Bugfix: the postscreen_access_list feature was case-sensitive
in the first character of permit, reject, etc. Reported by
Francis Picabia. File: global/server_acl.c.
+
+20121009
+
+ Documentation: interaction between delay_warning_time,
+ notify_classes and delay_notice_recipient. File:
+ proto/postconf.proto.
+
+20101009
+
+ Human factors: log a warning that the postcat option -m
+ without -h or -b has no effect. File: postcat/postcat.c.
+
+20121010
+
+ Bugfix (introduced: Postfix 2.5): memory leak in program
+ initialization. Reported by Coverity. File: tls/tls_misc.c.
+
+ Bugfix (introduced: Postfix 2.3): memory leak in the unused
+ oqmgr program. Reported by Coverity. File: oqmgr/qmgr_message.c.
+
+20121011
+
+ Documentation: how to enable /etc/hosts multi-record lookups
+ with main.cf settings. File: proto/LINUX_README.html.
+
+ Documentation: clarified the postscreen-tlsproxy interface.
+ File: tlsproxy/tlsproxy.c.
+
+20121012
+
+ Documentation: a simpler null-client example. File:
+ proto/STANDARD_CONFIGURATION_README.html
+
+20120113
+
+ Cleanup: to compute the LDAP connection cache lookup key,
+ join the numeric fields with null, just like string fields.
+ Viktor Dukhovni. File: global/dict_ldap.c.
+
+20121015
+
+ Documentation: added section on regular-expression tables
+ to the aliases(5) manpage. File: proto/aliases.
+
+ Documentation: why "smtp_address_preference = any" is the
+ preferred setting. File: proto/postconf.proto.
multi on
...
+Alternatively, specify the RESOLV_MULTI environment variable in main.cf:
+
+ /etc/postfix/main.cf:
+ import_environment = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY
+ DISPLAY LANG=C RESOLV_MULTI=on
+
B\bBe\ber\brk\bke\bel\ble\bey\by D\bDB\bB i\bis\bss\bsu\bue\bes\bs
If you can't compile Postfix because the file "db.h" isn't found, then you MUST
uses POP, IMAP or NFS for mailbox access.
In this example we assume that the Internet domain name is "example.com" and
-that the machine is named "nullclient.example.com". As usual, the examples show
+that the machine is named "hostname.example.com". As usual, the examples show
only parameters that are not left at their default settings.
1 /etc/postfix/main.cf:
- 2 myorigin = $mydomain
- 3 relayhost = $mydomain
- 4 inet_interfaces = loopback-only
- 5 local_transport = error:local delivery is disabled
- 6
- 7 /etc/postfix/master.cf:
- 8 Comment out the local delivery agent entry
+ 2 myhostname = hostname.example.com
+ 3 myorigin = $mydomain
+ 4 relayhost = $mydomain
+ 5 inet_interfaces = loopback-only
+ 6 mydestination =
Translation:
- * Line 2: Send mail as "user@example.com" (instead of
- "user@nullclient.example.com"), so that nothing ever has a reason to send
- mail to "user@nullclient.example.com".
+ * Line 2: Set myhostname to hostname.example.com, in case the machine name
+ isn't set to a fully-qualified domain name (use the command "postconf -
+ d myhostname" to find out what the machine name is).
+
+ * Line 2: The myhostname value also provides the default value for the
+ mydomain parameter (here, "mydomain = example.com").
+
+ * Line 3: Send mail as "user@example.com" (instead of
+ "user@hostname.example.com"), so that nothing ever has a reason to send
+ mail to "user@hostname.example.com".
- * Line 3: Forward all mail to the mail server that is responsible for the
+ * Line 4: Forward all mail to the mail server that is responsible for the
"example.com" domain. This prevents mail from getting stuck on the null
client if it is turned off while some remote destination is unreachable.
+ Specify a real hostname here if your "example.com" domain has no MX record.
- * Line 4: Do not accept mail from the network.
+ * Line 5: Do not accept mail from the network.
- * Lines 5-8: Disable local mail delivery. All mail goes to the mail server as
- specified in line 3.
+ * Line 6: Disable local mail delivery. All mail goes to the mail server as
+ specified in line 4.
