queue manager is unable to schedule back-to-back deliveries.
File: *qmgr/qmgr_entry.c.
-20040730
+20040731
Hysteresis: turn on "opportunistic session caching" when
back-to-back deliveries happen, but don't turn if off
Portability: h_errno is not an lvalue in the UnixWare 7.1
multi-threaded environment. Olivier PRENANT.
+20040812
+
+ Bugfix: update SMTP server error counter when a client is
+ denied access with smtpd_delay_reject=no.
+
+20040816
+
+ Bugfix: The smtp_chat_cmd() forced output flushing code in
+ the SMTP client could run before an I/O error handler was
+ set up. Problem diagnosed by Victor Duchovni, Morgan
+ Stanley. The fix is to disable the smtp_chat_cmd() forced
+ output flushing code as it duplicates better code in
+ smtp_loop(). File: smtp/smtp_chat.c.
+
+ Safety: set up an I/O error handler before the smtp_loop()
+ protocol engine starts; this handler logs a warning in case
+ it ever runs, because that means someone broke ESMTP command
+ pipelining. File: smtp/smtp_proto.c.
+
+ Feature: canonical_classes parameter by Kimmo Suominen, to
+ control what addresses are rewritten by canonical_maps.
+ Files: cleanup/cleanup_addr.c, cleanup/cleanup_message.c.
+
+20040817
+
+ Bugfix: update the vstream I/O time AFTER the completion
+ of an I/O request, so that time-sensitive applications
+ don't force flush output too soon and possibly trigger
+ NAGLE delays. Problem diagnosed by Victor Duchovni, Morgan
+ Stanley. File: util/vstream.c.
+
+ Portability: avoid postmap/postalias test file name clashes
+ on Windows. Ian Lance Taylor (of Taylor UUCP fame).
+
+20030823
+
+ Bugfix: vstream_popen() did not close the child pipe
+ after failure to fork(). File: util/vstream_popen.c.
+
+20040826
+
+ Feature: support for systems with closefrom(), and emulation
+ for those without. Victor Duchovni, Morgan Stanley. Files:
+ util/sys_defs.h, util/sys_compat.c.
+
+20040827
+
+ Feature: {sender,recipient}_canonical_classes parameters,
+ which give better control than sender_canonical_classes.
+ Files: cleanup/cleanup_addr.c, cleanup/cleanup_message.c.
+
+ Feature: the proxymap client now recognizes when a map
+ can't be proxied, and will open it directly instead. This
+ makes proxy maps easier to use for virtual mailbox domains.
+ File: global/dict_proxy.c.
+
+ Feature: smtp_sasl_mechanism_filter restricts what remote
+ SMTP server mechanism names the Postfix SMTP client passes
+ on to the SASL library. Victor Duchovni, Morgan Stanley.
+ Files: smtp/smtp.c. smtp/smtp_sasl_glue.c, smtp/smtp_sasl_proto.c.
+
Open problems:
Low: update events.c so that 1-second timer requests do
C\bCa\ban\bno\bon\bni\bic\bca\bal\bl a\bad\bdd\bdr\bre\bes\bss\bs m\bma\bap\bpp\bpi\bin\bng\bg
-The cleanup(8) daemon uses the canonical(5) tables to rewrite all addresses in
-message envelopes and in message headers. This is done for local and remote
-addresses. The mapping is useful to replace login names by "Firstname.Lastname"
-style addresses, or to clean up invalid domains in mail addresses produced by
-legacy mail systems.
+The cleanup(8) daemon uses the canonical(5) tables to rewrite addresses in
+message envelopes and in message headers. By default all header and envelope
+addresses are rewritten; this is controlled with the canonical_classes
+configuration parameter.
+
+Address rewriting is done for local and remote addresses. The mapping is useful
+to replace login names by "Firstname.Lastname" style addresses, or to clean up
+invalid domains in mail addresses produced by legacy mail systems.
Canonical mapping is disabled by default. To enable, edit the canonical_maps
parameter in the main.cf file and specify one or more lookup tables, separated
recipient_canonical_maps = hash:/etc/postfix/recipient_canonical
The sender and recipient canonical maps are applied before the common canonical
-maps.
+maps. The sender_canonical_classes and recipient_canonical_classes parameters
+control what addresses are subject to sender_canonical_maps and
+recipient_canonical_maps mappings, respectively.
Sender-specific rewriting is useful when you want to rewrite ugly sender
addresses to pretty ones, and still want to be able to send mail to the those
The SASL client password file is opened before the SMTP server enters the
optional chroot jail, so you can keep the file in /etc/postfix.
+Note: Some SMTP servers support authentication mechanisms that, although
+available on the client system, may not in practice work or possess the
+appropriate credentials to authenticate to the server. It is possible via the
+smtp_sasl_mechanism_filter parameter to further restrict the list of server
+mechanisms that the smtp(8) client will take into consideration.
+
The Postfix SMTP client is backwards compatible with SMTP servers that use the
non-standard "AUTH=method..." syntax in response to the EHLO command; there is
no Postfix client configuration needed to work around it.
listed in $mydestination, or when it matches $inet_interfaces or
$proxy_interfaces.
+In some installations, there may be separate instances of Postfix processing
+inbound and outbound mail on a multi-homed firewall. The inbound Postfix
+instance has an SMTP server listening on the external firewall interface, and
+the outbound Postfix instance has an SMTP server listening on the internal
+interface. In such a configuration is it is tempting to configure
+$inet_interfaces in each instance with just the corresponding interface
+address.
+
+In most cases using inet_interaces in this way will not work, because as
+documented in the $inet_interfaces reference manual, the smtp(8) delivery agent
+will also use the specified interface address as the source address for
+outbound connections and will be unable to reach hosts on "the other side" of
+the firewall. The symptoms are that the firewall is unable to connect to hosts
+that are in fact up. See the inet_interfaces parameter documentation for
+suggested work-arounds.
+
R\bRu\bun\bnn\bni\bin\bng\bg P\bPo\bos\bst\btf\bfi\bix\bx b\bbe\beh\bhi\bin\bnd\bd a\ba f\bfi\bir\bre\bew\bwa\bal\bll\bl
The simplest way to set up Postfix on a host behind a firewalled network is to
and change the patchlevel and the release date. Patches are never
issued for snapshot releases.
+Major changes with snapshot Postfix-2.2-20040827
+================================================
+
+Easier use of the proxymap service with the virtual(8) delivery
+agent. As of now, the virtual(8) delivery agent will silently open
+maps directly when they can't be proxied. This means you can now
+specify "virtual_mailbox_maps = proxy:mysql:whatever" without
+triggering fatal errors in the virtual(8) delivery agent.
+
+Better SMTP client control over the use of SASL mechanisms. New
+smtp_sasl_mechanism_filter mechanism to shorten the list of SASL
+mechanisms from a remote server to just those that the local SASL
+library can actually use.
+
+Finer control over canonical mapping with canonical_classes,
+sender_canonical_classes and recipient_canonical_classes. These
+specify one or more of envelope_sender, header_sender, envelope_recipient
+or header_recipient. The default settings are backwards compatible.
+
Incompatible changes with snapshot Postfix-2.2-20040729
=======================================================
# way as described below under "REGULAR EXPRESSION TABLES"
# and "TCP-BASED TABLES".
#
-# The canonical mapping affects both message header
+# By default the canonical mapping affects both message
+# header addresses (i.e. addresses that appear inside mes-
+# sages) and message envelope addresses (for example, the
+# addresses that are used in SMTP protocol commands). Think
+# Sendmail rule set S3, if you like. This is controlled
+# with the canonical_classes parameter.
+#
+# The canonical mapping affects both message header
# addresses (i.e. addresses that appear inside messages) and
-# message envelope addresses (for example, the addresses
-# that are used in SMTP protocol commands). Think Sendmail
+# message envelope addresses (for example, the addresses
+# that are used in SMTP protocol commands). Think Sendmail
# rule set S3, if you like.
#
-# Typically, one would use the canonical table to replace
-# login names by Firstname.Lastname, or to clean up
+# Typically, one would use the canonical table to replace
+# login names by Firstname.Lastname, or to clean up
# addresses produced by legacy mail systems.
#
-# The canonical mapping is not to be confused with virtual
+# The canonical mapping is not to be confused with virtual
# domain support. Use the virtual(5) map for that purpose.
#
-# The canonical mapping is not to be confused with local
+# The canonical mapping is not to be confused with local
# aliasing. Use the aliases(5) map for that purpose.
#
# TABLE FORMAT
# The input format for the postmap(1) command is as follows:
#
# pattern result
-# When pattern matches a mail address, replace it by
+# When pattern matches a mail address, replace it by
# the corresponding result.
#
# blank lines and comments
-# Empty lines and whitespace-only lines are ignored,
-# as are lines whose first non-whitespace character
+# Empty lines and whitespace-only lines are ignored,
+# as are lines whose first non-whitespace character
# is a `#'.
#
# multi-line text
-# A logical line starts with non-whitespace text. A
-# line that starts with whitespace continues a logi-
+# A logical line starts with non-whitespace text. A
+# line that starts with whitespace continues a logi-
# cal line.
#
# With lookups from indexed files such as DB or DBM, or from
-# networked tables such as NIS, LDAP or SQL, patterns are
+# networked tables such as NIS, LDAP or SQL, patterns are
# tried in the order as listed below:
#
# user@domain address
-# user@domain is replaced by address. This form has
+# user@domain is replaced by address. This form has
# the highest precedence.
#
-# This is useful to clean up addresses produced by
-# legacy mail systems. It can also be used to pro-
-# duce Firstname.Lastname style addresses, but see
+# This is useful to clean up addresses produced by
+# legacy mail systems. It can also be used to pro-
+# duce Firstname.Lastname style addresses, but see
# below for a simpler solution.
#
# user address
# user@site is replaced by address when site is equal
-# to $myorigin, when site is listed in $mydestina-
-# tion, or when it is listed in $inet_interfaces or
+# to $myorigin, when site is listed in $mydestina-
+# tion, or when it is listed in $inet_interfaces or
# $proxy_interfaces.
#
-# This form is useful for replacing login names by
+# This form is useful for replacing login names by
# Firstname.Lastname.
#
# @domain address
-# Every address in domain is replaced by address.
+# Every address in domain is replaced by address.
# This form has the lowest precedence.
#
-# In all the above forms, when address has the form @other-
+# In all the above forms, when address has the form @other-
# domain, the result is the same user in otherdomain.
#
# ADDRESS EXTENSION
# When a mail address localpart contains the optional recip-
-# ient delimiter (e.g., user+foo@domain), the lookup order
+# ient delimiter (e.g., user+foo@domain), the lookup order
# becomes: user+foo@domain, user@domain, user+foo, user, and
# @domain.
#
-# The propagate_unmatched_extensions parameter controls
-# whether an unmatched address extension (+foo) is propa-
+# The propagate_unmatched_extensions parameter controls
+# whether an unmatched address extension (+foo) is propa-
# gated to the result of table lookup.
#
# REGULAR EXPRESSION TABLES
-# This section describes how the table lookups change when
+# This section describes how the table lookups change when
# the table is given in the form of regular expressions. For
-# a description of regular expression lookup table syntax,
+# a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5).
#
-# Each pattern is a regular expression that is applied to
+# Each pattern is a regular expression that is applied to
# the entire address being looked up. Thus, user@domain mail
-# addresses are not broken up into their user and @domain
+# addresses are not broken up into their user and @domain
# constituent parts, nor is user+foo broken up into user and
# foo.
#
-# Patterns are applied in the order as specified in the
-# table, until a pattern is found that matches the search
+# Patterns are applied in the order as specified in the
+# table, until a pattern is found that matches the search
# string.
#
-# Results are the same as with indexed file lookups, with
-# the additional feature that parenthesized substrings from
+# Results are the same as with indexed file lookups, with
+# the additional feature that parenthesized substrings from
# the pattern can be interpolated as $1, $2 and so on.
#
# TCP-BASED TABLES
-# This section describes how the table lookups change when
+# This section describes how the table lookups change when
# lookups are directed to a TCP-based server. For a descrip-
-# tion of the TCP client/server lookup protocol, see
-# tcp_table(5). This feature is not available in Postfix
+# tion of the TCP client/server lookup protocol, see
+# tcp_table(5). This feature is not available in Postfix
# version 2.1.
#
# Each lookup operation uses the entire address once. Thus,
-# user@domain mail addresses are not broken up into their
+# user@domain mail addresses are not broken up into their
# user and @domain constituent parts, nor is user+foo broken
# up into user and foo.
#
# Results are the same as with indexed file lookups.
#
# BUGS
-# The table format does not understand quoting conventions.
