before the server has received the client's data. Files:
util/{inet,unix,stream}_trigger.c, util/events.c,
master/master_trigger.c, postkick/postkick.c.
+
+20010403
+
+ Workaround: the mysql library can return null pointers
+ rather than zero-length strings.
+
+20010404
+
+ Logging: log additional information about why "mail for
+ XXX loops back to myself", when the local machine is the
+ best MX host. File: smtp/smtp_addr.c.
+
+20010406
+
+ Changed some noisy LDAP client warnings into optional
+ logging. LaMont Jones, util/dict_ldap.c.
+
+20010411
+
+ Compatibility: the SMTP server now replies with 550 instead
+ of 503 when it receives the DATA command without having
+ received a valid recipient address. This is needed for the
+ Sendmail client-side pipelining implementation. Problem
+ reported by Lutz Jaenicke. File: smtpd/smtpd.c.
+
+ Cleanup: shut up if chattr fails on Reiserfs and other file
+ systems that do not support the respective attributes.
+ Files: conf/postfix-script-{no,}sgid.
+
+20010413
+
+ Ergonomics: Postfix applications now warn when a DB or DBM
+ file is out of date, and recommends to re-run postmap or
+ postalias. Files: util/dict_db.c, util/dict_dbm.c.
+
+20010414
+
+ Feature: specify a key of "-" to the postmap or postalias
+ -q or -d option, and the keys will be read from standard
+ input, one key per line. Files: postmap/postmap.c,
+ postalias/postalias.c.
+
+ Bugfix: with a non-default inet_interfaces setting, the
+ master daemon ignored host information in explicit host:port
+ settings in master.cf. Fix by Jun-ichiro itojun Hagino @
+ iijlab.net. Files: master/master.h, master/master_ent.c.
Linux RedHat 5.x
Linux RedHat 6.x
Linux RedHat 7.x
- Linux Slackware 3.5
- Linux Slackware 4.0
- Linux Slackware 7.0
+ Linux Slackware 3.x
+ Linux Slackware 4.x
+ Linux Slackware 7.x
Linux SuSE 5.x
Linux SuSE 6.x
Linux SuSE 7.x
non-standard SASL LOGIN authentication method. To enable this
authentication method, specify ``./configure --enable-login''.
-Older Microsoft SMTP client software implements a non-standard
-version of the AUTH protocol syntax, and expects that the SMTP
-server replies to EHLO with "250 AUTH=stuff" instead of "250 AUTH
-stuff". To accomodate such clients in addition to conformant
-clients, set "broken_sasl_auth_clients = yes" in the main.cf file.
-
-The Postfix SMTP client is backwards compatible with SMTP servers
-that use the non-standard AUTH protocol syntax.
+If you install the Cyrus SASL libraries as per the default, you
+will have to symlink /usr/lib/sasl -> /usr/local/lib/sasl.
Building Postfix with SASL authentication support
=================================================
Enabling SASL authentication in the Postfix SMTP server
=======================================================
-If you installed the Cyrus SASL libraries as per the default, you
-will have to symlink /usr/lib/sasl -> /usr/local/lib/sasl.
-
See conf/sample-auth.cf for examples.
In order to enable SASL support in the SMTP server:
To run software chrooted with SASL support is an interesting
exercise. It probably is not worth the trouble.
+Older Microsoft SMTP client software implements a non-standard
+version of the AUTH protocol syntax, and expects that the SMTP
+server replies to EHLO with "250 AUTH=stuff" instead of "250 AUTH
+stuff". To accomodate such clients in addition to conformant
+clients, set "broken_sasl_auth_clients = yes" in the main.cf file.
+
Testing SASL authentication in the Postfix SMTP server
======================================================
The SASL client password file is opened before the SMTP server
enters the optional chroot jail, so you can keep the file in
/etc/postfix.
+
+The Postfix SMTP client is backwards compatible with SMTP servers
+that use the non-standard AUTH=stuff... syntax in response to the
+EHLO command.
+
test -d $dir || {
$WARN creating missing Postfix $dir directory
mkdir $dir || exit 1
- chmod 700 $dir; $CHATTR $dir
+ chmod 700 $dir; $CHATTR $dir 2>/dev/null
chown $mail_owner $dir
}
done
test -d $dir || {
$WARN creating missing Postfix $dir directory
mkdir $dir || exit 1
- chmod 700 $dir; $CHATTR $dir
+ chmod 700 $dir; $CHATTR $dir 2>/dev/null
chown $mail_owner $dir
}
done
# DELIVERED-TO
#
-# The prepend_delivered_header controls when Postfix should prepend
-# a Delivered-To: message header.
+# The prepend_delivered_header controls when the Postfix local delivery
+# agent should prepend a Delivered-To: message header.
#
-# By default, Postfix prepends a Delivered-To: header when forwarding
-# mail and when delivering to file (mailbox) and command. Turning off
-# the Delivered-To: header when forwarding mail is not recommended.
+# By default, the Postfix local delivery agent prepends a Delivered-To:
+# header when forwarding mail and when delivering to file (mailbox)
+# and command. Turning off the Delivered-To: header when forwarding
+# mail is not recommended.
#
# prepend_delivered_header = command, file, forward
# prepend_delivered_header = forward
# Specify a list of names separated by whitespace or comma.
#
# import_environment = MAIL_CONFIG TZ XAUTHORITY DISPLAY HOME PURIFYOPTIONS
-import_environment = MAIL_CONFIG TZ XAUTHORITY DISPLAY
+import_environment = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY
# The inet_interfaces parameter specifies the network interface
# addresses that this mail system receives mail on. By default,
<h2> Introduction </h2>
-Postfix has about 100 configuration parameters that are controlled
+Postfix has several hundred configuration parameters that are controlled
via the <b>main.cf</b> file. Fortunately, they have sensible
default values. In most cases, you need to configure only two or
three parameters before you can use the Postfix mail system:
</ul>
The default values for many other configuration parameters are
-derived from just these two.
+derived from just these.
