Bugfix: missing long integer support in the new IPC protocols.
Files: util/attr_scan*.c, util/attr_print*.c.
+ Portability: AIX5 (Adrian P. van Bloois), MAC OS X 10.1.1
+ (Gerben Wierda).
+
+20011125
+
+ Bugfix: spurious postmaster notifications because some flag
+ was not reset.
+
+ Feature: new parameter smtpd_sender_login_maps that specifies
+ the (SASL) login name that owns a MAIL FROM address.
+ Specify a regexp table in order to require a simple one-to-one
+ mapping. This is used in the reject_sender_login_mismatch
+ sender anti-spoofing feature.
+
+ Feature: restriction reject_sender_login_mismatch refuses
+ a MAIL FROM address when $smtpd_sender_login_maps specifies
+ an owner but the client is not (SASL) logged in as the MAIL
+ FROM address owner, or when a client is (SASL) logged in
+ but the client login name does not own the MAIL FROM address
+ according to $smtpd_sender_login_maps. File: smtpd/smpd_check.c.
+
+ Documentation: added some redundancy to the LMTP_README
+ file so people can keep track of the difference between
+ the Postfix LMTP client and the non-Postfix LMTP server.
+
Open problems:
Medium: need in-process caching for map lookups. LDAP
Postfix. The two basic flavors are delivery over UNIX-domain
sockets and delivery over TCP sockets.
- o Connections over UNIX-domain sockets limit delivery to LMTP
- servers running on the same machine.
+ o Connections from the Postfix LMTP client over UNIX-domain
+ sockets allow you to deliver to non-Postfix LMTP servers running
+ on the same machine.
- o Connections over TCP sockets allow you to deliver to LMTP
- servers across a local network.
+ o Connections from the Postfix LMTP client over TCP sockets allow
+ you to deliver to non-Postfix LMTP servers across a local
+ network.
+
+Note: the above is not to be confused with the UNIX-domain sockets
+that Postfix uses internally to speak its own protocols with the
+Postfix LMTP client.
The precise syntax for UNIX-domain and TCP connection endpoints is
given in the lmtp(8) manual page. Examples are also given in the
3 - LMTP over UNIX-domain sockets
=================================
+Use this to deliver mail from the Postfix LMTP client to an LMTP
+server that is running on the same system.
+
A UNIX-domain socket is specified as the socket type ("unix") and
a name in the local file system:
NOTE:
- If you run the lmtp client chrooted, the interpretation of the
- /path/name is relative to the Postfix queue directory (typically,
- /var/spool/postfix).
+ If you run the Postfix LMTP client chrooted, the interpretation
+ of the /path/name is relative to the Postfix queue directory
+ (typically, /var/spool/postfix).
By default, the Postfix LMTP client does not run chrooted.
With LMTP delivery to the local machine there is no good reason
4 - LMTP over TCP sockets
=========================
+Use this to deliver mail from the Postfix LMTP client to an LMTP
+server that is running on the same system or on a different system.
+
A TCP destination is specified as the socket type ("inet"), the
destination hostname and the TCP port:
5.1 - Delivery mechanisms
-------------------------
-Postfix main.cf supports three mechanisms to deliver mail over
-LMTP. Each method can use UNIX-domain or TCP sockets as described
-in a later section.
+Postfix main.cf supports three mechanisms to deliver mail to an
+LMTP server. Each method can use UNIX-domain or TCP sockets as
+described in a later section.
main.cf mechanism 1
-------------------
Mail that resolves as local (domain is listed in $mydestination)
is given to the Postfix local delivery agent. The Postfix local
delivery agent expands aliases and .forward files, and delegates
-mailbox delivery to the LMTP server.
+mailbox delivery to the Postfix LMTP client which then sends it to
+the non-Postfix LMTP server.
main.cf mechanism 2
-------------------
local_transport = lmtp:hostname:port (TCP socket example)
Mail that resolves as local (domain is listed in $mydestination)
-is directly given to the LMTP server. The mail is not processed
-by the Postfix local delivery agent; therefore aliases and .forward
-files are not processed.
+is directly given to the Postfix LMTP client which then sends it
+to the non-Postfix LMTP server. The mail is not processed by the
+Postfix local delivery agent; therefore aliases and .forward files
+are not processed.
main.cf mechanism 3
-------------------
is given to the Postfix local delivery agent. The Postfix local
delivery agent processes aliases and .forward files, and delivers
to /var[/spool]/mail/$user for users that have a UNIX account.
-Mail for other local users is delegated to the LMTP server.
+Mail for other local users is delegated to the Postfix LMTP client
+which then sends it to the non-Postfix LMTP server.
