Cleanup: eliminated binary hashes from anvil server. Anvil
client information is now stored on top of its VSTREAM.
+20031226
+
+ Feature: bounce_queue_lifetime parameter (default:
+ $maximal_queue_life_time) that bounds the time that
+ MAILER-DAEMON messages spend in the queue before they are
+ considered undeliverable.
+
+ Feature: disable "mail loops back to myself" protection
+ when SMTP mail is sent to a non-standard port. This makes
+ setting up content filters less painful.
+
+ Cleanup: disallow bare x.x.x.x numeric IP addresses in
+ email addresses. The form user@[x.x.x.x] is still allowed.
+
+ Cleanup: cleaned up the naming of internal symbols in the
+ SMTP client.
+
Open problems:
Low: in the SMTP client, pass the session, request and
state structures as separate arguments.
- Low: in the SMTP client, turn off "mail loops back to
- myself" detection if a non-default TCP port is specified.
-
High: when virtual aliasing is turned off after content
filtering, local submissions may escape virtual aliasing.
smtp inet n - n - - smtpd
-o smtpd_proxy_filter=26
:26 inet n - n - - smtpd
- -o smtpd_authorized_xclient_hosts=127.0.0.0/8
+ -o smtpd_authorized_xforward_hosts=127.0.0.0/8
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
The ":26" causes Postfix to listen on the localhost address only.
DO NOT expose the secondary SMTP server to the Internet :-)
-The smtpd_authorized_xclient_hosts parameter allows the before
+The smtpd_authorized_xforward_hosts parameter allows the before
filter SMTP server to forward remote SMTP client information to
the after-filter SMTP server, so that the after-filter Postfix
daemons log the remote SMTP client information instead of logging
style content filter applications, the filter can be simplified if
it can delegate decisions concerning mail relay and other access
control to the MTA. This is especially useful when the filter acts
-as a transparent proxy for SMTP commands. As in the first example,
+as a transparent proxy for SMTP commands. As in the other examples,
this requires that the filter can override the MTA's idea of the
SMTP client hostname, network address, and other information.
The PROTO attribute specifies either SMTP or ESMTP.
-The HELO attribute specifies a HELO parameter value, or the value
-[UNAVAILABLE] when the information is unavailable.
+The HELO attribute specifies an SMTP HELO parameter value, or the
+value [UNAVAILABLE] when the information is unavailable.
Note 1: syntactically valid NAME and HELO attributes can be up to
255 characters long. The client must not send XCLIENT commands that
Security
========
-The XCLIENT command changes audit trails and/or client access
+The XCLIENT command changes audit trails and/or SMTP client access
permissions. Use of this command must be restricted to authorized
-clients.
-
-The XCLIENT should not override its own access control mechanism.
+SMTP clients. However, the XCLIENT command should not override its
+own access control mechanism.
SMTP connection caching
=======================
-SMTP connection caching makes it possible to deliver multiple
-messages within the same SMTP session. The XCLIENT attributes are
-persistent across an SMTP session, and need to be reset as appropriate
-in between deliveries.
+XCLIENT attributes persist until the end of an SMTP session. If
+one session is used to deliver mail from different SMTP clients,
+the XCLIENT attributes need to be reset as appropriate in between
+deliveries.
content filter to MTA2, so that the information could be logged as
part of mail handling transactions.
-This extension is implemented as a separate command, so that it
-can be used to transmit client or message attributes incrementally.
-It is not implemented by passing additional parameters via the MAIL
+This extension is implemented as a separate command, and can be
+used to transmit client or message attributes incrementally. It
+is not implemented by passing additional parameters via the MAIL
FROM command, because doing so would require extending the MAIL
-FROM command length limit by another 600 or more characters.
+FROM command length limit by another 600 or more characters beyond
+the space needed by other extensions such as AUTH.
Command syntax
==============
date. Snapshots change only the release date, unless they include
the same bugfixes as a patch release.
+Incompatible changes with Postfix snapshot 2.0.16-20031226
+==========================================================
+
+Postfix no longer allows mail addresses with bare numeric IP
+addresses (user@1.2.3.4). The form user@[ipaddress] is still
+allowed.
