-m) will be compatible with a future postcat -h option.
File: postmap/postmap.c.
-20040811
+20080411
Bugfix (introduced Postfix 2.0): after "warn_if_reject
reject_unlisted_recipient/sender", the SMTP server mistakenly
compatibility feature only with queue files that don't
contain logging attributes. Problem reported by Liviu Daia.
Files *qmgr/qmgr_message.c.
+
+20080424
+
+ Cleanup: some warning messages said "regexp" or "regexp
+ map" instead of "pcre map". File: util/dict_pcre.c.
+
+20080426
+
+ Feature: finer control over address verification error
+ handling and amount of information disclosed in the SMTP
+ reject message. Parameters: unverified_recipient_defer_code,
+ unverified_recipient_reject_reason, unverified_sender_defer_code,
+ unverified_sender_reject_reason. If I don't do this properly,
+ then someone will do it anyway. File: src/smtpd/smtpd_check.c.
+
+20080428
+
+ Cleanup: the proxy_read_maps (Postfix 2.0) default setting
+ was not updated when adding sender/recipient_bcc_maps
+ (Postfix 2.1) and smtp/lmtp_generic_maps (Postfix 2.3).
+ File: global/mail_params.h.
+
+ Cleanup: the SMTP server's XFORWARD and XCLIENT support
+ was not updated when the smtpd_client_port_logging configuration
+ parameter was added. Code by Victor Duchovni. Files:
+ smtpd/smtpd.c, smtpd/smtpd_peer.c.
response to end of DATA after a message is transferred. Postfix address
verification does not work with such sites.
- * By default, Postfix probe messages have "postmaster@$myorigin" as the
- sender address. This is SAFE because the Postfix SMTP server does not
- reject mail for this address.
+ * By default, Postfix probe messages have "double-bounce@$myorigin" as the
+ sender address (with Postfix versions before 2.5, the default is
+ "postmaster@$myorigin"). This is SAFE because the Postfix SMTP server does
+ not reject mail for this address.
You can change this into the null address ("address_verify_sender ="). This
is UNSAFE because address probes will fail with mis-configured sites that
reject_unknown_recipient_domain
reject_unverified_recipient
...
+ # Postfix 2.6 and later privacy feature.
+ # unverified_recipient_reject_reason = Address lookup failed
The "reject_unknown_recipient_domain" restriction blocks mail for non-existent
domains. Putting this before "reject_unverified_recipient" avoids the overhead
of generating unnecessary probe messages.
-The unverified_recipient_reject_code parameter (default 450) specifies how
-Postfix replies when a recipient address is known to bounce. Change this
-setting into 550 when you trust Postfix's judgments.
+The unverified_recipient_reject_code parameter (default 450) specifies the
+numerical Postfix SMTP server reply code when a recipient address is known to
+bounce. Change this setting into 550 when you trust Postfix's judgments.
+
+The following features are available in Postfix 2.6 and later.
+
+The unverified_recipient_defer_code parameter (default 450) specifies the
+numerical Postfix SMTP server reply code when a recipient address probe fails
+with some temporary error. Some sites insist on changing this into 250. NOTE:
+This change turns MX servers into backscatter sources when the load is high.
+
+The unverified_recipient_reject_reason parameter (default: empty) specifies
+fixed text that Postfix will send to remote SMTP clients, instead of sending
+actual address verification details.
S\bSe\ben\bnd\bde\ber\br a\bad\bdd\bdr\bre\bes\bss\bs v\bve\ber\bri\bif\bfi\bic\bca\bat\bti\bio\bon\bn f\bfo\bor\br m\bma\bai\bil\bl f\bfr\bro\bom\bm f\bfr\bre\beq\bqu\bue\ben\bnt\btl\bly\by f\bfo\bor\brg\bge\bed\bd d\bdo\bom\bma\bai\bin\bns\bs
-It is relatively safe to turn on sender address verification for specific
-domains that often appear in forged email.
+Only for very small sites, it is relatively safe to turn on sender address
+verification for specific domains that often appear in forged email.
/etc/postfix/main.cf:
smtpd_sender_restrictions = hash:/etc/postfix/sender_access
unverified_sender_reject_code = 550
+ # Postfix 2.6 and later.
+ # unverified_sender_defer_code = 250
+
# Note 1: Be sure to read the "Caching" section below!
# Note 2: Avoid hash files here. Use btree instead.
address_verify_map = btree:/var/lib/postfix/verify
reject_unknown_sender_domain
warn_if_reject reject_unverified_sender
...
+ # Postfix 2.6 and later.
+ # unverified_sender_reject_reason = Address verification failed
+
# Note 1: Be sure to read the "Caching" section below!
# Note 2: Avoid hash files here. Use btree instead.
address_verify_map = btree:/var/lib/postfix/verify
domains. Putting this before "reject_unverified_sender" avoids the overhead of
generating unnecessary probe messages.
-The unverified_sender_reject_code parameter (default 450) specifies how Postfix
-replies when a sender address is known to bounce. Change this setting into 550
-when you trust Postfix's judgments.
+The unverified_sender_reject_code parameter (default 450) specifies the
+numerical Postfix server reply code when a sender address is known to bounce.
+Change this setting into 550 when you trust Postfix's judgments.
+
+The following features are available in Postfix 2.6 and later.
+
+The unverified_sender_defer_code parameter (default 450) specifies the
+numerical Postfix SMTP server reply code when a sender address verification
+probe fails with some temporary error. Specify a valid 2xx or 4xx code.
+
+The unverified_sender_reject_reason parameter (default: empty) specifies fixed
+text that Postfix will send to remote SMTP clients, instead of sending actual
+addres verification details.
A\bAd\bdd\bdr\bre\bes\bss\bs v\bve\ber\bri\bif\bfi\bic\bca\bat\bti\bio\bon\bn d\bda\bat\bta\bab\bba\bas\bse\be
If you upgrade from Postfix 2.4 or earlier, read RELEASE_NOTES-2.5
before proceeding.
+Incompatibility with snapshot 20080428
+======================================
+
+Postfix SMTP server replies for address verification have changed.
+unverified_recipient_reject_code and unverified_sender_reject_code
+now handle "5XX" rejects only. The "4XX" rejects are now controlled
+with unverified_sender_defer_code and unverified_recipient_defer_code.
