20100610
- Bugfix: Postfix no longer appends the system default CAs
- to the lists specified with *_tls_CAfile or with *_tls_CApath.
- This prevents third-party certificates from being trusted
- and given mail relay permission with permit_tls_all_clientcerts.
- This change may break valid configurations that do not use
+ Bugfix (introduced Postfix 2.2): Postfix no longer appends
+ the system default CA certificates to the lists specified
+ with *_tls_CAfile or with *_tls_CApath. This prevents
+ third-party certificates from being trusted and given mail
+ relay permission with permit_tls_all_clientcerts. This
+ change may break valid configurations that do not use
permit_tls_all_clientcerts. To get the old behavior, specify
"tls_append_default_CA = yes". Files: tls/tls_certkey.c,
tls/tls_misc.c, global/mail_params.h. proto/postconf.proto,
Cleanup: SQLite read-only driver and documentation. Files:
global/dict_sqlite.c, proto/mysql_table, proto/SQLITE_README.html.
+
+20100707
+
+ Completed the 20100610 bugfix. File: tls/tls_misc.c.
search_base = dc=example, dc=com
query_filter = mail=%s
result_attribute = memberaddr
- $ postmap -q agroup@example.com ldap:simple.cf
- auser@example.org,buser@example.org
+ $ postmap -q agroup@example.com ldap:/etc/postfix/simple.cf \
+ auser@example.org,buser@example.org
We search "dc=example, dc=com". The "mail" attribute is used in the
query_filter to locate the right group, the "result_attribute" setting
query_filter = mail=%s
result_attribute = maildrop
special_result_attribute = memberdn
- $ postmap -q agroup@example.com ldap:special.cf
- auser@mailhub.example.com,buser@mailhub.example.com
+ $ postmap -q agroup@example.com ldap:/etc/postfix/special.cf \
+ auser@mailhub.example.com,buser@mailhub.example.com
Note: if the desired member object result attribute is always also present in
the group, you get surprising results: the expansion also returns the address
query_filter = mail=%s
result_attribute = maildrop
special_result_attribute = memberdn
- $ postmap -q auser@example.com ldap:no_expand.cf ldap:expand.cf
- auser@mailhub.example.com
- $ postmap -q agroup@example.com ldap:no_expand.cf ldap:expand.cf
- auser@mailhub.example.com,buser@mailhub.example.com
- $ postmap -q bgroup@example.com ldap:no_expand.cf ldap:expand.cf
- bgroup@mlm.example.com
+ $ postmap -q auser@example.com \
+ ldap:/etc/postfix/no_expand.cf ldap:/etc/postfix/expand.cf \
+ auser@mailhub.example.com
+ $ postmap -q agroup@example.com \
+ ldap:/etc/postfix/no_expand.cf ldap:/etc/postfix/expand.cf \
+ auser@mailhub.example.com,buser@mailhub.example.com
+ $ postmap -q bgroup@example.com \
+ ldap:/etc/postfix/no_expand.cf ldap:/etc/postfix/expand.cf \
+ bgroup@mlm.example.com
Non-group objects and groups with delayed expansion (those that have a maildrop
attribute) are rewritten to a single maildrop value. Groups that don't have a
special_result_attribute = memberdn
terminal_result_attribute = maildrop
leaf_result_attribute = mail
- $ postmap -q auser@example.com ldap:fancy.cf
- auser@mailhub.example.com
- $ postmap -q cuser@example.com ldap:fancy.cf
- cuser@example.com
- $ postmap -q agroup@example.com ldap:fancy.cf
+ $ postmap -q auser@example.com ldap:/etc/postfix/fancy.cf \
+ auser@mailhub.example.com
+ $ postmap -q cuser@example.com ldap:/etc/postfix/fancy.cf \
+ cuser@example.com
+ $ postmap -q agroup@example.com ldap:/etc/postfix/fancy.cf \
auser@mailhub.example.com,buser@mailhub.example.com,auser@example.org,buser@example.org
- $ postmap -q bgroup@example.com ldap:fancy.cf
- bgroup@mlm.example.com
+ $ postmap -q bgroup@example.com ldap:/etc/postfix/fancy.cf \
+ bgroup@mlm.example.com
Above, delayed expansion is enabled via "terminal_result_attribute", which, if
present, is used as the sole result and all other expansion is suppressed.
