-TMAI_SERVNAME_STR
-TMAI_SERVPORT_STR
-TMAPS
+-TMASTER_INT_WATCH
-TMASTER_PROC
-TMASTER_SERV
-TMASTER_STATUS
--TMASTER_VARS_STR_WATCH
--TMASTER_VARS_INT_WATCH
+-TMASTER_STR_WATCH
+-TMATCH_LIST
-TMBLOCK
-TMBOX
-TMILTER
and type. For example, to turn off the main SMTP listener
use "master_service_disable = smtp.inet", and to turn off
all TCP/IP listeners use "master_service_disable = inet".
- This feature does not distinguish services by their privacy
- property; some day, clients will not need to specify that
- anymore. Files: global/mail_params.h, master/master.c,
- master/master_vars.c, master/master_ent.c.
+ This immediately terminates all processes that provide the
+ specified services. The master_service_disable feature does
+ not distinguish services by their privacy property; some
+ day, clients will not need to specify that anymore. Files:
+ global/mail_params.h, master/master.c, master/master_vars.c,
+ master/master_ent.c.
Bugfix (introduced May 19, 1997): removing a parameter
setting from main.cf did not reset the parameter to its
smtpd/smtpd_check.c, proto/access.
Workaround: specify "tcp_windowsize = 65535" (or less) to
- work around routers with broken TCP window scaling
- implementations. This is perhaps easier than collecting
- tcpdump output and tuning kernel parameters. Changing this
- parameter requires "postfix stop" and "postfix start".
- Files: util/inet_connect.c, inet_listen.c, global/mail_params.[hc].
+ work around broken TCP window scaling implementations. This
+ is perhaps easier than collecting tcpdump output and tuning
+ kernel parameters by hand. See RELEASE_NOTES for how to
+ change this setting without stopping Postfix. Files:
+ util/inet_connect.c, inet_listen.c, global/mail_params.[hc].
+
+20090110
+
+ Cleanup: create separate code modules for TCP window size
+ handling, master.cf service name matching, and main.cf
+ change monitoring. Files: util/inet_windowsize.c,
+ global/match_service.c, master/master_watch.c.
+
+ Feature: TCP window size override for the Postfix SMTP/LMTP
+ client, and for the smtp-source and smtp-sink test programs.
+ Files: smtp/smtp_connect.c, smtpstone/smtp-source.c,
+ smtpstone/smtp-sink.c.
"name" is the first field of a master.cf entry and "type" is a
service type. Examples: to turn off the main SMTP listener port,
use "master_service_disable = smtp.inet"; to turn off all TCP/IP
-listeners, use "master_service_disable = inet".
+listeners, use "master_service_disable = inet". Changing this
+parameter requires "postfix reload".
Specify "tcp_windowsize = 65535" (or less) to work around routers
with broken TCP window scaling implementations. This is perhaps
-easier than collecting tcpdump output and tuning kernel parameters.
-Changing this parameter requires "postfix stop" and "postfix start".
+more convenient than collecting tcpdump output and tuning kernel
+parameters by hand. With Postfix TCP servers (smtpd(8), qmqpd(8)),
+this feature is implemented by the Postfix master(8) daemon.
+
+To change this parameter without stopping Postfix, you need to first
+terminate all Postfix TCP servers:
+
+ # postconf -e master_service_disable=inet
+ # postfix reload
+
+This immediately terminates all processes that accept network
+connections. Then you enable Postfix TCP servers with the updated
+tcp_windowsize setting:
+
+ # postconf -e tcp_windowsize=65535 master_service_disable=
+ # postfix reload
+
+If you skip these steps with a running Postfix system, then the
+tcp_windowsize change will work only for Postfix TCP clients (smtp(8),
+lmtp(8)).
+
+Of course you can also do "postfix stop" and "postfix start",
+but that is more disruptive.
Major changes with snapshot 20081010
====================================
Wish list:
-
- To work around window scaling bugs, find out if we can force
- < 65535 TCP windows with setsockopt(SO_SNDBUF/SO_RCVBUF)
- between socket() and connect()/listen(). Instead of screwing
- up lots of internal APIs with an extra buffer size parameter,
- use a -o command-line option to override a global variable
- for use by inet_connect() and inet_listen().
Force a panic when the VDA patch reduces the file size limit
under the message size. They break the code that marks a
Encapsulate time_t conversions (e.g. REC_TYPE_TIME) so that
they can be made system dependent.
+ Plan for time_t larger than long, or wait for LP64 to
+ dominate the world?
+
Make "AUTH=<>" appendage to MAIL FROM configurable, enabled
by default.
and remote mail; the disadvantage is that it makes local
submissions more dependent on networking. One possibility
is to use "pickup -o content_filter=smtp:127.0.0.1:10025";
- we could also to suppress "mail loop" detection for loopback
- connections. Another is to have the pickup or cleanup
- server drive an SMTP client directly; this would require
- extension of the mail_stream() interface, plus a way to
- handle bounced/deferred recipients intelligently.
+ we could also decide to always suppress "mail loop" detection
+ for loopback connections. Another option is to have the
+ pickup or cleanup server drive an SMTP client directly;
+ this would require extension of the mail_stream() interface,
+ plus a way to handle bounced/deferred recipients intelligently.
Consolidate duplicated code in *_server_accept_{pass,inet}().
Make TLS_BIO_BUFSIZE run-time adjustable, to future-proof
Postfix for remote connections with MSS > 8 kbytes.
- Absent a formal spec, model IPv6 RBL lookups after the IPv6
- PTR lookups (one zone per hex nibble, nibbles in reversed
- order). How to specify whether to query an RBL server for
- status info about an IPv6 address? One could argue that as
- long as IPv6 traffic is small an unsupported lookup doesn't
- matter; and once IPv6 takes off, the RBL servers better
- start supporting IPv6 client status information.
-
Don't log "warning: XXXXX: undeliverable postmaster
notification discarded" for spam from outside.
into mailer-daemon (current bahavior) or disallow (strict
behavior, currently implemented only in the SMTP server).
- Plan for time_t larger than long, or wait for LP64 to
- dominate the world?
-
The type of var_message_limit (and other file size/offset
configuration parameters or internal protocol attributes)
should be changed from int to off_t. This also requires
# text..." when the optional text is specified, oth-
# erwise reply with a generic error response message.
#
+# This feature is available in Postfix 2.6 and later.
+#
# DEFER_IF_REJECT optional text...
-# Defer the request if some later restriction would
-# result in a REJECT action. Reply with
-# "$access_map_defer_code 4.7.1 optional text..."
-# when the optional text is specified, otherwise
+# Defer the request if some later restriction would
+# result in a REJECT action. Reply with
+# "$access_map_defer_code 4.7.1 optional text..."
+# when the optional text is specified, otherwise
# reply with a generic error response message.
#
+# Prior to Postfix 2.6, the SMTP reply code is 450.
+#
# This feature is available in Postfix 2.1 and later.
#
# DEFER_IF_PERMIT optional text...
-# Defer the request if some later restriction would
-# result in a an explicit or implicit PERMIT action.
-# Reply with "$access_map_defer_code 4.7.1 optional
-# text..." when the optional text is specified, oth-
+# Defer the request if some later restriction would
+# result in a an explicit or implicit PERMIT action.
+# Reply with "$access_map_defer_code 4.7.1 optional
+# text..." when the optional text is specified, oth-
# erwise reply with a generic error response message.
#
+# Prior to Postfix 2.6, the SMTP reply code is 450.
