Documentation: corrected the command time limit parameter
syntax in the spawn(8) manual page.
+ Feature: defer_if_permit and defer_if_reject actions in
+ access tables, mainly for use by the delegated policy
+ server. Files: smtpd/smtpd_check.c, proto/access.
+
+20030725
+
+ The dict_pgsql module did not use dict_alloc() and dict_free(),
+ causing improper initialization and a memory leak. Leandro
+ Santi. File: util/dict_pgsql.c.
+
+ Cleanup: added open_flags sanity checks to the dict_pgsql
+ and dict_mysql modules. These maps must be opened in
+ read-only mode.
+
Open problems:
Low: smtp-source may block when sending large test messages.
update_database($key, $time_stamp);
}
- # Specify DUNNO instead of OK so that the check_policy_service restriction
- # can be used in the middle of a restriction list.
+ # In case of success, return DUNNO instead of OK so that the
+ # check_policy_service restriction can be followed by other restrictions.
+ # In case of failure, specify DEFER_IF_PERMIT so that mail can
+ # still be blocked by other access restrictions.
syslog $syslog_priority, "request age %d", $now - $time_stamp if $verbose;
if ($now - $time_stamp > $greylist_delay) {
return "dunno";
} else {
- return "450 Service is unavailable";
+ return "defer_if_permit Service is unavailable";
}
}
-# ACCESS(5) ACCESS(5)
-#
-# NAME
-# access - format of Postfix access table
-#
-# SYNOPSIS
-# postmap /etc/postfix/access
-#
-# postmap -q "string" /etc/postfix/access
-#
-# postmap -q - /etc/postfix/access <inputfile
-#
-# DESCRIPTION
-# The optional access table directs the Postfix SMTP server
-# to selectively reject or accept mail. Access can be
-# allowed or denied for specific host names, domain names,
-# networks, host network addresses or mail addresses.
-#
-# Normally, the access table is specified as a text file
-# that serves as input to the postmap(1) command. The
-# result, an indexed file in dbm or db format, is used for
-# fast searching by the mail system. Execute the command
-# postmap /etc/postfix/access in order to rebuild the
-# indexed file after changing the access table.
-#
-# When the table is provided via other means such as NIS,
-# LDAP or SQL, the same lookups are done as for ordinary
-# indexed files.
-#
-# Alternatively, the table can be provided as a regular-
-# expression map where patterns are given as regular expres-
-# sions, or lookups can be directed to TCP-based server. In
-# that case, the lookups are done in a slightly different
-# way as described below under "REGULAR EXPRESSION TABLES"
-# and "TCP-BASED TABLES".
-#
-# TABLE FORMAT
-# The format of the access table is as follows:
-#
-# pattern action
-# When pattern matches a mail address, domain or host
-# address, perform the corresponding action.
-#
-# blank lines and comments
-# Empty lines and whitespace-only lines are ignored,
-# as are lines whose first non-whitespace character
-# is a `#'.
-#
-# multi-line text
-# A logical line starts with non-whitespace text. A
-# line that starts with whitespace continues a logi-
-# cal line.
-#
-# EMAIL ADDRESS PATTERNS
-# With lookups from indexed files such as DB or DBM, or from
-# networked tables such as NIS, LDAP or SQL, the following
-# lookup patterns are examined in the order as listed:
-#
-# user@domain
-# Matches the specified mail address.
-#
-# domain.tld
-# Matches domain.tld as the domain part of an email
-# address.
-#
-# The pattern domain.tld also matches subdomains, but
-# only when the string smtpd_access_maps is listed in
-# the Postfix parent_domain_matches_subdomains con-
-# figuration setting. Otherwise, specify .domain.tld
-# (note the initial dot) in order to match subdo-
-# mains.
-#
-# user@ Matches all mail addresses with the specified user
-# part.
-#
-# Note: lookup of the null sender address is not possible
-# with some types of lookup table. By default, Postfix uses
-# <> as the lookup key for such addresses. The value is
-# specified with the smtpd_null_access_lookup_key parameter
-# in the Postfix main.cf file.
-#
-# EMAIL ADDRESS EXTENSION
-# When a mail address localpart contains the optional recip-
-# ient delimiter (e.g., user+foo@domain), the lookup order
-# becomes: user+foo@domain, user@domain, domain, user+foo@,
-# and user@.
-#
-# HOST NAME/ADDRESS PATTERNS
-# With lookups from indexed files such as DB or DBM, or from
-# networked tables such as NIS, LDAP or SQL, the following
-# lookup patterns are examined in the order as listed:
-#
-# domain.tld
-# Matches domain.tld.
-#
-# The pattern domain.tld also matches subdomains, but
-# only when the string smtpd_access_maps is listed in
-# the Postfix parent_domain_matches_subdomains con-
-# figuration setting. Otherwise, specify .domain.tld
-# (note the initial dot) in order to match subdo-
-# mains.
-#
-# net.work.addr.ess
-#
-# net.work.addr
-#
-# net.work
-#
-# net Matches any host address in the specified network.
-# A network address is a sequence of one or more
-# octets separated by ".".
-#
-# NOTE: use the cidr lookup table type to specify
-# network/netmask patterns. See cidr_table(5) for
-# details.
-#
-# ACTIONS
-# [45]NN text
-# Reject the address etc. that matches the pattern,
-# and respond with the numerical code and text.
-#
-# REJECT
-#
-# REJECT optional text...
-# Reject the address etc. that matches the pattern.
-# Reply with $reject_code optional text... when the
-# optional text is specified, otherwise reply with a
-# generic error response message.
-#
-# OK Accept the address etc. that matches the pattern.
-#
-# all-numerical
-# An all-numerical result is treated as OK. This for-
-# mat is generated by address-based relay authoriza-
-# tion schemes.
-#
-# DUNNO Pretend that the lookup key was not found in this
-# table. This prevents Postfix from trying substrings
-# of the lookup key (such as a subdomain name, or a
-# network address subnetwork).
-#
-# HOLD
-#
-# HOLD optional text...
-# Place the message on the hold queue, where it will
-# sit until someone either deletes it or releases it
-# for delivery. Log the optional text if specified,
-# otherwise log a generic message.
-#
-# Mail that is placed on hold can be examined with
-# the postcat(1) command, and can be destroyed or
-# released with the postsuper(1) command.
-#
-# Note: this action currently affects all recipients
-# of the message.
-#
-# DISCARD
-#
-# DISCARD optional text...
-# Claim successful delivery and silently discard the
-# message. Log the optional text if specified, oth-
-# erwise log a generic message.
-#
-# Note: this action currently affects all recipients
-# of the message.
-#
-# FILTER transport:destination
-# After the message is queued, send the entire mes-
-# sage through a content filter. More information
-# about content filters is in the Postfix FIL-
-# TER_README file.
-#
-# Note: this action overrides the main.cf con-
-# tent_filter setting, and currently affects all
-# recipients of the message.
-#
-# REDIRECT user@domain
-# After the message is queued, send the message to
-# the specified address instead of the intended
-# recipient(s).
-#
-# Note: this action overrides the FILTER action, and
-# currently affects all recipients of the message.
-#
-# restriction...
-# Apply the named UCE restriction(s) (permit, reject,
-# reject_unauth_destination, and so on).
-#
-# REGULAR EXPRESSION TABLES
-# This section describes how the table lookups change when
-# the table is given in the form of regular expressions. For
-# a description of regular expression lookup table syntax,
-# see regexp_table(5) or pcre_table(5).