+# The table format does not understand quoting conventions.
#
# CONFIGURATION PARAMETERS
-# The following main.cf parameters are especially relevant.
-# The text below provides only a parameter summary. See
+# The following main.cf parameters are especially relevant.
+# The text below provides only a parameter summary. See
# postconf(5) for more details including examples.
#
+# canonical_classes
+# What addresses are subject to canonical address
+# mapping.
+#
# canonical_maps
# List of canonical mapping tables.
#
#
# /etc/postfix/header_checks:
# /^content-(type|disposition):.*name[[:space:]]*=.*\.(exe|vbs)/
-# REJECT Bad attachment file name extension: $1
+# REJECT Bad attachment file name extension: $2
#
# Body pattern to stop a specific HTML browser vulnerability
# exploit.
<h3> <a name="canonical"> Canonical address mapping </a> </h3>
<p> The <a href="cleanup.8.html">cleanup(8)</a> daemon uses the <a href="canonical.5.html">canonical(5)</a> tables to rewrite
-all addresses in message envelopes and in message headers. This is
+addresses in message envelopes and in message headers. By default
+all header and envelope addresses are rewritten; this is controlled
+with the <a href="postconf.5.html#canonical_classes">canonical_classes</a> configuration parameter. </p>
+
+<p> Address rewriting is
done for local and remote addresses. The mapping is useful to
replace login names by "Firstname.Lastname" style addresses, or to
clean up invalid domains in mail addresses produced by legacy mail
</blockquote>
<p> The sender and recipient canonical maps are applied before the
-common canonical maps. </p>
+common canonical maps. The <a href="postconf.5.html#sender_canonical_classes">sender_canonical_classes</a> and
+<a href="postconf.5.html#recipient_canonical_classes">recipient_canonical_classes</a> parameters control what addresses are
+subject to <a href="postconf.5.html#sender_canonical_maps">sender_canonical_maps</a> and <a href="postconf.5.html#recipient_canonical_maps">recipient_canonical_maps</a>
+mappings, respectively. </p>
<p> Sender-specific rewriting is useful when you want to rewrite
ugly sender addresses to pretty ones, and still want to be able to
enters the optional chroot jail, so you can keep the file in
/etc/postfix. </p>
+<p> Note: Some SMTP servers support authentication mechanisms that,
+although available on the client system, may not in practice work or
+possess the appropriate credentials to authenticate to the server. It
+is possible via the <a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> parameter to further
+restrict the list of server mechanisms that the <a href="smtp.8.html">smtp(8)</a> client will take
+into consideration. </p>
+
<p> The Postfix SMTP client is backwards compatible with SMTP
servers that use the non-standard "AUTH=method..." syntax in response
to the EHLO command; there is no Postfix client configuration needed
</ul>
+<p> In some installations, there may be separate instances of Postfix
+processing inbound and outbound mail on a multi-homed firewall. The
+inbound Postfix instance has an SMTP server listening on the external
+firewall interface, and the outbound Postfix instance has an SMTP server
+listening on the internal interface. In such a configuration is it is
+tempting to configure $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> in each instance with just the
+corresponding interface address. </p>
+
+<p> In most cases using inet_interaces in this way will not work,
+because as documented in the $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> reference manual, the
+<a href="smtp.8.html">smtp(8)</a> delivery agent will also use the specified interface address
+as the source address for outbound connections and will be unable to
+reach hosts on "the other side" of the firewall. The symptoms are that
+the firewall is unable to connect to hosts that are in fact up. See the
+<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> parameter documentation for suggested work-arounds.</p>
+
<h2><a name="intranet">Running Postfix behind a firewall</a></h2>
<p> The simplest way to set up Postfix on a host behind a firewalled
way as described below under "REGULAR EXPRESSION TABLES"
and "TCP-BASED TABLES".
- The <b>canonical</b> mapping affects both message header
+ By default the <b>canonical</b> mapping affects both message
+ header addresses (i.e. addresses that appear inside mes-
+ sages) and message envelope addresses (for example, the
+ addresses that are used in SMTP protocol commands). Think
+ Sendmail rule set <b>S3</b>, if you like. This is controlled
+ with the <b>canonical_classes</b> parameter.
+
+ The <b>canonical</b> mapping affects both message header
addresses (i.e. addresses that appear inside messages) and
- message envelope addresses (for example, the addresses
- that are used in SMTP protocol commands). Think Sendmail
+ message envelope addresses (for example, the addresses
+ that are used in SMTP protocol commands). Think Sendmail
rule set <b>S3</b>, if you like.
- Typically, one would use the <b>canonical</b> table to replace
- login names by <i>Firstname.Lastname</i>, or to clean up
+ Typically, one would use the <b>canonical</b> table to replace
+ login names by <i>Firstname.Lastname</i>, or to clean up
addresses produced by legacy mail systems.
- The <b>canonical</b> mapping is not to be confused with <i>virtual</i>
+ The <b>canonical</b> mapping is not to be confused with <i>virtual</i>
<i>domain</i> support. Use the <a href="virtual.5.html"><b>virtual</b>(5)</a> map for that purpose.
- The <b>canonical</b> mapping is not to be confused with local
+ The <b>canonical</b> mapping is not to be confused with local
aliasing. Use the <a href="aliases.5.html"><b>aliases</b>(5)</a> map for that purpose.
<b>TABLE FORMAT</b>
The input format for the <a href="postmap.1.html"><b>postmap</b>(1)</a> command is as follows:
<i>pattern result</i>
- When <i>pattern</i> matches a mail address, replace it by
+ When <i>pattern</i> matches a mail address, replace it by
the corresponding <i>result</i>.
blank lines and comments
- Empty lines and whitespace-only lines are ignored,
- as are lines whose first non-whitespace character
+ Empty lines and whitespace-only lines are ignored,
+ as are lines whose first non-whitespace character
is a `#'.
multi-line text
- A logical line starts with non-whitespace text. A
- line that starts with whitespace continues a logi-
+ A logical line starts with non-whitespace text. A
+ line that starts with whitespace continues a logi-
cal line.
With lookups from indexed files such as DB or DBM, or from
- networked tables such as NIS, LDAP or SQL, patterns are
+ networked tables such as NIS, LDAP or SQL, patterns are
tried in the order as listed below:
<i>user</i>@<i>domain address</i>
- <i>user</i>@<i>domain</i> is replaced by <i>address</i>. This form has
+ <i>user</i>@<i>domain</i> is replaced by <i>address</i>. This form has
the highest precedence.
- This is useful to clean up addresses produced by
- legacy mail systems. It can also be used to pro-
- duce <i>Firstname.Lastname</i> style addresses, but see
+ This is useful to clean up addresses produced by
+ legacy mail systems. It can also be used to pro-
+ duce <i>Firstname.Lastname</i> style addresses, but see
below for a simpler solution.
<i>user address</i>
<i>user</i>@<i>site</i> is replaced by <i>address</i> when <i>site</i> is equal
- to
$<b><a href="postconf.5.html#myorigin">myorigin</a></b>, when <i>site</i> is listed in $<b><a href="postconf.5.html#mydestination">mydestina</a>-</b>
- <b><a href="postconf.5.html#mydestination">tion</a></b>, or when it is listed in $<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b> or
+ to
$<b><a href="postconf.5.html#myorigin">myorigin</a></b>, when <i>site</i> is listed in $<b><a href="postconf.5.html#mydestination">mydestina</a>-</b>
+ <b><a href="postconf.5.html#mydestination">tion</a></b>, or when it is listed in $<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b> or
$<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a></b>.
- This form is useful for replacing login names by
+ This form is useful for replacing login names by
<i>Firstname.Lastname</i>.
@<i>domain address</i>
- Every address in <i>domain</i> is replaced by <i>address</i>.
+ Every address in <i>domain</i> is replaced by <i>address</i>.
This form has the lowest precedence.
- In all the above forms, when <i>address</i> has the form @<i>other-</i>
+ In all the above forms, when <i>address</i> has the form @<i>other-</i>
<i>domain</i>, the result is the same user in <i>otherdomain</i>.
<b>ADDRESS EXTENSION</b>
When a mail address localpart contains the optional recip-
- ient delimiter (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order
+ ient delimiter (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order
becomes: <i>user+foo</i>@<i>domain</i>, <i>user</i>@<i>domain</i>, <i>user+foo</i>, <i>user</i>, and
@<i>domain</i>.
- The <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b> parameter controls
- whether an unmatched address extension (<i>+foo</i>) is propa-
+ The <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b> parameter controls
+ whether an unmatched address extension (<i>+foo</i>) is propa-
gated to the result of table lookup.
<b>REGULAR EXPRESSION TABLES</b>
- This section describes how the table lookups change when
+ This section describes how the table lookups change when
the table is given in the form of regular expressions. For
- a description of regular expression lookup table syntax,
+ a description of regular expression lookup table syntax,
see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
- Each pattern is a regular expression that is applied to
+ Each pattern is a regular expression that is applied to
the entire address being looked up. Thus, <i>user@domain</i> mail
- addresses are not broken up into their <i>user</i> and <i>@domain</i>
+ addresses are not broken up into their <i>user</i> and <i>@domain</i>
constituent parts, nor is <i>user+foo</i> broken up into <i>user</i> and
<i>foo</i>.
- Patterns are applied in the order as specified in the
- table, until a pattern is found that matches the search
+ Patterns are applied in the order as specified in the
+ table, until a pattern is found that matches the search
string.
- Results are the same as with indexed file lookups, with
- the additional feature that parenthesized substrings from
+ Results are the same as with indexed file lookups, with
+ the additional feature that parenthesized substrings from
the pattern can be interpolated as <b>$1</b>, <b>$2</b> and so on.
<b>TCP-BASED TABLES</b>
- This section describes how the table lookups change when
+ This section describes how the table lookups change when
lookups are directed to a TCP-based server. For a descrip-
- tion of the TCP client/server lookup protocol, see
- <a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>. This feature is not available in Postfix
+ tion of the TCP client/server lookup protocol, see
+ <a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>. This feature is not available in Postfix
version 2.1.
Each lookup operation uses the entire address once. Thus,
- <i>user@domain</i> mail addresses are not broken up into their
+ <i>user@domain</i> mail addresses are not broken up into their
<i>user</i> and <i>@domain</i> constituent parts, nor is <i>user+foo</i> broken
up into <i>user</i> and <i>foo</i>.
Results are the same as with indexed file lookups.
<b>BUGS</b>
- The table format does not understand quoting conventions.
+ The table format does not understand quoting conventions.
<b>CONFIGURATION PARAMETERS</b>
- The following <b>main.cf</b> parameters are especially relevant.
- The text below provides only a parameter summary. See
+ The following <b>main.cf</b> parameters are especially relevant.
+ The text below provides only a parameter summary. See
<a href="postconf.5.html">postconf(5)</a> for more details including examples.
+ <b>canonical_classes</b>
+ What addresses are subject to canonical address
+ mapping.
+
<b><a href="postconf.5.html#canonical_maps">canonical_maps</a></b>
List of canonical mapping tables.
addresses or domains to other local or remote
address.
+ Available in Postfix version 2.2 and later:
+
+ <b><a href="postconf.5.html#canonical_classes">canonical_classes</a> (envelope_sender, envelope_recipient,</b>
+ <b>header_sender, header_recipient)</b>
+ What addresses are subject to <a href="postconf.5.html#canonical_maps">canonical_maps</a>
+ address mapping.
+
+ <b><a href="postconf.5.html#recipient_canonical_classes">recipient_canonical_classes</a> (envelope_recipient,</b>
+ <b>header_recipient)</b>
+ What addresses are subject to <a href="postconf.5.html#recipient_canonical_maps">recipient_canoni</a>-
+ <a href="postconf.5.html#recipient_canonical_maps">cal_maps</a> address mapping.
+
+ <b><a href="postconf.5.html#sender_canonical_classes">sender_canonical_classes</a> (envelope_sender, header_sender)</b>
+ What addresses are subject to <a href="postconf.5.html#sender_canonical_maps">sender_canonical_maps</a>
+ address mapping.
