20041014-21
- By default, Postfix no longer appends the local domain to
- incomplete message header addresses from remote clients.
- Thus, spam from badly written software no longer looks like
- it came from a local user.
-
- Instead, Postfix either does not rewrite headers from remote
- clients at all, or it appends the domain name that is
- specified with the new invalid_rewrite_context_domain
+ Postfix no longer appends the local domain to header
+ addresses from remote clients. Instead, Postfix either
+ does not rewrite those headers at all, or it appends the
+ domain specified with the new remote_header_rewrite_domain
parameter.
Postfix still appends $@myorigin or .$mydomain to headers
- in mail from Postfix sendmail, from clients listed with
- the local_rewrite_context_clients parameter (default:
+ from the Postfix sendmail command, or from clients listed
+ with the new local_header_rewrite_clients parameter (default:
permit_mynetworks, permit_sasl_authenticated).
- The context specified with remote_rewrite_context_name is
- used for all other clients. The default setting is backwards
- compatible to avoid surprises.
+20041016
- Postfix still appends $@myorigin or .$mydomain when rewriting
- incomplete envelope addresses.
+ Bugfix: attr_clnt_request() did not properly skip hash
+ table arguments. Luc Pardon, Skopos Consulting. File:
+ util/attr_clnt.c.
20041018
Support for Errors-To: is permanently removed.
-Open problems:
+20041022
+
+ Bugfix: "smtp_connection_cache_on_demand=no" could crash
+ the SMTP client. File: smtp/smtp_connect.c.
- High: document master(5) for generic daemon options.
+ Robustness: extra sanity checks. Files: util/dict_db.c,
+ util/dict_dbm.c.
+
+Open problems:
Low: reject HELO with any domain name that this MTA is
final destination for.
Low: should the Delivered-To: test in local(8) be configurable?
- Low: append a different domain (like, address.invalid) for
- mail from clients not in mynetworks.
-
Low: document propagate_unmatched_extensions in aliases(5)
etc.
all MXes return a quick ECONNRESET or 4xx reply during the
initial handshake.
- Low: add msg_panic() guard to ensure that at least one of
- DICT_FLAG_TRY1NULL or DICT_FLAG_TRY1NULL is set upon lookup.
-
Low: make post-install a "postfix-only script" so it can
take data from the environment instead of main.cf.
rewrite(8) daemon. The purpose of rewriting to standard form is to reduce the
number of entries needed in lookup tables.
+Postfix versions 2.2 and later do not rewrite message headers from remote SMTP
+clients at all, unless a non-empty domain name is specified with the
+remote_header_rewrite_domain configuration parameter. The
+local_header_rewrite_clients parameter controls what SMTP clients Postfix
+considers local.
+
The Postfix trivial-rewrite(8) daemon implements the following hard-coded
address manipulations:
of Postfix components expect that all addresses have the form
"user@domain".
+ Postfix versions 2.2 and later do not rewrite message headers from
+ remote SMTP clients at all, or they append the domain name specified
+ with the remote_header_rewrite_domain configuration parameter.
+
If your machine is not the main machine for $myorigin and you wish to
have some users delivered locally without going via that main machine,
make an entry in the virtual alias table that redirects
(default: yes). The purpose is to get consistent treatment of different
forms of the same hostname.
- Some will argue that rewriting "host" to "host.$mydomain" is bad. That
- is why it can be turned off. Others like the convenience of having the
+ Postfix versions 2.2 and later do not rewrite message headers from
+ remote clients at all, or they append the domain name specified with
+ the remote_header_rewrite_domain configuration parameter.
+
+ Some will argue that rewriting "host" to "host.domain" is bad. That is
+ why it can be turned off. Others like the convenience of having the
local domain appended automatically.
Rewrite "user@site." to "user@site" (without the trailing dot).
addresses are rewritten; this is controlled with the canonical_classes
configuration parameter.
+Postfix versions 2.2 and later do not rewrite message headers from remote
+clients at all, unless a non-empty domain name is specified with the
+remote_header_rewrite_domain configuration parameter. The
+local_header_rewrite_clients parameter controls what SMTP clients Postfix
+considers local.
+
Address rewriting is done for local and remote addresses. The mapping is useful
to replace login names by "Firstname.Lastname" style addresses, or to clean up
invalid domains in mail addresses produced by legacy mail systems.
mail gateway, and to make it appear as if the mail comes from the gateway
itself, instead of from individual machines.
+Postfix versions 2.2 and later do not rewrite message headers from remote SMTP
+clients at all, unless a non-empty domain name is specified with the
+remote_header_rewrite_domain configuration parameter. The
+local_header_rewrite_clients parameter controls what SMTP clients Postfix
+considers local.
+
Address masquerading is disabled by default, and is implemented by the cleanup
(8) server. To enable, edit the masquerade_domains parameter in the main.cf
file and specify one or more domain names separated by whitespace or commas.
and change the patchlevel and the release date. Patches are never
issued for snapshot releases.
-Incompatible changes with snapshot Postfix-2.2-20041019
+Incompatible changes with snapshot Postfix-2.2-20041022
=======================================================
-You must reload or restart Postfix, because the protocol between
-queue manager and delivery agents has changed. If you forget this,
-mail will remain queued until you restart/reload Postfix.
+You must reload or stop/start Postfix, because the queue manager
+to delivery agent protocol has changed. If you forget this, mail
+will remain queued until the queue manager is restarted.
-Support for return addresses in the non-standard Errors-To: message
-headers is removed. It was already disabled by default with Postfix
-version 2.1. Since it is non-standard, there was no guarantee that
-it would have effect on other MTAs.
+Support for the non-standard Errors-To: return addresses is removed.
+It was already disabled by default with Postfix version 2.1. Since
+Errors-To: is non-standard, there was no guarantee that it would
+have effect with other MTAs.
-Major changes with snapshot Postfix-2.2-20041019
+Major changes with snapshot Postfix-2.2-20041022
================================================
The NIS+ client by Geoff Gibbs is now part of the Postfix source
tree. Details are given in the nisplus_table(5) manual page.
-Message header address rewriting contexts. These control what
-domains are appended to incomplete addresses in message headers,
-and whether headers are rewritten at all.
+By default, Postfix no longer appends the local domain to addresses
+in message headers from remote clients. Thus, spam from poorly
+written software no longer looks like it came from a local user.
+
+Postfix either does not rewrite remote message headers at all, or
+it rewrites headers and appends the domain name that is specified
+with the remote_header_rewrite_domain parameter (like "domain.invalid").
-- "local": Append the domain names in myorigin or mydomain to
- incomplete addresses in message headers.
+To get the behavior of earlier Postfix versions specify
-- "invalid": append "domain.invalid" (or whatever is specified
- with the invalid_header_rewrite_context_domain parameter) to
- incomplete addresses in message headers,
+/etc/postfix/main.cf:
+ local_header_rewrite_clients = static:all
-- "none": disable header address rewriting (don't even do canonical
- mapping or address masquerading).
+Postfix always appends local domain information in message headers
+from Postfix sendmail and from local clients.
-The "local" address rewriting context is used for mail submitted
-with the Postfix sendmail command, for mail from clients that match
-$local_header_rewrite_context_clients (default: $mynetworks), and
-for mail from SASL authenticated clients. It is not automatically
-used for pop-before-smtp clients; you'll have to specify their
-lookup table via the local_header_rewrite_context_clients parameter.
+By default, Postfix considers a client local when its address
+matches mynetworks, or when it is SASL or TLS authenticated. If
+you want to include a pop-before-smtp table, then you have to
+specify that via the new local_header_rewrite_clients parameter:
-The smtpd_remote_header_rewrite_context parameter specifies the
-address rewriting context for remote mail. The backwards compatible
-default is "local". Purists will specify "none", so that Postfix
-does not modify headers (not even with canonical mappings or address
-masquerading).
+/etc/postfix/main.cf:
+ local_header_rewrite_clients = permit_mynetworks,
+ permit_sasl_authenticated, permit_tls_clientcerts,
+ check_address_map hash:/etc/postfix/pop-before-smtp
-Postix always uses the "local" context for envelope addresses,
-because an unqualified address is effectively local when someone
-attempts to reply to it.
+As before, Postfix appends local domain information to envelope
+addresses, because an unqualified address is effectively local when
+someone attempts to reply to it.
Incompatible changes with snapshot Postfix-2.2-20041009
=======================================================
form is to reduce the number of entries needed in lookup tables.
</p>
+<p> Postfix versions 2.2 and later do not rewrite message headers
+from remote SMTP clients at all, unless a non-empty domain name is
+specified with the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> configuration
+parameter. The <a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter controls
+what SMTP clients Postfix considers local. </p>
+
<p> The Postfix <a href="trivial-rewrite.8.html">trivial-rewrite(8)</a> daemon implements the following
hard-coded address manipulations: </p>
because a lot of Postfix components expect that all addresses have
the form "user@domain". </p>
+<p> Postfix versions 2.2 and later do not rewrite message headers
+from remote SMTP clients at all, or they append the domain name
+specified with the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> configuration
+parameter. </p>
+
<p> If your machine is not the main machine for $<a href="postconf.5.html#myorigin">myorigin</a> and you
wish to have some users delivered locally without going via that
main machine, make an entry in the <a href="#virtual">virtual
parameter (default: yes). The purpose is to get consistent treatment
of different forms of the same hostname. </p>
-<p> Some will argue that rewriting "host" to "host.$<a href="postconf.5.html#mydomain">mydomain</a>"
+<p> Postfix versions 2.2 and later do not rewrite message headers
+from remote clients at all, or they append the domain name specified
+with the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> configuration parameter. </p>
+
+<p> Some will argue that rewriting "host" to "host.domain"
is bad. That is why it can be turned off. Others like the convenience
of having the <a href="ADDRESS_CLASS_README.html#local_domain_class">local domain</a> appended automatically. </p> </dd>
all header and envelope addresses are rewritten; this is controlled
with the <a href="postconf.5.html#canonical_classes">canonical_classes</a> configuration parameter. </p>
+<p> Postfix versions 2.2 and later do not rewrite message headers
+from remote clients at all, unless a non-empty domain name is
+specified with the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> configuration
+parameter. The <a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter controls
+what SMTP clients Postfix considers local. </p>
+
<p> Address rewriting is
done for local and remote addresses. The mapping is useful to
replace login names by "Firstname.Lastname" style addresses, or to
comes from the gateway itself, instead of from individual machines.
</p>
+<p> Postfix versions 2.2 and later do not rewrite message headers
+from remote SMTP clients at all, unless a non-empty domain name is
+specified with the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> configuration
+parameter. The <a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter controls
+what SMTP clients Postfix considers local. </p>
+
<p> Address masquerading is disabled by default, and is implemented
by the <a href="cleanup.8.html">cleanup(8)</a> server. To enable, edit the <a href="postconf.5.html#masquerade_domains">masquerade_domains</a>
parameter in the main.cf file and specify one or more domain names
<b>SEE ALSO</b>
<a href="smtpd.8.html">smtpd(8)</a>, Postfix SMTP server
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="master.5.html">master(5)</a>, generic daemon options
<b>README FILES</b>
<a href="TUNING_README.html">TUNING_README</a>, performance tuning
<b>SEE ALSO</b>
<a href="qmgr.8.html">qmgr(8)</a>, queue manager
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="master.5.html">master(5)</a>, generic daemon options
<a href="master.8.html">master(8)</a>, process manager
syslogd(8), system logging
<a href="canonical.5.html">canonical(5)</a>, canonical address lookup table format
<a href="virtual.5.html">virtual(5)</a>, virtual alias lookup table format
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="master.5.html">master(5)</a>, generic daemon options
<a href="master.8.html">master(8)</a>, process manager
syslogd(8), system logging
<a href="bounce.8.html">bounce(8)</a>, delivery status reports
<a href="error.8.html">error(8)</a>, Postfix error delivery agent
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="master.5.html">master(5)</a>, generic daemon options
<a href="master.8.html">master(8)</a>, process manager
syslogd(8), system logging
<a href="bounce.8.html">bounce(8)</a>, delivery status reports
<a href="discard.8.html">discard(8)</a>, Postfix discard delivery agent
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="master.5.html">master(5)</a>, generic daemon options
<a href="master.8.html">master(8)</a>, process manager
syslogd(8), system logging
<a href="smtpd.8.html">smtpd(8)</a>, SMTP server
<a href="qmgr.8.html">qmgr(8)</a>, queue manager
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="master.5.html">master(5)</a>, generic daemon options
<a href="master.8.html">master(8)</a>, process manager
syslogd(8), system logging
The LMTP client time limit for sending the LMTP
".", and for receiving the server response.
