Major changes - DNSBL/DNSWL support
-----------------------------------
-[Feature 20101126] Support for address patterns in DNSBL and DNSWL
-lookup results.
+[Feature 20101126] Support for address patterns in DNS blacklist
+and whitelist lookup results.
-For example, "reject_rbl_client example.com=127.0.0.[2,4,6..8]"
+For example, "reject_rbl_client example.com=127.0.0.[2;4;6..8]"
will reject clients when the lookup result is 127.0.0.2, 127.0.0.4,
127.0.0.6, 127.0.0.7, or 127.0.0.8.
-The setting "postscreen_dnsbl_sites = example.com=127.0.0.[2,4,6..8]"
+The setting "postscreen_dnsbl_sites = example.com=127.0.0.[2;4;6..8]"
rejects the same clients.
An IPv4 address pattern has four fields separated by ".". Each
field is either a decimal number, or a sequence inside "[]" that
-contains one or more comma-separated decimal numbers or number..number
+contains one or more ";"-separated decimal numbers or number..number
ranges.
Thus, any pattern field can be a sequence inside "[]", but a "[]"
v4pattern = v4field "." v4field "." v4field "." v4field
v4field = v4octet | "[" v4sequence "]"
v4octet = any decimal number in the range 0 through 255
-v4sequence = v4seq_member | v4sequence "," v4seq_member
+v4sequence = v4seq_member | v4sequence ";" v4seq_member
v4seq_member = v4octet | v4octet ".." v4octet
[Feature 20101105] The Postfix SMTP server now supports DNS-based
Also for safety reasons, the result is DEFER_IF_REJECT when DNS
whitelist lookup fails (this result will be made configurable).
-Major changes - Milter suppport
+Major changes - sqlite support
+------------------------------
+
+[Feature 20100617] Support for read-only sqlite database access,
+with code by Axel Steiner and documentation by Jesus Garcia Crespo.
+See SQLITE_README and sqlite_table(5) for details.
+
+Major changes - Milter support
-------------------------------
[Incompat 20101103] Postfix now requests default delivery status
</tr>
-<tr> </tr>
+<tr> <td> </td> </tr>
<tr>
</tr>
-<tr> </tr>
+<tr> <td> </td> </tr>
<tr> <td colspan="4"> </td> </tr>
</tr>
-<tr> </tr>
+<tr> <td> </td> </tr>
<tr>
</tr>
-<tr> </tr>
+<tr> <td> </td> </tr>
<tr> <td colspan="4"> </td> </tr>
<tr> <th>Plugin </th> <th>Description </th> </tr>
-<tr> <td><a href="#auxprop_sasldb">sasldb</a></dt> <td> Accounts
+<tr> <td><a href="#auxprop_sasldb">sasldb</a></td> <td> Accounts
are stored stored in a Cyrus SASL Berkeley DB database </td> </tr>
-<tr> <td><a href="#auxprop_sql">sql</a></dt> <td> Accounts are
+<tr> <td><a href="#auxprop_sql">sql</a></td> <td> Accounts are
stored in a SQL database </td> </tr>
-<tr> <td><a href="#auxprop_ldapdb">ldapdb</a></dt> <td> Accounts
+<tr> <td><a href="#auxprop_ldapdb">ldapdb</a></td> <td> Accounts
are stored stored in an LDAP database </td> </tr>
</table>
version 2.8 and later, <a href="postconf.5.html#reject_rhsbl_reverse_client">reject_rhsbl_reverse_client</a> will usually
produce better results. </dd>
-<
/dd> <dt><b><a name="permit_rhswl_client">permit_rhswl_client <i>rhswl_domain=d.d.d.d</i></a></b></dt>
+<dt><b><a name="permit_rhswl_client">permit_rhswl_client <i>rhswl_domain=d.d.d.d</i></a></b></dt>
<dd>Accept the request when the client hostname is listed with the
A record "<i>d.d.d.d</i>" under <i>rhswl_domain</i>. Each "<i>d</i>"
to translate these into domain names if necessary. </p>
<li> <p> Use "<a href="postconf.5.html#strict_rfc821_envelopes">strict_rfc821_envelopes</a> = no" to accept "RCPT TO:<<i>User
-Name <user@example.com>></i>". Postfix will ignore the "User
-Name" part and deliver to the <user@example.com></i> address.