/etc/postfix/main.cf:
transport_maps = hash:/etc/postfix/transport
slow_destination_rate_delay = 1
+ slow_destination_concurrency_failed_cohort_limit = 100
/etc/postfix/transport:
example.com slow:
$slow_destination_rate_delay seconds between deliveries to the same
destination.
+ IMPORTANT!! The large slow_destination_concurrency_failed_cohort_limit
+ value is needed. This prevents Postfix from deferring all mail for the same
+ destination after only one connection or handshake error (the reason for
+ this is that non-zero slow_destination_rate_delay forces a per-destination
+ concurrency of 1).
+
* Earlier Postfix versions:
o In the transport map entry for the problem destination, specify a dead
Incompatibility with snapshot 20100610
======================================
-Postfix no longer appends the system-supplied default CAs to the
-lists specified with *_tls_CAfile or with *_tls_CApath. This prevents
-third-party certificates from being trusted and given mail relay
-permission with permit_tls_all_clientcerts.
+Postfix no longer appends the system-supplied default CA certificates
+to the lists specified with *_tls_CAfile or with *_tls_CApath. This
+prevents third-party certificates from being trusted and given mail
+relay permission with permit_tls_all_clientcerts.
Unfortunately this change may break certificate verification on
sites that don't use permit_tls_all_clientcerts. Specify
Remove this file from the stable release.
+ Update history in manpage/readme for SQLite driver.
+
+ Make postconf aware of magical suffixes (the ones that
+ combine with transport names) and show them in "postconf
+ -n" output. Making this work with "postconf -d" is trickier.
+
Need a regular expression table to translate address
verification responses into hard/soft/accept reply codes.
$readme_directory/SMTPD_ACCESS_README:f:root:-:644
$readme_directory/SMTPD_POLICY_README:f:root:-:644
$readme_directory/SMTPD_PROXY_README:f:root:-:644
+$readme_directory/SOHO_README:f:root:-:644
$readme_directory/STANDARD_CONFIGURATION_README:f:root:-:644
$readme_directory/STRESS_README:f:root:-:644
$readme_directory/TLS_LEGACY_README:f:root:-:644
$html_directory/SMTPD_ACCESS_README.html:f:root:-:644
$html_directory/SMTPD_POLICY_README.html:f:root:-:644
$html_directory/SMTPD_PROXY_README.html:f:root:-:644
+$html_directory/SOHO_README.html:f:root:-:644
$html_directory/STANDARD_CONFIGURATION_README.html:f:root:-:644
$html_directory/STRESS_README.html:f:root:-:644
$html_directory/TLS_LEGACY_README.html:f:root:-:644
search_base = dc=example, dc=com
query_filter = mail=%s
result_attribute = memberaddr
- $ postmap -q agroup@example.com <a href="ldap_table.5.html">ldap</a>:simple.cf
- auser@example.org,buser@example.org
+ $ postmap -q agroup@example.com <a href="ldap_table.5.html">ldap</a>:/etc/postfix/simple.cf \
+ auser@example.org,buser@example.org
</pre>
</blockquote>
query_filter = mail=%s
result_attribute = maildrop
special_result_attribute = memberdn
- $ postmap -q agroup@example.com <a href="ldap_table.5.html">ldap</a>:special.cf
- auser@mailhub.example.com,buser@mailhub.example.com
+ $ postmap -q agroup@example.com <a href="ldap_table.5.html">ldap</a>:/etc/postfix/special.cf \
+ auser@mailhub.example.com,buser@mailhub.example.com
</pre>
</blockquote>
query_filter = mail=%s
result_attribute = maildrop
special_result_attribute = memberdn
- $ postmap -q auser@example.com <a href="ldap_table.5.html">ldap</a>:no_expand.cf <a href="ldap_table.5.html">ldap</a>:expand.cf
- auser@mailhub.example.com
- $ postmap -q agroup@example.com <a href="ldap_table.5.html">ldap</a>:no_expand.cf <a href="ldap_table.5.html">ldap</a>:expand.cf
- auser@mailhub.example.com,buser@mailhub.example.com
