by Viktor Dukhovni. File: global/dict_ldap.c.
Cleanup: four-space indentation had become a tab character.
- File: postconf/postconf.h.
+ Files: postconf/postconf.h, postconf/test20.ref,
+ postconf/test21.ref.
+
+20111127
+
+ Cleanup: documented <transport>_suffix parameters that don't
+ show in postconf command output of earlier Postfix versions.
+ Files: proto/SMTPD_POLICY_README.html, proto/postconf.proto,
+ proto/SCHEDULER_README.html.
+
+ Cleanup: added the pipe(8) delivery agent to the list of
+ programs that implement transport_time_limit parameters.
+ File: postconf/postconf_service.c, postconf/test6.ref.
-------------------------------------------------------------------------------
+D\bDi\bis\bsc\bcl\bla\bai\bim\bme\ber\br
+
+Many of the transport-specific configuration parameters discussed in this
+document will not show up in "postconf" command output before Postfix version
+2.9. This limitation applies to many parameters whose name is a combination of
+a master.cf service name such as "relay" and a built-in suffix such as
+"_destination_concurrency_limit".
+
O\bOv\bve\ber\brv\bvi\bie\bew\bw
The queue manager is by far the most complex part of the Postfix mail system.
P\bPu\bur\brp\bpo\bos\bse\be o\bof\bf P\bPo\bos\bst\btf\bfi\bix\bx S\bSM\bMT\bTP\bP a\bac\bcc\bce\bes\bss\bs p\bpo\bol\bli\bic\bcy\by d\bde\bel\ble\beg\bga\bat\bti\bio\bon\bn
The Postfix SMTP server has a number of built-in mechanisms to block or accept
-mail at specific SMTP protocol stages. As of version 2.1, Postfix can delegate
-policy decisions to an external server that runs outside Postfix.
+mail at specific SMTP protocol stages. In addition, the Postfix SMTP server can
+delegate decisions to an external policy server (Postfix 2.1 and later).
With this policy delegation mechanism, a simple greylist policy can be
implemented with only a dozen lines of Perl, as is shown at the end of this
NOTES:
- * Lines 2, 11: the Postfix spawn(8) daemon by default kills its child process
- after 1000 seconds. This is too short for a policy daemon that may need to
- run for as long as the SMTP server process that talks to it. The default
- time limit is overruled in main.cf with an explicit "policy_time_limit"
- setting. The name of the parameter is the name of the master.cf entry
- ("policy") concatenated with the "_time_limit" suffix. See spawn(8) for
- more information about the time limit parameter.
+ * Lines 2-3: this creates the service called "policy" that listens on a UNIX-
+ domain socket. The service is implemented by the Postfix spawn(8) daemon,
+ which executes the policy server program that is specified with the a\bar\brg\bgv\bv
+ attribute, using the privileges specified with the u\bus\bse\ber\br attribute.
* Line 2: specify a "0" process limit instead of the default "-", to avoid
- "connection refused" and other problems when the smtpd process limit
- exceeds the default_process_limit setting.
+ "connection refused" and other problems when you increase the smtpd process
+ limit.
* Lines 8, 9: always specify "check_policy_service" AFTER
"reject_unauth_destination" or else your system could become an open relay.
+ * Line 11: this increases the time that a policy server process is allowed to
+ run from the default 1000 seconds to 3600 seconds. The default time limit
+ is too short for a policy daemon that needs to run long as the SMTP server
+ process that talks to it. See the spawn(8) manpage for more information
+ about the transport_time_limit parameter.
+
+ Note: the "policy_time_limit" parameter will not show up in "postconf"
+ command output before Postfix version 2.9. This limitation applies to
+ many parameters whose name is a combination of a master.cf service name
+ (in the above example, "policy") and a built-in suffix (in the above
+ example: "_time_limit").
+
* Solaris UNIX-domain sockets do not work reliably. Use TCP sockets instead:
1 /etc/postfix/master.cf:
daemon. For example, to run the script as user "nobody", using a UNIX-domain
socket that is accessible by Postfix processes only:
- 1 /etc/postfix/master.cf:
- 2 policy unix - n n - 0 spawn
- 3 user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
- 4
- 5 /etc/postfix/main.cf:
- 6 policy_time_limit = 3600
+ 1 /etc/postfix/master.cf:
+ 2 greylist unix - n n - 0 spawn
+ 3 user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
+ 4
+ 5 /etc/postfix/main.cf:
+ 6 greylist_time_limit = 3600
+ 7 smtpd_recipient_restrictions =
+ 8 ...
+ 9 reject_unauth_destination
+ 10 check_policy_service unix:private/greylist
+ 11 ...
Notes:
+ * Lines 2-3: this creates the service called "greylist" that listens on a
+ UNIX-domain socket. The service is implemented by the Postfix spawn(8)
+ daemon, which executes the greylist.pl script that is specified with the
+ a\bar\brg\bgv\bv attribute, using the privileges specified with the u\bus\bse\ber\br attribute.
+
+ * Line 2: specify a "0" process limit instead of the default "-", to avoid
+ "connection refused" and other problems when you increase the smtpd process
+ limit.
+
* Line 3: Specify "greylist.pl -v" for verbose logging of each request and
reply.
- * Lines 2, 6: the Postfix spawn(8) daemon by default kills its child process
- after 1000 seconds. This is too short for a policy daemon that may run for
- as long as an SMTP client is connected to an SMTP server process. The
- default time limit is overruled in main.cf with an explicit
- "policy_time_limit" setting. The name of the parameter is the name of the
- master.cf entry ("policy") concatenated with the "_time_limit" suffix.
+ * Line 6: this increases the time that a greylist server process is allowed
+ to run from the default 1000 seconds to 3600 seconds. The default time
+ limit is too short for a greylist daemon that needs to run long as the SMTP
+ server process that talks to it. See the spawn(8) manpage for more
+ information about the transport_time_limit parameter.
- * Line 2: specify a "0" process limit instead of the default "-", to avoid
- "connection refused" and other problems when the smtpd process limit
- exceeds the default_process_limit setting.
+ Note: the "greylist_time_limit" parameter will not show up in
+ "postconf" command output before Postfix version 2.9. This limitation
+ applies to many parameters whose name is a combination of a master.cf
+ service name (in the above example, "greylist") and a built-in suffix
+ (in the above example: "_time_limit").
On Solaris you must use inet: style sockets instead of unix: style, as detailed
in the "Policy client/server configuration" section above.
- 1 /etc/postfix/master.cf:
- 2 127.0.0.1:9998 inet n n n - 0 spawn
- 3 user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
- 4
- 5 /etc/postfix/main.cf:
- 6 127.0.0.1:9998_time_limit = 3600
-
-To invoke this service you would specify "check_policy_service inet:127.0.0.1:
-9998".
+ 1 /etc/postfix/master.cf:
+ 2 127.0.0.1:9998 inet n n n - 0 spawn
+ 3 user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
+ 4
+ 5 /etc/postfix/main.cf:
+ 6 127.0.0.1:9998_time_limit = 3600
+ 7 smtpd_recipient_restrictions =
+ 8 ...
