Milestone: first non-non-production snapshot with TLS.
+20040524
+
+ Workaround: don't send mail to $fallback_relay if Postfix
+ is MX host for the next-hop destination. This is, however,
+ a partial solution. The documentation has been updated to
+ cover all the cases where a fallback_relay could interfere
+ with the operation of a backup or primary MX host. Files:
+ smtp/smtp_addr.c, smtp/smtp_connect.c.
+
+20050127
+
+ Configuration: Postfix daemons that need privileged operation
+ (such as local, pipe, or spawn) now log a fatal error when
+ they are configured in master.cf as unprivileged.
+
+20050130
+
+ Cleanup: simplified the handling of receive_override_options
+ settings. Files: pickup/pickup.c, smtpd/smtpd.c, qmqpd/qmqpd.c,
+ global/input_transp.c.
+
+ Feature: permit_inet_interfaces allows a request when the
+ client matches $inet_interfaces. This is used for generic
+ access restrictions and for header address rewriting control.
+ Files: global/mail_params.h, smtpd/smtpd_check.c.
+
+ Cleanup: by default, message header address rewriting is
+ now enabled only for mail that originates from the machine
+ itself. Files: global/mail_params.h, smtpd/smtpd_check.c.
+
+20050131
+
+ Bugfix: when extracting recipients from message headers,
+ the Postfix sendmail command produced output records longer
+ than $line_length_limit, causing postdrop to reject the
+ mail. Diagnosis by Victor Duchovni. File: sendmail/sendmail.c.
+
Open problems:
+ Low: document regexp usage in aliases and other sensitive
+ maps.
+
+ Low: pointers to postfinger and saslfinger. postfinger
+ is now bundled.
+
Med: transform IPv4-in-IPv6 address literals to IPv4 form
when comparing against local IP addresses?
Topics covered in this document:
- * To rewrite or not to rewrite, or to label as invalid
+ * To rewrite message headers or not, or to label as invalid
* Postfix address rewriting overview
* Address rewriting when mail is received
* Debugging your address manipulations
-T\bTo\bo r\bre\bew\bwr\bri\bit\bte\be o\bor\br n\bno\bot\bt t\bto\bo r\bre\bew\bwr\bri\bit\bte\be,\b, o\bor\br t\bto\bo l\bla\bab\bbe\bel\bl a\bas\bs i\bin\bnv\bva\bal\bli\bid\bd
+T\bTo\bo r\bre\bew\bwr\bri\bit\bte\be m\bme\bes\bss\bsa\bag\bge\be h\bhe\bea\bad\bde\ber\brs\bs o\bor\br n\bno\bot\bt,\b, o\bor\br t\bto\bo l\bla\bab\bbe\bel\bl a\bas\bs i\bin\bnv\bva\bal\bli\bid\bd
Postfix versions 2.1 and earlier always rewrite message header addresses, and
-append Postfix's own domain information to incomplete addresses. While
-rewriting message headers is OK for mail with a local origin, it is undesirable
-for remote mail:
+append Postfix's own domain information to addresses that Postfix considers
+incomplete. While rewriting message header addresses is OK for mail with a
+local origin, it is undesirable for remote mail:
- * Header mangling is frowned upon by mail standards,
- * Appending Postfix's own domain information produces incorrect results with
- remote incomplete addresses,
- * Appending Postfix's own domain information sometimes creates the appearance
- that spam is sent by local users.
+ * Message header address rewriting is frowned upon by mail standards,
+ * Appending Postfix's own domain produces incorrect results with some
+ incomplete addresses,
+ * Appending Postfix's own domain sometimes creates the appearance that spam
+ is sent by local users.
Postfix versions 2.2 give you the option to either not rewrite message headers
from remote SMTP clients at all, or to label incomplete addresses in such
message headers as invalid. Here is how it works:
- * Postfix does not rewrite message headers from remote SMTP clients at all
- when the remote_header_rewrite_domain parameter value is empty.
- * Otherwise, Postfix appends the specified domain name to incomplete
- addresses in message headers from remote SMTP clients. This feature can be
- used to append a reserved domain such as "domain.invalid", so that
+ * Postfix always rewrites message header addresses from local SMTP clients,
+ and from the Postfix sendmail command. The local_header_rewrite_clients
+ parameter controls what SMTP clients Postfix considers local (by default,
+ only local network interface addresses).
+ * Postfix never rewrites message header addresses from remote SMTP clients
+ when the remote_header_rewrite_domain parameter value is empty (the default
+ setting).
+ * Otherwise, Postfix appends the remote_header_rewrite_domain value to
+ incomplete message header addresses from remote SMTP clients. This feature
+ can be used to append a reserved domain such as "domain.invalid", so that
incomplete addresses cannot be mistaken for local addresses.
-The local_header_rewrite_clients parameter controls what SMTP clients Postfix
-considers local instead of remote.
-
P\bPo\bos\bst\btf\bfi\bix\bx a\bad\bdd\bdr\bre\bes\bss\bs r\bre\bew\bwr\bri\bit\bti\bin\bng\bg o\bov\bve\ber\brv\bvi\bie\bew\bw
The figure below zooms in on those parts of Postfix that are most involved with
word wrapping the logging.
* Output from "postconf -n". Please do not send your main.cf file. Or better,
- provide output from the "postfinger" tool.
+ provide output from the "postfinger" tool. This tool is bundled with
+ Postfix 2.2 and later source code, and can be found at http://ftp.wl0.org/
+ SOURCES/postfinger.
* If the problem is about too much mail in the queue, consider including
output from the qshape tool, as described in the QSHAPE_README file.
smtpd(8) qmgr(8) local(8)
- * The anvil(8) server implements client connection and rate limiting for all
- smtpd(8) servers. The TUNING_README document provides guidance for dealing
- with mis-behaving SMTP clients. The anvil(8) service is not included with
- Postfix version 2.1 or earlier.
+ * The anvil(8) server implements client connection and request rate limiting
+ for all smtpd(8) servers. The TUNING_README document provides guidance for
+ dealing with mis-behaving SMTP clients. The anvil(8) service is not
+ included with Postfix version 2.1 or earlier.
Network -> smtpd(8) <-> anvil(8)
* The scache(8) server maintains the connection cache for the Postfix smtp(8)
client. When connection caching is enabled for selected destinations, the
smtp(8) client does not disconnect immediately after a mail transaction,
- but gives the connection to the connection cache server. The smtp(8) client
- continues with some other mail delivery request. Meanwhile, the connection
- cache server keeps the connection open for a limited amount of time. During
- that time, any smtp(8) process can ask the scache(8) server for that cached
- connection and use it for mail delivery.
+ but gives the connection to the connection cache server which keeps the
+ connection open for a limited amount of time. The smtp(8) client continues
+ with some other mail delivery request. Meanwhile, any smtp(8) process can
+ ask the scache(8) server for that cached connection and reuse it for mail
+ delivery. As a safety measure, Postfix limits the number of times that a
+ connection may be reused.
- smtp(8) -> scache(8) -> smtp(8)
-
+ When delivering mail to a destination with multiple mail servers,
+ connection caching can help to skip over a non-responding server, and thus
+ dramatically speed up delivery.
+
+ smtp(8) <-> scache(8) <-> smtp(8)
+
* The showq(8) servers list the Postfix queue status. This is the queue
listing service that does the work for the mailq(1) and postqueue(1)
error streams. You can find examples of its use in the SMTPD_POLICY_README
document.
+ * The tlsmgr(8) server runs when TLS (Transport Layer Security, formerly
+ known as SSL) is turned on in the Postfix smtp(8) client or smtpd(8)
+ server. This process has two duties:
+
+ o Maintain the pseudo-random number generator (PRNG) that is used to seed
+ the TLS engines in Postfix smtp(8) client or smtpd(8) server processes.
+ The state of this PRNG is saved periodically to a file, and is read
+ when tlsmgr(8) starts up.
+
+ o Maintain the optional Postfix smtp(8) client or smtpd(8) server caches
+ with TLS session keys. Saved keys can improve performance by reducing
+ the amount of computation at the start of a TLS session.
+
+ TLS support is available in Postfix version 2.2 and later. Information
+ about the Postfix TLS implementation is in the TLS_README document.
+
+ <---seed--- ---seed--->
+ Network-> smtpd(8) tlsmgr(8) smtp(8) ->Network
+ <-session-> <-session->
+
+ / | \
+ |
+ / \
+
+ smtpd PRNG smtp
+ session state session
+ cache file cache
+
* The verify(8) server verifies that a sender or recipient address is
deliverable before the smtpd(8) server accepts it. The verify(8) server
injects probe messages into the Postfix queue and processes status updates
"CCARGS=-DHAS_PCRE -I/usr/local/include" \
"AUXLIBS=-L/usr/local/lib -lpcre"
-Solaris may need run-time path information:
+Solaris needs run-time path information too:
make -f Makefile.init makefiles \
"CCARGS=-DHAS_PCRE -I/usr/local/include" \
Execute the command "p\bpo\bos\bst\btm\bma\bap\bp /\b/e\bet\btc\bc/\b/p\bpo\bos\bst\btf\bfi\bix\bx/\b/t\btr\bra\ban\bns\bsp\bpo\bor\brt\bt" whenever you change the
transport table.
+NOTE: Do not use the fallback_relay feature when relaying mail for a backup or
+primary MX domain. Mail would loop between the Postfix MX host and the
+fallback_relay host when the final destination is unavailable.
+
+ * In main.cf specify "relay_transport = relay",
+ * In master.cf specify "-o fallback_relay =" at the end of the relay entry.
+ * In transport maps, specify "relay:nexthop..." as the right-hand side for
+ backup or primary MX domain entries.
+
+These are default settings in Postfix version 2.2 and later.
+
P\bPo\bos\bst\btf\bfi\bix\bx o\bon\bn a\ba d\bdi\bia\bal\blu\bup\bp m\bma\bac\bch\bhi\bin\bne\be
This section applies to dialup connections that are down most of the time. For
carefully as Wietse's own code, every 1000 lines introduce one additional bug
into Postfix.
-P\bPu\bur\brp\bpo\bos\bse\be o\bof\bf t\bth\bhi\bis\bs d\bdo\boc\bcu\bum\bme\ben\bnt\bt
+I\bIn\bnt\btr\bro\bod\bdu\buc\bct\bti\bio\bon\bn
-This document describes how to build Postfix with Transport Layer Security
-(TLS) support in the Postfix SMTP client and Postfix SMTP server, and how to
-configure the TLS manager daemon that maintains the Pseudo Random Number
-Generator (PRNG) pool and the TLS session cache information.
+This document requires Postfix version 2.2 or later.
+
+Postfix may be built with Transport Layer Security (TLS, formerly called SSL)
+protocol support as described in RFC 3207. This provides certificate-based
+authentication, and encrypted sessions. An encrypted session protects the
+information that is transmitted with SMTP mail or with SASL authentication. The
+main elements of the Postfix TLS architecture are:
+
+ * The smtpd(8) server implements the SMTP over TLS server side.
+
+ * The smtp(8) client implements the SMTP over TLS client side.
+
+ * The tlsmgr(8) server maintains the pseudo-random number generator (PRNG)
+ that seeds the TLS engines in the smtpd(8) server and smtp(8) client
+ processes, and maintains the TLS session cache files with TLS session keys.
+
+The following diagram shows the relationship between these architecture
+elements.
+
+ <---seed--- ---seed--->
+Network-> smtpd(8) tlsmgr(8) smtp(8) ->Network
+ <-session-> <-session->
+
+ / | \
+ |
+ / \
+
+ smtpd PRNG smtp
+ session state session
+ cache file cache
Topics covered in this document:
To build Postfix with TLS support, first we need to generate the make(1) files
with the necessary definitions. This is done by invoking the command "make
-makefiles in the Postfix top-level directory and with arguments as shown next.
+makefiles" in the Postfix top-level directory and with arguments as shown next.
* If the OpenSSL include files (such as ssl.h) are in directory /usr/include/
openssl, and the OpenSSL libraries (such as libssl.so and libcrypto.so) are
% m\bma\bak\bke\be m\bma\bak\bke\bef\bfi\bil\ble\bes\bs C\bCC\bCA\bAR\bRG\bGS\bS=\b="\b"-\b-D\bDU\bUS\bSE\bE_\b_T\bTL\bLS\bS -\b-I\bI/\b/u\bus\bsr\br/\b/l\blo\boc\bca\bal\bl/\b/i\bin\bnc\bcl\blu\bud\bde\be"\b" \\b\
A\bAU\bUX\bXL\bLI\bIB\bBS\bS=\b="\b"-\b-L\bL/\b/u\bus\bsr\br/\b/l\blo\boc\bca\bal\bl/\b/l\bli\bib\bb -\b-l\bls\bss\bsl\bl -\b-l\blc\bcr\bry\byp\bpt\bto\bo"\b"
+ On Solaris, specify the -R option as shown below:
+
+ % m\bma\bak\bke\be t\bti\bid\bdy\by # if you have left-over files from a previous build
+ % m\bma\bak\bke\be m\bma\bak\bke\bef\bfi\bil\ble\bes\bs C\bCC\bCA\bAR\bRG\bGS\bS=\b="\b"-\b-D\bDU\bUS\bSE\bE_\b_T\bTL\bLS\bS -\b-I\bI/\b/u\bus\bsr\br/\b/l\blo\boc\bca\bal\bl/\b/i\bin\bnc\bcl\blu\bud\bde\be"\b" \\b\
+ A\bAU\bUX\bXL\bLI\bIB\bBS\bS=\b="\b"-\b-R\bR/\b/u\bus\bsr\br/\b/l\blo\boc\bca\bal\bl/\b/l\bli\bib\bb -\b-L\bL/\b/u\bus\bsr\br/\b/l\blo\boc\bca\bal\bl/\b/l\bli\bib\bb -\b-l\bls\bss\bsl\bl -\b-l\blc\bcr\bry\byp\bpt\bto\bo"\b"
+
If you need to apply other customizations (such as Berkeley DB databases,
MySQL, PosgreSQL, LDAP or SASL), see the respective Postfix README documents,
and combine their "make makefiles" instructions with the instructions above:
Don't use TLS at all.
MAY
Try to use STARTTLS if offered, otherwise use the unencrypted
- connection. NOTE: STARTTLS can be used only if TLS is already enabled
- via main.cf, so that the client TLS engine is properly initialized at
- program startup.
+ connection.
MUST
Require usage of STARTTLS, require that the remote SMTP server hostname
matches the information in the remote SMTP server certificate, and
In order to feed its in-memory PRNG pool, the tlsmgr(8) reads entropy from an
external source, both at startup and during run-time. Specify a good entropy
-source, like EGD or /dev/urandom; be sure to only use non-blocking sources. If
-the entropy source is not a regular file, you must prepend the source type to
-the source name: "dev:" for a device special file, or "egd:" for a source with
-EGD compatible socket interface.
+source, like EGD or /dev/urandom; be sure to only use non-blocking sources (on
+OpenBSD, use /dev/arandom when tlsmgr(8) complains about /dev/urandom timeout
+errors). If the entropy source is not a regular file, you must prepend the
+source type to the source name: "dev:" for a device special file, or "egd:" for
+a source with EGD compatible socket interface.
Examples (specify only one in main.cf):
network link.
* Reduce the smtp_connect_timeout and smtp_helo_timeout values so that
- Postfix does not waste lots of time connecting to non-responding smtpd(8)
- servers.
+ Postfix does not waste lots of time connecting to non-responding remote
+ SMTP servers.
* Use a dedicated mail delivery transport for problematic destinations, with
reduced timeouts and with adjusted concurrency. See "Tuning the number of
hostname.
* The SOURCE attribute specifies LOCAL when the message was received from a
- source that is local with respect to the up-stream host, REMOTE for mail
- from a remote source, or [UNAVAILABLE] when the information is unavailable.
- The down-stream MTA may decide to enable header munging and address
- qualification with mail from local sources.
+ source that is local with respect to the up-stream host (for example, the
+ message originated from the up-stream host itself), REMOTE for all other
+ mail, or [UNAVAILABLE] when the information is unavailable. The down-stream
+ MTA may decide to enable features such as header munging or address
+ qualification with mail from local sources but not other sources.
Note 1: Attribute values must not be longer than 255 characters (specific
attributes may impose shorter lengths), must not contain control characters,
and change the patchlevel and the release date. Patches are never
issued for snapshot releases.
+Incompatible changes with snapshot Postfix-2.2-20050131
+=======================================================
+
+Postfix rewrites message header addresses only in mail that originates
+from the local machine. Specify "local_header_rewrite_clients =
+static:all" to get the old behavior of Postfix 2.1 and earlier.
+
Incompatible changes with snapshot Postfix-2.2-20050117
=======================================================
--- /dev/null
+#!/bin/sh
+# postfinger - captures Postfix configuration for reporting errors
+#
+# Inspired by comments on the postfix-users mailing list.
