reported "illegal seek" instead of "file too large". File:
postdrop/postdrop.c.
+20070310
+
+ Cleanup: specify "undisclosed_recipients_header =" to disable
+ Postfix's "To: undisclosed-recipients:;" header for mail
+ that lists no recipient. The To: header is not required as
+ of RFC 2822. The undisclosed_recipients_header parameter
+ value can now be an empty string, a value that was not
+ allowed with earlier Postfix versions. With Postfix 2.5 it
+ will be empty by default. Files: cleanup/cleanup.c,
+ cleanup/cleanup_message.c.
+
+20070312
+
+ Backwards compatibility: don't pad short message header
+ records when Milter support is turned off. This maintains
+ compatibility with Postfix versions that pre-date Milter
+ support. File: cleanup/cleanup_out.c.
+
Wish list:
Update message content length when adding/removing headers.
B\bBu\bui\bil\bld\bdi\bin\bng\bg t\bth\bhe\be C\bCy\byr\bru\bus\bs S\bSA\bAS\bSL\bL l\bli\bib\bbr\bra\bar\bry\by
-Postfix appears to work with cyrus-sasl-1.5.5 or cyrus-sasl-2.1.1, which are
+Postfix appears to work with cyrus-sasl-1.5.x or cyrus-sasl-2.1.x, which are
available from:
ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/
IMPORTANT: if you install the Cyrus SASL libraries as per the default, you will
-have to symlink /usr/lib/sasl -> /usr/local/lib/sasl for version 1.5.5 or /usr/
-lib/sasl2 -> /usr/local/lib/sasl2 for version 2.1.1.
+have to symlink /usr/lib/sasl -> /usr/local/lib/sasl for version 1.5.x or /usr/
+lib/sasl2 -> /usr/local/lib/sasl2 for version 2.1.x.
-Reportedly, Microsoft Internet Explorer version 5 requires the non-standard
-SASL LOGIN authentication method. To enable this authentication method, specify
-``./configure --enable-login''.
+Reportedly, Microsoft Outlook (Express) requires the non-standard LOGIN
+authentication method. To enable this authentication method, specify ``./
+configure --enable-login''.
B\bBu\bui\bil\bld\bdi\bin\bng\bg P\bPo\bos\bst\btf\bfi\bix\bx w\bwi\bit\bth\bh C\bCy\byr\bru\bus\bs S\bSA\bAS\bSL\bL s\bsu\bup\bpp\bpo\bor\brt\bt
On some systems this generates the necessary Makefile definitions:
-(for Cyrus SASL version 1.5.5):
+(for Cyrus SASL version 1.5.x):
% make tidy # if you have left-over files from a previous build
% make makefiles CCARGS="-DUSE_SASL_AUTH -DUSE_CYRUS_SASL \
-I/usr/local/include" AUXLIBS="-L/usr/local/lib -lsasl"
-(for Cyrus SASL version 2.1.1):
+(for Cyrus SASL version 2.1.x):
% make tidy # if you have left-over files from a previous build
% make makefiles CCARGS="-DUSE_SASL_AUTH -DUSE_CYRUS_SASL \
On Solaris 2.x you need to specify run-time link information, otherwise ld.so
will not find the SASL shared library:
-(for Cyrus SASL version 1.5.5):
+(for Cyrus SASL version 1.5.x):
% make tidy # if you have left-over files from a previous build
% make makefiles CCARGS="-DUSE_SASL_AUTH -DUSE_CYRUS_SASL \
-I/usr/local/include" AUXLIBS="-L/usr/local/lib \
-R/usr/local/lib -lsasl"
-(for Cyrus SASL version 2.1.1):
+(for Cyrus SASL version 2.1.x):
% make tidy # if you have left-over files from a previous build
% make makefiles CCARGS="-DUSE_SASL_AUTH -DUSE_CYRUS_SASL \
Older Microsoft SMTP client software implements a non-standard version of the
AUTH protocol syntax, and expects that the SMTP server replies to EHLO with
-"250 AUTH=stuff" instead of "250 AUTH stuff". To accommodate such clients (in
-addition to conformant clients) use the following:
+"250 AUTH=mechanism-list" instead of "250 AUTH mechanism-list". To accommodate
+such clients (in addition to conformant clients) use the following:
/etc/postfix/main.cf:
broken_sasl_auth_clients = yes
C\bCy\byr\bru\bus\bs S\bSA\bAS\bSL\bL c\bco\bon\bnf\bfi\big\bgu\bur\bra\bat\bti\bio\bon\bn f\bfo\bor\br t\bth\bhe\be P\bPo\bos\bst\btf\bfi\bix\bx S\bSM\bMT\bTP\bP s\bse\ber\brv\bve\ber\br
-In /usr/local/lib/sasl/smtpd.conf (Cyrus SASL version 1.5.5) or /usr/local/lib/
-sasl2/smtpd.conf (Cyrus SASL version 2.1.1) you need to specify how the server
-should validate client passwords.
+You need to configure how the Cyrus SASL library should authenticate a client's
+username and password. These settings must be stored in a separate
+configuration file.
+
+The name of the configuration file (default: smtpd.conf) will be constructed
+from a value sent by Postfix to the Cyrus SASL library, which adds the suffix
+.conf. The value is configured using one of the following variables:
+
+ /etc/postfix/main.cf:
+ # Postfix 2.3 and later
+ smtpd_sasl_path = smtpd
+ # Postfix < 2.3
+ smtpd_sasl_application_name = smtpd
+
+Cyrus SASL searches for the configuration file in /usr/local/lib/sasl/ (Cyrus
+SASL version 1.5.5) or /usr/local/lib/sasl2/ (Cyrus SASL version 2.1.x).
Note: some Postfix distributions are modified and look for the smtpd.conf file
-in /etc/postfix.
+in /etc/postfix/sasl.
Note: some Cyrus SASL distributions look for the smtpd.conf file in /etc/sasl2.
- * To authenticate against the UNIX password database, try:
+ * To authenticate against the UNIX password database, use:
- (Cyrus SASL version 1.5.5)
+ (Cyrus SASL version 1.5.x)
/usr/local/lib/sasl/smtpd.conf:
pwcheck_method: pwcheck
- (Cyrus SASL version 2.1.1)
-
- /usr/local/lib/sasl2/smtpd.conf:
- pwcheck_method: pwcheck
-
- The name of the file in /usr/local/lib/sasl (Cyrus SASL version 1.5.5) or /
- usr/local/lib/sasl2 (Cyrus SASL version 2.1.1) used by the SASL library for
- configuration can be set with:
-
- /etc/postfix/main.cf:
- smtpd_sasl_application_name = smtpd (Postfix < 2.3)
- smtpd_sasl_path = smtpd (Postfix 2.3 and later)
-
- The pwcheck daemon is contained in the cyrus-sasl source tarball.
-
- IMPORTANT: postfix processes need to have group read+execute permission for
- the /var/pwcheck directory, otherwise authentication attempts will fail.
+ IMPORTANT: pwcheck establishes a UNIX domain socket in /var/pwcheck and
+ waits for authentication requests. Postfix processes must have
+ read+execute permission to this directory or authentication attempts
+ will fail.
- * Alternately, in Cyrus SASL 1.5.26 and later (including 2.1.1), try:
+ The pwcheck daemon is contained in the cyrus-sasl source tarball.
(Cyrus SASL version 1.5.26)
/usr/local/lib/sasl/smtpd.conf:
pwcheck_method: saslauthd
- (Cyrus SASL version 2.1.1)
+ (Cyrus SASL version 2.1.x)
/usr/local/lib/sasl2/smtpd.conf:
pwcheck_method: saslauthd
+ mech_list: PLAIN LOGIN
The saslauthd daemon is also contained in the cyrus-sasl source tarball. It
is more flexible than the pwcheck daemon, in that it can authenticate
against PAM and various other sources. To use PAM, start saslauthd with "-
a pam".
+ IMPORTANT: saslauthd usually establishes a UNIX domain socket in /var/run/
+ saslauthd and waits for authentication requests. postfix processes must
+ have read+execute permission to this directory or authentication attempts
+ will fail.
+
+ Note: The directory where saslauthd puts the socket is configurable. See
+ the command-line option "-m /path/to/socket" in the saslauthd --help
+ listing.
+
* To authenticate against Cyrus SASL's own password database:
- (Cyrus SASL version 1.5.5)
+ (Cyrus SASL version 1.5.x)
/usr/local/lib/sasl/smtpd.conf:
- pwcheck_method: sasldb
+ pwcheck_method: sasldb
- (Cyrus SASL version 2.1.1)
+ (Cyrus SASL version 2.1.x)
/usr/local/lib/sasl2/smtpd.conf:
- pwcheck_method: auxprop
+ pwcheck_method: auxprop
+ auxprop_plugin: sasldb
+ mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
This will use the Cyrus SASL password file (default: /etc/sasldb in version
- 1.5.5, or /etc/sasldb2 in version 2.1.1), which is maintained with the
+ 1.5.x, or /etc/sasldb2 in version 2.1.x), which is maintained with the
saslpasswd or saslpasswd2 command (part of the Cyrus SASL software). On
some poorly-supported systems the saslpasswd command needs to be run
multiple times before it stops complaining. The Postfix SMTP server needs
EXAMPLE:
- (Cyrus SASL version 1.5.5)
+ (Cyrus SASL version 1.5.x)
% saslpasswd -c -u `postconf -h myhostname` exampleuser
- (Cyrus SASL version 2.1.1)
+ (Cyrus SASL version 2.1.x)
% saslpasswd2 -c -u `postconf -h myhostname` exampleuser
You can find out SASL's idea about the realms of the users in sasldb with
- sasldblistusers (Cyrus SASL version 1.5.5) or sasldblistusers2 (Cyrus SASL
- version 2.1.1).
+ sasldblistusers (Cyrus SASL version 1.5.x) or sasldblistusers2 (Cyrus SASL
+ version 2.1.x).
On the Postfix side, you can have only one realm per smtpd instance, and
only the users belonging to that realm would be able to authenticate. The
/etc/postfix/main.cf:
smtpd_sasl_local_domain = $myhostname
-IMPORTANT: all users must be able to authenticate using ALL authentication
-mechanisms advertised by Postfix, otherwise the negotiation might end up with
-an unsupported mechanism, and authentication would fail. For example if you
-configure SASL to use saslauthd for authentication against PAM (pluggable
-authentication modules), only the PLAIN and LOGIN mechanisms are supported and
-stand a chance to succeed, yet the SASL library would also advertise other
-mechanisms, such as DIGEST-MD5. This happens because those mechanisms are made
-available by other plugins, and the SASL library have no way to know that your
-only valid authentication source is PAM. Thus you might need to limit the list
-of mechanisms advertised by Postfix.
+IMPORTANT: The Cyrus SASL password verification services pwcheck and saslauthd
+can only support the plaintext mechanisms PLAIN or LOGIN. However, the Cyrus
+SASL library doesn't know this, and will happily advertise other authentication
+mechanisms that the SASL library implements, such as DIGEST-MD5. As a result,
+if an SMTP client chooses any mechanism other than PLAIN or LOGIN while pwcheck
+or saslauthd are used, authentication will fail. Thus you may need to limit the
+list of mechanisms advertised by Postfix.
* With older Cyrus SASL versions you remove the corresponding library files
from the SASL plug-in directory (and again whenever the system is updated).
- * With Cyrus SASL version 2.1.1 or later:
+ * With Cyrus SASL version 2.1.x or later the mech_list variable can specify a
+ list of authentication mechanisms that Cyrus SASL may offer:
/usr/local/lib/sasl2/smtpd.conf:
mech_list: plain login
For the same reasons you might want to limit the list of plugins used for
authentication.
- * With Cyrus SASL version 1.5.5 your only choice is to delete the
+ * With Cyrus SASL version 1.5.x your only choice is to delete the
corresponding library files from the SASL plug-in directory.
- * With SASL version 2.1.1:
+ * With SASL version 2.1.x:
/usr/local/lib/sasl2/smtpd.conf:
- pwcheck_method: auxprop
- auxprop_plugin: sql
+ pwcheck_method: auxprop
+ auxprop_plugin: sql
To run software chrooted with SASL support is an interesting exercise. It
probably is not worth the trouble.
T\bTr\bro\bou\bub\bbl\ble\be s\bsh\bho\boo\bot\bti\bin\bng\bg t\bth\bhe\be S\bSA\bAS\bSL\bL i\bin\bnt\bte\ber\brn\bna\bal\bls\bs
In the Cyrus SASL sources you'll find a subdirectory named "sample". Run make
-there, "su" to the user postfix (or whatever your mail_owner directive is set
-to):
+there, then create a symbolic link from sample.conf to smtpd.conf in your Cyrus
+SASL library directory /usr/local/lib/sasl2. "su" to the user postfix (or
+whatever your mail_owner directive is set to):
% su postfix
-then run the resulting sample server and client in separate terminals. Strace /
-ktrace / truss the server to see what makes it unhappy, and fix the problem.
-Repeat the previous step until you can successfully authenticate with the
-sample client. Only then get back to Postfix.
+then run the resulting sample server and client in separate terminals. The
+sample applications send log messages to the syslog facility auth. Check the
+log to fix the problem or run strace / ktrace / truss on the server to see what
+makes it unhappy. Repeat the previous step until you can successfully
+authenticate with the sample client. Only then get back to Postfix.
E\bEn\bna\bab\bbl\bli\bin\bng\bg S\bSA\bAS\bSL\bL a\bau\but\bth\bhe\ben\bnt\bti\bic\bca\bat\bti\bio\bon\bn i\bin\bn t\bth\bhe\be P\bPo\bos\bst\btf\bfi\bix\bx S\bSM\bMT\bTP\bP c\bcl\bli\bie\ben\bnt\bt
[mail.myisp.net] username:password
[mail.myisp.net]:submission username:password
+The Postfix SASL client password file is opened before the SMTP server enters
+the optional chroot jail, so you can keep the file in /etc/postfix and set
+permissions read / write only for root to keep the username:password
+combinations away from other system users.
+
Postfix version 2.3 supports-per-sender SASL password information. To search
the Postfix SASL password by sender before it searches by destination, specify:
/etc/postfix/main.cf:
smtp_sasl_security_options = noanonymous
-The Postfix SASL client password file is opened before the SMTP server enters
-the optional chroot jail, so you can keep the file in /etc/postfix.
-
Note: Some SMTP servers support authentication mechanisms that, although
available on the client system, may not in practice work or possess the
appropriate credentials to authenticate to the server. It is possible via the
smtp_sasl_mechanism_filter = !gssapi, !external, static:all
In the above example, Postfix will decline to use mechanisms that require
-special infrastructure such as Kerberos.
+special infrastructure such as Kerberos or TLS.
The Postfix SMTP client is backwards compatible with SMTP servers that use the
non-standard "AUTH=method..." syntax in response to the EHLO command; there is
smtpd_sasl_path.
* The Dovecot SMTP server-only plug-in was originally implemented by Timo
Sirainen of Procontrol, Finland.
+ * Patrick Ben Koetter revised this document for Postfix 2.4 and made much
+ needed updates.
M\bMe\bea\bas\bsu\bur\bre\bes\bs a\bag\bga\bai\bin\bns\bst\bt c\bcl\bli\bie\ben\bnt\bts\bs t\bth\bha\bat\bt m\bma\bak\bke\be t\bto\boo\bo m\bma\ban\bny\by c\bco\bon\bnn\bne\bec\bct\bti\bio\bon\bns\bs
-Note: this feature is not included with Postfix version 2.1.
+Note: the anvil(8) service was introduced with Postfix version 2.2.
The Postfix smtpd(8) server can limit the number of simultaneous connections
from the same SMTP client, as well as the number of connections that a client
- Remove MacOS X examples. They have not been updated.
- Is "postmap -qf" still needed with regexp/pcre maps?
+
+- Update TUNING_README smtpd_client_*_limit feature list (add TLS).
+
+- Update TUNING_README file descriptor tuning.
# postmap -q - /etc/postfix/access <inputfile
#
# DESCRIPTION
-# The Postfix SMTP server access(5) table specifies actions
-# that are triggered by information from or about remote
-# SMTP clients: host names, network addresses, or email
-# addresses. An action may grant or deny access, or it may
-# change the way that an email transaction will be handled.
+# The Postfix SMTP server supports access control on infor-
+# mation about remote SMTP clients or information received
+# in SMTP commands: host names, network addresses, envelope
+# sender or recipient addresses. See header_checks(5) or
+# body_checks(5) for access control on the content of email
+# messages.
#
# Normally, the access(5) table is specified as a text file
# that serves as input to the postmap(1) command. The
#
# DEFER_IF_REJECT optional text...
# Defer the request if some later restriction would
-# result in a REJECT action. Reply with "450 optional
-# text... when the optional text is specified, other-
-# wise reply with a generic error response message.
+# result in a REJECT action. Reply with "450 4.7.1
+# optional text... when the optional text is speci-
+# fied, otherwise reply with a generic error response
+# message.
#
# This feature is available in Postfix 2.1 and later.
#
# DEFER_IF_PERMIT optional text...
-# Defer the request if some later restriction would
-# result in a an explicit or implicit PERMIT action.
-# Reply with "450 optional text... when the optional
-# text is specified, otherwise reply with a generic
-# error response message.
+# Defer the request if some later restriction would
+# result in a an explicit or implicit PERMIT action.
+# Reply with "450 4.7.1 optional text... when the
+# optional text is specified, otherwise reply with a
+# generic error response message.
