control, based on code by Victor Duchovni. File:
smtpd/smtpd_check.c and documentation.
- Sanity check: don't allow unlimited message size with
- limited mailbox size. File: local/local.c, virtual/virtual.c.
+ Safety: don't allow unlimited message size with limited
+ mailbox size. File: local/local.c, virtual/virtual.c.
+
+ Feature: new smtpd policy attributes ccert_subject,
+ ccert_issuer and ccert_fingerprint, with TLS client
+ certificate information, but only when verification was
+ successful. Files: src/smtpd/smtpd_check.c.
+
+ Cleanup: corrected the address verification data flow in
+ the ADDRESS_VERIFICATION_README illustration.
+
+20050209
+
+ Cleanup: the smtp generics mapping did syntax check on the
+ input address instead of the result. These tests were not
+ going to be useful in any case, because mail_addr_map()
+ canonicalizes the lookup result, including @dom1->@dom2
+ mapping. File: smtp_map11.c.
+
+ Cleanup: made the generics mapping documentation consistent
+ with the implementation.
+
+ Cleanup: documented the myorigin/mydomain address rewriting
+ in canonical, generics and virtual alias maps.
Open problems:
Med: disable address rewriting after XCLIENT? Introduce a
better concept of original submission?
- Med: find out what TLS attributes to export via the policy
- servicer hooks: peer CN, issuer CN, peer fingerprint,
- verification status.
-
Med: smtp_connect_timeout_budget (default: 3x smtp_connect_timeout)
to limit the total time spent trying to connect.
normal mail, except that they are never delivered, deferred or bounced; probe
messages are always discarded.
- Postfix Postfix Address
- Internet -> SMTP <-> verify <-> verification
- server server database
-
- | ^
- probe delivery
- messages status
- v |
-
- Postfix Postfix
- queue -> delivery
- agents
+ Postfix Postfix Address
+ Internet -> SMTP <-> verify <-> verification
+ server server database
+
+ | ^
+ probe delivery
+ messages status
+ v |
+
+ Postfix Postfix
+ queue -> delivery
+ agents
With Postfix address verification turned on, normal mail will suffer only a
short delay of up to 6 seconds while an address is being verified for the first
sasl_method=plain
sasl_username=you
sasl_sender=
+ ccert_subject=solaris9.porcupine.org
+ ccert_issuer=Wietse Venema
+ ccert_fingerprint=C2:9D:F4:87:71:73:73:D9:18:E7:C2:F3:C1:DA:6E:04
size=12345
[empty line]
Postfix 2.2 and later, it specifies the actual message size when the client
sends the END-OF-DATA command.
+ * The "sasl_*" attributes specify information about how the client was
+ authenticated via SASL.
+
The following is specific to SMTPD delegated policy requests:
* Protocol names are ESMTP or SMTP.
VRFY or ETRN; these are the SMTP protocol states where the Postfix SMTP
server makes an OK/REJECT/HOLD/etc. decision.
- * The SASL attributes are sent only when SASL support is built into Postfix.
+ * The "ccert_*" attributes specify information from the client TLS
+ certificate. This information is presented only if the client certificate
+ was successfully verified.
The policy server replies with any action that is allowed in a Postfix SMTPD
access(5) table. Example:
* Delivering some but not all accounts locally
* Running Postfix behind a firewall
- * Configuring Postfix as MX host for a remote site
+ * Configuring Postfix as primary or backup MX host for a remote site
* Postfix on a dialup machine
* Postfix on hosts without a real Internet hostname
Execute the command "p\bpo\bos\bst\btm\bma\bap\bp /\b/e\bet\btc\bc/\b/p\bpo\bos\bst\btf\bfi\bix\bx/\b/t\btr\bra\ban\bns\bsp\bpo\bor\brt\bt" whenever you edit the
transport table.
-C\bCo\bon\bnf\bfi\big\bgu\bur\bri\bin\bng\bg P\bPo\bos\bst\btf\bfi\bix\bx a\bas\bs M\bMX\bX h\bho\bos\bst\bt f\bfo\bor\br a\ba r\bre\bem\bmo\bot\bte\be s\bsi\bit\bte\be
+C\bCo\bon\bnf\bfi\big\bgu\bur\bri\bin\bng\bg P\bPo\bos\bst\btf\bfi\bix\bx a\bas\bs p\bpr\bri\bim\bma\bar\bry\by o\bor\br b\bba\bac\bck\bku\bup\bp M\bMX\bX h\bho\bos\bst\bt f\bfo\bor\br a\ba r\bre\bem\bmo\bot\bte\be s\bsi\bit\bte\be
This section presents additional configuration. You need to combine this with
basic configuration information as discussed the first half of this document.
and change the patchlevel and the release date. Patches are never
issued for snapshot releases.
+Major changes with snapshot Postfix-2.2-20050209
+================================================
+
+The policy delegation protocol now supplies TLS client certificate
+information after successful verification. The new attribute names
+are ccert_subject, ccert_issuer and cccert_fingerprint.
+
Major changes with snapshot Postfix-2.2-20050208
================================================
# Replace other addresses in domain by address. This
# form has the lowest precedence.
#
-# In all the above forms, when address has the form @other-
-# domain, the result is the same user in otherdomain.
+# RESULT ADDRESS REWRITING
+# The lookup result is subject to address rewriting:
+#
+# o When the result has the form @otherdomain, the
+# result becomes the same user in otherdomain.
+#
+# o The result is rewritten as specified with
+# append_at_myorigin or with append_dot_mydomain.
#
# ADDRESS EXTENSION
# When a mail address localpart contains the optional recip-
-# ient delimiter (e.g., user+foo@domain), the lookup order
+# ient delimiter (e.g., user+foo@domain), the lookup order
# becomes: user+foo@domain, user@domain, user+foo, user, and
# @domain.
#
-# The propagate_unmatched_extensions parameter controls
-# whether an unmatched address extension (+foo) is propa-
+# The propagate_unmatched_extensions parameter controls
+# whether an unmatched address extension (+foo) is propa-
# gated to the result of table lookup.
#
# REGULAR EXPRESSION TABLES
-# This section describes how the table lookups change when
+# This section describes how the table lookups change when
# the table is given in the form of regular expressions. For
-# a description of regular expression lookup table syntax,
+# a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5).
#
-# Each pattern is a regular expression that is applied to
+# Each pattern is a regular expression that is applied to
# the entire address being looked up. Thus, user@domain mail
-# addresses are not broken up into their user and @domain
+# addresses are not broken up into their user and @domain
# constituent parts, nor is user+foo broken up into user and
# foo.
#
-# Patterns are applied in the order as specified in the
-# table, until a pattern is found that matches the search
+# Patterns are applied in the order as specified in the
+# table, until a pattern is found that matches the search
# string.
#
-# Results are the same as with indexed file lookups, with
-# the additional feature that parenthesized substrings from
+# Results are the same as with indexed file lookups, with
+# the additional feature that parenthesized substrings from
# the pattern can be interpolated as $1, $2 and so on.
#
# TCP-BASED TABLES
-# This section describes how the table lookups change when
+# This section describes how the table lookups change when
# lookups are directed to a TCP-based server. For a descrip-
-# tion of the TCP client/server lookup protocol, see
-# tcp_table(5). This feature is not available up to and
+# tion of the TCP client/server lookup protocol, see
+# tcp_table(5). This feature is not available up to and
# including Postfix version 2.2.
#
# Each lookup operation uses the entire address once. Thus,
-# user@domain mail addresses are not broken up into their
+# user@domain mail addresses are not broken up into their
# user and @domain constituent parts, nor is user+foo broken
# up into user and foo.
#
# Results are the same as with indexed file lookups.
#
# BUGS
-# The table format does not understand quoting conventions.
