people request verbose mail delivery in their mail.rc file.
File: sendmail/sendmail.c.
+20021202
+
+ Cleanup: hash_queue_depth now defaults to 1 level of
+ subdirectories. This makes "mailq" faster on most systems,
+ but will result in poorer worst-case performance when lots
+ of mail is queued.
+
+ The check_relay_domains restriction is going away. The SMTP
+ server logs a warning and suggests using reject_unauth_destination
+ instead.
+
+ Cleanup: the local(8) and virtual(8) delivery agents did
+ not prepend X-Original-To: addresses to maildir files.
+ Omission spotted by Matthias Andree.
+
+ Bugfix: too many levels of dereferencing while testing for
+ missing reject_rbl_mumble domain names. Patrik Rak. File:
+ smtpd/smtpd_check.c.
+
Open problems:
Low: revise other local delivery agent duplicate filters.
about attempts to set read-only parameters.
Low: postconf -e edits parameters that postconf won't list.
+
+ Low: with quoted-printable, perhaps use =46rom instead of >From.
+
+ Low: make it easier to have local_recipient_maps turned on
+ by default. This requires documentation of its existence
+ with anything that replaces or extends local delivery.
date. Snapshots change only the release date, unless they include
the same bugfixes as a patch release.
+Incompatible changes with Postfix snapshot 1.1.12-200212XX
+==========================================================
+
+The default hash_queue_depth setting is reduced to 1 level of
+subdirectories. This improves "mailq" performance on most systems,
+but results in poorer worst-case performance on systems with lots
+of mail in the queue.
+
+The check_relay_domains restriction is going away. The SMTP server
+logs a warning and suggests using reject_unauth_destination instead.
+
Incompatible changes with Postfix snapshot 1.1.11-20021108
==========================================================
#
# By default, Postfix relays mail
# - from "trusted" clients whose IP address matches $mynetworks,
-# - from "trusted" clients matching $relay_domains or subdomains thereof,
# - from untrusted clients to destinations that match $relay_domains
# or subdomains thereof, except addresses with sender-specified routing.
# The default relay_domains value is $mydestination.
# that Postfix is final destination for:
# - destinations that match $inet_interfaces,
# - destinations that match $mydestination
-# - destinations that match $virtual_maps.
+# - destinations that match $virtual_maps,
+# - destinations that match $virtual_mailbox_maps.
# These destinations do not need to be listed in $relay_domains.
#
# Specify a list of hosts or domains, /file/name patterns or type:name
#
#mailbox_command = /some/where/procmail
#mailbox_command = /some/where/procmail -a "$EXTENSION"
+#mailbox_command = /some/where/maildrop -d "$USER" -f "$SENDER" "$EXTENSION"
mailbox_command =
# The mailbox_command_maps allows you to specify a per-user mailbox
#
# By default, Postfix relays mail
# - from trusted clients whose IP address matches $mynetworks,
-# - from trusted clients matching $relay_domains or subdomains thereof,
# - from untrusted clients to destinations that match $relay_domains
# or subdomains thereof, except addresses with sender-specified routing.
# The default relay_domains value is $mydestination.
# that Postfix is final destination for:
# - destinations that match $inet_interfaces,
# - destinations that match $mydestination
-# - destinations that match $virtual_maps.
+# - destinations that match $virtual_maps,
+# - destinations that match $virtual_mailbox_maps.
# These destinations do not need to be listed in $relay_domains.
#
# The following restrictions are available (* is part of default setting):
# reject_unknown_sender_domain: reject sender domain without A or MX record.
# reject_rhsbl_recipient domain.tld: reject recipient domain name if it is
# listed in an A record under domain.tld.
-# *check_relay_domains: permit only mail
-# - to destinations matching $inet_interfaces, $mydestination,
-# or $virtual_maps,
-# - from trusted clients matching $relay_domains or subdomain thereof,
-# - from untrusted clients to destinations matching $relay_domains or
-# subdomain thereof (except addresses with sender-specified routing),
-# Reject anything else.
# permit_auth_destination: permit mail
# - to destinations matching $inet_interfaces, $mydestination,
# or $virtual_maps.
# except for addresses with sender-specified routing.
# reject_unauth_destination: reject mail unless it is sent
# - to destinations matching $inet_interfaces, $mydestination,
-# or $virtual_maps.
+# $virtual_maps, or $virtual_mailbox_maps.
# - to destinations matching $relay_domains or subdomain thereof,
# except for addresses with sender-specified routing.
# reject_unauth_pipelining: reject mail from improperly pipelining spamware
#
# NOTE: YOU MUST SPECIFY AT LEAST ONE OF THE FOLLOWING RESTRICTIONS
# OTHERWISE POSTFIX REFUSES TO RECEIVE MAIL:
-# reject, check_relay_domains, reject_unauth_destination
+# reject, defer, defer_if_permit, reject_unauth_destination
#
-smtpd_recipient_restrictions = permit_mynetworks,check_relay_domains
+smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination
#
# ADDITIONAL UCE CONTROLS
#
# By default, Postfix relays mail
# - from trusted clients whose IP address matches $mynetworks,
-# - from trusted clients matching $relay_domains or subdomains thereof,
# - from untrusted clients to destinations that match $relay_domains
# or subdomains thereof, except addresses with sender-specified routing.
# The default relay_domains value is $mydestination.
# that Postfix is final destination for:
# - destinations that match $inet_interfaces,
# - destinations that match $mydestination
-# - destinations that match $virtual_maps.
+# - destinations that match $virtual_maps,
+# - destinations that match $virtual_mailbox_maps.
# These destinations do not need to be listed in $relay_domains.
#
# Specify a list of hosts or domains, /file/name patterns or type:name
<a name="relaying"> <h2> What clients to relay mail for </h2> </a>
By default, Postfix will relay mail for clients in authorized
-networks and in authorized domains.
+networks.
<p>
authorize all clients in the IP subnetworks that the local machine
is attached to.
