--- /dev/null
+This is a very first implementation of Postfix content filtering.
+It involves an incompatible change to queue file formats. Older
+Postfix versions will reject mail that needs to be content filtered,
+and will move the queue file to the "corrupt" mail queue subdirectory.
+
+This document describes two approaches to content filtering.
+
+Simple content filtering example
+================================
+
+The first example is simpler to set up, but is also more resource
+intensive. With the shell script as shown you will lose a factor
+of four in Postfix performance for transit mail that arrives and
+leaves via SMTP. You will lose another factor in transit performance
+for each additional temporary file that is created and deleted in
+the process of content filtering. The performance impact is less
+for mail that is submitted or delivered locally, because such
+deliveries are not as fast as SMTP transit mail.
+
+The example assumes that only mail arriving via SMTP needs to be
+content filtered.
+
+ ..................................
+ . Postfix .
+ ------smtpd \ /local-----
+ . -cleanup->queue- .
+ -----pickup / \smtp------
+ ^ . | .
+ | . \pipe-----+
+ | .................................. |
+ | |
+ | |
+ +------sendmail<-------filter<---------+
+
+Create a dedicated local user account called "filter". The user
+will never log in, and can be given a "*" password and non-existent
+shell and home.
+
+Create a directory /var/spool/filter that is accessible only to
+the "filter" user. This is where the content filtering will store
+its temporary files.
+
+Define a content filtering entry in the Postfix master file:
+
+ /etc/postfix/master.cf:
+ filter unix - n n - - pipe
+ user=filter argv=/some/where/filter -f ${sender} -- ${recipient}
+
+The filter program can start out as a simple shell script like this:
+
+ #!/bin/sh
+
+ # Localize these
+ INSPECT_DIR=/var/spool/filter
+ SENDMAIL=/usr/sbin/sendmail
+
+ # Exit codes from <sysexits.h>
+ EX_TEMPFAIL=75
+ EX_UNAVAILABLE=69
+
+ cd $INSPECT_DIR || { echo $INSPECT_DIR does not exist; exit $EX_TEMPFAIL; }
+
+ # Clean up when done or when aborting.
+ trap "rm -f in.$$; exit" 0 1 2 3 15
+
+ cat >in.$$ || { echo Cannot save mail to file; exit $EX_TEMPFAIL; }
+
+ # filter <in.$$ || { echo Message content rejected; exit $EX_UNAVAILABLE; }
+
+ $SENDMAIL "$@" <in.$$
+
+ exit $?
+
+The idea is to first capture the message to file and then run the
+content through run a third-party content filter program. If the
+mail cannot be captured to file, mail delivery is deferred by
+terminating with exit status 75 (EX_TEMPFAIL). If the content
+filter program finds a problem, the mail is bounced by terminating
+the filter command with exit status 69 (EX_UNAVAILABLE). If the
+content is OK, it is given as input to Postfix sendmail, and the
+exit status of the filter command is whatever exit status Postfix
+sendmail produces.
+
+The problem with content filterings like this is that they are not
+very robust, because they do not talk a well-defined protocol with
+Postfix. If the filter command aborts because of some memory
+allocation problem, it will not produce a nice exit status as per
+/usr/include/sysexits.h and mail will probably bounce. The same
+lack of robustness is possible when the content filtering software
+itself runs into a resource problem.
+
+I suggest that you play with this script for a while until you are
+satisfied with the results. Run it as root or as the filter user,
+with a real message (headers+body) as input:
+
+ # /some/where/filter -f sender recipient... <message-file
+
+Turn on content filtering for mail arriving via SMTP only, by
+appending "-o content_filter=filter:dummy" to the master.cf
+entry that defines the Postfix SMTP server:
+
+ /etc/postfix/master.cf:
+ smtp inet ...stuff... smtpd
+ -o content_filter=filter:dummy
+
+The content_filter configuration parameter accepts the same
+syntax as the right-hand side in a Postfix transport table.
+
+Postfix snapshot-20000529 requires that you specify a dummy
+destination as shown in the example. This is no longer necessary
+with later Postfix versions.
+
+Advanced content filtering example
+===================================
+
+The second example is considerably more complex, but can give much
+better performance, and is less likely to bounce mail when the
+machine runs into a resource problem. This approach uses content
+filtering software that can receive and deliver mail via SMTP.
+You can expect to lose about a factor of two in Postfix performance
+for transit mail that arrives and leaves via SMTP, provided that
+you create no temporary files. Each temporary file adds another
+factor to the performance loss.
