This involved a further rewrite of the regexp map code.
File: util/dict_regexp.c.
-
200209010
Bugfix: the SMTP client produced suprious warnings about
properly quoted just like the null address. File:
global/quote_82[12]_local.c.
-
20021217
Cleanup: more work on the trivial-rewrite address rewriting
allows Postfix to connect to LDAP SSL sources. By Liviu
Daia. File: util/dict_ldap.c.
-
20030811
Cleanup: produce a warning when host:port specifies a badly
which didn't work as discussed above. Files: util/dict_dbm.c,
util/dict_sdbm.c.
+ Feature: the local(8) and pipe(8) delivery agents now make
+ the following attributes available upon delivery (with
+ local(8) names must be spelled in upper case): client_hostname,
+ client_address, client_protocol, client_helo, sasl_method,
+ sasl_sender, sasl_username. Files: local/command.c,
+ pipe/pipe.c, and lots of documentation.
+
+20041216
+
+ "postcat -o" now prints queue file record offsets; this is
+ useful for debugging. File: postcat/postcat.c.
+
+20041218
+
+ Feature: selective suppression of SMTP extensions (pipelining,
+ starttls, auth, etc.); this is useful to work around broken
+ clients or servers. Specify a list of EHLO keywords with
+ the smtp(d)_disable_ehlo_keywords parameters, or specify
+ one or more lookup tables, indexed by remote network address,
+ with the smtp(d)_disable_ehlo_keyword_address_maps parameters.
+ EHLO keyword lists are case insensitive. Files:
+ util/name_mask.[hc], global/ehlo_mask.[hc], smtpd/smtpd.c,
+ smtp/smtp.c, smtp/smtp_proto.c.
+
Open problems:
Med: implement ${name[?:]value} in main.cf or update the
processes. This overcomes chroot restrictions, and reduces the number of
open lookup tables by sharing one open table among multiple processes.
- * The scache(8) server maintains the session cache for the Postfix smtp(8)
- client. When session caching is enabled for selected destinations, the smtp
- (8) client does not disconnect immediately after a mail transaction, but
- gives the connection to the session cache server. The smtp(8) client
- continues with some other mail delivery request. Meanwhile, the session
+ * The scache(8) server maintains the connection cache for the Postfix smtp(8)
+ client. When connection caching is enabled for selected destinations, the
+ smtp(8) client does not disconnect immediately after a mail transaction,
+ but gives the connection to the connection cache server. The smtp(8) client
+ continues with some other mail delivery request. Meanwhile, the connection
cache server keeps the connection open for a limited amount of time. During
that time, any smtp(8) process can ask the scache(8) server for that cached
- session and use it for mail delivery.
+ connection and use it for mail delivery.
smtp(8) -> scache(8) -> smtp(8)
and change the patchlevel and the release date. Patches are never
issued for snapshot releases.
+Major changes with snapshot Postfix-2.2-20041218
+================================================
+
+Fine control for SMTP inter-operability problems. You can now
+selectively turn off SMTP extensions (pipelining, starttls, auth,
+etc.), to work around specific broken clients or servers. Specify
+a list of EHLO keywords with the smtp(d)_disable_ehlo_keywords
+parameters, or specify one or more lookup tables, indexed by remote
+network address, with the smtp(d)_disable_ehlo_keyword_address_maps
+parameters. The EHLO keywords lists are case insensitive.
+
+More client attributes for delivery to command with the local(8)
+and pipe(8) delivery agents: client_hostname, client_address,
+client_protocol, client_helo, sasl_method, sasl_sender, and
+sasl_username. With local(8), attribute names must be specified
+in upper case.
+
+Major changes with snapshot Postfix-2.2-20041210
+================================================
+
+You can now dump an entire database with the new postmap/postalias
+"-s" option. This works only for database types with Postfix sequence
+operator support: hash, btree, dbm, and sdbm.
+
Major changes with snapshot Postfix-2.2-20041208
================================================
and reduces the number of open lookup tables by sharing one open
table among multiple processes. </p>
-<li> <p> The <a href="scache.8.html">scache(8)</a> server maintains the session cache for the
-Postfix <a href="smtp.8.html">smtp(8)</a> client. When session caching is enabled for selected
+<li> <p> The <a href="scache.8.html">scache(8)</a> server maintains the connection cache for
+the Postfix <a href="smtp.8.html">smtp(8)</a> client. When connection caching is enabled for
+selected
destinations, the <a href="smtp.8.html">smtp(8)</a> client does not disconnect immediately
-after a mail transaction, but gives the connection to the session
+after a mail transaction, but gives the connection to the connection
cache server. The <a href="smtp.8.html">smtp(8)</a> client continues with some other mail
-delivery request. Meanwhile, the session cache server keeps the
+delivery request. Meanwhile, the connection cache server keeps the
connection open for a limited amount of time. During that time,
any <a href="smtp.8.html">smtp(8)</a> process can ask the <a href="scache.8.html">scache(8)</a> server for that cached
-session and use it for mail delivery. </p>
+connection and use it for mail delivery. </p>
<table>
<b>SENDER</b> The entire sender address.
+ Additional remote client information is made available via
+ the following pseudo variables:
+
+ <b>CLIENT_ADDRESS</b>
+ Remote client network address. Available as of
+ Postfix 2.2.
+
+ <b>CLIENT_HELO</b>
+ Remote client EHLO command parameter. Available as
+ of Postfix 2.2.
+
+ <b>CLIENT_HOSTNAME</b>
+ Remote client hostname. Available as of Postfix
+ 2.2.
+
+ <b>CLIENT_PROTOCOL</b>
+ Remote client protocol. Available as of Postfix
+ 2.2.
+
+ <b>SASL_METHOD</b>
+ SASL authentication method specified in the remote
+ client AUTH command. Available as of Postfix 2.2.
+
+ <b>SASL_SENDER</b>
+ SASL sender address specified in the remote client
+ MAIL FROM command. Available as of Postfix 2.2.
+
+ <b>SASL_USERNAME</b>
+ SASL username specified in the remote client AUTH
+ command. Available as of Postfix 2.2.
+
The <b>PATH</b> environment variable is always reset to a system-
dependent default path, and environment variables whose
names are blessed by the <b><a href="postconf.5.html#export_environment">export_environment</a></b> configuration
and $(<i>name</i>) are also recognized. Specify <b>$$</b> where
a single <b>$</b> is wanted.
+ <b>${client_address</b>}
+ This macro expands to the remote client net-
+ work address.
+
+ This is available in Postfix 2.2 and later.
+
+ <b>${client_helo</b>}
+ This macro expands to the remote client HELO
+ command parameter.
+
+ This is available in Postfix 2.2 and later.
+
+ <b>${client_hostname</b>}
+ This macro expands to the remote client
+ hostname.
+
+ This is available in Postfix 2.2 and later.
+
+ <b>${client_protocol</b>}
+ This macro expands to the remote client pro-
+ tocol.
+
+ This is available in Postfix 2.2 and later.
+
<b>${extension</b>}
This macro expands to the extension part of
a recipient address. For example, with an
postcat - show Postfix queue file contents
<b>SYNOPSIS</b>
- <b>postcat</b> [<b>-vq</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] [<i>files</i>...]
+ <b>postcat</b> [<b>-oqv</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] [<i>files</i>...]
<b>DESCRIPTION</b>
The <b>postcat</b> command prints the contents of the named <i>files</i>
directory instead of the default configuration
directory.
+ <b>-o</b> Print the queue file offset of each record.
+
<b>-q</b> Search the Postfix queue for the named <i>files</i>
instead of taking the names literally.
<dl>
+<dt><b>CLIENT_ADDRESS</b></dt>
+
+<dd>Remote client network address. Available in Postfix 2.2 and
+later. </dd>
+
+<dt><b>CLIENT_HELO</b></dt>
+
+<dd>Remote client EHLO command parameter. Available in Postfix 2.2
+and later.</dd>
+
+<dt><b>CLIENT_HOSTNAME</b></dt>
+
+<dd>Remote client hostname. Available in Postfix 2.2 and later.
+</dd>
+
+<dt><b>CLIENT_PROTOCOL</b></dt>
+
+<dd>Remote client protocol. Available in Postfix 2.2 and later.
+</dd>
+
<dt><b>DOMAIN</b></dt>
<dd>The domain part of the recipient address. </dd>
<dd>The full recipient address. </dd>
+<dt><b>SASL_METHOD</b></dt>
+
+<dd>SASL authentication method specified in the remote client AUTH
+command. Available in Postfix 2.2 and later. </dd>
+
+<dt><b>SASL_SENDER</b></dt>
+
+<dd>SASL sender address specified in the remote client MAIL FROM
+command. Available in Postfix 2.2 and later. </dd>
+
+<dt><b>SASL_USER</b></dt>
+
+<dd>SASL username specified in the remote client AUTH command.
+Available in Postfix 2.2 and later. </dd>
+
<dt><b>SENDER</b></dt>
<dd>The full sender address. </dd>
into concurrency per recipient. </p>
+</DD>
+
+<DT><b><a name="smtp_disable_ehlo_keyword_address_maps">smtp_disable_ehlo_keyword_address_maps</a>
+(default: empty)</b></DT><DD>
+
+<p> Lookup tables, indexed by the remote SMTP server address, with
+case insensitive lists of EHLO keywords (pipelining, starttls,
+auth, etc.) that the SMTP client will ignore in the EHLO response
+from a remote SMTP server. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_disable_ehlo_keywords">smtp_disable_ehlo_keywords</a>
+(default: empty)</b></DT><DD>
+
+<p> A case insensitive list of EHLO keywords (pipelining, starttls,
+auth, etc.) that the SMTP client will ignore in the EHLO response
+from a remote SMTP server. Use the <a href="postconf.5.html#smtp_disable_ehlo_keyword_address_maps">smtp_disable_ehlo_keyword_address_maps</a>
+feature to disable EHLO keywords selectively. </p>
+
+
</DD>
<DT><b><a name="smtp_helo_name">smtp_helo_name</a>
<pre>
/etc/postfix/master.cf:
- mysmtp ... smtp -o <a href="postconf.5.html#smtp_helo_name">smtp_helo_name</a>=foo.bar.com
+ mysmtp ... smtp -o <a href="postconf.5.html#<a href="postconf.5.html#smtp_helo_name">smtp_helo_name</a>"><a href="postconf.5.html#smtp_helo_name">smtp_helo_name</a></a>=foo.bar.com
</pre>
<p>
</p>
+</DD>
+
+<DT><b><a name="smtpd_disable_ehlo_keyword_address_maps">smtpd_disable_ehlo_keyword_address_maps</a>
+(default: empty)</b></DT><DD>
+
+<p> Lookup tables, indexed by the remote SMTP client address, with
+case insensitive lists of EHLO keywords (pipelining, starttls,
+auth, etc.) that the SMTP server will not send in the EHLO response
+to a remote SMTP client. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_disable_ehlo_keywords">smtpd_disable_ehlo_keywords</a>
+(default: empty)</b></DT><DD>
+
+<p> A case insensitive list of EHLO keywords (pipelining, starttls,
+auth, etc.) that the SMTP server will not send in the EHLO response
+to a remote SMTP client. Use the <a href="postconf.5.html#smtpd_disable_ehlo_keyword_address_maps">smtpd_disable_ehlo_keyword_address_maps</a>
+feature to disable EHLO keywords selectively. </p>
+
+
</DD>
<DT><b><a name="smtpd_end_of_data_restrictions">smtpd_end_of_data_restrictions</a>
Skip SMTP servers that greet with a 4XX status code
(go away, try again later).
+ Available in Postfix version 2.2 and later:
+
+ <b><a href="postconf.5.html#smtp_disable_ehlo_keyword_address_maps">smtp_disable_ehlo_keyword_address_maps</a> (empty)</b>
+ Lookup tables, indexed by the remote SMTP server
+ address, with case insensitive lists of EHLO key-
+ words (pipelining, starttls, auth, etc.) that the
+ SMTP client will ignore in the EHLO response from a
+ remote SMTP server.
+
+ <b><a href="postconf.5.html#smtp_disable_ehlo_keywords">smtp_disable_ehlo_keywords</a> (empty)</b>
+ A case insensitive list of EHLO keywords (pipelin-
+ ing, starttls, auth, etc.) that the SMTP client
+ will ignore in the EHLO response from a remote SMTP
+ server.
+
<b>MIME PROCESSING CONTROLS</b>
Available in Postfix version 2.0 and later:
<b><a href="postconf.5.html#disable_mime_output_conversion">disable_mime_output_conversion</a> (no)</b>
- Disable the conversion of 8BITMIME format to 7BIT
+ Disable the conversion of 8BITMIME format to 7BIT
format.
<b><a href="postconf.5.html#mime_boundary_length_limit">mime_boundary_length_limit</a> (2048)</b>
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtp_send_xforward_command">smtp_send_xforward_command</a> (no)</b>
- Send the non-standard XFORWARD command when the
- Postfix SMTP server EHLO response announces XFOR-
+ Send the non-standard XFORWARD command when the
+ Postfix SMTP server EHLO response announces XFOR-
WARD support.
<b>SASL AUTHENTICATION CONTROLS</b>
<b><a href="postconf.5.html#smtp_sasl_auth_enable">smtp_sasl_auth_enable</a> (no)</b>
- Enable SASL authentication in the Postfix SMTP
+ Enable SASL authentication in the Postfix SMTP
client.
<b><a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a> (empty)</b>
- Optional SMTP client lookup tables with one user-
- name:password entry per remote hostname or domain.
+ Optional SMTP client lookup tables with one user-
+ name:password entry per remote hostname or domain.
<b><a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a> (noplaintext, noanonymous)</b>
- What authentication mechanisms the Postfix SMTP
+ What authentication mechanisms the Postfix SMTP
client is allowed to use.
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> (empty)</b>
- If non-empty, a Postfix SMTP client filter for the
- remote SMTP server's list of offered SASL mecha-
+ If non-empty, a Postfix SMTP client filter for the
+ remote SMTP server's list of offered SASL mecha-
nisms.
<b>RESOURCE AND RATE CONTROLS</b>
<b><a href="postconf.5.html#smtp_destination_concurrency_limit">smtp_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destina</a>-</b>
<b><a href="postconf.5.html#default_destination_concurrency_limit">tion_concurrency_limit</a>)</b>
- The maximal number of parallel deliveries to the
- same destination via the smtp message delivery
+ The maximal number of parallel deliveries to the
+ same destination via the smtp message delivery
transport.
<b><a href="postconf.5.html#smtp_destination_recipient_limit">smtp_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destina</a>-</b>
<b><a href="postconf.5.html#default_destination_recipient_limit">tion_recipient_limit</a>)</b>
- The maximal number of recipients per delivery via
+ The maximal number of recipients per delivery via
the smtp message delivery transport.
<b><a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a> (30s)</b>
- The SMTP client time limit for completing a TCP
+ The SMTP client time limit for completing a TCP
connection, or zero (use the operating system
built-in time limit).
<b><a href="postconf.5.html#smtp_helo_timeout">smtp_helo_timeout</a> (300s)</b>
- The SMTP client time limit for sending the HELO or
- EHLO command, and for receiving the initial server
+ The SMTP client time limit for sending the HELO or
+ EHLO command, and for receiving the initial server
response.
<b><a href="postconf.5.html#smtp_xforward_timeout">smtp_xforward_timeout</a> (300s)</b>
command, and for receiving the server response.
