The description of SASL authentication attributes was
garbled. File: pipe/pipe.c.
+
+ Information: the master(8) server now logs the version
+ besides the configuration directory upon "postfix reload".
+ File: master/master.c.
+
+20080717
+
+ Cleanup: a poorly-implemented integer overflow check for
+ TCP MSS calculation had the unexpected effect that people
+ broke Postfix on LP64 systems while attempting to silence
+ a compiler warning. File: util/vstream_tweak.c.
+
+20080721
+
+ The cleanup server now rejects undisclosed_recipients_header
+ parameter values with invalid message header syntax.
+ File: cleanup/cleanup_message.c.
+
+20080725
+
+ Paranoia: defer delivery when a mailbox file is not owned
+ by the recipient. Sebastian Krahmer, SuSE. Files:
+ local/mailbox.c, virtual/mailbox.c.
The mail_release_date configuration parameter (format: yyyymmdd)
specifies the release date of a stable release or snapshot release.
-Incompatibility with Postfix 2.4 and earlier
-============================================
-
-If you upgrade from Postfix 2.4 or earlier, read RELEASE_NOTES-2.5
-before proceeding.
-
Incompatibility with snapshot 20080629
======================================
Earlier Postfix SMTP server versions would announce SASL support,
and would accept SASL login or sender information.
+Incompatibility with snapshot 20080726
+======================================
+
+When a mailbox file is not owned by its recipient, the local and
+virtual delivery agents now log a warning and defer delivery.
+Specify "strict_mailbox_ownership = no" to ignore such ownership
+discrepancies.
+
Major changes with snapshot 20080629
====================================
configuration that cannot repair itself. For this reason, postfix-script,
postfix-files and post-install are moved away from /etc/postfix to
$daemon_directory.
+
+Incompatible changes with Postfix 2.5.0
+=======================================
+
+If you upgrade from Postfix 2.4 or earlier, read RELEASE_NOTES-2.5
+before proceeding.
Wish list:
+ Force a panic when the VDA patch reduces the file size limit
+ under the message size. They break the code that marks a
+ recipient as "done", when that recipient was added late
+ (e.g., "sendmail -t" or Milter SMFIR_ADDRCPT).
+
+ Set a flag when a remote SMTP client speaks before the
+ Postfix SMTP server sends the 220 greeting.
+
Encapsulate time_t comparisons so that they can be made
system dependent (use difftime() where available).
attempt; do not update the Delivered-To: address
while expanding aliases or .forward files.
+ Available in Postfix version 2.5.3 and later:
+
+ <b><a href="postconf.5.html#strict_mailbox_ownership">strict_mailbox_ownership</a> (yes)</b>
+ Defer delivery when a mailbox file is not owned by
+ its recipient.
+
<b>DELIVERY METHOD CONTROLS</b>
- The precedence of <a href="local.8.html"><b>local</b>(8)</a> delivery methods from high to
- low
is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>,
- <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>,
<a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>,
- <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>, fallback_trans-
+ The precedence of <a href="local.8.html"><b>local</b>(8)</a> delivery methods from high to
+ low
is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>,
+ <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>,
<a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>,
+ <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>, fallback_trans-
port_maps, <a href="postconf.5.html#fallback_transport">fallback_transport</a>, and <a href="postconf.5.html#luser_relay">luser_relay</a>.
<b><a href="postconf.5.html#alias_maps">alias_maps</a> (see 'postconf -d' output)</b>
- The
alias databases that are used for <a href="local.8.html"><b>local</b>(8)</a>
+ The
alias databases that are used for <a href="local.8.html"><b>local</b>(8)</a>
delivery.
<b><a href="postconf.5.html#forward_path">forward_path</a> (see 'postconf -d' output)</b>
The <a href="local.8.html"><b>local</b>(8)</a> delivery agent search list for finding
- a .forward file with user-specified delivery meth-
+ a .forward file with user-specified delivery meth-
ods.
<b><a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a> (empty)</b>
- Optional lookup tables with per-recipient message
- delivery transports to use for <a href="local.8.html"><b>local</b>(8)</a> mailbox
- delivery, whether or not the recipients are found
+ Optional lookup tables with per-recipient message
+ delivery transports to use for <a href="local.8.html"><b>local</b>(8)</a> mailbox
+ delivery, whether or not the recipients are found
in the UNIX passwd database.
