feature uses the same filtering syntax as the header_checks
feature. File: cleanup/cleanup_message.c. See also the
conf/sample-filter.cf file.
+
+20000529
+
+ Feature: full content inspection through external software.
+ This uses existing interfaces for sending and receiving mail
+ from and to the content inspector. Currently, only the SMTP
+ server is suitable for receiving inspected mail. Details
+ in INSPECTION_README. Files: pickup/pickup.c, smtpd/smtpd.c,
+ qmgr/qmgr_message.c.
--- /dev/null
+This is a very first implementation of Postfix content inspection.
+It involves an incompatible change to queue file formats. Older
+Postfix versions will move the mail aside to the "corrupt" mail
+queue subdirectory.
+
+The example uses content inspection software that can receive and
+deliver mail via SMTP. At present, Postfix can receive already
+inspected mail only via SMTP. In the future it may become possible
+to submit already filtered mail via the postdrop command. However,
+doing business over SMTP is much less inefficient.
+
+We will set up a content inspector program listening on localhost
+port 10025 that receives mail via the SMTP protocol, and that
+submits mail back into Postfix via localhost port 10026.
+
+ ..................................
+ . Postfix .
+ ------smtpd \ /local-----
+ . -cleanup->queue- .
+ -----pickup / ^ | \smtp------
+ . | v .
+ . smtpd smtp .
+ . 10026 | .
+ ......................|...........
+ ^ |
+ | v
+ ....|............
+ . | 10025 .
+ . inspector .
+ . .
+ .................
+
+To enable content inspection in this manner, specify in main.cf a
+new parameter:
+
+ /etc/postfix/main.cf:
+ content_inspector = smtp:localhost:10025
+
+This causes Postfix to add one extra content inspection record to
+each incoming mail message, with content smtp:localhost:10025.
+You can use the same syntax as in the right-hand side of a Postfix
+transport table. The content inspection records are added by the
+smtpd and pickup servers.
+
+When a queue file has content inspection information, the queue
+manager will deliver the mail to the specified content inspector
+regardless of its final destination.
+
+Setting up the content inspector could be done with the Postfix
+spawn service, to instantiate up to 10 processes on demand:
+
+ /etc/postfix/master.cf:
+ localhost:10025 inet - n n - 10 spawn
+ user=inspect argv=/some/where/inspect localhost 10026
+
+The spawn server is part of Postfix but is not installed by default.
+Edit the top-level Makefile.in file, run "make makefiles", "make",
+and "make install".
+
+The /some/where/inspect command is most likely a PERL script. PERL
+has modules that make talking SMTP easy. The command-line specifies
+that mail shouldbe sent back into Postfix via localhost port 10026.
+
+The job of the content inspector is to either bounce mail with a
+suitable diagnostic, or to feed the mail back into Postfix through
+a dedicated listener on port localhost 10026:
+
+ /etc/postfix/master.cf:
+ localhost:10026 inet n - n - 0 smtpd
+ -o content_inspector= myhostname=localhost.domain.name
+
+This is just another SMTP server. It is configured NOT to request
+content inspection for incoming mail, has no process limit (so
+Postfix will not deadlock), and is configured to use a different
+hostname in the greeting message (this is necessary for testing
+when I simply use no inspector program and let the SMTP content
+inspection interfaces talk directly to each other).
-Major changes with snapshot-20000526
+Incompatible changes with snapshot-20000529
+===========================================
+
+This version introduces an incompatible queue file format change
+when content inspection is enabled. Old Postfix queue files will
+work fine, but new queue files will not work with old Postfix
+versions. They log a warning and move incompatible queue files to
+the "corrupt" mail queue subdirectory.
+
+Major changes with snapshot-20000529
+====================================
+
+This version introduces full content inspection through an external
+process. This involves an incompatible change in queue file format.
