tls_client_init request specifies an unexpected client
identity, and the test for that condition is now moved to
the right place. File: tlsproxy/tlsproxy.c.
+
+20181124
+
+ Documentation: clarified the behavior of whitespace within
+ "{}". Files: proto/DATABASE_README.html, proto/postconf.proto,
+ pipe/pipe.c, postconf/postconf.c,
+
+20181125
+
+ Cleanup: dict_file_to_xxx() takes a list of file names
+ separated by CHARS_COMMA_SP. Shoe-horned into the existing
+ API, make it nicer when there is time. File: util/dict_file.c.
i\bin\bnl\bli\bin\bne\be (read-only)
A non-shared, in-memory lookup table. Example: "inline:{ key=value,
{ key = text with whitespace or comma }}". Key-value pairs are
- separated by whitespace or comma; whitespace after "{" and before "}"
- is ignored. Inline tables eliminate the need to create a database file
- for just a few fixed elements. See also the static: map type.
+ separated by whitespace or comma; with a key-value pair inside "{}",
+ whitespace is ignored after the opening "{", around the "=" between key
+ and value, and before the closing "}". Inline tables eliminate the need
+ to create a database file for just a few fixed elements. See also the
+ static: map type.
i\bin\bnt\bte\ber\brn\bna\bal\bl
A non-shared, in-memory hash table. Its content are lost when a process
terminates.
A table that always returns its name as the lookup result. For example,
"static:foobar" always returns the string "foobar" as lookup result.
Specify "static:{ text with whitespace }" when the result contains
- whitespace; this form ignores whitespace after "{" and before "}". See
- also the inline: map type.
+ whitespace; this form ignores whitespace after the opening "{" and
+ before the closing "}". See also the inline: map type.
t\btc\bcp\bp
TCP/IP client. The protocol is described in tcp_table(5). The lookup
table name is "tcp:host:port" where "host" specifies a symbolic
Wish list:
- With DICT_FLAG_RHS_IS_FILE, RHS is list of files (insert
- newline for robustness).
+ Declumsify code that calls vstream_fread() to read data
+ into VSTRING buffer. This needs vstream_fread_buf(VSTREAM *,
+ VSTRING *, ssize_t) which calls VSTRING_SPACE(), appends
+ data to the buffer, and calls VSTRING_AT_OFFSET(). Current
+ code is error-prone.
With DICT_FLAG_RHS_IS_FILE, should dict_update() open a
file? base64-encode the value?
<dd> A non-shared, in-memory lookup table. Example: "<a href="DATABASE_README.html#types">inline</a>:{
<i>key=value</i>, { <i>key = text with whitespace or comma</i> }}".
-Key-value pairs are separated by whitespace or comma; whitespace
-after "{" and before "}" is ignored. Inline tables eliminate the
+Key-value pairs are separated by whitespace or comma; with a key-value
+pair inside "{}", whitespace is ignored after the opening "{",
+around the "=" between key and value, and before the closing "}".
+Inline tables eliminate the
need to create a database file for just a few fixed elements. See
also the <a href="DATABASE_README.html#types">static</a>: map type. </dd>
For example, "<a href="DATABASE_README.html#types">static</a>:foobar" always returns the string "foobar" as
lookup result. Specify "<a href="DATABASE_README.html#types">static</a>:{ <i>text with whitespace</i> }"
when the result contains whitespace; this form ignores whitespace
-after "{" and before "}". See also the <a href="DATABASE_README.html#types">inline</a>: map type. </dd>
+after the opening "{" and before the closing "}". See also the
+<a href="DATABASE_README.html#types">inline</a>: map type. </dd>
<dt> <b>tcp</b> </dt>
interpreter.
Specify "{" and "}" around command arguments that contain white-
- space (Postfix 3.0 and later). Whitespace after "{" and before
- "}" is ignored.
+ space (Postfix 3.0 and later). Whitespace after the opening "{"
+ and before the closing "}" is ignored.
In the command argument vector, the following macros are recog-
nized and replaced with corresponding information from the Post-
A non-shared, in-memory lookup table. Example: "<b><a href="DATABASE_README.html#types">inline</a>:{</b>
<i>key</i><b>=</b><i>value</i><b>, {</b> <i>key</i> <b>=</b> <i>text with whitespace or comma</i> <b>}}</b>".
Key-value pairs are separated by whitespace or comma;
- whitespace after "<b>{</b>" and before "<b>}</b>" is ignored. Inline
- tables eliminate the need to create a database file for
- just a few fixed elements. See also the <i><a href="DATABASE_README.html#types">static</a>:</i> map
- type.
+ with a key-value pair inside "<b>{}</b>", whitespace is ignored
+ after the opening "<b>{</b>", around the "<b>=</b>" between key and
+ value, and before the closing "<b>}</b>". Inline tables elimi-
+ nate the need to create a database file for just a few
+ fixed elements. See also the <i><a href="DATABASE_README.html#types">static</a>:</i> map type.