-<p>
-
-Authorized client domains are by defined by the <a
-href="uce.html#relay_domains"> relay_domains</a> configuration
-parameter. The default setting trusts clients with hostnames below
-the domain(s) listed in <a href="#mydestination">mydestination</a>.
-
<a name="notify"> <h2> What trouble to report to the postmaster
</h2> </a>
<ul>
-<li> <a href="uce.html#check_relay_domains">check_relay_domains</a>:
-reject when the destination is not local and when the client hostname
-does not match <a href="uce.html#relay_domains">relay_domains</a>.
-
<li> <a
href="uce.html#permit_auth_destination">permit_auth_destination</a>:
skip when the destination is not local.
smtpd_recipient_restrictions =
permit_mynetworks
check_client_access hash:/etc/postfix/client_access
- check_relay_domains
+ reject_unauth_destination
/etc/postfix/client_access:
4.3.2.1 OK
permit_mynetworks
check_client_access hash:/etc/postfix/client_access
check_sender_access hash:/etc/postfix/sender_access
- check_relay_domains
+ reject_unauth_destination
/etc/postfix/client_access:
11.22.33 OK
/etc/postfix/main.cf:
relay_domains = $mydestination the.backed-up.domain.tld
- smtpd_recipient_restrictions = permit_mynetworks check_relay_domains
+ smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination
</pre>
<p>
smtpd_recipient_restrictions =
regexp:/etc/postfix/envelope-regexp
permit_mynetworks
- check_relay_domains
+ reject_unauth_destination
/etc/postfix/envelope-regexp:
/[/|]/ REJECT
mailbox to its original length.
In the case of <b>maildir</b> delivery, the local daemon prepends
- an optional <b>Delivered-To:</b> header with the envelope recipi-
- ent address and prepends a <b>Return-Path:</b> header with the
- envelope sender address.
+ an optional <b>Delivered-To:</b> header with the final envelope
+ recipient address, prepends an <b>X-Original-To:</b> header with
+ the recipient address as given to Postfix, and prepends a
+ <b>Return-Path:</b> header with the envelope sender address.
<b>EXTERNAL</b> <b>COMMAND</b> <b>DELIVERY</b>
- The <b>allow</b><i>_</i><b>mail</b><i>_</i><b>to</b><i>_</i><b>commands</b> configuration parameter
- restricts delivery to external commands. The default set-
- ting (<b>alias,</b> <b>forward</b>) forbids command destinations in
+ The <b>allow</b><i>_</i><b>mail</b><i>_</i><b>to</b><i>_</i><b>commands</b> configuration parameter
+ restricts delivery to external commands. The default set-
+ ting (<b>alias,</b> <b>forward</b>) forbids command destinations in
<b>:include:</b> files.
- The command is executed directly where possible. Assis-
- tance by the shell (<b>/bin/sh</b> on UNIX systems) is used only
- when the command contains shell magic characters, or when
+ The command is executed directly where possible. Assis-
+ tance by the shell (<b>/bin/sh</b> on UNIX systems) is used only
+ when the command contains shell magic characters, or when
the command invokes a shell built-in command.
- A limited amount of command output (standard output and
- standard error) is captured for inclusion with non-deliv-
- ery status reports. A command is forcibly terminated if
- it does not complete within <b>command</b><i>_</i><b>time</b><i>_</i><b>limit</b> seconds.
- Command exit status codes are expected to follow the con-
+ A limited amount of command output (standard output and
+ standard error) is captured for inclusion with non-deliv-
+ ery status reports. A command is forcibly terminated if
+ it does not complete within <b>command</b><i>_</i><b>time</b><i>_</i><b>limit</b> seconds.
+ Command exit status codes are expected to follow the con-
ventions defined in <<b>sysexits.h</b>>.
- A limited amount of message context is exported via envi-
- ronment variables. Characters that may have special mean-
+ A limited amount of message context is exported via envi-
+ ronment variables. Characters that may have special mean-
ing to the shell are replaced by underscores. The list of
acceptable characters is specified with the <b>command</b><i>_</i><b>expan-</b>
<b>sion</b><i>_</i><b>filter</b> configuration parameter.
The current working directory is the mail queue directory.
The <b>local</b> daemon prepends a "<b>From</b> <i>sender</i> <i>time_stamp</i>" enve-
- lope header to each message, prepends an <b>X-Original-To:</b>
- header with the recipient address as given to Postfix,
+ lope header to each message, prepends an <b>X-Original-To:</b>
+ header with the recipient address as given to Postfix,
prepends an optional <b>Delivered-To:</b> header with the recipi-
- ent envelope address, prepends a <b>Return-Path:</b> header with
+ ent envelope address, prepends a <b>Return-Path:</b> header with
the sender envelope address, and appends no empty line.
<b>EXTERNAL</b> <b>FILE</b> <b>DELIVERY</b>
- The delivery format depends on the destination filename
- syntax. The default is to use UNIX-style mailbox format.
- Specify a name ending in <b>/</b> for <b>qmail</b>-compatible <b>maildir</b>
+ The delivery format depends on the destination filename
+ syntax. The default is to use UNIX-style mailbox format.
+ Specify a name ending in <b>/</b> for <b>qmail</b>-compatible <b>maildir</b>
delivery.
- The <b>allow</b><i>_</i><b>mail</b><i>_</i><b>to</b><i>_</i><b>files</b> configuration parameter restricts
- delivery to external files. The default setting (<b>alias,</b>
+ The <b>allow</b><i>_</i><b>mail</b><i>_</i><b>to</b><i>_</i><b>files</b> configuration parameter restricts
+ delivery to external files. The default setting (<b>alias,</b>
<b>forward</b>) forbids file destinations in <b>:include:</b> files.
