TO addresses. Some remnant of code that someone put in
there long ago. File: lmtp/lmtp_proto.c.
+20021024
+
+ Feature: proxy_interfaces parameter. Specify your NAT or
+ other proxy addresses here to avoid mail delivery loops.
+ Files: global/mail_params.[hc] global/own_inet_addr.[hc]
+ global/resolve_local.c smtp/smtp_addr.c smtpd/smtpd_check.c.
+
Open problems:
Low: smtpd should log queue ID with reject/warn/hold/discard
date. Snapshots change only the release date, unless they include
the same bugfixes as a patch release.
+Major changes with Postfix snapshot 1.1.11-20021024
+===================================================
+
+New proxy_interfaces parameter, for sites behind a network address
+translation gateway or other type of proxy. Specify all the proxy
+network addresses here, to avoid avoid mail delivery loops.
+
Incompatible changes with Postfix snapshot 1.1.11-20021015
==========================================================
# the software claims all active interfaces on the machine. The
# parameter also controls delivery of mail to user@[ip.address].
#
+# See also the proxy_interfaces parameter, for network addresses that
+# are forwarded to us via a proxy or network address translator.
+#
#inet_interfaces = all
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost
+# The proxy_interfaces parameter specifies the network interface
+# addresses that this mail system receives mail on by way of a
+# proxy or network address translation unit. This setting extends
+# the address list specified with the inet_interfaces parameter.
+#
+# You must specify your proxy/NAT addresses when your system is a
+# backup MX host for other domains, otherwise mail delivery loops
+# will happen when the primary MX host is down.
+#
+#proxy_interfaces =
+#proxy_interfaces = 1.2.3.4
+
# The mydestination parameter specifies the list of domains that this
# machine considers itself the final destination for. That includes
# Sendmail-style virtual domains hosted on this machine.
# the software claims all active interfaces on the machine. The
# parameter also controls delivery of mail to user@[ip.address].
#
+# See also the proxy_interfaces parameter, for network addresses that
+# are forwarded to us by way of a proxy or address translator.
+#
inet_interfaces = all
+# The proxy_interfaces parameter specifies the network interface
+# addresses that this mail system receives mail on by way of a
+# proxy or network address translation unit. This setting extends
+# the address list specified with the inet_interfaces parameter.
+#
+# You must specify your proxy/NAT addresses when your system is a
+# backup MX host for other domains, otherwise mail delivery loops
+# will happen when the primary MX host is down.
+#
+#proxy_interfaces =
+#proxy_interfaces = 1.2.3.4
+
# The ipc_idle parameter bounds the idle time for internal communication
# channels after which a client disconnects voluntarily. The purpose
# is to allow servers to terminate voluntarily after they become
<p>
+Be sure to set the following correctly if you're behind a proxy or
+network address translator, and you are running a backup MX host
+for some other domain:
+
+<p>
+
+<ul>
+
+<li> <a href="#proxy_interfaces"> Proxy/NAT network addresses </a>
+
+</ul>
+
By the way, if you change parameters of a running Postfix system,
don't forget to issue a <b>postfix reload</b> command.
</dl>
+<a name="proxy_interfaces"> <h2> Proxy/NAT network addresses </h2> </a>
+
+The <b>proxy_interfaces</b> parameter specifies all network addresses
+that the Postfix receives mail on by way of a proxy or network
+address translation unit. You may specify symbolic hostnames instead
+of network addresses.
+
+<p>
+
+You must specify your proxy/NAT addresses when your system is a
+backup MX host for other domains, otherwise mail delivery loops
+will happen when the primary MX host is down.
+
+<p>
+
+<dl>
+
+<dt> Examples:
+
+<p>
+
+<dl>
+
+<dt> Default:
+
+<dd> <b>proxy_interfaces = </b>
+
+<p>
+
+<dt> Host running backup MTA:
+
+<dd> <b>proxy_interfaces = 1.2.3.4</b> (the proxy/NAT network address)
+
+</dl>
+
+</dl>
+
<a name="myhostname"> <h2> My own hostname </h2> </a>
The <b>myhostname</b> parameter describes the fully-qualified domain
tem receives mail on. When any of those addresses
appears in the list of mail exchangers for a remote
destination, the list is truncated to avoid mail
- delivery loops.
+ delivery loops. See also the <b>proxy</b><i>_</i><b>interfaces</b>
+ parameter.
<b>notify</b><i>_</i><b>classes</b>
- When this parameter includes the <b>protocol</b> class,
- send mail to the postmaster with transcripts of
+ When this parameter includes the <b>protocol</b> class,
+ send mail to the postmaster with transcripts of
SMTP sessions with protocol errors.