<b><a href="postconf.5.html#mailbox_transport">mailbox_transport</a> (empty)</b>
- Optional message delivery transport that the
- <a href="local.8.html"><b>local</b>(8)</a> delivery agent should use for mailbox
- delivery to all local recipients, whether or not
+ Optional message delivery transport that the
+ <a href="local.8.html"><b>local</b>(8)</a> delivery agent should use for mailbox
+ delivery to all local recipients, whether or not
they are found in the UNIX passwd database.
<b><a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a> (empty)</b>
- Optional lookup tables with per-recipient external
+ Optional lookup tables with per-recipient external
commands to use for <a href="local.8.html"><b>local</b>(8)</a> mailbox delivery.
<b><a href="postconf.5.html#mailbox_command">mailbox_command</a> (empty)</b>
- Optional external command that the <a href="local.8.html"><b>local</b>(8)</a> deliv-
+ Optional external command that the <a href="local.8.html"><b>local</b>(8)</a> deliv-
ery agent should use for mailbox delivery.
<b><a href="postconf.5.html#home_mailbox">home_mailbox</a> (empty)</b>
- Optional pathname of a mailbox file relative to a
+ Optional pathname of a mailbox file relative to a
<a href="local.8.html"><b>local</b>(8)</a> user's home directory.
<b><a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a> (see 'postconf -d' output)</b>
- The directory where <a href="local.8.html"><b>local</b>(8)</a> UNIX-style mailboxes
+ The directory where <a href="local.8.html"><b>local</b>(8)</a> UNIX-style mailboxes
are kept.
<b><a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a> (empty)</b>
- Optional lookup tables with per-recipient message
- delivery transports for recipients that the
- <a href="local.8.html"><b>local</b>(8)</a> delivery agent could not find in the
+ Optional lookup tables with per-recipient message
+ delivery transports for recipients that the
+ <a href="local.8.html"><b>local</b>(8)</a> delivery agent could not find in the
<a href="aliases.5.html"><b>aliases</b>(5)</a> or UNIX password database.
<b><a href="postconf.5.html#fallback_transport">fallback_transport</a> (empty)</b>
- Optional message delivery transport that the
- <a href="local.8.html"><b>local</b>(8)</a> delivery agent should use for names that
- are not found in the <a href="aliases.5.html"><b>aliases</b>(5)</a> or UNIX password
+ Optional message delivery transport that the
+ <a href="local.8.html"><b>local</b>(8)</a> delivery agent should use for names that
+ are not found in the <a href="aliases.5.html"><b>aliases</b>(5)</a> or UNIX password
database.
<b><a href="postconf.5.html#luser_relay">luser_relay</a> (empty)</b>
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#command_execution_directory">command_execution_directory</a> (empty)</b>
- The <a href="local.8.html"><b>local</b>(8)</a> delivery agent working directory for
+ The <a href="local.8.html"><b>local</b>(8)</a> delivery agent working directory for
delivery to external command.
<b>MAILBOX LOCKING CONTROLS</b>
sive lock on a mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
<b><a href="postconf.5.html#deliver_lock_delay">deliver_lock_delay</a> (1s)</b>
- The time between attempts to acquire an exclusive
+ The time between attempts to acquire an exclusive
lock on a mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
<b><a href="postconf.5.html#stale_lock_time">stale_lock_time</a> (500s)</b>
- The time after which a stale exclusive mailbox
+ The time after which a stale exclusive mailbox
lockfile is removed.
<b><a href="postconf.5.html#mailbox_delivery_lock">mailbox_delivery_lock</a> (see 'postconf -d' output)</b>
- How to lock a UNIX-style <a href="local.8.html"><b>local</b>(8)</a> mailbox before
+ How to lock a UNIX-style <a href="local.8.html"><b>local</b>(8)</a> mailbox before
attempting delivery.
<b>RESOURCE AND RATE CONTROLS</b>
Time limit for delivery to external commands.
<b><a href="postconf.5.html#duplicate_filter_limit">duplicate_filter_limit</a> (1000)</b>
- The maximal number of addresses remembered by the
- address
duplicate filter for <a href="aliases.5.html"><b>aliases</b>(5)</a> or <a href="virtual.5.html"><b>vir-</b></a>
+ The maximal number of addresses remembered by the
+ address
duplicate filter for <a href="aliases.5.html"><b>aliases</b>(5)</a> or <a href="virtual.5.html"><b>vir-</b></a>
<a href="virtual.5.html"><b>tual</b>(5)</a> alias expansion, or for <a href="showq.8.html"><b>showq</b>(8)</a> queue dis-
plays.