+# Copyright (C) 2003 Simon J. Mudd (sjmudd@pobox.com)
+# With help from:
+# Matthias Andree <ma@dt.e-technik.uni-dortmund.de>
+# Victor Duchovni <Victor.Duchovni@morganstanley.com>
+# Sasa Babic <sasab@hygia.pharmacy.bg.ac.yu>
+# Iñaki Arenaza <iarenaza@escomposlinux.org>
+# Jorge Gordoy <gordoy@g2ctech.com>
+# $Revision: 1.29 $
+#
+# License:
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You may have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
+# USA.
+#
+# An on-line copy of the GNU General Public License can be found
+# http://www.fsf.org/copyleft/gpl.html.
+
+version_number=1.29 # don't use rcs version here
+version="version: ${version_number}"
+BACKUP_IFS=$IFS
+usage="postfinger ${version}: a Postfix configuration extraction utility
+Usage: postfinger [options]
+
+Options can be any of:
+ --all Show all configuration information
+ --system Show basic system environment (os/kernel/...) [default]
+ --package Show packaging information [default]
+ --locking Show mailbox locking methods
+ --tables Show supported lookup tables
+ --main Show main.cf non-default configuration values [default]
+ --defaultsinmain Show main.cf defined values which are identical to defaults
+ --master Show master.cf configuration [default]
+ --permissions Show some of the spool_directory permissions
+ --libraries Show the Postfix libraries dependencies
+
+ --nosystem Do not show basic system environment (os/kernel/...)
+ --nomain Do not show main.cf non-default configuration values
+ --nomaster Do not show master.cf configuration
+ --nowarn Do not warn about private information being leaked to
+ outsiders
+ --version print the version of postfinger being used and exit
+
+Mail bug reports and suggestions to <postfinger@WL0.org>".
+
+system=1; package=1; locking=; tables=; main=1; master=1; permissions=; libraries=;warn=1;defaultsinmain=
+
+for arg
+do
+ case $arg in
+ --version) echo "postfinger ${version}"; exit 0;;
+ --all) system=1; package=1; locking=1; tables=1; main=1; master=1; permissions=1; libraries=1; warn=1;;
+ --system) system=1;;
+ --package) package=1;;
+ --locking) locking=1;;
+ --tables) tables=1;;
+ --main) main=1;;
+ --defaultsinmain) defaultsinmain=1;;
+ --master) master=1;;
+ --permissions) permissions=1;;
+ --libraries) libraries=1;;
+ --nosystem) system=;;
+ --nomain) main=;;
+ --nomaster) master=;;
+ --nowarn) warn=;;
+ --help) echo "${usage}"; exit 0;;
+ *) echo "Error: ${usage}" 1>&2; exit 1;;
+ esac
+ shift
+done
+
+echo "postfinger - postfix configuration on `LANG=C date`"
+echo ${version}
+echo ''
+
+[ "${warn}" = 1 ] && {
+cat <<END
+Warning: postfinger output may show private configuration information,
+such as ip addresses and/or domain names which you do not want to show
+to the public. If this is the case it is your responsibility to modify
+the output to hide this private information. [Remove this warning with
+the --nowarn option.]
+
+END
+}
+
+# Look for postconf, using environment variable if given
+[ -n "${POSTCONF}" ] && [ ! -x "${POSTCONF}" ] && POSTCONF=
+[ -z "${POSTCONF}" ] && [ -x /usr/sbin/postconf ] && POSTCONF=/usr/sbin/postconf
+[ -z "${POSTCONF}" ] && [ -x /usr/local/sbin/postconf ] && POSTCONF=/usr/local/sbin/postconf
+[ -z "${POSTCONF}" ] && {
+ echo "$0: can not find postconf"
+ echo "set POSTCONF to postconf's location and try again"
+ exit 1
+}
+
+# Look for smtpd, using environment variable if given
+[ -z "${SMTPD}" ] && {
+ SMTPD=`${POSTCONF} -h daemon_directory`/smtpd
+ [ -d "${SMTPD}" -o ! -x "${SMTPD}" ] && SMTPD=
+}
+[ -z "${SMTPD}" ] && {
+ echo "$0: can not find smtpd"
+ echo "set SMTPD to smtpd's location and try again"
+ exit 1
+}
+
+[ "${system}" = 1 ] && {
+ echo '--System Parameters--'
+ ${POSTCONF} -d mail_version
+ echo "hostname = `hostname`"
+ echo "uname = `uname -a`"
+ echo ""
+}
+
+# check for different packaging systems and try to identify if this postfix
+# (smtpd) comes from a package.
+# I would appreciate help in adapting this part to include other packaging
+# systems.
+[ "${package}" = 1 ] && {
+ echo "--Packaging information--"
+
+ DPKG=
+ [ -x /usr/bin/dpkg ] && DPKG=/usr/bin/dpkg
+ [ -z "${DPKG}" ] && [ -x /usr/local/bin/dpkg ] && DPKG=/usr/local/bin/dpkg
+ [ -n "${DPKG}" ] && {
+ ${DPKG} -S ${SMTPD} >/dev/null 2>/dev/null && {
+ package=`${DPKG} -S ${SMTPD} | awk -F: '{print $1}' | head -n 1`
+ package_ver=`COLUMNS=132 ${DPKG} -l ${package} | grep ii | grep -v "documentation" | awk '{print $3}'`
+ echo "looks like this postfix comes from deb package: ${package}-${package_ver}"
+ }
+ }
+
+ RPM=
+ [ -x /bin/rpm ] && RPM=/bin/rpm
+ [ -z "${RPM}" ] && [ -x /usr/local/bin/rpm ] && RPM=/usr/local/bin/rpm
+ [ -n "${RPM}" ] && {
+ ${RPM} -qf ${SMTPD} >/dev/null 2>/dev/null && \
+ echo "looks like this postfix comes from RPM package: `${RPM} -qf ${SMTPD}`"
+ }
+
+ BSDPKG=
+ [ -x /usr/sbin/pkg_info ] && BSDPKG=/usr/sbin/pkg_info
+ [ -n "${BSDPKG}" ] && {
+ ${BSDPKG} -q -W ${SMTPD} >/dev/null 2>/dev/null && \
+ echo "looks like this postfix comes from BSD package: `${BSDPKG} -q -W ${SMTPD}`"
+ }
+
+ echo ""
+}
+
+IFS="
+"
+[ "${locking}" = 1 ] && {
+ echo "--Mailbox locking methods--"
+ locking_methods=`${POSTCONF} -l`
+ echo $locking_methods
+ echo ""
+}
+
+[ "${tables}" = 1 ] && {
+ echo "--Supported Lookup tables--"
+ lookup_tables=`${POSTCONF} -m`
+ echo $lookup_tables
+ echo ""
+}
+
+[ "${main}" = 1 -o "${defaultsinmain}" = 1 ] && {
+ if [ "x`find . -prune \( -perm 020 -o -perm 002 \) -print`" != "x" ]
+ then
+ echo 2>&2 "Do not run this in a public- or group-writable directory"
+ exit 1
+ fi
+
+ rm -f postfinger.$$.d postfinger.$$.n
+ ${POSTCONF} -d | tr -s [:blank:] | sort > postfinger.$$.d
+ ${POSTCONF} -n | tr -s [:blank:] | sort > postfinger.$$.n
+
+ [ "$main" = 1 ] && {
+ echo "--main.cf non-default parameters--"
+ comm -13 postfinger.$$.d postfinger.$$.n
+ echo ""
+ }
+
+ [ "${defaultsinmain}" = 1 ] && {
+ echo "--main.cf parameters defined as per defaults--"
+ comm -12 postfinger.$$.d postfinger.$$.n
+ echo ""
+ }
+
+ rm -f postfinger.$$.d postfinger.$$.n
+}
+
+[ "${master}" = 1 ] && {
+ echo "--master.cf--"
+ # Remove blank and commented lines to reduce the output
+ # Note: the second grep contains a space followed by a tab character
+ cat `${POSTCONF} -h config_directory`/master.cf | \
+ grep -v '^#' | \
+ grep -v '^[ ]*$'
+ echo ""
+}
+
+[ "${permissions}" = 1 ] && {
+ echo "--Specific file and directory permissions--"
+ ls -ld `${POSTCONF} -h queue_directory`/maildrop
+ ls -ld `${POSTCONF} -h queue_directory`/public
+ ls -l `${POSTCONF} -h queue_directory`/public 2>/dev/null || {
+ echo 'WARNING: No access to $queue_directory/public'
+ echo ' Try running postfinger as user root or postfix'
+ }
+ ls -ld `${POSTCONF} -h queue_directory`/private
+ ls -l `${POSTCONF} -h queue_directory`/private 2>/dev/null || {
+ echo 'WARNING: No access to $queue_directory/private'
+ echo ' Try running postfinger as user root or postfix'
+ }
+ ls -l `${POSTCONF} -h command_directory`/postdrop
+ ls -l `${POSTCONF} -h command_directory`/postqueue
+ echo ""
+}
+
+[ "${libraries}" = 1 ] && {
+ echo "--Library dependencies--"
+ echo "${SMTPD}:"
+ ldd ${SMTPD} || echo "WARNING: Can not find ldd. Check you have it installed and in your path"
+}
+
+echo "-- end of postfinger output --"
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
+# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - n - - smtp
+ -o fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
<ul>
-<li> <a href="#william"> To rewrite or not to rewrite, or to label
+<li> <a href="#william"> To rewrite message headers or not, or to label
as invalid </a>
<li> <a href="#overview"> Postfix address rewriting overview </a>
</ul>
-<h2> <a name="william"> To rewrite or not to rewrite, or to label
+<h2> <a name="william"> To rewrite message headers or not, or to label
as invalid </a> </h2>
<p> Postfix versions 2.1 and earlier always rewrite message header
-addresses, and append Postfix's own domain information to incomplete
-addresses. While rewriting message headers is OK for mail with a
-local origin, it is undesirable for remote mail: </p>
+addresses, and append Postfix's own domain information to addresses
+that Postfix considers incomplete. While rewriting message header
+addresses is OK for mail with a local origin, it is undesirable
+for remote mail: </p>
<ul>
-<li> Header mangling is frowned upon by mail standards,
+<li> Message header address rewriting is frowned upon by mail standards,
-<li> Appending Postfix's own domain information produces incorrect
-results with remote incomplete addresses,
+<li> Appending Postfix's own domain produces incorrect results with
+some incomplete addresses,
-<li> Appending Postfix's own domain information sometimes creates
-the appearance that spam is sent by local users.
+<li> Appending Postfix's own domain sometimes creates the appearance
+that spam is sent by local users.
</ul>
<ul>
-<li> Postfix does not rewrite message headers from remote SMTP
-clients at all when the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter
-value is empty.
+<li> Postfix always rewrites message header addresses from local
+SMTP clients, and from the Postfix sendmail command. The
+<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter controls what SMTP clients
+Postfix considers local (by default, only local network interface
+addresses).
-<li> Otherwise, Postfix appends the specified domain name to
-incomplete addresses in message headers from remote SMTP clients.
-This feature can be used to append a reserved domain such as
-"domain.invalid", so that incomplete addresses cannot be mistaken
+<li> Postfix never rewrites message header addresses from remote
+SMTP clients when the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter value
+is empty (the default setting).
+
+<li> Otherwise, Postfix appends the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a>
+value to incomplete message header addresses from remote SMTP
+clients. This feature can be used to append a reserved domain such
+as "domain.invalid", so that incomplete addresses cannot be mistaken
for local addresses.
</ul>
-<p> The <a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter controls what SMTP
-clients Postfix considers local instead of remote. </p>
-
<h2> <a name="overview"> Postfix address rewriting overview </a> </h2>
<p> The figure below zooms in on those parts of Postfix that are most
the helpers by word wrapping the logging. </p>
<li> <p> Output from "postconf -n". Please do not send your main.cf
-file. Or better, provide output from the "postfinger" tool. </p>
+file. Or better, provide output from the "postfinger" tool. This
+tool is bundled with Postfix 2.2 and later source code, and can be
+found at <a href="http://ftp.wl0.org/SOURCES/postfinger">http://ftp.wl0.org/SOURCES/postfinger</a>. </p>
<li> <p> If the problem is about too much mail in the queue, consider
including output from the qshape tool, as described in the
</table>
-<li> <p> The <a href="anvil.8.html">anvil(8)</a> server implements client connection and rate
+<li> <p> The <a href="anvil.8.html">anvil(8)</a> server implements client connection and
+request rate
limiting for all <a href="smtpd.8.html">smtpd(8)</a> servers. The <a href="TUNING_README.html">TUNING_README</a> document
provides guidance for dealing with mis-behaving SMTP clients. The
<a href="anvil.8.html">anvil(8)</a> service is not included with Postfix version 2.1 or earlier.
<li> <p> The <a href="scache.8.html">scache(8)</a> server maintains the connection cache for
the Postfix <a href="smtp.8.html">smtp(8)</a> client. When connection caching is enabled for
-selected
-destinations, the <a href="smtp.8.html">smtp(8)</a> client does not disconnect immediately
-after a mail transaction, but gives the connection to the connection
-cache server. The <a href="smtp.8.html">smtp(8)</a> client continues with some other mail
-delivery request. Meanwhile, the connection cache server keeps the
-connection open for a limited amount of time. During that time,
-any <a href="smtp.8.html">smtp(8)</a> process can ask the <a href="scache.8.html">scache(8)</a> server for that cached
-connection and use it for mail delivery. </p>
+selected destinations, the <a href="smtp.8.html">smtp(8)</a> client does not disconnect
+immediately after a mail transaction, but gives the connection to
+the connection cache server which keeps the connection open for a
+limited amount of time. The <a href="smtp.8.html">smtp(8)</a> client continues with some
+other mail delivery request. Meanwhile, any <a href="smtp.8.html">smtp(8)</a> process can
+ask the <a href="scache.8.html">scache(8)</a> server for that cached connection and reuse it
+for mail delivery. As a safety measure, Postfix limits the number
+of times that a connection may be reused. </p>
+
+<p> When delivering mail to a destination with multiple mail servers,
+connection caching can help to skip over a non-responding server,
+and thus dramatically speed up delivery. </p>
<table>
-<tr> <td
> <td align="center" bgcolor="#f0f0ff"> <br> <a href="smtp.8.html">smtp(8)</a> <br>
- </td> <td> <tt> -> </tt> </td> <td> <td align="center"
-bgcolor="#f0f0ff"> <br> <a href="scache.8.html">scache(8)</a> <br> </td> <td> <tt> ->
-</tt> </td> <td> <td align="center" bgcolor="#f0f0ff"> <br> <a href="smtp.8.html">smtp(8)</a>
-<br> </td>
+<tr> <td align="center" bgcolor="#f0f0ff"> <br> <a href="smtp.8.html">smtp(8)</a> <br>
+ </td> <td> <tt> <-> </tt> </td> <td align="center"
+bgcolor="#f0f0ff"> <br> <a href="scache.8.html">scache(8)</a> <br> </td> <td> <tt>
+<-> </tt> </td> <td align="center" bgcolor="#f0f0ff"> <br>
+<a href="smtp.8.html">smtp(8)</a> <br> </td>
</table>
standard input, output and error streams. You can find examples of
its use in the <a href="SMTPD_POLICY_README.html">SMTPD_POLICY_README</a> document. </p>
+<li> <p> The <a href="tlsmgr.8.html">tlsmgr(8)</a> server runs when TLS (Transport Layer
+Security, formerly known as SSL) is turned on in the Postfix <a href="smtp.8.html">smtp(8)</a>
+client or <a href="smtpd.8.html">smtpd(8)</a> server. This process has two duties: </p>
+
+<ul>
+
+<li> <p> Maintain the pseudo-random number generator (PRNG) that
+is used to seed the TLS engines in Postfix <a href="smtp.8.html">smtp(8)</a> client or <a href="smtpd.8.html">smtpd(8)</a>
+server processes. The state of this PRNG is saved periodically to
+a file, and is read when <a href="tlsmgr.8.html">tlsmgr(8)</a> starts up. </p>
+
+<li> <p> Maintain the optional Postfix <a href="smtp.8.html">smtp(8)</a> client or <a href="smtpd.8.html">smtpd(8)</a>
+server caches with TLS session keys. Saved keys can improve
+performance by reducing the amount of computation at the start of
+a TLS session. </p>
+
+</ul>
+
+<p> TLS support is available in Postfix version 2.2 and later.
