20070425 broke on non-IPv6 systems. Files: smtpd/smtpd_peer.c,
qmqpd/qmqpd_peer.c.
-Wish list:
+20070610
- Update attr_print/scan() so they can send/receive file
- descriptors. This simplifies kludgy code in many daemons.
-
- Make adding date/from/etc. conditional. Perhaps on header
- rewrite context? Do we need a more powerful concept than
- local_header_rewrite_clients/remote_header_rewrite_domain?
-
- Would there be a problem adding $smtpd_mumble_restrictions
- and $smtpd_sender_login_maps to the default proxy_read_maps
- settings?
-
- Remove defer(8) and trace(8) references and man pages. These
- are services not program names.
-
- Bind all deliveries to the same local delivery process,
- making Postfix perform as poorly as monolithic mailers, but
- giving a possibility to eliminate duplicate deliveries.
-
- Maybe declare loop when resolve_local(mxhost) is true?
-
- Update message content length when adding/removing headers.
-
- Need scache size limit.
-
- Update BACKSCATTER_README to use PCRE because that's what I
- am using now.
-
- Make postcat header/body aware so people can grep headers.
-
- Make postmap header/body aware so people can test multi-line
- header checks.
-
- REDIRECT should override original recipient info, and
- probably override DSN as well.
-
- Find out if with Sendmail, a Milter "add recipient" request
- results in NOTIFY=NONE as Postfix does now.
-
- Update FILTER_README with mailing list suggestions to tag
- with a badness indicator and then filter down-stream.
-
- Either document or remove the internal_mail_filter_classes
- feature (it's disabled by default).
-
- Build a command-line test driver for the cleanup engine.
- This allows us to test it with arbitrary record sequences
- without having to use a live mail queue.
-
- Make null local-part handling configurable: either expand
- into mailer-daemon (current bahavior) or disallow (strict
- behavior, currently implemented only in the SMTP server).
-
- The type of var_message_limit should be changed from int
- to long or better, to take advantage of LP64 architectures.
- This also requires checking all expressions in which
- var_message_limit appears.
-
- Add M flag (enable multi-recipient delivery) to pipe daemon.
-
- The usage of TLScontext->cache_type is unclear. It specifies
- a TLS session cache type (smtpd, smtp, or lmtp), but it is
- sometimes used as an indicator that TLS session caching is
- unavailable. In reality, that decision is made by not
- registering call-back functions for cache maintenance.
-
- Postfix TLS library code should copy any strings that it
- receives from the application, instead of passing them
- around as pointers. TLScontext->cache_type is a case in
- point.
-
- Are transport:nexthop null fields the same as in the case
- of default_transport etc. parameters?
-
- Don't lose bits when converting st_dev into maildir file
- name. It's 64 bits on Linux. Found with the BEAM source
- code analyzer. Is this really a problem, or are they just
- using 64 bits for upwards compatibility with LP64 systems?
-
- Do or don't introduce unknown_reverse_client_reject_code.
-
- Check that "UINT32 == unsigned int" choice is ok (i.e. LP64
- UNIX).
-
- Tempfail when a Milter application wants content access,
- while it is configured in an SMTP server that runs before
- the smtpd_proxy filter.
-
- Log DSN original recipient when rejecting mail.
-
- Keep whitespace between label and ":"?
-
- Make the map case folding/locking options configurable, if
- not at run-time then at least at compile time so we get
- consistent behavior across applications.
-
- Investigate what it would take to eliminate oqmgr, and to
- make the old behavior configurable in a unified queue
- manager. This would shave another 2.7 KLOC from the source
- footprint.
-
- Document the case folding strategy for match_list like
- features.
-
- Eliminate the (incoming,deferred)->active rename operation.
-
- Softbounce fallback-to-ISP for SOHO users. This requires
- playing with the soft_error test in the smtp_trouble.c
- module, and avoiding delivery to backup MX hosts.
-
- In the SMTP server, set a "pipelining detected" flag at the
- start of a session and at protocol synchronization points,
- so that reject_unauth_pipelining can be specified in any
- access rule.
-
- Centralize main.cf parameter input so that defaults work
- consistently. What about parameter names that are prefixed
- with mail delivery transport names?
-
- Fix default time unit handling so that we can have a default
- bounce lifetime of $maximal_queue_lifetime, without causing
- panics when a non-default maximal_queue_lifetime setting
- includes no time unit.
-
- After the 20051222 ISASCII paranoia, lowercase() lowercases
- ASCII text only.
-
- Privacy: remove local command/pathname details from remote
- delivery status reports, and log them via local msg_warn().
