sites that used permit_mx_backup to authorize all their
incoming mail.
+20051122
+
+ Feature: sender_relayhost_maps, lookup tables that specify
+ a per-sender override for the relayhost parameter setting.
+ This is an extended version of a patch by Mathias Hasselmann.
+ Files: trivial-rewrite/resolve.c, trivial-rewrite/transport.c,
+ *qmgr/qmgr_message.c.
+
+ Feature: address_verify_sender_relayhost_maps, for consistency
+ with the other address_verify_mumble parameters.
+
+20051124
+
+ Feature: smtp_per_sender_auth, to enable per-sender SASL
+ authentication. This disables SMTP connection caching to
+ ensure that mail from different senders will be delivered
+ with the appropriate credentials. This is an extended version
+ of a patch by Mathias Hasselmann. Files: smtp/smtp_connect.c,
+ smtp/smtp_sasl_glue.c.
+
Open problems:
"postsuper -r" no longer resets the message arrival time,
Med: separate ulimit for delivery to command?
- Med: option to open queue file early, after MAIL FROM.
-
- Low: log xdelay (esp. for SMTP and delivery to command).
+ Med: option to open queue file early, after MAIL FROM. This
+ would allow correlation of rejected RCPT TO requests with
+ accepted requests for the same mail transaction.
Med: silly queue file bit so that the queue manager doesn't
skip files when fast flush is requested while a queue scan
is in progress. The bit is set by the flush server and is
reset when the mail is deferred, so that it survives queue
- manager restart.
+ manager restart. It's not clear, however, how one would
+ unthrottle disabled transports or queues.
Med: postsuper -r should do something with recipients in
bounce logfiles.
If you upgrade from Postfix 2.1 or earlier, read RELEASE_NOTES-2.2
before proceeding.
+Major changes with snapshot 20051124
+====================================
+
+This snapshot adds support for sender-dependent ISP accounts.
+
+- Per-sender relayhost support, with the sender_relayhost_maps
+ feature. The maps are searched with the sender address and with
+ the sender @domain. The result overrides the global relayhost
+ setting, but otherwise has identical behavior.
+
+ Example: sender_relayhost_maps = hash:/etc/postfix/sender_relay
+
+- Per-sender SASL authentication support. This disables SMTP
+ connection caching to ensure that mail from different senders
+ will use the correct authentication credentials.
+
+ Example: smtp_per_sender_authentication = yes
+
Incompatibility with snapshot 20051121
======================================
-# TRANSPORT(5) TRANSPORT(5)
+# TRANSPORT(5) TRANSPORT(5)
#
# NAME
# transport - Postfix transport table format
#
# DESCRIPTION
# The optional transport(5) table specifies a mapping from
-# email addresses to message delivery transports and/or
-# relay hosts. The mapping is used by the trivial-rewrite(8)
+# email addresses to message delivery transports and next-
+# hop hosts. The table is searched by the trivial-rewrite(8)
# daemon.
#
-# This mapping overrides the default routing that is built
-# into Postfix:
-#
-# mydestination
-# A list of domains that is by default delivered via
-# $local_transport. This also includes domains that
-# match $inet_interfaces or $proxy_interfaces.
-#
-# virtual_mailbox_domains
-# A list of domains that is by default delivered via
-# $virtual_transport.
-#
-# relay_domains
-# A list of domains that is by default delivered via
-# $relay_transport.
-#
-# any other destination
-# Mail for any other destination is by default deliv-
-# ered via $default_transport.
-#
-# Normally, the transport(5) table is specified as a text
-# file that serves as input to the postmap(1) command. The
-# result, an indexed file in dbm or db format, is used for
-# fast searching by the mail system. Execute the command
-# "postmap /etc/postfix/transport" in order to rebuild the
+# This mapping overrides the default transport:nexthop
+# selection that is built into Postfix:
+#
+# local_transport (default: local:$myhostname)
+# This is the default for final delivery to domains
+# listed with mydestination, and for [ipaddress] des-
+# tinations that match $inet_interfaces or
+# $proxy_interfaces. The default nexthop destination
+# is the MTA hostname.
+#
+# virtual_transport (default: virtual:)
+# This is the default for final delivery to domains
+# listed with virtual_mailbox_domains. The default
+# nexthop destination is the recipient domain.
+#
+# relay_transport (default: relay:)
+# This is the default for remote delivery to domains
+# listed with relay_domains. In order of decreasing
+# precedence, the nexthop destination is taken from
+# relay_transport, sender_relayhost_maps, relayhost,
+# or from the recipient domain.
+#
+# default_transport (default: smtp:)
+# This is the default for remote delivery to other
+# destinations. In order of decreasing precedence,
+# the nexthop destination is taken from
+# default_transport, sender_relayhost_maps, relay-
+# host, or from the recipient domain.
+#
+# Normally, the transport(5) table is specified as a text
+# file that serves as input to the postmap(1) command. The
+# result, an indexed file in dbm or db format, is used for
+# fast searching by the mail system. Execute the command
+# "postmap /etc/postfix/transport" in order to rebuild the
# indexed file after changing the transport table.
#
-# When the table is provided via other means such as NIS,
-# LDAP or SQL, the same lookups are done as for ordinary
+# When the table is provided via other means such as NIS,
+# LDAP or SQL, the same lookups are done as for ordinary
# indexed files.
#
-# Alternatively, the table can be provided as a regular-
+# Alternatively, the table can be provided as a regular-
# expression map where patterns are given as regular expres-
-# sions, or lookups can be directed to TCP-based server. In
-# that case, the lookups are done in a slightly different
-# way as described below under "REGULAR EXPRESSION TABLES"
+# sions, or lookups can be directed to TCP-based server. In
+# that case, the lookups are done in a slightly different
+# way as described below under "REGULAR EXPRESSION TABLES"
# and "TCP-BASED TABLES".
#
# TABLE FORMAT
# domain, use the corresponding result.
#
# blank lines and comments
-# Empty lines and whitespace-only lines are ignored,
-# as are lines whose first non-whitespace character
+# Empty lines and whitespace-only lines are ignored,
+# as are lines whose first non-whitespace character
# is a `#'.
#
# multi-line text
-# A logical line starts with non-whitespace text. A
-# line that starts with whitespace continues a logi-
+# A logical line starts with non-whitespace text. A
+# line that starts with whitespace continues a logi-
# cal line.
#
-# The pattern specifies an email address, a domain name, or
-# a domain name hierarchy, as described in section "TABLE
+# The pattern specifies an email address, a domain name, or
+# a domain name hierarchy, as described in section "TABLE
# LOOKUP".
#
-# The result is of the form transport:nexthop and specifies
+# The result is of the form transport:nexthop and specifies
# how or where to deliver mail. This is described in section
# "RESULT FORMAT".
#
# TABLE SEARCH ORDER
# With lookups from indexed files such as DB or DBM, or from
-# networked tables such as NIS, LDAP or SQL, patterns are
+# networked tables such as NIS, LDAP or SQL, patterns are
# tried in the order as listed below:
#
# user+extension@domain transport:nexthop
-# Deliver mail for user+extension@domain through
+# Deliver mail for user+extension@domain through
# transport to nexthop.
#
# user@domain transport:nexthop
-# Deliver mail for user@domain through transport to
+# Deliver mail for user@domain through transport to
# nexthop.
#
# domain transport:nexthop
-# Deliver mail for domain through transport to nex-
+# Deliver mail for domain through transport to nex-
# thop.
#
# .domain transport:nexthop
-# Deliver mail for any subdomain of domain through
-# transport to nexthop. This applies only when the
-# string transport_maps is not listed in the par-
-# ent_domain_matches_subdomains configuration set-
-# ting. Otherwise, a domain name matches itself and
+# Deliver mail for any subdomain of domain through
+# transport to nexthop. This applies only when the
+# string transport_maps is not listed in the par-
+# ent_domain_matches_subdomains configuration set-
+# ting. Otherwise, a domain name matches itself and
# its subdomains.
#
# Note 1: the special pattern * represents any address (i.e.
# it functions as the wild-card pattern).
#
-# Note 2: the null recipient address is looked up as
+# Note 2: the null recipient address is looked up as
# $empty_address_recipient@$myhostname (default: mailer-dae-
# mon@hostname).
#
-# Note 3: user@domain or user+extension@domain lookup is
+# Note 3: user@domain or user+extension@domain lookup is
# available in Postfix 2.0 and later.
#
# RESULT FORMAT
-# The lookup result is of the form transport:nexthop. The
-# transport field specifies a mail delivery transport such
-# as smtp or local. The nexthop field specifies where and
+# The lookup result is of the form transport:nexthop. The
+# transport field specifies a mail delivery transport such
+# as smtp or local. The nexthop field specifies where and
# how to deliver mail.
#
-# The transport field specifies the name of a mail delivery
+# The transport field specifies the name of a mail delivery
# transport (the first name of a mail delivery service entry
# in the Postfix master.cf file).
#
-# The interpretation of the nexthop field is transport
-# dependent. In the case of SMTP, specify a service on a
-# non-default port as host:service, and disable MX (mail
-# exchanger) DNS lookups with [host] or [host]:port. The []
+# The interpretation of the nexthop field is transport
+# dependent. In the case of SMTP, specify a service on a
+# non-default port as host:service, and disable MX (mail
+# exchanger) DNS lookups with [host] or [host]:port. The []
# form is required when you specify an IP address instead of
# a hostname.
#
-# A null transport and null nexthop result means "do not
-# change": use the delivery transport and nexthop informa-
-# tion that would be used when the entire transport table
+# A null transport and null nexthop result means "do not
+# change": use the delivery transport and nexthop informa-
+# tion that would be used when the entire transport table
# did not exist.
#
-# A non-null transport field with a null nexthop field
+# A non-null transport field with a null nexthop field
# resets the nexthop information to the recipient domain.
#
-# A null transport field with non-null nexthop field does
+# A null transport field with non-null nexthop field does
# not modify the transport information.
#
# EXAMPLES
-# In order to deliver internal mail directly, while using a
-# mail relay for all other mail, specify a null entry for
-# internal destinations (do not change the delivery trans-
-# port or the nexthop information) and specify a wildcard
+# In order to deliver internal mail directly, while using a
+# mail relay for all other mail, specify a null entry for
+# internal destinations (do not change the delivery trans-
+# port or the nexthop information) and specify a wildcard
# for all other destinations.
#
# my.domain :
# .my.domain :
# * smtp:outbound-relay.my.domain
#
-# In order to send mail for example.com and its subdomains
+# In order to send mail for example.com and its subdomains
# via the uucp transport to the UUCP host named example:
#
# example.com uucp:example
# .example.com uucp:example
#
-# When no nexthop host name is specified, the destination
-# domain name is used instead. For example, the following
-# directs mail for user@example.com via the slow transport
-# to a mail exchanger for example.com. The slow transport
+# When no nexthop host name is specified, the destination
+# domain name is used instead. For example, the following
+# directs mail for user@example.com via the slow transport
+# to a mail exchanger for example.com. The slow transport
# could be configured to run at most one delivery process at
# a time:
#
# example.com slow:
#
# When no transport is specified, Postfix uses the transport
-# that matches the address domain class (see DESCRIPTION
-# above). The following sends all mail for example.com and
+# that matches the address domain class (see DESCRIPTION
+# above). The following sends all mail for example.com and
# its subdomains to host gateway.example.com:
#
# example.com :[gateway.example.com]
# .example.com :[gateway.example.com]
#
-# In the above example, the [] suppress MX lookups. This
-# prevents mail routing loops when your machine is primary
+# In the above example, the [] suppress MX lookups. This
+# prevents mail routing loops when your machine is primary
# MX host for example.com.
#
-# In the case of delivery via SMTP, one may specify host-
+# In the case of delivery via SMTP, one may specify host-
# name:service instead of just a host:
#
# example.com smtp:bar.example:2025
#
# The error mailer can be used to bounce mail:
#
-# .example.com error:mail for *.example.com is not
+# .example.com error:mail for *.example.com is not
# deliverable
#
-# This causes all mail for user@anything.example.com to be
+# This causes all mail for user@anything.example.com to be
# bounced.
#
# REGULAR EXPRESSION TABLES
-# This section describes how the table lookups change when
+# This section describes how the table lookups change when
# the table is given in the form of regular expressions. For
-# a description of regular expression lookup table syntax,
+# a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5).
#
-# Each pattern is a regular expression that is applied to
-# the entire address being looked up. Thus,
-# some.domain.hierarchy is not looked up via its parent
-# domains, nor is user+foo@domain looked up as user@domain.
+# Each pattern is a regular expression that is applied to
+# the entire address being looked up. Thus,
+# some.domain.hierarchy is not looked up via its parent
+# domains, nor is user+foo@domain looked up as user@domain.
#
-# Patterns are applied in the order as specified in the
-# table, until a pattern is found that matches the search
+# Patterns are applied in the order as specified in the ta-
+# ble, until a pattern is found that matches the search
# string.
#
-# Results are the same as with indexed file lookups, with
-# the additional feature that parenthesized substrings from
+# Results are the same as with indexed file lookups, with
+# the additional feature that parenthesized substrings from
# the pattern can be interpolated as $1, $2 and so on.
#
# TCP-BASED TABLES
-# This section describes how the table lookups change when
+# This section describes how the table lookups change when
# lookups are directed to a TCP-based server. For a descrip-
-# tion of the TCP client/server lookup protocol, see
-# tcp_table(5). This feature is not available up to and
-# including Postfix version 2.2.
+# tion of the TCP client/server lookup protocol, see tcp_ta-
+# ble(5). This feature is not available up to and including
+# Postfix version 2.2.
#
-# Each lookup operation uses the entire recipient address
-# once. Thus, some.domain.hierarchy is not looked up via
-# its parent domains, nor is user+foo@domain looked up as
+# Each lookup operation uses the entire recipient address
+# once. Thus, some.domain.hierarchy is not looked up via
+# its parent domains, nor is user+foo@domain looked up as
# user@domain.
#
# Results are the same as with indexed file lookups.
#
# CONFIGURATION PARAMETERS
-# The following main.cf parameters are especially relevant.
-# The text below provides only a parameter summary. See
+# The following main.cf parameters are especially relevant.
