-TABOUNCE
-TALIAS_TOKEN
+-TANVIL_CLNT
-TANVIL_LOCAL
-TANVIL_REMOTE
-TARGV
Feature: discard(8) mail delivery agent. Victor Duchovni,
Morgan Stanley. File: discard/discard.c.
-Open problems:
+20041002
+
+ Long overdue, a master(5) manual page based on an initial
+ version by Magnus Baeck.
+
+ By popular demand, a postfix-manuals.html web page with
+ totally useless links to UNIX-style manual pages (the same
+ information should already be available simply by typing
+ "apropos postfix"). To keep newbies from getting completely
+ lost due to information overload, the document starts with
+ a list of actually useful pointers to Postfix introductions,
+ duplicated from the already existing documents.html.
+
+20041006
+
+ Bugfix: "sendmail -bv" did not reject the -t option. File:
+ sendmail/sendmail.c.
- Low: master(5) manual page.
+20041007
+
+ Feature: SASL authentication attributes are now stored in
+ queue files and passed on to delivery agents, by Leandro
+ Santi. Files: deliver_pass.c, deliver_request.c,
+ qmgr_deliver.c, qmgr_message.c, pipe.c, smtpd.c.
+
+20041010
+
+ Feature: per SMTP client message rate limit and recipient
+ rate limit, by Ragnar Lonn, GHN network technologies.
+ Files: smtpd/smtpd.c, anvil/anvil.c, global/anvil_clnt.[hc].
+
+ Incompatibility: smtpd_client_connection_limit_exceptions
+ renamed to smtpd_client_event_limit_exceptions, because it
+ now also controls message and recipient rate limit control.
+
+Open problems:
Low: should the Delivered-To: test in local(8) be configurable?
and change the patchlevel and the release date. Patches are never
issued for snapshot releases.
+Incompatible changes with snapshot Postfix-2.2-20041009
+=======================================================
+
+You must reload or stop/start Postfix, because the queue manager
+to delivery agent protocol has changed. If you forget this, mail
+will remain queued until the queue manager is restarted.
+
+The smtpd_client_connection_limit_exceptions parameter is renamed
+to smtpd_client_event_limit_exceptions. Besides connections it now
+also applies to per-client message rate and recipient rate limits.
+
+Major changes with snapshot Postfix-2.2-20041009
+================================================
+
+Per SMTP client message rate and recipient rate limits. These limit
+the number of MAIL FROM or RCPT TO requests regardless of whether
+or not Postfix would have accepted them otherwise. The user interface
+(smtpd_client_message_rate_limit and smtpd_client_recipient_rate_limit)
+is similar to that of the existing per SMTP client connection rate
+limit, and the same warnings apply: these features are to be used
+to stop abuse, and must not be used to regulate legitimate mail.
+More details can be found in the postconf(5) manual.
+
Incompatible changes with snapshot Postfix-2.2-20040919
=======================================================
Major changes - critical
------------------------
-If you run Postfix 1.x or earlier then you must stop Postfix before
-upgrading. This is because the master-child protocols have changed,
-and very little will work with the old master daemon process.
-
-[Incompat 20021119] You can upgrade Postfix 2.0 without stopping.
-After upgrading an existing Postfix 2.0 system you must use "postfix
-reload". Some internal protocols have changed, but the master-child
-protocols are the same as with Postfix 2.0.
+If you run Postfix 2.0 or earlier then you must stop Postfix before
+upgrading. The master-child protocols have changed between Postfix
+1.1 and 2.0, and version 2.1 sometimes writes queue files that the
+2.0 and earlier queue managers complain about. If this happens move
+the files from the corrupt directory to the maildrop directory and
+give them another chance.
[Incompat 20021119] The Postfix upgrade procedure will add two new
services to your master.cf file: "trace" and "verify". These servers
[Incompat 20031226] Bounce messages now have a separate queue life
time. This is controlled by the bounce_queue_lifetime parameter.
+[Incompat 20031019] The authorized_verp_clients parameter was
+renamed to smtpd_authorized_verp_clients, and the default value
+was changed to disable this feature. You now have to turn it on
+explicitly.
+
Major changes - build environment
---------------------------------
# domain distribution. By default the recipient distribution is
# displayed. There can be more recipients than messages, but as
# each message has only one sender, the sender distribution is a
-# a message distribution.
+# message distribution.
# .IP \fB-p\fR
# Generate aggregate statistics for parent domains. Top level domains
# are not shown, nor are domains with fewer than \fImin_subdomains\fR
# The output is right justified, with the counts for the last
# bucket shown on the 80th column, the \fIterminal_width\fR can be
# adjusted for wider screens allowing more buckets to be displayed
-# with truncating the domain names on the left. When a row for a
+# without truncating the domain names on the left. When a row for a
# full domain name and its counters does not fit in the specified
# number of columns, only the last 17 bytes of the domain name
# are shown with the prefix replaced by a '+' character. Truncated
++$q{"TOTAL"}->[0];
++$q{"TOTAL"}->[$b];
$a = "MAILER-DAEMON" if ($a eq "");
- $a =~ s/.*\@\.*(.*[^.])?\.*$/$1/;
+ $a =~ s/.*\@//;
$a =~ s/\.\././g;
+ $a =~ s/\.?(.+?)\.?$/$1/;
my $new = 0;
do {
my $old = (++$q{$a}->[0] > 1);
#
# Note: use "postsuper -r" to release mail that was
# kept on hold for a significant fraction of $maxi-
-# mal_queue_lifetime or $bounce_queue_lifetime or
+# mal_queue_lifetime or $bounce_queue_lifetime, or
# longer.
#
# Note: this action currently affects all recipients
#
# Note: use "postsuper -r" to release mail that was
# kept on hold for a significant fraction of $maxi-
-# mal_queue_lifetime or $bounce_queue_lifetime or
+# mal_queue_lifetime or $bounce_queue_lifetime, or
# longer.
#
# Note: this action affects all recipients of the
#
-# Postfix master process configuration file. Each logical line
-# describes how a Postfix daemon program should be run.
-#
-# A logical line starts with non-whitespace, non-comment text.
-# Empty lines and whitespace-only lines are ignored, as are comment
-# lines whose first non-whitespace character is a `#'.
-# A line that starts with whitespace continues a logical line.
-#
-# The fields that make up each line are described below. A "-" field
-# value requests that a default value be used for that field.
-#
-# Service: any name that is valid for the specified transport type
-# (the next field). With INET transports, a service is specified as
-# host:port. The host part (and colon) may be omitted. Either host
-# or port may be given in symbolic form or in numeric form. Examples
-# for the SMTP server: localhost:smtp receives mail via the loopback
-# interface only; 10025 receives mail on port 10025.
-#
-# Transport type: "inet" for Internet sockets, "unix" for UNIX-domain
-# sockets, "fifo" for named pipes.
-#
-# Private: whether or not access is restricted to the mail system.
-# Default is private service. Internet (inet) sockets can't be private.
-#
-# Unprivileged: whether the service runs with root privileges or as
-# the owner of the Postfix system (the owner name is controlled by the
-# mail_owner configuration variable in the main.cf file). Only the
-# pipe, virtual and local delivery daemons require privileges.
-#
-# Chroot: whether or not the service runs chrooted to the mail queue
-# directory (pathname is controlled by the queue_directory configuration
-# variable in the main.cf file). Presently, all Postfix daemons can run
-# chrooted, except for the pipe, virtual and local delivery daemons.
-# The proxymap server can run chrooted, but doing so defeats most of
-# the purpose of having that service in the first place.
-# The files in the examples/chroot-setup subdirectory describe how
-# to set up a Postfix chroot environment for your type of machine.
-#
-# Wakeup time: automatically wake up the named service after the
-# specified number of seconds. A ? at the end of the wakeup time
-# field requests that wake up events be sent only to services that
-# are actually being used. Specify 0 for no wakeup. Presently, only
-# the pickup, queue manager and flush daemons need a wakeup timer.
-#
-# Max procs: the maximum number of processes that may execute this
-# service simultaneously. Default is to use a globally configurable
-# limit (the default_process_limit configuration parameter in main.cf).
-# Specify 0 for no process count limit.
-#
-# Command + args: the command to be executed. The command name is
-# relative to the Postfix program directory (pathname is controlled by
-# the daemon_directory configuration variable). Adding one or more
-# -v options turns on verbose logging for that service; adding a -D
-# option enables symbolic debugging (see the debugger_command variable
-# in the main.cf configuration file). See individual command man pages
-# for specific command-line options, if any.
-#
-# General main.cf options can be overridden for specific services.
-# To override one or more main.cf options, specify them as arguments
-# below, preceding each option by "-o". There must be no whitespace
-# in the option itself (separate multiple values for an option by
-# commas).
-#
-# In order to use the "uucp" message tranport below, set up entries
-# in the transport table.
-#
-# In order to use the "cyrus" message transport below, configure it
-# in main.cf as the mailbox_transport.
-#
-# SPECIFY ONLY PROGRAMS THAT ARE WRITTEN TO RUN AS POSTFIX DAEMONS.
-# ALL DAEMONS SPECIFIED HERE MUST SPEAK A POSTFIX-INTERNAL PROTOCOL.
-#
-# DO NOT SHARE THE POSTFIX QUEUE BETWEEN MULTIPLE POSTFIX INSTANCES.
+# Postfix master process configuration file. For details on the format
+# of the file, see master(5).
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
#
+# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
-# See the pipe(8) man page for information about ${recipient} and
-# other message envelope options.
+# Many of the following services use the Postfix pipe(8) delivery
+# agent. See the pipe(8) man page for information about ${recipient}
+# and other message envelope options.
+# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
+# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
# Also specify in main.cf: cyrus_destination_recipient_limit=1
cyrus unix - n n - - pipe
user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
+#
+# See the Postfix UUCP_README file for configuration details.
+#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
+#
+# Other external delivery methods.
+#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
$manpage_directory/man5/cidr_table.5:f:root:-:644
$manpage_directory/man5/header_checks.5:f:root:-:644
$manpage_directory/man5/ldap_table.5:f:root:-:644
+$manpage_directory/man5/master.5:f:root:-:644
$manpage_directory/man5/mysql_table.5:f:root:-:644
$manpage_directory/man5/pcre_table.5:f:root:-:644
$manpage_directory/man5/pgsql_table.5:f:root:-:644
$html_directory/lmtp.8.html:f:root:-:644
$html_directory/local.8.html:f:root:-:644
$html_directory/mailq.1.html:f:root:-:644
+$html_directory/master.5.html:f:root:-:644
$html_directory/master.8.html:f:root:-:644
$html_directory/mysql_table.5.html:f:root:-:644
$html_directory/newaliases.1.html:f:root:-:644
CONFIG = access.5.html aliases.5.html canonical.5.html relocated.5.html \
transport.5.html virtual.5.html pcre_table.5.html regexp_table.5.html \
cidr_table.5.html tcp_table.5.html header_checks.5.html \
- ldap_table.5.html mysql_table.5.html pgsql_table.5.html
+ ldap_table.5.html mysql_table.5.html pgsql_table.5.html \
+ master.5.html
+OTHER = postfix-manuals.html
AWK = awk '{ print; if (NR == 2) print ".pl 9999\n.ll 65" }'
MAN2HTML = man2html -t "Postfix manual - `IFS=.; set \`echo $@\`; echo \"$$1($$2)\"`"
-update: $(DAEMONS) $(COMMANDS) $(CONFIG)
+update: $(DAEMONS) $(COMMANDS) $(CONFIG) $(OTHER)
Makefile: Makefile.in
(set -e; echo "# DO NOT EDIT"; $(OPTS) $(SHELL) ../src/makedefs; cat $?) >$@
PATH=../mantools:$$PATH; \
srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
+master.5.html: ../proto/master
+ PATH=../mantools:$$PATH; \
+ srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
+
mysql_table.5.html: ../proto/mysql_table
PATH=../mantools:$$PATH; \
srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
virtual.5.html: ../proto/virtual
PATH=../mantools:$$PATH; \
srctoman - $? | $(AWK) | nroff -man | uniq | $(MAN2HTML) | postlink >$@
+
+postfix-manuals.html: ../src/postfix/postfix.c ../mantools/makemanidx
+ PATH=../mantools:$$PATH; \
+ makemanidx ../src/postfix/postfix.c | postlink >$@
Note: use "<b>postsuper -r</b>" to release mail that was
kept on hold for a significant fraction of <b>$<a href="postconf.5.html#maximal_queue_lifetime">maxi</a>-</b>
- <b><a href="postconf.5.html#maximal_queue_lifetime">mal_queue_lifetime</a></b> or <b>$<a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a></b> or
+ <b><a href="postconf.5.html#maximal_queue_lifetime">mal_queue_lifetime</a></b> or <b>$<a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a></b>, or
longer.
Note: this action currently affects all recipients
ANVIL(8) ANVIL(8)
<b>NAME</b>
- anvil - Postfix client count and rate management
+ anvil - Postfix client count and request rate management
<b>SYNOPSIS</b>
<b>anvil</b> [generic Postfix daemon options]
The Postfix <b>anvil</b> server maintains short-term statistics
to defend against clients that hammer a server with either
too many parallel connections or with too many successive
- connection attempts within a configurable time interval.
- This server is designed to run under control by the Post-
- fix master server.
+ requests within a configurable time interval. This server
+ is designed to run under control by the Postfix master
+ server.
The <b>anvil</b> server maintains no persistent database. Stan-
dard library utilities do not meet Postfix performance and
robustness requirements.
-<b>PROTOCOL</b>
+<b>CONNECTION COUNT/RATE LIMITING</b>
When a remote client connects, a connection count (or
rate) limited server should send the following request to
the <b>anvil</b> server:
<b>status=0</b>
+<b>MESSAGE RATE LIMITING</b>
+ When a remote client sends a message delivery request, a
+ message rate limited server should send the following
+ request to the <b>anvil</b> server:
+
+ <b>request=message</b>
+ <b>ident=</b><i>string</i>
+
+ This registers a message delivery request for the (ser-
+ vice, client) combination specified with <b>ident</b>. The <b>anvil</b>
+ server answers with the number of message delivery
+ requests per unit time for that (service, client) combina-
+ tion:
+
+ <b>status=0</b>
+ <b>rate=</b><i>number</i>
+
+ In order prevent the anvil server from discarding client
+ request rates too early or too late, a message rate lim-
+ ited service should also register connect/disconnect
+ events.
+
+ This feature is available in Postfix 2.2 and later.
+
+<b>RECIPIENT RATE LIMITING</b>
+ When a remote client sends a recipient address, a recipi-
+ ent rate limited server should send the following request
+ to the <b>anvil</b> server:
+
+ <b>request=recipient</b>
+ <b>ident=</b><i>string</i>
+
+ This registers a recipient address for the (service,
+ client) combination specified with <b>ident</b>. The <b>anvil</b> server
+ answers with the number of recipient addresses per unit
+ time for that (service, client) combination:
+
+ <b>status=0</b>
+ <b>rate=</b><i>number</i>
+
+ In order prevent the anvil server from discarding client
+ request rates too early or too late, a recipient rate lim-
+ ited service should also register connect/disconnect
+ events.
+
+ This feature is available in Postfix 2.2 and later.
+
<b>SECURITY</b>
- The <b>anvil</b> server does not talk to the network or to local
+ The <b>anvil</b> server does not talk to the network or to local
users, and can run chrooted at fixed low privilege.
- The <b>anvil</b> server maintains an in-memory table with infor-
- mation about recent clients of a connection count (or
- rate) limited service. Although state is kept only tem-
+ The <b>anvil</b> server maintains an in-memory table with infor-
+ mation about recent clients of a connection count (or
+ rate) limited service. Although state is kept only tem-
porarily, this may require a lot of memory on systems that
- handle connections from many remote clients. To reduce
- memory usage, reduce the time unit over which state is
+ handle connections from many remote clients. To reduce
+ memory usage, reduce the time unit over which state is
kept.
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8).
Upon exit, and every <b><a href="postconf.5.html#anvil_status_update_time">anvil_status_update_time</a></b> seconds, the
- server logs the maximal count and rate values measured,
- together with (service, client) information and the time
- of day associated with those events.
+ server logs the maximal count and rate values measured,
+ together with (service, client) information and the time
+ of day associated with those events. In order to avoid
+ unnecessary overhead, no measurements are done for activ-
+ ity that isn't concurrency limited or rate limited.
<b>BUGS</b>
- Systems behind network address translating routers or
+ Systems behind network address translating routers or
proxies appear to have the same client address and can run
into connection count and/or rate limits falsely.
In this preliminary implementation, a count (or rate) lim-
- ited server can have only one remote client at a time. If
- a server reports multiple simultaneous clients, all but
+ ited server can have only one remote client at a time. If
+ a server reports multiple simultaneous clients, all but
the last reported client are ignored.
<b>CONFIGURATION PARAMETERS</b>
Changes to <b>main.cf</b> are picked up automatically as <a href="anvil.8.html">anvil(8)</a>
- processes run for only a limited amount of time. Use the
+ processes run for only a limited amount of time. Use the
command "<b>postfix reload</b>" to speed up a change.
- The text below provides only a parameter summary. See
+ The text below provides only a parameter summary. See
<a href="postconf.5.html">postconf(5)</a> for more details including examples.
<b><a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a> (60s)</b>
- The time unit over which client connection rates
+ The time unit over which client connection rates
and other rates are calculated.
<b><a href="postconf.5.html#anvil_status_update_time">anvil_status_update_time</a> (600s)</b>
- How frequently the <a href="anvil.8.html">anvil(8)</a> connection and rate
+ How frequently the <a href="anvil.8.html">anvil(8)</a> connection and rate
limiting server logs peak usage information.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix main.cf and
+ The default location of the Postfix main.cf and
master.cf configuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to
- handle a request before it is terminated by a
+ How much time a Postfix daemon process may take to
+ handle a request before it is terminated by a
built-in watchdog timer.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
over an internal communication channel.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix
- daemon process waits for the next service request
+ The maximum amount of time that an idle Postfix
+ daemon process waits for the next service request
before exiting.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of connection requests before a
+ The maximal number of connection requests before a
Postfix daemon process terminates.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon pro-
+ The process ID of a Postfix command or daemon pro-
cess.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
+ The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
- The mail system name that is prepended to the pro-
+ The mail system name that is prepended to the pro-
cess name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
<a href="TUNING_README.html">TUNING_README</a>, performance tuning
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>HISTORY</b>
Note: use "<b>postsuper -r</b>" to release mail that was
kept on hold for a significant fraction of <b>$<a href="postconf.5.html#maximal_queue_lifetime">maxi</a>-</b>
- <b><a href="postconf.5.html#maximal_queue_lifetime">mal_queue_lifetime</a></b> or <b>$<a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a></b> or
+ <b><a href="postconf.5.html#maximal_queue_lifetime">mal_queue_lifetime</a></b> or <b>$<a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a></b>, or
longer.
Note: this action affects all recipients of the
<li> <a href="postconf.5.html"> All main.cf parameters </a>
+<li> <a href="postfix-manuals.html"> All Postfix manual pages </a>
+
<li> <a href="LOCAL_RECIPIENT_README.html"> Rejecting Unknown Local
Recipients </a>
<b>server_host (default: localhost)</b>
The name of the host running the LDAP server, e.g.