-
- Is it safe to cache a connection after it has been used for
- more than some number of address verification probes?
-
- Try to recognize that Resent- headers appear in blocks,
- newest block first. But don't break on incorrect header
- block organization.
-
- Hard limits on cache sizes (anvil, specifically).
-
- Laptop friendliness: make the qmgr remember when the next
- deferred queue scan needs to be done, and have the pickup
- server stat() the maildrop directory before searching it.
-
- Low: replace_sender/replace_recipient actions in access
- maps?
-
- Low: configurable order of local(8) delivery methods.
-
- Med: local and remote source port and IP address for smtpd
- policy hook.
-
- Med: smtp_connect_timeout_budget (default: 3x smtp_connect_timeout)
- to limit the total time spent trying to connect.
-
- Med: transform IPv4-in-IPv6 address literals to IPv4 form
- when comparing against local IP addresses?
-
- Med: transform IPv4-in-IPv6 address literals to IPv4 form
- when eliminating MX mailer loops?
-
- Med: Postfix requires [] around IPv6 address information
- in match lists such as mynetworks, debug_peer_list etc.,
- but the [] must not be specified in access(5) maps. Other
- places don't care. For now, this gotcha is documented in
- IPV6_README and in postconf(5) with each feature that may
- use IPv6 address information. The general recommendation
- is not to use [] unless absolutely necessary.
-
- Med: the partial address matching of IPv6 addresses in
- access(5) maps is a bit lame: it repeatedly truncates the
- last ":octetpair" from the printable address representation
- until a match is found or until truncation is no longer
- possible. Since one or more ":" are usually omitted from
- the printable IPv6 address representation, this does not
- really try all the possibilities that one might expect to
- be tried. For now, this gotcha is documented in access(5).
-
- Med: the TLS certificate verification depth parameters never
- worked.
-
- Low: reject HELO with any domain name or IP address that
- this MTA is the final destination for.
-
- Low: should the Delivered-To: test in local(8) be configurable?
-
- Low: make mail_addr_find() lookup configurable.
-
- Low: update events.c so that 1-second timer requests do not
- suffer from rounding errors. This is needed for 1-second
- SMTP session caching time limits. A 1-second interval would
- become arbitrarily short when an event is scheduled just
- before the current second rolls over.
-
- Low: configurable internal/system locking method.
-
- Low: add INSTALL section for pre-existing Postfix systems.
-
- Low: add INSTALL section for pre-existing RPM Postfixes.
-
- Low: disallow smtpd_recipient_limit < 100 (the RFC minimum).
-
- Low: noise filter: allow smtp(8) to retry immediately if
- all MXes return a quick ECONNRESET or 4xx reply during the
- initial handshake. Retry once? How many times?
-
- Low: make post-install a "postfix-only script" so it can
- take data from the environment instead of main.cf.
-
- Low: randomize deferred mail backoff.
-
- Med: separate ulimit for delivery to command?
-
- Med: option to open queue file early, after MAIL FROM. This
- would allow correlation of rejected RCPT TO requests with
- accepted requests for the same mail transaction.
-
- Med: postsuper -r should do something with recipients in
- bounce logfiles, to make sure the sender will be notified.
- To be perfectly safe, no process other than the queue manager
- should move a queue file away from the active queue.
-
- This could involve tagging a queue file, and use up another
- permission bit (postsuper tags a "hot" file, qmgr requeues it).
-
- Low: postsuper re-run after renaming files, but only a
- limited number of times.
-
- Low: smtp-source may block when sending large test messages.
-
- Med: find a way to log the sender address when MAIL FROM
- is rejected due to lack of disk space.
-
- Low: revise other local delivery agent duplicate filters.
-
- Low: all table lookups should consistently use internalized
- (unquoted) or externalized (quoted) forms as lookup keys.
- smtpd, qmgr, local, etc. use unquoted address forms as keys.
- cleanup uses quoted forms.
-
- Low: have a configurable list of errno values for mailbox
- or maildir delivery that result in deferral rather than
- bouncing mail. What about "killed by signal" exits?
-
- Low: after reorganizing configuration parameters, add flags
- to all parameters whose value can be read from file.
-
- Medium: need in-process caching for map lookups. LDAP servers
- seem to need this in particular. Need a way to expire cached
- results that are too old.
-
- Low: generic showq protocol, to allow for more intelligent
- processing than just mailq. Maybe marry this with postsuper.
-
- Low: default domain for appending to unqualified recipients,
- so that unqualified names can be delivered locally.
