snapshot-20000104

diff --git a/postfix/HISTORY b/postfix/HISTORY
index 147acda81ac13077b3bd8f054ffd484a4e2c3a12..b2ede1bab6af26bbc2a32311602e3f051cd62b31 100644 (file)
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -3515,3 +3515,31 @@ Apologies for any names omitted.
        to enable LMTP delivery over UNIX-domain sockets. The goal
        is to simplify the experimental LMTP delivery agent by
        ripping out the privileged code that forks the LMTP server.
+
+20000102
+
+       Clarified documentation after early feedback on the 19991231
+       release by Drew Derbyshire, Ollivier Robert, Khetan Gajjar.
+
+       Sanity check: a common error is to list Postfix virtual
+       domains in the mydestination parameter. This causes the
+       new optional local_recipient_maps feature to reject mail
+       for virtual users.  The SMTP server now explicitly tests
+       for this common error and logs a warning instead of refusing
+       the mail.  File:  smtpd/smtpd_check.c.
+
+20000104
+
+       Bugfix: a case sensitivity bug had slipped through in the
+       anti-relaying code, causing mail for USER@VIRTUAL.DOMAIN
+       to be rejected with "relay access denied". This was found
+       by Jim Maenpaa @ jmm.com.
+
+       Questionable feature: set "smtp_skip_5xx_greeting = yes"
+       to make Postfix more sendmail compatible, even though this
+       is wrong, IMNSHO. File: smtp/smtp_connect.c.
+
+       Portability: Ultrix patch from Simon Burge @ thistledown.com.au.
+
+       Portability: Siemens Pyramid (dcosx) patch by Thomas D.
+       Knox @ vushta.com.

diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES
index 02eb24fa98b9eccaf80f1f20e35448e127e0fd93..29ee8f20be38eb9f31269f8e94239278a283e716 100644 (file)
--- a/postfix/RELEASE_NOTES
+++ b/postfix/RELEASE_NOTES
@@ -1,3 +1,14 @@
+Incompatible changes with snapshot-20000104
+===========================================
+
+None sofar.
+
+Major changes with snapshot-20000104
+====================================
+
+Questionable feature: with "smtp_skip_5xx_greeting = yes", Postfix
+emulates brain damage found in some other MTAs.
+
 Incompatible changes with postfix-19991231:
 ===========================================
 
@@ -76,10 +87,10 @@ installation can be done without write access to the build tree.
 - The SMTP server now rejects mail for unknown users in virtual
 domains that are defined by Postfix virtual maps.
 
-- The SMTP server optionally rejects mail for unknown local users.
-Use "local_recipient_maps = $alias_maps, unix:passwd.byname" if
-your local mail is delivered by a UNIX-style local delivery agent.
-See example in conf/main.cf.
+- The SMTP server can reject mail for unknown local users.  Specify
+"local_recipient_maps = $relocated_maps, $alias_maps, unix:passwd.byname"
+if your local mail is delivered by a UNIX-style local delivery
+agent.  See example in conf/main.cf.
 
 - Use "disable_vrfy_command = yes" to disable the SMTP VRFY command.
 This prevents some forms of address harvesting.

diff --git a/postfix/conf/access b/postfix/conf/access
index f4ca6ea3196283731665370a0c784cb2a4cb38c2..ba45f0d2e9ad4e8f9b6e575990a87c95ea6b134f 100644 (file)
--- a/postfix/conf/access
+++ b/postfix/conf/access
@@ -10,12 +10,21 @@
 #      to selectively reject or accept mail from or to specific hosts,
 #      domains, networks, host addresses or mail addresses.
 #
-#      The table serves as input to the \fBpostmap\fR(1) command. The
-#      result, an indexed file in \fBdbm\fR or \fBdb\fR format,
+#      Normally, the table serves as input to the \fBpostmap\fR(1) command.
+#      The result, an indexed file in \fBdbm\fR or \fBdb\fR format,
 #      is used for fast searching by the mail system. After an update
 #      it may take a minute or so before the change becomes visible.
 #      Issue a \fBpostfix reload\fR command to eliminate the delay.
 #
+#      When the table is provided via other means such as NIS, LDAP
+#      or SQL, the same lookups are done as for ordinary indexed files.
+#
+#      Alternatively, the table can be provided as a regular-expression
+#      map where patterns are given as regular expressions. In that case,
+#      the lookups are done in a slightly different way as described below.
+# TABLE FORMAT
+# .ad
+# .fi
 #      The format of the access table is as follows:
 # .IP "blanks and comments"
 #      Blank lines are ignored, as are lines beginning with `#'.
@@ -23,14 +32,15 @@
 #      When \fIpattern\fR matches a mail address, domain or host address,
 #      perform the corresponding \fIaction\fR.
 # PATTERNS
-#      Patterns are tried in the order as listed below:
 # .ad
 # .fi
+#      With lookups from indexed files, patterns are tried in the order as
+#      listed below:
 # .IP \fIuser\fR@\fIdomain\fR
 #      Matches the specified mail address.
 # .IP \fIdomain.name\fR
-#      Matches the \fIdomain.name\fR itself and any subdomain thereof, 
-#      either in hostnames or in mail addresses. Top-level domains will 
+#      Matches the \fIdomain.name\fR itself and any subdomain thereof,
+#      either in hostnames or in mail addresses. Top-level domains will
 #      never be matched.
 # .IP \fIuser\fR@
 #      Matches all mail addresses with the specified user part.
@@ -52,11 +62,34 @@
 # .IP \fBOK\fR
 # .IP "\fIAny other text\fR"
 #      Accept the address etc. that matches the pattern.
+# REGULAR EXPRESSION TABLES
+# .ad
+# .fi
+#      This section describes how the table lookups change when the table
+#      is given in the form of regular expressions. For a description of
+#      regular expression lookup table syntax, see \fBregexp_table\fR(5)
+#      or \fBpcre_table\fR(5).
+#
+#      Patterns become regular expressions that are applied to the entire
+#      string being looked up. Depending on the application, that string
+#      is an entire client hostname, an entire client IP address, or an
+#      entire mail address.
+#
+#      In contrast to the normal lookups from indexed files, no parent
+#      domain or network search is done, and \fIuser@domain\fR mail
+#      addresses are not broken up into their \fIuser@\fR and \fIdomain\fR
+#      constituent parts.
+#
+#      Actions are the same as with normal indexed file lookups, with
+#      the additional feature that parenthesized substrings from the
+#      pattern can be interpolated as \fB$1\fR, \fB$2\fR and so on.
 # BUGS
 #      The table format does not understand quoting conventions.
 # SEE ALSO
 #      postmap(1) create mapping table
 #      smtpd(8) smtp server
+#      pcre_table(5) format of PCRE tables
+#      regexp_table(5) format of POSIX regexp tables
 # LICENSE
 # .ad
 # .fi

diff --git a/postfix/conf/main.cf b/postfix/conf/main.cf
index 538eb04e9d4a1fa67981a938436e9406f58203b0..0eeb4e4b09da0ee9768ee2b0397b44e940f73508 100644 (file)
--- a/postfix/conf/main.cf
+++ b/postfix/conf/main.cf
@@ -125,7 +125,10 @@ mail_owner = postfix
 # Beware: if the Postfix SMTP server runs chrooted, you may have to
 # copy the passwd database into the jail. This is system dependent.
 #
-#local_recipient_maps = $alias_maps unix:passwd.byname
+# FOR THIS TO WORK, DO NOT SPECIFY VIRTUAL DOMAINS IN MYDESTINATION.
+# MYDESTINATION MUST LIST NON-VIRTUAL DOMAINS ONLY.
+#
+#local_recipient_maps = $relocated_maps $alias_maps unix:passwd.byname
 
 # ADDRESS REWRITING
 #

diff --git a/postfix/global/mail_params.h b/postfix/global/mail_params.h
index d01ad59777868e7a8fb192b0c918401a7066f6d2..508acbf02a2f6c1c944ca4150f197770aa0a8998 100644 (file)
--- a/postfix/global/mail_params.h
+++ b/postfix/global/mail_params.h
@@ -576,6 +576,10 @@ extern int var_smtp_quit_tmout;
 #define DEF_SMTP_SKIP_4XX      0
 extern bool var_smtp_skip_4xx_greeting;
 