- server_host = ldap.your.com
+ server_host = ldap.example.com
Depending on the LDAP client library you're using,
it should be possible to specify multiple servers
the first one fail. It should also be possible to
give each server in the list a different port
(overriding <b>server_port</b> below), by naming them like
- server_host = ldap.your.com:1444
+ server_host = ldap.example.com:1444
With OpenLDAP, a (list of) LDAP URLs can be used to
specify both the hostname(s) and the port(s):
- server_host = <a href="ldap_table.5.html">ldap</a>://ldap.your.com:1444
+ server_host = <a href="ldap_table.5.html">ldap</a>://ldap.example.com:1444
+ <a href="ldap_table.5.html">ldap</a>://ldap2.example.com:1444
All LDAP URLs accepted by the OpenLDAP library are
supported, including connections over UNIX domain
sockets, and LDAP SSL (the last one provided that
OpenLDAP was compiled with support for SSL):
server_host = ldapi://%2Fsome%2Fpath
- server_host = ldaps://ldap.your.com:636
+ ldaps://ldap.example.com:636
<b>server_port (default: 389)</b>
The port the LDAP server listens on, e.g.
LDAP SSL service can be requested by using a LDAP SSL URL
in the server_host parameter:
- server_host = ldaps://ldap.your.com:636
+ server_host = ldaps://ldap.example.com:636
STARTTLS can be turned on with the start_tls parameter:
start_tls = yes
--- /dev/null
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
+<title> Postfix manual - master(5) </title>
+</head> <body> <pre>
+MASTER(5) MASTER(5)
+
+<b>NAME</b>
+ master - Postfix master process configuration file format
+
+<b>DESCRIPTION</b>
+ The Postfix mail system is implemented by small number of
+ (mostly) client commands that are invoked by users, and by
+ a larger number of services that run in the background.
+
+ Postfix services run under control of the <a href="master.8.html"><b>master</b>(8)</a> pro-
+ cess. The master.cf configuration file defines how a
+ client program connects to a service, and what daemon pro-
+ gram runs when a service is requested. Most daemon pro-
+ cesses are short-lived and terminate after serving <b><a href="postconf.5.html#max_use">max_use</a></b>
+ clients, or after inactivity for <b><a href="postconf.5.html#max_idle">max_idle</a></b> or more units of
+ time.
+
+ All daemons specified here must speak a Postfix-internal
+ protocol. In order to execute non-Postfix software use the
+ <a href="local.8.html"><b>local</b>(8)</a>, <a href="pipe.8.html"><b>pipe</b>(8)</a> or <a href="spawn.8.html"><b>spawn</b>(8)</a> services, or run the server
+ under control by <b>inetd</b>(8) or equivalent.
+
+ Changes in master.cf requires that "<b>postfix reload</b>" be
+ executed in order to reload the configuration.
+
+<b>SYNTAX</b>
+ The general format of the master.cf file is as follows:
+
+ <b>o</b> Each logical line defines a single Postfix service.
+ Each service is identified by its name and type as
+ described below. When multiple lines specify the
+ same service name and type, only the last one is
+ remembered. Otherwise, the order of master.cf ser-
+ vice definitions does not matter.
+
+ <b>o</b> Empty lines and whitespace-only lines are ignored,
+ as are lines whose first non-whitespace character
+ is a `#'.
+
+ <b>o</b> A logical line starts with non-whitespace text. A
+ line that starts with whitespace continues a logi-
+ cal line.
+
+ Each logical line consists of eight fields separated by
+ whitespace. These are described below in the order as
+ they appear in the master.cf file.
+
+ Where applicable a field of "-" requests that the built-in
+ default value be used. For boolean fields specify "y" or
+ "n" to override the default value.
+
+ <b>Service name</b>
+ The service name syntax depends on the service type
+ as described next.
+
+ <b>Service type</b>
+ Specify one of the following service types:
+
+ <b>inet</b> The service listens on a TCP/IP socket and
+ is therefore accessible via the network.
+
+ The service name is specified as <i>host:port</i>,
+ denoting the host and port on which new con-
+ nections should be accepted. The host part
+ (and colon) may be omitted. Either host or
+ port may be given in symbolic form (host or
+ service name) or in numeric form (IP address
+ or port number).
+
+ Examples: a service name of <b>127.0.0.1:smtp</b>
+ receives mail via the loopback interface
+ only; and a service name of <b>10025</b> accepts
+ connections on TCP port 10025 via all inter-
+ faces configured with the <b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b>
+ parameter.
+
+ <b>unix</b> The service listens on a UNIX-domain socket
+ and is accessible for local clients only.
+
+ The service name is a pathname relative to
+ the Postfix queue directory (pathname con-
+ trolled with the <b><a href="postconf.5.html#queue_directory">queue_directory</a></b> configura-
+ tion parameter in main.cf).
+
+ On Solaris systems the <b>unix</b> type is imple-
+ mented with streams sockets.
+
+ <b>fifo</b> The service listens on a FIFO (named pipe)
+ and is accessible for local clients only.
+
+ The service name is a pathname relative to
+ the Postfix queue directory (pathname con-
+ trolled with the <b><a href="postconf.5.html#queue_directory">queue_directory</a></b> configura-
+ tion parameter in main.cf).
+
+ <b>Private (default: y)</b>
+ Whether or not access is restricted to the mail
+ system. Internet (type <b>inet</b>) services can't be
+ private.
+
+ <b>Unprivileged (default: y)</b>
+ Whether the service runs with root privileges or as
+ the owner of the Postfix system (the owner name is
+ controlled by the <b><a href="postconf.5.html#mail_owner">mail_owner</a></b> configuration variable
+ in the main.cf file).
+
+ The <a href="local.8.html"><b>local</b>(8)</a>, <a href="pipe.8.html"><b>pipe</b>(8)</a>, <a href="spawn.8.html"><b>spawn</b>(8)</a>, and <a href="virtual.8.html"><b>virtual</b>(8)</a>
+ daemons require privileges.
+
+ <b>Chroot (default: y)</b>
+ Whether or not the service runs chrooted to the
+ mail queue directory (pathname is controlled by the
+ <b><a href="postconf.5.html#queue_directory">queue_directory</a></b> configuration variable in the
+ main.cf file).
+
+ Chroot should not be used with the <a href="local.8.html"><b>local</b>(8)</a>,
+ <a href="pipe.8.html"><b>pipe</b>(8)</a> and <a href="spawn.8.html"><b>spawn</b>(8)</a> daemons. Although the <a href="proxymap.8.html"><b>prox-</b></a>
+ <a href="proxymap.8.html"><b>ymap</b>(8)</a> server can run chrooted, doing so defeats
+ most of the purpose of having that service in the
+ first place.
+
+ The files in the examples/chroot-setup subdirectory
+ of the Postfix source archive describe how to set
+ up a Postfix chroot environment for your type of
+ machine, and <a href="BASIC_CONFIGURATION_README.html">BASIC_CONFIGURATION_README</a> discusses
+ issues related to running daemons chrooted.
+
+ <b>Wakeup time (default: 0)</b>
+ Automatically wake up the named service after the
+ specified number of seconds. The wake up is imple-
+ mented by connecting to the service and sending a
+ wake up request. A ? at the end of the wake up
+ time field requests that wake up events be sent
+ only to services that are actually being used.
+ Specify 0 for no automatic wake up.
+
+ The <a href="pickup.8.html"><b>pickup</b>(8)</a>, <a href="qmgr.8.html"><b>qmgr</b>(8)</a> and <a href="flush.8.html"><b>flush</b>(8)</a> daemons require
+ a wake up timer.
+
+ <b>Process limit (default: $<a href="postconf.5.html#default_process_limit">default_process_limit</a>)</b>
+ The maximum number of processes that may execute
+ this service simultaneously. Specify 0 for no pro-
+ cess count limit.
+
+ NOTE: Some Postfix services must be configured as a
+ single-process service (for example, <a href="qmgr.8.html"><b>qmgr</b>(8)</a>) and
+ some services must be configured with no process
+ limit (for example, <a href="cleanup.8.html"><b>cleanup</b>(8)</a>). These limits must
+ not be changed.
+
+ <b>Command name + arguments</b>
+ The command to be executed. Characters that are
+ special to the shell such as ">" or "|" have no
+ special meaning here, and quotes cannot be used to
+ protect arguments containing whitespace.
+
+ The command name is relative to the Postfix daemon
+ directory (pathname is controlled by the <b><a href="postconf.5.html#daemon_directory">dae</a>-</b>
+ <b><a href="postconf.5.html#daemon_directory">mon_directory</a></b> configuration variable).
+
+ The command argument syntax for specific commands
+ is specified in the respective daemon manual page.
+
+ The following command-line options have the same
+ effect for all daemon programs:
+
+ <b>-D</b> Run the daemon under control by the command
+ specified with the <b><a href="postconf.5.html#debugger_command">debugger_command</a></b> variable
+ in the main.cf configuration file. See
+ <a href="DEBUG_README.html">DEBUG_README</a> for hints and tips.
+
+ <b>-o</b> <i>name</i>=<i>value</i>
+ Override the named main.cf configuration
+ parameter. The parameter value can refer to
+ other parameters as <i>$name</i> etc., just like in
+ main.cf. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for syntax.
+
+ NOTE 1: do not specify whitespace around the
+ "=". In parameter values, either avoid
+ whitespace altogether, use commas instead of
+ spaces, or consider overrides like "-o
+ name=$override_parameter" with $over-
+ ride_parameter set in main.cf.
+
+ NOTE 2: Over-zealous use of parameter over-
+ rides makes the Postfix configuration hard
+ to understand and maintain. At a certain
+ point, it might be easier to configure mul-
+ tiple instances of Postfix, instead of con-
+ figuring multiple personalities via mas-
+ ter.cf.
+
+ <b>-v</b> Increase the verbose logging level. Specify
+ multiple <b>-v</b> options to make a command more
+ verbose.
+
+<b>SEE ALSO</b>
+ <a href="master.8.html">master(8)</a>, process manager
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+
+<b>README FILES</b>
+ <a href="BASIC_CONFIGURATION_README.html">BASIC_CONFIGURATION_README</a>, basic configuration
+ <a href="DEBUG_README.html">DEBUG_README</a>, Postfix debugging
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this
+ software.
+
+<b>AUTHOR(S)</b>
+ Initial version by
+ Magnus Baeck
+ Lund Institute of Technology
+ Sweden
+
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ MASTER(5)
+</pre> </body> </html>
master - Postfix master process
<b>SYNOPSIS</b>
- <b>master</b> [<b>-Dtv</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>]
- [<b>-e</b> <i>exit</i><b>_</b><i>time</i>]
+ <b>master</b> [<b>-Dtv</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] [<b>-e</b> <i>exit</i><b>_</b><i>time</i>]
<b>DESCRIPTION</b>
The <b>master</b> daemon is the resident process that runs Post-
address verification server.
The behavior of the <b>master</b> daemon is controlled by the
- <b>master.cf</b> configuration file. The table specifies zero or
- more servers in the <b>UNIX</b> or <b>INET</b> domain, or servers that
- take requests from a FIFO. Precise configuration details
- are given in the <b>master.cf</b> file, and in the manual pages
- of the respective daemons.
+ <b>master.cf</b> configuration file, as described in <a href="master.5.html">master(5)</a>.
Options:
<b>-c</b> <i>config</i><b>_</b><i>dir</i>
Read the <b>main.cf</b> and <b>master.cf</b> configuration files
in the named directory instead of the default con-
- figuration directory.
+ figuration directory. This also overrides the con-
+ figuration files for other Postfix daemon pro-
+ cesses.
<b>-e</b> <i>exit</i><b>_</b><i>time</i>
Terminate the master process after <i>exit</i><b>_</b><i>time</i> sec-
<b>SEE ALSO</b>
<a href="qmgr.8.html">qmgr(8)</a>, queue manager
<a href="verify.8.html">verify(8)</a>, address verification
- <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="master.5.html">master(5)</a>, master.cf configuration file syntax
+ <a href="postconf.5.html">postconf(5)</a>, main.cf configuration parameter syntax
syslogd(8), system logging
<b>LICENSE</b>
In the command argument vector, the following
macros are recognized and replaced with correspond-
ing information from the Postfix queue manager
- delivery request:
+ delivery request.
+
+ In addition to the form ${<i>name</i>}, the forms $<i>name</i>
+ and $(<i>name</i>) are also recognized. Specify <b>$$</b> where
+ a single <b>$</b> is wanted.
<b>${extension</b>}
This macro expands to the extension part of
This information is modified by the <b>hqu</b>
flags for quoting and case folding.
+ <b>${sasl_method</b>}
+ This macro expands to the SASL authentica-
+ tion mechanism used during the reception of
+ the message. An empty string is passed if
+ the message has been received without SASL
+ authentication.
+
+ This is available in Postfix 2.2 and later.
+
+ <b>${sasl_sender</b>}
+ This macro expands to the SASL sender name
+ (i.e. the original submitter as per RFC
+ 2554) used during the reception of the mes-
+ sage.
+
+ This is available in Postfix 2.2 and later.
+
+ <b>${sasl_username</b>}
+ This macro expands to the SASL user name
+ used during the reception of the message. An
+ empty string is passed if the message has
+ been received without SASL authentication.
+
+ This is available in Postfix 2.2 and later.
+
<b>${sender</b>}
- This macro expands to the envelope sender
+ This macro expands to the envelope sender
address.
- This information is modified by the <b>q</b> flag
+ This information is modified by the <b>q</b> flag
for quoting.
<b>${size</b>}
- This macro expands to Postfix's idea of the
- message size, which is an approximation of
+ This macro expands to Postfix's idea of the
+ message size, which is an approximation of
the size of the message as delivered.
<b>${user</b>}
This macro expands to the username part of a
- recipient address. For example, with an
+ recipient address. For example, with an
address <i>user+foo@domain</i> the username part is
<i>user</i>.
- A command-line argument that contains
- <b>${user</b>} expands into as many command-line
+ A command-line argument that contains
+ <b>${user</b>} expands into as many command-line
arguments as there are recipients.
- This information is modified by the <b>u</b> flag
+ This information is modified by the <b>u</b> flag
for case folding.
- In addition to the form ${<i>name</i>}, the forms $<i>name</i> and
- $(<i>name</i>) are also recognized. Specify <b>$$</b> where a single <b>$</b>
- is wanted.
-
<b>DIAGNOSTICS</b>
- Command exit status codes are expected to follow the con-
+ Command exit status codes are expected to follow the con-
ventions defined in <<b>sysexits.h</b>>.
- Problems and transactions are logged to <b>syslogd</b>(8). Cor-
- rupted message files are marked so that the queue manager
+ Problems and transactions are logged to <b>syslogd</b>(8). Cor-
+ rupted message files are marked so that the queue manager
can move them to the <b>corrupt</b> queue for further inspection.
<b>SECURITY</b>
- This program needs a dual personality 1) to access the
- private Postfix queue and IPC mechanisms, and 2) to exe-
+ This program needs a dual personality 1) to access the
+ private Postfix queue and IPC mechanisms, and 2) to exe-
cute external commands as the specified user. It is there-
fore security sensitive.
<b>CONFIGURATION PARAMETERS</b>
- Changes
to <b>main.cf</b> are picked up automatically as <a href="pipe.8.html">pipe(8)</a>
- processes run for only a limited amount of time. Use the
+ Changes
to <b>main.cf</b> are picked up automatically as <a href="pipe.8.html">pipe(8)</a>
+ processes run for only a limited amount of time. Use the
command "<b>postfix reload</b>" to speed up a change.
- The text below provides only a parameter summary. See
+ The text below provides only a parameter summary. See
<a href="postconf.5.html">postconf(5)</a> for more details including examples.
<b>RESOURCE AND RATE CONTROLS</b>
- In the text below, <i>transport</i> is the first field in a <b>mas-</b>
+ In the text below, <i>transport</i> is the first field in a <b>mas-</b>
<b>ter.cf</b> entry.
<i>transport</i><b>_destination_concurrency_limit ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destina</a>-</b>
<b><a href="postconf.5.html#default_destination_concurrency_limit">tion_concurrency_limit</a>)</b>
Limit the number of parallel deliveries to the same
- destination, for delivery via the named <i>transport</i>.
+ destination, for delivery via the named <i>transport</i>.
The limit is enforced by the Postfix queue manager.
<i>transport</i><b>_destination_recipient_limit ($<a href="postconf.5.html#default_destination_recipient_limit">default_destina</a>-</b>
<b><a href="postconf.5.html#default_destination_recipient_limit">tion_recipient_limit</a>)</b>
- Limit the number of recipients per message deliv-
- ery, for delivery via the named <i>transport</i>. The
+ Limit the number of recipients per message deliv-
+ ery, for delivery via the named <i>transport</i>. The
limit is enforced by the Postfix queue manager.
<i>transport</i><b>_time_limit ($<a href="postconf.5.html#command_time_limit">command_time_limit</a>)</b>
- Limit the time for delivery to external command,
+ Limit the time for delivery to external command,
for delivery via the named <i>transport</i>. The limit is
enforced by the pipe delivery agent.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix main.cf and
+ The default location of the Postfix main.cf and
master.cf configuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to
- handle a request before it is terminated by a
+ How much time a Postfix daemon process may take to
+ handle a request before it is terminated by a
built-in watchdog timer.
<b><a href="postconf.5.html#export_environment">export_environment</a> (see 'postconf -d' output)</b>
- The list of environment variables that a Postfix
+ The list of environment variables that a Postfix
process will export to non-Postfix processes.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
and most Postfix daemon processes.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix
- daemon process waits for the next service request
+ The maximum amount of time that an idle Postfix
+ daemon process waits for the next service request
before exiting.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of connection requests before a
+ The maximal number of connection requests before a
Postfix daemon process terminates.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon pro-
+ The process ID of a Postfix command or daemon pro-
cess.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
+ The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
+ The location of the Postfix top-level queue direc-
tory.
<b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> (empty)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
- The mail system name that is prepended to the pro-
+ The mail system name that is prepended to the pro-
cess name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
syslogd(8), system logging
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
<p>
Specify a list of names and/or name=value pairs, separated by
-whitespace or comma.
+whitespace or comma. The name=value form is supported with
+Postfix 2.1 and later.
</p>
<p>
</ul>
-<p></p>
+<p> This feature is available in Postfix 2.2 and later. </p>
</DD>
an SMTP session is reused before it is closed.
</p>
+<p> This feature is available in Postfix 2.2 and later. </p>
+
</DD>
not specify larger values without permission from the remote sites.
</p>
+<p> This feature is available in Postfix 2.2 and later. </p>
+
</DD>
(default: 50)</b></DT><DD>
<p>
-How many simultaneous connections any SMTP client is allowed to
-make to the SMTP service. By default, the limit is set it to half
+How many simultaneous connections any client is allowed to
+make to this service. By default, the limit is set to half
the default process limit value.
</p>
</p>
<p>
-This feature is not part of the stable Postfix 2.1 release.
+This feature is available in Postfix 2.2 and later.