+# The table format does not understand quoting conventions.
#
# CONFIGURATION PARAMETERS
-# The following main.cf parameters are especially relevant.
-# The text below provides only a parameter summary. See
+# The following main.cf parameters are especially relevant.
+# The text below provides only a parameter summary. See
# postconf(5) for more details including examples.
#
# canonical_classes
-# What addresses are subject to canonical address
+# What addresses are subject to canonical address
# mapping.
#
# canonical_maps
# header sender addresses.
#
# propagate_unmatched_extensions
-# A list of address rewriting or forwarding mecha-
-# nisms that propagate an address extension from the
-# original address to the result. Specify zero or
-# more of canonical, virtual, alias, forward,
+# A list of address rewriting or forwarding mecha-
+# nisms that propagate an address extension from the
+# original address to the result. Specify zero or
+# more of canonical, virtual, alias, forward,
# include, or generics.
#
# Other parameters of interest:
#
+# append_at_myorigin
+# Do or don't append "@$myorigin" to addresses with-
+# out domain. This must be turned on in Postfix.
+#
+# append_dot_mydomain
+# Do or don't append ".$mydomain" to addresses with-
+# out "." on the right-hand side of the @.
+#
# inet_interfaces
-# The network interface addresses that this system
+# The network interface addresses that this system
# receives mail on. You need to stop and start Post-
# fix when this parameter changes.
#
# tor.
#
# masquerade_classes
-# List of address classes subject to masquerading:
-# zero or more of envelope_sender, envelope_recipi-
+# List of address classes subject to masquerading:
+# zero or more of envelope_sender, envelope_recipi-
# ent, header_sender, header_recipient.
#
# masquerade_domains
-# List of domains that hide their subdomain struc-
+# List of domains that hide their subdomain struc-
# ture.
#
# masquerade_exceptions
-# List of user names that are not subject to address
+# List of user names that are not subject to address
# masquerading.
#
# mydestination
-# List of domains that this mail system considers
+# List of domains that this mail system considers
# local.
#
# myorigin
# virtual(5), virtual aliasing
#
# README FILES
-# Use "postconf readme_directory" or "postconf html_direc-
+# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
# DATABASE_README, Postfix lookup table overview
# ADDRESS_REWRITING_README, address rewriting guide
#
# LICENSE
-# The Secure Mailer license must be distributed with this
+# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)
# Replace other addresses in domain by address. This
# form has the lowest precedence.
#
-# In all the above forms, the result address must have the
-# form username@domainname.
+# RESULT ADDRESS REWRITING
+# The lookup result is subject to address rewriting:
+#
+# o When the result has the form @otherdomain, the
+# result becomes the same user in otherdomain.
+#
+# o The result is rewritten as specified with
+# append_at_myorigin or with append_dot_mydomain.
#
# ADDRESS EXTENSION
# When a mail address localpart contains the optional recip-
-# ient delimiter (e.g., user+foo@domain), the lookup order
+# ient delimiter (e.g., user+foo@domain), the lookup order
# becomes: user+foo@domain, user@domain, user+foo, user, and
# @domain.
#
-# The propagate_unmatched_extensions parameter controls
-# whether an unmatched address extension (+foo) is propa-
+# The propagate_unmatched_extensions parameter controls
+# whether an unmatched address extension (+foo) is propa-
# gated to the result of table lookup.
#
# REGULAR EXPRESSION TABLES
-# This section describes how the table lookups change when
+# This section describes how the table lookups change when
# the table is given in the form of regular expressions. For
-# a description of regular expression lookup table syntax,
+# a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5).
#
-# Each pattern is a regular expression that is applied to
+# Each pattern is a regular expression that is applied to
# the entire address being looked up. Thus, user@domain mail
-# addresses are not broken up into their user and @domain
+# addresses are not broken up into their user and @domain
# constituent parts, nor is user+foo broken up into user and
# foo.
#
-# Patterns are applied in the order as specified in the
-# table, until a pattern is found that matches the search
+# Patterns are applied in the order as specified in the
+# table, until a pattern is found that matches the search
# string.
#
-# Results are the same as with indexed file lookups, with
-# the additional feature that parenthesized substrings from
+# Results are the same as with indexed file lookups, with
+# the additional feature that parenthesized substrings from
# the pattern can be interpolated as $1, $2 and so on.
#
# TCP-BASED TABLES
-# This section describes how the table lookups change when
+# This section describes how the table lookups change when
# lookups are directed to a TCP-based server. For a descrip-
-# tion of the TCP client/server lookup protocol, see
-# tcp_table(5). This feature is not available up to and
+# tion of the TCP client/server lookup protocol, see
+# tcp_table(5). This feature is not available up to and
# including Postfix version 2.2.
#
# Each lookup operation uses the entire address once. Thus,
-# user@domain mail addresses are not broken up into their
+# user@domain mail addresses are not broken up into their
# user and @domain constituent parts, nor is user+foo broken
# up into user and foo.
#
# Results are the same as with indexed file lookups.
#
# EXAMPLE
-# The following shows a generic mapping with an indexed
-# file. When mail is sent to a remote host via SMTP, this
-# replaces his@localdomain.local by his ISP mail address,
-# replaces her@localdomain.local by her ISP mail address,
-# and replaces other local addresses by his ISP account,
-# with an address extension of +local (this example assumes
+# The following shows a generic mapping with an indexed
+# file. When mail is sent to a remote host via SMTP, this
+# replaces his@localdomain.local by his ISP mail address,
+# replaces her@localdomain.local by her ISP mail address,
+# and replaces other local addresses by his ISP account,
+# with an address extension of +local (this example assumes
# that the ISP supports "+" style address extensions).
#
# /etc/postfix/main.cf:
# smtp_generics_maps = hash:/etc/postfix/generics
#
# /etc/postfix/generics:
-# his@localdomain.local hisaccount@hisisp.example
-# her@localdomain.local heraccount@herisp.example
-# @localdomain.local hisaccount+local@hisisp.example
+# his@localdomain.local hisaccount@hisisp.example
+# her@localdomain.local heraccount@herisp.example
+# @localdomain.local hisaccount+local@hisisp.example
#
-# Execute the command "postmap /etc/postfix/generics" when-
-# ever the table is changed. Instead of hash, some systems
-# use dbm database files. To find out what tables your sys-
+# Execute the command "postmap /etc/postfix/generics" when-
+# ever the table is changed. Instead of hash, some systems
+# use dbm database files. To find out what tables your sys-
# tem supports use the command "postconf -m".
#
# BUGS
-# The table format does not understand quoting conventions.
+# The table format does not understand quoting conventions.
#
# CONFIGURATION PARAMETERS
-# The following main.cf parameters are especially relevant.
-# The text below provides only a parameter summary. See
+# The following main.cf parameters are especially relevant.