5.2 - Examples
--------------
+Major changes with snapshot-20011125
+====================================
+
+New parameter smtpd_sender_login_maps that specifies the (SASL)
+login name that owns a MAIL FROM sender address. Specify a regexp
+table in order to require a simple one-to-one mapping.
+
+New sender anti-spoofing restriction reject_sender_login_mismatch
+that refuses a MAIL FROM address when $smtpd_sender_login_maps
+specifies an owner but the client is not (SASL) logged in as the
+MAIL FROM address owner, or when a client is (SASL) logged in but
+does not own the address according to $smtpd_sender_login_maps.
+
Incompatible changes with snapshot-20011121
===========================================
# This file contains example settings of Postfix configuration parameters
# that control the SMTP server program.
+#
+# SENDER ANTI-SPOOFING
+#
+
+# The smtpd_sender_login_maps parameter specifies the (SASL) login
+# name that owns a sender (MAIL FROM) address.
+#
+# Specify zero or more maptype:mapname entries. Maps are created with
+# postmap(1) or with equivalent means. The maps are searched in the
+# specified order. Regexp tables are allowed.
+#
+# Each map entry specifies a sender address and the login name that
+# owns the address. The search order is:
+#
+# 1) user@domain owner
+#
+# This form has the highest precedence.
+#
+# 2) user owner
+#
+# This matches user@site when site is equal to $myorigin, when site
+# is listed in $mydestination, or when it is listed in $inet_interfaces.
+#
+# 3) @domain owner
+#
+# This matches every address in the specified domain, and has the
+# lowest precedence.
+#
+#smtpd_sender_login_maps =
+
#
# MISCELLANEOUS
#
# The smtpd_etrn_restrictions parameter restricts what clients are
# allowed to issue the ETRN command.
#
-# The Postfix ETRN command is available only for destinations that
-# that are eligible for the Postfix "fast flush" service. See the
-# sample-flush.cf file for details.
+# The Postfix ETRN command accepts only destinations that are eligible
+# for the Postfix "fast flush" service. See the sample-flush.cf file
+# for details.
#
# The default is to allow ETRN from any host. The following restrictions
# are available:
# Permit if result is OK or all numerical.
# check_client_access maptype:mapname: see smtpd_client_restrictions.
# check_helo_access maptype:mapname: see smtpd_helo_restrictions.
+# reject_sender_login_mismatch: reject if $smtpd_sender_login_maps specifies
+# a MAIL FROM address owner, but the client is not (SASL) logged in as
+# that MAIL FROM address owner; or if the client is (SASL) logged in, but
+# the client login name doesn't own the MAIL FROM address according to
+# $smtpd_sender_login_maps (see above).
# reject_non_fqdn_hostname: reject HELO hostname that is not in FQDN form
# reject_non_fqdn_sender: reject sender address that is not in FQDN form
# reject: reject the request. Place this at the end of a restriction.
# check_client_access maptype:mapname: see smtpd_client_restrictions.
# check_helo_access maptype:mapname: see smtpd_helo_restrictions.
# check_sender_access maptype:mapname: see smtpd_sender_restrictions.
+# reject_sender_login_mismatch: reject if $smtpd_sender_login_maps specifies
+# a MAIL FROM address owner, but the client is not (SASL) logged in as
+# that MAIL FROM address owner; or if the client is (SASL) logged in, but
+# the client login name doesn't own the MAIL FROM address according to
+# $smtpd_sender_login_maps (see above).
# reject_non_fqdn_hostname: reject HELO hostname that is not in FQDN form
# reject_non_fqdn_sender: reject sender address that is not in FQDN form
# reject_non_fqdn_recipient: reject recipient address that is not in FQDN form
To set the following kernel parameters at boot time, add the
following lines to the <b>/boot/loader.conf</b> file (this is
-specific to FreeBSD 4.x):
+verified with FreeBSD 4.4):
<p>
<pre>
kern.ipc.maxsockets="5000"
kern.ipc.nmbclusters="65536"
+kern.maxproc="2048"
+kern.maxfiles="16384"
+kern.maxfilesperproc="16384"
</pre>
</blockquote>
<p>
-These parameters cannot be set at run time (verified with FreeBSD
-4.2).
-
-<p>
-
-To set the following kernel parameters at run time execute the
-following commands as root (this is specific to FreeBSD 4.x):
+With FreeBSD 4.2, the last three parameters cannot be set from
+<b>/boot/loader.conf</b>. To set the open file limits, execute the
+following commands as root:
<p>
<p>
-These parameters cannot be set from <b>/boot/loader.conf</b>
-(verified with FreeBSD 4.2).
-
-<p>
-
-Other kernel parameters such as <b>kern.maxproc</b> can be increased
-only by recompiling the kernel with a different <b>maxusers</b>
-setting in the kernel configuration file (verified with FreeBSD 4.2).