- <b><a href="postconf.5.html#lmtp_rset_timeout">lmtp_rset_timeout</a> (120s)</b>
+ <b><a href="postconf.5.html#lmtp_rset_timeout">lmtp_rset_timeout</a> (20s)</b>
The LMTP client time limit for sending the RSET
command, and for receiving the server response.
<a href="bounce.8.html">bounce(8)</a>, delivery status reports
<a href="qmgr.8.html">qmgr(8)</a>, queue manager
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="master.5.html">master(5)</a>, generic daemon options
services(4), Internet services and aliases
<a href="master.8.html">master(8)</a>, process manager
syslogd(8), system logging
<a href="postalias.1.html">postalias(1)</a>, create/update alias database
<a href="aliases.5.html">aliases(5)</a>, format of alias database
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="master.5.html">master(5)</a>, generic daemon options
syslogd(8), system logging
<b>LICENSE</b>
<a href="trivial-rewrite.8.html">trivial-rewrite(8)</a>, address routing
<a href="bounce.8.html">bounce(8)</a>, delivery status reports
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="master.5.html">master(5)</a>, generic daemon options
<a href="master.8.html">master(8)</a>, process manager
syslogd(8) system logging
<b><a href="postconf.5.html#receive_override_options">receive_override_options</a> (empty)</b>
Enable or disable recipient validation, built-in
- content filtering, or address rewriting.
+ content filtering, or address mapping.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
<a href="sendmail.1.html">sendmail(1)</a>, Sendmail-compatible interface
<a href="postdrop.1.html">postdrop(1)</a>, mail posting agent
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="master.5.html">master(5)</a>, generic daemon options
<a href="master.8.html">master(8)</a>, process manager
syslogd(8), system logging
<a href="qmgr.8.html">qmgr(8)</a>, queue manager
<a href="bounce.8.html">bounce(8)</a>, delivery status reports
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="master.5.html">master(5)</a>, generic daemon options
<a href="master.8.html">master(8)</a>, process manager
syslogd(8), system logging
<DT><b><a name="local_header_rewrite_clients">local_header_rewrite_clients</a>
(default: see "postconf -d" output)</b></DT><DD>
-<p> Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> to incomplete
-message header addresses from these clients; append
-$<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> for all other clients. </p>
+<p> Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> to message
+header addresses from these clients only; either don't rewrite
+message headers from other clients at all, or append the domain
+specified with the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter. </p>
<p> Specify a list of zero or more of the following: </p>
<p> Examples: </p>
+<p> The backwards compatible setting: always rewrite message headers,
+and always append my own domain to incomplete header addresses. </p>
+
+<pre>
+ <a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = static:all
+</pre>
+
+<p> The default setting: rewrite headers and append my own domain
+only with mail from local or authorized clients. </p>
+
<pre>
-<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = static:all
-<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>
+ <a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>,
+ <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a> <a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a>
+</pre>
+
+<p> Include clients that are pop-before-smtp authenticated: </p>
+
+<pre>
+ <a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>,
+ <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a> <a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a>
+ <a href="postconf.5.html#check_address_map">check_address_map</a> hash:/etc/postfix/pop-before-smtp
</pre>
</DD>
<DT><b><a name="remote_header_rewrite_domain">remote_header_rewrite_domain</a>
-(default: domain.invalid)</b></DT><DD>
+(default: empty)</b></DT><DD>
-<p> Append this domain name to incomplete message header addresses
-from remote clients; when this domain name is empty, don't rewrite
-remote message headers at all. Both stop Postfix from appending
-your own domain to addresses in spam from poorly written software.
-</p>
+<p> Don't rewrite message headers from remote clients at all when
+this parameter is empty; otherwise, rewrite remote message headers
+and append the specified domain name to incomplete addresses. </p>
+
+<p> Examples: </p>
+
+<p> The safe setting: append "domain.invalid" to incomplete header
+addresses from remote SMTP clients, so that those addresses cannot
+be confused with local addresses. </p>
+
+<pre>
+ <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> = domain.invalid
+</pre>
+
+<p> The default, purist, setting: don't rewrite headers from remote
+clients at all. </p>
+
+<pre>
+ <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> =
+</pre>
</DD>
latency lookups.
<b>CONFIGURATION PARAMETERS</b>
- On busy mail systems a long time may pass before prox-
- ymap(8) relevant changes to <b>main.cf</b> are picked up. Use the
+ On busy mail systems a long time may pass before <a href="proxymap.8.html">prox-</a>
+ <a href="proxymap.8.html">ymap(8)</a> relevant changes to <b>main.cf</b> are picked up. Use the
command "<b>postfix reload</b>" to speed up a change.
The text below provides only a parameter summary. See
The lookup tables that the <a href="proxymap.8.html">proxymap(8)</a> server is
allowed to access.
+<b>SEE ALSO</b>
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="master.5.html">master(5)</a>, generic daemon options
+
+<b>README FILES</b>
+ <a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
+
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>HISTORY</b>
<b><a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> (see 'postconf -d' output)</b>
Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> to
- incomplete message header addresses from these
- clients; append $<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> for
- all other clients.
+ message header addresses from these clients only;
+ either don't rewrite message headers from other
+ clients at all, or append the domain specified with
+ the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter.
- <b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> (domain.invalid)</b>
- Append this domain name to incomplete message
- header addresses from remote clients; when this
- domain name is empty, don't rewrite remote message
- headers at all.
+ <b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> (empty)</b>
+ Don't rewrite message headers from remote clients
+ at all when this parameter is empty; otherwise,
+ rewrite remote message headers and append the spec-
+ ified domain name to incomplete addresses.
<b>AFTER QUEUE EXTERNAL CONTENT INSPECTION CONTROLS</b>
- As of version 1.0, Postfix can be configured to send new
- mail to an external content filter AFTER the mail is
- queued. This content filter is expected to inject mail
- back into a (Postfix or other) MTA for further delivery.
+ As of version 1.0, Postfix can be configured to send new
+ mail to an external content filter AFTER the mail is
+ queued. This content filter is expected to inject mail
+ back into a (Postfix or other) MTA for further delivery.
See the <a href="FILTER_README.html">FILTER_README</a> document for details.
<b><a href="postconf.5.html#content_filter">content_filter</a> (empty)</b>
- The name of a mail delivery transport that filters
+ The name of a mail delivery transport that filters
mail after it is queued.
<b>BEFORE QUEUE EXTERNAL CONTENT INSPECTION CONTROLS</b>
- As of version 2.1, the Postfix SMTP server can be config-
- ured to send incoming mail to a real-time SMTP-based con-
+ As of version 2.1, the Postfix SMTP server can be config-
+ ured to send incoming mail to a real-time SMTP-based con-
tent filter BEFORE mail is queued. This content filter is
- expected to inject mail back into Postfix. See the
- <a href="SMTPD_PROXY_README.html">SMTPD_PROXY_README</a> document for details on how to config-
+ expected to inject mail back into Postfix. See the
+ <a href="SMTPD_PROXY_README.html">SMTPD_PROXY_README</a> document for details on how to config-
ure and operate this feature.
<b><a href="postconf.5.html#smtpd_proxy_filter">smtpd_proxy_filter</a> (empty)</b>
- The hostname and TCP port of the mail filtering
+ The hostname and TCP port of the mail filtering
proxy server.
<b><a href="postconf.5.html#smtpd_proxy_ehlo">smtpd_proxy_ehlo</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
for sending or receiving information.
<b>GENERAL CONTENT INSPECTION CONTROLS</b>
- The following parameters are applicable for both built-in
+ The following parameters are applicable for both built-in
and external content filters.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#receive_override_options">receive_override_options</a> (empty)</b>
- Enable or disable recipient validation, built-in
+ Enable or disable recipient validation, built-in
content filtering, or address mapping.
<b>EXTERNAL CONTENT INSPECTION CONTROLS</b>
- The following parameters are applicable for both before-
+ The following parameters are applicable for both before-
queue and after-queue content filtering.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtpd_authorized_xforward_hosts">smtpd_authorized_xforward_hosts</a> (empty)</b>
- What SMTP clients are allowed to use the XFORWARD
+ What SMTP clients are allowed to use the XFORWARD
feature.
<b>SASL AUTHENTICATION CONTROLS</b>
- Postfix SASL support (<a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a>) can be used to authenti-
- cate remote SMTP clients to the Postfix SMTP server, and
- to authenticate the Postfix SMTP client to a remote SMTP
+ Postfix SASL support (<a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a>) can be used to authenti-
+ cate remote SMTP clients to the Postfix SMTP server, and
+ to authenticate the Postfix SMTP client to a remote SMTP
server. See the <a href="SASL_README.html">SASL_README</a> document for details.
<b><a href="postconf.5.html#broken_sasl_auth_clients">broken_sasl_auth_clients</a> (no)</b>
- Enable inter-operability with SMTP clients that
- implement an obsolete version of the AUTH command
+ Enable inter-operability with SMTP clients that
+ implement an obsolete version of the AUTH command
(<a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a>).
<b><a href="postconf.5.html#smtpd_sasl_auth_enable">smtpd_sasl_auth_enable</a> (no)</b>
- Enable SASL authentication in the Postfix SMTP
+ Enable SASL authentication in the Postfix SMTP
server.
<b><a href="postconf.5.html#smtpd_sasl_application_name">smtpd_sasl_application_name</a> (smtpd)</b>
- The application name used for SASL server initial-
+ The application name used for SASL server initial-
ization.
<b><a href="postconf.5.html#smtpd_sasl_local_domain">smtpd_sasl_local_domain</a> (empty)</b>
SMTP server will offer to the client.
<b><a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a> (empty)</b>
- Optional lookup table with the SASL login names
+ Optional lookup table with the SASL login names
that own sender (MAIL FROM) addresses.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtpd_sasl_exceptions_networks">smtpd_sasl_exceptions_networks</a> (empty)</b>
- What SMTP clients Postfix will not offer AUTH sup-
+ What SMTP clients Postfix will not offer AUTH sup-
port to.
<b>VERP SUPPORT CONTROLS</b>
- With VERP style delivery, each recipient of a message
+ With VERP style delivery, each recipient of a message
receives a customized copy of the message with his/her own
- recipient address encoded in the envelope sender address.
+ recipient address encoded in the envelope sender address.
The <a href="VERP_README.html">VERP_README</a> file describes configuration and operation
- details of Postfix support for variable envelope return
+ details of Postfix support for variable envelope return
path addresses. VERP style delivery is requested with the
- SMTP XVERP command or with the "sendmail -V" command-line
- option and is available in Postfix version 1.1 and later.
+ SMTP XVERP command or with the "sendmail -V" command-line
+ option and is available in Postfix version 1.1 and later.
<b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a> (+=)</b>
The two default VERP delimiter characters.
