20030708
Hardened the attr_scan routines for exposure to an untrusted
- environment, in preparation of the tuple0 and tuple64
- protocols that will be used for SMTP policy delegation.
+ environment, in preparation for possible use with SMTP
+ policy delegation to an external server.
Feature: address filter for RBL lookups, for use with
multi-valued RBL services. File: smtpd/smtpd_check.c.
- Feature: accept_socket option to pass the spawn(8) listen
- socket to a persistent non-Postfix process. File: spawn/spawn.c.
-
20030709
Cleanup: use off_t instead of int for VSTREAM file offsets.
"check_smtpd_policy_service" in smtpd_mumble_restrictions.
See SMTPD_POLICY_SERVICE_README for details.
-
Open problems:
Low: smtp-source may block when sending large test messages.
--- /dev/null
+SMTPD POLICY DELEGATION PROTOCOL
+================================
+
+The Postfix SMTP server has a number of built-in mechanisms to
+block or accept mail at the SMTP protocol stage. Optionally, it
+can delegate policy decisions to an external server.
+
+This document describes the following:
+
+- The SMTPD policy delegation protocol.
+
+- Using the example greylist policy server.
+
+PROTOCOL DESCRIPTION
+====================
+
+The SMTPD policy delegation protocol is really simple. The client
+request is a sequence of name=value attributes separated by newline,
+and is terminated by an empty line. Here is an example of all the
+attributes that the Postfix SMTP server sends in a delegated policy
+request:
+
+ protocol_state=RCPT
+ protocol_name=SMTP
+ helo_name=some.domain.tld
+ queue_id=8045F2AB23
+ sender=foo@bar.tld
+ recipient=bar@foo.tld
+ client_address=1.2.3.4
+ client_name=another.domain.tld
+ [empty line]
+
+The order of the attributes does not matter, and the server ignores
+any attributes that it does not recognize. Protocol names are ESMTP
+or SMTP; protocol states are CONNECT, EHLO, HELO, MAIL, RCPT, or
+DATA. Other attributes speak for themselves. When the same attribute
+name is sent more than once, the server may keep the first or the
+last attribute value. An attribute name does not contain "=", null
+or newline, and an attribute value does not contain null or newline.
+
+The policy server replies in the same style, with any action that
+is allowed in a Postfix SMTPD access table. Example:
+
+ action=450 You are greylisted
+ [empty line]
+
+CLIENT SIDE CONFIGURATION
+=========================
+
+The SMTPD delegated policy client can connect to a TCP socket or
+to a UNIX-domain socket. Examples:
+
+ inet:localhost:9998
+ unix:/some/where/policy
+ unix:private/policy
+
+The first example specifies that the policy server listens on
+localhost port 9998. The second example specifies an absolute
+pathname of a UNIX-domain socket. The third example specifies a
+pathname relative to the Postfix queue directory; use this for
+policy servers that are spawned by the Postfix master daemon.
+
+To use the delegated policy service, specify "check_policy_service"
+anywhere in the list of smtpd_recipient_restrictions:
+
+/etc/postfix/main.cf:
+ smtpd_recipient_restrictions =
+ ...
+ reject_unauth_destination
+ check_policy_service unix:private/policy
+ ...
+
+NOTE: specify "check_policy_service" AFTER "reject_unauth_destination"
+or else your system could become an open relay.
+
+EXAMPLE: GREYLIST POLICY SERVER
+===============================
+
+The file examples/smtpd-policy/smtpd-policy.pl in the Postfix source
+tree implements an example greylist policy server. This server
+stores a time stamp for every (client, sender, recipient) triple.
+Mail is not accepted until a triple's time stamp is more than 3600
+seconds old. This stops junk mail with random sender addresses,
+and mail from randomly selected open proxies. It also stops junk
+mail from spammers that change IP address frequently.
+
+The example greylist policy server is a PERL script that runs under
+control by the Postfix master daemon:
+
+/etc/postfix/master.cf:
+ policy unix - n n - - spawn
+ user=nobody argv=/usr/bin/perl /usr/libexec/postfix/smtpd-policy.pl
+
+/etc/postfix/main.cf:
+ smtpd_recipient_restrictions =
+ permit_mynetworks
+ reject_unauth_destination
+ check_policy_service unix:private/policy unix:private/policy
+ ...
+
+There are other delegated policy client configuration parameters
+that control timeouts etc. but you should never have to change
+those.
+
+In the smtpd-policy.pl PERL script you need to specify the location
+of the greylist database file. DO NOT create the greylist database
+in a world-writable directory such as /tmp or /var/tmp, and DO NOT
+create the greylist database in a file system that can run out of
+space easily. If the file becomes corrupted you will not be able
+to receive mail until you delete the file by hand.
+
+When the status file exceeds some reasonable size you can simply
+delete the file without adverse effects. In the worst case, new
+mail will be delayed by one hour. To lessen the impact, delete the
+file in the middle of the night.
+
+SAMPLE POLICY ROUTINE
+=====================
+
+This is the PERL subroutine that implements the example greylist policy.
+
+#
+# greylist status database and greylist time interval. DO NOT create the
+# greylist status database in a world-writable directory such as /tmp
+# or /var/tmp. DO NOT create the greylist database in a file system
+# that can run out of space.
+#
+$database_name="/var/mta/smtpd-policy.db";
+$greylist_delay=3600;
+
+#
+# Demo policy routine. The result is an action just like it would
+# be specified on the right-hand side of a Postfix access table.
+# Request attributes are passed in via the %attr hash.
+#
+sub policy {
+ local(*attr) = @_;
+ my($key, $time_stamp, $now);
+
+ # Open the database on the fly.
+ open_database() unless $database_obj;
+
+ # Lookup the time stamp for this client/sender/recipient.
+ $key = $attr{"client_address"}."/".$attr{"sender"}."/".$attr{"recipient"};
+ $time_stamp = read_database($key);
+ $now = time();
+
+ # If new request, add this client/sender/recipient to the database.
+ if ($time_stamp == 0) {
+ $time_stamp = $now;
+ update_database($key, $time_stamp);
+ }
+
+ syslog $syslog_priority, "request age %d", $now - $time_stamp if $verbose;
+ if ($time_stamp + $greylist_delay < $now) {
+ return "ok";
+ } else {
+ return "450 request is greylisted";
+ }
+}
# greylisting. State is kept in a Berkeley DB database. Logging is
# sent to syslogd.
#
+# How it works: each time a Postfix SMTP server process is started
+# it connects to the policy service socket, and Postfix runs one
+# instance of this PERL script. By default, a Postfix SMTP server
+# process terminates after 100 seconds of idle time, or after serving
+# 100 clients. Thus, the cost of starting this PERL script is smoothed
+# out over time.