+With FreeBSD 4.2, <b>kern.maxproc</b> can be set only by recompiling
+the kernel with a different <b>maxusers</b> setting in the kernel
+configuration file.
<hr>
<b>-qR</b><i>site</i>
Schedule immediate delivery of all mail that is
- queued for the named <i>site</i>. This uses "fast flush"
- service, and is implemented by connecting to the
- local SMTP server at <b>$myhostname</b>. See <a href="smtpd.8.html"><b>smtpd</b>(8)</a> for
+ queued for the named <i>site</i>. This option accepts only
+ <i>site</i> names that are eligible for the "fast flush"
+ service, and is implemented by connecting to the
+ local SMTP server at <b>$myhostname</b>. See <a href="flushd.8.html"><b>flush</b>(8)</a> for
more information about the "fast flush" service.
<b>-qS</b><i>site</i>
- This command is not implemented. Use the slower
+ This command is not implemented. Use the slower
<b>sendmail</b> <b>-q</b> command instead.
- <b>-t</b> Extract recipients from message headers. This
- requires that no recipients be specified on the
+ <b>-t</b> Extract recipients from message headers. This
+ requires that no recipients be specified on the
command line.
<b>-v</b> Enable verbose logging for debugging purposes. Mul-
- tiple <b>-v</b> options make the software increasingly
+ tiple <b>-v</b> options make the software increasingly
verbose.
<b>SECURITY</b>
- By design, this program is not set-user (or group) id.
- However, it must handle data from untrusted users or
- untrusted machines. Thus, the usual precautions need to
+ By design, this program is not set-user (or group) id.
+ However, it must handle data from untrusted users or
+ untrusted machines. Thus, the usual precautions need to
be taken against malicious inputs.
<b>DIAGNOSTICS</b>
- Problems are logged to <b>syslogd</b>(8) and to the standard
+ Problems are logged to <b>syslogd</b>(8) and to the standard
error stream.
<b>ENVIRONMENT</b>
<b>MAIL</b><i>_</i><b>DEBUG</b>
Enable debugging with an external command, as spec-
- ified with the <b>debugger</b><i>_</i><b>command</b> configuration
+ ified with the <b>debugger</b><i>_</i><b>command</b> configuration
parameter.
<b>FILES</b>
/etc/postfix, configuration files
<b>CONFIGURATION</b> <b>PARAMETERS</b>
- See the Postfix <b>main.cf</b> file for syntax details and for
- default values. Use the <b>postfix</b> <b>reload</b> command after a
+ See the Postfix <b>main.cf</b> file for syntax details and for
+ default values. Use the <b>postfix</b> <b>reload</b> command after a
configuration change.
<b>alias</b><i>_</i><b>database</b>
- Default alias database(s) for <b>newaliases</b>. The
- default value for this parameter is system-spe-
+ Default alias database(s) for <b>newaliases</b>. The
+ default value for this parameter is system-spe-
cific.
<b>bounce</b><i>_</i><b>size</b><i>_</i><b>limit</b>
initialized.
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>level</b>
- Increment in verbose logging level when a remote
+ Increment in verbose logging level when a remote
host matches a pattern in the <b>debug</b><i>_</i><b>peer</b><i>_</i><b>list</b>
parameter.
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>list</b>
- List of domain or network patterns. When a remote
- host matches a pattern, increase the verbose log-
- ging level by the amount specified in the
+ List of domain or network patterns. When a remote
+ host matches a pattern, increase the verbose log-
+ ging level by the amount specified in the
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>level</b> parameter.
<b>default</b><i>_</i><b>verp</b><i>_</i><b>delimiters</b>
- The VERP delimiter characters that are used when
- the <b>-V</b> command line option is specified without
+ The VERP delimiter characters that are used when
+ the <b>-V</b> command line option is specified without
delimiter characters.
<b>fast</b><i>_</i><b>flush</b><i>_</i><b>domains</b>
List of domains that will receive "fast flush" ser-
- vice (default: all domains that this system is
- willing to relay mail to). This greatly improves
- the performance of the SMTP <b>ETRN</b> request, and of
- the <b>sendmail</b> <b>-qR</b> command. For domains not in the
+ vice (default: all domains that this system is
+ willing to relay mail to). This greatly improves
+ the performance of the SMTP <b>ETRN</b> request, and of
+ the <b>sendmail</b> <b>-qR</b> command. For domains not in the
list, Postfix simply attempts to deliver all queued
mail.
<b>fork</b><i>_</i><b>attempts</b>
- Number of attempts to <b>fork</b>() a process before giv-
+ Number of attempts to <b>fork</b>() a process before giv-
ing up.