In the case of UNIX-style mailbox delivery, the <b>local</b> dae-
mon prepends a "<b>From</b> <i>sender</i> <i>time_stamp</i>" envelope header to
- each message, prepends an <b>X-Original-To:</b> header with the
- recipient address as given to Postfix, prepends an
- optional <b>Delivered-To:</b> header with the recipient envelope
- address, prepends a > character to lines beginning with
- "<b>From</b> ", and appends an empty line. The envelope sender
+ each message, prepends an <b>X-Original-To:</b> header with the
+ recipient address as given to Postfix, prepends an
+ optional <b>Delivered-To:</b> header with the recipient envelope
+ address, prepends a > character to lines beginning with
+ "<b>From</b> ", and appends an empty line. The envelope sender
address is available in the <b>Return-Path:</b> header. When the
- destination is a regular file, it is locked for exclusive
+ destination is a regular file, it is locked for exclusive
access while delivery is in progress. In case of problems,
an attempt is made to truncate a regular file to its orig-
inal length.
In the case of <b>maildir</b> delivery, the local daemon prepends
an optional <b>Delivered-To:</b> header with the envelope recipi-
- ent address. The envelope sender address is available in
+ ent address. The envelope sender address is available in
the <b>Return-Path:</b> header.
<b>ADDRESS</b> <b>EXTENSION</b>
- The optional <b>recipient</b><i>_</i><b>delimiter</b> configuration parameter
- specifies how to separate address extensions from local
+ The optional <b>recipient</b><i>_</i><b>delimiter</b> configuration parameter
+ specifies how to separate address extensions from local
recipient names.
- For example, with "<b>recipient</b><i>_</i><b>delimiter</b> <b>=</b> <b>+</b>", mail for
- <i>name</i>+<i>foo</i> is delivered to the alias <i>name</i>+<i>foo</i> or to the
- alias <i>name</i>, to the destinations listed in ~<i>name</i>/.<b>for-</b>
+ For example, with "<b>recipient</b><i>_</i><b>delimiter</b> <b>=</b> <b>+</b>", mail for
+ <i>name</i>+<i>foo</i> is delivered to the alias <i>name</i>+<i>foo</i> or to the
+ alias <i>name</i>, to the destinations listed in ~<i>name</i>/.<b>for-</b>
<b>ward</b>+<i>foo</i> or in ~<i>name</i>/.<b>forward</b>, to the mailbox owned by the
user <i>name</i>, or it is sent back as undeliverable.
<b>ered-To:</b> <i>name</i>+<i>foo</i>' header line.
<b>DELIVERY</b> <b>RIGHTS</b>
- Deliveries to external files and external commands are
+ Deliveries to external files and external commands are
made with the rights of the receiving user on whose behalf
- the delivery is made. In the absence of a user context,
- the <b>local</b> daemon uses the owner rights of the <b>:include:</b>
+ the delivery is made. In the absence of a user context,
+ the <b>local</b> daemon uses the owner rights of the <b>:include:</b>
file or alias database. When those files are owned by the
superuser, delivery is made with the rights specified with
the <b>default</b><i>_</i><b>privs</b> configuration parameter.
<a href="http://www.faqs.org/rfcs/rfc822.html">RFC 822</a> (ARPA Internet Text Messages)
<b>DIAGNOSTICS</b>
- Problems and transactions are logged to <b>syslogd</b>(8). Cor-
- rupted message files are marked so that the queue manager
+ Problems and transactions are logged to <b>syslogd</b>(8). Cor-
+ rupted message files are marked so that the queue manager
can move them to the <b>corrupt</b> queue afterwards.
- Depending on the setting of the <b>notify</b><i>_</i><b>classes</b> parameter,
- the postmaster is notified of bounces and of other trou-
+ Depending on the setting of the <b>notify</b><i>_</i><b>classes</b> parameter,
+ the postmaster is notified of bounces and of other trou-
ble.
<b>BUGS</b>
- For security reasons, the message delivery status of
- external commands or of external files is never check-
+ For security reasons, the message delivery status of
+ external commands or of external files is never check-
pointed to file. As a result, the program may occasionally
deliver more than once to a command or external file. Bet-
ter safe than sorry.
- Mutually-recursive aliases or ~/.<b>forward</b> files are not
- detected early. The resulting mail forwarding loop is
+ Mutually-recursive aliases or ~/.<b>forward</b> files are not
+ detected early. The resulting mail forwarding loop is
broken by the use of the <b>Delivered-To:</b> message header.
<b>CONFIGURATION</b> <b>PARAMETERS</b>
- The following <b>main.cf</b> parameters are especially relevant
- to this program. See the Postfix <b>main.cf</b> file for syntax
- details and for default values. Use the <b>postfix</b> <b>reload</b>
+ The following <b>main.cf</b> parameters are especially relevant
+ to this program. See the Postfix <b>main.cf</b> file for syntax
+ details and for default values. Use the <b>postfix</b> <b>reload</b>
command after a configuration change.
<b>Miscellaneous</b>
<b>alias</b><i>_</i><b>maps</b>
List of alias databases.
- <b>biff</b> Enable or disable notification of new mail via the
+ <b>biff</b> Enable or disable notification of new mail via the
<b>comsat</b> network service.
<b>expand</b><i>_</i><b>owner</b><i>_</i><b>alias</b>
When delivering to an alias that has an owner- com-
- panion alias, set the envelope sender address to
- the right-hand side of the owner alias, instead
+ panion alias, set the envelope sender address to
+ the right-hand side of the owner alias, instead
using of the left-hand side address.
<b>export</b><i>_</i><b>environment</b>
ject to <i>$name</i> expansion.
<b>local</b><i>_</i><b>command</b><i>_</i><b>shell</b>
- Shell to use for external command execution (for
- example, /some/where/smrsh -c). When a shell is
+ Shell to use for external command execution (for
+ example, /some/where/smrsh -c). When a shell is
specified, it is invoked even when the command con-
- tains no shell built-in commands or meta charac-
+ tains no shell built-in commands or meta charac-
ters.
<b>owner</b><i>_</i><b>request</b><i>_</i><b>special</b>
addresses.
<b>prepend</b><i>_</i><b>delivered</b><i>_</i><b>header</b>
- Prepend an optional <b>Delivered-To:</b> header upon
- external forwarding, delivery to command or file.
