buffer size that will be used with the next read(2) or
write(2) operation. Files: util/vstream.c, util/vstream.h,
util/vstream_tweak.c.
+
+20120717
+
+ Documentation: update to RFC5321.
+
+20120730
+
+ Bugfix (introduced: 20000314): AUTH is not allowed after
+ MAIL. Timo Sirainen. Files: smtpd/smtpd.c, smtpd/smtpd.h,
+ smtpd/smtpd_sasl_proto.c.
+
+20120801
+
+ Documentation: point of what virtual_xxx parameters are
+ specific to the virtual(8) delivery agent, and will have
+ no effect when mail is delivered with a different program.
+ Files: proto/postconf.proto, proto/VIRTUAL_README.html.
N\bNo\bon\bn-\b-P\bPo\bos\bst\btf\bfi\bix\bx m\bma\bai\bil\blb\bbo\box\bx s\bst\bto\bor\bre\be:\b: s\bse\bep\bpa\bar\bra\bat\bte\be d\bdo\bom\bma\bai\bin\bns\bs,\b, n\bno\bon\bn-\b-U\bUN\bNI\bIX\bX a\bac\bcc\bco\bou\bun\bnt\bts\bs
This is a variation on the Postfix virtual mailbox example. Again, every hosted
-address can have its own mailbox.
+address can have its own mailbox. However, most parameters that control the
+virtual(8) delivery agent are no longer applicable: only
+virtual_mailbox_domains and virtual_mailbox_maps stay in effect. These
+parameters are needed to reject mail for unknown recipients.
While non-Postfix software is being used for final delivery, some Postfix
concepts are still needed in order to glue everything together. For additional
3 <a href="postconf.5.html#virtual_mailbox_base">virtual_mailbox_base</a> = /var/mail/vhosts
4 <a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> = hash:/etc/postfix/vmailbox
5 <a href="postconf.5.html#virtual_minimum_uid">virtual_minimum_uid</a> = 100
- 6 <a href="postconf.5.html#virtual_uid_maps">virtual_uid_maps</a> = static:5000
- 7 <a href="postconf.5.html#virtual_gid_maps">virtual_gid_maps</a> = static:5000
+ 6 <a href="postconf.5.html#virtual_uid_maps">virtual_uid_maps</a> = <a href="DATABASE_README.html#types">static</a>:5000
+ 7 <a href="postconf.5.html#virtual_gid_maps">virtual_gid_maps</a> = <a href="DATABASE_README.html#types">static</a>:5000
8 <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = hash:/etc/postfix/virtual
9
10 /etc/postfix/vmailbox:
domains, non-UNIX accounts</a></h2>
<p> This is a variation on the Postfix <a href="VIRTUAL_README.html#virtual_mailbox">virtual mailbox example</a>.
-Again, every hosted address can have its own mailbox. </p>
+Again, every hosted address can have its own mailbox. However, most
+parameters that control the <a href="virtual.8.html">virtual(8)</a> delivery agent are no longer
+applicable: only <a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> and <a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>
+stay in effect. These parameters are needed to reject mail for
+unknown recipients. </p>
<p> While non-Postfix software is being used for final delivery,
some Postfix concepts are still needed in order to glue everything
<a href="http://tools.ietf.org/html/rfc3461">RFC 3461</a> (SMTP DSN Extension)
<a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced Status Codes)
<a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a> (AUTH command)
+ <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a> (SMTP protocol)
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8). Cor-
<b><a href="postconf.5.html#smtp_quote_rfc821_envelope">smtp_quote_rfc821_envelope</a> (yes)</b>
Quote addresses in Postfix SMTP client MAIL FROM
- and RCPT TO commands as required by <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>.
+ and RCPT TO commands as required by <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
<b><a href="postconf.5.html#smtp_reply_filter">smtp_reply_filter</a> (empty)</b>
A mechanism to transform replies from remote SMTP
</p>
<p>
-Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>.
+Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
<p>
</p>
<p>
-Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>.
+Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
</p>
<p>
-Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>.
+Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
</p>
<p>
-Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>.
+Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
</p>
<p>
-Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>.
+Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
</p>
<p>
-Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>.
+Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
<p>
</p>
<p>
-Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>.
+Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
</p>
<p>
-Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>.
+Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
<p>
Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO commands
as required
-by <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>. This includes putting quotes around an address localpart
+by <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>. This includes putting quotes around an address localpart
that ends in ".".
