Documentation: a simpler null-client example. File:
proto/STANDARD_CONFIGURATION_README.html
-20120113
+20121013
Cleanup: to compute the LDAP connection cache lookup key,
join the numeric fields with null, just like string fields.
20121022
- Bugfix (introduced 20101009) don't complain abuot stray -m
+ Bugfix (introduced 20101009) don't complain about stray -m
option if none of -[bhm] is specified. Ralf Hildebrandt.
File: postmap/postmap.c.
20121029
- Strip datalink suffix from IPv6 addresses returned by the
- system getaddrinfo() routine. Such suffixes mess up the
- default mynetworks value, host name/address verification
- and possibly more. This change obsoletes the 20101108 change
- that removes datalink suffixes in the SMTP and QMQP servers.
- Files: util/myaddrinfo.c, smtpd/smtpd_peer.c, qmqpd/qmqpd_peer.c.
+ Workaround: strip datalink suffix from IPv6 addresses
+ returned by the system getaddrinfo() routine. Such suffixes
+ mess up the default mynetworks value, host name/address
+ verification and possibly more. This change obsoletes the
+ 20101108 change that removes datalink suffixes in the SMTP
+ and QMQP servers. Files: util/myaddrinfo.c, smtpd/smtpd_peer.c,
+ qmqpd/qmqpd_peer.c.
20121031
postscreen/postscreen_smtpd.c, proto/POSTSCREEN_README.html.
Bugfix (introduced: Postfix 1.1): wrong string termination
- when handling a MBOX From_ line at the start of a message.
+ when handling an MBOX From_ line at the start of a message.
File: qmqpd/qmqpd.c.
20121110
Cleanup: consistent escaping of commands in postscreen deep
protocol test logging. File: postscreen/postscreen_smtpd.c.
+
+20121124
+
+ Documentation: the bounce behavior for automatically-added
+ BCC recipients has changed with Postfix 2.3 when DSN support
+ was introduced. File: proto/postconf.proto.
+
+20121203
+
+ Documentation: added explicit example for -o name=value.
+ File: proto/master.
+
+20121210
+
+ Bugfix (introduced: Postfix 2.9) nesting count error while
+ stripping the optional [] around a DNS[BW]L address pattern.
+ This part of the code is not documented and had escaped
+ testing. Files: util/ip_match.c, util/ip_match.in,
+ util/ip_match.ref.
processes available for legitimate clients, and delays the onset of server
overload conditions.
-postscreen(8) maintains a temporary whitelist for clients that pass its tests;
-by allowing whitelisted clients to skip tests, postscreen(8) minimizes its
-impact on legitimate email traffic.
-
postscreen(8) should not be used on SMTP ports that receive mail from end-user
clients (MUAs). In a typical deployment, postscreen(8) handles the MX service
on TCP port 25, while MUA clients submit mail via the submission service on TCP
up a dedicated, non-postscreen, "port 25" server that provides submission
service and client authentication, but no MX service.
+postscreen(8) maintains a temporary whitelist for clients that pass its tests;
+by allowing whitelisted clients to skip tests, postscreen(8) minimizes its
+impact on legitimate email traffic.
+
postscreen(8) is part of a multi-layer defense.
* As the first layer, postscreen(8) blocks connections from zombies and other
Don't forget Apple's code donation for fetching mail from
IMAP server.
+ Make errno white/blacklist for getpwnam_r etc. and mailbox
+ write errors.
+
smtpd_muble_restrictions rule names are case-insensitive.
restriction_classes values are case-sensitive but should
be case-insensitive for consistency with smtpd_muble_restrictions.
legitimate clients, and delays the onset of <a
href="STRESS_README.html">server overload</a> conditions. </p>
-<p> <a href="postscreen.8.html">postscreen(8)</a> maintains a temporary whitelist for clients that
-pass its tests; by allowing whitelisted clients to skip tests,
-<a href="postscreen.8.html">postscreen(8)</a> minimizes its impact on legitimate email traffic.