<b>fork</b><i>_</i><b>delay</b>
- Delay in seconds between successive <b>fork</b>()
+ Delay in seconds between successive <b>fork</b>()
attempts.
<b>hopcount</b><i>_</i><b>limit</b>
Limit the number of <b>Received:</b> message headers.
<b>mail</b><i>_</i><b>owner</b>
- The owner of the mail queue and of most Postfix
+ The owner of the mail queue and of most Postfix
processes.
<b>command</b><i>_</i><b>directory</b>
- Directory with Postfix support commands (default:
+ Directory with Postfix support commands (default:
<b>$program</b><i>_</i><b>directory</b>).
<b>daemon</b><i>_</i><b>directory</b>
- Directory with Postfix daemon programs (default:
+ Directory with Postfix daemon programs (default:
<b>$program</b><i>_</i><b>directory</b>).
<b>queue</b><i>_</i><b>directory</b>
- Top-level directory of the Postfix queue. This is
+ Top-level directory of the Postfix queue. This is
also the root directory of Postfix daemons that run
chrooted.
<b>queue</b><i>_</i><b>run</b><i>_</i><b>delay</b>
- The time between successive scans of the deferred
+ The time between successive scans of the deferred
queue.
<b>verp</b><i>_</i><b>delimiter</b><i>_</i><b>filter</b>
- The characters that Postfix accepts as VERP delim-
+ The characters that Postfix accepts as VERP delim-
iter characters.
<b>SEE</b> <b>ALSO</b>
syslogd(8) system logging
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
<b>noanonymous</b>
Disallow anonymous logins.
+ <b>smtpd</b><i>_</i><b>sender</b><i>_</i><b>login</b><i>_</i><b>maps</b>
+ Maps that specify the SASL login name that owns a
+ MAIL FROM sender address. Used by the
+ <b>reject</b><i>_</i><b>sender</b><i>_</i><b>login</b><i>_</i><b>mismatch</b> sender anti-spoofing
+ restriction.
+
<b>Miscellaneous</b>
<b>always</b><i>_</i><b>bcc</b>
- Address to send a copy of each message that enters
+ Address to send a copy of each message that enters
the system.
<b>command</b><i>_</i><b>directory</b>
<b>$program</b><i>_</i><b>directory</b>).
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>level</b>
- Increment in verbose logging level when a remote
+ Increment in verbose logging level when a remote
host matches a pattern in the <b>debug</b><i>_</i><b>peer</b><i>_</i><b>list</b>
parameter.
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>list</b>
- List of domain or network patterns. When a remote
- host matches a pattern, increase the verbose log-
- ging level by the amount specified in the
+ List of domain or network patterns. When a remote
+ host matches a pattern, increase the verbose log-
+ ging level by the amount specified in the
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>level</b> parameter.
<b>default</b><i>_</i><b>verp</b><i>_</i><b>delimiters</b>
The default VERP delimiter characters that are used
- when the XVERP command is specified without
+ when the XVERP command is specified without
explicit delimiters.
<b>error</b><i>_</i><b>notice</b><i>_</i><b>recipient</b>
- Recipient of protocol/policy/resource/software
+ Recipient of protocol/policy/resource/software
error notices.
<b>hopcount</b><i>_</i><b>limit</b>
Limit the number of <b>Received:</b> message headers.
<b>local</b><i>_</i><b>recipient</b><i>_</i><b>maps</b>
- List of maps with user names that are local to
+ List of maps with user names that are local to
<b>$myorigin</b> or <b>$inet</b><i>_</i><b>interfaces</b>. If this parameter is
- defined, then the SMTP server rejects mail for
+ defined, then the SMTP server rejects mail for
unknown local users.
<b>notify</b><i>_</i><b>classes</b>
List of error classes. Of special interest are:
- <b>policy</b> When a client violates any policy, mail a
+ <b>policy</b> When a client violates any policy, mail a
transcript of the entire SMTP session to the
postmaster.
<b>protocol</b>
- When a client violates the SMTP protocol or
+ When a client violates the SMTP protocol or
issues an unimplemented command, mail a
transcript of the entire SMTP session to the
postmaster.
<b>smtpd</b><i>_</i><b>banner</b>
- Text that follows the <b>220</b> status code in the SMTP
+ Text that follows the <b>220</b> status code in the SMTP
greeting banner.
<b>smtpd</b><i>_</i><b>recipient</b><i>_</i><b>limit</b>
- Restrict the number of recipients that the SMTP
+ Restrict the number of recipients that the SMTP
server accepts per message delivery.
<b>smtpd</b><i>_</i><b>timeout</b>
- Limit the time to send a server response and to
+ Limit the time to send a server response and to
receive a client request.