</p>
<p>
-The default is to comply with <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>. If you have to send mail to
+The default is to comply with <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>. If you have to send mail to
a broken SMTP server, configure a special SMTP client in <a href="master.5.html">master.cf</a>:
</p>
</p>
<p>
-Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>.
+Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
</p>
<p>
-Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>.
+Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
</p>
<p>
-Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>.
+Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
</p>
<p>
-Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>.
+Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
<p>
</p>
<p>
-Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>.
+Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
<p>
</p>
<p>
-Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>.
+Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
<p>
</p>
<p>
-Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>.
+Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
<p>
delivery.
</p>
+<p> This parameter is specific to the <a href="virtual.8.html">virtual(8)</a> delivery agent.
+It does not apply when mail is delivered with a different mail
+delivery program. </p>
+
<p>
In a lookup table, specify a left-hand side of "@domain.tld" to
match any user in the specified domain that does not have a specific
set to "/", this setting isn't recommended.
</p>
+<p> This parameter is specific to the <a href="virtual.8.html">virtual(8)</a> delivery agent.
+It does not apply when mail is delivered with a different mail
+delivery program. </p>
+
<p>
Example:
</p>
The maximal size in bytes of an individual <a href="virtual.8.html">virtual(8)</a> mailbox or
maildir file, or zero (no limit). </p>
+<p> This parameter is specific to the <a href="virtual.8.html">virtual(8)</a> delivery agent.
+It does not apply when mail is delivered with a different mail
+delivery program. </p>
+
</DD>
"<b>postconf -l</b>" command.
</p>
+<p> This parameter is specific to the <a href="virtual.8.html">virtual(8)</a> delivery agent.
+It does not apply when mail is delivered with a different mail
+delivery program. </p>
+
<p>
This setting is ignored with <b>maildir</b> style delivery, because
such deliveries are safe without application-level locks.
"user@domain.tld" entry.
</p>
+<p> The remainder of this text is specific to the <a href="virtual.8.html">virtual(8)</a> delivery
+agent. It does not apply when mail is delivered with a different
+mail delivery program. </p>
+
<p>
The <a href="virtual.8.html">virtual(8)</a> delivery agent uses this table to look up the
per-recipient mailbox or maildir pathname. If the lookup result
deferred.
</p>
+<p> This parameter is specific to the <a href="virtual.8.html">virtual(8)</a> delivery agent.
+It does not apply when mail is delivered with a different mail
+delivery program. </p>
+
</DD>
delivery agent uses while writing to the recipient's mailbox.
</p>
+<p> This parameter is specific to the <a href="virtual.8.html">virtual(8)</a> delivery agent.
+It does not apply when mail is delivered with a different mail
+delivery program. </p>
+
<p>
In a lookup table, specify a left-hand side of "@domain.tld"
to match any user in the specified domain that does not have a
<b>-s</b> <i>site</i>
Schedule immediate delivery of all mail that is
queued for the named <i>site</i>. A numerical site must be
- specified as a valid <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a> address literal
+ specified as a valid <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a> address literal
enclosed in [], just like in email addresses. The
site must be eligible for the "fast flush" service.
See <a href="flush.8.html"><b>flush</b>(8)</a> for more information about the "fast
<b>BUGS</b>
The <a href="postscreen.8.html"><b>postscreen</b>(8)</a> built-in SMTP protocol engine currently
does not announce support for AUTH, XCLIENT or XFORWARD.
- Support for AUTH may be added in the future. In the mean
- time, if you need to make these services available on port
- 25, then do not enable the optional "after 220 server
- greeting" tests, and do not use DNSBLs that reject traffic
- from dial-up and residential networks.
-
- The optional "after 220 server greeting" tests involve
- <a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s built-in SMTP protocol engine. When these
+ If you need to make these services available on port 25,
+ then do not enable the optional "after 220 server greet-
+ ing" tests, and do not use DNSBLs that reject traffic from
+ dial-up and residential networks.
+
+ The optional "after 220 server greeting" tests involve
+ <a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s built-in SMTP protocol engine. When these
tests succeed, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> adds the client to the tempo-
- rary whitelist but it cannot not hand off the "live" con-
- nection to a Postfix SMTP server process in the middle of
- a session. Instead, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> defers attempts to
- deliver mail with a 4XX status, and waits for the client
- to disconnect. The next time a good client connects, it
- will be allowed to talk to a Postfix SMTP server process
- to deliver mail. <a href="postscreen.8.html"><b>postscreen</b>(8)</a> mitigates the impact of
- this limitation by giving such tests a long expiration
- time.