+# The text below provides only a parameter summary. See
# postconf(5) for more details including examples.
#
# smtp_generics_maps
# Address mapping lookup table for envelope and
-# header sender and recipient addresses while deliv-
+# header sender and recipient addresses while deliv-
# ering mail via SMTP.
#
# propagate_unmatched_extensions
-# A list of address rewriting or forwarding mecha-
-# nisms that propagate an address extension from the
-# original address to the result. Specify zero or
-# more of canonical, virtual, alias, forward,
+# A list of address rewriting or forwarding mecha-
+# nisms that propagate an address extension from the
+# original address to the result. Specify zero or
+# more of canonical, virtual, alias, forward,
# include, or generics.
#
# Other parameters of interest:
#
+# append_at_myorigin
+# Do or don't append "@$myorigin" to addresses with-
+# out domain. This must be turned on in Postfix.
+#
+# append_dot_mydomain
+# Do or don't append ".$mydomain" to addresses with-
+# out "." on the right-hand side of the @.
+#
# inet_interfaces
-# The network interface addresses that this system
+# The network interface addresses that this system
# receives mail on. You need to stop and start Post-
# fix when this parameter changes.
#
# tor.
#
# mydestination
-# List of domains that this mail system considers
+# List of domains that this mail system considers
# local.
#
# myorigin
# smtp(8), Postfix SMTP client
#
# README FILES
-# Use "postconf readme_directory" or "postconf html_direc-
+# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
# DATABASE_README, Postfix lookup table overview
# ADDRESS_REWRITING_README, address rewriting guide
#
# LICENSE
-# The Secure Mailer license must be distributed with this
+# The Secure Mailer license must be distributed with this
# software.
#
# HISTORY
# Redirect mail for other users in domain to address.
# This form has the lowest precedence.
#
-# In all the above forms, when address has the form @other-
-# domain, the result is the same user in otherdomain. This
-# works for the first address in the expansion only.
+# RESULT ADDRESS REWRITING
+# The lookup result is subject to address rewriting:
+#
+# o When the result has the form @otherdomain, the
+# result becomes the same user in otherdomain. This
+# works only for the first address in a multi-address
+# lookup result.
+#
+# o The result is rewritten as specified with
+# append_at_myorigin or with append_dot_mydomain.
#
# ADDRESS EXTENSION
# When a mail address localpart contains the optional recip-
#
# Other parameters of interest:
#
+# append_at_myorigin
+# Do or don't append "@$myorigin" to addresses with-
+# out domain. This must be turned on in Postfix.
+#
+# append_dot_mydomain
+# Do or don't append ".$mydomain" to addresses with-
+# out "." on the right-hand side of the @.
+#
# inet_interfaces
# The network interface addresses that this system
# receives mail on. You need to stop and start Post-
<td bgcolor="#f0f0ff" align="center" valign="middle"> <a
href="smtpd.8.html">Postfix<br> SMTP<br> server</a> </td>
- <td align="center" valign="middle"> <tt> <-> </tt> </td>
+ <td colspan="2" align="center" valign="middle"> <tt> <->
+ </tt> </td>
- <td bgcolor="#f0f0ff" align="center" valign="middle"> <a
- href="verify.8.html">Postfix<br> verify<br> server</a>
+ <td bgcolor="#f0f0ff" colspan="3" align="center" valign="middle">
+ <a href="verify.8.html">Postfix<br> verify<br> server</a>
</td>
- <td align="center" valign="middle"> <tt> <-> </tt> </td>
+ <td colspan="2" align="center" valign="middle"> <tt> <->
+ </tt> </td>
- <td bgcolor="#f0f0ff" align="center" valign="middle">
- Address<br> verification<br> database </td>
+ <td bgcolor="#f0f0ff" align="center" valign="middle"> Address<br>
+ verification<br> database </td>
</tr>
<tr>
- <td> </td>
+ <td colspan="3"> </td>
- <td> </td>
+ <td> </td>
- <td align="center" valign="middle"> <tt> |</tt><br> probe<br>
- messages<br> <tt> v </tt> </td>
+ <td colspan="2" align="right" valign="middle"> <tt> |</tt><br>
+ probe<br> messages<br> <tt> v </tt> </td>
<td> </td>
- <td align="center" valign="middle"> ^<br> delivery<br>
+ <td colspan="2" align="left" valign="middle"> ^<br> delivery<br>
status<br> <tt> | </tt> </td>
<td> </td>
<td> </td>
- <td bgcolor="#f0f0ff" align="center" valign="middle"> Postfix<br>
- queue </td>
+ <td> </td>
+
+ <td> </td>
+
+ <td colspan="2" bgcolor="#f0f0ff" align="center" valign="middle">
+ Postfix<br> queue </td>
<td align="center" valign="middle"> <tt> -> </tt> </td>
- <td bgcolor="#f0f0ff" align="center" valign="middle"> Postfix<br>
- delivery<br> agents </td>
+ <td colspan="2" bgcolor="#f0f0ff" align="center" valign="middle">
+ Postfix<br> delivery<br> agents </td>
<td> </td>
<td> </td>
+</tr>
+
</table>
</blockquote>
sasl_method=plain
sasl_username=you
sasl_sender=
+ccert_subject=solaris9.porcupine.org
+ccert_issuer=Wietse Venema
+ccert_fingerprint=C2:9D:F4:87:71:73:73:D9:18:E7:C2:F3:C1:DA:6E:04
size=12345
[empty line]
</pre>
command.
</p>
+ <li> <p> The "sasl_*" attributes specify information about how
+ the client was authenticated via SASL. </p>
+
</ul>
<p> The following is specific to SMTPD delegated policy requests:
the Postfix SMTP server makes an OK/REJECT/HOLD/etc. decision.
</p>
- <li> <p> The SASL attributes are sent only when SASL support
- is built into Postfix. </p>
+ <li> <p> The "ccert_*" attributes specify information from the
+ client TLS certificate. This information is presented only
+ if the client certificate was successfully verified. </p>
</ul>
<li><a href="#intranet">Running Postfix behind a firewall</a>
-<li><a href="#backup">Configuring Postfix as MX host for a remote
+<li><a href="#backup">Configuring Postfix as primary or backup MX host for a remote
site</a>
<li><a href="#dialup">Postfix on a dialup machine</a>
<p> Execute the command "<b>postmap /etc/postfix/transport</b>" whenever
you edit the transport table. </p>
-<h2><a name="backup">Configuring Postfix as MX host for a remote site</a></h2>
+<h2><a name="backup">Configuring Postfix as primary or backup MX host for a remote site</a></h2>
<p> This section presents additional configuration. You need to
combine this with basic configuration information as discussed the
Replace other addresses in <i>domain</i> by <i>address</i>. This
form has the lowest precedence.
- In all the above forms, when <i>address</i> has the form @<i>other-</i>
- <i>domain</i>, the result is the same user in <i>otherdomain</i>.
+<b>RESULT ADDRESS REWRITING</b>
+ The lookup result is subject to address rewriting:
+
+ <b>o</b> When the result has the form @<i>otherdomain</i>, the
+ result becomes the same <i>user</i> in <i>otherdomain</i>.
+
+ <b>o</b> The result is rewritten as specified with
+ <b><a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a></b> or with <b><a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a></b>.
<b>ADDRESS EXTENSION</b>
When a mail address localpart contains the optional recip-
- ient delimiter (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order
+ ient delimiter (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order
becomes: <i>user+foo</i>@<i>domain</i>, <i>user</i>@<i>domain</i>, <i>user+foo</i>, <i>user</i>, and
@<i>domain</i>.