+
+We will set up a content filtering program listening on localhost
+port 10025 that receives mail via the SMTP protocol, and that
+submits mail back into Postfix via localhost port 10026.
+
+ ..................................
+ . Postfix .
+ ------smtpd \ /local-----
+ . -cleanup->queue- .
+ -----pickup / ^ | \smtp------
+ . | v .
+ . smtpd smtp .
+ . 10026 | .
+ ......................|...........
+ ^ |
+ | v
+ ....|............
+ . | 10025 .
+ . filtering .
+ . .
+ .................
+
+To enable content filtering in this manner, specify in main.cf a
+new parameter:
+
+ /etc/postfix/main.cf:
+ content_filter = smtp:localhost:10025
+
+This causes Postfix to add one extra content filtering record to
+each incoming mail message, with content smtp:localhost:10025.
+You can use the same syntax as in the right-hand side of a Postfix
+transport table. The content filtering records are added by the
+smtpd and pickup servers.
+
+When a queue file has content filtering information, the queue
+manager will deliver the mail to the specified content filtering
+regardless of its final destination.
+
+The content filtering can be set up with the Postfix spawn service,
+which is the Postfix equivalent of inetd. For example, to instantiate
+up to 10 content filtering processes on demand:
+
+ /etc/postfix/master.cf:
+ localhost:10025 inet n n n - 10 spawn
+ user=filter argv=/some/where/filter localhost 10026
+
+"filter" is a dedicated local user account. The user will never
+log in, and can be given a "*" password and non-existent shell and
+home.
+
+The spawn server is part of Postfix but is not installed by default.
+Edit the top-level Makefile.in file, run "make makefiles", "make",
+and "make install". The manual page isn't installed by default,
+either. See the spawn.c source file.
+
+The /some/where/filter command is most likely a PERL script. PERL
+has modules that make talking SMTP easy. The command-line specifies
+that mail should be sent back into Postfix via localhost port 10026.
+
+For now, it is left up to the Postfix users to come up with a
+PERL/SMTP framework for Postfix content filtering. If done well,
+it can be used with other mailers too, which is a nice spin-off.
+
+The simplest content filtering just copies SMTP commands and data
+between its inputs and outputs. If it has a problem, all it has to
+do is to reply to an input of `.' with `550 content rejected', and
+to disconnect its output side instead of sending `.'.
+
+The job of the content filtering is to either bounce mail with a
+suitable diagnostic, or to feed the mail back into Postfix through
+a dedicated listener on port localhost 10026:
+
+ /etc/postfix/master.cf:
+ localhost:10026 inet n - n - 10 smtpd
+ -o content_filter= myhostname=localhost.domain.name
+
+This is just another SMTP server. It is configured NOT to request
+content filtering for incoming mail, has the same process limit
+as the filter master.cf entry, and is configured to use a different
+hostname in the greeting message (this is necessary for testing
+when I simply use no filtering program and let the SMTP content
+filtering interfaces talk directly to each other).
feature. File: cleanup/cleanup_message.c. See also the
conf/sample-filter.cf file.
-20000529
+20000530
- Feature: full content inspection through external software.
- This uses existing interfaces for sending and receiving mail
- from and to the content inspector. Currently, only the SMTP
- server is suitable for receiving inspected mail. Details
- in INSPECTION_README. Files: pickup/pickup.c, smtpd/smtpd.c,
- qmgr/qmgr_message.c.
+ Feature: full content filtering through external software.
+ This uses existing interfaces for sending mail to the
+ external content filter and for injecting it back into
+ Postfix. Details in FILTER_README. Files: pickup/pickup.c,
+ smtpd/smtpd.c, qmgr/qmgr_message.c.
+
+20000531
+
+ More SASL feedback by Liviu Daia, regarding the use of
+ authentication realms. File smtpd/smtpd_sasl_glue.c.
+
+ Added a simple shell-script based content filtering example
+ to the FILTER_README file.
+
+ Content filtering support for nqmgr by Patrik Rak. File:
+ nqmgr/qmgr_message.c.
+
+ Renamed "content inspection" etc. to "content filtering"
+ in anticipation of a new hook for content inspection that
+ only inspects mail without re-injecting it into Postfix.
+++ /dev/null
-This is a very first implementation of Postfix content inspection.
-It involves an incompatible change to queue file formats. Older
-Postfix versions will move the mail aside to the "corrupt" mail
-queue subdirectory.
