Safety: don't send postmaster notifications to report
problems delivering (possible) postmaster notifications.
File: smtp/smtp_connect.c.
+
+20091121
+
+ Feature: sender_dependent_default_transport_maps, to override
+ the default transport in a sender-dependent manner. This
+ is not a transport_maps override, and therefore it does not
+ use the transport_maps syntax for null transport, null
+ nexthop, or null email address.
+
+20091127
+
+ Usability: the Postfix SMTP client now logs a warning that
+ wrappermode TLS is not supported, when configured to connect
+ to port smtps/465. File: smtp/smtp_connect.c.
+
+20091203
+
+ Safety: the postscreen daemon logs a warning when table
+ lookup is slow. Slow lookups cause postscreen to fall behind,
+ and worse, to catch up in bursts, which results in overload
+ elsewhere. File: postscreen/postscreen.c.
+
+20091206
+
+ Feature: by popular demand, the Postfix SMTP server now
+ logs the before-queue content filter's end-of-message
+ accept/reject response. File: smtpd/smtpd.c.
+
+20091209
+
+ Portability: as the result of continuous improvement,
+ Berkeley DB no longer allows fork-then-close. File:
+ postscreen/postscreen.c.
+
+ Bugfix: sender_dependent_relayhost_maps did not reject an
+ empty lookup result, and did not recognize lookup errors,
+ thus treating errors as "not found". Problem found during
+ code maintenance. File: trivial-rewrite/resolve.c.
+
+ Cleanup: the postscreen daemon now applies the permanent
+ whitelist first. It is a safety feature that prevents mail
+ from being blocked. File: postscreeb/postscreen.c.
If you upgrade from Postfix 2.5 or earlier, read RELEASE_NOTES-2.6
before proceeding.
+Incompatibility with snapshot 20091209
+======================================
+
+The postscreen daemon now checks the permanent whitelist before
+the permanent blacklist. This makes the whitelist easier to use
+for its intended purpose, which is to receive mail.
+
+Major changes with snapshot 20091209
+====================================
+
+sender_dependent_default_transport_maps, a per-sender override for
+default_transport. It's original motivation is to use different
+output channels (with different source IP addresses) for different
+sender addresses, in order to keep their IP-based reputations
+separate from each other.
+
+The result value syntax is that of default_transport, not transport_maps.
+Thus, sender_dependent_default_transport_maps does not support the
+special transport_maps result value syntax for null transport, null
+nexthop, or null email address.
+
+This feature makes sender_dependent_relayhost_maps pretty much
+redundant (though sender_dependent_relayhost_maps will often be
+easier to use because that is the only thing people want to override).
+
Major changes with snapshot 20091109
====================================
or bounce bad mail (which violates good network citizenship).
NOTE 1: When this feature is turned on, a filter cannot selectively
-reject recipients of a multi-recipient message. Rejecting all
-recipients is OK, as is deferring all recipients, or accepting all
-recipients of the same multi-recipient message.
+reject recipients of a multi-recipient message. It is OK to reject
+all recipients of the same multi-recipient message, as is deferring
+or accepting all recipients of the same multi-recipient message.
NOTE 2: This feature increases the minimum amount of free queue
space by $message_size_limit. The extra space is needed to save the
Remove this file from the stable release.
+ Find a place to document all the mail routing mechanisms
+ in one place so people can figure out how Postfix works.
+
+ owner-listname does not work for shell commands.
+
+ The BCC action is marked "not stable", perhaps because
+ people would also expect BCC actions in header/body_checks.
+ How much would it take to make the queue file editing code
+ generally usable?
+
Move smtpd_command_filter into smtpd_chat_query() and update
the session transcript (see smtp_chat_reply() for an example).
# default_transport (default: smtp:)
# This is the default for remote delivery to other
# destinations. In order of decreasing precedence,
-# the nexthop destination is taken from
-# default_transport, sender_dependent_relayhost_maps,
-# relayhost, or from the recipient domain.
-#
-# Normally, the transport(5) table is specified as a text
-# file that serves as input to the postmap(1) command. The
-# result, an indexed file in dbm or db format, is used for
-# fast searching by the mail system. Execute the command
-# "postmap /etc/postfix/transport" to rebuild an indexed
+# the nexthop destination is taken from sender_depen-
+# dent_default_transport_maps, default_transport,
+# sender_dependent_relayhost_maps, relayhost, or from
+# the recipient domain.
+#
+# Normally, the transport(5) table is specified as a text
+# file that serves as input to the postmap(1) command. The
+# result, an indexed file in dbm or db format, is used for
+# fast searching by the mail system. Execute the command
+# "postmap /etc/postfix/transport" to rebuild an indexed
# file after changing the corresponding transport table.
#
-# When the table is provided via other means such as NIS,
-# LDAP or SQL, the same lookups are done as for ordinary
+# When the table is provided via other means such as NIS,
+# LDAP or SQL, the same lookups are done as for ordinary
# indexed files.
#
-# Alternatively, the table can be provided as a regular-
+# Alternatively, the table can be provided as a regular-
# expression map where patterns are given as regular expres-
-# sions, or lookups can be directed to TCP-based server. In
-# those case, the lookups are done in a slightly different
-# way as described below under "REGULAR EXPRESSION TABLES"
+# sions, or lookups can be directed to TCP-based server. In
+# those case, the lookups are done in a slightly different
+# way as described below under "REGULAR EXPRESSION TABLES"
# or "TCP-BASED TABLES".
#
# CASE FOLDING
-# The search string is folded to lowercase before database
-# lookup. As of Postfix 2.3, the search string is not case
-# folded with database types such as regexp: or pcre: whose
+# The search string is folded to lowercase before database
+# lookup. As of Postfix 2.3, the search string is not case
+# folded with database types such as regexp: or pcre: whose
# lookup fields can match both upper and lower case.
#
# TABLE FORMAT
# domain, use the corresponding result.
#
# blank lines and comments
-# Empty lines and whitespace-only lines are ignored,
-# as are lines whose first non-whitespace character
+# Empty lines and whitespace-only lines are ignored,
+# as are lines whose first non-whitespace character
# is a `#'.
#
# multi-line text
-# A logical line starts with non-whitespace text. A
-# line that starts with whitespace continues a logi-
+# A logical line starts with non-whitespace text. A
+# line that starts with whitespace continues a logi-
# cal line.
#
-# The pattern specifies an email address, a domain name, or
-# a domain name hierarchy, as described in section "TABLE
+# The pattern specifies an email address, a domain name, or
+# a domain name hierarchy, as described in section "TABLE
# LOOKUP".
#
-# The result is of the form transport:nexthop and specifies
+# The result is of the form transport:nexthop and specifies
# how or where to deliver mail. This is described in section
# "RESULT FORMAT".
#
# TABLE SEARCH ORDER
# With lookups from indexed files such as DB or DBM, or from
-# networked tables such as NIS, LDAP or SQL, patterns are
+# networked tables such as NIS, LDAP or SQL, patterns are
# tried in the order as listed below:
#
# user+extension@domain transport:nexthop
-# Deliver mail for user+extension@domain through
+# Deliver mail for user+extension@domain through
# transport to nexthop.
#
# user@domain transport:nexthop
-# Deliver mail for user@domain through transport to
+# Deliver mail for user@domain through transport to
# nexthop.
#
# domain transport:nexthop
-# Deliver mail for domain through transport to nex-
+# Deliver mail for domain through transport to nex-
# thop.
#
# .domain transport:nexthop
-# Deliver mail for any subdomain of domain through
-# transport to nexthop. This applies only when the
-# string transport_maps is not listed in the par-
-# ent_domain_matches_subdomains configuration set-
-# ting. Otherwise, a domain name matches itself and
+# Deliver mail for any subdomain of domain through
+# transport to nexthop. This applies only when the
+# string transport_maps is not listed in the par-
+# ent_domain_matches_subdomains configuration set-
+# ting. Otherwise, a domain name matches itself and
# its subdomains.
#
# * transport:nexthop
-# The special pattern * represents any address (i.e.
-# it functions as the wild-card pattern, and is
+# The special pattern * represents any address (i.e.
+# it functions as the wild-card pattern, and is
# unique to Postfix transport tables).
#
-# Note 1: the null recipient address is looked up as
+# Note 1: the null recipient address is looked up as
# $empty_address_recipient@$myhostname (default: mailer-dae-
# mon@hostname).
#
-# Note 2: user@domain or user+extension@domain lookup is
+# Note 2: user@domain or user+extension@domain lookup is
# available in Postfix 2.0 and later.
#
# RESULT FORMAT
-# The lookup result is of the form transport:nexthop. The
-# transport field specifies a mail delivery transport such
-# as smtp or local. The nexthop field specifies where and
+# The lookup result is of the form transport:nexthop. The
+# transport field specifies a mail delivery transport such
+# as smtp or local. The nexthop field specifies where and
# how to deliver mail.
#
-# The transport field specifies the name of a mail delivery
+# The transport field specifies the name of a mail delivery
# transport (the first name of a mail delivery service entry
# in the Postfix master.cf file).
#
-# The interpretation of the nexthop field is transport
-# dependent. In the case of SMTP, specify a service on a
-# non-default port as host:service, and disable MX (mail
-# exchanger) DNS lookups with [host] or [host]:port. The []
+# The interpretation of the nexthop field is transport
+# dependent. In the case of SMTP, specify a service on a
+# non-default port as host:service, and disable MX (mail
+# exchanger) DNS lookups with [host] or [host]:port. The []
