site already ran Postfix with local_recipient_maps enabled.
Files: smtpd/smtpd.c, smtpd/smtpd_check.c, conf/post-install.
+20021219
+
+ Bugfix: longjmp() while sending "go away" without setjmp()
+ in the QMQP server. Patrik Rak. File: qmqpd/qmqpd.c.
+
+ Safety: the XVERP extension is restricted to clients listed
+ in the authorized_verp_clients list (default: $mynetworks).
+ File: smtpd/smtpd.c.
+
+ Workaround: preliminary IPV6 support in valid_hostliteral().
+ File: util/valid_hostname.c.
+
Open problems:
Low: after successful delivery, per-queue window += 1/window,
Note: there should be no whitespace before "postdrop:".
- NB: this group was optional with older Postfix releases; it is
- now required.
-
- Optional: If you want to install symbol-stripped (non-debug) versions
of the Postfix programs and daemons, do:
collection of scripts that help you set up chroot environments for
Postfix systems.
+IMPORTANT: if you enable chrooted operation of the SMTP server you
+must copy the passwd file into the chroot jail, otherwise the SMTP
+server will reject mail for local addresses.
+
+44BSD systems:
+
+ # mkdir /var/spool/postfix/etc
+ # cp /etc/pwd.db /var/spool/postfix/etc
+
+Other systems:
+
+ # mkdir /var/spool/postfix/etc
+ # cp /etc/passwd /var/spool/postfix/etc
+
+You may also have to copy /etc/nsswitch.conf and the files referenced
+by /etc/nsswitch.conf. See the system dependent scripts in
+examples/chroot-setup for suggestions.
+
12 - Care and feeding of the Postfix system
===========================================
+++ /dev/null
-1 - Purpose of this document
-============================
-
-This document describes how to build, install and configure a
-Postfix system so that it can do one of the following:
-
- - Send mail only, without changing an existing sendmail
- installation.
-
- - Send and receive mail via a virtual host interface, still
- without any change to an existing sendmail installation.
-
- - Replace sendmail altogether.
-
-2 - Typographical conventions
-=============================
-
-In the instructions below, a command written as
-
- # command
-
-should be executed as the superuser.
-
-A command written as
-
- % command
-
-should be executed as an unprivileged user.
-
-3 - Documentation
-=================
-
-Documentation is available as HTML web pages (point your browser
-to html/index.html) and as UNIX-style man pages (point your MANPATH
-environment variable to the `man' subdirectory; be sure to use an
-absolute path).
-
-The sample configuration files in the `conf' directory have extensive
-comments, but they may not describe every nuance of every feature.
-
-Many files have their own built-in manual page. Tools to extract
-those embedded manual pages are available in the mantools directory.
-
-4 - Building on a supported system
-==================================
-
-If your system is supported, it is one of
-
- AIX 3.2.5
- AIX 4.1.x
- AIX 4.2.0
- BSD/OS 2.x
- BSD/OS 3.x
- BSD/OS 4.x
- Darwin 1.x
- FreeBSD 2.x
- FreeBSD 3.x
- FreeBSD 4.x
- FreeBSD 5.x
- HP-UX 9.x
- HP-UX 10.x
- HP-UX 11.x
- IRIX 5.x
- IRIX 6.x
- Linux Debian 1.3.1
- Linux Debian 2.x
- Linux RedHat 4.x
- Linux RedHat 5.x
- Linux RedHat 6.x
- Linux RedHat 7.x
- Linux Slackware 3.x
- Linux Slackware 4.x
- Linux Slackware 7.x
- Linux SuSE 5.x
- Linux SuSE 6.x
- Linux SuSE 7.x
- Mac OS X
- NEXTSTEP 3.x
- NetBSD 1.x
- OPENSTEP 4.x
- OSF1.V3 (Digital UNIX)
- OSF1.V4 aka Digital UNIX V4
- OSF1.V5 aka Digital UNIX V5
- OpenBSD 2.x
- Reliant UNIX 5.x
- Rhapsody 5.x
- SunOS 4.1.x (with Postfix 1.1.0)
- SunOS 5.4..5.8 (Solaris 2.4..8)
- Ultrix 4.x (well, that was long ago)
-
-or something closely resemblant.
-
-On Solaris, the "make" command and other utilities for software
-development are in /usr/ccs/bin, so you MUST have /usr/ccs/bin in
-your command search path.
-
-If you need to build Postfix for multiple architectures, use the
-lndir command to build a shadow tree with symbolic links to the
-source files. lndir is part of X11R6.
-
-If at any time in the build process you get messages like: "make:
-don't know how to ..." you should be able to recover by running
-the following command from the Postfix top-level directory:
-
- % make -f Makefile.init makefiles
-
-If you copied the Postfix source code after building it on another
-machine, it is a good idea to cd into the top-level directory and
-
- % make tidy
-
-first. This will get rid of any system dependencies left over from
-compiling the software elsewhere.
-
-To build with GCC, or with the native compiler if people told me
-that is better for your system, just cd into the top-level Postfix
-directory of the source tree and type:
-
- % make
-
-To build with a non-default compiler, you need to specify the name
-of the compiler:
-
- % make makefiles CC=/opt/SUNWspro/bin/cc (Solaris)
- % make
-
- % make makefiles CC="/opt/ansic/bin/cc -Ae" (HP-UX)
- % make
-
- % make makefiles CC="purify cc"
- % make
-
-and so on. In some cases, optimization is turned off automatically.
-
-In order to build with non-default settings, for example, with a
-configuration directory other than /etc/postfix, use:
-
- % make makefiles CCARGS='-DDEF_CONFIG_DIR=\"/some/where\"'
- % make
-
-Be sure to get the quotes right. These details matter a lot.
-
-Other parameters whose defaults can be specified in this way are:
-
- Macro name default value for
- -------------------------------------
- DEF_COMMAND_DIR command_directory
- DEF_DAEMON_DIR daemon_directory
- DEF_SENDMAIL_PATH sendmail_path
- DEF_MAILQ_PATH mailq_path
- DEF_NEWALIAS_PATH newaliases_path
-
-In order to build Postfix for very large applications, where you
-expect to run more than 1000 delivery processes, you may need to
-override the definition of the FD_SETSIZE macro to make select()
-work correctly:
-
- % make makefiles CCARGS=-DFD_SETSIZE=2048
-
-In any case, if the command
-
- % make
-
-produces compiler error messages, it may be time to examine the
-FAQ document (see html/faq.html).
-
-5 - Porting to on an unsupported system
-=======================================
-
-- Each system type is identified by a unique name. Examples:
-SUNOS5, FREEBSD4, and so on. Choose a SYSTEMTYPE name for the new
-system. You must use a name that includes at least the major version
-of the operating system (such as SUNOS4 or LINUX2), so that different
-releases of the same system can be supported without confusion.
-
-- Add a case statement to the "makedefs" shell script in the
-top-level directory that recognizes the new system reliably, and
-that emits the right system-specific information. Be sure to make
-the code robust against user PATH settings; if the system offers
-multiple UNIX flavors (e.g. BSD and SYSV) be sure to build for the
-native flavor, not the emulated one.
-
-- Add an #ifdef SYSTEMTYPE section to the central util/sys_defs.h
-include file. You may have to invent new feature macros. Please
-choose sensible feature macro names such as HAS_DBM or
-FIONREAD_IN_SYS_FILIO_H. I strongly recommend against #ifdef
-SYSTEMTYPE dependencies in individual source files. This may seem
-to be the quickest solution, but it will create a mess that becomes
-increasingly difficult to maintain over time. Moreover, with the
-next port you'd have to place #ifdefs all over the source code
-again.
-
-6 - Installing the software after successful compilation
-========================================================
-
-This text describes how to install Postfix from source code. See
-the PACKAGE_README file if you are building a package for distribution
-to other systems.
-
-IMPORTANT: if you are REPLACING an existing sendmail installation
-with Postfix, you may need to keep the old sendmail program running
-for some time in order to flush the mail queue. As superuser,
-execute the following commands (your sendmail, newaliases and mailq
-programs may be in a different place):
-
- # mv /usr/sbin/sendmail /usr/sbin/sendmail.OFF
- # mv /usr/bin/newaliases /usr/bin/newaliases.OFF
- # mv /usr/bin/mailq /usr/bin/mailq.OFF
- # chmod 755 /usr/sbin/sendmail.OFF /usr/bin/newaliases.OFF \
- /usr/bin/mailq.OFF
-
-In order to install or upgrade Postfix:
-
-- Create a user account "postfix" with a user id and group id that
- are not used by any other user account. Preferably, this is an
- account that no-one can log into. The account does not need an
- executable login shell, and needs no existing home directory.
- My password file entry looks like this:
-
- postfix:*:12345:12345:postfix:/no/where:/no/shell
-
- Note: there should be no whitespace before "postfix:".
-
-- Make sure there is a corresponding alias in /etc/aliases:
-
- postfix: root
-
- Note: there should be no whitespace before "postfix:".
-
-- Create a group "postdrop" with a group id that is not used by
- any other user account. Not even by the postfix user account.
- My group file entry looks like:
-
- postdrop:*:54321:
-
- Note: there should be no whitespace before "postdrop:".
-
- NB: this group was optional with older Postfix releases; it is
- now required.
-
-- Optional: If you want to install symbol-stripped (non-debug) versions
- of the Postfix programs and daemons, do:
-
- % strip bin/* libexec/*
-
-- Run one of the following commands as the super-user:
-
- # make install (interactive version, first time install)
- # make upgrade (non-interactive version, for upgrades)
-
- The non-interactive version needs the /etc/postfix/main.cf file
- from a previous installation. If the file does not exist, use
- interactive installation instead.
-
- The interactive version offers suggestions for pathnames that
- you can override interactively, and stores your preferences in
- /etc/postfix/main.cf for convenient future upgrades.
-
-- Proceed to the section on how you wish to run Postfix on your
- particular machine:
-
- - Send mail only, without changing an existing sendmail
- installation (section 7).
-
- - Send and receive mail via a virtual host interface, still
- without any change to an existing sendmail installation
- (section 8).
-
- - Replace sendmail altogether (section 9).
-
-7 - Configuring Postfix to send mail only
-=========================================
-
-If you are going to use Postfix to send mail only, there is no need
-to change your existing sendmail setup. Instead, set up your mail
-user agent so that it calls the Postfix sendmail program directly.
-
-Follow the instructions in the "Mandatory configuration file edits"
-in section 10, and review the "To chroot or not to chroot" text in
-section 11.
-
-You MUST comment out the `smtp inet' entry in /etc/postfix/master.cf,
-in order to avoid conflicts with the real sendmail.
-
-Start the Postfix system:
-
- # postfix start
-
-or, if you feel nostalgic, use the Postfix sendmail command:
-
- # sendmail -bd -qwhatever
-
-and watch your syslog file for any error messages.
-
- % egrep '(reject|warning|error|fatal|panic):' /some/log/file
-
-Typical logfile names are: /var/log/maillog or /var/log/syslog.
-See /etc/syslog.conf for actual logfile names.
-
-In order to inspect the mail queue, use
-
- % sendmail -bp
-
-See also the "Care and feeding" section 12 below.
-
-8 - Configuring Postfix to send and receive mail (virtual interface)
-====================================================================
-
-Alternatively, you can use the Postfix system to send AND receive
-mail while leaving your sendmail setup intact, by running Postfix
-on a virtual interface address. Simply configure your mail user
-agent to directly invoke the Postfix sendmail program.
-
-The examples/virtual-setup directory gives instructions for setting
-up virtual interfaces for a variety of UNIX versions.
-
-In the /etc/postfix/main.cf file, I would specify
-
- myhostname = virtual.host.tld
- inet_interfaces = $myhostname
- mydestination = $myhostname
-
-Follow the instructions in the "Mandatory configuration file edits"
-in section 10, and review the "To chroot or not to chroot" text in
-section 11.
-
-Start the mail system:
-
- # postfix start
-
-or, if you feel nostalgic, use the Postfix sendmail program:
-
- # sendmail -bd -qwhatever
-
-and watch your syslog file for any error messages.
-
- % egrep '(reject|warning|error|fatal|panic):' /some/log/file
-
-Typical logfile names are: /var/log/maillog or /var/log/syslog.
-See /etc/syslog.conf for actual logfile names.
-
-In order to inspect the mail queue, use
-
- % sendmail -bp
-
-See also the "Care and feeding" section 12 below.
-
-9 - Turning off sendmail forever
-================================
-
-Prior to installing Postfix you should save the existing sendmail
-program files as described in section 6.
-
-Be sure to keep the old sendmail running for at least a couple
-days to flush any unsent mail. To do so, stop the sendmail daemon
-and restart it as:
-
- # /usr/sbin/sendmail.OFF -q
-
-After you have visited the "Mandatory configuration file edits"
-section below, you can start the Postfix system with
-
- # postfix start
-
-But the good old sendmail way works just as well:
-
- # sendmail -bd -qwhatever
-
-and watch the syslog file for any complaints from the mail system.
-
- % egrep '(reject|warning|error|fatal|panic):' /some/log/file
-
-Typical logfile names are: /var/log/maillog or /var/log/syslog.
-See /etc/syslog.conf for actual logfile names.
-
-See also the "Care and feeding" section 12 below.
-
-10 - Mandatory configuration file edits
-=======================================
-
-By default, Postfix configuration files are in /etc/postfix, and
-must be owned by root. Giving someone else write permission to
-main.cf or master.cf means giving root privileges to that person.
-
-Whenever you make a change to a config file, execute the following
-command in order to refresh a running mail system:
-
- # postfix reload
-
-In /etc/postfix/main.cf you will have to set up a minimal number of
-configuration parameters. Postfix configuration parameters
-resemble shell variables. You specify a variable as
-
- parameter = value
-
-and you use it by putting a $ in front of its name:
-
- other_parameter = $parameter
-
-You can use $parameter before it is given a value. The Postfix
-configuration language uses lazy evaluation, and does not look at
-a parameter value until it is needed at runtime.
-
-First of all, you must specify what domain will be appended to an
-unqualified address (i.e. an address without @domain.tld). The
-"myorigin" parameter defaults to the local hostname, but that is
-probably OK only for very small sites.
-
-Some examples:
-
- myorigin = $myhostname
- myorigin = $mydomain
-
-In the first case, local mail goes out as user@$myhostname, in
-the second case the sender address is user@$mydomain.
