instead of appending mail to a deleted file. To minimize
the use of this workaround, Postfix now by default creates
mailbox dotlock files on all systems, and creates dotlock
- files before opening mailbox files. Files: util/sys_defs.h.
+ files before opening mailbox files. Files: util/sys_defs.h,
+ global/mbox_open.c.
20070301
records or content encoding records with other mail. File:
global/rec_type.h.
+20070321
+
+ Bugfix (introduced 20070224): local(8) or virtual(8) could
+ log a misleading error message after failure to open a
+ mailbox file. File: global/mbox_open.c.
+
+ Bugfix (code should have been updated 20070104): the proxymap
+ client did not propagate changes in case folding flags.
+ Currently, nothing in Postfix uses this functionality.
+ File: global/dict_proxy.c.
+
Wish list:
Bind all deliveries to the same local delivery process,
* QSHAPE_README: Bottleneck analysis
* TUNING_README: Performance tuning
* DEBUG_README: Debugging strategies
- * Error messages (*)
C\bCo\bon\bnt\bte\ben\bnt\bt i\bin\bns\bsp\bpe\bec\bct\bti\bio\bon\bn
M\bMa\bai\bil\bli\bin\bng\bg l\bli\bis\bst\bt s\bsu\bup\bpp\bpo\bor\brt\bt
- * qmail/ezmlm support (*)
* VERP_README: VERP Support
S\bSp\bpe\bec\bci\bif\bfi\bic\bc e\ben\bnv\bvi\bir\bro\bon\bnm\bme\ben\bnt\bts\bs
* LINUX_README: Linux issues
* NFS_README: NFS issues
- * ULTRIX_README: Ultrix support
O\bOt\bth\bhe\ber\br m\bma\bai\bil\bl d\bde\bel\bli\biv\bve\ber\bry\by a\bag\bge\ben\bnt\bts\bs
- * Cyrus (*)
* MAILDROP_README: Maildrop
- * LMTP (*)
O\bOt\bth\bhe\ber\br t\bto\bop\bpi\bic\bcs\bs
* XCLIENT_README: XCLIENT Command
* XFORWARD_README: XFORWARD Command
-(*) These documents will be made available via http://www.postfix.org/ and
-mirror sites.
-
* The list of domains that are a member of the class: for example, all local
domains, or all relay domains.
- * The default delivery method. For example, the local or smtp delivery agent.
- This helps to keep Postfix configurations simple.
+ * The default delivery transport. For example, the local or relay delivery
+ transport (delivery transports are defined in master.cf). This helps to
+ keep Postfix configurations simple.
* The list of valid recipient addresses for that address class. The Postfix
SMTP server rejects invalid recipients with "User unknown in <name of
Recipient address verification is relatively straightforward and there are no
surprises. If a recipient probe fails, then Postfix rejects mail for the
recipient address. If a recipient probe succeeds, then Postfix accepts mail for
-the recipient address.
+the recipient address. However, recipient address verification probes can
+increase the load on down-stream MTAs when you're being flooded by backscatter
+bounces, or when some spammer is mounting a dictionary attack.
By default, address verification results are not saved. To avoid probing the
same address repeatedly, you can store the result in a persistent database as
the same performance improvement as with a shared connection cache, non-shared
connections need to be kept open for a longer time.
- Internet <-- smtp(8) <-> scache(8) <-> smtp(8) --> Internet
-
-
The scache(8) server, introduced with Postfix version 2.2, maintains the shared
connection cache. With Postfix version 2.2, only the smtp(8) client has support
to access this cache.
+ smtp(8) --> Internet
+
+
+ |
+ |
+ |
+ | smtp(8) --> Internet
+ |
+ |
+ v ^
+ |
+
+ scache(8)
+
+
When SMTP connection caching is enabled (see next section), the smtp(8) client
does not disconnect after a mail transaction, but gives the connection to the
scache(8) server which keeps the connection open for a limited amount of time.
lookups" below.
* You can use Berkeley DB files with fixed lookup strings for simple address
rewriting operations and you can use regular expression tables for the more
- complicated work.
+ complicated work. In other words, you don't have to put everything into the
+ same table.
P\bPo\bos\bst\btf\bfi\bix\bx l\bli\bis\bst\bts\bs v\bve\ber\brs\bsu\bus\bs t\bta\bab\bbl\ble\bes\bs
is because commands such as postmap(1) or postalias(1) overwrite existing
files. If the update fails in the middle then you have no usable database, and
Postfix will stop working. This is not an issue with the CDB database type
-available with Postfix 2.2 and later, because CDB database rebuilds are atomic.
+available with Postfix 2.2 and later: CDB creates a new file, and renames the
+file upon successful completion.
With multi-file databases such as DBM, there is no simple solution. With
Berkeley DB and other "one file" databases, it is possible to add some extra
B\bBu\bui\bil\bld\bdi\bin\bng\bg P\bPo\bos\bst\btf\bfi\bix\bx o\bon\bn s\bsy\bys\bst\bte\bem\bms\bs w\bwi\bit\bth\bho\bou\but\bt B\bBe\ber\brk\bke\bel\ble\bey\by D\bDB\bB
-Many commercial UNIXes ship without Berkeley DB support. Examples are Solaris,
-HP-UX, IRIX, UNIXWARE. In order to build Postfix with Berkeley DB support you
-need to download and install the source code from http://www.sleepycat.com/
+Some UNIXes ship without Berkeley DB support; for historical reasons these use
+DBM files instead. A problem with DBM files is that they can store only limited
+amounts of data. To build Postfix with Berkeley DB support you need to download
+and install the source code from http://www.oracle.com/database/berkeley-db/.
Warning: some Linux system libraries use Berkeley DB, as do some third-party
libraries such as SASL. If you compile Postfix with a different Berkeley DB
implementation, then every Postfix program will dump core because either the
-system library, SASL library, or Postfix itself ends up using the wrong
+system library, the SASL library, or Postfix itself ends up using the wrong
version.
The more recent Berkeley DB versions have a compile-time switch, "--with-
can co-exist in the same application. Although wasteful, this may be the only
way to keep things from falling apart.
-To build Postfix after you installed the Berkeley DB from http://
-www.sleepycat.com/, use something like:
+To build Postfix after you installed the Berkeley DB from source code, use
+something like:
% make tidy
% make makefiles CCARGS="-DHAS_DB -I/usr/local/BerkeleyDB/include" \
% make makefiles .... AUXLIBS="... -lpthread"
-More information is available at http://www.sleepycat.com/.
+More information is available at http://www.oracle.com/database/berkeley-db/.
configuration file settings that you can fix. Postfix cannot proceed until
this is fixed.
- * "e\ber\brr\bro\bor\br" reports a fatal or non-fatal error condition. Postfix cannot
- proceed until this is fixed.
+ * "e\ber\brr\bro\bor\br" reports an error condition. For safety reasons, a Postfix process
+ will terminate when more than 13 of these happen.
* "w\bwa\bar\brn\bni\bin\bng\bg" indicates a non-fatal error. These are problems that you may not
be able to fix (such as a broken DNS server elsewhere on the network) but
Mail Delivery Status Report will be mailed to <your login name>.
These reports contain information that is generated by Postfix delivery agents.
-Since these run as daemon processes and do not interact with users directly,
+Since these run as daemon processes that cannot interact with users directly,
the result is sent as mail to the sender of the test message. The format of
these reports is practically identical to that of ordinary non-delivery
notifications.
R\bRe\bec\bco\bor\brd\bd t\bth\bhe\be S\bSM\bMT\bTP\bP s\bse\bes\bss\bsi\bio\bon\bn w\bwi\bit\bth\bh a\ba n\bne\bet\btw\bwo\bor\brk\bk s\bsn\bni\bif\bff\bfe\ber\br
This example uses t\btc\bcp\bpd\bdu\bum\bmp\bp. In order to record a conversation you need to
-specify a large enough buffer with the "-s" option or else you will miss some
+specify a large enough buffer with the "-\b-s\bs" option or else you will miss some
or all of the packet payload.
- # t\btc\bcp\bpd\bdu\bum\bmp\bp -\b-w\bw /\b/f\bfi\bil\ble\be/\b/n\bna\bam\bme\be -\b-s\bs 2\b20\b00\b00\b0 h\bho\bos\bst\bt e\bex\bxa\bam\bmp\bpl\ble\be.\b.c\bco\bom\bm a\ban\bnd\bd p\bpo\bor\brt\bt 2\b25\b5
+ # t\btc\bcp\bpd\bdu\bum\bmp\bp -\b-w\bw /\b/f\bfi\bil\ble\be/\b/n\bna\bam\bme\be -\b-s\bs 0\b0 h\bho\bos\bst\bt e\bex\bxa\bam\bmp\bpl\ble\be.\b.c\bco\bom\bm a\ban\bnd\bd p\bpo\bor\brt\bt 2\b25\b5
+
+Older tcpdump versions don't support "-\b-s\bs 0\b0"; in that case, use "-\b-s\bs 2\b20\b00\b00\b0"
+instead.
Run this for a while, stop with Ctrl-C when done. To view the data use a binary
-viewer, or e\bet\bth\bhe\ber\bre\bea\bal\bl, or use my t\btc\bcp\bpd\bdu\bum\bmp\bpx\bx utility that is available from ftp://
-ftp.porcupine.org/pub/debugging/.
+viewer, e\bet\bth\bhe\ber\bre\bea\bal\bl, or good old l\ble\bes\bss\bs.
M\bMa\bak\bki\bin\bng\bg P\bPo\bos\bst\btf\bfi\bix\bx d\bda\bae\bem\bmo\bon\bn p\bpr\bro\bog\bgr\bra\bam\bms\bs m\bmo\bor\bre\be v\bve\ber\brb\bbo\bos\bse\be
Append one or more "-\b-v\bv" options to selected daemon definitions in /etc/postfix/
master.cf and type "p\bpo\bos\bst\btf\bfi\bix\bx r\bre\bel\blo\boa\bad\bd". This will cause a lot of activity to be
-logged to the syslog daemon. Example:
+logged to the syslog daemon. For example, to make the Postfix SMTP server
+process more verbose:
/etc/postfix/master.cf:
smtp inet n - n - - smtpd -v
-This makes the Postfix SMTP server more verbose. To diagnose problems with
-address rewriting one would specify a "-\b-v\bv" option for the cleanup(8) and/or
-trivial-rewrite(8) daemon, and to diagnose problems with mail delivery one
-would specify a "-\b-v\bv" option for the qmgr(8) or oqmgr(8) queue manager, or for
-the lmtp(8), local(8), pipe(8), smtp(8), or virtual(8) delivery agent.
+To diagnose problems with address rewriting specify a "-\b-v\bv" option for the
+cleanup(8) and/or trivial-rewrite(8) daemon, and to diagnose problems with mail
+delivery specify a "-\b-v\bv" option for the qmgr(8) or oqmgr(8) queue manager, or
+for the lmtp(8), local(8), pipe(8), smtp(8), or virtual(8) delivery agent.
M\bMa\ban\bnu\bua\bal\bll\bly\by t\btr\bra\bac\bci\bin\bng\bg a\ba P\bPo\bos\bst\btf\bfi\bix\bx d\bda\bae\bem\bmo\bon\bn p\bpr\bro\boc\bce\bes\bss\bs
* Postfix logging. See the text at the top of the DEBUG_README document to
find out where logging is stored. Please do not frustrate the helpers by
- word wrapping the logging.
+ word wrapping the logging. If the logging is more than a few kbytes of
+ text, consider posting an URL on a web or ftp site.
* Consider using a test email address so that you don't have to reveal email
addresses or passwords of innocent people.
- * If you can't use a test email address, please anonymize information
- consistently. Replace each letter by "A", each digit by "D" so that the
- helpers can still recognize syntactical errors.
+ * If you can't use a test email address, please anonymize email addresses and
+ host names consistently. Replace each letter by "A", each digit by "D" so
+ that the helpers can still recognize syntactical errors.
- * Output from "p\bpo\bos\bst\btc\bco\bon\bnf\bf -\b-n\bn". Please do not send your main.cf file or 400+
+ * Output from "p\bpo\bos\bst\btc\bco\bon\bnf\bf -\b-n\bn". Please do not send your main.cf file, or 500+
lines of p\bpo\bos\bst\btc\bco\bon\bnf\bf output.
* Better, provide output from the p\bpo\bos\bst\btf\bfi\bin\bng\bge\ber\br tool. This can be found at http:
* If the problem is about too much mail in the queue, consider including
output from the q\bqs\bsh\bha\bap\bpe\be tool, as described in the QSHAPE_README file.
- * If the problem is protocol related (connections time out or an SMTP server
+ * If the problem is protocol related (connections time out, or an SMTP server
complains about syntax errors etc.) consider recording a session with
t\btc\bcp\bpd\bdu\bum\bmp\bp, as described in the DEBUG_README document.
confused with the message ID, which identifies the message content.
The implementation of DSN support involves extra parameters to the SMTP MAIL
-FROM and RCPT TO commands, as well as new Postfix sendmail command line options
+FROM and RCPT TO commands, as well as two Postfix sendmail command line options
that provide a sub-set of the functions of the extra SMTP command parameters.
This document has information on the following topics:
s\bse\ber\brv\bve\ber\br. The mail is not delivered via the connection that was used for sending
ETRN.
-Postfix versions before 1.0 (also known as version 20010228) implemented the
-ETRN command in an inefficient manner: they simply attempted to deliver all
-queued mail. This is slow on mail servers that queue mail for many customers.
-
As of version 1.0, Postfix has a fast ETRN implementation that does not require
Postfix to examine every queue file. Instead, Postfix maintains a record of
what queue files contain mail for destinations that are configured for ETRN
the ETRN service. Client commands are shown in bold font.
220 my.server.tld ESMTP Postfix
- h\bhe\bel\blo\bo m\bmy\by.\b.c\bcl\bli\bie\ben\bnt\bt.\b.t\btl\bld\bd
+ H\bHE\bEL\bLO\bO m\bmy\by.\b.c\bcl\bli\bie\ben\bnt\bt.\b.t\btl\bld\bd
250 Ok
- e\bet\btr\brn\bn s\bso\bom\bme\be.\b.c\bcu\bus\bst\bto\bom\bme\ber\br.\b.d\bdo\bom\bma\bai\bin\bn
+ E\bET\bTR\bRN\bN s\bso\bom\bme\be.\b.c\bcu\bus\bst\bto\bom\bme\ber\br.\b.d\bdo\bom\bma\bai\bin\bn
250 Queuing started
- q\bqu\bui\bit\bt
+ Q\bQU\bUI\bIT\bT
221 Bye
As mentioned in the introduction, the mail is delivered by connecting to the
The Postfix operator can request delivery for a specific customer by using the
command "sendmail -qRdestination" and, with Postfix version 1.1 and later,
-"postqueue -sdestination".
+"postqueue -sdestination". Access to this feature is controlled with the
+authorized_flush_users configuration parameter (Postfix version 2.2 and later).
H\bHo\bow\bw P\bPo\bos\bst\btf\bfi\bix\bx f\bfa\bas\bst\bt E\bET\bTR\bRN\bN w\bwo\bor\brk\bks\bs
* The flush(8) daemon maintains per-destination logfiles with queue file
names. When a request to "deliver mail now" arrives, Postfix will attempt
to deliver all recipients in the queue files that have mail for the
- destination in question. This does not perform well when queue files have
- recipients in many different domains.
+ destination in question. This does not perform well with queue files that
+ have recipients in many different domains, such as queue files with
+ outbound mailing list traffic.
* The flush(8) daemon maintains per-destination logfiles only for
- destinations listed with $fast_flush_domains. With other destinations it
- not possible to trigger delivery with "sendmail -qRdestination" or, with
- Postfix version 1.1 and later, "postqueue -sdestination".
+ destinations listed with $fast_flush_domains. With other destinations you
+ cannot request delivery with "sendmail -qRdestination" or, with Postfix
+ version 1.1 and later, "postqueue -sdestination".
* Up to and including early versions of Postfix version 2.1, the "fast flush"
service may not deliver some messages if the request to "deliver mail now"
dead domains, and the list of message delivery transports specified with
the defer_transports configuration parameter.
+ * Up to and including Postfix version 2.3, the "fast flush" service may not
+ deliver some messages if the request to "deliver mail now" arrives while an
+ incoming queue scan is already in progress.
+
C\bCo\bon\bnf\bfi\big\bgu\bur\bri\bin\bng\bg t\bth\bhe\be P\bPo\bos\bst\btf\bfi\bix\bx f\bfa\bas\bst\bt E\bET\bTR\bRN\bN s\bse\ber\brv\bvi\bic\bce\be
The behavior of the flush(8) daemon is controlled by parameters in the main.cf
client), and type the commands shown in boldface:
220 my.server.tld ESMTP Postfix
- h\bhe\bel\blo\bo m\bmy\by.\b.c\bcl\bli\bie\ben\bnt\bt.\b.t\btl\bld\bd
+ H\bHE\bEL\bLO\bO m\bmy\by.\b.c\bcl\bli\bie\ben\bnt\bt.\b.t\btl\bld\bd
250 Ok
- e\bet\btr\brn\bn s\bso\bom\bme\be.\b.c\bcu\bus\bst\bto\bom\bme\ber\br.\b.d\bdo\bom\bma\bai\bin\bn
+ E\bET\bTR\bRN\bN s\bso\bom\bme\be.\b.c\bcu\bus\bst\bto\bom\bme\ber\br.\b.d\bdo\bom\bma\bai\bin\bn
250 Queuing started
where "some.customer.domain" is the name of a domain that has a non-empty
The text in bold face stands for the commands that you type:
220 my.server.tld ESMTP Postfix
- h\bhe\bel\blo\bo m\bmy\by.\b.c\bcl\bli\bie\ben\bnt\bt.\b.t\btl\bld\bd
+ H\bHE\bEL\bLO\bO m\bmy\by.\b.c\bcl\bli\bie\ben\bnt\bt.\b.t\btl\bld\bd
250 Ok
- e\bet\btr\brn\bn s\bso\bom\bme\be.\b.o\bot\bth\bhe\ber\br.\b.c\bcu\bus\bst\bto\bom\bme\ber\br.\b.d\bdo\bom\bma\bai\bin\bn
+ E\bET\bTR\bRN\bN s\bso\bom\bme\be.\b.o\bot\bth\bhe\ber\br.\b.c\bcu\bus\bst\bto\bom\bme\ber\br.\b.d\bdo\bom\bma\bai\bin\bn
250 Queuing started
This time, the "ETRN"" command should trigger NO mail deliveries at all. If
destination.
220 my.server.tld ESMTP Postfix
- h\bhe\bel\blo\bo m\bmy\by.\b.c\bcl\bli\bie\ben\bnt\bt.\b.t\btl\bld\bd
+ H\bHE\bEL\bLO\bO m\bmy\by.\b.c\bcl\bli\bie\ben\bnt\bt.\b.t\btl\bld\bd
250 Ok
- e\bet\btr\brn\bn n\bno\bot\bt.\b.a\ba.\b.c\bcu\bus\bst\bto\bom\bme\ber\br.\b.d\bdo\bom\bma\bai\bin\bn
+ E\bET\bTR\bRN\bN n\bno\bot\bt.\b.a\ba.\b.c\bcu\bus\bst\bto\bom\bme\ber\br.\b.d\bdo\bom\bma\bai\bin\bn
459 <not.a.customer.domain>: service unavailable
In this case, Postfix should reject the request as shown above.
everything: receiving, filtering and delivering mail. Applications that use two
separate Postfix instances will be covered by a later version of this document.
-The after-queue content filter is not to be confused with the approach that is
-described in the SMTPD_PROXY_README document, where incoming SMTP mail is
-filtered BEFORE it is stored into the Postfix queue.
+The after-queue content filter is not to be confused with the approaches
+described in the SMTPD_PROXY_README or MILTER_README documents, where incoming
+SMTP mail is filtered BEFORE it is stored into the Postfix queue.
This document describes two approaches to content filter all email, as well as
several options to filter mail selectively:
P\bPr\bri\bin\bnc\bci\bip\bpl\ble\bes\bs o\bof\bf o\bop\bpe\ber\bra\bat\bti\bio\bon\bn
-An external content filter receives unfiltered mail from Postfix (as described
-further below) and does one of the following:
+An after-queue content filter receives unfiltered mail from Postfix (as
+described further below) and can do one of the following:
1. Re-inject the mail back into Postfix, perhaps after changing content and/or
destination.
- 2. Reject the mail (by sending a suitable status code back to Postfix).
- Postfix will return the mail to the sender.
+ 2. Discard or quarantine the mail.
+
+ 3. Reject the mail (by sending a suitable status code back to Postfix).
+ Postfix will send the mail back to the sender address.
NOTE: in this time of mail worms and forged spam, it is a VERY BAD IDEA to send
viruses back to the sender address, because the sender address is almost
S\bSi\bim\bmp\bpl\ble\be c\bco\bon\bnt\bte\ben\bnt\bt f\bfi\bil\blt\bte\ber\br e\bex\bxa\bam\bmp\bpl\ble\be
-The first example is simple to set up. Postfix receives unfiltered mail from
-the network with the smtpd(8) server, and delivers unfiltered mail to a content
+The first example is simple to set up, but has major limitations that will be
+addressed in a second example. Postfix receives unfiltered mail from the
+network with the smtpd(8) server, and delivers unfiltered mail to a content
filter with the Postfix pipe(8) delivery agent. The content filter injects
filtered mail back into Postfix with the Postfix sendmail(1) command, so that
Postfix can deliver it to the final destination.
Notes:
- * Line 8: The -G option does nothing before Postfix 2.3, otherwise it
- disables address rewriting of message headers.
+ * Line 8: The -G option says the filter output is not a local mail
+ submission: don't do silly things like appending the local domain name to
+ addresses in message headers. This option does nothing before Postfix
+ version 2.3.
* Line 8: The -i option says don't stop reading input when a line contains
"." only.
* Line 8: NEVER NEVER NEVER use the "-t" command-line option here. It will
- mis-deliver mail, like sending mailing list mail back to the mailing list.
+ mis-deliver mail, like sending messages from a mailing list back to the
+ mailing list.
* Line 21: The idea is to first capture the message to file and then run the
content through a third-party content filter program.
- * Line 22: If the mail cannot be captured to file, mail delivery is deferred
- by terminating with exit status 75 (EX_TEMPFAIL). Postfix places the
- message in the deferred mail queue and tries again later.
+ * Line 22: If the message cannot be captured to file, mail delivery is
+ deferred by terminating with exit status 75 (EX_TEMPFAIL). Postfix places
+ the message in the deferred mail queue and tries again later.
* Line 25: You will need to specify a real content filter program here that
receives the content on standard input.
* Line 26: If the content filter program finds a problem, the mail is bounced
- by terminating with exit status 69 (EX_UNAVAILABLE). Postfix will return
- the message to the sender as undeliverable.
+ by terminating with exit status 69 (EX_UNAVAILABLE). Postfix will send the
+ message back to the sender as undeliverable mail.
- * Note: in this time of mail worms and spam, it is a BAD IDEA to send known
+ * NOTE: in this time of mail worms and spam, it is a BAD IDEA to send known
viruses or spam back to the sender, because that address is likely to be
- forged. It is safer to discard known to be bad content and to quarantine
- suspicious content so that it can be inspected by a human being.
+ forged. It is safer to discard known viruses and to quarantine suspicious
+ content so that it can be inspected by a human being.
* Line 28: If the content is OK, it is given as input to the Postfix sendmail
command, and the exit status of the filter command is whatever exit status
I suggest that you first run this script by hand until you are satisfied with
the results. Run it with a real message (headers+body) as input:
- % /path/to/script -f sender recipient... <message-file
+ % /path/to/script -f sender -- recipient... <message-file
Once you're satisfied with the content filtering script:
smtp inet ...other stuff here, do not change... smtpd
-o content_filter=filter:dummy
- The "content_filter" line causes Postfix to add one content filter request
- record to each incoming mail message, with content "filter:dummy". This
- record overrides the normal mail routing and causes mail to be given to the
- content filter instead.
+ The "-o content_filter" line causes Postfix to add one content filter
+ request record to each incoming mail message, with content "filter:dummy".
+ This record overrides the normal mail routing and causes mail to be given
+ to the content filter instead.
The content_filter configuration parameter accepts the same syntax as the
right-hand side in a Postfix transport table.
* Edit the master.cf file, remove the "-o content_filter=filter:dummy" text
from the entry that defines the Postfix SMTP server.
- * Execute "p\bpo\bos\bst\bts\bsu\bup\bpe\ber\br -\b-r\br A\bAL\bLL\bL" to remove content filter information from
+ * Execute "p\bpo\bos\bst\bts\bsu\bup\bpe\ber\br -\b-r\br A\bAL\bLL\bL" to remove content filter request records from
existing queue files.
* Execute another "p\bpo\bos\bst\btf\bfi\bix\bx r\bre\bel\blo\boa\bad\bd".
content filter 10025
The example given here filters all mail, including mail that arrives via SMTP
-and mail that is locally submitted via the Postfix sendmail command. See
-examples near the end of this document for how to exclude local users from
-filtering, or how to configure a destination dependent content filter.
+and mail that is locally submitted via the Postfix sendmail command (local
+submissions enter Postfix via the pickup(8) server; to keep the figure simple
+we omit local submission details). See examples near the end of this document
+for how to exclude local users from filtering, or how to configure a
+destination dependent content filter.
You can expect to lose about a factor of two in Postfix performance for mail
that arrives and leaves via SMTP, provided that the content filter creates no
* The "-o disable_mime_output_conversion=yes" is a workaround that prevents
the breaking of domainkeys and other digital signatures. This is needed
because some SMTP-based content filters don't announce 8BITMIME support,
- even though they can handle it just fine.
+ even though they can handle 8-bit mail.
* The "-o smtp_generic_maps=" is a workaround that prevents local address
rewriting with generic(5) maps. Such rewriting should happen only when mail
user handles all potentially dangerous mail content - that is why it should
be a separate account.
+ * By default, Postfix will terminate a command that runs longer than
+ command_time_limit seconds (default: 1000s). This is a safety measure that
+ prevents filters from running forever.
+
If you want to have your filter listening on port localhost:10025 instead of
Postfix, then you must run your filter as a stand-alone program, and must not
use the Postfix spawn service.
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
- * Note: do not use spaces around the "=" or "," characters.
+ * NOTE: do not use spaces around the "=" or "," characters.
- * Note: the SMTP server must not have a smaller process limit than the
+ * NOTE: the SMTP server must not have a smaller process limit than the
"filter" master.cf entry.
* The "-o content_filter=" overrides main.cf settings, and requests no
content filtering for mail from the content filter. This is required or
- else mail will stay in the content filtering loop.
+ else mail will loop.
* The "-o receive_override_options" overrides main.cf settings to avoid
duplicating work that was already done before the content filter. These
o We specify "no_milters" to disable Milter applications (this option is
available only in Postfix 2.3 and later).
- o We don't specify "no_address_mapping" here. This enables virtual alias
+ o We don't specify "no_address_mappings" here. This enables virtual alias
expansion, canonical mappings, address masquerading, and other address
mappings after the content filter. The main.cf setting of
"receive_override_options" disables these mappings before the content
content_filter = scan:localhost:10025
receive_override_options = no_address_mappings
- * Execute "p\bpo\bos\bst\bts\bsu\bup\bpe\ber\br -\b-r\br A\bAL\bLL\bL" to remove content filter information from
+ * Execute "p\bpo\bos\bst\bts\bsu\bup\bpe\ber\br -\b-r\br A\bAL\bLL\bL" to remove content filter request records from
existing queue files.
* Execute another "p\bpo\bos\bst\btf\bfi\bix\bx r\bre\bel\blo\boa\bad\bd".
auser@mailhub.example.com,buser@mailhub.example.com,auser@example.org,buser@example.org
Note: if the desired member object result attribute is always also present in
-the group, you get suprising results, the expansion also returns the address of
-the group. This is a known limitation of Postfix releases prior to 2.4, and is
-addressed in the new with Postfix 2.4 "leaf_result_attribute" feature described
-in ldap_table(5).
+the group, you get surprising results, the expansion also returns the address
+of the group. This is a known limitation of Postfix releases prior to 2.4, and
+is addressed in the new with Postfix 2.4 "leaf_result_attribute" feature
+described in ldap_table(5).
Our third use case has some groups that are expanded immediately, and other
groups that are forwarded to a dedicated mailing list manager host for delayed
The reason for adding Milter support to Postfix is that there exists a large
collection of applications, not only to block unwanted mail, but also to verify
-authenticity (examples: SenderID+SPF and Domain keys) or to digitally sign mail
-(example: Domain keys). Having yet another Postfix-specific version of all that
-software is a poor use of human and system resources.
+authenticity (examples: Domain keys identified mail, SenderID+SPF and Domain
+keys) or to digitally sign mail (examples: Domain keys identified mail, Domain
+keys). Having yet another Postfix-specific version of all that software is a
+poor use of human and system resources.
Postfix version 2.4 implements all the requests of Sendmail version 8 Milter
protocols up to version 4, including message body replacement (body replacement
such a library, but Sendmail does.
On some Linux and *BSD distributions, the Sendmail libmilter library is
-installed by default. With this, applications such as dk-milter and sid-milter
-build out of the box without requiring any tinkering:
+installed by default. With this, applications such as dkim-milter and sid-
+milter build out of the box without requiring any tinkering:
- $ g\bgz\bzc\bca\bat\bt d\bdk\bk-\b-m\bmi\bil\blt\bte\ber\br-\b-x\bx.\b.y\by.\b.z\bz.\b.t\bta\bar\br.\b.g\bgz\bz |\b| t\bta\bar\br x\bxf\bf -\b-
- $ c\bcd\bd d\bdk\bk-\b-m\bmi\bil\blt\bte\ber\br-\b-x\bx.\b.y\by.\b.z\bz
+ $ g\bgz\bzc\bca\bat\bt d\bdk\bki\bim\bm-\b-m\bmi\bil\blt\bte\ber\br-\b-x\bx.\b.y\by.\b.z\bz.\b.t\bta\bar\br.\b.g\bgz\bz |\b| t\bta\bar\br x\bxf\bf -\b-
+ $ c\bcd\bd d\bdk\bki\bim\bm-\b-m\bmi\bil\blt\bte\ber\br-\b-x\bx.\b.y\by.\b.z\bz
$ m\bma\bak\bke\be
[...lots of output omitted...]
To run a Milter application, see the documentation of the filter for options. A
typical command looks like this:
- # /\b/s\bso\bom\bme\be/\b/w\bwh\bhe\ber\bre\be/\b/d\bdk\bk-\b-f\bfi\bil\blt\bte\ber\br -\b-u\bu u\bus\bse\ber\bri\bid\bd -\b-p\bp i\bin\bne\bet\bt:\b:p\bpo\bor\brt\btn\bnu\bum\bmb\bbe\ber\br@\b@l\blo\boc\bca\bal\blh\bho\bos\bst\bt .\b..\b..\b.o\bot\bth\bhe\ber\br
+ # /\b/s\bso\bom\bme\be/\b/w\bwh\bhe\ber\bre\be/\b/d\bdk\bki\bim\bm-\b-f\bfi\bil\blt\bte\ber\br -\b-u\bu u\bus\bse\ber\bri\bid\bd -\b-p\bp i\bin\bne\bet\bt:\b:p\bpo\bor\brt\btn\bnu\bum\bmb\bbe\ber\br@\b@l\blo\boc\bca\bal\blh\bho\bos\bst\bt .\b..\b..\b.o\bot\bth\bhe\ber\br
o\bop\bpt\bti\bio\bon\bns\bs.\b..\b..\b.
