for myhostname, inet_interfaces, and mynetworks_style.
This broke the default mynetworks setting calculation.
File: postconf/postconf.c.
+
+20010803
+
+ Feature: masquerade_classes parameter for fine control of
+ address masquerading. The default setting is backwards
+ compatible: envelope_sender header_sender header_recipient.
+ Files: cleanup/whatever.c.
+
+20010806
+
+ Bugfix: did not address masquerade the always_bcc recipient
+ after extracting envelope recipients from message headers.
+ File: cleanup/cleanup_extracted.c.
+
+ Bugfix: did not address masquerade the envelope recipients
+ extracted from message headers. File: cleanup/cleanup_message.c.
-Incompatible changes with snapshot-20010801
+Incompatible changes with snapshot-20010802
===========================================
+The default setting for the maps_rbl_domains parameter is "empty",
+because mail-abuse.org has become a subscription-based service.
+
+The permit_mx_backup feature has changed. It accepts mail only when
+the primary MX hosts for the recipient match the networks that are
+specified with the new auth_permit_mx_backup configuration parameter.
+Postfix will not accept mail when permit_mx_backup is used while
+auth_permit_mx_backup is not configured.
+
The protocol between Postfix master and child processes has changed.
You must stop and start Postfix in order to switch between Snapshot
20010801 and releases that implement the older protocol.
-Major changes with snapshot-20010801
+Major changes with snapshot-20010802
====================================
Specify "disable_verp_bounces = yes" to have Postfix send one
RFC-standard, non-VERP, bounce report for multi-recipient mail,
even when VERP style delivery is requested.
+Fine control over address masquerading. The masquerade_classes
+parameter controls header and envelope sender and recipient addresses.
+
Variable coupling between message receiving rates and message
delivery rates. When the message receiving rate exceeds the message
delivery rate, an SMTP server will pause for $in_flow_delay seconds
mail to arrive.
The in_flow_delay feature has effect mainly when your system is
-being flooded port through a limited number of SMTP connections.
-This is also useful for mass-mailing applications, because it avoids
-the need to hand-tune the rate at which mail is sent into Postfix.
+being flooded through a limited number of SMTP connections. This
+is useful for mass-mailing applications, because it eliminates the
+need to hand-tune the rate for sending mail into Postfix.
The in_flow_delay feature has negligible effect when mail arrives
via many different SMTP connections. With the default limit of 50
SMTP server processes and with the default $in_flow_delay of 1
-second, total mail inflow is limited to 50 messages per second more
+second, the mail inflow is limited to 50 messages per second more
than the number of messages that are delivered per second. Many
systems saturate at values much smaller than 50 messages per second.
# The network interface addresses that this system
# receives mail on.
#
+# masquerade_classes
+# List of address classes subject to masquerading:
+# zero or more of envelope_sender, envelope_recipi-
+# ent, header_sender, header_recipient.
+#
# masquerade_domains
# List of domains that hide their subdomain struc-
# ture.
# myorigin
# The domain that is appended to locally-posted mail.
#
+# 3
+#
+# CANONICAL(5) CANONICAL(5)
+#
# owner_request_special
# Give special treatment to owner-xxx and xxx-request
# addresses.
#
# SEE ALSO
# cleanup(8) canonicalize and enqueue mail
-#
-# 3
-#
-# CANONICAL(5) CANONICAL(5)
-#
# postmap(1) create mapping table
# virtual(5) virtual domain mapping
# pcre_table(5) format of PCRE tables
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
+#
+# Interfaces to non-Postfix software. Be sure to examine the manual
+# pages of the non-Postfix software to find out what options it wants.
+# The Cyrus deliver program has changed incompatibly.
+#
cyrus unix - n n - - pipe
flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
uucp unix - n n - - pipe
# is `U', which makes matching ungreedy (see PCRE documenta-
# tion and source for more info).
#
-# Each pattern is applied to the entire string being looked
-# up. Depending on the application, that string is an
-# entire client hostname, an entire client IP address, or an
-# entire mail address. Thus, no parent domain or parent
-# network search is done, and user@domain mail addresses are
-# not broken up into their user and domain constituent
-# parts, nor is user+foo broken up into user and foo.
+# Each pattern is applied to the entire lookup key string.
+# Depending on the application, that string is an entire
+# client hostname, an entire client IP address, or an entire
+# mail address. Thus, no parent domain or parent network
+# search is done, and user@domain mail addresses are not
+# broken up into their user and domain constituent parts,
+# nor is user+foo broken up into user and foo.
#
# Patterns are applied in the order as specified in the
# table, until a pattern is found that matches the search
#
# PCRE_TABLE(5) PCRE_TABLE(5)
#
-# Substitution of sub-strings from the matched expression is
-# possible using the conventional perl syntax ($1, $2,
-# etc.). The macros in the replacement string may need to be
-# written as ${n} or $(n) if they aren't followed by whites-
-# pace.