+#
# This feature is available in Postfix 2.1 and later.
#
# OTHER ACTIONS
# reject_unauth_destination, and so on).
#
# BCC user@domain
-# Send one copy of the message to the specified
+# Send one copy of the message to the specified
# recipient.
#
-# If multiple BCC actions are specified within the
-# same SMTP MAIL transaction, only the last action
+# If multiple BCC actions are specified within the
+# same SMTP MAIL transaction, only the last action
# will be used.
#
-# This feature is not part of the stable Postfix
+# This feature is not part of the stable Postfix
# release.
#
# DISCARD optional text...
-# Claim successful delivery and silently discard the
-# message. Log the optional text if specified, oth-
+# Claim successful delivery and silently discard the
+# message. Log the optional text if specified, oth-
# erwise log a generic message.
#
-# Note: this action currently affects all recipients
-# of the message. To discard only one recipient
-# without discarding the entire message, use the
+# Note: this action currently affects all recipients
+# of the message. To discard only one recipient
+# without discarding the entire message, use the
# transport(5) table to direct mail to the discard(8)
# service.
#
# This feature is available in Postfix 2.0 and later.
#
-# DUNNO Pretend that the lookup key was not found. This
-# prevents Postfix from trying substrings of the
-# lookup key (such as a subdomain name, or a network
+# DUNNO Pretend that the lookup key was not found. This
+# prevents Postfix from trying substrings of the
+# lookup key (such as a subdomain name, or a network
# address subnetwork).
#
# This feature is available in Postfix 2.0 and later.
#
# FILTER transport:destination
-# After the message is queued, send the entire mes-
+# After the message is queued, send the entire mes-
# sage through the specified external content filter.
-# The transport:destination syntax is described in
-# the transport(5) manual page. More information
-# about external content filters is in the Postfix
+# The transport:destination syntax is described in
+# the transport(5) manual page. More information
+# about external content filters is in the Postfix
# FILTER_README file.
#
# Note: this action overrides the content_filter set-
-# ting, and currently affects all recipients of the
+# ting, and currently affects all recipients of the
# message.
#
# This feature is available in Postfix 2.0 and later.
#
# HOLD optional text...
-# Place the message on the hold queue, where it will
-# sit until someone either deletes it or releases it
-# for delivery. Log the optional text if specified,
+# Place the message on the hold queue, where it will
+# sit until someone either deletes it or releases it
+# for delivery. Log the optional text if specified,
# otherwise log a generic message.
#
-# Mail that is placed on hold can be examined with
-# the postcat(1) command, and can be destroyed or
+# Mail that is placed on hold can be examined with
+# the postcat(1) command, and can be destroyed or
# released with the postsuper(1) command.
#
-# Note: use "postsuper -r" to release mail that was
-# kept on hold for a significant fraction of $maxi-
+# Note: use "postsuper -r" to release mail that was
+# kept on hold for a significant fraction of $maxi-
# mal_queue_lifetime or $bounce_queue_lifetime, or
-# longer. Use "postsuper -H" only for mail that will
+# longer. Use "postsuper -H" only for mail that will
# not expire within a few delivery attempts.
#
-# Note: this action currently affects all recipients
+# Note: this action currently affects all recipients
# of the message.
#
# This feature is available in Postfix 2.0 and later.
#
# PREPEND headername: headervalue
-# Prepend the specified message header to the mes-
-# sage. When more than one PREPEND action executes,
-# the first prepended header appears before the sec-
+# Prepend the specified message header to the mes-
+# sage. When more than one PREPEND action executes,
+# the first prepended header appears before the sec-
# ond etc. prepended header.
#
-# Note: this action must execute before the message
-# content is received; it cannot execute in the con-
+# Note: this action must execute before the message
+# content is received; it cannot execute in the con-
# text of smtpd_end_of_data_restrictions.
#
# This feature is available in Postfix 2.1 and later.
#
# REDIRECT user@domain
-# After the message is queued, send the message to
+# After the message is queued, send the message to
# the specified address instead of the intended
# recipient(s).
#
-# Note: this action overrides the FILTER action, and
+# Note: this action overrides the FILTER action, and
# currently affects all recipients of the message.
#
# This feature is available in Postfix 2.1 and later.
#
# WARN optional text...
# Log a warning with the optional text, together with
-# client information and if available, with helo,
+# client information and if available, with helo,
# sender, recipient and protocol information.
#
# This feature is available in Postfix 2.1 and later.
#
# ENHANCED STATUS CODES
-# Postfix version 2.3 and later support enhanced status
-# codes as defined in RFC 3463. When an enhanced status
-# code is specified in an access table, it is subject to
-# modification. The following transformations are needed
-# when the same access table is used for client, helo,
-# sender, or recipient access restrictions; they happen
+# Postfix version 2.3 and later support enhanced status
+# codes as defined in RFC 3463. When an enhanced status
+# code is specified in an access table, it is subject to
+# modification. The following transformations are needed
+# when the same access table is used for client, helo,
+# sender, or recipient access restrictions; they happen
# regardless of whether Postfix replies to a MAIL FROM, RCPT
# TO or other SMTP command.
#
-# o When a sender address matches a REJECT action, the
-# Postfix SMTP server will transform a recipient DSN
-# status (e.g., 4.1.1-4.1.6) into the corresponding
+# o When a sender address matches a REJECT action, the
+# Postfix SMTP server will transform a recipient DSN
+# status (e.g., 4.1.1-4.1.6) into the corresponding
# sender DSN status, and vice versa.
#
-# o When non-address information matches a REJECT
-# action (such as the HELO command argument or the
-# client hostname/address), the Postfix SMTP server
-# will transform a sender or recipient DSN status
-# into a generic non-address DSN status (e.g.,
+# o When non-address information matches a REJECT
+# action (such as the HELO command argument or the
+# client hostname/address), the Postfix SMTP server
+# will transform a sender or recipient DSN status
+# into a generic non-address DSN status (e.g.,
# 4.0.0).
#
# REGULAR EXPRESSION TABLES
-# This section describes how the table lookups change when
+# This section describes how the table lookups change when
# the table is given in the form of regular expressions. For
-# a description of regular expression lookup table syntax,
+# a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5).
#
-# Each pattern is a regular expression that is applied to
+# Each pattern is a regular expression that is applied to
# the entire string being looked up. Depending on the appli-
-# cation, that string is an entire client hostname, an
+# cation, that string is an entire client hostname, an
# entire client IP address, or an entire mail address. Thus,
# no parent domain or parent network search is done,
-# user@domain mail addresses are not broken up into their
+# user@domain mail addresses are not broken up into their
# user@ and domain constituent parts, nor is user+foo broken
# up into user and foo.
#
-# Patterns are applied in the order as specified in the ta-
-# ble, until a pattern is found that matches the search
+# Patterns are applied in the order as specified in the ta-
+# ble, until a pattern is found that matches the search
# string.
#
-# Actions are the same as with indexed file lookups, with
-# the additional feature that parenthesized substrings from
+# Actions are the same as with indexed file lookups, with
+# the additional feature that parenthesized substrings from
# the pattern can be interpolated as $1, $2 and so on.
#
# TCP-BASED TABLES
-# This section describes how the table lookups change when
+# This section describes how the table lookups change when
# lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see tcp_ta-
# ble(5). This feature is not available up to and including
# Postfix version 2.4.
#
-# Each lookup operation uses the entire query string once.
-# Depending on the application, that string is an entire
+# Each lookup operation uses the entire query string once.
+# Depending on the application, that string is an entire
# client hostname, an entire client IP address, or an entire
-# mail address. Thus, no parent domain or parent network
-# search is done, user@domain mail addresses are not broken
-# up into their user@ and domain constituent parts, nor is
+# mail address. Thus, no parent domain or parent network
+# search is done, user@domain mail addresses are not broken
+# up into their user@ and domain constituent parts, nor is
# user+foo broken up into user and foo.
#
# Actions are the same as with indexed file lookups.
#
# EXAMPLE
-# The following example uses an indexed file, so that the
-# order of table entries does not matter. The example per-
-# mits access by the client at address 1.2.3.4 but rejects
-# all other clients in 1.2.3.0/24. Instead of hash lookup
-# tables, some systems use dbm. Use the command "postconf
-# -m" to find out what lookup tables Postfix supports on
+# The following example uses an indexed file, so that the
+# order of table entries does not matter. The example per-
+# mits access by the client at address 1.2.3.4 but rejects
+# all other clients in 1.2.3.0/24. Instead of hash lookup
+# tables, some systems use dbm. Use the command "postconf
+# -m" to find out what lookup tables Postfix supports on
# your system.
#
# /etc/postfix/main.cf:
# 1.2.3 REJECT
# 1.2.3.4 OK
#
-# Execute the command "postmap /etc/postfix/access" after
+# Execute the command "postmap /etc/postfix/access" after
# editing the file.
#
# BUGS
-# The table format does not understand quoting conventions.
+# The table format does not understand quoting conventions.
#
# SEE ALSO
# postmap(1), Postfix lookup table manager
# transport(5), transport:nexthop syntax
#
# README FILES
-# Use "postconf readme_directory" or "postconf html_direc-
+# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
# SMTPD_ACCESS_README, built-in SMTP server access control
# DATABASE_README, Postfix lookup table overview
#
# LICENSE
-# The Secure Mailer license must be distributed with this
+# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)
<a href="postconf.5.html#mailbox_delivery_lock">mailbox_delivery_lock</a> = fcntl, dotlock
</pre>
</blockquote>
-</body>
<h2> Postfix NFS workarounds </h2>
the request, and the server does not remember that it already
completed the request. </p>
+</body>
</html>
<i>text...</i>" when the optional text is specified, oth-
erwise reply with a generic error response message.
+ This feature is available in Postfix 2.6 and later.
+
<b>DEFER_IF_REJECT</b> <i>optional text...</i>
- Defer the request if some later restriction would
- result in a REJECT action. Reply with
- "<b>$<a href="postconf.5.html#access_map_defer_code">access_map_defer_code</a> 4.7.1</b> <i>optional text...</i>"
- when the optional text is specified, otherwise
+ Defer the request if some later restriction would
+ result in a REJECT action. Reply with
+ "<b>$<a href="postconf.5.html#access_map_defer_code">access_map_defer_code</a> 4.7.1</b> <i>optional text...</i>"
+ when the optional text is specified, otherwise
reply with a generic error response message.
+ Prior to Postfix 2.6, the SMTP reply code is 450.
+
This feature is available in Postfix 2.1 and later.