Please specify a userid value that isn't used for other applications (not
X-SenderID: Sendmail Sender-ID Filter vx.y.z host.example.com <unknown-
msgid>
- This happens because some Milter applications expect that the queue ID is
+ This happens because those Milter applications expect that the queue ID is
known before the MTA accepts the MAIL FROM (sender) command. Postfix, on
the other hand, does not choose a queue file name until after it accepts
- the first valid RCPT TO (recipient) command. Postfix queue file names must
+ the first valid RCPT TO (recipient) command (Postfix queue file names must
be unique across multiple directories, so the name can't be chosen before
- the file is created. If multiple messages were to use the same queue ID
- simultaneously, mail would be lost.
+ the file is created; if multiple messages were to use the same queue ID
+ simultaneously, mail would be lost).
- To work around the ugly message header from Milter applications, we add a
- little code to the Milter source to look up the queue ID after Postfix
- receives the end of the message.
+Fixing the ugly header maybe as simple as upgrading to a recent version of the
+Milter application. For example, current versions of dkim-filter and dk-filter
+have code that looks up the Postfix queue ID at a later protocol stage.
- o Edit the filter source file (typically named dk-filter/dk-filter.c or
- similar).
+To fix the ugly message header with sid-filter applications, we change the
+source code, so that it does the queue ID lookup after Postfix receives the end
+of the message.
- o Look up the mlfi_eom() function and add code near the top shown as b\bbo\bol\bld\bd
- text below:
+ * Edit the filter source file (named sid-filter/sid-filter.c).
- dfc = cc->cctx_msg;
- assert(dfc != NULL);
+ * Look up the smfilter table and replace mlfi_eoh by NULL.
- /\b/*\b* D\bDe\bet\bte\ber\brm\bmi\bin\bne\be t\bth\bhe\be j\bjo\bob\bb I\bID\bD f\bfo\bor\br l\blo\bog\bgg\bgi\bin\bng\bg.\b. *\b*/\b/
- i\bif\bf (\b(d\bdf\bfc\bc-\b->\b>m\bmc\bct\btx\bx_\b_j\bjo\bob\bbi\bid\bd =\b==\b= 0\b0 |\b||\b| s\bst\btr\brc\bcm\bmp\bp(\b(d\bdf\bfc\bc-\b->\b>m\bmc\bct\btx\bx_\b_j\bjo\bob\bbi\bid\bd,\b, J\bJO\bOB\bBI\bID\bDU\bUN\bNK\bKN\bNO\bOW\bWN\bN)\b) =\b==\b= 0\b0)\b)
- {\b{
- c\bch\bha\bar\br *\b*j\bjo\bob\bbi\bid\bd =\b= s\bsm\bmf\bfi\bi_\b_g\bge\bet\bts\bsy\bym\bmv\bva\bal\bl(\b(c\bct\btx\bx,\b, "\b"i\bi"\b")\b);\b;
- i\bif\bf (\b(j\bjo\bob\bbi\bid\bd !\b!=\b= 0\b0)\b)
- d\bdf\bfc\bc-\b->\b>m\bmc\bct\btx\bx_\b_j\bjo\bob\bbi\bid\bd =\b= j\bjo\bob\bbi\bid\bd;\b;
- }\b}
+ * Look up the mlfi_eom() function and add code near the top that calls
+ mlfi_eoh() as shown by the b\bbo\bol\bld\bd text below:
- /* get hostname; used in the X header and in new MIME boundaries */
+ assert(ctx != NULL);
+ #endif /* !DEBUG */
- NOTES:
+ r\bre\bet\bt =\b= m\bml\blf\bfi\bi_\b_e\beo\boh\bh(\b(c\bct\btx\bx)\b);\b;
+ i\bif\bf (\b(r\bre\bet\bt !\b!=\b= S\bSM\bMF\bFI\bIS\bS_\b_C\bCO\bON\bNT\bTI\bIN\bNU\bUE\bE)\b)
+ r\bre\bet\btu\bur\brn\bn r\bre\bet\bt;\b;
- o Different mail filters use slightly different names for variables. If
- the above code does not compile, look for the code at the start of the
- mlfi_eoh() routine.
+NOTES:
- o This fixes only the ugly message header, but not the WARNING message.
- Fortunately, dk-filter logs that message only once.
+ * This was tested with sid-milter-0.2.10 and sid-milter-0.2.14.
- With some Milter applications we can fix both the WARNING and the "unknown-
- msgid" by postponing the call of mlfi_eoh() (or whatever routine logs the
- WARNING) until the end of the message.
+ * This fixes only the ugly message header, but not the WARNING message.
+ Fortunately, sid-milter logs that message only once.
- o Edit the filter source file (typically named sid-filter/sid-filter.c or
- similar).
+To fix the ugly message header with other Milter applications, you will need to
+do something like this:
- o Look up the smfilter table and replace mlfi_eoh (or whatever routine
- logs the WARNING) by NULL.
+ * Edit the filter source file (typically named xxx-filter/xxx-filter.c or
+ similar).
- o Look up the mlfi_eom() function and add code near the top that calls
- mlfi_eoh() as shown by the b\bbo\bol\bld\bd text below:
+ * Look up the mlfi_eom() function and add code near the top shown as b\bbo\bol\bld\bd
+ text below:
- assert(ctx != NULL);
- #endif /* !DEBUG */
+ dfc = cc->cctx_msg;
+ assert(dfc != NULL);
- r\bre\bet\bt =\b= m\bml\blf\bfi\bi_\b_e\beo\boh\bh(\b(c\bct\btx\bx)\b);\b;
- i\bif\bf (\b(r\bre\bet\bt !\b!=\b= S\bSM\bMF\bFI\bIS\bS_\b_C\bCO\bON\bNT\bTI\bIN\bNU\bUE\bE)\b)
- r\bre\bet\btu\bur\brn\bn r\bre\bet\bt;\b;
+ /\b/*\b* D\bDe\bet\bte\ber\brm\bmi\bin\bne\be t\bth\bhe\be j\bjo\bob\bb I\bID\bD f\bfo\bor\br l\blo\bog\bgg\bgi\bin\bng\bg.\b. *\b*/\b/
+ i\bif\bf (\b(d\bdf\bfc\bc-\b->\b>m\bmc\bct\btx\bx_\b_j\bjo\bob\bbi\bid\bd =\b==\b= 0\b0 |\b||\b| s\bst\btr\brc\bcm\bmp\bp(\b(d\bdf\bfc\bc-\b->\b>m\bmc\bct\btx\bx_\b_j\bjo\bob\bbi\bid\bd,\b, J\bJO\bOB\bBI\bID\bDU\bUN\bNK\bKN\bNO\bOW\bWN\bN)\b) =\b==\b= 0\b0)\b) {\b{
+ c\bch\bha\bar\br *\b*j\bjo\bob\bbi\bid\bd =\b= s\bsm\bmf\bfi\bi_\b_g\bge\bet\bts\bsy\bym\bmv\bva\bal\bl(\b(c\bct\btx\bx,\b, "\b"i\bi"\b")\b);\b;
+ i\bif\bf (\b(j\bjo\bob\bbi\bid\bd !\b!=\b= 0\b0)\b)
+ d\bdf\bfc\bc-\b->\b>m\bmc\bct\btx\bx_\b_j\bjo\bob\bbi\bid\bd =\b= j\bjo\bob\bbi\bid\bd;\b;
+ }\b}
- This works with sid-milter-0.2.10. Other Milter applications will dump core
- when you do this.
+ /* get hostname; used in the X header and in new MIME boundaries */
+
+NOTES:
+
+ * Different mail filters use slightly different names for variables. If the
+ above code does not compile, look for the code at the start of the mlfi_eoh
+ () routine.
+
+ * This fixes only the ugly message header, but not the WARNING message.
+ Fortunately, many Milters log that message only once.
L\bLi\bim\bmi\bit\bta\bat\bti\bio\bon\bns\bs
G\bGe\ben\bne\ber\bra\bal\bl d\bdi\bis\bst\btr\bri\bib\bbu\but\bti\bio\bon\bns\bs:\b: p\bpl\ble\bea\bas\bse\be p\bpr\bro\bov\bvi\bid\bde\be a\ba s\bsm\bma\bal\bll\bl d\bde\bef\bfa\bau\bul\blt\bt m\bma\bai\bin\bn.\b.c\bcf\bf f\bfi\bil\ble\be
The installed main.cf file must be small. PLEASE resist the temptation to list
-all 400+ parameters in the main.cf file. Postfix is supposed to be easy to
-configure. Listing all 400+ in main.cf defeats the purpose. It is an invitation
-for hobbyists to make random changes without understanding what they do, and
-gets them into endless trouble.
+all parameters in the main.cf file. Postfix is supposed to be easy to
+configure. Listing all parameters in main.cf defeats the purpose. It is an
+invitation for hobbyists to make random changes without understanding what they
+do, and gets them into endless trouble.
G\bGe\ben\bne\ber\bra\bal\bl d\bdi\bis\bst\btr\bri\bib\bbu\but\bti\bio\bon\bns\bs:\b: p\bpl\ble\bea\bas\bse\be i\bin\bnc\bcl\blu\bud\bde\be R\bRE\bEA\bAD\bDM\bME\bE o\bor\br H\bHT\bTM\bML\bL f\bfi\bil\ble\bes\bs
how the client was authenticated via TLS. These attributes are empty in
case of no certificate authentication. As of Postfix 2.2.11 these attribute
values are encoded as xtext: some characters are represented by +XX, where
- XX is the two-digit hecadecimal representation of the character value.
+ XX is the two-digit hexadecimal representation of the character value.
* The "encryption_*" attributes (Postfix 2.3 and later) specify information
about how the connection is encrypted. With plaintext connections the
M\bMe\bea\bas\bsu\bur\bre\bes\bs a\bag\bga\bai\bin\bns\bst\bt c\bcl\bli\bie\ben\bnt\bts\bs t\bth\bha\bat\bt m\bma\bak\bke\be t\bto\boo\bo m\bma\ban\bny\by c\bco\bon\bnn\bne\bec\bct\bti\bio\bon\bns\bs
-Note: the anvil(8) service was introduced with Postfix version 2.2.
+Note: these features use the Postfix anvil(8) service, introduced with Postfix
+version 2.2.
The Postfix smtpd(8) server can limit the number of simultaneous connections
from the same SMTP client, as well as the number of connections that a client
(8) server (translation: if anvil(8) breaks, then connection limits stop
working).
-IMPORTANT: These limits are designed to protect the smtpd(8) server against
-flagrant abuse. Do not use these limits to regulate legitimate traffic: mail
-will suffer grotesque delays if you do so.
-
- * An SMTP client may make up to $smtpd_client_connection_count_limit
- simultaneous connections (default: 50). This is half the default process
- limit.
-
- * An SMTP client may make up to $smtpd_client_message_rate_limit message
- delivery requests per unit time (default: no limit).
-
- * An SMTP client may send up to $smtpd_client_recipient_rate_limit recipient
- addresses per unit time (default: no limit).
-
- * An SMTP client may make up to $smtpd_client_connection_rate_limit
- connections per unit time (default: no limit).
-
- * These limits are not applied to SMTP clients in the networks specified with
- $smtpd_client_event_limit_exceptions (default: clients in $mynetworks may
- make an unlimited number of connections).
-
- * The anvil_rate_time_unit parameter specifies the time unit over which
- client connection rates are computed (default: 60s).
+IMPORTANT: These limits must not be used to regulate legitimate traffic: mail
+will suffer grotesque delays if you do so. The limits are designed to protect
+the smtpd(8) server against abuse by out-of-control clients.
+
+ smtpd_client_connection_count_limit (default: 50)
+ The maximum number of connections than an SMTP client may make
+ simultaneously.
+ smtpd_client_connection_rate_limit (default: no limit)
+ The maximum number of connections that an SMTP client may make in the
+ time interval specified with anvil_rate_time_unit (default: 60s).
+ smtpd_client_message_rate_limit (default: no limit)
+ The maximum number of message delivery requests that an SMTP client may
+ make in the time interval specified with anvil_rate_time_unit (default:
+ 60s).
+ smtpd_client_recipient_rate_limit (default: no limit)
+ The maximum number of recipient addresses that an SMTP client may
+ specify in the time interval specified with anvil_rate_time_unit
+ (default: 60s).
+ smtpd_client_new_tls_session_rate_limit (default: no limit)
+ The maximum number of new TLS sessions (without using the TLS session
+ cache) that an SMTP client may negotiate in the time interval specified
+ with anvil_rate_time_unit (default: 60s).
+ smtpd_client_event_limit_exceptions (default: $mynetworks)
+ SMTP clients that are excluded from connection and rate limits
+ specified above.
G\bGe\ben\bne\ber\bra\bal\bl m\bma\bai\bil\bl d\bde\bel\bli\biv\bve\ber\bry\by p\bpe\ber\brf\bfo\bor\brm\bma\ban\bnc\bce\be t\bti\bip\bps\bs
limit delivery concurrency to the same recipient: if the recipient has an
expensive shell command in her .forward file, or if the recipient is a
mailing list manager, you don't want to run too many instances of those
- processes the same time.
+ processes at the same time.
* The default smtp_destination_concurrency_limit of 20 seems enough to
noticeably load a system without bringing it to its knees. Be careful when
This process is governed by a bunch of little parameters.
- queue_run_delay (default: 1000 seconds)
+ queue_run_delay (default: 300 seconds; before Postfix 2.4: 1000s)
How often the queue manager scans the queue for deferred mail.
- minimal_backoff_time (default: 1000 seconds)
+ minimal_backoff_time (default: 300 seconds; before Postfix 2.4: 1000s)
The minimal amount of time a message won't be looked at, and the
minimal amount of time to stay away from a "dead" destination.
maximal_backoff_time (default: 4000 seconds)
When mail is being deferred frequently, fixing the problem is always better
than increasing the frequency of delivery attempts. However, if you can control
only the delivery attempt frequency, consider using a dedicated fallback_relay
-"graveyard" machine for bad destinations so that they do not ruin the
-performance of normal mail deliveries.
+"graveyard" machine for bad destinations, so that these destinations do not
+ruin the performance of normal mail deliveries.
T\bTu\bun\bni\bin\bng\bg t\bth\bhe\be n\bnu\bum\bmb\bbe\ber\br o\bof\bf P\bPo\bos\bst\btf\bfi\bix\bx p\bpr\bro\boc\bce\bes\bss\bse\bes\bs
When Postfix opens too many files or sockets, processes will abort with fatal
errors, and the system may log "file table full" errors.
+ * Depending on your Postfix and operating system versions you may need to
+ recompile Postfix if you need more than 1024 file descriptors per process:
+
+ o No recompilation is needed for Postfix version 2.4 and later, when it
+ was compiled for systems that support BSD kqueue(2) (FreeBSD 4.1,
+ NetBSD 2.0, OpenBSD 2.9), Solaris 8 /dev/poll, or Linux 2.6 epoll(4).
+
+ o Otherwise, Postfix needs to be recompiled to override the default
+ FD_SETSIZE value.
+
* Reduce the number of processes as described under "Tuning the number of
Postfix processes" above. Fewer processes need fewer open files and
sockets.
sure to verify the following information with your system tuning guide:
o Some FreeBSD kernel parameters can be specified in /boot/loader.conf,
- and some can be changed with sysctl commands. Which is which depends on
- the version.
+ and some can be specified in /etc/sysctl.conf or changed with sysctl
+ commands. Which is which depends on the version.
kern.ipc.maxsockets="5000"
kern.ipc.nmbclusters="65536"
kern.maxfiles="16384"
kern.maxfilesperproc="16384"
- o Linux kernel parameters can be specified in /etc/sysctl.conf and can
- also be changed with sysctl commands:
+ o Linux kernel parameters can be specified in /etc/sysctl.conf or changed
+ with sysctl commands:
fs.file-max=16384
kernel.threads-max=2048
What needs to be done before Postfix 2.4.0 is finished:
-- Update MILTER_README (dkim, application patches).
-
- Create RELEASE_NOTES_2.4.
- Update BACKSCATTER_README with PCRE rules.
+- Otherwise done up to and including FILTER_README
+
- Truncate wish list from HISTORY.
- Spell check and double word check the proto files.
- Parameter hyperlink check and HTML check the html outputs.
-
-- Replace SPF policy server script by link to SPF website.
-
-- Remove MacOS X examples. They have not been updated.
-
-- Is "postmap -qf" still needed with regexp/pcre maps?
-
-- Update TUNING_README smtpd_client_*_limit feature list (add TLS).
-
-- Update TUNING_README file descriptor tuning.
+++ /dev/null
-#!/bin/sh
-
-# Gerben Wierda, Oct 2001. Adapted from an existing example. I waive every
-# copyright on this and I also do not give any warranty.
-
-# Updated Sepember 29, 2002
-# To work properly, the POSTFIX variable needs to be set to -YES-
-# in /etc/hostconfig
-
-. /etc/rc.common
-
-if [ "${POSTFIX:=-NO-}" = "-YES-" -a "${MAILSERVER:=-NO-}" = "-YES-" ]
-then
- ConsoleMessage "Cannot run concurrent postfix and sendmail"
- sleep 2
- exit
-fi
-
-##
-# Start mail server
-##
-
-if [ "$1" == "start" ]
-then
- if [ "${POSTFIX:=-NO-}" = "-YES-" ]
- then
- ConsoleMessage "Starting Postfix mail services"
- /usr/sbin/postfix start
- fi
-elif [ "$1" == "stop" ]
-then
- ConsoleMessage "Stopping Postfix mail services"
- /usr/sbin/postfix stop
-elif [ "$1" == "restart" ]
-then
- if [ "${POSTFIX:=-NO-}" = "-YES-" ]
- then
- ConsoleMessage "Reloading Postfix configuration"
- /usr/sbin/postfix reload
- else
- ConsoleMessage "Stopping Postfix mail services"
- /usr/sbin/postfix stop
- fi
-fi
-
-
+++ /dev/null
-{
- Description = "Postfix mail server";
- Provides = ("SMTP");
- Requires = ("Resolver");
- Uses = ("Network Time", "NFS");
- Preference = "None";
- Messages =
- {
- start = "Starting Postfix";
- stop = "Stopping Postfix";
- restart = "Reloading Postfix Configuration";
- };
-}
+++ /dev/null
-# Adapted from an existing example by Gerben Wierda, Oct 2001. I waive every
-# copyright on this and I also do not give any warranty.
-
-Let's start with the important warning:
-
-DO NOT USE THE MULTIPLE USERS APPLICATION TO CREATE THE POSTFIX USER!
-
-NOTE: Mac OS X as of version 10.3 comes with Postfix as the standard mailer
-and it is supported in Server Admin on Mac OS X 10.3 Server . The instructions
-below therefore only apply for Mac OS X 10.2.8.
-
-NOTE: As of 29 September 2002, these instructions and the scripts have changed
-to make the solution more robust for Apple updates.
-
-Run the commands below in the order that they are presented
-
-A. INSTALLING POSTFIX for the first time and selecting it as the active
- Mail Transfer Agent (MTA):
-
- # All these commands are written to be run from this directory.
-
- # This repairs the previous Oct 2001 setup if any
- sudo ./repair-oldsetup
-
- # Prepare for reactivating sendmail
- sudo ./backup-sendmail-binaries
-
- # this creates the necessary users & groups for proper operation
- # of postfix:
- sudo ./niscript
-
- # Install postfix:
- # When the script asks you for setgid (the default will be no) tell it
- # maildrop
- (cd ../..; sudo make install)
-
- # Prepare for reactivating postfix
- sudo ./backup-postfix-binaries
-
- # edit /etc/postfix/main.cf to suit your requirements
- ### add your own commands here ###
-
- # Activate postfix startup at boot time. Deactivates sendmail.
- sudo ./activate-postfix
-
- # Test. Read INSTALL for a series of suggested tests.
-
-B. DEACTIVATING POSTFIX
-
- # Deactivate postfix startup at boot time
- sudo ./deactivate-postfix
-
-C. RESTORING Sendmail as the MTA when Postfix is the active MTA
-
- # This repairs the previous Oct 2001 setup if any
- sudo ./repair-oldsetup
-
- # Deactivate postfix startup at boot time
- sudo ./deactivate-postfix
-
- sudo ./activate-sendmail
-
- # Restart your computer
-
-D. RESTORING postfix as the MTA when Sendmail is the active MTA
-
- # NOTE: The first time you activate postfix you have to follow
- # the steps of A.
-
- # This repairs the previous Oct 2001 setup if any
- sudo ./repair-oldsetup
-
- sudo ./activate-postfix
-
+++ /dev/null
-#!/bin/sh
-
-# Written by Gerben Wierda, Oct 2001. I waive every copyright on this and
-# I also do not give any warranty.
-
-. ./defines
-
-# Activate binaries
-if [ ! -e ${POSTFIXBACKUPDIR}/sendmail ]
-then
- echo "Something is wrong: there is no existing postfix binary backup"
- exit 1;
-else
- echo "Restoring postfix versions of sendmail programs from backup..."
- (cd ${POSTFIXBACKUPDIR}; tar cf - sendmail) | (cd /usr/sbin; tar xf -)
- (cd ${POSTFIXBACKUPDIR}; tar cf - newaliases) | (cd /usr/bin; tar xf -)
- (cd ${POSTFIXBACKUPDIR}; tar cf - mailq) | (cd /usr/bin; tar xf -)
-fi
-
-if [ -e "${PSI}" ]
-then
- echo "Postfix StartupItem already exists."
-else
- if [ -e "${PSIDISABLED}" ]
- then
- echo "Reinstating disabled Postfix StartupItem..."
- mv "${PSIDISABLED}" "${PSI}"
- else
- echo "Installing new default Postfix StartupItem..."
- cp -R Postfix.StartupItem "${PSI}"
- fi
-fi
-
-# De-activate sendmail in /etc/hostconfig
-/usr/bin/perl -pi -e 's/MAILSERVER=-YES-/MAILSERVER=-NO-/g' /etc/hostconfig
-# Activate postfix in /etc/hostconfig
-if /usr/bin/grep '^POSTFIX=-NO-' /etc/hostconfig >/dev/null 2>&1; then
- /usr/bin/perl -pi -e 's/POSTFIX=-NO-/POSTFIX=-YES-/g' /etc/hostconfig
-else
- echo "POSTFIX=-YES-" >>/etc/hostconfig
-fi
-
-/usr/sbin/postfix start
+++ /dev/null
-#!/bin/sh
-
-# Written by Gerben Wierda, Oct 2001. I waive every copyright on this and
-# I also do not give any warranty.
-
-. ./defines
-
-. ./deactivate-postfix
-
-# Activate binaries
-if [ ! -e ${SENDMAILBACKUPDIR}/sendmail ]
-then
- echo "Something is wrong: there is no existing sendmail binary backup"
- exit 1;
-else
- echo "Restoring sendmail versions of sendmail programs from backup..."
- (cd ${SENDMAILBACKUPDIR}; tar cf - sendmail) | (cd /usr/sbin; tar xf -)
- (cd ${SENDMAILBACKUPDIR}; tar cf - newaliases) | (cd /usr/bin; tar xf -)
- (cd ${SENDMAILBACKUPDIR}; tar cf - mailq) | (cd /usr/bin; tar xf -)
-fi
-
-# Activate sendmail in /etc/hostconfig
-/usr/bin/perl -pi -e 's/MAILSERVER=-NO-/MAILSERVER=-YES-/g' /etc/hostconfig
-
+++ /dev/null
-#! /bin/sh
-
-# Written by Gerben Wierda, Oct 2001. I waive every copyright on this and
-# I also do not give any warranty.
-
-# We use tar, as we do not know beforehand if we are dealing with real
-# files or symbolic links. Since we use tar, we cannot change filenames
-# we need to create a directory to hold our backup binaries.
-
-. ./defines
-
-if [ ! -d ${POSTFIXBACKUPDIR} ]
-then
- mkdir -p ${POSTFIXBACKUPDIR}
-fi
-
-(cd /usr/sbin; tar cf - sendmail) | (cd ${POSTFIXBACKUPDIR}; tar xf -)
-(cd /usr/bin; tar cf - newaliases) | (cd ${POSTFIXBACKUPDIR}; tar xf -)
-(cd /usr/bin; tar cf - mailq) | (cd ${POSTFIXBACKUPDIR}; tar xf -)
-
+++ /dev/null
-#! /bin/sh
-
-# Written by Gerben Wierda, Oct 2001. I waive every copyright on this and
-# I also do not give any warranty.
-
-# We use tar, as we do not know beforehand if we are dealing with real
-# files or symbolic links. Since we use tar, we cannot change filenames
-# we need to create a directory to hold our backup binaries.
-
-. ./defines
-
-if [ ! -d ${SENDMAILBACKUPDIR} ]
-then
- mkdir -p ${SENDMAILBACKUPDIR}
-fi
-
-(cd /usr/sbin; tar cf - sendmail) | (cd ${SENDMAILBACKUPDIR}; tar xf -)
-(cd /usr/bin; tar cf - newaliases) | (cd ${SENDMAILBACKUPDIR}; tar xf -)
-(cd /usr/bin; tar cf - mailq) | (cd ${SENDMAILBACKUPDIR}; tar xf -)
-
+++ /dev/null
-#!/bin/sh
-
-# Written by Gerben Wierda, Sep 2002. I waive every copyright on this and
-# I also do not give any warranty.
-
-. ./defines
-
-if [ -e "${PSI}" ]
-then
- mv "${PSI}" "${PSIDISABLED}"
-fi
-
-# De-activate postfix in /etc/hostconfig
-/usr/bin/perl -pi -e 's/POSTFIX=-YES-/POSTFIX=-NO-/g' /etc/hostconfig
-
-/usr/sbin/postfix stop >/dev/null 2>&1
+++ /dev/null
-#! /bin/sh
-
-# Written by Gerben Wierda, Oct 2001. I waive every copyright on this and
-# I also do not give any warranty.
-
-SIDIR="/Library/StartupItems"
-
-PSI="${SIDIR}/Postfix"
-PSIDISABLED="${PSI}.disabled"
-
-POSTFIXBACKUPDIR=/usr/sbin/.postfixbackup
-SENDMAILBACKUPDIR=/usr/sbin/.sendmailbackup
+++ /dev/null
-#!/usr/bin/perl
-
-# niscript.pl by Gerben Wierda <gerben_wierda@rna.nl>
-
-# This little script is an adaptation of the original niscript sh script by
-# Joe Block <jpb@creol.ucf.edu>
-# instead of using fixed uid/gid and thus not robust if you run it on a
-# system where groups and/or users have been added, this script checks
-# if the users/groups are there and if not creates them with free id's.
-
-# 17 Jul 2002 GW: Fixed two bugs
-# 1. Typo in createuser would always have uid 88 for postfix
-# 2. Add to netinfo domain . instead of / so that it also works on systems
-# where the / domain is actually network-wide (not very useful to add
-# a postfix user to all systems in that netinfo domain...)
-
-print <<_WARNING
-
-This script massages your netinfo database. This can severely break
-your system. If your netinfo database breaks, you get to keep the parts.
-
-No Warranty. Really.
-
-This script tries to create two groups (if they do not already exist):
-- postfix
-- maildrop
-and tries to create a user (if it does not already exist)
-- postfix
-which is member of group postfix.
-
-_WARNING
-;
-
-# The script starts to look at id 88 (both for user and group) and up to 65535
-# It dies if no free id is found.
-
-my $postfixgid = undef;
-my $maildropgid = undef;
-my $postfixuid = undef;
-
-# First create
-
-my @groups = readgroups();
-foreach $group (@groups) {
- (my $groupname, undef, my $gid, undef) = split( ':', $group);
- if ($groupname eq 'postfix') {
- warn "You already have a postfix group (with gid $gid)\n";
- $postfixgid = $gid;
- }
- if ($groupname eq 'maildrop') {
- warn "You already have a maildrop group (with gid $gid)\n";
- $maildropgid = $gid;
- }
-}
-
-if (not defined $postfixgid) {
- $postfixgid = creategroup( 'postfix');
-}
-
-if (not defined $maildropgid) {
- $maildropgid = creategroup( 'maildrop');
-}
-
-my @users = readusers();
-foreach $user (@users) {
- (my $username, undef, my $uid, undef) = split( ':', $user);
- if ($username eq 'postfix') {
- warn "You already have a postfix user (with uid $uid)\n";
- $postfixuid = $uid;
- }
-}
-
-if (not defined $postfixuid) {
- $postfixuid = createuser( 'postfix', '"Postfix User"',
- '/usr/bin/false', '/etc/postfix',
- $postfixgid);
- addusertogroup( 'postfix', 'postfix');
-}
-
-warn "\n";
-
-sub creategroup
-{
- my $name = shift;
- open( NIDUMP, "nidump group .|") or die "Cannot run nidump\n";
- my @groups=<NIDUMP>;
- close( NIDUMP);
-
- my $tryno;
- NEXTNO: for ($tryno = 88; $tryno <= 65535; $tryno++) {
- foreach my $group (@groups) {
- (my $groupname, undef, my $gid, undef) =
- split( ':', $group);
- next NEXTNO if $gid == $tryno;
- }
- last NEXTNO;
- }
- die "Cannot find free gid\n" if $tryno == 65536;
- warn "Will create $name as gid $tryno\n";
- system "niutil -create . /groups/$name";
- system "niutil -createprop . /groups/$name name $name";
- system "niutil -createprop . /groups/$name gid $tryno";
- system "niutil -createprop . /groups/$name passwd '*'";
- return $tryno;
-}
-
-sub addusertogroup
-{
- my $user = shift;
- my $group = shift;
- system "niutil -appendprop . /groups/$group users $user";
-}
-
-sub readgroups
-{
- open( NIDUMP, "nidump group .|") or die "Cannot run nidump\n";
- my @groups=<NIDUMP>;
- close( NIDUMP);
- return @groups;
-}
-
-sub readusers
-{
- my @passwd;
- open( NIDUMP, "nidump passwd .|") or die "Cannot run nidump\n";
- @passwd=<NIDUMP>;
- close( NIDUMP);
- return @passwd;
-}
-
-sub createuser
-{
- my $name = shift;
- my $realname = shift;
- my $shell = shift;
- my $home = shift;
- my $gid = shift;
-
- open( NIDUMP, "nidump passwd .|") or die "Cannot run nidump\n";
- my @passwds=<NIDUMP>;
- close( NIDUMP);
-
- my $tryno;
- NEXTNO: for ($tryno = 88; $tryno <= 65535; $tryno++) {
- foreach my $passwd (@passwds) {
- (my $passwdname, undef, my $uid, undef) =
- split( ':', $passwd);
- next NEXTNO if $uid == $tryno;
- }
- last NEXTNO;
- }
- die "Cannot find free uid\n" if $tryno == 65536;
- warn "Will create $name as uid $tryno\n";
- system "niutil -create . /users/$name";
- system "niutil -createprop . /users/$name realname $realname";
- system "niutil -createprop . /users/$name shell $shell";
- system "niutil -createprop . /users/$name uid $tryno";
- system "niutil -createprop . /users/$name gid $gid";
- system "niutil -createprop . /users/$name home $home";
- system "niutil -createprop . /users/$name _shadow_passwd";
- system "niutil -createprop . /users/$name passwd '*'";
- return $tryno;
-}
-
+++ /dev/null
-#!/bin/sh
-
-if [ -d /System/Library/DisabledStartupItems/Sendmail ]
-then
- mv /System/Library/DisabledStartupItems/Sendmail /System/Library/StartupItems
- rmdir /System/Library/DisabledStartupItems/Sendmail
- rm -rf /System/Library/StartupItems/Postfix
-fi
# postmap -q - /etc/postfix/access <inputfile
#
# DESCRIPTION
-# The Postfix SMTP server supports access control on remote
-# SMTP client information: host names, network addresses,
-# and envelope sender or recipient addresses. See
-# header_checks(5) or body_checks(5) for access control on
-# the content of email messages.
