port is specified. File: smtp/smtp_addr.c.
Bugfix: restore errno after write failure in SIGCHLD handler.
- Leandro Santi. File: master/master_sig.c.
+ Leandro Santi (who got the idea from Hernan Perez Masci).
+ File: master/master_sig.c.
Bugfix: the auto_clnt module disconnected too early, causing
unnecessary work by the anvil server.
Cleanup: the LDAP client configuration parser is now shared
between the LDAP, MySQL, and PGSQL clients. Liviu Daia.
Files: global/cfgparser.[hc], global/dict_ldap.c,
- global/dict_mtsql.c, global/dict_pgsql.c and documentation.
+ global/dict_mysql.c, global/dict_pgsql.c and documentation.
Cleanup: moved "util" modules with dependencies on higher-level
"global" code from the util directory to the global directory:
util/dict_open.c, global/cfgparser.[hc], global/dict_ldap.c,
- global/dict_mtsql.c, global/dict_pgsql.c, global/mail_dict.c.
+ global/dict_mysql.c, global/dict_pgsql.c, global/mail_dict.c.
Cleanup: the new queue manager nqmgr replaces the default
queue manager qmgr, leaving behind a hard link for backwards
Cleanup: support for the non-standard Errors-To: header
is removed. File: cleanup/cleanup_message.c.
+20040121
+
+ Feature: "PREPEND headername: headervalue" action in Postfix
+ access maps, to facilitate external policy servers that
+ label mail instead of rejecting it. Files: smtpd/smtpd.c,
+ smtpd/smtpd_check.c.
+
+20040122
+
+ UNDO the 20040104 change (vstring_get() etc. return
+ VSTREAM_EOF when they terminate prematurely, instead of
+ returning the last character stored, to avoid mis-leading
+ warnings). File: global/vstring_vstream.c.
+
+ Portability: test -e is not portable. File: conf/postfix-script.
+
+ Misc. documentation fixes by Victor Duchovni.
+
Open problems:
+ Low: log xdelay (esp. for SMTP and delivery to command).
+
+ Med: smtpd_reject_unknown_sender=yes to control the egress
+ filter.
+
+ Med: cleanup_enable_errors_to=no to control errors-to
+ processing.
+
Med: silly queue file bit so that the queue manager doesn't
skip files when fast flush is requested while a queue scan
is in progress.
only a programmer can fix. Postfix cannot proceed until this is
fixed.
-"FATAL" messages are the result of mssing files, incorrect permissions,
+"FATAL" messages are the result of missing files, incorrect permissions,
incorrect configuration file settings. Postfix cannot proceed until
this is fixed.
and advanced. Both approaches filter all the mail by default.
At the end are examples that show 1) how to filter only mail from
-remote users only, 2) how to use different filters for different
+remote users, 2) how to use different filters for different
domains that you provide MX service for, and 3) how to set up
selective filtering on the basis of message envelope and/or
header/body patterns.
- Note: do not use spaces around the "=" or "," characters.
-- Note: the SMTP server must not have a smaller same process limit
- than the "filter" master.cf entry.
+- Note: the SMTP server must not have a smaller process limit than
+ the "filter" master.cf entry.
- The "-o content_filter=" overrides main.cf and requests no content
filtering for incoming mail. This is required or else mail will
date. Snapshots change only the release date, unless they include
the same bugfixes as a patch release.
+Incompatible changes with Postfix snapshot 2.0.18-2004122
+==========================================================
+
+This release undoes the snapshot 2004120 changes to the Postfix
+line reading routines. These changes caused surprises with lines
+ending in EOF.
+
+Major changes with Postfix snapshot 2.0.18-20040122
+===================================================
+
+New "PREPEND headername: headervalue" action in Postfix access maps
+that can be used by external SMTPD policy servers in order to label
+mail instead of rejecting it.
+
Incompatible changes with Postfix snapshot 2.0.17-2004120
==========================================================
#
# DEFER_IF_PERMIT optional text...
# Defer the request if some later restriction would
-# result in a PERMIT action (there is an implied PER-
-# MIT at the end of each restriction list). Reply
-# with "450 optional text... when the optional text
-# is specified, otherwise reply with a generic error
-# response message.
+# result in a an explicit or implicit PERMIT action.
+# Reply with "450 optional text... when the optional
+# text is specified, otherwise reply with a generic
+# error response message.
#
# OK Accept the address etc. that matches the pattern.
#
# all-numerical
# An all-numerical result is treated as OK. This for-
-# mat is generated by address-based relay authoriza-
+# mat is generated by address-based relay authoriza-
# tion schemes.
#
-# DUNNO Pretend that the lookup key was not found in this
-# table. This prevents Postfix from trying substrings
-# of the lookup key (such as a subdomain name, or a
-# network address subnetwork).
+# DUNNO Pretend that the lookup key was not found. This
+# prevents Postfix from trying substrings of the
+# lookup key (such as a subdomain name, or a network
+# address subnetwork).
+#
+# PREPEND headername: headervalue
+# Prepend the specified message header to the mes-
+# sage. When this action is used multiple times, the
+# first prepended header appears before the second
+# etc. prepended header.
+#
+# Note: this action does not support multi-line mes-
+# sage headers.