<b><a href="postconf.5.html#verp_delimiter_filter">verp_delimiter_filter</a> (-=+)</b>
- The characters Postfix accepts as VERP delimiter
- characters on the Postfix <a href="sendmail.1.html">sendmail(1)</a> command line
+ The characters Postfix accepts as VERP delimiter
+ characters on the Postfix <a href="sendmail.1.html">sendmail(1)</a> command line
and in SMTP commands.
Available in Postfix version 1.1 and 2.0:
<b><a href="postconf.5.html#authorized_verp_clients">authorized_verp_clients</a> ($<a href="postconf.5.html#mynetworks">mynetworks</a>)</b>
- What SMTP clients are allowed to specify the XVERP
+ What SMTP clients are allowed to specify the XVERP
command.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtpd_authorized_verp_clients">smtpd_authorized_verp_clients</a> ($<a href="postconf.5.html#authorized_verp_clients">authorized_verp_clients</a>)</b>
- What SMTP clients are allowed to specify the XVERP
+ What SMTP clients are allowed to specify the XVERP
command.
<b>TROUBLE SHOOTING CONTROLS</b>
- The <a href="DEBUG_README.html">DEBUG_README</a> document describes how to debug parts of
- the Postfix mail system. The methods vary from making the
- software log a lot of detail, to running some daemon pro-
+ The <a href="DEBUG_README.html">DEBUG_README</a> document describes how to debug parts of
+ the Postfix mail system. The methods vary from making the
+ software log a lot of detail, to running some daemon pro-
cesses under control of a call tracer or debugger.
<b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
- The increment in verbose logging level when a
- remote client or server matches a pattern in the
+ The increment in verbose logging level when a
+ remote client or server matches a pattern in the
<a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
<b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
- Optional list of remote client or server hostname
- or network address patterns that cause the verbose
- logging level to increase by the amount specified
+ Optional list of remote client or server hostname
+ or network address patterns that cause the verbose
+ logging level to increase by the amount specified
in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
<b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b>
- The recipient of postmaster notifications about
- mail delivery problems that are caused by policy,
+ The recipient of postmaster notifications about
+ mail delivery problems that are caused by policy,
resource, software or protocol errors.
<b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
- The list of error classes that are reported to the
+ The list of error classes that are reported to the
postmaster.
<b><a href="postconf.5.html#soft_bounce">soft_bounce</a> (no)</b>
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtpd_authorized_xclient_hosts">smtpd_authorized_xclient_hosts</a> (empty)</b>
- What SMTP clients are allowed to use the XCLIENT
+ What SMTP clients are allowed to use the XCLIENT
feature.
<b>KNOWN VERSUS UNKNOWN RECIPIENT CONTROLS</b>
- As of Postfix version 2.0, the SMTP server rejects mail
- for unknown recipients. This prevents the mail queue from
- clogging up with undeliverable MAILER-DAEMON messages.
- Additional information on this topic is in the
+ As of Postfix version 2.0, the SMTP server rejects mail
+ for unknown recipients. This prevents the mail queue from
+ clogging up with undeliverable MAILER-DAEMON messages.
+ Additional information on this topic is in the
<a href="LOCAL_RECIPIENT_README.html">LOCAL_RECIPIENT_README</a> and <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> documents.
<b><a href="postconf.5.html#show_user_unknown_table_name">show_user_unknown_table_name</a> (yes)</b>
- Display the name of the recipient table in the
+ Display the name of the recipient table in the
"User unknown" responses.
<b><a href="postconf.5.html#canonical_maps">canonical_maps</a> (empty)</b>
- Optional address mapping lookup tables for message
+ Optional address mapping lookup tables for message
headers and envelopes.
<b><a href="postconf.5.html#recipient_canonical_maps">recipient_canonical_maps</a> (empty)</b>
<b><a href="postconf.5.html#mydestination">mydestination</a> ($<a href="postconf.5.html#myhostname">myhostname</a>, localhost.$<a href="postconf.5.html#mydomain">mydomain</a>, local-</b>
<b>host)</b>
- The list of domains that are delivered via the
+ The list of domains that are delivered via the
$<a href="postconf.5.html#local_transport">local_transport</a> mail delivery transport.
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b>
<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b>
The network interface addresses that this mail sys-
- tem receives mail on by way of a proxy or network
+ tem receives mail on by way of a proxy or network
address translation unit.
<b><a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> (<a href="proxymap.8.html">proxy</a>:unix:passwd.byname</b>
<b>$<a href="postconf.5.html#alias_maps">alias_maps</a>)</b>
- Lookup tables with all names or addresses of local
- recipients: a recipient address is local when its
- domain matches $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or
+ Lookup tables with all names or addresses of local
+ recipients: a recipient address is local when its
+ domain matches $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or
$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>.
<b><a href="postconf.5.html#unknown_local_recipient_reject_code">unknown_local_recipient_reject_code</a> (550)</b>
- The numerical Postfix SMTP server response code
- when a recipient address is local, and
- $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> specifies a list of lookup
+ The numerical Postfix SMTP server response code
+ when a recipient address is local, and
+ $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> specifies a list of lookup
tables that does not match the recipient.
- Parameters concerning known/unknown recipients of relay
+ Parameters concerning known/unknown recipients of relay
destinations:
<b><a href="postconf.5.html#relay_domains">relay_domains</a> ($<a href="postconf.5.html#mydestination">mydestination</a>)</b>
- What destination domains (and subdomains thereof)
+ What destination domains (and subdomains thereof)
this system will relay mail to.
<b><a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> (empty)</b>
- Optional lookup tables with all valid addresses in
+ Optional lookup tables with all valid addresses in
the domains that match $<a href="postconf.5.html#relay_domains">relay_domains</a>.
<b><a href="postconf.5.html#unknown_relay_recipient_reject_code">unknown_relay_recipient_reject_code</a> (550)</b>
The numerical Postfix SMTP server reply code when a
- recipient address matches $<a href="postconf.5.html#relay_domains">relay_domains</a>, and
- <a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> specifies a list of lookup
+ recipient address matches $<a href="postconf.5.html#relay_domains">relay_domains</a>, and
+ <a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> specifies a list of lookup
tables that does not match the recipient address.
- Parameters concerning known/unknown recipients in virtual
+ Parameters concerning known/unknown recipients in virtual
alias domains:
<b><a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a> ($<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>)</b>
Postfix is final destination for the specified list
- of virtual alias domains, that is, domains for
- which all addresses are aliased to addresses in
+ of virtual alias domains, that is, domains for
+ which all addresses are aliased to addresses in
other local or remote domains.
<b><a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> ($<a href="postconf.5.html#virtual_maps">virtual_maps</a>)</b>
- Optional lookup tables that alias specific mail
- addresses or domains to other local or remote
+ Optional lookup tables that alias specific mail
+ addresses or domains to other local or remote
address.
<b><a href="postconf.5.html#unknown_virtual_alias_reject_code">unknown_virtual_alias_reject_code</a> (550)</b>
The SMTP server reply code when a recipient address
- matches
$<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, and $<a href="postconf.5.html#virtual_alias_maps">vir</a>-
- <a href="postconf.5.html#virtual_alias_maps">tual_alias_maps</a> specifies a list of lookup tables
+ matches
$<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, and $<a href="postconf.5.html#virtual_alias_maps">vir</a>-
+ <a href="postconf.5.html#virtual_alias_maps">tual_alias_maps</a> specifies a list of lookup tables
that does not match the recipient address.
- Parameters concerning known/unknown recipients in virtual
+ Parameters concerning known/unknown recipients in virtual
mailbox domains:
<b><a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> ($<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>)</b>
Postfix is final destination for the specified list
- of
domains; mail is delivered via the $<a href="postconf.5.html#virtual_transport">vir</a>-
+ of
domains; mail is delivered via the $<a href="postconf.5.html#virtual_transport">vir</a>-
<a href="postconf.5.html#virtual_transport">tual_transport</a> mail delivery transport.
<b><a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> (empty)</b>
- Optional lookup tables with all valid addresses in
+ Optional lookup tables with all valid addresses in
the domains that match $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>.
<b><a href="postconf.5.html#unknown_virtual_mailbox_reject_code">unknown_virtual_mailbox_reject_code</a> (550)</b>
The SMTP server reply code when a recipient address
- matches
$<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>, and $<a href="postconf.5.html#virtual_mailbox_maps">vir</a>-
+ matches
$<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>, and $<a href="postconf.5.html#virtual_mailbox_maps">vir</a>-
<a href="postconf.5.html#virtual_mailbox_maps">tual_mailbox_maps</a> specifies a list of lookup tables
that does not match the recipient address.
<b>RESOURCE AND RATE CONTROLS</b>
- The following parameters limit resource usage by the SMTP
+ The following parameters limit resource usage by the SMTP
server and/or control client request rates.
<b><a href="postconf.5.html#line_length_limit">line_length_limit</a> (2048)</b>
- Upon input, long lines are chopped up into pieces
- of at most this length; upon delivery, long lines
+ Upon input, long lines are chopped up into pieces
+ of at most this length; upon delivery, long lines
are reconstructed.
<b><a href="postconf.5.html#queue_minfree">queue_minfree</a> (0)</b>
- The minimal amount of free space in bytes in the
+ The minimal amount of free space in bytes in the
queue file system that is needed to receive mail.
<b><a href="postconf.5.html#message_size_limit">message_size_limit</a> (10240000)</b>
- The maximal size in bytes of a message, including
+ The maximal size in bytes of a message, including
envelope information.
<b><a href="postconf.5.html#smtpd_recipient_limit">smtpd_recipient_limit</a> (1000)</b>
- The maximal number of recipients that the Postfix
+ The maximal number of recipients that the Postfix
SMTP server accepts per message delivery request.
<b><a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> (300s)</b>
- The time limit for sending a Postfix SMTP server
- response and for receiving a remote SMTP client
+ The time limit for sending a Postfix SMTP server
+ response and for receiving a remote SMTP client
request.
<b><a href="postconf.5.html#smtpd_history_flush_threshold">smtpd_history_flush_threshold</a> (100)</b>
- The maximal number of lines in the Postfix SMTP
- server command history before it is flushed upon
+ The maximal number of lines in the Postfix SMTP
+ server command history before it is flushed upon
receipt of EHLO, RSET, or end of DATA.
The per SMTP client connection count and request rate lim-
its are implemented in co-operation with the <a href="anvil.8.html">anvil(8)</a> ser-
- vice, and are available in Postfix version 2.2 and later.
+ vice, and are available in Postfix version 2.2 and later.
<b><a href="postconf.5.html#smtpd_client_connection_count_limit">smtpd_client_connection_count_limit</a> (50)</b>
- How many simultaneous connections any client is
+ How many simultaneous connections any client is
allowed to make to this service.
<b><a href="postconf.5.html#smtpd_client_connection_rate_limit">smtpd_client_connection_rate_limit</a> (0)</b>
The maximal number of connection attempts any
- client is allowed to make to this service per time
+ client is allowed to make to this service per time
unit.
<b><a href="postconf.5.html#smtpd_client_message_rate_limit">smtpd_client_message_rate_limit</a> (0)</b>
- The maximal number of message delivery requests
- that any client is allowed to make to this service
+ The maximal number of message delivery requests
+ that any client is allowed to make to this service
per time unit, regardless of whether or not Postfix
actually accepts those messages.
<b><a href="postconf.5.html#smtpd_client_recipient_rate_limit">smtpd_client_recipient_rate_limit</a> (0)</b>
- The maximal number of recipient addresses that any
- client is allowed to send to this service per time
+ The maximal number of recipient addresses that any
+ client is allowed to send to this service per time
unit, regardless of whether or not Postfix actually
accepts those recipients.
<b><a href="postconf.5.html#smtpd_client_event_limit_exceptions">smtpd_client_event_limit_exceptions</a> ($<a href="postconf.5.html#mynetworks">mynetworks</a>)</b>
- Clients that are excluded from connection count,
- connection rate, message rate or recipient rate
+ Clients that are excluded from connection count,
+ connection rate, message rate or recipient rate
restrictions.