P\bPo\bos\bst\btf\bfi\bix\bx o\bon\bn a\ba l\blo\boc\bca\bal\bl n\bne\bet\btw\bwo\bor\brk\bk
# newaliases in order to rebuild the indexed file after
# changing the Postfix alias database.
#
-# The input and output file formats are expected to be com-
-# patible with Sendmail version 8, and are expected to be
-# suitable for the use as NIS maps.
+# When the table is provided via other means such as NIS,
+# LDAP or SQL, the same lookups are done as for ordinary
+# indexed files.
+#
+# Alternatively, the table can be provided as a regular-
+# expression map where patterns are given as regular expres-
+# sions. In this case, the lookups are done in a slightly
+# different way as described below under "REGULAR EXPRESSION
+# TABLES".
#
# Users can control delivery of their own mail by setting up
# .forward files in their home directory. Lines in per-user
# The local(8) delivery agent always folds the search string
# to lowercase before database lookup.
#
+# REGULAR EXPRESSION TABLES
+# This section describes how the table lookups change when
+# the table is given in the form of regular expressions. For
+# a description of regular expression lookup table syntax,
+# see regexp_table(5) or pcre_table(5). NOTE: these formats
+# do not use ":" at the end of a pattern.
+#
+# Each regular expression is applied to the entire search
+# string. Thus, a search string user+foo is not broken up
+# into user and foo.
+#
+# Regular expressions are applied in the order as specified
+# in the table, until a regular expression is found that
+# matches the search string.
+#
+# Lookup results are the same as with indexed file lookups.
+# For security reasons there is no support for $1, $2 etc.
+# substring interpolation.
+#
# SECURITY
# The local(8) delivery agent disallows regular expression
# substitution of $1 etc. in alias_maps, because that would
</pre>
</blockquote>
+<p> Alternatively, specify the RESOLV_MULTI environment variable
+in <a href="postconf.5.html">main.cf</a>: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#import_environment">import_environment</a> = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY LANG=C RESOLV_MULTI=on
+</pre>
+</blockquote>
+
<h2>Berkeley DB issues</h2>
<p> If you can't compile Postfix because the file "db.h"
null client typically uses POP, IMAP or NFS for mailbox access. </p>
<p> In this example we assume that the Internet domain name is
-"example.com" and that the machine is named "nullclient.example.com".
+"example.com" and that the machine is named "hostname.example.com".
As usual, the examples show only parameters that are not left at
their default settings. </p>
<blockquote>
<pre>
1 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
-2 <a href="postconf.5.html#myorigin">myorigin</a> = $<a href="postconf.5.html#mydomain">mydomain</a>
-3 <a href="postconf.5.html#relayhost">relayhost</a> = $<a href="postconf.5.html#mydomain">mydomain</a>
-4 <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback-only
-5 <a href="postconf.5.html#local_transport">local_transport</a> = <a href="error.8.html">error</a>:local delivery is disabled
-6
-7 /etc/postfix/<a href="master.5.html">master.cf</a>:
-8 Comment out the local delivery agent entry
+2 <a href="postconf.5.html#myhostname">myhostname</a> = hostname.example.com
+3 <a href="postconf.5.html#myorigin">myorigin</a> = $<a href="postconf.5.html#mydomain">mydomain</a>
+4 <a href="postconf.5.html#relayhost">relayhost</a> = $<a href="postconf.5.html#mydomain">mydomain</a>
+5 <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback-only
+6 <a href="postconf.5.html#mydestination">mydestination</a> =
</pre>
</blockquote>
<ul>
-<li> <p> Line 2: Send mail as "user@example.com" (instead of
-"user@nullclient.example.com"), so that nothing ever has a reason
-to send mail to "user@nullclient.example.com". </p>
+<li> <p> Line 2: Set <a href="postconf.5.html#myhostname">myhostname</a> to hostname.example.com, in case
+the machine name isn't set to a fully-qualified domain name (use
+the command "postconf -d <a href="postconf.5.html#myhostname">myhostname</a>" to find out what the machine
+name is). </p>
+
+<li> <p> Line 2: The <a href="postconf.5.html#myhostname">myhostname</a> value also provides the default
+value for the <a href="postconf.5.html#mydomain">mydomain</a> parameter (here, "<a href="postconf.5.html#mydomain">mydomain</a> = example.com").