<b><a href="postconf.5.html#smtp_mail_timeout">smtp_mail_timeout</a> (300s)</b>
- The SMTP client time limit for sending the MAIL
- FROM command, and for receiving the server
+ The SMTP client time limit for sending the MAIL
+ FROM command, and for receiving the server
response.
<b><a href="postconf.5.html#smtp_rcpt_timeout">smtp_rcpt_timeout</a> (300s)</b>
- The SMTP client time limit for sending the SMTP
- RCPT TO command, and for receiving the server
+ The SMTP client time limit for sending the SMTP
+ RCPT TO command, and for receiving the server
response.
<b><a href="postconf.5.html#smtp_data_init_timeout">smtp_data_init_timeout</a> (120s)</b>
- The SMTP client time limit for sending the SMTP
- DATA command, and for receiving the server
+ The SMTP client time limit for sending the SMTP
+ DATA command, and for receiving the server
response.
<b><a href="postconf.5.html#smtp_data_xfer_timeout">smtp_data_xfer_timeout</a> (180s)</b>
- The SMTP client time limit for sending the SMTP
+ The SMTP client time limit for sending the SMTP
message content.
<b><a href="postconf.5.html#smtp_data_done_timeout">smtp_data_done_timeout</a> (600s)</b>
- The SMTP client time limit for sending the SMTP
+ The SMTP client time limit for sending the SMTP
".", and for receiving the server response.
<b><a href="postconf.5.html#smtp_quit_timeout">smtp_quit_timeout</a> (300s)</b>
- The SMTP client time limit for sending the QUIT
+ The SMTP client time limit for sending the QUIT
command, and for receiving the server response.
Available in Postfix version 2.1 and later:
lookups, or zero (no limit).
<b><a href="postconf.5.html#smtp_mx_session_limit">smtp_mx_session_limit</a> (2)</b>
- The maximal number of SMTP sessions per delivery
- request before giving up or delivering to a fall-
+ The maximal number of SMTP sessions per delivery
+ request before giving up or delivering to a fall-
back relay host, or zero (no limit).
<b><a href="postconf.5.html#smtp_rset_timeout">smtp_rset_timeout</a> (20s)</b>
- The SMTP client time limit for sending the RSET
+ The SMTP client time limit for sending the RSET
command, and for receiving the server response.
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> (empty)</b>
- Permanently enable SMTP connection caching for the
+ Permanently enable SMTP connection caching for the
specified destinations.
<b><a href="postconf.5.html#smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a> (yes)</b>
- Temporarily enable SMTP connection caching while a
+ Temporarily enable SMTP connection caching while a
destination has a high volume of mail in the active
queue.
<b><a href="postconf.5.html#smtp_connection_cache_reuse_limit">smtp_connection_cache_reuse_limit</a> (10)</b>
When SMTP connection caching is enabled, the number
- of times that an SMTP session is reused before it
+ of times that an SMTP session is reused before it
is closed.
<b><a href="postconf.5.html#smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a> (2s)</b>
When SMTP connection caching is enabled, the amount
- of time that an unused SMTP client socket is kept
+ of time that an unused SMTP client socket is kept
open before it is closed.
<b>TROUBLE SHOOTING CONTROLS</b>
<b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
- The increment in verbose logging level when a
- remote client or server matches a pattern in the
+ The increment in verbose logging level when a
+ remote client or server matches a pattern in the
<a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
<b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
- Optional list of remote client or server hostname
- or network address patterns that cause the verbose
- logging level to increase by the amount specified
+ Optional list of remote client or server hostname
+ or network address patterns that cause the verbose
+ logging level to increase by the amount specified
in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
<b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b>
- The recipient of postmaster notifications about
- mail delivery problems that are caused by policy,
+ The recipient of postmaster notifications about
+ mail delivery problems that are caused by policy,
resource, software or protocol errors.
<b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
- The list of error classes that are reported to the
+ The list of error classes that are reported to the
postmaster.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#best_mx_transport">best_mx_transport</a> (empty)</b>
- Where the Postfix SMTP client should deliver mail
+ Where the Postfix SMTP client should deliver mail
when it detects a "mail loops back to myself" error
condition.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix main.cf and
+ The default location of the Postfix main.cf and
master.cf configuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to
- handle a request before it is terminated by a
+ How much time a Postfix daemon process may take to
+ handle a request before it is terminated by a
built-in watchdog timer.
<b><a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> (no)</b>
- Disable DNS lookups in the Postfix SMTP and LMTP
+ Disable DNS lookups in the Postfix SMTP and LMTP
clients.
<b><a href="postconf.5.html#fallback_relay">fallback_relay</a> (empty)</b>
- Optional list of relay hosts for SMTP destinations
+ Optional list of relay hosts for SMTP destinations
that can't be found or that are unreachable.
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b>
over an internal communication channel.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix
- daemon process waits for the next service request
+ The maximum amount of time that an idle Postfix
+ daemon process waits for the next service request
before exiting.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of connection requests before a
+ The maximal number of connection requests before a
Postfix daemon process terminates.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon pro-
+ The process ID of a Postfix command or daemon pro-
cess.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
+ The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b>
The network interface addresses that this mail sys-
- tem receives mail on by way of a proxy or network
+ tem receives mail on by way of a proxy or network
address translation unit.
<b><a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> (empty)</b>
An optional numerical network address that the SMTP
client should bind to when making a connection.
- <b><a href="postconf.5.html#
smtp_helo_name">smtp_helo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
- The hostname to send in the SMTP EHLO or HELO com-
+ <b><a href="postconf.5.html#
<a href="postconf.5.html#smtp_helo_name">smtp_helo_name</a>"><a href="postconf.5.html#smtp_helo_name">smtp_helo_name</a></a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
+ The hostname to send in the SMTP EHLO or HELO com-
mand.
<b><a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a> (dns)</b>
- What mechanisms when the SMTP client uses to look
+ What mechanisms when the SMTP client uses to look
up a host's IP address.
<b><a href="postconf.5.html#smtp_randomize_addresses">smtp_randomize_addresses</a> (yes)</b>
- Randomize the order of equal-preference MX host
+ Randomize the order of equal-preference MX host
addresses.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
- The mail system name that is prepended to the pro-
+ The mail system name that is prepended to the pro-
cess name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
<a href="SASL_README.html">SASL_README</a>, Postfix SASL howto
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
What SMTP clients Postfix will not offer AUTH sup-
port to.
+ Available in Postfix version 2.2 and later:
+
+ <b><a href="postconf.5.html#smtpd_disable_ehlo_keyword_address_maps">smtpd_disable_ehlo_keyword_address_maps</a> (empty)</b>
+ Lookup tables, indexed by the remote SMTP client
+ address, with case insensitive lists of EHLO key-
+ words (pipelining, starttls, auth, etc.) that the
+ SMTP server will not send in the EHLO response to a
+ remote SMTP client.
+
+ <b><a href="postconf.5.html#smtpd_disable_ehlo_keywords">smtpd_disable_ehlo_keywords</a> (empty)</b>
+ A case insensitive list of EHLO keywords (pipelin-
+ ing, starttls, auth, etc.) that the SMTP server
+ will not send in the EHLO response to a remote SMTP
+ client.
+
<b>ADDRESS REWRITING CONTROLS</b>
- See the <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a> document for a detailed
+ See the <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a> document for a detailed
discussion of Postfix address rewriting.
<b><a href="postconf.5.html#receive_override_options">receive_override_options</a> (empty)</b>
- Enable or disable recipient validation, built-in
+ Enable or disable recipient validation, built-in
content filtering, or address mapping.
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> (see 'postconf -d' output)</b>
Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> to
- message header addresses from these clients only;
- either don't rewrite message headers from other
+ message header addresses from these clients only;
+ either don't rewrite message headers from other
clients at all, or append the domain specified with
the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter.
<b>AFTER QUEUE EXTERNAL CONTENT INSPECTION CONTROLS</b>
- As of version 1.0, Postfix can be configured to send new
- mail to an external content filter AFTER the mail is
- queued. This content filter is expected to inject mail
- back into a (Postfix or other) MTA for further delivery.
+ As of version 1.0, Postfix can be configured to send new
+ mail to an external content filter AFTER the mail is
+ queued. This content filter is expected to inject mail
+ back into a (Postfix or other) MTA for further delivery.
See the <a href="FILTER_README.html">FILTER_README</a> document for details.
<b><a href="postconf.5.html#content_filter">content_filter</a> (empty)</b>
- The name of a mail delivery transport that filters
+ The name of a mail delivery transport that filters
mail after it is queued.
<b>BEFORE QUEUE EXTERNAL CONTENT INSPECTION CONTROLS</b>
- As of version 2.1, the Postfix SMTP server can be config-
- ured to send incoming mail to a real-time SMTP-based con-
+ As of version 2.1, the Postfix SMTP server can be config-
+ ured to send incoming mail to a real-time SMTP-based con-
tent filter BEFORE mail is queued. This content filter is
- expected to inject mail back into Postfix. See the
- <a href="SMTPD_PROXY_README.html">SMTPD_PROXY_README</a> document for details on how to config-
+ expected to inject mail back into Postfix. See the
+ <a href="SMTPD_PROXY_README.html">SMTPD_PROXY_README</a> document for details on how to config-
ure and operate this feature.
<b><a href="postconf.5.html#smtpd_proxy_filter">smtpd_proxy_filter</a> (empty)</b>
- The hostname and TCP port of the mail filtering
+ The hostname and TCP port of the mail filtering
proxy server.
<b><a href="postconf.5.html#smtpd_proxy_ehlo">smtpd_proxy_ehlo</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
for sending or receiving information.
<b>GENERAL CONTENT INSPECTION CONTROLS</b>
- The following parameters are applicable for both built-in
+ The following parameters are applicable for both built-in
and external content filters.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#receive_override_options">receive_override_options</a> (empty)</b>
- Enable or disable recipient validation, built-in
+ Enable or disable recipient validation, built-in
content filtering, or address mapping.
<b>EXTERNAL CONTENT INSPECTION CONTROLS</b>
- The following parameters are applicable for both before-
+ The following parameters are applicable for both before-
queue and after-queue content filtering.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtpd_authorized_xforward_hosts">smtpd_authorized_xforward_hosts</a> (empty)</b>
- What SMTP clients are allowed to use the XFORWARD
+ What SMTP clients are allowed to use the XFORWARD
feature.
<b>SASL AUTHENTICATION CONTROLS</b>
- Postfix SASL support (<a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a>) can be used to authenti-
- cate remote SMTP clients to the Postfix SMTP server, and
- to authenticate the Postfix SMTP client to a remote SMTP
+ Postfix SASL support (<a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a>) can be used to authenti-
+ cate remote SMTP clients to the Postfix SMTP server, and
+ to authenticate the Postfix SMTP client to a remote SMTP
server. See the <a href="SASL_README.html">SASL_README</a> document for details.
<b><a href="postconf.5.html#broken_sasl_auth_clients">broken_sasl_auth_clients</a> (no)</b>
- Enable inter-operability with SMTP clients that
- implement an obsolete version of the AUTH command
+ Enable inter-operability with SMTP clients that
+ implement an obsolete version of the AUTH command
(<a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a>).
<b><a href="postconf.5.html#smtpd_sasl_auth_enable">smtpd_sasl_auth_enable</a> (no)</b>
- Enable SASL authentication in the Postfix SMTP
+ Enable SASL authentication in the Postfix SMTP
server.
<b><a href="postconf.5.html#smtpd_sasl_application_name">smtpd_sasl_application_name</a> (smtpd)</b>
- The application name used for SASL server initial-
+ The application name used for SASL server initial-
ization.
<b><a href="postconf.5.html#smtpd_sasl_local_domain">smtpd_sasl_local_domain</a> (empty)</b>
SMTP server will offer to the client.
<b><a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a> (empty)</b>
- Optional lookup table with the SASL login names
+ Optional lookup table with the SASL login names
that own sender (MAIL FROM) addresses.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtpd_sasl_exceptions_networks">smtpd_sasl_exceptions_networks</a> (empty)</b>
- What SMTP clients Postfix will not offer AUTH sup-
+ What SMTP clients Postfix will not offer AUTH sup-
port to.
<b>VERP SUPPORT CONTROLS</b>
- With VERP style delivery, each recipient of a message
+ With VERP style delivery, each recipient of a message
receives a customized copy of the message with his/her own
- recipient address encoded in the envelope sender address.
+ recipient address encoded in the envelope sender address.
The <a href="VERP_README.html">VERP_README</a> file describes configuration and operation
- details of Postfix support for variable envelope return
+ details of Postfix support for variable envelope return
path addresses. VERP style delivery is requested with the
- SMTP XVERP command or with the "sendmail -V" command-line
- option and is available in Postfix version 1.1 and later.
+ SMTP XVERP command or with the "sendmail -V" command-line
+ option and is available in Postfix version 1.1 and later.
<b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a> (+=)</b>
The two default VERP delimiter characters.
<b><a href="postconf.5.html#verp_delimiter_filter">verp_delimiter_filter</a> (-=+)</b>
- The characters Postfix accepts as VERP delimiter
- characters on the Postfix <a href="sendmail.1.html">sendmail(1)</a> command line
+ The characters Postfix accepts as VERP delimiter
+ characters on the Postfix <a href="sendmail.1.html">sendmail(1)</a> command line
and in SMTP commands.
Available in Postfix version 1.1 and 2.0:
<b><a href="postconf.5.html#authorized_verp_clients">authorized_verp_clients</a> ($<a href="postconf.5.html#mynetworks">mynetworks</a>)</b>
- What SMTP clients are allowed to specify the XVERP
+ What SMTP clients are allowed to specify the XVERP
command.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtpd_authorized_verp_clients">smtpd_authorized_verp_clients</a> ($<a href="postconf.5.html#authorized_verp_clients">authorized_verp_clients</a>)</b>
- What SMTP clients are allowed to specify the XVERP
+ What SMTP clients are allowed to specify the XVERP
command.
<b>TROUBLE SHOOTING CONTROLS</b>
- The <a href="DEBUG_README.html">DEBUG_README</a> document describes how to debug parts of
- the Postfix mail system. The methods vary from making the
- software log a lot of detail, to running some daemon pro-
+ The <a href="DEBUG_README.html">DEBUG_README</a> document describes how to debug parts of
+ the Postfix mail system. The methods vary from making the
+ software log a lot of detail, to running some daemon pro-
cesses under control of a call tracer or debugger.
<b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
- The increment in verbose logging level when a
- remote client or server matches a pattern in the
+ The increment in verbose logging level when a
+ remote client or server matches a pattern in the
<a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
<b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
- Optional list of remote client or server hostname
- or network address patterns that cause the verbose
- logging level to increase by the amount specified
+ Optional list of remote client or server hostname
+ or network address patterns that cause the verbose
+ logging level to increase by the amount specified
in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
<b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b>
- The recipient of postmaster notifications about
- mail delivery problems that are caused by policy,
+ The recipient of postmaster notifications about
+ mail delivery problems that are caused by policy,
resource, software or protocol errors.
<b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
- The list of error classes that are reported to the
+ The list of error classes that are reported to the
postmaster.
<b><a href="postconf.5.html#soft_bounce">soft_bounce</a> (no)</b>
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtpd_authorized_xclient_hosts">smtpd_authorized_xclient_hosts</a> (empty)</b>
- What SMTP clients are allowed to use the XCLIENT
+ What SMTP clients are allowed to use the XCLIENT
feature.
