addresses with numeric domains instead of rejecting them as
invalid. Files: trivial-rewrite/resolve.c, util/vstring.c.
+ Bugfix: 20051219 "postconf -A" produced "postconf -a" output.
+ Andreas Winkelmann.
+
Open problems:
"postsuper -r" no longer resets the message arrival time,
People who go to the trouble of installing Postfix may have the expectation
that Postfix is more secure than some other mailers. The Cyrus SASL library is
a lot of code. With this, Postfix becomes as secure as other mail systems that
-use the Cyrus SASL library.
+use the Cyrus SASL library. Dovecot provides an alternative that may be worth
+considering.
H\bHo\bow\bw P\bPo\bos\bst\btf\bfi\bix\bx u\bus\bse\bes\bs S\bSA\bAS\bSL\bL a\bau\but\bth\bhe\ben\bnt\bti\bic\bca\bat\bti\bio\bon\bn i\bin\bnf\bfo\bor\brm\bma\bat\bti\bio\bon\bn
This document covers the following topics:
- * What SASL versions are supported
+ * What SASL implementations are supported
* Building Postfix with Dovecot SASL support
* Building the Cyrus SASL library
* Building Postfix with Cyrus SASL support
* Enabling SASL authentication in the Postfix SMTP client
* Credits
-W\bWh\bha\bat\bt S\bSA\bAS\bSL\bL v\bve\ber\brs\bsi\bio\bon\bns\bs a\bar\bre\be s\bsu\bup\bpp\bpo\bor\brt\bte\bed\bd
+W\bWh\bha\bat\bt S\bSA\bAS\bSL\bL i\bim\bmp\bpl\ble\bem\bme\ben\bnt\bta\bat\bti\bio\bon\bns\bs a\bar\bre\be s\bsu\bup\bpp\bpo\bor\brt\bte\bed\bd
This document describes Postfix with the following SASL implementations:
% postconf -a (SASL support in the SMTP server)
% postconf -A (SASL support in the SMTP+LMTP client)
-Needless to say, these commands are not available in Postfix versions before
-2.3.
+Needless to say, these commands are not available in earlier Postfix versions.
B\bBu\bui\bil\bld\bdi\bin\bng\bg P\bPo\bos\bst\btf\bfi\bix\bx w\bwi\bit\bth\bh D\bDo\bov\bve\bec\bco\bot\bt S\bSA\bAS\bSL\bL s\bsu\bup\bpp\bpo\bor\brt\bt
-Dovecot is available via http://www.dovecot.org/. It uses its own daemon
-process for authentication. Building Postfix with Dovecot SASL support is
-relatively easy, because there is no need to link extra libraries into Postfix.
+Dovecot SASL support is available in Postfix 2.3 and later. The Dovecot source
+code is available via http://www.dovecot.org/. At the time of writing, only
+server-side SASL support is available, so you can't use it to authenticate to
+your network provider's server. Dovecot uses its own daemon process for
+authentication. This keeps the Postfix build process simple, because there is
+no need to link extra libraries into Postfix.
To generate the necessary Makefiles, execute the following in the Postfix top-
level directory:
-% make makefiles CCARGS='-DUSE_SASL_AUTH -DDEF_SASL_SERVER=\"dovecot\"'
+ % make makefiles CCARGS='-DUSE_SASL_AUTH -DDEF_SASL_SERVER=\"dovecot\"'
+
+After this, proceed with "make" as described in the INSTALL document.
Notes:
* If you also want support for LDAP or TLS, you will have to merge their
CCARGS and AUXLIBS into the above command line.
- * After this, proceed with "make" as described in the INSTALL document.
-
B\bBu\bui\bil\bld\bdi\bin\bng\bg t\bth\bhe\be C\bCy\byr\bru\bus\bs S\bSA\bAS\bSL\bL l\bli\bib\bbr\bra\bar\bry\by
Postfix appears to work with cyrus-sasl-1.5.5 or cyrus-sasl-2.1.1, which are
B\bBu\bui\bil\bld\bdi\bin\bng\bg P\bPo\bos\bst\btf\bfi\bix\bx w\bwi\bit\bth\bh C\bCy\byr\bru\bus\bs S\bSA\bAS\bSL\bL s\bsu\bup\bpp\bpo\bor\brt\bt
-To build Postfix with SASL authentication support, the following assumes that
-the Cyrus SASL include files are in /usr/local/include, and that the Cyrus SASL
-libraries are in /usr/local/lib.
