Cleanup: documented the myorigin/mydomain address rewriting
in canonical, generics and virtual alias maps.
+20050210
+
+ Bugfix: spurious fallback_relay warnings after 20050202.
+ Victor Duchovni. File: smtp/smtp_connect.c.
+
+ Bugfix: (introduced while adopting Postfix/TLS patch) the
+ TLS cache scan stopped after expiring one entry. Victor
+ Duchovni. File: tls/tls_scache.c.
+
+ Safety: delete-behind when removing expired entries from
+ TLS session caches. Some maps mis-behave when the current
+ entry is deleted. File: tls/tls_scache.c.
+
Open problems:
Med: local and remote source port and IP address for smtpd
policy hook.
+ Med: should "generics" be "generic", for consistency with
+ "canonical" and "virtual".
+
+ Med: canonical/generic/virtual mapping always append
+ myorigin/mydomain and never remote_header_rewrite_domain;
+ this needs to be clear from documentation.
+
Med: disable address rewriting after XCLIENT? Introduce a
better concept of original submission?
5 reject_unauth_destination
6 check_sender_access hash:/etc/postfix/sender_access
7 ...
- 8 restriction_classes = greylist
+ 8 smtpd_restriction_classes = greylist
9 greylist = check_policy_service unix:private/policy
10
11 /etc/postfix/sender_access:
# o When the result has the form @otherdomain, the
# result becomes the same user in otherdomain.
#
-# o The result is rewritten as specified with
-# append_at_myorigin or with append_dot_mydomain.
+# o When "append_at_myorigin=yes", append "@$myorigin"
+# to addresses without "@domain".
+#
+# o When "append_dot_mydomain=yes", append ".$mydomain"
+# to addresses without ".domain".
#
# ADDRESS EXTENSION
# When a mail address localpart contains the optional recip-
-# ient delimiter (e.g., user+foo@domain), the lookup order
+# ient delimiter (e.g., user+foo@domain), the lookup order
# becomes: user+foo@domain, user@domain, user+foo, user, and
# @domain.
#
-# The propagate_unmatched_extensions parameter controls
-# whether an unmatched address extension (+foo) is propa-
+# The propagate_unmatched_extensions parameter controls
+# whether an unmatched address extension (+foo) is propa-
# gated to the result of table lookup.
#
# REGULAR EXPRESSION TABLES
-# This section describes how the table lookups change when
+# This section describes how the table lookups change when
# the table is given in the form of regular expressions. For
-# a description of regular expression lookup table syntax,
+# a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5).
#
-# Each pattern is a regular expression that is applied to
+# Each pattern is a regular expression that is applied to
# the entire address being looked up. Thus, user@domain mail
-# addresses are not broken up into their user and @domain
+# addresses are not broken up into their user and @domain
# constituent parts, nor is user+foo broken up into user and
# foo.
#
-# Patterns are applied in the order as specified in the
-# table, until a pattern is found that matches the search
+# Patterns are applied in the order as specified in the
+# table, until a pattern is found that matches the search
# string.
#
-# Results are the same as with indexed file lookups, with
-# the additional feature that parenthesized substrings from
+# Results are the same as with indexed file lookups, with
+# the additional feature that parenthesized substrings from
# the pattern can be interpolated as $1, $2 and so on.
#
# TCP-BASED TABLES
-# This section describes how the table lookups change when
+# This section describes how the table lookups change when
# lookups are directed to a TCP-based server. For a descrip-
-# tion of the TCP client/server lookup protocol, see
-# tcp_table(5). This feature is not available up to and
+# tion of the TCP client/server lookup protocol, see
+# tcp_table(5). This feature is not available up to and
# including Postfix version 2.2.
#
# Each lookup operation uses the entire address once. Thus,
-# user@domain mail addresses are not broken up into their
+# user@domain mail addresses are not broken up into their
# user and @domain constituent parts, nor is user+foo broken
# up into user and foo.
#
# Results are the same as with indexed file lookups.
#
# BUGS
-# The table format does not understand quoting conventions.
+# The table format does not understand quoting conventions.
#
# CONFIGURATION PARAMETERS
-# The following main.cf parameters are especially relevant.
-# The text below provides only a parameter summary. See
+# The following main.cf parameters are especially relevant.
+# The text below provides only a parameter summary. See
# postconf(5) for more details including examples.
#
# canonical_classes
-# What addresses are subject to canonical address
+# What addresses are subject to canonical address
# mapping.
#
# canonical_maps
# header sender addresses.
#
# propagate_unmatched_extensions
-# A list of address rewriting or forwarding mecha-
-# nisms that propagate an address extension from the
-# original address to the result. Specify zero or
-# more of canonical, virtual, alias, forward,
+# A list of address rewriting or forwarding mecha-
+# nisms that propagate an address extension from the
+# original address to the result. Specify zero or
+# more of canonical, virtual, alias, forward,
# include, or generics.
#
# Other parameters of interest:
#
-# append_at_myorigin
-# Do or don't append "@$myorigin" to addresses with-
-# out domain. This must be turned on in Postfix.
-#
-# append_dot_mydomain
-# Do or don't append ".$mydomain" to addresses with-
-# out "." on the right-hand side of the @.
-#
# inet_interfaces
-# The network interface addresses that this system
+# The network interface addresses that this system
# receives mail on. You need to stop and start Post-
# fix when this parameter changes.
#
# tor.
#
# masquerade_classes
-# List of address classes subject to masquerading:
-# zero or more of envelope_sender, envelope_recipi-
+# List of address classes subject to masquerading:
+# zero or more of envelope_sender, envelope_recipi-
# ent, header_sender, header_recipient.
#
# masquerade_domains
-# List of domains that hide their subdomain struc-
+# List of domains that hide their subdomain struc-
# ture.
#
# masquerade_exceptions
-# List of user names that are not subject to address
+# List of user names that are not subject to address
# masquerading.
#
# mydestination
-# List of domains that this mail system considers
+# List of domains that this mail system considers
# local.
#
# myorigin
# virtual(5), virtual aliasing
#
# README FILES
-# Use "postconf readme_directory" or "postconf html_direc-
+# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
# DATABASE_README, Postfix lookup table overview
# ADDRESS_REWRITING_README, address rewriting guide
#
# LICENSE
-# The Secure Mailer license must be distributed with this
+# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)
# o When the result has the form @otherdomain, the
# result becomes the same user in otherdomain.
#
-# o The result is rewritten as specified with
-# append_at_myorigin or with append_dot_mydomain.
+# o When "append_at_myorigin=yes", append "@$myorigin"
+# to addresses without "@domain".
+#
+# o When "append_dot_mydomain=yes", append ".$mydomain"
+# to addresses without ".domain".
#
# ADDRESS EXTENSION
# When a mail address localpart contains the optional recip-
-# ient delimiter (e.g., user+foo@domain), the lookup order
+# ient delimiter (e.g., user+foo@domain), the lookup order
# becomes: user+foo@domain, user@domain, user+foo, user, and
# @domain.
#
-# The propagate_unmatched_extensions parameter controls
-# whether an unmatched address extension (+foo) is propa-
+# The propagate_unmatched_extensions parameter controls
+# whether an unmatched address extension (+foo) is propa-
# gated to the result of table lookup.
#
# REGULAR EXPRESSION TABLES
-# This section describes how the table lookups change when
+# This section describes how the table lookups change when
# the table is given in the form of regular expressions. For
-# a description of regular expression lookup table syntax,
+# a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5).