<b>KNOWN VERSUS UNKNOWN RECIPIENT CONTROLS</b>
- As of Postfix version 2.0, the SMTP server rejects mail
- for unknown recipients. This prevents the mail queue from
- clogging up with undeliverable MAILER-DAEMON messages.
- Additional information on this topic is in the
+ As of Postfix version 2.0, the SMTP server rejects mail
+ for unknown recipients. This prevents the mail queue from
+ clogging up with undeliverable MAILER-DAEMON messages.
+ Additional information on this topic is in the
<a href="LOCAL_RECIPIENT_README.html">LOCAL_RECIPIENT_README</a> and <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> documents.
<b><a href="postconf.5.html#show_user_unknown_table_name">show_user_unknown_table_name</a> (yes)</b>
- Display the name of the recipient table in the
+ Display the name of the recipient table in the
"User unknown" responses.
<b><a href="postconf.5.html#canonical_maps">canonical_maps</a> (empty)</b>
- Optional address mapping lookup tables for message
+ Optional address mapping lookup tables for message
headers and envelopes.
<b><a href="postconf.5.html#recipient_canonical_maps">recipient_canonical_maps</a> (empty)</b>
<b><a href="postconf.5.html#mydestination">mydestination</a> ($<a href="postconf.5.html#myhostname">myhostname</a>, localhost.$<a href="postconf.5.html#mydomain">mydomain</a>, local-</b>
<b>host)</b>
- The list of domains that are delivered via the
+ The list of domains that are delivered via the
$<a href="postconf.5.html#local_transport">local_transport</a> mail delivery transport.
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b>
<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b>
The network interface addresses that this mail sys-
- tem receives mail on by way of a proxy or network
+ tem receives mail on by way of a proxy or network
address translation unit.
<b><a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> (<a href="proxymap.8.html">proxy</a>:unix:passwd.byname</b>
<b>$<a href="postconf.5.html#alias_maps">alias_maps</a>)</b>
- Lookup tables with all names or addresses of local
- recipients: a recipient address is local when its
- domain matches $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or
+ Lookup tables with all names or addresses of local
+ recipients: a recipient address is local when its
+ domain matches $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or
$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>.
<b><a href="postconf.5.html#unknown_local_recipient_reject_code">unknown_local_recipient_reject_code</a> (550)</b>
- The numerical Postfix SMTP server response code
- when a recipient address is local, and
- $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> specifies a list of lookup
+ The numerical Postfix SMTP server response code
+ when a recipient address is local, and
+ $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> specifies a list of lookup
tables that does not match the recipient.
- Parameters concerning known/unknown recipients of relay
+ Parameters concerning known/unknown recipients of relay
destinations:
<b><a href="postconf.5.html#relay_domains">relay_domains</a> ($<a href="postconf.5.html#mydestination">mydestination</a>)</b>
- What destination domains (and subdomains thereof)
+ What destination domains (and subdomains thereof)
this system will relay mail to.
<b><a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> (empty)</b>
- Optional lookup tables with all valid addresses in
+ Optional lookup tables with all valid addresses in
the domains that match $<a href="postconf.5.html#relay_domains">relay_domains</a>.
<b><a href="postconf.5.html#unknown_relay_recipient_reject_code">unknown_relay_recipient_reject_code</a> (550)</b>
The numerical Postfix SMTP server reply code when a
- recipient address matches $<a href="postconf.5.html#relay_domains">relay_domains</a>, and
- <a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> specifies a list of lookup
+ recipient address matches $<a href="postconf.5.html#relay_domains">relay_domains</a>, and
+ <a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> specifies a list of lookup
tables that does not match the recipient address.
- Parameters concerning known/unknown recipients in virtual
+ Parameters concerning known/unknown recipients in virtual
alias domains:
<b><a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a> ($<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>)</b>
Postfix is final destination for the specified list
- of virtual alias domains, that is, domains for
- which all addresses are aliased to addresses in
+ of virtual alias domains, that is, domains for
+ which all addresses are aliased to addresses in
other local or remote domains.
<b><a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> ($<a href="postconf.5.html#virtual_maps">virtual_maps</a>)</b>
- Optional lookup tables that alias specific mail
- addresses or domains to other local or remote
+ Optional lookup tables that alias specific mail
+ addresses or domains to other local or remote
address.
<b><a href="postconf.5.html#unknown_virtual_alias_reject_code">unknown_virtual_alias_reject_code</a> (550)</b>
The SMTP server reply code when a recipient address
- matches
$<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, and $<a href="postconf.5.html#virtual_alias_maps">vir</a>-
- <a href="postconf.5.html#virtual_alias_maps">tual_alias_maps</a> specifies a list of lookup tables
+ matches
$<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, and $<a href="postconf.5.html#virtual_alias_maps">vir</a>-
+ <a href="postconf.5.html#virtual_alias_maps">tual_alias_maps</a> specifies a list of lookup tables
that does not match the recipient address.
- Parameters concerning known/unknown recipients in virtual
+ Parameters concerning known/unknown recipients in virtual
mailbox domains:
<b><a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> ($<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>)</b>
Postfix is final destination for the specified list
- of
domains; mail is delivered via the $<a href="postconf.5.html#virtual_transport">vir</a>-
+ of
domains; mail is delivered via the $<a href="postconf.5.html#virtual_transport">vir</a>-
<a href="postconf.5.html#virtual_transport">tual_transport</a> mail delivery transport.
<b><a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> (empty)</b>
- Optional lookup tables with all valid addresses in
+ Optional lookup tables with all valid addresses in
the domains that match $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>.
<b><a href="postconf.5.html#unknown_virtual_mailbox_reject_code">unknown_virtual_mailbox_reject_code</a> (550)</b>
The SMTP server reply code when a recipient address
- matches
$<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>, and $<a href="postconf.5.html#virtual_mailbox_maps">vir</a>-
+ matches
$<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>, and $<a href="postconf.5.html#virtual_mailbox_maps">vir</a>-
<a href="postconf.5.html#virtual_mailbox_maps">tual_mailbox_maps</a> specifies a list of lookup tables
that does not match the recipient address.
<b>RESOURCE AND RATE CONTROLS</b>
- The following parameters limit resource usage by the SMTP
+ The following parameters limit resource usage by the SMTP
server and/or control client request rates.
<b><a href="postconf.5.html#line_length_limit">line_length_limit</a> (2048)</b>
- Upon input, long lines are chopped up into pieces
- of at most this length; upon delivery, long lines
+ Upon input, long lines are chopped up into pieces
+ of at most this length; upon delivery, long lines
are reconstructed.
<b><a href="postconf.5.html#queue_minfree">queue_minfree</a> (0)</b>
- The minimal amount of free space in bytes in the
+ The minimal amount of free space in bytes in the
queue file system that is needed to receive mail.
<b><a href="postconf.5.html#message_size_limit">message_size_limit</a> (10240000)</b>
- The maximal size in bytes of a message, including
+ The maximal size in bytes of a message, including
envelope information.
<b><a href="postconf.5.html#smtpd_recipient_limit">smtpd_recipient_limit</a> (1000)</b>
- The maximal number of recipients that the Postfix
+ The maximal number of recipients that the Postfix
SMTP server accepts per message delivery request.
<b><a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> (300s)</b>
- The time limit for sending a Postfix SMTP server
- response and for receiving a remote SMTP client
+ The time limit for sending a Postfix SMTP server
+ response and for receiving a remote SMTP client
request.
<b><a href="postconf.5.html#smtpd_history_flush_threshold">smtpd_history_flush_threshold</a> (100)</b>
- The maximal number of lines in the Postfix SMTP
- server command history before it is flushed upon
+ The maximal number of lines in the Postfix SMTP
+ server command history before it is flushed upon
receipt of EHLO, RSET, or end of DATA.
The per SMTP client connection count and request rate lim-
its are implemented in co-operation with the <a href="anvil.8.html">anvil(8)</a> ser-
- vice, and are available in Postfix version 2.2 and later.
+ vice, and are available in Postfix version 2.2 and later.
<b><a href="postconf.5.html#smtpd_client_connection_count_limit">smtpd_client_connection_count_limit</a> (50)</b>
- How many simultaneous connections any client is
+ How many simultaneous connections any client is
allowed to make to this service.
<b><a href="postconf.5.html#smtpd_client_connection_rate_limit">smtpd_client_connection_rate_limit</a> (0)</b>
The maximal number of connection attempts any
- client is allowed to make to this service per time
+ client is allowed to make to this service per time
unit.
<b><a href="postconf.5.html#smtpd_client_message_rate_limit">smtpd_client_message_rate_limit</a> (0)</b>
- The maximal number of message delivery requests
- that any client is allowed to make to this service
+ The maximal number of message delivery requests
+ that any client is allowed to make to this service
per time unit, regardless of whether or not Postfix
actually accepts those messages.
<b><a href="postconf.5.html#smtpd_client_recipient_rate_limit">smtpd_client_recipient_rate_limit</a> (0)</b>
- The maximal number of recipient addresses that any
- client is allowed to send to this service per time
+ The maximal number of recipient addresses that any
+ client is allowed to send to this service per time
unit, regardless of whether or not Postfix actually
accepts those recipients.
<b><a href="postconf.5.html#smtpd_client_event_limit_exceptions">smtpd_client_event_limit_exceptions</a> ($<a href="postconf.5.html#mynetworks">mynetworks</a>)</b>
- Clients that are excluded from connection count,
- connection rate, message rate or recipient rate
+ Clients that are excluded from connection count,
+ connection rate, message rate or recipient rate
restrictions.
<b>TARPIT CONTROLS</b>
- When a remote SMTP client makes errors, the Postfix SMTP
- server can insert delays before responding. This can help
- to slow down run-away software. The behavior is con-
- trolled by an error counter that counts the number of
- errors within an SMTP session that a client makes without
+ When a remote SMTP client makes errors, the Postfix SMTP
+ server can insert delays before responding. This can help
+ to slow down run-away software. The behavior is con-
+ trolled by an error counter that counts the number of
+ errors within an SMTP session that a client makes without
delivering mail.
<b><a href="postconf.5.html#smtpd_error_sleep_time">smtpd_error_sleep_time</a> (1s)</b>
- With Postfix 2.1 and later: the SMTP server
- response delay after a client has made more than
- $<a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a> errors, and fewer than
- $<a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> errors, without delivering
+ With Postfix 2.1 and later: the SMTP server
+ response delay after a client has made more than
+ $<a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a> errors, and fewer than
+ $<a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> errors, without delivering
mail.
<b><a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a> (10)</b>
- The number of errors a remote SMTP client is
- allowed to make without delivering mail before the
+ The number of errors a remote SMTP client is
+ allowed to make without delivering mail before the
Postfix SMTP server slows down all its responses.
<b><a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> (20)</b>
- The maximal number of errors a remote SMTP client
+ The maximal number of errors a remote SMTP client
is allowed to make without delivering mail.
<b><a href="postconf.5.html#smtpd_junk_command_limit">smtpd_junk_command_limit</a> (100)</b>
- The number of junk commands (NOOP, VRFY, ETRN or
+ The number of junk commands (NOOP, VRFY, ETRN or
RSET) that a remote SMTP client can send before the
- Postfix SMTP server starts to increment the error
+ Postfix SMTP server starts to increment the error
counter with each junk command.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtpd_recipient_overshoot_limit">smtpd_recipient_overshoot_limit</a> (1000)</b>
- The number of recipients that a remote SMTP client
- can send in excess of the limit specified with
+ The number of recipients that a remote SMTP client
+ can send in excess of the limit specified with
$<a href="postconf.5.html#smtpd_recipient_limit">smtpd_recipient_limit</a>, before the Postfix SMTP
- server increments the per-session error count for
+ server increments the per-session error count for
each excess recipient.
<b>ACCESS POLICY DELEGATION CONTROLS</b>
- As of version 2.1, Postfix can be configured to delegate
- access policy decisions to an external server that runs
- outside Postfix. See the file <a href="SMTPD_POLICY_README.html">SMTPD_POLICY_README</a> for
+ As of version 2.1, Postfix can be configured to delegate
+ access policy decisions to an external server that runs
+ outside Postfix. See the file <a href="SMTPD_POLICY_README.html">SMTPD_POLICY_README</a> for
more information.
<b><a href="postconf.5.html#smtpd_policy_service_max_idle">smtpd_policy_service_max_idle</a> (300s)</b>
- The time after which an idle SMTPD policy service
+ The time after which an idle SMTPD policy service
connection is closed.
<b><a href="postconf.5.html#smtpd_policy_service_max_ttl">smtpd_policy_service_max_ttl</a> (1000s)</b>
connection is closed.
<b><a href="postconf.5.html#smtpd_policy_service_timeout">smtpd_policy_service_timeout</a> (100s)</b>
- The time limit for connecting to, writing to or
+ The time limit for connecting to, writing to or
receiving from a delegated SMTPD policy server.
<b>ACCESS CONTROLS</b>
- The <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a> document gives an introduction to
+ The <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a> document gives an introduction to
all the SMTP server access control features.
<b><a href="postconf.5.html#smtpd_delay_reject">smtpd_delay_reject</a> (yes)</b>
- Wait until the RCPT TO command before evaluating
+ Wait until the RCPT TO command before evaluating
$<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>, $smtpd_helo_restric-
tions and $<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a>, or wait until
- the ETRN command before evaluating
+ the ETRN command before evaluating
$<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> and $smtpd_helo_restric-
tions.
- <b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> (see 'postconf -d' out-</b>
+ <b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> (see 'postconf -d' out-</b>
<b>put)</b>
What Postfix features match subdomains of
"domain.tld" automatically, instead of requiring an
explicit ".domain.tld" pattern.
<b><a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> (empty)</b>
- Optional SMTP server access restrictions in the
+ Optional SMTP server access restrictions in the
context of a client SMTP connection request.
<b><a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> (no)</b>
Require that a remote SMTP client introduces itself
- at the beginning of an SMTP session with the HELO
+ at the beginning of an SMTP session with the HELO
or EHLO command.
<b><a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> (empty)</b>
- Optional restrictions that the Postfix SMTP server
+ Optional restrictions that the Postfix SMTP server
applies in the context of the SMTP HELO command.
<b><a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> (empty)</b>
- Optional restrictions that the Postfix SMTP server
+ Optional restrictions that the Postfix SMTP server
applies in the context of the MAIL FROM command.
<b><a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> (<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>,</b>
<b><a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>)</b>
The access restrictions that the Postfix SMTP
- server applies in the context of the RCPT TO com-
+ server applies in the context of the RCPT TO com-
mand.
<b><a href="postconf.5.html#smtpd_etrn_restrictions">smtpd_etrn_restrictions</a> (empty)</b>
- Optional SMTP server access restrictions in the
+ Optional SMTP server access restrictions in the
context of a client ETRN request.
<b><a href="postconf.5.html#allow_untrusted_routing">allow_untrusted_routing</a> (no)</b>
- Forward mail with sender-specified routing
- (user[@%!]remote[@%!]site) from untrusted clients
+ Forward mail with sender-specified routing
+ (user[@%!]remote[@%!]site) from untrusted clients
to destinations matching $<a href="postconf.5.html#relay_domains">relay_domains</a>.
<b><a href="postconf.5.html#smtpd_restriction_classes">smtpd_restriction_classes</a> (empty)</b>
- User-defined aliases for groups of access restric-
+ User-defined aliases for groups of access restric-
tions.