+Information about the Postfix TLS implementation is in the <a href="TLS_README.html">TLS_README</a>
+document. </p>
+
+<table>
+
+<tr> <td>Network<tt>-> </tt> </td> <td align="center"
+bgcolor="#f0f0ff"> <br> <a href="smtpd.8.html">smtpd(8)</a> <br> </td> <td colspan="2">
+<tt> <---seed---<br><br><-session-> </tt> </td> <td
+align="center" bgcolor="#f0f0ff"> <br> <a href="tlsmgr.8.html">tlsmgr(8)</a> <br> </td>
+<td colspan="3"> <tt> ---seed---><br> <br><-session->
+</tt> </td> <td align="center" bgcolor="#f0f0ff"> <br> <a href="smtp.8.html">smtp(8)</a> <br>
+ </td> <td> <tt> -></tt>Network </td> </tr>
+
+<tr> <td colspan="3"> </td> <td align="right"> <table> <tr> <td>
+</td> <td> / </td> </tr> <tr> <td> / </td> <td> </td> </tr> </table>
+</td> <td align="center"> |<br> |</td> <td align="left"> <table>
+<tr> <td> \ </td> <td> </td> </tr> <tr> <td> </td> <td> \ </td>
+</tr> </table> </td> <td colspan="3"> </td> </tr>
+
+<tr> <td colspan="2"> </td> <td align="center" bgcolor="#f0f0ff">
+smtpd<br> session<br> cache </td> <td> </td> <td align="center"
+bgcolor="#f0f0ff"> PRNG<br> state <br>file </td> <td> </td> <td
+align="center" bgcolor="#f0f0ff"> smtp<br> session<br> cache </td>
+<td colspan="2"> </td> </tr>
+
+</table>
+
+
<li> <p> The <a href="verify.8.html">verify(8)</a> server verifies that a sender or recipient
address is deliverable before the <a href="smtpd.8.html">smtpd(8)</a> server accepts it. The
<a href="verify.8.html">verify(8)</a> server injects probe messages into the Postfix queue and
</pre>
</blockquote>
-<p> Solaris may need run-time path information: </p>
+<p> Solaris needs run-time path information too: </p>
<blockquote>
<pre>
<b>dbm</b> files instead of <b>db</b> files. To find out what lookup
tables Postfix supports, use the command "<b>postconf -m</b>". </p>
-<p> Execute the command "<b>postmap /etc/postfix/transport</b>" whenever
-you change the transport table. </p>
+<p> Execute the command "<b>postmap /etc/postfix/transport</b>"
+whenever you change the transport table. </p>
+
+<p> NOTE: Do not use the <a href="postconf.5.html#fallback_relay">fallback_relay</a> feature when relaying mail
+for a backup or primary MX domain. Mail would loop between the
+Postfix MX host and the <a href="postconf.5.html#fallback_relay">fallback_relay</a> host when the final destination
+is unavailable. </p>
+
+<ul>
+
+<li> In main.cf specify "<tt><a href="postconf.5.html#relay_transport">relay_transport</a> = relay</tt>",
+
+<li> In master.cf specify "<tt>-o <a href="postconf.5.html#fallback_relay">fallback_relay</a> =</tt>" at the
+end of the <tt>relay</tt> entry.
+
+<li> In transport maps, specify "<tt>relay:<i>nexthop...</i></tt>"
+as the right-hand side for backup or primary MX domain entries.
+
+</ul>
+
+<p> These are default settings in Postfix version 2.2 and later.
+</p>
<h2><a name="dialup">Postfix on a dialup machine</a></h2>
own code, every 1000 lines introduce one additional bug into
Postfix. </p>
-<h2> Purpose of this document </h2>
+<h2> Introduction </h2>
-<p> This document describes how to build Postfix with Transport
-Layer Security (TLS) support in the Postfix SMTP client and Postfix
-SMTP server, and how to configure the TLS manager daemon that
-maintains the Pseudo Random Number Generator (PRNG) pool and the
-TLS session cache information. </p>
+<p> This document requires Postfix version 2.2 or later. </p>
+
+<p> Postfix may be built with Transport Layer Security (TLS, formerly
+called SSL) protocol support as described in <a href="http://www.faqs.org/rfcs/rfc3207.html">RFC 3207</a>. This provides
+certificate-based authentication, and encrypted sessions. An
+encrypted session protects the information that is transmitted with
+SMTP mail or with SASL authentication. The main elements of the
+Postfix TLS architecture are: </p>
+
+<ul>
+
+<li> <p> The <a href="smtpd.8.html">smtpd(8)</a> server implements the SMTP over TLS server
+side. </p>
+
+<li> <p> The <a href="smtp.8.html">smtp(8)</a> client implements the SMTP over TLS client
+side. </p>
+
+<li> <p> The <a href="tlsmgr.8.html">tlsmgr(8)</a> server maintains the pseudo-random number
+generator (PRNG) that seeds the TLS engines in the <a href="smtpd.8.html">smtpd(8)</a> server
+and <a href="smtp.8.html">smtp(8)</a> client processes, and maintains the TLS session cache
+files with TLS session keys. </p>
+
+</ul>
+
+<p> The following diagram shows the relationship between these
+architecture elements. </p>
+
+<table>
+
+<tr> <td>Network<tt>-> </tt> </td> <td align="center"
+bgcolor="#f0f0ff"> <br> <a href="smtpd.8.html">smtpd(8)</a> <br> </td> <td colspan="2">
+
+<tt> <---seed---<br><br><-session-> </tt> </td> <td
+align="center" bgcolor="#f0f0ff"> <br> <a href="tlsmgr.8.html">tlsmgr(8)</a> <br> </td>
+<td colspan="3"> <tt> ---seed---><br> <br><-session->
+
+</tt> </td> <td align="center" bgcolor="#f0f0ff"> <br> <a href="smtp.8.html">smtp(8)</a> <br>
+ </td> <td> <tt> -></tt>Network </td> </tr>
+
+<tr> <td colspan="3"> </td> <td align="right"> <table> <tr> <td>
+
+</td> <td> / </td> </tr> <tr> <td> / </td> <td> </td> </tr> </table>
+</td> <td align="center"> |<br> |</td> <td align="left"> <table>
+
+<tr> <td> \ </td> <td> </td> </tr> <tr> <td> </td> <td> \ </td>
+</tr> </table> </td> <td colspan="3"> </td> </tr>
+
+<tr> <td colspan="2"> </td> <td align="center" bgcolor="#f0f0ff">
+smtpd<br> session<br> cache </td> <td> </td> <td align="center"
+bgcolor="#f0f0ff"> PRNG<br> state <br>file </td> <td> </td> <td
+align="center" bgcolor="#f0f0ff"> smtp<br> session<br> cache </td>
+
+<td colspan="2"> </td> </tr>
+
+</table>
<p> Topics covered in this document: </p>
<p> To build Postfix with TLS support, first we need to generate
the <tt>make(1)</tt> files with the necessary definitions. This is
-done by invoking the command "<tt>make makefiles</tt> in the Postfix
+done by invoking the command "<tt>make makefiles</tt>" in the Postfix
top-level directory and with arguments as shown next. </p>
<ul>
</pre>
</blockquote>
+<p> On Solaris, specify the <tt>-R</tt> option as shown below:
+
+<blockquote>
+<pre>
+% <b>make tidy</b> # if you have left-over files from a previous build
+% <b>make makefiles CCARGS="-DUSE_TLS -I/usr/local/include" \
+ AUXLIBS="-R/usr/local/lib -L/usr/local/lib -lssl -lcrypto" </b>
+</pre>
+</blockquote>
+
</ul>
<p> If you need to apply other customizations (such as Berkeley DB
<dt> NONE </dt> <dd> Don't use TLS at all. </dd>
<dt> MAY </dt> <dd> Try to use STARTTLS if offered, otherwise use
-the unencrypted connection. NOTE: STARTTLS can be used only if TLS
-is already enabled via main.cf, so that the client TLS engine is
-properly initialized at program startup. </dd>
+the unencrypted connection. </dd>
<dt> MUST </dt> <dd> Require usage of STARTTLS, require that the
remote SMTP server hostname matches the information in the remote
<p> In order to feed its in-memory PRNG pool, the <a href="tlsmgr.8.html">tlsmgr(8)</a> reads
entropy from an external source, both at startup and during run-time.
Specify a good entropy source, like EGD or /dev/urandom; be sure
-to only use non-blocking sources. If the entropy source is not a
+to only use non-blocking sources (on OpenBSD, use /dev/arandom
+when <a href="tlsmgr.8.html">tlsmgr(8)</a> complains about /dev/urandom timeout errors).
+If the entropy source is not a
regular file, you must prepend the source type to the source name:
"dev:" for a device special file, or "egd:" for a source with EGD
compatible socket interface. </p>
connections per unit time (default: no limit). </p>
<li> <p> These limits are not applied to SMTP clients in the networks
-specified with $<a href="postconf.5.html#smtpd_client_connection_limit_exceptions">smtpd_client_connection_limit_exceptions</a> (default:
+specified with $smtpd_client_connection_limit_exceptions (default:
clients in $<a href="postconf.5.html#mynetworks">mynetworks</a> may make an unlimited number of connections).
<li> <p> The <a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a> parameter specifies the time
<li> <p> Reduce the <a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a> and <a href="postconf.5.html#smtp_helo_timeout">smtp_helo_timeout</a>
values so that Postfix does not waste lots of time connecting
-to non-responding <a href="smtpd.8.html">smtpd(8)</a> servers. </p>
+to non-responding remote SMTP servers. </p>
<li> <p> Use a dedicated mail delivery transport for problematic
destinations, with reduced timeouts and with adjusted concurrency.
<li> <p> The SOURCE attribute specifies LOCAL when the message
was received from a source that is local with respect to the
- up-stream host, REMOTE for mail from a remote source, or
- [UNAVAILABLE] when the information is unavailable. The down-stream
- MTA may decide to enable header munging and address qualification
- with mail from local sources. </p>
+ up-stream host (for example, the message originated from the
+ up-stream host itself), REMOTE for all other mail, or [UNAVAILABLE]
+ when the information is unavailable. The down-stream MTA may
+ decide to enable features such as header munging or address
+ qualification with mail from local sources but not other sources.
+ </p>
</ul>
0.0.0.0/0 to match every IPv4 address, and ::/0 to
match every IPv6 address.
+ An IPv4 network address is a sequence of four deci-
+ mal octets separated by ".", and an IPv6 network
+ address is a sequence of three to eight hexadecimal
+ octet pairs separated by ":".
+
+ Before comparisons are made, lookup keys and table
+ entries are converted from string to binary. There-
+ fore table entries will be matched regardless of
+ redundant zero characters.
+
Note: address information may be enclosed inside
"[]" but this form is not recommended.
main.cf file).
Chroot should not be used with the <a href="local.8.html"><b>local</b>(8)</a>,
- <a href="pipe.8.html"><b>pipe</b>(8)</a> and <a href="spawn.8.html"><b>spawn</b>(8)</a> daemons. Although the <a href="proxymap.8.html"><b>prox-</b></a>
- <a href="proxymap.8.html"><b>ymap</b>(8)</a> server can run chrooted, doing so defeats
- most of the purpose of having that service in the
- first place.
+ <a href="pipe.8.html"><b>pipe</b>(8)</a>, <a href="spawn.8.html"><b>spawn</b>(8)</a>, and <a href="virtual.8.html">virtual(8)</a> daemons.
+ Although the <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server can run chrooted,
+ doing so defeats most of the purpose of having that
+ service in the first place.
The files in the examples/chroot-setup subdirectory
of the Postfix source archive describe how to set
types:
<b>btree</b> The output is a btree file, named
- <i>file</i><b>_</b><i>name</i><b>.db</b>. This is available only on
- systems with support for <b>db</b> databases.
+ <i>file</i><b>_</b><i>name</i><b>.db</b>. This is available on systems
+ with support for <b>db</b> databases.
+
+ <b>cdb</b> The output is one file named <i>file</i><b>_</b><i>name</i><b>.cdb</b>.
+ This is available on systems with support
+ for <b>cdb</b> databases.
<b>dbm</b> The output consists of two files, named
<i>file</i><b>_</b><i>name</i><b>.pag</b> and <i>file</i><b>_</b><i>name</i><b>.dir</b>. This is
- available only on systems with support for
- <b>dbm</b> databases.
+ available on systems with support for <b>dbm</b>
+ databases.
<b>hash</b> The output is a hashed file, named
- <i>file</i><b>_</b><i>name</i><b>.db</b>. This is available only on
- systems with support for <b>db</b> databases.
+ <i>file</i><b>_</b><i>name</i><b>.db</b>. This is available on systems
+ with support for <b>db</b> databases.
<b>sdbm</b> The output consists of two files, named
<i>file</i><b>_</b><i>name</i><b>.pag</b> and <i>file</i><b>_</b><i>name</i><b>.dir</b>. This is
- available only on systems with support for
- <b>sdbm</b> databases.
+ available on systems with support for <b>sdbm</b>
+ databases.
When no <i>file</i><b>_</b><i>type</i> is specified, the software uses
the database type specified via the
<b>flock</b> A kernel-based advisory locking method for
local files only. This locking method is
- available only on systems with a BSD compat-
- ible library.
+ available on systems with a BSD compatible
+ library.
<b>fcntl</b> A kernel-based advisory locking method for
local and remote files.
were left behind after abnormal termination.
<b>-m</b> List the names of all supported lookup table types.
- Postfix lookup tables are specified as <i>type</i><b>:</b><i>name</i>,
- where <i>type</i> is one of the types listed below. The
- table <i>name</i> syntax depends on the lookup table type.
-
- <b>btree</b> A sorted, balanced tree structure. This is
- available only on systems with support for
- Berkeley DB databases.
-
- <b>cidr</b> A table that associates values with Class-
- less Inter-Domain Routing (CIDR) patterns.
+ In Postfix configuration files, lookup tables are
+ specified as <i>type</i><b>:</b><i>name</i>, where <i>type</i> is one of the
+ types listed below. The table <i>name</i> syntax depends
+ on the lookup table type as described in the
+ <a href="DATABASE_README.html">DATABASE_README</a> document.
+
+ <b>btree</b> A sorted, balanced tree structure. This is
+ available on systems with support for Berke-
+ ley DB databases.
+
+ <b>cdb</b> A read-optimized structure with no support
+ for incremental updates. This is available
+ on systems with support for CDB databases.
+
+ <b>cidr</b> A table that associates values with Class-
+ less Inter-Domain Routing (CIDR) patterns.
This is described in <a href="cidr_table.5.html"><b>cidr_table</b>(5)</a>.
<b>dbm</b> An indexed file type based on hashing. This
- is available only on systems with support
- for DBM databases.
+ is available on systems with support for DBM
+ databases.
<b>environ</b>
The UNIX process environment array. The
- lookup key is the variable name. Originally
- implemented for testing, someone may find
+ lookup key is the variable name. Originally
+ implemented for testing, someone may find
this useful someday.
<b>hash</b> An indexed file type based on hashing. This
- is available only on systems with support
- for Berkeley DB databases.
+ is available on systems with support for
+ Berkeley DB databases.
<b>ldap</b> (read-only)
- Perform lookups using the LDAP protocol.
+ Perform lookups using the LDAP protocol.
This is described in <a href="ldap_table.5.html"><b>ldap_table</b>(5)</a>.
<b>mysql</b> (read-only)
- Perform lookups using the MYSQL protocol.
+ Perform lookups using the MYSQL protocol.
This is described in <a href="mysql_table.5.html"><b>mysql_table</b>(5)</a>.
<b>pcre</b> (read-only)
A lookup table based on Perl Compatible Reg-
- ular Expressions. The file format is
+ ular Expressions. The file format is
described in <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
<b>pgsql</b> (read-only)
- Perform lookups using the PostgreSQL proto-
+ Perform lookups using the PostgreSQL proto-
col. This is described in <a href="pgsql_table.5.html"><b>pgsql_table</b>(5)</a>.
<b>proxy</b> (read-only)
- A lookup table that is implemented via the
- Postfix <a href="proxymap.8.html"><b>proxymap</b>(8)</a> service. The table name
+ A lookup table that is implemented via the
+ Postfix <a href="proxymap.8.html"><b>proxymap</b>(8)</a> service. The table name
syntax is <i>type</i><b>:</b><i>name</i>.
<b>regexp</b> (read-only)
A lookup table based on regular expressions.
- The
file format is described in <a href="regexp_table.5.html"><b>reg-</b></a>
+ The
file format is described in <a href="regexp_table.5.html"><b>reg-</b></a>
<a href="regexp_table.5.html"><b>exp_table</b>(5)</a>.
<b>sdbm</b> An indexed file type based on hashing. This
- is available only on systems with support
- for SDBM databases.
+ is available on systems with support for
+ SDBM databases.
<b>static</b> (read-only)
- A table that always returns its name as
- lookup result. For example, <b>static:foobar</b>
- always returns the string <b>foobar</b> as lookup
+ A table that always returns its name as
+ lookup result. For example, <b>static:foobar</b>
+ always returns the string <b>foobar</b> as lookup
result.
<b>tcp</b> (read-only)
Perform lookups using a simple request-reply
- protocol
that is described in <a href="tcp_table.5.html">tcp_table(5)</a>.
- This feature is not included with Postfix
+ protocol
that is described in <a href="tcp_table.5.html">tcp_table(5)</a>.