+
<b>RESOURCE AND RATE CONTROLS</b>
<b><a href="postconf.5.html#duplicate_filter_limit">duplicate_filter_limit</a> (1000)</b>
- The maximal number of addresses remembered by the
- address duplicate filter for <a href="aliases.5.html">aliases(5)</a> or vir-
+ The maximal number of addresses remembered by the
+ address duplicate filter for <a href="aliases.5.html">aliases(5)</a> or vir-
tual(5) alias expansion, or for <a href="showq.8.html">showq(8)</a> queue dis-
plays.
message header.
<b><a href="postconf.5.html#hopcount_limit">hopcount_limit</a> (50)</b>
- The maximal number of Received: message headers
+ The maximal number of Received: message headers
that is allowed in the primary message headers.
<b><a href="postconf.5.html#in_flow_delay">in_flow_delay</a> (1s)</b>
- Time to pause before accepting a new message, when
+ Time to pause before accepting a new message, when
the message arrival rate exceeds the message deliv-
ery rate.
<b><a href="postconf.5.html#message_size_limit">message_size_limit</a> (10240000)</b>
- The maximal size in bytes of a message, including
+ The maximal size in bytes of a message, including
envelope information.
Available in Postfix version 2.0 and later:
will handle.
<b><a href="postconf.5.html#queue_file_attribute_count_limit">queue_file_attribute_count_limit</a> (100)</b>
- The maximal number of (name=value) attributes that
+ The maximal number of (name=value) attributes that
may be stored in a Postfix queue file.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#virtual_alias_expansion_limit">virtual_alias_expansion_limit</a> (1000)</b>
- The maximal number of addresses that virtual alias
+ The maximal number of addresses that virtual alias
expansion produces from each original recipient.
<b><a href="postconf.5.html#virtual_alias_recursion_limit">virtual_alias_recursion_limit</a> (1000)</b>
- The maximal nesting depth of virtual alias expan-
+ The maximal nesting depth of virtual alias expan-
sion.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix main.cf and
+ The default location of the Postfix main.cf and
master.cf configuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to
- handle a request before it is terminated by a
+ How much time a Postfix daemon process may take to
+ handle a request before it is terminated by a
built-in watchdog timer.
<b><a href="postconf.5.html#delay_warning_time">delay_warning_time</a> (0h)</b>
- The time after which the sender receives the mes-
+ The time after which the sender receives the mes-
sage headers of mail that is still queued.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
over an internal communication channel.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix
- daemon process waits for the next service request
+ The maximum amount of time that an idle Postfix
+ daemon process waits for the next service request
before exiting.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of connection requests before a
+ The maximal number of connection requests before a
Postfix daemon process terminates.
<b><a href="postconf.5.html#myhostname">myhostname</a> (see 'postconf -d' output)</b>
<b><a href="postconf.5.html#myorigin">myorigin</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
The domain name that locally-posted mail appears to
- come from, and that locally posted mail is deliv-
+ come from, and that locally posted mail is deliv-
ered to.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon pro-
+ The process ID of a Postfix command or daemon pro-
cess.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
+ The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
+ The location of the Postfix top-level queue direc-
tory.
<b><a href="postconf.5.html#soft_bounce">soft_bounce</a> (no)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
- The mail system name that is prepended to the pro-
+ The mail system name that is prepended to the pro-
cess name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#enable_original_recipient">enable_original_recipient</a> (yes)</b>
- Enable support for the X-Original-To message
+ Enable support for the X-Original-To message
header.
<b>FILES</b>
<a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a> Postfix address manipulation
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
/etc/postfix/header_checks:
/^content-(type|disposition):.*name[[:space:]]*=.*\.(exe|vbs)/
- REJECT Bad attachment file name extension: $1
+ REJECT Bad attachment file name extension: $2
Body pattern to stop a specific HTML browser vulnerability
exploit.
<p>
Allow a recipient address to have `-' as the first character. By
default, this is not allowed, to avoid accidents with software that
-passes email addresses via the command line.
-</p>
+passes email addresses via the command line. Such software
+would not be able to distinguish a malicious address from a
+bona fide command-line option. Although this can be prevented by
+inserting a "--" option terminator into the command line, this is
+difficult to enforce consistently and globally. </p>
</DD>
</p>
+</DD>
+
+<DT><b><a name="canonical_classes">canonical_classes</a>
+(default: envelope_sender, envelope_recipient, header_sender, header_recipient)</b></DT><DD>
+
+<p> What addresses are subject to <a href="postconf.5.html#canonical_maps">canonical_maps</a> address mapping.
+By default, <a href="postconf.5.html#canonical_maps">canonical_maps</a> address mapping is applied to envelope
+sender and recipient addresses, and to header sender and header
+recipient addresses. </p>
+
+<p> Specify one or more of: envelope_sender, envelope_recipient,
+header_sender, header_recipient </p>
+
+
</DD>
<DT><b><a name="canonical_maps">canonical_maps</a>
<p>
Optional address mapping lookup tables for message headers and
envelopes. The mapping is applied to both sender and recipient
-addresses, in both envelopes and in headers. This is typically used
+addresses, in both envelopes and in headers, as controlled
+with the <a href="postconf.5.html#canonical_classes">canonical_classes</a> parameter. This is typically used
to clean up dirty addresses from legacy mail systems, or to replace
login names by Firstname.Lastname. The table format and lookups
are documented in <a href="canonical.5.html">canonical(5)</a>.
user@[ip.address].
</p>
+<p>
+When <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> consists of just one IP address that is not a
+loopback (net 127) address, the Postfix SMTP client will use this address
+as the IP source address for outbound mail. </p>
+
+<p>
+On a multi-homed firewall with separate Postfix instances listening on the
+"inside" and "outside" interfaces, this can prevent each instance from
+being able to reach servers on the "other side" of the firewall. Setting
+<a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> to 0.0.0.0 avoids the potential problem. </p>
+
+<p>
+A better solution is to leave <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> at the default value
+and instead use explicit IP addresses in master.cf. This preserves SMTP
+loop detection, by ensuring that each side of the firewall knows that the
+other IP address is still the same host. Setting $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> to a
+single IP address is primarily useful with virtual hosting of domains on
+secondary IP addresses, when each IP address serves a different domain
+(and has a different $<a href="postconf.5.html#myhostname">myhostname</a> setting). </p>
+
<p>
See also the <a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> parameter, for network addresses that
are forwarded to us by way of a proxy or address translator.
</pre>
+</DD>
+
+<DT><b><a name="recipient_canonical_classes">recipient_canonical_classes</a>
+(default: envelope_recipient, header_recipient)</b></DT><DD>
+
+<p> What addresses are subject to <a href="postconf.5.html#recipient_canonical_maps">recipient_canonical_maps</a> address
+mapping. By default, <a href="postconf.5.html#recipient_canonical_maps">recipient_canonical_maps</a> address mapping is
+applied to envelope recipient addresses, and to header recipient
+addresses. </p>
+
+<p> Specify one or more of: envelope_recipient, header_recipient
+</p>
+
+
</DD>
<DT><b><a name="recipient_canonical_maps">recipient_canonical_maps</a>
</pre>
+</DD>
+
+<DT><b><a name="sender_canonical_classes">sender_canonical_classes</a>
+(default: envelope_sender, header_sender)</b></DT><DD>
+
+<p> What addresses are subject to <a href="postconf.5.html#sender_canonical_maps">sender_canonical_maps</a> address
+mapping. By default, <a href="postconf.5.html#sender_canonical_maps">sender_canonical_maps</a> address mapping is
+applied to envelope sender addresses, and to header sender addresses.
+</p>
+
+<p> Specify one or more of: envelope_sender, header_sender </p>
+
+
</DD>
<DT><b><a name="sender_canonical_maps">sender_canonical_maps</a>
smtp ... smtp -o <a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a>=11.22.33.44
</pre>
+<p> Note: when <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> specifies exactly one address that
+is a non-loopback address, it is automatically used as the
+<a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a>. This supports virtual IP hosting, but can be
+a problem on multi-homed firewalls. See the <a href="postconf.5.html#inet_interfaces">inet_interfaces</a>
+documentation for more detail. </p>
+
</DD>
</pre>
+</DD>
+
+<DT><b><a name="smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a>
+(default: empty)</b></DT><DD>
+
+<p>
+If non-empty, filters the SMTP server's list of offered SASL mechanisms.
+Different client and server implementations may support different
+mechanism lists. By default, the client will use the intersection of the
+two. <a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> further restricts what server mechanisms
+the client will take into consideration. </p>
+
+<p> Specify mechanism names, "/file/name" patterns or "<a href="DATABASE_README.html">type:table</a>"
+lookup tables. The right-hand side result from "<a href="DATABASE_README.html">type:table</a>" lookups
+is ignored. </p>
+
+<p>
+Examples:
+</p>
+
+<pre>
+<a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> = plain, login
+<a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> = /etc/postfix/smtp_mechs
+<a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> = !gssapi, !login, static:rest
+</pre>
+
+
</DD>
<DT><b><a name="smtp_sasl_password_maps">smtp_sasl_password_maps</a>
or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>, but the recipient is not listed in
$<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>, and $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> is not null.
-<li> The recipient domain matches $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> but the
-recipient is not listed in $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>, and $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>
-is not null.
+<li> The recipient domain matches $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a> but the
+recipient is not listed in $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>.
<li> The recipient domain matches $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> but the
recipient is not listed in $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>, and $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>
$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>, but the recipient is not listed in
$<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>, and $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> is not null.
-<li> The sender domain matches $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> but the recipient
-is not listed in $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>, and $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> is
-not null.
+<li> The sender domain matches $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a> but the recipient
+is not listed in $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>.
<li> The sender domain matches $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> but the
recipient is not listed in $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>, and $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>
</p>
<p>
-Note 2: for security reasons, the <a href="virtual.8.html">virtual(8)</a> delivery agent does
-not allow table lookup through the <a href="proxymap.8.html">proxymap(8)</a> service, because
-that would open a security hole.
+Note 2: for security reasons, the <a href="virtual.8.html">virtual(8)</a> delivery agent will
+silently ignore requests to use the <a href="proxymap.8.html">proxymap(8)</a> server. Instead
+it will open the table directly. Before Postfix version 2.2, the
+<a href="virtual.8.html">virtual(8)</a> delivery agent will terminate with a fatal error.
</p>
</p>
<p>
-Note 2: for security reasons, the <a href="virtual.8.html">virtual(8)</a> delivery agent disallows
-table lookup through the <a href="proxymap.8.html">proxymap(8)</a> server, because that would
-open a security hole.
+Note 2: for security reasons, the <a href="virtual.8.html">virtual(8)</a> delivery agent will
+silently ignore requests to use the <a href="proxymap.8.html">proxymap(8)</a> server. Instead
+it will open the table directly. Before Postfix version 2.2, the
+<a href="virtual.8.html">virtual(8)</a> delivery agent will terminate with a fatal error.
</p>
</p>
<p>
-Note 2: for security reasons, the <a href="virtual.8.html">virtual(8)</a> delivery agent does
-not allow table lookup through the <a href="proxymap.8.html">proxymap(8)</a> service, because
-that would open a security hole.
+Note 2: for security reasons, the <a href="virtual.8.html">virtual(8)</a> delivery agent will
+silently ignore requests to use the <a href="proxymap.8.html">proxymap(8)</a> server. Instead
+it will open the table directly. Before Postfix version 2.2, the
+<a href="virtual.8.html">virtual(8)</a> delivery agent will terminate with a fatal error.
</p>
What authentication mechanisms the Postfix SMTP
client is allowed to use.
+ Available in Postfix version 2.2 and later:
+
+ <b><a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> (empty)</b>
+ If non-empty, filters the SMTP server's list of
+ offered SASL mechanisms.
+
<b>RESOURCE AND RATE CONTROLS</b>
<b><a href="postconf.5.html#smtp_destination_concurrency_limit">smtp_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destina</a>-</b>
<b><a href="postconf.5.html#default_destination_concurrency_limit">tion_concurrency_limit</a>)</b>
- The maximal number of parallel deliveries to the
- same destination via the smtp message delivery
+ The maximal number of parallel deliveries to the
+ same destination via the smtp message delivery
transport.
<b><a href="postconf.5.html#smtp_destination_recipient_limit">smtp_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destina</a>-</b>
<b><a href="postconf.5.html#default_destination_recipient_limit">tion_recipient_limit</a>)</b>
- The maximal number of recipients per delivery via
+ The maximal number of recipients per delivery via
the smtp message delivery transport.
<b><a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a> (30s)</b>
- The SMTP client time limit for completing a TCP
+ The SMTP client time limit for completing a TCP
connection, or zero (use the operating system
built-in time limit).