-#
-# Each pattern is a regular expression that is applied to
-# the entire string being looked up. Depending on the appli-
-# cation, that string is an entire client hostname, an
-# entire client IP address, or an entire mail address. Thus,
-# no parent domain or parent network search is done,
-# user@domain mail addresses are not broken up into their
-# user@ and domain constituent parts, nor is user+foo broken
-# up into user and foo.
-#
-# Patterns are applied in the order as specified in the
-# table, until a pattern is found that matches the search
-# string.
-#
-# Actions are the same as with indexed file lookups, with
-# the additional feature that parenthesized substrings from
-# the pattern can be interpolated as $1, $2 and so on.
-#
-# TCP-BASED TABLES
-# This section describes how the table lookups change when
-# lookups are directed to a TCP-based server. For a descrip-
-# tion of the TCP client/server lookup protocol, see
-# tcp_table(5).
-#
-# Each lookup operation uses the entire query string once.
-# Depending on the application, that string is an entire
-# client hostname, an entire client IP address, or an entire
-# mail address. Thus, no parent domain or parent network
-# search is done, user@domain mail addresses are not broken
-# up into their user@ and domain constituent parts, nor is
-# user+foo broken up into user and foo.
-#
-# Actions are the same as with indexed file lookups.
-#
-# BUGS
-# The table format does not understand quoting conventions.
-#
-# SEE ALSO
-# postmap(1) create lookup table
-# smtpd(8) smtp server
-# cidr_table(5) format of CIDR tables
-# pcre_table(5) format of PCRE tables
-# regexp_table(5) format of POSIX regular expression tables
-# tcp_table(5) TCP client/server table lookup protocol
-#
-# LICENSE
-# The Secure Mailer license must be distributed with this
-# software.
-#
-# AUTHOR(S)
-# Wietse Venema
-# IBM T.J. Watson Research
-# P.O. Box 704
-# Yorktown Heights, NY 10598, USA
-#
-# ACCESS(5)
# check_client_access maptype:mapname
# look up client name, parent domains, client address,
# or networks obtained by stripping octets.
-# Skip this lookup table if the result is DUNNO.
-# Reject the SMTP client if the result is REJECT text... or "[45]xx text"
-# Discard the message if the result is DISCARD text...
-# Hold the message in the queue if the result is HOLD text...
-# Release mail "on hold" with the postsuper(1) command.
-# Filter the message if the result is FILTER transport:nexthop.
-# Redirect the message if the result is REDIRECT user@domain.
-# Permit the SMTP client if the result is OK or all numerical.
+# see access(5) for possible lookup results.
# reject_rbl_client domain.tld: reject if the reversed client IP address
# is listed in an A record under domain.tld.
# Append e.g., "=127.0.0.2" to the RBL domain name to select a specific
# reject_non_fqdn_hostname: reject HELO hostname that is not in FQDN form
# check_helo_access maptype:mapname
# look up HELO hostname or parent domains.
-# Skip this lookup table if the result is DUNNO.
-# Reject the HELO command if the result is REJECT text... or "[45]xx text"
-# Discard the message if the result is DISCARD text...
-# Hold the message in the queue if the result is HOLD text...
-# Release mail "on hold" with the postsuper(1) command.
-# Filter the message if the result is FILTER transport:nexthop.
-# Redirect the message if the result is REDIRECT user@domain.
-# Permit the HELO command if the result is OK or all numerical.
+# see access(5) for possible lookup results.
# check_policy_service transport:endpoint: delegate the decision to
# an external policy server. See SMTPD_POLICY_README for details.
# reject: reject the request. Place this at the end of a restriction.
# in an A record under domain.tld.
# check_sender_access maptype:mapname
# look up sender address, parent domain, or localpart@.
-# Skip this lookup table if the result is DUNNO.
-# Reject the sender if the result is REJECT text... or "[45]xx text"
-# Discard the message if the result is DISCARD text...
-# Hold the message in the queue if the result is HOLD text...
-# Release mail "on hold" with the postsuper(1) command.
-# Filter the message if the result is FILTER transport:nexthop.
-# Redirect the message if the result is REDIRECT user@domain.
-# Permit the sender if the result is OK or all numerical.
+# see access(5) for possible lookup results.
# reject_sender_login_mismatch: reject if $smtpd_sender_login_maps specifies
# a MAIL FROM address owner, but the client is not (SASL) logged in as
# that MAIL FROM address owner; or if the client is (SASL) logged in, but
# reject_unknown_recipient_domain: reject domains without A or MX record.
# check_recipient_access maptype:mapname
# look up recipient address, parent domain, or localpart@.
-# Skip this lookup table if the result is DUNNO.
-# Reject the recipient if the result is REJECT text... or "[45]xx text"
-# Discard the message if the result is DISCARD text...
-# Hold the message in the queue if the result is HOLD text...
-# Release mail "on hold" with the postsuper(1) command.
-# Filter the message if the result is FILTER transport:nexthop.
-# Redirect the message if the result is REDIRECT user@domain.
-# Permit the recipient if the result is OK or all numerical.
+# see access(5) for possible lookup results.
# reject_non_fqdn_recipient: reject recipient address that is not in FQDN form
# check_policy_service transport:endpoint: delegate the decision to
# an external policy server. See SMTPD_POLICY_README for details.
# To use this from Postfix SMTPD, use in /etc/postfix/main.cf:
#
# smtpd_recipient_restrictions =
-# ... reject_unauth_destination
-# check_policy_service unix:private/policy ...
+# ...
+# reject_unauth_destination
+# check_policy_service unix:private/policy
+# ...
#
# NOTE: specify check_policy_service AFTER reject_unauth_destination
# or else your system can become an open relay.
update_database($key, $time_stamp);
}
- # Specify DUNNO instead of OK so that the check_policy_service restriction
- # can be followed by other restrictions.
+ # In case of success, return DUNNO instead of OK so that the
+ # check_policy_service restriction can be followed by other restrictions.
+ # In case of failure, specify DEFER_IF_PERMIT so that mail can
+ # still be blocked by other access restrictions.
syslog $syslog_priority, "request age %d", $now - $time_stamp if $verbose;
if ($now - $time_stamp > $greylist_delay) {
return "dunno";
} else {
- return "450 Service is unavailable";
+ return "defer_if_permit Service is unavailable";
}
}
address.
The pattern <i>domain.tld</i> also matches subdomains, but
- only when the string <b>smtpd</b><i>_</i><b>access</b><i>_</i><b>maps</b> is listed in
- the Postfix <b>parent</b><i>_</i><b>domain</b><i>_</i><b>matches</b><i>_</i><b>subdomains</b> con-
+ only when the string <b>smtpd_access_maps</b> is listed in
+ the Postfix <b>parent_domain_matches_subdomains</b> con-
figuration setting. Otherwise, specify <i>.domain.tld</i>
(note the initial dot) in order to match subdo-
mains.
Note: lookup of the null sender address is not possible
with some types of lookup table. By default, Postfix uses
<> as the lookup key for such addresses. The value is
- specified with the <b>smtpd</b><i>_</i><b>null</b><i>_</i><b>access</b><i>_</i><b>lookup</b><i>_</i><b>key</b> parameter
+ specified with the <b>smtpd_null_access_lookup_key</b> parameter
in the Postfix <b>main.cf</b> file.
<b>EMAIL ADDRESS EXTENSION</b>
Matches <i>domain.tld</i>.
The pattern <i>domain.tld</i> also matches subdomains, but
- only when the string <b>smtpd</b><i>_</i><b>access</b><i>_</i><b>maps</b> is listed in
- the Postfix <b>parent</b><i>_</i><b>domain</b><i>_</i><b>matches</b><i>_</i><b>subdomains</b> con-
+ only when the string <b>smtpd_access_maps</b> is listed in
+ the Postfix <b>parent_domain_matches_subdomains</b> con-
figuration setting. Otherwise, specify <i>.domain.tld</i>
(note the initial dot) in order to match subdo-
mains.