<b><a href="postconf.5.html#smtpd_null_access_lookup_key">smtpd_null_access_lookup_key</a> (</b><><b>)</b>
- The lookup key to be used in SMTP <a href="access.5.html">access(5)</a> tables
+ The lookup key to be used in SMTP <a href="access.5.html">access(5)</a> tables
instead of the null sender address.
<b><a href="postconf.5.html#permit_mx_backup_networks">permit_mx_backup_networks</a> (empty)</b>
Restrict the use of the <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> SMTP
- access feature to only domains whose primary MX
+ access feature to only domains whose primary MX
hosts match the listed networks.
Available in Postfix version 2.0 and later:
<b><a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a> (empty)</b>
- Optional access restrictions that the Postfix SMTP
+ Optional access restrictions that the Postfix SMTP
server applies in the context of the SMTP DATA com-
mand.
<b><a href="postconf.5.html#smtpd_expansion_filter">smtpd_expansion_filter</a> (see 'postconf -d' output)</b>
- What characters are allowed in $name expansions of
+ What characters are allowed in $name expansions of
RBL reply templates.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtpd_reject_unlisted_sender">smtpd_reject_unlisted_sender</a> (no)</b>
- Request that the Postfix SMTP server rejects mail
- from unknown sender addresses, even when no
- explicit <a href="postconf.5.html#reject_unlisted_sender">reject_unlisted_sender</a> access restriction
+ Request that the Postfix SMTP server rejects mail
+ from unknown sender addresses, even when no
+ explicit <a href="postconf.5.html#reject_unlisted_sender">reject_unlisted_sender</a> access restriction
is specified.
<b><a href="postconf.5.html#smtpd_reject_unlisted_recipient">smtpd_reject_unlisted_recipient</a> (yes)</b>
- Request that the Postfix SMTP server rejects mail
+ Request that the Postfix SMTP server rejects mail
for unknown recipient addresses, even when no
- explicit <a href="postconf.5.html#reject_unlisted_recipient">reject_unlisted_recipient</a> access restric-
+ explicit <a href="postconf.5.html#reject_unlisted_recipient">reject_unlisted_recipient</a> access restric-
tion is specified.
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtpd_end_of_data_restrictions">smtpd_end_of_data_restrictions</a> (empty)</b>
- Optional access restrictions that the Postfix SMTP
- server applies in the context of the SMTP END-OF-
+ Optional access restrictions that the Postfix SMTP
+ server applies in the context of the SMTP END-OF-
DATA command.
<b>SENDER AND RECIPIENT ADDRESS VERIFICATION CONTROLS</b>
- Postfix version 2.1 introduces sender and recipient
- address verification. This feature is implemented by
- sending probe email messages that are not actually deliv-
- ered.
This feature is requested via the <a href="postconf.5.html#reject_unverified_sender">reject_unveri</a>-
- <a href="postconf.5.html#reject_unverified_sender">fied_sender</a> and <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> access
- restrictions. The status of verification probes is main-
+ Postfix version 2.1 introduces sender and recipient
+ address verification. This feature is implemented by
+ sending probe email messages that are not actually deliv-
+ ered.
This feature is requested via the <a href="postconf.5.html#reject_unverified_sender">reject_unveri</a>-
+ <a href="postconf.5.html#reject_unverified_sender">fied_sender</a> and <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> access
+ restrictions. The status of verification probes is main-
tained by the <a href="verify.8.html">verify(8)</a> server. See the file ADDRESS_VER-
- <a href="IFICATION_README.html">IFICATION_README</a> for information about how to configure
+ <a href="IFICATION_README.html">IFICATION_README</a> for information about how to configure
and operate the Postfix sender/recipient address verifica-
tion service.
<b><a href="postconf.5.html#address_verify_poll_count">address_verify_poll_count</a> (3)</b>
- How many times to query the <a href="verify.8.html">verify(8)</a> service for
- the completion of an address verification request
+ How many times to query the <a href="verify.8.html">verify(8)</a> service for
+ the completion of an address verification request
in progress.
<b><a href="postconf.5.html#address_verify_poll_delay">address_verify_poll_delay</a> (3s)</b>
- The delay between queries for the completion of an
+ The delay between queries for the completion of an
address verification request in progress.
<b><a href="postconf.5.html#address_verify_sender">address_verify_sender</a> (postmaster)</b>
- The sender address to use in address verification
+ The sender address to use in address verification
probes.
<b><a href="postconf.5.html#unverified_sender_reject_code">unverified_sender_reject_code</a> (450)</b>
- The numerical Postfix SMTP server response code
- when a recipient address is rejected by the
+ The numerical Postfix SMTP server response code
+ when a recipient address is rejected by the
<a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a> restriction.
<b><a href="postconf.5.html#unverified_recipient_reject_code">unverified_recipient_reject_code</a> (450)</b>
- The numerical Postfix SMTP server response when a
+ The numerical Postfix SMTP server response when a
recipient address is rejected by the <a href="postconf.5.html#reject_unverified_recipient">reject_unveri</a>-
<a href="postconf.5.html#reject_unverified_recipient">fied_recipient</a> restriction.
<b>ACCESS CONTROL RESPONSES</b>
- The following parameters control numerical SMTP reply
+ The following parameters control numerical SMTP reply
codes and/or text responses.
<b><a href="postconf.5.html#access_map_reject_code">access_map_reject_code</a> (554)</b>
- The numerical Postfix SMTP server response code
- when a client is rejected by an <a href="access.5.html">access(5)</a> map
+ The numerical Postfix SMTP server response code
+ when a client is rejected by an <a href="access.5.html">access(5)</a> map
restriction.
<b><a href="postconf.5.html#defer_code">defer_code</a> (450)</b>
- The numerical Postfix SMTP server response code
- when a remote SMTP client request is rejected by
+ The numerical Postfix SMTP server response code
+ when a remote SMTP client request is rejected by
the "defer" restriction.
<b><a href="postconf.5.html#invalid_hostname_reject_code">invalid_hostname_reject_code</a> (501)</b>
- The numerical Postfix SMTP server response code
- when the client HELO or EHLO command parameter is
- rejected by the <a href="postconf.5.html#reject_invalid_hostname">reject_invalid_hostname</a> restric-
+ The numerical Postfix SMTP server response code
+ when the client HELO or EHLO command parameter is
+ rejected by the <a href="postconf.5.html#reject_invalid_hostname">reject_invalid_hostname</a> restric-
tion.
<b><a href="postconf.5.html#maps_rbl_reject_code">maps_rbl_reject_code</a> (554)</b>
- The numerical Postfix SMTP server response code
+ The numerical Postfix SMTP server response code
when a remote SMTP client request is blocked by the
<a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a>, <a href="postconf.5.html#reject_rhsbl_client">reject_rhsbl_client</a>,
<a href="postconf.5.html#reject_rhsbl_sender">reject_rhsbl_sender</a> or <a href="postconf.5.html#reject_rhsbl_recipient">reject_rhsbl_recipient</a>
<b><a href="postconf.5.html#non_fqdn_reject_code">non_fqdn_reject_code</a> (504)</b>
The numerical Postfix SMTP server reply code when a
- client request is rejected by the
+ client request is rejected by the
<a href="postconf.5.html#reject_non_fqdn_hostname">reject_non_fqdn_hostname</a>, <a href="postconf.5.html#reject_non_fqdn_sender">reject_non_fqdn_sender</a> or
<a href="postconf.5.html#reject_non_fqdn_recipient">reject_non_fqdn_recipient</a> restriction.
<b><a href="postconf.5.html#reject_code">reject_code</a> (554)</b>
- The numerical Postfix SMTP server response code
- when a remote SMTP client request is rejected by
+ The numerical Postfix SMTP server response code
+ when a remote SMTP client request is rejected by
the "<b>reject</b>" restriction.
<b><a href="postconf.5.html#relay_domains_reject_code">relay_domains_reject_code</a> (554)</b>
- The numerical Postfix SMTP server response code
- when a client request is rejected by the
+ The numerical Postfix SMTP server response code
+ when a client request is rejected by the
<a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> recipient restriction.
<b><a href="postconf.5.html#unknown_address_reject_code">unknown_address_reject_code</a> (450)</b>
- The numerical Postfix SMTP server response code
- when a sender or recipient address is rejected by
+ The numerical Postfix SMTP server response code
+ when a sender or recipient address is rejected by
the <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a> or
<a href="postconf.5.html#reject_unknown_recipient_domain">reject_unknown_recipient_domain</a> restriction.
<b><a href="postconf.5.html#unknown_client_reject_code">unknown_client_reject_code</a> (450)</b>
- The numerical Postfix SMTP server response code
- when a client without valid address <=> name map-
- ping
is rejected by the <a href="postconf.5.html#reject_unknown_client">reject_unknown_client</a>
+ The numerical Postfix SMTP server response code
+ when a client without valid address <=> name map-
+ ping
is rejected by the <a href="postconf.5.html#reject_unknown_client">reject_unknown_client</a>
restriction.
<b><a href="postconf.5.html#unknown_hostname_reject_code">unknown_hostname_reject_code</a> (450)</b>
- The numerical Postfix SMTP server response code
- when the hostname specified with the HELO or EHLO
- command
is rejected by the <a href="postconf.5.html#reject_unknown_hostname">reject_unknown_hostname</a>
+ The numerical Postfix SMTP server response code
+ when the hostname specified with the HELO or EHLO
+ command
is rejected by the <a href="postconf.5.html#reject_unknown_hostname">reject_unknown_hostname</a>
restriction.
Available in Postfix version 2.0 and later:
<b><a href="postconf.5.html#default_rbl_reply">default_rbl_reply</a> (see 'postconf -d' output)</b>
- The default SMTP server response template for a
- request that is rejected by an RBL-based restric-
+ The default SMTP server response template for a
+ request that is rejected by an RBL-based restric-
tion.
<b><a href="postconf.5.html#multi_recipient_bounce_reject_code">multi_recipient_bounce_reject_code</a> (550)</b>
- The numerical Postfix SMTP server response code
+ The numerical Postfix SMTP server response code
when a remote SMTP client request is blocked by the
<a href="postconf.5.html#reject_multi_recipient_bounce">reject_multi_recipient_bounce</a> restriction.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix main.cf and
+ The default location of the Postfix main.cf and
master.cf configuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to
- handle a request before it is terminated by a
+ How much time a Postfix daemon process may take to
+ handle a request before it is terminated by a
built-in watchdog timer.
<b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
- The location of all postfix administrative com-
+ The location of all postfix administrative com-
mands.
<b><a href="postconf.5.html#double_bounce_sender">double_bounce_sender</a> (double-bounce)</b>
and most Postfix daemon processes.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix
- daemon process waits for the next service request
+ The maximum amount of time that an idle Postfix
+ daemon process waits for the next service request
before exiting.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of connection requests before a
+ The maximal number of connection requests before a
Postfix daemon process terminates.
<b><a href="postconf.5.html#myhostname">myhostname</a> (see 'postconf -d' output)</b>
The internet hostname of this mail system.
<b><a href="postconf.5.html#mynetworks">mynetworks</a> (see 'postconf -d' output)</b>
- The list of "trusted" SMTP clients that have more
+ The list of "trusted" SMTP clients that have more
privileges than "strangers".
<b><a href="postconf.5.html#myorigin">myorigin</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
The domain name that locally-posted mail appears to
- come from, and that locally posted mail is deliv-
+ come from, and that locally posted mail is deliv-
ered to.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon pro-
+ The process ID of a Postfix command or daemon pro-
cess.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
+ The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
+ The location of the Postfix top-level queue direc-
tory.
<b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> (empty)</b>
sions (user+foo).
<b><a href="postconf.5.html#smtpd_banner">smtpd_banner</a> ($<a href="postconf.5.html#myhostname">myhostname</a> ESMTP $<a href="postconf.5.html#mail_name">mail_name</a>)</b>
- The text that follows the 220 status code in the
+ The text that follows the 220 status code in the
SMTP greeting banner.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
- The mail system name that is prepended to the pro-
+ The mail system name that is prepended to the pro-
cess name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtpd_forbidden_commands">smtpd_forbidden_commands</a> (CONNECT, GET, POST)</b>
- List of commands that causes the Postfix SMTP
- server to immediately terminate the session with a
+ List of commands that causes the Postfix SMTP
+ server to immediately terminate the session with a
221 code.
<b>SEE ALSO</b>
<a href="XFORWARD_README.html">XFORWARD_README</a>, Postfix XFORWARD extension
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
.SH "SYNOPSIS"
.na
.nf
-\fBpostcat\fR [\fB-vq\fR] [\fB-c \fIconfig_dir\fR] [\fIfiles\fR...]
+\fBpostcat\fR [\fB-oqv\fR] [\fB-c \fIconfig_dir\fR] [\fIfiles\fR...]
.SH DESCRIPTION
.ad
.fi
.IP "\fB-c \fIconfig_dir\fR"
The \fBmain.cf\fR configuration file is in the named directory
instead of the default configuration directory.
+.IP \fB-o\fR
+Print the queue file offset of each record.
.IP \fB-q\fR
Search the Postfix queue for the named \fIfiles\fR instead
of taking the names literally.
aliased to a real user and 2) don't log in as root, use "su" instead.
.PP
The following environment variables are exported to the command:
+.IP "\fBCLIENT_ADDRESS\fR"
+Remote client network address. Available in Postfix 2.2 and
+later.
+.IP "\fBCLIENT_HELO\fR"
+Remote client EHLO command parameter. Available in Postfix 2.2
+and later.
+.IP "\fBCLIENT_HOSTNAME\fR"
+Remote client hostname. Available in Postfix 2.2 and later.
+.IP "\fBCLIENT_PROTOCOL\fR"
+Remote client protocol. Available in Postfix 2.2 and later.
.IP "\fBDOMAIN\fR"
The domain part of the recipient address.
.IP "\fBEXTENSION\fR"
The recipient's username.
.IP "\fBRECIPIENT\fR"
The full recipient address.
+.IP "\fBSASL_METHOD\fR"
+SASL authentication method specified in the remote client AUTH
+command. Available in Postfix 2.2 and later.
+.IP "\fBSASL_SENDER\fR"
+SASL sender address specified in the remote client MAIL FROM
+command. Available in Postfix 2.2 and later.
+.IP "\fBSASL_USER\fR"
+SASL username specified in the remote client AUTH command.
+Available in Postfix 2.2 and later.
.IP "\fBSENDER\fR"
The full sender address.
.IP "\fBSHELL\fR"
Setting this parameter to a value of 1 changes the meaning of
smtp_destination_concurrency_limit from concurrency per domain
into concurrency per recipient.
+.SH smtp_disable_ehlo_keyword_address_maps (default: empty)
+Lookup tables, indexed by the remote SMTP server address, with
+case insensitive lists of EHLO keywords (pipelining, starttls,
+auth, etc.) that the SMTP client will ignore in the EHLO response
+from a remote SMTP server.
+.SH smtp_disable_ehlo_keywords (default: empty)
+A case insensitive list of EHLO keywords (pipelining, starttls,
+auth, etc.) that the SMTP client will ignore in the EHLO response
+from a remote SMTP server. Use the smtp_disable_ehlo_keyword_address_maps
+feature to disable EHLO keywords selectively.
.SH smtp_helo_name (default: $myhostname)
The hostname to send in the SMTP EHLO or HELO command.
.PP
recipient address information when rejecting a client name/address
or sender address, so that it is possible to find out whose mail
is being rejected.