+#define VAR_SMTP_SKIP_5XX      "smtp_skip_5xx_greeting"
+#define DEF_SMTP_SKIP_5XX      0
+extern bool var_smtp_skip_5xx_greeting;
+
 #define VAR_IGN_MX_LOOKUP_ERR  "ignore_mx_lookup_error"
 #define DEF_IGN_MX_LOOKUP_ERR  0
 extern bool var_ign_mx_lookup_err;

diff --git a/postfix/global/mail_version.h b/postfix/global/mail_version.h
index 9bce34df4dda123e39fd3c3aa22a569b29d2254a..dc50b79d469722db710e875a827f6df532d49416 100644 (file)
--- a/postfix/global/mail_version.h
+++ b/postfix/global/mail_version.h
@@ -15,7 +15,7 @@
   * Version of this program.
   */
 #define VAR_MAIL_VERSION       "mail_version"
-#define DEF_MAIL_VERSION       "Postfix-19991231"
+#define DEF_MAIL_VERSION       "Snapshot-20000104"
 extern char *var_mail_version;
 
 /* LICENSE

diff --git a/postfix/html/faq.html b/postfix/html/faq.html
index fd4cce913e3f8efafc97c7d6f774d73b8a81e2d1..50bfd4f294d264d1ce635f47b5b08354d65a3b6e 100644 (file)
--- a/postfix/html/faq.html
+++ b/postfix/html/faq.html
@@ -28,9 +28,9 @@
 
 <li><a href="#relaying">Mail relaying</a>
 
-<li><a href="#remote_delivery">Delivery to remote systems</a>
+<li><a href="#remote_delivery">Remote delivery</a>
 
-<li><a href="#local_delivery">Delivery to local (non-virtual) addresses</a>
+<li><a href="#local_delivery">Local (non-virtual) delivery</a>
 
 <li><a href="#mailing_lists">Mailing lists</a>
 
@@ -87,6 +87,8 @@ distribution list</a>
 
 <li><a href="#majordomo-approve">Postfix breaks the majordomo "approve" command</a>
 
+<li><a href="#skip_greeting">Postfix does not try all the MX addresses</a>
+
 </ul>
 
 <a name="relaying"><h3>Mail relaying</h3>
@@ -97,22 +99,24 @@ distribution list</a>
 
 <li><a href="#mobile">Relaying mail for mobile users</a>
 
-<li><a href="#relay_virtual">Postfix refuses to receive mail for some
-virtual domains</a>
+<li><a href="#virtual_setup">Postfix refuses mail for virtual
+domains with "relay access denied"</a>
 
 <li><a href="#relay_restrict">Restricting what users can send mail to off-site destinations</a>
 
 </ul>
 
-<a name="remote_delivery"><h3>Delivery to remote systems</h3>
+<a name="remote_delivery"><h3>Remote delivery</h3>
 
 <ul>
 
 <li><a href="#timeouts">Mail fails consistently with timeout or lost connection</a>
 
+<li><a href="#skip_greeting">Postfix does not try all the MX addresses</a>
+
 </ul>
 
-<a name="local_delivery"><h3>Delivery to local (non-virtual) addresses</h3>
+<a name="local_delivery"><h3>Local (non-virtual) delivery</h3>
 
 <ul>
 
@@ -155,12 +159,24 @@ distribution list</a>
 
 <ul>
 
-<li><a href="#command">Commands don't work in Postfix virtual maps</a>
+<li><a href="#virtual_setup">How to configure a Postfix virtual domain</a>
+
+<li><a href="#virtual_setup">Postfix does not refuse mail for
+unknown virtual users</a>
+
+<li><a href="#virtual_setup">Mail for unknown virtual users fails
+with "mail loops back to myself"</a>
 
-<li><a href="#unknown_virtual">Rejecting mail for unknown virtual users</a>
+<li><a href="#virtual_setup">Postfix refuses mail for virtual
+domains with "user unknown"</a>
 
-<li><a href="#relay_virtual">Postfix refuses to receive mail for some
-virtual domains</a>
+<li><a href="#virtual_setup">Postfix refuses mail for virtual
+domains with "relay access denied"</a>
+
+<li><a href="#command">Commands don't work in Postfix virtual maps</a>
+
+<li><a href="#domain_mailbox">Receiving a virtual domain in a
+mailbox</a>
 
 </ul>
 
@@ -200,7 +216,7 @@ virtual domains</a>
 
 <li><a href="#dbm_dirfno">Undefined symbols: dbm_pagfno, dbm_dirfno etc.</a>
 
-<li><a href="#db">Using DB libraries on Solaris etc.</a>
+<li><a href="#db">Using third-party DB libraries</a>
 
 </ul>
 
@@ -234,7 +250,7 @@ needs tweaking only if you have a very slow or a very fast net/machine.
 
 Workstation:
 <pre>
-    <b>/etc/postfix/main.cf</b>:
+    /etc/postfix/main.cf:
         myorigin = $mydomain
 </pre>
 
@@ -242,7 +258,7 @@ Workstation:
 
 Server:
 <pre>
-    <b>/etc/postfix/main.cf</b>:
+    /etc/postfix/main.cf:
         myorigin = $mydomain
         mydestination = $myhostname, localhost.$mydomain, $mydomain
 </pre>
@@ -259,7 +275,7 @@ workstation:
 
 Server:
 <pre>
-    <b>/etc/aliases</b>:
+    /etc/aliases:
         joe:    joe@joes.workstation
         jane:   jane@janes.workstation
 </pre>
@@ -287,11 +303,11 @@ domain.
 <p>
 
 <pre>
-    <b>/etc/postfix/main.cf</b>:
+    /etc/postfix/main.cf:
         myorigin = $mydomain
         relayhost = $mydomain
 
-    <b>/etc/postfix/master.cf</b>:
+    /etc/postfix/master.cf:
         Comment out the SMTP server entry
         Comment out the local delivery agent entry
 </pre>
@@ -318,7 +334,7 @@ to let that mail gateway take care of forwarding.
 because it allows users to change machines without hassle.
 
 <pre>
-    <b>/etc/postfix/main.cf</b>:
+    /etc/postfix/main.cf:
         myorigin = $mydomain
 </pre>
 
@@ -330,7 +346,7 @@ for mail for the local machine:
 <p>
 
 <pre>
-    <b>/etc/postfix/main.cf</b>:
+    /etc/postfix/main.cf:
         relayhost = $mydomain
 </pre>
 
@@ -347,7 +363,7 @@ specify the intranet mail gateway host itself:
 <p>
 
 <pre>
-    <b>/etc/postfix/main.cf</b>:
+    /etc/postfix/main.cf:
         relayhost = host.my.domain
 </pre>
 
@@ -359,7 +375,7 @@ DNS lookups as well:
 <p>
 
 <pre>
-    <b>/etc/postfix/main.cf</b>:
+    /etc/postfix/main.cf:
         disable_dns_lookups = yes
 </pre>
 
@@ -378,13 +394,13 @@ href="transport.5.html">transport</a> table lookups.
 <p>
 
 <pre>
-    <b>/etc/postfix/transport</b>:
+    /etc/postfix/transport:
         my.domain               smtp:
         .my.domain              smtp:
-        thishost.my.domain      local:        <blink>!important!</blink>
-        localhost.my.domain     local:        <blink>!important!</blink>
+        thishost.my.domain      local:        !!!important!!!
+        localhost.my.domain     local:        !!!important!!!
 
-    <b>/etc/postfix/main.cf</b>:
+    /etc/postfix/main.cf:
         transport_maps = hash:/etc/postfix/transport
 </pre>
 
@@ -395,8 +411,9 @@ else mail will bounce with a "mail loops to myself" condition.
 
 <p>
 
-Specify <b>dbm:/etc/postfix/transport</b> if your system
-uses <b>dbm</b> files instead of <b>db</b>.
+Specify <b>dbm:/etc/postfix/transport</b> if your system uses
+<b>dbm</b> files instead of <b>db</b>. To find out what map types
+Postfix supports, use the command <b>postconf -m</b>.
 