-</p>
-
<p> <a href="postscreen.8.html">postscreen(8)</a> should not be used on SMTP ports that receive
mail from end-user clients (MUAs). In a typical deployment,
<a href="postscreen.8.html">postscreen(8)</a> handles the MX service on TCP port 25, while MUA
a dedicated, non-postscreen, "port 25" server that provides submission
service and client authentication, but no MX service. </p>
+<p> <a href="postscreen.8.html">postscreen(8)</a> maintains a temporary whitelist for clients that
+pass its tests; by allowing whitelisted clients to skip tests,
+<a href="postscreen.8.html">postscreen(8)</a> minimizes its impact on legitimate email traffic.
+</p>
+
<p> <a href="postscreen.8.html">postscreen(8)</a> is part of a multi-layer defense. <p>
<ul>
<a href="postconf.5.html">main.cf</a>. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for syntax.
NOTE 1: do not specify whitespace around the
- "=". In parameter values, either avoid
- whitespace altogether, use commas instead of
- spaces, or consider overrides like "-o
- name=$override_parameter" with $over-
- ride_parameter set in <a href="postconf.5.html">main.cf</a>.
-
- NOTE 2: Over-zealous use of parameter over-
- rides makes the Postfix configuration hard
- to understand and maintain. At a certain
- point, it might be easier to configure mul-
- tiple instances of Postfix, instead of con-
+ "=" or in parameter values. To specify a
+ parameter value that contains whitespace,
+ use commas instead of spaces, or specify the
+ value in <a href="postconf.5.html">main.cf</a>. Example:
+
+ /etc/postfix/<a href="master.5.html">master.cf</a>:
+ submission inet .... smtpd
+ -o smtpd_mumble=$submission_mumble
+
+ /etc/postfix/<a href="postconf.5.html">main.cf</a>
+ submission_mumble = text with whitespace...
+
+ NOTE 2: Over-zealous use of parameter over-
+ rides makes the Postfix configuration hard
+ to understand and maintain. At a certain
+ point, it might be easier to configure mul-
+ tiple instances of Postfix, instead of con-
figuring multiple personalities via mas-
ter.cf.
- <b>-v</b> Increase the verbose logging level. Specify
+ <b>-v</b> Increase the verbose logging level. Specify
multiple <b>-v</b> options to make a Postfix daemon
process increasingly verbose.
<a href="DEBUG_README.html">DEBUG_README</a>, Postfix debugging
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
</p>
<p>
-Note: if mail to the BCC address bounces it will be returned to
-the sender.
+Note: with Postfix 2.3 and later the BCC address is added as if it
+was specified with NOTIFY=NONE. The sender will not be notified
+when the BCC address is undeliverable, as long as all down-stream
+software implements <a href="http://tools.ietf.org/html/rfc3461">RFC 3461</a>.
+</p>
+
+<p>
+Note: with Postfix 2.2 and earlier the sender will be notified
+when the BCC address is undeliverable.
</p>
<p> Note: automatic BCC recipients are produced only for new mail.
</p>
<p>
-Note: if mail to the BCC address bounces it will be returned to
-the sender.
+Note: with Postfix 2.3 and later the BCC address is added as if it
+was specified with NOTIFY=NONE. The sender will not be notified
+when the BCC address is undeliverable, as long as all down-stream
+software implements <a href="http://tools.ietf.org/html/rfc3461">RFC 3461</a>.
+</p>
+
+<p>
+Note: with Postfix 2.2 and earlier the sender will be notified
+when the BCC address is undeliverable.
</p>
<p> Note: automatic BCC recipients are produced only for new mail.
</p>
<p>
-Note: if mail to the BCC address bounces it will be returned to
-the sender.