+ <b>proxy</b><i>_</i><b>interfaces</b>
+ Network interfaces that this mail system receives
+ mail on by way of a proxy or network address trans-
+ lator. When any of those addresses appears in the
+ list of mail exchangers for a remote destination,
+ the list is truncated to avoid mail delivery loops.
+ See also the <b>inet</b><i>_</i><b>interfaces</b> parameter.
+
<b>smtp</b><i>_</i><b>always</b><i>_</i><b>send</b><i>_</i><b>ehlo</b>
Always send EHLO at the start of a connection.
mail on. When any of those addresses appears in the list of mail
exchangers for a remote destination, the list is truncated to
avoid mail delivery loops.
+See also the \fBproxy_interfaces\fR parameter.
.IP \fBnotify_classes\fR
When this parameter includes the \fBprotocol\fR class, send mail to the
postmaster with transcripts of SMTP sessions with protocol errors.
+.IP \fBproxy_interfaces\fR
+Network interfaces that this mail system receives mail on by way
+of a proxy or network address translator. When any of those addresses
+appears in the list of mail exchangers for a remote destination, the
+list is truncated to avoid mail delivery loops.
+See also the \fBinet_interfaces\fR parameter.
.IP \fBsmtp_always_send_ehlo\fR
Always send EHLO at the start of a connection.
.IP \fBsmtp_never_send_ehlo\fR
/* char *var_pid_dir;
/* int var_dont_remove;
/* char *var_inet_interfaces;
+/* char *var_proxy_interfaces;
/* char *var_mynetworks;
/* char *var_double_bounce_sender;
/* int var_line_limit;
char *var_pid_dir;
int var_dont_remove;
char *var_inet_interfaces;
+char *var_proxy_interfaces;
char *var_mynetworks;
char *var_double_bounce_sender;
int var_line_limit;
VAR_QUEUE_DIR, DEF_QUEUE_DIR, &var_queue_dir, 1, 0,
VAR_PID_DIR, DEF_PID_DIR, &var_pid_dir, 1, 0,
VAR_INET_INTERFACES, DEF_INET_INTERFACES, &var_inet_interfaces, 1, 0,
+ VAR_PROXY_INTERFACES, DEF_PROXY_INTERFACES, &var_proxy_interfaces, 0, 0,
VAR_DOUBLE_BOUNCE, DEF_DOUBLE_BOUNCE, &var_double_bounce_sender, 1, 0,
VAR_DEFAULT_PRIVS, DEF_DEFAULT_PRIVS, &var_default_privs, 1, 0,
VAR_ALIAS_DB_MAP, DEF_ALIAS_DB_MAP, &var_alias_db_map, 0, 0,
#define DEF_INET_INTERFACES "all"
extern char *var_inet_interfaces;
+#define VAR_PROXY_INTERFACES "proxy_interfaces" /* proxies, NATs */
+#define DEF_PROXY_INTERFACES ""
+extern char *var_proxy_interfaces;
+
/*
* Masquerading (i.e. subdomain stripping).
*/
* Patches change the patchlevel and the release date. Snapshots change the
* release date only, unless they include the same bugfix as a patch release.
*/
-#define MAIL_RELEASE_DATE "20021015"
+#define MAIL_RELEASE_DATE "20021024"
#define VAR_MAIL_VERSION "mail_version"
#define DEF_MAIL_VERSION "1.1.11-" MAIL_RELEASE_DATE
/* INET_ADDR_LIST *own_inet_addr_list()
/*
/* INET_ADDR_LIST *own_inet_mask_list()
+/*
+/* int proxy_inet_addr(addr)
+/* struct in_addr *addr;
+/*
+/* INET_ADDR_LIST *proxy_inet_addr_list()
/* DESCRIPTION
/* own_inet_addr() determines if the specified IP address belongs
/* to this mail system instance, i.e. if this mail system instance
/*
/* own_inet_mask_list() returns the list of all corresponding
/* netmasks.
+/*
+/* proxy_inet_addr() determines if the specified IP address is
+/* listed with the proxy_interfaces configuration parameter.
+/*
+/* proxy_inet_addr_list() returns the list of all addresses that
+/* belong to proxy network interfaces.