# form is required when you specify an IP address instead of
# a hostname.
#
-# A null transport and null nexthop result means "do not
-# change": use the delivery transport and nexthop informa-
-# tion that would be used when the entire transport table
+# A null transport and null nexthop result means "do not
+# change": use the delivery transport and nexthop informa-
+# tion that would be used when the entire transport table
# did not exist.
#
-# A non-null transport field with a null nexthop field
+# A non-null transport field with a null nexthop field
# resets the nexthop information to the recipient domain.
#
-# A null transport field with non-null nexthop field does
+# A null transport field with non-null nexthop field does
# not modify the transport information.
#
# EXAMPLES
-# In order to deliver internal mail directly, while using a
-# mail relay for all other mail, specify a null entry for
-# internal destinations (do not change the delivery trans-
-# port or the nexthop information) and specify a wildcard
+# In order to deliver internal mail directly, while using a
+# mail relay for all other mail, specify a null entry for
+# internal destinations (do not change the delivery trans-
+# port or the nexthop information) and specify a wildcard
# for all other destinations.
#
# my.domain :
# .my.domain :
# * smtp:outbound-relay.my.domain
#
-# In order to send mail for example.com and its subdomains
+# In order to send mail for example.com and its subdomains
# via the uucp transport to the UUCP host named example:
#
# example.com uucp:example
# .example.com uucp:example
#
-# When no nexthop host name is specified, the destination
-# domain name is used instead. For example, the following
-# directs mail for user@example.com via the slow transport
-# to a mail exchanger for example.com. The slow transport
+# When no nexthop host name is specified, the destination
+# domain name is used instead. For example, the following
+# directs mail for user@example.com via the slow transport
+# to a mail exchanger for example.com. The slow transport
# could be configured to run at most one delivery process at
# a time:
#
# example.com slow:
#
# When no transport is specified, Postfix uses the transport
-# that matches the address domain class (see DESCRIPTION
-# above). The following sends all mail for example.com and
+# that matches the address domain class (see DESCRIPTION
+# above). The following sends all mail for example.com and
# its subdomains to host gateway.example.com:
#
# example.com :[gateway.example.com]
# .example.com :[gateway.example.com]
#
-# In the above example, the [] suppress MX lookups. This
-# prevents mail routing loops when your machine is primary
+# In the above example, the [] suppress MX lookups. This
+# prevents mail routing loops when your machine is primary
# MX host for example.com.
#
-# In the case of delivery via SMTP, one may specify host-
+# In the case of delivery via SMTP, one may specify host-
# name:service instead of just a host:
#
# example.com smtp:bar.example:2025
#
# .example.com error:mail for *.example.com is not deliverable
#
-# This causes all mail for user@anything.example.com to be
+# This causes all mail for user@anything.example.com to be
# bounced.
#
# REGULAR EXPRESSION TABLES
-# This section describes how the table lookups change when
+# This section describes how the table lookups change when
# the table is given in the form of regular expressions. For
-# a description of regular expression lookup table syntax,
+# a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5).
#
-# Each pattern is a regular expression that is applied to
-# the entire address being looked up. Thus,
-# some.domain.hierarchy is not looked up via its parent
-# domains, nor is user+foo@domain looked up as user@domain.
+# Each pattern is a regular expression that is applied to
+# the entire address being looked up. Thus,
+# some.domain.hierarchy is not looked up via its parent
+# domains, nor is user+foo@domain looked up as user@domain.
#
-# Patterns are applied in the order as specified in the ta-
-# ble, until a pattern is found that matches the search
+# Patterns are applied in the order as specified in the ta-
+# ble, until a pattern is found that matches the search
# string.
#
# The trivial-rewrite(8) server disallows regular expression
-# substitution of $1 etc. in regular expression lookup
-# tables, because that could open a security hole (Postfix
+# substitution of $1 etc. in regular expression lookup
+# tables, because that could open a security hole (Postfix
# version 2.3 and later).
#
# TCP-BASED TABLES
-# This section describes how the table lookups change when
+# This section describes how the table lookups change when
# lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see tcp_ta-
# ble(5). This feature is not available up to and including
# Postfix version 2.4.
#
-# Each lookup operation uses the entire recipient address
-# once. Thus, some.domain.hierarchy is not looked up via
-# its parent domains, nor is user+foo@domain looked up as
+# Each lookup operation uses the entire recipient address
+# once. Thus, some.domain.hierarchy is not looked up via
+# its parent domains, nor is user+foo@domain looked up as
# user@domain.
#
# Results are the same as with indexed file lookups.
#
# CONFIGURATION PARAMETERS
-# The following main.cf parameters are especially relevant.
-# The text below provides only a parameter summary. See
+# The following main.cf parameters are especially relevant.
+# The text below provides only a parameter summary. See
# postconf(5) for more details including examples.
#
# empty_address_recipient
-# The address that is looked up instead of the null
+# The address that is looked up instead of the null
# sender address.
#
# parent_domain_matches_subdomains
-# List of Postfix features that use domain.tld pat-
-# terns to match sub.domain.tld (as opposed to
+# List of Postfix features that use domain.tld pat-
+# terns to match sub.domain.tld (as opposed to
# requiring .domain.tld patterns).
#
# transport_maps
# postmap(1), Postfix lookup table manager
#
# README FILES
-# Use "postconf readme_directory" or "postconf html_direc-
+# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
# ADDRESS_REWRITING_README, address rewriting guide
# DATABASE_README, Postfix lookup table overview
# FILTER_README, external content filter
#
# LICENSE
-# The Secure Mailer license must be distributed with this
+# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)
</p>
+</DD>
+
+<DT><b><a name="address_verify_sender_dependent_default_transport_maps">address_verify_sender_dependent_default_transport_maps</a>
+(default: $<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a>)</b></DT><DD>
+
+<p> Overrides the <a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> parameter
+setting for address verification probes. </p>
+
+<p> This feature is available in Postfix 2.7 and later. </p>
+
+
</DD>
<DT><b><a name="address_verify_sender_dependent_relayhost_maps">address_verify_sender_dependent_relayhost_maps</a>
The default mail delivery transport and next-hop destination for
destinations that do not match $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>,
$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>, $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>,
-or $<a href="postconf.5.html#relay_domains">relay_domains</a>. In order of decreasing precedence, the nexthop
-destination is taken from $<a href="postconf.5.html#default_transport">default_transport</a>,
+or $<a href="postconf.5.html#relay_domains">relay_domains</a>. This information can be overruled with the
+<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> parameter and with the
+<a href="transport.5.html">transport(5)</a> table. </p>
+
+<p>
+In order of decreasing precedence, the nexthop destination is taken
+from $<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a>, $<a href="postconf.5.html#default_transport">default_transport</a>,
$<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a>, $<a href="postconf.5.html#relayhost">relayhost</a>, or from the recipient
-domain. This information can be overruled with the <a href="transport.5.html">transport(5)</a>
-table.
+domain.
</p>
<p>
for <a href="showq.8.html">showq(8)</a> queue displays. </p>
+</DD>
+
+<DT><b><a name="empty_address_default_transport_maps_lookup_key">empty_address_default_transport_maps_lookup_key</a>
+(default: <>)</b></DT><DD>
+
+<p> The <a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> search string that
+will be used instead of the null sender address. </p>
+
+<p> This feature is available in Postfix 2.7 and later. </p>
+
+
</DD>
<DT><b><a name="empty_address_recipient">empty_address_recipient</a>
<p>
The next-hop destination of non-local mail; overrides non-local
domains in recipient addresses. This information is overruled with
-<a href="postconf.5.html#relay_transport">relay_transport</a>, <a href="postconf.5.html#default_transport">default_transport</a>, <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a>
+<a href="postconf.5.html#relay_transport">relay_transport</a>, <a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a>,
+<a href="postconf.5.html#default_transport">default_transport</a>, <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a>
and with the <a href="transport.5.html">transport(5)</a> table.
</p>
</pre>
+</DD>
+
+<DT><b><a name="sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a>
+(default: empty)</b></DT><DD>
+
+<p> A sender-dependent override for the global <a href="postconf.5.html#default_transport">default_transport</a>
+parameter setting. The tables are searched by the envelope sender
+address and @domain. A lookup result of DUNNO terminates the search
+without overriding the global <a href="postconf.5.html#default_transport">default_transport</a> parameter setting.
+This information is overruled with the <a href="transport.5.html">transport(5)</a> table. </p>
+
+<p> Note: this overrides <a href="postconf.5.html#default_transport">default_transport</a>, not <a href="postconf.5.html#transport_maps">transport_maps</a>, and
+therefore the expected syntax is that of <a href="postconf.5.html#default_transport">default_transport</a>. This
+feature does not support the <a href="postconf.5.html#transport_maps">transport_maps</a> syntax for null transport,
+null nexthop, or null email addresses. </p>
+
+<p> For safety reasons, this feature does not allow $number
+substitutions in regular expression maps. </p>
+
+<p> This feature is available in Postfix 2.7 and later. </p>
+
+
</DD>
<DT><b><a name="sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a>
@domain. A lookup result of DUNNO terminates the search without
overriding the global <a href="postconf.5.html#relayhost">relayhost</a> parameter setting (Postfix 2.6 and
later). This information is overruled with <a href="postconf.5.html#relay_transport">relay_transport</a>,
-<a href="postconf.5.html#default_transport">default_transport</a> and with the <a href="transport.5.html">transport(5)</a> table. </p>
+<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a>, <a href="postconf.5.html#default_transport">default_transport</a> and with
+the <a href="transport.5.html">transport(5)</a> table. </p>
<p> For safety reasons, this feature does not allow $number
substitutions in regular expression maps. </p>
</p>
<p>
-By default, a client can make as many recipient addresses per time
+By default, a client can send as many recipient addresses per time
unit as Postfix can accept.
</p>
tional. The purpose is to prioritize legitimate clients
with as little overhead as possible.
- <a href="postscreen.8.html"><b>postscreen</b>(8)</a> logs its observations and takes actions as
- described in the sections that follow.
+ <a href="postscreen.8.html"><b>postscreen</b>(8)</a> performs tests in the order described below.
-<b>PERMANENT BLACKLIST TEST</b>
- The <a href="postconf.5.html#postscreen_blacklist_networks">postscreen_blacklist_networks</a> parameter (default:
- empty) specifies a permanent blacklist for SMTP client IP
+<b>1. PERMANENT WHITELIST TEST</b>
+ The <a href="postconf.5.html#postscreen_whitelist_networks">postscreen_whitelist_networks</a> parameter (default:
+ $<a href="postconf.5.html#mynetworks">mynetworks</a>) specifies a permanent whitelist for SMTP
+ client IP addresses. This feature is not used for
+ addresses that appear on the permanent blacklist.
+
+ When the SMTP client address matches the permanent
+ whitelist, this is logged as:
+
+ <b>WHITELISTED</b> <i>address</i>
+
+ The action is not configurable: immediately forward the
+ connection to a real SMTP server process.