+
+Bounce messages now have a separate queue life time. This is
+controlled by the bounce_queue_lifetime parameter. The default is
+$maximal_queue_life_time.
+
Incompatible changes with Postfix snapshot 2.0.16-20031223
==========================================================
#
maximal_queue_lifetime = 5d
+# The bounce_queue_lifetime parameter specifies the maximal time
+# a bounce message is queued before it is considered undeliverable.
+# By default, this is the same as the queue life time for regular
+# mail.
+#
+# Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
+# The default time unit is d (days).
+#
+# Specify 0 when mail delivery should be tried only once.
+#
+bounce_queue_lifetime = $maximal_queue_lifetime
+
# The minimal_backoff_time parameter specifies the minimal time
# between attempts to deliver a deferred message. This parameter
# also limits the time an unreachable destination is kept in the
-<html> <
head> </head> <body> <pre>
+<html> <body> <pre>
NQMGR(8) NQMGR(8)
<b>NAME</b>
actions (the message is followed by the symbolic constant
used internally by the software):
- <b>D (QMGR</b><i>_</i><b>REQ</b><i>_</i><b>SCAN</b><i>_</i><b>DEFERRED)</b>
+ <b>D (QMGR_REQ_SCAN_DEFERRED)</b>
Start a deferred queue scan. If a deferred queue
scan is already in progress, that scan will be
restarted as soon as it finishes.
- <b>I (QMGR</b><i>_</i><b>REQ</b><i>_</i><b>SCAN</b><i>_</i><b>INCOMING)</b>
+ <b>I (QMGR_REQ_SCAN_INCOMING)</b>
Start an incoming queue scan. If an incoming queue
scan is already in progress, that scan will be
restarted as soon as it finishes.
- <b>A (QMGR</b><i>_</i><b>REQ</b><i>_</i><b>SCAN</b><i>_</i><b>ALL)</b>
+ <b>A (QMGR_REQ_SCAN_ALL)</b>
Ignore deferred queue file time stamps. The request
affects the next deferred queue scan.
- <b>F (QMGR</b><i>_</i><b>REQ</b><i>_</i><b>FLUSH</b><i>_</i><b>DEAD)</b>
+ <b>F (QMGR_REQ_FLUSH_DEAD)</b>
Purge all information about dead transports and
destinations.
- <b>W (TRIGGER</b><i>_</i><b>REQ</b><i>_</i><b>WAKEUP)</b>
+ <b>W (TRIGGER_REQ_WAKEUP)</b>
Wakeup call, This is used by the master server to
instantiate servers that should not go away for-
ever. The action is to start an incoming queue
Corrupted message files are saved to the <b>corrupt</b> queue for
further inspection.
- Depending on the setting of the <b>notify</b><i>_</i><b>classes</b> parameter,
+ Depending on the setting of the <b>notify_classes</b> parameter,
the postmaster is notified of bounces and of other trou-
ble.
command after a configuration change.
<b>Miscellaneous</b>
- <b>allow</b><i>_</i><b>min</b><i>_</i><b>user</b>
+ <b>allow_min_user</b>
Do not bounce recipient addresses that begin with
'-'.
- <b>queue</b><i>_</i><b>directory</b>
+ <b>queue_directory</b>
Top-level directory of the Postfix queue.
<b>Active queue controls</b>
In the text below, <i>transport</i> is the first field in a <b>mas-</b>
<b>ter.cf</b> entry.
- <b>qmgr</b><i>_</i><b>clog</b><i>_</i><b>warn</b><i>_</i><b>time</b>
+ <b>qmgr_clog_warn_time</b>
Minimal delay between warnings that a specific des-
tination is clogging up the active queue. Specify 0
to disable.
- <b>qmgr</b><i>_</i><b>message</b><i>_</i><b>active</b><i>_</i><b>limit</b>
+ <b>qmgr_message_active_limit</b>
Limit the number of messages in the active queue.
- <b>qmgr</b><i>_</i><b>message</b><i>_</i><b>recipient</b><i>_</i><b>limit</b>
+ <b>qmgr_message_recipient_limit</b>
Limit the number of in-memory recipients.
