Misc. documentation fixes by Victor Duchovni.
+20040126
+
+ Safety: handle the case that main.cf is updated while it
+ is being read. File: util/dict.c.
+
+20040127
+
+ Bugfix: missing flush_init() call. Introduced 20040105.
+ File: postqueue/postqueue.c.
+
+20040202
+
+ Bugfix: changed mis-leading warning about text>4096 characters
+ into "unexpected end-of-input". File: util/attr_scan0.c.
+
+20040204
+
+ Bugfix: don't panic on a corrupt queue file. File:
+ *qmgr/qmgr_message.c.
+
+20040205
+
+ Cleanup: sample-filter.cf is gone. Better documentation is
+ available with "man header_checks".
+
Open problems:
Low: log xdelay (esp. for SMTP and delivery to command).
# find out what lookup table types your Postfix system sup-
# ports.
#
-# The general format of a Postfix regular expression table
-# is:
+# The general format of Postfix regular expression tables is
+# given below. For a discussion of specific pattern or
+# flags syntax, see pcre_table(5) or regexp_table(5),
+# respectively.
#
# /pattern/flags action
# When pattern matches the input string, execute the
# text. A line that starts with whitespace continues
# a logical line.
#
-# For a discussion of specific pattern or flags syntax
-# details, see pcre_table(5) or regexp_table(5), respec-
-# tively.
-#
# TABLE SEARCH ORDER
# For each line of message input, the patterns are applied
# in the order as specified in the table. When a pattern is
# as DUNNO.
#
# FILTER transport:destination
-# Write a content filter request record to the queue
-# file and inspect the next input line. After the
-# complete message is received it will be sent
-# through the specified external content filter.
-# More information about external content filters is
-# in the Postfix FILTER_README file.
+# Write a content filter request to the queue file
+# and inspect the next input line. After the com-
+# plete message is received it will be sent through
+# the specified external content filter. More infor-
+# mation about external content filters is in the
+# Postfix FILTER_README file.
#
# Note: this action overrides the main.cf con-
# tent_filter setting, and affects all recipients of
# IGNORE Delete the current line from the input and inspect
# the next input line.
#
+# PREPEND text...
+# Prepend one line with the specified text and
+# inspect the next input line. The prepended line of
+# text is output before the input line that triggered
+# the PREPEND pattern.
+#
+# Note: this action cannot be used to prepend multi-
+# line text.
+#
# REDIRECT user@domain
# Write a message redirection request to the queue
# file and inspect the next input line. After the
# process a multi-line message header one line at a
# time.
#
+# EXAMPLES
+# Header pattern to block attachments with bad file name
+# extensions.
+#
+# /^content-(type|disposition):.*name[[:space:]]*=.*\.(exe|vbs)/
+# REJECT Bad attachment file name extension: $1
+#
+# Body pattern to stop a specific HTML browser vulnerability
+# exploit.
+#
+# /^<iframe src=(3D)?cid:.* height=(3D)?0 width=(3D)?0>$/
+# REJECT IFRAME vulnerability exploit
+#
# SEE ALSO
# cleanup(8) canonicalize and enqueue Postfix message
# pcre_table(5) format of PCRE tables
# headers of attached messages. With older Postfix versions, MIME and
# attached message headers were treated as body text.
#
-# For details, see the sample-filter.cf file.
+# For details, see "man header_checks".
#
#header_checks = regexp:/etc/postfix/header_checks
$sample_directory/sample-canonical.cf:f:root:-:644:o
$sample_directory/sample-compatibility.cf:f:root:-:644
$sample_directory/sample-debug.cf:f:root:-:644
-$sample_directory/sample-filter.cf:f:root:-:644
+$sample_directory/sample-filter.cf:f:root:-:644:o
$sample_directory/sample-flush.cf:f:root:-:644
$sample_directory/sample-ldap.cf:f:root:-:644
$sample_directory/sample-lmtp.cf:f:root:-:644
+++ /dev/null
-# DO NOT EDIT THIS FILE. EDIT THE MAIN.CF FILE INSTEAD. THE STUFF
-# HERE JUST SERVES AS AN EXAMPLE.