 <p>
 
@@ -438,23 +455,24 @@ route mail for <i>my.domain</i> to the inside machine:
 <p>
 
 <pre>
-<b>/etc/postfix/main.cf</b>:
+/etc/postfix/main.cf:
     mydestination = $myhostname, my.domain, localhost.my.domain
     relay_domains =
     transport_maps = hash:/etc/postfix/transport
 
-<b>/etc/postfix/transport</b>:
+/etc/postfix/transport:
     my.domain   smtp:inside-gateway.my.domain   (forwards user@domain)
     .my.domain  smtp:inside-gateway.my.domain   (forwards user@firewall)
 
-<b>/etc/postfix/master.cf</b>:
+/etc/postfix/master.cf:
     Comment out the local delivery agent
 </pre>
 
 <p>
 
-Specify <b>dbm:/etc/postfix/transport</b> if your system uses <b>dbm</b>
-files instead of <b>db</b>.
+Specify <b>dbm:/etc/postfix/transport</b> if your system uses
+<b>dbm</b> files instead of <b>db</b>. To find out what map types
+Postfix supports, use the command <b>postconf -m</b>.
 
 <p>
 
@@ -498,7 +516,7 @@ that is connected all the time.
 <p>
 
 <pre>
-    <b>/etc/postfix/main.cf:</b>
+    /etc/postfix/main.cf:
         relayhost = smtprelay.someprovider.com
 </pre>
 
@@ -518,7 +536,7 @@ calls from being placed, disable spontaneous SMTP mail deliveries.
 <p>
 
 <pre>
-    <b>/etc/postfix/main.cf:</b>
+    /etc/postfix/main.cf:
         defer_transports = smtp (Only for systems that use on-demand dialup IP)
 </pre>
 
@@ -537,7 +555,7 @@ To prevent these delays, disable all SMTP client DNS lookups.
 <p>
 
 <pre>
-    <b>/etc/postfix/main.cf</b>:
+    /etc/postfix/main.cf:
         disable_dns_lookups = yes (Only for delivery across LANs that are disconnected most of the time)
 </pre>
 
@@ -644,7 +662,7 @@ four hours, specify:
 <p>
 
 <pre>
-    <b>/etc/postfix/main.cf</b>
+    /etc/postfix/main.cf:
        delay_warning_time = 4
 </pre>
 
@@ -731,6 +749,8 @@ mail for arbitrary non-local destinations:
 <p>
 
 Don't Panic!  Upgrade to a Postfix version of 19991227 or later.
+To find out what Postfix version you have, execute the command
+<b>postconf mail_version</b>.
 
 <p>
 
@@ -816,12 +836,12 @@ ahead of the other SMTPD recipient restrictions:
 <p>
 
 <pre>
-    <b>/etc/postfix/main.cf</b>:
+    /etc/postfix/main.cf:
         smtpd_recipient_restrictions = 
            regexp:/etc/postfix/regexp_access
-           <i>...other restrictions...</i>
+           ...other restrictions...
 
-    <b>/etc/postfix/regexp_access</b>:
+    /etc/postfix/regexp_access:
         /[%!@].*[%!@]/ 550 Sender specified routing is not supported here.
 </pre>
 
@@ -858,13 +878,13 @@ a Postfix-compatible access table with client IP address information:
 <p>
 
 <pre>
-    <b>/etc/postfix/main.cf</b>:
+    /etc/postfix/main.cf:
         smtpd_recipient_restrictions =
             permit_mynetworks
             check_client_access hash:/etc/postfix/client_access
             check_relay_domains
 
-    <b>/etc/postfix/client_access</b>:
+    /etc/postfix/client_access:
         4.3.2.1         OK
         5.4.3.2         987654321
 </pre>
@@ -872,7 +892,8 @@ a Postfix-compatible access table with client IP address information:
 <p>
 
 Specify <B>dbm</b> instead of <b>hash</b> if your system uses
-<b>dbm</b> files instead of <b>db</b> files.
+<b>dbm</b> files instead of <b>db</b> files. To find out what map
+types Postfix supports, use the command <b>postconf -m</b>.
 
 <p>
 
@@ -893,18 +914,18 @@ spammer ever finds out the address of your users.
 <p>
 
 <pre>
-    <b>/etc/postfix/main.cf</b>:
+    /etc/postfix/main.cf:
         smtpd_recipient_restrictions =
             permit_mynetworks
             check_client_access hash:/etc/postfix/client_access
             check_sender_access hash:/etc/postfix/sender_access
             check_relay_domains
 
-    <b>/etc/postfix/client_access</b>:
+    /etc/postfix/client_access:
         11.22.33                OK
         dialup.isp.com          OK
 
-    <b>/etc/postfix/sender_access</b>:
+    /etc/postfix/sender_access:
         joe@my.domain           OK
         blow@my.domain          OK
 </pre>
@@ -955,7 +976,7 @@ LDAP or SQL.
 <p>
 
 <pre>
-    <b>/etc/postfix/main.cf</b>:
+    /etc/postfix/main.cf:
         smtpd_recipient_restrictions =
             hash:/etc/postfix/restricted_senders
             ...other stuff...
@@ -963,11 +984,11 @@ LDAP or SQL.
         restriction_classes = local_only
         local_only = check_recipient_access hash:/etc/postfix/local_domains, reject
 
-    <b>/etc/postfix/restricted_senders</b>:
+    /etc/postfix/restricted_senders:
         foo@domain      local_only
         bar@domain      local_only
 
-    <b>/etc/postfix/local_domains</b>:
+    /etc/postfix/local_domains:
         this.domain     OK      (matches this.domain and subdomains)
         that.domain     OK      (matches that.domain and subdomains)
 </pre>
@@ -975,7 +996,8 @@ LDAP or SQL.
 <p>
 
 Specify <B>dbm</b> instead of <b>hash</b> if your system uses
-<b>dbm</b> files instead of <b>db</b> files.
+<b>dbm</b> files instead of <b>db</b> files. To find out what map
+types Postfix supports, use the command <b>postconf -m</b>.
 
 <p>
 
@@ -1077,6 +1099,66 @@ and convince the person responsible for it to fix the configuration.
 
 <hr>
 
+<a name="skip_greeting"><h3>Postfix does not try all the MX
+addresses</h3>
+
+When delivering mail, Postfix tries all MX addresses in order of
+preference, and stops at the first server that speaks SMTP.
+
+<p>
+
+If the first server that speaks SMTP rejects the connection by
+greeting the client with a 5xx status code, which means "I will
+never accept your mail", Postfix gives up and bounces the message
+to the sender.
+
+<p>
+
+If the first server that speaks SMTP rejects the connection by
+greeting the client with a 4xx status code, which means "come back
+later", Postfix backs off and defers delivery until later.
+
+<p>
+
+Some people will argue that Postfix should contact the other MX
+addresses even when the server greets with 4xx or 5xx, if only
+because that is what Sendmail does, and of course we know that
+everything Sendmail does is right.
+
+<p>
+
+Unfortunately, some people configure their infrastructure badly.
+Their most preferred MX server is visible to the world but it
+rejects connections from outside with a 5xx or 4xx greeting. Just
+because Sendmail goes to the second-best MX server, these people
+assume that every mailer will do so.
+
+<p>
+
+If such configurations are a problem for you, below are some controls
+that work around them.
+
+<p>
+
+<pre>
+    /etc/postfix/main.cf:
+       smtp_skip_4xx_greeting = yes
+       smtp_skip_5xx_greeting = yes
+</pre>
+
+<p>
+
+The <b>smtp_skip_5xx_greeting</b> is present in Postfix releases
+later than 20000104. To find out what Postfix version you have,
+use the command <b>postconf mail_version</b>.
+
+<p>
+
+Execute the command <b>postfix reload</b> to make the change
+effective immediately.
+
+<hr>
+
 <a name="root"> <h3>Root's mail is delivered to nobody</h3>
 
 If you use <a href="#procmail">procmail</a> (or some other command)
@@ -1101,7 +1183,7 @@ real user.
 <p>
 
 <pre>
-<b>/etc/aliases:</b>
+/etc/aliases:
     root:       you
 </pre>
 
@@ -1122,12 +1204,17 @@ To find out the location for your system, execute the command
 
 <a name="bogus"><h3>Postfix accepts mail for non-existing local users</h3>
 
-The information in this section applies to Postfix versions 19991216
-and later. See elsewhere for <a href="#unknown_virtual">unknown
+See elsewhere for how to reject mail for <a href="#virtual_setup">unknown
 virtual</a> users.
 
