Cleanup: INSTALL.sh uses a configurable directory for
scratch files, so that it can install from a file system
that is not writable by the super-user.
+
+19991220
+
+ Cleanup: it is no longer necessary to list $virtual_maps
+ as part of the relay_domains definition. The SMTP server
+ now by default accepts mail for domains that match
+ $mydestination or $virtual_maps, or that resolve to a mail
+ delivery transport that is listed in $local_transport.
+ Files: smtpd/smtpd_check.c and lots of documentation.
#
queue_directory = /var/spool/postfix
-# The program_directory parameter specifies the default location of
-# Postfix support programs and daemons. This setting can be overruled
-# with the command_directory and daemon_directory parameters.
-#
-program_directory = /some/where/postfix/bin
-
# The command_directory parameter specifies the location of all
# postXXX commands. The default value is $program_directory.
#
#inet_interfaces = $myhostname, localhost
# The mydestination parameter specifies the list of domains that this
-# machine considers itself the final destination for.
+# machine considers itself the final destination for. That does not
+# include domains that are hosted on this machine. Those domains are
+# specified elsewhere (see sample-virtual.cf, and sample-transport.cf).
#
# The default is $myhostname + localhost.$mydomain. On a mail domain
# gateway, you should also include $mydomain. Do not specify the
#
#local_recipient_maps = $alias_maps unix:passwd.byname
-# INTERNET VERSUS INTRANET
-#
-# The relayhost parameter specifies the default host to send mail to
-# when no entry is matched in the optional transport(5) table. When
-# no relayhost is given, mail is routed directly to the destination.
-#
-# On an intranet, specify the organizational domain name. If your
-# internal DNS uses no MX records, specify the name of the intranet
-# gateway host instead.
-#
-# Specify a domain, host, host:port, [address] or [address:port].
-# Use the form [destination] to turn off MX lookups. See also the
-# default_transport parameter if you're connected via UUCP.
-#
-#relayhost = $mydomain
-#relayhost = gateway.my.domain
-#relayhost = uucphost
-#relayhost = [mail.$mydomain:9999]
-
-# DEFAULT TRANSPORT
-#
-# The default_transport parameter specifies the default message
-# delivery transport to use when no transport is explicitly given in
-# the optional transport(5) table.
-#
-#default_transport = smtp
-#default_transport = uucp
-
# ADDRESS REWRITING
#
# Insert text from sample-rewrite.cf if you need to do address
#alias_database = hash:/etc/aliases
#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases
-# DELIVERED-TO
-#
-# The prepend_delivered_header controls when Postfix should prepend
-# a Delivered-To: message header.
-#
-# By default, Postfix prepends a Delivered-To: header when forwarding
-# mail and when delivering to file (mailbox) or command. Turning off
-# the Delivered-To: header when forwarding mail is not recommended.
-#
-# prepend_delivered_header = command, file, forward
-# prepend_delivered_header = forward
-
# ADDRESS EXTENSIONS (e.g., user+foo)
#
# The recipient_delimiter parameter specifies the separator between
# the recipient with proper HOME, SHELL and LOGNAME environment settings.
# Exception: delivery for root is done as $default_user.
#
-# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE WITH, E.G., PROCMAIL,
-# YOU MUST SET UP AN ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL
-# USER.
-#
# Other environment variables of interest: USER (recipient username),
# EXTENSION (address extension), DOMAIN (domain part of address),
# and LOCAL (the address localpart).
# Avoid shell meta characters because they will force Postfix to run
# an expensive shell process. Procmail alone is expensive enough.
#
+# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN
+# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER.
+#
#mailbox_command = /some/where/procmail
#mailbox_command = /some/where/procmail -a "$EXTENSION"
#header_checks = regexp:/etc/postfix/filename
#header_checks = pcre:/etc/postfix/filename
-# The relay_domains parameter restricts what client hostname domains
-# (and subdomains thereof) this mail system will relay mail from,
-# and restricts what destination domains (and subdomains thereof)
-# this system will relay mail to. See the smtpd_recipient_restrictions
-# restriction in the file sample-smtpd.cf.
+# The relay_domains parameter restricts what clients this mail system
+# will relay mail from, or what destinations this system will relay
+# mail to. See the smtpd_recipient_restrictions restriction in the
+# file sample-smtpd.cf.
#
-# By default, Postfix relays mail only from clients or to destinations
-# in or below $mydestination, or in the optional virtual domain list.
+# By default, Postfix relays mail from clients whose IP address
+# matches $mynetworks, and from clients or to destination domains
+# matching $relay_domains or subdomains thereof. The default
+# relay_domains value is $mydestination.
+#
+# By default, the Postfix SMTP server accepts mail for domains listed
+# in $mydestination and in $virtual_maps, and for destinations that
+# resolve to a mail delivery transport listed in $local_transports.
+# These destinations do not need to be listed in $relay_domains.
#
# Specify a list of hosts or domains, /file/name patterns or type:name
# lookup tables, separated by commas and/or whitespace. Continue
# list this system as their primary or backup MX host. See the
# permit_mx_backup restriction in the file sample-smtpd.cf.
#
-#relay_domains = $mydestination, $virtual_maps
+#relay_domains = $mydestination
# The mynetworks parameter specifies the list of networks that are
# local to this machine. The list is used by the anti-UCE software
# command to use instead of mailbox delivery. The command is run
# as the recipient with proper HOME, SHELL and LOGNAME environment settings.
# Exception: delivery for root is done as $default_user.
-#
-# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE WITH, E.G., PROCMAIL,
-# YOU MUST SET UP AN ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL
-# USER.
#
# Other environment variables of interest: USER (recipient username),
# EXTENSION (address extension), DOMAIN (domain part of address),
# Avoid shell meta characters because they will force Postfix to run
# an expensive shell process. Procmail alone is expensive enough.
#
+# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN
+# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER.
+#
# mailbox_command = /some/where/procmail
# mailbox_command = /some/where/procmail -a "$EXTENSION"
mailbox_command =
# The smtpd_recipient_restrictions parameter specifies restrictions on
# recipient addresses that SMTP clients can send in RCPT TO commands.
#
-# The default is to permit any destination from clients that match
-# $mynetworks, and to otherwise permit only mail from clients or to
-# destinations that match $relay_domains or a subdomain thereof.
-#
-# The following restrictions are available:
+# By default, Postfix relays mail from clients whose IP address
+# matches $mynetworks, and from clients or to destination domains
+# matching $relay_domains or subdomains thereof. The default
+# relay_domains value is $mydestination.