+.SH smtpd_disable_ehlo_keyword_address_maps (default: empty)
+Lookup tables, indexed by the remote SMTP client address, with
+case insensitive lists of EHLO keywords (pipelining, starttls,
+auth, etc.) that the SMTP server will not send in the EHLO response
+to a remote SMTP client.
+.SH smtpd_disable_ehlo_keywords (default: empty)
+A case insensitive list of EHLO keywords (pipelining, starttls,
+auth, etc.) that the SMTP server will not send in the EHLO response
+to a remote SMTP client. Use the smtpd_disable_ehlo_keyword_address_maps
+feature to disable EHLO keywords selectively.
.SH smtpd_end_of_data_restrictions (default: empty)
Optional access restrictions that the Postfix SMTP server
applies in the context of the SMTP END-OF-DATA command.
.IP \fBSENDER\fR
The entire sender address.
.PP
+Additional remote client information is made available via
+the following pseudo variables:
+.IP \fBCLIENT_ADDRESS\fR
+Remote client network address. Available as of Postfix 2.2.
+.IP \fBCLIENT_HELO\fR
+Remote client EHLO command parameter. Available as of Postfix 2.2.
+.IP \fBCLIENT_HOSTNAME\fR
+Remote client hostname. Available as of Postfix 2.2.
+.IP \fBCLIENT_PROTOCOL\fR
+Remote client protocol. Available as of Postfix 2.2.
+.IP \fBSASL_METHOD\fR
+SASL authentication method specified in the
+remote client AUTH command. Available as of Postfix 2.2.
+.IP \fBSASL_SENDER\fR
+SASL sender address specified in the remote client MAIL
+FROM command. Available as of Postfix 2.2.
+.IP \fBSASL_USERNAME\fR
+SASL username specified in the remote client AUTH command.
+Available as of Postfix 2.2.
+.PP
The \fBPATH\fR environment variable is always reset to a
system-dependent default path, and environment variables
whose names are blessed by the \fBexport_environment\fR
$(\fIname\fR) are also recognized. Specify \fB$$\fR where a single
\fB$\fR is wanted.
.RS
+.IP \fB${\fBclient_address\fR}\fR
+This macro expands to the remote client network address.
+.sp
+This is available in Postfix 2.2 and later.
+.IP \fB${\fBclient_helo\fR}\fR
+This macro expands to the remote client HELO command parameter.
+.sp
+This is available in Postfix 2.2 and later.
+.IP \fB${\fBclient_hostname\fR}\fR
+This macro expands to the remote client hostname.
+.sp
+This is available in Postfix 2.2 and later.
+.IP \fB${\fBclient_protocol\fR}\fR
+This macro expands to the remote client protocol.
+.sp
+This is available in Postfix 2.2 and later.
.IP \fB${\fBextension\fR}\fR
This macro expands to the extension part of a recipient address.
For example, with an address \fIuser+foo@domain\fR the extension is
.IP "\fBsmtp_skip_4xx_greeting (yes)\fR"
Skip SMTP servers that greet with a 4XX status code (go away, try
again later).
+.PP
+Available in Postfix version 2.2 and later:
+.IP "\fBsmtp_disable_ehlo_keyword_address_maps (empty)\fR"
+Lookup tables, indexed by the remote SMTP server address, with
+case insensitive lists of EHLO keywords (pipelining, starttls,
+auth, etc.) that the SMTP client will ignore in the EHLO response
+from a remote SMTP server.
+.IP "\fBsmtp_disable_ehlo_keywords (empty)\fR"
+A case insensitive list of EHLO keywords (pipelining, starttls,
+auth, etc.) that the SMTP client will ignore in the EHLO response
+from a remote SMTP server.
.SH "MIME PROCESSING CONTROLS"
.na
.nf
access restriction is specified.
.IP "\fBsmtpd_sasl_exceptions_networks (empty)\fR"
What SMTP clients Postfix will not offer AUTH support to.
+.PP
+Available in Postfix version 2.2 and later:
+.IP "\fBsmtpd_disable_ehlo_keyword_address_maps (empty)\fR"
+Lookup tables, indexed by the remote SMTP client address, with
+case insensitive lists of EHLO keywords (pipelining, starttls,
+auth, etc.) that the SMTP server will not send in the EHLO response
+to a remote SMTP client.
+.IP "\fBsmtpd_disable_ehlo_keywords (empty)\fR"
+A case insensitive list of EHLO keywords (pipelining, starttls,
+auth, etc.) that the SMTP server will not send in the EHLO response
+to a remote SMTP client.
.SH "ADDRESS REWRITING CONTROLS"
.na
.nf
s;\bsmtp_destination_recip[-</bB>]*\n* *[<bB>]*ient_limit\b;<a href="postconf.5.html#smtp_destination_recipient_limit">$&</a>;g;
s;\bvir[-</bB>]*\n*[ <bB>]*tual_destination_concurrency_limit\b;<a href="postconf.5.html#virtual_destination_concurrency_limit">$&</a>;g;
s;\bvir[-</bB>]*\n*[ <bB>]*tual_destination_recip[-</bB>]*\n* *[<bB>]*ient_limit\b;<a href="postconf.5.html#virtual_destination_recipient_limit">$&</a>;g;
+ s;\bsmtp_disable_ehlo_keyword_address_maps\b;<a href="postconf.5.html#smtp_disable_ehlo_keyword_address_maps">$&</a>;g;
+ s;\bsmtp_disable_ehlo_keywords\b;<a href="postconf.5.html#smtp_disable_ehlo_keywords">$&</a>;g;
+ s;\bsmtp_helo_name\b;<a href="postconf.5.html#smtp_helo_name">$&</a>;g;
s;\bsmtp_helo_name\b;<a href="postconf.5.html#smtp_helo_name">$&</a>;g;
s;\bsmtp_helo_timeout\b;<a href="postconf.5.html#smtp_helo_timeout">$&</a>;g;
s;\bsmtp_host_lookup\b;<a href="postconf.5.html#smtp_host_lookup">$&</a>;g;
s;\bsmtpd_client_restrictions\b;<a href="postconf.5.html#smtpd_client_restrictions">$&</a>;g;
s;\bsmtpd_data_restrictions\b;<a href="postconf.5.html#smtpd_data_restrictions">$&</a>;g;
s;\bsmtpd_delay_reject\b;<a href="postconf.5.html#smtpd_delay_reject">$&</a>;g;
+ s;\bsmtpd_disable_ehlo_keyword_address_maps\b;<a href="postconf.5.html#smtpd_disable_ehlo_keyword_address_maps">$&</a>;g;
+ s;\bsmtpd_disable_ehlo_keywords\b;<a href="postconf.5.html#smtpd_disable_ehlo_keywords">$&</a>;g;
s;\bsmtpd_end_of_data_restrictions\b;<a href="postconf.5.html#smtpd_end_of_data_restrictions">$&</a>;g;
s;\bsmtpd_error_sleep_time\b;<a href="postconf.5.html#smtpd_error_sleep_time">$&</a>;g;
s;\bsmtpd_etrn_restrictions\b;<a href="postconf.5.html#smtpd_etrn_restrictions">$&</a>;g;
and reduces the number of open lookup tables by sharing one open
table among multiple processes. </p>
-<li> <p> The scache(8) server maintains the session cache for the
-Postfix smtp(8) client. When session caching is enabled for selected
+<li> <p> The scache(8) server maintains the connection cache for
+the Postfix smtp(8) client. When connection caching is enabled for
+selected
destinations, the smtp(8) client does not disconnect immediately
-after a mail transaction, but gives the connection to the session
+after a mail transaction, but gives the connection to the connection
cache server. The smtp(8) client continues with some other mail
-delivery request. Meanwhile, the session cache server keeps the
+delivery request. Meanwhile, the connection cache server keeps the
connection open for a limited amount of time. During that time,
any smtp(8) process can ask the scache(8) server for that cached
-session and use it for mail delivery. </p>
+connection and use it for mail delivery. </p>
<table>
<dl>
+<dt><b>CLIENT_ADDRESS</b></dt>
+
+<dd>Remote client network address. Available in Postfix 2.2 and
+later. </dd>
+
+<dt><b>CLIENT_HELO</b></dt>
+
+<dd>Remote client EHLO command parameter. Available in Postfix 2.2
+and later.</dd>
+
+<dt><b>CLIENT_HOSTNAME</b></dt>
+
+<dd>Remote client hostname. Available in Postfix 2.2 and later.
+</dd>
+
+<dt><b>CLIENT_PROTOCOL</b></dt>
+
+<dd>Remote client protocol. Available in Postfix 2.2 and later.
+</dd>
+
<dt><b>DOMAIN</b></dt>
<dd>The domain part of the recipient address. </dd>
<dd>The full recipient address. </dd>
+<dt><b>SASL_METHOD</b></dt>
+
+<dd>SASL authentication method specified in the remote client AUTH
+command. Available in Postfix 2.2 and later. </dd>
+
+<dt><b>SASL_SENDER</b></dt>
+
+<dd>SASL sender address specified in the remote client MAIL FROM
+command. Available in Postfix 2.2 and later. </dd>
+
+<dt><b>SASL_USER</b></dt>
+
+<dd>SASL username specified in the remote client AUTH command.
+Available in Postfix 2.2 and later. </dd>
+
<dt><b>SENDER</b></dt>
<dd>The full sender address. </dd>
and later, this is replaced by separate controls: virtual_alias_domains
and virtual_alias_maps. </p>
+%PARAM smtp_disable_ehlo_keywords
+
+<p> A case insensitive list of EHLO keywords (pipelining, starttls,
+auth, etc.) that the SMTP client will ignore in the EHLO response
+from a remote SMTP server. Use the smtp_disable_ehlo_keyword_address_maps
+feature to disable EHLO keywords selectively. </p>
+
+%PARAM smtpd_disable_ehlo_keywords
+
+<p> A case insensitive list of EHLO keywords (pipelining, starttls,
+auth, etc.) that the SMTP server will not send in the EHLO response
+to a remote SMTP client. Use the smtpd_disable_ehlo_keyword_address_maps
+feature to disable EHLO keywords selectively. </p>
+
+%PARAM smtp_disable_ehlo_keyword_address_maps
+
+<p> Lookup tables, indexed by the remote SMTP server address, with
+case insensitive lists of EHLO keywords (pipelining, starttls,
+auth, etc.) that the SMTP client will ignore in the EHLO response
+from a remote SMTP server. </p>
+
+%PARAM smtpd_disable_ehlo_keyword_address_maps
+
+<p> Lookup tables, indexed by the remote SMTP client address, with
+case insensitive lists of EHLO keywords (pipelining, starttls,
+auth, etc.) that the SMTP server will not send in the EHLO response
+to a remote SMTP client. </p>
+
%PARAM session_cache_service scache
<p> The name of the scache(8) connection cache service. This service
sys_exits.c timed_ipc.c tok822_find.c tok822_node.c tok822_parse.c \
tok822_resolve.c tok822_rewrite.c tok822_tree.c trace.c verify.c \
verify_clnt.c verp_sender.c virtual8_maps.c xtext.c scache_single.c \
- scache_clnt.c scache_multi.c user_acl.c mkmap_cdb.c mkmap_sdbm.c
+ scache_clnt.c scache_multi.c user_acl.c mkmap_cdb.c mkmap_sdbm.c \
+ ehlo_mask.c
OBJS = abounce.o anvil_clnt.o been_here.o bounce.o bounce_log.o \
canon_addr.o cfg_parser.o cleanup_strerror.o cleanup_strflags.o \
clnt_stream.o debug_peer.o debug_process.o defer.o \
sys_exits.o timed_ipc.o tok822_find.o tok822_node.o tok822_parse.o \
tok822_resolve.o tok822_rewrite.o tok822_tree.o trace.o verify.o \
verify_clnt.o verp_sender.o virtual8_maps.o xtext.o scache_single.o \
- scache_clnt.o scache_multi.o user_acl.o mkmap_cdb.o mkmap_sdbm.o
+ scache_clnt.o scache_multi.o user_acl.o mkmap_cdb.o mkmap_sdbm.o \
+ ehlo_mask.o
HDRS = abounce.h anvil_clnt.h been_here.h bounce.h bounce_log.h \
canon_addr.h cfg_parser.h cleanup_user.h clnt_stream.h config.h \
debug_peer.h debug_process.h defer.h deliver_completed.h \
resolve_local.h rewrite_clnt.h sent.h smtp_stream.h split_addr.h \
string_list.h strip_addr.h sys_exits.h timed_ipc.h tok822.h \
trace.h verify.h verify_clnt.h verp_sender.h virtual8_maps.h \
- xtext.h scache.h user_acl.h
+ xtext.h scache.h user_acl.h ehlo_mask.h
TESTSRC = rec2stream.c stream2rec.c recdump.c
DEFS = -I. -I$(INC_DIR) -D$(SYSTYPE)
CFLAGS = $(DEBUG) $(OPT) $(DEFS)
off_cvt quote_822_local rec2stream recdump resolve_clnt \
resolve_local rewrite_clnt stream2rec string_list tok822_parse \
quote_821_local mail_conf_time mime_state strip_addr \
- virtual8_maps verify_clnt xtext anvil_clnt scache
+ virtual8_maps verify_clnt xtext anvil_clnt scache ehlo_mask
LIBS = ../../lib/libutil.a
LIB_DIR = ../../lib
scache: scache.c $(LIB) $(LIBS)
$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
+ehlo_mask: ehlo_mask.c $(LIB) $(LIBS)
+ $(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
+
tests: tok822_test mime_test mime_nest mime_8bit mime_dom mime_trunc \
mime_cvt mime_cvt2 mime_cvt3 strip_addr_test tok822_limit_test \
- virtual8_test xtext_test scache_multi_test
+ virtual8_test xtext_test scache_multi_test ehlo_mask_test
tok822_test: tok822_parse tok822_parse.in tok822_parse.ref
./tok822_parse <tok822_parse.in >tok822_parse.tmp 2>&1
diff scache_multi.ref scache_multi.tmp
rm -f scache_multi.tmp
+ehlo_mask_test: ehlo_mask ehlo_mask.in ehlo_mask.ref
+ ./ehlo_mask <ehlo_mask.in >ehlo_mask.tmp
+ diff ehlo_mask.ref ehlo_mask.tmp
+ rm -f ehlo_mask.tmp
+
printfck: $(OBJS) $(PROG)
rm -rf printfck
mkdir printfck
dot_lockfile_as.o: ../../include/vstring.h
dot_lockfile_as.o: ../../include/vbuf.h
dot_lockfile_as.o: dot_lockfile_as.h
+ehlo_mask.o: ehlo_mask.c
+ehlo_mask.o: ../../include/sys_defs.h
+ehlo_mask.o: ../../include/name_mask.h
+ehlo_mask.o: ehlo_mask.h
ext_prop.o: ext_prop.c
ext_prop.o: ../../include/sys_defs.h
ext_prop.o: ../../include/name_mask.h
--- /dev/null
+/*++
+/* NAME
+/* ehlo_mask 3
+/* SUMMARY
+/* map EHLO keywords to bit mask
+/* SYNOPSIS
+/* #include <ehlo_mask.h>
+/*
+/* #define EHLO_MASK_8BITMIME (1<<0)
+/* #define EHLO_MASK_PIPELINING (1<<1)
+/* #define EHLO_MASK_SIZE (1<<2)
+/* #define EHLO_MASK_VRFY (1<<3)
+/* #define EHLO_MASK_ETRN (1<<4)
+/* #define EHLO_MASK_AUTH (1<<5)
+/* #define EHLO_MASK_VERP (1<<6)
+/* #define EHLO_MASK_STARTTLS (1<<7)
+/* #define EHLO_MASK_XCLIENT (1<<8)
+/* #define EHLO_MASK_XFORWARD (1<<9)
+/*
+/* int ehlo_mask(keyword_list)
+/* const char *keyword_list;
+/*
+/* const char *str_ehlo_mask(bitmask)
+/* int bitmask;
+/* DESCRIPTION
+/* ehlo_mask() computes the bit-wise OR of the masks that correspond
+/* to the names listed in the \fIkeyword_list\fR argument, separated by
+/* comma and/or whitespace characters. Undefined names are silently
+/* ignored.
