master/master.c, master/master_sig.c, util/killme_after.c.
Documentation: document non-iterative lookup behavior
- in postmap and postalias manpages. Files: postmap/postmap.c,
+ in postmap(1) and postalias(1) manpages. Files: postmap/postmap.c,
postalias/postalias.c.
+
+ Cleanup: the init-mode change should not forbid the combined
+ use of -D, -d and -w. File: master/master.c.
+
+20180520
+
+ Documentation: add backscatter remediation to the virtual(5)
+ and canonical(5) manpages. Files: proto/virtual, proto/canonical.
+
+ Bugfix (introduced: 20180425): broken implementation of
+ voluntary dnsblog retirement after max_use*max_idle seconds.
+ File: master/single_server.c.
# recipients and then tries to return that mail as
# "undeliverable" to the often forged sender address.
#
+# To avoid backscatter with mail for a wild-card
+# domain, replace the wild-card mapping with explicit
+# 1:1 mappings, or add a reject_unverified_recipient
+# restriction for that domain:
+#
+# smtpd_recipient_restrictions =
+# ...
+# reject_unauth_destination
+# check_recipient_access
+# inline:{example.com=reject_unverified_recipient}
+# unverified_recipient_reject_code = 550
+#
+# In the above example, Postfix may contact a remote
+# server if the recipient is rewritten to a remote
+# address.
+#
# RESULT ADDRESS REWRITING
# The lookup result is subject to address rewriting:
#
-# o When the result has the form @otherdomain, the
+# o When the result has the form @otherdomain, the
# result becomes the same user in otherdomain.
#
-# o When "append_at_myorigin=yes", append "@$myorigin"
+# o When "append_at_myorigin=yes", append "@$myorigin"
# to addresses without "@domain".
#
# o When "append_dot_mydomain=yes", append ".$mydomain"
#
# ADDRESS EXTENSION
# When a mail address localpart contains the optional recip-
-# ient delimiter (e.g., user+foo@domain), the lookup order
+# ient delimiter (e.g., user+foo@domain), the lookup order
# becomes: user+foo@domain, user@domain, user+foo, user, and
# @domain.
#
-# The propagate_unmatched_extensions parameter controls
-# whether an unmatched address extension (+foo) is propa-
+# The propagate_unmatched_extensions parameter controls
+# whether an unmatched address extension (+foo) is propa-
# gated to the result of table lookup.
#
# REGULAR EXPRESSION TABLES
-# This section describes how the table lookups change when
+# This section describes how the table lookups change when
# the table is given in the form of regular expressions. For
-# a description of regular expression lookup table syntax,
+# a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5).
#
-# Each pattern is a regular expression that is applied to
+# Each pattern is a regular expression that is applied to
# the entire address being looked up. Thus, user@domain mail
-# addresses are not broken up into their user and @domain
+# addresses are not broken up into their user and @domain
# constituent parts, nor is user+foo broken up into user and
# foo.
#
-# Patterns are applied in the order as specified in the ta-
-# ble, until a pattern is found that matches the search
+# Patterns are applied in the order as specified in the ta-
+# ble, until a pattern is found that matches the search
# string.
#
-# Results are the same as with indexed file lookups, with
-# the additional feature that parenthesized substrings from
+# Results are the same as with indexed file lookups, with
+# the additional feature that parenthesized substrings from
# the pattern can be interpolated as $1, $2 and so on.
#
# TCP-BASED TABLES
-# This section describes how the table lookups change when
+# This section describes how the table lookups change when
# lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see tcp_ta-
# ble(5). This feature is not available up to and including
# Postfix version 2.4.
#
# Each lookup operation uses the entire address once. Thus,
-# user@domain mail addresses are not broken up into their
+# user@domain mail addresses are not broken up into their
# user and @domain constituent parts, nor is user+foo broken
# up into user and foo.
#
# Results are the same as with indexed file lookups.
#
# BUGS
-# The table format does not understand quoting conventions.
+# The table format does not understand quoting conventions.
#
# CONFIGURATION PARAMETERS
-# The following main.cf parameters are especially relevant.
-# The text below provides only a parameter summary. See
+# The following main.cf parameters are especially relevant.
+# The text below provides only a parameter summary. See
# postconf(5) for more details including examples.
#
-# canonical_classes
-# What addresses are subject to canonical address
-# mapping.
+# canonical_classes (envelope_sender, envelope_recipient,
+# header_sender, header_recipient)
+# What addresses are subject to canonical_maps
+# address mapping.
#
-# canonical_maps
-# List of canonical mapping tables.
+# canonical_maps (empty)
+# Optional address mapping lookup tables for message
+# headers and envelopes.
#
-# recipient_canonical_maps
-# Address mapping lookup table for envelope and
-# header recipient addresses.
+# recipient_canonical_maps (empty)
+# Optional address mapping lookup tables for envelope
+# and header recipient addresses.
#
-# sender_canonical_maps
-# Address mapping lookup table for envelope and
-# header sender addresses.
+# sender_canonical_maps (empty)
+# Optional address mapping lookup tables for envelope
+# and header sender addresses.
#
-# propagate_unmatched_extensions
-# A list of address rewriting or forwarding mecha-
-# nisms that propagate an address extension from the
-# original address to the result. Specify zero or
-# more of canonical, virtual, alias, forward,
-# include, or generic.
+# propagate_unmatched_extensions (canonical, virtual)
+# What address lookup tables copy an address exten-
+# sion from the lookup key to the lookup result.
#
# Other parameters of interest:
#
-# inet_interfaces
-# The network interface addresses that this system
-# receives mail on. You need to stop and start Post-
-# fix when this parameter changes.
+# inet_interfaces (all)
+# The network interface addresses that this mail sys-
+# tem receives mail on.
#
-# local_header_rewrite_clients
+# local_header_rewrite_clients (permit_inet_interfaces)
# Rewrite message header addresses in mail from these
# clients and update incomplete addresses with the
# domain name in $myorigin or $mydomain; either don't
# addresses with the domain specified in the
# remote_header_rewrite_domain parameter.
#
-# proxy_interfaces
-# Other interfaces that this machine receives mail on
-# by way of a proxy agent or network address transla-
-# tor.
-#
-# masquerade_classes
-# List of address classes subject to masquerading:
-# zero or more of envelope_sender, envelope_recipi-
-# ent, header_sender, header_recipient.
-#
-# masquerade_domains
-# List of domains that hide their subdomain struc-
-# ture.
-#
-# masquerade_exceptions
-# List of user names that are not subject to address
-# masquerading.
-#
-# mydestination
-# List of domains that this mail system considers
-# local.
-#
-# myorigin
-# The domain that is appended to locally-posted mail.
-#
-# owner_request_special
-# Give special treatment to owner-xxx and xxx-request
-# addresses.
-#
-# remote_header_rewrite_domain
-# Don't rewrite message headers from remote clients
+# proxy_interfaces (empty)
+# The network interface addresses that this mail sys-
+# tem receives mail on by way of a proxy or network
+# address translation unit.
+#
+# masquerade_classes (envelope_sender, header_sender,
+# header_recipient)
+# What addresses are subject to address masquerading.
+#
+# masquerade_domains (empty)
+# Optional list of domains whose subdomain structure
+# will be stripped off in email addresses.
+#
+# masquerade_exceptions (empty)
+# Optional list of user names that are not subjected
+# to address masquerading, even when their address
+# matches $masquerade_domains.
+#
+# mydestination ($myhostname, localhost.$mydomain, local-
+# host)
+# The list of domains that are delivered via the
+# $local_transport mail delivery transport.
