McNamara. See VIRTUAL_README for detailed examples.
Update: merged a re-vamped nqmgr by Patrik Rak.
+
+20010129
+
+ Tweak: several little nqmgr tweaks by Patrik Rak. Files:
+ global/mail_params.h, nqmgr/qmgr_job.c.
+
+ Bugfix: the virtual delivery agent did not save maps_find()
+ results timely. J?rgen Thomsen, postfix.jth.net. File:
+ virtual/mailbox.c.
+
+ Security: disallow regexp tables in the virtual delivery
+ agent. The $1 etc. substitution mechanism gives too much
+ power to the sender. File: virtual/mailbox.c.
+
+ Cleanup: clarified documentation and boundary cases in the
+ random_sleep() routine.
+
+ Bugfix: the MISSING_USLEEP feature was used backwards.
+ Patrik Rak. File: util/random_sleep.c.
Postfix LMTP support is based on a modified version of the Postfix
SMTP client. The initial version was by Philip A. Prindeville of
Mirapoint, Inc., USA. This code was modified further by Amos Gouaux
-of University of Texas at Dallas, Richardson, USA. Wietse Venema
-reduced the code to its present shape.
+of University of Texas at Dallas, Richardson, USA, who also revised
+much of the documentation. Wietse Venema reduced the code to its
+present shape.
Overview
This is the simplest LMTP configuration.
-1. LMTP over UNIX-domain sockets.
+1. Delivery mechanisms
- The UNIX-domain socket is specified as a name in the local file
- system. This "/path/name" should be the socket created by the
- LMTP server on the local machine. See the specific examples
- later in this document.
+ Postfix supports three mechanisms to deliver mail over LMTP.
+ Each method can use UNIX-domain or TCP sockets as described in
+ a later section.
+
+ mailbox_transport = lmtp:unix:/path/name (UNIX-domain socket)
+ mailbox_transport = lmtp:hostname:port (TCP socket)
- The settings local_transport, mailbox_transport, and
- fallback_transport support the following connections:
+ The Postfix local delivery agent expands aliases and .forward
+ files, and delegates mailbox delivery to the LMTP server.
- mailbox_transport = lmtp:unix:/path/name
+ local_transport = lmtp:unix:/path/name (UNIX-domain socket)
+ local_transport = lmtp:hostname:port (TCP socket)
- The Postfix local delivery agent expands aliases and .forward
- files, and delegates mailbox delivery to the LMTP server.
+ Mail that resolves as local is directly given to the LMTP
+ server. The mail is not processed by the Postfix local
+ delivery agent; therefore aliases and .forward files are
+ not expanded.
- local_transport = lmtp:unix:/path/name
+ fallback_transport = lmtp:unix:/path/name (UNIX-domain socket)
+ fallback_transport = lmtp:hostname:port (TCP socket)
- Mail that resolves as local is directly given to the LMTP server.
- The mail is not processed by the Postfix local delivery agent;
- therefore aliases and .forward files are not expanded.
+ The Postfix local delivery agent expands aliases and .forward
+ files, and delivers to /var[/spool]/mail/$user for users
+ that have a UNIX account. Mail for other local users is
+ delegated to the LMTP server.
- fallback_transport = lmtp:unix:/path/name
+2. LMTP over UNIX-domain sockets.
- The Postfix local delivery agent expands aliases and .forward files,
- and delivers to /var/mail/$user for users that have a UNIX account.
- Mail for other local users is delegated to the LMTP server.
+ The UNIX-domain socket is specified as a name in the local file
+ system. This "/path/name" should be the socket created by the
+ LMTP server on the local machine. See the specific examples
+ later in this document.
NOTE:
With LMTP delivery to the local machine there is no good
reason to run the Postfix LMTP client chrooted.
-2. LMTP over TCP sockets.
+3. LMTP over TCP sockets.
Currently the default TCP port number for this type of connection
is 24, but this can be customized in the "/etc/services" file.
Specific examples are given later in this document.
- The settings local_transport, mailbox_transport, and
- fallback_transport support the following connections:
-
- mailbox_transport = lmtp:hostname:port
- local_transport = lmtp:hostname:port
- fallback_transport = lmtp:hostname:port
-
- See the previous section for a discussion of the differences
- between these three delivery methods.
-
NOTE:
With connections over TCP sockets, later Cyrus implementations
VIRTUAL_README for detailed examples. This code is still new. Once
it stops changing it will become part of the non-beta release.
-Many "valid_hostname" warnings were either eliminated, and the rest
-was replaced by something more informative.
+Many "valid_hostname" warnings were eliminated, and the rest was
+replaced by something more informative.