-
-The example uses content inspection software that can receive and
-deliver mail via SMTP. At present, Postfix can receive already
-inspected mail only via SMTP. In the future it may become possible
-to submit already filtered mail via the postdrop command. However,
-doing business over SMTP is much less inefficient.
-
-We will set up a content inspector program listening on localhost
-port 10025 that receives mail via the SMTP protocol, and that
-submits mail back into Postfix via localhost port 10026.
-
- ..................................
- . Postfix .
- ------smtpd \ /local-----
- . -cleanup->queue- .
- -----pickup / ^ | \smtp------
- . | v .
- . smtpd smtp .
- . 10026 | .
- ......................|...........
- ^ |
- | v
- ....|............
- . | 10025 .
- . inspector .
- . .
- .................
-
-To enable content inspection in this manner, specify in main.cf a
-new parameter:
-
- /etc/postfix/main.cf:
- content_inspector = smtp:localhost:10025
-
-This causes Postfix to add one extra content inspection record to
-each incoming mail message, with content smtp:localhost:10025.
-You can use the same syntax as in the right-hand side of a Postfix
-transport table. The content inspection records are added by the
-smtpd and pickup servers.
-
-When a queue file has content inspection information, the queue
-manager will deliver the mail to the specified content inspector
-regardless of its final destination.
-
-Setting up the content inspector could be done with the Postfix
-spawn service, to instantiate up to 10 processes on demand:
-
- /etc/postfix/master.cf:
- localhost:10025 inet - n n - 10 spawn
- user=inspect argv=/some/where/inspect localhost 10026
-
-The spawn server is part of Postfix but is not installed by default.
-Edit the top-level Makefile.in file, run "make makefiles", "make",
-and "make install".
-
-The /some/where/inspect command is most likely a PERL script. PERL
-has modules that make talking SMTP easy. The command-line specifies
-that mail shouldbe sent back into Postfix via localhost port 10026.
-
-The job of the content inspector is to either bounce mail with a
-suitable diagnostic, or to feed the mail back into Postfix through
-a dedicated listener on port localhost 10026:
-
- /etc/postfix/master.cf:
- localhost:10026 inet n - n - 0 smtpd
- -o content_inspector= myhostname=localhost.domain.name
-
-This is just another SMTP server. It is configured NOT to request
-content inspection for incoming mail, has no process limit (so
-Postfix will not deadlock), and is configured to use a different
-hostname in the greeting message (this is necessary for testing
-when I simply use no inspector program and let the SMTP content
-inspection interfaces talk directly to each other).
+Incompatible changes with snapshot-20000531
+===========================================
+
+All references to "content inspection" have been replaced by "content
+filtering", in anticipation of hooks for true content inspection
+that does not re-inject mail back into Postfix.
+
Incompatible changes with snapshot-20000529
===========================================
This version introduces an incompatible queue file format change
-when content inspection is enabled. Old Postfix queue files will
-work fine, but new queue files will not work with old Postfix
-versions. They log a warning and move incompatible queue files to
-the "corrupt" mail queue subdirectory.
+when content filtering is enabled. Old Postfix queue files will
+work fine, but new queue files with content filtering info will
+not work with old Postfix versions. They log a warning and move
+incompatible queue files to the "corrupt" mail queue subdirectory.
Major changes with snapshot-20000529
====================================
-This version introduces full content inspection through an external
+This version introduces full content filtering through an external
process. This involves an incompatible change in queue file format.
-Mail is delivered to content inspection software via an existing
+Mail is delivered to content filtering software via an existing
mail delivery agent, and is re-injected into Postfix via an existing
-mail submission agent. Presently, only the Postfix SMTP server is
-suitable for receiving already inspected mail. Details in the
-INSPECTION_README file.
+mail submission agent. See examples in the FILTER_README file.
+Depending on how the filter is implemented, you can expect to lose
+a factor of 2 to 4 in delivery performance of SMTP transit mail,
+more if the content filtering software needs lots of CPU or memory.
Major changes with snapshot-20000528
====================================
extern void mail_params_init(void);
/*
- * Content inspection transport. The things we have to do because some
- * over-paid peecee programmers could not do a proper job.
+ * Content inspection and filtering.