+The following assumes that the Cyrus SASL include files are in /usr/local/
+include, and that the Cyrus SASL libraries are in /usr/local/lib.
On some systems this generates the necessary Makefile definitions:
Note: the SASL login names will be shared with the entire world.
+Older Microsoft SMTP client software implements a non-standard version of the
+AUTH protocol syntax, and expects that the SMTP server replies to EHLO with
+"250 AUTH=stuff" instead of "250 AUTH stuff". To accommodate such clients (in
+addition to conformant clients) use the following:
+
+ /etc/postfix/main.cf:
+ broken_sasl_auth_clients = yes
+
D\bDo\bov\bve\bec\bco\bot\bt S\bSA\bAS\bSL\bL c\bco\bon\bnf\bfi\big\bgu\bur\bra\bat\bti\bio\bon\bn f\bfo\bor\br t\bth\bhe\be P\bPo\bos\bst\btf\bfi\bix\bx S\bSM\bMT\bTP\bP s\bse\ber\brv\bve\ber\br
-On the Postfix side you need to specify the location of the Dovecot
-authentication daemon socket. We use a pathname relative to the Postfix queue
-directory, so that it will work whether or not Postfix runs chrooted:
+Dovecot SASL support is available in Postfix 2.3 and later. On the Postfix side
+you need to specify the location of the Dovecot authentication daemon socket.
+We use a pathname relative to the Postfix queue directory, so that it will work
+whether or not Postfix runs chrooted:
/etc/postfix/main.cf:
smtpd_sasl_type = dovecot
auth default {
..
socket listen {
- client {
- path = /var/spool/postfix/private/auth
- mode = 0666
- }
+ client {
+ path = /var/spool/postfix/private/auth
+ mode = 0666
+ }
}
}
-See the Dovecot documentation for how to configure the Dovecot authentication
-server.
+See the Dovecot documentation for how to configure and operate the Dovecot
+authentication server.
C\bCy\byr\bru\bus\bs S\bSA\bAS\bSL\bL c\bco\bon\bnf\bfi\big\bgu\bur\bra\bat\bti\bio\bon\bn f\bfo\bor\br t\bth\bhe\be P\bPo\bos\bst\btf\bfi\bix\bx S\bSM\bMT\bTP\bP s\bse\ber\brv\bve\ber\br
To run software chrooted with SASL support is an interesting exercise. It
probably is not worth the trouble.
-Older Microsoft SMTP client software implements a non-standard version of the
-AUTH protocol syntax, and expects that the SMTP server replies to EHLO with
-"250 AUTH=stuff" instead of "250 AUTH stuff". To accommodate such clients in
-addition to conformant clients, set "broken_sasl_auth_clients = yes" in the
-main.cf file.
-
T\bTe\bes\bst\bti\bin\bng\bg S\bSA\bAS\bSL\bL a\bau\but\bth\bhe\ben\bnt\bti\bic\bca\bat\bti\bio\bon\bn i\bin\bn t\bth\bhe\be P\bPo\bos\bst\btf\bfi\bix\bx S\bSM\bMT\bTP\bP s\bse\ber\brv\bve\ber\br
To test the server side, connect to the SMTP server, and you should be able to
have a conversation as shown below. Information sent by the client is shown in
bold font.
- 220 server.host.tld ESMTP Postfix
- E\bEH\bHL\bLO\bO c\bcl\bli\bie\ben\bnt\bt.\b.h\bho\bos\bst\bt.\b.t\btl\bld\bd
- 250-server.host.tld
+ 220 server.example.com ESMTP Postfix
+ E\bEH\bHL\bLO\bO c\bcl\bli\bie\ben\bnt\bt.\b.e\bex\bxa\bam\bmp\bpl\ble\be.\b.c\bco\bom\bm
+ 250-server.example.com
250-PIPELINING
250-SIZE 10240000
250-ETRN
The mmencode command is part of the metamail software. MIME::Base64 is
available from http://www.cpan.org/.