+#
# To run this from /etc/postfix/master.cf:
#
# policy unix - n n - - spawn
#
# To use this from Postfix SMTPD, use in /etc/postfix/main.cf:
#
-# smtpd_policy_service_endpoint = plain:unix:private/policy
-# smtpd_recipient_restrictions = ... check_policy_service ...
+# smtpd_recipient_restrictions =
+# ... reject_unauth_destination
+# check_policy_service unix:private/policy ...
+#
+# NOTE: specify check_policy_service AFTER reject_unauth_destination
+# or else your system can become an open relay.
+#
+# To test this script by hand, execute:
+#
+# % perl smtpd-policy.pl
+#
+# Each query is a bunch of attributes. Order does not matter, and
+# the demo script uses only a few of all the attributes shown below:
+#
+# protocol_state=RCPT
+# protocol_name=SMTP
+# helo_name=some.domain.tld
+# queue_id=8045F2AB23
+# sender=foo@bar.tld
+# recipient=bar@foo.tld
+# client_address=1.2.3.4
+# client_name=another.domain.tld
+# [empty line]
+#
+# The policy server script will answer in the same style, with an
+# attribute list followed by a empty line:
#
-# This script runs as one PERL process per SMTP server process.
-# By default, a Postfix SMTP server process terminates after 100
-# seconds of idle time, or after serving 100 clients.
+# action=ok
+# [empty line]
#
#
$greylist_delay=3600;
#
-# Syslogging options for verbose mode and for fatal errors. Comment
-# out the $syslog_socktype line if syslogging does not work.
+# Syslogging options for verbose mode and for fatal errors.
+# NOTE: comment out the $syslog_socktype line if syslogging does not
+# work on your system.
#
$syslog_socktype = 'unix'; # inet, unix, stream, console
$syslog_facility="mail";
$database_obj = tie(%db_hash, 'DB_File', $database_name,
O_CREAT|O_RDWR, 0644) ||
- fatal_exit "Cannot open database %s: %m", $database_name;
+ fatal_exit "Cannot open database %s: $!", $database_name;
$database_fd = $database_obj->fd;
open DATABASE_HANDLE, "+<&=$database_fd" ||
- fatal_exit "Cannot fdopen database %s: %m", $database_name;
+ fatal_exit "Cannot fdopen database %s: $!", $database_name;
syslog $syslog_priority, "open %s", $database_name if $verbose;
}
#
-# Read database.
+# Read database. Use a shared lock to avoid reading the database
+# while it is being changed.
#
sub read_database {
my($key) = @_;
my($value);
flock DATABASE_HANDLE, LOCK_SH ||
- fatal_exit "Can't get shared lock on %s: %m", $database_name;
+ fatal_exit "Can't get shared lock on %s: $!", $database_name;
$value = $db_hash{$key};
syslog $syslog_priority, "lookup %s: %s", $key, $value if $verbose;
flock DATABASE_HANDLE, LOCK_UN ||
- fatal_exit "Can't unlock %s: %m", $database_name;
+ fatal_exit "Can't unlock %s: $!", $database_name;
return $value;
}
#
-# Update database.
+# Update database. Use an exclusive lock to avoid collisions with
+# other updaters, and to avoid surprises in database readers.
#
sub update_database {
my($key, $value) = @_;
syslog $syslog_priority, "store %s: %s", $key, $value if $verbose;
flock DATABASE_HANDLE, LOCK_EX ||
- fatal_exit "Can't exclusively lock %s: %m", $database_name;
+ fatal_exit "Can't exclusively lock %s: $!", $database_name;
$db_hash{$key} = $value;
$database_obj->sync() &&
- fatal_exit "Can't update %s: %m", $database_name;
+ fatal_exit "Can't update %s: $!", $database_name;
flock DATABASE_HANDLE, LOCK_UN ||
- fatal_exit "Can't unlock %s: %m", $database_name;
+ fatal_exit "Can't unlock %s: $!", $database_name;
}
#
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8).
- Depending on the setting of the <b>notify</b><i>_</i><b>classes</b> parameter,
+ Depending on the setting of the <b>notify_classes</b> parameter,
the postmaster is notified of bounces, protocol problems,
policy violations, and of other trouble.
command after a configuration change.
<b>Compatibility controls</b>
- <b>strict</b><i>_</i><b>rfc821</b><i>_</i><b>envelopes</b>
+ <b>strict_rfc821_envelopes</b>
Disallow non-<a href="http://www.faqs.org/rfcs/rfc821.html">RFC 821</a> style addresses in SMTP com-
mands. For example, the RFC822-style address forms
with comments that Sendmail allows.
- <b>broken</b><i>_</i><b>sasl</b><i>_</i><b>auth</b><i>_</i><b>clients</b>
+ <b>broken_sasl_auth_clients</b>
Support older Microsoft clients that mis-implement
the AUTH protocol, and that expect an EHLO response
of "250 AUTH=list" instead of "250 AUTH list".
- <b>smtpd</b><i>_</i><b>noop</b><i>_</i><b>commands</b>
+ <b>smtpd_noop_commands</b>
List of commands that are treated as NOOP (no oper-
ation) commands, without any parameter syntax
checking and without any state change. This list
Optionally, Postfix can be configured to send new mail to
external content filter software AFTER the mail is queued.
- <b>content</b><i>_</i><b>filter</b>
+ <b>content_filter</b>
The name of a mail delivery transport that filters
mail and that either bounces mail or re-injects the
result back into Postfix. This parameter uses the
same syntax as the right-hand side of a Postfix
transport table.
- <b>receive</b><i>_</i><b>override</b><i>_</i><b>options</b>
+ <b>receive_override_options</b>
The following options override <b>main.cf</b> settings.
The options are either implemented by the SMTP
server or are passed on to the downstream cleanup
server.
- <b>no</b><i>_</i><b>unknown</b><i>_</i><b>recipient</b><i>_</i><b>checks</b>
+ <b>no_unknown_recipient_checks</b>
Do not try to reject unknown recipients.
This is typically specified with the SMTP
server <b>after</b> an external content filter.
- <b>no</b><i>_</i><b>address</b><i>_</i><b>mappings</b>
+ <b>no_address_mappings</b>
Disable canonical address mapping, virtual
alias map expansion, address masquerading,
and automatic BCC recipients. This is typi-
cally specified with the SMTP server <b>before</b>
an external content filter.
- <b>no</b><i>_</i><b>header</b><i>_</i><b>body</b><i>_</i><b>checks</b>
+ <b>no_header_body_checks</b>
Disable header/body_checks. This is typi-
cally specified with the SMTP server <b>after</b>
an external content filter.
forward all mail to a proxy server, for example a real-
time content filter, BEFORE mail is queued.