+/*
+/* str_ehlo_mask() translates a mask into its equivalent names.
+/* The result is written to a static buffer that is overwritten
+/* upon each call. Undefined bits cause a fatal run-time error.
+/* DIAGNOSTICS
+/* Fatal: str_ehlo_mask() found an undefined bit.
+/* LICENSE
+/* .ad
+/* .fi
+/* The Secure Mailer license must be distributed with this software.
+/* AUTHOR(S)
+/* Wietse Venema
+/* IBM T.J. Watson Research
+/* P.O. Box 704
+/* Yorktown Heights, NY 10598, USA
+/*--*/
+
+/* System library.*/
+
+#include <sys_defs.h>
+
+/* Utility library. */
+
+#include <name_mask.h>
+
+/* Global library. */
+
+#include <ehlo_mask.h>
+
+ /*
+ * The lookup table.
+ */
+static NAME_MASK ehlo_mask_table[] = {
+ "8BITMIME", EHLO_MASK_8BITMIME,
+ "AUTH", EHLO_MASK_AUTH,
+ "ETRN", EHLO_MASK_ETRN,
+ "PIPELINING", EHLO_MASK_PIPELINING,
+ "SIZE", EHLO_MASK_SIZE,
+ "VERP", EHLO_MASK_VERP,
+ "VRFY", EHLO_MASK_VRFY,
+ "XCLIENT", EHLO_MASK_XCLIENT,
+ "XFORWARD", EHLO_MASK_XFORWARD,
+ "STARTTLS", EHLO_MASK_STARTTLS,
+ 0,
+};
+
+/* ehlo_mask - string to bit mask */
+
+int ehlo_mask(const char *mask_str)
+{
+
+ /*
+ * We allow "STARTTLS" besides "starttls, because EHLO keywords are often
+ * spelled in uppercase. We ignore non-existent EHLO keywords so people
+ * can switch between Postfix versions without trouble.
+ */
+ return (name_mask_opt("ehlo string mask", ehlo_mask_table,
+ mask_str, NAME_MASK_ANY_CASE));
+}
+
+/* str_ehlo_mask - mask to string */
+
+const char *str_ehlo_mask(int mask_bits)
+{
+
+ /*
+ * We don't allow non-existent bits. Doing so makes no sense at this
+ * time.
+ */
+ return (str_name_mask_opt("ehlo bitmask", ehlo_mask_table,
+ mask_bits, NAME_MASK_NONE));
+}
+
+#ifdef TEST
+
+ /*
+ * Stand-alone test program.
+ */
+#include <vstream.h>
+#include <vstring.h>
+#include <vstring_vstream.h>
+
+int main(int unused_argc, char **unused_argv)
+{
+ int mask_bits;
+ VSTRING *buf = vstring_alloc(1);
+ const char *mask_string;
+
+ while (vstring_get_nonl(buf, VSTREAM_IN) != VSTREAM_EOF) {
+ mask_bits = ehlo_mask(vstring_str(buf));
+ mask_string = str_ehlo_mask(mask_bits);
+ vstream_printf("%s -> 0x%x -> %s\n", vstring_str(buf), mask_bits,
+ mask_string);
+ vstream_fflush(VSTREAM_OUT);
+ }
+ vstring_free(buf);
+ exit(0);
+}
+
+#endif
--- /dev/null
+#ifndef _EHLO_MASK_H_INCLUDED_
+#define _EHLO_MASK_H_INCLUDED_
+
+/*++
+/* NAME
+/* name_mask 3h
+/* SUMMARY
+/* map names to bit mask
+/* SYNOPSIS
+/* #include <name_mask.h>
+/* DESCRIPTION
+/* .nf
+
+ /*
+ * External interface.
+ */
+#define EHLO_MASK_8BITMIME (1<<0) /* start of first byte */
+#define EHLO_MASK_PIPELINING (1<<1)
+#define EHLO_MASK_SIZE (1<<2)
+#define EHLO_MASK_VRFY (1<<3)
+#define EHLO_MASK_ETRN (1<<4)
+#define EHLO_MASK_AUTH (1<<5)
+#define EHLO_MASK_VERP (1<<6)
+#define EHLO_MASK_STARTTLS (1<<7)
+
+#define EHLO_MASK_XCLIENT (1<<8) /* start of second byte */
+#define EHLO_MASK_XFORWARD (1<<9)
+
+extern int ehlo_mask(const char *);
+extern const char *str_ehlo_mask(int);
+
+/* LICENSE
+/* .ad
+/* .fi
+/* The Secure Mailer license must be distributed with this software.
+/* AUTHOR(S)
+/* Wietse Venema
+/* IBM T.J. Watson Research
+/* P.O. Box 704
+/* Yorktown Heights, NY 10598, USA
+/*--*/
+
+#endif
--- /dev/null
+starttls, 8bitmime, verp, etrn, etrn
+foobar, auth, pipelining, size, vrfy
+xclient, xforward
--- /dev/null
+starttls, 8bitmime, verp, etrn, etrn -> 0x51 -> 8BITMIME ETRN VERP
+foobar, auth, pipelining, size, vrfy -> 0x2e -> AUTH PIPELINING SIZE VRFY
+xclient, xforward -> 0x180 -> XCLIENT XFORWARD
#endif
extern char *var_local_rwr_clients;
+ /*
+ * EHLO keyword filter.
+ */
+#define VAR_SMTPD_EHLO_DIS_WORDS "smtpd_disable_ehlo_keywords"
+#define DEF_SMTPD_EHLO_DIS_WORDS ""
+extern char *var_smtpd_ehlo_dis_words;
+
+#define VAR_SMTPD_EHLO_DIS_MAPS "smtpd_disable_ehlo_keyword_address_maps"
+#define DEF_SMTPD_EHLO_DIS_MAPS ""
+extern char *var_smtpd_ehlo_dis_maps;
+
+#define VAR_SMTP_EHLO_DIS_WORDS "smtp_disable_ehlo_keywords"
+#define DEF_SMTP_EHLO_DIS_WORDS ""
+extern char *var_smtp_ehlo_dis_words;
+
+#define VAR_SMTP_EHLO_DIS_MAPS "smtp_disable_ehlo_keyword_address_maps"
+#define DEF_SMTP_EHLO_DIS_MAPS ""
+extern char *var_smtp_ehlo_dis_maps;
+
/* LICENSE
/* .ad
/* .fi
* Patches change the patchlevel and the release date. Snapshots change the
* release date only.
*/
-#define MAIL_RELEASE_DATE "20041215"
+#define MAIL_RELEASE_DATE "20041218"
#define MAIL_VERSION_NUMBER "2.2"
#define VAR_MAIL_VERSION "mail_version"
argv_add(env, "DOMAIN", state.msg_attr.domain, ARGV_END);
if (state.msg_attr.extension)
argv_add(env, "EXTENSION", state.msg_attr.extension, ARGV_END);
+
+#define EXPORT_REQUEST(name, value) \
+ if ((value)[0]) argv_add(env, (name), (value), ARGV_END);
+
+ EXPORT_REQUEST("CLIENT_HOSTNAME", state.msg_attr.request->client_name);
+ EXPORT_REQUEST("CLIENT_ADDRESS", state.msg_attr.request->client_addr);
+ EXPORT_REQUEST("CLIENT_HELO", state.msg_attr.request->client_helo);
+ EXPORT_REQUEST("CLIENT_PROTOCOL", state.msg_attr.request->client_proto);
+ EXPORT_REQUEST("SASL_METHOD", state.msg_attr.request->sasl_method);
+ EXPORT_REQUEST("SASL_SENDER", state.msg_attr.request->sasl_sender);
+ EXPORT_REQUEST("SASL_USERNAME", state.msg_attr.request->sasl_username);
+
argv_terminate(env);
/*
/* .IP \fBSENDER\fR
/* The entire sender address.
/* .PP
+/* Additional remote client information is made available via
+/* the following pseudo variables:
+/* .IP \fBCLIENT_ADDRESS\fR
+/* Remote client network address. Available as of Postfix 2.2.
+/* .IP \fBCLIENT_HELO\fR
+/* Remote client EHLO command parameter. Available as of Postfix 2.2.
+/* .IP \fBCLIENT_HOSTNAME\fR
+/* Remote client hostname. Available as of Postfix 2.2.
+/* .IP \fBCLIENT_PROTOCOL\fR
+/* Remote client protocol. Available as of Postfix 2.2.
+/* .IP \fBSASL_METHOD\fR
+/* SASL authentication method specified in the
+/* remote client AUTH command. Available as of Postfix 2.2.
+/* .IP \fBSASL_SENDER\fR
+/* SASL sender address specified in the remote client MAIL
+/* FROM command. Available as of Postfix 2.2.
+/* .IP \fBSASL_USERNAME\fR
+/* SASL username specified in the remote client AUTH command.
+/* Available as of Postfix 2.2.
+/* .PP
/* The \fBPATH\fR environment variable is always reset to a
/* system-dependent default path, and environment variables
/* whose names are blessed by the \fBexport_environment\fR
/* See mac_parse(3).
/* .PP
/* Attributes:
+/* .IP client_address
+/* The client network address.
+/* .IP client_helo
+/* The client HELO command parameter.
+/* .IP client_hostname
+/* The client hostname.
+/* .IP client_protocol
+/* The client protocol.
/* .IP domain
/* The recipient address domain.
/* .IP extension
/* The recipient delimiter.
/* .IP shell
/* The recipient shell program.
+/* .IP sasl_method
+/* The SASL authentication method.
+/* .IP sasl_sender
+/* The SASL MAIL FROM address.
+/* .IP sasl_username
+/* The SASL login name.
/* .IP user
/* The recipient user name.
/* .PP
return (local->state->msg_attr.extension);
} else if (STREQ(name, "recipient_delimiter")) {
return (*var_rcpt_delim ? var_rcpt_delim : 0);
+#if 0
+ } else if (STREQ(name, "client_hostname")) {
+ return (local->state->msg_attr.request->client_name);
+ } else if (STREQ(name, "client_address")) {
+ return (local->state->msg_attr.request->client_addr);
+ } else if (STREQ(name, "client_protocol")) {
+ return (local->state->msg_attr.request->client_proto);
+ } else if (STREQ(name, "client_helo")) {
+ return (local->state->msg_attr.request->client_helo);
+ } else if (STREQ(name, "sasl_method")) {
+ return (local->state->msg_attr.request->sasl_method);
+ } else if (STREQ(name, "sasl_sender")) {
+ return (local->state->msg_attr.request->sasl_sender);
+ } else if (STREQ(name, "sasl_username")) {
+ return (local->state->msg_attr.request->sasl_username);
+#endif
} else {
return (0);
}
/* $(\fIname\fR) are also recognized. Specify \fB$$\fR where a single
/* \fB$\fR is wanted.
/* .RS
+/* .IP \fB${\fBclient_address\fR}\fR
+/* This macro expands to the remote client network address.
+/* .sp
+/* This is available in Postfix 2.2 and later.
+/* .IP \fB${\fBclient_helo\fR}\fR
+/* This macro expands to the remote client HELO command parameter.
+/* .sp
+/* This is available in Postfix 2.2 and later.
+/* .IP \fB${\fBclient_hostname\fR}\fR
+/* This macro expands to the remote client hostname.
+/* .sp
+/* This is available in Postfix 2.2 and later.
+/* .IP \fB${\fBclient_protocol\fR}\fR
+/* This macro expands to the remote client protocol.
+/* .sp
+/* This is available in Postfix 2.2 and later.
/* .IP \fB${\fBextension\fR}\fR
/* This macro expands to the extension part of a recipient address.
/* For example, with an address \fIuser+foo@domain\fR the extension is
#define PIPE_DICT_EXTENSION "extension" /* key */
#define PIPE_DICT_MAILBOX "mailbox" /* key */
#define PIPE_DICT_SIZE "size" /* key */
+#define PIPE_DICT_CLIENT_ADDR "client_address" /* key */
+#define PIPE_DICT_CLIENT_NAME "client_hostname" /* key */
+#define PIPE_DICT_CLIENT_PROTO "client_protocol" /* key */
+#define PIPE_DICT_CLIENT_HELO "client_helo" /* key */
#define PIPE_DICT_SASL_METHOD "sasl_method" /* key */
#define PIPE_DICT_SASL_USERNAME "sasl_username" /* key */
#define PIPE_DICT_SASL_SENDER "sasl_sender" /* key */
PIPE_DICT_EXTENSION, PIPE_FLAG_EXTENSION,
PIPE_DICT_MAILBOX, PIPE_FLAG_MAILBOX,
PIPE_DICT_SIZE, 0,
+ PIPE_DICT_CLIENT_ADDR, 0,
+ PIPE_DICT_CLIENT_NAME, 0,
+ PIPE_DICT_CLIENT_PROTO, 0,
+ PIPE_DICT_CLIENT_HELO, 0,
PIPE_DICT_SASL_METHOD, 0,
PIPE_DICT_SASL_USERNAME, 0,
PIPE_DICT_SASL_SENDER, 0,
dict_update(PIPE_DICT_TABLE, PIPE_DICT_NEXTHOP, request->nexthop);
vstring_sprintf(buf, "%ld", (long) request->data_size);
dict_update(PIPE_DICT_TABLE, PIPE_DICT_SIZE, STR(buf));
+ dict_update(PIPE_DICT_TABLE, PIPE_DICT_CLIENT_ADDR,
+ request->client_addr);
+ dict_update(PIPE_DICT_TABLE, PIPE_DICT_CLIENT_HELO,
+ request->client_helo);
+ dict_update(PIPE_DICT_TABLE, PIPE_DICT_CLIENT_NAME,
+ request->client_name);
+ dict_update(PIPE_DICT_TABLE, PIPE_DICT_CLIENT_PROTO,
+ request->client_proto);
dict_update(PIPE_DICT_TABLE, PIPE_DICT_SASL_METHOD,
request->sasl_method);
- dict_update(PIPE_DICT_TABLE, PIPE_DICT_SASL_USERNAME,
+ dict_update(PIPE_DICT_TABLE, PIPE_DICT_SASL_USERNAME,
request->sasl_username);
dict_update(PIPE_DICT_TABLE, PIPE_DICT_SASL_SENDER,
request->sasl_sender);
/* SUMMARY
/* show Postfix queue file contents
/* SYNOPSIS
-/* \fBpostcat\fR [\fB-vq\fR] [\fB-c \fIconfig_dir\fR] [\fIfiles\fR...]
+/* \fBpostcat\fR [\fB-oqv\fR] [\fB-c \fIconfig_dir\fR] [\fIfiles\fR...]
/* DESCRIPTION
/* The \fBpostcat\fR command prints the contents of the named
/* \fIfiles\fR in human-readable form. The files are expected
/* .IP "\fB-c \fIconfig_dir\fR"
/* The \fBmain.cf\fR configuration file is in the named directory
/* instead of the default configuration directory.
