to a missing guard statement after an smtpd_check_rewrite()
call was moved closer to the command processor loop. Fix
by Bartek Szady. File: smtpd/smtpd.c.
+
+20120220
+
+ Cleanup: documentation of how to use only system-supplied
+ certificates with *CAfile and *CApath. File: proto/postconf.proto.
+
+ Cleanup: documentation of smtp_sasl_mechanism_filter. File:
+ proto/postconf.proto.
+
+20120222
+
+ Cleanup: when multiple DNSBLs block an SMTP client, the
+ postscreen "reject" message now gives credit to the DNSBL
+ with the largest weight, instead of the DNSBL that replies
+ first. File: postscreen/postscreeb_dnsbl.c.
+
+ Cleanup: memcache_table(5) manpage. File proto/memcache_table.
+
+20120225
+
+ Cleanup: eliminated the build-time Perl dependency. File:
+ bounce/annotate.sh.
+
+ Cleanup: when -DNO_DB support was added, the makedefs script
+ was not updated to skip the Linux Berkeley DB tests.
+
+ FreeBSD9 is now a supported platform. Files: makedefs,
+ util/sys_defs.h.
+
+20120226
+
+ Cleanup: documentation in postfix-install.
<b>flags (default: 0)</b>
Optional flags that should be stored along with a
- memcache update.
+ memcache update. The flags are ignored when looking
+ up information.
<b>ttl (default: 3600)</b>
The expiration time in seconds of memcache updates.
- NOTE 1: When using a memcache table as
+ NOTE 1: When using a memcache table as
<a href="postscreen.8.html"><b>postscreen</b>(8)</a> or <a href="verify.8.html"><b>verify</b>(8)</a> cache without persistent
backup, specify a zero *_cache_cleanup_interval
- value with all Postfix instances that use the mem-
- cache, and specify the largest <a href="postscreen.8.html"><b>postscreen</b>(8)</a> *_ttl
- value or <a href="verify.8.html"><b>verify</b>(8)</a> *_expire_time value as the mem-
+ value with all Postfix instances that use the mem-
+ cache, and specify the largest <a href="postscreen.8.html"><b>postscreen</b>(8)</a> *_ttl
+ value or <a href="verify.8.html"><b>verify</b>(8)</a> *_expire_time value as the mem-
cache table's <b>ttl</b> value.
- NOTE 2: According to memcache protocol documenta-
- tion, a value greater than 30 days (2592000 sec-
- onds) specifies absolute UNIX time. Smaller values
+ NOTE 2: According to memcache protocol documenta-
+ tion, a value greater than 30 days (2592000 sec-
+ onds) specifies absolute UNIX time. Smaller values
are relative to the time of the update.
<b>MEMCACHE KEY PARAMETERS</b>
<b>key_format (default: %s)</b>
- Format of the lookup and update keys in memcache
- requests. By default, these are the same as the
- lookup and update keys that are given to the Post-
+ Format of the lookup and update keys in memcache
+ requests. By default, these are the same as the
+ lookup and update keys that are given to the Post-
fix memcache client.
NOTE: The <b>key_format</b> feature is not used for <b>backup</b>
database requests.
- When the same memcache database is used to cache
- information from multiple tables, you can use the
- <b>key_format</b> feature to avoid name collisions by
+ When the same memcache database is used to cache
+ information from multiple tables, you can use the
+ <b>key_format</b> feature to avoid name collisions by
prepending a fixed string. Examples:
key_format = aliases:%s
<b>%%</b> This is replaced by a literal '%' character.
- <b>%s</b> This is replaced by the memcache client
+ <b>%s</b> This is replaced by the memcache client
input key.
<b>%u</b> When the input key is an address of the form
user@domain, <b>%u</b> is replaced by the SQL
- quoted local part of the address. Other-
- wise, <b>%u</b> is replaced by the entire search
+ quoted local part of the address. Other-
+ wise, <b>%u</b> is replaced by the entire search
string. If the localpart is empty, a lookup
- is silently suppressed and returns no
- results (an update is skipped with a warn-
+ is silently suppressed and returns no
+ results (an update is skipped with a warn-
ing).