This parameter also limits the size of the short-
term, in-memory destination cache.
- <b>qmgr</b><i>_</i><b>message</b><i>_</i><b>recipient</b><i>_</i><b>minimum</b>
+ <b>qmgr_message_recipient_minimum</b>
Per message minimum of in-memory recipients.
- <b>default</b><i>_</i><b>recipient</b><i>_</i><b>limit</b>
+ <b>default_recipient_limit</b>
Default limit on the number of in-memory recipients
per transport.
- <i>transport_</i><b>recipient</b><i>_</i><b>limit</b>
+ <i>transport</i><b>_recipient_limit</b>
Limit on the number of in-memory recipients, for
the named message <i>transport</i>.
- <b>default</b><i>_</i><b>extra</b><i>_</i><b>recipient</b><i>_</i><b>limit</b>
+ <b>default_extra_recipient_limit</b>
Default limit on the total number of per transport
in-memory recipients that the preempting messages
can have.
- <i>transport_</i><b>extra</b><i>_</i><b>recipient</b><i>_</i><b>limit</b>
+ <i>transport</i><b>_extra_recipient_limit</b>
Limit on the number of in-memory recipients which
all preempting messages delivered by the transport
<i>transport</i> can have.
<b>Timing controls</b>
- <b>minimal</b><i>_</i><b>backoff</b><i>_</i><b>time</b>
+ <b>minimal_backoff_time</b>
Minimal time in seconds between delivery attempts
of a deferred message.
destination is kept in the short-term, in-memory
destination status cache.
- <b>maximal</b><i>_</i><b>backoff</b><i>_</i><b>time</b>
+ <b>maximal_backoff_time</b>
Maximal time in seconds between delivery attempts
of a deferred message.
- <b>maximal</b><i>_</i><b>queue</b><i>_</i><b>lifetime</b>
- Maximal time in days a message is queued before it
- is sent back as undeliverable.
+ <b>maximal_queue_lifetime</b>
+ Maximal time (default: in days) a regular message
+ is queued before it is considered undeliverable.
- <b>queue</b><i>_</i><b>run</b><i>_</i><b>delay</b>
+ <b>bounce_queue_lifetime</b>
+ Maximal time (default: in days) a bounce message is
+ queued before it is considered undeliverable.
+
+ <b>queue_run_delay</b>
Time in seconds between deferred queue scans. Queue
scans do not overlap.
- <b>transport</b><i>_</i><b>retry</b><i>_</i><b>time</b>
- Time in seconds between attempts to contact a bro-
+ <b>transport_retry_time</b>
+ Time in seconds between attempts to contact a bro-
ken delivery transport.
<b>Concurrency controls</b>
- <b>initial</b><i>_</i><b>destination</b><i>_</i><b>concurrency</b>
- Initial per-destination concurrency level for par-
+ <b>initial_destination_concurrency</b>
+ Initial per-destination concurrency level for par-
allel delivery to the same destination.
- <b>default</b><i>_</i><b>destination</b><i>_</i><b>concurrency</b><i>_</i><b>limit</b>
- Default limit on the number of parallel deliveries
+ <b>default_destination_concurrency_limit</b>
+ Default limit on the number of parallel deliveries
to the same destination.
- <i>transport_</i><b>destination</b><i>_</i><b>concurrency</b><i>_</i><b>limit</b>
- Limit on the number of parallel deliveries to the
- same destination, for delivery via the named mes-
+ <i>transport</i><b>_destination_concurrency_limit</b>
+ Limit on the number of parallel deliveries to the
+ same destination, for delivery via the named mes-
sage <i>transport</i>.
<b>Recipient controls</b>
- <b>default</b><i>_</i><b>destination</b><i>_</i><b>recipient</b><i>_</i><b>limit</b>
- Default limit on the number of recipients per mes-
+ <b>default_destination_recipient_limit</b>
+ Default limit on the number of recipients per mes-
sage transfer.
- <i>transport_</i><b>destination</b><i>_</i><b>recipient</b><i>_</i><b>limit</b>
- Limit on the number of recipients per message
+ <i>transport</i><b>_destination_recipient_limit</b>
+ Limit on the number of recipients per message
transfer, for the named message <i>transport</i>.