<b><a href="postconf.5.html#smtp_helo_timeout">smtp_helo_timeout</a> (300s)</b>
- The SMTP client time limit for sending the HELO or
- EHLO command, and for receiving the initial server
+ The SMTP client time limit for sending the HELO or
+ EHLO command, and for receiving the initial server
response.
<b><a href="postconf.5.html#smtp_xforward_timeout">smtp_xforward_timeout</a> (300s)</b>
command, and for receiving the server response.
<b><a href="postconf.5.html#smtp_mail_timeout">smtp_mail_timeout</a> (300s)</b>
- The SMTP client time limit for sending the MAIL
- FROM command, and for receiving the server
+ The SMTP client time limit for sending the MAIL
+ FROM command, and for receiving the server
response.
<b><a href="postconf.5.html#smtp_rcpt_timeout">smtp_rcpt_timeout</a> (300s)</b>
- The SMTP client time limit for sending the SMTP
- RCPT TO command, and for receiving the server
+ The SMTP client time limit for sending the SMTP
+ RCPT TO command, and for receiving the server
response.
<b><a href="postconf.5.html#smtp_data_init_timeout">smtp_data_init_timeout</a> (120s)</b>
- The SMTP client time limit for sending the SMTP
- DATA command, and for receiving the server
+ The SMTP client time limit for sending the SMTP
+ DATA command, and for receiving the server
response.
<b><a href="postconf.5.html#smtp_data_xfer_timeout">smtp_data_xfer_timeout</a> (180s)</b>
- The SMTP client time limit for sending the SMTP
+ The SMTP client time limit for sending the SMTP
message content.
<b><a href="postconf.5.html#smtp_data_done_timeout">smtp_data_done_timeout</a> (600s)</b>
- The SMTP client time limit for sending the SMTP
+ The SMTP client time limit for sending the SMTP
".", and for receiving the server response.
<b><a href="postconf.5.html#smtp_quit_timeout">smtp_quit_timeout</a> (300s)</b>
- The SMTP client time limit for sending the QUIT
+ The SMTP client time limit for sending the QUIT
command, and for receiving the server response.
Available in Postfix version 2.1 and later:
lookups, or zero (no limit).
<b><a href="postconf.5.html#smtp_mx_session_limit">smtp_mx_session_limit</a> (2)</b>
- The maximal number of SMTP sessions per delivery
- request before giving up or delivering to a fall-
+ The maximal number of SMTP sessions per delivery
+ request before giving up or delivering to a fall-
back relay host, or zero (no limit).
<b><a href="postconf.5.html#smtp_rset_timeout">smtp_rset_timeout</a> (20s)</b>
- The SMTP client time limit for sending the RSET
+ The SMTP client time limit for sending the RSET
command, and for receiving the server response.
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> (empty)</b>
- Permanently enable SMTP connection caching for the
+ Permanently enable SMTP connection caching for the
specified destinations.
<b>smtp_connection_cache_on_demand (yes)</b>
- Temporarily enable SMTP session caching while a
+ Temporarily enable SMTP session caching while a
destination has a high volume of mail in the active
queue.
<b><a href="postconf.5.html#smtp_connection_cache_reuse_limit">smtp_connection_cache_reuse_limit</a> (10)</b>
When SMTP session caching is enabled, the number of
- times that an SMTP session is reused before it is
+ times that an SMTP session is reused before it is
closed.
<b><a href="postconf.5.html#smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a> (2s)</b>
<b>TROUBLE SHOOTING CONTROLS</b>
<b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
- The increment in verbose logging level when a
- remote client or server matches a pattern in the
+ The increment in verbose logging level when a
+ remote client or server matches a pattern in the
<a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
<b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
- Optional list of remote client or server hostname
- or network address patterns that cause the verbose
- logging level to increase by the amount specified
+ Optional list of remote client or server hostname
+ or network address patterns that cause the verbose
+ logging level to increase by the amount specified
in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
<b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b>
- The recipient of postmaster notifications about
- mail delivery problems that are caused by policy,
+ The recipient of postmaster notifications about
+ mail delivery problems that are caused by policy,
resource, software or protocol errors.
<b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
- The list of error classes that are reported to the
+ The list of error classes that are reported to the
postmaster.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#best_mx_transport">best_mx_transport</a> (empty)</b>
- Where the Postfix SMTP client should deliver mail
+ Where the Postfix SMTP client should deliver mail
when it detects a "mail loops back to myself" error
condition.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix main.cf and
+ The default location of the Postfix main.cf and
master.cf configuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to
- handle a request before it is terminated by a
+ How much time a Postfix daemon process may take to
+ handle a request before it is terminated by a
built-in watchdog timer.
<b><a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> (no)</b>
- Disable DNS lookups in the Postfix SMTP and LMTP
+ Disable DNS lookups in the Postfix SMTP and LMTP
clients.
<b><a href="postconf.5.html#fallback_relay">fallback_relay</a> (empty)</b>
- Optional list of relay hosts for SMTP destinations
+ Optional list of relay hosts for SMTP destinations
that can't be found or that are unreachable.
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b>
over an internal communication channel.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix
- daemon process waits for the next service request
+ The maximum amount of time that an idle Postfix
+ daemon process waits for the next service request
before exiting.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of connection requests before a
+ The maximal number of connection requests before a
Postfix daemon process terminates.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon pro-
+ The process ID of a Postfix command or daemon pro-
cess.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
+ The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b>
The network interface addresses that this mail sys-
- tem receives mail on by way of a proxy or network
+ tem receives mail on by way of a proxy or network
address translation unit.
<b><a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> (empty)</b>
client should bind to when making a connection.
<b><a href="postconf.5.html#smtp_helo_name">smtp_helo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
- The hostname to send in the SMTP EHLO or HELO com-
+ The hostname to send in the SMTP EHLO or HELO com-
mand.
<b><a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a> (dns)</b>
- What mechanisms when the SMTP client uses to look
+ What mechanisms when the SMTP client uses to look
up a host's IP address.
<b><a href="postconf.5.html#smtp_randomize_addresses">smtp_randomize_addresses</a> (yes)</b>
- Randomize the order of equal-preference MX host
+ Randomize the order of equal-preference MX host
addresses.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
- The mail system name that is prepended to the pro-
+ The mail system name that is prepended to the pro-
cess name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
<a href="SASL_README.html">SASL_README</a>, Postfix SASL howto
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
done in a slightly different way as described below under
"REGULAR EXPRESSION TABLES" and "TCP-BASED TABLES".
+By default the \fBcanonical\fR mapping affects both message
+header addresses (i.e. addresses that appear inside messages)
+and message envelope addresses (for example, the addresses
+that are used in SMTP protocol commands). Think Sendmail
+rule set \fBS3\fR, if you like. This is controlled with
+the \fBcanonical_classes\fR parameter.
+
The \fBcanonical\fR mapping affects both message header addresses
(i.e. addresses that appear inside messages) and message envelope
addresses (for example, the addresses that are used in SMTP protocol
The following \fBmain.cf\fR parameters are especially relevant.
The text below provides only a parameter summary. See
postconf(5) for more details including examples.
+.IP \fBcanonical_classes\fR
+What addresses are subject to canonical address mapping.
.IP \fBcanonical_maps\fR
List of canonical mapping tables.
.IP \fBrecipient_canonical_maps\fR
.ti +4
/^content-(type|disposition):.*name[[:space:]]*=.*\\.(exe|vbs)/
.ti +8
-REJECT Bad attachment file name extension: $1
+REJECT Bad attachment file name extension: $2
.ad
.fi
.SH allow_min_user (default: no)
Allow a recipient address to have `-' as the first character. By
default, this is not allowed, to avoid accidents with software that
-passes email addresses via the command line.
+passes email addresses via the command line. Such software
+would not be able to distinguish a malicious address from a
+bona fide command-line option. Although this can be prevented by
+inserting a "--" option terminator into the command line, this is
+difficult to enforce consistently and globally.
.SH allow_percent_hack (default: yes)
Enable the rewriting of the form "user%domain" to "user@domain".
This is enabled by default.
.PP
Specify "\fBbroken_sasl_auth_clients = yes\fR" to have Postfix advertise
AUTH support in a non-standard way.
+.SH canonical_classes (default: envelope_sender, envelope_recipient, header_sender, header_recipient)
+What addresses are subject to canonical_maps address mapping.
+By default, canonical_maps address mapping is applied to envelope
+sender and recipient addresses, and to header sender and header
+recipient addresses.
+.PP
+Specify one or more of: envelope_sender, envelope_recipient,
+header_sender, header_recipient
.SH canonical_maps (default: empty)
Optional address mapping lookup tables for message headers and
envelopes. The mapping is applied to both sender and recipient
-addresses, in both envelopes and in headers. This is typically used
+addresses, in both envelopes and in headers, as controlled
+with the canonical_classes parameter. This is typically used
to clean up dirty addresses from legacy mail systems, or to replace
login names by Firstname.Lastname. The table format and lookups
are documented in canonical(5).
machine. The parameter also controls delivery of mail to
user@[ip.address].
.PP
+When inet_interfaces consists of just one IP address that is not a
+loopback (net 127) address, the Postfix SMTP client will use this address
+as the IP source address for outbound mail.
+.PP
+On a multi-homed firewall with separate Postfix instances listening on the
+"inside" and "outside" interfaces, this can prevent each instance from
+being able to reach servers on the "other side" of the firewall. Setting
+smtp_bind_address to 0.0.0.0 avoids the potential problem.
+.PP
+A better solution is to leave inet_interfaces at the default value
+and instead use explicit IP addresses in master.cf. This preserves SMTP
+loop detection, by ensuring that each side of the firewall knows that the
+other IP address is still the same host. Setting $inet_interfaces to a
+single IP address is primarily useful with virtual hosting of domains on
+secondary IP addresses, when each IP address serves a different domain
+(and has a different $myhostname setting).
+.PP
See also the proxy_interfaces parameter, for network addresses that
are forwarded to us by way of a proxy or address translator.
.PP
.fi
.ad
.ft R
+.SH recipient_canonical_classes (default: envelope_recipient, header_recipient)
+What addresses are subject to recipient_canonical_maps address
+mapping. By default, recipient_canonical_maps address mapping is
+applied to envelope recipient addresses, and to header recipient
+addresses.
+.PP
+Specify one or more of: envelope_recipient, header_recipient
.SH recipient_canonical_maps (default: empty)
Optional address mapping lookup tables for envelope and header
recipient addresses.
.fi
.ad
.ft R
+.SH sender_canonical_classes (default: envelope_sender, header_sender)
+What addresses are subject to sender_canonical_maps address
+mapping. By default, sender_canonical_maps address mapping is
+applied to envelope sender addresses, and to header sender addresses.
+.PP
+Specify one or more of: envelope_sender, header_sender
.SH sender_canonical_maps (default: empty)
Optional address mapping lookup tables for envelope and header
sender addresses.
.fi
.ad
.ft R
+.PP
+Note: when inet_interfaces specifies exactly one address that
+is a non-loopback address, it is automatically used as the
+smtp_bind_address. This supports virtual IP hosting, but can be
+a problem on multi-homed firewalls. See the inet_interfaces
+documentation for more detail.
.SH smtp_connect_timeout (default: 30s)
The SMTP client time limit for completing a TCP connection, or
zero (use the operating system built-in time limit).
.fi
.ad
.ft R
+.SH smtp_sasl_mechanism_filter (default: empty)
+If non-empty, filters the SMTP server's list of offered SASL mechanisms.
+Different client and server implementations may support different
+mechanism lists. By default, the client will use the intersection of the
+two. smtp_sasl_mechanism_filter further restricts what server mechanisms
+the client will take into consideration.
+.PP
+Specify mechanism names, "/file/name" patterns or "type:table"
+lookup tables. The right-hand side result from "type:table" lookups
+is ignored.
+.PP
+Examples:
+.PP
+.nf
+.na
+.ft C
+smtp_sasl_mechanism_filter = plain, login
+smtp_sasl_mechanism_filter = /etc/postfix/smtp_mechs
+smtp_sasl_mechanism_filter = !gssapi, !login, static:rest
+.fi
+.ad
+.ft R
.SH smtp_sasl_password_maps (default: empty)
Optional SMTP client lookup tables with one username:password entry
per remote hostname or domain. If a remote host or domain has no
or $proxy_interfaces, but the recipient is not listed in
$local_recipient_maps, and $local_recipient_maps is not null.