<b><a href="postconf.5.html#local_destination_concurrency_limit">local_destination_concurrency_limit</a> (2)</b>
- The maximal number of parallel deliveries via the
+ The maximal number of parallel deliveries via the
local mail delivery transport to the same recipient
- (when "<a href="postconf.5.html#local_destination_recipient_limit">local_destination_recipient_limit</a> = 1") or
- the maximal number of parallel deliveries to the
- same <a href="ADDRESS_CLASS_README.html#local_domain_class">local domain</a> (when "local_destination_recipi-
+ (when "<a href="postconf.5.html#local_destination_recipient_limit">local_destination_recipient_limit</a> = 1") or
+ the maximal number of parallel deliveries to the
+ same <a href="ADDRESS_CLASS_README.html#local_domain_class">local domain</a> (when "local_destination_recipi-
ent_limit > 1").
<b><a href="postconf.5.html#local_destination_recipient_limit">local_destination_recipient_limit</a> (1)</b>
<b>SECURITY CONTROLS</b>
<b><a href="postconf.5.html#allow_mail_to_commands">allow_mail_to_commands</a> (alias, forward)</b>
- Restrict <a href="local.8.html"><b>local</b>(8)</a> mail delivery to external com-
+ Restrict <a href="local.8.html"><b>local</b>(8)</a> mail delivery to external com-
mands.
<b><a href="postconf.5.html#allow_mail_to_files">allow_mail_to_files</a> (alias, forward)</b>
- Restrict <a href="local.8.html"><b>local</b>(8)</a> mail delivery to external files.
+ Restrict <a href="local.8.html"><b>local</b>(8)</a> mail delivery to external files.
<b><a href="postconf.5.html#command_expansion_filter">command_expansion_filter</a> (see 'postconf -d' output)</b>
- Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery
- agent
allows in $name expansions of $<a href="postconf.5.html#mailbox_command">mailbox_com</a>-
- <a href="postconf.5.html#mailbox_command">mand</a>.
+ Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery
+ agent
allows in $name expansions of $<a href="postconf.5.html#mailbox_command">mailbox_com</a>-
+ <a href="postconf.5.html#mailbox_command">mand</a> and $<a href="postconf.5.html#command_execution_directory">command_execution_directory</a>.
<b><a href="postconf.5.html#default_privs">default_privs</a> (nobody)</b>
- The default rights used by the <a href="local.8.html"><b>local</b>(8)</a> delivery
+ The default rights used by the <a href="local.8.html"><b>local</b>(8)</a> delivery
agent for delivery to external file or command.
<b><a href="postconf.5.html#forward_expansion_filter">forward_expansion_filter</a> (see 'postconf -d' output)</b>
- Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery
- agent
allows in $name expansions of $<a href="postconf.5.html#forward_path">forward_path</a>.
+ Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery
+ agent
allows in $name expansions of $<a href="postconf.5.html#forward_path">forward_path</a>.
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#execution_directory_expansion_filter">execution_directory_expansion_filter</a> (see 'postconf -d'</b>
<b>output)</b>
- Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery
+ Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery
agent allows in $name expansions of $<a href="postconf.5.html#command_execution_directory">command_execu</a>-
<a href="postconf.5.html#command_execution_directory">tion_directory</a>.
+ Available in Postfix version 2.5.3 and later:
+
+ <b><a href="postconf.5.html#strict_mailbox_ownership">strict_mailbox_ownership</a> (yes)</b>
+ Defer delivery when a mailbox file is not owned by
+ its recipient.
+
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
version.
Postfix 2.2 has enhanced query interfaces for MySQL and
- PostgreSQL, these include features previously available
+ PostgreSQL; these include features previously available
only in the Postfix LDAP client. In the new interface the
SQL query is specified via a single <b>query</b> parameter
(described in more detail below). When the new <b>query</b>
(default: 50000)</b></DT><DD>
<p> The maximal amount of original message text that is sent in a
-non-delivery notification. Specify a byte count. If you increase
-this limit, then you should increase the <a href="postconf.5.html#mime_nesting_limit">mime_nesting_limit</a> value
-proportionally. </p>
+non-delivery notification. Specify a byte count. With Postfix 2.4
+and later, a message is returned as either message/rfc822 (the
+complete original) or as text/rfc822-headers (the headers only).
+With earlier Postfix versions, a message is always returned as
+message/rfc822 and is truncated when it exceeds the size limit.