*/
-#define VAR_INSPECT_XPORT "content_inspector"
-#define DEF_INSPECT_XPORT ""
-extern char *var_inspect_xport;
+#define VAR_FILTER_XPORT "content_filter"
+#define DEF_FILTER_XPORT ""
+extern char *var_filter_xport;
/* LICENSE
/* .ad
* Version of this program.
*/
#define VAR_MAIL_VERSION "mail_version"
-#define DEF_MAIL_VERSION "Snapshot-20000529"
+#define DEF_MAIL_VERSION "Snapshot-20000531"
extern char *var_mail_version;
/* LICENSE
REC_TYPE_TIME, "time",
REC_TYPE_FULL, "fullname",
REC_TYPE_INSP, "content_inspector",
+ REC_TYPE_FILT, "content_filter",
REC_TYPE_FROM, "sender",
REC_TYPE_DONE, "done",
REC_TYPE_RCPT, "recipient",
#define REC_TYPE_TIME 'T' /* time stamp, required */
#define REC_TYPE_FULL 'F' /* full name, optional */
#define REC_TYPE_INSP 'I' /* inspector transport */
+#define REC_TYPE_FILT 'L' /* loop filter transport */
#define REC_TYPE_FROM 'S' /* sender, required */
#define REC_TYPE_DONE 'D' /* delivered recipient, optional */
#define REC_TYPE_RCPT 'R' /* todo recipient, optional */
* record groups. The first member in each set is the record type that
* indicates the end of that record group.
*/
-#define REC_TYPE_ENVELOPE "MCTFISDRW"
+#define REC_TYPE_ENVELOPE "MCTFILSDRW"
#define REC_TYPE_CONTENT "XLN"
#define REC_TYPE_EXTRACT "EDRPre"
#define REC_TYPE_NOEXTRACT "E"
command after a configuration change.
<b>Content</b> <b>inspection</b> <b>controls</b>
- <b>content</b><i>_</i><b>inspector</b>
- The name of a mail delivery transport that inspects
- mail prior to delivery. This parameter uses the
- same syntax as the right-hand side of a Postfix
+ <b>content</b><i>_</i><b>filter</b>
+ The name of a mail delivery transport that filters
+ mail and that either bounces mail or re-injects the
+ result back into Postfix. This parameter uses the
+ same syntax as the right-hand side of a Postfix
transport table.
<b>Miscellaneous</b>
<b>always</b><i>_</i><b>bcc</b>
- Address to send a copy of each message that enters
+ Address to send a copy of each message that enters
the system.
-
1
<b>mail</b><i>_</i><b>owner</b>
- The process privileges used while not opening a
+ The process privileges used while not opening a
<b>maildrop</b> file.
<b>queue</b><i>_</i><b>directory</b>
syslogd(8) system logging
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
comments, like Sendmail does.
<b>Content</b> <b>inspection</b> <b>controls</b>
- <b>content</b><i>_</i><b>inspector</b>
- The name of a mail delivery transport that inspects
- mail prior to delivery. This parameter uses the
- same syntax as the right-hand side of a Postfix
+ <b>content</b><i>_</i><b>filter</b>
+ The name of a mail delivery transport that filters
+ mail and that either bounces mail or re-injects the
+ result back into Postfix. This parameter uses the
+ same syntax as the right-hand side of a Postfix
transport table.
<b>Authenication</b> <b>controls</b>
<b>enable</b><i>_</i><b>sasl</b><i>_</i><b>authentication</b>
- Enable per-session authentication as per <a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a>
- (SASL). This functionality is available only when
+ Enable per-session authentication as per <a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a>
+ (SASL). This functionality is available only when
explicitly selected at program build time and
explicitly enabled at runtime.
<b>Miscellaneous</b>
<b>always</b><i>_</i><b>bcc</b>
- Address to send a copy of each message that enters
+ Address to send a copy of each message that enters
the system.
<b>command</b><i>_</i><b>directory</b>
<b>$program</b><i>_</i><b>directory</b>).
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>level</b>
- Increment in verbose logging level when a remote
+ Increment in verbose logging level when a remote
host matches a pattern in the <b>debug</b><i>_</i><b>peer</b><i>_</i><b>list</b>
- parameter.
SMTPD(8) SMTPD(8)
+ parameter.
+
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>list</b>
- List of domain or network patterns. When a remote
- host matches a pattern, increase the verbose log-
- ging level by the amount specified in the
+ List of domain or network patterns. When a remote
+ host matches a pattern, increase the verbose log-
+ ging level by the amount specified in the
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>level</b> parameter.