.IP \(bu
-The recipient domain matches $virtual_alias_maps but the
-recipient is not listed in $virtual_alias_maps, and $virtual_alias_maps
-is not null.
+The recipient domain matches $virtual_alias_domains but the
+recipient is not listed in $virtual_alias_maps.
.IP \(bu
The recipient domain matches $virtual_mailbox_domains but the
recipient is not listed in $virtual_mailbox_maps, and $virtual_mailbox_maps
$proxy_interfaces, but the recipient is not listed in
$local_recipient_maps, and $local_recipient_maps is not null.
.IP \(bu
-The sender domain matches $virtual_alias_maps but the recipient
-is not listed in $virtual_alias_maps, and $virtual_alias_maps is
-not null.
+The sender domain matches $virtual_alias_domains but the recipient
+is not listed in $virtual_alias_maps.
.IP \(bu
The sender domain matches $virtual_mailbox_domains but the
recipient is not listed in $virtual_mailbox_maps, and $virtual_mailbox_maps
regular expression substitution of $1 etc. in regular expression
lookup tables, because that would open a security hole.
.PP
-Note 2: for security reasons, the virtual(8) delivery agent does
-not allow table lookup through the proxymap(8) service, because
-that would open a security hole.
+Note 2: for security reasons, the virtual(8) delivery agent will
+silently ignore requests to use the proxymap(8) server. Instead
+it will open the table directly. Before Postfix version 2.2, the
+virtual(8) delivery agent will terminate with a fatal error.
.SH virtual_mailbox_base (default: empty)
A prefix that the virtual(8) delivery agent prepends to all pathname
results from $virtual_mailbox_maps table lookups. This is a safety
regular expression substitution of $1 etc. in regular expression
lookup tables, because that would open a security hole.
.PP
-Note 2: for security reasons, the virtual(8) delivery agent disallows
-table lookup through the proxymap(8) server, because that would
-open a security hole.
+Note 2: for security reasons, the virtual(8) delivery agent will
+silently ignore requests to use the proxymap(8) server. Instead
+it will open the table directly. Before Postfix version 2.2, the
+virtual(8) delivery agent will terminate with a fatal error.
.SH virtual_maps (default: empty)
Optional lookup tables with a) names of domains for which all
addresses are aliased to addresses in other local or remote domains,
regular expression substitution of $1 etc. in regular expression
lookup tables, because that would open a security hole.
.PP
-Note 2: for security reasons, the virtual(8) delivery agent does
-not allow table lookup through the proxymap(8) service, because
-that would open a security hole.
+Note 2: for security reasons, the virtual(8) delivery agent will
+silently ignore requests to use the proxymap(8) server. Instead
+it will open the table directly. Before Postfix version 2.2, the
+virtual(8) delivery agent will terminate with a fatal error.
.SH SEE ALSO
.na
.nf
.IP "\fBvirtual_alias_maps ($virtual_maps)\fR"
Optional lookup tables that alias specific mail addresses or domains
to other local or remote address.
+.PP
+Available in Postfix version 2.2 and later:
+.IP "\fBcanonical_classes (envelope_sender, envelope_recipient, header_sender, header_recipient)\fR"
+What addresses are subject to canonical_maps address mapping.
+.IP "\fBrecipient_canonical_classes (envelope_recipient, header_recipient)\fR"
+What addresses are subject to recipient_canonical_maps address
+mapping.
+.IP "\fBsender_canonical_classes (envelope_sender, header_sender)\fR"
+What addresses are subject to sender_canonical_maps address
+mapping.
.SH "RESOURCE AND RATE CONTROLS"
.na
.nf
.IP "\fBsmtp_sasl_security_options (noplaintext, noanonymous)\fR"
What authentication mechanisms the Postfix SMTP client is allowed
to use.
+.PP
+Available in Postfix version 2.2 and later:
+.IP "\fBsmtp_sasl_mechanism_filter (empty)\fR"
+If non-empty, filters the SMTP server's list of offered SASL mechanisms.
.SH "RESOURCE AND RATE CONTROLS"
.na
.nf
table["smtpd_sasl_local_domain"] = "var_smtpd_sasl_realm"
table["smtpd_sender_login_maps"] = "var_smtpd_snd_auth_maps"
table["smtp_sasl_auth_enable"] = "var_smtp_sasl_enable"
+ table["smtp_sasl_mechanism_filter"] = "var_smtp_sasl_mechs"
table["smtp_sasl_password_maps"] = "var_smtp_sasl_passwd"
table["smtp_sasl_security_options"] = "var_smtp_sasl_opts"
table["lmtpd_banner"] = "var_lmtpd_banner"
s;\bbounce_service_name\b;<a href="postconf.5.html#bounce_service_name">$&</a>;g;
s;\bbounce_size_limit\b;<a href="postconf.5.html#bounce_size_limit">$&</a>;g;
s;\bbroken_sasl_auth_clients\b;<a href="postconf.5.html#broken_sasl_auth_clients">$&</a>;g;
+ s;\bcanonical_classes\b;<a href="postconf.5.html#canonical_classes">$&</a>;g;
s;\bcanonical_maps\b;<a href="postconf.5.html#canonical_maps">$&</a>;g;
s;\bcleanup_service_name\b;<a href="postconf.5.html#cleanup_service_name">$&</a>;g;
s;\bcommand_execu[-</bB>]*\n* *[<bB>]*tion_direc[-</bB>]*\n* *[<bB>]*tory\b;<a href="postconf.5.html#command_execution_directory">$&</a>;g;
s;\bno_address_mappings\b;<a href="postconf.5.html#no_address_mappings">$&</a>;g;
s;\bno_header_body_checks\b;<a href="postconf.5.html#no_header_body_checks">$&</a>;g;
s;\brecip[-</bB>]*\n* *[<bB>]*ient_bcc_maps\b;<a href="postconf.5.html#recipient_bcc_maps">$&</a>;g;
- s;\brecip[-</bB>]*\n* *[<bB>]*ient_canonical_maps\b;<a href="postconf.5.html#recipient_canonical_maps">$&</a>;g;
+ s;\brecip[-</bB>]*\n* *[<bB>]*ient_canoni[-</bB>]*\n* *[<bB>]*cal_classes\b;<a href="postconf.5.html#recipient_canonical_classes">$&</a>;g;
+ s;\brecip[-</bB>]*\n* *[<bB>]*ient_canoni[-</bB>]*\n* *[<bB>]*cal_maps\b;<a href="postconf.5.html#recipient_canonical_maps">$&</a>;g;
s;\brecip[-</bB>]*\n* *[<bB>]*ient_delim[-</bB>]*\n* *[<bB>]*iter\b;<a href="postconf.5.html#recipient_delimiter">$&<\/a>;g;
s;\breject_code\b;<a href="postconf.5.html#reject_code">$&</a>;g;
s;\brelay_domains\b;<a href="postconf.5.html#relay_domains">$&</a>;g;
s;\bsample_directory\b;<a href="postconf.5.html#sample_directory">$&</a>;g;
s;\bsender_based_routing\b;<a href="postconf.5.html#sender_based_routing">$&</a>;g;
s;\bsender_bcc_maps\b;<a href="postconf.5.html#sender_bcc_maps">$&</a>;g;
+ s;\bsender_canonical_classes\b;<a href="postconf.5.html#sender_canonical_classes">$&</a>;g;
s;\bsender_canonical_maps\b;<a href="postconf.5.html#sender_canonical_maps">$&</a>;g;
s;\bsendmail_path\b;<a href="postconf.5.html#sendmail_path">$&</a>;g;
s;\bservice_throttle_time\b;<a href="postconf.5.html#service_throttle_time">$&</a>;g;
s;\bsmtp_rcpt_timeout\b;<a href="postconf.5.html#smtp_rcpt_timeout">$&</a>;g;
s;\bsmtp_rset_timeout\b;<a href="postconf.5.html#smtp_rset_timeout">$&</a>;g;
s;\bsmtp_sasl_auth_enable\b;<a href="postconf.5.html#smtp_sasl_auth_enable">$&</a>;g;
+ s;\bsmtp_sasl_mechanism_filter\b;<a href="postconf.5.html#smtp_sasl_mechanism_filter">$&</a>;g;
s;\bsmtp_sasl_password_maps\b;<a href="postconf.5.html#smtp_sasl_password_maps">$&</a>;g;
s;\bsmtp_sasl_security_options\b;<a href="postconf.5.html#smtp_sasl_security_options">$&</a>;g;
s;\bsmtp_send_xforward_command\b;<a href="postconf.5.html#smtp_send_xforward_command">$&</a>;g;
table["var_smtpd_sasl_realm"] = "smtpd_sasl_local_domain"
table["var_smtpd_snd_auth_maps"] = "smtpd_sender_login_maps"
table["var_smtp_sasl_enable"] = "smtp_sasl_auth_enable"
+ table["var_smtp_sasl_mechs"] = "smtp_sasl_mechanism_filter"
table["var_smtp_sasl_passwd"] = "smtp_sasl_password_maps"
table["var_smtp_sasl_opts"] = "smtp_sasl_security_options"
table["var_lmtpd_banner"] = "lmtpd_banner"
<h3> <a name="canonical"> Canonical address mapping </a> </h3>
<p> The cleanup(8) daemon uses the canonical(5) tables to rewrite
-all addresses in message envelopes and in message headers. This is
+addresses in message envelopes and in message headers. By default
+all header and envelope addresses are rewritten; this is controlled
+with the canonical_classes configuration parameter. </p>
+
+<p> Address rewriting is
done for local and remote addresses. The mapping is useful to
replace login names by "Firstname.Lastname" style addresses, or to
clean up invalid domains in mail addresses produced by legacy mail
</blockquote>
<p> The sender and recipient canonical maps are applied before the
-common canonical maps. </p>
+common canonical maps. The sender_canonical_classes and
+recipient_canonical_classes parameters control what addresses are
+subject to sender_canonical_maps and recipient_canonical_maps
+mappings, respectively. </p>
<p> Sender-specific rewriting is useful when you want to rewrite
ugly sender addresses to pretty ones, and still want to be able to
enters the optional chroot jail, so you can keep the file in
/etc/postfix. </p>
+<p> Note: Some SMTP servers support authentication mechanisms that,
+although available on the client system, may not in practice work or
+possess the appropriate credentials to authenticate to the server. It
+is possible via the smtp_sasl_mechanism_filter parameter to further
+restrict the list of server mechanisms that the smtp(8) client will take
+into consideration. </p>
+
<p> The Postfix SMTP client is backwards compatible with SMTP
servers that use the non-standard "AUTH=method..." syntax in response
to the EHLO command; there is no Postfix client configuration needed
</ul>
+<p> In some installations, there may be separate instances of Postfix
+processing inbound and outbound mail on a multi-homed firewall. The
+inbound Postfix instance has an SMTP server listening on the external
+firewall interface, and the outbound Postfix instance has an SMTP server
+listening on the internal interface. In such a configuration is it is
+tempting to configure $inet_interfaces in each instance with just the
+corresponding interface address. </p>
+
+<p> In most cases using inet_interaces in this way will not work,
+because as documented in the $inet_interfaces reference manual, the
+smtp(8) delivery agent will also use the specified interface address
+as the source address for outbound connections and will be unable to
+reach hosts on "the other side" of the firewall. The symptoms are that
+the firewall is unable to connect to hosts that are in fact up. See the
+inet_interfaces parameter documentation for suggested work-arounds.</p>
+
<h2><a name="intranet">Running Postfix behind a firewall</a></h2>
<p> The simplest way to set up Postfix on a host behind a firewalled
# done in a slightly different way as described below under
# "REGULAR EXPRESSION TABLES" and "TCP-BASED TABLES".
#
+# By default the \fBcanonical\fR mapping affects both message
+# header addresses (i.e. addresses that appear inside messages)
+# and message envelope addresses (for example, the addresses
+# that are used in SMTP protocol commands). Think Sendmail
+# rule set \fBS3\fR, if you like. This is controlled with
+# the \fBcanonical_classes\fR parameter.
+#
# The \fBcanonical\fR mapping affects both message header addresses
# (i.e. addresses that appear inside messages) and message envelope
# addresses (for example, the addresses that are used in SMTP protocol
# The following \fBmain.cf\fR parameters are especially relevant.
# The text below provides only a parameter summary. See
# postconf(5) for more details including examples.
+# .IP \fBcanonical_classes\fR
+# What addresses are subject to canonical address mapping.