- The <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b> parameter controls
- whether an unmatched address extension (<i>+foo</i>) is propa-
+ The <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b> parameter controls
+ whether an unmatched address extension (<i>+foo</i>) is propa-
gated to the result of table lookup.
<b>REGULAR EXPRESSION TABLES</b>
- This section describes how the table lookups change when
+ This section describes how the table lookups change when
the table is given in the form of regular expressions. For
- a description of regular expression lookup table syntax,
+ a description of regular expression lookup table syntax,
see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
- Each pattern is a regular expression that is applied to
+ Each pattern is a regular expression that is applied to
the entire address being looked up. Thus, <i>user@domain</i> mail
- addresses are not broken up into their <i>user</i> and <i>@domain</i>
+ addresses are not broken up into their <i>user</i> and <i>@domain</i>
constituent parts, nor is <i>user+foo</i> broken up into <i>user</i> and
<i>foo</i>.
- Patterns are applied in the order as specified in the
- table, until a pattern is found that matches the search
+ Patterns are applied in the order as specified in the
+ table, until a pattern is found that matches the search
string.
- Results are the same as with indexed file lookups, with
- the additional feature that parenthesized substrings from
+ Results are the same as with indexed file lookups, with
+ the additional feature that parenthesized substrings from
the pattern can be interpolated as <b>$1</b>, <b>$2</b> and so on.
<b>TCP-BASED TABLES</b>
- This section describes how the table lookups change when
+ This section describes how the table lookups change when
lookups are directed to a TCP-based server. For a descrip-
- tion of the TCP client/server lookup protocol, see
- <a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>. This feature is not available up to and
+ tion of the TCP client/server lookup protocol, see
+ <a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>. This feature is not available up to and
including Postfix version 2.2.
Each lookup operation uses the entire address once. Thus,
- <i>user@domain</i> mail addresses are not broken up into their
+ <i>user@domain</i> mail addresses are not broken up into their
<i>user</i> and <i>@domain</i> constituent parts, nor is <i>user+foo</i> broken
up into <i>user</i> and <i>foo</i>.
Results are the same as with indexed file lookups.
<b>BUGS</b>
- The table format does not understand quoting conventions.
+ The table format does not understand quoting conventions.
<b>CONFIGURATION PARAMETERS</b>
- The following <b>main.cf</b> parameters are especially relevant.
- The text below provides only a parameter summary. See
+ The following <b>main.cf</b> parameters are especially relevant.
+ The text below provides only a parameter summary. See
<a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
<b><a href="postconf.5.html#canonical_classes">canonical_classes</a></b>
- What addresses are subject to canonical address
+ What addresses are subject to canonical address
mapping.
<b><a href="postconf.5.html#canonical_maps">canonical_maps</a></b>
header sender addresses.
<b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b>
- A list of address rewriting or forwarding mecha-
- nisms that propagate an address extension from the
- original address to the result. Specify zero or
- more of <b>canonical</b>, <b>virtual</b>, <b>alias</b>, <b>forward</b>,
+ A list of address rewriting or forwarding mecha-
+ nisms that propagate an address extension from the
+ original address to the result. Specify zero or
+ more of <b>canonical</b>, <b>virtual</b>, <b>alias</b>, <b>forward</b>,
<b>include</b>, or <b>generics</b>.
Other parameters of interest:
+ <b><a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a></b>
+ Do or don't append "<b>@$<a href="postconf.5.html#myorigin">myorigin</a></b>" to addresses with-
+ out domain. This must be turned on in Postfix.
+
+ <b><a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a></b>
+ Do or don't append "<b>.$<a href="postconf.5.html#mydomain">mydomain</a></b>" to addresses with-
+ out "." on the right-hand side of the @.
+
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b>
- The network interface addresses that this system
+ The network interface addresses that this system
receives mail on. You need to stop and start Post-
fix when this parameter changes.
tor.
<b><a href="postconf.5.html#masquerade_classes">masquerade_classes</a></b>
- List of address classes subject to masquerading:
- zero or more of <b>envelope_sender</b>, <b>envelope_recipi-</b>
+ List of address classes subject to masquerading:
+ zero or more of <b>envelope_sender</b>, <b>envelope_recipi-</b>
<b>ent</b>, <b>header_sender</b>, <b>header_recipient</b>.
<b><a href="postconf.5.html#masquerade_domains">masquerade_domains</a></b>
- List of domains that hide their subdomain struc-
+ List of domains that hide their subdomain struc-
ture.
<b><a href="postconf.5.html#masquerade_exceptions">masquerade_exceptions</a></b>
- List of user names that are not subject to address
+ List of user names that are not subject to address
masquerading.
<b><a href="postconf.5.html#mydestination">mydestination</a></b>
- List of domains that this mail system considers
+ List of domains that this mail system considers
local.
<b><a href="postconf.5.html#myorigin">myorigin</a></b>
<a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a>, address rewriting guide
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
Replace other addresses in <i>domain</i> by <i>address</i>. This
form has the lowest precedence.
- In all the above forms, the result <i>address</i> must have the
- form <i>username@domainname</i>.
+<b>RESULT ADDRESS REWRITING</b>
+ The lookup result is subject to address rewriting:
+
+ <b>o</b> When the result has the form @<i>otherdomain</i>, the
+ result becomes the same <i>user</i> in <i>otherdomain</i>.
+
+ <b>o</b> The result is rewritten as specified with
+ <b><a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a></b> or with <b><a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a></b>.
<b>ADDRESS EXTENSION</b>
When a mail address localpart contains the optional recip-
- ient delimiter (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order
+ ient delimiter (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order
becomes: <i>user+foo</i>@<i>domain</i>, <i>user</i>@<i>domain</i>, <i>user+foo</i>, <i>user</i>, and
@<i>domain</i>.
- The <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b> parameter controls
- whether an unmatched address extension (<i>+foo</i>) is propa-
+ The <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b> parameter controls
+ whether an unmatched address extension (<i>+foo</i>) is propa-
gated to the result of table lookup.
<b>REGULAR EXPRESSION TABLES</b>
- This section describes how the table lookups change when
+ This section describes how the table lookups change when
the table is given in the form of regular expressions. For
- a description of regular expression lookup table syntax,
+ a description of regular expression lookup table syntax,
see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
- Each pattern is a regular expression that is applied to
+ Each pattern is a regular expression that is applied to
the entire address being looked up. Thus, <i>user@domain</i> mail
- addresses are not broken up into their <i>user</i> and <i>@domain</i>
+ addresses are not broken up into their <i>user</i> and <i>@domain</i>
constituent parts, nor is <i>user+foo</i> broken up into <i>user</i> and
<i>foo</i>.
- Patterns are applied in the order as specified in the
- table, until a pattern is found that matches the search
+ Patterns are applied in the order as specified in the
+ table, until a pattern is found that matches the search
string.
- Results are the same as with indexed file lookups, with
- the additional feature that parenthesized substrings from
+ Results are the same as with indexed file lookups, with
+ the additional feature that parenthesized substrings from
the pattern can be interpolated as <b>$1</b>, <b>$2</b> and so on.
<b>TCP-BASED TABLES</b>
- This section describes how the table lookups change when
+ This section describes how the table lookups change when
lookups are directed to a TCP-based server. For a descrip-
- tion of the TCP client/server lookup protocol, see
- <a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>. This feature is not available up to and
+ tion of the TCP client/server lookup protocol, see
+ <a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>. This feature is not available up to and
including Postfix version 2.2.