<b>error</b><i>_</i><b>notice</b><i>_</i><b>recipient</b>
- Recipient of protocol/policy/resource/software
+ Recipient of protocol/policy/resource/software
error notices.
<b>hopcount</b><i>_</i><b>limit</b>
Limit the number of <b>Received:</b> message headers.
<b>local</b><i>_</i><b>recipient</b><i>_</i><b>maps</b>
- List of maps with user names that are local to
+ List of maps with user names that are local to
<b>$myorigin</b> or <b>$inet</b><i>_</i><b>interfaces</b>. If this parameter is
- defined, then the SMTP server rejects mail for
+ defined, then the SMTP server rejects mail for
unknown local users.
<b>notify</b><i>_</i><b>classes</b>
List of error classes. Of special interest are:
- <b>policy</b> When a client violates any policy, mail a
+ <b>policy</b> When a client violates any policy, mail a
transcript of the entire SMTP session to the
postmaster.
<b>protocol</b>
- When a client violates the SMTP protocol or
+ When a client violates the SMTP protocol or
issues an unimplemented command, mail a
transcript of the entire SMTP session to the
postmaster.
<b>smtpd</b><i>_</i><b>banner</b>
- Text that follows the <b>220</b> status code in the SMTP
+ Text that follows the <b>220</b> status code in the SMTP
greeting banner.
<b>smtpd</b><i>_</i><b>recipient</b><i>_</i><b>limit</b>
- Restrict the number of recipients that the SMTP
+ Restrict the number of recipients that the SMTP
server accepts per message delivery.
<b>smtpd</b><i>_</i><b>timeout</b>
- Limit the time to send a server response and to
+ Limit the time to send a server response and to
receive a client request.
<b>Resource</b> <b>controls</b>
<b>line</b><i>_</i><b>length</b><i>_</i><b>limit</b>
- Limit the amount of memory in bytes used for the
+ Limit the amount of memory in bytes used for the
handling of partial input lines.
<b>message</b><i>_</i><b>size</b><i>_</i><b>limit</b>
-
-
3
<b>queue</b><i>_</i><b>minfree</b>
- Minimal amount of free space in bytes in the queue
- file system for the SMTP server to accept any mail
+ Minimal amount of free space in bytes in the queue
+ file system for the SMTP server to accept any mail
at all.
<b>Tarpitting</b>
<b>smtpd</b><i>_</i><b>soft</b><i>_</i><b>error</b><i>_</i><b>limit</b>
When an SMTP client has made this number of errors,
- wait <i>error_count</i> seconds before responding to any
+ wait <i>error_count</i> seconds before responding to any
client request.
<b>smtpd</b><i>_</i><b>hard</b><i>_</i><b>error</b><i>_</i><b>limit</b>
- Disconnect after a client has made this number of
+ Disconnect after a client has made this number of
errors.
<b>smtpd</b><i>_</i><b>junk</b><i>_</i><b>command</b><i>_</i><b>limit</b>
Limit the number of times a client can issue a junk
- command such as NOOP, VRFY, ETRN or RSET in one
- SMTP session before it is penalized with tarpit
+ command such as NOOP, VRFY, ETRN or RSET in one
+ SMTP session before it is penalized with tarpit
delays.
<b>UCE</b> <b>control</b> <b>restrictions</b>
tem.
<b>smtpd</b><i>_</i><b>helo</b><i>_</i><b>required</b>
- Require that clients introduce themselves at the
+ Require that clients introduce themselves at the
beginning of an SMTP session.
<b>smtpd</b><i>_</i><b>helo</b><i>_</i><b>restrictions</b>
- Restrict what client hostnames are allowed in <b>HELO</b>
+ Restrict what client hostnames are allowed in <b>HELO</b>
and <b>EHLO</b> commands.
<b>smtpd</b><i>_</i><b>sender</b><i>_</i><b>restrictions</b>
- Restrict what sender addresses are allowed in <b>MAIL</b>
+ Restrict what sender addresses are allowed in <b>MAIL</b>
<b>FROM</b> commands.
<b>smtpd</b><i>_</i><b>recipient</b><i>_</i><b>restrictions</b>
- Restrict what recipient addresses are allowed in
+ Restrict what recipient addresses are allowed in
<b>RCPT</b> <b>TO</b> commands.
<b>smtpd</b><i>_</i><b>etrn</b><i>_</i><b>restrictions</b>
mands, and what clients may issue <b>ETRN</b> commands.