-When posting logs of the SASL negotiations to public lists, please keep in mind
-that username/password information is trivial to recover from the base64-
-encoded form.
+Caution: when posting logs of the SASL negotiations to public lists, please
+keep in mind that username/password information is trivial to recover from the
+base64-encoded form.
T\bTr\bro\bou\bub\bbl\ble\be s\bsh\bho\boo\bot\bti\bin\bng\bg t\bth\bhe\be S\bSA\bAS\bSL\bL i\bin\bnt\bte\ber\brn\bna\bal\bls\bs
/etc/postfix/main.cf:
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
+ smtp_sasl_type = cyrus
/etc/postfix/sasl_passwd:
foo.com username:password
reject_unauthenticated_sender_login_mismatch, and revised the docs.
* Wietse made another iteration through the code to add plug-in support for
multiple implementations.
- * The Dovecot plug-in was originally implemented by Timo Sirainen of
- Procontrol, Finland.
+ * The Dovecot SMTP server plug-in was originally implemented by Timo Sirainen
+ of Procontrol, Finland.
expectation that Postfix is more secure than some other mailers.
The Cyrus SASL library is a lot of code. With this, Postfix becomes
as secure as other mail systems that use the Cyrus SASL library.
+Dovecot provides an alternative that may be worth considering.
</p>
<h2><a name="intro">How Postfix uses SASL authentication information</a></h2>
<ul>
-<li><a href="#versions">What SASL versions are supported</a>
+<li><a href="#versions">What SASL implementations are supported</a>
<li><a href="#build_dovecot">Building Postfix with Dovecot SASL
support</a></li>
</ul>
-<h2><a name="versions">What SASL versions are supported</a></h2>
+<h2><a name="versions">What SASL implementations are supported</a></h2>
<p> This document describes Postfix with the following SASL
implementations: </p>
</pre>
</blockquote>
-<p> Needless to say, these commands are not available in Postfix
-versions before 2.3. </p>
+<p> Needless to say, these commands are not available in earlier
+Postfix versions. </p>
<h2><a name="build_dovecot">Building Postfix with Dovecot SASL
support</a></h2>
-<p> Dovecot is available via <a href="http://www.dovecot.org/">http://www.dovecot.org/</a>. It uses its
-own daemon process for authentication. Building Postfix with Dovecot
-SASL support is relatively easy, because there is no need to link
-extra libraries into Postfix. </p>
+<p> Dovecot SASL support is available in Postfix 2.3 and later. The
+Dovecot source code is available via <a href="http://www.dovecot.org/">http://www.dovecot.org/</a>. At
+the time
+of writing, only server-side SASL support is available, so you can't
+use it to authenticate to your network provider's server. Dovecot
+uses its own daemon process for authentication. This keeps the
+Postfix build process simple, because there is no need to link extra
+libraries into Postfix. </p>
<p> To generate the necessary Makefiles, execute the following
in the Postfix top-level directory: </p>
+<blockquote>
<pre>
% make makefiles CCARGS='-DUSE_SASL_AUTH -DDEF_SASL_SERVER=\"dovecot\"'
</pre>
+</blockquote>
+
+<p> After this, proceed with "<tt>make</tt>" as described in the
+<a href="INSTALL.html">INSTALL</a> document. </p>
<p> Notes: </p>
<li> <p> If you also want support for LDAP or TLS, you will have to merge
their CCARGS and AUXLIBS into the above command line. </p>
-<li> <p> After this, proceed with "<tt>make</tt>" as described in the
-<a href="INSTALL.html">INSTALL</a> document. </p>
-
</ul>
<h2><a name="build_sasl">Building the Cyrus SASL library</a></h2>
<h2><a name="build_postfix">Building Postfix with Cyrus SASL support</a></h2>
-<p> To build Postfix with SASL authentication support, the following
+<p> The following
assumes that the Cyrus SASL include files are in /usr/local/include,
and that the Cyrus SASL libraries are in /usr/local/lib. </p>
<p> Note: the SASL login names will be shared with the entire world.
