_FQDN_SENDER "reject_non_fqdn_sender"
#define REJECT_NON_FQDN_RCPT "reject_non_fqdn_recipient"
#define VAR_NON_FQDN_CODE "non_fqdn_reject_code"
-#define DEF_NON_FQDN_CODE 504
+#define DEF_NON_FQDN_CODE 504 /* POLICY */
extern int var_non_fqdn_code;
#define REJECT_UNKNOWN_SENDDOM "reject_unknown_sender_domain"
#define DEF_VIRT_GID_MAPS ""
extern char *var_virt_gid_maps;
-#define VAR_VIRT_USEDOTLOCK "virtual_usedotlock"
-#define DEF_VIRT_USEDOTLOCK 0
-extern bool var_virt_usedotlock;
-
#define VAR_VIRT_MINUID "virtual_minimum_uid"
#define DEF_VIRT_MINUID 100
extern int var_virt_minimum_uid;
* Version of this program.
*/
#define VAR_MAIL_VERSION "mail_version"
-#define DEF_MAIL_VERSION "Snapshot-20010204"
+#define DEF_MAIL_VERSION "Snapshot-20010222"
extern char *var_mail_version;
/* LICENSE
/* delivery request. The destination, usually specified in the Postfix
/* \fBtransport\fR(5) table, has the form:
/* .IP \fBunix\fR:\fIpathname\fR
-/* Connect to the UNIX-domain server that is bound to the specified
+/* Connect to the local UNIX-domain server that is bound to the specified
/* \fIpathname\fR. If the process runs chrooted, an absolute pathname
/* is interpreted relative to the changed root directory.
/* .IP "\fBinet\fR:\fIhost\fR, \fBinet\fB:\fIhost\fR:\fIport\fR (symbolic host)"
/* .IP "\fBinet\fR:[\fIaddr\fR], \fBinet\fR:[\fIaddr\fR]:\fIport\fR (numeric host)"
-/* Connect to the specified IPV4 TCP port on the specified host. If no
-/* port is specified, connect to the port defined as \fBlmtp\fR in
-/* \fBservices\fR(4).
+/* Connect to the specified IPV4 TCP port on the specified local or
+/* remote host. If no port is specified, connect to the port defined as
+/* \fBlmtp\fR in \fBservices\fR(4).
/* If no such service is found, the \fBlmtp_tcp_port\fR configuration
/* parameter (default value of 24) will be used.
/*
/* .fi
/* .IP \fBallow_mail_to_commands\fR
/* Restrict the usage of mail delivery to external command.
+/* Specify zero or more of: \fBalias\fR, \fBforward\fR, \fBinclude\fR.
/* .IP \fBallow_mail_to_files\fR
/* Restrict the usage of mail delivery to external file.
+/* Specify zero or more of: \fBalias\fR, \fBforward\fR, \fBinclude\fR.
/* .IP \fBcommand_expansion_filter\fR
/* What characters are allowed to appear in $name expansions of
/* mailbox_command. Illegal characters are replaced by underscores.
* also affects delivery to command.
*
* A file size limit protects the machine against runaway software errors.
- * It is not suitable to enfoce mail quota, because users can get around
+ * It is not suitable to enforce mail quota, because users can get around
* mail quota by delivering to /file/name or to |command.
*
* We can't have mailbox size limit smaller than the message size limit,
char *cp;
/*
- * With local delivery, the queue name is user@nexthop, so that we can
- * implement per-recipient concurrency limits. The delivery agent
- * protocol expects nexthop only.
+ * With mail transports that accept only one recipient per delivery, the
+ * queue name is user@nexthop, so that we can implement per-recipient
+ * concurrency limits. However, the delivery agent protocol expects
+ * nexthop only, so we must strip off the recipient local part.
*/
mail_print(stream, "%d %s %s %ld %ld %s %s %s %s %ld",
message->inspect_xport ? DEL_REQ_FLAG_BOUNCE : DEL_REQ_FLAG_DEFLT,
/*
* Queues are identified by the transport name and by the next-hop
- * hostname. When the destination is local (no next hop), derive the
- * queue name from the recipient name. XXX Should split the address
+ * hostname. When the delivery agent accepts only one recipient per
+ * delivery, give each recipient its own queue, so that deliveries to
+ * different recipients of the same message can happen in parallel.
