after processing the key_format feature. This prevents a
database access error when keys may exceed the memcache
server's key length limit (usually, 250 bytes). Files:
+ global/dict_memcache.c, proto/memcache_table, util/ossl_digest.c,
+ ossl_digest.h, ossl_digest_test.c.
20250523
protocol mismatch, caused by a missing update for a code
path in the showq daemon. Problem reported by Florian
Piekert, diagnosed by John Fawcett. File: showq/showq.c.
+
+20241221
+
+ Cleanup: re-indented postfix source code to make it easier
+ to maintain. No change in compiler output. Files:
+ discard/discard.c, global/ascii_header_text.c,
+ global/ascii_header_text.h, global/dict_proxy.c,
+ global/dict_sqlite_test.c, global/haproxy_srvr.c,
+ global/haproxy_srvr.h, global/pol_stats.h, global/rfc2047_code.c,
+ global/rfc2047_code.h, global/sendopts.c, milter/milter8.c,
+ milter/test-milter.c, postconf/postconf_edit.c, smtp/smtp.c,
+ smtp/smtp_reqtls_policy_test.c, smtpd/smtpd.c, smtpd/smtpd_chat.c,
+ smtpd/smtpd_peer_test.c, tls/tls_client.c, tls/tls_dh.c,
+ util/dict_open.c, util/myaddrinfo.c, util/myaddrinfo.h,
+ util/normalize_v4mapped_addr.c,
+ util/normalize_v4mapped_addr_test.c, util/normalize_ws.c,
+ util/ossl_digest.c, util/sys_defs.h, global/ascii_header_text.c,
+ global/ascii_header_text.h, global/dict_proxy.c,
+ global/dict_sqlite_test.c, global/haproxy_srvr.c,
+ global/haproxy_srvr.h, global/pol_stats.h, global/rfc2047_code.c,
+ global/rfc2047_code.h, global/sendopts.c, milter/milter8.c,
+ milter/test-milter.c, postconf/postconf_edit.c, smtp/smtp.c,
+ smtp/smtp_reqtls_policy_test.c, smtpd/smtpd.c, smtpd/smtpd_chat.c,
+ smtpd/smtpd_peer_test.c, tls/tls_client.c, tls/tls_dh.c,
+ util/dict_open.c, util/myaddrinfo.c, util/myaddrinfo.h,
+ util/normalize_v4mapped_addr.c,
+ util/normalize_v4mapped_addr_test.c, util/normalize_ws.c,
+ util/ossl_digest.c, util/sys_defs.h.
+
+ Documentation: update the transport(5) manpage text for the
+ case that transport maps specify no transport or no nexthop.
+ In the presentation of address classes, identify the relative
+ precedence of transport_maps on next-hop destination
+ selection. File: proto/transport.
+
+ Cleanup: change a non_smtpd_milters 'shutdown' response
+ from a hard error ('message content rejected') into a soft
+ error ('queue file write error') for consistency with
+ smtpd_milters. File: cleanup/cleanup_milter.c.
+
+ Documentation: regenerated manpages, and propagated parameter
+ changes from postconf(5) to on-line parameter summaries in
+ program manpages. Files: cleanup/cleanup.c, smtpd/smtpd.c.
+
+20251222
+
+ Revert the 20250623 change to the default value for
+ lmtp_tls_security_level, back to its Postfix 3.10 empty
+ value. There is no default TLS security level that makes
+ sense for connections over UNIX-domain, loopback TCP, and
+ non-loopback TCP sockets. Files: global/mail_params.[hc],
+ smtp/smtp.c.
+
+ Documentation: added RELEASE_NOTES_3.11, added example to
+ relocated(5) manpage; updated examples for opportunistic
+ TLS status logging in postconf(5).
+
+ Opened the postfix-3.12-yyyymmdd development series.
U\bUs\bsi\bin\bng\bg b\bba\bac\bck\bkw\bwa\bar\brd\bds\bs-\b-c\bco\bom\bmp\bpa\bat\bti\bib\bbl\ble\be d\bde\bef\bfa\bau\bul\blt\bt s\bse\bet\btt\bti\bin\bng\bg x\bxx\bxx\bx_\b_s\bse\bec\bcu\bur\bri\bit\bty\by_\b_l\ble\bev\bve\bel\bl=\b=(\b(e\bem\bmp\bpt\bty\by)\b)
-Postfix version 3.11 changes the default value for client TLS security levels
-from "empty" to "may". The backwards-compatibility safety net is designed to
-prevent an unexpected change in mail sending behavior when Postfix is updated
-from an older version.
+When built with TLS support, Postfix version 3.11 changes the default SMTP
+client TLS security level from "empty" to "may". The backwards-compatibility
+safety net is designed to prevent an unexpected change in mail sending behavior
+when Postfix is updated from an older version.
There is no equivalent change for Postfix server TLS security levels, because
changing the level alone is not sufficient. Server-side TLS requires that at
-This is the Postfix 3.11 experimental release.
+This is the Postfix 3.12 snapshot release.
-The stable Postfix release is called postfix-3.10.x where 3=major
-release number, 10=minor release number, x=patchlevel. The stable
+The stable Postfix release is called postfix-3.11.x where 3=major
+release number, 11=minor release number, x=patchlevel. The stable
release never changes except for patches that address bugs or
emergencies. Patches change the patchlevel and the release date.
New features are developed in snapshot releases. These are called
-postfix-3.11-yyyymmdd where yyyymmdd is the release date (yyyy=year,
+postfix-3.12-yyyymmdd where yyyymmdd is the release date (yyyy=year,
mm=month, dd=day). Patches are never issued for snapshot releases;
instead, a new snapshot is released.
The mail_release_date configuration parameter (format: yyyymmdd)
specifies the release date of a stable release or snapshot release.
-If you upgrade from Postfix 3.9 or earlier, please read RELEASE_NOTES-3.10
+If you upgrade from Postfix 3.10 or earlier, please read RELEASE_NOTES-3.11
before proceeding.
Dual license
--- /dev/null
+This is the Postfix 3.11 stable release.
+
+The stable Postfix release is called postfix-3.11.x where 3=major
+release number, 11=minor release number, x=patchlevel. The stable
+release never changes except for patches that address bugs or
+emergencies. Patches change the patchlevel and the release date.
+
+New features are developed in snapshot releases. These are called
+postfix-3.12-yyyymmdd where yyyymmdd is the release date (yyyy=year,
+mm=month, dd=day). Patches are never issued for snapshot releases;
+instead, a new snapshot is released.
+
+The mail_release_date configuration parameter (format: yyyymmdd)
+specifies the release date of a stable release or snapshot release.
+
+If you upgrade from Postfix 3.9 or earlier, please read RELEASE_NOTES-3.10
+before proceeding.
+
+Dual license
+------------
+
+As of Postfix 3.2.5 this software is distributed with a dual license:
+in addition to the historical IBM Public License (IPL) 1.0, it is
+now also distributed with the more recent Eclipse Public License
+(EPL) 2.0. Recipients can choose to take the software under the
+license of their choice. Those who are more comfortable with the
+IPL can continue with that license.
+
+Major changes - database
+------------------------
+
+[Feature 20250321] Safety: the SQLite client now logs a warning
+when a query uses double quotes instead of the Postfix-recommended
+single quotes. The non-recommended form is not protected against
+SQL injection.
+
+[Feature 20250509] Support to run all memcache lookup keys through
+an OpenSSL digest function. This prevents a database access error
+when lookup keys may exceed the memcache server's key length limit
+(usually, 250 bytes).
+
+[Feature 20250624] Support for a new "debug:" pseudo lookup table.
+Specify debug:maptype:mapname to encapsulate a maptype:mapname
+lookup table and log all access. This builds on existing but unused
+code to log table access. Contributed by Richard Hansen.
+
+[Infrastructure 20250626] Overhauled in-memory lookup table life-cycle
+management; overhauled sharing/isolation for proxied lookup tables.
+
+Major changes - deprecation
+---------------------------
+
+[Feature 20250609] smtp_tls_enforce_peername and lmtp_tls_enforce_peername
+are now officially deprecated. Postfix will log a warning until the
+features are deleted. See DEPRECATION_README for a summary of
+deprecated and deleted features.
+
+[Feature 20251027] This adds 12 more deprecation warnings for
+parameters that have been renamed in the past, and that still provide
+a backwards-compatible default value for their replacement. The
+parameters deprecated by this change are: authorized_verp_clients,
+fallback_relay, lmtp_per_record_deadline, postscreen_blacklist_action,
+postscreen_dnsbl_ttl, postscreen_dnsbl_whitelist_threshold,
+postscreen_whitelist_interfaces, smtpd_client_connection_limit_exceptions,
+smtp_per_record_deadline, tlsproxy_client_level, tlsproxy_client_policy,
+virtual_maps.
+
+[Feature 20251028] Deprecate the smtp_cname_overrides_servername
+and lmtp_cname_overrides_servername parameters, and delete documentation
+that has been obsolete since Postfix 2.11.
+
+Major changes - logging
+-----------------------
+
+[Feature 20250910] TLS feature policy status summary in delivery
+status logging. This shows the desired and actual TLS security level
+enforcement status and, if a message requests REQUIRETLS, the
+REQUIRETLS policy enforcement status. For a list of examples see
+https://www.postfix.org/postconf.5.html#smtp_log_tls_feature_status
+
+[Feature 20251216] After a delivery failure, the bounce daemon
+logged "<old-queue-id>: sender non-delivery notification: <new-queue-id>"
+only if the notification was queued successfully. The bounce daemon
+now always logs this, making Postfix behavior easier to understand.
+
+Visible changes for logfile analyzers:
+
+- The bounce daemon now logs "<old-queue-id>: sender non-delivery
+notification: <new-queue-id>" BEFORE the cleanup daemon logs activity
+with "<new-queue-id>". Previously, the bounce daemon logged the
+old<=>new queue ID connection later, which made logfile analysis
+more difficult.
+
+- The bounce daemon now logs a logfile record "<old-queue-id>:
+sender notification failed to <address>: <reason>" when the
+notification was not queued. In some cases it will log "<old-queue-id>:
+sender notification failed to <address>" (without the reason). In
+those cases the failure reason was already logged by lower-level
+code, but without the queue ID.
+
+Major changes - management tool integration
+-------------------------------------------
+
+[Feature 20251124] Basic JSON output support with "postconf
+-j|-jM|-jF|-jP", "postalias -jq|-js", "postmap -jq|-js", and
+"postmulti -jl". No support is planned for JSON input support.
+
+Major changes - milter support
+------------------------------
+
+[Feature 20251208] Improved Milter error handling for messages that
+arrive over a long-lived SMTP connection, by changing the default
+milter_default_action from "tempfail" to the new "shutdown" action
+(i.e. disconnect the remote SMTP client).
+
+This avoids a worst-case scenario where after a single Milter error,
+Postfix would tempfail all messages that the client sends over a
+long-lived connection, even if the Milter error was only temporary.
+
+The bounce daemon now logs "<old-queue-id>: sender non-delivery
+notification: <new-queue-id>" *before* the cleanup daemon logs
+activity with <new-queue-id>, instead of after. This makes the
+logging easier to analyze.
+
+Major changes - mime support
+----------------------------
+
+[Feature 20251104] New non_empty_end_of_header_action parameter
+with the cleanup(8) server action when a primary message header is
+terminated with a non-empty line:
+
+1) fix_quietly: Insert an empty line before the offending text (the
+backwards-compatible default),
+
+2) add_header: Insert a MIME-Error: header before inserting an empty
+line, or
+
+3) reject: Log a "mime-error" and reject the message.
+
+Note that the 'empty line' separator is not used for DKIM signature
+checks, so it does not matter that Postfix inserts one if it is
+missing.
+
+Major changes - mta-sts
+-----------------------
+
+[Feature 20250906] Workaround for an interface mis-match between
+the Postfix SMTP client and MTA-STS policy plugins. This introduces
+a new parameter "smtp_tls_enforce_sts_mx_patterns" (default: "yes").
+The MTA-STS plugin configuration needs to enable TLSRPT support,
+so that it forwards STS policy attributes to Postfix. This works
+even if Postfix TLSRPT support is disabled at build time or at
+runtime.
+
+With the above two configurations, the Postfix SMTP client will
+connect to an MX host only if its name matches any STS policy MX
+host pattern, and will match a server certificate against the MX
+hostname. Otherwise, the old behavior stays in effect: connect to
+any MX host listed in DNS, and match a server certificate against
+any STS policy MX host pattern.
+
+This code was published first in Postfix 3.11, and later back-ported
+to Postfix 3.10.5.