</p>
+<p> Older Microsoft SMTP client software implements a non-standard
+version of the AUTH protocol syntax, and expects that the SMTP
+server replies to EHLO with "250 AUTH=stuff" instead of "250 AUTH
+stuff". To accommodate such clients (in addition to conformant
+clients) use the following: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/main.cf:
+ <a href="postconf.5.html#broken_sasl_auth_clients">broken_sasl_auth_clients</a> = yes
+</pre>
+</blockquote>
+
<h2><a name="server_dovecot">Dovecot SASL configuration for the
Postfix SMTP server</a></h2>
-<p> On the Postfix side you need to specify the location of the
+<p> Dovecot SASL support is available in Postfix 2.3 and later. On
+the Postfix side you need to specify the location of the
Dovecot authentication daemon socket. We use a pathname relative
to the Postfix queue directory, so that it will work whether or not
Postfix runs chrooted: </p>
auth default {
..
socket listen {
- client {
- path = /var/spool/postfix/private/auth
- mode = 0666
- }
+ client {
+ path = /var/spool/postfix/private/auth
+ mode = 0666
+ }
}
}
</pre>
</blockquote>
-<p> See the Dovecot documentation for how to configure the Dovecot
-authentication server. </p>
+<p> See the Dovecot documentation for how to configure and operate
+the Dovecot authentication server. </p>
<h2><a name="server_cyrus">Cyrus SASL configuration for the Postfix
SMTP server</a></h2>
<p> To run software chrooted with SASL support is an interesting
exercise. It probably is not worth the trouble. </p>
-<p> Older Microsoft SMTP client software implements a non-standard
-version of the AUTH protocol syntax, and expects that the SMTP
-server replies to EHLO with "250 AUTH=stuff" instead of "250 AUTH
-stuff". To accommodate such clients in addition to conformant
-clients, set "<a href="postconf.5.html#broken_sasl_auth_clients">broken_sasl_auth_clients</a> = yes" in the main.cf file.
-</p>
-
<h2><a name="server_test">Testing SASL authentication in the Postfix
SMTP server</a></h2>
<blockquote>
<pre>
-220 server.host.tld ESMTP Postfix
-<b>EHLO client.host.tld</b>
-250-server.host.tld
+220 server.example.com ESMTP Postfix
+<b>EHLO client.example.com</b>
+250-server.example.com
250-PIPELINING
250-SIZE 10240000
250-ETRN
<p> The mmencode command is part of the metamail software.
MIME::Base64 is available from <a href="http://www.cpan.org/">http://www.cpan.org/</a>. </p>
-<p> When posting logs of the SASL negotiations to public lists,
+<p> Caution: when posting logs of the SASL negotiations to public
+lists,
please keep in mind that username/password information is trivial
to recover from the base64-encoded form. </p>
/etc/postfix/main.cf:
<a href="postconf.5.html#smtp_sasl_auth_enable">smtp_sasl_auth_enable</a> = yes
<a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a> = hash:/etc/postfix/sasl_passwd
+ <a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a> = cyrus
/etc/postfix/sasl_passwd:
foo.com username:password
<li> Wietse made another iteration through the code to add
plug-in support for multiple implementations.
-<li> The Dovecot plug-in was originally implemented by Timo Sirainen
-of Procontrol, Finland.
+<li> The Dovecot SMTP server plug-in was originally implemented by
+Timo Sirainen of Procontrol, Finland.
</ul>
<b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b> configuration parameter by specify-
ing one of the names listed below.
- This feature is available with Postfix 2.3 and
- later.
-
- <b>cyrus</b> This server plug-in is available when Post-
+ <b>cyrus</b> This server plug-in is available when Post-
fix is built with Cyrus SASL support.
<b>dovecot</b>
- This server plug-in requires the Dovecot
+ This server plug-in requires the Dovecot
authentication server.
+ This feature is available with Postfix 2.3 and
+ later.
