20061106
- The following is implemented using snapshot 20061019 as the
- code base.
-
Feature: new retry delivery agent, to avoid the synchronous
defer service client in the queue manager. This code is
co-located with the error(8) server. File: error/error.c.
20061211
- When doing server access control by the TLS client fingerprint,
- do not require client certificate verification. Victor
- Duchovni. File: smtpd/smtpd_check.c.
+ Cleanup: when doing server access control by the remote TLS
+ client fingerprint, do not require client certificate
+ verification. Victor Duchovni. File: smtpd/smtpd_check.c.
- When the remote SMTP client certificate isn't verified,
+ Safety: when the remote TLS client certificate isn't verified,
don't send ccert_subject and ccert_issuer attributes in
check_policy_service requests. Victor Duchovni. File:
smtpd/smtpd_check.c.
N+M) could work as if (N, N) had been specified. Problem
reported by Mark Martinec. File: milter/milter8.c.
+20061221
+
+ Feature: time unit suffix support in _command_time_limit.
+ Files: pipe/pipe.c, spawn/spawn.c.
+
Wish list:
Update MILTER_README with Martinec info.
scan unix - - n - 10 smtp
-o smtp_send_xforward_command=yes
-o disable_mime_output_conversion=yes
+ -o smtp_generic_maps=
* This runs up to 10 content filters in parallel. Instead of a limit of 10
concurrent processes, use whatever process limit is feasible for your
because some SMTP-based content filters don't announce 8BITMIME support,
even though they can handle it just fine.
+ * The "-o smtp_generic_maps=" is a workaround that prevents local address
+ rewriting with generic(5) maps. Such rewriting should happen only when mail
+ is sent out to the Internet.
+
A\bAd\bdv\bva\ban\bnc\bce\bed\bd c\bco\bon\bnt\bte\ben\bnt\bt f\bfi\bil\blt\bte\ber\br:\b: r\bru\bun\bnn\bni\bin\bng\bg t\bth\bhe\be c\bco\bon\bnt\bte\ben\bnt\bt f\bfi\bil\blt\bte\ber\br
The content filter can be set up with the Postfix spawn service, which is the
New per-queue-file flushing with "postqueue -i queueid" and "sendmail
-qIqueueid".
+Incompatible changes with Postfix snapshot 20061214
+===================================================
+
+The check_smtpd_policy client sends TLS certificate attributes
+(client ccert_subject, ccert_issuer) only after successful client
+certificate verification. The reason is that the certification
+verification status itself is not available in the policy request.
+
+The check_smtpd_policy client sends TLS certificate fingerprint
+information even when the certificate itself was not verified.
+
+The remote SMTP client TLS certificate fingerprint can be used for
+access control even when the certificate itself was not verified.
+
Incompatible changes with Postfix snapshot 20061209
===================================================
scan unix - - n - 10 smtp
-o <a href="postconf.5.html#smtp_send_xforward_command">smtp_send_xforward_command</a>=yes
-o <a href="postconf.5.html#disable_mime_output_conversion">disable_mime_output_conversion</a>=yes
+ -o <a href="postconf.5.html#smtp_generic_maps">smtp_generic_maps</a>=
</pre>
</blockquote>
This is needed because some SMTP-based content filters don't announce
8BITMIME support, even though they can handle it just fine. </p>
+<li> <p> The "-o <a href="postconf.5.html#smtp_generic_maps">smtp_generic_maps</a>=" is a workaround that prevents
+local address rewriting with <a href="generic.5.html">generic(5)</a> maps. Such rewriting should
+happen only when mail is sent out to the Internet. </p>
+
</ul>
<h3>Advanced content filter: running the content filter</h3>
for delivery via the named <i>transport</i>. The limit is
enforced by the pipe delivery agent.
+ Postfix 2.4 and later support a suffix that speci-
+ fies the time unit: s (seconds), m (minutes), h
+ (hours), d (days), w (weeks). The default time unit
+ is seconds.