-
- Low: The $process_id_directory setting is not used anywhere
- in Postfix. Problem reported by Michael Smith, texas.net.
- This should be documented, or better, the code should warn
- about attempts to set read-only parameters.
-
- Low: postconf -e edits parameters that postconf won't list.
+ Isolation: don't allow the pipe(8) delivery agent to leak
+ postdrop group privileges with "user=xxx:postdrop". File:
+ pipe/pipe.c.
- Low: while converting 8bit text to quoted-printable, perhaps
- use =46rom to avoid having to produce >From when delivering
- to mailbox.
+20070613
- virtual_mailbox_path expression like forward_path, so that
- people can specify prefix and suffix.
+ Bugfix: the Milter client assumed that body edit requests
+ would never come before header/envelope edit requests.
+ Problem was triggered by Jose-Marcio Martins da Cruz. Also
+ streamlined the handling of queue file update errors. File:
+ milter/milter8.c.
is described in the QSHAPE_README and TUNING_README documents.
* The trivial-rewrite(8) server resolves each recipient address according to
- its local and remote address class, as defined in the ADDRESS_CLASS_README
+ its local or remote address class, as defined in the ADDRESS_CLASS_README
document. Additional routing information can be specified with the optional
transport(5) table. The trivial-rewrite(8) server optionally queries the
relocated(5) table for recipients whose address has changed; mail for such
If you upgrade from Postfix 2.3 or earlier, read RELEASE_NOTES-2.4
before proceeding.
-Incompatibility with Postfix snapshot 2007XXXX
+Incompatibility with Postfix snapshot 20070613
+==============================================
+
+The pipe(8) delivery agent no longer allows delivery with the same
+group ID as the main.cf postdrop group.
+
+Incompatibility with Postfix snapshot 20070514
==============================================
The default sender address for address verification probes was
--- /dev/null
+Wish list:
+
+ Really need a cleanup driver that allows testing against
+ Milter applications instead of synthetic events. This would
+ have to provide stubs for clients that talk to Postfix
+ daemon processes. See if this approach can also be used for
+ other daemons.
+
+ smtpd(8) exempts $address_verify_sender from access controls,
+ but it doesn't know whether cleanup(8) or delivery agents
+ modify the sender. Would it be possible to "calibrate" this
+ exemption, perhaps by having delivery agents pass the probe
+ sender to the verify server, keeping in mind that the probe
+ sender may differ per delivery agent due to output rewriting.
+
+ Update attr_print/scan() so they can send/receive file
+ descriptors. This simplifies kludgy code in many daemons.
+
+ Make adding date/from/etc. conditional. Perhaps on header
+ rewrite context? Do we need a more powerful concept than
+ local_header_rewrite_clients/remote_header_rewrite_domain?
+
+ Would there be a problem adding $smtpd_mumble_restrictions
+ and $smtpd_sender_login_maps to the default proxy_read_maps
+ settings?
+
+ Remove defer(8) and trace(8) references and man pages. These
+ are services not program names.
+
+ Bind all deliveries to the same local delivery process,
+ making Postfix perform as poorly as monolithic mailers, but
+ giving a possibility to eliminate duplicate deliveries.
+
+ Maybe declare loop when resolve_local(mxhost) is true?
+
+ Update message content length when adding/removing headers.
+
+ Need scache size limit.
+
+ Update BACKSCATTER_README to use PCRE because that's what I
+ am using now.
+
+ Make postcat header/body aware so people can grep headers.
+
+ Make postmap header/body aware so people can test multi-line
+ header checks.
+
+ REDIRECT should override original recipient info, and
+ probably override DSN as well.
+
+ Find out if with Sendmail, a Milter "add recipient" request
+ results in NOTIFY=NONE as Postfix does now.
+
+ Update FILTER_README with mailing list suggestions to tag
+ with a badness indicator and then filter down-stream.
+
+ Either document or remove the internal_mail_filter_classes
+ feature (it's disabled by default).
+
+ Build a command-line test driver for the cleanup engine.
+ This allows us to test it with arbitrary record sequences
+ without having to use a live mail queue.
+
+ Make null local-part handling configurable: either expand
+ into mailer-daemon (current bahavior) or disallow (strict
+ behavior, currently implemented only in the SMTP server).
+
+ The type of var_message_limit should be changed from int
+ to long or better, to take advantage of LP64 architectures.
+ This also requires checking all expressions in which
+ var_message_limit appears.
+
+ Add M flag (enable multi-recipient delivery) to pipe daemon.