This feature is available with Postfix 3.0 and later.
<b>internal</b>
- A non-shared, in-memory hash table. Its content are lost
+ A non-shared, in-memory hash table. Its content are lost
when a process terminates.
- <b>lmdb</b> OpenLDAP LMDB database (a memory-mapped, persistent
- file). Available on systems with support for LMDB data-
+ <b>lmdb</b> OpenLDAP LMDB database (a memory-mapped, persistent
+ file). Available on systems with support for LMDB data-
bases. This is described in <a href="lmdb_table.5.html"><b>lmdb_table</b>(5)</a>.
This feature is available with Postfix 2.11 and later.
LDAP database client. This is described in <a href="ldap_table.5.html"><b>ldap_table</b>(5)</a>.
<b>memcache</b>
- Memcache
database client. This is described in <a href="memcache_table.5.html"><b>mem-</b></a>
+ Memcache
database client. This is described in <a href="memcache_table.5.html"><b>mem-</b></a>
<a href="memcache_table.5.html"><b>cache_table</b>(5)</a>.
This feature is available with Postfix 2.9 and later.
<b>mysql</b> (read-only)
MySQL database client. Available on systems with support
- for
MySQL databases. This is described in <a href="mysql_table.5.html"><b>mysql_ta-</b></a>
+ for
MySQL databases. This is described in <a href="mysql_table.5.html"><b>mysql_ta-</b></a>
<a href="mysql_table.5.html"><b>ble</b>(5)</a>.
<b>pcre</b> (read-only)
- A lookup table based on Perl Compatible Regular Expres-
+ A lookup table based on Perl Compatible Regular Expres-
sions. The file format is described in <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
<b>pgsql</b> (read-only)
- PostgreSQL database client. This is described in
+ PostgreSQL database client. This is described in
<a href="pgsql_table.5.html"><b>pgsql_table</b>(5)</a>.
This feature is available with Postfix 2.1 and later.
<b>pipemap</b> (read-only)
- A lookup table that constructs a pipeline of tables.
- Example: "<b><a href="DATABASE_README.html#types">pipemap</a>:{</b><i>type</i><b>_</b><i>1:name</i><b>_</b><i>1, ..., type</i><b>_</b><i>n:name</i><b>_</b><i>n</i><b>}</b>".
- Each "<a href="DATABASE_README.html#types">pipemap</a>:" query is given to the first table. Each
+ A lookup table that constructs a pipeline of tables.
+ Example: "<b><a href="DATABASE_README.html#types">pipemap</a>:{</b><i>type</i><b>_</b><i>1:name</i><b>_</b><i>1, ..., type</i><b>_</b><i>n:name</i><b>_</b><i>n</i><b>}</b>".
+ Each "<a href="DATABASE_README.html#types">pipemap</a>:" query is given to the first table. Each
lookup result becomes the query for the next table in the
- pipeline, and the last table produces the final result.
- When any table lookup produces no result, the pipeline
- produces no result. The first and last characters of the
+ pipeline, and the last table produces the final result.
+ When any table lookup produces no result, the pipeline
+ produces no result. The first and last characters of the
"<a href="DATABASE_README.html#types">pipemap</a>:" table name must be "<b>{</b>" and "<b>}</b>". Within these,
individual maps are separated with comma or whitespace.
This feature is available with Postfix 3.0 and later.
- <b>proxy</b> Postfix <a href="proxymap.8.html"><b>proxymap</b>(8)</a> client for shared access to Postfix
+ <b>proxy</b> Postfix <a href="proxymap.8.html"><b>proxymap</b>(8)</a> client for shared access to Postfix
databases. The table name syntax is <i>type</i><b>:</b><i>name</i>.
This feature is available with Postfix 2.0 and later.
<b>randmap</b> (read-only)
- An in-memory table that performs random selection. Exam-
+ An in-memory table that performs random selection. Exam-
ple: "<b><a href="DATABASE_README.html#types">randmap</a>:{</b><i>result</i><b>_</b><i>1, ..., result</i><b>_</b><i>n</i><b>}</b>". Each table
query returns a random choice from the specified results.
- The first and last characters of the "<a href="DATABASE_README.html#types">randmap</a>:" table
- name must be "<b>{</b>" and "<b>}</b>". Within these, individual
+ The first and last characters of the "<a href="DATABASE_README.html#types">randmap</a>:" table
+ name must be "<b>{</b>" and "<b>}</b>". Within these, individual
results are separated with comma or whitespace. To give a
specific result more weight, specify it multiple times.
This feature is available with Postfix 3.0 and later.
<b>regexp</b> (read-only)
- A lookup table based on regular expressions. The file
+ A lookup table based on regular expressions. The file
format is described in <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a>.