+ * This also has the benefit that one bad recipient cannot interfere
+ * with deliveries to other recipients. XXX Should split the address
* on the recipient delimiter if one is defined, but doing a proper
* job requires knowledge of local aliases. Yuck! I don't want to
* duplicate delivery-agent specific knowledge in the queue manager.
* queue name. Should have separate fields for queue name and for
* destination.
*/
- if ((at = strrchr(STR(reply.recipient), '@')) == 0
- || resolve_local(at + 1)) {
- len = (at != 0 ? (at - STR(reply.recipient))
- : strlen(STR(reply.recipient)));
+ at = strrchr(STR(reply.recipient), '@');
+ len = (at ? (at - STR(reply.recipient)) : strlen(STR(reply.recipient)));
+
+ if ((transport = qmgr_transport_find(STR(reply.transport))) == 0)
+ transport = qmgr_transport_create(STR(reply.transport));
+ if (transport->recipient_limit == 1) {
VSTRING_SPACE(reply.nexthop, len + 1);
memmove(STR(reply.nexthop) + len + 1, STR(reply.nexthop),
LEN(reply.nexthop) + 1);
memcpy(STR(reply.nexthop), STR(reply.recipient), len);
STR(reply.nexthop)[len] = '@';
lowercase(STR(reply.nexthop));
+ }
- /*
- * Discard mail to the local double bounce address here, so this
- * system can run without a local delivery agent. They'd still
- * have to configure something for mail directed to the local
- * postmaster, though, but that is an RFC requirement anyway.
- */
+ /*
+ * Discard mail to the local double bounce address here, so this
+ * system can run without a local delivery agent. They'd still have
+ * to configure something for mail directed to the local postmaster,
+ * though, but that is an RFC requirement anyway.
+ */
+ if (at == 0 || resolve_local(at + 1)) {
if (strncasecmp(STR(reply.recipient), var_double_bounce_sender,
len) == 0
&& !var_double_bounce_sender[len]) {
*expand_flag |= PIPE_FLAG_EXTENSION;
else if (strcmp(vstring_str(buf), PIPE_DICT_MAILBOX) == 0)
*expand_flag |= PIPE_FLAG_MAILBOX;
- else if (strcmp(vstring_str(buf), PIPE_DICT_SIZE) == 0)
- *expand_flag |= PIPE_FLAG_SIZE;
}
return (0);
}
dict_update(PIPE_DICT_TABLE, PIPE_DICT_MAILBOX, STR(buf));
}
- /*
- * This argument contains $size.
- */
- if (expand_flag & PIPE_FLAG_SIZE) {
- vstring_sprintf(buf, "%ld", data_size);
- dict_update(PIPE_DICT_TABLE, PIPE_DICT_SIZE, STR(buf));
- }
-
/*
* Done.
*/
dict_update(PIPE_DICT_TABLE, PIPE_DICT_SENDER, request->sender);
dict_update(PIPE_DICT_TABLE, PIPE_DICT_NEXTHOP, request->nexthop);
+ buf = vstring_alloc(10);
+ vstring_sprintf(buf, "%ld", (long) request->data_size);
+ dict_update(PIPE_DICT_TABLE, PIPE_DICT_SIZE, STR(buf));
+ vstring_free(buf);
expanded_argv = expand_argv(attr.command, rcpt_list, request->data_size);
export_env = argv_split(var_export_environ, ", \t\r\n");
char *cp;
/*
- * With local delivery, the queue name is user@nexthop, so that we can
- * implement per-recipient concurrency limits. The delivery agent
- * protocol expects nexthop only.
+ * With mail transports that accept only one recipient per delivery, the
+ * queue name is user@nexthop, so that we can implement per-recipient
+ * concurrency limits. However, the delivery agent protocol expects
+ * nexthop only, so we must strip off the recipient local part.
*/
mail_print(stream, "%d %s %s %ld %ld %s %s %s %s %ld",
message->inspect_xport ? DEL_REQ_FLAG_BOUNCE : DEL_REQ_FLAG_DEFLT,
/* the queue file to the deferred queue; send bounce reports to the
/* message originator (see qmgr_active_done()).