</p>
</DD>
-<DT><b><a name="smtpd_client_connection_limit_exceptions">smtpd_client_connection_limit_exceptions</a>
+<DT><b><a name="smtpd_client_connection_rate_limit">smtpd_client_connection_rate_limit</a>
+(default: 0)</b></DT><DD>
+
+<p>
+The maximal number of connection attempts any client is allowed to
+make to this service per time unit. The time unit is specified
+with the <a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a> configuration parameter.
+</p>
+
+<p>
+By default, a client can make as many connections per time unit as
+Postfix can accept.
+</p>
+
+<p>
+To disable this feature, specify a limit of 0.
+</p>
+
+<p>
+WARNING: The purpose of this feature is to limit abuse. It must
+not be used to regulate legitimate mail traffic.
+</p>
+
+<p>
+This feature is available in Postfix 2.2 and later.
+</p>
+
+<p>
+Example:
+</p>
+
+<pre>
+<a href="postconf.5.html#smtpd_client_connection_rate_limit">smtpd_client_connection_rate_limit</a> = 1000
+</pre>
+
+
+</DD>
+
+<DT><b><a name="smtpd_client_event_limit_exceptions">smtpd_client_event_limit_exceptions</a>
(default: $<a href="postconf.5.html#mynetworks">mynetworks</a>)</b></DT><DD>
<p>
-Clients that are excluded from connection count or connection rate
-restrictions.
+Clients that are excluded from connection count, connection rate,
+message rate or recipient rate restrictions.
</p>
<p>
</p>
<p>
-This feature is not part of the stable Postfix 2.1 release.
+This feature is available in Postfix 2.2 and later.
</p>
</DD>
-<DT><b><a name="smtpd_client_connection_rate_limit">smtpd_client_connection_rate_limit</a>
+<DT><b><a name="smtpd_client_message_rate_limit">smtpd_client_message_rate_limit</a>
(default: 0)</b></DT><DD>
<p>
-The maximal number of connection attempts any client is allowed to
-make to this service per time unit. The time unit is specified
-with the <a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a> configuration parameter, and defaults
-to one minute.
+The maximal number of message delivery requests that any client is
+allowed to make to this service per time unit, regardless of whether
+or not Postfix actually accepts those messages. The time unit is
+specified with the <a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a> configuration parameter.
</p>
<p>
-By default, a client can make as many connections per time unit as
-Postfix can accept.
+By default, a client can send as many message delivery requests
+requests per time unit as Postfix can accept.
</p>
<p>
</p>
<p>
-This feature is not part of the stable Postfix 2.1 release.
+This feature is available in Postfix 2.2 and later.
</p>
<p>
</p>
<pre>
-<a href="postconf.5.html#smtpd_client_connection_rate_limit">smtpd_client_connection_rate_limit</a> = 1000
+<a href="postconf.5.html#smtpd_client_message_rate_limit">smtpd_client_message_rate_limit</a> = 1000
+</pre>
+
+
+</DD>
+
+<DT><b><a name="smtpd_client_recipient_rate_limit">smtpd_client_recipient_rate_limit</a>
+(default: 0)</b></DT><DD>
+
+<p>
+The maximal number of recipient addresses that any client is allowed
+to send to this service per time unit, regardless of whether or not
+Postfix actually accepts those recipients. The time unit is specified
+with the <a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a> configuration parameter.
+</p>
+
+<p>
+By default, a client can make as many recipient addresses per time
+unit as Postfix can accept.
+</p>
+
+<p>
+To disable this feature, specify a limit of 0.
+</p>
+
+<p>
+WARNING: The purpose of this feature is to limit abuse. It must
+not be used to regulate legitimate mail traffic.
+</p>
+
+<p>
+This feature is available in Postfix 2.2 and later.
+</p>
+
+<p>
+Example:
+</p>
+
+<pre>
+<a href="postconf.5.html#smtpd_client_recipient_rate_limit">smtpd_client_recipient_rate_limit</a> = 1000
</pre>
--- /dev/null
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix Manual Pages </title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix
+Manual Pages </h1>
+
+<hr>
+
+<h2> Information for new Postfix users </h2>
+
+<p> New Postfix users should first look at the following introductory
+documents. These introductions are hyperlinked to more advanced
+documents and to UNIX-style manual pages. The UNIX-style manual
+pages are intended for people who are already familiar with Postfix.
+</p>
+
+<ul>
+
+<li> <a href="OVERVIEW.html"> Postfix architecture overview </a>
+
+<li> <a href="BASIC_CONFIGURATION_README.html"> Basic configuration
+</a>
+
+<li> <a href="DEBUG_README.html"> Trouble shooting </a>
+
+<li> <a href="CONTENT_INSPECTION_README.html"> Content inspection
+overview</a>
+
+<li> <a href="SMTPD_ACCESS_README.html">Relay/access control overview
+</a>
+
+<li> <a href="DATABASE_README.html"> Lookup table overview </a>
+
+</ul>
+
+<h2> Postfix manual page organization </h2>
+
+<p> Each Postfix manual page is numbered after a section of the
+UNIX manual: examples are <a href="mailq.1.html">mailq(1)</a> or <a href="access.5.html">access(5)</a>. Unfortunately,
+the organization of manual pages depends on the UNIX version being
+used. Postfix documentation assumes the following convention:
+</p>
+
+<blockquote>
+
+<table cellpadding="0" cellspacing="0">
+
+<tr><th> Section </th> <th> Topic </th> </tr>
+
+<tr><td colspan="2"> <hr> </td> </tr>
+
+<tr><td align="center"> 1 </td> <td> Commands </td> </tr>
+
+<tr><td align="center"> 3 </td> <td> Library routines </td> </tr>
+
+<tr><td align="center"> 5 </td> <td> File formats </td> </tr>
+
+<tr><td align="center"> 8 </td> <td> Daemons </td> </tr>
+
+</table>
+
+</blockquote>
+
+<h2> Commands </h2>
+
+<ul>
+
+
+<li> <a href="postalias.1.html">postalias(1)</a>, create/update/query alias database
+
+<li> <a href="postcat.1.html">postcat(1)</a>, examine Postfix queue file
+
+<li> <a href="postkick.1.html">postkick(1)</a>, trigger Postfix daemon
+
+<li> <a href="postlock.1.html">postlock(1)</a>, Postfix-compatible locking
+
+<li> <a href="postlog.1.html">postlog(1)</a>, Postfix-compatible logging
+
+<li> <a href="postmap.1.html">postmap(1)</a>, Postfix lookup table manager
+
+<li> <a href="postqueue.1.html">postqueue(1)</a>, Postfix mail queue control
+
+<li> <a href="postsuper.1.html">postsuper(1)</a>, Postfix housekeeping
+
+<li> <a href="sendmail.1.html">sendmail(1)</a>, Sendmail compatibility interface
+
+</ul>
+
+<h2> Postfix configuration </h2>
+
+<ul>
+
+
+<li> <a href="master.5.html">master(5)</a>, Postfix master.cf file syntax
+
+<li> <a href="postconf.5.html">postconf(5)</a>, Postfix main.cf file syntax
+
+</ul>
+
+<h2> Table-driven mechanisms </h2>
+
+<ul>
+
+
+<li> <a href="access.5.html">access(5)</a>, Postfix SMTP access control table
+
+<li> <a href="aliases.5.html">aliases(5)</a>, Postfix alias database
+
+<li> <a href="header_checks.5.html">header_checks(5)</a>, <a href="header_checks.5.html">body_checks(5)</a>, content inspection
+
+<li> <a href="canonical.5.html">canonical(5)</a>, Postfix address rewriting
+
+<li> <a href="relocated.5.html">relocated(5)</a>, Users that have moved
+
+<li> <a href="transport.5.html">transport(5)</a>, Postfix routing table
+
+<li> <a href="virtual.5.html">virtual(5)</a>, Postfix virtual aliasing
+
+</ul>
+
+<h2> Table lookup mechanisms </h2>
+
+<ul>
+
+
+<li> <a href="cidr_table.5.html">cidr_table(5)</a>, Associate CIDR pattern with value
+
+<li> <a href="ldap_table.5.html">ldap_table(5)</a>, Postfix LDAP client
+
+<li> <a href="mysql_table.5.html">mysql_table(5)</a>, Postfix MYSQL client
+
+<li> <a href="pcre_table.5.html">pcre_table(5)</a>, Associate PCRE pattern with value
+
+<li> <a href="pgsql_table.5.html">pgsql_table(5)</a>, Postfix PostgreSQL client
+
+<li> <a href="regexp_table.5.html">regexp_table(5)</a>, Associate POSIX regexp pattern with value
+
+<li> <a href="tcp_table.5.html">tcp_table(5)</a>, Postfix client-server table lookup
+
+</ul>
+
+<h2> Daemon processes </h2>
+
+<ul>
+
+
+<li> <a href="anvil.8.html">anvil(8)</a>, Postfix connection/rate limiting
+
+<li> <a href="bounce.8.html">bounce(8)</a>, <a href="defer.8.html">defer(8)</a>, <a href="trace.8.html">trace(8)</a>, Delivery status reports
+
+<li> <a href="cleanup.8.html">cleanup(8)</a>, canonicalize and enqueue message
+
+<li> <a href="discard.8.html">discard(8)</a>, Postfix discard delivery agent
+
+<li> <a href="error.8.html">error(8)</a>, Postfix error delivery agent
+
+<li> <a href="flush.8.html">flush(8)</a>, Postfix fast ETRN service
+
+<li> <a href="lmtp.8.html">lmtp(8)</a>, Postfix LMTP client
+
+<li> <a href="local.8.html">local(8)</a>, Postfix local delivery agent
+
+<li> <a href="master.8.html">master(8)</a>, Postfix master daemon
+
+<li> <a href="qmgr.8.html">oqmgr(8)</a>, old Postfix queue manager
+
+<li> <a href="pickup.8.html">pickup(8)</a>, Postfix local mail pickup
+
+<li> <a href="pipe.8.html">pipe(8)</a>, deliver mail to non-Postfix command
+
+<li> <a href="proxymap.8.html">proxymap(8)</a>, Postfix lookup table proxy server
+
+<li> <a href="qmgr.8.html">qmgr(8)</a>, Postfix queue manager
+
+<li> <a href="qmqpd.8.html">qmqpd(8)</a>, Postfix QMQP server
+
+<li> <a href="scache.8.html">scache(8)</a>, Postfix session cache manager
+
+<li> <a href="showq.8.html">showq(8)</a>, list Postfix mail queue
+
+<li> <a href="smtp.8.html">smtp(8)</a>, Postfix SMTP client
+
+<li> <a href="smtpd.8.html">smtpd(8)</a>, Postfix SMTP server
+
+<li> <a href="spawn.8.html">spawn(8)</a>, run non-Postfix server
+
+<li> <a href="verify.8.html">verify(8)</a>, Postfix address verification
+
+<li> <a href="virtual.8.html">virtual(8)</a>, Postfix virtual delivery agent
+
+</ul>
+
+
+</body>
+
+</html>
<a href="sendmail.1.html">sendmail(1)</a>, Sendmail compatibility interface
Postfix configuration:
- <a href="postconf.5.html">postconf(5)</a>, Postfix configuration parameters
+ <a href="master.5.html">master(5)</a>, Postfix master.cf file syntax
+ <a href="postconf.5.html">postconf(5)</a>, Postfix main.cf file syntax
Table-driven mechanisms:
<a href="access.5.html">access(5)</a>, Postfix SMTP access control table
Note: use "<b>postsuper -r</b>" to release mail that was
kept on hold for a significant fraction of <b>$<a href="postconf.5.html#maximal_queue_lifetime">maxi</a>-</b>
- <b><a href="postconf.5.html#maximal_queue_lifetime">mal_queue_lifetime</a></b> or <b>$<a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a></b> or
+ <b><a href="postconf.5.html#maximal_queue_lifetime">mal_queue_lifetime</a></b> or <b>$<a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a></b>, or
longer.
Specify <b>-H ALL</b> to release all mail that is "on
the recipient domain distribution. By default the
recipient distribution is displayed. There can be
more recipients than messages, but as each message
- has only one sender, the sender distribution is a a
+ has only one sender, the sender distribution is a
message distribution.
<b>-p</b> Generate aggregate statistics for parent domains.
The output is right justified, with the counts for
the last bucket shown on the 80th column, the <i>ter-</i>
<i>minal</i><b>_</b><i>width</i> can be adjusted for wider screens
- allowing more buckets to be displayed with truncat-
- ing the domain names on the left. When a row for a
- full domain name and its counters does not fit in
+ allowing more buckets to be displayed without trun-
+ cating the domain names on the left. When a row for
+ a full domain name and its counters does not fit in
the specified number of columns, only the last 17
bytes of the domain name are shown with the prefix
replaced by a '+' character. Truncated parent
server command history before it is flushed upon
receipt of EHLO, RSET, or end of DATA.
- Not available in Postfix version 2.1:
+ The per SMTP client connection count and request rate lim-
+ its are implemented in co-operation with the <a href="anvil.8.html">anvil(8)</a> ser-
+ vice, and are available in Postfix version 2.2 and later.
<b><a href="postconf.5.html#smtpd_client_connection_count_limit">smtpd_client_connection_count_limit</a> (50)</b>
- How many simultaneous connections any SMTP client
- is allowed to make to the SMTP service.
+ How many simultaneous connections any client is
+ allowed to make to this service.
<b><a href="postconf.5.html#smtpd_client_connection_rate_limit">smtpd_client_connection_rate_limit</a> (0)</b>
The maximal number of connection attempts any
- client is allowed to make to this service per time
+ client is allowed to make to this service per time
unit.
- <b><a href="postconf.5.html#smtpd_client_connection_limit_exceptions">smtpd_client_connection_limit_exceptions</a> ($<a href="postconf.5.html#mynetworks">mynetworks</a>)</b>
- Clients that are excluded from connection count or
- connection rate restrictions.
+ <b><a href="postconf.5.html#smtpd_client_message_rate_limit">smtpd_client_message_rate_limit</a> (0)</b>
+ The maximal number of message delivery requests
+ that any client is allowed to make to this service
+ per time unit, regardless of whether or not Postfix
+ actually accepts those messages.
+
+ <b><a href="postconf.5.html#smtpd_client_recipient_rate_limit">smtpd_client_recipient_rate_limit</a> (0)</b>
+ The maximal number of recipient addresses that any
+ client is allowed to send to this service per time
+ unit, regardless of whether or not Postfix actually
+ accepts those recipients.
+
+ <b><a href="postconf.5.html#smtpd_client_event_limit_exceptions">smtpd_client_event_limit_exceptions</a> ($<a href="postconf.5.html#mynetworks">mynetworks</a>)</b>
+ Clients that are excluded from connection count,
+ connection rate, message rate or recipient rate
+ restrictions.
<b>TARPIT CONTROLS</b>
When a remote SMTP client makes errors, the Postfix SMTP
becomes, for example, "postfix/smtpd".
<b>SEE ALSO</b>
+ <a href="anvil.8.html">anvil(8)</a>, client count and request rate management
<a href="cleanup.8.html">cleanup(8)</a>, message canonicalization
<a href="trivial-rewrite.8.html">trivial-rewrite(8)</a>, address resolver
<a href="verify.8.html">verify(8)</a>, address verification service
man5/transport.5 man5/virtual.5 man5/pcre_table.5 man5/regexp_table.5 \
man5/cidr_table.5 man5/tcp_table.5 man5/header_checks.5 \
man5/body_checks.5 man5/ldap_table.5 man5/mysql_table.5 \
- man5/pgsql_table.5
+ man5/pgsql_table.5 man5/master.5
TOOLS = man1/smtp-sink.1 man1/smtp-source.1 man1/qmqp-sink.1 \
man1/qmqp-source.1 man1/qshape.1
man5/ldap_table.5: ../proto/ldap_table
../mantools/srctoman - $? >$@
+man5/master.5: ../proto/master
+ ../mantools/srctoman - $? >$@
+
man5/mysql_table.5: ../proto/mysql_table
../mantools/srctoman - $? >$@
sendmail(1), Sendmail compatibility interface
Postfix configuration:
-postconf(5), Postfix configuration parameters
+master(5), Postfix master.cf file syntax
+postconf(5), Postfix main.cf file syntax
Table-driven mechanisms:
access(5), Postfix SMTP access control table
.sp
Note: use "\fBpostsuper -r\fR" to release mail that was kept on
hold for a significant fraction of \fB$maximal_queue_lifetime\fR
-or \fB$bounce_queue_lifetime\fR or longer.
+or \fB$bounce_queue_lifetime\fR, or longer.
.sp
Specify \fB-H ALL\fR to release all mail that is "on hold".
As a safety measure, the word \fBALL\fR must be specified in upper
domain distribution. By default the recipient distribution is
displayed. There can be more recipients than messages, but as
each message has only one sender, the sender distribution is a
-a message distribution.
+message distribution.
.IP \fB-p\fR
Generate aggregate statistics for parent domains. Top level domains
are not shown, nor are domains with fewer than \fImin_subdomains\fR
The output is right justified, with the counts for the last
bucket shown on the 80th column, the \fIterminal_width\fR can be
adjusted for wider screens allowing more buckets to be displayed
-with truncating the domain names on the left. When a row for a
+without truncating the domain names on the left. When a row for a
full domain name and its counters does not fit in the specified
number of columns, only the last 17 bytes of the domain name
are shown with the prefix replaced by a '+' character. Truncated
.IP "\fBauthorized_mailq_users (static:anyone)\fR"
List of users who are authorized to view the queue.
.IP "\fBauthorized_submit_users (static:anyone)\fR"
-List of users who are authorized to submit mail with the
-sendmail(1) command (and with the privileged postdrop(1)
-helper command).
+List of users who are authorized to submit mail with the sendmail(1)
+command (and with the privileged postdrop(1) helper command).
.SH "RESOURCE AND RATE CONTROLS"
.na
.nf
.sp
Note: use "\fBpostsuper -r\fR" to release mail that was kept on
hold for a significant fraction of \fB$maximal_queue_lifetime\fR
-or \fB$bounce_queue_lifetime\fR or longer.
+or \fB$bounce_queue_lifetime\fR, or longer.
.sp
Note: this action currently affects all recipients of the message.
.sp
.sp
Note: use "\fBpostsuper -r\fR" to release mail that was kept on
hold for a significant fraction of \fB$maximal_queue_lifetime\fR
-or \fB$bounce_queue_lifetime\fR or longer.
+or \fB$bounce_queue_lifetime\fR, or longer.
.sp
Note: this action affects all recipients of the message.
.sp
.IP "\fBserver_host (default: localhost)\fR"
The name of the host running the LDAP server, e.g.
.ti +4
-server_host = ldap.your.com
+server_host = ldap.example.com
Depending on the LDAP client library you're using, it should
be possible to specify multiple servers here, with the library
be possible to give each server in the list a different port
(overriding \fBserver_port\fR below), by naming them like
.ti +4
-server_host = ldap.your.com:1444
+server_host = ldap.example.com:1444
With OpenLDAP, a (list of) LDAP URLs can be used to specify both
the hostname(s) and the port(s):
.ti +4
-server_host = ldap://ldap.your.com:1444
+server_host = ldap://ldap.example.com:1444
+.ti +8
+ ldap://ldap2.example.com:1444
All LDAP URLs accepted by the OpenLDAP library are supported,
including connections over UNIX domain sockets, and LDAP SSL
for SSL):
.ti +4
server_host = ldapi://%2Fsome%2Fpath
-.ti +4
-server_host = ldaps://ldap.your.com:636
+.ti +8
+ ldaps://ldap.example.com:636
.IP "\fBserver_port (default: 389)\fR"
The port the LDAP server listens on, e.g.