<b>DEFER_IF_PERMIT</b> <i>optional text...</i>
- Defer the request if some later restriction would
- result in a an explicit or implicit PERMIT action.
- Reply with "<b>$<a href="postconf.5.html#access_map_defer_code">access_map_defer_code</a> 4.7.1</b> <i>optional</i>
- <i>text...</i>" when the optional text is specified, oth-
+ Defer the request if some later restriction would
+ result in a an explicit or implicit PERMIT action.
+ Reply with "<b>$<a href="postconf.5.html#access_map_defer_code">access_map_defer_code</a> 4.7.1</b> <i>optional</i>
+ <i>text...</i>" when the optional text is specified, oth-
erwise reply with a generic error response message.
+ Prior to Postfix 2.6, the SMTP reply code is 450.
+
This feature is available in Postfix 2.1 and later.
<b>OTHER ACTIONS</b>
<b><a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a></b>, and so on).
<b>BCC</b> <i>user@domain</i>
- Send one copy of the message to the specified
+ Send one copy of the message to the specified
recipient.
- If multiple BCC actions are specified within the
- same SMTP MAIL transaction, only the last action
+ If multiple BCC actions are specified within the
+ same SMTP MAIL transaction, only the last action
will be used.
- This feature is not part of the stable Postfix
+ This feature is not part of the stable Postfix
release.
<b>DISCARD</b> <i>optional text...</i>
- Claim successful delivery and silently discard the
- message. Log the optional text if specified, oth-
+ Claim successful delivery and silently discard the
+ message. Log the optional text if specified, oth-
erwise log a generic message.
- Note: this action currently affects all recipients
- of the message. To discard only one recipient
- without discarding the entire message, use the
+ Note: this action currently affects all recipients
+ of the message. To discard only one recipient
+ without discarding the entire message, use the
<a href="transport.5.html">transport(5)</a> table to direct mail to the <a href="discard.8.html">discard(8)</a>
service.
This feature is available in Postfix 2.0 and later.
- <b>DUNNO</b> Pretend that the lookup key was not found. This
- prevents Postfix from trying substrings of the
- lookup key (such as a subdomain name, or a network
+ <b>DUNNO</b> Pretend that the lookup key was not found. This
+ prevents Postfix from trying substrings of the
+ lookup key (such as a subdomain name, or a network
address subnetwork).
This feature is available in Postfix 2.0 and later.
<b>FILTER</b> <i>transport:destination</i>
- After the message is queued, send the entire mes-
+ After the message is queued, send the entire mes-
sage through the specified external content filter.
- The <i>transport:destination</i> syntax is described in
- the <a href="transport.5.html"><b>transport</b>(5)</a> manual page. More information
- about external content filters is in the Postfix
+ The <i>transport:destination</i> syntax is described in
+ the <a href="transport.5.html"><b>transport</b>(5)</a> manual page. More information
+ about external content filters is in the Postfix
<a href="FILTER_README.html">FILTER_README</a> file.
Note: this action overrides the <b><a href="postconf.5.html#content_filter">content_filter</a></b> set-
- ting, and currently affects all recipients of the
+ ting, and currently affects all recipients of the
message.
This feature is available in Postfix 2.0 and later.
<b>HOLD</b> <i>optional text...</i>
- Place the message on the <b>hold</b> queue, where it will
- sit until someone either deletes it or releases it
- for delivery. Log the optional text if specified,
+ Place the message on the <b>hold</b> queue, where it will
+ sit until someone either deletes it or releases it
+ for delivery. Log the optional text if specified,
otherwise log a generic message.
- Mail that is placed on hold can be examined with
- the <a href="postcat.1.html"><b>postcat</b>(1)</a> command, and can be destroyed or
+ Mail that is placed on hold can be examined with
+ the <a href="postcat.1.html"><b>postcat</b>(1)</a> command, and can be destroyed or
released with the <a href="postsuper.1.html"><b>postsuper</b>(1)</a> command.
- Note: use "<b>postsuper -r</b>" to release mail that was
- kept
on hold for a significant fraction of <b>$<a href="postconf.5.html#maximal_queue_lifetime">maxi</a>-</b>
+ Note: use "<b>postsuper -r</b>" to release mail that was
+ kept
on hold for a significant fraction of <b>$<a href="postconf.5.html#maximal_queue_lifetime">maxi</a>-</b>
<b><a href="postconf.5.html#maximal_queue_lifetime">mal_queue_lifetime</a></b> or <b>$<a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a></b>, or
- longer. Use "<b>postsuper -H</b>" only for mail that will
+ longer. Use "<b>postsuper -H</b>" only for mail that will
not expire within a few delivery attempts.
- Note: this action currently affects all recipients
+ Note: this action currently affects all recipients
of the message.
This feature is available in Postfix 2.0 and later.
<b>PREPEND</b> <i>headername: headervalue</i>
- Prepend the specified message header to the mes-
- sage. When more than one PREPEND action executes,
- the first prepended header appears before the sec-
+ Prepend the specified message header to the mes-
+ sage. When more than one PREPEND action executes,
+ the first prepended header appears before the sec-
ond etc. prepended header.
- Note: this action must execute before the message
- content is received; it cannot execute in the con-
+ Note: this action must execute before the message
+ content is received; it cannot execute in the con-
text of <b><a href="postconf.5.html#smtpd_end_of_data_restrictions">smtpd_end_of_data_restrictions</a></b>.
This feature is available in Postfix 2.1 and later.
<b>REDIRECT</b> <i>user@domain</i>
- After the message is queued, send the message to
+ After the message is queued, send the message to
the specified address instead of the intended
recipient(s).
- Note: this action overrides the FILTER action, and
+ Note: this action overrides the FILTER action, and
currently affects all recipients of the message.
This feature is available in Postfix 2.1 and later.
<b>WARN</b> <i>optional text...</i>
Log a warning with the optional text, together with
- client information and if available, with helo,
+ client information and if available, with helo,
sender, recipient and protocol information.
This feature is available in Postfix 2.1 and later.
<b>ENHANCED STATUS CODES</b>
- Postfix version 2.3 and later support enhanced status
- codes as defined in <a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a>. When an enhanced status
- code is specified in an access table, it is subject to
- modification. The following transformations are needed
- when the same access table is used for client, helo,
- sender, or recipient access restrictions; they happen
+ Postfix version 2.3 and later support enhanced status
+ codes as defined in <a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a>. When an enhanced status
+ code is specified in an access table, it is subject to
+ modification. The following transformations are needed
+ when the same access table is used for client, helo,
+ sender, or recipient access restrictions; they happen
regardless of whether Postfix replies to a MAIL FROM, RCPT
TO or other SMTP command.
- <b>o</b> When a sender address matches a REJECT action, the
- Postfix SMTP server will transform a recipient DSN
- status (e.g., 4.1.1-4.1.6) into the corresponding
+ <b>o</b> When a sender address matches a REJECT action, the
+ Postfix SMTP server will transform a recipient DSN
+ status (e.g., 4.1.1-4.1.6) into the corresponding
sender DSN status, and vice versa.
- <b>o</b> When non-address information matches a REJECT
- action (such as the HELO command argument or the
- client hostname/address), the Postfix SMTP server
- will transform a sender or recipient DSN status
- into a generic non-address DSN status (e.g.,
+ <b>o</b> When non-address information matches a REJECT
+ action (such as the HELO command argument or the
+ client hostname/address), the Postfix SMTP server
+ will transform a sender or recipient DSN status
+ into a generic non-address DSN status (e.g.,
4.0.0).
<b>REGULAR EXPRESSION TABLES</b>
- This section describes how the table lookups change when
+ This section describes how the table lookups change when
the table is given in the form of regular expressions. For
- a description of regular expression lookup table syntax,
+ a description of regular expression lookup table syntax,
see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
- Each pattern is a regular expression that is applied to
+ Each pattern is a regular expression that is applied to
the entire string being looked up. Depending on the appli-
- cation, that string is an entire client hostname, an
+ cation, that string is an entire client hostname, an
entire client IP address, or an entire mail address. Thus,
no parent domain or parent network search is done,
- <i>user@domain</i> mail addresses are not broken up into their
+ <i>user@domain</i> mail addresses are not broken up into their
<i>user@</i> and <i>domain</i> constituent parts, nor is <i>user+foo</i> broken
up into <i>user</i> and <i>foo</i>.
- Patterns are applied in the order as specified in the ta-
- ble, until a pattern is found that matches the search
+ Patterns are applied in the order as specified in the ta-
+ ble, until a pattern is found that matches the search
string.
- Actions are the same as with indexed file lookups, with
- the additional feature that parenthesized substrings from
+ Actions are the same as with indexed file lookups, with
+ the additional feature that parenthesized substrings from
the pattern can be interpolated as <b>$1</b>, <b>$2</b> and so on.
<b>TCP-BASED TABLES</b>
- This section describes how the table lookups change when
+ This section describes how the table lookups change when
lookups are directed to a TCP-based server. For a descrip-
tion of the TCP client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_ta-</b></a>
<a href="tcp_table.5.html"><b>ble</b>(5)</a>. This feature is not available up to and including
Postfix version 2.4.