 <p>
 
+The information in this section applies to Postfix versions 19991216
+and later.  To find out what Postfix version you have, execute the
+command <b>postconf mail_version</b>.
+
+<p>
+
 By default, the Postfix SMTP server does not know what local users
 exist, and will happily accept mail for <i>unknown@your.site</i>.
 The reason is that different local delivery agents have different
@@ -1139,27 +1226,31 @@ Of course mail for a non-existent local user will eventually bounce
 as undeliverable, but why accept such mail in the first place? You
 can tell the Postfix SMTP server how to find out if a user exists by
 listing all tables with local addresses in the <b>local_recipient_maps</b>
-parameter:
+parameter. 
+
+<p>
+
+For example, if you use the default Postfix local delivery agent
+in <b>/etc/postfix/master.cf</b>, specify:
 
 <p>
 
 <pre>
-    <b>/etc/postfix/main.cf</b>:
-       local_recipient_maps = $alias_maps, unix:passwd.byname
+    /etc/postfix/main.cf:
+       local_recipient_maps = $relocated_maps $alias_maps, unix:passwd.byname
 </pre>
 
 <p>
 
-The above should work on UNIX systems, provided that you use the
-Postfix local delivery agent. However, if you run the Postfix SMTP
-server chrooted, on some systems it will be necessary to have a
-copy of the passwd file inside the chroot jail (typically: in
-<b>/var/spool/postfix/etc</b>).
+However, if you run the Postfix SMTP server chrooted, on some
+systems it will be necessary to have a copy of the passwd file
+inside the chroot jail (typically: in <b>/var/spool/postfix/etc</b>).
+The only way to find out is to try.
 
 <p>
 
 By default, the Postfix SMTP server does know about Postfix <a
-href="virtual.5.html">virtual</a> maps, and will reject mail for
+href="#virtual_setup">virtual</a> maps, and will reject mail for
 <i>unknown@virtual.domain</i> without further configuration.
 
 <hr>
@@ -1175,7 +1266,7 @@ domain is to be appended to addresses that do not have a domain:
 <p>
 
 <pre>
-<b>/etc/postfix/main.cf</b>:
+/etc/postfix/main.cf:
     myorigin = domain.name
 </pre>
 
@@ -1188,10 +1279,10 @@ destinations:
 <p>
 
 <pre>
-<b>/etc/postfix/main.cf</b>:
+/etc/postfix/main.cf:
     virtual_maps = hash:/etc/postfix/virtual
 
-<b>/etc/postfix/virtual</b>:
+/etc/postfix/virtual:
     root        root@localhost
     postmaster  postmaster@localhost
 </pre>
@@ -1199,7 +1290,8 @@ destinations:
 <p>
 
 Specify <B>dbm</b> instead of <b>hash</b> if your system uses
-<b>dbm</b> files instead of <b>db</b> files.
+<b>dbm</b> files instead of <b>db</b> files. To find out what map
+types Postfix supports, use the command <b>postconf -m</b>.
 
 <p>
 
@@ -1225,7 +1317,7 @@ for example:
 <p>
 
 <pre>
-    <b>/etc/postfix/main.cf</b>:
+    /etc/postfix/main.cf:
         home_mailbox = Maildir/
 </pre>
 
@@ -1259,10 +1351,10 @@ For example:
 <p>
 
 <pre>
-    <b>/etc/postfix/main.cf</b>:
+    /etc/postfix/main.cf:
         mailbox_command = /path/to/procmail
 
-    <b>/etc/postfix/main.cf</b>:
+    /etc/postfix/main.cf:
         mailbox_command = /path/to/procmail -a $EXTENSION
 </pre>
 
@@ -1351,29 +1443,16 @@ expression-based filter at the SMTP port:
 
 <p>
 
-<dl>
-
-<dt><b>/etc/postfix/main.cf:</b>
-
-<dl>
-
-<dt><tt>smtpd_recipient_restrictions = ... regexp:/etc/postfix/access_regexp ...</tt>
-
-<dt><tt>smtpd_recipient_restrictions = ... pcre:/etc/postfix/access_regexp ...</tt>
-
-</dl>
-
-<p>
-
-<dt><b>/etc/postfix/access_regexp:</b>
-
-<dl>
-
-<dt><tt>/^(.*)-outgoing@(.*)/   554 Use $1@$2 instead</tt>
-
-</dl>
-
-</dl>
+<pre>
+    /etc/postfix/main.cf:
+       smtpd_recipient_restrictions = 
+           ... regexp:/etc/postfix/access_regexp ...
+       smtpd_recipient_restrictions = 
+           ... pcre:/etc/postfix/access_regexp ...
+
+    /etc/postfix/access_regexp:
+       /^(.*)-outgoing@(.*)/   554 Use $1@$2 instead
+</pre>
 
 <p>
 
@@ -1418,11 +1497,10 @@ script to strip any header lines that match:
 
 <p>
 
-<dl>
-
-<dd><b>/delivered-to/i</b>
+<pre>
+    /delivered-to/i
 
-</dl>
+</pre>
 
 <p>
 
@@ -1456,19 +1534,20 @@ to IP spoofing.
 <p>
 
 <pre>
-    <b>/etc/postfix/main.cf</b>:
+    /etc/postfix/main.cf:
         smtpd_recipient_restrictions =
             hash:/etc/postfix/access
             ..the usual stuff...
 
-    <b>/etc/postfix/access</b>:
+    /etc/postfix/access:
         all     permit_mynetworks,reject
 </pre>
 
 <p>
 
 Specify <B>dbm</b> instead of <b>hash</b> if your system uses
-<b>dbm</b> files instead of <b>db</b> files.
+<b>dbm</b> files instead of <b>db</b> files. To find out what map
+types Postfix supports, use the command <b>postconf -m</b>.
 
 <p>
 
@@ -1492,7 +1571,7 @@ therefore is subject to SMTP sender spoofing.
 <p>
 
 <pre>
-    <b>/etc/postfix/main.cf</b>:
+    /etc/postfix/main.cf:
         smtpd_recipient_restrictions =
             hash:/etc/postfix/protected_destinations
             ..the usual stuff...
@@ -1500,11 +1579,11 @@ therefore is subject to SMTP sender spoofing.
         smtpd_restriction_classes = insiders_only
         insiders_only = check_sender_access hash:/etc/postfix/insiders, reject
 
-    <b>/etc/postfix/protected_destinations</b>:
+    /etc/postfix/protected_destinations:
         all@my.domain   insiders_only
         all@my.hostname insiders_only
 
-    <b>/etc/postfix/insiders</b>:
+    /etc/postfix/insiders:
         my.domain       OK
         another.domain  OK
 </pre>
@@ -1527,6 +1606,67 @@ sense to make it moderated.
 
 <hr>
 
+<a name="virtual_setup"><h3>How to configure a Postfix virtual domain</h3>
+
+Problem:
+
+<p> 
+
+<ul>
+
+<li>Postfix does not refuse mail for unknown virtual users.
+
+<li>Mail for unknown virtual users fails with "mail loops back to
+myself".
+
+<li>Postfix refuses mail for virtual domains with "user unknown".
+
+<li>Postfix refuses mail for virtual domains with "relay access
+denied".
+
+</ul>
+
+<p>
+
+Solution:
+
+<p>
+
+<ul>
+
+<li> Add a magical entry to the Postfix virtual maps for
+each Postfix virtual domain:
+
+<p>
+
+<pre>
+    /etc/postfix/virtual:
+        virtual.domain whatever
+</pre>
+
+<p>
+
+<li> Do not list Postfix virtual domains in the <a
+href="basic.html#mydestination">mydestination</a> parameter.
+
+<li> Do not list Postfix virtual maps in the <b>local_recipient_maps</b>
+parameter.
+
+<li>As of Postfix version 19991226 it is no longer necessary to
+specify virtual maps in the <a
+href="uce.html#relay_domains">relay_domains</a> parameter.  To find
+out what Postfix version you have, execute the command <b>postconf
+mail_version</b>.
+
+</ul>
+
+<p>
+
+For more information on how to set up virtual domains, see the <a
+href="virtual.5.html">virtual</a> manual page.
+
+<hr>
+
 <a name="command"><h3>Commands don't work in Postfix virtual maps</h3>
 