+Note: with Postfix 2.3 and later the BCC address is added as if it
+was specified with NOTIFY=NONE. The sender will not be notified
+when the BCC address is undeliverable, as long as all down-stream
+software implements <a href="http://tools.ietf.org/html/rfc3461">RFC 3461</a>.
+</p>
+
+<p>
+Note: with Postfix 2.2 and earlier the sender will be notified
+when the BCC address is undeliverable.
</p>
<p> Note: automatic BCC recipients are produced only for new mail.
decides which clients may talk to a Postfix SMTP server
process. By keeping spambots away, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> leaves
more SMTP server processes available for legitimate
- clients.
+ clients, and delays the onset of server overload condi-
+ tions.
This program should not be used on SMTP ports that receive
- mail from end-user clients (MUAs). In a typical deploy-
- ment, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> is used on the "port 25" service,
- while MUA clients submit mail via the <b>submission</b> service,
- or via a "port 25" server that provides no MX service
- (i.e. a dedicated server that provides <b>submission</b> service
- on port 25).
+ mail from end-user clients (MUAs). In a typical deploy-
+ ment, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> handles the MX service on TCP port 25,
+ while MUA clients submit mail via the <b>submission</b> service
+ on TCP port 587 which requires client authentication.
+ Alternatively, a site could set up a dedicated, non-
+ postscreen, "port 25" server that provides <b>submission</b> ser-
+ vice and client authentication, but no MX service.
<a href="postscreen.8.html"><b>postscreen</b>(8)</a> maintains a temporary whitelist for clients
that have passed a number of tests. When an SMTP client
etc., just like in main.cf. See \fBpostconf\fR(5) for
syntax.
.sp
-NOTE 1: do not specify whitespace around the "=". In parameter
-values, either avoid whitespace altogether, use commas
-instead of spaces, or consider overrides like "-o
-name=$override_parameter" with $override_parameter set in
-main.cf.
+NOTE 1: do not specify whitespace around the "=" or in
+parameter values. To specify a parameter value that contains
+whitespace, use commas instead of spaces, or specify the
+value in main.cf. Example:
+.sp
+.nf
+/etc/postfix/master.cf:
+ submission inet .... smtpd
+ -o smtpd_mumble=$submission_mumble
+.sp
+/etc/postfix/main.cf
+ submission_mumble = text with whitespace...
+.fi
.sp
NOTE 2: Over-zealous use of parameter overrides makes the
Postfix configuration hard to understand and maintain. At
Optional address that receives a "blind carbon copy" of each message
that is received by the Postfix mail system.
.PP
-Note: if mail to the BCC address bounces it will be returned to
-the sender.
+Note: with Postfix 2.3 and later the BCC address is added as if it
+was specified with NOTIFY=NONE. The sender will not be notified
+when the BCC address is undeliverable, as long as all down-stream
+software implements RFC 3461.
+.PP
+Note: with Postfix 2.2 and earlier the sender will be notified
+when the BCC address is undeliverable.
.PP
Note: automatic BCC recipients are produced only for new mail.
To avoid mailer loops, automatic BCC recipients are not generated
Specify the types and names of databases to use. After change,
run "\fBpostmap /etc/postfix/recipient_bcc\fR".
.PP
-Note: if mail to the BCC address bounces it will be returned to
-the sender.
+Note: with Postfix 2.3 and later the BCC address is added as if it
+was specified with NOTIFY=NONE. The sender will not be notified
+when the BCC address is undeliverable, as long as all down-stream
+software implements RFC 3461.
+.PP
+Note: with Postfix 2.2 and earlier the sender will be notified
+when the BCC address is undeliverable.
.PP
Note: automatic BCC recipients are produced only for new mail.
To avoid mailer loops, automatic BCC recipients are not generated
Specify the types and names of databases to use. After change,
run "\fBpostmap /etc/postfix/sender_bcc\fR".
.PP
-Note: if mail to the BCC address bounces it will be returned to
-the sender.