+#
+# myorigin ($myhostname)
+# The domain name that locally-posted mail appears to
+# come from, and that locally posted mail is deliv-
+# ered to.
+#
+# owner_request_special (yes)
+# Enable special treatment for owner-listname entries
+# in the aliases(5) file, and don't split owner-list-
+# name and listname-request address localparts when
+# the recipient_delimiter is set to "-".
+#
+# remote_header_rewrite_domain (empty)
+# Don't rewrite message headers from remote clients
# at all when this parameter is empty; otherwise, re-
-# write message headers and append the specified
+# write message headers and append the specified
# domain name to incomplete addresses.
#
# SEE ALSO
# virtual(5), virtual aliasing
#
# README FILES
-# Use "postconf readme_directory" or "postconf html_direc-
+# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
# DATABASE_README, Postfix lookup table overview
# ADDRESS_REWRITING_README, address rewriting guide
#
# LICENSE
-# The Secure Mailer license must be distributed with this
+# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)
# that mail as "undeliverable" to the often forged
# sender address.
#
+# To avoid backscatter with mail for a wild-card
+# domain, replace the wild-card mapping with explicit
+# 1:1 mappings, or add a reject_unverified_recipient
+# restriction for that domain:
+#
+# smtpd_recipient_restrictions =
+# ...
+# reject_unauth_destination
+# check_recipient_access
+# inline:{example.com=reject_unverified_recipient}
+# unverified_recipient_reject_code = 550
+#
+# In the above example, Postfix may contact a remote
+# server if the recipient is aliased to a remote
+# address.
+#
# RESULT ADDRESS REWRITING
# The lookup result is subject to address rewriting:
#
-# o When the result has the form @otherdomain, the
-# result becomes the same user in otherdomain. This
+# o When the result has the form @otherdomain, the
+# result becomes the same user in otherdomain. This
# works only for the first address in a multi-address
# lookup result.
#
-# o When "append_at_myorigin=yes", append "@$myorigin"
+# o When "append_at_myorigin=yes", append "@$myorigin"
# to addresses without "@domain".
#
# o When "append_dot_mydomain=yes", append ".$mydomain"
#
# ADDRESS EXTENSION
# When a mail address localpart contains the optional recip-
-# ient delimiter (e.g., user+foo@domain), the lookup order
+# ient delimiter (e.g., user+foo@domain), the lookup order
# becomes: user+foo@domain, user@domain, user+foo, user, and
# @domain.
#
-# The propagate_unmatched_extensions parameter controls
-# whether an unmatched address extension (+foo) is propa-
+# The propagate_unmatched_extensions parameter controls
+# whether an unmatched address extension (+foo) is propa-
# gated to the result of table lookup.
#
# VIRTUAL ALIAS DOMAINS
-# Besides virtual aliases, the virtual alias table can also
+# Besides virtual aliases, the virtual alias table can also
# be used to implement virtual alias domains. With a virtual
-# alias domain, all recipient addresses are aliased to
+# alias domain, all recipient addresses are aliased to
# addresses in other domains.
#
# Virtual alias domains are not to be confused with the vir-
# tual mailbox domains that are implemented with the Postfix
# virtual(8) mail delivery agent. With virtual mailbox
-# domains, each recipient address can have its own mailbox.
+# domains, each recipient address can have its own mailbox.
#
-# With a virtual alias domain, the virtual domain has its
-# own user name space. Local (i.e. non-virtual) usernames
-# are not visible in a virtual alias domain. In particular,
-# local aliases(5) and local mailing lists are not visible
+# With a virtual alias domain, the virtual domain has its
+# own user name space. Local (i.e. non-virtual) usernames
+# are not visible in a virtual alias domain. In particular,
+# local aliases(5) and local mailing lists are not visible
# as localname@virtual-alias.domain.
#
# Support for a virtual alias domain looks like:
# virtual_alias_maps = hash:/etc/postfix/virtual
#
# Note: some systems use dbm databases instead of hash. See
-# the output from "postconf -m" for available database
+# the output from "postconf -m" for available database
# types.
#
# /etc/postfix/virtual:
# user1@virtual-alias.domain address1
# user2@virtual-alias.domain address2, address3
#
-# The virtual-alias.domain anything entry is required for a
+# The virtual-alias.domain anything entry is required for a
# virtual alias domain. Without this entry, mail is rejected
-# with "relay access denied", or bounces with "mail loops
+# with "relay access denied", or bounces with "mail loops
# back to myself".
#
-# Do not specify virtual alias domain names in the main.cf
+# Do not specify virtual alias domain names in the main.cf
# mydestination or relay_domains configuration parameters.
#
-# With a virtual alias domain, the Postfix SMTP server
-# accepts mail for known-user@virtual-alias.domain, and
-# rejects mail for unknown-user@virtual-alias.domain as
+# With a virtual alias domain, the Postfix SMTP server
+# accepts mail for known-user@virtual-alias.domain, and
+# rejects mail for unknown-user@virtual-alias.domain as
# undeliverable.
#
-# Instead of specifying the virtual alias domain name via
-# the virtual_alias_maps table, you may also specify it via
+# Instead of specifying the virtual alias domain name via
+# the virtual_alias_maps table, you may also specify it via
# the main.cf virtual_alias_domains configuration parameter.
-# This latter parameter uses the same syntax as the main.cf
+# This latter parameter uses the same syntax as the main.cf
# mydestination configuration parameter.
#
# REGULAR EXPRESSION TABLES
-# This section describes how the table lookups change when
+# This section describes how the table lookups change when
# the table is given in the form of regular expressions. For
-# a description of regular expression lookup table syntax,
+# a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5).
#
-# Each pattern is a regular expression that is applied to
+# Each pattern is a regular expression that is applied to
# the entire address being looked up. Thus, user@domain mail
-# addresses are not broken up into their user and @domain
+# addresses are not broken up into their user and @domain
# constituent parts, nor is user+foo broken up into user and
# foo.
#
-# Patterns are applied in the order as specified in the ta-
-# ble, until a pattern is found that matches the search
+# Patterns are applied in the order as specified in the ta-
+# ble, until a pattern is found that matches the search
# string.
#
-# Results are the same as with indexed file lookups, with
-# the additional feature that parenthesized substrings from
+# Results are the same as with indexed file lookups, with
+# the additional feature that parenthesized substrings from
# the pattern can be interpolated as $1, $2 and so on.
#
# TCP-BASED TABLES
-# This section describes how the table lookups change when
+# This section describes how the table lookups change when
# lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see tcp_ta-
# ble(5). This feature is not available up to and including
# Postfix version 2.4.
#
# Each lookup operation uses the entire address once. Thus,
-# user@domain mail addresses are not broken up into their
+# user@domain mail addresses are not broken up into their
# user and @domain constituent parts, nor is user+foo broken
# up into user and foo.
#
# Results are the same as with indexed file lookups.
#
# BUGS
-# The table format does not understand quoting conventions.
+# The table format does not understand quoting conventions.
#
# CONFIGURATION PARAMETERS
-# The following main.cf parameters are especially relevant
-# to this topic. See the Postfix main.cf file for syntax
-# details and for default values. Use the "postfix reload"
+# The following main.cf parameters are especially relevant
+# to this topic. See the Postfix main.cf file for syntax
+# details and for default values. Use the "postfix reload"
# command after a configuration change.
#
-# virtual_alias_maps
-# List of virtual aliasing tables.
+# virtual_alias_maps ($virtual_maps)
+# Optional lookup tables that alias specific mail
+# addresses or domains to other local or remote
+# address.