-#
-# Normally, the access(5) table is specified as a text file
-# that serves as input to the postmap(1) command. The
-# result, an indexed file in dbm or db format, is used for
-# fast searching by the mail system. Execute the command
-# "postmap /etc/postfix/access" to rebuild an indexed file
+# This document describes access control on remote SMTP
+# client information: host names, network addresses, and
+# envelope sender or recipient addresses; it is implemented
+# by the Postfix SMTP server. See header_checks(5) or
+# body_checks(5) for access control on the content of email
+# messages.
+#
+# Normally, the access(5) table is specified as a text file
+# that serves as input to the postmap(1) command. The
+# result, an indexed file in dbm or db format, is used for
+# fast searching by the mail system. Execute the command
+# "postmap /etc/postfix/access" to rebuild an indexed file
# after changing the corresponding text file.
#
-# When the table is provided via other means such as NIS,
-# LDAP or SQL, the same lookups are done as for ordinary
+# When the table is provided via other means such as NIS,
+# LDAP or SQL, the same lookups are done as for ordinary
# indexed files.
#
-# Alternatively, the table can be provided as a regular-
+# Alternatively, the table can be provided as a regular-
# expression map where patterns are given as regular expres-
-# sions, or lookups can be directed to TCP-based server. In
-# those cases, the lookups are done in a slightly different
-# way as described below under "REGULAR EXPRESSION TABLES"
+# sions, or lookups can be directed to TCP-based server. In
+# those cases, the lookups are done in a slightly different
+# way as described below under "REGULAR EXPRESSION TABLES"
# or "TCP-BASED TABLES".
#
# CASE FOLDING
-# The search string is folded to lowercase before database
-# lookup. As of Postfix 2.3, the search string is not case
-# folded with database types such as regexp: or pcre: whose
+# The search string is folded to lowercase before database
+# lookup. As of Postfix 2.3, the search string is not case
+# folded with database types such as regexp: or pcre: whose
# lookup fields can match both upper and lower case.
#
# TABLE FORMAT
# address, perform the corresponding action.
#
# blank lines and comments
-# Empty lines and whitespace-only lines are ignored,
-# as are lines whose first non-whitespace character
+# Empty lines and whitespace-only lines are ignored,
+# as are lines whose first non-whitespace character
# is a `#'.
#
# multi-line text
-# A logical line starts with non-whitespace text. A
-# line that starts with whitespace continues a logi-
+# A logical line starts with non-whitespace text. A
+# line that starts with whitespace continues a logi-
# cal line.
#
# EMAIL ADDRESS PATTERNS
# With lookups from indexed files such as DB or DBM, or from
-# networked tables such as NIS, LDAP or SQL, patterns are
+# networked tables such as NIS, LDAP or SQL, patterns are
# tried in the order as listed below:
#
# user@domain
# Matches the specified mail address.
#
# domain.tld
-# Matches domain.tld as the domain part of an email
+# Matches domain.tld as the domain part of an email
# address.
#
# The pattern domain.tld also matches subdomains, but
# only when the string smtpd_access_maps is listed in
-# the Postfix parent_domain_matches_subdomains con-
-# figuration setting (note that this is the default
-# for some versions of Postfix). Otherwise, specify
-# .domain.tld (note the initial dot) in order to
+# the Postfix parent_domain_matches_subdomains con-
+# figuration setting (note that this is the default
+# for some versions of Postfix). Otherwise, specify
+# .domain.tld (note the initial dot) in order to
# match subdomains.
#
-# user@ Matches all mail addresses with the specified user
+# user@ Matches all mail addresses with the specified user
# part.
#
-# Note: lookup of the null sender address is not possible
-# with some types of lookup table. By default, Postfix uses
-# <> as the lookup key for such addresses. The value is
-# specified with the smtpd_null_access_lookup_key parameter
+# Note: lookup of the null sender address is not possible
+# with some types of lookup table. By default, Postfix uses
+# <> as the lookup key for such addresses. The value is
+# specified with the smtpd_null_access_lookup_key parameter
# in the Postfix main.cf file.
#
# EMAIL ADDRESS EXTENSION
# When a mail address localpart contains the optional recip-
-# ient delimiter (e.g., user+foo@domain), the lookup order
-# becomes: user+foo@domain, user@domain, domain, user+foo@,
+# ient delimiter (e.g., user+foo@domain), the lookup order
+# becomes: user+foo@domain, user@domain, domain, user+foo@,
# and user@.
#
# HOST NAME/ADDRESS PATTERNS
# With lookups from indexed files such as DB or DBM, or from
-# networked tables such as NIS, LDAP or SQL, the following
+# networked tables such as NIS, LDAP or SQL, the following
# lookup patterns are examined in the order as listed:
#
# domain.tld
#
# The pattern domain.tld also matches subdomains, but
# only when the string smtpd_access_maps is listed in
-# the Postfix parent_domain_matches_subdomains con-
+# the Postfix parent_domain_matches_subdomains con-
# figuration setting. Otherwise, specify .domain.tld
-# (note the initial dot) in order to match subdo-
+# (note the initial dot) in order to match subdo-
# mains.
#
# net.work.addr.ess
#
# net.work
#
-# net Matches the specified IPv4 host address or subnet-
-# work. An IPv4 host address is a sequence of four
+# net Matches the specified IPv4 host address or subnet-
+# work. An IPv4 host address is a sequence of four
# decimal octets separated by ".".
#
-# Subnetworks are matched by repeatedly truncating
+# Subnetworks are matched by repeatedly truncating
# the last ".octet" from the remote IPv4 host address
-# string until a match is found in the access table,
+# string until a match is found in the access table,
# or until further truncation is not possible.
#
# NOTE 1: The information in the access map should be
# in canonical form, with unnecessary null characters
-# eliminated. Address information must not be
+# eliminated. Address information must not be
# enclosed with "[]" characters.
#
-# NOTE 2: use the cidr lookup table type to specify
+# NOTE 2: use the cidr lookup table type to specify
# network/netmask patterns. See cidr_table(5) for
# details.
#
#
# net:work
#
-# net Matches the specified IPv6 host address or subnet-
-# work. An IPv6 host address is a sequence of three
-# to eight hexadecimal octet pairs separated by ":".
+# net Matches the specified IPv6 host address or subnet-
+# work. An IPv6 host address is a sequence of three
+# to eight hexadecimal octet pairs separated by ":".
#
-# Subnetworks are matched by repeatedly truncating
-# the last ":octetpair" from the remote IPv6 host
+# Subnetworks are matched by repeatedly truncating
+# the last ":octetpair" from the remote IPv6 host
# address string until a match is found in the access
# table, or until further truncation is not possible.
#
#
# NOTE 2: The information in the access map should be
# in canonical form, with unnecessary null characters
-# eliminated. Address information must not be
+# eliminated. Address information must not be
# enclosed with "[]" characters.
#
-# NOTE 3: use the cidr lookup table type to specify
+# NOTE 3: use the cidr lookup table type to specify
# network/netmask patterns. See cidr_table(5) for
# details.
#
#
# all-numerical
# An all-numerical result is treated as OK. This for-
-# mat is generated by address-based relay authoriza-
+# mat is generated by address-based relay authoriza-
# tion schemes such as pop-before-smtp.
#
# REJECT ACTIONS
-# Postfix version 2.3 and later support enhanced status
-# codes as defined in RFC 3463. When no code is specified
-# at the beginning of the text below, Postfix inserts a
-# default enhanced status code of "5.7.1" in the case of
-# reject actions, and "4.7.1" in the case of defer actions.
+# Postfix version 2.3 and later support enhanced status
+# codes as defined in RFC 3463. When no code is specified
+# at the beginning of the text below, Postfix inserts a
+# default enhanced status code of "5.7.1" in the case of
+# reject actions, and "4.7.1" in the case of defer actions.
# See "ENHANCED STATUS CODES" below.
#
# 4NN text
#
# 5NN text
-# Reject the address etc. that matches the pattern,
+# Reject the address etc. that matches the pattern,
# and respond with the numerical three-digit code and
-# text. 4NN means "try again later", while 5NN means
+# text. 4NN means "try again later", while 5NN means
# "do not try again".
#
-# The reply code "421" causes Postfix to disconnect
+# The reply code "421" causes Postfix to disconnect
# immediately (Postfix version 2.3 and later).
#
# REJECT optional text...
-# Reject the address etc. that matches the pattern.
-# Reply with $reject_code optional text... when the
-# optional text is specified, otherwise reply with a
+# Reject the address etc. that matches the pattern.
+# Reply with $reject_code optional text... when the
+# optional text is specified, otherwise reply with a
# generic error response message.
#
# DEFER_IF_REJECT optional text...
-# Defer the request if some later restriction would
-# result in a REJECT action. Reply with "450 4.7.1
-# optional text... when the optional text is speci-
+# Defer the request if some later restriction would
+# result in a REJECT action. Reply with "450 4.7.1
+# optional text... when the optional text is speci-
# fied, otherwise reply with a generic error response
# message.
#
# This feature is available in Postfix 2.1 and later.
#
# DEFER_IF_PERMIT optional text...
-# Defer the request if some later restriction would
-# result in a an explicit or implicit PERMIT action.
-# Reply with "450 4.7.1 optional text... when the
-# optional text is specified, otherwise reply with a
+# Defer the request if some later restriction would
+# result in a an explicit or implicit PERMIT action.
+# Reply with "450 4.7.1 optional text... when the
+# optional text is specified, otherwise reply with a
# generic error response message.
#
# This feature is available in Postfix 2.1 and later.
# reject_unauth_destination, and so on).
#
# DISCARD optional text...
-# Claim successful delivery and silently discard the
-# message. Log the optional text if specified, oth-
+# Claim successful delivery and silently discard the
+# message. Log the optional text if specified, oth-
# erwise log a generic message.
#
-# Note: this action currently affects all recipients
-# of the message. To discard only one recipient
-# without discarding the entire message, use the
+# Note: this action currently affects all recipients
+# of the message. To discard only one recipient
+# without discarding the entire message, use the
# transport(5) table to direct mail to the discard(8)
# service.
#
# This feature is available in Postfix 2.0 and later.
#
-# DUNNO Pretend that the lookup key was not found. This
-# prevents Postfix from trying substrings of the
-# lookup key (such as a subdomain name, or a network
+# DUNNO Pretend that the lookup key was not found. This
+# prevents Postfix from trying substrings of the
+# lookup key (such as a subdomain name, or a network
# address subnetwork).
#
# This feature is available in Postfix 2.0 and later.
#
# FILTER transport:destination
-# After the message is queued, send the entire mes-
+# After the message is queued, send the entire mes-
# sage through the specified external content filter.
-# The transport:destination syntax is described in
-# the transport(5) manual page. More information
-# about external content filters is in the Postfix
+# The transport:destination syntax is described in
+# the transport(5) manual page. More information
+# about external content filters is in the Postfix
# FILTER_README file.
#
-# Note: this action overrides the main.cf con-
-# tent_filter setting, and currently affects all
-# recipients of the message.
+# Note: this action overrides the content_filter set-
+# ting, and currently affects all recipients of the
+# message.
#
# This feature is available in Postfix 2.0 and later.
#
# HOLD optional text...
-# Place the message on the hold queue, where it will
-# sit until someone either deletes it or releases it
-# for delivery. Log the optional text if specified,
+# Place the message on the hold queue, where it will
+# sit until someone either deletes it or releases it
+# for delivery. Log the optional text if specified,
# otherwise log a generic message.
#
-# Mail that is placed on hold can be examined with
-# the postcat(1) command, and can be destroyed or
+# Mail that is placed on hold can be examined with
+# the postcat(1) command, and can be destroyed or
# released with the postsuper(1) command.
#
-# Note: use "postsuper -r" to release mail that was
-# kept on hold for a significant fraction of $maxi-
+# Note: use "postsuper -r" to release mail that was
+# kept on hold for a significant fraction of $maxi-
# mal_queue_lifetime or $bounce_queue_lifetime, or
-# longer. Use "postsuper -H" only for mail that will
+# longer. Use "postsuper -H" only for mail that will
# not expire within a few delivery attempts.
#
-# Note: this action currently affects all recipients
+# Note: this action currently affects all recipients
# of the message.
#
# This feature is available in Postfix 2.0 and later.
#
# PREPEND headername: headervalue
-# Prepend the specified message header to the mes-
-# sage. When more than one PREPEND action executes,
-# the first prepended header appears before the sec-
+# Prepend the specified message header to the mes-
+# sage. When more than one PREPEND action executes,
+# the first prepended header appears before the sec-
# ond etc. prepended header.
#
-# Note: this action must execute before the message
-# content is received; it cannot execute in the con-
+# Note: this action must execute before the message
+# content is received; it cannot execute in the con-
# text of smtpd_end_of_data_restrictions.
#
# This feature is available in Postfix 2.1 and later.
#
# REDIRECT user@domain
-# After the message is queued, send the message to
+# After the message is queued, send the message to
# the specified address instead of the intended
# recipient(s).
#
-# Note: this action overrides the FILTER action, and
+# Note: this action overrides the FILTER action, and
# currently affects all recipients of the message.
#
# This feature is available in Postfix 2.1 and later.
#
# WARN optional text...
# Log a warning with the optional text, together with
-# client information and if available, with helo,
+# client information and if available, with helo,
# sender, recipient and protocol information.
#
# This feature is available in Postfix 2.1 and later.
#
# ENHANCED STATUS CODES
-# Postfix version 2.3 and later support enhanced status
-# codes as defined in RFC 3463. When an enhanced status
-# code is specified in an access table, it is subject to
-# modification. The following transformations are needed
-# when the same access table is used for client, helo,
-# sender, or recipient access restrictions; they happen
+# Postfix version 2.3 and later support enhanced status
+# codes as defined in RFC 3463. When an enhanced status
+# code is specified in an access table, it is subject to
+# modification. The following transformations are needed
+# when the same access table is used for client, helo,
+# sender, or recipient access restrictions; they happen
# regardless of whether Postfix replies to a MAIL FROM, RCPT
# TO or other SMTP command.
#
-# o When a sender address matches a REJECT action, the
-# Postfix SMTP server will transform a recipient DSN
-# status (e.g., 4.1.1-4.1.6) into the corresponding
+# o When a sender address matches a REJECT action, the
+# Postfix SMTP server will transform a recipient DSN
+# status (e.g., 4.1.1-4.1.6) into the corresponding
# sender DSN status, and vice versa.
#
-# o When non-address information matches a REJECT
-# action (such as the HELO command argument or the
-# client hostname/address), the Postfix SMTP server
-# will transform a sender or recipient DSN status
-# into a generic non-address DSN status (e.g.,
+# o When non-address information matches a REJECT
+# action (such as the HELO command argument or the
+# client hostname/address), the Postfix SMTP server
+# will transform a sender or recipient DSN status
+# into a generic non-address DSN status (e.g.,
# 4.0.0).
#
# REGULAR EXPRESSION TABLES
-# This section describes how the table lookups change when
+# This section describes how the table lookups change when
# the table is given in the form of regular expressions. For
-# a description of regular expression lookup table syntax,
+# a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5).
#
-# Each pattern is a regular expression that is applied to
+# Each pattern is a regular expression that is applied to
# the entire string being looked up. Depending on the appli-
-# cation, that string is an entire client hostname, an
+# cation, that string is an entire client hostname, an
# entire client IP address, or an entire mail address. Thus,
# no parent domain or parent network search is done,
-# user@domain mail addresses are not broken up into their
+# user@domain mail addresses are not broken up into their
# user@ and domain constituent parts, nor is user+foo broken
# up into user and foo.
#
-# Patterns are applied in the order as specified in the ta-
-# ble, until a pattern is found that matches the search
+# Patterns are applied in the order as specified in the ta-
+# ble, until a pattern is found that matches the search
# string.
#
-# Actions are the same as with indexed file lookups, with
-# the additional feature that parenthesized substrings from
+# Actions are the same as with indexed file lookups, with
+# the additional feature that parenthesized substrings from
# the pattern can be interpolated as $1, $2 and so on.
#
# TCP-BASED TABLES
-# This section describes how the table lookups change when
+# This section describes how the table lookups change when
# lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see tcp_ta-
# ble(5). This feature is not available up to and including
# Postfix version 2.4.
#
-# Each lookup operation uses the entire query string once.
-# Depending on the application, that string is an entire
+# Each lookup operation uses the entire query string once.
+# Depending on the application, that string is an entire
# client hostname, an entire client IP address, or an entire
-# mail address. Thus, no parent domain or parent network
-# search is done, user@domain mail addresses are not broken
-# up into their user@ and domain constituent parts, nor is
+# mail address. Thus, no parent domain or parent network
+# search is done, user@domain mail addresses are not broken
+# up into their user@ and domain constituent parts, nor is
# user+foo broken up into user and foo.
#
# Actions are the same as with indexed file lookups.
#
# EXAMPLE
-# The following example uses an indexed file, so that the
-# order of table entries does not matter. The example per-
-# mits access by the client at address 1.2.3.4 but rejects
-# all other clients in 1.2.3.0/24. Instead of hash lookup
-# tables, some systems use dbm. Use the command "postconf
-# -m" to find out what lookup tables Postfix supports on
+# The following example uses an indexed file, so that the
+# order of table entries does not matter. The example per-
+# mits access by the client at address 1.2.3.4 but rejects
+# all other clients in 1.2.3.0/24. Instead of hash lookup
+# tables, some systems use dbm. Use the command "postconf
+# -m" to find out what lookup tables Postfix supports on
# your system.
#
# /etc/postfix/main.cf:
# editing the file.
#
# BUGS
-# The table format does not understand quoting conventions.
+# The table format does not understand quoting conventions.
#
# SEE ALSO
# postmap(1), Postfix lookup table manager
# transport(5), transport:nexthop syntax
#
# README FILES
-# Use "postconf readme_directory" or "postconf html_direc-
+# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
# SMTPD_ACCESS_README, built-in SMTP server access control
# DATABASE_README, Postfix lookup table overview
#
# LICENSE
-# The Secure Mailer license must be distributed with this
+# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)
# HEADER_CHECKS(5) HEADER_CHECKS(5)
#
# NAME
-# header_checks - Postfix built-in header/body inspection
+# header_checks - Postfix built-in content inspection
#
# SYNOPSIS
# header_checks = pcre:/etc/postfix/header_checks
# postmap -fq - pcre:/etc/postfix/filename <inputfile
#
# DESCRIPTION
-# The Postfix cleanup(8) server supports access control on
-# the content of message headers and message body lines.
-# See access(5) for access control on remote SMTP client
+# This document describes access control on the content of
+# message headers and message body lines; it is implemented
+# by the Postfix cleanup(8) server before mail is queued.
+# See access(5) for access control on remote SMTP client
# information.
#
-# Each message header or message body line is compared
-# against a list of patterns. When a match is found the
+# Each message header or message body line is compared
+# against a list of patterns. When a match is found the
# corresponding action is executed, and the matching process
-# is repeated for the next message header or message body
+# is repeated for the next message header or message body
# line.
#
-# For examples, see the EXAMPLES section at the end of this
+# For examples, see the EXAMPLES section at the end of this
# manual page.
#
# Postfix header or body_checks are designed to stop a flood
-# of mail from worms or viruses; they do not decode attach-
-# ments, and they do not unzip archives. See the documents
-# referenced below in the README FILES section if you need
+# of mail from worms or viruses; they do not decode attach-
+# ments, and they do not unzip archives. See the documents
+# referenced below in the README FILES section if you need
# more sophisticated content analysis.
#
# Postfix supports four built-in content inspection classes:
#
# header_checks
-# These are applied to initial message headers
-# (except for the headers that are processed with
+# These are applied to initial message headers
+# (except for the headers that are processed with
# mime_header_checks).
#
# mime_header_checks (default: $header_checks)
-# These are applied to MIME related message headers
+# These are applied to MIME related message headers
# only.
#
# This feature is available in Postfix 2.0 and later.
#
# nested_header_checks (default: $header_checks)
-# These are applied to message headers of attached
-# email messages (except for the headers that are
+# These are applied to message headers of attached
+# email messages (except for the headers that are
# processed with mime_header_checks).
#
# This feature is available in Postfix 2.0 and later.
#
# body_checks
-# These are applied to all other content, including
+# These are applied to all other content, including
# multi-part message boundaries.
#
# With Postfix versions before 2.0, all content after
# tent.
#
# Note: message headers are examined one logical header at a
-# time, even when a message header spans multiple lines.
+# time, even when a message header spans multiple lines.
# Body lines are always examined one line at a time.
#
# TABLE FORMAT
-# This document assumes that header and body_checks rules
-# are specified in the form of Postfix regular expression
-# lookup tables. Usually the best performance is obtained
+# This document assumes that header and body_checks rules
+# are specified in the form of Postfix regular expression
+# lookup tables. Usually the best performance is obtained
# with pcre (Perl Compatible Regular Expression) tables, but
-# the slower regexp (POSIX regular expressions) support is
-# more widely available. Use the command "postconf -m" to
-# find out what lookup table types your Postfix system sup-
+# the slower regexp (POSIX regular expressions) support is
+# more widely available. Use the command "postconf -m" to
+# find out what lookup table types your Postfix system sup-
# ports.
#
# The general format of Postfix regular expression tables is
-# given below. For a discussion of specific pattern or
-# flags syntax, see pcre_table(5) or regexp_table(5),
+# given below. For a discussion of specific pattern or
+# flags syntax, see pcre_table(5) or regexp_table(5),
# respectively.
#
# /pattern/flags action
-# When pattern matches the input string, execute the
-# corresponding action. See below for a list of pos-
+# When pattern matches the input string, execute the
+# corresponding action. See below for a list of pos-
# sible actions.
#
# !/pattern/flags action
-# When pattern does not match the input string, exe-
+# When pattern does not match the input string, exe-
# cute the corresponding action.
#
# if /pattern/flags
#
# endif Match the input string against the patterns between
-# if and endif, if and only if the input string also
-# matches pattern. The if..endif can nest.
+# if and endif, if and only if the same input string
+# also matches pattern. The if..endif can nest.
#
-# Note: do not prepend whitespace to patterns inside
+# Note: do not prepend whitespace to patterns inside
# if..endif.
#
# if !/pattern/flags
#
# endif Match the input string against the patterns between
-# if and endif, if and only if the input string does
-# not match pattern. The if..endif can nest.
+# if and endif, if and only if the same input string
+# does not match pattern. The if..endif can nest.
#
# blank lines and comments
-# Empty lines and whitespace-only lines are ignored,
-# as are lines whose first non-whitespace character
+# Empty lines and whitespace-only lines are ignored,
+# as are lines whose first non-whitespace character
# is a `#'.
#
# multi-line text
-# A pattern/action line starts with non-whitespace
-# text. A line that starts with whitespace continues
+# A pattern/action line starts with non-whitespace
+# text. A line that starts with whitespace continues
# a logical line.
#
# TABLE SEARCH ORDER
-# For each line of message input, the patterns are applied
-# in the order as specified in the table. When a pattern is
-# found that matches the input line, the corresponding
-# action is executed and then the next input line is
+# For each line of message input, the patterns are applied
+# in the order as specified in the table. When a pattern is
+# found that matches the input line, the corresponding
+# action is executed and then the next input line is
# inspected.
#
# TEXT SUBSTITUTION
-# Substitution of substrings from the matched expression
-# into the action string is possible using the conventional
-# Perl syntax ($1, $2, etc.). The macros in the result
-# string may need to be written as ${n} or $(n) if they
+# Substitution of substrings from the matched expression
+# into the action string is possible using the conventional
+# Perl syntax ($1, $2, etc.). The macros in the result
+# string may need to be written as ${n} or $(n) if they
# aren't followed by whitespace.
#
-# Note: since negated patterns (those preceded by !) return
+# Note: since negated patterns (those preceded by !) return
# a result when the expression does not match, substitutions
# are not available for negated patterns.
#
# case for consistency with other Postfix documentation.
#
# DISCARD optional text...
-# Claim successful delivery and silently discard the
-# message. Log the optional text if specified, oth-
+# Claim successful delivery and silently discard the
+# message. Log the optional text if specified, oth-
# erwise log a generic message.
#
-# Note: this action disables further header or
-# body_checks inspection of the current message and
+# Note: this action disables further header or
+# body_checks inspection of the current message and
# affects all recipients. To discard only one recip-
# ient without discarding the entire message, use the
# transport(5) table to direct mail to the discard(8)
#
# This feature is available in Postfix 2.0 and later.
#
-# DUNNO Pretend that the input line did not match any pat-
-# tern, and inspect the next input line. This action
+# DUNNO Pretend that the input line did not match any pat-
+# tern, and inspect the next input line. This action
# can be used to shorten the table search.
#
-# For backwards compatibility reasons, Postfix also
-# accepts OK but it is (and always has been) treated
+# For backwards compatibility reasons, Postfix also
+# accepts OK but it is (and always has been) treated
# as DUNNO.
#
# This feature is available in Postfix 2.1 and later.
#
# FILTER transport:destination
-# Write a content filter request to the queue file
-# and inspect the next input line. After the com-
-# plete message is received it will be sent through
+# Write a content filter request to the queue file,
+# and inspect the next input line. After the com-
+# plete message is received it will be sent through
# the specified external content filter. More infor-
-# mation about external content filters is in the
+# mation about external content filters is in the
# Postfix FILTER_README file.
#
-# Note: this action overrides the main.cf con-
-# tent_filter setting, and affects all recipients of
-# the message. In the case that multiple FILTER
-# actions fire, only the last one is executed.
+# Note: this action overrides the content_filter set-
+# ting, and affects all recipients of the message. In
+# the case that multiple FILTER actions fire, only
+# the last one is executed.
#
# This feature is available in Postfix 2.0 and later.
#
# HOLD optional text...
-# Arrange for the message to be placed on the hold
-# queue, and inspect the next input line. The mes-
-# sage remains on hold until someone either deletes
-# it or releases it for delivery. Log the optional
+# Arrange for the message to be placed on the hold
+# queue, and inspect the next input line. The mes-
+# sage remains on hold until someone either deletes
+# it or releases it for delivery. Log the optional
# text if specified, otherwise log a generic message.
#
-# Mail that is placed on hold can be examined with
-# the postcat(1) command, and can be destroyed or
+# Mail that is placed on hold can be examined with
+# the postcat(1) command, and can be destroyed or
# released with the postsuper(1) command.
#
-# Note: use "postsuper -r" to release mail that was
-# kept on hold for a significant fraction of $maxi-
+# Note: use "postsuper -r" to release mail that was
+# kept on hold for a significant fraction of $maxi-
# mal_queue_lifetime or $bounce_queue_lifetime, or
-# longer. Use "postsuper -H" only for mail that will
+# longer. Use "postsuper -H" only for mail that will
# not expire within a few delivery attempts.
#
-# Note: this action affects all recipients of the
+# Note: this action affects all recipients of the
# message.
#
# This feature is available in Postfix 2.0 and later.
#
-# IGNORE Delete the current line from the input and inspect
+# IGNORE Delete the current line from the input, and inspect
# the next input line.
#
# PREPEND text...
-# Prepend one line with the specified text and
+# Prepend one line with the specified text, and
# inspect the next input line.
#
# Notes:
#
-# o The prepended text is output on a separate
+# o The prepended text is output on a separate
# line, immediately before the input that
# triggered the PREPEND action.
#
# o The prepended text is not considered part of
-# the input stream: it is not subject to
+# the input stream: it is not subject to
# header/body checks or address rewriting, and
# it does not affect the way that Postfix adds
# missing message headers.
#
# o When prepending text before a message header
-# line, the prepended text must begin with a
+# line, the prepended text must begin with a
# valid message header label.
#
# o This action cannot be used to prepend multi-
# This feature is available in Postfix 2.1 and later.
#
# REDIRECT user@domain
-# Write a message redirection request to the queue
-# file and inspect the next input line. After the
+# Write a message redirection request to the queue
+# file, and inspect the next input line. After the
# message is queued, it will be sent to the specified
# address instead of the intended recipient(s).
#
-# Note: this action overrides the FILTER action, and
-# affects all recipients of the message. If multiple
-# REDIRECT actions fire, only the last one is exe-
+# Note: this action overrides the FILTER action, and
+# affects all recipients of the message. If multiple
+# REDIRECT actions fire, only the last one is exe-
# cuted.
#
# This feature is available in Postfix 2.1 and later.
#
# REPLACE text...
-# Replace the current line with the specified text
+# Replace the current line with the specified text,
# and inspect the next input line.
#
# This feature is available in Postfix 2.2 and later.
-# The description below applies to Postfix 2.2.2 and
+# The description below applies to Postfix 2.2.2 and
# later.
#
# Notes:
#
-# o When replacing a message header line, the
-# replacement text must begin with a valid
+# o When replacing a message header line, the
+# replacement text must begin with a valid
# header label.
#
-# o The replaced text remains part of the input
-# stream. Unlike the result from the PREPEND
-# action, a replaced message header may be
-# subject to address rewriting and may affect
-# the way that Postfix adds missing message
+# o The replaced text remains part of the input
+# stream. Unlike the result from the PREPEND
+# action, a replaced message header may be
+# subject to address rewriting and may affect
+# the way that Postfix adds missing message
# headers.
#
# REJECT optional text...
-# Reject the entire message. Reply with optional
+# Reject the entire message. Reply with optional
# text... when the optional text is specified, other-
# wise reply with a generic error message.
#
-# Note: this action disables further header or
-# body_checks inspection of the current message and
+# Note: this action disables further header or
+# body_checks inspection of the current message and
# affects all recipients.
#
# Postfix version 2.3 and later support enhanced sta-
# enhanced status code of "5.7.1".
#
# WARN optional text...
-# Log a warning with the optional text... (or log a
-# generic message) and inspect the next input line.
+# Log a warning with the optional text... (or log a
+# generic message), and inspect the next input line.
# This action is useful for debugging and for testing
# a pattern before applying more drastic actions.
#
# BUGS
-# Many people overlook the main limitations of header and
-# body_checks rules. These rules operate on one logical
-# message header or one body line at a time, and a decision
-# made for one line is not carried over to the next line.
-# If text in the message body is encoded (RFC 2045) then the
-# rules have to specified for the encoded form. Likewise,
-# when message headers are encoded (RFC 2047) then the rules
-# need to be specified for the encoded form.
-#
-# Message headers added by the cleanup(8) daemon itself are
+# Many people overlook the main limitations of header and
+# body_checks rules.
+#
+# o These rules operate on one logical message header
+# or one body line at a time. A decision made for one
+# line is not carried over to the next line.
+#
+# o If text in the message body is encoded (RFC 2045)
+# then the rules have to specified for the encoded
+# form.
+#
+# o Likewise, when message headers are encoded (RFC
+# 2047) then the rules need to be specified for the
+# encoded form.