+
+<b>2. PERMANENT BLACKLIST TEST</b>
+ The <a href="postconf.5.html#postscreen_blacklist_networks">postscreen_blacklist_networks</a> parameter (default:
+ empty) specifies a permanent blacklist for SMTP client IP
addresses. The address syntax is as with <a href="postconf.5.html#mynetworks">mynetworks</a>.
- When the SMTP client address matches the permanent black-
+ When the SMTP client address matches the permanent black-
list, this is logged as:
<b>BLACKLISTED</b> <i>address</i>
- The <a href="postconf.5.html#postscreen_blacklist_action">postscreen_blacklist_action</a> parameter specifies the
+ The <a href="postconf.5.html#postscreen_blacklist_action">postscreen_blacklist_action</a> parameter specifies the
action that is taken next:
<b>continue</b> (default, observation mode)
- Continue with the SMTP GREETING PHASE TESTS below.
+ Continue with the SMTP GREETING PHASE TESTS below.
<b>drop</b> (enforcement mode)
- Drop the connection immediately with a 521 SMTP
- reply. In a future implementation, the connection
- may instead be passed to a dummy SMTP protocol
- engine that logs sender and recipient information.
-
-<b>PERMANENT WHITELIST TEST</b>
- The <a href="postconf.5.html#postscreen_whitelist_networks">postscreen_whitelist_networks</a> parameter (default:
- $<a href="postconf.5.html#mynetworks">mynetworks</a>) specifies a permanent whitelist for SMTP
- client IP addresses. This feature is not used for
- addresses that appear on the permanent blacklist.
-
- When the SMTP client address matches the permanent
- whitelist, this is logged as:
-
- <b>WHITELISTED</b> <i>address</i>
-
- The action is not configurable: immediately forward the
- connection to a real SMTP server process.
+ Drop the connection immediately with a 521 SMTP
+ reply. In a future implementation, the connection
+ may instead be passed to a dummy SMTP protocol
+ engine that logs sender and recipient information.
-<b>TEMPORARY WHITELIST TEST</b>
+<b>3. TEMPORARY WHITELIST TEST</b>
The <a href="postscreen.8.html"><b>postscreen</b>(8)</a> daemon maintains a <i>temporary</i> whitelist
for SMTP client IP addresses that have passed all the
tests described below. The <a href="postconf.5.html#postscreen_cache_map">postscreen_cache_map</a> parameter
parameter. Expired entries are silently renewed if possi-
ble.
-<b>SMTP GREETING PHASE TESTS</b>
+<b>4. SMTP GREETING PHASE TESTS</b>
The <a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a> parameter specifies a time
interval during which <a href="postscreen.8.html"><b>postscreen</b>(8)</a> runs a number of tests
as described below. These tests run before the client may
more protocol tests including greylisting, before the
client is allowed to talk to a real SMTP server process.
-<b>PREGREET TEST</b>
+<b>4A. PREGREET TEST</b>
The <a href="postconf.5.html#postscreen_greet_banner">postscreen_greet_banner</a> parameter specifies the text
for a "220-text..." teaser banner (default: $<a href="postconf.5.html#smtpd_banner">smtpd_ban</a>-
<a href="postconf.5.html#smtpd_banner">ner</a>). The <a href="postscreen.8.html"><b>postscreen</b>(8)</a> daemon sends this before the
may instead be passed to a dummy SMTP protocol
engine that logs sender and recipient information.
-<b>HANGUP TEST</b>
+<b>4B. HANGUP TEST</b>
When the SMTP client hangs up without sending any data
before the <a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a> time has elapsed, this is
logged as:
<b>drop</b> (enforcement mode)
Drop the connection immediately.
-<b>DNS BLOCKLIST TEST</b>
+<b>4C. DNS BLOCKLIST TEST</b>
The <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> parameter (default: empty)
specifies a list of DNS blocklist servers.
<b><a href="postconf.5.html#default_transport">default_transport</a> (default: <a href="smtp.8.html">smtp</a>:)</b>
This is the default for remote delivery to other
destinations. In order of decreasing precedence,
- the <i>nexthop</i> destination is taken from
- <b><a href="postconf.5.html#default_transport">default_transport</a></b>, <b><a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a></b>,
- <b><a href="postconf.5.html#relayhost">relayhost</a></b>, or from the recipient domain.
-
- Normally, the <a href="transport.5.html"><b>transport</b>(5)</a> table is specified as a text
- file that serves as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> command. The
- result, an indexed file in <b>dbm</b> or <b>db</b> format, is used for
- fast searching by the mail system. Execute the command
- "<b>postmap /etc/postfix/transport</b>" to rebuild an indexed
+ the <i>nexthop</i> destination is taken from <b><a href="postconf.5.html#sender_dependent_default_transport_maps">sender_depen</a>-</b>
+ <b><a href="postconf.5.html#sender_dependent_default_transport_maps">dent_default_transport_maps</a>, <a href="postconf.5.html#default_transport">default_transport</a></b>,
+ <b><a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a></b>, <b><a href="postconf.5.html#relayhost">relayhost</a></b>, or from
+ the recipient domain.
+
+ Normally, the <a href="transport.5.html"><b>transport</b>(5)</a> table is specified as a text
+ file that serves as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> command. The
+ result, an indexed file in <b>dbm</b> or <b>db</b> format, is used for
+ fast searching by the mail system. Execute the command
+ "<b>postmap /etc/postfix/transport</b>" to rebuild an indexed
file after changing the corresponding transport table.
- When the table is provided via other means such as NIS,
- LDAP or SQL, the same lookups are done as for ordinary
+ When the table is provided via other means such as NIS,
+ LDAP or SQL, the same lookups are done as for ordinary
indexed files.
- Alternatively, the table can be provided as a regular-
+ Alternatively, the table can be provided as a regular-
expression map where patterns are given as regular expres-
- sions, or lookups can be directed to TCP-based server. In
- those case, the lookups are done in a slightly different
- way as described below under "REGULAR EXPRESSION TABLES"
+ sions, or lookups can be directed to TCP-based server. In
+ those case, the lookups are done in a slightly different
+ way as described below under "REGULAR EXPRESSION TABLES"
or "TCP-BASED TABLES".
<b>CASE FOLDING</b>
- The search string is folded to lowercase before database
- lookup. As of Postfix 2.3, the search string is not case
- folded with database types such as <a href="regexp_table.5.html">regexp</a>: or <a href="pcre_table.5.html">pcre</a>: whose
+ The search string is folded to lowercase before database
+ lookup. As of Postfix 2.3, the search string is not case
+ folded with database types such as <a href="regexp_table.5.html">regexp</a>: or <a href="pcre_table.5.html">pcre</a>: whose
lookup fields can match both upper and lower case.
<b>TABLE FORMAT</b>
domain, use the corresponding <i>result</i>.
blank lines and comments
- Empty lines and whitespace-only lines are ignored,
- as are lines whose first non-whitespace character
+ Empty lines and whitespace-only lines are ignored,
+ as are lines whose first non-whitespace character
is a `#'.
multi-line text
- A logical line starts with non-whitespace text. A
- line that starts with whitespace continues a logi-
+ A logical line starts with non-whitespace text. A
+ line that starts with whitespace continues a logi-
cal line.
- The <i>pattern</i> specifies an email address, a domain name, or
- a domain name hierarchy, as described in section "TABLE
+ The <i>pattern</i> specifies an email address, a domain name, or
+ a domain name hierarchy, as described in section "TABLE
LOOKUP".
- The <i>result</i> is of the form <i>transport:nexthop</i> and specifies
+ The <i>result</i> is of the form <i>transport:nexthop</i> and specifies
how or where to deliver mail. This is described in section
"RESULT FORMAT".
<b>TABLE SEARCH ORDER</b>
With lookups from indexed files such as DB or DBM, or from
- networked tables such as NIS, LDAP or SQL, patterns are
+ networked tables such as NIS, LDAP or SQL, patterns are
tried in the order as listed below:
<i>user+extension@domain transport</i>:<i>nexthop</i>
- Deliver mail for <i>user+extension@domain</i> through
+ Deliver mail for <i>user+extension@domain</i> through
<i>transport</i> to <i>nexthop</i>.
<i>user@domain transport</i>:<i>nexthop</i>
- Deliver mail for <i>user@domain</i> through <i>transport</i> to
+ Deliver mail for <i>user@domain</i> through <i>transport</i> to
<i>nexthop</i>.
<i>domain transport</i>:<i>nexthop</i>
- Deliver mail for <i>domain</i> through <i>transport</i> to <i>nex-</i>
+ Deliver mail for <i>domain</i> through <i>transport</i> to <i>nex-</i>
<i>thop</i>.
<i>.domain transport</i>:<i>nexthop</i>
- Deliver mail for any subdomain of <i>domain</i> through
- <i>transport</i> to <i>nexthop</i>. This applies only when the
- string
<b><a href="postconf.5.html#transport_maps">transport_maps</a></b> is not listed in the <b><a href="postconf.5.html#parent_domain_matches_subdomains">par</a>-</b>
- <b><a href="postconf.5.html#parent_domain_matches_subdomains">ent_domain_matches_subdomains</a></b> configuration set-
- ting. Otherwise, a domain name matches itself and
+ Deliver mail for any subdomain of <i>domain</i> through
+ <i>transport</i> to <i>nexthop</i>. This applies only when the
+ string
<b><a href="postconf.5.html#transport_maps">transport_maps</a></b> is not listed in the <b><a href="postconf.5.html#parent_domain_matches_subdomains">par</a>-</b>
+ <b><a href="postconf.5.html#parent_domain_matches_subdomains">ent_domain_matches_subdomains</a></b> configuration set-
+ ting. Otherwise, a domain name matches itself and
its subdomains.
<b>*</b> <i>transport</i>:<i>nexthop</i>
- The special pattern <b>*</b> represents any address (i.e.
- it functions as the wild-card pattern, and is
+ The special pattern <b>*</b> represents any address (i.e.
+ it functions as the wild-card pattern, and is
unique to Postfix transport tables).