+ 9 reject_unauth_destination
+ 10 check_policy_service inet:127.0.0.1:9998
+ 11 ...
G\bGr\bre\bey\byl\bli\bis\bst\bti\bin\bng\bg m\bma\bai\bil\bl f\bfr\bro\bom\bm f\bfr\bre\beq\bqu\bue\ben\bnt\btl\bly\by f\bfo\bor\brg\bge\bed\bd d\bdo\bom\bma\bai\bin\bns\bs
6 check_sender_access hash:/etc/postfix/sender_access
7 ...
8 smtpd_restriction_classes = greylist
- 9 greylist = check_policy_service unix:private/policy
+ 9 greylist = check_policy_service unix:private/greylist
10
11 /etc/postfix/sender_access:
12 aol.com greylist
G\bGr\bre\bey\byl\bli\bis\bst\bti\bin\bng\bg a\bal\bll\bl y\byo\bou\bur\br m\bma\bai\bil\bl
-If you turn on greylisting for all mail you will almost certainly want to make
-exceptions for mailing lists that use one-time sender addresses, because such
-mailing lists can pollute your greylist database relatively quickly.
+If you turn on greylisting for all mail you may want to make exceptions for
+mailing lists that use one-time sender addresses, because each message will be
+delayed due to greylisting, and the one-time sender addresses can pollute your
+greylist database relatively quickly. Instead of making exceptions, you can
+automatically whitelist clients that survive greylisting repeatedly; this
+avoids most of the delays and most of the database pollution problem.
1 /etc/postfix/main.cf:
2 smtpd_recipient_restrictions =
<hr>
+<h2> Disclaimer </h2>
+
+<p> Many of the <i>transport</i>-specific configuration parameters
+discussed in this document will not show up in "postconf" command
+output before Postfix version 2.9. This limitation applies to many
+parameters whose name is a combination of a <a href="master.5.html">master.cf</a> service name
+such as "relay" and a built-in suffix such as
+"_destination_concurrency_limit". </p>
+
<h2> Overview </h2>
<p> The queue manager is by far the most complex part of the Postfix
<li> Concurrency was limited by the server process limit
("<a href="postconf.5.html#default_process_limit">default_process_limit</a> = 5" and "<a href="postconf.5.html#smtpd_client_event_limit_exceptions">smtpd_client_event_limit_exceptions</a>
-= static:all"). Postfix was stopped and started after changing the
+= <a href="DATABASE_README.html#types">static</a>:all"). Postfix was stopped and started after changing the
process limit, because the same number is also used as the backlog
argument to the listen(2) system call, and "postfix reload" does
not re-issue this call.
-<li> Mail was discarded with "<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> = static:all" and
+<li> Mail was discarded with "<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> = <a href="DATABASE_README.html#types">static</a>:all" and
"<a href="postconf.5.html#local_transport">local_transport</a> = discard". The discard action in access maps or
header/body checks
could not be used as it fails to update the <a href="postconf.5.html#in_flow_delay">in_flow_delay</a> counters.
<h2>Purpose of Postfix SMTP access policy delegation</h2>
<p> The Postfix SMTP server has a number of built-in mechanisms to
-block or accept mail at specific SMTP protocol stages. As of version
-2.1, Postfix can delegate policy decisions to an external server
-that runs outside Postfix. </p>
+block or accept mail at specific SMTP protocol stages. In addition,
+the Postfix SMTP server can delegate decisions to an external policy
+server (Postfix 2.1 and later). </p>
<p> With this policy delegation mechanism, a simple <a href="#greylist">
greylist </a> policy can be implemented with only a dozen lines of
<ul>
-<li> <p> Lines 2, 11: the Postfix <a href="spawn.8.html">spawn(8)</a> daemon by default kills
-its child process after 1000 seconds. This is too short for a
-policy daemon that may need to run for as long as the SMTP server
-process that talks to it. The default time limit is overruled in
-<a href="postconf.5.html">main.cf</a> with an explicit "policy_time_limit" setting. The name of
-the parameter is the name of the <a href="master.5.html">master.cf</a> entry ("policy")
-concatenated with the "_time_limit" suffix. See <a href="spawn.8.html">spawn(8)</a> for
-more information about the time limit parameter. </p>
+<li> <p> Lines 2-3: this creates the service called "policy" that
+listens on a UNIX-domain socket. The service is implemented by the
+Postfix <a href="spawn.8.html">spawn(8)</a> daemon, which executes the policy server program
+that is specified with the <b>argv</b> attribute, using the privileges
+specified with the <b>user</b> attribute. </p>
<li> <p> Line 2: specify a "0" process limit instead of the default
-"-", to avoid "connection refused" and other problems when the smtpd
-process limit exceeds the <a href="postconf.5.html#default_process_limit">default_process_limit</a> setting. </p>
+"-", to avoid "connection refused" and other problems when you
+increase the smtpd process limit. </p>
<li> <p> Lines 8, 9: always specify "<a href="postconf.5.html#check_policy_service">check_policy_service</a>" AFTER
"<a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>" or else your system could become an
open relay. </p>
+<li> <p> Line 11: this increases the time that a policy server
+process is allowed to run from the default 1000 seconds to 3600
+seconds. The default time limit is too short for a policy daemon
+that needs to run long as the SMTP server process that talks to it.
+See the <a href="spawn.8.html">spawn(8)</a> manpage for more information about the
+<a href="postconf.5.html#transport_time_limit"><i>transport</i>_time_limit</a> parameter. </p>
+
+<blockquote> <p> Note: the "policy_time_limit" parameter will not
+show up in "postconf" command output before Postfix version 2.9.
+This limitation applies to many parameters whose name is a combination
+of a <a href="master.5.html">master.cf</a> service name (in the above example, "policy") and a
+built-in suffix (in the above example: "_time_limit"). </p>
+</blockquote>
+
<li> <p> Solaris UNIX-domain sockets do not work reliably. Use
TCP sockets instead: </p>
<blockquote>
<pre>
-1 /etc/postfix/<a href="master.5.html">master.cf</a>:
-2 policy unix - n n - 0 spawn
-3 user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
-4
-5 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
-6 policy_time_limit = 3600
+ 1 /etc/postfix/<a href="master.5.html">master.cf</a>:
+ 2 greylist unix - n n - 0 spawn
+ 3 user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
+ 4
+ 5 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ 6 greylist_time_limit = 3600
+ 7 <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> =
+ 8 ...
+ 9 <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
+10 <a href="postconf.5.html#check_policy_service">check_policy_service</a> unix:private/greylist
+11 ...