<b>%d</b> When the input key is an address of the form
- user@domain, <b>%d</b> is replaced by the domain
+ user@domain, <b>%d</b> is replaced by the domain
part of the address. Otherwise, a lookup is
- silently suppressed and returns no results
+ silently suppressed and returns no results
(an update is skipped with a warning).
<b>%[SUD]</b> The upper-case equivalents of the above
- expansions behave in the <b>key_format</b> parame-
+ expansions behave in the <b>key_format</b> parame-
ter identically to their lower-case counter-
parts.
- <b>%[1-9]</b> The patterns %1, %2, ... %9 are replaced by
+ <b>%[1-9]</b> The patterns %1, %2, ... %9 are replaced by
the corresponding most significant component
- of the input key's domain. If the input key
+ of the input key's domain. If the input key
is <i>user@mail.example.com</i>, then %1 is <b>com</b>, %2
- is <b>example</b> and %3 is <b>mail</b>. If the input key
+ is <b>example</b> and %3 is <b>mail</b>. If the input key
is unqualified or does not have enough
- domain components to satisfy all the speci-
- fied patterns, a lookup is silently sup-
+ domain components to satisfy all the speci-
+ fied patterns, a lookup is silently sup-
pressed and returns no results (an update is
skipped with a warning).
<b>domain (default: no domain list)</b>
This feature can significantly reduce database
server load. Specify a list of domain names, paths
- to files, or "<a href="DATABASE_README.html">type:table</a>" databases. When speci-
+ to files, or "<a href="DATABASE_README.html">type:table</a>" databases. When speci-
fied, only fully qualified search keys with a *non-
empty* localpart and a matching domain are eligible
- for lookup or update: bare 'user' lookups, bare
- domain lookups and "@domain" lookups are silently
+ for lookup or update: bare 'user' lookups, bare
+ domain lookups and "@domain" lookups are silently
skipped (updates are skipped with a warning).
Example:
The maximal memcache reply line length in bytes.
<b>max_try (default: 2)</b>
- The number of times to try a memcache command
- before giving up. The memcache client does not
+ The number of times to try a memcache command
+ before giving up. The memcache client does not
retry a command when the memcache server accepts no
connection.
<b>retry_pause (default: 1)</b>
- The time in seconds before retrying a failed mem-
+ The time in seconds before retrying a failed mem-
cache command.
<b>timeout (default: 2)</b>
- The time limit for sending a memcache command and
+ The time limit for sending a memcache command and
for receiving a memcache reply.
<b>BUGS</b>
- The Postfix memcache client cannot be used for security-
- sensitive tables such as <b><a href="postconf.5.html#alias_maps">alias_maps</a></b> (these may contain
- "<i>|command</i>
and "<i>/file/name</i>" destinations), or <b><a href="postconf.5.html#virtual_uid_maps">vir</a>-</b>
- <b><a href="postconf.5.html#virtual_uid_maps">tual_uid_maps</a></b>,
<b><a href="postconf.5.html#virtual_gid_maps">virtual_gid_maps</a></b> and <b><a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a></b>
- (these specify UNIX process privileges or "<i>/file/name</i>"
- destinations). In a typical deployment a memcache data-
- base is writable by any process that can talk to the mem-
- cache server; in contrast, security-sensitive tables must
+ The Postfix memcache client cannot be used for security-
+ sensitive tables such as <b><a href="postconf.5.html#alias_maps">alias_maps</a></b> (these may contain
+ "<i>|command</i>
and "<i>/file/name</i>" destinations), or <b><a href="postconf.5.html#virtual_uid_maps">vir</a>-</b>
+ <b><a href="postconf.5.html#virtual_uid_maps">tual_uid_maps</a></b>,
<b><a href="postconf.5.html#virtual_gid_maps">virtual_gid_maps</a></b> and <b><a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a></b>
+ (these specify UNIX process privileges or "<i>/file/name</i>"
+ destinations). In a typical deployment a memcache data-
+ base is writable by any process that can talk to the mem-
+ cache server; in contrast, security-sensitive tables must
never be writable by the unprivileged Postfix user.