+
+Major changes - portability
+---------------------------
+
+[Feature 20241201] Support for the C23 built-in bool type. Older
+Postfix releases have been updated with a makedefs script that
+disables C23 built-in bool support.
+
+Major changes - postqueue
+-------------------------
+
+[Feature 20251218] the postqueue (and mailq) command now also lists
+recipients in bounce logfiles (in JSON output, this uses a new
+object member 'bounce_reason' instead of the existing 'delay_reason').
+Such recipients have already been deleted from the message queue
+file, but they are still pending the creation of a non-delivery
+status notification message that will be returned to the sender.
+
+Major changes - relocated_maps
+------------------------------
+
+[Feature 20250608] Specify "relocated_prefix_enable = no" to disable
+the hard-coded prefix "5.1.6 User has moved to " that is by default
+prepended to all relocated_maps lookup results. This setting requires
+that the table contains responses with both custom enhanced status
+code (X.Y.Z) and text. For details, see "man 5 relocated" or
+https://www.postfix.org/relocated.5.html .
+
+Major changes - requiretls
+--------------------------
+
+[Feature 20241111] Support for the REQUIRETLS verb in SMTP. This,
+and everything that was added later through 2025, is described in
+REQUIRETLS_README.
+
+[Feature 20250120] After a certificate check fails, or a remote
+SMTP server does not announce REQUIRETLS support, the Postfix SMTP
+client will override the RFC 8689 5.x.x. status and treat it as a
+soft error, until there are no more alternate MX servers to try.
+
+[Feature 20250827] New parameter requiretls_redact_dsn (default:
+yes) to redact bounce messages as described in RFC 8689 section 5,
+so that they don't need REQUIRETLS support on every hop in the
+return path.
+
+[Feature 20250827] smtp_requiretls_policy and lmtp_requiretls_policy
+for responsible REQUIRETLS policy enforcement. REQUIRETLS must be
+enforced with care, because at this time most domains do not publish
+DANE or MTA-STS policies, and most MTAs and content filters do not
+support REQUIRETLS.
+
+[Feature 20250916] support for a "Require-TLS-ESMTP: yes" header
+to propagate an ESMTP REQUIRETLS request through a FILTER_README
+or SMTPD_PROXY_README style content filter. This header is detected
+or added by the cleanup daemon and by the before-proxy-filter Postfix
+SMTP server. This feature is enabled by default with
+"requiretls_esmtp_header = yes". The Require-TLS-ESMTP header will
+be visible to local and remote recipients. This feature can safely
+be disabled when a configuration does not use REQUIRETLS, or does
+not use FILTER_README or SMTPD_PROXY_README style content filters.
+
+Major changes - smtp server
+---------------------------
+
+[Feature 20250801] smtpd_reject_filter_maps support to selectively
+replace a reject response from the Postfix SMTP server, or from a
+program that replies through the Postfix SMTP server.
+
+Major changes - smtputf8
+------------------------
+
+[Feature 20250122] New Postfix sendmail command option "-O smtputf8"
+to request that deliveries over SMTP use the SMTPUTF8 extension.
+This reuses logic that was introduced for REQUIRETLS.
+
+[Feature 20250824] When a message needs to be delivered with SMTPUTF8,
+but a remote server does not support it, the Postfix SMTP client
+will try alternate servers instead of returning the message
+immediately. This reuses on new code that was implemented for
+REQUIRETLS,
+
+Major changes - tls support
+---------------------------
+
+[Feature 20250623] This changes the Postfix SMTP client
+smtp_tls_security_level default value to "may" if Postfix was built
+with TLS support, and the compatibility_level is 3.11 or higher.
+
+There is no change to the default lmtp_tls_security_level value.
+It remains empty, because there is no default TLS security level
+that makes sense for connections over UNIX-domain and loopback TCP
+and non-loopback TCP sockets.
+
+There also is no equivalent change for Postfix SMTP server TLS
+security levels, because changing smtpd_tls_security_level is not
+sufficient. Server-side TLS requires that at least one private key
+and corresponding public-key certificate chain are configured.
+
+[Feature 20251029] Debugging: depending on OpenSSL build options,
+"posttls-finger -L ssl-debug" will decode TLS handshake messages.
+
+[Feature 20251102] Post-quantum cryptography support: with OpenSSL
+3.5 and later, change the tls_eecdh_auto_curves default value to
+avoid problems with network infrastructure that mis-handles TLS
+hello messages larger than one (Ethernet) TCP segment. This problem
+is mre generally known as "protocol ossification".
+
+Major changes - tlsrpt
+----------------------
+
+[Incompat 20250601] the default smtp_tlsrpt_skip_reused_handshakes
+setting was changed from "yes" to "no". The new default is enabled
+with compatibility level >= 3.11.
+
#
# The level below is what should be used with new (not upgrade) installs.
#
-compatibility_level = 3.11
+compatibility_level = 3.12
# SOFT BOUNCE
#
# entries with your own RFC 3463-compliant enhanced
# status code and text, for example:
#
+# pattern 5.1.6 Mailbox has moved to user@example
# pattern 5.2.0 Mailbox is unavailable
# pattern 5.2.1 Mailbox is disabled
#
# This is the default for final delivery to domains
# listed with mydestination, and for [ipaddress] des-
# tinations that match $inet_interfaces or
-# $proxy_interfaces. The default nexthop destination
-# is the MTA hostname.
+# $proxy_interfaces.
+#
+# In order of decreasing precedence, the nexthop des-
+# tination is taken from transport_maps, local_trans-
+# port, or from the recipient domain.
#
# virtual_transport (default: virtual:)
-# This is the default for final delivery to domains
-# listed with virtual_mailbox_domains. The default
-# nexthop destination is the recipient domain.
+# This is the default for final delivery to domains
+# listed with virtual_mailbox_domains.
+#
+# In order of decreasing precedence, the nexthop des-
+# tination is taken from transport_maps, vir-
+# tual_transport, or from the recipient domain.
#
# relay_transport (default: relay:)
# This is the default for remote delivery to domains
-# listed with relay_domains. In order of decreasing
-# precedence, the nexthop destination is taken from
-# relay_transport, sender_dependent_relayhost_maps,
-# relayhost, or from the recipient domain.
+# listed with relay_domains.
+#
+# In order of decreasing precedence, the nexthop des-
+# tination is taken from transport_maps, relay_trans-
+# port, sender_dependent_relayhost_maps, relayhost,
+# or from the recipient domain.
#
# default_transport (default: smtp:)
# This is the default for remote delivery to other
-# destinations. In order of decreasing precedence,
-# the nexthop destination is taken from sender_depen-
-# dent_default_transport_maps, default_transport,
-# sender_dependent_relayhost_maps, relayhost, or from
-# the recipient domain.
+# destinations.
+#
+# In order of decreasing precedence, the nexthop des-
+# tination is taken from transport_maps,
+# sender_dependent_default_transport_maps,
+# default_transport, sender_dependent_relayhost_maps,
+# relayhost, or from the recipient domain.
#
# Normally, the transport(5) table is specified as a text
# file that serves as input to the postmap(1) command. The
# example.com uucp:example
# .example.com uucp:example
#
-# When no nexthop host name is specified, the destination
-# domain name is used instead. For example, the following
-# directs mail for user@example.com via the slow transport
-# to a mail exchanger for example.com. The slow transport
+# When no nexthop destination is specified, Postfix uses
+# (from low to high precedence): the recipient domain, the
+# nexthop specified with relayhost, with sender_depen-
+# dent_relayhost_maps (for remote deliveries only), with the
+# transport for the address domain class (see DESCRIPTION
+# above), or with sender_dependent_default_transport_maps
+# (for remote deliveries only). For example, the following
+# directs mail for user@example.com via the slow transport
+# to a mail exchanger for example.com. The slow transport
# could be configured to run at most one delivery process at
# a time:
#
# example.com slow:
#
# When no transport is specified, Postfix uses the transport
-# that matches the address domain class (see DESCRIPTION
-# above). The following sends all mail for example.com and
-# its subdomains to host gateway.example.com:
+# that matches the address domain class (see DESCRIPTION
+# above), or the transport specified with sender_depen-
+# dent_default_transport_maps (for remote deliveries only).
+# The following sends all mail for example.com and its sub-
+# domains to host gateway.example.com:
#
# example.com :[gateway.example.com]
# .example.com :[gateway.example.com]
#
-# In the above example, the [] suppress MX lookups. This
-# prevents mail routing loops when your machine is primary
+# In the above example, the [] suppress MX lookups. This
+# prevents mail routing loops when your machine is primary
# MX host for example.com.
#
-# In the case of delivery via SMTP or LMTP, one may specify
+# In the case of delivery via SMTP or LMTP, one may specify
# host:service instead of just a host:
#
# example.com smtp:bar.example:2025
# be used. Specify [] around the hostname if MX lookups must
# be disabled.
#
-# Deliveries via SMTP or LMTP support multiple destinations
+# Deliveries via SMTP or LMTP support multiple destinations
# (Postfix >= 3.5):
#
# example.com smtp:bar.example, foo.example
#
-# This tries to deliver to bar.example before trying to
+# This tries to deliver to bar.example before trying to
# deliver to foo.example.
#
# The error mailer can be used to bounce mail:
#
# .example.com error:mail for *.example.com is not deliverable
#
-# This causes all mail for user@anything.example.com to be
+# This causes all mail for user@anything.example.com to be
# bounced.
#
# REGULAR EXPRESSION TABLES
-# This section describes how the table lookups change when
+# This section describes how the table lookups change when
# the table is given in the form of regular expressions. For
-# a description of regular expression lookup table syntax,
+# a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5).
#
-# Each pattern is a regular expression that is applied to
-# the entire address being looked up. Thus,
-# some.domain.hierarchy is not looked up via its parent
-# domains, nor is user+foo@domain looked up as user@domain.
+# Each pattern is a regular expression that is applied to
+# the entire address being looked up. Thus,
+# some.domain.hierarchy is not looked up via its parent
+# domains, nor is user+foo@domain looked up as user@domain.
#
-# Patterns are applied in the order as specified in the ta-
-# ble, until a pattern is found that matches the search
+# Patterns are applied in the order as specified in the ta-
+# ble, until a pattern is found that matches the search
# string.
#
# The trivial-rewrite(8) server disallows regular expression
-# substitution of $1 etc. in regular expression lookup
-# tables, because that could open a security hole (Postfix
+# substitution of $1 etc. in regular expression lookup
+# tables, because that could open a security hole (Postfix
# version 2.3 and later).
#
# TCP-BASED TABLES
-# This section describes how the table lookups change when
+# This section describes how the table lookups change when
# lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see tcp_ta-
# ble(5). This feature is not available up to and including
# Postfix version 2.4.
#
-# Each lookup operation uses the entire recipient address
-# once. Thus, some.domain.hierarchy is not looked up via
-# its parent domains, nor is user+foo@domain looked up as
+# Each lookup operation uses the entire recipient address
+# once. Thus, some.domain.hierarchy is not looked up via
+# its parent domains, nor is user+foo@domain looked up as
# user@domain.
#
# Results are the same as with indexed file lookups.
#
# CONFIGURATION PARAMETERS
-# The following main.cf parameters are especially relevant.
-# The text below provides only a parameter summary. See
+# The following main.cf parameters are especially relevant.
+# The text below provides only a parameter summary. See
# postconf(5) for more details including examples.
#
# empty_address_recipient (MAILER-DAEMON)
-# The recipient of mail addressed to the null
+# The recipient of mail addressed to the null
# address.
#
-# parent_domain_matches_subdomains (see 'postconf -d' out-
+# parent_domain_matches_subdomains (see 'postconf -d' out-
# put)
# A list of Postfix features where the pattern "exam-
-# ple.com" also matches subdomains of example.com,
-# instead of requiring an explicit ".example.com"
+# ple.com" also matches subdomains of example.com,
+# instead of requiring an explicit ".example.com"
# pattern.
#
# transport_maps (empty)
# Optional lookup tables with mappings from recipient
-# address to (message delivery transport, next-hop
+# address to (message delivery transport, next-hop
# destination).
#
# SEE ALSO
# postmap(1), Postfix lookup table manager
#
# README FILES
-# Use "postconf readme_directory" or "postconf html_direc-
+# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
# ADDRESS_REWRITING_README, address rewriting guide
# DATABASE_README, Postfix lookup table overview
# FILTER_README, external content filter
#
# LICENSE
-# The Secure Mailer license must be distributed with this
+# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)
<h2> <a name="xxx_tls_level"> Using backwards-compatible
default setting <i>xxx</i>_security_level=(empty)</a> </h2>
-<p> Postfix version 3.11 changes the default value for client TLS
-security levels from "empty" to "may". The backwards-compatibility
+<p> When built with TLS support, Postfix version 3.11 changes the
+default SMTP client TLS
+security level from "empty" to "may". The backwards-compatibility
safety net is designed to prevent an unexpected change in mail
sending behavior when Postfix is updated from an older version.