+Mail is delivered to content inspection software via an existing
+mail delivery agent, and is re-injected into Postfix via an existing
+mail submission agent. Presently, only the Postfix SMTP server is
+suitable for receiving already inspected mail. Details in the
+INSPECTION_README file.
+
+Major changes with snapshot-20000528
====================================
Specify "body_checks = regexp:/etc/postfix/body_checks" for a quick
Turn on client-side SASL authentication, and specify a table with
per-host or per-destination username and password information.
Postfix first looks up the server hostname; if no entry is found,
-then Postfix looks up the destination domain name (the address
-remote part).
+then Postfix looks up the destination domain name (usually, the
+remote part of an email address).
/etc/postfix/main.cf:
smtp_sasl_auth_enable = yes
# When a pattern matches, and the associated action is REJECT, the
# entire message is rejected.
#
+# These patterns do not apply to MIME headers in the message body.
+#
header_checks = regexp:/etc/postfix/header_checks
# The body_checks parameter specifies an optional table with patterns
-# that each physical non-header line is matched against (including
-# MIME headers inside the message body). Lines are matched one at
-# a time. Long lines are matched in chunks of at most $line_length_limit
+# that each physical line in the message body is matched against
+# (including MIME headers inside the message body - Postfix does not
+# recognize multi-line MIME headers). Lines are matched one at a
+# time. Long lines are matched in chunks of at most $line_length_limit
# characters. Patterns are matched in the specified order, and the
# search stops upon the first match. When a pattern matches, and
# the associated action is REJECT, the entire message is rejected.
extern void mail_params_init(void);
+ /*
+ * Content inspection transport. The things we have to do because some
+ * over-paid peecee programmers could not do a proper job.
+ */
+#define VAR_INSPECT_XPORT "content_inspector"
+#define DEF_INSPECT_XPORT ""
+extern char *var_inspect_xport;
+
/* LICENSE
/* .ad
/* .fi
* Version of this program.
*/
#define VAR_MAIL_VERSION "mail_version"
-#define DEF_MAIL_VERSION "Snapshot-20000528"
+#define DEF_MAIL_VERSION "Snapshot-20000529"
extern char *var_mail_version;
/* LICENSE
REC_TYPE_SIZE, "message_size",
REC_TYPE_TIME, "time",
REC_TYPE_FULL, "fullname",
+ REC_TYPE_INSP, "content_inspector",
REC_TYPE_FROM, "sender",
REC_TYPE_DONE, "done",
REC_TYPE_RCPT, "recipient",
#define REC_TYPE_SIZE 'C' /* first record, created by cleanup */
#define REC_TYPE_TIME 'T' /* time stamp, required */
#define REC_TYPE_FULL 'F' /* full name, optional */
+#define REC_TYPE_INSP 'I' /* inspector transport */
#define REC_TYPE_FROM 'S' /* sender, required */
#define REC_TYPE_DONE 'D' /* delivered recipient, optional */
#define REC_TYPE_RCPT 'R' /* todo recipient, optional */
* record groups. The first member in each set is the record type that
* indicates the end of that record group.
*/
-#define REC_TYPE_ENVELOPE "MCTFSDRW"
+#define REC_TYPE_ENVELOPE "MCTFISDRW"
#define REC_TYPE_CONTENT "XLN"
#define REC_TYPE_EXTRACT "EDRPre"
#define REC_TYPE_NOEXTRACT "E"
details and for default values. Use the <b>postfix</b> <b>reload</b>
command after a configuration change.
+<b>Content</b> <b>inspection</b> <b>controls</b>
+ <b>content</b><i>_</i><b>inspector</b>
+ The name of a mail delivery transport that inspects
+ mail prior to delivery. This parameter uses the
+ same syntax as the right-hand side of a Postfix
+ transport table.
+
<b>Miscellaneous</b>
<b>always</b><i>_</i><b>bcc</b>
- Address to send a copy of each message that enters
+ Address to send a copy of each message that enters
the system.