<b>REJECT</b> <i>optional text...</i>
Reject the address etc. that matches the pattern.
- Reply with <i>$reject_code optional text...</i> when the
+ Reply with <i>$reject</i><b>_</b><i>code optional text...</i> when the
optional text is specified, otherwise reply with a
generic error response message.
+ <b>DEFER_IF_REJECT</b>
+
+ <b>DEFER_IF_REJECT</b> <i>optional text...</i>
+ Defer the request if some later restriction would
+ result in a REJECT action. Reply with "<b>450</b> <i>optional</i>
+ <i>text...</i> when the optional text is specified, other-
+ wise reply with a generic error response message.
+
+ <b>DEFER_IF_PERMIT</b>
+
+ <b>DEFER_IF_PERMIT</b> <i>optional text...</i>
+ Defer the request if some later restriction would
+ result in a PERMIT action (there is an implied PER-
+ MIT at the end of each restriction list). Reply
+ with "<b>450</b> <i>optional text...</i> when the optional text
+ is specified, otherwise reply with a generic error
+ response message.
+
<b>OK</b> Accept the address etc. that matches the pattern.
<i>all-numerical</i>
TER_README file.
Note: this action overrides the <b>main.cf con-</b>
- <b>tent</b><i>_</i><b>filter</b> setting, and currently affects all
+ <b>tent_filter</b> setting, and currently affects all
recipients of the message.
<b>REDIRECT</b> <i>user@domain</i>
<i>restriction...</i>
Apply the named UCE restriction(s) (<b>permit</b>, <b>reject</b>,
- <b>reject</b><i>_</i><b>unauth</b><i>_</i><b>destination</b>, and so on).
+ <b>reject_unauth_destination</b>, and so on).
<b>REGULAR EXPRESSION TABLES</b>
This section describes how the table lookups change when
the table is given in the form of regular expressions. For
a description of regular expression lookup table syntax,
- see <a href="regexp_table.5.html"><b>regexp</b><i>_</i><b>table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre</b><i>_</i><b>table</b>(5)</a>.
+ see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
Each pattern is a regular expression that is applied to
the entire string being looked up. Depending on the appli-
This section describes how the table lookups change when
lookups are directed to a TCP-based server. For a descrip-
tion of the TCP client/server lookup protocol, see
- <b>tcp</b><i>_</i><b>table</b>(5).
+ <a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>.
Each lookup operation uses the entire query string once.
Depending on the application, that string is an entire
postalias - Postfix alias database maintenance
<b>SYNOPSIS</b>
- <b>postalias</b> [<b>-Nfinoprvw</b>] [<b>-c</b> <i>config_dir</i>] [<b>-d</b> <i>key</i>] [<b>-q</b> <i>key</i>]
- [<i>file_type</i>:]<i>file_name</i> ...
+ <b>postalias</b> [<b>-Nfinoprvw</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] [<b>-d</b> <i>key</i>] [<b>-q</b> <i>key</i>]
+ [<i>file</i><b>_</b><i>type</i>:]<i>file</i><b>_</b><i>name</i> ...
<b>DESCRIPTION</b>
The <b>postalias</b> command creates or queries one or more Post-
Options:
- <b>-N</b> Include the terminating null character that termi-
- nates lookup keys and values. By default, Postfix
- does whatever is the default for the host operating
- system.
-
- <b>-c</b> <i>config_dir</i>
- Read the <b>main.cf</b> configuration file in the named
+ <b>-c</b> <i>config</i><b>_</b><i>dir</i>
+ Read the <b>main.cf</b> configuration file in the named
directory instead of the default configuration
directory.
- <b>-d</b> <i>key</i> Search the specified maps for <i>key</i> and remove one
- entry per map. The exit status is zero when the
+ <b>-d</b> <i>key</i> Search the specified maps for <i>key</i> and remove one
+ entry per map. The exit status is zero when the
requested information was found.
If a key value of <b>-</b> is specified, the program reads
key values from the standard input stream. The exit
- status is zero when at least one of the requested
+ status is zero when at least one of the requested
keys was found.
<b>-f</b> Do not fold the lookup key to lower case while cre-
ating or querying a map.
- <b>-i</b> Incremental mode. Read entries from standard input
+ <b>-i</b> Incremental mode. Read entries from standard input
and do not truncate an existing database. By
- default, <b>postalias</b> creates a new database from the
- entries in <i>file_name</i>.
+ default, <b>postalias</b> creates a new database from the
+ entries in <i>file</i><b>_</b><i>name</i>.
+
+ <b>-N</b> Include the terminating null character that termi-
+ nates lookup keys and values. By default, Postfix
+ does whatever is the default for the host operating
+ system.
<b>-n</b> Don't include the terminating null character that
terminates lookup keys and values. By default,
If a key value of <b>-</b> is specified, the program reads
key values from the standard input stream and
- prints one line of <i>key:</i> <i>value</i> output for each key
+ prints one line of <i>key: value</i> output for each key
that was found. The exit status is zero when at
least one of the requested keys was found.
Arguments:
- <i>file_type</i>
+ <i>file</i><b>_</b><i>type</i>
The type of database to be produced.
<b>btree</b> The output is a btree file, named
- <i>file_name</i><b>.db</b>. This is available only on
+ <i>file</i><b>_</b><i>name</i><b>.db</b>. This is available only on
systems with support for <b>db</b> databases.
<b>dbm</b> The output consists of two files, named
- <i>file_name</i><b>.pag</b> and <i>file_name</i><b>.dir</b>. This is
+ <i>file</i><b>_</b><i>name</i><b>.pag</b> and <i>file</i><b>_</b><i>name</i><b>.dir</b>. This is
available only on systems with support for
<b>dbm</b> databases.
<b>hash</b> The output is a hashed file, named
- <i>file_name</i><b>.db</b>. This is available only on
+ <i>file</i><b>_</b><i>name</i><b>.db</b>. This is available only on
systems with support for <b>db</b> databases.
- Use the command <b>postconf</b> <b>-m</b> to find out what types
+ Use the command <b>postconf -m</b> to find out what types
of database your Postfix installation can support.
- When no <i>file_type</i> is specified, the software uses
+ When no <i>file</i><b>_</b><i>type</i> is specified, the software uses
the database type specified via the
- <b>default</b><i>_</i><b>database</b><i>_</i><b>type</b> configuration parameter. The
+ <b>default_database_type</b> configuration parameter. The
default value for this parameter depends on the
host environment.
- <i>file_name</i>
+ <i>file</i><b>_</b><i>name</i>
The name of the alias database source file when
creating a database.
skipped and are flagged with a warning.
<b>postalias</b> terminates with zero exit status in case of suc-
- cess (including successful <b>postalias</b> <b>-q</b> lookup) and termi-
+ cess (including successful <b>postalias -q</b> lookup) and termi-
nates with non-zero exit status in case of failure.
<b>ENVIRONMENT</b>
- <b>MAIL</b><i>_</i><b>CONFIG</b>
+ <b>MAIL_CONFIG</b>
Directory with Postfix configuration files.
- <b>MAIL</b><i>_</i><b>VERBOSE</b>
+ <b>MAIL_VERBOSE</b>
Enable verbose logging for debugging purposes.
-<b>CONFIGURATION</b> <b>PARAMETERS</b>
+<b>CONFIGURATION PARAMETERS</b>
The following <b>main.cf</b> parameters are especially relevant
to this program. See the Postfix <b>main.cf</b> file for syntax
details and for default values.