The Postfix memcache client requires additional configura-
- tion when used as <a href="postscreen.8.html"><b>postscreen</b>(8)</a> or <a href="verify.8.html"><b>verify</b>(8)</a> cache. For
- details see the <b>backup</b> and <b>ttl</b> parameter discussions in
+ tion when used as <a href="postscreen.8.html"><b>postscreen</b>(8)</a> or <a href="verify.8.html"><b>verify</b>(8)</a> cache. For
+ details see the <b>backup</b> and <b>ttl</b> parameter discussions in
the MEMCACHE MAIN PARAMETERS section above.
<b>SEE ALSO</b>
<a href="MEMCACHE_README.html">MEMCACHE_README</a>, Postfix memcache client guide
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>HISTORY</b>
- Memcache support was introduced with Postfix version 2.9.
+ Memcache support was introduced with Postfix version 2.9.
<b>AUTHOR(S)</b>
Wietse Venema
<p>
If non-empty, a Postfix SMTP client filter for the remote SMTP
server's list of offered SASL mechanisms. Different client and
-server implementations may support different mechanism lists. By
+server implementations may support different mechanism lists; by
default, the Postfix SMTP client will use the intersection of the
-two. <a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> further restricts what server
-mechanisms the client will take into consideration. </p>
+two. <a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> specifies an optional third mechanism
+list to intersect with. </p>
<p> Specify mechanism names, "/file/name" patterns or "<a href="DATABASE_README.html">type:table</a>"
lookup tables. The right-hand side result from "<a href="DATABASE_README.html">type:table</a>" lookups
but it is best to include all the required certificates directly in
$<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>. </p>
+<p> Specify "<a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> = /path/to/system_CA_file" to use
+ONLY the system-supplied default certificate authority certificates.
+</p>
+
<p> Specify "<a href="postconf.5.html#tls_append_default_CA">tls_append_default_CA</a> = no" to prevent Postfix from
appending the system-supplied default CAs and trusting third-party
certificates. </p>
<p> To use this option in chroot mode, this directory (or a copy)
must be inside the chroot jail. </p>
+<p> Specify "<a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> = /path/to/system_CA_directory" to
+use ONLY the system-supplied default certificate authority certificates.
+</p>
+
<p> Specify "<a href="postconf.5.html#tls_append_default_CA">tls_append_default_CA</a> = no" to prevent Postfix from
appending the system-supplied default CAs and trusting third-party
certificates. </p>
but it is best to include all the required certificates directly in the
server certificate file. </p>
+<p> Specify "<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> = /path/to/system_CA_file" to use ONLY
+the system-supplied default certificate authority certificates.
+</p>
+
<p> Specify "<a href="postconf.5.html#tls_append_default_CA">tls_append_default_CA</a> = no" to prevent Postfix from
appending the system-supplied default CAs and trusting third-party
certificates. </p>
<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> in chroot mode, this directory (or a copy) must be
inside the chroot jail. </p>
+<p> Specify "<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> = /path/to/system_CA_directory" to
+use ONLY the system-supplied default certificate authority certificates.
+</p>
+
<p> Specify "<a href="postconf.5.html#tls_append_default_CA">tls_append_default_CA</a> = no" to prevent Postfix from
appending the system-supplied default CAs and trusting third-party
certificates. </p>
;;
FreeBSD.8*) SYSTYPE=FREEBSD8
;;
+ FreeBSD.9*) SYSTYPE=FREEBSD9
+ ;;
OpenBSD.2*) SYSTYPE=OPENBSD2
;;
OpenBSD.3*) SYSTYPE=OPENBSD3
esac;;
# Tested with RedHat 3.03 on 20020729.
Linux.1*) SYSTYPE=LINUX1
- SYSLIBS="-ldb"
+ case "$CCARGS" in
+ *-DNO_DB*) ;;
+ *) SYSLIBS="-ldb";;
+ esac
;;
Linux.2*) SYSTYPE=LINUX2
- # Postfix no longer needs DB 1.85 compatibility
- if [ -f /usr/include/db.h ]
- then
- : we are all set
- elif [ -f /usr/include/db/db.h ]
- then
- CCARGS="$CCARGS -I/usr/include/db"
- else
- # No, we're not going to try db1 db2 db3 etc.