+ This feature is not included with Postfix
2.1.
<b>unix</b> (read-only)
- A limited way to query the UNIX authentica-
+ A limited way to query the UNIX authentica-
tion database. The following tables are
implemented:
<b>unix:passwd.byname</b>
- The table is the UNIX password
- database. The key is a login name.
- The result is a password file entry
+ The table is the UNIX password
+ database. The key is a login name.
+ The result is a password file entry
in passwd(5) format.
<b>unix:group.byname</b>
- The table is the UNIX group
- database. The key is a group name.
- The result is a group file entry in
+ The table is the UNIX group
+ database. The key is a group name.
+ The result is a group file entry in
group(5) format.
- Other table types may exist depending on how Postfix was
+ Other table types may exist depending on how Postfix was
built.
<b>-n</b> Print parameter settings that are not left at their
specified in main.cf.
<b>-v</b> Enable verbose logging for debugging purposes. Mul-
- tiple <b>-v</b> options make the software increasingly
+ tiple <b>-v</b> options make the software increasingly
verbose.
<b>DIAGNOSTICS</b>
Directory with Postfix configuration files.
<b>CONFIGURATION PARAMETERS</b>
- The following <b>main.cf</b> parameters are especially relevant
+ The following <b>main.cf</b> parameters are especially relevant
to this program.
- The text below provides only a parameter summary. See
+ The text below provides only a parameter summary. See
<a href="postconf.5.html">postconf(5)</a> for more details including examples.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix main.cf and
+ The default location of the Postfix main.cf and
master.cf configuration files.
<b>FILES</b>
<a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
not found, and delivery is deferred if a destination is unreachable.
</p>
-<p>
-The fallback relays must be SMTP destinations. Specify a domain,
+<p> The fallback relays must be SMTP destinations. Specify a domain,
host, host:port, [host]:port, [address] or [address]:port; the form
[host] turns off MX lookups. If you specify multiple SMTP
-destinations, Postfix will try them in the specified order.
+destinations, Postfix will try them in the specified order. </p>
+
+<p> NOTE: Do not use the <a href="postconf.5.html#fallback_relay">fallback_relay</a> feature when relaying mail
+for a backup or primary MX domain. Mail would loop between the
+Postfix MX host and the <a href="postconf.5.html#fallback_relay">fallback_relay</a> host when the final destination
+is unavailable. </p>
+
+<ul>
+
+<li> In main.cf specify "<tt><a href="postconf.5.html#relay_transport">relay_transport</a> = relay</tt>",
+
+<li> In master.cf specify "<tt>-o <a href="postconf.5.html#fallback_relay">fallback_relay</a> =</tt>" at the
+end of the <tt>relay</tt> entry.
+
+<li> In transport maps, specify "<tt>relay:<i>nexthop...</i></tt>"
+as the right-hand side for backup or primary MX domain entries.
+
+</ul>
+
+<p> These are default settings in Postfix version 2.2 and later.
</p>
</DD>
<DT><b><a name="local_header_rewrite_clients">local_header_rewrite_clients</a>
-(default: see "postconf -d" output)</b></DT><DD>
+(default: <a href="postconf.5.html#permit_inet_interfaces">permit_inet_interfaces</a>)</b></DT><DD>
<p> Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> to message
header addresses from these clients only; either don't rewrite
message headers from other clients at all, or append the domain
specified with the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter. </p>
+<p> See the <a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a> and <a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a> parameters
+for details of how domain names are appended to incomplete addresses.
+</p>
+
<p> Specify a list of zero or more of the following: </p>
<dl>
+<dt> <b> <a href="postconf.5.html#permit_inet_interfaces">permit_inet_interfaces</a> </b></dt>
+
+<dd> Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> when the
+client IP address matches $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>. This is enabled by
+default. </dd>
+
<dt> <b> <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a> </b></dt>
<dd> Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> when the
client IP address matches any network or network address listed in
-$<a href="postconf.5.html#mynetworks">mynetworks</a>. This is enabled by default. </dd>
+$<a href="postconf.5.html#mynetworks">mynetworks</a>. This setting will not prevent remote mail header
+address rewriting when mail from a remote client is forwarded by
+a neighboring system. </p>
<dt><b> <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a> </b></dt>
<dd> Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> when the
client is successfully authenticated via the <a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a> (AUTH)
-protocol. This is enabled by default. </dd>
+protocol. </dd>
<dt><b> <a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a> </b></dt>
<dd> Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> when the
client TLS certificate is successfully verified, and the client
-certificate fingerprint is listed in $relay_clientcerts. This is
-enabled by default. </dd>
+certificate fingerprint is listed in $relay_clientcerts. </dd>
<dt><b> <a href="postconf.5.html#permit_tls_all_clientcerts">permit_tls_all_clientcerts</a> </b></dt>
whether it is listed on the server, and regardless of the certifying
authority. </dd>
-<dt><b> <a name="check_address_map">check_address_map</a> <i><a href="DATABASE_README.html">type:table</a></i> </b></dt>
+<dt><b> <a name="check_address_map">check_address_map</a> <i><a
+href="DATABASE_README.html">type:table</a></i> </b></dt>
<dt><b> <i><a href="DATABASE_README.html">type:table</a></i> </b></dt>
<dd> Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> when the
-client IP address matches the specified lookup table. The lookup
-result is ignored, and no subnet lookup is done. This is suitable
-for pop-before-smtp lookup tables. </dd>
+client IP address matches the specified lookup table.
+The lookup result is ignored, and no subnet lookup is done. This
+is suitable for, e.g., pop-before-smtp lookup tables. </dd>
</dl>
<p> Examples: </p>
-<p> The backwards compatible setting: always rewrite message headers,
-and always append my own domain to incomplete header addresses. </p>
+<p> The Postfix < 2.2 backwards compatible setting: always rewrite
+message headers, and always append my own domain to incomplete
+header addresses. </p>
<pre>
<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = static:all
</pre>
-<p> The purist setting: rewrite headers only in mail from Postfix
-sendmail and in SMTP mail from this machine. </p>
+<p> The purist (and default) setting: rewrite headers only in mail
+from Postfix sendmail and in SMTP mail from this machine. </p>
<pre>
- <a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = host
- <a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>
+ <a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="postconf.5.html#permit_inet_interfaces">permit_inet_interfaces</a>
</pre>
-<p> The default setting: rewrite headers and append my own domain
-only with mail from Postfix sendmail and from local or authorized
-SMTP clients. </p>
-
-<pre>
- <a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>,
- <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a> <a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a>
-</pre>
+<p> The intermediate setting: rewrite header addresses and append
+$<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> information only with mail from Postfix
+sendmail, from local clients, or from authorized SMTP clients. </p>
-<p> The ISP setting: include clients that are pop-before-smtp
-authenticated. </p>
+<p> NOTE: This setting will not prevent remote mail header address
+rewriting when mail from a remote client is forwarded by a neighboring
+system. </p>
<pre>
<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>,
<dt> NONE </dt> <dd>Don't use TLS at all. </dd>
<dt> MAY </dt> <dd>Try to use STARTTLS if offered, otherwise use
-the unencrypted connection. NOTE: STARTTLS can be used only if
-TLS is already enabled via main.cf, so that the client TLS engine
-is properly initialized at program startup. </dd>
+the unencrypted connection. </dd>
<dt> MUST </dt> <dd>Require usage of STARTTLS, require that the
remote SMTP server hostname matches the information in the remote
parent domains, client IP address, or networks obtained by stripping
least significant octets. See the <a href="access.5.html">access(5)</a> manual page for details. </dd>
+<dt><b><a name="permit_inet_interfaces">permit_inet_interfaces</a></b></dt>
+
+<dd>Permit the request when the client IP address matches
+$<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>. </dd>
+
<dt><b><a name="permit_mynetworks">permit_mynetworks</a></b></dt>
<dd>Permit the request when the client IP address matches any
EGD compatible socket interface, or dev:/path/to/device for a
device file. </p>
+<p> Note: on OpenBSD systems specify /dev/arandom when /dev/urandom
+gives timeout errors. </p>
+
</DD>
types:
<b>btree</b> The output file is a btree file, named
- <i>file</i><b>_</b><i>name</i><b>.db</b>. This is available only on
- systems with support for <b>db</b> databases.
+ <i>file</i><b>_</b><i>name</i><b>.db</b>. This is available on systems
+ with support for <b>db</b> databases.
+
+ <b>cdb</b> The output consists of one file, named
+ <i>file</i><b>_</b><i>name</i><b>.cdb</b>. This is available on systems
+ with support for <b>cdb</b> databases.
<b>dbm</b> The output consists of two files, named
<i>file</i><b>_</b><i>name</i><b>.pag</b> and <i>file</i><b>_</b><i>name</i><b>.dir</b>. This is
- available only on systems with support for
- <b>dbm</b> databases.
+ available on systems with support for <b>dbm</b>
+ databases.
<b>hash</b> The output file is a hashed file, named
- <i>file</i><b>_</b><i>name</i><b>.db</b>. This is available only on
- systems with support for <b>db</b> databases.
+ <i>file</i><b>_</b><i>name</i><b>.db</b>. This is available on systems
+ with support for <b>db</b> databases.
<b>sdbm</b> The output consists of two files, named
<i>file</i><b>_</b><i>name</i><b>.pag</b> and <i>file</i><b>_</b><i>name</i><b>.dir</b>. This is
- available only on systems with support for
- <b>sdbm</b> databases.
+ available on systems with support for <b>sdbm</b>
+ databases.
When no <i>file</i><b>_</b><i>type</i> is specified, the software uses
the database type specified via the
user or group IDs, mailbox file/directory names or exter-
nal commands.
+ In Postfix version 2.2 and later, the proxymap client rec-
+ ognizes requests to access a table for security-sensitive
+ purposes, and opens the table directly. This allows the
+ same main.cf setting to be used by sensitive and non-sen-
+ sitive processes.
+
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8).
Available in Postfix version 2.2 and later:
- <b><a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> (see 'postconf -d' output)</b>
+ <b><a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> (<a href="postconf.5.html#permit_inet_interfaces">permit_inet_interfaces</a>)</b>
Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> to
message header addresses from these clients only;
either don't rewrite message headers from other
<b>tlsmgr</b> [generic Postfix daemon options]
<b>DESCRIPTION</b>
- The <a href="tlsmgr.8.html">tlsmgr(8)</a> maintains the TLS session caches for Postfix
- SMTP client and server processes. It periodically removes
- entries that have expired, and entries that are no longer
- compatible with the currently running Postfix version.
-
- The <a href="tlsmgr.8.html">tlsmgr(8)</a> also maintains the PRNG (pseudo random num-
- ber generator) pool. This is queried by the <a href="smtpd.8.html">smtpd(8)</a> and
+ The <a href="tlsmgr.8.html">tlsmgr(8)</a> manages the TLS session caches for Postfix
+ SMTP client and server processes. It stores and retrieves
+ cache entries on request by <a href="smtpd.8.html">smtpd(8)</a> and <a href="smtp.8.html">smtp(8)</a> pro-
+ cesses, and periodically removes entries that have
+ expired.
+
+ The <a href="tlsmgr.8.html">tlsmgr(8)</a> also manages the PRNG (pseudo random number
+ generator) pool. It answers queries by the <a href="smtpd.8.html">smtpd(8)</a> and
<a href="smtp.8.html">smtp(8)</a> processes to seed their internal PRNG pools.
- The <a href="tlsmgr.8.html">tlsmgr(8)</a>'s internal PRNG pool is initially seeded
- from an external source (EGD, /dev/urandom, or regular
- file). It is updated at configurable pseudo-random inter-
- vals with data from the external source. It is updated
- periodically with data from TLS session cache entries and
- with the time of day, and is updated with the time of day
-
whenever a process requests <a href="tlsmgr.8.html">tlsmgr(8)</a> service.
+ The <a href="tlsmgr.8.html">tlsmgr(8)</a>'s PRNG pool is initially seeded from an
+ external source (EGD, /dev/urandom, or regular file). It
+ is updated at configurable pseudo-random intervals with
+ data from the external source. It is updated periodically
+ with data from TLS session cache entries and with the time
+ of day, and is updated with the time of day whenever a
+ process requests <a href="tlsmgr.8.html">tlsmgr(8)</a> service.
- The <a href="tlsmgr.8.html">tlsmgr(8)</a> saves the PRNG state to an exchange file
- periodically and when the process terminates, and reads
+ The <a href="tlsmgr.8.html">tlsmgr(8)</a> saves the PRNG state to an exchange file
+ periodically and when the process terminates, and reads
the exchange file when initializing its PRNG.
<b>SECURITY</b>
- <a href="tlsmgr.8.html">tlsmgr(8)</a> is not security-sensitive. The code that main-
- tains the external and internal PRNG pools does not
- "trust" the data that it manipulates, and the code that
- maintains the TLS session cache does not touch the con-
+ <a href="tlsmgr.8.html">tlsmgr(8)</a> is not security-sensitive. The code that main-
+ tains the external and internal PRNG pools does not
+ "trust" the data that it manipulates, and the code that
+ maintains the TLS session cache does not touch the con-
tents of the cached entries, except for seeding its inter-
nal PRNG pool.
- The <a href="tlsmgr.8.html">tlsmgr(8)</a> can be run chrooted and with reduced privi-
- leges. At process startup it connects to the entropy
- source and exchange file, and creates or truncates the
+ The <a href="tlsmgr.8.html">tlsmgr(8)</a> can be run chrooted and with reduced privi-
+ leges. At process startup it connects to the entropy
+ source and exchange file, and creates or truncates the
optional TLS session cache files.
<b>DIAGNOSTICS</b>
because <a href="tlsmgr.8.html">tlsmgr(8)</a> is a persistent processes. Use the com-
mand "<b>postfix reload</b>" after a configuration change.
- The text below provides only a parameter summary. See
+ The text below provides only a parameter summary. See
<a href="postconf.5.html">postconf(5)</a> for more details including examples.
<b>TLS SESSION CACHE</b>
<b><a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a> (empty)</b>
- Name of the file containing the optional Postfix
+ Name of the file containing the optional Postfix
SMTP server TLS session cache.
<b><a href="postconf.5.html#smtpd_tls_session_cache_timeout">smtpd_tls_session_cache_timeout</a> (3600s)</b>
sion cache information.
<b><a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> (empty)</b>
- Name of the file containing the optional Postfix
+ Name of the file containing the optional Postfix
SMTP client TLS session cache.
<b><a href="postconf.5.html#smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a> (3600s)</b>
<b>PSEUDO RANDOM NUMBER GENERATOR</b>
<b><a href="postconf.5.html#tls_random_source">tls_random_source</a> (see 'postconf -d' output)</b>
The external entropy source for the in-memory
- <a href="tlsmgr.8.html">tlsmgr(8)</a> pseudo random number generator (PRNG)
+ <a href="tlsmgr.8.html">tlsmgr(8)</a> pseudo random number generator (PRNG)
pool.
<b><a href="postconf.5.html#tls_random_bytes">tls_random_bytes</a> (32)</b>
- The number of bytes that <a href="tlsmgr.8.html">tlsmgr(8)</a> reads from
- $<a href="postconf.5.html#tls_random_source">tls_random_source</a> when (re)seeding the in-memory
+ The number of bytes that <a href="tlsmgr.8.html">tlsmgr(8)</a> reads from
+ $<a href="postconf.5.html#tls_random_source">tls_random_source</a> when (re)seeding the in-memory
pseudo random number generator (PRNG) pool.
<b><a href="postconf.5.html#tls_random_exchange_name">tls_random_exchange_name</a> (${<a href="postconf.5.html#config_directory">config_directory</a>}/prng_exch)</b>
- Name of the pseudo random number generator (PRNG)
+ Name of the pseudo random number generator (PRNG)
state file that is maintained by <a href="tlsmgr.8.html">tlsmgr(8)</a>.
<b><a href="postconf.5.html#tls_random_prng_update_period">tls_random_prng_update_period</a> (3600s)</b>
- The time between attempts by <a href="tlsmgr.8.html">tlsmgr(8)</a> to save the
- state of the pseudo random number generator (PRNG)
+ The time between attempts by <a href="tlsmgr.8.html">tlsmgr(8)</a> to save the
+ state of the pseudo random number generator (PRNG)
to the file specified with $<a href="postconf.5.html#tls_random_exchange_name">tls_ran</a>-
<a href="postconf.5.html#tls_random_exchange_name">dom_exchange_name</a>.