- <b>default</b><i>_</i><b>database</b><i>_</i><b>type</b>
+ <b>default_database_type</b>
Default database type. On many UNIX systems, the
default type is either <b>dbm</b> or <b>hash</b>.
- <b>berkeley</b><i>_</i><b>db</b><i>_</i><b>create</b><i>_</i><b>buffer</b><i>_</i><b>size</b>
+ <b>berkeley_db_create_buffer_size</b>
Amount of buffer memory to be used when creating a
Berkeley DB <b>hash</b> or <b>btree</b> lookup table.
- <b>berkeley</b><i>_</i><b>db</b><i>_</i><b>read</b><i>_</i><b>buffer</b><i>_</i><b>size</b>
+ <b>berkeley_db_read_buffer_size</b>
Amount of buffer memory to be used when reading a
Berkeley DB <b>hash</b> or <b>btree</b> lookup table.
<b>STANDARDS</b>
<a href="http://www.faqs.org/rfcs/rfc822.html">RFC 822</a> (ARPA Internet Text Messages)
-<b>SEE</b> <b>ALSO</b>
+<b>SEE ALSO</b>
<a href="aliases.5.html">aliases(5)</a> format of alias database input file.
local(5) Postfix local delivery agent.
<a href="sendmail.1.html">sendmail(1)</a> mail posting and compatibility interface.
postmap - Postfix lookup table management
<b>SYNOPSIS</b>
- <b>postmap</b> [<b>-Nfinoprvw</b>] [<b>-c</b> <i>config_dir</i>] [<b>-d</b> <i>key</i>] [<b>-q</b> <i>key</i>]
- [<i>file_type</i>:]<i>file_name</i> ...
+ <b>postmap</b> [<b>-Nfinoprvw</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] [<b>-d</b> <i>key</i>] [<b>-q</b> <i>key</i>]
+ [<i>file</i><b>_</b><i>type</i>:]<i>file</i><b>_</b><i>name</i> ...
<b>DESCRIPTION</b>
The <b>postmap</b> command creates or queries one or more Postfix
lookup tables, or updates an existing one. The input and
output file formats are expected to be compatible with:
- <b>makemap</b> <i>file_type</i> <i>file_name</i> < <i>file_name</i>
+ <b>makemap</b> <i>file</i><b>_</b><i>type file</i><b>_</b><i>name</i> < <i>file</i><b>_</b><i>name</i>
If the result files do not exist they will be created with
the same group and other read permissions as the source
the entire table, in order to avoid surprises in spectator
programs.
-<b>INPUT</b> <b>FILE</b> <b>FORMAT</b>
+<b>INPUT FILE FORMAT</b>
The format of a lookup table input file is as follows:
<b>o</b> A table entry has the form
whitespace. The <i>key</i> is mapped to lowercase to make mapping
lookups case insensitive.
-<b>COMMAND-LINE</b> <b>ARGUMENTS</b>
- <b>-N</b> Include the terminating null character that termi-
- nates lookup keys and values. By default, Postfix
- does whatever is the default for the host operating
- system.
-
- <b>-c</b> <i>config_dir</i>
- Read the <b>main.cf</b> configuration file in the named
+<b>COMMAND-LINE ARGUMENTS</b>
+ <b>-c</b> <i>config</i><b>_</b><i>dir</i>
+ Read the <b>main.cf</b> configuration file in the named
directory instead of the default configuration
directory.
- <b>-d</b> <i>key</i> Search the specified maps for <i>key</i> and remove one
- entry per map. The exit status is zero when the
+ <b>-d</b> <i>key</i> Search the specified maps for <i>key</i> and remove one
+ entry per map. The exit status is zero when the
requested information was found.
If a key value of <b>-</b> is specified, the program reads
key values from the standard input stream. The exit
- status is zero when at least one of the requested
+ status is zero when at least one of the requested
keys was found.
<b>-f</b> Do not fold the lookup key to lower case while cre-
ating or querying a map.
- <b>-i</b> Incremental mode. Read entries from standard input
+ <b>-i</b> Incremental mode. Read entries from standard input
and do not truncate an existing database. By
- default, <b>postmap</b> creates a new database from the
- entries in <b>file</b><i>_</i><b>name</b>.
+ default, <b>postmap</b> creates a new database from the
+ entries in <b>file_name</b>.
+
+ <b>-N</b> Include the terminating null character that termi-
+ nates lookup keys and values. By default, Postfix
+ does whatever is the default for the host operating
+ system.
<b>-n</b> Don't include the terminating null character that
terminates lookup keys and values. By default,
If a key value of <b>-</b> is specified, the program reads
key values from the standard input stream and
- prints one line of <i>key</i> <i>value</i> output for each key
+ prints one line of <i>key value</i> output for each key
that was found. The exit status is zero when at
least one of the requested keys was found.
Arguments:
- <i>file_type</i>
+ <i>file</i><b>_</b><i>type</i>
The type of database to be produced.
<b>btree</b> The output file is a btree file, named
- <i>file_name</i><b>.db</b>. This is available only on
+ <i>file</i><b>_</b><i>name</i><b>.db</b>. This is available only on
systems with support for <b>db</b> databases.
<b>dbm</b> The output consists of two files, named
- <i>file_name</i><b>.pag</b> and <i>file_name</i><b>.dir</b>. This is
+ <i>file</i><b>_</b><i>name</i><b>.pag</b> and <i>file</i><b>_</b><i>name</i><b>.dir</b>. This is
available only on systems with support for
<b>dbm</b> databases.
<b>hash</b> The output file is a hashed file, named
- <i>file_name</i><b>.db</b>. This is available only on
+ <i>file</i><b>_</b><i>name</i><b>.db</b>. This is available only on
systems with support for <b>db</b> databases.
- Use the command <b>postconf</b> <b>-m</b> to find out what types
+ Use the command <b>postconf -m</b> to find out what types
of database your Postfix installation can support.
- When no <i>file_type</i> is specified, the software uses
+ When no <i>file</i><b>_</b><i>type</i> is specified, the software uses
the database type specified via the
- <b>default</b><i>_</i><b>database</b><i>_</i><b>type</b> configuration parameter.
+ <b>default_database_type</b> configuration parameter.
- <i>file_name</i>
+ <i>file</i><b>_</b><i>name</i>
The name of the lookup table source file when
rebuilding a database.
skipped and are flagged with a warning.
<b>postmap</b> terminates with zero exit status in case of suc-
- cess (including successful <b>postmap</b> <b>-q</b> lookup) and termi-
+ cess (including successful <b>postmap -q</b> lookup) and termi-
nates with non-zero exit status in case of failure.
<b>ENVIRONMENT</b>
- <b>MAIL</b><i>_</i><b>CONFIG</b>
+ <b>MAIL_CONFIG</b>
Directory with Postfix configuration files.
- <b>MAIL</b><i>_</i><b>VERBOSE</b>
+ <b>MAIL_VERBOSE</b>
Enable verbose logging for debugging purposes.
-<b>CONFIGURATION</b> <b>PARAMETERS</b>
- <b>default</b><i>_</i><b>database</b><i>_</i><b>type</b>
+<b>CONFIGURATION PARAMETERS</b>
+ <b>default_database_type</b>
Default output database type. On many UNIX sys-
tems, the default database type is either <b>hash</b> or
<b>dbm</b>.
- <b>berkeley</b><i>_</i><b>db</b><i>_</i><b>create</b><i>_</i><b>buffer</b><i>_</i><b>size</b>
+ <b>berkeley_db_create_buffer_size</b>
Amount of buffer memory to be used when creating a
Berkeley DB <b>hash</b> or <b>btree</b> lookup table.