#
-# Each pattern is a regular expression that is applied to
+# Each pattern is a regular expression that is applied to
# the entire address being looked up. Thus, user@domain mail
-# addresses are not broken up into their user and @domain
+# addresses are not broken up into their user and @domain
# constituent parts, nor is user+foo broken up into user and
# foo.
#
-# Patterns are applied in the order as specified in the
-# table, until a pattern is found that matches the search
+# Patterns are applied in the order as specified in the
+# table, until a pattern is found that matches the search
# string.
#
-# Results are the same as with indexed file lookups, with
-# the additional feature that parenthesized substrings from
+# Results are the same as with indexed file lookups, with
+# the additional feature that parenthesized substrings from
# the pattern can be interpolated as $1, $2 and so on.
#
# TCP-BASED TABLES
-# This section describes how the table lookups change when
+# This section describes how the table lookups change when
# lookups are directed to a TCP-based server. For a descrip-
-# tion of the TCP client/server lookup protocol, see
-# tcp_table(5). This feature is not available up to and
+# tion of the TCP client/server lookup protocol, see
+# tcp_table(5). This feature is not available up to and
# including Postfix version 2.2.
#
# Each lookup operation uses the entire address once. Thus,
-# user@domain mail addresses are not broken up into their
+# user@domain mail addresses are not broken up into their
# user and @domain constituent parts, nor is user+foo broken
# up into user and foo.
#
# Results are the same as with indexed file lookups.
#
# EXAMPLE
-# The following shows a generic mapping with an indexed
-# file. When mail is sent to a remote host via SMTP, this
-# replaces his@localdomain.local by his ISP mail address,
-# replaces her@localdomain.local by her ISP mail address,
-# and replaces other local addresses by his ISP account,
-# with an address extension of +local (this example assumes
+# The following shows a generic mapping with an indexed
+# file. When mail is sent to a remote host via SMTP, this
+# replaces his@localdomain.local by his ISP mail address,
+# replaces her@localdomain.local by her ISP mail address,
+# and replaces other local addresses by his ISP account,
+# with an address extension of +local (this example assumes
# that the ISP supports "+" style address extensions).
#
# /etc/postfix/main.cf:
# her@localdomain.local heraccount@herisp.example
# @localdomain.local hisaccount+local@hisisp.example
#
-# Execute the command "postmap /etc/postfix/generics" when-
-# ever the table is changed. Instead of hash, some systems
-# use dbm database files. To find out what tables your sys-
+# Execute the command "postmap /etc/postfix/generics" when-
+# ever the table is changed. Instead of hash, some systems
+# use dbm database files. To find out what tables your sys-
# tem supports use the command "postconf -m".
#
# BUGS
-# The table format does not understand quoting conventions.
+# The table format does not understand quoting conventions.
#
# CONFIGURATION PARAMETERS
-# The following main.cf parameters are especially relevant.
-# The text below provides only a parameter summary. See
+# The following main.cf parameters are especially relevant.
+# The text below provides only a parameter summary. See
# postconf(5) for more details including examples.
#
# smtp_generics_maps
# Address mapping lookup table for envelope and
-# header sender and recipient addresses while deliv-
+# header sender and recipient addresses while deliv-
# ering mail via SMTP.
#
# propagate_unmatched_extensions
-# A list of address rewriting or forwarding mecha-
-# nisms that propagate an address extension from the
-# original address to the result. Specify zero or
-# more of canonical, virtual, alias, forward,
+# A list of address rewriting or forwarding mecha-
+# nisms that propagate an address extension from the
+# original address to the result. Specify zero or
+# more of canonical, virtual, alias, forward,
# include, or generics.
#
# Other parameters of interest:
#
-# append_at_myorigin
-# Do or don't append "@$myorigin" to addresses with-
-# out domain. This must be turned on in Postfix.
-#
-# append_dot_mydomain
-# Do or don't append ".$mydomain" to addresses with-
-# out "." on the right-hand side of the @.
-#
# inet_interfaces
-# The network interface addresses that this system
+# The network interface addresses that this system
# receives mail on. You need to stop and start Post-
# fix when this parameter changes.
#
# tor.
#
# mydestination
-# List of domains that this mail system considers
+# List of domains that this mail system considers
# local.
#
# myorigin
# smtp(8), Postfix SMTP client
#
# README FILES
-# Use "postconf readme_directory" or "postconf html_direc-
+# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
# DATABASE_README, Postfix lookup table overview
# ADDRESS_REWRITING_README, address rewriting guide
#
# LICENSE
-# The Secure Mailer license must be distributed with this
+# The Secure Mailer license must be distributed with this
# software.
#
# HISTORY
# works only for the first address in a multi-address
# lookup result.
#
-# o The result is rewritten as specified with
-# append_at_myorigin or with append_dot_mydomain.
+# o When "append_at_myorigin=yes", append "@$myorigin"
+# to addresses without "@domain".
+#
+# o When "append_dot_mydomain=yes", append ".$mydomain"
+# to addresses without ".domain".
#
# ADDRESS EXTENSION
# When a mail address localpart contains the optional recip-
-# ient delimiter (e.g., user+foo@domain), the lookup order
+# ient delimiter (e.g., user+foo@domain), the lookup order
# becomes: user+foo@domain, user@domain, user+foo, user, and
# @domain.
#
-# The propagate_unmatched_extensions parameter controls
-# whether an unmatched address extension (+foo) is propa-
+# The propagate_unmatched_extensions parameter controls
+# whether an unmatched address extension (+foo) is propa-
# gated to the result of table lookup.
#
# VIRTUAL ALIAS DOMAINS
-# Besides virtual aliases, the virtual alias table can also
+# Besides virtual aliases, the virtual alias table can also
# be used to implement virtual alias domains. With a virtual
-# alias domain, all recipient addresses are aliased to
+# alias domain, all recipient addresses are aliased to
# addresses in other domains.
#
# Virtual alias domains are not to be confused with the vir-
# tual mailbox domains that are implemented with the Postfix
# virtual(8) mail delivery agent. With virtual mailbox
-# domains, each recipient address can have its own mailbox.
+# domains, each recipient address can have its own mailbox.
#
-# With a virtual alias domain, the virtual domain has its
-# own user name space. Local (i.e. non-virtual) usernames
-# are not visible in a virtual alias domain. In particular,
-# local aliases(5) and local mailing lists are not visible
+# With a virtual alias domain, the virtual domain has its
+# own user name space. Local (i.e. non-virtual) usernames
+# are not visible in a virtual alias domain. In particular,
+# local aliases(5) and local mailing lists are not visible
# as localname@virtual-alias.domain.
#
# Support for a virtual alias domain looks like:
# /etc/postfix/main.cf:
# virtual_alias_maps = hash:/etc/postfix/virtual
#
-# Note: some systems use dbm databases instead of hash.
+# Note: some systems use dbm databases instead of hash.