SASL support (RFC 2554) for the LMTP delivery agent. This is required
by recent Cyrus implementations when delivering mail over TCP
If a recipient is not found the mail is returned to the sender.
+ For security reasons, regexp maps are not allowed here.
+
The mail administrator is expected to create and chown recipient
mailbox files or maildir directories ahead of time.
Recipients are looked up in this map to determine the UID (owner
privileges) to be used when writing to the target mailbox.
+ For security reasons, regexp maps are not allowed here.
+
virtual_gid_maps
Recipients are looked up in this map to determine the GID (group
privileges) to be used when writing to the target mailbox.
+ For security reasons, regexp maps are not allowed here.
+
virtual_mailbox_lock
This setting is ignored in case of maildir delivery.
fallback_transport =
#
-# RATE CONTROLS
+# RESOURCE CONTROLS
#
# The local_destination_concurrency_limit parameter limits the number
#
local_destination_concurrency_limit = 2
+# The mailbox_size_limit parameter controls the maximal size of a
+# mailbox or maildir file (in fact, it limits the size of any file
+# that is written to upon local delivery) The default is 20MBytes.
+# This limit must not be set smaller than the message size limit.
+#
+mailbox_size_limit = 20480000
+
# The local_destination_recipient_limit parameter limits the number
# of recipients per local message delivery. The default limit is
# taken from the default_destination_recipient_limit parameter.
ery. The default limit is taken from the
<b>default</b><i>_</i><b>destination</b><i>_</i><b>recipient</b><i>_</i><b>limit</b> parameter.
-<b>Security</b> <b>controls</b>
- <b>allow</b><i>_</i><b>mail</b><i>_</i><b>to</b><i>_</i><b>commands</b>
- Restrict the usage of mail delivery to external
- command.
+ <b>mailbox</b><i>_</i><b>size</b><i>_</i><b>limit</b>
+ Limit the size of a mailbox etc. file (any file
+ that is written to upon delivery).
+<b>Security</b> <b>controls</b>
LOCAL(8) LOCAL(8)
- <b>allow</b><i>_</i><b>mail</b><i>_</i><b>to</b><i>_</i><b>files</b>
+ <b>allow</b><i>_</i><b>mail</b><i>_</i><b>to</b><i>_</i><b>commands</b>
Restrict the usage of mail delivery to external
+ command.
+
+ <b>allow</b><i>_</i><b>mail</b><i>_</i><b>to</b><i>_</i><b>files</b>
+ Restrict the usage of mail delivery to external
file.
<b>command</b><i>_</i><b>expansion</b><i>_</i><b>filter</b>
- What characters are allowed to appear in $name
- expansions of mailbox_command. Illegal characters
+ What characters are allowed to appear in $name
+ expansions of mailbox_command. Illegal characters
are replaced by underscores.
<b>default</b><i>_</i><b>privs</b>
- Default rights for delivery to external file or
+ Default rights for delivery to external file or
command.
<b>forward</b><i>_</i><b>expansion</b><i>_</i><b>filter</b>
- What characters are allowed to appear in $name
- expansions of forward_path. Illegal characters are
+ What characters are allowed to appear in $name
+ expansions of forward_path. Illegal characters are
replaced by underscores.
<b>HISTORY</b>
- The <b>Delivered-To:</b> header appears in the <b>qmail</b> system by
+ The <b>Delivered-To:</b> header appears in the <b>qmail</b> system by
Daniel Bernstein.
- The <i>maildir</i> structure appears in the <b>qmail</b> system by
+ The <i>maildir</i> structure appears in the <b>qmail</b> system by
Daniel Bernstein.
<b>SEE</b> <b>ALSO</b>
<a href="qmgr.8.html">qmgr(8)</a> queue manager
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
-
-
-
-
8
boxes. While it could be set to "/", this setting
isn't recommended.
- <b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>maps</b>
+ <b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>maps</b> (regexp maps disallowed)
Recipients are looked up in these maps to determine
the path to their mailbox or maildir. If the
returned path ends in a slash ("/"), maildir-style
this will be rejected, and the message will be
deferred.
- <b>virtual</b><i>_</i><b>uid</b><i>_</i><b>maps</b>
+ <b>virtual</b><i>_</i><b>uid</b><i>_</i><b>maps</b> (regexp maps disallowed)
Recipients are looked up in these maps to determine
the user ID to be used when writing to the target
mailbox.
- <b>virtual</b><i>_</i><b>gid</b><i>_</i><b>maps</b>
+ <b>virtual</b><i>_</i><b>gid</b><i>_</i><b>maps</b> (regexp maps disallowed)
Recipients are looked up in these maps to determine
the group ID to be used when writing to the target
mailbox.