+
<b>-A</b> List the available SASL client plug-in types. The
SASL plug-in type is selected with the
<b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b> or <b><a href="postconf.5.html#lmtp_sasl_type">lmtp_sasl_type</a></b> configuration
parameters by specifying one of the names listed
below.
- This feature is available with Postfix 2.3 and
- later.
-
- <b>cyrus</b> This client plug-in is available when Post-
+ <b>cyrus</b> This client plug-in is available when Post-
fix is built with Cyrus SASL support.
+ This feature is available with Postfix 2.3 and
+ later.
+
<b>-b</b> [<i>template</i><b>_</b><i>file</i>]
Display the message text that appears at the begin-
ning of delivery status notification (DSN) mes-
plug-in type is selected with the \fBsmtpd_sasl_type\fR
configuration parameter by specifying one of the names
listed below.
-
-This feature is available with Postfix 2.3 and later.
.RS
.IP \fBcyrus\fR
This server plug-in is available when Postfix is built with
This server plug-in requires the Dovecot authentication
server.
.RE
+.IP
+This feature is available with Postfix 2.3 and later.
.IP \fB-A\fR
List the available SASL client plug-in types. The SASL
plug-in type is selected with the \fBsmtp_sasl_type\fR or
\fBlmtp_sasl_type\fR configuration parameters by specifying
one of the names listed below.
-
-This feature is available with Postfix 2.3 and later.
.RS
.IP \fBcyrus\fR
This client plug-in is available when Postfix is built with
Cyrus SASL support.
.RE
+.IP
+This feature is available with Postfix 2.3 and later.
.IP "\fB-b\fR [\fItemplate_file\fR]"
Display the message text that appears at the beginning of
delivery status notification (DSN) messages, with $\fBname\fR
expectation that Postfix is more secure than some other mailers.
The Cyrus SASL library is a lot of code. With this, Postfix becomes
as secure as other mail systems that use the Cyrus SASL library.
+Dovecot provides an alternative that may be worth considering.
</p>
<h2><a name="intro">How Postfix uses SASL authentication information</a></h2>
<ul>
-<li><a href="#versions">What SASL versions are supported</a>
+<li><a href="#versions">What SASL implementations are supported</a>
<li><a href="#build_dovecot">Building Postfix with Dovecot SASL
support</a></li>
</ul>
-<h2><a name="versions">What SASL versions are supported</a></h2>
+<h2><a name="versions">What SASL implementations are supported</a></h2>
<p> This document describes Postfix with the following SASL
implementations: </p>
</pre>
</blockquote>
-<p> Needless to say, these commands are not available in Postfix
-versions before 2.3. </p>
+<p> Needless to say, these commands are not available in earlier
+Postfix versions. </p>
<h2><a name="build_dovecot">Building Postfix with Dovecot SASL
support</a></h2>
-<p> Dovecot is available via http://www.dovecot.org/. It uses its
-own daemon process for authentication. Building Postfix with Dovecot
-SASL support is relatively easy, because there is no need to link
-extra libraries into Postfix. </p>
+<p> Dovecot SASL support is available in Postfix 2.3 and later. The
+Dovecot source code is available via http://www.dovecot.org/. At
+the time
+of writing, only server-side SASL support is available, so you can't
+use it to authenticate to your network provider's server. Dovecot
+uses its own daemon process for authentication. This keeps the
+Postfix build process simple, because there is no need to link extra
+libraries into Postfix. </p>
<p> To generate the necessary Makefiles, execute the following
in the Postfix top-level directory: </p>
+<blockquote>
<pre>
% make makefiles CCARGS='-DUSE_SASL_AUTH -DDEF_SASL_SERVER=\"dovecot\"'
</pre>
+</blockquote>
+
+<p> After this, proceed with "<tt>make</tt>" as described in the
+INSTALL document. </p>
<p> Notes: </p>
<li> <p> If you also want support for LDAP or TLS, you will have to merge
their CCARGS and AUXLIBS into the above command line. </p>
-<li> <p> After this, proceed with "<tt>make</tt>" as described in the
-INSTALL document. </p>
-
</ul>
<h2><a name="build_sasl">Building the Cyrus SASL library</a></h2>
<h2><a name="build_postfix">Building Postfix with Cyrus SASL support</a></h2>
-<p> To build Postfix with SASL authentication support, the following
+<p> The following
assumes that the Cyrus SASL include files are in /usr/local/include,
and that the Cyrus SASL libraries are in /usr/local/lib. </p>
<p> Note: the SASL login names will be shared with the entire world.