</p>
sions for communication with a Milter application; prior to
Postfix 2.6 the default protocol is 2.
- <b><a href="postconf.5.html#milter_default_action">milter_default_action</a> (tempfail)</b>
+ <b><a href="postconf.5.html#milter_default_action">milter_default_action</a> (Postfix</b> ><b>= 3.11: shutdown; Postfix</b> < <b>3.11: temp-</b>
+ <b>fail)</b>
The default action when a Milter (mail filter) response is
unavailable (for example, bad Postfix configuration or Milter
failure).
<dt>tempfail</dt> <dd>Reject all further commands in this session
with a temporary status code. </dd>
-<dt>shutdown</dt> <dd>Close the SMTP connection after sending a 421
-SMTP reply. Available in Postfix 3.11 and later. </dd>
+<dt>shutdown</dt> <dd>With <a href="postconf.5.html#smtpd_milters">smtpd_milters</a>, close the SMTP connection
+after sending a 421 SMTP reply; with <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>, report a
+queue file write error. Available in Postfix 3.11 and later. </dd>
<dt>quarantine</dt> <dd>Like "accept", but freeze the message in
the "<a href="QSHAPE_README.html#hold_queue">hold" queue</a>. Available with Postfix 2.6 and later. </dd>
<dl>
-<dt> tls=none </dt> <dd> A connection that did not use TLS. </dd>
+<dt> tls=none </dt> <dd> A connection with TLS disabled. </dd>
<dt> tls=may </dt> <dd> Opportunistic TLS. The connection was used
after a successful TLS handshake. </dd>
<dt> tls=may? </dt> <dd> Opportunistic TLS. The status was undecided
because no connection was made, or no server could be reached. </dd>
-<dt> tls=may:none </dt> <dd> The client was willing to use TLS, but
-the remote server did not support STARTTLS, and the connection was
-used in plaintext as permitted by the opportunistic TLS policy. </dd>
+<dt> tls=may:none </dt> <dd> Opportunistic TLS. The client was
+willing to use TLS, but the remote server did not support STARTTLS,
+and the connection was used in plaintext as permitted by the
+opportunistic TLS policy. </dd>
<dt> tls=dane </dt> <dd> DANE policy compliant, no downgrade. </dd>
Received: by mail.example.com (Postfix) id postfix-queue-id
for <user@example.com>; Day, dd Mon yyyy hh:mm:ss tz-offset (zone)
<br>
-Received: by mail.example.com (Postfix) id postfix-queue-id
+Received: by mail.example.com (Postfix) id postfix-queue-id;
Day, dd Mon yyyy hh:mm:ss tz-offset (zone)
</pre>
</blockquote>
specify <a href="postconf.5.html#relocated_maps">relocated_maps</a> entries with your own <a href="https://tools.ietf.org/html/rfc3463">RFC 3463</a>-compliant
enhanced status code and text, for example:
+ <i>pattern</i> 5.1.6 Mailbox has moved to user@example
<i>pattern</i> 5.2.0 Mailbox is unavailable
<i>pattern</i> 5.2.1 Mailbox is disabled
sions for communication with a Milter application; prior to
Postfix 2.6 the default protocol is 2.
- <b><a href="postconf.5.html#milter_default_action">milter_default_action</a> (tempfail)</b>
+ <b><a href="postconf.5.html#milter_default_action">milter_default_action</a> (Postfix</b> ><b>= 3.11: shutdown; Postfix</b> < <b>3.11: temp-</b>
+ <b>fail)</b>
The default action when a Milter (mail filter) response is
unavailable (for example, bad Postfix configuration or Milter
failure).
<b><a href="postconf.5.html#local_transport">local_transport</a> (default: <a href="local.8.html">local</a>:$<a href="postconf.5.html#myhostname">myhostname</a>)</b>
This is the default for final delivery to domains listed with
<b><a href="postconf.5.html#mydestination">mydestination</a></b>, and for [<i>ipaddress</i>] destinations that match
- <b>$<a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b> or <b>$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a></b>. The default <i>nexthop</i> des-
- tination is the MTA hostname.
+ <b>$<a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b> or <b>$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a></b>.
+
+ In order of decreasing precedence, the <i>nexthop</i> destination is
+ taken from <b><a href="postconf.5.html#transport_maps">transport_maps</a></b>, <b><a href="postconf.5.html#local_transport">local_transport</a></b>, or from the recipi-
+ ent domain.
<b><a href="postconf.5.html#virtual_transport">virtual_transport</a> (default: <a href="virtual.8.html">virtual</a>:)</b>
- This is the default for final delivery to domains listed with
- <b><a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a></b>. The default <i>nexthop</i> destination is the
- recipient domain.
+ This is the default for final delivery to domains listed with
+ <b><a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a></b>.
+
+ In order of decreasing precedence, the <i>nexthop</i> destination is
+ taken from <b><a href="postconf.5.html#transport_maps">transport_maps</a></b>, <b><a href="postconf.5.html#virtual_transport">virtual_transport</a></b>, or from the recip-
+ ient domain.
<b><a href="postconf.5.html#relay_transport">relay_transport</a> (default: relay:)</b>
This is the default for remote delivery to domains listed with
- <b><a href="postconf.5.html#relay_domains">relay_domains</a></b>. In order of decreasing precedence, the <i>nexthop</i>
- destination is taken from <b><a href="postconf.5.html#relay_transport">relay_transport</a></b>, <b><a href="postconf.5.html#sender_dependent_relayhost_maps">sender_depen</a>-</b>
+ <b><a href="postconf.5.html#relay_domains">relay_domains</a></b>.
+
+ In order of decreasing precedence, the <i>nexthop</i> destination is
+ taken from <b><a href="postconf.5.html#transport_maps">transport_maps</a></b>, <b><a href="postconf.5.html#relay_transport">relay_transport</a></b>, <b><a href="postconf.5.html#sender_dependent_relayhost_maps">sender_depen</a>-</b>
<b><a href="postconf.5.html#sender_dependent_relayhost_maps">dent_relayhost_maps</a></b>, <b><a href="postconf.5.html#relayhost">relayhost</a></b>, or from the recipient domain.
<b><a href="postconf.5.html#default_transport">default_transport</a> (default: <a href="smtp.8.html">smtp</a>:)</b>
- This is the default for remote delivery to other destinations.
- In order of decreasing precedence, the <i>nexthop</i> destination is
- taken from <b><a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a>,</b>
- <b><a href="postconf.5.html#default_transport">default_transport</a></b>, <b><a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a></b>, <b><a href="postconf.5.html#relayhost">relayhost</a></b>,
- or from the recipient domain.
+ This is the default for remote delivery to other destinations.
+
+ In order of decreasing precedence, the <i>nexthop</i> destination is
+ taken from <b><a href="postconf.5.html#transport_maps">transport_maps</a></b>, <b><a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_trans</a>-</b>
+ <b><a href="postconf.5.html#sender_dependent_default_transport_maps">port_maps</a>, <a href="postconf.5.html#default_transport">default_transport</a></b>, <b><a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a></b>,
+ <b><a href="postconf.5.html#relayhost">relayhost</a></b>, or from the recipient domain.
- Normally, the <a href="transport.5.html"><b>transport</b>(5)</a> table is specified as a text file that
+ Normally, the <a href="transport.5.html"><b>transport</b>(5)</a> table is specified as a text file that
serves as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> command. The result, an indexed file
- in <b>dbm</b> or <b>db</b> format, is used for fast searching by the mail system.
- Execute the command "<b>postmap /etc/postfix/transport</b>" to rebuild an
+ in <b>dbm</b> or <b>db</b> format, is used for fast searching by the mail system.
+ Execute the command "<b>postmap /etc/postfix/transport</b>" to rebuild an
indexed file after changing the corresponding transport table.
- When the table is provided via other means such as NIS, LDAP or SQL,
+ When the table is provided via other means such as NIS, LDAP or SQL,
the same lookups are done as for ordinary indexed files.
- Alternatively, the table can be provided as a regular-expression map
- where patterns are given as regular expressions, or lookups can be
- directed to a TCP-based server. In those case, the lookups are done in
- a slightly different way as described below under "REGULAR EXPRESSION
+ Alternatively, the table can be provided as a regular-expression map
+ where patterns are given as regular expressions, or lookups can be
+ directed to a TCP-based server. In those case, the lookups are done in
+ a slightly different way as described below under "REGULAR EXPRESSION
TABLES" or "TCP-BASED TABLES".
<b><a name="case_folding">CASE FOLDING</a></b>
- The search string is folded to lowercase before database lookup. As of
- Postfix 2.3, the search string is not case folded with database types
- such as <a href="regexp_table.5.html">regexp</a>: or <a href="pcre_table.5.html">pcre</a>: whose lookup fields can match both upper and
+ The search string is folded to lowercase before database lookup. As of
+ Postfix 2.3, the search string is not case folded with database types
+ such as <a href="regexp_table.5.html">regexp</a>: or <a href="pcre_table.5.html">pcre</a>: whose lookup fields can match both upper and
lower case.
<b><a name="table_format">TABLE FORMAT</a></b>
The input format for the <a href="postmap.1.html"><b>postmap</b>(1)</a> command is as follows:
<i>pattern result</i>
- When <i>pattern</i> matches the recipient address or domain, use the
+ When <i>pattern</i> matches the recipient address or domain, use the
corresponding <i>result</i>.
blank lines and comments
- Empty lines and whitespace-only lines are ignored, as are lines
+ Empty lines and whitespace-only lines are ignored, as are lines
whose first non-whitespace character is a `#'.
multi-line text
- A logical line starts with non-whitespace text. A line that
+ A logical line starts with non-whitespace text. A line that
starts with whitespace continues a logical line.
The <i>pattern</i> specifies an email address, a domain name, or a domain name
hierarchy, as described in section "TABLE SEARCH ORDER".
- The <i>result</i> is of the form <i>transport:nexthop</i> and specifies how or where
+ The <i>result</i> is of the form <i>transport:nexthop</i> and specifies how or where
to deliver mail. This is described in section "RESULT FORMAT".
<b><a name="table_search_order">TABLE SEARCH ORDER</a></b>
- With lookups from indexed files such as DB or DBM, or from networked
- tables such as NIS, LDAP or SQL, patterns are tried in the order as
+ With lookups from indexed files such as DB or DBM, or from networked
+ tables such as NIS, LDAP or SQL, patterns are tried in the order as
listed below:
<i>user+extension@domain transport</i>:<i>nexthop</i>
Deliver mail for <i>domain</i> through <i>transport</i> to <i>nexthop</i>.
<i>.domain transport</i>:<i>nexthop</i>
- Deliver mail for any subdomain of <i>domain</i> through <i>transport</i> to
+ Deliver mail for any subdomain of <i>domain</i> through <i>transport</i> to
<i>nexthop</i>. This applies only when the string <b><a href="postconf.5.html#transport_maps">transport_maps</a></b> is not
listed in the <b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a></b> configuration
setting. Otherwise, a domain name matches itself and its subdo-
mains.
<b>*</b> <i>transport</i>:<i>nexthop</i>
- The special pattern <b>*</b> represents any address (i.e. it functions
- as the wild-card pattern, and is unique to Postfix transport
+ The special pattern <b>*</b> represents any address (i.e. it functions
+ as the wild-card pattern, and is unique to Postfix transport
tables).
- Note 1: the null recipient address is looked up as
+ Note 1: the null recipient address is looked up as
<b>$<a href="postconf.5.html#empty_address_recipient">empty_address_recipient</a></b>@<b>$<a href="postconf.5.html#myhostname">myhostname</a></b> (default: mailer-daemon@hostname).
- Note 2: <i>user@domain</i> or <i>user+extension@domain</i> lookup is available in
+ Note 2: <i>user@domain</i> or <i>user+extension@domain</i> lookup is available in
Postfix 2.0 and later.
<b><a name="result_format">RESULT FORMAT</a></b>
- The lookup result is of the form <i>transport</i><b>:</b><i>nexthop</i>. The <i>transport</i>
- field specifies a mail delivery transport such as <b>smtp</b> or <b>local</b>. The
+ The lookup result is of the form <i>transport</i><b>:</b><i>nexthop</i>. The <i>transport</i>
+ field specifies a mail delivery transport such as <b>smtp</b> or <b>local</b>. The
<i>nexthop</i> field specifies where and how to deliver mail.