-
-Next you need to specify what mail addresses Postfix should deliver
-locally.
-
-Some examples:
-
- mydestination = $myhostname, localhost.$mydomain
- mydestination = $myhostname, localhost.$mydomain, $mydomain
- mydestination = $myhostname
-
-The first example is appropriate for a workstation, the second is
-appropriate for the mailserver for an entire domain. The third
-example should be used when running on a virtual host interface.
-
-If your machine is on an open network then you must specify what
-client IP addresses are authorized to relay their mail through your
-machine. The default setting includes all class A, B or C networks
-that the machine is attached to. Often, that gives relay permission
-to too many clients. My own settings are:
-
- mynetworks = 168.100.189.0/28, 127.0.0.0/8
-
-If you're behind a firewall, you should set up a relayhost. If
-you can, specify the organizational domain name so that Postfix
-can use DNS lookups, and so that it can fall back to a secondary
-MX host when the primary MX host is down. Otherwise just specify
-a hard-coded hostname.
-
-Some examples:
-
- relayhost = $mydomain
- relayhost = mail.$mydomain
- relayhost = [mail.$mydomain]
-
-The form enclosed with [] eliminates DNS MX lookups.
-
-By default, the SMTP client will do DNS lookups for sender and
-recipient addresses even when you specify a relay host. If your
-machine has no access to a DNS server, turn off SMTP client DNS
-lookups like this:
-
- disable_dns_lookups = yes
-
-The FAQ (html/faq.html) has more hints and tips for firewalled
-and/or dial-up networks.
-
-Finally, if you haven't used Sendmail prior to using Postfix, you
-will have to build the alias database (with: sendmail -bi, or:
-newaliases). Be sure to set up aliases for root and postmaster that
-forward mail to a real person. Postfix has a sample aliases file
-conf/aliases that you can adapt to local conditions.
-
-11 - To chroot or not to chroot
-===============================
-
-Postfix can run most daemon processes in a chroot jail, that is,
-the processes run at a fixed low privilege and with access only to
-the Postfix queue directories (/var/spool/postfix). This provides
-a significant barrier against intrusion. The barrier is not
-impenetrable, but every little bit helps.
-
-With the exception of the Postfix daemons that deliver mail locally,
-every Postfix daemon can run chrooted.
-
-Sites with high security requirements should consider to chroot
-all daemons that talk to the network: the smtp and smtpd processes,
-and perhaps also the lmtp client.
-
-The default /etc/postfix/master.cf file specifies that no Postfix
-daemon runs chrooted. In order to enable chroot operation, edit
-the file /etc/postfix/master.cf. Instructions are in the file.
-
-Note that a chrooted daemon resolves all filenames relative to the
-Postfix queue directory (/var/spool/postfix). For successful use
-of a chroot jail, most UNIX systems require you to bring in some
-files or device nodes. The examples/chroot-setup directory has a
-collection of scripts that help you set up chroot environments for
-Postfix systems.
-
-12 - Care and feeding of the Postfix system
-===========================================
-
-The Postfix programs log all problems to the syslog daemon. The
-names of logfiles are specified in /etc/syslog.conf. Note: the
-syslogd will not create files. You must create them ahead of time
-before (re)starting syslogd. At the very least you need something
-like:
-
- mail.err /dev/console
- mail.debug /var/log/maillog
-
-Hopefully, the number of problems will be small, but it is a good
-idea to run every night before the syslog files are rotated:
-
- # postfix check
- # egrep '(reject|warning|error|fatal|panic):' /some/log/file
-
-Typical logfile names are: /var/log/maillog or /var/log/syslog.
-See /etc/syslog.conf for actual logfile names.
-
-The first line (postfix check) causes Postfix to report file
-permission/ownership discrepancies.
-
-The second line looks for problem reports from the mail software,
-and reports how effective the anti-relay and anti-UCE blocks are.
--- /dev/null
+../INSTALL
\ No newline at end of file
The VERP concept was popularized by the qmail MTA and by the ezmlm
mailing list manager.
-The whole process is controlled by two configuration parameters.
+The whole process is controlled by four configuration parameters.
- default_verp_delimiters (default value: +=) controls what VERP
delimiter characters Postfix uses when VERP style delivery is
or because they are non-ASCII or control characters. And who knows,
some characters may tickle bugs in vulnerable software.
+- authorized_verp_clients (default value: $mynetworks) controls
+what network clients are allowed to request VERP style delivery.
+Exceptions: the Postfix QMQP server uses its own access control
+mechanism, and local submission (via /usr/sbin/sendmail etc.) is
+always authorized. To authorize a host, list its name, IP address,
+subnet (net/mask) or parent .domain.
+
+- disable_verp_bounces (default: no) controls if Postfix sends one
+bounce report for multi-recipient VERP mail, or one bounce report
+per recipient. The default, one per recipient, is what ezmlm needs.
+
Using VERP with majordomo etc. mailing lists
============================================
date. Snapshots change only the release date, unless they include
the same bugfixes as a patch release.
+Incompatible changes with Postfix snapshot 1.1.12-20021219
+==========================================================
+
+The use of the XVERP extension in the SMTP MAIL FROM command is
+now limited to SMTP clients that match the hostnames, domains or
+networks listed with the authorized_verp_clients parameter (default:
+$mynetworks).
+
Incompatible changes with Postfix snapshot 1.1.12-20021209
==========================================================
then you have not properly followed the installation procedure.
The Postfix SMTP server now rejects mail for $mydestination domain
-recipients that it does not know about. For this to work correctly,
-you need to review the section titled "REJECTING UNKNOWN LOCAL
-USERS" in conf/main.cf if one of the following is true:
+recipients that it does not know about. This keeps undeliverable
+mail out of your queue. For safety's sake, the default is to reply
+with a 450 (try again later) status code so that you don't suddenly
+lose mail.
+
+For this to work correctly, you need to review the section titled
+"REJECTING UNKNOWN LOCAL USERS" in conf/main.cf if one of the
+following is true:
- You define $mydestination domain recipients in files other than
/etc/passwd, /etc/aliases, or the $virtual_alias_maps files.
Specify "local_recipient_maps =" (i.e. empty) to make the SMTP
server accept mail for all known and unknown local recipients.
-That was the default setting prior to Postfix version 1.2.
+That was the default setting prior to Postfix version 2.0.
Postfix no longer defaults to the "smtp" transport for all non-local
destinations. This may affect your defer_transports settings. In
+++ /dev/null
-IBM PUBLIC LICENSE VERSION 1.0 - SECURE MAILER
-
-THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF THIS IBM PUBLIC
-LICENSE ("AGREEMENT"). ANY USE, REPRODUCTION OR DISTRIBUTION OF THE
-PROGRAM CONSTITUTES RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT.
-
-1. DEFINITIONS
-
-"Contribution" means:
- a) in the case of International Business Machines Corporation ("IBM"),
- the Original Program, and
- b) in the case of each Contributor,
- i) changes to the Program, and
- ii) additions to the Program;
- where such changes and/or additions to the Program originate
- from and are distributed by that particular Contributor.
- A Contribution 'originates' from a Contributor if it was added
- to the Program by such Contributor itself or anyone acting on
- such Contributor's behalf.
- Contributions do not include additions to the Program which:
- (i) are separate modules of software distributed in conjunction
- with the Program under their own license agreement, and
- (ii) are not derivative works of the Program.
-
-"Contributor" means IBM and any other entity that distributes the Program.
-
-"Licensed Patents " mean patent claims licensable by a Contributor which
-are necessarily infringed by the use or sale of its Contribution alone
-or when combined with the Program.
-
-"Original Program" means the original version of the software accompanying
-this Agreement as released by IBM, including source code, object code
-and documentation, if any.
-
-"Program" means the Original Program and Contributions.
-
-"Recipient" means anyone who receives the Program under this Agreement,
-including all Contributors.
-
-2. GRANT OF RIGHTS
-
- a) Subject to the terms of this Agreement, each Contributor hereby
- grants Recipient a non-exclusive, worldwide, royalty-free copyright
- license to reproduce, prepare derivative works of, publicly display,
- publicly perform, distribute and sublicense the Contribution of such
- Contributor, if any, and such derivative works, in source code and
- object code form.
-
- b) Subject to the terms of this Agreement, each Contributor hereby
- grants Recipient a non-exclusive, worldwide, royalty-free patent
- license under Licensed Patents to make, use, sell, offer to sell,
- import and otherwise transfer the Contribution of such Contributor,
- if any, in source code and object code form. This patent license
- shall apply to the combination of the Contribution and the Program
- if, at the time the Contribution is added by the Contributor, such
- addition of the Contribution causes such combination to be covered
- by the Licensed Patents. The patent license shall not apply to any
- other combinations which include the Contribution. No hardware per
- se is licensed hereunder.
-
- c) Recipient understands that although each Contributor grants the
- licenses to its Contributions set forth herein, no assurances are
- provided by any Contributor that the Program does not infringe the
- patent or other intellectual property rights of any other entity.
- Each Contributor disclaims any liability to Recipient for claims
- brought by any other entity based on infringement of intellectual
- property rights or otherwise. As a condition to exercising the rights
- and licenses granted hereunder, each Recipient hereby assumes sole
- responsibility to secure any other intellectual property rights
- needed, if any. For example, if a third party patent license
- is required to allow Recipient to distribute the Program, it is
- Recipient's responsibility to acquire that license before distributing
- the Program.
-
- d) Each Contributor represents that to its knowledge it has sufficient
- copyright rights in its Contribution, if any, to grant the copyright
- license set forth in this Agreement.
-
-3. REQUIREMENTS
-
-A Contributor may choose to distribute the Program in object code form
-under its own license agreement, provided that:
- a) it complies with the terms and conditions of this Agreement; and
- b) its license agreement:
- i) effectively disclaims on behalf of all Contributors all
- warranties and conditions, express and implied, including
- warranties or conditions of title and non-infringement, and
- implied warranties or conditions of merchantability and fitness
- for a particular purpose;
- ii) effectively excludes on behalf of all Contributors all
- liability for damages, including direct, indirect, special,
- incidental and consequential damages, such as lost profits;
- iii) states that any provisions which differ from this Agreement
- are offered by that Contributor alone and not by any other
- party; and
- iv) states that source code for the Program is available from
- such Contributor, and informs licensees how to obtain it in a
- reasonable manner on or through a medium customarily used for
- software exchange.
-
-When the Program is made available in source code form:
- a) it must be made available under this Agreement; and
- b) a copy of this Agreement must be included with each copy of the
- Program.
-
-Each Contributor must include the following in a conspicuous location
-in the Program:
-
- Copyright (c) 1997,1998,1999, International Business Machines
- Corporation and others. All Rights Reserved.
-
-In addition, each Contributor must identify itself as the originator of
-its Contribution, if any, in a manner that reasonably allows subsequent
-Recipients to identify the originator of the Contribution.
-
-4. COMMERCIAL DISTRIBUTION
-
-Commercial distributors of software may accept certain responsibilities
-with respect to end users, business partners and the like. While this
-license is intended to facilitate the commercial use of the Program, the
-Contributor who includes the Program in a commercial product offering
-should do so in a manner which does not create potential liability for
-other Contributors. Therefore, if a Contributor includes the Program in
-a commercial product offering, such Contributor ("Commercial Contributor")
-hereby agrees to defend and indemnify every other Contributor
-("Indemnified Contributor") against any losses, damages and costs
-(collectively "Losses") arising from claims, lawsuits and other legal
-actions brought by a third party against the Indemnified Contributor to
-the extent caused by the acts or omissions of such Commercial Contributor
-in connection with its distribution of the Program in a commercial
-product offering. The obligations in this section do not apply to any
-claims or Losses relating to any actual or alleged intellectual property
-infringement. In order to qualify, an Indemnified Contributor must:
- a) promptly notify the Commercial Contributor in writing of such claim,
-and
- b) allow the Commercial Contributor to control, and cooperate with
- the Commercial Contributor in, the defense and any related
- settlement negotiations. The Indemnified Contributor may
- participate in any such claim at its own expense.
-
-For example, a Contributor might include the Program in a commercial
-product offering, Product X. That Contributor is then a Commercial
-Contributor. If that Commercial Contributor then makes performance
-claims, or offers warranties related to Product X, those performance
-claims and warranties are such Commercial Contributor's responsibility
-alone. Under this section, the Commercial Contributor would have to
-defend claims against the other Contributors related to those performance
-claims and warranties, and if a court requires any other Contributor to
-pay any damages as a result, the Commercial Contributor must pay those
-damages.
-
-5. NO WARRANTY
-
-EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE PROGRAM IS PROVIDED
-ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, EITHER
-EXPRESS OR IMPLIED INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OR
-CONDITIONS OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A
-PARTICULAR PURPOSE. Each Recipient is solely responsible for determining
-the appropriateness of using and distributing the Program and assumes
-all risks associated with its exercise of rights under this Agreement,
-including but not limited to the risks and costs of program errors,
-compliance with applicable laws, damage to or loss of data, programs or
-equipment, and unavailability or interruption of operations.
-
-6. DISCLAIMER OF LIABILITY
-
-EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, NEITHER RECIPIENT NOR
-ANY CONTRIBUTORS SHALL HAVE ANY LIABILITY FOR ANY DIRECT, INDIRECT,
-INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING
-WITHOUT LIMITATION LOST PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF
-LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
-NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OR DISTRIBUTION
-OF THE PROGRAM OR THE EXERCISE OF ANY RIGHTS GRANTED HEREUNDER, EVEN IF
-ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
-
-7. GENERAL
-
-If any provision of this Agreement is invalid or unenforceable under
-applicable law, it shall not affect the validity or enforceability of
-the remainder of the terms of this Agreement, and without further action
-by the parties hereto, such provision shall be reformed to the minimum
-extent necessary to make such provision valid and enforceable.
-
-If Recipient institutes patent litigation against a Contributor with
-respect to a patent applicable to software (including a cross-claim or
-counterclaim in a lawsuit), then any patent licenses granted by that
-Contributor to such Recipient under this Agreement shall terminate
-as of the date such litigation is filed. In addition, If Recipient
-institutes patent litigation against any entity (including a cross-claim
-or counterclaim in a lawsuit) alleging that the Program itself (excluding
-combinations of the Program with other software or hardware) infringes
-such Recipient's patent(s), then such Recipient's rights granted under
-Section 2(b) shall terminate as of the date such litigation is filed.