<p>
-The third parameter of interest controls the amount of mail sent
+The next parameter of interest controls the amount of mail sent
to the local postmaster:
<ul>
<li><a href="#whoami">sendmail: unable to find out your login name</a>
+<li><a href="#paranoid">warning: xxx.xxx.xxx.xxx: address not listed
+for hostname yyy.yyy.yyy</a>
<li><a href="#unknown_virtual_loop">Mail for unknown users in
virtual domains fails with "mail loops back to myself"</a>
<li><a href="#numerical_log">Postfix logs SMTP clients as IP
addresses</a>
+<li><a href="#paranoid">warning: xxx.xxx.xxx.xxx: address not listed
+for hostname yyy.yyy.yyy</a>
+
</ul>
<a name="relaying"><h3>Mail relaying</h3>
<li><a href="#owner-foo">Postfix ignores the owner-list alias</a>
-<li><a href="#virtual_command">Commands and mailing lists don't work in Postfix virtual maps</a>
+<li><a href="#virtual_command">Commands, mailing lists, and /file/name destinations don't work in Postfix virtual maps</a>
</ul>
<li><a href="#virtual_relay">Postfix refuses mail for virtual
domains with "relay access denied"</a>
-<li><a href="#virtual_command">Commands and mailing lists don't work in Postfix virtual maps</a>
+<li><a href="#virtual_command">Commands, mailing lists, and /file/name destinations don't work in Postfix virtual maps</a>
<li><a href="#domain_mailbox">Receiving a virtual domain in a
mailbox</a>
<hr>
+<a name="paranoid"><h3>warning: xxx.xxx.xxx.xxx: address not listed
+for hostname yyy.yyy.yyy</h3>
+
+Postfix uses hostnames in its junk mail and mail relay controls.
+This means that in theory someone could be motivated to set up
+bogus DNS information, in order to get past your junk mail or mail
+relay controls.
+
+<p>
+
+When Postfix looks up the SMTP client hostname for the SMTP client
+IP address, then Postfix also checks if the SMTP client IP address
+is listed under the SMTP client hostname.
+
+<p>
+
+If the SMTP client IP address is not listed under the SMTP client
+hostname, then Postfix concludes that the SMTP client hostname does
+not belong to the SMTP client IP address, and ignores the SMTP
+client hostname. A warning is logged, so that you can find out why
+an SMTP client is or is not stopped by your junk mail or mail relay
+checks.
+
+<p>
+
+You could contact the people who maintain the SMTP client's DNS
+records, and explain to them that each IP address needs one PTR
+record, and that this one PTR record needs a matching A record.
+
+<p>
+
+Some people read the RFCs such that one IP address can have multiple
+PTR records, but that makes PTR records even less useful than they
+already are. And in any case, having multiple names per IP address
+would only worsen the problem of finding out the "official name"
+of a machine's IP address.
+
<a name="open_relay"><h3>Help! Postfix is an open relay</h3>
According to some relay checking software, Postfix accepts
<hr>
-<a name="virtual_command"><h3>Commands and mailing lists don't work
+<a name="virtual_command"><h3>Commands, mailing, and /file/name destinations don't work
in Postfix virtual maps</h3>
Short reply: specify a Sendmail-style <a href="virtual.5.html">virtual</a>
-domain, and specify the command or mailing list in the local <a
-href="aliases.5.html">aliases</a> file.
+domain, and specify the command, mailing list, or /file/name
+destination in the local <a href="aliases.5.html">aliases</a> file.
<p>
<p>
-Delivering mail to a command is a security-sensitive operation,
-because the command must be executed with the right privileges.
-Only <b>root</b>-privileged software such as the Postfix local
-delivery agent can set the privileges for a command.
+Delivering mail to a file or command is a security-sensitive
+operation, because the operation must be executed with the right
+privileges. Only <b>root</b>-privileged software such as the
+Postfix local delivery agent can set the privileges for command
+or file delivery.
<p>
For security reasons, Postfix tries to avoid using <b>root</b>
privileges where possible. In particular, Postfix virtual mapping
is done by an unprivileged daemon, so there is no secure way to
-execute commands found in virtual maps.
+execute commands or to deliver to files found in virtual maps.
<hr>
is `U', which makes matching ungreedy (see PCRE documenta-
tion and source for more info).
- Each pattern is applied to the entire string being looked
- up. Depending on the application, that string is an
- entire client hostname, an entire client IP address, or an
- entire mail address. Thus, no parent domain or parent
- network search is done, and <i>user@domain</i> mail addresses are
- not broken up into their <i>user</i> and <i>domain</i> constituent
- parts, nor is <i>user+foo</i> broken up into <i>user</i> and <i>foo</i>.
+ Each pattern is applied to the entire lookup key string.
+ Depending on the application, that string is an entire
+ client hostname, an entire client IP address, or an entire
+ mail address. Thus, no parent domain or parent network
+ search is done, and <i>user@domain</i> mail addresses are not
+ broken up into their <i>user</i> and <i>domain</i> constituent parts,
+ nor is <i>user+foo</i> broken up into <i>user</i> and <i>foo</i>.
Patterns are applied in the order as specified in the
table, until a pattern is found that matches the search
PCRE_TABLE(5) PCRE_TABLE(5)
- Substitution of sub-strings from the matched expression is
- possible using the conventional perl syntax ($1, $2,
- etc.). The macros in the replacement string may need to be
- written as ${n} or $(n) if they aren't followed by whites-
- pace.
+ Substitution of substrings from the matched expression
+ into the result string is possible using the conventional
+ perl syntax ($1, $2, etc.). The macros in the result
+ string may need to be written as ${n} or $(n) if they
+ aren't followed by whitespace.
<b>EXAMPLES</b>
# Protect your outgoing majordomo exploders
directory.
<b>-d</b> <i>key</i> Search the specified maps for <i>key</i> and remove one
- entry per map. The exit status is non-zero if the
- requested information was not found.
+ entry per map. The exit status is zero when the
+ requested information was found.
- <b>-i</b> Incremental mode. Read entries from standard input
+ If a key value of <b>-</b> is specified, the program reads
+ key values from the standard input stream. The exit
+ status is zero when at least one of the requested
+ keys was found.
+
+ <b>-i</b> Incremental mode. Read entries from standard input
and do not truncate an existing database. By
- default, <b>postalias</b> creates a new database from the
+ default, <b>postalias</b> creates a new database from the
entries in <b>file</b><i>_</i><b>name</b>.