+#
+# By default, the Postfix SMTP server accepts mail for domains listed
+# in $mydestination and in $virtual_maps, and for destinations that
+# resolve to a mail delivery transport listed in $local_transports.
+# These destinations do not need to be listed in $relay_domains.
+#
+# The following restrictions are available (* is part of default setting):
#
-# permit_mynetworks: permit if the client address matches $mynetworks.
+# *permit_mynetworks: permit if the client address matches $mynetworks.
# reject_unknown_client: reject the request if the client hostname is unknown.
# reject_maps_rbl: reject if the client is listed under $maps_rbl_domains.
# reject_invalid_hostname: reject HELO hostname with bad syntax.
# reject_unknown_hostname: reject HELO hostname without DNS A or MX record.
# reject_unknown_sender_domain: reject sender domain without A or MX record.
-# check_relay_domains: permit only mail from clients/to domains matching
-# $relay_domains, or to the local machine.
-# permit_auth_destination: permit mail to self or to $relay_domains.
-# reject_unauth_destination: reject mail not to self or to $relay_domains.
+# *check_relay_domains: permit only mail from clients/to domains matching
+# $relay_domains, or to $mydestination, $virtual_maps or $local_transports
+# permit_auth_destination: permit mail to domains matching $relay_domains,
+# or to $mydestination, $virtual_maps or $local_transports.
+# reject_unauth_destination: reject mail not to $relay_domains or to
+# $mydestination, $virtual_maps or $local_transports.
# reject_unauth_pipelining: reject mail from improperly pipelining spamware
# permit_mx_backup: accept mail for sites that list me as MX host.
# reject_unknown_recipient_domain: reject domains without A or MX record.
# and restricts what destination domains (and subdomains thereof)
# this system will relay mail to.
#
-# By default, Postfix relays mail only from clients or to destinations
-# in or below $mydestination, or in the optional virtual domain list.
-#
+# By default, Postfix relays mail from clients whose IP address
+# matches $mynetworks, and from clients or to destination domains
+# matching $relay_domains or subdomains thereof. The default
+# relay_domains value is $mydestination.
+#
+# By default, the Postfix SMTP server accepts mail for domains listed
+# in $mydestination and in $virtual_maps, and for destinations that
+# resolve to a mail delivery transport listed in $local_transports.
+# These destinations do not need to be listed in $relay_domains.
+#
# Specify a list of hosts or domains, /file/name patterns or type:name
# lookup tables, separated by commas and/or whitespace. Continue
# long lines by starting the next line with whitespace. A file name
# permit_mx_backup restriction, in the description of the
# smtpd_recipient_restrictions parameter.
#
-relay_domains = $mydestination, $virtual_maps
+relay_domains = $mydestination
#
# RESPONSE CODES
# This file contains example settings of Postfix configuration
# parameters that control the optional transport table lookups.
+# The local_transports parameter defines the name of the default
+# transport for local mail delivery, plus zero or more names of
+# additional transports that are known to deliver locally. By default,
+# the SMTP server's UCE restrictions permit mail for any destination
+# that resolves to a mail delivery transport in $local_transports.
+#
+local_transports = local,cyrus
+
# The transport_maps parameter specifies optional tables with domain
# to (transport, nexthop) mappings. See transport(5) for syntax details.
#
# transport_maps = hash:/etc/postfix/transport, nis:transport
# transport_maps = hash:/etc/postfix/transport, netinfo:/transport
transport_maps =
-
-# The local_transports parameter defines the name of the default
-# transport for local mail delivery, plus zero or more names of
-# additional transports that are known to deliver locally. The SMTP
-# server's UCE restrictions use this list to decide if an address
-# would be forwarded or not.
-#
-local_transports = local
# If you use this feature, run "postmap /etc/postfix/virtual" to
# build the necessary DBM or DB file after change.
#
-# It will take a minute or so before the change becomes visible.
+# It may take a minute or so before the change becomes visible.
# Use "postfix reload" to eliminate the delay.
#
# virtual_maps = dbm:/etc/postfix/virtual
# .fi
# .in -4
#
-# With this, the SMTP server accepts mail for \fIvirtual.domain\fR
-# (provided that the \fBrelay_domains\fR parameter includes
-# $\fBvirtual_maps\fR), and mail for \fIunknown\fR@\fIvirtual.domain\fR
-# is bounced as undeliverable.
+# With this, the SMTP server accepts mail for \fIvirtual.domain\fR and
+# rejects mail for \fIunknown\fR@\fIvirtual.domain\fR as undeliverable.
#
# The format of the virtual table is as follows, mappings being
# tried in the order as listed in this manual page:
* Transports that deliver locally. Order matters.
*/
#define VAR_LOCAL_TRANSP "local_transports"
-#define DEF_LOCAL_TRANSP "local"
+#define DEF_LOCAL_TRANSP "local,cyrus"
extern char *var_local_transports;
/*
extern char *var_mynetworks;
#define VAR_RELAY_DOMAINS "relay_domains"
-#define DEF_RELAY_DOMAINS "$mydestination, $virtual_maps"
+#define DEF_RELAY_DOMAINS "$mydestination"
extern char *var_relay_domains;
#define VAR_CLIENT_CHECKS "smtpd_client_restrictions"
* Version of this program.
*/
#define VAR_MAIL_VERSION "mail_version"
-#define DEF_MAIL_VERSION "Snapshot-19991219"
+#define DEF_MAIL_VERSION "Snapshot-19991220"
extern char *var_mail_version;
/* LICENSE
<ul>
+<li><a href="#stand_alone">Stand-alone machine</a>
+
<li><a href="#workstation_server">Workstations and servers</a>
<li><a href="#null_client">Null clients</a>
<li><a href="#root">Root's mail is delivered to nobody</a>
-<li><a href="#local">Delivering some users locally while sending mail as user@domain</a>
+<li><a href="#some_local">Delivering some users locally while
+sending mail as user@domain</a>
<li><a href="#maildir">Support for maildir-style mailboxes</a>
<hr>
+<a name="stand_alone"><h3>Stand-alone machine</h3>
+
+Out of the box, Postfix should work without change on a stand-alone
+machine that is has direct Internet access. At least, that is how
+Postfix installs when you download the Postfix source code. If you
+are on a firewalled intranet, or if your machine is dial-up connected
+only a small part of the time, see the respective sections.