- Each lookup operation uses the entire query string once.
- Depending on the application, that string is an entire
+ Each lookup operation uses the entire query string once.
+ Depending on the application, that string is an entire
client hostname, an entire client IP address, or an entire
- mail address. Thus, no parent domain or parent network
- search is done, <i>user@domain</i> mail addresses are not broken
- up into their <i>user@</i> and <i>domain</i> constituent parts, nor is
+ mail address. Thus, no parent domain or parent network
+ search is done, <i>user@domain</i> mail addresses are not broken
+ up into their <i>user@</i> and <i>domain</i> constituent parts, nor is
<i>user+foo</i> broken up into <i>user</i> and <i>foo</i>.
Actions are the same as with indexed file lookups.
<b>EXAMPLE</b>
- The following example uses an indexed file, so that the
- order of table entries does not matter. The example per-
- mits access by the client at address 1.2.3.4 but rejects
- all other clients in 1.2.3.0/24. Instead of <b>hash</b> lookup
- tables, some systems use <b>dbm</b>. Use the command "<b>postconf</b>
- <b>-m</b>" to find out what lookup tables Postfix supports on
+ The following example uses an indexed file, so that the
+ order of table entries does not matter. The example per-
+ mits access by the client at address 1.2.3.4 but rejects
+ all other clients in 1.2.3.0/24. Instead of <b>hash</b> lookup
+ tables, some systems use <b>dbm</b>. Use the command "<b>postconf</b>
+ <b>-m</b>" to find out what lookup tables Postfix supports on
your system.
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
1.2.3 REJECT
1.2.3.4 OK
- Execute the command "<b>postmap /etc/postfix/access</b>" after
+ Execute the command "<b>postmap /etc/postfix/access</b>" after
editing the file.
<b>BUGS</b>
- The table format does not understand quoting conventions.
+ The table format does not understand quoting conventions.
<b>SEE ALSO</b>
<a href="postmap.1.html">postmap(1)</a>, Postfix lookup table manager
<a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
the first match. Specify "!pattern" to exclude a service from the
list. By default, all <a href="master.8.html">master(8)</a> listener ports are enabled. </p>
+<p> Note: this feature does not support "/file/name" or "<a href="DATABASE_README.html">type:table</a>"
+patterns, nor does it support wildcards such as "*" or "all". This
+is intentional. </p>
+
<p> Examples: </p>
<pre>
(default: 0)</b></DT><DD>
<p> An optional workaround for routers that break TCP window scaling.
-Specify a value > 0 and < 65536 to enable this feature. </p>
+Specify a value > 0 and < 65536 to enable this feature. With
+Postfix TCP servers (<a href="smtpd.8.html">smtpd(8)</a>, <a href="qmqpd.8.html">qmqpd(8)</a>), this feature is implemented
+by the Postfix <a href="master.8.html">master(8)</a> daemon. </p>
+
+<p> To change this parameter without stopping Postfix, you need to
+first terminate all Postfix TCP servers: </p>
+
+<blockquote>
+<pre>
+# postconf -e <a href="postconf.5.html#master_service_disable">master_service_disable</a>=inet
+# postfix reload
+</pre>
+</blockquote>
+
+<p> This immediately terminates all processes that accept network
+connections. Next, you enable Postfix TCP servers with the updated
+<a href="postconf.5.html#tcp_windowsize">tcp_windowsize</a> setting: </p>
+
+<blockquote>
+<pre>
+# postconf -e <a href="postconf.5.html#tcp_windowsize">tcp_windowsize</a>=65535 <a href="postconf.5.html#master_service_disable">master_service_disable</a>=
+# postfix reload
+</pre>
+</blockquote>
-<p> Note: for Postfix servers, this feature is implemented by the
-Postfix <a href="master.8.html">master(8)</a> daemon, not by the servers themselves. </p>
+<p> If you skip these steps with a running Postfix system, then the
+<a href="postconf.5.html#tcp_windowsize">tcp_windowsize</a> change will work only for Postfix TCP clients (<a href="smtp.8.html">smtp(8)</a>,
+<a href="lmtp.8.html">lmtp(8)</a>). </p>
<p> This feature is available in Postfix 2.6 and later. </p>
Limit the time for receiving a command or sending a
response. The time limit is specified in seconds.
+ <b>-T</b> <i>windowsize</i>
+ Override the default TCP window size. To work
+ around broken TCP window scaling implementations,
+ specify a value > 0 and < 65536.
+
<b>-u</b> <i>username</i>
Switch to the specified user privileges after open-
ing the network socket and optionally changing the
<b>-t</b> <i>to</i> Use the specified recipient address (default:
<foo@<a href="postconf.5.html#myhostname">myhostname</a>>).
+ <b>-T</b> <i>windowsize</i>
+ Override the default TCP window size. To work
+ around broken TCP window scaling implementations,
+ specify a value > 0 and < 65536.
+
<b>-v</b> Make the program more verbose, for debugging pur-
poses.
.IP "\fB-t \fItimeout\fR (default: 100)"
Limit the time for receiving a command or sending a response.
The time limit is specified in seconds.
+.IP "\fB-T \fIwindowsize\fR"
+Override the default TCP window size. To work around
+broken TCP window scaling implementations, specify a
+value > 0 and < 65536.
.IP "\fB-u \fIusername\fR"
Switch to the specified user privileges after opening the
network socket and optionally changing the process root
Send mail with the named subject line (default: none).
.IP "\fB-t \fIto\fR"
Use the specified recipient address (default: <foo@myhostname>).
+.IP "\fB-T \fIwindowsize\fR"
+Override the default TCP window size. To work around
+broken TCP window scaling implementations, specify a
+value > 0 and < 65536.
.IP \fB-v\fR
Make the program more verbose, for debugging purposes.
.IP "\fB-w \fIinterval\fR"
"\fB$access_map_defer_code \fIoptional text...\fR" when the
optional text is
specified, otherwise reply with a generic error response message.
+.sp
+This feature is available in Postfix 2.6 and later.
.IP "\fBDEFER_IF_REJECT \fIoptional text...\fR
Defer the request if some later restriction would result in a
REJECT action. Reply with "\fB$access_map_defer_code 4.7.1
optional text is specified, otherwise reply with a generic error
response message.
.sp
+Prior to Postfix 2.6, the SMTP reply code is 450.
+.sp
This feature is available in Postfix 2.1 and later.
.IP "\fBDEFER_IF_PERMIT \fIoptional text...\fR
Defer the request if some later restriction would result in a
optional text is specified, otherwise reply with a generic error
response message.
.sp
+Prior to Postfix 2.6, the SMTP reply code is 450.
+.sp
This feature is available in Postfix 2.1 and later.
.SH "OTHER ACTIONS"
.na
the first match. Specify "!pattern" to exclude a service from the
list. By default, all \fBmaster\fR(8) listener ports are enabled.
.PP
+Note: this feature does not support "/file/name" or "type:table"
+patterns, nor does it support wildcards such as "*" or "all". This
+is intentional.
+.PP
Examples:
.PP
.nf
while accessing the Postfix main.cf configuration file.
.SH tcp_windowsize (default: 0)
An optional workaround for routers that break TCP window scaling.
-Specify a value > 0 and < 65536 to enable this feature.
+Specify a value > 0 and < 65536 to enable this feature. With
+Postfix TCP servers (\fBsmtpd\fR(8), \fBqmqpd\fR(8)), this feature is implemented
+by the Postfix \fBmaster\fR(8) daemon.
+.PP
+To change this parameter without stopping Postfix, you need to
+first terminate all Postfix TCP servers:
+.sp
+.in +4
+.nf
+.na
+.ft C
+# postconf -e master_service_disable=inet
+# postfix reload
+.fi
+.ad
+.ft R
+.in -4
+.PP
+This immediately terminates all processes that accept network
+connections. Next, you enable Postfix TCP servers with the updated
+tcp_windowsize setting:
+.sp
+.in +4
+.nf
+.na
+.ft C
+# postconf -e tcp_windowsize=65535 master_service_disable=
+# postfix reload
+.fi
+.ad
+.ft R
+.in -4
.PP
-Note: for Postfix servers, this feature is implemented by the
-Postfix \fBmaster\fR(8) daemon, not by the servers themselves.
+If you skip these steps with a running Postfix system, then the
+tcp_windowsize change will work only for Postfix TCP clients (\fBsmtp\fR(8),
+\fBlmtp\fR(8)).
.PP
This feature is available in Postfix 2.6 and later.
.SH tls_daemon_random_bytes (default: 32)
mailbox_delivery_lock = fcntl, dotlock
</pre>
</blockquote>
-</body>
<h2> Postfix NFS workarounds </h2>
the request, and the server does not remember that it already
completed the request. </p>
+</body>
</html>
the first match. Specify "!pattern" to exclude a service from the
list. By default, all master(8) listener ports are enabled. </p>
+<p> Note: this feature does not support "/file/name" or "type:table"
+patterns, nor does it support wildcards such as "*" or "all". This
+is intentional. </p>
+
<p> Examples: </p>
<pre>
<p> This feature is available in Postfix 2.6 and later. </p>
-%PARAM tcp_windowsize 0
+%PARAM tcp_windowsize 0
<p> An optional workaround for routers that break TCP window scaling.