- <b>mail</b><i>_</i><b>owner</b>
- The process privileges used while not opening a
- <b>maildrop</b> file.
-
- <b>queue</b><i>_</i><b>directory</b>
- Top-level directory of the Postfix queue.
-
PICKUP(8) PICKUP(8)
+ <b>mail</b><i>_</i><b>owner</b>
+ The process privileges used while not opening a
+ <b>maildrop</b> file.
+
+ <b>queue</b><i>_</i><b>directory</b>
+ Top-level directory of the Postfix queue.
+
<b>SEE</b> <b>ALSO</b>
<a href="cleanup.8.html">cleanup(8)</a> message canonicalization
<a href="master.8.html">master(8)</a> process manager
syslogd(8) system logging
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
-
-
-
-
-
-
-
support.
<b>smtp</b><i>_</i><b>sasl</b><i>_</i><b>password</b><i>_</i><b>maps</b>
- Lookup tables with per-host <i>name</i>:<i>password</i> entries.
- No entry for a host means no attempt to authenti-
- cate.
+ Lookup tables with per-host or domain <i>name</i>:<i>password</i>
+ entries. No entry for a host means no attempt to
+ authenticate.
<b>smtp</b><i>_</i><b>sasl</b><i>_</i><b>security</b><i>_</i><b>options</b>
Zero or more of the following.
For example, allow <a href="http://www.faqs.org/rfcs/rfc822.html">RFC822</a>-style address forms with
comments, like Sendmail does.
+<b>Content</b> <b>inspection</b> <b>controls</b>
+ <b>content</b><i>_</i><b>inspector</b>
+ The name of a mail delivery transport that inspects
+ mail prior to delivery. This parameter uses the
+ same syntax as the right-hand side of a Postfix
+ transport table.
+
<b>Authenication</b> <b>controls</b>
<b>enable</b><i>_</i><b>sasl</b><i>_</i><b>authentication</b>
- Enable per-session authentication as per <a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a>
- (SASL). This functionality is available only when
+ Enable per-session authentication as per <a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a>
+ (SASL). This functionality is available only when
explicitly selected at program build time and
explicitly enabled at runtime.
<b>Miscellaneous</b>
<b>always</b><i>_</i><b>bcc</b>
- Address to send a copy of each message that enters
+ Address to send a copy of each message that enters
the system.
<b>command</b><i>_</i><b>directory</b>
<b>$program</b><i>_</i><b>directory</b>).
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>level</b>
- Increment in verbose logging level when a remote
+ Increment in verbose logging level when a remote
host matches a pattern in the <b>debug</b><i>_</i><b>peer</b><i>_</i><b>list</b>
parameter.
- <b>debug</b><i>_</i><b>peer</b><i>_</i><b>list</b>
- List of domain or network patterns. When a remote
- host matches a pattern, increase the verbose log-
- ging level by the amount specified in the
- <b>debug</b><i>_</i><b>peer</b><i>_</i><b>level</b> parameter.
-
-
2
SMTPD(8) SMTPD(8)
+ <b>debug</b><i>_</i><b>peer</b><i>_</i><b>list</b>
+ List of domain or network patterns. When a remote
+ host matches a pattern, increase the verbose log-
+ ging level by the amount specified in the
+ <b>debug</b><i>_</i><b>peer</b><i>_</i><b>level</b> parameter.
+
<b>error</b><i>_</i><b>notice</b><i>_</i><b>recipient</b>
- Recipient of protocol/policy/resource/software
+ Recipient of protocol/policy/resource/software
error notices.
<b>hopcount</b><i>_</i><b>limit</b>
Limit the number of <b>Received:</b> message headers.
<b>local</b><i>_</i><b>recipient</b><i>_</i><b>maps</b>
- List of maps with user names that are local to
+ List of maps with user names that are local to
<b>$myorigin</b> or <b>$inet</b><i>_</i><b>interfaces</b>. If this parameter is
- defined, then the SMTP server rejects mail for
+ defined, then the SMTP server rejects mail for
unknown local users.