+
+ The usage of TLScontext->cache_type is unclear. It specifies
+ a TLS session cache type (smtpd, smtp, or lmtp), but it is
+ sometimes used as an indicator that TLS session caching is
+ unavailable. In reality, that decision is made by not
+ registering call-back functions for cache maintenance.
+
+ Postfix TLS library code should copy any strings that it
+ receives from the application, instead of passing them
+ around as pointers. TLScontext->cache_type is a case in
+ point.
+
+ Are transport:nexthop null fields the same as in the case
+ of default_transport etc. parameters?
+
+ Don't lose bits when converting st_dev into maildir file
+ name. It's 64 bits on Linux. Found with the BEAM source
+ code analyzer. Is this really a problem, or are they just
+ using 64 bits for upwards compatibility with LP64 systems?
+
+ Do or don't introduce unknown_reverse_client_reject_code.
+
+ Check that "UINT32 == unsigned int" choice is ok (i.e. LP64
+ UNIX).
+
+ Tempfail when a Milter application wants content access,
+ while it is configured in an SMTP server that runs before
+ the smtpd_proxy filter.
+
+ Log DSN original recipient when rejecting mail.
+
+ Keep whitespace between label and ":"?
+
+ Make the map case folding/locking options configurable, if
+ not at run-time then at least at compile time so we get
+ consistent behavior across applications.
+
+ Investigate what it would take to eliminate oqmgr, and to
+ make the old behavior configurable in a unified queue
+ manager. This would shave another 2.7 KLOC from the source
+ footprint.
+
+ Document the case folding strategy for match_list like
+ features.
+
+ Eliminate the (incoming,deferred)->active rename operation.
+
+ Softbounce fallback-to-ISP for SOHO users. This requires
+ playing with the soft_error test in the smtp_trouble.c
+ module, and avoiding delivery to backup MX hosts.
+
+ In the SMTP server, set a "pipelining detected" flag at the
+ start of a session and at protocol synchronization points,
+ so that reject_unauth_pipelining can be specified in any
+ access rule.
+
+ Centralize main.cf parameter input so that defaults work
+ consistently. What about parameter names that are prefixed
+ with mail delivery transport names?
+
+ Fix default time unit handling so that we can have a default
+ bounce lifetime of $maximal_queue_lifetime, without causing
+ panics when a non-default maximal_queue_lifetime setting
+ includes no time unit.
+
+ After the 20051222 ISASCII paranoia, lowercase() lowercases
+ ASCII text only.
+
+ Privacy: remove local command/pathname details from remote
+ delivery status reports, and log them via local msg_warn().
+
+ Is it safe to cache a connection after it has been used for
+ more than some number of address verification probes?
+
+ Try to recognize that Resent- headers appear in blocks,
+ newest block first. But don't break on incorrect header
+ block organization.
+
+ Hard limits on cache sizes (anvil, specifically).
+
+ Laptop friendliness: make the qmgr remember when the next
+ deferred queue scan needs to be done, and have the pickup
+ server stat() the maildrop directory before searching it.
+
+ Low: replace_sender/replace_recipient actions in access
+ maps?
+
+ Low: configurable order of local(8) delivery methods.
+
+ Med: local and remote source port and IP address for smtpd
+ policy hook.
+
+ Med: smtp_connect_timeout_budget (default: 3x smtp_connect_timeout)
+ to limit the total time spent trying to connect.
+
+ Med: transform IPv4-in-IPv6 address literals to IPv4 form
+ when comparing against local IP addresses?
+
+ Med: transform IPv4-in-IPv6 address literals to IPv4 form
+ when eliminating MX mailer loops?
+
+ Med: Postfix requires [] around IPv6 address information
+ in match lists such as mynetworks, debug_peer_list etc.,
+ but the [] must not be specified in access(5) maps. Other
+ places don't care. For now, this gotcha is documented in
+ IPV6_README and in postconf(5) with each feature that may
+ use IPv6 address information. The general recommendation
+ is not to use [] unless absolutely necessary.
+
+ Med: the partial address matching of IPv6 addresses in
+ access(5) maps is a bit lame: it repeatedly truncates the
+ last ":octetpair" from the printable address representation
+ until a match is found or until truncation is no longer
+ possible. Since one or more ":" are usually omitted from
+ the printable IPv6 address representation, this does not
+ really try all the possibilities that one might expect to
+ be tried. For now, this gotcha is documented in access(5).
+
+ Med: the TLS certificate verification depth parameters never
+ worked.
+
+ Low: reject HELO with any domain name or IP address that
+ this MTA is the final destination for.
+
+ Low: should the Delivered-To: test in local(8) be configurable?
+
+ Low: make mail_addr_find() lookup configurable.
