Portability: the Postfix to PCRE interface now expects
version 2.08. Postfix is no longer compatible with PCRE
versions before 2.6.
+
+19990906
+
+ Feature: INSTALL.sh script that makes Postfix installation
+ a bit less painful. This script can be used for installing
+ and for upgrading Postfix. It replaces files instead of
+ overwriting them, and leaves existing configuration and
+ queue files intact.
IRIX 6.x
Linux Debian 1.3.1
Linux Debian 2.x
- Linux RedHat 4.2
+ Linux RedHat 4.x
Linux RedHat 5.x
+ Linux RedHat 6.x
Linux Slackware 3.5
Linux SuSE 5.x
+ Linux SuSE 6.x
Mac OS X server
NEXTSTEP 3.x
NetBSD 1.x
6 - Installing the software after successful compilation
========================================================
-There is no automated installation procedure. The Postfix system
-is sufficiently complex, and UNIX systems are sufficiently different,
-that I feel uncomfortable providing an out-of-the-box procedure.
-
-Installing Postfix by hand takes only a few steps.
-
-- Configuration directory. This name is wired into the programs,
- but it can be overruled by setting the MAIL_CONFIG environment
- variable. This text assumes that you have chosen the default
- location.
-
- As superuser, execute the commands from the Postfix source directory:
-
- # mkdir /etc/postfix
- # chmod 755 /etc/postfix
- # cp conf/* /etc/postfix
- # chmod 644 /etc/postfix/*
- # chmod 755 /etc/postfix/postfix-script*
-
- This also installs the LICENSE file, as required.
-
-- Spool directory. The pathname is configurable in /etc/postfix/main.cf.
- This text assumes that you have chosen the default location.
-
- As superuser, execute the commands:
-
- # mkdir /var/spool/postfix
- # chmod 755 /var/spool/postfix
-
-- Command directory. The pathname is configurable in /etc/postfix/main.cf.
- Usually I install in /usr/sbin or in /usr/etc, depending on the system.
-
- If you are replacing an existing sendmail installation with
- Postfix, you need to keep the old sendmail program running for
- some time in order to flush the mail queue. As superuser, execute
- the following commands (your sendmail may be in a different place):
+IMPORTANT: if you are REPLACING an existing sendmail installation
+with Postfix, you may need to keep the old sendmail program running
+for some time in order to flush the mail queue. As superuser,
+execute the following commands (your sendmail, newaliases and mailq
+programs may be in a different place):
# mv /usr/sbin/sendmail /usr/sbin/sendmail.OFF
- # chmod 755 /usr/sbin/sendmail.OFF
-
- As superuser, execute the commands from the Postfix source directory:
-
- # mkdir $command_directory
- # cp bin/* $command_directory
-
- Alternative: leave the command executables in the Postfix source tree.
+ # mv /usr/bin/newaliases /usr/bin/newaliases.OFF
+ # mv /usr/bin/mailq /usr/bin/mailq.OFF
+ # chmod 755 /usr/sbin/sendmail.OFF /usr/bin/newaliases.OFF \
+ /usr/bin/mailq.OFF
-- Daemon directory. The pathname is configurable in /etc/postfix/main.cf.
- Usually I install in /usr/libexec/postfix or in /usr/lib/postfix.
+In order to install or upgrade Postfix:
- As superuser, execute the commands from the Postfix source directory:
+- Create a user "postfix" with a unique user id and group id.
+ Preferably, this is an account that no-one can log into. The
+ account does not need an executable login shell, and needs no
+ existing home directory. My password file entry looks like this:
- # mkdir $daemon_directory
- # cp libexec/* $daemon_directory
+ postfix:*:12345:12345:postfix:/no/where:/no/shell
- Alternative: leave the daemon executables in the Postfix source tree.
+- Make sure there is a corresponding alias in /etc/aliases:
-- On-line manual pages:
+ postfix: root
- # mkdir /some/where/man
- # (cd man && tar cf - .) | (cd /some/where/man && tar xvf -)
+- Review section 12 of this file, and decide if a world-writable
+ maildrop is OK, or if Postfix needs a set-gid posting agent.
- Alternative: leave the manpages in the Postfix source tree.
+- Run the INSTALL.sh script as the super-user:
- You may wish to update your MANPATH so you can view the Postfix
- manual pages. For example:
+ # sh INSTALL.sh
- # export MANPATH
- # MANPATH=/some/where/man:/usr/share/man:/usr/local/man
+ The INSTALL.sh script offers suggestions for pathnames that you
+ can override, either by editing INSTALL.sh or by specifying your
+ preferences interactively. INSTALL.sh stores your preferences in
+ the Postfix configuration directory in order to ease future installs.