-Specify a value > 0 and < 65536 to enable this feature. </p>
+Specify a value > 0 and < 65536 to enable this feature. With
+Postfix TCP servers (smtpd(8), qmqpd(8)), this feature is implemented
+by the Postfix master(8) daemon. </p>
+
+<p> To change this parameter without stopping Postfix, you need to
+first terminate all Postfix TCP servers: </p>
+
+<blockquote>
+<pre>
+# postconf -e master_service_disable=inet
+# postfix reload
+</pre>
+</blockquote>
+
+<p> This immediately terminates all processes that accept network
+connections. Next, you enable Postfix TCP servers with the updated
+tcp_windowsize setting: </p>
+
+<blockquote>
+<pre>
+# postconf -e tcp_windowsize=65535 master_service_disable=
+# postfix reload
+</pre>
+</blockquote>
-<p> Note: for Postfix servers, this feature is implemented by the
-Postfix master(8) daemon, not by the servers themselves. The Postfix
-master must be restarted for a parameter change to take effect. </p>
+<p> If you skip these steps with a running Postfix system, then the
+tcp_windowsize change will work only for Postfix TCP clients (smtp(8),
+lmtp(8)). </p>
<p> This feature is available in Postfix 2.6 and later. </p>
tok822_resolve.c tok822_rewrite.c tok822_tree.c trace.c \
user_acl.c valid_mailhost_addr.c verify.c verify_clnt.c \
verp_sender.c wildcard_inet_addr.c xtext.c delivered_hdr.c \
- fold_addr.c header_body_checks.c mkmap_proxy.c data_redirect.c
+ fold_addr.c header_body_checks.c mkmap_proxy.c data_redirect.c \
+ match_service.c
OBJS = abounce.o anvil_clnt.o been_here.o bounce.o bounce_log.o \
canon_addr.o cfg_parser.o cleanup_strerror.o cleanup_strflags.o \
clnt_stream.o conv_time.o db_common.o debug_peer.o debug_process.o \
tok822_resolve.o tok822_rewrite.o tok822_tree.o trace.o \
user_acl.o valid_mailhost_addr.o verify.o verify_clnt.o \
verp_sender.o wildcard_inet_addr.o xtext.o delivered_hdr.o \
- fold_addr.o header_body_checks.o mkmap_proxy.o data_redirect.o
+ fold_addr.o header_body_checks.o mkmap_proxy.o data_redirect.o \
+ match_service.o
HDRS = abounce.h anvil_clnt.h been_here.h bounce.h bounce_log.h \
canon_addr.h cfg_parser.h cleanup_user.h clnt_stream.h config.h \
conv_time.h db_common.h debug_peer.h debug_process.h defer.h \
string_list.h strip_addr.h sys_exits.h timed_ipc.h tok822.h \
trace.h user_acl.h valid_mailhost_addr.h verify.h verify_clnt.h \
verp_sender.h wildcard_inet_addr.h xtext.h delivered_hdr.h \
- fold_addr.h header_body_checks.h data_redirect.h
+ fold_addr.h header_body_checks.h data_redirect.h match_service.h
TESTSRC = rec2stream.c stream2rec.c recdump.c
DEFS = -I. -I$(INC_DIR) -D$(SYSTYPE)
CFLAGS = $(DEBUG) $(OPT) $(DEFS)
match_parent_style.o: match_parent_style.c
match_parent_style.o: match_parent_style.h
match_parent_style.o: string_list.h
+match_service.o: ../../include/argv.h
+match_service.o: ../../include/msg.h
+match_service.o: ../../include/mymalloc.h
+match_service.o: ../../include/stringops.h
+match_service.o: ../../include/sys_defs.h
+match_service.o: ../../include/vbuf.h
+match_service.o: ../../include/vstring.h
+match_service.o: match_service.c
+match_service.o: match_service.h
mbox_conf.o: ../../include/argv.h
mbox_conf.o: ../../include/name_mask.h
mbox_conf.o: ../../include/sys_defs.h
#endif
#include <inet_proto.h>
#include <vstring_vstream.h>
-#include <connect.h>
-#include <listen.h>
+#include <iostuff.h>
/* Global library. */
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20090109"
+#define MAIL_RELEASE_DATE "20090110"
#define MAIL_VERSION_NUMBER "2.6"
#ifdef SNAPSHOT
--- /dev/null
+/*++
+/* NAME
+/* match_service 3
+/* SUMMARY
+/* simple master.cf service name.type pattern matcher
+/* SYNOPSIS
+/* #include <match_service.h>
+/*
+/* ARGV *match_service_init(pattern_list)
+/* const char *pattern_list;
+/*
+/* int match_service_match(list, name_type)
+/* ARGV *list;
+/* const char *name_type;
+/*
+/* void match_service_free(list)
+/* ARGV *list;
+/* DESCRIPTION
+/* This module implements pattern matching for Postfix master.cf
+/* services. This is more precise than using domain_list(3),
+/* because match_service(3) won't treat a dotted service name
+/* as a domain hierarchy. Moreover, this module has the advantage
+/* that it does not drag in all the LDAP, SQL and other map
+/* lookup client code into programs that don't need it.
+/*
+/* Each pattern is of the form "name.type" or "type", where
+/* "name" and "type" are the first two fields of a master.cf
+/* entry. Patterns are separated by whitespace and/or commas.
+/* Matches are case insensitive. Patterns are matched in the
+/* specified order, and the matching process stops at the first
+/* match. In order to reverse the result of a pattern match,
+/* precede a pattern with an exclamation point (!).
+/*
+/* match_service_init() parses the pattern list. The result
+/* must be passed to match_service_match() or match_service_free().
+/*
+/* match_service_match() matches one service name.type string
+/* against the specified pattern list.
+/*
+/* match_service_free() releases storage allocated by
+/* match_service_init().
+/* DIAGNOSTICS
+/* Fatal error: out of memory, malformed pattern.
+/* Panic: malformed search string.
+/* SEE ALSO
+/* domain_list(3) match domain names.
+/* LICENSE
+/* .ad
+/* .fi
+/* The Secure Mailer license must be distributed with this software.
+/* AUTHOR(S)
+/* Wietse Venema
+/* IBM T.J. Watson Research
+/* P.O. Box 704
+/* Yorktown Heights, NY 10598, USA
+/*--*/
+
+/* System library. */
+
+#include <sys_defs.h>
+#include <string.h>
+
+#ifdef STRCASECMP_IN_STRINGS_H
+#include <strings.h>
+#endif
+
+/* Utility library. */
+
+#include <msg.h>
+#include <argv.h>
+#include <mymalloc.h>
+#include <stringops.h>
+#include <match_service.h>
+
+/* match_service_init - initialize pattern list */
+
+ARGV *match_service_init(const char *patterns)
+{
+ const char *delim = " ,\t\r\n";
+ ARGV *list = argv_alloc(1);
+ char *saved_patterns = mystrdup(patterns);
+ char *bp = saved_patterns;
+ const char *item;
+
+ while ((item = mystrtok(&bp, delim)) != 0)
+ argv_add(list, item, (char *) 0);
+ argv_terminate(list);
+ myfree(saved_patterns);
+ return (list);
+}
+
+/* match_service_match - match service name.type against pattern list */
+
+int match_service_match(ARGV *list, const char *name_type)
+{
+ const char *myname = "match_service_match";
+ const char *type;
+ char **cpp;
+ char *pattern;
+ int match;
+
+ /*
+ * Quick check for empty list.
+ */
+ if (list->argv[0] == 0)
+ return (0);
+
+ /*
+ * Sanity check.
+ */
+ if ((type = strrchr(name_type, '.')) == 0 || *++type == 0)
+ msg_panic("%s: malformed service: \"%s\"; need \"name.type\" format",
+ myname, name_type);
+
+ /*
+ * Iterate over all patterns in the list, stop at the first match.
+ */
+ for (cpp = list->argv; (pattern = *cpp) != 0; cpp++) {
+ if (msg_verbose)
+ msg_info("%s: %s ~? %s", myname, name_type, pattern);
+ for (match = 1; *pattern == '!'; pattern++)
+ match = !match;
+ if (strcasecmp(strchr(pattern, '.') ? name_type : type, pattern) == 0) {
+ if (msg_verbose)
+ msg_info("%s: %s: found match", myname, name_type);
+ return (match);
+ }
+ }
+ if (msg_verbose)
+ msg_info("%s: %s: no match", myname, name_type);
+ return (0);
+}
+
+/* match_service_free - release storage */
+
+void match_service_free(ARGV *list)
+{
+ argv_free(list);
+}
--- /dev/null
+#ifndef _MATCH_SERVICE_H_INCLUDED_
+#define _MATCH_SERVICE_H_INCLUDED_
+
+/*++
+/* NAME
+/* match_service 3h
+/* SUMMARY
+/* simple master.cf service name.type pattern matcher
+/* SYNOPSIS
+/* #include <match_service.h>
+/* DESCRIPTION
+/* .nf
+
+ /* External interface. */
+
+extern ARGV *match_service_init(const char *);
+extern int match_service_match(ARGV *, const char *);
+extern void match_service_free(ARGV *);
+
+/* LICENSE
+/* .ad
+/* .fi
+/* The Secure Mailer license must be distributed with this software.