Each lookup operation uses the entire address once. Thus,
- <i>user@domain</i> mail addresses are not broken up into their
+ <i>user@domain</i> mail addresses are not broken up into their
<i>user</i> and <i>@domain</i> constituent parts, nor is <i>user+foo</i> broken
up into <i>user</i> and <i>foo</i>.
Results are the same as with indexed file lookups.
<b>EXAMPLE</b>
- The following shows a generic mapping with an indexed
- file. When mail is sent to a remote host via SMTP, this
- replaces <i>his@localdomain.local</i> by his ISP mail address,
- replaces <i>her@localdomain.local</i> by her ISP mail address,
- and replaces other local addresses by his ISP account,
- with an address extension of <i>+local</i> (this example assumes
+ The following shows a generic mapping with an indexed
+ file. When mail is sent to a remote host via SMTP, this
+ replaces <i>his@localdomain.local</i> by his ISP mail address,
+ replaces <i>her@localdomain.local</i> by her ISP mail address,
+ and replaces other local addresses by his ISP account,
+ with an address extension of <i>+local</i> (this example assumes
that the ISP supports "+" style address extensions).
/etc/postfix/main.cf:
<a href="postconf.5.html#smtp_generics_maps">smtp_generics_maps</a> = hash:/etc/postfix/generics
/etc/postfix/generics:
- his@localdomain.local hisaccount@hisisp.example
- her@localdomain.local heraccount@herisp.example
- @localdomain.local hisaccount+local@hisisp.example
+ his@localdomain.local hisaccount@hisisp.example
+ her@localdomain.local heraccount@herisp.example
+ @localdomain.local hisaccount+local@hisisp.example
- Execute the command "<b>postmap /etc/postfix/generics</b>" when-
- ever the table is changed. Instead of <b>hash</b>, some systems
- use <b>dbm</b> database files. To find out what tables your sys-
+ Execute the command "<b>postmap /etc/postfix/generics</b>" when-
+ ever the table is changed. Instead of <b>hash</b>, some systems
+ use <b>dbm</b> database files. To find out what tables your sys-
tem supports use the command "<b>postconf -m</b>".
<b>BUGS</b>
- The table format does not understand quoting conventions.
+ The table format does not understand quoting conventions.
<b>CONFIGURATION PARAMETERS</b>
- The following <b>main.cf</b> parameters are especially relevant.
- The text below provides only a parameter summary. See
+ The following <b>main.cf</b> parameters are especially relevant.
+ The text below provides only a parameter summary. See
<a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
<b><a href="postconf.5.html#smtp_generics_maps">smtp_generics_maps</a></b>
Address mapping lookup table for envelope and
- header sender and recipient addresses while deliv-
+ header sender and recipient addresses while deliv-
ering mail via SMTP.
<b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b>
- A list of address rewriting or forwarding mecha-
- nisms that propagate an address extension from the
- original address to the result. Specify zero or
- more of <b>canonical</b>, <b>virtual</b>, <b>alias</b>, <b>forward</b>,
+ A list of address rewriting or forwarding mecha-
+ nisms that propagate an address extension from the
+ original address to the result. Specify zero or
+ more of <b>canonical</b>, <b>virtual</b>, <b>alias</b>, <b>forward</b>,
<b>include</b>, or <b>generics</b>.
Other parameters of interest:
+ <b><a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a></b>
+ Do or don't append "<b>@$<a href="postconf.5.html#myorigin">myorigin</a></b>" to addresses with-
+ out domain. This must be turned on in Postfix.
+
+ <b><a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a></b>
+ Do or don't append "<b>.$<a href="postconf.5.html#mydomain">mydomain</a></b>" to addresses with-
+ out "." on the right-hand side of the @.
+
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b>
- The network interface addresses that this system
+ The network interface addresses that this system
receives mail on. You need to stop and start Post-
fix when this parameter changes.
tor.
<b><a href="postconf.5.html#mydestination">mydestination</a></b>
- List of domains that this mail system considers
+ List of domains that this mail system considers
local.
<b><a href="postconf.5.html#myorigin">myorigin</a></b>
<a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a>, address rewriting guide
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>HISTORY</b>
Redirect mail for other users in <i>domain</i> to <i>address</i>.
This form has the lowest precedence.
- In all the above forms, when <i>address</i> has the form @<i>other-</i>
- <i>domain</i>, the result is the same user in <i>otherdomain</i>. This
- works for the first address in the expansion only.
+<b>RESULT ADDRESS REWRITING</b>
+ The lookup result is subject to address rewriting:
+
+ <b>o</b> When the result has the form @<i>otherdomain</i>, the
+ result becomes the same <i>user</i> in <i>otherdomain</i>. This
+ works only for the first address in a multi-address
+ lookup result.
+
+ <b>o</b> The result is rewritten as specified with
+ <b><a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a></b> or with <b><a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a></b>.
<b>ADDRESS EXTENSION</b>
When a mail address localpart contains the optional recip-
Other parameters of interest:
+ <b><a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a></b>
+ Do or don't append "<b>@$<a href="postconf.5.html#myorigin">myorigin</a></b>" to addresses with-
+ out domain. This must be turned on in Postfix.
+
+ <b><a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a></b>
+ Do or don't append "<b>.$<a href="postconf.5.html#mydomain">mydomain</a></b>" to addresses with-
+ out "." on the right-hand side of the @.
+
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b>
The network interface addresses that this system
receives mail on. You need to stop and start Post-
.IP "@\fIdomain address\fR"
Replace other addresses in \fIdomain\fR by \fIaddress\fR.
This form has the lowest precedence.
-.PP
-In all the above forms, when \fIaddress\fR has the form
-@\fIotherdomain\fR, the result is the same user in \fIotherdomain\fR.
+.SH "RESULT ADDRESS REWRITING"
+.na
+.nf
+.ad
+.fi
+The lookup result is subject to address rewriting:
+.IP \(bu
+When the result has the form @\fIotherdomain\fR, the
+result becomes the same \fIuser\fR in \fIotherdomain\fR.
+.IP \(bu
+The result is rewritten as specified with \fBappend_at_myorigin\fR
+or with \fBappend_dot_mydomain\fR.
.SH "ADDRESS EXTENSION"
.na
.nf
\fBforward\fR, \fBinclude\fR, or \fBgenerics\fR.
.PP
Other parameters of interest:
+.IP \fBappend_at_myorigin\fR
+Do or don't append "\fB@$myorigin\fR" to addresses without domain.
+This must be turned on in Postfix.
+.IP \fBappend_dot_mydomain\fR
+Do or don't append "\fB.$mydomain\fR" to addresses without "." on
+the right-hand side of the @.
.IP \fBinet_interfaces\fR
The network interface addresses that this system receives mail on.
You need to stop and start Postfix when this parameter changes.
.IP "@\fIdomain address\fR"
Replace other addresses in \fIdomain\fR by \fIaddress\fR.
This form has the lowest precedence.
-.PP
-In all the above forms, the result \fIaddress\fR must have
-the form \fIusername@domainname\fR.
+.SH "RESULT ADDRESS REWRITING"
+.na
+.nf
+.ad
+.fi
+The lookup result is subject to address rewriting:
+.IP \(bu
+When the result has the form @\fIotherdomain\fR, the
+result becomes the same \fIuser\fR in \fIotherdomain\fR.