-
-All Recipient's rights under this Agreement shall terminate if it fails
-to comply with any of the material terms or conditions of this Agreement
-and does not cure such failure in a reasonable period of time after
-becoming aware of such noncompliance. If all Recipient's rights under
-this Agreement terminate, Recipient agrees to cease use and distribution
-of the Program as soon as reasonably practicable. However, Recipient's
-obligations under this Agreement and any licenses granted by Recipient
-relating to the Program shall continue and survive.
-
-IBM may publish new versions (including revisions) of this Agreement
-from time to time. Each new version of the Agreement will be given a
-distinguishing version number. The Program (including Contributions)
-may always be distributed subject to the version of the Agreement under
-which it was received. In addition, after a new version of the Agreement
-is published, Contributor may elect to distribute the Program (including
-its Contributions) under the new version. No one other than IBM has the
-right to modify this Agreement. Except as expressly stated in Sections
-2(a) and 2(b) above, Recipient receives no rights or licenses to the
-intellectual property of any Contributor under this Agreement, whether
-expressly, by implication, estoppel or otherwise. All rights in the
-Program not expressly granted under this Agreement are reserved.
-
-This Agreement is governed by the laws of the State of New York and the
-intellectual property laws of the United States of America. No party to
-this Agreement will bring a legal action under this Agreement more than
-one year after the cause of action arose. Each party waives its rights
-to a jury trial in any resulting litigation.
--- /dev/null
+../LICENSE
\ No newline at end of file
# A null transport field with non-null nexthop field does
# not modify the transport information.
#
-# DEFAULT DELIVERY METHOD
-# When the recipient address or domain does not match a
-# transport table entry, Postfix uses one of the following
-# delivery methods, with the recipient domain as the default
-# nexthop.
-#
-# o The recipient domain matches $mydestination or
-# $inet_interfaces. The transport and optional nex-
-# thop are specified with $local_transport.
-#
-# o The recipient domain matches $virtual_mail-
-# box_domains. The transport and optional nexthop
-# are specified with $virtual_transport.
-#
-# o The recipient domain matches $relay_domains. The
-# transport and optional nexthop are specified with
-# $relay_transport. This overrides the nexthop infor-
-# mation that is specified with $relayhost.
-#
-# o All other destinations. the transport and optional
-# nexthop are specified with $relay_transport. This
-# overrides the nexthop information that is specified
-# with $relayhost.
-#
# EXAMPLES
-# In order to deliver internal mail directly, while using a
-# mail relay for all other mail, specify a null entry for
-# internal destinations (do not change the delivery trans-
-# port or the nexthop information) and specify a wildcard
+# In order to deliver internal mail directly, while using a
+# mail relay for all other mail, specify a null entry for
+# internal destinations (do not change the delivery trans-
+# port or the nexthop information) and specify a wildcard
# for all other destinations.
#
# my.domain :
# .my.domain :
# * smtp:outbound-relay.my.domain
#
-# In order to send mail for foo.org and its subdomains via
+# In order to send mail for foo.org and its subdomains via
# the uucp transport to the UUCP host named foo:
#
# foo.org uucp:foo
# .foo.org uucp:foo
#
-# When no nexthop host name is specified, the destination
-# domain name is used instead. For example, the following
-# directs mail for user@foo.org via the slow transport to a
-# mail exchanger for foo.org. The slow transport could be
-# something that runs at most one delivery process at a
+# When no nexthop host name is specified, the destination
+# domain name is used instead. For example, the following
+# directs mail for user@foo.org via the slow transport to a
+# mail exchanger for foo.org. The slow transport could be
+# something that runs at most one delivery process at a
# time:
#
# foo.org slow:
#
# When no transport is specified, Postfix uses the transport
# that matches the address domain class (see TRANSPORT FIELD
-# discussion above). The following sends all mail for
+# discussion above). The following sends all mail for
# foo.org and its subdomains to host gateway.foo.org:
#
# foo.org :[gateway.foo.org]
# .foo.org :[gateway.foo.org]
#
-# In the above example, the [] are used to suppress MX
-# lookups. The result would likely point to your local
+# In the above example, the [] are used to suppress MX
+# lookups. The result would likely point to your local
# machine.
#
-# In the case of delivery via SMTP, one may specify host-
+# In the case of delivery via SMTP, one may specify host-
# name:service instead of just a host:
#
# foo.org smtp:bar.org:2025
#
-# This directs mail for user@foo.org to host bar.org port
-# 2025. Instead of a numerical port a symbolic name may be
-# used. Specify [] around the hostname in order to disable
+# This directs mail for user@foo.org to host bar.org port
+# 2025. Instead of a numerical port a symbolic name may be
+# used. Specify [] around the hostname in order to disable
# MX lookups.
#
# The error mailer can be used to bounce mail:
#
-# .foo.org error:mail for *.foo.org is not deliv-
+# .foo.org error:mail for *.foo.org is not deliv-
# erable
#
-# This causes all mail for user@anything.foo.org to be
+# This causes all mail for user@anything.foo.org to be
# bounced.
#
# REGULAR EXPRESSION TABLES
-# This section describes how the table lookups change when
+# This section describes how the table lookups change when
# the table is given in the form of regular expressions. For
-# a description of regular expression lookup table syntax,
+# a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5).
#
-# Each pattern is a regular expression that is applied to
+# Each pattern is a regular expression that is applied to
# the entire domain being looked up. Thus, some.domain.hier-
# archy is not broken up into parent domains.
#
-# Patterns are applied in the order as specified in the
-# table, until a pattern is found that matches the search
+# Patterns are applied in the order as specified in the
+# table, until a pattern is found that matches the search
# string.
#
-# Results are the same as with indexed file lookups, with
-# the additional feature that parenthesized substrings from
+# Results are the same as with indexed file lookups, with
+# the additional feature that parenthesized substrings from
# the pattern can be interpolated as $1, $2 and so on.
#
# CONFIGURATION PARAMETERS
-# The following main.cf parameters are especially relevant
-# to this topic. See the Postfix main.cf file for syntax
-# details and for default values. Use the postfix reload
+# The following main.cf parameters are especially relevant
+# to this topic. See the Postfix main.cf file for syntax
+# details and for default values. Use the postfix reload
# command after a configuration change.
#
# empty_address_recipient
-# The address that is looked up instead of the null
+# The address that is looked up instead of the null
# sender address.
#
# parent_domain_matches_subdomains
-# List of Postfix features that use domain.tld pat-
-# terns to match sub.domain.tld (as opposed to
+# List of Postfix features that use domain.tld pat-
+# terns to match sub.domain.tld (as opposed to
# requiring .domain.tld patterns).
#
# transport_maps
# List of transport lookup tables.
#
-# Other parameters of interest:
-#
-# local_transport
-# The default mail delivery transport when the desti-
-# nation matches $mydestination or $inet_interfaces.
-#
-# virtual_transport
-# The default mail delivery transport when the desti-
-# nation matches $virtual_mailbox_domains.
-#
-# relay_transport
-# The default mail delivery transport when the desti-
-# nation matches $relay_domains.
-#
-# default_transport
-# The default mail delivery transport when the desti-
-# nation does not match a local, virtual or relay
-# destination.
-#
-# mydestination
-# The destinations that are given to $local_transport
-# by default.
-#
-# relayhost
-# The default host for destinations that do not match
-# $mydestination, $inet_interfaces, $vir-
-# tual_alias_domains or $virtual_mailbox_domains.
-#
# SEE ALSO
# postmap(1) create mapping table
# trivial-rewrite(8) rewrite and resolve addresses
Reject mail with 8-bit text in content that claims
to be 7-bit, or in content that has no explicit
content encoding information. This blocks mail
- mail poorly written mail software. Unfortunately,
+ from poorly written mail software. Unfortunately,
this also breaks majordomo approval requests when
the included request contains valid 8-bit MIME
mail, and it breaks bounces from mailers that do
<b>notify</b><i>_</i><b>classes</b>
When this parameter includes the <b>bounce</b> class, send
- mail to the postmaster with with the headers of the
+ mail to the postmaster with the headers of the
bounced mail.
<b>SEE</b> <b>ALSO</b>
<ul>
+<li><a href="#warnings">Postfix warnings and error messages</a>
+
<li><a href="#poppers">POP or IMAP problems</a>
<li><a href="#systems">Problems with specific Operating Systems</a>
-<li><a href="#warnings">Postfix warnings and error messages</a>
-
<li><a href="#example_config">Example configurations</a>
<li><a href="#sendmail_incompatibility">Sendmail incompatibility</a>
<ul>
-<li><a href="#biff">What does "biff_notify: Connection refused" mean?</a>
+<li><a href="#bogus">Postfix rejects mail with "User unknown in local recipient table"</a>
-<li><a href="#nisdom">What does "NIS domain name not set - NIS lookups disabled" mean?</a>
+<li><a href="#bogus_valias">Postfix rejects mail with "User unknown in virtual alias table"</a>
-<li><a href="#dns-again">Mail stays queued with: Host not found, try again</a>
+<li><a href="#bogus_vmbox">Postfix rejects mail with "User unknown in virtual mailbox table"</a>
-<li><a href="#timeouts">Mail fails consistently with timeout or lost connection</a>
+<li><a href="#unknown_virtual_loop">Mail for unknown users in
+virtual domains fails with "mail loops back to myself"</a>
+
+<li><a href="#virtual_relay">Postfix refuses mail for virtual
+domains with "relay access denied"</a>
+
+<li><a href="#nopass">What does "warning: cannot access UNIX password database" mean?</a>
<li><a href="#noalias">What does "fatal: open database /etc/aliases.db" mean?</a>
<li><a href="#noservice">What does "fatal: unknown service: smtp/tcp" mean?</a>
+<li><a href="#biff">What does "biff_notify: Connection refused" mean?</a>
+
+<li><a href="#nisdom">What does "NIS domain name not set - NIS lookups disabled" mean?</a>
+
+<li><a href="#dns-again">Mail stays queued with: Host not found, try again</a>
+
+<li><a href="#timeouts">Mail fails consistently with timeout or lost connection</a>
+
<li><a href="#nosuid">sendmail has set-uid root file permissions, or is run from a set-uid root process</a>
<li><a href="#whoami">sendmail: unable to find out your login name</a>
<li><a href="#paranoid">warning: xxx.xxx.xxx.xxx: address not listed
for hostname yyy.yyy.yyy</a>
-<li><a href="#unknown_virtual_loop">Mail for unknown users in
-virtual domains fails with "mail loops back to myself"</a>
-
-<li><a href="#virtual_relay">Postfix refuses mail for virtual
-domains with "relay access denied"</a>
-
<li><a href="#broken_transport">Mail delivery fails with: "unknown
mail transport error"</a>
<li><a href="#root">Root's mail is delivered to nobody</a>
-<li><a href="#bogus">Postfix accepts mail for non-existing local users</a>
-
<li><a href="#duplicate">Postfix sends duplicate mail</a>
<li><a href="#metoo">Postfix sends mail to every member of a
<ul>
-<li><a href="#open_relay">Help! Postfix is an open relay</a>
-
<li><a href="#mobile">Relaying mail for mobile users</a>
<li><a href="#virtual_relay">Postfix refuses mail for virtual
<li><a href="#nisdom">What does "NIS domain name not set - NIS lookups disabled" mean?</a>
-<li><a href="#bogus">Postfix accepts mail for non-existing local users</a>
+<li><a href="#bogus">Postfix rejects mail with "User unknown in local recipient table"</a>
<li><a href="#some_local">Delivering some users locally while
sending mail as user@domain</a>
<ul>
+<li><a href="#bogus_valias">Postfix rejects mail with "User unknown in virtual alias table"</a>
+
+<li><a href="#bogus_vmbox">Postfix rejects mail with "User unknown in virtual mailbox table"</a>
+
<li><a href="#unknown_virtual_accept">Postfix does not refuse mail for
unknown users in virtual domains</a>
<li><a href="#domain_mailbox">Receiving a virtual domain in a
mailbox</a>
-<li><a href="#virtual_logging">Postfix logs delivery to virtual
-address with the wrong name</a>
-
</ul>
<a name="address_rewriting"><h3>Address rewriting</h3>
<p>
-Postfix has sane defaults for all parameters, so the text shows
-only the overrides. In particular, Postfix will relay mail only
-for clients in its own domain (and subdomains) and in its class A,
-B or C networks. The master.cf file (somewhat like inetd.conf)
-needs tweaking only if you have a very slow or a very fast net/machine.
+Postfix has sane defaults for all parameters, so the text below
+shows only the overrides. In particular, Postfix will relay mail
+only from clients in its own subnetworks. The master.cf file
+(somewhat like inetd.conf) needs tweaking only if you have a very
+slow or a very fast network and/or machine.
<p>
/etc/postfix/main.cf:
myorigin = $mydomain
relayhost = $mydomain
+ local_transport = error:local delivery is disabled
/etc/postfix/master.cf:
Comment out the SMTP server entry
/etc/postfix/transport:
my.domain :
.my.domain :
- * smtp:gateway.my.domain
+ * smtp:gateway.my.domain
/etc/postfix/main.cf:
transport_maps = hash:/etc/postfix/transport
<p>
-Important: do not specify a relayhost in main.cf, or else mail for
+Important: do not specify a relayhost in main.cf, or else mail for
internal destinations will still be given to the relayhost.
<p>
<a name="firewall"><h3>Running Postfix on a firewall</h3> </a>
-Note: this text applies to Postfix versions dated 19991115
-and later only. To find out what Postfix version you have,
-execute the command <b>postconf mail_version</b>.
+Note: this text applies to Postfix versions 2.0 and later. To find
+out what Postfix version you have, execute the command <b>postconf
+mail_version</b>.
<p>
<p>
+Specify what recipients exist (so that your queue does not fill up
+with undeliverable mail from spammers).
+
+<p.
+
+Specify <tt>local_recipient_maps =</tt> if maintaining recipient
+information is not practical.