# See the output from "postconf -m" for available
# database types.
#
# user1@virtual-alias.domain address1
# user2@virtual-alias.domain address2, address3
#
-# The virtual-alias.domain anything entry is required for a
+# The virtual-alias.domain anything entry is required for a
# virtual alias domain. Without this entry, mail is rejected
-# with "relay access denied", or bounces with "mail loops
+# with "relay access denied", or bounces with "mail loops
# back to myself".
#
-# Do not specify virtual alias domain names in the main.cf
+# Do not specify virtual alias domain names in the main.cf
# mydestination or relay_domains configuration parameters.
#
-# With a virtual alias domain, the Postfix SMTP server
-# accepts mail for known-user@virtual-alias.domain, and
-# rejects mail for unknown-user@virtual-alias.domain as
+# With a virtual alias domain, the Postfix SMTP server
+# accepts mail for known-user@virtual-alias.domain, and
+# rejects mail for unknown-user@virtual-alias.domain as
# undeliverable.
#
-# Instead of specifying the virtual alias domain name via
-# the virtual_alias_maps table, you may also specify it via
+# Instead of specifying the virtual alias domain name via
+# the virtual_alias_maps table, you may also specify it via
# the main.cf virtual_alias_domains configuration parameter.
-# This latter parameter uses the same syntax as the main.cf
+# This latter parameter uses the same syntax as the main.cf
# mydestination configuration parameter.
#
# REGULAR EXPRESSION TABLES
-# This section describes how the table lookups change when
+# This section describes how the table lookups change when
# the table is given in the form of regular expressions. For
-# a description of regular expression lookup table syntax,
+# a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5).
#
-# Each pattern is a regular expression that is applied to
+# Each pattern is a regular expression that is applied to
# the entire address being looked up. Thus, user@domain mail
-# addresses are not broken up into their user and @domain
+# addresses are not broken up into their user and @domain
# constituent parts, nor is user+foo broken up into user and
# foo.
#
-# Patterns are applied in the order as specified in the
-# table, until a pattern is found that matches the search
+# Patterns are applied in the order as specified in the
+# table, until a pattern is found that matches the search
# string.
#
-# Results are the same as with indexed file lookups, with
-# the additional feature that parenthesized substrings from
+# Results are the same as with indexed file lookups, with
+# the additional feature that parenthesized substrings from
# the pattern can be interpolated as $1, $2 and so on.
#
# TCP-BASED TABLES
-# This section describes how the table lookups change when
+# This section describes how the table lookups change when
# lookups are directed to a TCP-based server. For a descrip-
-# tion of the TCP client/server lookup protocol, see
-# tcp_table(5). This feature is not available up to and
+# tion of the TCP client/server lookup protocol, see
+# tcp_table(5). This feature is not available up to and
# including Postfix version 2.2.
#
# Each lookup operation uses the entire address once. Thus,
-# user@domain mail addresses are not broken up into their
+# user@domain mail addresses are not broken up into their
# user and @domain constituent parts, nor is user+foo broken
# up into user and foo.
#
# Results are the same as with indexed file lookups.
#
# BUGS
-# The table format does not understand quoting conventions.
+# The table format does not understand quoting conventions.
#
# CONFIGURATION PARAMETERS
-# The following main.cf parameters are especially relevant
-# to this topic. See the Postfix main.cf file for syntax
-# details and for default values. Use the "postfix reload"
+# The following main.cf parameters are especially relevant
+# to this topic. See the Postfix main.cf file for syntax
+# details and for default values. Use the "postfix reload"
# command after a configuration change.
#
# virtual_alias_maps
# List of virtual aliasing tables.
#
# virtual_alias_domains
-# List of virtual alias domains. This uses the same
+# List of virtual alias domains. This uses the same
# syntax as the mydestination parameter.
#
# propagate_unmatched_extensions
-# A list of address rewriting or forwarding mecha-
-# nisms that propagate an address extension from the
-# original address to the result. Specify zero or
-# more of canonical, virtual, alias, forward,
+# A list of address rewriting or forwarding mecha-
+# nisms that propagate an address extension from the
+# original address to the result. Specify zero or
+# more of canonical, virtual, alias, forward,
# include, or generics.
#
# Other parameters of interest:
#
-# append_at_myorigin
-# Do or don't append "@$myorigin" to addresses with-
-# out domain. This must be turned on in Postfix.
-#
-# append_dot_mydomain
-# Do or don't append ".$mydomain" to addresses with-
-# out "." on the right-hand side of the @.
-#
# inet_interfaces
-# The network interface addresses that this system
+# The network interface addresses that this system
# receives mail on. You need to stop and start Post-
# fix when this parameter changes.
#
# mydestination
-# List of domains that this mail system considers
+# List of domains that this mail system considers
# local.
#
# myorigin
-# The domain that is appended to any address that
+# The domain that is appended to any address that
# does not have a domain.
#
# owner_request_special
# canonical(5), canonical address mapping
#
# README FILES
-# Use "postconf readme_directory" or "postconf html_direc-
+# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
# DATABASE_README, Postfix lookup table overview
# ADDRESS_REWRITING_README, address rewriting guide
# VIRTUAL_README, domain hosting guide
#
# LICENSE
-# The Secure Mailer license must be distributed with this
+# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)
5 <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
6 <a href="postconf.5.html#check_sender_access">check_sender_access</a> hash:/etc/postfix/sender_access
7 ...
- 8 restriction_classes = greylist
+ 8 <a href="postconf.5.html#smtpd_restriction_classes">smtpd_restriction_classes</a> = greylist
9 greylist = <a href="postconf.5.html#check_policy_service">check_policy_service</a> unix:private/policy
10
11 /etc/postfix/sender_access:
<b>o</b> When the result has the form @<i>otherdomain</i>, the
result becomes the same <i>user</i> in <i>otherdomain</i>.
- <b>o</b> The result is rewritten as specified with
- <b><a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a></b> or with <b><a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a></b>.
+ <b>o</b> When "<b><a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a>=yes</b>", append "<b>@$<a href="postconf.5.html#myorigin">myorigin</a></b>"
+ to addresses without "@domain".
+
+ <b>o</b> When "<b><a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a>=yes</b>", append "<b>.$<a href="postconf.5.html#mydomain">mydomain</a></b>"
+ to addresses without ".domain".
<b>ADDRESS EXTENSION</b>
When a mail address localpart contains the optional recip-
- ient delimiter (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order
+ ient delimiter (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order
becomes: <i>user+foo</i>@<i>domain</i>, <i>user</i>@<i>domain</i>, <i>user+foo</i>, <i>user</i>, and
@<i>domain</i>.
- The <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b> parameter controls
- whether an unmatched address extension (<i>+foo</i>) is propa-
+ The <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b> parameter controls
+ whether an unmatched address extension (<i>+foo</i>) is propa-
gated to the result of table lookup.
<b>REGULAR EXPRESSION TABLES</b>
- This section describes how the table lookups change when
+ This section describes how the table lookups change when
the table is given in the form of regular expressions. For
- a description of regular expression lookup table syntax,
+ a description of regular expression lookup table syntax,
see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
- Each pattern is a regular expression that is applied to
+ Each pattern is a regular expression that is applied to
the entire address being looked up. Thus, <i>user@domain</i> mail
- addresses are not broken up into their <i>user</i> and <i>@domain</i>
+ addresses are not broken up into their <i>user</i> and <i>@domain</i>
constituent parts, nor is <i>user+foo</i> broken up into <i>user</i> and
<i>foo</i>.