+</p>
+
+<li> <p> Line 3: Send mail as "user@example.com" (instead of
+"user@hostname.example.com"), so that nothing ever has a reason
+to send mail to "user@hostname.example.com". </p>
-<li> <p> Line 3: Forward all mail to the mail server that is
+<li> <p> Line 4: Forward all mail to the mail server that is
responsible for the "example.com" domain. This prevents mail from
getting stuck on the null client if it is turned off while some
-remote destination is unreachable. </p>
+remote destination is unreachable. Specify a real hostname
+here if your "example.com" domain has no MX record. </p>
-<li> <p> Line 4: Do not accept mail from the network. </p>
+<li> <p> Line 5: Do not accept mail from the network. </p>
-<li> <p> Lines 5-8: Disable local mail delivery. All mail goes to
-the mail server as specified in line 3. </p>
+<li> <p> Line 6: Disable local mail delivery. All mail goes to
+the mail server as specified in line 4. </p>
</ul>
<b>newaliases</b> in order to rebuild the indexed file after
changing the Postfix alias database.
- The input and output file formats are expected to be com-
- patible with Sendmail version 8, and are expected to be
- suitable for the use as NIS maps.
+ When the table is provided via other means such as NIS,
+ LDAP or SQL, the same lookups are done as for ordinary
+ indexed files.
+
+ Alternatively, the table can be provided as a regular-
+ expression map where patterns are given as regular expres-
+ sions. In this case, the lookups are done in a slightly
+ different way as described below under "REGULAR EXPRESSION
+ TABLES".
Users can control delivery of their own mail by setting up
<b>.forward</b> files in their home directory. Lines in per-user
The <a href="local.8.html">local(8)</a> delivery agent always folds the search string
to lowercase before database lookup.
+<b>REGULAR EXPRESSION TABLES</b>
+ This section describes how the table lookups change when
+ the table is given in the form of regular expressions. For
+ a description of regular expression lookup table syntax,
+ see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>. NOTE: these formats
+ do not use ":" at the end of a pattern.
+
+ Each regular expression is applied to the entire search
+ string. Thus, a search string <i>user+foo</i> is not broken up
+ into <i>user</i> and <i>foo</i>.
+
+ Regular expressions are applied in the order as specified
+ in the table, until a regular expression is found that
+ matches the search string.
+
+ Lookup results are the same as with indexed file lookups.
+ For security reasons there is no support for <b>$1</b>, <b>$2</b> etc.
+ substring interpolation.
+
<b>SECURITY</b>
The <a href="local.8.html"><b>local</b>(8)</a> delivery agent disallows regular expression
substitution of $1 etc. in <b><a href="postconf.5.html#alias_maps">alias_maps</a></b>, because that would
point when logging sub-second delay values.
<b><a href="postconf.5.html#delay_warning_time">delay_warning_time</a> (0h)</b>
- The time after which the sender receives the mes-
- sage headers of mail that is still queued.
+ The time after which the sender receives a copy of
+ the message headers of mail that is still queued.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
The time limit for sending or receiving information
<a href="postalias.1.html"><b>postalias</b>(1)</a> and <a href="postmap.1.html"><b>postmap</b>(1)</a> commands.
<b><a href="postconf.5.html#delay_warning_time">delay_warning_time</a> (0h)</b>
- The time after which the sender receives the mes-
- sage headers of mail that is still queued.
+ The time after which the sender receives a copy of
+ the message headers of mail that is still queued.
<b><a href="postconf.5.html#enable_errors_to">enable_errors_to</a> (no)</b>
Report mail delivery errors to the address speci-
<a href="postalias.1.html"><b>postalias</b>(1)</a> and <a href="postmap.1.html"><b>postmap</b>(1)</a> commands.
<b><a href="postconf.5.html#delay_warning_time">delay_warning_time</a> (0h)</b>
- The time after which the sender receives the mes-
- sage headers of mail that is still queued.