- The transport field specifies the name of a mail delivery transport
- (the
first name of a mail delivery service entry in the Postfix <a href="master.5.html"><b>mas-</b>
+ The transport field specifies the name of a mail delivery transport
+ (the
first name of a mail delivery service entry in the Postfix <a href="master.5.html"><b>mas-</b>
<b>ter.cf</b></a> file).
- The nexthop field usually specifies one recipient domain or hostname.
+ The nexthop field usually specifies one recipient domain or hostname.
In the case of the Postfix SMTP/LMTP client, the nexthop field may con-
- tain a list of nexthop destinations separated by comma or whitespace
+ tain a list of nexthop destinations separated by comma or whitespace
(Postfix 3.5 and later).
The syntax of a nexthop destination is transport dependent. With SMTP,
(mail exchanger) DNS lookups with [<i>host</i>] or [<i>host</i>]:<i>port</i>. The [] form is
required when you specify an IP address instead of a hostname.
- A null <i>transport</i> and null <i>nexthop</i> field means "do not change": use the
- delivery transport and nexthop information that would be used when the
+ A null <i>transport</i> and null <i>nexthop</i> field means "do not change": use the
+ delivery transport and nexthop information that would be used when the
entire transport table did not exist.
A non-null <i>transport</i> field with a null <i>nexthop</i> field resets the nexthop
information to the recipient domain.
- A null <i>transport</i> field with non-null <i>nexthop</i> field does not modify the
+ A null <i>transport</i> field with non-null <i>nexthop</i> field does not modify the
transport information.
<b><a name="examples">EXAMPLES</a></b>
- In order to deliver internal mail directly, while using a mail relay
- for all other mail, specify a null entry for internal destinations (do
+ In order to deliver internal mail directly, while using a mail relay
+ for all other mail, specify a null entry for internal destinations (do
not change the delivery transport or the nexthop information) and spec-
ify a wildcard for all other destinations.
<b>.my.domain :</b>
<b>* <a href="smtp.8.html">smtp</a>:outbound-relay.my.domain</b>
- In order to send mail for <b>example.com</b> and its subdomains via the <b>uucp</b>
+ In order to send mail for <b>example.com</b> and its subdomains via the <b>uucp</b>
transport to the UUCP host named <b>example</b>:
<b>example.com uucp:example</b>
<b>.example.com uucp:example</b>
- When no nexthop host name is specified, the destination domain name is
- used instead. For example, the following directs mail for <i>user</i>@<b>exam-</b>
- <b>ple.com</b> via the <b>slow</b> transport to a mail exchanger for <b>example.com</b>.
- The <b>slow</b> transport could be configured to run at most one delivery
- process at a time:
+ When no nexthop destination is specified, Postfix uses (from low to
+ high precedence): the recipient domain, the nexthop specified with
+ <a href="postconf.5.html#relayhost">relayhost</a>, with <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> (for remote deliveries
+ only), with the transport for the address domain class (see DESCRIPTION
+ above), or with <a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> (for remote
+ deliveries only). For example, the following directs mail for
+ <i>user</i>@<b>example.com</b> via the <b>slow</b> transport to a mail exchanger for <b>exam-</b>
+ <b>ple.com</b>. The <b>slow</b> transport could be configured to run at most one
+ delivery process at a time:
<b>example.com slow:</b>
When no transport is specified, Postfix uses the transport that matches
- the address domain class (see DESCRIPTION above). The following sends
- all mail for <b>example.com</b> and its subdomains to host <b>gateway.exam-</b>
- <b>ple.com</b>:
+ the address domain class (see DESCRIPTION above), or the transport
+ specified with <a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> (for remote
+ deliveries only). The following sends all mail for <b>example.com</b> and its
+ subdomains to host <b>gateway.example.com</b>:
<b>example.com :[gateway.example.com]</b>
<b>.example.com :[gateway.example.com]</b>
with a temporary status code.
.br
.IP "shutdown"
-Close the SMTP connection after sending a 421
-SMTP reply. Available in Postfix 3.11 and later.
+With smtpd_milters, close the SMTP connection
+after sending a 421 SMTP reply; with non_smtpd_milters, report a
+queue file write error. Available in Postfix 3.11 and later.
.br
.IP "quarantine"
Like "accept", but freeze the message in
.PP
Examples for TLS security levels:
.IP "tls=none"
-A connection that did not use TLS.
+A connection with TLS disabled.
.br
.IP "tls=may"
Opportunistic TLS. The connection was used
because no connection was made, or no server could be reached.
.br
.IP "tls=may:none"
-The client was willing to use TLS, but
-the remote server did not support STARTTLS, and the connection was
-used in plaintext as permitted by the opportunistic TLS policy.
+Opportunistic TLS. The client was
+willing to use TLS, but the remote server did not support STARTTLS,
+and the connection was used in plaintext as permitted by the
+opportunistic TLS policy.
.br
.IP "tls=dane"
DANE policy compliant, no downgrade.
Received: by mail.example.com (Postfix) id postfix\-queue\-id
for <user@example.com>; Day, dd Mon yyyy hh:mm:ss tz\-offset (zone)
.br
-Received: by mail.example.com (Postfix) id postfix\-queue\-id
+Received: by mail.example.com (Postfix) id postfix\-queue\-id;
Day, dd Mon yyyy hh:mm:ss tz\-offset (zone)
.fi
.ad
enhanced status code and text, for example:
.nf
+ \fIpattern\fR 5.1.6 Mailbox has moved to user@example
\fIpattern\fR 5.2.0 Mailbox is unavailable
\fIpattern\fR 5.2.1 Mailbox is disabled
.fi
This is the default for final delivery to domains listed
with \fBmydestination\fR, and for [\fIipaddress\fR]
destinations that match \fB$inet_interfaces\fR or
-\fB$proxy_interfaces\fR. The default \fInexthop\fR destination
-is the MTA hostname.
+\fB$proxy_interfaces\fR.
+
+In order of decreasing precedence, the \fInexthop\fR destination
+is taken from \fBtransport_maps\fR, \fBlocal_transport\fR,
+or from the recipient domain.
.IP "\fBvirtual_transport (default: virtual:)\fR"
-This is the default for final delivery to domains listed
-with \fBvirtual_mailbox_domains\fR. The default \fInexthop\fR
-destination is the recipient domain.
+This is the default for final delivery to domains listed with
+\fBvirtual_mailbox_domains\fR.
+
+In order of decreasing precedence, the \fInexthop\fR destination
+is taken from \fBtransport_maps\fR, \fBvirtual_transport\fR,
+or from the recipient domain.
.IP "\fBrelay_transport (default: relay:)\fR"
This is the default for remote delivery to domains listed
-with \fBrelay_domains\fR. In order of decreasing precedence,
-the \fInexthop\fR destination is taken from \fBrelay_transport\fR,
-\fBsender_dependent_relayhost_maps\fR, \fBrelayhost\fR, or from the
-recipient domain.
+with \fBrelay_domains\fR.
+
+In order of decreasing precedence, the \fInexthop\fR destination
+is taken from \fBtransport_maps\fR, \fBrelay_transport\fR,
+\fBsender_dependent_relayhost_maps\fR, \fBrelayhost\fR, or from
+the recipient domain.
.IP "\fBdefault_transport (default: smtp:)\fR"
This is the default for remote delivery to other destinations.
+
In order of decreasing precedence, the \fInexthop\fR
-destination is taken from \fBsender_dependent_default_transport_maps,
+destination is taken from \fBtransport_maps\fR,
+\fBsender_dependent_default_transport_maps,
\fBdefault_transport\fR, \fBsender_dependent_relayhost_maps\fR,
\fBrelayhost\fR, or from the recipient domain.
.PP
\fB\&.example.com uucp:example\fR
.fi
-When no nexthop host name is specified, the destination domain
-name is used instead. For example, the following directs mail for
-\fIuser\fR@\fBexample.com\fR via the \fBslow\fR transport to a mail
-exchanger for \fBexample.com\fR. The \fBslow\fR transport could be
-configured to run at most one delivery process at a time:
+When no nexthop destination is specified, Postfix uses (from low
+to high precedence): the recipient domain, the nexthop specified
+with relayhost, with sender_dependent_relayhost_maps (for remote
+deliveries only), with the transport for the address domain class
+(see DESCRIPTION above), or with
+sender_dependent_default_transport_maps (for remote deliveries
+only). For example, the following directs mail for
+\fIuser\fR@\fBexample.com\fR via the \fBslow\fR transport to a
+mail exchanger for \fBexample.com\fR. The \fBslow\fR transport
+could be configured to run at most one delivery process at a time:
.nf
\fBexample.com slow:\fR
.fi
When no transport is specified, Postfix uses the transport that
-matches the address domain class (see DESCRIPTION
-above). The following sends all mail for \fBexample.com\fR and its
+matches the address domain class (see DESCRIPTION above), or
+the transport specified with
+sender_dependent_default_transport_maps (for remote deliveries
+only). The following sends all mail for \fBexample.com\fR and its
subdomains to host \fBgateway.example.com\fR:
.nf
The mail filter protocol version and optional protocol extensions
for communication with a Milter application; prior to Postfix 2.6
the default protocol is 2.
-.IP "\fBmilter_default_action (tempfail)\fR"
+.IP "\fBmilter_default_action (Postfix >= 3.11: shutdown; Postfix < 3.11: tempfail)\fR"
The default action when a Milter (mail filter) response is
unavailable (for example, bad Postfix configuration or Milter
failure).
The mail filter protocol version and optional protocol extensions
for communication with a Milter application; prior to Postfix 2.6
the default protocol is 2.
-.IP "\fBmilter_default_action (tempfail)\fR"
+.IP "\fBmilter_default_action (Postfix >= 3.11: shutdown; Postfix < 3.11: tempfail)\fR"
The default action when a Milter (mail filter) response is
unavailable (for example, bad Postfix configuration or Milter
failure).
s;\bvir[-</bB>]*\n*[ <bB>]*tual_mail[-</bB>]*\n* *[<bB>]*box_lock\b;<a href="postconf.5.html#virtual_mailbox_lock">$&</a>;g;
s;\bvir[-</bB>]*\n*[ <bB>]*tual_mail[-</bB>]*\n* *[<bB>]*box_maps\b;<a href="postconf.5.html#virtual_mailbox_maps">$&</a>;g;
s;\bvir[-</bB>]*\n*[ <bB>]*tual_minimum_uid\b;<a href="postconf.5.html#virtual_minimum_uid">$&</a>;g;
- s;\bvir[-</bB>]*\n*[ <bB>]*tual_transport\b;<a href="postconf.5.html#virtual_transport">$&</a>;g;
+ s;\bvir[-</bB>]*\n*[ <bB>]*tual_trans
[-</bB>]*\n*[ <bB>]*port\b;<a href="postconf.5.html#virtual_transport">$&</a>;g;
s;\bvir[-</bB>]*\n*[ <bB>]*tual_uid_maps\b;<a href="postconf.5.html#virtual_uid_maps">$&</a>;g;
s;\bsmtp_enforce_tls\b;<a href="postconf.5.html#smtp_enforce_tls">$&</a>;g;
<h2> <a name="xxx_tls_level"> Using backwards-compatible
default setting <i>xxx</i>_security_level=(empty)</a> </h2>
-<p> Postfix version 3.11 changes the default value for client TLS
-security levels from "empty" to "may". The backwards-compatibility
+<p> When built with TLS support, Postfix version 3.11 changes the
+default SMTP client TLS
+security level from "empty" to "may". The backwards-compatibility
safety net is designed to prevent an unexpected change in mail
sending behavior when Postfix is updated from an older version.