# .IP \fBcanonical_maps\fR
# List of canonical mapping tables.
# .IP \fBrecipient_canonical_maps\fR
# .ti +4
# /^content-(type|disposition):.*name[[:space:]]*=.*\\.(exe|vbs)/
# .ti +8
-# REJECT Bad attachment file name extension: $1
+# REJECT Bad attachment file name extension: $2
#
# .ad
# .fi
<p>
Allow a recipient address to have `-' as the first character. By
default, this is not allowed, to avoid accidents with software that
-passes email addresses via the command line.
-</p>
+passes email addresses via the command line. Such software
+would not be able to distinguish a malicious address from a
+bona fide command-line option. Although this can be prevented by
+inserting a "--" option terminator into the command line, this is
+difficult to enforce consistently and globally. </p>
%PARAM allow_percent_hack yes
<p>
Optional address mapping lookup tables for message headers and
envelopes. The mapping is applied to both sender and recipient
-addresses, in both envelopes and in headers. This is typically used
+addresses, in both envelopes and in headers, as controlled
+with the canonical_classes parameter. This is typically used
to clean up dirty addresses from legacy mail systems, or to replace
login names by Firstname.Lastname. The table format and lookups
are documented in canonical(5).
canonical_maps = hash:/etc/postfix/canonical
</pre>
+%PARAM canonical_classes envelope_sender, envelope_recipient, header_sender, header_recipient
+
+<p> What addresses are subject to canonical_maps address mapping.
+By default, canonical_maps address mapping is applied to envelope
+sender and recipient addresses, and to header sender and header
+recipient addresses. </p>
+
+<p> Specify one or more of: envelope_sender, envelope_recipient,
+header_sender, header_recipient </p>
+
+%PARAM sender_canonical_classes envelope_sender, header_sender
+
+<p> What addresses are subject to sender_canonical_maps address
+mapping. By default, sender_canonical_maps address mapping is
+applied to envelope sender addresses, and to header sender addresses.
+</p>
+
+<p> Specify one or more of: envelope_sender, header_sender </p>
+
+%PARAM recipient_canonical_classes envelope_recipient, header_recipient
+
+<p> What addresses are subject to recipient_canonical_maps address
+mapping. By default, recipient_canonical_maps address mapping is
+applied to envelope recipient addresses, and to header recipient
+addresses. </p>
+
+<p> Specify one or more of: envelope_recipient, header_recipient
+</p>
+
%PARAM command_directory see "postconf -d" output
<p>
user@[ip.address].
</p>
+<p>
+When inet_interfaces consists of just one IP address that is not a
+loopback (net 127) address, the Postfix SMTP client will use this address
+as the IP source address for outbound mail. </p>
+
+<p>
+On a multi-homed firewall with separate Postfix instances listening on the
+"inside" and "outside" interfaces, this can prevent each instance from
+being able to reach servers on the "other side" of the firewall. Setting
+smtp_bind_address to 0.0.0.0 avoids the potential problem. </p>
+
+<p>
+A better solution is to leave inet_interfaces at the default value
+and instead use explicit IP addresses in master.cf. This preserves SMTP
+loop detection, by ensuring that each side of the firewall knows that the
+other IP address is still the same host. Setting $inet_interfaces to a
+single IP address is primarily useful with virtual hosting of domains on
+secondary IP addresses, when each IP address serves a different domain
+(and has a different $myhostname setting). </p>
+
<p>
See also the proxy_interfaces parameter, for network addresses that
are forwarded to us by way of a proxy or address translator.
smtp ... smtp -o smtp_bind_address=11.22.33.44
</pre>
+<p> Note: when inet_interfaces specifies exactly one address that
+is a non-loopback address, it is automatically used as the
+smtp_bind_address. This supports virtual IP hosting, but can be
+a problem on multi-homed firewalls. See the inet_interfaces
+documentation for more detail. </p>
+
%PARAM smtp_connection_cache_time_limit 2s
<p> When SMTP session caching is enabled, the amount of time that
smtp_sasl_security_options = noplaintext
</pre>
+%PARAM smtp_sasl_mechanism_filter
+
+<p>
+If non-empty, filters the SMTP server's list of offered SASL mechanisms.
+Different client and server implementations may support different
+mechanism lists. By default, the client will use the intersection of the
+two. smtp_sasl_mechanism_filter further restricts what server mechanisms
+the client will take into consideration. </p>
+
+<p> Specify mechanism names, "/file/name" patterns or "type:table"
+lookup tables. The right-hand side result from "type:table" lookups
+is ignored. </p>
+
+<p>
+Examples:
+</p>
+
+<pre>
+smtp_sasl_mechanism_filter = plain, login
+smtp_sasl_mechanism_filter = /etc/postfix/smtp_mechs
+smtp_sasl_mechanism_filter = !gssapi, !login, static:rest
+</pre>
+
%PARAM smtp_send_xforward_command no
<p>
or $proxy_interfaces, but the recipient is not listed in
$local_recipient_maps, and $local_recipient_maps is not null.
-<li> The recipient domain matches $virtual_alias_maps but the
-recipient is not listed in $virtual_alias_maps, and $virtual_alias_maps
-is not null.
+<li> The recipient domain matches $virtual_alias_domains but the
+recipient is not listed in $virtual_alias_maps.
<li> The recipient domain matches $virtual_mailbox_domains but the
recipient is not listed in $virtual_mailbox_maps, and $virtual_mailbox_maps
$proxy_interfaces, but the recipient is not listed in
$local_recipient_maps, and $local_recipient_maps is not null.
-<li> The sender domain matches $virtual_alias_maps but the recipient
-is not listed in $virtual_alias_maps, and $virtual_alias_maps is
-not null.
+<li> The sender domain matches $virtual_alias_domains but the recipient
+is not listed in $virtual_alias_maps.
<li> The sender domain matches $virtual_mailbox_domains but the
recipient is not listed in $virtual_mailbox_maps, and $virtual_mailbox_maps
</p>
<p>
-Note 2: for security reasons, the virtual(8) delivery agent does
-not allow table lookup through the proxymap(8) service, because
-that would open a security hole.
+Note 2: for security reasons, the virtual(8) delivery agent will
+silently ignore requests to use the proxymap(8) server. Instead
+it will open the table directly. Before Postfix version 2.2, the
+virtual(8) delivery agent will terminate with a fatal error.
</p>
%PARAM virtual_mailbox_base
</p>
<p>
-Note 2: for security reasons, the virtual(8) delivery agent disallows
-table lookup through the proxymap(8) server, because that would
-open a security hole.
+Note 2: for security reasons, the virtual(8) delivery agent will
+silently ignore requests to use the proxymap(8) server. Instead
+it will open the table directly. Before Postfix version 2.2, the
+virtual(8) delivery agent will terminate with a fatal error.
</p>
%PARAM virtual_minimum_uid 100
</p>
<p>
-Note 2: for security reasons, the virtual(8) delivery agent does
-not allow table lookup through the proxymap(8) service, because
-that would open a security hole.
+Note 2: for security reasons, the virtual(8) delivery agent will
+silently ignore requests to use the proxymap(8) server. Instead
+it will open the table directly. Before Postfix version 2.2, the
+virtual(8) delivery agent will terminate with a fatal error.
</p>
%PARAM config_directory see "postconf -d" output
%PARAM smtp_sasl_auth_enable
%PARAM smtp_sasl_password_maps
%PARAM smtp_sasl_security_options
+%PARAM smtp_sasl_mechanism_filter
%CLASS lmtp-sasl
%PARAM lmtp_sasl_auth_enable
/* .IP "\fBvirtual_alias_maps ($virtual_maps)\fR"
/* Optional lookup tables that alias specific mail addresses or domains
/* to other local or remote address.
+/* .PP
+/* Available in Postfix version 2.2 and later:
+/* .IP "\fBcanonical_classes (envelope_sender, envelope_recipient, header_sender, header_recipient)\fR"
+/* What addresses are subject to canonical_maps address mapping.
+/* .IP "\fBrecipient_canonical_classes (envelope_recipient, header_recipient)\fR"
+/* What addresses are subject to recipient_canonical_maps address
+/* mapping.
+/* .IP "\fBsender_canonical_classes (envelope_sender, header_sender)\fR"
+/* What addresses are subject to sender_canonical_maps address
+/* mapping.
/* RESOURCE AND RATE CONTROLS
/* .ad
/* .fi
extern MAPS *cleanup_comm_canon_maps;
extern MAPS *cleanup_send_canon_maps;
extern MAPS *cleanup_rcpt_canon_maps;
+extern int cleanup_comm_canon_flags;
+extern int cleanup_send_canon_flags;
+extern int cleanup_rcpt_canon_flags;
extern MAPS *cleanup_header_checks;
extern MAPS *cleanup_mimehdr_checks;
extern MAPS *cleanup_nesthdr_checks;
extern MAPS *cleanup_send_bcc_maps;
extern MAPS *cleanup_rcpt_bcc_maps;
+ /*
+ * Address canonicalization fine control.
+ */
+#define CLEANUP_CANON_FLAG_ENV_FROM (1<<0) /* envelope sender */
+#define CLEANUP_CANON_FLAG_ENV_RCPT (1<<1) /* envelope recipient */
+#define CLEANUP_CANON_FLAG_HDR_FROM (1<<2) /* header sender */
+#define CLEANUP_CANON_FLAG_HDR_RCPT (1<<3) /* header recipient */
+
/*
* Address masquerading fine control.