</p>
+<p> Older Microsoft SMTP client software implements a non-standard
+version of the AUTH protocol syntax, and expects that the SMTP
+server replies to EHLO with "250 AUTH=stuff" instead of "250 AUTH
+stuff". To accommodate such clients (in addition to conformant
+clients) use the following: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/main.cf:
+ broken_sasl_auth_clients = yes
+</pre>
+</blockquote>
+
<h2><a name="server_dovecot">Dovecot SASL configuration for the
Postfix SMTP server</a></h2>
-<p> On the Postfix side you need to specify the location of the
+<p> Dovecot SASL support is available in Postfix 2.3 and later. On
+the Postfix side you need to specify the location of the
Dovecot authentication daemon socket. We use a pathname relative
to the Postfix queue directory, so that it will work whether or not
Postfix runs chrooted: </p>
auth default {
..
socket listen {
- client {
- path = /var/spool/postfix/private/auth
- mode = 0666
- }
+ client {
+ path = /var/spool/postfix/private/auth
+ mode = 0666
+ }
}
}
</pre>
</blockquote>
-<p> See the Dovecot documentation for how to configure the Dovecot
-authentication server. </p>
+<p> See the Dovecot documentation for how to configure and operate
+the Dovecot authentication server. </p>
<h2><a name="server_cyrus">Cyrus SASL configuration for the Postfix
SMTP server</a></h2>
<p> To run software chrooted with SASL support is an interesting
exercise. It probably is not worth the trouble. </p>
-<p> Older Microsoft SMTP client software implements a non-standard
-version of the AUTH protocol syntax, and expects that the SMTP
-server replies to EHLO with "250 AUTH=stuff" instead of "250 AUTH
-stuff". To accommodate such clients in addition to conformant
-clients, set "broken_sasl_auth_clients = yes" in the main.cf file.
-</p>
-
<h2><a name="server_test">Testing SASL authentication in the Postfix
SMTP server</a></h2>
<blockquote>
<pre>
-220 server.host.tld ESMTP Postfix
-<b>EHLO client.host.tld</b>
-250-server.host.tld
+220 server.example.com ESMTP Postfix
+<b>EHLO client.example.com</b>
+250-server.example.com
250-PIPELINING
250-SIZE 10240000
250-ETRN
<p> The mmencode command is part of the metamail software.
MIME::Base64 is available from http://www.cpan.org/. </p>
-<p> When posting logs of the SASL negotiations to public lists,
+<p> Caution: when posting logs of the SASL negotiations to public
+lists,
please keep in mind that username/password information is trivial
to recover from the base64-encoded form. </p>
/etc/postfix/main.cf:
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
+ smtp_sasl_type = cyrus
/etc/postfix/sasl_passwd:
foo.com username:password
<li> Wietse made another iteration through the code to add
plug-in support for multiple implementations.
-<li> The Dovecot plug-in was originally implemented by Timo Sirainen
-of Procontrol, Finland.
+<li> The Dovecot SMTP server plug-in was originally implemented by
+Timo Sirainen of Procontrol, Finland.
</ul>
/*
* The fail template is for permanent failure.
*/
-static const char *def_bounce_failure_body[];
-
-static const BOUNCE_TEMPLATE def_bounce_failure_template = {
- 0,
- BOUNCE_TMPL_CLASS_FAILURE,
- "[built-in]",
- "us-ascii",
- MAIL_ATTR_ENC_7BIT,
- MAIL_ADDR_MAIL_DAEMON " (Mail Delivery System)",
- "Undelivered Mail Returned to Sender",
- "Postmaster Copy: Undelivered Mail",
- def_bounce_failure_body,
- &def_bounce_failure_template,
-};
-
static const char *def_bounce_failure_body[] = {
"This is the $mail_name program at host $myhostname.",
"",
0,
};
- /*
- * The delay template is for delayed mail notifications.