</p>
<dt>tempfail</dt> <dd>Reject all further commands in this session
with a temporary status code. </dd>
-<dt>shutdown</dt> <dd>Close the SMTP connection after sending a 421
-SMTP reply. Available in Postfix 3.11 and later. </dd>
+<dt>shutdown</dt> <dd>With smtpd_milters, close the SMTP connection
+after sending a 421 SMTP reply; with non_smtpd_milters, report a
+queue file write error. Available in Postfix 3.11 and later. </dd>
<dt>quarantine</dt> <dd>Like "accept", but freeze the message in
the "hold" queue. Available with Postfix 2.6 and later. </dd>
<dl>
-<dt> tls=none </dt> <dd> A connection that did not use TLS. </dd>
+<dt> tls=none </dt> <dd> A connection with TLS disabled. </dd>
<dt> tls=may </dt> <dd> Opportunistic TLS. The connection was used
after a successful TLS handshake. </dd>
<dt> tls=may? </dt> <dd> Opportunistic TLS. The status was undecided
because no connection was made, or no server could be reached. </dd>
-<dt> tls=may:none </dt> <dd> The client was willing to use TLS, but
-the remote server did not support STARTTLS, and the connection was
-used in plaintext as permitted by the opportunistic TLS policy. </dd>
+<dt> tls=may:none </dt> <dd> Opportunistic TLS. The client was
+willing to use TLS, but the remote server did not support STARTTLS,
+and the connection was used in plaintext as permitted by the
+opportunistic TLS policy. </dd>
<dt> tls=dane </dt> <dd> DANE policy compliant, no downgrade. </dd>
Received: by mail.example.com (Postfix) id postfix-queue-id
for <user@example.com>; Day, dd Mon yyyy hh:mm:ss tz-offset (zone)
<br>
-Received: by mail.example.com (Postfix) id postfix-queue-id
+Received: by mail.example.com (Postfix) id postfix-queue-id;
Day, dd Mon yyyy hh:mm:ss tz-offset (zone)
</pre>
</blockquote>
# enhanced status code and text, for example:
#
# .nf
+# \fIpattern\fR 5.1.6 Mailbox has moved to user@example
# \fIpattern\fR 5.2.0 Mailbox is unavailable
# \fIpattern\fR 5.2.1 Mailbox is disabled
# .fi
xa
ascii
halfdane
+JSON
+bool
+jl
+jq
+js
+posttls
+prepended
+sts
- message from the postqueue command File postqueue postqueue c
- or kernel bug emits a weird error File postqueue postqueue c
- Dukhovni File auxiliary collate collate pl
- sanitization File showq showq c
- with setgid permissions File postlogd postlogd c
- cleanup server enters the chroot jail Files cleanup cleanup h
- global maps c global maps h smtp smtp c
- cleanup cleanup h cleanup cleanup_init c
- src global mail_dict c src postalias postalias c
- src postmap postmap c
- manpage File postqueue postqueue c
- Fix by Viktor Dukhovni Files tls tls h tls tls_dane c
- Discovered by Benny Pedersen File postscreen postscreen c
- proto postconf proto src tlsproxy tlsproxy c src smtpd smtpd c
- src tls tls h src tls tls_proxy_client_misc c src tls tls_misc c
- src global mail_params h src smtp smtp c
+ address failed due to a database error File verify verify c
+ a dependency for html html File html Makefile in
+ a domain File postalias postalias c
+ aliasing Files proto aliases proto virtual postfix postfix c
+ a list of comma separated names Files smtpd smtpd hc
+ and JSON output Files postmulti postmulti c
+ an unknown or unimplemented command File smtpd smtpd c
+ are no more alternate MX servers to try Files smtp smtp h
attacks Fix by Viktor Dukhovni Files tls tls h tls_client c
- proto stop spell proto html dns dns h dns dns_lookup c
- smtp smtp_addr h smtp smtp c smtp smtp_connect c
- smtp smtp h smtp smtp_params c smtp smtp_session c
- File smtpd smtpd c
- smtp smtp_addr c smtp smtp_addr h smtp smtp c
- smtp smtp_connect c smtp smtp h smtp smtp_params c
- arguments Files src dns dns h src dns dns_rr_eq_sa c
- only a subset of all arguments Files src dns dns h
- global mail_params h smtp smtp c smtpd smtpd c tls tls_misc c
- tls tls_proxy_client_scan c tls tls_proxy h tlsproxy tlsproxy c
- smtp smtp c smtpd smtpd c tls tls_misc c
-proto proto SASL_README html proto SQLITE_README html
- proto postconf proto global mail_params h smtp smtp c
- smtpd smtpd c tls tls_misc c tls tls_proxy_client_misc c
- tls tls_proxy h tlsproxy tlsproxy c
- postfix postfix c postlog postlog c
- util net_mask_top hc smtpd smtpd c smtpd smtpd_peer c
- util inet_prefix_top hc smtpd smtpd c smtpd smtpd_peer c
- File smtp smtp h
- manpage File postscreen postscreen c
- Files postconf postconf h postconf postconf_dbms c
-proto proto ADDRESS_REWRITING_README html
- proto postconf proto proto ADDRESS_REWRITING_README html
+ available Files local command c local local c
+ bounce bounce c bounce bounce_notify_util c cleanup cleanup c
+ bounce bounce_one_service c cleanup cleanup c
+ Christophe Kalt Files postqueue postqueue c
+ cleanup cleanup c cleanup cleanup_init c proto postconf proto
cleanup cleanup c local local c smtpd smtpd c
- postfix postfix c
- aliasing Files proto aliases proto virtual postfix postfix c
-proto proto aliases proto virtual proto ADDRESS_REWRITING_README html
- master master c postlog postlog c postlogd postlogd c
- proto postconf proto proto aliases proto virtual
- posttls finger posttls finger c smtp smtp c smtp smtp_proto c
- tls tls_client c tls tls h tls tls_misc c
- tls tls_proxy h tls tls_server c tlsproxy tlsproxy c
+ cleanup cleanup h cleanup cleanup_addr c cleanup cleanup_api c
+ cleanup cleanup h cleanup cleanup_extracted c
+ cleanup cleanup h cleanup cleanup_init c
+ cleanup cleanup_message c smtp smtp c smtp smtp_connect c
+ cleanup cleanup_out_recipient c discard discard c error error c
Cleanup removed some the the instances Files
- clients Files posttls finger posttls finger c smtp smtp c
- smtp smtp c smtp smtp_proto c tls tls_client c tls tls h
- smtp smtp c smtpd smtpd c tls tls_client c tls tls h
- smtp smtp_proto c tls tls h tls tls_proxy_client_misc c
- tls tls_server c tlsproxy tlsproxy c
- tlsproxy tlsproxy c
- proto postconf proto smtp smtp c smtpd smtpd c
- pipelining before the server greeting File smtpd smtpd c
- before the server greeting File smtpd smtpd c
- global mail_params h smtpd smtpd c proto postconf proto
- Typo fix by Trent W Buck Files proto postconf proto proto stop
- smtp smtp c smtp smtp h smtp smtp_params c smtp smtp_proto c
- smtp smtp_tls_policy c smtpd smtpd c smtpd smtpd_check c
- tls tls h tls tls_client c tls tls_dane c tls tls_fprint c
- reported by Serg File smtp smtp h
- smtp lmtp_params c smtp smtp c smtp smtp_params c
- plaintext Problem reported by Serg File smtp smtp h
- cleanup cleanup c cleanup cleanup_init c proto postconf proto
- smtpd smtpd c
- proto postconf proto postscreen postscreen c
- global maillog_client c master master c smtp smtp c
- src postalias postalias c src postmap postmap c
- src postalias postalias c src postmap postmap c
- src smtpd smtpd c src smtpd smtpd_check c
- not proxymap or proxywrite File proxymap proxymap c
- still has its all zero SIZE record File postcat postcat c
- manpage text File smtp smtp c
- manpage text Files smtp smtp c global mail_proto h
- File proxymap proxymap c
- on process name Files smtp smtp c global mail_proto h
+ cleanup server enters the chroot jail Files cleanup cleanup h
+ Cleanup tlsmgr c fix 20240124 File tlsmgr tlsmgr c
+ client Files dict h dict_proxy c proxymap proxymap c
client process name File proxymap proxymap c
- available Files local command c local local c
- ID if available File pipe pipe c
- global smtp_stream h smtpd smtpd c
- global smtp_stream c global smtp_stream h smtpd smtpd c
- log the helo mail and rcpt information Files smtpd smtpd c
- LF LF or LF CR LF before responding This increases
- smtpd smtpd c global smtp_stream hc global cleanup_user h
- smtpd smtpd c smtpd smtpd_check c
- keep reading message content after an unexpected LF LF
- forms Files proto postconf proto smtpd smtpd c
- CR LF CR CR LF File global smtp_stream c
+ clients Files posttls finger posttls finger c smtp smtp c
+ conf postfix tls script discard discard c error error c
CR LF CR CR LF There is no smuggling vulnerability
- sequence mail systems send CR LF CR CR LF instead
- global mail_params h cleanup cleanup c cleanup cleanup_message c
- Files smtpd smtpd c proto postconf proto RELEASE_NOTES
- stable releases Files global smtp_stream hc smtpd smtpd c
- Files global smtp_stream hc smtpd smtpd c
- Files smtpd smtpd c proto postconf proto
- names Files smtpd smtpd hc
- or access control limitations Files smtpd smtpd hc
- spam the log with a warning message File tlsmgr tlsmgr c
- Cleanup tlsmgr c fix 20240124 File tlsmgr tlsmgr c
- MX or SRV records File smtp smtp c
- a list of comma separated names Files smtpd smtpd hc
+ cross talk between different clients File proxymap proxymap c
+ discard discard c global ascii_header_text c
+ Discovered by Benny Pedersen File postscreen postscreen c
dnsblog dnsblog c postkick postkick c postlock postlock c
- postdrop postdrop c postsuper postsuper c sendmail sendmail c
- postlogd postlogd c
- qmgr qmgr c qmqpd qmqpd c trivial rewrite trivial rewrite c
- strategies File smtp smtp c
- postconf postconf c postconf postconf_dbms c postconf postconf h
- postconf postconf c postconf postconf_unused c
- postfix start start fg check reload status Files
- Files postconf postconf c postconf postconf_unused c
- the commands postfix start start fg check reload or
- status Files postconf postconf c postconf postconf_dbms c
- postconf postconf h conf postfix script conf post install
- postconf postconf c postconf postconf_dbms c
- File tlsmgr tlsmgr c
- restrictions Files dns dns h dns dns_lookup c dns dns_rr c
- systems 6 bytes for LP64 File dns dns h
- xxfi_unknown return values File smtpd smtpd c
- or unimplemented commands File smtpd smtpd c
-proto proto mysql_table proto pgsql_table proto ldap_table
+ dns dns h dns dns_lookup c dns dns_rr_filter c dns dns_sec c
+ dns dns h examples smtpd policy README SPF html index html
+ Documentation edited for clarity Files pipe pipe c
+ don t satisfy connection requirements Files smtp smtp h
+ dual purpose field File tls tls h
+ Dukhovni File auxiliary collate collate pl
+ each other Files global mail_conf c postdrop postdrop c
+ failures Fix by Viktor Dukhovni Wietse Files smtp smtp h
+ features File postqueue postqueue c
File pickup pickup c
- a domain File postalias postalias c
- File spawn spawn c
- an unknown or unimplemented command File smtpd smtpd c
- inside more consistent Files proto master pipe pipe c
- unimplemented commands in the SMTP server File smtpd smtpd c
- cleanup cleanup h cleanup cleanup_extracted c
File postcat postcat c
+ File postscreen postscreen c
+ File proxymap proxymap c
+ Files bounce bounce c bounce bounce_notify_service c
+ Files global smtp_stream hc smtpd smtpd c
+ Files makedefs bounce bounce c cleanup cleanup_init c
+ Files Makefile in smtp smtp h smtp smtp_connect c
+ Files mantools postlink proto postconf proto cleanup cleanup c
+ File smtpd smtpd c
+ File smtp smtp h
+ File spawn spawn c
+ Files postconf postconf c postconf postconf_unused c
+ Files postconf postconf h postconf postconf_dbms c
+ Files proto postconf proto proto DEPRECATION_README html
+ Files smtpd smtpd c proto postconf proto RELEASE_NOTES
+ Files smtp smtp h
+ Files smtp smtp h smtp smtp_key c smtp smtp_proto c
Files src tls tls h src tls tls_dh c src tls tls_misc c
- proto TLSRPT_README html proto postconf proto smtp smtp c
- proto aliases cleanup cleanup c local local c smtpd smtpd c
- bounce bounce_one_service c cleanup cleanup c
- dns dns h dns dns_lookup c dns dns_rr_filter c dns dns_sec c
+ File tlsmgr tlsmgr c
+ File tls tls h
+ filters Files cleanup cleanup c cleanup cleanup_message c
+ Fix by Viktor Dukhovni Files tls tls h tls tls_dane c
+ forms Files proto postconf proto smtpd smtpd c
+ for the h option Robert Hansen File postmap postmap c
+ global maillog_client c master master c smtp smtp c
+ global mail_params h bounce bounce c
+ global mail_params h cleanup cleanup c cleanup cleanup_message c
+ global mail_params h proto postconf proto smtp smtp c
+ global mail_params h smtpd smtpd c
+ global mail_params h smtpd smtpd c proto postconf proto
+ global mail_params h smtp lmtp_params c smtp smtp c
+ global maps c global maps h smtp smtp c
+ global pol_stats c global pol_stats_test c smtp smtp h
+ global pol_stats_test c smtp smtp h smtp smtp_connect c
+ global rec_types h pickup pickup c
+ global smtp_stream c global smtp_stream h smtpd smtpd c
+ global trace h global verify c global verify h local local h
+ ID if available File pipe pipe c
+ inside more consistent Files proto master pipe pipe c
+ is case insensitive Files sendmail sendmail c
+ keep reading message content after an unexpected LF LF
local command c master master c master master h
- pipe pipe c postfix postfix c postscreen postscreen_dnsbl c