</pre>
</blockquote>
<ul>
+<li> <p> Lines 2-3: this creates the service called "greylist" that
+listens on a UNIX-domain socket. The service is implemented by the
+Postfix <a href="spawn.8.html">spawn(8)</a> daemon, which executes the greylist.pl script that
+is specified with the <b>argv</b> attribute, using the privileges
+specified with the <b>user</b> attribute. </p>
+
+<li> <p> Line 2: specify a "0" process limit instead of the default
+"-", to avoid "connection refused" and other problems when you
+increase the smtpd process limit. </p>
+
<li> <p> Line 3: Specify "greylist.pl -v" for verbose logging of
each request and reply. </p>
-<li> <p> Lines 2, 6: the Postfix <a href="spawn.8.html">spawn(8)</a> daemon by default kills
-its child process after 1000 seconds. This is too short for a
-policy daemon that may run for as long as an SMTP client is connected
-to an SMTP server process. The default time limit is overruled in
-<a href="postconf.5.html">main.cf</a> with an explicit "policy_time_limit" setting. The name of
-the parameter is the name of the <a href="master.5.html">master.cf</a> entry ("policy")
-concatenated with the "_time_limit" suffix. </p>
-
-<li> <p> Line 2: specify a "0" process limit instead of the default
-"-", to avoid "connection refused" and other problems when the smtpd
-process limit exceeds the <a href="postconf.5.html#default_process_limit">default_process_limit</a> setting. </p>
+<li> <p> Line 6: this increases the time that a greylist server
+process is allowed to run from the default 1000 seconds to 3600
+seconds. The default time limit is too short for a greylist daemon
+that needs to run long as the SMTP server process that talks to it.
+See the <a href="spawn.8.html">spawn(8)</a> manpage for more information about the
+<a href="postconf.5.html#transport_time_limit"><i>transport</i>_time_limit</a> parameter. </p>
+
+<blockquote> <p> Note: the "greylist_time_limit" parameter will not
+show up in "postconf" command output before Postfix version 2.9.
+This limitation applies to many parameters whose name is a combination
+of a <a href="master.5.html">master.cf</a> service name (in the above example, "greylist") and
+a built-in suffix (in the above example: "_time_limit"). </p>
+</blockquote>
</ul>
<blockquote>
<pre>
-1 /etc/postfix/<a href="master.5.html">master.cf</a>:
-2 127.0.0.1:9998 inet n n n - 0 spawn
-3 user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
-4
-5 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
-6 127.0.0.1:9998_time_limit = 3600
+ 1 /etc/postfix/<a href="master.5.html">master.cf</a>:
+ 2 127.0.0.1:9998 inet n n n - 0 spawn
+ 3 user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
+ 4
+ 5 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ 6 127.0.0.1:9998_time_limit = 3600
+ 7 <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> =
+ 8 ...
+ 9 <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
+10 <a href="postconf.5.html#check_policy_service">check_policy_service</a> inet:127.0.0.1:9998
+11 ...
</pre>
</blockquote>
-<p> To invoke this service you would specify "<a href="postconf.5.html#check_policy_service">check_policy_service</a>
-inet:127.0.0.1:9998". </p>
-
<h2><a name="frequent">Greylisting mail from frequently forged domains</a></h2>
<p> It is relatively safe to turn on greylisting for specific
6 <a href="postconf.5.html#check_sender_access">check_sender_access</a> hash:/etc/postfix/sender_access
7 ...
8 <a href="postconf.5.html#smtpd_restriction_classes">smtpd_restriction_classes</a> = greylist
- 9 greylist = <a href="postconf.5.html#check_policy_service">check_policy_service</a> unix:private/policy
+ 9 greylist = <a href="postconf.5.html#check_policy_service">check_policy_service</a> unix:private/greylist
10
11 /etc/postfix/sender_access:
12 aol.com greylist
<h2><a name="all_mail">Greylisting all your mail</a></h2>
-<p> If you turn on greylisting for all mail you will almost certainly
-want to make exceptions for mailing lists that use one-time sender
-addresses, because such mailing lists can pollute your greylist
-database relatively quickly. </p>
+<p> If you turn on greylisting for all mail you may want to make
+exceptions for mailing lists that use one-time sender addresses,
+because each message will be delayed due to greylisting, and the
+one-time sender addresses can pollute your greylist database
+relatively quickly. Instead of making exceptions, you can automatically
+whitelist clients that survive greylisting repeatedly; this avoids
+most of the delays and most of the database pollution problem. </p>
<blockquote>
<pre>
<li> <p> Existing long queue file names are renamed to the short
form (while running "postfix reload" or "postsuper"). </p>
-<li> New queue files are created with names such as C3CD21F3E90
+<li> <p> New queue files are created with names such as C3CD21F3E90
from a hexadecimal alphabet that contains digits (0-9) and upper-case
letters (A-F). The name format is: 5 characters for the time in
microseconds; the remainder is the file inode number. </p>
for backwards compatibility with Postfix releases prior to 2.5.
</p>
-<p> The best practice algorithm is now <b>sha1</b>. Recent advances in hash
+<p> Advances in hash
function cryptanalysis have led to md5 being deprecated in favor of sha1.
However, as long as there are no known "second pre-image" attacks
against md5, its use in this context can still be considered safe.
<p> While additional digest algorithms are often available with OpenSSL's
libcrypto, only those used by libssl in SSL cipher suites are available to
-Postfix. For now this means just md5 or sha1. </p>
+Postfix. </p>
<p> To find the fingerprint of a specific certificate file, with a
specific digest algorithm, run: </p>
parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of
the message delivery transport. </p>
+<p> Note: <a href="postconf.5.html#transport_delivery_slot_cost"><i>transport</i>_delivery_slot_cost</a> parameters will not
+show up in "postconf" command output before Postfix version 2.9.
+This limitation applies to many parameters whose name is a combination
+of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in this case:
+"_delivery_slot_cost"). </p>
+
</DD>
parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of
the message delivery transport. </p>
+<p> Note: <a href="postconf.5.html#transport_delivery_slot_discount"><i>transport</i>_delivery_slot_discount</a> parameters will
+not show up in "postconf" command output before Postfix version
+2.9. This limitation applies to many parameters whose name is a
+combination of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in
+this case: "_delivery_slot_discount"). </p>
+
</DD>
parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of
the message delivery transport. </p>
+<p> Note: <a href="postconf.5.html#transport_delivery_slot_loan"><i>transport</i>_delivery_slot_loan</a> parameters will not
+show up in "postconf" command output before Postfix version 2.9.
+This limitation applies to many parameters whose name is a combination
+of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in this case:
+"_delivery_slot_loan"). </p>
+
</DD>
where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of the message delivery
transport. </p>
+<p> Note: some <a href="postconf.5.html#transport_destination_concurrency_failed_cohort_limit"><i>transport</i>_destination_concurrency_failed_cohort_limit</a>
+parameters will not show up in "postconf" command output before
+Postfix version 2.9. This limitation applies to many parameters
+whose name is a combination of a <a href="master.5.html">master.cf</a> service name and a
+built-in suffix (in this case:
+"_destination_concurrency_failed_cohort_limit"). </p>
+
<p> This feature is available in Postfix 2.5 and later. </p>
<i>transport</i> is the <a href="master.5.html">master.cf</a> name of the message delivery
transport. </p>
+<p> Note: some <a href="postconf.5.html#transport_destination_concurrency_limit"><i>transport</i>_destination_concurrency_limit</a>
+parameters will not show up in "postconf" command output before
+Postfix version 2.9. This limitation applies to many parameters
+whose name is a combination of a <a href="master.5.html">master.cf</a> service name and a
+built-in suffix (in this case: "_destination_concurrency_limit").