.ti +4
LDAP SSL service can be requested by using a LDAP SSL URL
in the server_host parameter:
.ti +4
-server_host = ldaps://ldap.your.com:636
+server_host = ldaps://ldap.example.com:636
STARTTLS can be turned on with the start_tls parameter:
.ti +4
--- /dev/null
+.TH MASTER 5
+.ad
+.fi
+.SH NAME
+master
+\-
+Postfix master process configuration file format
+.SH DESCRIPTION
+.ad
+.fi
+The Postfix mail system is implemented by small number of
+(mostly) client commands that are invoked by users, and by
+a larger number of services that run in the background.
+
+Postfix services run under control of the \fBmaster\fR(8)
+process. The master.cf configuration file defines how a
+client program connects to a service, and what daemon
+program runs when a service is requested. Most daemon
+processes are short-lived and terminate after serving
+\fBmax_use\fR clients, or after inactivity for \fBmax_idle\fR
+or more units of time.
+
+All daemons specified here must speak a Postfix-internal
+protocol. In order to execute non-Postfix software use the
+\fBlocal\fR(8), \fBpipe\fR(8) or \fBspawn\fR(8) services, or
+run the server under control by \fBinetd\fR(8) or equivalent.
+.PP
+Changes in master.cf requires that "\fBpostfix reload\fR" be
+executed in order to reload the configuration.
+.SH "SYNTAX"
+.na
+.nf
+.ad
+.fi
+The general format of the master.cf file is as follows:
+.IP \(bu
+Each logical line defines a single Postfix service.
+Each service is identified by its name and type as described
+below. When multiple lines specify the same service name
+and type, only the last one is remembered. Otherwise, the
+order of master.cf service definitions does not matter.
+.IP \(bu
+Empty lines and whitespace-only lines are ignored, as are
+lines whose first non-whitespace character is a `#'.
+.IP \(bu
+A logical line starts with non-whitespace text. A line that
+starts with whitespace continues a logical line.
+.PP
+Each logical line consists of eight fields separated by
+whitespace. These are described below in the order as they
+appear in the master.cf file.
+
+Where applicable a field of "-" requests that the built-in
+default value be used. For boolean fields specify "y" or
+"n" to override the default value.
+.IP "\fBService name\fR"
+The service name syntax depends on the service type as
+described next.
+.IP "\fBService type\fR"
+Specify one of the following service types:
+.RS
+.IP \fBinet\fR
+The service listens on a TCP/IP socket and is therefore
+accessible via the network.
+
+The service name is specified as \fIhost:port\fR, denoting
+the host and port on which new connections should be
+accepted. The host part (and colon) may be omitted. Either
+host or port may be given in symbolic form (host or service
+name) or in numeric form (IP address or port number).
+.sp
+Examples: a service name of \fB127.0.0.1:smtp\fR receives
+mail via the loopback interface only; and a service name
+of \fB10025\fR accepts connections on TCP port 10025 via
+all interfaces configured with the \fBinet_interfaces\fR
+parameter.
+.IP \fBunix\fR
+The service listens on a UNIX-domain socket and is accessible
+for local clients only.
+
+The service name is a pathname relative to the Postfix
+queue directory (pathname controlled with the \fBqueue_directory\fR
+configuration parameter in main.cf).
+.sp
+On Solaris systems the \fBunix\fR type is implemented with
+streams sockets.
+.IP \fBfifo\fR
+The service listens on a FIFO (named pipe) and is accessible
+for local clients only.
+
+The service name is a pathname relative to the Postfix
+queue directory (pathname controlled with the \fBqueue_directory\fR
+configuration parameter in main.cf).
+.RE
+.IP "\fBPrivate (default: y)\fR"
+Whether or not access is restricted to the mail system.
+Internet (type \fBinet\fR) services can't be private.
+.IP "\fBUnprivileged (default: y)\fR"
+Whether the service runs with root privileges or as the
+owner of the Postfix system (the owner name is controlled
+by the \fBmail_owner\fR configuration variable in the
+main.cf file).
+.sp
+The \fBlocal\fR(8), \fBpipe\fR(8), \fBspawn\fR(8), and
+\fBvirtual\fR(8) daemons require privileges.
+.IP "\fBChroot (default: y)\fR"
+Whether or not the service runs chrooted to the mail queue
+directory (pathname is controlled by the \fBqueue_directory\fR
+configuration variable in the main.cf file).
+.sp
+Chroot should not be used with the \fBlocal\fR(8),
+\fBpipe\fR(8) and \fBspawn\fR(8) daemons. Although the
+\fBproxymap\fR(8) server can run chrooted, doing so defeats
+most of the purpose of having that service in the first
+place.
+.sp
+The files in the examples/chroot-setup subdirectory of the
+Postfix source archive describe how to set up a Postfix
+chroot environment for your type of machine, and
+BASIC_CONFIGURATION_README discusses issues related to
+running daemons chrooted.
+.IP "\fBWakeup time (default: 0)\fR"
+Automatically wake up the named service after the specified
+number of seconds. The wake up is implemented by connecting
+to the service and sending a wake up request. A ? at the
+end of the wake up time field requests that wake up events
+be sent only to services that are actually being used.
+Specify 0 for no automatic wake up.
+.sp
+The \fBpickup\fR(8), \fBqmgr\fR(8) and \fBflush\fR(8)
+daemons require a wake up timer.
+.IP "\fBProcess limit (default: $default_process_limit)\fR"
+The maximum number of processes that may execute this
+service simultaneously. Specify 0 for no process count limit.
+.sp
+NOTE: Some Postfix services must be configured as a
+single-process service (for example, \fBqmgr\fR(8)) and
+some services must be configured with no process limit (for
+example, \fBcleanup\fR(8)). These limits must not be
+changed.
+.IP "\fBCommand name + arguments\fR"
+The command to be executed. Characters that are special
+to the shell such as ">" or "|" have no special meaning
+here, and quotes cannot be used to protect arguments
+containing whitespace.
+.sp
+The command name is relative to the Postfix daemon directory
+(pathname is controlled by the \fBdaemon_directory\fR
+configuration variable).
+.sp
+The command argument syntax for specific commands is
+specified in the respective daemon manual page.
+.sp
+The following command-line options have the same effect for
+all daemon programs:
+.RS
+.IP \fB-D\fR
+Run the daemon under control by the command specified with
+the \fBdebugger_command\fR variable in the main.cf
+configuration file. See DEBUG_README for hints and tips.
+.IP "\fB-o \fIname\fR=\fIvalue\fR"
+Override the named main.cf configuration parameter. The
+parameter value can refer to other parameters as \fI$name\fR
+etc., just like in main.cf. See \fBpostconf\fR(5) for
+syntax.
+.sp
+NOTE 1: do not specify whitespace around the "=". In parameter
+values, either avoid whitespace altogether, use commas
+instead of spaces, or consider overrides like "-o
+name=$override_parameter" with $override_parameter set in
+main.cf.
+.sp
+NOTE 2: Over-zealous use of parameter overrides makes the
+Postfix configuration hard to understand and maintain. At
+a certain point, it might be easier to configure multiple
+instances of Postfix, instead of configuring multiple
+personalities via master.cf.
+.IP \fB-v\fR
+Increase the verbose logging level. Specify multiple \fB-v\fR
+options to make a command more verbose.
+.SH "SEE ALSO"
+.na
+.nf
+master(8), process manager
+postconf(5), configuration parameters
+.SH "README FILES"
+.na
+.nf
+.ad
+.fi
+Use "\fBpostconf readme_directory\fR" or
+"\fBpostconf html_directory\fR" to locate this information.
+.na
+.nf
+BASIC_CONFIGURATION_README, basic configuration
+DEBUG_README, Postfix debugging
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH "AUTHOR(S)"
+.na
+.nf
+Initial version by
+Magnus Baeck
+Lund Institute of Technology
+Sweden
+
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
time keeping on System-V-ish systems.
.PP
Specify a list of names and/or name=value pairs, separated by
-whitespace or comma.
+whitespace or comma. The name=value form is supported with
+Postfix 2.1 and later.
.PP
Example:
.PP
side. The right-hand side result from "type:table" lookups is
ignored.
.PP
+This feature is available in Postfix 2.2 and later.
.SH smtp_connection_cache_on_demand (default: yes)
Temporarily enable SMTP session caching while a destination
has a high volume of mail in the active queue. With SMTP connection
.SH smtp_connection_cache_reuse_limit (default: 10)
When SMTP session caching is enabled, the number of times that
an SMTP session is reused before it is closed.
+.PP
+This feature is available in Postfix 2.2 and later.
.SH smtp_connection_cache_time_limit (default: 2s)
When SMTP session caching is enabled, the amount of time that
an unused SMTP client socket is kept open before it is closed. Do
not specify larger values without permission from the remote sites.
+.PP
+This feature is available in Postfix 2.2 and later.
.SH smtp_data_done_timeout (default: 600s)
The SMTP client time limit for sending the SMTP ".", and for receiving
the server response.
.ad
.ft R
.SH smtpd_client_connection_count_limit (default: 50)
-How many simultaneous connections any SMTP client is allowed to
-make to the SMTP service. By default, the limit is set it to half
+How many simultaneous connections any client is allowed to
+make to this service. By default, the limit is set to half
the default process limit value.
.PP
To disable this feature, specify a limit of 0.
WARNING: The purpose of this feature is to limit abuse. It must
not be used to regulate legitimate mail traffic.
.PP
-This feature is not part of the stable Postfix 2.1 release.
-.SH smtpd_client_connection_limit_exceptions (default: $mynetworks)
-Clients that are excluded from connection count or connection rate
-restrictions.
-.PP
-By default, clients in trusted networks are excluded. Specify a
-list of network blocks, hostnames or .domain names (the initial
-dot causes the domain to match any name below it).
-.PP
-This feature is not part of the stable Postfix 2.1 release.
+This feature is available in Postfix 2.2 and later.
.SH smtpd_client_connection_rate_limit (default: 0)
The maximal number of connection attempts any client is allowed to
make to this service per time unit. The time unit is specified
-with the anvil_rate_time_unit configuration parameter, and defaults
-to one minute.
+with the anvil_rate_time_unit configuration parameter.
.PP
By default, a client can make as many connections per time unit as
Postfix can accept.
WARNING: The purpose of this feature is to limit abuse. It must
not be used to regulate legitimate mail traffic.
.PP
-This feature is not part of the stable Postfix 2.1 release.
+This feature is available in Postfix 2.2 and later.
.PP
Example:
.PP
.fi
.ad
.ft R
+.SH smtpd_client_event_limit_exceptions (default: $mynetworks)
+Clients that are excluded from connection count, connection rate,
+message rate or recipient rate restrictions.
+.PP
+By default, clients in trusted networks are excluded. Specify a
+list of network blocks, hostnames or .domain names (the initial
+dot causes the domain to match any name below it).
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH smtpd_client_message_rate_limit (default: 0)
+The maximal number of message delivery requests that any client is
+allowed to make to this service per time unit, regardless of whether
+or not Postfix actually accepts those messages. The time unit is
+specified with the anvil_rate_time_unit configuration parameter.
+.PP
+By default, a client can send as many message delivery requests
+requests per time unit as Postfix can accept.
+.PP
+To disable this feature, specify a limit of 0.
+.PP
+WARNING: The purpose of this feature is to limit abuse. It must
+not be used to regulate legitimate mail traffic.
+.PP
+This feature is available in Postfix 2.2 and later.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+smtpd_client_message_rate_limit = 1000
+.fi
+.ad
+.ft R
+.SH smtpd_client_recipient_rate_limit (default: 0)
+The maximal number of recipient addresses that any client is allowed
+to send to this service per time unit, regardless of whether or not
+Postfix actually accepts those recipients. The time unit is specified
+with the anvil_rate_time_unit configuration parameter.
+.PP
+By default, a client can make as many recipient addresses per time
+unit as Postfix can accept.
+.PP
+To disable this feature, specify a limit of 0.
+.PP
+WARNING: The purpose of this feature is to limit abuse. It must
+not be used to regulate legitimate mail traffic.
+.PP
+This feature is available in Postfix 2.2 and later.
+.PP
+Example:
+.PP
+.nf
+.na
+.ft C
+smtpd_client_recipient_rate_limit = 1000
+.fi
+.ad
+.ft R
.SH smtpd_client_restrictions (default: empty)
Optional SMTP server access restrictions in the context of a client
SMTP connection request.
.SH SEE ALSO
.na
.nf
-postconf(1) postfix configuration maintenance
+postconf(1) Postfix configuration parameter maintenance
+master(5) Postfix daemon configuration maintenance
.SH LICENSE
.ad
.fi
.SH NAME
anvil
\-
-Postfix client count and rate management
+Postfix client count and request rate management
.SH "SYNOPSIS"
.na
.nf
.fi
The Postfix \fBanvil\fR server maintains short-term statistics
to defend against clients that hammer a server with either too
-many parallel connections or with too many successive connection
-attempts within a configurable time interval.
+many parallel connections or with too many successive requests
+within a configurable time interval.
This server is designed to run under control by the Postfix
master server.
The \fBanvil\fR server maintains no persistent database. Standard
library utilities do not meet Postfix performance and robustness
requirements.
-.SH "PROTOCOL"
+.SH "CONNECTION COUNT/RATE LIMITING"
.na
.nf
.ad
.PP
.ti +4
\fBstatus=0\fR
+.SH "MESSAGE RATE LIMITING"
+.na
+.nf
+.ad
+.fi
+When a remote client sends a message delivery request, a
+message rate limited server should send the following
+request to the \fBanvil\fR server:
+.PP
+.in +4
+\fBrequest=message\fR
+.br
+\fBident=\fIstring\fR
+.in
+.PP
+This registers a message delivery request for the (service, client)
+combination specified with \fBident\fR. The \fBanvil\fR server
+answers with the number of message delivery requests per unit time
+for that (service, client) combination:
+.PP
+.in +4
+\fBstatus=0\fR
+.br
+\fBrate=\fInumber\fR
+.in
+.PP
+In order prevent the anvil server from discarding client
+request rates too early or too late, a message rate limited
+service should also register connect/disconnect events.
+.PP
+This feature is available in Postfix 2.2 and later.
+.SH "RECIPIENT RATE LIMITING"
+.na
+.nf
+.ad
+.fi
+When a remote client sends a recipient address, a recipient
+rate limited server should send the following request to
+the \fBanvil\fR server:
+.PP
+.in +4
+\fBrequest=recipient\fR
+.br
+\fBident=\fIstring\fR
+.in
+.PP
+This registers a recipient address for the (service, client)
+combination specified with \fBident\fR. The \fBanvil\fR server
+answers with the number of recipient addresses per unit time
+for that (service, client) combination:
+.PP
+.in +4
+\fBstatus=0\fR
+.br
+\fBrate=\fInumber\fR
+.in
+.PP
+In order prevent the anvil server from discarding client
+request rates too early or too late, a recipient rate limited
+service should also register connect/disconnect events.
.PP
+This feature is available in Postfix 2.2 and later.
.SH "SECURITY"
.na
.nf
seconds, the server logs the maximal count and rate values measured,
together with (service, client) information and the time of day
associated with those events.
+In order to avoid unnecessary overhead, no measurements
+are done for activity that isn't concurrency limited or
+rate limited.
.SH BUGS
.ad
.fi
.SH "SYNOPSIS"
.na
.nf
-.fi
-\fBmaster\fR [\fB-Dtv\fR] [\fB-c \fIconfig_dir\fR]
- [\fB-e \fIexit_time\fR]
+\fBmaster\fR [\fB-Dtv\fR] [\fB-c \fIconfig_dir\fR] [\fB-e \fIexit_time\fR]
.SH DESCRIPTION
.ad
.fi
resident queue manager and the resident address verification server.
The behavior of the \fBmaster\fR daemon is controlled by the
-\fBmaster.cf\fR configuration file. The table specifies zero or
-more servers in the \fBUNIX\fR or \fBINET\fR domain, or servers
-that take requests from a FIFO. Precise configuration details are
-given in the \fBmaster.cf\fR file, and in the manual pages of the
-respective daemons.
+\fBmaster.cf\fR configuration file, as described in master(5).
Options:
.IP "\fB-c \fIconfig_dir\fR"
Read the \fBmain.cf\fR and \fBmaster.cf\fR configuration files in
the named directory instead of the default configuration directory.
+This also overrides the configuration files for other Postfix
+daemon processes.
.IP "\fB-e \fIexit_time\fR"
Terminate the master process after \fIexit_time\fR seconds. Child
processes terminate at their convenience.
.nf
qmgr(8), queue manager
verify(8), address verification
-postconf(5), configuration parameters
+master(5), master.cf configuration file syntax
+postconf(5), main.cf configuration parameter syntax
syslogd(8), system logging
.SH "LICENSE"
.na
.sp
In the command argument vector, the following macros are recognized
and replaced with corresponding information from the Postfix queue
-manager delivery request:
+manager delivery request.
+.sp
+In addition to the form ${\fIname\fR}, the forms $\fIname\fR and
+$(\fIname\fR) are also recognized. Specify \fB$$\fR where a single
+\fB$\fR is wanted.
.RS
.IP \fB${\fBextension\fR}\fR
This macro expands to the extension part of a recipient address.
.sp
This information is modified by the \fBhqu\fR flags for quoting
and case folding.
+.IP \fB${\fBsasl_method\fR}\fR
+This macro expands to the SASL authentication mechanism used
+during the reception of the message. An empty string is passed
+if the message has been received without SASL authentication.
+.sp
+This is available in Postfix 2.2 and later.
+.IP \fB${\fBsasl_sender\fR}\fR
+This macro expands to the SASL sender name (i.e. the original
+submitter as per RFC 2554) used during the reception of the message.
+.sp
+This is available in Postfix 2.2 and later.
+.IP \fB${\fBsasl_username\fR}\fR
+This macro expands to the SASL user name used during the reception
+of the message. An empty string is passed if the message has been
+received without SASL authentication.
+.sp
+This is available in Postfix 2.2 and later.
.IP \fB${\fBsender\fR}\fR
This macro expands to the envelope sender address.
.sp
.sp
This information is modified by the \fBu\fR flag for case folding.
.RE
-.PP
-In addition to the form ${\fIname\fR}, the forms $\fIname\fR and
-$(\fIname\fR) are also recognized. Specify \fB$$\fR where a single
-\fB$\fR is wanted.
.SH DIAGNOSTICS
.ad
.fi
The maximal number of lines in the Postfix SMTP server command history
before it is flushed upon receipt of EHLO, RSET, or end of DATA.
.PP
-Not available in Postfix version 2.1:
+The per SMTP client connection count and request rate limits are
+implemented in co-operation with the anvil(8) service, and
+are available in Postfix version 2.2 and later.
.IP "\fBsmtpd_client_connection_count_limit (50)\fR"
-How many simultaneous connections any SMTP client is allowed to
-make to the SMTP service.