+Name <user@example.com>></i>". Postfix will ignore the "<i>User
+Name</i>" part and deliver to the <i><user@example.com></i> address.
</p>
</ul>
multi-recipient mail. Acting on only one recipient would be misleading,
because any decision will affect all recipients equally. Acting on
all recipients would require a possibly very large amount of memory,
-and would also be misleading for the reasons mentioned before. </p>
+and would also be misleading for the reasons mentioned before.
</ul>
is not logged to the Postfix SMTP server's maillog file. </p>
<p> Be sure to keep the text as short as possible. Long text may
-be truncated before it is logged in the Postfix SMTP server's maillog
+be truncated before it is logged to the remote SMTP client's maillog
file, or before it is returned to the sender in a delivery status
notification. </p>
to translate these into domain names if necessary.
.IP \(bu
Use "strict_rfc821_envelopes = no" to accept "RCPT TO:<\fIUser
-Name <user@example.com>>\fR". Postfix will ignore the "User
-Name" part and deliver to the <user@example.com>\fR address.
+Name <user@example.com>>\fR". Postfix will ignore the "\fIUser
+Name\fR" part and deliver to the \fI<user@example.com>\fR address.
.PP
Examples of problems that can be solved with the smtpd_command_filter
feature:
is not logged to the Postfix SMTP server's maillog file.
.PP
Be sure to keep the text as short as possible. Long text may
-be truncated before it is logged in the Postfix SMTP server's maillog
+be truncated before it is logged to the remote SMTP client's maillog
file, or before it is returned to the sender in a delivery status
notification.
.PP
</tr>
-<tr> </tr>
+<tr> <td> </td> </tr>
<tr>
</tr>
-<tr> </tr>
+<tr> <td> </td> </tr>
<tr> <td colspan="4"> </td> </tr>
</tr>
-<tr> </tr>
+<tr> <td> </td> </tr>
<tr>
</tr>
-<tr> </tr>
+<tr> <td> </td> </tr>
<tr> <td colspan="4"> </td> </tr>
<tr> <th>Plugin </th> <th>Description </th> </tr>
-<tr> <td><a href="#auxprop_sasldb">sasldb</a></dt> <td> Accounts
+<tr> <td><a href="#auxprop_sasldb">sasldb</a></td> <td> Accounts
are stored stored in a Cyrus SASL Berkeley DB database </td> </tr>
-<tr> <td><a href="#auxprop_sql">sql</a></dt> <td> Accounts are
+<tr> <td><a href="#auxprop_sql">sql</a></td> <td> Accounts are
stored in a SQL database </td> </tr>
-<tr> <td><a href="#auxprop_ldapdb">ldapdb</a></dt> <td> Accounts
+<tr> <td><a href="#auxprop_ldapdb">ldapdb</a></td> <td> Accounts
are stored stored in an LDAP database </td> </tr>
</table>
version 2.8 and later, reject_rhsbl_reverse_client will usually
produce better results. </dd>
-<
/dd> <dt><b><a name="permit_rhswl_client">permit_rhswl_client <i>rhswl_domain=d.d.d.d</i></a></b></dt>
+<dt><b><a name="permit_rhswl_client">permit_rhswl_client <i>rhswl_domain=d.d.d.d</i></a></b></dt>
<dd>Accept the request when the client hostname is listed with the
A record "<i>d.d.d.d</i>" under <i>rhswl_domain</i>. Each "<i>d</i>"
multi-recipient mail. Acting on only one recipient would be misleading,
because any decision will affect all recipients equally. Acting on
all recipients would require a possibly very large amount of memory,
-and would also be misleading for the reasons mentioned before. </p>
+and would also be misleading for the reasons mentioned before.
</ul>
to translate these into domain names if necessary. </p>
<li> <p> Use "strict_rfc821_envelopes = no" to accept "RCPT TO:<<i>User
-Name <user@example.com>></i>". Postfix will ignore the "User
-Name" part and deliver to the <user@example.com></i> address.
+Name <user@example.com>></i>". Postfix will ignore the "<i>User
+Name</i>" part and deliver to the <i><user@example.com></i> address.