+</p>
+
</DD>
where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of the message delivery
transport. </p>
+<p> Note: some <a href="postconf.5.html#transport_destination_concurrency_negative_feedback"><i>transport</i>_destination_concurrency_negative_feedback</a>
+parameters will not show up in "postconf" command output before
+Postfix version 2.9. This limitation applies to many parameters
+whose name is a combination of a <a href="master.5.html">master.cf</a> service name and a
+built-in suffix (in this case:
+"_destination_concurrency_negative_feedback"). </p>
+
<p> This feature is available in Postfix 2.5 and later. </p>
where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of the message delivery
transport. </p>
+<p> Note: some <a href="postconf.5.html#transport_destination_concurrency_positive_feedback"><i>transport</i>_destination_concurrency_positive_feedback</a>
+parameters will not show up in "postconf" command output before
+Postfix version 2.9. This limitation applies to many parameters
+whose name is a combination of a <a href="master.5.html">master.cf</a> service name and a
+built-in suffix (in this case:
+"_destination_concurrency_positive_feedback"). </p>
+
<p> This feature is available in Postfix 2.5 and later. </p>
parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of
the message delivery transport. </p>
+<p> Note: some <a href="postconf.5.html#transport_destination_rate_delay"><i>transport</i>_destination_rate_delay</a> parameters
+will not show up in "postconf" command output before Postfix version
+2.9. This limitation applies to many parameters whose name is a
+combination of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in
+this case: "_destination_rate_delay"). </p>
+
<p> This feature is available in Postfix 2.5 and later. </p>
<i>transport</i> is the <a href="master.5.html">master.cf</a> name of the message delivery
transport. </p>
+<p> Note: some <a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a> parameters
+will not show up in "postconf" command output before Postfix version
+2.9. This limitation applies to many parameters whose name is a
+combination of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in
+this case: "_destination_recipient_limit"). </p>
+
</DD>
parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of
the message delivery transport. </p>
+<p> Note: <a href="postconf.5.html#transport_extra_recipient_limit"><i>transport</i>_extra_recipient_limit</a> parameters will
+not show up in "postconf" command output before Postfix version
+2.9. This limitation applies to many parameters whose name is a
+combination of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in
+this case: "_extra_recipient_limit"). </p>
+
</DD>
parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of
the message delivery transport. </p>
+<p> Note: some <a href="postconf.5.html#transport_initial_destination_concurrency"><i>transport</i>_initial_destination_concurrency</a>
+parameters will not show up in "postconf" command output before
+Postfix version 2.9. This limitation applies to many parameters
+whose name is a combination of a <a href="master.5.html">master.cf</a> service name and a
+built-in suffix (in this case: "_initial_destination_concurrency").
+</p>
+
<p> This feature is available in Postfix 2.5 and later. </p>
parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of
the message delivery transport. </p>
+<p> Note: <a href="postconf.5.html#transport_minimum_delivery_slots"><i>transport</i>_minimum_delivery_slots</a> parameters will
+not show up in "postconf" command output before Postfix version
+2.9. This limitation applies to many parameters whose name is a
+combination of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in
+this case: "_minimum_delivery_slots"). </p>
+
</DD>
parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of
the message delivery transport. </p>
+<p> Note: some <a href="postconf.5.html#transport_recipient_limit"><i>transport</i>_recipient_limit</a> parameters will not
+show up in "postconf" command output before Postfix version 2.9.
+This limitation applies to many parameters whose name is a combination
+of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in this case:
+"_recipient_limit"). </p>
+
</DD>
parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of
the message delivery transport. </p>
+<p> Note: <a href="postconf.5.html#transport_recipient_refill_delay"><i>transport</i>_recipient_refill_delay</a> parameters will
+not show up in "postconf" command output before Postfix version
+2.9. This limitation applies to many parameters whose name is a
+combination of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in
+this case: "_recipient_refill_delay"). </p>
+
<p> This feature is available in Postfix 2.4 and later. </p>
parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of
the message delivery transport. </p>
+<p> Note: <a href="postconf.5.html#transport_recipient_refill_limit"><i>transport</i>_recipient_refill_limit</a> parameters will
+not show up in "postconf" command output before Postfix version
+2.9. This limitation applies to many parameters whose name is a
+combination of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in
+this case: "_recipient_refill_limit"). </p>
+
<p> This feature is available in Postfix 2.4 and later. </p>
value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of the message
delivery transport. </p>
+<p> Note: <a href="postconf.5.html#transport_time_limit"><i>transport</i>_time_limit</a> parameters will not show up
+in "postconf" command output before Postfix version 2.9. This
+limitation applies to many parameters whose name is a combination
+of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in this case:
+"_time_limit"). </p>
+
</DD>
\fBpermit_tls_clientcerts\fR. The default algorithm is \fBmd5\fR,
for backwards compatibility with Postfix releases prior to 2.5.
.PP
-The best practice algorithm is now \fBsha1\fR. Recent advances in hash
+Advances in hash
function cryptanalysis have led to md5 being deprecated in favor of sha1.
However, as long as there are no known "second pre-image" attacks
against md5, its use in this context can still be considered safe.
.PP
While additional digest algorithms are often available with OpenSSL's
libcrypto, only those used by libssl in SSL cipher suites are available to
-Postfix. For now this means just md5 or sha1.
+Postfix.
.PP
To find the fingerprint of a specific certificate file, with a
specific digest algorithm, run:
A transport-specific override for the default_delivery_slot_cost
parameter value, where \fItransport\fR is the master.cf name of
the message delivery transport.
+.PP
+Note: \fItransport\fR_delivery_slot_cost parameters will not
+show up in "postconf" command output before Postfix version 2.9.
+This limitation applies to many parameters whose name is a combination
+of a master.cf service name and a built-in suffix (in this case:
+"_delivery_slot_cost").
.SH transport_delivery_slot_discount (default: $default_delivery_slot_discount)
A transport-specific override for the default_delivery_slot_discount
parameter value, where \fItransport\fR is the master.cf name of
the message delivery transport.
+.PP
+Note: \fItransport\fR_delivery_slot_discount parameters will
+not show up in "postconf" command output before Postfix version
+2.9. This limitation applies to many parameters whose name is a
+combination of a master.cf service name and a built-in suffix (in
+this case: "_delivery_slot_discount").
.SH transport_delivery_slot_loan (default: $default_delivery_slot_loan)
A transport-specific override for the default_delivery_slot_loan
parameter value, where \fItransport\fR is the master.cf name of
the message delivery transport.
+.PP
+Note: \fItransport\fR_delivery_slot_loan parameters will not
+show up in "postconf" command output before Postfix version 2.9.
+This limitation applies to many parameters whose name is a combination
+of a master.cf service name and a built-in suffix (in this case:
+"_delivery_slot_loan").