#
# This feature is available in Postfix 2.1 and later.
#
# reject_unauth_destination, and so on).
#
# DISCARD optional text...
-# Claim successful delivery and silently discard the
-# message. Log the optional text if specified, oth-
+# Claim successful delivery and silently discard the
+# message. Log the optional text if specified, oth-
# erwise log a generic message.
#
-# Note: this action currently affects all recipients
-# of the message. To discard only one recipient
-# without discarding the entire message, use the
+# Note: this action currently affects all recipients
+# of the message. To discard only one recipient
+# without discarding the entire message, use the
# transport(5) table to direct mail to the discard(8)
# service.
#
# This feature is available in Postfix 2.0 and later.
#
-# DUNNO Pretend that the lookup key was not found. This
-# prevents Postfix from trying substrings of the
-# lookup key (such as a subdomain name, or a network
+# DUNNO Pretend that the lookup key was not found. This
+# prevents Postfix from trying substrings of the
+# lookup key (such as a subdomain name, or a network
# address subnetwork).
#
# This feature is available in Postfix 2.0 and later.
#
# FILTER transport:destination
-# After the message is queued, send the entire mes-
+# After the message is queued, send the entire mes-
# sage through the specified external content filter.
-# The transport:destination syntax is described in
-# the transport(5) manual page. More information
-# about external content filters is in the Postfix
+# The transport:destination syntax is described in
+# the transport(5) manual page. More information
+# about external content filters is in the Postfix
# FILTER_README file.
#
-# Note: this action overrides the main.cf con-
+# Note: this action overrides the main.cf con-
# tent_filter setting, and currently affects all
# recipients of the message.
#
# This feature is available in Postfix 2.0 and later.
#
# HOLD optional text...
-# Place the message on the hold queue, where it will
-# sit until someone either deletes it or releases it
-# for delivery. Log the optional text if specified,
+# Place the message on the hold queue, where it will
+# sit until someone either deletes it or releases it
+# for delivery. Log the optional text if specified,
# otherwise log a generic message.
#
-# Mail that is placed on hold can be examined with
-# the postcat(1) command, and can be destroyed or
+# Mail that is placed on hold can be examined with
+# the postcat(1) command, and can be destroyed or
# released with the postsuper(1) command.
#
-# Note: use "postsuper -r" to release mail that was
-# kept on hold for a significant fraction of $maxi-
+# Note: use "postsuper -r" to release mail that was
+# kept on hold for a significant fraction of $maxi-
# mal_queue_lifetime or $bounce_queue_lifetime, or
# longer.
#
-# Note: this action currently affects all recipients
+# Note: this action currently affects all recipients
# of the message.
#
# This feature is available in Postfix 2.0 and later.
#
# PREPEND headername: headervalue
-# Prepend the specified message header to the mes-
-# sage. When this action executes multiple times,
-# the first prepended header appears before the sec-
+# Prepend the specified message header to the mes-
+# sage. When more than one PREPEND action executes,
+# the first prepended header appears before the sec-
# ond etc. prepended header.
#
-# Note: this action does not support multi-line mes-
-# sage headers.
-#
# Note: this action must execute before the message
# content is received; it cannot execute in the con-
# text of smtpd_end_of_data_restrictions.
# When the command fails, a limited amount of command
# output is mailed back to the sender. The file
# /usr/include/sysexits.h defines the expected exit
-# status codes. For example, use |"exit 67" to simu-
-# late a "user unknown" error, and |"exit 0" to
+# status codes. For example, use "|exit 67" to simu-
+# late a "user unknown" error, and "|exit 0" to
# implement an expensive black hole.
#
# :include:/file/name
# addresses produced by legacy mail systems.
#
# The canonical(5) mapping is not to be confused with vir-
-# tual domain support. Use the virtual(5) map for that pur-
-# pose.
-#
-# The canonical(5) mapping is not to be confused with local
-# aliasing. Use the aliases(5) map for that purpose.
+# tual alias support or with local aliasing. To change the
+# destination but not the headers, use the virtual(5) or
+# aliases(5) map instead.
#
# CASE FOLDING
# The search string is folded to lowercase before database
# Replace other addresses in domain by address. This
# form has the lowest precedence.
#
+# Note: @domain is a wild-card. When this form is
+# applied to recipient addresses, the Postfix SMTP
+# server accepts mail for any recipient in domain,
+# regardless of whether that recipient exists. This
+# may turn your mail system into a backscatter source
+# that returns undeliverable spam to innocent people.
+#
# RESULT ADDRESS REWRITING
# The lookup result is subject to address rewriting:
#
# Postfix provides a simple built-in content inspection
# mechanism that examines incoming mail one message header
# or one message body line at a time. Each input is compared
-# against a list of patterns, and when a match is found the
-# corresponding action is executed. This feature is imple-
-# mented by the Postfix cleanup(8) server.
+# against a list of patterns. When a match is found the
+# corresponding action is executed, and the matching process
+# is repeated for the next input line. This feature is
+# implemented by the Postfix cleanup(8) server.
#
-# For examples, see the EXAMPLES section at the end of this
+# For examples, see the EXAMPLES section at the end of this
# manual page.
#
# Postfix header or body_checks are designed to stop a flood
-# of mail from worms or viruses; they do not decode attach-
-# ments, and they do not unzip archives. See the documents
-# referenced below in the README FILES section if you need
+# of mail from worms or viruses; they do not decode attach-
+# ments, and they do not unzip archives. See the documents
+# referenced below in the README FILES section if you need
# more sophisticated content analysis.
#
# Postfix supports four built-in content inspection classes:
#
# header_checks
-# These are applied to initial message headers
-# (except for the headers that are processed with
+# These are applied to initial message headers
+# (except for the headers that are processed with
# mime_header_checks).
#
# mime_header_checks (default: $header_checks)
-# These are applied to MIME related message headers
+# These are applied to MIME related message headers
# only.
#
# This feature is available in Postfix 2.0 and later.
#
# nested_header_checks (default: $header_checks)
-# These are applied to message headers of attached
-# email messages (except for the headers that are
+# These are applied to message headers of attached
+# email messages (except for the headers that are
# processed with mime_header_checks).
#
# This feature is available in Postfix 2.0 and later.
#
# body_checks
-# These are applied to all other content, including
+# These are applied to all other content, including
# multi-part message boundaries.
#
# With Postfix versions before 2.0, all content after
# tent.
#
# Note: message headers are examined one logical header at a
-# time, even when a message header spans multiple lines.
+# time, even when a message header spans multiple lines.
# Body lines are always examined one line at a time.
#
# TABLE FORMAT
-# This document assumes that header and body_checks rules
-# are specified in the form of Postfix regular expression
-# lookup tables. Usually the best performance is obtained
+# This document assumes that header and body_checks rules
+# are specified in the form of Postfix regular expression
+# lookup tables. Usually the best performance is obtained
# with pcre (Perl Compatible Regular Expression) tables, but
-# the slower regexp (POSIX regular expressions) support is
-# more widely available. Use the command "postconf -m" to
-# find out what lookup table types your Postfix system sup-
+# the slower regexp (POSIX regular expressions) support is
+# more widely available. Use the command "postconf -m" to
+# find out what lookup table types your Postfix system sup-
# ports.
#
# The general format of Postfix regular expression tables is
-# given below. For a discussion of specific pattern or
-# flags syntax, see pcre_table(5) or regexp_table(5),
+# given below. For a discussion of specific pattern or
+# flags syntax, see pcre_table(5) or regexp_table(5),
# respectively.
#
# /pattern/flags action
-# When pattern matches the input string, execute the
-# corresponding action. See below for a list of pos-
+# When pattern matches the input string, execute the
+# corresponding action. See below for a list of pos-
# sible actions.
#
# !/pattern/flags action
-# When pattern does not match the input string, exe-
+# When pattern does not match the input string, exe-
# cute the corresponding action.
#
# if /pattern/flags
#
# endif Match the input string against the patterns between
-# if and endif, if and only if the input string also
+# if and endif, if and only if the input string also
# matches pattern. The if..endif can nest.
#
-# Note: do not prepend whitespace to patterns inside
+# Note: do not prepend whitespace to patterns inside
# if..endif.
#
# if !/pattern/flags
#
# endif Match the input string against the patterns between
-# if and endif, if and only if the input string does
+# if and endif, if and only if the input string does
# not match pattern. The if..endif can nest.
#
# blank lines and comments
-# Empty lines and whitespace-only lines are ignored,
-# as are lines whose first non-whitespace character
+# Empty lines and whitespace-only lines are ignored,
+# as are lines whose first non-whitespace character
# is a `#'.
#
# multi-line text
-# A pattern/action line starts with non-whitespace
-# text. A line that starts with whitespace continues
+# A pattern/action line starts with non-whitespace
+# text. A line that starts with whitespace continues
# a logical line.
#
# TABLE SEARCH ORDER
-# For each line of message input, the patterns are applied
-# in the order as specified in the table. When a pattern is
-# found that matches the input line, the corresponding
-# action is executed and then the next input line is
+# For each line of message input, the patterns are applied
+# in the order as specified in the table. When a pattern is
+# found that matches the input line, the corresponding
+# action is executed and then the next input line is
# inspected.
#
# TEXT SUBSTITUTION
-# Substitution of substrings from the matched expression
-# into the action string is possible using the conventional
-# Perl syntax ($1, $2, etc.). The macros in the result
-# string may need to be written as ${n} or $(n) if they
+# Substitution of substrings from the matched expression
+# into the action string is possible using the conventional
+# Perl syntax ($1, $2, etc.). The macros in the result
+# string may need to be written as ${n} or $(n) if they
# aren't followed by whitespace.
#
-# Note: since negated patterns (those preceded by !) return
+# Note: since negated patterns (those preceded by !) return
# a result when the expression does not match, substitutions
# are not available for negated patterns.
#
# case for consistency with other Postfix documentation.
#
# DISCARD optional text...
-# Claim successful delivery and silently discard the
-# message. Log the optional text if specified, oth-
+# Claim successful delivery and silently discard the
+# message. Log the optional text if specified, oth-
# erwise log a generic message.
#
-# Note: this action disables further header or
-# body_checks inspection of the current message and
+# Note: this action disables further header or
+# body_checks inspection of the current message and
# affects all recipients. To discard only one recip-
# ient without discarding the entire message, use the
# transport(5) table to direct mail to the discard(8)
#
# This feature is available in Postfix 2.0 and later.
#
-# DUNNO Pretend that the input line did not match any pat-
-# tern, and inspect the next input line. This action
+# DUNNO Pretend that the input line did not match any pat-
+# tern, and inspect the next input line. This action
# can be used to shorten the table search.
#
-# For backwards compatibility reasons, Postfix also
-# accepts OK but it is (and always has been) treated
+# For backwards compatibility reasons, Postfix also
+# accepts OK but it is (and always has been) treated
# as DUNNO.
#
# This feature is available in Postfix 2.1 and later.
#
# FILTER transport:destination
-# Write a content filter request to the queue file
-# and inspect the next input line. After the com-
-# plete message is received it will be sent through
+# Write a content filter request to the queue file
+# and inspect the next input line. After the com-
+# plete message is received it will be sent through
# the specified external content filter. More infor-
-# mation about external content filters is in the
+# mation about external content filters is in the
# Postfix FILTER_README file.
#
-# Note: this action overrides the main.cf con-
-# tent_filter setting, and affects all recipients of
-# the message. In the case that multiple FILTER
+# Note: this action overrides the main.cf con-
+# tent_filter setting, and affects all recipients of
+# the message. In the case that multiple FILTER
# actions fire, only the last one is executed.
#
# This feature is available in Postfix 2.0 and later.
#
# HOLD optional text...
-# Arrange for the message to be placed on the hold
-# queue, and inspect the next input line. The mes-
-# sage remains on hold until someone either deletes
-# it or releases it for delivery. Log the optional
+# Arrange for the message to be placed on the hold
+# queue, and inspect the next input line. The mes-
+# sage remains on hold until someone either deletes
+# it or releases it for delivery. Log the optional
# text if specified, otherwise log a generic message.
#
-# Mail that is placed on hold can be examined with
-# the postcat(1) command, and can be destroyed or
+# Mail that is placed on hold can be examined with
+# the postcat(1) command, and can be destroyed or
# released with the postsuper(1) command.
#
-# Note: use "postsuper -r" to release mail that was
-# kept on hold for a significant fraction of $maxi-
+# Note: use "postsuper -r" to release mail that was
+# kept on hold for a significant fraction of $maxi-
# mal_queue_lifetime or $bounce_queue_lifetime, or
# longer.
#
-# Note: this action affects all recipients of the
+# Note: this action affects all recipients of the
# message.
#
# This feature is available in Postfix 2.0 and later.
#
-# IGNORE Delete the current line from the input and inspect
+# IGNORE Delete the current line from the input and inspect
# the next input line.
#
# PREPEND text...
#
# Notes:
#
-# o The prepended text is output on a separate
+# o The prepended text is output on a separate
# line, immediately before the input that
# triggered the PREPEND action.
#
# o The prepended text is not considered part of
-# the input stream: it is not subject to
+# the input stream: it is not subject to
# header/body checks or address rewriting, and
# it does not affect the way that Postfix adds
# missing message headers.
#
# o When prepending text before a message header
-# line, the prepended text must begin with a
+# line, the prepended text must begin with a
# valid message header label.
#
# o This action cannot be used to prepend multi-
# This feature is available in Postfix 2.1 and later.
#
# REDIRECT user@domain
-# Write a message redirection request to the queue
-# file and inspect the next input line. After the
+# Write a message redirection request to the queue
+# file and inspect the next input line. After the
# message is queued, it will be sent to the specified
# address instead of the intended recipient(s).
#
-# Note: this action overrides the FILTER action, and
-# affects all recipients of the message. If multiple
-# REDIRECT actions fire, only the last one is exe-
+# Note: this action overrides the FILTER action, and
+# affects all recipients of the message. If multiple
+# REDIRECT actions fire, only the last one is exe-
# cuted.
#
# This feature is available in Postfix 2.1 and later.
#
# REPLACE text...
-# Replace the current line with the specified text
+# Replace the current line with the specified text
# and inspect the next input line.
#
# This feature is available in Postfix 2.2 and later.
-# The description below applies to Postfix 2.2.2 and
+# The description below applies to Postfix 2.2.2 and
# later.
#
# Notes:
#
-# o When replacing a message header line, the
-# replacement text must begin with a valid
+# o When replacing a message header line, the
+# replacement text must begin with a valid
# header label.
#
-# o The replaced text remains part of the input
-# stream. Unlike the result from the PREPEND
-# action, a replaced message header may be
-# subject to address rewriting and may affect
-# the way that Postfix adds missing message
+# o The replaced text remains part of the input
+# stream. Unlike the result from the PREPEND
+# action, a replaced message header may be
+# subject to address rewriting and may affect
+# the way that Postfix adds missing message
# headers.
#
# REJECT optional text...
-# Reject the entire message. Reply with optional
+# Reject the entire message. Reply with optional
# text... when the optional text is specified, other-
# wise reply with a generic error message.
#
-# Note: this action disables further header or
-# body_checks inspection of the current message and
+# Note: this action disables further header or
+# body_checks inspection of the current message and
# affects all recipients.
#
# Postfix version 2.3 and later support enhanced sta-
# enhanced status code of "5.7.1".
#
# WARN optional text...
-# Log a warning with the optional text... (or log a
-# generic message) and inspect the next input line.
+# Log a warning with the optional text... (or log a
+# generic message) and inspect the next input line.
# This action is useful for debugging and for testing
# a pattern before applying more drastic actions.
#
# BUGS
-# Many people overlook the main limitations of header and
-# body_checks rules. These rules operate on one logical
-# message header or one body line at a time, and a decision
-# made for one line is not carried over to the next line.
+# Many people overlook the main limitations of header and
+# body_checks rules. These rules operate on one logical
+# message header or one body line at a time, and a decision
+# made for one line is not carried over to the next line.
# If text in the message body is encoded (RFC 2045) then the
-# rules have to specified for the encoded form. Likewise,
+# rules have to specified for the encoded form. Likewise,
# when message headers are encoded (RFC 2047) then the rules
# need to be specified for the encoded form.
#
-# Message headers added by the cleanup(8) daemon itself are
+# Message headers added by the cleanup(8) daemon itself are
# excluded from inspection. Examples of such message headers
# are From:, To:, Message-ID:, Date:.
#
-# Message headers deleted by the cleanup(8) daemon will be
+# Message headers deleted by the cleanup(8) daemon will be
# examined before they are deleted. Examples are: Bcc:, Con-
# tent-Length:, Return-Path:.
#
# body_checks
# Lookup tables with content filter rules for message
# body lines. These filters see one physical line at
-# a time, in chunks of at most $line_length_limit
+# a time, in chunks of at most $line_length_limit
# bytes.
#
# body_checks_size_limit
-# The amount of content per message body segment
+# The amount of content per message body segment
# (attachment) that is subjected to $body_checks fil-
# tering.
#
#
# nested_header_checks (default: $header_checks)
# Lookup tables with content filter rules for message
-# header lines: respectively, these are applied to
-# the initial message headers (not including MIME
-# headers), to the MIME headers anywhere in the mes-
-# sage, and to the initial headers of attached mes-
+# header lines: respectively, these are applied to
+# the initial message headers (not including MIME
+# headers), to the MIME headers anywhere in the mes-
+# sage, and to the initial headers of attached mes-
# sages.
#
-# Note: these filters see one logical message header
-# at a time, even when a message header spans multi-
-# ple lines. Message headers that are longer than
+# Note: these filters see one logical message header
+# at a time, even when a message header spans multi-
+# ple lines. Message headers that are longer than
# $header_size_limit characters are truncated.
#
# disable_mime_input_processing
-# While receiving mail, give no special treatment to
-# MIME related message headers; all text after the
+# While receiving mail, give no special treatment to
+# MIME related message headers; all text after the
# initial message headers is considered to be part of
-# the message body. This means that header_checks is
-# applied to all the initial message headers, and
+# the message body. This means that header_checks is
+# applied to all the initial message headers, and
# that body_checks is applied to the remainder of the
# message.
#
-# Note: when used in this manner, body_checks will
-# process a multi-line message header one line at a
+# Note: when used in this manner, body_checks will
+# process a multi-line message header one line at a
# time.
#
# EXAMPLES
-# Header pattern to block attachments with bad file name
+# Header pattern to block attachments with bad file name
# extensions.
#
# /etc/postfix/main.cf:
# RFC 2047, message header encoding for non-ASCII text
#
# README FILES
-# Use "postconf readme_directory" or "postconf html_direc-
+# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
# DATABASE_README, Postfix lookup table overview
# CONTENT_INSPECTION_README, Postfix content inspection overview
# BACKSCATTER_README, blocking returned forged mail
#
# LICENSE
-# The Secure Mailer license must be distributed with this
+# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)
# Redirect mail for other users in domain to address.
# This form has the lowest precedence.
#
+# Note: @domain is a wild-card. With this form, the
+# Postfix SMTP server accepts mail for any recipient
+# in domain, regardless of whether that recipient
+# exists. This may turn your mail system into a
+# backscatter source that returns undeliverable spam
+# to innocent people.