+/* AUTHOR(S)
+/* Wietse Venema
+/* IBM T.J. Watson Research
+/* P.O. Box 704
+/* Yorktown Heights, NY 10598, USA
+/*--*/
+
+#endif
SRCS = master.c master_conf.c master_ent.c master_sig.c master_avail.c \
master_spawn.c master_service.c master_status.c master_listen.c \
master_proto.c single_server.c multi_server.c master_vars.c \
- master_wakeup.c master_flow.c mail_flow.c
+ master_wakeup.c master_flow.c master_watch.c mail_flow.c
OBJS = master.o master_conf.o master_ent.o master_sig.o master_avail.o \
master_spawn.o master_service.o master_status.o master_listen.o \
- master_vars.o master_wakeup.o master_flow.o
+ master_vars.o master_wakeup.o master_watch.o master_flow.o
LIB_OBJ = single_server.o multi_server.o trigger_server.o master_proto.o \
mail_flow.o
HDRS = mail_server.h master_proto.h mail_flow.h
master_conf.o: master_conf.c
master_ent.o: ../../include/argv.h
master_ent.o: ../../include/attr.h
-master_ent.o: ../../include/domain_list.h
master_ent.o: ../../include/host_port.h
master_ent.o: ../../include/inet_addr_host.h
master_ent.o: ../../include/inet_addr_list.h
master_ent.o: ../../include/mail_conf.h
master_ent.o: ../../include/mail_params.h
master_ent.o: ../../include/mail_proto.h
-master_ent.o: ../../include/match_list.h
-master_ent.o: ../../include/match_ops.h
+master_ent.o: ../../include/match_service.h
master_ent.o: ../../include/msg.h
master_ent.o: ../../include/myaddrinfo.h
master_ent.o: ../../include/mymalloc.h
master_wakeup.o: mail_server.h
master_wakeup.o: master.h
master_wakeup.o: master_wakeup.c
+master_watch.o: ../../include/msg.h
+master_watch.o: ../../include/mymalloc.h
+master_watch.o: ../../include/sys_defs.h
+master_watch.o: master.h
+master_watch.o: master_watch.c
multi_server.o: ../../include/chroot_uid.h
multi_server.o: ../../include/debug_process.h
multi_server.o: ../../include/events.h
extern void master_flow_init(void);
extern int master_flow_pipe[2];
+ /*
+ * master_watch.c
+ *
+ * Support to warn about main.cf parameters that can only be initialized but
+ * not updated, and to initialize or update data structures that derive
+ * values from main.cf parameters.
+ */
+typedef struct {
+ const char *name; /* parameter name */
+ char **value; /* current main.cf value */
+ char **backup; /* actual value that is being used */
+ int flags; /* see below */
+ void (*notify) (void); /* init or update data structure */
+} MASTER_STR_WATCH;
+
+typedef struct {
+ const char *name; /* parameter name */
+ int *value; /* current main.cf value */
+ int backup; /* actual value that is being used */
+ int flags; /* see below */
+ void (*notify) (void); /* init or update data structure */
+} MASTER_INT_WATCH;
+
+#define MASTER_WATCH_FLAG_UPDATABLE (1<<0) /* support update after init */
+#define MASTER_WATCH_FLAG_ISSET (1<<1) /* backup is initialized */
+
+extern void master_str_watch(const MASTER_STR_WATCH *);
+extern void master_int_watch(MASTER_INT_WATCH *);
+
/* DIAGNOSTICS
/* BUGS
/* SEE ALSO
/* Global library. */
-#include <domain_list.h>
+#include <match_service.h>
#include <mail_proto.h>
#include <mail_params.h>
#include <own_inet_addr.h>
static char *master_path; /* config file name */
static VSTREAM *master_fp; /* config file pointer */
static int master_line; /* config file line number */
-static DOMAIN_LIST *master_disable; /* disabled services */
+static ARGV *master_disable; /* disabled service patterns */
static char master_blanks[] = " \t\r\n";/* field delimiters */
master_line = 0;
if (master_disable != 0)
msg_panic("%s: service disable list still exists", myname);
- master_disable = domain_list_init(MATCH_FLAG_PARENT, var_master_disable);
+ master_disable = match_service_init(var_master_disable);
}
/* end_master_ent - close configuration file */
master_fp = 0;
if (master_disable == 0)
msg_panic("%s: no service disable list", myname);
- domain_list_free(master_disable);
+ match_service_free(master_disable);
master_disable = 0;
}
name = cp;
transport = get_str_ent(&bufp, "transport type", (char *) 0);
vstring_sprintf(junk, "%s.%s", name, transport);
- } while (domain_list_match(master_disable, vstring_str(junk)) != 0);
+ } while (match_service_match(master_disable, vstring_str(junk)) != 0);
/*
* Parse one logical line from the configuration file. Initialize service
int var_throttle_time;
char *var_master_disable;
- /*
- * Support to warn about main.cf parameters that can only be initialized but
- * not updated, and to initialize or update data structures that derive
- * values from main.cf parameters. Add similar code if we also need to
- * monitor non-string parameters.
- */
-typedef struct MASTER_VARS_STR_WATCH {
- const char *name; /* parameter name */
- char **value; /* current main.cf value */
- char **backup; /* actual value that is being used */
- int flags; /* see below */
- void (*assign) (void); /* init or update data structure */
-} MASTER_VARS_STR_WATCH;
-
-typedef struct MASTER_VARS_INT_WATCH {
- const char *name; /* parameter name */
- int *value; /* current main.cf value */
- int *backup; /* actual value that is being used */
- int flags; /* see below */
- void (*assign) (void); /* init or update data structure */
-} MASTER_VARS_INT_WATCH;
-
-#define MASTER_VARS_WATCH_FLAG_UPDATE (1<<0) /* support update after init */
-#define MASTER_VARS_WATCH_FLAG_ISSET (1<<1) /* backup is initialized */
-
-/* master_vars_str_watch - watch string-valued parameters for change */
-
-static void master_vars_str_watch(MASTER_VARS_STR_WATCH *str_watch_table)
-{
- MASTER_VARS_STR_WATCH *wp;
-
- for (wp = str_watch_table; wp->name != 0; wp++) {
-
- /*
- * Detect changes to monitored parameter values. If a change is
- * supported, we discard the backed up value and update it to the
- * current value later. Otherwise we complain.
- */
- if (wp->backup[0] != 0
- && strcmp(wp->backup[0], wp->value[0]) != 0) {
- if ((wp->flags & MASTER_VARS_WATCH_FLAG_UPDATE) == 0) {
- msg_warn("ignoring %s parameter value change", wp->name);
- msg_warn("old value: \"%s\", new value: \"%s\"",
- wp->backup[0], wp->value[0]);
- msg_warn("to change %s, stop and start Postfix", wp->name);
- } else {
- myfree(wp->backup[0]);
- wp->backup[0] = 0;
- }
- }
-
- /*
- * Initialize the backed up parameter value, or update if it this
- * parameter supports updates after initialization. Optionally assign
- * the parameter value to an application-specific data structure.
- */
- if (wp->backup[0] == 0) {
- if (wp->assign != 0)
- wp->assign();
- wp->backup[0] = mystrdup(wp->value[0]);
- }
- }
-}
-
-/* master_vars_int_watch - watch integer-valued parameters for change */
-
-static void master_vars_int_watch(MASTER_VARS_INT_WATCH *str_watch_table)
-{
- MASTER_VARS_INT_WATCH *wp;
-
- for (wp = str_watch_table; wp->name != 0; wp++) {
-
- /*
- * Detect changes to monitored parameter values. If a change is
- * supported, we discard the backed up value and update it to the
- * current value later. Otherwise we complain.
- */
- if ((wp->flags & MASTER_VARS_WATCH_FLAG_ISSET) != 0
- && wp->backup[0] != wp->value[0]) {
- if ((wp->flags & MASTER_VARS_WATCH_FLAG_UPDATE) == 0) {
- msg_warn("ignoring %s parameter value change", wp->name);
- msg_warn("old value: \"%d\", new value: \"%d\"",
- wp->backup[0], wp->value[0]);
- msg_warn("to change %s, stop and start Postfix", wp->name);
- } else {
- wp->flags &= ~MASTER_VARS_WATCH_FLAG_ISSET;
- }
- }
-
- /*
- * Initialize the backed up parameter value, or update if it this
- * parameter supports updates after initialization. Optionally assign
- * the parameter value to an application-specific data structure.