+
+Major changes with snapshot 20080428
+====================================
+
+Finer control over the way that Postfix reports address verification
+failures are reported to remote SMTP clients.
+
+- unverified_sender/recipient_defer_code: the numerical Postfix
+ SMTP server reply code when address verification failed due
+ to some temporary error.
+
+- unverified_sender/recipient_reject_reason: fixed text that Postfix
+ will send to the remote SMTP client, instead of sending actual
+ address verification details.
+
Incompatible changes with snapshot 20080207
===========================================
transferred. Postfix address verification does not work with such
sites. </p>
-<li> <p> By default, Postfix probe messages have "postmaster@$<a href="postconf.5.html#myorigin">myorigin</a>"
-as the sender address. This is SAFE because the Postfix SMTP server
-does not reject mail for this address. </p>
+<li> <p> By default, Postfix probe messages have "double-bounce@$<a href="postconf.5.html#myorigin">myorigin</a>"
+as the sender address (with Postfix versions before 2.5, the default
+is "postmaster@$<a href="postconf.5.html#myorigin">myorigin</a>"). This is SAFE because the Postfix SMTP
+server does not reject mail for this address. </p>
<p> You can change this into the null address ("<a href="postconf.5.html#address_verify_sender">address_verify_sender</a>
="). This is UNSAFE because address probes will fail with
<a href="postconf.5.html#reject_unknown_recipient_domain">reject_unknown_recipient_domain</a>
<a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a>
...
+ # Postfix 2.6 and later privacy feature.
+ # <a href="postconf.5.html#unverified_recipient_reject_reason">unverified_recipient_reject_reason</a> = Address lookup failed
</pre>
</blockquote>
avoids the overhead of generating unnecessary probe messages. </p>
<p> The <a href="postconf.5.html#unverified_recipient_reject_code">unverified_recipient_reject_code</a> parameter (default 450)
-specifies how Postfix replies when a recipient address is known to
+specifies the numerical Postfix SMTP server reply code when a
+recipient address is known to
bounce. Change this setting into 550 when you trust Postfix's
judgments. </p>
+<p> The following features are available in Postfix 2.6 and later.
+</p>
+
+<p> The <a href="postconf.5.html#unverified_recipient_defer_code">unverified_recipient_defer_code</a> parameter (default 450)
+specifies the numerical Postfix SMTP server reply code when a
+recipient address probe fails with some temporary error. Some sites
+insist on changing this into 250. NOTE: This change turns MX servers
+into backscatter sources when the load is high. </p>
+
+<p> The <a href="postconf.5.html#unverified_recipient_reject_reason">unverified_recipient_reject_reason</a> parameter (default:
+empty) specifies fixed text that Postfix will send to remote SMTP
+clients, instead of sending actual address verification details. </p>
+
<h2><a name="forged_sender">Sender address verification for mail from frequently forged domains</a></h2>
-<p> It is relatively safe to turn on sender address verification for
-specific domains that often appear in forged email. </p>
+<p> Only for very small sites, it is relatively safe to turn on
+sender address verification for specific domains that often appear
+in forged email. </p>
<blockquote>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> = hash:/etc/postfix/sender_access
<a href="postconf.5.html#unverified_sender_reject_code">unverified_sender_reject_code</a> = 550
+ # Postfix 2.6 and later.
+ # <a href="postconf.5.html#unverified_sender_defer_code">unverified_sender_defer_code</a> = 250
+
# Note 1: Be sure to read the "<a href="#caching">Caching</a>" section below!
# Note 2: Avoid hash files here. Use btree instead.
<a href="postconf.5.html#address_verify_map">address_verify_map</a> = btree:/var/lib/postfix/verify
<a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a>
<a href="postconf.5.html#warn_if_reject">warn_if_reject</a> <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a>
...
+ # Postfix 2.6 and later.
+ # <a href="postconf.5.html#unverified_sender_reject_reason">unverified_sender_reject_reason</a> = Address verification failed
+
# Note 1: Be sure to read the "<a href="#caching">Caching</a>" section below!
# Note 2: Avoid hash files here. Use btree instead.
<a href="postconf.5.html#address_verify_map">address_verify_map</a> = btree:/var/lib/postfix/verify
avoids the overhead of generating unnecessary probe messages. </p>
<p> The <a href="postconf.5.html#unverified_sender_reject_code">unverified_sender_reject_code</a> parameter (default 450)
-specifies how Postfix replies when a sender address is known to
+specifies the numerical Postfix server reply code when a sender
+address is known to
bounce. Change this setting into 550 when you trust Postfix's
judgments. </p>
+<p> The following features are available in Postfix 2.6 and later.
+</p>
+
+<p> The <a href="postconf.5.html#unverified_sender_defer_code">unverified_sender_defer_code</a> parameter (default 450) specifies
+the numerical Postfix SMTP server reply code when a sender address
+verification probe fails with some temporary error. Specify a valid
+2xx or 4xx code. </p>
+
+<p> The <a href="postconf.5.html#unverified_sender_reject_reason">unverified_sender_reject_reason</a> parameter (default:
+empty) specifies fixed text that Postfix will send to remote SMTP
+clients, instead of sending actual addres verification details. </p>
+
<h2><a name="caching">Address verification database</a></h2>
<p> NOTE: By default, address verification information is not stored
</p>
<p>
-Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc821">RFC 821</a>.
+Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>.
</p>
</p>
<p>
-Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc821">RFC 821</a>.
+Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>.
</p>
</p>
<p>
-Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc821">RFC 821</a>.
+Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>.
</p>
</p>
<p>
-Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc821">RFC 821</a>.
+Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>.
</p>
</p>
<p>
-Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc821">RFC 821</a>.
+Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>.
</p>
<p>
</p>
<p>
-Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc821">RFC 821</a>.
+Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>.
</p>
</p>
<p>
-Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc821">RFC 821</a>.
+Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>.
</p>
<p>
Quote addresses in SMTP MAIL FROM and RCPT TO commands as required
-by <a href="http://tools.ietf.org/html/rfc821">RFC 821</a>. This includes putting quotes around an address localpart
+by <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>. This includes putting quotes around an address localpart
that ends in ".".