+ The time after which the sender receives a copy of
+ the message headers of mail that is still queued.
<b><a href="postconf.5.html#enable_errors_to">enable_errors_to</a> (no)</b>
Report mail delivery errors to the address speci-
units. </p>
<p>
-This feature is enabled with the <a href="postconf.5.html#delay_warning_time">delay_warning_time</a> parameter.
+See also: <a href="postconf.5.html#delay_warning_time">delay_warning_time</a>, <a href="postconf.5.html#notify_classes">notify_classes</a>.
</p>
(default: 0h)</b></DT><DD>
<p>
-The time after which the sender receives the message headers of
-mail that is still queued.
+The time after which the sender receives a copy of the message
+headers of mail that is still queued.
</p>
<p>
The default time unit is h (hours).
</p>
+<p>
+See also: <a href="postconf.5.html#delay_notice_recipient">delay_notice_recipient</a>, <a href="postconf.5.html#notify_classes">notify_classes</a>.
+</p>
+
</DD>
<dt><b>delay</b></dt>
-<dd>Send the postmaster copies of the headers of delayed mail. The
+<dd>Send the postmaster copies of the headers of delayed mail (see
+<a href="postconf.5.html#delay_warning_time">delay_warning_time</a>). The
notification is sent to the address specified with the
<a href="postconf.5.html#delay_notice_recipient">delay_notice_recipient</a> configuration parameter (default: postmaster).
</dd>
unless the <a href="postconf.5.html#inet_protocols">inet_protocols</a> setting enables both IPv4 and IPv6.
With Postfix 2.8 the default is "ipv6". </p>
+<p> Notes for mail delivery between sites that have both IPv4 and
+IPv6 connectivity: </p>
+
+<ul>
+
+<li> <p> The setting "<a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a> = ipv6" is unsafe.
+It can fail to deliver mail when there is an outage that affects
+IPv6, while the destination is still reachable over IPv4. </p>
+
+<li> <p> The setting "<a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a> = any" is safe. With
+this, mail will eventually be delivered even if there is an outage
+that affects IPv6 or IPv4, as long as it does not affect both. </p>
+
+</ul>
+
<p> This feature is available in Postfix 2.8 and later. </p>
<a href="postalias.1.html"><b>postalias</b>(1)</a> and <a href="postmap.1.html"><b>postmap</b>(1)</a> commands.
<b><a href="postconf.5.html#delay_warning_time">delay_warning_time</a> (0h)</b>
- The time after which the sender receives the mes-
- sage headers of mail that is still queued.
+ The time after which the sender receives a copy of
+ the message headers of mail that is still queued.
<b><a href="postconf.5.html#enable_errors_to">enable_errors_to</a> (no)</b>
Report mail delivery errors to the address speci-
<b>DESCRIPTION</b>
The <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server implements a server-side TLS proxy.
It is used by <a href="postscreen.8.html"><b>postscreen</b>(8)</a> to talk SMTP-over-TLS with
- remote SMTP clients whose whitelist status has expired,
- but it should also work for non-SMTP protocols.
+ remote SMTP clients that are not whitelisted (including
+ clients whose whitelist status has expired), but it should
+ also work for non-SMTP protocols.
- Although one <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> process can serve multiple ses-
- sions at the same time, it is a good idea to allow the
- number of processes to increase with load, so that the
+ Although one <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> process can serve multiple ses-
+ sions at the same time, it is a good idea to allow the
+ number of processes to increase with load, so that the
service remains responsive.
<b>PROTOCOL EXAMPLE</b>
- The example below concerns <a href="postscreen.8.html"><b>postscreen</b>(8)</a>. However, the
- <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server is agnostic of the application proto-
- col, and the example is easily adapted to other applica-
+ The example below concerns <a href="postscreen.8.html"><b>postscreen</b>(8)</a>. However, the
+ <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server is agnostic of the application proto-
+ col, and the example is easily adapted to other applica-
tions.