+#
+# Message headers added by the cleanup(8) daemon itself are
# excluded from inspection. Examples of such message headers
# are From:, To:, Message-ID:, Date:.
#
-# Message headers deleted by the cleanup(8) daemon will be
+# Message headers deleted by the cleanup(8) daemon will be
# examined before they are deleted. Examples are: Bcc:, Con-
# tent-Length:, Return-Path:.
#
# body_checks
# Lookup tables with content filter rules for message
# body lines. These filters see one physical line at
-# a time, in chunks of at most $line_length_limit
+# a time, in chunks of at most $line_length_limit
# bytes.
#
# body_checks_size_limit
-# The amount of content per message body segment
+# The amount of content per message body segment
# (attachment) that is subjected to $body_checks fil-
# tering.
#
#
# nested_header_checks (default: $header_checks)
# Lookup tables with content filter rules for message
-# header lines: respectively, these are applied to
-# the initial message headers (not including MIME
-# headers), to the MIME headers anywhere in the mes-
-# sage, and to the initial headers of attached mes-
+# header lines: respectively, these are applied to
+# the initial message headers (not including MIME
+# headers), to the MIME headers anywhere in the mes-
+# sage, and to the initial headers of attached mes-
# sages.
#
-# Note: these filters see one logical message header
-# at a time, even when a message header spans multi-
-# ple lines. Message headers that are longer than
+# Note: these filters see one logical message header
+# at a time, even when a message header spans multi-
+# ple lines. Message headers that are longer than
# $header_size_limit characters are truncated.
#
# disable_mime_input_processing
-# While receiving mail, give no special treatment to
-# MIME related message headers; all text after the
+# While receiving mail, give no special treatment to
+# MIME related message headers; all text after the
# initial message headers is considered to be part of
-# the message body. This means that header_checks is
-# applied to all the initial message headers, and
+# the message body. This means that header_checks is
+# applied to all the initial message headers, and
# that body_checks is applied to the remainder of the
# message.
#
-# Note: when used in this manner, body_checks will
-# process a multi-line message header one line at a
+# Note: when used in this manner, body_checks will
+# process a multi-line message header one line at a
# time.
#
# EXAMPLES
-# Header pattern to block attachments with bad file name
+# Header pattern to block attachments with bad file name
# extensions.
#
# /etc/postfix/main.cf:
# RFC 2047, message header encoding for non-ASCII text
#
# README FILES
-# Use "postconf readme_directory" or "postconf html_direc-
+# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
# DATABASE_README, Postfix lookup table overview
# CONTENT_INSPECTION_README, Postfix content inspection overview
# BACKSCATTER_README, blocking returned forged mail
#
# LICENSE
-# The Secure Mailer license must be distributed with this
+# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)
$html_directory/CDB_README.html:f:root:-:644
$html_directory/CONNECTION_CACHE_README.html:f:root:-:644
$html_directory/CONTENT_INSPECTION_README.html:f:root:-:644
-$html_directory/CYRUS_README.html:f:root:-:644
+$html_directory/CYRUS_README.html:f:root:-:644:o
$html_directory/DATABASE_README.html:f:root:-:644
$html_directory/DB_README.html:f:root:-:644
$html_directory/DEBUG_README.html:f:root:-:644
$html_directory/TLS_LEGACY_README.html:f:root:-:644
$html_directory/TLS_README.html:f:root:-:644
$html_directory/TUNING_README.html:f:root:-:644
-$html_directory/ULTRIX_README.html:f:root:-:644
+$html_directory/ULTRIX_README.html:f:root:-:644:o
$html_directory/UUCP_README.html:f:root:-:644
$html_directory/VERP_README.html:f:root:-:644
$html_directory/VIRTUAL_README.html:f:root:-:644
--- /dev/null
+See http://www.openspf.org/Software for the current version of the
+SPF policy daemon for Postfix.
+
+SPF support is also available via MILTER plugins, such as sid-milter
+at http://sourceforge.net/projects/sid-milter/ which implements both
+SenderID and SPF.
+++ /dev/null
-#!/usr/bin/perl
-
-# postfix-policyd-spf
-# http://www.openspf.org
-# version 1.07
-# $Id$
-
-use Fcntl;
-use Sys::Syslog qw(:DEFAULT setlogsock);
-use strict;
-
-# ----------------------------------------------------------
-# configuration
-# ----------------------------------------------------------
-
-# to use SPF, install Mail::SPF::Query from CPAN or from the SPF website at http://www.openspf.org/downloads.html
-
- my @HANDLERS;
- push @HANDLERS, "testing";
- push @HANDLERS, "sender_permitted_from"; use Mail::SPF::Query;
-
-my $VERBOSE = 0;
-
-my $DEFAULT_RESPONSE = "DUNNO";
-
-#
-# Syslogging options for verbose mode and for fatal errors.
-# NOTE: comment out the $syslog_socktype line if syslogging does not
-# work on your system.
-#
-
-my $syslog_socktype = 'unix'; # inet, unix, stream, console
-my $syslog_facility = "mail";
-my $syslog_options = "pid";
-my $syslog_priority = "info";
-my $syslog_ident = "postfix/policy-spf";
-
-# ----------------------------------------------------------
-# minimal documentation
-# ----------------------------------------------------------
-
-#
-# Usage: smtpd-policy.pl [-v]
-#
-# Demo delegated Postfix SMTPD policy server.
-# This server implements SPF.
-# Another server implements greylisting.
-# Postfix has a pluggable policy server architecture.
-# You can call one or both from Postfix.
-#
-# The SPF handler uses Mail::SPF::Query to do the heavy lifting.
-#
-# This documentation assumes you have read Postfix's README_FILES/SMTPD_POLICY_README
-#
-# Logging is sent to syslogd.
-#
-# How it works: each time a Postfix SMTP server process is started
-# it connects to the policy service socket, and Postfix runs one
-# instance of this PERL script. By default, a Postfix SMTP server
-# process terminates after 100 seconds of idle time, or after serving
-# 100 clients. Thus, the cost of starting this PERL script is smoothed
-# out over time.
-#
-# To run this from /etc/postfix/master.cf:
-#
-# policy unix - n n - - spawn
-# user=nobody argv=/usr/bin/perl /usr/libexec/postfix/smtpd-policy.pl
-#
-# To use this from Postfix SMTPD, use in /etc/postfix/main.cf:
-#
-# smtpd_recipient_restrictions =
-# ...
-# reject_unauth_destination
-# check_policy_service unix:private/policy
-# ...
-#
-# NOTE: specify check_policy_service AFTER reject_unauth_destination
-# or else your system can become an open relay.
-#
-# To test this script by hand, execute:
-#
-# % perl smtpd-policy.pl
-#
-# Each query is a bunch of attributes. Order does not matter, and
-# the demo script uses only a few of all the attributes shown below:
-#
-# request=smtpd_access_policy
-# protocol_state=RCPT
-# protocol_name=SMTP
-# helo_name=some.domain.tld
-# queue_id=8045F2AB23
-# sender=foo@bar.tld
-# recipient=bar@foo.tld
-# client_address=1.2.3.4
-# client_name=another.domain.tld
-# [empty line]
-#
-# The policy server script will answer in the same style, with an
-# attribute list followed by a empty line:
-#
-# action=dunno
-# [empty line]
-#
-
-# Jul 23 18:43:29 dumbo/dumbo policyd[21171]: Attribute: client_address=208.210.125.227
-# Jul 23 18:43:29 dumbo/dumbo policyd[21171]: Attribute: client_name=newbabe.mengwong.com
-# Jul 23 18:43:29 dumbo/dumbo policyd[21171]: Attribute: helo_name=newbabe.mengwong.com
-# Jul 23 18:43:29 dumbo/dumbo policyd[21171]: Attribute: protocol_name=ESMTP
-# Jul 23 18:43:29 dumbo/dumbo policyd[21171]: Attribute: protocol_state=RCPT
-# Jul 23 18:43:29 dumbo/dumbo policyd[21171]: Attribute: queue_id=
-# Jul 23 18:43:29 dumbo/dumbo policyd[21171]: Attribute: recipient=mengwong@dumbo.pobox.com
-# Jul 23 18:43:29 dumbo/dumbo policyd[21171]: Attribute: request=smtpd_access_policy
-# Jul 23 18:43:29 dumbo/dumbo policyd[21171]: Attribute: sender=mengwong@newbabe.mengwong.com
-
-# ----------------------------------------------------------
-# initialization
-# ----------------------------------------------------------
-
-#
-# Log an error and abort.
-#
-sub fatal_exit {
- syslog(err => "fatal_exit: @_");
- syslog(warning => "fatal_exit: @_");
- syslog(info => "fatal_exit: @_");
- die "fatal: @_";
-}
-
-#
-# Unbuffer standard output.
-#
-select((select(STDOUT), $| = 1)[0]);
-
-#
-# This process runs as a daemon, so it can't log to a terminal. Use
-# syslog so that people can actually see our messages.
-#
-setlogsock $syslog_socktype;
-openlog $syslog_ident, $syslog_options, $syslog_facility;
-
-# ----------------------------------------------------------
-# main
-# ----------------------------------------------------------
-
-#
-# Receive a bunch of attributes, evaluate the policy, send the result.
-#
-my %attr;
-while (<STDIN>) {
- chomp;
- if (/=/) { my ($k, $v) = split (/=/, $_, 2); $attr{$k} = $v; next }
- elsif (length) { syslog(warning => sprintf("warning: ignoring garbage: %.100s", $_)); next; }
-
- if ($VERBOSE) {
- for (sort keys %attr) {
- syslog(debug => "Attribute: %s=%s", $_, $attr{$_});
- }
- }
-
- fatal_exit ("unrecognized request type: '$attr{request}'") unless $attr{request} eq "smtpd_access_policy";
-
- my $action = $DEFAULT_RESPONSE;
- my %responses;
- foreach my $handler (@HANDLERS) {
- no strict 'refs';
- my $response = $handler->(attr=>\%attr);
- syslog(debug => "handler %s: %s", $handler, $response);
- if ($response and $response !~ /^dunno/i) {
- syslog(info => "handler %s: %s is decisive.", $handler, $response);
- $action = $response; last;
- }
- }
-
- syslog(info => "decided action=%s", $action);
-
- print STDOUT "action=$action\n\n";
- %attr = ();
-}
-
-# ----------------------------------------------------------
-# plugin: SPF
-# ----------------------------------------------------------
-sub sender_permitted_from {
- local %_ = @_;
- my %attr = %{ $_{attr} };
-
- my $query = eval { new Mail::SPF::Query (ip =>$attr{client_address},
- sender=>$attr{sender},
- helo =>$attr{helo_name}) };
- if ($@) {
- syslog(info => "%s: Mail::SPF::Query->new(%s, %s, %s) failed: %s",
- $attr{queue_id}, $attr{client_address}, $attr{sender}, $attr{helo_name}, $@);
- return "DUNNO";
- }
- my ($result, $smtp_comment, $header_comment) = $query->result();
-
- syslog(info => "%s: SPF %s: smtp_comment=%s, header_comment=%s",
- $attr{queue_id}, $result, $smtp_comment, $header_comment);
-
- if ($result eq "fail") { return "REJECT $smtp_comment"; }
- elsif ($result eq "error") { return "DEFER_IF_PERMIT $smtp_comment"; }
- else { return "PREPEND Received-SPF: $result ($header_comment)"; }
-}
-
-# ----------------------------------------------------------
-# plugin: testing
-# ----------------------------------------------------------
-sub testing {
- local %_ = @_;
- my %attr = %{ $_{attr} };
-
- if (lc address_stripped($attr{sender}) eq
- lc address_stripped($attr{recipient})
- and
- $attr{recipient} =~ /policyblock/) {
-
- syslog(info => "%s: testing: will block as requested", $attr{queue_id});
- return "REJECT smtpd-policy blocking $attr{recipient}";
- }
- else {
- syslog(info => "%s: testing: stripped sender=%s, stripped rcpt=%s",
- $attr{queue_id},
- address_stripped($attr{sender}),
- address_stripped($attr{recipient}),
- );
-
- }
- return "DUNNO";
-}
-
-sub address_stripped {
- # my $foo = localpart_lhs('foo+bar@baz.com'); # returns 'foo@baz.com'
- my $string = shift;
- for ($string) {
- s/[+-].*\@/\@/;
- }
- return $string;
-}
<li> <p> The list of domains that are a member of the class: for
example, all <a href="ADDRESS_CLASS_README.html#local_domain_class">local domains</a>, or all <a href="ADDRESS_CLASS_README.html#relay_domain_class">relay domains</a>. </p>
-<li> <p> The default delivery method. For example, the local or
-smtp delivery agent. This helps to keep Postfix configurations
+<li> <p> The default delivery transport. For example, the local or
+relay delivery transport (delivery transports are defined in
+<a href="master.5.html">master.cf</a>). This helps to keep Postfix configurations
simple. </p>
<li> <p> The list of valid recipient addresses for that address
<a href="ADDRESS_CLASS_README.html#local_domain_class">local domain</a> class. </p>
<li> <p> The mail delivery transport is specified with the
-<a href="postconf.5.html#local_transport">local_transport</a> parameter. The default value is <b>
local:$<a href="postconf.5.html#myhostname">myhostname</a></b>
+<a href="postconf.5.html#local_transport">local_transport</a> parameter. The default value is <b>
<a href="local.8.html">local</a>:$<a href="postconf.5.html#myhostname">myhostname</a></b>
for delivery with the <a href="local.8.html">local(8)</a> delivery agent. </p>
</ul>
unknown local recipients. See the <a href="LOCAL_RECIPIENT_README.html">LOCAL_RECIPIENT_README</a> file hints
and tips. </p>
-<li> <p> Introduction of the relay delivery transport in master.cf.
+<li> <p> Introduction of the relay delivery transport in <a href="master.5.html">master.cf</a>.
This helps to avoid mail delivery scheduling problems on inbound
mail relays when there is a lot of outbound mail, but may require
that you update your "<a href="postconf.5.html#defer_transports">defer_transports</a>" setting. </p>
<p> Recipient address verification is relatively straightforward
and there are no surprises. If a recipient probe fails, then Postfix
rejects mail for the recipient address. If a recipient probe
-succeeds, then Postfix accepts mail for the recipient address. </p>
+succeeds, then Postfix accepts mail for the recipient address.
+However, recipient address verification probes can increase the
+load on down-stream MTAs when you're being flooded by backscatter
+bounces, or when some spammer is mounting a dictionary attack. </p>
<p> By default, address verification results are not saved. To avoid
probing the same address repeatedly, you can store the result in a
the same performance improvement as with a shared connection cache,
non-shared connections need to be kept open for a longer time. </p>
+<p> The <a href="scache.8.html">scache(8)</a> server, introduced with Postfix version 2.2,
+maintains the shared connection cache. With Postfix version 2.2,
+only the <a href="smtp.8.html">smtp(8)</a> client has support to access this cache. </p>
+
<blockquote>
<table>
-<tr> <td> Internet <-- </td> <td align="center" bgcolor="#f0f0ff">
-<br> <a href="smtp.8.html">smtp(8)</a> <br> </td> <td> <tt> <-> </tt> </td> <td
-align="center" bgcolor="#f0f0ff"> <br> <a href="scache.8.html">scache(8)</a> <br> </td>
-<td> <tt> <-> </tt> </td> <td align="center" bgcolor="#f0f0ff">
-<br> <a href="smtp.8.html">smtp(8)</a> <br> </td> <td> --> Internet </td>
+<tr> <td align="center" colspan="3" bgcolor="#f0f0ff"> <br> <a href="smtp.8.html">smtp(8)</a>
+<br> </td> <td colspan="2"> --> Internet </td> </tr>
+
+<tr> <td align="center" rowspan="3"> </td> <td align="center"
+rowspan="3"><tt>|<br>|<br>|<br>|<br>|<br>|<br>v</tt></td>
+<td> </td> </tr>
+
+<tr> <td align="center"
+colspan="2" bgcolor="#f0f0ff"> <br> <a href="smtp.8.html">smtp(8)</a> <br> </td> <td
+align="left"> --> Internet </td> </tr>
+
+<tr> <td align="center"><tt>^<br>|</tt></td> <td> </td> </tr>
+
+<tr> <td align="center" colspan="3" bgcolor="#f0f0ff"> <br> <a href="scache.8.html">scache(8)</a>
+<br> </td> </tr>
</table>
</blockquote>
-<p> The <a href="scache.8.html">scache(8)</a> server, introduced with Postfix version 2.2,
-maintains the shared connection cache. With Postfix version 2.2,
-only the <a href="smtp.8.html">smtp(8)</a> client has support to access this cache. </p>
-
<p> When SMTP connection caching is enabled (see next section), the
<a href="smtp.8.html">smtp(8)</a> client does not disconnect after a mail transaction, but
gives the connection to the <a href="scache.8.html">scache(8)</a> server which keeps the
-connection open for a limited amount of time. </p>
+connection open for a limited amount of time. </p>
<p> After handing over the open connection to the <a href="scache.8.html">scache(8)</a> server,
the <a href="smtp.8.html">smtp(8)</a> client continues with some other mail delivery request.
<blockquote>
<pre>
-/etc/postfix/main.cf:
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a> = yes
</pre>
IP address), </p>
<li> <p> if mail is sent via a <a href="postconf.5.html#relayhost">relay host</a>: a <a href="postconf.5.html#relayhost">relay host</a> name (without
-the [] or non-default TCP port), as specified in main.cf or in the
+the [] or non-default TCP port), as specified in <a href="postconf.5.html">main.cf</a> or in the
transport map, </p>
<li> <p> a /file/name with domain names and/or <a href="postconf.5.html#relayhost">relay host</a> names as
<blockquote>
<pre>
-/etc/postfix/main.cf:
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> = $<a href="postconf.5.html#relayhost">relayhost</a>
<a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> = hotmail.com, ...
<a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> = static:all (<i>not recommended</i>)
+++ /dev/null
-<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
- "http://www.w3.org/TR/html4/loose.dtd">
-
-<html>
-
-<head>
-
-<title>Postfix Cyrus Howto</title>
-
-<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
-
-</head>
-
-<body>
-
-<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix Cyrus Howto</h1>
-
-<hr>
-
-<p> This document will be made available via <a href="http://www.postfix.org/">http://www.postfix.org/</a>. </p>
-
-</body>
-
-</html>
<li> You can use Berkeley DB files with fixed lookup strings for
simple address rewriting operations and you can use regular expression
-tables for the more complicated work.
+tables for the more complicated work. In other words, you don't
+have to put everything into the same table.
</ul>
<a href="postmap.1.html">postmap(1)</a> or <a href="postalias.1.html">postalias(1)</a> overwrite existing files. If the update
fails in the middle then you have no usable database, and Postfix
will stop working. This is not an issue with the CDB database type
-available with Postfix 2.2 and later, because <a href="CDB_README.html">CDB</a>
-database rebuilds are atomic. </p>
+available with Postfix 2.2 and later: <a href="CDB_README.html">CDB</a>
+creates a new file, and renames the file upon successful completion.
+</p>
<p> With multi-file databases such as DBM, there is no simple
solution. With Berkeley DB and other "one file" databases, it is
<h2><a name="no_db">Building Postfix on systems without Berkeley
DB</a></h2>
-<p> Many commercial UNIXes ship without Berkeley DB support. Examples
-are Solaris, HP-UX, IRIX, UNIXWARE. In order to build Postfix with
+<p> Some UNIXes ship without Berkeley DB support; for historical
+reasons these use DBM files instead. A problem with DBM files is
+that they can store only limited amounts of data. To build Postfix
+with
Berkeley DB support you need to download and install the source
-code from <a href="http://www.sleepycat.com/">http://www.sleepycat.com/</a> </p>
+code from <a href="http://www.oracle.com/database/berkeley-db/">http://www.oracle.com/database/berkeley-db/</a>. </p>
<p> Warning: some Linux system libraries use Berkeley DB, as do
some third-party libraries such as SASL. If you compile Postfix
with a different Berkeley DB implementation, then every Postfix
-program will dump core because either the system library, SASL
+program will dump core because either the system library, the SASL
library, or Postfix itself ends up using the wrong version. </p>
<p>The more recent Berkeley DB versions have a compile-time switch,
falling apart. </p>
<p> To build Postfix after you installed the Berkeley DB from
-<a href="http://www.sleepycat.com/">http://www.sleepycat.com/</a>, use something like: </p>
+source code, use something like: </p>
<blockquote>
<pre>
</pre>
</blockquote>
-<p> More information is available at <a href="http://www.sleepycat.com/">http://www.sleepycat.com/</a>. </p>
+<p> More information is available at
+<a href="http://www.oracle.com/database/berkeley-db/">http://www.oracle.com/database/berkeley-db/</a>. </p>
</body>
permissions, incorrect configuration file settings that you can
fix. Postfix cannot proceed until this is fixed. </p>
-<li> <p> "<b>error</b>" reports a fatal or non-fatal error condition.
-Postfix cannot proceed until this is fixed. </p>
+<li> <p> "<b>error</b>" reports an error condition. For safety
+reasons, a Postfix process will terminate when more than 13 of these
+happen. </p>
<li> <p> "<b>warning</b>" indicates a non-fatal error. These are
problems that you may not be able to fix (such as a broken DNS
</ul>
<p> These reports contain information that is generated by Postfix
-delivery agents. Since these run as daemon processes and do not
+delivery agents. Since these run as daemon processes that cannot
interact with users directly, the result is sent as mail to the
sender of the test message. The format of these reports is practically
identical to that of ordinary non-delivery notifications. </p>
<h2><a name="sniffer">Record the SMTP session with a network sniffer</a></h2>
<p> This example uses <b>tcpdump</b>. In order to record a conversation
-you need to specify a large enough buffer with the "-s" option or
-else you will miss some or all of the packet payload. </p>
+you need to specify a large enough buffer with the "<b>-s</b>"
+option or else you will miss some or all of the packet payload.
+</p>
<blockquote>
<pre>
-# <b>tcpdump -w /file/name -s 2000 host example.com and port 25</b>
+# <b>tcpdump -w /file/name -s 0 host example.com and port 25</b>
</pre>
</blockquote>
+<p> Older tcpdump versions don't support "<b>-s 0</b>"; in that case,
+use "<b>-s 2000</b>" instead. </p>
+
<p> Run this for a while, stop with Ctrl-C when done. To view the
-data use a binary viewer, or <b>ethereal</b>, or use my <b>tcpdumpx</b>
-utility that is available from <a href="ftp://ftp.porcupine.org/pub/debugging/">ftp://ftp.porcupine.org/pub/debugging/</a>.
+data use a binary viewer, <b>ethereal</b>, or good old <b>less</b>.
</p>
<h2><a name="verbose">Making Postfix daemon programs more verbose</a></h2>
<p> Append one or more "<b>-v</b>" options to selected daemon
definitions in /etc/postfix/<a href="master.5.html">master.cf</a> and type "<b>postfix reload</b>".
This will cause a lot of activity to be logged to the syslog daemon.
-Example: </p>
+For example, to make the Postfix SMTP server process more verbose: </p>
<blockquote>
<pre>
</pre>
</blockquote>
-<p> This makes the Postfix SMTP server more verbose. To diagnose
-problems with address rewriting one would specify a "<b>-v</b>"
+<p> To diagnose problems with address rewriting specify a "<b>-v</b>"
option for the <a href="cleanup.8.html">cleanup(8)</a> and/or <a href="trivial-rewrite.8.html">trivial-rewrite(8)</a> daemon, and to
-diagnose problems with mail delivery one would specify a "<b>-v</b>"
+diagnose problems with mail delivery specify a "<b>-v</b>"
option for the <a href="qmgr.8.html">qmgr(8)</a> or <a href="qmgr.8.html">oqmgr(8)</a> queue manager, or for the <a href="lmtp.8.html">lmtp(8)</a>,
<a href="local.8.html">local(8)</a>, <a href="pipe.8.html">pipe(8)</a>, <a href="smtp.8.html">smtp(8)</a>, or <a href="virtual.8.html">virtual(8)</a> delivery agent. </p>
<li> <p> Postfix logging. See the text at the top of the <a href="DEBUG_README.html">DEBUG_README</a>
document to find out where logging is stored. Please do not frustrate
-the helpers by word wrapping the logging. </p>
+the helpers by word wrapping the logging. If the logging is more
+than a few kbytes of text, consider posting an URL on a web or ftp
+site. </p>
<li> <p> Consider using a test email address so that you don't have
to reveal email addresses or passwords of innocent people. </p>
<li> <p> If you can't use a test email address, please anonymize
-information consistently. Replace each letter by "A", each digit
+email addresses and host names consistently. Replace each letter
+by "A", each digit
by "D" so that the helpers can still recognize syntactical errors.
</p>
<li> <p> Output from "<b>postconf -n</b>". Please do not send your
-<a href="postconf.5.html">main.cf</a> file or 400+ lines of <b>postconf</b> output. </p>
+<a href="postconf.5.html">main.cf</a> file, or 500+ lines of <b>postconf</b> output. </p>
-<li> <p> Better, provide output from the <b>postfinger</b> tool.
+<li> <p> Better, provide output from the <b>postfinger</b> tool.
This can be found at <a href="http://ftp.wl0.org/SOURCES/postfinger">http://ftp.wl0.org/SOURCES/postfinger</a>. </p>
<li> <p> If the problem is SASL related, consider including the
including output from the <b>qshape</b> tool, as described in the
<a href="QSHAPE_README.html">QSHAPE_README</a> file. </p>
-<li> <p> If the problem is protocol related (connections time out
+<li> <p> If the problem is protocol related (connections time out,
or an SMTP server complains about syntax errors etc.) consider
recording a session with <b>tcpdump</b>, as described in the <a
href="#sniffer">DEBUG_README</a> document. </ul>
</ul>
<p> The implementation of DSN support involves extra parameters to
-the SMTP MAIL FROM and RCPT TO commands, as well as new Postfix
+the SMTP MAIL FROM and RCPT TO commands, as well as two Postfix
sendmail command line options that provide a sub-set of the functions
of the extra SMTP command parameters. </p>
not delivered via the connection that was used for sending ETRN.
</p>
-<p> Postfix versions before 1.0 (also known as version 20010228)
-implemented the ETRN command in an inefficient manner: they simply
-attempted to deliver all queued mail. This is slow on mail servers
-that queue mail for many customers. </p>
-
<p> As of version 1.0, Postfix has a fast ETRN implementation that
does not require Postfix to examine every queue file. Instead,
Postfix maintains a record of what queue files contain mail for
<blockquote>
<pre>
220 my.server.tld ESMTP Postfix
-<b>helo my.client.tld</b>
+<b>HELO my.client.tld</b>
250 Ok
-<b>etrn some.customer.domain</b>
+<b>ETRN some.customer.domain</b>
250 Queuing started
-<b>quit</b>
+<b>QUIT</b>
221 Bye
</pre>
</blockquote>
<p> The Postfix operator can request delivery for a specific customer
by using the command "sendmail -qR<i>destination</i>" and, with
Postfix version 1.1 and later, "postqueue -s<i>destination</i>".
+Access to this feature is controlled with the <a href="postconf.5.html#authorized_flush_users">authorized_flush_users</a>
+configuration parameter (Postfix version 2.2 and later).
</p>
<h2><a name="how">How Postfix fast ETRN works</a></h2>
with queue file names. When a request to "deliver mail now" arrives,
Postfix will attempt to deliver all recipients in the queue files
that have mail for the destination in question. This does not
-perform well when queue files have recipients in many different
-domains. </p>
+perform well with queue files that have recipients in many different
+domains, such as queue files with outbound mailing list traffic.
+</p>
<li> <p> The <a href="flush.8.html">flush(8)</a> daemon maintains per-destination logfiles
only for destinations listed with $<a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a>. With other
-destinations it not possible to trigger delivery with "sendmail
+destinations you cannot request delivery with "sendmail
-qR<i>destination</i>" or, with Postfix version 1.1 and later,
"postqueue -s<i>destination</i>". </p>
the list of message delivery transports specified with the
<a href="postconf.5.html#defer_transports">defer_transports</a> configuration parameter. </p>
+<li> <p> Up to and including Postfix version 2.3, the "fast flush"
+service may not deliver some messages if the request to "deliver
+mail now" arrives while an <a href="QSHAPE_README.html#incoming_queue">incoming queue</a> scan is already in progress.
+</p>
+
</ul>
<h2><a name="config">Configuring the Postfix fast ETRN service</a></h2>
<p> The behavior of the <a href="flush.8.html">flush(8)</a> daemon is controlled by parameters
-in the main.cf configuration file. </p>
+in the <a href="postconf.5.html">main.cf</a> configuration file. </p>
<p> By default, Postfix "fast ETRN" service is available only for
destinations that Postfix is willing to relay mail to: </p>
<blockquote>
<pre>
-/etc/postfix/main.cf:
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a> = $<a href="postconf.5.html#relay_domains">relay_domains</a>
<a href="postconf.5.html#smtpd_etrn_restrictions">smtpd_etrn_restrictions</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, reject
</pre>
<blockquote>
<pre>
-/etc/postfix/main.cf:
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a> = $<a href="postconf.5.html#relay_domains">relay_domains</a>, some.other.domain
</pre>
</blockquote>
<blockquote>
<pre>
-/etc/postfix/main.cf:
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a> =
</pre>
</blockquote>
<blockquote>
<pre>
- 1 /etc/postfix/master.cf:
+ 1 /etc/postfix/<a href="master.5.html">master.cf</a>:
2 # =============================================================
3 # service type private unpriv chroot wakeup maxproc command
4 # (yes) (yes) (yes) (never) (100)
7 relay unix - - n - - smtp
8 etrn-only unix - - n - - smtp
9
-10 /etc/postfix/main.cf:
+10 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
11 <a href="postconf.5.html#relay_domains">relay_domains</a> = customer.tld ...other domains...
12 <a href="postconf.5.html#defer_transports">defer_transports</a> = etrn-only
13 <a href="postconf.5.html#transport_maps">transport_maps</a> = hash:/etc/postfix/transport
<blockquote>
<pre>
220 my.server.tld ESMTP Postfix
-<b>helo my.client.tld</b>
+<b>HELO my.client.tld</b>
250 Ok
-<b>etrn some.customer.domain</b>
+<b>ETRN some.customer.domain</b>
250 Queuing started
</pre>
</blockquote>
<blockquote>
<pre>
220 my.server.tld ESMTP Postfix
-<b>helo my.client.tld</b>
+<b>HELO my.client.tld</b>
250 Ok
-<b>etrn some.other.customer.domain</b>
+<b>ETRN some.other.customer.domain</b>
250 Queuing started
</pre>
</blockquote>
<blockquote>
<pre>
220 my.server.tld ESMTP Postfix
-<b>helo my.client.tld</b>
+<b>HELO my.client.tld</b>
250 Ok
-<b>etrn not.a.customer.domain</b>
+<b>ETRN not.a.customer.domain</b>
459 <not.a.customer.domain>: service unavailable
</pre>
</blockquote>
be covered by a later version of this document. </p>
<p> The after-queue content filter is not to be confused with the
-approach that is described in the <a href="SMTPD_PROXY_README.html">SMTPD_PROXY_README</a> document,
+approaches described in the <a href="SMTPD_PROXY_README.html">SMTPD_PROXY_README</a> or <a href="MILTER_README.html">MILTER_README</a>
+documents,
where incoming SMTP mail is filtered BEFORE it is stored into the
Postfix queue. </p>
<h2><a name="principles">Principles of operation</a> </h2>
-<p> An external content filter receives unfiltered mail from Postfix
-(as described further below) and does one of the following: </p>
+<p> An after-queue content filter receives unfiltered mail from Postfix
+(as described further below) and can do one of the following: </p>
<ol>
<li> <p> Re-inject the mail back into Postfix, perhaps after changing
content and/or destination. </p>
+<li> <p> Discard or quarantine the mail. </p>
+
<li> <p> Reject the mail (by sending a suitable status code back to
- Postfix). Postfix will return the mail to the sender. </p>
+ Postfix). Postfix will send the mail back to the sender address. </p>
</ol>
<h2><a name="simple_filter">Simple content filter example</a></h2>
-<p> The first example is simple to set up. Postfix receives
+<p> The first example is simple to set up, but has major limitations
+that will be addressed in a second example. Postfix receives
unfiltered mail from the network with the <a href="smtpd.8.html">smtpd(8)</a> server, and
delivers unfiltered mail to a content filter with the Postfix
<a href="pipe.8.html">pipe(8)</a> delivery agent. The content filter injects filtered mail
<ul>
-<li> <p> Line 8: The -G option does nothing before Postfix 2.3,
-otherwise it disables address rewriting of message headers. </p>
+<li> <p> Line 8: The -G option says the filter output is not a local
+mail submission: don't do silly things like appending the local
+domain name to addresses in message headers. This option does
+nothing before Postfix version 2.3. </p>
<li> <p> Line 8: The -i option says don't stop reading input when
a line contains "." only. </p>
<li> <p> Line 8: NEVER NEVER NEVER use the "-t" command-line option
-here. It will mis-deliver mail, like sending mailing list mail back
-to the mailing list. </p>
+here. It will mis-deliver mail, like sending messages from a mailing
+list back to the mailing list. </p>
<li> <p> Line 21: The idea is to first capture the message to
file and then run the content through a third-party content filter
program. </p>
-<li> <p> Line 22: If the mail cannot be captured to file, mail
+<li> <p> Line 22: If the message cannot be captured to file, mail
delivery is deferred by terminating with exit status 75 (EX_TEMPFAIL).