+
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
<a href="master.5.html">master.cf</a> configuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to
- handle a request before it is terminated by a
+ How much time a Postfix daemon process may take to
+ handle a request before it is terminated by a
built-in watchdog timer.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
- The maximal number of digits after the decimal
+ The maximal number of digits after the decimal
point when logging sub-second delay values.
<b><a href="postconf.5.html#export_environment">export_environment</a> (see 'postconf -d' output)</b>
- The list of environment variables that a Postfix
+ The list of environment variables that a Postfix
process will export to non-Postfix processes.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
and most Postfix daemon processes.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix
- daemon process waits for the next service request
+ The maximum amount of time that an idle Postfix
+ daemon process waits for the next service request
before exiting.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of connection requests before a
+ The maximal number of connection requests before a
Postfix daemon process terminates.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
+ The process ID of a Postfix command or daemon
process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
+ The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
+ The location of the Postfix top-level queue direc-
tory.
<b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> (empty)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
+ The mail system name that is prepended to the
+ process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
<b>SEE ALSO</b>
syslogd(8), system logging
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
The amount of time the command is allowed to run
before it is terminated.
+ Postfix 2.4 and later support a suffix that speci-
+ fies the time unit: s (seconds), m (minutes), h
+ (hours), d (days), w (weeks). The default time unit
+ is seconds.
+
<b>MISCELLANEOUS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
<a href="master.5.html">master.cf</a> configuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to
- handle a request before it is terminated by a
+ How much time a Postfix daemon process may take to
+ handle a request before it is terminated by a
built-in watchdog timer.
<b><a href="postconf.5.html#export_environment">export_environment</a> (see 'postconf -d' output)</b>
- The list of environment variables that a Postfix
+ The list of environment variables that a Postfix
process will export to non-Postfix processes.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
and most Postfix daemon processes.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix
- daemon process waits for the next service request
+ The maximum amount of time that an idle Postfix
+ daemon process waits for the next service request
before exiting.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of connection requests before a
+ The maximal number of connection requests before a
Postfix daemon process terminates.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
+ The process ID of a Postfix command or daemon
process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
+ The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
+ The location of the Postfix top-level queue direc-
tory.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
+ The mail system name that is prepended to the
+ process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
<b>SEE ALSO</b>
syslogd(8), system logging
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
Limit the time for delivery to external command, for delivery via
the named \fItransport\fR.
The limit is enforced by the pipe delivery agent.
+
+Postfix 2.4 and later support a suffix that specifies the
+time unit: s (seconds), m (minutes), h (hours), d (days),
+w (weeks). The default time unit is seconds.
.SH "MISCELLANEOUS CONTROLS"
.na
.nf
.IP "\fItransport\fB_time_limit ($command_time_limit)\fR"
The amount of time the command is allowed to run before it is
terminated.
+
+Postfix 2.4 and later support a suffix that specifies the
+time unit: s (seconds), m (minutes), h (hours), d (days),
+w (weeks). The default time unit is seconds.
.SH "MISCELLANEOUS"
.na
.nf
scan unix - - n - 10 smtp
-o smtp_send_xforward_command=yes
-o disable_mime_output_conversion=yes
+ -o smtp_generic_maps=
</pre>
</blockquote>
This is needed because some SMTP-based content filters don't announce
8BITMIME support, even though they can handle it just fine. </p>
+<li> <p> The "-o smtp_generic_maps=" is a workaround that prevents
+local address rewriting with generic(5) maps. Such rewriting should
+happen only when mail is sent out to the Internet. </p>
+
</ul>
<h3>Advanced content filter: running the content filter</h3>
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20061221"
+#define MAIL_RELEASE_DATE "20061224"
#define MAIL_VERSION_NUMBER "2.4"
#ifdef SNAPSHOT
#define SMFIR_REPLYCODE 'y' /* reply code etc */
#define SMFIR_QUARANTINE 'q' /* quarantine */
- /* Introduced with Sendmail 8.14. */
-#define SMFIR_ADDRCPT_PAR '2' /* add recipient (incl. ESMTP args) */
-#define SMFIR_CHGFROM 'e' /* change envelope sender (from) */
-#define SMFIR_SETSYMLIST 'l' /* set list of symbols (macros) */
-#define SMFIR_SKIP 's' /* skip */
-
/*
* Commands that the filter does not want to receive, and replies that the
* filter will not send.