+
+<hr>
+
<a name="workstation_server"><h3>Workstations and servers</h3>
-This section describes a workstation-sever environment. All systems
+This section describes a workstation-server environment. All systems
send mail as user@domain. All systems receive mail for user@hostname.
The server receives mail for user@domain, too.
<pre>
<b>/etc/postfix/main.cf</b>:
- mydestination =
myorigin = $mydomain
relayhost = $mydomain
<p>
-The mail server is the primary MX host for null clients (remember,
-null clients do not receive mail, so something needs to be done
-with mail for user@nullclient).
-
-<p>
-
-<pre>
- <b>/etc/postfix/main.cf</b>:
- myorigin = $mydomain
- mydestination = $myhostname localhost.$mydomain $mydomain /etc/postfix/nullclients
-
- <b>/etc/postfix/nullclients</b>:
- hosta.my.domain
- hostb.my.domain
-</pre>
+Since everything sends mail as user@domain, nothing sends mail as
+user@nullclient, and therefore no special configuration needs to
+be done on the mail server for mail addressed to user@nullclient.
<hr>
<ul>
-<li>Forward <i>all</i> mail to an intranet mail gateway, unless
-the mail is to be delivered on the local machine:
+<li>Send mail as user@domain. This is optional but highly recommended
+because it allows users to change machines without hassle.
+
+<pre>
+ <b>/etc/postfix/main.cf</b>:
+ myorigin = $mydomain
+</pre>
+
+<p>
+
+<li>Forward <i>all</i> mail to an intranet mail gateway, except
+for mail for the local machine:
<p>
<b>/etc/postfix/transport</b>:
my.domain smtp:
.my.domain smtp:
- thishost.my.domain local: <blink>important!</blink>
- localhost.my.domain local: <blink>important!</blink>
+ thishost.my.domain local: <blink>!important!</blink>
+ localhost.my.domain local: <blink>!important!</blink>
<b>/etc/postfix/main.cf</b>:
transport_maps = hash:/etc/postfix/transport
<p>
-Important: do not omit the entries that route local mail to the
-local delivery agent, or else mail your mail will go into a loop.
+Important: do not omit the entries that deliver mail locally, or
+else mail will bounce with a "mail loops to myself" condition.
<p>
<p>
+Execute the command <b>postmap /etc/postfix/transport</b> whenever
+you edit the transport table.
+
+<p>
+
<li>Execute the command <b>postfix reload</b> to make the
changes effective.
<a name="firewall"><h3>Running Postfix on a firewall</h3> </a>
Note: this text applies to Postfix versions dated 19991115
-and later only.
+and later only. To find out what Postfix version you have,
+execute the command <b>postconf mail_version</b>.
<p>
transport_maps = hash:/etc/postfix/transport
<b>/etc/postfix/transport</b>:
- my.domain smtp:inside-gateway.my.domain
- .my.domain smtp:inside-gateway.my.domain
+ my.domain smtp:inside-gateway.my.domain (forwards user@domain)
+ .my.domain smtp:inside-gateway.my.domain (forwards user@firewall)
+
+<b>/etc/postfix/master.cf</b>:
+ Comment out the local delivery agent
</pre>
<p>
<p>
+<li>Execute the command <b>postmap /etc/postfix/transport</b>
+whenever you change the transport table.
+
+<p>
+
<li>Execute the command <b>postfix reload</b> after a
configuration change.
<a name="dialup"><h3>Running Postfix on a dialup machine</h3></a>
+This section applies to dialup connections that are down most of
+the time. For dialup connections that are up 24x7, see the <a
+href="#workstation_server">workstations and servers</a> section
+instead.
+
+<p>
+
+If you do not have your own hostname (as with dynamic IP addressing)
+and must send mail as user@your-isp.com, you should also study the
+the section on <a href="#some_local">delivering some users locally
+while sending mail as user@domain</a>.
+
<ul>
<li> Route all outgoing mail to your provider.
<p>
-This can be "fixed" only by making Postfix slower. Postfix would
-first have to expand all distribution lists before starting any
-delivery. By design, Postfix delivers mail to different destinations
-in parallel, and local delivery is no exception. This is why Postfix
-can be faster than sendmail.
+This can be "fixed" only by making Postfix slower. In the above
+examples, Postfix would first have to completely expand all
+distribution lists before starting any delivery. By design, Postfix
+delivers mail to different destinations in parallel, and local
+delivery is no exception. This is why Postfix can be faster than
+sendmail.
<hr>
Some people will complain that Postfix sends mail to every member
of a distribution list, including the poster. By default, Sendmail
-deletes the poster from the distribution list. Sendmail sends mail
-to the poster only when the "metoo" flag is explicitly turned on.
+deletes the poster from distribution lists. Sendmail sends mail to
+the poster only when the "metoo" flag is explicitly turned on.
<p>
Wietse believes that Postfix implements the "right" behavior,
and suspects that Sendmail's default behavior is a remnant from a
-dark past when Sendmail used a really crummy algorithm to avoid
+dark past when Sendmail used a pretty crummy algorithm to avoid
aliasing loops.
<hr>
<hr>
-<a name="local"><h3>Delivering some users locally while sending mail as user@domain</h3></a>
+<a name="some_local"><h3>Delivering some users locally while sending
+mail as user@domain</h3></a>
<ul>
<a name="uucp-only"><h3>Using UUCP as the default transport</h3> </a>
Here is how to relay all your mail over a UUCP link. See the <a
-href="#uucp">Internet to UUCP</a> FAQ entry for setting up a machine
-that gateways between UUCP and SMTP.
+href="#internet-uucp">Internet to UUCP</a> FAQ entry for setting
+up a machine that gateways between UUCP and SMTP.
<p>
<b>/usr/local/include/ndbm.h</b> that is incompatible with
<b>/usr/include/ndbm.h</b>. Be sure to get rid of the bogus file.
See the FAQ entry titled "<a href="#dbm_dirfno">Undefined symbols:
-dbm_pagfno, dbm_dirfno etc".
+dbm_pagfno, dbm_dirfno etc</a>".
<hr>
command after a configuration change.
<b>Miscellaneous</b>
+ <b>allow</b><i>_</i><b>min</b><i>_</i><b>user</b>
+ Do not bounce recipient addresses that begin with
+ '-'.
+
<b>relocated</b><i>_</i><b>maps</b>
Tables with contact information for users, hosts or
domains that no longer exist. See <a href="relocated.5.html"><b>relocated</b>(5)</a>.