</p>
<p>
-The default is to comply with <a href="http://tools.ietf.org/html/rfc821">RFC 821</a>. If you have to send mail to
+The default is to comply with <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>. If you have to send mail to
a broken SMTP server, configure a special SMTP client in <a href="master.5.html">master.cf</a>:
</p>
see the <a href="ADDRESS_VERIFICATION_README.html">ADDRESS_VERIFICATION_README</a> file for details. <br> The
<a href="postconf.5.html#unverified_recipient_reject_code">unverified_recipient_reject_code</a> parameter specifies the response
when an address is known to bounce (default: 450, change into 550
-when you are confident that it is safe to do so). Postfix replies
-with 450 when an address probe failed due to a temporary problem.
-This feature is available in Postfix 2.1 and later. </dd>
+when you are confident that it is safe to do so). The
+<a href="postconf.5.html#unverified_recipient_defer_code">unverified_recipient_defer_code</a> parameter specifies the response
+when an address probe failed due to a temporary problem (default:
+450). This feature is available in Postfix 2.1 and later. </dd>
</dl>
see the <a href="ADDRESS_VERIFICATION_README.html">ADDRESS_VERIFICATION_README</a> file for details. <br> The
<a href="postconf.5.html#unverified_sender_reject_code">unverified_sender_reject_code</a> parameter specifies the response when
an address is known to bounce (default: 450, change into 550 when
-you are confident that it is safe to do so). Postfix replies with
-450 when an address probe failed due to a temporary problem. This
-feature is available in Postfix 2.1 and later. </dd>
+you are confident that it is safe to do so). The
+<a href="postconf.5.html#unverified_sender_defer_code">unverified_sender_defer_code</a> specifies the response when an address
+address probe failed due to a temporary problem (default: 450).
+This feature is available in Postfix 2.1 and later. </dd>
</dl>
</p>
<p>
-Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc821">RFC 821</a>.
+Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>.
</p>
</p>
<p>
-Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc821">RFC 821</a>.
+Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>.
</p>
</p>
<p>
-Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc821">RFC 821</a>.
+Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>.
</p>
</p>
+</DD>
+
+<DT><b><a name="unverified_recipient_defer_code">unverified_recipient_defer_code</a>
+(default: 450)</b></DT><DD>
+
+<p>
+The numerical Postfix SMTP server response when a recipient address
+probe fails due to a temporary error condition.
+</p>
+
+<p>
+Unlike elsewhere in Postfix, you can specify 250 in order to
+accept the address anyway.
+</p>
+
+<p>
+Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>.
+</p>
+
+<p>
+This feature is available in Postfix 2.6 and later.
+</p>
+
+
</DD>
<DT><b><a name="unverified_recipient_reject_code">unverified_recipient_reject_code</a>
</p>
<p>
-Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc821">RFC 821</a>.
+Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>.
</p>
<p>
</p>
+</DD>
+
+<DT><b><a name="unverified_recipient_reject_reason">unverified_recipient_reject_reason</a>
+(default: empty)</b></DT><DD>
+
+<p> When rejecting mail with <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a>, reply
+with this text as the reason, instead of actual address verification
+details.
+
+<p> This feature is available in Postfix 2.6 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="unverified_sender_defer_code">unverified_sender_defer_code</a>
+(default: 450)</b></DT><DD>
+
+<p>
+The numerical Postfix SMTP server response code when a sender address
+probe fails due to a temporary error condition.
+</p>
+
+<p>
+Unlike elsewhere in Postfix, you can specify 250 in order to
+accept the address anyway.
+</p>
+
+<p>
+Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>.
+</p>
+
+<p>
+This feature is available in Postfix 2.6 and later.
+</p>
+
+
</DD>
<DT><b><a name="unverified_sender_reject_code">unverified_sender_reject_code</a>
</p>
<p>
-Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc821">RFC 821</a>.
+Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>.
</p>
<p>
</p>
+</DD>
+
+<DT><b><a name="unverified_sender_reject_reason">unverified_sender_reject_reason</a>
+(default: empty)</b></DT><DD>
+
+<p> When rejecting mail with <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a>, reply with
+this text as the reason, instead of actual address verification
+details.
+
+<p> This feature is available in Postfix 2.6 and later. </p>
+
+
</DD>
<DT><b><a name="verp_delimiter_filter">verp_delimiter_filter</a>
recipient address is rejected by the <a href="postconf.5.html#reject_unverified_recipient">reject_unveri</a>-
<a href="postconf.5.html#reject_unverified_recipient">fied_recipient</a> restriction.
+ Available in Postfix version 2.6 and later:
+
+ <b><a href="postconf.5.html#unverified_sender_defer_code">unverified_sender_defer_code</a> (450)</b>
+ The numerical Postfix SMTP server response code
+ when a sender address probe fails due to a tempo-
+ rary error condition.
+
+ <b><a href="postconf.5.html#unverified_recipient_defer_code">unverified_recipient_defer_code</a> (450)</b>
+ The numerical Postfix SMTP server response when a
+ recipient address probe fails due to a temporary
+ error condition.
+
+ <b><a href="postconf.5.html#unverified_sender_reject_reason">unverified_sender_reject_reason</a> (empty)</b>
+ When rejecting mail with <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a>,
+ reply with this text as the reason, instead of
+ actual address verification details.
+
+ <b><a href="postconf.5.html#unverified_recipient_reject_reason">unverified_recipient_reject_reason</a> (empty)</b>
+ When rejecting mail with reject_unverified_recipi-
+ ent, reply with this text as the reason, instead of
+ actual address verification details.
+
<b>ACCESS CONTROL RESPONSES</b>
The following parameters control numerical SMTP reply
codes and/or text responses.
The numerical Postfix SMTP server response code when a client
is rejected by an \fBaccess\fR(5) map restriction.
.PP
-Do not change this unless you have a complete understanding of RFC 821.
+Do not change this unless you have a complete understanding of RFC 2821.
.SH address_verify_default_transport (default: $default_transport)
Overrides the default_transport parameter setting for address
verification probes.
The numerical Postfix SMTP server response code when a remote SMTP
client request is rejected by the "defer" restriction.
.PP
-Do not change this unless you have a complete understanding of RFC 821.
+Do not change this unless you have a complete understanding of RFC 2821.
.SH defer_service_name (default: defer)
The name of the defer service. This service is implemented by the
\fBbounce\fR(8) daemon and maintains a record
HELO or EHLO command parameter is rejected by the reject_invalid_helo_hostname
restriction.
.PP
-Do not change this unless you have a complete understanding of RFC 821.
