Feature: local_login_sender_maps to lock down the envelope
sender addresses that the postdrop command will accept. The
- default is backwards compatible. Files: postdrop/postdrop.c,
- global/mail_params.h, global/local_sender_login_match.[hc],
+ default is backwards compatible. Developed with input from
+ Demi M. Obenour. Files: postdrop/postdrop.c, global/mail_params.h,
+ global/local_sender_login_match.[hc],
global/local_sender_login_match.in,
global/local_sender_login_match.ref, global/quote_822_local.c,
global/quote_822_local.in, global/quote_822_local.ref,
Bugfix (introduced: Postfix 2.3): static maps did not free
their casefolding buffer. File: util/dict_static.c.
+
+20201026
+
+ Cleanup: changed the postdrop numerical UID prefix from "#"
+ to "uid:", and tweaked some local_login_sender_maps
+ documentatin. Files: proto/postconf.proto, postdrop/postdrop.c.
the software under the license of their choice. Those who are more
comfortable with the IPL can continue with that license.
+Major changes with snapshot 20201025
+====================================
+
+Fine-grained control over the envelope sender address for submission
+with the Postfix sendmail (or postdrop) commands.
+
+The local_login_sender_maps parameter (default: static:*) specifies
+a list of lookup tables that are searched by the UNIX login name, and
+that return a list of allowed envelope sender patterns separated by
+space or comma. The default is backwards-compatible: every user may
+specify any sender envelope address.
+
+When no UNIX login name is available, the Postfix postdrop command
+will prepend "uid:" to the numerical UID and use that instead.
+
+This feature ignores address extensions in the user-specified
+envelope sender address.
+
+Besides the special pattern "*" which allows any sender address,
+there are "<>" which matches an empty sender address, and the
+"@domain" wilcard pattern. More information about those can be found
+in the postconf(5) manpage.
+
+Example:
+
+/etc/postfix/main.cf:
+ # Allow root and postfix full control, anyone else can only
+ # send mail as themselves. Use "uid:" followed by the numerical
+ # UID when the UID has no entry in the UNIX password file.
+ local_login_sender_maps =
+ inline:{ { root = *}, { postfix = * } },
+ pcre:/etc/postfix/login_senders
+
+/etc/postfix/login_senders:
+ # Allow both the bare username and the user@domain forms.
+ /(.+)/ $1 $1@example.com
+
Major changes with snapshot 20201003
====================================
and that return a list of allowed envelope sender patterns separated
by space or comma. These sender patterns are enforced by the Postfix
<a href="postdrop.1.html">postdrop(1)</a> command. The default is backwards-compatible:
-every user may specify any envelope information. </p>
+every user may specify any sender envelope address. </p>
-<p> When no UNIX login name is available, the postdrop command will
-prepend '#' to the numerical UID and use that instead. </p>
+<p> When no UNIX login name is available, the <a href="postdrop.1.html">postdrop(1)</a> command will
+prepend "<b>uid:</b>" to the numerical UID and use that instead. </p>
-<p> Before checking a sender address against <a href="postconf.5.html#local_login_sender_maps">local_login_sender_maps</a>,
-Postfix will strip an address extension based on the current
-<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> value.
+<p> This feature ignores address extensions in the user-specified
+envelope sender address. </p>
<p> The following sender patterns are special; these cannot be used
as part of a longer pattern. </p>
-<dl>
+<dl compact>
-<dt> <b> * </b> <dd> This pattern allows everything. </dd>
+<dt> <b> * </b> <dd> This pattern allows any envelope sender address.
+</dd>
-<dt> <b> <> </b> </dt> <dd> This pattern allows the null sender
-address. It is configured with the
+<dt> <b> <> </b> </dt> <dd> This pattern allows the empty
+envelope sender address. See the
<a href="postconf.5.html#empty_address_local_login_sender_maps_lookup_key">empty_address_local_login_sender_maps_lookup_key</a> configuration
parameter. </dd>
-<dt> <b> @<i>domain</i></b> </dt> <dd> This pattern allows a sender
-address when the '@' and <i>domain</i> part match. </dd>
+<dt> <b> @</b><i>domain</i> </dt> <dd> This pattern allows an
+envelope sender address when the '<b>@</b>' and <i>domain</i> part
+match. </dd>
</dl>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
# Allow root and postfix full control, anyone else can only
- # send mail as themselves. Use # followed by the numerical UID
- # when the UID has no entry in the UNIX password file.
+ # send mail as themselves. Use "uid:" followed by the numerical
+ # UID when the UID has no entry in the UNIX password file.
<a href="postconf.5.html#local_login_sender_maps">local_login_sender_maps</a> =
<a href="DATABASE_README.html#types">inline</a>:{ { root = *}, { postfix = * } },
<a href="pcre_table.5.html">pcre</a>:/etc/postfix/login_senders
and that return a list of allowed envelope sender patterns separated
by space or comma. These sender patterns are enforced by the Postfix
\fBpostdrop\fR(1) command. The default is backwards\-compatible:
-every user may specify any envelope information.
+every user may specify any sender envelope address.