- <b>-n</b> Don't include the terminating null character that
- terminates lookup keys and values. By default,
- Postfix does whatever is the default for the host
+ <b>-n</b> Don't include the terminating null character that
+ terminates lookup keys and values. By default,
+ Postfix does whatever is the default for the host
operating system.
- <b>-q</b> <i>key</i> Search the specified maps for <i>key</i> and print the
- first value found on the standard output stream.
- The exit status is non-zero if the requested infor-
- mation was not found.
-
- <b>-r</b> When updating a table, do not warn about duplicate
- entries; silently replace them.
-
- <b>-v</b> Enable verbose logging for debugging purposes.
+ <b>-q</b> <i>key</i> Search the specified maps for <i>key</i> and print the
+ first value found on the standard output stream.
+ The exit status is zero when the requested informa-
+ tion was found.
POSTALIAS(1) POSTALIAS(1)
- Multiple <b>-v</b> options make the software increasingly
+ If a key value of <b>-</b> is specified, the program reads
+ key values from the standard input stream and
+ prints one line of <i>key:</i> <i>value</i> output for each key
+ that was found. The exit status is zero when at
+ least one of the requested keys was found.
+
+ <b>-r</b> When updating a table, do not warn about duplicate
+ entries; silently replace them.
+
+ <b>-v</b> Enable verbose logging for debugging purposes. Mul-
+ tiple <b>-v</b> options make the software increasingly
verbose.
- <b>-w</b> When updating a table, do not warn about duplicate
+ <b>-w</b> When updating a table, do not warn about duplicate
entries; silently ignore them.
Arguments:
<i>file_type</i>
The type of database to be produced.
- <b>btree</b> The output is a btree file, named
- <i>file_name</i><b>.db</b>. This is available only on
+ <b>btree</b> The output is a btree file, named
+ <i>file_name</i><b>.db</b>. This is available only on
systems with support for <b>db</b> databases.
- <b>dbm</b> The output consists of two files, named
- <i>file_name</i><b>.pag</b> and <i>file_name</i><b>.dir</b>. This is
- available only on systems with support for
+ <b>dbm</b> The output consists of two files, named
+ <i>file_name</i><b>.pag</b> and <i>file_name</i><b>.dir</b>. This is
+ available only on systems with support for
<b>dbm</b> databases.
- <b>hash</b> The output is a hashed file, named
- <i>file_name</i><b>.db</b>. This is available only on
+ <b>hash</b> The output is a hashed file, named
+ <i>file_name</i><b>.db</b>. This is available only on
systems with support for <b>db</b> databases.
- When no <i>file_type</i> is specified, the software uses
- the database type specified via the <b>database</b><i>_</i><b>type</b>
- configuration parameter. The default value for
+ When no <i>file_type</i> is specified, the software uses
+ the database type specified via the <b>database</b><i>_</i><b>type</b>
+ configuration parameter. The default value for
this parameter depends on the host environment.
<i>file_name</i>
- The name of the alias database source file when
+ The name of the alias database source file when
rebuilding a database.
<b>DIAGNOSTICS</b>
- Problems are logged to the standard error stream. No out-
+ Problems are logged to the standard error stream. No out-
put means no problems were detected. Duplicate entries are
skipped and are flagged with a warning.
<b>postalias</b> terminates with zero exit status in case of suc-
- cess (including successful <b>postmap</b> <b>-q</b> lookup) and termi-
+ cess (including successful <b>postmap</b> <b>-q</b> lookup) and termi-
nates with non-zero exit status in case of failure.
<b>BUGS</b>
- The "delete key" support is limited to one delete opera-
- tion per command invocation.
+ The "delete key" support is limited to one delete
-<b>ENVIRONMENT</b>
- <b>MAIL</b><i>_</i><b>CONFIG</b>
- Directory with Postfix configuration files.
- <b>MAIL</b><i>_</i><b>VERBOSE</b>
- Enable verbose logging for debugging purposes.
+ 2
- 2
-
+POSTALIAS(1) POSTALIAS(1)
+ operation per command invocation.
-POSTALIAS(1) POSTALIAS(1)
+<b>ENVIRONMENT</b>
+ <b>MAIL</b><i>_</i><b>CONFIG</b>
+ Directory with Postfix configuration files.
+ <b>MAIL</b><i>_</i><b>VERBOSE</b>
+ Enable verbose logging for debugging purposes.
<b>CONFIGURATION</b> <b>PARAMETERS</b>
- The following <b>main.cf</b> parameters are especially relevant
- to this program. See the Postfix <b>main.cf</b> file for syntax
+ The following <b>main.cf</b> parameters are especially relevant
+ to this program. See the Postfix <b>main.cf</b> file for syntax
details and for default values.
<b>database</b><i>_</i><b>type</b>
- Default alias database type. On many UNIX systems,
+ Default alias database type. On many UNIX systems,
the default type is either <b>dbm</b> or <b>hash</b>.
<b>STANDARDS</b>
<a href="sendmail.1.html">sendmail(1)</a> mail posting and compatibility interface.
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
-
-
-
-
-
-
-
-
-
directory.
<b>-d</b> <i>key</i> Search the specified maps for <i>key</i> and remove one
- entry per map. The exit status is non-zero if the
- requested information was not found.
+ entry per map. The exit status is zero when the
+ requested information was found.
POSTMAP(1) POSTMAP(1)
- <b>-i</b> Incremental mode. Read entries from standard input
+ If a key value of <b>-</b> is specified, the program reads
+ key values from the standard input stream. The exit
+ status is zero when at least one of the requested
+ keys was found.
+
+ <b>-i</b> Incremental mode. Read entries from standard input
and do not truncate an existing database. By
- default, <b>postmap</b> creates a new database from the
+ default, <b>postmap</b> creates a new database from the
entries in <b>file</b><i>_</i><b>name</b>.
- <b>-n</b> Don't include the terminating null character that
- terminates lookup keys and values. By default,
- Postfix does whatever is the default for the host
+ <b>-n</b> Don't include the terminating null character that
+ terminates lookup keys and values. By default,
+ Postfix does whatever is the default for the host
operating system.
- <b>-q</b> <i>key</i> Search the specified maps for <i>key</i> and print the
- first value found on the standard output stream.
- The exit status is non-zero if the requested infor-
- mation was not found.
+ <b>-q</b> <i>key</i> Search the specified maps for <i>key</i> and print the
+ first value found on the standard output stream.