- Specify zero or more of: <b>command,</b> <b>file,</b> <b>forward</b>.
- Turning off <b>Delivered-To:</b> when forwarding mail is
+ Prepend an optional <b>Delivered-To:</b> header upon
+ external forwarding, delivery to command or file.
+ Specify zero or more of: <b>command,</b> <b>file,</b> <b>forward</b>.
+ Turning off <b>Delivered-To:</b> when forwarding mail is
not recommended.
<b>recipient</b><i>_</i><b>delimiter</b>
<b>require</b><i>_</i><b>home</b><i>_</i><b>directory</b>
Require that a recipient's home directory is acces-
- sible by the recipient before attempting delivery.
+ sible by the recipient before attempting delivery.
Defer delivery otherwise.
<b>Mailbox</b> <b>delivery</b>
<b>fallback</b><i>_</i><b>transport</b>
Message transport for recipients that are not found
- in the UNIX passwd database. This parameter over-
+ in the UNIX passwd database. This parameter over-
rides <b>luser</b><i>_</i><b>relay</b>.
<b>home</b><i>_</i><b>mailbox</b>
- Pathname of a mailbox relative to a user's home
+ Pathname of a mailbox relative to a user's home
directory. Specify a path ending in <b>/</b> for maildir-
style delivery.
<b>luser</b><i>_</i><b>relay</b>
- Destination (<i>@domain</i> or <i>address</i>) for non-existent
- users. The <i>address</i> is subjected to <i>$name</i> expan-
+ Destination (<i>@domain</i> or <i>address</i>) for non-existent
+ users. The <i>address</i> is subjected to <i>$name</i> expan-
sion.
<b>mail</b><i>_</i><b>spool</b><i>_</i><b>directory</b>
- Directory with UNIX-style mailboxes. The default
- pathname is system dependent. Specify a path end-
+ Directory with UNIX-style mailboxes. The default
+ pathname is system dependent. Specify a path end-
ing in <b>/</b> for maildir-style delivery.
<b>mailbox</b><i>_</i><b>command</b>
- External command to use for mailbox delivery. The
+ External command to use for mailbox delivery. The
command executes with the recipient privileges
- (exception: root). The string is subject to $name
+ (exception: root). The string is subject to $name
expansions.
<b>mailbox</b><i>_</i><b>command</b><i>_</i><b>maps</b>
- Lookup tables with per-recipient external commands
- to use for mailbox delivery. Behavior is as with
+ Lookup tables with per-recipient external commands
+ to use for mailbox delivery. Behavior is as with
<b>mailbox</b><i>_</i><b>command</b>.
<b>mailbox</b><i>_</i><b>transport</b>
- Message transport to use for mailbox delivery to
+ Message transport to use for mailbox delivery to
all local recipients, whether or not they are found
- in the UNIX passwd database. This parameter over-
- rides all other configuration parameters that con-
+ in the UNIX passwd database. This parameter over-
+ rides all other configuration parameters that con-
trol mailbox delivery, including <b>luser</b><i>_</i><b>relay</b>.
<b>Locking</b> <b>controls</b>
<b>deliver</b><i>_</i><b>lock</b><i>_</i><b>attempts</b>
- Limit the number of attempts to acquire an exclu-
+ Limit the number of attempts to acquire an exclu-
sive lock on a mailbox or external file.
<b>deliver</b><i>_</i><b>lock</b><i>_</i><b>delay</b>
- Time in seconds between successive attempts to
+ Time in seconds between successive attempts to
acquire an exclusive lock.
<b>stale</b><i>_</i><b>lock</b><i>_</i><b>time</b>
Limit the time after which a stale lock is removed.
<b>mailbox</b><i>_</i><b>delivery</b><i>_</i><b>lock</b>
- What file locking method(s) to use when delivering
- to a UNIX-style mailbox. The default setting is
- system dependent. For a list of available file
+ What file locking method(s) to use when delivering
+ to a UNIX-style mailbox. The default setting is
+ system dependent. For a list of available file
locking methods, use the <b>postconf</b> <b>-l</b> command.
<b>Resource</b> <b>controls</b>
<b>command</b><i>_</i><b>time</b><i>_</i><b>limit</b>
- Limit the amount of time for delivery to external
+ Limit the amount of time for delivery to external
command.
<b>duplicate</b><i>_</i><b>filter</b><i>_</i><b>limit</b>
- Limit the size of the duplicate filter for results
+ Limit the size of the duplicate filter for results
from alias etc. expansion.
<b>line</b><i>_</i><b>length</b><i>_</i><b>limit</b>
- Limit the amount of memory used for processing a
+ Limit the amount of memory used for processing a
partial input line.
<b>local</b><i>_</i><b>destination</b><i>_</i><b>concurrency</b><i>_</i><b>limit</b>
Limit the number of parallel deliveries to the same
- user. The default limit is taken from the
+ user. The default limit is taken from the
<b>default</b><i>_</i><b>destination</b><i>_</i><b>concurrency</b><i>_</i><b>limit</b> parameter.
<b>local</b><i>_</i><b>destination</b><i>_</i><b>recipient</b><i>_</i><b>limit</b>
- Limit the number of recipients per message deliv-
- ery. The default limit is taken from the
+ Limit the number of recipients per message deliv-
+ ery. The default limit is taken from the
<b>default</b><i>_</i><b>destination</b><i>_</i><b>recipient</b><i>_</i><b>limit</b> parameter.
<b>mailbox</b><i>_</i><b>size</b><i>_</i><b>limit</b>
- Limit the size of a mailbox etc. file (any file
- that is written to upon delivery). Set to zero to
+ Limit the size of a mailbox etc. file (any file
+ that is written to upon delivery). Set to zero to
disable the limit.