Postfix places the message in the deferred mail queue and tries
again later. </p>
<li> <p> Line 26: If the content filter program finds a problem,
the mail is bounced by terminating with exit status 69 (EX_UNAVAILABLE).
-Postfix will return the message to the sender as undeliverable.
+Postfix will send the message back to the sender as undeliverable
+mail.
</p>
-<li> <p> Note: in this time of mail worms and spam, it is a BAD
+<li> <p> NOTE: in this time of mail worms and spam, it is a BAD
IDEA to send known viruses or spam back to the sender, because that
-address is likely to be forged. It is safer to discard known to be
-bad content and to quarantine suspicious content so that it can
+address is likely to be forged. It is safer to discard known viruses
+and to quarantine suspicious content so that it can
be inspected by a human being. </p>
<li> <p> Line 28: If the content is OK, it is given as input to
<blockquote>
<pre>
-% /path/to/script -f sender recipient... <message-file
+% /path/to/script -f sender -- recipient... <message-file
</pre>
</blockquote>
-o <a href="postconf.5.html#content_filter">content_filter</a>=filter:dummy
</pre>
-<p> The "<a href="postconf.5.html#content_filter">content_filter</a>" line causes Postfix to add one content
+<p> The "
-o <a href="postconf.5.html#content_filter">content_filter</a>" line causes Postfix to add one content
filter request record to each incoming mail message, with content
"filter:dummy". This record overrides the normal mail routing
and causes mail to be given to the content filter instead. </p>
Postfix SMTP server. </p>
<li> <p> Execute "<b>postsuper -r ALL</b>" to remove content
-filter information from existing queue files. </p>
+filter request records from existing queue files. </p>
<li> <p> Execute another "<b>postfix reload</b>". </p>
<p> The example given here filters all mail, including mail that
arrives via SMTP and mail that is locally submitted via the Postfix
-sendmail command. See examples near the end of this document for
+sendmail command (local submissions enter Postfix via the <a href="pickup.8.html">pickup(8)</a>
+server; to keep the figure simple we omit local submission details).
+See examples near the end of this document for
how to exclude local users from filtering, or how to configure a
destination dependent content filter. </p>
<li> <p> The "-o <a href="postconf.5.html#disable_mime_output_conversion">disable_mime_output_conversion</a>=yes" is a workaround
that prevents the breaking of domainkeys and other digital signatures.
This is needed because some SMTP-based content filters don't announce
-8BITMIME support, even though they can handle it just fine. </p>
+8BITMIME support, even though they can handle 8-bit mail. </p>
<li> <p> The "-o <a href="postconf.5.html#smtp_generic_maps">smtp_generic_maps</a>=" is a workaround that prevents
local address rewriting with <a href="generic.5.html">generic(5)</a> maps. Such rewriting should
dangerous mail content - that is why it should be a separate account.
</p>
+<li> <p> By default, Postfix will terminate a command that runs
+longer than <a href="postconf.5.html#command_time_limit">command_time_limit</a> seconds (default: 1000s). This is a
+safety measure that prevents filters from running forever. </p>
+
</ul>
<p> If you want to have your filter listening on port localhost:10025
<ul>
-<li> <p> Note: do not use spaces around the "=" or "," characters. </p>
+<li> <p> NOTE: do not use spaces around the "=" or "," characters. </p>
-<li> <p> Note: the SMTP server must not have a smaller process
+<li> <p> NOTE: the SMTP server must not have a smaller process
limit than the "filter" <a href="master.5.html">master.cf</a> entry. </p>
<li> <p> The "-o <a href="postconf.5.html#content_filter">content_filter</a>=" overrides <a href="postconf.5.html">main.cf</a> settings, and
requests no content filtering for mail from the content filter.
-This is required or else mail will stay in the content filtering
-loop. </p>
+This is required or else mail will loop. </p>
<li> <p> The "-o <a href="postconf.5.html#receive_override_options">receive_override_options</a>" overrides <a href="postconf.5.html">main.cf</a> settings
to avoid duplicating work that was already done before the content
<li> <p> We specify "<a href="postconf.5.html#no_milters">no_milters</a>" to disable Milter applications
(this option is available only in Postfix 2.3 and later). </p>
- <li> <p> We don't specify "no_address_mapping" here. This
+ <li> <p> We don't specify "<a href="postconf.5.html#no_address_mappings">no_address_mappings</a>" here. This
enables virtual alias expansion, canonical mappings, address
masquerading, and other address mappings after the content
filter. The <a href="postconf.5.html">main.cf</a> setting of "<a href="postconf.5.html#receive_override_options">receive_override_options</a>"
</blockquote>
<li> <p> Execute "<b>postsuper -r ALL</b>" to remove content
-filter information from existing queue files. </p>
+filter request records from existing queue files. </p>
<li> <p> Execute another "<b>postfix reload</b>". </p>
</blockquote>
<p> Note: if the desired member object result attribute is always also
-present in the group, you get suprising results, the expansion also
+present in the group, you get surprising results, the expansion also
returns the address of the group. This is a known limitation of Postfix
releases prior to 2.4, and is addressed in the new with Postfix 2.4
"leaf_result_attribute" feature described in <a href="ldap_table.5.html">ldap_table(5)</a>. </p>
<p> The reason for adding Milter support to Postfix is that there
exists a large collection of applications, not only to block unwanted
mail, but also to verify authenticity (examples: <a
+href="http://sourceforge.net/projects/dkim-milter/">Domain keys
+identified mail</a>, <a
href="http://sourceforge.net/projects/sid-milter/">SenderID+SPF</a> and
<a href="http://sourceforge.net/projects/dk-milter/">Domain keys</a>)
-or to digitally sign mail (example: <a
+or to digitally sign mail (examples: <a
+href="http://sourceforge.net/projects/dkim-milter/">Domain keys
+identified mail</a>, <a
href="http://sourceforge.net/projects/dk-milter/">Domain keys</a>).
Having yet another Postfix-specific version of all that software
is a poor use of human and system resources. </p>
<p> On some Linux and *BSD distributions, the Sendmail libmilter
library is installed by default. With this, applications such as
-<a href="http://sourceforge.net/projects/dk-milter/">dk-milter</a>
+<a href="http://sourceforge.net/projects/dkim-milter/">dkim-milter</a>
and <a href="http://sourceforge.net/projects/sid-milter/">sid-milter</a>
build out of the box without requiring any tinkering:</p>
<blockquote>
<pre>
-$ <b>gzcat dk-milter-<i>x.y.z</i>.tar.gz | tar xf -</b>
-$ <b>cd dk-milter-<i>x.y.z</i></b>
+$ <b>gzcat dkim-milter-<i>x.y.z</i>.tar.gz | tar xf -</b>
+$ <b>cd dkim-milter-<i>x.y.z</i></b>
$ <b>make</b>
[...<i>lots of output omitted</i>...]
</pre>
<blockquote>
<pre>
-# <b>/some/where/dk-filter -u <i>userid</i> -p inet:<i>portnumber</i>@localhost ...<i>other options</i>...</b>
+# <b>/some/where/dkim-filter -u <i>userid</i> -p inet:<i>portnumber</i>@localhost ...<i>other options</i>...</b>
</pre>
</blockquote>
</pre>
</blockquote>
-<p> This happens because some Milter applications expect that the
+<p> This happens because those Milter applications expect that the
queue ID is known <i>before</i> the MTA accepts the MAIL FROM
(sender) command. Postfix, on the other hand, does not choose a
queue file name until <i>after</i> it accepts the first valid RCPT
-TO (recipient) command. Postfix queue file names must be unique
+TO (recipient) command (Postfix queue file names must be unique
across multiple directories, so the name can't be chosen before the
-file is created. If multiple messages were to use the same queue
-ID <i>simultaneously</i>, mail would be lost. </p>
+file is created; if multiple messages were to use the same queue
+ID <i>simultaneously</i>, mail would be lost). </p>
-<p> To work around the ugly message header from Milter applications,
-we add a little code to the Milter source to look up the queue ID
-after Postfix receives the end of the message. </p>
+</ul>
+
+<p> Fixing the ugly header maybe as simple as upgrading to a recent
+version of the Milter application. For example, current versions
+of dkim-filter and dk-filter have code that looks up the Postfix
+queue ID at a later protocol stage. </p>
+
+<p> To fix the ugly message header with sid-filter applications,
+we change the source code, so that it does the queue ID lookup after
+Postfix receives the end of the message. </p>
<ul>
-<li> <p> Edit the filter source file (typically named
-<tt>dk-filter/dk-filter.c</tt> or similar). </p>
+<li> <p> Edit the filter source file (named
+<tt>sid-filter/sid-filter.c</tt>). </p>
+
+<li> <p> Look up the <tt>smfilter</tt> table and replace
+<tt>mlfi_eoh</tt> by <tt>NULL</tt>.
+</p>
<li> <p> Look up the <tt>mlfi_eom()</tt> function and add code near
-the top shown as <b>bold</b> text below: </p>
+the top that calls <tt>mlfi_eoh()</tt> as shown by the <b>bold</b>
+text below: </p>
</ul>
<blockquote>
<pre>
-dfc = cc->cctx_msg;
-assert(dfc != NULL);
+ assert(ctx != NULL);
+#endif /* !DEBUG */
<b>
-/* Determine the job ID for logging. */
-if (dfc->mctx_jobid == 0 || strcmp(dfc->mctx_jobid, JOBIDUNKNOWN) == 0) {
- char *jobid = smfi_getsymval(ctx, "i");
- if (jobid != 0)
- dfc->mctx_jobid = jobid;
-}</b>
-
-/* get hostname; used in the X header and in new MIME boundaries */
+ ret = mlfi_eoh(ctx);
+ if (ret != SMFIS_CONTINUE)
+ return ret;</b>
</pre>
</blockquote>
<ul>
-<li> <p> Different mail filters use slightly different names for
-variables. If the above code does not compile, look for the code
-at the start of the <tt>mlfi_eoh()</tt> routine. </p>
+<li> <p> This was tested with sid-milter-0.2.10 and sid-milter-0.2.14. </p>
<li> <p> This fixes only the ugly message header, but not the WARNING
-message. Fortunately, dk-filter logs that message only once. </p>
+message. Fortunately, sid-milter logs that message only once. </p>
</ul>
-<p> With some Milter applications we can fix both the WARNING and
-the "unknown-msgid" by postponing the call of <tt>mlfi_eoh()</tt>
-(or whatever routine logs the WARNING) until the end of the message.
-</p>
+<p> To fix the ugly message header with other Milter applications,
+you will need to do something like this: </p>
<ul>
<li> <p> Edit the filter source file (typically named
-<tt>sid-filter/sid-filter.c</tt> or similar). </p>
-
-<li> <p> Look up the <tt>smfilter</tt> table and replace
-<tt>mlfi_eoh</tt> (or whatever routine logs the WARNING) by NULL.
-</p>
+<tt>xxx-filter/xxx-filter.c</tt> or similar). </p>
<li> <p> Look up the <tt>mlfi_eom()</tt> function and add code near
-the top that calls <tt>mlfi_eoh()</tt> as shown by the <b>bold</b>
-text below: </p>
+the top shown as <b>bold</b> text below: </p>
</ul>
<blockquote>
<pre>
- assert(ctx != NULL);
-#endif /* !DEBUG */
+dfc = cc->cctx_msg;
+assert(dfc != NULL);
<b>
- ret = mlfi_eoh(ctx);
- if (ret != SMFIS_CONTINUE)
- return ret;</b>
+/* Determine the job ID for logging. */
+if (dfc->mctx_jobid == 0 || strcmp(dfc->mctx_jobid, JOBIDUNKNOWN) == 0) {
+ char *jobid = smfi_getsymval(ctx, "i");
+ if (jobid != 0)
+ dfc->mctx_jobid = jobid;
+}</b>
+
+/* get hostname; used in the X header and in new MIME boundaries */
</pre>
</blockquote>
-<p> This works with sid-milter-0.2.10. Other Milter applications
-will dump core when you do this. </p>
+<p> NOTES: </p>
+
+<ul>
+
+<li> <p> Different mail filters use slightly different names for
+variables. If the above code does not compile, look for the code
+at the start of the <tt>mlfi_eoh()</tt> routine. </p>
+
+<li> <p> This fixes only the ugly message header, but not the WARNING
+message. Fortunately, many Milters log that message only once. </p>
</ul>
<h2>General distributions: please provide a small default main.cf
file</h2>
-<p> The installed main.cf file must be small. PLEASE resist the
-temptation to list all 400+ parameters in the main.cf file. Postfix
-is supposed to be easy to configure. Listing all 400+ in main.cf
+<p> The installed <a href="postconf.5.html">main.cf</a> file must be small. PLEASE resist the
+temptation to list all parameters in the <a href="postconf.5.html">main.cf</a> file. Postfix
+is supposed to be easy to configure. Listing all parameters in <a href="postconf.5.html">main.cf</a>
defeats the purpose. It is an invitation for hobbyists to make
random changes without understanding what they do, and gets them
into endless trouble. </p>
<p> You will be prompted for installation parameters. Specify an
install_root directory other than /. The <a href="postconf.5.html#mail_owner">mail_owner</a> and <a href="postconf.5.html#setgid_group">setgid_group</a>
-installation parameter settings will be recorded in the main.cf
+installation parameter settings will be recorded in the <a href="postconf.5.html">main.cf</a>
file, but they won't take effect until the package is unpacked and
installed on the destination machine. </p>
These attributes are empty in case of no certificate authentication.
As of Postfix 2.2.11 these attribute values are encoded as
xtext: some characters are represented by +XX, where XX is the
- two-digit hecadecimal representation of the character value.
+ two-digit hexadecimal representation of the character value.
</p>
<li> <p> The "encryption_*" attributes (Postfix 2.3 and later)
<h2><a name="conn_limit">Measures against clients that make too many connections</a></h2>
-<p> Note: the <a href="anvil.8.html">anvil(8)</a> service was introduced with Postfix version
-2.2. </p>
+<p> Note: these features use the Postfix <a href="anvil.8.html">anvil(8)</a> service, introduced
+with Postfix version 2.2. </p>
<p> The Postfix <a href="smtpd.8.html">smtpd(8)</a> server can limit the number of simultaneous
connections from the same SMTP client, as well as the number of
These statistics are maintained by the <a href="anvil.8.html">anvil(8)</a> server (translation:
if <a href="anvil.8.html">anvil(8)</a> breaks, then connection limits stop working). </p>
-<p> IMPORTANT: These limits are designed to protect the <a href="smtpd.8.html">smtpd(8)</a> server
-against flagrant abuse. Do not use these limits to regulate legitimate
-traffic: mail will suffer grotesque delays if you do so. </p>
+<p> IMPORTANT: These limits must not be used to regulate legitimate
+traffic: mail will suffer grotesque delays if you do so. The limits
+are designed to protect the <a href="smtpd.8.html">smtpd(8)</a> server against abuse by
+out-of-control clients. </p>
-<ul>
+<blockquote>
-<li> <p> An SMTP client may make up to $<a href="postconf.5.html#smtpd_client_connection_count_limit">smtpd_client_connection_count_limit</a>
-simultaneous connections (default: 50). This is half the default
-process limit. </p>
+<dl>
-<li> <p> An SMTP client may make up to $<a href="postconf.5.html#smtpd_client_message_rate_limit">smtpd_client_message_rate_limit</a>
-message delivery requests per unit time (default: no limit). </p>
+<dt> <a href="postconf.5.html#smtpd_client_connection_count_limit">smtpd_client_connection_count_limit</a> (default: 50) </dt> <dd>
+The maximum number of connections than an SMTP client may make
+simultaneously. </dd>
-<li> <p> An SMTP client may send up to $<a href="postconf.5.html#smtpd_client_recipient_rate_limit">smtpd_client_recipient_rate_limit</a>
-recipient addresses per unit time (default: no limit). </p>
+<dt> <a href="postconf.5.html#smtpd_client_connection_rate_limit">smtpd_client_connection_rate_limit</a> (default: no limit) </dt>
+<dd> The maximum number of connections that an SMTP client may make
+in the time interval specified with <a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a> (default:
+60s). </dd>
-<li> <p> An SMTP client may make up to $<a href="postconf.5.html#smtpd_client_connection_rate_limit">smtpd_client_connection_rate_limit</a>
-connections per unit time (default: no limit). </p>
+<dt> <a href="postconf.5.html#smtpd_client_message_rate_limit">smtpd_client_message_rate_limit</a> (default: no limit) </dt> <dd>
+The maximum number of message delivery requests that an SMTP client
+may make in the time interval specified with <a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a>
+(default: 60s). </dd>
-<li> <p> These limits are not applied to SMTP clients in the networks
-specified with $<a href="postconf.5.html#smtpd_client_event_limit_exceptions">smtpd_client_event_limit_exceptions</a> (default:
-clients in $<a href="postconf.5.html#mynetworks">mynetworks</a> may make an unlimited number of connections).
+<dt> <a href="postconf.5.html#smtpd_client_recipient_rate_limit">smtpd_client_recipient_rate_limit</a> (default: no limit) </dt>
+<dd> The maximum number of recipient addresses that an SMTP client
+may specify in the time interval specified with <a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a>
+(default: 60s). </dd>
-<li> <p> The <a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a> parameter specifies the time
-unit over which client connection rates are computed (default:
-60s).
+<dt> <a href="postconf.5.html#smtpd_client_new_tls_session_rate_limit">smtpd_client_new_tls_session_rate_limit</a> (default: no limit)
+</dt> <dd> The maximum number of new TLS sessions (without using
+the TLS session cache) that an SMTP client may negotiate in the
+time interval specified with <a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a> (default: 60s).
+</dd>
-</ul>
+<dt> <a href="postconf.5.html#smtpd_client_event_limit_exceptions">smtpd_client_event_limit_exceptions</a> (default: $<a href="postconf.5.html#mynetworks">mynetworks</a>)
+</dt> <dd> SMTP clients that are excluded from connection and rate
+limits specified above. </dd>
+
+</dl>
+
+</blockquote>
<h2><a name="mailing_tips">General mail delivery performance tips</a></h2>
to the same recipient: if the recipient has an expensive shell
command in her .forward file, or if the recipient is a mailing list
manager, you don't want to run too many instances of those processes
-the same time. </p>
+at the same time. </p>
<li> <p> The default <a href="postconf.5.html#smtp_destination_concurrency_limit">smtp_destination_concurrency_limit</a> of 20 seems
enough to noticeably load a system without bringing it to its knees.
<dl>
-<dt> <a href="postconf.5.html#queue_run_delay">queue_run_delay</a> (default: 1000 seconds) </dt> <dd> How often
+<dt> <a href="postconf.5.html#queue_run_delay">queue_run_delay</a> (default: 300 seconds; before Postfix 2.4:
+1000s) </dt> <dd> How often
the queue manager scans the queue for deferred mail. </dd>
-<dt> <a href="postconf.5.html#minimal_backoff_time">minimal_backoff_time</a> (default: 1000 seconds) </dt> <dd> The
+<dt> <a href="postconf.5.html#minimal_backoff_time">minimal_backoff_time</a> (default: 300 seconds; before Postfix
+2.4: 1000s) </dt> <dd> The
minimal amount of time a message won't be looked at, and the minimal
amount of time to stay away from a "dead" destination. </dd>
always better than increasing the frequency of delivery attempts.
However, if you can control only the delivery attempt frequency,
consider using a dedicated <a href="postconf.5.html#fallback_relay">fallback_relay</a> "graveyard" machine for
-bad destinations so that they do not ruin the performance of normal
+bad destinations, so that these destinations do not ruin the
+performance of normal
mail deliveries. </p>
<h2><a name="proc_limit">Tuning the number of Postfix processes</a></h2>
<ul>
+<li> <p> Depending on your Postfix and operating system versions
+you may need to recompile Postfix if you need more than 1024 file
+descriptors per process: </p>
+
+<ul> <li> <p> No recompilation is needed for Postfix version 2.4
+and later, when it was compiled for systems that support BSD kqueue(2)
+(FreeBSD 4.1, NetBSD 2.0, OpenBSD 2.9), Solaris 8 /dev/poll, or
+Linux 2.6 epoll(4). </p>
+
+<li> <p> Otherwise, Postfix needs to be recompiled to override the
+default FD_SETSIZE value. </p>
+
+</ul>
+
<li> <p> Reduce the number of processes as described under "<a
href="#proc_limit">Tuning the number of Postfix processes</a>" above.
Fewer processes need fewer open files and sockets. </p>
<ul>
<li> <p> Some FreeBSD kernel parameters can be specified in
-/boot/loader.conf, and some can be changed with sysctl commands.
+/boot/loader.conf, and some can be specified in /etc/sysctl.conf
+or changed with sysctl commands.
Which is which depends on the version.
</p>
</pre>
<li> <p> Linux kernel parameters can be specified in /etc/sysctl.conf
-and can also be changed with sysctl commands: </p>
+or changed with sysctl commands: </p>
<pre>
fs.file-max=16384
<li> <p> Solaris kernel parameters can be specified in /etc/system,
as described in the <a
-href="http://www.science.uva.nl/pub/solaris/solaris2.html#q3.46">Solaris
+href="http://www.science.uva.nl/pub/solaris/solaris2.html#q3.48">Solaris
FAQ</a> entry titled "How can I increase the number of file
descriptors per process?" </p>
+++ /dev/null
-<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
- "http://www.w3.org/TR/html4/loose.dtd">
-
-<html>
-
-<head>
-
-<title>Postfix and Ultrix </title>
-
-<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
-
-</head>
-
-<body>
-
-<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix and Ultrix </h1>
-
-<hr>
-
-<h2> Postfix on Ultrix </h2>
-
-<p> This document is probably only of historical value, because
-Ultrix version 4 dates from the early 1990s. However, as long as
-Wietse keeps Postfix alive for SunOS 4, it is likely to run on
-Ultrix 4 with very little change. Feedback is welcome if anyone
-actually still uses Postfix on any version of Ultrix. </p>
-
-<p> The source of this document is an email message by Christian von Roques
-that was sent on Jun 2, 1999. </p>
-
-<blockquote>
-
-<p> I've upgraded the MTA of our DECstation-3100 running Ultrix4.3a to
-postfix-19990317-pl05 and am sending you the patches I needed to get
-it running under Ultrix. </p>
-
-<p> . . . </p>
-
-<p> One of the bugs of Ultrix's /bin/sh is that shell-variables
-set in arguments of `:' expand to garbage if expanded in here-documents.
-Using a different shell helps. I needed to replace all calls of
-``sh .../makedefs'' by ``$(SHELL) .../makedefs'' in all the
-Makefile.in and am now able to use ``make SHELL=/bin/sh5'' or zsh.
-
-<p> . . . </p>
-
-<p> Ultrix's FD_SET_SIZE is 4096, but getdtablesize()
-returns 64 by default, if not increased when building a new
-kernel. getrlimit() doesn't know RLIMIT_NOFILE. This makes
-event_init() always log the warning: `could allocate space for
-only 64 open files'. </p>
-
-<p> I just reduced the threshold from 256 to 64, but this is not good.
-The initial problem still remains: How to disable this warning on
-Ultrix without making the source ugly? </p>
-
-</blockquote>
-
-<p> To work around the first problem, all the Makefile.in files
-have been updated to use `$(SHELL)' instead of `sh'. So you only
-need to supply a non-default shell in order to eliminate Ultrix
-shell trouble. </p>
-
-<p> To work around the latter, util/sys_defs.h was updated for
-Ultrix, with a default FD_SETSIZE of 100. This should be sufficient
-for a workstation. Even in 1999, no-one would run a major mail hub
-on Ultrix 4. </p>
-
-</body>
-
-</html>
<b>postmap -q - /etc/postfix/access</b> <<i>inputfile</i>
<b>DESCRIPTION</b>
- The Postfix SMTP server supports access control on remote
- SMTP client information: host names, network addresses,
- and envelope sender or recipient addresses. See
- <b><a href="postconf.5.html#header_checks">header_checks</a></b>(5) or <b><a href="postconf.5.html#body_checks">body_checks</a></b>(5) for access control on
- the content of email messages.
-
- Normally, the <a href="access.5.html"><b>access</b>(5)</a> table is specified as a text file
- that serves as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> command. The
- result, an indexed file in <b>dbm</b> or <b>db</b> format, is used for
- fast searching by the mail system. Execute the command
- "<b>postmap /etc/postfix/access</b>" to rebuild an indexed file
+ This document describes access control on remote SMTP
+ client information: host names, network addresses, and
+ envelope sender or recipient addresses; it is implemented
+ by the Postfix SMTP server. See <b><a href="postconf.5.html#header_checks">header_checks</a></b>(5) or
+ <b><a href="postconf.5.html#body_checks">body_checks</a></b>(5) for access control on the content of email
+ messages.
+
+ Normally, the <a href="access.5.html"><b>access</b>(5)</a> table is specified as a text file
+ that serves as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> command. The
+ result, an indexed file in <b>dbm</b> or <b>db</b> format, is used for
+ fast searching by the mail system. Execute the command
+ "<b>postmap /etc/postfix/access</b>" to rebuild an indexed file
after changing the corresponding text file.
- When the table is provided via other means such as NIS,
- LDAP or SQL, the same lookups are done as for ordinary
+ When the table is provided via other means such as NIS,
+ LDAP or SQL, the same lookups are done as for ordinary
indexed files.
- Alternatively, the table can be provided as a regular-
+ Alternatively, the table can be provided as a regular-
expression map where patterns are given as regular expres-
- sions, or lookups can be directed to TCP-based server. In
- those cases, the lookups are done in a slightly different
- way as described below under "REGULAR EXPRESSION TABLES"
+ sions, or lookups can be directed to TCP-based server. In
+ those cases, the lookups are done in a slightly different
+ way as described below under "REGULAR EXPRESSION TABLES"
or "TCP-BASED TABLES".
<b>CASE FOLDING</b>
- The search string is folded to lowercase before database
- lookup. As of Postfix 2.3, the search string is not case
- folded with database types such as <a href="regexp_table.5.html">regexp</a>: or <a href="pcre_table.5.html">pcre</a>: whose
+ The search string is folded to lowercase before database
+ lookup. As of Postfix 2.3, the search string is not case
+ folded with database types such as <a href="regexp_table.5.html">regexp</a>: or <a href="pcre_table.5.html">pcre</a>: whose
lookup fields can match both upper and lower case.
<b>TABLE FORMAT</b>
address, perform the corresponding <i>action</i>.
blank lines and comments
- Empty lines and whitespace-only lines are ignored,
- as are lines whose first non-whitespace character
+ Empty lines and whitespace-only lines are ignored,
+ as are lines whose first non-whitespace character
is a `#'.
multi-line text
- A logical line starts with non-whitespace text. A
- line that starts with whitespace continues a logi-
+ A logical line starts with non-whitespace text. A
+ line that starts with whitespace continues a logi-
cal line.
<b>EMAIL ADDRESS PATTERNS</b>
With lookups from indexed files such as DB or DBM, or from
- networked tables such as NIS, LDAP or SQL, patterns are
+ networked tables such as NIS, LDAP or SQL, patterns are
tried in the order as listed below:
<i>user</i>@<i>domain</i>
Matches the specified mail address.
<i>domain.tld</i>
- Matches <i>domain.tld</i> as the domain part of an email
+ Matches <i>domain.tld</i> as the domain part of an email
address.
The pattern <i>domain.tld</i> also matches subdomains, but
only when the string <b>smtpd_access_maps</b> is listed in
- the Postfix <b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a></b> con-
- figuration setting (note that this is the default
- for some versions of Postfix). Otherwise, specify
- <i>.domain.tld</i> (note the initial dot) in order to
+ the Postfix <b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a></b> con-
+ figuration setting (note that this is the default
+ for some versions of Postfix). Otherwise, specify
+ <i>.domain.tld</i> (note the initial dot) in order to
match subdomains.
- <i>user</i>@ Matches all mail addresses with the specified user
+ <i>user</i>@ Matches all mail addresses with the specified user
part.
- Note: lookup of the null sender address is not possible
- with some types of lookup table. By default, Postfix uses
- <> as the lookup key for such addresses. The value is
- specified with the <b><a href="postconf.5.html#smtpd_null_access_lookup_key">smtpd_null_access_lookup_key</a></b> parameter
+ Note: lookup of the null sender address is not possible
+ with some types of lookup table. By default, Postfix uses
+ <> as the lookup key for such addresses. The value is
+ specified with the <b><a href="postconf.5.html#smtpd_null_access_lookup_key">smtpd_null_access_lookup_key</a></b> parameter
in the Postfix <a href="postconf.5.html"><b>main.cf</b></a> file.
<b>EMAIL ADDRESS EXTENSION</b>
When a mail address localpart contains the optional recip-
- ient delimiter (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order
- becomes: <i>user+foo</i>@<i>domain</i>, <i>user</i>@<i>domain</i>, <i>domain</i>, <i>user+foo</i>@,
+ ient delimiter (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order
+ becomes: <i>user+foo</i>@<i>domain</i>, <i>user</i>@<i>domain</i>, <i>domain</i>, <i>user+foo</i>@,
and <i>user</i>@.
<b>HOST NAME/ADDRESS PATTERNS</b>
With lookups from indexed files such as DB or DBM, or from
- networked tables such as NIS, LDAP or SQL, the following
+ networked tables such as NIS, LDAP or SQL, the following
lookup patterns are examined in the order as listed:
<i>domain.tld</i>
The pattern <i>domain.tld</i> also matches subdomains, but
only when the string <b>smtpd_access_maps</b> is listed in
- the Postfix <b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a></b> con-
+ the Postfix <b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a></b> con-
figuration setting. Otherwise, specify <i>.domain.tld</i>
- (note the initial dot) in order to match subdo-
+ (note the initial dot) in order to match subdo-
mains.
<i>net.work.addr.ess</i>
<i>net.work</i>
- <i>net</i> Matches the specified IPv4 host address or subnet-
- work. An IPv4 host address is a sequence of four
+ <i>net</i> Matches the specified IPv4 host address or subnet-
+ work. An IPv4 host address is a sequence of four
decimal octets separated by ".".
- Subnetworks are matched by repeatedly truncating
+ Subnetworks are matched by repeatedly truncating
the last ".octet" from the remote IPv4 host address
- string until a match is found in the access table,
+ string until a match is found in the access table,
or until further truncation is not possible.
NOTE 1: The information in the access map should be
in canonical form, with unnecessary null characters
- eliminated. Address information must not be
+ eliminated. Address information must not be
enclosed with "[]" characters.
- NOTE 2: use the <b>cidr</b> lookup table type to specify
+ NOTE 2: use the <b>cidr</b> lookup table type to specify
network/netmask patterns. See <a href="cidr_table.5.html"><b>cidr_table</b>(5)</a> for
details.
<i>net:work</i>
- <i>net</i> Matches the specified IPv6 host address or subnet-
- work. An IPv6 host address is a sequence of three
- to eight hexadecimal octet pairs separated by ":".
+ <i>net</i> Matches the specified IPv6 host address or subnet-
+ work. An IPv6 host address is a sequence of three
+ to eight hexadecimal octet pairs separated by ":".
- Subnetworks are matched by repeatedly truncating
- the last ":octetpair" from the remote IPv6 host
+ Subnetworks are matched by repeatedly truncating
+ the last ":octetpair" from the remote IPv6 host
address string until a match is found in the access
table, or until further truncation is not possible.