+Do not change this unless you have a complete understanding of RFC 2821.
.SH ipc_idle (default: version dependent)
The time after which a client closes an idle internal communication
channel. The purpose is to allow servers to terminate voluntarily
client request is blocked by the reject_rbl_client, reject_rhsbl_client,
reject_rhsbl_sender or reject_rhsbl_recipient restriction.
.PP
-Do not change this unless you have a complete understanding of RFC 821.
+Do not change this unless you have a complete understanding of RFC 2821.
.SH masquerade_classes (default: envelope_sender, header_sender, header_recipient)
What addresses are subject to address masquerading.
.PP
client request is blocked by the reject_multi_recipient_bounce
restriction.
.PP
-Do not change this unless you have a complete understanding of RFC 821.
+Do not change this unless you have a complete understanding of RFC 2821.
.PP
This feature is available in Postfix 2.1 and later.
.SH mydestination (default: $myhostname, localhost.$mydomain, localhost)
The numerical Postfix SMTP server response code when a remote SMTP
client request is rejected by the "reject" restriction.
.PP
-Do not change this unless you have a complete understanding of RFC 821.
+Do not change this unless you have a complete understanding of RFC 2821.
.SH relay_clientcerts (default: empty)
List of tables with remote SMTP client-certificate fingerprints
for which the Postfix SMTP server will allow access with the
request is rejected by the reject_unauth_destination recipient
restriction.
.PP
-Do not change this unless you have a complete understanding of RFC 821.
+Do not change this unless you have a complete understanding of RFC 2821.
.SH relay_recipient_maps (default: empty)
Optional lookup tables with all valid addresses in the domains
that match $relay_domains. Specify @domain as a wild-card for
The default time unit is s (seconds).
.SH smtp_quote_rfc821_envelope (default: yes)
Quote addresses in SMTP MAIL FROM and RCPT TO commands as required
-by RFC 821. This includes putting quotes around an address localpart
+by RFC 2821. This includes putting quotes around an address localpart
that ends in ".".
.PP
-The default is to comply with RFC 821. If you have to send mail to
+The default is to comply with RFC 2821. If you have to send mail to
a broken SMTP server, configure a special SMTP client in master.cf:
.sp
.in +4
The
unverified_recipient_reject_code parameter specifies the response
when an address is known to bounce (default: 450, change into 550
-when you are confident that it is safe to do so). Postfix replies
-with 450 when an address probe failed due to a temporary problem.
-This feature is available in Postfix 2.1 and later.
+when you are confident that it is safe to do so). The
+unverified_recipient_defer_code parameter specifies the response
+when an address probe failed due to a temporary problem (default:
+450). This feature is available in Postfix 2.1 and later.
.PP
Other restrictions that are valid in this context:
.IP \(bu
The
unverified_sender_reject_code parameter specifies the response when
an address is known to bounce (default: 450, change into 550 when
-you are confident that it is safe to do so). Postfix replies with
-450 when an address probe failed due to a temporary problem. This
-feature is available in Postfix 2.1 and later.
+you are confident that it is safe to do so). The
+unverified_sender_defer_code specifies the response when an address
+address probe failed due to a temporary problem (default: 450).
+This feature is available in Postfix 2.1 and later.
.PP
Other restrictions that are valid in this context:
.IP \(bu
or reject_unknown_recipient_domain restriction. The response is
always 450 in case of a temporary DNS error.
.PP
-Do not change this unless you have a complete understanding of RFC 821.
+Do not change this unless you have a complete understanding of RFC 2821.
.SH unknown_client_reject_code (default: 450)
The numerical Postfix SMTP server response code when a client
without valid address <=> name mapping is rejected by the
reject_unknown_client_hostname restriction. The SMTP server always replies
with 450 when the mapping failed due to a temporary error condition.
.PP
-Do not change this unless you have a complete understanding of RFC 821.
+Do not change this unless you have a complete understanding of RFC 2821.
.SH unknown_hostname_reject_code (default: 450)
The numerical Postfix SMTP server response code when the hostname
specified with the HELO or EHLO command is rejected by the
reject_unknown_helo_hostname restriction.
.PP
-Do not change this unless you have a complete understanding of RFC 821.
+Do not change this unless you have a complete understanding of RFC 2821.
.SH unknown_local_recipient_reject_code (default: 550)
The numerical Postfix SMTP server response code when a recipient
address is local, and $local_recipient_maps specifies a list of
of lookup tables that does not match the recipient address.
.PP
This feature is available in Postfix 2.0 and later.
+.SH unverified_recipient_defer_code (default: 450)
+The numerical Postfix SMTP server response when a recipient address
+probe fails due to a temporary error condition.
+.PP
+Unlike elsewhere in Postfix, you can specify 250 in order to
+accept the address anyway.
+.PP
+Do not change this unless you have a complete understanding of RFC 2821.
+.PP
+This feature is available in Postfix 2.6 and later.
.SH unverified_recipient_reject_code (default: 450)
The numerical Postfix SMTP server response when a recipient address
is rejected by the reject_unverified_recipient restriction.
Unlike elsewhere in Postfix, you can specify 250 in order to
accept the address anyway.
.PP
-Do not change this unless you have a complete understanding of RFC 821.
+Do not change this unless you have a complete understanding of RFC 2821.
.PP
This feature is available in Postfix 2.1 and later.
+.SH unverified_recipient_reject_reason (default: empty)
+When rejecting mail with reject_unverified_recipient, reply
+with this text as the reason, instead of actual address verification
+details.
+.PP
+This feature is available in Postfix 2.6 and later.
+.SH unverified_sender_defer_code (default: 450)
+The numerical Postfix SMTP server response code when a sender address
+probe fails due to a temporary error condition.
+.PP
+Unlike elsewhere in Postfix, you can specify 250 in order to
+accept the address anyway.
+.PP
+Do not change this unless you have a complete understanding of RFC 2821.
+.PP
+This feature is available in Postfix 2.6 and later.
.SH unverified_sender_reject_code (default: 450)
The numerical Postfix SMTP server response code when a recipient
address is rejected by the reject_unverified_sender restriction.
Unlike elsewhere in Postfix, you can specify 250 in order to
accept the address anyway.
.PP
-Do not change this unless you have a complete understanding of RFC 821.