+#
# RESULT ADDRESS REWRITING
# The lookup result is subject to address rewriting:
#
-# o When the result has the form @otherdomain, the
-# result becomes the same user in otherdomain. This
+# o When the result has the form @otherdomain, the
+# result becomes the same user in otherdomain. This
# works only for the first address in a multi-address
# lookup result.
#
-# o When "append_at_myorigin=yes", append "@$myorigin"
+# o When "append_at_myorigin=yes", append "@$myorigin"
# to addresses without "@domain".
#
# o When "append_dot_mydomain=yes", append ".$mydomain"
#
# ADDRESS EXTENSION
# When a mail address localpart contains the optional recip-
-# ient delimiter (e.g., user+foo@domain), the lookup order
+# ient delimiter (e.g., user+foo@domain), the lookup order
# becomes: user+foo@domain, user@domain, user+foo, user, and
# @domain.
#
-# The propagate_unmatched_extensions parameter controls
-# whether an unmatched address extension (+foo) is propa-
+# The propagate_unmatched_extensions parameter controls
+# whether an unmatched address extension (+foo) is propa-
# gated to the result of table lookup.
#
# VIRTUAL ALIAS DOMAINS
-# Besides virtual aliases, the virtual alias table can also
+# Besides virtual aliases, the virtual alias table can also
# be used to implement virtual alias domains. With a virtual
-# alias domain, all recipient addresses are aliased to
+# alias domain, all recipient addresses are aliased to
# addresses in other domains.
#
# Virtual alias domains are not to be confused with the vir-
# tual mailbox domains that are implemented with the Postfix
# virtual(8) mail delivery agent. With virtual mailbox
-# domains, each recipient address can have its own mailbox.
+# domains, each recipient address can have its own mailbox.
#
-# With a virtual alias domain, the virtual domain has its
-# own user name space. Local (i.e. non-virtual) usernames
-# are not visible in a virtual alias domain. In particular,
-# local aliases(5) and local mailing lists are not visible
+# With a virtual alias domain, the virtual domain has its
+# own user name space. Local (i.e. non-virtual) usernames
+# are not visible in a virtual alias domain. In particular,
+# local aliases(5) and local mailing lists are not visible
# as localname@virtual-alias.domain.
#
# Support for a virtual alias domain looks like:
# /etc/postfix/main.cf:
# virtual_alias_maps = hash:/etc/postfix/virtual
#
-# Note: some systems use dbm databases instead of hash.
-# See the output from "postconf -m" for available data-
+# Note: some systems use dbm databases instead of hash.
+# See the output from "postconf -m" for available data-
# base types.
#
# /etc/postfix/virtual:
# user1@virtual-alias.domain address1
# user2@virtual-alias.domain address2, address3
#
-# The virtual-alias.domain anything entry is required for a
+# The virtual-alias.domain anything entry is required for a
# virtual alias domain. Without this entry, mail is rejected
-# with "relay access denied", or bounces with "mail loops
+# with "relay access denied", or bounces with "mail loops
# back to myself".
#
-# Do not specify virtual alias domain names in the main.cf
+# Do not specify virtual alias domain names in the main.cf
# mydestination or relay_domains configuration parameters.
#
-# With a virtual alias domain, the Postfix SMTP server
-# accepts mail for known-user@virtual-alias.domain, and
-# rejects mail for unknown-user@virtual-alias.domain as
+# With a virtual alias domain, the Postfix SMTP server
+# accepts mail for known-user@virtual-alias.domain, and
+# rejects mail for unknown-user@virtual-alias.domain as
# undeliverable.
#
-# Instead of specifying the virtual alias domain name via
-# the virtual_alias_maps table, you may also specify it via
+# Instead of specifying the virtual alias domain name via
+# the virtual_alias_maps table, you may also specify it via
# the main.cf virtual_alias_domains configuration parameter.
-# This latter parameter uses the same syntax as the main.cf
+# This latter parameter uses the same syntax as the main.cf
# mydestination configuration parameter.
#
# REGULAR EXPRESSION TABLES
-# This section describes how the table lookups change when
+# This section describes how the table lookups change when
# the table is given in the form of regular expressions. For
-# a description of regular expression lookup table syntax,
+# a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5).
#
-# Each pattern is a regular expression that is applied to
+# Each pattern is a regular expression that is applied to
# the entire address being looked up. Thus, user@domain mail
-# addresses are not broken up into their user and @domain
+# addresses are not broken up into their user and @domain
# constituent parts, nor is user+foo broken up into user and
# foo.
#
-# Patterns are applied in the order as specified in the ta-
-# ble, until a pattern is found that matches the search
+# Patterns are applied in the order as specified in the ta-
+# ble, until a pattern is found that matches the search
# string.
#
-# Results are the same as with indexed file lookups, with
-# the additional feature that parenthesized substrings from
+# Results are the same as with indexed file lookups, with
+# the additional feature that parenthesized substrings from
# the pattern can be interpolated as $1, $2 and so on.
#
# TCP-BASED TABLES
-# This section describes how the table lookups change when
+# This section describes how the table lookups change when
# lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see tcp_ta-
# ble(5). This feature is not available up to and including
# Postfix version 2.4.
#
# Each lookup operation uses the entire address once. Thus,
-# user@domain mail addresses are not broken up into their
+# user@domain mail addresses are not broken up into their
# user and @domain constituent parts, nor is user+foo broken
# up into user and foo.
#
# Results are the same as with indexed file lookups.
#
# BUGS
-# The table format does not understand quoting conventions.
+# The table format does not understand quoting conventions.
#
# CONFIGURATION PARAMETERS
-# The following main.cf parameters are especially relevant
-# to this topic. See the Postfix main.cf file for syntax
-# details and for default values. Use the "postfix reload"
+# The following main.cf parameters are especially relevant
+# to this topic. See the Postfix main.cf file for syntax
+# details and for default values. Use the "postfix reload"
# command after a configuration change.
#
# virtual_alias_maps
# List of virtual aliasing tables.
#
# virtual_alias_domains
-# List of virtual alias domains. This uses the same
+# List of virtual alias domains. This uses the same
# syntax as the mydestination parameter.
#
# propagate_unmatched_extensions
-# A list of address rewriting or forwarding mecha-
-# nisms that propagate an address extension from the
-# original address to the result. Specify zero or
-# more of canonical, virtual, alias, forward,
+# A list of address rewriting or forwarding mecha-
+# nisms that propagate an address extension from the
+# original address to the result. Specify zero or
+# more of canonical, virtual, alias, forward,
# include, or generic.
#
# Other parameters of interest:
#
# inet_interfaces
-# The network interface addresses that this system
+# The network interface addresses that this system
# receives mail on. You need to stop and start Post-
# fix when this parameter changes.
#
# mydestination
-# List of domains that this mail system considers
+# List of domains that this mail system considers
# local.
#
# myorigin
-# The domain that is appended to any address that
+# The domain that is appended to any address that
# does not have a domain.
#
# owner_request_special
# canonical(5), canonical address mapping
#
# README FILES
-# Use "postconf readme_directory" or "postconf html_direc-
+# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
# ADDRESS_REWRITING_README, address rewriting guide
# DATABASE_README, Postfix lookup table overview
# VIRTUAL_README, domain hosting guide
#
# LICENSE
-# The Secure Mailer license must be distributed with this
+# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)
<h2><a name="build_sasl">Building the Cyrus SASL library</a></h2>
-<p> Postfix appears to work with cyrus-sasl-1.5.5 or cyrus-sasl-2.1.1,
+<p> Postfix appears to work with cyrus-sasl-1.5.x or cyrus-sasl-2.1.x,
which are available from: </p>
<blockquote>
<p> IMPORTANT: if you install the Cyrus SASL libraries as per the
default, you will have to symlink /usr/lib/sasl -> /usr/local/lib/sasl
-for version 1.5.5 or /usr/lib/sasl2 -> /usr/local/lib/sasl2 for
-version 2.1.1. </p>
+for version 1.5.x or /usr/lib/sasl2 -> /usr/local/lib/sasl2 for
+version 2.1.x. </p>
-<p> Reportedly, Microsoft Internet Explorer version 5 requires the
-non-standard SASL LOGIN authentication method. To enable this
+<p> Reportedly, Microsoft Outlook (Express) requires the
+non-standard LOGIN authentication method. To enable this
authentication method, specify ``./configure --enable-login''. </p>
<h2><a name="build_postfix">Building Postfix with Cyrus SASL support</a></h2>
<dl>
-<dt> (for Cyrus SASL version 1.5.5):
+<dt> (for Cyrus SASL version 1.5.x):
<dd>
<pre>
% make tidy # if you have left-over files from a previous build
-I/usr/local/include" AUXLIBS="-L/usr/local/lib -lsasl"
</pre>
-<dt> (for Cyrus SASL version 2.1.1):
+<dt> (for Cyrus SASL version 2.1.x):
<dd>
<pre>
% make tidy # if you have left-over files from a previous build
<dl>
-<dt> (for Cyrus SASL version 1.5.5):
+<dt> (for Cyrus SASL version 1.5.x):
<dd>
<pre>
% make tidy # if you have left-over files from a previous build
-R/usr/local/lib -lsasl"
</pre>
-<dt> (for Cyrus SASL version 2.1.1):
+<dt> (for Cyrus SASL version 2.1.x):
<dd>
<pre>
% make tidy # if you have left-over files from a previous build
<p> Older Microsoft SMTP client software implements a non-standard
version of the AUTH protocol syntax, and expects that the SMTP
-server replies to EHLO with "250 AUTH=stuff" instead of "250 AUTH
-stuff". To accommodate such clients (in addition to conformant
+server replies to EHLO with "250 AUTH=mechanism-list" instead of
+"250 AUTH mechanism-list". To accommodate such clients (in addition
+to conformant
clients) use the following: </p>
<blockquote>
<h2><a name="server_cyrus">Cyrus SASL configuration for the Postfix
SMTP server</a></h2>
-<p> In /usr/local/lib/sasl/smtpd.conf (Cyrus SASL version 1.5.5) or
-/usr/local/lib/sasl2/smtpd.conf (Cyrus SASL version 2.1.1) you need to
-specify how the server should validate client passwords. </p>
+<p> You need to configure how the Cyrus SASL library should
+authenticate a client's username and password. These settings must
+be stored in a separate configuration file. </p>
+
+<p> The name of the configuration file (default: smtpd.conf) will
+be constructed from a value sent by Postfix to the Cyrus SASL
+library, which adds the suffix .conf. The value is configured using
+one of the following variables: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ # Postfix 2.3 and later
+ <a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a> = smtpd
+ # Postfix < 2.3
+ smtpd_sasl_application_name = smtpd
+</pre>
+</blockquote>
+
+<p> Cyrus SASL searches for the configuration file in /usr/local/lib/sasl/
+(Cyrus SASL version 1.5.5) or /usr/local/lib/sasl2/ (Cyrus SASL
+version 2.1.x). </p>
<p> Note: some Postfix distributions are modified and look for
-the smtpd.conf file in /etc/postfix. </p>
+the smtpd.conf file in /etc/postfix/sasl. </p>
<p> Note: some Cyrus SASL distributions look for the smtpd.conf
file in /etc/sasl2. </p>
<ul>
-<li> <p> To authenticate against the UNIX password database, try: </p>
+<li> <p> To authenticate against the UNIX password database, use: </p>
<dl>
-<dt> (Cyrus SASL version 1.5.5)
+<dt> (Cyrus SASL version 1.5.x)
<dd>
<pre>
/usr/local/lib/sasl/smtpd.conf:
</pre>
-<dt> (Cyrus SASL version 2.1.1)
-<dd>
-<pre>
-/usr/local/lib/sasl2/smtpd.conf:
- pwcheck_method: pwcheck
-</pre>
-
-</dl>
-
-<p> The name of the file in /usr/local/lib/sasl (Cyrus SASL version
-1.5.5) or /usr/local/lib/sasl2 (Cyrus SASL version 2.1.1) used by
-the SASL
-library for configuration can be set with: </p>
-
-<blockquote>
-<pre>
-/etc/postfix/<a href="postconf.5.html">main.cf</a>:
- smtpd_sasl_application_name = smtpd (Postfix < 2.3)
- <a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a> = smtpd (Postfix 2.3 and later)
-</pre>
-</blockquote>
+<p> IMPORTANT: pwcheck establishes a UNIX domain socket in /var/pwcheck
+and waits for authentication requests. Postfix processes must have
+read+execute permission to this directory or authentication attempts
+will fail. </p>
<p> The pwcheck daemon is contained in the cyrus-sasl source tarball. </p>
-<p> IMPORTANT: postfix processes need to have group read+execute
-permission for the /var/pwcheck directory, otherwise authentication
-attempts will fail. </p>
-
-<li> <p> Alternately, in Cyrus SASL 1.5.26 and later (including
-2.1.1), try: </p>
-
-<dl>
-
<dt> (Cyrus SASL version 1.5.26)
<dd>
<pre>
pwcheck_method: saslauthd
</pre>
-<dt> (Cyrus SASL version 2.1.1)
+<dt> (Cyrus SASL version 2.1.x)
<dd>
<pre>
/usr/local/lib/sasl2/smtpd.conf:
pwcheck_method: saslauthd
+ mech_list: PLAIN LOGIN
</pre>
</dl>
can authenticate against PAM and various other sources. To use PAM,
start saslauthd with "-a pam". </p>
+<p> IMPORTANT: saslauthd usually establishes a UNIX domain socket
+in /var/run/saslauthd and waits for authentication requests. postfix
+processes must have read+execute permission to this directory or
+authentication attempts will fail. </p>
+
+<p> Note: The directory where saslauthd puts the socket is configurable.
+See the command-line option "-m /path/to/socket" in the saslauthd
+--help listing. </p>
+
<li> <p> To authenticate against Cyrus SASL's own password database: </p>
<dl>
-<dt> (Cyrus SASL version 1.5.5)
+<dt> (Cyrus SASL version 1.5.x)
<dd>
<pre>
/usr/local/lib/sasl/smtpd.conf:
- pwcheck_method: sasldb
+ pwcheck_method: sasldb
</pre>
-<dt> (Cyrus SASL version 2.1.1)
+<dt> (Cyrus SASL version 2.1.x)
<dd>
<pre>
/usr/local/lib/sasl2/smtpd.conf:
- pwcheck_method: auxprop
+ pwcheck_method: auxprop
+ auxprop_plugin: sasldb
+ mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
</pre>
</dl>
<p> This will use the Cyrus SASL password file (default: /etc/sasldb in
-version 1.5.5, or /etc/sasldb2 in version 2.1.1), which is maintained
+version 1.5.x, or /etc/sasldb2 in version 2.1.x), which is maintained
with the saslpasswd or saslpasswd2 command (part of the Cyrus SASL
software). On some poorly-supported systems the saslpasswd command needs
to be run multiple times before it stops complaining. The Postfix SMTP
<p> EXAMPLE: </p>
<dl>
-<dt> (Cyrus SASL version 1.5.5)
+<dt> (Cyrus SASL version 1.5.x)
<dd>
<pre>
% saslpasswd -c -u `postconf -h <a href="postconf.5.html#myhostname">myhostname</a>` exampleuser
</pre>
-<dt> (Cyrus SASL version 2.1.1)
+<dt> (Cyrus SASL version 2.1.x)
<dd>
<pre>
% saslpasswd2 -c -u `postconf -h <a href="postconf.5.html#myhostname">myhostname</a>` exampleuser
</dl>
<p> You can find out SASL's idea about the realms of the users
-in sasldb with <i>sasldblistusers</i> (Cyrus SASL version 1.5.5) or
-<i>sasldblistusers2</i> (Cyrus SASL version 2.1.1). </p>
+in sasldb with <i>sasldblistusers</i> (Cyrus SASL version 1.5.x) or
+<i>sasldblistusers2</i> (Cyrus SASL version 2.1.x). </p>
<p> On the Postfix side, you can have only one realm per smtpd
instance, and only the users belonging to that realm would be able to
</ul>
-<p> IMPORTANT: all users must be able to authenticate using ALL
-authentication mechanisms advertised by Postfix, otherwise the
-negotiation might end up with an unsupported mechanism, and
-authentication would fail. For example if you configure SASL to
-use <i>saslauthd</i> for authentication against PAM (pluggable
-authentication modules), only the PLAIN and LOGIN mechanisms are
-supported and stand a chance to succeed, yet the SASL library would also
-advertise other mechanisms, such as DIGEST-MD5. This happens because
-those mechanisms are made available by other plugins, and the SASL
-library have no way to know that your only valid authentication source
-is PAM. Thus you might need to limit the list of mechanisms advertised
-by Postfix. </p>
+<p> IMPORTANT: The Cyrus SASL password verification services pwcheck
+and saslauthd can only support the plaintext mechanisms PLAIN or
+LOGIN. However, the Cyrus SASL library doesn't know this, and will
+happily advertise other authentication mechanisms that the SASL
+library implements, such as DIGEST-MD5. As a result, if an SMTP
+client chooses any mechanism other than PLAIN or LOGIN while pwcheck
+or saslauthd are used, authentication will fail. Thus you may need
+to limit the list of mechanisms advertised by Postfix. </p>
<ul>
library files from the SASL plug-in directory (and again whenever
the system is updated). </p>
-<li> <p> With Cyrus SASL version 2.1.1 or later: </p>
+<li> <p> With Cyrus SASL version 2.1.x or later the mech_list variable
+can specify a list of authentication mechanisms that Cyrus SASL may
+offer: </p>
<blockquote>
<pre>
<ul>
-<li> <p> With Cyrus SASL version 1.5.5 your only choice is to
+<li> <p> With Cyrus SASL version 1.5.x your only choice is to
delete the corresponding library files from the SASL plug-in
directory. </p>
-<li> <p> With SASL version 2.1.1: </p>
+<li> <p> With SASL version 2.1.x: </p>
<blockquote>
<pre>
/usr/local/lib/sasl2/smtpd.conf:
- pwcheck_method: auxprop
- auxprop_plugin: sql
+ pwcheck_method: auxprop
+ auxprop_plugin: sql
</pre>
</blockquote>
<h2><a name="debugging">Trouble shooting the SASL internals</a></h2>
<p> In the Cyrus SASL sources you'll find a subdirectory named
-"sample". Run make there, "su" to the user <i>postfix</i> (or
-whatever your <i><a href="postconf.5.html#mail_owner">mail_owner</a></i> directive is set to):
+"sample". Run make there, then create a symbolic link from sample.conf
+to smtpd.conf in your Cyrus SASL library directory /usr/local/lib/sasl2.