-#
-# This file contains example settings for miscellaneous Postfix
-# content filtering parameters.
-
-# The header_checks parameter specifies an optional table with patterns
-# that each logical message header is matched against, including
-# headers that span multiple physical lines. Patterns are matched
-# in the specified order, and the search stops upon the first match.
-#
-# For examples of pattern syntax see the sample-regexp-header.cf and
-# sample-pcre-header.cf files.
-#
-# When a pattern matches, what happens next depends on the associated
-# action that is specified in the right-hand side of the table:
-#
-# REJECT [optional text...]
-# Reject the entire message. The optional text is sent to the
-# originator and is logged to the maillog file.
-# DUNNO [optional text...]
-# Skip all further header patterns for this header line.
-# IGNORE [optional text...]
-# Silently discard the header line.
-# WARN [optional text...]
-# Log the message header and the optional text. This is useful
-# for testing. When the pattern is good, change the WARN into a
-# REJECT or into a DISCARD.
-# HOLD [optional text...]
-# Place the message on the hold queue. Mail on hold can be
-# inspected with the postcat command, and can be destroyed or
-# taken off hold (i.e. delivered) with the postsuper command.
-# The matched header is logged with the optional text.
-# DISCARD [optional text...]
-# Claim successful delivery and silently discard the message.
-# The matched header is logged with the optional text.
-# FILTER transport:nexthop
-# After the message is queued, send the message through
-# a content filter. This requires different cleanup servers
-# before and after the filter, with header/body checks turned
-# off in the second cleanup server. More info about content
-# filtering is in the Postfix FILTER_README file. This feature
-# overrides the main.cf content_filter setting.
-# REDIRECT user@domain
-# Send the message to the specified address instead of the
-# intended recipient(s). This feature overrides the FILTER action.
-#
-# By default, these patterns apply the primary message headers, to
-# MIME headers, and to the headers of attached messages. With older
-# Postfix versions, MIME and attached message headers were treated
-# as body text.
-#
-header_checks = regexp:/etc/postfix/header_checks
-
-# The mime_header_checks specifies an optional table with patterns
-# that each MIME header is matched against. This applies to MIME
-# related headers in message headers, and to the headers that follow
-# multipart boundary strings. Headers may span multiple physical lines.
-# Patterns are matched in the specified order, and the search stops
-# upon the first match.
-#
-# For examples of pattern syntax see the sample-regexp-header.cf and
-# sample-pcre-header files.
-#
-# Actions on the table right-hand side are the same as with header_checks.
-#
-mime_header_checks = $header_checks
-
-# The nested_header_checks specifies an optional table with patterns
-# that each attached message header is matched against (except for
-# MIME related headers). Headers may span multiple physical lines.
-# Patterns are matched in the specified order, and the search stops
-# upon the first match.
-#
-# For examples of pattern syntax see the sample-regexp-header.cf and
-# sample-pcre-header.cf files.
-#
-# When a pattern matches, what happens next depends on the associated
-# action that is specified in the right-hand side of the table:
-#
-# Actions on the table right-hand side are the same as with header_checks.
-#
-# By default, the same patterns are applied as for header_checks.
-#
-nested_header_checks = $header_checks
-
-# The body_checks parameter specifies an optional table with patterns
-# that each physical line in the message body is matched against
-# (including MIME headers inside the message body - Postfix does not
-# recognize multi-line MIME headers in the message body).
-# Lines are matched one at a time. Long lines are matched in chunks
-# of at most $line_length_limit characters. Patterns are matched in
-# the specified order, and the search stops upon the first match.
-#
-# For examples of pattern syntax see the sample-regexp-body.cf and
-# sample-pcre-body.cf files.
-#
-# Actions on the table right-hand side are the same as with header_checks.