<b>qmgr</b><i>_</i><b>message</b><i>_</i><b>recipient</b><i>_</i><b>limit</b>
Limit the number of in-memory recipients.
- This parameter also limits the size of the short-
+ This parameter also limits the size of the short-
term, in-memory destination cache.
<b>Timing</b> <b>controls</b>
<b>min</b><i>_</i><b>backoff</b>
- Minimal time in seconds between delivery attempts
+ Minimal time in seconds between delivery attempts
of a deferred message.
- This parameter also limits the time an unreachable
- destination is kept in the short-term, in-memory
+ This parameter also limits the time an unreachable
+ destination is kept in the short-term, in-memory
destination status cache.
<b>max</b><i>_</i><b>backoff</b>
- Maximal time in seconds between delivery attempts
+ Maximal time in seconds between delivery attempts
of a deferred message.
<b>maximal</b><i>_</i><b>queue</b><i>_</i><b>lifetime</b>
- Maximal time in days a message is queued before it
+ Maximal time in days a message is queued before it
is sent back as undeliverable.
<b>queue</b><i>_</i><b>run</b><i>_</i><b>delay</b>
scans do not overlap.
<b>transport</b><i>_</i><b>retry</b><i>_</i><b>time</b>
- Time in seconds between attempts to contact a bro-
+ Time in seconds between attempts to contact a bro-
ken delivery transport.
-<b>Concurrency</b> <b>controls</b>
- In the text below, <i>transport</i> is the first field in a <b>mas-</b>
- <b>ter.cf</b> entry.
-
QMGR(8) QMGR(8)
+<b>Concurrency</b> <b>controls</b>
+ In the text below, <i>transport</i> is the first field in a <b>mas-</b>
+ <b>ter.cf</b> entry.
+
+ <b>qmgr</b><i>_</i><b>fudge</b><i>_</i><b>factor</b> (valid range: 10..100)
+ The percentage of delivery resources that a busy
+ mail system will use up for delivery of a large
+ mailing list message. With 100%, delivery of one
+ message does not begin before the previous message
+ has been delivered. This results in good perfor-
+ mance for large mailing lists, but results in poor
+ response time for one-to-one mail. With less than
+ 100%, response time for one-to-one mail improves,
+ but large mailing list delivery performance suf-
+ fers. In the worst case, recipients near the begin-
+ ning of a large list receive a burst of messages
+ immediately, while recipients near the end of that
+ list receive that same burst of messages a whole
+ day later.
+
<b>initial</b><i>_</i><b>destination</b><i>_</i><b>concurrency</b>
Initial per-destination concurrency level for par-
allel delivery to the same destination.
<b>AUTHOR(S)</b>
Wietse Venema
+
+
+
+ 5
+
+
+
+
+
+QMGR(8) QMGR(8)
+
+
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA
- 5
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 6
</pre> </body> </html>
<b>notify</b><i>_</i><b>classes</b>
List of error classes. Of special interest are:
- <b>policy</b> When a client violates any policy, mail a
+ <b>local</b><i>_</i><b>recipient</b><i>_</i><b>maps</b>
+ List of maps with user names that are local to
+ <b>$myorigin</b> or <b>$inet</b><i>_</i><b>interfaces</b>. If this parameter is
+ defined, then the SMTP server rejects mail for
+ unknown local users.
+
+ <b>policy</b> When a client violates any policy, mail a
transcript of the entire SMTP session to the
postmaster.
<b>protocol</b>
- When a client violates the SMTP protocol or
+ When a client violates the SMTP protocol or
issues an unimplemented command, mail a
transcript of the entire SMTP session to the
postmaster.
- <b>smtpd</b><i>_</i><b>banner</b>
- Text that follows the <b>220</b> status code in the SMTP
- greeting banner.
-
- <b>smtpd</b><i>_</i><b>recipient</b><i>_</i><b>limit</b>
- Restrict the number of recipients that the SMTP
SMTPD(8) SMTPD(8)
+ <b>smtpd</b><i>_</i><b>banner</b>
+ Text that follows the <b>220</b> status code in the SMTP
+ greeting banner.
+
+ <b>smtpd</b><i>_</i><b>recipient</b><i>_</i><b>limit</b>
+ Restrict the number of recipients that the SMTP
server accepts per message delivery.
<b>smtpd</b><i>_</i><b>timeout</b>
- Limit the time to send a server response and to
+ Limit the time to send a server response and to
receive a client request.
<b>Resource</b> <b>controls</b>
<b>line</b><i>_</i><b>length</b><i>_</i><b>limit</b>
- Limit the amount of memory in bytes used for the
+ Limit the amount of memory in bytes used for the
handling of partial input lines.
<b>message</b><i>_</i><b>size</b><i>_</i><b>limit</b>
ing on-disk storage for envelope information.
<b>queue</b><i>_</i><b>minfree</b>
- Minimal amount of free space in bytes in the queue
- file system for the SMTP server to accept any mail
+ Minimal amount of free space in bytes in the queue
+ file system for the SMTP server to accept any mail
at all.
<b>Tarpitting</b>
<b>smtpd</b><i>_</i><b>soft</b><i>_</i><b>error</b><i>_</i><b>limit</b>
When an SMTP client has made this number of errors,
- wait <i>error_count</i> seconds before responding to any
+ wait <i>error_count</i> seconds before responding to any
client request.
<b>smtpd</b><i>_</i><b>hard</b><i>_</i><b>error</b><i>_</i><b>limit</b>
- Disconnect after a client has made this number of
+ Disconnect after a client has made this number of
errors.
<b>UCE</b> <b>control</b> <b>restrictions</b>
tem.
<b>smtpd</b><i>_</i><b>helo</b><i>_</i><b>required</b>
- Require that clients introduce themselves at the
+ Require that clients introduce themselves at the
beginning of an SMTP session.
<b>smtpd</b><i>_</i><b>helo</b><i>_</i><b>restrictions</b>
- Restrict what client hostnames are allowed in <b>HELO</b>
+ Restrict what client hostnames are allowed in <b>HELO</b>
and <b>EHLO</b> commands.
- <b>smtpd</b><i>_</i><b>sender</b><i>_</i><b>restrictions</b>
- Restrict what sender addresses are allowed in <b>MAIL</b>
- <b>FROM</b> commands.
