Cleanup: added missing _maps parameter names to the
proxy_read_maps default value, based on output from the
- mantools/missing-proxy-read-maps script. File:
+ mantools/missing-proxy-read-maps script. File:
global/mail_params.h.
Sanity: added LANG=C to the typo-check scripts to get
20220117
- Clenaup: the nullmx_reject_code parameter was removed from
+ Cleanup: the nullmx_reject_code parameter was removed from
Postfix 3.0 before it was released, but the manpage was not
updated. File: proto/postconf.proto.
Cleanup: after seeking past the end of a writable memory-backed
- VSTREAM (i.e. backed by a VSTRING), write nulls over the
+ VSTREAM (i.e. backed by a VSTRING), write nulls over the
newly allocated bytes. This behavior is compatible with
seeking past the end of a writable regular file. File:
util/vstream.c.
Makefiles, some unit test 'reference' files.
Bugfix (documented but not implemented since Postfix 2.2):
- missing support for [address] smtp_bind_address and
+ missing support for [address] in smtp_bind_address and
smtp_bind_address6. Reported by Vincent Pelletier. File:
smtp/smtp_connect.c.
+
+20220119
+
+ Cleanup: the 20211211 change could result in logfile spam.
+ Added a 1-bit counter to log "breaking long line" only once per
+ delivery request. File: smtp/smtp_proto.c.
+
+20220121
+
+ Cleanup: added a pre-release check for missing entries
+ in postfix-files. Problem reported by Jaroslav Skarvada.
+ Files: Makefile.in, conf/postfix-files,
+ mantools/check-postfix-files. Deleted: CYRUS_README.
+
+ Cleanup: added the RELEASE_NOTES file to the pre-release
+ checks, after Viktor Dukhovni reported a typo. Files:
+ mantools/check-double-install-proto-text,
+ mantools/check-spell-install-proto-text.
+
+ Cleanup: for consistent parameter naming (tlsproxy_client_xxx
+ correspnds to smtp_tls_xxx), renamed tlsproxy_client_level
+ to tlsproxy_client_security_level, and tlsproxy_client_policy
+ to tlsproxy_client_policy_maps, with backwards-compatible
+ defaults and updated documentation. Problem reported by
+ Raf. Files: global/mail_params.h, mantools/postlink,
+ postconf/postconf_builtin.c.
(set -e; echo "[$$i]"; cd $$i; $(MAKE) -f Makefile.in $(OPTS) MAKELEVEL=) || exit 1; \
done </dev/null
-# Some require a statically-linked bin/postconf executable.
-pre-release-checks: typo-check missing-proxy-read-maps-check postlink-check
+# Some checks require a bin/postconf executable.
+pre-release-checks: typo-check missing-proxy-read-maps-check \
+ postlink-check postfix-files-check
+
+postfix-files-check:
+ mantools/check-postfix-files | diff /dev/null -
postlink-check:
- mantools/check-postlink | diff /dev/null -
+ $(SHLIB_ENV) mantools/check-postlink | diff /dev/null -
missing-proxy-read-maps-check:
- mantools/missing-proxy-read-maps | diff /dev/null -
+ $(SHLIB_ENV) mantools/missing-proxy-read-maps | diff /dev/null -
typo-check: spell-cc spell-install-proto-text spell-proto-html \
double-cc double-install-proto-text double-proto-html
+++ /dev/null
-P\bPo\bos\bst\btf\bfi\bix\bx C\bCy\byr\bru\bus\bs H\bHo\bow\bwt\bto\bo
-
--------------------------------------------------------------------------------
-This document will be made available via http://www.postfix.org/.
-
====================================
Updated defense against remote clients or servers that 'trickle'
-SMTP or LMTP traffc. The new {smtpd,smtp,lmtp}_per_request_deadline
+SMTP or LMTP traffic. The new {smtpd,smtp,lmtp}_per_request_deadline
parameters replace {smtpd,smtp,lmtp}_per_record_deadline, with
-backwards compatible default settings. This defense is automatically
-enabled by default in the Postfix SMTP server in case of overload.
+backwards compatible default settings. This defense is enabled by
+default in the Postfix SMTP server in case of overload.
The new smtpd_per_record_deadline parameter limits the combined
time for the Postfix SMTP server to receive a request and to send
Fix code that still uses "long" for data_size and data_offset,
and that uses "%ld" in sscanf().
- For consistent naming (tlsproxy_client_mumble <> smtp_tls_mumble),
- rename tlsproxy_client_level to tlsproxy_client_security_level,
- and tlsproxy_client_policy to tlsproxy_client_policy_maps.
- This requires backwards-compatible defaults and documentation
- updates.