- Patterns are applied in the order as specified in the
- table, until a pattern is found that matches the search
+ Patterns are applied in the order as specified in the
+ table, until a pattern is found that matches the search
string.
- Results are the same as with indexed file lookups, with
- the additional feature that parenthesized substrings from
+ Results are the same as with indexed file lookups, with
+ the additional feature that parenthesized substrings from
the pattern can be interpolated as <b>$1</b>, <b>$2</b> and so on.
<b>TCP-BASED TABLES</b>
- This section describes how the table lookups change when
+ This section describes how the table lookups change when
lookups are directed to a TCP-based server. For a descrip-
- tion of the TCP client/server lookup protocol, see
- <a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>. This feature is not available up to and
+ tion of the TCP client/server lookup protocol, see
+ <a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>. This feature is not available up to and
including Postfix version 2.2.
Each lookup operation uses the entire address once. Thus,
- <i>user@domain</i> mail addresses are not broken up into their
+ <i>user@domain</i> mail addresses are not broken up into their
<i>user</i> and <i>@domain</i> constituent parts, nor is <i>user+foo</i> broken
up into <i>user</i> and <i>foo</i>.
Results are the same as with indexed file lookups.
<b>BUGS</b>
- The table format does not understand quoting conventions.
+ The table format does not understand quoting conventions.
<b>CONFIGURATION PARAMETERS</b>
- The following <b>main.cf</b> parameters are especially relevant.
- The text below provides only a parameter summary. See
+ The following <b>main.cf</b> parameters are especially relevant.
+ The text below provides only a parameter summary. See
<a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
<b><a href="postconf.5.html#canonical_classes">canonical_classes</a></b>
- What addresses are subject to canonical address
+ What addresses are subject to canonical address
mapping.
<b><a href="postconf.5.html#canonical_maps">canonical_maps</a></b>
header sender addresses.
<b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b>
- A list of address rewriting or forwarding mecha-
- nisms that propagate an address extension from the
- original address to the result. Specify zero or
- more of <b>canonical</b>, <b>virtual</b>, <b>alias</b>, <b>forward</b>,
+ A list of address rewriting or forwarding mecha-
+ nisms that propagate an address extension from the
+ original address to the result. Specify zero or
+ more of <b>canonical</b>, <b>virtual</b>, <b>alias</b>, <b>forward</b>,
<b>include</b>, or <b>generics</b>.
Other parameters of interest:
- <b><a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a></b>
- Do or don't append "<b>@$<a href="postconf.5.html#myorigin">myorigin</a></b>" to addresses with-
- out domain. This must be turned on in Postfix.
-
- <b><a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a></b>
- Do or don't append "<b>.$<a href="postconf.5.html#mydomain">mydomain</a></b>" to addresses with-
- out "." on the right-hand side of the @.
-
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b>
- The network interface addresses that this system
+ The network interface addresses that this system
receives mail on. You need to stop and start Post-
fix when this parameter changes.
tor.
<b><a href="postconf.5.html#masquerade_classes">masquerade_classes</a></b>
- List of address classes subject to masquerading:
- zero or more of <b>envelope_sender</b>, <b>envelope_recipi-</b>
+ List of address classes subject to masquerading:
+ zero or more of <b>envelope_sender</b>, <b>envelope_recipi-</b>
<b>ent</b>, <b>header_sender</b>, <b>header_recipient</b>.
<b><a href="postconf.5.html#masquerade_domains">masquerade_domains</a></b>
- List of domains that hide their subdomain struc-
+ List of domains that hide their subdomain struc-
ture.
<b><a href="postconf.5.html#masquerade_exceptions">masquerade_exceptions</a></b>
- List of user names that are not subject to address
+ List of user names that are not subject to address
masquerading.
<b><a href="postconf.5.html#mydestination">mydestination</a></b>
- List of domains that this mail system considers
+ List of domains that this mail system considers
local.
<b><a href="postconf.5.html#myorigin">myorigin</a></b>
<a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a>, address rewriting guide
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
<b>o</b> When the result has the form @<i>otherdomain</i>, the
result becomes the same <i>user</i> in <i>otherdomain</i>.
- <b>o</b> The result is rewritten as specified with
- <b><a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a></b> or with <b><a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a></b>.
+ <b>o</b> When "<b><a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a>=yes</b>", append "<b>@$<a href="postconf.5.html#myorigin">myorigin</a></b>"
+ to addresses without "@domain".
+
+ <b>o</b> When "<b><a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a>=yes</b>", append "<b>.$<a href="postconf.5.html#mydomain">mydomain</a></b>"
+ to addresses without ".domain".
<b>ADDRESS EXTENSION</b>
When a mail address localpart contains the optional recip-
- ient delimiter (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order
+ ient delimiter (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order
becomes: <i>user+foo</i>@<i>domain</i>, <i>user</i>@<i>domain</i>, <i>user+foo</i>, <i>user</i>, and
@<i>domain</i>.
- The <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b> parameter controls
- whether an unmatched address extension (<i>+foo</i>) is propa-
+ The <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b> parameter controls
+ whether an unmatched address extension (<i>+foo</i>) is propa-
gated to the result of table lookup.
<b>REGULAR EXPRESSION TABLES</b>
- This section describes how the table lookups change when
+ This section describes how the table lookups change when
the table is given in the form of regular expressions. For
- a description of regular expression lookup table syntax,
+ a description of regular expression lookup table syntax,
see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
- Each pattern is a regular expression that is applied to
+ Each pattern is a regular expression that is applied to
the entire address being looked up. Thus, <i>user@domain</i> mail
- addresses are not broken up into their <i>user</i> and <i>@domain</i>
+ addresses are not broken up into their <i>user</i> and <i>@domain</i>
constituent parts, nor is <i>user+foo</i> broken up into <i>user</i> and
<i>foo</i>.
- Patterns are applied in the order as specified in the
- table, until a pattern is found that matches the search
+ Patterns are applied in the order as specified in the
+ table, until a pattern is found that matches the search
string.
- Results are the same as with indexed file lookups, with
- the additional feature that parenthesized substrings from
+ Results are the same as with indexed file lookups, with
+ the additional feature that parenthesized substrings from
the pattern can be interpolated as <b>$1</b>, <b>$2</b> and so on.
<b>TCP-BASED TABLES</b>
- This section describes how the table lookups change when
+ This section describes how the table lookups change when
lookups are directed to a TCP-based server. For a descrip-
- tion of the TCP client/server lookup protocol, see
- <a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>. This feature is not available up to and
+ tion of the TCP client/server lookup protocol, see
+ <a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>. This feature is not available up to and
including Postfix version 2.2.
Each lookup operation uses the entire address once. Thus,
- <i>user@domain</i> mail addresses are not broken up into their
+ <i>user@domain</i> mail addresses are not broken up into their
<i>user</i> and <i>@domain</i> constituent parts, nor is <i>user+foo</i> broken
up into <i>user</i> and <i>foo</i>.
Results are the same as with indexed file lookups.