- <b>smtpd</b><i>_</i><b>recipient</b><i>_</i><b>restrictions</b>
- Restrict what recipient addresses are allowed in
- <b>RCPT</b> <b>TO</b> commands.
SMTPD(8) SMTPD(8)
+ <b>smtpd</b><i>_</i><b>sender</b><i>_</i><b>restrictions</b>
+ Restrict what sender addresses are allowed in <b>MAIL</b>
+ <b>FROM</b> commands.
+
+ <b>smtpd</b><i>_</i><b>recipient</b><i>_</i><b>restrictions</b>
+ Restrict what recipient addresses are allowed in
+ <b>RCPT</b> <b>TO</b> commands.
+
<b>smtpd</b><i>_</i><b>etrn</b><i>_</i><b>restrictions</b>
Restrict what domain names can be used in <b>ETRN</b> com-
mands, and what clients may issue <b>ETRN</b> commands.
<b>restriction</b><i>_</i><b>classes</b>
- Declares the name of zero or more parameters that
- contain a list of UCE restrictions. The names of
- these parameters can then be used instead of the
+ Declares the name of zero or more parameters that
+ contain a list of UCE restrictions. The names of
+ these parameters can then be used instead of the
restriction lists that they represent.
<b>maps</b><i>_</i><b>rbl</b><i>_</i><b>domains</b>
- List of DNS domains that publish the addresses of
+ List of DNS domains that publish the addresses of
blacklisted hosts.
<b>relay</b><i>_</i><b>domains</b>
- Restrict what domains or networks this mail system
+ Restrict what domains or networks this mail system
will relay mail from or to.
<b>UCE</b> <b>control</b> <b>responses</b>
<b>access</b><i>_</i><b>map</b><i>_</i><b>reject</b><i>_</i><b>code</b>
- Server response when a client violates an access
+ Server response when a client violates an access
database restriction.
<b>invalid</b><i>_</i><b>hostname</b><i>_</i><b>reject</b><i>_</i><b>code</b>
- Server response when a client violates the
+ Server response when a client violates the
<b>reject</b><i>_</i><b>invalid</b><i>_</i><b>hostname</b> restriction.
<b>maps</b><i>_</i><b>rbl</b><i>_</i><b>reject</b><i>_</i><b>code</b>
- Server response when a client violates the
+ Server response when a client violates the
<b>maps</b><i>_</i><b>rbl</b><i>_</i><b>domains</b> restriction.
<b>reject</b><i>_</i><b>code</b>
- Response code when the client matches a <b>reject</b>
+ Response code when the client matches a <b>reject</b>
restriction.
<b>relay</b><i>_</i><b>domains</b><i>_</i><b>reject</b><i>_</i><b>code</b>
- Server response when a client attempts to violate
+ Server response when a client attempts to violate
the mail relay policy.
<b>unknown</b><i>_</i><b>address</b><i>_</i><b>reject</b><i>_</i><b>code</b>
- Server response when a client violates the
+ Server response when a client violates the
<b>reject</b><i>_</i><b>unknown</b><i>_</i><b>address</b> restriction.
<b>unknown</b><i>_</i><b>client</b><i>_</i><b>reject</b><i>_</i><b>code</b>
- Server response when a client without address to
- name mapping violates the <b>reject</b><i>_</i><b>unknown</b><i>_</i><b>clients</b>
- restriction.
-
- <b>unknown</b><i>_</i><b>hostname</b><i>_</i><b>reject</b><i>_</i><b>code</b>
- Server response when a client violates the
- <b>reject</b><i>_</i><b>unknown</b><i>_</i><b>hostname</b> restriction.
-
-<b>SEE</b> <b>ALSO</b>
- <a href="cleanup.8.html">cleanup(8)</a> message canonicalization
+ Server response when a client without address to
+ name mapping violates the <b>reject</b><i>_</i><b>unknown</b><i>_</i><b>clients</b>
SMTPD(8) SMTPD(8)
+ restriction.
+
+ <b>unknown</b><i>_</i><b>hostname</b><i>_</i><b>reject</b><i>_</i><b>code</b>
+ Server response when a client violates the
+ <b>reject</b><i>_</i><b>unknown</b><i>_</i><b>hostname</b> restriction.
+
+<b>SEE</b> <b>ALSO</b>
+ <a href="cleanup.8.html">cleanup(8)</a> message canonicalization
<a href="master.8.html">master(8)</a> process manager
syslogd(8) system logging
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
-
-
-
-
-
-
-
-
<p>
By default, the Postfix <a href="smtpd.8.html">SMTP server</a> will
-accept mail only from or to the local network or domain, so that
-your system can't be used as a mail relay to forward bulk mail from
-random strangers.
+accept mail only from or to the local network or domain, or to
+domains that are hosted by Postfix, so that your system can't be
+used as a mail relay to forward bulk mail from random strangers.
<p>
<p>
-<li> <a href="#smtpd_client_restrictions">Client name/address
+<li> <a href="#smtpd_client_restrictions">Client hostname/address
restrictions</a>
<p>
<p>
+<li> <a href="#strict_rfc821_envelopes">Require strict RFC 821-style
+envelope addresses </a>
+
+<p>
+
<li> <a href="#smtpd_sender_restrictions">Sender address restrictions
</a>
<p>
-<i>A rule ending in OK affects only the header being matched. The
-next header may still result in a REJECT match, causing the mail
-still to be rejected.</i>
+<i>At present, specifying a header pattern with OK serves no useful
+purpose. A rule ending in OK affects only the header being matched.
+The next header may still result in a REJECT match, causing the
+mail still to be rejected.</i>
</dl>
<p>
-<dt>Examples:
+<dt>Examples (main.cf):
<dd> <b>header_checks = regexp:/etc/postfix/header_checks</b>
<p>
+<dt>Example (header_checks):
+
+<dd> /^to: *friend@public\.com$/ REJECT
+
+<p>
+
<a name="smtpd_client_restrictions">
-<h2> Client name/address restrictions</h2>
+<h2> Client hostname/address restrictions</h2>
The <b>smtpd_client_restrictions</b> parameter restricts what
clients this system accepts SMTP connections from.
<a name="reject_unknown_client">
<dt> <b>reject_unknown_client</b> <dd> Reject the request when the
-client address to name lookup failed. The
+client IP address has no PTR record in the DNS. The
<b>unknown_client_reject_code</b> parameter specifies the response
code to rejected requests (default: <b>450</b>).