-#
-body_checks = regexp:/etc/postfix/body_checks
-
-# The body_checks_size_limit parameter controls how much text in a
-# message body segment (or attachment, if you prefer to use that
-# term) is subjected to body_checks inspection.
-#
-# By default, only the first 50 kbytes of a message body segment are
-# inspected with body_checks patterns.
-#
-body_checks_size_limit = 51200
-
-# The receive_override_options parameter controls what input processing
-# happens before or after an external content filter.
-#
-# Specify zero or more of the following options. The options override
-# main.cf settings and are either implemented by the SMTP server, by
-# the QMQP server, or by the pickup server, or they are passed on to
-# the cleanup server.
-#
-# When the receive_override_options setting BEFORE the content filter
-# is specified in the main.cf file, specify the "AFTER content filter"
-# receive_override_options setting in master.cf (or vice versa).
-#
-# - no_unknown_recipient_checks: Do not try to reject unknown
-# recipients (SMTP server only). This is typically specified AFTER
-# an external content filter.
-#
-# - no_address_mappings: Disable canonical address mapping, virtual
-# alias map expansion, address masquerading, and automatic BCC
-# recipients. This is typically specified BEFORE an external content
-# filter.
-#
-# - no_header_body_checks: Disable header/body_checks. This is
-# typically specified AFTER an external content filter.
-#
-# receive_override_options = no_unknown_recipient_checks, no_header_body_checks
-# receive_override_options = no_address_mappings
-receive_override_options =
find out what lookup table types your Postfix system sup-
ports.
- The general format of a Postfix regular expression table
- is:
+ The general format of Postfix regular expression tables is
+ given below. For a discussion of specific pattern or
+ flags syntax, see <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a> or <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a>,
+ respectively.
<b>/</b><i>pattern</i><b>/</b><i>flags action</i>
When <i>pattern</i> matches the input string, execute the
text. A line that starts with whitespace continues
a logical line.
- For a discussion of specific pattern or flags syntax
- details, see <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a> or <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a>, respec-
- tively.
-
<b>TABLE SEARCH ORDER</b>
For each line of message input, the patterns are applied
in the order as specified in the table. When a pattern is
as <b>DUNNO</b>.
<b>FILTER</b> <i>transport:destination</i>
- Write a content filter request record to the queue
- file and inspect the next input line. After the
- complete message is received it will be sent
- through the specified external content filter.
- More information about external content filters is
- in the Postfix FILTER_README file.
+ Write a content filter request to the queue file
+ and inspect the next input line. After the com-
+ plete message is received it will be sent through
+ the specified external content filter. More infor-
+ mation about external content filters is in the
+ Postfix FILTER_README file.
Note: this action overrides the <b>main.cf con-</b>
<b>tent_filter</b> setting, and affects all recipients of
<b>IGNORE</b> Delete the current line from the input and inspect
the next input line.
+ <b>PREPEND</b> <i>text...</i>
+ Prepend one line with the specified text and
+ inspect the next input line. The prepended line of
+ text is output before the input line that triggered
+ the <b>PREPEND</b> pattern.
+
+ Note: this action cannot be used to prepend multi-
+ line text.
+
<b>REDIRECT</b> <i>user@domain</i>
Write a message redirection request to the queue
file and inspect the next input line. After the
process a multi-line message header one line at a
time.
+<b>EXAMPLES</b>
+ Header pattern to block attachments with bad file name
+ extensions.
+
+ /^content-(type|disposition):.*name[[:space:]]*=.*\.(exe|vbs)/
+ REJECT Bad attachment file name extension: $1
+
+ Body pattern to stop a specific HTML browser vulnerability
+ exploit.