+
+ Low: update events.c so that 1-second timer requests do not
+ suffer from rounding errors. This is needed for 1-second
+ SMTP session caching time limits. A 1-second interval would
+ become arbitrarily short when an event is scheduled just
+ before the current second rolls over.
+
+ Low: configurable internal/system locking method.
+
+ Low: add INSTALL section for pre-existing Postfix systems.
+
+ Low: add INSTALL section for pre-existing RPM Postfixes.
+
+ Low: disallow smtpd_recipient_limit < 100 (the RFC minimum).
+
+ Low: noise filter: allow smtp(8) to retry immediately if
+ all MXes return a quick ECONNRESET or 4xx reply during the
+ initial handshake. Retry once? How many times?
+
+ Low: make post-install a "postfix-only script" so it can
+ take data from the environment instead of main.cf.
+
+ Low: randomize deferred mail backoff.
+
+ Med: separate ulimit for delivery to command?
+
+ Med: option to open queue file early, after MAIL FROM. This
+ would allow correlation of rejected RCPT TO requests with
+ accepted requests for the same mail transaction.
+
+ Med: postsuper -r should do something with recipients in
+ bounce logfiles, to make sure the sender will be notified.
+ To be perfectly safe, no process other than the queue manager
+ should move a queue file away from the active queue.
+
+ This could involve tagging a queue file, and use up another
+ permission bit (postsuper tags a "hot" file, qmgr requeues it).
+
+ Low: postsuper re-run after renaming files, but only a
+ limited number of times.
+
+ Low: smtp-source may block when sending large test messages.
+
+ Med: find a way to log the sender address when MAIL FROM
+ is rejected due to lack of disk space.
+
+ Low: revise other local delivery agent duplicate filters.
+
+ Low: all table lookups should consistently use internalized
+ (unquoted) or externalized (quoted) forms as lookup keys.
+ smtpd, qmgr, local, etc. use unquoted address forms as keys.
+ cleanup uses quoted forms.
+
+ Low: have a configurable list of errno values for mailbox
+ or maildir delivery that result in deferral rather than
+ bouncing mail. What about "killed by signal" exits?
+
+ Low: after reorganizing configuration parameters, add flags
+ to all parameters whose value can be read from file.
+
+ Medium: need in-process caching for map lookups. LDAP servers
+ seem to need this in particular. Need a way to expire cached
+ results that are too old.
+
+ Low: generic showq protocol, to allow for more intelligent
+ processing than just mailq. Maybe marry this with postsuper.
+
+ Low: default domain for appending to unqualified recipients,
+ so that unqualified names can be delivered locally.
+
+ Low: The $process_id_directory setting is not used anywhere
+ in Postfix. Problem reported by Michael Smith, texas.net.
+ This should be documented, or better, the code should warn
+ about attempts to set read-only parameters.
+
+ Low: postconf -e edits parameters that postconf won't list.
+
+ Low: while converting 8bit text to quoted-printable, perhaps
+ use =46rom to avoid having to produce >From when delivering
+ to mailbox.
+
+ virtual_mailbox_path expression like forward_path, so that
+ people can specify prefix and suffix.
#
# SEE ALSO
# trivial-rewrite(8), rewrite and resolve addresses
+# master(5), master.cf file format
# postconf(5), configuration parameters
# postmap(1), Postfix lookup table manager
#
and <a href="TUNING_README.html">TUNING_README</a> documents. </p>
<li> <p> The <a href="trivial-rewrite.8.html">trivial-rewrite(8)</a> server resolves each recipient
-address according to its local and remote address class, as defined
+address according to its local or remote address class, as defined
in the <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> document. Additional routing information
can be specified with the optional <a href="transport.5.html">transport(5)</a> table. The
<a href="trivial-rewrite.8.html">trivial-rewrite(8)</a> server optionally queries the <a href="relocated.5.html">relocated(5)</a> table
queue file, a sender address, the reason for non-delivery
(specified as the next-hop destination), and recipient
information. The reason may be prefixed with an <a href="http://www.faqs.org/rfcs/rfc3463.html">RFC</a>
- <a href="http://www.faqs.org/rfcs/rfc3463.html">3463</a>-compatible detail code. This program expects to be
- run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
-
- Depending on the service name in <a href="master.5.html">master.cf</a>, <b>error</b> or
- <b>retry</b>, the server bounces or defers all recipients in the
- delivery request using the "next-hop" information as the
- reason for non-delivery. The <b>retry</b> service name is sup-
+ <a href="http://www.faqs.org/rfcs/rfc3463.html">3463</a>-compatible detail code; if none is specified a
+ default 4.0.0 or 5.0.0 code is used instead. This program
+ expects to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
+
+ Depending on the service name in <a href="master.5.html">master.cf</a>, <b>error</b> or
+ <b>retry</b>, the server bounces or defers all recipients in the
+ delivery request using the "next-hop" information as the
+ reason for non-delivery. The <b>retry</b> service name is sup-
ported as of Postfix 2.4.