- <b>smtpd</b><i>_</i><b>proxy</b><i>_</i><b>filter</b>
+ <b>smtpd_proxy_filter</b>
The <i>host:port</i> of the SMTP proxy server. The <i>host</i> or
<i>host:</i> portion is optional.
- <b>smtpd</b><i>_</i><b>proxy</b><i>_</i><b>timeout</b>
+ <b>smtpd_proxy_timeout</b>
Timeout for connecting to, sending to and receiving
from the SMTP proxy server.
- <b>smtpd</b><i>_</i><b>proxy</b><i>_</i><b>ehlo</b>
+ <b>smtpd_proxy_ehlo</b>
The hostname to use when sending an EHLO command to
the SMTP proxy server.
<b>Authentication controls</b>
- <b>enable</b><i>_</i><b>sasl</b><i>_</i><b>authentication</b>
+ <b>enable_sasl_authentication</b>
Enable per-session authentication as per <a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a>
(SASL). This functionality is available only when
explicitly selected at program build time and
explicitly enabled at runtime.
- <b>smtpd</b><i>_</i><b>sasl</b><i>_</i><b>local</b><i>_</i><b>domain</b>
+ <b>smtpd_sasl_local_domain</b>
The name of the local authentication realm.
- <b>smtpd</b><i>_</i><b>sasl</b><i>_</i><b>security</b><i>_</i><b>options</b>
+ <b>smtpd_sasl_security_options</b>
Zero or more of the following.
<b>noplaintext</b>
<b>noanonymous</b>
Disallow anonymous logins.
- <b>smtpd</b><i>_</i><b>sender</b><i>_</i><b>login</b><i>_</i><b>maps</b>
+ <b>smtpd_sender_login_maps</b>
Maps that specify the SASL login name that owns a
MAIL FROM sender address. Used by the
- <b>reject</b><i>_</i><b>sender</b><i>_</i><b>login</b><i>_</i><b>mismatch</b> sender anti-spoofing
+ <b>reject_sender_login_mismatch</b> sender anti-spoofing
restriction.
<b>Miscellaneous</b>
- <b>authorized</b><i>_</i><b>verp</b><i>_</i><b>clients</b>
+ <b>authorized_verp_clients</b>
Hostnames, domain names and/or addresses of clients
that are authorized to use the XVERP extension.
- <b>debug</b><i>_</i><b>peer</b><i>_</i><b>level</b>
+ <b>debug_peer_level</b>
Increment in verbose logging level when a remote
- host matches a pattern in the <b>debug</b><i>_</i><b>peer</b><i>_</i><b>list</b>
+ host matches a pattern in the <b>debug_peer_list</b>
parameter.
- <b>debug</b><i>_</i><b>peer</b><i>_</i><b>list</b>
+ <b>debug_peer_list</b>
List of domain or network patterns. When a remote
host matches a pattern, increase the verbose log-
ging level by the amount specified in the
- <b>debug</b><i>_</i><b>peer</b><i>_</i><b>level</b> parameter.
+ <b>debug_peer_level</b> parameter.
- <b>default</b><i>_</i><b>verp</b><i>_</i><b>delimiters</b>
+ <b>default_verp_delimiters</b>
The default VERP delimiter characters that are used
when the XVERP command is specified without
explicit delimiters.
- <b>error</b><i>_</i><b>notice</b><i>_</i><b>recipient</b>
+ <b>error_notice_recipient</b>
Recipient of protocol/policy/resource/software
error notices.
- <b>hopcount</b><i>_</i><b>limit</b>
+ <b>hopcount_limit</b>
Limit the number of <b>Received:</b> message headers.
- <b>notify</b><i>_</i><b>classes</b>
+ <b>notify_classes</b>
List of error classes. Of special interest are:
<b>policy</b> When a client violates any policy, mail a
transcript of the entire SMTP session to the
postmaster.
- <b>smtpd</b><i>_</i><b>banner</b>
+ <b>smtpd_banner</b>
Text that follows the <b>220</b> status code in the SMTP
greeting banner.
- <b>smtpd</b><i>_</i><b>expansion</b><i>_</i><b>filter</b>
+ <b>smtpd_expansion_filter</b>
Controls what characters are allowed in $name
expansion of rbl template responses and other text.
- <b>smtpd</b><i>_</i><b>recipient</b><i>_</i><b>limit</b>
+ <b>smtpd_recipient_limit</b>
Restrict the number of recipients that the SMTP
server accepts per message delivery.
- <b>smtpd</b><i>_</i><b>timeout</b>
+ <b>smtpd_timeout</b>
Limit the time to send a server response and to
receive a client request.
- <b>soft</b><i>_</i><b>bounce</b>
+ <b>soft_bounce</b>
Change hard (5xx) reject responses into soft (4xx)
reject responses. This can be useful for testing
purposes.
- <b>verp</b><i>_</i><b>delimiter</b><i>_</i><b>filter</b>
+ <b>verp_delimiter_filter</b>
The characters that Postfix accepts as VERP delim-
iter characters.
<b>Known versus unknown recipients</b>
- <b>show</b><i>_</i><b>user</b><i>_</i><b>unknown</b><i>_</i><b>table</b><i>_</i><b>name</b>
+ <b>show_user_unknown_table_name</b>
Whether or not to reveal the table name in the
"User unknown" responses. The extra detail makes
trouble shooting easier but also reveals informa-
tion that is nobody elses business.
- <b>unknown</b><i>_</i><b>local</b><i>_</i><b>recipient</b><i>_</i><b>reject</b><i>_</i><b>code</b>
+ <b>unknown_local_recipient_reject_code</b>
The response code when a client specifies a recipi-
ent whose domain matches <b>$mydestination</b> or
- <b>$inet</b><i>_</i><b>interfaces</b>, while <b>$local</b><i>_</i><b>recipient</b><i>_</i><b>maps</b> is
+ <b>$inet_interfaces</b>, while <b>$local_recipient_maps</b> is
non-empty and does not list the recipient address
or address local-part.
- <b>unknown</b><i>_</i><b>relay</b><i>_</i><b>recipient</b><i>_</i><b>reject</b><i>_</i><b>code</b>
+ <b>unknown_relay_recipient_reject_code</b>
The response code when a client specifies a recipi-
- ent whose domain matches <b>$relay</b><i>_</i><b>domains</b>, while
- <b>$relay</b><i>_</i><b>recipient</b><i>_</i><b>maps</b> is non-empty and does not
+ ent whose domain matches <b>$relay_domains</b>, while
+ <b>$relay_recipient_maps</b> is non-empty and does not
list the recipient address.