- # On a properly installed system, Postfix builds
- # by including <db.h> and by linking with -ldb
- echo "No <db.h> include file found." 1>&2
- echo "Install the appropriate db*-devel package first." 1>&2
- echo "See the RELEASE_NOTES file for more information." 1>&2
- exit 1
- fi
- # GDBM locks the DBM .pag file after open. This breaks postmap.
- # if [ -f /usr/include/gdbm-ndbm.h ]
- # then
- # CCARGS="$CCARGS -DHAS_DBM -DPATH_NDBM_H='<gdbm-ndbm.h>'"
- # GDBM_LIBS=gdbm
- # elif [ -f /usr/include/gdbm/ndbm.h ]
- # then
- # CCARGS="$CCARGS -DHAS_DBM -DPATH_NDBM_H='<gdbm/ndbm.h>'"
- # GDBM_LIBS=gdbm
- # fi
- SYSLIBS="-ldb"
+ case "$CCARGS" in
+ *-DNO_DB*) ;;
+ *) if [ -f /usr/include/db.h ]
+ then
+ : we are all set
+ elif [ -f /usr/include/db/db.h ]
+ then
+ CCARGS="$CCARGS -I/usr/include/db"
+ else
+ # No, we're not going to try db1 db2 db3 etc.
+ # On a properly installed system, Postfix builds
+ # by including <db.h> and by linking with -ldb
+ echo "No <db.h> include file found." 1>&2
+ echo "Install the appropriate db*-devel package first." 1>&2
+ exit 1
+ fi
+ SYSLIBS="-ldb"
+ ;;
+ esac
for name in nsl resolv $GDBM_LIBS
do
for lib in /usr/lib64 /lib64 /usr/lib /lib
esac
;;
Linux.3*) SYSTYPE=LINUX3
- if [ -f /usr/include/db.h ]
- then
- : we are all set
- elif [ -f /usr/include/db/db.h ]
- then
- CCARGS="$CCARGS -I/usr/include/db"
- else
- # On a properly installed system, Postfix builds
- # by including <db.h> and by linking with -ldb
- echo "No <db.h> include file found." 1>&2
- echo "Install the appropriate db*-devel package first." 1>&2
- echo "See the RELEASE_NOTES file for more information." 1>&2
- exit 1
- fi
- SYSLIBS="-ldb"
+ case "$CCARGS" in
+ *-DNO_DB*) ;;
+ *) if [ -f /usr/include/db.h ]
+ then
+ : we are all set
+ elif [ -f /usr/include/db/db.h ]
+ then
+ CCARGS="$CCARGS -I/usr/include/db"
+ else
+ # On a properly installed system, Postfix builds
+ # by including <db.h> and by linking with -ldb
+ echo "No <db.h> include file found." 1>&2
+ echo "Install the appropriate db*-devel package first." 1>&2
+ exit 1
+ fi
+ SYSLIBS="-ldb"
+ ;;
+ esac
for name in nsl resolv
do
for lib in /usr/lib64 /lib64 /usr/lib /lib
;;
GNU.0*|GNU/kFreeBSD.[567]*)
SYSTYPE=GNU0
- # Postfix no longer needs DB 1.85 compatibility
- if [ -f /usr/include/db.h ]
- then
- : we are all set
- elif [ -f /usr/include/db/db.h ]
- then
- CCARGS="$CCARGS -I/usr/include/db"
- else
- # No, we're not going to try db1 db2 db3 etc.