<b>Security</b> <b>controls</b>
<b>allow</b><i>_</i><b>mail</b><i>_</i><b>to</b><i>_</i><b>commands</b>
- Restrict the usage of mail delivery to external
- command. Specify zero or more of: <b>alias</b>, <b>forward</b>,
+ Restrict the usage of mail delivery to external
+ command. Specify zero or more of: <b>alias</b>, <b>forward</b>,
<b>include</b>.
<b>allow</b><i>_</i><b>mail</b><i>_</i><b>to</b><i>_</i><b>files</b>
- Restrict the usage of mail delivery to external
- file. Specify zero or more of: <b>alias</b>, <b>forward</b>,
+ Restrict the usage of mail delivery to external
+ file. Specify zero or more of: <b>alias</b>, <b>forward</b>,
<b>include</b>.
<b>command</b><i>_</i><b>expansion</b><i>_</i><b>filter</b>
- What characters are allowed to appear in $name
- expansions of mailbox_command. Illegal characters
+ What characters are allowed to appear in $name
+ expansions of mailbox_command. Illegal characters
are replaced by underscores.
<b>default</b><i>_</i><b>privs</b>
- Default rights for delivery to external file or
+ Default rights for delivery to external file or
command.
<b>forward</b><i>_</i><b>expansion</b><i>_</i><b>filter</b>
- What characters are allowed to appear in $name
- expansions of forward_path. Illegal characters are
+ What characters are allowed to appear in $name
+ expansions of forward_path. Illegal characters are
replaced by underscores.
<b>HISTORY</b>
- The <b>Delivered-To:</b> header appears in the <b>qmail</b> system by
+ The <b>Delivered-To:</b> header appears in the <b>qmail</b> system by
Daniel Bernstein.
- The <i>maildir</i> structure appears in the <b>qmail</b> system by
+ The <i>maildir</i> structure appears in the <b>qmail</b> system by
Daniel Bernstein.
<b>SEE</b> <b>ALSO</b>
<a href="qmgr.8.html">qmgr(8)</a> queue manager
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
<dt>Default:
-<dd><b>smtpd_recipient_restrictions = permit_mynetworks, check_relay_domains</b>
+<dd><b>smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination</b>
<p>
<li>from trusted clients whose IP address matches <a
href="basic.html#mynetworks">$mynetworks</a>,
-<li>from trusted clients whose hostname matches <a
-href="#relay_domains">$relay_domains</a> or a subdomain thereof,
-
<li>from untrusted clients to destinations that match <a
href="#relay_domains"> $relay_domains</a> or a subdomain thereof,
except for addresses that contain sender-specified routing
<li>to destinations that match <a
href="basic.html#mydestination">$mydestination</a>,
-<li>to destinations that match <a href="virtual.5.html">$virtual_maps</a>.
+<li>to destinations that match <a href="virtual.5.html">$virtual_maps</a>,
+
+<li>to destinations that match <a
+href="virtual.8.html">$virtual_mailbox_maps</a>.
</ul>
<p>
<dd><i>Note: you must specify at least one of the following
-restrictions: </i><b>reject</b>, <b>check_relay_domains</b> <i>or</i>
-<b>reject_unauth_destination</b>. <i>Postfix will refuse to receive
-mail otherwise. </i>
+restrictions: </i><b>reject</b>, <b>defer</b>, <b>defer_if_permit</b>,
+<i>or</i> <b>reject_unauth_destination</b>. <i>Postfix will refuse
+to receive mail otherwise. </i>
<p>
<dl>
-<a name="check_relay_domains">
-
-<dt> <b>check_relay_domains</b> <dd> Permit the request when
-one of the following is true:
-
-<ul>
-
-<li>the client hostname matches <a href="#relay_domains">$relay_domains</a>
-or a subdomain thereof,
-
-<li>the resolved destination address matches <a
-href="#relay_domains">$relay_domains</a> or a subdomain thereof,
-and the address contains no sender-specified routing
-(<i>user@elsewhere@domain</i>),
-
-<li>Postfix is the final destination: any destination that matches
-<a href="basic.html#mydestination">$mydestination</a>, <a
-href="basic.html#inet_interfaces">$inet_interfaces</a> or <a
-href="virtual.5.html">$virtual_maps</a>.
-
-</ul>
-
-Otherwise reject the request. The <b>relay_domains_reject_code</b>
-parameter specifies the response code for rejected requests (default:
-<b>554</b>).
-
-<p>
-
<a name="permit_auth_destination">
<dt> <b>permit_auth_destination</b> <dd> Ignore the client hostname.
<li>Postfix is the final destination: any destination that matches
<a href="basic.html#mydestination">$mydestination</a>, <a
-href="basic.html#inet_interfaces">$inet_interfaces</a> or <a
-href="virtual.5.html">$virtual_maps</a>.
+href="basic.html#inet_interfaces">$inet_interfaces</a>, <a
+href="virtual.5.html">$virtual_maps</a>, or
+href="virtual.8.html">$virtual_mailbox_maps</a>.
</ul>
<li>Postfix is the final destination: any destination that matches
<a href="basic.html#mydestination">$mydestination</a>, <a
-href="basic.html#inet_interfaces">$inet_interfaces</a> or <a
-href="virtual.5.html">$virtual_maps</a>.
+href="basic.html#inet_interfaces">$inet_interfaces</a>, <a
+href="virtual.5.html">$virtual_maps</a>, or <a
+href="virtual.8.html">$virtual_mailbox_maps</a>.
</ul>
<dt> <b>relay_domains</b>
<dd> This parameter controls the behavior of the <a
-href="#check_relay_domains"> check_relay_domains</a>, <a
href="#reject_unauth_destination"> reject_unauth_destination</a>
and <a href="#permit_auth_destination"> permit_auth_destination</a>
restrictions that can appear as part of a recipient address
<li>from trusted clients whose IP address matches <a
href="basic.html#mynetworks">$mynetworks</a>,
-<li>from trusted clients whose hostname matches <a
-href="#relay_domains">$relay_domains</a> or a subdomain thereof,
-
<li>from untrusted clients to destinations that match <a
href="#relay_domains"> $relay_domains</a> or a subdomain thereof,
except for addresses that contain sender-specified routing
sage per file.