 Delivering mail to a command is a security-sensitive operation,
@@ -1556,7 +1696,7 @@ privileges.
 <p>
 
 <pre>
-    <b>/etc/aliases</b>:
+    /etc/aliases:
         name-virtual.domain     "|/some/where/command..."
 </pre>
 
@@ -1572,7 +1712,7 @@ alias database.
 <p>
 
 <pre>
-    <b>/etc/postfix/virtual</b>:
+    /etc/postfix/virtual:
         virtual.domain          whatever
         name@virtual.domain     name-virtual.domain
 </pre>
@@ -1593,67 +1733,69 @@ To find out the location for your system, execute the command
 
 <hr>
 
-<a name="unknown_virtual"><h3>Rejecting mail for unknown virtual users</h3>
+<a name="domain_mailbox"><h3>Receiving a virtual domain in a mailbox</h3>
 
-Problem: mail for an unknown virtual user is misdelivered to a local
-user with the same name.
+Question: how to receive all mail for a domain in a mailbox without
+losing the original recipient information? The Postfix Delivered-To:
+mail header shows only the mailbox owner, not the virtual address
+that the mail was sent to.
 
 <p>
 
-Problem: mail for an unknown virtual user results in an ugly "mail
-loops back to myself" error from Postfix.
+Answer: I hope we all agree that delivering a domain to a mailbox
+is disgusting practice. Forwarding mail via SMTP or UUCP would be
+a much better choice.  Unfortunately, neither SMTP nor UUCP are a
+usable alternative for legions of windows users.
 
 <p>
 
-Solution: add a magical entry to the Postfix virtual database:
+That said, it is possible to propagate the original virtual recipient
+information to the Delivered-To: header. The trick is to use a
+virtual map that uses regular expressions instead of the more
+traditional indexed files.
 
 <p>
 
-<pre>
-    <b>/etc/postfix/virtual</b>:
-        virtual.domain whatever
-</pre>
+The following delivers <i>username@virtual.domain</i> with a
+Delivered-To: message header that contains <i>joe+username@your.domain</i>.
+Postfix already puts the envelope sender address in the Return-Path:
+header.  The information in the Delivered-To: and Return-Path:
+headers is sufficient to reliably implement a domain in a mailbox.
 
 <p>
 
-This entry will also fix the problem that the Postfix SMTP server
-refuses to <a href="#relay_virtual">receive</a> mail for the virtual
-domain.
+<pre>
+    /etc/postfix/main.cf:
+       recipient_delimiter = +
+       virtual_maps = 
+           ...non-regexp virtual maps...
+           regexp:/etc/postfix/virtual_regexp
+
+    /etc/postfix/virtual_regexp:
+       /^virtual\.domain$/             whatever
+       /^(.*\)@virtual\.domain$/       joe+$1
+</pre>
 
 <p>
 
-For more information on how to set up virtual domains, see the <a
-href="virtual.5.html">virtual</a> manual page.
-
-<hr>
-
-<a name="relay_virtual"><h3>Postfix refuses to receive mail for some
-virtual domains </h3>
-
-In order to receive mail for virtual domains, the Postfix SMTP server
-needs to know that the domain is OK.
-
-<p>
+Notes:
 
 <ul>
 
-<li>Create an entry in the virtual map that lists the virtual
-domain name:
+<li> Be sure to specify the <b>^</b> and <b>\</b> and <b>$</b> or
+else you may have false hits.
 
-<p>
+<li> Maps with regular expressions are searched sequentially. This
+can be expensive when you list many domains in regular expression
+maps.
 
-<pre>
-    <b>/etc/postfix/virtual</b>:
-        virtual.domain      whatever
-</pre>
+<li> Postfix has <b>regexp </b> map support only on modern UNIXes.
+Instead of <b>regexp </b> maps your Postfix system may also support
+<b>pcre</b> maps which have a similar syntax. To find out what maps
+your system supports, use the command <b>postconf -m</b>.
 
 </ul>
 
-<p>
-
-For more details, see the <a href="virtual.5.html">virtual</a>
-manual page.
-
 <hr>
 
 <a name="masquerade"><h3>Address masquerading with exceptions</h3></a>
@@ -1675,7 +1817,7 @@ coming from <i>user@my.domain</i>, specify:
 <p>
 
 <pre>
-    <b>/etc/postfix/main.cf</b>:
+    /etc/postfix/main.cf:
         masquerade_domains = $mydomain
 </pre>
 
@@ -1702,7 +1844,7 @@ such as <b>root</b>, specify:
 <p>
 
 <pre>
-    <b>/etc/postfix/main.cf</b>:
+    /etc/postfix/main.cf:
         masquerade_exceptions = root
 </pre>
 
@@ -1714,7 +1856,7 @@ such as <b>root</b>, specify:
 <p>
 
 <pre>
-    <b>/etc/postfix/main.cf</b>:
+    /etc/postfix/main.cf:
         masquerade_domains = somehost.my.domain otherhost.my.domain $mydomain
 </pre>
 
@@ -1760,7 +1902,7 @@ Examples:
 <p>
 
 <pre>
-    <b>/etc/postfix/main.cf</b>:
+    /etc/postfix/main.cf:
         mailbox_command = /some/program ...
 </pre>
 
@@ -1768,14 +1910,14 @@ Examples:
 
 This example specifies a command that delivers all local mail to
 mailbox.  See the sample <b>main.cf</b> file for examples. In
-<b>/etc/aliases</i>, you must specify an alias for <b>root</b> that
+<b>/etc/aliases</b>, you must specify an alias for <b>root</b> that
 directs mail to a real person, otherwise mail sent to <b>root</b>
 will not work as expected.
 
 <p>
 
 <pre>
-    <b>/etc/postfix/main.cf</b>:
+    /etc/postfix/main.cf:
         mailbox_transport = foo
 </pre>
 
@@ -1801,7 +1943,7 @@ host.
 
 <li>You need an <b>rmail</b> program that extracts the sender
 address from mail that arrives via UUCP, and that feeds the mail
-into the Postfix <b>sendmail<b> command.  Most UNIX systems come
+into the Postfix <b>sendmail</b> command.  Most UNIX systems come
 with an <b>rmail</b> utility. If you're in a pinch, try the one
 bundled with the Postfix source code in the <b>auxiliary</b>
 directory. Some day Postfix may have its own <b>rmail</b> command.
@@ -1814,7 +1956,7 @@ be delivered via UUCP, for example, to a host named <i>uucp-host</i>:
 <p>
 
 <pre>
-    <b>/etc/postfix/transport</b>:
+    /etc/postfix/transport:
         some.domain     uucp:uucp-host
         .some.domain    uucp:uucp-host
 </pre>
@@ -1836,21 +1978,22 @@ you change the <b>transport</b> file.
 <p>
 
 <pre>
-    <b>/etc/postfix/main.cf</b>:
+    /etc/postfix/main.cf:
         transport_maps = hash:/etc/postfix/transport
 </pre>
 
 <p>
 
 Specify <B>dbm</b> instead of <b>hash</b> if your system uses
-<b>dbm</b> files instead of <b>db</b> files.
+<b>dbm</b> files instead of <b>db</b> files. To find out what map
+types Postfix supports, use the command <b>postconf -m</b>.
 