<b>sdbm</b> An indexed file type based on hashing. Available on sys-
This feature is available with Postfix 2.2 and later.
<b>socketmap</b> (read-only)
- Sendmail-style socketmap client. The table name is
- <b>inet</b>:<i>host</i>:<i>port</i>:<i>name</i> for a TCP/IP server, or <b>unix</b>:<i>path-</i>
- <i>name</i>:<i>name</i> for a UNIX-domain server. This is described in
+ Sendmail-style socketmap client. The table name is
+ <b>inet</b>:<i>host</i>:<i>port</i>:<i>name</i> for a TCP/IP server, or <b>unix</b>:<i>path-</i>
+ <i>name</i>:<i>name</i> for a UNIX-domain server. This is described in
<a href="socketmap_table.5.html"><b>socketmap_table</b>(5)</a>.
This feature is available with Postfix 2.10 and later.
This feature is available with Postfix 2.8 and later.
<b>static</b> (read-only)
- A table that always returns its name as lookup result.
+ A table that always returns its name as lookup result.
For example, <b><a href="DATABASE_README.html#types">static</a>:foobar</b> always returns the string <b>foo-</b>
- <b>bar</b> as lookup result. Specify "<b><a href="DATABASE_README.html#types">static</a>:{</b> <i>text with white-</i>
- <i>space</i> <b>}</b>" when the result contains whitespace; this form
- ignores whitespace after "<b>{</b>" and before "<b>}</b>". See also the
- <i><a href="DATABASE_README.html#types">inline</a>:</i> map.
+ <b>bar</b> as lookup result. Specify "<b><a href="DATABASE_README.html#types">static</a>:{</b> <i>text with white-</i>
+ <i>space</i> <b>}</b>" when the result contains whitespace; this form
+ ignores whitespace after the opening "<b>{</b>" and before the
+
closing "<b>}</b>". See also the <i><a href="DATABASE_README.html#types">inline</a>:</i> map.
The form "<b><a href="DATABASE_README.html#types">static</a>:{</b><i>text</i><b>}</b> is available with Postfix 3.0 and
later.
TCP/IP client. The protocol is described in <a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>.
<b>texthash</b> (read-only)
- Produces similar results as <a href="DATABASE_README.html#types">hash</a>: files, except that you
- don't need to run the <a href="postmap.1.html"><b>postmap</b>(1)</a> command before you can
- use the file, and that it does not detect changes after
+ Produces similar results as <a href="DATABASE_README.html#types">hash</a>: files, except that you
+ don't need to run the <a href="postmap.1.html"><b>postmap</b>(1)</a> command before you can
+ use the file, and that it does not detect changes after
the file is read.
This feature is available with Postfix 2.8 and later.
<b>unionmap</b> (read-only)
- A table that sends each query to multiple lookup tables
- and that concatenates all found results, separated by
+ A table that sends each query to multiple lookup tables
+ and that concatenates all found results, separated by
comma. The table name syntax is the same as for <b>pipemap</b>.
This feature is available with Postfix 3.0 and later.
<b>unix</b> (read-only)
- A limited view of the UNIX authentication database. The
+ A limited view of the UNIX authentication database. The
following tables are implemented:
<b>unix:passwd.byname</b>
- The table is the UNIX password database. The key
- is a login name. The result is a password file
+ The table is the UNIX password database. The key
+ is a login name. The result is a password file
entry in <b>passwd</b>(5) format.
<b>unix:group.byname</b>
The table is the UNIX group database. The key is a
- group name. The result is a group file entry in
+ group name. The result is a group file entry in
<b>group</b>(5) format.
- Other table types may exist depending on how Postfix was built.
+ Other table types may exist depending on how Postfix was built.
- <b>-M</b> Show <a href="master.5.html"><b>master.cf</b></a> file contents instead of <a href="postconf.5.html"><b>main.cf</b></a> file contents.
+ <b>-M</b> Show <a href="master.5.html"><b>master.cf</b></a> file contents instead of <a href="postconf.5.html"><b>main.cf</b></a> file contents.
Specify <b>-Mf</b> to fold long lines for human readability.
Specify zero or more arguments, each with a <i>service-name</i> or <i>ser-</i>
- <i>vice-name/service-type</i> pair, where <i>service-name</i> is the first
- field of a <a href="master.5.html">master.cf</a> entry and <i>service-type</i> is one of (<b>inet</b>,
+ <i>vice-name/service-type</i> pair, where <i>service-name</i> is the first
+ field of a <a href="master.5.html">master.cf</a> entry and <i>service-type</i> is one of (<b>inet</b>,
<b>unix</b>, <b>fifo</b>, or <b>pass</b>).