<b>TARPIT CONTROLS</b>
- When a remote SMTP client makes errors, the Postfix SMTP
- server can insert delays before responding. This can help
- to slow down run-away software. The behavior is con-
- trolled by an error counter that counts the number of
- errors within an SMTP session that a client makes without
+ When a remote SMTP client makes errors, the Postfix SMTP
+ server can insert delays before responding. This can help
+ to slow down run-away software. The behavior is con-
+ trolled by an error counter that counts the number of
+ errors within an SMTP session that a client makes without
delivering mail.
<b><a href="postconf.5.html#smtpd_error_sleep_time">smtpd_error_sleep_time</a> (1s)</b>
- With Postfix 2.1 and later: the SMTP server
- response delay after a client has made more than
- $<a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a> errors, and fewer than
- $<a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> errors, without delivering
+ With Postfix 2.1 and later: the SMTP server
+ response delay after a client has made more than
+ $<a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a> errors, and fewer than
+ $<a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> errors, without delivering
mail.
<b><a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a> (10)</b>
- The number of errors a remote SMTP client is
- allowed to make without delivering mail before the
+ The number of errors a remote SMTP client is
+ allowed to make without delivering mail before the
Postfix SMTP server slows down all its responses.
<b><a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> (20)</b>
- The maximal number of errors a remote SMTP client
+ The maximal number of errors a remote SMTP client
is allowed to make without delivering mail.
<b><a href="postconf.5.html#smtpd_junk_command_limit">smtpd_junk_command_limit</a> (100)</b>
- The number of junk commands (NOOP, VRFY, ETRN or
+ The number of junk commands (NOOP, VRFY, ETRN or
RSET) that a remote SMTP client can send before the
- Postfix SMTP server starts to increment the error
+ Postfix SMTP server starts to increment the error
counter with each junk command.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtpd_recipient_overshoot_limit">smtpd_recipient_overshoot_limit</a> (1000)</b>
- The number of recipients that a remote SMTP client
- can send in excess of the limit specified with
+ The number of recipients that a remote SMTP client
+ can send in excess of the limit specified with
$<a href="postconf.5.html#smtpd_recipient_limit">smtpd_recipient_limit</a>, before the Postfix SMTP
- server increments the per-session error count for
+ server increments the per-session error count for
each excess recipient.
<b>ACCESS POLICY DELEGATION CONTROLS</b>
- As of version 2.1, Postfix can be configured to delegate
- access policy decisions to an external server that runs
- outside Postfix. See the file <a href="SMTPD_POLICY_README.html">SMTPD_POLICY_README</a> for
+ As of version 2.1, Postfix can be configured to delegate
+ access policy decisions to an external server that runs
+ outside Postfix. See the file <a href="SMTPD_POLICY_README.html">SMTPD_POLICY_README</a> for
more information.
<b><a href="postconf.5.html#smtpd_policy_service_max_idle">smtpd_policy_service_max_idle</a> (300s)</b>
- The time after which an idle SMTPD policy service
+ The time after which an idle SMTPD policy service
connection is closed.
<b><a href="postconf.5.html#smtpd_policy_service_max_ttl">smtpd_policy_service_max_ttl</a> (1000s)</b>
connection is closed.
<b><a href="postconf.5.html#smtpd_policy_service_timeout">smtpd_policy_service_timeout</a> (100s)</b>
- The time limit for connecting to, writing to or
+ The time limit for connecting to, writing to or
receiving from a delegated SMTPD policy server.
<b>ACCESS CONTROLS</b>
- The <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a> document gives an introduction to
+ The <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a> document gives an introduction to
all the SMTP server access control features.
<b><a href="postconf.5.html#smtpd_delay_reject">smtpd_delay_reject</a> (yes)</b>
- Wait until the RCPT TO command before evaluating
+ Wait until the RCPT TO command before evaluating
$<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>, $smtpd_helo_restric-
tions and $<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a>, or wait until
- the ETRN command before evaluating
+ the ETRN command before evaluating
$<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> and $smtpd_helo_restric-
tions.
- <b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> (see 'postconf -d' out-</b>
+ <b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> (see 'postconf -d' out-</b>
<b>put)</b>
What Postfix features match subdomains of
"domain.tld" automatically, instead of requiring an
explicit ".domain.tld" pattern.
<b><a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> (empty)</b>
- Optional SMTP server access restrictions in the
+ Optional SMTP server access restrictions in the
context of a client SMTP connection request.
<b><a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> (no)</b>
Require that a remote SMTP client introduces itself
- at the beginning of an SMTP session with the HELO
+ at the beginning of an SMTP session with the HELO
or EHLO command.
<b><a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> (empty)</b>
- Optional restrictions that the Postfix SMTP server
+ Optional restrictions that the Postfix SMTP server
applies in the context of the SMTP HELO command.
<b><a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> (empty)</b>
- Optional restrictions that the Postfix SMTP server
+ Optional restrictions that the Postfix SMTP server
applies in the context of the MAIL FROM command.
<b><a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> (<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>,</b>
<b><a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>)</b>
The access restrictions that the Postfix SMTP
- server applies in the context of the RCPT TO com-
+ server applies in the context of the RCPT TO com-
mand.
<b><a href="postconf.5.html#smtpd_etrn_restrictions">smtpd_etrn_restrictions</a> (empty)</b>
- Optional SMTP server access restrictions in the
+ Optional SMTP server access restrictions in the
context of a client ETRN request.
<b><a href="postconf.5.html#allow_untrusted_routing">allow_untrusted_routing</a> (no)</b>
- Forward mail with sender-specified routing
- (user[@%!]remote[@%!]site) from untrusted clients
+ Forward mail with sender-specified routing
+ (user[@%!]remote[@%!]site) from untrusted clients
to destinations matching $<a href="postconf.5.html#relay_domains">relay_domains</a>.
<b><a href="postconf.5.html#smtpd_restriction_classes">smtpd_restriction_classes</a> (empty)</b>
- User-defined aliases for groups of access restric-
+ User-defined aliases for groups of access restric-
tions.
<b><a href="postconf.5.html#smtpd_null_access_lookup_key">smtpd_null_access_lookup_key</a> (</b><><b>)</b>
- The lookup key to be used in SMTP <a href="access.5.html">access(5)</a> tables
+ The lookup key to be used in SMTP <a href="access.5.html">access(5)</a> tables
instead of the null sender address.
<b><a href="postconf.5.html#permit_mx_backup_networks">permit_mx_backup_networks</a> (empty)</b>
Restrict the use of the <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> SMTP
- access feature to only domains whose primary MX
+ access feature to only domains whose primary MX
hosts match the listed networks.
Available in Postfix version 2.0 and later:
<b><a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a> (empty)</b>
- Optional access restrictions that the Postfix SMTP
+ Optional access restrictions that the Postfix SMTP
server applies in the context of the SMTP DATA com-
mand.
<b><a href="postconf.5.html#smtpd_expansion_filter">smtpd_expansion_filter</a> (see 'postconf -d' output)</b>
- What characters are allowed in $name expansions of
+ What characters are allowed in $name expansions of
RBL reply templates.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtpd_reject_unlisted_sender">smtpd_reject_unlisted_sender</a> (no)</b>
- Request that the Postfix SMTP server rejects mail
- from unknown sender addresses, even when no
- explicit <a href="postconf.5.html#reject_unlisted_sender">reject_unlisted_sender</a> access restriction
+ Request that the Postfix SMTP server rejects mail
+ from unknown sender addresses, even when no
+ explicit <a href="postconf.5.html#reject_unlisted_sender">reject_unlisted_sender</a> access restriction
is specified.
<b><a href="postconf.5.html#smtpd_reject_unlisted_recipient">smtpd_reject_unlisted_recipient</a> (yes)</b>
- Request that the Postfix SMTP server rejects mail
+ Request that the Postfix SMTP server rejects mail
for unknown recipient addresses, even when no
- explicit <a href="postconf.5.html#reject_unlisted_recipient">reject_unlisted_recipient</a> access restric-
+ explicit <a href="postconf.5.html#reject_unlisted_recipient">reject_unlisted_recipient</a> access restric-
tion is specified.
<b>SENDER AND RECIPIENT ADDRESS VERIFICATION CONTROLS</b>
- Postfix version 2.1 introduces sender and recipient
- address verification. This feature is implemented by
- sending probe email messages that are not actually deliv-
- ered.
This feature is requested via the <a href="postconf.5.html#reject_unverified_sender">reject_unveri</a>-
- <a href="postconf.5.html#reject_unverified_sender">fied_sender</a> and <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> access
- restrictions. The status of verification probes is main-
+ Postfix version 2.1 introduces sender and recipient
+ address verification. This feature is implemented by
+ sending probe email messages that are not actually deliv-
+ ered.
This feature is requested via the <a href="postconf.5.html#reject_unverified_sender">reject_unveri</a>-
+ <a href="postconf.5.html#reject_unverified_sender">fied_sender</a> and <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> access
+ restrictions. The status of verification probes is main-
tained by the <a href="verify.8.html">verify(8)</a> server. See the file ADDRESS_VER-
- <a href="IFICATION_README.html">IFICATION_README</a> for information about how to configure
+ <a href="IFICATION_README.html">IFICATION_README</a> for information about how to configure
and operate the Postfix sender/recipient address verifica-
tion service.
<b><a href="postconf.5.html#address_verify_poll_count">address_verify_poll_count</a> (3)</b>
- How many times to query the <a href="verify.8.html">verify(8)</a> service for
- the completion of an address verification request
+ How many times to query the <a href="verify.8.html">verify(8)</a> service for
+ the completion of an address verification request
in progress.
<b><a href="postconf.5.html#address_verify_poll_delay">address_verify_poll_delay</a> (3s)</b>
- The delay between queries for the completion of an
+ The delay between queries for the completion of an
address verification request in progress.
<b><a href="postconf.5.html#address_verify_sender">address_verify_sender</a> (postmaster)</b>
- The sender address to use in address verification
+ The sender address to use in address verification
probes.
<b><a href="postconf.5.html#unverified_sender_reject_code">unverified_sender_reject_code</a> (450)</b>
- The numerical Postfix SMTP server response code
- when a recipient address is rejected by the
+ The numerical Postfix SMTP server response code
+ when a recipient address is rejected by the
<a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a> restriction.
<b><a href="postconf.5.html#unverified_recipient_reject_code">unverified_recipient_reject_code</a> (450)</b>
- The numerical Postfix SMTP server response when a
+ The numerical Postfix SMTP server response when a
recipient address is rejected by the <a href="postconf.5.html#reject_unverified_recipient">reject_unveri</a>-
<a href="postconf.5.html#reject_unverified_recipient">fied_recipient</a> restriction.
<b>ACCESS CONTROL RESPONSES</b>
- The following parameters control numerical SMTP reply
+ The following parameters control numerical SMTP reply
codes and/or text responses.
<b><a href="postconf.5.html#access_map_reject_code">access_map_reject_code</a> (554)</b>
- The numerical Postfix SMTP server response code
- when a client is rejected by an <a href="access.5.html">access(5)</a> map
+ The numerical Postfix SMTP server response code
+ when a client is rejected by an <a href="access.5.html">access(5)</a> map
restriction.
<b><a href="postconf.5.html#defer_code">defer_code</a> (450)</b>
- The numerical Postfix SMTP server response code
- when a remote SMTP client request is rejected by
+ The numerical Postfix SMTP server response code
+ when a remote SMTP client request is rejected by
the "defer" restriction.