- qmgr qmgr_entry c qmqpd qmqpd_peer c smtp smtp h
- Piekert File tlsproxy tlsproxy c
- dns dns h examples smtpd policy README SPF html index html
- postfix postfix c proto ADDRESS_CLASS_README html
-proto proto socketmap_table qmqpd qmqpd c tls tls_misc c
- proto socketmap_table qmqpd qmqpd c tls tls_misc c
- a dependency for html html File html Makefile in
- master dgram_server c master mail_server h postlogd postlogd c
- reload etc File spawn spawn c
- proto postconf proto cleanup cleanup c cleanup cleanup_init c
+ local forward c local local c local local h oqmgr qmgr h
+ local local c oqmgr qmgr c postconf extract awk qmgr qmgr c
logging to the standard error stream File postlog postlog c
- Files mantools postlink proto postconf proto cleanup cleanup c
+ long long which just like time_t is a 64 bit type on many
+ manpage File postqueue postqueue c
+ manpage File postscreen postscreen c
many errors I O timeout lost connection File smtpd smtpd c
- that is unknown or known but disabled File smtpd smtpd c
-proto proto socketmap_table
- Files bounce bounce c bounce bounce_notify_service c
- cleanup cleanup h cleanup cleanup_addr c cleanup cleanup_api c
- local forward c local local c local local h oqmgr qmgr h
- pickup pickup c qmgr qmgr h qmgr qmgr_active c
- qmgr qmgr_deliver c qmgr qmgr_message c qmqpd qmqpd c
- smtp smtp_proto c smtpd smtpd c verify verify c
+ master dgram_server c master mail_server h postlogd postlogd c
+ master master c postlog postlog c postlogd postlogd c
+ message from the postqueue command File postqueue postqueue c
+ milter test milter c postconf postconf_edit c smtp smtp c
+ MX or SRV records File smtp smtp c
+ not proxymap or proxywrite File proxymap proxymap c
+ only a subset of all arguments Files src dns dns h
+ on process name Files smtp smtp c global mail_proto h
operations Files cleanup cleanup h cleanup cleanup_message c
- global ehlo_mask_test c local forward c smtpd smtpd c
- more alternate MX servers to try Files smtp smtp h
- Files sendmail sendmail c global rec_types h
- Files sendmail sendmail c
- Files sendmail sendmail c global rec_types h pickup pickup c
- pipe pipe c sendmail sendmail c
- smtp smtp c smtp smtp_proto c
- bounce bounce c bounce bounce_notify_util c cleanup cleanup c
- cleanup cleanup_message c smtp smtp c smtp smtp_connect c
- Documentation edited for clarity Files pipe pipe c
- servers to try Files smtp smtp h smtp smtp_proto c
- global mail_params h smtpd smtpd c
- global mail_params h proto postconf proto smtp smtp c
- proto postconf proto proto TLS_README html
- the command line Files postmap postmap c postalias postalias c
- verification in progress File verify verify c
-+ address failed File verify verify c
- address failed File verify verify c
- address failed due to a database error File verify verify c
- failures Fix by Viktor Dukhovni Wietse Files smtp smtp h
- Files smtp smtp h
-proto proto COMPATIBILITY_README html
- smtp smtp c tlsproxy tlsproxy c proto postconf proto
- rhansen rhansen org Files proto DATABASE_README html
+ oqmgr qmgr c postmulti postmulti c qmgr qmgr c
+ or access control limitations Files smtpd smtpd hc
+ or kernel bug emits a weird error File postqueue postqueue c
+ or unimplemented commands File smtpd smtpd c
+ pickup pickup c qmgr qmgr h qmgr qmgr_active c
+ Piekert diagnosed by John Fawcett File showq showq c
+ Piekert File tlsproxy tlsproxy c
+ pipelining before the server greeting File smtpd smtpd c
+ pipe pipe c postfix postfix c postscreen postscreen_dnsbl c
+ pipe pipe c qmgr qmgr_bounce c qmgr qmgr_defer c
+ Portability makedefs postalias postalias c util dict_debug c
+ postalias postalias c
+ postalias postalias c There is more time handling code in
postconf Makefile in postconf postconf c
- dict_open Files util dict hc proxymap proxymap c
- proxymap proxymap c
+ postconf postconf c postconf postconf_dbms c
+ postconf postconf h conf postfix script conf post install
+ postconf postconf hc postconf postconf_main c
+ postdrop postdrop c postsuper postsuper c sendmail sendmail c
+ postfix postfix c
+ postfix postfix c postlog postlog c
+ postfix postfix c proto ADDRESS_CLASS_README html
+ postlogd postlogd c
+ postlog postlog c postqueue postqueue c
+ postmap Makefile in postmap postmap c postalias Makefile in
postmap postmap c postalias postalias c
- client Files dict h dict_proxy c proxymap proxymap c
- cross talk between different clients File proxymap proxymap c
+ postmulti Makefile in postmulti postmulti c
+ postqueue showq_compat c postqueue showq_json c showq showq c
postscreen postscreen c
- for the h option Robert Hansen File postmap postmap c
- Support for the ll long long etc and j intmax_t
- postalias postalias c There is more time handling code in
- long long which just like time_t is a 64 bit type on many
- File tls tls h
- dual purpose field File tls tls h
- conf postfix tls script discard discard c error error c
- oqmgr qmgr c postmulti postmulti c qmgr qmgr c
- src global config_known_tcp_ports c postmulti postmulti c
- virtual virtual c
+ program manpages Files cleanup cleanup c smtpd smtpd c
+ proto aliases cleanup cleanup c local local c smtpd smtpd c
+ proto postconf proto global mail_params h smtp smtp c
+ proto postconf proto postscreen postscreen c
+ proto postconf proto proto ADDRESS_REWRITING_README html
+ proto postconf proto proto aliases proto virtual
+ proto postconf proto proto TLS_README html
+ proto postconf proto smtp smtp c smtpd smtpd c
+ proto postconf proto src tlsproxy tlsproxy c src smtpd smtpd c
+proto proto ADDRESS_REWRITING_README html
+proto proto aliases proto virtual proto ADDRESS_REWRITING_README html
+proto proto COMPATIBILITY_README html
+proto proto mysql_table proto pgsql_table proto ldap_table
+proto proto REQUIRETLS_README html global mail_params hc
+proto proto REQUIRETLS_README html smtp smtp_reqtls_policy c
+proto proto SASL_README html proto SQLITE_README html
+proto proto socketmap_table
+proto proto socketmap_table qmqpd qmqpd c tls tls_misc c
+ proto socketmap_table qmqpd qmqpd c tls tls_misc c
+ proto stop spell proto html dns dns h dns dns_lookup c
+ proto TLSRPT_README html proto postconf proto smtp smtp c
+ proxymap proxymap c
+ qmgr qmgr c qmqpd qmqpd c trivial rewrite trivial rewrite c
+ qmgr qmgr_deliver c qmgr qmgr_message c qmqpd qmqpd c
+ qmgr qmgr_entry c qmqpd qmqpd_peer c smtp smtp h
+ qmgr qmgr_message c smtp smtp h smtp smtp_connect c
+ reload etc File spawn spawn c
request Reported by John Doe File tlsproxy tlsproxy c
+ restrictions Files dns dns h dns dns_lookup c dns dns_rr c
+ returned to the sender Files showq showq c
+ rhansen rhansen org Files proto DATABASE_README html
+ role is received File tlsproxy tlsproxy c
+ sanitization File showq showq c
+ sendmail sendmail c global rec_types h postcat postcat c
+ sequence mail systems send CR LF CR CR LF instead
+ showq showq c Ditto for sendmail O smtputf8 yes no
+ smtpd smtpd c
+ smtpd smtpd c global smtp_stream hc global cleanup_user h
smtpd smtpd c smtpd smtpd_chat c global mail_params h
- Files Makefile in smtp smtp h smtp smtp_connect c
- global mail_params h bounce bounce c
+ smtpd smtpd c smtpd smtpd_check c
+ smtpd smtpd c smtp smtp_connect c smtp smtp_proto c
+ smtpd smtpd c tls tls_misc c tls tls_proxy_client_misc c
smtp lmtp_params c smtp smtp c smtp smtp_connect c
+ smtp lmtp_params c smtp smtp c smtp smtp_params c
+ smtp lmtp_params c smtp smtp h smtp smtp_params c
+ smtp smtp_addr c smtp smtp_addr h smtp smtp c
+ smtp smtp c
+ smtp smtp_connect c smtp smtp h smtp smtp_params c
+ smtp smtp c smtpd smtpd c tls tls_client c tls tls h
+ smtp smtp c smtpd smtpd c trivial rewrite trivial rewrite c
+ smtp smtp c smtp smtp h smtp smtp_params c smtp smtp_proto c
+ smtp smtp c smtp smtp_proto c tls tls_client c tls tls h
+ smtp smtp c tlsproxy tlsproxy c proto postconf proto
+ smtp smtp h smtp smtp_connect c smtp smtp_params c
smtp smtp h smtp smtp_params c smtp smtp_proto c
- information Files sendmail sendmail c pickup pickup c
- postcat postcat c showq showq c
- discard discard c error error c global Makefile in
- global verify c global verify h local local h
- pipe pipe c qmgr qmgr_bounce c qmgr qmgr_defer c
- qmgr qmgr_message c smtp smtp h smtp smtp_connect c
+ smtp smtp_proto c smtpd smtpd c verify verify c
+ smtp smtp_proto c tls tls h tls tls_proxy_client_misc c
+ smtp smtp_reqtls_policy_test c smtpd smtpd c smtpd smtpd_chat c
+ smtp smtp_tls_policy c smtpd smtpd c smtpd smtpd_check c
smtp smtp_trouble c virtual virtual h
- connection requirements Files smtp smtp h smtp smtp_key c
- Files smtp smtp h smtp smtp_key c smtp smtp_proto c
- smtp smtp c smtp smtp h smtp smtp_connect c smtp smtp_params c
- smtp smtp h smtp smtp_connect c smtp smtp_proto c
- sendmail sendmail c pipe pipe c postcat postcat c
- showq showq c
- content filters Files cleanup cleanup c
+ src global config_known_tcp_ports c postmulti postmulti c
+ src global mail_dict c src postalias postalias c
+ src global mail_params h src smtp smtp c
+ src postalias postalias c src postmap postmap c
+ src postmap postmap c
+ src smtpd smtpd c src smtpd smtpd_check c
+ src tls tls h src tls tls_proxy_client_misc c src tls tls_misc c
+ status Files postconf postconf c postconf postconf_dbms c
+ still has its all zero SIZE record File postcat postcat c
+ strategies File smtp smtp c
style content filter Files smtpd smtpd c smtp smtpd_proto c
- global pol_stats_test c smtp smtp h smtp smtp_connect c
- global mail_params h smtp lmtp_params c smtp smtp c
-proto proto REQUIRETLS_README html
-proto proto REQUIRETLS_README html global mail_params c
-proto proto REQUIRETLS_README html smtp smtp_reqtls_policy c
- sendmail sendmail c global rec_types h postcat postcat c
- smtp smtp h smtp smtp_connect c smtp smtp_params c
+ Support for the ll long long etc and j intmax_t
+ systems 6 bytes for LP64 File dns dns h
+ the command line Files postmap postmap c postalias postalias c
+ the commands postfix start start fg check reload or
the policies policy policy domain value This ignores
+ tlsproxy tlsproxy c
TLSRPT Workaround when policies policy policy type is
- proto postconf proto proto REQUIRETLS_README html
- Christophe Kalt Files postqueue postqueue c
- postqueue showq_compat c postqueue showq_json c showq showq c
- role is received File tlsproxy tlsproxy c
- Files proto postconf proto proto DEPRECATION_README html
- features File postqueue postqueue c
-proto proto Makefile in
- are no more alternate MX servers to try Files smtp smtp h
- cleanup cleanup_out_recipient c discard discard c error error c
- don t satisfy connection requirements Files smtp smtp h
- File postscreen postscreen c
- filters Files cleanup cleanup c cleanup cleanup_message c
- global pol_stats c global pol_stats_test c smtp smtp h
- global rec_types h pickup pickup c
- global trace h global verify c global verify h local local h
- is case insensitive Files sendmail sendmail c
-proto proto REQUIRETLS_README html global mail_params hc
- showq showq c Ditto for sendmail O smtputf8 yes no
- smtpd smtpd c smtp smtp_connect c smtp smtp_proto c
- util mac_expand ref proto postconf proto proto Makefile in
- smtp lmtp_params c smtp smtp h smtp smtp_params c
- postmap Makefile in postmap postmap c postalias Makefile in
- postalias postalias c
- postconf postconf hc postconf postconf_main c
- and JSON output Files postmulti postmulti c
- postmulti Makefile in postmulti postmulti c
+ tls tls h tls tls_client c tls tls_dane c tls tls_fprint c
+ tls tls_proxy h tlsproxy tlsproxy c
+ tls tls_server c tlsproxy tlsproxy c
to integrate into test scripts File postmulti postmulti c
- local local c oqmgr qmgr c postconf extract awk qmgr qmgr c
- makedefs bounce bounce c cleanup cleanup_init c
- smtp smtp c smtpd smtpd c trivial rewrite trivial rewrite c
- Files makedefs bounce bounce c cleanup cleanup_init c
- Portability makedefs postalias postalias c util dict_debug c
- returned to the sender Files showq showq c
- Piekert diagnosed by John Fawcett File showq showq c
- each other Files global mail_conf c postdrop postdrop c
- postlog postlog c postqueue postqueue c
+ Typo fix by Trent W Buck Files proto postconf proto proto stop
+ unimplemented commands in the SMTP server File smtpd smtpd c
+ util inet_prefix_top hc smtpd smtpd c smtpd smtpd_peer c
+ util mac_expand ref proto postconf proto proto Makefile in
+ verification in progress File verify verify c
+ virtual virtual c
+ with setgid permissions File postlogd postlogd c
# This is the default for final delivery to domains listed
# with \fBmydestination\fR, and for [\fIipaddress\fR]
# destinations that match \fB$inet_interfaces\fR or
-# \fB$proxy_interfaces\fR. The default \fInexthop\fR destination
-# is the MTA hostname.