+</p>
+
+<p> Notes: </p>
+
+<ul>
+
+<li> <p> If you increase this limit, then you should increase the
+<a href="postconf.5.html#mime_nesting_limit">mime_nesting_limit</a> value proportionally. </p>
-<p> Note: be careful when making changes. Excessively large values
+<li> <p> Be careful when making changes. Excessively large values
will result in the loss of non-delivery notifications, when a bounce
message size exceeds a local or remote MTA's message size limit.
</p>
+</ul>
+
</DD>
</p>
<p>
-For example, with a <a href="virtual.5.html">virtual(5)</a> mapping of "<i>joe@domain ->
-joe.user</i>", the address "<i>joe+foo@domain</i>" would rewrite
-to "<i>joe.user+foo</i>".
+For example, with a <a href="virtual.5.html">virtual(5)</a> mapping of "<i>joe@example.com =>
+joe.user@example.net</i>", the address "<i>joe+foo@example.com</i>"
+would rewrite to "<i>joe.user+foo@example.net</i>".
</p>
<p>
</p>
+</DD>
+
+<DT><b><a name="strict_mailbox_ownership">strict_mailbox_ownership</a>
+(default: yes)</b></DT><DD>
+
+<p> Defer delivery when a mailbox file is not owned by its recipient.
+The default setting is not backwards compatible. </p>
+
+<p> This feature is available in Postfix 2.5.3 and later. </p>
+
+
</DD>
<DT><b><a name="strict_mime_encoding_domain">strict_mime_encoding_domain</a>
<p>
Message header that the Postfix <a href="cleanup.8.html">cleanup(8)</a> server inserts when a
-message contains no To: or Cc: message header. </p>
+message contains no To: or Cc: message header. With Postfix 2.4
+and later, specify an empty value to disable this feature. </p>
</DD>
destination for final delivery to domains listed
with $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>.
+ Available in Postfix version 2.5.3 and later:
+
+ <b><a href="postconf.5.html#strict_mailbox_ownership">strict_mailbox_ownership</a> (yes)</b>
+ Defer delivery when a mailbox file is not owned by
+ its recipient.
+
<b>LOCKING CONTROLS</b>
<b><a href="postconf.5.html#virtual_mailbox_lock">virtual_mailbox_lock</a> (see 'postconf -d' output)</b>
- How to lock a UNIX-style <a href="virtual.8.html"><b>virtual</b>(8)</a> mailbox before
+ How to lock a UNIX-style <a href="virtual.8.html"><b>virtual</b>(8)</a> mailbox before
attempting delivery.
<b><a href="postconf.5.html#deliver_lock_attempts">deliver_lock_attempts</a> (20)</b>
sive lock on a mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
<b><a href="postconf.5.html#deliver_lock_delay">deliver_lock_delay</a> (1s)</b>
- The time between attempts to acquire an exclusive
+ The time between attempts to acquire an exclusive
lock on a mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
<b><a href="postconf.5.html#stale_lock_time">stale_lock_time</a> (500s)</b>
- The time after which a stale exclusive mailbox
+ The time after which a stale exclusive mailbox
lockfile is removed.
<b>RESOURCE AND RATE CONTROLS</b>
<b><a href="postconf.5.html#virtual_destination_concurrency_limit">virtual_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destina</a>-</b>
<b><a href="postconf.5.html#default_destination_concurrency_limit">tion_concurrency_limit</a>)</b>
- The maximal number of parallel deliveries to the
- same destination via the virtual message delivery
+ The maximal number of parallel deliveries to the
+ same destination via the virtual message delivery
transport.
<b><a href="postconf.5.html#virtual_destination_recipient_limit">virtual_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destina</a>-</b>
<b><a href="postconf.5.html#default_destination_recipient_limit">tion_recipient_limit</a>)</b>
- The maximal number of recipients per delivery via
+ The maximal number of recipients per message for
the virtual message delivery transport.
<b><a href="postconf.5.html#virtual_mailbox_limit">virtual_mailbox_limit</a> (51200000)</b>
- The maximal size in bytes of an individual mailbox
+ The maximal size in bytes of an individual mailbox
or maildir file, or zero (no limit).