- Note 1: the null recipient address is looked up as
+ Note 1: the null recipient address is looked up as
<b>$<a href="postconf.5.html#empty_address_recipient">empty_address_recipient</a></b>@<b>$<a href="postconf.5.html#myhostname">myhostname</a></b> (default: mailer-dae-
mon@hostname).
- Note 2: <i>user@domain</i> or <i>user+extension@domain</i> lookup is
+ Note 2: <i>user@domain</i> or <i>user+extension@domain</i> lookup is
available in Postfix 2.0 and later.
<b>RESULT FORMAT</b>
- The lookup result is of the form <i>transport</i><b>:</b><i>nexthop</i>. The
- <i>transport</i> field specifies a mail delivery transport such
- as <b>smtp</b> or <b>local</b>. The <i>nexthop</i> field specifies where and
+ The lookup result is of the form <i>transport</i><b>:</b><i>nexthop</i>. The
+ <i>transport</i> field specifies a mail delivery transport such
+ as <b>smtp</b> or <b>local</b>. The <i>nexthop</i> field specifies where and
how to deliver mail.
- The transport field specifies the name of a mail delivery
+ The transport field specifies the name of a mail delivery
transport (the first name of a mail delivery service entry
in the Postfix <a href="master.5.html"><b>master.cf</b></a> file).
- The interpretation of the nexthop field is transport
- dependent. In the case of SMTP, specify a service on a
- non-default port as <i>host</i>:<i>service</i>, and disable MX (mail
- exchanger) DNS lookups with [<i>host</i>] or [<i>host</i>]:<i>port</i>. The []
+ The interpretation of the nexthop field is transport
+ dependent. In the case of SMTP, specify a service on a
+ non-default port as <i>host</i>:<i>service</i>, and disable MX (mail
+ exchanger) DNS lookups with [<i>host</i>] or [<i>host</i>]:<i>port</i>. The []
form is required when you specify an IP address instead of
a hostname.
- A null <i>transport</i> and null <i>nexthop</i> result means "do not
- change": use the delivery transport and nexthop informa-
- tion that would be used when the entire transport table
+ A null <i>transport</i> and null <i>nexthop</i> result means "do not
+ change": use the delivery transport and nexthop informa-
+ tion that would be used when the entire transport table
did not exist.
- A non-null <i>transport</i> field with a null <i>nexthop</i> field
+ A non-null <i>transport</i> field with a null <i>nexthop</i> field
resets the nexthop information to the recipient domain.
- A null <i>transport</i> field with non-null <i>nexthop</i> field does
+ A null <i>transport</i> field with non-null <i>nexthop</i> field does
not modify the transport information.
<b>EXAMPLES</b>
- In order to deliver internal mail directly, while using a
- mail relay for all other mail, specify a null entry for
- internal destinations (do not change the delivery trans-
- port or the nexthop information) and specify a wildcard
+ In order to deliver internal mail directly, while using a
+ mail relay for all other mail, specify a null entry for
+ internal destinations (do not change the delivery trans-
+ port or the nexthop information) and specify a wildcard
for all other destinations.
<b>my.domain :</b>
<b>.my.domain :</b>
<b>* <a href="smtp.8.html">smtp</a>:outbound-relay.my.domain</b>
- In order to send mail for <b>example.com</b> and its subdomains
+ In order to send mail for <b>example.com</b> and its subdomains
via the <b>uucp</b> transport to the UUCP host named <b>example</b>:
<b>example.com uucp:example</b>
<b>.example.com uucp:example</b>
- When no nexthop host name is specified, the destination
- domain name is used instead. For example, the following
- directs mail for <i>user</i>@<b>example.com</b> via the <b>slow</b> transport
- to a mail exchanger for <b>example.com</b>. The <b>slow</b> transport
+ When no nexthop host name is specified, the destination
+ domain name is used instead. For example, the following
+ directs mail for <i>user</i>@<b>example.com</b> via the <b>slow</b> transport
+ to a mail exchanger for <b>example.com</b>. The <b>slow</b> transport
could be configured to run at most one delivery process at
a time:
<b>example.com slow:</b>
When no transport is specified, Postfix uses the transport
- that matches the address domain class (see DESCRIPTION
- above). The following sends all mail for <b>example.com</b> and
+ that matches the address domain class (see DESCRIPTION
+ above). The following sends all mail for <b>example.com</b> and
its subdomains to host <b>gateway.example.com</b>:
<b>example.com :[gateway.example.com]</b>
<b>.example.com :[gateway.example.com]</b>
- In the above example, the [] suppress MX lookups. This
- prevents mail routing loops when your machine is primary
+ In the above example, the [] suppress MX lookups. This
+ prevents mail routing loops when your machine is primary
MX host for <b>example.com</b>.
- In the case of delivery via SMTP, one may specify <i>host-</i>
+ In the case of delivery via SMTP, one may specify <i>host-</i>
<i>name</i>:<i>service</i> instead of just a host:
<b>example.com <a href="smtp.8.html">smtp</a>:bar.example:2025</b>
<b>.example.com <a href="error.8.html">error</a>:mail for *.example.com is not deliverable</b>
- This causes all mail for <i>user</i>@<i>anything</i><b>.example.com</b> to be
+ This causes all mail for <i>user</i>@<i>anything</i><b>.example.com</b> to be
bounced.
<b>REGULAR EXPRESSION TABLES</b>
- This section describes how the table lookups change when
+ This section describes how the table lookups change when
the table is given in the form of regular expressions. For
- a description of regular expression lookup table syntax,
+ a description of regular expression lookup table syntax,
see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
- Each pattern is a regular expression that is applied to
- the entire address being looked up. Thus,
- <i>some.domain.hierarchy</i> is not looked up via its parent
- domains, nor is <i>user+foo@domain</i> looked up as <i>user@domain</i>.
+ Each pattern is a regular expression that is applied to
+ the entire address being looked up. Thus,
+ <i>some.domain.hierarchy</i> is not looked up via its parent
+ domains, nor is <i>user+foo@domain</i> looked up as <i>user@domain</i>.
- Patterns are applied in the order as specified in the ta-
- ble, until a pattern is found that matches the search
+ Patterns are applied in the order as specified in the ta-
+ ble, until a pattern is found that matches the search
string.
The <a href="trivial-rewrite.8.html"><b>trivial-rewrite</b>(8)</a> server disallows regular expression
- substitution of $1 etc. in regular expression lookup
- tables, because that could open a security hole (Postfix
+ substitution of $1 etc. in regular expression lookup
+ tables, because that could open a security hole (Postfix
version 2.3 and later).
<b>TCP-BASED TABLES</b>
- This section describes how the table lookups change when
+ This section describes how the table lookups change when
lookups are directed to a TCP-based server. For a descrip-
tion of the TCP client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_ta-</b></a>
<a href="tcp_table.5.html"><b>ble</b>(5)</a>. This feature is not available up to and including
Postfix version 2.4.
- Each lookup operation uses the entire recipient address
- once. Thus, <i>some.domain.hierarchy</i> is not looked up via
- its parent domains, nor is <i>user+foo@domain</i> looked up as
+ Each lookup operation uses the entire recipient address
+ once. Thus, <i>some.domain.hierarchy</i> is not looked up via
+ its parent domains, nor is <i>user+foo@domain</i> looked up as
<i>user@domain</i>.
Results are the same as with indexed file lookups.
<b>CONFIGURATION PARAMETERS</b>
- The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant.
- The text below provides only a parameter summary. See
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant.
+ The text below provides only a parameter summary. See
<a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
<b><a href="postconf.5.html#empty_address_recipient">empty_address_recipient</a></b>
- The address that is looked up instead of the null
+ The address that is looked up instead of the null
sender address.
<b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a></b>
- List of Postfix features that use <i>domain.tld</i> pat-
- terns to match <i>sub.domain.tld</i> (as opposed to
+ List of Postfix features that use <i>domain.tld</i> pat-
+ terns to match <i>sub.domain.tld</i> (as opposed to
requiring <i>.domain.tld</i> patterns).
<b><a href="postconf.5.html#transport_maps">transport_maps</a></b>
<a href="FILTER_README.html">FILTER_README</a>, external content filter
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
that will be used instead of the null sender
address.
+ Available in Postfix version 2.7 and later:
+
+ <b><a href="postconf.5.html#empty_address_default_transport_maps_lookup_key">empty_address_default_transport_maps_lookup_key</a> (</b><><b>)</b>
+ The <a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> search
+ string that will be used instead of the null sender
+ address.
+
+ <b><a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> (empty)</b>
+ A sender-dependent override for the global
+ <a href="postconf.5.html#default_transport">default_transport</a> parameter setting.
+
<b>ADDRESS VERIFICATION CONTROLS</b>
- Postfix version 2.1 introduces sender and recipient
- address verification. This feature is implemented by
- sending probe email messages that are not actually deliv-
- ered. By default, address verification probes use the
- same route as regular mail. To override specific aspects
- of message routing for address verification probes, spec-
+ Postfix version 2.1 introduces sender and recipient
+ address verification. This feature is implemented by
+ sending probe email messages that are not actually deliv-
+ ered. By default, address verification probes use the
+ same route as regular mail. To override specific aspects
+ of message routing for address verification probes, spec-
ify one or more of the following:
<b><a href="postconf.5.html#address_verify_local_transport">address_verify_local_transport</a> ($<a href="postconf.5.html#local_transport">local_transport</a>)</b>
address verification probes.
<b><a href="postconf.5.html#address_verify_virtual_transport">address_verify_virtual_transport</a> ($<a href="postconf.5.html#virtual_transport">virtual_transport</a>)</b>
- Overrides the <a href="postconf.5.html#virtual_transport">virtual_transport</a> parameter setting
+ Overrides the <a href="postconf.5.html#virtual_transport">virtual_transport</a> parameter setting
for address verification probes.
<b><a href="postconf.5.html#address_verify_relay_transport">address_verify_relay_transport</a> ($<a href="postconf.5.html#relay_transport">relay_transport</a>)</b>
address verification probes.
<b><a href="postconf.5.html#address_verify_default_transport">address_verify_default_transport</a> ($<a href="postconf.5.html#default_transport">default_transport</a>)</b>
- Overrides the <a href="postconf.5.html#default_transport">default_transport</a> parameter setting
+ Overrides the <a href="postconf.5.html#default_transport">default_transport</a> parameter setting
for address verification probes.