- $ postmap -q bgroup@example.com <a href="ldap_table.5.html">ldap</a>:no_expand.cf <a href="ldap_table.5.html">ldap</a>:expand.cf
- bgroup@mlm.example.com
+ $ postmap -q auser@example.com \
+ <a href="ldap_table.5.html">ldap</a>:/etc/postfix/no_expand.cf <a href="ldap_table.5.html">ldap</a>:/etc/postfix/expand.cf \
+ auser@mailhub.example.com
+ $ postmap -q agroup@example.com \
+ <a href="ldap_table.5.html">ldap</a>:/etc/postfix/no_expand.cf <a href="ldap_table.5.html">ldap</a>:/etc/postfix/expand.cf \
+ auser@mailhub.example.com,buser@mailhub.example.com
+ $ postmap -q bgroup@example.com \
+ <a href="ldap_table.5.html">ldap</a>:/etc/postfix/no_expand.cf <a href="ldap_table.5.html">ldap</a>:/etc/postfix/expand.cf \
+ bgroup@mlm.example.com
</pre>
</blockquote>
special_result_attribute = memberdn
terminal_result_attribute = maildrop
leaf_result_attribute = mail
- $ postmap -q auser@example.com <a href="ldap_table.5.html">ldap</a>:fancy.cf
- auser@mailhub.example.com
- $ postmap -q cuser@example.com <a href="ldap_table.5.html">ldap</a>:fancy.cf
- cuser@example.com
- $ postmap -q agroup@example.com <a href="ldap_table.5.html">ldap</a>:fancy.cf
- auser@mailhub.example.com,buser@mailhub.example.com,auser@example.org,buser@example.org
- $ postmap -q bgroup@example.com <a href="ldap_table.5.html">ldap</a>:fancy.cf
- bgroup@mlm.example.com
+ $ postmap -q auser@example.com <a href="ldap_table.5.html">ldap</a>:/etc/postfix/fancy.cf \
+ auser@mailhub.example.com
+ $ postmap -q cuser@example.com <a href="ldap_table.5.html">ldap</a>:/etc/postfix/fancy.cf \
+ cuser@example.com
+ $ postmap -q agroup@example.com <a href="ldap_table.5.html">ldap</a>:/etc/postfix/fancy.cf \
+ auser@mailhub.example.com,buser@mailhub.example.com,auser@example.org,buser@example.org
+ $ postmap -q bgroup@example.com <a href="ldap_table.5.html">ldap</a>:/etc/postfix/fancy.cf \
+ bgroup@mlm.example.com
</pre>
</blockquote>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#transport_maps">transport_maps</a> = hash:/etc/postfix/transport
slow_destination_rate_delay = 1
+ slow_destination_concurrency_failed_cohort_limit = 100
/etc/postfix/transport:
example.com slow:
$slow_destination_rate_delay seconds between deliveries to the same
destination. </p>
+<p> IMPORTANT!! The large slow_destination_concurrency_failed_cohort_limit
+value is needed. This prevents Postfix from deferring all mail for
+the same destination after only one connection or handshake error
+(the reason for this is that non-zero slow_destination_rate_delay
+forces a per-destination concurrency of 1). </p>
+
<li> <p> Earlier Postfix versions: </p>
<ul>
<blockquote>
<pre>
-<a href="postconf.5.html#alias_maps">alias_maps</a> = <a href="mysql_table.5.html">sqlite</a>:/etc/postfix/sqlite-aliases.cf
+<a href="postconf.5.html#alias_maps">alias_maps</a> = <a href="sqlite_table.5.html">sqlite</a>:/etc/postfix/sqlite-aliases.cf
</pre>
</blockquote>
name of the message delivery transport.
</p>
+<p> NOTE: with a non-zero _destination_rate_delay, specify a
+<a href="postconf.5.html#transport_destination_concurrency_failed_cohort_limit"><i>transport</i>_destination_concurrency_failed_cohort_limit</a> of 10
+or more to prevent Postfix from deferring all mail for the same
+destination after only one connection or handshake error. </p>
+
<p> This feature is available in Postfix 2.5 and later. </p>
(default: $<a href="postconf.5.html#mynetworks">mynetworks</a>)</b></DT><DD>
<p>
-Clients that are excluded from connection count, connection rate,
-
or SMTP request rate restrictions. See the <a href="postconf.5.html#mynetworks">mynetworks</a> parameter
+Clients that are excluded from smtpd_client_*_count/rate_limit
+restrictions. See the <a href="postconf.5.html#mynetworks">mynetworks</a> parameter
description for the parameter value syntax.