+Note: with Postfix 2.3 and later the BCC address is added as if it
+was specified with NOTIFY=NONE. The sender will not be notified
+when the BCC address is undeliverable, as long as all down-stream
+software implements RFC 3461.
+.PP
+Note: with Postfix 2.2 and earlier the sender will be notified
+when the BCC address is undeliverable.
.PP
Note: automatic BCC recipients are produced only for new mail.
To avoid mailer loops, automatic BCC recipients are not generated
process handles multiple inbound SMTP connections, and decides
which clients may talk to a Postfix SMTP server process.
By keeping spambots away, \fBpostscreen\fR(8) leaves more
-SMTP server processes available for legitimate clients.
+SMTP server processes available for legitimate clients, and
+delays the onset of server overload conditions.
This program should not be used on SMTP ports that receive
mail from end-user clients (MUAs). In a typical deployment,
-\fBpostscreen\fR(8) is used on the "port 25" service, while
-MUA clients submit mail via the \fBsubmission\fR service,
-or via a "port 25" server that provides no MX service (i.e.
-a dedicated server that provides \fBsubmission\fR service
-on port 25).
+\fBpostscreen\fR(8) handles the MX service on TCP port 25,
+while MUA clients submit mail via the \fBsubmission\fR
+service on TCP port 587 which requires client authentication.
+Alternatively, a site could set up a dedicated, non-postscreen,
+"port 25" server that provides \fBsubmission\fR service and
+client authentication, but no MX service.
\fBpostscreen\fR(8) maintains a temporary whitelist for
clients that have passed a number of tests. When an SMTP
legitimate clients, and delays the onset of <a
href="STRESS_README.html">server overload</a> conditions. </p>
-<p> postscreen(8) maintains a temporary whitelist for clients that
-pass its tests; by allowing whitelisted clients to skip tests,
-postscreen(8) minimizes its impact on legitimate email traffic.
-</p>
-
<p> postscreen(8) should not be used on SMTP ports that receive
mail from end-user clients (MUAs). In a typical deployment,
postscreen(8) handles the MX service on TCP port 25, while MUA
a dedicated, non-postscreen, "port 25" server that provides submission
service and client authentication, but no MX service. </p>
+<p> postscreen(8) maintains a temporary whitelist for clients that
+pass its tests; by allowing whitelisted clients to skip tests,
+postscreen(8) minimizes its impact on legitimate email traffic.
+</p>
+
<p> postscreen(8) is part of a multi-layer defense. <p>
<ul>
# etc., just like in main.cf. See \fBpostconf\fR(5) for
# syntax.
# .sp
-# NOTE 1: do not specify whitespace around the "=". In parameter
-# values, either avoid whitespace altogether, use commas
-# instead of spaces, or consider overrides like "-o
-# name=$override_parameter" with $override_parameter set in
-# main.cf.
+# NOTE 1: do not specify whitespace around the "=" or in
+# parameter values. To specify a parameter value that contains
+# whitespace, use commas instead of spaces, or specify the
+# value in main.cf. Example:
+# .sp
+# .nf
+# /etc/postfix/master.cf:
+# submission inet .... smtpd
+# -o smtpd_mumble=$submission_mumble
+# .sp
+# /etc/postfix/main.cf
+# submission_mumble = text with whitespace...
+# .fi
# .sp
# NOTE 2: Over-zealous use of parameter overrides makes the
# Postfix configuration hard to understand and maintain. At
</p>
<p>
-Note: if mail to the BCC address bounces it will be returned to
-the sender.
+Note: with Postfix 2.3 and later the BCC address is added as if it
+was specified with NOTIFY=NONE. The sender will not be notified
+when the BCC address is undeliverable, as long as all down-stream
+software implements RFC 3461.
+</p>
+
+<p>
+Note: with Postfix 2.2 and earlier the sender will be notified
+when the BCC address is undeliverable.
</p>
<p> Note: automatic BCC recipients are produced only for new mail.