#
-# virtual_alias_domains
-# List of virtual alias domains. This uses the same
-# syntax as the mydestination parameter.
+# virtual_alias_domains ($virtual_alias_maps)
+# Postfix is final destination for the specified list
+# of virtual alias domains, that is, domains for
+# which all addresses are aliased to addresses in
+# other local or remote domains.
#
-# propagate_unmatched_extensions
-# A list of address rewriting or forwarding mecha-
-# nisms that propagate an address extension from the
-# original address to the result. Specify zero or
-# more of canonical, virtual, alias, forward,
-# include, or generic.
+# propagate_unmatched_extensions (canonical, virtual)
+# What address lookup tables copy an address exten-
+# sion from the lookup key to the lookup result.
#
# Other parameters of interest:
#
-# inet_interfaces
-# The network interface addresses that this system
-# receives mail on. You need to stop and start Post-
-# fix when this parameter changes.
-#
-# mydestination
-# List of domains that this mail system considers
-# local.
-#
-# myorigin
-# The domain that is appended to any address that
-# does not have a domain.
-#
-# owner_request_special
-# Give special treatment to owner-xxx and xxx-request
-# addresses.
-#
-# proxy_interfaces
-# Other interfaces that this machine receives mail on
-# by way of a proxy agent or network address transla-
-# tor.
+# inet_interfaces (all)
+# The network interface addresses that this mail sys-
+# tem receives mail on.
+#
+# mydestination ($myhostname, localhost.$mydomain, local-
+# host)
+# The list of domains that are delivered via the
+# $local_transport mail delivery transport.
+#
+# myorigin ($myhostname)
+# The domain name that locally-posted mail appears to
+# come from, and that locally posted mail is deliv-
+# ered to.
+#
+# owner_request_special (yes)
+# Enable special treatment for owner-listname entries
+# in the aliases(5) file, and don't split owner-list-
+# name and listname-request address localparts when
+# the recipient_delimiter is set to "-".
+#
+# proxy_interfaces (empty)
+# The network interface addresses that this mail sys-
+# tem receives mail on by way of a proxy or network
+# address translation unit.
#
# SEE ALSO
# cleanup(8), canonicalize and enqueue mail
and then tries to return that mail as "undeliverable" to the
often forged sender address.
+ To avoid backscatter with mail for a wild-card domain, replace
+ the wild-card mapping with explicit 1:1 mappings, or add a
+ <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> restriction for that domain:
+
+ <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> =
+ ...
+ <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
+ <a href="postconf.5.html#check_recipient_access">check_recipient_access</a>
+ <a href="DATABASE_README.html#types">inline</a>:{example.com=<a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a>}
+ <a href="postconf.5.html#unverified_recipient_reject_code">unverified_recipient_reject_code</a> = 550
+
+ In the above example, Postfix may contact a remote server if the
+ recipient is rewritten to a remote address.
+
<b>RESULT ADDRESS REWRITING</b>
The lookup result is subject to address rewriting:
- <b>o</b> When the result has the form @<i>otherdomain</i>, the result becomes
+ <b>o</b> When the result has the form @<i>otherdomain</i>, the result becomes
the same <i>user</i> in <i>otherdomain</i>.
- <b>o</b> When "<b><a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a>=yes</b>", append "<b>@$<a href="postconf.5.html#myorigin">myorigin</a></b>" to addresses
+ <b>o</b> When "<b><a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a>=yes</b>", append "<b>@$<a href="postconf.5.html#myorigin">myorigin</a></b>" to addresses
without "@domain".
<b>o</b> When "<b><a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a>=yes</b>", append "<b>.$<a href="postconf.5.html#mydomain">mydomain</a></b>" to addresses
<b>ADDRESS EXTENSION</b>
When a mail address localpart contains the optional recipient delimiter
- (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order becomes: <i>user+foo</i>@<i>domain</i>,
+ (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order becomes: <i>user+foo</i>@<i>domain</i>,
<i>user</i>@<i>domain</i>, <i>user+foo</i>, <i>user</i>, and @<i>domain</i>.
- The <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b> parameter controls whether an
+ The <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b> parameter controls whether an
unmatched address extension (<i>+foo</i>) is propagated to the result of table
lookup.
<b>REGULAR EXPRESSION TABLES</b>
- This section describes how the table lookups change when the table is
- given in the form of regular expressions. For a description of regular
+ This section describes how the table lookups change when the table is
+ given in the form of regular expressions. For a description of regular
expression lookup table syntax, see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
- Each pattern is a regular expression that is applied to the entire
- address being looked up. Thus, <i>user@domain</i> mail addresses are not bro-
- ken up into their <i>user</i> and <i>@domain</i> constituent parts, nor is <i>user+foo</i>
+ Each pattern is a regular expression that is applied to the entire
+ address being looked up. Thus, <i>user@domain</i> mail addresses are not bro-
+ ken up into their <i>user</i> and <i>@domain</i> constituent parts, nor is <i>user+foo</i>
broken up into <i>user</i> and <i>foo</i>.
- Patterns are applied in the order as specified in the table, until a
+ Patterns are applied in the order as specified in the table, until a
pattern is found that matches the search string.
- Results are the same as with indexed file lookups, with the additional
- feature that parenthesized substrings from the pattern can be interpo-
+ Results are the same as with indexed file lookups, with the additional
+ feature that parenthesized substrings from the pattern can be interpo-
lated as <b>$1</b>, <b>$2</b> and so on.
<b>TCP-BASED TABLES</b>
- This section describes how the table lookups change when lookups are
- directed to a TCP-based server. For a description of the TCP
- client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>. This feature is not
+ This section describes how the table lookups change when lookups are
+ directed to a TCP-based server. For a description of the TCP
+ client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>. This feature is not
available up to and including Postfix version 2.4.
- Each lookup operation uses the entire address once. Thus, <i>user@domain</i>
- mail addresses are not broken up into their <i>user</i> and <i>@domain</i> con-
+ Each lookup operation uses the entire address once. Thus, <i>user@domain</i>
+ mail addresses are not broken up into their <i>user</i> and <i>@domain</i> con-
stituent parts, nor is <i>user+foo</i> broken up into <i>user</i> and <i>foo</i>.
Results are the same as with indexed file lookups.
The table format does not understand quoting conventions.
<b>CONFIGURATION PARAMETERS</b>
- The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant. The text
- below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for more
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant. The text
+ below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for more
details including examples.
- <b><a href="postconf.5.html#canonical_classes">canonical_classes</a></b>
- What addresses are subject to canonical address mapping.
+ <b><a href="postconf.5.html#canonical_classes">canonical_classes</a> (envelope_sender, envelope_recipient, header_sender,</b>
+ <b>header_recipient)</b>
+ What addresses are subject to <a href="postconf.5.html#canonical_maps">canonical_maps</a> address mapping.
- <b><a href="postconf.5.html#canonical_maps">canonical_maps</a></b>
- List of canonical mapping tables.
+ <b><a href="postconf.5.html#canonical_maps">canonical_maps</a> (empty)</b>
+ Optional address mapping lookup tables for message headers and
+ envelopes.
- <b><a href="postconf.5.html#recipient_canonical_maps">recipient_canonical_maps</a></b>
- Address mapping lookup table for envelope and header recipient
- addresses.
+ <b><a href="postconf.5.html#recipient_canonical_maps">recipient_canonical_maps</a> (empty)</b>
+ Optional address mapping lookup tables for envelope and header
+ recipient addresses.
- <b><a href="postconf.5.html#sender_canonical_maps">sender_canonical_maps</a></b>
- Address mapping lookup table for envelope and header sender
- addresses.