<b>EXAMPLE</b>
- The following shows a generic mapping with an indexed
- file. When mail is sent to a remote host via SMTP, this
- replaces <i>his@localdomain.local</i> by his ISP mail address,
- replaces <i>her@localdomain.local</i> by her ISP mail address,
- and replaces other local addresses by his ISP account,
- with an address extension of <i>+local</i> (this example assumes
+ The following shows a generic mapping with an indexed
+ file. When mail is sent to a remote host via SMTP, this
+ replaces <i>his@localdomain.local</i> by his ISP mail address,
+ replaces <i>her@localdomain.local</i> by her ISP mail address,
+ and replaces other local addresses by his ISP account,
+ with an address extension of <i>+local</i> (this example assumes
that the ISP supports "+" style address extensions).
/etc/postfix/main.cf:
her@localdomain.local heraccount@herisp.example
@localdomain.local hisaccount+local@hisisp.example
- Execute the command "<b>postmap /etc/postfix/generics</b>" when-
- ever the table is changed. Instead of <b>hash</b>, some systems
- use <b>dbm</b> database files. To find out what tables your sys-
+ Execute the command "<b>postmap /etc/postfix/generics</b>" when-
+ ever the table is changed. Instead of <b>hash</b>, some systems
+ use <b>dbm</b> database files. To find out what tables your sys-
tem supports use the command "<b>postconf -m</b>".
<b>BUGS</b>
- The table format does not understand quoting conventions.
+ The table format does not understand quoting conventions.
<b>CONFIGURATION PARAMETERS</b>
- The following <b>main.cf</b> parameters are especially relevant.
- The text below provides only a parameter summary. See
+ The following <b>main.cf</b> parameters are especially relevant.
+ The text below provides only a parameter summary. See
<a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
<b><a href="postconf.5.html#smtp_generics_maps">smtp_generics_maps</a></b>
Address mapping lookup table for envelope and
- header sender and recipient addresses while deliv-
+ header sender and recipient addresses while deliv-
ering mail via SMTP.
<b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b>
- A list of address rewriting or forwarding mecha-
- nisms that propagate an address extension from the
- original address to the result. Specify zero or
- more of <b>canonical</b>, <b>virtual</b>, <b>alias</b>, <b>forward</b>,
+ A list of address rewriting or forwarding mecha-
+ nisms that propagate an address extension from the
+ original address to the result. Specify zero or
+ more of <b>canonical</b>, <b>virtual</b>, <b>alias</b>, <b>forward</b>,
<b>include</b>, or <b>generics</b>.
Other parameters of interest:
- <b><a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a></b>
- Do or don't append "<b>@$<a href="postconf.5.html#myorigin">myorigin</a></b>" to addresses with-
- out domain. This must be turned on in Postfix.
-
- <b><a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a></b>
- Do or don't append "<b>.$<a href="postconf.5.html#mydomain">mydomain</a></b>" to addresses with-
- out "." on the right-hand side of the @.
-
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b>
- The network interface addresses that this system
+ The network interface addresses that this system
receives mail on. You need to stop and start Post-
fix when this parameter changes.
tor.
<b><a href="postconf.5.html#mydestination">mydestination</a></b>
- List of domains that this mail system considers
+ List of domains that this mail system considers
local.
<b><a href="postconf.5.html#myorigin">myorigin</a></b>
<a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a>, address rewriting guide
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>HISTORY</b>
works only for the first address in a multi-address
lookup result.
- <b>o</b> The result is rewritten as specified with
- <b><a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a></b> or with <b><a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a></b>.
+ <b>o</b> When "<b><a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a>=yes</b>", append "<b>@$<a href="postconf.5.html#myorigin">myorigin</a></b>"
+ to addresses without "@domain".
+
+ <b>o</b> When "<b><a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a>=yes</b>", append "<b>.$<a href="postconf.5.html#mydomain">mydomain</a></b>"
+ to addresses without ".domain".
<b>ADDRESS EXTENSION</b>
When a mail address localpart contains the optional recip-
- ient delimiter (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order
+ ient delimiter (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order
becomes: <i>user+foo</i>@<i>domain</i>, <i>user</i>@<i>domain</i>, <i>user+foo</i>, <i>user</i>, and
@<i>domain</i>.
- The <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b> parameter controls
- whether an unmatched address extension (<i>+foo</i>) is propa-
+ The <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b> parameter controls
+ whether an unmatched address extension (<i>+foo</i>) is propa-
gated to the result of table lookup.
<b>VIRTUAL ALIAS DOMAINS</b>
- Besides virtual aliases, the virtual alias table can also
+ Besides virtual aliases, the virtual alias table can also
be used to implement <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domains</a>. With a virtual
- alias domain, all recipient addresses are aliased to
+ alias domain, all recipient addresses are aliased to
addresses in other domains.
Virtual alias domains are not to be confused with the vir-
tual mailbox domains that are implemented with the Postfix
<a href="virtual.8.html"><b>virtual</b>(8)</a> mail delivery agent. With virtual mailbox
- domains, each recipient address can have its own mailbox.
+ domains, each recipient address can have its own mailbox.
- With a virtual alias domain, the virtual domain has its
- own user name space. Local (i.e. non-virtual) usernames
- are not visible in a <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a>. In particular,
- local <a href="aliases.5.html"><b>aliases</b>(5)</a> and local mailing lists are not visible
+ With a <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a>, the virtual domain has its
+ own user name space. Local (i.e. non-virtual) usernames
+ are not visible in a <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a>. In particular,
+ local <a href="aliases.5.html"><b>aliases</b>(5)</a> and local mailing lists are not visible
as <i>localname@virtual-alias.domain</i>.
Support for a <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a> looks like:
/etc/postfix/main.cf:
<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = hash:/etc/postfix/virtual
- Note: some systems use <b>dbm</b> databases instead of <b>hash</b>.
+ Note: some systems use <b>dbm</b> databases instead of <b>hash</b>.
See the output from "<b>postconf -m</b>" for available
database types.
<i>user1@virtual-alias.domain address1</i>
<i>user2@virtual-alias.domain address2, address3</i>
- The <i>virtual-alias.domain anything</i> entry is required for a
+ The <i>virtual-alias.domain anything</i> entry is required for a
<a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a>. <b>Without this entry, mail is rejected</b>
- <b>with "relay access denied", or bounces with "mail loops</b>
+ <b>with "relay access denied", or bounces with "mail loops</b>
<b>back to myself".</b>
- Do not specify <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a> names in the <b>main.cf</b>
+ Do not specify <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a> names in the <b>main.cf</b>
<b><a href="postconf.5.html#mydestination">mydestination</a></b> or <b><a href="postconf.5.html#relay_domains">relay_domains</a></b> configuration parameters.
- With a virtual alias domain, the Postfix SMTP server
- accepts mail for <i>known-user@virtual-alias.domain</i>, and
- rejects mail for <i>unknown-user</i>@<i>virtual-alias.domain</i> as
+ With a virtual alias domain, the Postfix SMTP server
+ accepts mail for <i>known-user@virtual-alias.domain</i>, and
+ rejects mail for <i>unknown-user</i>@<i>virtual-alias.domain</i> as
undeliverable.
- Instead of specifying the virtual alias domain name via
- the <b><a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a></b> table, you may also specify it via
+ Instead of specifying the <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a> name via
+ the <b><a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a></b> table, you may also specify it via
the <b>main.cf <a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a></b> configuration parameter.