/*
-/* qmgr_entry_select() randomly selects one entry from the named
+/* qmgr_entry_select() selects the next entry from the named
/* per-site queue's `todo' list for actual delivery. The entry is
/* moved to the queue's `busy' list: the list of messages being
/* delivered.
/*
* Queues are identified by the transport name and by the next-hop
- * hostname. When the destination is local (no next hop), derive the
- * queue name from the recipient name. XXX Should split the address
+ * hostname. When the delivery agent accepts only one recipient per
+ * delivery, give each recipient its own queue, so that deliveries to
+ * different recipients of the same message can happen in parallel.
+ * This also has the benefit that one bad recipient cannot interfere
+ * with deliveries to other recipients. XXX Should split the address
* on the recipient delimiter if one is defined, but doing a proper
* job requires knowledge of local aliases. Yuck! I don't want to
* duplicate delivery-agent specific knowledge in the queue manager.
* queue name. Should have separate fields for queue name and for
* destination.
*/
- if ((at = strrchr(STR(reply.recipient), '@')) == 0
- || resolve_local(at + 1)) {
- len = (at != 0 ? (at - STR(reply.recipient))
- : strlen(STR(reply.recipient)));
+ at = strrchr(STR(reply.recipient), '@');
+ len = (at ? (at - STR(reply.recipient)) : strlen(STR(reply.recipient)));
+
+ if ((transport = qmgr_transport_find(STR(reply.transport))) == 0)
+ transport = qmgr_transport_create(STR(reply.transport));
+ if (transport->recipient_limit == 1) {
VSTRING_SPACE(reply.nexthop, len + 1);
memmove(STR(reply.nexthop) + len + 1, STR(reply.nexthop),
LEN(reply.nexthop) + 1);
memcpy(STR(reply.nexthop), STR(reply.recipient), len);
STR(reply.nexthop)[len] = '@';
lowercase(STR(reply.nexthop));
+ }
- /*
- * Discard mail to the local double bounce address here, so this
- * system can run without a local delivery agent. They'd still
- * have to configure something for mail directed to the local
- * postmaster, though, but that is an RFC requirement anyway.
- */
+ /*
+ * Discard mail to the local double bounce address here, so this
+ * system can run without a local delivery agent. They'd still have
+ * to configure something for mail directed to the local postmaster,
+ * though, but that is an RFC requirement anyway.
+ */
+ if (at == 0 || resolve_local(at + 1)) {
if (strncasecmp(STR(reply.recipient), var_double_bounce_sender,
len) == 0
&& !var_double_bounce_sender[len]) {
stream_connect.c stream_trigger.c dict_regexp.c mac_expand.c \
clean_env.c watchdog.c spawn_command.c duplex_pipe.c sane_rename.c \
sane_link.c unescape.c timed_read.c timed_write.c dict_tcp.c \
- hex_quote.c dict_alloc.c rand_sleep.c sane_time.c dict_debug.c
+ hex_quote.c dict_alloc.c rand_sleep.c sane_time.c dict_debug.c \
+ sane_socketpair.c
OBJS = argv.o argv_split.o attr.o basename.o binhash.o chroot_uid.o \
close_on_exec.o concatenate.o dict.o dict_db.o dict_dbm.o \
dict_env.o dict_ht.o dict_ldap.o dict_mysql.o dict_ni.o dict_nis.o \
stream_connect.o stream_trigger.o dict_regexp.o mac_expand.o \
clean_env.o watchdog.o spawn_command.o duplex_pipe.o sane_rename.o \
sane_link.o unescape.o timed_read.o timed_write.o dict_tcp.o \
- hex_quote.o dict_alloc.o rand_sleep.o sane_time.o dict_debug.o
+ hex_quote.o dict_alloc.o rand_sleep.o sane_time.o dict_debug.o \
+ sane_socketpair.o
HDRS = argv.h attr.h binhash.h chroot_uid.h connect.h dict.h dict_db.h \