+# The text below provides only a parameter summary. See
# postconf(5) for more details including examples.
#
# empty_address_recipient
-# The address that is looked up instead of the null
+# The address that is looked up instead of the null
# sender address.
#
# parent_domain_matches_subdomains
-# List of Postfix features that use domain.tld pat-
-# terns to match sub.domain.tld (as opposed to
+# List of Postfix features that use domain.tld pat-
+# terns to match sub.domain.tld (as opposed to
# requiring .domain.tld patterns).
#
# transport_maps
# postmap(1), Postfix lookup table manager
#
# README FILES
-# Use "postconf readme_directory" or "postconf html_direc-
+# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
# DATABASE_README, Postfix lookup table overview
# FILTER_README, external content filter
#
# LICENSE
-# The Secure Mailer license must be distributed with this
+# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)
# P.O. Box 704
# Yorktown Heights, NY 10598, USA
#
-# TRANSPORT(5)
+# TRANSPORT(5)
</p>
+</DD>
+
+<DT><b><a name="address_verify_sender_relayhost_maps">address_verify_sender_relayhost_maps</a>
+(default: empty)</b></DT><DD>
+
+<p>
+Overrides the <a href="postconf.5.html#sender_relayhost_maps">sender_relayhost_maps</a> parameter setting for address
+verification probes.
+</p>
+
+<p>
+This feature is available in Postfix 2.3 and later.
+</p>
+
+
</DD>
<DT><b><a name="address_verify_service_name">address_verify_service_name</a>
</DD>
<DT><b><a name="local_transport">local_transport</a>
-(default:
local:$<a href="postconf.5.html#myhostname">myhostname</a>)</b></DT><DD>
+(default:
<a href="local.8.html">local</a>:$<a href="postconf.5.html#myhostname">myhostname</a>)</b></DT><DD>
<p> The default mail delivery transport for domains that match
$<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. This
(default: no)</b></DT><DD>
<p>
-This parameter should not be used.
+This parameter should not be used. It was replaced by <a href="postconf.5.html#sender_relayhost_maps">sender_relayhost_maps</a>
+in Postfix 2.3.
</p>
</pre>
+</DD>
+
+<DT><b><a name="sender_relayhost_maps">sender_relayhost_maps</a>
+(default: empty)</b></DT><DD>
+
+<p> A sender-specific override for the global <a href="postconf.5.html#relayhost">relayhost</a> parameter
+setting. The tables are searched by the sender address and by the
+sender @domain. </p>
+
+<p>
+This feature is available in Postfix 2.3 and later.
+</p>
+
+
</DD>
<DT><b><a name="sendmail_path">sendmail_path</a>
<ul>
-<li> if mail is sent without a relay host: a domain name (the
+<li> if mail is sent without a <a href="postconf.5.html#relayhost">relay host</a>: a domain name (the
right-hand side of an email address, without the [] around a numeric
IP address),
-<li> if mail is sent via a relay host: a relay host name (without
+<li> if mail is sent via a <a href="postconf.5.html#relayhost">relay host</a>: a <a href="postconf.5.html#relayhost">relay host</a> name (without
[] or non-default TCP port), as specified in main.cf or in the
transport map,
-<li> a /file/name with domain names and/or relay host names as
+<li> a /file/name with domain names and/or <a href="postconf.5.html#relayhost">relay host</a> names as
defined above,
<li> a "<a href="DATABASE_README.html">type:table</a>" with domain names and/or relay hosts name on
(default: 2)</b></DT><DD>
<p> The maximal number of SMTP sessions per delivery request before
-giving up or delivering to a fall-back relay host, or zero (no
+giving up or delivering to a fall-back <a href="postconf.5.html#relayhost">relay host</a>, or zero (no
limit). This restriction ignores sessions that fail to complete the
SMTP initial handshake (Postfix 2.2 and earlier) or that fail to
complete the EHLO and TLS handshake (Postfix 2.3 and later). </p>
<a href="postconf.5.html#smtp_always_send_ehlo">smtp_always_send_ehlo</a> parameter. </p>
+</DD>
+
+<DT><b><a name="smtp_per_sender_authentication">smtp_per_sender_authentication</a>
+(default: no)</b></DT><DD>
+
+<p>
+Enable per-sender authentication in the SMTP client; this is available
+only with SASL authentication, and disables SMTP connection caching
+to ensure that mail from different senders will use the appropriate
+credentials.
+</p>
+
+<p>
+This feature is available in Postfix 2.3 and later.
+</p>
+
+
</DD>
<DT><b><a name="smtp_pix_workaround_delay_time">smtp_pix_workaround_delay_time</a>
<p>
Optional SMTP client lookup tables with one username:password entry
-per remote hostname or domain. If a remote host or domain has no
-username:password entry, then the Postfix SMTP client will not
+per remote hostname or domain (or per sender address, when per-sender
+authentication is enabled). If no username:password entry is found,
+then the Postfix SMTP client will not
attempt to authenticate to the remote host.
</p>
<b><a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a> (empty)</b>
Optional SMTP client lookup tables with one user-
- name:password entry per remote hostname or domain.
+ name:password entry per remote hostname or domain
+ (or per sender, when per-sender authentication is
+ enabled).
<b><a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a> (noplaintext, noanonymous)</b>
- What authentication mechanisms the Postfix SMTP
+ What authentication mechanisms the Postfix SMTP
client is allowed to use.
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> (empty)</b>
- If non-empty, a Postfix SMTP client filter for the
- remote SMTP server's list of offered SASL mecha-
+ If non-empty, a Postfix SMTP client filter for the
+ remote SMTP server's list of offered SASL mecha-
nisms.
+ Available in Postfix version 2.3 and later:
+
+ <b><a href="postconf.5.html#smtp_per_sender_authentication">smtp_per_sender_authentication</a> (no)</b>
+ Enable per-sender authentication in the SMTP
+ client; this is available only with SASL authenti-
+ cation, and disables SMTP connection caching to
+ ensure that mail from different senders will use
+ the appropriate credentials.
+
<b>STARTTLS SUPPORT CONTROLS</b>
- Detailed information about STARTTLS configuration may be
+ Detailed information about STARTTLS configuration may be
found in the <a href="TLS_README.html">TLS_README</a> document.
<b><a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> (no)</b>
- Opportunistic mode: use TLS when a remote SMTP
- server announces STARTTLS support, otherwise send
+ Opportunistic mode: use TLS when a remote SMTP
+ server announces STARTTLS support, otherwise send
the mail in the clear.
<b><a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> (no)</b>
- Enforcement mode: require that remote SMTP servers
- use TLS encryption, and never send mail in the
+ Enforcement mode: require that remote SMTP servers
+ use TLS encryption, and never send mail in the
clear.
<b><a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a> ($<a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_secu</a>-</b>
<b><a href="postconf.5.html#smtp_sasl_security_options">rity_options</a>)</b>
- The SASL authentication security options that the
- Postfix SMTP client uses for TLS encrypted SMTP
+ The SASL authentication security options that the
+ Postfix SMTP client uses for TLS encrypted SMTP
sessions.
<b><a href="postconf.5.html#smtp_starttls_timeout">smtp_starttls_timeout</a> (300s)</b>
- Time limit for Postfix SMTP client write and read
- operations during TLS startup and shutdown hand-
+ Time limit for Postfix SMTP client write and read
+ operations during TLS startup and shutdown hand-
shake procedures.
<b><a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> (empty)</b>
- The file with the certificate of the certification
- authority (CA) that issued the Postfix SMTP client
+ The file with the certificate of the certification
+ authority (CA) that issued the Postfix SMTP client
certificate.
<b><a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> (empty)</b>
- Directory with PEM format certificate authority
- certificates that the Postfix SMTP client uses to
+ Directory with PEM format certificate authority
+ certificates that the Postfix SMTP client uses to
verify a remote SMTP server certificate.
<b><a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> (empty)</b>
- File with the Postfix SMTP client RSA certificate
+ File with the Postfix SMTP client RSA certificate
in PEM format.
<b><a href="postconf.5.html#smtp_tls_cipherlist">smtp_tls_cipherlist</a> (empty)</b>
- Controls the Postfix SMTP client TLS cipher selec-
+ Controls the Postfix SMTP client TLS cipher selec-
tion scheme.
<b><a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> (empty)</b>
- File with the Postfix SMTP client DSA certificate
+ File with the Postfix SMTP client DSA certificate
in PEM format.
<b><a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a> ($<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>)</b>
- File with the Postfix SMTP client DSA private key
+ File with the Postfix SMTP client DSA private key
in PEM format.
<b><a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> (yes)</b>
- When TLS encryption is enforced, require that the
+ When TLS encryption is enforced, require that the
remote SMTP server hostname matches the information
in the remote SMTP server certificate.
<b><a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a> ($<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>)</b>
- File with the Postfix SMTP client RSA private key
+ File with the Postfix SMTP client RSA private key
in PEM format.
<b><a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a> (0)</b>
- Enable additional Postfix SMTP client logging of
+ Enable additional Postfix SMTP client logging of
TLS activity.
<b><a href="postconf.5.html#smtp_tls_note_starttls_offer">smtp_tls_note_starttls_offer</a> (no)</b>
- Log the hostname of a remote SMTP server that
- offers STARTTLS, when TLS is not already enabled
+ Log the hostname of a remote SMTP server that
+ offers STARTTLS, when TLS is not already enabled
for that server.
<b><a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> (empty)</b>
Optional lookup tables with the Postfix SMTP client
- TLS usage policy by next-hop domain name and by
+ TLS usage policy by next-hop domain name and by
remote SMTP server hostname.
<b><a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> (5)</b>
- The verification depth for remote SMTP server cer-
+ The verification depth for remote SMTP server cer-
tificates.
<b><a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> (empty)</b>
- Name of the file containing the optional Postfix
+ Name of the file containing the optional Postfix
SMTP client TLS session cache.
<b><a href="postconf.5.html#smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a> (3600s)</b>
sion cache information.
<b><a href="postconf.5.html#tls_daemon_random_bytes">tls_daemon_random_bytes</a> (32)</b>
- The
number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a>
- or
<a href="smtpd.8.html"><b>smtpd</b>(8)</a> process requests from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a>
- server in order to seed its internal pseudo random
+ The
number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a>
+ or
<a href="smtpd.8.html"><b>smtpd</b>(8)</a> process requests from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a>
+ server in order to seed its internal pseudo random
number generator (PRNG).
<b>RESOURCE AND RATE CONTROLS</b>
<b><a href="postconf.5.html#smtp_destination_concurrency_limit">smtp_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destina</a>-</b>
<b><a href="postconf.5.html#default_destination_concurrency_limit">tion_concurrency_limit</a>)</b>
- The maximal number of parallel deliveries to the
- same destination via the smtp message delivery
+ The maximal number of parallel deliveries to the
+ same destination via the smtp message delivery
transport.
<b><a href="postconf.5.html#smtp_destination_recipient_limit">smtp_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destina</a>-</b>
<b><a href="postconf.5.html#default_destination_recipient_limit">tion_recipient_limit</a>)</b>
- The maximal number of recipients per delivery via
+ The maximal number of recipients per delivery via
the smtp message delivery transport.
<b><a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a> (30s)</b>
- The SMTP client time limit for completing a TCP
+ The SMTP client time limit for completing a TCP
connection, or zero (use the operating system
built-in time limit).
<b><a href="postconf.5.html#smtp_helo_timeout">smtp_helo_timeout</a> (300s)</b>
- The SMTP client time limit for sending the HELO or
- EHLO command, and for receiving the initial server
+ The SMTP client time limit for sending the HELO or
+ EHLO command, and for receiving the initial server
response.
<b><a href="postconf.5.html#smtp_xforward_timeout">smtp_xforward_timeout</a> (300s)</b>
command, and for receiving the server response.
<b><a href="postconf.5.html#smtp_mail_timeout">smtp_mail_timeout</a> (300s)</b>
- The SMTP client time limit for sending the MAIL
- FROM command, and for receiving the server
+ The SMTP client time limit for sending the MAIL
+ FROM command, and for receiving the server
response.
<b><a href="postconf.5.html#smtp_rcpt_timeout">smtp_rcpt_timeout</a> (300s)</b>
- The SMTP client time limit for sending the SMTP
- RCPT TO command, and for receiving the server
+ The SMTP client time limit for sending the SMTP
+ RCPT TO command, and for receiving the server
response.
<b><a href="postconf.5.html#smtp_data_init_timeout">smtp_data_init_timeout</a> (120s)</b>
- The SMTP client time limit for sending the SMTP
- DATA command, and for receiving the server
+ The SMTP client time limit for sending the SMTP
+ DATA command, and for receiving the server
response.
<b><a href="postconf.5.html#smtp_data_xfer_timeout">smtp_data_xfer_timeout</a> (180s)</b>
- The SMTP client time limit for sending the SMTP
+ The SMTP client time limit for sending the SMTP
message content.
<b><a href="postconf.5.html#smtp_data_done_timeout">smtp_data_done_timeout</a> (600s)</b>
- The SMTP client time limit for sending the SMTP
+ The SMTP client time limit for sending the SMTP
".", and for receiving the server response.
<b><a href="postconf.5.html#smtp_quit_timeout">smtp_quit_timeout</a> (300s)</b>
- The SMTP client time limit for sending the QUIT
+ The SMTP client time limit for sending the QUIT
command, and for receiving the server response.
Available in Postfix version 2.1 and later:
lookups, or zero (no limit).
<b><a href="postconf.5.html#smtp_mx_session_limit">smtp_mx_session_limit</a> (2)</b>
- The maximal number of SMTP sessions per delivery
- request before giving up or delivering to a fall-
- back relay host, or zero (no limit).
+ The maximal number of SMTP sessions per delivery
+ request before giving up or delivering to a fall-
+ back <a href="postconf.5.html#relayhost">relay host</a>, or zero (no limit).
<b><a href="postconf.5.html#smtp_rset_timeout">smtp_rset_timeout</a> (20s)</b>
- The SMTP client time limit for sending the RSET
+ The SMTP client time limit for sending the RSET
command, and for receiving the server response.
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> (empty)</b>
- Permanently enable SMTP connection caching for the
+ Permanently enable SMTP connection caching for the
specified destinations.
<b><a href="postconf.5.html#smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a> (yes)</b>
- Temporarily enable SMTP connection caching while a
+ Temporarily enable SMTP connection caching while a
destination has a high volume of mail in the active
queue.
<b><a href="postconf.5.html#smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a> (2s)</b>
When SMTP connection caching is enabled, the amount
- of time that an unused SMTP client socket is kept
+ of time that an unused SMTP client socket is kept
open before it is closed.
<b>TROUBLE SHOOTING CONTROLS</b>
<b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
- The increment in verbose logging level when a
- remote client or server matches a pattern in the
+ The increment in verbose logging level when a
+ remote client or server matches a pattern in the
<a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
<b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
- Optional list of remote client or server hostname
- or network address patterns that cause the verbose
- logging level to increase by the amount specified
+ Optional list of remote client or server hostname
+ or network address patterns that cause the verbose
+ logging level to increase by the amount specified
in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
<b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b>
- The recipient of postmaster notifications about
- mail delivery problems that are caused by policy,
+ The recipient of postmaster notifications about
+ mail delivery problems that are caused by policy,
resource, software or protocol errors.