.PP
-When no UNIX login name is available, the postdrop command will
-prepend '#' to the numerical UID and use that instead.
+When no UNIX login name is available, the \fBpostdrop\fR(1) command will
+prepend "\fBuid:\fR" to the numerical UID and use that instead.
.PP
-Before checking a sender address against local_login_sender_maps,
-Postfix will strip an address extension based on the current
-recipient_delimiter value.
+This feature ignores address extensions in the user\-specified
+envelope sender address.
.PP
The following sender patterns are special; these cannot be used
as part of a longer pattern.
.IP "\fB * \fR
-This pattern allows everything.
+This pattern allows any envelope sender address.
.br
.IP "\fB <> \fR"
-This pattern allows the null sender
-address. It is configured with the
+This pattern allows the empty
+envelope sender address. See the
empty_address_local_login_sender_maps_lookup_key configuration
parameter.
.br
-.IP "\fB @\fIdomain\fR\fR"
-This pattern allows a sender
-address when the '@' and \fIdomain\fR part match.
+.IP "\fB @\fR\fIdomain\fR"
+This pattern allows an
+envelope sender address when the '\fB@\fR' and \fIdomain\fR part
+match.
.br
.br
.PP
.ft C
/etc/postfix/main.cf:
# Allow root and postfix full control, anyone else can only
- # send mail as themselves. Use # followed by the numerical UID
- # when the UID has no entry in the UNIX password file.
+ # send mail as themselves. Use "uid:" followed by the numerical
+ # UID when the UID has no entry in the UNIX password file.
local_login_sender_maps =
inline:{ { root = *}, { postfix = * } },
pcre:/etc/postfix/login_senders
and that return a list of allowed envelope sender patterns separated
by space or comma. These sender patterns are enforced by the Postfix
postdrop(1) command. The default is backwards-compatible:
-every user may specify any envelope information. </p>
+every user may specify any sender envelope address. </p>
-<p> When no UNIX login name is available, the postdrop command will
-prepend '#' to the numerical UID and use that instead. </p>
+<p> When no UNIX login name is available, the postdrop(1) command will
+prepend "<b>uid:</b>" to the numerical UID and use that instead. </p>
-<p> Before checking a sender address against local_login_sender_maps,
-Postfix will strip an address extension based on the current
-recipient_delimiter value.
+<p> This feature ignores address extensions in the user-specified
+envelope sender address. </p>
<p> The following sender patterns are special; these cannot be used
as part of a longer pattern. </p>
-<dl>
+<dl compact>
-<dt> <b> * </b> <dd> This pattern allows everything. </dd>
+<dt> <b> * </b> <dd> This pattern allows any envelope sender address.
+</dd>
-<dt> <b> <> </b> </dt> <dd> This pattern allows the null sender
-address. It is configured with the
+<dt> <b> <> </b> </dt> <dd> This pattern allows the empty
+envelope sender address. See the
empty_address_local_login_sender_maps_lookup_key configuration
parameter. </dd>
-<dt> <b> @<i>domain</i></b> </dt> <dd> This pattern allows a sender
-address when the '@' and <i>domain</i> part match. </dd>
+<dt> <b> @</b><i>domain</i> </dt> <dd> This pattern allows an
+envelope sender address when the '<b>@</b>' and <i>domain</i> part
+match. </dd>
</dl>
<pre>
/etc/postfix/main.cf:
# Allow root and postfix full control, anyone else can only
- # send mail as themselves. Use # followed by the numerical UID
- # when the UID has no entry in the UNIX password file.
+ # send mail as themselves. Use "uid:" followed by the numerical
+ # UID when the UID has no entry in the UNIX password file.
local_login_sender_maps =
inline:{ { root = *}, { postfix = * } },
pcre:/etc/postfix/login_senders
"inline:{root=*}, fail:sorry",
"+-", "<>", "*", "root", "whatever", LSM_STAT_FOUND
},
+ {"unknown uid:number",
+ "inline:{root=*, {uid:12345 = foo,foo@example.com}, bar=<>}",
+ "+-", "<>", "*", "uid:54321", "foo", LSM_STAT_NOTFOUND
+ },
+ {"known uid:number",
+ "inline:{root=*, {uid:12345 = foo,foo@example.com}, bar=<>}",
+ "+-", "<>", "*", "uid:12345", "foo", LSM_STAT_FOUND
+ },
};
struct testcase *tp;
int act_return;
unknown: PASS test 10
unknown: RUN test case 11 no error
unknown: PASS test 11
+unknown: RUN test case 12 unknown uid:number
+unknown: PASS test 12
+unknown: RUN test case 13 known uid:number
+unknown: PASS test 13
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20201025"
+#define MAIL_RELEASE_DATE "20201026"
#define MAIL_VERSION_NUMBER "3.6"
#ifdef SNAPSHOT
user_name = user_info->pw_name;
} else {
user_name_buf = vstring_alloc(10);
- vstring_sprintf(user_name_buf, "#%ld", (long) uid);
+ vstring_sprintf(user_name_buf, "uid:%ld", (long) uid);
user_name = vstring_str(user_name_buf);
}
projects / thirdparty / postfix.git / commitdiff