<b>allow</b><i>_</i><b>untrusted</b><i>_</i><b>routing</b>
- Allow untrusted clients to specify addresses with
- sender-specified routing. Enabling this opens up
- nasty relay loopholes involving trusted backup MX
+ Allow untrusted clients to specify addresses with
+ sender-specified routing. Enabling this opens up
+ nasty relay loopholes involving trusted backup MX
hosts.
<b>restriction</b><i>_</i><b>classes</b>
- Declares the name of zero or more parameters that
- contain a list of UCE restrictions. The names of
- these parameters can then be used instead of the
+ Declares the name of zero or more parameters that
+ contain a list of UCE restrictions. The names of
+ these parameters can then be used instead of the
restriction lists that they represent.
<b>maps</b><i>_</i><b>rbl</b><i>_</i><b>domains</b>
- List of DNS domains that publish the addresses of
+ List of DNS domains that publish the addresses of
blacklisted hosts.
<b>relay</b><i>_</i><b>domains</b>
- Restrict what domains or networks this mail system
+ Restrict what domains or networks this mail system
will relay mail from or to.
<b>UCE</b> <b>control</b> <b>responses</b>
<b>access</b><i>_</i><b>map</b><i>_</i><b>reject</b><i>_</i><b>code</b>
- Server response when a client violates an access
+ Server response when a client violates an access
database restriction.
<b>invalid</b><i>_</i><b>hostname</b><i>_</i><b>reject</b><i>_</i><b>code</b>
- Server response when a client violates the
+ Server response when a client violates the
<b>reject</b><i>_</i><b>invalid</b><i>_</i><b>hostname</b> restriction.
<b>maps</b><i>_</i><b>rbl</b><i>_</i><b>reject</b><i>_</i><b>code</b>
- Server response when a client violates the
+ Server response when a client violates the
<b>maps</b><i>_</i><b>rbl</b><i>_</i><b>domains</b> restriction.
<b>reject</b><i>_</i><b>code</b>
- Response code when the client matches a <b>reject</b>
+ Response code when the client matches a <b>reject</b>
restriction.
<b>relay</b><i>_</i><b>domains</b><i>_</i><b>reject</b><i>_</i><b>code</b>
- Server response when a client attempts to violate
+ Server response when a client attempts to violate
the mail relay policy.
<b>unknown</b><i>_</i><b>address</b><i>_</i><b>reject</b><i>_</i><b>code</b>
- Server response when a client violates the
+ Server response when a client violates the
<b>reject</b><i>_</i><b>unknown</b><i>_</i><b>address</b> restriction.
<b>unknown</b><i>_</i><b>client</b><i>_</i><b>reject</b><i>_</i><b>code</b>
- Server response when a client without address to
- name mapping violates the <b>reject</b><i>_</i><b>unknown</b><i>_</i><b>clients</b>
+ Server response when a client without address to
+ name mapping violates the <b>reject</b><i>_</i><b>unknown</b><i>_</i><b>clients</b>
restriction.
<b>unknown</b><i>_</i><b>hostname</b><i>_</i><b>reject</b><i>_</i><b>code</b>
- Server response when a client violates the
+ Server response when a client violates the
<b>reject</b><i>_</i><b>unknown</b><i>_</i><b>hostname</b> restriction.
<b>SEE</b> <b>ALSO</b>
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
and for default values. Use the \fBpostfix reload\fR command after
a configuration change.
.SH "Content inspection controls"
-.IP \fBcontent_inspector\fR
-The name of a mail delivery transport that inspects mail prior
-to delivery.
+.IP \fBcontent_filter\fR
+The name of a mail delivery transport that filters mail and that
+either bounces mail or re-injects the result back into Postfix.
This parameter uses the same syntax as the right-hand side of
a Postfix transport table.
.SH Miscellaneous
Disallow non-RFC 821 style addresses in envelopes. For example,
allow RFC822-style address forms with comments, like Sendmail does.
.SH "Content inspection controls"
-.IP \fBcontent_inspector\fR
-The name of a mail delivery transport that inspects mail prior
-to delivery.
+.IP \fBcontent_filter\fR
+The name of a mail delivery transport that filters mail and that
+either bounces mail or re-injects the result back into Postfix.
This parameter uses the same syntax as the right-hand side of
a Postfix transport table.