<b>Message scheduling</b>
- <i>transport_</i><b>delivery</b><i>_</i><b>slot</b><i>_</i><b>cost</b> (valid range: 0,2,3...)
- This parameter basically controls how often a mes-
- sage delivered by <i>transport</i> can be preempted by
+ <i>transport</i><b>_delivery_slot_cost</b> (valid range: 0,2,3...)
+ This parameter basically controls how often a mes-
+ sage delivered by <i>transport</i> can be preempted by
another message. An internal per-message/transport
- counter is incremented by one for each <i>trans-</i>
- <i>port_</i><b>delivery</b><i>_</i><b>slot</b><i>_</i><b>cost</b> deliveries handled by
- <i>transport</i>. This counter represents the number of
- "available delivery slots" for use by other mes-
+ counter is incremented by one for each <i>trans-</i>
+ <i>port</i><b>_delivery_slot_cost</b> deliveries handled by
+ <i>transport</i>. This counter represents the number of
+ "available delivery slots" for use by other mes-
sages. Current message can be preempted by another
- message when that other message can be delivered
- using less <i>transport</i> agents than the value of the
+ message when that other message can be delivered
+ using less <i>transport</i> agents than the value of the
"available delivery slots" counter.
- Value equal to 0 disables the message preemption
+ Value equal to 0 disables the message preemption
for <i>transport</i>.
- <i>transport_</i><b>minimum</b><i>_</i><b>delivery</b><i>_</i><b>slots</b>
+ <i>transport</i><b>_minimum_delivery_slots</b>
Message preemption is not attempted at all whenever
- a message that can't ever accumulate at least
- <i>transport_</i><b>minimum</b><i>_</i><b>delivery</b><i>_</i><b>slots</b> available delivery
+ a message that can't ever accumulate at least
+ <i>transport</i><b>_minimum_delivery_slots</b> available delivery
slots is being delivered by <i>transport</i>.
- <i>transport_</i><b>delivery</b><i>_</i><b>slot</b><i>_</i><b>discount</b> (valid range: 0..100)
+ <i>transport</i><b>_delivery_slot_discount</b> (valid range: 0..100)
- <i>transport_</i><b>delivery</b><i>_</i><b>slot</b><i>_</i><b>loan</b>
+ <i>transport</i><b>_delivery_slot_loan</b>
These parameters speed up the moment when a message
- preemption can happen. Instead of waiting until
- the full amount of delivery slots required is
- available, the preemption can happen when <i>trans-</i>
- <i>port_</i><b>delivery</b><i>_</i><b>slot</b><i>_</i><b>discount</b> percent of the required
- amount plus <i>transport_</i><b>delivery</b><i>_</i><b>slot</b><i>_</i><b>loan</b> still
- remains to be accumulated. Note that the full
- amount will still have to be accumulated before
+ preemption can happen. Instead of waiting until
+ the full amount of delivery slots required is
+ available, the preemption can happen when <i>trans-</i>
+ <i>port</i><b>_delivery_slot_discount</b> percent of the required
+ amount plus <i>transport</i><b>_delivery_slot_loan</b> still
+ remains to be accumulated. Note that the full
+ amount will still have to be accumulated before
another preemption can take place later.
- <b>default</b><i>_</i><b>delivery</b><i>_</i><b>slot</b><i>_</i><b>cost</b>
+ <b>default_delivery_slot_cost</b>
- <b>default</b><i>_</i><b>minimum</b><i>_</i><b>delivery</b><i>_</i><b>slots</b>
+ <b>default_minimum_delivery_slots</b>
- <b>default</b><i>_</i><b>delivery</b><i>_</i><b>slot</b><i>_</i><b>discount</b>
+ <b>default_delivery_slot_discount</b>
- <b>default</b><i>_</i><b>delivery</b><i>_</i><b>slot</b><i>_</i><b>loan</b>
- Default values for the transport specific parame-
+ <b>default_delivery_slot_loan</b>
+ Default values for the transport specific parame-
ters described above.