+Do not change this unless you have a complete understanding of RFC 2821.
.PP
This feature is available in Postfix 2.1 and later.
+.SH unverified_sender_reject_reason (default: empty)
+When rejecting mail with reject_unverified_sender, reply with
+this text as the reason, instead of actual address verification
+details.
+.PP
+This feature is available in Postfix 2.6 and later.
.SH verp_delimiter_filter (default: -=+)
The characters Postfix accepts as VERP delimiter characters on the
Postfix \fBsendmail\fR(1) command line and in SMTP commands.
.IP "\fBunverified_recipient_reject_code (450)\fR"
The numerical Postfix SMTP server response when a recipient address
is rejected by the reject_unverified_recipient restriction.
+.PP
+Available in Postfix version 2.6 and later:
+.IP "\fBunverified_sender_defer_code (450)\fR"
+The numerical Postfix SMTP server response code when a sender address
+probe fails due to a temporary error condition.
+.IP "\fBunverified_recipient_defer_code (450)\fR"
+The numerical Postfix SMTP server response when a recipient address
+probe fails due to a temporary error condition.
+.IP "\fBunverified_sender_reject_reason (empty)\fR"
+When rejecting mail with reject_unverified_sender, reply with
+this text as the reason, instead of actual address verification
+details.
+.IP "\fBunverified_recipient_reject_reason (empty)\fR"
+When rejecting mail with reject_unverified_recipient, reply
+with this text as the reason, instead of actual address verification
+details.
.SH "ACCESS CONTROL RESPONSES"
.na
.nf
s;\bunknown_virtual_alias_reject_code\b;<a href="postconf.5.html#unknown_virtual_alias_reject_code">$&</a>;g;
s;\bunknown_virtual_mail[-</bB>]*\n* *[<bB>]*box_reject_code\b;<a href="postconf.5.html#unknown_virtual_mailbox_reject_code">$&</a>;g;
s;\bunverified_recip[-</bB>]*\n* *[<bB>]*ient_reject_code\b;<a href="postconf.5.html#unverified_recipient_reject_code">$&</a>;g;
+ s;\bunverified_recip[-</bB>]*\n* *[<bB>]*ient_defer_code\b;<a href="postconf.5.html#unverified_recipient_defer_code">$&</a>;g;
s;\bunverified_sender_reject_code\b;<a href="postconf.5.html#unverified_sender_reject_code">$&</a>;g;
+ s;\bunverified_sender_defer_code\b;<a href="postconf.5.html#unverified_sender_defer_code">$&</a>;g;
+ s;\bunverified_recipient_reject_reason\b;<a href="postconf.5.html#unverified_recipient_reject_reason">$&</a>;g;
+ s;\bunverified_sender_reject_reason\b;<a href="postconf.5.html#unverified_sender_reject_reason">$&</a>;g;
s;\bverp_delimiter_filter\b;<a href="postconf.5.html#verp_delimiter_filter">$&</a>;g;
s;\bvir[-</bB>]*\n*[ <bB>]*tual_alias_domains\b;<a href="postconf.5.html#virtual_alias_domains">$&</a>;g;
s;\bvir[-</bB>]*\n*[ <bB>]*tual_alias_expansion_limit\b;<a href="postconf.5.html#virtual_alias_expansion_limit">$&</a>;g;
transferred. Postfix address verification does not work with such
sites. </p>
-<li> <p> By default, Postfix probe messages have "postmaster@$myorigin"
-as the sender address. This is SAFE because the Postfix SMTP server
-does not reject mail for this address. </p>
+<li> <p> By default, Postfix probe messages have "double-bounce@$myorigin"
+as the sender address (with Postfix versions before 2.5, the default
+is "postmaster@$myorigin"). This is SAFE because the Postfix SMTP
+server does not reject mail for this address. </p>
<p> You can change this into the null address ("address_verify_sender
="). This is UNSAFE because address probes will fail with
reject_unknown_recipient_domain
reject_unverified_recipient
...
+ # Postfix 2.6 and later privacy feature.
+ # unverified_recipient_reject_reason = Address lookup failed
</pre>
</blockquote>
avoids the overhead of generating unnecessary probe messages. </p>
<p> The unverified_recipient_reject_code parameter (default 450)
-specifies how Postfix replies when a recipient address is known to
+specifies the numerical Postfix SMTP server reply code when a
+recipient address is known to
bounce. Change this setting into 550 when you trust Postfix's
judgments. </p>
+<p> The following features are available in Postfix 2.6 and later.
+</p>
+
+<p> The unverified_recipient_defer_code parameter (default 450)
+specifies the numerical Postfix SMTP server reply code when a
+recipient address probe fails with some temporary error. Some sites
+insist on changing this into 250. NOTE: This change turns MX servers
+into backscatter sources when the load is high. </p>
+
+<p> The unverified_recipient_reject_reason parameter (default:
+empty) specifies fixed text that Postfix will send to remote SMTP
+clients, instead of sending actual address verification details. </p>
+
<h2><a name="forged_sender">Sender address verification for mail from frequently forged domains</a></h2>
-<p> It is relatively safe to turn on sender address verification for
-specific domains that often appear in forged email. </p>
+<p> Only for very small sites, it is relatively safe to turn on
+sender address verification for specific domains that often appear
+in forged email. </p>
<blockquote>
<pre>
/etc/postfix/main.cf:
smtpd_sender_restrictions = hash:/etc/postfix/sender_access
unverified_sender_reject_code = 550
+ # Postfix 2.6 and later.
+ # unverified_sender_defer_code = 250
+
# Note 1: Be sure to read the "<a href="#caching">Caching</a>" section below!
# Note 2: Avoid hash files here. Use btree instead.
address_verify_map = btree:/var/lib/postfix/verify
reject_unknown_sender_domain
warn_if_reject reject_unverified_sender
...
+ # Postfix 2.6 and later.
+ # unverified_sender_reject_reason = Address verification failed
+
# Note 1: Be sure to read the "<a href="#caching">Caching</a>" section below!
# Note 2: Avoid hash files here. Use btree instead.
address_verify_map = btree:/var/lib/postfix/verify
avoids the overhead of generating unnecessary probe messages. </p>
<p> The unverified_sender_reject_code parameter (default 450)
-specifies how Postfix replies when a sender address is known to
+specifies the numerical Postfix server reply code when a sender
+address is known to
bounce. Change this setting into 550 when you trust Postfix's
judgments. </p>
+<p> The following features are available in Postfix 2.6 and later.