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
<a href="master.5.html">master.cf</a> configuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to
- handle a request before it is terminated by a
+ How much time a Postfix daemon process may take to
+ handle a request before it is terminated by a
built-in watchdog timer.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
- The maximal number of digits after the decimal
+ The maximal number of digits after the decimal
point when logging sub-second delay values.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
over an internal communication channel.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix
- daemon process waits for an incoming connection
+ The maximum amount of time that an idle Postfix
+ daemon process waits for an incoming connection
before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of incoming connections that a
- Postfix daemon process will service before termi-
+ The maximal number of incoming connections that a
+ Postfix daemon process will service before termi-
nating voluntarily.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
+ The process ID of a Postfix command or daemon
process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
+ The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
+ The location of the Postfix top-level queue direc-
tory.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
+ The mail system name that is prepended to the
+ process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
<b>SEE ALSO</b>
<a href="VIRTUAL_README.html">VIRTUAL_README</a>, domain hosting howto
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>HISTORY</b>
- This delivery agent was originally based on the Postfix
- local delivery agent. Modifications mainly consisted of
- removing code that either was not applicable or that was
- not safe in this context: aliases, ~user/.forward files,
+ This delivery agent was originally based on the Postfix
+ local delivery agent. Modifications mainly consisted of
+ removing code that either was not applicable or that was
+ not safe in this context: aliases, ~user/.forward files,
delivery to "|command" or to /file/name.
The <b>Delivered-To:</b> message header appears in the <b>qmail</b> sys-
tem by Daniel Bernstein.
- The <b>maildir</b> structure appears in the <b>qmail</b> system by
+ The <b>maildir</b> structure appears in the <b>qmail</b> system by
Daniel Bernstein.
<b>AUTHOR(S)</b>
written in main.cf, which is normally world-readable. Support
for this form will be removed in a future Postfix version.
-Postfix 2.2 has enhanced query interfaces for MySQL and PostgreSQL,
+Postfix 2.2 has enhanced query interfaces for MySQL and PostgreSQL;
these include features previously available only in the Postfix
LDAP client. In the new interface the SQL query is specified via
a single \fBquery\fR parameter (described in more detail below).
This feature is available in Postfix 2.0 and later.
.SH bounce_size_limit (default: 50000)
The maximal amount of original message text that is sent in a
-non-delivery notification. Specify a byte count. If you increase
-this limit, then you should increase the mime_nesting_limit value
-proportionally.
+non-delivery notification. Specify a byte count. With Postfix 2.4
+and later, a message is returned as either message/rfc822 (the
+complete original) or as text/rfc822-headers (the headers only).
+With earlier Postfix versions, a message is always returned as
+message/rfc822 and is truncated when it exceeds the size limit.
.PP
-Note: be careful when making changes. Excessively large values
+Notes:
+.IP \(bu
+If you increase this limit, then you should increase the
+mime_nesting_limit value proportionally.
+.IP \(bu
+Be careful when making changes. Excessively large values
will result in the loss of non-delivery notifications, when a bounce
message size exceeds a local or remote MTA's message size limit.
.SH bounce_template_file (default: empty)
What address lookup tables copy an address extension from the lookup
key to the lookup result.
.PP
-For example, with a \fBvirtual\fR(5) mapping of "\fIjoe@domain ->
-joe.user\fR", the address "\fIjoe+foo@domain\fR" would rewrite
-to "\fIjoe.user+foo\fR".
+For example, with a \fBvirtual\fR(5) mapping of "\fIjoe@example.com =>
+joe.user@example.net\fR", the address "\fIjoe+foo@example.com\fR"
+would rewrite to "\fIjoe.user+foo@example.net\fR".
.PP
Specify zero or more of \fBcanonical\fR, \fBvirtual\fR, \fBalias\fR,
\fBforward\fR, \fBinclude\fR or \fBgeneric\fR. These cause
because it is likely to reject legitimate email.
.PP
This feature is available in Postfix 2.0 and later.
+.SH strict_mailbox_ownership (default: yes)
+Defer delivery when a mailbox file is not owned by its recipient.
+The default setting is not backwards compatible.
+.PP
+This feature is available in Postfix 2.5.3 and later.
.SH strict_mime_encoding_domain (default: no)
Reject mail with invalid Content-Transfer-Encoding: information
for the message/* or multipart/* MIME content types. This blocks
The default time unit is s (seconds).
.SH undisclosed_recipients_header (default: To: undisclosed-recipients:;)
Message header that the Postfix \fBcleanup\fR(8) server inserts when a
-message contains no To: or Cc: message header.
+message contains no To: or Cc: message header. With Postfix 2.4
+and later, specify an empty value to disable this feature.
.SH unknown_address_reject_code (default: 450)
The numerical Postfix SMTP server response code when a sender or
recipient address is rejected by the reject_unknown_sender_domain
address (see prepend_delivered_header) only once, at the start of
a delivery attempt; do not update the Delivered-To: address while
expanding aliases or .forward files.