<b>soft</b><i>_</i><b>bounce</b>
- Change hard (5xx) reject responses into soft (4xx)
- reject responses. This can be useful for testing
+ Change hard (5xx) reject responses into soft (4xx)
+ reject responses. This can be useful for testing
purposes.
<b>verp</b><i>_</i><b>delimiter</b><i>_</i><b>filter</b>
- The characters that Postfix accepts as VERP delim-
+ The characters that Postfix accepts as VERP delim-
iter characters.
<b>Resource</b> <b>controls</b>
<b>line</b><i>_</i><b>length</b><i>_</i><b>limit</b>
- Limit the amount of memory in bytes used for the
+ Limit the amount of memory in bytes used for the
handling of partial input lines.
<b>message</b><i>_</i><b>size</b><i>_</i><b>limit</b>
ing on-disk storage for envelope information.
<b>queue</b><i>_</i><b>minfree</b>
- Minimal amount of free space in bytes in the queue
- file system for the SMTP server to accept any mail
+ Minimal amount of free space in bytes in the queue
+ file system for the SMTP server to accept any mail
at all.
<b>Tarpitting</b>
<b>smtpd</b><i>_</i><b>soft</b><i>_</i><b>error</b><i>_</i><b>limit</b>
When an SMTP client has made this number of errors,
- wait <i>error_count</i> seconds before responding to any
+ wait <i>error_count</i> seconds before responding to any
client request.
<b>smtpd</b><i>_</i><b>hard</b><i>_</i><b>error</b><i>_</i><b>limit</b>
- Disconnect after a client has made this number of
+ Disconnect after a client has made this number of
errors.
<b>smtpd</b><i>_</i><b>junk</b><i>_</i><b>command</b><i>_</i><b>limit</b>
Limit the number of times a client can issue a junk
- command such as NOOP, VRFY, ETRN or RSET in one
- SMTP session before it is penalized with tarpit
+ command such as NOOP, VRFY, ETRN or RSET in one
+ SMTP session before it is penalized with tarpit
delays.
<b>UCE</b> <b>control</b> <b>restrictions</b>
<b>parent</b><i>_</i><b>domain</b><i>_</i><b>matches</b><i>_</i><b>subdomains</b> (versions >= 20011119)
- List of Postfix features that use <i>domain.name</i> pat-
+ List of Postfix features that use <i>domain.name</i> pat-
terns to match <i>sub.domain.name</i> (as opposed to
requiring <i>.domain.name</i> patterns).
tem.
<b>smtpd</b><i>_</i><b>helo</b><i>_</i><b>required</b>
- Require that clients introduce themselves at the
+ Require that clients introduce themselves at the
beginning of an SMTP session.
<b>smtpd</b><i>_</i><b>helo</b><i>_</i><b>restrictions</b>
- Restrict what client hostnames are allowed in <b>HELO</b>
+ Restrict what client hostnames are allowed in <b>HELO</b>
and <b>EHLO</b> commands.
<b>smtpd</b><i>_</i><b>sender</b><i>_</i><b>restrictions</b>
- Restrict what sender addresses are allowed in <b>MAIL</b>
+ Restrict what sender addresses are allowed in <b>MAIL</b>
<b>FROM</b> commands.
<b>smtpd</b><i>_</i><b>recipient</b><i>_</i><b>restrictions</b>
- Restrict what recipient addresses are allowed in
+ Restrict what recipient addresses are allowed in
<b>RCPT</b> <b>TO</b> commands.
<b>smtpd</b><i>_</i><b>etrn</b><i>_</i><b>restrictions</b>
mands, and what clients may issue <b>ETRN</b> commands.
<b>allow</b><i>_</i><b>untrusted</b><i>_</i><b>routing</b>
- Allow untrusted clients to specify addresses with
- sender-specified routing. Enabling this opens up
- nasty relay loopholes involving trusted backup MX
+ Allow untrusted clients to specify addresses with
+ sender-specified routing. Enabling this opens up
+ nasty relay loopholes involving trusted backup MX
hosts.
<b>smtpd</b><i>_</i><b>restriction</b><i>_</i><b>classes</b>
- Declares the name of zero or more parameters that
- contain a list of UCE restrictions. The names of
- these parameters can then be used instead of the
+ Declares the name of zero or more parameters that
+ contain a list of UCE restrictions. The names of
+ these parameters can then be used instead of the
restriction lists that they represent.
<b>maps</b><i>_</i><b>rbl</b><i>_</i><b>domains</b>
- List of DNS domains that publish the addresses of
+ List of DNS domains that publish the addresses of
blacklisted hosts.