</p>
sqlite_table - Postfix SQLite configuration
<b>SYNOPSIS</b>
- <b>postmap -q "</b><i>string</i><b>" <a href="mysql_table.5.html">sqlite</a>:/etc/postfix/filename</b>
+ <b>postmap -q "</b><i>string</i><b>" <a href="sqlite_table.5.html">sqlite</a>:/etc/postfix/filename</b>
- <b>postmap -q - <a href="mysql_table.5.html">sqlite</a>:/etc/postfix/</b><i>filename</i> <<i>inputfile</i>
+ <b>postmap -q - <a href="sqlite_table.5.html">sqlite</a>:/etc/postfix/</b><i>filename</i> <<i>inputfile</i>
<b>DESCRIPTION</b>
The Postfix mail system uses optional tables for address
Alternatively, lookup tables can be specified as SQLite
databases. In order to use SQLite lookups, define an
SQLite source as a lookup table in <a href="postconf.5.html">main.cf</a>, for example:
- <a href="postconf.5.html#alias_maps">alias_maps</a> = <a href="mysql_table.5.html">sqlite</a>:/etc/sqlite-aliases.cf
+ <a href="postconf.5.html#alias_maps">alias_maps</a> = <a href="sqlite_table.5.html">sqlite</a>:/etc/sqlite-aliases.cf
The file /etc/postfix/sqlite-aliases.cf has the same for-
mat as the Postfix <a href="postconf.5.html">main.cf</a> file, and can specify the
with a slash or a dot. The SQLite parameters will then be
accessible as the name you've given the source in its def-
inition, an underscore, and the name of the parameter.
- For example, if the map is specified as "<a href="mysql_table.5.html">sqlite</a>:<i>sqlite-</i>
+ For example, if the map is specified as "<a href="sqlite_table.5.html">sqlite</a>:<i>sqlite-</i>
<i>name</i>", the parameter "query" below would be defined in
<a href="postconf.5.html">main.cf</a> as "<i>sqlitename</i>_query".
transport-specific override, where \fItransport\fR is the master.cf
name of the message delivery transport.
.PP
+NOTE: with a non-zero _destination_rate_delay, specify a
+\fItransport\fR_destination_concurrency_failed_cohort_limit of 10
+or more to prevent Postfix from deferring all mail for the same
+destination after only one connection or handshake error.
+.PP
This feature is available in Postfix 2.5 and later.
.SH default_destination_recipient_limit (default: 50)
The default maximal number of recipients per message delivery.
.ad
.ft R
.SH smtpd_client_event_limit_exceptions (default: $mynetworks)
-Clients that are excluded from connection count, connection rate,
-or SMTP request rate restrictions. See the mynetworks parameter
+Clients that are excluded from smtpd_client_*_count/rate_limit
+restrictions. See the mynetworks parameter
description for the parameter value syntax.
.PP
By default, clients in trusted networks are excluded. Specify a
s/\b(nisplus):/<a href="nisplus_table.5.html">$1<\/a>:/g;
s/\b(ldap):/<a href="ldap_table.5.html">$1<\/a>:/g;
s/\b(regexp):/<a href="regexp_table.5.html">$1<\/a>:/g;
- s/\b(sqlite):/<a href="mysql_table.5.html">$1<\/a>:/g;
+ s/\b(sqlite):/<a href="sqlite_table.5.html">$1<\/a>:/g;
s/\b(tcp):/<a href="tcp_table.5.html">$1<\/a>:/g;