<b><a href="postconf.5.html#invalid_hostname_reject_code">invalid_hostname_reject_code</a> (501)</b>
- The numerical Postfix SMTP server response code
- when the client HELO or EHLO command parameter is
- rejected by the <a href="postconf.5.html#reject_invalid_hostname">reject_invalid_hostname</a> restric-
+ The numerical Postfix SMTP server response code
+ when the client HELO or EHLO command parameter is
+ rejected by the <a href="postconf.5.html#reject_invalid_hostname">reject_invalid_hostname</a> restric-
tion.
<b><a href="postconf.5.html#maps_rbl_reject_code">maps_rbl_reject_code</a> (554)</b>
- The numerical Postfix SMTP server response code
+ The numerical Postfix SMTP server response code
when a remote SMTP client request is blocked by the
<a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a>, <a href="postconf.5.html#reject_rhsbl_client">reject_rhsbl_client</a>,
<a href="postconf.5.html#reject_rhsbl_sender">reject_rhsbl_sender</a> or <a href="postconf.5.html#reject_rhsbl_recipient">reject_rhsbl_recipient</a>
<b><a href="postconf.5.html#non_fqdn_reject_code">non_fqdn_reject_code</a> (504)</b>
The numerical Postfix SMTP server reply code when a
- client request is rejected by the
+ client request is rejected by the
<a href="postconf.5.html#reject_non_fqdn_hostname">reject_non_fqdn_hostname</a>, <a href="postconf.5.html#reject_non_fqdn_sender">reject_non_fqdn_sender</a> or
<a href="postconf.5.html#reject_non_fqdn_recipient">reject_non_fqdn_recipient</a> restriction.
<b><a href="postconf.5.html#reject_code">reject_code</a> (554)</b>
- The numerical Postfix SMTP server response code
- when a remote SMTP client request is rejected by
+ The numerical Postfix SMTP server response code
+ when a remote SMTP client request is rejected by
the "<b>reject</b>" restriction.
<b><a href="postconf.5.html#relay_domains_reject_code">relay_domains_reject_code</a> (554)</b>
- The numerical Postfix SMTP server response code
- when a client request is rejected by the
+ The numerical Postfix SMTP server response code
+ when a client request is rejected by the
<a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> recipient restriction.
<b><a href="postconf.5.html#unknown_address_reject_code">unknown_address_reject_code</a> (450)</b>
- The numerical Postfix SMTP server response code
- when a sender or recipient address is rejected by
+ The numerical Postfix SMTP server response code
+ when a sender or recipient address is rejected by
the <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a> or
<a href="postconf.5.html#reject_unknown_recipient_domain">reject_unknown_recipient_domain</a> restriction.
<b><a href="postconf.5.html#unknown_client_reject_code">unknown_client_reject_code</a> (450)</b>
- The numerical Postfix SMTP server response code
- when a client without valid address <=> name map-
- ping
is rejected by the <a href="postconf.5.html#reject_unknown_client">reject_unknown_client</a>
+ The numerical Postfix SMTP server response code
+ when a client without valid address <=> name map-
+ ping
is rejected by the <a href="postconf.5.html#reject_unknown_client">reject_unknown_client</a>
restriction.
<b><a href="postconf.5.html#unknown_hostname_reject_code">unknown_hostname_reject_code</a> (450)</b>
- The numerical Postfix SMTP server response code
- when the hostname specified with the HELO or EHLO
- command
is rejected by the <a href="postconf.5.html#reject_unknown_hostname">reject_unknown_hostname</a>
+ The numerical Postfix SMTP server response code
+ when the hostname specified with the HELO or EHLO
+ command
is rejected by the <a href="postconf.5.html#reject_unknown_hostname">reject_unknown_hostname</a>
restriction.
Available in Postfix version 2.0 and later:
<b><a href="postconf.5.html#default_rbl_reply">default_rbl_reply</a> (see 'postconf -d' output)</b>
- The default SMTP server response template for a
- request that is rejected by an RBL-based restric-
+ The default SMTP server response template for a
+ request that is rejected by an RBL-based restric-
tion.
<b><a href="postconf.5.html#multi_recipient_bounce_reject_code">multi_recipient_bounce_reject_code</a> (550)</b>
- The numerical Postfix SMTP server response code
+ The numerical Postfix SMTP server response code
when a remote SMTP client request is blocked by the
<a href="postconf.5.html#reject_multi_recipient_bounce">reject_multi_recipient_bounce</a> restriction.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix main.cf and
+ The default location of the Postfix main.cf and
master.cf configuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to
- handle a request before it is terminated by a
+ How much time a Postfix daemon process may take to
+ handle a request before it is terminated by a
built-in watchdog timer.
<b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
- The location of all postfix administrative com-
+ The location of all postfix administrative com-
mands.
<b><a href="postconf.5.html#double_bounce_sender">double_bounce_sender</a> (double-bounce)</b>
and most Postfix daemon processes.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix
- daemon process waits for the next service request
+ The maximum amount of time that an idle Postfix
+ daemon process waits for the next service request
before exiting.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of connection requests before a
+ The maximal number of connection requests before a
Postfix daemon process terminates.
<b><a href="postconf.5.html#myhostname">myhostname</a> (see 'postconf -d' output)</b>
The internet hostname of this mail system.
<b><a href="postconf.5.html#mynetworks">mynetworks</a> (see 'postconf -d' output)</b>
- The list of "trusted" SMTP clients that have more
+ The list of "trusted" SMTP clients that have more
privileges than "strangers".
<b><a href="postconf.5.html#myorigin">myorigin</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
The domain name that locally-posted mail appears to
- come from, and that locally posted mail is deliv-
+ come from, and that locally posted mail is deliv-
ered to.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon pro-
+ The process ID of a Postfix command or daemon pro-
cess.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
+ The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
+ The location of the Postfix top-level queue direc-
tory.
<b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> (empty)</b>
sions (user+foo).
<b><a href="postconf.5.html#smtpd_banner">smtpd_banner</a> ($<a href="postconf.5.html#myhostname">myhostname</a> ESMTP $<a href="postconf.5.html#mail_name">mail_name</a>)</b>
- The text that follows the 220 status code in the
+ The text that follows the 220 status code in the
SMTP greeting banner.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
- The mail system name that is prepended to the pro-
+ The mail system name that is prepended to the pro-
cess name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
<a href="XFORWARD_README.html">XFORWARD_README</a>, Postfix XFORWARD extension
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
Rewrite an address to standard form, according to
the address rewriting context:
- <b>local</b>
-
- <b>none</b> Append the domain names specified with <b>$<a href="postconf.5.html#myorigin">myo</a>-</b>
+ <b>local</b> Append the domain names specified with <b>$<a href="postconf.5.html#myorigin">myo</a>-</b>
<b><a href="postconf.5.html#myorigin">rigin</a></b> or <b>$<a href="postconf.5.html#mydomain">mydomain</a></b> to incomplete addresses;
do <b><a href="postconf.5.html#swap_bangpath">swap_bangpath</a></b> and <b><a href="postconf.5.html#allow_percent_hack">allow_percent_hack</a></b> pro-
cessing as described below, and strip source
routed addresses (<i>@site,@site:user@domain</i>)
to <i>user@domain</i> form.
- <b>invalid</b>
- Append the domain name specified with
+ <b>remote</b> Append the domain name specified with
<b>$<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a></b> to incomplete
addresses. Otherwise the result is identical
to that of the <b>local</b> address rewriting con-
Available in Postfix 2.2 and later:
- <b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> (domain.invalid)</b>
- Append this domain to incomplete message header
- addresses from remote clients; when the domain is
- empty, don't rewrite remote message headers at all.
+ <b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> (empty)</b>
+ Don't rewrite message headers from remote clients
+ at all when this parameter is empty; otherwise,
+ rewrite remote message headers and append the spec-
+ ified domain name to incomplete addresses.
<b>ROUTING CONTROLS</b>
The following is applicable to Postfix version 2.0 and
local_destination_concurrency_limit from concurrency per recipient
into concurrency per domain.
.SH local_header_rewrite_clients (default: see "postconf -d" output)
-Append the domain name in $myorigin or $mydomain to incomplete
-message header addresses from these clients; append
-$remote_header_rewrite_domain for all other clients.
+Append the domain name in $myorigin or $mydomain to message
+header addresses from these clients only; either don't rewrite
+message headers from other clients at all, or append the domain
+specified with the remote_header_rewrite_domain parameter.
.PP
Specify a list of zero or more of the following:
.IP "\fB permit_mynetworks \fR"
.PP
Examples:
.PP
+The backwards compatible setting: always rewrite message headers,
+and always append my own domain to incomplete header addresses.
+.PP
+.nf
+.na
+.ft C
+ local_header_rewrite_clients = static:all
+.fi
+.ad
+.ft R
+.PP
+The default setting: rewrite headers and append my own domain
+only with mail from local or authorized clients.
+.PP
.nf
.na
.ft C
-local_header_rewrite_clients = static:all
-local_header_rewrite_clients = permit_mynetworks, permit_sasl_authenticated
+ local_header_rewrite_clients = permit_mynetworks,
+ permit_sasl_authenticated permit_tls_clientcerts
+.fi
+.ad
+.ft R
+.PP
+Include clients that are pop-before-smtp authenticated:
+.PP
+.nf
+.na
+.ft C
+ local_header_rewrite_clients = permit_mynetworks,
+ permit_sasl_authenticated permit_tls_clientcerts
+ check_address_map hash:/etc/postfix/pop-before-smtp
.fi
.ad
.ft R
.fi
.ad
.ft R
-.SH remote_header_rewrite_domain (default: domain.invalid)
-Append this domain name to incomplete message header addresses
-from remote clients; when this domain name is empty, don't rewrite
-remote message headers at all. Both stop Postfix from appending
-your own domain to addresses in spam from poorly written software.
+.SH remote_header_rewrite_domain (default: empty)
+Don't rewrite message headers from remote clients at all when
+this parameter is empty; otherwise, rewrite remote message headers
+and append the specified domain name to incomplete addresses.
+.PP
+Examples:
+.PP
+The safe setting: append "domain.invalid" to incomplete header
+addresses from remote SMTP clients, so that those addresses cannot
+be confused with local addresses.
+.PP
+.nf
+.na
+.ft C
+ remote_header_rewrite_domain = domain.invalid
+.fi
+.ad
+.ft R
+.PP
+The default, purist, setting: don't rewrite headers from remote
+clients at all.
+.PP
+.nf
+.na
+.ft C
+ remote_header_rewrite_domain =
+.fi
+.ad
+.ft R
.SH require_home_directory (default: no)
Whether or not a local(8) recipient's home directory must exist
before mail delivery is attempted. By default this test is disabled.
.nf
smtpd(8), Postfix SMTP server
postconf(5), configuration parameters
+master(5), generic daemon options
.SH "README FILES"
.na
.nf
.nf
qmgr(8), queue manager
postconf(5), configuration parameters
+master(5), generic daemon options
master(8), process manager
syslogd(8), system logging
.SH "LICENSE"
canonical(5), canonical address lookup table format
virtual(5), virtual alias lookup table format
postconf(5), configuration parameters
+master(5), generic daemon options
master(8), process manager
syslogd(8), system logging
.SH "README FILES"
bounce(8), delivery status reports
error(8), Postfix error delivery agent
postconf(5), configuration parameters
+master(5), generic daemon options
master(8), process manager
syslogd(8), system logging
.SH "LICENSE"
bounce(8), delivery status reports
discard(8), Postfix discard delivery agent
postconf(5), configuration parameters
+master(5), generic daemon options
master(8), process manager
syslogd(8), system logging
.SH "LICENSE"
smtpd(8), SMTP server
qmgr(8), queue manager
postconf(5), configuration parameters
+master(5), generic daemon options
master(8), process manager
syslogd(8), system logging
.SH "README FILES"
.IP "\fBlmtp_data_done_timeout (600s)\fR"
The LMTP client time limit for sending the LMTP ".", and for
receiving the server response.