.SH "Authenication controls"
char *sender; /* complete address */
char *errors_to; /* error report address */
char *return_receipt; /* confirm receipt address */
+ char *filter_xport; /* inspection transport */
long data_size; /* message content size */
long rcpt_offset; /* more recipients here */
long unread_offset; /* more unread recipients here */
message->sender = 0;
message->errors_to = 0;
message->return_receipt = 0;
+ message->filter_xport = 0;
message->data_size = 0;
message->warn_offset = 0;
message->warn_time = 0;
} else if (rec_type == REC_TYPE_TIME) {
if (message->arrival_time == 0)
message->arrival_time = atol(start);
+ } else if (rec_type == REC_TYPE_FILT) {
+ if (message->filter_xport == 0)
+ message->filter_xport = mystrdup(start);
} else if (rec_type == REC_TYPE_FROM) {
if (message->sender == 0) {
message->sender = mystrdup(start);
char **cpp;
char *domain;
const char *junk;
+ char *nexthop;
#define STREQ(x,y) (strcasecmp(x,y) == 0)
#define STR vstring_str
* result address may differ from the one specified by the sender.
*/
resolve_clnt_query(recipient->address, &reply);
- if (!STREQ(recipient->address, STR(reply.recipient)))
- UPDATE(recipient->address, STR(reply.recipient));
-
+ if (message->filter_xport) {
+ vstring_strcpy(reply.transport, message->filter_xport);
+ if ((nexthop = split_at(STR(reply.transport), ':')) == 0
+ || *nexthop == 0)
+ nexthop = var_myhostname;
+ vstring_strcpy(reply.nexthop, nexthop);
+ } else {
+ if (!STREQ(recipient->address, STR(reply.recipient)))
+ UPDATE(recipient->address, STR(reply.recipient));
+ }
/*
* Bounce recipients that have moved. We do it here instead of in the
myfree(message->errors_to);
if (message->return_receipt)
myfree(message->return_receipt);
+ if (message->filter_xport)
+ myfree(message->filter_xport);
qmgr_rcpt_list_free(&message->rcpt_list);
qmgr_message_count--;
myfree((char *) message);
/* and for default values. Use the \fBpostfix reload\fR command after
/* a configuration change.
/* .SH "Content inspection controls"
-/* .IP \fBcontent_inspector\fR
-/* The name of a mail delivery transport that inspects mail prior
-/* to delivery.
+/* .IP \fBcontent_filter\fR
+/* The name of a mail delivery transport that filters mail and that
+/* either bounces mail or re-injects the result back into Postfix.
/* This parameter uses the same syntax as the right-hand side of
/* a Postfix transport table.
/* .SH Miscellaneous
/* Application-specific. */
char *var_always_bcc;
-char *var_inspect_xport;
+char *var_filter_xport;
/*
* Structure to bundle a bunch of information about a queue file.
info->rcpt = mystrdup(vstring_str(buf));
if (type == REC_TYPE_TIME)
continue;
- if (type == REC_TYPE_INSP)
+ if (type == REC_TYPE_FILT)
continue;
else {
/*
* Add content inspection transport.
*/
- if (*var_inspect_xport)
- rec_fprintf(cleanup, REC_TYPE_INSP, "%s", var_inspect_xport);
+ if (*var_filter_xport)
+ rec_fprintf(cleanup, REC_TYPE_FILT, "%s", var_filter_xport);
/*
* Copy the message envelope segment. Allow only those records that we
{
static CONFIG_STR_TABLE str_table[] = {
VAR_ALWAYS_BCC, DEF_ALWAYS_BCC, &var_always_bcc, 0, 0,
- VAR_INSPECT_XPORT, DEF_INSPECT_XPORT, &var_inspect_xport, 0, 0,
+ VAR_FILTER_XPORT, DEF_FILTER_XPORT, &var_filter_xport, 0, 0,
0,
};
char *sender; /* complete address */
char *errors_to; /* error report address */
char *return_receipt; /* confirm receipt address */
- char *inspect_xport; /* inspection transport */
+ char *filter_xport; /* inspection transport */
long data_size; /* message content size */
long rcpt_offset; /* more recipients here */
QMGR_RCPT_LIST rcpt_list; /* complete addresses */
message->sender = 0;
message->errors_to = 0;
message->return_receipt = 0;
- message->inspect_xport = 0;
+ message->filter_xport = 0;
message->data_size = 0;
message->warn_offset = 0;
message->warn_time = 0;
} else if (rec_type == REC_TYPE_TIME) {
if (message->arrival_time == 0)
message->arrival_time = atol(start);
- } else if (rec_type == REC_TYPE_INSP) {
- if (message->inspect_xport == 0)
- message->inspect_xport = mystrdup(start);
+ } else if (rec_type == REC_TYPE_FILT) {
+ if (message->filter_xport == 0)
+ message->filter_xport = mystrdup(start);
} else if (rec_type == REC_TYPE_FROM) {
if (message->sender == 0) {
message->sender = mystrdup(start);
* result address may differ from the one specified by the sender.