.SH transport_destination_concurrency_failed_cohort_limit (default: $default_destination_concurrency_failed_cohort_limit)
A transport-specific override for the
default_destination_concurrency_failed_cohort_limit parameter value,
where \fItransport\fR is the master.cf name of the message delivery
transport.
.PP
+Note: some \fItransport\fR_destination_concurrency_failed_cohort_limit
+parameters will not show up in "postconf" command output before
+Postfix version 2.9. This limitation applies to many parameters
+whose name is a combination of a master.cf service name and a
+built-in suffix (in this case:
+"_destination_concurrency_failed_cohort_limit").
+.PP
This feature is available in Postfix 2.5 and later.
.SH transport_destination_concurrency_limit (default: $default_destination_concurrency_limit)
A transport-specific override for the
default_destination_concurrency_limit parameter value, where
\fItransport\fR is the master.cf name of the message delivery
transport.
+.PP
+Note: some \fItransport\fR_destination_concurrency_limit
+parameters will not show up in "postconf" command output before
+Postfix version 2.9. This limitation applies to many parameters
+whose name is a combination of a master.cf service name and a
+built-in suffix (in this case: "_destination_concurrency_limit").
.SH transport_destination_concurrency_negative_feedback (default: $default_destination_concurrency_negative_feedback)
A transport-specific override for the
default_destination_concurrency_negative_feedback parameter value,
where \fItransport\fR is the master.cf name of the message delivery
transport.
.PP
+Note: some \fItransport\fR_destination_concurrency_negative_feedback
+parameters will not show up in "postconf" command output before
+Postfix version 2.9. This limitation applies to many parameters
+whose name is a combination of a master.cf service name and a
+built-in suffix (in this case:
+"_destination_concurrency_negative_feedback").
+.PP
This feature is available in Postfix 2.5 and later.
.SH transport_destination_concurrency_positive_feedback (default: $default_destination_concurrency_positive_feedback)
A transport-specific override for the
where \fItransport\fR is the master.cf name of the message delivery
transport.
.PP
+Note: some \fItransport\fR_destination_concurrency_positive_feedback
+parameters will not show up in "postconf" command output before
+Postfix version 2.9. This limitation applies to many parameters
+whose name is a combination of a master.cf service name and a
+built-in suffix (in this case:
+"_destination_concurrency_positive_feedback").
+.PP
This feature is available in Postfix 2.5 and later.
.SH transport_destination_rate_delay (default: $default_destination_rate_delay)
A transport-specific override for the default_destination_rate_delay
parameter value, where \fItransport\fR is the master.cf name of
the message delivery transport.
.PP
+Note: some \fItransport\fR_destination_rate_delay parameters
+will not show up in "postconf" command output before Postfix version
+2.9. This limitation applies to many parameters whose name is a
+combination of a master.cf service name and a built-in suffix (in
+this case: "_destination_rate_delay").
+.PP
This feature is available in Postfix 2.5 and later.
.SH transport_destination_recipient_limit (default: $default_destination_recipient_limit)
A transport-specific override for the
default_destination_recipient_limit parameter value, where
\fItransport\fR is the master.cf name of the message delivery
transport.
+.PP
+Note: some \fItransport\fR_destination_recipient_limit parameters
+will not show up in "postconf" command output before Postfix version
+2.9. This limitation applies to many parameters whose name is a
+combination of a master.cf service name and a built-in suffix (in
+this case: "_destination_recipient_limit").
.SH transport_extra_recipient_limit (default: $default_extra_recipient_limit)
A transport-specific override for the default_extra_recipient_limit
parameter value, where \fItransport\fR is the master.cf name of
the message delivery transport.
+.PP
+Note: \fItransport\fR_extra_recipient_limit parameters will
+not show up in "postconf" command output before Postfix version
+2.9. This limitation applies to many parameters whose name is a
+combination of a master.cf service name and a built-in suffix (in
+this case: "_extra_recipient_limit").
.SH transport_initial_destination_concurrency (default: $initial_destination_concurrency)
A transport-specific override for the initial_destination_concurrency
parameter value, where \fItransport\fR is the master.cf name of
the message delivery transport.
.PP
+Note: some \fItransport\fR_initial_destination_concurrency
+parameters will not show up in "postconf" command output before
+Postfix version 2.9. This limitation applies to many parameters
+whose name is a combination of a master.cf service name and a
+built-in suffix (in this case: "_initial_destination_concurrency").
+.PP
This feature is available in Postfix 2.5 and later.
.SH transport_maps (default: empty)
Optional lookup tables with mappings from recipient address to
A transport-specific override for the default_minimum_delivery_slots
parameter value, where \fItransport\fR is the master.cf name of
the message delivery transport.
+.PP
+Note: \fItransport\fR_minimum_delivery_slots parameters will
+not show up in "postconf" command output before Postfix version
+2.9. This limitation applies to many parameters whose name is a
+combination of a master.cf service name and a built-in suffix (in
+this case: "_minimum_delivery_slots").
.SH transport_recipient_limit (default: $default_recipient_limit)
A transport-specific override for the default_recipient_limit
parameter value, where \fItransport\fR is the master.cf name of
the message delivery transport.
+.PP
+Note: some \fItransport\fR_recipient_limit parameters will not
+show up in "postconf" command output before Postfix version 2.9.
+This limitation applies to many parameters whose name is a combination
+of a master.cf service name and a built-in suffix (in this case:
+"_recipient_limit").
.SH transport_recipient_refill_delay (default: $default_recipient_refill_delay)
A transport-specific override for the default_recipient_refill_delay
parameter value, where \fItransport\fR is the master.cf name of
the message delivery transport.
.PP
+Note: \fItransport\fR_recipient_refill_delay parameters will
+not show up in "postconf" command output before Postfix version
+2.9. This limitation applies to many parameters whose name is a
+combination of a master.cf service name and a built-in suffix (in
+this case: "_recipient_refill_delay").
+.PP
This feature is available in Postfix 2.4 and later.
.SH transport_recipient_refill_limit (default: $default_recipient_refill_limit)
A transport-specific override for the default_recipient_refill_limit
parameter value, where \fItransport\fR is the master.cf name of
the message delivery transport.
.PP
+Note: \fItransport\fR_recipient_refill_limit parameters will
+not show up in "postconf" command output before Postfix version
+2.9. This limitation applies to many parameters whose name is a
+combination of a master.cf service name and a built-in suffix (in
+this case: "_recipient_refill_limit").
+.PP
This feature is available in Postfix 2.4 and later.
.SH transport_retry_time (default: 60s)
The time between attempts by the Postfix queue manager to contact
A transport-specific override for the command_time_limit parameter
value, where \fItransport\fR is the master.cf name of the message
delivery transport.
+.PP
+Note: \fItransport\fR_time_limit parameters will not show up
+in "postconf" command output before Postfix version 2.9. This
+limitation applies to many parameters whose name is a combination
+of a master.cf service name and a built-in suffix (in this case:
+"_time_limit").