+# \fB$proxy_interfaces\fR.
+#
+# In order of decreasing precedence, the \fInexthop\fR destination
+# is taken from \fBtransport_maps\fR, \fBlocal_transport\fR,
+# or from the recipient domain.
# .IP "\fBvirtual_transport (default: virtual:)\fR"
-# This is the default for final delivery to domains listed
-# with \fBvirtual_mailbox_domains\fR. The default \fInexthop\fR
-# destination is the recipient domain.
+# This is the default for final delivery to domains listed with
+# \fBvirtual_mailbox_domains\fR.
+#
+# In order of decreasing precedence, the \fInexthop\fR destination
+# is taken from \fBtransport_maps\fR, \fBvirtual_transport\fR,
+# or from the recipient domain.
# .IP "\fBrelay_transport (default: relay:)\fR"
# This is the default for remote delivery to domains listed
-# with \fBrelay_domains\fR. In order of decreasing precedence,
-# the \fInexthop\fR destination is taken from \fBrelay_transport\fR,
-# \fBsender_dependent_relayhost_maps\fR, \fBrelayhost\fR, or from the
-# recipient domain.
+# with \fBrelay_domains\fR.
+#
+# In order of decreasing precedence, the \fInexthop\fR destination
+# is taken from \fBtransport_maps\fR, \fBrelay_transport\fR,
+# \fBsender_dependent_relayhost_maps\fR, \fBrelayhost\fR, or from
+# the recipient domain.
# .IP "\fBdefault_transport (default: smtp:)\fR"
# This is the default for remote delivery to other destinations.
+#
# In order of decreasing precedence, the \fInexthop\fR
-# destination is taken from \fBsender_dependent_default_transport_maps,
+# destination is taken from \fBtransport_maps\fR,
+# \fBsender_dependent_default_transport_maps,
# \fBdefault_transport\fR, \fBsender_dependent_relayhost_maps\fR,
# \fBrelayhost\fR, or from the recipient domain.
# .PP
# \fB\&.example.com uucp:example\fR
# .fi
#
-# When no nexthop host name is specified, the destination domain
-# name is used instead. For example, the following directs mail for
-# \fIuser\fR@\fBexample.com\fR via the \fBslow\fR transport to a mail
-# exchanger for \fBexample.com\fR. The \fBslow\fR transport could be
-# configured to run at most one delivery process at a time:
+# When no nexthop destination is specified, Postfix uses (from low
+# to high precedence): the recipient domain, the nexthop specified
+# with relayhost, with sender_dependent_relayhost_maps (for remote
+# deliveries only), with the transport for the address domain class
+# (see DESCRIPTION above), or with
+# sender_dependent_default_transport_maps (for remote deliveries
+# only). For example, the following directs mail for
+# \fIuser\fR@\fBexample.com\fR via the \fBslow\fR transport to a
+# mail exchanger for \fBexample.com\fR. The \fBslow\fR transport
+# could be configured to run at most one delivery process at a time:
#
# .nf
# \fBexample.com slow:\fR
# .fi
#
# When no transport is specified, Postfix uses the transport that
-# matches the address domain class (see DESCRIPTION
-# above). The following sends all mail for \fBexample.com\fR and its
+# matches the address domain class (see DESCRIPTION above), or
+# the transport specified with
+# sender_dependent_default_transport_maps (for remote deliveries
+# only). The following sends all mail for \fBexample.com\fR and its
# subdomains to host \fBgateway.example.com\fR:
#
# .nf
/* The mail filter protocol version and optional protocol extensions
/* for communication with a Milter application; prior to Postfix 2.6
/* the default protocol is 2.
-/* .IP "\fBmilter_default_action (tempfail)\fR"
+/* .IP "\fBmilter_default_action (Postfix >= 3.11: shutdown; Postfix < 3.11: tempfail)\fR"
/* The default action when a Milter (mail filter) response is
/* unavailable (for example, bad Postfix configuration or Milter
/* failure).
case 'S':
if (state->flags & CLEANUP_STAT_CONT)
return (0);
- /* XXX Can this happen after end-of-message? */
- state->flags |= CLEANUP_STAT_CONT;
+ /* Shutdown' may be the default action for an I/O error. */
+ CLEANUP_MILTER_SET_SMTP_REPLY(state, resp);
+ ret = state->reason;
+ state->errs |= CLEANUP_STAT_WRITE;
action = "milter-reject";
- text = cleanup_strerror(CLEANUP_STAT_CONT);
+ text = resp + 4;
break;
/*
for (nrcpt = 0; nrcpt < request->rcpt_list.len; nrcpt++) {
rcpt = request->rcpt_list.info + nrcpt;
status = sent(BOUNCE_FLAGS(request), request->queue_id,
- &request->msg_stats, rcpt, "none",
+ &request->msg_stats, rcpt, "none",
NO_TLS_STATS, &dsn);
if (status == 0 && (request->flags & DEL_REQ_FLAG_SUCCESS))
deliver_completed(src, rcpt->offset);
typedef struct TEST_CASE {
const char *label;
int (*action) (const struct TEST_CASE *);
- int flags;
+ int flags;
const char *input;
const char *exp_output;
} TEST_CASE;
const char *got;
if (result == 0)
- result = vstring_alloc(100);
+ result = vstring_alloc(100);
got = make_ascii_header_text(result, tp->flags, tp->input);
if (!got != !tp->exp_output) {
- msg_warn("got result ``%s'', want ``%s''",
- got ? got : "null",
- tp->exp_output ? tp->exp_output : "null");
- return (FAIL);
+ msg_warn("got result ``%s'', want ``%s''",
+ got ? got : "null",
+ tp->exp_output ? tp->exp_output : "null");
+ return (FAIL);
}
if (got && strcmp(got, tp->exp_output) != 0) {
- msg_warn("got result ``%s'', want ``%s''", got, tp->exp_output);
- return (FAIL);
+ msg_warn("got result ``%s'', want ``%s''", got, tp->exp_output);
+ return (FAIL);
}
return (PASS);
}
msg_vstream_init(sane_basename((VSTRING *) 0, argv[0]), VSTREAM_ERR);
for (tp = test_cases; tp->label != 0; tp++) {
- int test_failed;
+ int test_failed;
- msg_info("RUN %s", tp->label);
- test_failed = tp->action(tp);
- if (test_failed) {
- msg_info("FAIL %s", tp->label);
- fail++;
- } else {
- msg_info("PASS %s", tp->label);
- pass++;
- }
+ msg_info("RUN %s", tp->label);
+ test_failed = tp->action(tp);
+ if (test_failed) {
+ msg_info("FAIL %s", tp->label);
+ fail++;
+ } else {
+ msg_info("PASS %s", tp->label);
+ pass++;
+ }
}
msg_info("PASS=%d FAIL=%d", pass, fail);
exit(fail != 0);
|| attr_print(stream, ATTR_FLAG_NONE,
SEND_ATTR_STR(MAIL_ATTR_REQ, PROXY_REQ_OPEN),
SEND_ATTR_STR(MAIL_ATTR_TABLE, dict_proxy->dict.name),
- SEND_ATTR_INT(MAIL_ATTR_INST_FLAGS, dict_proxy->inst_flags),
+ SEND_ATTR_INT(MAIL_ATTR_INST_FLAGS, dict_proxy->inst_flags),
ATTR_TYPE_END) != 0
|| vstream_fflush(stream)
|| attr_scan(stream, ATTR_FLAG_STRICT,
/* Wietse Venema porcupine.org
/*--*/
-/*
/*
* System library.
*/
msg_fatal("close %s: %m", dbpath);
/*
- * TODO(wietse) Open the database file, prepare and execute commands
- * to populate the database, and close the database.
+ * TODO(wietse) Open the database file, prepare and execute commands to
+ * populate the database, and close the database.
*/
if (commands) {
msg_fatal("commands are not yet supported");
/* create_and_populate_cf - create sqlite_table(5) configuration file */
static void create_and_populate_cf(char *cfpath, const char *dbpath,
- const char *cftext)
+ const char *cftext)
{
int fd;
VSTREAM *fp;
ss_len = sizeof(ss);
sa_len = &ss_len;
} else {
- if (sa_len == 0)
+ if (sa_len == 0)
msg_panic("haproxy_srvr_parse: sockaddr length not specified");
}
if (*sa_len < res->ai_addrlen)
sin_len = sizeof(sin);
sa_len = &sin_len;
} else {
- if (sa_len == 0)
+ if (sa_len == 0)
msg_panic("haproxy_srvr_parse: sockaddr length not specified");
if (*sa_len < sizeof(sin))
msg_panic("haproxy_srvr_parse: sockaddr size %d too small",
* End protocol v2 definitions from haproxy/include/types/connection.h.
*/
-#endif /* _HAPROXY_SRVR_INTERNAL_ */
+#endif /* _HAPROXY_SRVR_INTERNAL_ */
/* LICENSE
/* .ad
*/
int warn_compat_break_smtp_tlsrpt_skip_reused_hs;
int warn_compat_break_smtp_tls_level;
-int warn_compat_break_lmtp_tls_level;
int warn_compat_break_tlsp_clnt_level;
/*
warn_compat_break_smtp_tlsrpt_skip_reused_hs = 1;
if (mail_conf_lookup(VAR_SMTP_TLS_LEVEL) == 0)
warn_compat_break_smtp_tls_level = 1;
- if (mail_conf_lookup(VAR_LMTP_TLS_LEVEL) == 0)
- warn_compat_break_lmtp_tls_level = 1;
if (mail_conf_lookup(VAR_TLSP_CLNT_LEVEL) == 0)
warn_compat_break_tlsp_clnt_level = 1;
#endif
extern int warn_compat_break_smtp_tlsrpt_skip_reused_hs;
extern int warn_compat_break_smtp_tls_level;
-extern int warn_compat_break_lmtp_tls_level;
extern int warn_compat_break_tlsp_clnt_level;
extern long compat_level;
#ifdef USE_TLS
#define DEF_SMTP_TLS_LEVEL "${{$compatibility_level} <level {3.11} ?" \
" {} : {may}}"
-#define DEF_LMTP_TLS_LEVEL "${{$compatibility_level} <level {3.11} ?" \
- " {} : {may}}"
+#define DEF_LMTP_TLS_LEVEL ""
#else
#define DEF_SMTP_TLS_LEVEL ""
#define DEF_LMTP_TLS_LEVEL ""
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20251219"
-#define MAIL_VERSION_NUMBER "3.11"
+#define MAIL_RELEASE_DATE "20251222"
+#define MAIL_VERSION_NUMBER "3.12"
#ifdef SNAPSHOT
#define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE
extern void pol_stat_activate(POL_STATS *, int, const char *);
extern void pol_stat_decide(POL_STATS *, int, const char *, int);
extern void pol_stats_format(VSTRING *, const POL_STATS *);
+
#endif /* USE_TLS */
#define NO_TLS_STATS ((POL_STATS *) 0)
}
/*
- * Choose between quoted-printable or base64 encoding.