<b><a href="postconf.5.html#address_verify_relayhost">address_verify_relayhost</a> ($<a href="postconf.5.html#relayhost">relayhost</a>)</b>
- Overrides the <a href="postconf.5.html#relayhost">relayhost</a> parameter setting for
+ Overrides the <a href="postconf.5.html#relayhost">relayhost</a> parameter setting for
address verification probes.
<b><a href="postconf.5.html#address_verify_transport_maps">address_verify_transport_maps</a> ($<a href="postconf.5.html#transport_maps">transport_maps</a>)</b>
- Overrides the <a href="postconf.5.html#transport_maps">transport_maps</a> parameter setting for
+ Overrides the <a href="postconf.5.html#transport_maps">transport_maps</a> parameter setting for
address verification probes.
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#address_verify_sender_dependent_relayhost_maps">address_verify_sender_dependent_relayhost_maps</a></b>
<b>($<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a>)</b>
Overrides the <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a>
- parameter setting for address verification probes.
+ parameter setting for address verification probes.
+
+ Available in Postfix version 2.7 and later:
+
+ <b><a href="postconf.5.html#address_verify_sender_dependent_default_transport_maps">address_verify_sender_dependent_default_transport_maps</a></b>
+ <b>($<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a>)</b>
+ Overrides the <a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_trans</a>-
+ <a href="postconf.5.html#sender_dependent_default_transport_maps">port_maps</a> parameter setting for address verifica-
+ tion probes.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
<a href="master.5.html">master.cf</a> configuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to
- handle a request before it is terminated by a
+ How much time a Postfix daemon process may take to
+ handle a request before it is terminated by a
built-in watchdog timer.
<b><a href="postconf.5.html#empty_address_recipient">empty_address_recipient</a> (MAILER-DAEMON)</b>
- The recipient of mail addressed to the null
+ The recipient of mail addressed to the null
address.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
over an internal communication channel.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix
- daemon process waits for an incoming connection
+ The maximum amount of time that an idle Postfix
+ daemon process waits for an incoming connection
before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of incoming connections that a
- Postfix daemon process will service before termi-
+ The maximal number of incoming connections that a
+ Postfix daemon process will service before termi-
nating voluntarily.
<b><a href="postconf.5.html#relocated_maps">relocated_maps</a> (empty)</b>
for users or domains that no longer exist.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
+ The process ID of a Postfix command or daemon
process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
+ The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
+ The location of the Postfix top-level queue direc-
tory.
<b><a href="postconf.5.html#show_user_unknown_table_name">show_user_unknown_table_name</a> (yes)</b>
- Display the name of the recipient table in the
+ Display the name of the recipient table in the
"User unknown" responses.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
+ The mail system name that is prepended to the
+ process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
Available in Postfix version 2.0 and later:
<b><a href="postconf.5.html#helpful_warnings">helpful_warnings</a> (yes)</b>
- Log warnings about problematic configuration set-
+ Log warnings about problematic configuration set-
tings, and provide helpful suggestions.
<b>SEE ALSO</b>
<a href="ADDRESS_VERIFICATION_README.html">ADDRESS_VERIFICATION_README</a>, Postfix address verification
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
.ft R
.PP
This feature is available in Postfix 2.1 and later.
+.SH address_verify_sender_dependent_default_transport_maps (default: $sender_dependent_default_transport_maps)
+Overrides the sender_dependent_default_transport_maps parameter
+setting for address verification probes.
+.PP
+This feature is available in Postfix 2.7 and later.
.SH address_verify_sender_dependent_relayhost_maps (default: $sender_dependent_relayhost_maps)
Overrides the sender_dependent_relayhost_maps parameter setting for address
verification probes.
The default mail delivery transport and next-hop destination for
destinations that do not match $mydestination, $inet_interfaces,
$proxy_interfaces, $virtual_alias_domains, $virtual_mailbox_domains,
-or $relay_domains. In order of decreasing precedence, the nexthop
-destination is taken from $default_transport,
+or $relay_domains. This information can be overruled with the
+sender_dependent_default_transport_maps parameter and with the
+\fBtransport\fR(5) table.
+.PP
+In order of decreasing precedence, the nexthop destination is taken
+from $sender_dependent_default_transport_maps, $default_transport,
$sender_dependent_relayhost_maps, $relayhost, or from the recipient
-domain. This information can be overruled with the \fBtransport\fR(5)
-table.
+domain.
.PP
Specify a string of the form \fItransport:nexthop\fR, where \fItransport\fR
is the name of a mail delivery transport defined in master.cf.
The maximal number of addresses remembered by the address
duplicate filter for \fBaliases\fR(5) or \fBvirtual\fR(5) alias expansion, or
for \fBshowq\fR(8) queue displays.
+.SH empty_address_default_transport_maps_lookup_key (default: <>)
+The sender_dependent_default_transport_maps search string that
+will be used instead of the null sender address.
+.PP
+This feature is available in Postfix 2.7 and later.
.SH empty_address_recipient (default: MAILER-DAEMON)
The recipient of mail addressed to the null address. Postfix does
not accept such addresses in SMTP commands, but they may still be
.SH relayhost (default: empty)
The next-hop destination of non-local mail; overrides non-local
domains in recipient addresses. This information is overruled with
-relay_transport, default_transport, sender_dependent_relayhost_maps
+relay_transport, sender_dependent_default_transport_maps,
+default_transport, sender_dependent_relayhost_maps
and with the \fBtransport\fR(5) table.
.PP
On an intranet, specify the organizational domain name. If your
.fi
.ad
.ft R
+.SH sender_dependent_default_transport_maps (default: empty)
+A sender-dependent override for the global default_transport
+parameter setting. The tables are searched by the envelope sender
+address and @domain. A lookup result of DUNNO terminates the search
+without overriding the global default_transport parameter setting.
+This information is overruled with the \fBtransport\fR(5) table.
+.PP
+Note: this overrides default_transport, not transport_maps, and
+therefore the expected syntax is that of default_transport. This
+feature does not support the transport_maps syntax for null transport,
+null nexthop, or null email addresses.
+.PP
+For safety reasons, this feature does not allow $number
+substitutions in regular expression maps.
+.PP
+This feature is available in Postfix 2.7 and later.
.SH sender_dependent_relayhost_maps (default: empty)
A sender-dependent override for the global relayhost parameter
setting. The tables are searched by the envelope sender address and
@domain. A lookup result of DUNNO terminates the search without
overriding the global relayhost parameter setting (Postfix 2.6 and
later). This information is overruled with relay_transport,
-default_transport and with the \fBtransport\fR(5) table.
+sender_dependent_default_transport_maps, default_transport and with
+the \fBtransport\fR(5) table.
.PP
For safety reasons, this feature does not allow $number
substitutions in regular expression maps.
Postfix actually accepts those recipients. The time unit is specified
with the anvil_rate_time_unit configuration parameter.
.PP
-By default, a client can make as many recipient addresses per time
+By default, a client can send as many recipient addresses per time
unit as Postfix can accept.
.PP
To disable this feature, specify a limit of 0.
.IP "\fBdefault_transport (default: smtp:)\fR"
This is the default for remote delivery to other destinations.
In order of decreasing precedence, the \fInexthop\fR
-destination is taken from \fBdefault_transport\fR,
-\fBsender_dependent_relayhost_maps\fR, \fBrelayhost\fR, or from the
-recipient domain.
+destination is taken from \fBsender_dependent_default_transport_maps,
+\fBdefault_transport\fR, \fBsender_dependent_relayhost_maps\fR,
+\fBrelayhost\fR, or from the recipient domain.
.PP
Normally, the \fBtransport\fR(5) table is specified as a text file
that serves as input to the \fBpostmap\fR(1) command.
intentional. The purpose is to prioritize legitimate clients
with as little overhead as possible.
-\fBpostscreen\fR(8) logs its observations and takes actions
-as described in the sections that follow.
-.SH "PERMANENT BLACKLIST TEST"
-.na
+\fBpostscreen\fR(8) performs tests in the order described below.
+.SH 1. PERMANENT WHITELIST TEST
+.ad
+.fi
+The postscreen_whitelist_networks parameter (default:
+$mynetworks) specifies a permanent whitelist for SMTP client
+IP addresses. This feature is not used for addresses that
+appear on the permanent blacklist.
+
+When the SMTP client address matches the permanent whitelist,
+this is logged as:
+.sp
.nf
+\fBWHITELISTED \fIaddress\fR
+.fi
+.sp
+The action is not configurable: immediately forward the
+connection to a real SMTP server process.
+.SH 2. PERMANENT BLACKLIST TEST
.ad
.fi
The postscreen_blacklist_networks parameter (default: empty)
a future implementation, the connection may instead be
passed to a dummy SMTP protocol engine that logs sender and
recipient information.
-.SH "PERMANENT WHITELIST TEST"
-.na
-.nf
-.ad
-.fi
-The postscreen_whitelist_networks parameter (default:
-$mynetworks) specifies a permanent whitelist for SMTP client
-IP addresses. This feature is not used for addresses that
-appear on the permanent blacklist.
-
-When the SMTP client address matches the permanent whitelist,
-this is logged as:
-.sp
-.nf
-\fBWHITELISTED \fIaddress\fR
-.fi
-.sp
-The action is not configurable: immediately forward the
-connection to a real SMTP server process.
-.SH "TEMPORARY WHITELIST TEST"
-.na
-.nf
+.SH 3. TEMPORARY WHITELIST TEST
.ad
.fi
The \fBpostscreen\fR(8) daemon maintains a \fItemporary\fR
excluded from further tests until its temporary whitelist
entry expires, as controlled with the postscreen_cache_ttl
parameter. Expired entries are silently renewed if possible.
-.SH "SMTP GREETING PHASE TESTS"
-.na
-.nf
+.SH 4. SMTP GREETING PHASE TESTS
.ad
.fi
The postscreen_greet_wait parameter specifies a time interval
a dummy SMTP protocol engine that implements more protocol
tests including greylisting, before the client is allowed
to talk to a real SMTP server process.
-.SH "PREGREET TEST"
-.na
-.nf
+.SH 4A. PREGREET TEST
.ad
.fi
The postscreen_greet_banner parameter specifies the text
In a future implementation, the connection may instead be passed
to a dummy SMTP protocol engine that logs sender and recipient
information.