- If <i>service-name</i> or <i>service-name/service-type</i> is specified, only
- the matching <a href="master.5.html">master.cf</a> entries will be output. For example,
- "<b>postconf -Mf smtp</b>" will output all services named "smtp", and
- "<b>postconf -Mf smtp/inet</b>" will output only the smtp service that
- listens on the network. Trailing service type fields that are
+ If <i>service-name</i> or <i>service-name/service-type</i> is specified, only
+ the matching <a href="master.5.html">master.cf</a> entries will be output. For example,
+ "<b>postconf -Mf smtp</b>" will output all services named "smtp", and
+ "<b>postconf -Mf smtp/inet</b>" will output only the smtp service that
+ listens on the network. Trailing service type fields that are
omitted will be handled as "*" wildcard fields.
This feature is available with Postfix 2.9 and later. The syntax
- was changed from "<i>name.type</i>" to "<i>name/type</i>", and "*" wildcard
+ was changed from "<i>name.type</i>" to "<i>name/type</i>", and "*" wildcard
support was added with Postfix 2.11.
<b>-n</b> Show only configuration parameters that have explicit <i>name=value</i>
- settings in <a href="postconf.5.html"><b>main.cf</b></a>. Specify <b>-nf</b> to fold long lines for human
- readability (Postfix 2.9 and later). To show settings that dif-
+ settings in <a href="postconf.5.html"><b>main.cf</b></a>. Specify <b>-nf</b> to fold long lines for human
+ readability (Postfix 2.9 and later). To show settings that dif-
fer from built-in defaults only, use the following bash syntax:
comm -23 <(postconf -n) <(postconf -d)
Replace "-23" with "-12" to show settings that duplicate
This feature is available with Postfix 2.11 and later.
- <b>-P</b> Show <a href="master.5.html"><b>master.cf</b></a> service parameter settings (by default all ser-
- vices and all parameters), formatted as "<i>service/type/parame-</i>
+ <b>-P</b> Show <a href="master.5.html"><b>master.cf</b></a> service parameter settings (by default all ser-
+ vices and all parameters), formatted as "<i>service/type/parame-</i>
<i>ter=value</i>", one per line. Specify <b>-Pf</b> to fold long lines.
- Specify one or more "<i>service/type/parameter</i>" instances on the
- <a href="postconf.1.html"><b>postconf</b>(1)</a> command line to limit the output to parameters of
- interest. Trailing parameter name or service type fields that
+ Specify one or more "<i>service/type/parameter</i>" instances on the
+ <a href="postconf.1.html"><b>postconf</b>(1)</a> command line to limit the output to parameters of
+ interest. Trailing parameter name or service type fields that
are omitted will be handled as "*" wildcard fields.
This feature is available with Postfix 2.11 and later.
<b>-t</b> [<i>template</i><b>_</b><i>file</i>]
- Display the templates for text that appears at the beginning of
- delivery status notification (DSN) messages, without expanding
+ Display the templates for text that appears at the beginning of
+ delivery status notification (DSN) messages, without expanding
$<b>name</b> expressions.
- To override the <b><a href="postconf.5.html#bounce_template_file">bounce_template_file</a></b> parameter setting, specify
- a template file name at the end of the "<b>postconf -t</b>" command
- line. Specify an empty file name to display built-in templates
+ To override the <b><a href="postconf.5.html#bounce_template_file">bounce_template_file</a></b> parameter setting, specify
+ a template file name at the end of the "<b>postconf -t</b>" command
+ line. Specify an empty file name to display built-in templates
(in shell language: "").
This feature is available with Postfix 2.3 and later.
<b>-T</b> <i>mode</i>
- If Postfix is compiled without TLS support, the <b>-T</b> option pro-
- duces no output. Otherwise, if an invalid <i>mode</i> is specified,
- the <b>-T</b> option reports an error and exits with a non-zero status
+ If Postfix is compiled without TLS support, the <b>-T</b> option pro-
+ duces no output. Otherwise, if an invalid <i>mode</i> is specified,
+ the <b>-T</b> option reports an error and exits with a non-zero status
code. The valid modes are:
<b>compile-version</b>
Output the OpenSSL version that Postfix was compiled with
- (i.e. the OpenSSL version in a header file). The output
+ (i.e. the OpenSSL version in a header file). The output
format is the same as with the command "<b>openssl version</b>".
<b>run-version</b>
runtime (i.e. the OpenSSL version in a shared library).
<b>public-key-algorithms</b>
- Output the lower-case names of the supported public-key
+ Output the lower-case names of the supported public-key
algorithms, one per-line.
This feature is available with Postfix 3.1 and later.
- <b>-v</b> Enable verbose logging for debugging purposes. Multiple <b>-v</b>
+ <b>-v</b> Enable verbose logging for debugging purposes. Multiple <b>-v</b>
options make the software increasingly verbose.
- <b>-x</b> Expand <i>$name</i> in <a href="postconf.5.html"><b>main.cf</b></a> or <a href="master.5.html"><b>master.cf</b></a> parameter values. The
+ <b>-x</b> Expand <i>$name</i> in <a href="postconf.5.html"><b>main.cf</b></a> or <a href="master.5.html"><b>master.cf</b></a> parameter values. The
expansion is recursive.