-.IP "\fBlmtp_rset_timeout (120s)\fR"
-The LMTP client time limit for sending the RSET command, and for
-receiving the server response.
+.IP "\fBlmtp_rset_timeout (20s)\fR"
+The LMTP client time limit for sending the RSET command, and
+for receiving the server response.
.IP "\fBlmtp_quit_timeout (300s)\fR"
The LMTP client time limit for sending the QUIT command, and for
receiving the server response.
bounce(8), delivery status reports
qmgr(8), queue manager
postconf(5), configuration parameters
+master(5), generic daemon options
services(4), Internet services and aliases
master(8), process manager
syslogd(8), system logging
postalias(1), create/update alias database
aliases(5), format of alias database
postconf(5), configuration parameters
+master(5), generic daemon options
syslogd(8), system logging
.SH "LICENSE"
.na
trivial-rewrite(8), address routing
bounce(8), delivery status reports
postconf(5), configuration parameters
+master(5), generic daemon options
master(8), process manager
syslogd(8) system logging
.SH "README FILES"
it is queued.
.IP "\fBreceive_override_options (empty)\fR"
Enable or disable recipient validation, built-in content
-filtering, or address rewriting.
+filtering, or address mapping.
.SH "MISCELLANEOUS CONTROLS"
.na
.nf
sendmail(1), Sendmail-compatible interface
postdrop(1), mail posting agent
postconf(5), configuration parameters
+master(5), generic daemon options
master(8), process manager
syslogd(8), system logging
.SH "LICENSE"
qmgr(8), queue manager
bounce(8), delivery status reports
postconf(5), configuration parameters
+master(5), generic daemon options
master(8), process manager
syslogd(8), system logging
.SH "LICENSE"
The process name of a Postfix command or daemon process.
.IP "\fBproxy_read_maps (see 'postconf -d' output)\fR"
The lookup tables that the proxymap(8) server is allowed to access.
+.SH "SEE ALSO"
+.na
+.nf
+postconf(5), configuration parameters
+master(5), generic daemon options
+.SH "README FILES"
+.na
+.nf
+.ad
+.fi
+Use "\fBpostconf readme_directory\fR" or
+"\fBpostconf html_directory\fR" to locate this information.
+.na
+.nf
+DATABASE_README, Postfix lookup table overview
.SH "LICENSE"
.na
.nf
.PP
Available in Postfix version 2.2 and later:
.IP "\fBlocal_header_rewrite_clients (see 'postconf -d' output)\fR"
-Append the domain name in $myorigin or $mydomain to incomplete
-message header addresses from these clients; append
-$remote_header_rewrite_domain for all other clients.
-.IP "\fBremote_header_rewrite_domain (domain.invalid)\fR"
-Append this domain name to incomplete message header addresses
-from remote clients; when this domain name is empty, don't rewrite
-remote message headers at all.
+Append the domain name in $myorigin or $mydomain to message
+header addresses from these clients only; either don't rewrite
+message headers from other clients at all, or append the domain
+specified with the remote_header_rewrite_domain parameter.
+.IP "\fBremote_header_rewrite_domain (empty)\fR"
+Don't rewrite message headers from remote clients at all when
+this parameter is empty; otherwise, rewrite remote message headers
+and append the specified domain name to incomplete addresses.
.SH "AFTER QUEUE EXTERNAL CONTENT INSPECTION CONTROLS"
.na
.nf
address rewriting context:
.RS
.IP \fBlocal\fR
-.IP \fBnone\fR
Append the domain names specified with \fB$myorigin\fR or
\fB$mydomain\fR to incomplete addresses; do \fBswap_bangpath\fR
and \fBallow_percent_hack\fR processing as described below, and
strip source routed addresses (\fI@site,@site:user@domain\fR)
to \fIuser@domain\fR form.
-.IP \fBinvalid\fR
+.IP \fBremote\fR
Append the domain name specified with
\fB$remote_header_rewrite_domain\fR to incomplete
addresses. Otherwise the result is identical to that of
Enable the rewriting of "site!user" into "user@site".
.PP
Available in Postfix 2.2 and later:
-.IP "\fBremote_header_rewrite_domain (domain.invalid)\fR"
-Append this domain to incomplete message header addresses from
-remote clients; when the domain is empty, don't rewrite remote message
-headers at all.
+.IP "\fBremote_header_rewrite_domain (empty)\fR"
+Don't rewrite message headers from remote clients at all when
+this parameter is empty; otherwise, rewrite remote message headers
+and append the specified domain name to incomplete addresses.
.SH "ROUTING CONTROLS"
.na
.nf
form is to reduce the number of entries needed in lookup tables.
</p>
+<p> Postfix versions 2.2 and later do not rewrite message headers
+from remote SMTP clients at all, unless a non-empty domain name is
+specified with the remote_header_rewrite_domain configuration
+parameter. The local_header_rewrite_clients parameter controls
+what SMTP clients Postfix considers local. </p>
+
<p> The Postfix trivial-rewrite(8) daemon implements the following
hard-coded address manipulations: </p>
because a lot of Postfix components expect that all addresses have
the form "user@domain". </p>
+<p> Postfix versions 2.2 and later do not rewrite message headers
+from remote SMTP clients at all, or they append the domain name
+specified with the remote_header_rewrite_domain configuration
+parameter. </p>
+
<p> If your machine is not the main machine for $myorigin and you
wish to have some users delivered locally without going via that
main machine, make an entry in the <a href="#virtual">virtual
parameter (default: yes). The purpose is to get consistent treatment
of different forms of the same hostname. </p>
-<p> Some will argue that rewriting "host" to "host.$mydomain"
+<p> Postfix versions 2.2 and later do not rewrite message headers
+from remote clients at all, or they append the domain name specified
+with the remote_header_rewrite_domain configuration parameter. </p>
+
+<p> Some will argue that rewriting "host" to "host.domain"
is bad. That is why it can be turned off. Others like the convenience
of having the local domain appended automatically. </p> </dd>
all header and envelope addresses are rewritten; this is controlled
with the canonical_classes configuration parameter. </p>
+<p> Postfix versions 2.2 and later do not rewrite message headers
+from remote clients at all, unless a non-empty domain name is
+specified with the remote_header_rewrite_domain configuration
+parameter. The local_header_rewrite_clients parameter controls
+what SMTP clients Postfix considers local. </p>
+
<p> Address rewriting is
done for local and remote addresses. The mapping is useful to
replace login names by "Firstname.Lastname" style addresses, or to
comes from the gateway itself, instead of from individual machines.
</p>
+<p> Postfix versions 2.2 and later do not rewrite message headers
+from remote SMTP clients at all, unless a non-empty domain name is
+specified with the remote_header_rewrite_domain configuration
+parameter. The local_header_rewrite_clients parameter controls
+what SMTP clients Postfix considers local. </p>
+
<p> Address masquerading is disabled by default, and is implemented
by the cleanup(8) server. To enable, edit the masquerade_domains
parameter in the main.cf file and specify one or more domain names
session cache hit and miss rates for logical destinations and for
physical endpoints. </p>
-%PARAM remote_header_rewrite_domain domain.invalid
+%PARAM remote_header_rewrite_domain
-<p> Append this domain name to incomplete message header addresses
-from remote clients; when this domain name is empty, don't rewrite
-remote message headers at all. Both stop Postfix from appending
-your own domain to addresses in spam from poorly written software.
-</p>
+<p> Don't rewrite message headers from remote clients at all when
+this parameter is empty; otherwise, rewrite remote message headers
+and append the specified domain name to incomplete addresses. </p>
+
+<p> Examples: </p>
+
+<p> The safe setting: append "domain.invalid" to incomplete header
+addresses from remote SMTP clients, so that those addresses cannot
+be confused with local addresses. </p>
+
+<pre>
+ remote_header_rewrite_domain = domain.invalid
+</pre>
+
+<p> The default, purist, setting: don't rewrite headers from remote
+clients at all. </p>
+
+<pre>
+ remote_header_rewrite_domain =
+</pre>
%PARAM local_header_rewrite_clients see "postconf -d" output
-<p> Append the domain name in $myorigin or $mydomain to incomplete
-message header addresses from these clients; append
-$remote_header_rewrite_domain for all other clients. </p>
+<p> Append the domain name in $myorigin or $mydomain to message
+header addresses from these clients only; either don't rewrite
+message headers from other clients at all, or append the domain
+specified with the remote_header_rewrite_domain parameter. </p>
<p> Specify a list of zero or more of the following: </p>
<p> Examples: </p>
+<p> The backwards compatible setting: always rewrite message headers,
+and always append my own domain to incomplete header addresses. </p>
+
<pre>
-local_header_rewrite_clients = static:all
-local_header_rewrite_clients = permit_mynetworks, permit_sasl_authenticated
+ local_header_rewrite_clients = static:all
+</pre>
+
+<p> The default setting: rewrite headers and append my own domain
+only with mail from local or authorized clients. </p>
+
+<pre>
+ local_header_rewrite_clients = permit_mynetworks,
+ permit_sasl_authenticated permit_tls_clientcerts
+</pre>
+
+<p> Include clients that are pop-before-smtp authenticated: </p>
+
+<pre>
+ local_header_rewrite_clients = permit_mynetworks,
+ permit_sasl_authenticated permit_tls_clientcerts
+ check_address_map hash:/etc/postfix/pop-before-smtp
</pre>
/* SEE ALSO
/* smtpd(8), Postfix SMTP server
/* postconf(5), configuration parameters
+/* master(5), generic daemon options
/* README FILES
/* .ad
/* .fi
/* SEE ALSO
/* qmgr(8), queue manager
/* postconf(5), configuration parameters
+/* master(5), generic daemon options
/* master(8), process manager
/* syslogd(8), system logging
/* LICENSE
/* canonical(5), canonical address lookup table format
/* virtual(5), virtual alias lookup table format
/* postconf(5), configuration parameters
+/* master(5), generic daemon options
/* master(8), process manager
/* syslogd(8), system logging
/* README FILES
/* bounce(8), delivery status reports
/* error(8), Postfix error delivery agent
/* postconf(5), configuration parameters
+/* master(5), generic daemon options
/* master(8), process manager
/* syslogd(8), system logging
/* LICENSE
/* bounce(8), delivery status reports
/* discard(8), Postfix discard delivery agent
/* postconf(5), configuration parameters
+/* master(5), generic daemon options
/* master(8), process manager
/* syslogd(8), system logging
/* LICENSE
/* smtpd(8), SMTP server
/* qmgr(8), queue manager
/* postconf(5), configuration parameters
+/* master(5), generic daemon options
/* master(8), process manager
/* syslogd(8), system logging
/* README FILES
* What domain names to assume when no valid domain context exists.
*/
#define VAR_REM_RWR_DOMAIN "remote_header_rewrite_domain"
-#define DEF_REM_RWR_DOMAIN "domain.invalid"
+#define DEF_REM_RWR_DOMAIN ""
extern char *var_remote_rwr_domain;
#define CHECK_ADDR_MAP "check_address_map"
* Patches change the patchlevel and the release date. Snapshots change the
* release date only.
*/
-#define MAIL_RELEASE_DATE "20041021"
+#define MAIL_RELEASE_DATE "20041022"
#define MAIL_VERSION_NUMBER "2.2"
#define VAR_MAIL_VERSION "mail_version"
/* .IP "\fBlmtp_data_done_timeout (600s)\fR"
/* The LMTP client time limit for sending the LMTP ".", and for
/* receiving the server response.
-/* .IP "\fBlmtp_rset_timeout (120s)\fR"
-/* The LMTP client time limit for sending the RSET command, and for
-/* receiving the server response.
+/* .IP "\fBlmtp_rset_timeout (20s)\fR"
+/* The LMTP client time limit for sending the RSET command, and
+/* for receiving the server response.