#
# HOLD optional text...
-# Place the message on the hold queue, where it will
-# sit until someone either deletes it or releases it
-# for delivery. Log the optional text if specified,
+# Place the message on the hold queue, where it will
+# sit until someone either deletes it or releases it
+# for delivery. Log the optional text if specified,
# otherwise log a generic message.
#
-# Mail that is placed on hold can be examined with
-# the postcat(1) command, and can be destroyed or
+# Mail that is placed on hold can be examined with
+# the postcat(1) command, and can be destroyed or
# released with the postsuper(1) command.
#
-# Note: this action currently affects all recipients
+# Note: this action currently affects all recipients
# of the message.
#
# DISCARD optional text...
-# Claim successful delivery and silently discard the
-# message. Log the optional text if specified, oth-
+# Claim successful delivery and silently discard the
+# message. Log the optional text if specified, oth-
# erwise log a generic message.
#
-# Note: this action currently affects all recipients
+# Note: this action currently affects all recipients
# of the message.
#
# FILTER transport:destination
-# After the message is queued, send the entire mes-
-# sage through a content filter. More information
-# about content filters is in the Postfix FIL-
-# TER_README file.
+# After the message is queued, send the entire mes-
+# sage through the specified external content filter.
+# More information about external content filters is
+# in the Postfix FILTER_README file.
#
-# Note: this action overrides the main.cf con-
+# Note: this action overrides the main.cf con-
# tent_filter setting, and currently affects all
# recipients of the message.
#
# REDIRECT user@domain
-# After the message is queued, send the message to
+# After the message is queued, send the message to
# the specified address instead of the intended
# recipient(s).
#
-# Note: this action overrides the FILTER action, and
+# Note: this action overrides the FILTER action, and
# currently affects all recipients of the message.
#
# restriction...
# reject_unauth_destination, and so on).
#
# REGULAR EXPRESSION TABLES
-# This section describes how the table lookups change when
+# This section describes how the table lookups change when
# the table is given in the form of regular expressions. For
-# a description of regular expression lookup table syntax,
+# a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5).
#
-# Each pattern is a regular expression that is applied to
+# Each pattern is a regular expression that is applied to
# the entire string being looked up. Depending on the appli-
-# cation, that string is an entire client hostname, an
+# cation, that string is an entire client hostname, an
# entire client IP address, or an entire mail address. Thus,
# no parent domain or parent network search is done,
-# user@domain mail addresses are not broken up into their
+# user@domain mail addresses are not broken up into their
# user@ and domain constituent parts, nor is user+foo broken
# up into user and foo.
#
-# Patterns are applied in the order as specified in the
-# table, until a pattern is found that matches the search
+# Patterns are applied in the order as specified in the
+# table, until a pattern is found that matches the search
# string.
#
-# Actions are the same as with indexed file lookups, with
-# the additional feature that parenthesized substrings from
+# Actions are the same as with indexed file lookups, with
+# the additional feature that parenthesized substrings from
# the pattern can be interpolated as $1, $2 and so on.
#
# TCP-BASED TABLES
-# This section describes how the table lookups change when
+# This section describes how the table lookups change when
# lookups are directed to a TCP-based server. For a descrip-
-# tion of the TCP client/server lookup protocol, see
+# tion of the TCP client/server lookup protocol, see
# tcp_table(5).
#
-# Each lookup operation uses the entire query string once.
-# Depending on the application, that string is an entire
+# Each lookup operation uses the entire query string once.
+# Depending on the application, that string is an entire
# client hostname, an entire client IP address, or an entire
-# mail address. Thus, no parent domain or parent network
-# search is done, user@domain mail addresses are not broken
-# up into their user@ and domain constituent parts, nor is
+# mail address. Thus, no parent domain or parent network
+# search is done, user@domain mail addresses are not broken
+# up into their user@ and domain constituent parts, nor is
# user+foo broken up into user and foo.
#
# Actions are the same as with indexed file lookups.
#
# BUGS
-# The table format does not understand quoting conventions.
+# The table format does not understand quoting conventions.
#
# SEE ALSO
# postmap(1) create lookup table
# tcp_table(5) TCP client/server table lookup protocol
#
# LICENSE
-# The Secure Mailer license must be distributed with this
+# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)
# implemented by the Postfix cleanup(8) server.
#
# Postfix header or body_checks are designed to stop a flood
-# of mail from worms and viruses. They are not meant to be a
+# of mail from worms or viruses. They are not meant to be a
# substitute for content filters that decode attachments and
# that do other sophisticated content analyses.
#
#
# nested_header_checks (default: $header_checks)
# These are applied to each message header of
-# attached email messages.
+# attached email messages (except for the MIME
+# related headers).
#
# body_checks
-# These are applied to every other line of content,
-# including multi-part message boundaries.
+# These are applied to all other content, including
+# multi-part message boundaries.
#
# Note: message headers are examined one logical header at a
-# time, even when a message header spans multiple lines.
+# time, even when a message header spans multiple lines.
# Body lines are always examined one line at a time.
#
-# REGEXP AND PCRE TABLE FORMAT
-# Header and body_checks rules are normally specified in the
-# form of regular expression lookup tables. The best perfor-
-# mance is obtained with pcre (Perl Compatible Regular
-# Expression) tables, but the slower regexp (POSIX regular
-# expressions) support is more widely available. Use the
-# command postconf -m to find out what types of lookup table
-# your Postfix system supports.
+# TABLE FORMAT
+# This document assumes that header and body_checks rules
+# are specified in the form of Postfix regular expression
+# lookup tables. Usually the best performance is obtained
+# with pcre (Perl Compatible Regular Expression) tables, but
+# the slower regexp (POSIX regular expressions) support is
+# more widely available. Use the command postconf -m to
+# find out what lookup table types your Postfix system sup-
+# ports.