<b>permit</b><i>_</i><b>mx</b><i>_</i><b>backup</b><i>_</i><b>networks</b>
- Only domains whose primary MX hosts match the
- listed networks are eligible for the <b>per-</b>
+ Only domains whose primary MX hosts match the
+ listed networks are eligible for the <b>per-</b>
<b>mit</b><i>_</i><b>mx</b><i>_</i><b>backup</b> feature.
<b>relay</b><i>_</i><b>domains</b>
- Restrict what domains or networks this mail system
+ Restrict what domains or networks this mail system
will relay mail from or to.
<b>UCE</b> <b>control</b> <b>responses</b>
<b>access</b><i>_</i><b>map</b><i>_</i><b>reject</b><i>_</i><b>code</b>
- Server response when a client violates an access
+ Server response when a client violates an access
database restriction.
<b>invalid</b><i>_</i><b>hostname</b><i>_</i><b>reject</b><i>_</i><b>code</b>
- Server response when a client violates the
+ Server response when a client violates the
<b>reject</b><i>_</i><b>invalid</b><i>_</i><b>hostname</b> restriction.
<b>maps</b><i>_</i><b>rbl</b><i>_</i><b>reject</b><i>_</i><b>code</b>
- Server response when a client violates the
+ Server response when a client violates the
<b>maps</b><i>_</i><b>rbl</b><i>_</i><b>domains</b> restriction.
<b>reject</b><i>_</i><b>code</b>
- Response code when the client matches a <b>reject</b>
+ Response code when the client matches a <b>reject</b>
restriction.
<b>relay</b><i>_</i><b>domains</b><i>_</i><b>reject</b><i>_</i><b>code</b>
- Server response when a client attempts to violate
+ Server response when a client attempts to violate
the mail relay policy.
<b>unknown</b><i>_</i><b>address</b><i>_</i><b>reject</b><i>_</i><b>code</b>
- Server response when a client violates the
+ Server response when a client violates the
<b>reject</b><i>_</i><b>unknown</b><i>_</i><b>address</b> restriction.
<b>unknown</b><i>_</i><b>client</b><i>_</i><b>reject</b><i>_</i><b>code</b>
- Server response when a client without address to
- name mapping violates the <b>reject</b><i>_</i><b>unknown</b><i>_</i><b>clients</b>
+ Server response when a client without address to
+ name mapping violates the <b>reject</b><i>_</i><b>unknown</b><i>_</i><b>clients</b>
restriction.
<b>unknown</b><i>_</i><b>hostname</b><i>_</i><b>reject</b><i>_</i><b>code</b>
- Server response when a client violates the
+ Server response when a client violates the
<b>reject</b><i>_</i><b>unknown</b><i>_</i><b>hostname</b> restriction.
<b>SEE</b> <b>ALSO</b>
syslogd(8) system logging
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
<p>
+<a name="reject_sender_login_mismatch">
+
+<dt> <b>reject_sender_login_mismatch</b> <dd> Reject the request
+when <a href="#smtpd_sender_login_maps"> $smtpd_sender_owner_maps</a>
+specifies an owner for the MAIL FROM address, but the client is
+not (SASL) logged in as that MAIL FROM address owner; or when the
+client is (SASL) logged in, but the client login name doesn't own
+the MAIL FROM address according to <a href="#smtpd_sender_login_maps">
+$smtpd_sender_login_maps</a>.
+
+<p>
+
<dt> <b><a href="#permit_naked_ip_address">permit_naked_ip_address</a></b>
<dt> <b><a href="#reject_invalid_hostname">reject_invalid_hostname</a></b>
<dt> <b><a href="#check_sender_access">check_sender_access</a></b> <i>maptype</i>:<i>mapname</i>
+<dt> <b><a href="#reject_sender_login_mismatch">reject_sender_login_mismatch
+</a></b>
+
<dd> See sender address restrictions.
<p>
</dl>
+<dl>
+
+<a name="smtpd_sender_login_maps">
+
+<dt> <b>smtpd_sender_login_maps</b>
+
+<dd>This parameter specifies ownership of MAIL FROM addresses, as
+used by the <a href="#reject_sender_login_mismatch">
+reject_sender_login_mismatch</a> sender address restriction.
+
+<p>
+
+<dl>
+
+<dt>Default:
+
+<dd><b>smtpd_sender_login_maps = </b>
+
+<p>
+
+<dt>Syntax:
+
+<dd> Specify zero or more type:name lookup tables, separated by
+whitespace and/or commas. The maps are searched in the
+specified order. Regexp tables are allowed.
+
+<p>
+
+Each map entry specifies a sender address and the login name that
+owns the address. The search order is:
+
+<p>
+
+<dl>
+
+<dt><i>user@domain owner</i>
+
+<dd>This form has the highest precedence.