+
+<p>
+
<pre>
/etc/postfix/main.cf:
myorigin = domain.com
mydestination = domain.com
+ local_recipient_maps = hash:/etc/postfix/recipients
transport_maps = hash:/etc/postfix/transport
mynetworks = 12.34.56.0/24
smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination
local_transport = error:local mail delivery is disabled on this machine
/etc/postfix/transport:
- domain.com smtp:inside-gateway.domain.com (forwards user@domain)
+ domain.com smtp:inside-gateway.domain.com <i>forwards user@domain.com</i>
/etc/postfix/master.cf:
Comment out the local delivery agent
<pre>
/etc/postfix/main.cf:
- delay_warning_time = 4
+ delay_warning_time = 4h
</pre>
<p>
Wietse believes that Postfix implements the "right" behavior,
and suspects that Sendmail's default behavior is a remnant from a
-dark past when Sendmail used a pretty crummy algorithm to avoid
+dark past when Sendmail used some obscure algorithm to avoid
aliasing loops.
<hr>
<pre>
/my/own/main.cf:
- queue_directory = /my/own/queue/directory
- myhostname = foo1.my.domain
- inet_interfaces = $myhostname
+ queue_directory = /my/own/queue/directory
+ myhostname = foo1.my.domain
+ inet_interfaces = $myhostname
</pre>
<hr>
<p>
-Answer:
+Answers:
<blockquote>
-You have a name service problem.
+1) You need to configure Postfix to run more SMTP server processes.
+Edit the <b>smtpd</b> entry in the <b>master.cf</b> file and asjust
+the process limit, or increase the <b>default_process_limit</b>
+setting in the <b>main.cf</b> file. Issue the command <b>postfix
+reload</b> to make the change effective.
+
+<p>
+
+2) You have a name service problem.
<p>
<hr>
-<a name="open_relay"><h3>Help! Postfix is an open relay</h3>
-
-According to some relay checking software, Postfix accepts
-mail for arbitrary non-local destinations:
-
-<p>
-
-<pre>
- >>> MAIL FROM:<someone@some.where>
- <<< 250 Ok
- >>> RCPT TO:<test@some.other.site@some.site>
- <<< 250 Ok
- >>> DATA
- <<< 354 End data with <CR><LF>.<CR><LF>
- >>> (message body)
- <<< 250 Ok: queued as A958F5A15
-</pre>
-
-<p>
-
-Don't Panic! Upgrade to a Postfix version of 19991227 or later.
-To find out what Postfix version you have, execute the command
-<b>postconf mail_version</b>.
-
-<p>
-
-With earlier Postfix versions,
-
-<ol>
-
-<li>Good but confusing: a Postfix primary MX host for <i>some.site</i>
-accepts <i>test@some.other.site@some.site</i> then bounces it because
-<i>test@some.other.site</i> is not a known local username.
-
-<li>Good: a Postfix primary MX host for <i>some.site</i> rejects
-other source-routed addresses such as <i>test%some.other.site@some.site</i>
-or <i>some.other.site!test@some.site</i>.
-
-<li>Loophole: a Postfix backup MX host for <i>some.site</i> forwards
-source-routed addresses such as <i>test@some.other.site@some.site</i>
-or <i>test%some.other.site@some.site</i> to a primary MX host for
-<i>some.site</i>. Depending on the primary MX host's mailer
-configuration, the primary MX host could then spam the mail into
-the Internet.
-
-</ol>
-
-<p>
-
-With newer Postfix versions,
-
-<ol>
-
-<li>A Postfix primary MX host for <i>some.site</i> host rejects
-<i>test@some.other.site@some.site</i> just like it rejects
-<i>test%some.other.site@some.site</i>. This ends the confusion
-mentioned in 1 above.
-
-<li>A Postfix backup MX host for <i>some.site</i> host rejects
-source-routed addresses including <i>test@some.other.site@some.site</i>.
-This closes the loophole mentioned in 3 above.
-
-</ol>
-
-<p>
-
-To be precise, Postfix UCE restrictions refuse to forward source-routed
-addresses under the following conditions:
-
-<p>
-
-<ul>
-
-<li> <a
-href="uce.html#permit_auth_destination">permit_auth_destination</a>:
-skip when the destination is not local.
-
-<li> <a
-href="uce.html#reject_unauth_destination">reject_unauth_destination</a>:
-reject when the destination is not local.
-
-<li> <a href="uce.html#permit_mx_backup">permit_mx_backup</a>:
-permit if the local system is listed as MX host for the recipient
-domain. Use the optional <a
-href="#permit_mx_backup_networks">permit_mx_backup_networks</a>
-parameter to also require that the primary MX hosts match a list
-of network blocks (Postfix versions 20011008 and later).
-
-<li> Other UCE restrictions (e.g., SMTPD access maps) are not aware
-of sender-provided routing information.
-
-</ul>
-
-<p>
-
-However, a Postfix primary MX host for still forwards source-routed
-addresses <b>if received from a trusted client</b>, just like it
-did before.
-
-<p>
-
-In order to have guaranteed protection against source-routed relaying
-through trusted SMTP clients, specify a regular expression restriction
-ahead of the other SMTPD recipient restrictions:
-
-<p>
-
-<pre>
- /etc/postfix/main.cf:
- smtpd_recipient_restrictions =
- regexp:/etc/postfix/regexp_access
- ...other restrictions...
-
- /etc/postfix/regexp_access:
- /[%!@].*[%!@]/ 550 Sender specified routing is not supported here.
-</pre>
-
-<p>
-
-This would be installed on all MX hosts.
-
-<hr>
-
<a name="mobile"><h3>Relaying mail for mobile users </h3>
<blockquote>
SMTP" scheme. In that case, some software
maintains
a Postfix-compatible access table with client IP address information.
-In order to make this work you need Postfix version 19991231 or later.
<p>
<p>
-N.B. Some non-Postfix software such as <a
-href="http://mail.cc.umanitoba.ca/drac/">DRAC</a> uses <b>btree</b>
+N.B. Some non-Postfix software uses <b>btree</b>
files instead of <b>hash</b> files. In that case, you will have
to adjust the above <b>check_client_access</b> restriction accordingly.
/etc/postfix/main.cf:
relay_domains = $mydestination the.backed-up.domain.tld
- smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination
+ smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination
</pre>
<p>
<pre>
Jul 14 12:45:38 myhostname postfix/qmgr[2246]: 74FBF30501:
- from=<sender@sender.domain> size=309 (queue active)
+ from=<sender@sender.domain> size=309 (queue active)
Jul 14 12:45:39 myhostname postfix/smtp[2349]: 74FBF30501:
- to=<recip@recip.domain> relay=none, delay=3944, status=deferred (Name
- service error for domain recip.domain: Host not found, try again)
+ to=<recip@recip.domain> relay=none, delay=3944,
+ status=deferred (Name service error for name=recip.domain
+ type=MX: Host not found, try again)
</pre>
<p>
<p>
-Workaround: disable path MTU discovery at the sending machine. Mail
+Workaround: at the sending machine, disable path MTU discovery. Mail
will get out, but of course everyone else will still suffer. How
to disable path MTU discovery? It depends. Solaris has an <b>ndd</b>
command; other systems use different means such as <b>sysctl</b>
<p>
+Workaround: at the receiving machine, set a smaller MTU. For example,
+people using PPPoE (PPP over Ethernet) often have to choose
+an MTU lightly smaller than the default 1500 for ethernet.
+
+<p>
+
Fix: find the router that drops the ICMP MUST FRAGMENT messages,
and convince the person responsible for it to fix the configuration.
addresses</h3>
When delivering mail, Postfix tries all MX addresses in order of
-preference, and stops at the first server that speaks SMTP.
-
-<p>
-
-If the first server that speaks SMTP rejects the connection by
-greeting the client with a 5xx status code, which means "I will
-never accept your mail", Postfix gives up and bounces the message
-to the sender.
-
-<p>
-
-If the first server that speaks SMTP rejects the connection by
-greeting the client with a 4xx status code, which means "come back
-later", Postfix backs off and defers delivery until later.
-
-<p>
-
-Some people will argue that Postfix should contact the other MX
-addresses even when the server greets with 4xx or 5xx, if only
-because that is what Sendmail does, and of course we know that
-everything Sendmail does is right.
-
-<p>
-
-Unfortunately, some people configure their infrastructure badly.
-Their most preferred MX server is visible to the world but it
-rejects connections from outside with a 5xx or 4xx greeting. Just
-because Sendmail goes to the second-best MX server, these people
-assume that every mailer will do so.
-
-<p>
-
-If such configurations are a problem for you, below are some controls
-that work around them.
-
-<p>
-
-<pre>
- /etc/postfix/main.cf:
- smtp_skip_4xx_greeting = yes
- smtp_skip_5xx_greeting = yes
-</pre>
+preference, and stops at the first server that speaks SMTP. However,
+once an SMTP greeting is received, Postfix will not move on to the
+next MX host if the delivery fails.
<p>
-The <b>smtp_skip_5xx_greeting</b> is present in Postfix releases
-later than 20000104. To find out what Postfix version you have,
-use the command <b>postconf mail_version</b>.
+This will eventually be solved when Postfix implements SMTP
+connection caching.
-<p>
-
-Execute the command <b>postfix reload</b> to make the change
-effective immediately.
+<hr>
<a name="noservice"><h3>What does "fatal: unknown service: smtp/tcp"
mean?</h3>
-The Postfix <b>/etc/postfix/master.cf</b> file specifies that the
+Your Postfix <b>/etc/postfix/master.cf</b> file specifies that the
Postfix SMTP client runs inside a <b>chroot</b> environment. However,
the files necessary for that mode of operation are not installed
below <b>/var/spool/postfix</b>.
<hr>
-<a name="bogus"><h3>Postfix accepts mail for non-existing local users</h3>
+<a name="bogus"><h3>Postfix rejects mail with "User unknown in
+local recipient table"</h3></a>
+
+As of version Postfix 2.0, you are expected to tell the Postfix
+SMTP server what local users exist by listing all tables with local
+usernames or addresses in the <b>local_recipient_maps</b> parameter.
+To find out what Postfix version you have, execute the command
+<b>postconf mail_version</b>.
+
+<p>
+
+The default <b>local_recipient_maps</b> setting assumes that
+you use the default Postfix local delivery agent:
+
+<p>
-See elsewhere for how to reject mail for <a
-href="#unknown_virtual_accept">unknown users in virtual domains</a>.
+<pre>
+ /etc/postfix/main.cf:
+ local_recipient_maps = $alias_maps, unix:passwd.byname
+</pre>
<p>
-The information in this section applies to Postfix versions 19991216
-and later. To find out what Postfix version you have, execute the
-command <b>postconf mail_version</b>.
+The local recipients tables are searched by the recipient address
+(user@domain) and by the recipient name (the address minus the
+domain). Postfix does not care what the lookup result looks like,
+so you can use any database that Postfix understands the format
+of.
<p>
-By default, the Postfix SMTP server does not know what local users
-exist, and will happily accept mail for <i>unknown@your.site</i>.
-The reason is that different local delivery agents have different
-types of user databases.
+To stop Postfix from rejecting local mail incorrectly:
+
+<ul>
+
+<li> If you run the Postfix SMTP server chrooted, it may be necessary
+to place a copy of the passwd file inside the chroot jail (typically:
+in <b>/var/spool/postfix/etc</b>). This is system dependent. The
+only way to find out is to try.
<p>
-Of course mail for a non-existent local user will eventually bounce
-as undeliverable, but why accept such mail in the first place? You
-can tell the Postfix SMTP server how to find out if a user exists by
-listing all tables with local addresses in the <b>local_recipient_maps</b>
-parameter.
+<li> If you enable the local delivery agent <b>luser_relay</b>
+feature, then you must disable the <b>local_recipient_maps</b>
+feature as described below.
<p>
-For example, if you use the default Postfix local delivery agent
-in <b>/etc/postfix/master.cf</b>, specify:
+<li> If you use the local delivery agent <b>mailbox_transport</b>
+or <b>fallback_transport</b> features to receive mail for users
+not in /etc/passwd, then you need to list those users under
+<b>local_recipient_maps</b>, or you need to disable the
+<b>local_recipient_maps</b> feature as described below.
<p>
-<pre>
- /etc/postfix/main.cf:
- local_recipient_maps = $alias_maps, unix:passwd.byname
-</pre>
+<li> If you redefine the local delivery agent in <b>master.cf</b>
+or in the <b>local_transport</b> setting in <b>main.cf</b>, then
+you need to list the local recipients under <b>local_recipient_maps</b>,
+or you need to disable the <b>local_recipient_maps</b> feature as
+described below.
+
+</ul>
<p>
-However, if you run the Postfix SMTP server chrooted, on some
-systems it will be necessary to have a copy of the passwd file
-inside the chroot jail (typically: in <b>/var/spool/postfix/etc</b>).
-The only way to find out is to try.
+To disable the <b>local_recipient_maps</b> feature, specify:
+
+<pre>
+ /etc/postfix/main.cf:
+ local_recipient_maps =
+</pre>
<p>
-By default, the Postfix SMTP server is aware of Postfix <a
-href="virtual.5.html">virtual</a> maps, and will accept mail for
-<i>known-user@virtual.domain</i> without further configuration.
+With this setting, the Postfix SMTP server will not reject mail
+for unknown local recipients.
<hr>
<dt><b>RECIPIENT</b> <dd> The entire recipient address,
<b>$LOCAL@$DOMAIN</b>.
+<dt><b>SENDER</b> <dd> The complete sender address.
+
<dt><b>SHELL</b> <dd> The recipient's login shell.
<dt><b>USER</b> <dd> The recipient username.
<hr>
+<a name="nopass"><h3>What does "warning: cannot access UNIX password
+database" mean?</h3></a>
+
+This message is logged when, for example, the Postfix SMTP server
+is unable to access the UNIX password database.
+
+<ul>
+
+<li> If you're running the Postfix SMTP server chrooted (see
+<b>master.cf</b>) then you may have to copy the password file and
+perhaps a bunch of other files into Postfix queue directory; a
+typical destination would be <b>/var/spool/postfix/etc</b>. See also
+the chroot setup scripts in the <b>examples</b> directory of the
+Postfix source code distribution.
+
+<p>
+
+<li> Be sure that you have world execute permissions on directories
+and world read permission on the passwd file and any auxiliary
+files that may be needed (such as <b>/etc/nsswitch.conf</b> and
+<b>libnss*.so*</b> files referenced by <b>/etc/nsswitch.conf</b>).