- */
-static const char *def_bounce_delay_body[];
-
-static const BOUNCE_TEMPLATE def_bounce_delay_template = {
+static const BOUNCE_TEMPLATE def_bounce_failure_template = {
0,
- BOUNCE_TMPL_CLASS_DELAY,
+ BOUNCE_TMPL_CLASS_FAILURE,
"[built-in]",
"us-ascii",
MAIL_ATTR_ENC_7BIT,
MAIL_ADDR_MAIL_DAEMON " (Mail Delivery System)",
- "Delayed Mail (still being retried)",
- "Postmaster Warning: Delayed Mail",
- def_bounce_delay_body,
- &def_bounce_delay_template
+ "Undelivered Mail Returned to Sender",
+ "Postmaster Copy: Undelivered Mail",
+ def_bounce_failure_body,
+ &def_bounce_failure_template,
};
+ /*
+ * The delay template is for delayed mail notifications.
+ */
static const char *def_bounce_delay_body[] = {
"This is the $mail_name program at host $myhostname.",
"",
0,
};
+static const BOUNCE_TEMPLATE def_bounce_delay_template = {
+ 0,
+ BOUNCE_TMPL_CLASS_DELAY,
+ "[built-in]",
+ "us-ascii",
+ MAIL_ATTR_ENC_7BIT,
+ MAIL_ADDR_MAIL_DAEMON " (Mail Delivery System)",
+ "Delayed Mail (still being retried)",
+ "Postmaster Warning: Delayed Mail",
+ def_bounce_delay_body,
+ &def_bounce_delay_template
+};
+
/*
* The success template is for "delivered", "expanded" and "relayed" success
* notifications.
*/
-static const char *def_bounce_success_body[];
+static const char *def_bounce_success_body[] = {
+ "This is the $mail_name program at host $myhostname.",
+ "",
+ "Your message was successfully delivered to the destination(s)",
+ "listed below. If the message was delivered to mailbox you will",
+ "receive no further notifications. Otherwise you may still receive",
+ "notifications of mail delivery errors from other systems.",
+ "",
+ " The $mail_name program",
+ 0,
+};
static const BOUNCE_TEMPLATE def_bounce_success_template = {
0,
&def_bounce_success_template,
};
-static const char *def_bounce_success_body[] = {
+ /*
+ * The "verify" template is for verbose delivery (sendmail -v) and for
+ * address verification (sendmail -bv).
+ */
+static const char *def_bounce_verify_body[] = {
"This is the $mail_name program at host $myhostname.",
"",
- "Your message was successfully delivered to the destination(s)",
- "listed below. If the message was delivered to mailbox you will",
- "receive no further notifications. Otherwise you may still receive",
- "notifications of mail delivery errors from other systems.",
+ "Enclosed is the mail delivery report that you requested.",
"",
" The $mail_name program",
0,
};
- /*
- * The "verify" template is for verbose delivery (sendmail -v) and for
- * address verification (sendmail -bv).
- */
-static const char *def_bounce_verify_body[];
-
static const BOUNCE_TEMPLATE def_bounce_verify_template = {
0,
BOUNCE_TMPL_CLASS_VERIFY,
&def_bounce_verify_template,
};
-static const char *def_bounce_verify_body[] = {
- "This is the $mail_name program at host $myhostname.",
- "",
- "Enclosed is the mail delivery report that you requested.",
- "",
- " The $mail_name program",
- 0,
-};
-
/*
* SLMs.
*/
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20051222"
+#define MAIL_RELEASE_DATE "20051223"
#define MAIL_VERSION_NUMBER "2.3"
#ifdef SNAPSHOT
/* plug-in type is selected with the \fBsmtpd_sasl_type\fR
/* configuration parameter by specifying one of the names
/* listed below.
-/*
-/* This feature is available with Postfix 2.3 and later.
/* .RS
/* .IP \fBcyrus\fR
/* This server plug-in is available when Postfix is built with
/* This server plug-in requires the Dovecot authentication
/* server.