+ The exit status is zero when the requested informa-
+ tion was found.
+
+ If a key value of <b>-</b> is specified, the program reads
+ key values from the standard input stream and
+ prints one line of <i>key</i> <i>value</i> output for each key
+ that was found. The exit status is zero when at
+ least one of the requested keys was found.
- <b>-r</b> When updating a table, do not warn about duplicate
+ <b>-r</b> When updating a table, do not warn about duplicate
entries; silently replace them.
<b>-v</b> Enable verbose logging for debugging purposes. Mul-
- tiple <b>-v</b> options make the software increasingly
+ tiple <b>-v</b> options make the software increasingly
verbose.
- <b>-w</b> When updating a table, do not warn about duplicate
+ <b>-w</b> When updating a table, do not warn about duplicate
entries; silently ignore them.
Arguments:
<i>file_type</i>
The type of database to be produced.
- <b>btree</b> The output file is a btree file, named
- <i>file_name</i><b>.db</b>. This is available only on
+ <b>btree</b> The output file is a btree file, named
+ <i>file_name</i><b>.db</b>. This is available only on
systems with support for <b>db</b> databases.
- <b>dbm</b> The output consists of two files, named
- <i>file_name</i><b>.pag</b> and <i>file_name</i><b>.dir</b>. This is
- available only on systems with support for
+ <b>dbm</b> The output consists of two files, named
+ <i>file_name</i><b>.pag</b> and <i>file_name</i><b>.dir</b>. This is
+ available only on systems with support for
<b>dbm</b> databases.
- <b>hash</b> The output file is a hashed file, named
- <i>file_name</i><b>.db</b>. This is available only on
+ <b>hash</b> The output file is a hashed file, named
+ <i>file_name</i><b>.db</b>. This is available only on
systems with support for <b>db</b> databases.
- When no <i>file_type</i> is specified, the software uses
- the database type specified via the <b>database</b><i>_</i><b>type</b>
- configuration parameter.
-
- <i>file_name</i>
- The name of the lookup table source file when
- rebuilding a database.
-
-<b>DIAGNOSTICS</b>
- Problems and transactions are logged to the standard error
- stream. No output means no problems. Duplicate entries are
POSTMAP(1) POSTMAP(1)
+ When no <i>file_type</i> is specified, the software uses
+ the database type specified via the <b>database</b><i>_</i><b>type</b>
+ configuration parameter.
+
+ <i>file_name</i>
+ The name of the lookup table source file when
+ rebuilding a database.
+
+<b>DIAGNOSTICS</b>
+ Problems and transactions are logged to the standard error
+ stream. No output means no problems. Duplicate entries are
skipped and are flagged with a warning.
- <b>postmap</b> terminates with zero exit status in case of suc-
- cess (including successful <b>postmap</b> <b>-q</b> lookup) and termi-
+ <b>postmap</b> terminates with zero exit status in case of suc-
+ cess (including successful <b>postmap</b> <b>-q</b> lookup) and termi-
nates with non-zero exit status in case of failure.
<b>BUGS</b>
- The "delete key" support is limited to one delete opera-
+ The "delete key" support is limited to one delete opera-
tion per command invocation.
<b>ENVIRONMENT</b>
<b>CONFIGURATION</b> <b>PARAMETERS</b>
<b>database</b><i>_</i><b>type</b>
- Default output database type. On many UNIX sys-
- tems, the default database type is either <b>hash</b> or
+ Default output database type. On many UNIX sys-
+ tems, the default database type is either <b>hash</b> or
<b>dbm</b>.
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
-
-
-
-
-
-
-
-
-
-
-
Other flags are `x' (disable extended expression syntax),
and `m' (enable multi-line mode).
- Each pattern is applied to the entire string being looked
- up. Depending on the application, that string is an
- entire client hostname, an entire client IP address, or an
- entire mail address. Thus, no parent domain or parent
- network search is done, and <i>user@domain</i> mail addresses are
- not broken up into their <i>user</i> and <i>domain</i> constituent
- parts, nor is <i>user+foo</i> broken up into <i>user</i> and <i>foo</i>.
+ Each pattern is applied to the entire lookup key string.
+ Depending on the application, that string is an entire
+ client hostname, an entire client IP address, or an entire
+ mail address. Thus, no parent domain or parent network
+ search is done, and <i>user@domain</i> mail addresses are not
+ broken up into their <i>user</i> and <i>domain</i> constituent parts,
+ nor is <i>user+foo</i> broken up into <i>user</i> and <i>foo</i>.
Patterns are applied in the order as specified in the
table, until a pattern is found that matches the search
string.
- Substitution of sub-strings from the matched expression is
- possible using $1, $2, etc.. The macros in the replacement
- string may need to be written as ${n} or $(n) if they
- aren't followed by whitespace.
+ Substitution of substrings from the matched expression
+ into the result string is possible using $1, $2, etc.. The
+ macros in the result string may need to be written as ${n}
+ or $(n) if they aren't followed by whitespace.
<b>EXAMPLES</b>
# Disallow sender-specified routing. This is a must if you relay mail
instead of the default configuration directory.
.IP "\fB-d \fIkey\fR"
Search the specified maps for \fIkey\fR and remove one entry per map.
-The exit status is non-zero if the requested information was not found.
+The exit status is zero when the requested information was found.
+
+If a key value of \fB-\fR is specified, the program reads key
+values from the standard input stream. The exit status is zero
+when at least one of the requested keys was found.
.IP \fB-i\fR
Incremental mode. Read entries from standard input and do not
truncate an existing database. By default, \fBpostalias\fR creates
the host operating system.
.IP "\fB-q \fIkey\fR"
Search the specified maps for \fIkey\fR and print the first value
-found on the standard output stream. The exit status is non-zero
-if the requested information was not found.
+found on the standard output stream. The exit status is zero
+when the requested information was found.
+
+If a key value of \fB-\fR is specified, the program reads key
+values from the standard input stream and prints one line of
+\fIkey: value\fR output for each key that was found. The exit
+status is zero when at least one of the requested keys was found.
.IP \fB-r\fR
When updating a table, do not warn about duplicate entries; silently
replace them.
instead of the default configuration directory.
.IP "\fB-d \fIkey\fR"
Search the specified maps for \fIkey\fR and remove one entry per map.