<b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
- The list of error classes that are reported to the
+ The list of error classes that are reported to the
postmaster.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#best_mx_transport">best_mx_transport</a> (empty)</b>
- Where the Postfix SMTP client should deliver mail
+ Where the Postfix SMTP client should deliver mail
when it detects a "mail loops back to myself" error
condition.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix main.cf and
+ The default location of the Postfix main.cf and
master.cf configuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to
- handle a request before it is terminated by a
+ How much time a Postfix daemon process may take to
+ handle a request before it is terminated by a
built-in watchdog timer.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
- The maximal number of digits after the decimal
+ The maximal number of digits after the decimal
point when logging sub-second delay values.
<b><a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> (no)</b>
- Disable DNS lookups in the Postfix SMTP and LMTP
+ Disable DNS lookups in the Postfix SMTP and LMTP
clients.
<b><a href="postconf.5.html#fallback_relay">fallback_relay</a> (empty)</b>
- Optional list of relay hosts for SMTP destinations
+ Optional list of relay hosts for SMTP destinations
that can't be found or that are unreachable.
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b>
tem receives mail on.
<b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (ipv4)</b>
- The Internet protocols Postfix will attempt to use
+ The Internet protocols Postfix will attempt to use
when making or accepting connections.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
over an internal communication channel.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix
- daemon process waits for the next service request
+ The maximum amount of time that an idle Postfix
+ daemon process waits for the next service request
before exiting.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of connection requests before a
+ The maximal number of connection requests before a
Postfix daemon process terminates.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
+ The process ID of a Postfix command or daemon
process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
+ The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b>
The network interface addresses that this mail sys-
- tem receives mail on by way of a proxy or network
+ tem receives mail on by way of a proxy or network
address translation unit.
<b><a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> (empty)</b>
An optional numerical network address that the SMTP
- client should bind to when making an IPv4 connec-
+ client should bind to when making an IPv4 connec-
tion.
<b><a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> (empty)</b>
An optional numerical network address that the SMTP
- client should bind to when making an IPv6 connec-
+ client should bind to when making an IPv6 connec-
tion.
<b><a href="postconf.5.html#smtp_helo_name">smtp_helo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
- The hostname to send in the SMTP EHLO or HELO com-
+ The hostname to send in the SMTP EHLO or HELO com-
mand.
<b><a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a> (dns)</b>
- What mechanisms when the SMTP client uses to look
+ What mechanisms when the SMTP client uses to look
up a host's IP address.
<b><a href="postconf.5.html#smtp_randomize_addresses">smtp_randomize_addresses</a> (yes)</b>
- Randomize the order of equal-preference MX host
+ Randomize the order of equal-preference MX host
addresses.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
+ The mail system name that is prepended to the
+ process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
<b>SEE ALSO</b>
<a href="TLS_README.html">TLS_README</a>, Postfix STARTTLS howto
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
<b>DESCRIPTION</b>
The optional <a href="transport.5.html"><b>transport</b>(5)</a> table specifies a mapping from
- email addresses to message delivery transports and/or
-
relay hosts. The mapping is used by the <a href="trivial-rewrite.8.html"><b>trivial-rewrite</b>(8)</a>
+ email addresses to message delivery transports and next-
+
hop hosts. The table is searched by the <a href="trivial-rewrite.8.html"><b>trivial-rewrite</b>(8)</a>
daemon.
- This mapping overrides the default routing that is built
- into Postfix:
-
- <b><a href="postconf.5.html#mydestination">mydestination</a></b>
- A list of domains that is by default delivered via
- <b>$<a href="postconf.5.html#local_transport">local_transport</a></b>. This also includes domains that
- match <b>$<a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b> or <b>$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a></b>.
-
- <b><a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a></b>
- A list of domains that is by default delivered via
- <b>$<a href="postconf.5.html#virtual_transport">virtual_transport</a></b>.
-
- <b><a href="postconf.5.html#relay_domains">relay_domains</a></b>
- A list of domains that is by default delivered via
- <b>$<a href="postconf.5.html#relay_transport">relay_transport</a></b>.
-
- any other destination
- Mail for any other destination is by default deliv-
- ered via <b>$<a href="postconf.5.html#default_transport">default_transport</a></b>.
-
- Normally, the <a href="transport.5.html"><b>transport</b>(5)</a> table is specified as a text
- file that serves as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> command. The
- result, an indexed file in <b>dbm</b> or <b>db</b> format, is used for
- fast searching by the mail system. Execute the command
- "<b>postmap /etc/postfix/transport</b>" in order to rebuild the
+ This mapping overrides the default <i>transport</i>:<i>nexthop</i>
+ selection that is built into Postfix:
+
+ <b><a href="postconf.5.html#local_transport">local_transport</a> (default: <a href="local.8.html">local</a>:$<a href="postconf.5.html#myhostname">myhostname</a>)</b>
+ This is the default for final delivery to domains
+ listed with <b><a href="postconf.5.html#mydestination">mydestination</a></b>, and for [<i>ipaddress</i>] des-
+ tinations that match <b>$<a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b> or
+ <b>$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a></b>. The default <i>nexthop</i> destination
+ is the MTA hostname.
+
+ <b><a href="postconf.5.html#virtual_transport">virtual_transport</a> (default: <a href="virtual.8.html">virtual</a>:)</b>
+ This is the default for final delivery to domains
+ listed with <b><a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a></b>. The default
+ <i>nexthop</i> destination is the recipient domain.
+
+ <b><a href="postconf.5.html#relay_transport">relay_transport</a> (default: relay:)</b>
+ This is the default for remote delivery to domains
+ listed with <b><a href="postconf.5.html#relay_domains">relay_domains</a></b>. In order of decreasing
+ precedence, the <i>nexthop</i> destination is taken from
+ <b><a href="postconf.5.html#relay_transport">relay_transport</a></b>, <b><a href="postconf.5.html#sender_relayhost_maps">sender_relayhost_maps</a></b>, <b><a href="postconf.5.html#relayhost">relayhost</a></b>,
+ or from the recipient domain.
+
+ <b><a href="postconf.5.html#default_transport">default_transport</a> (default: <a href="smtp.8.html">smtp</a>:)</b>
+ This is the default for remote delivery to other
+ destinations. In order of decreasing precedence,
+ the <i>nexthop</i> destination is taken from
+ <b><a href="postconf.5.html#default_transport">default_transport</a></b>, <b><a href="postconf.5.html#sender_relayhost_maps">sender_relayhost_maps</a></b>, <b><a href="postconf.5.html#relayhost">relay</a>-</b>
+ <b><a href="postconf.5.html#relayhost">host</a></b>, or from the recipient domain.
+
+ Normally, the <a href="transport.5.html"><b>transport</b>(5)</a> table is specified as a text
+ file that serves as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> command. The
+ result, an indexed file in <b>dbm</b> or <b>db</b> format, is used for
+ fast searching by the mail system. Execute the command
+ "<b>postmap /etc/postfix/transport</b>" in order to rebuild the
indexed file after changing the transport table.
- When the table is provided via other means such as NIS,
- LDAP or SQL, the same lookups are done as for ordinary
+ When the table is provided via other means such as NIS,
+ LDAP or SQL, the same lookups are done as for ordinary
indexed files.
- Alternatively, the table can be provided as a regular-
+ Alternatively, the table can be provided as a regular-
expression map where patterns are given as regular expres-
- sions, or lookups can be directed to TCP-based server. In
- that case, the lookups are done in a slightly different
- way as described below under "REGULAR EXPRESSION TABLES"
+ sions, or lookups can be directed to TCP-based server. In
+ that case, the lookups are done in a slightly different
+ way as described below under "REGULAR EXPRESSION TABLES"
and "TCP-BASED TABLES".
<b>TABLE FORMAT</b>
domain, use the corresponding <i>result</i>.
blank lines and comments
- Empty lines and whitespace-only lines are ignored,
- as are lines whose first non-whitespace character
+ Empty lines and whitespace-only lines are ignored,
+ as are lines whose first non-whitespace character
is a `#'.
multi-line text
- A logical line starts with non-whitespace text. A
- line that starts with whitespace continues a logi-
+ A logical line starts with non-whitespace text. A
+ line that starts with whitespace continues a logi-
cal line.
- The <i>pattern</i> specifies an email address, a domain name, or
- a domain name hierarchy, as described in section "TABLE
+ The <i>pattern</i> specifies an email address, a domain name, or
+ a domain name hierarchy, as described in section "TABLE
LOOKUP".
- The <i>result</i> is of the form <i>transport:nexthop</i> and specifies
+ The <i>result</i> is of the form <i>transport:nexthop</i> and specifies
how or where to deliver mail. This is described in section
"RESULT FORMAT".
<b>TABLE SEARCH ORDER</b>
With lookups from indexed files such as DB or DBM, or from
- networked tables such as NIS, LDAP or SQL, patterns are
+ networked tables such as NIS, LDAP or SQL, patterns are
tried in the order as listed below:
<i>user+extension@domain transport</i>:<i>nexthop</i>
- Deliver mail for <i>user+extension@domain</i> through
+ Deliver mail for <i>user+extension@domain</i> through
<i>transport</i> to <i>nexthop</i>.
<i>user@domain transport</i>:<i>nexthop</i>
- Deliver mail for <i>user@domain</i> through <i>transport</i> to
+ Deliver mail for <i>user@domain</i> through <i>transport</i> to
<i>nexthop</i>.
<i>domain transport</i>:<i>nexthop</i>
- Deliver mail for <i>domain</i> through <i>transport</i> to <i>nex-</i>
+ Deliver mail for <i>domain</i> through <i>transport</i> to <i>nex-</i>
<i>thop</i>.
<i>.domain transport</i>:<i>nexthop</i>
- Deliver mail for any subdomain of <i>domain</i> through
- <i>transport</i> to <i>nexthop</i>. This applies only when the
- string <b><a href="postconf.5.html#transport_maps">transport_maps</a></b> is not listed in the <b>par-</b>
- <b>ent_domain_matches_subdomains</b> configuration set-
- ting. Otherwise, a domain name matches itself and
+ Deliver mail for any subdomain of <i>domain</i> through
+ <i>transport</i> to <i>nexthop</i>. This applies only when the
+ string <b><a href="postconf.5.html#transport_maps">transport_maps</a></b> is not listed in the <b>par-</b>
+ <b>ent_domain_matches_subdomains</b> configuration set-
+ ting. Otherwise, a domain name matches itself and
its subdomains.
Note 1: the special pattern <b>*</b> represents any address (i.e.
it functions as the wild-card pattern).
- Note 2: the null recipient address is looked up as
+ Note 2: the null recipient address is looked up as
<b>$<a href="postconf.5.html#empty_address_recipient">empty_address_recipient</a></b>@<b>$<a href="postconf.5.html#myhostname">myhostname</a></b> (default: mailer-dae-
mon@hostname).
- Note 3: <i>user@domain</i> or <i>user+extension@domain</i> lookup is
+ Note 3: <i>user@domain</i> or <i>user+extension@domain</i> lookup is
available in Postfix 2.0 and later.
<b>RESULT FORMAT</b>
- The lookup result is of the form <i>transport</i><b>:</b><i>nexthop</i>. The
- <i>transport</i> field specifies a mail delivery transport such
- as <b>smtp</b> or <b>local</b>. The <i>nexthop</i> field specifies where and
+ The lookup result is of the form <i>transport</i><b>:</b><i>nexthop</i>. The
+ <i>transport</i> field specifies a mail delivery transport such
+ as <b>smtp</b> or <b>local</b>. The <i>nexthop</i> field specifies where and
how to deliver mail.
- The transport field specifies the name of a mail delivery
+ The transport field specifies the name of a mail delivery
transport (the first name of a mail delivery service entry
in the Postfix <b>master.cf</b> file).
- The interpretation of the nexthop field is transport
- dependent. In the case of SMTP, specify a service on a
- non-default port as <i>host</i>:<i>service</i>, and disable MX (mail
- exchanger) DNS lookups with [<i>host</i>] or [<i>host</i>]:<i>port</i>. The []
+ The interpretation of the nexthop field is transport
+ dependent. In the case of SMTP, specify a service on a
+ non-default port as <i>host</i>:<i>service</i>, and disable MX (mail
+ exchanger) DNS lookups with [<i>host</i>] or [<i>host</i>]:<i>port</i>. The []
form is required when you specify an IP address instead of
a hostname.
- A null <i>transport</i> and null <i>nexthop</i> result means "do not
- change": use the delivery transport and nexthop informa-
- tion that would be used when the entire transport table
+ A null <i>transport</i> and null <i>nexthop</i> result means "do not
+ change": use the delivery transport and nexthop informa-
+ tion that would be used when the entire transport table
did not exist.
- A non-null <i>transport</i> field with a null <i>nexthop</i> field
+ A non-null <i>transport</i> field with a null <i>nexthop</i> field
resets the nexthop information to the recipient domain.
- A null <i>transport</i> field with non-null <i>nexthop</i> field does
+ A null <i>transport</i> field with non-null <i>nexthop</i> field does
not modify the transport information.
<b>EXAMPLES</b>
- In order to deliver internal mail directly, while using a
- mail relay for all other mail, specify a null entry for
- internal destinations (do not change the delivery trans-
- port or the nexthop information) and specify a wildcard
+ In order to deliver internal mail directly, while using a
+ mail relay for all other mail, specify a null entry for
+ internal destinations (do not change the delivery trans-
+ port or the nexthop information) and specify a wildcard
for all other destinations.
<b>my.domain :</b>
<b>.my.domain :</b>
<b>* <a href="smtp.8.html">smtp</a>:outbound-relay.my.domain</b>
- In order to send mail for <b>example.com</b> and its subdomains
+ In order to send mail for <b>example.com</b> and its subdomains
via the <b>uucp</b> transport to the UUCP host named <b>example</b>:
<b>example.com uucp:example</b>
<b>.example.com uucp:example</b>
- When no nexthop host name is specified, the destination
- domain name is used instead. For example, the following
- directs mail for <i>user</i>@<b>example.com</b> via the <b>slow</b> transport
- to a mail exchanger for <b>example.com</b>. The <b>slow</b> transport
+ When no nexthop host name is specified, the destination
+ domain name is used instead. For example, the following
+ directs mail for <i>user</i>@<b>example.com</b> via the <b>slow</b> transport
+ to a mail exchanger for <b>example.com</b>. The <b>slow</b> transport
could be configured to run at most one delivery process at
a time:
<b>example.com slow:</b>
When no transport is specified, Postfix uses the transport
- that matches the address domain class (see DESCRIPTION
- above). The following sends all mail for <b>example.com</b> and
+ that matches the address domain class (see DESCRIPTION
+ above). The following sends all mail for <b>example.com</b> and
its subdomains to host <b>gateway.example.com</b>:
<b>example.com :[gateway.example.com]</b>
<b>.example.com :[gateway.example.com]</b>
- In the above example, the [] suppress MX lookups. This
- prevents mail routing loops when your machine is primary
+ In the above example, the [] suppress MX lookups. This
+ prevents mail routing loops when your machine is primary
MX host for <b>example.com</b>.