+# Substitution of substrings from the matched expression
+# into the result string is possible using the conventional
+# perl syntax ($1, $2, etc.). The macros in the result
+# string may need to be written as ${n} or $(n) if they
+# aren't followed by whitespace.
#
# EXAMPLES
# # Protect your outgoing majordomo exploders
# Other flags are `x' (disable extended expression syntax),
# and `m' (enable multi-line mode).
#
-# Each pattern is applied to the entire string being looked
-# up. Depending on the application, that string is an
-# entire client hostname, an entire client IP address, or an
-# entire mail address. Thus, no parent domain or parent
-# network search is done, and user@domain mail addresses are
-# not broken up into their user and domain constituent
-# parts, nor is user+foo broken up into user and foo.
+# Each pattern is applied to the entire lookup key string.
+# Depending on the application, that string is an entire
+# client hostname, an entire client IP address, or an entire
+# mail address. Thus, no parent domain or parent network
+# search is done, and user@domain mail addresses are not
+# broken up into their user and domain constituent parts,
+# nor is user+foo broken up into user and foo.
#
# Patterns are applied in the order as specified in the
#
# table, until a pattern is found that matches the search
# string.
#
-# Substitution of sub-strings from the matched expression is
-# possible using $1, $2, etc.. The macros in the replacement
-# string may need to be written as ${n} or $(n) if they
-# aren't followed by whitespace.
+# Substitution of substrings from the matched expression
+# into the result string is possible using $1, $2, etc.. The
+# macros in the result string may need to be written as ${n}
+# or $(n) if they aren't followed by whitespace.
#
# EXAMPLES
# # Disallow sender-specified routing. This is a must if you relay mail
#
empty_address_recipient = MAILER-DAEMON
+# The masquerade_classes parameter controls what addresses are
+# subject to address masquerading.
+#
+# By default, address masquerading is limited to envelope recipient
+# addresses, and to header sender and header recipient addresses.
+# This allows you to use address masquerading on a mail gateway while
+# still being able to forward mail to users on individual machines.
+#
+# Specify zero or more of: envelope_sender, envelope_recipient,
+# header_sender, header_recipient
+#
+masquerade_classes = envelope_sender, header_sender, header_recipient
+
# The masquerade_domains parameter gives an optional list of domains
# that must have their subdomain structure stripped off.
#
# - to destinations matching $relay_domains or subdomain thereof,
# except for addresses with sender-specified routing.
# reject_unauth_pipelining: reject mail from improperly pipelining spamware
-# permit_mx_backup: accept mail for sites that list me as MX host.
+# permit_mx_backup: accept mail for sites whose primary MX hosts
+# match the networks specified with auth_mx_backup_networks.
# reject_unknown_recipient_domain: reject domains without A or MX record.
# check_recipient_access maptype:mapname
# maptype:mapname: look up recipient address, parent domain, or localpart@.
#
smtpd_recipient_restrictions = permit_mynetworks,check_relay_domains
+# The auth_mx_backup_networks parameter specifies a list of networks
+# for which the permit_mx_backup feature (see above) can be used.
+#
+# By default, auth_mx_backup_networks is empty and no networks are
+# authorized to use the permit_mx_backup feature. You can specify
+# a complete class A network (X.0.0.0/8), a complete class B network
+# (X.X.0.0/16), and so on. If you want stricter control, specify a
+# list of network/mask patterns, where the mask specifies the number
+# of bits in the network part of a host address. You can also specify
+# the absolute pathname of a pattern file instead of listing the
+# patterns here.
+#
+auth_mx_backup_networks =
+
#
# ADDITIONAL UCE CONTROLS
#
The network interface addresses that this system
receives mail on.
+ <b>masquerade</b><i>_</i><b>classes</b>
+ List of address classes subject to masquerading:
+ zero or more of <b>envelope</b><i>_</i><b>sender</b>, <b>envelope</b><i>_</i><b>recipi-</b>
+ <b>ent</b>, <b>header</b><i>_</i><b>sender</b>, <b>header</b><i>_</i><b>recipient</b>.
+
<b>masquerade</b><i>_</i><b>domains</b>
List of domains that hide their subdomain struc-
ture.
and message header addresses (i.e. strip host or
domain information below all domains listed in the
<b>masquerade</b><i>_</i><b>domains</b> parameter, except for user names
- listed in <b>masquerade</b><i>_</i><b>exceptions</b>). Address mas-
- querading does not affect envelope recipients.
+ listed in <b>masquerade</b><i>_</i><b>exceptions</b>). By default,
+ address masquerading does not affect envelope
+ recipients.
<b>o</b> Optionally, expand envelope recipients according to
- information found in the <a href="virtual.5.html"><b>virtual</b>(5)</a> lookup tables.
+ information found in the <a href="virtual.5.html"><b>virtual</b>(5)</a> lookup tables.