- <b>unknown</b><i>_</i><b>virtual</b><i>_</i><b>alias</b><i>_</i><b>reject</b><i>_</i><b>code</b>
+ <b>unknown_virtual_alias_reject_code</b>
The response code when a client specifies a recipi-
- ent whose domain matches <b>$virtual</b><i>_</i><b>alias</b><i>_</i><b>domains</b>,
+ ent whose domain matches <b>$virtual_alias_domains</b>,
while the recipient is not listed in <b>$vir-</b>
- <b>tual</b><i>_</i><b>alias</b><i>_</i><b>maps</b>.
+ <b>tual_alias_maps</b>.
- <b>unknown</b><i>_</i><b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>reject</b><i>_</i><b>code</b>
+ <b>unknown_virtual_mailbox_reject_code</b>
The response code when a client specifies a recipi-
- ent whose domain matches <b>$virtual</b><i>_</i><b>mailbox</b><i>_</i><b>domains</b>,
- while the recipient is not listed in <b>$virtual</b><i>_</i><b>mail-</b>
- <b>box</b><i>_</i><b>maps</b>.
+ ent whose domain matches <b>$virtual_mailbox_domains</b>,
+ while the recipient is not listed in <b>$virtual_mail-</b>
+ <b>box_maps</b>.
<b>Resource controls</b>
- <b>line</b><i>_</i><b>length</b><i>_</i><b>limit</b>
+ <b>line_length_limit</b>
Limit the amount of memory in bytes used for the
handling of partial input lines.
- <b>message</b><i>_</i><b>size</b><i>_</i><b>limit</b>
+ <b>message_size_limit</b>
Limit the total size in bytes of a message, includ-
ing on-disk storage for envelope information.
- <b>queue</b><i>_</i><b>minfree</b>
+ <b>queue_minfree</b>
Minimal amount of free space in bytes in the queue
file system for the SMTP server to accept any mail
at all.
- <b>smtpd</b><i>_</i><b>history</b><i>_</i><b>flush</b><i>_</i><b>threshold</b>
+ <b>smtpd_history_flush_threshold</b>
Flush the command history to postmaster after
receipt of RSET etc. only if the number of history
lines exceeds the given threshold.
<b>Tarpitting</b>
- <b>smtpd</b><i>_</i><b>error</b><i>_</i><b>sleep</b><i>_</i><b>time</b>
+ <b>smtpd_error_sleep_time</b>
Time to wait in seconds before sending a 4xx or 5xx
server error response.
- <b>smtpd</b><i>_</i><b>soft</b><i>_</i><b>error</b><i>_</i><b>limit</b>
+ <b>smtpd_soft_error_limit</b>
When an SMTP client has made this number of errors,
- wait <i>error_count</i> seconds before responding to any
+ wait <i>error</i><b>_</b><i>count</i> seconds before responding to any
client request.
- <b>smtpd</b><i>_</i><b>hard</b><i>_</i><b>error</b><i>_</i><b>limit</b>
+ <b>smtpd_hard_error_limit</b>
Disconnect after a client has made this number of
errors.
- <b>smtpd</b><i>_</i><b>junk</b><i>_</i><b>command</b><i>_</i><b>limit</b>
+ <b>smtpd_junk_command_limit</b>
Limit the number of times a client can issue a junk
command such as NOOP, VRFY, ETRN or RSET in one
SMTP session before it is penalized with tarpit
delays.
<b>Delegated policy</b>
- <b>smtpd</b><i>_</i><b>policy</b><i>_</i><b>service</b><i>_</i><b>endpoint</b>
- The <i>transport</i>:<i>endpoint</i> of a server that speaks the
- delegated SMTP policy protocol. <i>transport</i> is either
- <b>inet</b> or <b>unix</b>. <i>endpoint</i> is either <i>host:port</i>, <b>pri-</b>
- <b>vate/</b><i>servicename</i> or <b>public/</b><i>servicename</i>.
-
- <b>smtpd</b><i>_</i><b>policy</b><i>_</i><b>service</b><i>_</i><b>timeout</b>
+ <b>smtpd_policy_service_timeout</b>
Time limit for connecting to, writing to and
- receiving from a delegated SMTP policy server.
+ receiving from a delegated SMTPD policy server.
- <b>smtpd</b><i>_</i><b>policy</b><i>_</i><b>service</b><i>_</i><b>max</b><i>_</i><b>idle</b>
- Time after which an unused policy service connec-
- tion is closed.
+ <b>smtpd_policy_service_max_idle</b>
+ Time after which an unused SMTPD policy service
+ connection is closed.
- <b>smtpd</b><i>_</i><b>policy</b><i>_</i><b>service</b><i>_</i><b>timeout</b>
- Time after which an active policy service connec-
- tion is closed.
+ <b>smtpd_policy_service_timeout</b>
+ Time after which an active SMTPD policy service
+ connection is closed.
<b>UCE control restrictions</b>
- <b>parent</b><i>_</i><b>domain</b><i>_</i><b>matches</b><i>_</i><b>subdomains</b>
- List of Postfix features that use <i>domain.tld</i> pat-
- terns to match <i>sub.domain.tld</i> (as opposed to
+ <b>parent_domain_matches_subdomains</b>
+ List of Postfix features that use <i>domain.tld</i> pat-
+ terns to match <i>sub.domain.tld</i> (as opposed to
requiring <i>.domain.tld</i> patterns).
- <b>smtpd</b><i>_</i><b>client</b><i>_</i><b>restrictions</b>
+ <b>smtpd_client_restrictions</b>
Restrict what clients may connect to this mail sys-
tem.
- <b>smtpd</b><i>_</i><b>helo</b><i>_</i><b>required</b>
- Require that clients introduce themselves at the
+ <b>smtpd_helo_required</b>
+ Require that clients introduce themselves at the
beginning of an SMTP session.
- <b>smtpd</b><i>_</i><b>helo</b><i>_</i><b>restrictions</b>
- Restrict what client hostnames are allowed in <b>HELO</b>
+ <b>smtpd_helo_restrictions</b>
+ Restrict what client hostnames are allowed in <b>HELO</b>
and <b>EHLO</b> commands.
- <b>smtpd</b><i>_</i><b>sender</b><i>_</i><b>restrictions</b>
- Restrict what sender addresses are allowed in <b>MAIL</b>
+ <b>smtpd_sender_restrictions</b>
+ Restrict what sender addresses are allowed in <b>MAIL</b>
<b>FROM</b> commands.
- <b>smtpd</b><i>_</i><b>recipient</b><i>_</i><b>restrictions</b>
- Restrict what recipient addresses are allowed in
+ <b>smtpd_recipient_restrictions</b>
+ Restrict what recipient addresses are allowed in
<b>RCPT TO</b> commands.
- <b>smtpd</b><i>_</i><b>etrn</b><i>_</i><b>restrictions</b>
+ <b>smtpd_etrn_restrictions</b>
Restrict what domain names can be used in <b>ETRN</b> com-
mands, and what clients may issue <b>ETRN</b> commands.
