is not connected to a tty. To automate a customized install,
the script imports environment variables for install_root
etc.
+
+20010127
+
+ Workaround: randomize the delay between lock attempts, so
+ that multiple defer servers are less likely to retry at
+ the same time. likely. File: util/rand_sleep.c,
+ global/deliver_flock.c, global/dot_lockfile.c.
On some systems this generates the necessary Makefile definitions:
% make tidy # if you have left-over files from a previous build
- % make makefiles CCARGS=-DUSE_SASL_AUTH" -I/usr/local/include" \
+ % make makefiles CCARGS="-DUSE_SASL_AUTH -I/usr/local/include" \
AUXLIBS="-L/usr/local/lib -lsasl"
On Solaris 2.x you need to specify run-time link information,
otherwise ld.so will not find the SASL shared library:
% make tidy # if you have left-over files from a previous build
- % make makefiles CCARGS=-DUSE_SASL_AUTH" -I/usr/local/include" \
+ % make makefiles CCARGS="-DUSE_SASL_AUTH -I/usr/local/include" \
AUXLIBS="-L/usr/local/lib -R/usr/local/lib -lsasl"
Enabling SASL authentication in the Postfix SMTP server
rmail command installed. A minimal rmail command can be found in
the "auxiliary/rmail" directory. Install the command, mode 755, in
a place that can be found by the UUCP "uuxqt" command.
+
+In order to send mail via UUCP, see html/faq.html.
explicitly selected at program build time and
explicitly enabled at runtime.
+ <b>smtpd</b><i>_</i><b>sasl</b><i>_</i><b>local</b><i>_</i><b>domain</b>
+ The name of the local authentication realm.
+
<b>smtpd</b><i>_</i><b>sasl</b><i>_</i><b>security</b><i>_</i><b>options</b>
Zero or more of the following.
<b>command</b><i>_</i><b>directory</b>
Location of Postfix support commands (default:
- <b>$program</b><i>_</i><b>directory</b>).
-
-
SMTPD(8) SMTPD(8)
+ <b>$program</b><i>_</i><b>directory</b>).
+
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>level</b>
Increment in verbose logging level when a remote
host matches a pattern in the <b>debug</b><i>_</i><b>peer</b><i>_</i><b>list</b>
<b>soft</b><i>_</i><b>bounce</b>
Change hard (5xx) reject responses into soft (4xx)
reject responses. This can be useful for testing
- purposes.
-
SMTPD(8) SMTPD(8)
+ purposes.
+
<b>Resource</b> <b>controls</b>
<b>line</b><i>_</i><b>length</b><i>_</i><b>limit</b>
Limit the amount of memory in bytes used for the
Restrict what sender addresses are allowed in <b>MAIL</b>
<b>FROM</b> commands.
- <b>smtpd</b><i>_</i><b>recipient</b><i>_</i><b>restrictions</b>
- Restrict what recipient addresses are allowed in
- <b>RCPT</b> <b>TO</b> commands.
+
SMTPD(8) SMTPD(8)
+ <b>smtpd</b><i>_</i><b>recipient</b><i>_</i><b>restrictions</b>
+ Restrict what recipient addresses are allowed in
+ <b>RCPT</b> <b>TO</b> commands.
+
<b>smtpd</b><i>_</i><b>etrn</b><i>_</i><b>restrictions</b>
Restrict what domain names can be used in <b>ETRN</b> com-
mands, and what clients may issue <b>ETRN</b> commands.
Server response when a client violates the
<b>reject</b><i>_</i><b>unknown</b><i>_</i><b>address</b> restriction.
- <b>unknown</b><i>_</i><b>client</b><i>_</i><b>reject</b><i>_</i><b>code</b>
- Server response when a client without address to
- name mapping violates the <b>reject</b><i>_</i><b>unknown</b><i>_</i><b>clients</b>
- restriction.