+ <b><a href="postconf.5.html#sender_canonical_maps">sender_canonical_maps</a> (empty)</b>
+ Optional address mapping lookup tables for envelope and header
+ sender addresses.
- <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b>
- A list of address rewriting or forwarding mechanisms that propa-
- gate an address extension from the original address to the
- result. Specify zero or more of <b>canonical</b>, <b>virtual</b>, <b>alias</b>, <b>for-</b>
- <b>ward</b>, <b>include</b>, or <b>generic</b>.
+ <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a> (canonical, virtual)</b>
+ What address lookup tables copy an address extension from the
+ lookup key to the lookup result.
Other parameters of interest:
- <b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b>
- The network interface addresses that this system receives mail
- on. You need to stop and start Postfix when this parameter
- changes.
+ <b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b>
+ The network interface addresses that this mail system receives
+ mail on.
- <b><a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a></b>
- Rewrite message header addresses in mail from these clients and
+ <b><a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> (<a href="postconf.5.html#permit_inet_interfaces">permit_inet_interfaces</a>)</b>
+ Rewrite message header addresses in mail from these clients and
update incomplete addresses with the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or
- $<a href="postconf.5.html#mydomain">mydomain</a>; either don't rewrite message headers from other
+ $<a href="postconf.5.html#mydomain">mydomain</a>; either don't rewrite message headers from other
clients at all, or rewrite message headers and update incomplete
- addresses
with the domain specified in the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_re</a>-
+ addresses
with the domain specified in the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_re</a>-
<a href="postconf.5.html#remote_header_rewrite_domain">write_domain</a> parameter.
- <b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a></b>
- Other interfaces that this machine receives mail on by way of a
- proxy agent or network address translator.
+ <b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b>
+ The network interface addresses that this mail system receives
+ mail on by way of a proxy or network address translation unit.
- <b><a href="postconf.5.html#masquerade_classes">masquerade_classes</a></b>
- List of address classes subject to masquerading: zero or more of
- <b>envelope_sender</b>, <b>envelope_recipient</b>, <b>header_sender</b>,
- <b>header_recipient</b>.
+ <b><a href="postconf.5.html#masquerade_classes">masquerade_classes</a> (envelope_sender, header_sender, header_recipient)</b>
+ What addresses are subject to address masquerading.
- <b><a href="postconf.5.html#masquerade_domains">masquerade_domains</a></b>
- List of domains that hide their subdomain structure.
+ <b><a href="postconf.5.html#masquerade_domains">masquerade_domains</a> (empty)</b>
+ Optional list of domains whose subdomain structure will be
+ stripped off in email addresses.
- <b><a href="postconf.5.html#masquerade_exceptions">masquerade_exceptions</a></b>
- List of user names that are not subject to address masquerading.
+ <b><a href="postconf.5.html#masquerade_exceptions">masquerade_exceptions</a> (empty)</b>
+ Optional list of user names that are not subjected to address
+ masquerading, even when their address matches $<a href="postconf.5.html#masquerade_domains">masquer</a>-
+ <a href="postconf.5.html#masquerade_domains">ade_domains</a>.
- <b><a href="postconf.5.html#mydestination">mydestination</a></b>
- List of domains that this mail system considers local.
+ <b><a href="postconf.5.html#mydestination">mydestination</a> ($<a href="postconf.5.html#myhostname">myhostname</a>, localhost.$<a href="postconf.5.html#mydomain">mydomain</a>, localhost)</b>
+ The list of domains that are delivered via the $<a href="postconf.5.html#local_transport">local_transport</a>
+ mail delivery transport.
- <b><a href="postconf.5.html#myorigin">myorigin</a></b>
- The domain that is appended to locally-posted mail.
+ <b><a href="postconf.5.html#myorigin">myorigin</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
+ The domain name that locally-posted mail appears to come from,
+ and that locally posted mail is delivered to.
- <b><a href="postconf.5.html#owner_request_special">owner_request_special</a></b>
- Give special treatment to <b>owner-</b><i>xxx</i> and <i>xxx</i><b>-request</b> addresses.
+ <b><a href="postconf.5.html#owner_request_special">owner_request_special</a> (yes)</b>
+ Enable special treatment for owner-<i>listname</i> entries in the
+ <a href="aliases.5.html"><b>aliases</b>(5)</a> file, and don't split owner-<i>listname</i> and <i>list-</i>
+ <i>name</i>-request address localparts when the <a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> is
+ set to "-".
- <b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a></b>
+ <b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> (empty)</b>
Don't rewrite message headers from remote clients at all when
this parameter is empty; otherwise, rewrite message headers and
append the specified domain name to incomplete addresses.
non-existent recipients and then tries to return that mail as
"undeliverable" to the often forged sender address.
+ To avoid backscatter with mail for a wild-card domain, replace
+ the wild-card mapping with explicit 1:1 mappings, or add a
+ <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> restriction for that domain:
+
+ <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> =
+ ...
+ <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
+ <a href="postconf.5.html#check_recipient_access">check_recipient_access</a>
+ <a href="DATABASE_README.html#types">inline</a>:{example.com=<a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a>}
+ <a href="postconf.5.html#unverified_recipient_reject_code">unverified_recipient_reject_code</a> = 550
+
+ In the above example, Postfix may contact a remote server if the
+ recipient is aliased to a remote address.
+
<b>RESULT ADDRESS REWRITING</b>
The lookup result is subject to address rewriting:
- <b>o</b> When the result has the form @<i>otherdomain</i>, the result becomes
- the same <i>user</i> in <i>otherdomain</i>. This works only for the first
+ <b>o</b> When the result has the form @<i>otherdomain</i>, the result becomes
+ the same <i>user</i> in <i>otherdomain</i>. This works only for the first
address in a multi-address lookup result.
- <b>o</b> When "<b><a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a>=yes</b>", append "<b>@$<a href="postconf.5.html#myorigin">myorigin</a></b>" to addresses
+ <b>o</b> When "<b><a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a>=yes</b>", append "<b>@$<a href="postconf.5.html#myorigin">myorigin</a></b>" to addresses
without "@domain".
<b>o</b> When "<b><a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a>=yes</b>", append "<b>.$<a href="postconf.5.html#mydomain">mydomain</a></b>" to addresses
<b>ADDRESS EXTENSION</b>
When a mail address localpart contains the optional recipient delimiter
- (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order becomes: <i>user+foo</i>@<i>domain</i>,
+ (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order becomes: <i>user+foo</i>@<i>domain</i>,
<i>user</i>@<i>domain</i>, <i>user+foo</i>, <i>user</i>, and @<i>domain</i>.
- The <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b> parameter controls whether an
+ The <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b> parameter controls whether an
unmatched address extension (<i>+foo</i>) is propagated to the result of table
lookup.
<b>VIRTUAL ALIAS DOMAINS</b>
- Besides virtual aliases, the virtual alias table can also be used to
- implement virtual alias domains. With a <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a>, all
+ Besides virtual aliases, the virtual alias table can also be used to
+ implement <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domains</a>. With a virtual alias domain, all
recipient addresses are aliased to addresses in other domains.
- Virtual alias domains are not to be confused with the virtual mailbox
- domains that are implemented with the Postfix <a href="virtual.8.html"><b>virtual</b>(8)</a> mail delivery
- agent. With <a href="ADDRESS_CLASS_README.html#virtual_mailbox_class">virtual mailbox domains</a>, each recipient address can have
+ Virtual alias domains are not to be confused with the virtual mailbox
+ domains that are implemented with the Postfix <a href="virtual.8.html"><b>virtual</b>(8)</a> mail delivery
+ agent. With virtual mailbox domains, each recipient address can have
its own mailbox.