<b><a href="postconf.5.html#tls_random_reseed_period">tls_random_reseed_period</a> (3600s)</b>
- The maximal time between attempts by <a href="tlsmgr.8.html">tlsmgr(8)</a> to
- re-seed the in-memory pseudo random number genera-
+ The maximal time between attempts by <a href="tlsmgr.8.html">tlsmgr(8)</a> to
+ re-seed the in-memory pseudo random number genera-
tor (PRNG) pool from external sources.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix main.cf and
+ The default location of the Postfix main.cf and
master.cf configuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to
- handle a request before it is terminated by a
+ How much time a Postfix daemon process may take to
+ handle a request before it is terminated by a
built-in watchdog timer.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon pro-
+ The process ID of a Postfix command or daemon pro-
cess.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
+ The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
- The mail system name that is prepended to the pro-
+ The mail system name that is prepended to the pro-
cess name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
<a href="TLS_README.html">TLS_README</a>, Postfix TLS configuration and operation
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
# \fIinclude\fR directory.
# The following directives are special:
# .RS
-# .IP "\fB-DUSE_TLS\fR (default)"
+# .IP \fB-DUSE_TLS\f
# Build with TLS (transport level security) support. This
# requires that OpenSSL is installed.
# .IP \fB-DNO_TLS\fR
# Do not build with TLS support.
+# .IP \fB-DNO_IPV6\fR
+# Do not build with IPv6 support.
# .IP \fB-DHAS_PCRE\fR
# Build with PCRE (Perl-compatible regular expression) support.
# By default, PCRE support is enabled when the \fBpcre-config\fR
esac
# Solaris 8 added IPv6
case $RELEASE in
- 5.[0-7]) CCARGS="$CCARGS -DNO_IPV6";;
+ 5.[0-7]|5.[0-7].*) CCARGS="$CCARGS -DNO_IPV6";;
esac
# Solaris 9 added closefrom() and /dev/*random
case $RELEASE in
- 5.[0-8]) CCARGS="$CCARGS -DNO_CLOSEFROM -DNO_DEV_URANDOM";;
+ 5.[0-8]|5.[0-8].*) CCARGS="$CCARGS -DNO_CLOSEFROM -DNO_DEV_URANDOM";;
esac
# Work around broken str*casecmp(). Do it all here instead
# of having half the solution in the sys_defs.h file.
.RS
.IP \fBbtree\fR
The output is a btree file, named \fIfile_name\fB.db\fR.
-This is available only on systems with support for \fBdb\fR databases.
+This is available on systems with support for \fBdb\fR databases.
+.IP \fBcdb\fR
+The output is one file named \fIfile_name\fB.cdb\fR.
+This is available on systems with support for \fBcdb\fR databases.
.IP \fBdbm\fR
The output consists of two files, named \fIfile_name\fB.pag\fR and
\fIfile_name\fB.dir\fR.
-This is available only on systems with support for \fBdbm\fR databases.
+This is available on systems with support for \fBdbm\fR databases.
.IP \fBhash\fR
The output is a hashed file, named \fIfile_name\fB.db\fR.
-This is available only on systems with support for \fBdb\fR databases.
+This is available on systems with support for \fBdb\fR databases.
.IP \fBsdbm\fR
The output consists of two files, named \fIfile_name\fB.pag\fR and
\fIfile_name\fB.dir\fR.
-This is available only on systems with support for \fBsdbm\fR databases.
+This is available on systems with support for \fBsdbm\fR databases.
.PP
When no \fIfile_type\fR is specified, the software uses the database
type specified via the \fBdefault_database_type\fR configuration
.RS
.IP \fBflock\fR
A kernel-based advisory locking method for local files only.
-This locking method is available only on systems with a BSD
+This locking method is available on systems with a BSD
compatible library.
.IP \fBfcntl\fR
A kernel-based advisory locking method for local and remote files.
stale lock files that were left behind after abnormal termination.
.RE
.IP \fB-m\fR
-List the names of all supported lookup table types. Postfix
+List the names of all supported lookup table types. In Postfix
+configuration files,
lookup tables are specified as \fItype\fB:\fIname\fR, where
\fItype\fR is one of the types listed below. The table \fIname\fR
-syntax depends on the lookup table type.
+syntax depends on the lookup table type as described in the
+DATABASE_README document.
.RS
.IP \fBbtree\fR
A sorted, balanced tree structure.
-This is available only on systems with support for Berkeley DB
+This is available on systems with support for Berkeley DB
databases.
+.IP \fBcdb\fR
+A read-optimized structure with no support for incremental updates.
+This is available on systems with support for CDB databases.
.IP \fBcidr\fR
A table that associates values with Classless Inter-Domain Routing
(CIDR) patterns. This is described in \fBcidr_table\fR(5).
.IP \fBdbm\fR
An indexed file type based on hashing.
-This is available only on systems with support for DBM databases.
+This is available on systems with support for DBM databases.
.IP \fBenviron\fR
The UNIX process environment array. The lookup key is the variable
name. Originally implemented for testing, someone may find this
useful someday.
.IP \fBhash\fR
An indexed file type based on hashing.
-This is available only on systems with support for Berkeley DB
+This is available on systems with support for Berkeley DB
databases.
.IP "\fBldap\fR (read-only)"
Perform lookups using the LDAP protocol. This is described
described in \fBregexp_table\fR(5).
.IP \fBsdbm\fR
An indexed file type based on hashing.
-This is available only on systems with support for SDBM databases.
+This is available on systems with support for SDBM databases.
.IP "\fBstatic\fR (read-only)"
A table that always returns its name as lookup result. For example,
\fBstatic:foobar\fR always returns the string \fBfoobar\fR as lookup
.RS
.IP \fBbtree\fR
The output file is a btree file, named \fIfile_name\fB.db\fR.
-This is available only on systems with support for \fBdb\fR databases.
+This is available on systems with support for \fBdb\fR databases.
+.IP \fBcdb\fR
+The output consists of one file, named \fIfile_name\fB.cdb\fR.
+This is available on systems with support for \fBcdb\fR databases.
.IP \fBdbm\fR
The output consists of two files, named \fIfile_name\fB.pag\fR and
\fIfile_name\fB.dir\fR.
-This is available only on systems with support for \fBdbm\fR databases.
+This is available on systems with support for \fBdbm\fR databases.
.IP \fBhash\fR
The output file is a hashed file, named \fIfile_name\fB.db\fR.
-This is available only on systems with support for \fBdb\fR databases.
+This is available on systems with support for \fBdb\fR databases.
.IP \fBsdbm\fR
The output consists of two files, named \fIfile_name\fB.pag\fR and
\fIfile_name\fB.dir\fR.
-This is available only on systems with support for \fBsdbm\fR databases.
+This is available on systems with support for \fBsdbm\fR databases.
.PP
When no \fIfile_type\fR is specified, the software uses the database
type specified via the \fBdefault_database_type\fR configuration
0.0.0.0/0 to match every IPv4 address, and ::/0 to match
every IPv6 address.
+An IPv4 network address is a sequence of four decimal octets
+separated by ".", and an IPv6 network address is a sequence
+of three to eight hexadecimal octet pairs separated by ":".
+
+Before comparisons are made, lookup keys and table entries
+are converted from string to binary. Therefore table entries
+will be matched regardless of redundant zero characters.
+
Note: address information may be enclosed inside "[]" but
this form is not recommended.
configuration variable in the main.cf file).
.sp
Chroot should not be used with the \fBlocal\fR(8),
-\fBpipe\fR(8) and \fBspawn\fR(8) daemons. Although the
+\fBpipe\fR(8), \fBspawn\fR(8), and virtual(8) daemons.
+Although the
\fBproxymap\fR(8) server can run chrooted, doing so defeats
most of the purpose of having that service in the first
place.
host, host:port, [host]:port, [address] or [address]:port; the form
[host] turns off MX lookups. If you specify multiple SMTP
destinations, Postfix will try them in the specified order.
+.PP
+NOTE: Do not use the fallback_relay feature when relaying mail
+for a backup or primary MX domain. Mail would loop between the
+Postfix MX host and the fallback_relay host when the final destination
+is unavailable.
+.IP \(bu
+In main.cf specify "<tt>relay_transport = relay</tt>",
+.IP \(bu
+In master.cf specify "<tt>-o fallback_relay =</tt>" at the
+end of the <tt>relay</tt> entry.
+.IP \(bu
+In transport maps, specify "<tt>relay:\fInexthop...\fR</tt>"
+as the right-hand side for backup or primary MX domain entries.
+.PP
+These are default settings in Postfix version 2.2 and later.
.SH fallback_transport (default: empty)
Optional message delivery transport that the local(8) delivery
agent should use for names that are not found in the aliases(5)
Setting this parameter to a value > 1 changes the meaning of
local_destination_concurrency_limit from concurrency per recipient
into concurrency per domain.
-.SH local_header_rewrite_clients (default: see "postconf -d" output)
+.SH local_header_rewrite_clients (default: permit_inet_interfaces)
Append the domain name in $myorigin or $mydomain to message
header addresses from these clients only; either don't rewrite
message headers from other clients at all, or append the domain
specified with the remote_header_rewrite_domain parameter.
.PP
+See the append_at_myorigin and append_dot_mydomain parameters
+for details of how domain names are appended to incomplete addresses.
+.PP
Specify a list of zero or more of the following:
+.IP "\fB permit_inet_interfaces \fR"
+Append the domain name in $myorigin or $mydomain when the
+client IP address matches $inet_interfaces. This is enabled by
+default.
.IP "\fB permit_mynetworks \fR"
Append the domain name in $myorigin or $mydomain when the
client IP address matches any network or network address listed in
-$mynetworks. This is enabled by default.
+$mynetworks. This setting will not prevent remote mail header
+address rewriting when mail from a remote client is forwarded by
+a neighboring system.
.IP "\fB permit_sasl_authenticated \fR"
Append the domain name in $myorigin or $mydomain when the
client is successfully authenticated via the RFC 2554 (AUTH)
-protocol. This is enabled by default.
+protocol.
.IP "\fB permit_tls_clientcerts \fR"
Append the domain name in $myorigin or $mydomain when the
client TLS certificate is successfully verified, and the client
-certificate fingerprint is listed in $relay_clientcerts. This is
-enabled by default.
+certificate fingerprint is listed in $relay_clientcerts.
.IP "\fB permit_tls_all_clientcerts \fR"
Append the domain name in $myorigin or $mydomain when the
client TLS certificate is successfully verified, regardless of
whether it is listed on the server, and regardless of the certifying
authority.
-.IP "\fB check_address_map \fItype:table\fR \fR"
+.IP "\fB check_address_map \fI<a
+href="DATABASE_README.html">type:table\fR \fR"
.IP "\fB \fItype:table\fR \fR"
Append the domain name in $myorigin or $mydomain when the
-client IP address matches the specified lookup table. The lookup
-result is ignored, and no subnet lookup is done. This is suitable
-for pop-before-smtp lookup tables.
+client IP address matches the specified lookup table.
+The lookup result is ignored, and no subnet lookup is done. This
+is suitable for, e.g., pop-before-smtp lookup tables.
.PP
Examples:
.PP
-The backwards compatible setting: always rewrite message headers,
-and always append my own domain to incomplete header addresses.
+The Postfix < 2.2 backwards compatible setting: always rewrite
+message headers, and always append my own domain to incomplete
+header addresses.
.PP
.nf
.na
.ad
.ft R
.PP
-The purist setting: rewrite headers only in mail from Postfix
-sendmail and in SMTP mail from this machine.
+The purist (and default) setting: rewrite headers only in mail
+from Postfix sendmail and in SMTP mail from this machine.
.PP
.nf
.na
.ft C
- mynetworks_style = host
- local_header_rewrite_clients = permit_mynetworks
+ local_header_rewrite_clients = permit_inet_interfaces
.fi
.ad
.ft R
.PP
-The default setting: rewrite headers and append my own domain
-only with mail from Postfix sendmail and from local or authorized
-SMTP clients.
-.PP
-.nf
-.na
-.ft C
- local_header_rewrite_clients = permit_mynetworks,
- permit_sasl_authenticated permit_tls_clientcerts
-.fi
-.ad
-.ft R
+The intermediate setting: rewrite header addresses and append
+$myorigin or $mydomain information only with mail from Postfix
+sendmail, from local clients, or from authorized SMTP clients.
.PP
-The ISP setting: include clients that are pop-before-smtp
-authenticated.
+NOTE: This setting will not prevent remote mail header address
+rewriting when mail from a remote client is forwarded by a neighboring
+system.
.PP
.nf
.na
Don't use TLS at all.
.IP "MAY"
Try to use STARTTLS if offered, otherwise use
-the unencrypted connection. NOTE: STARTTLS can be used only if
-TLS is already enabled via main.cf, so that the client TLS engine
-is properly initialized at program startup.
+the unencrypted connection.
.IP "MUST"
Require usage of STARTTLS, require that the
remote SMTP server hostname matches the information in the remote
Search the specified access database for the client hostname,
parent domains, client IP address, or networks obtained by stripping
least significant octets. See the access(5) manual page for details.
+.IP "\fBpermit_inet_interfaces\fR"
+Permit the request when the client IP address matches
+$inet_interfaces.
.IP "\fBpermit_mynetworks\fR"
Permit the request when the client IP address matches any
network or network address listed in $mynetworks.
type must be prepended: egd:/path/to/egd_socket for a source with
EGD compatible socket interface, or dev:/path/to/device for a
device file.
+.PP
+Note: on OpenBSD systems specify /dev/arandom when /dev/urandom
+gives timeout errors.
.SH trace_service_name (default: trace)
The name of the trace(8) service. This service maintains a record
of mail deliveries and produces a mail delivery report when verbose
The proxymap server is not a trusted daemon process, and must
not be used to look up sensitive information such as user or
group IDs, mailbox file/directory names or external commands.
+
+In Postfix version 2.2 and later, the proxymap client recognizes
+requests to access a table for security-sensitive purposes,
+and opens the table directly. This allows the same main.cf
+setting to be used by sensitive and non-sensitive processes.
.SH DIAGNOSTICS
.ad
.fi
filtering, or address mapping.
.PP
Available in Postfix version 2.2 and later:
-.IP "\fBlocal_header_rewrite_clients (see 'postconf -d' output)\fR"
+.IP "\fBlocal_header_rewrite_clients (permit_inet_interfaces)\fR"
Append the domain name in $myorigin or $mydomain to message
header addresses from these clients only; either don't rewrite
message headers from other clients at all, or append the domain
.SH DESCRIPTION
.ad
.fi
-The tlsmgr(8) maintains the TLS session caches for Postfix
-SMTP client and server processes. It periodically removes
-entries that have expired, and entries that are no longer
-compatible with the currently running Postfix version.
+The tlsmgr(8) manages the TLS session caches for Postfix
+SMTP client and server processes. It stores and retrieves
+cache entries on request by smtpd(8) and smtp(8) processes,
+and periodically removes entries that have expired.
-The tlsmgr(8) also maintains the PRNG (pseudo random number
-generator) pool. This is queried by the smtpd(8) and smtp(8)
+The tlsmgr(8) also manages the PRNG (pseudo random number
+generator) pool. It answers queries by the smtpd(8) and smtp(8)
processes to seed their internal PRNG pools.
-The tlsmgr(8)'s internal PRNG pool is initially seeded from
+The tlsmgr(8)'s PRNG pool is initially seeded from
an external source (EGD, /dev/urandom, or regular file).
It is updated at configurable pseudo-random intervals with
data from the external source. It is updated periodically
# Access restrictions - client
s;\bcheck_client_access\b;<a href="postconf.5.html#check_client_access">$&</a>;g;
+ s;\bpermit_inet_interfaces\b;<a href="postconf.5.html#permit_inet_interfaces">$&</a>;g;
s;\bpermit_mynetworks\b;<a href="postconf.5.html#permit_mynetworks">$&</a>;g;
s;\bpermit_sasl_authenticated\b;<a href="postconf.5.html#permit_sasl_authenticated">$&</a>;g;
s;\bpermit_tls_clientcerts\b;<a href="postconf.5.html#permit_tls_clientcerts">$&</a>;g;
<ul>
-<li> <a href="#william"> To rewrite or not to rewrite, or to label
+<li> <a href="#william"> To rewrite message headers or not, or to label
as invalid </a>
<li> <a href="#overview"> Postfix address rewriting overview </a>
</ul>
-<h2> <a name="william"> To rewrite or not to rewrite, or to label
+<h2> <a name="william"> To rewrite message headers or not, or to label
as invalid </a> </h2>
<p> Postfix versions 2.1 and earlier always rewrite message header
-addresses, and append Postfix's own domain information to incomplete
-addresses. While rewriting message headers is OK for mail with a
-local origin, it is undesirable for remote mail: </p>
+addresses, and append Postfix's own domain information to addresses
+that Postfix considers incomplete. While rewriting message header
+addresses is OK for mail with a local origin, it is undesirable
+for remote mail: </p>
<ul>
-<li> Header mangling is frowned upon by mail standards,
+<li> Message header address rewriting is frowned upon by mail standards,
-<li> Appending Postfix's own domain information produces incorrect
-results with remote incomplete addresses,
+<li> Appending Postfix's own domain produces incorrect results with
+some incomplete addresses,
-<li> Appending Postfix's own domain information sometimes creates
-the appearance that spam is sent by local users.