-
A smart query service for live Postfix tables that outputs JSON?
Add a pointer to
http://mmogilvi.users.sourceforge.net/software/oauthbearer.html
in documentation or on-line howtos.
+ Read http://mmogilvi.users.sourceforge.net/software/oauthbearer.html
+ and see how we can improve on the Postfix side.
+
Add verp=+= to the qmgr "from=" logging. This is already
implemented but not yet integrated.
configuration settings easier to enter. This may be true
for main.cf, master.cf and similar files (such as database
configuration files, but not necessarily elsewhere). So it
- would have to be a readlline flag.
+ may have to be a readlline flag.
Understand what happens with DNSSEC related status fields
in posttls-finger when resolv.conf points to a host that
events. But the currrent multi_server API fits typical usage
better.
- Add a configurable filter for SMTP command syntax. Maybe
- time for some inline-pcre or inline-regexp map support?
-
- Update makedefs and sys-defs.h for current Linux kernels and
- *BSD releases.
-
When a secondary instance has no multi_instance_name set,
postmulti -i won't be able to find it.
- Read http://mmogilvi.users.sourceforge.net/software/oauthbearer.html
- and see how we can improve on the Postfix side.
-
nbbio: exercise the sanity checks with fake msg(3) functions.
optreset (bsd-ism) how badly do we need it?
$manpage_directory/man1/postcat.1:f:root:-:644
$manpage_directory/man1/postconf.1:f:root:-:644
$manpage_directory/man1/postdrop.1:f:root:-:644
-$manpage_directory/man1/postfix.1:f:root:-:644
$manpage_directory/man1/postfix-tls.1:f:root:-:644
+$manpage_directory/man1/postfix.1:f:root:-:644
$manpage_directory/man1/postkick.1:f:root:-:644
$manpage_directory/man1/postlock.1:f:root:-:644
$manpage_directory/man1/postlog.1:f:root:-:644
$readme_directory/ADDRESS_VERIFICATION_README:f:root:-:644
$readme_directory/BACKSCATTER_README:f:root:-:644
$readme_directory/BASIC_CONFIGURATION_README:f:root:-:644
+$readme_directory/BDAT_README:f:root:-:644
$readme_directory/BUILTIN_FILTER_README:f:root:-:644
$readme_directory/CDB_README:f:root:-:644
$readme_directory/COMPATIBILITY_README:f:root:-:644
$readme_directory/LOCAL_RECIPIENT_README:f:root:-:644
$readme_directory/MACOSX_README:f:root:-:644:o
$readme_directory/MAILDROP_README:f:root:-:644
+$readme_directory/MAILLOG_README:f:root:-:644
$readme_directory/MEMCACHE_README:f:root:-:644
$readme_directory/MILTER_README:f:root:-:644
$readme_directory/MULTI_INSTANCE_README:f:root:-:644
$readme_directory/MYSQL_README:f:root:-:644
+$readme_directory/SMTPUTF8_README:f:root:-:644
$readme_directory/SQLITE_README:f:root:-:644
$readme_directory/NFS_README:f:root:-:644
$readme_directory/OVERVIEW:f:root:-:644
$readme_directory/PACKAGE_README:f:root:-:644
$readme_directory/PCRE_README:f:root:-:644
$readme_directory/PGSQL_README:f:root:-:644
+$readme_directory/POSTSCREEN_3_5_README:f:root:-:644
$readme_directory/POSTSCREEN_README:f:root:-:644
$readme_directory/QMQP_README:f:root:-:644:o
$readme_directory/QSHAPE_README:f:root:-:644
$html_directory/ADDRESS_VERIFICATION_README.html:f:root:-:644
$html_directory/BACKSCATTER_README.html:f:root:-:644
$html_directory/BASIC_CONFIGURATION_README.html:f:root:-:644
+$html_directory/BDAT_README.html:f:root:-:644
$html_directory/BUILTIN_FILTER_README.html:f:root:-:644
$html_directory/CDB_README.html:f:root:-:644
$html_directory/COMPATIBILITY_README.html:f:root:-:644
$html_directory/LMDB_README.html:f:root:-:644
$html_directory/LOCAL_RECIPIENT_README.html:f:root:-:644
$html_directory/MAILDROP_README.html:f:root:-:644
+$html_directory/MAILLOG_README.html:f:root:-:644
+$html_directory/MEMCACHE_README.html:f:root:-:644
$html_directory/MILTER_README.html:f:root:-:644
$html_directory/MULTI_INSTANCE_README.html:f:root:-:644
$html_directory/MYSQL_README.html:f:root:-:644
+$html_directory/SMTPUTF8_README.html:f:root:-:644
$html_directory/SQLITE_README.html:f:root:-:644
$html_directory/NFS_README.html:f:root:-:644
$html_directory/OVERVIEW.html:f:root:-:644
$html_directory/PACKAGE_README.html:f:root:-:644
$html_directory/PCRE_README.html:f:root:-:644
$html_directory/PGSQL_README.html:f:root:-:644
+$html_directory/POSTSCREEN_3_5_README.html:f:root:-:644
$html_directory/POSTSCREEN_README.html:f:root:-:644