+.PP
+Available in Postfix version 2.5.3 and later:
+.IP "\fBstrict_mailbox_ownership (yes)\fR"
+Defer delivery when a mailbox file is not owned by its recipient.
.SH "DELIVERY METHOD CONTROLS"
.na
.nf
Restrict \fBlocal\fR(8) mail delivery to external files.
.IP "\fBcommand_expansion_filter (see 'postconf -d' output)\fR"
Restrict the characters that the \fBlocal\fR(8) delivery agent allows in
-$name expansions of $mailbox_command.
+$name expansions of $mailbox_command and $command_execution_directory.
.IP "\fBdefault_privs (nobody)\fR"
The default rights used by the \fBlocal\fR(8) delivery agent for delivery
to external file or command.
.IP "\fBexecution_directory_expansion_filter (see 'postconf -d' output)\fR"
Restrict the characters that the \fBlocal\fR(8) delivery agent allows
in $name expansions of $command_execution_directory.
+.PP
+Available in Postfix version 2.5.3 and later:
+.IP "\fBstrict_mailbox_ownership (yes)\fR"
+Defer delivery when a mailbox file is not owned by its recipient.
.SH "MISCELLANEOUS CONTROLS"
.na
.nf
.IP "\fBvirtual_transport (virtual)\fR"
The default mail delivery transport and next-hop destination for
final delivery to domains listed with $virtual_mailbox_domains.
+.PP
+Available in Postfix version 2.5.3 and later:
+.IP "\fBstrict_mailbox_ownership (yes)\fR"
+Defer delivery when a mailbox file is not owned by its recipient.
.SH "LOCKING CONTROLS"
.na
.nf
The maximal number of parallel deliveries to the same destination
via the virtual message delivery transport.
.IP "\fBvirtual_destination_recipient_limit ($default_destination_recipient_limit)\fR"
-The maximal number of recipients per delivery via the virtual
+The maximal number of recipients per message for the virtual
message delivery transport.
.IP "\fBvirtual_mailbox_limit (51200000)\fR"
The maximal size in bytes of an individual mailbox or maildir file,
s;\bstrict_8bitmime\b;<a href="postconf.5.html#strict_8bitmime">$&</a>;g;
s;\bstrict_8bitmime_body\b;<a href="postconf.5.html#strict_8bitmime_body">$&</a>;g;
s;\bstrict_mime_encoding_domain\b;<a href="postconf.5.html#strict_mime_encoding_domain">$&</a>;g;
+ s;\bstrict_mailbox_ownership\b;<a href="postconf.5.html#strict_mailbox_ownership">$&</a>;g;
s;\bstrict_rfc821_envelopes\b;<a href="postconf.5.html#strict_rfc821_envelopes">$&</a>;g;
s;\bsun_mailtool_compatibility\b;<a href="postconf.5.html#sun_mailtool_compatibility">$&</a>;g;
s;\bswap_bangpath\b;<a href="postconf.5.html#swap_bangpath">$&</a>;g;
# written in main.cf, which is normally world-readable. Support
# for this form will be removed in a future Postfix version.
#
-# Postfix 2.2 has enhanced query interfaces for MySQL and PostgreSQL,
+# Postfix 2.2 has enhanced query interfaces for MySQL and PostgreSQL;
# these include features previously available only in the Postfix
# LDAP client. In the new interface the SQL query is specified via
# a single \fBquery\fR parameter (described in more detail below).
%PARAM bounce_size_limit 50000
<p> The maximal amount of original message text that is sent in a
-non-delivery notification. Specify a byte count. If you increase
-this limit, then you should increase the mime_nesting_limit value
-proportionally. </p>
+non-delivery notification. Specify a byte count. With Postfix 2.4
+and later, a message is returned as either message/rfc822 (the
+complete original) or as text/rfc822-headers (the headers only).
+With earlier Postfix versions, a message is always returned as
+message/rfc822 and is truncated when it exceeds the size limit.
+</p>
+
+<p> Notes: </p>
+
+<ul>
+
+<li> <p> If you increase this limit, then you should increase the
+mime_nesting_limit value proportionally. </p>
-<p> Note: be careful when making changes. Excessively large values
+<li> <p> Be careful when making changes. Excessively large values
will result in the loss of non-delivery notifications, when a bounce
message size exceeds a local or remote MTA's message size limit.