- <b>smtpd</b><i>_</i><b>data</b><i>_</i><b>restrictions</b>
- Restrictions on the <b>DATA</b> command. Currently, the
- only restriction that makes sense here is
- <b>reject</b><i>_</i><b>unauth</b><i>_</i><b>pipelining</b>.
+ <b>smtpd_data_restrictions</b>
+ Restrictions on the <b>DATA</b> command. Currently, the
+ only restriction that makes sense here is
+ <b>reject_unauth_pipelining</b>.
- <b>allow</b><i>_</i><b>untrusted</b><i>_</i><b>routing</b>
- Allow untrusted clients to specify addresses with
- sender-specified routing. Enabling this opens up
- nasty relay loopholes involving trusted backup MX
+ <b>allow_untrusted_routing</b>
+ Allow untrusted clients to specify addresses with
+ sender-specified routing. Enabling this opens up
+ nasty relay loopholes involving trusted backup MX
hosts.
- <b>smtpd</b><i>_</i><b>restriction</b><i>_</i><b>classes</b>
- Declares the name of zero or more parameters that
- contain a list of UCE restrictions. The names of
- these parameters can then be used instead of the
+ <b>smtpd_restriction_classes</b>
+ Declares the name of zero or more parameters that
+ contain a list of UCE restrictions. The names of
+ these parameters can then be used instead of the
restriction lists that they represent.
- <b>smtpd</b><i>_</i><b>null</b><i>_</i><b>access</b><i>_</i><b>lookup</b><i>_</i><b>key</b>
- The lookup key to be used in SMTPD access tables
- instead of the null sender address. A null sender
+ <b>smtpd_null_access_lookup_key</b>
+ The lookup key to be used in SMTPD access tables
+ instead of the null sender address. A null sender
address cannot be looked up.
- <b>maps</b><i>_</i><b>rbl</b><i>_</i><b>domains</b> (deprecated)
- List of DNS domains that publish the addresses of
+ <b>maps_rbl_domains</b> (deprecated)
+ List of DNS domains that publish the addresses of
blacklisted hosts. This is used with the deprecated
- <b>reject</b><i>_</i><b>maps</b><i>_</i><b>rbl</b> restriction.
+ <b>reject_maps_rbl</b> restriction.
- <b>permit</b><i>_</i><b>mx</b><i>_</i><b>backup</b><i>_</i><b>networks</b>
- Only domains whose primary MX hosts match the
- listed networks are eligible for the <b>per-</b>
- <b>mit</b><i>_</i><b>mx</b><i>_</i><b>backup</b> feature.
+ <b>permit_mx_backup_networks</b>
+ Only domains whose primary MX hosts match the
+ listed networks are eligible for the <b>per-</b>
+ <b>mit_mx_backup</b> feature.
- <b>relay</b><i>_</i><b>domains</b>
- Restrict what domains this mail system will relay
- mail to. The domains are routed to the delivery
- agent specified with the <b>relay</b><i>_</i><b>transport</b> setting.
+ <b>relay_domains</b>
+ Restrict what domains this mail system will relay
+ mail to. The domains are routed to the delivery
+ agent specified with the <b>relay_transport</b> setting.
<b>Sender/recipient address verification</b>
Address verification is implemented by sending probe email
- messages that are not actually delivered, and is enabled
- via the reject_unverified_{sender,recipient} access
- restriction. The status of verification probes is main-
+ messages that are not actually delivered, and is enabled
+ via the reject_unverified_{sender,recipient} access
+ restriction. The status of verification probes is main-
tained by the address verification service.
- <b>address</b><i>_</i><b>verify</b><i>_</i><b>poll</b><i>_</i><b>count</b>
- How many times to query the address verification
- service for completion of an address verification
- request. Specify 1 to implement a simple form of
- greylisting, that is, always defer the request for
+ <b>address_verify_poll_count</b>
+ How many times to query the address verification
+ service for completion of an address verification
+ request. Specify 1 to implement a simple form of
+ greylisting, that is, always defer the request for
a new sender or recipient address.
- <b>address</b><i>_</i><b>verify</b><i>_</i><b>poll</b><i>_</i><b>delay</b>
- Time to wait after querying the address verifica-
+ <b>address_verify_poll_delay</b>
+ Time to wait after querying the address verifica-
tion service for completion of an address verifica-
tion request.
<b>UCE control responses</b>
- <b>access</b><i>_</i><b>map</b><i>_</i><b>reject</b><i>_</i><b>code</b>
- Response code when a client violates an access
+ <b>access_map_reject_code</b>
+ Response code when a client violates an access
database restriction.
- <b>default</b><i>_</i><b>rbl</b><i>_</i><b>reply</b>
+ <b>default_rbl_reply</b>
Default template reply when a request is RBL black-
- listed. This template is used by the <b>reject</b><i>_</i><b>rbl</b><i>_</i><b>*</b>
- and <b>reject</b><i>_</i><b>rhsbl</b><i>_</i><b>*</b> restrictions. See also:
- <b>rbl</b><i>_</i><b>reply</b><i>_</i><b>maps</b> and <b>smtpd</b><i>_</i><b>expansion</b><i>_</i><b>filter</b>.
+ listed. This template is used by the <b>reject_rbl_*</b>
+ and <b>reject_rhsbl_*</b> restrictions. See also:
+ <b>rbl_reply_maps</b> and <b>smtpd_expansion_filter</b>.
- <b>defer</b><i>_</i><b>code</b>
- Response code when a client request is rejected by
+ <b>defer_code</b>
+ Response code when a client request is rejected by
the <b>defer</b> restriction.
- <b>invalid</b><i>_</i><b>hostname</b><i>_</i><b>reject</b><i>_</i><b>code</b>
- Response code when a client violates the
- <b>reject</b><i>_</i><b>invalid</b><i>_</i><b>hostname</b> restriction.
+ <b>invalid_hostname_reject_code</b>
+ Response code when a client violates the
+ <b>reject_invalid_hostname</b> restriction.
- <b>maps</b><i>_</i><b>rbl</b><i>_</i><b>reject</b><i>_</i><b>code</b>
+ <b>maps_rbl_reject_code</b>
Response code when a request is RBL blacklisted.
- <b>multi</b><i>_</i><b>recipient</b><i>_</i><b>bounce</b><i>_</i><b>reject</b><i>_</i><b>code</b>
- Response code when a multi-recipient bounce is
+ <b>multi_recipient_bounce_reject_code</b>
+ Response code when a multi-recipient bounce is
blocked.