+
+<p>
+
+<dt><i>user owner</i>
+
+<dd>This matches <i>user@site</i> when <i>site</i> is equal to <a
+href="basic.html#myorigin"> $myorigin</a>, when <i>site</i> is
+listed in <a href="basic.html#mydestination"> $mydestination</a>,
+or when it is listed in <a href="basic.html#inet_interfaces">
+$inet_interfaces</a>.
+
+<p>
+
+<dt><i>@domain owner</i>
+
+<dd>This matches every address in the specified domain, and has
+the lowest precedence.
+
+</dl>
+
+</dl>
+
+</dl>
+
<hr>
<a href="index.html">Up one level</a> | <a href="basic.html">Basic
done
;;
AIX.*) case "`uname -v`" in
+ 5) SYSTYPE=AIX4
+ case "$CC" in
+ cc|*/cc|xlc|*/xlc) CCARGS="$CCARGS -w -blibpath:/usr/lib:/lib:/usr/local/lib";;
+ esac
+ CCARGS="$CCARGS -D_ALL_SOURCE -DHAS_POSIX_REGEXP"
+ ;;
4) SYSTYPE=AIX4
# How embarrassing...
case "$CC" in
configuration parameter instead.
.IP \fB-qR\fIsite\fR
Schedule immediate delivery of all mail that is queued for the named
-\fIsite\fR. This uses "fast flush" service, and is implemented
-by connecting to the local SMTP server at \fB$myhostname\fR.
-See \fBsmtpd\fR(8) for more information about the "fast flush"
+\fIsite\fR. This option accepts only \fIsite\fR names that are
+eligible for the "fast flush" service, and is implemented by
+connecting to the local SMTP server at \fB$myhostname\fR.
+See \fBflush\fR(8) for more information about the "fast flush"
service.
.IP \fB-qS\fIsite\fR
This command is not implemented. Use the slower \fBsendmail -q\fR
.IP \fBnoanonymous\fR
Disallow anonymous logins.
.RE
+.IP \fBsmtpd_sender_login_maps\fR
+Maps that specify the SASL login name that owns a MAIL FROM sender
+address. Used by the \fBreject_sender_login_mismatch\fR sender
+anti-spoofing restriction.
.SH Miscellaneous
.ad
.fi
#define DEF_SMTPD_SASL_REALM "$myhostname"
extern char *var_smtpd_sasl_realm;
+#define VAR_SMTPD_SND_AUTH_MAPS "smtpd_sender_login_maps"
+#define DEF_SMTPD_SND_AUTH_MAPS ""
+extern char *var_smtpd_snd_auth_maps;
+
+#define REJECT_SENDER_LOGIN_MISMATCH "reject_sender_login_mismatch"
+
/*
* SASL authentication support, SMTP client side.
*/
* Version of this program.
*/
#define VAR_MAIL_VERSION "mail_version"
-#define DEF_MAIL_VERSION "Snapshot-20011121"
+#define DEF_MAIL_VERSION "Snapshot-20011125"
extern char *var_mail_version;
/* LICENSE
/* configuration parameter instead.
/* .IP \fB-qR\fIsite\fR
/* Schedule immediate delivery of all mail that is queued for the named
-/* \fIsite\fR. This uses "fast flush" service, and is implemented
-/* by connecting to the local SMTP server at \fB$myhostname\fR.
-/* See \fBsmtpd\fR(8) for more information about the "fast flush"
+/* \fIsite\fR. This option accepts only \fIsite\fR names that are
+/* eligible for the "fast flush" service, and is implemented by
+/* connecting to the local SMTP server at \fB$myhostname\fR.
+/* See \fBflush\fR(8) for more information about the "fast flush"
/* service.
/* .IP \fB-qS\fIsite\fR
/* This command is not implemented. Use the slower \fBsendmail -q\fR
/* .IP \fBnoanonymous\fR
/* Disallow anonymous logins.
/* .RE
+/* .IP \fBsmtpd_sender_login_maps\fR
+/* Maps that specify the SASL login name that owns a MAIL FROM sender
+/* address. Used by the \fBreject_sender_login_mismatch\fR sender
+/* anti-spoofing restriction.
/* .SH Miscellaneous
/* .ad
/* .fi
char *var_filter_xport;
bool var_broken_auth_clients;
char *var_perm_mx_networks;
+char *var_smtpd_snd_auth_maps;
/*
* Global state, for stand-alone mode queue file cleanup. When this is
if (state->history != 0 && SMTPD_STAND_ALONE(state) == 0
&& (state->error_mask & state->notify_mask))
smtpd_chat_notify(state);
+ state->error_mask = 0;
smtpd_chat_reset(state);
}
VAR_SMTPD_SASL_REALM, DEF_SMTPD_SASL_REALM, &var_smtpd_sasl_realm, 1, 0,
VAR_FILTER_XPORT, DEF_FILTER_XPORT, &var_filter_xport, 0, 0,
VAR_PERM_MX_NETWORKS, DEF_PERM_MX_NETWORKS, &var_perm_mx_networks, 0, 0,
+ VAR_SMTPD_SND_AUTH_MAPS, DEF_SMTPD_SND_AUTH_MAPS, &var_smtpd_snd_auth_maps, 0, 0,
0,
};
static MAPS *virt_mailbox_maps;
static MAPS *relocated_maps;
+ /*
+ * Pre-opened sender to login name mapping.