- Proceed to the section on how you wish to run Postfix on your
particular machine:
9 - Turning off sendmail forever
================================
-If you are going to REPLACE sendmail by Postfix, execute the
-following commands. The text assumes that on your system, sendmail
-is in /usr/sbin, and that mailq and newaliases are in /usr/bin.
-
- # mv /usr/bin/mailq /usr/bin/mailq.OFF
- # mv /usr/bin/newaliases /usr/bin/newaliases.OFF
- # chmod 755 /usr/bin/newaliases.OFF /usr/bin/mailq.OFF
-
- # ln -s /usr/sbin/sendmail /usr/bin/mailq
- # ln -s /usr/sbin/sendmail /usr/bin/newaliases
+Prior to installing Postfix you should save the existing sendmail
+program files as described in section 6.
Be sure to keep the old sendmail running for at least a couple
days to flush any unsent mail. To do so, stop the sendmail daemon
configuration language uses lazy evaluation, and does not look at
a parameter value until it is needed at runtime.
-First of all you have to specify the userid that owns the Postfix
-queue and most Postfix processes. The default setting,
-
- mail_owner = postfix
-
-should be appropriate for your system. I would recommend that you
-create a dedicated user account "postfix", that is not in the same
-group as other accounts. Preferably, this is an account that no-one
-can log into. The account does not need an executable login shell,
-and needs no existing home directory. My password file entry looks
-like this:
-
- postfix:*:12345:12345:postfix:/no/where:/no/shell
-
-And there is a corresponding alias in /etc/aliases:
-
- postfix: root
-
-Secondly, you must specify what domain will be appended to a
+First of all, you must specify what domain will be appended to a
local address. The "myorigin" parameter defaults to the local
hostname, but that is probably OK only for very small sites.
disable_dns_lookups = yes
-If you haven't used sendmail prior to using Postfix, you will have
-to build the alias database (with: sendmail -bi, or: newaliases).
-
-Finally, specify the program, daemon and queue directories. For
-example,
+The FAQ (html/faq.html) has more hints and tips for firewalled
+and/or dial-up networks.
- command_directory = /usr/sbin
- daemon_directory = /usr/libexec/postfix
- queue_directory = /var/spool/postfix
-
-For further configuration information I suggest that you browse
-the configuration documentation in the html subdirectory.
+Finally, if you haven't used Sendmail prior to using Postfix, you
+will have to build the alias database (with: sendmail -bi, or:
+newaliases). Be sure to set up aliases for root and postmaster that
+forward mail to a real person.
11 - To chroot or not to chroot
==============================
files have a specific format; less than one in 10^12 non-Postfix
files would be recognized as a valid Postfix queue file.
- In order to enable this mode, step into /etc/postfix and:
+ In order to enable maildrop world-write permission:
- # cp postfix-script-nosgid postfix-script
+ - Specify "no" when asked by the INSTALL.sh script whether
+ Postfix needs set-gid privileges.
2 - On systems with many users it may be desirable to revoke maildrop
directory world write permission, and to enable set-gid privileges
- on a small "postdrop" command that is provided for this purpose.
+ on a small "maildrop" command that is provided for this purpose.
+
+ In order to revoke maildrop world-write permission:
- In order to revoke world-write permission, create a group
- "maildrop" that is unique and that does not share its group ID
- with any other user, certainly not with the postfix account,
- then execute the following commands to make "postdrop" set-gid,
- and to make maildrop non-writable for unprivileged users:
+ - Create a group "maildrop" that is unique and that does not
+ share its group ID with any other user, certainly not with
+ the postfix account,
- # chgrp maildrop /var/spool/postfix/maildrop /some/where/postdrop
- # chmod 1730 /var/spool/postfix/maildrop
- # chmod 2755 /some/where/postdrop
+ - Specify "maildrop" when asked by the INSTALL.sh script whether
+ Postfix needs set-gid privileges.
The sendmail posting program will automatically invoke the
postdrop command when maildrop directory write permission is
restricted.
- In order to enable this mode, step into /etc/postfix and:
-
- # cp postfix-script-sgid postfix-script
-
13 - Care and feeding of the Postfix system
===========================================
--- /dev/null
+#!/bin/sh
+
+# Sample Postfix installation script. Run this from the top-level
+# Postfix source directory.
+
+PATH=/bin:/usr/bin:/usr/sbin:/usr/etc:/sbin:/etc
+umask 022
+
+cat <<EOF
+
+Warning: this script replaces existing sendmail or Postfix programs.