This feature is available with Postfix 2.10 and later.
- <b>-X</b> Edit the <a href="postconf.5.html"><b>main.cf</b></a> configuration file, and remove the parameters
+ <b>-X</b> Edit the <a href="postconf.5.html"><b>main.cf</b></a> configuration file, and remove the parameters
named on the <a href="postconf.1.html"><b>postconf</b>(1)</a> command line. Specify a list of param-
eter names, not "<i>name=value</i>" pairs.
- With <b>-M</b>, edit the <a href="master.5.html"><b>master.cf</b></a> configuration file, and remove one
- or more service entries as specified with "<i>service/type</i>" on the
+ With <b>-M</b>, edit the <a href="master.5.html"><b>master.cf</b></a> configuration file, and remove one
+ or more service entries as specified with "<i>service/type</i>" on the
<a href="postconf.1.html"><b>postconf</b>(1)</a> command line.
- With <b>-P</b>, edit the <a href="master.5.html"><b>master.cf</b></a> configuration file, and remove one
+ With <b>-P</b>, edit the <a href="master.5.html"><b>master.cf</b></a> configuration file, and remove one
or more service parameter settings (-o parameter=value settings)
- as
specified with "<i>service/type/parameter</i>" on the <a href="postconf.1.html"><b>postconf</b>(1)</a>
+ as
specified with "<i>service/type/parameter</i>" on the <a href="postconf.1.html"><b>postconf</b>(1)</a>
command line.
In all cases the file is copied to a temporary file then renamed
into place. Specify quotes to protect special characters on the
<a href="postconf.1.html"><b>postconf</b>(1)</a> command line.
- There is no <a href="postconf.1.html"><b>postconf</b>(1)</a> command to perform the reverse opera-
+ There is no <a href="postconf.1.html"><b>postconf</b>(1)</a> command to perform the reverse opera-
tion.
- This feature is available with Postfix 2.10 and later. Support
+ This feature is available with Postfix 2.10 and later. Support
for -M and -P was added with Postfix 2.11.
<b>-#</b> Edit the <a href="postconf.5.html"><b>main.cf</b></a> configuration file, and comment out the parame-
eters revert to their default values. Specify a list of parame-
ter names, not "<i>name=value</i>" pairs.
- With <b>-M</b>, edit the <a href="master.5.html"><b>master.cf</b></a> configuration file, and comment out
- one or more service entries as specified with "<i>service/type</i>" on
+ With <b>-M</b>, edit the <a href="master.5.html"><b>master.cf</b></a> configuration file, and comment out
+ one or more service entries as specified with "<i>service/type</i>" on
the <a href="postconf.1.html"><b>postconf</b>(1)</a> command line.
In all cases the file is copied to a temporary file then renamed
into place. Specify quotes to protect special characters on the
<a href="postconf.1.html"><b>postconf</b>(1)</a> command line.
- There is no <a href="postconf.1.html"><b>postconf</b>(1)</a> command to perform the reverse opera-
+ There is no <a href="postconf.1.html"><b>postconf</b>(1)</a> command to perform the reverse opera-
tion.
- This feature is available with Postfix 2.6 and later. Support
+ This feature is available with Postfix 2.6 and later. Support
for -M was added with Postfix 2.11.
<b>DIAGNOSTICS</b>
Directory with Postfix configuration files.
<b>CONFIGURATION PARAMETERS</b>
- The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
gram.
- The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
more details including examples.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
<b><a href="postconf.5.html#bounce_template_file">bounce_template_file</a> (empty)</b>
- Pathname of a configuration file with bounce message templates.
+ Pathname of a configuration file with bounce message templates.
<b>FILES</b>
/etc/postfix/<a href="postconf.5.html">main.cf</a>, Postfix configuration parameters
<p>
Specify a list of names and/or name=value pairs, separated by
whitespace or comma. Specify "{ name=value }" to protect whitespace
-or comma in parameter values (whitespace after "{" and before "}"
+or comma in parameter values (whitespace after the opening "{" and
+before the closing "}"
is ignored). The form name=value is supported with Postfix version
2.1 and later; the use of {} is supported with Postfix 3.0 and
later. </p>
<p> Specify a list of names and/or name=value pairs, separated by
whitespace or comma. Specify "{ name=value }" to protect whitespace
-or comma in parameter values (whitespace after "{" and before "}"
+or comma in parameter values (whitespace after the opening "{" and
+before the closing "}"
is ignored). The form name=value is supported with Postfix version
2.1 and later; the use of {} is supported with Postfix 3.0 and
later. </p>
A non\-shared, in\-memory lookup table. Example: "\fBinline:{
\fIkey\fB=\fIvalue\fB, { \fIkey\fB = \fItext with whitespace
or comma\fB }}\fR". Key\-value pairs are separated by
-whitespace or comma; whitespace after "\fB{\fR" and before "\fB}\fR"
-is ignored. Inline tables eliminate the need to create a
+whitespace or comma; with a key\-value pair inside "\fB{}\fR",
+whitespace is ignored after the opening "\fB{\fR", around
+the "\fB=\fR" between key and value, and before the closing
+"\fB}\fR". Inline tables eliminate the need to create a
database file for just a few fixed elements. See also the
\fIstatic:\fR map type.