$html_directory/QMQP_README.html:f:root:-:644:o
$html_directory/QSHAPE_README.html:f:root:-:644
$html_directory/access.5.html:f:root:-:644
$html_directory/aliases.5.html:f:root:-:644
$html_directory/anvil.8.html:f:root:-:644
+$html_directory/bounce.5.html:f:root:-:644
$html_directory/bounce.8.html:f:root:-:644
$html_directory/canonical.5.html:f:root:-:644
$html_directory/cidr_table.5.html:f:root:-:644
$html_directory/header_checks.5.html:f:root:-:644
$html_directory/index.html:f:root:-:644
$html_directory/ldap_table.5.html:f:root:-:644
+$html_directory/lmdb_table.5.html:f:root:-:644
$html_directory/lmtp.8.html:f:root:-:644
$html_directory/local.8.html:f:root:-:644
$html_directory/mailq.1.html:f:root:-:644
$html_directory/postdrop.1.html:f:root:-:644
$html_directory/postfix-logo.jpg:f:root:-:644
$html_directory/postfix-manuals.html:f:root:-:644
+$html_directory/postfix-tls.1.html:f:root:-:644
$html_directory/postfix-wrapper.5.html:f:root:-:644
$html_directory/postfix.1.html:f:root:-:644
$html_directory/postkick.1.html:f:root:-:644
$html_directory/qmqpd.8.html:f:root:-:644
$html_directory/regexp_table.5.html:f:root:-:644
$html_directory/relocated.5.html:f:root:-:644
+$html_directory/scache.8.html:f:root:-:644
$html_directory/sendmail.1.html:h:$html_directory/mailq.1.html:-:644
$html_directory/showq.8.html:f:root:-:644
$html_directory/smtp-sink.1.html:f:root:-:644
$html_directory/smtp-source.1.html:f:root:-:644
$html_directory/smtp.8.html:h:$html_directory/lmtp.8.html:-:644
$html_directory/smtpd.8.html:f:root:-:644
+$html_directory/socketmap_table.5.html:f:root:-:644
$html_directory/spawn.8.html:f:root:-:644
+$html_directory/tlsmgr.8.html:f:root:-:644
$html_directory/tlsproxy.8.html:f:root:-:644
$html_directory/tcp_table.5.html:f:root:-:644
$html_directory/trace.8.html:h:$html_directory/bounce.8.html:-:644
<p> This feature is available in Postfix 3.4 and later. </p>
+</DD>
+
+<DT><b><a name="tlsproxy_client_level">tlsproxy_client_level</a>
+(default: $<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a>)</b></DT><DD>
+
+<p> The default TLS security level for the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a>
+client. See <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> for further details. </p>
+
+<p> This feature is available in Postfix 3.4 - 3.6. It was
+renamed to <a href="postconf.5.html#tlsproxy_client_security_level">tlsproxy_client_security_level</a> in Postfix 3.7. </p>
+
+
</DD>
<DT><b><a name="tlsproxy_client_loglevel">tlsproxy_client_loglevel</a>
<p> This feature is available in Postfix 3.4 and later. </p>
+</DD>
+
+<DT><b><a name="tlsproxy_client_policy">tlsproxy_client_policy</a>
+(default: $<a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>)</b></DT><DD>
+
+<p> Optional lookup tables with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> client TLS
+security policy by next-hop destination. See <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>
+for further details. </p>
+
+<p> This feature is available in Postfix 3.4 - 3.6. It was
+renamed to <a href="postconf.5.html#tlsproxy_client_policy_maps">tlsproxy_client_policy_maps</a> in Postfix 3.7. </p>
+
+
</DD>
<DT><b><a name="tlsproxy_client_policy_maps">tlsproxy_client_policy_maps</a>
security policy by next-hop destination. See <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>
for further details. </p>
-<p> This feature is available in Postfix 3.4 and later. </p>
+<p> This feature is available in Postfix 3.7 and later. It
+was previously called <a href="postconf.5.html#tlsproxy_client_policy">tlsproxy_client_policy</a>. </p>
</DD>
<p> The default TLS security level for the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a>
client. See <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> for further details. </p>
-<p> This feature is available in Postfix 3.4 and later. </p>
+<p> This feature is available in Postfix 3.7 and later. It
+was previously called <a href="postconf.5.html#tlsproxy_client_level">tlsproxy_client_level</a>. </p>
</DD>
<b><a href="postconf.5.html#tlsproxy_client_scert_verifydepth">tlsproxy_client_scert_verifydepth</a> ($<a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a>)</b>
The verification depth for remote TLS server certificates.