+<li> Appending Postfix's own domain sometimes creates the appearance
+that spam is sent by local users.
</ul>
<ul>
-<li> Postfix does not rewrite message headers from remote SMTP
-clients at all when the remote_header_rewrite_domain parameter
-value is empty.
+<li> Postfix always rewrites message header addresses from local
+SMTP clients, and from the Postfix sendmail command. The
+local_header_rewrite_clients parameter controls what SMTP clients
+Postfix considers local (by default, only local network interface
+addresses).
-<li> Otherwise, Postfix appends the specified domain name to
-incomplete addresses in message headers from remote SMTP clients.
-This feature can be used to append a reserved domain such as
-"domain.invalid", so that incomplete addresses cannot be mistaken
+<li> Postfix never rewrites message header addresses from remote
+SMTP clients when the remote_header_rewrite_domain parameter value
+is empty (the default setting).
+
+<li> Otherwise, Postfix appends the remote_header_rewrite_domain
+value to incomplete message header addresses from remote SMTP
+clients. This feature can be used to append a reserved domain such
+as "domain.invalid", so that incomplete addresses cannot be mistaken
for local addresses.
</ul>
-<p> The local_header_rewrite_clients parameter controls what SMTP
-clients Postfix considers local instead of remote. </p>
-
<h2> <a name="overview"> Postfix address rewriting overview </a> </h2>
<p> The figure below zooms in on those parts of Postfix that are most
the helpers by word wrapping the logging. </p>
<li> <p> Output from "postconf -n". Please do not send your main.cf
-file. Or better, provide output from the "postfinger" tool. </p>
+file. Or better, provide output from the "postfinger" tool. This
+tool is bundled with Postfix 2.2 and later source code, and can be
+found at http://ftp.wl0.org/SOURCES/postfinger. </p>
<li> <p> If the problem is about too much mail in the queue, consider
including output from the qshape tool, as described in the
</table>
-<li> <p> The anvil(8) server implements client connection and rate
+<li> <p> The anvil(8) server implements client connection and
+request rate
limiting for all smtpd(8) servers. The TUNING_README document
provides guidance for dealing with mis-behaving SMTP clients. The
anvil(8) service is not included with Postfix version 2.1 or earlier.
<li> <p> The scache(8) server maintains the connection cache for
the Postfix smtp(8) client. When connection caching is enabled for
-selected
-destinations, the smtp(8) client does not disconnect immediately
-after a mail transaction, but gives the connection to the connection
-cache server. The smtp(8) client continues with some other mail
-delivery request. Meanwhile, the connection cache server keeps the
-connection open for a limited amount of time. During that time,
-any smtp(8) process can ask the scache(8) server for that cached
-connection and use it for mail delivery. </p>
+selected destinations, the smtp(8) client does not disconnect
+immediately after a mail transaction, but gives the connection to
+the connection cache server which keeps the connection open for a
+limited amount of time. The smtp(8) client continues with some
+other mail delivery request. Meanwhile, any smtp(8) process can
+ask the scache(8) server for that cached connection and reuse it
+for mail delivery. As a safety measure, Postfix limits the number
+of times that a connection may be reused. </p>
+
+<p> When delivering mail to a destination with multiple mail servers,
+connection caching can help to skip over a non-responding server,
+and thus dramatically speed up delivery. </p>
<table>
-<tr> <td> <td align="center" bgcolor="#f0f0ff"> <br> smtp(8) <br>
- </td> <td> <tt> -> </tt> </td> <td> <td align="center"
-bgcolor="#f0f0ff"> <br> scache(8) <br> </td> <td> <tt> ->
-</tt> </td> <td> <td align="center" bgcolor="#f0f0ff"> <br> smtp(8)
-<br> </td>
+<tr> <td align="center" bgcolor="#f0f0ff"> <br> smtp(8) <br>
+ </td> <td> <tt> <-> </tt> </td> <td align="center"
+bgcolor="#f0f0ff"> <br> scache(8) <br> </td> <td> <tt>
+<-> </tt> </td> <td align="center" bgcolor="#f0f0ff"> <br>
+smtp(8) <br> </td>
</table>
standard input, output and error streams. You can find examples of
its use in the SMTPD_POLICY_README document. </p>
+<li> <p> The tlsmgr(8) server runs when TLS (Transport Layer
+Security, formerly known as SSL) is turned on in the Postfix smtp(8)
+client or smtpd(8) server. This process has two duties: </p>
+
+<ul>
+
+<li> <p> Maintain the pseudo-random number generator (PRNG) that
+is used to seed the TLS engines in Postfix smtp(8) client or smtpd(8)
+server processes. The state of this PRNG is saved periodically to
+a file, and is read when tlsmgr(8) starts up. </p>
+
+<li> <p> Maintain the optional Postfix smtp(8) client or smtpd(8)
+server caches with TLS session keys. Saved keys can improve
+performance by reducing the amount of computation at the start of
+a TLS session. </p>
+
+</ul>
+
+<p> TLS support is available in Postfix version 2.2 and later.
+Information about the Postfix TLS implementation is in the TLS_README
+document. </p>
+
+<table>
+
+<tr> <td>Network<tt>-> </tt> </td> <td align="center"
+bgcolor="#f0f0ff"> <br> smtpd(8) <br> </td> <td colspan="2">
+<tt> <---seed---<br><br><-session-> </tt> </td> <td
+align="center" bgcolor="#f0f0ff"> <br> tlsmgr(8) <br> </td>
+<td colspan="3"> <tt> ---seed---><br> <br><-session->
+</tt> </td> <td align="center" bgcolor="#f0f0ff"> <br> smtp(8) <br>
+ </td> <td> <tt> -></tt>Network </td> </tr>
+
+<tr> <td colspan="3"> </td> <td align="right"> <table> <tr> <td>
+</td> <td> / </td> </tr> <tr> <td> / </td> <td> </td> </tr> </table>
+</td> <td align="center"> |<br> |</td> <td align="left"> <table>
+<tr> <td> \ </td> <td> </td> </tr> <tr> <td> </td> <td> \ </td>
+</tr> </table> </td> <td colspan="3"> </td> </tr>
+
+<tr> <td colspan="2"> </td> <td align="center" bgcolor="#f0f0ff">
+smtpd<br> session<br> cache </td> <td> </td> <td align="center"
+bgcolor="#f0f0ff"> PRNG<br> state <br>file </td> <td> </td> <td
+align="center" bgcolor="#f0f0ff"> smtp<br> session<br> cache </td>
+<td colspan="2"> </td> </tr>
+
+</table>
+
+
<li> <p> The verify(8) server verifies that a sender or recipient
address is deliverable before the smtpd(8) server accepts it. The
verify(8) server injects probe messages into the Postfix queue and
</pre>
</blockquote>
-<p> Solaris may need run-time path information: </p>
+<p> Solaris needs run-time path information too: </p>
<blockquote>
<pre>
<b>dbm</b> files instead of <b>db</b> files. To find out what lookup
tables Postfix supports, use the command "<b>postconf -m</b>". </p>
-<p> Execute the command "<b>postmap /etc/postfix/transport</b>" whenever
-you change the transport table. </p>
+<p> Execute the command "<b>postmap /etc/postfix/transport</b>"
+whenever you change the transport table. </p>
+
+<p> NOTE: Do not use the fallback_relay feature when relaying mail
+for a backup or primary MX domain. Mail would loop between the
+Postfix MX host and the fallback_relay host when the final destination
+is unavailable. </p>
+
+<ul>
+
+<li> In main.cf specify "<tt>relay_transport = relay</tt>",
+
+<li> In master.cf specify "<tt>-o fallback_relay =</tt>" at the
+end of the <tt>relay</tt> entry.
+
+<li> In transport maps, specify "<tt>relay:<i>nexthop...</i></tt>"
+as the right-hand side for backup or primary MX domain entries.
+
+</ul>
+
+<p> These are default settings in Postfix version 2.2 and later.
+</p>
<h2><a name="dialup">Postfix on a dialup machine</a></h2>
own code, every 1000 lines introduce one additional bug into
Postfix. </p>
-<h2> Purpose of this document </h2>
+<h2> Introduction </h2>
-<p> This document describes how to build Postfix with Transport
-Layer Security (TLS) support in the Postfix SMTP client and Postfix
-SMTP server, and how to configure the TLS manager daemon that
-maintains the Pseudo Random Number Generator (PRNG) pool and the
-TLS session cache information. </p>
+<p> This document requires Postfix version 2.2 or later. </p>
+
+<p> Postfix may be built with Transport Layer Security (TLS, formerly
+called SSL) protocol support as described in RFC 3207. This provides
+certificate-based authentication, and encrypted sessions. An
+encrypted session protects the information that is transmitted with
+SMTP mail or with SASL authentication. The main elements of the
+Postfix TLS architecture are: </p>
+
+<ul>
+
+<li> <p> The smtpd(8) server implements the SMTP over TLS server
+side. </p>
+
+<li> <p> The smtp(8) client implements the SMTP over TLS client
+side. </p>
+
+<li> <p> The tlsmgr(8) server maintains the pseudo-random number
+generator (PRNG) that seeds the TLS engines in the smtpd(8) server
+and smtp(8) client processes, and maintains the TLS session cache
+files with TLS session keys. </p>
+
+</ul>
+
+<p> The following diagram shows the relationship between these
+architecture elements. </p>
+
+<table>
+
+<tr> <td>Network<tt>-> </tt> </td> <td align="center"
+bgcolor="#f0f0ff"> <br> <a href="smtpd.8.html">smtpd(8)</a> <br> </td> <td colspan="2">
+
+<tt> <---seed---<br><br><-session-> </tt> </td> <td
+align="center" bgcolor="#f0f0ff"> <br> <a href="tlsmgr.8.html">tlsmgr(8)</a> <br> </td>
+<td colspan="3"> <tt> ---seed---><br> <br><-session->
+
+</tt> </td> <td align="center" bgcolor="#f0f0ff"> <br> <a href="smtp.8.html">smtp(8)</a> <br>
+ </td> <td> <tt> -></tt>Network </td> </tr>
+
+<tr> <td colspan="3"> </td> <td align="right"> <table> <tr> <td>
+
+</td> <td> / </td> </tr> <tr> <td> / </td> <td> </td> </tr> </table>
+</td> <td align="center"> |<br> |</td> <td align="left"> <table>
+
+<tr> <td> \ </td> <td> </td> </tr> <tr> <td> </td> <td> \ </td>
+</tr> </table> </td> <td colspan="3"> </td> </tr>
+
+<tr> <td colspan="2"> </td> <td align="center" bgcolor="#f0f0ff">
+smtpd<br> session<br> cache </td> <td> </td> <td align="center"
+bgcolor="#f0f0ff"> PRNG<br> state <br>file </td> <td> </td> <td
+align="center" bgcolor="#f0f0ff"> smtp<br> session<br> cache </td>
+
+<td colspan="2"> </td> </tr>
+
+</table>
<p> Topics covered in this document: </p>
<p> To build Postfix with TLS support, first we need to generate
the <tt>make(1)</tt> files with the necessary definitions. This is
-done by invoking the command "<tt>make makefiles</tt> in the Postfix
+done by invoking the command "<tt>make makefiles</tt>" in the Postfix
top-level directory and with arguments as shown next. </p>
<ul>
</pre>
</blockquote>
+<p> On Solaris, specify the <tt>-R</tt> option as shown below:
+
+<blockquote>
+<pre>
+% <b>make tidy</b> # if you have left-over files from a previous build
+% <b>make makefiles CCARGS="-DUSE_TLS -I/usr/local/include" \
+ AUXLIBS="-R/usr/local/lib -L/usr/local/lib -lssl -lcrypto" </b>
+</pre>
+</blockquote>
+
</ul>
<p> If you need to apply other customizations (such as Berkeley DB
<dt> NONE </dt> <dd> Don't use TLS at all. </dd>
<dt> MAY </dt> <dd> Try to use STARTTLS if offered, otherwise use
-the unencrypted connection. NOTE: STARTTLS can be used only if TLS
-is already enabled via main.cf, so that the client TLS engine is
-properly initialized at program startup. </dd>
+the unencrypted connection. </dd>
<dt> MUST </dt> <dd> Require usage of STARTTLS, require that the
remote SMTP server hostname matches the information in the remote
<p> In order to feed its in-memory PRNG pool, the tlsmgr(8) reads
entropy from an external source, both at startup and during run-time.
Specify a good entropy source, like EGD or /dev/urandom; be sure
-to only use non-blocking sources. If the entropy source is not a
+to only use non-blocking sources (on OpenBSD, use /dev/arandom
+when tlsmgr(8) complains about /dev/urandom timeout errors).
+If the entropy source is not a
regular file, you must prepend the source type to the source name:
"dev:" for a device special file, or "egd:" for a source with EGD
compatible socket interface. </p>
<li> <p> Reduce the smtp_connect_timeout and smtp_helo_timeout
values so that Postfix does not waste lots of time connecting
-to non-responding smtpd(8) servers. </p>
+to non-responding remote SMTP servers. </p>
<li> <p> Use a dedicated mail delivery transport for problematic
destinations, with reduced timeouts and with adjusted concurrency.
<li> <p> The SOURCE attribute specifies LOCAL when the message
was received from a source that is local with respect to the
- up-stream host, REMOTE for mail from a remote source, or
- [UNAVAILABLE] when the information is unavailable. The down-stream
- MTA may decide to enable header munging and address qualification
- with mail from local sources. </p>
+ up-stream host (for example, the message originated from the
+ up-stream host itself), REMOTE for all other mail, or [UNAVAILABLE]
+ when the information is unavailable. The down-stream MTA may
+ decide to enable features such as header munging or address
+ qualification with mail from local sources but not other sources.
+ </p>
</ul>
# \fBpostmap -q - cidr:/etc/postfix/\fIfilename\fR <\fIinputfile\fR
# DESCRIPTION
# The Postfix mail system uses optional lookup tables.
-# These tables are usually in \fBdbm\fR or \fBdb\fR format.
-# Alternatively, lookup tables can be specified in CIDR
+# These tables are usually in \fBdbm\fR or \fBdb\fR format.
+# Alternatively, lookup tables can be specified in CIDR
# (Classless Inter-Domain Routing) form.
#
# To find out what types of lookup tables your Postfix system
# 0.0.0.0/0 to match every IPv4 address, and ::/0 to match
# every IPv6 address.
#
+# An IPv4 network address is a sequence of four decimal octets
+# separated by ".", and an IPv6 network address is a sequence
+# of three to eight hexadecimal octet pairs separated by ":".
+#
+# Before comparisons are made, lookup keys and table entries
+# are converted from string to binary. Therefore table entries
+# will be matched regardless of redundant zero characters.
+#
# Note: address information may be enclosed inside "[]" but
# this form is not recommended.
#
# configuration variable in the main.cf file).
# .sp
# Chroot should not be used with the \fBlocal\fR(8),
-# \fBpipe\fR(8) and \fBspawn\fR(8) daemons. Although the
+# \fBpipe\fR(8), \fBspawn\fR(8), and virtual(8) daemons.
+# Although the
# \fBproxymap\fR(8) server can run chrooted, doing so defeats
# most of the purpose of having that service in the first
# place.
not found, and delivery is deferred if a destination is unreachable.
</p>
-<p>
-The fallback relays must be SMTP destinations. Specify a domain,
+<p> The fallback relays must be SMTP destinations. Specify a domain,
host, host:port, [host]:port, [address] or [address]:port; the form
[host] turns off MX lookups. If you specify multiple SMTP
-destinations, Postfix will try them in the specified order.
+destinations, Postfix will try them in the specified order. </p>
+
+<p> NOTE: Do not use the fallback_relay feature when relaying mail
+for a backup or primary MX domain. Mail would loop between the
+Postfix MX host and the fallback_relay host when the final destination
+is unavailable. </p>
+
+<ul>
+
+<li> In main.cf specify "<tt>relay_transport = relay</tt>",
+
+<li> In master.cf specify "<tt>-o fallback_relay =</tt>" at the
+end of the <tt>relay</tt> entry.
+
+<li> In transport maps, specify "<tt>relay:<i>nexthop...</i></tt>"
+as the right-hand side for backup or primary MX domain entries.
+
+</ul>
+
+<p> These are default settings in Postfix version 2.2 and later.
</p>
%PARAM fast_flush_domains $relay_domains
parent domains, client IP address, or networks obtained by stripping
least significant octets. See the access(5) manual page for details. </dd>
+<dt><b><a name="permit_inet_interfaces">permit_inet_interfaces</a></b></dt>
+
+<dd>Permit the request when the client IP address matches
+$inet_interfaces. </dd>
+
<dt><b><a name="permit_mynetworks">permit_mynetworks</a></b></dt>
<dd>Permit the request when the client IP address matches any
remote_header_rewrite_domain =
</pre>
-%PARAM local_header_rewrite_clients see "postconf -d" output
+%PARAM local_header_rewrite_clients permit_inet_interfaces
<p> Append the domain name in $myorigin or $mydomain to message
header addresses from these clients only; either don't rewrite
message headers from other clients at all, or append the domain
specified with the remote_header_rewrite_domain parameter. </p>
+<p> See the append_at_myorigin and append_dot_mydomain parameters
+for details of how domain names are appended to incomplete addresses.