/* .IP "\fBlmtp_quit_timeout (300s)\fR"
/* The LMTP client time limit for sending the QUIT command, and for
/* receiving the server response.
/* bounce(8), delivery status reports
/* qmgr(8), queue manager
/* postconf(5), configuration parameters
+/* master(5), generic daemon options
/* services(4), Internet services and aliases
/* master(8), process manager
/* syslogd(8), system logging
DEL_REQ_ATTR_AVAIL(request->rewrite_context) == 0 ?
XFORWARD_UNAVAILABLE :
strcmp(request->rewrite_context, REWRITE_LOCAL) ?
- XFORWARD_DOM_LOCAL : XFORWARD_DOM_REMOTE);
+ XFORWARD_DOM_REMOTE : XFORWARD_DOM_LOCAL );
next_state = LMTP_STATE_MAIL;
break;
/* postalias(1), create/update alias database
/* aliases(5), format of alias database
/* postconf(5), configuration parameters
+/* master(5), generic daemon options
/* syslogd(8), system logging
/* LICENSE
/* .ad
/* trivial-rewrite(8), address routing
/* bounce(8), delivery status reports
/* postconf(5), configuration parameters
+/* master(5), generic daemon options
/* master(8), process manager
/* syslogd(8) system logging
/* README FILES
pickup.o: ../../include/rec_type.h
pickup.o: ../../include/lex_822.h
pickup.o: ../../include/input_transp.h
+pickup.o: ../../include/rewrite_clnt.h
pickup.o: ../../include/mail_server.h
/* it is queued.
/* .IP "\fBreceive_override_options (empty)\fR"
/* Enable or disable recipient validation, built-in content
-/* filtering, or address rewriting.
+/* filtering, or address mapping.
/* MISCELLANEOUS CONTROLS
/* .ad
/* .fi
/* sendmail(1), Sendmail-compatible interface
/* postdrop(1), mail posting agent
/* postconf(5), configuration parameters
+/* master(5), generic daemon options
/* master(8), process manager
/* syslogd(8), system logging
/* LICENSE
#include <rec_type.h>
#include <lex_822.h>
#include <input_transp.h>
+#include <rewrite_clnt.h> /* XXX */
/* Single-threaded server skeleton. */
*/
rec_fprintf(cleanup, REC_TYPE_ATTR, "%s=%s",
MAIL_ATTR_ORIGIN, MAIL_ATTR_ORG_LOCAL);
+ rec_fprintf(cleanup, REC_TYPE_ATTR, "%s=%s",
+ MAIL_ATTR_RWR_CTXT_NAME, REWRITE_LOCAL);
/*
* Copy the message envelope segment. Allow only those records that we
/* qmgr(8), queue manager
/* bounce(8), delivery status reports
/* postconf(5), configuration parameters
+/* master(5), generic daemon options
/* master(8), process manager
/* syslogd(8), system logging
/* LICENSE
/* The process name of a Postfix command or daemon process.
/* .IP "\fBproxy_read_maps (see 'postconf -d' output)\fR"
/* The lookup tables that the proxymap(8) server is allowed to access.
+/* SEE ALSO
+/* postconf(5), configuration parameters
+/* master(5), generic daemon options
+/* README FILES
+/* .ad
+/* .fi
+/* Use "\fBpostconf readme_directory\fR" or
+/* "\fBpostconf html_directory\fR" to locate this information.
+/* .na
+/* .nf
+/* DATABASE_README, Postfix lookup table overview
/* LICENSE
/* .ad
/* .fi
* high volume of mail in the active queue.
*/
if (cpp == sites->argv
- && ((request->flags & DEL_REQ_FLAG_SCACHE) != 0
+ && ((var_smtp_cache_demand && (request->flags & DEL_REQ_FLAG_SCACHE) != 0)
|| (smtp_cache_dest && string_list_match(smtp_cache_dest, domain)))) {
sess_flags |= SMTP_SESS_FLAG_CACHE;
SET_NEXTHOP_STATE(state, lookup_mx, domain, port);
DEL_REQ_ATTR_AVAIL(request->rewrite_context) == 0 ?
XFORWARD_UNAVAILABLE :
strcmp(request->rewrite_context, REWRITE_LOCAL) ?
- XFORWARD_DOM_LOCAL : XFORWARD_DOM_REMOTE);
+ XFORWARD_DOM_REMOTE : XFORWARD_DOM_LOCAL );
next_state = SMTP_STATE_MAIL;
break;
/* .PP
/* Available in Postfix version 2.2 and later:
/* .IP "\fBlocal_header_rewrite_clients (see 'postconf -d' output)\fR"
-/* Append the domain name in $myorigin or $mydomain to incomplete
-/* message header addresses from these clients; append
-/* $remote_header_rewrite_domain for all other clients.
-/* .IP "\fBremote_header_rewrite_domain (domain.invalid)\fR"
-/* Append this domain name to incomplete message header addresses
-/* from remote clients; when this domain name is empty, don't rewrite
-/* remote message headers at all.
+/* Append the domain name in $myorigin or $mydomain to message
+/* header addresses from these clients only; either don't rewrite
+/* message headers from other clients at all, or append the domain
+/* specified with the remote_header_rewrite_domain parameter.
+/* .IP "\fBremote_header_rewrite_domain (empty)\fR"
+/* Don't rewrite message headers from remote clients at all when
+/* this parameter is empty; otherwise, rewrite remote message headers
+/* and append the specified domain name to incomplete addresses.
/* AFTER QUEUE EXTERNAL CONTENT INSPECTION CONTROLS
/* .ad
/* .fi
if (*var_filter_xport)
rec_fprintf(state->cleanup, REC_TYPE_FILT, "%s", var_filter_xport);
rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
- MAIL_ATTR_RWR_CTXT_NAME, state->rewrite_context_name);
- }
+ MAIL_ATTR_RWR_CTXT_NAME, FORWARD_DOMAIN(state));
#ifdef USE_SASL_AUTH
- if (var_smtpd_sasl_enable) {
- if (state->sasl_method)
- rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
- MAIL_ATTR_SASL_METHOD, state->sasl_method);
- if (state->sasl_username)
- rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
- MAIL_ATTR_SASL_USERNAME, state->sasl_username);
- if (state->sasl_sender)
- rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
- MAIL_ATTR_SASL_SENDER, state->sasl_sender);
- }
+ if (var_smtpd_sasl_enable) {
+ if (state->sasl_method)
+ rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
+ MAIL_ATTR_SASL_METHOD, state->sasl_method);
+ if (state->sasl_username)
+ rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
+ MAIL_ATTR_SASL_USERNAME, state->sasl_username);
+ if (state->sasl_sender)
+ rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
+ MAIL_ATTR_SASL_SENDER, state->sasl_sender);
+ }
#endif
+ }
rec_fputs(state->cleanup, REC_TYPE_FROM, state->sender);
if (state->encoding != 0)
rec_fprintf(state->cleanup, REC_TYPE_ATTR, "%s=%s",
* we have a valid recipient address.
*/
if (state->proxy == 0 && state->cleanup == 0) {
- smtpd_check_rewrite(state);
+ if (!SMTPD_STAND_ALONE(state))
+ smtpd_check_rewrite(state);
if (state->proxy_mail) {
if (smtpd_proxy_open(state, var_smtpd_proxy_filt,
var_smtpd_proxy_tmout, var_smtpd_proxy_ehlo,
XFORWARD_DOMAIN, attr_value);
return (-1);
}
- if (state->rewrite_context_name
- && strcmp(state->rewrite_context_name,
- context_name[context_code])) {
- myfree(state->rewrite_context_name);
- state->rewrite_context_name =
- mystrdup(context_name[context_code]);
- }
+ UPDATE_STR(state->xforward.domain, context_name[context_code]);
break;
/*
char *protocol; /* email protocol */
char *helo_name; /* helo/ehlo parameter */
char *ident; /* message identifier */
+ char *domain; /* rewrite context */
} SMTPD_XFORWARD_ATTR;
typedef struct SMTPD_STATE {
#define CLIENT_HELO_UNKNOWN 0
#define CLIENT_PROTO_UNKNOWN CLIENT_ATTR_UNKNOWN
#define CLIENT_IDENT_UNKNOWN 0
+#define CLIENT_DOMAIN_UNKNOWN 0
#define IS_AVAIL_CLIENT_ATTR(v) ((v) && strcmp((v), CLIENT_ATTR_UNKNOWN))
#define IS_AVAIL_CLIENT_HELO(v) ((v) != 0)
#define IS_AVAIL_CLIENT_PROTO(v) IS_AVAIL_CLIENT_ATTR(v)
#define IS_AVAIL_CLIENT_IDENT(v) ((v) != 0)
+#define IS_AVAIL_CLIENT_DOMAIN(v) ((v) != 0)
/*
* If running in stand-alone mode, do not try to talk to Postfix daemons but
(((s)->xforward.flags & SMTPD_STATE_XFORWARD_CLIENT_MASK) ? \
(s)->xforward.a : (s)->a)
-#define FORWARD_IDENT_ATTR(s) \
- (((s)->xforward.flags & SMTPD_STATE_XFORWARD_IDENT) ? \
- (s)->queue_id : (s)->ident)
-
#define FORWARD_ADDR(s) FORWARD_CLIENT_ATTR((s), addr)
#define FORWARD_NAME(s) FORWARD_CLIENT_ATTR((s), name)
#define FORWARD_NAMADDR(s) FORWARD_CLIENT_ATTR((s), namaddr)
#define FORWARD_PROTO(s) FORWARD_CLIENT_ATTR((s), protocol)
#define FORWARD_HELO(s) FORWARD_CLIENT_ATTR((s), helo_name)
-#define FORWARD_IDENT(s) FORWARD_IDENT_ATTR(s)
+
+#define FORWARD_IDENT(s) \
+ (((s)->xforward.flags & SMTPD_STATE_XFORWARD_IDENT) ? \
+ (s)->queue_id : (s)->ident)
+
+#define FORWARD_DOMAIN(s) \
+ (((s)->xforward.flags & SMTPD_STATE_XFORWARD_DOMAIN) ? \
+ (s)->xforward.domain : (s)->rewrite_context_name)
extern void smtpd_xforward_init(SMTPD_STATE *);
extern void smtpd_xforward_preset(SMTPD_STATE *);
#define SMTPD_NAME_RECIPIENT "Recipient address"
#define SMTPD_NAME_ETRN "Etrn command"
#define SMTPD_NAME_DATA "Data command"
-#define SMTPD_NAME_REWRITE "Local address rewriting"
/*
* YASLM.
DICT *dict;
/*
- * We don't use generic_checks() because it produces results that
- * aren't applicable such as DEFER or REJECT.
+ * We don't use generic_checks() because it produces results that aren't
+ * applicable such as DEFER or REJECT.