example, \fBstatic:foobar\fR always returns the string
\fBfoobar\fR as lookup result. Specify "\fBstatic:{ \fItext
with whitespace\fB }\fR" when the result contains whitespace;
-this form ignores whitespace after "\fB{\fR" and before
+this form ignores whitespace after the opening "\fB{\fR"
+and before the closing
"\fB}\fR". See also the \fIinline:\fR map.
The form "\fBstatic:{\fItext\fB}\fR is available with Postfix
.PP
Specify a list of names and/or name=value pairs, separated by
whitespace or comma. Specify "{ name=value }" to protect whitespace
-or comma in parameter values (whitespace after "{" and before "}"
+or comma in parameter values (whitespace after the opening "{" and
+before the closing "}"
is ignored). The form name=value is supported with Postfix version
2.1 and later; the use of {} is supported with Postfix 3.0 and
later.
.PP
Specify a list of names and/or name=value pairs, separated by
whitespace or comma. Specify "{ name=value }" to protect whitespace
-or comma in parameter values (whitespace after "{" and before "}"
+or comma in parameter values (whitespace after the opening "{" and
+before the closing "}"
is ignored). The form name=value is supported with Postfix version
2.1 and later; the use of {} is supported with Postfix 3.0 and
later.
.sp
Specify "{" and "}" around command arguments that contain
whitespace (Postfix 3.0 and later). Whitespace
-after "{" and before "}" is ignored.
+after the opening "{" and before the closing "}" is ignored.
.sp
In the command argument vector, the following macros are recognized
and replaced with corresponding information from the Postfix queue
<dd> A non-shared, in-memory lookup table. Example: "inline:{
<i>key=value</i>, { <i>key = text with whitespace or comma</i> }}".
-Key-value pairs are separated by whitespace or comma; whitespace
-after "{" and before "}" is ignored. Inline tables eliminate the
+Key-value pairs are separated by whitespace or comma; with a key-value
+pair inside "{}", whitespace is ignored after the opening "{",
+around the "=" between key and value, and before the closing "}".
+Inline tables eliminate the
need to create a database file for just a few fixed elements. See
also the static: map type. </dd>
For example, "static:foobar" always returns the string "foobar" as
lookup result. Specify "static:{ <i>text with whitespace</i> }"
when the result contains whitespace; this form ignores whitespace
-after "{" and before "}". See also the inline: map type. </dd>
+after the opening "{" and before the closing "}". See also the
+inline: map type. </dd>
<dt> <b>tcp</b> </dt>
<p>
Specify a list of names and/or name=value pairs, separated by
whitespace or comma. Specify "{ name=value }" to protect whitespace
-or comma in parameter values (whitespace after "{" and before "}"
+or comma in parameter values (whitespace after the opening "{" and
+before the closing "}"
is ignored). The form name=value is supported with Postfix version
2.1 and later; the use of {} is supported with Postfix 3.0 and
later. </p>
<p> Specify a list of names and/or name=value pairs, separated by
whitespace or comma. Specify "{ name=value }" to protect whitespace
-or comma in parameter values (whitespace after "{" and before "}"
+or comma in parameter values (whitespace after the opening "{" and
+before the closing "}"
is ignored). The form name=value is supported with Postfix version
2.1 and later; the use of {} is supported with Postfix 3.0 and
later. </p>
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20181123"
+#define MAIL_RELEASE_DATE "20181125"
#define MAIL_VERSION_NUMBER "3.4"
#ifdef SNAPSHOT
/* .sp
/* Specify "{" and "}" around command arguments that contain
/* whitespace (Postfix 3.0 and later). Whitespace
-/* after "{" and before "}" is ignored.
+/* after the opening "{" and before the closing "}" is ignored.
/* .sp
/* In the command argument vector, the following macros are recognized
/* and replaced with corresponding information from the Postfix queue
/* A non-shared, in-memory lookup table. Example: "\fBinline:{
/* \fIkey\fB=\fIvalue\fB, { \fIkey\fB = \fItext with whitespace
/* or comma\fB }}\fR". Key-value pairs are separated by
-/* whitespace or comma; whitespace after "\fB{\fR" and before "\fB}\fR"
-/* is ignored. Inline tables eliminate the need to create a
+/* whitespace or comma; with a key-value pair inside "\fB{}\fR",
+/* whitespace is ignored after the opening "\fB{\fR", around
+/* the "\fB=\fR" between key and value, and before the closing
+/* "\fB}\fR". Inline tables eliminate the need to create a
/* database file for just a few fixed elements. See also the
/* \fIstatic:\fR map type.