+</p>
+
+<p> The unverified_sender_defer_code parameter (default 450) specifies
+the numerical Postfix SMTP server reply code when a sender address
+verification probe fails with some temporary error. Specify a valid
+2xx or 4xx code. </p>
+
+<p> The unverified_sender_reject_reason parameter (default:
+empty) specifies fixed text that Postfix will send to remote SMTP
+clients, instead of sending actual addres verification details. </p>
+
<h2><a name="caching">Address verification database</a></h2>
<p> NOTE: By default, address verification information is not stored
</p>
<p>
-Do not change this unless you have a complete understanding of RFC 821.
+Do not change this unless you have a complete understanding of RFC 2821.
</p>
%PARAM address_verify_default_transport $default_transport
</p>
<p>
-Do not change this unless you have a complete understanding of RFC 821.
+Do not change this unless you have a complete understanding of RFC 2821.
</p>
%PARAM defer_transports
</p>
<p>
-Do not change this unless you have a complete understanding of RFC 821.
+Do not change this unless you have a complete understanding of RFC 2821.
</p>
%PARAM ipc_idle version dependent
</p>
<p>
-Do not change this unless you have a complete understanding of RFC 821.
+Do not change this unless you have a complete understanding of RFC 2821.
</p>
%PARAM masquerade_classes envelope_sender, header_sender, header_recipient
</p>
<p>
-Do not change this unless you have a complete understanding of RFC 821.
+Do not change this unless you have a complete understanding of RFC 2821.
</p>
<p>
</p>
<p>
-Do not change this unless you have a complete understanding of RFC 821.
+Do not change this unless you have a complete understanding of RFC 2821.
</p>
%PARAM relay_domains $mydestination
</p>
<p>
-Do not change this unless you have a complete understanding of RFC 821.
+Do not change this unless you have a complete understanding of RFC 2821.
</p>
%PARAM relay_recipient_maps
<p>
Quote addresses in SMTP MAIL FROM and RCPT TO commands as required
-by RFC 821. This includes putting quotes around an address localpart
+by RFC 2821. This includes putting quotes around an address localpart
that ends in ".".
</p>
<p>
-The default is to comply with RFC 821. If you have to send mail to
+The default is to comply with RFC 2821. If you have to send mail to
a broken SMTP server, configure a special SMTP client in master.cf:
</p>
see the ADDRESS_VERIFICATION_README file for details. <br> The
unverified_recipient_reject_code parameter specifies the response
when an address is known to bounce (default: 450, change into 550
-when you are confident that it is safe to do so). Postfix replies
-with 450 when an address probe failed due to a temporary problem.
-This feature is available in Postfix 2.1 and later. </dd>
+when you are confident that it is safe to do so). The
+unverified_recipient_defer_code parameter specifies the response
+when an address probe failed due to a temporary problem (default:
+450). This feature is available in Postfix 2.1 and later. </dd>
</dl>
see the ADDRESS_VERIFICATION_README file for details. <br> The
unverified_sender_reject_code parameter specifies the response when
an address is known to bounce (default: 450, change into 550 when
-you are confident that it is safe to do so). Postfix replies with
-450 when an address probe failed due to a temporary problem. This
-feature is available in Postfix 2.1 and later. </dd>
+you are confident that it is safe to do so). The
+unverified_sender_defer_code specifies the response when an address
+address probe failed due to a temporary problem (default: 450).
+This feature is available in Postfix 2.1 and later. </dd>
</dl>
</p>
<p>
-Do not change this unless you have a complete understanding of RFC 821.
+Do not change this unless you have a complete understanding of RFC 2821.
</p>
%PARAM unknown_client_reject_code 450
</p>
<p>
-Do not change this unless you have a complete understanding of RFC 821.
+Do not change this unless you have a complete understanding of RFC 2821.
</p>
%PARAM unknown_hostname_reject_code 450
</p>
<p>
-Do not change this unless you have a complete understanding of RFC 821.
+Do not change this unless you have a complete understanding of RFC 2821.
</p>
%PARAM unknown_local_recipient_reject_code 550
</p>
<p>
-Do not change this unless you have a complete understanding of RFC 821.
+Do not change this unless you have a complete understanding of RFC 2821.
</p>
<p>
This feature is available in Postfix 2.1 and later.
</p>
+%PARAM unverified_recipient_defer_code 450
+
+<p>
+The numerical Postfix SMTP server response when a recipient address
+probe fails due to a temporary error condition.
+</p>
+
+<p>
+Unlike elsewhere in Postfix, you can specify 250 in order to
+accept the address anyway.
+</p>
+
+<p>
+Do not change this unless you have a complete understanding of RFC 2821.
+</p>
+
+<p>
+This feature is available in Postfix 2.6 and later.
+</p>
+
%PARAM unverified_sender_reject_code 450
<p>
</p>
<p>
-Do not change this unless you have a complete understanding of RFC 821.
+Do not change this unless you have a complete understanding of RFC 2821.
</p>
<p>
This feature is available in Postfix 2.1 and later.
</p>
+%PARAM unverified_sender_defer_code 450
+
+<p>
+The numerical Postfix SMTP server response code when a sender address
+probe fails due to a temporary error condition.
+</p>
+
+<p>
+Unlike elsewhere in Postfix, you can specify 250 in order to
+accept the address anyway.
+</p>
+
+<p>
+Do not change this unless you have a complete understanding of RFC 2821.
+</p>
+
+<p>
+This feature is available in Postfix 2.6 and later.
+</p>
+
%PARAM virtual_alias_domains $virtual_alias_maps
<p> Postfix is final destination for the specified list of virtual
<p> This feature is available in Postfix 2.5 and later. </p>
+%PARAM unverified_sender_reject_reason
+
+<p> When rejecting mail with reject_unverified_sender, reply with
+this text as the reason, instead of actual address verification
+details.
+
+<p> This feature is available in Postfix 2.6 and later. </p>
+
+%PARAM unverified_recipient_reject_reason
+
+<p> When rejecting mail with reject_unverified_recipient, reply
+with this text as the reason, instead of actual address verification
+details.