 <p>
 
 <li>Define a mail transport for delivery via UUCP:
 
 <pre>
-    <b>/etc/postfix/master.cf</b>:
+    /etc/postfix/master.cf:
         uucp      unix  -       n       n       -       -       pipe
           flags=F user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
 </pre>
@@ -1870,7 +2013,7 @@ is willing to relay mail for.
 <p>
 
 <pre>
-    <b>/etc/postfix/main.cf</b>:
+    /etc/postfix/main.cf:
         relay_domains = some.domain $mydestination ...
 </pre>
 
@@ -1908,7 +2051,7 @@ mail transport to your UUCP gateway host, say, <i>uucp-gateway</i>:
 <p>
 
 <pre>
-    <b>/etc/postfix/main.cf</b>:
+    /etc/postfix/main.cf:
         relayhost = uucp-gateway
         default_transport = uucp
 </pre>
@@ -1920,7 +2063,7 @@ mail transport to your UUCP gateway host, say, <i>uucp-gateway</i>:
 <p>
 
 <pre>
-    <b>/etc/postfix/master.cf</b>:
+    /etc/postfix/master.cf:
         uucp      unix  -       n       n       -       -       pipe
           flags=F user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
 </pre>
@@ -1953,21 +2096,22 @@ HylaFax. Here's the setup used:
 <p>
 
 <pre>
-    <b>/etc/postfix/master.cf</b>:
+    /etc/postfix/master.cf:
         fax       unix  -       n       n       -       -       pipe
             flags= user=fax argv=/usr/bin/faxmail -d -n ${user}
 
-    <b>/etc/postfix/transport</b>:
+    /etc/postfix/transport:
         fax.your.domain   fax:localhost
 
-    <b>/etc/postfix/main.cf</b>:
+    /etc/postfix/main.cf:
         transport_maps = hash:/etc/postfix/transport
 </pre>
 
 <p>
 
 Specify <B>dbm</b> instead of <b>hash</b> if your system uses
-<b>dbm</b> files instead of <b>db</b> files.
+<b>dbm</b> files instead of <b>db</b> files. To find out what map
+types Postfix supports, use the command <b>postconf -m</b>.
 
 <p>
 
@@ -2031,7 +2175,7 @@ Fix: get rid of the third-party ndbm.h include file.
 
 <hr>
 
-<a name="db"><h3>Using DB libraries on Solaris etc.</h3> </a>
+<a name="db"><h3>Using third-party DB libraries</h3> </a>
 
 The old <b>dbm</b> UNIX database has severe limitations when you
 try to store lots of information. It breaks when the number of hash
@@ -2049,9 +2193,10 @@ version</a> which has a db-1.85 compatible interface.
 
 <p>
 
-Use the following commands in the Postfix top-level directory.
-The LD_LIBRARY_PATH unset commands may be required to avoid linking
-in the wrong libraries.
+To build with a third-party DB library, use the following commands
+in the Postfix top-level directory.
+On Solaris, the LD_LIBRARY_PATH unset commands may be required to
+avoid linking in the wrong libraries.
 
 <p>
 

diff --git a/postfix/makedefs b/postfix/makedefs
index 505186909ced57c2695c3b5d3c0f294bf5bf8599..1627dcb0b8d0af624fa2d96357dc84dbb8798e90 100644 (file)
--- a/postfix/makedefs
+++ b/postfix/makedefs
@@ -51,6 +51,11 @@ ARFL=rv
 
 SYSTEM=`(uname -s) 2>/dev/null`
 RELEASE=`(uname -r) 2>/dev/null`
+VERSION=`(uname -v) 2>/dev/null`
+
+case "$VERSION" in
+ dcosx*) SYSTEM=$VERSION;;
+esac
 
 case "$SYSTEM.$RELEASE" in
   UnixWare.5*) SYSTYPE=UW7
@@ -195,6 +200,11 @@ ReliantUNIX-?.5.43) SYSTYPE=ReliantUnix543
                : ${CC=cc}
                AWK=gawk
                ;;
+    dcosx.1*)  SYSTYPE=DCOSX1
+               RANLIB=echo
+               SYSLIBS="-lresolv -lsocket -lnsl -lc -lrpcsvc -L/usr/ucblib -lucb"
+               ;;
+
         ".")   if [ -d /NextApps ]; then
                    SYSTYPE=`hostinfo | sed -n \
                        's/^.*NeXT Mach 3.*$/NEXTSTEP3/;/NEXTSTEP3/{p;q;}'`

diff --git a/postfix/master/master_status.c b/postfix/master/master_status.c
index 4cc54db2f874cdb277c85ac540f865a54a72c934..40ad1508a64db8db716cd047ec7eb43b7210f83c 100644 (file)
--- a/postfix/master/master_status.c
+++ b/postfix/master/master_status.c
@@ -41,7 +41,6 @@
 /* System libraries. */
 
 #include <sys_defs.h>
-#include <sys/socket.h>
 #include <unistd.h>
 
 /* Utility library. */
@@ -155,10 +154,10 @@ void    master_status_init(MASTER_SERV *serv)
 
     /*
      * Make the read end of this service's status pipe non-blocking so that
-     * we can detect partial writes on the child side. We use a socket pair,
+     * we can detect partial writes on the child side. We use a duplex pipe
      * so that the child side becomes readable when the master goes away.
      */
-    if (socketpair(AF_UNIX, SOCK_STREAM, 0, serv->status_fd) < 0)
+    if (duplex_pipe(serv->status_fd) < 0)
        msg_fatal("pipe: %m");
     non_blocking(serv->status_fd[0], BLOCKING);
     close_on_exec(serv->status_fd[0], CLOSE_ON_EXEC);

diff --git a/postfix/smtp/smtp.c b/postfix/smtp/smtp.c
index 1e6c46a51d9e02b5fdc7ece8c78ead80f4775c85..a6c8f0f21bb4fd919a5230794dfef7a8de51375a 100644 (file)
--- a/postfix/smtp/smtp.c
+++ b/postfix/smtp/smtp.c
@@ -87,6 +87,8 @@
 /*     postmaster with transcripts of SMTP sessions with protocol errors.
 /* .IP \fBsmtp_skip_4xx_greeting\fR
 /*     Skip servers that greet us with a 4xx status code.
+/* .IP \fBsmtp_skip_5xx_greeting\fR
+/*     Skip servers that greet us with a 5xx status code.
 /* .IP \fBsmtp_skip_quit_response\fR
 /*     Do not wait for the server response after sending QUIT.
 /* .SH "Resource controls"
@@ -199,6 +201,7 @@ char   *var_debug_peer_list;
 int     var_debug_peer_level;
 char   *var_notify_classes;
 int     var_smtp_skip_4xx_greeting;
+int     var_smtp_skip_5xx_greeting;
 int     var_ign_mx_lookup_err;
 int     var_skip_quit_resp;
 char   *var_fallback_relay;
@@ -350,6 +353,7 @@ int     main(int argc, char **argv)
     };
     static CONFIG_BOOL_TABLE bool_table[] = {
        VAR_SMTP_SKIP_4XX, DEF_SMTP_SKIP_4XX, &var_smtp_skip_4xx_greeting,
+       VAR_SMTP_SKIP_5XX, DEF_SMTP_SKIP_5XX, &var_smtp_skip_5xx_greeting,
        VAR_IGN_MX_LOOKUP_ERR, DEF_IGN_MX_LOOKUP_ERR, &var_ign_mx_lookup_err,
        VAR_SKIP_QUIT_RESP, DEF_SKIP_QUIT_RESP, &var_skip_quit_resp,
        0,

diff --git a/postfix/smtp/smtp_connect.c b/postfix/smtp/smtp_connect.c
index 50ce89135094b040f1b3cf0a473fd318fce363d4..0a9ad31feac080420980722403dfd655f02e96e7 100644 (file)
--- a/postfix/smtp/smtp_connect.c
+++ b/postfix/smtp/smtp_connect.c
@@ -227,6 +227,17 @@ static SMTP_SESSION *smtp_connect_addr(DNS_RR *addr, unsigned port,
        vstream_fclose(stream);
        return (0);
     }
+
+    /*
+     * Skip this host if it sends a 5xx greeting.
+     */
+    if (ch == '5' && var_smtp_skip_5xx_greeting) {
+       vstring_sprintf(why, "connect to %s[%s]: server refused mail service",
+                       addr->name, inet_ntoa(sin.sin_addr));
+       smtp_errno = SMTP_RETRY;
+       vstream_fclose(stream);
+       return (0);
+    }
     vstream_ungetc(stream, ch);
     return (smtp_session_alloc(stream, addr->name, inet_ntoa(sin.sin_addr)));
 }

diff --git a/postfix/smtpd/smtpd_check.c b/postfix/smtpd/smtpd_check.c
index 0171c1e6aa4aa3cbb100e199dd2c045bcc1de62c..2c51019978f866861d0a7c8cab71641fa6cbd319 100644 (file)
--- a/postfix/smtpd/smtpd_check.c
+++ b/postfix/smtpd/smtpd_check.c
@@ -811,6 +811,7 @@ static int permit_auth_destination(char *recipient)
      */
     canon_addr_internal(query, recipient);
     resolve_clnt_query(STR(query), &reply);
+    lowercase(STR(reply.recipient));
 