- <b><a href="postconf.5.html#tlsproxy_client_
security_level">tlsproxy_client_security_level</a> ($<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a>)</b>
+ <b><a href="postconf.5.html#tlsproxy_client_
level">tlsproxy_client_level</a> ($<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a>)</b>
The default TLS security level for the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a>
client.
- <b><a href="postconf.5.html#tlsproxy_client_policy
_maps">tlsproxy_client_policy_maps</a> ($<a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>)</b>
+ <b><a href="postconf.5.html#tlsproxy_client_policy
">tlsproxy_client_policy</a> ($<a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>)</b>
Optional lookup tables with the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> client TLS
security policy by next-hop destination.
usage policy by next-hop destination and by remote TLS server
hostname.
+ Available in Postfix version 3.7 and later:
+
+ <b><a href="postconf.5.html#tlsproxy_client_security_level">tlsproxy_client_security_level</a> ($<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a>)</b>
+ The default TLS security level for the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a>
+ client.
+
+ <b><a href="postconf.5.html#tlsproxy_client_policy_maps">tlsproxy_client_policy_maps</a> ($<a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>)</b>
+ Optional lookup tables with the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> client TLS
+ security policy by next-hop destination.
+
<b>OBSOLETE STARTTLS SUPPORT CONTROLS</b>
These parameters are supported for compatibility with <a href="smtpd.8.html"><b>smtpd</b>(8)</a> legacy
parameters.
"tlsproxy_client_chain_files" parameter.
.PP
This feature is available in Postfix 3.4 and later.
+.SH tlsproxy_client_level (default: $smtp_tls_security_level)
+The default TLS security level for the Postfix \fBtlsproxy\fR(8)
+client. See smtp_tls_security_level for further details.
+.PP
+This feature is available in Postfix 3.4 \- 3.6. It was
+renamed to tlsproxy_client_security_level in Postfix 3.7.
.SH tlsproxy_client_loglevel (default: $smtp_tls_loglevel)
Enable additional Postfix \fBtlsproxy\fR(8) client logging of TLS
activity. See smtp_tls_loglevel for further details.
hostname. See smtp_tls_per_site for further details.
.PP
This feature is available in Postfix 3.4 and later.
+.SH tlsproxy_client_policy (default: $smtp_tls_policy_maps)
+Optional lookup tables with the Postfix \fBtlsproxy\fR(8) client TLS
+security policy by next\-hop destination. See smtp_tls_policy_maps
+for further details.
+.PP
+This feature is available in Postfix 3.4 \- 3.6. It was
+renamed to tlsproxy_client_policy_maps in Postfix 3.7.
.SH tlsproxy_client_policy_maps (default: $smtp_tls_policy_maps)
Optional lookup tables with the Postfix \fBtlsproxy\fR(8) client TLS
security policy by next\-hop destination. See smtp_tls_policy_maps
for further details.
.PP
-This feature is available in Postfix 3.4 and later.
+This feature is available in Postfix 3.7 and later. It
+was previously called tlsproxy_client_policy.
.SH tlsproxy_client_scert_verifydepth (default: $smtp_tls_scert_verifydepth)
The verification depth for remote TLS server certificates.
See smtp_tls_scert_verifydepth for further details.
The default TLS security level for the Postfix \fBtlsproxy\fR(8)
client. See smtp_tls_security_level for further details.
.PP
-This feature is available in Postfix 3.4 and later.
+This feature is available in Postfix 3.7 and later. It
+was previously called tlsproxy_client_level.
.SH tlsproxy_client_use_tls (default: $smtp_use_tls)
Opportunistic mode: use TLS when a remote server announces TLS
support. See smtp_use_tls for further details. Use
value.
.IP "\fBtlsproxy_client_scert_verifydepth ($smtp_tls_scert_verifydepth)\fR"
The verification depth for remote TLS server certificates.
-.IP "\fBtlsproxy_client_security_level ($smtp_tls_security_level)\fR"
+.IP "\fBtlsproxy_client_level ($smtp_tls_security_level)\fR"
The default TLS security level for the Postfix \fBtlsproxy\fR(8)
client.