- The <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server sends the remote SMTP client end-
- point string, the requested role (server), and the
- requested timeout to <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a>. <a href="postscreen.8.html"><b>postscreen</b>(8)</a> then
+ After receiving a valid remote SMTP client STARTTLS com-
+ mand, the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server sends the remote SMTP
+ client endpoint string, the requested role (server), and
+ the requested timeout to <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a>. <a href="postscreen.8.html"><b>postscreen</b>(8)</a> then
receives a "TLS available" indication from <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a>.
If the TLS service is available, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> sends the
remote SMTP client file descriptor to <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a>, and
The default database type for use in \fBnewaliases\fR(1), \fBpostalias\fR(1)
and \fBpostmap\fR(1) commands.
.IP "\fBdelay_warning_time (0h)\fR"
-The time after which the sender receives the message headers of
-mail that is still queued.
+The time after which the sender receives a copy of the message
+headers of mail that is still queued.
.IP "\fBenable_errors_to (no)\fR"
Report mail delivery errors to the address specified with the
non-standard Errors-To: message header, instead of the envelope
\fBnewaliases\fR in order to rebuild the indexed file after
changing the Postfix alias database.
-The input and output file formats are expected to be compatible
-with Sendmail version 8, and are expected to be suitable for the
-use as NIS maps.
+When the table is provided via other means such as NIS, LDAP
+or SQL, the same lookups are done as for ordinary indexed files.
+
+Alternatively, the table can be provided as a regular-expression
+map where patterns are given as regular expressions. In
+this case, the lookups are done in a slightly different way
+as described below under "REGULAR EXPRESSION TABLES".
Users can control delivery of their own mail by setting
up \fB.forward\fR files in their home directory.
.fi
The local(8) delivery agent always folds the search string
to lowercase before database lookup.
+.SH "REGULAR EXPRESSION TABLES"
+.na
+.nf
+.ad
+.fi
+This section describes how the table lookups change when the table
+is given in the form of regular expressions. For a description of
+regular expression lookup table syntax, see \fBregexp_table\fR(5)
+or \fBpcre_table\fR(5). NOTE: these formats do not use ":" at the
+end of a pattern.
+
+Each regular expression is applied to the entire search
+string. Thus, a search string \fIuser+foo\fR is not broken
+up into \fIuser\fR and \fIfoo\fR.
+
+Regular expressions are applied in the order as specified
+in the table, until a regular expression is found that
+matches the search string.
+
+Lookup results are the same as with indexed file lookups.
+For security reasons there is no support for \fB$1\fR,
+\fB$2\fR etc. substring interpolation.
.SH "SECURITY"
.na
.nf
of mail that cannot be delivered within $delay_warning_time time
units.
.PP
-This feature is enabled with the delay_warning_time parameter.
+See also: delay_warning_time, notify_classes.
.SH delay_warning_time (default: 0h)
-The time after which the sender receives the message headers of
-mail that is still queued.
+The time after which the sender receives a copy of the message
+headers of mail that is still queued.
.PP
To enable this feature, specify a non-zero time value (an integral
value plus an optional one-letter suffix that specifies the time
.PP
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is h (hours).
+.PP
+See also: delay_notice_recipient, notify_classes.
.SH deliver_lock_attempts (default: 20)
The maximal number of attempts to acquire an exclusive lock on a
mailbox file or \fBbounce\fR(8) logfile.
is available in Postfix 2.9 and later.
.br
.IP "\fBdelay\fR"
-Send the postmaster copies of the headers of delayed mail. The
+Send the postmaster copies of the headers of delayed mail (see
+delay_warning_time). The
notification is sent to the address specified with the
delay_notice_recipient configuration parameter (default: postmaster).
.br
unless the inet_protocols setting enables both IPv4 and IPv6.
With Postfix 2.8 the default is "ipv6".
.PP
+Notes for mail delivery between sites that have both IPv4 and
+IPv6 connectivity:
+.IP \(bu
+The setting "smtp_address_preference = ipv6" is unsafe.
+It can fail to deliver mail when there is an outage that affects
+IPv6, while the destination is still reachable over IPv4.
+.IP \(bu
+The setting "smtp_address_preference = any" is safe. With
+this, mail will eventually be delivered even if there is an outage
+that affects IPv6 or IPv4, as long as it does not affect both.
+.br
+.PP
This feature is available in Postfix 2.8 and later.