</p>
<p>
-Note: if mail to the BCC address bounces it will be returned to
-the sender.
+Note: with Postfix 2.3 and later the BCC address is added as if it
+was specified with NOTIFY=NONE. The sender will not be notified
+when the BCC address is undeliverable, as long as all down-stream
+software implements RFC 3461.
+</p>
+
+<p>
+Note: with Postfix 2.2 and earlier the sender will be notified
+when the BCC address is undeliverable.
</p>
<p> Note: automatic BCC recipients are produced only for new mail.
</p>
<p>
-Note: if mail to the BCC address bounces it will be returned to
-the sender.
+Note: with Postfix 2.3 and later the BCC address is added as if it
+was specified with NOTIFY=NONE. The sender will not be notified
+when the BCC address is undeliverable, as long as all down-stream
+software implements RFC 3461.
+</p>
+
+<p>
+Note: with Postfix 2.2 and earlier the sender will be notified
+when the BCC address is undeliverable.
</p>
<p> Note: automatic BCC recipients are produced only for new mail.
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20121123"
+#define MAIL_RELEASE_DATE "20121210"
#define MAIL_VERSION_NUMBER "2.10"
#ifdef SNAPSHOT
/* process handles multiple inbound SMTP connections, and decides
/* which clients may talk to a Postfix SMTP server process.
/* By keeping spambots away, \fBpostscreen\fR(8) leaves more
-/* SMTP server processes available for legitimate clients.
+/* SMTP server processes available for legitimate clients, and
+/* delays the onset of server overload conditions.
/*
/* This program should not be used on SMTP ports that receive
/* mail from end-user clients (MUAs). In a typical deployment,
-/* \fBpostscreen\fR(8) is used on the "port 25" service, while
-/* MUA clients submit mail via the \fBsubmission\fR service,
-/* or via a "port 25" server that provides no MX service (i.e.
-/* a dedicated server that provides \fBsubmission\fR service
-/* on port 25).
+/* \fBpostscreen\fR(8) handles the MX service on TCP port 25,
+/* while MUA clients submit mail via the \fBsubmission\fR
+/* service on TCP port 587 which requires client authentication.
+/* Alternatively, a site could set up a dedicated, non-postscreen,
+/* "port 25" server that provides \fBsubmission\fR service and
+/* client authentication, but no MX service.
/*
/* \fBpostscreen\fR(8) maintains a temporary whitelist for
/* clients that have passed a number of tests. When an SMTP
* Simplify this if we change to {} for wildcard notation.
*/
#define FIND_TERMINATOR(start, cp) do { \
- int _level = 1; \
+ int _level = 0; \
for (cp = (start) ; *cp; cp++) { \
if (*cp == '[') _level++; \
if (*cp != ']') continue; \
1.2.3.4x
1.2.[3..11].5 1.2.3.5 1.2.2.5 1.2.11.5 1.2.12.5 1.2.11.6
1.2.[3;5;7;9;11].5 1.2.3.5 1.2.2.5 1.2.4.5 1.2.11.5 1.2.12.5 1.2.11.6
+[1;2].3.4.5 1.3.4.5 2.3.4.5 3.3.4.5
+[[1;2].3.4.5] 1.3.4.5 2.3.4.5 3.3.4.5
Match 1.2.11.5: yes
Match 1.2.12.5: no
Match 1.2.11.6: no
+> [1;2].3.4.5 1.3.4.5 2.3.4.5 3.3.4.5
+Code: [1;2].3.4.5
+Match 1.3.4.5: yes
+Match 2.3.4.5: yes
+Match 3.3.4.5: no
+> [[1;2].3.4.5] 1.3.4.5 2.3.4.5 3.3.4.5
+Code: [1;2].3.4.5
+Match 1.3.4.5: yes
+Match 2.3.4.5: yes
+Match 3.3.4.5: no
projects / thirdparty / postfix.git / commitdiff