+.IP \(bu
+The result is rewritten as specified with \fBappend_at_myorigin\fR
+or with \fBappend_dot_mydomain\fR.
.SH "ADDRESS EXTENSION"
.na
.nf
/etc/postfix/generics:
.in +4
-his@localdomain.local hisaccount@hisisp.example
-her@localdomain.local heraccount@herisp.example
-@localdomain.local hisaccount+local@hisisp.example
+ his@localdomain.local hisaccount@hisisp.example
+ her@localdomain.local heraccount@herisp.example
+ @localdomain.local hisaccount+local@hisisp.example
.in -4
.ad
\fBforward\fR, \fBinclude\fR, or \fBgenerics\fR.
.PP
Other parameters of interest:
+.IP \fBappend_at_myorigin\fR
+Do or don't append "\fB@$myorigin\fR" to addresses without domain.
+This must be turned on in Postfix.
+.IP \fBappend_dot_mydomain\fR
+Do or don't append "\fB.$mydomain\fR" to addresses without "." on
+the right-hand side of the @.
.IP \fBinet_interfaces\fR
The network interface addresses that this system receives mail on.
You need to stop and start Postfix when this parameter changes.
.IP "@\fIdomain address, address, ...\fR"
Redirect mail for other users in \fIdomain\fR to \fIaddress\fR.
This form has the lowest precedence.
-.PP
-In all the above forms, when \fIaddress\fR has the form
-@\fIotherdomain\fR, the result is the same user in \fIotherdomain\fR.
-This works for the first address in the expansion only.
+.SH "RESULT ADDRESS REWRITING"
+.na
+.nf
+.ad
+.fi
+The lookup result is subject to address rewriting:
+.IP \(bu
+When the result has the form @\fIotherdomain\fR, the
+result becomes the same \fIuser\fR in \fIotherdomain\fR.
+This works only for the first address in a multi-address
+lookup result.
+.IP \(bu
+The result is rewritten as specified with \fBappend_at_myorigin\fR
+or with \fBappend_dot_mydomain\fR.
.SH "ADDRESS EXTENSION"
.na
.nf
\fBforward\fR, \fBinclude\fR, or \fBgenerics\fR.
.PP
Other parameters of interest:
+.IP \fBappend_at_myorigin\fR
+Do or don't append "\fB@$myorigin\fR" to addresses without domain.
+This must be turned on in Postfix.
+.IP \fBappend_dot_mydomain\fR
+Do or don't append "\fB.$mydomain\fR" to addresses without "." on
+the right-hand side of the @.
.IP \fBinet_interfaces\fR
The network interface addresses that this system receives mail on.
You need to stop and start Postfix when this parameter changes.
<td bgcolor="#f0f0ff" align="center" valign="middle"> <a
href="smtpd.8.html">Postfix<br> SMTP<br> server</a> </td>
- <td align="center" valign="middle"> <tt> <-> </tt> </td>
+ <td colspan="2" align="center" valign="middle"> <tt> <->
+ </tt> </td>
- <td bgcolor="#f0f0ff" align="center" valign="middle"> <a
- href="verify.8.html">Postfix<br> verify<br> server</a>
+ <td bgcolor="#f0f0ff" colspan="3" align="center" valign="middle">
+ <a href="verify.8.html">Postfix<br> verify<br> server</a>
</td>
- <td align="center" valign="middle"> <tt> <-> </tt> </td>
+ <td colspan="2" align="center" valign="middle"> <tt> <->
+ </tt> </td>
- <td bgcolor="#f0f0ff" align="center" valign="middle">
- Address<br> verification<br> database </td>
+ <td bgcolor="#f0f0ff" align="center" valign="middle"> Address<br>
+ verification<br> database </td>
</tr>
<tr>
- <td> </td>
+ <td colspan="3"> </td>
- <td> </td>
+ <td> </td>
- <td align="center" valign="middle"> <tt> |</tt><br> probe<br>
- messages<br> <tt> v </tt> </td>
+ <td colspan="2" align="right" valign="middle"> <tt> |</tt><br>
+ probe<br> messages<br> <tt> v </tt> </td>
<td> </td>
- <td align="center" valign="middle"> ^<br> delivery<br>
+ <td colspan="2" align="left" valign="middle"> ^<br> delivery<br>
status<br> <tt> | </tt> </td>
<td> </td>
<td> </td>
- <td bgcolor="#f0f0ff" align="center" valign="middle"> Postfix<br>
- queue </td>
+ <td> </td>
+
+ <td> </td>
+
+ <td colspan="2" bgcolor="#f0f0ff" align="center" valign="middle">
+ Postfix<br> queue </td>
<td align="center" valign="middle"> <tt> -> </tt> </td>
- <td bgcolor="#f0f0ff" align="center" valign="middle"> Postfix<br>
- delivery<br> agents </td>
+ <td colspan="2" bgcolor="#f0f0ff" align="center" valign="middle">
+ Postfix<br> delivery<br> agents </td>
<td> </td>
<td> </td>
+</tr>
+
</table>
</blockquote>
sasl_method=plain
sasl_username=you
sasl_sender=
+ccert_subject=solaris9.porcupine.org
+ccert_issuer=Wietse Venema
+ccert_fingerprint=C2:9D:F4:87:71:73:73:D9:18:E7:C2:F3:C1:DA:6E:04
size=12345
[empty line]
</pre>
command.
</p>
+ <li> <p> The "sasl_*" attributes specify information about how
+ the client was authenticated via SASL. </p>
+
</ul>
<p> The following is specific to SMTPD delegated policy requests:
the Postfix SMTP server makes an OK/REJECT/HOLD/etc. decision.
</p>
- <li> <p> The SASL attributes are sent only when SASL support
- is built into Postfix. </p>
+ <li> <p> The "ccert_*" attributes specify information from the
+ client TLS certificate. This information is presented only
+ if the client certificate was successfully verified. </p>
</ul>
<li><a href="#intranet">Running Postfix behind a firewall</a>
-<li><a href="#backup">Configuring Postfix as MX host for a remote
+<li><a href="#backup">Configuring Postfix as primary or backup MX host for a remote
site</a>
<li><a href="#dialup">Postfix on a dialup machine</a>
<p> Execute the command "<b>postmap /etc/postfix/transport</b>" whenever
you edit the transport table. </p>
-<h2><a name="backup">Configuring Postfix as MX host for a remote site</a></h2>
+<h2><a name="backup">Configuring Postfix as primary or backup MX host for a remote site</a></h2>
<p> This section presents additional configuration. You need to
combine this with basic configuration information as discussed the
# .IP "@\fIdomain address\fR"
# Replace other addresses in \fIdomain\fR by \fIaddress\fR.
# This form has the lowest precedence.
-# .PP
-# In all the above forms, when \fIaddress\fR has the form
-# @\fIotherdomain\fR, the result is the same user in \fIotherdomain\fR.
+# RESULT ADDRESS REWRITING
+# .ad
+# .fi
+# The lookup result is subject to address rewriting:
+# .IP \(bu
+# When the result has the form @\fIotherdomain\fR, the
+# result becomes the same \fIuser\fR in \fIotherdomain\fR.
+# .IP \(bu
+# The result is rewritten as specified with \fBappend_at_myorigin\fR
+# or with \fBappend_dot_mydomain\fR.