+How many simultaneous connections any client is allowed to
+make to this service.
.IP "\fBsmtpd_client_connection_rate_limit (0)\fR"
The maximal number of connection attempts any client is allowed to
make to this service per time unit.
-.IP "\fBsmtpd_client_connection_limit_exceptions ($mynetworks)\fR"
-Clients that are excluded from connection count or connection rate
-restrictions.
+.IP "\fBsmtpd_client_message_rate_limit (0)\fR"
+The maximal number of message delivery requests that any client is
+allowed to make to this service per time unit, regardless of whether
+or not Postfix actually accepts those messages.
+.IP "\fBsmtpd_client_recipient_rate_limit (0)\fR"
+The maximal number of recipient addresses that any client is allowed
+to send to this service per time unit, regardless of whether or not
+Postfix actually accepts those recipients.
+.IP "\fBsmtpd_client_event_limit_exceptions ($mynetworks)\fR"
+Clients that are excluded from connection count, connection rate,
+message rate or recipient rate restrictions.
.SH "TARPIT CONTROLS"
.na
.nf
.SH "SEE ALSO"
.na
.nf
+anvil(8), client count and request rate management
cleanup(8), message canonicalization
trivial-rewrite(8), address resolver
verify(8), address verification service
--- /dev/null
+#!/bin/sh
+
+cat <<EOF
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix Manual Pages </title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix
+Manual Pages </h1>
+
+<hr>
+
+<h2> Information for new Postfix users </h2>
+
+<p> New Postfix users should first look at the following introductory
+documents. These introductions are hyperlinked to more advanced
+documents and to UNIX-style manual pages. The UNIX-style manual
+pages are intended for people who are already familiar with Postfix.
+</p>
+
+<ul>
+
+<li> <a href="OVERVIEW.html"> Postfix architecture overview </a>
+
+<li> <a href="BASIC_CONFIGURATION_README.html"> Basic configuration
+</a>
+
+<li> <a href="DEBUG_README.html"> Trouble shooting </a>
+
+<li> <a href="CONTENT_INSPECTION_README.html"> Content inspection
+overview</a>
+
+<li> <a href="SMTPD_ACCESS_README.html">Relay/access control overview
+</a>
+
+<li> <a href="DATABASE_README.html"> Lookup table overview </a>
+
+</ul>
+
+<h2> Postfix manual page organization </h2>
+
+<p> Each Postfix manual page is numbered after a section of the
+UNIX manual: examples are mailq(1) or access(5). Unfortunately,
+the organization of manual pages depends on the UNIX version being
+used. Postfix documentation assumes the following convention:
+</p>
+
+<blockquote>
+
+<table cellpadding="0" cellspacing="0">
+
+<tr><th> Section </th> <th> Topic </th> </tr>
+
+<tr><td colspan="2"> <hr> </td> </tr>
+
+<tr><td align="center"> 1 </td> <td> Commands </td> </tr>
+
+<tr><td align="center"> 3 </td> <td> Library routines </td> </tr>
+
+<tr><td align="center"> 5 </td> <td> File formats </td> </tr>
+
+<tr><td align="center"> 8 </td> <td> Daemons </td> </tr>
+
+</table>
+
+</blockquote>
+
+EOF
+
+srctoman "$@" | awk '
+
+NR == 1,/SH "*SEE ALSO"*/ { next }
+
+/^Other:$/ { print ul; exit }
+
+/^[A-Z].*:$/ { print ul "<h2>", $0, "</h2>\n\n<ul>\n\n"; ul = "</ul>\n\n" }
+
+/^[a-z][a-z0-9_]+\(/ { print "<li>", $0, "\n" }
+
+' | sed 's;: </h2>$; </h2>;'
+
+cat <<EOF
+</body>
+
+</html>
+EOF
s/<\/td[^>]*>//g
s/"\([A-Z_]*\)\.html">/&\1:/
s/All main.cf parameters/postconf(5): &/
+ /All Postfix manual pages/d
' "$@"
s;\bcommand_time_limit\b;<a href="postconf.5.html#command_time_limit">$&</a>;g;
s;\bconfig_direc[-</bB>]*\n*[ <bB>]*tory\b;<a href="postconf.5.html#config_directory">$&</a>;g;
s;\bcon[-</bB>]*\n*[ <bB>]*tent_filter\b;<a href="postconf.5.html#content_filter">$&</a>;g;
- s;\bdaemon_directory\b;<a href="postconf.5.html#daemon_directory">$&</a>;g;
+ s;\bdae
[-</bB>]*\n*[ <bB>]*mon_directory\b;<a href="postconf.5.html#daemon_directory">$&</a>;g;
s;\bdaemon_timeout\b;<a href="postconf.5.html#daemon_timeout">$&</a>;g;
s;\bdebug_peer_level\b;<a href="postconf.5.html#debug_peer_level">$&</a>;g;
s;\bdebug_peer_list\b;<a href="postconf.5.html#debug_peer_list">$&</a>;g;
s;\bsmtpd_autho[-</bB>]*\n*[ <bB>]*rized_xforward_hosts\b;<a href="postconf.5.html#smtpd_authorized_xforward_hosts">$&</a>;g;
s;\bsmtpd_banner\b;<a href="postconf.5.html#smtpd_banner">$&</a>;g;
s;\bsmtpd_client_connection_count_limit\b;<a href="postconf.5.html#smtpd_client_connection_count_limit">$&</a>;g;
- s;\bsmtpd_client_connection_limit_exceptions\b;<a href="postconf.5.html#smtpd_client_connection_limit_exceptions">$&</a>;g;
+ s;\bsmtpd_client_event_limit_exceptions\b;<a href="postconf.5.html#smtpd_client_event_limit_exceptions">$&</a>;g;
s;\bsmtpd_client_connection_rate_limit\b;<a href="postconf.5.html#smtpd_client_connection_rate_limit">$&</a>;g;
+ s;\bsmtpd_client_message_rate_limit\b;<a href="postconf.5.html#smtpd_client_message_rate_limit">$&</a>;g;
+ s;\bsmtpd_client_recipient_rate_limit\b;<a href="postconf.5.html#smtpd_client_recipient_rate_limit">$&</a>;g;
s;\bsmtpd_client_restrictions\b;<a href="postconf.5.html#smtpd_client_restrictions">$&</a>;g;
s;\bsmtpd_data_restrictions\b;<a href="postconf.5.html#smtpd_data_restrictions">$&</a>;g;
s;\bsmtpd_delay_reject\b;<a href="postconf.5.html#smtpd_delay_reject">$&</a>;g;
s/[<bB>]*canonical[<\/bB>]*\(5\)/<a href="canonical.5.html">$&<\/a>/g;
s/[<bB>]*etrn[<\/bB>]*\(5\)/<a href="etrn.5.html">$&<\/a>/g;
s/[<bB>]*ldap[<\/bBiI>]*_[<\/iIbB>]*table[<\/bB>]*\(5\)/<a href="ldap_table.5.html">$&<\/a>/g;
+ s/[<bB>]*mas[-<\/bB>]*\n* *[<bB>]*ter[<\/bB>]*\(5\)/<a href="master.5.html">$&<\/a>/g;
s/[<bB>]*mysql[<\/bBiI>]*_[<\/iIbB>]*table[<\/bB>]*\(5\)/<a href="mysql_table.5.html">$&<\/a>/g;
s/[<bB>]*pcre[<\/bBiI>]*_[<\/iIbB>]*table[<\/bB>]*\(5\)/<a href="pcre_table.5.html">$&<\/a>/g;
s/[<bB>]*pgsql[<\/bBiI>]*_[<\/iIbB>]*table[<\/bB>]*\(5\)/<a href="pgsql_table.5.html">$&<\/a>/g;
s/[<bB>]*postconf[<\/bB>]*\(5\)/<a href="postconf.5.html">$&<\/a>/g;
- s/[<bB>]*proxymap[<\/bB>]*\(8\)/<a href="proxymap.8.html">$&<\/a>/g;
+ s/[<bB>]*prox
[-<\/bB>]*\n*[ <bB>]*ymap[<\/bB>]*\(8\)/<a href="proxymap.8.html">$&<\/a>/g;
s/[<bB>]*reg[-<\/bB>]*\n*[ <bB>]*exp[<\/bBiI>]*_[<\/iIbB>]*table[<\/bB>]*\(5\)/<a href="regexp_table.5.html">$&<\/a>/g;
s/[<bB>]*relocated[<\/bB>]*\(5\)/<a href="relocated.5.html">$&<\/a>/g;
s/[<bB>]*scache[<\/bB>]*\(8\)/<a href="scache.8.html">$&<\/a>/g;
# .sp
# Note: use "\fBpostsuper -r\fR" to release mail that was kept on
# hold for a significant fraction of \fB$maximal_queue_lifetime\fR
-# or \fB$bounce_queue_lifetime\fR or longer.
+# or \fB$bounce_queue_lifetime\fR, or longer.
# .sp
# Note: this action currently affects all recipients of the message.
# .sp
# .sp
# Note: use "\fBpostsuper -r\fR" to release mail that was kept on
# hold for a significant fraction of \fB$maximal_queue_lifetime\fR
-# or \fB$bounce_queue_lifetime\fR or longer.
+# or \fB$bounce_queue_lifetime\fR, or longer.
# .sp
# Note: this action affects all recipients of the message.
# .sp
# .IP "\fBserver_host (default: localhost)\fR"
# The name of the host running the LDAP server, e.g.
# .ti +4
-# server_host = ldap.your.com
+# server_host = ldap.example.com
#
# Depending on the LDAP client library you're using, it should
# be possible to specify multiple servers here, with the library
# be possible to give each server in the list a different port
# (overriding \fBserver_port\fR below), by naming them like
# .ti +4
-# server_host = ldap.your.com:1444
+# server_host = ldap.example.com:1444
#
# With OpenLDAP, a (list of) LDAP URLs can be used to specify both
# the hostname(s) and the port(s):
# .ti +4
-# server_host = ldap://ldap.your.com:1444
+# server_host = ldap://ldap.example.com:1444
+# .ti +8
+# ldap://ldap2.example.com:1444
#
# All LDAP URLs accepted by the OpenLDAP library are supported,
# including connections over UNIX domain sockets, and LDAP SSL
# for SSL):
# .ti +4
# server_host = ldapi://%2Fsome%2Fpath
-# .ti +4
-# server_host = ldaps://ldap.your.com:636
+# .ti +8
+# ldaps://ldap.example.com:636
# .IP "\fBserver_port (default: 389)\fR"
# The port the LDAP server listens on, e.g.
# .ti +4
# LDAP SSL service can be requested by using a LDAP SSL URL
# in the server_host parameter:
# .ti +4
-# server_host = ldaps://ldap.your.com:636
+# server_host = ldaps://ldap.example.com:636
#
# STARTTLS can be turned on with the start_tls parameter:
# .ti +4
--- /dev/null
+#++
+# NAME
+# master 5
+# SUMMARY
+# Postfix master process configuration file format
+# DESCRIPTION
+# The Postfix mail system is implemented by small number of
+# (mostly) client commands that are invoked by users, and by
+# a larger number of services that run in the background.
+#
+# Postfix services run under control of the \fBmaster\fR(8)
+# process. The master.cf configuration file defines how a
+# client program connects to a service, and what daemon
+# program runs when a service is requested. Most daemon
+# processes are short-lived and terminate after serving
+# \fBmax_use\fR clients, or after inactivity for \fBmax_idle\fR
+# or more units of time.
+#
+# All daemons specified here must speak a Postfix-internal
+# protocol. In order to execute non-Postfix software use the
+# \fBlocal\fR(8), \fBpipe\fR(8) or \fBspawn\fR(8) services, or
+# run the server under control by \fBinetd\fR(8) or equivalent.
+# .PP
+# Changes in master.cf requires that "\fBpostfix reload\fR" be
+# executed in order to reload the configuration.
+# SYNTAX
+# .ad
+# .fi
+# The general format of the master.cf file is as follows:
+# .IP \(bu
+# Each logical line defines a single Postfix service.
+# Each service is identified by its name and type as described
+# below. When multiple lines specify the same service name
+# and type, only the last one is remembered. Otherwise, the
+# order of master.cf service definitions does not matter.
+# .IP \(bu
+# Empty lines and whitespace-only lines are ignored, as are
+# lines whose first non-whitespace character is a `#'.
+# .IP \(bu
+# A logical line starts with non-whitespace text. A line that
+# starts with whitespace continues a logical line.
+# .PP
+# Each logical line consists of eight fields separated by
+# whitespace. These are described below in the order as they
+# appear in the master.cf file.
+#
+# Where applicable a field of "-" requests that the built-in
+# default value be used. For boolean fields specify "y" or
+# "n" to override the default value.
+# .IP "\fBService name\fR"
+# The service name syntax depends on the service type as
+# described next.
+# .IP "\fBService type\fR"
+# Specify one of the following service types:
+# .RS
+# .IP \fBinet\fR
+# The service listens on a TCP/IP socket and is therefore
+# accessible via the network.
+#
+# The service name is specified as \fIhost:port\fR, denoting
+# the host and port on which new connections should be
+# accepted. The host part (and colon) may be omitted. Either
+# host or port may be given in symbolic form (host or service
+# name) or in numeric form (IP address or port number).
+# .sp
+# Examples: a service name of \fB127.0.0.1:smtp\fR receives
+# mail via the loopback interface only; and a service name
+# of \fB10025\fR accepts connections on TCP port 10025 via
+# all interfaces configured with the \fBinet_interfaces\fR
+# parameter.
+# .IP \fBunix\fR
+# The service listens on a UNIX-domain socket and is accessible
+# for local clients only.
+#
+# The service name is a pathname relative to the Postfix
+# queue directory (pathname controlled with the \fBqueue_directory\fR
+# configuration parameter in main.cf).
+# .sp
+# On Solaris systems the \fBunix\fR type is implemented with
+# streams sockets.
+# .IP \fBfifo\fR
+# The service listens on a FIFO (named pipe) and is accessible
+# for local clients only.
+#
+# The service name is a pathname relative to the Postfix
+# queue directory (pathname controlled with the \fBqueue_directory\fR
+# configuration parameter in main.cf).
+# .RE
+# .IP "\fBPrivate (default: y)\fR"
+# Whether or not access is restricted to the mail system.
+# Internet (type \fBinet\fR) services can't be private.
+# .IP "\fBUnprivileged (default: y)\fR"
+# Whether the service runs with root privileges or as the
+# owner of the Postfix system (the owner name is controlled
+# by the \fBmail_owner\fR configuration variable in the
+# main.cf file).
+# .sp
+# The \fBlocal\fR(8), \fBpipe\fR(8), \fBspawn\fR(8), and
+# \fBvirtual\fR(8) daemons require privileges.
+# .IP "\fBChroot (default: y)\fR"
+# Whether or not the service runs chrooted to the mail queue
+# directory (pathname is controlled by the \fBqueue_directory\fR
+# configuration variable in the main.cf file).
+# .sp
+# Chroot should not be used with the \fBlocal\fR(8),
+# \fBpipe\fR(8) and \fBspawn\fR(8) daemons. Although the
+# \fBproxymap\fR(8) server can run chrooted, doing so defeats
+# most of the purpose of having that service in the first
+# place.
+# .sp
+# The files in the examples/chroot-setup subdirectory of the
+# Postfix source archive describe how to set up a Postfix
+# chroot environment for your type of machine, and
+# BASIC_CONFIGURATION_README discusses issues related to
+# running daemons chrooted.
+# .IP "\fBWakeup time (default: 0)\fR"
+# Automatically wake up the named service after the specified
+# number of seconds. The wake up is implemented by connecting
+# to the service and sending a wake up request. A ? at the
+# end of the wake up time field requests that wake up events
+# be sent only to services that are actually being used.
+# Specify 0 for no automatic wake up.
+# .sp
+# The \fBpickup\fR(8), \fBqmgr\fR(8) and \fBflush\fR(8)
+# daemons require a wake up timer.
+# .IP "\fBProcess limit (default: $default_process_limit)\fR"
+# The maximum number of processes that may execute this
+# service simultaneously. Specify 0 for no process count limit.
+# .sp
+# NOTE: Some Postfix services must be configured as a
+# single-process service (for example, \fBqmgr\fR(8)) and
+# some services must be configured with no process limit (for
+# example, \fBcleanup\fR(8)). These limits must not be
+# changed.
+# .IP "\fBCommand name + arguments\fR"
+# The command to be executed. Characters that are special
+# to the shell such as ">" or "|" have no special meaning
+# here, and quotes cannot be used to protect arguments
+# containing whitespace.
+# .sp
+# The command name is relative to the Postfix daemon directory
+# (pathname is controlled by the \fBdaemon_directory\fR
+# configuration variable).
+# .sp
+# The command argument syntax for specific commands is
+# specified in the respective daemon manual page.
+# .sp
+# The following command-line options have the same effect for
+# all daemon programs:
+# .RS
+# .IP \fB-D\fR
+# Run the daemon under control by the command specified with
+# the \fBdebugger_command\fR variable in the main.cf
+# configuration file. See DEBUG_README for hints and tips.
+# .IP "\fB-o \fIname\fR=\fIvalue\fR"
+# Override the named main.cf configuration parameter. The
+# parameter value can refer to other parameters as \fI$name\fR
+# etc., just like in main.cf. See \fBpostconf\fR(5) for
+# syntax.
+# .sp
+# NOTE 1: do not specify whitespace around the "=". In parameter
+# values, either avoid whitespace altogether, use commas
+# instead of spaces, or consider overrides like "-o
+# name=$override_parameter" with $override_parameter set in
+# main.cf.
+# .sp
+# NOTE 2: Over-zealous use of parameter overrides makes the
+# Postfix configuration hard to understand and maintain. At
+# a certain point, it might be easier to configure multiple
+# instances of Postfix, instead of configuring multiple
+# personalities via master.cf.
+# .IP \fB-v\fR
+# Increase the verbose logging level. Specify multiple \fB-v\fR
+# options to make a command more verbose.
+# SEE ALSO
+# master(8), process manager
+# postconf(5), configuration parameters
+# README FILES
+# .ad
+# .fi
+# Use "\fBpostconf readme_directory\fR" or
+# "\fBpostconf html_directory\fR" to locate this information.
+# .na
+# .nf
+# BASIC_CONFIGURATION_README, basic configuration
+# DEBUG_README, Postfix debugging
+# LICENSE
+# .ad
+# .fi
+# The Secure Mailer license must be distributed with this software.
+# AUTHOR(S)
+# Initial version by
+# Magnus Baeck
+# Lund Institute of Technology
+# Sweden
+#
+# Wietse Venema
+# IBM T.J. Watson Research
+# P.O. Box 704
+# Yorktown Heights, NY 10598, USA
+#--
.SH SEE ALSO
.na
.nf
-postconf(1) postfix configuration maintenance
+postconf(1) Postfix configuration parameter maintenance
+master(5) Postfix daemon configuration maintenance
.SH LICENSE
.ad
.fi
<p>
Specify a list of names and/or name=value pairs, separated by
-whitespace or comma.
+whitespace or comma. The name=value form is supported with
+Postfix 2.1 and later.
</p>
<p>
not specify larger values without permission from the remote sites.