- The <b>cleanup</b> daemon performs sanity checks on the content
- of each message. When it finds a problem, by default it
- returns a diagnostic status to the client, and leaves it
- up to the client to deal with the problem. Alternatively,
- the client can request the <b>cleanup</b> daemon to bounce the
+ The <b>cleanup</b> daemon performs sanity checks on the content
+ of each message. When it finds a problem, by default it
+ returns a diagnostic status to the client, and leaves it
+ up to the client to deal with the problem. Alternatively,
+ the client can request the <b>cleanup</b> daemon to bounce the
message back to the sender in case of trouble.
<b>STANDARDS</b>
Problems and transactions are logged to <b>syslogd</b>(8).
<b>BUGS</b>
- Table-driven rewriting rules make it hard to express <b>if</b>
+ Table-driven rewriting rules make it hard to express <b>if</b>
<b>then</b> <b>else</b> and other logical relationships.
<b>CONFIGURATION</b> <b>PARAMETERS</b>
- The following <b>main.cf</b> parameters are especially relevant
- to this program. See the Postfix <b>main.cf</b> file for syntax
- details and for default values. Use the <b>postfix</b> <b>reload</b>
+ The following <b>main.cf</b> parameters are especially relevant
+ to this program. See the Postfix <b>main.cf</b> file for syntax
+ details and for default values. Use the <b>postfix</b> <b>reload</b>
command after a configuration change.
<b>Content</b> <b>filtering</b>
<b>body</b><i>_</i><b>checks</b>
Lookup tables with content filters for message body
- lines. These filters see physical lines one at a
+ lines. These filters see physical lines one at a
time, in chunks of at most line_length_limit bytes.
<b>header</b><i>_</i><b>checks</b>
- Lookup tables with content filters for message
- header lines. These filters see logical headers
+ Lookup tables with content filters for message
+ header lines. These filters see logical headers
one at a time, including headers that span multiple
lines.
<b>Miscellaneous</b>
<b>always</b><i>_</i><b>bcc</b>
- Address to send a copy of each message that enters
+ Address to send a copy of each message that enters
the system.
<b>hopcount</b><i>_</i><b>limit</b>
<b>Address</b> <b>transformations</b>
<b>empty</b><i>_</i><b>address</b><i>_</i><b>recipient</b>
- The destination for undeliverable mail from <>.
- This substitution is done before all other address
+ The destination for undeliverable mail from <>.
+ This substitution is done before all other address
rewriting.
<b>canonical</b><i>_</i><b>maps</b>
Address mapping lookup table for envelope and
header sender addresses.
+ <b>masquerade</b><i>_</i><b>classes</b>
+ List of address classes subject to masquerading:
+ zero or more of <b>envelope</b><i>_</i><b>sender</b>, <b>envelope</b><i>_</i><b>recipi-</b>
+ <b>ent</b>, <b>header</b><i>_</i><b>sender</b>, <b>header</b><i>_</i><b>recipient</b>.
+
<b>masquerade</b><i>_</i><b>domains</b>
- List of domains that hide their subdomain struc-
+ List of domains that hide their subdomain struc-
ture.
<b>masquerade</b><i>_</i><b>exceptions</b>
- List of user names that are not subject to address
+ List of user names that are not subject to address
masquerading.
<b>virtual</b><i>_</i><b>maps</b>
<b>Resource</b> <b>controls</b>
<b>duplicate</b><i>_</i><b>filter</b><i>_</i><b>limit</b>
- Limit the number of envelope recipients that are
+ Limit the number of envelope recipients that are
remembered.
<b>header</b><i>_</i><b>size</b><i>_</i><b>limit</b>
<b>in</b><i>_</i><b>flow</b><i>_</i><b>delay</b>
Amount of time to pause before accepting a message,
- when the message arrival rate exceeds the message
+ when the message arrival rate exceeds the message
delivery rate.
<b>extract</b><i>_</i><b>recipient</b><i>_</i><b>limit</b>
- Limit the amount of recipients extracted from mes-
+ Limit the amount of recipients extracted from mes-
sage headers.
<b>SEE</b> <b>ALSO</b>
/etc/postfix/virtual*, virtual mapping table
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
reject when the destination is not local.
<li> <a href="uce.html#permit_mx_backup">permit_mx_backup</a>:
-reject when the destination is not local.
+permit if the local system is listed as MX host for the recipient
+domain, provided that the primary MX host for the recipient domain
+is within the networks specified with <a
+href="uce.html#auth_mx_backup_networks">auth_mx_backup_networks</a>.
<li> Other UCE restrictions (e.g., SMTPD access maps) are not aware
of sender-provided routing information.
<a name="masquerade"> <h2> Address masquerading</h2>
-Address masquerading is a method to hide all hosts below a domain
+Address masquerading is a method to hide all hosts inside a domain
behind their mail gateway, and to make it appear as if the mail
comes from the gateway itself, instead of from individual machines.
By default, Postfix makes no exceptions.
<p>
-Subtle point: address masquerading is applied only to message
-headers and envelope sender addresses, not to envelope recipients.
+Subtle point: by default, address masquerading is applied only to
+message headers and to envelope sender addresses, but not to envelope
+recipients. This allows you to use address masquerading on a mail
+gateway machine, while still being able to forward mail from outside
+to users on individual machines.