+"su" to the user <i>postfix</i> (or whatever your <i><a href="postconf.5.html#mail_owner">mail_owner</a></i>
+directive is set to): </p>
<blockquote>
<pre>
</blockquote>
<p> then run the resulting sample server and client in separate
-terminals. Strace / ktrace / truss the server to see what makes
-it unhappy, and fix the problem. Repeat the previous step until
-you can successfully authenticate with the sample client. Only
-then get back to Postfix. </p>
+terminals. The sample applications send log messages to the syslog
+facility auth. Check the log to fix the problem or run strace /
+ktrace / truss on the server to see what makes it unhappy. Repeat
+the previous step until you can successfully authenticate with the
+sample client. Only then get back to Postfix. </p>
<h2><a name="client_sasl">Enabling SASL authentication in the
Postfix SMTP client</a></h2>
</pre>
</blockquote>
+<p> The Postfix SASL client password file is opened before the SMTP
+server enters the optional chroot jail, so you can keep the file
+in /etc/postfix and set permissions read / write only for root to
+keep the username:password combinations away from other system
+users. </p>
+
<p> Postfix version 2.3 supports-per-sender SASL password
information. To search the Postfix SASL password by sender
before it searches by destination, specify: </p>
</pre>
</blockquote>
-<p> The Postfix SASL client password file is opened before the SMTP server
-enters the optional chroot jail, so you can keep the file in
-/etc/postfix. </p>
-
<p> Note: Some SMTP servers support authentication mechanisms that,
although available on the client system, may not in practice work or
possess the appropriate credentials to authenticate to the server. It
</blockquote>
<p> In the above example, Postfix will decline to use mechanisms
-that require special infrastructure such as Kerberos. </p>
+that require special infrastructure such as Kerberos or TLS. </p>
<p> The Postfix SMTP client is backwards compatible with SMTP
servers that use the non-standard "AUTH=method..." syntax in response
<li> The Dovecot SMTP server-only plug-in was originally implemented by
Timo Sirainen of Procontrol, Finland.
+<li> Patrick Ben Koetter revised this document for Postfix 2.4 and
+made much needed updates.
+
</ul>
</body>
the DNS requests or replies. </p>
<li> <p> If the number of <a href="smtpd.8.html">smtpd(8)</a> processes has reached the process
-limit as specified in master.cf, new SMTP clients must wait until
+limit as specified in <a href="master.5.html">master.cf</a>, new SMTP clients must wait until
a process becomes available. Increase the number of processes if
memory permits. See the instructions given under "<a
href="#proc_limit">Tuning the number of Postfix processes</a>".
<blockquote>
<pre>
-/etc/postfix/main.cf:
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
# Not needed with Postfix 2.1
<a href="postconf.5.html#smtpd_error_sleep_time">smtpd_error_sleep_time</a> = 0
</pre>
<h2><a name="conn_limit">Measures against clients that make too many connections</a></h2>
-<p> Note: this feature is not included with Postfix version 2.1. </p>
+<p> Note: the <a href="anvil.8.html">anvil(8)</a> service was introduced with Postfix version
+2.2. </p>
<p> The Postfix <a href="smtpd.8.html">smtpd(8)</a> server can limit the number of simultaneous
connections from the same SMTP client, as well as the number of
<li> <p> The <a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concurrency_limit</a> parameter (default:
20) controls how many messages may be sent to the same destination
simultaneously. You can override this setting for specific message
-delivery transports by taking the name of the master.cf entry
+delivery transports by taking the name of the <a href="master.5.html">master.cf</a> entry
and appending "_destination_concurrency_limit". </p>
</ul>
more, but not all MX hosts are down. </p>
<p> If necessary, set a higher transport_destination_concurrency_limit
-(in main.cf since this is a queue manager parameter) and a lower
-smtp_connection_timeout (with a "-o" override in master.cf since
+(in <a href="postconf.5.html">main.cf</a> since this is a queue manager parameter) and a lower
+smtp_connection_timeout (with a "-o" override in <a href="master.5.html">master.cf</a> since
this parameter has no per-transport name) for the relay transport
and any transports dedicated for specific high volume destinations.
</p>
little memory, as well as networks with low bandwidth. </p>
<p> You can change the global process limit by specifying a
-non-default <a href="postconf.5.html#default_process_limit">default_process_limit</a> in the main.cf file. For example,
+non-default <a href="postconf.5.html#default_process_limit">default_process_limit</a> in the <a href="postconf.5.html">main.cf</a> file. For example,
to run up to 10 smtp client processes, 10 smtp server processes,
and so on: </p>
<blockquote>
<pre>
-/etc/postfix/main.cf:
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#default_process_limit">default_process_limit</a> = 10
</pre>
</blockquote>
<p> You need to execute "postfix reload" to make the change effective.
The limits are enforced by the Postfix <a href="master.8.html">master(8)</a> daemon which does
-not automatically read main.cf when it changes. </p>
+not automatically read <a href="postconf.5.html">main.cf</a> when it changes. </p>
<p> You can override the process limit for specific Postfix daemons
-by editing the master.cf file. For example, if you do not wish to
+by editing the <a href="master.5.html">master.cf</a> file. For example, if you do not wish to
receive 100 SMTP messages at the same time, but do not want to
change the process limits for local mail deliveries, you could
specify: </p>
<blockquote>
<pre>
-/etc/postfix/master.cf:
+/etc/postfix/<a href="master.5.html">master.cf</a>:
# ====================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
<b>postmap -q - /etc/postfix/access</b> <<i>inputfile</i>
<b>DESCRIPTION</b>
- The Postfix SMTP server <a href="access.5.html"><b>access</b>(5)</a> table specifies actions
- that are triggered by information from or about remote
- SMTP clients: host names, network addresses, or email
- addresses. An action may grant or deny access, or it may
- change the way that an email transaction will be handled.
+ The Postfix SMTP server supports access control on infor-
+ mation about remote SMTP clients or information received
+ in SMTP commands: host names, network addresses, envelope
+ sender or recipient addresses. See <a href="header_checks.5.html">header_checks(5)</a> or
+ <a href="header_checks.5.html">body_checks(5)</a> for access control on the content of email
+ messages.
Normally, the <a href="access.5.html"><b>access</b>(5)</a> table is specified as a text file
that serves as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> command. The
<b>DEFER_IF_REJECT</b> <i>optional text...</i>
Defer the request if some later restriction would
- result in a REJECT action. Reply with "<b>450</b> <i>optional</i>
- <i>text...</i> when the optional text is specified, other-
- wise reply with a generic error response message.
+ result in a REJECT action. Reply with "<b>450 4.7.1</b>
+ <i>optional text...</i> when the optional text is speci-
+ fied, otherwise reply with a generic error response
+ message.
This feature is available in Postfix 2.1 and later.
<b>DEFER_IF_PERMIT</b> <i>optional text...</i>
- Defer the request if some later restriction would
- result in a an explicit or implicit PERMIT action.
- Reply with "<b>450</b> <i>optional text...</i> when the optional
- text is specified, otherwise reply with a generic
- error response message.
+ Defer the request if some later restriction would
+ result in a an explicit or implicit PERMIT action.
+ Reply with "<b>450 4.7.1</b> <i>optional text...</i> when the
+ optional text is specified, otherwise reply with a
+ generic error response message.
This feature is available in Postfix 2.1 and later.
<b><a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a></b>, and so on).
<b>DISCARD</b> <i>optional text...</i>
- Claim successful delivery and silently discard the
- message. Log the optional text if specified, oth-
+ Claim successful delivery and silently discard the
+ message. Log the optional text if specified, oth-
erwise log a generic message.
- Note: this action currently affects all recipients
- of the message. To discard only one recipient
- without discarding the entire message, use the
+ Note: this action currently affects all recipients
+ of the message. To discard only one recipient
+ without discarding the entire message, use the
<a href="transport.5.html">transport(5)</a> table to direct mail to the <a href="discard.8.html">discard(8)</a>
service.
This feature is available in Postfix 2.0 and later.
- <b>DUNNO</b> Pretend that the lookup key was not found. This
- prevents Postfix from trying substrings of the
- lookup key (such as a subdomain name, or a network
+ <b>DUNNO</b> Pretend that the lookup key was not found. This
+ prevents Postfix from trying substrings of the
+ lookup key (such as a subdomain name, or a network
address subnetwork).
This feature is available in Postfix 2.0 and later.
<b>FILTER</b> <i>transport:destination</i>
- After the message is queued, send the entire mes-
+ After the message is queued, send the entire mes-
sage through the specified external content filter.
- The <i>transport:destination</i> syntax is described in
- the <a href="transport.5.html"><b>transport</b>(5)</a> manual page. More information
- about external content filters is in the Postfix
+ The <i>transport:destination</i> syntax is described in
+ the <a href="transport.5.html"><b>transport</b>(5)</a> manual page. More information
+ about external content filters is in the Postfix
<a href="FILTER_README.html">FILTER_README</a> file.
- Note:
this action overrides the <a href="postconf.5.html"><b>main.cf</a> <a href="postconf.5.html#content_filter">con</a>-</b>
+ Note:
this action overrides the <a href="postconf.5.html"><b>main.cf</a> <a href="postconf.5.html#content_filter">con</a>-</b>
<b><a href="postconf.5.html#content_filter">tent_filter</a></b> setting, and currently affects all
recipients of the message.
This feature is available in Postfix 2.0 and later.
<b>HOLD</b> <i>optional text...</i>
- Place the message on the <b>hold</b> queue, where it will
- sit until someone either deletes it or releases it
- for delivery. Log the optional text if specified,
+ Place the message on the <b>hold</b> queue, where it will
+ sit until someone either deletes it or releases it
+ for delivery. Log the optional text if specified,
otherwise log a generic message.
- Mail that is placed on hold can be examined with
- the <a href="postcat.1.html"><b>postcat</b>(1)</a> command, and can be destroyed or
+ Mail that is placed on hold can be examined with
+ the <a href="postcat.1.html"><b>postcat</b>(1)</a> command, and can be destroyed or
released with the <a href="postsuper.1.html"><b>postsuper</b>(1)</a> command.
- Note: use "<b>postsuper -r</b>" to release mail that was
- kept
on hold for a significant fraction of <b>$<a href="postconf.5.html#maximal_queue_lifetime">maxi</a>-</b>
+ Note: use "<b>postsuper -r</b>" to release mail that was
+ kept
on hold for a significant fraction of <b>$<a href="postconf.5.html#maximal_queue_lifetime">maxi</a>-</b>
<b><a href="postconf.5.html#maximal_queue_lifetime">mal_queue_lifetime</a></b> or <b>$<a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a></b>, or
longer.
- Note: this action currently affects all recipients
+ Note: this action currently affects all recipients
of the message.
This feature is available in Postfix 2.0 and later.
<b>PREPEND</b> <i>headername: headervalue</i>
- Prepend the specified message header to the mes-
- sage. When this action executes multiple times,
- the first prepended header appears before the sec-
+ Prepend the specified message header to the mes-
+ sage. When more than one PREPEND action executes,
+ the first prepended header appears before the sec-
ond etc. prepended header.
- Note: this action does not support multi-line mes-
- sage headers.
-
Note: this action must execute before the message
content is received; it cannot execute in the con-
text of <b><a href="postconf.5.html#smtpd_end_of_data_restrictions">smtpd_end_of_data_restrictions</a></b>.
When the command fails, a limited amount of command
output is mailed back to the sender. The file
<b>/usr/include/sysexits.h</b> defines the expected exit
- status codes. For example, use <b>|"exit 67"</b> to simu-
- late a "user unknown" error, and <b>|"exit 0"</b> to
+ status codes. For example, use <b>"|exit 67"</b> to simu-
+ late a "user unknown" error, and <b>"|exit 0"</b> to
implement an expensive black hole.
<b>:include:</b><i>/file/name</i>
bounce template formats.
<b>GENERAL PROCEDURE</b>
- To create customized bounce template file, create a tempo-
- rary copy of the file <b>/etc/postfix/bounce.cf.default</b> and
+ To create a customized bounce template file, create a tem-
+ porary copy of the file <b>/etc/postfix/bounce.cf.default</b> and
edit the temporary file.
To preview the results of $<i>name</i> expansions in the template
addresses produced by legacy mail systems.
The <a href="canonical.5.html"><b>canonical</b>(5)</a> mapping is not to be confused with <i>vir-</i>
- <i>tual domain</i> support. Use the <a href="virtual.5.html"><b>virtual</b>(5)</a> map for that pur-
- pose.
-
- The <a href="canonical.5.html"><b>canonical</b>(5)</a> mapping is not to be confused with local
- aliasing. Use the <a href="aliases.5.html"><b>aliases</b>(5)</a> map for that purpose.
+ <i>tual alias</i> support or with local aliasing. To change the
+ destination but not the headers, use the <a href="virtual.5.html"><b>virtual</b>(5)</a> or
+ <a href="aliases.5.html"><b>aliases</b>(5)</a> map instead.
<b>CASE FOLDING</b>
The search string is folded to lowercase before database
Replace other addresses in <i>domain</i> by <i>address</i>. This
form has the lowest precedence.
+ Note: @<i>domain</i> is a wild-card. When this form is
+ applied to recipient addresses, the Postfix SMTP
+ server accepts mail for any recipient in <i>domain</i>,
+ regardless of whether that recipient exists. This
+ may turn your mail system into a backscatter source
+ that returns undeliverable spam to innocent people.
+
<b>RESULT ADDRESS REWRITING</b>
The lookup result is subject to address rewriting:
<b>AUTHOR(S)</b>
The CIDR table lookup code was originally written by:
Jozsef Kadlecsik
- kadlec@blackhole.kfki.hu
KFKI Research Institute for Particle and Nuclear Physics
POB. 49
1525 Budapest, Hungary
Postfix provides a simple built-in content inspection
mechanism that examines incoming mail one message header
or one message body line at a time. Each input is compared
- against a list of patterns, and when a match is found the
- corresponding action is executed. This feature is imple-
- mented by the Postfix <a href="cleanup.8.html"><b>cleanup</b>(8)</a> server.
+ against a list of patterns. When a match is found the
+ corresponding action is executed, and the matching process
+ is repeated for the next input line. This feature is
+ implemented by the Postfix <a href="cleanup.8.html"><b>cleanup</b>(8)</a> server.
- For examples, see the EXAMPLES section at the end of this
+ For examples, see the EXAMPLES section at the end of this
manual page.
Postfix header or <a href="postconf.5.html#body_checks">body_checks</a> are designed to stop a flood
- of mail from worms or viruses; they do not decode attach-
- ments, and they do not unzip archives. See the documents
- referenced below in the README FILES section if you need
+ of mail from worms or viruses; they do not decode attach-
+ ments, and they do not unzip archives. See the documents
+ referenced below in the README FILES section if you need
more sophisticated content analysis.
Postfix supports four built-in content inspection classes:
<b><a href="postconf.5.html#header_checks">header_checks</a></b>
- These are applied to initial message headers
- (except for the headers that are processed with
+ These are applied to initial message headers
+ (except for the headers that are processed with
<b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b>).
<b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b> (default: <b>$<a href="postconf.5.html#header_checks">header_checks</a></b>)
- These are applied to MIME related message headers
+ These are applied to MIME related message headers
only.
This feature is available in Postfix 2.0 and later.
<b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a></b> (default: <b>$<a href="postconf.5.html#header_checks">header_checks</a></b>)
- These are applied to message headers of attached
- email messages (except for the headers that are
+ These are applied to message headers of attached
+ email messages (except for the headers that are
processed with <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b>).