NOTE 2: The information in the access map should be
in canonical form, with unnecessary null characters
- eliminated. Address information must not be
+ eliminated. Address information must not be
enclosed with "[]" characters.
- NOTE 3: use the <b>cidr</b> lookup table type to specify
+ NOTE 3: use the <b>cidr</b> lookup table type to specify
network/netmask patterns. See <a href="cidr_table.5.html"><b>cidr_table</b>(5)</a> for
details.
<i>all-numerical</i>
An all-numerical result is treated as OK. This for-
- mat is generated by address-based relay authoriza-
+ mat is generated by address-based relay authoriza-
tion schemes such as pop-before-smtp.
<b>REJECT ACTIONS</b>
- Postfix version 2.3 and later support enhanced status
- codes as defined in <a href="http://www.faqs.org/rfcs/rfc3463.html">RFC 3463</a>. When no code is specified
- at the beginning of the <i>text</i> below, Postfix inserts a
- default enhanced status code of "5.7.1" in the case of
- reject actions, and "4.7.1" in the case of defer actions.
+ Postfix version 2.3 and later support enhanced status
+ codes as defined in <a href="http://www.faqs.org/rfcs/rfc3463.html">RFC 3463</a>. When no code is specified
+ at the beginning of the <i>text</i> below, Postfix inserts a
+ default enhanced status code of "5.7.1" in the case of
+ reject actions, and "4.7.1" in the case of defer actions.
See "ENHANCED STATUS CODES" below.
<b>4</b><i>NN text</i>
<b>5</b><i>NN text</i>
- Reject the address etc. that matches the pattern,
+ Reject the address etc. that matches the pattern,
and respond with the numerical three-digit code and
- text. <b>4</b><i>NN</i> means "try again later", while <b>5</b><i>NN</i> means
+ text. <b>4</b><i>NN</i> means "try again later", while <b>5</b><i>NN</i> means
"do not try again".
- The reply code "421" causes Postfix to disconnect
+ The reply code "421" causes Postfix to disconnect
immediately (Postfix version 2.3 and later).
<b>REJECT</b> <i>optional text...</i>
- Reject the address etc. that matches the pattern.
- Reply with <i>$reject</i><b>_</b><i>code optional text...</i> when the
- optional text is specified, otherwise reply with a
+ Reject the address etc. that matches the pattern.
+ Reply with <i>$reject</i><b>_</b><i>code optional text...</i> when the
+ optional text is specified, otherwise reply with a
generic error response message.
<b>DEFER_IF_REJECT</b> <i>optional text...</i>
- Defer the request if some later restriction would
- result in a REJECT action. Reply with "<b>450 4.7.1</b>
- <i>optional text...</i> when the optional text is speci-
+ Defer the request if some later restriction would
+ result in a REJECT action. Reply with "<b>450 4.7.1</b>
+ <i>optional text...</i> when the optional text is speci-
fied, otherwise reply with a generic error response
message.
This feature is available in Postfix 2.1 and later.
<b>DEFER_IF_PERMIT</b> <i>optional text...</i>
- Defer the request if some later restriction would
- result in a an explicit or implicit PERMIT action.
- Reply with "<b>450 4.7.1</b> <i>optional text...</i> when the
- optional text is specified, otherwise reply with a
+ Defer the request if some later restriction would
+ result in a an explicit or implicit PERMIT action.
+ Reply with "<b>450 4.7.1</b> <i>optional text...</i> when the
+ optional text is specified, otherwise reply with a
generic error response message.
This feature is available in Postfix 2.1 and later.
<b><a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a></b>, and so on).
<b>DISCARD</b> <i>optional text...</i>
- Claim successful delivery and silently discard the
- message. Log the optional text if specified, oth-
+ Claim successful delivery and silently discard the
+ message. Log the optional text if specified, oth-
erwise log a generic message.
- Note: this action currently affects all recipients
- of the message. To discard only one recipient
- without discarding the entire message, use the
+ Note: this action currently affects all recipients
+ of the message. To discard only one recipient
+ without discarding the entire message, use the
<a href="transport.5.html">transport(5)</a> table to direct mail to the <a href="discard.8.html">discard(8)</a>
service.
This feature is available in Postfix 2.0 and later.
- <b>DUNNO</b> Pretend that the lookup key was not found. This
- prevents Postfix from trying substrings of the
- lookup key (such as a subdomain name, or a network
+ <b>DUNNO</b> Pretend that the lookup key was not found. This
+ prevents Postfix from trying substrings of the
+ lookup key (such as a subdomain name, or a network
address subnetwork).
This feature is available in Postfix 2.0 and later.
<b>FILTER</b> <i>transport:destination</i>
- After the message is queued, send the entire mes-
+ After the message is queued, send the entire mes-
sage through the specified external content filter.
- The <i>transport:destination</i> syntax is described in
- the <a href="transport.5.html"><b>transport</b>(5)</a> manual page. More information
- about external content filters is in the Postfix
+ The <i>transport:destination</i> syntax is described in
+ the <a href="transport.5.html"><b>transport</b>(5)</a> manual page. More information
+ about external content filters is in the Postfix
<a href="FILTER_README.html">FILTER_README</a> file.
- Note: this action overrides the <a href="postconf.5.html"><b>main.cf</a> <a href="postconf.5.html#content_filter">con</a>-</b>
- <b><a href="postconf.5.html#content_filter">tent_filter</a></b> setting, and currently affects all
- recipients of the message.
+ Note: this action overrides the <b><a href="postconf.5.html#content_filter">content_filter</a></b> set-
+ ting, and currently affects all recipients of the
+ message.
This feature is available in Postfix 2.0 and later.
<b>HOLD</b> <i>optional text...</i>
- Place the message on the <b>hold</b> queue, where it will
- sit until someone either deletes it or releases it
- for delivery. Log the optional text if specified,
+ Place the message on the <b>hold</b> queue, where it will
+ sit until someone either deletes it or releases it
+ for delivery. Log the optional text if specified,
otherwise log a generic message.
- Mail that is placed on hold can be examined with
- the <a href="postcat.1.html"><b>postcat</b>(1)</a> command, and can be destroyed or
+ Mail that is placed on hold can be examined with
+ the <a href="postcat.1.html"><b>postcat</b>(1)</a> command, and can be destroyed or
released with the <a href="postsuper.1.html"><b>postsuper</b>(1)</a> command.
- Note: use "<b>postsuper -r</b>" to release mail that was
- kept
on hold for a significant fraction of <b>$<a href="postconf.5.html#maximal_queue_lifetime">maxi</a>-</b>
+ Note: use "<b>postsuper -r</b>" to release mail that was
+ kept
on hold for a significant fraction of <b>$<a href="postconf.5.html#maximal_queue_lifetime">maxi</a>-</b>
<b><a href="postconf.5.html#maximal_queue_lifetime">mal_queue_lifetime</a></b> or <b>$<a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a></b>, or
- longer. Use "<b>postsuper -H</b>" only for mail that will
+ longer. Use "<b>postsuper -H</b>" only for mail that will
not expire within a few delivery attempts.
- Note: this action currently affects all recipients
+ Note: this action currently affects all recipients
of the message.
This feature is available in Postfix 2.0 and later.
<b>PREPEND</b> <i>headername: headervalue</i>
- Prepend the specified message header to the mes-
- sage. When more than one PREPEND action executes,
- the first prepended header appears before the sec-
+ Prepend the specified message header to the mes-
+ sage. When more than one PREPEND action executes,
+ the first prepended header appears before the sec-
ond etc. prepended header.
- Note: this action must execute before the message
- content is received; it cannot execute in the con-
+ Note: this action must execute before the message
+ content is received; it cannot execute in the con-
text of <b><a href="postconf.5.html#smtpd_end_of_data_restrictions">smtpd_end_of_data_restrictions</a></b>.
This feature is available in Postfix 2.1 and later.
<b>REDIRECT</b> <i>user@domain</i>
- After the message is queued, send the message to
+ After the message is queued, send the message to
the specified address instead of the intended
recipient(s).
- Note: this action overrides the FILTER action, and
+ Note: this action overrides the FILTER action, and
currently affects all recipients of the message.
This feature is available in Postfix 2.1 and later.
<b>WARN</b> <i>optional text...</i>
Log a warning with the optional text, together with
- client information and if available, with helo,
+ client information and if available, with helo,
sender, recipient and protocol information.
This feature is available in Postfix 2.1 and later.
<b>ENHANCED STATUS CODES</b>
- Postfix version 2.3 and later support enhanced status
- codes as defined in <a href="http://www.faqs.org/rfcs/rfc3463.html">RFC 3463</a>. When an enhanced status
- code is specified in an access table, it is subject to
- modification. The following transformations are needed
- when the same access table is used for client, helo,
- sender, or recipient access restrictions; they happen
+ Postfix version 2.3 and later support enhanced status
+ codes as defined in <a href="http://www.faqs.org/rfcs/rfc3463.html">RFC 3463</a>. When an enhanced status
+ code is specified in an access table, it is subject to
+ modification. The following transformations are needed
+ when the same access table is used for client, helo,
+ sender, or recipient access restrictions; they happen
regardless of whether Postfix replies to a MAIL FROM, RCPT
TO or other SMTP command.
- <b>o</b> When a sender address matches a REJECT action, the
- Postfix SMTP server will transform a recipient DSN
- status (e.g., 4.1.1-4.1.6) into the corresponding
+ <b>o</b> When a sender address matches a REJECT action, the
+ Postfix SMTP server will transform a recipient DSN
+ status (e.g., 4.1.1-4.1.6) into the corresponding
sender DSN status, and vice versa.
- <b>o</b> When non-address information matches a REJECT
- action (such as the HELO command argument or the
- client hostname/address), the Postfix SMTP server
- will transform a sender or recipient DSN status
- into a generic non-address DSN status (e.g.,
+ <b>o</b> When non-address information matches a REJECT
+ action (such as the HELO command argument or the
+ client hostname/address), the Postfix SMTP server
+ will transform a sender or recipient DSN status
+ into a generic non-address DSN status (e.g.,
4.0.0).
<b>REGULAR EXPRESSION TABLES</b>
- This section describes how the table lookups change when
+ This section describes how the table lookups change when
the table is given in the form of regular expressions. For
- a description of regular expression lookup table syntax,
+ a description of regular expression lookup table syntax,
see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
- Each pattern is a regular expression that is applied to
+ Each pattern is a regular expression that is applied to
the entire string being looked up. Depending on the appli-
- cation, that string is an entire client hostname, an
+ cation, that string is an entire client hostname, an
entire client IP address, or an entire mail address. Thus,
no parent domain or parent network search is done,
- <i>user@domain</i> mail addresses are not broken up into their
+ <i>user@domain</i> mail addresses are not broken up into their
<i>user@</i> and <i>domain</i> constituent parts, nor is <i>user+foo</i> broken
up into <i>user</i> and <i>foo</i>.
- Patterns are applied in the order as specified in the ta-
- ble, until a pattern is found that matches the search
+ Patterns are applied in the order as specified in the ta-
+ ble, until a pattern is found that matches the search
string.
- Actions are the same as with indexed file lookups, with
- the additional feature that parenthesized substrings from
+ Actions are the same as with indexed file lookups, with
+ the additional feature that parenthesized substrings from
the pattern can be interpolated as <b>$1</b>, <b>$2</b> and so on.
<b>TCP-BASED TABLES</b>
- This section describes how the table lookups change when
+ This section describes how the table lookups change when
lookups are directed to a TCP-based server. For a descrip-
tion of the TCP client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_ta-</b></a>
<a href="tcp_table.5.html"><b>ble</b>(5)</a>. This feature is not available up to and including
Postfix version 2.4.
- Each lookup operation uses the entire query string once.
- Depending on the application, that string is an entire
+ Each lookup operation uses the entire query string once.
+ Depending on the application, that string is an entire
client hostname, an entire client IP address, or an entire
- mail address. Thus, no parent domain or parent network
- search is done, <i>user@domain</i> mail addresses are not broken
- up into their <i>user@</i> and <i>domain</i> constituent parts, nor is
+ mail address. Thus, no parent domain or parent network
+ search is done, <i>user@domain</i> mail addresses are not broken
+ up into their <i>user@</i> and <i>domain</i> constituent parts, nor is
<i>user+foo</i> broken up into <i>user</i> and <i>foo</i>.
Actions are the same as with indexed file lookups.
<b>EXAMPLE</b>
- The following example uses an indexed file, so that the
- order of table entries does not matter. The example per-
- mits access by the client at address 1.2.3.4 but rejects
- all other clients in 1.2.3.0/24. Instead of <b>hash</b> lookup
- tables, some systems use <b>dbm</b>. Use the command "<b>postconf</b>
- <b>-m</b>" to find out what lookup tables Postfix supports on
+ The following example uses an indexed file, so that the
+ order of table entries does not matter. The example per-
+ mits access by the client at address 1.2.3.4 but rejects
+ all other clients in 1.2.3.0/24. Instead of <b>hash</b> lookup
+ tables, some systems use <b>dbm</b>. Use the command "<b>postconf</b>
+ <b>-m</b>" to find out what lookup tables Postfix supports on
your system.
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
editing the file.
<b>BUGS</b>
- The table format does not understand quoting conventions.
+ The table format does not understand quoting conventions.
<b>SEE ALSO</b>
<a href="postmap.1.html">postmap(1)</a>, Postfix lookup table manager
<a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
HEADER_CHECKS(5) HEADER_CHECKS(5)
<b>NAME</b>
- <a href="postconf.5.html#header_checks">header_checks</a> - Postfix built-in header/body inspection
+ <a href="postconf.5.html#header_checks">header_checks</a> - Postfix built-in content inspection
<b>SYNOPSIS</b>
<b><a href="postconf.5.html#header_checks">header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/header_checks</b>
<b>postmap -fq - <a href="pcre_table.5.html">pcre</a>:/etc/postfix/</b><i>filename</i> <<i>inputfile</i>
<b>DESCRIPTION</b>
- The Postfix <a href="cleanup.8.html"><b>cleanup</b>(8)</a> server supports access control on
- the content of message headers and message body lines.
- See <a href="access.5.html"><b>access</b>(5)</a> for access control on remote SMTP client
+ This document describes access control on the content of
+ message headers and message body lines; it is implemented
+ by the Postfix <a href="cleanup.8.html">cleanup(8)</a> server before mail is queued.
+ See <a href="access.5.html"><b>access</b>(5)</a> for access control on remote SMTP client
information.
- Each message header or message body line is compared
- against a list of patterns. When a match is found the
+ Each message header or message body line is compared
+ against a list of patterns. When a match is found the
corresponding action is executed, and the matching process
- is repeated for the next message header or message body
+ is repeated for the next message header or message body
line.
- For examples, see the EXAMPLES section at the end of this
+ For examples, see the EXAMPLES section at the end of this
manual page.
Postfix header or <a href="postconf.5.html#body_checks">body_checks</a> are designed to stop a flood
- of mail from worms or viruses; they do not decode attach-
- ments, and they do not unzip archives. See the documents
- referenced below in the README FILES section if you need
+ of mail from worms or viruses; they do not decode attach-
+ ments, and they do not unzip archives. See the documents
+ referenced below in the README FILES section if you need
more sophisticated content analysis.
Postfix supports four built-in content inspection classes:
<b><a href="postconf.5.html#header_checks">header_checks</a></b>
- These are applied to initial message headers
- (except for the headers that are processed with
+ These are applied to initial message headers
+ (except for the headers that are processed with
<b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b>).
<b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b> (default: <b>$<a href="postconf.5.html#header_checks">header_checks</a></b>)
- These are applied to MIME related message headers
+ These are applied to MIME related message headers
only.
This feature is available in Postfix 2.0 and later.
<b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a></b> (default: <b>$<a href="postconf.5.html#header_checks">header_checks</a></b>)
- These are applied to message headers of attached
- email messages (except for the headers that are
+ These are applied to message headers of attached
+ email messages (except for the headers that are
processed with <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b>).
This feature is available in Postfix 2.0 and later.
<b><a href="postconf.5.html#body_checks">body_checks</a></b>
- These are applied to all other content, including
+ These are applied to all other content, including
multi-part message boundaries.
With Postfix versions before 2.0, all content after
tent.
Note: message headers are examined one logical header at a
- time, even when a message header spans multiple lines.
+ time, even when a message header spans multiple lines.
Body lines are always examined one line at a time.
<b>TABLE FORMAT</b>
- This document assumes that header and <a href="postconf.5.html#body_checks">body_checks</a> rules
- are specified in the form of Postfix regular expression
- lookup tables. Usually the best performance is obtained
+ This document assumes that header and <a href="postconf.5.html#body_checks">body_checks</a> rules
+ are specified in the form of Postfix regular expression
+ lookup tables. Usually the best performance is obtained
with <b>pcre</b> (Perl Compatible Regular Expression) tables, but
- the slower <b>regexp</b> (POSIX regular expressions) support is
- more widely available. Use the command "<b>postconf -m</b>" to
- find out what lookup table types your Postfix system sup-
+ the slower <b>regexp</b> (POSIX regular expressions) support is
+ more widely available. Use the command "<b>postconf -m</b>" to
+ find out what lookup table types your Postfix system sup-
ports.
The general format of Postfix regular expression tables is
- given below. For a discussion of specific pattern or
- flags
syntax, see <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a> or <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a>,
+ given below. For a discussion of specific pattern or
+ flags
syntax, see <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a> or <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a>,
respectively.
<b>/</b><i>pattern</i><b>/</b><i>flags action</i>
- When <i>pattern</i> matches the input string, execute the
- corresponding <i>action</i>. See below for a list of pos-
+ When <i>pattern</i> matches the input string, execute the
+ corresponding <i>action</i>. See below for a list of pos-
sible actions.
<b>!/</b><i>pattern</i><b>/</b><i>flags action</i>
- When <i>pattern</i> does <b>not</b> match the input string, exe-
+ When <i>pattern</i> does <b>not</b> match the input string, exe-
cute the corresponding <i>action</i>.
<b>if /</b><i>pattern</i><b>/</b><i>flags</i>
<b>endif</b> Match the input string against the patterns between
- <b>if</b> and <b>endif</b>, if and only if the input string also
- matches <i>pattern</i>. The <b>if</b>..<b>endif</b> can nest.
+ <b>if</b> and <b>endif</b>, if and only if the same input string
+ also matches <i>pattern</i>. The <b>if</b>..<b>endif</b> can nest.
- Note: do not prepend whitespace to patterns inside
+ Note: do not prepend whitespace to patterns inside
<b>if</b>..<b>endif</b>.
<b>if !/</b><i>pattern</i><b>/</b><i>flags</i>
<b>endif</b> Match the input string against the patterns between
- <b>if</b> and <b>endif</b>, if and only if the input string does
- <b>not</b> match <i>pattern</i>. The <b>if</b>..<b>endif</b> can nest.
+ <b>if</b> and <b>endif</b>, if and only if the same input string
+ does <b>not</b> match <i>pattern</i>. The <b>if</b>..<b>endif</b> can nest.
blank lines and comments
- Empty lines and whitespace-only lines are ignored,
- as are lines whose first non-whitespace character
+ Empty lines and whitespace-only lines are ignored,
+ as are lines whose first non-whitespace character
is a `#'.
multi-line text
- A pattern/action line starts with non-whitespace
- text. A line that starts with whitespace continues
+ A pattern/action line starts with non-whitespace
+ text. A line that starts with whitespace continues
a logical line.
<b>TABLE SEARCH ORDER</b>
- For each line of message input, the patterns are applied
- in the order as specified in the table. When a pattern is
- found that matches the input line, the corresponding
- action is executed and then the next input line is
+ For each line of message input, the patterns are applied
+ in the order as specified in the table. When a pattern is
+ found that matches the input line, the corresponding
+ action is executed and then the next input line is
inspected.
<b>TEXT SUBSTITUTION</b>
- Substitution of substrings from the matched expression
- into the <i>action</i> string is possible using the conventional
- Perl syntax (<b>$1</b>, <b>$2</b>, etc.). The macros in the result
- string may need to be written as <b>${n}</b> or <b>$(n)</b> if they
+ Substitution of substrings from the matched expression
+ into the <i>action</i> string is possible using the conventional
+ Perl syntax (<b>$1</b>, <b>$2</b>, etc.). The macros in the result
+ string may need to be written as <b>${n}</b> or <b>$(n)</b> if they
aren't followed by whitespace.
- Note: since negated patterns (those preceded by <b>!</b>) return
+ Note: since negated patterns (those preceded by <b>!</b>) return
a result when the expression does not match, substitutions
are not available for negated patterns.
case for consistency with other Postfix documentation.
<b>DISCARD</b> <i>optional text...</i>
- Claim successful delivery and silently discard the
- message. Log the optional text if specified, oth-
+ Claim successful delivery and silently discard the
+ message. Log the optional text if specified, oth-
erwise log a generic message.
- Note: this action disables further header or
- <a href="postconf.5.html#body_checks">body_checks</a> inspection of the current message and
+ Note: this action disables further header or
+ <a href="postconf.5.html#body_checks">body_checks</a> inspection of the current message and
affects all recipients. To discard only one recip-
ient without discarding the entire message, use the
<a href="transport.5.html">transport(5)</a> table to direct mail to the <a href="discard.8.html">discard(8)</a>
This feature is available in Postfix 2.0 and later.
- <b>DUNNO</b> Pretend that the input line did not match any pat-
- tern, and inspect the next input line. This action
+ <b>DUNNO</b> Pretend that the input line did not match any pat-
+ tern, and inspect the next input line. This action
can be used to shorten the table search.
- For backwards compatibility reasons, Postfix also
- accepts <b>OK</b> but it is (and always has been) treated
+ For backwards compatibility reasons, Postfix also
+ accepts <b>OK</b> but it is (and always has been) treated
as <b>DUNNO</b>.
This feature is available in Postfix 2.1 and later.
<b>FILTER</b> <i>transport:destination</i>
- Write a content filter request to the queue file
- and inspect the next input line. After the com-
- plete message is received it will be sent through
+ Write a content filter request to the queue file,
+ and inspect the next input line. After the com-
+ plete message is received it will be sent through
the specified external content filter. More infor-
- mation about external content filters is in the
+ mation about external content filters is in the
Postfix <a href="FILTER_README.html">FILTER_README</a> file.
- Note: this action overrides the <a href="postconf.5.html"><b>main.cf</a> <a href="postconf.5.html#content_filter">con</a>-</b>
- <b><a href="postconf.5.html#content_filter">tent_filter</a></b> setting, and affects all recipients of
- the message. In the case that multiple <b>FILTER</b>
- actions fire, only the last one is executed.
+ Note: this action overrides the <b><a href="postconf.5.html#content_filter">content_filter</a></b> set-
+ ting, and affects all recipients of the message. In
+ the case that multiple <b>FILTER</b> actions fire, only
+ the last one is executed.
This feature is available in Postfix 2.0 and later.
<b>HOLD</b> <i>optional text...</i>
- Arrange for the message to be placed on the <b>hold</b>
- queue, and inspect the next input line. The mes-
- sage remains on <b>hold</b> until someone either deletes
- it or releases it for delivery. Log the optional
+ Arrange for the message to be placed on the <b>hold</b>
+ queue, and inspect the next input line. The mes-
+ sage remains on <b>hold</b> until someone either deletes
+ it or releases it for delivery. Log the optional
text if specified, otherwise log a generic message.
- Mail that is placed on hold can be examined with
- the <a href="postcat.1.html"><b>postcat</b>(1)</a> command, and can be destroyed or
+ Mail that is placed on hold can be examined with
+ the <a href="postcat.1.html"><b>postcat</b>(1)</a> command, and can be destroyed or
released with the <a href="postsuper.1.html"><b>postsuper</b>(1)</a> command.
- Note: use "<b>postsuper -r</b>" to release mail that was
- kept
on hold for a significant fraction of <b>$<a href="postconf.5.html#maximal_queue_lifetime">maxi</a>-</b>
+ Note: use "<b>postsuper -r</b>" to release mail that was
+ kept
on hold for a significant fraction of <b>$<a href="postconf.5.html#maximal_queue_lifetime">maxi</a>-</b>
<b><a href="postconf.5.html#maximal_queue_lifetime">mal_queue_lifetime</a></b> or <b>$<a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a></b>, or
- longer. Use "<b>postsuper -H</b>" only for mail that will
+ longer. Use "<b>postsuper -H</b>" only for mail that will
not expire within a few delivery attempts.
- Note: this action affects all recipients of the
+ Note: this action affects all recipients of the
message.
This feature is available in Postfix 2.0 and later.
- <b>IGNORE</b> Delete the current line from the input and inspect
+ <b>IGNORE</b> Delete the current line from the input, and inspect
the next input line.
<b>PREPEND</b> <i>text...</i>
- Prepend one line with the specified text and
+ Prepend one line with the specified text, and
inspect the next input line.
Notes:
- <b>o</b> The prepended text is output on a separate
+ <b>o</b> The prepended text is output on a separate
line, immediately before the input that
triggered the <b>PREPEND</b> action.
<b>o</b> The prepended text is not considered part of
- the input stream: it is not subject to
+ the input stream: it is not subject to
header/body checks or address rewriting, and
it does not affect the way that Postfix adds
missing message headers.
<b>o</b> When prepending text before a message header
- line, the prepended text must begin with a
+ line, the prepended text must begin with a
valid message header label.
<b>o</b> This action cannot be used to prepend multi-
This feature is available in Postfix 2.1 and later.
<b>REDIRECT</b> <i>user@domain</i>
- Write a message redirection request to the queue
- file and inspect the next input line. After the
+ Write a message redirection request to the queue
+ file, and inspect the next input line. After the
message is queued, it will be sent to the specified
address instead of the intended recipient(s).
- Note: this action overrides the <b>FILTER</b> action, and
- affects all recipients of the message. If multiple
- <b>REDIRECT</b> actions fire, only the last one is exe-
+ Note: this action overrides the <b>FILTER</b> action, and
+ affects all recipients of the message. If multiple
+ <b>REDIRECT</b> actions fire, only the last one is exe-
cuted.
This feature is available in Postfix 2.1 and later.
<b>REPLACE</b> <i>text...</i>
- Replace the current line with the specified text
+ Replace the current line with the specified text,
and inspect the next input line.
This feature is available in Postfix 2.2 and later.
- The description below applies to Postfix 2.2.2 and
+ The description below applies to Postfix 2.2.2 and
later.
Notes:
- <b>o</b> When replacing a message header line, the
- replacement text must begin with a valid
+ <b>o</b> When replacing a message header line, the
+ replacement text must begin with a valid
header label.
- <b>o</b> The replaced text remains part of the input
- stream. Unlike the result from the <b>PREPEND</b>
- action, a replaced message header may be
- subject to address rewriting and may affect
- the way that Postfix adds missing message
+ <b>o</b> The replaced text remains part of the input
+ stream. Unlike the result from the <b>PREPEND</b>
+ action, a replaced message header may be
+ subject to address rewriting and may affect
+ the way that Postfix adds missing message
headers.
<b>REJECT</b> <i>optional text...</i>
- Reject the entire message. Reply with <i>optional</i>
+ Reject the entire message. Reply with <i>optional</i>
<i>text...</i> when the optional text is specified, other-
wise reply with a generic error message.
- Note: this action disables further header or
- <a href="postconf.5.html#body_checks">body_checks</a> inspection of the current message and
+ Note: this action disables further header or
+ <a href="postconf.5.html#body_checks">body_checks</a> inspection of the current message and
affects all recipients.
Postfix version 2.3 and later support enhanced sta-
enhanced status code of "5.7.1".
<b>WARN</b> <i>optional text...</i>
- Log a warning with the <i>optional text...</i> (or log a
- generic message) and inspect the next input line.
+ Log a warning with the <i>optional text...</i> (or log a
+ generic message), and inspect the next input line.
This action is useful for debugging and for testing
a pattern before applying more drastic actions.
<b>BUGS</b>
- Many people overlook the main limitations of header and
- <a href="postconf.5.html#body_checks">body_checks</a> rules. These rules operate on one logical
- message header or one body line at a time, and a decision
- made for one line is not carried over to the next line.
- If text in the message body is encoded (<a href="http://www.faqs.org/rfcs/rfc2045.html">RFC 2045</a>) then the
- rules have to specified for the encoded form. Likewise,
- when message headers are encoded (<a href="http://www.faqs.org/rfcs/rfc2047.html">RFC 2047</a>) then the rules
- need to be specified for the encoded form.
-
- Message headers added by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon itself are
+ Many people overlook the main limitations of header and
+ <a href="postconf.5.html#body_checks">body_checks</a> rules.
+
+ <b>o</b> These rules operate on one logical message header
+ or one body line at a time. A decision made for one
+ line is not carried over to the next line.
+
+ <b>o</b> If text in the message body is encoded (<a href="http://www.faqs.org/rfcs/rfc2045.html">RFC 2045</a>)
+ then the rules have to specified for the encoded
+ form.
+
+ <b>o</b> Likewise, when message headers are encoded (<a href="http://www.faqs.org/rfcs/rfc2047.html">RFC</a>
+ <a href="http://www.faqs.org/rfcs/rfc2047.html">2047</a>) then the rules need to be specified for the
+ encoded form.
+
+ Message headers added by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon itself are
excluded from inspection. Examples of such message headers
are <b>From:</b>, <b>To:</b>, <b>Message-ID:</b>, <b>Date:</b>.
- Message headers deleted by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon will be
+ Message headers deleted by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon will be
examined before they are deleted. Examples are: <b>Bcc:, Con-</b>
<b>tent-Length:</b>, <b>Return-Path:</b>.
<b><a href="postconf.5.html#body_checks">body_checks</a></b>
Lookup tables with content filter rules for message
body lines. These filters see one physical line at
- a
time, in chunks of at most <b>$<a href="postconf.5.html#line_length_limit">line_length_limit</a></b>
+ a
time, in chunks of at most <b>$<a href="postconf.5.html#line_length_limit">line_length_limit</a></b>
bytes.
<b><a href="postconf.5.html#body_checks_size_limit">body_checks_size_limit</a></b>
- The amount of content per message body segment
+ The amount of content per message body segment
(attachment) that is subjected to <b>$<a href="postconf.5.html#body_checks">body_checks</a></b> fil-
tering.
<b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a></b> (default: <b>$<a href="postconf.5.html#header_checks">header_checks</a></b>)
Lookup tables with content filter rules for message
- header lines: respectively, these are applied to
- the initial message headers (not including MIME
- headers), to the MIME headers anywhere in the mes-
- sage, and to the initial headers of attached mes-
+ header lines: respectively, these are applied to
+ the initial message headers (not including MIME
+ headers), to the MIME headers anywhere in the mes-
+ sage, and to the initial headers of attached mes-
sages.
- Note: these filters see one logical message header
- at a time, even when a message header spans multi-
- ple lines. Message headers that are longer than
+ Note: these filters see one logical message header
+ at a time, even when a message header spans multi-
+ ple lines. Message headers that are longer than
<b>$<a href="postconf.5.html#header_size_limit">header_size_limit</a></b> characters are truncated.
<b><a href="postconf.5.html#disable_mime_input_processing">disable_mime_input_processing</a></b>
- While receiving mail, give no special treatment to
- MIME related message headers; all text after the
+ While receiving mail, give no special treatment to
+ MIME related message headers; all text after the
initial message headers is considered to be part of
- the message body. This means that <b><a href="postconf.5.html#header_checks">header_checks</a></b> is
- applied to all the initial message headers, and
+ the message body. This means that <b><a href="postconf.5.html#header_checks">header_checks</a></b> is
+ applied to all the initial message headers, and
that <b><a href="postconf.5.html#body_checks">body_checks</a></b> is applied to the remainder of the
message.
- Note: when used in this manner, <b><a href="postconf.5.html#body_checks">body_checks</a></b> will
- process a multi-line message header one line at a
+ Note: when used in this manner, <b><a href="postconf.5.html#body_checks">body_checks</a></b> will
+ process a multi-line message header one line at a
time.