#
-# The general format of a header or body_checks table is:
+# The general format of a Postfix regular expression table
+# is:
#
# /pattern/flags action
-# When pattern matches the input string, execute the
-# corresponding action. See below for a list of pos-
+# When pattern matches the input string, execute the
+# corresponding action. See below for a list of pos-
# sible actions.
#
# !/pattern/flags action
-# When pattern does not match the input string, exe-
+# When pattern does not match the input string, exe-
# cute the corresponding action.
#
# if /pattern/flags
#
# endif Match the input string against the patterns between
-# if and endif, if and only if the input string also
+# if and endif, if and only if the input string also
# matches pattern. The if..endif can nest.
#
-# Note: do not prepend whitespace to patterns inside
+# Note: do not prepend whitespace to patterns inside
# if..endif.
#
# if !/pattern/flags
#
# endif Match the input string against the patterns between
-# if and endif, if and only if the input string does
+# if and endif, if and only if the input string does
# not match pattern. The if..endif can nest.
#
# blank lines and comments
-# Empty lines and whitespace-only lines are ignored,
-# as are lines whose first non-whitespace character
+# Empty lines and whitespace-only lines are ignored,
+# as are lines whose first non-whitespace character
# is a `#'.
#
# multi-line text
-# A pattern/action line starts with non-whitespace
-# text. A line that starts with whitespace continues
+# A pattern/action line starts with non-whitespace
+# text. A line that starts with whitespace continues
# a logical line.
#
-# For a discussion of pattern syntax and flags details, see
-# regexp_table(5) or pcre_table(5), respectively.
+# For a discussion of specific pattern or flags syntax
+# details, see pcre_table(5) or regexp_table(5), respec-
+# tively.
#
# TABLE SEARCH ORDER
# For each line of message input, the patterns are applied
# body_checks inspection of the current message and
# affects all recipients.
#
-# DUNNO Pretend that the search string was not found, and
-# inspect the next input line. This action can be
-# used to shorten the table search.
+# DUNNO Pretend that the input line did not match any pat-
+# tern, and inspect the next input line. This action
+# can be used to shorten the table search.
#
# For backwards compatibility reasons, Postfix also
# accepts OK but it is (and always has been) treated
# FILTER transport:destination
# Write a content filter request record to the queue
# file and inspect the next input line. After the
-# message is queued, it will be sent through the
-# specified external content filter. More informa-
-# tion about external content filters is in the Post-
-# fix FILTER_README file.
+# complete message is received it will be sent
+# through the specified external content filter.
+# More information about external content filters is
+# in the Postfix FILTER_README file.
#
# Note: this action overrides the main.cf con-
# tent_filter setting, and affects all recipients of
# the message. In the case that multiple FILTER
-# actions fire, the only last one is executed.
+# actions fire, only the last one is executed.
#
# HOLD optional text...
# Arrange for the message to be placed on the hold
#
# Note: this action overrides the FILTER action, and
# affects all recipients of the message. If multiple
-# REDIRECT actions fire only the last one is exe-
+# REDIRECT actions fire, only the last one is exe-
# cuted.
#
# REJECT optional text...
# Log a warning with the optional text... (or log a
# generic message) and inspect the next input line.
# This action is useful for debugging and for testing
-# a pattern before taking more drastic actions.
+# a pattern before applying more drastic actions.
#
# BUGS
# Many people overlook the main limitations of header and
# body_checks rules. These rules operate on one logical
-# message header or body line at a time, and a decision made
-# for one line is not carried over to the next line.
+# message header or one body line at a time, and a decision
+# made for one line is not carried over to the next line.
+#
+# Message headers added by the cleanup(8) daemon itself are
+# excluded from inspection. Examples of such message headers
+# are From:, To:, Message-ID:, Date:.
#
# CONFIGURATION PARAMETERS
# body_checks
do
test -d $dir && find $dir -type f -print | while read path
do
- test -e /$path && {
+ test -f /$path && {
cmp -s $path /$path ||
$WARN $queue_directory/$path and /$path differ
}
<b>DEFER_IF_PERMIT</b> <i>optional text...</i>
Defer the request if some later restriction would
- result in a PERMIT action (there is an implied PER-
- MIT at the end of each restriction list). Reply
- with "<b>450</b> <i>optional text...</i> when the optional text
- is specified, otherwise reply with a generic error
- response message.
+ result in a an explicit or implicit PERMIT action.
+ Reply with "<b>450</b> <i>optional text...</i> when the optional
+ text is specified, otherwise reply with a generic
+ error response message.
<b>OK</b> Accept the address etc. that matches the pattern.
<i>all-numerical</i>
An all-numerical result is treated as OK. This for-
- mat is generated by address-based relay authoriza-
+ mat is generated by address-based relay authoriza-
tion schemes.
- <b>DUNNO</b> Pretend that the lookup key was not found in this
- table. This prevents Postfix from trying substrings
- of the lookup key (such as a subdomain name, or a
- network address subnetwork).
+ <b>DUNNO</b> Pretend that the lookup key was not found. This
+ prevents Postfix from trying substrings of the
+ lookup key (such as a subdomain name, or a network
+ address subnetwork).
+
+ <b>PREPEND</b> <i>headername: headervalue</i>
+ Prepend the specified message header to the mes-
+ sage. When this action is used multiple times, the
+ first prepended header appears before the second
+ etc. prepended header.
+
+ Note: this action does not support multi-line mes-
+ sage headers.
<b>HOLD</b> <i>optional text...</i>
- Place the message on the <b>hold</b> queue, where it will
- sit until someone either deletes it or releases it
- for delivery. Log the optional text if specified,
+ Place the message on the <b>hold</b> queue, where it will
+ sit until someone either deletes it or releases it
+ for delivery. Log the optional text if specified,
otherwise log a generic message.
- Mail that is placed on hold can be examined with
- the <a href="postcat.1.html"><b>postcat</b>(1)</a> command, and can be destroyed or
+ Mail that is placed on hold can be examined with
+ the <a href="postcat.1.html"><b>postcat</b>(1)</a> command, and can be destroyed or
released with the <a href="postsuper.1.html"><b>postsuper</b>(1)</a> command.
- Note: this action currently affects all recipients
+ Note: this action currently affects all recipients
of the message.