<a name="permit_mynetworks">
<dt> <b>permit_mynetworks</b> <dd> Permit the request when the
-client address matches any network listed in <a
+client
IP address matches any network listed in <a
href="basic.html#mynetworks"> $mynetworks</a>.
<p>
<dt> <b>check_client_access</b> <i>maptype</i>:<i>mapname</i>
<dt> <i>maptype</i>:<i>mapname</i> <dd> Search the named <a
-href="access.5.html">access database</a> for the client name, parent
-domains, client address, or networks obtained by stripping least
+href="access.5.html">access database</a> for the client hostname, parent
+domains, client IP address, or networks obtained by stripping least
significant octets. Reject the request if the result is <b>REJECT</b>
or "[<b>45</b>]<i>XX text</i>". Permit the request if the result
is <b>OK</b> or <b>RELAY</b> or all-numerical. Otherwise, treat the
<h2> Require HELO (EHLO) command</h2>
The <b>smtpd_helo_required</b> parameter determines if clients must
-send a <b>HELO</b> (<b>EHLO</b>) command at the beginning of an
+send a <b>HELO</b> (or <b>EHLO</b>) command at the beginning of an
SMTP session. Requiring this will stop some UCE software.
<p>
<dt>Default:
<dd>By default, the Postfix <a href="smtpd.8.html">SMTP server</a>
-accepts any hostname.
+accepts any garbage in the <b>HELO</b> (<b>EHLO</b>) command.
<p>
<a name="reject_invalid_hostname">
<dt> <b>reject_invalid_hostname</b> <dd> Reject the request when
-the client HELO and EHLO command has a bad hostname syntax. The
+the client HELO or EHLO parameter has a bad hostname syntax. The
<b>invalid_hostname_reject_code</b> specifies the response code to
rejected requests (default: 501).
<dt> <b>reject_non_fqdn_hostname</b> <dd> Reject the request when
the hostname in the client HELO (EHLO) command is not in fully-qualified
-domain form. The <b>non_fqdn_reject_code</b> specifies the
-response code to rejected requests (default: <b>504</b>).
+domain form, as required by the RFC. The <b>non_fqdn_reject_code</b>
+specifies the response code to rejected requests (default:
+<b>504</b>).
<p>
<dt> <b><a href="#check_client_access">check_client_access</a></b> <i>maptype</i>:<i>mapname</i>
-<dd> See client name/address restrictions.
+<dd> See client hostname/address restrictions.
<p>
</dl>
+<a name="strict_rfc821_envelopes">
+
+<h2> Require strict RFC 821-style envelope addresses </h2>
+
+The <b>strict_rfc821_envelopes</b> parameter controls how tolerant
+Postfix is with respect to addresses given in MAIL FROM or RCPT TO
+commands. Being strict to the RFC not only stops unwanted mail,
+but also blocks legitimate mail from poorly-written mail applications.
+
+<p>
+
+<dl>
+
+<dt> Default:
+
+<dd>By default, the Postfix <a href="smtpd.8.html">SMTP server</a>
+accepts any address form that it can make sense of, including forms
+that contain RFC 822-style comments, or addresses not enclosed in
+<>.
+
+<p>
+
+<dt> Example:
+
+<dd><b>strict_rfc821_envelopes = yes</b>
+
+</dl>
+
<a name="smtpd_sender_restrictions">
<h2> Sender address restrictions</h2>
<dt> <b><a href="#check_client_access">check_client_access</a></b> <i>maptype</i>:<i>mapname</i>
-<dd> See client name/address restrictions.
+<dd> See client hostname/address restrictions.
<p>
<dt>Default:
<dd>By default, the Postfix <a href="smtpd.8.html">SMTP server</a>
-forwards mail from any client that matches <a
-href="basic.html#mynetworks">$mynetworks</a> or <a
-href="#relay_domains">$relay_domains</a>, or to any destination
-that matches <a href="#relay_domains"> $relay_domains</a>.
+relays mail from any client whose IP address matches <a
+href="basic.html#mynetworks">$mynetworks</a> or whose hostname
+matches <a href="#relay_domains">$relay_domains</a> or a subdomain
+thereof, and relays mail to any destination that matches <a
+href="#relay_domains"> $relay_domains</a> or a subdomain thereof.
+
+<p>
+
+In addition, the Postfix <a href="smtpd.8.html">SMTP server</a> by
+default accepts mail for which Postfix is the final destination:
+anything that matches <a href="basic.html#mydomain">$mydomain</a>,
+<a href="basic.html#mynetworks">$mynetworks</a> or <a
+href="virtual.5.html">$virtual_maps</a>, or anything that resolves
+to a mail delivery transport whose name is listed in $local_transports.
<p>
<a name="check_relay_domains">
<dt> <b>check_relay_domains</b> <dd> Permit the request when the
-client hostname matches <a href="#relay_domains">$relay_domains</a>,
-or when the resolved destination address matches <a
-href="basic.html#mydestination">$mydestination</a>, the machine IP
-addresses, or <a href="#relay_domains"> $relay_domains</a>, otherwise
-reject the request. The <b>relay_domains_reject_code</b> parameter
-specifies the response code for rejected requests (default:
+client hostname matches <a href="#relay_domains">$relay_domains</a>
+or a subdomain thereof, or when the resolved destination address
+matches <a href="#relay_domains">$relay_domains</a> or a subdomain
+thereof, or when Postfix is the final destination: anything that
+matches <a href="basic.html#mydomain">$mydomain</a>, <a
+href="basic.html#mynetworks">$mynetworks</a> or <a
+href="virtual.5.html">$virtual_maps</a>, or anything that resolves
+to a mail delivery transport whose name is listed in $local_transports.
+Otherwise reject the request. The <b>relay_domains_reject_code</b>
+parameter specifies the response code for rejected requests (default:
<b>554</b>).
<p>
<dt> <b>permit_auth_destination</b> <dd> Ignore the client hostname.
Permit the request when the resolved destination address matches
-<a href="basic.html#mydestination">$mydestination</a>, the
-machine IP addresses, or <a href="#relay_domains"> $relay_domains</a>.
+<a href="#relay_domains"> $relay_domains</a> or a subdomain thereof,
+or when Postfix is the final destination: anything that matches
+<a href="basic.html#mydomain">$mydomain</a>, <a
+href="basic.html#mynetworks">$mynetworks</a> or <a
+href="virtual.5.html">$virtual_maps</a>, or anything that resolves
+to a mail delivery transport whose name is listed in $local_transports.