-.IP "\fBtlsproxy_client_policy_maps ($smtp_tls_policy_maps)\fR"
+.IP "\fBtlsproxy_client_policy ($smtp_tls_policy_maps)\fR"
Optional lookup tables with the Postfix \fBtlsproxy\fR(8) client TLS
security policy by next\-hop destination.
.IP "\fBtlsproxy_client_use_tls ($smtp_use_tls)\fR"
Optional lookup tables with the Postfix \fBtlsproxy\fR(8) client TLS
usage policy by next\-hop destination and by remote TLS server
hostname.
+.PP
+Available in Postfix version 3.7 and later:
+.IP "\fBtlsproxy_client_security_level ($smtp_tls_security_level)\fR"
+The default TLS security level for the Postfix \fBtlsproxy\fR(8)
+client.
+.IP "\fBtlsproxy_client_policy_maps ($smtp_tls_policy_maps)\fR"
+Optional lookup tables with the Postfix \fBtlsproxy\fR(8) client TLS
+security policy by next\-hop destination.
.SH "OBSOLETE STARTTLS SUPPORT CONTROLS"
.na
.nf
LANG=C; export LANG
-ls *install* proto/* | egrep -v 'stop|Makefile|html|\.proto' | xargs mantools/deroff | mantools/find-double | fgrep -vxf proto/stop.double-install-proto-text
+(ls *install* proto/* | egrep -v 'stop|Makefile|html|\.proto' | xargs mantools/deroff; cat RELEASE_NOTES) | mantools/find-double | fgrep -vxf proto/stop.double-install-proto-text
--- /dev/null
+#!/bin/sh
+
+# Reports missing documentation file names in postfix-files. For
+# simplicity and maintainability this looks at file basenames only.
+# The odds that a file is installed in the wrong place are small.
+
+trap 'rm -f expected.tmp actual.tmp' 0 1 2 3 15
+
+LANG=C; export LANG
+LC_ALL=C; export LC_ALL
+
+# Extract file basenames from postfix-files.
+
+awk -F: '
+ BEGIN { want["f"] = want["h"] = want["l"] = want["p"] = 1 }
+ want[$2] == 1 { n = split($1, path, "/"); print path[n] }
+' conf/postfix-files | sort >actual.tmp
+
+# Create a list of expected names, excluding files that aren't installed.
+
+(ls man/man?/* html/*.html |sed 's/.*\///' | egrep -v '^makedefs.1
+^posttls-finger.1
+^qmqp-sink.1
+^qmqp-source.1
+^qshape.1
+^smtp-sink.1
+^smtp-source.1'
+ls README_FILES) | sort >expected.tmp
+
+# Compare the expected names against the names in postfix-files.
+
+comm -23 expected.tmp actual.tmp
#!/bin/sh
-# Look for missing parameter names in postlink
+# Reports parameter names that have no postlink rules.
LANG=C; export LANG
LC_ALL=C; export LC_ALL
-trap 'rm -f postlink.tmp postconf.tmp check-postlink.tmp 2>/dev/null' 0 1 2 3 15
+trap 'rm -f postlink.tmp postconf.tmp stoplist.tmp 2>/dev/null' 0 1 2 3 15
# Extract parameters from postlink script. This also produces names
# of obsolete parameters, and non-parameter names such as SMTPD
p
}' mantools/postlink | sort > postlink.tmp
-# Extract parameters from postconf output.
+# Extract parameters from postconf output, using the stock configurations.
bin/postconf -dHc conf | sort >postconf.tmp
-# Filter the output through a whitelist.
+# Filter the postconf output through a stoplist. First, parameter
+# names prefixed by their service name.