*/
for (cpp = local_rewrite_clients->argv; *cpp != 0; cpp++) {
if (msg_verbose)
continue;
}
if (status == SMTPD_CHECK_OK) {
+ if (state->rewrite_context_name)
+ myfree(state->rewrite_context_name);
state->rewrite_context_name = mystrdup(REWRITE_LOCAL);
return;
}
char *var_relay_rcpt_maps;
char *var_verify_sender;
char *var_smtpd_sasl_opts;
-char *var_remote_rwr_name;
+char *var_remote_rwr_domain;
char *var_local_rwr_clients;
typedef struct {
VAR_VERIFY_SENDER, DEF_VERIFY_SENDER, &var_verify_sender,
VAR_MAIL_NAME, DEF_MAIL_NAME, &var_mail_name,
VAR_SMTPD_SASL_OPTS, DEF_SMTPD_SASL_OPTS, &var_smtpd_sasl_opts,
- VAR_REM_RWR_NAME, DEF_REM_RWR_NAME, &var_remote_rwr_name,
+ VAR_REM_RWR_DOMAIN, DEF_REM_RWR_DOMAIN, &var_remote_rwr_domain,
VAR_LOC_RWR_CLIENTS, DEF_LOC_RWR_CLIENTS, &var_local_rwr_clients,
0,
};
int var_smtpd_policy_tmout;
int var_smtpd_policy_idle;
int var_smtpd_policy_ttl;
+int var_smtpd_rej_unl_from;
+int var_smtpd_rej_unl_rcpt;
static INT_TABLE int_table[] = {
"msg_verbose", 0, &msg_verbose,
VAR_VIRT_MAILBOX_CODE, DEF_VIRT_MAILBOX_CODE, &var_virt_mailbox_code,
VAR_SHOW_UNK_RCPT_TABLE, DEF_SHOW_UNK_RCPT_TABLE, &var_show_unk_rcpt_table,
VAR_VERIFY_POLL_COUNT, DEF_VERIFY_POLL_COUNT, &var_verify_poll_count,
+ VAR_SMTPD_REJ_UNL_FROM, DEF_SMTPD_REJ_UNL_FROM, &var_smtpd_rej_unl_from,
+ VAR_SMTPD_REJ_UNL_RCPT, DEF_SMTPD_REJ_UNL_RCPT, &var_smtpd_rej_unl_rcpt,
0,
};
string_init();
int_init();
smtpd_check_init();
- smtpd_state_init(&state, VSTREAM_IN);
+ smtpd_state_init(&state, VSTREAM_IN, "smtpd");
state.queue_id = "<queue id>";
/*
* Show commands.
*/
default:
+ if (strcasecmp(args->argv[0], "check_rewrite") == 0) {
+ smtpd_check_rewrite(&state);
+ resp = state.rewrite_context_name;
+ break;
+ }
resp = "Commands...\n\
client <name> <address> [<code>]\n\
helo <hostname>\n\
sender <address>\n\
recipient <address>\n\
+ check_rewrite\n\
msg_verbose <level>\n\
client_restrictions <restrictions>\n\
helo_restrictions <restrictions>\n\
>>> sender_restrictions check_sender_mx_access,hash:smtpd_check_access
OK
>>> mail foo@pls.net.au
-./smtpd_check: warning: numeric domain name in resource data of MX record for pls.net.au: 203.3.110.241
OK
>>> #mail foo@verisign-wildcard.com
>>> mail foo@verisign.com
FORWARD_PROTO(state))))
&& (!(state->proxy_xforward_features & SMTPD_PROXY_XFORWARD_DOMAIN)
|| !(bad = smtpd_xforward(state, buf, XFORWARD_DOMAIN, 1,
- STREQ(state->rewrite_context_name, REWRITE_LOCAL) ?
+ STREQ(FORWARD_DOMAIN(state), REWRITE_LOCAL) ?
XFORWARD_DOM_LOCAL : XFORWARD_DOM_REMOTE))))
bad = smtpd_xforward_flush(state, buf);
vstring_free(buf);
state->xforward.protocol = 0;
state->xforward.helo_name = 0;
state->xforward.ident = 0;
+ state->xforward.domain = 0;
}
/* smtpd_xforward_preset - set xforward attributes to "unknown" */
/* Leave helo at zero. */
state->xforward.protocol = mystrdup(CLIENT_PROTO_UNKNOWN);
/* Leave ident at zero. */
+ /* Leave domain context at zero. */
}
/* smtpd_xforward_reset - reset XCLIENT attributes */
FREE_AND_WIPE(state->xforward.protocol);
FREE_AND_WIPE(state->xforward.helo_name);
FREE_AND_WIPE(state->xforward.ident);
+ FREE_AND_WIPE(state->xforward.domain);
}
/* address rewriting context:
/* .RS
/* .IP \fBlocal\fR
-/* .IP \fBnone\fR
/* Append the domain names specified with \fB$myorigin\fR or
/* \fB$mydomain\fR to incomplete addresses; do \fBswap_bangpath\fR
/* and \fBallow_percent_hack\fR processing as described below, and
/* strip source routed addresses (\fI@site,@site:user@domain\fR)
/* to \fIuser@domain\fR form.
-/* .IP \fBinvalid\fR
+/* .IP \fBremote\fR
/* Append the domain name specified with
/* \fB$remote_header_rewrite_domain\fR to incomplete
/* addresses. Otherwise the result is identical to that of
/* Enable the rewriting of "site!user" into "user@site".
/* .PP
/* Available in Postfix 2.2 and later:
-/* .IP "\fBremote_header_rewrite_domain (domain.invalid)\fR"
-/* Append this domain to incomplete message header addresses from
-/* remote clients; when the domain is empty, don't rewrite remote message
-/* headers at all.
+/* .IP "\fBremote_header_rewrite_domain (empty)\fR"
+/* Don't rewrite message headers from remote clients at all when
+/* this parameter is empty; otherwise, rewrite remote message headers
+/* and append the specified domain name to incomplete addresses.
/* ROUTING CONTROLS
/* .ad
/* .fi
static VSTRING *buf;
const char *result = 0;
+ /*
+ * Sanity check.
+ */
+ if ((dict->flags & (DICT_FLAG_TRY1NULL | DICT_FLAG_TRY0NULL)) == 0)
+ msg_panic("dict_db_lookup: no DICT_FLAG_TRY1NULL | DICT_FLAG_TRY0NULL flag");
+
dict_errno = 0;
memset(&db_key, 0, sizeof(db_key));
memset(&db_value, 0, sizeof(db_value));
DBT db_value;
int status;
+ /*
+ * Sanity check.
+ */
+ if ((dict->flags & (DICT_FLAG_TRY1NULL | DICT_FLAG_TRY0NULL)) == 0)
+ msg_panic("dict_db_update: no DICT_FLAG_TRY1NULL | DICT_FLAG_TRY0NULL flag");
+
memset(&db_key, 0, sizeof(db_key));
memset(&db_value, 0, sizeof(db_value));
db_key.data = (void *) name;
int status = 1;
int flags = 0;
+ /*
+ * Sanity check.
+ */
+ if ((dict->flags & (DICT_FLAG_TRY1NULL | DICT_FLAG_TRY0NULL)) == 0)
+ msg_panic("dict_db_delete: no DICT_FLAG_TRY1NULL | DICT_FLAG_TRY0NULL flag");
+
memset(&db_key, 0, sizeof(db_key));
/*
static VSTRING *buf;
const char *result = 0;
+ /*
+ * Sanity check.
+ */
+ if ((dict->flags & (DICT_FLAG_TRY1NULL | DICT_FLAG_TRY0NULL)) == 0)
+ msg_panic("dict_dbm_lookup: no DICT_FLAG_TRY1NULL | DICT_FLAG_TRY0NULL flag");
+
dict_errno = 0;
/*
datum dbm_value;
int status;
+ /*
+ * Sanity check.
+ */
+ if ((dict->flags & (DICT_FLAG_TRY1NULL | DICT_FLAG_TRY0NULL)) == 0)
+ msg_panic("dict_dbm_update: no DICT_FLAG_TRY1NULL | DICT_FLAG_TRY0NULL flag");
+
dbm_key.dptr = (void *) name;
dbm_value.dptr = (void *) value;
dbm_key.dsize = strlen(name);
int status = 1;
int flags = 0;
+ /*
+ * Sanity check.
+ */
+ if ((dict->flags & (DICT_FLAG_TRY1NULL | DICT_FLAG_TRY0NULL)) == 0)
+ msg_panic("dict_dbm_delete: no DICT_FLAG_TRY1NULL | DICT_FLAG_TRY0NULL flag");
+
/*
* Acquire an exclusive lock.
*/
int err;
static VSTRING *buf;
+ /*
+ * Sanity check.
+ */
+ if ((dict->flags & (DICT_FLAG_TRY1NULL | DICT_FLAG_TRY0NULL)) == 0)
+ msg_panic("dict_nis_lookup: no DICT_FLAG_TRY1NULL | DICT_FLAG_TRY0NULL flag");
+
dict_errno = 0;
if (dict_nis_domain == dict_nis_disabled)
return (0);
DICT_NISPLUS *dict_nisplus = (DICT_NISPLUS *) dict;
static VSTRING *quoted_key;
static VSTRING *query;
- static VSTRING *reply;
- nis_result *nis_alias;
+ static VSTRING *retval;
+ nis_result *reply;
int count;
const char *cp;
+ int last_col;
int ch;
/*
dict_errno = 0;
if (quoted_key == 0) {
query = vstring_alloc(100);
- reply = vstring_alloc(100);
+ retval = vstring_alloc(100);
quoted_key = vstring_alloc(100);
}
* addresses (in envelopes or in headers) have a finite length.
*/
vstring_sprintf(query, dict_nisplus->template, STR(quoted_key));
- nis_alias = nis_list(STR(query), FOLLOW_LINKS | FOLLOW_PATH, NULL, NULL);
+ reply = nis_list(STR(query), FOLLOW_LINKS | FOLLOW_PATH, NULL, NULL);
/*
- * When lookup succeeds, the result may be unusable because it is
- * ambiguous.
+ * When lookup succeeds, the result may be ambiguous, or the requested
+ * column may not exist.
*/
- if (nis_alias->status == NIS_SUCCESS) {
- if ((count = NIS_RES_NUMOBJ(nis_alias)) != 1) {
+ if (reply->status == NIS_SUCCESS) {
+ if ((count = NIS_RES_NUMOBJ(reply)) != 1) {
msg_warn("ambiguous match (%d results) for %s in NIS+ map %s:"
" ignoring this request",
count, key, dict_nisplus->dict.name);
- nis_freeresult(nis_alias);
+ nis_freeresult(reply);
return (0);
} else {
- vstring_strcpy(reply,
- NIS_RES_OBJECT(nis_alias)->zo_data.objdata_u
+ last_col = NIS_RES_OBJECT(reply)->zo_data
+ .objdata_u.en_data.en_cols.en_cols_len - 1;
+ if (dict_nisplus->column > last_col)
+ msg_fatal("requested column %d > max column %d in table %s",
+ dict_nisplus->column, last_col,
+ dict_nisplus->dict.name);
+ vstring_strcpy(retval,
+ NIS_RES_OBJECT(reply)->zo_data.objdata_u
.en_data.en_cols.en_cols_val[dict_nisplus->column]
.ec_value.ec_value_val);
if (msg_verbose)
msg_info("%s: %s, column %d -> %s", myname, STR(query),
- dict_nisplus->column, STR(reply));
- nis_freeresult(nis_alias);
- return (STR(reply));
+ dict_nisplus->column, STR(retval));
+ nis_freeresult(reply);
+ return (STR(retval));
}
}
* the problem and fix it.
*/
else {
- if (nis_alias->status != NIS_NOTFOUND
- && nis_alias->status != NIS_PARTIAL) {
+ if (reply->status != NIS_NOTFOUND
+ && reply->status != NIS_PARTIAL) {
msg_warn("lookup %s, NIS+ map %s: %s",
key, dict_nisplus->dict.name,
- nis_sperrno(nis_alias->status));
+ nis_sperrno(reply->status));
dict_errno = DICT_ERR_RETRY;
+ } else {
+ if (msg_verbose)
+ msg_info("%s: not found: query %s", myname, STR(query));
}
- nis_freeresult(nis_alias);
+ nis_freeresult(reply);
return (0);
}
}
#define DEF_DB_TYPE "dbm"
#define ALIAS_DB_MAP "dbm:/etc/mail/aliases"
#define HAS_NIS
+#define HAS_NISPLUS
#define USE_SYS_SOCKIO_H /* Solaris 2.5, changed sys/ioctl.h */
#define GETTIMEOFDAY(t) gettimeofday(t)
#define ROOT_PATH "/bin:/usr/bin:/sbin:/usr/sbin:/usr/ucb"
projects / thirdparty / postfix.git / commitdiff