# ADDRESS EXTENSION
# .fi
# .ad
# \fBforward\fR, \fBinclude\fR, or \fBgenerics\fR.
# .PP
# Other parameters of interest:
+# .IP \fBappend_at_myorigin\fR
+# Do or don't append "\fB@$myorigin\fR" to addresses without domain.
+# This must be turned on in Postfix.
+# .IP \fBappend_dot_mydomain\fR
+# Do or don't append "\fB.$mydomain\fR" to addresses without "." on
+# the right-hand side of the @.
# .IP \fBinet_interfaces\fR
# The network interface addresses that this system receives mail on.
# You need to stop and start Postfix when this parameter changes.
# .IP "@\fIdomain address\fR"
# Replace other addresses in \fIdomain\fR by \fIaddress\fR.
# This form has the lowest precedence.
-# .PP
-# In all the above forms, the result \fIaddress\fR must have
-# the form \fIusername@domainname\fR.
+# RESULT ADDRESS REWRITING
+# .ad
+# .fi
+# The lookup result is subject to address rewriting:
+# .IP \(bu
+# When the result has the form @\fIotherdomain\fR, the
+# result becomes the same \fIuser\fR in \fIotherdomain\fR.
+# .IP \(bu
+# The result is rewritten as specified with \fBappend_at_myorigin\fR
+# or with \fBappend_dot_mydomain\fR.
# ADDRESS EXTENSION
# .fi
# .ad
# smtp_generics_maps = hash:/etc/postfix/generics
# .in -4
#
-# /etc/postfix/generics:
+# /etc/postfix/generics:
# .in +4
-# his@localdomain.local hisaccount@hisisp.example
-# her@localdomain.local heraccount@herisp.example
-# @localdomain.local hisaccount+local@hisisp.example
+# his@localdomain.local hisaccount@hisisp.example
+# her@localdomain.local heraccount@herisp.example
+# @localdomain.local hisaccount+local@hisisp.example
# .in -4
#
# .ad
# \fBforward\fR, \fBinclude\fR, or \fBgenerics\fR.
# .PP
# Other parameters of interest:
+# .IP \fBappend_at_myorigin\fR
+# Do or don't append "\fB@$myorigin\fR" to addresses without domain.
+# This must be turned on in Postfix.
+# .IP \fBappend_dot_mydomain\fR
+# Do or don't append "\fB.$mydomain\fR" to addresses without "." on
+# the right-hand side of the @.
# .IP \fBinet_interfaces\fR
# The network interface addresses that this system receives mail on.
# You need to stop and start Postfix when this parameter changes.
# .IP "@\fIdomain address, address, ...\fR"
# Redirect mail for other users in \fIdomain\fR to \fIaddress\fR.
# This form has the lowest precedence.
-# .PP
-# In all the above forms, when \fIaddress\fR has the form
-# @\fIotherdomain\fR, the result is the same user in \fIotherdomain\fR.
-# This works for the first address in the expansion only.
+# RESULT ADDRESS REWRITING
+# .ad
+# .fi
+# The lookup result is subject to address rewriting:
+# .IP \(bu
+# When the result has the form @\fIotherdomain\fR, the
+# result becomes the same \fIuser\fR in \fIotherdomain\fR.
+# This works only for the first address in a multi-address
+# lookup result.
+# .IP \(bu
+# The result is rewritten as specified with \fBappend_at_myorigin\fR
+# or with \fBappend_dot_mydomain\fR.
# ADDRESS EXTENSION
# .fi
# .ad
# \fBforward\fR, \fBinclude\fR, or \fBgenerics\fR.
# .PP
# Other parameters of interest:
+# .IP \fBappend_at_myorigin\fR
+# Do or don't append "\fB@$myorigin\fR" to addresses without domain.
+# This must be turned on in Postfix.
+# .IP \fBappend_dot_mydomain\fR
+# Do or don't append "\fB.$mydomain\fR" to addresses without "." on
+# the right-hand side of the @.
# .IP \fBinet_interfaces\fR
# The network interface addresses that this system receives mail on.
# You need to stop and start Postfix when this parameter changes.
#define MAIL_ATTR_TTL "ttl"
#define MAIL_ATTR_LABEL "label"
#define MAIL_ATTR_PROP "property"
+#define MAIL_ATTR_CCERT_SUBJECT "ccert_subject"
+#define MAIL_ATTR_CCERT_ISSSUER "ccert_issuer"
+#define MAIL_ATTR_CCERT_FINGERPRINT "ccert_fingerprint"
/*
* Suffixes for sender_name, sender_domain etc.
* Patches change the patchlevel and the release date. Snapshots change the
* release date only.
*/
-#define MAIL_RELEASE_DATE "20050208"
+#define MAIL_RELEASE_DATE "20050209"
#define MAIL_VERSION_NUMBER "2.2"
#define VAR_MAIL_VERSION "mail_version"
#ifdef STRCASECMP_IN_STRINGS_H
#include <strings.h>
#endif
+#include <time.h>
/* Utility library. */
* Optionally, restrict the damage that this process can do.
*/
resolve_local_init();
+#ifdef SNAPSHOT
+ tzset();
+#endif
chroot_uid(root_dir, user_name);
/*
#ifdef STRCASECMP_IN_STRINGS_H
#include <strings.h>
#endif
+#include <time.h>
/* Utility library. */
* Optionally, restrict the damage that this process can do.
*/
resolve_local_init();
+#ifdef SNAPSHOT
+ tzset();
+#endif
chroot_uid(root_dir, user_name);
/*
#ifdef STRCASECMP_IN_STRINGS_H
#include <strings.h>
#endif
+#include <time.h>
/* Utility library. */
* Optionally, restrict the damage that this process can do.