The <b>virtual</b> delivery agent daemon prepends a <b>Delivered-To:</b>
- message header with the envelope recipient address and
- prepends a <b>Return-Path:</b> message header with the envelope
- sender address.
+ message header with the final envelope recipient address,
+ prepends an <b>X-Original-To:</b> header with the recipient
+ address as given to Postfix, and prepends a <b>Return-Path:</b>
+ message header with the envelope sender address.
- By definition, <b>maildir</b> format does not require file lock-
+ By definition, <b>maildir</b> format does not require file lock-
ing during mail delivery or retrieval.
<b>MAILBOX</b> <b>OWNERSHIP</b>
- Mailbox ownership is controlled by the <b>virtual</b><i>_</i><b>uid</b><i>_</i><b>maps</b>
+ Mailbox ownership is controlled by the <b>virtual</b><i>_</i><b>uid</b><i>_</i><b>maps</b>
and <b>virtual</b><i>_</i><b>gid</b><i>_</i><b>maps</b> lookup tables, which are indexed with
- the full recipient address. Each table provides a string
+ the full recipient address. Each table provides a string
with the numerical user and group ID, respectively.
The <b>virtual</b><i>_</i><b>minimum</b><i>_</i><b>uid</b> parameter imposes a lower bound on
<b>SECURITY</b>
The virtual delivery agent is not security sensitive, pro-
- vided that the lookup tables with recipient user/group ID
- information are adequately protected. This program is not
+ vided that the lookup tables with recipient user/group ID
+ information are adequately protected. This program is not
designed to run chrooted.
<b>STANDARDS</b>
recipient is over disk quota. In all other cases, mail for
an existing recipient is deferred and a warning is logged.
- Problems and transactions are logged to <b>syslogd</b>(8). Cor-
- rupted message files are marked so that the queue manager
+ Problems and transactions are logged to <b>syslogd</b>(8). Cor-
+ rupted message files are marked so that the queue manager
can move them to the <b>corrupt</b> queue afterwards.
- Depending on the setting of the <b>notify</b><i>_</i><b>classes</b> parameter,
- the postmaster is notified of bounces and of other trou-
+ Depending on the setting of the <b>notify</b><i>_</i><b>classes</b> parameter,
+ the postmaster is notified of bounces and of other trou-
ble.
<b>BUGS</b>
This delivery agent silently ignores address extensions.
Postfix should have lookup tables that can return multiple
- result attributes. In order to avoid the inconvenience of
+ result attributes. In order to avoid the inconvenience of
maintaining three tables, use an LDAP or MYSQL database.
<b>CONFIGURATION</b> <b>PARAMETERS</b>
- The following <b>main.cf</b> parameters are especially relevant
- to this program. See the Postfix <b>main.cf</b> file for syntax
- details and for default values. Use the <b>postfix</b> <b>reload</b>
+ The following <b>main.cf</b> parameters are especially relevant
+ to this program. See the Postfix <b>main.cf</b> file for syntax
+ details and for default values. Use the <b>postfix</b> <b>reload</b>
command after a configuration change.
<b>Mailbox</b> <b>delivery</b>
<b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>base</b>
- Specifies a path that is prepended to all mailbox
- or maildir paths. This is a safety measure to
- ensure that an out of control map in <b>virtual</b><i>_</i><b>mail-</b>
- <b>box</b><i>_</i><b>maps</b> doesn't litter the filesystem with mail-
- boxes. While it could be set to "/", this setting
+ Specifies a path that is prepended to all mailbox
+ or maildir paths. This is a safety measure to
+ ensure that an out of control map in <b>virtual</b><i>_</i><b>mail-</b>
+ <b>box</b><i>_</i><b>maps</b> doesn't litter the filesystem with mail-
+ boxes. While it could be set to "/", this setting
isn't recommended.
<b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>maps</b> (regexp maps disallowed)
Recipients are looked up in these maps to determine
- the path to their mailbox or maildir. If the
- returned path ends in a slash ("/"), maildir-style
- delivery is carried out, otherwise the path is
+ the path to their mailbox or maildir. If the
+ returned path ends in a slash ("/"), maildir-style
+ delivery is carried out, otherwise the path is
assumed to specify a UNIX-style mailbox file.
- While searching a lookup table, an address exten-
+ While searching a lookup table, an address exten-
sion (<i>user+foo@domain.tld</i>) is ignored.
- In a lookup table, specify a left-hand side of
- <i>@domain.tld</i> to match any user in the specified
- domain that does not have a specific
+ In a lookup table, specify a left-hand side of
+ <i>@domain.tld</i> to match any user in the specified
+ domain that does not have a specific
<i>user@domain.tld</i> entry.
- Note that <b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>base</b> is unconditionally
+ Note that <b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>base</b> is unconditionally
prepended to this path.
<b>virtual</b><i>_</i><b>minimum</b><i>_</i><b>uid</b>
- Specifies a minimum uid that will be accepted as a
- return from a <b>virtual</b><i>_</i><b>owner</b><i>_</i><b>maps</b> or <b>vir-</b>
- <b>tual</b><i>_</i><b>uid</b><i>_</i><b>maps</b> lookup. Returned values less than
- this will be rejected, and the message will be
+ Specifies a minimum uid that will be accepted as a
+ return from a <b>virtual</b><i>_</i><b>owner</b><i>_</i><b>maps</b> or <b>vir-</b>
+ <b>tual</b><i>_</i><b>uid</b><i>_</i><b>maps</b> lookup. Returned values less than
+ this will be rejected, and the message will be
deferred.
<b>virtual</b><i>_</i><b>uid</b><i>_</i><b>maps</b> (regexp maps disallowed)
Recipients are looked up in these maps to determine
- the user ID to be used when writing to the target
+ the user ID to be used when writing to the target
mailbox.
- While searching a lookup table, an address exten-
+ While searching a lookup table, an address exten-
sion (<i>user+foo@domain.tld</i>) is ignored.