- # On a properly installed system, Postfix builds
- # by including <db.h> and by linking with -ldb
- echo "No <db.h> include file found." 1>&2
- echo "Install the appropriate db*-devel package first." 1>&2
- echo "See the RELEASE_NOTES file for more information." 1>&2
- exit 1
- fi
- SYSLIBS="-ldb"
+ case "$CCARGS" in
+ *-DNO_DB*) ;;
+ *) if [ -f /usr/include/db.h ]
+ then
+ : we are all set
+ elif [ -f /usr/include/db/db.h ]
+ then
+ CCARGS="$CCARGS -I/usr/include/db"
+ else
+ # On a properly installed system, Postfix builds
+ # by including <db.h> and by linking with -ldb
+ echo "No <db.h> include file found." 1>&2
+ echo "Install the appropriate db*-devel package first." 1>&2
+ exit 1
+ fi
+ SYSLIBS="-ldb"
+ ;;
+ esac
for name in nsl resolv
do
for lib in /usr/lib64 /lib64 /usr/lib /lib
read-write).
.IP "\fBflags (default: 0)\fR"
Optional flags that should be stored along with a memcache
-update.
+update. The flags are ignored when looking up information.
.IP "\fBttl (default: 3600)\fR"
The expiration time in seconds of memcache updates.
.SH smtp_sasl_mechanism_filter (default: empty)
If non-empty, a Postfix SMTP client filter for the remote SMTP
server's list of offered SASL mechanisms. Different client and
-server implementations may support different mechanism lists. By
+server implementations may support different mechanism lists; by
default, the Postfix SMTP client will use the intersection of the
-two. smtp_sasl_mechanism_filter further restricts what server
-mechanisms the client will take into consideration.
+two. smtp_sasl_mechanism_filter specifies an optional third mechanism
+list to intersect with.
.PP
Specify mechanism names, "/file/name" patterns or "type:table"
lookup tables. The right-hand side result from "type:table" lookups
but it is best to include all the required certificates directly in
$smtp_tls_cert_file.
.PP
+Specify "smtp_tls_CAfile = /path/to/system_CA_file" to use
+ONLY the system-supplied default certificate authority certificates.
+.PP
Specify "tls_append_default_CA = no" to prevent Postfix from
appending the system-supplied default CAs and trusting third-party
certificates.
To use this option in chroot mode, this directory (or a copy)
must be inside the chroot jail.
.PP
+Specify "smtp_tls_CApath = /path/to/system_CA_directory" to
+use ONLY the system-supplied default certificate authority certificates.
+.PP
Specify "tls_append_default_CA = no" to prevent Postfix from
appending the system-supplied default CAs and trusting third-party
certificates.
but it is best to include all the required certificates directly in the
server certificate file.
.PP
+Specify "smtpd_tls_CAfile = /path/to/system_CA_file" to use ONLY
+the system-supplied default certificate authority certificates.
+.PP
Specify "tls_append_default_CA = no" to prevent Postfix from
appending the system-supplied default CAs and trusting third-party
certificates.
smtpd_tls_CApath in chroot mode, this directory (or a copy) must be
inside the chroot jail.
.PP
+Specify "smtpd_tls_CApath = /path/to/system_CA_directory" to
+use ONLY the system-supplied default certificate authority certificates.
+.PP
Specify "tls_append_default_CA = no" to prevent Postfix from
appending the system-supplied default CAs and trusting third-party
certificates.
# users. The built-in default directory name is system dependent.
# This parameter setting is recorded in the installed main.cf file.
# .IP html_directory
-# The destination directory for the Postfix HTML files.
+# The final destination directory for the Postfix HTML files.
# This parameter setting is recorded in the installed main.cf file.
# .IP queue_directory
# The final destination directory for Postfix queues.
# The built-in default group name is postdrop.
# This parameter setting is recorded in the installed main.cf file.
# .IP manpage_directory
-# The destination directory for the Postfix on-line manual pages.
+# The final destination directory for the Postfix on-line manual pages.