-The exit status is non-zero if the requested information was not found.
+The exit status is zero when the requested information was found.
+
+If a key value of \fB-\fR is specified, the program reads key
+values from the standard input stream. The exit status is zero
+when at least one of the requested keys was found.
.IP \fB-i\fR
Incremental mode. Read entries from standard input and do not
truncate an existing database. By default, \fBpostmap\fR creates
the host operating system.
.IP "\fB-q \fIkey\fR"
Search the specified maps for \fIkey\fR and print the first value
-found on the standard output stream. The exit status is non-zero
-if the requested information was not found.
+found on the standard output stream. The exit status is zero
+when the requested information was found.
+
+If a key value of \fB-\fR is specified, the program reads key
+values from the standard input stream and prints one line of
+\fIkey value\fR output for each key that was found. The exit
+status is zero when at least one of the requested keys was found.
.IP \fB-r\fR
When updating a table, do not warn about duplicate entries; silently
replace them.
matching ungreedy (see PCRE documentation and source for more
info).
-Each pattern is applied to the entire string being looked up.
+Each pattern is applied to the entire lookup key string.
Depending on the application, that string is an entire client
hostname, an entire client IP address, or an entire mail address.
Thus, no parent domain or parent network search is done, and
Patterns are applied in the order as specified in the table, until a
pattern is found that matches the search string.
-Substitution of sub-strings from the matched expression is
-possible using the conventional perl syntax ($1, $2, etc.). The
-macros in the replacement string may need to be written as ${n}
+Substitution of substrings from the matched expression into the result
+string is possible using the conventional perl syntax ($1, $2, etc.).
+The macros in the result string may need to be written as ${n}
or $(n) if they aren't followed by whitespace.
.SH EXAMPLES
.na
are `x' (disable extended expression syntax), and `m' (enable
multi-line mode).
-Each pattern is applied to the entire string being looked up.
+Each pattern is applied to the entire lookup key string.
Depending on the application, that string is an entire client
hostname, an entire client IP address, or an entire mail address.
Thus, no parent domain or parent network search is done, and
Patterns are applied in the order as specified in the table, until a
pattern is found that matches the search string.
-Substitution of sub-strings from the matched expression is
-possible using $1, $2, etc.. The macros in the replacement string
+Substitution of substrings from the matched expression into the result
+string is possible using $1, $2, etc.. The macros in the result string
may need to be written as ${n} or $(n) if they aren't followed
by whitespace.
.SH EXAMPLES
# matching ungreedy (see PCRE documentation and source for more
# info).
#
-# Each pattern is applied to the entire string being looked up.
+# Each pattern is applied to the entire lookup key string.
# Depending on the application, that string is an entire client
# hostname, an entire client IP address, or an entire mail address.
# Thus, no parent domain or parent network search is done, and
# Patterns are applied in the order as specified in the table, until a
# pattern is found that matches the search string.
#
-# Substitution of sub-strings from the matched expression is
-# possible using the conventional perl syntax ($1, $2, etc.). The
-# macros in the replacement string may need to be written as ${n}
+# Substitution of substrings from the matched expression into the result
+# string is possible using the conventional perl syntax ($1, $2, etc.).
+# The macros in the result string may need to be written as ${n}
# or $(n) if they aren't followed by whitespace.
# EXAMPLES
# # Protect your outgoing majordomo exploders
# are `x' (disable extended expression syntax), and `m' (enable
# multi-line mode).
#
-# Each pattern is applied to the entire string being looked up.
+# Each pattern is applied to the entire lookup key string.
# Depending on the application, that string is an entire client
# hostname, an entire client IP address, or an entire mail address.
# Thus, no parent domain or parent network search is done, and
# Patterns are applied in the order as specified in the table, until a
# pattern is found that matches the search string.
#
-# Substitution of sub-strings from the matched expression is
-# possible using $1, $2, etc.. The macros in the replacement string
+# Substitution of substrings from the matched expression into the result
+# string is possible using $1, $2, etc.. The macros in the result string
# may need to be written as ${n} or $(n) if they aren't followed
# by whitespace.
# EXAMPLES
* Version of this program.
*/
#define VAR_MAIL_VERSION "mail_version"
-#define DEF_MAIL_VERSION "Snapshot-20010329"
+#define DEF_MAIL_VERSION "Snapshot-20010414"
extern char *var_mail_version;
/* LICENSE
#define MASTER_FLAG_THROTTLE (1<<0) /* we're having trouble */
#define MASTER_FLAG_MARK (1<<1) /* garbage collection support */
#define MASTER_FLAG_CONDWAKE (1<<2) /* wake up if actually used */
+#define MASTER_FLAG_INETHOST (1<<3) /* endpoint name specifies host */
#define MASTER_THROTTLED(f) ((f)->flags & MASTER_FLAG_THROTTLE)
#include <stringops.h>
#include <readlline.h>
#include <inet_addr_list.h>
+#include <inet_util.h>
+#include <inet_addr_host.h>
/* Global library. */
MASTER_SERV *serv;
char *cp;
char *name;
+ char *host;
+ char *port;
char *transport;
int private;
int unprivileged; /* passed on to child */
char *command;
int n;
char *bufp;
+ char *atmp;
if (master_fp == 0)
msg_panic("get_master_ent: config file not open");
transport = get_str_ent(&bufp, "transport type", (char *) 0);
if (STR_SAME(transport, MASTER_XPORT_NAME_INET)) {
serv->type = MASTER_SERV_TYPE_INET;
- if (strcasecmp(var_inet_interfaces, DEF_INET_INTERFACES) == 0) {
+ atmp = inet_parse(name, &host, &port);
+ if (host && *host) {
+ serv->flags |= MASTER_FLAG_INETHOST;
+ serv->addr_list.inet =
+ (INET_ADDR_LIST *) mymalloc(sizeof(*serv->addr_list_buf.inet));
+ inet_addr_list_init(serv->addr_list.inet);
+ inet_addr_host(serv->addr_list.inet, host);
+ serv->listen_fd_count = serv->addr_list.inet->used;
+ } else if (strcasecmp(var_inet_interfaces, DEF_INET_INTERFACES) == 0) {
serv->addr_list.inet = 0; /* wild-card */
serv->listen_fd_count = 1;
} else {
serv->addr_list.inet = own_inet_addr_list(); /* virtual */
serv->listen_fd_count = serv->addr_list.inet->used;
}
+ myfree(atmp);
} else if (STR_SAME(transport, MASTER_XPORT_NAME_UNIX)) {
serv->type = MASTER_SERV_TYPE_UNIX;
serv->listen_fd_count = 1;
/*
* Undo what get_master_ent() created.