-.SH "HANGUP TEST"
-.na
-.nf
+.SH 4B. HANGUP TEST
.ad
.fi
When the SMTP client hangs up without sending any data
the broken connection to a real SMTP server process.
.IP "\fBdrop\fR (enforcement mode)"
Drop the connection immediately.
-.SH "DNS BLOCKLIST TEST"
-.na
-.nf
+.SH 4C. DNS BLOCKLIST TEST
.ad
.fi
The postscreen_dnsbl_sites parameter (default: empty)
.IP "\fBempty_address_relayhost_maps_lookup_key (<>)\fR"
The sender_dependent_relayhost_maps search string that will be
used instead of the null sender address.
+.PP
+Available in Postfix version 2.7 and later:
+.IP "\fBempty_address_default_transport_maps_lookup_key (<>)\fR"
+The sender_dependent_default_transport_maps search string that
+will be used instead of the null sender address.
+.IP "\fBsender_dependent_default_transport_maps (empty)\fR"
+A sender-dependent override for the global default_transport
+parameter setting.
.SH "ADDRESS VERIFICATION CONTROLS"
.na
.nf
.IP "\fBaddress_verify_sender_dependent_relayhost_maps ($sender_dependent_relayhost_maps)\fR"
Overrides the sender_dependent_relayhost_maps parameter setting for address
verification probes.
+.PP
+Available in Postfix version 2.7 and later:
+.IP "\fBaddress_verify_sender_dependent_default_transport_maps ($sender_dependent_default_transport_maps)\fR"
+Overrides the sender_dependent_default_transport_maps parameter
+setting for address verification probes.
.SH "MISCELLANEOUS CONTROLS"
.na
.nf
s;\baccess_map_reject_code\b;<a href="postconf.5.html#access_map_reject_code">$&</a>;g;
s;\baccess_map_defer_code\b;<a href="postconf.5.html#access_map_defer_code">$&</a>;g;
s;\baddress_verify_default_transport\b;<a href="postconf.5.html#address_verify_default_transport">$&</a>;g;
+ s;\baddress_verify_sender_depen[-</bB>]*\n*[ <bB>]*dent_default_trans[-</bB>]*\n*[ <bB>]*port_maps\b;<a href="postconf.5.html#address_verify_sender_dependent_default_transport_maps">$&</a>;g;
s;\baddress_verify_local_transport\b;<a href="postconf.5.html#address_verify_local_transport">$&</a>;g;
s;\baddress_verify_map\b;<a href="postconf.5.html#address_verify_map">$&</a>;g;
s;\baddress_verify_negative_cache\b;<a href="postconf.5.html#address_verify_negative_cache">$&</a>;g;
s;\bdefault_recipi[-</bB>]*\n* *[<bB>]*ent_refill_delay\b;<a href="postconf.5.html#default_recipient_refill_delay">$&</a>;g;
s;\bdefault_recip[-</bB>]*\n* *[<bB>]*ient_limit\b;<a href="postconf.5.html#default_recipient_limit">$&</a>;g;
s;\bdefault_transport\b;<a href="postconf.5.html#default_transport">$&</a>;g;
+ s;\bsender_depen[-</bB>]*\n* *[<bB>]*dent_default_trans[-</bB>]*\n* *[<bB>]*port_maps\b;<a href="postconf.5.html#sender_dependent_default_transport_maps">$&</a>;g;
+ s;\bempty_address_default_transport_maps_lookup_key\b;<a href="postconf.5.html#empty_address_default_transport_maps_lookup_key">$&</a>;g;
s;\bdefault_verp_delimiters\b;<a href="postconf.5.html#default_verp_delimiters">$&</a>;g;
s;\bdefer_code\b;<a href="postconf.5.html#defer_code">$&</a>;g;
s;\bdefer_service_name\b;<a href="postconf.5.html#defer_service_name">$&</a>;g;
The default mail delivery transport and next-hop destination for
destinations that do not match $mydestination, $inet_interfaces,
$proxy_interfaces, $virtual_alias_domains, $virtual_mailbox_domains,
-or $relay_domains. In order of decreasing precedence, the nexthop
-destination is taken from $default_transport,
+or $relay_domains. This information can be overruled with the
+sender_dependent_default_transport_maps parameter and with the
+transport(5) table. </p>
+
+<p>
+In order of decreasing precedence, the nexthop destination is taken
+from $sender_dependent_default_transport_maps, $default_transport,
$sender_dependent_relayhost_maps, $relayhost, or from the recipient
-domain. This information can be overruled with the transport(5)
-table.
+domain.
</p>
<p>
<p>
The next-hop destination of non-local mail; overrides non-local
domains in recipient addresses. This information is overruled with
-relay_transport, default_transport, sender_dependent_relayhost_maps
+relay_transport, sender_dependent_default_transport_maps,
+default_transport, sender_dependent_relayhost_maps
and with the transport(5) table.
</p>
</p>
<p>
-By default, a client can make as many recipient addresses per time
+By default, a client can send as many recipient addresses per time
unit as Postfix can accept.
</p>
@domain. A lookup result of DUNNO terminates the search without
overriding the global relayhost parameter setting (Postfix 2.6 and
later). This information is overruled with relay_transport,
-default_transport and with the transport(5) table. </p>
+sender_dependent_default_transport_maps, default_transport and with
+the transport(5) table. </p>
<p> For safety reasons, this feature does not allow $number
substitutions in regular expression maps. </p>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.7 and later. </p>
+
+%PARAM empty_address_default_transport_maps_lookup_key <>
+
+<p> The sender_dependent_default_transport_maps search string that
+will be used instead of the null sender address. </p>
+
+<p> This feature is available in Postfix 2.7 and later. </p>
+
+%PARAM sender_dependent_default_transport_maps
+
+<p> A sender-dependent override for the global default_transport
+parameter setting. The tables are searched by the envelope sender
+address and @domain. A lookup result of DUNNO terminates the search
+without overriding the global default_transport parameter setting.
+This information is overruled with the transport(5) table. </p>
+
+<p> Note: this overrides default_transport, not transport_maps, and
+therefore the expected syntax is that of default_transport. This
+feature does not support the transport_maps syntax for null transport,
+null nexthop, or null email addresses. </p>
+
+<p> For safety reasons, this feature does not allow $number
+substitutions in regular expression maps. </p>
+
+<p> This feature is available in Postfix 2.7 and later. </p>
+
+%PARAM address_verify_sender_dependent_default_transport_maps $sender_dependent_default_transport_maps
+
+<p> Overrides the sender_dependent_default_transport_maps parameter
+setting for address verification probes. </p>
+
+<p> This feature is available in Postfix 2.7 and later. </p>
+
# \fBpostmap -q - /etc/postfix/transport <\fIinputfile\fR
# DESCRIPTION
# The optional \fBtransport\fR(5) table specifies a mapping from email
-# addresses to message delivery transports and next-hop destinations.
+# addresses to message delivery transports and next-hop destinations.
# Message delivery transports such as \fBlocal\fR or \fBsmtp\fR
# are defined in the \fBmaster.cf\fR file, and next-hop
# destinations are typically hosts or domain names. The
# .IP "\fBdefault_transport (default: smtp:)\fR"
# This is the default for remote delivery to other destinations.
# In order of decreasing precedence, the \fInexthop\fR
-# destination is taken from \fBdefault_transport\fR,
-# \fBsender_dependent_relayhost_maps\fR, \fBrelayhost\fR, or from the
-# recipient domain.
+# destination is taken from \fBsender_dependent_default_transport_maps,
+# \fBdefault_transport\fR, \fBsender_dependent_relayhost_maps\fR,
+# \fBrelayhost\fR, or from the recipient domain.
# .PP
# Normally, the \fBtransport\fR(5) table is specified as a text file
# that serves as input to the \fBpostmap\fR(1) command.
#define DEF_DEF_TRANSPORT MAIL_SERVICE_SMTP
extern char *var_def_transport;
+#define VAR_SND_DEF_XPORT_MAPS "sender_dependent_" VAR_DEF_TRANSPORT "_maps"
+#define DEF_SND_DEF_XPORT_MAPS ""
+extern char *var_snd_def_xport_maps;
+
+#define VAR_NULL_DEF_XPORT_MAPS_KEY "empty_address_" VAR_DEF_TRANSPORT "_maps_lookup_key"
+#define DEF_NULL_DEF_XPORT_MAPS_KEY "<>"
+extern char *var_null_def_xport_maps_key;
+
/*
* trivial rewrite/resolve service: rewriting controls.
*/
#define DEF_VRFY_DEF_XPORT "$" VAR_DEF_TRANSPORT
extern char *var_vrfy_def_xport;
+#define VAR_VRFY_SND_DEF_XPORT_MAPS "address_verify_" VAR_SND_DEF_XPORT_MAPS
+#define DEF_VRFY_SND_DEF_XPORT_MAPS "$" VAR_SND_DEF_XPORT_MAPS
+extern char *var_snd_def_xport_maps;
+
#define VAR_VRFY_RELAYHOST "address_verify_relayhost"
#define DEF_VRFY_RELAYHOST "$" VAR_RELAYHOST
extern char *var_vrfy_relayhost;
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20091115"
+#define MAIL_RELEASE_DATE "20091209"
#define MAIL_VERSION_NUMBER "2.7"
#ifdef SNAPSHOT
/* intentional. The purpose is to prioritize legitimate clients
/* with as little overhead as possible.
/*
-/* \fBpostscreen\fR(8) logs its observations and takes actions
-/* as described in the sections that follow.
-/* PERMANENT BLACKLIST TEST
+/* \fBpostscreen\fR(8) performs tests in the order described below.
+/* .SH 1. PERMANENT WHITELIST TEST
+/* .ad
+/* .fi
+/* The postscreen_whitelist_networks parameter (default:
+/* $mynetworks) specifies a permanent whitelist for SMTP client
+/* IP addresses. This feature is not used for addresses that
+/* appear on the permanent blacklist.