+Make backups if you want to be able to recover.
+
+Otherwise, the script should be safe for installing or upgrading
+Postfix. Existing configuration and queue files are left alone;
+existing program files and scripts are replaced, not overwritten.
+This is safe unless you are sharing files over NFS.
+
+In particular, this script can be used to change Postfix from using
+a world-writable maildrop to a group-writable one.
+
+Before installing files, this script prompts you for some definitions.
+You can either edit this script ahead of time, or you can specify
+your changes interactively.
+
+ config_directory - directory with Postfix configuration files.
+ daemon_directory - directory with Postfix daemon programs.
+ command_directory - directory with Postfix administrative commands.
+ queue_directory - directory with Postfix queues.
+
+ sendmail_path - full pathname of the sendmail command.
+ newaliases_path - full pathname of the newaliases command.
+ mailq_path - full pathname of the mailq command.
+
+ owner - owner of Postfix queue files.
+
+ setgid - groupname, e.g., postdrop (default: no). See INSTALL section 12.
+ manpages - path to man tree (default: no). Example: /usr/local/man.
+
+EOF
+
+# Default settings, edit to taste or change interactively. Once this
+# script has run it saves settings to $config_directory/install.cf.
+
+# *BSD, LINUX
+config_directory=/etc/postfix
+daemon_directory=/usr/libexec/postfix
+command_directory=/usr/sbin
+queue_directory=/var/spool/postfix
+sendmail_path=/usr/sbin/sendmail
+newaliases_path=/usr/bin/newaliases
+mailq_path=/usr/bin/mailq
+owner=postfix
+setgid=no
+manpages=no
+
+# Solaris, System V.4
+#config_directory=/etc/postfix
+#daemon_directory=/usr/lib/postfix
+#command_directory=/usr/sbin
+#queue_directory=/var/spool/postfix
+#sendmail_path=/usr/lib/sendmail
+#newaliases_path=/usr/bin/newaliases
+#mailq_path=/usr/bin/mailq
+#owner=postfix
+#setgid=no
+#manpages=no
+
+# SunOS 4
+#config_directory=/etc/postfix
+#daemon_directory=/usr/lib/postfix
+#command_directory=/usr/etc
+#queue_directory=/var/spool/postfix
+#sendmail_path=/usr/lib/sendmail
+#newaliases_path=/usr/ucb/newaliases
+#mailq_path=/usr/ucb/mailq
+#owner=postfix
+#setgid=no
+#manpages=no
+
+test -f $config_directory/install.cf && . $config_directory/install.cf
+
+# By now, shells must have functions. Ultrix users must use sh5 or lose.
+
+compare_or_replace() {
+ cmp $2 $3 >/dev/null 2>&1 || {
+ cp $2 junk || exit 1
+ mv -f junk $3 || exit 1
+ chmod $1 $3 || exit 1
+ }
+}
+
+compare_or_symlink() {
+ cmp $1 $2 >/dev/null 2>&1 || {
+ ln -s $1 junk || exit 1
+ mv -f junk $2 || exit 1
+ }
+}
+
+compare_or_move() {
+ cmp $2 $3 >/dev/null 2>&1 || {
+ mv -f $2 $3 || exit 1
+ chmod $1 $3 || exit 1
+ }
+}
+
+# How to supress newlines in echo
+
+case `echo -n` in
+"") n=-n; c=;;
+ *) n=; c='\c';;
+esac
+
+for name in config_directory daemon_directory command_directory \
+ queue_directory sendmail_path newaliases_path mailq_path owner \
+ setgid manpages
+do
+ while :
+ do
+ eval echo \$n "$name: [\$$name]\ \$c"
+ read ans
+ case $ans in
+ "") break;;
+ *) eval $name=\$ans; break;;
+ esac
+ done
+done
+
+# Sanity checks
+
+for path in $config_directory $daemon_directory $command_directory \
+ $queue_directory $sendmail_path $newaliases_path $mailq_path $manpages
+do
+ case $path in
+ /*) ;;
+ no) ;;
+ *) echo "$path should be an absolute path name" 1>&2; exit 1;;
+ esac
+done
+
+grep "^$owner:" /etc/passwd >/dev/null || {
+ echo "$owner needs an entry in the passwd file" 1>&2
+ echo "Remember, $owner must have a dedicated user id and group id." 1>&2
+ exit 1
+}
+
+case $setgid in
+no) ;;
+ *) grep "^$setgid:" /etc/group >/dev/null || {
+ echo "$setgid needs an entry in the group file" 1>&2
+ echo "Remember, $setgid must have a dedicated group id." 1>&2
+ exit 1
+ }
+esac
+
+# Create any missing directories.