+ rary whitelist, but it cannot not hand off the "live" con-
+ nection to a Postfix SMTP server process in the middle of
+ a session. Instead, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> defers attempts to
+ deliver mail with a 4XX status, and waits for the client
+ to disconnect. When the client connects again,
+ <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will allow the client to talk to a Postfix
+ SMTP server process (provided that the whitelist status
+ has not expired). <a href="postscreen.8.html"><b>postscreen</b>(8)</a> mitigates the impact of
+ this limitation by giving the "after 220 server greeting"
+ tests a long expiration time.
<b>CONFIGURATION PARAMETERS</b>
Changes to <a href="postconf.5.html">main.cf</a> are not picked up automatically, as
<a href="http://tools.ietf.org/html/rfc3461">RFC 3461</a> (SMTP DSN Extension)
<a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced Status Codes)
<a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a> (AUTH command)
+ <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a> (SMTP protocol)
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8). Cor-
<b><a href="postconf.5.html#smtp_quote_rfc821_envelope">smtp_quote_rfc821_envelope</a> (yes)</b>
Quote addresses in Postfix SMTP client MAIL FROM
- and RCPT TO commands as required by <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>.
+ and RCPT TO commands as required by <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
<b><a href="postconf.5.html#smtp_reply_filter">smtp_reply_filter</a> (empty)</b>
A mechanism to transform replies from remote SMTP
<a href="http://tools.ietf.org/html/rfc3848">RFC 3848</a> (ESMTP transmission types)
<a href="http://tools.ietf.org/html/rfc4409">RFC 4409</a> (Message submission)
<a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a> (AUTH command)
+ <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a> (SMTP protocol)
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8).
.RE
.IP "\fB-s \fIsite\fR"
Schedule immediate delivery of all mail that is queued for the named
-\fIsite\fR. A numerical site must be specified as a valid RFC 2821
+\fIsite\fR. A numerical site must be specified as a valid RFC 5321
address literal enclosed in [], just like in email addresses.
The site must be eligible for the "fast flush" service.
See \fBflush\fR(8) for more information about the "fast flush"
or "defer_if_reject". Prior to Postfix 2.6, the response
is hard-coded as "450".
.PP
-Do not change this unless you have a complete understanding of RFC 2821.
+Do not change this unless you have a complete understanding of RFC 5321.
.PP
This feature is available in Postfix 2.6 and later.
.SH access_map_reject_code (default: 554)
The numerical Postfix SMTP server response code for
an \fBaccess\fR(5) map "reject" action.
.PP
-Do not change this unless you have a complete understanding of RFC 2821.
+Do not change this unless you have a complete understanding of RFC 5321.
.SH address_verify_cache_cleanup_interval (default: 12h)
The amount of time between \fBverify\fR(8) address verification
database cleanup runs. This feature requires that the database
The numerical Postfix SMTP server response code when a remote SMTP
client request is rejected by the "defer" restriction.
.PP
-Do not change this unless you have a complete understanding of RFC 2821.
+Do not change this unless you have a complete understanding of RFC 5321.
.SH defer_service_name (default: defer)
The name of the defer service. This service is implemented by the
\fBbounce\fR(8) daemon and maintains a record
HELO or EHLO command parameter is rejected by the reject_invalid_helo_hostname
restriction.
.PP
-Do not change this unless you have a complete understanding of RFC 2821.
+Do not change this unless you have a complete understanding of RFC 5321.
.SH ipc_idle (default: version dependent)
The time after which a client closes an idle internal communication
channel. The purpose is to allow Postfix daemon processes to
reject_rhsbl_reverse_client, reject_rhsbl_sender or
reject_rhsbl_recipient restriction.
.PP
-Do not change this unless you have a complete understanding of RFC 2821.
+Do not change this unless you have a complete understanding of RFC 5321.
.SH masquerade_classes (default: envelope_sender, header_sender, header_recipient)
What addresses are subject to address masquerading.
.PP
client request is blocked by the reject_multi_recipient_bounce
restriction.