<b>notify</b><i>_</i><b>classes</b>
List of error classes. Of special interest are:
- <b>policy</b> When a client violates any policy, mail a
+ <b>policy</b> When a client violates any policy, mail a
transcript of the entire SMTP session to the
postmaster.
<b>protocol</b>
- When a client violates the SMTP protocol or
+ When a client violates the SMTP protocol or
issues an unimplemented command, mail a
transcript of the entire SMTP session to the
postmaster.
<b>smtpd</b><i>_</i><b>banner</b>
- Text that follows the <b>220</b> status code in the SMTP
+ Text that follows the <b>220</b> status code in the SMTP
greeting banner.
<b>smtpd</b><i>_</i><b>recipient</b><i>_</i><b>limit</b>
- Restrict the number of recipients that the SMTP
+ Restrict the number of recipients that the SMTP
server accepts per message delivery.
<b>smtpd</b><i>_</i><b>timeout</b>
- Limit the time to send a server response and to
+ Limit the time to send a server response and to
receive a client request.
<b>Resource</b> <b>controls</b>
<b>line</b><i>_</i><b>length</b><i>_</i><b>limit</b>
- Limit the amount of memory in bytes used for the
+ Limit the amount of memory in bytes used for the
handling of partial input lines.
<b>message</b><i>_</i><b>size</b><i>_</i><b>limit</b>
Limit the total size in bytes of a message, includ-
ing on-disk storage for envelope information.
- <b>queue</b><i>_</i><b>minfree</b>
- Minimal amount of free space in bytes in the queue
- file system for the SMTP server to accept any mail
- at all.
-
-<b>Tarpitting</b>
SMTPD(8) SMTPD(8)
+ <b>queue</b><i>_</i><b>minfree</b>
+ Minimal amount of free space in bytes in the queue
+ file system for the SMTP server to accept any mail
+ at all.
+
+<b>Tarpitting</b>
<b>smtpd</b><i>_</i><b>error</b><i>_</i><b>sleep</b><i>_</i><b>time</b>
Time to wait in seconds before sending a 4xx or 5xx
server error response.
<b>smtpd</b><i>_</i><b>soft</b><i>_</i><b>error</b><i>_</i><b>limit</b>
When an SMTP client has made this number of errors,
- wait <i>error_count</i> seconds before responding to any
+ wait <i>error_count</i> seconds before responding to any
client request.
<b>smtpd</b><i>_</i><b>hard</b><i>_</i><b>error</b><i>_</i><b>limit</b>
- Disconnect after a client has made this number of
+ Disconnect after a client has made this number of
errors.
<b>smtpd</b><i>_</i><b>junk</b><i>_</i><b>command</b><i>_</i><b>limit</b>
Limit the number of times a client can issue a junk
- command such as NOOP, VRFY, ETRN or RSET in one
- SMTP session before it is penalized with tarpit
+ command such as NOOP, VRFY, ETRN or RSET in one
+ SMTP session before it is penalized with tarpit
delays.
<b>UCE</b> <b>control</b> <b>restrictions</b>
tem.
<b>smtpd</b><i>_</i><b>helo</b><i>_</i><b>required</b>
- Require that clients introduce themselves at the
+ Require that clients introduce themselves at the
beginning of an SMTP session.
<b>smtpd</b><i>_</i><b>helo</b><i>_</i><b>restrictions</b>
- Restrict what client hostnames are allowed in <b>HELO</b>
+ Restrict what client hostnames are allowed in <b>HELO</b>
and <b>EHLO</b> commands.
<b>smtpd</b><i>_</i><b>sender</b><i>_</i><b>restrictions</b>
- Restrict what sender addresses are allowed in <b>MAIL</b>
+ Restrict what sender addresses are allowed in <b>MAIL</b>
<b>FROM</b> commands.