+/* .IP \fB-o\fR
+/* Print the queue file offset of each record.
/* .IP \fB-q\fR
/* Search the Postfix queue for the named \fIfiles\fR instead
/* of taking the names literally.
/* Application-specific. */
#define PC_FLAG_QUEUE (1<<0) /* search queue */
+#define PC_FLAG_OFFSET (1<<1) /* print record offsets */
#define STR vstring_str
#define LEN VSTRING_LEN
/* postcat - visualize Postfix queue file contents */
-static void postcat(VSTREAM *fp, VSTRING *buffer)
+static void postcat(VSTREAM *fp, VSTRING *buffer, int flags)
{
int prev_type = 0;
int rec_type;
time_t time;
int first = 1;
int ch;
+ off_t offset;
#define TEXT_RECORD(rec_type) \
(rec_type == REC_TYPE_CONT || rec_type == REC_TYPE_NORM)
* Now look at the rest.
*/
for (;;) {
+ if (flags & PC_FLAG_OFFSET)
+ offset = vstream_ftell(fp);
rec_type = rec_get(fp, buffer, 0);
if (rec_type == REC_TYPE_ERROR)
msg_fatal("record read error");
vstream_printf("*** ENVELOPE RECORDS %s ***\n", VSTREAM_PATH(fp));
first = 0;
}
- if (prev_type == REC_TYPE_CONT && !TEXT_RECORD(rec_type))
+ if ((prev_type == REC_TYPE_CONT && !TEXT_RECORD(rec_type))
+ || !(flags & PC_FLAG_OFFSET))
VSTREAM_PUTCHAR('\n');
+ if (flags & PC_FLAG_OFFSET)
+ vstream_printf("%9lu ", (unsigned long) offset);
switch (rec_type) {
case REC_TYPE_TIME:
case REC_TYPE_WARN:
/*
* Parse JCL.
*/
- while ((ch = GETOPT(argc, argv, "c:qv")) > 0) {
+ while ((ch = GETOPT(argc, argv, "c:oqv")) > 0) {
switch (ch) {
case 'c':
if (setenv(CONF_ENV_PATH, optarg, 1) < 0)
msg_fatal("out of memory");
break;
+ case 'o':
+ flags |= PC_FLAG_OFFSET;
+ break;
case 'q':
flags |= PC_FLAG_QUEUE;
break;
vstream_control(VSTREAM_IN,
VSTREAM_CTL_PATH, "stdin",
VSTREAM_CTL_END);
- postcat(VSTREAM_IN, buffer);
+ postcat(VSTREAM_IN, buffer, flags);
}
/*
fp = mail_queue_open(*cpp, argv[optind], O_RDONLY, 0);
if (fp == 0)
msg_fatal("open queue file %s: %m", argv[optind]);
- postcat(fp, buffer);
+ postcat(fp, buffer, flags);
if (vstream_fclose(fp))
msg_warn("close %s: %m", argv[optind]);
optind++;
while (optind < argc) {
if ((fp = vstream_fopen(argv[optind], O_RDONLY, 0)) == 0)
msg_fatal("open %s: %m", argv[optind]);
- postcat(fp, buffer);
+ postcat(fp, buffer, flags);
if (vstream_fclose(fp))
msg_warn("close %s: %m", argv[optind]);
optind++;
smtp.o: ../../include/string_list.h
smtp.o: ../../include/match_list.h
smtp.o: ../../include/match_ops.h
+smtp.o: ../../include/maps.h
smtp.o: ../../include/mail_server.h
smtp.o: smtp.h
smtp.o: ../../include/htable.h
smtp_addr.o: ../../include/string_list.h
smtp_addr.o: ../../include/match_list.h
smtp_addr.o: ../../include/match_ops.h
+smtp_addr.o: ../../include/maps.h
+smtp_addr.o: ../../include/dict.h
smtp_addr.o: smtp_addr.h
smtp_chat.o: smtp_chat.c
smtp_chat.o: ../../include/sys_defs.h
smtp_chat.o: ../../include/string_list.h
smtp_chat.o: ../../include/match_list.h
smtp_chat.o: ../../include/match_ops.h
+smtp_chat.o: ../../include/maps.h
+smtp_chat.o: ../../include/dict.h
smtp_connect.o: smtp_connect.c
smtp_connect.o: ../../include/sys_defs.h
smtp_connect.o: ../../include/msg.h
smtp_connect.o: ../../include/string_list.h
smtp_connect.o: ../../include/match_list.h
smtp_connect.o: ../../include/match_ops.h
+smtp_connect.o: ../../include/maps.h
+smtp_connect.o: ../../include/dict.h
smtp_connect.o: smtp_addr.h
smtp_connect.o: smtp_reuse.h
smtp_proto.o: smtp_proto.c
smtp_proto.o: ../../include/attr.h
smtp_proto.o: ../../include/mime_state.h
smtp_proto.o: ../../include/header_opts.h
-smtp_proto.o: smtp.h
+smtp_proto.o: ../../include/ehlo_mask.h
+smtp_proto.o: ../../include/maps.h
+smtp_proto.o: ../../include/dict.h
smtp_proto.o: ../../include/argv.h
+smtp_proto.o: smtp.h
smtp_proto.o: ../../include/htable.h
smtp_proto.o: ../../include/scache.h
smtp_proto.o: ../../include/string_list.h
smtp_rcpt.o: ../../include/string_list.h
smtp_rcpt.o: ../../include/match_list.h
smtp_rcpt.o: ../../include/match_ops.h
+smtp_rcpt.o: ../../include/maps.h
+smtp_rcpt.o: ../../include/dict.h
smtp_reuse.o: smtp_reuse.c
smtp_reuse.o: ../../include/sys_defs.h
smtp_reuse.o: ../../include/msg.h
smtp_reuse.o: ../../include/string_list.h
smtp_reuse.o: ../../include/match_list.h
smtp_reuse.o: ../../include/match_ops.h
+smtp_reuse.o: ../../include/maps.h
+smtp_reuse.o: ../../include/dict.h
smtp_reuse.o: smtp_reuse.h
smtp_reuse.o: ../../include/dns.h
smtp_sasl_glue.o: smtp_sasl_glue.c
smtp_sasl_proto.o: ../../include/string_list.h
smtp_sasl_proto.o: ../../include/match_list.h
smtp_sasl_proto.o: ../../include/match_ops.h
+smtp_sasl_proto.o: ../../include/maps.h
+smtp_sasl_proto.o: ../../include/dict.h
smtp_sasl_proto.o: smtp_sasl.h
smtp_session.o: smtp_session.c
smtp_session.o: ../../include/sys_defs.h
smtp_session.o: ../../include/string_list.h
smtp_session.o: ../../include/match_list.h
smtp_session.o: ../../include/match_ops.h
+smtp_session.o: ../../include/maps.h
+smtp_session.o: ../../include/dict.h
smtp_state.o: smtp_state.c
smtp_state.o: ../../include/sys_defs.h
smtp_state.o: ../../include/mymalloc.h
smtp_state.o: ../../include/string_list.h
smtp_state.o: ../../include/match_list.h
smtp_state.o: ../../include/match_ops.h
+smtp_state.o: ../../include/maps.h
+smtp_state.o: ../../include/dict.h
smtp_state.o: smtp_sasl.h
smtp_trouble.o: smtp_trouble.c
smtp_trouble.o: ../../include/sys_defs.h
smtp_trouble.o: ../../include/string_list.h
smtp_trouble.o: ../../include/match_list.h
smtp_trouble.o: ../../include/match_ops.h
+smtp_trouble.o: ../../include/maps.h
+smtp_trouble.o: ../../include/dict.h
smtp_unalias.o: smtp_unalias.c
smtp_unalias.o: ../../include/sys_defs.h
smtp_unalias.o: ../../include/htable.h
smtp_unalias.o: ../../include/string_list.h
smtp_unalias.o: ../../include/match_list.h
smtp_unalias.o: ../../include/match_ops.h
+smtp_unalias.o: ../../include/maps.h
+smtp_unalias.o: ../../include/dict.h
/* .IP "\fBsmtp_skip_4xx_greeting (yes)\fR"
/* Skip SMTP servers that greet with a 4XX status code (go away, try
/* again later).
+/* .PP
+/* Available in Postfix version 2.2 and later:
+/* .IP "\fBsmtp_disable_ehlo_keyword_address_maps (empty)\fR"
+/* Lookup tables, indexed by the remote SMTP server address, with
+/* case insensitive lists of EHLO keywords (pipelining, starttls,
+/* auth, etc.) that the SMTP client will ignore in the EHLO response
+/* from a remote SMTP server.
+/* .IP "\fBsmtp_disable_ehlo_keywords (empty)\fR"
+/* A case insensitive list of EHLO keywords (pipelining, starttls,
+/* auth, etc.) that the SMTP client will ignore in the EHLO response
+/* from a remote SMTP server.
/* MIME PROCESSING CONTROLS
/* .ad
/* .fi
#include <flush_clnt.h>
#include <scache.h>
#include <string_list.h>
+#include <maps.h>
/* Single server skeleton. */
char *var_smtp_cache_dest;
char *var_scache_service;
bool var_smtp_cache_demand;
+char *var_smtp_ehlo_dis_words;
+char *var_smtp_ehlo_dis_maps;
/*
* Global variables. smtp_errno is set by the address lookup routines and by
int smtp_host_lookup_mask;
STRING_LIST *smtp_cache_dest;
SCACHE *smtp_scache;
+MAPS *smtp_ehlo_disable_maps;
/* deliver_message - deliver message with extreme prejudice */
*/
if (*var_smtp_cache_dest)
smtp_cache_dest = string_list_init(MATCH_FLAG_NONE, var_smtp_cache_dest);
+
+ /*
+ * EHLO keyword filter.
+ */
+ if (*var_smtp_ehlo_dis_maps)
+ smtp_ehlo_disable_maps = maps_create(VAR_SMTPD_EHLO_DIS_MAPS,
+ var_smtp_ehlo_dis_maps,
+ DICT_FLAG_LOCK);
}
/* pre_accept - see if tables have changed */
VAR_SMTP_HOST_LOOKUP, DEF_SMTP_HOST_LOOKUP, &var_smtp_host_lookup, 1, 0,
VAR_SMTP_CACHE_DEST, DEF_SMTP_CACHE_DEST, &var_smtp_cache_dest, 0, 0,
VAR_SCACHE_SERVICE, DEF_SCACHE_SERVICE, &var_scache_service, 1, 0,
+ VAR_SMTP_EHLO_DIS_WORDS, DEF_SMTP_EHLO_DIS_WORDS, &var_smtp_ehlo_dis_words, 0, 0,
+ VAR_SMTP_EHLO_DIS_MAPS, DEF_SMTP_EHLO_DIS_MAPS, &var_smtp_ehlo_dis_maps, 0, 0,
0,
};
static CONFIG_TIME_TABLE time_table[] = {
#include <deliver_request.h>
#include <scache.h>
#include <string_list.h>
+#include <maps.h>
/*
* State information associated with each SMTP delivery request.
extern SCACHE *smtp_scache; /* connection cache instance */
extern STRING_LIST *smtp_cache_dest; /* cached destinations */
+extern MAPS *smtp_ehlo_disable_maps; /* ehlo keyword filter */
+
/*
* smtp_session.c
*/
#include <quote_821_local.h>
#include <mail_proto.h>
#include <mime_state.h>
+#include <ehlo_mask.h>
+#include <maps.h>
/* Application-specific. */
0, 0,
};
SOCKOPT_SIZE optlen;
+ const char *ehlo_words;
+ int disable_mask;
/*
* Prepare for disaster.
return (0);
}
+ /*
+ * Determine what server EHLO keywords to ignore, typically to avoid
+ * inter-operability problems.
+ */
+ if (smtp_ehlo_disable_maps == 0
+ || (ehlo_words = maps_find(smtp_ehlo_disable_maps, state->session->addr, 0)) == 0)
+ ehlo_words = var_smtp_ehlo_dis_words;
+ disable_mask = ehlo_mask(ehlo_words);
+ if (disable_mask)
+ msg_info("disabled EHLO keywords: %s", str_ehlo_mask(disable_mask));
+
/*
* Pick up some useful features offered by the SMTP server. XXX Until we
* have a portable routine to convert from string to off_t with proper
lines = resp->str;
while ((words = mystrtok(&lines, "\n")) != 0) {
if (mystrtok(&words, "- ") && (word = mystrtok(&words, " \t=")) != 0) {
- if (strcasecmp(word, "8BITMIME") == 0)
- session->features |= SMTP_FEATURE_8BITMIME;
- else if (strcasecmp(word, "PIPELINING") == 0)
- session->features |= SMTP_FEATURE_PIPELINING;
- else if (strcasecmp(word, "XFORWARD") == 0)
- while ((word = mystrtok(&words, " \t")) != 0)
- session->features |= name_code(xforward_features,
+ if (strcasecmp(word, "8BITMIME") == 0) {
+ if ((disable_mask & EHLO_MASK_8BITMIME) == 0)
+ session->features |= SMTP_FEATURE_8BITMIME;
+ } else if (strcasecmp(word, "PIPELINING") == 0) {
+ if ((disable_mask & EHLO_MASK_PIPELINING) == 0)
+ session->features |= SMTP_FEATURE_PIPELINING;
+ } else if (strcasecmp(word, "XFORWARD") == 0) {
+ if ((disable_mask & EHLO_MASK_XFORWARD) == 0)
+ while ((word = mystrtok(&words, " \t")) != 0)
+ session->features |= name_code(xforward_features,
NAME_CODE_FLAG_NONE, word);
- else if (strcasecmp(word, "SIZE") == 0) {
- session->features |= SMTP_FEATURE_SIZE;
- if ((word = mystrtok(&words, " \t")) != 0) {
- if (!alldig(word))
- msg_warn("bad size limit \"%s\" in EHLO reply from %s",
- word, session->namaddr);
- else
- session->size_limit = off_cvt_string(word);
+ } else if (strcasecmp(word, "SIZE") == 0) {
+ if ((disable_mask & EHLO_MASK_SIZE) == 0) {
+ session->features |= SMTP_FEATURE_SIZE;
+ if ((word = mystrtok(&words, " \t")) != 0) {
+ if (!alldig(word))
+ msg_warn("bad EHLO SIZE limit \"%s\" from %s",
+ word, session->namaddr);
+ else
+ session->size_limit = off_cvt_string(word);
+ }
}
- }
#ifdef USE_SASL_AUTH
- else if (var_smtp_sasl_enable && strcasecmp(word, "AUTH") == 0)
- smtp_sasl_helo_auth(session, words);
+ } else if (var_smtp_sasl_enable && strcasecmp(word, "AUTH") == 0) {
+ if ((disable_mask & EHLO_MASK_AUTH) == 0)
+ smtp_sasl_helo_auth(session, words);
#endif
- else if (strcasecmp(word, var_myhostname) == 0) {
+ } else if (strcasecmp(word, var_myhostname) == 0) {
if (misc_flags & SMTP_MISC_FLAG_LOOP_DETECT) {
msg_warn("host %s replied to HELO/EHLO with my own hostname %s",
session->namaddr, var_myhostname);
smtpd.o: ../../include/lex_822.h
smtpd.o: ../../include/namadr_list.h
smtpd.o: ../../include/input_transp.h
+smtpd.o: ../../include/is_header.h
smtpd.o: ../../include/anvil_clnt.h
smtpd.o: ../../include/attr_clnt.h
+smtpd.o: ../../include/ehlo_mask.h
+smtpd.o: ../../include/maps.h
smtpd.o: ../../include/mail_server.h
smtpd.o: smtpd_token.h
smtpd.o: smtpd.h
/* access restriction is specified.