.PP
-Do not change this unless you have a complete understanding of RFC 2821.
+Do not change this unless you have a complete understanding of RFC 5321.
.PP
This feature is available in Postfix 2.1 and later.
.SH mydestination (default: $myhostname, localhost.$mydomain, localhost)
The numerical Postfix SMTP server response code when a remote SMTP
client request is rejected by the "reject" restriction.
.PP
-Do not change this unless you have a complete understanding of RFC 2821.
+Do not change this unless you have a complete understanding of RFC 5321.
.SH reject_tempfail_action (default: defer_if_permit)
The Postfix SMTP server's action when a reject-type restriction
fails due to a temporary error condition. Specify "defer" to defer
request is rejected by the reject_unauth_destination recipient
restriction.
.PP
-Do not change this unless you have a complete understanding of RFC 2821.
+Do not change this unless you have a complete understanding of RFC 5321.
.SH relay_recipient_maps (default: empty)
Optional lookup tables with all valid addresses in the domains
that match $relay_domains. Specify @domain as a wild-card for
.SH smtp_quote_rfc821_envelope (default: yes)
Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO commands
as required
-by RFC 2821. This includes putting quotes around an address localpart
+by RFC 5321. This includes putting quotes around an address localpart
that ends in ".".
.PP
-The default is to comply with RFC 2821. If you have to send mail to
+The default is to comply with RFC 5321. If you have to send mail to
a broken SMTP server, configure a special SMTP client in master.cf:
.sp
.in +4
or reject_unknown_recipient_domain restriction. The response is
always 450 in case of a temporary DNS error.
.PP
-Do not change this unless you have a complete understanding of RFC 2821.
+Do not change this unless you have a complete understanding of RFC 5321.
.SH unknown_address_tempfail_action (default: $reject_tempfail_action)
The Postfix SMTP server's action when reject_unknown_sender_domain
or reject_unknown_recipient_domain fail due to a temporary error
reject_unknown_client_hostname restriction. The SMTP server always replies
with 450 when the mapping failed due to a temporary error condition.
.PP
-Do not change this unless you have a complete understanding of RFC 2821.
+Do not change this unless you have a complete understanding of RFC 5321.
.SH unknown_helo_hostname_tempfail_action (default: $reject_tempfail_action)
The Postfix SMTP server's action when reject_unknown_helo_hostname
fails due to an temporary error condition. Specify "defer" to defer
specified with the HELO or EHLO command is rejected by the
reject_unknown_helo_hostname restriction.
.PP
-Do not change this unless you have a complete understanding of RFC 2821.
+Do not change this unless you have a complete understanding of RFC 5321.
.SH unknown_local_recipient_reject_code (default: 550)
The numerical Postfix SMTP server response code when a recipient
address is local, and $local_recipient_maps specifies a list of
Unlike elsewhere in Postfix, you can specify 250 in order to
accept the address anyway.
.PP
-Do not change this unless you have a complete understanding of RFC 2821.
+Do not change this unless you have a complete understanding of RFC 5321.
.PP
This feature is available in Postfix 2.6 and later.
.SH unverified_recipient_reject_code (default: 450)
Unlike elsewhere in Postfix, you can specify 250 in order to
accept the address anyway.
.PP
-Do not change this unless you have a complete understanding of RFC 2821.
+Do not change this unless you have a complete understanding of RFC 5321.
.PP
This feature is available in Postfix 2.1 and later.
.SH unverified_recipient_reject_reason (default: empty)
Unlike elsewhere in Postfix, you can specify 250 in order to
accept the address anyway.
.PP
-Do not change this unless you have a complete understanding of RFC 2821.
+Do not change this unless you have a complete understanding of RFC 5321.
.PP
This feature is available in Postfix 2.6 and later.
.SH unverified_sender_reject_code (default: 450)
Unlike elsewhere in Postfix, you can specify 250 in order to
accept the address anyway.
.PP
-Do not change this unless you have a complete understanding of RFC 2821.
+Do not change this unless you have a complete understanding of RFC 5321.
.PP
This feature is available in Postfix 2.1 and later.
.SH unverified_sender_reject_reason (default: empty)
Lookup tables with the per-recipient group ID for \fBvirtual\fR(8) mailbox
delivery.
.PP
+This parameter is specific to the \fBvirtual\fR(8) delivery agent.