<b>smtpd</b><i>_</i><b>recipient</b><i>_</i><b>restrictions</b>
- Restrict what recipient addresses are allowed in
+ Restrict what recipient addresses are allowed in
<b>RCPT</b> <b>TO</b> commands.
<b>smtpd</b><i>_</i><b>etrn</b><i>_</i><b>restrictions</b>
mands, and what clients may issue <b>ETRN</b> commands.
<b>allow</b><i>_</i><b>untrusted</b><i>_</i><b>routing</b>
- Allow untrusted clients to specify addresses with
- sender-specified routing. Enabling this opens up
- nasty relay loopholes involving trusted backup MX
- hosts.
-
- <b>restriction</b><i>_</i><b>classes</b>
- Declares the name of zero or more parameters that
- contain a list of UCE restrictions. The names of
- these parameters can then be used instead of the
+ Allow untrusted clients to specify addresses with
+ sender-specified routing. Enabling this opens up
+ nasty relay loopholes involving trusted backup MX
SMTPD(8) SMTPD(8)
+ hosts.
+
+ <b>restriction</b><i>_</i><b>classes</b>
+ Declares the name of zero or more parameters that
+ contain a list of UCE restrictions. The names of
+ these parameters can then be used instead of the
restriction lists that they represent.
<b>maps</b><i>_</i><b>rbl</b><i>_</i><b>domains</b>
- List of DNS domains that publish the addresses of
+ List of DNS domains that publish the addresses of
blacklisted hosts.
<b>relay</b><i>_</i><b>domains</b>
- Restrict what domains or networks this mail system
+ Restrict what domains or networks this mail system
will relay mail from or to.
<b>UCE</b> <b>control</b> <b>responses</b>
<b>access</b><i>_</i><b>map</b><i>_</i><b>reject</b><i>_</i><b>code</b>
- Server response when a client violates an access
+ Server response when a client violates an access
database restriction.
<b>invalid</b><i>_</i><b>hostname</b><i>_</i><b>reject</b><i>_</i><b>code</b>
- Server response when a client violates the
+ Server response when a client violates the
<b>reject</b><i>_</i><b>invalid</b><i>_</i><b>hostname</b> restriction.
<b>maps</b><i>_</i><b>rbl</b><i>_</i><b>reject</b><i>_</i><b>code</b>
- Server response when a client violates the
+ Server response when a client violates the
<b>maps</b><i>_</i><b>rbl</b><i>_</i><b>domains</b> restriction.
<b>reject</b><i>_</i><b>code</b>
- Response code when the client matches a <b>reject</b>
+ Response code when the client matches a <b>reject</b>
restriction.
<b>relay</b><i>_</i><b>domains</b><i>_</i><b>reject</b><i>_</i><b>code</b>
- Server response when a client attempts to violate
+ Server response when a client attempts to violate
the mail relay policy.
<b>unknown</b><i>_</i><b>address</b><i>_</i><b>reject</b><i>_</i><b>code</b>
- Server response when a client violates the
+ Server response when a client violates the
<b>reject</b><i>_</i><b>unknown</b><i>_</i><b>address</b> restriction.
<b>unknown</b><i>_</i><b>client</b><i>_</i><b>reject</b><i>_</i><b>code</b>
- Server response when a client without address to
- name mapping violates the <b>reject</b><i>_</i><b>unknown</b><i>_</i><b>clients</b>
+ Server response when a client without address to
+ name mapping violates the <b>reject</b><i>_</i><b>unknown</b><i>_</i><b>clients</b>
restriction.
<b>unknown</b><i>_</i><b>hostname</b><i>_</i><b>reject</b><i>_</i><b>code</b>
- Server response when a client violates the
+ Server response when a client violates the
<b>reject</b><i>_</i><b>unknown</b><i>_</i><b>hostname</b> restriction.