+
+</ul>
+
+<hr>
+
<a name="delivered"><h3>Getting rid of the ugly Delivered-To: header</h3> </a>
Some people will complain about the ugly <b>Delivered-To:</b>
<hr>
+<a name="bogus_valias"><h3>Postfix rejects mail with "User unknown in virtual alias table"</h3></a>
+
+Answer: you have listed the virtual domain name in the tables
+specified with the <b>virtual_alias_domains</b> parameter, but the
+recipient address is not listed in the tables specified with
+the <b>virtual_alias_maps</b> parameter.
+
+<p>
+
+If you want to deliver the domain via the Postfix <a
+href="virtual.8.html">virtual</a>(8) mailbox delivery agent, then
+you should list the virtual domain name in the tables specified
+with the <b>virtual_mailbox_domains</b> parameter instead.
+
+<hr>
+
+<a name="bogus_vmbox"><h3>Postfix rejects mail with "User unknown
+in virtual mailbox table"</h3></a>
+
+Answer: you have listed the virtual domain name in the tables
+specified with the <b>virtual_mailbox_domains</b> parameter, but
+the recipient address is not listed in the tables specified with
+the <b>virtual_mailbox_maps</b> parameter.
+
+<p>
+
+If you want to deliver the domain as a Postfix simulated <a
+href="virtual.8.html">virtual</a>(5) domain, then you should list
+the virtual domain name in the tables specified with the
+<b>virtual_alias_domains</b> parameter instead.
+
+<hr>
+
<a name="unknown_virtual_accept"><h3>Postfix does not refuse mail for
unknown users in virtual domains</h3></a>
<a name="virtual_relay"><h3>Postfix refuses mail for virtual
domains with "relay access denied"</h3></a>
-Solution: specify a Postfix-style virtual domain or a Sendmail-style
-virtual domain.
+Solutions:
-<p>
+<ul>
-Sendmail-style virtual domains are not supported in Postfix versions
-released before 20001118.
+<li>Specify a simulated virtual domain as per the
+<a href="virtual.5.html">virtual(5)</a> manual page.
<p>
-Be sure to follow instructions in the <a href="virtual.5.html">
-virtual</a> manual page.
+<li>Specify a virtual mailbox domain as per the <a
+href="virtual.8.html">virtual(8)</a> manual page.
+
+</ul>
<hr>
-<a name="virtual_command"><h3>Commands, mailing, and /file/name destinations don't work
-in Postfix virtual maps</h3>
+<a name="virtual_command"><h3>Commands, mailing lists, and /file/name
+destinations don't work in virtual domains</h3>
+
+<p>
+
+Quick answer: set up a transport map entry that gives the mail to
+the Postfix local delivery agent:
+
+<p>
-Short reply: specify a Sendmail-style <a href="virtual.5.html">virtual</a>
-domain, and specify the command, mailing list, or /file/name
-destination in the local <a href="aliases.5.html">aliases</a> file.
+<pre>
+ /etc/postfix/main.cf:
+ transport_maps = hash:/etc/postfix/transport
+
+ /etc/postfix/transport:
+ listname@virtual.tld local:
+ owner-listname@virtual.tld local:
+ listname-request@virtual.tld local:
+
+ /etc/aliases:
+ listname: "|whatever"
+ owner-listname: user@domain
+ listname-request: "|whatever"
+</pre>
<p>
-Long reply follows.
+Long answer:
<p>
<p>
-Answer: I hope we all agree that delivering a domain to a mailbox
-is disgusting practice. Forwarding mail via SMTP or UUCP would be
-a much better choice. Unfortunately, neither SMTP nor UUCP are a
-usable alternative for legions of windows users. However, if this
-is an option for you see the <a href="#uucp-tcp">UUCP over TCP</a>
-guide below.
-
-<p>
-
-That said, it is possible to propagate the original virtual recipient
-information to the Delivered-To: header. The trick is to use a
-virtual map that uses regular expressions instead of the more
-traditional indexed files.
-
-<p>
-
-The following delivers <i>username@virtual.domain</i> with a
-Delivered-To: message header that contains <i>joe+username@your.domain</i>.
-Postfix already puts the envelope sender address in the Return-Path:
-header. The information in the Delivered-To: and Return-Path:
-headers is sufficient to reliably implement a domain in a mailbox.
-
-<p>
-
-<pre>
- /etc/postfix/main.cf:
- recipient_delimiter = +
- virtual_alias_maps =
- ...non-regexp virtual maps...
- regexp:/etc/postfix/virtual_regexp
-
- /etc/postfix/virtual_regexp:
- /^virtual\.domain$/ whatever
- /^(.*)@virtual\.domain$/ joe+$1
-</pre>
-
-<p>
-
-Notes:
-
-<ul>
-
-<li> Be sure to specify the <b>^</b> and <b>\</b> and <b>$</b> or
-else you may have false hits.
-
-<li> Maps with regular expressions are searched sequentially. This
-can be expensive when you list many domains in regular expression
-maps.
-
-<li> Postfix has <b>regexp </b> map support only on modern UNIXes.
-Instead of <b>regexp </b> maps your Postfix system may also support
-<b>pcre</b> maps which have a similar syntax. To find out what maps
-your system supports, use the command <b>postconf -m</b>.
-
-</ul>
-
-<hr>
-
-<a name="virtual_logging"><h3>Postfix logs delivery to virtual
-address with the wrong name</h3></a>
-
-When Postfix delivers mail for a virtual address <i>vuser@vdomain.tld</i>
-that is aliased to a local user, then Postfix logs the local username
-instead of the virtual one.
-
-<p>
-
-Changing this requires non-trivial changes, because Postfix only
-remembers the address that it delivers to, not the address that
-was original specified in, for example, the SMTP MAIL FROM command.
-
-<p>
-
-A workaround exists. It uses regular expressions. This
-can be expensive if you have many virtual domains.
-
-<p>
-<blockquote>
-<pre>
-/etc/postfix/main.cf:
- virtual_alias_maps = regexp:/etc/postfix/virtual_regexp
- recipient_delimiter = +
-
-/etc/postfix/virtual_regexp:
- /^vdomain\.tld$/ whatever
- /(.*)@vdomain\.tld$/ localuser+$1=vdomain.tld
-</pre>
-</blockquote>
-
-<p>
-
-This delivers the mail as
-<i>localuser+vuser=vdomain.tld@your.domain</i>.
+Answer: Postfix logs the original recipient address in the
+<b>X-Original-To:</b> message header.
<hr>
/etc/postfix/main.cf:
transport_maps = hash:/etc/postfix/transport
- fax_destination_recipient_limit = 1
+ fax_destination_recipient_limit = 1
</pre>
<p>
<a name="deleting"><h3>Deleting a message from the Postfix queue</h3></a>
-As of Postfix version 20010502, the <b>postsuper</b> command
+The <b>postsuper</b> command
has an option to delete Postfix message queue files. To delete
the message with queue id ABCDEF, perhaps obtained from <b>mailq</b>
output, one would use:
appropriate.
<b>SYSTEM-WIDE</b> <b>AND</b> <b>USER-LEVEL</b> <b>ALIASING</b>
- The system adminstrator can set up one or more system-wide
- <b>sendmail</b>-style alias databases. Users can have <b>sendmail</b>-
- style ~/.<b>forward</b> files. Mail for <i>name</i> is delivered to the
- alias <i>name</i>, to destinations in ~<i>name</i>/.<b>forward</b>, to the
- mailbox owned by the user <i>name</i>, or it is sent back as
+ The system administrator can set up one or more system-
+ wide <b>sendmail</b>-style alias databases. Users can have <b>send-</b>
+ <b>mail</b>-style ~/.<b>forward</b> files. Mail for <i>name</i> is delivered
+ to the alias <i>name</i>, to destinations in ~<i>name</i>/.<b>forward</b>, to
+ the mailbox owned by the user <i>name</i>, or it is sent back as
undeliverable.
The system administrator can specify a comma/space sepa-
The <b>PATH</b> environment variable is always reset to a system-
dependent default path, and environment variables whose
- names are blessed by the <b>export</b><i>_</i><b>environment</b> configureation
+ names are blessed by the <b>export</b><i>_</i><b>environment</b> configuration
parameter are exported unchanged.
The current working directory is the mail queue directory.
Address to send a copy of each message that enters
the system.
- <b>command</b><i>_</i><b>directory</b>
- Location of Postfix support commands.
+ <b>authorized</b><i>_</i><b>verp</b><i>_</i><b>clients</b>
+ Hostnames, domain names and/or addresses of clients
+ that are authorized to use the XVERP extension.
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>level</b>
- Increment in verbose logging level when a remote
+ Increment in verbose logging level when a remote
host matches a pattern in the <b>debug</b><i>_</i><b>peer</b><i>_</i><b>list</b>
parameter.
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>list</b>
- List of domain or network patterns. When a remote
- host matches a pattern, increase the verbose log-
- ging level by the amount specified in the
+ List of domain or network patterns. When a remote
+ host matches a pattern, increase the verbose log-
+ ging level by the amount specified in the
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>level</b> parameter.
<b>default</b><i>_</i><b>verp</b><i>_</i><b>delimiters</b>
The default VERP delimiter characters that are used
- when the XVERP command is specified without
+ when the XVERP command is specified without
explicit delimiters.
<b>error</b><i>_</i><b>notice</b><i>_</i><b>recipient</b>
- Recipient of protocol/policy/resource/software
+ Recipient of protocol/policy/resource/software
error notices.
<b>hopcount</b><i>_</i><b>limit</b>
<b>notify</b><i>_</i><b>classes</b>
List of error classes. Of special interest are:
- <b>policy</b> When a client violates any policy, mail a
+ <b>policy</b> When a client violates any policy, mail a
transcript of the entire SMTP session to the
postmaster.
<b>protocol</b>
- When a client violates the SMTP protocol or
+ When a client violates the SMTP protocol or
issues an unimplemented command, mail a
transcript of the entire SMTP session to the
postmaster.
<b>smtpd</b><i>_</i><b>banner</b>
- Text that follows the <b>220</b> status code in the SMTP
+ Text that follows the <b>220</b> status code in the SMTP
greeting banner.
<b>smtpd</b><i>_</i><b>expansion</b><i>_</i><b>filter</b>
expansion of rbl template responses and other text.
<b>smtpd</b><i>_</i><b>recipient</b><i>_</i><b>limit</b>
- Restrict the number of recipients that the SMTP
+ Restrict the number of recipients that the SMTP
server accepts per message delivery.
<b>smtpd</b><i>_</i><b>timeout</b>
- Limit the time to send a server response and to
+ Limit the time to send a server response and to
receive a client request.
<b>soft</b><i>_</i><b>bounce</b>
- Change hard (5xx) reject responses into soft (4xx)
- reject responses. This can be useful for testing
+ Change hard (5xx) reject responses into soft (4xx)
+ reject responses. This can be useful for testing
purposes.
<b>verp</b><i>_</i><b>delimiter</b><i>_</i><b>filter</b>
- The characters that Postfix accepts as VERP delim-
+ The characters that Postfix accepts as VERP delim-
iter characters.
<b>Known</b> <b>versus</b> <b>unknown</b> <b>recipients</b>
<b>unknown</b><i>_</i><b>local</b><i>_</i><b>recipient</b><i>_</i><b>reject</b><i>_</i><b>code</b>
The response code when a client specifies a recipi-
- ent whose domain matches <b>$mydestination</b> or
+ ent whose domain matches <b>$mydestination</b> or
<b>$inet</b><i>_</i><b>interfaces</b>, while <b>$local</b><i>_</i><b>recipient</b><i>_</i><b>maps</b> is
- non-empty and does not list the recipient address
+ non-empty and does not list the recipient address
or address local-part.
<b>unknown</b><i>_</i><b>relay</b><i>_</i><b>recipient</b><i>_</i><b>reject</b><i>_</i><b>code</b>
The response code when a client specifies a recipi-
ent whose domain matches <b>$relay</b><i>_</i><b>domains</b>, while
- <b>$relay</b><i>_</i><b>recipient</b><i>_</i><b>maps</b> is non-empty and does not
+ <b>$relay</b><i>_</i><b>recipient</b><i>_</i><b>maps</b> is non-empty and does not
list the recipient address.
<b>unknown</b><i>_</i><b>virtual</b><i>_</i><b>alias</b><i>_</i><b>reject</b><i>_</i><b>code</b>
The response code when a client specifies a recipi-
- ent whose domain matches <b>$virtual</b><i>_</i><b>alias</b><i>_</i><b>domains</b>,
- while the recipient is not listed in <b>$vir-</b>
+ ent whose domain matches <b>$virtual</b><i>_</i><b>alias</b><i>_</i><b>domains</b>,
+ while the recipient is not listed in <b>$vir-</b>
<b>tual</b><i>_</i><b>alias</b><i>_</i><b>maps</b>.
<b>unknown</b><i>_</i><b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>reject</b><i>_</i><b>code</b>
The response code when a client specifies a recipi-
- ent whose domain matches <b>$virtual</b><i>_</i><b>mailbox</b><i>_</i><b>domains</b>,
+ ent whose domain matches <b>$virtual</b><i>_</i><b>mailbox</b><i>_</i><b>domains</b>,
while the recipient is not listed in <b>$virtual</b><i>_</i><b>mail-</b>
<b>box</b><i>_</i><b>maps</b>.
<b>Resource</b> <b>controls</b>
<b>line</b><i>_</i><b>length</b><i>_</i><b>limit</b>
- Limit the amount of memory in bytes used for the
+ Limit the amount of memory in bytes used for the
handling of partial input lines.
<b>message</b><i>_</i><b>size</b><i>_</i><b>limit</b>
ing on-disk storage for envelope information.
<b>queue</b><i>_</i><b>minfree</b>
- Minimal amount of free space in bytes in the queue
- file system for the SMTP server to accept any mail
+ Minimal amount of free space in bytes in the queue
+ file system for the SMTP server to accept any mail
at all.
<b>smtpd</b><i>_</i><b>history</b><i>_</i><b>flush</b><i>_</i><b>threshold</b>
<b>smtpd</b><i>_</i><b>soft</b><i>_</i><b>error</b><i>_</i><b>limit</b>
When an SMTP client has made this number of errors,
- wait <i>error_count</i> seconds before responding to any
+ wait <i>error_count</i> seconds before responding to any
client request.