+
+ /^<iframe src=(3D)?cid:.* height=(3D)?0 width=(3D)?0>$/
+ REJECT IFRAME vulnerability exploit
+
<b>SEE ALSO</b>
<a href="cleanup.8.html">cleanup(8)</a> canonicalize and enqueue Postfix message
<a href="pcre_table.5.html">pcre_table(5)</a> format of PCRE tables
-<html> <
head> </head> <body> <pre>
+<html> <body> <pre>
POSTQUEUE(1) POSTQUEUE(1)
<b>NAME</b>
postqueue - Postfix queue control
<b>SYNOPSIS</b>
- <b>postqueue</b> [<b>-c</b> <i>config_dir</i>] <b>-f</b>
- <b>postqueue</b> [<b>-c</b> <i>config_dir</i>] <b>-p</b>
- <b>postqueue</b> [<b>-c</b> <i>config_dir</i>] <b>-s</b> <i>site</i>
+ <b>postqueue</b> [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] <b>-f</b>
+ <b>postqueue</b> [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] <b>-p</b>
+ <b>postqueue</b> [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] <b>-s</b> <i>site</i>
<b>DESCRIPTION</b>
The <b>postqueue</b> program implements the Postfix user inter-
The following options are recognized:
- <b>-c</b> <i>config_dir</i>
+ <b>-c</b> <i>config</i><b>_</b><i>dir</i>
The <b>main.cf</b> configuration file is in the named
directory instead of the default configuration
directory. See also the MAIL_CONFIG environment
<b>-f</b> Flush the queue: attempt to deliver all queued
mail.
- This option implements the traditional <b>sendmail</b> <b>-q</b>
+ This option implements the traditional <b>sendmail -q</b>
command, by contacting the Postfix <a href="qmgr.8.html"><b>qmgr</b>(8)</a> daemon.
<b>-p</b> Produce a traditional sendmail-style queue listing.
A non-standard directory is allowed only if the
name is listed in the standard <b>main.cf</b> file, in the
- <b>alternate</b><i>_</i><b>config</b><i>_</i><b>directories</b> configuration parame-
+ <b>alternate_config_directories</b> configuration parame-
ter value.
Only the superuser is allowed to specify arbitrary
/var/spool/postfix, mail queue
/etc/postfix, configuration files
-<b>CONFIGURATION</b> <b>PARAMETERS</b>
- <b>import</b><i>_</i><b>environment</b>
+<b>CONFIGURATION PARAMETERS</b>
+ <b>import_environment</b>
List of names of environment parameters that can be
imported from non-Postfix processes.
- <b>queue</b><i>_</i><b>directory</b>
+ <b>queue_directory</b>
Top-level directory of the Postfix queue. This is
also the root directory of Postfix daemons that run
chrooted.
- <b>fast</b><i>_</i><b>flush</b><i>_</i><b>domains</b>
+ <b>fast_flush_domains</b>
List of domains that will receive "fast flush" ser-
vice (default: all domains that this system is
willing to relay mail to). This list specifies the
domains that Postfix accepts in the SMTP <b>ETRN</b>
- request and in the <b>sendmail</b> <b>-qR</b> command.
+ request and in the <b>sendmail -qR</b> command.
-<b>SEE</b> <b>ALSO</b>
+<b>SEE ALSO</b>
<a href="sendmail.1.html">sendmail(1)</a> sendmail-compatible user interface
<a href="postsuper.1.html">postsuper(1)</a> privileged queue operations
<a href="qmgr.8.html">qmgr(8)</a> queue manager
Use the command \fBpostconf -m\fR to find out what lookup table
types your Postfix system supports.
-The general format of a Postfix regular expression table is:
+The general format of Postfix regular expression tables is
+given below.
+For a discussion of specific pattern or flags syntax,
+see \fBpcre_table\fR(5) or \fBregexp_table\fR(5), respectively.
.IP "\fB/\fIpattern\fB/\fIflags action\fR"
When \fIpattern\fR matches the input string, execute
the corresponding \fIaction\fR. See below for a list
.IP "multi-line text"
A pattern/action line starts with non-whitespace text. A line that
starts with whitespace continues a logical line.
-.PP
-For a discussion of specific pattern or flags syntax details,
-see \fBpcre_table\fR(5) or \fBregexp_table\fR(5), respectively.