- With a <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a>, the virtual domain has its own user name
- space. Local (i.e. non-virtual) usernames are not visible in a virtual
- alias domain. In particular, local <a href="aliases.5.html"><b>aliases</b>(5)</a> and local mailing lists
+ With a <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a>, the virtual domain has its own user name
+ space. Local (i.e. non-virtual) usernames are not visible in a virtual
+ alias domain. In particular, local <a href="aliases.5.html"><b>aliases</b>(5)</a> and local mailing lists
are not visible as <i>localname@virtual-alias.domain</i>.
Support for a <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a> looks like:
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/virtual
- Note: some systems use <b>dbm</b> databases instead of <b>hash</b>. See the output
+ Note: some systems use <b>dbm</b> databases instead of <b>hash</b>. See the output
from "<b>postconf -m</b>" for available database types.
/etc/postfix/virtual:
<i>user2@virtual-alias.domain address2, address3</i>
The <i>virtual-alias.domain anything</i> entry is required for a virtual alias
- domain. <b>Without this entry, mail is rejected with "relay access</b>
+ domain. <b>Without this entry, mail is rejected with "relay access</b>
<b>denied", or bounces with "mail loops back to myself".</b>
- Do
not specify <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a> names in the <a href="postconf.5.html"><b>main.cf</a> <a href="postconf.5.html#mydestination">mydestination</a></b>
+ Do
not specify <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a> names in the <a href="postconf.5.html"><b>main.cf</a> <a href="postconf.5.html#mydestination">mydestination</a></b>
or <b><a href="postconf.5.html#relay_domains">relay_domains</a></b> configuration parameters.
- With a <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a>, the Postfix SMTP server accepts mail for
+ With a <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a>, the Postfix SMTP server accepts mail for
<i>known-user@virtual-alias.domain</i>, and rejects mail for <i>unknown-user</i>@<i>vir-</i>
<i>tual-alias.domain</i> as undeliverable.
- Instead
of specifying the virtual alias domain name via the <b><a href="postconf.5.html#virtual_alias_maps">vir</a>-</b>
- <b><a href="postconf.5.html#virtual_alias_maps">tual_alias_maps</a></b>
table, you may also specify it via the <a href="postconf.5.html"><b>main.cf</a> <a href="postconf.5.html#virtual_alias_domains">vir-</b>
+ Instead
of specifying the virtual alias domain name via the <b><a href="postconf.5.html#virtual_alias_maps">vir</a>-</b>
+ <b><a href="postconf.5.html#virtual_alias_maps">tual_alias_maps</a></b>
table, you may also specify it via the <a href="postconf.5.html"><b>main.cf</a> <a href="postconf.5.html#virtual_alias_domains">vir-</b>
<b>tual_alias_domains</a></b> configuration parameter. This latter parameter uses
the same syntax as the <a href="postconf.5.html"><b>main.cf</a> <a href="postconf.5.html#mydestination">mydestination</a></b> configuration parameter.
<b>REGULAR EXPRESSION TABLES</b>
- This section describes how the table lookups change when the table is
- given in the form of regular expressions. For a description of regular
+ This section describes how the table lookups change when the table is
+ given in the form of regular expressions. For a description of regular
expression lookup table syntax, see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
- Each pattern is a regular expression that is applied to the entire
- address being looked up. Thus, <i>user@domain</i> mail addresses are not bro-
- ken up into their <i>user</i> and <i>@domain</i> constituent parts, nor is <i>user+foo</i>
+ Each pattern is a regular expression that is applied to the entire
+ address being looked up. Thus, <i>user@domain</i> mail addresses are not bro-
+ ken up into their <i>user</i> and <i>@domain</i> constituent parts, nor is <i>user+foo</i>
broken up into <i>user</i> and <i>foo</i>.
- Patterns are applied in the order as specified in the table, until a
+ Patterns are applied in the order as specified in the table, until a
pattern is found that matches the search string.
- Results are the same as with indexed file lookups, with the additional
- feature that parenthesized substrings from the pattern can be interpo-
+ Results are the same as with indexed file lookups, with the additional
+ feature that parenthesized substrings from the pattern can be interpo-
lated as <b>$1</b>, <b>$2</b> and so on.
<b>TCP-BASED TABLES</b>
- This section describes how the table lookups change when lookups are
- directed to a TCP-based server. For a description of the TCP
- client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>. This feature is not
+ This section describes how the table lookups change when lookups are
+ directed to a TCP-based server. For a description of the TCP
+ client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>. This feature is not
available up to and including Postfix version 2.4.
- Each lookup operation uses the entire address once. Thus, <i>user@domain</i>
- mail addresses are not broken up into their <i>user</i> and <i>@domain</i> con-
+ Each lookup operation uses the entire address once. Thus, <i>user@domain</i>
+ mail addresses are not broken up into their <i>user</i> and <i>@domain</i> con-
stituent parts, nor is <i>user+foo</i> broken up into <i>user</i> and <i>foo</i>.
Results are the same as with indexed file lookups.
See the Postfix <a href="postconf.5.html"><b>main.cf</b></a> file for syntax details and for default values.
Use the "<b>postfix reload</b>" command after a configuration change.
- <b><a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a></b>
- List of virtual aliasing tables.
+ <b><a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> ($<a href="postconf.5.html#virtual_maps">virtual_maps</a>)</b>
+ Optional lookup tables that alias specific mail addresses or
+ domains to other local or remote address.
- <b><a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a></b>
- List of <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domains</a>. This uses the same syntax as the
- <b><a href="postconf.5.html#mydestination">mydestination</a></b> parameter.
+ <b><a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a> ($<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>)</b>
+ Postfix is final destination for the specified list of virtual
+ alias domains, that is, domains for which all addresses are
+ aliased to addresses in other local or remote domains.
- <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b>
- A list of address rewriting or forwarding mechanisms that propa-
- gate an address extension from the original address to the
- result. Specify zero or more of <b>canonical</b>, <b>virtual</b>, <b>alias</b>, <b>for-</b>
- <b>ward</b>, <b>include</b>, or <b>generic</b>.
+ <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a> (canonical, virtual)</b>
+ What address lookup tables copy an address extension from the
+ lookup key to the lookup result.
Other parameters of interest:
- <b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b>
- The network interface addresses that this system receives mail
- on. You need to stop and start Postfix when this parameter
- changes.
+ <b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b>
+ The network interface addresses that this mail system receives
+ mail on.
- <b><a href="postconf.5.html#mydestination">mydestination</a></b>
- List of domains that this mail system considers local.
+ <b><a href="postconf.5.html#mydestination">mydestination</a> ($<a href="postconf.5.html#myhostname">myhostname</a>, localhost.$<a href="postconf.5.html#mydomain">mydomain</a>, localhost)</b>
+ The list of domains that are delivered via the $<a href="postconf.5.html#local_transport">local_transport</a>
+ mail delivery transport.
- <b><a href="postconf.5.html#myorigin">myorigin</a></b>
- The domain that is appended to any address that does not have a
- domain.
+ <b><a href="postconf.5.html#myorigin">myorigin</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
+ The domain name that locally-posted mail appears to come from,
+ and that locally posted mail is delivered to.
- <b><a href="postconf.5.html#owner_request_special">owner_request_special</a></b>
- Give special treatment to <b>owner-</b><i>xxx</i> and <i>xxx</i><b>-request</b> addresses.