- In a lookup table, specify a left-hand side of
- <i>@domain.tld</i> to match any user in the specified
- domain that does not have a specific
+ In a lookup table, specify a left-hand side of
+ <i>@domain.tld</i> to match any user in the specified
+ domain that does not have a specific
<i>user@domain.tld</i> entry.
<b>virtual</b><i>_</i><b>gid</b><i>_</i><b>maps</b> (regexp maps disallowed)
Recipients are looked up in these maps to determine
- the group ID to be used when writing to the target
+ the group ID to be used when writing to the target
mailbox.
- While searching a lookup table, an address exten-
+ While searching a lookup table, an address exten-
sion (<i>user+foo@domain.tld</i>) is ignored.
- In a lookup table, specify a left-hand side of
- <i>@domain.tld</i> to match any user in the specified
- domain that does not have a specific
+ In a lookup table, specify a left-hand side of
+ <i>@domain.tld</i> to match any user in the specified
+ domain that does not have a specific
<i>user@domain.tld</i> entry.
<b>Locking</b> <b>controls</b>
<b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>lock</b>
- How to lock UNIX-style mailboxes: one or more of
- <b>flock</b>, <b>fcntl</b> or <b>dotlock</b>. The <b>dotlock</b> method
- requires that the recipient UID or GID has write
+ How to lock UNIX-style mailboxes: one or more of
+ <b>flock</b>, <b>fcntl</b> or <b>dotlock</b>. The <b>dotlock</b> method
+ requires that the recipient UID or GID has write
access to the parent directory of the mailbox file.
- This setting is ignored with <b>maildir</b> style deliv-
+ This setting is ignored with <b>maildir</b> style deliv-
ery, because such deliveries are safe without
explicit locks.
- Use the command <b>postconf</b> <b>-l</b> to find out what lock-
+ Use the command <b>postconf</b> <b>-l</b> to find out what lock-
ing methods are available on your system.
<b>deliver</b><i>_</i><b>lock</b><i>_</i><b>attempts</b>
- Limit the number of attempts to acquire an exclu-
+ Limit the number of attempts to acquire an exclu-
sive lock on a UNIX-style mailbox file.
<b>deliver</b><i>_</i><b>lock</b><i>_</i><b>delay</b>
Time (default: seconds) between successive attempts
- to acquire an exclusive lock on a UNIX-style mail-
- box file. The actual delay is slightly randomized.
+ to acquire an exclusive lock on a UNIX-style mail-
+ box file. The actual delay is slightly randomized.
<b>stale</b><i>_</i><b>lock</b><i>_</i><b>time</b>
- Limit the time after which a stale lockfile is
- removed (applicable to UNIX-style mailboxes only).
+ Limit the time after which a stale lockfile is
+ removed (applicable to UNIX-style mailboxes only).
<b>Resource</b> <b>controls</b>
<b>virtual</b><i>_</i><b>destination</b><i>_</i><b>concurrency</b><i>_</i><b>limit</b>
Limit the number of parallel deliveries to the same
domain via the <b>virtual</b> delivery agent. The default
limit is taken from the <b>default</b><i>_</i><b>destination</b><i>_</i><b>concur-</b>
- <b>rency</b><i>_</i><b>limit</b> parameter. The limit is enforced by
+ <b>rency</b><i>_</i><b>limit</b> parameter. The limit is enforced by
the Postfix queue manager.
<b>virtual</b><i>_</i><b>destination</b><i>_</i><b>recipient</b><i>_</i><b>limit</b>
Limit the number of recipients per message delivery
- via the <b>virtual</b> delivery agent. The default limit
- is taken from the <b>default</b><i>_</i><b>destination</b><i>_</i><b>recipi-</b>
- <b>ent</b><i>_</i><b>limit</b> parameter. The limit is enforced by the
+ via the <b>virtual</b> delivery agent. The default limit
+ is taken from the <b>default</b><i>_</i><b>destination</b><i>_</i><b>recipi-</b>
+ <b>ent</b><i>_</i><b>limit</b> parameter. The limit is enforced by the
Postfix queue manager.
<b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>limit</b>
- The maximal size in bytes of a mailbox or maildir
+ The maximal size in bytes of a mailbox or maildir
file. Set to zero to disable the limit.
<b>HISTORY</b>
- This agent was originally based on the Postfix local
+ This agent was originally based on the Postfix local
delivery agent. Modifications mainly consisted of removing
- code that either was not applicable or that was not safe
- in this context: aliases, ~user/.forward files, delivery
+ code that either was not applicable or that was not safe
+ in this context: aliases, ~user/.forward files, delivery
to "|command" or to /file/name.
- The <b>Delivered-To:</b> header appears in the <b>qmail</b> system by
+ The <b>Delivered-To:</b> header appears in the <b>qmail</b> system by
Daniel Bernstein.
- The <b>maildir</b> structure appears in the <b>qmail</b> system by
+ The <b>maildir</b> structure appears in the <b>qmail</b> system by
Daniel Bernstein.
<b>SEE</b> <b>ALSO</b>
<a href="qmgr.8.html">qmgr(8)</a> queue manager
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
In the case of \fBmaildir\fR delivery, the local daemon prepends
an optional
-\fBDelivered-To:\fR header with the envelope recipient address
+\fBDelivered-To:\fR header with the final envelope recipient address,
+prepends an
+\fBX-Original-To:\fR header with the recipient address as given to
+Postfix,
and prepends a \fBReturn-Path:\fR header with the envelope sender
address.
.SH EXTERNAL COMMAND DELIVERY
in qmail \fBmaildir\fR format. This format stores one message per file.
The \fBvirtual\fR delivery agent daemon prepends a \fBDelivered-To:\fR
-message header with the envelope recipient address and prepends a
+message header with the final envelope recipient address,
+prepends an \fBX-Original-To:\fR header with the recipient address as
+given to Postfix, and prepends a
\fBReturn-Path:\fR message header with the envelope sender address.