<b>smtpd</b><i>_</i><b>hard</b><i>_</i><b>error</b><i>_</i><b>limit</b>
- Disconnect after a client has made this number of
+ Disconnect after a client has made this number of
errors.
<b>smtpd</b><i>_</i><b>junk</b><i>_</i><b>command</b><i>_</i><b>limit</b>
Limit the number of times a client can issue a junk
- command such as NOOP, VRFY, ETRN or RSET in one
- SMTP session before it is penalized with tarpit
+ command such as NOOP, VRFY, ETRN or RSET in one
+ SMTP session before it is penalized with tarpit
delays.
<b>UCE</b> <b>control</b> <b>restrictions</b>
<b>parent</b><i>_</i><b>domain</b><i>_</i><b>matches</b><i>_</i><b>subdomains</b>
- List of Postfix features that use <i>domain.tld</i> pat-
- terns to match <i>sub.domain.tld</i> (as opposed to
+ List of Postfix features that use <i>domain.tld</i> pat-
+ terns to match <i>sub.domain.tld</i> (as opposed to
requiring <i>.domain.tld</i> patterns).
<b>smtpd</b><i>_</i><b>client</b><i>_</i><b>restrictions</b>
tem.
<b>smtpd</b><i>_</i><b>helo</b><i>_</i><b>required</b>
- Require that clients introduce themselves at the
+ Require that clients introduce themselves at the
beginning of an SMTP session.
<b>smtpd</b><i>_</i><b>helo</b><i>_</i><b>restrictions</b>
- Restrict what client hostnames are allowed in <b>HELO</b>
+ Restrict what client hostnames are allowed in <b>HELO</b>
and <b>EHLO</b> commands.
<b>smtpd</b><i>_</i><b>sender</b><i>_</i><b>restrictions</b>
- Restrict what sender addresses are allowed in <b>MAIL</b>
+ Restrict what sender addresses are allowed in <b>MAIL</b>
<b>FROM</b> commands.
<b>smtpd</b><i>_</i><b>recipient</b><i>_</i><b>restrictions</b>
- Restrict what recipient addresses are allowed in
+ Restrict what recipient addresses are allowed in
<b>RCPT</b> <b>TO</b> commands.
<b>smtpd</b><i>_</i><b>etrn</b><i>_</i><b>restrictions</b>
mands, and what clients may issue <b>ETRN</b> commands.
<b>smtpd</b><i>_</i><b>data</b><i>_</i><b>restrictions</b>
- Restrictions on the <b>DATA</b> command. Currently, the
- only restriction that makes sense here is
+ Restrictions on the <b>DATA</b> command. Currently, the
+ only restriction that makes sense here is
<b>reject</b><i>_</i><b>unauth</b><i>_</i><b>pipelining</b>.
<b>allow</b><i>_</i><b>untrusted</b><i>_</i><b>routing</b>
- Allow untrusted clients to specify addresses with
- sender-specified routing. Enabling this opens up
- nasty relay loopholes involving trusted backup MX
+ Allow untrusted clients to specify addresses with
+ sender-specified routing. Enabling this opens up
+ nasty relay loopholes involving trusted backup MX
hosts.
<b>smtpd</b><i>_</i><b>restriction</b><i>_</i><b>classes</b>
- Declares the name of zero or more parameters that
- contain a list of UCE restrictions. The names of
- these parameters can then be used instead of the
+ Declares the name of zero or more parameters that
+ contain a list of UCE restrictions. The names of
+ these parameters can then be used instead of the
restriction lists that they represent.
<b>smtpd</b><i>_</i><b>null</b><i>_</i><b>access</b><i>_</i><b>lookup</b><i>_</i><b>key</b>
- The lookup key to be used in SMTPD access tables
- instead of the null sender address. A null sender
+ The lookup key to be used in SMTPD access tables
+ instead of the null sender address. A null sender
address cannot be looked up.
<b>maps</b><i>_</i><b>rbl</b><i>_</i><b>domains</b> (deprecated)
- List of DNS domains that publish the addresses of
+ List of DNS domains that publish the addresses of
blacklisted hosts. This is used with the deprecated
<b>reject</b><i>_</i><b>maps</b><i>_</i><b>rbl</b> restriction.
<b>permit</b><i>_</i><b>mx</b><i>_</i><b>backup</b><i>_</i><b>networks</b>
- Only domains whose primary MX hosts match the
- listed networks are eligible for the <b>per-</b>
+ Only domains whose primary MX hosts match the
+ listed networks are eligible for the <b>per-</b>
<b>mit</b><i>_</i><b>mx</b><i>_</i><b>backup</b> feature.
<b>relay</b><i>_</i><b>domains</b>
- Restrict what domains this mail system will relay
- mail to. The domains are routed to the delivery
+ Restrict what domains this mail system will relay
+ mail to. The domains are routed to the delivery
agent specified with the <b>relay</b><i>_</i><b>transport</b> setting.
<b>UCE</b> <b>control</b> <b>responses</b>
<b>access</b><i>_</i><b>map</b><i>_</i><b>reject</b><i>_</i><b>code</b>
- Response code when a client violates an access
+ Response code when a client violates an access
database restriction.
<b>default</b><i>_</i><b>rbl</b><i>_</i><b>reply</b>
Default template reply when a request is RBL black-
- listed. This template is used by the <b>reject</b><i>_</i><b>rbl</b><i>_</i><b>*</b>
- and <b>reject</b><i>_</i><b>rhsbl</b><i>_</i><b>*</b> restrictions. See also:
+ listed. This template is used by the <b>reject</b><i>_</i><b>rbl</b><i>_</i><b>*</b>
+ and <b>reject</b><i>_</i><b>rhsbl</b><i>_</i><b>*</b> restrictions. See also:
<b>rbl</b><i>_</i><b>reply</b><i>_</i><b>maps</b> and <b>smtpd</b><i>_</i><b>expansion</b><i>_</i><b>filter</b>.
<b>defer</b><i>_</i><b>code</b>
- Response code when a client request is rejected by
+ Response code when a client request is rejected by
the <b>defer</b> restriction.
<b>invalid</b><i>_</i><b>hostname</b><i>_</i><b>reject</b><i>_</i><b>code</b>
- Response code when a client violates the
+ Response code when a client violates the
<b>reject</b><i>_</i><b>invalid</b><i>_</i><b>hostname</b> restriction.
<b>maps</b><i>_</i><b>rbl</b><i>_</i><b>reject</b><i>_</i><b>code</b>
Response code when a request is RBL blacklisted.
<b>rbl</b><i>_</i><b>reply</b><i>_</i><b>maps</b>
- Table with template responses for RBL blacklisted
- requests, indexed by RBL domain name. These tem-
+ Table with template responses for RBL blacklisted
+ requests, indexed by RBL domain name. These tem-
plates are used by the <b>reject</b><i>_</i><b>rbl</b><i>_</i><b>*</b> and
- <b>reject</b><i>_</i><b>rhsbl</b><i>_</i><b>*</b> restrictions. See also:
+ <b>reject</b><i>_</i><b>rhsbl</b><i>_</i><b>*</b> restrictions. See also:
<b>default</b><i>_</i><b>rbl</b><i>_</i><b>reply</b> and <b>smtpd</b><i>_</i><b>expansion</b><i>_</i><b>filter</b>.
<b>reject</b><i>_</i><b>code</b>
- Response code when the client matches a <b>reject</b>
+ Response code when the client matches a <b>reject</b>
restriction.
<b>relay</b><i>_</i><b>domains</b><i>_</i><b>reject</b><i>_</i><b>code</b>
mail relay policy.
<b>unknown</b><i>_</i><b>address</b><i>_</i><b>reject</b><i>_</i><b>code</b>
- Response code when a client violates the
+ Response code when a client violates the
<b>reject</b><i>_</i><b>unknown</b><i>_</i><b>address</b> restriction.
<b>unknown</b><i>_</i><b>client</b><i>_</i><b>reject</b><i>_</i><b>code</b>
tion.
<b>unknown</b><i>_</i><b>hostname</b><i>_</i><b>reject</b><i>_</i><b>code</b>
- Response code when a client violates the
+ Response code when a client violates the
<b>reject</b><i>_</i><b>unknown</b><i>_</i><b>hostname</b> restriction.
<b>SEE</b> <b>ALSO</b>
syslogd(8) system logging
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
A null <i>transport</i> field with non-null <i>nexthop</i> field does
not modify the transport information.
-<b>DEFAULT</b> <b>DELIVERY</b> <b>METHOD</b>
- When the recipient address or domain does not match a
- transport table entry, Postfix uses one of the following
- delivery methods, with the recipient domain as the default
- nexthop.
-
- <b>o</b> The recipient domain matches <b>$mydestination</b> or
- <b>$inet</b><i>_</i><b>interfaces</b>. The transport and optional nex-
- thop are specified with <b>$local</b><i>_</i><b>transport</b>.
-
- <b>o</b> The recipient domain matches <b>$virtual</b><i>_</i><b>mail-</b>
- <b>box</b><i>_</i><b>domains</b>. The transport and optional nexthop
- are specified with <b>$virtual</b><i>_</i><b>transport</b>.
-
- <b>o</b> The recipient domain matches <b>$relay</b><i>_</i><b>domains</b>. The
- transport and optional nexthop are specified with
- <b>$relay</b><i>_</i><b>transport</b>. This overrides the nexthop infor-
- mation that is specified with <b>$relayhost</b>.
-
- <b>o</b> All other destinations. the transport and optional
- nexthop are specified with <b>$relay</b><i>_</i><b>transport</b>. This
- overrides the nexthop information that is specified
- with <b>$relayhost</b>.
-
<b>EXAMPLES</b>
- In order to deliver internal mail directly, while using a
- mail relay for all other mail, specify a null entry for
- internal destinations (do not change the delivery trans-
- port or the nexthop information) and specify a wildcard
+ In order to deliver internal mail directly, while using a
+ mail relay for all other mail, specify a null entry for
+ internal destinations (do not change the delivery trans-
+ port or the nexthop information) and specify a wildcard
for all other destinations.
<b>my.domain</b> <b>:</b>
<b>.my.domain</b> <b>:</b>
<b>*</b> <b>smtp:outbound-relay.my.domain</b>
- In order to send mail for <b>foo.org</b> and its subdomains via
+ In order to send mail for <b>foo.org</b> and its subdomains via
the <b>uucp</b> transport to the UUCP host named <b>foo</b>:
<b>foo.org</b> <b>uucp:foo</b>
<b>.foo.org</b> <b>uucp:foo</b>
- When no nexthop host name is specified, the destination
- domain name is used instead. For example, the following
- directs mail for <i>user</i>@<b>foo.org</b> via the <b>slow</b> transport to a
- mail exchanger for <b>foo.org</b>. The <b>slow</b> transport could be
- something that runs at most one delivery process at a
+ When no nexthop host name is specified, the destination
+ domain name is used instead. For example, the following
+ directs mail for <i>user</i>@<b>foo.org</b> via the <b>slow</b> transport to a
+ mail exchanger for <b>foo.org</b>. The <b>slow</b> transport could be
+ something that runs at most one delivery process at a
time:
<b>foo.org</b> <b>slow:</b>
When no transport is specified, Postfix uses the transport
that matches the address domain class (see TRANSPORT FIELD
- discussion above). The following sends all mail for
+ discussion above). The following sends all mail for
<b>foo.org</b> and its subdomains to host <b>gateway.foo.org</b>:
<b>foo.org</b> <b>:[gateway.foo.org]</b>
<b>.foo.org</b> <b>:[gateway.foo.org]</b>
- In the above example, the [] are used to suppress MX
- lookups. The result would likely point to your local
+ In the above example, the [] are used to suppress MX
+ lookups. The result would likely point to your local
machine.
- In the case of delivery via SMTP, one may specify <i>host-</i>
+ In the case of delivery via SMTP, one may specify <i>host-</i>
<i>name</i>:<i>service</i> instead of just a host:
<b>foo.org</b> <b>smtp:bar.org:2025</b>
- This directs mail for <i>user</i>@<b>foo.org</b> to host <b>bar.org</b> port
- <b>2025</b>. Instead of a numerical port a symbolic name may be
- used. Specify [] around the hostname in order to disable
+ This directs mail for <i>user</i>@<b>foo.org</b> to host <b>bar.org</b> port
+ <b>2025</b>. Instead of a numerical port a symbolic name may be
+ used. Specify [] around the hostname in order to disable
MX lookups.
The error mailer can be used to bounce mail:
- <b>.foo.org</b> <b>error:mail</b> <b>for</b> <b>*.foo.org</b> <b>is</b> <b>not</b> <b>deliv-</b>
+ <b>.foo.org</b> <b>error:mail</b> <b>for</b> <b>*.foo.org</b> <b>is</b> <b>not</b> <b>deliv-</b>
<b>erable</b>
- This causes all mail for <i>user</i>@<i>anything</i><b>.foo.org</b> to be
+ This causes all mail for <i>user</i>@<i>anything</i><b>.foo.org</b> to be
bounced.
<b>REGULAR</b> <b>EXPRESSION</b> <b>TABLES</b>
- This section describes how the table lookups change when
+ This section describes how the table lookups change when
the table is given in the form of regular expressions. For
- a description of regular expression lookup table syntax,
+ a description of regular expression lookup table syntax,
see <a href="regexp_table.5.html"><b>regexp</b><i>_</i><b>table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre</b><i>_</i><b>table</b>(5)</a>.
- Each pattern is a regular expression that is applied to
+ Each pattern is a regular expression that is applied to
the entire domain being looked up. Thus, <i>some.domain.hier-</i>
<i>archy</i> is not broken up into parent domains.
- Patterns are applied in the order as specified in the
- table, until a pattern is found that matches the search
+ Patterns are applied in the order as specified in the
+ table, until a pattern is found that matches the search
string.
- Results are the same as with indexed file lookups, with
- the additional feature that parenthesized substrings from
+ Results are the same as with indexed file lookups, with
+ the additional feature that parenthesized substrings from
the pattern can be interpolated as <b>$1</b>, <b>$2</b> and so on.
<b>CONFIGURATION</b> <b>PARAMETERS</b>
- The following <b>main.cf</b> parameters are especially relevant
- to this topic. See the Postfix <b>main.cf</b> file for syntax
- details and for default values. Use the <b>postfix</b> <b>reload</b>
+ The following <b>main.cf</b> parameters are especially relevant
+ to this topic. See the Postfix <b>main.cf</b> file for syntax
+ details and for default values. Use the <b>postfix</b> <b>reload</b>
command after a configuration change.