/*
/* example, \fBstatic:foobar\fR always returns the string
/* \fBfoobar\fR as lookup result. Specify "\fBstatic:{ \fItext
/* with whitespace\fB }\fR" when the result contains whitespace;
-/* this form ignores whitespace after "\fB{\fR" and before
+/* this form ignores whitespace after the opening "\fB{\fR"
+/* and before the closing
/* "\fB}\fR". See also the \fIinline:\fR map.
/*
/* The form "\fBstatic:{\fItext\fB}\fR is available with Postfix
/*
* Use one TLS_APPL_STATE object for all requests that specify the same
* TLS_CLIENT_INIT_PROPS. Each TLS_APPL_STATE owns an SSL_CTX, which is
- * expensive.
+ * expensive to create.
*
* First, compute the TLS_APPL_STATE cache lookup key. Save a copy of the
- * key that corresponds to the pre-jail internal call, which uses the
+ * key that corresponds to the pre-jail internal request, which uses the
* tlsproxy_client_* settings.
*/
buf = vstring_alloc(100);
/*
* Log a warning if a post-jail request differs from the tlsproxy_client_*
- * settings AND the request specifies file or directory arguments. Those
- * are problematic after chroot (pathname resolution) and after dropping
- * privileges (key files must be root read-only).
+ * settings AND the request specifies file/directory pathname arguments.
+ * Those are problematic after chroot (pathname resolution) and after
+ * dropping privileges (key files must be root read-only).
*
* We can eliminate this complication by adding code that opens a cert/key
* lookup table at pre-jail time, and by reading cert/key info on-the-fly
* for the minority of sites that want to use TLS connection caching with
* multiple TLS client identities. To alert the operator, tlsproxy will
* log a warning when a TLS_CLIENT_INIT message specifies a different
- * configuration with cert or key pathnames. The workaround is to have
- * one tlsproxy process per TLS client identity.
+ * configuration than the tlsproxy pre-jail client configuration, and
+ * that different configuration specifies file/directory pathname
+ * arguments. The workaround is to have one tlsproxy process per TLS
+ * client identity.
*
* The general solution for single-identity or multi-identity clients is to
* stop loading certs and keys from individual files. Instead, have a
* cert/key map, indexed by client identity, read-only by root. After
- * opening the map at pre-jail time, tlsproxy can read certs/keys
- * on-the-fly at post-jail time. This is the approach that was already
- * proposed for server-side SNI support, and it could be reused here. It
- * would also end the proliferation of RSA cert/key parameters, DSA
- * cert/key parameters, EC cert/key parameters, and so on.
+ * opening the map as root at pre-jail time, tlsproxy can read certs/keys
+ * on-the-fly as an unprivileged process at post-jail time. This is the
+ * approach that was already proposed for server-side SNI support, and it
+ * could be reused here. It would also end the proliferation of RSA
+ * cert/key parameters, DSA cert/key parameters, EC cert/key parameters,
+ * and so on.
*
* Horror: In order to create the same pre-jail TLS client context as the
* one used in the Postfix SMTP client, we have to duplicate intricate
/*
/* VSTRING *dict_file_to_buf(
/* DICT *dict,
-/* const char *pathname)
+/* const char *pathnames)
/*
/* VSTRING *dict_file_to_b64(
/* DICT *dict,
-/* const char *pathname)
+/* const char *pathnames)
/*
/* VSTRING *dict_file_from_b64(
/* DICT *dict,
/* void dict_file_purge_buffers(
/* DICT *dict)
/* DESCRIPTION
-/* dict_file_to_buf() reads the content of the specified file.
+/* dict_file_to_buf() reads the content of the specified
+/* files, with names separated by CHARS_COMMA_SP, while inserting
+/* a gratuitous newline character between files.
/* It returns a pointer to a buffer which is owned by the DICT,
/* or a null pointer in case of error.
/*
-/* dict_file_to_b64() reads the content of the specified file,
+/* dict_file_to_b64() reads the content of the specified
+/* files, with names separated by CHARS_COMMA_SP, while inserting
+/* a gratuitous newline character between files,
/* and converts the result to base64.
/* It returns a pointer to a buffer which is owned by the DICT,
/* or a null pointer in case of error.