Limit the number of recipients per message delivery.
The default limit is taken from the
\fBdefault_destination_recipient_limit\fR parameter.
+.IP \fBmailbox_size_limit\fR
+Limit the size of a mailbox etc. file (any file that is
+written to upon delivery).
.SH "Security controls"
.ad
.fi
This is a safety measure to ensure that an out of control map in
\fBvirtual_mailbox_maps\fR doesn't litter the filesystem with mailboxes.
While it could be set to "/", this setting isn't recommended.
-.IP \fBvirtual_mailbox_maps\fR
+.IP "\fBvirtual_mailbox_maps\fR (regexp maps disallowed)"
Recipients are looked up in these maps to determine the path to
their mailbox or maildir. If the returned path ends in a slash
("/"), maildir-style delivery is carried out, otherwise the
a \fBvirtual_owner_maps\fR or \fBvirtual_uid_maps\fR lookup.
Returned values less than this will be rejected, and the message
will be deferred.
-.IP \fBvirtual_uid_maps\fR
+.IP "\fBvirtual_uid_maps\fR (regexp maps disallowed)"
Recipients are looked up in these maps to determine the user ID to be
used when writing to the target mailbox.
-.IP \fBvirtual_gid_maps\fR
+.IP "\fBvirtual_gid_maps\fR (regexp maps disallowed)"
Recipients are looked up in these maps to determine the group ID to be
used when writing to the target mailbox.
.SH "Locking controls"
*/
#define VAR_DELIVERY_SLOT_COST "default_delivery_slot_cost"
#define _DELIVERY_SLOT_COST "_delivery_slot_cost"
-#define DEF_DELIVERY_SLOT_COST 10
+#define DEF_DELIVERY_SLOT_COST 5
extern int var_delivery_slot_cost;
#define VAR_DELIVERY_SLOT_LOAN "default_delivery_slot_loan"
#define _DELIVERY_SLOT_LOAN "_delivery_slot_loan"
-#define DEF_DELIVERY_SLOT_LOAN 5
+#define DEF_DELIVERY_SLOT_LOAN 3
extern int var_delivery_slot_loan;
#define VAR_DELIVERY_SLOT_DISCOUNT "default_delivery_slot_discount"
* Version of this program.
*/
#define VAR_MAIL_VERSION "mail_version"
-#define DEF_MAIL_VERSION "Snapshot-20010128"
+#define DEF_MAIL_VERSION "Snapshot-20010129"
extern char *var_mail_version;
/* LICENSE
/* Limit the number of recipients per message delivery.
/* The default limit is taken from the
/* \fBdefault_destination_recipient_limit\fR parameter.
+/* .IP \fBmailbox_size_limit\fR
+/* Limit the size of a mailbox etc. file (any file that is
+/* written to upon delivery).
/* .SH "Security controls"
/* .ad
/* .fi
QMGR_TRANSPORT *transport = current->transport;
QMGR_JOB *job,
*best_job = 0;
- float score,
+ double score,
best_score = 0.0;
int max_slots,
max_needed_entries,
max_needed_entries = max_total_entries - job->selected_entries;
delay = now - job->message->queued_time + 1;
if (max_needed_entries > 0 && max_needed_entries <= max_slots) {
- score = (float) delay / max_total_entries;
+ score = (double) delay / max_total_entries;
if (score > best_score) {
best_score = score;
best_job = job;
/* unsigned delay;
/* unsigned variation;
/* DESCRIPTION
-/* rand_sleep() blocks the current process for a pseudo-random
-/* amount of time.
+/* rand_sleep() blocks the current process for an amount of time
+/* pseudo-randomly chosen from the interval (delay += variation/2).
/*
/* Arguments:
/* .IP delay
/* Time to sleep in microseconds.
/* .IP variation
-/* Sleep time variation in microseconds; must be smaller than
-/* the time to sleep.
+/* Variation in microseconds; must not be larger than delay.
/* DIAGNOSTICS
/* Panic: interface violation. All system call errors are fatal.
/* LICENSE
*/
if (delay == 0)
msg_panic("%s: bad delay %d", myname, delay);
- if (variation >= delay)
+ if (variation > delay)
msg_panic("%s: bad variation %d", myname, variation);
/*
* Use the semi-crappy random number generator.
*/
if (my_pid == 0)
- srandom(my_pid = getpid() ^ time((time_t *) 0));
+ srandom(my_pid = (getpid() ^ time((time_t *) 0)));
usec = (delay - variation / 2) + variation * (double) random() / RAND_MAX;
#ifdef MISSING_USLEEP
+ doze(usec);
+#else
if (usleep(usec) < 0)
msg_fatal("usleep: %m");
-#else
- doze(usec);
#endif
}
* Look up the mailbox location. Bounce if not found, defer in case of
* trouble.