*/
resolve_clnt_query(recipient->address, &reply);
- if (message->inspect_xport) {
- vstring_strcpy(reply.transport, message->inspect_xport);
- if ((nexthop = split_at(STR(reply.transport), ':')) != 0)
- vstring_strcpy(reply.nexthop, nexthop);
+ if (message->filter_xport) {
+ vstring_strcpy(reply.transport, message->filter_xport);
+ if ((nexthop = split_at(STR(reply.transport), ':')) == 0
+ || *nexthop == 0)
+ nexthop = var_myhostname;
+ vstring_strcpy(reply.nexthop, nexthop);
} else {
if (!STREQ(recipient->address, STR(reply.recipient)))
UPDATE(recipient->address, STR(reply.recipient));
myfree(message->errors_to);
if (message->return_receipt)
myfree(message->return_receipt);
- if (message->inspect_xport)
- myfree(message->inspect_xport);
+ if (message->filter_xport)
+ myfree(message->filter_xport);
qmgr_rcpt_list_free(&message->rcpt_list);
qmgr_message_count--;
myfree((char *) message);
/* Disallow non-RFC 821 style addresses in envelopes. For example,
/* allow RFC822-style address forms with comments, like Sendmail does.
/* .SH "Content inspection controls"
-/* .IP \fBcontent_inspector\fR
-/* The name of a mail delivery transport that inspects mail prior
-/* to delivery.
+/* .IP \fBcontent_filter\fR
+/* The name of a mail delivery transport that filters mail and that
+/* either bounces mail or re-injects the result back into Postfix.
/* This parameter uses the same syntax as the right-hand side of
/* a Postfix transport table.
/* .SH "Authenication controls"
bool var_smtpd_sasl_enable;
char *var_smtpd_sasl_opts;
char *var_smtpd_sasl_realm;
-char *var_inspect_xport;
+char *var_filter_xport;
/*
* Global state, for stand-alone mode queue file cleanup. When this is
*/
rec_fprintf(state->cleanup, REC_TYPE_TIME, "%ld",
(long) time((time_t *) 0));
- if (*var_inspect_xport)
- rec_fprintf(state->cleanup, REC_TYPE_INSP, "%s", var_inspect_xport);
+ if (*var_filter_xport)
+ rec_fprintf(state->cleanup, REC_TYPE_FILT, "%s", var_filter_xport);
rec_fputs(state->cleanup, REC_TYPE_FROM, argv[2].strval);
state->sender = mystrdup(argv[2].strval);
smtpd_chat_reply(state, "250 Ok");
VAR_LOCAL_RCPT_MAPS, DEF_LOCAL_RCPT_MAPS, &var_local_rcpt_maps, 0, 0,
VAR_SMTPD_SASL_OPTS, DEF_SMTPD_SASL_OPTS, &var_smtpd_sasl_opts, 0, 0,
VAR_SMTPD_SASL_REALM, DEF_SMTPD_SASL_REALM, &var_smtpd_sasl_realm, 1, 0,
- VAR_INSPECT_XPORT, DEF_INSPECT_XPORT, &var_inspect_xport, 0, 0,
+ VAR_FILTER_XPORT, DEF_FILTER_XPORT, &var_filter_xport, 0, 0,
0,
};
/*
* Set up a new server context for this connection.
*/
-#define DEFAULT_USER_REALM ((char *) 0)
#define NO_SECURITY_LAYERS (0)
#define NO_SESSION_CALLBACKS ((sasl_callback_t *) 0)
- if (sasl_server_new("smtp", var_smtpd_sasl_realm, DEFAULT_USER_REALM,
+ if (sasl_server_new("smtp", var_myhostname, var_smtpd_sasl_realm,
NO_SESSION_CALLBACKS, NO_SECURITY_LAYERS,
&state->sasl_conn) != SASL_OK)
msg_fatal("SASL per-connection server initialization");
projects / thirdparty / postfix.git / commitdiff