- This latter parameter uses the same syntax as the <b>main.cf</b>
+ This latter parameter uses the same syntax as the <b>main.cf</b>
<b><a href="postconf.5.html#mydestination">mydestination</a></b> configuration parameter.
<b>REGULAR EXPRESSION TABLES</b>
- This section describes how the table lookups change when
+ This section describes how the table lookups change when
the table is given in the form of regular expressions. For
- a description of regular expression lookup table syntax,
+ a description of regular expression lookup table syntax,
see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
- Each pattern is a regular expression that is applied to
+ Each pattern is a regular expression that is applied to
the entire address being looked up. Thus, <i>user@domain</i> mail
- addresses are not broken up into their <i>user</i> and <i>@domain</i>
+ addresses are not broken up into their <i>user</i> and <i>@domain</i>
constituent parts, nor is <i>user+foo</i> broken up into <i>user</i> and
<i>foo</i>.
- Patterns are applied in the order as specified in the
- table, until a pattern is found that matches the search
+ Patterns are applied in the order as specified in the
+ table, until a pattern is found that matches the search
string.
- Results are the same as with indexed file lookups, with
- the additional feature that parenthesized substrings from
+ Results are the same as with indexed file lookups, with
+ the additional feature that parenthesized substrings from
the pattern can be interpolated as <b>$1</b>, <b>$2</b> and so on.
<b>TCP-BASED TABLES</b>
- This section describes how the table lookups change when
+ This section describes how the table lookups change when
lookups are directed to a TCP-based server. For a descrip-
- tion of the TCP client/server lookup protocol, see
- <a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>. This feature is not available up to and
+ tion of the TCP client/server lookup protocol, see
+ <a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>. This feature is not available up to and
including Postfix version 2.2.
Each lookup operation uses the entire address once. Thus,
- <i>user@domain</i> mail addresses are not broken up into their
+ <i>user@domain</i> mail addresses are not broken up into their
<i>user</i> and <i>@domain</i> constituent parts, nor is <i>user+foo</i> broken
up into <i>user</i> and <i>foo</i>.
Results are the same as with indexed file lookups.
<b>BUGS</b>
- The table format does not understand quoting conventions.
+ The table format does not understand quoting conventions.
<b>CONFIGURATION PARAMETERS</b>
- The following <b>main.cf</b> parameters are especially relevant
- to this topic. See the Postfix <b>main.cf</b> file for syntax
- details and for default values. Use the "<b>postfix reload</b>"
+ The following <b>main.cf</b> parameters are especially relevant
+ to this topic. See the Postfix <b>main.cf</b> file for syntax
+ details and for default values. Use the "<b>postfix reload</b>"
command after a configuration change.
<b><a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a></b>
List of virtual aliasing tables.
<b><a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a></b>
- List of <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domains</a>. This uses the same
+ List of <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domains</a>. This uses the same
syntax as the <b><a href="postconf.5.html#mydestination">mydestination</a></b> parameter.
<b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b>
- A list of address rewriting or forwarding mecha-
- nisms that propagate an address extension from the
- original address to the result. Specify zero or
- more of <b>canonical</b>, <b>virtual</b>, <b>alias</b>, <b>forward</b>,
+ A list of address rewriting or forwarding mecha-
+ nisms that propagate an address extension from the
+ original address to the result. Specify zero or
+ more of <b>canonical</b>, <b>virtual</b>, <b>alias</b>, <b>forward</b>,
<b>include</b>, or <b>generics</b>.
Other parameters of interest:
- <b><a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a></b>
- Do or don't append "<b>@$<a href="postconf.5.html#myorigin">myorigin</a></b>" to addresses with-
- out domain. This must be turned on in Postfix.
-
- <b><a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a></b>
- Do or don't append "<b>.$<a href="postconf.5.html#mydomain">mydomain</a></b>" to addresses with-
- out "." on the right-hand side of the @.
-
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b>
- The network interface addresses that this system
+ The network interface addresses that this system
receives mail on. You need to stop and start Post-
fix when this parameter changes.
<b><a href="postconf.5.html#mydestination">mydestination</a></b>
- List of domains that this mail system considers
+ List of domains that this mail system considers
local.
<b><a href="postconf.5.html#myorigin">myorigin</a></b>
- The domain that is appended to any address that
+ The domain that is appended to any address that
does not have a domain.
<b><a href="postconf.5.html#owner_request_special">owner_request_special</a></b>
<a href="VIRTUAL_README.html">VIRTUAL_README</a>, domain hosting guide
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
When the result has the form @\fIotherdomain\fR, the
result becomes the same \fIuser\fR in \fIotherdomain\fR.
.IP \(bu
-The result is rewritten as specified with \fBappend_at_myorigin\fR
-or with \fBappend_dot_mydomain\fR.
+When "\fBappend_at_myorigin=yes\fR", append "\fB@$myorigin\fR"
+to addresses without "@domain".
+.IP \(bu
+When "\fBappend_dot_mydomain=yes\fR", append
+"\fB.$mydomain\fR" to addresses without ".domain".
.SH "ADDRESS EXTENSION"
.na
.nf
\fBforward\fR, \fBinclude\fR, or \fBgenerics\fR.
.PP
Other parameters of interest:
-.IP \fBappend_at_myorigin\fR
-Do or don't append "\fB@$myorigin\fR" to addresses without domain.
-This must be turned on in Postfix.
-.IP \fBappend_dot_mydomain\fR
-Do or don't append "\fB.$mydomain\fR" to addresses without "." on
-the right-hand side of the @.
.IP \fBinet_interfaces\fR
The network interface addresses that this system receives mail on.
You need to stop and start Postfix when this parameter changes.
When the result has the form @\fIotherdomain\fR, the
result becomes the same \fIuser\fR in \fIotherdomain\fR.
.IP \(bu
-The result is rewritten as specified with \fBappend_at_myorigin\fR
-or with \fBappend_dot_mydomain\fR.
+When "\fBappend_at_myorigin=yes\fR", append "\fB@$myorigin\fR"
+to addresses without "@domain".
+.IP \(bu
+When "\fBappend_dot_mydomain=yes\fR", append
+"\fB.$mydomain\fR" to addresses without ".domain".
.SH "ADDRESS EXTENSION"
.na
.nf
\fBforward\fR, \fBinclude\fR, or \fBgenerics\fR.
.PP
Other parameters of interest:
-.IP \fBappend_at_myorigin\fR
-Do or don't append "\fB@$myorigin\fR" to addresses without domain.
-This must be turned on in Postfix.
-.IP \fBappend_dot_mydomain\fR
-Do or don't append "\fB.$mydomain\fR" to addresses without "." on
-the right-hand side of the @.
.IP \fBinet_interfaces\fR
The network interface addresses that this system receives mail on.
You need to stop and start Postfix when this parameter changes.
This works only for the first address in a multi-address
lookup result.
.IP \(bu
-The result is rewritten as specified with \fBappend_at_myorigin\fR
-or with \fBappend_dot_mydomain\fR.
+When "\fBappend_at_myorigin=yes\fR", append "\fB@$myorigin\fR"
+to addresses without "@domain".
+.IP \(bu
+When "\fBappend_dot_mydomain=yes\fR", append
+"\fB.$mydomain\fR" to addresses without ".domain".
.SH "ADDRESS EXTENSION"
.na
.nf
\fBforward\fR, \fBinclude\fR, or \fBgenerics\fR.