<b>DISCARD</b> <i>optional text...</i>
- Claim successful delivery and silently discard the
- message. Log the optional text if specified, oth-
+ Claim successful delivery and silently discard the
+ message. Log the optional text if specified, oth-
erwise log a generic message.
- Note: this action currently affects all recipients
+ Note: this action currently affects all recipients
of the message.
<b>FILTER</b> <i>transport:destination</i>
- After the message is queued, send the entire mes-
- sage through a content filter. More information
- about content filters is in the Postfix FIL-
- TER_README file.
+ After the message is queued, send the entire mes-
+ sage through the specified external content filter.
+ More information about external content filters is
+ in the Postfix FILTER_README file.
- Note: this action overrides the <b>main.cf con-</b>
+ Note: this action overrides the <b>main.cf con-</b>
<b>tent_filter</b> setting, and currently affects all
recipients of the message.
<b>REDIRECT</b> <i>user@domain</i>
- After the message is queued, send the message to
+ After the message is queued, send the message to
the specified address instead of the intended
recipient(s).
- Note: this action overrides the FILTER action, and
+ Note: this action overrides the FILTER action, and
currently affects all recipients of the message.
<i>restriction...</i>
<b>reject_unauth_destination</b>, and so on).
<b>REGULAR EXPRESSION TABLES</b>
- This section describes how the table lookups change when
+ This section describes how the table lookups change when
the table is given in the form of regular expressions. For
- a description of regular expression lookup table syntax,
+ a description of regular expression lookup table syntax,
see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
- Each pattern is a regular expression that is applied to
+ Each pattern is a regular expression that is applied to
the entire string being looked up. Depending on the appli-
- cation, that string is an entire client hostname, an
+ cation, that string is an entire client hostname, an
entire client IP address, or an entire mail address. Thus,
no parent domain or parent network search is done,
- <i>user@domain</i> mail addresses are not broken up into their
+ <i>user@domain</i> mail addresses are not broken up into their
<i>user@</i> and <i>domain</i> constituent parts, nor is <i>user+foo</i> broken
up into <i>user</i> and <i>foo</i>.
- Patterns are applied in the order as specified in the
- table, until a pattern is found that matches the search
+ Patterns are applied in the order as specified in the
+ table, until a pattern is found that matches the search
string.
- Actions are the same as with indexed file lookups, with
- the additional feature that parenthesized substrings from
+ Actions are the same as with indexed file lookups, with
+ the additional feature that parenthesized substrings from
the pattern can be interpolated as <b>$1</b>, <b>$2</b> and so on.
<b>TCP-BASED TABLES</b>
- This section describes how the table lookups change when
+ This section describes how the table lookups change when
lookups are directed to a TCP-based server. For a descrip-
- tion of the TCP client/server lookup protocol, see
+ tion of the TCP client/server lookup protocol, see
<a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>.
- Each lookup operation uses the entire query string once.
- Depending on the application, that string is an entire
+ Each lookup operation uses the entire query string once.
+ Depending on the application, that string is an entire
client hostname, an entire client IP address, or an entire
- mail address. Thus, no parent domain or parent network
- search is done, <i>user@domain</i> mail addresses are not broken
- up into their <i>user@</i> and <i>domain</i> constituent parts, nor is
+ mail address. Thus, no parent domain or parent network
+ search is done, <i>user@domain</i> mail addresses are not broken
+ up into their <i>user@</i> and <i>domain</i> constituent parts, nor is
<i>user+foo</i> broken up into <i>user</i> and <i>foo</i>.
Actions are the same as with indexed file lookups.
<b>BUGS</b>
- The table format does not understand quoting conventions.
+ The table format does not understand quoting conventions.
<b>SEE ALSO</b>
<a href="postmap.1.html">postmap(1)</a> create lookup table
<a href="tcp_table.5.html">tcp_table(5)</a> TCP client/server table lookup protocol
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
implemented by the Postfix <a href="cleanup.8.html"><b>cleanup</b>(8)</a> server.
Postfix header or body_checks are designed to stop a flood
- of mail from worms and viruses. They are not meant to be a
+ of mail from worms or viruses. They are not meant to be a
substitute for content filters that decode attachments and
that do other sophisticated content analyses.
<b>nested_header_checks</b> (default: <b>$header_checks</b>)
These are applied to each message header of
- attached email messages.
+ attached email messages (except for the MIME
+ related headers).
<b>body_checks</b>
- These are applied to every other line of content,
- including multi-part message boundaries.
+ These are applied to all other content, including
+ multi-part message boundaries.
Note: message headers are examined one logical header at a
- time, even when a message header spans multiple lines.
+ time, even when a message header spans multiple lines.
Body lines are always examined one line at a time.
-<b>REGEXP AND PCRE TABLE FORMAT</b>
- Header and body_checks rules are normally specified in the
- form of regular expression lookup tables. The best perfor-
- mance is obtained with <b>pcre</b> (Perl Compatible Regular
- Expression) tables, but the slower <b>regexp</b> (POSIX regular
- expressions) support is more widely available. Use the
- command <b>postconf -m</b> to find out what types of lookup table
- your Postfix system supports.
+<b>TABLE FORMAT</b>
+ This document assumes that header and body_checks rules
+ are specified in the form of Postfix regular expression
+ lookup tables. Usually the best performance is obtained
+ with <b>pcre</b> (Perl Compatible Regular Expression) tables, but
+ the slower <b>regexp</b> (POSIX regular expressions) support is
+ more widely available. Use the command <b>postconf -m</b> to
+ find out what lookup table types your Postfix system sup-
+ ports.
- The general format of a header or body_checks table is:
+ The general format of a Postfix regular expression table
+ is:
<b>/</b><i>pattern</i><b>/</b><i>flags action</i>
- When <i>pattern</i> matches the input string, execute the
- corresponding <i>action</i>. See below for a list of pos-
+ When <i>pattern</i> matches the input string, execute the
+ corresponding <i>action</i>. See below for a list of pos-
sible actions.