+
+for xport in error lmtp local relay retry smtp virtual
+do
+ cat <<EOF
+${xport}_delivery_slot_cost
+${xport}_delivery_slot_discount
+${xport}_delivery_slot_loan
+${xport}_destination_concurrency_failed_cohort_limit
+${xport}_destination_concurrency_limit
+${xport}_destination_concurrency_negative_feedback
+${xport}_destination_concurrency_positive_feedback
+${xport}_destination_rate_delay
+${xport}_destination_recipient_limit
+${xport}_extra_recipient_limit
+${xport}_initial_destination_concurrency
+${xport}_minimum_delivery_slots
+${xport}_recipient_limit
+${xport}_recipient_refill_delay
+${xport}_recipient_refill_limit
+${xport}_transport_rate_delay
+EOF
+done >stoplist.tmp
-cat >check-postlink.tmp <<'EOF'
-error_delivery_slot_cost
-error_delivery_slot_discount
-error_delivery_slot_loan
-error_destination_concurrency_failed_cohort_limit
-error_destination_concurrency_limit
-error_destination_concurrency_negative_feedback
-error_destination_concurrency_positive_feedback
-error_destination_rate_delay
-error_destination_recipient_limit
-error_extra_recipient_limit
-error_initial_destination_concurrency
-error_minimum_delivery_slots
-error_recipient_limit
-error_recipient_refill_delay
-error_recipient_refill_limit
-error_transport_rate_delay
-lmtp_body_checks
-lmtp_cname_overrides_servername
-lmtp_delivery_slot_cost
-lmtp_delivery_slot_discount
-lmtp_delivery_slot_loan
-lmtp_destination_concurrency_failed_cohort_limit
-lmtp_destination_concurrency_negative_feedback
-lmtp_destination_concurrency_positive_feedback
-lmtp_destination_rate_delay
-lmtp_extra_recipient_limit
-lmtp_header_checks
-lmtp_initial_destination_concurrency
-lmtp_mime_header_checks
-lmtp_minimum_delivery_slots
-lmtp_nested_header_checks
-lmtp_recipient_limit
-lmtp_recipient_refill_delay
-lmtp_recipient_refill_limit
-lmtp_transport_rate_delay
-local_delivery_slot_cost
-local_delivery_slot_discount
-local_delivery_slot_loan
-local_destination_concurrency_failed_cohort_limit
-local_destination_concurrency_negative_feedback
-local_destination_concurrency_positive_feedback
-local_destination_rate_delay
-local_extra_recipient_limit
-local_initial_destination_concurrency
-local_minimum_delivery_slots
-local_recipient_limit
-local_recipient_refill_delay
-local_recipient_refill_limit
-local_transport_rate_delay
-relay_delivery_slot_cost
-relay_delivery_slot_discount
-relay_delivery_slot_loan
-relay_destination_concurrency_failed_cohort_limit
-relay_destination_concurrency_negative_feedback
-relay_destination_concurrency_positive_feedback
-relay_destination_rate_delay
-relay_extra_recipient_limit
-relay_initial_destination_concurrency
-relay_minimum_delivery_slots
-relay_recipient_limit
-relay_recipient_refill_delay
-relay_recipient_refill_limit
-relay_transport_rate_delay
-retry_delivery_slot_cost
-retry_delivery_slot_discount
-retry_delivery_slot_loan
-retry_destination_concurrency_failed_cohort_limit
-retry_destination_concurrency_limit
-retry_destination_concurrency_negative_feedback
-retry_destination_concurrency_positive_feedback
-retry_destination_rate_delay
-retry_destination_recipient_limit
-retry_extra_recipient_limit
-retry_initial_destination_concurrency
-retry_minimum_delivery_slots
-retry_recipient_limit
-retry_recipient_refill_delay
-retry_recipient_refill_limit
-retry_transport_rate_delay
-smtp_delivery_slot_cost
-smtp_delivery_slot_discount
-smtp_delivery_slot_loan
-smtp_destination_concurrency_failed_cohort_limit
-smtp_destination_concurrency_negative_feedback
-smtp_destination_concurrency_positive_feedback
-smtp_destination_rate_delay
-smtp_extra_recipient_limit
-smtp_initial_destination_concurrency
-smtp_minimum_delivery_slots
-smtp_recipient_limit
-smtp_recipient_refill_delay
-smtp_recipient_refill_limit
-smtp_transport_rate_delay
-stress
-tlsproxy_client_level
-tlsproxy_client_policy
-virtual_delivery_slot_cost
-virtual_delivery_slot_discount
-virtual_delivery_slot_loan
-virtual_destination_concurrency_failed_cohort_limit
-virtual_destination_concurrency_negative_feedback
-virtual_destination_concurrency_positive_feedback
-virtual_destination_rate_delay
-virtual_extra_recipient_limit
-virtual_initial_destination_concurrency
-virtual_minimum_delivery_slots
-virtual_recipient_limit
-virtual_recipient_refill_delay
-virtual_recipient_refill_limit
-virtual_transport_rate_delay
+# Second, pseudo parameters, read-only parameters, etc.
+cat >>stoplist.tmp <<'EOF'
+stress
EOF
-comm -23 postconf.tmp postlink.tmp | fgrep -vx -f check-postlink.tmp
+# Report names from postconf that have no rule in mantools/postlink.
+
+comm -23 postconf.tmp postlink.tmp | fgrep -vx -f stoplist.tmp
#!/bin/sh
-# Spellchecks the install scripts and proto non-html files.
+# Spellchecks the release notes, install scripts, and proto non-html files.