#define SMFIP_NOBODY (1L<<4) /* MTA should not send body */
#define SMFIP_NOHDRS (1L<<5) /* MTA should not send headers */
#define SMFIP_NOEOH (1L<<6) /* MTA should not send EOH */
-#define SMFIP_NR_HDR (1L<<7) /* filter will not reply per header */
-#define SMFIP_NOHREPL SMFIP_NR_HDR
+#define SMFIP_NOHREPL (1L<<7) /* filter will not reply per header */
#define SMFIP_NOUNKNOWN (1L<<8) /* MTA should not send unknown cmd */
#define SMFIP_NODATA (1L<<9) /* MTA should not send DATA */
- /* Introduced with Sendmail 8.14. */
-#define SMFIP_SKIP 0x00000400L /* MTA understands SMFIS_SKIP */
-#define SMFIP_RCPT_REJ 0x00000800L /* MTA should send rejected RCPTs */
-#define SMFIP_NR_CONN 0x00001000L /* No reply for connect */
-#define SMFIP_NR_HELO 0x00002000L /* No reply for HELO */
-#define SMFIP_NR_MAIL 0x00004000L /* No reply for MAIL */
-#define SMFIP_NR_RCPT 0x00008000L /* No reply for RCPT */
-#define SMFIP_NR_DATA 0x00010000L /* No reply for DATA */
-#define SMFIP_NR_UNKN 0x00020000L /* No reply for UNKN */
-#define SMFIP_NR_EOH 0x00040000L /* No reply for eoh */
-#define SMFIP_NR_BODY 0x00080000L /* No reply for body chunk */
-
/*
* Modifications that the filter may request at the end of the message body.
*/
break;
/*
- * Raw on-the-wire format.
+ * Raw on-the-wire format, without explicit null terminator.
*/
case MILTER8_DATA_BUFFER:
- if (data_left < 1) {
+ if (data_left < 0) {
msg_warn("milter %s: no data in input packet", milter->m.name);
return (milter8_comm_error(milter));
}
/* Limit the time for delivery to external command, for delivery via
/* the named \fItransport\fR.
/* The limit is enforced by the pipe delivery agent.
+/*
+/* Postfix 2.4 and later support a suffix that specifies the
+/* time unit: s (seconds), m (minutes), h (hours), d (days),
+/* w (weeks). The default time unit is seconds.
/* MISCELLANEOUS CONTROLS
/* .ad
/* .fi
* Figure out the command time limit for this transport.
*/
config->time_limit =
- get_mail_conf_int2(service, "_time_limit", var_command_maxtime, 1, 0);
+ get_mail_conf_time2(service, "_time_limit", var_command_maxtime, 's', 1, 0);
/*
* Give the poor tester a clue of what is going on.
/* .IP "\fItransport\fB_time_limit ($command_time_limit)\fR"
/* The amount of time the command is allowed to run before it is
/* terminated.
+/*
+/* Postfix 2.4 and later support a suffix that specifies the
+/* time unit: s (seconds), m (minutes), h (hours), d (days),
+/* w (weeks). The default time unit is seconds.
/* MISCELLANEOUS
/* .ad
/* .fi
* Figure out the command time limit for this transport.
*/
attr->time_limit =
- get_mail_conf_int2(service, "_time_limit", var_command_maxtime, 1, 0);
+ get_mail_conf_time2(service, "_time_limit", var_command_maxtime, 's', 1, 0);
/*
* Iterate over the command-line attribute list.
projects / thirdparty / postfix.git / commitdiff