<b>!/</b><i>pattern</i><b>/</b><i>flags action</i>
- When <i>pattern</i> does <b>not</b> match the input string, exe-
+ When <i>pattern</i> does <b>not</b> match the input string, exe-
cute the corresponding <i>action</i>.
<b>if /</b><i>pattern</i><b>/</b><i>flags</i>
<b>endif</b> Match the input string against the patterns between
- <b>if</b> and <b>endif</b>, if and only if the input string also
+ <b>if</b> and <b>endif</b>, if and only if the input string also
matches <i>pattern</i>. The <b>if</b>..<b>endif</b> can nest.
- Note: do not prepend whitespace to patterns inside
+ Note: do not prepend whitespace to patterns inside
<b>if</b>..<b>endif</b>.
<b>if !/</b><i>pattern</i><b>/</b><i>flags</i>
<b>endif</b> Match the input string against the patterns between
- <b>if</b> and <b>endif</b>, if and only if the input string does
+ <b>if</b> and <b>endif</b>, if and only if the input string does
<b>not</b> match <i>pattern</i>. The <b>if</b>..<b>endif</b> can nest.
blank lines and comments
- Empty lines and whitespace-only lines are ignored,
- as are lines whose first non-whitespace character
+ Empty lines and whitespace-only lines are ignored,
+ as are lines whose first non-whitespace character
is a `#'.
multi-line text
- A pattern/action line starts with non-whitespace
- text. A line that starts with whitespace continues
+ A pattern/action line starts with non-whitespace
+ text. A line that starts with whitespace continues
a logical line.
- For a discussion of pattern syntax and flags details, see
- <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>, respectively.
+ For a discussion of specific pattern or flags syntax
+ details, see <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a> or <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a>, respec-
+ tively.
<b>TABLE SEARCH ORDER</b>
For each line of message input, the patterns are applied
body_checks inspection of the current message and
affects all recipients.
- <b>DUNNO</b> Pretend that the search string was not found, and
- inspect the next input line. This action can be
- used to shorten the table search.
+ <b>DUNNO</b> Pretend that the input line did not match any pat-
+ tern, and inspect the next input line. This action
+ can be used to shorten the table search.
For backwards compatibility reasons, Postfix also
accepts <b>OK</b> but it is (and always has been) treated
<b>FILTER</b> <i>transport:destination</i>
Write a content filter request record to the queue
file and inspect the next input line. After the
- message is queued, it will be sent through the
- specified external content filter. More informa-
- tion about external content filters is in the Post-
- fix FILTER_README file.
+ complete message is received it will be sent
+ through the specified external content filter.
+ More information about external content filters is
+ in the Postfix FILTER_README file.
Note: this action overrides the <b>main.cf con-</b>
<b>tent_filter</b> setting, and affects all recipients of
the message. In the case that multiple <b>FILTER</b>
- actions fire, the only last one is executed.
+ actions fire, only the last one is executed.
<b>HOLD</b> <i>optional text...</i>
Arrange for the message to be placed on the <b>hold</b>
Note: this action overrides the <b>FILTER</b> action, and
affects all recipients of the message. If multiple
- <b>REDIRECT</b> actions fire only the last one is exe-
+ <b>REDIRECT</b> actions fire, only the last one is exe-
cuted.
<b>REJECT</b> <i>optional text...</i>
Log a warning with the <i>optional text...</i> (or log a
generic message) and inspect the next input line.
This action is useful for debugging and for testing
- a pattern before taking more drastic actions.
+ a pattern before applying more drastic actions.
<b>BUGS</b>
Many people overlook the main limitations of header and
body_checks rules. These rules operate on one logical
- message header or body line at a time, and a decision made
- for one line is not carried over to the next line.
+ message header or one body line at a time, and a decision
+ made for one line is not carried over to the next line.
+
+ Message headers added by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon itself are
+ excluded from inspection. Examples of such message headers
+ are <b>From:</b>, <b>To:</b>, <b>Message-ID:</b>, <b>Date:</b>.
<b>CONFIGURATION PARAMETERS</b>
<b>body_checks</b>
response message.
.IP "\fBDEFER_IF_PERMIT \fIoptional text...\fR
Defer the request if some later restriction would result in a
-PERMIT action (there is an implied PERMIT at the end of each
-restriction list). Reply with "\fB450\fI optional text...\fR when the
+an explicit or implicit PERMIT action.
+Reply with "\fB450\fI optional text...\fR when the
optional text is specified, otherwise reply with a generic error
response message.
.IP \fBOK\fR
An all-numerical result is treated as OK. This format is
generated by address-based relay authorization schemes.
.IP \fBDUNNO\fR
-Pretend that the lookup key was not found in this table. This
+Pretend that the lookup key was not found. This
prevents Postfix from trying substrings of the lookup key
(such as a subdomain name, or a network address subnetwork).
+.IP "\fBPREPEND \fIheadername: headervalue\fR"
+Prepend the specified message header to the message.
+When this action is used multiple times, the first prepended
+header appears before the second etc. prepended header.
+.sp
+Note: this action does not support multi-line message headers.
.IP "\fBHOLD \fIoptional text...\fR"
Place the message on the \fBhold\fR queue, where it will sit
until someone either deletes it or releases it for delivery.
Note: this action currently affects all recipients of the message.
.IP "\fBFILTER \fItransport:destination\fR"
After the message is queued, send the entire message through
-a content filter. More information about content filters
-is in the Postfix FILTER_README file.
+the specified external content filter. More information about
+external content filters is in the Postfix FILTER_README file.