LANG=C; export LANG
-ls *install* proto/* | egrep -v 'stop|Makefile|html|\.proto' | mantools/deroff | spell | fgrep -vxf proto/stop
+(ls *install* proto/* | egrep -v 'stop|Makefile|html|\.proto' | mantools/deroff; cat RELEASE_NOTES) | spell | fgrep -vxf proto/stop
# Outputs missing mail_params.h lines for the proxy_read_maps default
# value.
-#
+
# First, get the proxy_read_maps default value from postconf command
# output. This gives us a list of parameter names that are already
# present in the proxy_read_maps default value.
}
}
close(MAIL_PARAMS) || die "close $mail_params_h: !$\n";
-#
+
# Produce mail_params.h lines for all parameters that have names
# ending in _maps and that are not listed in proxy_read_maps. We get
# the full parameter name list from postconf command output. Abort
s;\btlsproxy_client_loglevel_parameter\b;<a href="postconf.5.html#tlsproxy_client_loglevel_parameter">$&</a>;g;
s;\btlsproxy_client_scert_verifydepth\b;<a href="postconf.5.html#tlsproxy_client_scert_verifydepth">$&</a>;g;
+ s;\btlsproxy_client_level\b;<a href="postconf.5.html#tlsproxy_client_level">$&</a>;g;
s;\btlsproxy_client_security_level\b;<a href="postconf.5.html#tlsproxy_client_security_level">$&</a>;g;
s;\btlsproxy_client_per_site\b;<a href="postconf.5.html#tlsproxy_client_per_site">$&</a>;g;
+ s;\btlsproxy_client_policy\b;<a href="postconf.5.html#tlsproxy_client_policy">$&</a>;g;
s;\btlsproxy_client_policy_maps\b;<a href="postconf.5.html#tlsproxy_client_policy_maps">$&</a>;g;
s;\btlsproxy_client_use_tls\b;<a href="postconf.5.html#tlsproxy_client_use_tls">$&</a>;g;
s;\btlsproxy_client_enforce_tls\b;<a href="postconf.5.html#tlsproxy_client_enforce_tls">$&</a>;g;
<p> This feature is available in Postfix 3.4 and later. </p>
+%PARAM tlsproxy_client_level $smtp_tls_security_level
+
+<p> The default TLS security level for the Postfix tlsproxy(8)
+client. See smtp_tls_security_level for further details. </p>
+
+<p> This feature is available in Postfix 3.4 - 3.6. It was
+renamed to tlsproxy_client_security_level in Postfix 3.7. </p>
+
%PARAM tlsproxy_client_security_level $smtp_tls_security_level
<p> The default TLS security level for the Postfix tlsproxy(8)
client. See smtp_tls_security_level for further details. </p>
-<p> This feature is available in Postfix 3.4 and later. </p>
+<p> This feature is available in Postfix 3.7 and later. It
+was previously called tlsproxy_client_level. </p>
%PARAM tlsproxy_client_per_site $smtp_tls_per_site
<p> This feature is available in Postfix 3.4 and later. </p>
+%PARAM tlsproxy_client_policy $smtp_tls_policy_maps
+
+<p> Optional lookup tables with the Postfix tlsproxy(8) client TLS
+security policy by next-hop destination. See smtp_tls_policy_maps
+for further details. </p>
+
+<p> This feature is available in Postfix 3.4 - 3.6. It was
+renamed to tlsproxy_client_policy_maps in Postfix 3.7. </p>
+
%PARAM tlsproxy_client_policy_maps $smtp_tls_policy_maps
<p> Optional lookup tables with the Postfix tlsproxy(8) client TLS
security policy by next-hop destination. See smtp_tls_policy_maps
for further details. </p>
-<p> This feature is available in Postfix 3.4 and later. </p>
+<p> This feature is available in Postfix 3.7 and later. It
+was previously called tlsproxy_client_policy. </p>
%PARAM tlsproxy_client_use_tls $smtp_use_tls
ICMP
NORANDOMIZE
wallclock
+BDAT
+IPL
+yyyy
+yyyymmdd
" $" VAR_LOCAL_LOGIN_SND_MAPS \
" $" VAR_PSC_REJ_FTR_MAPS \
" $" VAR_SMTPD_REJ_FTR_MAPS \
- " $" VAR_TLS_SERVER_SNI_MAPS
+ " $" VAR_TLS_SERVER_SNI_MAPS \
+ " $" VAR_TLSP_CLNT_POLICY