     /*
      * Handle special case that is not supposed to happen.
@@ -947,6 +948,7 @@ static int permit_mx_backup(SMTPD_STATE *unused_state, const char *recipient)
      */
     canon_addr_internal(query, recipient);
     resolve_clnt_query(STR(query), &reply);
+    lowercase(STR(reply.recipient));
 
     /*
      * If the destination is local, it is acceptable, because we are
@@ -1088,6 +1090,7 @@ static int reject_unknown_address(SMTPD_STATE *state, char *addr,
      */
     canon_addr_internal(query, addr);
     resolve_clnt_query(STR(query), &reply);
+    lowercase(STR(reply.recipient));
 
     /*
      * Skip local destinations and non-DNS forms.
@@ -1369,6 +1372,7 @@ static int check_mail_access(SMTPD_STATE *state, char *table, char *addr,
      */
     canon_addr_internal(query, addr);
     resolve_clnt_query(STR(query), &reply);
+    lowercase(STR(reply.recipient));
 
     /*
      * Garbage in, garbage out. Every address from canon_addr_internal() and
@@ -1929,6 +1933,7 @@ char   *smtpd_check_rcptmap(SMTPD_STATE *state, char *recipient)
      */
     canon_addr_internal(query, recipient);
     resolve_clnt_query(STR(query), &reply);
+    lowercase(STR(reply.recipient));
 
     /*
      * Skip non-DNS forms. Skip non-local numerical forms.
@@ -1949,6 +1954,18 @@ char   *smtpd_check_rcptmap(SMTPD_STATE *state, char *recipient)
 #define NOP ((char **) 0)
 
     if (resolve_local(domain)) {
+       if (*var_virtual_maps
+           && maps_find(virtual_maps, domain, 0)) {
+           msg_warn("virtual domain \"%s\" is listed in $mydestination",
+                    domain);
+           msg_warn("the $local_recipient_maps feature requires that no");
+           msg_warn("virtual domains are listed in $mydestination");
+           msg_warn("be sure to specify the required \"%s whatever\"",
+                    domain);
+           msg_warn("entry in the virtual map, as explained in the man");
+           msg_warn("page and in the FAQ entry for virtual domains");
+           SMTPD_CHECK_RCPT_RETURN(0);
+       }
        if (*var_local_rcpt_maps
            && !mail_addr_find(rcpt_canon_maps, STR(reply.recipient), NOP)
            && !mail_addr_find(canonical_maps, STR(reply.recipient), NOP)

diff --git a/postfix/util/Makefile.in b/postfix/util/Makefile.in
index b13d41aa22fa56528f97769bfed7afcc837c79bd..7fe7b2e5bf358b7ac44ac52c44e146df434d7c3c 100644 (file)
--- a/postfix/util/Makefile.in
+++ b/postfix/util/Makefile.in
@@ -20,7 +20,7 @@ SRCS  = argv.c argv_split.c attr.c basename.c binhash.c chroot_uid.c \
        vstream.c vstream_popen.c vstring.c vstring_vstream.c writable.c \
        write_buf.c write_wait.c dict_unix.c dict_pcre.c stream_listen.c \
        stream_connect.c stream_trigger.c dict_regexp.c mac_expand.c \
-       clean_env.c watchdog.c spawn_command.c
+       clean_env.c watchdog.c spawn_command.c duplex_pipe.c
 OBJS   = argv.o argv_split.o attr.o basename.o binhash.o chroot_uid.o \
        close_on_exec.o concatenate.o dict.o dict_db.o dict_dbm.o \
        dict_env.o dict_ht.o dict_ldap.o dict_mysql.o dict_ni.o dict_nis.o \
@@ -42,7 +42,7 @@ OBJS  = argv.o argv_split.o attr.o basename.o binhash.o chroot_uid.o \
        vstream.o vstream_popen.o vstring.o vstring_vstream.o writable.o \
        write_buf.o write_wait.o dict_unix.o dict_pcre.o stream_listen.o \
        stream_connect.o stream_trigger.o dict_regexp.o mac_expand.o \
-       clean_env.o watchdog.o spawn_command.o
+       clean_env.o watchdog.o spawn_command.o duplex_pipe.o
 HDRS   = argv.h attr.h binhash.h chroot_uid.h connect.h dict.h dict_db.h \
        dict_dbm.h dict_env.h dict_ht.h dict_ldap.h dict_mysql.h \
        dict_ni.h dict_nis.h dict_nisplus.h dir_forest.h events.h \
@@ -439,6 +439,9 @@ doze.o: doze.c
 doze.o: sys_defs.h
 doze.o: msg.h
 doze.o: iostuff.h
+duplex_pipe.o: duplex_pipe.c
+duplex_pipe.o: sys_defs.h
+duplex_pipe.o: iostuff.h
 environ.o: environ.c
 environ.o: sys_defs.h
 events.o: events.c
@@ -863,6 +866,7 @@ vstream_popen.o: vbuf.h
 vstream_popen.o: argv.h
 vstream_popen.o: set_ugid.h
 vstream_popen.o: clean_env.h
+vstream_popen.o: iostuff.h
 vstring.o: vstring.c
 vstring.o: sys_defs.h
 vstring.o: mymalloc.h

diff --git a/postfix/util/duplex_pipe.c b/postfix/util/duplex_pipe.c
new file mode 100644 (file)
index 0000000..33d8339
--- /dev/null
+++ b/postfix/util/duplex_pipe.c
@@ -0,0 +1,47 @@
+/*++
+/* NAME
+/*     duplex_pipe 3
+/* SUMMARY
+/*     local IPD
+/* SYNOPSIS
+/*     #include <iostuff.h>
+/*
+/*     int     duplex_pipe(fds)
+/*     int     *fds;
+/* DESCRIPTION
+/*     duplex_pipe() uses whatever local primitive it takes
+/*     to get a two-way I/O channel.
+/* DIAGNOSTICS
+/*     A null result means success. In case of error, the result
+/*     is -1 and errno is set to the appropriate number.
+/* LICENSE
+/* .ad
+/* .fi
+/*     The Secure Mailer license must be distributed with this software.
+/* AUTHOR(S)
+/*     Wietse Venema
+/*     IBM T.J. Watson Research
+/*     P.O. Box 704
+/*     Yorktown Heights, NY 10598, USA
+/*--*/
+
+/* System libraries */
+
+#include <sys_defs.h>
+#include <sys/socket.h>
+
+/* Utility library. */
+
+#include "iostuff.h"
+
+/* duplex_pipe - give me a duplex pipe or bust */
+
+int     duplex_pipe(int *fds)
+{
+#ifdef HAS_DUPLEX_PIPE
+    return (pipe(fds));
+#else
+    return (socketpair(AF_UNIX, SOCK_STREAM, 0, fds));
+#endif
+}
+

diff --git a/postfix/util/iostuff.h b/postfix/util/iostuff.h
index 909bffb5e931e6a5463f48170711aeb33ba91ac1..32d350006641ac035425bcacbb1371e026cc3973 100644 (file)
--- a/postfix/util/iostuff.h
+++ b/postfix/util/iostuff.h
@@ -25,6 +25,7 @@ extern int read_wait(int, int);
 extern int write_wait(int, int);
 extern int write_buf(int, const char *, int, int);
 extern void doze(unsigned);
+extern int duplex_pipe(int *);
 