SMTPD(8) SMTPD(8)
+ <b>unknown</b><i>_</i><b>client</b><i>_</i><b>reject</b><i>_</i><b>code</b>
+ Server response when a client without address to
+ name mapping violates the <b>reject</b><i>_</i><b>unknown</b><i>_</i><b>clients</b>
+ restriction.
+
<b>unknown</b><i>_</i><b>hostname</b><i>_</i><b>reject</b><i>_</i><b>code</b>
Server response when a client violates the
<b>reject</b><i>_</i><b>unknown</b><i>_</i><b>hostname</b> restriction.
-
-
-
-
-
Enable per-session authentication as per RFC 2554 (SASL).
This functionality is available only when explicitly selected
at program build time and explicitly enabled at runtime.
+.IP \fBsmtpd_sasl_local_domain\fR
+The name of the local authentication realm.
.IP \fBsmtpd_sasl_security_options\fR
Zero or more of the following.
.RS
#include <vstring.h>
#include <myflock.h>
+#include <iostuff.h>
/* Global library. */
#include "mail_params.h"
#include "deliver_flock.h"
+/* Application-specific. */
+
+#define MILLION 1000000
+
/* deliver_flock - lock open file for mail delivery */
int deliver_flock(int fd, int lock_style, VSTRING *why)
return (0);
if (i >= var_flock_tries)
break;
- sleep(var_flock_delay);
+ rand_sleep(var_flock_delay * MILLION, var_flock_delay * MILLION / 2);
}
if (why)
vstring_sprintf(why, "unable to lock for exclusive access: %m");
/* DIAGNOSTICS
/* dot_lockfile() returns 0 upon success. In case of failure, the
/* result is -1, and the errno variable is set appropriately:
-/* EEXIST when a "fresh" lock file already exists; other values as
+/* EEXIST when a "fresh" lock file already exists; other values as
/* appropriate.
/* CONFIGURATION PARAMETERS
/* deliver_lock_attempts, how many times to try to create a lock
#include <vstring.h>
#include <stringops.h>
#include <mymalloc.h>
+#include <iostuff.h>
/* Global library. */
#include "mail_params.h"
#include "dot_lockfile.h"
+/* Application-specific. */
+
+#define MILLION 1000000
+
/* dot_lockfile - create user.lock file */
int dot_lockfile(const char *path, VSTRING *why)
if (errno != ENOENT)
break;
- sleep(var_flock_delay);
+ rand_sleep(var_flock_delay * MILLION, var_flock_delay * MILLION / 2);
}
if (status && why)
vstring_sprintf(why, "unable to create lock file %s: %m", lock_file);
#define DEF_SMTP_SASL_OPTS "noplaintext, noanonymous"
extern char *var_smtp_sasl_opts;
+ /*
+ * LMTP server. The soft error limit determines how many errors an LMTP
+ * client may make before we start to slow down; the hard error limit
+ * determines after how many client errors we disconnect.
+ */
+#define VAR_LMTPD_BANNER "lmtpd_banner"
+#define DEF_LMTPD_BANNER "$myhostname $mail_name"
+extern char *var_lmtpd_banner;
+
+#define VAR_LMTPD_TMOUT "lmtpd_timeout"
+#define DEF_LMTPD_TMOUT "300s"
+extern int var_lmtpd_tmout;
+
+#define VAR_LMTPD_RCPT_LIMIT "lmtpd_recipient_limit"
+#define DEF_LMTPD_RCPT_LIMIT 1000
+extern int var_lmtpd_rcpt_limit;
+
+#define VAR_LMTPD_SOFT_ERLIM "lmtpd_soft_error_limit"
+#define DEF_LMTPD_SOFT_ERLIM 10
+extern int var_lmtpd_soft_erlim;
+
+#define VAR_LMTPD_HARD_ERLIM "lmtpd_hard_error_limit"
+#define DEF_LMTPD_HARD_ERLIM 100
+extern int var_lmtpd_hard_erlim;
+
+#define VAR_LMTPD_ERR_SLEEP "lmtpd_error_sleep_time"
+#define DEF_LMTPD_ERR_SLEEP "5s"
+extern int var_lmtpd_err_sleep;
+
+#define VAR_LMTPD_JUNK_CMD "lmtpd_junk_command_limit"
+#define DEF_LMTPD_JUNK_CMD 1000
+extern int var_lmtpd_junk_cmd_limit;
+
+ /*
+ * SASL authentication support, LMTP server side.