/* .RE
+/* .IP
+/* This feature is available with Postfix 2.3 and later.
/* .IP \fB-A\fR
/* List the available SASL client plug-in types. The SASL
/* plug-in type is selected with the \fBsmtp_sasl_type\fR or
/* \fBlmtp_sasl_type\fR configuration parameters by specifying
/* one of the names listed below.
-/*
-/* This feature is available with Postfix 2.3 and later.
/* .RS
/* .IP \fBcyrus\fR
/* This client plug-in is available when Postfix is built with
/* Cyrus SASL support.
/* .RE
+/* .IP
+/* This feature is available with Postfix 2.3 and later.
/* .IP "\fB-b\fR [\fItemplate_file\fR]"
/* Display the message text that appears at the beginning of
/* delivery status notification (DSN) messages, with $\fBname\fR
#define SHOW_LOCKS (1<<5) /* show mailbox lock methods */
#define SHOW_EVAL (1<<6) /* expand right-hand sides */
#define SHOW_SASL_SERV (1<<7) /* show server auth plugin types */
-#define SHOW_SASL_CLNT (1<<7) /* show client auth plugin types */
+#define SHOW_SASL_CLNT (1<<8) /* show client auth plugin types */
/*
* Lookup table for in-core parameter info.
/* For convenience the constant NAME_CODE_FLAG_NONE requests
/* no special processing.
/*
-/* str_name_code() translates a number to its equivalend string.
+/* str_name_code() translates a number to its equivalent string.
/* DIAGNOSTICS
/* When the search fails, the result is the "name not found" code
/* or the null pointer, respectively.
/* This module implements the Dovecot SASL server-side authentication
/* plug-in.
/*
+/* .IP server_type
+/* The plug-in type that was specified to xsasl_server_init().
+/* The argument is ignored, because the Dovecot plug-in
+/* implements only one plug-in type.
+/* .IP path_info
+/* The location of the Dovecot authentication server's UNIX-domain
+/* socket. Note: the Dovecot plug-in uses late binding, therefore
+/* all connect operations are done with Postfix privileges.
/* DIAGNOSTICS
/* Fatal: out of memory.
/*
#define AUTH_PROTOCOL_MAJOR_VERSION 1
#define AUTH_PROTOCOL_MINOR_VERSION 0
+ /*
+ * Encorce read/write time limits, so that we can produce accurate
+ * diagnostics instead of getting killed by the watchdog timer.
+ */
+#define AUTH_TIMEOUT 10
+
/*
* Class variables.
*/
static const char *xsasl_dovecot_server_get_mechanism_list(XSASL_SERVER *);
static const char *xsasl_dovecot_server_get_username(XSASL_SERVER *);
+/* xsasl_dovecot_server_connect - initial auth server handshake */
+
static int xsasl_dovecot_server_connect(XSASL_DOVECOT_SERVER_IMPL *xp)
{
const char *myname = "xsasl_dovecot_server_connect";
if (msg_verbose)
msg_info("%s: Connecting", myname);
- if ((fd = unix_connect(xp->socket_path, BLOCKING, 0)) < 0) {
+ if ((fd = unix_connect(xp->socket_path, BLOCKING, AUTH_TIMEOUT)) < 0) {
msg_warn("SASL: Connect to %s failed: %m", xp->socket_path);
return (-1);
}
sasl_stream = vstream_fdopen(fd, O_RDWR);
- vstream_control(sasl_stream, VSTREAM_CTL_PATH,
- xp->socket_path, VSTREAM_CTL_END);
+ vstream_control(sasl_stream,
+ VSTREAM_CTL_PATH, xp->socket_path,
+ VSTREAM_CTL_TIMEOUT, AUTH_TIMEOUT,
+ VSTREAM_CTL_END);
vstream_fprintf(sasl_stream,
"VERSION\t%u\t%u\n"
return (0);
}
+/* xsasl_dovecot_server_disconnect - dispose of server connection state */
+
static void xsasl_dovecot_server_disconnect(XSASL_DOVECOT_SERVER_IMPL *xp)
{
if (xp->sasl_stream) {
projects / thirdparty / postfix.git / commitdiff