+
+<p>
+
+In order to subject envelope recipient addresses to masquerading,
+too, specify (only available with Postfix versions after 20010802):
+
+<dl>
+
+<dd><b>masquerade_classes = envelope_sender, envelope_recipient,
+header_sender, header_recipient</b>
+
+</dl>
+
+<p>
+
+If you do this, Postfix will no longer be able to send mail to
+individual machines.
<a name="virtual"> <h2> Virtual address mapping</h2>
<a name="permit_mx_backup">
<dt> <b>permit_mx_backup</b> <dd> Permit the request when the local
-mail system is MX host for the resolved destination. This includes
-the case that the local mail system is the final destination.
-However, the SMTP server will not forward mail with addresses that
-have sender-specified routing information (example:
+mail system is MX host for the resolved destination, provided that
+the primary MX host is within the networks specified with <a
+href="#auth_mx_backup_networks">auth_mx_backup_networks</a> parameter.
+This includes the case that the local mail system is the final
+destination. However, the SMTP server will not forward mail with
+addresses that have sender-specified routing information (example:
<i>user@elsewhere@domain</i>),
<p>
-Relevant configuration parameters: <a href="basic.html#mydestination">
-$mydestination</a>, <a href="basic.html#inet_interfaces">
-$inet_interfaces</a>.
+Relevant configuration parameters: <a
+href="#auth_mx_backup_networks">auth_mx_backup_networks</a>, <a
+href="basic.html#mydestination"> $mydestination</a>, <a
+href="basic.html#inet_interfaces"> $inet_interfaces</a>.
<p>
<dl>
+<a name="auth_mx_backup_networks">
+
+<dt> <b>auth_mx_backup_networks</b>
+
+<dd>This parameter specifies the networks that are allowed to
+use the <a href="#permit_mx_backup">permit_mx_backup</a>
+relay control feature.
+
+<p>
+
+<dl>
+
+<dt>Default:
+
+<dd><b>auth_mx_backup_networks = </b>
+
+<p>
+
+That is, no networks are authorized by default.
+
+<p>
+
+<dt>Syntax:
+
+<dd> Specify a list of network
+blocks in CIDR (network/mask) notation, for example:
+
+<p>
+
+<dl>
+
+<dd> <b>auth_mx_backup_networks = 168.100.0.0/16</b>
+
+</dl>
+
+<p>
+
+You can also specify the absolute pathname of a pattern file instead
+of listing the patterns in the <b>main.cf</b> file.
+
+</dl>
+
+</dl>
+
+<dl>
+
<a name="maps_rbl_domains">
<dt> <b>maps_rbl_domains</b>
Other parameters of interest:
.IP \fBinet_interfaces\fR
The network interface addresses that this system receives mail on.
+.IP \fBmasquerade_classes\fR
+List of address classes subject to masquerading: zero or more of
+\fBenvelope_sender\fR, \fBenvelope_recipient\fR, \fBheader_sender\fR,
+\fBheader_recipient\fR.
.IP \fBmasquerade_domains\fR
List of domains that hide their subdomain structure.
.IP \fBmasquerade_exceptions\fR
header addresses (i.e. strip host or domain information below
all domains listed in the \fBmasquerade_domains\fR parameter,
except for user names listed in \fBmasquerade_exceptions\fR).
-Address masquerading does not affect envelope recipients.
+By default, address masquerading does not affect envelope recipients.
.IP \(bu
Optionally, expand envelope recipients according to information
found in the \fBvirtual\fR(5) lookup tables.
.IP \fBsender_canonical_maps\fR
Address mapping lookup table for envelope and header sender
addresses.
+.IP \fBmasquerade_classes\fR
+List of address classes subject to masquerading: zero or
+more of \fBenvelope_sender\fR, \fBenvelope_recipient\fR,
+\fBheader_sender\fR, \fBheader_recipient\fR.
.IP \fBmasquerade_domains\fR
List of domains that hide their subdomain structure.
.IP \fBmasquerade_exceptions\fR
# Other parameters of interest:
# .IP \fBinet_interfaces\fR
# The network interface addresses that this system receives mail on.
+# .IP \fBmasquerade_classes\fR
+# List of address classes subject to masquerading: zero or more of
+# \fBenvelope_sender\fR, \fBenvelope_recipient\fR, \fBheader_sender\fR,
+# \fBheader_recipient\fR.
# .IP \fBmasquerade_domains\fR
# List of domains that hide their subdomain structure.
# .IP \fBmasquerade_exceptions\fR
/* header addresses (i.e. strip host or domain information below
/* all domains listed in the \fBmasquerade_domains\fR parameter,
/* except for user names listed in \fBmasquerade_exceptions\fR).
-/* Address masquerading does not affect envelope recipients.
+/* By default, address masquerading does not affect envelope recipients.
/* .IP \(bu
/* Optionally, expand envelope recipients according to information
/* found in the \fBvirtual\fR(5) lookup tables.