- *
- * Header strings are short, so making multiple passes over the input is
- * not a disaster. How many bytes would the encoder produce using
+ * Choose between quoted-printable or base64 encoding.
+ *
+ * Header strings are short, so making multiple passes over the input is not
+ * a disaster. How many bytes would the encoder produce using
* quoted-printable? We don't optimize for the shortest encoding but for
* compromised readability. If the input is not short, and more than 1/2
* of the input bytes need to be encoded, then the content is mostly not
#define RFC2047_HEADER_CONTEXT_PHRASE (2)
extern char *rfc2047_encode(VSTRING *result, int header_context,
- const char *charset,
- const char *in, ssize_t len,
- const char *out_separator);
+ const char *charset,
+ const char *in, ssize_t len,
+ const char *out_separator);
/* LICENSE
/* .ad
return (str_name_mask_opt(result, "sendopts_strflags", sendopts_flag_map,
flags, NAME_MASK_FATAL | dflags[cp - delims]));
}
-
/* XXX This should be reported with a call-back. */
reply = vstring_alloc(100);
if (saved_size > 100)
- saved_size=100;
+ saved_size = 100;
vstring_sprintf(reply, "H%.*s", (int) saved_size,
STR(milter->buf));
milter8_def_reply(milter, STR(reply));
len = strcspn(buf, "\n");
buf[len + 0] = '\r';
buf[len + 1] = '\n';
- if (smfi_replacebody(ctx,(unsigned char *) buf, len + 2) == MI_FAILURE) {
+ if (smfi_replacebody(ctx, (unsigned char *) buf, len + 2) == MI_FAILURE) {
fprintf(stderr, "body replace failure\n");
exit(1);
}
msg_panic("pcf_edit_main: unknown mode %d", mode);
}
if ((cvalue = htable_find(table, pattern)) != 0) {
- if (edit_value && cvalue->value
+ if (edit_value && cvalue->value
&& strcmp(edit_value, cvalue->value) != 0)
msg_warn("ignoring earlier request: '%s = %s'",
pattern, cvalue->value);
char *var_smtp_tlsrpt_sockname;
bool var_smtp_tlsrpt_skip_reused_hs;
char *var_smtp_reqtls_policy;
-bool var_log_tls_feature_status;
+bool var_log_tls_feature_status;
/* Special handling of 535 AUTH errors. */
char *var_smtp_sasl_auth_cache_name;
#ifdef USE_TLS
/* Postfix <= 3.10 backwards compatibility. */
- if (WARN_COMPAT_BREAK_LMTP_SMTP(tls_level))
+ if (smtp_mode && warn_compat_break_smtp_tls_level)
msg_info("using backwards-compatible default setting %s=(empty)",
- VAR_LMTP_SMTP(TLS_LEVEL));
+ VAR_SMTP_TLS_LEVEL);
#endif
if (*var_smtp_tls_level != 0)
switch (tls_level_lookup(var_smtp_tls_level)) {
const char *ext_policy = "inline:{{foo.xn--1xa.example = opportunistic}} enforce";
const struct QUERY_REPLY qr[] = {
{"foo.xn--1xa.example", SMTP_REQTLS_POLICY_ACT_OPPORTUNISTIC},
- {"foo.π.example", SMTP_REQTLS_POLICY_ACT_OPPORTUNISTIC},
+ {"foo.\xcf\x80.example", SMTP_REQTLS_POLICY_ACT_OPPORTUNISTIC},
{"x.foo.xn--1xa.example", SMTP_REQTLS_POLICY_ACT_ENFORCE},
- {"x.foo.π.example", SMTP_REQTLS_POLICY_ACT_ENFORCE},
+ {"x.foo.\xcf\x80.example", SMTP_REQTLS_POLICY_ACT_ENFORCE},
{"example", SMTP_REQTLS_POLICY_ACT_ENFORCE},
{0},
};
{
const char *ext_policy = "inline:{{foo.xn--1xa.example = opportunistic}} disable";
const struct QUERY_REPLY qr[] = {
- {"foo.π.example", SMTP_REQTLS_POLICY_ACT_OPPORTUNISTIC},
- {"foo.-π.example", SMTP_REQTLS_POLICY_ACT_ENFORCE},
+ {"foo.\xcf\x80.example", SMTP_REQTLS_POLICY_ACT_OPPORTUNISTIC},
+ {"foo.-\xcf\x80.example", SMTP_REQTLS_POLICY_ACT_ENFORCE},
{"example", SMTP_REQTLS_POLICY_ACT_DISABLE},
{0},
};
/* The mail filter protocol version and optional protocol extensions
/* for communication with a Milter application; prior to Postfix 2.6
/* the default protocol is 2.
-/* .IP "\fBmilter_default_action (tempfail)\fR"
+/* .IP "\fBmilter_default_action (Postfix >= 3.11: shutdown; Postfix < 3.11: tempfail)\fR"
/* The default action when a Milter (mail filter) response is
/* unavailable (for example, bad Postfix configuration or Milter
/* failure).
* recipient checks, address mapping, header_body_checks?.
*/
smtpd_input_transp_mask =
- input_transp_mask(VAR_INPUT_TRANSP, var_input_transp);
+ input_transp_mask(VAR_INPUT_TRANSP, var_input_transp);
/*
* Initialize before-queue filter options: do we want speed-matching
*/
if (*var_smtpd_reject_filter_maps)
smtpd_reject_filter_maps = maps_create(VAR_SMTPD_REJECT_FILTER_MAPS,
- var_smtpd_reject_filter_maps,
- DICT_FLAG_LOCK);
+ var_smtpd_reject_filter_maps,
+ DICT_FLAG_LOCK);
/*
* SMTP server reject footer.
/*
* Basic tests that smtpd_peer_init() will update the SMTPD_STATE structure
- * with the expected error info or endpoint info. This needs to be subclassed
- * to support different input sources (local client, no open connection,
- * HaProxy, postscreen, etc.).
+ * with the expected error info or endpoint info. This needs to be
+ * subclassed to support different input sources (local client, no open
+ * connection, HaProxy, postscreen, etc.).
*/
typedef struct TEST_BASE {
const char *label;
/*
* We need only two tests to show that smtpd_haproxy.c propagates errors and
- * non-error endpoint info. We don't need to duplicate each individual test in
- * haproxy_srvr_test.c for different IP protocols, HaProxy protocol
+ * non-error endpoint info. We don't need to duplicate each individual test
+ * in haproxy_srvr_test.c for different IP protocols, HaProxy protocol
* versions, and error modes.
*/
static const PEER_FROM_HAPROXY_CASE peer_from_haproxy_caes[] = {
}
} else if (TLS_MUST_MATCH(TLScontext->level) &&
x509_err == X509_V_ERR_HOSTNAME_MISMATCH) {
+
/*
- * If the only error is a hostname mismatch, the certificate must have
- * been trusted.
+ * If the only error is a hostname mismatch, the certificate must
+ * have been trusted.
*/
TLScontext->peer_status |= TLS_CERT_FLAG_TRUSTED;
}
/* Use OpenSSL defaults */
if (!*eecdh && !*ffdhe)
- return;
+ return;
/*
* Try the user-specified list first. If that fails (empty list or no
VSTRING *reg_name = vstring_alloc(100);
DICT *dict;
- /* Workaround for dict_proxy_open() with DICT_FLAG_NO_FILE. */
+ /* Workaround for dict_proxy_open() with DICT_FLAG_NO_FILE. */
#define DICT_OPEN3_RETURN(d) do { \
DICT *_d = (d); \
dict_register(_d->reg_name? _d->reg_name : vstring_str(reg_name), _d); \
open_flags, dict_flags);
if ((dict = dict_handle(vstring_str(reg_name))) != 0)
DICT_OPEN3_RETURN(dict);
-
+
if (*dict_type == 0 || *dict_name == 0)
msg_fatal("open dictionary: expecting \"type:name\" form instead of \"%s:%s\"",
dict_type, dict_name);
continue;
}
msg_info("%s:%s -> family=%d sock=%d proto=%d %s:%s",
- argv[2], STR_OR_NULL(aport), ip->ai_family,
+ argv[2], STR_OR_NULL(aport), ip->ai_family,
ip->ai_socktype, ip->ai_protocol, addr.buf, port.buf);
if ((err = sockaddr_to_hostname(ip->ai_addr, ip->ai_addrlen, &host,
&serv, 0)) != 0) {
aport = split_at(argv[3], ':');
if ((err = hostaddr_to_sockaddr(argv[3], aport, 0, &ip)) != 0) {
msg_warn("hostaddr_to_sockaddr(%s:%s): %s",
- argv[3], STR_OR_NULL(aport), err == EAI_SYSTEM ?
+ argv[3], STR_OR_NULL(aport), err == EAI_SYSTEM ?
strerror(errno) : gai_strerror(err));
} else {
if ((err = sockaddr_to_hostaddr(ip->ai_addr, ip->ai_addrlen, &addr,
err == EAI_SYSTEM ? strerror(errno) : gai_strerror(err));
} else {
msg_info("%s:%s -> family=%d sock=%d proto=%d %s:%s", argv[3], STR_OR_NULL(aport),
- ip->ai_family, ip->ai_socktype, ip->ai_protocol, addr.buf, port.buf);
+ ip->ai_family, ip->ai_socktype, ip->ai_protocol, addr.buf, port.buf);
if ((err = sockaddr_to_hostname(ip->ai_addr, ip->ai_addrlen, &host,
- &serv, 0)) != 0) {
+ &serv, 0)) != 0) {
msg_warn("sockaddr_to_hostname: %s",
err == EAI_SYSTEM ? strerror(errno) : gai_strerror(err));
} else
* sane_sockaddr_to_hostaddr.c
*/
extern int WARN_UNUSED_RESULT sane_sockaddr_to_hostaddr(struct sockaddr *,
- SOCKADDR_SIZE *, MAI_HOSTADDR_STR *, MAI_SERVPORT_STR *, int);
+ SOCKADDR_SIZE *, MAI_HOSTADDR_STR *, MAI_SERVPORT_STR *, int);
/* LICENSE
/* .ad
if (sa->sa_family == AF_INET6
&& IN6_IS_ADDR_V4MAPPED(&SOCK_ADDR_IN6_ADDR(sa))
- && strchr((char *) inet_proto_info()->sa_family_list, AF_INET) != 0) {
+ && strchr((char *) inet_proto_info()->sa_family_list, AF_INET) != 0) {
memset((void *) &sin, 0, sizeof(sin));
sin.sin_family = AF_INET;
sin.sin_port = SOCK_ADDR_IN6_PORT(sa);
#ifdef HAS_IPV6
if (addr->buf[0] == ':'
&& strncasecmp("::ffff:", addr->buf, 7) == 0
- && strchr((char *) inet_proto_info()->sa_family_list, AF_INET) != 0) {
+ && strchr((char *) inet_proto_info()->sa_family_list, AF_INET) != 0) {
memmove(addr->buf, addr->buf + 7, strlen(addr->buf) + 1 - 7);
return (1);
}
#include <stringops.h>
/*
- * Test cases are used twice, first to test normalize_v4mapped_hostaddr(), and
- * then normalize_v4mapped_sockaddr().
+ * Test cases are used twice, first to test normalize_v4mapped_hostaddr(),
+ * and then normalize_v4mapped_sockaddr().
*/
typedef struct TEST_CASE {
const char *label;
char *normalize_ws(char *str)
{
- char *cp;
+ char *cp;
for (cp = str; *(cp += strcspn(cp, "\t\n\v\f\r")); *cp = ' ')
/* void */ ;
/* ossl_digest_log_errors - log and clear OpenSSL error stack */
-void ossl_digest_log_errors(void (*logger)(const char *, ...))
+void ossl_digest_log_errors(void (*logger) (const char *,...))
{
unsigned long err;
char buffer[1024]; /* XXX */
#include <stdbool.h>
#else
typedef int bool;
+
#endif
/* LICENSE
projects / thirdparty / postfix.git / commitdiff