.SH TABLE SEARCH ORDER
.na
.nf
For backwards compatibility reasons, Postfix also accepts
\fBOK\fR but it is (and always has been) treated as \fBDUNNO\fR.
.IP "\fBFILTER \fItransport:destination\fR"
-Write a content filter request record to the queue file and
+Write a content filter request to the queue file and
inspect the next input line.
After the complete message is received it will be sent through
the specified external content filter. More information about
.IP \fBIGNORE\fR
Delete the current line from the input and inspect
the next input line.
+.IP "\fBPREPEND \fItext...\fR"
+Prepend one line with the specified text and inspect the next
+input line. The prepended line of text is output before the
+input line that triggered the \fBPREPEND\fR pattern.
+.sp
+Note: this action cannot be used to prepend multi-line text.
.IP "\fBREDIRECT \fIuser@domain\fR"
Write a message redirection request to the queue file and
inspect the next input line. After the message is queued,
.sp
Note: when used in this manner, \fBbody_checks\fR will process
a multi-line message header one line at a time.
+.SH EXAMPLES
+.na
+.nf
+.ad
+.fi
+Header pattern to block attachments with bad file name extensions.
+
+.na
+.nf
+/^content-(type|disposition):.*name[[:space:]]*=.*\\.(exe|vbs)/
+.ti +4
+REJECT Bad attachment file name extension: $1
+
+.ad
+.fi
+Body pattern to stop a specific HTML browser vulnerability exploit.
+
+.na
+.nf
+/^<iframe src=(3D)?cid:.* height=(3D)?0 width=(3D)?0>$/
+.ti +4
+REJECT IFRAME vulnerability exploit
.SH SEE ALSO
.na
.nf
# Use the command \fBpostconf -m\fR to find out what lookup table
# types your Postfix system supports.
#
-# The general format of a Postfix regular expression table is:
+# The general format of Postfix regular expression tables is
+# given below.
+# For a discussion of specific pattern or flags syntax,
+# see \fBpcre_table\fR(5) or \fBregexp_table\fR(5), respectively.
# .IP "\fB/\fIpattern\fB/\fIflags action\fR"
# When \fIpattern\fR matches the input string, execute
# the corresponding \fIaction\fR. See below for a list
# .IP "multi-line text"
# A pattern/action line starts with non-whitespace text. A line that
# starts with whitespace continues a logical line.
-# .PP
-# For a discussion of specific pattern or flags syntax details,
-# see \fBpcre_table\fR(5) or \fBregexp_table\fR(5), respectively.
# TABLE SEARCH ORDER
# .ad
# .fi
# For backwards compatibility reasons, Postfix also accepts
# \fBOK\fR but it is (and always has been) treated as \fBDUNNO\fR.
# .IP "\fBFILTER \fItransport:destination\fR"
-# Write a content filter request record to the queue file and
+# Write a content filter request to the queue file and
# inspect the next input line.
# After the complete message is received it will be sent through
# the specified external content filter. More information about
# .IP \fBIGNORE\fR
# Delete the current line from the input and inspect
# the next input line.
+# .IP "\fBPREPEND \fItext...\fR"
+# Prepend one line with the specified text and inspect the next
+# input line. The prepended line of text is output before the
+# input line that triggered the \fBPREPEND\fR pattern.
+# .sp
+# Note: this action cannot be used to prepend multi-line text.
# .IP "\fBREDIRECT \fIuser@domain\fR"
# Write a message redirection request to the queue file and
# inspect the next input line. After the message is queued,
# .sp
# Note: when used in this manner, \fBbody_checks\fR will process
# a multi-line message header one line at a time.
+# EXAMPLES
+# .ad
+# .fi
+# Header pattern to block attachments with bad file name extensions.
+#
+# .na
+# .nf
+# /^content-(type|disposition):.*name[[:space:]]*=.*\\.(exe|vbs)/
+# .ti +4
+# REJECT Bad attachment file name extension: $1
+#
+# .ad
+# .fi
+# Body pattern to stop a specific HTML browser vulnerability exploit.