/* .IP \fBsender_canonical_maps\fR
/* Address mapping lookup table for envelope and header sender
/* addresses.
+/* .IP \fBmasquerade_classes\fR
+/* List of address classes subject to masquerading: zero or
+/* more of \fBenvelope_sender\fR, \fBenvelope_recipient\fR,
+/* \fBheader_sender\fR, \fBheader_recipient\fR.
/* .IP \fBmasquerade_domains\fR
/* List of domains that hide their subdomain structure.
/* .IP \fBmasquerade_exceptions\fR
extern MAPS *cleanup_body_checks;
extern MAPS *cleanup_virtual_maps;
extern ARGV *cleanup_masq_domains;
+extern int cleanup_masq_flags;
+
+ /*
+ * Address masquerading fine control.
+ */
+#define CLEANUP_MASQ_FLAG_ENV_FROM (1<<0) /* envelope sender */
+#define CLEANUP_MASQ_FLAG_ENV_RCPT (1<<1) /* envelope recipient */
+#define CLEANUP_MASQ_FLAG_HDR_FROM (1<<2) /* header sender */
+#define CLEANUP_MASQ_FLAG_HDR_RCPT (1<<3) /* header recipient */
/*
* Restrictions on extension propagation.
if (cleanup_comm_canon_maps)
cleanup_map11_internal(state, clean_addr, cleanup_comm_canon_maps,
cleanup_ext_prop_mask & EXT_PROP_CANONICAL);
- if (cleanup_masq_domains)
+ if (cleanup_masq_domains
+ && (cleanup_masq_flags & CLEANUP_MASQ_FLAG_ENV_FROM))
cleanup_masquerade_internal(clean_addr, cleanup_masq_domains);
CLEANUP_OUT_BUF(state, type, clean_addr);
if (state->sender == 0)
if (cleanup_comm_canon_maps)
cleanup_map11_internal(state, clean_addr, cleanup_comm_canon_maps,
cleanup_ext_prop_mask & EXT_PROP_CANONICAL);
+ if (cleanup_masq_domains
+ && (cleanup_masq_flags & CLEANUP_MASQ_FLAG_ENV_RCPT))
+ cleanup_masquerade_internal(clean_addr, cleanup_masq_domains);
cleanup_out_recipient(state, STR(clean_addr));
if (state->recip == 0)
state->recip = mystrdup(STR(clean_addr));
if (cleanup_comm_canon_maps)
cleanup_map11_internal(state, clean_addr, cleanup_comm_canon_maps,
cleanup_ext_prop_mask & EXT_PROP_CANONICAL);
+ if (cleanup_masq_domains
+ && (cleanup_masq_flags & CLEANUP_MASQ_FLAG_ENV_RCPT))
+ cleanup_masquerade_internal(clean_addr, cleanup_masq_domains);
cleanup_out_recipient(state, STR(clean_addr));
if (state->recip == 0)
state->recip = mystrdup(STR(clean_addr));
if (rcpt->argc >= var_extra_rcpt_limit) {
state->errs |= CLEANUP_STAT_ROVFL;
} else {
+ clean_addr = vstring_alloc(100);
if (*var_always_bcc && rcpt->argv[0]) {
- clean_addr = vstring_alloc(100);
cleanup_rewrite_internal(clean_addr, var_always_bcc);
if (cleanup_rcpt_canon_maps)
cleanup_map11_internal(state, clean_addr, cleanup_rcpt_canon_maps,
cleanup_map11_internal(state, clean_addr, cleanup_comm_canon_maps,
cleanup_ext_prop_mask & EXT_PROP_CANONICAL);
argv_add(rcpt, STR(clean_addr), (char *) 0);
- vstring_free(clean_addr);
}
argv_terminate(rcpt);
- for (cpp = rcpt->argv; CLEANUP_OUT_OK(state) && *cpp; cpp++)
- cleanup_out_recipient(state, *cpp);
+ for (cpp = rcpt->argv; CLEANUP_OUT_OK(state) && *cpp; cpp++) {
+ if (cleanup_masq_domains
+ && (cleanup_masq_flags & CLEANUP_MASQ_FLAG_ENV_RCPT)) {
+ vstring_strcpy(clean_addr, *cpp);
+ cleanup_masquerade_internal(clean_addr, cleanup_masq_domains);
+ cleanup_out_recipient(state, STR(clean_addr));
+ } else
+ cleanup_out_recipient(state, *cpp);
+ }
if (rcpt->argv[0])
state->recip = mystrdup(rcpt->argv[0]);
+ vstring_free(clean_addr);
}
}
#include <msg.h>
#include <iostuff.h>
+#include <name_mask.h>
/* Global library. */
char *var_always_bcc; /* big brother */
int var_extra_rcpt_limit; /* recipient extract limit */
char *var_rcpt_witheld; /* recipients not disclosed */
+char *var_masq_classes; /* what to masquerade */
CONFIG_INT_TABLE cleanup_int_table[] = {
VAR_HOPCOUNT_LIMIT, DEF_HOPCOUNT_LIMIT, &var_hopcount_limit, 1, 0,
VAR_PROP_EXTENSION, DEF_PROP_EXTENSION, &var_prop_extension, 0, 0,
VAR_ALWAYS_BCC, DEF_ALWAYS_BCC, &var_always_bcc, 0, 0,
VAR_RCPT_WITHELD, DEF_RCPT_WITHELD, &var_rcpt_witheld, 1, 0,
+ VAR_MASQ_CLASSES, DEF_MASQ_CLASSES, &var_masq_classes, 0, 0,
0,
};
MAPS *cleanup_body_checks;
MAPS *cleanup_virtual_maps;
ARGV *cleanup_masq_domains;
+int cleanup_masq_flags;
/*
* Address extension propagation restrictions.