- In the case of delivery via SMTP, one may specify <i>host-</i>
+ In the case of delivery via SMTP, one may specify <i>host-</i>
<i>name</i>:<i>service</i> instead of just a host:
<b>example.com <a href="smtp.8.html">smtp</a>:bar.example:2025</b>
The error mailer can be used to bounce mail:
- <b>.example.com <a href="error.8.html">error</a>:mail for *.example.com is not</b>
+ <b>.example.com <a href="error.8.html">error</a>:mail for *.example.com is not</b>
<b>deliverable</b>
- This causes all mail for <i>user</i>@<i>anything</i><b>.example.com</b> to be
+ This causes all mail for <i>user</i>@<i>anything</i><b>.example.com</b> to be
bounced.
<b>REGULAR EXPRESSION TABLES</b>
- This section describes how the table lookups change when
+ This section describes how the table lookups change when
the table is given in the form of regular expressions. For
- a description of regular expression lookup table syntax,
+ a description of regular expression lookup table syntax,
see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
- Each pattern is a regular expression that is applied to
- the entire address being looked up. Thus,
- <i>some.domain.hierarchy</i> is not looked up via its parent
- domains, nor is <i>user+foo@domain</i> looked up as <i>user@domain</i>.
+ Each pattern is a regular expression that is applied to
+ the entire address being looked up. Thus,
+ <i>some.domain.hierarchy</i> is not looked up via its parent
+ domains, nor is <i>user+foo@domain</i> looked up as <i>user@domain</i>.
- Patterns are applied in the order as specified in the ta-
- ble, until a pattern is found that matches the search
+ Patterns are applied in the order as specified in the ta-
+ ble, until a pattern is found that matches the search
string.
- Results are the same as with indexed file lookups, with
- the additional feature that parenthesized substrings from
+ Results are the same as with indexed file lookups, with
+ the additional feature that parenthesized substrings from
the pattern can be interpolated as <b>$1</b>, <b>$2</b> and so on.
<b>TCP-BASED TABLES</b>
- This section describes how the table lookups change when
+ This section describes how the table lookups change when
lookups are directed to a TCP-based server. For a descrip-
tion of the TCP client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_ta-</b></a>
<a href="tcp_table.5.html"><b>ble</b>(5)</a>. This feature is not available up to and including
Postfix version 2.2.
- Each lookup operation uses the entire recipient address
- once. Thus, <i>some.domain.hierarchy</i> is not looked up via
- its parent domains, nor is <i>user+foo@domain</i> looked up as
+ Each lookup operation uses the entire recipient address
+ once. Thus, <i>some.domain.hierarchy</i> is not looked up via
+ its parent domains, nor is <i>user+foo@domain</i> looked up as
<i>user@domain</i>.
Results are the same as with indexed file lookups.
<b>CONFIGURATION PARAMETERS</b>
- The following <b>main.cf</b> parameters are especially relevant.
- The text below provides only a parameter summary. See
+ The following <b>main.cf</b> parameters are especially relevant.
+ The text below provides only a parameter summary. See
<a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
<b><a href="postconf.5.html#empty_address_recipient">empty_address_recipient</a></b>
- The address that is looked up instead of the null
+ The address that is looked up instead of the null
sender address.
<b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a></b>
- List of Postfix features that use <i>domain.tld</i> pat-
- terns to match <i>sub.domain.tld</i> (as opposed to
+ List of Postfix features that use <i>domain.tld</i> pat-
+ terns to match <i>sub.domain.tld</i> (as opposed to
requiring <i>.domain.tld</i> patterns).
<b><a href="postconf.5.html#transport_maps">transport_maps</a></b>
<a href="FILTER_README.html">FILTER_README</a>, external content filter
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
<a href="postconf.5.html#virtual_transport">tual_transport</a>, <a href="postconf.5.html#relay_transport">relay_transport</a>, <a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>,
<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> or <a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>.
- <b><a href="postconf.5.html#local_transport">local_transport</a> (
local:$<a href="postconf.5.html#myhostname">myhostname</a>)</b>
+ <b><a href="postconf.5.html#local_transport">local_transport</a> (
<a href="local.8.html">local</a>:$<a href="postconf.5.html#myhostname">myhostname</a>)</b>
The default mail delivery transport for domains
that match $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or
$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>.
address to (message delivery transport, next-hop
destination).
+ Available in Postfix version 2.3 and later:
+
+ <b><a href="postconf.5.html#sender_relayhost_maps">sender_relayhost_maps</a> (empty)</b>
+ A sender-specific override for the global <a href="postconf.5.html#relayhost">relayhost</a>
+ parameter setting.
+
<b>ADDRESS VERIFICATION CONTROLS</b>
- Postfix version 2.1 introduces sender and recipient
- address verification. This feature is implemented by
- sending probe email messages that are not actually deliv-
- ered. By default, address verification probes use the
- same route as regular mail. To override specific aspects
- of message routing for address verification probes, spec-
+ Postfix version 2.1 introduces sender and recipient
+ address verification. This feature is implemented by
+ sending probe email messages that are not actually deliv-
+ ered. By default, address verification probes use the
+ same route as regular mail. To override specific aspects
+ of message routing for address verification probes, spec-
ify one or more of the following:
<b><a href="postconf.5.html#address_verify_local_transport">address_verify_local_transport</a> ($<a href="postconf.5.html#local_transport">local_transport</a>)</b>
address verification probes.
<b><a href="postconf.5.html#address_verify_virtual_transport">address_verify_virtual_transport</a> ($<a href="postconf.5.html#virtual_transport">virtual_transport</a>)</b>
- Overrides the <a href="postconf.5.html#virtual_transport">virtual_transport</a> parameter setting
+ Overrides the <a href="postconf.5.html#virtual_transport">virtual_transport</a> parameter setting
for address verification probes.
<b><a href="postconf.5.html#address_verify_relay_transport">address_verify_relay_transport</a> ($<a href="postconf.5.html#relay_transport">relay_transport</a>)</b>
address verification probes.
<b><a href="postconf.5.html#address_verify_default_transport">address_verify_default_transport</a> ($<a href="postconf.5.html#default_transport">default_transport</a>)</b>
- Overrides the <a href="postconf.5.html#default_transport">default_transport</a> parameter setting
+ Overrides the <a href="postconf.5.html#default_transport">default_transport</a> parameter setting
for address verification probes.
<b><a href="postconf.5.html#address_verify_relayhost">address_verify_relayhost</a> ($<a href="postconf.5.html#relayhost">relayhost</a>)</b>
- Overrides the <a href="postconf.5.html#relayhost">relayhost</a> parameter setting for
+ Overrides the <a href="postconf.5.html#relayhost">relayhost</a> parameter setting for
address verification probes.
+ <b><a href="postconf.5.html#address_verify_sender_relayhost_maps">address_verify_sender_relayhost_maps</a> (empty)</b>
+ Overrides the <a href="postconf.5.html#sender_relayhost_maps">sender_relayhost_maps</a> parameter set-
+ ting for address verification probes.
+
<b><a href="postconf.5.html#address_verify_transport_maps">address_verify_transport_maps</a> ($<a href="postconf.5.html#transport_maps">transport_maps</a>)</b>
Overrides the <a href="postconf.5.html#transport_maps">transport_maps</a> parameter setting for
address verification probes.
.ft R
.PP
This feature is available in Postfix 2.1 and later.
+.SH address_verify_sender_relayhost_maps (default: empty)
+Overrides the sender_relayhost_maps parameter setting for address
+verification probes.
+.PP
+This feature is available in Postfix 2.3 and later.
.SH address_verify_service_name (default: verify)
The name of the \fBverify\fR(8) address verification service. This service
maintains the status of sender and/or recipient address verification
.SH sample_directory (default: /etc/postfix)
The name of the directory with example Postfix configuration files.
.SH sender_based_routing (default: no)
-This parameter should not be used.
+This parameter should not be used. It was replaced by sender_relayhost_maps
+in Postfix 2.3.
.SH sender_bcc_maps (default: empty)
Optional BCC (blind carbon-copy) address lookup tables, indexed
by sender address. The BCC address (multiple results are not
.fi
.ad
.ft R
+.SH sender_relayhost_maps (default: empty)
+A sender-specific override for the global relayhost parameter
+setting. The tables are searched by the sender address and by the
+sender @domain.
+.PP
+This feature is available in Postfix 2.3 and later.
.SH sendmail_path (default: see "postconf -d" output)
A Sendmail compatibility feature that specifies the location of
the Postfix \fBsendmail\fR(1) command. This command can be used to
.SH smtp_never_send_ehlo (default: no)
Never send EHLO at the start of an SMTP session. See also the
smtp_always_send_ehlo parameter.
+.SH smtp_per_sender_authentication (default: no)
+Enable per-sender authentication in the SMTP client; this is available
+only with SASL authentication, and disables SMTP connection caching
+to ensure that mail from different senders will use the appropriate
+credentials.
+.PP
+This feature is available in Postfix 2.3 and later.
.SH smtp_pix_workaround_delay_time (default: 10s)
How long the Postfix SMTP client pauses before sending
".<CR><LF>" in order to work around the PIX firewall
.ft R
.SH smtp_sasl_password_maps (default: empty)
Optional SMTP client lookup tables with one username:password entry
-per remote hostname or domain. If a remote host or domain has no
-username:password entry, then the Postfix SMTP client will not
+per remote hostname or domain (or per sender address, when per-sender
+authentication is enabled). If no username:password entry is found,
+then the Postfix SMTP client will not
attempt to authenticate to the remote host.
.PP
The Postfix SMTP client opens the lookup table before going to
.ad
.fi
The optional \fBtransport\fR(5) table specifies a mapping from email
-addresses to message delivery transports and/or relay hosts. The
-mapping is used by the \fBtrivial-rewrite\fR(8) daemon.
-
-This mapping overrides the default routing that is built into
-Postfix:
-.IP \fBmydestination\fR
-A list of domains that is by default delivered via
-\fB$local_transport\fR. This also includes domains
-that match \fB$inet_interfaces\fR or \fB$proxy_interfaces\fR.
-.IP \fBvirtual_mailbox_domains\fR
-A list of domains that is by default delivered via
-\fB$virtual_transport\fR.
-.IP \fBrelay_domains\fR
-A list of domains that is by default delivered via
-\fB$relay_transport\fR.
-.IP "any other destination"
-Mail for any other destination is by default delivered via
-\fB$default_transport\fR.
+addresses to message delivery transports and next-hop hosts. The
+table is searched by the \fBtrivial-rewrite\fR(8) daemon.
+
+This mapping overrides the default \fItransport\fR:\fInexthop\fR
+selection that is built into Postfix:
+.IP "\fBlocal_transport (default: local:$myhostname)\fR"
+This is the default for final delivery to domains listed
+with \fBmydestination\fR, and for [\fIipaddress\fR]
+destinations that match \fB$inet_interfaces\fR or
+\fB$proxy_interfaces\fR. The default \fInexthop\fR destination
+is the MTA hostname.
+.IP "\fBvirtual_transport (default: virtual:)\fR"
+This is the default for final delivery to domains listed
+with \fBvirtual_mailbox_domains\fR. The default \fInexthop\fR
+destination is the recipient domain.
+.IP "\fBrelay_transport (default: relay:)\fR"
+This is the default for remote delivery to domains listed
+with \fBrelay_domains\fR. In order of decreasing precedence,
+the \fInexthop\fR destination is taken from \fBrelay_transport\fR,
+\fBsender_relayhost_maps\fR, \fBrelayhost\fR, or from the
+recipient domain.
+.IP "\fBdefault_transport (default: smtp:)\fR"
+This is the default for remote delivery to other destinations.
+In order of decreasing precedence, the \fInexthop\fR
+destination is taken from \fBdefault_transport\fR,
+\fBsender_relayhost_maps\fR, \fBrelayhost\fR, or from the
+recipient domain.
.PP
Normally, the \fBtransport\fR(5) table is specified as a text file
that serves as input to the \fBpostmap\fR(1) command.
Enable SASL authentication in the Postfix SMTP client.
.IP "\fBsmtp_sasl_password_maps (empty)\fR"
Optional SMTP client lookup tables with one username:password entry
-per remote hostname or domain.
+per remote hostname or domain (or per sender, when per-sender
+authentication is enabled).
.IP "\fBsmtp_sasl_security_options (noplaintext, noanonymous)\fR"
What authentication mechanisms the Postfix SMTP client is allowed
to use.
.IP "\fBsmtp_sasl_mechanism_filter (empty)\fR"
If non-empty, a Postfix SMTP client filter for the remote SMTP
server's list of offered SASL mechanisms.
+.PP
+Available in Postfix version 2.3 and later:
+.IP "\fBsmtp_per_sender_authentication (no)\fR"
+Enable per-sender authentication in the SMTP client; this is available
+only with SASL authentication, and disables SMTP connection caching
+to ensure that mail from different senders will use the appropriate
+credentials.
.SH "STARTTLS SUPPORT CONTROLS"
.na
.nf
.IP "\fBtransport_maps (empty)\fR"
Optional lookup tables with mappings from recipient address to
(message delivery transport, next-hop destination).
+.PP
+Available in Postfix version 2.3 and later:
+.IP "\fBsender_relayhost_maps (empty)\fR"
+A sender-specific override for the global relayhost parameter
+setting.
.SH "ADDRESS VERIFICATION CONTROLS"
.na
.nf
.IP "\fBaddress_verify_relayhost ($relayhost)\fR"
Overrides the relayhost parameter setting for address verification
probes.
+.IP "\fBaddress_verify_sender_relayhost_maps (empty)\fR"
+Overrides the sender_relayhost_maps parameter setting for address
+verification probes.