</p>
+<p> This feature is available in Postfix 2.2 and later. </p>
+
%PARAM smtp_connection_cache_reuse_limit 10
<p> When SMTP session caching is enabled, the number of times that
an SMTP session is reused before it is closed.
</p>
+<p> This feature is available in Postfix 2.2 and later. </p>
+
%PARAM smtp_connection_cache_destinations
<p> Permanently enable SMTP connection caching for the specified
</ul>
-<p></p>
+<p> This feature is available in Postfix 2.2 and later. </p>
%PARAM smtp_connection_cache_on_demand yes
%PARAM smtpd_client_connection_count_limit 50
<p>
-How many simultaneous connections any SMTP client is allowed to
-make to the SMTP service. By default, the limit is set it to half
+How many simultaneous connections any client is allowed to
+make to this service. By default, the limit is set to half
the default process limit value.
</p>
</p>
<p>
-This feature is not part of the stable Postfix 2.1 release.
+This feature is available in Postfix 2.2 and later.
</p>
-%PARAM smtpd_client_connection_limit_exceptions $mynetworks
+%PARAM smtpd_client_event_limit_exceptions $mynetworks
<p>
-Clients that are excluded from connection count or connection rate
-restrictions.
+Clients that are excluded from connection count, connection rate,
+message rate or recipient rate restrictions.
</p>
<p>
</p>
<p>
-This feature is not part of the stable Postfix 2.1 release.
+This feature is available in Postfix 2.2 and later.
</p>
%PARAM smtpd_client_connection_rate_limit 0
<p>
The maximal number of connection attempts any client is allowed to
make to this service per time unit. The time unit is specified
-with the anvil_rate_time_unit configuration parameter, and defaults
-to one minute.
+with the anvil_rate_time_unit configuration parameter.
</p>
<p>
</p>
<p>
-This feature is not part of the stable Postfix 2.1 release.
+This feature is available in Postfix 2.2 and later.
</p>
<p>
smtpd_client_connection_rate_limit = 1000
</pre>
+%PARAM smtpd_client_message_rate_limit 0
+
+<p>
+The maximal number of message delivery requests that any client is
+allowed to make to this service per time unit, regardless of whether
+or not Postfix actually accepts those messages. The time unit is
+specified with the anvil_rate_time_unit configuration parameter.
+</p>
+
+<p>
+By default, a client can send as many message delivery requests
+requests per time unit as Postfix can accept.
+</p>
+
+<p>
+To disable this feature, specify a limit of 0.
+</p>
+
+<p>
+WARNING: The purpose of this feature is to limit abuse. It must
+not be used to regulate legitimate mail traffic.
+</p>
+
+<p>
+This feature is available in Postfix 2.2 and later.
+</p>
+
+<p>
+Example:
+</p>
+
+<pre>
+smtpd_client_message_rate_limit = 1000
+</pre>
+
+%PARAM smtpd_client_recipient_rate_limit 0
+
+<p>
+The maximal number of recipient addresses that any client is allowed
+to send to this service per time unit, regardless of whether or not
+Postfix actually accepts those recipients. The time unit is specified
+with the anvil_rate_time_unit configuration parameter.
+</p>
+
+<p>
+By default, a client can make as many recipient addresses per time
+unit as Postfix can accept.
+</p>
+
+<p>
+To disable this feature, specify a limit of 0.
+</p>
+
+<p>
+WARNING: The purpose of this feature is to limit abuse. It must
+not be used to regulate legitimate mail traffic.
+</p>
+
+<p>
+This feature is available in Postfix 2.2 and later.
+</p>
+
+<p>
+Example:
+</p>
+
+<pre>
+smtpd_client_recipient_rate_limit = 1000
+</pre>
+
%PARAM smtpd_client_restrictions
<p>
/* NAME
/* anvil 8
/* SUMMARY
-/* Postfix client count and rate management
+/* Postfix client count and request rate management
/* SYNOPSIS
/* \fBanvil\fR [generic Postfix daemon options]
/* DESCRIPTION
/* The Postfix \fBanvil\fR server maintains short-term statistics
/* to defend against clients that hammer a server with either too
-/* many parallel connections or with too many successive connection
-/* attempts within a configurable time interval.
+/* many parallel connections or with too many successive requests
+/* within a configurable time interval.
/* This server is designed to run under control by the Postfix
/* master server.
/*
/* The \fBanvil\fR server maintains no persistent database. Standard
/* library utilities do not meet Postfix performance and robustness
/* requirements.
-/* PROTOCOL
+/* CONNECTION COUNT/RATE LIMITING
/* .ad
/* .fi
/* When a remote client connects, a connection count (or rate) limited
/* .PP
/* .ti +4
/* \fBstatus=0\fR
+/* MESSAGE RATE LIMITING
+/* .ad
+/* .fi
+/* When a remote client sends a message delivery request, a
+/* message rate limited server should send the following
+/* request to the \fBanvil\fR server:
+/* .PP
+/* .in +4
+/* \fBrequest=message\fR
+/* .br
+/* \fBident=\fIstring\fR
+/* .in
/* .PP
+/* This registers a message delivery request for the (service, client)
+/* combination specified with \fBident\fR. The \fBanvil\fR server
+/* answers with the number of message delivery requests per unit time
+/* for that (service, client) combination:
+/* .PP
+/* .in +4
+/* \fBstatus=0\fR
+/* .br
+/* \fBrate=\fInumber\fR
+/* .in
+/* .PP
+/* In order prevent the anvil server from discarding client
+/* request rates too early or too late, a message rate limited
+/* service should also register connect/disconnect events.
+/* .PP
+/* This feature is available in Postfix 2.2 and later.
+/* RECIPIENT RATE LIMITING
+/* .ad
+/* .fi
+/* When a remote client sends a recipient address, a recipient
+/* rate limited server should send the following request to
+/* the \fBanvil\fR server:
+/* .PP
+/* .in +4
+/* \fBrequest=recipient\fR
+/* .br
+/* \fBident=\fIstring\fR
+/* .in
+/* .PP
+/* This registers a recipient address for the (service, client)
+/* combination specified with \fBident\fR. The \fBanvil\fR server
+/* answers with the number of recipient addresses per unit time
+/* for that (service, client) combination:
+/* .PP
+/* .in +4
+/* \fBstatus=0\fR
+/* .br
+/* \fBrate=\fInumber\fR
+/* .in
+/* .PP
+/* In order prevent the anvil server from discarding client
+/* request rates too early or too late, a recipient rate limited
+/* service should also register connect/disconnect events.
+/* .PP
+/* This feature is available in Postfix 2.2 and later.
/* SECURITY
/* .ad
/* .fi
/* seconds, the server logs the maximal count and rate values measured,
/* together with (service, client) information and the time of day
/* associated with those events.
+/* In order to avoid unnecessary overhead, no measurements
+/* are done for activity that isn't concurrency limited or
+/* rate limited.
/* BUGS
/* Systems behind network address translating routers or proxies
/* appear to have the same client address and can run into connection
static char *max_rate_user;
static time_t max_rate_time;
+static int max_mail;
+static char *max_mail_user;
+static time_t max_mail_time;
+
+static int max_rcpt;
+static char *max_rcpt_user;
+static time_t max_rcpt_time;
+
/*
* Remote connection state, one instance for each (service, client) pair.
*/
char *ident; /* lookup key */
int count; /* connection count */
int rate; /* connection rate */
+ int mail; /* message rate */
+ int rcpt; /* recipient rate */
time_t start; /* time of first rate sample */
} ANVIL_REMOTE;
(remote)->ident = mystrdup(id); \
(remote)->count = 1; \
(remote)->rate = 1; \
+ (remote)->mail = 0; \
+ (remote)->rcpt = 0; \
(remote)->start = event_time(); \
} while(0)
time_t _now = event_time(); \
if ((remote)->start + var_anvil_time_unit < _now) { \
(remote)->rate = 1; \
+ (remote)->mail = 0; \
+ (remote)->rcpt = 0; \
(remote)->start = _now; \
} else if ((remote)->rate < INT_MAX) { \
(remote)->rate += 1; \
(remote)->count++; \
} while(0)
+#define ANVIL_ADD_MAIL(remote) \
+ do { \
+ time_t _now = event_time(); \
+ if ((remote)->start + var_anvil_time_unit < _now) { \
+ (remote)->rate = 0; \
+ (remote)->mail = 1; \
+ (remote)->rcpt = 0; \
+ (remote)->start = _now; \
+ } else if ((remote)->mail < INT_MAX) { \
+ (remote)->mail += 1; \
+ } \
+ } while(0)
+
+#define ANVIL_ADD_RCPT(remote) \
+ do { \
+ time_t _now = event_time(); \
+ if ((remote)->start + var_anvil_time_unit < _now) { \
+ (remote)->rate = 0; \
+ (remote)->mail = 0; \
+ (remote)->rcpt = 1; \
+ (remote)->start = _now; \
+ } else if ((remote)->rcpt < INT_MAX) { \
+ (remote)->rcpt += 1; \
+ } \
+ } while(0)
+
/* Drop connection from (service, client) state. */
#define ANVIL_REMOTE_DROP_ONE(remote) \
ATTR_TYPE_STR, ANVIL_ATTR_IDENT, ht[0]->key,
ATTR_TYPE_NUM, ANVIL_ATTR_COUNT, anvil_remote->count,
ATTR_TYPE_NUM, ANVIL_ATTR_RATE, anvil_remote->rate,
+ ATTR_TYPE_NUM, ANVIL_ATTR_MAIL, anvil_remote->mail,
+ ATTR_TYPE_NUM, ANVIL_ATTR_RCPT, anvil_remote->rcpt,
ATTR_TYPE_END);
}
attr_print_plain(client_stream, ATTR_FLAG_NONE, ATTR_TYPE_END);
ATTR_TYPE_NUM, ANVIL_ATTR_STATUS, ANVIL_STAT_FAIL,
ATTR_TYPE_NUM, ANVIL_ATTR_COUNT, 0,
ATTR_TYPE_NUM, ANVIL_ATTR_RATE, 0,
+ ATTR_TYPE_NUM, ANVIL_ATTR_MAIL, 0,
+ ATTR_TYPE_NUM, ANVIL_ATTR_RCPT, 0,
ATTR_TYPE_END);
} else {
attr_print_plain(client_stream, ATTR_FLAG_NONE,
ATTR_TYPE_NUM, ANVIL_ATTR_STATUS, ANVIL_STAT_OK,
ATTR_TYPE_NUM, ANVIL_ATTR_COUNT, anvil_remote->count,
ATTR_TYPE_NUM, ANVIL_ATTR_RATE, anvil_remote->rate,
+ ATTR_TYPE_NUM, ANVIL_ATTR_MAIL, anvil_remote->mail,
+ ATTR_TYPE_NUM, ANVIL_ATTR_RCPT, anvil_remote->rcpt,
ATTR_TYPE_END);
}
}
-/* anvil_remote_connect - report connection event, query address status */
+/* anvil_remote_conn_update - instantiate or update connection info */
-static void anvil_remote_connect(VSTREAM *client_stream, const char *ident)
+static ANVIL_REMOTE *anvil_remote_conn_update(VSTREAM *client_stream, const char *ident)
{
ANVIL_REMOTE *anvil_remote;
ANVIL_LOCAL *anvil_local;
- char *myname = "anvil_remote_connect";
+ char *myname = "anvil_remote_conn_update";
if (msg_verbose)
msg_info("%s fd=%d stream=0x%lx ident=%s",
msg_info("%s: anvil_local 0x%lx",
myname, (unsigned long) anvil_local);
+ return (anvil_remote);
+}
+
+/* anvil_remote_connect - report connection event, query address status */
+
+static void anvil_remote_connect(VSTREAM *client_stream, const char *ident)
+{
+ ANVIL_REMOTE *anvil_remote;
+
+ /*
+ * Update or instantiate connection info.
+ */
+ anvil_remote = anvil_remote_conn_update(client_stream, ident);
+
/*
* Respond to the local client.
*/
}
}
+/* anvil_remote_mail - register message delivery request */
+
+static void anvil_remote_mail(VSTREAM *client_stream, const char *ident)
+{
+ ANVIL_REMOTE *anvil_remote;
+
+ /*
+ * Be prepared for "postfix reload" after "connect".
+ */
+ if ((anvil_remote =
+ (ANVIL_REMOTE *) htable_find(anvil_remote_map, ident)) == 0)
+ anvil_remote = anvil_remote_conn_update(client_stream, ident);
+
+ /*
+ * Update message delivery request rate and respond to local client.
+ */
+ ANVIL_ADD_MAIL(anvil_remote);
+ attr_print_plain(client_stream, ATTR_FLAG_NONE,
+ ATTR_TYPE_NUM, ANVIL_ATTR_STATUS, ANVIL_STAT_OK,
+ ATTR_TYPE_NUM, ANVIL_ATTR_RATE, anvil_remote->mail,
+ ATTR_TYPE_END);
+
+ /*
+ * Update local statistics.
+ */
+ if (anvil_remote->mail > max_mail) {
+ max_mail = anvil_remote->mail;
+ if (max_mail_user == 0) {
+ max_mail_user = mystrdup(anvil_remote->ident);
+ } else if (!STREQ(max_mail_user, anvil_remote->ident)) {
+ myfree(max_mail_user);
+ max_mail_user = mystrdup(anvil_remote->ident);
+ }
+ max_mail_time = event_time();
+ }
+}
+
+/* anvil_remote_rcpt - register recipient address event */
+
+static void anvil_remote_rcpt(VSTREAM *client_stream, const char *ident)
+{
+ ANVIL_REMOTE *anvil_remote;
+
+ /*
+ * Be prepared for "postfix reload" after "connect".
+ */
+ if ((anvil_remote =
+ (ANVIL_REMOTE *) htable_find(anvil_remote_map, ident)) == 0)
+ anvil_remote = anvil_remote_conn_update(client_stream, ident);
+
+ /*
+ * Update recipient address rate and respond to local client.
+ */
+ ANVIL_ADD_RCPT(anvil_remote);
+ attr_print_plain(client_stream, ATTR_FLAG_NONE,
+ ATTR_TYPE_NUM, ANVIL_ATTR_STATUS, ANVIL_STAT_OK,
+ ATTR_TYPE_NUM, ANVIL_ATTR_RATE, anvil_remote->rcpt,
+ ATTR_TYPE_END);
+
+ /*
+ * Update local statistics.
+ */
+ if (anvil_remote->rcpt > max_rcpt) {
+ max_rcpt = anvil_remote->rcpt;
+ if (max_rcpt_user == 0) {
+ max_rcpt_user = mystrdup(anvil_remote->ident);
+ } else if (!STREQ(max_rcpt_user, anvil_remote->ident)) {
+ myfree(max_rcpt_user);
+ max_rcpt_user = mystrdup(anvil_remote->ident);
+ }
+ max_rcpt_time = event_time();
+ }
+}
+
/* anvil_remote_disconnect - report disconnect event */
static void anvil_remote_disconnect(VSTREAM *client_stream, const char *ident)
ATTR_TYPE_END) == 2) {
if (STREQ(STR(request), ANVIL_REQ_CONN)) {
anvil_remote_connect(client_stream, STR(ident));
+ } else if (STREQ(STR(request), ANVIL_REQ_MAIL)) {
+ anvil_remote_mail(client_stream, STR(ident));
+ } else if (STREQ(STR(request), ANVIL_REQ_RCPT)) {
+ anvil_remote_rcpt(client_stream, STR(ident));
} else if (STREQ(STR(request), ANVIL_REQ_DISC)) {
anvil_remote_disconnect(client_stream, STR(ident));
} else if (STREQ(STR(request), ANVIL_REQ_LOOKUP)) {
max_count, max_count_user, ctime(&max_count_time) + 4);
max_count = 0;
}
+ if (max_mail > 1) {
+ msg_info("statistics: max message rate %d/%ds for (%s) at %.15s",
+ max_mail, var_anvil_time_unit,
+ max_mail_user, ctime(&max_mail_time) + 4);
+ max_mail = 0;
+ }
+ if (max_rcpt > 1) {
+ msg_info("statistics: max recipient rate %d/%ds for (%s) at %.15s",
+ max_rcpt, var_anvil_time_unit,
+ max_rcpt_user, ctime(&max_rcpt_time) + 4);
+ max_rcpt = 0;
+ }
}
/* anvil_status_update - log and reset extreme usage periodically */
/* int *count;
/* int *rate;
/*
+/* int anvil_clnt_mail(anvil_clnt, service, addr, msgs)
+/* ANVIL_CLNT *anvil_clnt;
+/* const char *service;
+/* const char *addr;
+/* int *msgs;
+/*
+/* int anvil_clnt_rcpt(anvil_clnt, service, addr, rcpts)
+/* ANVIL_CLNT *anvil_clnt;
+/* const char *service;
+/* const char *addr;
+/* int *rcpts;
+/*
/* int anvil_clnt_disconnect(anvil_clnt, service, addr)
/* ANVIL_CLNT *anvil_clnt;
/* const char *service;
/* const char *addr;
/*
/* int anvil_clnt_lookup(anvil_clnt, service, addr,
-/* count, rate)
+/* count, rate, msgs, rcpts)
/* ANVIL_CLNT *anvil_clnt;
/* const char *service;
/* const char *addr;
/* int *count;
/* int *rate;
+/* int *msgs;
+/* int *rcpts;
/* DESCRIPTION
/* anvil_clnt_create() instantiates an anvil service client endpoint.
/*
/* client has connected, and returns the current connection
/* count and connection rate for that client.
/*
+/* anvil_clnt_mail() registers a MAIL FROM event and returns
+/* the current MAIL FROM rate for the specified client.
+/*
+/* anvil_clnt_rcpt() registers a RCPT TO event and returns
+/* the current RCPT TO rate for the specified client.
+/*
/* anvil_clnt_disconnect() informs the anvil server that a
/* client has disconnected.
/*
/* .IP rate
/* Pointer to storage for the current connection rate for this
/* remote client.
+/* .IP msgs
+/* Pointer to storage for the current message rate for this
+/* remote client.
+/* .IP rcpts
+/* Pointer to storage for the current recipient rate for this
+/* remote client.