*/
resolve_local_init();
+#ifdef SNAPSHOT
+ tzset();
+#endif
chroot_uid(root_dir, user_name);
/*
TESTSRC =
DEFS = -I. -I$(INC_DIR) -D$(SYSTYPE)
CFLAGS = $(DEBUG) $(OPT) $(DEFS)
-TESTPROG= smtp_unalias
+TESTPROG= smtp_unalias smtp_map11
PROG = smtp
INC_DIR = ../../include
LIBS = ../../lib/libmaster.a ../../lib/libtls.a ../../lib/libdns.a \
test: $(TESTPROG)
-tests: test
+tests: smtp_map11_test
update: ../../libexec/$(PROG)
smtp_unalias: smtp_unalias.c $(LIBS)
$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIBS) $(SYSLIBS)
+smtp_map11: smtp_map11.c $(LIBS)
+ $(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIBS) $(SYSLIBS)
+
+# This needs trivial-rewrite service and myorigin==mydomain
+smtp_map11_test: smtp_map11 map11_map smtp_map11.ref
+ ../postmap/postmap map11_map
+ ./smtp_map11 hash:map11_map foo@example.com bar@example.com \
+ baz@example.com foo@example.net >smtp_map11.tmp 2>&1
+ sed -e "s/MYDOMAIN/`postconf -h mydomain`/" \
+ -e "s/MYHOSTNAME/`postconf -h myhostname`/" smtp_map11.ref | \
+ diff - smtp_map11.tmp
+ rm -f smtp_map11.tmp map11_map.db
+
depend: $(MAKES)
(sed '1,/^# do not edit/!d' Makefile.in; \
set -e; for i in [a-z][a-z0-9]*.c; do \
--- /dev/null
+foo@example.com bar@com.example
+bar@example.com bar
+baz@example.com @com.example
int smtp_map11_external(VSTRING *addr, MAPS *maps, int propagate)
{
+ const char *myname = "smtp_map11_external";
ARGV *new_addr;
- const char *at;
+ const char *result;
if ((new_addr = mail_addr_map(maps, STR(addr), propagate)) != 0) {
if (new_addr->argc > 1)
- msg_fatal("multi-valued %s entry for %s", maps->title, STR(addr));
- if ((at = strrchr(STR(addr), '@')) == 0
- || !valid_hostname(at + 1, DO_GRIPE))
- msg_fatal("invalid domain information in %s entry for %s",
- maps->title, STR(addr));
- vstring_strcpy(addr, new_addr->argv[0]);
+ msg_warn("multi-valued %s result for %s", maps->title, STR(addr));
+ result = new_addr->argv[0];
+ if (msg_verbose)
+ msg_info("%s: %s -> %s", myname, STR(addr), result);
+ vstring_strcpy(addr, result);
argv_free(new_addr);
return (1);
} else {
if (dict_errno != 0)
msg_fatal("%s map lookup problem for %s", maps->title, STR(addr));
+ if (msg_verbose)
+ msg_info("%s: %s not found", myname, STR(addr));
return (0);
}
}
vstring_free(temp);
return (ret);
}
+
+#ifdef TEST
+
+#include <msg_vstream.h>
+#include <stringops.h>
+#include <mail_params.h>
+
+int main(int argc, char **argv)
+{
+ VSTRING *buf = vstring_alloc(100);
+ MAPS *maps;
+
+ msg_vstream_init(basename(argv[0]), VSTREAM_ERR);
+ if (argc < 3)
+ msg_fatal("usage: %s maptype:mapname address...", argv[0]);
+
+ maps = maps_create(argv[1], argv[1], 0);
+ mail_params_init();
+ if (chdir(var_queue_dir) < 0)
+ msg_fatal("chdir(%s): %m", var_queue_dir);
+ argv += 1;
+
+ msg_verbose = 1;
+ while (--argc && *++argv) {
+ msg_info("-- start %s --", *argv);
+ smtp_map11_external(vstring_strcpy(buf, *argv), maps, 1);
+ msg_info("-- end %s --", *argv);
+ }
+ vstring_free(buf);
+ return (0);
+}
+
+#endif
--- /dev/null
+smtp_map11: -- start foo@example.com --
+smtp_map11: maps_find: hash:map11_map: hash:map11_map(0,0): foo@example.com = bar@com.example
+smtp_map11: mail_addr_find: foo@example.com -> bar@com.example
+smtp_map11: connect to subsystem private/rewrite
+smtp_map11: send attr request = rewrite
+smtp_map11: send attr rule = local
+smtp_map11: send attr address = bar@com.example
+smtp_map11: private/rewrite socket: wanted attribute: flags
+smtp_map11: input attribute name: flags
+smtp_map11: input attribute value: 0
+smtp_map11: private/rewrite socket: wanted attribute: address
+smtp_map11: input attribute name: address
+smtp_map11: input attribute value: bar@com.example
+smtp_map11: private/rewrite socket: wanted attribute: (list terminator)
+smtp_map11: input attribute name: (end)
+smtp_map11: rewrite_clnt: local: bar@com.example -> bar@com.example
+smtp_map11: mail_addr_map: foo@example.com -> 0: bar@com.example
+smtp_map11: smtp_map11_external: foo@example.com -> bar@com.example
+smtp_map11: -- end foo@example.com --
+smtp_map11: -- start bar@example.com --
+smtp_map11: maps_find: hash:map11_map: hash:map11_map(0,0): bar@example.com = bar
+smtp_map11: mail_addr_find: bar@example.com -> bar
+smtp_map11: send attr request = rewrite
+smtp_map11: send attr rule = local
+smtp_map11: send attr address = bar
+smtp_map11: private/rewrite socket: wanted attribute: flags
+smtp_map11: input attribute name: flags
+smtp_map11: input attribute value: 0
+smtp_map11: private/rewrite socket: wanted attribute: address
+smtp_map11: input attribute name: address
+smtp_map11: input attribute value: bar@MYDOMAIN
+smtp_map11: private/rewrite socket: wanted attribute: (list terminator)
+smtp_map11: input attribute name: (end)
+smtp_map11: rewrite_clnt: local: bar -> bar@MYDOMAIN
+smtp_map11: mail_addr_map: bar@example.com -> 0: bar@MYDOMAIN
+smtp_map11: smtp_map11_external: bar@example.com -> bar@MYDOMAIN
+smtp_map11: -- end bar@example.com --
+smtp_map11: -- start baz@example.com --
+smtp_map11: maps_find: hash:map11_map: hash:map11_map(0,0): baz@example.com = @com.example
+smtp_map11: mail_addr_find: baz@example.com -> @com.example
+smtp_map11: send attr request = rewrite
+smtp_map11: send attr rule = local
+smtp_map11: send attr address = baz@com.example
+smtp_map11: private/rewrite socket: wanted attribute: flags
+smtp_map11: input attribute name: flags
+smtp_map11: input attribute value: 0
+smtp_map11: private/rewrite socket: wanted attribute: address
+smtp_map11: input attribute name: address
+smtp_map11: input attribute value: baz@com.example
+smtp_map11: private/rewrite socket: wanted attribute: (list terminator)
+smtp_map11: input attribute name: (end)
+smtp_map11: rewrite_clnt: local: baz@com.example -> baz@com.example
+smtp_map11: mail_addr_map: baz@example.com -> 0: baz@com.example
+smtp_map11: smtp_map11_external: baz@example.com -> baz@com.example
+smtp_map11: -- end baz@example.com --
+smtp_map11: -- start foo@example.net --
+smtp_map11: maps_find: hash:map11_map: foo@example.net: not found
+smtp_map11: match_string: example.net ~? MYHOSTNAME
+smtp_map11: match_string: example.net ~? localhost.MYDOMAIN
+smtp_map11: match_string: example.net ~? localhost
+smtp_map11: match_list_match: example.net: no match
+smtp_map11: maps_find: hash:map11_map: @example.net: not found
+smtp_map11: mail_addr_find: foo@example.net -> (not found)
+smtp_map11: mail_addr_map: foo@example.net -> (not found)
+smtp_map11: smtp_map11_external: foo@example.net not found
+smtp_map11: -- end foo@example.net --
ATTR_TYPE_STR, MAIL_ATTR_SASL_SENDER,
var_smtpd_sasl_enable && state->sasl_sender ?
state->sasl_sender : "",
+#endif
+#ifdef USE_TLS
+ ATTR_TYPE_STR, MAIL_ATTR_CCERT_SUBJECT,
+ state->tls_info.peer_verified ?
+ state->tls_info.peer_CN : "",
+ ATTR_TYPE_STR, MAIL_ATTR_CCERT_ISSSUER,
+ state->tls_info.peer_verified ?
+ state->tls_info.issuer_CN : "",
+ ATTR_TYPE_STR, MAIL_ATTR_CCERT_FINGERPRINT,
+ state->tls_info.peer_verified ?
+ state->tls_info.peer_fingerprint : "",
#endif
ATTR_TYPE_END,
ATTR_FLAG_MISSING, /* Reply attributes. */
projects / thirdparty / postfix.git / commitdiff