By definition, \fBmaildir\fR format does not require file locking
extern char *var_hash_queue_names;
#define VAR_HASH_QUEUE_DEPTH "hash_queue_depth"
-#define DEF_HASH_QUEUE_DEPTH 2
+#define DEF_HASH_QUEUE_DEPTH 1
extern int var_hash_queue_depth;
/*
extern char *var_mail_checks;
#define VAR_RCPT_CHECKS "smtpd_recipient_restrictions"
-#define DEF_RCPT_CHECKS PERMIT_MYNETWORKS "," CHECK_RELAY_DOMAINS
+#define DEF_RCPT_CHECKS PERMIT_MYNETWORKS ", " REJECT_UNAUTH_DEST
extern char *var_rcpt_checks;
#define VAR_ETRN_CHECKS "smtpd_etrn_restrictions"
* Patches change the patchlevel and the release date. Snapshots change the
* release date only, unless they include the same bugfix as a patch release.
*/
-#define MAIL_RELEASE_DATE "20021202"
+#define MAIL_RELEASE_DATE "20021203"
#define VAR_MAIL_VERSION "mail_version"
#define DEF_MAIL_VERSION "1.1.12-" MAIL_RELEASE_DATE
/*
/* In the case of \fBmaildir\fR delivery, the local daemon prepends
/* an optional
-/* \fBDelivered-To:\fR header with the envelope recipient address
+/* \fBDelivered-To:\fR header with the final envelope recipient address,
+/* prepends an
+/* \fBX-Original-To:\fR header with the recipient address as given to
+/* Postfix,
/* and prepends a \fBReturn-Path:\fR header with the envelope sender
/* address.
/* EXTERNAL COMMAND DELIVERY
buf = vstring_alloc(100);
why = vstring_alloc(100);
- copy_flags = MAIL_COPY_TOFILE | MAIL_COPY_RETURN_PATH;
+ copy_flags = MAIL_COPY_TOFILE | MAIL_COPY_RETURN_PATH | MAIL_COPY_ORIG_RCPT;
if (local_deliver_hdr_mask & DELIVER_HDR_FILE)
copy_flags |= MAIL_COPY_DELIVERED;
/* DNS A or MX record.
/* The \fIunknown_address_reject_code\fR configuration parameter
/* specifies the reject status code (default: 450).
-/* .IP check_relay_domains
-/* Allow the request when either the client hostname or the resolved
-/* recipient domain matches the \fIrelay_domains\fR configuration
-/* parameter or a subdomain thereof, or when the destination somehow
-/* resolves locally ($inet_interfaces, $mydestination or $virtual_maps).
-/* Reject the request otherwise.
-/* The \fIrelay_domains_reject_code\fR configuration parameter specifies
-/* the reject status code (default: 554).
/* .IP permit_auth_destination
/* Permit the request when the resolved recipient domain matches the
/* \fIrelay_domains\fR configuration parameter or a subdomain thereof,
/* Reject the request when the resolved recipient domain does not match
/* the \fIrelay_domains\fR configuration parameter or a subdomain
/* thereof, and when the destination does not somehow resolve locally
-/* ($inet_interfaces, $mydestination or $virtual_maps).
-/* Same error code as check_relay_domains.
+/* ($inet_interfaces, $mydestination, $virtual_maps, or
+/* $virtual_mailbox_maps).
+/* The \fIrelay_domains_reject_code\fR configuration parameter specifies
+/* the reject status code (default: 554).
/* .IP reject_unauth_pipelining
/* Reject the request when the client has already sent the next request
/* without being told that the server implements SMTP command pipelining.
REJECT_UNAUTH_DEST,
REJECT_ALL,
DEFER_ALL,
+ DEFER_IF_PERMIT,
0,
};
{
char *myname = "check_relay_domains";
+#if 1
+ static int once;
+
+ if (once == 0) {
+ once = 1;
+ msg_warn("the \"%s\" restriction is going away; use \"%s\" instead",
+ CHECK_RELAY_DOMAINS, REJECT_UNAUTH_DEST);
+ }
+#endif
+
if (msg_verbose)
msg_info("%s: %s", myname, recipient);
status = reject_maps_rbl(state);
} else if (strcasecmp(name, REJECT_RBL_CLIENT) == 0
|| strcasecmp(name, REJECT_RBL) == 0) {
- if (*(cpp[1]) == 0)
+ if (cpp[1] == 0)
msg_warn("restriction %s requires domain name argument", name);
else
status = reject_rbl_addr(state, *(cpp += 1), state->addr,
SMTPD_NAME_CLIENT);
} else if (strcasecmp(name, REJECT_RHSBL_CLIENT) == 0) {
- if (*(cpp[1]) == 0)
+ if (cpp[1] == 0)
msg_warn("restriction %s requires domain name argument",
name);
else {
buf = vstring_alloc(100);
why = vstring_alloc(100);
- copy_flags = MAIL_COPY_TOFILE | MAIL_COPY_RETURN_PATH | MAIL_COPY_DELIVERED;
+ copy_flags = MAIL_COPY_TOFILE | MAIL_COPY_RETURN_PATH
+ | MAIL_COPY_DELIVERED | MAIL_COPY_ORIG_RCPT;
newdir = concatenate(usr_attr.mailbox, "new/", (char *) 0);
tmpdir = concatenate(usr_attr.mailbox, "tmp/", (char *) 0);
/* in qmail \fBmaildir\fR format. This format stores one message per file.
/*
/* The \fBvirtual\fR delivery agent daemon prepends a \fBDelivered-To:\fR
-/* message header with the envelope recipient address and prepends a
+/* message header with the final envelope recipient address,
+/* prepends an \fBX-Original-To:\fR header with the recipient address as
+/* given to Postfix, and prepends a
/* \fBReturn-Path:\fR message header with the envelope sender address.
/*
/* By definition, \fBmaildir\fR format does not require file locking
projects / thirdparty / postfix.git / commitdiff