 #define BLOCKING       0
 #define NON_BLOCKING   1

diff --git a/postfix/util/safe_open.c b/postfix/util/safe_open.c
index c5a1aa5911017cbc0e37f66e5a776b19988c3d28..fae3e5341b62a500d6aef19473312e0fdf747d75 100644 (file)
--- a/postfix/util/safe_open.c
+++ b/postfix/util/safe_open.c
@@ -45,6 +45,14 @@
 /*     A safe open routine was discussed by Casper Dik in article
 /*     <2rdb0s$568@mail.fwi.uva.nl>, posted to comp.security.unix
 /*     (May 18, 1994).
+/*
+/*     Olaf Kirch discusses how the lstat()/open()+stat() test can
+/*     be fooled by delaying the open() until the inode found with
+/*     lstat() has been re-used for a sensitive file (article
+/*     <20000103212443.A5807@monad.swb.de> posted to bugtraq on
+/*     Jan 3, 2000).  This can be a concern for set-uid processes
+/*     that run under the control of a user and this can be
+/*     manipulated with start/stop signals.
 /* LICENSE
 /* .ad
 /* .fi
@@ -107,11 +115,17 @@ static VSTREAM *safe_open_exist(const char *path, int flags, VSTRING *why)
      * either we followed a symlink while opening an existing file, someone
      * quickly changed the number of hard links, or someone replaced the file
      * after the open() call. The link and mode tests aren't really necessary
-     * but the additional cost is low.
+     * in daemon processes. Set-uid programs, on the other hand, can be
+     * slowed down by arbitrary amounts, and there it would make sense to
+     * compare even more file attributes, such as the inode generation number
+     * on systems that have one.
      */
     else if (lstat(path, &lstat_st) < 0
             || fstat_st.st_dev != lstat_st.st_dev
             || fstat_st.st_ino != lstat_st.st_ino
+#ifdef HAS_ST_GEN
+            || fstat_st.st_gen != lstat_st.st_gen
+#endif
             || fstat_st.st_nlink != lstat_st.st_nlink
             || fstat_st.st_mode != lstat_st.st_mode) {
        vstring_sprintf(why, "file %s: status has changed", path);

diff --git a/postfix/util/sys_defs.h b/postfix/util/sys_defs.h
index 0cfa3fde2a7f616d1dd5a7d1fe91597e54e73b9c..9ad93b8704113c278b941a608cdef6581631a849 100644 (file)
--- a/postfix/util/sys_defs.h
+++ b/postfix/util/sys_defs.h
@@ -21,7 +21,7 @@
   */
 #if defined(FREEBSD2) || defined(FREEBSD3) || defined(FREEBSD4) \
     || defined(BSDI2) || defined(BSDI3) || defined(BSDI4) \
-    || defined(OPENBSD2) || defined(NETBSD1) || defined(RHAPSODY5)
+    || defined(OPENBSD2) || defined(NETBSD1)
 #define SUPPORTED
 #include <sys/types.h>
 #define USE_PATHS_H
@@ -37,9 +37,14 @@
 #define USE_STATFS
 #define STATFS_IN_SYS_MOUNT_H
 #define HAS_POSIX_REGEXP
+#define HAS_ST_GEN     /* struct stat contains inode generation number */
 #endif
 
-#if defined(OPENBSD2)
+#if defined(FREEBSD2) || defined(FREEBSD3) || defined(FREEBSD4)
+#define HAS_DUPLEX_PIPE
+#endif
+
+#if defined(OPENBSD2) || defined(FREEBSD3) || defined(FREEBSD4)
 #define HAS_ISSETUGID
 #endif
 
@@ -48,6 +53,21 @@
 #endif
 
 #if defined(RHAPSODY5)
+#define SUPPORTED
+#include <sys/types.h>
+#define USE_PATHS_H
+#define USE_FLOCK_LOCK
+#define HAS_SUN_LEN
+#define HAS_FSYNC
+#define HAS_DB
+#define HAS_SA_LEN
+#define DEF_DB_TYPE    "hash"
+#define ALIAS_DB_MAP   "hash:/etc/aliases"
+#define GETTIMEOFDAY(t) gettimeofday(t,(struct timezone *) 0)
+#define ROOT_PATH      "/bin:/usr/bin:/sbin:/usr/sbin"
+#define USE_STATFS
+#define STATFS_IN_SYS_MOUNT_H
+#define HAS_POSIX_REGEXP
 #define NORETURN       void
 #define HAS_NETINFO
 #endif
@@ -62,8 +82,8 @@
 #define UNSAFE_CTYPE                   /* XXX verify */
 #define _PATH_MAILDIR  "/var/spool/mail"
 #define _PATH_BSHELL   "/bin/sh"
-#define _PATH_DEFPATH  "/usr/bin:/usr/ucb"
-#define _PATH_STDPATH  "/usr/bin:/usr/etc:/usr/ucb"
+#define _PATH_DEFPATH  "/bin:/usr/bin:/usr/ucb"
+#define _PATH_STDPATH  "/bin:/usr/bin:/usr/etc:/usr/ucb"
 #define USE_FLOCK_LOCK
 #define USE_DOT_LOCK
 #define HAS_FSYNC
@@ -79,6 +99,7 @@
 extern int optind;
 extern char *optarg;
 extern int opterr;
+extern int h_errno;
 
 #define MISSING_STRFTIME_E
 #define HAS_NIS
@@ -554,6 +575,34 @@ extern int opterr;                 /* XXX use <getopt.h> */
 #define USE_STATVFS
 #define STATVFS_IN_SYS_STATVFS_H
 #define MISSING_USLEEP
+#endif
+
+#ifdef DCOSX1                          /* Siemens Pyramid */
+#define SUPPORTED
+#include <sys/types.h>
+#define _PATH_MAILDIR  "/var/mail"
+#define _PATH_BSHELL   "/bin/sh"
+#define _PATH_DEFPATH  "/usr/bin:/usr/ucb"
+#define _PATH_STDPATH  "/usr/bin:/usr/sbin:/usr/ucb"
+#define MISSING_SETENV
+#define USE_FCNTL_LOCK
+#define USE_DOT_LOCK
+#define HAS_FSYNC
+#define DEF_DB_TYPE    "hash"
+#define ALIAS_DB_MAP   "hash:/etc/aliases"
+/* Uncomment the following line if you have NIS package installed */
+/* #define HAS_NIS */
+#define USE_SYS_SOCKIO_H
+#define GETTIMEOFDAY(t) gettimeofday(t,NULL)
+#define ROOT_PATH      "/bin:/usr/bin:/sbin:/usr/sbin:/usr/ucb"
+#define FIONREAD_IN_SYS_FILIO_H
+#define DBM_NO_TRAILING_NULL
+#define USE_STATVFS
+#define STATVFS_IN_SYS_STATVFS_H
+#define UNIX_DOMAIN_CONNECT_BLOCKS_FOR_ACCEPT
+#ifndef S_ISSOCK
+#define S_ISSOCK(mode) ((mode&0xF000) == 0xC000)
+#endif
 #endif
 
  /*
@@ -721,7 +770,7 @@ typedef int pid_t;
 
  /*
   * Making the ctype.h macros not more expensive than necessary. On some
-  * systems, ctype.h misbehaves badly with signed characters.
+  * systems, ctype.h misbehaves with non-ASCII and/or negative characters.
   */
 #define _UCHAR_(c)     ((unsigned char)(c))
 #ifdef UNSAFE_CTYPE

diff --git a/postfix/util/vstream_popen.c b/postfix/util/vstream_popen.c
index 4e741603c82a2d4e8d95fbb28249d2a591f45a7f..82a7a0c9017972933cdc987007d9f55f955d3d09 100644 (file)
--- a/postfix/util/vstream_popen.c
+++ b/postfix/util/vstream_popen.c
@@ -20,7 +20,7 @@
 /*     \fIcommand\fR, which is executed by a child process. The \fIflags\fR
 /*     argument is as with vstream_fopen(). The child's standard input and
 /*     standard output are redirected to the stream, which is based on a
-/*     socketpair.
+/*     socketpair or other suitable local IPC.
 /*
 /*     vstream_popen_vargs() offers the user more control over the
 /*     child process and over how it is managed. The key argument
@@ -90,7 +90,6 @@
 /* System library. */
 
 #include <sys_defs.h>
-#include <sys/socket.h>
 #include <sys/wait.h>
 #include <unistd.h>
 #include <stdlib.h>
@@ -108,6 +107,7 @@
 #include <argv.h>
 #include <set_ugid.h>
 #include <clean_env.h>
+#include <iostuff.h>
 
 /* Application-specific. */
 
@@ -207,7 +207,7 @@ VSTREAM *vstream_popen_vargs(int flags,...)
     if (args.command == 0)
        args.command = args.argv[0];
 
-    if (socketpair(AF_UNIX, SOCK_STREAM, 0, sockfd) < 0)
+    if (duplex_pipe(sockfd) < 0)
        return (0);
 
     switch (pid = fork()) {