.IP "\fBaddress_verify_transport_maps ($transport_maps)\fR"
Overrides the transport_maps parameter setting for address verification
probes.
s;\baddress_verify_positive_expire_time\b;<a href="postconf.5.html#address_verify_positive_expire_time">$&</a>;g;
s;\baddress_verify_positive_refresh_time\b;<a href="postconf.5.html#address_verify_positive_refresh_time">$&</a>;g;
s;\baddress_verify_relay_transport\b;<a href="postconf.5.html#address_verify_relay_transport">$&</a>;g;
- s;\baddress_verify_relayhost\b;<a href="postconf.5.html#address_verify_relayhost">$&</a>;g;
+ s;\baddress_verify_relay[-</bB>]*\n*[ <bB>]*host\b;<a href="postconf.5.html#address_verify_relayhost">$&</a>;g;
+ s;\baddress_verify_sender_relay[-</bB>]*\n*[ <bB>]*host_maps\b;<a href="postconf.5.html#address_verify_sender_relayhost_maps">$&</a>;g;
s;\baddress_verify_sender\b;<a href="postconf.5.html#address_verify_sender">$&</a>;g;
s;\baddress_verify_service_name\b;<a href="postconf.5.html#address_verify_service_name">$&</a>;g;
s;\baddress_verify_transport_maps\b;<a href="postconf.5.html#address_verify_transport_maps">$&</a>;g;
s;\bignore_mx_lookup_error\b;<a href="postconf.5.html#ignore_mx_lookup_error">$&</a>;g;
s;\bimport_environment\b;<a href="postconf.5.html#import_environment">$&</a>;g;
s;\bin_flow_delay\b;<a href="postconf.5.html#in_flow_delay">$&</a>;g;
- s;\binet_interfaces\b;<a href="postconf.5.html#inet_interfaces">$&</a>;g;
+ s;\binet_inter
[-</bB>]*\n*[ <bB>]*faces\b;<a href="postconf.5.html#inet_interfaces">$&</a>;g;
s;\binet_protocols\b;<a href="postconf.5.html#inet_protocols">$&</a>;g;
s;\binitial_destination_concurrency\b;<a href="postconf.5.html#initial_destination_concurrency">$&</a>;g;
s;\binvalid_hostname_reject_code\b;<a href="postconf.5.html#invalid_hostname_reject_code">$&</a>;g;
s;\bprocess_id_directory\b;<a href="postconf.5.html#process_id_directory">$&</a>;g;
s;\bprocess_name\b;<a href="postconf.5.html#process_name">$&</a>;g;
s;\bpropagate_unmatched_extensions\b;<a href="postconf.5.html#propagate_unmatched_extensions">$&</a>;g;
- s;\bproxy_interfaces\b;<a href="postconf.5.html#proxy_interfaces">$&</a>;g;
+ s;\bproxy_inter
[-</bB>]*\n* *[<bB>]*faces\b;<a href="postconf.5.html#proxy_interfaces">$&</a>;g;
s;\bproxy_read_maps\b;<a href="postconf.5.html#proxy_read_maps">$&</a>;g;
s;\bqmgr_clog_warn_time\b;<a href="postconf.5.html#qmgr_clog_warn_time">$&</a>;g;
s;\bqmgr_fudge_factor\b;<a href="postconf.5.html#qmgr_fudge_factor">$&</a>;g;
s;\brelay_domains_reject_code\b;<a href="postconf.5.html#relay_domains_reject_code">$&</a>;g;
s;\brelay_recipi[-</bB>]*\n*[ <bB>]*ent_maps\b;<a href="postconf.5.html#relay_recipient_maps">$&</a>;g;
s;\brelay_transport\b;<a href="postconf.5.html#relay_transport">$&</a>;g;
- s;\brelayhost\b;<a href="postconf.5.html#relayhost">$&</a>;g;
+ s;\brelay
[-</bB>]*\n*[ <bB>]*host\b;<a href="postconf.5.html#relayhost">$&</a>;g;
s;\brelocated_maps\b;<a href="postconf.5.html#relocated_maps">$&</a>;g;
s;\brequire_home_directory\b;<a href="postconf.5.html#require_home_directory">$&</a>;g;
s;\bresolve_dequoted_address\b;<a href="postconf.5.html#resolve_dequoted_address">$&</a>;g;
s;\bsender_bcc_maps\b;<a href="postconf.5.html#sender_bcc_maps">$&</a>;g;
s;\bsender_canonical_classes\b;<a href="postconf.5.html#sender_canonical_classes">$&</a>;g;
s;\bsender_canonical_maps\b;<a href="postconf.5.html#sender_canonical_maps">$&</a>;g;
+ s;\bsender_relay[-</bB>]*\n*[ <bB>]*host_maps\b;<a href="postconf.5.html#sender_relayhost_maps">$&</a>;g;
s;\bsendmail_path\b;<a href="postconf.5.html#sendmail_path">$&</a>;g;
s;\bservice_throttle_time\b;<a href="postconf.5.html#service_throttle_time">$&</a>;g;
s;\bsetgid_group\b;<a href="postconf.5.html#setgid_group">$&</a>;g;
s;\bsmtp_mx_address_limit\b;<a href="postconf.5.html#smtp_mx_address_limit">$&</a>;g;
s;\bsmtp_mx_session_limit\b;<a href="postconf.5.html#smtp_mx_session_limit">$&</a>;g;
s;\bsmtp_never_send_ehlo\b;<a href="postconf.5.html#smtp_never_send_ehlo">$&</a>;g;
+ s;\bsmtp_per_sender_authentication\b;<a href="postconf.5.html#smtp_per_sender_authentication">$&</a>;g;
s;\bsmtp_pix_workaround_delay_time\b;<a href="postconf.5.html#smtp_pix_workaround_delay_time">$&</a>;g;
s;\bsmtp_pix_workaround_threshold_time\b;<a href="postconf.5.html#smtp_pix_workaround_threshold_time">$&</a>;g;
s;\bsmtp_quit_timeout\b;<a href="postconf.5.html#smtp_quit_timeout">$&</a>;g;
s/[<bB>]*tlsmgr[<\/bB>]*\(8\)/<a href="tlsmgr.8.html">$&<\/a>/g;
s/[<bB>]*trace[<\/bB>]*\(8\)/<a href="trace.8.html">$&<\/a>/g;
s/[<bB>]*trivial- *<br> *rewrite[<\/bB>]*\(8\)/<a href="trivial-rewrite.8.html">$&<\/a>/g;
- s/[<bB>]*triv[-<\/bB>]*\n* *[<bB>]*ial-[<\/bB>]*\n* *[<bB>]*rewrite[<\/bB>]*\(8\)/<a href="trivial-rewrite.8.html">$&<\/a>/g;
+ s/[<bB>]*triv[-<\/bB>]*\n* *[<bB>]*ial-[<\/bB>]*\n* *[<bB>]*re
[-<\/bB>]*\n*[ <bB>]*write[<\/bB>]*\(8\)/<a href="trivial-rewrite.8.html">$&<\/a>/g;
s/[<bB>]*mailq[<\/bB>]*\(1\)/<a href="mailq.1.html">$&<\/a>/g;
s/[<bB>]*newaliases[<\/bB>]*\(1\)/<a href="newaliases.1.html">$&<\/a>/g;
s/[<bB>]*postalias[<\/bB>]*\(1\)/<a href="postalias.1.html">$&<\/a>/g;
s/\b(error):/<a href="error.8.html">$1<\/a>:/g;
s/\b(smtp):/<a href="smtp.8.html">$1<\/a>:/g;
s/\b(lmtp):/<a href="lmtp.8.html">$1<\/a>:/g;
+ s/\b(local):/<a href="local.8.html">$1<\/a>:/g;
+ s/\b(virtual):/<a href="virtual.8.html">$1<\/a>:/g;
}
continue {
if ($printit)
<p>
Optional SMTP client lookup tables with one username:password entry
-per remote hostname or domain. If a remote host or domain has no
-username:password entry, then the Postfix SMTP client will not
+per remote hostname or domain (or per sender address, when per-sender
+authentication is enabled). If no username:password entry is found,
+then the Postfix SMTP client will not
attempt to authenticate to the remote host.
</p>
%PARAM sender_based_routing no
<p>
-This parameter should not be used.
+This parameter should not be used. It was replaced by sender_relayhost_maps
+in Postfix 2.3.
</p>
%PARAM sendmail_path see "postconf -d" output
<p> This feature is available in Postfix 2.3 and later. </p>
+%PARAM sender_relayhost_maps empty
+
+<p> A sender-specific override for the global relayhost parameter
+setting. The tables are searched by the sender address and by the
+sender @domain. </p>
+
+<p>
+This feature is available in Postfix 2.3 and later.
+</p>
+
+%PARAM address_verify_sender_relayhost_maps empty
+
+<p>
+Overrides the sender_relayhost_maps parameter setting for address
+verification probes.
+</p>
+
+<p>
+This feature is available in Postfix 2.3 and later.
+</p>
+
+%PARAM smtp_per_sender_authentication no
+
+<p>
+Enable per-sender authentication in the SMTP client; this is available
+only with SASL authentication, and disables SMTP connection caching
+to ensure that mail from different senders will use the appropriate
+credentials.
+</p>
+
+<p>
+This feature is available in Postfix 2.3 and later.
+</p>
+
# \fBpostmap -q - /etc/postfix/transport <\fIinputfile\fR
# DESCRIPTION
# The optional \fBtransport\fR(5) table specifies a mapping from email
-# addresses to message delivery transports and/or relay hosts. The
-# mapping is used by the \fBtrivial-rewrite\fR(8) daemon.
-#
-# This mapping overrides the default routing that is built into
-# Postfix:
-# .IP \fBmydestination\fR
-# A list of domains that is by default delivered via
-# \fB$local_transport\fR. This also includes domains
-# that match \fB$inet_interfaces\fR or \fB$proxy_interfaces\fR.
-# .IP \fBvirtual_mailbox_domains\fR
-# A list of domains that is by default delivered via
-# \fB$virtual_transport\fR.
-# .IP \fBrelay_domains\fR
-# A list of domains that is by default delivered via
-# \fB$relay_transport\fR.
-# .IP "any other destination"
-# Mail for any other destination is by default delivered via
-# \fB$default_transport\fR.
+# addresses to message delivery transports and next-hop hosts. The
+# table is searched by the \fBtrivial-rewrite\fR(8) daemon.
+#
+# This mapping overrides the default \fItransport\fR:\fInexthop\fR
+# selection that is built into Postfix:
+# .IP "\fBlocal_transport (default: local:$myhostname)\fR"
+# This is the default for final delivery to domains listed
+# with \fBmydestination\fR, and for [\fIipaddress\fR]
+# destinations that match \fB$inet_interfaces\fR or
+# \fB$proxy_interfaces\fR. The default \fInexthop\fR destination
+# is the MTA hostname.
+# .IP "\fBvirtual_transport (default: virtual:)\fR"
+# This is the default for final delivery to domains listed
+# with \fBvirtual_mailbox_domains\fR. The default \fInexthop\fR
+# destination is the recipient domain.
+# .IP "\fBrelay_transport (default: relay:)\fR"
+# This is the default for remote delivery to domains listed
+# with \fBrelay_domains\fR. In order of decreasing precedence,
+# the \fInexthop\fR destination is taken from \fBrelay_transport\fR,
+# \fBsender_relayhost_maps\fR, \fBrelayhost\fR, or from the
+# recipient domain.
+# .IP "\fBdefault_transport (default: smtp:)\fR"
+# This is the default for remote delivery to other destinations.
+# In order of decreasing precedence, the \fInexthop\fR
+# destination is taken from \fBdefault_transport\fR,
+# \fBsender_relayhost_maps\fR, \fBrelayhost\fR, or from the
+# recipient domain.
# .PP
# Normally, the \fBtransport\fR(5) table is specified as a text file
# that serves as input to the \fBpostmap\fR(1) command.
# CONFIGURATION PARAMETERS
# .ad
# .fi
-# The following \fBmain.cf\fR parameters are especially relevant.
-# The text below provides only a parameter summary. See
-# \fBpostconf\fR(5) for more details including examples.
+# The following \fBmain.cf\fR parameters are especially relevant.
+# The text below provides only a parameter summary. See
+# \fBpostconf\fR(5) for more details including examples.
# .IP \fBempty_address_recipient\fR
# The address that is looked up instead of the null sender address.
# .IP \fBparent_domain_matches_subdomains\fR
#define DEF_RELAYHOST ""
extern char *var_relayhost;
+#define VAR_SND_RELAY_MAPS "sender_relayhost_maps"
+#define DEF_SND_RELAY_MAPS ""
+extern char *var_snd_relay_maps;
+
#define VAR_FALLBACK_RELAY "fallback_relay"
#define DEF_FALLBACK_RELAY ""
extern char *var_fallback_relay;
#define DEF_VRFY_RELAYHOST "$" VAR_RELAYHOST
extern char *var_vrfy_relayhost;
+#define VAR_VRFY_RELAY_MAPS "address_verify_sender_relayhost_maps"
+#define DEF_VRFY_RELAY_MAPS "$" VAR_SND_RELAY_MAPS
+extern char *var_vrfy_relay_maps;
+
#define VAR_VRFY_XPORT_MAPS "address_verify_transport_maps"
#define DEF_VRFY_XPORT_MAPS "$" VAR_TRANSPORT_MAPS
extern char *var_vrfy_xport_maps;
#define DEF_BOUNCE_TMPL ""
extern char *var_bounce_tmpl;
+ /*
+ * Per-sender authentication.
+ */
+#define VAR_SMTP_SENDER_AUTH "smtp_per_sender_authentication"
+#define DEF_SMTP_SENDER_AUTH 0
+extern bool var_smtp_sender_auth;
+
/* LICENSE
/* .ad
/* .fi
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20051121"
+#define MAIL_RELEASE_DATE "20051124"
#define MAIL_VERSION_NUMBER "2.3"
#ifdef SNAPSHOT
/* The address resolved to something that has invalid syntax.
/* .IP RESOLVE_FLAG_FAIL
/* The request could not be completed.
+/* .IP RESOLVE_FLAG_SMARTHOST
+/* The client may override the next-hop host with per-sender
+/* relay host information.