+ */
+static MAPS *smtpd_sender_login_maps;
+
/*
* Pre-opened access control lists.
*/
access_parent_style = match_parent_style(SMTPD_ACCESS_MAPS);
+ /*
+ * Sender to login name mapping.
+ */
+ smtpd_sender_login_maps = maps_create(VAR_SMTPD_SND_AUTH_MAPS,
+ var_smtpd_snd_auth_maps,
+ DICT_FLAG_LOCK);
+
/*
* error_text is used for returning error responses.
*/
return (result);
}
+/* reject_sender_login_mismatch - reject login/sender ownership mismatch */
+
+static int reject_sender_login_mismatch(SMTPD_STATE *state, const char *sender)
+{
+ const RESOLVE_REPLY *reply;
+ const char *login = 0;
+ const char *owner = 0;
+
+ /*
+ * If the sender address is owned by a login name, or if the client has
+ * logged in, then require that the client is logged in as the owner of
+ * the sender address.
+ */
+ reply = (const RESOLVE_REPLY *) ctable_locate(smtpd_resolve_cache, sender);
+ owner = check_maps_find(state, sender, smtpd_sender_login_maps,
+ STR(reply->recipient), 0);
+#ifdef USE_SASL_AUTH
+ if (var_smtpd_sasl_enable && state->sasl_username != 0)
+ login = state->sasl_username;
+#endif
+ if (login) {
+ if (owner == 0 || strcasecmp(login, owner) != 0)
+ return (smtpd_check_reject(state, MAIL_ERROR_POLICY,
+ "553 <%s>: Sender address rejected: not owned by username %s",
+ sender, login));
+ } else {
+ if (owner)
+ return (smtpd_check_reject(state, MAIL_ERROR_POLICY,
+ "553 <%s>: Sender address rejected: not logged in as owner",
+ sender));
+ }
+ return (SMTPD_CHECK_DUNNO);
+}
+
/* is_map_command - restriction has form: check_xxx_access type:name */
static int is_map_command(SMTPD_STATE *state, const char *name,
if (state->sender && *state->sender)
status = reject_non_fqdn_address(state, state->sender,
state->sender, SMTPD_NAME_SENDER);
+ } else if (strcasecmp(name, REJECT_SENDER_LOGIN_MISMATCH) == 0) {
+ if (state->sender && *state->sender)
+ status = reject_sender_login_mismatch(state, state->sender);
}
/*
* AIX: a SYSV-flavored hybrid. NB: fcntl() and flock() access the same
* underlying locking primitives.
*/
+#ifdef AIX5
+#define SUPPORTED
+#include <sys/types.h>
+#define MISSING_SETENV
+#define _PATH_BSHELL "/bin/sh"
+#define _PATH_MAILDIR "/var/spool/mail" /* paths.h lies */
+#define _PATH_DEFPATH "/usr/bin:/usr/ucb"
+#define _PATH_STDPATH "/usr/bin:/usr/sbin:/usr/ucb"
+#define HAS_FCNTL_LOCK
+#define INTERNAL_LOCK MYFLOCK_STYLE_FCNTL
+#define DEF_MAILBOX_LOCK "fcntl, dotlock"
+#define USE_SYS_SELECT_H
+#define HAS_FSYNC
+#define HAS_DBM
+#define DEF_DB_TYPE "dbm"
+#define ALIAS_DB_MAP "dbm:/etc/aliases"
+#define HAS_NIS
+#define HAS_SA_LEN
+#define GETTIMEOFDAY(t) gettimeofday(t,(struct timezone *) 0)
+#define RESOLVE_H_NEEDS_STDIO_H
+#define ROOT_PATH "/bin:/usr/bin:/sbin:/usr/sbin:/usr/ucb"
+#define SOCKADDR_SIZE size_t
+#define SOCKOPT_SIZE size_t
+#define USE_STATVFS
+#define STATVFS_IN_SYS_STATVFS_H
+#define STRCASECMP_IN_STRINGS_H
+#endif
+
#ifdef AIX4
#define SUPPORTED
#include <sys/types.h>
projects / thirdparty / postfix.git / commitdiff