+ <b><a href="postconf.5.html#owner_request_special">owner_request_special</a> (yes)</b>
+ Enable special treatment for owner-<i>listname</i> entries in the
+ <a href="aliases.5.html"><b>aliases</b>(5)</a> file, and don't split owner-<i>listname</i> and <i>list-</i>
+ <i>name</i>-request address localparts when the <a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> is
+ set to "-".
- <b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a></b>
- Other interfaces that this machine receives mail on by way of a
- proxy agent or network address translator.
+ <b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b>
+ The network interface addresses that this mail system receives
+ mail on by way of a proxy or network address translation unit.
<b>SEE ALSO</b>
<a href="cleanup.8.html">cleanup(8)</a>, canonicalize and enqueue mail
a backscatter source: Postfix first accepts mail for
non\-existent recipients and then tries to return that mail
as "undeliverable" to the often forged sender address.
+.sp
+To avoid backscatter with mail for a wild\-card domain,
+replace the wild\-card mapping with explicit 1:1 mappings,
+or add a reject_unverified_recipient restriction for that
+domain:
+
+.nf
+ smtpd_recipient_restrictions =
+ ...
+ reject_unauth_destination
+ check_recipient_access
+ inline:{example.com=reject_unverified_recipient}
+ unverified_recipient_reject_code = 550
+.fi
+
+In the above example, Postfix may contact a remote server
+if the recipient is rewritten to a remote address.
.SH "RESULT ADDRESS REWRITING"
.na
.nf
The following \fBmain.cf\fR parameters are especially relevant.
The text below provides only a parameter summary. See
\fBpostconf\fR(5) for more details including examples.
-.IP \fBcanonical_classes\fR
-What addresses are subject to canonical address mapping.
-.IP \fBcanonical_maps\fR
-List of canonical mapping tables.
-.IP \fBrecipient_canonical_maps\fR
-Address mapping lookup table for envelope and header recipient
-addresses.
-.IP \fBsender_canonical_maps\fR
-Address mapping lookup table for envelope and header sender
-addresses.
-.IP \fBpropagate_unmatched_extensions\fR
-A list of address rewriting or forwarding mechanisms that propagate
-an address extension from the original address to the result.
-Specify zero or more of \fBcanonical\fR, \fBvirtual\fR, \fBalias\fR,
-\fBforward\fR, \fBinclude\fR, or \fBgeneric\fR.
+.IP "\fBcanonical_classes (envelope_sender, envelope_recipient, header_sender, header_recipient)\fR"
+What addresses are subject to canonical_maps address mapping.
+.IP "\fBcanonical_maps (empty)\fR"
+Optional address mapping lookup tables for message headers and
+envelopes.
+.IP "\fBrecipient_canonical_maps (empty)\fR"
+Optional address mapping lookup tables for envelope and header
+recipient addresses.
+.IP "\fBsender_canonical_maps (empty)\fR"
+Optional address mapping lookup tables for envelope and header
+sender addresses.
+.IP "\fBpropagate_unmatched_extensions (canonical, virtual)\fR"
+What address lookup tables copy an address extension from the lookup
+key to the lookup result.
.PP
Other parameters of interest:
-.IP \fBinet_interfaces\fR
-The network interface addresses that this system receives mail on.
-You need to stop and start Postfix when this parameter changes.
-.IP \fBlocal_header_rewrite_clients\fR
-Rewrite message header addresses in mail from these clients
-and update incomplete addresses with the domain name in
-$myorigin or $mydomain; either don't rewrite message headers
-from other clients at all, or rewrite message headers and
-update incomplete addresses with the domain specified in
-the remote_header_rewrite_domain parameter.
-.IP \fBproxy_interfaces\fR
-Other interfaces that this machine receives mail on by way of a
-proxy agent or network address translator.
-.IP \fBmasquerade_classes\fR
-List of address classes subject to masquerading: zero or more of
-\fBenvelope_sender\fR, \fBenvelope_recipient\fR, \fBheader_sender\fR,
-\fBheader_recipient\fR.
-.IP \fBmasquerade_domains\fR
-List of domains that hide their subdomain structure.
-.IP \fBmasquerade_exceptions\fR
-List of user names that are not subject to address masquerading.
-.IP \fBmydestination\fR
-List of domains that this mail system considers local.
-.IP \fBmyorigin\fR
-The domain that is appended to locally\-posted mail.
-.IP \fBowner_request_special\fR
-Give special treatment to \fBowner\-\fIxxx\fR and \fIxxx\fB\-request\fR
-addresses.
-.IP \fBremote_header_rewrite_domain\fR
-Don't rewrite message headers from remote clients at all
-when this parameter is empty; otherwise, rewrite message
-headers and append the specified domain name to incomplete
-addresses.
+.IP "\fBinet_interfaces (all)\fR"
+The network interface addresses that this mail system receives
+mail on.
+.IP "\fBlocal_header_rewrite_clients (permit_inet_interfaces)\fR"
+Rewrite message header addresses in mail from these clients and
+update incomplete addresses with the domain name in $myorigin or
+$mydomain; either don't rewrite message headers from other clients
+at all, or rewrite message headers and update incomplete addresses
+with the domain specified in the remote_header_rewrite_domain
+parameter.
+.IP "\fBproxy_interfaces (empty)\fR"
+The network interface addresses that this mail system receives mail
+on by way of a proxy or network address translation unit.
+.IP "\fBmasquerade_classes (envelope_sender, header_sender, header_recipient)\fR"
+What addresses are subject to address masquerading.
+.IP "\fBmasquerade_domains (empty)\fR"
+Optional list of domains whose subdomain structure will be stripped
+off in email addresses.
+.IP "\fBmasquerade_exceptions (empty)\fR"
+Optional list of user names that are not subjected to address
+masquerading, even when their address matches $masquerade_domains.
+.IP "\fBmydestination ($myhostname, localhost.$mydomain, localhost)\fR"
+The list of domains that are delivered via the $local_transport
+mail delivery transport.
+.IP "\fBmyorigin ($myhostname)\fR"
+The domain name that locally\-posted mail appears to come
+from, and that locally posted mail is delivered to.
+.IP "\fBowner_request_special (yes)\fR"
+Enable special treatment for owner\-\fIlistname\fR entries in the
+\fBaliases\fR(5) file, and don't split owner\-\fIlistname\fR and
+\fIlistname\fR\-request address localparts when the recipient_delimiter
+is set to "\-".
+.IP "\fBremote_header_rewrite_domain (empty)\fR"
+Don't rewrite message headers from remote clients at all when
+this parameter is empty; otherwise, rewrite message headers and
+append the specified domain name to incomplete addresses.
.SH "SEE ALSO"
.na
.nf
a backscatter source: Postfix first accepts mail for
non\-existent recipients and then tries to return that mail
as "undeliverable" to the often forged sender address.
+.sp
+To avoid backscatter with mail for a wild\-card domain,
+replace the wild\-card mapping with explicit 1:1 mappings,
+or add a reject_unverified_recipient restriction for that
+domain:
+
+.nf
+ smtpd_recipient_restrictions =
+ ...
+ reject_unauth_destination
+ check_recipient_access
+ inline:{example.com=reject_unverified_recipient}
+ unverified_recipient_reject_code = 550
+.fi
+
+In the above example, Postfix may contact a remote server
+if the recipient is aliased to a remote address.
.SH "RESULT ADDRESS REWRITING"
.na
.nf
this topic. See the Postfix \fBmain.cf\fR file for syntax details
and for default values. Use the "\fBpostfix reload\fR" command after
a configuration change.
-.IP \fBvirtual_alias_maps\fR
-List of virtual aliasing tables.
-.IP \fBvirtual_alias_domains\fR
-List of virtual alias domains. This uses the same syntax
-as the \fBmydestination\fR parameter.