*/
+ if (serv->flags & MASTER_FLAG_INETHOST)
+ inet_addr_list_free(serv->addr_list.inet);
myfree(serv->name);
myfree(serv->path);
argv_free(serv->args);
/* instead of the default configuration directory.
/* .IP "\fB-d \fIkey\fR"
/* Search the specified maps for \fIkey\fR and remove one entry per map.
-/* The exit status is non-zero if the requested information was not found.
+/* The exit status is zero when the requested information was found.
+/*
+/* If a key value of \fB-\fR is specified, the program reads key
+/* values from the standard input stream. The exit status is zero
+/* when at least one of the requested keys was found.
/* .IP \fB-i\fR
/* Incremental mode. Read entries from standard input and do not
/* truncate an existing database. By default, \fBpostalias\fR creates
/* the host operating system.
/* .IP "\fB-q \fIkey\fR"
/* Search the specified maps for \fIkey\fR and print the first value
-/* found on the standard output stream. The exit status is non-zero
-/* if the requested information was not found.
+/* found on the standard output stream. The exit status is zero
+/* when the requested information was found.
+/*
+/* If a key value of \fB-\fR is specified, the program reads key
+/* values from the standard input stream and prints one line of
+/* \fIkey: value\fR output for each key that was found. The exit
+/* status is zero when at least one of the requested keys was found.
/* .IP \fB-r\fR
/* When updating a table, do not warn about duplicate entries; silently
/* replace them.
#include <stringops.h>
#include <split_at.h>
#include <get_hostname.h>
+#include <vstring_vstream.h>
/* Global library. */
vstream_fclose(source_fp);
}
+/* postalias_queries - apply multiple requests from stdin */
+
+static int postalias_queries(VSTREAM *in, char **maps, const int map_count)
+{
+ int found = 0;
+ VSTRING *keybuf = vstring_alloc(100);
+ DICT **dicts;
+ const char *map_name;
+ const char *value;
+ int n;
+
+ /*
+ * Sanity check.
+ */
+ if (map_count <= 0)
+ msg_panic("postalias_queries: bad map count");
+
+ /*
+ * Prepare to open maps lazily.
+ */
+ dicts = (DICT **) mymalloc(sizeof(*dicts) * map_count);
+ for (n = 0; n < map_count; n++)
+ dicts[n] = 0;
+
+ /*
+ * Perform all queries. Open maps on the fly, to avoid opening unecessary
+ * maps.
+ */
+ while (vstring_get_nonl(keybuf, in) != VSTREAM_EOF) {
+ for (n = 0; n < map_count; n++) {
+ if (dicts[n] == 0)
+ dicts[n] = ((map_name = split_at(maps[n], ':')) != 0 ?
+ dict_open3(maps[n], map_name, O_RDONLY, DICT_FLAG_LOCK) :
+ dict_open3(var_db_type, maps[n], O_RDONLY, DICT_FLAG_LOCK));
+ if ((value = dict_get(dicts[n], STR(keybuf))) != 0) {
+ vstream_printf("%s: %s\n", STR(keybuf), value);
+ found = 1;
+ break;
+ }
+ }
+ }
+ if (found)
+ vstream_fflush(VSTREAM_OUT);
+
+ /*
+ * Cleanup.
+ */
+ for (n = 0; n < map_count; n++)
+ if (dicts[n])
+ dict_close(dicts[n]);
+ myfree((char *) dicts);
+ vstring_free(keybuf);
+
+ return (found);
+}
+
/* postalias_query - query a map and print the result to stdout */
static int postalias_query(const char *map_type, const char *map_name,
return (value != 0);
}
+/* postalias_deletes - apply multiple requests from stdin */
+
+static int postalias_deletes(VSTREAM *in, char **maps, const int map_count)
+{
+ int found = 0;
+ VSTRING *keybuf = vstring_alloc(100);
+ DICT **dicts;
+ const char *map_name;
+ int n;
+
+ /*
+ * Sanity check.
+ */
+ if (map_count <= 0)
+ msg_panic("postalias_deletes: bad map count");
+
+ /*
+ * Open maps ahead of time.
+ */
+ dicts = (DICT **) mymalloc(sizeof(*dicts) * map_count);
+ for (n = 0; n < map_count; n++)
+ dicts[n] = ((map_name = split_at(maps[n], ':')) != 0 ?
+ dict_open3(maps[n], map_name, O_RDWR, DICT_FLAG_LOCK) :
+ dict_open3(var_db_type, maps[n], O_RDWR, DICT_FLAG_LOCK));
+
+ /*
+ * Perform all requests.
+ */
+ while (vstring_get_nonl(keybuf, in) != VSTREAM_EOF)
+ for (n = 0; n < map_count; n++)
+ found |= (dict_del(dicts[n], STR(keybuf)) == 0);
+
+ /*
+ * Cleanup.
+ */
+ for (n = 0; n < map_count; n++)
+ if (dicts[n])
+ dict_close(dicts[n]);
+ myfree((char *) dicts);
+ vstring_free(keybuf);
+
+ return (found);
+}
+
/* postalias_delete - delete a key value pair from a map */
static int postalias_delete(const char *map_type, const char *map_name,
DICT *dict;
int status;
- /*
- * XXX This must be generalized to multi-key (read from stdin) and
- * multi-map (given on command line) updates.
- */
dict = dict_open3(map_type, map_name, O_RDWR, DICT_FLAG_LOCK);
status = dict_del(dict, key);
dict_close(dict);
if (delkey) { /* remove entry */
if (optind + 1 > argc)
usage(argv[0]);
+ if (strcmp(delkey, "-") == 0)
+ exit(postalias_deletes(VSTREAM_IN, argv + optind, argc - optind) == 0);
found = 0;
while (optind < argc) {
if ((path_name = split_at(argv[optind], ':')) != 0) {
} else if (query) { /* query map(s) */
if (optind + 1 > argc)
usage(argv[0]);
+ if (strcmp(query, "-") == 0)
+ exit(postalias_queries(VSTREAM_IN, argv + optind, argc - optind) == 0);
while (optind < argc) {
if ((path_name = split_at(argv[optind], ':')) != 0) {
found = postalias_query(argv[optind], path_name, query);
/* instead of the default configuration directory.