.sp
Note: this action overrides the \fBmain.cf content_filter\fR setting,
and currently affects all recipients of the message.
This feature is implemented by the Postfix \fBcleanup\fR(8) server.
Postfix header or body_checks are designed to stop a flood of mail
-from worms and viruses. They are not meant to be a substitute for
+from worms or viruses. They are not meant to be a substitute for
content filters that decode attachments and that do other
sophisticated content analyses.
.IP "\fBmime_header_checks\fR (default: \fB$header_checks\fR)"
These are applied each MIME related message header only.
.IP "\fBnested_header_checks\fR (default: \fB$header_checks\fR)"
-These are applied to each message header of attached email messages.
+These are applied to each message header of attached email
+messages (except for the MIME related headers).
.IP \fBbody_checks\fR
-These are applied to every other line of content, including multi-part
+These are applied to all other content, including multi-part
message boundaries.
.PP
Note: message headers are examined one logical header at a time,
even when a message header spans multiple lines. Body lines are
always examined one line at a time.
-.SH REGEXP AND PCRE TABLE FORMAT
+.SH TABLE FORMAT
.na
.nf
.ad
.fi
-Header and body_checks rules are normally specified in the form of
-regular expression lookup tables. The best performance is obtained
-with \fBpcre\fR (Perl Compatible Regular Expression) tables, but
-the slower \fBregexp\fR (POSIX regular expressions) support is
-more widely available. Use the command \fBpostconf -m\fR to find
-out what types of lookup table your Postfix system supports.
+This document assumes that header and body_checks rules are specified
+in the form of Postfix regular expression lookup tables. Usually the
+best performance is obtained with \fBpcre\fR (Perl Compatible Regular
+Expression) tables, but the slower \fBregexp\fR (POSIX regular
+expressions) support is more widely available.
+Use the command \fBpostconf -m\fR to find out what lookup table
+types your Postfix system supports.
-The general format of a header or body_checks table is:
+The general format of a Postfix regular expression table is:
.IP "\fB/\fIpattern\fB/\fIflags action\fR"
When \fIpattern\fR matches the input string, execute
the corresponding \fIaction\fR. See below for a list
A pattern/action line starts with non-whitespace text. A line that
starts with whitespace continues a logical line.
.PP
-For a discussion of pattern syntax and flags details,
-see \fBregexp_table\fR(5) or \fBpcre_table\fR(5), respectively.
+For a discussion of specific pattern or flags syntax details,
+see \fBpcre_table\fR(5) or \fBregexp_table\fR(5), respectively.
.SH TABLE SEARCH ORDER
.na
.nf
Note: this action disables further header or body_checks inspection
of the current message and affects all recipients.
.IP \fBDUNNO\fR
-Pretend that the search string was not found, and inspect the
+Pretend that the input line did not match any pattern, and inspect the
next input line. This action can be used to shorten the table search.
.sp
For backwards compatibility reasons, Postfix also accepts
.IP "\fBFILTER \fItransport:destination\fR"
Write a content filter request record to the queue file and
inspect the next input line.
-After the message is queued, it will be sent through
+After the complete message is received it will be sent through
the specified external content filter. More information about
external content filters is in the Postfix FILTER_README file.
.sp
Note: this action overrides the \fBmain.cf content_filter\fR setting,
and affects all recipients of the message. In the case that multiple
-\fBFILTER\fR actions fire, the only last one is executed.
+\fBFILTER\fR actions fire, only the last one is executed.
.IP "\fBHOLD \fIoptional text...\fR"
Arrange for the message to be placed on the \fBhold\fR queue,
and inspect the next input line. The message remains on \fBhold\fR
.sp
Note: this action overrides the \fBFILTER\fR action, and affects
all recipients of the message. If multiple \fBREDIRECT\fR actions
-fire only the last one is executed.
+fire, only the last one is executed.
.IP "\fBREJECT \fIoptional text...\fR
Reject the entire message. Reply with \fIoptional text...\fR when
the optional text is specified, otherwise reply with a generic error
Log a warning with the \fIoptional text...\fR (or log a
generic message) and inspect the next input line. This
action is useful for debugging and for testing a pattern
-before taking more drastic actions.
+before applying more drastic actions.
.SH BUGS
.ad
.fi
Many people overlook the main limitations of header and body_checks
-rules. These rules operate on one logical message header or body
+rules. These rules operate on one logical message header or one body
line at a time, and a decision made for one line is not carried over
to the next line.
+
+Message headers added by the \fBcleanup\fR(8) daemon itself
+are excluded from inspection. Examples of such message headers
+are \fBFrom:\fR, \fBTo:\fR, \fBMessage-ID:\fR, \fBDate:\fR.
.SH CONFIGURATION PARAMETERS
.na
.nf
# response message.
# .IP "\fBDEFER_IF_PERMIT \fIoptional text...\fR
# Defer the request if some later restriction would result in a
-# PERMIT action (there is an implied PERMIT at the end of each
-# restriction list). Reply with "\fB450\fI optional text...\fR when the
+# an explicit or implicit PERMIT action.
+# Reply with "\fB450\fI optional text...\fR when the
# optional text is specified, otherwise reply with a generic error
# response message.
# .IP \fBOK\fR
# An all-numerical result is treated as OK. This format is
# generated by address-based relay authorization schemes.
# .IP \fBDUNNO\fR
-# Pretend that the lookup key was not found in this table. This
+# Pretend that the lookup key was not found. This
# prevents Postfix from trying substrings of the lookup key
# (such as a subdomain name, or a network address subnetwork).
+# .IP "\fBPREPEND \fIheadername: headervalue\fR"
+# Prepend the specified message header to the message.
+# When this action is used multiple times, the first prepended
+# header appears before the second etc. prepended header.
+# .sp
+# Note: this action does not support multi-line message headers.