.SH smtp_always_send_ehlo (default: yes)
Always send EHLO at the start of an SMTP session.
The maximal number of digits after the decimal point when logging
sub-second delay values.
.IP "\fBdelay_warning_time (0h)\fR"
-The time after which the sender receives the message headers of
-mail that is still queued.
+The time after which the sender receives a copy of the message
+headers of mail that is still queued.
.IP "\fBipc_timeout (3600s)\fR"
The time limit for sending or receiving information over an internal
communication channel.
.fi
The \fBtlsproxy\fR(8) server implements a server-side TLS
proxy. It is used by \fBpostscreen\fR(8) to talk SMTP-over-TLS
-with remote SMTP clients whose whitelist status has expired,
+with remote SMTP clients that are not whitelisted (including
+clients whose whitelist status has expired),
but it should also work for non-SMTP protocols.
Although one \fBtlsproxy\fR(8) process can serve multiple
protocol, and the example is easily adapted to other
applications.
-The \fBpostscreen\fR(8) server sends the remote SMTP client
+After receiving a valid remote SMTP client STARTTLS command,
+the \fBpostscreen\fR(8) server sends the remote SMTP client
endpoint string, the requested role (server), and the
requested timeout to \fBtlsproxy\fR(8). \fBpostscreen\fR(8)
then receives a "TLS available" indication from \fBtlsproxy\fR(8).
</pre>
</blockquote>
+<p> Alternatively, specify the RESOLV_MULTI environment variable
+in main.cf: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/main.cf:
+ import_environment = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY LANG=C RESOLV_MULTI=on
+</pre>
+</blockquote>
+
<h2>Berkeley DB issues</h2>
<p> If you can't compile Postfix because the file "db.h"
null client typically uses POP, IMAP or NFS for mailbox access. </p>
<p> In this example we assume that the Internet domain name is
-"example.com" and that the machine is named "nullclient.example.com".
+"example.com" and that the machine is named "hostname.example.com".
As usual, the examples show only parameters that are not left at
their default settings. </p>
<blockquote>
<pre>
1 /etc/postfix/main.cf:
-2 myorigin = $mydomain
-3 relayhost = $mydomain
-4 inet_interfaces = loopback-only
-5 local_transport = error:local delivery is disabled
-6
-7 /etc/postfix/master.cf:
-8 Comment out the local delivery agent entry
+2 myhostname = hostname.example.com
+3 myorigin = $mydomain
+4 relayhost = $mydomain
+5 inet_interfaces = loopback-only
+6 mydestination =
</pre>
</blockquote>
<ul>
-<li> <p> Line 2: Send mail as "user@example.com" (instead of
-"user@nullclient.example.com"), so that nothing ever has a reason
-to send mail to "user@nullclient.example.com". </p>
+<li> <p> Line 2: Set myhostname to hostname.example.com, in case
+the machine name isn't set to a fully-qualified domain name (use
+the command "postconf -d myhostname" to find out what the machine
+name is). </p>
+
+<li> <p> Line 2: The myhostname value also provides the default
+value for the mydomain parameter (here, "mydomain = example.com").
+</p>
+
+<li> <p> Line 3: Send mail as "user@example.com" (instead of
+"user@hostname.example.com"), so that nothing ever has a reason
+to send mail to "user@hostname.example.com". </p>
-<li> <p> Line 3: Forward all mail to the mail server that is
+<li> <p> Line 4: Forward all mail to the mail server that is
responsible for the "example.com" domain. This prevents mail from
getting stuck on the null client if it is turned off while some
-remote destination is unreachable. </p>
+remote destination is unreachable. Specify a real hostname
+here if your "example.com" domain has no MX record. </p>
-<li> <p> Line 4: Do not accept mail from the network. </p>
+<li> <p> Line 5: Do not accept mail from the network. </p>
-<li> <p> Lines 5-8: Disable local mail delivery. All mail goes to
-the mail server as specified in line 3. </p>
+<li> <p> Line 6: Disable local mail delivery. All mail goes to
+the mail server as specified in line 4. </p>
</ul>
# \fBnewaliases\fR in order to rebuild the indexed file after
# changing the Postfix alias database.
#
-# The input and output file formats are expected to be compatible
-# with Sendmail version 8, and are expected to be suitable for the
-# use as NIS maps.