+</p>
+
<p> Specify a list of zero or more of the following: </p>
<dl>
+<dt> <b> permit_inet_interfaces </b></dt>
+
+<dd> Append the domain name in $myorigin or $mydomain when the
+client IP address matches $inet_interfaces. This is enabled by
+default. </dd>
+
<dt> <b> permit_mynetworks </b></dt>
<dd> Append the domain name in $myorigin or $mydomain when the
client IP address matches any network or network address listed in
-$mynetworks. This is enabled by default. </dd>
+$mynetworks. This setting will not prevent remote mail header
+address rewriting when mail from a remote client is forwarded by
+a neighboring system. </p>
<dt><b> permit_sasl_authenticated </b></dt>
<dd> Append the domain name in $myorigin or $mydomain when the
client is successfully authenticated via the RFC 2554 (AUTH)
-protocol. This is enabled by default. </dd>
+protocol. </dd>
<dt><b> permit_tls_clientcerts </b></dt>
<dd> Append the domain name in $myorigin or $mydomain when the
client TLS certificate is successfully verified, and the client
-certificate fingerprint is listed in $relay_clientcerts. This is
-enabled by default. </dd>
+certificate fingerprint is listed in $relay_clientcerts. </dd>
<dt><b> permit_tls_all_clientcerts </b></dt>
whether it is listed on the server, and regardless of the certifying
authority. </dd>
-<dt><b> <a name="check_address_map">check_address_map</a> <i><a href="DATABASE_README.html">type:table</a></i> </b></dt>
+<dt><b> <a name="check_address_map">check_address_map</a> <i><a
+href="DATABASE_README.html">type:table</a></i> </b></dt>
<dt><b> <i><a href="DATABASE_README.html">type:table</a></i> </b></dt>
<dd> Append the domain name in $myorigin or $mydomain when the
-client IP address matches the specified lookup table. The lookup
-result is ignored, and no subnet lookup is done. This is suitable
-for pop-before-smtp lookup tables. </dd>
+client IP address matches the specified lookup table.
+The lookup result is ignored, and no subnet lookup is done. This
+is suitable for, e.g., pop-before-smtp lookup tables. </dd>
</dl>
<p> Examples: </p>
-<p> The backwards compatible setting: always rewrite message headers,
-and always append my own domain to incomplete header addresses. </p>
+<p> The Postfix < 2.2 backwards compatible setting: always rewrite
+message headers, and always append my own domain to incomplete
+header addresses. </p>
<pre>
local_header_rewrite_clients = static:all
</pre>
-<p> The purist setting: rewrite headers only in mail from Postfix
-sendmail and in SMTP mail from this machine. </p>
+<p> The purist (and default) setting: rewrite headers only in mail
+from Postfix sendmail and in SMTP mail from this machine. </p>
<pre>
- mynetworks_style = host
- local_header_rewrite_clients = permit_mynetworks
+ local_header_rewrite_clients = permit_inet_interfaces
</pre>
-<p> The default setting: rewrite headers and append my own domain
-only with mail from Postfix sendmail and from local or authorized
-SMTP clients. </p>
+<p> The intermediate setting: rewrite header addresses and append
+$myorigin or $mydomain information only with mail from Postfix
+sendmail, from local clients, or from authorized SMTP clients. </p>
-<pre>
- local_header_rewrite_clients = permit_mynetworks,
- permit_sasl_authenticated permit_tls_clientcerts
-</pre>
-
-<p> The ISP setting: include clients that are pop-before-smtp
-authenticated. </p>
+<p> NOTE: This setting will not prevent remote mail header address
+rewriting when mail from a remote client is forwarded by a neighboring
+system. </p>
<pre>
local_header_rewrite_clients = permit_mynetworks,
<dt> NONE </dt> <dd>Don't use TLS at all. </dd>
<dt> MAY </dt> <dd>Try to use STARTTLS if offered, otherwise use
-the unencrypted connection. NOTE: STARTTLS can be used only if
-TLS is already enabled via main.cf, so that the client TLS engine
-is properly initialized at program startup. </dd>
+the unencrypted connection. </dd>
<dt> MUST </dt> <dd>Require usage of STARTTLS, require that the
remote SMTP server hostname matches the information in the remote
EGD compatible socket interface, or dev:/path/to/device for a
device file. </p>
+<p> Note: on OpenBSD systems specify /dev/arandom when /dev/urandom
+gives timeout errors. </p>
+
%PARAM tls_random_bytes 32
<p> The number of bytes that tlsmgr(8) reads from $tls_random_source
#include <vstring.h>
#include <msg.h>
#include <msg_vstream.h>
+#include <mymalloc.h>
+#include <argv.h>
/* Application-specific. */
int main(int argc, char **argv)
{
- int type;
+ ARGV *types_argv;
+ int *types;
char *name;
VSTRING *fqdn = vstring_alloc(100);
VSTRING *why = vstring_alloc(100);
DNS_RR *rr;
+ int i;
msg_vstream_init(argv[0], VSTREAM_ERR);
if (argc != 3)
- msg_fatal("usage: %s type name", argv[0]);
- if ((type = dns_type(argv[1])) == 0)
- msg_fatal("invalid query type: %s", argv[1]);
+ msg_fatal("usage: %s types name", argv[0]);
+ types_argv = argv_split(argv[1], ", \t\r\n");
+ types = (int *) mymalloc(sizeof(*types) * (types_argv->argc + 1));
+ for (i = 0; i < types_argv->argc; i++)
+ if ((types[i] = dns_type(types_argv->argv[i])) == 0)
+ msg_fatal("invalid query type: %s", types_argv->argv[i]);
+ types[i] = 0;
+ argv_free(types_argv);
name = argv[2];
msg_verbose = 1;
- switch (dns_lookup_l(name, RES_DEFNAMES | RES_DEBUG, &rr, fqdn, why,
- DNS_REQ_FLAG_ALL, type, 0)) {
+ switch (dns_lookup_v(name, RES_DEFNAMES | RES_DEBUG, &rr, fqdn, why,
+ DNS_REQ_FLAG_ALL, types)) {
default:
msg_fatal("%s", vstring_str(why));
case DNS_OK:
printf("%s: fqdn: %s\n", name, vstring_str(fqdn));
print_rr(rr);
+ dns_rr_free(rr);
}
+ myfree((char *) types);
exit(0);
}
/* int input_transp_mask(param_name, pattern)
/* const char *param_name;
/* const char *pattern;
+/*
+/* int input_transp_cleanup(cleanup_flags, transp_mask)
+/* int cleanup_flags;
+/* int transp_mask;
/* DESCRIPTION
/* This module controls how much processing happens before mail is
/* written to the Postfix queue. Each transparency option is either
/* address masquerading, and automatic BCC recipients.
/* .IP "no_header_body_checkss (INPUT_TRANSP_HEADER_BODY)
/* Disable header/body_checks.
+/*
+/* input_transp_cleanup() takes a bunch of cleanup processing
+/* flags and updates them according to the settings in the
+/* specified input transparency mask.
/* DIAGNOSTICS
/* Panic: inappropriate use.
/* LICENSE
/* Global library. */
#include <mail_params.h>
+#include <cleanup_user.h>
#include <input_transp.h>
/* input_transp_mask - compute mail receive transparency mask */
static NAME_MASK table[] = {
"no_unknown_recipient_checks", INPUT_TRANSP_UNKNOWN_RCPT,
"no_address_mappings", INPUT_TRANSP_ADDRESS_MAPPING,
- "no_header_body_checks", INPUT_TRANSP_HEADER_BODY,
+ "no_header_body_checks", INPUT_TRANSP_HEADER_BODY,
0,
};
return (name_mask(param_name, table, pattern));
}
+
+/* input_transp_cleanup - adjust cleanup options */
+
+int input_transp_cleanup(int cleanup_flags, int transp_mask)
+{
+ if (transp_mask & INPUT_TRANSP_ADDRESS_MAPPING)
+ cleanup_flags &= ~(CLEANUP_FLAG_BCC_OK | CLEANUP_FLAG_MAP_OK);
+ if (transp_mask & INPUT_TRANSP_HEADER_BODY)
+ cleanup_flags &= ~CLEANUP_FLAG_FILTER;
+ return (cleanup_flags);
+}
#define INPUT_TRANSP_HEADER_BODY (1<<2)
extern int input_transp_mask(const char *, const char *);
+extern int input_transp_cleanup(int, int);
/* LICENSE
/* .ad
#define DEF_UNK_CLIENT_CODE 450
extern int var_unk_client_code;
+#define PERMIT_INET_INTERFACES "permit_inet_interfaces"
+
#define PERMIT_MYNETWORKS "permit_mynetworks"
#define PERMIT_NAKED_IP_ADDR "permit_naked_ip_address"
#define CHECK_ADDR_MAP "check_address_map"
#define VAR_LOC_RWR_CLIENTS "local_header_rewrite_clients"
-#ifdef USE_TLS
-#define DEF_LOC_RWR_CLIENTS PERMIT_MYNETWORKS " " PERMIT_SASL_AUTH \
- " " PERMIT_TLS_CLIENTCERTS
-#else
-#define DEF_LOC_RWR_CLIENTS PERMIT_MYNETWORKS " " PERMIT_SASL_AUTH
-#endif
+#define DEF_LOC_RWR_CLIENTS PERMIT_INET_INTERFACES
extern char *var_local_rwr_clients;
/*
* Patches change the patchlevel and the release date. Snapshots change the
* release date only.
*/
-#define MAIL_RELEASE_DATE "20050119"
+#define MAIL_RELEASE_DATE "20050131"
#define MAIL_VERSION_NUMBER "2.2"
#define VAR_MAIL_VERSION "mail_version"
*
* Skip this command if it was already delivered to as this user.
*/
- if (been_here(state.dup_filter, "command %ld %s", (long) usr_attr.uid, command))
+ if (been_here(state.dup_filter, "command %s:%ld %s",
+ state.msg_attr.user, (long) usr_attr.uid, command))
return (0);
/*
MAIL_SERVER_PRE_INIT, pre_init,
MAIL_SERVER_POST_INIT, post_init,
MAIL_SERVER_PRE_ACCEPT, pre_accept,
+ MAIL_SERVER_PRIVILEGED,
0);
}
#define MAIL_SERVER_SOLITARY 15
#define MAIL_SERVER_UNLIMITED 16
#define MAIL_SERVER_PRE_DISCONN 17
+#define MAIL_SERVER_PRIVILEGED 18
#define MAIL_SERVER_IN_FLOW_DELAY 20
/* This service must be configured with process limit of 1.
/* .IP MAIL_SERVER_UNLIMITED
/* This service must be configured with process limit of 0.
+/* .IP MAIL_SERVER_PRIVILEGED
+/* This service must be configured as privileged.
/* .PP
/* multi_server_disconnect() should be called by the application
/* when a client disconnects.
msg_fatal("service %s requires a process limit of 0",
service_name);
break;
+ case MAIL_SERVER_PRIVILEGED:
+ if (user_name)
+ msg_fatal("service %s requires privileged operation",
+ service_name);
+ break;
default:
msg_panic("%s: unknown argument type: %d", myname, key);
}
/* This service must be configured with process limit of 1.
/* .IP MAIL_SERVER_UNLIMITED
/* This service must be configured with process limit of 0.
+/* .IP MAIL_SERVER_PRIVILEGED
+/* This service must be configured as privileged.
/* .PP
/* The var_use_limit variable limits the number of clients that
/* a server can service before it commits suicide.
msg_fatal("service %s requires a process limit of 0",
service_name);
break;
+ case MAIL_SERVER_PRIVILEGED:
+ if (user_name)
+ msg_fatal("service %s requires privileged operation",
+ service_name);
+ break;
default:
msg_panic("%s: unknown argument type: %d", myname, key);
}
/* This service must be configured with process limit of 1.
/* .IP MAIL_SERVER_UNLIMITED
/* This service must be configured with process limit of 0.
+/* .IP MAIL_SERVER_PRIVILEGED
+/* This service must be configured as privileged.
/* .PP
/* The var_use_limit variable limits the number of clients that
/* a server can service before it commits suicide.
msg_fatal("service %s requires a process limit of 0",
service_name);
break;
+ case MAIL_SERVER_PRIVILEGED:
+ if (user_name)
+ msg_fatal("service %s requires privileged operation",
+ service_name);
+ break;
default:
msg_panic("%s: unknown argument type: %d", myname, key);
}
* easier to implement the many possible error exits without forgetting
* to close files, or to release memory.
*/
- cleanup_flags = (CLEANUP_FLAG_BOUNCE | CLEANUP_FLAG_MASK_EXTERNAL);
- if (pickup_input_transp_mask & INPUT_TRANSP_ADDRESS_MAPPING)
- cleanup_flags &= ~(CLEANUP_FLAG_BCC_OK | CLEANUP_FLAG_MAP_OK);
- if (pickup_input_transp_mask & INPUT_TRANSP_HEADER_BODY)
- cleanup_flags &= ~CLEANUP_FLAG_FILTER;
+ cleanup_flags =
+ input_transp_cleanup(CLEANUP_FLAG_BOUNCE | CLEANUP_FLAG_MASK_EXTERNAL,
+ pickup_input_transp_mask);
cleanup = mail_connect_wait(MAIL_CLASS_PUBLIC, var_cleanup_service);
if (attr_scan(cleanup, ATTR_FLAG_STRICT,
MAIL_SERVER_PRE_INIT, pre_init,
MAIL_SERVER_POST_INIT, drop_privileges,
MAIL_SERVER_PRE_ACCEPT, pre_accept,
+ MAIL_SERVER_PRIVILEGED,
0);
}
/* .RS
/* .IP \fBbtree\fR
/* The output is a btree file, named \fIfile_name\fB.db\fR.
-/* This is available only on systems with support for \fBdb\fR databases.
+/* This is available on systems with support for \fBdb\fR databases.
+/* .IP \fBcdb\fR
+/* The output is one file named \fIfile_name\fB.cdb\fR.
+/* This is available on systems with support for \fBcdb\fR databases.
/* .IP \fBdbm\fR
/* The output consists of two files, named \fIfile_name\fB.pag\fR and
/* \fIfile_name\fB.dir\fR.
-/* This is available only on systems with support for \fBdbm\fR databases.
+/* This is available on systems with support for \fBdbm\fR databases.
/* .IP \fBhash\fR
/* The output is a hashed file, named \fIfile_name\fB.db\fR.
-/* This is available only on systems with support for \fBdb\fR databases.
+/* This is available on systems with support for \fBdb\fR databases.
/* .IP \fBsdbm\fR
/* The output consists of two files, named \fIfile_name\fB.pag\fR and
/* \fIfile_name\fB.dir\fR.
-/* This is available only on systems with support for \fBsdbm\fR databases.
+/* This is available on systems with support for \fBsdbm\fR databases.
/* .PP
/* When no \fIfile_type\fR is specified, the software uses the database
/* type specified via the \fBdefault_database_type\fR configuration
/* .RS
/* .IP \fBflock\fR
/* A kernel-based advisory locking method for local files only.
-/* This locking method is available only on systems with a BSD
+/* This locking method is available on systems with a BSD
/* compatible library.
/* .IP \fBfcntl\fR
/* A kernel-based advisory locking method for local and remote files.
/* stale lock files that were left behind after abnormal termination.
/* .RE
/* .IP \fB-m\fR
-/* List the names of all supported lookup table types. Postfix
+/* List the names of all supported lookup table types. In Postfix
+/* configuration files,
/* lookup tables are specified as \fItype\fB:\fIname\fR, where
/* \fItype\fR is one of the types listed below. The table \fIname\fR
-/* syntax depends on the lookup table type.
+/* syntax depends on the lookup table type as described in the
+/* DATABASE_README document.
/* .RS
/* .IP \fBbtree\fR
/* A sorted, balanced tree structure.
-/* This is available only on systems with support for Berkeley DB
+/* This is available on systems with support for Berkeley DB
/* databases.
+/* .IP \fBcdb\fR
+/* A read-optimized structure with no support for incremental updates.
+/* This is available on systems with support for CDB databases.
/* .IP \fBcidr\fR
/* A table that associates values with Classless Inter-Domain Routing
/* (CIDR) patterns. This is described in \fBcidr_table\fR(5).
/* .IP \fBdbm\fR
/* An indexed file type based on hashing.
-/* This is available only on systems with support for DBM databases.
+/* This is available on systems with support for DBM databases.
/* .IP \fBenviron\fR
/* The UNIX process environment array. The lookup key is the variable
/* name. Originally implemented for testing, someone may find this
/* useful someday.