This feature is available in Postfix 2.0 and later.
<b><a href="postconf.5.html#body_checks">body_checks</a></b>
- These are applied to all other content, including
+ These are applied to all other content, including
multi-part message boundaries.
With Postfix versions before 2.0, all content after
tent.
Note: message headers are examined one logical header at a
- time, even when a message header spans multiple lines.
+ time, even when a message header spans multiple lines.
Body lines are always examined one line at a time.
<b>TABLE FORMAT</b>
- This document assumes that header and <a href="postconf.5.html#body_checks">body_checks</a> rules
- are specified in the form of Postfix regular expression
- lookup tables. Usually the best performance is obtained
+ This document assumes that header and <a href="postconf.5.html#body_checks">body_checks</a> rules
+ are specified in the form of Postfix regular expression
+ lookup tables. Usually the best performance is obtained
with <b>pcre</b> (Perl Compatible Regular Expression) tables, but
- the slower <b>regexp</b> (POSIX regular expressions) support is
- more widely available. Use the command "<b>postconf -m</b>" to
- find out what lookup table types your Postfix system sup-
+ the slower <b>regexp</b> (POSIX regular expressions) support is
+ more widely available. Use the command "<b>postconf -m</b>" to
+ find out what lookup table types your Postfix system sup-
ports.
The general format of Postfix regular expression tables is
- given below. For a discussion of specific pattern or
- flags
syntax, see <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a> or <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a>,
+ given below. For a discussion of specific pattern or
+ flags
syntax, see <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a> or <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a>,
respectively.
<b>/</b><i>pattern</i><b>/</b><i>flags action</i>
- When <i>pattern</i> matches the input string, execute the
- corresponding <i>action</i>. See below for a list of pos-
+ When <i>pattern</i> matches the input string, execute the
+ corresponding <i>action</i>. See below for a list of pos-
sible actions.
<b>!/</b><i>pattern</i><b>/</b><i>flags action</i>
- When <i>pattern</i> does <b>not</b> match the input string, exe-
+ When <i>pattern</i> does <b>not</b> match the input string, exe-
cute the corresponding <i>action</i>.
<b>if /</b><i>pattern</i><b>/</b><i>flags</i>
<b>endif</b> Match the input string against the patterns between
- <b>if</b> and <b>endif</b>, if and only if the input string also
+ <b>if</b> and <b>endif</b>, if and only if the input string also
matches <i>pattern</i>. The <b>if</b>..<b>endif</b> can nest.
- Note: do not prepend whitespace to patterns inside
+ Note: do not prepend whitespace to patterns inside
<b>if</b>..<b>endif</b>.
<b>if !/</b><i>pattern</i><b>/</b><i>flags</i>
<b>endif</b> Match the input string against the patterns between
- <b>if</b> and <b>endif</b>, if and only if the input string does
+ <b>if</b> and <b>endif</b>, if and only if the input string does
<b>not</b> match <i>pattern</i>. The <b>if</b>..<b>endif</b> can nest.
blank lines and comments
- Empty lines and whitespace-only lines are ignored,
- as are lines whose first non-whitespace character
+ Empty lines and whitespace-only lines are ignored,
+ as are lines whose first non-whitespace character
is a `#'.
multi-line text
- A pattern/action line starts with non-whitespace
- text. A line that starts with whitespace continues
+ A pattern/action line starts with non-whitespace
+ text. A line that starts with whitespace continues
a logical line.
<b>TABLE SEARCH ORDER</b>
- For each line of message input, the patterns are applied
- in the order as specified in the table. When a pattern is
- found that matches the input line, the corresponding
- action is executed and then the next input line is
+ For each line of message input, the patterns are applied
+ in the order as specified in the table. When a pattern is
+ found that matches the input line, the corresponding
+ action is executed and then the next input line is
inspected.
<b>TEXT SUBSTITUTION</b>
- Substitution of substrings from the matched expression
- into the <i>action</i> string is possible using the conventional
- Perl syntax (<b>$1</b>, <b>$2</b>, etc.). The macros in the result
- string may need to be written as <b>${n}</b> or <b>$(n)</b> if they
+ Substitution of substrings from the matched expression
+ into the <i>action</i> string is possible using the conventional
+ Perl syntax (<b>$1</b>, <b>$2</b>, etc.). The macros in the result
+ string may need to be written as <b>${n}</b> or <b>$(n)</b> if they
aren't followed by whitespace.
- Note: since negated patterns (those preceded by <b>!</b>) return
+ Note: since negated patterns (those preceded by <b>!</b>) return
a result when the expression does not match, substitutions
are not available for negated patterns.
case for consistency with other Postfix documentation.
<b>DISCARD</b> <i>optional text...</i>
- Claim successful delivery and silently discard the
- message. Log the optional text if specified, oth-
+ Claim successful delivery and silently discard the
+ message. Log the optional text if specified, oth-
erwise log a generic message.
- Note: this action disables further header or
- <a href="postconf.5.html#body_checks">body_checks</a> inspection of the current message and
+ Note: this action disables further header or
+ <a href="postconf.5.html#body_checks">body_checks</a> inspection of the current message and
affects all recipients. To discard only one recip-
ient without discarding the entire message, use the
<a href="transport.5.html">transport(5)</a> table to direct mail to the <a href="discard.8.html">discard(8)</a>
This feature is available in Postfix 2.0 and later.
- <b>DUNNO</b> Pretend that the input line did not match any pat-
- tern, and inspect the next input line. This action
+ <b>DUNNO</b> Pretend that the input line did not match any pat-
+ tern, and inspect the next input line. This action
can be used to shorten the table search.
- For backwards compatibility reasons, Postfix also
- accepts <b>OK</b> but it is (and always has been) treated
+ For backwards compatibility reasons, Postfix also
+ accepts <b>OK</b> but it is (and always has been) treated
as <b>DUNNO</b>.
This feature is available in Postfix 2.1 and later.
<b>FILTER</b> <i>transport:destination</i>
- Write a content filter request to the queue file
- and inspect the next input line. After the com-
- plete message is received it will be sent through
+ Write a content filter request to the queue file
+ and inspect the next input line. After the com-
+ plete message is received it will be sent through
the specified external content filter. More infor-
- mation about external content filters is in the
+ mation about external content filters is in the
Postfix <a href="FILTER_README.html">FILTER_README</a> file.
- Note:
this action overrides the <b>main.cf <a href="postconf.5.html#content_filter">con</a>-</b>
- <b><a href="postconf.5.html#content_filter">tent_filter</a></b> setting, and affects all recipients of
- the message. In the case that multiple <b>FILTER</b>
+ Note:
this action overrides the <a href="postconf.5.html"><b>main.cf</a> <a href="postconf.5.html#content_filter">con</a>-</b>
+ <b><a href="postconf.5.html#content_filter">tent_filter</a></b> setting, and affects all recipients of
+ the message. In the case that multiple <b>FILTER</b>
actions fire, only the last one is executed.
This feature is available in Postfix 2.0 and later.
<b>HOLD</b> <i>optional text...</i>
- Arrange for the message to be placed on the <b>hold</b>
- queue, and inspect the next input line. The mes-
- sage remains on <b>hold</b> until someone either deletes
- it or releases it for delivery. Log the optional
+ Arrange for the message to be placed on the <b>hold</b>
+ queue, and inspect the next input line. The mes-
+ sage remains on <b>hold</b> until someone either deletes
+ it or releases it for delivery. Log the optional
text if specified, otherwise log a generic message.
- Mail that is placed on hold can be examined with
- the <a href="postcat.1.html"><b>postcat</b>(1)</a> command, and can be destroyed or
+ Mail that is placed on hold can be examined with
+ the <a href="postcat.1.html"><b>postcat</b>(1)</a> command, and can be destroyed or
released with the <a href="postsuper.1.html"><b>postsuper</b>(1)</a> command.
- Note: use "<b>postsuper -r</b>" to release mail that was
- kept
on hold for a significant fraction of <b>$<a href="postconf.5.html#maximal_queue_lifetime">maxi</a>-</b>
+ Note: use "<b>postsuper -r</b>" to release mail that was
+ kept
on hold for a significant fraction of <b>$<a href="postconf.5.html#maximal_queue_lifetime">maxi</a>-</b>
<b><a href="postconf.5.html#maximal_queue_lifetime">mal_queue_lifetime</a></b> or <b>$<a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a></b>, or
longer.
- Note: this action affects all recipients of the
+ Note: this action affects all recipients of the
message.
This feature is available in Postfix 2.0 and later.
- <b>IGNORE</b> Delete the current line from the input and inspect
+ <b>IGNORE</b> Delete the current line from the input and inspect
the next input line.
<b>PREPEND</b> <i>text...</i>
Notes:
- <b>o</b> The prepended text is output on a separate
+ <b>o</b> The prepended text is output on a separate
line, immediately before the input that
triggered the <b>PREPEND</b> action.
<b>o</b> The prepended text is not considered part of
- the input stream: it is not subject to
+ the input stream: it is not subject to
header/body checks or address rewriting, and
it does not affect the way that Postfix adds
missing message headers.
<b>o</b> When prepending text before a message header
- line, the prepended text must begin with a
+ line, the prepended text must begin with a
valid message header label.
<b>o</b> This action cannot be used to prepend multi-
This feature is available in Postfix 2.1 and later.
<b>REDIRECT</b> <i>user@domain</i>
- Write a message redirection request to the queue
- file and inspect the next input line. After the
+ Write a message redirection request to the queue
+ file and inspect the next input line. After the
message is queued, it will be sent to the specified
address instead of the intended recipient(s).
- Note: this action overrides the <b>FILTER</b> action, and
- affects all recipients of the message. If multiple
- <b>REDIRECT</b> actions fire, only the last one is exe-
+ Note: this action overrides the <b>FILTER</b> action, and
+ affects all recipients of the message. If multiple
+ <b>REDIRECT</b> actions fire, only the last one is exe-
cuted.
This feature is available in Postfix 2.1 and later.
<b>REPLACE</b> <i>text...</i>
- Replace the current line with the specified text
+ Replace the current line with the specified text
and inspect the next input line.
This feature is available in Postfix 2.2 and later.
- The description below applies to Postfix 2.2.2 and
+ The description below applies to Postfix 2.2.2 and
later.
Notes:
- <b>o</b> When replacing a message header line, the
- replacement text must begin with a valid
+ <b>o</b> When replacing a message header line, the
+ replacement text must begin with a valid
header label.
- <b>o</b> The replaced text remains part of the input
- stream. Unlike the result from the <b>PREPEND</b>
- action, a replaced message header may be
- subject to address rewriting and may affect
- the way that Postfix adds missing message
+ <b>o</b> The replaced text remains part of the input
+ stream. Unlike the result from the <b>PREPEND</b>
+ action, a replaced message header may be
+ subject to address rewriting and may affect
+ the way that Postfix adds missing message
headers.
<b>REJECT</b> <i>optional text...</i>
- Reject the entire message. Reply with <i>optional</i>
+ Reject the entire message. Reply with <i>optional</i>
<i>text...</i> when the optional text is specified, other-
wise reply with a generic error message.
- Note: this action disables further header or
- <a href="postconf.5.html#body_checks">body_checks</a> inspection of the current message and
+ Note: this action disables further header or
+ <a href="postconf.5.html#body_checks">body_checks</a> inspection of the current message and
affects all recipients.
Postfix version 2.3 and later support enhanced sta-
enhanced status code of "5.7.1".
<b>WARN</b> <i>optional text...</i>
- Log a warning with the <i>optional text...</i> (or log a
- generic message) and inspect the next input line.
+ Log a warning with the <i>optional text...</i> (or log a
+ generic message) and inspect the next input line.
This action is useful for debugging and for testing
a pattern before applying more drastic actions.
<b>BUGS</b>
- Many people overlook the main limitations of header and
- <a href="postconf.5.html#body_checks">body_checks</a> rules. These rules operate on one logical
- message header or one body line at a time, and a decision
- made for one line is not carried over to the next line.
+ Many people overlook the main limitations of header and
+ <a href="postconf.5.html#body_checks">body_checks</a> rules. These rules operate on one logical
+ message header or one body line at a time, and a decision
+ made for one line is not carried over to the next line.
If text in the message body is encoded (<a href="http://www.faqs.org/rfcs/rfc2045.html">RFC 2045</a>) then the
- rules have to specified for the encoded form. Likewise,
+ rules have to specified for the encoded form. Likewise,
when message headers are encoded (<a href="http://www.faqs.org/rfcs/rfc2047.html">RFC 2047</a>) then the rules
need to be specified for the encoded form.
- Message headers added by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon itself are
+ Message headers added by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon itself are
excluded from inspection. Examples of such message headers
are <b>From:</b>, <b>To:</b>, <b>Message-ID:</b>, <b>Date:</b>.
- Message headers deleted by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon will be
+ Message headers deleted by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon will be
examined before they are deleted. Examples are: <b>Bcc:, Con-</b>
<b>tent-Length:</b>, <b>Return-Path:</b>.
<b><a href="postconf.5.html#body_checks">body_checks</a></b>
Lookup tables with content filter rules for message
body lines. These filters see one physical line at
- a
time, in chunks of at most <b>$<a href="postconf.5.html#line_length_limit">line_length_limit</a></b>
+ a
time, in chunks of at most <b>$<a href="postconf.5.html#line_length_limit">line_length_limit</a></b>
bytes.
<b><a href="postconf.5.html#body_checks_size_limit">body_checks_size_limit</a></b>
- The amount of content per message body segment
+ The amount of content per message body segment
(attachment) that is subjected to <b>$<a href="postconf.5.html#body_checks">body_checks</a></b> fil-
tering.
<b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a></b> (default: <b>$<a href="postconf.5.html#header_checks">header_checks</a></b>)
Lookup tables with content filter rules for message
- header lines: respectively, these are applied to
- the initial message headers (not including MIME
- headers), to the MIME headers anywhere in the mes-
- sage, and to the initial headers of attached mes-
+ header lines: respectively, these are applied to
+ the initial message headers (not including MIME
+ headers), to the MIME headers anywhere in the mes-
+ sage, and to the initial headers of attached mes-
sages.
- Note: these filters see one logical message header
- at a time, even when a message header spans multi-
- ple lines. Message headers that are longer than
+ Note: these filters see one logical message header
+ at a time, even when a message header spans multi-
+ ple lines. Message headers that are longer than
<b>$<a href="postconf.5.html#header_size_limit">header_size_limit</a></b> characters are truncated.
<b><a href="postconf.5.html#disable_mime_input_processing">disable_mime_input_processing</a></b>
- While receiving mail, give no special treatment to
- MIME related message headers; all text after the
+ While receiving mail, give no special treatment to
+ MIME related message headers; all text after the
initial message headers is considered to be part of
- the message body. This means that <b><a href="postconf.5.html#header_checks">header_checks</a></b> is
- applied to all the initial message headers, and
+ the message body. This means that <b><a href="postconf.5.html#header_checks">header_checks</a></b> is
+ applied to all the initial message headers, and
that <b><a href="postconf.5.html#body_checks">body_checks</a></b> is applied to the remainder of the
message.
- Note: when used in this manner, <b><a href="postconf.5.html#body_checks">body_checks</a></b> will
- process a multi-line message header one line at a
+ Note: when used in this manner, <b><a href="postconf.5.html#body_checks">body_checks</a></b> will
+ process a multi-line message header one line at a
time.
<b>EXAMPLES</b>
- Header pattern to block attachments with bad file name
+ Header pattern to block attachments with bad file name
extensions.
- /etc/postfix/main.cf:
+ /etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#header_checks">header_checks</a> = <a href="regexp_table.5.html">regexp</a>:/etc/postfix/header_checks
/etc/postfix/header_checks:
Body pattern to stop a specific HTML browser vulnerability
exploit.
- /etc/postfix/main.cf:
+ /etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#body_checks">body_checks</a> = <a href="regexp_table.5.html">regexp</a>:/etc/postfix/body_checks
/etc/postfix/body_checks:
<a href="BACKSCATTER_README.html">BACKSCATTER_README</a>, blocking returned forged mail
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
<p> Optional lookup tables with all valid addresses in the domains
that match $<a href="postconf.5.html#relay_domains">relay_domains</a>. Specify @domain as a wild-card for
-domains that do not have a valid recipient list. Technically, tables
+domains that have no valid recipient list, and become a source of
+backscatter mail: Postfix accepts spam for non-existent recipients
+and then floods innocent people with undeliverable mail. Technically,
+tables
listed with $<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> are used as lists: Postfix needs
to know only if a lookup string is found or not, but it does not
use the result from table lookup. </p>
Redirect mail for other users in <i>domain</i> to <i>address</i>.
This form has the lowest precedence.
+ Note: @<i>domain</i> is a wild-card. With this form, the
+ Postfix SMTP server accepts mail for any recipient
+ in <i>domain</i>, regardless of whether that recipient
+ exists. This may turn your mail system into a
+ backscatter source that returns undeliverable spam
+ to innocent people.
+
<b>RESULT ADDRESS REWRITING</b>
The lookup result is subject to address rewriting:
- <b>o</b> When the result has the form @<i>otherdomain</i>, the
- result becomes the same <i>user</i> in <i>otherdomain</i>. This
+ <b>o</b> When the result has the form @<i>otherdomain</i>, the
+ result becomes the same <i>user</i> in <i>otherdomain</i>. This
works only for the first address in a multi-address
lookup result.
- <b>o</b> When
"<b><a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a>=yes</b>", append "<b>@$<a href="postconf.5.html#myorigin">myorigin</a></b>"
+ <b>o</b> When
"<b><a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a>=yes</b>", append "<b>@$<a href="postconf.5.html#myorigin">myorigin</a></b>"
to addresses without "@domain".