<b>empty</b><i>_</i><b>address</b><i>_</i><b>recipient</b>
- The address that is looked up instead of the null
+ The address that is looked up instead of the null
sender address.
<b>parent</b><i>_</i><b>domain</b><i>_</i><b>matches</b><i>_</i><b>subdomains</b>
- List of Postfix features that use <i>domain.tld</i> pat-
- terns to match <i>sub.domain.tld</i> (as opposed to
+ List of Postfix features that use <i>domain.tld</i> pat-
+ terns to match <i>sub.domain.tld</i> (as opposed to
requiring <i>.domain.tld</i> patterns).
<b>transport</b><i>_</i><b>maps</b>
List of transport lookup tables.
- Other parameters of interest:
-
- <b>local</b><i>_</i><b>transport</b>
- The default mail delivery transport when the desti-
- nation matches <b>$mydestination</b> or <b>$inet</b><i>_</i><b>interfaces</b>.
-
- <b>virtual</b><i>_</i><b>transport</b>
- The default mail delivery transport when the desti-
- nation matches <b>$virtual</b><i>_</i><b>mailbox</b><i>_</i><b>domains</b>.
-
- <b>relay</b><i>_</i><b>transport</b>
- The default mail delivery transport when the desti-
- nation matches <b>$relay</b><i>_</i><b>domains</b>.
-
- <b>default</b><i>_</i><b>transport</b>
- The default mail delivery transport when the desti-
- nation does not match a local, virtual or relay
- destination.
-
- <b>mydestination</b>
- The destinations that are given to <b>$local</b><i>_</i><b>transport</b>
- by default.
-
- <b>relayhost</b>
- The default host for destinations that do not match
- <b>$mydestination</b>, <b>$inet</b><i>_</i><b>interfaces</b>, <b>$vir-</b>
- <b>tual</b><i>_</i><b>alias</b><i>_</i><b>domains</b> or <b>$virtual</b><i>_</i><b>mailbox</b><i>_</i><b>domains</b>.
-
<b>SEE</b> <b>ALSO</b>
<a href="postmap.1.html">postmap(1)</a> create mapping table
<a href="trivial-rewrite.8.html">trivial-rewrite(8)</a> rewrite and resolve addresses
The envelope recipient address that is
passed on to <i>nexthop</i>.
- The <b>trivial-rewrite</b> daemon by default only distin-
- guishes between local and non-local mail. For finer
- control over mail routing, use the optional <a href="transport.5.html"><b>trans-</b></a>
- <a href="transport.5.html"><b>port</b>(5)</a> lookup table.
-
- This program expects to be run from the <a href="master.8.html"><b>master</b>(8)</a> process
- manager.
+<b>DEFAULT</b> <b>DELIVERY</b> <b>METHODS</b>
+ By default, Postfix uses one of the following delivery
+ methods. This may be overruled with the optional <a href="transport.5.html">trans-</a>
+ <a href="transport.5.html">port(5)</a> table.
+
+ <b>o</b> The recipient domain matches <b>$mydestination</b> or
+ <b>$inet</b><i>_</i><b>interfaces</b>. The transport and optional nex-
+ thop are specified with <b>$local</b><i>_</i><b>transport</b>. The
+ default nexthop is the recipient domain.
+
+ <b>o</b> The recipient domain matches <b>$virtual</b><i>_</i><b>mail-</b>
+ <b>box</b><i>_</i><b>domains</b>. The transport and optional nexthop
+ are specified with <b>$virtual</b><i>_</i><b>transport</b>. The default
+ nexthop is the recipient domain.
+
+ <b>o</b> The recipient domain matches <b>$relay</b><i>_</i><b>domains</b>. The
+ transport and optional nexthop are specified with
+ <b>$relay</b><i>_</i><b>transport</b>. This overrides the optional nex-
+ thop information that is specified with <b>$relayhost</b>.
+ The default nexthop is the recipient domain.
+
+ <b>o</b> All other destinations. the transport and optional
+ nexthop are specified with <b>$relay</b><i>_</i><b>transport</b>. This
+ overrides the optional nexthop information that is
+ specified with <b>$relayhost</b>. The default nexthop is
+ the recipient domain.
<b>STANDARDS</b>
None. The command does not interact with the outside
<b>local</b><i>_</i><b>transport</b>
Where to deliver mail for destinations that match
<b>$mydestination</b> or <b>$inet</b><i>_</i><b>interfaces</b>. The default
- transport is <b>local</b>.
+ transport is <b>local:$myhostname</b>.
Syntax is <i>transport</i>:<i>nexthop</i>; see <a href="transport.5.html"><b>transport</b>(5)</a> for
details. The :<i>nexthop</i> part is optional.
<b>relayhost</b>
The default host to send non-local mail to when no
- entry is matched in the <a href="transport.5.html"><b>transport</b>(5)</a> table.
-
- When no <b>relayhost</b> is specified, mail is routed
- directly to the destination's mail exchanger.
+ host is specified with <b>$relay</b><i>_</i><b>transport</b> or
+ <b>$default</b><i>_</i><b>transport</b>, and when the recipient address
+ does not match the optional the <a href="transport.5.html"><b>transport</b>(5)</a> table.
<b>transport</b><i>_</i><b>maps</b>
- List of tables with <i>domain</i> to (<i>transport,</i> <i>nexthop</i>)
- mappings.
+ List of tables with <i>recipient</i> or <i>domain</i> to (<i>trans-</i>
+ <i>port,</i> <i>nexthop</i>) mappings.
<b>SEE</b> <b>ALSO</b>
<a href="master.8.html">master(8)</a> process manager
Wait a fixed time between messages.
Suspending one thread does not affect other delivery threads.
.IP [\fBinet:\fR]\fIhost\fR[:\fIport\fR]
-Connect via TCP to \fIhost\fR port \fIport\fR. The default
+Connect via TCP to host \fIhost\fR, port \fIport\fR. The default
port is \fBsmtp\fR.
.IP \fBunix:\fIpathname\fR
Connect to the UNIX-domain socket at \fIpathname\fR.
A null \fItransport\fR field with non-null \fInexthop\fR field
does not modify the transport information.
-.SH DEFAULT DELIVERY METHOD
-.na
-.nf
-.ad
-.fi
-When the recipient address or domain does not match a transport
-table entry, Postfix uses one of the following delivery methods,
-with the recipient domain as the default nexthop.
-.IP \(bu
-The recipient domain matches \fB$mydestination\fR or
-\fB$inet_interfaces\fR. The transport and optional nexthop
-are specified with \fB$local_transport\fR.
-.IP \(bu
-The recipient domain matches \fB$virtual_mailbox_domains\fR.
-The transport and optional nexthop are specified with
-\fB$virtual_transport\fR.
-.IP \(bu
-The recipient domain matches \fB$relay_domains\fR. The
-transport and optional nexthop are specified with
-\fB$relay_transport\fR. This overrides the nexthop information
-that is specified with \fB$relayhost\fR.
-.IP \(bu
-All other destinations. the transport and optional nexthop are
-specified with \fB$relay_transport\fR.
-This overrides the nexthop information that is specified with
-\fB$relayhost\fR.
.SH EXAMPLES
.na
.nf
requiring \fI.domain.tld\fR patterns).
.IP \fBtransport_maps\fR
List of transport lookup tables.
-.PP
-Other parameters of interest:
-.IP \fBlocal_transport\fR
-The default mail delivery transport when the destination matches
-\fB$mydestination\fR or \fB$inet_interfaces\fR.
-.IP \fBvirtual_transport\fR
-The default mail delivery transport when the destination matches
-\fB$virtual_mailbox_domains\fR.
-.IP \fBrelay_transport\fR
-The default mail delivery transport when the destination matches
-\fB$relay_domains\fR.
-.IP \fBdefault_transport\fR
-The default mail delivery transport when the destination does not
-match a local, virtual or relay destination.
-.IP \fBmydestination\fR
-The destinations that are given to \fB$local_transport\fR
-by default.
-.IP \fBrelayhost\fR
-The default host for destinations that do not match
-\fB$mydestination\fR, \fB$inet_interfaces\fR,
-\fB$virtual_alias_domains\fR or \fB$virtual_mailbox_domains\fR.
.SH SEE ALSO
.na
.nf
.IP \fBstrict_8bitmime_body\fR
Reject mail with 8-bit text in content that claims to be 7-bit,
or in content that has no explicit content encoding information.
-This blocks mail mail poorly written mail software. Unfortunately,
+This blocks mail from poorly written mail software. Unfortunately,
this also breaks majordomo approval requests when the included
request contains valid 8-bit MIME mail, and it breaks bounces from
mailers that do not properly encapsulate 8-bit content (for example,
Postmaster for bounce error notices.
.IP \fBnotify_classes\fR
When this parameter includes the \fBbounce\fR class, send mail to the
-postmaster with with the headers of the bounced mail.
+postmaster with the headers of the bounced mail.
.SH SEE ALSO
.na
.nf
.nf
.ad
.fi
-The system adminstrator can set up one or more system-wide
+The system administrator can set up one or more system-wide
\fBsendmail\fR-style alias databases.
Users can have \fBsendmail\fR-style ~/.\fBforward\fR files.
Mail for \fIname\fR is delivered to the alias \fIname\fR, to
The \fBPATH\fR environment variable is always reset to a
system-dependent default path, and environment variables
whose names are blessed by the \fBexport_environment\fR
-configureation parameter are exported unchanged.
+configuration parameter are exported unchanged.
The current working directory is the mail queue directory.
.fi
.IP \fBalways_bcc\fR
Address to send a copy of each message that enters the system.
-.IP \fBcommand_directory\fR
-Location of Postfix support commands.
+.IP \fBauthorized_verp_clients\fR
+Hostnames, domain names and/or addresses of clients that are
+authorized to use the XVERP extension.
.IP \fBdebug_peer_level\fR
Increment in verbose logging level when a remote host matches a
pattern in the \fBdebug_peer_list\fR parameter.
The host to send to and optional delivery method information.
.IP \fIrecipient\fR
The envelope recipient address that is passed on to \fInexthop\fR.
-.PP
-The \fBtrivial-rewrite\fR daemon by default only distinguishes
-between local and non-local mail. For finer control over mail
-routing, use the optional \fBtransport\fR(5) lookup table.
.RE
-.PP
-This program expects to be run from the \fBmaster\fR(8) process
-manager.
+.SH DEFAULT DELIVERY METHODS
+.na
+.nf
+.ad
+.fi
+By default, Postfix uses one of the following delivery methods.
+This may be overruled with the optional transport(5) table.
+.IP \(bu
+The recipient domain matches \fB$mydestination\fR or
+\fB$inet_interfaces\fR. The transport and optional nexthop
+are specified with \fB$local_transport\fR.
+The default nexthop is the recipient domain.
+.IP \(bu
+The recipient domain matches \fB$virtual_mailbox_domains\fR.
+The transport and optional nexthop are specified with
+\fB$virtual_transport\fR.
+The default nexthop is the recipient domain.
+.IP \(bu
+The recipient domain matches \fB$relay_domains\fR. The
+transport and optional nexthop are specified with
+\fB$relay_transport\fR. This overrides the optional nexthop
+information that is specified with \fB$relayhost\fR.
+The default nexthop is the recipient domain.
+.IP \(bu
+All other destinations. the transport and optional nexthop are
+specified with \fB$relay_transport\fR.
+This overrides the optional nexthop information that is specified
+with \fB$relayhost\fR.
+The default nexthop is the recipient domain.
.SH STANDARDS
.na
.nf
.IP \fBlocal_transport\fR
Where to deliver mail for destinations that match \fB$mydestination\fR
or \fB$inet_interfaces\fR.
-The default transport is \fBlocal\fR.
+The default transport is \fBlocal:$myhostname\fR.
.sp
Syntax is \fItransport\fR:\fInexthop\fR; see \fBtransport\fR(5)
for details. The :\fInexthop\fR part is optional.
to match \fIsub.domain.tld\fR (as opposed to
requiring \fI.domain.tld\fR patterns).
.IP \fBrelayhost\fR
-The default host to send non-local mail to when no entry is matched
-in the \fBtransport\fR(5) table.
-.sp
-When no \fBrelayhost\fR is specified, mail is routed directly
-to the destination's mail exchanger.
+The default host to send non-local mail to when no host is
+specified with \fB$relay_transport\fR or \fB$default_transport\fR,
+and when the recipient address does not match the optional the
+\fBtransport\fR(5) table.
.IP \fBtransport_maps\fR
-List of tables with \fIdomain\fR to (\fItransport, nexthop\fR)
-mappings.
+List of tables with \fIrecipient\fR or \fIdomain\fR to
+(\fItransport, nexthop\fR) mappings.
.SH SEE ALSO
.na
.nf
#
# A null \fItransport\fR field with non-null \fInexthop\fR field
# does not modify the transport information.
-# DEFAULT DELIVERY METHOD
-# .ad
-# .fi
-# When the recipient address or domain does not match a transport
-# table entry, Postfix uses one of the following delivery methods,
-# with the recipient domain as the default nexthop.
-# .IP \(bu
-# The recipient domain matches \fB$mydestination\fR or
-# \fB$inet_interfaces\fR. The transport and optional nexthop
-# are specified with \fB$local_transport\fR.
-# .IP \(bu
-# The recipient domain matches \fB$virtual_mailbox_domains\fR.
-# The transport and optional nexthop are specified with
-# \fB$virtual_transport\fR.
-# .IP \(bu
-# The recipient domain matches \fB$relay_domains\fR. The
-# transport and optional nexthop are specified with
-# \fB$relay_transport\fR. This overrides the nexthop information
-# that is specified with \fB$relayhost\fR.
-# .IP \(bu
-# All other destinations. the transport and optional nexthop are
-# specified with \fB$relay_transport\fR.
-# This overrides the nexthop information that is specified with
-# \fB$relayhost\fR.
# EXAMPLES
# .ad
# .fi
# requiring \fI.domain.tld\fR patterns).
# .IP \fBtransport_maps\fR
# List of transport lookup tables.
-# .PP
-# Other parameters of interest:
-# .IP \fBlocal_transport\fR
-# The default mail delivery transport when the destination matches
-# \fB$mydestination\fR or \fB$inet_interfaces\fR.