- Delivery
status reports are sent to the <a href="bounce.8.html"><b>bounce</b>(8)</a>,
+ Delivery
status reports are sent to the <a href="bounce.8.html"><b>bounce</b>(8)</a>,
<a href="defer.8.html"><b>defer</b>(8)</a> or <a href="trace.8.html"><b>trace</b>(8)</a> daemon as appropriate.
<b>SECURITY</b>
The <a href="error.8.html"><b>error</b>(8)</a> mailer is not security-sensitive. It does not
- talk to the network, and can be run chrooted at fixed low
+ talk to the network, and can be run chrooted at fixed low
privilege.
<b>STANDARDS</b>
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8).
- Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter,
- the postmaster is notified of bounces and of other trou-
+ Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter,
+ the postmaster is notified of bounces and of other trou-
ble.
<b>CONFIGURATION PARAMETERS</b>
Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically as <a href="error.8.html"><b>error</b>(8)</a>
- processes run for only a limited amount of time. Use the
+ processes run for only a limited amount of time. Use the
command "<b>postfix reload</b>" to speed up a change.
- The text below provides only a parameter summary. See
+ The text below provides only a parameter summary. See
<a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
<b><a href="postconf.5.html#2bounce_notice_recipient">2bounce_notice_recipient</a> (postmaster)</b>
- The recipient of undeliverable mail that cannot be
+ The recipient of undeliverable mail that cannot be
returned to the sender.
<b><a href="postconf.5.html#bounce_notice_recipient">bounce_notice_recipient</a> (postmaster)</b>
- The recipient of postmaster notifications with the
+ The recipient of postmaster notifications with the
message headers of mail that Postfix did not
- deliver and of SMTP conversation transcripts of
+ deliver and of SMTP conversation transcripts of
mail that Postfix did not receive.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
<a href="master.5.html">master.cf</a> configuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to
- handle a request before it is terminated by a
+ How much time a Postfix daemon process may take to
+ handle a request before it is terminated by a
built-in watchdog timer.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
- The maximal number of digits after the decimal
+ The maximal number of digits after the decimal
point when logging sub-second delay values.
<b><a href="postconf.5.html#double_bounce_sender">double_bounce_sender</a> (double-bounce)</b>
over an internal communication channel.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix
- daemon process waits for an incoming connection
+ The maximum amount of time that an idle Postfix
+ daemon process waits for an incoming connection
before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of incoming connections that a
- Postfix daemon process will service before termi-
+ The maximal number of incoming connections that a
+ Postfix daemon process will service before termi-
nating voluntarily.
<b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
- The list of error classes that are reported to the
+ The list of error classes that are reported to the
postmaster.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
+ The process ID of a Postfix command or daemon
process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
+ The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
+ The location of the Postfix top-level queue direc-
tory.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
+ The mail system name that is prepended to the
+ process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
<b>SEE ALSO</b>
syslogd(8), system logging
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
<ul>
<li> <p> The expressions "$name", "${name}" or "$(name)" are
-recursively replaced by the value of the named parameter. </p>
+recursively replaced by the value of the named parameter.
+Specify "$$" to produce a single "$" character. </p>
<li> <p> The expression "${name?value}" expands to "value" when
"$name" is non-empty. This form is supported with Postfix version
<b>SEE ALSO</b>
<a href="trivial-rewrite.8.html">trivial-rewrite(8)</a>, rewrite and resolve addresses
+ <a href="master.5.html">master(5)</a>, <a href="master.5.html">master.cf</a> file format
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="postmap.1.html">postmap(1)</a>, Postfix lookup table manager
.IP \(bu
The expressions "$name", "${name}" or "$(name)" are
recursively replaced by the value of the named parameter.
+Specify "$$" to produce a single "$" character.
.IP \(bu
The expression "${name?value}" expands to "value" when
"$name" is non-empty. This form is supported with Postfix
.na
.nf
trivial-rewrite(8), rewrite and resolve addresses
+master(5), master.cf file format
postconf(5), configuration parameters
postmap(1), Postfix lookup table manager
.SH "README FILES"
the queue manager. Each request specifies a queue file, a sender
address, the reason for non-delivery (specified as the
next-hop destination), and recipient information.