- <b>berkeley</b><i>_</i><b>db</b><i>_</i><b>read</b><i>_</i><b>buffer</b><i>_</i><b>size</b>
+ <b>berkeley_db_read_buffer_size</b>
Amount of buffer memory to be used when reading a
Berkeley DB <b>hash</b> or <b>btree</b> lookup table.
<dt> <i>maptype</i>:<i>mapname</i> <dd> Search the named <a
href="access.5.html">access database</a> for the domain specified
-in the ETRN command, or its parent domains. Reject the request if
-the result is <b>REJECT</b> <i>text...</i> or "[<b>45</b>]<i>XX
-text</i>". Permit
-the request if the result is <b>OK</b> or <b>RELAY</b> or
-all-numerical. Otherwise, treat the result as another list of UCE
-restrictions. The <b>access_map_reject_code </b> parameter specifies
-the result code for rejected requests (default: <b>554</b>).
+in the ETRN command, or its parent domains.
<p>
etc., must be configured via virtual_alias maps or via
similar lookup mechanisms.
-<b>MAILBOX</b> <b>LOCATION</b>
- The mailbox location is controlled by the <b>virtual</b><i>_</i><b>mail-</b>
- <b>box</b><i>_</i><b>base</b> and <b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>maps</b> configuration parameters
- (see below). The <b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>maps</b> table is indexed by
+<b>MAILBOX LOCATION</b>
+ The mailbox location is controlled by the <b>virtual_mail-</b>
+ <b>box_base</b> and <b>virtual_mailbox_maps</b> configuration parameters
+ (see below). The <b>virtual_mailbox_maps</b> table is indexed by
the recipient address as described under TABLE SEARCH
ORDER below.
The mailbox pathname is constructed as follows:
- <b>$virtual</b><i>_</i><b>mailbox</b><i>_</i><b>base/$virtual</b><i>_</i><b>mailbox</b><i>_</i><b>maps(</b><i>recipient</i><b>)</b>
+ <b>$virtual_mailbox_base/$virtual_mailbox_maps(</b><i>recipient</i><b>)</b>
where <i>recipient</i> is the full recipient address.
-<b>UNIX</b> <b>MAILBOX</b> <b>FORMAT</b>
+<b>UNIX MAILBOX FORMAT</b>
When the mailbox location does not end in <b>/</b>, the message
is delivered in UNIX mailbox format. This format stores
multiple messages in one textfile.
The <b>virtual</b> delivery agent prepends a "<b>From</b> <i>sender</i>
- <i>time_stamp</i>" envelope header to each message, prepends a
+ <i>time</i><b>_</b><i>stamp</i>" envelope header to each message, prepends a
<b>Delivered-To:</b> message header with the envelope recipient
address, prepends an <b>X-Original-To:</b> header with the recip-
ient address as given to Postfix, prepends a <b>Return-Path:</b>
is in progress. In case of problems, an attempt is made to
truncate the mailbox to its original length.
-<b>QMAIL</b> <b>MAILDIR</b> <b>FORMAT</b>
+<b>QMAIL MAILDIR FORMAT</b>
When the mailbox location ends in <b>/</b>, the message is deliv-
ered in qmail <b>maildir</b> format. This format stores one mes-
sage per file.
address as given to Postfix, and prepends a <b>Return-Path:</b>
message header with the envelope sender address.
- By definition, <b>maildir</b> format does not require file lock-
- ing during mail delivery or retrieval.
+ By definition, <b>maildir</b> format does not require applica-
+ tion-level file locking during mail delivery or retrieval.
-<b>MAILBOX</b> <b>OWNERSHIP</b>
- Mailbox ownership is controlled by the <b>virtual</b><i>_</i><b>uid</b><i>_</i><b>maps</b>
- and <b>virtual</b><i>_</i><b>gid</b><i>_</i><b>maps</b> lookup tables, which are indexed with
- the full recipient address. Each table provides a string
+<b>MAILBOX OWNERSHIP</b>
+ Mailbox ownership is controlled by the <b>virtual_uid_maps</b>
+ and <b>virtual_gid_maps</b> lookup tables, which are indexed with
+ the full recipient address. Each table provides a string
with the numerical user and group ID, respectively.
- The <b>virtual</b><i>_</i><b>minimum</b><i>_</i><b>uid</b> parameter imposes a lower bound on
+ The <b>virtual_minimum_uid</b> parameter imposes a lower bound on
numerical user ID values that may be specified in any <b>vir-</b>
- <b>tual</b><i>_</i><b>uid</b><i>_</i><b>maps</b>.
+ <b>tual_uid_maps</b>.
-<b>TABLE</b> <b>SEARCH</b> <b>ORDER</b>
- Normally, a lookup table is specified as a text file that
- serves as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> command. The result, an
+<b>TABLE SEARCH ORDER</b>
+ Normally, a lookup table is specified as a text file that
+ serves as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> command. The result, an
indexed file in <b>dbm</b> or <b>db</b> format, is used for fast search-
ing by the mail system.
The canonical search order is as follows. The search stops
upon the first successful lookup.
- <b>o</b> When the recipient has an optional address exten-
- sion the <i>user+extension@domain.tld</i> address is
+ <b>o</b> When the recipient has an optional address exten-
+ sion the <i>user+extension@domain.tld</i> address is
looked up first.
<b>o</b> The <i>user@domain.tld</i> address, without address exten-
<b>o</b> Finally, the recipient <i>@domain</i> is looked up.
- When the table is provided via other means such as NIS,
- LDAP or SQL, the same lookups are done as for ordinary
+ When the table is provided via other means such as NIS,
+ LDAP or SQL, the same lookups are done as for ordinary
indexed files.
- Alternatively, a table can be provided as a regular-
+ Alternatively, a table can be provided as a regular-
expression map where patterns are given as regular expres-
- sions. In that case, only the full recipient address is
+ sions. In that case, only the full recipient address is
given to the regular-expression map.
<b>SECURITY</b>
The virtual delivery agent is not security sensitive, pro-
- vided that the lookup tables with recipient user/group ID
- information are adequately protected. This program is not
+ vided that the lookup tables with recipient user/group ID
+ information are adequately protected. This program is not
designed to run chrooted.
<b>STANDARDS</b>
recipient is over disk quota. In all other cases, mail for
an existing recipient is deferred and a warning is logged.
- Problems and transactions are logged to <b>syslogd</b>(8). Cor-
- rupted message files are marked so that the queue manager
+ Problems and transactions are logged to <b>syslogd</b>(8). Cor-
+ rupted message files are marked so that the queue manager
can move them to the <b>corrupt</b> queue afterwards.
- Depending on the setting of the <b>notify</b><i>_</i><b>classes</b> parameter,
- the postmaster is notified of bounces and of other trou-
+ Depending on the setting of the <b>notify_classes</b> parameter,
+ the postmaster is notified of bounces and of other trou-
ble.
<b>BUGS</b>
- This delivery agent supports address extensions in email
+ This delivery agent supports address extensions in email
addresses and in lookup table keys, but does not propagate
- address extension information to the result of table
+ address extension information to the result of table
lookup.
Postfix should have lookup tables that can return multiple
- result attributes. In order to avoid the inconvenience of
+ result attributes. In order to avoid the inconvenience of
maintaining three tables, use an LDAP or MYSQL database.
-<b>CONFIGURATION</b> <b>PARAMETERS</b>
- The following <b>main.cf</b> parameters are especially relevant
- to this program. See the Postfix <b>main.cf</b> file for syntax
- details and for default values. Use the <b>postfix</b> <b>reload</b>
+<b>CONFIGURATION PARAMETERS</b>
+ The following <b>main.cf</b> parameters are especially relevant
+ to this program. See the Postfix <b>main.cf</b> file for syntax
+ details and for default values. Use the <b>postfix reload</b>
command after a configuration change.