# Do nice links for smtp:host:port etc.
search_base = dc=example, dc=com
query_filter = mail=%s
result_attribute = memberaddr
- $ postmap -q agroup@example.com ldap:simple.cf
- auser@example.org,buser@example.org
+ $ postmap -q agroup@example.com ldap:/etc/postfix/simple.cf \
+ auser@example.org,buser@example.org
</pre>
</blockquote>
query_filter = mail=%s
result_attribute = maildrop
special_result_attribute = memberdn
- $ postmap -q agroup@example.com ldap:special.cf
- auser@mailhub.example.com,buser@mailhub.example.com
+ $ postmap -q agroup@example.com ldap:/etc/postfix/special.cf \
+ auser@mailhub.example.com,buser@mailhub.example.com
</pre>
</blockquote>
query_filter = mail=%s
result_attribute = maildrop
special_result_attribute = memberdn
- $ postmap -q auser@example.com ldap:no_expand.cf ldap:expand.cf
- auser@mailhub.example.com
- $ postmap -q agroup@example.com ldap:no_expand.cf ldap:expand.cf
- auser@mailhub.example.com,buser@mailhub.example.com
- $ postmap -q bgroup@example.com ldap:no_expand.cf ldap:expand.cf
- bgroup@mlm.example.com
+ $ postmap -q auser@example.com \
+ ldap:/etc/postfix/no_expand.cf ldap:/etc/postfix/expand.cf \
+ auser@mailhub.example.com
+ $ postmap -q agroup@example.com \
+ ldap:/etc/postfix/no_expand.cf ldap:/etc/postfix/expand.cf \
+ auser@mailhub.example.com,buser@mailhub.example.com
+ $ postmap -q bgroup@example.com \
+ ldap:/etc/postfix/no_expand.cf ldap:/etc/postfix/expand.cf \
+ bgroup@mlm.example.com
</pre>
</blockquote>
special_result_attribute = memberdn
terminal_result_attribute = maildrop
leaf_result_attribute = mail
- $ postmap -q auser@example.com ldap:fancy.cf
- auser@mailhub.example.com
- $ postmap -q cuser@example.com ldap:fancy.cf
- cuser@example.com
- $ postmap -q agroup@example.com ldap:fancy.cf
- auser@mailhub.example.com,buser@mailhub.example.com,auser@example.org,buser@example.org
- $ postmap -q bgroup@example.com ldap:fancy.cf
- bgroup@mlm.example.com
+ $ postmap -q auser@example.com ldap:/etc/postfix/fancy.cf \
+ auser@mailhub.example.com
+ $ postmap -q cuser@example.com ldap:/etc/postfix/fancy.cf \
+ cuser@example.com
+ $ postmap -q agroup@example.com ldap:/etc/postfix/fancy.cf \
+ auser@mailhub.example.com,buser@mailhub.example.com,auser@example.org,buser@example.org
+ $ postmap -q bgroup@example.com ldap:/etc/postfix/fancy.cf \
+ bgroup@mlm.example.com
</pre>
</blockquote>
/etc/postfix/main.cf:
transport_maps = hash:/etc/postfix/transport
slow_destination_rate_delay = 1
+ slow_destination_concurrency_failed_cohort_limit = 100
/etc/postfix/transport:
example.com slow:
$slow_destination_rate_delay seconds between deliveries to the same
destination. </p>
+<p> IMPORTANT!! The large slow_destination_concurrency_failed_cohort_limit
+value is needed. This prevents Postfix from deferring all mail for
+the same destination after only one connection or handshake error
+(the reason for this is that non-zero slow_destination_rate_delay
+forces a per-destination concurrency of 1). </p>
+
<li> <p> Earlier Postfix versions: </p>
<ul>
%PARAM smtpd_client_event_limit_exceptions $mynetworks
<p>
-Clients that are excluded from connection count, connection rate,
-or SMTP request rate restrictions. See the mynetworks parameter
+Clients that are excluded from smtpd_client_*_count/rate_limit
+restrictions. See the mynetworks parameter
description for the parameter value syntax.
</p>
name of the message delivery transport.
</p>
+<p> NOTE: with a non-zero _destination_rate_delay, specify a
+<i>transport</i>_destination_concurrency_failed_cohort_limit of 10
+or more to prevent Postfix from deferring all mail for the same
+destination after only one connection or handshake error. </p>
+
<p> This feature is available in Postfix 2.5 and later. </p>
%PARAM transport_destination_rate_delay $default_destination_rate_delay
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20100618"
+#define MAIL_RELEASE_DATE "20100707"
#define MAIL_VERSION_NUMBER "2.8"
#ifdef SNAPSHOT
msg_warn("%s: ignoring bad VERP request: \"%.100s\"",
message->queue_id, start);
} else {
+ if (msg_verbose)
+ msg_info("%s: enabling VERP for sender \"%.100s\"",
+ message->queue_id, message->sender);
message->single_rcpt = 1;
message->verp_delims = mystrdup(start);
}
msg_warn("%s: ignoring bad VERP request: \"%.100s\"",
message->queue_id, start);
} else {
+ if (msg_verbose)
+ msg_info("%s: enabling VERP for sender \"%.100s\"",
+ message->queue_id, message->sender);
message->single_rcpt = 1;
message->verp_delims = mystrdup(start);
}
get_mail_conf_str_table(str_table);
get_mail_conf_int_table(int_table);
+ get_mail_conf_bool_table(bool_table);
}
/* tls_set_ciphers - Set SSL context cipher list */
projects / thirdparty / postfix.git / commitdiff