/* DIAGNOSTICS
/* anvil_clnt_connect() and anvil_clnt_disconnect() return
/* ANVIL_STAT_OK in case of success, ANVIL_STAT_FAIL otherwise
/* anvil_clnt_free - destroy connection rate service client */
-void anvil_clnt_free(ANVIL_CLNT * anvil_clnt)
+void anvil_clnt_free(ANVIL_CLNT *anvil_clnt)
{
attr_clnt_free((ATTR_CLNT *) anvil_clnt);
}
/* anvil_clnt_lookup - status query */
-int anvil_clnt_lookup(ANVIL_CLNT * anvil_clnt, const char *service,
- const char *addr, int *count, int *rate)
+int anvil_clnt_lookup(ANVIL_CLNT *anvil_clnt, const char *service,
+ const char *addr, int *count, int *rate,
+ int *msgs, int *rcpts)
{
char *ident = ANVIL_IDENT(service, addr);
int status;
ATTR_TYPE_NUM, ANVIL_ATTR_STATUS, &status,
ATTR_TYPE_NUM, ANVIL_ATTR_COUNT, count,
ATTR_TYPE_NUM, ANVIL_ATTR_RATE, rate,
- ATTR_TYPE_END) != 3)
+ ATTR_TYPE_NUM, ANVIL_ATTR_MAIL, msgs,
+ ATTR_TYPE_NUM, ANVIL_ATTR_RCPT, rcpts,
+ ATTR_TYPE_END) != 5)
status = ANVIL_STAT_FAIL;
else if (status != ANVIL_STAT_OK)
status = ANVIL_STAT_FAIL;
/* anvil_clnt_connect - heads-up and policy query */
-int anvil_clnt_connect(ANVIL_CLNT * anvil_clnt, const char *service,
+int anvil_clnt_connect(ANVIL_CLNT *anvil_clnt, const char *service,
const char *addr, int *count, int *rate)
{
char *ident = ANVIL_IDENT(service, addr);
return (status);
}
+/* anvil_clnt_mail - heads-up and policy query */
+
+int anvil_clnt_mail(ANVIL_CLNT *anvil_clnt, const char *service,
+ const char *addr, int *msgs)
+{
+ char *ident = ANVIL_IDENT(service, addr);
+ int status;
+
+ if (attr_clnt_request((ATTR_CLNT *) anvil_clnt,
+ ATTR_FLAG_NONE, /* Query attributes. */
+ ATTR_TYPE_STR, ANVIL_ATTR_REQ, ANVIL_REQ_MAIL,
+ ATTR_TYPE_STR, ANVIL_ATTR_IDENT, ident,
+ ATTR_TYPE_END,
+ ATTR_FLAG_MISSING, /* Reply attributes. */
+ ATTR_TYPE_NUM, ANVIL_ATTR_STATUS, &status,
+ ATTR_TYPE_NUM, ANVIL_ATTR_RATE, msgs,
+ ATTR_TYPE_END) != 2)
+ status = ANVIL_STAT_FAIL;
+ else if (status != ANVIL_STAT_OK)
+ status = ANVIL_STAT_FAIL;
+ myfree(ident);
+ return (status);
+}
+
+/* anvil_clnt_rcpt - heads-up and policy query */
+
+int anvil_clnt_rcpt(ANVIL_CLNT *anvil_clnt, const char *service,
+ const char *addr, int *rcpts)
+{
+ char *ident = ANVIL_IDENT(service, addr);
+ int status;
+
+ if (attr_clnt_request((ATTR_CLNT *) anvil_clnt,
+ ATTR_FLAG_NONE, /* Query attributes. */
+ ATTR_TYPE_STR, ANVIL_ATTR_REQ, ANVIL_REQ_RCPT,
+ ATTR_TYPE_STR, ANVIL_ATTR_IDENT, ident,
+ ATTR_TYPE_END,
+ ATTR_FLAG_MISSING, /* Reply attributes. */
+ ATTR_TYPE_NUM, ANVIL_ATTR_STATUS, &status,
+ ATTR_TYPE_NUM, ANVIL_ATTR_RATE, rcpts,
+ ATTR_TYPE_END) != 2)
+ status = ANVIL_STAT_FAIL;
+ else if (status != ANVIL_STAT_OK)
+ status = ANVIL_STAT_FAIL;
+ myfree(ident);
+ return (status);
+}
+
/* anvil_clnt_disconnect - heads-up only */
-int anvil_clnt_disconnect(ANVIL_CLNT * anvil_clnt, const char *service,
+int anvil_clnt_disconnect(ANVIL_CLNT *anvil_clnt, const char *service,
const char *addr)
{
char *ident = ANVIL_IDENT(service, addr);
#include <mail_params.h>
#include <vstring_vstream.h>
+static void usage(void)
+{
+ vstream_printf("usage: %s service addr | %s service addr |"
+ " %s service addr | %s service addr\n",
+ ANVIL_REQ_CONN, ANVIL_REQ_DISC,
+ ANVIL_REQ_MAIL, ANVIL_REQ_RCPT);
+}
+
int main(int unused_argc, char **argv)
{
VSTRING *inbuf = vstring_alloc(1);
char *bufp;
char *cmd;
+ int cmd_len;
char *service;
char *addr;
int count;
int rate;
+ int msgs;
+ int rcpts;
ANVIL_CLNT *anvil;
msg_vstream_init(argv[0], VSTREAM_ERR);
|| (service = mystrtok(&bufp, " ")) == 0 || *service == 0
|| (addr = mystrtok(&bufp, " ")) == 0 || *addr == 0
|| mystrtok(&bufp, " ") != 0) {
- vstream_printf("usage: connect service addr|disconnect service addr\n");
+ vstream_printf("bad command syntax\n");
+ usage();
vstream_fflush(VSTREAM_OUT);
continue;
}
- if (strncmp(cmd, "connect", 1) == 0) {
+ cmd_len = strlen(cmd);
+ if (strncmp(cmd, ANVIL_REQ_CONN, cmd_len) == 0) {
if (anvil_clnt_connect(anvil, service, addr, &count, &rate) != ANVIL_STAT_OK)
msg_warn("error!");
else
vstream_printf("count=%d, rate=%d\n", count, rate);
- } else if (strncmp(cmd, "disconnect", 1) == 0) {
+ } else if (strncmp(cmd, ANVIL_REQ_MAIL, cmd_len) == 0) {
+ if (anvil_clnt_mail(anvil, service, addr, &msgs) != ANVIL_STAT_OK)
+ msg_warn("error!");
+ else
+ vstream_printf("rate=%d\n", msgs);
+ } else if (strncmp(cmd, ANVIL_REQ_RCPT, cmd_len) == 0) {
+ if (anvil_clnt_rcpt(anvil, service, addr, &rcpts) != ANVIL_STAT_OK)
+ msg_warn("error!");
+ else
+ vstream_printf("rate=%d\n", rcpts);
+ } else if (strncmp(cmd, ANVIL_REQ_DISC, cmd_len) == 0) {
if (anvil_clnt_disconnect(anvil, service, addr) != ANVIL_STAT_OK)
msg_warn("error!");
else
vstream_printf("OK\n");
- } else if (strncmp(cmd, "lookup", 1) == 0) {
- if (anvil_clnt_lookup(anvil, service, addr, &count, &rate) != ANVIL_STAT_OK)
+ } else if (strncmp(cmd, ANVIL_REQ_LOOKUP, cmd_len) == 0) {
+ if (anvil_clnt_lookup(anvil, service, addr, &count, &rate,
+ &msgs, &rcpts) != ANVIL_STAT_OK)
msg_warn("error!");
else
- vstream_printf("count=%d, rate=%d\n", count, rate);
- } else
- vstream_printf("usage: connect ident|disconnect ident\n");
+ vstream_printf("count=%d, rate=%d msgs=%d rcpt=%d\n",
+ count, rate, msgs, rcpts);
+ } else {
+ vstream_printf("bad command: \"%s\"\n", cmd);
+ usage();
+ }
vstream_fflush(VSTREAM_OUT);
}
vstring_free(inbuf);
#define ANVIL_ATTR_REQ "request"
#define ANVIL_REQ_CONN "connect"
#define ANVIL_REQ_DISC "disconnect"
+#define ANVIL_REQ_MAIL "message"
+#define ANVIL_REQ_RCPT "recipient"
#define ANVIL_REQ_LOOKUP "lookup"
#define ANVIL_ATTR_IDENT "ident"
#define ANVIL_ATTR_COUNT "count"
#define ANVIL_ATTR_RATE "rate"
+#define ANVIL_ATTR_MAIL "mail"
+#define ANVIL_ATTR_RCPT "rcpt"
#define ANVIL_ATTR_STATUS "status"
#define ANVIL_STAT_OK 0
extern ANVIL_CLNT *anvil_clnt_create(void);
extern int anvil_clnt_connect(ANVIL_CLNT *, const char *, const char *, int *, int *);
-extern int anvil_clnt_lookup(ANVIL_CLNT *, const char *, const char *, int *, int *);
+extern int anvil_clnt_mail(ANVIL_CLNT *, const char *, const char *, int *);
+extern int anvil_clnt_rcpt(ANVIL_CLNT *, const char *, const char *, int *);
+extern int anvil_clnt_lookup(ANVIL_CLNT *, const char *, const char *, int *, int *, int *, int *);
extern int anvil_clnt_disconnect(ANVIL_CLNT *, const char *, const char *);
extern void anvil_clnt_free(ANVIL_CLNT *);
ATTR_TYPE_STR, MAIL_ATTR_CLIENT_ADDR, request->client_addr,
ATTR_TYPE_STR, MAIL_ATTR_PROTO_NAME, request->client_proto,
ATTR_TYPE_STR, MAIL_ATTR_HELO_NAME, request->client_helo,
+ ATTR_TYPE_STR, MAIL_ATTR_SASL_METHOD, request->sasl_method,
+ ATTR_TYPE_STR, MAIL_ATTR_SASL_USERNAME, request->sasl_username,
+ ATTR_TYPE_STR, MAIL_ATTR_SASL_SENDER, request->sasl_sender,
ATTR_TYPE_LONG, MAIL_ATTR_OFFSET, offs,
ATTR_TYPE_STR, MAIL_ATTR_ORCPT, orcpt,
ATTR_TYPE_STR, MAIL_ATTR_RECIP, addr,
/* char *client_addr;
/* char *client_proto;
/* char *client_helo;
+/* char *sasl_method;
+/* char *sasl_username;
+/* char *sasl_sender;
/* .in -5
/* } DELIVER_REQUEST;
/*
static VSTRING *client_addr;
static VSTRING *client_proto;
static VSTRING *client_helo;
+ static VSTRING *sasl_method;
+ static VSTRING *sasl_username;
+ static VSTRING *sasl_sender;
long offset;
/*
client_addr = vstring_alloc(10);
client_proto = vstring_alloc(10);
client_helo = vstring_alloc(10);
+ sasl_method = vstring_alloc(10);
+ sasl_username = vstring_alloc(10);
+ sasl_sender = vstring_alloc(10);
}
/*
ATTR_TYPE_STR, MAIL_ATTR_CLIENT_ADDR, client_addr,
ATTR_TYPE_STR, MAIL_ATTR_PROTO_NAME, client_proto,
ATTR_TYPE_STR, MAIL_ATTR_HELO_NAME, client_helo,
- ATTR_TYPE_END) != 15) {
+ ATTR_TYPE_STR, MAIL_ATTR_SASL_METHOD, sasl_method,
+ ATTR_TYPE_STR, MAIL_ATTR_SASL_USERNAME, sasl_username,
+ ATTR_TYPE_STR, MAIL_ATTR_SASL_SENDER, sasl_sender,
+ ATTR_TYPE_END) != 18) {
msg_warn("%s: error receiving common attributes", myname);
return (-1);
}
request->client_addr = mystrdup(vstring_str(client_addr));
request->client_proto = mystrdup(vstring_str(client_proto));
request->client_helo = mystrdup(vstring_str(client_helo));
+ request->sasl_method = mystrdup(vstring_str(sasl_method));
+ request->sasl_username = mystrdup(vstring_str(sasl_username));
+ request->sasl_sender = mystrdup(vstring_str(sasl_sender));
/*
* Extract the recipient offset and address list. Skip over any
request->client_addr = 0;
request->client_proto = 0;
request->client_helo = 0;
+ request->sasl_method = 0;
+ request->sasl_username = 0;
+ request->sasl_sender = 0;
return (request);
}
myfree(request->client_proto);
if (request->client_helo)
myfree(request->client_helo);
+ if (request->sasl_method)
+ myfree(request->sasl_method);
+ if (request->sasl_username)
+ myfree(request->sasl_username);
+ if (request->sasl_sender)
+ myfree(request->sasl_sender);
myfree((char *) request);
}
char *client_addr; /* client address */
char *client_proto; /* client protocol */
char *client_helo; /* helo parameter */
+ char *sasl_method; /* SASL method */
+ char *sasl_username; /* SASL user name */
+ char *sasl_sender; /* SASL sender */
} DELIVER_REQUEST;
/*
#define DEF_SMTPD_CCONN_LIMIT ((DEF_PROC_LIMIT + 1) / 2)
extern int var_smtpd_cconn_limit;
-#define VAR_SMTPD_HOGGERS "smtpd_client_connection_limit_exceptions"
-#define DEF_SMTPD_HOGGERS "$" VAR_MYNETWORKS
+#define VAR_SMTPD_CMAIL_LIMIT "smtpd_client_message_rate_limit"
+#define DEF_SMTPD_CMAIL_LIMIT 0
+extern int var_smtpd_cmail_limit;
+
+#define VAR_SMTPD_CRCPT_LIMIT "smtpd_client_recipient_rate_limit"
+#define DEF_SMTPD_CRCPT_LIMIT 0
+extern int var_smtpd_crcpt_limit;
+
+#define VAR_SMTPD_HOGGERS "smtpd_client_event_limit_exceptions"
+#define DEF_SMTPD_HOGGERS "${smtpd_client_connection_limit_exceptions:$" VAR_MYNETWORKS "}"
extern char *var_smtpd_hoggers;
#define VAR_ANVIL_TIME_UNIT "anvil_rate_time_unit"
* Patches change the patchlevel and the release date. Snapshots change the
* release date only.
*/
-#define MAIL_RELEASE_DATE "20040919"
+#define MAIL_RELEASE_DATE "20041009"
#define MAIL_VERSION_NUMBER "2.2"
#define VAR_MAIL_VERSION "mail_version"
/* SUMMARY
/* Postfix master process
/* SYNOPSIS
-/* .fi
-/* \fBmaster\fR [\fB-Dtv\fR] [\fB-c \fIconfig_dir\fR]
-/* [\fB-e \fIexit_time\fR]
+/* \fBmaster\fR [\fB-Dtv\fR] [\fB-c \fIconfig_dir\fR] [\fB-e \fIexit_time\fR]
/* DESCRIPTION
/* The \fBmaster\fR daemon is the resident process that runs Postfix
/* daemons on demand: daemons to send or receive messages via the
/* resident queue manager and the resident address verification server.
/*
/* The behavior of the \fBmaster\fR daemon is controlled by the
-/* \fBmaster.cf\fR configuration file. The table specifies zero or
-/* more servers in the \fBUNIX\fR or \fBINET\fR domain, or servers
-/* that take requests from a FIFO. Precise configuration details are
-/* given in the \fBmaster.cf\fR file, and in the manual pages of the
-/* respective daemons.
+/* \fBmaster.cf\fR configuration file, as described in master(5).
/*
/* Options:
/* .IP "\fB-c \fIconfig_dir\fR"
/* Read the \fBmain.cf\fR and \fBmaster.cf\fR configuration files in
/* the named directory instead of the default configuration directory.
+/* This also overrides the configuration files for other Postfix
+/* daemon processes.
/* .IP "\fB-e \fIexit_time\fR"
/* Terminate the master process after \fIexit_time\fR seconds. Child
/* processes terminate at their convenience.
/* SEE ALSO
/* qmgr(8), queue manager
/* verify(8), address verification
-/* postconf(5), configuration parameters
+/* master(5), master.cf configuration file syntax
+/* postconf(5), main.cf configuration parameter syntax
/* syslogd(8), system logging
/* LICENSE
/* .ad
char *client_addr; /* client address */
char *client_proto; /* client protocol */
char *client_helo; /* helo parameter */
+ char *sasl_method; /* SASL method */
+ char *sasl_username; /* SASL user name */
+ char *sasl_sender; /* SASL sender */
QMGR_RCPT_LIST rcpt_list; /* complete addresses */
};
ATTR_TYPE_STR, MAIL_ATTR_CLIENT_ADDR, message->client_addr,
ATTR_TYPE_STR, MAIL_ATTR_PROTO_NAME, message->client_proto,
ATTR_TYPE_STR, MAIL_ATTR_HELO_NAME, message->client_helo,
+ ATTR_TYPE_STR, MAIL_ATTR_SASL_METHOD, message->sasl_method,
+ ATTR_TYPE_STR, MAIL_ATTR_SASL_USERNAME, message->sasl_username,
+ ATTR_TYPE_STR, MAIL_ATTR_SASL_SENDER, message->sasl_sender,
ATTR_TYPE_END);
if (sender_buf != 0)
vstring_free(sender_buf);
message->client_addr = 0;
message->client_proto = 0;
message->client_helo = 0;
+ message->sasl_method = 0;
+ message->sasl_username = 0;
+ message->sasl_sender = 0;
qmgr_rcpt_list_init(&message->rcpt_list);
return (message);
}
myfree(message->client_helo);
message->client_helo = mystrdup(value);
}
+ if (strcmp(name, MAIL_ATTR_SASL_METHOD) == 0) {
+ if (message->sasl_method == 0)
+ message->sasl_method = mystrdup(value);
+ else
+ msg_warn("%s: ignoring multiple %s attribute: %s",
+ message->queue_id, MAIL_ATTR_SASL_METHOD, value);
+ }
+ if (strcmp(name, MAIL_ATTR_SASL_USERNAME) == 0) {
+ if (message->sasl_username == 0)
+ message->sasl_username = mystrdup(value);
+ else
+ msg_warn("%s: ignoring multiple %s attribute: %s",
+ message->queue_id, MAIL_ATTR_SASL_USERNAME, value);
+ }
+ if (strcmp(name, MAIL_ATTR_SASL_SENDER) == 0) {
+ if (message->sasl_sender == 0)
+ message->sasl_sender = mystrdup(value);
+ else
+ msg_warn("%s: ignoring multiple %s attribute: %s",
+ message->queue_id, MAIL_ATTR_SASL_SENDER, value);
+ }
/* Optional tracing flags. */
else if (strcmp(name, MAIL_ATTR_TRACE_FLAGS) == 0) {
message->tflags = DEL_REQ_TRACE_FLAGS(atoi(value));
message->client_proto = mystrdup("");
if (message->client_helo == 0)
message->client_helo = mystrdup("");
+ if (message->sasl_method == 0)
+ message->sasl_method = mystrdup("");
+ if (message->sasl_username == 0)
+ message->sasl_username = mystrdup("");
+ if (message->sasl_sender == 0)
+ message->sasl_sender = mystrdup("");
/*
* Clean up.
myfree(message->client_proto);
if (message->client_helo)
myfree(message->client_helo);
+ if (message->sasl_method)
+ myfree(message->sasl_method);
+ if (message->sasl_username)
+ myfree(message->sasl_username);
+ if (message->sasl_sender)
+ myfree(message->sasl_sender);
qmgr_rcpt_list_free(&message->rcpt_list);
qmgr_message_count--;
myfree((char *) message);
/* .sp
/* In the command argument vector, the following macros are recognized
/* and replaced with corresponding information from the Postfix queue
-/* manager delivery request:
+/* manager delivery request.
+/* .sp
+/* In addition to the form ${\fIname\fR}, the forms $\fIname\fR and
+/* $(\fIname\fR) are also recognized. Specify \fB$$\fR where a single
+/* \fB$\fR is wanted.
/* .RS
/* .IP \fB${\fBextension\fR}\fR
/* This macro expands to the extension part of a recipient address.
/* .sp
/* This information is modified by the \fBhqu\fR flags for quoting
/* and case folding.
+/* .IP \fB${\fBsasl_method\fR}\fR
+/* This macro expands to the SASL authentication mechanism used
+/* during the reception of the message. An empty string is passed
+/* if the message has been received without SASL authentication.