.SH trigger_timeout (default: 10s)
The time limit for sending a trigger to a Postfix daemon (for
example, the \fBpickup\fR(8) or \fBqmgr\fR(8) daemon). This time limit prevents
<hr>
+<h2> Disclaimer </h2>
+
+<p> Many of the <i>transport</i>-specific configuration parameters
+discussed in this document will not show up in "postconf" command
+output before Postfix version 2.9. This limitation applies to many
+parameters whose name is a combination of a master.cf service name
+such as "relay" and a built-in suffix such as
+"_destination_concurrency_limit". </p>
+
<h2> Overview </h2>
<p> The queue manager is by far the most complex part of the Postfix
<h2>Purpose of Postfix SMTP access policy delegation</h2>
<p> The Postfix SMTP server has a number of built-in mechanisms to
-block or accept mail at specific SMTP protocol stages. As of version
-2.1, Postfix can delegate policy decisions to an external server
-that runs outside Postfix. </p>
+block or accept mail at specific SMTP protocol stages. In addition,
+the Postfix SMTP server can delegate decisions to an external policy
+server (Postfix 2.1 and later). </p>
<p> With this policy delegation mechanism, a simple <a href="#greylist">
greylist </a> policy can be implemented with only a dozen lines of
<ul>
-<li> <p> Lines 2, 11: the Postfix spawn(8) daemon by default kills
-its child process after 1000 seconds. This is too short for a
-policy daemon that may need to run for as long as the SMTP server
-process that talks to it. The default time limit is overruled in
-main.cf with an explicit "policy_time_limit" setting. The name of
-the parameter is the name of the master.cf entry ("policy")
-concatenated with the "_time_limit" suffix. See spawn(8) for
-more information about the time limit parameter. </p>
+<li> <p> Lines 2-3: this creates the service called "policy" that
+listens on a UNIX-domain socket. The service is implemented by the
+Postfix spawn(8) daemon, which executes the policy server program
+that is specified with the <b>argv</b> attribute, using the privileges
+specified with the <b>user</b> attribute. </p>
<li> <p> Line 2: specify a "0" process limit instead of the default
-"-", to avoid "connection refused" and other problems when the smtpd
-process limit exceeds the default_process_limit setting. </p>
+"-", to avoid "connection refused" and other problems when you
+increase the smtpd process limit. </p>
<li> <p> Lines 8, 9: always specify "check_policy_service" AFTER
"reject_unauth_destination" or else your system could become an
open relay. </p>
+<li> <p> Line 11: this increases the time that a policy server
+process is allowed to run from the default 1000 seconds to 3600
+seconds. The default time limit is too short for a policy daemon
+that needs to run long as the SMTP server process that talks to it.
+See the spawn(8) manpage for more information about the
+<i>transport</i>_time_limit parameter. </p>
+
+<blockquote> <p> Note: the "policy_time_limit" parameter will not
+show up in "postconf" command output before Postfix version 2.9.
+This limitation applies to many parameters whose name is a combination
+of a master.cf service name (in the above example, "policy") and a
+built-in suffix (in the above example: "_time_limit"). </p>
+</blockquote>
+
<li> <p> Solaris UNIX-domain sockets do not work reliably. Use
TCP sockets instead: </p>
<blockquote>
<pre>
-1 /etc/postfix/master.cf:
-2 policy unix - n n - 0 spawn
-3 user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
-4
-5 /etc/postfix/main.cf:
-6 policy_time_limit = 3600
+ 1 /etc/postfix/master.cf:
+ 2 greylist unix - n n - 0 spawn
+ 3 user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
+ 4
+ 5 /etc/postfix/main.cf:
+ 6 greylist_time_limit = 3600
+ 7 smtpd_recipient_restrictions =
+ 8 ...
+ 9 reject_unauth_destination
+10 check_policy_service unix:private/greylist
+11 ...
</pre>
</blockquote>
<ul>
+<li> <p> Lines 2-3: this creates the service called "greylist" that
+listens on a UNIX-domain socket. The service is implemented by the
+Postfix spawn(8) daemon, which executes the greylist.pl script that
+is specified with the <b>argv</b> attribute, using the privileges
+specified with the <b>user</b> attribute. </p>
+
+<li> <p> Line 2: specify a "0" process limit instead of the default
+"-", to avoid "connection refused" and other problems when you
+increase the smtpd process limit. </p>
+
<li> <p> Line 3: Specify "greylist.pl -v" for verbose logging of
each request and reply. </p>
-<li> <p> Lines 2, 6: the Postfix spawn(8) daemon by default kills
-its child process after 1000 seconds. This is too short for a
-policy daemon that may run for as long as an SMTP client is connected
-to an SMTP server process. The default time limit is overruled in
-main.cf with an explicit "policy_time_limit" setting. The name of
-the parameter is the name of the master.cf entry ("policy")
-concatenated with the "_time_limit" suffix. </p>
-
-<li> <p> Line 2: specify a "0" process limit instead of the default
-"-", to avoid "connection refused" and other problems when the smtpd
-process limit exceeds the default_process_limit setting. </p>
+<li> <p> Line 6: this increases the time that a greylist server
+process is allowed to run from the default 1000 seconds to 3600
+seconds. The default time limit is too short for a greylist daemon
+that needs to run long as the SMTP server process that talks to it.
+See the spawn(8) manpage for more information about the
+<i>transport</i>_time_limit parameter. </p>
+
+<blockquote> <p> Note: the "greylist_time_limit" parameter will not
+show up in "postconf" command output before Postfix version 2.9.
+This limitation applies to many parameters whose name is a combination
+of a master.cf service name (in the above example, "greylist") and
+a built-in suffix (in the above example: "_time_limit"). </p>
+</blockquote>
</ul>
<blockquote>
<pre>
-1 /etc/postfix/master.cf:
-2 127.0.0.1:9998 inet n n n - 0 spawn
-3 user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
-4
-5 /etc/postfix/main.cf:
-6 127.0.0.1:9998_time_limit = 3600
+ 1 /etc/postfix/master.cf:
+ 2 127.0.0.1:9998 inet n n n - 0 spawn
+ 3 user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
+ 4
+ 5 /etc/postfix/main.cf:
+ 6 127.0.0.1:9998_time_limit = 3600
+ 7 smtpd_recipient_restrictions =
+ 8 ...
+ 9 reject_unauth_destination
+10 check_policy_service inet:127.0.0.1:9998
+11 ...
</pre>
</blockquote>
-<p> To invoke this service you would specify "check_policy_service
-inet:127.0.0.1:9998". </p>
-
<h2><a name="frequent">Greylisting mail from frequently forged domains</a></h2>
<p> It is relatively safe to turn on greylisting for specific
6 check_sender_access hash:/etc/postfix/sender_access
7 ...