-.IP \fBpropagate_unmatched_extensions\fR
-A list of address rewriting or forwarding mechanisms that propagate
-an address extension from the original address to the result.
-Specify zero or more of \fBcanonical\fR, \fBvirtual\fR, \fBalias\fR,
-\fBforward\fR, \fBinclude\fR, or \fBgeneric\fR.
+.IP "\fBvirtual_alias_maps ($virtual_maps)\fR"
+Optional lookup tables that alias specific mail addresses or domains
+to other local or remote address.
+.IP "\fBvirtual_alias_domains ($virtual_alias_maps)\fR"
+Postfix is final destination for the specified list of virtual
+alias domains, that is, domains for which all addresses are aliased
+to addresses in other local or remote domains.
+.IP "\fBpropagate_unmatched_extensions (canonical, virtual)\fR"
+What address lookup tables copy an address extension from the lookup
+key to the lookup result.
.PP
Other parameters of interest:
-.IP \fBinet_interfaces\fR
-The network interface addresses that this system receives mail on.
-You need to stop and start Postfix when this parameter changes.
-.IP \fBmydestination\fR
-List of domains that this mail system considers local.
-.IP \fBmyorigin\fR
-The domain that is appended to any address that does not have a domain.
-.IP \fBowner_request_special\fR
-Give special treatment to \fBowner\-\fIxxx\fR and \fIxxx\fB\-request\fR
-addresses.
-.IP \fBproxy_interfaces\fR
-Other interfaces that this machine receives mail on by way of a
-proxy agent or network address translator.
+.IP "\fBinet_interfaces (all)\fR"
+The network interface addresses that this mail system receives
+mail on.
+.IP "\fBmydestination ($myhostname, localhost.$mydomain, localhost)\fR"
+The list of domains that are delivered via the $local_transport
+mail delivery transport.
+.IP "\fBmyorigin ($myhostname)\fR"
+The domain name that locally\-posted mail appears to come
+from, and that locally posted mail is delivered to.
+.IP "\fBowner_request_special (yes)\fR"
+Enable special treatment for owner\-\fIlistname\fR entries in the
+\fBaliases\fR(5) file, and don't split owner\-\fIlistname\fR and
+\fIlistname\fR\-request address localparts when the recipient_delimiter
+is set to "\-".
+.IP "\fBproxy_interfaces (empty)\fR"
+The network interface addresses that this mail system receives mail
+on by way of a proxy or network address translation unit.
.SH "SEE ALSO"
.na
.nf
# a backscatter source: Postfix first accepts mail for
# non-existent recipients and then tries to return that mail
# as "undeliverable" to the often forged sender address.
+# .sp
+# To avoid backscatter with mail for a wild-card domain,
+# replace the wild-card mapping with explicit 1:1 mappings,
+# or add a reject_unverified_recipient restriction for that
+# domain:
+#
+# .nf
+# smtpd_recipient_restrictions =
+# ...
+# reject_unauth_destination
+# check_recipient_access
+# inline:{example.com=reject_unverified_recipient}
+# unverified_recipient_reject_code = 550
+# .fi
+#
+# In the above example, Postfix may contact a remote server
+# if the recipient is rewritten to a remote address.
# RESULT ADDRESS REWRITING
# .ad
# .fi
# The following \fBmain.cf\fR parameters are especially relevant.
# The text below provides only a parameter summary. See
# \fBpostconf\fR(5) for more details including examples.
-# .IP \fBcanonical_classes\fR
-# What addresses are subject to canonical address mapping.
-# .IP \fBcanonical_maps\fR
-# List of canonical mapping tables.
-# .IP \fBrecipient_canonical_maps\fR
-# Address mapping lookup table for envelope and header recipient
-# addresses.
-# .IP \fBsender_canonical_maps\fR
-# Address mapping lookup table for envelope and header sender
-# addresses.
-# .IP \fBpropagate_unmatched_extensions\fR
-# A list of address rewriting or forwarding mechanisms that propagate
-# an address extension from the original address to the result.
-# Specify zero or more of \fBcanonical\fR, \fBvirtual\fR, \fBalias\fR,
-# \fBforward\fR, \fBinclude\fR, or \fBgeneric\fR.
+# .IP "\fBcanonical_classes (envelope_sender, envelope_recipient, header_sender, header_recipient)\fR"
+# What addresses are subject to canonical_maps address mapping.
+# .IP "\fBcanonical_maps (empty)\fR"
+# Optional address mapping lookup tables for message headers and
+# envelopes.
+# .IP "\fBrecipient_canonical_maps (empty)\fR"
+# Optional address mapping lookup tables for envelope and header
+# recipient addresses.
+# .IP "\fBsender_canonical_maps (empty)\fR"
+# Optional address mapping lookup tables for envelope and header
+# sender addresses.
+# .IP "\fBpropagate_unmatched_extensions (canonical, virtual)\fR"
+# What address lookup tables copy an address extension from the lookup
+# key to the lookup result.
# .PP
# Other parameters of interest:
-# .IP \fBinet_interfaces\fR
-# The network interface addresses that this system receives mail on.
-# You need to stop and start Postfix when this parameter changes.
-# .IP \fBlocal_header_rewrite_clients\fR
-# Rewrite message header addresses in mail from these clients
-# and update incomplete addresses with the domain name in
-# $myorigin or $mydomain; either don't rewrite message headers
-# from other clients at all, or rewrite message headers and
-# update incomplete addresses with the domain specified in
-# the remote_header_rewrite_domain parameter.
-# .IP \fBproxy_interfaces\fR
-# Other interfaces that this machine receives mail on by way of a
-# proxy agent or network address translator.
-# .IP \fBmasquerade_classes\fR
-# List of address classes subject to masquerading: zero or more of
-# \fBenvelope_sender\fR, \fBenvelope_recipient\fR, \fBheader_sender\fR,
-# \fBheader_recipient\fR.
-# .IP \fBmasquerade_domains\fR
-# List of domains that hide their subdomain structure.
-# .IP \fBmasquerade_exceptions\fR
-# List of user names that are not subject to address masquerading.
-# .IP \fBmydestination\fR
-# List of domains that this mail system considers local.
-# .IP \fBmyorigin\fR
-# The domain that is appended to locally-posted mail.
-# .IP \fBowner_request_special\fR
-# Give special treatment to \fBowner-\fIxxx\fR and \fIxxx\fB-request\fR
-# addresses.
-# .IP \fBremote_header_rewrite_domain\fR
-# Don't rewrite message headers from remote clients at all
-# when this parameter is empty; otherwise, rewrite message
-# headers and append the specified domain name to incomplete
-# addresses.
+# .IP "\fBinet_interfaces (all)\fR"
+# The network interface addresses that this mail system receives
+# mail on.
+# .IP "\fBlocal_header_rewrite_clients (permit_inet_interfaces)\fR"
+# Rewrite message header addresses in mail from these clients and
+# update incomplete addresses with the domain name in $myorigin or
+# $mydomain; either don't rewrite message headers from other clients
+# at all, or rewrite message headers and update incomplete addresses
+# with the domain specified in the remote_header_rewrite_domain
+# parameter.
+# .IP "\fBproxy_interfaces (empty)\fR"
+# The network interface addresses that this mail system receives mail
+# on by way of a proxy or network address translation unit.
+# .IP "\fBmasquerade_classes (envelope_sender, header_sender, header_recipient)\fR"
+# What addresses are subject to address masquerading.
+# .IP "\fBmasquerade_domains (empty)\fR"
+# Optional list of domains whose subdomain structure will be stripped
+# off in email addresses.