+
+test -d $config_directory || mkdir -p $config_directory || exit 1
+test -d $daemon_directory || mkdir -p $daemon_directory || exit 1
+test -d $command_directory || mkdir -p $command_directory || exit 1
+test -d $queue_directory || mkdir -p $queue_directory || exit 1
+
+# Save settings.
+
+(echo "# This file was generated by $0"
+for name in config_directory daemon_directory command_directory \
+ queue_directory sendmail_path newaliases_path mailq_path owner \
+ setgid manpages
+do
+ eval echo $name=\$$name
+done) >junk || exit 1
+compare_or_move a+x,go-w junk $config_directory/install.cf || exit 1
+rm -f junk
+
+# Install files. Be careful to not copy over running programs.
+
+for file in `ls libexec`
+do
+ compare_or_replace a+x,go-w libexec/$file $daemon_directory/$file || exit 1
+done
+
+for file in `ls bin | grep '^post'`
+do
+ compare_or_replace a+x,go-w bin/$file $command_directory/$file || exit 1
+done
+
+test -f bin/sendmail && {
+ compare_or_replace a+x,go-w bin/sendmail $sendmail_path || exit 1
+ compare_or_symlink $sendmail_path $newaliases_path
+ compare_or_symlink $sendmail_path $mailq_path
+}
+
+compare_or_replace a+r,go-w conf/LICENSE $config_directory/LICENSE || exit 1
+
+test -f $config_directory/main.cf || {
+ cp conf/* $config_directory || exit 1
+ chmod a+r,go-w $config_directory/* || exit 1
+ sed "
+ s;^daemon_directory .*;daemon_directory = $daemon_directory;
+ s;^command_directory .*;command_directory = $command_directory;
+ s;^queue_directory .*;queue_directory = $queue_directory;
+ s;^mail_owner .*;mail_owner = $mail_owner;
+ " conf/main.cf >$config_directory/main.cf || exit 1
+
+ echo "Warning: you still need to edit myorigin/mydestination in" 1>&2
+ echo "$config_directory/main.cf. See also html/faq.html for dialup" 1>&2
+ echo "sites or for sites inside a firewalled network." 1>&2
+ echo "" 1>&2
+ echo "BTW, Edit your alias database and be sure to set up aliases" 1>&2
+ echo "for root and postmaster, then run the newaliases command." 1>&2
+}
+
+# Use set-gid privileges instead of writable maildrop (optional).
+
+test -d $queue_directory/maildrop || {
+ mkdir -p $queue_directory/maildrop || exit 1
+ chown $owner $queue_directory/maildrop || exit 1
+}
+
+case $setgid in
+no)
+ chmod 1733 $queue_directory/maildrop || exit 1
+ chmod g-s $command_directory/postdrop || exit 1
+ postfix_script=conf/postfix-script-nosgid
+ ;;
+ *)
+ chgrp $setgid $command_directory/postdrop || exit 1
+ chmod g+s $command_directory/postdrop || exit 1
+ chgrp $setgid $queue_directory/maildrop || exit 1
+ chmod 1730 $queue_directory/maildrop || exit 1
+ postfix_script=conf/postfix-script-sgid
+ ;;
+esac
+
+compare_or_replace a+x,go-w $postfix_script $config_directory/postfix-script ||
+ exit 1
+
+# Install manual pages (optional). We just clobber whatever is there.
+
+case $manpages in
+no) ;;
+ *) test -d $manpages || mkdir -p $manpages || exit 1
+ (cd man && tar cf - man?) | (cd $manpages && tar xf -)
+esac
SHELL = /bin/sh
WARN = -Wmissing-prototypes
OPTS = "CC=$(CC)"
-DIRS = util global dns master postfix smtpstone fsstone sendmail error \
+DIRS = util global dns master postfix smtpstone sendmail error \
pickup cleanup smtpd local trivial-rewrite qmgr smtp bounce pipe \
showq postalias postcat postconf postdrop postkick postlock postlog \
postmap postsuper # man html
-Incompatible changes with postfix-19990904
+Incompatible changes with postfix-19990906
==========================================
- On systems that use user.lock files to protect system mailboxes
- The Postfix to PCRE interface now expects PCRE version 2.08.
Postfix is no longer compatible with PCRE versions prior to 2.06.
-Major changes with postfix-19990904
+Major changes with postfix-19990906
===================================
Several bugfixes, none related to security. See the HISTORY file
license does have a requirement that contributors make source code
available.