*/
vstring_strcpy(clean_addr, "");
}
if (state->flags & CLEANUP_FLAG_MAP_OK) {
- if (cleanup_send_canon_maps)
+ if (cleanup_send_canon_maps
+ && (cleanup_send_canon_flags & CLEANUP_CANON_FLAG_ENV_FROM))
cleanup_map11_internal(state, clean_addr, cleanup_send_canon_maps,
cleanup_ext_prop_mask & EXT_PROP_CANONICAL);
- if (cleanup_comm_canon_maps)
+ if (cleanup_comm_canon_maps
+ && (cleanup_comm_canon_flags & CLEANUP_CANON_FLAG_ENV_FROM))
cleanup_map11_internal(state, clean_addr, cleanup_comm_canon_maps,
cleanup_ext_prop_mask & EXT_PROP_CANONICAL);
if (cleanup_masq_domains
cleanup_rewrite_internal(clean_addr, *buf ? buf : var_empty_addr);
if (state->flags & CLEANUP_FLAG_MAP_OK) {
- if (cleanup_rcpt_canon_maps)
+ if (cleanup_rcpt_canon_maps
+ && (cleanup_rcpt_canon_flags & CLEANUP_CANON_FLAG_ENV_RCPT))
cleanup_map11_internal(state, clean_addr, cleanup_rcpt_canon_maps,
cleanup_ext_prop_mask & EXT_PROP_CANONICAL);
- if (cleanup_comm_canon_maps)
+ if (cleanup_comm_canon_maps
+ && (cleanup_comm_canon_flags & CLEANUP_CANON_FLAG_ENV_RCPT))
cleanup_map11_internal(state, clean_addr, cleanup_comm_canon_maps,
cleanup_ext_prop_mask & EXT_PROP_CANONICAL);
if (cleanup_masq_domains
cleanup_rewrite_internal(clean_addr, bcc);
if (state->flags & CLEANUP_FLAG_MAP_OK) {
- if (cleanup_rcpt_canon_maps)
+ if (cleanup_rcpt_canon_maps
+ && (cleanup_rcpt_canon_flags & CLEANUP_CANON_FLAG_ENV_RCPT))
cleanup_map11_internal(state, clean_addr, cleanup_rcpt_canon_maps,
cleanup_ext_prop_mask & EXT_PROP_CANONICAL);
- if (cleanup_comm_canon_maps)
+ if (cleanup_comm_canon_maps
+ && (cleanup_comm_canon_flags & CLEANUP_CANON_FLAG_ENV_RCPT))
cleanup_map11_internal(state, clean_addr, cleanup_comm_canon_maps,
cleanup_ext_prop_mask & EXT_PROP_CANONICAL);
if (cleanup_masq_domains
char *var_canonical_maps; /* common canonical maps */
char *var_send_canon_maps; /* sender canonical maps */
char *var_rcpt_canon_maps; /* recipient canonical maps */
+char *var_canon_classes; /* what to canonicalize */
+char *var_send_canon_classes; /* what sender to canonicalize */
+char *var_rcpt_canon_classes; /* what recipient to canonicalize */
char *var_virt_alias_maps; /* virtual alias maps */
char *var_masq_domains; /* masquerade domains */
char *var_masq_exceptions; /* users not masqueraded */
VAR_CANONICAL_MAPS, DEF_CANONICAL_MAPS, &var_canonical_maps, 0, 0,
VAR_SEND_CANON_MAPS, DEF_SEND_CANON_MAPS, &var_send_canon_maps, 0, 0,
VAR_RCPT_CANON_MAPS, DEF_RCPT_CANON_MAPS, &var_rcpt_canon_maps, 0, 0,
+ VAR_CANON_CLASSES, DEF_CANON_CLASSES, &var_canon_classes, 1, 0,
+ VAR_SEND_CANON_CLASSES, DEF_SEND_CANON_CLASSES, &var_send_canon_classes, 1, 0,
+ VAR_RCPT_CANON_CLASSES, DEF_RCPT_CANON_CLASSES, &var_rcpt_canon_classes, 1, 0,
VAR_VIRT_ALIAS_MAPS, DEF_VIRT_ALIAS_MAPS, &var_virt_alias_maps, 0, 0,
VAR_MASQ_DOMAINS, DEF_MASQ_DOMAINS, &var_masq_domains, 0, 0,
VAR_EMPTY_ADDR, DEF_EMPTY_ADDR, &var_empty_addr, 1, 0,
MAPS *cleanup_comm_canon_maps;
MAPS *cleanup_send_canon_maps;
MAPS *cleanup_rcpt_canon_maps;
+int cleanup_comm_canon_flags;
+int cleanup_send_canon_flags;
+int cleanup_rcpt_canon_flags;
MAPS *cleanup_header_checks;
MAPS *cleanup_mimehdr_checks;
MAPS *cleanup_nesthdr_checks;
void cleanup_pre_jail(char *unused_name, char **unused_argv)
{
+ static NAME_MASK send_canon_class_table[] = {
+ CANON_CLASS_ENV_FROM, CLEANUP_CANON_FLAG_ENV_FROM,
+ CANON_CLASS_HDR_FROM, CLEANUP_CANON_FLAG_HDR_FROM,
+ 0,
+ };
+ static NAME_MASK rcpt_canon_class_table[] = {
+ CANON_CLASS_ENV_RCPT, CLEANUP_CANON_FLAG_ENV_RCPT,
+ CANON_CLASS_HDR_RCPT, CLEANUP_CANON_FLAG_HDR_RCPT,
+ 0,
+ };
+ static NAME_MASK canon_class_table[] = {
+ CANON_CLASS_ENV_FROM, CLEANUP_CANON_FLAG_ENV_FROM,
+ CANON_CLASS_ENV_RCPT, CLEANUP_CANON_FLAG_ENV_RCPT,
+ CANON_CLASS_HDR_FROM, CLEANUP_CANON_FLAG_HDR_FROM,
+ CANON_CLASS_HDR_RCPT, CLEANUP_CANON_FLAG_HDR_RCPT,
+ 0,
+ };
+
static NAME_MASK masq_class_table[] = {
MASQ_CLASS_ENV_FROM, CLEANUP_MASQ_FLAG_ENV_FROM,
MASQ_CLASS_ENV_RCPT, CLEANUP_MASQ_FLAG_ENV_RCPT,
cleanup_virt_alias_maps = maps_create(VAR_VIRT_ALIAS_MAPS,
var_virt_alias_maps,
DICT_FLAG_LOCK);
+ if (*var_canon_classes)
+ cleanup_comm_canon_flags =
+ name_mask(VAR_CANON_CLASSES, canon_class_table,
+ var_canon_classes);
+ if (*var_send_canon_classes)
+ cleanup_send_canon_flags =
+ name_mask(VAR_CANON_CLASSES, send_canon_class_table,
+ var_send_canon_classes);
+ if (*var_rcpt_canon_classes)
+ cleanup_rcpt_canon_flags =
+ name_mask(VAR_CANON_CLASSES, rcpt_canon_class_table,
+ var_rcpt_canon_classes);
if (*var_masq_domains)
cleanup_masq_domains = argv_split(var_masq_domains, " ,\t\r\n");
if (*var_header_checks)
for (tpp = addr_list; *tpp; tpp++) {
cleanup_rewrite_tree(*tpp);
if (state->flags & CLEANUP_FLAG_MAP_OK) {
- if (cleanup_send_canon_maps)
+ if (cleanup_send_canon_maps
+ && (cleanup_send_canon_flags & CLEANUP_CANON_FLAG_HDR_FROM))
cleanup_map11_tree(state, *tpp, cleanup_send_canon_maps,
cleanup_ext_prop_mask & EXT_PROP_CANONICAL);
- if (cleanup_comm_canon_maps)
+ if (cleanup_comm_canon_maps
+ && (cleanup_comm_canon_flags & CLEANUP_CANON_FLAG_HDR_FROM))
cleanup_map11_tree(state, *tpp, cleanup_comm_canon_maps,
cleanup_ext_prop_mask & EXT_PROP_CANONICAL);
if (cleanup_masq_domains
for (tpp = addr_list; *tpp; tpp++) {
cleanup_rewrite_tree(*tpp);
if (state->flags & CLEANUP_FLAG_MAP_OK) {
- if (cleanup_rcpt_canon_maps)
+ if (cleanup_rcpt_canon_maps
+ && (cleanup_rcpt_canon_flags & CLEANUP_CANON_FLAG_HDR_RCPT))
cleanup_map11_tree(state, *tpp, cleanup_rcpt_canon_maps,
cleanup_ext_prop_mask & EXT_PROP_CANONICAL);
- if (cleanup_comm_canon_maps)
+ if (cleanup_comm_canon_maps
+ && (cleanup_comm_canon_flags & CLEANUP_CANON_FLAG_HDR_RCPT))
cleanup_map11_tree(state, *tpp, cleanup_comm_canon_maps,
cleanup_ext_prop_mask & EXT_PROP_CANONICAL);
-
if (cleanup_masq_domains
&& (cleanup_masq_flags & CLEANUP_MASQ_FLAG_HDR_RCPT))
cleanup_masquerade_tree(*tpp, cleanup_masq_domains);
/*
* Sanity checks.
*/
- if (dict_flags & DICT_FLAG_NO_PROXY)
- msg_fatal("%s: %s map is not allowed for security sensitive data",
- map, DICT_TYPE_PROXY);
if (open_flags != O_RDONLY)
msg_fatal("%s: %s map open requires O_RDONLY access mode",
map, DICT_TYPE_PROXY);
+ /*
+ * OK. If this map can't be proxied then we silently do a direct open.
+ * This allows sites to benefit from proxying the virtual mailbox maps
+ * without unnecessary pain.
+ */
+ if (dict_flags & DICT_FLAG_NO_PROXY)
+ return (dict_open(map, open_flags, dict_flags));
+
/*
* Local initialization.
*/
#define DEF_RCPT_CANON_MAPS ""
extern char *var_rcpt_canon_maps;
+#define CANON_CLASS_ENV_FROM "envelope_sender"
+#define CANON_CLASS_ENV_RCPT "envelope_recipient"
+#define CANON_CLASS_HDR_FROM "header_sender"
+#define CANON_CLASS_HDR_RCPT "header_recipient"
+
+#define VAR_CANON_CLASSES "canonical_classes"
+#define DEF_CANON_CLASSES CANON_CLASS_ENV_FROM ", " \
+ CANON_CLASS_ENV_RCPT ", " \
+ CANON_CLASS_HDR_FROM ", " \
+ CANON_CLASS_HDR_RCPT
+extern char *var_canon_classes;
+
+#define VAR_SEND_CANON_CLASSES "sender_canonical_classes"
+#define DEF_SEND_CANON_CLASSES CANON_CLASS_ENV_FROM ", " \
+ CANON_CLASS_HDR_FROM
+extern char *var_send_canon_classes;
+
+#define VAR_RCPT_CANON_CLASSES "recipient_canonical_classes"
+#define DEF_RCPT_CANON_CLASSES CANON_CLASS_ENV_RCPT ", " \
+ CANON_CLASS_HDR_RCPT
+extern char *var_rcpt_canon_classes;
+
#define VAR_SEND_BCC_MAPS "sender_bcc_maps"
#define DEF_SEND_BCC_MAPS ""
extern char *var_send_bcc_maps;
#define DEF_SMTP_SASL_OPTS "noplaintext, noanonymous"
extern char *var_smtp_sasl_opts;
+#define VAR_SMTP_SASL_MECHS "smtp_sasl_mechanism_filter"
+#define DEF_SMTP_SASL_MECHS ""
+extern char *var_smtp_sasl_mechs;
+
/*
* LMTP server. The soft error limit determines how many errors an LMTP
* client may make before we start to slow down; the hard error limit
#define VAR_ANVIL_SERVICE "client_connection_rate_service"
#define DEF_ANVIL_SERVICE "local:" ANVIL_CLASS "/" ANVIL_SERVICE
extern char *var_anvil_service;
+
#endif
/* LICENSE
* Patches change the patchlevel and the release date. Snapshots change the
* release date only.
*/
-#define MAIL_RELEASE_DATE "20040801"
+#define MAIL_RELEASE_DATE "20040827"
#define MAIL_VERSION_NUMBER "2.2"
#define VAR_MAIL_VERSION "mail_version"
int fd;
int n;
int test_lock = 0;
- int fd_limit = open_limit(0);
VSTRING *why;
WATCHDOG *watchdog;
ARGV *import_env;
* of this we have to close descriptors > 2, and pray that doing so does
* not break things.
*/
- if (fd_limit > 500)
- fd_limit = 500;
- for (fd = 3; fd < fd_limit; fd++)
- (void) close(fd);
+ closefrom(3);
/*
* Initialize logging and exit handler.
tests: test1 test2
-test1: $(PROG) map.in map-abc1.ref map-ghi1.ref map-ABC1.ref
+test1: $(PROG) map.in map-abc1.ref map-ghi1.ref map-uABC1.ref
./$(PROG) map.in
for key in abc ghi; \
do \
./$(PROG) -f map.in
for key in ABC; \
do \
- ./$(PROG) -fq $${key} map.in | diff map-$${key}1.ref -; \
+ ./$(PROG) -fq $${key} map.in | diff map-u$${key}1.ref -; \
done
rm -f map.in.db
-test2: $(PROG) map.in map-abc2.ref map-ghi2.ref map-ABC2.ref
+test2: $(PROG) map.in map-abc2.ref map-ghi2.ref map-uABC2.ref
./$(PROG) map.in
for key in abc ghi; \
do \
./$(PROG) -f map.in
for key in ABC; \
do \
- echo $${key} | ./$(PROG) -fq - map.in | diff map-$${key}2.ref -; \
+ echo $${key} | ./$(PROG) -fq - map.in | diff map-u$${key}2.ref -; \
done
rm -f map.in.db
tests: test1 test2
-test1: $(PROG) map.in map-abc1.ref map-ghi1.ref map-ABC1.ref
+test1: $(PROG) map.in map-abc1.ref map-ghi1.ref map-uABC1.ref
./$(PROG) map.in
for key in abc ghi; \
do \
./$(PROG) -f map.in
for key in ABC; \
do \
- ./$(PROG) -fq $${key} map.in | diff map-$${key}1.ref -; \
+ ./$(PROG) -fq $${key} map.in | diff map-u$${key}1.ref -; \
done
rm -f map.in.db
-test2: $(PROG) map.in map-abc2.ref map-ghi2.ref map-ABC2.ref
+test2: $(PROG) map.in map-abc2.ref map-ghi2.ref map-uABC2.ref
./$(PROG) map.in
for key in abc ghi; \
do \
./$(PROG) -f map.in
for key in ABC; \
do \
- echo $${key} | ./$(PROG) -fq - map.in | diff map-$${key}2.ref -; \
+ echo $${key} | ./$(PROG) -fq - map.in | diff map-u$${key}2.ref -; \
done
rm -f map.in.db
*/
rec_fputs(dst, REC_TYPE_MESG, "");
if (DEL_REQ_TRACE_ONLY(flags) != 0) {
+ rec_fprintf(dst, REC_TYPE_NORM, "From: %s", saved_sender);
rec_fprintf(dst, REC_TYPE_NORM, "Subject: probe");
if (recipients) {
rec_fprintf(dst, REC_TYPE_NORM, "To:");
/* .IP "\fBsmtp_sasl_security_options (noplaintext, noanonymous)\fR"
/* What authentication mechanisms the Postfix SMTP client is allowed
/* to use.