+# When the table is provided via other means such as NIS, LDAP
+# or SQL, the same lookups are done as for ordinary indexed files.
+#
+# Alternatively, the table can be provided as a regular-expression
+# map where patterns are given as regular expressions. In
+# this case, the lookups are done in a slightly different way
+# as described below under "REGULAR EXPRESSION TABLES".
#
# Users can control delivery of their own mail by setting
# up \fB.forward\fR files in their home directory.
# CASE FOLDING
# .ad
# .fi
-# The local(8) delivery agent always folds the search string
-# to lowercase before database lookup.
+# The local(8) delivery agent always folds the search string
+# to lowercase before database lookup.
+# REGULAR EXPRESSION TABLES
+# .ad
+# .fi
+# This section describes how the table lookups change when the table
+# is given in the form of regular expressions. For a description of
+# regular expression lookup table syntax, see \fBregexp_table\fR(5)
+# or \fBpcre_table\fR(5). NOTE: these formats do not use ":" at the
+# end of a pattern.
+#
+# Each regular expression is applied to the entire search
+# string. Thus, a search string \fIuser+foo\fR is not broken
+# up into \fIuser\fR and \fIfoo\fR.
+#
+# Regular expressions are applied in the order as specified
+# in the table, until a regular expression is found that
+# matches the search string.
+#
+# Lookup results are the same as with indexed file lookups.
+# For security reasons there is no support for \fB$1\fR,
+# \fB$2\fR etc. substring interpolation.
# SECURITY
# .ad
# .fi
<dt><b>delay</b></dt>
-<dd>Send the postmaster copies of the headers of delayed mail. The
+<dd>Send the postmaster copies of the headers of delayed mail (see
+delay_warning_time). The
notification is sent to the address specified with the
delay_notice_recipient configuration parameter (default: postmaster).
</dd>
units. </p>
<p>
-This feature is enabled with the delay_warning_time parameter.
+See also: delay_warning_time, notify_classes.
</p>
%PARAM delay_warning_time 0h
<p>
-The time after which the sender receives the message headers of
-mail that is still queued.
+The time after which the sender receives a copy of the message
+headers of mail that is still queued.
</p>
<p>
The default time unit is h (hours).
</p>
+<p>
+See also: delay_notice_recipient, notify_classes.
+</p>
+
%PARAM disable_dns_lookups no
<p>
unless the inet_protocols setting enables both IPv4 and IPv6.
With Postfix 2.8 the default is "ipv6". </p>
+<p> Notes for mail delivery between sites that have both IPv4 and
+IPv6 connectivity: </p>
+
+<ul>
+
+<li> <p> The setting "smtp_address_preference = ipv6" is unsafe.
+It can fail to deliver mail when there is an outage that affects
+IPv6, while the destination is still reachable over IPv4. </p>
+
+<li> <p> The setting "smtp_address_preference = any" is safe. With
+this, mail will eventually be delivered even if there is an outage
+that affects IPv6 or IPv4, as long as it does not affect both. </p>
+
+</ul>
+
<p> This feature is available in Postfix 2.8 and later. </p>
%PARAM lmtp_address_preference ipv6
/* The maximal number of digits after the decimal point when logging
/* sub-second delay values.
/* .IP "\fBdelay_warning_time (0h)\fR"
-/* The time after which the sender receives the message headers of
-/* mail that is still queued.
+/* The time after which the sender receives a copy of the message
+/* headers of mail that is still queued.
/* .IP "\fBipc_timeout (3600s)\fR"
/* The time limit for sending or receiving information over an internal
/* communication channel.
#endif
LDAP_CONN *conn;
+ /*
+ * Join key fields with null characters.