- */
- if ((wp->flags & MASTER_VARS_WATCH_FLAG_ISSET) == 0) {
- if (wp->assign != 0)
- wp->assign();
- wp->flags |= MASTER_VARS_WATCH_FLAG_ISSET;
- wp->backup[0] = wp->value[0];
- }
- }
-}
-
/* master_vars_init - initialize from global Postfix configuration file */
void master_vars_init(void)
static char *saved_inet_protocols;
static char *saved_queue_dir;
static char *saved_config_dir;
- static MASTER_VARS_STR_WATCH str_watch_table[] = {
+ static const MASTER_STR_WATCH str_watch_table[] = {
VAR_CONFIG_DIR, &var_config_dir, &saved_config_dir, 0, 0,
VAR_QUEUE_DIR, &var_queue_dir, &saved_queue_dir, 0, 0,
VAR_INET_PROTOCOLS, &var_inet_protocols, &saved_inet_protocols, 0, 0,
/* XXX Add inet_interfaces here after this code is burned in. */
0,
};
- static int saved_inet_windowsize;
- static MASTER_VARS_INT_WATCH int_watch_table[] = {
- VAR_INET_WINDOW, &var_inet_windowsize, &saved_inet_windowsize, 0, 0,
- 0,
- };
/*
* Flush existing main.cf settings, so that we handle deleted main.cf
/*
* Look for parameter changes that require special attention.
*/
- master_vars_str_watch(str_watch_table);
- master_vars_int_watch(int_watch_table);
+ master_str_watch(str_watch_table);
}
--- /dev/null
+/*++
+/* NAME
+/* master_watch 3
+/* SUMMARY
+/* Postfix master - monitor main.cf changes
+/* SYNOPSIS
+/* #include "master.h"
+/*
+/* void master_str_watch(str_watch_table)
+/* const MASTER_STR_WATCH *str_watch_table;
+/*
+/* void master_int_watch(int_watch_table)
+/* MASTER_INT_WATCH *int_watch_table;
+/* DESCRIPTION
+/* The Postfix master daemon is a long-running process. After
+/* main.cf is changed, some parameter changes may require that
+/* master data structures be recomputed.
+/*
+/* Unfortunately, some main.cf changes cannot be applied
+/* on-the-fly, either because they require killing off existing
+/* child processes and thus disrupt service, or because the
+/* necessary support for on-the-fly data structure update has
+/* not yet been implemented. Such main.cf changes trigger a
+/* warning that they require that Postfix be stopped and
+/* restarted.
+/*
+/* This module provides functions that monitor selected main.cf
+/* parameters for change. The operation of these functions is
+/* controlled by tables that specify the parameter name, the
+/* current parameter value, a historical parameter value,
+/* optional flags, and an optional notify call-back function.
+/*
+/* master_str_watch() monitors string-valued parameters for
+/* change, and master_int_watch() does the same for integer-valued
+/* parameters. Note that master_int_watch() needs read-write
+/* access to its argument table, while master_str_watch() needs
+/* read-only access only.
+/*
+/* The functions log a warning when a parameter value has
+/* changed after re-reading main.cf, but the parameter is not
+/* flagged in the MASTER_*_WATCH table as "updatable" with
+/* MASTER_WATCH_FLAG_UPDATABLE.
+/*
+/* If the parameter has a notify call-back function, then the
+/* function is called after main.cf is read for the first time.
+/* If the parameter is flagged as "updatable", then the function
+/* is also called when the parameter value changes after
+/* re-reading main.cf.
+/* LICENSE
+/* .ad
+/* .fi
+/* The Secure Mailer license must be distributed with this software.
+/* AUTHOR(S)
+/* Wietse Venema
+/* IBM T.J. Watson Research
+/* P.O. Box 704
+/* Yorktown Heights, NY 10598, USA
+/*--*/
+
+/* System library. */
+
+#include <sys_defs.h>
+#include <string.h>
+#include <unistd.h>
+
+/* Utility library. */
+
+#include <msg.h>
+#include <mymalloc.h>
+
+/* Application-specific. */
+
+#include "master.h"
+
+/* master_str_watch - watch string-valued parameters for change */
+
+void master_str_watch(const MASTER_STR_WATCH *str_watch_table)
+{
+ const MASTER_STR_WATCH *wp;
+
+ for (wp = str_watch_table; wp->name != 0; wp++) {
+
+ /*
+ * Detect changes to monitored parameter values. If a change is
+ * supported, we discard the backed up value and update it to the
+ * current value later. Otherwise we complain.
+ */
+ if (wp->backup[0] != 0
+ && strcmp(wp->backup[0], wp->value[0]) != 0) {
+ if ((wp->flags & MASTER_WATCH_FLAG_UPDATABLE) == 0) {
+ msg_warn("ignoring %s parameter value change", wp->name);
+ msg_warn("old value: \"%s\", new value: \"%s\"",
+ wp->backup[0], wp->value[0]);
+ msg_warn("to change %s, stop and start Postfix", wp->name);
+ } else {
+ myfree(wp->backup[0]);
+ wp->backup[0] = 0;
+ }
+ }
+
+ /*
+ * Initialize the backed up parameter value, or update it if this
+ * parameter supports updates after initialization. Optionally
+ * notify the application that this parameter has changed.
+ */
+ if (wp->backup[0] == 0) {
+ if (wp->notify != 0)
+ wp->notify();
+ wp->backup[0] = mystrdup(wp->value[0]);
+ }
+ }
+}
+
+/* master_int_watch - watch integer-valued parameters for change */
+
+void master_int_watch(MASTER_INT_WATCH *int_watch_table)
+{
+ MASTER_INT_WATCH *wp;
+
+ for (wp = int_watch_table; wp->name != 0; wp++) {
+
+ /*
+ * Detect changes to monitored parameter values. If a change is
+ * supported, we discard the backed up value and update it to the
+ * current value later. Otherwise we complain.
+ */
+ if ((wp->flags & MASTER_WATCH_FLAG_ISSET) != 0
+ && wp->backup != wp->value[0]) {
+ if ((wp->flags & MASTER_WATCH_FLAG_UPDATABLE) == 0) {
+ msg_warn("ignoring %s parameter value change", wp->name);
+ msg_warn("old value: \"%d\", new value: \"%d\"",
+ wp->backup, wp->value[0]);
+ msg_warn("to change %s, stop and start Postfix", wp->name);
+ } else {
+ wp->flags &= ~MASTER_WATCH_FLAG_ISSET;
+ }
+ }
+
+ /*
+ * Initialize the backed up parameter value, or update if it this
+ * parameter supports updates after initialization. Optionally
+ * notify the application that this parameter has changed.
+ */
+ if ((wp->flags & MASTER_WATCH_FLAG_ISSET) == 0) {
+ if (wp->notify != 0)
+ wp->notify();
+ wp->flags |= MASTER_WATCH_FLAG_ISSET;
+ wp->backup = wp->value[0];
+ }
+ }
+}
if ((sock = socket(sa->sa_family, SOCK_STREAM, 0)) < 0)
msg_fatal("%s: socket: %m", myname);
+ if (inet_windowsize > 0)
+ set_inet_windowsize(sock, inet_windowsize);
+
/*
* Allow the sysadmin to specify the source address, for example, as "-o
* smtp_bind_address=x.x.x.x" in the master.cf file.
/* .IP "\fB-t \fItimeout\fR (default: 100)"
/* Limit the time for receiving a command or sending a response.
/* The time limit is specified in seconds.
+/* .IP "\fB-T \fIwindowsize\fR"
+/* Override the default TCP window size. To work around
+/* broken TCP window scaling implementations, specify a
+/* value > 0 and < 65536.
/* .IP "\fB-u \fIusername\fR"
/* Switch to the specified user privileges after opening the
/* network socket and optionally changing the process root
/*
* Parse JCL.
*/
- while ((ch = GETOPT(argc, argv, "468aA:cCd:D:eEf:Fh:Ln:m:M:pPq:Q:r:R:s:S:t:u:vw:W:")) > 0) {
+ while ((ch = GETOPT(argc, argv, "468aA:cCd:D:eEf:Fh:Ln:m:M:pPq:Q:r:R:s:S:t:T:u:vw:W:")) > 0) {
switch (ch) {
case '4':
protocols = INET_PROTO_NAME_IPV4;
if ((var_tmout = atoi(optarg)) <= 0)
msg_fatal("bad timeout: %s", optarg);
break;
+ case 'T':
+ if ((inet_windowsize = atoi(optarg)) <= 0)
+ msg_fatal("bad TCP window size: %s", optarg);
+ break;
case 'u':
user_privs = optarg;
break;
/* Send mail with the named subject line (default: none).
/* .IP "\fB-t \fIto\fR"
/* Use the specified recipient address (default: <foo@myhostname>).
+/* .IP "\fB-T \fIwindowsize\fR"
+/* Override the default TCP window size. To work around
+/* broken TCP window scaling implementations, specify a
+/* value > 0 and < 65536.
/* .IP \fB-v\fR
/* Make the program more verbose, for debugging purposes.