.PP
Other parameters of interest:
-.IP \fBappend_at_myorigin\fR
-Do or don't append "\fB@$myorigin\fR" to addresses without domain.
-This must be turned on in Postfix.
-.IP \fBappend_dot_mydomain\fR
-Do or don't append "\fB.$mydomain\fR" to addresses without "." on
-the right-hand side of the @.
.IP \fBinet_interfaces\fR
The network interface addresses that this system receives mail on.
You need to stop and start Postfix when this parameter changes.
5 reject_unauth_destination
6 check_sender_access hash:/etc/postfix/sender_access
7 ...
- 8 restriction_classes = greylist
+ 8 smtpd_restriction_classes = greylist
9 greylist = check_policy_service unix:private/policy
10
11 /etc/postfix/sender_access:
# When the result has the form @\fIotherdomain\fR, the
# result becomes the same \fIuser\fR in \fIotherdomain\fR.
# .IP \(bu
-# The result is rewritten as specified with \fBappend_at_myorigin\fR
-# or with \fBappend_dot_mydomain\fR.
+# When "\fBappend_at_myorigin=yes\fR", append "\fB@$myorigin\fR"
+# to addresses without "@domain".
+# .IP \(bu
+# When "\fBappend_dot_mydomain=yes\fR", append
+# "\fB.$mydomain\fR" to addresses without ".domain".
# ADDRESS EXTENSION
# .fi
# .ad
# \fBforward\fR, \fBinclude\fR, or \fBgenerics\fR.
# .PP
# Other parameters of interest:
-# .IP \fBappend_at_myorigin\fR
-# Do or don't append "\fB@$myorigin\fR" to addresses without domain.
-# This must be turned on in Postfix.
-# .IP \fBappend_dot_mydomain\fR
-# Do or don't append "\fB.$mydomain\fR" to addresses without "." on
-# the right-hand side of the @.
# .IP \fBinet_interfaces\fR
# The network interface addresses that this system receives mail on.
# You need to stop and start Postfix when this parameter changes.
# When the result has the form @\fIotherdomain\fR, the
# result becomes the same \fIuser\fR in \fIotherdomain\fR.
# .IP \(bu
-# The result is rewritten as specified with \fBappend_at_myorigin\fR
-# or with \fBappend_dot_mydomain\fR.
+# When "\fBappend_at_myorigin=yes\fR", append "\fB@$myorigin\fR"
+# to addresses without "@domain".
+# .IP \(bu
+# When "\fBappend_dot_mydomain=yes\fR", append
+# "\fB.$mydomain\fR" to addresses without ".domain".
# ADDRESS EXTENSION
# .fi
# .ad
# \fBforward\fR, \fBinclude\fR, or \fBgenerics\fR.
# .PP
# Other parameters of interest:
-# .IP \fBappend_at_myorigin\fR
-# Do or don't append "\fB@$myorigin\fR" to addresses without domain.
-# This must be turned on in Postfix.
-# .IP \fBappend_dot_mydomain\fR
-# Do or don't append "\fB.$mydomain\fR" to addresses without "." on
-# the right-hand side of the @.
# .IP \fBinet_interfaces\fR
# The network interface addresses that this system receives mail on.
# You need to stop and start Postfix when this parameter changes.
# This works only for the first address in a multi-address
# lookup result.
# .IP \(bu
-# The result is rewritten as specified with \fBappend_at_myorigin\fR
-# or with \fBappend_dot_mydomain\fR.
+# When "\fBappend_at_myorigin=yes\fR", append "\fB@$myorigin\fR"
+# to addresses without "@domain".
+# .IP \(bu
+# When "\fBappend_dot_mydomain=yes\fR", append
+# "\fB.$mydomain\fR" to addresses without ".domain".
# ADDRESS EXTENSION
# .fi
# .ad
# \fBforward\fR, \fBinclude\fR, or \fBgenerics\fR.
# .PP
# Other parameters of interest:
-# .IP \fBappend_at_myorigin\fR
-# Do or don't append "\fB@$myorigin\fR" to addresses without domain.
-# This must be turned on in Postfix.
-# .IP \fBappend_dot_mydomain\fR
-# Do or don't append "\fB.$mydomain\fR" to addresses without "." on
-# the right-hand side of the @.
# .IP \fBinet_interfaces\fR
# The network interface addresses that this system receives mail on.
# You need to stop and start Postfix when this parameter changes.
* Patches change the patchlevel and the release date. Snapshots change the
* release date only.
*/
-#define MAIL_RELEASE_DATE "20050209"
+#define MAIL_RELEASE_DATE "20050210"
#define MAIL_VERSION_NUMBER "2.2"
#define VAR_MAIL_VERSION "mail_version"
* getting lost in the complexity.
*/
#define IS_FALLBACK_RELAY(cpp, sites, non_fallback_sites) \
- ((cpp) >= (sites)->argv + (non_fallback_sites))
+ (*(cpp) && (cpp) >= (sites)->argv + (non_fallback_sites))
for (cpp = sites->argv; SMTP_RCPT_LEFT(state) > 0 && (dest = *cpp) != 0; cpp++) {
if (i_am_mx && IS_FALLBACK_RELAY(cpp, sites, non_fallback_sites))
msg_info("-- end %s --", *argv);
}
vstring_free(buf);
+ maps_free(maps);
return (0);
}
all: $(LIB)
Makefile: Makefile.in
- (echo "# DO NOT EDIT"; $(OPTS) $(SHELL) ../../makedefs && cat $?) >$@
+ (echo "# DO NOT EDIT"; tail +2 ../../conf/makedefs.out; cat $?) >$@
test: $(TESTPROG)
/*
* Initialize. Don't leak data.
*/
- VSTRING_RESET(session);
+ if (session)
+ VSTRING_RESET(session);
/*
* Search the cache database.
{
const char *member;
const char *value;
- char *saved_member;
+ char *saved_cursor;
+ int seq_status;
+
+ /*
+ * XXX Deleting entries while enumerating a map can he tricky. Some map
+ * types have a concept of cursor and support a "delete the current
+ * element" operation. Some map types without cursors don't behave well
+ * when the current first/next entry is deleted (example: Berkeley DB <
+ * 2). To avoid trouble, we delete an expired entry after advancing the
+ * current first/next position beyond it, and ignore client requests to
+ * delete the current entry.
+ */
/*
* Find the first or next database entry.
*/
- if (dict_seq(cp->db, first_next, &member, &value) != 0)
+ seq_status = dict_seq(cp->db, first_next, &member, &value);
+
+ /*
+ * Delete behind. This is a no-op if an expired cache entry was updated
+ * in the mean time.
+ */
+ if (cp->flags & TLS_SCACHE_FLAG_DEL_CURSOR) {
+ cp->flags &= ~TLS_SCACHE_FLAG_DEL_CURSOR;
+ saved_cursor = cp->saved_cursor;
+ cp->saved_cursor = 0;
+ tls_scache_lookup(cp, saved_cursor, TLS_SCACHE_ANY_OPENSSL_VSN,
+ TLS_SCACHE_ANY_FLAGS, (long *) 0, (int *) 0,
+ (VSTRING *) 0);
+ myfree(saved_cursor);
+ } else {
+ if (cp->saved_cursor)
+ myfree(cp->saved_cursor);
+ cp->saved_cursor = 0;
+ }
+
+ /*
+ * Did we find a first or next database entry?