+ */
#define ADDSTR(vp, s) vstring_memcat((vp), (s), strlen((s))+1)
-#define ADDINT(vp, i) vstring_sprintf_append((vp), "%lu", (unsigned long)(i))
+#define ADDINT(vp, i) vstring_sprintf_append((vp), "%lu%c", (unsigned long)(i), 0)
ADDSTR(keybuf, dict_ldap->server_host);
ADDINT(keybuf, dict_ldap->server_port);
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20121007"
+#define MAIL_RELEASE_DATE "20121019"
#define MAIL_VERSION_NUMBER "2.10"
#ifdef SNAPSHOT
if (rec_type > 0)
msg_warn("%s: ignoring out-of-order DSN original recipient <%.200s>",
message->queue_id, dsn_orcpt);
- myfree(orig_rcpt);
+ myfree(dsn_orcpt);
}
if (orig_rcpt != 0) {
if (rec_type > 0)
if ((query == 0 || strcmp(query, "-") != 0)
&& (postmap_flags & POSTMAP_FLAG_ANY_KEY))
msg_fatal("specify -b -h or -m only with \"-q -\"");
+ if ((postmap_flags & POSTMAP_FLAG_ANY_KEY)
+ == (postmap_flags & POSTMAP_FLAG_MIME_KEY))
+ msg_warn("ignoring -m option without -b or -h");
/*
* Use the map type specified by the user, or fall back to a default
/* The default database type for use in \fBnewaliases\fR(1), \fBpostalias\fR(1)
/* and \fBpostmap\fR(1) commands.
/* .IP "\fBdelay_warning_time (0h)\fR"
-/* The time after which the sender receives the message headers of
-/* mail that is still queued.
+/* The time after which the sender receives a copy of the message
+/* headers of mail that is still queued.
/* .IP "\fBenable_errors_to (no)\fR"
/* Report mail delivery errors to the address specified with the
/* non-standard Errors-To: message header, instead of the envelope
int exclude = 0;
int include = 0;
+#define FREE_AND_RETURN(ptr, res) do { \
+ myfree(ptr); \
+ return (res); \
+ } while (0)
+
save = cp = mystrdup(plist);
while ((tok = mystrtok(&cp, "\t\n\r ,:")) != 0) {
if (*tok == '!')
include |= code =
name_code(protocol_table, NAME_CODE_FLAG_NONE, tok);
if (code == TLS_PROTOCOL_INVALID)
- return TLS_PROTOCOL_INVALID;
+ FREE_AND_RETURN(save, TLS_PROTOCOL_INVALID);
}
- myfree(save);
/*
* When the include list is empty, use only the explicit exclusions.
* we don't know about at compile time, and this is unavoidable because
* the OpenSSL API works with compile-time *exclusion* bit-masks.
*/
- return (include ? (exclude | (TLS_KNOWN_PROTOCOLS & ~include)) : exclude);
+ FREE_AND_RETURN(save,
+ (include ? (exclude | (TLS_KNOWN_PROTOCOLS & ~include)) : exclude));
}
/* tls_param_init - Load TLS related config parameters */
/* DESCRIPTION
/* The \fBtlsproxy\fR(8) server implements a server-side TLS
/* proxy. It is used by \fBpostscreen\fR(8) to talk SMTP-over-TLS
-/* with remote SMTP clients whose whitelist status has expired,
+/* with remote SMTP clients that are not whitelisted (including
+/* clients whose whitelist status has expired),
/* but it should also work for non-SMTP protocols.
/*
/* Although one \fBtlsproxy\fR(8) process can serve multiple
/* protocol, and the example is easily adapted to other
/* applications.
/*
-/* The \fBpostscreen\fR(8) server sends the remote SMTP client
+/* After receiving a valid remote SMTP client STARTTLS command,
+/* the \fBpostscreen\fR(8) server sends the remote SMTP client
/* endpoint string, the requested role (server), and the
/* requested timeout to \fBtlsproxy\fR(8). \fBpostscreen\fR(8)
/* then receives a "TLS available" indication from \fBtlsproxy\fR(8).
/* should be used or the code will not be portable.
/*
/* binhash_create() creates a table of the specified size and returns a
-/* pointer to the result. The lookup keys are saved with strdup().
+/* pointer to the result. The lookup keys are saved with mymemdup().
/*
/* binhash_enter() stores a (key, value) pair into the specified table
/* and returns a pointer to the resulting entry. The code does not
projects / thirdparty / postfix.git / commitdiff