# .IP "\fBHOLD \fIoptional text...\fR"
# Place the message on the \fBhold\fR queue, where it will sit
# until someone either deletes it or releases it for delivery.
# Note: this action currently affects all recipients of the message.
# .IP "\fBFILTER \fItransport:destination\fR"
# After the message is queued, send the entire message through
-# a content filter. More information about content filters
-# is in the Postfix FILTER_README file.
+# the specified external content filter. More information about
+# external content filters is in the Postfix FILTER_README file.
# .sp
# Note: this action overrides the \fBmain.cf content_filter\fR setting,
# and currently affects all recipients of the message.
# are directed to a TCP-based server. For a description of the TCP
# client/server lookup protocol, see \fBtcp_table\fR(5).
#
-# Each lookup operation uses the entire query string once.
+# Each lookup operation uses the entire query string once.
# Depending on the application, that string is an entire client
# hostname, an entire client IP address, or an entire mail address.
# Thus, no parent domain or parent network search is done,
# This feature is implemented by the Postfix \fBcleanup\fR(8) server.
#
# Postfix header or body_checks are designed to stop a flood of mail
-# from worms and viruses. They are not meant to be a substitute for
+# from worms or viruses. They are not meant to be a substitute for
# content filters that decode attachments and that do other
# sophisticated content analyses.
#
# .IP "\fBmime_header_checks\fR (default: \fB$header_checks\fR)"
# These are applied each MIME related message header only.
# .IP "\fBnested_header_checks\fR (default: \fB$header_checks\fR)"
-# These are applied to each message header of attached email messages.
+# These are applied to each message header of attached email
+# messages (except for the MIME related headers).
# .IP \fBbody_checks\fR
-# These are applied to every other line of content, including multi-part
+# These are applied to all other content, including multi-part
# message boundaries.
# .PP
# Note: message headers are examined one logical header at a time,
# even when a message header spans multiple lines. Body lines are
# always examined one line at a time.
-# REGEXP AND PCRE TABLE FORMAT
+# TABLE FORMAT
# .ad
# .fi
-# Header and body_checks rules are normally specified in the form of
-# regular expression lookup tables. The best performance is obtained
-# with \fBpcre\fR (Perl Compatible Regular Expression) tables, but
-# the slower \fBregexp\fR (POSIX regular expressions) support is
-# more widely available. Use the command \fBpostconf -m\fR to find
-# out what types of lookup table your Postfix system supports.
+# This document assumes that header and body_checks rules are specified
+# in the form of Postfix regular expression lookup tables. Usually the
+# best performance is obtained with \fBpcre\fR (Perl Compatible Regular
+# Expression) tables, but the slower \fBregexp\fR (POSIX regular
+# expressions) support is more widely available.
+# Use the command \fBpostconf -m\fR to find out what lookup table
+# types your Postfix system supports.
#
-# The general format of a header or body_checks table is:
+# The general format of a Postfix regular expression table is:
# .IP "\fB/\fIpattern\fB/\fIflags action\fR"
# When \fIpattern\fR matches the input string, execute
# the corresponding \fIaction\fR. See below for a list
# A pattern/action line starts with non-whitespace text. A line that
# starts with whitespace continues a logical line.
# .PP
-# For a discussion of pattern syntax and flags details,
-# see \fBregexp_table\fR(5) or \fBpcre_table\fR(5), respectively.
+# For a discussion of specific pattern or flags syntax details,
+# see \fBpcre_table\fR(5) or \fBregexp_table\fR(5), respectively.
# TABLE SEARCH ORDER
# .ad
# .fi
# Note: this action disables further header or body_checks inspection
# of the current message and affects all recipients.
# .IP \fBDUNNO\fR
-# Pretend that the search string was not found, and inspect the
+# Pretend that the input line did not match any pattern, and inspect the
# next input line. This action can be used to shorten the table search.
# .sp
# For backwards compatibility reasons, Postfix also accepts
# .IP "\fBFILTER \fItransport:destination\fR"
# Write a content filter request record to the queue file and
# inspect the next input line.
-# After the message is queued, it will be sent through
+# After the complete message is received it will be sent through
# the specified external content filter. More information about
# external content filters is in the Postfix FILTER_README file.
# .sp
# Note: this action overrides the \fBmain.cf content_filter\fR setting,
# and affects all recipients of the message. In the case that multiple
-# \fBFILTER\fR actions fire, the only last one is executed.
+# \fBFILTER\fR actions fire, only the last one is executed.
# .IP "\fBHOLD \fIoptional text...\fR"
# Arrange for the message to be placed on the \fBhold\fR queue,
# and inspect the next input line. The message remains on \fBhold\fR
# .sp
# Note: this action overrides the \fBFILTER\fR action, and affects
# all recipients of the message. If multiple \fBREDIRECT\fR actions
-# fire only the last one is executed.
+# fire, only the last one is executed.
# .IP "\fBREJECT \fIoptional text...\fR
# Reject the entire message. Reply with \fIoptional text...\fR when
# the optional text is specified, otherwise reply with a generic error
# Log a warning with the \fIoptional text...\fR (or log a
# generic message) and inspect the next input line. This
# action is useful for debugging and for testing a pattern
-# before taking more drastic actions.
+# before applying more drastic actions.
# BUGS
# Many people overlook the main limitations of header and body_checks
-# rules. These rules operate on one logical message header or body
+# rules. These rules operate on one logical message header or one body
# line at a time, and a decision made for one line is not carried over
# to the next line.
+#
+# Message headers added by the \fBcleanup\fR(8) daemon itself
+# are excluded from inspection. Examples of such message headers
+# are \fBFrom:\fR, \fBTo:\fR, \fBMessage-ID:\fR, \fBDate:\fR.