+It does not apply when mail is delivered with a different mail
+delivery program.
+.PP
In a lookup table, specify a left-hand side of "@domain.tld" to
match any user in the specified domain that does not have a specific
"user@domain.tld" entry.
file system with mailboxes. While virtual_mailbox_base could be
set to "/", this setting isn't recommended.
.PP
+This parameter is specific to the \fBvirtual\fR(8) delivery agent.
+It does not apply when mail is delivered with a different mail
+delivery program.
+.PP
Example:
.PP
.nf
.SH virtual_mailbox_limit (default: 51200000)
The maximal size in bytes of an individual \fBvirtual\fR(8) mailbox or
maildir file, or zero (no limit).
+.PP
+This parameter is specific to the \fBvirtual\fR(8) delivery agent.
+It does not apply when mail is delivered with a different mail
+delivery program.
.SH virtual_mailbox_lock (default: see "postconf -d" output)
How to lock a UNIX-style \fBvirtual\fR(8) mailbox before attempting
delivery. For a list of available file locking methods, use the
"\fBpostconf -l\fR" command.
.PP
+This parameter is specific to the \fBvirtual\fR(8) delivery agent.
+It does not apply when mail is delivered with a different mail
+delivery program.
+.PP
This setting is ignored with \fBmaildir\fR style delivery, because
such deliveries are safe without application-level locks.
.PP
match any user in the specified domain that does not have a specific
"user@domain.tld" entry.
.PP
+The remainder of this text is specific to the \fBvirtual\fR(8) delivery
+agent. It does not apply when mail is delivered with a different
+mail delivery program.
+.PP
The \fBvirtual\fR(8) delivery agent uses this table to look up the
per-recipient mailbox or maildir pathname. If the lookup result
ends in a slash ("/"), maildir-style delivery is carried out,
as a result from $virtual_uid_maps table lookup. Returned
values less than this will be rejected, and the message will be
deferred.
+.PP
+This parameter is specific to the \fBvirtual\fR(8) delivery agent.
+It does not apply when mail is delivered with a different mail
+delivery program.
.SH virtual_transport (default: virtual)
The default mail delivery transport and next-hop destination for
final delivery to domains listed with $virtual_mailbox_domains.
Lookup tables with the per-recipient user ID that the \fBvirtual\fR(8)
delivery agent uses while writing to the recipient's mailbox.
.PP
+This parameter is specific to the \fBvirtual\fR(8) delivery agent.
+It does not apply when mail is delivered with a different mail
+delivery program.
+.PP
In a lookup table, specify a left-hand side of "@domain.tld"
to match any user in the specified domain that does not have a
specific "user@domain.tld" entry.
The \fBpostscreen\fR(8) built-in SMTP protocol engine
currently does not announce support for AUTH, XCLIENT or
XFORWARD.
-Support for AUTH may be added in the future.
-In the mean time, if you need to make these services available
+If you need to make these services available
on port 25, then do not enable the optional "after 220
server greeting" tests, and do not use DNSBLs that reject
traffic from dial-up and residential networks.
The optional "after 220 server greeting" tests involve
\fBpostscreen\fR(8)'s built-in SMTP protocol engine. When
these tests succeed, \fBpostscreen\fR(8) adds the client
-to the temporary whitelist but it cannot not hand off the
+to the temporary whitelist, but it cannot not hand off the
"live" connection to a Postfix SMTP server process in the
middle of a session. Instead, \fBpostscreen\fR(8) defers
attempts to deliver mail with a 4XX status, and waits for
-the client to disconnect. The next time a good client
-connects, it will be allowed to talk to a Postfix SMTP
-server process to deliver mail. \fBpostscreen\fR(8) mitigates
-the impact of this limitation by giving such tests a long
-expiration time.
+the client to disconnect. When the client connects again,
+\fBpostscreen\fR(8) will allow the client to talk to a
+Postfix SMTP server process (provided that the whitelist
+status has not expired). \fBpostscreen\fR(8) mitigates
+the impact of this limitation by giving the "after 220
+server greeting" tests a long expiration time.
.SH "CONFIGURATION PARAMETERS"
.na
.nf
RFC 3461 (SMTP DSN Extension)
RFC 3463 (Enhanced Status Codes)
RFC 4954 (AUTH command)
+RFC 5321 (SMTP protocol)
.SH DIAGNOSTICS
.ad
.fi
.IP "\fBsmtp_quote_rfc821_envelope (yes)\fR"
Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO commands
as required
-by RFC 2821.