<p>
<dt> <b>reject_unauth_destination</b> <dd> Ignore the client
hostname. Reject the request when the resolved destination address
-does not match <a href="basic.html#mydestination">$mydestination</a>,
-the machine IP addresses, or <a href="#relay_domains"> $relay_domains</a>.
+does not match <a href="#relay_domains"> $relay_domains</a> or a
+subdomain thereof, and when Postfix is not the final destination.
+Postfix is final destination for anything that matches <a
+href="basic.html#mydomain">$mydomain</a>, <a
+href="basic.html#mynetworks">$mynetworks</a> or <a
+href="virtual.5.html">$virtual_maps</a>, or anything that resolves
+to a mail delivery transport whose name is listed in $local_transports.
The <b>relay_domains_reject_code</b> parameter specifies the response
code for rejected requests (default: <b>554</b>).
<dt> <b><a href="#check_client_access">check_client_access</a></b> <i>maptype</i>:<i>mapname</i>
-<dd> See client name/address restrictions.
+<dd> See client hostname/address restrictions.
<p>
<dt> <b><a href="#check_client_access">check_client_access</a></b> <i>maptype</i>:<i>mapname</i>
-<dd> See client name/address restrictions.
+<dd> See client hostname/address restrictions.
<p>
<dd>This parameter controls the behavior of the <a
href="#reject_maps_rbl">reject_maps_rbl</a> restriction that can
-appear as part of a client name/address restriction list.
+appear as part of a client hostname/address restriction list.
<p>
<dt>Syntax:
-<dd> Zero or more DNS domains that blacklist client addresses. A
+<dd> Zero or more DNS domains that blacklist client IP addresses. A
host is blacklisted when its reversed IP address is listed as a
subdomain under any of the domains listed in <b>$maps_rbl_domains.</b>
<i>user2@virtual.domain</i> <i>address2,</i> <i>address3</i>
With this, the SMTP server accepts mail for <i>virtual.domain</i>
- (provided that the <b>relay</b><i>_</i><b>domains</b> parameter includes $<b>vir-</b>
- <b>tual</b><i>_</i><b>maps</b>), and mail for <i>unknown</i>@<i>virtual.domain</i> is bounced
- as undeliverable.
+ and rejects mail for <i>unknown</i>@<i>virtual.domain</i> as undeliver-
+ able.
- The format of the virtual table is as follows, mappings
+ The format of the virtual table is as follows, mappings
being tried in the order as listed in this manual page:
blanks and comments
- Blank lines are ignored, as are lines beginning
+ Blank lines are ignored, as are lines beginning
with `#'.
<i>user</i>@<i>domain</i> <i>address,</i> <i>address,</i> <i>...</i>
- Mail for <i>user</i>@<i>domain</i> is redirected to <i>address</i>.
+ Mail for <i>user</i>@<i>domain</i> is redirected to <i>address</i>.
This form has the highest precedence.
<i>user</i> <i>address,</i> <i>address,</i> <i>...</i>
- Mail for <i>user</i>@<i>site</i> is redirected to <i>address</i> when
- <i>site</i> is equal to $<b>myorigin</b>, when <i>site</i> is listed in
+ Mail for <i>user</i>@<i>site</i> is redirected to <i>address</i> when
+ <i>site</i> is equal to $<b>myorigin</b>, when <i>site</i> is listed in
$mydestination, or when it is listed in
$<i>inet_interfaces</i>.
- This functionality overlaps with functionality of
+ This functionality overlaps with functionality of
+ the local <i>alias</i>(5) database. The difference is that
VIRTUAL(5) VIRTUAL(5)
- the local <i>alias</i>(5) database. The difference is that
- <b>virtual</b> mapping can be applied to non-local
+ <b>virtual</b> mapping can be applied to non-local
addresses.
@<i>domain</i> <i>address,</i> <i>address,</i> <i>...</i>
- Mail for any user in <i>domain</i> is redirected to
+ Mail for any user in <i>domain</i> is redirected to
<i>address</i>. This form has the lowest precedence.
- In all the above forms, when <i>address</i> has the form @<i>other-</i>
- <i>domain</i>, the result is the same user in <i>otherdomain</i>. This
+ In all the above forms, when <i>address</i> has the form @<i>other-</i>
+ <i>domain</i>, the result is the same user in <i>otherdomain</i>. This
works for the first address in the expansion only.
<b>ADDRESS</b> <b>EXTENSION</b>
- When the search fails, and the address localpart contains
- the optional recipient delimiter (e.g., <i>user+foo</i>@<i>domain</i>),
- the search is repeated for the unextended address (e.g.
+ When the search fails, and the address localpart contains
+ the optional recipient delimiter (e.g., <i>user+foo</i>@<i>domain</i>),
+ the search is repeated for the unextended address (e.g.
<i>user</i>@<i>domain</i>), and the unmatched address extension is prop-
- agated to the result of expansion. The matching order is:
+ agated to the result of expansion. The matching order is:
<i>user+foo</i>@<i>domain</i>, <i>user</i>@<i>domain</i>, <i>user+foo</i>, <i>user</i>, and @<i>domain</i>.
<b>BUGS</b>
- The table format does not understand quoting conventions.
+ The table format does not understand quoting conventions.
<b>CONFIGURATION</b> <b>PARAMETERS</b>
- The following <b>main.cf</b> parameters are especially relevant
- to this topic. See the Postfix <b>main.cf</b> file for syntax
- details and for default values. Use the <b>postfix</b> <b>reload</b>
+ The following <b>main.cf</b> parameters are especially relevant
+ to this topic. See the Postfix <b>main.cf</b> file for syntax
+ details and for default values. Use the <b>postfix</b> <b>reload</b>
command after a configuration change.
<b>virtual</b><i>_</i><b>maps</b>
Other parameters of interest:
<b>inet</b><i>_</i><b>interfaces</b>
- The network interface addresses that this system
+ The network interface addresses that this system
receives mail on.
<b>mydestination</b>
- List of domains that this mail system considers
+ List of domains that this mail system considers
local.
<b>myorigin</b>
<a href="cleanup.8.html">cleanup(8)</a> canonicalize and enqueue mail
<a href="postmap.1.html">postmap(1)</a> create mapping table
-
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this
VIRTUAL(5) VIRTUAL(5)
-<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
+
+
.fi
.in -4
-With this, the SMTP server accepts mail for \fIvirtual.domain\fR
-(provided that the \fBrelay_domains\fR parameter includes
-$\fBvirtual_maps\fR), and mail for \fIunknown\fR@\fIvirtual.domain\fR
-is bounced as undeliverable.