void cleanup_pre_jail(char *unused_name, char **unused_argv)
{
+ static NAME_MASK masq_class_table[] = {
+ MASQ_CLASS_ENV_FROM, CLEANUP_MASQ_FLAG_ENV_FROM,
+ MASQ_CLASS_ENV_RCPT, CLEANUP_MASQ_FLAG_ENV_RCPT,
+ MASQ_CLASS_HDR_FROM, CLEANUP_MASQ_FLAG_HDR_FROM,
+ MASQ_CLASS_HDR_RCPT, CLEANUP_MASQ_FLAG_HDR_RCPT,
+ 0,
+ };
+
if (*var_canonical_maps)
cleanup_comm_canon_maps =
- maps_create(VAR_CANONICAL_MAPS, var_canonical_maps, DICT_FLAG_LOCK);
+ maps_create(VAR_CANONICAL_MAPS, var_canonical_maps, DICT_FLAG_LOCK);
if (*var_send_canon_maps)
cleanup_send_canon_maps =
maps_create(VAR_SEND_CANON_MAPS, var_send_canon_maps,
if (*var_body_checks)
cleanup_body_checks =
maps_create(VAR_BODY_CHECKS, var_body_checks, DICT_FLAG_LOCK);
+ if (*var_masq_classes)
+ cleanup_masq_flags = name_mask(VAR_MASQ_CLASSES, masq_class_table,
+ var_masq_classes);
}
/* cleanup_post_jail - initialize after entering the chroot jail */
if (cleanup_comm_canon_maps)
cleanup_map11_tree(state, *tpp, cleanup_comm_canon_maps,
cleanup_ext_prop_mask & EXT_PROP_CANONICAL);
- if (cleanup_masq_domains)
+ if (cleanup_masq_domains
+ && (cleanup_masq_flags & CLEANUP_MASQ_FLAG_HDR_FROM))
cleanup_masquerade_tree(*tpp, cleanup_masq_domains);
if (hdr_opts->type == HDR_FROM && state->from == 0)
state->from = cleanup_extract_internal(state->header_buf, *tpp);
argv_add(rcpt, vstring_str(state->temp1), (char *) 0);
}
}
- if (cleanup_masq_domains)
+ if (cleanup_masq_domains
+ && (cleanup_masq_flags & CLEANUP_MASQ_FLAG_HDR_RCPT))
cleanup_masquerade_tree(*tpp, cleanup_masq_domains);
if (hdr_opts->type == HDR_RETURN_RECEIPT_TO && !state->return_receipt)
state->return_receipt =
#define DEF_MASQ_EXCEPTIONS ""
extern char *var_masq_exceptions;
+#define MASQ_CLASS_ENV_FROM "envelope_sender"
+#define MASQ_CLASS_ENV_RCPT "envelope_recipient"
+#define MASQ_CLASS_HDR_FROM "header_sender"
+#define MASQ_CLASS_HDR_RCPT "header_recipient"
+
+#define VAR_MASQ_CLASSES "masquerade_classes"
+#define DEF_MASQ_CLASSES MASQ_CLASS_ENV_FROM ", " \
+ MASQ_CLASS_HDR_FROM ", " \
+ MASQ_CLASS_HDR_RCPT
+extern char *var_masq_classes;
+
/*
* Intranet versus internet.
*/
#define PERMIT_MX_BACKUP "permit_mx_backup"
+#define VAR_AUTH_MX_NETWORKS "auth_mx_backup_networks"
+#define DEF_AUTH_MX_NETWORKS ""
+extern char *var_auth_mx_networks;
+
#define VAR_ACCESS_MAP_CODE "access_map_reject_code"
#define DEF_ACCESS_MAP_CODE 554
extern int var_access_map_code;
extern int var_maps_rbl_code;
#define VAR_MAPS_RBL_DOMAINS "maps_rbl_domains"
-#define DEF_MAPS_RBL_DOMAINS "blackholes.mail-abuse.org"
+#define DEF_MAPS_RBL_DOMAINS ""
extern char *var_maps_rbl_domains;
#define VAR_SMTPD_DELAY_REJECT "smtpd_delay_reject"
* Version of this program.