+
+<p> This feature is available in Postfix 2.6 and later. </p>
+
+
extern bool var_smtpd_rej_unl_rcpt;
#define REJECT_UNVERIFIED_RECIP "reject_unverified_recipient"
-#define VAR_UNV_RCPT_CODE "unverified_recipient_reject_code"
-#define DEF_UNV_RCPT_CODE 450
-extern int var_unv_rcpt_code;
+#define VAR_UNV_RCPT_RCODE "unverified_recipient_reject_code"
+#define DEF_UNV_RCPT_RCODE 450
+extern int var_unv_rcpt_rcode;
#define REJECT_UNVERIFIED_SENDER "reject_unverified_sender"
-#define VAR_UNV_FROM_CODE "unverified_sender_reject_code"
-#define DEF_UNV_FROM_CODE 450
-extern int var_unv_from_code;
+#define VAR_UNV_FROM_RCODE "unverified_sender_reject_code"
+#define DEF_UNV_FROM_RCODE 450
+extern int var_unv_from_rcode;
+
+#define VAR_UNV_RCPT_DCODE "unverified_recipient_defer_code"
+#define DEF_UNV_RCPT_DCODE 450
+extern int var_unv_rcpt_dcode;
+
+#define VAR_UNV_FROM_DCODE "unverified_sender_defer_code"
+#define DEF_UNV_FROM_DCODE 450
+extern int var_unv_from_dcode;
+
+#define VAR_UNV_RCPT_WHY "unverified_recipient_reject_reason"
+#define DEF_UNV_RCPT_WHY ""
+extern char *var_unv_rcpt_why;
+
+#define VAR_UNV_FROM_WHY "unverified_sender_reject_reason"
+#define DEF_UNV_FROM_WHY ""
+extern char *var_unv_from_why;
#define REJECT_MUL_RCPT_BOUNCE "reject_multi_recipient_bounce"
#define VAR_MUL_RCPT_CODE "multi_recipient_bounce_reject_code"
" $" VAR_RCPT_CANON_MAPS \
" $" VAR_RELOCATED_MAPS \
" $" VAR_TRANSPORT_MAPS \
- " $" VAR_MYNETWORKS
+ " $" VAR_MYNETWORKS \
+ " $" VAR_SEND_BCC_MAPS \
+ " $" VAR_RCPT_BCC_MAPS \
+ " $" VAR_SMTP_GENERIC_MAPS \
+ " $" VAR_LMTP_GENERIC_MAPS
extern char *var_proxy_read_maps;
#define VAR_PROXY_WRITE_MAPS "proxy_write_maps"
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20080411"
+#define MAIL_RELEASE_DATE "20080428"
#define MAIL_VERSION_NUMBER "2.6"
#ifdef SNAPSHOT
/* .IP "\fBunverified_recipient_reject_code (450)\fR"
/* The numerical Postfix SMTP server response when a recipient address
/* is rejected by the reject_unverified_recipient restriction.
+/* .PP
+/* Available in Postfix version 2.6 and later:
+/* .IP "\fBunverified_sender_defer_code (450)\fR"
+/* The numerical Postfix SMTP server response code when a sender address
+/* probe fails due to a temporary error condition.
+/* .IP "\fBunverified_recipient_defer_code (450)\fR"
+/* The numerical Postfix SMTP server response when a recipient address
+/* probe fails due to a temporary error condition.
+/* .IP "\fBunverified_sender_reject_reason (empty)\fR"
+/* When rejecting mail with reject_unverified_sender, reply with
+/* this text as the reason, instead of actual address verification
+/* details.
+/* .IP "\fBunverified_recipient_reject_reason (empty)\fR"
+/* When rejecting mail with reject_unverified_recipient, reply
+/* with this text as the reason, instead of actual address verification
+/* details.
/* ACCESS CONTROL RESPONSES
/* .ad
/* .fi
int var_smtpd_hist_thrsh;
char *var_smtpd_exp_filter;
char *var_def_rbl_reply;
-int var_unv_from_code;
-int var_unv_rcpt_code;
+int var_unv_from_rcode;
+int var_unv_rcpt_rcode;
+int var_unv_from_dcode;
+int var_unv_rcpt_dcode;
+char *var_unv_from_why;
+char *var_unv_rcpt_why;
int var_mul_rcpt_code;
char *var_relay_rcpt_maps;
char *var_verify_sender;
if (state->namaddr)
myfree(state->namaddr);
state->namaddr =
- concatenate(state->name, "[", state->addr, "]:",
- state->port, (char *) 0);
+ SMTPD_BUILD_NAMADDRPORT(state->name, state->addr, state->port);
}
/*
myfree(state->xforward.namaddr);
state->xforward.namaddr =
IS_AVAIL_CLIENT_ADDR(state->xforward.addr) ?