<b>o</b> When "<b><a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a>=yes</b>", append "<b>.$<a href="postconf.5.html#mydomain">mydomain</a></b>"
<b>ADDRESS EXTENSION</b>
When a mail address localpart contains the optional recip-
- ient delimiter (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order
+ ient delimiter (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order
becomes: <i>user+foo</i>@<i>domain</i>, <i>user</i>@<i>domain</i>, <i>user+foo</i>, <i>user</i>, and
@<i>domain</i>.
- The <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b> parameter controls
- whether an unmatched address extension (<i>+foo</i>) is propa-
+ The <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b> parameter controls
+ whether an unmatched address extension (<i>+foo</i>) is propa-
gated to the result of table lookup.
<b>VIRTUAL ALIAS DOMAINS</b>
- Besides virtual aliases, the virtual alias table can also
+ Besides virtual aliases, the virtual alias table can also
be used to implement <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domains</a>. With a virtual
- alias domain, all recipient addresses are aliased to
+ alias domain, all recipient addresses are aliased to
addresses in other domains.
Virtual alias domains are not to be confused with the vir-
tual mailbox domains that are implemented with the Postfix
<a href="virtual.8.html"><b>virtual</b>(8)</a> mail delivery agent. With virtual mailbox
- domains, each recipient address can have its own mailbox.
+ domains, each recipient address can have its own mailbox.
- With a <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a>, the virtual domain has its
- own user name space. Local (i.e. non-virtual) usernames
- are not visible in a <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a>. In particular,
- local <a href="aliases.5.html"><b>aliases</b>(5)</a> and local mailing lists are not visible
+ With a virtual alias domain, the virtual domain has its
+ own user name space. Local (i.e. non-virtual) usernames
+ are not visible in a <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a>. In particular,
+ local <a href="aliases.5.html"><b>aliases</b>(5)</a> and local mailing lists are not visible
as <i>localname@virtual-alias.domain</i>.
Support for a <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a> looks like:
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = hash:/etc/postfix/virtual
- Note: some systems use <b>dbm</b> databases instead of <b>hash</b>.
- See the output from "<b>postconf -m</b>" for available data-
+ Note: some systems use <b>dbm</b> databases instead of <b>hash</b>.
+ See the output from "<b>postconf -m</b>" for available data-
base types.
/etc/postfix/<a href="virtual.8.html">virtual</a>:
<i>user1@virtual-alias.domain address1</i>
<i>user2@virtual-alias.domain address2, address3</i>
- The <i>virtual-alias.domain anything</i> entry is required for a
+ The <i>virtual-alias.domain anything</i> entry is required for a
<a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a>. <b>Without this entry, mail is rejected</b>
- <b>with "relay access denied", or bounces with "mail loops</b>
+ <b>with "relay access denied", or bounces with "mail loops</b>
<b>back to myself".</b>
- Do
not specify <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a> names in the <a href="postconf.5.html"><b>main.cf</b></a>
+ Do
not specify <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a> names in the <a href="postconf.5.html"><b>main.cf</b></a>
<b><a href="postconf.5.html#mydestination">mydestination</a></b> or <b><a href="postconf.5.html#relay_domains">relay_domains</a></b> configuration parameters.
- With a virtual alias domain, the Postfix SMTP server
- accepts mail for <i>known-user@virtual-alias.domain</i>, and
- rejects mail for <i>unknown-user</i>@<i>virtual-alias.domain</i> as
+ With a virtual alias domain, the Postfix SMTP server
+ accepts mail for <i>known-user@virtual-alias.domain</i>, and
+ rejects mail for <i>unknown-user</i>@<i>virtual-alias.domain</i> as
undeliverable.
- Instead of specifying the <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a> name via
- the <b><a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a></b> table, you may also specify it via
+ Instead of specifying the virtual alias domain name via
+ the <b><a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a></b> table, you may also specify it via
the <a href="postconf.5.html"><b>main.cf</a> <a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a></b> configuration parameter.
- This
latter parameter uses the same syntax as the <a href="postconf.5.html"><b>main.cf</b></a>
+ This
latter parameter uses the same syntax as the <a href="postconf.5.html"><b>main.cf</b></a>
<b><a href="postconf.5.html#mydestination">mydestination</a></b> configuration parameter.
<b>REGULAR EXPRESSION TABLES</b>
- This section describes how the table lookups change when
+ This section describes how the table lookups change when
the table is given in the form of regular expressions. For
- a description of regular expression lookup table syntax,
+ a description of regular expression lookup table syntax,
see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
- Each pattern is a regular expression that is applied to
+ Each pattern is a regular expression that is applied to
the entire address being looked up. Thus, <i>user@domain</i> mail
- addresses are not broken up into their <i>user</i> and <i>@domain</i>
+ addresses are not broken up into their <i>user</i> and <i>@domain</i>
constituent parts, nor is <i>user+foo</i> broken up into <i>user</i> and
<i>foo</i>.
- Patterns are applied in the order as specified in the ta-
- ble, until a pattern is found that matches the search
+ Patterns are applied in the order as specified in the ta-
+ ble, until a pattern is found that matches the search
string.
- Results are the same as with indexed file lookups, with
- the additional feature that parenthesized substrings from
+ Results are the same as with indexed file lookups, with
+ the additional feature that parenthesized substrings from
the pattern can be interpolated as <b>$1</b>, <b>$2</b> and so on.
<b>TCP-BASED TABLES</b>
- This section describes how the table lookups change when
+ This section describes how the table lookups change when
lookups are directed to a TCP-based server. For a descrip-
tion of the TCP client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_ta-</b></a>
<a href="tcp_table.5.html"><b>ble</b>(5)</a>. This feature is not available up to and including
Postfix version 2.4.
Each lookup operation uses the entire address once. Thus,
- <i>user@domain</i> mail addresses are not broken up into their
+ <i>user@domain</i> mail addresses are not broken up into their
<i>user</i> and <i>@domain</i> constituent parts, nor is <i>user+foo</i> broken
up into <i>user</i> and <i>foo</i>.
Results are the same as with indexed file lookups.
<b>BUGS</b>
- The table format does not understand quoting conventions.
+ The table format does not understand quoting conventions.
<b>CONFIGURATION PARAMETERS</b>
- The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant
- to this topic. See the Postfix <a href="postconf.5.html"><b>main.cf</b></a> file for syntax
- details and for default values. Use the "<b>postfix reload</b>"
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant
+ to this topic. See the Postfix <a href="postconf.5.html"><b>main.cf</b></a> file for syntax
+ details and for default values. Use the "<b>postfix reload</b>"
command after a configuration change.
<b><a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a></b>
List of virtual aliasing tables.
<b><a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a></b>
- List of <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domains</a>. This uses the same
+ List of <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domains</a>. This uses the same
syntax as the <b><a href="postconf.5.html#mydestination">mydestination</a></b> parameter.
<b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b>
- A list of address rewriting or forwarding mecha-
- nisms that propagate an address extension from the
- original address to the result. Specify zero or
- more of <b>canonical</b>, <b>virtual</b>, <b>alias</b>, <b>forward</b>,
+ A list of address rewriting or forwarding mecha-
+ nisms that propagate an address extension from the
+ original address to the result. Specify zero or
+ more of <b>canonical</b>, <b>virtual</b>, <b>alias</b>, <b>forward</b>,
<b>include</b>, or <b>generic</b>.
Other parameters of interest:
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b>
- The network interface addresses that this system
+ The network interface addresses that this system
receives mail on. You need to stop and start Post-
fix when this parameter changes.
<b><a href="postconf.5.html#mydestination">mydestination</a></b>
- List of domains that this mail system considers
+ List of domains that this mail system considers
local.
<b><a href="postconf.5.html#myorigin">myorigin</a></b>
- The domain that is appended to any address that
+ The domain that is appended to any address that
does not have a domain.
<b><a href="postconf.5.html#owner_request_special">owner_request_special</a></b>
<a href="VIRTUAL_README.html">VIRTUAL_README</a>, domain hosting guide
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
.SH DESCRIPTION
.ad
.fi
-The Postfix SMTP server \fBaccess\fR(5) table specifies
-actions that are triggered by information from or about
-remote SMTP clients: host names, network addresses, or email
-addresses. An action may grant or deny access, or it may
-change the way that an email transaction will be handled.
+The Postfix SMTP server supports access control on information
+about remote SMTP clients or information received in SMTP
+commands: host names, network addresses, envelope sender
+or recipient addresses. See header_checks(5) or body_checks(5)
+for access control on the content of email messages.
Normally, the \fBaccess\fR(5) table is specified as a text file
that serves as input to the \fBpostmap\fR(1) command.
specified, otherwise reply with a generic error response message.
.IP "\fBDEFER_IF_REJECT \fIoptional text...\fR
Defer the request if some later restriction would result in a
-REJECT action. Reply with "\fB450\fI optional text...\fR when the
+REJECT action. Reply with "\fB450 4.7.1 \fI optional
+text...\fR when the
optional text is specified, otherwise reply with a generic error
response message.
.sp
.IP "\fBDEFER_IF_PERMIT \fIoptional text...\fR
Defer the request if some later restriction would result in a
an explicit or implicit PERMIT action.
-Reply with "\fB450\fI optional text...\fR when the
+Reply with "\fB450 4.7.1 \fI optional text...\fR when the
optional text is specified, otherwise reply with a generic error
response message.
.sp
This feature is available in Postfix 2.0 and later.
.IP "\fBPREPEND \fIheadername: headervalue\fR"
Prepend the specified message header to the message.
-When this action executes multiple times, the first prepended
-header appears before the second etc. prepended header.
-.sp
-Note: this action does not support multi-line message headers.
+When more than one PREPEND action executes, the first
+prepended header appears before the second etc. prepended
+header.
.sp
Note: this action must execute before the message content
is received; it cannot execute in the context of
When the command fails, a limited amount of command output is
mailed back to the sender. The file \fB/usr/include/sysexits.h\fR
defines the expected exit status codes. For example, use
-\fB|"exit 67"\fR to simulate a "user unknown" error, and
-\fB|"exit 0"\fR to implement an expensive black hole.
+\fB"|exit 67"\fR to simulate a "user unknown" error, and
+\fB"|exit 0"\fR to implement an expensive black hole.
.IP \fB:include:\fI/file/name\fR
Mail is sent to the destinations listed in the named file.
Lines in \fB:include:\fR files have the same syntax
.nf
.ad
.fi
-To create customized bounce template file, create a temporary
+To create a customized bounce template file, create a
+temporary
copy of the file \fB/etc/postfix/bounce.cf.default\fR and
edit the temporary file.
by legacy mail systems.
The \fBcanonical\fR(5) mapping is not to be confused with \fIvirtual
-domain\fR support. Use the \fBvirtual\fR(5) map for that purpose.
-
-The \fBcanonical\fR(5) mapping is not to be confused with local aliasing.
-Use the \fBaliases\fR(5) map for that purpose.
+alias\fR support or with local aliasing. To change the destination
+but not the headers, use the \fBvirtual\fR(5) or \fBaliases\fR(5)
+map instead.
.SH "CASE FOLDING"
.na
.nf
.IP "@\fIdomain address\fR"
Replace other addresses in \fIdomain\fR by \fIaddress\fR.
This form has the lowest precedence.
+.sp
+Note: @\fIdomain\fR is a wild-card. When this form is applied
+to recipient addresses, the Postfix SMTP server accepts
+mail for any recipient in \fIdomain\fR, regardless of whether
+that recipient exists. This may turn your mail system into
+a backscatter source that returns undeliverable spam to
+innocent people.
.SH "RESULT ADDRESS REWRITING"
.na
.nf
.nf
The CIDR table lookup code was originally written by:
Jozsef Kadlecsik
-kadlec@blackhole.kfki.hu
KFKI Research Institute for Particle and Nuclear Physics
POB. 49
1525 Budapest, Hungary
.fi
Postfix provides a simple built-in content inspection mechanism that
examines incoming mail one message header or one message body line
-at a time. Each input is compared against a list of patterns, and
-when a match is found the corresponding action is executed.
+at a time. Each input is compared against a list of patterns.
+When a match is found the corresponding action is executed, and
+the matching process is repeated for the next input line.
This feature is implemented by the Postfix \fBcleanup\fR(8) server.
For examples, see the EXAMPLES section at the end of this
.SH relay_recipient_maps (default: empty)
Optional lookup tables with all valid addresses in the domains
that match $relay_domains. Specify @domain as a wild-card for
-domains that do not have a valid recipient list. Technically, tables
+domains that have no valid recipient list, and become a source of
+backscatter mail: Postfix accepts spam for non-existent recipients
+and then floods innocent people with undeliverable mail. Technically,
+tables
listed with $relay_recipient_maps are used as lists: Postfix needs
to know only if a lookup string is found or not, but it does not
use the result from table lookup.
.IP "@\fIdomain address, address, ...\fR"
Redirect mail for other users in \fIdomain\fR to \fIaddress\fR.
This form has the lowest precedence.
+.sp
+Note: @\fIdomain\fR is a wild-card. With this form, the
+Postfix SMTP server accepts
+mail for any recipient in \fIdomain\fR, regardless of whether
+that recipient exists. This may turn your mail system into
+a backscatter source that returns undeliverable spam to
+innocent people.
.SH "RESULT ADDRESS REWRITING"
.na
.nf
<h2><a name="build_sasl">Building the Cyrus SASL library</a></h2>
-<p> Postfix appears to work with cyrus-sasl-1.5.5 or cyrus-sasl-2.1.1,
+<p> Postfix appears to work with cyrus-sasl-1.5.x or cyrus-sasl-2.1.x,
which are available from: </p>
<blockquote>
<p> IMPORTANT: if you install the Cyrus SASL libraries as per the
default, you will have to symlink /usr/lib/sasl -> /usr/local/lib/sasl
-for version 1.5.5 or /usr/lib/sasl2 -> /usr/local/lib/sasl2 for
-version 2.1.1. </p>
+for version 1.5.x or /usr/lib/sasl2 -> /usr/local/lib/sasl2 for
+version 2.1.x. </p>
-<p> Reportedly, Microsoft Internet Explorer version 5 requires the
-non-standard SASL LOGIN authentication method. To enable this
+<p> Reportedly, Microsoft Outlook (Express) requires the
+non-standard LOGIN authentication method. To enable this
authentication method, specify ``./configure --enable-login''. </p>
<h2><a name="build_postfix">Building Postfix with Cyrus SASL support</a></h2>
<dl>
-<dt> (for Cyrus SASL version 1.5.5):
+<dt> (for Cyrus SASL version 1.5.x):
<dd>
<pre>
% make tidy # if you have left-over files from a previous build
-I/usr/local/include" AUXLIBS="-L/usr/local/lib -lsasl"
</pre>
-<dt> (for Cyrus SASL version 2.1.1):
+<dt> (for Cyrus SASL version 2.1.x):
<dd>
<pre>
% make tidy # if you have left-over files from a previous build
<dl>
-<dt> (for Cyrus SASL version 1.5.5):
+<dt> (for Cyrus SASL version 1.5.x):
<dd>
<pre>
% make tidy # if you have left-over files from a previous build
-R/usr/local/lib -lsasl"
</pre>
-<dt> (for Cyrus SASL version 2.1.1):
+<dt> (for Cyrus SASL version 2.1.x):
<dd>
<pre>
% make tidy # if you have left-over files from a previous build
<p> Older Microsoft SMTP client software implements a non-standard
version of the AUTH protocol syntax, and expects that the SMTP
-server replies to EHLO with "250 AUTH=stuff" instead of "250 AUTH
-stuff". To accommodate such clients (in addition to conformant
+server replies to EHLO with "250 AUTH=mechanism-list" instead of
+"250 AUTH mechanism-list". To accommodate such clients (in addition
+to conformant
clients) use the following: </p>
<blockquote>
<h2><a name="server_cyrus">Cyrus SASL configuration for the Postfix
SMTP server</a></h2>
-<p> In /usr/local/lib/sasl/smtpd.conf (Cyrus SASL version 1.5.5) or
-/usr/local/lib/sasl2/smtpd.conf (Cyrus SASL version 2.1.1) you need to
-specify how the server should validate client passwords. </p>
+<p> You need to configure how the Cyrus SASL library should
+authenticate a client's username and password. These settings must
+be stored in a separate configuration file. </p>
+
+<p> The name of the configuration file (default: smtpd.conf) will
+be constructed from a value sent by Postfix to the Cyrus SASL
+library, which adds the suffix .conf. The value is configured using
+one of the following variables: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/main.cf:
+ # Postfix 2.3 and later
+ smtpd_sasl_path = smtpd
+ # Postfix < 2.3
+ smtpd_sasl_application_name = smtpd
+</pre>
+</blockquote>
+
+<p> Cyrus SASL searches for the configuration file in /usr/local/lib/sasl/
+(Cyrus SASL version 1.5.5) or /usr/local/lib/sasl2/ (Cyrus SASL
+version 2.1.x). </p>
<p> Note: some Postfix distributions are modified and look for
-the smtpd.conf file in /etc/postfix. </p>
+the smtpd.conf file in /etc/postfix/sasl. </p>
<p> Note: some Cyrus SASL distributions look for the smtpd.conf
file in /etc/sasl2. </p>
<ul>
-<li> <p> To authenticate against the UNIX password database, try: </p>
+<li> <p> To authenticate against the UNIX password database, use: </p>
<dl>
-<dt> (Cyrus SASL version 1.5.5)
+<dt> (Cyrus SASL version 1.5.x)
<dd>
<pre>
/usr/local/lib/sasl/smtpd.conf:
</pre>
-<dt> (Cyrus SASL version 2.1.1)
-<dd>
-<pre>
-/usr/local/lib/sasl2/smtpd.conf:
- pwcheck_method: pwcheck
-</pre>
-
-</dl>
-
-<p> The name of the file in /usr/local/lib/sasl (Cyrus SASL version
-1.5.5) or /usr/local/lib/sasl2 (Cyrus SASL version 2.1.1) used by
-the SASL
-library for configuration can be set with: </p>
-
-<blockquote>
-<pre>
-/etc/postfix/main.cf:
- smtpd_sasl_application_name = smtpd (Postfix < 2.3)
- smtpd_sasl_path = smtpd (Postfix 2.3 and later)
-</pre>
-</blockquote>
+<p> IMPORTANT: pwcheck establishes a UNIX domain socket in /var/pwcheck
+and waits for authentication requests. Postfix processes must have
+read+execute permission to this directory or authentication attempts
+will fail. </p>
<p> The pwcheck daemon is contained in the cyrus-sasl source tarball. </p>
-<p> IMPORTANT: postfix processes need to have group read+execute
-permission for the /var/pwcheck directory, otherwise authentication
-attempts will fail. </p>
-
-<li> <p> Alternately, in Cyrus SASL 1.5.26 and later (including
-2.1.1), try: </p>
-
-<dl>
-
<dt> (Cyrus SASL version 1.5.26)
<dd>
<pre>
pwcheck_method: saslauthd
</pre>
-<dt> (Cyrus SASL version 2.1.1)
+<dt> (Cyrus SASL version 2.1.x)
<dd>
<pre>
/usr/local/lib/sasl2/smtpd.conf:
pwcheck_method: saslauthd
+ mech_list: PLAIN LOGIN
</pre>
</dl>
can authenticate against PAM and various other sources. To use PAM,
start saslauthd with "-a pam". </p>
+<p> IMPORTANT: saslauthd usually establishes a UNIX domain socket
+in /var/run/saslauthd and waits for authentication requests. Postfix
+processes must have read+execute permission to this directory or
+authentication attempts will fail. </p>
+
+<p> Note: The directory where saslauthd puts the socket is configurable.