<b>SEE</b> <b>ALSO</b>
<a href="master.8.html">master(8)</a> process manager
syslogd(8) system logging
-<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
-
-
-
5
SMTPD(8) SMTPD(8)
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this
+ software.
+
<b>AUTHOR(S)</b>
Wietse Venema
IBM T.J. Watson Research
-
-
-
-
this program. See the Postfix \fBmain.cf\fR file for syntax details
and for default values. Use the \fBpostfix reload\fR command after
a configuration change.
+.SH "Content inspection controls"
+.IP \fBcontent_inspector\fR
+The name of a mail delivery transport that inspects mail prior
+to delivery.
+This parameter uses the same syntax as the right-hand side of
+a Postfix transport table.
.SH Miscellaneous
.ad
.fi
Enable per-session authentication as per RFC 2554 (SASL).
By default, Postfix is built without SASL support.
.IP \fBsmtp_sasl_password_maps\fR
-Lookup tables with per-host \fIname\fR:\fIpassword\fR entries.
+Lookup tables with per-host or domain \fIname\fR:\fIpassword\fR entries.
No entry for a host means no attempt to authenticate.
.IP \fBsmtp_sasl_security_options\fR
Zero or more of the following.
.IP \fBstrict_rfc821_envelopes\fR
Disallow non-RFC 821 style addresses in envelopes. For example,
allow RFC822-style address forms with comments, like Sendmail does.
+.SH "Content inspection controls"
+.IP \fBcontent_inspector\fR
+The name of a mail delivery transport that inspects mail prior
+to delivery.
+This parameter uses the same syntax as the right-hand side of
+a Postfix transport table.
.SH "Authenication controls"
.IP \fBenable_sasl_authentication\fR
Enable per-session authentication as per RFC 2554 (SASL).
/* this program. See the Postfix \fBmain.cf\fR file for syntax details
/* and for default values. Use the \fBpostfix reload\fR command after
/* a configuration change.
+/* .SH "Content inspection controls"
+/* .IP \fBcontent_inspector\fR
+/* The name of a mail delivery transport that inspects mail prior
+/* to delivery.
+/* This parameter uses the same syntax as the right-hand side of
+/* a Postfix transport table.
/* .SH Miscellaneous
/* .ad
/* .fi
/* Application-specific. */
char *var_always_bcc;
+char *var_inspect_xport;
/*
* Structure to bundle a bunch of information about a queue file.
info->rcpt = mystrdup(vstring_str(buf));
if (type == REC_TYPE_TIME)
continue;
+ if (type == REC_TYPE_INSP)
+ continue;
else {
/*
*/
rec_fprintf(cleanup, REC_TYPE_TIME, "%ld", (long) info->st.st_mtime);
+ /*
+ * Add content inspection transport.
+ */
+ if (*var_inspect_xport)
+ rec_fprintf(cleanup, REC_TYPE_INSP, "%s", var_inspect_xport);
+
/*
* Copy the message envelope segment. Allow only those records that we
* expect to see in the envelope section. The envelope segment must
{
static CONFIG_STR_TABLE str_table[] = {
VAR_ALWAYS_BCC, DEF_ALWAYS_BCC, &var_always_bcc, 0, 0,
+ VAR_INSPECT_XPORT, DEF_INSPECT_XPORT, &var_inspect_xport, 0, 0,
0,
};
char *sender; /* complete address */
char *errors_to; /* error report address */
char *return_receipt; /* confirm receipt address */
+ char *inspect_xport; /* inspection transport */
long data_size; /* message content size */
long rcpt_offset; /* more recipients here */
QMGR_RCPT_LIST rcpt_list; /* complete addresses */
message->sender = 0;
message->errors_to = 0;
message->return_receipt = 0;
+ message->inspect_xport = 0;
message->data_size = 0;
message->warn_offset = 0;
message->warn_time = 0;
} else if (rec_type == REC_TYPE_TIME) {
if (message->arrival_time == 0)
message->arrival_time = atol(start);
+ } else if (rec_type == REC_TYPE_INSP) {
+ if (message->inspect_xport == 0)
+ message->inspect_xport = mystrdup(start);
} else if (rec_type == REC_TYPE_FROM) {
if (message->sender == 0) {
message->sender = mystrdup(start);
char **cpp;
char *domain;
const char *junk;
+ char *nexthop;
#define STREQ(x,y) (strcasecmp(x,y) == 0)
#define STR vstring_str
* result address may differ from the one specified by the sender.