-The reason may be prefixed with an RFC 3463-compatible detail code.
+The reason may be prefixed with an RFC 3463-compatible detail code;
+if none is specified a default 4.0.0 or 5.0.0 code is used instead.
This program expects to be run from the \fBmaster\fR(8) process
manager.
and TUNING_README documents. </p>
<li> <p> The trivial-rewrite(8) server resolves each recipient
-address according to its local and remote address class, as defined
+address according to its local or remote address class, as defined
in the ADDRESS_CLASS_README document. Additional routing information
can be specified with the optional transport(5) table. The
trivial-rewrite(8) server optionally queries the relocated(5) table
<ul>
<li> <p> The expressions "$name", "${name}" or "$(name)" are
-recursively replaced by the value of the named parameter. </p>
+recursively replaced by the value of the named parameter.
+Specify "$$" to produce a single "$" character. </p>
<li> <p> The expression "${name?value}" expands to "value" when
"$name" is non-empty. This form is supported with Postfix version
.IP \(bu
The expressions "$name", "${name}" or "$(name)" are
recursively replaced by the value of the named parameter.
+Specify "$$" to produce a single "$" character.
.IP \(bu
The expression "${name?value}" expands to "value" when
"$name" is non-empty. This form is supported with Postfix
# List of transport lookup tables.
# SEE ALSO
# trivial-rewrite(8), rewrite and resolve addresses
+# master(5), master.cf file format
# postconf(5), configuration parameters
# postmap(1), Postfix lookup table manager
# README FILES
/* the queue manager. Each request specifies a queue file, a sender
/* address, the reason for non-delivery (specified as the
/* next-hop destination), and recipient information.
-/* The reason may be prefixed with an RFC 3463-compatible detail code.
+/* The reason may be prefixed with an RFC 3463-compatible detail code;
+/* if none is specified a default 4.0.0 or 5.0.0 code is used instead.
/* This program expects to be run from the \fBmaster\fR(8) process
/* manager.
/*
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20070531"
+#define MAIL_RELEASE_DATE "20070613"
#define MAIL_VERSION_NUMBER "2.5"
#ifdef SNAPSHOT
return (milter->state = MILTER8_STAT_ERROR);
}
+/* milter8_edit_error - local message/envelope edit error */
+
+static void milter8_edit_error(MILTER8 *milter, const char *reply)
+{
+
+ /*
+ * Close the socket so that we don't receive later Milter replies while
+ * we're handling the next email message. Set the Milter handle state to
+ * ERROR, i.e. don't report further MTA events via this handle. We don't
+ * want surprises when this code gets reused for a protocol that allows
+ * envelope or header updates before the end-of-body MTA event.
+ */
+ if (milter->fp != 0) {
+ (void) vstream_fclose(milter->fp);
+ milter->fp = 0;
+ }
+ milter8_def_reply(milter, reply);
+ milter->state = MILTER8_STAT_ERROR;
+}
+
/* milter8_close_stream - close stream to milter application */
static void milter8_close_stream(MILTER8 *milter)
msg_info("reply: %s data %ld bytes",
(smfir_name = str_name_code(smfir_table, cmd)) != 0 ?
smfir_name : "unknown", (long) data_size);
+
+ /*
+ * Handle unfinished message body replacement first.