# This parameter setting is recorded in the installed main.cf file.
# .IP sample_directory
-# The destination directory for the Postfix sample configuration files.
-# This parameter is obsolete as of Postfix version 2.1.
+# The final destination directory for the Postfix sample configuration
+# files. This parameter is obsolete as of Postfix version 2.1.
# This parameter setting is recorded in the installed main.cf file.
# .IP readme_directory
-# The destination directory for the Postfix README files.
+# The final destination directory for the Postfix README files.
# This parameter setting is recorded in the installed main.cf file.
# SEE ALSO
# post-install(1) post-installation procedure
ID that is not shared with other accounts, not even with the Postfix
mail_owner account. You can no longer specify \"no\" here."
-manpage_directory_prompt="the destination directory for the Postfix on-line
-manual pages. You can no longer specify \"no\" here."
+manpage_directory_prompt="the final destination directory for the
+Postfix on-line manual pages. You can no longer specify \"no\"
+here."
-readme_directory_prompt="the destination directory for the Postfix
+readme_directory_prompt="the final destination directory for the Postfix
README files. Specify \"no\" if you do not want to install these files."
-html_directory_prompt="the destination directory for the Postfix
+html_directory_prompt="the final destination directory for the Postfix
HTML files. Specify \"no\" if you do not want to install these files."
# Default settings, just to get started.
# read-write).
# .IP "\fBflags (default: 0)\fR"
# Optional flags that should be stored along with a memcache
-# update.
+# update. The flags are ignored when looking up information.
# .IP "\fBttl (default: 3600)\fR"
# The expiration time in seconds of memcache updates.
#
<p>
If non-empty, a Postfix SMTP client filter for the remote SMTP
server's list of offered SASL mechanisms. Different client and
-server implementations may support different mechanism lists. By
+server implementations may support different mechanism lists; by
default, the Postfix SMTP client will use the intersection of the
-two. smtp_sasl_mechanism_filter further restricts what server
-mechanisms the client will take into consideration. </p>
+two. smtp_sasl_mechanism_filter specifies an optional third mechanism
+list to intersect with. </p>
<p> Specify mechanism names, "/file/name" patterns or "type:table"
lookup tables. The right-hand side result from "type:table" lookups
but it is best to include all the required certificates directly in the
server certificate file. </p>
+<p> Specify "smtpd_tls_CAfile = /path/to/system_CA_file" to use ONLY
+the system-supplied default certificate authority certificates.
+</p>
+
<p> Specify "tls_append_default_CA = no" to prevent Postfix from
appending the system-supplied default CAs and trusting third-party
certificates. </p>
smtpd_tls_CApath in chroot mode, this directory (or a copy) must be
inside the chroot jail. </p>
+<p> Specify "smtpd_tls_CApath = /path/to/system_CA_directory" to
+use ONLY the system-supplied default certificate authority certificates.
+</p>
+
<p> Specify "tls_append_default_CA = no" to prevent Postfix from
appending the system-supplied default CAs and trusting third-party
certificates. </p>
but it is best to include all the required certificates directly in
$smtp_tls_cert_file. </p>
+<p> Specify "smtp_tls_CAfile = /path/to/system_CA_file" to use
+ONLY the system-supplied default certificate authority certificates.
+</p>
+
<p> Specify "tls_append_default_CA = no" to prevent Postfix from
appending the system-supplied default CAs and trusting third-party
certificates. </p>
<p> To use this option in chroot mode, this directory (or a copy)
must be inside the chroot jail. </p>
+<p> Specify "smtp_tls_CApath = /path/to/system_CA_directory" to
+use ONLY the system-supplied default certificate authority certificates.