+ */
+#define VAR_LMTPD_SASL_ENABLE "lmtpd_sasl_auth_enable"
+#define DEF_LMTPD_SASL_ENABLE 0
+extern bool var_lmtpd_sasl_enable;
+
+#define VAR_LMTPD_SASL_OPTS "lmtpd_sasl_security_options"
+#define DEF_LMTPD_SASL_OPTS "noanonymous"
+extern char *var_lmtpd_sasl_opts;
+
+#define VAR_LMTPD_SASL_REALM "lmtpd_sasl_local_domain"
+#define DEF_LMTPD_SASL_REALM "$myhostname"
+extern char *var_lmtpd_sasl_realm;
+
/*
* SASL authentication support, LMTP client side.
*/
* When locking a mailbox, how often to try and how long to wait.
*/
#define VAR_FLOCK_TRIES "deliver_lock_attempts"
-#define DEF_FLOCK_TRIES 10
+#define DEF_FLOCK_TRIES 20
extern int var_flock_tries;
#define VAR_FLOCK_DELAY "deliver_lock_delay"
* Version of this program.
*/
#define VAR_MAIL_VERSION "mail_version"
-#define DEF_MAIL_VERSION "Snapshot-20010124"
+#define DEF_MAIL_VERSION "Snapshot-20010127"
extern char *var_mail_version;
/* LICENSE
/* Enable per-session authentication as per RFC 2554 (SASL).
/* This functionality is available only when explicitly selected
/* at program build time and explicitly enabled at runtime.
+/* .IP \fBsmtpd_sasl_local_domain\fR
+/* The name of the local authentication realm.
/* .IP \fBsmtpd_sasl_security_options\fR
/* Zero or more of the following.
/* .RS
stream_connect.c stream_trigger.c dict_regexp.c mac_expand.c \
clean_env.c watchdog.c spawn_command.c duplex_pipe.c sane_rename.c \
sane_link.c unescape.c timed_read.c timed_write.c dict_tcp.c \
- hex_quote.c dict_alloc.c
+ hex_quote.c dict_alloc.c rand_sleep.c
OBJS = argv.o argv_split.o attr.o basename.o binhash.o chroot_uid.o \
close_on_exec.o concatenate.o dict.o dict_db.o dict_dbm.o \
dict_env.o dict_ht.o dict_ldap.o dict_mysql.o dict_ni.o dict_nis.o \
stream_connect.o stream_trigger.o dict_regexp.o mac_expand.o \
clean_env.o watchdog.o spawn_command.o duplex_pipe.o sane_rename.o \
sane_link.o unescape.o timed_read.o timed_write.o dict_tcp.o \
- hex_quote.o dict_alloc.o
+ hex_quote.o dict_alloc.o rand_sleep.o
HDRS = argv.h attr.h binhash.h chroot_uid.h connect.h dict.h dict_db.h \
dict_dbm.h dict_env.h dict_ht.h dict_ldap.h dict_mysql.h \
dict_ni.h dict_nis.h dict_nisplus.h dir_forest.h events.h \
inet_addr_host inet_addr_local mac_parse make_dirs msg_syslog \
mystrtok sigdelay translit valid_hostname vstream_popen \
vstring vstring_vstream doze select_bug stream_test mac_expand \
- watchdog unescape hex_quote name_mask
+ watchdog unescape hex_quote name_mask rand_sleep
LIB_DIR = ../../lib
INC_DIR = ../../include
$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(SYSLIBS)
mv junk $@.o
+rand_sleep: $(LIB)
+ mv $@.o junk
+ $(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(SYSLIBS)
+ mv junk $@.o
+
depend: $(MAKES)