</p>
</ul>
is not logged to the Postfix SMTP server's maillog file. </p>
<p> Be sure to keep the text as short as possible. Long text may
-be truncated before it is logged in the Postfix SMTP server's maillog
+be truncated before it is logged to the remote SMTP client's maillog
file, or before it is returned to the sender in a delivery status
notification. </p>
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20110118"
-#define MAIL_VERSION_NUMBER "2.8.0-RC3"
+#define MAIL_RELEASE_DATE "20110120"
+#define MAIL_VERSION_NUMBER "2.8.0"
#ifdef SNAPSHOT
# define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE
int var_psc_pre_queue_limit;
int var_psc_watchdog;
-#define MIGRATION_WARNING
+#undef MIGRATION_WARNING
#ifdef MIGRATION_WARNING
char *var_psc_wlist_nets;
#include <postscreen.h>
-/* psc_average - moving average */
-
-static double psc_average(double new, double old)
-{
- return (0.1 * new + 0.9 * old);
-}
-
/*
* Monitor time-critical operations.
*
* XXX Averaging support was added during a stable release candidate, so it
* provides only the absolute minimum necessary. A complete implementation
* should maintain separate statistics for each table, and it should not
- * complain when the average time between table access is larger than the
- * average table access latency.
+ * complain when the access latency is less than the time between accesses.
*/
-#define PSC_GET_TIME_BEFORE_LOOKUP \
+#define PSC_GET_TIME_BEFORE_LOOKUP { \
struct timeval _before, _after; \
DELTA_TIME _delta; \
double _new_delta_ms; \
#define PSC_DELTA_MS(d) ((d).dt_sec * 1000.0 + (d).dt_usec / 1000.0)
+#define PSC_AVERAGE(new, old) (0.1 * (new) + 0.9 * (old))
+
#ifndef PSC_THRESHOLD_MS
#define PSC_THRESHOLD_MS 100 /* nag if latency > 100ms */
#endif
#define PSC_WARN_LOCKOUT_S 60 /* don't nag for 60s */
#endif
+ /*
+ * Shared warning lock, so that we don't spam the logfile when the system
+ * becomes slow.
+ */
static time_t psc_last_warn = 0;
#define PSC_CHECK_TIME_AFTER_LOOKUP(table, action, average) \
GETTIMEOFDAY(&_after); \
PSC_CALC_DELTA(_delta, _after, _before); \
_new_delta_ms = PSC_DELTA_MS(_delta); \
- if ((average = psc_average(_new_delta_ms, average)) > PSC_THRESHOLD_MS \
- && psc_last_warn < event_time() - PSC_WARN_LOCKOUT_S) { \
+ if ((average = PSC_AVERAGE(_new_delta_ms, average)) > PSC_THRESHOLD_MS \
+ && psc_last_warn < _after.tv_sec - PSC_WARN_LOCKOUT_S) { \
msg_warn("%s: %s %s average delay is %.0f ms", \
myname, (table), (action), average); \
- psc_last_warn = event_time(); \
- }
+ psc_last_warn = _after.tv_sec; \
+ } \
+}
/* psc_addr_match_list_match - time-critical address list lookup */
* Drain all input in the VSTREAM buffer, otherwise this socket will not
* receive further read event notification until the client disconnects!
*
+ * To suspend this loop temporarily before the buffer is drained, use the
+ * PSC_SUSPEND_SMTP_CMD_EVENTS() and PSC_RESUME_SMTP_CMD_EVENTS() macros,
+ * and set the PSC_SMTPD_CMD_FLAG_SUSPEND flag in the command table.
+ *
* Don't try to read input before it has arrived, otherwise we would starve
* the pseudo threads of other sessions. Get out of here as soon as the
* VSTREAM read buffer dries up. Do not look for more input in kernel
*/
/*
- * Note: on entry into this function the VSTREAM buffer may be non-empty,
- * so we test the "no more input" condition at the bottom of the loops.
+ * Note: on entry into this function the VSTREAM buffer may or may not be
+ * empty, so we test the "no more input" condition at the bottom of the
+ * loops.
*/
for (;;) {
projects / thirdparty / postfix.git / commitdiff