dict_dbm.h dict_env.h dict_ht.h dict_ldap.h dict_mysql.h \
dict_ni.h dict_nis.h dict_nisplus.h dir_forest.h events.h \
vbuf.h vbuf_print.h vstream.h vstring.h vstring_vstream.h \
dict_unix.h dict_pcre.h dict_regexp.h mac_expand.h clean_env.h \
watchdog.h spawn_command.h sane_fsops.h dict_tcp.h hex_quote.h \
- sane_time.h
+ sane_time.h sane_socketpair.h
TESTSRC = fifo_open.c fifo_rdwr_bug.c fifo_rdonly_bug.c select_bug.c \
stream_test.c dup2_pass_on_exec.c
WARN = -W -Wformat -Wimplicit -Wmissing-prototypes \
duplex_pipe.o: duplex_pipe.c
duplex_pipe.o: sys_defs.h
duplex_pipe.o: iostuff.h
+duplex_pipe.o: sane_socketpair.h
environ.o: environ.c
environ.o: sys_defs.h
events.o: events.c
sane_rename.o: sys_defs.h
sane_rename.o: msg.h
sane_rename.o: sane_fsops.h
+sane_socketpair.o: sane_socketpair.c
+sane_socketpair.o: sys_defs.h
+sane_socketpair.o: msg.h
+sane_socketpair.o: sane_socketpair.h
sane_time.o: sane_time.c
sane_time.o: sys_defs.h
sane_time.o: msg.h
/* Utility library. */
#include "iostuff.h"
+#include "sane_socketpair.h"
/* duplex_pipe - give me a duplex pipe or bust */
#ifdef HAS_DUPLEX_PIPE
return (pipe(fds));
#else
- return (socketpair(AF_UNIX, SOCK_STREAM, 0, fds));
+ return (sane_socketpair(AF_UNIX, SOCK_STREAM, 0, fds));
#endif
}
--- /dev/null
+/*++
+/* NAME
+/* sane_socketpair 3
+/* SUMMARY
+/* sanitize socketpair() error returns
+/* SYNOPSIS
+/* #include <sane_socketpair.h>
+/*
+/* int sane_socketpair(domain, type, protocol, result)
+/* int domain;
+/* int type;
+/* int protocol;
+/* int *result;
+/* DESCRIPTION
+/* sane_socketpair() implements the socketpair(2) socket call, and
+/* skips over silly error results such as EINTR.
+/* BUGS
+/* Bizarre systems may have other harmless error results. Such
+/* systems encourage programers to ignore error results, and
+/* penalizes programmers who code defensively.
+/* LICENSE
+/* .ad
+/* .fi
+/* The Secure Mailer license must be distributed with this software.
+/* AUTHOR(S)
+/* Wietse Venema
+/* IBM T.J. Watson Research
+/* P.O. Box 704
+/* Yorktown Heights, NY 10598, USA
+/*--*/
+
+/* System library. */
+
+#include "sys_defs.h"
+#include <sys/socket.h>
+#include <unistd.h>
+#include <errno.h>
+
+/* Utility library. */
+
+#include "msg.h"
+#include "sane_socketpair.h"
+
+/* sane_socketpair - sanitize socketpair() error returns */
+
+int sane_socketpair(int domain, int type, int protocol, int *result)
+{
+ static int socketpair_ok_errors[] = {
+ EINTR,
+ 0,
+ };
+ int count;
+ int err;
+ int ret;
+
+ /*
+ * Solaris socketpair() can fail with EINTR.
+ */
+ while ((ret = socketpair(domain, type, protocol, result)) < 0) {
+ for (count = 0; /* void */ ; count++) {
+ if ((err = socketpair_ok_errors[count]) == 0)
+ return (ret);
+ if (errno == err) {
+ msg_warn("socketpair: %m (trying again)");
+ sleep(1);
+ break;
+ }
+ }
+ }
+ return (ret);
+}
--- /dev/null
+#ifndef _SANE_SOCKETPAIR_H_
+#define _SANE_SOCKETPAIR_H_
+
+/*++
+/* NAME
+/* sane_socketpair 3h
+/* SUMMARY
+/* sanitize socketpair() error returns
+/* SYNOPSIS
+/* #include <sane_socketpair.h>
+/* DESCRIPTION
+/* .nf
+
+ /* External interface. */
+
+extern int sane_socketpair(int, int, int, int *);
+
+/* LICENSE
+/* .ad
+/* .fi
+/* The Secure Mailer license must be distributed with this software.
+/* AUTHOR(S)
+/* Wietse Venema
+/* IBM T.J. Watson Research
+/* P.O. Box 704
+/* Yorktown Heights, NY 10598, USA
+/*--*/
+
+#endif
projects / thirdparty / postfix.git / commitdiff