+# .IP "\fBmasquerade_exceptions (empty)\fR"
+# Optional list of user names that are not subjected to address
+# masquerading, even when their address matches $masquerade_domains.
+# .IP "\fBmydestination ($myhostname, localhost.$mydomain, localhost)\fR"
+# The list of domains that are delivered via the $local_transport
+# mail delivery transport.
+# .IP "\fBmyorigin ($myhostname)\fR"
+# The domain name that locally-posted mail appears to come
+# from, and that locally posted mail is delivered to.
+# .IP "\fBowner_request_special (yes)\fR"
+# Enable special treatment for owner-\fIlistname\fR entries in the
+# \fBaliases\fR(5) file, and don't split owner-\fIlistname\fR and
+# \fIlistname\fR-request address localparts when the recipient_delimiter
+# is set to "-".
+# .IP "\fBremote_header_rewrite_domain (empty)\fR"
+# Don't rewrite message headers from remote clients at all when
+# this parameter is empty; otherwise, rewrite message headers and
+# append the specified domain name to incomplete addresses.
# SEE ALSO
# cleanup(8), canonicalize and enqueue mail
# postmap(1), Postfix lookup table manager
# a backscatter source: Postfix first accepts mail for
# non-existent recipients and then tries to return that mail
# as "undeliverable" to the often forged sender address.
+# .sp
+# To avoid backscatter with mail for a wild-card domain,
+# replace the wild-card mapping with explicit 1:1 mappings,
+# or add a reject_unverified_recipient restriction for that
+# domain:
+#
+# .nf
+# smtpd_recipient_restrictions =
+# ...
+# reject_unauth_destination
+# check_recipient_access
+# inline:{example.com=reject_unverified_recipient}
+# unverified_recipient_reject_code = 550
+#.fi
+#
+# In the above example, Postfix may contact a remote server
+# if the recipient is aliased to a remote address.
# RESULT ADDRESS REWRITING
# .ad
# .fi
# this topic. See the Postfix \fBmain.cf\fR file for syntax details
# and for default values. Use the "\fBpostfix reload\fR" command after
# a configuration change.
-# .IP \fBvirtual_alias_maps\fR
-# List of virtual aliasing tables.
-# .IP \fBvirtual_alias_domains\fR
-# List of virtual alias domains. This uses the same syntax
-# as the \fBmydestination\fR parameter.
-# .IP \fBpropagate_unmatched_extensions\fR
-# A list of address rewriting or forwarding mechanisms that propagate
-# an address extension from the original address to the result.
-# Specify zero or more of \fBcanonical\fR, \fBvirtual\fR, \fBalias\fR,
-# \fBforward\fR, \fBinclude\fR, or \fBgeneric\fR.
+# .IP "\fBvirtual_alias_maps ($virtual_maps)\fR"
+# Optional lookup tables that alias specific mail addresses or domains
+# to other local or remote address.
+# .IP "\fBvirtual_alias_domains ($virtual_alias_maps)\fR"
+# Postfix is final destination for the specified list of virtual
+# alias domains, that is, domains for which all addresses are aliased
+# to addresses in other local or remote domains.
+# .IP "\fBpropagate_unmatched_extensions (canonical, virtual)\fR"
+# What address lookup tables copy an address extension from the lookup
+# key to the lookup result.
# .PP
# Other parameters of interest:
-# .IP \fBinet_interfaces\fR
-# The network interface addresses that this system receives mail on.
-# You need to stop and start Postfix when this parameter changes.
-# .IP \fBmydestination\fR
-# List of domains that this mail system considers local.
-# .IP \fBmyorigin\fR
-# The domain that is appended to any address that does not have a domain.
-# .IP \fBowner_request_special\fR
-# Give special treatment to \fBowner-\fIxxx\fR and \fIxxx\fB-request\fR
-# addresses.
-# .IP \fBproxy_interfaces\fR
-# Other interfaces that this machine receives mail on by way of a
-# proxy agent or network address translator.
+# .IP "\fBinet_interfaces (all)\fR"
+# The network interface addresses that this mail system receives
+# mail on.
+# .IP "\fBmydestination ($myhostname, localhost.$mydomain, localhost)\fR"
+# The list of domains that are delivered via the $local_transport
+# mail delivery transport.
+# .IP "\fBmyorigin ($myhostname)\fR"
+# The domain name that locally-posted mail appears to come
+# from, and that locally posted mail is delivered to.
+# .IP "\fBowner_request_special (yes)\fR"
+# Enable special treatment for owner-\fIlistname\fR entries in the
+# \fBaliases\fR(5) file, and don't split owner-\fIlistname\fR and
+# \fIlistname\fR-request address localparts when the recipient_delimiter
+# is set to "-".
+# .IP "\fBproxy_interfaces (empty)\fR"
+# The network interface addresses that this mail system receives mail
+# on by way of a proxy or network address translation unit.
# SEE ALSO
# cleanup(8), canonicalize and enqueue mail
# postmap(1), Postfix lookup table manager
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20180519"
+#define MAIL_RELEASE_DATE "20180520"
#define MAIL_VERSION_NUMBER "3.4"
#ifdef SNAPSHOT
*/
if (test_lock && wait_flag)
msg_fatal("the -t and -w options cannot be used together");
- if (init_mode + debug_me + !master_detach + wait_flag > 1)
- msg_fatal("specify one of -i, -D, -d, or -w");
+ if (init_mode && (debug_me || !master_detach || wait_flag))
+ msg_fatal("the -i option cannot be used with -D, -d, or -w");
/*
* Run a foreground monitor process that returns an exit status of 0 when
bounce_client_init(dsn_filter_title, *dsn_filter_maps);
break;
case MAIL_SERVER_RETIRE_ME:
- retire_me = 1;
+ if (var_idle_limit == 0 || var_use_limit == 0
+ || var_idle_limit > 86400 / var_use_limit)
+ retire_me = 86400;
+ else
+ retire_me = var_idle_limit * var_use_limit;
break;
default:
msg_panic("%s: unknown argument type: %d", myname, key);
if (var_idle_limit > 0)
event_request_timer(single_server_timeout, (void *) 0, var_idle_limit);
if (retire_me)
- event_request_timer(single_server_retire, (void *) 0,
- var_idle_limit > INT_MAX / var_use_limit ?
- INT_MAX : var_idle_limit * var_use_limit);
+ event_request_timer(single_server_retire, (void *) 0, retire_me);
for (fd = MASTER_LISTEN_FD; fd < MASTER_LISTEN_FD + socket_count; fd++) {
event_enable_read(fd, single_server_accept, CAST_INT_TO_VOID_PTR(fd));
close_on_exec(fd, CLOSE_ON_EXEC);
* even if we are being called from a signal handler and SIGALRM delivery
* is blocked.
*
- * Undocumented: when running in "init" mode on Linux, a signal won't be
- * delivered unless the process specifies a handler (i.e. SIG_DFL is
- * treated as SIG_IGN). Conveniently, _exit() can be used directly as a
- * signal handler. This changes the wait status that a parent would see,
- * but in the case of "init" mode on Linux, no-one would care.
+ * Undocumented: when a process runs with PID 1, Linux won't deliver a
+ * signal unless the process specifies a handler (i.e. SIG_DFL is treated
+ * as SIG_IGN). Conveniently, _exit() can be used directly as a signal
+ * handler. This changes the wait status that a parent would see, but in
+ * the case of "init" mode on Linux, no-one would care.
*/
alarm(0);
sigemptyset(&sig_action.sa_mask);
projects / thirdparty / postfix.git / commitdiff