/* .PP
/* In addition, the address domain class is returned by setting
/* one of the following flags (this is preliminary code awaiting
#define RESOLVE_FLAG_ROUTED (1<<1) /* routed destination */
#define RESOLVE_FLAG_ERROR (1<<2) /* bad destination syntax */
#define RESOLVE_FLAG_FAIL (1<<3) /* request failed */
+#define RESOLVE_FLAG_SMARTHOST (1<<4) /* smarthost route */
#define RESOLVE_CLASS_LOCAL (1<<8) /* mydestination/inet_interfaces */
#define RESOLVE_CLASS_ALIAS (1<<9) /* virtual_alias_domains */
qmgr.o: ../../include/mail_proto.h
qmgr.o: ../../include/mail_queue.h
qmgr.o: ../../include/mail_server.h
+qmgr.o: ../../include/maps.h
qmgr.o: ../../include/master_proto.h
qmgr.o: ../../include/msg.h
qmgr.o: ../../include/recipient_list.h
qmgr.o: qmgr.c
qmgr.o: qmgr.h
qmgr_active.o: ../../include/abounce.h
+qmgr_active.o: ../../include/argv.h
qmgr_active.o: ../../include/attr.h
qmgr_active.o: ../../include/bounce.h
qmgr_active.o: ../../include/defer.h
qmgr_active.o: ../../include/deliver_request.h
+qmgr_active.o: ../../include/dict.h
qmgr_active.o: ../../include/dsn.h
qmgr_active.o: ../../include/dsn_buf.h
qmgr_active.o: ../../include/dsn_mask.h
qmgr_active.o: ../../include/mail_open_ok.h
qmgr_active.o: ../../include/mail_params.h
qmgr_active.o: ../../include/mail_queue.h
+qmgr_active.o: ../../include/maps.h
qmgr_active.o: ../../include/msg.h
qmgr_active.o: ../../include/msg_stats.h
qmgr_active.o: ../../include/mymalloc.h
qmgr_active.o: ../../include/vstring.h
qmgr_active.o: qmgr.h
qmgr_active.o: qmgr_active.c
+qmgr_bounce.o: ../../include/argv.h
qmgr_bounce.o: ../../include/attr.h
qmgr_bounce.o: ../../include/bounce.h
qmgr_bounce.o: ../../include/deliver_completed.h
qmgr_bounce.o: ../../include/deliver_request.h
+qmgr_bounce.o: ../../include/dict.h
qmgr_bounce.o: ../../include/dsn.h
qmgr_bounce.o: ../../include/dsn_buf.h
+qmgr_bounce.o: ../../include/maps.h
qmgr_bounce.o: ../../include/msg_stats.h
qmgr_bounce.o: ../../include/recipient_list.h
qmgr_bounce.o: ../../include/scan_dir.h
qmgr_bounce.o: ../../include/vstring.h
qmgr_bounce.o: qmgr.h
qmgr_bounce.o: qmgr_bounce.c
+qmgr_defer.o: ../../include/argv.h
qmgr_defer.o: ../../include/attr.h
qmgr_defer.o: ../../include/bounce.h
qmgr_defer.o: ../../include/defer.h
qmgr_defer.o: ../../include/deliver_request.h
+qmgr_defer.o: ../../include/dict.h
qmgr_defer.o: ../../include/dsn.h
qmgr_defer.o: ../../include/dsn_buf.h
+qmgr_defer.o: ../../include/maps.h
qmgr_defer.o: ../../include/msg.h
qmgr_defer.o: ../../include/msg_stats.h
qmgr_defer.o: ../../include/recipient_list.h
qmgr_defer.o: ../../include/vstring.h
qmgr_defer.o: qmgr.h
qmgr_defer.o: qmgr_defer.c
+qmgr_deliver.o: ../../include/argv.h
qmgr_deliver.o: ../../include/attr.h
qmgr_deliver.o: ../../include/deliver_request.h
+qmgr_deliver.o: ../../include/dict.h
qmgr_deliver.o: ../../include/dsb_scan.h
qmgr_deliver.o: ../../include/dsn.h
qmgr_deliver.o: ../../include/dsn_buf.h
qmgr_deliver.o: ../../include/mail_params.h
qmgr_deliver.o: ../../include/mail_proto.h
qmgr_deliver.o: ../../include/mail_queue.h
+qmgr_deliver.o: ../../include/maps.h
qmgr_deliver.o: ../../include/msg.h
qmgr_deliver.o: ../../include/msg_stats.h
qmgr_deliver.o: ../../include/recipient_list.h
qmgr_deliver.o: ../../include/vstring_vstream.h
qmgr_deliver.o: qmgr.h
qmgr_deliver.o: qmgr_deliver.c
+qmgr_enable.o: ../../include/argv.h
+qmgr_enable.o: ../../include/dict.h
qmgr_enable.o: ../../include/dsn.h
qmgr_enable.o: ../../include/dsn_buf.h
+qmgr_enable.o: ../../include/maps.h
qmgr_enable.o: ../../include/msg.h
qmgr_enable.o: ../../include/recipient_list.h
qmgr_enable.o: ../../include/scan_dir.h
qmgr_enable.o: ../../include/vstring.h
qmgr_enable.o: qmgr.h
qmgr_enable.o: qmgr_enable.c
+qmgr_entry.o: ../../include/argv.h
qmgr_entry.o: ../../include/attr.h
qmgr_entry.o: ../../include/deliver_request.h
+qmgr_entry.o: ../../include/dict.h
qmgr_entry.o: ../../include/dsn.h
qmgr_entry.o: ../../include/dsn_buf.h
qmgr_entry.o: ../../include/events.h
qmgr_entry.o: ../../include/mail_params.h
+qmgr_entry.o: ../../include/maps.h
qmgr_entry.o: ../../include/msg.h
qmgr_entry.o: ../../include/msg_stats.h
qmgr_entry.o: ../../include/mymalloc.h
qmgr_message.o: ../../include/dsn_buf.h
qmgr_message.o: ../../include/dsn_mask.h
qmgr_message.o: ../../include/iostuff.h
+qmgr_message.o: ../../include/mail_addr_find.h
qmgr_message.o: ../../include/mail_params.h
qmgr_message.o: ../../include/mail_proto.h
qmgr_message.o: ../../include/mail_queue.h
+qmgr_message.o: ../../include/maps.h
qmgr_message.o: ../../include/msg.h
qmgr_message.o: ../../include/msg_stats.h
qmgr_message.o: ../../include/myflock.h
qmgr_message.o: ../../include/vstring.h
qmgr_message.o: qmgr.h
qmgr_message.o: qmgr_message.c
+qmgr_move.o: ../../include/argv.h
+qmgr_move.o: ../../include/dict.h
qmgr_move.o: ../../include/dsn.h
qmgr_move.o: ../../include/dsn_buf.h
qmgr_move.o: ../../include/mail_queue.h
qmgr_move.o: ../../include/mail_scan_dir.h
+qmgr_move.o: ../../include/maps.h
qmgr_move.o: ../../include/msg.h
qmgr_move.o: ../../include/recipient_list.h
qmgr_move.o: ../../include/scan_dir.h
qmgr_move.o: ../../include/vstring.h
qmgr_move.o: qmgr.h
qmgr_move.o: qmgr_move.c
+qmgr_queue.o: ../../include/argv.h
+qmgr_queue.o: ../../include/dict.h
qmgr_queue.o: ../../include/dsn.h
qmgr_queue.o: ../../include/dsn_buf.h
qmgr_queue.o: ../../include/events.h
qmgr_queue.o: ../../include/htable.h
qmgr_queue.o: ../../include/mail_params.h
+qmgr_queue.o: ../../include/maps.h
qmgr_queue.o: ../../include/msg.h
qmgr_queue.o: ../../include/mymalloc.h
qmgr_queue.o: ../../include/recipient_list.h
qmgr_queue.o: ../../include/vstring.h
qmgr_queue.o: qmgr.h
qmgr_queue.o: qmgr_queue.c
+qmgr_scan.o: ../../include/argv.h
+qmgr_scan.o: ../../include/dict.h
qmgr_scan.o: ../../include/dsn.h
qmgr_scan.o: ../../include/dsn_buf.h
qmgr_scan.o: ../../include/mail_scan_dir.h
+qmgr_scan.o: ../../include/maps.h
qmgr_scan.o: ../../include/msg.h
qmgr_scan.o: ../../include/mymalloc.h
qmgr_scan.o: ../../include/recipient_list.h
qmgr_scan.o: ../../include/vstring.h
qmgr_scan.o: qmgr.h
qmgr_scan.o: qmgr_scan.c
+qmgr_transport.o: ../../include/argv.h
qmgr_transport.o: ../../include/attr.h
+qmgr_transport.o: ../../include/dict.h
qmgr_transport.o: ../../include/dsn.h
qmgr_transport.o: ../../include/dsn_buf.h
qmgr_transport.o: ../../include/events.h
qmgr_transport.o: ../../include/mail_conf.h
qmgr_transport.o: ../../include/mail_params.h
qmgr_transport.o: ../../include/mail_proto.h
+qmgr_transport.o: ../../include/maps.h
qmgr_transport.o: ../../include/msg.h
qmgr_transport.o: ../../include/mymalloc.h
qmgr_transport.o: ../../include/recipient_list.h
int var_local_con_lim; /* XXX */
int var_proc_limit;
bool var_verp_bounce_off;
-bool var_sender_routing;
int var_qmgr_clog_warn_time;
+char *var_snd_relay_maps;
+char *var_vrfy_relay_maps;
static QMGR_SCAN *qmgr_incoming;
static QMGR_SCAN *qmgr_deferred;
+MAPS *qmgr_snd_relay_maps;
+MAPS *qmgr_vrfy_relay_maps;
+
/* qmgr_deferred_run_event - queue manager heartbeat */
static void qmgr_deferred_run_event(int unused_event, char *dummy)
static void qmgr_pre_init(char *unused_name, char **unused_argv)
{
flush_init();
+ if (*var_snd_relay_maps)
+ qmgr_snd_relay_maps =
+ maps_create(VAR_SND_RELAY_MAPS, var_snd_relay_maps, 0);
+ if (*var_vrfy_relay_maps)
+ qmgr_vrfy_relay_maps =
+ maps_create(VAR_VRFY_RELAY_MAPS, var_vrfy_relay_maps, 0);
}
/* qmgr_post_init - post-jail initialization */
{
static CONFIG_STR_TABLE str_table[] = {
VAR_DEFER_XPORTS, DEF_DEFER_XPORTS, &var_defer_xports, 0, 0,
+ VAR_SND_RELAY_MAPS, DEF_SND_RELAY_MAPS, &var_snd_relay_maps, 0, 0,
+ VAR_VRFY_RELAY_MAPS, DEF_VRFY_RELAY_MAPS, &var_vrfy_relay_maps, 0, 0,
0,
};
static CONFIG_TIME_TABLE time_table[] = {
static CONFIG_BOOL_TABLE bool_table[] = {
VAR_ALLOW_MIN_USER, DEF_ALLOW_MIN_USER, &var_allow_min_user,
VAR_VERP_BOUNCE_OFF, DEF_VERP_BOUNCE_OFF, &var_verp_bounce_off,
- VAR_SENDER_ROUTING, DEF_SENDER_ROUTING, &var_sender_routing,
0,
};
*/
#include <recipient_list.h>
#include <dsn.h>
+#include <maps.h> /* Grr.. sender relay maps */
/*
* The queue manager is built around lots of mutually-referring structures.
extern void qmgr_scan_request(QMGR_SCAN *, int);
extern char *qmgr_scan_next(QMGR_SCAN *);
+ /*
+ * qmgr.c
+ */
+extern MAPS *qmgr_snd_relay_maps;
+extern MAPS *qmgr_vrfy_relay_maps;
+
/* LICENSE
/* .ad
/* .fi
#include <split_addr.h>
#include <dsn_mask.h>
#include <dsn_attr_map.h>
+#include <mail_addr_find.h>
/* Client stubs. */
/* qmgr_resolve_one - resolve or skip one recipient */
static int qmgr_resolve_one(QMGR_MESSAGE *message, RECIPIENT *recipient,
- const char *addr, RESOLVE_REPLY *reply)
+ const char *addr, RESOLVE_REPLY *reply,
+ int do_snd_relay_maps)
{
+ MAPS *snd_relay_maps;
+ const char *smarthost;
DSN dsn;
- if ((message->tflags & DEL_REQ_FLAG_MTA_VRFY) == 0)
+#define NO_SENDER_RELAY_MAPS 0
+#define DO_SENDER_RELAY_MAPS 1
+
+ if ((message->tflags & DEL_REQ_FLAG_MTA_VRFY) == 0) {
+ snd_relay_maps = qmgr_snd_relay_maps;
resolve_clnt_query(addr, reply);
- else
+ } else {
+ snd_relay_maps = qmgr_vrfy_relay_maps;
resolve_clnt_verify(addr, reply);
+ }
if (reply->flags & RESOLVE_FLAG_FAIL) {
qmgr_defer_recipient(message, recipient,
DSN_SMTP(&dsn, "4.3.0",
"bad address syntax"));
return (-1);
} else {
+
+ /*
+ * The next-hop destination may be replaced by the per-sender relay
+ * host.
+ *
+ * XXX This violates the principle that qmgr does no map lookups. Map
+ * changes require process restart which is bad for queue manager
+ * performance.
+ */
+ if ((reply->flags & RESOLVE_FLAG_SMARTHOST) && do_snd_relay_maps
+ && message->sender[0] && snd_relay_maps) {
+ if ((smarthost = mail_addr_find(snd_relay_maps, message->sender,
+ (char **) 0)) != 0) {
+ if (msg_verbose)
+ msg_info("using smart host %s for sender %s",
+ smarthost, message->sender);
+ vstring_strcpy(reply->nexthop, smarthost);
+ } else if (dict_errno != 0) {
+ qmgr_defer_recipient(message, recipient,
+ DSN_SMTP(&dsn, "4.3.0",
+ "451 address resolver failure",
+ "address resolver failure"));
+ return (-1);
+ }
+ }
return (0);
}
}
reply.recipient);
RECIPIENT_UPDATE(recipient->address, STR(reply.recipient));
if (qmgr_resolve_one(message, recipient,
- recipient->address, &reply) < 0)
+ recipient->address, &reply,
+ NO_SENDER_RELAY_MAPS) < 0)
continue;
if (!STREQ(recipient->address, STR(reply.recipient)))
RECIPIENT_UPDATE(recipient->address, STR(reply.recipient));
* Content filtering overrides the address resolver.
*/
else if (message->filter_xport) {
+ reply.flags = 0;
vstring_strcpy(reply.transport, message->filter_xport);
if ((nexthop = split_at(STR(reply.transport), ':')) == 0
|| *nexthop == 0)
* Resolve the destination to (transport, nexthop, address). The
* result address may differ from the one specified by the sender.
*/
- else if (var_sender_routing == 0) {
+ else {
if (qmgr_resolve_one(message, recipient,
- recipient->address, &reply) < 0)
+ recipient->address, &reply,
+ DO_SENDER_RELAY_MAPS) < 0)
continue;
if (!STREQ(recipient->address, STR(reply.recipient)))
RECIPIENT_UPDATE(recipient->address, STR(reply.recipient));
}
- /*
- * XXX Sender-based routing does not work very well, because it has
- * problems with sending bounces.