</p>
+</ul>
+
%PARAM canonical_maps
<p>
</p>
<p>
-For example, with a virtual(5) mapping of "<i>joe@domain ->
-joe.user</i>", the address "<i>joe+foo@domain</i>" would rewrite
-to "<i>joe.user+foo</i>".
+For example, with a virtual(5) mapping of "<i>joe@example.com =>
+joe.user@example.net</i>", the address "<i>joe+foo@example.com</i>"
+would rewrite to "<i>joe.user+foo@example.net</i>".
</p>
<p>
<p>
Message header that the Postfix cleanup(8) server inserts when a
-message contains no To: or Cc: message header. </p>
+message contains no To: or Cc: message header. With Postfix 2.4
+and later, specify an empty value to disable this feature. </p>
%PARAM unknown_relay_recipient_reject_code 550
<p> This feature is available in Postfix 2.6 and later. </p>
+%PARAM strict_mailbox_ownership yes
+<p> Defer delivery when a mailbox file is not owned by its recipient.
+The default setting is not backwards compatible. </p>
+
+<p> This feature is available in Postfix 2.5.3 and later. </p>
#define VISIBLE_RCPT ((1 << HDR_TO) | (1 << HDR_RESENT_TO) \
| (1 << HDR_CC) | (1 << HDR_RESENT_CC))
- if ((state->headers_seen & VISIBLE_RCPT) == 0 && *var_rcpt_witheld)
- cleanup_out_format(state, REC_TYPE_NORM, "%s", var_rcpt_witheld);
+ if ((state->headers_seen & VISIBLE_RCPT) == 0 && *var_rcpt_witheld) {
+ if (!is_header(var_rcpt_witheld)) {
+ msg_warn("bad %s header text \"%s\" -- "
+ "need \"headername: headervalue\"",
+ VAR_RCPT_WITHELD, var_rcpt_witheld);
+ } else {
+ cleanup_out_format(state, REC_TYPE_NORM, "%s", var_rcpt_witheld);
+ }
+ }
/*
* Place a dummy PTR record right after the last header so that we can
#define DEF_STRESS ""
extern char *var_stress;
+ /*
+ * Mailbox ownership.
+ */
+#define VAR_STRICT_MBOX_OWNER "strict_mailbox_ownership"
+#define DEF_STRICT_MBOX_OWNER 1
+extern bool var_strict_mbox_owner;
+
/* LICENSE
/* .ad
/* .fi
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20080629"
+#define MAIL_RELEASE_DATE "20080726"
#define MAIL_VERSION_NUMBER "2.6"
#ifdef SNAPSHOT
/* address (see prepend_delivered_header) only once, at the start of
/* a delivery attempt; do not update the Delivered-To: address while
/* expanding aliases or .forward files.
+/* .PP
+/* Available in Postfix version 2.5.3 and later:
+/* .IP "\fBstrict_mailbox_ownership (yes)\fR"
+/* Defer delivery when a mailbox file is not owned by its recipient.
/* DELIVERY METHOD CONTROLS
/* .ad
/* .fi
/* Restrict \fBlocal\fR(8) mail delivery to external files.
/* .IP "\fBcommand_expansion_filter (see 'postconf -d' output)\fR"
/* Restrict the characters that the \fBlocal\fR(8) delivery agent allows in
-/* $name expansions of $mailbox_command.
+/* $name expansions of $mailbox_command and $command_execution_directory.
/* .IP "\fBdefault_privs (nobody)\fR"
/* The default rights used by the \fBlocal\fR(8) delivery agent for delivery
/* to external file or command.
/* .IP "\fBexecution_directory_expansion_filter (see 'postconf -d' output)\fR"
/* Restrict the characters that the \fBlocal\fR(8) delivery agent allows
/* in $name expansions of $command_execution_directory.
+/* .PP
+/* Available in Postfix version 2.5.3 and later:
+/* .IP "\fBstrict_mailbox_ownership (yes)\fR"
+/* Defer delivery when a mailbox file is not owned by its recipient.