/* .IP "\fB-w \fIinterval\fR"
session->stream = vstream_fdopen(fd, O_RDWR);
event_enable_write(fd, connect_done, (char *) session);
smtp_timeout_setup(session->stream, var_timeout);
+ if (inet_windowsize > 0)
+ set_inet_windowsize(fd, inet_windowsize);
if (sane_connect(fd, sa, sa_length) < 0 && errno != EINPROGRESS)
fail_connect(session);
}
/*
* Parse JCL.
*/
- while ((ch = GETOPT(argc, argv, "46AcC:df:F:l:Lm:M:Nor:R:s:S:t:vw:")) > 0) {
+ while ((ch = GETOPT(argc, argv, "46AcC:df:F:l:Lm:M:Nor:R:s:S:t:T:vw:")) > 0) {
switch (ch) {
case '4':
protocols = INET_PROTO_NAME_IPV4;
case 't':
recipient = optarg;
break;
+ case 'T':
+ if ((inet_windowsize = atoi(optarg)) <= 0)
+ msg_fatal("bad TCP window size: %s", optarg);
+ break;
case 'v':
msg_verbose++;
break;
vstream_popen.c vstring.c vstring_vstream.c watchdog.c writable.c \
write_buf.c write_wait.c sane_basename.c format_tv.c allspace.c \
allascii.c load_file.c killme_after.c vstream_tweak.c upass_connect.c \
- upass_listen.c upass_trigger.c edit_file.c
+ upass_listen.c upass_trigger.c edit_file.c inet_windowsize.c
OBJS = alldig.o allprint.o argv.o argv_split.o attr_clnt.o attr_print0.o \
attr_print64.o attr_print_plain.o attr_scan0.o attr_scan64.o \
attr_scan_plain.o auto_clnt.o base64_code.o basename.o binhash.o \
vstream_popen.o vstring.o vstring_vstream.o watchdog.o writable.o \
write_buf.o write_wait.o sane_basename.o format_tv.o allspace.o \
allascii.o load_file.o killme_after.o vstream_tweak.o upass_connect.o \
- upass_listen.o upass_trigger.o edit_file.o
+ upass_listen.o upass_trigger.o edit_file.o inet_windowsize.o
HDRS = argv.h attr.h attr_clnt.h auto_clnt.h base64_code.h binhash.h \
chroot_uid.h cidr_match.h clean_env.h connect.h ctable.h dict.h \
dict_cdb.h dict_cidr.h dict_db.h dict_dbm.h dict_env.h dict_ht.h \
inet_trigger.o: mymalloc.h
inet_trigger.o: sys_defs.h
inet_trigger.o: trigger.h
+inet_windowsize.o: inet_windowsize.c
+inet_windowsize.o: iostuff.h
+inet_windowsize.o: msg.h
+inet_windowsize.o: sys_defs.h
killme_after.o: killme_after.c
killme_after.o: killme_after.h
killme_after.o: sys_defs.h
extern int stream_connect(const char *, int, int);
extern int upass_connect(const char *, int, int);
-extern int inet_windowsize;
-
/* LICENSE
/* .ad
/* .fi
/* inet_connect connects to a TCP listener at
/* the specified address, and returns the resulting file descriptor.
/*
-/* Specify an inet_windowsize value > 0 to override the default
+/* Specify an inet_windowsize value > 0 to override the TCP
/* window size that the client advertises to the server.
/*
/* Arguments:
/*
* Window scaling workaround.
*/
- if (inet_windowsize > 0) {
- if (setsockopt(sock, SOL_SOCKET, SO_SNDBUF, (char *) &inet_windowsize,
- sizeof(inet_windowsize)) < 0)
- msg_warn("setsockopt SO_SNDBUF %d: %m", inet_windowsize);
- if (setsockopt(sock, SOL_SOCKET, SO_RCVBUF, (char *) &inet_windowsize,
- sizeof(inet_windowsize)) < 0)
- msg_warn("setsockopt SO_RCVBUF %d: %m", inet_windowsize);
- }
+ if (inet_windowsize > 0)
+ set_inet_windowsize(sock, inet_windowsize);
/*
* Timed connect.
/*
/* inet_accept() accepts a connection and sanitizes error results.
/*
-/* Specify an inet_windowsize value > 0 to override the default
-/* TCP window size that the server advertises to the server.
+/* Specify an inet_windowsize value > 0 to override the TCP
+/* window size that the server advertises to the client.
/*
/* Arguments:
/* .IP addr
if ((sock = socket(res->ai_family, res->ai_socktype, 0)) < 0)
msg_fatal("socket: %m");
#ifdef HAS_IPV6
-#if defined(IPV6_V6ONLY) && !defined(BROKEN_AI_PASSIVE_NULL_HOST)
+# if defined(IPV6_V6ONLY) && !defined(BROKEN_AI_PASSIVE_NULL_HOST)
if (res->ai_family == AF_INET6
&& setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY,
(char *) &on, sizeof(on)) < 0)
msg_fatal("setsockopt(IPV6_V6ONLY): %m");
-#endif
+# endif
#endif
if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR,
(char *) &on, sizeof(on)) < 0)
&hostaddr, &portnum, 0);
msg_fatal("bind %s port %s: %m", hostaddr.buf, portnum.buf);
}
- if (inet_windowsize > 0) {
- if (setsockopt(sock, SOL_SOCKET, SO_SNDBUF, (char *) &inet_windowsize,
- sizeof(inet_windowsize)) < 0)
- msg_warn("setsockopt SO_SNDBUF %d: %m", inet_windowsize);
- if (setsockopt(sock, SOL_SOCKET, SO_RCVBUF, (char *) &inet_windowsize,
- sizeof(inet_windowsize)) < 0)
- msg_warn("setsockopt SO_RCVBUF %d: %m", inet_windowsize);
- }
freeaddrinfo(res0);
non_blocking(sock, block_mode);
+ if (inet_windowsize > 0)
+ set_inet_windowsize(sock, inet_windowsize);
if (listen(sock, backlog) < 0)
msg_fatal("listen: %m");
return (sock);
--- /dev/null
+/*++
+/* NAME
+/* inet_windowsize 3
+/* SUMMARY
+/* TCP window scaling control
+/* SYNOPSIS
+/* #include <iostuff.h>
+/*
+/* int inet_windowsize;
+/*
+/* void set_inet_windowsize(sock, windowsize)
+/* int sock;
+/* int windowsize;
+/* DESCRIPTION
+/* set_inet_windowsize() overrides the default TCP window size
+/* with the specified value. When called before listen() or
+/* accept(), this works around broken infrastructure that
+/* mis-handles TCP window scaling options.
+/*
+/* The global inet_windowsize variable is available for other
+/* routines to remember that they wish to override the default
+/* TCP window size. The variable is not accessed by the
+/* set_inet_windowsize() function itself.
+/*
+/* Arguments:
+/* .IP sock
+/* TCP communication endpoint, before the connect(2) or listen(2) call.
+/* .IP windowsize
+/* The preferred TCP window size. This must be > 0.
+/* DIAGNOSTICS
+/* Panic: interface violation.
+/* Warnings: some error return from setsockopt().
+/* LICENSE
+/* .ad
+/* .fi
+/* The Secure Mailer license must be distributed with this software.
+/* AUTHOR(S)
+/* Wietse Venema
+/* IBM T.J. Watson Research
+/* P.O. Box 704
+/* Yorktown Heights, NY 10598, USA
+/*--*/
+
+/* System libraries. */
+
+#include <sys_defs.h>
+#include <sys/socket.h>
+
+/* Utility library. */
+
+#include <msg.h>
+#include <iostuff.h>
+
+/* Application storage. */
+
+int inet_windowsize;
+
+/* set_inet_windowsize - set TCP send/receive window size */
+
+void set_inet_windowsize(int sock, int windowsize)
+{
+
+ /*
+ * Sanity check.
+ */
+ if (windowsize <= 0)
+ msg_panic("inet_windowsize: bad window size %d", windowsize);
+
+ /*
+ * Generic implementation: set the send and receive buffer size before
+ * listen() or connect().
+ */
+ if (setsockopt(sock, SOL_SOCKET, SO_SNDBUF, (char *) &windowsize,
+ sizeof(windowsize)) < 0)
+ msg_warn("setsockopt SO_SNDBUF %d: %m", windowsize);
+ if (setsockopt(sock, SOL_SOCKET, SO_RCVBUF, (char *) &windowsize,
+ sizeof(windowsize)) < 0)
+ msg_warn("setsockopt SO_RCVBUF %d: %m", windowsize);
+}
extern ssize_t dummy_read(int, void *, size_t, int, void *);
extern ssize_t dummy_write(int, void *, size_t, int, void *);
+extern int inet_windowsize;
+extern void set_inet_windowsize(int, int);
+
#define BLOCKING 0
#define NON_BLOCKING 1
extern int stream_accept(int);
extern int upass_accept(int);
-extern int inet_windowsize;
-
/* LICENSE
/* .ad
/* .fi
projects / thirdparty / postfix.git / commitdiff