+See the command-line option "-m /path/to/socket" in the saslauthd
+--help listing. </p>
+
<li> <p> To authenticate against Cyrus SASL's own password database: </p>
<dl>
-<dt> (Cyrus SASL version 1.5.5)
+<dt> (Cyrus SASL version 1.5.x)
<dd>
<pre>
/usr/local/lib/sasl/smtpd.conf:
- pwcheck_method: sasldb
+ pwcheck_method: sasldb
</pre>
-<dt> (Cyrus SASL version 2.1.1)
+<dt> (Cyrus SASL version 2.1.x)
<dd>
<pre>
/usr/local/lib/sasl2/smtpd.conf:
- pwcheck_method: auxprop
+ pwcheck_method: auxprop
+ auxprop_plugin: sasldb
+ mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
</pre>
</dl>
<p> This will use the Cyrus SASL password file (default: /etc/sasldb in
-version 1.5.5, or /etc/sasldb2 in version 2.1.1), which is maintained
+version 1.5.x, or /etc/sasldb2 in version 2.1.x), which is maintained
with the saslpasswd or saslpasswd2 command (part of the Cyrus SASL
software). On some poorly-supported systems the saslpasswd command needs
to be run multiple times before it stops complaining. The Postfix SMTP
<p> EXAMPLE: </p>
<dl>
-<dt> (Cyrus SASL version 1.5.5)
+<dt> (Cyrus SASL version 1.5.x)
<dd>
<pre>
% saslpasswd -c -u `postconf -h myhostname` exampleuser
</pre>
-<dt> (Cyrus SASL version 2.1.1)
+<dt> (Cyrus SASL version 2.1.x)
<dd>
<pre>
% saslpasswd2 -c -u `postconf -h myhostname` exampleuser
</dl>
<p> You can find out SASL's idea about the realms of the users
-in sasldb with <i>sasldblistusers</i> (Cyrus SASL version 1.5.5) or
-<i>sasldblistusers2</i> (Cyrus SASL version 2.1.1). </p>
+in sasldb with <i>sasldblistusers</i> (Cyrus SASL version 1.5.x) or
+<i>sasldblistusers2</i> (Cyrus SASL version 2.1.x). </p>
<p> On the Postfix side, you can have only one realm per smtpd
instance, and only the users belonging to that realm would be able to
</ul>
-<p> IMPORTANT: all users must be able to authenticate using ALL
-authentication mechanisms advertised by Postfix, otherwise the
-negotiation might end up with an unsupported mechanism, and
-authentication would fail. For example if you configure SASL to
-use <i>saslauthd</i> for authentication against PAM (pluggable
-authentication modules), only the PLAIN and LOGIN mechanisms are
-supported and stand a chance to succeed, yet the SASL library would also
-advertise other mechanisms, such as DIGEST-MD5. This happens because
-those mechanisms are made available by other plugins, and the SASL
-library have no way to know that your only valid authentication source
-is PAM. Thus you might need to limit the list of mechanisms advertised
-by Postfix. </p>
+<p> IMPORTANT: The Cyrus SASL password verification services pwcheck
+and saslauthd can only support the plaintext mechanisms PLAIN or
+LOGIN. However, the Cyrus SASL library doesn't know this, and will
+happily advertise other authentication mechanisms that the SASL
+library implements, such as DIGEST-MD5. As a result, if an SMTP
+client chooses any mechanism other than PLAIN or LOGIN while pwcheck
+or saslauthd are used, authentication will fail. Thus you may need
+to limit the list of mechanisms advertised by Postfix. </p>
<ul>
library files from the SASL plug-in directory (and again whenever
the system is updated). </p>
-<li> <p> With Cyrus SASL version 2.1.1 or later: </p>
+<li> <p> With Cyrus SASL version 2.1.x or later the mech_list variable
+can specify a list of authentication mechanisms that Cyrus SASL may
+offer: </p>
<blockquote>
<pre>
<ul>
-<li> <p> With Cyrus SASL version 1.5.5 your only choice is to
+<li> <p> With Cyrus SASL version 1.5.x your only choice is to
delete the corresponding library files from the SASL plug-in
directory. </p>
-<li> <p> With SASL version 2.1.1: </p>
+<li> <p> With SASL version 2.1.x: </p>
<blockquote>
<pre>
/usr/local/lib/sasl2/smtpd.conf:
- pwcheck_method: auxprop
- auxprop_plugin: sql
+ pwcheck_method: auxprop
+ auxprop_plugin: sql
</pre>
</blockquote>
<h2><a name="debugging">Trouble shooting the SASL internals</a></h2>
<p> In the Cyrus SASL sources you'll find a subdirectory named
-"sample". Run make there, "su" to the user <i>postfix</i> (or
-whatever your <i>mail_owner</i> directive is set to):
+"sample". Run make there, then create a symbolic link from sample.conf
+to smtpd.conf in your Cyrus SASL library directory /usr/local/lib/sasl2.
+"su" to the user <i>postfix</i> (or whatever your <i>mail_owner</i>
+directive is set to): </p>
<blockquote>
<pre>
</blockquote>
<p> then run the resulting sample server and client in separate
-terminals. Strace / ktrace / truss the server to see what makes
-it unhappy, and fix the problem. Repeat the previous step until
-you can successfully authenticate with the sample client. Only
-then get back to Postfix. </p>
+terminals. The sample applications send log messages to the syslog
+facility auth. Check the log to fix the problem or run strace /
+ktrace / truss on the server to see what makes it unhappy. Repeat
+the previous step until you can successfully authenticate with the
+sample client. Only then get back to Postfix. </p>
<h2><a name="client_sasl">Enabling SASL authentication in the
Postfix SMTP client</a></h2>
</pre>
</blockquote>
+<p> The Postfix SASL client password file is opened before the SMTP
+server enters the optional chroot jail, so you can keep the file
+in /etc/postfix and set permissions read / write only for root to
+keep the username:password combinations away from other system
+users. </p>
+
<p> Postfix version 2.3 supports-per-sender SASL password
information. To search the Postfix SASL password by sender
before it searches by destination, specify: </p>
</pre>
</blockquote>
-<p> The Postfix SASL client password file is opened before the SMTP server
-enters the optional chroot jail, so you can keep the file in
-/etc/postfix. </p>
-
<p> Note: Some SMTP servers support authentication mechanisms that,
although available on the client system, may not in practice work or
possess the appropriate credentials to authenticate to the server. It
</blockquote>
<p> In the above example, Postfix will decline to use mechanisms
-that require special infrastructure such as Kerberos. </p>
+that require special infrastructure such as Kerberos or TLS. </p>
<p> The Postfix SMTP client is backwards compatible with SMTP
servers that use the non-standard "AUTH=method..." syntax in response
<li> The Dovecot SMTP server-only plug-in was originally implemented by
Timo Sirainen of Procontrol, Finland.
+<li> Patrick Ben Koetter revised this document for Postfix 2.4 and
+made much needed updates.
+
</ul>
</body>
<h2><a name="conn_limit">Measures against clients that make too many connections</a></h2>
-<p> Note: this feature is not included with Postfix version 2.1. </p>
+<p> Note: the anvil(8) service was introduced with Postfix version
+2.2. </p>
<p> The Postfix smtpd(8) server can limit the number of simultaneous
connections from the same SMTP client, as well as the number of
#
# \fBpostmap -q - /etc/postfix/access <\fIinputfile\fR
# DESCRIPTION
-# The Postfix SMTP server \fBaccess\fR(5) table specifies
-# actions that are triggered by information from or about
-# remote SMTP clients: host names, network addresses, or email
-# addresses. An action may grant or deny access, or it may
-# change the way that an email transaction will be handled.
+# The Postfix SMTP server supports access control on information
+# about remote SMTP clients or information received in SMTP
+# commands: host names, network addresses, envelope sender
+# or recipient addresses. See header_checks(5) or body_checks(5)
+# for access control on the content of email messages.
#
# Normally, the \fBaccess\fR(5) table is specified as a text file
# that serves as input to the \fBpostmap\fR(1) command.
# specified, otherwise reply with a generic error response message.
# .IP "\fBDEFER_IF_REJECT \fIoptional text...\fR
# Defer the request if some later restriction would result in a
-# REJECT action. Reply with "\fB450\fI optional text...\fR when the
+# REJECT action. Reply with "\fB450 4.7.1 \fI optional
+# text...\fR when the
# optional text is specified, otherwise reply with a generic error
# response message.
# .sp
# .IP "\fBDEFER_IF_PERMIT \fIoptional text...\fR
# Defer the request if some later restriction would result in a
# an explicit or implicit PERMIT action.
-# Reply with "\fB450\fI optional text...\fR when the
+# Reply with "\fB450 4.7.1 \fI optional text...\fR when the
# optional text is specified, otherwise reply with a generic error
# response message.
# .sp
# This feature is available in Postfix 2.0 and later.
# .IP "\fBPREPEND \fIheadername: headervalue\fR"
# Prepend the specified message header to the message.
-# When this action executes multiple times, the first prepended
-# header appears before the second etc. prepended header.
-# .sp
-# Note: this action does not support multi-line message headers.
+# When more than one PREPEND action executes, the first
+# prepended header appears before the second etc. prepended
+# header.
# .sp
# Note: this action must execute before the message content
# is received; it cannot execute in the context of
# When the command fails, a limited amount of command output is
# mailed back to the sender. The file \fB/usr/include/sysexits.h\fR
# defines the expected exit status codes. For example, use
-# \fB|"exit 67"\fR to simulate a "user unknown" error, and
-# \fB|"exit 0"\fR to implement an expensive black hole.
+# \fB"|exit 67"\fR to simulate a "user unknown" error, and
+# \fB"|exit 0"\fR to implement an expensive black hole.
# .IP \fB:include:\fI/file/name\fR
# Mail is sent to the destinations listed in the named file.
# Lines in \fB:include:\fR files have the same syntax
# GENERAL PROCEDURE
# .ad
# .fi
-# To create customized bounce template file, create a temporary
+# To create a customized bounce template file, create a
+# temporary
# copy of the file \fB/etc/postfix/bounce.cf.default\fR and
# edit the temporary file.
#
# by legacy mail systems.
#
# The \fBcanonical\fR(5) mapping is not to be confused with \fIvirtual
-# domain\fR support. Use the \fBvirtual\fR(5) map for that purpose.
-#
-# The \fBcanonical\fR(5) mapping is not to be confused with local aliasing.
-# Use the \fBaliases\fR(5) map for that purpose.
+# alias\fR support or with local aliasing. To change the destination
+# but not the headers, use the \fBvirtual\fR(5) or \fBaliases\fR(5)
+# map instead.
# CASE FOLDING
# .ad
# .fi
# .IP "@\fIdomain address\fR"
# Replace other addresses in \fIdomain\fR by \fIaddress\fR.
# This form has the lowest precedence.
+# .sp
+# Note: @\fIdomain\fR is a wild-card. When this form is applied
+# to recipient addresses, the Postfix SMTP server accepts
+# mail for any recipient in \fIdomain\fR, regardless of whether
+# that recipient exists. This may turn your mail system into
+# a backscatter source that returns undeliverable spam to
+# innocent people.
# RESULT ADDRESS REWRITING
# .ad
# .fi
# AUTHOR(S)
# The CIDR table lookup code was originally written by:
# Jozsef Kadlecsik
-# kadlec@blackhole.kfki.hu
# KFKI Research Institute for Particle and Nuclear Physics
# POB. 49
# 1525 Budapest, Hungary
# DESCRIPTION
# Postfix provides a simple built-in content inspection mechanism that
# examines incoming mail one message header or one message body line
-# at a time. Each input is compared against a list of patterns, and
-# when a match is found the corresponding action is executed.
+# at a time. Each input is compared against a list of patterns.
+# When a match is found the corresponding action is executed, and
+# the matching process is repeated for the next input line.
# This feature is implemented by the Postfix \fBcleanup\fR(8) server.
#
# For examples, see the EXAMPLES section at the end of this
<p> Optional lookup tables with all valid addresses in the domains
that match $relay_domains. Specify @domain as a wild-card for
-domains that do not have a valid recipient list. Technically, tables
+domains that have no valid recipient list, and become a source of
+backscatter mail: Postfix accepts spam for non-existent recipients
+and then floods innocent people with undeliverable mail. Technically,
+tables
listed with $relay_recipient_maps are used as lists: Postfix needs
to know only if a lookup string is found or not, but it does not
use the result from table lookup. </p>
# .IP "@\fIdomain address, address, ...\fR"
# Redirect mail for other users in \fIdomain\fR to \fIaddress\fR.
# This form has the lowest precedence.
+# .sp
+# Note: @\fIdomain\fR is a wild-card. With this form, the
+# Postfix SMTP server accepts
+# mail for any recipient in \fIdomain\fR, regardless of whether
+# that recipient exists. This may turn your mail system into
+# a backscatter source that returns undeliverable spam to
+# innocent people.
# RESULT ADDRESS REWRITING
# .ad
# .fi
VAR_BODY_CHECKS, DEF_BODY_CHECKS, &var_body_checks, 0, 0,
VAR_PROP_EXTENSION, DEF_PROP_EXTENSION, &var_prop_extension, 0, 0,
VAR_ALWAYS_BCC, DEF_ALWAYS_BCC, &var_always_bcc, 0, 0,
- VAR_RCPT_WITHELD, DEF_RCPT_WITHELD, &var_rcpt_witheld, 1, 0,
+ VAR_RCPT_WITHELD, DEF_RCPT_WITHELD, &var_rcpt_witheld, 0, 0,
VAR_MASQ_CLASSES, DEF_MASQ_CLASSES, &var_masq_classes, 0, 0,
VAR_SEND_BCC_MAPS, DEF_SEND_BCC_MAPS, &var_send_bcc_maps, 0, 0,
VAR_RCPT_BCC_MAPS, DEF_RCPT_BCC_MAPS, &var_rcpt_bcc_maps, 0, 0,
#define VISIBLE_RCPT ((1 << HDR_TO) | (1 << HDR_RESENT_TO) \
| (1 << HDR_CC) | (1 << HDR_RESENT_CC))
- if ((state->headers_seen & VISIBLE_RCPT) == 0)
+ if ((state->headers_seen & VISIBLE_RCPT) == 0 && *var_rcpt_witheld)
cleanup_out_format(state, REC_TYPE_NORM, "%s", var_rcpt_witheld);
/*
}
if (line == start) {
cleanup_out_string(state, REC_TYPE_NORM, line);
- if (line_len < REC_TYPE_PTR_PAYL_SIZE)
+ if ((state->milters || cleanup_milters)
+ && line_len < REC_TYPE_PTR_PAYL_SIZE)
rec_pad(state->dst, REC_TYPE_DTXT,
REC_TYPE_PTR_PAYL_SIZE - line_len);
} else if (IS_SPACE_TAB(*line)) {
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20070306"
-#define MAIL_VERSION_NUMBER "2.4.0-RC4"
+#define MAIL_RELEASE_DATE "20070312"
+#define MAIL_VERSION_NUMBER "2.4.0-RC5"
#ifdef SNAPSHOT
# define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE
TESTSRC =
DEFS = -I. -I$(INC_DIR) -D$(SYSTYPE)
CFLAGS = $(DEBUG) $(OPT) $(DEFS)
-TESTPROG= smtp_unalias smtp_map11 legacy levels
+TESTPROG= smtp_unalias smtp_map11
PROG = smtp
INC_DIR = ../../include
LIBS = ../../lib/libmaster.a ../../lib/libtls.a ../../lib/libdns.a \
smtp_map11: smtp_map11.c $(LIBS)
$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIBS) $(SYSLIBS)
-legacy: legacy.c $(LIBS)
- $(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIBS)
-
-levels: levels.c $(LIBS)
- $(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIBS)
-
# This needs trivial-rewrite service and myorigin==mydomain
smtp_map11_test: smtp_map11 map11_map smtp_map11.ref
../postmap/postmap map11_map
@$(EXPORT) make -f Makefile.in Makefile 1>&2
# do not edit below this line - it is generated by 'make depend'
-legacy.o: ../../include/msg.h
-legacy.o: ../../include/stringops.h
-legacy.o: ../../include/sys_defs.h
-legacy.o: ../../include/vbuf.h
-legacy.o: ../../include/vstream.h
-legacy.o: ../../include/vstring.h
-legacy.o: ../../include/vstring_vstream.h
-legacy.o: legacy.c
-levels.o: ../../include/argv.h
-levels.o: ../../include/attr.h
-levels.o: ../../include/deliver_request.h
-levels.o: ../../include/dict.h
-levels.o: ../../include/dsn.h
-levels.o: ../../include/dsn_buf.h
-levels.o: ../../include/htable.h
-levels.o: ../../include/maps.h
-levels.o: ../../include/match_list.h
-levels.o: ../../include/match_ops.h
-levels.o: ../../include/msg.h
-levels.o: ../../include/msg_stats.h
-levels.o: ../../include/name_code.h
-levels.o: ../../include/name_mask.h
-levels.o: ../../include/recipient_list.h
-levels.o: ../../include/resolve_clnt.h
-levels.o: ../../include/scache.h
-levels.o: ../../include/string_list.h
-levels.o: ../../include/stringops.h
-levels.o: ../../include/sys_defs.h
-levels.o: ../../include/tls.h
-levels.o: ../../include/tok822.h
-levels.o: ../../include/vbuf.h
-levels.o: ../../include/vstream.h
-levels.o: ../../include/vstring.h
-levels.o: ../../include/vstring_vstream.h
-levels.o: levels.c
-levels.o: smtp.h
lmtp_params.o: lmtp_params.c
smtp.o: ../../include/argv.h
smtp.o: ../../include/attr.h
+++ /dev/null
- /*
- * The old legacy TLS per-site policy engine, implemented with multiple
- * boolean variables, stripped down for exhaustive comparison with the new
- * legacy policy engine.