- <b>rbl</b><i>_</i><b>reply</b><i>_</i><b>maps</b>
- Table with template responses for RBL blacklisted
- requests, indexed by RBL domain name. These tem-
- plates are used by the <b>reject</b><i>_</i><b>rbl</b><i>_</i><b>*</b> and
- <b>reject</b><i>_</i><b>rhsbl</b><i>_</i><b>*</b> restrictions. See also:
- <b>default</b><i>_</i><b>rbl</b><i>_</i><b>reply</b> and <b>smtpd</b><i>_</i><b>expansion</b><i>_</i><b>filter</b>.
+ <b>rbl_reply_maps</b>
+ Table with template responses for RBL blacklisted
+ requests, indexed by RBL domain name. These tem-
+ plates are used by the <b>reject_rbl_*</b> and
+ <b>reject_rhsbl_*</b> restrictions. See also:
+ <b>default_rbl_reply</b> and <b>smtpd_expansion_filter</b>.
- <b>reject</b><i>_</i><b>code</b>
- Response code when the client matches a <b>reject</b>
+ <b>reject_code</b>
+ Response code when the client matches a <b>reject</b>
restriction.
- <b>relay</b><i>_</i><b>domains</b><i>_</i><b>reject</b><i>_</i><b>code</b>
+ <b>relay_domains_reject_code</b>
Response code when a client attempts to violate the
mail relay policy.
- <b>unknown</b><i>_</i><b>address</b><i>_</i><b>reject</b><i>_</i><b>code</b>
- Response code when a client violates the
- <b>reject</b><i>_</i><b>unknown</b><i>_</i><b>address</b> restriction.
+ <b>unknown_address_reject_code</b>
+ Response code when a client violates the
+ <b>reject_unknown_address</b> restriction.
- <b>unknown</b><i>_</i><b>client</b><i>_</i><b>reject</b><i>_</i><b>code</b>
+ <b>unknown_client_reject_code</b>
Response code when a client without address to name
- mapping violates the <b>reject</b><i>_</i><b>unknown</b><i>_</i><b>client</b> restric-
+ mapping violates the <b>reject_unknown_client</b> restric-
tion.
- <b>unknown</b><i>_</i><b>hostname</b><i>_</i><b>reject</b><i>_</i><b>code</b>
- Response code when a client violates the
- <b>reject</b><i>_</i><b>unknown</b><i>_</i><b>hostname</b> restriction.
+ <b>unknown_hostname_reject_code</b>
+ Response code when a client violates the
+ <b>reject_unknown_hostname</b> restriction.
- <b>unverified</b><i>_</i><b>sender</b><i>_</i><b>reject</b><i>_</i><b>code</b>
- Response code when a sender address is known to be
+ <b>unverified_sender_reject_code</b>
+ Response code when a sender address is known to be
undeliverable.
- <b>unverified</b><i>_</i><b>recipient</b><i>_</i><b>reject</b><i>_</i><b>code</b>
- Response code when a recipient address is known to
+ <b>unverified_recipient_reject_code</b>
+ Response code when a recipient address is known to
be undeliverable.
<b>SEE ALSO</b>
<a href="verify.8.html">verify(8)</a> address verification service
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
.SH "Delegated policy"
.ad
.fi
-.IP \fBsmtpd_policy_service_endpoint\fR
-The \fItransport\fR:\fIendpoint\fR of a server that speaks
-the delegated SMTP policy protocol. \fItransport\fR is
-either \fBinet\fR or \fBunix\fR. \fIendpoint\fR is either
-\fIhost:port\fR, \fBprivate/\fIservicename\fR or
-\fBpublic/\fIservicename\fR.
.IP \fBsmtpd_policy_service_timeout\fR
Time limit for connecting to, writing to and receiving from
-a delegated SMTP policy server.
+a delegated SMTPD policy server.
.IP \fBsmtpd_policy_service_max_idle\fR
-Time after which an unused policy service connection is closed.
+Time after which an unused SMTPD policy service connection
+is closed.
.IP \fBsmtpd_policy_service_timeout\fR
-Time after which an active policy service connection is closed.
+Time after which an active SMTPD policy service connection
+is closed.
.SH "UCE control restrictions"
.ad
.fi
s/&/\&/g
s/</\</g
s/>/\>/g
- s;_\b\(.\);<i>\1</i>;g
+ s;_\b\([^_]\);<i>\1</i>;g
s;.\b\(.\);<b>\1</b>;g
s;</i>\( *\)<i>;\1;g
s;</b>\( *\)<b>;\1;g
/*
* SMTP server policy delegation.
*/
-#define VAR_SMTPD_POLICY_SRV "smtpd_policy_service_endpoint"
-#define DEF_SMTPD_POLICY_SRV ""
-extern char *var_smtpd_policy_srv;
-
#define VAR_SMTPD_POLICY_TMOUT "smtpd_policy_service_timeout"
#define DEF_SMTPD_POLICY_TMOUT "100s"
extern int var_smtpd_policy_tmout;
#define DEF_SMTPD_POLICY_TTL "1000s"
extern int var_smtpd_policy_ttl;
-#define CHECK_POLICY_SERVICE "check_smtpd_policy_service"
+#define CHECK_POLICY_SERVICE "check_policy_service"
/* LICENSE
/* .ad
#define MAIL_ATTR_CLIENT_ADDR "client_address" /* client address */
#define MAIL_ATTR_HELO_NAME "helo_name" /* SMTP helo name */
#define MAIL_ATTR_PROTO_NAME "protocol_name" /* SMTP/ESMTP/QMQP/... */
+#define MAIL_ATTR_PROTO_STATE "protocol_state" /* MAIL/RCPT/... */
#define MAIL_ATTR_ORIGIN "message_origin" /* hostname[address] */
#define MAIL_ATTR_ORG_NONE "unknown" /* origin unknown */
#define MAIL_ATTR_ORG_LOCAL "local" /* local submission */
* Patches change the patchlevel and the release date. Snapshots change the
* release date only, unless they include the same bugfix as a patch release.
*/
-#define MAIL_RELEASE_DATE "20030712"
+#define MAIL_RELEASE_DATE "20030714"
#define VAR_MAIL_VERSION "mail_version"
#define DEF_MAIL_VERSION "2.0.14-" MAIL_RELEASE_DATE
/* void lmtp_sasl_connect(state)
/* LMTP_STATE *state;
/*
-/* void lmtp_sasl_start(state, sasl_opts_name, sasl_opts_var)
+/* void lmtp_sasl_start(state, sasl_opts_name, sasl_opts_val)
/* LMTP_STATE *state;
/*
/* int lmtp_sasl_passwd_lookup(state)
/*
/* lmtp_sasl_start() performs per-session initialization. This
/* routine must be called once per session before doing any SASL
-/* authentication. The sasl_opts_name and sasl_opts_var parameters are
+/* authentication. The sasl_opts_name and sasl_opts_val parameters are
/* the postfix configuration parameters setting the security
/* policy of the SASL authentication.