+by RFC 5321.
.IP "\fBsmtp_reply_filter (empty)\fR"
A mechanism to transform replies from remote SMTP servers one
line at a time.
RFC 3848 (ESMTP transmission types)
RFC 4409 (Message submission)
RFC 4954 (AUTH command)
+RFC 5321 (SMTP protocol)
.SH DIAGNOSTICS
.ad
.fi
domains, non-UNIX accounts</a></h2>
<p> This is a variation on the Postfix virtual mailbox example.
-Again, every hosted address can have its own mailbox. </p>
+Again, every hosted address can have its own mailbox. However, most
+parameters that control the virtual(8) delivery agent are no longer
+applicable: only virtual_mailbox_domains and virtual_mailbox_maps
+stay in effect. These parameters are needed to reject mail for
+unknown recipients. </p>
<p> While non-Postfix software is being used for final delivery,
some Postfix concepts are still needed in order to glue everything
</p>
<p>
-Do not change this unless you have a complete understanding of RFC 2821.
+Do not change this unless you have a complete understanding of RFC 5321.
</p>
%PARAM access_map_defer_code 450
</p>
<p>
-Do not change this unless you have a complete understanding of RFC 2821.
+Do not change this unless you have a complete understanding of RFC 5321.
</p>
<p>
</p>
<p>
-Do not change this unless you have a complete understanding of RFC 2821.
+Do not change this unless you have a complete understanding of RFC 5321.
</p>
%PARAM defer_transports
</p>
<p>
-Do not change this unless you have a complete understanding of RFC 2821.
+Do not change this unless you have a complete understanding of RFC 5321.
</p>
%PARAM ipc_idle version dependent
</p>
<p>
-Do not change this unless you have a complete understanding of RFC 2821.
+Do not change this unless you have a complete understanding of RFC 5321.
</p>
%PARAM masquerade_classes envelope_sender, header_sender, header_recipient
</p>
<p>
-Do not change this unless you have a complete understanding of RFC 2821.
+Do not change this unless you have a complete understanding of RFC 5321.
</p>
<p>
</p>
<p>
-Do not change this unless you have a complete understanding of RFC 2821.
+Do not change this unless you have a complete understanding of RFC 5321.
</p>
%PARAM relay_domains $mydestination
</p>
<p>
-Do not change this unless you have a complete understanding of RFC 2821.
+Do not change this unless you have a complete understanding of RFC 5321.
</p>
%PARAM relay_recipient_maps
<p>
Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO commands
as required
-by RFC 2821. This includes putting quotes around an address localpart
+by RFC 5321. This includes putting quotes around an address localpart
that ends in ".".
</p>
<p>
-The default is to comply with RFC 2821. If you have to send mail to
+The default is to comply with RFC 5321. If you have to send mail to
a broken SMTP server, configure a special SMTP client in master.cf:
</p>
</p>
<p>
-Do not change this unless you have a complete understanding of RFC 2821.
+Do not change this unless you have a complete understanding of RFC 5321.
</p>
%PARAM unknown_client_reject_code 450
</p>
<p>
-Do not change this unless you have a complete understanding of RFC 2821.
+Do not change this unless you have a complete understanding of RFC 5321.
</p>
%PARAM unknown_hostname_reject_code 450
</p>
<p>
-Do not change this unless you have a complete understanding of RFC 2821.
+Do not change this unless you have a complete understanding of RFC 5321.
</p>
%PARAM unknown_local_recipient_reject_code 550
</p>
<p>
-Do not change this unless you have a complete understanding of RFC 2821.
+Do not change this unless you have a complete understanding of RFC 5321.
</p>
<p>
</p>
<p>
-Do not change this unless you have a complete understanding of RFC 2821.
+Do not change this unless you have a complete understanding of RFC 5321.
</p>
<p>
</p>
<p>
-Do not change this unless you have a complete understanding of RFC 2821.
+Do not change this unless you have a complete understanding of RFC 5321.
</p>
<p>
</p>
<p>
-Do not change this unless you have a complete understanding of RFC 2821.
+Do not change this unless you have a complete understanding of RFC 5321.
</p>
<p>
delivery.