- */
- else {
- if (qmgr_resolve_one(message, recipient,
- message->sender, &reply) < 0)
- continue;
- vstring_strcpy(reply.recipient, recipient->address);
- }
-
/*
* Bounce null recipients. This should never happen, but is most
* likely the result of a fault in a different program, so aborting
qmgr.o: ../../include/mail_proto.h
qmgr.o: ../../include/mail_queue.h
qmgr.o: ../../include/mail_server.h
+qmgr.o: ../../include/maps.h
qmgr.o: ../../include/master_proto.h
qmgr.o: ../../include/msg.h
qmgr.o: ../../include/recipient_list.h
qmgr.o: qmgr.c
qmgr.o: qmgr.h
qmgr_active.o: ../../include/abounce.h
+qmgr_active.o: ../../include/argv.h
qmgr_active.o: ../../include/attr.h
qmgr_active.o: ../../include/bounce.h
qmgr_active.o: ../../include/defer.h
qmgr_active.o: ../../include/deliver_request.h
+qmgr_active.o: ../../include/dict.h
qmgr_active.o: ../../include/dsn.h
qmgr_active.o: ../../include/dsn_buf.h
qmgr_active.o: ../../include/dsn_mask.h
qmgr_active.o: ../../include/mail_open_ok.h
qmgr_active.o: ../../include/mail_params.h
qmgr_active.o: ../../include/mail_queue.h
+qmgr_active.o: ../../include/maps.h
qmgr_active.o: ../../include/msg.h
qmgr_active.o: ../../include/msg_stats.h
qmgr_active.o: ../../include/mymalloc.h
qmgr_active.o: ../../include/vstring.h
qmgr_active.o: qmgr.h
qmgr_active.o: qmgr_active.c
+qmgr_bounce.o: ../../include/argv.h
qmgr_bounce.o: ../../include/attr.h
qmgr_bounce.o: ../../include/bounce.h
qmgr_bounce.o: ../../include/deliver_completed.h
qmgr_bounce.o: ../../include/deliver_request.h
+qmgr_bounce.o: ../../include/dict.h
qmgr_bounce.o: ../../include/dsn.h
qmgr_bounce.o: ../../include/dsn_buf.h
+qmgr_bounce.o: ../../include/maps.h
qmgr_bounce.o: ../../include/msg_stats.h
qmgr_bounce.o: ../../include/recipient_list.h
qmgr_bounce.o: ../../include/scan_dir.h
qmgr_bounce.o: ../../include/vstring.h
qmgr_bounce.o: qmgr.h
qmgr_bounce.o: qmgr_bounce.c
+qmgr_defer.o: ../../include/argv.h
qmgr_defer.o: ../../include/attr.h
qmgr_defer.o: ../../include/bounce.h
qmgr_defer.o: ../../include/defer.h
qmgr_defer.o: ../../include/deliver_request.h
+qmgr_defer.o: ../../include/dict.h
qmgr_defer.o: ../../include/dsn.h
qmgr_defer.o: ../../include/dsn_buf.h
+qmgr_defer.o: ../../include/maps.h
qmgr_defer.o: ../../include/msg.h
qmgr_defer.o: ../../include/msg_stats.h
qmgr_defer.o: ../../include/recipient_list.h
qmgr_defer.o: ../../include/vstring.h
qmgr_defer.o: qmgr.h
qmgr_defer.o: qmgr_defer.c
+qmgr_deliver.o: ../../include/argv.h
qmgr_deliver.o: ../../include/attr.h
qmgr_deliver.o: ../../include/deliver_request.h
+qmgr_deliver.o: ../../include/dict.h
qmgr_deliver.o: ../../include/dsb_scan.h
qmgr_deliver.o: ../../include/dsn.h
qmgr_deliver.o: ../../include/dsn_buf.h
qmgr_deliver.o: ../../include/mail_params.h
qmgr_deliver.o: ../../include/mail_proto.h
qmgr_deliver.o: ../../include/mail_queue.h
+qmgr_deliver.o: ../../include/maps.h
qmgr_deliver.o: ../../include/msg.h
qmgr_deliver.o: ../../include/msg_stats.h
qmgr_deliver.o: ../../include/recipient_list.h
qmgr_deliver.o: ../../include/vstring_vstream.h
qmgr_deliver.o: qmgr.h
qmgr_deliver.o: qmgr_deliver.c
+qmgr_enable.o: ../../include/argv.h
+qmgr_enable.o: ../../include/dict.h
qmgr_enable.o: ../../include/dsn.h
qmgr_enable.o: ../../include/dsn_buf.h
+qmgr_enable.o: ../../include/maps.h
qmgr_enable.o: ../../include/msg.h
qmgr_enable.o: ../../include/recipient_list.h
qmgr_enable.o: ../../include/scan_dir.h
qmgr_enable.o: ../../include/vstring.h
qmgr_enable.o: qmgr.h
qmgr_enable.o: qmgr_enable.c
+qmgr_entry.o: ../../include/argv.h
qmgr_entry.o: ../../include/attr.h
qmgr_entry.o: ../../include/deliver_request.h
+qmgr_entry.o: ../../include/dict.h
qmgr_entry.o: ../../include/dsn.h
qmgr_entry.o: ../../include/dsn_buf.h
qmgr_entry.o: ../../include/events.h
qmgr_entry.o: ../../include/mail_params.h
+qmgr_entry.o: ../../include/maps.h
qmgr_entry.o: ../../include/msg.h
qmgr_entry.o: ../../include/msg_stats.h
qmgr_entry.o: ../../include/mymalloc.h
qmgr_entry.o: ../../include/vstring.h
qmgr_entry.o: qmgr.h
qmgr_entry.o: qmgr_entry.c
+qmgr_job.o: ../../include/argv.h
+qmgr_job.o: ../../include/dict.h
qmgr_job.o: ../../include/dsn.h
qmgr_job.o: ../../include/dsn_buf.h
qmgr_job.o: ../../include/htable.h
+qmgr_job.o: ../../include/maps.h
qmgr_job.o: ../../include/msg.h
qmgr_job.o: ../../include/mymalloc.h
qmgr_job.o: ../../include/recipient_list.h
qmgr_message.o: ../../include/dsn_buf.h
qmgr_message.o: ../../include/dsn_mask.h
qmgr_message.o: ../../include/iostuff.h
+qmgr_message.o: ../../include/mail_addr_find.h
qmgr_message.o: ../../include/mail_params.h
qmgr_message.o: ../../include/mail_proto.h
qmgr_message.o: ../../include/mail_queue.h
+qmgr_message.o: ../../include/maps.h
qmgr_message.o: ../../include/msg.h
qmgr_message.o: ../../include/msg_stats.h
qmgr_message.o: ../../include/myflock.h
qmgr_message.o: ../../include/vstring.h
qmgr_message.o: qmgr.h
qmgr_message.o: qmgr_message.c
+qmgr_move.o: ../../include/argv.h
+qmgr_move.o: ../../include/dict.h
qmgr_move.o: ../../include/dsn.h
qmgr_move.o: ../../include/dsn_buf.h
qmgr_move.o: ../../include/mail_queue.h
qmgr_move.o: ../../include/mail_scan_dir.h
+qmgr_move.o: ../../include/maps.h
qmgr_move.o: ../../include/msg.h
qmgr_move.o: ../../include/recipient_list.h
qmgr_move.o: ../../include/scan_dir.h
qmgr_move.o: ../../include/vstring.h
qmgr_move.o: qmgr.h
qmgr_move.o: qmgr_move.c
+qmgr_peer.o: ../../include/argv.h
+qmgr_peer.o: ../../include/dict.h
qmgr_peer.o: ../../include/dsn.h
qmgr_peer.o: ../../include/dsn_buf.h
qmgr_peer.o: ../../include/htable.h
+qmgr_peer.o: ../../include/maps.h
qmgr_peer.o: ../../include/msg.h
qmgr_peer.o: ../../include/mymalloc.h
qmgr_peer.o: ../../include/recipient_list.h
qmgr_peer.o: ../../include/vstring.h
qmgr_peer.o: qmgr.h
qmgr_peer.o: qmgr_peer.c
+qmgr_queue.o: ../../include/argv.h
+qmgr_queue.o: ../../include/dict.h
qmgr_queue.o: ../../include/dsn.h
qmgr_queue.o: ../../include/dsn_buf.h
qmgr_queue.o: ../../include/events.h
qmgr_queue.o: ../../include/htable.h
qmgr_queue.o: ../../include/mail_params.h
+qmgr_queue.o: ../../include/maps.h
qmgr_queue.o: ../../include/msg.h
qmgr_queue.o: ../../include/mymalloc.h
qmgr_queue.o: ../../include/recipient_list.h
qmgr_queue.o: ../../include/vstring.h
qmgr_queue.o: qmgr.h
qmgr_queue.o: qmgr_queue.c
+qmgr_scan.o: ../../include/argv.h
+qmgr_scan.o: ../../include/dict.h
qmgr_scan.o: ../../include/dsn.h
qmgr_scan.o: ../../include/dsn_buf.h
qmgr_scan.o: ../../include/mail_scan_dir.h
+qmgr_scan.o: ../../include/maps.h
qmgr_scan.o: ../../include/msg.h
qmgr_scan.o: ../../include/mymalloc.h
qmgr_scan.o: ../../include/recipient_list.h
qmgr_scan.o: ../../include/vstring.h
qmgr_scan.o: qmgr.h
qmgr_scan.o: qmgr_scan.c
+qmgr_transport.o: ../../include/argv.h
qmgr_transport.o: ../../include/attr.h
+qmgr_transport.o: ../../include/dict.h
qmgr_transport.o: ../../include/dsn.h
qmgr_transport.o: ../../include/dsn_buf.h
qmgr_transport.o: ../../include/events.h
qmgr_transport.o: ../../include/mail_conf.h
qmgr_transport.o: ../../include/mail_params.h
qmgr_transport.o: ../../include/mail_proto.h
+qmgr_transport.o: ../../include/maps.h
qmgr_transport.o: ../../include/msg.h
qmgr_transport.o: ../../include/mymalloc.h
qmgr_transport.o: ../../include/recipient_list.h
int var_local_rcpt_lim;
int var_proc_limit;
bool var_verp_bounce_off;
-bool var_sender_routing;
int var_qmgr_clog_warn_time;
+char *var_snd_relay_maps;
+char *var_vrfy_relay_maps;
static QMGR_SCAN *qmgr_incoming;
static QMGR_SCAN *qmgr_deferred;
+MAPS *qmgr_snd_relay_maps;
+MAPS *qmgr_vrfy_relay_maps;
+
/* qmgr_deferred_run_event - queue manager heartbeat */
static void qmgr_deferred_run_event(int unused_event, char *dummy)
static void qmgr_pre_init(char *unused_name, char **unused_argv)
{
flush_init();
+ if (*var_snd_relay_maps)
+ qmgr_snd_relay_maps =
+ maps_create(VAR_SND_RELAY_MAPS, var_snd_relay_maps, 0);
+ if (*var_vrfy_relay_maps)
+ qmgr_vrfy_relay_maps =
+ maps_create(VAR_VRFY_RELAY_MAPS, var_vrfy_relay_maps, 0);
}
/* qmgr_post_init - post-jail initialization */
{
static CONFIG_STR_TABLE str_table[] = {
VAR_DEFER_XPORTS, DEF_DEFER_XPORTS, &var_defer_xports, 0, 0,
+ VAR_SND_RELAY_MAPS, DEF_SND_RELAY_MAPS, &var_snd_relay_maps, 0, 0,
+ VAR_VRFY_RELAY_MAPS, DEF_VRFY_RELAY_MAPS, &var_vrfy_relay_maps, 0, 0,
0,
};
static CONFIG_TIME_TABLE time_table[] = {
static CONFIG_BOOL_TABLE bool_table[] = {
VAR_ALLOW_MIN_USER, DEF_ALLOW_MIN_USER, &var_allow_min_user,
VAR_VERP_BOUNCE_OFF, DEF_VERP_BOUNCE_OFF, &var_verp_bounce_off,
- VAR_SENDER_ROUTING, DEF_SENDER_ROUTING, &var_sender_routing,
0,
};
*/
#include <recipient_list.h>
#include <dsn.h>
+#include <maps.h> /* Grr.. sender relay maps */
/*
* The queue manager is built around lots of mutually-referring structures.
extern void qmgr_scan_request(QMGR_SCAN *, int);
extern char *qmgr_scan_next(QMGR_SCAN *);
+ /*
+ * qmgr.c
+ */
+extern MAPS *qmgr_snd_relay_maps;
+extern MAPS *qmgr_vrfy_relay_maps;
+
/* LICENSE
/* .ad
/* .fi
#include <split_addr.h>
#include <dsn_mask.h>
#include <dsn_attr_map.h>
+#include <mail_addr_find.h>
/* Client stubs. */
/* qmgr_resolve_one - resolve or skip one recipient */
static int qmgr_resolve_one(QMGR_MESSAGE *message, RECIPIENT *recipient,
- const char *addr, RESOLVE_REPLY *reply)
+ const char *addr, RESOLVE_REPLY *reply,
+ int do_snd_relay_maps)
{
+ MAPS *snd_relay_maps;
+ const char *smarthost;
DSN dsn;
- if ((message->tflags & DEL_REQ_FLAG_MTA_VRFY) == 0)
+#define NO_SENDER_RELAY_MAPS 0
+#define DO_SENDER_RELAY_MAPS 1
+
+ if ((message->tflags & DEL_REQ_FLAG_MTA_VRFY) == 0) {
+ snd_relay_maps = qmgr_snd_relay_maps;
resolve_clnt_query(addr, reply);
- else
+ } else {
+ snd_relay_maps = qmgr_vrfy_relay_maps;
resolve_clnt_verify(addr, reply);
+ }
if (reply->flags & RESOLVE_FLAG_FAIL) {
qmgr_defer_recipient(message, recipient,
DSN_SMTP(&dsn, "4.3.0",
"bad address syntax"));
return (-1);
} else {
+
+ /*
+ * The next-hop destination may be replaced by the per-sender relay
+ * host.
+ *
+ * XXX This violates the principle that qmgr does no map lookups. Map
+ * changes require process restart which is bad for queue manager
+ * performance.
+ */
+ if ((reply->flags & RESOLVE_FLAG_SMARTHOST) && do_snd_relay_maps
+ && message->sender[0] && snd_relay_maps) {
+ if ((smarthost = mail_addr_find(snd_relay_maps, message->sender,
+ (char **) 0)) != 0) {
+ if (msg_verbose)
+ msg_info("using smart host %s for sender %s",
+ smarthost, message->sender);
+ vstring_strcpy(reply->nexthop, smarthost);
+ } else if (dict_errno != 0) {
+ qmgr_defer_recipient(message, recipient,
+ DSN_SMTP(&dsn, "4.3.0",
+ "451 address resolver failure",
+ "address resolver failure"));
+ return (-1);
+ }
+ }
return (0);
}
}
reply.recipient);
RECIPIENT_UPDATE(recipient->address, STR(reply.recipient));
if (qmgr_resolve_one(message, recipient,
- recipient->address, &reply) < 0)
+ recipient->address, &reply,
+ NO_SENDER_RELAY_MAPS) < 0)
continue;
if (!STREQ(recipient->address, STR(reply.recipient)))
RECIPIENT_UPDATE(recipient->address, STR(reply.recipient));
* Content filtering overrides the address resolver.