-<b>Mailbox</b> <b>delivery</b>
- <b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>base</b>
- Specifies a path that is prepended to all mailbox
- or maildir paths. This is a safety measure to
- ensure that an out of control map in <b>virtual</b><i>_</i><b>mail-</b>
- <b>box</b><i>_</i><b>maps</b> doesn't litter the filesystem with mail-
- boxes. While it could be set to "/", this setting
+<b>Mailbox delivery</b>
+ <b>virtual_mailbox_base</b>
+ Specifies a path that is prepended to all mailbox
+ or maildir paths. This is a safety measure to
+ ensure that an out of control map in <b>virtual_mail-</b>
+ <b>box_maps</b> doesn't litter the filesystem with mail-
+ boxes. While it could be set to "/", this setting
isn't recommended.
- <b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>maps</b>
+ <b>virtual_mailbox_maps</b>
Recipients are looked up in these maps to determine
- the path to their mailbox or maildir. If the
- returned path ends in a slash ("/"), maildir-style
- delivery is carried out, otherwise the path is
+ the path to their mailbox or maildir. If the
+ returned path ends in a slash ("/"), maildir-style
+ delivery is carried out, otherwise the path is
assumed to specify a UNIX-style mailbox file.
- While searching a lookup table, an address exten-
+ While searching a lookup table, an address exten-
sion (<i>user+foo@domain.tld</i>) is ignored.
- In a lookup table, specify a left-hand side of
- <i>@domain.tld</i> to match any user in the specified
- domain that does not have a specific
+ In a lookup table, specify a left-hand side of
+ <i>@domain.tld</i> to match any user in the specified
+ domain that does not have a specific
<i>user@domain.tld</i> entry.
- Note that <b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>base</b> is unconditionally
+ Note that <b>virtual_mailbox_base</b> is unconditionally
prepended to this path.
- For security reasons, regular expression maps are
- allowed but regular expression substitution of $1
+ For security reasons, regular expression maps are
+ allowed but regular expression substitution of $1
etc. is disallowed, because that would open a secu-
rity hole.
- For security reasons, proxied table lookup is not
+ For security reasons, proxied table lookup is not
allowed, because that would open a security hole.
- <b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>domains</b>
- The list of domains that should be delivered via
- the Postfix virtual delivery agent. This uses the
+ <b>virtual_mailbox_domains</b>
+ The list of domains that should be delivered via
+ the Postfix virtual delivery agent. This uses the
same syntax as the <b>mydestination</b> configuration
parameter.
- <b>virtual</b><i>_</i><b>minimum</b><i>_</i><b>uid</b>
- Specifies a minimum uid that will be accepted as a
- return from a <b>virtual</b><i>_</i><b>uid</b><i>_</i><b>maps</b> lookup. Returned
- values less than this will be rejected, and the
+ <b>virtual_minimum_uid</b>
+ Specifies a minimum uid that will be accepted as a
+ return from a <b>virtual_uid_maps</b> lookup. Returned
+ values less than this will be rejected, and the
message will be deferred.
- <b>virtual</b><i>_</i><b>uid</b><i>_</i><b>maps</b>
+ <b>virtual_uid_maps</b>
Recipients are looked up in these maps to determine
- the user ID to be used when writing to the target
+ the user ID to be used when writing to the target
mailbox.
- While searching a lookup table, an address exten-
+ While searching a lookup table, an address exten-
sion (<i>user+foo@domain.tld</i>) is ignored.
- In a lookup table, specify a left-hand side of
- <i>@domain.tld</i> to match any user in the specified
- domain that does not have a specific
+ In a lookup table, specify a left-hand side of
+ <i>@domain.tld</i> to match any user in the specified
+ domain that does not have a specific
<i>user@domain.tld</i> entry.
- For security reasons, regular expression maps are
- allowed but regular expression substitution of $1
+ For security reasons, regular expression maps are
+ allowed but regular expression substitution of $1
etc. is disallowed, because that would open a secu-
rity hole.
- For security reasons, proxied table lookup is not
+ For security reasons, proxied table lookup is not
allowed, because that would open a security hole.
- <b>virtual</b><i>_</i><b>gid</b><i>_</i><b>maps</b>
+ <b>virtual_gid_maps</b>
Recipients are looked up in these maps to determine
- the group ID to be used when writing to the target
+ the group ID to be used when writing to the target
mailbox.
- While searching a lookup table, an address exten-
+ While searching a lookup table, an address exten-
sion (<i>user+foo@domain.tld</i>) is ignored.
- In a lookup table, specify a left-hand side of
- <i>@domain.tld</i> to match any user in the specified
- domain that does not have a specific
+ In a lookup table, specify a left-hand side of
+ <i>@domain.tld</i> to match any user in the specified
+ domain that does not have a specific
<i>user@domain.tld</i> entry.
- For security reasons, regular expression maps are
- allowed but regular expression substitution of $1
+ For security reasons, regular expression maps are
+ allowed but regular expression substitution of $1
etc. is disallowed, because that would open a secu-
rity hole.
- For security reasons, proxied table lookup is not
+ For security reasons, proxied table lookup is not
allowed, because that would open a security hole.
-<b>Locking</b> <b>controls</b>
- <b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>lock</b>
- How to lock UNIX-style mailboxes: one or more of
- <b>flock</b>, <b>fcntl</b> or <b>dotlock</b>. The <b>dotlock</b> method
- requires that the recipient UID or GID has write
+<b>Locking controls</b>
+ <b>virtual_mailbox_lock</b>
+ How to lock UNIX-style mailboxes: one or more of
+ <b>flock</b>, <b>fcntl</b> or <b>dotlock</b>. The <b>dotlock</b> method
+ requires that the recipient UID or GID has write
access to the parent directory of the mailbox file.
- This setting is ignored with <b>maildir</b> style deliv-
+ This setting is ignored with <b>maildir</b> style deliv-
ery, because such deliveries are safe without
explicit locks.
- Use the command <b>postconf</b> <b>-l</b> to find out what lock-
+ Use the command <b>postconf -l</b> to find out what lock-
ing methods are available on your system.
- <b>deliver</b><i>_</i><b>lock</b><i>_</i><b>attempts</b>
- Limit the number of attempts to acquire an exclu-
+ <b>deliver_lock_attempts</b>
+ Limit the number of attempts to acquire an exclu-
sive lock on a UNIX-style mailbox file.
- <b>deliver</b><i>_</i><b>lock</b><i>_</i><b>delay</b>
+ <b>deliver_lock_delay</b>
Time (default: seconds) between successive attempts
- to acquire an exclusive lock on a UNIX-style mail-
- box file. The actual delay is slightly randomized.
+ to acquire an exclusive lock on a UNIX-style mail-
+ box file. The actual delay is slightly randomized.
- <b>stale</b><i>_</i><b>lock</b><i>_</i><b>time</b>
- Limit the time after which a stale lockfile is
- removed (applicable to UNIX-style mailboxes only).
+ <b>stale_lock_time</b>
+ Limit the time after which a stale lockfile is
+ removed (applicable to UNIX-style mailboxes only).
-<b>Resource</b> <b>controls</b>
- <b>virtual</b><i>_</i><b>destination</b><i>_</i><b>concurrency</b><i>_</i><b>limit</b>
+<b>Resource controls</b>
+ <b>virtual_destination_concurrency_limit</b>
Limit the number of parallel deliveries to the same
domain via the <b>virtual</b> delivery agent. The default
- limit is taken from the <b>default</b><i>_</i><b>destination</b><i>_</i><b>concur-</b>
- <b>rency</b><i>_</i><b>limit</b> parameter. The limit is enforced by
+ limit is taken from the <b>default_destination_concur-</b>
+ <b>rency_limit</b> parameter. The limit is enforced by
the Postfix queue manager.