+With this, the SMTP server accepts mail for \fIvirtual.domain\fR and
+rejects mail for \fIunknown\fR@\fIvirtual.domain\fR as undeliverable.
The format of the virtual table is as follows, mappings being
tried in the order as listed in this manual page:
.SH Miscellaneous
.ad
.fi
+.IP \fBallow_min_user\fR
+Do not bounce recipient addresses that begin with '-'.
.IP \fBrelocated_maps\fR
Tables with contact information for users, hosts or domains
that no longer exist. See \fBrelocated\fR(5).
.fi
In the text below, \fItransport\fR is the first field in a
\fBmaster.cf\fR entry.
+.IP "\fBqmgr_fudge_factor\fR (valid range: 10..100)"
+The percentage of delivery resources that a busy mail system will
+use up for delivery of a large mailing list message.
+With 100%, delivery of one message does not begin before the previous
+message has been delivered. This results in good performance for large
+mailing lists, but results in poor response time for one-to-one mail.
+With less than 100%, response time for one-to-one mail improves,
+but large mailing list delivery performance suffers. In the worst
+case, recipients near the beginning of a large list receive a burst
+of messages immediately, while recipients near the end of that list
+receive that same burst of messages a whole day later.
.IP \fBinitial_destination_concurrency\fR
Initial per-destination concurrency level for parallel delivery
to the same destination.
Limit the number of \fBReceived:\fR message headers.
.IP \fBnotify_classes\fR
List of error classes. Of special interest are:
+.IP \fBlocal_recipient_maps\fR
+List of maps with user names that are local to \fB$myorigin\fR
+or \fB$inet_interfaces\fR. If this parameter is defined,
+then the SMTP server rejects mail for unknown local users.
.RS
.IP \fBpolicy\fR
When a client violates any policy, mail a transcript of the
/* .IP check_relay_domains
/* Allow the request when either the client hostname or the resolved
/* recipient domain matches the \fIrelay_domains\fR configuration
-/* parameter. Reject the request otherwise.
+/* parameter or a subdomain therereof, or when the destination somehow
+/* resolves locally (see $mydestination, $virtual_maps or
+/* $local_transports). Reject the request otherwise.
/* The \fIrelay_domains_reject_code\fR configuration parameter specifies
/* the reject status code (default: 554).
/* .IP permit_auth_destination
-/* Permit the request when the resolved recipient domain matches
-/* the local machine or the \fIrelay_domains\fR configuration parameter.
+/* Permit the request when the resolved recipient domain matches the
+/* \fIrelay_domains\fR configuration parameter or a subdomain therereof,
+/* or when the destination somehow resolves locally (see $mydestination,
+/* $virtual_maps or $local_transports).
/* .IP reject_unauth_destination
/* Reject the request when the resolved recipient domain does not match
-/* the local machine or the \fIrelay_domains\fR configuration parameter.
+/* the \fIrelay_domains\fR configuration parameter or a subdomain
+/* therereof, and when the destination does not somehow resolve locally
+/* (see $mydestination, $virtual_maps or $local_transports).
/* Same error code as check_relay_domains.
/* .IP reject_unauth_pipelining
/* Reject the request when the client has already sent the next request
resolve_clnt_query(STR(query), &reply);
/*
- * Permit if destination is local. XXX This must be generalized for
- * per-domain user tables and for non-UNIX local delivery agents.
+ * Permit if destination is local. That is, the destination matches
+ * mydestination or virtual_maps, or it resolves to any transport that
+ * delivers locally.
*/
if (match_any_local_transport(STR(reply.transport))
|| (domain = strrchr(STR(reply.recipient), '@')) == 0)
return (SMTPD_CHECK_OK);
domain += 1;
+ if (resolve_local(domain)
+ || (*var_virtual_maps && maps_find(virtual_maps, domain, 0)))
+ return (SMTPD_CHECK_OK);
/*
* Permit if the destination matches the relay_domains list.
resolve_clnt_query(STR(query), &reply);
/*
- * Permit if destination is local. XXX This must be generalized for
- * per-domain user tables and for non-UNIX local delivery agents.
+ * Permit if destination is local. That is, the destination matches
+ * mydestination or virtual_maps, or it resolves to any transport that
+ * delivers locally.
*/
if (match_any_local_transport(STR(reply.transport))
|| (domain = strrchr(STR(reply.recipient), '@')) == 0)
return (SMTPD_CHECK_OK);
domain += 1;
+ if (resolve_local(domain)
+ || (*var_virtual_maps && maps_find(virtual_maps, domain, 0)))
+ return (SMTPD_CHECK_OK);
/*
* Permit if the destination matches the relay_domains list.
resolve_clnt_query(STR(query), &reply);
/*
- * Pass if destination is local. XXX This must be generalized for
- * per-domain user tables and for non-UNIX local delivery agents.
+ * Permit if destination is local. That is, the destination matches
+ * mydestination or virtual_maps, or it resolves to any transport that
+ * delivers locally.
*/
if (match_any_local_transport(STR(reply.transport))
|| (domain = strrchr(STR(reply.recipient), '@')) == 0)
return (SMTPD_CHECK_DUNNO);
domain += 1;
+ if (resolve_local(domain)
+ || (*var_virtual_maps && maps_find(virtual_maps, domain, 0)))
+ return (SMTPD_CHECK_DUNNO);
/*
* Pass if the destination matches the relay_domains list.
|| (domain = strrchr(STR(reply.recipient), '@')) == 0)
return (SMTPD_CHECK_OK);
domain += 1;
- if (resolve_local(domain))
+ if (resolve_local(domain)
+ || (*var_virtual_maps && maps_find(virtual_maps, domain, 0)))
return (SMTPD_CHECK_OK);
if (msg_verbose)
|| (domain = strrchr(STR(reply.recipient), '@')) == 0)
return (SMTPD_CHECK_DUNNO);
domain += 1;
+ if (resolve_local(domain)
+ || (*var_virtual_maps && maps_find(virtual_maps, domain, 0)))
+ return (SMTPD_CHECK_DUNNO);
if (domain[0] == '#')
return (SMTPD_CHECK_DUNNO);
if (domain[0] == '[' && domain[strlen(domain) - 1] == ']')
projects / thirdparty / postfix.git / commitdiff