extern char *var_proxy_read_maps;
#define VAR_PROXY_WRITE_MAPS "proxy_write_maps"
#define DEF_TLSP_CLNT_ENFORCE_TLS "$" VAR_SMTP_ENFORCE_TLS
extern bool var_tlsp_clnt_enforce_tls;
-#define VAR_TLSP_CLNT_LEVEL "tlsproxy_client_level"
-#define DEF_TLSP_CLNT_LEVEL "$" VAR_SMTP_TLS_LEVEL
+/* Migrate an incorrect name. */
+#define OBS_TLSP_CLNT_LEVEL "tlsproxy_client_level"
+#define VAR_TLSP_CLNT_LEVEL "tlsproxy_client_security_level"
+#define DEF_TLSP_CLNT_LEVEL "${" OBS_TLSP_CLNT_LEVEL ":$" VAR_SMTP_TLS_LEVEL "}"
extern char *var_tlsp_clnt_level;
#define VAR_TLSP_CLNT_PER_SITE "tlsproxy_client_per_site"
#define DEF_TLSP_CLNT_PER_SITE "$" VAR_SMTP_TLS_PER_SITE
extern char *var_tlsp_clnt_per_site;
-#define VAR_TLSP_CLNT_POLICY "tlsproxy_client_policy"
-#define DEF_TLSP_CLNT_POLICY "$" VAR_SMTP_TLS_POLICY
+/* Migrate an incorrect name. */
+#define OBS_TLSP_CLNT_POLICY "tlsproxy_client_policy"
+#define VAR_TLSP_CLNT_POLICY "tlsproxy_client_policy_maps"
+#define DEF_TLSP_CLNT_POLICY "${" OBS_TLSP_CLNT_POLICY ":$" VAR_SMTP_TLS_POLICY "}"
extern char *var_tlsp_clnt_policy;
/*
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20220117"
+#define MAIL_RELEASE_DATE "20220121"
#define MAIL_VERSION_NUMBER "3.7"
#ifdef SNAPSHOT
{"lmtp_per_record_deadline", ""},
{"smtp_per_record_deadline", ""},
{"smtpd_per_record_deadline", ""},
+ {"tlsproxy_client_level", ""},
+ {"tlsproxy_client_policy", ""},
0,
};
* assume per-server debug_peer support.
*/
int debug_peer_per_nexthop;
+
+ /*
+ * One-bit counters to avoid logging the same warning multiple times per
+ * delivery request.
+ */
+ int logged_line_length_limit:1;
} SMTP_STATE;
/*
* multibyte characters can span queue file records, for
* example if line_length_limit == smtp_line_length_limit.
*/
- msg_info("%s: breaking line > %d bytes with <CR><LF>SPACE",
- state->request->queue_id, var_smtp_line_limit);
+ if (state->logged_line_length_limit == 0) {
+ msg_info("%s: breaking line > %d bytes with <CR><LF>SPACE",
+ state->request->queue_id, var_smtp_line_limit);
+ state->logged_line_length_limit = 1;
+ }
}
} else {
if (rec_type == REC_TYPE_CONT) {
}
state->why = dsb_create();
state->debug_peer_per_nexthop = 0;
+ state->logged_line_length_limit = 0;
return (state);
}
/* value.
/* .IP "\fBtlsproxy_client_scert_verifydepth ($smtp_tls_scert_verifydepth)\fR"
/* The verification depth for remote TLS server certificates.
-/* .IP "\fBtlsproxy_client_security_level ($smtp_tls_security_level)\fR"
+/* .IP "\fBtlsproxy_client_level ($smtp_tls_security_level)\fR"
/* The default TLS security level for the Postfix \fBtlsproxy\fR(8)
/* client.
-/* .IP "\fBtlsproxy_client_policy_maps ($smtp_tls_policy_maps)\fR"
+/* .IP "\fBtlsproxy_client_policy ($smtp_tls_policy_maps)\fR"
/* Optional lookup tables with the Postfix \fBtlsproxy\fR(8) client TLS
/* security policy by next-hop destination.
/* .IP "\fBtlsproxy_client_use_tls ($smtp_use_tls)\fR"
/* Optional lookup tables with the Postfix \fBtlsproxy\fR(8) client TLS
/* usage policy by next-hop destination and by remote TLS server
/* hostname.
+/* .PP
+/* Available in Postfix version 3.7 and later:
+/* .IP "\fBtlsproxy_client_security_level ($smtp_tls_security_level)\fR"
+/* The default TLS security level for the Postfix \fBtlsproxy\fR(8)
+/* client.
+/* .IP "\fBtlsproxy_client_policy_maps ($smtp_tls_policy_maps)\fR"
+/* Optional lookup tables with the Postfix \fBtlsproxy\fR(8) client TLS
+/* security policy by next-hop destination.
/* OBSOLETE STARTTLS SUPPORT CONTROLS
/* .ad
/* .fi
projects / thirdparty / postfix.git / commitdiff