#define STR(x) vstring_str(x)
#define LEN(x) VSTRING_LEN(x)
-/* dict_file_to_buf - read a file into a buffer */
+/* dict_file_to_buf - read files into a buffer */
-VSTRING *dict_file_to_buf(DICT *dict, const char *pathname)
+VSTRING *dict_file_to_buf(DICT *dict, const char *pathnames)
{
struct stat st;
- VSTREAM *fp;
+ VSTREAM *fp = 0;
+ ARGV *argv;
+ char **cpp;
/* dict_file_to_buf() postcondition: dict->file_buf exists. */
if (dict->file_buf == 0)
dict->file_buf = vstring_alloc(100);
- if ((fp = vstream_fopen(pathname, O_RDONLY, 0)) == 0
- || fstat(vstream_fileno(fp), &st) < 0) {
- vstring_sprintf(dict->file_buf, "open %s: %m", pathname);
- if (fp)
- vstream_fclose(fp);
- return (0);
+#define DICT_FILE_ERR_RETURN do { \
+ argv_free(argv); \
+ if (fp) vstream_fclose(fp); \
+ return (0); \
+ } while (0);
+
+ argv = argv_split(pathnames, CHARS_COMMA_SP);
+ if (argv->argc == 0) {
+ vstring_sprintf(dict->file_buf, "empty pathname list: >>%s<<'",
+ pathnames);
+ DICT_FILE_ERR_RETURN;
}
VSTRING_RESET(dict->file_buf);
- VSTRING_SPACE(dict->file_buf, st.st_size);
- if (vstream_fread(fp, STR(dict->file_buf), st.st_size) != st.st_size) {
- vstring_sprintf(dict->file_buf, "read %s: %m", pathname);
- vstream_fclose(fp);
- return (0);
+ for (cpp = argv->argv; *cpp; cpp++) {
+ if ((fp = vstream_fopen(*cpp, O_RDONLY, 0)) == 0
+ || fstat(vstream_fileno(fp), &st) < 0) {
+ vstring_sprintf(dict->file_buf, "open %s: %m", *cpp);
+ DICT_FILE_ERR_RETURN;
+ }
+ if (st.st_size > SSIZE_T_MAX - LEN(dict->file_buf)) {
+ vstring_sprintf(dict->file_buf, "file too large: %s", pathnames);
+ DICT_FILE_ERR_RETURN;
+ }
+ VSTRING_SPACE(dict->file_buf, st.st_size);
+ if (vstream_fread(fp, STR(dict->file_buf) + LEN(dict->file_buf),
+ st.st_size) != st.st_size) {
+ vstring_sprintf(dict->file_buf, "read %s: %m", *cpp);
+ DICT_FILE_ERR_RETURN;
+ }
+ (void) vstream_fclose(fp);
+ VSTRING_AT_OFFSET(dict->file_buf, LEN(dict->file_buf) + st.st_size);
+ if (cpp[1] != 0)
+ VSTRING_ADDCH(dict->file_buf, '\n');
}
- (void) vstream_fclose(fp);
- VSTRING_AT_OFFSET(dict->file_buf, st.st_size);
+ argv_free(argv);
VSTRING_TERMINATE(dict->file_buf);
return (dict->file_buf);
}
-/* dict_file_to_b64 - read a file into a base64-encoded buffer */
+/* dict_file_to_b64 - read files into a base64-encoded buffer */
-VSTRING *dict_file_to_b64(DICT *dict, const char *pathname)
+VSTRING *dict_file_to_b64(DICT *dict, const char *pathnames)
{
ssize_t helper;
- if (dict_file_to_buf(dict, pathname) == 0)
+ if (dict_file_to_buf(dict, pathnames) == 0)
return (0);
if (dict->file_b64 == 0)
dict->file_b64 = vstring_alloc(100);
- helper = (VSTRING_LEN(dict->file_buf) + 2) / 3;
+ helper = (LEN(dict->file_buf) + 2) / 3;
if (helper > SSIZE_T_MAX / 4) {
- vstring_sprintf(dict->file_buf, "file too large: %s", pathname);
+ vstring_sprintf(dict->file_buf, "file too large: %s", pathnames);
return (0);
}
VSTRING_RESET(dict->file_b64);
get file1
get file2
get file3
+get files12
/file1/ dict_pcre_file1
/file2/ dict_pcre_file2
/file3/ dict_pcre_file3
+/files12/ dict_pcre_file1, dict_pcre_file2
+/files13/ dict_pcre_file1, dict_pcre_file3
+/file-comma/ ,
./dict_open: warning: pcre map dict_pcre_file.map, line 3: open dict_pcre_file3: No such file or directory: skipping this rule
+./dict_open: warning: pcre map dict_pcre_file.map, line 5: open dict_pcre_file3: No such file or directory: skipping this rule
+./dict_open: warning: pcre map dict_pcre_file.map, line 6: empty pathname list: >>,<<': skipping this rule
owner=untrusted (uid=USER)
> get file1
file1=dGhpcy1pcy1maWxlMQo=
file2=dGhpcy1pcy1maWxlMgo=
> get file3
file3: not found
+> get files12
+files12=dGhpcy1pcy1maWxlMQoKdGhpcy1pcy1maWxlMgo=
projects / thirdparty / postfix.git / commitdiff