+</p>
+
<p> Specify "tls_append_default_CA = no" to prevent Postfix from
appending the system-supplied default CAs and trusting third-party
certificates. </p>
$(CC) $(CFLAGS) -o $@ $(OBJS) $(LIBS) $(SYSLIBS)
# Eliminate dependency on installed Postfix.
-../../conf/bounce.cf.default: template_test.ref annotate.pl
+../../conf/bounce.cf.default: template_test.ref annotate.sh
rm -f $@
- perl annotate.pl <template_test.ref >$@
+ ./annotate.sh <template_test.ref >$@
main.cf:
echo queue_directory=. >main.cf
-print <<'EOF'
+#!/bin/sh
+
+cat <<'EOF'
#
# Do not edit this file. This file shows the default delivery status
# notification (DSN) messages that are built into Postfix.
# bounce_template_file = $config_directory/bounce.cf
#
#EOF
-;
-while (<>) {
- if (/^failure_template/) { print <<'EOF'
+IFS=
+while read line; do
+ case "$line" in
+ failure_template*) cat <<'EOF'
#
# The failure template is used when mail is returned to the sender;
#
EOF
-;
- } elsif (/^delay_template/) { print <<'EOF'
+ ;;
+ delay_template*) cat <<'EOF'
#
# The delay template is used when mail is delayed. Note a neat trick:
#
EOF
-;
- } elsif (/^success_template/) { print <<'EOF'
+ ;;
+ success_template*) cat <<'EOF'
#
# The success template is used when mail is delivered to mailbox,
#
EOF
-;
- } elsif (/^verify_template/) { print <<'EOF'
+ ;;
+ verify_template*) cat <<'EOF'
#
# The verify template is used for address verification (sendmail -bv
-# address...). or for verbose mail delivery (sendmail -v address...).
+# address...) or for verbose mail delivery (sendmail -v address...).
# It is an error to specify a Postmaster-Subject: here.
#
EOF
-;
- }
- print $_;
-}
+ ;;
+ esac
+ echo "$line";
+done
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20120218"
+#define MAIL_RELEASE_DATE "20120226"
#define MAIL_VERSION_NUMBER "2.10"
#ifdef SNAPSHOT
} PSC_CALL_BACK_ENTRY;
typedef struct {
- const char *dnsbl; /* one contributing DNSBL */
+ const char *dnsbl_name; /* DNSBL with largest contribution */
+ int dnsbl_weight; /* weight of largest contribution */
int total; /* combined blocklist score */
int refcount; /* score reference count */
int pending_lookups; /* nr of DNS requests in flight */
* Reads are destructive.
*/
result_score = score->total;
- *dnsbl_name = score->dnsbl;
+ *dnsbl_name = score->dnsbl_name;
score->refcount -= 1;
if (score->refcount < 1) {
if (msg_verbose > 1)
if (site->byte_codes == 0
|| psc_dnsbl_match(site->byte_codes, reply_argv ? reply_argv :
(reply_argv = argv_split(STR(reply_addr), " ")))) {
- if (score->dnsbl == 0)
- score->dnsbl = head->safe_dnsbl;
+ if (score->dnsbl_name == 0
+ || score->dnsbl_weight < site->weight) {
+ score->dnsbl_name = head->safe_dnsbl;
+ score->dnsbl_weight = site->weight;
+ }
score->total += site->weight;
if (msg_verbose > 1)
msg_info("%s: filter=\"%s\" weight=%d score=%d",
msg_info("%s: create blocklist score for %s", myname, client_addr);
score = (PSC_DNSBL_SCORE *) mymalloc(sizeof(*score));
score->request_id = request_count++;
- score->dnsbl = 0;
+ score->dnsbl_name = 0;
+ score->dnsbl_weight = 0;
score->total = 0;
score->refcount = 1;
score->pending_lookups = 0;
*/
#if defined(FREEBSD2) || defined(FREEBSD3) || defined(FREEBSD4) \
|| defined(FREEBSD5) || defined(FREEBSD6) || defined(FREEBSD7) \
- || defined(FREEBSD8) \
+ || defined(FREEBSD8) || defined(FREEBSD9) \
|| defined(BSDI2) || defined(BSDI3) || defined(BSDI4) \
|| defined(OPENBSD2) || defined(OPENBSD3) || defined(OPENBSD4) \
|| defined(OPENBSD5) \
projects / thirdparty / postfix.git / commitdiff