/* .IP "\fBsmtpd_sasl_exceptions_networks (empty)\fR"
/* What SMTP clients Postfix will not offer AUTH support to.
+/* .PP
+/* Available in Postfix version 2.2 and later:
+/* .IP "\fBsmtpd_disable_ehlo_keyword_address_maps (empty)\fR"
+/* Lookup tables, indexed by the remote SMTP client address, with
+/* case insensitive lists of EHLO keywords (pipelining, starttls,
+/* auth, etc.) that the SMTP server will not send in the EHLO response
+/* to a remote SMTP client.
+/* .IP "\fBsmtpd_disable_ehlo_keywords (empty)\fR"
+/* A case insensitive list of EHLO keywords (pipelining, starttls,
+/* auth, etc.) that the SMTP server will not send in the EHLO response
+/* to a remote SMTP client.
/* ADDRESS REWRITING CONTROLS
/* .ad
/* .fi
#include <anvil_clnt.h>
#endif
#include <flush_clnt.h>
+#include <ehlo_mask.h> /* ehlo filter */
+#include <maps.h> /* ehlo filter */
/* Single-threaded server skeleton. */
#endif
char *var_local_rwr_clients;
+char *var_smtpd_ehlo_dis_words;
+char *var_smtpd_ehlo_dis_maps;
/*
* Silly little macros.
#define STR(x) vstring_str(x)
#define LEN(x) VSTRING_LEN(x)
+ /*
+ * EHLO keyword filter
+ */
+static MAPS *ehlo_disable_maps;
+
/*
* VERP command name.
*/
static int ehlo_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
{
char *err;
+ int todo_mask;
+ const char *ehlo_words;
+ VSTRING *ehlo_buf;
/*
* XXX 2821 new feature: Section 4.1.4 specifies that a server must clear
rcpt_reset(state);
state->helo_name = mystrdup(printable(argv[1].strval, '?'));
neuter(state->helo_name, NEUTER_CHARACTERS, '?');
+
+ /*
+ * XXX reject_unauth_pipelining depends on the following. If the user
+ * sends EHLO then we announce PIPELINING and we can't accuse them of
+ * using pipelining in places where it is allowed.
+ *
+ * XXX The reject_unauth_pipelining test needs to change and also account
+ * for mechanisms that disable PIPELINING selectively.
+ */
if (strcasecmp(state->protocol, MAIL_PROTO_ESMTP) != 0) {
myfree(state->protocol);
state->protocol = mystrdup(MAIL_PROTO_ESMTP);
}
- smtpd_chat_reply(state, "250-%s", var_myhostname);
- smtpd_chat_reply(state, "250-PIPELINING");
- if (var_message_limit)
- smtpd_chat_reply(state, "250-SIZE %lu",
- (unsigned long) var_message_limit); /* XXX */
- else
- smtpd_chat_reply(state, "250-SIZE");
- if (var_disable_vrfy_cmd == 0)
- smtpd_chat_reply(state, "250-VRFY");
- smtpd_chat_reply(state, "250-ETRN");
+
+ /*
+ * Determine what server EHLO keywords to suppress, typically to avoid
+ * inter-operability problems.
+ */
+ if (ehlo_disable_maps == 0
+ || (ehlo_words = maps_find(ehlo_disable_maps, state->addr, 0)) == 0)
+ ehlo_words = var_smtpd_ehlo_dis_words;
+ todo_mask = ~ehlo_mask(ehlo_words);
+ if (~todo_mask)
+ msg_info("disabled EHLO keywords: %s", str_ehlo_mask(~todo_mask));
+
+ /*
+ * Build the EHLO response, suppressing features as requested. We store
+ * each output line in one-element output queue, where it sits until we
+ * know if we need to prepend "250-" or "250 " to it. Each time we
+ * enqueue a reply line we flush the one that sits in the queue. We use a
+ * couple ugly macros to avoid making mistakes in code that repeats a
+ * lot.
+ */
+#define ENQUEUE_FIX_REPLY(state, ehlo_buf, cmd) \
+ do { \
+ smtpd_chat_reply((state), "250-%s", STR(ehlo_buf)); \
+ vstring_strcpy((ehlo_buf), (cmd)); \
+ } while (0)
+
+#define ENQUEUE_FMT_REPLY(state, ehlo_buf, fmt, arg) \
+ do { \
+ smtpd_chat_reply((state), "250-%s", STR(ehlo_buf)); \
+ vstring_sprintf((ehlo_buf), (fmt), (arg)); \
+ } while (0)
+
+ ehlo_buf = vstring_alloc(10);
+ vstring_strcpy(ehlo_buf, var_myhostname);
+ if (todo_mask & EHLO_MASK_PIPELINING)
+ ENQUEUE_FIX_REPLY(state, ehlo_buf, "PIPELINING");
+ if (todo_mask & EHLO_MASK_SIZE) {
+ if (var_message_limit)
+ ENQUEUE_FMT_REPLY(state, ehlo_buf, "SIZE %lu",
+ (unsigned long) var_message_limit); /* XXX */
+ else
+ ENQUEUE_FIX_REPLY(state, ehlo_buf, "SIZE");
+ }
+ if (todo_mask & EHLO_MASK_VRFY)
+ if (var_disable_vrfy_cmd == 0)
+ ENQUEUE_FIX_REPLY(state, ehlo_buf, "VRFY");
+ if (todo_mask & EHLO_MASK_ETRN)
+ ENQUEUE_FIX_REPLY(state, ehlo_buf, "ETRN");
#ifdef USE_SASL_AUTH
- if (var_smtpd_sasl_enable && !sasl_client_exception(state)) {
- smtpd_chat_reply(state, "250-AUTH %s", state->sasl_mechanism_list);
- if (var_broken_auth_clients)
- smtpd_chat_reply(state, "250-AUTH=%s", state->sasl_mechanism_list);
+ if (todo_mask & EHLO_MASK_AUTH) {
+ if (var_smtpd_sasl_enable && !sasl_client_exception(state)) {
+ ENQUEUE_FMT_REPLY(state, ehlo_buf, "AUTH %s",
+ state->sasl_mechanism_list);
+ if (var_broken_auth_clients)
+ ENQUEUE_FMT_REPLY(state, ehlo_buf, "AUTH=%s",
+ state->sasl_mechanism_list);
+ }
}
#endif
- if (namadr_list_match(verp_clients, state->name, state->addr))
- smtpd_chat_reply(state, "250-%s", VERP_CMD);
+ if (todo_mask & EHLO_MASK_VERP)
+ if (namadr_list_match(verp_clients, state->name, state->addr))
+ ENQUEUE_FIX_REPLY(state, ehlo_buf, VERP_CMD);
/* XCLIENT must not override its own access control. */
- if (xclient_allowed)
- smtpd_chat_reply(state, "250-" XCLIENT_CMD
- " " XCLIENT_NAME " " XCLIENT_ADDR
- " " XCLIENT_PROTO " " XCLIENT_HELO);
- if (xforward_allowed)
- smtpd_chat_reply(state, "250-" XFORWARD_CMD
- " " XFORWARD_NAME " " XFORWARD_ADDR
- " " XFORWARD_PROTO " " XFORWARD_HELO
- " " XFORWARD_DOMAIN);
- smtpd_chat_reply(state, "250 8BITMIME");
+ if (todo_mask & EHLO_MASK_XCLIENT)
+ if (xclient_allowed)
+ ENQUEUE_FIX_REPLY(state, ehlo_buf, XCLIENT_CMD
+ " " XCLIENT_NAME " " XCLIENT_ADDR
+ " " XCLIENT_PROTO " " XCLIENT_HELO);
+ if (todo_mask & EHLO_MASK_XFORWARD)
+ if (xforward_allowed)
+ ENQUEUE_FIX_REPLY(state, ehlo_buf, XFORWARD_CMD
+ " " XFORWARD_NAME " " XFORWARD_ADDR
+ " " XFORWARD_PROTO " " XFORWARD_HELO
+ " " XFORWARD_DOMAIN);
+ if (todo_mask & EHLO_MASK_8BITMIME)
+ ENQUEUE_FIX_REPLY(state, ehlo_buf, "8BITMIME");
+ smtpd_chat_reply(state, "250 %s", STR(ehlo_buf));
+
+ /*
+ * Clean up.
+ */
+ vstring_free(ehlo_buf);
+
return (0);
}
* flush client.
*/
flush_init();
+
+ /*
+ * EHLO keyword filter.
+ */
+ if (*var_smtpd_ehlo_dis_maps)
+ ehlo_disable_maps = maps_create(VAR_SMTPD_EHLO_DIS_MAPS,
+ var_smtpd_ehlo_dis_maps,
+ DICT_FLAG_LOCK);
}
/* post_jail_init - post-jail initialization */
VAR_SMTPD_HOGGERS, DEF_SMTPD_HOGGERS, &var_smtpd_hoggers, 0, 0,
#endif
VAR_LOC_RWR_CLIENTS, DEF_LOC_RWR_CLIENTS, &var_local_rwr_clients, 0, 0,
+ VAR_SMTPD_EHLO_DIS_WORDS, DEF_SMTPD_EHLO_DIS_WORDS, &var_smtpd_ehlo_dis_words, 0, 0,
+ VAR_SMTPD_EHLO_DIS_MAPS, DEF_SMTPD_EHLO_DIS_MAPS, &var_smtpd_ehlo_dis_maps, 0, 0,
0,
};
static CONFIG_RAW_TABLE raw_table[] = {
/* const char *context;
/* NAME_MASK *table;
/* int mask;
+/*
+/* int name_mask_opt(context, table, names, flags)
+/* const char *context;
+/* NAME_MASK *table;
+/* const char *names;
+/* int flags;
+/*
+/* const char *str_name_mask_opt(context, table, mask, flags)
+/* const char *context;
+/* NAME_MASK *table;
+/* int mask;
+/* int flags;
/* DESCRIPTION
/* name_mask() takes a null-terminated \fItable\fR with (name, mask)
/* values and computes the bit-wise OR of the masks that correspond
/* The result is written to a static buffer that is overwritten
/* upon each call.
/*
-/* The \fIcontext\fR argument specifies what kind of names and
+/* name_mask_opt() and str_name_mask_opt() are extended versions
+/* with additional fine control.
+/*
+/* Arguments:
+/* .IP context
+/* What kind of names and
/* masks are being manipulated, in order to make error messages
/* more understandable. Typically, this would be the name of a
/* user-configurable parameter.
+/* .IP table
+/* Table with (name, bit mask) pairs.
+/* .IP names
+/* A list of names that is to be converted into a bit mask.
+/* .IP mask
+/* A bit mask.
+/* .IP flags
+/* Bit-wise OR of zero or more of the following:
+/* .RS
+/* .IP NAME_MASK_MATCH_REQ
+/* Require that all names listed in \fIname\fR exist in \fItable\fR,
+/* and that all bits listed in \fImask\fR exist in \fItable\fR.
+/* This feature is enabled by default when calling name_mask()
+/* or str_name_mask().
+/* .IP NAME_MASK_ANY_CASE
+/* Enable case-insensitive matching.
+/* This feature is not enabled by default when calling name_mask();
+/* it has no effect with str_name_mask().
+/* .RE
+/* The value NAME_MASK_NONE explicitly requests no features,
+/* and NAME_MASK_DEFAULT enables the default options.
/* DIAGNOSTICS
/* Fatal: the \fInames\fR argument specifies a name not found in
+/* \fItable\fR, or the \fImask\fR specifies a bit not found in
/* \fItable\fR.
/* LICENSE
/* .ad
#include <sys_defs.h>
#include <string.h>
+#ifdef STRCASECMP_IN_STRING_H
+#include <string.h>
+#endif
+
/* Utility library. */
#include <msg.h>
#define STR(x) vstring_str(x)
-/* name_mask - compute mask corresponding to list of names */
+/* name_mask_opt - compute mask corresponding to list of names */
-int name_mask(const char *context, NAME_MASK *table, const char *names)
+int name_mask_opt(const char *context, NAME_MASK *table, const char *names,
+ int flags)
{
char *myname = "name_mask";
char *saved_names = mystrdup(names);
*/
while ((name = mystrtok(&bp, ", \t\r\n")) != 0) {
for (np = table; /* void */ ; np++) {
- if (np->name == 0)
- msg_fatal("unknown %s value \"%s\" in \"%s\"",
- context, name, names);
- if (strcmp(name, np->name) == 0) {
+ if (np->name == 0) {
+ if (flags & NAME_MASK_MATCH_REQ)
+ msg_fatal("unknown %s value \"%s\" in \"%s\"",
+ context, name, names);
+ break;
+ }
+ if (((flags & NAME_MASK_ANY_CASE) ? strcasecmp : strcmp)
+ (name, np->name) == 0) {
if (msg_verbose)
msg_info("%s: %s", myname, name);
result |= np->mask;
return (result);
}
-/* str_name_mask - mask to string */
+/* str_name_mask_opt - mask to string */
-const char *str_name_mask(const char *context, NAME_MASK *table, int mask)
+const char *str_name_mask_opt(const char *context, NAME_MASK *table,
+ int mask, int flags)
{
char *myname = "name_mask";
NAME_MASK *np;
VSTRING_RESET(buf);
for (np = table; mask != 0; np++) {
- if (np->name == 0)
- msg_panic("%s: invalid %s bitmask: 0x%x", myname, context, mask);
+ if (np->name == 0) {
+ if (flags & NAME_MASK_MATCH_REQ)
+ msg_fatal("%s: invalid %s bit in mask: 0x%x",
+ myname, context, mask);
+ break;
+ }
if (mask & np->mask) {
mask &= ~np->mask;
vstring_sprintf_append(buf, "%s ", np->name);
return (STR(buf));
}
+ /*
+ * ABI backwards compatibility.
+ */
+#undef name_mask
+#undef str_name_mask
+
+int name_mask(const char *context, NAME_MASK *table, const char *names)
+{
+ return(name_mask_opt(context, table,names, NAME_MASK_DEFAULT));
+}
+
+const char *str_name_mask(const char *context, NAME_MASK *table, int mask)
+{
+ return(str_name_mask_opt(context, table, mask, NAME_MASK_DEFAULT));
+}
+
#ifdef TEST
/*
int mask;
} NAME_MASK;
-extern int name_mask(const char *, NAME_MASK *, const char *);
-extern const char *str_name_mask(const char *, NAME_MASK *, int);
+#define NAME_MASK_MATCH_REQ (1<<0)
+#define NAME_MASK_ANY_CASE (1<<1)
+
+#define NAME_MASK_NONE 0
+#define NAME_MASK_DEFAULT (NAME_MASK_MATCH_REQ)
+
+#define name_mask(tag, table, str) \
+ name_mask_opt((tag), (table), (str), NAME_MASK_DEFAULT)
+#define str_name_mask(tag, table, mask) \
+ str_name_mask_opt((tag), (table), (mask), NAME_MASK_DEFAULT)
+
+extern int name_mask_opt(const char *, NAME_MASK *, const char *, int);
+extern const char *str_name_mask_opt(const char *, NAME_MASK *, int, int);
/* LICENSE
/* .ad
projects / thirdparty / postfix.git / commitdiff