8 smtpd_restriction_classes = greylist
- 9 greylist = check_policy_service unix:private/policy
+ 9 greylist = check_policy_service unix:private/greylist
10
11 /etc/postfix/sender_access:
12 aol.com greylist
<h2><a name="all_mail">Greylisting all your mail</a></h2>
-<p> If you turn on greylisting for all mail you will almost certainly
-want to make exceptions for mailing lists that use one-time sender
-addresses, because such mailing lists can pollute your greylist
-database relatively quickly. </p>
+<p> If you turn on greylisting for all mail you may want to make
+exceptions for mailing lists that use one-time sender addresses,
+because each message will be delayed due to greylisting, and the
+one-time sender addresses can pollute your greylist database
+relatively quickly. Instead of making exceptions, you can automatically
+whitelist clients that survive greylisting repeatedly; this avoids
+most of the delays and most of the database pollution problem. </p>
<blockquote>
<pre>
for backwards compatibility with Postfix releases prior to 2.5.
</p>
-<p> The best practice algorithm is now <b>sha1</b>. Recent advances in hash
+<p> Advances in hash
function cryptanalysis have led to md5 being deprecated in favor of sha1.
However, as long as there are no known "second pre-image" attacks
against md5, its use in this context can still be considered safe.
<p> While additional digest algorithms are often available with OpenSSL's
libcrypto, only those used by libssl in SSL cipher suites are available to
-Postfix. For now this means just md5 or sha1. </p>
+Postfix. </p>
<p> To find the fingerprint of a specific certificate file, with a
specific digest algorithm, run: </p>
where <i>transport</i> is the master.cf name of the message delivery
transport. </p>
+<p> Note: some <i>transport</i>_destination_concurrency_failed_cohort_limit
+parameters will not show up in "postconf" command output before
+Postfix version 2.9. This limitation applies to many parameters
+whose name is a combination of a master.cf service name and a
+built-in suffix (in this case:
+"_destination_concurrency_failed_cohort_limit"). </p>
+
<p> This feature is available in Postfix 2.5 and later. </p>
%PARAM transport_destination_concurrency_positive_feedback $default_destination_concurrency_positive_feedback
where <i>transport</i> is the master.cf name of the message delivery
transport. </p>
+<p> Note: some <i>transport</i>_destination_concurrency_positive_feedback
+parameters will not show up in "postconf" command output before
+Postfix version 2.9. This limitation applies to many parameters
+whose name is a combination of a master.cf service name and a
+built-in suffix (in this case:
+"_destination_concurrency_positive_feedback"). </p>
+
<p> This feature is available in Postfix 2.5 and later. </p>
%PARAM transport_destination_concurrency_negative_feedback $default_destination_concurrency_negative_feedback
where <i>transport</i> is the master.cf name of the message delivery
transport. </p>
+<p> Note: some <i>transport</i>_destination_concurrency_negative_feedback
+parameters will not show up in "postconf" command output before
+Postfix version 2.9. This limitation applies to many parameters
+whose name is a combination of a master.cf service name and a
+built-in suffix (in this case:
+"_destination_concurrency_negative_feedback"). </p>
+
<p> This feature is available in Postfix 2.5 and later. </p>
%PARAM transport_initial_destination_concurrency $initial_destination_concurrency
parameter value, where <i>transport</i> is the master.cf name of
the message delivery transport. </p>
+<p> Note: some <i>transport</i>_initial_destination_concurrency
+parameters will not show up in "postconf" command output before
+Postfix version 2.9. This limitation applies to many parameters
+whose name is a combination of a master.cf service name and a
+built-in suffix (in this case: "_initial_destination_concurrency").
+</p>
+
<p> This feature is available in Postfix 2.5 and later. </p>
%PARAM transport_destination_concurrency_limit $default_destination_concurrency_limit
<i>transport</i> is the master.cf name of the message delivery
transport. </p>
+<p> Note: some <i>transport</i>_destination_concurrency_limit
+parameters will not show up in "postconf" command output before
+Postfix version 2.9. This limitation applies to many parameters
+whose name is a combination of a master.cf service name and a
+built-in suffix (in this case: "_destination_concurrency_limit").
+</p>
+
%PARAM transport_destination_recipient_limit $default_destination_recipient_limit
<p> A transport-specific override for the
<i>transport</i> is the master.cf name of the message delivery
transport. </p>
+<p> Note: some <i>transport</i>_destination_recipient_limit parameters
+will not show up in "postconf" command output before Postfix version
+2.9. This limitation applies to many parameters whose name is a
+combination of a master.cf service name and a built-in suffix (in
+this case: "_destination_recipient_limit"). </p>
+
%PARAM transport_time_limit $command_time_limit
<p> A transport-specific override for the command_time_limit parameter
value, where <i>transport</i> is the master.cf name of the message
delivery transport. </p>
+<p> Note: <i>transport</i>_time_limit parameters will not show up
+in "postconf" command output before Postfix version 2.9. This
+limitation applies to many parameters whose name is a combination
+of a master.cf service name and a built-in suffix (in this case:
+"_time_limit"). </p>
+
%PARAM transport_delivery_slot_cost $default_delivery_slot_cost
<p> A transport-specific override for the default_delivery_slot_cost
parameter value, where <i>transport</i> is the master.cf name of
the message delivery transport. </p>
+<p> Note: <i>transport</i>_delivery_slot_cost parameters will not
+show up in "postconf" command output before Postfix version 2.9.
+This limitation applies to many parameters whose name is a combination
+of a master.cf service name and a built-in suffix (in this case:
+"_delivery_slot_cost"). </p>
+
%PARAM transport_delivery_slot_loan $default_delivery_slot_loan
<p> A transport-specific override for the default_delivery_slot_loan
parameter value, where <i>transport</i> is the master.cf name of
the message delivery transport. </p>
+<p> Note: <i>transport</i>_delivery_slot_loan parameters will not
+show up in "postconf" command output before Postfix version 2.9.
+This limitation applies to many parameters whose name is a combination
+of a master.cf service name and a built-in suffix (in this case:
+"_delivery_slot_loan"). </p>
+
%PARAM transport_delivery_slot_discount $default_delivery_slot_discount
<p> A transport-specific override for the default_delivery_slot_discount
parameter value, where <i>transport</i> is the master.cf name of
the message delivery transport. </p>
+<p> Note: <i>transport</i>_delivery_slot_discount parameters will
+not show up in "postconf" command output before Postfix version
+2.9. This limitation applies to many parameters whose name is a
+combination of a master.cf service name and a built-in suffix (in
+this case: "_delivery_slot_discount"). </p>
+
%PARAM transport_minimum_delivery_slots $default_minimum_delivery_slots
<p> A transport-specific override for the default_minimum_delivery_slots
parameter value, where <i>transport</i> is the master.cf name of
the message delivery transport. </p>
+<p> Note: <i>transport</i>_minimum_delivery_slots parameters will
+not show up in "postconf" command output before Postfix version
+2.9. This limitation applies to many parameters whose name is a
+combination of a master.cf service name and a built-in suffix (in
+this case: "_minimum_delivery_slots"). </p>
+
%PARAM transport_recipient_limit $default_recipient_limit
<p> A transport-specific override for the default_recipient_limit
parameter value, where <i>transport</i> is the master.cf name of
the message delivery transport. </p>
+<p> Note: some <i>transport</i>_recipient_limit parameters will not
+show up in "postconf" command output before Postfix version 2.9.