*/
resolve_clnt_query(recipient->address, &reply);
- if (!STREQ(recipient->address, STR(reply.recipient)))
- UPDATE(recipient->address, STR(reply.recipient));
-
+ if (message->inspect_xport) {
+ vstring_strcpy(reply.transport, message->inspect_xport);
+ if ((nexthop = split_at(STR(reply.transport), ':')) != 0)
+ vstring_strcpy(reply.nexthop, nexthop);
+ } else {
+ if (!STREQ(recipient->address, STR(reply.recipient)))
+ UPDATE(recipient->address, STR(reply.recipient));
+ }
/*
* Bounce recipients that have moved. We do it here instead of in the
myfree(message->errors_to);
if (message->return_receipt)
myfree(message->return_receipt);
+ if (message->inspect_xport)
+ myfree(message->inspect_xport);
qmgr_rcpt_list_free(&message->rcpt_list);
qmgr_message_count--;
myfree((char *) message);
/* Enable per-session authentication as per RFC 2554 (SASL).
/* By default, Postfix is built without SASL support.
/* .IP \fBsmtp_sasl_password_maps\fR
-/* Lookup tables with per-host \fIname\fR:\fIpassword\fR entries.
+/* Lookup tables with per-host or domain \fIname\fR:\fIpassword\fR entries.
/* No entry for a host means no attempt to authenticate.
/* .IP \fBsmtp_sasl_security_options\fR
/* Zero or more of the following.
/* .IP \fBstrict_rfc821_envelopes\fR
/* Disallow non-RFC 821 style addresses in envelopes. For example,
/* allow RFC822-style address forms with comments, like Sendmail does.
+/* .SH "Content inspection controls"
+/* .IP \fBcontent_inspector\fR
+/* The name of a mail delivery transport that inspects mail prior
+/* to delivery.
+/* This parameter uses the same syntax as the right-hand side of
+/* a Postfix transport table.
/* .SH "Authenication controls"
/* .IP \fBenable_sasl_authentication\fR
/* Enable per-session authentication as per RFC 2554 (SASL).
bool var_smtpd_sasl_enable;
char *var_smtpd_sasl_opts;
char *var_smtpd_sasl_realm;
+char *var_inspect_xport;
/*
* Global state, for stand-alone mode queue file cleanup. When this is
*/
rec_fprintf(state->cleanup, REC_TYPE_TIME, "%ld",
(long) time((time_t *) 0));
+ if (*var_inspect_xport)
+ rec_fprintf(state->cleanup, REC_TYPE_INSP, "%s", var_inspect_xport);
rec_fputs(state->cleanup, REC_TYPE_FROM, argv[2].strval);
state->sender = mystrdup(argv[2].strval);
smtpd_chat_reply(state, "250 Ok");
VAR_LOCAL_RCPT_MAPS, DEF_LOCAL_RCPT_MAPS, &var_local_rcpt_maps, 0, 0,
VAR_SMTPD_SASL_OPTS, DEF_SMTPD_SASL_OPTS, &var_smtpd_sasl_opts, 0, 0,
VAR_SMTPD_SASL_REALM, DEF_SMTPD_SASL_REALM, &var_smtpd_sasl_realm, 1, 0,
+ VAR_INSPECT_XPORT, DEF_INSPECT_XPORT, &var_inspect_xport, 0, 0,
0,
};
projects / thirdparty / postfix.git / commitdiff