+#
+# .na
+# .nf
+# /^<iframe src=(3D)?cid:.* height=(3D)?0 width=(3D)?0>$/
+# .ti +4
+# REJECT IFRAME vulnerability exploit
# SEE ALSO
# cleanup(8) canonicalize and enqueue Postfix message
# pcre_table(5) format of PCRE tables
* Patches change the patchlevel and the release date. Snapshots change the
* release date only, unless they include the same bugfix as a patch release.
*/
-#define MAIL_RELEASE_DATE "20040122"
+#define MAIL_RELEASE_DATE "20040205"
#define MAIL_VERSION_NUMBER "2.0.18"
#define VAR_MAIL_VERSION "mail_version"
* IPC channel, sending an empty string is more convenient than sending a
* null pointer.
*/
- if (message->errors_to == 0)
+ if (message->errors_to == 0 && message->sender)
message->errors_to = mystrdup(message->sender);
if (message->return_receipt == 0)
message->return_receipt = mystrdup("");
{
int status;
+ flush_init();
+
switch (status = flush_send(site)) {
case FLUSH_STAT_OK:
exit(0);
* IPC channel, sending an empty string is more convenient than sending a
* null pointer.
*/
- if (message->errors_to == 0)
+ if (message->errors_to == 0 && message->sender)
message->errors_to = mystrdup(message->sender);
if (message->return_receipt == 0)
message->return_receipt = mystrdup("");
dict.o: readlline.h
dict.o: mac_parse.h
dict.o: stringops.h
+dict.o: iostuff.h
dict.o: dict.h
dict.o: argv.h
dict.o: dict_ht.h
static int attr_scan0_string(VSTREAM *fp, VSTRING *plain_buf, const char *context)
{
- extern int var_line_limit; /* XXX */
- int limit = var_line_limit * 4;
int ch;
if ((ch = vstring_get_null(plain_buf, fp)) == VSTREAM_EOF) {
return (-1);
}
if (ch != 0) {
- msg_warn("string length > %d characters from %s while reading %s",
- limit, VSTREAM_PATH(fp), context);
+ msg_warn("unexpected end-of-input from %s while reading %s",
+ VSTREAM_PATH(fp), context);
return (-1);
}
if (msg_verbose)
#include <fcntl.h>
#include <ctype.h>
#include <string.h>
+#include <time.h>
/* Utility library. */
#include "readlline.h"
#include "mac_parse.h"
#include "stringops.h"
+#include "iostuff.h"
#include "dict.h"
#include "dict_ht.h"
void dict_load_file(const char *dict_name, const char *path)
{
VSTREAM *fp;
+ struct stat st;
+ time_t before;
+ time_t after;
- if ((fp = vstream_fopen(path, O_RDONLY, 0)) == 0)
- msg_fatal("open %s: %m", path);
- dict_load_fp(dict_name, fp);
- if (vstream_ferror(fp) || vstream_fclose(fp))
- msg_fatal("read %s: %m", path);
+ /*
+ * Read the file again if it is hot. This may result in reading a partial
+ * parameter name when a file changes in the middle of a read.
+ */
+ for (before = time((time_t *) 0); /* see below */ ; before = after) {
+ if ((fp = vstream_fopen(path, O_RDONLY, 0)) == 0)
+ msg_fatal("open %s: %m", path);
+ dict_load_fp(dict_name, fp);
+ if (fstat(vstream_fileno(fp), &st) < 0)
+ msg_fatal("fstat %s: %m", path);
+ if (vstream_ferror(fp) || vstream_fclose(fp))
+ msg_fatal("read %s: %m", path);
+ after = time((time_t *) 0);
+ if (st.st_mtime < before - 1 || st.st_mtime > after)
+ break;
+ if (msg_verbose)
+ msg_info("pausing to let %s cool down", path);
+ doze(300000);
+ }
}
/* dict_load_fp - read entries from open stream */
projects / thirdparty / postfix.git / commitdiff