-# .IP \fBvirtual_transport\fR
-# The default mail delivery transport when the destination matches
-# \fB$virtual_mailbox_domains\fR.
-# .IP \fBrelay_transport\fR
-# The default mail delivery transport when the destination matches
-# \fB$relay_domains\fR.
-# .IP \fBdefault_transport\fR
-# The default mail delivery transport when the destination does not
-# match a local, virtual or relay destination.
-# .IP \fBmydestination\fR
-# The destinations that are given to \fB$local_transport\fR
-# by default.
-# .IP \fBrelayhost\fR
-# The default host for destinations that do not match
-# \fB$mydestination\fR, \fB$inet_interfaces\fR,
-# \fB$virtual_alias_domains\fR or \fB$virtual_mailbox_domains\fR.
# SEE ALSO
# postmap(1) create mapping table
# trivial-rewrite(8) rewrite and resolve addresses
/* .IP \fBstrict_8bitmime_body\fR
/* Reject mail with 8-bit text in content that claims to be 7-bit,
/* or in content that has no explicit content encoding information.
-/* This blocks mail mail poorly written mail software. Unfortunately,
+/* This blocks mail from poorly written mail software. Unfortunately,
/* this also breaks majordomo approval requests when the included
/* request contains valid 8-bit MIME mail, and it breaks bounces from
/* mailers that do not properly encapsulate 8-bit content (for example,
/* Postmaster for bounce error notices.
/* .IP \fBnotify_classes\fR
/* When this parameter includes the \fBbounce\fR class, send mail to the
-/* postmaster with with the headers of the bounced mail.
+/* postmaster with the headers of the bounced mail.
/* SEE ALSO
/* bounce(8) non-delivery status reports
/* master(8) process manager
extern int var_qmqpd_timeout;
#define VAR_QMTPD_ERR_SLEEP "qmqpd_error_delay"
-#define DEF_QMTPD_ERR_SLEEP "5s"
+#define DEF_QMTPD_ERR_SLEEP "1s"
extern int var_qmqpd_err_sleep;
/*
#define DEF_VERP_BOUNCE_OFF 0
extern bool var_verp_bounce_off;
+#define VAR_VERP_CLIENTS "authorized_verp_clients"
+#define DEF_VERP_CLIENTS "$mynetworks"
+extern char *var_verp_clients;
+
/*
* Inbound mail flow control. This allows for a stiffer coupling between
* receiving mail and sending mail. A sending process produces one token for
* Patches change the patchlevel and the release date. Snapshots change the
* release date only, unless they include the same bugfix as a patch release.
*/
-#define MAIL_RELEASE_DATE "20021218"
+#define MAIL_RELEASE_DATE "20021219"
#define VAR_MAIL_VERSION "mail_version"
#define DEF_MAIL_VERSION "1.1.12-" MAIL_RELEASE_DATE
/* SYSTEM-WIDE AND USER-LEVEL ALIASING
/* .ad
/* .fi
-/* The system adminstrator can set up one or more system-wide
+/* The system administrator can set up one or more system-wide
/* \fBsendmail\fR-style alias databases.
/* Users can have \fBsendmail\fR-style ~/.\fBforward\fR files.
/* Mail for \fIname\fR is delivered to the alias \fIname\fR, to
/* The \fBPATH\fR environment variable is always reset to a
/* system-dependent default path, and environment variables
/* whose names are blessed by the \fBexport_environment\fR
-/* configureation parameter are exported unchanged.
+/* configuration parameter are exported unchanged.
/*
/* The current working directory is the mail queue directory.
/*
break;
case 0:
- qmqpd_receive(state);
+
+ /*
+ * See if we want to talk to this client at all.
+ */
+ if (namadr_list_match(qmqpd_clients, state->name, state->addr) == 0) {
+ qmqpd_reply(state, DONT_LOG, QMQPD_STAT_HARD,
+ "Error: %s is not authorized to use this service",
+ state->namaddr);
+ } else
+ qmqpd_receive(state);
break;
}
*/
debug_peer_check(state->name, state->addr);
- /*
- * See if we want to talk to this client at all. In all cases, log the
- * connection event.
- */
- if (namadr_list_match(qmqpd_clients, state->name, state->addr) == 0) {
- msg_info("refused connect from %s", state->namaddr);
- qmqpd_reply(state, DONT_LOG, QMQPD_STAT_HARD,
- "Error: %s is not authorized to use this service",
- state->namaddr);
- }
-
/*
* Provide the QMQP service.
*/
- else {
- msg_info("connect from %s", state->namaddr);
- qmqpd_proto(state);
- msg_info("disconnect from %s", state->namaddr);
- }
+ msg_info("connect from %s", state->namaddr);
+ qmqpd_proto(state);
+ msg_info("disconnect from %s", state->namaddr);
/*
* After the client has gone away, clean up whatever we have set up at
/* .fi
/* .IP \fBalways_bcc\fR
/* Address to send a copy of each message that enters the system.
-/* .IP \fBcommand_directory\fR
-/* Location of Postfix support commands.
+/* .IP \fBauthorized_verp_clients\fR
+/* Hostnames, domain names and/or addresses of clients that are
+/* authorized to use the XVERP extension.
/* .IP \fBdebug_peer_level\fR
/* Increment in verbose logging level when a remote host matches a
/* pattern in the \fBdebug_peer_list\fR parameter.
#include <string_list.h>
#include <quote_822_local.h>
#include <lex_822.h>
+#include <namadr_list.h>
/* Single-threaded server skeleton. */
int var_virt_alias_code;
int var_virt_mailbox_code;
int var_relay_rcpt_code;
+char *var_verp_clients;
/*
* Silly little macros.
#define VERP_CMD "XVERP"
#define VERP_CMD_LEN 5
+static NAMADR_LIST *verp_clients;
+
/*
* Forward declarations.
*/
smtpd_chat_reply(state, "250-AUTH=%s", state->sasl_mechanism_list);
}
#endif
- smtpd_chat_reply(state, "250-%s", VERP_CMD);
+ if (namadr_list_match(verp_clients, state->name, state->addr))
+ smtpd_chat_reply(state, "250-%s", VERP_CMD);
smtpd_chat_reply(state, "250 8BITMIME");
return (0);
}
return (-1);
}
#endif
- } else if (strcasecmp(arg, VERP_CMD) == 0) {
- verp_delims = var_verp_delims;
- } else if (strncasecmp(arg, VERP_CMD, VERP_CMD_LEN) == 0
- && arg[VERP_CMD_LEN] == '=') {
- verp_delims = arg + VERP_CMD_LEN + 1;
- if (verp_delims_verify(verp_delims) != 0) {
- state->error_mask |= MAIL_ERROR_PROTOCOL;
- smtpd_chat_reply(state, "501 %s needs two characters from %s",
- VERP_CMD, var_verp_filter);
- return (-1);
+ } else if (namadr_list_match(verp_clients, state->name, state->addr)) {
+ if (strcasecmp(arg, VERP_CMD) == 0) {
+ verp_delims = var_verp_delims;
+ } else if (strncasecmp(arg, VERP_CMD, VERP_CMD_LEN) == 0
+ && arg[VERP_CMD_LEN] == '=') {
+ verp_delims = arg + VERP_CMD_LEN + 1;
+ if (verp_delims_verify(verp_delims) != 0) {
+ state->error_mask |= MAIL_ERROR_PROTOCOL;
+ smtpd_chat_reply(state, "501 %s needs two characters from %s",
+ VERP_CMD, var_verp_filter);
+ return (-1);
+ }
}
} else {
state->error_mask |= MAIL_ERROR_PROTOCOL;
* case they specify a filename pattern.
*/
smtpd_noop_cmds = string_list_init(MATCH_FLAG_NONE, var_smtpd_noop_cmds);
+ verp_clients = namadr_list_init(MATCH_FLAG_NONE, var_verp_clients);
smtpd_check_init();
debug_peer_init();
VAR_SMTPD_NOOP_CMDS, DEF_SMTPD_NOOP_CMDS, &var_smtpd_noop_cmds, 0, 0,
VAR_SMTPD_NULL_KEY, DEF_SMTPD_NULL_KEY, &var_smtpd_null_key, 0, 0,
VAR_RELAY_RCPT_MAPS, DEF_RELAY_RCPT_MAPS, &var_relay_rcpt_maps, 0, 0,
+ VAR_VERP_CLIENTS, DEF_VERP_CLIENTS, &var_verp_clients, 0, 0,
0,
};
static CONFIG_RAW_TABLE raw_table[] = {
/* Wait a fixed time between messages.
/* Suspending one thread does not affect other delivery threads.
/* .IP [\fBinet:\fR]\fIhost\fR[:\fIport\fR]
-/* Connect via TCP to \fIhost\fR port \fIport\fR. The default
+/* Connect via TCP to host \fIhost\fR, port \fIport\fR. The default
/* port is \fBsmtp\fR.
/* .IP \fBunix:\fIpathname\fR
/* Connect to the UNIX-domain socket at \fIpathname\fR.
/* The host to send to and optional delivery method information.
/* .IP \fIrecipient\fR
/* The envelope recipient address that is passed on to \fInexthop\fR.
-/* .PP
-/* The \fBtrivial-rewrite\fR daemon by default only distinguishes
-/* between local and non-local mail. For finer control over mail
-/* routing, use the optional \fBtransport\fR(5) lookup table.
/* .RE
-/* .PP
-/* This program expects to be run from the \fBmaster\fR(8) process
-/* manager.
+/* DEFAULT DELIVERY METHODS
+/* .ad
+/* .fi
+/* By default, Postfix uses one of the following delivery methods.
+/* This may be overruled with the optional transport(5) table.
+/* .IP \(bu
+/* The recipient domain matches \fB$mydestination\fR or
+/* \fB$inet_interfaces\fR. The transport and optional nexthop
+/* are specified with \fB$local_transport\fR.
+/* The default nexthop is the recipient domain.
+/* .IP \(bu
+/* The recipient domain matches \fB$virtual_mailbox_domains\fR.
+/* The transport and optional nexthop are specified with
+/* \fB$virtual_transport\fR.
+/* The default nexthop is the recipient domain.
+/* .IP \(bu
+/* The recipient domain matches \fB$relay_domains\fR. The
+/* transport and optional nexthop are specified with
+/* \fB$relay_transport\fR. This overrides the optional nexthop
+/* information that is specified with \fB$relayhost\fR.
+/* The default nexthop is the recipient domain.
+/* .IP \(bu
+/* All other destinations. the transport and optional nexthop are
+/* specified with \fB$relay_transport\fR.
+/* This overrides the optional nexthop information that is specified
+/* with \fB$relayhost\fR.
+/* The default nexthop is the recipient domain.
/* STANDARDS
/* .ad
/* .fi
/* .IP \fBlocal_transport\fR
/* Where to deliver mail for destinations that match \fB$mydestination\fR
/* or \fB$inet_interfaces\fR.
-/* The default transport is \fBlocal\fR.
+/* The default transport is \fBlocal:$myhostname\fR.
/* .sp
/* Syntax is \fItransport\fR:\fInexthop\fR; see \fBtransport\fR(5)
/* for details. The :\fInexthop\fR part is optional.
/* to match \fIsub.domain.tld\fR (as opposed to
/* requiring \fI.domain.tld\fR patterns).
/* .IP \fBrelayhost\fR
-/* The default host to send non-local mail to when no entry is matched
-/* in the \fBtransport\fR(5) table.
-/* .sp
-/* When no \fBrelayhost\fR is specified, mail is routed directly
-/* to the destination's mail exchanger.
+/* The default host to send non-local mail to when no host is
+/* specified with \fB$relay_transport\fR or \fB$default_transport\fR,
+/* and when the recipient address does not match the optional the
+/* \fBtransport\fR(5) table.
/* .IP \fBtransport_maps\fR
-/* List of tables with \fIdomain\fR to (\fItransport, nexthop\fR)
-/* mappings.
+/* List of tables with \fIrecipient\fR or \fIdomain\fR to
+/* (\fItransport, nexthop\fR) mappings.
/* SEE ALSO
/* master(8) process manager
/* syslogd(8) system logging
sanity_checked = 1;
errno = 0;
if (getpwuid(0) == 0) {
- msg_warn("cannot access UNIX passwd file info: %m");
+ msg_warn("cannot access UNIX password database: %m");
dict_errno = DICT_ERR_RETRY;
}
}
sanity_checked = 1;
errno = 0;
if (getgrgid(0) == 0) {
- msg_warn("cannot access UNIX group file info: %m");
+ msg_warn("cannot access UNIX group database: %m");
dict_errno = DICT_ERR_RETRY;
}
}
return (0);
}
+ /*
+ * Preliminary IPV6 support.
+ */
+ if (strchr(addr, ':')) {
+ if (*(cp = addr + strspn(addr, ":./0123456789abcdefABCDEF")) != 0) {
+ if (gripe)
+ msg_warn("%s: invalid character %d(decimal): %.100s",
+ myname, *cp, addr);
+ return (0);
+ }
+ return (1);
+ }
+
/*
* Scary code to avoid sscanf() overflow nasties.
*/
[1.2.3.4
[1.2.3.4]foo
[xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
+[a:a:a:a:a:a:a:a]
+[g:a:a:a:a:a:a:a]
./valid_hostname: warning: valid_hostname: invalid character 91(decimal): [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
./valid_hostname: warning: valid_hostaddr: invalid character 91(decimal): [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
./valid_hostname: warning: valid_hostliteral: too much text: [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+./valid_hostname: testing: "[a:a:a:a:a:a:a:a]"
+./valid_hostname: warning: valid_hostname: invalid character 91(decimal): [a:a:a:a:a:a:a:a]
+./valid_hostname: warning: valid_hostaddr: invalid character 91(decimal): [a:a:a:a:a:a:a:a]
+./valid_hostname: testing: "[g:a:a:a:a:a:a:a]"
+./valid_hostname: warning: valid_hostname: invalid character 91(decimal): [g:a:a:a:a:a:a:a]
+./valid_hostname: warning: valid_hostaddr: invalid character 91(decimal): [g:a:a:a:a:a:a:a]
+./valid_hostname: warning: valid_hostaddr: invalid character 103(decimal): g:a:a:a:a:a:a:a
projects / thirdparty / postfix.git / commitdiff