+/* .PP
+/* Available in Postfix version 2.2 and later:
+/* .IP "\fBsmtp_sasl_mechanism_filter (empty)\fR"
+/* If non-empty, filters the SMTP server's list of offered SASL mechanisms.
/* RESOURCE AND RATE CONTROLS
/* .ad
/* .fi
char *var_smtp_sasl_opts;
char *var_smtp_sasl_passwd;
bool var_smtp_sasl_enable;
+char *var_smtp_sasl_mechs;
char *var_smtp_bind_addr;
bool var_smtp_rand_addr;
int var_smtp_pix_thresh;
VAR_ERROR_RCPT, DEF_ERROR_RCPT, &var_error_rcpt, 1, 0,
VAR_SMTP_SASL_PASSWD, DEF_SMTP_SASL_PASSWD, &var_smtp_sasl_passwd, 0, 0,
VAR_SMTP_SASL_OPTS, DEF_SMTP_SASL_OPTS, &var_smtp_sasl_opts, 0, 0,
+ VAR_SMTP_SASL_MECHS, DEF_SMTP_SASL_MECHS, &var_smtp_sasl_mechs, 0, 0,
VAR_SMTP_BIND_ADDR, DEF_SMTP_BIND_ADDR, &var_smtp_bind_addr, 0, 0,
VAR_SMTP_HELO_NAME, DEF_SMTP_HELO_NAME, &var_smtp_helo_name, 1, 0,
VAR_SMTP_HOST_LOOKUP, DEF_SMTP_HOST_LOOKUP, &var_smtp_host_lookup, 1, 0,
*/
smtp_fputs(STR(session->buffer), LEN(session->buffer), session->stream);
+ /*
+ * Force flushing of output does not belong here. It is done in the
+ * smtp_loop() main protocol loop when reading the server response, and
+ * in smtp_helo() when reading the EHLO response after sending the EHLO
+ * command.
+ *
+ * If we do forced flush here, then we must longjmp() on error, and a
+ * matching "prepare for disaster" error handler must be set up before
+ * every smtp_chat_cmd() call.
+ */
+#if 0
+
/*
* Flush unsent data to avoid timeouts after slow DNS lookups.
*/
vstream_longjmp(session->stream, SMTP_ERR_TIME);
if (vstream_ferror(session->stream))
vstream_longjmp(session->stream, SMTP_ERR_EOF);
+#endif
}
/* smtp_chat_resp - read and process SMTP server response */
#define CANT_RSET_THIS_SESSION \
(session->features |= SMTP_FEATURE_RSET_REJECTED)
+ /*
+ * Sanity check. We don't want smtp_chat() to inadvertently flush the
+ * output buffer. That means someone broke pipelining support.
+ */
+ if (session->sndbufsize > VSTREAM_BUFSIZE)
+ msg_panic("bad sndbufsize %d > VSTREAM_BUFSIZE %d",
+ session->sndbufsize, VSTREAM_BUFSIZE);
+
/*
* Miscellaneous initialization. Some of this might be done in
* smtp_xfer() but that just complicates interfaces and data structures.
next_rcpt = send_rcpt = recv_rcpt = 0;
mail_from_rejected = 0;
+ /*
+ * Prepare for disaster. This should not be needed because the design
+ * guarantees that no output is flushed before smtp_chat_resp() is
+ * called.
+ *
+ * 1) Every SMTP command fits entirely in a VSTREAM output buffer.
+ *
+ * 2) smtp_loop() never invokes smtp_chat_cmd() without making sure that
+ * there is sufficient space for the command in the output buffer.
+ *
+ * 3) smtp_loop() flushes the output buffer to avoid server timeouts.
+ *
+ * Changing any of these would violate the design, and would likely break
+ * SMTP pipelining.
+ *
+ * We set up the error handler anyway (only upon entry to avoid wasting
+ * resources) because 1) there is code below that expects that VSTREAM
+ * timeouts are enabled, and 2) this allows us to detect if someone broke
+ * Postfix by introducing spurious flush before read operations.
+ */
+ if (send_state < SMTP_STATE_XFORWARD_NAME_ADDR
+ || send_state > SMTP_STATE_QUIT)
+ msg_panic("%s: bad sender state %d (receiver state %d)",
+ myname, send_state, recv_state);
+ smtp_timeout_setup(session->stream,
+ *xfer_timeouts[send_state]);
+ if ((except = vstream_setjmp(session->stream)) != 0) {
+ msg_warn("smtp_proto: spurious flush before read in send state %d",
+ send_state);
+ RETURN(SENDING_MAIL ? smtp_stream_except(state, except,
+ xfer_states[send_state]) : -1);
+ }
+
+ /*
+ * The main protocol loop.
+ */
do {
/*
extern void smtp_sasl_passivate(SMTP_SESSION *, VSTRING *);
extern int smtp_sasl_activate(SMTP_SESSION *, char *);
+extern STRING_LIST *smtp_sasl_mechs;
/* LICENSE
/* .ad
*/
static MAPS *smtp_sasl_passwd_map;
+ /*
+ * Supported SASL mechanisms.
+ */
+STRING_LIST *smtp_sasl_mechs;
+
/* smtp_sasl_log - logging call-back routine */
static int smtp_sasl_log(void *unused_context, int priority,
if (sasl_client_init(callbacks) != SASL_OK)
msg_fatal("SASL library initialization");
+ /*
+ * Initialize optional supported mechanism matchlist
+ */
+ if (*var_smtp_sasl_mechs)
+ smtp_sasl_mechs = string_list_init(MATCH_FLAG_NONE,
+ var_smtp_sasl_mechs);
}
/* smtp_sasl_connect - per-session client initialization */
#include <msg.h>
#include <mymalloc.h>
+#include <stringops.h>
/* Global library. */
#ifdef USE_SASL_AUTH
+/* smtp_sasl_compat_mechs - Trim server's mechanism list */
+
+static const char *smtp_sasl_compat_mechs(const char *words)
+{
+ static VSTRING *buf;
+ char *mech_list;
+ char *save_mech;
+ char *mech;
+ int ret;
+
+ /*
+ * Use server's mechanisms if no filter specified
+ */
+ if (smtp_sasl_mechs == 0 || *words == 0)
+ return (words);
+
+ if (buf == 0)
+ buf = vstring_alloc(10);
+
+ VSTRING_RESET(buf);
+ VSTRING_TERMINATE(buf);
+
+ save_mech = mech_list = mystrdup(words);
+
+ while (mech = mystrtok(&mech_list, " \t")) {
+ if (string_list_match(smtp_sasl_mechs, mech)) {
+ if (VSTRING_LEN(buf) > 0)
+ VSTRING_ADDCH(buf, ' ');
+ vstring_strcat(buf, mech);
+ }
+ }
+ myfree(save_mech);
+
+ return (vstring_str(buf));
+}
+
/* smtp_sasl_helo_auth - handle AUTH option in EHLO reply */
void smtp_sasl_helo_auth(SMTP_SESSION *session, const char *words)
{
+ const char *mech_list = smtp_sasl_compat_mechs(words);
/*
- * XXX If the server offers a null list of authentication mechanisms,
+ * XXX If the server offers no compatible authentication mechanisms,
* then pretend that the server doesn't support SASL authentication.
*/
if (session->sasl_mechanism_list) {
- if (strcasecmp(session->sasl_mechanism_list, words) == 0)
+ if (strcasecmp(session->sasl_mechanism_list, mech_list) == 0)
return;
myfree(session->sasl_mechanism_list);
msg_warn("%s offered AUTH option multiple times", session->namaddr);
session->sasl_mechanism_list = 0;
session->features &= ~SMTP_FEATURE_AUTH;
}
- if (strlen(words) > 0) {
- session->sasl_mechanism_list = mystrdup(words);
+ if (strlen(mech_list) > 0) {
+ session->sasl_mechanism_list = mystrdup(mech_list);
session->features |= SMTP_FEATURE_AUTH;
} else {
- msg_warn("%s offered null AUTH mechanism list", session->namaddr);
+ msg_warn(*words ? "%s offered no supported AUTH mechanisms: '%s'" :
+ "%s offered null AUTH mechanism list",
+ session->namaddr, words);
}
}
&& var_smtpd_delay_reject == 0
&& (state->access_denied = smtpd_check_client(state)) != 0) {
smtpd_chat_reply(state, "%s", state->access_denied);
+ state->error_count++;
} else {
smtpd_chat_reply(state, "220 %s", var_smtpd_banner);
}
/* SYNOPSIS
/* #include <sys_defs.h>
/*
+/* void closefrom(int lowfd)
+/* int lowfd;
+/*
/* const char *strerror(err)
/* int err;
/*
}
#endif
+
+#ifndef HAS_CLOSEFROM
+
+#include <errno.h>
+
+/* closefrom() - closes all file descriptors from the given one up */
+
+int closefrom(int lowfd)
+{
+ int fd_limit = open_limit(0);
+ int fd;
+
+ if (lowfd > fd_limit) {
+ errno = EINVAL;
+ return (-1);
+ }
+ if (fd_limit > 500)
+ fd_limit = 500;
+ for (fd = lowfd; fd < fd_limit; fd++)
+ (void) close(fd);
+
+ return (0);
+}
+
+#endif
#define SOCKOPT_SIZE socklen_t
#endif
+#if OpenBSD >= 200405 /* 3.5 */
+#define HAS_CLOSEFROM
+#endif
+
/* __NetBSD_Version__ is major+minor */
-#if __NetBSD_Version__ >= 103000000 /* XXX */
+#if __NetBSD_Version__ >= 103000000 /* XXX maybe earlier */
#undef DEF_MAILBOX_LOCK
#define DEF_MAILBOX_LOCK "flock, dotlock"
#endif
-#if __NetBSD_Version__ >= 105000000 /* XXX */
+#if __NetBSD_Version__ >= 105000000 /* XXX maybe earlier */
#define HAS_ISSETUGID
#endif
-#if __NetBSD_Version__ >= 106000000 /* XXX */
+#if __NetBSD_Version__ >= 106000000 /* XXX maybe earlier */
#define SOCKADDR_SIZE socklen_t
#define SOCKOPT_SIZE socklen_t
+#endif
+
+#if __NetBSD_Version__ >= 200060000 /* 2.0F */
+#define HAS_CLOSEFROM
#endif
/*
#define HAS_VOLATILE_LOCKS
#define BROKEN_READ_SELECT_ON_TCP_SOCKET
+#if SOLARIS >= 20900 || (SOLARIS < 10000 && SOLARIS >= 209)
+#define HAS_CLOSEFROM
+#endif
+
/*
* Allow build environment to override paths.
*/
#endif
+#ifndef HAS_CLOSEFROM
+extern int closefrom(int);
+
+#endif
+
#ifdef MISSING_STD_FILENOS
#define STDIN_FILENO 0
#define STDOUT_FILENO 1
* any.
*/
for (data = (char *) bp->data, len = to_flush; len > 0; len -= n, data += n) {
- if (stream->timeout)
- stream->iotime = time((time_t *) 0);
if ((n = stream->write_fn(stream->fd, data, len, stream->timeout, stream->context)) <= 0) {
bp->flags |= VSTREAM_FLAG_ERR;
if (errno == ETIMEDOUT)
bp->flags |= VSTREAM_FLAG_TIMEOUT;
return (VSTREAM_EOF);
}
+ if (stream->timeout)
+ stream->iotime = time((time_t *) 0);
if (msg_verbose > 2 && stream != VSTREAM_ERR && n != to_flush)
msg_info("%s: %d flushed %d/%d", myname, stream->fd, n, to_flush);
}
* data as is available right now, whichever is less. Update the cached
* file seek position, if any.
*/
- if (stream->timeout)
- stream->iotime = time((time_t *) 0);
switch (n = stream->read_fn(stream->fd, bp->data, bp->len, stream->timeout, stream->context)) {
case -1:
bp->flags |= VSTREAM_FLAG_ERR;
bp->flags |= VSTREAM_FLAG_EOF;
return (VSTREAM_EOF);
default:
+ if (stream->timeout)
+ stream->iotime = time((time_t *) 0);
if (msg_verbose > 2)
msg_info("%s: fd %d got %d", myname, stream->fd, n);
bp->cnt = -n;
switch (pid = fork()) {
case -1: /* error */
+ (void) close(sockfd[0]);
+ (void) close(sockfd[1]);
return (0);
case 0: /* child */
if (close(sockfd[1]))
projects / thirdparty / postfix.git / commitdiff