<b>EXAMPLES</b>
- Header pattern to block attachments with bad file name
+ Header pattern to block attachments with bad file name
extensions.
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="BACKSCATTER_README.html">BACKSCATTER_README</a>, blocking returned forged mail
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
<li> <a href="DEBUG_README.html"> Debugging strategies </a>
-<li> Error messages (*)
-
</ul>
<p><strong>Content inspection </strong></p>
<ul>
-<li> qmail/ezmlm support (*)
-
<li> <a href="VERP_README.html"> VERP Support </a>
</ul>
<li> <a href="NFS_README.html"> NFS issues </a>
-<li> <a href="ULTRIX_README.html"> Ultrix support </a>
-
</ul>
<p><strong> Other mail delivery agents </strong></p>
<ul>
-<li> Cyrus (*)
-
<li> <a href="MAILDROP_README.html"> Maildrop </a>
-<li> LMTP (*)
-
</ul>
<p><strong> Other topics </strong></p>
</td>
-<tr> <td colspan="3"> <font size="-1"> (*) These documents will be
-made available via <a href="http://www.postfix.org/">
-http://www.postfix.org/</a> and mirror sites. </font> </td> </tr>
-
</table>
</body>
terminal_result_attribute = maildrop
- This feature is available with Postfix >= 2.4.
+ This feature is available with Postfix 2.4 or
+ later.
<b>leaf_result_attribute (default: empty)</b>
- When one or more special result attributes are
- found in a non-terminal (see above) LDAP entry,
+ When one or more special result attributes are
+ found in a non-terminal (see above) LDAP entry,
leaf result attributes are excluded from the expan-
- sion of that entry. This is useful when expanding
+ sion of that entry. This is useful when expanding
groups and the desired mail address attribute(s) of
the member objects obtained via DN or URI recursion
- are also present in the group object. To only
- return the attribute values from the leaf objects
- and not the containing group, add the attribute to
- the leaf_result_attribute list, and not the
- result_attribute list, which is always expanded.
- Note, the default value of "result_attribute" is
- not empty, you may want to set it explicitly empty
- when using "leaf_result_attribute" to expand the
- group to a list of member DN addresses. If groups
- have both member DN references AND attributes that
- hold multiple string valued rfc822 addresses, then
- the string attributes go in "result_attribute".
- The attributes that represent the email addresses
- of objects referenced via a DN (or LDAP URI) go in
+ are also present in the group object. To only
+ return the attribute values from the leaf objects
+ and not the containing group, add the attribute to
+ the leaf_result_attribute list, and not the
+ result_attribute list, which is always expanded.
+ Note, the default value of "result_attribute" is
+ not empty, you may want to set it explicitly empty
+ when using "leaf_result_attribute" to expand the
+ group to a list of member DN addresses. If groups
+ have both member DN references AND attributes that
+ hold multiple string valued rfc822 addresses, then
+ the string attributes go in "result_attribute".
+ The attributes that represent the email addresses
+ of objects referenced via a DN (or LDAP URI) go in
"leaf_result_attribute".
result_attribute = memberaddr
terminal_result_attribute = maildrop
leaf_result_attribute = mail
- This feature is available with Postfix >= 2.4.
+ This feature is available with Postfix 2.4 or
+ later.
<b>scope (default: sub)</b>
The LDAP search scope: <b>sub</b>, <b>base</b>, or <b>one</b>. These
</p>
<p>
-This feature is implemented by the <a href="anvil.8.html">anvil(8)</a> service which is not
-part of the stable Postfix version 2.1 release.
+This feature is implemented by the <a href="anvil.8.html">anvil(8)</a> service which is available
+in Postfix version 2.2 and later.
</p>
<p>
</DD>
<DT><b><a name="minimal_backoff_time">minimal_backoff_time</a>
-(default: version dependent)</b></DT><DD>
+(default: 300s)</b></DT><DD>
+
+<p>
+The minimal time between attempts to deliver a deferred message;
+prior to Postfix 2.4 the default value was 1000s.
+</p>
<p>
-The minimal time between attempts to deliver a deferred message.
This parameter also limits the time an unreachable destination is
kept in the short-term, in-memory, destination status cache.
</p>
-<p> With Postfix 2.4 the default value was reduced from 1000s to
-300s. </p>
-
<p> This parameter should be set greater than or equal to
$<a href="postconf.5.html#queue_run_delay">queue_run_delay</a>. See also $<a href="postconf.5.html#maximal_backoff_time">maximal_backoff_time</a>. </p>
</DD>
<DT><b><a name="queue_run_delay">queue_run_delay</a>
-(default: version dependent)</b></DT><DD>
-
-<p>
-The time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the queue manager.
-</p>
+(default: 300s)</b></DT><DD>
<p>
-With Postfix 2.4 the default value was reduced from 1000s to 300s.
+The time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the queue manager;
+prior to Postfix 2.4 the default value was 1000s.
</p>
<p> This parameter should be set less than or equal to
<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> parameter and the optional "protocols"
keyword overrides the <a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> parameter.
In the policy table, multiple protocols must be separated by colons,
-as attribute values may not contain whitespace or commas. </p>
+as attribute values may not contain whitespace or commas. </dd>
<dt><b>verify</b></dt> <dd>Mandatory TLS verification. At this security
level, DNS MX lookups are trusted to be secure enough, and the name
;;
esac
;;
+"Mac OS".10.[0-3]*)
+ SYSTYPE=MACOSX
+ # Use the native compiler by default
+ : ${CC=cc}
+ AWK=gawk
+ CCARGS="$CCARGS -DNO_KQUEUE"
+ ;;
+
"Mac OS".10*) SYSTYPE=MACOSX
# Use the native compiler by default
: ${CC=cc}
.SH DESCRIPTION
.ad
.fi
-The Postfix SMTP server supports access control on remote
-SMTP client information: host names, network addresses, and
-envelope sender
-or recipient addresses. See \fBheader_checks\fR(5) or
+This document describes access control on remote SMTP client
+information: host names, network addresses, and envelope
+sender or recipient addresses; it is implemented by the
+Postfix SMTP server. See \fBheader_checks\fR(5) or
\fBbody_checks\fR(5) for access control on the content of
email messages.
More information
about external content filters is in the Postfix FILTER_README file.
.sp
-Note: this action overrides the \fBmain.cf content_filter\fR setting,
+Note: this action overrides the \fBcontent_filter\fR setting,
and currently affects all recipients of the message.
.sp
This feature is available in Postfix 2.0 and later.
.SH NAME
header_checks
\-
-Postfix built-in header/body inspection
+Postfix built-in content inspection
.SH "SYNOPSIS"
.na
.nf
.SH DESCRIPTION
.ad
.fi
-The Postfix \fBcleanup\fR(8) server supports access control
-on the content of message headers and message body lines.
+This document describes access control on the content of
+message headers and message body lines; it is implemented
+by the Postfix cleanup(8) server before mail is queued.
See \fBaccess\fR(5) for access control on remote SMTP client
information.
.IP "\fBif /\fIpattern\fB/\fIflags\fR"
.IP "\fBendif\fR"
Match the input string against the patterns between \fBif\fR
-and \fBendif\fR, if and only if the input string also matches
-\fIpattern\fR. The \fBif\fR..\fBendif\fR can nest.
+and \fBendif\fR, if and only if the same input string also
+matches \fIpattern\fR. The \fBif\fR..\fBendif\fR can nest.
.sp
Note: do not prepend whitespace to patterns inside
\fBif\fR..\fBendif\fR.
.IP "\fBif !/\fIpattern\fB/\fIflags\fR"
.IP "\fBendif\fR"
Match the input string against the patterns between \fBif\fR
-and \fBendif\fR, if and only if the input string does \fBnot\fR
-match \fIpattern\fR. The \fBif\fR..\fBendif\fR can nest.
+and \fBendif\fR, if and only if the same input string does
+\fBnot\fR match \fIpattern\fR. The \fBif\fR..\fBendif\fR
+can nest.
.IP "blank lines and comments"
Empty lines and whitespace-only lines are ignored, as
are lines whose first non-whitespace character is a `#'.
.sp
This feature is available in Postfix 2.1 and later.
.IP "\fBFILTER \fItransport:destination\fR"
-Write a content filter request to the queue file and
+Write a content filter request to the queue file, and
inspect the next input line.
After the complete message is received it will be sent through
the specified external content filter. More information about
external content filters is in the Postfix FILTER_README file.
.sp
-Note: this action overrides the \fBmain.cf content_filter\fR setting,
+Note: this action overrides the \fBcontent_filter\fR setting,
and affects all recipients of the message. In the case that multiple
\fBFILTER\fR actions fire, only the last one is executed.
.sp
.sp
This feature is available in Postfix 2.0 and later.
.IP \fBIGNORE\fR
-Delete the current line from the input and inspect
+Delete the current line from the input, and inspect
the next input line.
.IP "\fBPREPEND \fItext...\fR"
-Prepend one line with the specified text and inspect the next
+Prepend one line with the specified text, and inspect the next
input line.
.sp
Notes:
.IP
This feature is available in Postfix 2.1 and later.
.IP "\fBREDIRECT \fIuser@domain\fR"
-Write a message redirection request to the queue file and
+Write a message redirection request to the queue file, and
inspect the next input line. After the message is queued,
it will be sent to the specified address instead of the
intended recipient(s).
.sp
This feature is available in Postfix 2.1 and later.
.IP "\fBREPLACE \fItext...\fR"
-Replace the current line with the specified text and inspect the next
+Replace the current line with the specified text, and inspect the next
input line.
.sp
This feature is available in Postfix 2.2 and later. The
"5.7.1".
.IP "\fBWARN \fIoptional text...\fR
Log a warning with the \fIoptional text...\fR (or log a
-generic message) and inspect the next input line. This
+generic message), and inspect the next input line. This
action is useful for debugging and for testing a pattern
before applying more drastic actions.
.SH BUGS
.ad
.fi
Many people overlook the main limitations of header and body_checks
-rules. These rules operate on one logical message header or one body
-line at a time, and a decision made for one line is not carried over
-to the next line. If text in the message body is encoded
+rules.
+.IP \(bu
+These rules operate on one logical message header or one body
+line at a time. A decision made for one line is not carried over
+to the next line.
+.IP \(bu
+If text in the message body is encoded
(RFC 2045) then the rules have to specified for the encoded
-form. Likewise, when message headers are encoded (RFC
+form.
+.IP \(bu
+Likewise, when message headers are encoded (RFC
2047) then the rules need to be specified for the encoded
form.
-
+.PP
Message headers added by the \fBcleanup\fR(8) daemon itself
are excluded from inspection. Examples of such message headers
are \fBFrom:\fR, \fBTo:\fR, \fBMessage-ID:\fR, \fBDate:\fR.
.ti +4
terminal_result_attribute = maildrop
-This feature is available with Postfix >= 2.4.
+This feature is available with Postfix 2.4 or later.
.IP "\fBleaf_result_attribute (default: empty)\fR"
When one or more special result attributes are found in a non-terminal
(see above) LDAP entry, leaf result attributes are excluded from the
leaf_result_attribute = mail
.in -4
-This feature is available with Postfix >= 2.4.
+This feature is available with Postfix 2.4 or later.
.IP "\fBscope (default: sub)\fR"
The LDAP search scope: \fBsub\fR, \fBbase\fR, or \fBone\fR.
These translate into LDAP_SCOPE_SUBTREE, LDAP_SCOPE_BASE,
The time unit over which client connection rates and other rates
are calculated.
.PP
-This feature is implemented by the \fBanvil\fR(8) service which is not
-part of the stable Postfix version 2.1 release.
+This feature is implemented by the \fBanvil\fR(8) service which is available
+in Postfix version 2.2 and later.
.PP
The default interval is relatively short. Because of the high
frequency of updates, the \fBanvil\fR(8) server uses volatile memory
Postfix refuses mail that is nested deeper than the specified limit.
.PP
This feature is available in Postfix 2.0 and later.
-.SH minimal_backoff_time (default: version dependent)
-The minimal time between attempts to deliver a deferred message.
+.SH minimal_backoff_time (default: 300s)
+The minimal time between attempts to deliver a deferred message;
+prior to Postfix 2.4 the default value was 1000s.
+.PP
This parameter also limits the time an unreachable destination is
kept in the short-term, in-memory, destination status cache.
.PP
-With Postfix 2.4 the default value was reduced from 1000s to
-300s.
-.PP
This parameter should be set greater than or equal to
$queue_run_delay. See also $maximal_backoff_time.
.PP
.PP
With Postfix versions 2.0 and earlier, a queue_minfree value of
zero means there is no minimum required amount of free space.
-.SH queue_run_delay (default: version dependent)
-The time between deferred queue scans by the queue manager.
-.PP
-With Postfix 2.4 the default value was reduced from 1000s to 300s.
+.SH queue_run_delay (default: 300s)
+The time between deferred queue scans by the queue manager;
+prior to Postfix 2.4 the default value was 1000s.
.PP
This parameter should be set less than or equal to
$minimal_backoff_time. See also $maximal_backoff_time.
{
Again:
- if (/-[<\/bB>]*$/) {
+ if (/(-[<\/bB>]*|RFC)$/) {
$_ .= "\n";
$len1 = length;
$_ .= <>;
s;\bmilter_unknown_command_macros\b;<a href="postconf.5.html#milter_unknown_command_macros">$&</a>;g;
s;\bmilter_end_of_data_macros\b;<a href="postconf.5.html#milter_end_of_data_macros">$&</a>;g;
- # Split *README, parameter or restriction hyperlinks across line breaks
+ # Hyperlink URLs and RFC documents
+
+ s/(http:\/\/[^ ,"\(\)]*[^ ,"\(\):;!?.])/<a href="$1">$1<\/a>/;
+ s/(ftp:\/\/[^ ,"\(\)]*[^ ,"\(\):;!?.])/<a href="$1">$1<\/a>/;
+ s/\bRFC\s*([1-9]\d*)/<a href="http:\/\/www.faqs.org\/rfcs\/rfc$1.html">$&<\/a>/;
+
+ # Split README/RFC/parameter/restriction hyperlinks that span line breaks
s/(<a href="[^"]*">)([-A-Za-z0-9_]*)\b([-<\/bB>]*\n *[<bB>]*)\b([-A-Za-z0-9_]*)(<\/a>)/$1$2$5$3$1$4$5/;
s/(<a href="[^"]*">)([<bB>]*[-a-zA-Z0-9._]*[<bB>]*)<\/a>\1/$1$2/g;
s/(<a href="[^"]*">)([<bB>]*[-a-zA-Z0-9._]*[<bB>]*)<\/a>\1/$1$2/g;
- # Hyperlink URLs and RFC documents
-
- s/(http:\/\/[^ ,"\(\)]*[^ ,"\(\):;!?.])/<a href="$1">$1<\/a>/;
- s/(ftp:\/\/[^ ,"\(\)]*[^ ,"\(\):;!?.])/<a href="$1">$1<\/a>/;
- s/\bRFC *([1-9]\d*)/<a href="http:\/\/www.faqs.org\/rfcs\/rfc$1.html">$&<\/a>/;
-
# Hyperlink phrases not in headers.
if (/<\/*h\d>/) {
<li> <p> The list of domains that are a member of the class: for
example, all local domains, or all relay domains. </p>
-<li> <p> The default delivery method. For example, the local or
-smtp delivery agent. This helps to keep Postfix configurations
+<li> <p> The default delivery transport. For example, the local or
+relay delivery transport (delivery transports are defined in
+master.cf). This helps to keep Postfix configurations
simple. </p>
<li> <p> The list of valid recipient addresses for that address
<p> Recipient address verification is relatively straightforward
and there are no surprises. If a recipient probe fails, then Postfix
rejects mail for the recipient address. If a recipient probe
-succeeds, then Postfix accepts mail for the recipient address. </p>
+succeeds, then Postfix accepts mail for the recipient address.
+However, recipient address verification probes can increase the
+load on down-stream MTAs when you're being flooded by backscatter
+bounces, or when some spammer is mounting a dictionary attack. </p>
<p> By default, address verification results are not saved. To avoid
probing the same address repeatedly, you can store the result in a
the same performance improvement as with a shared connection cache,
non-shared connections need to be kept open for a longer time. </p>
+<p> The scache(8) server, introduced with Postfix version 2.2,
+maintains the shared connection cache. With Postfix version 2.2,
+only the smtp(8) client has support to access this cache. </p>
+
<blockquote>
<table>
-<tr> <td> Internet <-- </td> <td align="center" bgcolor="#f0f0ff">
-<br> smtp(8) <br> </td> <td> <tt> <-> </tt> </td> <td
-align="center" bgcolor="#f0f0ff"> <br> scache(8) <br> </td>
-<td> <tt> <-> </tt> </td> <td align="center" bgcolor="#f0f0ff">
-<br> smtp(8) <br> </td> <td> --> Internet </td>
+<tr> <td align="center" colspan="3" bgcolor="#f0f0ff"> <br> smtp(8)
+<br> </td> <td colspan="2"> --> Internet </td> </tr>
+
+<tr> <td align="center" rowspan="3"> </td> <td align="center"
+rowspan="3"><tt>|<br>|<br>|<br>|<br>|<br>|<br>v</tt></td>
+<td> </td> </tr>
+
+<tr> <td align="center"
+colspan="2" bgcolor="#f0f0ff"> <br> smtp(8) <br> </td> <td
+align="left"> --> Internet </td> </tr>
+
+<tr> <td align="center"><tt>^<br>|</tt></td> <td> </td> </tr>
+
+<tr> <td align="center" colspan="3" bgcolor="#f0f0ff"> <br> scache(8)
+<br> </td> </tr>
</table>
</blockquote>
-<p> The scache(8) server, introduced with Postfix version 2.2,
-maintains the shared connection cache. With Postfix version 2.2,
-only the smtp(8) client has support to access this cache. </p>
-
<p> When SMTP connection caching is enabled (see next section), the
smtp(8) client does not disconnect after a mail transaction, but
gives the connection to the scache(8) server which keeps the
-connection open for a limited amount of time. </p>
+connection open for a limited amount of time. </p>
<p> After handing over the open connection to the scache(8) server,
the smtp(8) client continues with some other mail delivery request.
+++ /dev/null
-<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
- "http://www.w3.org/TR/html4/loose.dtd">
-
-<html>
-
-<head>
-
-<title>Postfix Cyrus Howto</title>
-
-<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
-
-</head>
-
-<body>
-
-<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix Cyrus Howto</h1>
-
-<hr>
-
-<p> This document will be made available via http://www.postfix.org/. </p>
-
-</body>
-
-</html>
<li> You can use Berkeley DB files with fixed lookup strings for
simple address rewriting operations and you can use regular expression
-tables for the more complicated work.
+tables for the more complicated work. In other words, you don't
+have to put everything into the same table.
</ul>
postmap(1) or postalias(1) overwrite existing files. If the update
fails in the middle then you have no usable database, and Postfix
will stop working. This is not an issue with the CDB database type
-available with Postfix 2.2 and later, because <a href="CDB_README.html">CDB</a>
-database rebuilds are atomic. </p>
+available with Postfix 2.2 and later: <a href="CDB_README.html">CDB</a>
+creates a new file, and renames the file upon successful completion.
+</p>
<p> With multi-file databases such as DBM, there is no simple
solution. With Berkeley DB and other "one file" databases, it is
<h2><a name="no_db">Building Postfix on systems without Berkeley
DB</a></h2>
-<p> Many commercial UNIXes ship without Berkeley DB support. Examples
-are Solaris, HP-UX, IRIX, UNIXWARE. In order to build Postfix with
+<p> Some UNIXes ship without Berkeley DB support; for historical
+reasons these use DBM files instead. A problem with DBM files is
+that they can store only limited amounts of data. To build Postfix
+with
Berkeley DB support you need to download and install the source
-code from http://www.sleepycat.com/ </p>
+code from http://www.oracle.com/database/berkeley-db/. </p>
<p> Warning: some Linux system libraries use Berkeley DB, as do
some third-party libraries such as SASL. If you compile Postfix
with a different Berkeley DB implementation, then every Postfix
-program will dump core because either the system library, SASL
+program will dump core because either the system library, the SASL
library, or Postfix itself ends up using the wrong version. </p>
<p>The more recent Berkeley DB versions have a compile-time switch,
falling apart. </p>
<p> To build Postfix after you installed the Berkeley DB from
-http://www.sleepycat.com/, use something like: </p>
+source code, use something like: </p>
<blockquote>
<pre>
</pre>
</blockquote>
-<p> More information is available at http://www.sleepycat.com/. </p>
+<p> More information is available at
+http://www.oracle.com/database/berkeley-db/. </p>
</body>
permissions, incorrect configuration file settings that you can
fix. Postfix cannot proceed until this is fixed. </p>
-<li> <p> "<b>error</b>" reports a fatal or non-fatal error condition.
-Postfix cannot proceed until this is fixed. </p>
+<li> <p> "<b>error</b>" reports an error condition. For safety
+reasons, a Postfix process will terminate when more than 13 of these
+happen. </p>
<li> <p> "<b>warning</b>" indicates a non-fatal error. These are
problems that you may not be able to fix (such as a broken DNS
</ul>
<p> These reports contain information that is generated by Postfix
-delivery agents. Since these run as daemon processes and do not
+delivery agents. Since these run as daemon processes that cannot
interact with users directly, the result is sent as mail to the
sender of the test message. The format of these reports is practically
identical to that of ordinary non-delivery notifications. </p>
<h2><a name="sniffer">Record the SMTP session with a network sniffer</a></h2>
<p> This example uses <b>tcpdump</b>. In order to record a conversation
-you need to specify a large enough buffer with the "-s" option or
-else you will miss some or all of the packet payload. </p>
+you need to specify a large enough buffer with the "<b>-s</b>"
+option or else you will miss some or all of the packet payload.
+</p>
<blockquote>
<pre>
-# <b>tcpdump -w /file/name -s 2000 host example.com and port 25</b>
+# <b>tcpdump -w /file/name -s 0 host example.com and port 25</b>
</pre>
</blockquote>
+<p> Older tcpdump versions don't support "<b>-s 0</b>"; in that case,
+use "<b>-s 2000</b>" instead. </p>
+
<p> Run this for a while, stop with Ctrl-C when done. To view the
-data use a binary viewer, or <b>ethereal</b>, or use my <b>tcpdumpx</b>
-utility that is available from ftp://ftp.porcupine.org/pub/debugging/.
+data use a binary viewer, <b>ethereal</b>, or good old <b>less</b>.
</p>
<h2><a name="verbose">Making Postfix daemon programs more verbose</a></h2>
<p> Append one or more "<b>-v</b>" options to selected daemon
definitions in /etc/postfix/master.cf and type "<b>postfix reload</b>".
This will cause a lot of activity to be logged to the syslog daemon.
-Example: </p>
+For example, to make the Postfix SMTP server process more verbose: </p>
<blockquote>
<pre>
</pre>
</blockquote>
-<p> This makes the Postfix SMTP server more verbose. To diagnose
-problems with address rewriting one would specify a "<b>-v</b>"
+<p> To diagnose problems with address rewriting specify a "<b>-v</b>"
option for the cleanup(8) and/or trivial-rewrite(8) daemon, and to
-diagnose problems with mail delivery one would specify a "<b>-v</b>"
+diagnose problems with mail delivery specify a "<b>-v</b>"
option for the qmgr(8) or oqmgr(8) queue manager, or for the lmtp(8),
local(8), pipe(8), smtp(8), or virtual(8) delivery agent. </p>
<li> <p> Postfix logging. See the text at the top of the DEBUG_README
document to find out where logging is stored. Please do not frustrate
-the helpers by word wrapping the logging. </p>
+the helpers by word wrapping the logging. If the logging is more
+than a few kbytes of text, consider posting an URL on a web or ftp
+site. </p>
<li> <p> Consider using a test email address so that you don't have
to reveal email addresses or passwords of innocent people. </p>
<li> <p> If you can't use a test email address, please anonymize
-information consistently. Replace each letter by "A", each digit
+email addresses and host names consistently. Replace each letter
+by "A", each digit
by "D" so that the helpers can still recognize syntactical errors.
</p>
<li> <p> Output from "<b>postconf -n</b>". Please do not send your
-main.cf file or 400+ lines of <b>postconf</b> output. </p>
+main.cf file, or 500+ lines of <b>postconf</b> output. </p>
-<li> <p> Better, provide output from the <b>postfinger</b> tool.
+<li> <p> Better, provide output from the <b>postfinger</b> tool.
This can be found at http://ftp.wl0.org/SOURCES/postfinger. </p>
<li> <p> If the problem is SASL related, consider including the
including output from the <b>qshape</b> tool, as described in the
QSHAPE_README file. </p>
-<li> <p> If the problem is protocol related (connections time out
+<li> <p> If the problem is protocol related (connections time out,
or an SMTP server complains about syntax errors etc.) consider
recording a session with <b>tcpdump</b>, as described in the <a
href="#sniffer">DEBUG_README</a> document. </ul>
</ul>
<p> The implementation of DSN support involves extra parameters to
-the SMTP MAIL FROM and RCPT TO commands, as well as new Postfix
+the SMTP MAIL FROM and RCPT TO commands, as well as two Postfix
sendmail command line options that provide a sub-set of the functions
of the extra SMTP command parameters. </p>
not delivered via the connection that was used for sending ETRN.
</p>
-<p> Postfix versions before 1.0 (also known as version 20010228)
-implemented the ETRN command in an inefficient manner: they simply
-attempted to deliver all queued mail. This is slow on mail servers
-that queue mail for many customers. </p>
-
<p> As of version 1.0, Postfix has a fast ETRN implementation that
does not require Postfix to examine every queue file. Instead,
Postfix maintains a record of what queue files contain mail for
<blockquote>
<pre>
220 my.server.tld ESMTP Postfix
-<b>helo my.client.tld</b>
+<b>HELO my.client.tld</b>
250 Ok
-<b>etrn some.customer.domain</b>
+<b>ETRN some.customer.domain</b>
250 Queuing started
-<b>quit</b>
+<b>QUIT</b>
221 Bye
</pre>
</blockquote>
<p> The Postfix operator can request delivery for a specific customer
by using the command "sendmail -qR<i>destination</i>" and, with
Postfix version 1.1 and later, "postqueue -s<i>destination</i>".
+Access to this feature is controlled with the authorized_flush_users
+configuration parameter (Postfix version 2.2 and later).
</p>
<h2><a name="how">How Postfix fast ETRN works</a></h2>
with queue file names. When a request to "deliver mail now" arrives,
Postfix will attempt to deliver all recipients in the queue files
that have mail for the destination in question. This does not
-perform well when queue files have recipients in many different
-domains. </p>
+perform well with queue files that have recipients in many different
+domains, such as queue files with outbound mailing list traffic.
+</p>
<li> <p> The flush(8) daemon maintains per-destination logfiles
only for destinations listed with $fast_flush_domains. With other
-destinations it not possible to trigger delivery with "sendmail
+destinations you cannot request delivery with "sendmail
-qR<i>destination</i>" or, with Postfix version 1.1 and later,
"postqueue -s<i>destination</i>". </p>
the list of message delivery transports specified with the
defer_transports configuration parameter. </p>
+<li> <p> Up to and including Postfix version 2.3, the "fast flush"
+service may not deliver some messages if the request to "deliver
+mail now" arrives while an incoming queue scan is already in progress.
+</p>
+
</ul>
<h2><a name="config">Configuring the Postfix fast ETRN service</a></h2>
<blockquote>
<pre>
220 my.server.tld ESMTP Postfix
-<b>helo my.client.tld</b>
+<b>HELO my.client.tld</b>
250 Ok
-<b>etrn some.customer.domain</b>
+<b>ETRN some.customer.domain</b>
250 Queuing started
</pre>
</blockquote>
<blockquote>
<pre>
220 my.server.tld ESMTP Postfix
-<b>helo my.client.tld</b>
+<b>HELO my.client.tld</b>
250 Ok
-<b>etrn some.other.customer.domain</b>
+<b>ETRN some.other.customer.domain</b>
250 Queuing started
</pre>
</blockquote>
<blockquote>
<pre>
220 my.server.tld ESMTP Postfix
-<b>helo my.client.tld</b>
+<b>HELO my.client.tld</b>
250 Ok
-<b>etrn not.a.customer.domain</b>
+<b>ETRN not.a.customer.domain</b>
459 <not.a.customer.domain>: service unavailable
</pre>
</blockquote>
be covered by a later version of this document. </p>
<p> The after-queue content filter is not to be confused with the
-approach that is described in the SMTPD_PROXY_README document,
+approaches described in the SMTPD_PROXY_README or MILTER_README
+documents,
where incoming SMTP mail is filtered BEFORE it is stored into the
Postfix queue. </p>
<h2><a name="principles">Principles of operation</a> </h2>
-<p> An external content filter receives unfiltered mail from Postfix
-(as described further below) and does one of the following: </p>
+<p> An after-queue content filter receives unfiltered mail from Postfix
+(as described further below) and can do one of the following: </p>
<ol>
<li> <p> Re-inject the mail back into Postfix, perhaps after changing
content and/or destination. </p>
+<li> <p> Discard or quarantine the mail. </p>
+
<li> <p> Reject the mail (by sending a suitable status code back to
- Postfix). Postfix will return the mail to the sender. </p>
+ Postfix). Postfix will send the mail back to the sender address. </p>
</ol>
<h2><a name="simple_filter">Simple content filter example</a></h2>
-<p> The first example is simple to set up. Postfix receives
+<p> The first example is simple to set up, but has major limitations
+that will be addressed in a second example. Postfix receives
unfiltered mail from the network with the smtpd(8) server, and
delivers unfiltered mail to a content filter with the Postfix
pipe(8) delivery agent. The content filter injects filtered mail
<ul>
-<li> <p> Line 8: The -G option does nothing before Postfix 2.3,
-otherwise it disables address rewriting of message headers. </p>
+<li> <p> Line 8: The -G option says the filter output is not a local
+mail submission: don't do silly things like appending the local
+domain name to addresses in message headers. This option does
+nothing before Postfix version 2.3. </p>
<li> <p> Line 8: The -i option says don't stop reading input when
a line contains "." only. </p>
<li> <p> Line 8: NEVER NEVER NEVER use the "-t" command-line option
-here. It will mis-deliver mail, like sending mailing list mail back
-to the mailing list. </p>
+here. It will mis-deliver mail, like sending messages from a mailing
+list back to the mailing list. </p>
<li> <p> Line 21: The idea is to first capture the message to
file and then run the content through a third-party content filter
program. </p>
-<li> <p> Line 22: If the mail cannot be captured to file, mail
+<li> <p> Line 22: If the message cannot be captured to file, mail
delivery is deferred by terminating with exit status 75 (EX_TEMPFAIL).
Postfix places the message in the deferred mail queue and tries
again later. </p>
<li> <p> Line 26: If the content filter program finds a problem,
the mail is bounced by terminating with exit status 69 (EX_UNAVAILABLE).
-Postfix will return the message to the sender as undeliverable.
+Postfix will send the message back to the sender as undeliverable
+mail.