/*
/* lmtp_sasl_start - per-session SASL initialization */
void lmtp_sasl_start(LMTP_STATE *state, const char *sasl_opts_name,
- const char *sasl_opts_var)
+ const char *sasl_opts_val)
{
static sasl_callback_t callbacks[] = {
{SASL_CB_USER, &lmtp_sasl_get_user, 0},
sec_props.max_ssf = 1; /* don't allow real SASL
* security layer */
sec_props.security_flags = name_mask(sasl_opts_name, lmtp_sasl_sec_mask,
- sasl_opts_var);
+ sasl_opts_val);
sec_props.maxbufsize = 0;
sec_props.property_names = 0;
sec_props.property_values = 0;
/* void smtp_sasl_connect(state)
/* SMTP_STATE *state;
/*
-/* void smtp_sasl_start(state, sasl_opts_name, sasl_opts_var)
+/* void smtp_sasl_start(state, sasl_opts_name, sasl_opts_val)
/* SMTP_STATE *state;
/*
/* int smtp_sasl_passwd_lookup(state)
/*
/* smtp_sasl_start() performs per-session initialization. This
/* routine must be called once per session before doing any SASL
-/* authentication. The sasl_opts_name and sasl_opts_var parameters are
+/* authentication. The sasl_opts_name and sasl_opts_val parameters are
/* the postfix configuration parameters setting the security
/* policy of the SASL authentication.
/*
/* smtp_sasl_start - per-session SASL initialization */
void smtp_sasl_start(SMTP_STATE *state, const char *sasl_opts_name,
- const char *sasl_opts_var)
+ const char *sasl_opts_val)
{
static sasl_callback_t callbacks[] = {
{SASL_CB_USER, &smtp_sasl_get_user, 0},
sec_props.max_ssf = 1; /* don't allow real SASL
* security layer */
sec_props.security_flags = name_mask(sasl_opts_name, smtp_sasl_sec_mask,
- sasl_opts_var);
+ sasl_opts_val);
sec_props.maxbufsize = 0;
sec_props.property_names = 0;
sec_props.property_values = 0;
/* without any parameter syntax checking and without any state change.
/* This list overrides built-in command definitions.
/* .SH "Content inspection controls"
-/* Optionally, Postfix can be configured to send new mail to
+/* Optionally, Postfix can be configured to send new mail to
/* external content filter software AFTER the mail is queued.
/* .IP \fBcontent_filter\fR
/* The name of a mail delivery transport that filters mail and that
/* .SH "Delegated policy"
/* .ad
/* .fi
-/* .IP \fBsmtpd_policy_service_endpoint\fR
-/* The \fItransport\fR:\fIendpoint\fR of a server that speaks
-/* the delegated SMTP policy protocol. \fItransport\fR is
-/* either \fBinet\fR or \fBunix\fR. \fIendpoint\fR is either
-/* \fIhost:port\fR, \fBprivate/\fIservicename\fR or
-/* \fBpublic/\fIservicename\fR.
/* .IP \fBsmtpd_policy_service_timeout\fR
/* Time limit for connecting to, writing to and receiving from
-/* a delegated SMTP policy server.
+/* a delegated SMTPD policy server.
/* .IP \fBsmtpd_policy_service_max_idle\fR
-/* Time after which an unused policy service connection is closed.
+/* Time after which an unused SMTPD policy service connection
+/* is closed.
/* .IP \fBsmtpd_policy_service_timeout\fR
-/* Time after which an active policy service connection is closed.
+/* Time after which an active SMTPD policy service connection
+/* is closed.
/* .SH "UCE control restrictions"
/* .ad
/* .fi
int var_smtpd_proxy_tmout;
char *var_smtpd_proxy_ehlo;
char *var_input_transp;
-char *var_smtpd_policy_srv;
int var_smtpd_policy_tmout;
int var_smtpd_policy_idle;
int var_smtpd_policy_ttl;
VAR_SMTPD_PROXY_FILT, DEF_SMTPD_PROXY_FILT, &var_smtpd_proxy_filt, 0, 0,
VAR_SMTPD_PROXY_EHLO, DEF_SMTPD_PROXY_EHLO, &var_smtpd_proxy_ehlo, 0, 0,
VAR_INPUT_TRANSP, DEF_INPUT_TRANSP, &var_input_transp, 0, 0,
- VAR_SMTPD_POLICY_SRV, DEF_SMTPD_POLICY_SRV, &var_smtpd_policy_srv, 0, 0,
0,
};
static CONFIG_RAW_TABLE raw_table[] = {
/* Reject, defer or permit the request unconditionally. This is to be used
/* at the end of a restriction list in order to make the default
/* action explicit.
-/* .IP check_policy_service
+/* .IP "check_policy_service transport:server"
/* query an external policy service with client, helo, sender, recipient
/* and queue ID attributes.
/* .IP reject_unknown_client
static ARGV *data_restrctions;
static HTABLE *smtpd_rest_classes;
+static HTABLE *policy_clnt_table;
/*
* Pre-parsed expansion filter.
*/
static int check_rcpt_maps(SMTPD_STATE *state, const char *recipient);
- /*
- * Delegated policy.
- */
-static ATTR_CLNT *policy_clnt;
-
/*
* Reject context.
*/
myfree((void *) reply);
}
+/* policy_client_register - register policy service endpoint */
+
+static void policy_client_register(const char *name)
+{
+ if (policy_clnt_table == 0)
+ policy_clnt_table = htable_create(1);
+
+ if (htable_find(policy_clnt_table, name) == 0)
+ htable_enter(policy_clnt_table, name,
+ (char *) attr_clnt_create(name,
+ var_smtpd_policy_tmout,
+ var_smtpd_policy_idle,
+ var_smtpd_policy_ttl));
+}
+
/* smtpd_check_parse - pre-parse restrictions */
static ARGV *smtpd_check_parse(const char *checks)
ARGV *argv = argv_alloc(1);
char *bp = saved_checks;
char *name;
+ char *last = 0;
/*
* Pre-parse the restriction list, and open any dictionaries that we
*/
while ((name = mystrtok(&bp, " \t\r\n,")) != 0) {
argv_add(argv, name, (char *) 0);
- if (strchr(name, ':') && dict_handle(name) == 0)
+ if (last && strcasecmp(last, CHECK_POLICY_SERVICE) == 0)
+ policy_client_register(name);
+ else if (strchr(name, ':') && dict_handle(name) == 0) {
dict_register(name, dict_open(name, O_RDONLY, DICT_FLAG_LOCK));
+ }
+ last = name;
}
argv_terminate(argv);
*/
expand_filter = vstring_alloc(10);
unescape(expand_filter, var_smtpd_exp_filter);
-
- /*
- * Delegated policy.