+/*
+/* When the SMTP client address matches the permanent whitelist,
+/* this is logged as:
+/* .sp
+/* .nf
+/* \fBWHITELISTED \fIaddress\fR
+/* .fi
+/* .sp
+/* The action is not configurable: immediately forward the
+/* connection to a real SMTP server process.
+/* .SH 2. PERMANENT BLACKLIST TEST
/* .ad
/* .fi
/* The postscreen_blacklist_networks parameter (default: empty)
/* a future implementation, the connection may instead be
/* passed to a dummy SMTP protocol engine that logs sender and
/* recipient information.
-/* PERMANENT WHITELIST TEST
+/* .SH 3. TEMPORARY WHITELIST TEST
/* .ad
/* .fi
-/* The postscreen_whitelist_networks parameter (default:
-/* $mynetworks) specifies a permanent whitelist for SMTP client
-/* IP addresses. This feature is not used for addresses that
-/* appear on the permanent blacklist.
-/*
-/* When the SMTP client address matches the permanent whitelist,
-/* this is logged as:
-/* .sp
-/* .nf
-/* \fBWHITELISTED \fIaddress\fR
-/* .fi
-/* .sp
-/* The action is not configurable: immediately forward the
-/* connection to a real SMTP server process.
-/* TEMPORARY WHITELIST TEST
-/* .ad
-/* .fi
/* The \fBpostscreen\fR(8) daemon maintains a \fItemporary\fR
/* whitelist for SMTP client IP addresses that have passed all
/* the tests described below. The postscreen_cache_map parameter
/* excluded from further tests until its temporary whitelist
/* entry expires, as controlled with the postscreen_cache_ttl
/* parameter. Expired entries are silently renewed if possible.
-/* SMTP GREETING PHASE TESTS
+/* .SH 4. SMTP GREETING PHASE TESTS
/* .ad
/* .fi
/* The postscreen_greet_wait parameter specifies a time interval
/* a dummy SMTP protocol engine that implements more protocol
/* tests including greylisting, before the client is allowed
/* to talk to a real SMTP server process.
-/* PREGREET TEST
+/* .SH 4A. PREGREET TEST
/* .ad
/* .fi
/* The postscreen_greet_banner parameter specifies the text
/* In a future implementation, the connection may instead be passed
/* to a dummy SMTP protocol engine that logs sender and recipient
/* information.
-/* HANGUP TEST
+/* .SH 4B. HANGUP TEST
/* .ad
/* .fi
/* When the SMTP client hangs up without sending any data
/* the broken connection to a real SMTP server process.
/* .IP "\fBdrop\fR (enforcement mode)"
/* Drop the connection immediately.
-/* DNS BLOCKLIST TEST
+/* .SH 4C. DNS BLOCKLIST TEST
/* .ad
/* .fi
/* The postscreen_dnsbl_sites parameter (default: empty)
-/* specifies a list of DNS blocklist servers.
+/* specifies a list of DNS blocklist servers.
/*
/* When the postscreen_greet_wait time has elapsed, and the
/* SMTP client address is listed with at least one of these
int dt_usec; /* make sure it's signed */
} DELTA_TIME;
-#define DELTA(x, y, z) \
+#define PS_CALC_DELTA(x, y, z) \
do { \
(x).dt_sec = (y).tv_sec - (z).tv_sec; \
(x).dt_usec = (y).tv_usec - (z).tv_usec; \
#define STR(x) vstring_str(x)
#define LEN(x) VSTRING_LEN(x)
+ /*
+ * Monitor time-critical operations.
+ */
+#define PS_GET_TIME_BEFORE_LOOKUP \
+ struct timeval _before, _after; \
+ DELTA_TIME _delta; \
+ GETTIMEOFDAY(&_before);
+
+#define PS_DELTA_MS(d) ((d).dt_sec * 1000 + (d).dt_usec / 1000)
+
+#define PS_CHECK_TIME_AFTER_LOOKUP(table, action) \
+ GETTIMEOFDAY(&_after); \
+ PS_CALC_DELTA(_delta, _after, _before); \
+ if (_delta.dt_sec > 1 || _delta.dt_usec > 100000) \
+ msg_warn("%s: %s %s took %d ms", \
+ myname, (table), (action), PS_DELTA_MS(_delta));
+
+/* ps_addr_match_list_match - time-critical address list lookup */
+
+static int ps_addr_match_list_match(ADDR_MATCH_LIST *addr_list,
+ const char *addr_str)
+{
+ const char *myname = "ps_addr_match_list_match";
+ int result;
+
+ PS_GET_TIME_BEFORE_LOOKUP;
+ result = addr_match_list_match(addr_list, addr_str);
+ PS_CHECK_TIME_AFTER_LOOKUP("address list", "lookup");
+ return (result);
+}
+
+/* ps_dict_get - time-critical table lookup */
+
+static const char *ps_dict_get(DICT *dict, const char *key)
+{
+ const char *myname = "ps_dict_get";
+ const char *result;
+
+ PS_GET_TIME_BEFORE_LOOKUP;
+ result = dict_get(dict, key);
+ PS_CHECK_TIME_AFTER_LOOKUP(dict->name, "lookup");
+ return (result);
+}
+
+/* ps_dict_put - table dictionary update */
+
+static void ps_dict_put(DICT *dict, const char *key, const char *value)
+{
+ const char *myname = "ps_dict_put";
+
+ PS_GET_TIME_BEFORE_LOOKUP;
+ dict_put(dict, key, value);
+ PS_CHECK_TIME_AFTER_LOOKUP(dict->name, "update");
+}
+
/*
* DNSBL lookup status per client IP address.
*/
struct timeval now;
GETTIMEOFDAY(&now);
- DELTA(pdelay, now, tv);
+ PS_CALC_DELTA(pdelay, now, tv);
VSTRING_RESET(buf);
format_tv(buf, pdelay.dt_sec, pdelay.dt_usec, SIG_DIGS, var_delay_max_res);
*delta = pdelay.dt_sec;
"OLD" : "NEW", state->smtp_client_addr);
if (cache_map != 0) {
vstring_sprintf(temp, "%ld", (long) event_time());
- dict_put(cache_map, state->smtp_client_addr, STR(temp));
+ ps_dict_put(cache_map, state->smtp_client_addr, STR(temp));
}
}
send_socket(state);
* could retry failed fork() operations in the event call-back routines,
* but we don't need perfection. The host system is severely overloaded
* and service levels are already way down.
+ *
+ * XXX Some Berkeley DB versions break with close-after-fork. Every new
+ * version is an improvement over its predecessor.
*/
+ if (cache_map != 0) {
+ dict_close(cache_map);
+ cache_map = 0;
+ }
for (count = 0; /* see below */ ; count++) {
if (count >= 5) {
msg_fatal("fork: %m");
sleep(1);
continue;
} else {
- if (cache_map != 0) {
- dict_close(cache_map);
- cache_map = 0;
- }
return;
}
}
}
/*
- * The permanent blacklist has first precedence. If the client is
+ * The permanent whitelist has highest precedence (never block mail from
+ * whitelisted sites).
+ */
+ if (wlist_nets != 0
+ && ps_addr_match_list_match(wlist_nets, smtp_client_addr.buf) != 0) {
+ msg_info("WHITELISTED %s", smtp_client_addr.buf);
+ state_flags |= PS_FLAG_WHITELISTED;
+ }
+
+ /*
+ * The permanent blacklist has second precedence. If the client is
* permanently blacklisted, send some generic reply and hang up
* immediately, or torture them a little longer.
*/
- if (blist_nets != 0
- && addr_match_list_match(blist_nets, smtp_client_addr.buf) != 0) {
+ else if (blist_nets != 0
+ && ps_addr_match_list_match(blist_nets, smtp_client_addr.buf) != 0) {
msg_info("BLACKLISTED %s", smtp_client_addr.buf);
if (blist_action == PS_ACT_DROP) {
smtp_reply(vstream_fileno(smtp_client_stream),
}
}
- /*
- * The permanent whitelist has second precedence.
- */
- else if (wlist_nets != 0
- && addr_match_list_match(wlist_nets, smtp_client_addr.buf) != 0) {
- msg_info("WHITELISTED %s", smtp_client_addr.buf);
- state_flags |= PS_FLAG_WHITELISTED;
- }
-
/*
* Finally, the temporary whitelist (i.e. the postscreen cache) has the
* lowest precedence.
*/
else if (cache_map != 0
- && (stamp_str = dict_get(cache_map, smtp_client_addr.buf)) != 0) {
+ && (stamp_str = ps_dict_get(cache_map, smtp_client_addr.buf)) != 0) {
stamp_time = strtoul(stamp_str, 0, 10);
if (stamp_time > event_time() - var_ps_cache_ttl) {
msg_info("PASS OLD %s", smtp_client_addr.buf);
* specified, or when DNS lookups are disabled.
*/
dest_buf = smtp_parse_destination(dest, def_service, &domain, &port);
+ if (var_helpful_warnings && ntohs(port) == 465) {
+ msg_info("CLIENT wrappermode (port smtps/465) is unimplemented");
+ msg_info("instead, send to (port submission/587) with STARTTLS");
+ }
/*
* Resolve an SMTP server. Skip mail exchanger lookups when a quoted
#endif
+/* smtpd_whatsup - gather available evidence for logging */
+
+static const char *smtpd_whatsup(SMTPD_STATE *state)
+{
+ static VSTRING *buf = 0;
+
+ if (buf == 0)
+ buf = vstring_alloc(100);
+ else
+ VSTRING_RESET(buf);
+ if (state->sender)
+ vstring_sprintf_append(buf, " from=<%s>", state->sender);
+ if (state->recipient)
+ vstring_sprintf_append(buf, " to=<%s>", state->recipient);
+ if (state->protocol)
+ vstring_sprintf_append(buf, " proto=%s", state->protocol);
+ if (state->helo_name)
+ vstring_sprintf_append(buf, " helo=<%s>", state->helo_name);
+ return (STR(buf));
+}
+
/* collapse_args - put arguments together again */
static void collapse_args(int argc, SMTPD_TOKEN *argv)
static const char *check_milter_reply(SMTPD_STATE *state, const char *reply)
{
const char *queue_id = state->queue_id ? state->queue_id : "NOQUEUE";
- VSTRING *buf = vstring_alloc(100);
const char *action;
const char *text;
- /*
- * XXX Copied from log_whatsup(). Needs to be changed into a reusable
- * function.