*/
#define VAR_MAIL_VERSION "mail_version"
-#define DEF_MAIL_VERSION "Snapshot-20010801"
+#define DEF_MAIL_VERSION "Snapshot-20010806"
extern char *var_mail_version;
/* LICENSE
char *var_smtpd_sasl_realm;
char *var_filter_xport;
bool var_broken_auth_clients;
+char *var_auth_mx_networks;
/*
* Global state, for stand-alone mode queue file cleanup. When this is
VAR_SMTPD_SASL_OPTS, DEF_SMTPD_SASL_OPTS, &var_smtpd_sasl_opts, 0, 0,
VAR_SMTPD_SASL_REALM, DEF_SMTPD_SASL_REALM, &var_smtpd_sasl_realm, 1, 0,
VAR_FILTER_XPORT, DEF_FILTER_XPORT, &var_filter_xport, 0, 0,
+ VAR_AUTH_MX_NETWORKS, DEF_AUTH_MX_NETWORKS, &var_auth_mx_networks, 0, 0,
0,
};
/* Reject the request when the client has already sent the next request
/* without being told that the server implements SMTP command pipelining.
/* .IP permit_mx_backup
-/* Allow the request when the local mail system is mail exchanger
-/* for the recipient domain (this includes the case where the local
-/* system is the final destination).
+/* Allow the request when all primary MX hosts for the recipient
+/* are in the networks specified with the $auth_mx_backup_networks
+/* configuration parameter, or when the local system is the final
+/* destination.
/* .IP restriction_classes
/* Defines a list of parameter names, each parameter being a list
/* of restrictions that can be used anywhere a restriction is legal.
#define SMTPD_CHECK_OK 1 /* explicitly permit */
#define SMTPD_CHECK_REJECT 2 /* explicitly reject */
+ /*
+ * XXX For now define SMTPD_CHECK_TRYAGAIN as SMTPD_CHECK_OK.
+ */
+#define SMTPD_CHECK_TRYAGAIN 1 /* return 4xx try again */
+
/*
* Intermediate results. These are static to avoid unnecessary stress on the
* memory manager routines.
*/
static DOMAIN_LIST *relay_domains;
static NAMADR_LIST *mynetworks;
+static NAMADR_LIST *auth_mx_networks;
/*
* Pre-parsed restriction lists.
*/
mynetworks = namadr_list_init(var_mynetworks);
relay_domains = domain_list_init(var_relay_domains);
+ auth_mx_networks = namadr_list_init(var_auth_mx_networks);
/*
* Pre-parse and pre-open the recipient maps.
return (SMTPD_CHECK_DUNNO);
}
+/* all_auth_mx_addr - match host addresses against auth_mx_backup_networks */
+
+static int all_auth_mx_addr(char *host)
+{
+ char *myname = "all_auth_mx_addr";
+ struct in_addr addr;
+ DNS_RR *rr;
+ DNS_RR *addr_list;
+ int dns_status;
+
+ if (msg_verbose)
+ msg_info("%s: host %s", myname, host);
+
+ /*
+ * If we can't lookup the host, try again.
+ */
+#define NOPE 0
+#define YUP 1
+#define TRYAGAIN 2
+
+ /*
+ * Resolve this host into IP addresses, and check if thy are within
+ * auth_mx_backup_networks
+ */
+ dns_status = dns_lookup(host, T_A, 0, &addr_list, (VSTRING *) 0, (VSTRING *) 0);
+ if (dns_status != DNS_OK)
+ return (TRYAGAIN);
+
+ for (rr = addr_list; rr != 0; rr = rr->next) {
+ if (rr->data_len > sizeof(addr)) {
+ msg_warn("skipping address length %d", rr->data_len);
+ continue;
+ }
+ memcpy((char *) &addr, rr->data, sizeof(addr));
+ if (msg_verbose)
+ msg_info("%s: checking: %s", myname, inet_ntoa(addr));
+
+ if (!namadr_list_match(auth_mx_networks, host, inet_ntoa(addr))) {
+
+ /*
+ * Reject: IP address not listed in auth_mx_backup_networks.
+ */
+ if (msg_verbose)
+ msg_info("%s: address %s does not match %s",
+ myname, inet_ntoa(addr), VAR_AUTH_MX_NETWORKS);
+ dns_rr_free(addr_list);
+ return (NOPE);
+ }
+ }
+ dns_rr_free(addr_list);
+ return (YUP);
+}
+
/* has_my_addr - see if this host name lists one of my network addresses */
static int has_my_addr(const char *host)
return (NOPE);
}
+#if 0
+
/* permit_mx_backup - permit use of me as MX backup for recipient domain */
static int permit_mx_backup(SMTPD_STATE *state, const char *recipient)
if (dns_status == DNS_NOTFOUND)
return (has_my_addr(domain) ? SMTPD_CHECK_OK : SMTPD_CHECK_DUNNO);
if (dns_status != DNS_OK)
- return (SMTPD_CHECK_OK);
+ return (SMTPD_CHECK_TRYAGAIN);
/*
* First, see if we match any of the MX host names listed. Only if no
return (SMTPD_CHECK_DUNNO);
}
+#endif
+
+/* permit_auth_mx_backup - relay for authorized networks */
+
+static int permit_auth_mx_backup(SMTPD_STATE *state, const char *recipient)
+{
+ char *myname = "permit_auth_mx_backup";
+ const RESOLVE_REPLY *reply;
+ const char *domain;
+
+ DNS_RR *mx_list;
+ DNS_RR *mx;
+ int dns_status;
+ int best_pref;
+
+ if (msg_verbose)
+ msg_info("%s: %s", myname, recipient);
+
+ /*
+ * Sanity check.