+ */
+ if (seq_status != 0)
return (0); /* End of list reached */
+ /*
+ * Safety against client requests to delete the current first/next entry.
+ */
+ cp->saved_cursor = mystrdup(member);
+
/*
* Activate the passivated cache entry and check the version and time
- * stamp information.
+ * stamp information. Schedule it for deletion if it is bad or too old.
*/
if (tls_scache_decode(cp, member, value, strlen(value), openssl_version,
flags, out_openssl_version, out_flags,
out_session) == 0) {
- saved_member = mystrdup(member);
- tls_scache_delete(cp, saved_member);
- myfree(saved_member);
- return (0);
+ cp->flags |= TLS_SCACHE_FLAG_DEL_CURSOR;
} else {
if (out_cache_id)
*out_cache_id = mystrdup(member);
- return (1);
}
+ return (1);
}
/* tls_scache_delete - delete session from cache */
msg_info("delete %s session id=%s", cp->cache_label, cache_id);
/*
- * Do it.
+ * Do it, unless we would delete the current first/next entry. Some map
+ * types don't have cursors, and some of those don't behave when the
+ * "current" entry is deleted.
*/
- return (dict_del(cp->db, cache_id) == 0);
+ return ((cp->saved_cursor != 0 && strcmp(cp->saved_cursor, cache_id) == 0)
+ || dict_del(cp->db, cache_id) == 0);
}
/* tls_scache_open - open TLS session cache file */
* Create the TLS_SCACHE object.
*/
cp = (TLS_SCACHE *) mymalloc(sizeof(*cp));
+ cp->flags = 0;
cp->db = dict;
cp->cache_label = mystrdup(cache_label);
cp->log_level = log_level;
cp->timeout = timeout;
+ cp->saved_cursor = 0;
return (cp);
}
*/
dict_close(cp->db);
myfree(cp->cache_label);
+ if (cp->saved_cursor)
+ myfree(cp->saved_cursor);
myfree((char *) cp);
}
* External interface.
*/
typedef struct {
+ int flags; /* see below */
DICT *db; /* database handle */
char *cache_label; /* "client" or "server" */
int log_level; /* smtp(d)_tls_log_level */
int timeout; /* smtp(d)_tls_session_cache_timeout */
+ char *saved_cursor; /* cursor cache ID */
} TLS_SCACHE;
+#define TLS_SCACHE_FLAG_DEL_CURSOR (1<<0)
+
extern TLS_SCACHE *tls_scache_open(const char *, const char *, int, int);
extern void tls_scache_close(TLS_SCACHE *);
extern int tls_scache_lookup(TLS_SCACHE *, const char *, long, int, long *, int *, VSTRING *);
dict_errno = 0;
memset(&db_key, 0, sizeof(db_key));
memset(&db_value, 0, sizeof(db_value));
- if (dict_db->cursor == 0)
- db->cursor(db, NULL, &(dict_db->cursor), 0);
/*
* Determine the function.
*/
switch (function) {
case DICT_SEQ_FUN_FIRST:
+ if (dict_db->cursor == 0)
+ db->cursor(db, NULL, &(dict_db->cursor), 0);
db_function = DB_FIRST;
break;
case DICT_SEQ_FUN_NEXT:
+ if (dict_db->cursor == 0)
+ msg_panic("%s: no cursor", myname);
db_function = DB_NEXT;
break;
default:
* Database lookup.
*/
status =
- dict_db->cursor->c_get(dict_db->cursor, &db_key, &db_value, DB_NEXT);
+ dict_db->cursor->c_get(dict_db->cursor, &db_key, &db_value, db_function);
if (status != 0 && status != DB_NOTFOUND)
msg_fatal("error [%d] seeking %s: %m", status, dict_db->dict.name);
/* With file-based maps, flush I/O buffers to file after each update.
/* Thus feature is not supported with some file-based dictionaries.
/* .IP DICT_FLAG_NO_REGSUB
-/* Disallow regular expression substitution from left-hand side data
+/* Disallow regular expression substitution from left-hand side data
/* into the right-hand side.
/* .IP DICT_FLAG_NO_PROXY
/* Disallow access through the \fBproxymap\fR service.
/*
/* dict_open_register() adds support for a new dictionary type.
/*
-/* dict_mapnames() returns a sorted list with the names of all available
+/* dict_mapnames() returns a sorted list with the names of all available
/* dictionary types.
/* DIAGNOSTICS
/* Fatal error: open error, unsupported dictionary type, attempt to
int open_flags;
char *bufp;
char *cmd;
- char *key;
+ const char *key;
const char *value;
int ch;
else
msg_fatal("unknown access mode: %s", argv[2]);
dict_name = argv[optind];
- dict = dict_open(dict_name, open_flags, DICT_FLAG_LOCK);
+ dict = dict_open(dict_name, open_flags, DICT_FLAG_LOCK | DICT_FLAG_DUP_REPLACE);
dict_register(dict_name, dict);
while (vstring_fgets_nonl(inbuf, VSTREAM_IN)) {
bufp = vstring_str(inbuf);
- if ((cmd = mystrtok(&bufp, " ")) == 0 || *bufp == 0) {
- vstream_printf("usage: del key|get key|put key=value\n");
+ if (!isatty(0)) {
+ vstream_printf("> %s\n", bufp);
+ vstream_fflush(VSTREAM_OUT);
+ }
+ if (*bufp == '#')
+ continue;
+ if ((cmd = mystrtok(&bufp, " ")) == 0) {
+ vstream_printf("usage: del key|get key|put key=value|first|next\n");
vstream_fflush(VSTREAM_OUT);
continue;
}
if (dict_changed_name())
msg_warn("dictionary has changed");
- key = vstring_str(unescape(keybuf, mystrtok(&bufp, " =")));
+ key = *bufp ? vstring_str(unescape(keybuf, mystrtok(&bufp, " ="))) : 0;
value = mystrtok(&bufp, " =");
if (strcmp(cmd, "del") == 0 && key && !value) {
if (dict_del(dict, key))
} else if (strcmp(cmd, "put") == 0 && key && value) {
dict_put(dict, key, value);
vstream_printf("%s=%s\n", key, value);
+ } else if (strcmp(cmd, "first") == 0 && !key && !value) {
+ if (dict_seq(dict, DICT_SEQ_FUN_FIRST, &key, &value) == 0)
+ vstream_printf("%s=%s\n", key, value);
+ else
+ vstream_printf("%s\n",
+ dict_errno == DICT_ERR_RETRY ?
+ "soft error" : "not found");
+ } else if (strcmp(cmd, "next") == 0 && !key && !value) {
+ if (dict_seq(dict, DICT_SEQ_FUN_NEXT, &key, &value) == 0)
+ vstream_printf("%s=%s\n", key, value);
+ else
+ vstream_printf("%s\n",
+ dict_errno == DICT_ERR_RETRY ?
+ "soft error" : "not found");
} else {
- vstream_printf("usage: del key|get key|put key=value\n");
+ vstream_printf("usage: del key|get key|put key=value|first|next\n");
}
vstream_fflush(VSTREAM_OUT);
}
projects / thirdparty / postfix.git / commitdiff