/* .IP "\fB-d \fIkey\fR"
/* Search the specified maps for \fIkey\fR and remove one entry per map.
-/* The exit status is non-zero if the requested information was not found.
+/* The exit status is zero when the requested information was found.
+/*
+/* If a key value of \fB-\fR is specified, the program reads key
+/* values from the standard input stream. The exit status is zero
+/* when at least one of the requested keys was found.
/* .IP \fB-i\fR
/* Incremental mode. Read entries from standard input and do not
/* truncate an existing database. By default, \fBpostmap\fR creates
/* the host operating system.
/* .IP "\fB-q \fIkey\fR"
/* Search the specified maps for \fIkey\fR and print the first value
-/* found on the standard output stream. The exit status is non-zero
-/* if the requested information was not found.
+/* found on the standard output stream. The exit status is zero
+/* when the requested information was found.
+/*
+/* If a key value of \fB-\fR is specified, the program reads key
+/* values from the standard input stream and prints one line of
+/* \fIkey value\fR output for each key that was found. The exit
+/* status is zero when at least one of the requested keys was found.
/* .IP \fB-r\fR
/* When updating a table, do not warn about duplicate entries; silently
/* replace them.
#include <readlline.h>
#include <stringops.h>
#include <split_at.h>
+#include <vstring_vstream.h>
/* Global library. */
vstream_fclose(source_fp);
}
+/* postmap_queries - apply multiple requests from stdin */
+
+static int postmap_queries(VSTREAM *in, char **maps, const int map_count)
+{
+ int found = 0;
+ VSTRING *keybuf = vstring_alloc(100);
+ DICT **dicts;
+ const char *map_name;
+ const char *value;
+ int n;
+
+ /*
+ * Sanity check.
+ */
+ if (map_count <= 0)
+ msg_panic("postmap_queries: bad map count");
+
+ /*
+ * Prepare to open maps lazily.
+ */
+ dicts = (DICT **) mymalloc(sizeof(*dicts) * map_count);
+ for (n = 0; n < map_count; n++)
+ dicts[n] = 0;
+
+ /*
+ * Perform all queries. Open maps on the fly, to avoid opening unecessary
+ * maps.
+ */
+ while (vstring_get_nonl(keybuf, in) != VSTREAM_EOF) {
+ for (n = 0; n < map_count; n++) {
+ if (dicts[n] == 0)
+ dicts[n] = ((map_name = split_at(maps[n], ':')) != 0 ?
+ dict_open3(maps[n], map_name, O_RDONLY, DICT_FLAG_LOCK) :
+ dict_open3(var_db_type, maps[n], O_RDONLY, DICT_FLAG_LOCK));
+ if ((value = dict_get(dicts[n], STR(keybuf))) != 0) {
+ vstream_printf("%s %s\n", STR(keybuf), value);
+ found = 1;
+ break;
+ }
+ }
+ }
+ if (found)
+ vstream_fflush(VSTREAM_OUT);
+
+ /*
+ * Cleanup.
+ */
+ for (n = 0; n < map_count; n++)
+ if (dicts[n])
+ dict_close(dicts[n]);
+ myfree((char *) dicts);
+ vstring_free(keybuf);
+
+ return (found);
+}
+
/* postmap_query - query a map and print the result to stdout */
static int postmap_query(const char *map_type, const char *map_name,
return (value != 0);
}
+/* postmap_deletes - apply multiple requests from stdin */
+
+static int postmap_deletes(VSTREAM *in, char **maps, const int map_count)
+{
+ int found = 0;
+ VSTRING *keybuf = vstring_alloc(100);
+ DICT **dicts;
+ const char *map_name;
+ int n;
+
+ /*
+ * Sanity check.
+ */
+ if (map_count <= 0)
+ msg_panic("postmap_deletes: bad map count");
+
+ /*
+ * Open maps ahead of time.
+ */
+ dicts = (DICT **) mymalloc(sizeof(*dicts) * map_count);
+ for (n = 0; n < map_count; n++)
+ dicts[n] = ((map_name = split_at(maps[n], ':')) != 0 ?
+ dict_open3(maps[n], map_name, O_RDWR, DICT_FLAG_LOCK) :
+ dict_open3(var_db_type, maps[n], O_RDWR, DICT_FLAG_LOCK));
+
+ /*
+ * Perform all requests.
+ */
+ while (vstring_get_nonl(keybuf, in) != VSTREAM_EOF)
+ for (n = 0; n < map_count; n++)
+ found |= (dict_del(dicts[n], STR(keybuf)) == 0);
+
+ /*
+ * Cleanup.
+ */
+ for (n = 0; n < map_count; n++)
+ if (dicts[n])
+ dict_close(dicts[n]);
+ myfree((char *) dicts);
+ vstring_free(keybuf);
+
+ return (found);
+}
+
/* postmap_delete - delete a (key, value) pair from a map */
static int postmap_delete(const char *map_type, const char *map_name,
DICT *dict;
int status;
- /*
- * XXX This must be generalized to multi-key (read from stdin) and
- * multi-map (given on command line) updates.
- */
dict = dict_open3(map_type, map_name, O_RDWR, DICT_FLAG_LOCK);
status = dict_del(dict, key);
dict_close(dict);
if (delkey) { /* remove entry */
if (optind + 1 > argc)
usage(argv[0]);
+ if (strcmp(delkey, "-") == 0)
+ exit(postmap_deletes(VSTREAM_IN, argv + optind, argc - optind) == 0);
found = 0;
while (optind < argc) {
if ((path_name = split_at(argv[optind], ':')) != 0) {
} else if (query) { /* query map(s) */
if (optind + 1 > argc)
usage(argv[0]);
+ if (strcmp(query, "-") == 0)
+ exit(postmap_queries(VSTREAM_IN, argv + optind, argc - optind) == 0);
while (optind < argc) {
if ((path_name = split_at(argv[optind], ':')) != 0) {
found = postmap_query(argv[optind], path_name, query);
} else if (*var_bestmx_transp != 0) { /* we're best MX */
smtp_errno = SMTP_OK;
} else {
+ msg_warn("mailer loop: best MX host for %s is local",
+ name);
vstring_sprintf(why, "mail for %s loops back to myself",
name);
smtp_errno = SMTP_FAIL;
* error.