/* MISCELLANEOUS CONTROLS
/* .ad
/* .fi
char *var_mailbox_lock;
int var_mailbox_limit;
bool var_frozen_delivered;
+bool var_strict_mbox_owner;
int local_cmd_deliver_mask;
int local_file_deliver_mask;
VAR_STAT_HOME_DIR, DEF_STAT_HOME_DIR, &var_stat_home_dir,
VAR_MAILTOOL_COMPAT, DEF_MAILTOOL_COMPAT, &var_mailtool_compat,
VAR_FROZEN_DELIVERED, DEF_FROZEN_DELIVERED, &var_frozen_delivered,
+ VAR_STRICT_MBOX_OWNER, DEF_STRICT_MBOX_OWNER, &var_strict_mbox_owner,
0,
};
vstream_fclose(mp->fp);
dsb_simple(why, "5.2.0",
"destination %s is not a regular file", mailbox);
+ } else if (var_strict_mbox_owner && st.st_uid != usr_attr.uid) {
+ vstream_fclose(mp->fp);
+ dsb_simple(why, "4.2.0",
+ "destination %s is not owned by recipient", mailbox);
+ msg_warn("specify \"%s = no\" to ignore mailbox ownership mismatch",
+ VAR_STRICT_MBOX_OWNER);
} else {
end = vstream_fseek(mp->fp, (off_t) 0, SEEK_END);
mail_copy_status = mail_copy(COPY_ATTR(state.msg_attr), mp->fp,
watchdog_start(watchdog); /* same as trigger servers */
event_loop(-1);
if (master_gotsighup) {
- msg_info("reload configuration %s", var_config_dir);
+ msg_info("reload -- version %s, configuration %s",
+ var_mail_version, var_config_dir);
master_gotsighup = 0; /* this first */
master_vars_init(); /* then this */
master_refresh(); /* then this */
*/
#ifdef VSTREAM_CTL_BUFSIZE
if (mss > 0) {
- if (mss < __MAXINT__(ssize_t) /2)
+ if (mss < INT_MAX / 2)
mss *= 2;
vstream_control(fp,
VSTREAM_CTL_BUFSIZE, (ssize_t) mss,
msg_warn("recipient %s: destination %s is not a regular file",
state.msg_attr.rcpt.address, usr_attr.mailbox);
dsb_simple(why, "5.3.5", "mail system configuration error");
+ } else if (var_strict_mbox_owner && st.st_uid != usr_attr.uid) {
+ vstream_fclose(mp->fp);
+ dsb_simple(why, "4.2.0",
+ "destination %s is not owned by recipient", usr_attr.mailbox);
+ msg_warn("specify \"%s = no\" to ignore mailbox ownership mismatch",
+ VAR_STRICT_MBOX_OWNER);
} else {
end = vstream_fseek(mp->fp, (off_t) 0, SEEK_END);
mail_copy_status = mail_copy(COPY_ATTR(state.msg_attr), mp->fp,
/* .IP "\fBvirtual_transport (virtual)\fR"
/* The default mail delivery transport and next-hop destination for
/* final delivery to domains listed with $virtual_mailbox_domains.
+/* .PP
+/* Available in Postfix version 2.5.3 and later:
+/* .IP "\fBstrict_mailbox_ownership (yes)\fR"
+/* Defer delivery when a mailbox file is not owned by its recipient.
/* LOCKING CONTROLS
/* .ad
/* .fi
/* The maximal number of parallel deliveries to the same destination
/* via the virtual message delivery transport.
/* .IP "\fBvirtual_destination_recipient_limit ($default_destination_recipient_limit)\fR"
-/* The maximal number of recipients per delivery via the virtual
+/* The maximal number of recipients per message for the virtual
/* message delivery transport.
/* .IP "\fBvirtual_mailbox_limit (51200000)\fR"
/* The maximal size in bytes of an individual mailbox or maildir file,
char *var_virt_mailbox_lock;
int var_virt_mailbox_limit;
char *var_mail_spool_dir; /* XXX dependency fix */
+bool var_strict_mbox_owner;
/*
* Mappings.
VAR_VIRT_MAILBOX_LOCK, DEF_VIRT_MAILBOX_LOCK, &var_virt_mailbox_lock, 1, 0,
0,
};
+ static const CONFIG_BOOL_TABLE bool_table[] = {
+ VAR_STRICT_MBOX_OWNER, DEF_STRICT_MBOX_OWNER, &var_strict_mbox_owner,
+ 0,
+ };
/*
* Fingerprint executables and core dumps.
single_server_main(argc, argv, local_service,
MAIL_SERVER_INT_TABLE, int_table,
MAIL_SERVER_STR_TABLE, str_table,
+ MAIL_SERVER_BOOL_TABLE, bool_table,
MAIL_SERVER_PRE_INIT, pre_init,
MAIL_SERVER_POST_INIT, post_init,
MAIL_SERVER_PRE_ACCEPT, pre_accept,
projects / thirdparty / postfix.git / commitdiff