+ */
+ if (body_line_buf != 0 && cmd != SMFIR_REPLBODY) {
+ /* In case the last body replacement line didn't end in CRLF. */
+ if (LEN(body_line_buf) > 0)
+ edit_resp = parent->repl_body(parent->chg_context,
+ MILTER_BODY_LINE,
+ body_line_buf);
+ if (edit_resp == 0)
+ edit_resp = parent->repl_body(parent->chg_context,
+ MILTER_BODY_END,
+ (VSTRING *) 0);
+ if (edit_resp) {
+ milter8_edit_error(milter, edit_resp);
+ MILTER8_EVENT_BREAK(milter->def_reply);
+ }
+ vstring_free(body_line_buf);
+ body_line_buf = 0;
+ }
switch (cmd) {
/*
edit_resp = parent->del_header(parent->chg_context,
(ssize_t) index,
STR(milter->buf));
- if (edit_resp)
- MILTER8_EVENT_BREAK(edit_resp);
+ if (edit_resp) {
+ milter8_edit_error(milter, edit_resp);
+ MILTER8_EVENT_BREAK(milter->def_reply);
+ }
continue;
#endif
edit_resp = parent->add_header(parent->chg_context,
STR(milter->buf),
STR(milter->body));
- if (edit_resp)
- MILTER8_EVENT_BREAK(edit_resp);
+ if (edit_resp) {
+ milter8_edit_error(milter, edit_resp);
+ MILTER8_EVENT_BREAK(milter->def_reply);
+ }
continue;
/*
(ssize_t) index + 1,
STR(milter->buf),
STR(milter->body));
- if (edit_resp)
- MILTER8_EVENT_BREAK(edit_resp);
+ if (edit_resp) {
+ milter8_edit_error(milter, edit_resp);
+ MILTER8_EVENT_BREAK(milter->def_reply);
+ }
continue;
#endif
MILTER8_EVENT_BREAK(milter->def_reply);
edit_resp = parent->add_rcpt(parent->chg_context,
STR(milter->buf));
- if (edit_resp)
- MILTER8_EVENT_BREAK(edit_resp);
+ if (edit_resp) {
+ milter8_edit_error(milter, edit_resp);
+ MILTER8_EVENT_BREAK(milter->def_reply);
+ }
continue;
/*
MILTER8_EVENT_BREAK(milter->def_reply);
edit_resp = parent->del_rcpt(parent->chg_context,
STR(milter->buf));
- if (edit_resp)
- MILTER8_EVENT_BREAK(edit_resp);
+ if (edit_resp) {
+ milter8_edit_error(milter, edit_resp);
+ MILTER8_EVENT_BREAK(milter->def_reply);
+ }
continue;
/*
VSTRING_ADDCH(body_line_buf, ch);
}
}
+ if (edit_resp) {
+ milter8_edit_error(milter, edit_resp);
+ MILTER8_EVENT_BREAK(milter->def_reply);
+ }
continue;
}
}
}
/*
- * Finish message body replacement.
+ * Clean up after aborted message body replacement.
*/
- if (body_line_buf != 0) {
- if (edit_resp == 0) {
- /* In case the last body replacement line didn't end in CRLF. */
- if (LEN(body_line_buf) > 0)
- edit_resp = parent->repl_body(parent->chg_context,
- MILTER_BODY_LINE,
- body_line_buf);
- if (edit_resp == 0)
- edit_resp = parent->repl_body(parent->chg_context,
- MILTER_BODY_END,
- (VSTRING *) 0);
- }
+ if (body_line_buf)
vstring_free(body_line_buf);
- /*
- * Override a non-reject/discard result value after body replacement
- * failure.
- *
- * XXX Some cleanup clients ask the cleanup server to bounce mail for
- * them. In that case we must override a hard reject retval result
- * after queue file update failure. This is not a big problem; the
- * odds are small that a Milter application sends a hard reject after
- * replacing the message body.
- */
- if (edit_resp && (retval == 0 || strchr("DS4", retval[0]) == 0))
- retval = edit_resp;
- }
return (retval);
}
static sfsistat test_eom(SMFICTX *ctx)
{
printf("test_eom\n");
-#ifdef SMFIR_INSHEADER
- if (ins_hdr && smfi_insheader(ctx, ins_idx, ins_hdr, ins_val) == MI_FAILURE)
- fprintf(stderr, "smfi_insheader failed");
-#endif
-#ifdef SMFIR_CHGHEADER
- if (chg_hdr && smfi_chgheader(ctx, chg_hdr, chg_idx, chg_val) == MI_FAILURE)
- fprintf(stderr, "smfi_chgheader failed");
-#endif
#ifdef SMFIR_REPLBODY
if (body_file) {
char buf[BUFSIZ + 2];
(void) fclose(fp);
}
}
+#endif
+#ifdef SMFIR_INSHEADER
+ if (ins_hdr && smfi_insheader(ctx, ins_idx, ins_hdr, ins_val) == MI_FAILURE)
+ fprintf(stderr, "smfi_insheader failed");
+#endif
+#ifdef SMFIR_CHGHEADER
+ if (chg_hdr && smfi_chgheader(ctx, chg_hdr, chg_idx, chg_val) == MI_FAILURE)
+ fprintf(stderr, "smfi_chgheader failed");
#endif
return (test_reply(ctx, test_eom_reply));
}
if (attr->gid == var_owner_gid)
msg_fatal("user= command-line attribute specifies mail system owner %s group id %ld",
var_mail_owner, (long) attr->gid);
+ if (attr->gid == var_sgid_gid)
+ msg_fatal("user= command-line attribute specifies mail system %s group id %ld",
+ var_sgid_group, (long) attr->gid);
/*
* Give the poor tester a clue of what is going on.
projects / thirdparty / postfix.git / commitdiff