+This limitation applies to many parameters whose name is a combination
+of a master.cf service name and a built-in suffix (in this case:
+"_recipient_limit"). </p>
+
%PARAM transport_extra_recipient_limit $default_extra_recipient_limit
<p> A transport-specific override for the default_extra_recipient_limit
parameter value, where <i>transport</i> is the master.cf name of
the message delivery transport. </p>
+<p> Note: <i>transport</i>_extra_recipient_limit parameters will
+not show up in "postconf" command output before Postfix version
+2.9. This limitation applies to many parameters whose name is a
+combination of a master.cf service name and a built-in suffix (in
+this case: "_extra_recipient_limit"). </p>
+
%PARAM transport_recipient_refill_limit $default_recipient_refill_limit
<p> A transport-specific override for the default_recipient_refill_limit
parameter value, where <i>transport</i> is the master.cf name of
the message delivery transport. </p>
+<p> Note: <i>transport</i>_recipient_refill_limit parameters will
+not show up in "postconf" command output before Postfix version
+2.9. This limitation applies to many parameters whose name is a
+combination of a master.cf service name and a built-in suffix (in
+this case: "_recipient_refill_limit"). </p>
+
<p> This feature is available in Postfix 2.4 and later. </p>
%PARAM transport_recipient_refill_delay $default_recipient_refill_delay
parameter value, where <i>transport</i> is the master.cf name of
the message delivery transport. </p>
+<p> Note: <i>transport</i>_recipient_refill_delay parameters will
+not show up in "postconf" command output before Postfix version
+2.9. This limitation applies to many parameters whose name is a
+combination of a master.cf service name and a built-in suffix (in
+this case: "_recipient_refill_delay"). </p>
+
<p> This feature is available in Postfix 2.4 and later. </p>
%PARAM default_destination_rate_delay 0s
parameter value, where <i>transport</i> is the master.cf name of
the message delivery transport. </p>
+<p> Note: some <i>transport</i>_destination_rate_delay parameters
+will not show up in "postconf" command output before Postfix version
+2.9. This limitation applies to many parameters whose name is a
+combination of a master.cf service name and a built-in suffix (in
+this case: "_destination_rate_delay"). </p>
+
<p> This feature is available in Postfix 2.5 and later. </p>
%PARAM data_directory see "postconf -d" output
<li> <p> Existing long queue file names are renamed to the short
form (while running "postfix reload" or "postsuper"). </p>
-<li> New queue files are created with names such as C3CD21F3E90
+<li> <p> New queue files are created with names such as C3CD21F3E90
from a hexadecimal alphabet that contains digits (0-9) and upper-case
letters (A-F). The name format is: 5 characters for the time in
microseconds; the remainder is the file inode number. </p>
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20111126"
+#define MAIL_RELEASE_DATE "20111127"
#define MAIL_VERSION_NUMBER "2.9"
#ifdef SNAPSHOT
str_vars.h time_table.h time_vars.h raw_table.h raw_vars.h \
nint_table.h nint_vars.h nbool_table.h nbool_vars.h long_table.h \
long_vars.h
-TEST_TMP= main.cf master.cf
+TEST_TMP= main.cf master.cf test*.tmp
DUMMIES = makes_dummy # for "make -j"
PROG = postconf
SAMPLES = ../../conf/main.cf.default
test: $(TESTPROG)
tests: test1 test2 test3 test4 test5 test6 test7 test8 test9 test10 test11 \
- test12 test13 test14 test15 test16 test17 test18 test19
+ test12 test13 test14 test15 test16 test17 test18 test19 test20 test21
root_tests:
diff test19.ref test19.tmp
rm -f main.cf master.cf test19.tmp
+# Test master.cf line folding.
+
+test20: $(PROG) test20.ref
+ rm -f main.cf master.cf
+ touch main.cf master.cf
+ echo foo inet - n n - 0 spawn >> master.cf
+ echo ' -o always_bcc=$$bar$$baz' >> master.cf
+ ./$(PROG) -Mfc . >test20.tmp 2>&1
+ diff test20.ref test20.tmp
+ rm -f main.cf master.cf test20.tmp
+
+# Test main.cf line folding.
+
+test21: $(PROG) test21.ref
+ rm -f main.cf master.cf
+ touch main.cf master.cf
+ echo forward_path = xxxxxxxxxxxxx xxxxxxxxxxxxxx xxxxxxxxxxxx \
+ xxxxxxxxxxxxx xxxxxxxxxxxxxx >> main.cf
+ ./$(PROG) -nfc . >test21.tmp 2>&1
+ diff test21.ref test21.tmp
+ rm -f main.cf master.cf test21.tmp
+
printfck: $(OBJS) $(PROG)
rm -rf printfck
mkdir printfck
clean:
rm -f *.o *core $(PROG) $(TESTPROG) junk $(MAKES) $(AUTOS) $(DUMMIES) \
- $(TEST_TMP) *.tmp
+ $(TEST_TMP)
rm -rf printfck
tidy: clean
/* convert_param_node() produces a string representation for
/* a global parameter default value.
/*
-/* PC_RAW_PARAMETER() returns non-zero is the specified parameter
+/* PC_RAW_PARAMETER() returns non-zero if the specified parameter
/* node represents a "raw parameter". The value of such
/* parameters must not be scanned for macro names. Some "raw
/* parameter" values contain "$" without macros, such as the
void register_service_parameters(void)
{
const char *myname = "register_service_parameters";
- static const PC_STRING_NV service_params[] = {
+ static const PC_STRING_NV pipe_params[] = {
/* suffix, default parameter name */
+ _MAXTIME, VAR_COMMAND_MAXTIME,
+#define service_params (pipe_params + 1)
_XPORT_RCPT_LIMIT, VAR_XPORT_RCPT_LIMIT,
_STACK_RCPT_LIMIT, VAR_STACK_RCPT_LIMIT,
_XPORT_REFILL_LIMIT, VAR_XPORT_REFILL_LIMIT,
MAIL_PROGRAM_VIRTUAL, service_params,
MAIL_PROGRAM_SMTP, service_params,
MAIL_PROGRAM_LMTP, service_params,
- MAIL_PROGRAM_PIPE, service_params,
+ MAIL_PROGRAM_PIPE, pipe_params,
MAIL_PROGRAM_SPAWN, spawn_params,
0,
};
--- /dev/null
+foo inet - n n - 0 spawn
+ -o always_bcc=$bar$baz
--- /dev/null
+config_directory = .
+forward_path = xxxxxxxxxxxxx xxxxxxxxxxxxxx xxxxxxxxxxxx xxxxxxxxxxxxx
+ xxxxxxxxxxxxxx
whatevershebrings_recipient_limit = $default_recipient_limit
whatevershebrings_recipient_refill_delay = $default_recipient_refill_delay
whatevershebrings_recipient_refill_limit = $default_recipient_refill_limit
+whatevershebrings_time_limit = $command_time_limit
projects / thirdparty / postfix.git / commitdiff