*/
else if (message->filter_xport) {
+ reply.flags = 0;
vstring_strcpy(reply.transport, message->filter_xport);
if ((nexthop = split_at(STR(reply.transport), ':')) == 0
|| *nexthop == 0)
* Resolve the destination to (transport, nexthop, address). The
* result address may differ from the one specified by the sender.
*/
- else if (var_sender_routing == 0) {
+ else {
if (qmgr_resolve_one(message, recipient,
- recipient->address, &reply) < 0)
+ recipient->address, &reply,
+ DO_SENDER_RELAY_MAPS) < 0)
continue;
if (!STREQ(recipient->address, STR(reply.recipient)))
RECIPIENT_UPDATE(recipient->address, STR(reply.recipient));
}
- /*
- * XXX Sender-based routing does not work very well, because it has
- * problems with sending bounces.
- */
- else {
- if (qmgr_resolve_one(message, recipient,
- message->sender, &reply) < 0)
- continue;
- vstring_strcpy(reply.recipient, recipient->address);
- }
-
/*
* Bounce null recipients. This should never happen, but is most
* likely the result of a fault in a different program, so aborting
/* Enable SASL authentication in the Postfix SMTP client.
/* .IP "\fBsmtp_sasl_password_maps (empty)\fR"
/* Optional SMTP client lookup tables with one username:password entry
-/* per remote hostname or domain.
+/* per remote hostname or domain (or per sender, when per-sender
+/* authentication is enabled).
/* .IP "\fBsmtp_sasl_security_options (noplaintext, noanonymous)\fR"
/* What authentication mechanisms the Postfix SMTP client is allowed
/* to use.
/* .IP "\fBsmtp_sasl_mechanism_filter (empty)\fR"
/* If non-empty, a Postfix SMTP client filter for the remote SMTP
/* server's list of offered SASL mechanisms.
+/* .PP
+/* Available in Postfix version 2.3 and later:
+/* .IP "\fBsmtp_per_sender_authentication (no)\fR"
+/* Enable per-sender authentication in the SMTP client; this is available
+/* only with SASL authentication, and disables SMTP connection caching
+/* to ensure that mail from different senders will use the appropriate
+/* credentials.
/* STARTTLS SUPPORT CONTROLS
/* .ad
/* .fi
char *var_smtp_generic_maps;
char *var_prop_extension;
+bool var_smtp_sender_auth;
/*
* Global variables. smtp_errno is set by the address lookup routines and by
VAR_SMTP_TLS_ENFORCE_PN, DEF_SMTP_TLS_ENFORCE_PN, &var_smtp_tls_enforce_peername,
VAR_SMTP_TLS_NOTEOFFER, DEF_SMTP_TLS_NOTEOFFER, &var_smtp_tls_note_starttls_offer,
#endif
+ VAR_SMTP_SENDER_AUTH, DEF_SMTP_SENDER_AUTH, &var_smtp_sender_auth,
0,
};
* Opportunistic (a.k.a. on-demand) session caching on request by the
* queue manager. This is turned temporarily when a destination has a
* high volume of mail in the active queue.
+ *
+ * XXX Disable connection caching when per-sender credentials are
+ * enabled. We must not send someone elses mail over an authenticated
+ * connection, and we must not send mail that requires authentication
+ * over a connection that wasn't authenticated.
*/
if (cpp == sites->argv
+ && !var_smtp_sender_auth
&& ((var_smtp_cache_demand && (request->flags & DEL_REQ_FLAG_SCACHE) != 0)
|| (smtp_cache_dest && string_list_match(smtp_cache_dest, domain)))) {
sess_flags |= SMTP_SESS_FLAG_CACHE;
#include <mail_params.h>
#include <string_list.h>
#include <maps.h>
+#include <mail_addr_find.h>
/*
* Application-specific
* but didn't canonicalize the TCP port, and did not append the port to
* the MX hostname.
*/
- if ((value = maps_find(smtp_sasl_passwd_map, session->host, 0)) != 0
+ if ((var_sender_auth
+ && (value = mail_addr_find(smtp_sasl_passwd_map,
+ state->request->sender, (char **) 0)) != 0)
+ || (value = maps_find(smtp_sasl_passwd_map, session->host, 0)) != 0
|| (value = maps_find(smtp_sasl_passwd_map, session->dest, 0)) != 0) {
session->sasl_username = mystrdup(value);
passwd = split_at(session->sasl_username, ':');
return (1);
} else {
if (msg_verbose)
- msg_info("%s: host `%s' no auth info found",
- myname, session->host);
+ msg_info("%s: no auth info found (sender=`%s', host=`%s')",
+ myname, state->request->sender, session->host);
return (0);
}
}
resolve.o: resolve.c
resolve.o: transport.h
resolve.o: trivial-rewrite.h
+rewrite.o: ../../include/argv.h
rewrite.o: ../../include/attr.h
+rewrite.o: ../../include/dict.h
rewrite.o: ../../include/iostuff.h
rewrite.o: ../../include/mail_conf.h
rewrite.o: ../../include/mail_params.h
rewrite.o: ../../include/mail_proto.h
+rewrite.o: ../../include/maps.h
rewrite.o: ../../include/msg.h
rewrite.o: ../../include/resolve_clnt.h
rewrite.o: ../../include/resolve_local.h
transport.o: ../../include/match_parent_style.h
transport.o: ../../include/msg.h
transport.o: ../../include/mymalloc.h
+transport.o: ../../include/resolve_clnt.h
transport.o: ../../include/split_at.h
transport.o: ../../include/stringops.h
transport.o: ../../include/strip_addr.h
* highest precedence to transport associated nexthop information.
*
* Otherwise, with relay or other non-local destinations, the relayhost
- * setting overrides the destination domain name.
+ * setting overrides the recipient domain name, and the per-sender
+ * relayhost overrides both.
*
* XXX Nag if the recipient domain is listed in multiple domain lists. The
* result is implementation defined, and may break when internals change.
}
/*
- * With off-host delivery, relayhost overrides recipient domain.
+ * With off-host delivery, per-sender or global relayhost
+ * override the recipient domain. The per-sender override is done
+ * in the client, and permission to do so is is signaled with the
+ * SMARTHOST flag. This is technically incorrect, but avoids the
+ * need to change the resolver client protocol for something that
+ * is irrelevant for most resolver clients, and that most Postfix
+ * sites will never need.
*/
+ *flags |= RESOLVE_FLAG_SMARTHOST;
if (*RES_PARAM_VALUE(rp->relayhost))
vstring_strcpy(nexthop, RES_PARAM_VALUE(rp->relayhost));
else
* force mail for any domain in $mydestination/${proxy,inet}_interfaces
* to share the same queue.
*/
- if ((destination = split_at(STR(channel), ':')) != 0 && *destination)
+ if ((destination = split_at(STR(channel), ':')) != 0 && *destination) {
vstring_strcpy(nexthop, destination);
+ *flags &= ~RESOLVE_FLAG_SMARTHOST;
+ }
/*
* Sanity checks.
* XXX Don't override the virtual alias class (error:User unknown) result.
*/
if (rp->transport_info && !(*flags & RESOLVE_CLASS_ALIAS)) {
- if (transport_lookup(rp->transport_info, STR(nextrcpt),
+ if (transport_lookup(rp->transport_info, flags, STR(nextrcpt),
rcpt_domain, channel, nexthop) == 0
&& dict_errno != 0) {
msg_warn("%s lookup failure", rp->transport_maps_name);
/* void transport_post_init(info)
/* TRANSPORT_INFO *info;
/*
-/* int transport_lookup(info, address, rcpt_domain, channel, nexthop)
+/* int transport_lookup(info, res_flags, address, rcpt_domain,
+/* channel, nexthop)
/* TRANSPORT_INFO *info;
+/* int *res_flags;
/* const char *address;
/* const char *rcpt_domain;
/* VSTRING *channel;
/*
/* transport_lookup() finds the channel and nexthop for the given
/* domain, and returns 1 if something was found. Otherwise, 0
-/* is returned.
+/* is returned. The res_flags SMARTHOST bit is reset when the nexthop
+/* information is updated.
/* DIAGNOSTICS
/* The global \fIdict_errno\fR is non-zero when the lookup
/* should be tried again.
#include <maps.h>
#include <match_parent_style.h>
#include <mail_proto.h>
+#include <resolve_clnt.h>
/* Application-specific. */
static void update_entry(const char *new_channel, const char *new_nexthop,
const char *rcpt_domain, VSTRING *channel,
- VSTRING *nexthop)
+ VSTRING *nexthop, int *res_flags)
{
/*
* side of ":" is the transport table equivalent of a NOOP.
*/
if (*new_channel == 0) { /* :[nexthop] */
- if (*new_nexthop != 0)
+ if (*new_nexthop != 0) {
vstring_strcpy(nexthop, new_nexthop);
+ *res_flags &= ~RESOLVE_FLAG_SMARTHOST;
+ }
}
/*
vstring_strcpy(nexthop, rcpt_domain);
else
vstring_strcpy(nexthop, "Address is undeliverable");
+ *res_flags &= ~RESOLVE_FLAG_SMARTHOST;
}
}
/* find_transport_entry - look up and parse transport table entry */
-static int find_transport_entry(TRANSPORT_INFO *tp, const char *key,
- const char *rcpt_domain, int flags,
- VSTRING *channel, VSTRING *nexthop)
+static int find_transport_entry(TRANSPORT_INFO *tp, int *res_flags,
+ const char *key,
+ const char *rcpt_domain,
+ int map_flags,
+ VSTRING *channel,
+ VSTRING *nexthop)
{
char *saved_value;
const char *host;
*
* XXX Should report lookup failure status to caller instead of aborting.
*/
- if ((value = maps_find(tp->transport_path, key, flags)) == 0)
+ if ((value = maps_find(tp->transport_path, key, map_flags)) == 0)
return (NOTFOUND);
/*
saved_value = mystrdup(value);
host = split_at(saved_value, ':');
update_entry(saved_value, host ? host : "", rcpt_domain,
- channel, nexthop);
+ channel, nexthop, res_flags);
myfree(saved_value);
return (FOUND);
}
{
VSTRING *channel = vstring_alloc(10);
VSTRING *nexthop = vstring_alloc(10);
+ int dummy;
/*
* Technically, the wildcard lookup pattern is redundant. A static map
#define FULL 0
#define PARTIAL DICT_FLAG_FIXED
- if (find_transport_entry(tp, WILDCARD, "", FULL, channel, nexthop)) {
+ if (find_transport_entry(tp, &dummy, WILDCARD, "",
+ FULL, channel, nexthop)) {
tp->transport_errno = 0;
if (tp->wildcard_channel)
vstring_free(tp->wildcard_channel);
/* transport_lookup - map a transport domain */
-int transport_lookup(TRANSPORT_INFO *tp, const char *addr,
+int transport_lookup(TRANSPORT_INFO *tp, int *res_flags, const char *addr,
const char *rcpt_domain,
VSTRING *channel, VSTRING *nexthop)
{
if ((ratsign = strrchr(full_addr, '@')) == 0 || ratsign[1] == 0)
msg_panic("transport_lookup: bad address: \"%s\"", full_addr);
- if (find_transport_entry(tp, full_addr, rcpt_domain, FULL, channel, nexthop))
+ if (find_transport_entry(tp, res_flags, full_addr, rcpt_domain,
+ FULL, channel, nexthop))
RETURN_FREE(FOUND);
if (dict_errno != 0)
RETURN_FREE(NOTFOUND);
*/
if ((stripped_addr = strip_addr(full_addr, DISCARD_EXTENSION,
*var_rcpt_delim)) != 0) {
- found = find_transport_entry(tp, stripped_addr, rcpt_domain, PARTIAL,
- channel, nexthop);
+ found = find_transport_entry(tp, res_flags, stripped_addr, rcpt_domain,
+ PARTIAL, channel, nexthop);
myfree(stripped_addr);
if (found)
* with regular expressions.
*/
for (name = ratsign + 1; *name != 0; name = next) {
- if (find_transport_entry(tp, name, rcpt_domain, PARTIAL, channel, nexthop))
+ if (find_transport_entry(tp, res_flags, name, rcpt_domain,
+ PARTIAL, channel, nexthop))
RETURN_FREE(FOUND);
if (dict_errno != 0)
RETURN_FREE(NOTFOUND);
RETURN_FREE(NOTFOUND);
} else if (tp->wildcard_channel) {
update_entry(STR(tp->wildcard_channel), STR(tp->wildcard_nexthop),
- rcpt_domain, channel, nexthop);
+ rcpt_domain, channel, nexthop, res_flags);
RETURN_FREE(FOUND);
}
extern TRANSPORT_INFO *transport_pre_init(const char *, const char *);
extern void transport_post_init(TRANSPORT_INFO *);
-extern int transport_lookup(TRANSPORT_INFO *, const char *, const char *, VSTRING *, VSTRING *);
+extern int transport_lookup(TRANSPORT_INFO *, int *, const char *, const char *, VSTRING *, VSTRING *);
extern void transport_free(TRANSPORT_INFO *);
/* LICENSE
/* .IP "\fBtransport_maps (empty)\fR"
/* Optional lookup tables with mappings from recipient address to
/* (message delivery transport, next-hop destination).
+/* .PP
+/* Available in Postfix version 2.3 and later:
+/* .IP "\fBsender_relayhost_maps (empty)\fR"
+/* A sender-specific override for the global relayhost parameter
+/* setting.
/* ADDRESS VERIFICATION CONTROLS
/* .ad
/* .fi
/* .IP "\fBaddress_verify_relayhost ($relayhost)\fR"
/* Overrides the relayhost parameter setting for address verification
/* probes.
+/* .IP "\fBaddress_verify_sender_relayhost_maps (empty)\fR"
+/* Overrides the sender_relayhost_maps parameter setting for address
+/* verification probes.
/* .IP "\fBaddress_verify_transport_maps ($transport_maps)\fR"
/* Overrides the transport_maps parameter setting for address verification
/* probes.
* Global library.
*/
#include <tok822.h>
+#include <maps.h>
/*
* Connection management.
char **origin; /* default origin */
const char *domain_name; /* name of variable */
char **domain; /* default domain */
-} RWR_CONTEXT;
+} RWR_CONTEXT;
#define REW_PARAM_VALUE(x) (*(x)) /* make it easy to do it right */
projects / thirdparty / postfix.git / commitdiff