- */
- if (*var_smtpd_policy_srv)
- policy_clnt = attr_clnt_create(var_smtpd_policy_srv,
- var_smtpd_policy_tmout,
- var_smtpd_policy_idle,
- var_smtpd_policy_ttl);
}
/* log_whatsup - log as much context as we have */
/* check_policy_service - check delegated policy service */
-static int check_policy_service(SMTPD_STATE *state, const char *reply_name,
- const char *reply_class, const char *def_acl)
+static int check_policy_service(SMTPD_STATE *state, const char *server,
+ const char *reply_name, const char *reply_class,
+ const char *def_acl)
{
static VSTRING *action = 0;
+ ATTR_CLNT *policy_clnt;
/*
* Sanity check.
*/
- if (policy_clnt == 0) {
- msg_warn("%s is used in %s restrictions, but no service is defined",
- CHECK_POLICY_SERVICE, reply_class);
- return (SMTPD_CHECK_DUNNO);
- }
+ if (!policy_clnt_table
+ || !(policy_clnt = (ATTR_CLNT *) htable_find(policy_clnt_table, server)))
+ msg_panic("check_policy_service: no client endpoint for server %s",
+ server);
/*
* Initialize.
*/
if (action == 0)
action = vstring_alloc(10);
-
if (attr_clnt_request(policy_clnt,
ATTR_FLAG_NONE, /* Query attributes. */
- ATTR_TYPE_STR, MAIL_ATTR_CLIENT, state->namaddr,
+ ATTR_TYPE_STR, MAIL_ATTR_PROTO_STATE, state->where,
+ ATTR_TYPE_STR, MAIL_ATTR_PROTO_NAME, state->protocol,
ATTR_TYPE_STR, MAIL_ATTR_CLIENT_ADDR, state->addr,
ATTR_TYPE_STR, MAIL_ATTR_CLIENT_NAME, state->name,
ATTR_TYPE_STR, MAIL_ATTR_HELO_NAME,
* XXX This produces bogus error messages when the reply is
* malformed.
*/
- return (check_table_result(state, var_smtpd_policy_srv, STR(action),
+ return (check_table_result(state, server, STR(action),
"policy query", reply_name,
reply_class, def_acl));
}
} else if (strcasecmp(name, REJECT_UNAUTH_PIPE) == 0) {
status = reject_unauth_pipelining(state, reply_name, reply_class);
} else if (strcasecmp(name, CHECK_POLICY_SERVICE) == 0) {
- status = check_policy_service(state, reply_name,
- reply_class, def_acl);
+ if (cpp[1] == 0)
+ msg_warn("restriction %s must be followed by transport:server",
+ CHECK_POLICY_SERVICE);
+ else
+ status = check_policy_service(state, *++cpp, reply_name,
+ reply_class, def_acl);
} else if (strcasecmp(name, DEFER_IF_PERMIT) == 0) {
DEFER_IF_PERMIT2(state, MAIL_ERROR_POLICY,
"450 <%s>: %s rejected: defer_if_permit requested",
char *var_relay_rcpt_maps;
char *var_verify_sender;
char *var_smtpd_sasl_opts;
-char *var_smtpd_policy_srv;
typedef struct {
char *name;
VAR_VERIFY_SENDER, DEF_VERIFY_SENDER, &var_verify_sender,
VAR_MAIL_NAME, DEF_MAIL_NAME, &var_mail_name,
VAR_SMTPD_SASL_OPTS, DEF_SMTPD_SASL_OPTS, &var_smtpd_sasl_opts,
- VAR_SMTPD_POLICY_SRV, DEF_SMTPD_POLICY_SRV, &var_smtpd_policy_srv, 0, 0,
0,
};
/*
/* void smtpd_sasl_initialize()
/*
-/* void smtpd_sasl_connect(state, sasl_opts_name, sasl_opts_var)
+/* void smtpd_sasl_connect(state, sasl_opts_name, sasl_opts_val)
/* SMTPD_STATE *state;
/*
/* char *smtpd_sasl_authenticate(state, sasl_method, init_response)
/*
/* smtpd_sasl_connect() performs per-connection initialization.
/* This routine should be called once at the start of every
-/* connection. The sasl_opts_name and sasl_opts_var parameters
+/* connection. The sasl_opts_name and sasl_opts_val parameters
/* are the postfix configuration parameters setting the security
/* policy of the SASL authentication.
/*
/* smtpd_sasl_connect - per-connection initialization */
void smtpd_sasl_connect(SMTPD_STATE *state, const char *sasl_opts_name,
- const char *sasl_opts_var)
+ const char *sasl_opts_val)
{
#if SASL_VERSION_MAJOR < 2
unsigned sasl_mechanism_count;
sec_props.max_ssf = 1; /* don't allow real SASL
* security layer */
sec_props.security_flags = name_mask(sasl_opts_name, smtpd_sasl_mask,
- sasl_opts_var);
+ sasl_opts_val);
sec_props.maxbufsize = 0;
sec_props.property_names = 0;
sec_props.property_values = 0;
vstring vstring_vstream doze select_bug stream_test mac_expand \
watchdog unescape hex_quote name_mask rand_sleep sane_time ctable \
inet_addr_list attr_print64 attr_scan64 base64_code attr_print0 \
- attr_scan0 host_port
+ attr_scan0 host_port attr_scan_plain attr_print_plain
LIB_DIR = ../../lib
INC_DIR = ../../include
/* ATTR_CLNT *client;
/* DESCRIPTION
/* This module implements a client for a simple attribute-based
-/* protocol as described in attr_scan0(3) and attr_scan64(3).
+/* protocol as described in attr_scan_plain(3).
/*
/* attr_clnt_create() creates a client handle. The server
/* argument specifies "transport:servername" where transport is
char *endpoint;
ATTR_CLNT *client;
- if ((endpoint = split_at(transport, ':')) == 0 || *endpoint == 0)
- msg_fatal("missing attribute server endpoint: %s", service);
+ if ((endpoint = split_at(transport, ':')) == 0
+ || *endpoint == 0 || *transport == 0)
+ msg_fatal("service \"%s\" should be specified as transport:endpoint",
+ service);
if (msg_verbose)
msg_info("%s: transport=%s endpoint=%s", myname, transport, endpoint);
|| msg_verbose
|| (errno != EPIPE && errno != ENOENT && errno != ECONNRESET))
msg_warn("problem talking to server %s: %m", client->endpoint);
- if (count >= 3)
+ if (count >= 2)
return (-1);
sleep(1); /* XXX make configurable */
auto_clnt_recover(client->auto_clnt);
projects / thirdparty / postfix.git / commitdiff