- */
-/* System library. */
-
-#include <sys_defs.h>
-#include <string.h>
-#include <stdlib.h>
-
-#ifdef STRCASECMP_IN_STRINGS_H
-#include <strings.h>
-#endif
-
-/* Utility library. */
-
-#include <msg.h>
-#include <vstring.h>
-#include <vstring_vstream.h>
-#include <stringops.h>
-
- /*
- * Global policy variables.
- */
-int var_smtp_enforce_tls;
-int var_smtp_tls_enforce_peername;
-int var_smtp_use_tls;
-
- /*
- * Simplified session structure.
- */
-typedef struct {
- int tls_use_tls;
- int tls_enforce_tls;
- int tls_enforce_peername;
-} SMTP_SESSION;
-
- /*
- * Per-site policies can override main.cf settings.
- */
-typedef struct {
- int dont_use; /* don't use TLS */
- int use; /* useless, see above */
- int enforce; /* must always use TLS */
- int enforce_peername; /* must verify certificate name */
-} SMTP_TLS_SITE_POLICY;
-
-/* smtp_tls_site_policy - look up per-site TLS policy */
-
-static void smtp_tls_site_policy(SMTP_TLS_SITE_POLICY *policy,
- const char *lookup)
-{
-
- /*
- * Initialize the default policy.
- */
- policy->dont_use = 0;
- policy->use = 0;
- policy->enforce = 0;
- policy->enforce_peername = 0;
-
- /*
- * Look up a non-default policy.
- */
- if (strcasecmp(lookup, "-")) {
- if (!strcasecmp(lookup, "NONE"))
- policy->dont_use = 1;
- else if (!strcasecmp(lookup, "MAY"))
- policy->use = 1;
- else if (!strcasecmp(lookup, "MUST"))
- policy->enforce = policy->enforce_peername = 1;
- else if (!strcasecmp(lookup, "MUST_NOPEERMATCH"))
- policy->enforce = 1;
- else
- msg_fatal("unknown TLS policy '%s'", lookup);
- }
-}
-
-static void policy(SMTP_SESSION *session, const char *host, const char *dest)
-{
- SMTP_TLS_SITE_POLICY host_policy;
- SMTP_TLS_SITE_POLICY rcpt_policy;
-
- session->tls_use_tls = session->tls_enforce_tls = 0;
- session->tls_enforce_peername = 0;
-
- /*
- * Override the main.cf TLS policy with an optional per-site policy.
- */
- smtp_tls_site_policy(&host_policy, host);
- smtp_tls_site_policy(&rcpt_policy, dest);
-
- /*
- * Fix 200601: a combined per-site (NONE + MAY) policy changed global
- * MUST into NONE, and all weaker global policies into MAY. This was
- * discovered with exhaustive simulation. Fix verified by comparing
- * exhaustive simulation results with Postfix 2.3 which re-implements
- * per-site policies from the ground up.
- */
-#ifdef FIX200601
- if ((host_policy.dont_use || rcpt_policy.dont_use)
- && (host_policy.use || rcpt_policy.use)) {
- host_policy.use = rcpt_policy.use = 0;
- host_policy.dont_use = rcpt_policy.dont_use = 1;
- }
-#endif
-
- /*
- * Set up TLS enforcement for this session.
- */
- if ((var_smtp_enforce_tls && !host_policy.dont_use && !rcpt_policy.dont_use)
- || host_policy.enforce || rcpt_policy.enforce)
- session->tls_enforce_tls = session->tls_use_tls = 1;
-
- /*
- * Set up peername checking for this session.
- *
- * We want to make sure that a MUST* entry in the tls_per_site table always
- * has precedence. MUST always must lead to a peername check,
- * MUST_NOPEERMATCH must always disable it. Only when no explicit setting
- * has been found, the default will be used.
- *
- * Fix 200601: a per-site MUST_NOPEERMATCH policy could not override a
- * global MUST policy. Fix verified by comparing exhaustive simulation
- * results with Postfix 2.3 which re-implements per-site policy from the
- * ground up.
- */
- if (host_policy.enforce && host_policy.enforce_peername)
- session->tls_enforce_peername = 1;
- else if (rcpt_policy.enforce && rcpt_policy.enforce_peername)
- session->tls_enforce_peername = 1;
- else if (
-#ifdef FIX200601
- !host_policy.enforce && !rcpt_policy.enforce && /* Fix 200601 */
-#endif
- var_smtp_enforce_tls && var_smtp_tls_enforce_peername)
- session->tls_enforce_peername = 1;
- else if ((var_smtp_use_tls && !host_policy.dont_use && !rcpt_policy.dont_use) || host_policy.use || rcpt_policy.use)
- session->tls_use_tls = 1;
-}
-
-static void set_global_policy(const char *global)
-{
- var_smtp_tls_enforce_peername = var_smtp_enforce_tls = var_smtp_use_tls = 0;
-
- if (strcasecmp(global, "must") == 0) {
- var_smtp_enforce_tls = 1; /* XXX */
- var_smtp_tls_enforce_peername = 1;
- } else if (strcasecmp(global, "must_nopeermatch") == 0) {
- var_smtp_enforce_tls = 1;
- } else if (strcasecmp(global, "may") == 0) {
- var_smtp_use_tls = 1;
- } else if (strcasecmp(global, "-") !=0) {
- msg_fatal("unknown global policy: %s", global);
- }
-}
-
-static const char *print_policy(SMTP_SESSION *session)
-{
- if (session->tls_enforce_peername && session->tls_enforce_tls)
- return ("must");
- if (session->tls_enforce_tls)
- return ("must_nopeermatch");
- if (session->tls_use_tls)
- return ("may");
- return ("none");
-}
-
-int main(int argc, char **argv)
-{
- SMTP_SESSION session;
- VSTRING *buf = vstring_alloc(200);
- char *cp;
- const char *global;
- const char *host;
- const char *dest;
- const char *result;
- const char *sep = " \t\r\n";
-
- vstream_printf("%-20s %-20s %-20s %s\n",
- "host", "dest", "global", "result");
- while (vstring_get_nonl(buf, VSTREAM_IN) >= 0) {
- cp = vstring_str(buf);
- if (*cp == 0 || *cp == '#') {
- vstream_printf("%s\n", cp);
- } else {
- if ((host = mystrtok(&cp, sep)) == 0)
- msg_fatal("missing host policy");
- if ((dest = mystrtok(&cp, sep)) == 0)
- msg_fatal("missing nexthop policy");
- if ((global = mystrtok(&cp, sep)) == 0)
- msg_fatal("missing global policy");
- if (mystrtok(&cp, sep) != 0)
- msg_fatal("garbage after global policy");
- set_global_policy(global);
- policy(&session, host, dest);
- result = print_policy(&session);
- vstream_printf("%-20s %-20s %-20s %s\n",
- host, dest, global, result);
- }
- vstream_fflush(VSTREAM_OUT);
- }
- exit(0);
-}
+++ /dev/null
- /*
- * The new legacy TLS per-site policy engine, re-implemented in terms of
- * enforcement levels, stripped down for exhaustive comparisons with the old
- * legacy policy engine.
- *
- * This is the code that will be used in Postfix 2.3 so that sites can upgrade
- * Postfix without being forced to change to the new TLS policy model.
- */
-
-/* System library. */
-
-#include <sys_defs.h>
-#include <string.h>
-#include <stdlib.h>
-
-#ifdef STRCASECMP_IN_STRINGS_H
-#include <strings.h>
-#endif
-
-/* Utility library. */
-
-#include <msg.h>
-#include <vstring.h>
-#include <vstring_vstream.h>
-#include <stringops.h>
-
- /*
- * TLS levels
- */
-#include <tls.h>
-
- /*
- * Application-specific.
- */
-#include <smtp.h>
-
- /*
- * Global policy variables.
- */
-int var_smtp_enforce_tls;
-int var_smtp_tls_enforce_peername;
-int var_smtp_use_tls;
-
-/* smtp_tls_policy_lookup - look up per-site TLS policy */
-
-static void smtp_tls_policy_lookup(int *site_level, const char *lookup)
-{
-
- /*
- * Look up a non-default policy. In case of multiple lookup results, the
- * precedence order is a permutation of the TLS enforcement level order:
- * VERIFY, ENCRYPT, NONE, MAY, NOTFOUND. I.e. we override MAY with a more
- * specific policy including NONE, otherwise we choose the stronger
- * enforcement level.
- */
- if (strcasecmp(lookup, "-")) {
- if (!strcasecmp(lookup, "NONE")) {
- /* NONE overrides MAY or NOTFOUND. */
- if (*site_level <= TLS_LEV_MAY)
- *site_level = TLS_LEV_NONE;
- } else if (!strcasecmp(lookup, "MAY")) {
- /* MAY overrides NOTFOUND but not NONE. */
- if (*site_level < TLS_LEV_NONE)
- *site_level = TLS_LEV_MAY;
- } else if (!strcasecmp(lookup, "MUST_NOPEERMATCH")) {
- if (*site_level < TLS_LEV_ENCRYPT)
- *site_level = TLS_LEV_ENCRYPT;
- } else if (!strcasecmp(lookup, "MUST")) {
- if (*site_level < TLS_LEV_VERIFY)
- *site_level = TLS_LEV_VERIFY;
- } else {
- msg_fatal("unknown TLS policy '%s'", lookup);
- }
- }
-}
-
-static int policy(const char *host, const char *dest)
-{
- int global_level;
- int site_level;
- int tls_level;
-
- /*
- * Compute the global TLS policy. This is the default policy level when
- * no per-site policy exists. It also is used to override a wild-card
- * per-site policy.
- */
- if (var_smtp_enforce_tls)
- global_level = var_smtp_tls_enforce_peername ?
- TLS_LEV_VERIFY : TLS_LEV_ENCRYPT;
- else
- global_level = var_smtp_use_tls ?
- TLS_LEV_MAY : TLS_LEV_NONE;
-
- /*
- * Compute the per-site TLS enforcement level. For compatibility with the
- * original TLS patch, this algorithm is gives equal precedence to host
- * and next-hop policies.
- */
- site_level = TLS_LEV_NOTFOUND;
-
- smtp_tls_policy_lookup(&site_level, dest);
- smtp_tls_policy_lookup(&site_level, host);
-
- /*
- * Override a wild-card per-site policy with a more specific global
- * policy.
- *
- * With the original TLS patch, 1) a per-site ENCRYPT could not override a
- * global VERIFY, and 2) a combined per-site (NONE+MAY) policy produced
- * inconsistent results: it changed a global VERIFY into NONE, while
- * producing MAY with all weaker global policy settings.
- *
- * With the current implementation, a combined per-site (NONE+MAY)
- * consistently overrides global policy with NONE, and global policy can
- * override only a per-site MAY wildcard. That is, specific policies
- * consistently override wildcard policies, and (non-wildcard) per-site
- * policies consistently override global policies.
- */
- if (site_level == TLS_LEV_NOTFOUND
- || (site_level == TLS_LEV_MAY
- && global_level > TLS_LEV_MAY))
- tls_level = global_level;
- else
- tls_level = site_level;
-
- return (tls_level);
-}
-
-static void set_global_policy(const char *global)
-{
- var_smtp_tls_enforce_peername = var_smtp_enforce_tls = var_smtp_use_tls = 0;
-
- if (strcasecmp(global, "must") == 0) {
- var_smtp_enforce_tls = 1; /* XXX */
- var_smtp_tls_enforce_peername = 1;
- } else if (strcasecmp(global, "must_nopeermatch") == 0) {
- var_smtp_enforce_tls = 1;
- } else if (strcasecmp(global, "may") == 0) {
- var_smtp_use_tls = 1;
- } else if (strcasecmp(global, "-") !=0) {
- msg_fatal("unknown global policy: %s", global);
- }
-}
-
-static const char *print_policy(int level)
-{
- if (level == TLS_LEV_VERIFY)
- return ("must");
- if (level == TLS_LEV_ENCRYPT)
- return ("must_nopeermatch");
- if (level == TLS_LEV_MAY)
- return ("may");
- if (level == TLS_LEV_NONE)
- return ("none");
- msg_panic("unknown policy level %d", level);
-}
-
-int main(int argc, char **argv)
-{
- VSTRING *buf = vstring_alloc(200);
- char *cp;
- const char *global;
- const char *host;
- const char *dest;
- const char *result;
- const char *sep = " \t\r\n";
- int level;
-
- vstream_printf("%-20s %-20s %-20s %s\n",
- "host", "dest", "global", "result");
- while (vstring_get_nonl(buf, VSTREAM_IN) > 0) {
- cp = vstring_str(buf);
- if (*cp == 0 || *cp == '#') {
- vstream_printf("%s\n", cp);
- } else {
- if ((host = mystrtok(&cp, sep)) == 0)
- msg_fatal("missing host policy");
- if ((dest = mystrtok(&cp, sep)) == 0)
- msg_fatal("missing nexthop policy");
- if ((global = mystrtok(&cp, sep)) == 0)
- msg_fatal("missing global policy");
- if (mystrtok(&cp, sep) != 0)
- msg_fatal("garbage after global policy");
- set_global_policy(global);
- level = policy(host, dest);
- result = print_policy(level);
- vstream_printf("%-20s %-20s %-20s %s\n",
- host, dest, global, result);
- }
- vstream_fflush(VSTREAM_OUT);
- }
- exit(0);
-}
* Send STARTTLS. Recurse when the server accepts STARTTLS, after
* resetting the SASL and EHLO features lists.
*
- * XXX Reset the SASL mechanism list to avoid spurious warnings. We
- * need a routine to reset the list instead of groping data here.
+ * Reset the SASL mechanism list to avoid spurious warnings.
*
- * XXX Should not there be an smtp_sasl_tls_security_options feature
- * to allow different mechanisms across TLS tunnels than across
- * plain-text connections?
+ * Use the smtp_sasl_tls_security_options feature to allow SASL
+ * mechanisms that may not be allowed with plain-text
+ * connections.
*/
smtp_chat_cmd(session, "STARTTLS");
if ((resp = smtp_chat_resp(session))->code / 100 == 2) {
/* attr_scan0(). The stream is not flushed.
/*
/* attr_vprint0() provides an alternate interface that is convenient
-/* for calling from within variadoc functions.
+/* for calling from within variadic functions.
/*
/* Attributes are sent in the requested order as specified with the
/* attr_print0() argument list. This routine satisfies the formatting
/* attr_scan64(). The stream is not flushed.
/*
/* attr_vprint64() provides an alternate interface that is convenient
-/* for calling from within variadoc functions.
+/* for calling from within variadic functions.
/*
/* Attributes are sent in the requested order as specified with the
/* attr_print64() argument list. This routine satisfies the formatting
/* attr_scan_plain(). The stream is not flushed.
/*
/* attr_vprint_plain() provides an alternate interface that is convenient
-/* for calling from within variadoc functions.
+/* for calling from within variadic functions.
/*
/* Attributes are sent in the requested order as specified with the
/* attr_print_plain() argument list. This routine satisfies the formatting
* timer.
*/
#if defined(BROKEN_READ_SELECT_ON_TCP_SOCKET) && defined(SO_KEEPALIVE)
- else if (sa && (sa->sa_family == AF_INET || sa->sa_family == AF_INET6)) {
+ else if (sa && (sa->sa_family == AF_INET
+#ifdef HAS_IPV6
+ || sa->sa_family == AF_INET6
+#endif
+ )) {
int on = 1;
(void) setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE,
projects / thirdparty / postfix.git / commitdiff