+- INSTALL.sh install/upgrade procedure that replaces existing
+programs and shell scripts instead of overwriting them, and that
+leaves existing queue files and configuration files alone.
+
- The ugly Delivered-To: header can now be turned off selectively.
The default setting is: "prepend_delivered_header = command, file,
forward". Turning off the Delivered-To: header when forwarding
# The command_directory parameter specifies the location of all
# postXXX commands. The default value is $program_directory.
#
-#command_directory = /usr/sbin
+command_directory = /usr/sbin
# The daemon_directory parameter specifies the location of all Postfix
# daemon programs (i.e. programs listed in the master.cf file). The
# default value is $program_directory. This directory must be owned
# by root.
#
-#daemon_directory = /usr/libexec/postfix
+daemon_directory = /usr/libexec/postfix
# QUEUE AND PROCESS OWNERSHIP
#
# OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM. In particular,
# don't specify nobody or daemon. PLEASE USE A DEDICATED USER.
#
-#mail_owner = postfix
+mail_owner = postfix
# The default_privs parameter specifies the default rights used by
# the local delivery agent for delivery to external file or command.
# reject_unknown_sender_domain: reject sender domain without A or MX record.
# check_relay_domains: permit only mail from/to domains in $relay_domains.
# reject_unauth_destination: reject mail not to domains in $relay_domains.
+# reject_unauth_pipelining: reject mail from improperly pipelining spamware
# permit_mx_backup: accept mail for sites that list me as MX host.
# reject_unknown_recipient_domain: reject domains without A or MX record.
# check_recipient_access maptype:mapname
* Version of this program.
*/
#define VAR_MAIL_VERSION "mail_version"
-#define DEF_MAIL_VERSION "Snapshot-19990905"
+#define DEF_MAIL_VERSION "Postfix-19990906"
extern char *var_mail_version;
/* LICENSE
<dt> <b><a href="#reject">reject</a></b>
+<dt> <b><a href="#reject_unauth_pipelining">reject_unauth_pipelining</a></b>
+
<dd> See generic restrictions.
</dl>
<dt> <b><a href="#reject">reject</a></b>
+<dt> <b><a href="#reject_unauth_pipelining">reject_unauth_pipelining</a></b>
+
<dd> See generic restrictions.
</dl>
<dt> <b><a href="#reject">reject</a></b>
+<dt> <b><a href="#reject_unauth_pipelining">reject_unauth_pipelining</a></b>
+
<dd> See generic restrictions.
</dl>
<a name="reject_unauth_destination">
<dt> <b>reject_unauth_destination</b> <dd> Ignore the client
-hostname. Permit the request when the resolved destination address
-matches <a href="#relay_domains"> $relay_domains</a>, otherwise
-reject. The <b>relay_domains_reject_code</b> parameter specifies
-the response code for rejected requests (default: <b>554</b>).
+hostname. Reject the request when the resolved destination address
+does not match <a href="#relay_domains"> $relay_domains</a>. The
+<b>relay_domains_reject_code</b> parameter specifies the response
+code for rejected requests (default: <b>554</b>).
<p>
<dt> <b><a href="#reject">reject</a></b>
+<dt> <b><a href="#reject_unauth_pipelining">reject_unauth_pipelining</a></b>
+
<dd> See generic restrictions.
</dl>
<dt> <b><a href="#reject">reject</a></b>
+<dt> <b><a href="#reject_unauth_pipelining">reject_unauth_pipelining</a></b>
+
<dd> See generic restrictions.
</dl>
specifies the response code to rejected requests (default:
<b>554</b>).
+<p>
+
+<a name="reject_unauth_pipelining">
+
+<dt> <b>reject_unauth_pipelining</b> <dd> Reject the request when
+the client sends SMTP commands ahead of time without knowing that
+Postfix actually supports SMTP command pipelining. This stops mail
+from bulk mail software that improperly uses SMTP command pipelining
+to speed up deliveries.
+
</dl>
</dl>
--- /dev/null
+Host: P233 BSD/OS 3.1 smtp-source and smtp-sink on the same host,
+100 msgs in 10 sessions.
+
+send = time to send 100 msgs into postfix
+rest = time for Postfix to finish
+total = total elapsed time
+
+19990627
+
+send rest total
+14 10 25
+10 8 18
+ 9 10 19
+ 9 17 26
+ 8 11 19
+ 8 9 17
+
+19990906
+
+send rest total
+10 15 25
+ 9 10 19
+ 8 9 17
+ 9 8 17
+ 8 9 17
+ 9 8 17
+ 8 9 17
+ 8 8 16
projects / thirdparty / postfix.git / commitdiff