/* .IP \fBhash\fR
/* An indexed file type based on hashing.
-/* This is available only on systems with support for Berkeley DB
+/* This is available on systems with support for Berkeley DB
/* databases.
/* .IP "\fBldap\fR (read-only)"
/* Perform lookups using the LDAP protocol. This is described
/* described in \fBregexp_table\fR(5).
/* .IP \fBsdbm\fR
/* An indexed file type based on hashing.
-/* This is available only on systems with support for SDBM databases.
+/* This is available on systems with support for SDBM databases.
/* .IP "\fBstatic\fR (read-only)"
/* A table that always returns its name as lookup result. For example,
/* \fBstatic:foobar\fR always returns the string \fBfoobar\fR as lookup
/* .RS
/* .IP \fBbtree\fR
/* The output file is a btree file, named \fIfile_name\fB.db\fR.
-/* This is available only on systems with support for \fBdb\fR databases.
+/* This is available on systems with support for \fBdb\fR databases.
+/* .IP \fBcdb\fR
+/* The output consists of one file, named \fIfile_name\fB.cdb\fR.
+/* This is available on systems with support for \fBcdb\fR databases.
/* .IP \fBdbm\fR
/* The output consists of two files, named \fIfile_name\fB.pag\fR and
/* \fIfile_name\fB.dir\fR.
-/* This is available only on systems with support for \fBdbm\fR databases.
+/* This is available on systems with support for \fBdbm\fR databases.
/* .IP \fBhash\fR
/* The output file is a hashed file, named \fIfile_name\fB.db\fR.
-/* This is available only on systems with support for \fBdb\fR databases.
+/* This is available on systems with support for \fBdb\fR databases.
/* .IP \fBsdbm\fR
/* The output consists of two files, named \fIfile_name\fB.pag\fR and
/* \fIfile_name\fB.dir\fR.
-/* This is available only on systems with support for \fBsdbm\fR databases.
+/* This is available on systems with support for \fBsdbm\fR databases.
/* .PP
/* When no \fIfile_type\fR is specified, the software uses the database
/* type specified via the \fBdefault_database_type\fR configuration
/* The proxymap server is not a trusted daemon process, and must
/* not be used to look up sensitive information such as user or
/* group IDs, mailbox file/directory names or external commands.
+/*
+/* In Postfix version 2.2 and later, the proxymap client recognizes
+/* requests to access a table for security-sensitive purposes,
+/* and opens the table directly. This allows the same main.cf
+/* setting to be used by sensitive and non-sensitive processes.
/* DIAGNOSTICS
/* Problems and transactions are logged to \fBsyslogd\fR(8).
/* BUGS
/*
* Connect to the cleanup server. Log client name/address with queue ID.
*/
- cleanup_flags = CLEANUP_FLAG_MASK_EXTERNAL;
- if (qmqpd_input_transp_mask & INPUT_TRANSP_ADDRESS_MAPPING)
- cleanup_flags &= ~(CLEANUP_FLAG_BCC_OK | CLEANUP_FLAG_MAP_OK);
- if (qmqpd_input_transp_mask & INPUT_TRANSP_HEADER_BODY)
- cleanup_flags &= ~CLEANUP_FLAG_FILTER;
-
+ cleanup_flags = input_transp_cleanup(CLEANUP_FLAG_MASK_EXTERNAL,
+ qmqpd_input_transp_mask);
state->dest = mail_stream_service(MAIL_CLASS_PUBLIC, var_cleanup_service);
if (state->dest == 0
|| attr_print(state->dest->stream, ATTR_FLAG_NONE,
char *start;
char *line;
char *next_line;
+ int len;
/*
* Parse the header line, and save copies of recipient addresses in the
/*
* Pipe the unmodified message header through the header line folding
- * routine.
+ * routine, and ensure that long lines are chopped appropriately.
*/
for (line = start = STR(buf); line; line = next_line) {
next_line = split_at(line, '\n');
- output_text(context, REC_TYPE_NORM, line, next_line ?
- next_line - line - 1 : strlen(line), offset);
+ len = next_line ? next_line - line - 1 : strlen(line);
+ do {
+ if (len > var_line_limit) {
+ output_text(context, REC_TYPE_CONT, line, var_line_limit, offset);
+ line += var_line_limit;
+ len -= var_line_limit;
+ offset += var_line_limit;
+ } else {
+ output_text(context, REC_TYPE_NORM, line, len, offset);
+ break;
+ }
+ } while (len > 0);
+ offset += 1;
}
}
/* SYNOPSIS
/* #include "smtp_addr.h"
/*
-/* DNS_RR *smtp_domain_addr(name, misc_flags, why)
+/* DNS_RR *smtp_domain_addr(name, misc_flags, why, found_myself)
/* char *name;
/* int misc_flags;
/* VSTRING *why;
+/* int *found_myself;
/*
/* DNS_RR *smtp_host_addr(name, misc_flags, why)
/* char *name;
/* exchanger hosts listed for the named domain. Addresses are
/* returned in most-preferred first order. The result is truncated
/* so that it contains only hosts that are more preferred than the
-/* local mail server itself.
+/* local mail server itself. The found_myself result parameter
+/* is updated when the local MTA is MX host for the specified
+/* destination.
/*
/* When no mail exchanger is listed in the DNS for \fIname\fR, the
/* request is passed to smtp_host_addr().
/* smtp_domain_addr - mail exchanger address lookup */
-DNS_RR *smtp_domain_addr(char *name, int misc_flags, VSTRING *why)
+DNS_RR *smtp_domain_addr(char *name, int misc_flags, VSTRING *why,
+ int *found_myself)
{
DNS_RR *mx_names;
DNS_RR *addr_list = 0;
/*
* Clean up.
*/
+ *found_myself |= (self != 0);
return (addr_list);
}
* Internal interfaces.
*/
extern DNS_RR *smtp_host_addr(char *, int, VSTRING *);
-extern DNS_RR *smtp_domain_addr(char *, int, VSTRING *);
+extern DNS_RR *smtp_domain_addr(char *, int, VSTRING *, int *);
/* LICENSE
/* .ad
int lookup_mx;
unsigned domain_best_pref;
int sess_flags = SMTP_SESS_FLAG_NONE;
+ int i_am_mx = 0;
+ int non_fallback_sites;
/*
* First try to deliver to the indicated destination, then try to deliver
argv_add(sites, request->nexthop, (char *) 0);
if (sites->argc == 0)
msg_panic("null destination: \"%s\"", request->nexthop);
+ non_fallback_sites = sites->argc;
argv_split_append(sites, var_fallback_relay, ", \t\r\n");
/*
* then is to build this into the pre-existing SMTP client without
* getting lost in the complexity.
*/
+#define IS_FALLBACK_RELAY(cpp, sites, non_fallback_sites) \
+ ((cpp) >= (sites)->argv + (non_fallback_sites))
+
for (cpp = sites->argv; SMTP_RCPT_LEFT(state) > 0 && (dest = *cpp) != 0; cpp++) {
+ if (i_am_mx && IS_FALLBACK_RELAY(cpp, sites, non_fallback_sites))
+ break;
state->final_server = (cpp[1] == 0);
/*
lookup_mx = (var_disable_dns == 0 && *dest != '[');
if (!lookup_mx) {
addr_list = smtp_host_addr(domain, misc_flags, why);
+ /* XXX We could be an MX host for this destination... */
} else {
- addr_list = smtp_domain_addr(domain, misc_flags, why);
+ addr_list = smtp_domain_addr(domain, misc_flags, why, &i_am_mx);
}
/*
* The fall-back destination did not resolve as expected, or it
* is refusing to talk to us, or mail for it loops back to us.
*/
- if (sites->argc > 1 && cpp > sites->argv) {
+ if (IS_FALLBACK_RELAY(cpp, sites, non_fallback_sites)) {
msg_warn("%s configuration problem", VAR_FALLBACK_RELAY);
smtp_errno = SMTP_ERR_RETRY;
}
smtpd.o: ../../include/mail_server.h
smtpd.o: smtpd_token.h
smtpd.o: smtpd.h
+smtpd.o: ../../include/myaddrinfo.h
smtpd.o: ../../include/tls.h
smtpd.o: smtpd_check.h
smtpd.o: smtpd_chat.h
smtpd_chat.o: ../../include/mail_error.h
smtpd_chat.o: ../../include/name_mask.h
smtpd_chat.o: smtpd.h
+smtpd_chat.o: ../../include/myaddrinfo.h
smtpd_chat.o: ../../include/mail_stream.h
smtpd_chat.o: ../../include/tls.h
smtpd_chat.o: smtpd_chat.h
smtpd_proxy.o: ../../include/attr.h
smtpd_proxy.o: smtpd.h
smtpd_proxy.o: ../../include/argv.h
+smtpd_proxy.o: ../../include/myaddrinfo.h
smtpd_proxy.o: ../../include/mail_stream.h
smtpd_proxy.o: ../../include/tls.h
smtpd_proxy.o: smtpd_proxy.h
smtpd_sasl_glue.o: ../../include/vstream.h
smtpd_sasl_glue.o: smtpd.h
smtpd_sasl_glue.o: ../../include/argv.h
+smtpd_sasl_glue.o: ../../include/myaddrinfo.h
smtpd_sasl_glue.o: ../../include/mail_stream.h
smtpd_sasl_glue.o: ../../include/tls.h
smtpd_sasl_glue.o: smtpd_sasl_glue.h
smtpd_sasl_proto.o: ../../include/name_mask.h
smtpd_sasl_proto.o: smtpd.h
smtpd_sasl_proto.o: ../../include/argv.h
+smtpd_sasl_proto.o: ../../include/myaddrinfo.h
smtpd_sasl_proto.o: ../../include/mail_stream.h
smtpd_sasl_proto.o: ../../include/tls.h
smtpd_sasl_proto.o: smtpd_token.h
smtpd_state.o: smtpd.h
smtpd_state.o: ../../include/vstring.h
smtpd_state.o: ../../include/argv.h
+smtpd_state.o: ../../include/myaddrinfo.h
smtpd_state.o: ../../include/mail_stream.h
smtpd_state.o: ../../include/tls.h
smtpd_state.o: smtpd_chat.h
smtpd_xforward.o: smtpd.h
smtpd_xforward.o: ../../include/vstring.h
smtpd_xforward.o: ../../include/argv.h
+smtpd_xforward.o: ../../include/myaddrinfo.h
smtpd_xforward.o: ../../include/mail_stream.h
smtpd_xforward.o: ../../include/tls.h
/* filtering, or address mapping.
/* .PP
/* Available in Postfix version 2.2 and later:
-/* .IP "\fBlocal_header_rewrite_clients (see 'postconf -d' output)\fR"
+/* .IP "\fBlocal_header_rewrite_clients (permit_inet_interfaces)\fR"
/* Append the domain name in $myorigin or $mydomain to message
/* header addresses from these clients only; either don't rewrite
/* message headers from other clients at all, or append the domain
* If running from the master or from inetd, connect to the cleanup
* service.
*/
- cleanup_flags = CLEANUP_FLAG_MASK_EXTERNAL;
- if (smtpd_input_transp_mask & INPUT_TRANSP_ADDRESS_MAPPING)
- cleanup_flags &= ~(CLEANUP_FLAG_BCC_OK | CLEANUP_FLAG_MAP_OK);
- if (smtpd_input_transp_mask & INPUT_TRANSP_HEADER_BODY)
- cleanup_flags &= ~CLEANUP_FLAG_FILTER;
+ cleanup_flags = input_transp_cleanup(CLEANUP_FLAG_MASK_EXTERNAL,
+ smtpd_input_transp_mask);
if (SMTPD_STAND_ALONE(state) == 0) {
state->dest = mail_stream_service(MAIL_CLASS_PUBLIC,
#include <vstream.h>
#include <vstring.h>
#include <argv.h>
+#include <myaddrinfo.h>
/*
* Global library.
char *addr; /* client host address string */
char *namaddr; /* combined name and address */
char *rfc_addr; /* address for RFC 2821 */
+ struct sockaddr_storage sockaddr; /* binary client endpoint */
int peer_code; /* 2=ok, 4=soft, 5=hard */
int error_count; /* reset after DOT */
int error_mask; /* client errors */
return (SMTPD_CHECK_DUNNO);
}
+/* permit_inet_interfaces - succeed if client my own address */
+
+static int permit_inet_interfaces(SMTPD_STATE *state)
+{
+ char *myname = "permit_inet_interfaces";
+
+ if (msg_verbose)
+ msg_info("%s: %s %s", myname, state->name, state->addr);
+
+ if (own_inet_addr((struct sockaddr *) & (state->sockaddr)))
+ return (SMTPD_CHECK_OK);
+ return (SMTPD_CHECK_DUNNO);
+}
+
/* permit_mynetworks - succeed if client is in a trusted network */
static int permit_mynetworks(SMTPD_STATE *state)
*/
else if (strcasecmp(name, REJECT_UNKNOWN_CLIENT) == 0) {
status = reject_unknown_client(state);
+ } else if (strcasecmp(name, PERMIT_INET_INTERFACES) == 0) {
+ status = permit_inet_interfaces(state);
} else if (strcasecmp(name, PERMIT_MYNETWORKS) == 0) {
status = permit_mynetworks(state);
} else if (is_map_command(state, name, CHECK_CLIENT_ACL, &cpp)) {
name = CHECK_ADDR_MAP;
cpp -= 1;
}
- if (strcasecmp(name, PERMIT_MYNETWORKS) == 0) {
+ if (strcasecmp(name, PERMIT_INET_INTERFACES) == 0) {
+ status = permit_inet_interfaces(state);
+ } else if (strcasecmp(name, PERMIT_MYNETWORKS) == 0) {
status = permit_mynetworks(state);
} else if (is_map_command(state, name, CHECK_ADDR_MAP, &cpp)) {
if ((dict = dict_handle(*cpp)) == 0)
void smtpd_peer_init(SMTPD_STATE *state)
{
char *myname = "smtpd_peer_init";
- struct sockaddr_storage ss;
SOCKADDR_SIZE sa_len;
struct sockaddr *sa;
INET_PROTO_INFO *proto_info = inet_proto_info();
- sa = (struct sockaddr *) & ss;
- sa_len = sizeof(ss);
+ sa = (struct sockaddr *) & (state->sockaddr);
+ sa_len = sizeof(state->sockaddr);
/*
* Look up the peer address information.
MAIL_SERVER_TIME_TABLE, time_table,
MAIL_SERVER_POST_INIT, drop_privileges,
MAIL_SERVER_PRE_ACCEPT, pre_accept,
+ MAIL_SERVER_PRIVILEGED,
0);
}
str = "unknown";
if (where & SSL_CB_LOOP) {
- msg_info("%s:%s", str, SSL_state_string_long(s));
+ msg_info("%s:%s", str, SSL_state_string_long((SSL *) s));
} else if (where & SSL_CB_ALERT) {
str = (where & SSL_CB_READ) ? "read" : "write";
if ((ret & 0xff) != SSL3_AD_CLOSE_NOTIFY)
} else if (where & SSL_CB_EXIT) {
if (ret == 0)
msg_info("%s:failed in %s",
- str, SSL_state_string_long(s));
+ str, SSL_state_string_long((SSL *) s));
else if (ret < 0) {
msg_info("%s:error in %s",
- str, SSL_state_string_long(s));
+ str, SSL_state_string_long((SSL *) s));
}
}
}
/* SYNOPSIS
/* \fBtlsmgr\fR [generic Postfix daemon options]
/* DESCRIPTION
-/* The tlsmgr(8) maintains the TLS session caches for Postfix
-/* SMTP client and server processes. It periodically removes
-/* entries that have expired, and entries that are no longer
-/* compatible with the currently running Postfix version.
+/* The tlsmgr(8) manages the TLS session caches for Postfix
+/* SMTP client and server processes. It stores and retrieves
+/* cache entries on request by smtpd(8) and smtp(8) processes,
+/* and periodically removes entries that have expired.
/*
-/* The tlsmgr(8) also maintains the PRNG (pseudo random number
-/* generator) pool. This is queried by the smtpd(8) and smtp(8)
+/* The tlsmgr(8) also manages the PRNG (pseudo random number
+/* generator) pool. It answers queries by the smtpd(8) and smtp(8)
/* processes to seed their internal PRNG pools.
/*
-/* The tlsmgr(8)'s internal PRNG pool is initially seeded from
+/* The tlsmgr(8)'s PRNG pool is initially seeded from
/* an external source (EGD, /dev/urandom, or regular file).
/* It is updated at configurable pseudo-random intervals with
/* data from the external source. It is updated periodically
struct sockaddr_in sin;
};
- /*
- * Make nulls more descriptive.
- */
-#define NO_SERVICE ((char *) 0)
-
/*
* When we're not interested in service ports, we must pick a socket type
* otherwise getaddrinfo() will give us duplicate results: one set for TCP,
projects / thirdparty / postfix.git / commitdiff