+/* .sp
+/* This is available in Postfix 2.2 and later.
+/* .IP \fB${\fBsasl_sender\fR}\fR
+/* This macro expands to the SASL sender name (i.e. the original
+/* submitter as per RFC 2554) used during the reception of the message.
+/* .sp
+/* This is available in Postfix 2.2 and later.
+/* .IP \fB${\fBsasl_username\fR}\fR
+/* This macro expands to the SASL user name used during the reception
+/* of the message. An empty string is passed if the message has been
+/* received without SASL authentication.
+/* .sp
+/* This is available in Postfix 2.2 and later.
/* .IP \fB${\fBsender\fR}\fR
/* This macro expands to the envelope sender address.
/* .sp
/* .sp
/* This information is modified by the \fBu\fR flag for case folding.
/* .RE
-/* .PP
-/* In addition to the form ${\fIname\fR}, the forms $\fIname\fR and
-/* $(\fIname\fR) are also recognized. Specify \fB$$\fR where a single
-/* \fB$\fR is wanted.
/* DIAGNOSTICS
/* Command exit status codes are expected to
/* follow the conventions defined in <\fBsysexits.h\fR>.
#define PIPE_DICT_EXTENSION "extension" /* key */
#define PIPE_DICT_MAILBOX "mailbox" /* key */
#define PIPE_DICT_SIZE "size" /* key */
+#define PIPE_DICT_SASL_METHOD "sasl_method" /* key */
+#define PIPE_DICT_SASL_USERNAME "sasl_username" /* key */
+#define PIPE_DICT_SASL_SENDER "sasl_sender" /* key */
/*
* Flags used to pass back the type of special parameter found by
PIPE_DICT_EXTENSION, PIPE_FLAG_EXTENSION,
PIPE_DICT_MAILBOX, PIPE_FLAG_MAILBOX,
PIPE_DICT_SIZE, 0,
+ PIPE_DICT_SASL_METHOD, 0,
+ PIPE_DICT_SASL_USERNAME, 0,
+ PIPE_DICT_SASL_SENDER, 0,
0, 0,
};
struct cmd_flags *p;
dict_update(PIPE_DICT_TABLE, PIPE_DICT_NEXTHOP, request->nexthop);
vstring_sprintf(buf, "%ld", (long) request->data_size);
dict_update(PIPE_DICT_TABLE, PIPE_DICT_SIZE, STR(buf));
+ dict_update(PIPE_DICT_TABLE, PIPE_DICT_SASL_METHOD,
+ request->sasl_method);
+ dict_update(PIPE_DICT_TABLE, PIPE_DICT_SASL_USERNAME,
+ request->sasl_username);
+ dict_update(PIPE_DICT_TABLE, PIPE_DICT_SASL_SENDER,
+ request->sasl_sender);
vstring_free(buf);
if ((expanded_argv = expand_argv(service, attr.command,
/* sendmail(1), Sendmail compatibility interface
/*
/* Postfix configuration:
-/* postconf(5), Postfix configuration parameters
+/* master(5), Postfix master.cf file syntax
+/* postconf(5), Postfix main.cf file syntax
/*
/* Table-driven mechanisms:
/* access(5), Postfix SMTP access control table
/* .sp
/* Note: use "\fBpostsuper -r\fR" to release mail that was kept on
/* hold for a significant fraction of \fB$maximal_queue_lifetime\fR
-/* or \fB$bounce_queue_lifetime\fR or longer.
+/* or \fB$bounce_queue_lifetime\fR, or longer.
/* .sp
/* Specify \fB-H ALL\fR to release all mail that is "on hold".
/* As a safety measure, the word \fBALL\fR must be specified in upper
char *client_addr; /* client address */
char *client_proto; /* client protocol */
char *client_helo; /* helo parameter */
+ char *sasl_method; /* SASL method */
+ char *sasl_username; /* SASL user name */
+ char *sasl_sender; /* SASL sender */
QMGR_RCPT_LIST rcpt_list; /* complete addresses */
int rcpt_count; /* used recipient slots */
int rcpt_limit; /* maximum read in-core */
ATTR_TYPE_STR, MAIL_ATTR_CLIENT_ADDR, message->client_addr,
ATTR_TYPE_STR, MAIL_ATTR_PROTO_NAME, message->client_proto,
ATTR_TYPE_STR, MAIL_ATTR_HELO_NAME, message->client_helo,
+ ATTR_TYPE_STR, MAIL_ATTR_SASL_METHOD, message->sasl_method,
+ ATTR_TYPE_STR, MAIL_ATTR_SASL_USERNAME, message->sasl_username,
+ ATTR_TYPE_STR, MAIL_ATTR_SASL_SENDER, message->sasl_sender,
ATTR_TYPE_END);
if (sender_buf != 0)
vstring_free(sender_buf);
message->client_addr = 0;
message->client_proto = 0;
message->client_helo = 0;
+ message->sasl_method = 0;
+ message->sasl_username = 0;
+ message->sasl_sender = 0;
qmgr_rcpt_list_init(&message->rcpt_list);
message->rcpt_count = 0;
message->rcpt_limit = var_qmgr_msg_rcpt_limit;
myfree(message->client_helo);
message->client_helo = mystrdup(value);
}
+ if (strcmp(name, MAIL_ATTR_SASL_METHOD) == 0) {
+ if (message->sasl_method == 0)
+ message->sasl_method = mystrdup(value);
+ else
+ msg_warn("%s: ignoring multiple %s attribute: %s",
+ message->queue_id, MAIL_ATTR_SASL_METHOD, value);
+ }
+ if (strcmp(name, MAIL_ATTR_SASL_USERNAME) == 0) {
+ if (message->sasl_username == 0)
+ message->sasl_username = mystrdup(value);
+ else
+ msg_warn("%s: ignoring multiple %s attribute: %s",
+ message->queue_id, MAIL_ATTR_SASL_USERNAME, value);
+ }
+ if (strcmp(name, MAIL_ATTR_SASL_SENDER) == 0) {
+ if (message->sasl_sender == 0)
+ message->sasl_sender = mystrdup(value);
+ else
+ msg_warn("%s: ignoring multiple %s attribute: %s",
+ message->queue_id, MAIL_ATTR_SASL_SENDER, value);
+ }
/* Optional tracing flags. */
else if (strcmp(name, MAIL_ATTR_TRACE_FLAGS) == 0) {
message->tflags = DEL_REQ_TRACE_FLAGS(atoi(value));
message->client_proto = mystrdup("");
if (message->client_helo == 0)
message->client_helo = mystrdup("");
+ if (message->sasl_method == 0)
+ message->sasl_method = mystrdup("");
+ if (message->sasl_username == 0)
+ message->sasl_username = mystrdup("");
+ if (message->sasl_sender == 0)
+ message->sasl_sender = mystrdup("");
/*
* Clean up.
myfree(message->client_proto);
if (message->client_helo)
myfree(message->client_helo);
+ if (message->sasl_method)
+ myfree(message->sasl_method);
+ if (message->sasl_username)
+ myfree(message->sasl_username);
+ if (message->sasl_sender)
+ myfree(message->sasl_sender);
qmgr_rcpt_list_free(&message->rcpt_list);
qmgr_message_count--;
myfree((char *) message);
/* .IP "\fBauthorized_mailq_users (static:anyone)\fR"
/* List of users who are authorized to view the queue.
/* .IP "\fBauthorized_submit_users (static:anyone)\fR"
-/* List of users who are authorized to submit mail with the
-/* sendmail(1) command (and with the privileged postdrop(1)
-/* helper command).
+/* List of users who are authorized to submit mail with the sendmail(1)
+/* command (and with the privileged postdrop(1) helper command).
/* RESOURCE AND RATE CONTROLS
/* .ad
/* .fi
*/
rec_fputs(dst, REC_TYPE_MESG, "");
if (DEL_REQ_TRACE_ONLY(flags) != 0) {
- rec_fprintf(dst, REC_TYPE_NORM, "From: %s", saved_sender);
+ if (flags & SM_FLAG_XRCPT)
+ msg_fatal_status(EX_USAGE, "-t option cannot be used with -bv");
+ if (*saved_sender)
+ rec_fprintf(dst, REC_TYPE_NORM, "From: %s", saved_sender);
rec_fprintf(dst, REC_TYPE_NORM, "Subject: probe");
if (recipients) {
rec_fprintf(dst, REC_TYPE_NORM, "To:");
/* The maximal number of lines in the Postfix SMTP server command history
/* before it is flushed upon receipt of EHLO, RSET, or end of DATA.
/* .PP
-/* Not available in Postfix version 2.1:
+/* The per SMTP client connection count and request rate limits are
+/* implemented in co-operation with the anvil(8) service, and
+/* are available in Postfix version 2.2 and later.
/* .IP "\fBsmtpd_client_connection_count_limit (50)\fR"
-/* How many simultaneous connections any SMTP client is allowed to
-/* make to the SMTP service.
+/* How many simultaneous connections any client is allowed to
+/* make to this service.
/* .IP "\fBsmtpd_client_connection_rate_limit (0)\fR"
/* The maximal number of connection attempts any client is allowed to
/* make to this service per time unit.
-/* .IP "\fBsmtpd_client_connection_limit_exceptions ($mynetworks)\fR"
-/* Clients that are excluded from connection count or connection rate
-/* restrictions.
+/* .IP "\fBsmtpd_client_message_rate_limit (0)\fR"
+/* The maximal number of message delivery requests that any client is
+/* allowed to make to this service per time unit, regardless of whether
+/* or not Postfix actually accepts those messages.
+/* .IP "\fBsmtpd_client_recipient_rate_limit (0)\fR"
+/* The maximal number of recipient addresses that any client is allowed
+/* to send to this service per time unit, regardless of whether or not
+/* Postfix actually accepts those recipients.
+/* .IP "\fBsmtpd_client_event_limit_exceptions ($mynetworks)\fR"
+/* Clients that are excluded from connection count, connection rate,
+/* message rate or recipient rate restrictions.
/* TARPIT CONTROLS
/* .ad
/* .fi
/* The mail system name that is prepended to the process name in syslog
/* records, so that "smtpd" becomes, for example, "postfix/smtpd".
/* SEE ALSO
+/* anvil(8), client count and request rate management
/* cleanup(8), message canonicalization
/* trivial-rewrite(8), address resolver
/* verify(8), address verification service
#ifdef SNAPSHOT
int var_smtpd_crate_limit;
int var_smtpd_cconn_limit;
+int var_smtpd_cmail_limit;
+int var_smtpd_crcpt_limit;
char *var_smtpd_hoggers;
#endif
state->queue_id = mystrdup(state->dest->id);
/*
- * Record the time of arrival, the sender envelope address, some session
- * information, and some additional attributes.
+ * Record the time of arrival, the SASL-related stuff if applicable, the
+ * sender envelope address, some session information, and some additional
+ * attributes.
*/
if (SMTPD_STAND_ALONE(state) == 0) {
rec_fprintf(state->cleanup, REC_TYPE_TIME, "%ld", state->time);
if (*var_filter_xport)
rec_fprintf(state->cleanup, REC_TYPE_FILT, "%s", var_filter_xport);
}
+#ifdef USE_SASL_AUTH
+ if (var_smtpd_sasl_enable) {
+ if (state->sasl_method)
+ rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
+ MAIL_ATTR_SASL_METHOD, state->sasl_method);
+ if (state->sasl_username)
+ rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
+ MAIL_ATTR_SASL_USERNAME, state->sasl_username);
+ if (state->sasl_sender)
+ rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
+ MAIL_ATTR_SASL_SENDER, state->sasl_sender);
+ }
+#endif
rec_fputs(state->cleanup, REC_TYPE_FROM, state->sender);
if (state->encoding != 0)
rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
int narg;
char *arg;
char *verp_delims = 0;
+ int rate;
state->encoding = 0;
smtpd_chat_reply(state, "501 Syntax: MAIL FROM: <address>");
return (-1);
}
+
+ /*
+ * XXX The client event count/rate control must be consistent in its use
+ * of client address information in connect and disconnect events. For
+ * now we exclude xclient authorized hosts from event count/rate control.
+ */
+#ifdef SNAPSHOT
+ if (SMTPD_STAND_ALONE(state) == 0
+ && !xclient_allowed
+ && anvil_clnt
+ && var_smtpd_cmail_limit > 0
+ && !namadr_list_match(hogger_list, state->name, state->addr)
+ && anvil_clnt_mail(anvil_clnt, state->service, state->addr,
+ &rate) == ANVIL_STAT_OK
+ && rate > var_smtpd_cmail_limit) {
+ smtpd_chat_reply(state, "421 %s Error: too much mail from %s",
+ var_myhostname, state->addr);
+ msg_warn("Message delivery request rate limit exceeded: %d from %s for service %s",
+ rate, state->namaddr, state->service);
+ return (-1);
+ }
+#endif
if (argv[2].tokval == SMTPD_TOK_ERROR) {
state->error_mask |= MAIL_ERROR_PROTOCOL;
smtpd_chat_reply(state, "501 Bad sender address syntax");
char *err;
int narg;
char *arg;
+ int rate;
/*
* Sanity checks.
smtpd_chat_reply(state, "501 Syntax: RCPT TO: <address>");
return (-1);
}
+
+ /*
+ * XXX The client event count/rate control must be consistent in its use
+ * of client address information in connect and disconnect events. For
+ * now we exclude xclient authorized hosts from event count/rate control.
+ */
+#ifdef SNAPSHOT
+ if (SMTPD_STAND_ALONE(state) == 0
+ && !xclient_allowed
+ && anvil_clnt
+ && var_smtpd_crcpt_limit > 0
+ && !namadr_list_match(hogger_list, state->name, state->addr)
+ && anvil_clnt_rcpt(anvil_clnt, state->service, state->addr,
+ &rate) == ANVIL_STAT_OK
+ && rate > var_smtpd_crcpt_limit) {
+ smtpd_chat_reply(state, "421 %s Error: too many recipients from %s",
+ var_myhostname, state->addr);
+ msg_warn("Recipient address rate limit exceeded: %d from %s for service %s",
+ rate, state->namaddr, state->service);
+ return (-1);
+ }
+#endif
if (argv[2].tokval == SMTPD_TOK_ERROR) {
state->error_mask |= MAIL_ERROR_PROTOCOL;
smtpd_chat_reply(state, "501 Bad recipient address syntax");
* its use of client address information in connect and disconnect
* events. For now we exclude xclient authorized hosts from
* connection count/rate control.
+ *
+ * XXX Must send connect/disconnect events to the anvil server even when
+ * this service is not connection count or rate limited, otherwise it
+ * will discard client message or recipient rate information too
+ * early or too late.
*/
#ifdef SNAPSHOT
if (SMTPD_STAND_ALONE(state) == 0
if (var_smtpd_cconn_limit > 0 && count > var_smtpd_cconn_limit) {
smtpd_chat_reply(state, "421 %s Error: too many connections from %s",
var_myhostname, state->addr);
- msg_warn("Too many connections: %d from %s for service %s",
+ msg_warn("Connection concurrency limit exceeded: %d from %s for service %s",
count, state->namaddr, service);
break;
}
if (var_smtpd_crate_limit > 0 && crate > var_smtpd_crate_limit) {
smtpd_chat_reply(state, "421 %s Error: too many connections from %s",
var_myhostname, state->addr);
- msg_warn("Too frequent connections: %d from %s for service %s",
+ msg_warn("Connection rate limit exceeded: %d from %s for service %s",
crate, state->namaddr, service);
break;
}
* use of client address information in connect and disconnect events.
* For now we exclude xclient authorized hosts from connection count/rate
* control.
+ *
+ * XXX Must send connect/disconnect events to the anvil server even when
+ * this service is not connection count or rate limited, otherwise it
+ * will discard client message or recipient rate information too early or
+ * too late.
*/
#ifdef SNAPSHOT
if (SMTPD_STAND_ALONE(state) == 0
* take a while. This is why I always run a local name server on critical
* machines.
*/
- smtpd_state_init(&state, stream);
+ smtpd_state_init(&state, stream, service);
msg_info("connect from %s[%s]", state.name, state.addr);
/*
* Connection rate management.
*/
#ifdef SNAPSHOT
- if (var_smtpd_crate_limit || var_smtpd_cconn_limit)
+ if (var_smtpd_crate_limit || var_smtpd_cconn_limit
+ || var_smtpd_cmail_limit || var_smtpd_crcpt_limit)
anvil_clnt = anvil_clnt_create();
#endif
}
#ifdef SNAPSHOT
VAR_SMTPD_CRATE_LIMIT, DEF_SMTPD_CRATE_LIMIT, &var_smtpd_crate_limit, 0, 0,
VAR_SMTPD_CCONN_LIMIT, DEF_SMTPD_CCONN_LIMIT, &var_smtpd_cconn_limit, 0, 0,
+ VAR_SMTPD_CMAIL_LIMIT, DEF_SMTPD_CMAIL_LIMIT, &var_smtpd_cmail_limit, 0, 0,
+ VAR_SMTPD_CRCPT_LIMIT, DEF_SMTPD_CRCPT_LIMIT, &var_smtpd_crcpt_limit, 0, 0,
#endif
0,
};
int err; /* cleanup server/queue file errors */
VSTREAM *client; /* SMTP client handle */
VSTRING *buffer; /* SMTP client buffer */
+ char *service; /* for event rate control */
time_t time; /* start of MAIL FROM transaction */
char *name; /* client hostname */
char *addr; /* client host address string */
(SMTPD_STATE_XFORWARD_NAME | SMTPD_STATE_XFORWARD_ADDR \
| SMTPD_STATE_XFORWARD_PROTO | SMTPD_STATE_XFORWARD_HELO)
-extern void smtpd_state_init(SMTPD_STATE *, VSTREAM *);
+extern void smtpd_state_init(SMTPD_STATE *, VSTREAM *, const char *);
extern void smtpd_state_reset(SMTPD_STATE *);
/*
/* SYNOPSIS
/* #include "smtpd.h"
/*
-/* void smtpd_state_init(state, stream)
+/* void smtpd_state_init(state, stream, service)
/* SMTPD_STATE *state;
/* VSTREAM *stream;
+/* const char *service;
/*
/* void smtpd_state_reset(state)
/* SMTPD_STATE *state;
/* smtpd_state_init - initialize after connection establishment */
-void smtpd_state_init(SMTPD_STATE *state, VSTREAM *stream)
+void smtpd_state_init(SMTPD_STATE *state, VSTREAM *stream,
+ const char *service)
{
/*
*/
state->err = CLEANUP_STAT_OK;
state->client = stream;
+ state->service = mystrdup(service);
state->buffer = vstring_alloc(100);
state->error_count = 0;
state->error_mask = 0;
* filled in. The other fields are taken care of by their own
* "destructor" functions.
*/
+ if (state->service)
+ myfree(state->service);
if (state->buffer)
vstring_free(state->buffer);
if (state->protocol)
#ifdef SUNOS4
#define SUPPORTED
#include <sys/types.h>
+#include <memory.h>
#define UNSAFE_CTYPE
#define fpos_t long
#define MISSING_SETENV
projects / thirdparty / postfix.git / commitdiff