/* LICENSE
/* .ad
/* .fi
static INET_ADDR_LIST addr_list;
static INET_ADDR_LIST mask_list;
+static INET_ADDR_LIST proxy_list;
/* own_inet_addr_init - initialize my own address list */
return (&mask_list);
}
+
+/* proxy_inet_addr_init - initialize my proxy interface list */
+
+static void proxy_inet_addr_init(INET_ADDR_LIST *addr_list)
+{
+ char *hosts;
+ char *host;
+ char *sep = " \t,";
+ char *bufp;
+
+ /*
+ * Parse the proxy_interfaces parameter, and expand any symbolic
+ * hostnames into IP addresses.
+ */
+ inet_addr_list_init(addr_list);
+ bufp = hosts = mystrdup(var_proxy_interfaces);
+ while ((host = mystrtok(&bufp, sep)) != 0)
+ if (inet_addr_host(addr_list, host) == 0)
+ msg_fatal("config variable %s: host not found: %s",
+ VAR_PROXY_INTERFACES, host);
+ myfree(hosts);
+
+ /*
+ * Weed out duplicate IP addresses.
+ */
+ inet_addr_list_uniq(addr_list);
+}
+
+/* proxy_inet_addr - is this my proxy internet address */
+
+int proxy_inet_addr(struct in_addr * addr)
+{
+ int i;
+
+ if (*var_proxy_interfaces == 0)
+ return (0);
+
+ if (proxy_list.used == 0)
+ proxy_inet_addr_init(&proxy_list);
+
+ for (i = 0; i < proxy_list.used; i++)
+ if (addr->s_addr == proxy_list.addrs[i].s_addr)
+ return (1);
+ return (0);
+}
+
+/* proxy_inet_addr_list - return list of addresses */
+
+INET_ADDR_LIST *proxy_inet_addr_list(void)
+{
+ if (*var_proxy_interfaces != 0 && proxy_list.used == 0)
+ proxy_inet_addr_init(&proxy_list);
+
+ return (&proxy_list);
+}
extern int own_inet_addr(struct in_addr *);
extern struct INET_ADDR_LIST *own_inet_addr_list(void);
extern struct INET_ADDR_LIST *own_inet_mask_list(void);
+extern int proxy_inet_addr(struct in_addr *);
+extern struct INET_ADDR_LIST *proxy_inet_addr_list(void);
/* LICENSE
/* .ad
/* resolve_local() determines if the named domain resolves to the
/* local mail system, either by case-insensitive exact match
/* against the domains, files or tables listed in $mydestination,
-/* or by any of the network addresses listed in $inet_interfaces.
+/* or by any of the network addresses listed in $inet_interfaces
+/* or in $proxy_interfaces.
/*
/* resolve_local_init() performs initialization. If this routine is
/* not called explicitly ahead of time, it will be called on the fly.
dest++;
dest[len -= 2] = 0;
if ((ipaddr.s_addr = inet_addr(dest)) != INADDR_NONE
- && own_inet_addr(&ipaddr))
+ && (own_inet_addr(&ipaddr) || proxy_inet_addr(&ipaddr)))
RETURN(1);
}
/* mail on. When any of those addresses appears in the list of mail
/* exchangers for a remote destination, the list is truncated to
/* avoid mail delivery loops.
+/* See also the \fBproxy_interfaces\fR parameter.
/* .IP \fBnotify_classes\fR
/* When this parameter includes the \fBprotocol\fR class, send mail to the
/* postmaster with transcripts of SMTP sessions with protocol errors.
+/* .IP \fBproxy_interfaces\fR
+/* Network interfaces that this mail system receives mail on by way
+/* of a proxy or network address translator. When any of those addresses
+/* appears in the list of mail exchangers for a remote destination, the
+/* list is truncated to avoid mail delivery loops.
+/* See also the \fBinet_interfaces\fR parameter.
/* .IP \fBsmtp_always_send_ehlo\fR
/* Always send EHLO at the start of a connection.
/* .IP \fBsmtp_never_send_ehlo\fR
}
}
+ /*
+ * Find out if this mail system has a proxy listening on this address.
+ */
+ self = proxy_inet_addr_list();
+ for (addr = addr_list; addr; addr = addr->next) {
+ for (i = 0; i < self->used; i++)
+ if (INADDRP(addr->data)->s_addr == self->addrs[i].s_addr) {
+ if (msg_verbose)
+ msg_info("%s: found at pref %d", myname, addr->pref);
+ return (addr);
+ }
+ }
+
/*
* Didn't find myself.
*/
msg_info("%s: addr %s", myname, inet_ntoa(addr));
if (own_inet_addr(&addr))
return (YUP);
+ if (proxy_inet_addr(&addr))
+ return (YUP);
}
if (msg_verbose)
msg_info("%s: host %s: no match", myname, host);
projects / thirdparty / postfix.git / commitdiff