</p>
+<p> This parameter is specific to the virtual(8) delivery agent.
+It does not apply when mail is delivered with a different mail
+delivery program. </p>
+
<p>
In a lookup table, specify a left-hand side of "@domain.tld" to
match any user in the specified domain that does not have a specific
set to "/", this setting isn't recommended.
</p>
+<p> This parameter is specific to the virtual(8) delivery agent.
+It does not apply when mail is delivered with a different mail
+delivery program. </p>
+
<p>
Example:
</p>
The maximal size in bytes of an individual virtual(8) mailbox or
maildir file, or zero (no limit). </p>
+<p> This parameter is specific to the virtual(8) delivery agent.
+It does not apply when mail is delivered with a different mail
+delivery program. </p>
+
%PARAM virtual_mailbox_lock see "postconf -d" output
<p>
"<b>postconf -l</b>" command.
</p>
+<p> This parameter is specific to the virtual(8) delivery agent.
+It does not apply when mail is delivered with a different mail
+delivery program. </p>
+
<p>
This setting is ignored with <b>maildir</b> style delivery, because
such deliveries are safe without application-level locks.
"user@domain.tld" entry.
</p>
+<p> The remainder of this text is specific to the virtual(8) delivery
+agent. It does not apply when mail is delivered with a different
+mail delivery program. </p>
+
<p>
The virtual(8) delivery agent uses this table to look up the
per-recipient mailbox or maildir pathname. If the lookup result
deferred.
</p>
+<p> This parameter is specific to the virtual(8) delivery agent.
+It does not apply when mail is delivered with a different mail
+delivery program. </p>
+
%PARAM virtual_transport virtual
<p>
delivery agent uses while writing to the recipient's mailbox.
</p>
+<p> This parameter is specific to the virtual(8) delivery agent.
+It does not apply when mail is delivered with a different mail
+delivery program. </p>
+
<p>
In a lookup table, specify a left-hand side of "@domain.tld"
to match any user in the specified domain that does not have a
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20120715"
+#define MAIL_RELEASE_DATE "20120801"
#define MAIL_VERSION_NUMBER "2.10"
#ifdef SNAPSHOT
/* .RE
/* .IP "\fB-s \fIsite\fR"
/* Schedule immediate delivery of all mail that is queued for the named
-/* \fIsite\fR. A numerical site must be specified as a valid RFC 2821
+/* \fIsite\fR. A numerical site must be specified as a valid RFC 5321
/* address literal enclosed in [], just like in email addresses.
/* The site must be eligible for the "fast flush" service.
/* See \fBflush\fR(8) for more information about the "fast flush"
/* The \fBpostscreen\fR(8) built-in SMTP protocol engine
/* currently does not announce support for AUTH, XCLIENT or
/* XFORWARD.
-/* Support for AUTH may be added in the future.
-/* In the mean time, if you need to make these services available
+/* If you need to make these services available
/* on port 25, then do not enable the optional "after 220
/* server greeting" tests, and do not use DNSBLs that reject
/* traffic from dial-up and residential networks.
/* The optional "after 220 server greeting" tests involve
/* \fBpostscreen\fR(8)'s built-in SMTP protocol engine. When
/* these tests succeed, \fBpostscreen\fR(8) adds the client
-/* to the temporary whitelist but it cannot not hand off the
+/* to the temporary whitelist, but it cannot not hand off the
/* "live" connection to a Postfix SMTP server process in the
/* middle of a session. Instead, \fBpostscreen\fR(8) defers
/* attempts to deliver mail with a 4XX status, and waits for
-/* the client to disconnect. The next time a good client
-/* connects, it will be allowed to talk to a Postfix SMTP
-/* server process to deliver mail. \fBpostscreen\fR(8) mitigates
-/* the impact of this limitation by giving such tests a long
-/* expiration time.
+/* the client to disconnect. When the client connects again,
+/* \fBpostscreen\fR(8) will allow the client to talk to a
+/* Postfix SMTP server process (provided that the whitelist
+/* status has not expired). \fBpostscreen\fR(8) mitigates
+/* the impact of this limitation by giving the "after 220
+/* server greeting" tests a long expiration time.