*/
- mailbox_res = maps_find(virtual_mailbox_maps, state.msg_attr.user, 0);
+ mailbox_res = maps_find(virtual_mailbox_maps, state.msg_attr.user,
+ DICT_FLAG_FIXED);
if (mailbox_res == 0) {
if (dict_errno == 0)
return (NO);
virtual_mailbox_maps->title, state.msg_attr.user);
return (YES);
}
+ usr_attr.mailbox = concatenate(var_virt_mailbox_base, "/",
+ mailbox_res, (char *) 0);
+
+#define RETURN(res) { myfree(usr_attr.mailbox); return (res); }
/*
* Look up the mailbox owner rights. Defer in case of trouble.
*/
- if ((uid_res = maps_find(virtual_uid_maps, state.msg_attr.user, 0)) == 0) {
+ if ((uid_res = maps_find(virtual_uid_maps, state.msg_attr.user,
+ DICT_FLAG_FIXED)) == 0) {
*statusp = defer_append(BOUNCE_FLAG_KEEP, BOUNCE_ATTR(state.msg_attr),
"recipient %s: uid not found in %s",
state.msg_attr.user, virtual_uid_maps->title);
- return (YES);
+ RETURN(YES);
}
if ((n = atol(uid_res)) < var_virt_minimum_uid) {
*statusp = defer_append(BOUNCE_FLAG_KEEP, BOUNCE_ATTR(state.msg_attr),
"recipient %s: bad uid %s in %s",
state.msg_attr.user, uid_res, virtual_uid_maps->title);
- return (YES);
+ RETURN(YES);
}
usr_attr.uid = (uid_t) n;
/*
* Look up the mailbox group rights. Defer in case of trouble.
*/
- if ((gid_res = maps_find(virtual_gid_maps, state.msg_attr.user, 0)) == 0) {
+ if ((gid_res = maps_find(virtual_gid_maps, state.msg_attr.user,
+ DICT_FLAG_FIXED)) == 0) {
*statusp = defer_append(BOUNCE_FLAG_KEEP, BOUNCE_ATTR(state.msg_attr),
"recipient %s: gid not found in %s",
state.msg_attr.user, virtual_gid_maps->title);
- return (YES);
+ RETURN(YES);
}
if ((n = atol(gid_res)) <= 0) {
*statusp = defer_append(BOUNCE_FLAG_KEEP, BOUNCE_ATTR(state.msg_attr),
"recipient %s: bad gid %s in %s",
state.msg_attr.user, gid_res, virtual_gid_maps->title);
- return (YES);
+ RETURN(YES);
}
usr_attr.gid = (gid_t) n;
- /*
- * No early returns or we have a memory leak.
- */
- usr_attr.mailbox = concatenate(var_virt_mailbox_base, "/",
- mailbox_res, (char *) 0);
if (msg_verbose)
msg_info("%s[%d]: set user_attr: %s, uid = %d, gid = %d",
myname, state.level,
/*
* Cleanup.
*/
- myfree(usr_attr.mailbox);
- return (YES);
+ RETURN(YES);
}
/* This is a safety measure to ensure that an out of control map in
/* \fBvirtual_mailbox_maps\fR doesn't litter the filesystem with mailboxes.
/* While it could be set to "/", this setting isn't recommended.
-/* .IP \fBvirtual_mailbox_maps\fR
+/* .IP "\fBvirtual_mailbox_maps\fR (regexp maps disallowed)"
/* Recipients are looked up in these maps to determine the path to
/* their mailbox or maildir. If the returned path ends in a slash
/* ("/"), maildir-style delivery is carried out, otherwise the
/* a \fBvirtual_owner_maps\fR or \fBvirtual_uid_maps\fR lookup.
/* Returned values less than this will be rejected, and the message
/* will be deferred.
-/* .IP \fBvirtual_uid_maps\fR
+/* .IP "\fBvirtual_uid_maps\fR (regexp maps disallowed)"
/* Recipients are looked up in these maps to determine the user ID to be
/* used when writing to the target mailbox.
-/* .IP \fBvirtual_gid_maps\fR
+/* .IP "\fBvirtual_gid_maps\fR (regexp maps disallowed)"
/* Recipients are looked up in these maps to determine the group ID to be
/* used when writing to the target mailbox.
/* .SH "Locking controls"
projects / thirdparty / postfix.git / commitdiff