*/
if (state->rcpt_count == 0) {
- if (state->cleanup == 0)
+ if (state->cleanup == 0) {
state->error_mask |= MAIL_ERROR_PROTOCOL;
- smtpd_chat_reply(state, "503 Error: need RCPT command");
+ smtpd_chat_reply(state, "503 Error: need RCPT command");
+ } else {
+ smtpd_chat_reply(state, "550 Error: no valid recipients");
+ }
return (-1);
}
if (argc != 1) {
if (msg_verbose)
msg_info("%s: %s", myname, state->addr);
+ /*
+ * IPv4 only for now
+ */
+#ifdef INET6
+ if (inet_pton(AF_INET, state->addr, &a) != 1)
+ return SMTPD_CHECK_DUNNO;
+#endif
+
/*
* Build the constant part of the RBL query: the reverse client address.
*/
db_path = concatenate(path, ".db", (char *) 0);
+ /*
+ * Note: DICT_FLAG_LOCK is used only by programs that do fine-grained (in
+ * the time domain) locking while accessing individual database records.
+ *
+ * Programs such as postmap/postalias use their own large-grained (in the
+ * time domain) locks while rewriting the entire file.
+ */
if (dict_flags & DICT_FLAG_LOCK) {
if ((lock_fd = open(db_path, open_flags, 0644)) < 0)
msg_fatal("open database %s: %m", db_path);
if (fstat(dict_db->dict.fd, &st) < 0)
msg_fatal("dict_db_open: fstat: %m");
dict_db->dict.mtime = st.st_mtime;
+
+ /*
+ * Warn if the source file is newer than the indexed file, except when
+ * the source file changed only seconds ago.
+ */
+ if ((dict_flags & DICT_FLAG_LOCK) != 0
+ && stat(path, &st) == 0
+ && st.st_mtime > dict_db->dict.mtime
+ && st.st_mtime < time((time_t *) 0) - 100)
+ msg_warn("database %s is older than source file %s", db_path, path);
+
close_on_exec(dict_db->dict.fd, CLOSE_ON_EXEC);
dict_db->dict.flags = dict_flags | DICT_FLAG_FIXED;
if ((dict_flags & (DICT_FLAG_TRY1NULL | DICT_FLAG_TRY0NULL)) == 0)
dict_db->dict.flags |= (DICT_FLAG_TRY1NULL | DICT_FLAG_TRY0NULL);
dict_db->db = db;
myfree(db_path);
- return (DICT_DEBUG(&dict_db->dict));
+ return (DICT_DEBUG (&dict_db->dict));
}
/* dict_hash_open - create association with data base */
char *dbm_path;
int lock_fd;
+ /*
+ * Note: DICT_FLAG_LOCK is used only by programs that do fine-grained (in
+ * the time domain) locking while accessing individual database records.
+ *
+ * Programs such as postmap/postalias use their own large-grained (in the
+ * time domain) locks while rewriting the entire file.
+ */
if (dict_flags & DICT_FLAG_LOCK) {
dbm_path = concatenate(path, ".pag", (char *) 0);
if ((lock_fd = open(dbm_path, open_flags, 0644)) < 0)
msg_fatal("unlock database %s for open: %m", dbm_path);
if (close(lock_fd) < 0)
msg_fatal("close database %s: %m", dbm_path);
- myfree(dbm_path);
}
dict_dbm = (DICT_DBM *) dict_alloc(DICT_TYPE_DBM, path, sizeof(*dict_dbm));
dict_dbm->dict.lookup = dict_dbm_lookup;
if (fstat(dict_dbm->dict.fd, &st) < 0)
msg_fatal("dict_dbm_open: fstat: %m");
dict_dbm->dict.mtime = st.st_mtime;
+
+ /*
+ * Warn if the source file is newer than the indexed file, except when
+ * the source file changed only seconds ago.
+ */
+ if ((dict_flags & DICT_FLAG_LOCK) != 0
+ && stat(path, &st) == 0
+ && st.st_mtime > dict_dbm->dict.mtime
+ && st.st_mtime < time((time_t *) 0) - 100)
+ msg_warn("database %s is older than source file %s", dbm_path, path);
+
close_on_exec(dbm_pagfno(dbm), CLOSE_ON_EXEC);
close_on_exec(dbm_dirfno(dbm), CLOSE_ON_EXEC);
dict_dbm->dict.flags = dict_flags | DICT_FLAG_FIXED;
dict_dbm->dict.flags |= (DICT_FLAG_TRY0NULL | DICT_FLAG_TRY1NULL);
dict_dbm->dbm = dbm;
- return (DICT_DEBUG(&dict_dbm->dict));
+ if ((dict_flags & DICT_FLAG_LOCK))
+ myfree(dbm_path);
+
+ return (DICT_DEBUG (&dict_dbm->dict));
}
#endif
entry = ldap_next_entry(dict_ldap->ld, entry)) {
attr = ldap_first_attribute(dict_ldap->ld, entry, &ber);
if (attr == NULL) {
- msg_warn("%s: no attributes found", myname);
+ if (msg_verbose)
+ msg_info("%s: no attributes found", myname);
continue;
}
for (; attr != NULL;
vals = ldap_get_values(dict_ldap->ld, entry, attr);
if (vals == NULL) {
- msg_warn("%s: Entry doesn't have any values for %s",
- myname, attr);
+ if (msg_verbose)
+ msg_info("%s: Entry doesn't have any values for %s",
+ myname, attr);
continue;
}
for (i = 0; dict_ldap->result_attributes->argv[i]; i++) {
if (i > 0)
vstring_strcat(result, ",");
for (j = 0; j < mysql_num_fields(query_res); j++) {
+ if (row[j] == 0) {
+ if (msg_verbose > 1)
+ msg_info("dict_mysql_lookup: null field #%d row #%d", j, i);
+ mysql_free_result(query_res);
+ return (0);
+ }
if (j > 0)
vstring_strcat(result, ",");
vstring_strcat(result, row[j]);
projects / thirdparty / postfix.git / commitdiff