# CONFIGURATION PARAMETERS
# .ad
# .fi
* Patches change the patchlevel and the release date. Snapshots change the
* release date only, unless they include the same bugfix as a patch release.
*/
-#define MAIL_RELEASE_DATE "20040120"
-#define MAIL_VERSION_NUMBER "2.0.17"
+#define MAIL_RELEASE_DATE "20040122"
+#define MAIL_VERSION_NUMBER "2.0.18"
#define VAR_MAIL_VERSION "mail_version"
#ifdef SNAPSHOT
}
if (state->xforward.flags)
smtpd_xforward_reset(state);
+ if (state->prepend)
+ state->prepend = argv_free(state->prepend);
}
/* rcpt_cmd - process RCPT TO command */
int (*out_fprintf) (VSTREAM *, int, const char *,...);
VSTREAM *out_stream;
int out_error;
+ char **cpp;
/*
* Sanity checks. With ESMTP command pipelining the client can send DATA
rec_fputs(state->cleanup, REC_TYPE_MESG, "");
}
+ /*
+ * PREPEND message headers.
+ */
+ if (state->prepend)
+ for (cpp = state->prepend->argv; *cpp; cpp++)
+ out_fprintf(out_stream, REC_TYPE_NORM, "%s", *cpp);
+
/*
* Suppress our own Received: header in the unlikely case that we are an
* intermediate proxy.
char *saved_redirect; /* postponed redirect action */
int saved_flags; /* postponed hold/discard */
VSTRING *expand_buf; /* scratch space for $name expansion */
+ ARGV *prepend; /* prepended headers */
/*
* Pass-through proxy client.
#ifndef TEST
+static int not_in_client_helo(SMTPD_STATE *, const char *, const char *, const char *);
+
static int can_delegate_action(SMTPD_STATE *state, const char *table,
const char *action, const char *reply_class)
{
table, VAR_SMTPD_PROXY_FILT, action);
return (0);
}
+ return (not_in_client_helo(state, table, action, reply_class));
+}
+
+/* not_in_client_helo - not in client or helo restriction context */
+
+static int not_in_client_helo(SMTPD_STATE *state, const char *table,
+ const char *action, const char *reply_class)
+{
/*
* If delay_reject=no, then client and helo restrictions take effect
return (SMTPD_CHECK_DUNNO);
}
+ /*
+ * PREPEND prepends the specified message header text.
+ */
+ if (STREQUAL(value, "PREPEND", cmd_len)) {
+#ifndef TEST
+ /* XXX what about ETRN. */
+ if (not_in_client_helo(state, table, "REDIRECT", reply_class) == 0)
+ return (SMTPD_CHECK_DUNNO);
+#endif
+ if (*cmd_text == 0 || is_header(cmd_text) == 0) {
+ msg_warn("access map %s entry \"%s\" requires header: text",
+ table, datum);
+ return (SMTPD_CHECK_DUNNO);
+ } else {
+ if (state->prepend == 0)
+ state->prepend = argv_alloc(1);
+ argv_add(state->prepend, cmd_text, (char *) 0);
+ return (SMTPD_CHECK_DUNNO);
+ }
+ }
+
/*
* All-numeric result probably means OK - some out-of-band authentication
* mechanism uses this as time stamp.
state->defer_if_permit.reason = 0;
state->discard = 0;
state->expand_buf = 0;
+ state->prepend = 0;
state->proxy = 0;
state->proxy_buffer = 0;
state->proxy_mail = 0;
break;
}
VSTRING_TERMINATE(vp);
- return (c == VSTREAM_EOF ? c : VSTRING_GET_RESULT(vp));
+ return (VSTRING_GET_RESULT(vp));
}
/* vstring_get_nonl - read line from file, strip newline */
while ((c = VSTREAM_GETC(fp)) != VSTREAM_EOF && c != '\n')
VSTRING_ADDCH(vp, c);
VSTRING_TERMINATE(vp);
- return (c == '\n' || c == VSTREAM_EOF ? c : VSTRING_GET_RESULT(vp));
+ return (c == '\n' ? c : VSTRING_GET_RESULT(vp));
}
/* vstring_get_null - read null-terminated string from file */
while ((c = VSTREAM_GETC(fp)) != VSTREAM_EOF && c != 0)
VSTRING_ADDCH(vp, c);
VSTRING_TERMINATE(vp);
- return (c == 0 || c == VSTREAM_EOF ? c : VSTRING_GET_RESULT(vp));
+ return (c == 0 ? c : VSTRING_GET_RESULT(vp));
}
/* vstring_get_bound - read line from file, keep newline, up to bound */
break;
}
VSTRING_TERMINATE(vp);
- return (c == VSTREAM_EOF ? c : VSTRING_GET_RESULT(vp));
+ return (VSTRING_GET_RESULT(vp));
}
/* vstring_get_nonl_bound - read line from file, strip newline, up to bound */
while (bound-- > 0 && (c = VSTREAM_GETC(fp)) != VSTREAM_EOF && c != '\n')
VSTRING_ADDCH(vp, c);
VSTRING_TERMINATE(vp);
- return (c == '\n' || c == VSTREAM_EOF ? c : VSTRING_GET_RESULT(vp));
+ return (c == '\n' ? c : VSTRING_GET_RESULT(vp));
}
/* vstring_get_null_bound - read null-terminated string from file */
while (bound-- > 0 && (c = VSTREAM_GETC(fp)) != VSTREAM_EOF && c != 0)
VSTRING_ADDCH(vp, c);
VSTRING_TERMINATE(vp);
- return (c == 0 || c == VSTREAM_EOF ? c : VSTRING_GET_RESULT(vp));
+ return (c == 0 ? c : VSTRING_GET_RESULT(vp));
}
#ifdef TEST
projects / thirdparty / postfix.git / commitdiff