- */
- if (state->sender)
- vstring_sprintf_append(buf, " from=<%s>", state->sender);
- if (state->recipient)
- vstring_sprintf_append(buf, " to=<%s>", state->recipient);
- if (state->protocol)
- vstring_sprintf_append(buf, " proto=%s", state->protocol);
- if (state->helo_name)
- vstring_sprintf_append(buf, " helo=<%s>", state->helo_name);
-
/*
* The syntax of user-specified SMTP replies is checked by the Milter
* module, because the replies are also used in the cleanup server.
break;
}
msg_info("%s: %s: %s from %s: %s;%s", queue_id, action, state->where,
- state->namaddr, reply ? reply : text, STR(buf));
- vstring_free(buf);
+ state->namaddr, reply ? reply : text, smtpd_whatsup(state));
return (reply);
}
detail->smtp, detail->dsn, state->err);
}
+ /*
+ * By popular command: the proxy's end-of-data reply.
+ */
+ if (proxy)
+ msg_info("proxy-%s: %s: %s;%s",
+ (state->err == CLEANUP_STAT_OK) ? "accept" : "reject",
+ state->where, STR(proxy->buffer), smtpd_whatsup(state));
+
/*
* Cleanup. The client may send another MAIL command.
*/
* file is expensive compared to reading or writing. For security reasons
* we must truncate the file before reuse. For performance reasons we
* should truncate the file immediately after the end of a mail
- * transaction. We enforce the security guarantee here by requiring that
- * no I/O happened since the file was truncated. This is less expensive
- * than truncating the file redundantly.
+ * transaction. We enforce the security guarantee upon reuse, by
+ * requiring that no I/O happened since the file was truncated. This is
+ * less expensive than truncating the file redundantly.
*/
if (smtpd_proxy_replay_stream != 0) {
/* vstream_ftell() won't invoke the kernel, so all errors are mine. */
char *oper;
char *junk;
const char *relay;
+ const char *xport;
+ const char *sender_key;
*flags = 0;
vstring_strcpy(channel, "CHANNEL NOT UPDATED");
* Other off-host destination.
*/
else {
- vstring_strcpy(channel, RES_PARAM_VALUE(rp->def_transport));
- blame = rp->def_transport_name;
+ if (rp->snd_def_xp_info
+ && (xport = mail_addr_find(rp->snd_def_xp_info,
+ sender_key = (*sender ? sender :
+ var_null_def_xport_maps_key),
+ (char **) 0)) != 0) {
+ if (*xport == 0) {
+ msg_warn("%s: ignoring null lookup result for %s",
+ rp->snd_def_xp_maps_name, sender_key);
+ xport = "DUNNO";
+ }
+ vstring_strcpy(channel, strcasecmp(xport, "DUNNO") == 0 ?
+ RES_PARAM_VALUE(rp->def_transport) : xport);
+ blame = rp->snd_def_xp_maps_name;
+ } else if (dict_errno != 0) {
+ msg_warn("%s lookup failure", rp->snd_def_xp_maps_name);
+ *flags |= RESOLVE_FLAG_FAIL;
+ FREE_MEMORY_AND_RETURN;
+ } else {
+ vstring_strcpy(channel, RES_PARAM_VALUE(rp->def_transport));
+ blame = rp->def_transport_name;
+ }
*flags |= RESOLVE_CLASS_DEFAULT;
}
* override the recipient domain.
*/
if (rp->snd_relay_info
- && (relay = mail_addr_find(rp->snd_relay_info, *sender ?
- sender : var_null_relay_maps_key,
- (char **) 0)) != 0)
+ && (relay = mail_addr_find(rp->snd_relay_info,
+ sender_key = (*sender ? sender :
+ var_null_relay_maps_key),
+ (char **) 0)) != 0) {
+ if (*relay == 0) {
+ msg_warn("%s: ignoring null lookup result for %s",
+ rp->snd_relay_maps_name, sender_key);
+ relay = "DUNNO";
+ }
vstring_strcpy(nexthop, strcasecmp(relay, "DUNNO") == 0 ?
rcpt_domain : relay);
- else if (*RES_PARAM_VALUE(rp->relayhost))
+ } else if (dict_errno != 0) {
+ msg_warn("%s lookup failure", rp->snd_relay_maps_name);
+ *flags |= RESOLVE_FLAG_FAIL;
+ FREE_MEMORY_AND_RETURN;
+ } else if (*RES_PARAM_VALUE(rp->relayhost))
vstring_strcpy(nexthop, RES_PARAM_VALUE(rp->relayhost));
else
vstring_strcpy(nexthop, rcpt_domain);
/* .IP "\fBempty_address_relayhost_maps_lookup_key (<>)\fR"
/* The sender_dependent_relayhost_maps search string that will be
/* used instead of the null sender address.
+/* .PP
+/* Available in Postfix version 2.7 and later:
+/* .IP "\fBempty_address_default_transport_maps_lookup_key (<>)\fR"
+/* The sender_dependent_default_transport_maps search string that
+/* will be used instead of the null sender address.
+/* .IP "\fBsender_dependent_default_transport_maps (empty)\fR"
+/* A sender-dependent override for the global default_transport
+/* parameter setting.
/* ADDRESS VERIFICATION CONTROLS
/* .ad
/* .fi
/* .IP "\fBaddress_verify_sender_dependent_relayhost_maps ($sender_dependent_relayhost_maps)\fR"
/* Overrides the sender_dependent_relayhost_maps parameter setting for address
/* verification probes.
+/* .PP
+/* Available in Postfix version 2.7 and later:
+/* .IP "\fBaddress_verify_sender_dependent_default_transport_maps ($sender_dependent_default_transport_maps)\fR"
+/* Overrides the sender_dependent_default_transport_maps parameter
+/* setting for address verification probes.
/* MISCELLANEOUS CONTROLS
/* .ad
/* .fi
char *var_virt_mailbox_doms;
char *var_relocated_maps;
char *var_def_transport;
+char *var_snd_def_xport_maps;
char *var_empty_addr;
int var_show_unk_rcpt_table;
int var_resolve_nulldom;
char *var_remote_rwr_domain;
char *var_snd_relay_maps;
char *var_null_relay_maps_key;
+char *var_null_def_xport_maps_key;
int var_resolve_num_dom;
bool var_allow_min_user;
char *var_vrfy_virt_xport;
char *var_vrfy_relay_xport;
char *var_vrfy_def_xport;
+char *var_vrfy_snd_def_xport_maps;
char *var_vrfy_relayhost;
char *var_vrfy_relay_maps;
VAR_VIRT_TRANSPORT, &var_virt_transport,
VAR_RELAY_TRANSPORT, &var_relay_transport,
VAR_DEF_TRANSPORT, &var_def_transport,
+ VAR_SND_DEF_XPORT_MAPS, &var_snd_def_xport_maps, 0,
VAR_RELAYHOST, &var_relayhost,
VAR_SND_RELAY_MAPS, &var_snd_relay_maps, 0,
VAR_TRANSPORT_MAPS, &var_transport_maps, 0
VAR_VRFY_VIRT_XPORT, &var_vrfy_virt_xport,
VAR_VRFY_RELAY_XPORT, &var_vrfy_relay_xport,
VAR_VRFY_DEF_XPORT, &var_vrfy_def_xport,
+ VAR_VRFY_SND_DEF_XPORT_MAPS, &var_vrfy_snd_def_xport_maps, 0,
VAR_VRFY_RELAYHOST, &var_vrfy_relayhost,
VAR_VRFY_RELAY_MAPS, &var_vrfy_relay_maps, 0,
VAR_VRFY_XPORT_MAPS, &var_vrfy_xport_maps, 0
RES_PARAM_VALUE(resolve_verify.snd_relay_maps),
DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX
| DICT_FLAG_NO_REGSUB);
+ if (*RES_PARAM_VALUE(resolve_regular.snd_def_xp_maps))
+ resolve_regular.snd_def_xp_info =
+ maps_create(resolve_regular.snd_def_xp_maps_name,
+ RES_PARAM_VALUE(resolve_regular.snd_def_xp_maps),
+ DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX
+ | DICT_FLAG_NO_REGSUB);
+ if (*RES_PARAM_VALUE(resolve_verify.snd_def_xp_maps))
+ resolve_verify.snd_def_xp_info =
+ maps_create(resolve_verify.snd_def_xp_maps_name,
+ RES_PARAM_VALUE(resolve_verify.snd_def_xp_maps),
+ DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX
+ | DICT_FLAG_NO_REGSUB);
}
/* post_jail_init - initialize after entering chroot jail */
VAR_SND_RELAY_MAPS, DEF_SND_RELAY_MAPS, &var_snd_relay_maps, 0, 0,
VAR_NULL_RELAY_MAPS_KEY, DEF_NULL_RELAY_MAPS_KEY, &var_null_relay_maps_key, 1, 0,
VAR_VRFY_RELAY_MAPS, DEF_VRFY_RELAY_MAPS, &var_vrfy_relay_maps, 0, 0,
+ VAR_SND_DEF_XPORT_MAPS, DEF_SND_DEF_XPORT_MAPS, &var_snd_def_xport_maps, 0, 0,
+ VAR_NULL_DEF_XPORT_MAPS_KEY, DEF_NULL_DEF_XPORT_MAPS_KEY, &var_null_def_xport_maps_key, 1, 0,
+ VAR_VRFY_SND_DEF_XPORT_MAPS, DEF_VRFY_SND_DEF_XPORT_MAPS, &var_vrfy_snd_def_xport_maps, 0, 0,
0,
};
static const CONFIG_BOOL_TABLE bool_table[] = {
char **relay_transport; /* relay transport:nexthop */
const char *def_transport_name; /* name of variable */
char **def_transport; /* default transport:nexthop */
+ const char *snd_def_xp_maps_name; /* name of variable */
+ char **snd_def_xp_maps; /* maptype:mapname */
+ MAPS *snd_def_xp_info; /* handle */
const char *relayhost_name; /* name of variable */
char **relayhost; /* for relay and default transport */
const char *snd_relay_maps_name; /* name of variable */
projects / thirdparty / postfix.git / commitdiff