- concatenate(state->xforward.name, "[",
- state->xforward.addr, "]:",
- state->xforward.port,
- (char *) 0) : mystrdup(state->xforward.name);
+ SMTPD_BUILD_NAMADDRPORT(state->xforward.name,
+ state->xforward.addr,
+ state->xforward.port) :
+ mystrdup(state->xforward.name);
}
smtpd_chat_reply(state, "250 2.0.0 Ok");
return (0);
VAR_SMTPD_JUNK_CMD, DEF_SMTPD_JUNK_CMD, &var_smtpd_junk_cmd_limit, 1, 0,
VAR_SMTPD_RCPT_OVERLIM, DEF_SMTPD_RCPT_OVERLIM, &var_smtpd_rcpt_overlim, 1, 0,
VAR_SMTPD_HIST_THRSH, DEF_SMTPD_HIST_THRSH, &var_smtpd_hist_thrsh, 1, 0,
- VAR_UNV_FROM_CODE, DEF_UNV_FROM_CODE, &var_unv_from_code, 0, 0,
- VAR_UNV_RCPT_CODE, DEF_UNV_RCPT_CODE, &var_unv_rcpt_code, 0, 0,
+ VAR_UNV_FROM_RCODE, DEF_UNV_FROM_RCODE, &var_unv_from_rcode, 200, 599,
+ VAR_UNV_RCPT_RCODE, DEF_UNV_RCPT_RCODE, &var_unv_rcpt_rcode, 200, 599,
+ VAR_UNV_FROM_DCODE, DEF_UNV_FROM_DCODE, &var_unv_from_dcode, 200, 499,
+ VAR_UNV_RCPT_DCODE, DEF_UNV_RCPT_DCODE, &var_unv_rcpt_dcode, 200, 499,
VAR_MUL_RCPT_CODE, DEF_MUL_RCPT_CODE, &var_mul_rcpt_code, 0, 0,
VAR_LOCAL_RCPT_CODE, DEF_LOCAL_RCPT_CODE, &var_local_rcpt_code, 0, 0,
VAR_VIRT_ALIAS_CODE, DEF_VIRT_ALIAS_CODE, &var_virt_alias_code, 0, 0,
VAR_MILT_DAEMON_NAME, DEF_MILT_DAEMON_NAME, &var_milt_daemon_name, 1, 0,
VAR_MILT_V, DEF_MILT_V, &var_milt_v, 1, 0,
VAR_STRESS, DEF_STRESS, &var_stress, 0, 0,
+ VAR_UNV_FROM_WHY, DEF_UNV_FROM_WHY, &var_unv_from_why, 0, 0,
+ VAR_UNV_RCPT_WHY, DEF_UNV_RCPT_WHY, &var_unv_rcpt_why, 0, 0,
0,
};
static const CONFIG_RAW_TABLE raw_table[] = {
ssize_t milter_argc;
} SMTPD_STATE;
+ /*
+ * Construct name[addr] or name[addr]:port as appropriate
+ */
+#define SMTPD_BUILD_NAMADDRPORT(name, addr, port) \
+ concatenate((name), "[", (addr), "]", \
+ var_smtpd_client_port_log ? ":" : (char *) 0, \
+ (port), (char *) 0)
+
#define SMTPD_FLAG_HANGUP (1<<0) /* disconnect */
#define SMTPD_STATE_XFORWARD_INIT (1<<0) /* xforward preset done */
static int reject_unverified_address(SMTPD_STATE *state, const char *addr,
const char *reply_name, const char *reply_class,
- int unv_addr_code)
+ int unv_addr_dcode, int unv_addr_rcode,
+ const char *alt_reply)
{
const char *myname = "reject_unverified_address";
VSTRING *why = vstring_alloc(10);
- int rqst_status;
+ int rqst_status = SMTPD_CHECK_DUNNO;
int rcpt_status;
int verify_status;
int count;
+ int reject_code = 0;
if (msg_verbose)
msg_info("%s: %s", myname, addr);
switch (rcpt_status) {
default:
msg_warn("unknown address verification status %d", rcpt_status);
- rqst_status = SMTPD_CHECK_DUNNO;
break;
case DEL_RCPT_STAT_TODO:
case DEL_RCPT_STAT_DEFER:
+ reject_code = unv_addr_dcode;
+ break;
+ case DEL_RCPT_STAT_OK:
+ break;
+ case DEL_RCPT_STAT_BOUNCE:
+ reject_code = unv_addr_rcode;
+ break;
+ }
+ if (reject_code >= 400 && *alt_reply)
+ vstring_strcpy(why, alt_reply);
+ switch (reject_code / 100) {
+ case 2:
+ break;
+ case 4:
DEFER_IF_PERMIT3(state, MAIL_ERROR_POLICY,
450, strcmp(reply_class, SMTPD_NAME_SENDER) == 0 ?
SND_DSN : "4.1.1",
"<%s>: %s rejected: unverified address: %.250s",
reply_name, reply_class, STR(why));
- rqst_status = SMTPD_CHECK_DUNNO;
- break;
- case DEL_RCPT_STAT_OK:
- rqst_status = SMTPD_CHECK_DUNNO;
break;
- case DEL_RCPT_STAT_BOUNCE:
- if (unv_addr_code / 100 == 2)
- rqst_status = SMTPD_CHECK_DUNNO;
- else
+ default:
+ if (reject_code != 0)
rqst_status =
smtpd_check_reject(state, MAIL_ERROR_POLICY,
- unv_addr_code,
+ reject_code,
strcmp(reply_class, SMTPD_NAME_SENDER) == 0 ?
SND_DSN : "4.1.1",
"<%s>: %s rejected: undeliverable address: %s",
if (state->sender && *state->sender)
status = reject_unverified_address(state, state->sender,
state->sender, SMTPD_NAME_SENDER,
- var_unv_from_code);
+ var_unv_from_dcode, var_unv_from_rcode,
+ var_unv_from_why);
} else if (strcasecmp(name, REJECT_NON_FQDN_SENDER) == 0) {
if (state->sender && *state->sender)
status = reject_non_fqdn_address(state, state->sender,
if (state->recipient && *state->recipient)
status = reject_unverified_address(state, state->recipient,
state->recipient, SMTPD_NAME_RECIPIENT,
- var_unv_rcpt_code);
+ var_unv_rcpt_dcode, var_unv_rcpt_rcode,
+ var_unv_rcpt_why);
}
/*
/*
* Do the name[addr]:port formatting for pretty reports.
*/
- state->namaddr =
- concatenate(state->name, "[", state->addr, "]",
- var_smtpd_client_port_log ? ":" : (char *) 0,
- state->port, (char *) 0);
+ state->namaddr = SMTPD_BUILD_NAMADDRPORT(state->name, state->addr,
+ state->port);
}
/* smtpd_peer_reset - destroy peer information */
if (ret == PCRE_ERROR_NOSUBSTRING)
return (MAC_PARSE_UNDEF);
else
- msg_fatal("regexp %s, line %d: pcre_get_substring error: %d",
+ msg_fatal("pcre map %s, line %d: pcre_get_substring error: %d",
dict_pcre->dict.name, match_rule->rule.lineno, ret);
}
if (*pp == 0) {
msg_panic("pcre map %s, line %d: pcre_fullinfo failed",
mapname, lineno);
if (prescan_context.max_sub > actual_sub) {
- msg_warn("regexp map %s, line %d: out of range replacement index \"%d\": "
+ msg_warn("pcre map %s, line %d: out of range replacement index \"%d\": "
"skipping this rule", mapname, lineno,
(int) prescan_context.max_sub);
if (engine.pattern)
* Unrecognized input.
*/
else {
- msg_warn("regexp map %s, line %d: ignoring unrecognized request",
+ msg_warn("pcre map %s, line %d: ignoring unrecognized request",
mapname, lineno);
return (0);
}
projects / thirdparty / postfix.git / commitdiff