/* CONFIGURATION PARAMETERS
/* .ad
/* .fi
/* RFC 3461 (SMTP DSN Extension)
/* RFC 3463 (Enhanced Status Codes)
/* RFC 4954 (AUTH command)
+/* RFC 5321 (SMTP protocol)
/* DIAGNOSTICS
/* Problems and transactions are logged to \fBsyslogd\fR(8).
/* Corrupted message files are marked so that the queue manager can
/* .IP "\fBsmtp_quote_rfc821_envelope (yes)\fR"
/* Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO commands
/* as required
-/* by RFC 2821.
+/* by RFC 5321.
/* .IP "\fBsmtp_reply_filter (empty)\fR"
/* A mechanism to transform replies from remote SMTP servers one
/* line at a time.
/* RFC 3848 (ESMTP transmission types)
/* RFC 4409 (Message submission)
/* RFC 4954 (AUTH command)
+/* RFC 5321 (SMTP protocol)
/* DIAGNOSTICS
/* Problems and transactions are logged to \fBsyslogd\fR(8).
/*
smtpd_chat_reply(state, "503 5.5.1 Error: send HELO/EHLO first");
return (-1);
}
-#define IN_MAIL_TRANSACTION(state) ((state)->sender != 0)
-
- if (IN_MAIL_TRANSACTION(state)) {
+ if (SMTPD_IN_MAIL_TRANSACTION(state)) {
state->error_mask |= MAIL_ERROR_PROTOCOL;
smtpd_chat_reply(state, "503 5.5.1 Error: nested MAIL command");
return (-1);
* command with a 501 response. So much for the principle of "be liberal
* in what you accept, be strict in what you send".
*/
- if (!IN_MAIL_TRANSACTION(state)) {
+ if (!SMTPD_IN_MAIL_TRANSACTION(state)) {
state->error_mask |= MAIL_ERROR_PROTOCOL;
smtpd_chat_reply(state, "503 5.5.1 Error: need MAIL command");
return (-1);
* error.
*/
if (state->rcpt_count == 0) {
- if (!IN_MAIL_TRANSACTION(state)) {
+ if (!SMTPD_IN_MAIL_TRANSACTION(state)) {
state->error_mask |= MAIL_ERROR_PROTOCOL;
smtpd_chat_reply(state, "503 5.5.1 Error: need RCPT command");
} else {
smtpd_chat_reply(state, "%s", err);
return (-1);
}
- if (IN_MAIL_TRANSACTION(state)) {
+ if (SMTPD_IN_MAIL_TRANSACTION(state)) {
state->error_mask |= MAIL_ERROR_PROTOCOL;
smtpd_chat_reply(state, "503 Error: MAIL transaction in progress");
return (-1);
* XXX The XCLIENT command will override its own access control, so that
* connection count/rate restrictions can be correctly simulated.
*/
- if (IN_MAIL_TRANSACTION(state)) {
+ if (SMTPD_IN_MAIL_TRANSACTION(state)) {
state->error_mask |= MAIL_ERROR_PROTOCOL;
smtpd_chat_reply(state, "503 5.5.1 Error: MAIL transaction in progress");
return (-1);
/*
* Sanity checks.
*/
- if (IN_MAIL_TRANSACTION(state)) {
+ if (SMTPD_IN_MAIL_TRANSACTION(state)) {
state->error_mask |= MAIL_ERROR_PROTOCOL;
smtpd_chat_reply(state, "503 5.5.1 Error: MAIL transaction in progress");
return (-1);
#define USE_SMTPD_PROXY(state) \
(SMTPD_STAND_ALONE(state) == 0 && *var_smtpd_proxy_filt)
+ /*
+ * Are we in a MAIL transaction?
+ */
+#define SMTPD_IN_MAIL_TRANSACTION(state) ((state)->sender != 0)
+
/*
* SMTPD peer information lookup.
*/
smtpd_chat_reply(state, "503 5.5.1 Error: authentication not enabled");
return (-1);
}
+ if (SMTPD_IN_MAIL_TRANSACTION(state)) {
+ state->error_mask |= MAIL_ERROR_PROTOCOL;
+ smtpd_chat_reply(state, "503 5.5.1 Error: MAIL transaction in progress");
+ return (-1);
+ }
if (smtpd_milters != 0 && (err = milter_other_event(smtpd_milters)) != 0) {
if (err[0] == '5') {
state->error_mask |= MAIL_ERROR_POLICY;
projects / thirdparty / postfix.git / commitdiff