- <b>virtual</b><i>_</i><b>destination</b><i>_</i><b>recipient</b><i>_</i><b>limit</b>
+ <b>virtual_destination_recipient_limit</b>
Limit the number of recipients per message delivery
- via the <b>virtual</b> delivery agent. The default limit
- is taken from the <b>default</b><i>_</i><b>destination</b><i>_</i><b>recipi-</b>
- <b>ent</b><i>_</i><b>limit</b> parameter. The limit is enforced by the
+ via the <b>virtual</b> delivery agent. The default limit
+ is taken from the <b>default_destination_recipi-</b>
+ <b>ent_limit</b> parameter. The limit is enforced by the
Postfix queue manager.
- <b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>limit</b>
- The maximal size in bytes of a mailbox or maildir
+ <b>virtual_mailbox_limit</b>
+ The maximal size in bytes of a mailbox or maildir
file. Set to zero to disable the limit.
<b>HISTORY</b>
- This agent was originally based on the Postfix local
+ This agent was originally based on the Postfix local
delivery agent. Modifications mainly consisted of removing
- code that either was not applicable or that was not safe
- in this context: aliases, ~user/.forward files, delivery
+ code that either was not applicable or that was not safe
+ in this context: aliases, ~user/.forward files, delivery
to "|command" or to /file/name.
- The <b>Delivered-To:</b> header appears in the <b>qmail</b> system by
+ The <b>Delivered-To:</b> header appears in the <b>qmail</b> system by
Daniel Bernstein.
- The <b>maildir</b> structure appears in the <b>qmail</b> system by
+ The <b>maildir</b> structure appears in the <b>qmail</b> system by
Daniel Bernstein.
-<b>SEE</b> <b>ALSO</b>
+<b>SEE ALSO</b>
<a href="regexp_table.5.html">regexp_table(5)</a> POSIX regular expression table format
<a href="pcre_table.5.html">pcre_table(5)</a> Perl Compatible Regular Expression table format
<a href="bounce.8.html">bounce(8)</a> non-delivery status reports
<a href="qmgr.8.html">qmgr(8)</a> queue manager
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
\fBaliases\fR(5).
Options:
-.IP \fB-N\fR
-Include the terminating null character that terminates lookup keys
-and values. By default, Postfix does whatever is the default for
-the host operating system.
.IP "\fB-c \fIconfig_dir\fR"
Read the \fBmain.cf\fR configuration file in the named directory
instead of the default configuration directory.
Incremental mode. Read entries from standard input and do not
truncate an existing database. By default, \fBpostalias\fR creates
a new database from the entries in \fIfile_name\fR.
+.IP \fB-N\fR
+Include the terminating null character that terminates lookup keys
+and values. By default, Postfix does whatever is the default for
+the host operating system.
.IP \fB-n\fR
Don't include the terminating null character that terminates lookup
keys and values. By default, Postfix does whatever is the default for
.nf
.ad
.fi
-.IP \fB-N\fR
-Include the terminating null character that terminates lookup keys
-and values. By default, Postfix does whatever is the default for
-the host operating system.
.IP "\fB-c \fIconfig_dir\fR"
Read the \fBmain.cf\fR configuration file in the named directory
instead of the default configuration directory.
Incremental mode. Read entries from standard input and do not
truncate an existing database. By default, \fBpostmap\fR creates
a new database from the entries in \fBfile_name\fR.
+.IP \fB-N\fR
+Include the terminating null character that terminates lookup keys
+and values. By default, Postfix does whatever is the default for
+the host operating system.
.IP \fB-n\fR
Don't include the terminating null character that terminates lookup
keys and values. By default, Postfix does whatever is the default for
Reject the address etc. that matches the pattern. Reply with
\fI$reject_code optional text...\fR when the optional text is
specified, otherwise reply with a generic error response message.
+.IP \fBDEFER_IF_REJECT\fR
+.IP "\fBDEFER_IF_REJECT \fIoptional text...\fR
+Defer the request if some later restriction would result in a
+REJECT action. Reply with "\fB450\fI optional text...\fR when the
+optional text is specified, otherwise reply with a generic error
+response message.
+.IP \fBDEFER_IF_PERMIT\fR
+.IP "\fBDEFER_IF_PERMIT \fIoptional text...\fR
+Defer the request if some later restriction would result in a
+PERMIT action (there is an implied PERMIT at the end of each
+restriction list). Reply with "\fB450\fI optional text...\fR when the
+optional text is specified, otherwise reply with a generic error
+response message.
.IP \fBOK\fR
Accept the address etc. that matches the pattern.
.IP \fIall-numerical\fR
given to Postfix, and prepends a
\fBReturn-Path:\fR message header with the envelope sender address.
-By definition, \fBmaildir\fR format does not require file locking
-during mail delivery or retrieval.
+By definition, \fBmaildir\fR format does not require application-level
+file locking during mail delivery or retrieval.
.SH MAILBOX OWNERSHIP
.na
.nf
# Reject the address etc. that matches the pattern. Reply with
# \fI$reject_code optional text...\fR when the optional text is
# specified, otherwise reply with a generic error response message.
+# .IP \fBDEFER_IF_REJECT\fR
+# .IP "\fBDEFER_IF_REJECT \fIoptional text...\fR
+# Defer the request if some later restriction would result in a
+# REJECT action. Reply with "\fB450\fI optional text...\fR when the
+# optional text is specified, otherwise reply with a generic error
+# response message.
+# .IP \fBDEFER_IF_PERMIT\fR
+# .IP "\fBDEFER_IF_PERMIT \fIoptional text...\fR
+# Defer the request if some later restriction would result in a
+# PERMIT action (there is an implied PERMIT at the end of each
+# restriction list). Reply with "\fB450\fI optional text...\fR when the
+# optional text is specified, otherwise reply with a generic error
+# response message.
# .IP \fBOK\fR
# Accept the address etc. that matches the pattern.
# .IP \fIall-numerical\fR
# Requires: Postfix, root, relayhost=$mydomain, no transport map
resolve_clnt_test: resolve_clnt resolve_clnt.in resolve_clnt.ref
+ echo 'This test requires relayhost=$mydomain and no transport map'
sed -e "s/MYDOMAIN/`postconf -h mydomain`/g" \
-e "s/MYHOSTNAME/`postconf -h myhostname`/g" \
resolve_clnt.in | ./resolve_clnt >resolve_clnt.tmp
* Patches change the patchlevel and the release date. Snapshots change the
* release date only, unless they include the same bugfix as a patch release.
*/
-#define MAIL_RELEASE_DATE "20030717"
+#define MAIL_RELEASE_DATE "20030728"
#define VAR_MAIL_VERSION "mail_version"
#define DEF_MAIL_VERSION "2.0.14-" MAIL_RELEASE_DATE
/* \fBaliases\fR(5).
/*
/* Options:
-/* .IP \fB-N\fR
-/* Include the terminating null character that terminates lookup keys
-/* and values. By default, Postfix does whatever is the default for
-/* the host operating system.
/* .IP "\fB-c \fIconfig_dir\fR"
/* Read the \fBmain.cf\fR configuration file in the named directory
/* instead of the default configuration directory.
/* Incremental mode. Read entries from standard input and do not
/* truncate an existing database. By default, \fBpostalias\fR creates
/* a new database from the entries in \fIfile_name\fR.