+ */
+ if (*var_auth_mx_networks == 0) {
+ msg_warn("The %s feature requires that you specify authorized networks",
+ PERMIT_MX_BACKUP);
+ msg_warn("via the %s configuration parameter. See examples",
+ VAR_AUTH_MX_NETWORKS);
+ msg_warn("in the %s/sample-smtpd.cf configuration file.",
+ var_config_dir);
+ longjmp(smtpd_check_buf, smtpd_check_reject(state, MAIL_ERROR_SOFTWARE,
+ "%d <%s>: Configuration error in %s",
+ 451, recipient,
+ VAR_AUTH_MX_NETWORKS));
+ }
+
+ /*
+ * Resolve the address.
+ */
+ reply = (const RESOLVE_REPLY *)
+ ctable_locate(smtpd_resolve_cache, recipient);
+
+ /*
+ * If the destination is local, it is acceptable, because we are
+ * supposedly MX for our own address.
+ */
+ if ((domain = strrchr(CONST_STR(reply->recipient), '@')) == 0)
+ return (SMTPD_CHECK_OK);
+ domain += 1;
+ if (resolve_local(domain)
+ || (*var_virtual_maps
+ && check_maps_find(state, recipient, virtual_maps, domain, 0))
+ || (*var_virt_mailbox_maps
+ && check_maps_find(state, recipient, virt_mailbox_maps, domain, 0)))
+ return (SMTPD_CHECK_OK);
+
+ if (msg_verbose)
+ msg_info("%s: not local: %s", myname, recipient);
+
+ /*
+ * Skip source-routed mail (uncertain destination).
+ */
+ if (var_allow_untrust_route == 0 && (reply->flags & RESOLVE_FLAG_ROUTED))
+ return (SMTPD_CHECK_DUNNO);
+
+ /*
+ * Skip numerical forms that didn't match the local system.
+ */
+ if (domain[0] == '#'
+ || (domain[0] == '[' && domain[strlen(domain) - 1] == ']'))
+ return (SMTPD_CHECK_DUNNO);
+
+ /*
+ * Look up the list of MX host names for this domain. If no MX host is
+ * found, perhaps it is a CNAME for the local machine. Clients aren't
+ * supposed to send CNAMEs in SMTP commands, but it happens anyway.
+ */
+ dns_status = dns_lookup(domain, T_MX, 0, &mx_list,
+ (VSTRING *) 0, (VSTRING *) 0);
+ if (dns_status == DNS_NOTFOUND)
+ return (has_my_addr(domain) ? SMTPD_CHECK_OK : SMTPD_CHECK_DUNNO);
+ if (dns_status != DNS_OK)
+ return (SMTPD_CHECK_TRYAGAIN);
+
+ /*
+ * Find the preference of the primary MX hosts.
+ */
+ for (best_pref = 0xffff, mx = mx_list; mx != 0; mx = mx->next)
+ if (mx->pref < best_pref)
+ best_pref = mx->pref;
+
+ /*
+ * See if each best MX host has all IP addresses in
+ * auth_mx_backup_networks.
+ */
+ for (mx = mx_list; mx != 0; mx = mx->next) {
+ if (mx->pref != best_pref)
+ continue;
+ switch (all_auth_mx_addr((char *) mx->data)) {
+ case NOPE:
+ dns_rr_free(mx_list);
+ return (SMTPD_CHECK_DUNNO);
+ case YUP:
+ continue;
+ case TRYAGAIN:
+ dns_rr_free(mx_list);
+ return (SMTPD_CHECK_TRYAGAIN);
+ }
+ }
+
+ /*
+ * All IP addresses of the best MX hosts are within
+ * auth_mx_backup_networks.
+ */
+ dns_rr_free(mx_list);
+ return (SMTPD_CHECK_OK);
+}
+
/* reject_non_fqdn_address - fail if address is not in fqdn form */
static int reject_non_fqdn_address(SMTPD_STATE *state, char *addr,
SMTPD_NAME_RECIPIENT, def_acl);
} else if (strcasecmp(name, PERMIT_MX_BACKUP) == 0) {
if (state->recipient)
- status = permit_mx_backup(state, state->recipient);
+ status = permit_auth_mx_backup(state, state->recipient);
} else if (strcasecmp(name, PERMIT_AUTH_DEST) == 0) {
if (state->recipient)
status = permit_auth_destination(state, state->recipient);
projects / thirdparty / postfix.git / commitdiff