(sed '1,/^# do not edit/!d' Makefile.in; \
set -e; for i in [a-z][a-z0-9]*.c; do \
printable.o: stringops.h
printable.o: vstring.h
printable.o: vbuf.h
+rand_sleep.o: rand_sleep.c
+rand_sleep.o: sys_defs.h
+rand_sleep.o: msg.h
+rand_sleep.o: iostuff.h
read_wait.o: read_wait.c
read_wait.o: sys_defs.h
read_wait.o: msg.h
extern int timed_read(int, void *, unsigned, int, void *);
extern int timed_write(int, void *, unsigned, int, void *);
extern void doze(unsigned);
+extern void rand_sleep(unsigned, unsigned);
extern int duplex_pipe(int *);
#define BLOCKING 0
--- /dev/null
+/*++
+/* NAME
+/* rand_sleep 3
+/* SUMMARY
+/* sleep for randomized interval
+/* SYNOPSIS
+/* #include <iostuff.h>
+/*
+/* void rand_sleep(delay, variation)
+/* unsigned delay;
+/* unsigned variation;
+/* DESCRIPTION
+/* rand_sleep() blocks the current process for a pseudo-random
+/* amount of time.
+/*
+/* Arguments:
+/* .IP delay
+/* Time to sleep in microseconds.
+/* .IP variation
+/* Sleep time variation in microseconds; must be smaller than
+/* the time to sleep.
+/* DIAGNOSTICS
+/* Panic: interface violation. All system call errors are fatal.
+/* LICENSE
+/* .ad
+/* .fi
+/* The Secure Mailer license must be distributed with this software.
+/* AUTHOR(S)
+/* Wietse Venema
+/* IBM T.J. Watson Research
+/* P.O. Box 704
+/* Yorktown Heights, NY 10598, USA
+/*--*/
+
+/* System library. */
+
+#include <sys_defs.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <time.h>
+
+#ifndef RAND_MAX
+#define RAND_MAX 0x7fffffff
+#endif
+
+/* Utility library. */
+
+#include <msg.h>
+#include <iostuff.h>
+
+/* rand_sleep - block for random time */
+
+void rand_sleep(unsigned delay, unsigned variation)
+{
+ char *myname = "rand_sleep";
+ static pid_t my_pid;
+ unsigned usec;
+
+ /*
+ * Sanity checks.
+ */
+ if (delay == 0)
+ msg_panic("%s: bad delay %d", myname, delay);
+ if (variation >= delay)
+ msg_panic("%s: bad variation %d", myname, variation);
+
+ /*
+ * Use the semi-crappy random number generator.
+ */
+ if (my_pid == 0)
+ srandom(my_pid = getpid() ^ time((time_t *) 0));
+ usec = (delay - variation / 2) + variation * (double) random() / RAND_MAX;
+#ifdef MISSING_USLEEP
+ if (usleep(usec) < 0)
+ msg_fatal("usleep: %m");
+#else
+ doze(usec);
+#endif
+}
+
+#ifdef TEST
+
+#include <msg_vstream.h>
+
+int main(int argc, char **argv)
+{
+ int delay;
+ int variation;
+
+ msg_vstream_init(argv[0], VSTREAM_ERR);
+ if (argc != 3)
+ msg_fatal("usage: %s delay variation", argv[0]);
+ if ((delay = atoi(argv[1])) <= 0)
+ msg_fatal("bad delay: %s", argv[1]);
+ if ((variation = atoi(argv[2])) < 0)
+ msg_fatal("bad variation: %s", argv[2]);
+ rand_sleep(delay * 1000000, variation * 1000000);
+ exit(0);
+}
+
+#endif
projects / thirdparty / postfix.git / commitdiff