+/* .IP \fB-N\fR
+/* Include the terminating null character that terminates lookup keys
+/* and values. By default, Postfix does whatever is the default for
+/* the host operating system.
/* .IP \fB-n\fR
/* Don't include the terminating null character that terminates lookup
/* keys and values. By default, Postfix does whatever is the default for
/* COMMAND-LINE ARGUMENTS
/* .ad
/* .fi
-/* .IP \fB-N\fR
-/* Include the terminating null character that terminates lookup keys
-/* and values. By default, Postfix does whatever is the default for
-/* the host operating system.
/* .IP "\fB-c \fIconfig_dir\fR"
/* Read the \fBmain.cf\fR configuration file in the named directory
/* instead of the default configuration directory.
/* Incremental mode. Read entries from standard input and do not
/* truncate an existing database. By default, \fBpostmap\fR creates
/* a new database from the entries in \fBfile_name\fR.
+/* .IP \fB-N\fR
+/* Include the terminating null character that terminates lookup keys
+/* and values. By default, Postfix does whatever is the default for
+/* the host operating system.
/* .IP \fB-n\fR
/* Don't include the terminating null character that terminates lookup
/* keys and values. By default, Postfix does whatever is the default for
msg_warn("%s: response longer than %d: %.30s...",
session->namaddr, var_line_limit, STR(state->buffer));
if (msg_verbose)
- msg_info("< %s: %s", session->namaddr, STR(state->buffer));
+ msg_info("< %s: %.100s", session->namaddr, STR(state->buffer));
/*
* Defend against a denial of service attack by limiting the amount
}
}
+ /*
+ * DEFER_IF_PERMIT means NO, eventually. Use optional text or generate a
+ * generic error response.
+ */
+ if (STREQUAL(value, DEFER_IF_PERMIT, cmd_len)) {
+ DEFER_IF_PERMIT3(state, MAIL_ERROR_POLICY,
+ "450 <%s>: %s rejected: %s",
+ reply_name, reply_class,
+ *cmd_text ? cmd_text : "Service unavailable");
+ return (SMTPD_CHECK_DUNNO);
+ }
+
+ /*
+ * DEFER_IF_REJECT means NO, eventually. Use optional text or generate a
+ * generic error response.
+ */
+ if (STREQUAL(value, DEFER_IF_REJECT, cmd_len)) {
+ DEFER_IF_REJECT3(state, MAIL_ERROR_POLICY,
+ "450 <%s>: %s rejected: %s",
+ reply_name, reply_class,
+ *cmd_text ? cmd_text : "Service unavailable");
+ return (SMTPD_CHECK_DUNNO);
+ }
+
/*
* All-numeric result probably means OK - some out-of-band authentication
* mechanism uses this as time stamp.
VSTREAM_PATH(state->proxy), var_line_limit,
STR(state->proxy_buffer));
if (msg_verbose)
- msg_info("< %s: %s", VSTREAM_PATH(state->proxy),
+ msg_info("< %s: %.100s", VSTREAM_PATH(state->proxy),
STR(state->proxy_buffer));
/*
if (saved_domain)
tok822_free_tree(saved_domain);
saved_domain = domain;
+ domain = 0; /* safety for future change */
}
/*
/* #include <dict.h>
/* #include <dict_mysql.h>
/*
-/* DICT *dict_mysql_open(name, dummy, unused_dict_flags)
+/* DICT *dict_mysql_open(name, open_flags, dict_flags)
/* const char *name;
-/* int dummy;
-/* int unused_dict_flags;
+/* int open_flags;
+/* int dict_flags;
/* DESCRIPTION
/* dict_mysql_open() creates a dictionary of type 'mysql'. This
/* dictionary is an interface for the postfix key->value mappings
/*
/* .IP other_name
/* reference for outside use.
-/* .IP unusued_flags
-/* unused flags
+/* .IP open_flags
+/* Must be O_RDONLY.
+/* .IP dict_flags
+/* See dict_open(3).
/* SEE ALSO
/* dict(3) generic dictionary manager
/* AUTHOR(S)
* parse the map's config file
* allocate memory
**********************************************************************/
-DICT *dict_mysql_open(const char *name, int unused_open_flags, int dict_flags)
+DICT *dict_mysql_open(const char *name, int open_flags, int dict_flags)
{
DICT_MYSQL *dict_mysql;
int connections;
+ /*
+ * Sanity checks.
+ */
+ if (open_flags != O_RDONLY)
+ msg_fatal("%s:%s map requires O_RDONLY access mode",
+ DICT_TYPE_MYSQL, name);
+
dict_mysql = (DICT_MYSQL *) dict_alloc(DICT_TYPE_MYSQL, name,
sizeof(DICT_MYSQL));
dict_mysql->dict.lookup = dict_mysql_lookup;
/* SYNOPSIS
/* #include <dict_pgsql.h>
/*
-/* DICT *dict_pgsql_open(name, unused_open_flags, unused_dict_flags)
+/* DICT *dict_pgsql_open(name, open_flags, dict_flags)
/* const char *name;
-/* int unused_open_flags;
-/* int unused_dict_flags;
+/* int open_flags;
+/* int dict_flags;
/* DESCRIPTION
/* dict_pgsql_open() creates a dictionary of type 'pgsql'. This
/* dictionary is an interface for the postfix key->value mappings
/*
/* .IP other_name
/* reference for outside use.
-/* .IP unusued_flags
-/* unused flags
+/* .IP open_flags
+/* Must be O_RDONLY.
+/* .IP dict_flags
+/* See dict_open(3).
/* SEE ALSO
/* dict(3) generic dictionary manager
/* AUTHOR(S)
* parse the map's config file
* allocate memory
**********************************************************************/
-DICT *dict_pgsql_open(const char *name, int unused_flags, int unused_dict_flags)
+DICT *dict_pgsql_open(const char *name, int open_flags, int dict_flags)
{
DICT_PGSQL *dict_pgsql;
- dict_pgsql = (DICT_PGSQL *) mymalloc(sizeof(DICT_PGSQL));
+ /*
+ * Sanity checks.
+ */
+ if (open_flags != O_RDONLY)
+ msg_fatal("%s:%s map requires O_RDONLY access mode",
+ DICT_TYPE_PGSQL, name);
+
+ dict_pgsql = (DICT_PGSQL *) dict_alloc(DICT_TYPE_PGSQL, name,
+ sizeof(DICT_PGSQL));
dict_pgsql->dict.lookup = dict_pgsql_lookup;
dict_pgsql->dict.close = dict_pgsql_close;
dict_pgsql->name = pgsqlname_parse(name);
dict_pgsql->pldb = plpgsql_init(dict_pgsql->name->hostnames,
dict_pgsql->name->len_hosts);
+ dict_pgsql->dict.flags = dict_flags | DICT_FLAG_FIXED;
if (dict_pgsql->pldb == NULL)
msg_fatal("couldn't intialize pldb!\n");
dict_register(name, (DICT *) dict_pgsql);
}
myfree((char *) dict_pgsql->name->hostnames);
myfree((char *) dict_pgsql->name);
+ dict_free(dict);
}
/* plpgsql_dealloc - free memory associated with PLPGSQL close databases */
/* given to Postfix, and prepends a
/* \fBReturn-Path:\fR message header with the envelope sender address.
/*
-/* By definition, \fBmaildir\fR format does not require file locking
-/* during mail delivery or retrieval.
+/* By definition, \fBmaildir\fR format does not require application-level
+/* file locking during mail delivery or retrieval.
/* MAILBOX OWNERSHIP
/* .ad
/* .fi
projects / thirdparty / postfix.git / commitdiff