</p>
-<li> <p> Note: in this time of mail worms and spam, it is a BAD
+<li> <p> NOTE: in this time of mail worms and spam, it is a BAD
IDEA to send known viruses or spam back to the sender, because that
-address is likely to be forged. It is safer to discard known to be
-bad content and to quarantine suspicious content so that it can
+address is likely to be forged. It is safer to discard known viruses
+and to quarantine suspicious content so that it can
be inspected by a human being. </p>
<li> <p> Line 28: If the content is OK, it is given as input to
<blockquote>
<pre>
-% /path/to/script -f sender recipient... <message-file
+% /path/to/script -f sender -- recipient... <message-file
</pre>
</blockquote>
-o content_filter=filter:dummy
</pre>
-<p> The "content_filter" line causes Postfix to add one content
+<p> The "-o content_filter" line causes Postfix to add one content
filter request record to each incoming mail message, with content
"filter:dummy". This record overrides the normal mail routing
and causes mail to be given to the content filter instead. </p>
Postfix SMTP server. </p>
<li> <p> Execute "<b>postsuper -r ALL</b>" to remove content
-filter information from existing queue files. </p>
+filter request records from existing queue files. </p>
<li> <p> Execute another "<b>postfix reload</b>". </p>
<p> The example given here filters all mail, including mail that
arrives via SMTP and mail that is locally submitted via the Postfix
-sendmail command. See examples near the end of this document for
+sendmail command (local submissions enter Postfix via the pickup(8)
+server; to keep the figure simple we omit local submission details).
+See examples near the end of this document for
how to exclude local users from filtering, or how to configure a
destination dependent content filter. </p>
<li> <p> The "-o disable_mime_output_conversion=yes" is a workaround
that prevents the breaking of domainkeys and other digital signatures.
This is needed because some SMTP-based content filters don't announce
-8BITMIME support, even though they can handle it just fine. </p>
+8BITMIME support, even though they can handle 8-bit mail. </p>
<li> <p> The "-o smtp_generic_maps=" is a workaround that prevents
local address rewriting with generic(5) maps. Such rewriting should
dangerous mail content - that is why it should be a separate account.
</p>
+<li> <p> By default, Postfix will terminate a command that runs
+longer than command_time_limit seconds (default: 1000s). This is a
+safety measure that prevents filters from running forever. </p>
+
</ul>
<p> If you want to have your filter listening on port localhost:10025
<ul>
-<li> <p> Note: do not use spaces around the "=" or "," characters. </p>
+<li> <p> NOTE: do not use spaces around the "=" or "," characters. </p>
-<li> <p> Note: the SMTP server must not have a smaller process
+<li> <p> NOTE: the SMTP server must not have a smaller process
limit than the "filter" master.cf entry. </p>
<li> <p> The "-o content_filter=" overrides main.cf settings, and
requests no content filtering for mail from the content filter.
-This is required or else mail will stay in the content filtering
-loop. </p>
+This is required or else mail will loop. </p>
<li> <p> The "-o receive_override_options" overrides main.cf settings
to avoid duplicating work that was already done before the content
<li> <p> We specify "no_milters" to disable Milter applications
(this option is available only in Postfix 2.3 and later). </p>
- <li> <p> We don't specify "no_address_mapping" here. This
+ <li> <p> We don't specify "no_address_mappings" here. This
enables virtual alias expansion, canonical mappings, address
masquerading, and other address mappings after the content
filter. The main.cf setting of "receive_override_options"
</blockquote>
<li> <p> Execute "<b>postsuper -r ALL</b>" to remove content
-filter information from existing queue files. </p>
+filter request records from existing queue files. </p>
<li> <p> Execute another "<b>postfix reload</b>". </p>
</blockquote>
<p> Note: if the desired member object result attribute is always also
-present in the group, you get suprising results, the expansion also
+present in the group, you get surprising results, the expansion also
returns the address of the group. This is a known limitation of Postfix
releases prior to 2.4, and is addressed in the new with Postfix 2.4
"leaf_result_attribute" feature described in ldap_table(5). </p>
+++ /dev/null
-See the files in auxiliary/MacOSX for hints and tips to set up
-Postfix.
<p> The reason for adding Milter support to Postfix is that there
exists a large collection of applications, not only to block unwanted
mail, but also to verify authenticity (examples: <a
+href="http://sourceforge.net/projects/dkim-milter/">Domain keys
+identified mail</a>, <a
href="http://sourceforge.net/projects/sid-milter/">SenderID+SPF</a> and
<a href="http://sourceforge.net/projects/dk-milter/">Domain keys</a>)
-or to digitally sign mail (example: <a
+or to digitally sign mail (examples: <a
+href="http://sourceforge.net/projects/dkim-milter/">Domain keys
+identified mail</a>, <a
href="http://sourceforge.net/projects/dk-milter/">Domain keys</a>).
Having yet another Postfix-specific version of all that software
is a poor use of human and system resources. </p>
<p> On some Linux and *BSD distributions, the Sendmail libmilter
library is installed by default. With this, applications such as
-<a href="http://sourceforge.net/projects/dk-milter/">dk-milter</a>
+<a href="http://sourceforge.net/projects/dkim-milter/">dkim-milter</a>
and <a href="http://sourceforge.net/projects/sid-milter/">sid-milter</a>
build out of the box without requiring any tinkering:</p>
<blockquote>
<pre>
-$ <b>gzcat dk-milter-<i>x.y.z</i>.tar.gz | tar xf -</b>
-$ <b>cd dk-milter-<i>x.y.z</i></b>
+$ <b>gzcat dkim-milter-<i>x.y.z</i>.tar.gz | tar xf -</b>
+$ <b>cd dkim-milter-<i>x.y.z</i></b>
$ <b>make</b>
[...<i>lots of output omitted</i>...]
</pre>
<blockquote>
<pre>
-# <b>/some/where/dk-filter -u <i>userid</i> -p inet:<i>portnumber</i>@localhost ...<i>other options</i>...</b>
+# <b>/some/where/dkim-filter -u <i>userid</i> -p inet:<i>portnumber</i>@localhost ...<i>other options</i>...</b>
</pre>
</blockquote>
</pre>
</blockquote>
-<p> This happens because some Milter applications expect that the
+<p> This happens because those Milter applications expect that the
queue ID is known <i>before</i> the MTA accepts the MAIL FROM
(sender) command. Postfix, on the other hand, does not choose a
queue file name until <i>after</i> it accepts the first valid RCPT
-TO (recipient) command. Postfix queue file names must be unique
+TO (recipient) command (Postfix queue file names must be unique
across multiple directories, so the name can't be chosen before the
-file is created. If multiple messages were to use the same queue
-ID <i>simultaneously</i>, mail would be lost. </p>
+file is created; if multiple messages were to use the same queue
+ID <i>simultaneously</i>, mail would be lost). </p>
-<p> To work around the ugly message header from Milter applications,
-we add a little code to the Milter source to look up the queue ID
-after Postfix receives the end of the message. </p>
+</ul>
+
+<p> Fixing the ugly header maybe as simple as upgrading to a recent
+version of the Milter application. For example, current versions
+of dkim-filter and dk-filter have code that looks up the Postfix
+queue ID at a later protocol stage. </p>
+
+<p> To fix the ugly message header with sid-filter applications,
+we change the source code, so that it does the queue ID lookup after
+Postfix receives the end of the message. </p>
<ul>
-<li> <p> Edit the filter source file (typically named
-<tt>dk-filter/dk-filter.c</tt> or similar). </p>
+<li> <p> Edit the filter source file (named
+<tt>sid-filter/sid-filter.c</tt>). </p>
+
+<li> <p> Look up the <tt>smfilter</tt> table and replace
+<tt>mlfi_eoh</tt> by <tt>NULL</tt>.
+</p>
<li> <p> Look up the <tt>mlfi_eom()</tt> function and add code near
-the top shown as <b>bold</b> text below: </p>
+the top that calls <tt>mlfi_eoh()</tt> as shown by the <b>bold</b>
+text below: </p>
</ul>
<blockquote>
<pre>
-dfc = cc->cctx_msg;
-assert(dfc != NULL);
+ assert(ctx != NULL);
+#endif /* !DEBUG */
<b>
-/* Determine the job ID for logging. */
-if (dfc->mctx_jobid == 0 || strcmp(dfc->mctx_jobid, JOBIDUNKNOWN) == 0) {
- char *jobid = smfi_getsymval(ctx, "i");
- if (jobid != 0)
- dfc->mctx_jobid = jobid;
-}</b>
-
-/* get hostname; used in the X header and in new MIME boundaries */
+ ret = mlfi_eoh(ctx);
+ if (ret != SMFIS_CONTINUE)
+ return ret;</b>
</pre>
</blockquote>
<ul>
-<li> <p> Different mail filters use slightly different names for
-variables. If the above code does not compile, look for the code
-at the start of the <tt>mlfi_eoh()</tt> routine. </p>
+<li> <p> This was tested with sid-milter-0.2.10 and sid-milter-0.2.14. </p>
<li> <p> This fixes only the ugly message header, but not the WARNING
-message. Fortunately, dk-filter logs that message only once. </p>
+message. Fortunately, sid-milter logs that message only once. </p>
</ul>
-<p> With some Milter applications we can fix both the WARNING and
-the "unknown-msgid" by postponing the call of <tt>mlfi_eoh()</tt>
-(or whatever routine logs the WARNING) until the end of the message.
-</p>
+<p> To fix the ugly message header with other Milter applications,
+you will need to do something like this: </p>
<ul>
<li> <p> Edit the filter source file (typically named
-<tt>sid-filter/sid-filter.c</tt> or similar). </p>
-
-<li> <p> Look up the <tt>smfilter</tt> table and replace
-<tt>mlfi_eoh</tt> (or whatever routine logs the WARNING) by NULL.
-</p>
+<tt>xxx-filter/xxx-filter.c</tt> or similar). </p>
<li> <p> Look up the <tt>mlfi_eom()</tt> function and add code near
-the top that calls <tt>mlfi_eoh()</tt> as shown by the <b>bold</b>
-text below: </p>
+the top shown as <b>bold</b> text below: </p>
</ul>
<blockquote>
<pre>
- assert(ctx != NULL);
-#endif /* !DEBUG */
+dfc = cc->cctx_msg;
+assert(dfc != NULL);
<b>
- ret = mlfi_eoh(ctx);
- if (ret != SMFIS_CONTINUE)
- return ret;</b>
+/* Determine the job ID for logging. */
+if (dfc->mctx_jobid == 0 || strcmp(dfc->mctx_jobid, JOBIDUNKNOWN) == 0) {
+ char *jobid = smfi_getsymval(ctx, "i");
+ if (jobid != 0)
+ dfc->mctx_jobid = jobid;
+}</b>
+
+/* get hostname; used in the X header and in new MIME boundaries */
</pre>
</blockquote>
-<p> This works with sid-milter-0.2.10. Other Milter applications
-will dump core when you do this. </p>
+<p> NOTES: </p>
+
+<ul>
+
+<li> <p> Different mail filters use slightly different names for
+variables. If the above code does not compile, look for the code
+at the start of the <tt>mlfi_eoh()</tt> routine. </p>
+
+<li> <p> This fixes only the ugly message header, but not the WARNING
+message. Fortunately, many Milters log that message only once. </p>
</ul>
../html/CDB_README.html \
../html/CONNECTION_CACHE_README.html \
../html/CONTENT_INSPECTION_README.html \
- ../html/CYRUS_README.html \
../html/DATABASE_README.html ../html/DB_README.html \
../html/DEBUG_README.html \
../html/DSN_README.html \
../html/STANDARD_CONFIGURATION_README.html \
../html/TLS_README.html ../html/TLS_LEGACY_README.html \
../html/TUNING_README.html \
- ../html/UUCP_README.html ../html/ULTRIX_README.html \
+ ../html/UUCP_README.html \
../html/VERP_README.html ../html/VIRTUAL_README.html \
../html/XCLIENT_README.html ../html/XFORWARD_README.html \
../html/postconf.5.html
../README_FILES/CDB_README \
../README_FILES/CONNECTION_CACHE_README \
../README_FILES/CONTENT_INSPECTION_README \
- ../README_FILES/CYRUS_README \
../README_FILES/DATABASE_README ../README_FILES/DB_README \
../README_FILES/DEBUG_README \
../README_FILES/DSN_README \
../README_FILES/STANDARD_CONFIGURATION_README \
../README_FILES/TLS_README ../README_FILES/TLS_LEGACY_README \
../README_FILES/TUNING_README \
- ../README_FILES/UUCP_README ../README_FILES/ULTRIX_README \
+ ../README_FILES/UUCP_README \
../README_FILES/VERP_README ../README_FILES/VIRTUAL_README \
../README_FILES/XCLIENT_README ../README_FILES/XFORWARD_README \
../README_FILES/AAAREADME
file</h2>
<p> The installed main.cf file must be small. PLEASE resist the
-temptation to list all 400+ parameters in the main.cf file. Postfix
-is supposed to be easy to configure. Listing all 400+ in main.cf
+temptation to list all parameters in the main.cf file. Postfix
+is supposed to be easy to configure. Listing all parameters in main.cf
defeats the purpose. It is an invitation for hobbyists to make
random changes without understanding what they do, and gets them
into endless trouble. </p>
These attributes are empty in case of no certificate authentication.
As of Postfix 2.2.11 these attribute values are encoded as
xtext: some characters are represented by +XX, where XX is the
- two-digit hecadecimal representation of the character value.
+ two-digit hexadecimal representation of the character value.
</p>
<li> <p> The "encryption_*" attributes (Postfix 2.3 and later)
<h2><a name="conn_limit">Measures against clients that make too many connections</a></h2>
-<p> Note: the anvil(8) service was introduced with Postfix version
-2.2. </p>
+<p> Note: these features use the Postfix anvil(8) service, introduced
+with Postfix version 2.2. </p>
<p> The Postfix smtpd(8) server can limit the number of simultaneous
connections from the same SMTP client, as well as the number of
These statistics are maintained by the anvil(8) server (translation:
if anvil(8) breaks, then connection limits stop working). </p>
-<p> IMPORTANT: These limits are designed to protect the smtpd(8) server
-against flagrant abuse. Do not use these limits to regulate legitimate
-traffic: mail will suffer grotesque delays if you do so. </p>
+<p> IMPORTANT: These limits must not be used to regulate legitimate
+traffic: mail will suffer grotesque delays if you do so. The limits
+are designed to protect the smtpd(8) server against abuse by
+out-of-control clients. </p>
-<ul>
+<blockquote>
-<li> <p> An SMTP client may make up to $smtpd_client_connection_count_limit
-simultaneous connections (default: 50). This is half the default
-process limit. </p>
+<dl>
-<li> <p> An SMTP client may make up to $smtpd_client_message_rate_limit
-message delivery requests per unit time (default: no limit). </p>
+<dt> smtpd_client_connection_count_limit (default: 50) </dt> <dd>
+The maximum number of connections than an SMTP client may make
+simultaneously. </dd>
-<li> <p> An SMTP client may send up to $smtpd_client_recipient_rate_limit
-recipient addresses per unit time (default: no limit). </p>
+<dt> smtpd_client_connection_rate_limit (default: no limit) </dt>
+<dd> The maximum number of connections that an SMTP client may make
+in the time interval specified with anvil_rate_time_unit (default:
+60s). </dd>
-<li> <p> An SMTP client may make up to $smtpd_client_connection_rate_limit
-connections per unit time (default: no limit). </p>
+<dt> smtpd_client_message_rate_limit (default: no limit) </dt> <dd>
+The maximum number of message delivery requests that an SMTP client
+may make in the time interval specified with anvil_rate_time_unit
+(default: 60s). </dd>
-<li> <p> These limits are not applied to SMTP clients in the networks
-specified with $smtpd_client_event_limit_exceptions (default:
-clients in $mynetworks may make an unlimited number of connections).
+<dt> smtpd_client_recipient_rate_limit (default: no limit) </dt>
+<dd> The maximum number of recipient addresses that an SMTP client
+may specify in the time interval specified with anvil_rate_time_unit
+(default: 60s). </dd>
-<li> <p> The anvil_rate_time_unit parameter specifies the time
-unit over which client connection rates are computed (default:
-60s).
+<dt> smtpd_client_new_tls_session_rate_limit (default: no limit)
+</dt> <dd> The maximum number of new TLS sessions (without using
+the TLS session cache) that an SMTP client may negotiate in the
+time interval specified with anvil_rate_time_unit (default: 60s).
+</dd>
-</ul>
+<dt> smtpd_client_event_limit_exceptions (default: $mynetworks)
+</dt> <dd> SMTP clients that are excluded from connection and rate
+limits specified above. </dd>
+
+</dl>
+
+</blockquote>
<h2><a name="mailing_tips">General mail delivery performance tips</a></h2>
to the same recipient: if the recipient has an expensive shell
command in her .forward file, or if the recipient is a mailing list
manager, you don't want to run too many instances of those processes
-the same time. </p>
+at the same time. </p>
<li> <p> The default smtp_destination_concurrency_limit of 20 seems
enough to noticeably load a system without bringing it to its knees.
<dl>
-<dt> queue_run_delay (default: 1000 seconds) </dt> <dd> How often
+<dt> queue_run_delay (default: 300 seconds; before Postfix 2.4:
+1000s) </dt> <dd> How often
the queue manager scans the queue for deferred mail. </dd>
-<dt> minimal_backoff_time (default: 1000 seconds) </dt> <dd> The
+<dt> minimal_backoff_time (default: 300 seconds; before Postfix
+2.4: 1000s) </dt> <dd> The
minimal amount of time a message won't be looked at, and the minimal
amount of time to stay away from a "dead" destination. </dd>
always better than increasing the frequency of delivery attempts.
However, if you can control only the delivery attempt frequency,
consider using a dedicated fallback_relay "graveyard" machine for
-bad destinations so that they do not ruin the performance of normal
+bad destinations, so that these destinations do not ruin the
+performance of normal
mail deliveries. </p>
<h2><a name="proc_limit">Tuning the number of Postfix processes</a></h2>
<ul>
+<li> <p> Depending on your Postfix and operating system versions
+you may need to recompile Postfix if you need more than 1024 file
+descriptors per process: </p>
+
+<ul> <li> <p> No recompilation is needed for Postfix version 2.4
+and later, when it was compiled for systems that support BSD kqueue(2)
+(FreeBSD 4.1, NetBSD 2.0, OpenBSD 2.9), Solaris 8 /dev/poll, or
+Linux 2.6 epoll(4). </p>
+
+<li> <p> Otherwise, Postfix needs to be recompiled to override the
+default FD_SETSIZE value. </p>
+
+</ul>
+
<li> <p> Reduce the number of processes as described under "<a
href="#proc_limit">Tuning the number of Postfix processes</a>" above.
Fewer processes need fewer open files and sockets. </p>
<ul>
<li> <p> Some FreeBSD kernel parameters can be specified in
-/boot/loader.conf, and some can be changed with sysctl commands.
+/boot/loader.conf, and some can be specified in /etc/sysctl.conf
+or changed with sysctl commands.
Which is which depends on the version.
</p>
</pre>
<li> <p> Linux kernel parameters can be specified in /etc/sysctl.conf
-and can also be changed with sysctl commands: </p>
+or changed with sysctl commands: </p>
<pre>
fs.file-max=16384
<li> <p> Solaris kernel parameters can be specified in /etc/system,
as described in the <a
-href="http://www.science.uva.nl/pub/solaris/solaris2.html#q3.46">Solaris
+href="http://www.science.uva.nl/pub/solaris/solaris2.html#q3.48">Solaris
FAQ</a> entry titled "How can I increase the number of file
descriptors per process?" </p>
+++ /dev/null
-<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
- "http://www.w3.org/TR/html4/loose.dtd">
-
-<html>
-
-<head>
-
-<title>Postfix and Ultrix </title>
-
-<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
-
-</head>
-
-<body>
-
-<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix and Ultrix </h1>
-
-<hr>
-
-<h2> Postfix on Ultrix </h2>
-
-<p> This document is probably only of historical value, because
-Ultrix version 4 dates from the early 1990s. However, as long as
-Wietse keeps Postfix alive for SunOS 4, it is likely to run on
-Ultrix 4 with very little change. Feedback is welcome if anyone
-actually still uses Postfix on any version of Ultrix. </p>
-
-<p> The source of this document is an email message by Christian von Roques
-that was sent on Jun 2, 1999. </p>
-
-<blockquote>
-
-<p> I've upgraded the MTA of our DECstation-3100 running Ultrix4.3a to
-postfix-19990317-pl05 and am sending you the patches I needed to get
-it running under Ultrix. </p>
-
-<p> . . . </p>
-
-<p> One of the bugs of Ultrix's /bin/sh is that shell-variables
-set in arguments of `:' expand to garbage if expanded in here-documents.
-Using a different shell helps. I needed to replace all calls of
-``sh .../makedefs'' by ``$(SHELL) .../makedefs'' in all the
-Makefile.in and am now able to use ``make SHELL=/bin/sh5'' or zsh.
-
-<p> . . . </p>
-
-<p> Ultrix's FD_SET_SIZE is 4096, but getdtablesize()
-returns 64 by default, if not increased when building a new
-kernel. getrlimit() doesn't know RLIMIT_NOFILE. This makes
-event_init() always log the warning: `could allocate space for
-only 64 open files'. </p>
-
-<p> I just reduced the threshold from 256 to 64, but this is not good.
-The initial problem still remains: How to disable this warning on
-Ultrix without making the source ugly? </p>
-
-</blockquote>
-
-<p> To work around the first problem, all the Makefile.in files
-have been updated to use `$(SHELL)' instead of `sh'. So you only
-need to supply a non-default shell in order to eliminate Ultrix
-shell trouble. </p>
-
-<p> To work around the latter, util/sys_defs.h was updated for
-Ultrix, with a default FD_SETSIZE of 100. This should be sufficient
-for a workstation. Even in 1999, no-one would run a major mail hub
-on Ultrix 4. </p>
-
-</body>
-
-</html>
#
# \fBpostmap -q - /etc/postfix/access <\fIinputfile\fR
# DESCRIPTION
-# The Postfix SMTP server supports access control on remote
-# SMTP client information: host names, network addresses, and
-# envelope sender
-# or recipient addresses. See \fBheader_checks\fR(5) or
+# This document describes access control on remote SMTP client
+# information: host names, network addresses, and envelope
+# sender or recipient addresses; it is implemented by the
+# Postfix SMTP server. See \fBheader_checks\fR(5) or
# \fBbody_checks\fR(5) for access control on the content of
# email messages.
#
# More information
# about external content filters is in the Postfix FILTER_README file.
# .sp
-# Note: this action overrides the \fBmain.cf content_filter\fR setting,
+# Note: this action overrides the \fBcontent_filter\fR setting,
# and currently affects all recipients of the message.
# .sp
# This feature is available in Postfix 2.0 and later.
# NAME
# header_checks 5
# SUMMARY
-# Postfix built-in header/body inspection
+# Postfix built-in content inspection
# SYNOPSIS
# \fBheader_checks = pcre:/etc/postfix/header_checks\fR
# .br
# .br
# \fBpostmap -fq - pcre:/etc/postfix/\fIfilename\fR <\fIinputfile\fR
# DESCRIPTION
-# The Postfix \fBcleanup\fR(8) server supports access control
-# on the content of message headers and message body lines.
+# This document describes access control on the content of
+# message headers and message body lines; it is implemented
+# by the Postfix cleanup(8) server before mail is queued.
# See \fBaccess\fR(5) for access control on remote SMTP client
# information.
#
# .IP "\fBif /\fIpattern\fB/\fIflags\fR"
# .IP "\fBendif\fR"
# Match the input string against the patterns between \fBif\fR
-# and \fBendif\fR, if and only if the input string also matches
-# \fIpattern\fR. The \fBif\fR..\fBendif\fR can nest.
+# and \fBendif\fR, if and only if the same input string also
+# matches \fIpattern\fR. The \fBif\fR..\fBendif\fR can nest.
# .sp
# Note: do not prepend whitespace to patterns inside
# \fBif\fR..\fBendif\fR.
# .IP "\fBif !/\fIpattern\fB/\fIflags\fR"
# .IP "\fBendif\fR"
# Match the input string against the patterns between \fBif\fR
-# and \fBendif\fR, if and only if the input string does \fBnot\fR
-# match \fIpattern\fR. The \fBif\fR..\fBendif\fR can nest.
+# and \fBendif\fR, if and only if the same input string does
+# \fBnot\fR match \fIpattern\fR. The \fBif\fR..\fBendif\fR
+# can nest.
# .IP "blank lines and comments"
# Empty lines and whitespace-only lines are ignored, as
# are lines whose first non-whitespace character is a `#'.
# .sp
# This feature is available in Postfix 2.1 and later.
# .IP "\fBFILTER \fItransport:destination\fR"
-# Write a content filter request to the queue file and
+# Write a content filter request to the queue file, and
# inspect the next input line.
# After the complete message is received it will be sent through
# the specified external content filter. More information about
# external content filters is in the Postfix FILTER_README file.
# .sp
-# Note: this action overrides the \fBmain.cf content_filter\fR setting,
+# Note: this action overrides the \fBcontent_filter\fR setting,
# and affects all recipients of the message. In the case that multiple
# \fBFILTER\fR actions fire, only the last one is executed.
# .sp
# .sp
# This feature is available in Postfix 2.0 and later.
# .IP \fBIGNORE\fR
-# Delete the current line from the input and inspect
+# Delete the current line from the input, and inspect
# the next input line.
# .IP "\fBPREPEND \fItext...\fR"
-# Prepend one line with the specified text and inspect the next
+# Prepend one line with the specified text, and inspect the next
# input line.
# .sp
# Notes:
# .IP
# This feature is available in Postfix 2.1 and later.
# .IP "\fBREDIRECT \fIuser@domain\fR"
-# Write a message redirection request to the queue file and
+# Write a message redirection request to the queue file, and
# inspect the next input line. After the message is queued,
# it will be sent to the specified address instead of the
# intended recipient(s).
# .sp
# This feature is available in Postfix 2.1 and later.
# .IP "\fBREPLACE \fItext...\fR"
-# Replace the current line with the specified text and inspect the next
+# Replace the current line with the specified text, and inspect the next
# input line.
# .sp
# This feature is available in Postfix 2.2 and later. The
# "5.7.1".
# .IP "\fBWARN \fIoptional text...\fR
# Log a warning with the \fIoptional text...\fR (or log a
-# generic message) and inspect the next input line. This
+# generic message), and inspect the next input line. This
# action is useful for debugging and for testing a pattern
# before applying more drastic actions.
# BUGS
# Many people overlook the main limitations of header and body_checks
-# rules. These rules operate on one logical message header or one body
-# line at a time, and a decision made for one line is not carried over
-# to the next line. If text in the message body is encoded
+# rules.
+# .IP \(bu
+# These rules operate on one logical message header or one body
+# line at a time. A decision made for one line is not carried over
+# to the next line.
+# .IP \(bu
+# If text in the message body is encoded
# (RFC 2045) then the rules have to specified for the encoded
-# form. Likewise, when message headers are encoded (RFC
+# form.
+# .IP \(bu
+# Likewise, when message headers are encoded (RFC
# 2047) then the rules need to be specified for the encoded
# form.
-#
+# .PP
# Message headers added by the \fBcleanup\fR(8) daemon itself
# are excluded from inspection. Examples of such message headers
# are \fBFrom:\fR, \fBTo:\fR, \fBMessage-ID:\fR, \fBDate:\fR.
# .ti +4
# terminal_result_attribute = maildrop
#
-# This feature is available with Postfix >= 2.4.
+# This feature is available with Postfix 2.4 or later.
# .IP "\fBleaf_result_attribute (default: empty)\fR"
# When one or more special result attributes are found in a non-terminal
# (see above) LDAP entry, leaf result attributes are excluded from the
# leaf_result_attribute = mail
# .in -4
#
-# This feature is available with Postfix >= 2.4.
+# This feature is available with Postfix 2.4 or later.
# .IP "\fBscope (default: sub)\fR"
# The LDAP search scope: \fBsub\fR, \fBbase\fR, or \fBone\fR.
# These translate into LDAP_SCOPE_SUBTREE, LDAP_SCOPE_BASE,
The maximal size in bytes of a message, including envelope information.
</p>
-%PARAM minimal_backoff_time version dependent
+%PARAM minimal_backoff_time 300s
+
+<p>
+The minimal time between attempts to deliver a deferred message;
+prior to Postfix 2.4 the default value was 1000s.
+</p>
<p>
-The minimal time between attempts to deliver a deferred message.
This parameter also limits the time an unreachable destination is
kept in the short-term, in-memory, destination status cache.
</p>
-<p> With Postfix 2.4 the default value was reduced from 1000s to
-300s. </p>
-
<p> This parameter should be set greater than or equal to
$queue_run_delay. See also $maximal_backoff_time. </p>
zero means there is no minimum required amount of free space.
</p>
-%PARAM queue_run_delay version dependent
-
-<p>
-The time between deferred queue scans by the queue manager.
-</p>
+%PARAM queue_run_delay 300s
<p>
-With Postfix 2.4 the default value was reduced from 1000s to 300s.
+The time between deferred queue scans by the queue manager;
+prior to Postfix 2.4 the default value was 1000s.
</p>
<p> This parameter should be set less than or equal to
</p>
<p>
-This feature is implemented by the anvil(8) service which is not
-part of the stable Postfix version 2.1 release.
+This feature is implemented by the anvil(8) service which is available
+in Postfix version 2.2 and later.
</p>
<p>
smtp_tls_mandatory_ciphers parameter and the optional "protocols"
keyword overrides the main.cf smtp_tls_mandatory_protocols parameter.
In the policy table, multiple protocols must be separated by colons,
-as attribute values may not contain whitespace or commas. </p>
+as attribute values may not contain whitespace or commas. </dd>
<dt><b>verify</b></dt> <dd>Mandatory TLS verification. At this security
level, DNS MX lookups are trusted to be secure enough, and the name
VSTREAM *stream;
int status;
int count = 0;
+ int request_flags;
/*
* The client and server live in separate processes that may start and
*/
VSTRING_RESET(dict_proxy->result);
VSTRING_TERMINATE(dict_proxy->result);
+ request_flags = (dict_proxy->in_flags & DICT_FLAG_RQST_MASK)
+ | (dict->flags & DICT_FLAG_RQST_MASK);
for (;;) {
stream = clnt_stream_access(proxy_stream);
errno = 0;
if (attr_print(stream, ATTR_FLAG_NONE,
ATTR_TYPE_STR, MAIL_ATTR_REQ, PROXY_REQ_LOOKUP,
ATTR_TYPE_STR, MAIL_ATTR_TABLE, dict->name,
- ATTR_TYPE_INT, MAIL_ATTR_FLAGS, dict_proxy->in_flags,
+ ATTR_TYPE_INT, MAIL_ATTR_FLAGS, request_flags,
ATTR_TYPE_STR, MAIL_ATTR_KEY, key,
ATTR_TYPE_END) != 0
|| vstream_fflush(stream)
if (msg_verbose)
msg_info("%s: table=%s flags=%s key=%s -> status=%d result=%s",
myname, dict->name,
- dict_flags_str(dict_proxy->in_flags), key,
+ dict_flags_str(request_flags), key,
status, STR(dict_proxy->result));
switch (status) {
case PROXY_STAT_BAD:
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20070320"
-#define MAIL_VERSION_NUMBER "2.4.0-RC7"
+#define MAIL_RELEASE_DATE "20070323"
+#define MAIL_VERSION_NUMBER "2.4.0-RC8"
#ifdef SNAPSHOT
# define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE
*/
if ((fp = safe_open(path, flags | O_NONBLOCK, mode, st,
chown_uid, chown_gid, why->reason)) == 0) {
+ dsb_status(why, mbox_dsn(errno, def_dsn));
if (locked & MBOX_DOT_LOCK)
dot_unlockfile(path);
- dsb_status(why, mbox_dsn(errno, def_dsn));
return (0);
}
close_on_exec(vstream_fileno(fp), CLOSE_ON_EXEC);
#define NATIVE_NEWALIAS_PATH "/usr/bin/newaliases"
#define NATIVE_COMMAND_DIR "/usr/sbin"
#define NATIVE_DAEMON_DIR "/usr/libexec/postfix"
+
+#ifndef NO_KQUEUE
+# define EVENTS_STYLE EVENTS_STYLE_KQUEUE
+# define USE_SYSV_POLL
+#endif
+
#endif
/*
projects / thirdparty / postfix.git / commitdiff