<b>SEE ALSO</b>
<a href="trivial-rewrite.8.html">trivial-rewrite(8)</a>, address routing
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
Note: while mail is "on hold" it will not expire
when its time in the queue exceeds the <b>maxi-</b>
- <b>mal_queue_lifetime</b> setting. It becomes subject to
- expiration after it is released from "hold".
+ <b>mal_queue_lifetime</b> or <b>bounce_queue_lifetime</b> set-
+ ting. It becomes subject to expiration after it is
+ released from "hold".
<b>-H</b> <i>queue</i><b>_</b><i>id</i>
Release mail that was put "on hold". Move one mes-
- sage with the named queue ID from the named mail
+ sage with the named queue ID from the named mail
queue(s) (default: <b>hold</b>) to the <b>deferred</b> queue. If
- a <i>queue</i><b>_</b><i>id</i> of <b>-</b> is specified, the program reads
+ a <i>queue</i><b>_</b><i>id</i> of <b>-</b> is specified, the program reads
queue IDs from standard input.
- Specify <b>-H ALL</b> to release all mail that is "on
- hold". As a safety measure, the word <b>ALL</b> must be
+ Specify <b>-H ALL</b> to release all mail that is "on
+ hold". As a safety measure, the word <b>ALL</b> must be
specified in upper case.
- <b>-p</b> Purge old temporary files that are left over after
+ <b>-p</b> Purge old temporary files that are left over after
system or software crashes.
<b>-r</b> <i>queue</i><b>_</b><i>id</i>
- Requeue the message with the named queue ID from
- the named mail queue(s) (default: <b>hold</b>, <b>incoming</b>,
- <b>active</b> and <b>deferred</b>). To requeue multiple mes-
- sages, specify multiple <b>-r</b> command-line options.
+ Requeue the message with the named queue ID from
+ the named mail queue(s) (default: <b>hold</b>, <b>incoming</b>,
+ <b>active</b> and <b>deferred</b>). To requeue multiple mes-
+ sages, specify multiple <b>-r</b> command-line options.
Alternatively, if a <i>queue</i><b>_</b><i>id</i> of <b>-</b> is specified, the
program reads queue IDs from standard input.
Specify <b>-r ALL</b> to requeue all messages. As a safety
- measure, the word <b>ALL</b> must be specified in upper
+ measure, the word <b>ALL</b> must be specified in upper
case.
- A requeued message is moved to the <b>maildrop</b> queue,
- from where it is copied by the pickup daemon to a
- new file whose name is guaranteed to match the new
+ A requeued message is moved to the <b>maildrop</b> queue,
+ from where it is copied by the pickup daemon to a
+ new file whose name is guaranteed to match the new
queue file inode number. The new queue file is sub-
- jected again to mail address rewriting and substi-
+ jected again to mail address rewriting and substi-
tution. This is useful when rewriting rules or vir-
tual mappings have changed.
- Postfix queue IDs are reused. There is a very
+ Postfix queue IDs are reused. There is a very
small possibility that <b>postsuper</b> requeues the wrong
- message file when it is executed while the Postfix
+ message file when it is executed while the Postfix
mail system is running, but no harm should be done.
<b>-s</b> Structure check and structure repair. It is highly
- recommended to perform this operation once before
+ recommended to perform this operation once before
Postfix startup.
- <b>o</b> Rename files whose name does not match the
+ <b>o</b> Rename files whose name does not match the
message file inode number. This operation is
- necessary after restoring a mail queue from
+ necessary after restoring a mail queue from
a different machine, or from backup media.
<b>o</b> Move queue files that are in the wrong place
in the file system hierarchy and remove sub-
directories that are no longer needed. File
- position rearrangements are necessary after
+ position rearrangements are necessary after
a change in the <b>hash_queue_names</b> and/or
<b>hash_queue_depth</b> configuration parameters.
<b>-v</b> Enable verbose logging for debugging purposes. Mul-
- tiple <b>-v</b> options make the software increasingly
+ tiple <b>-v</b> options make the software increasingly
verbose.
<b>DIAGNOSTICS</b>
- Problems are reported to the standard error stream and to
+ Problems are reported to the standard error stream and to
<b>syslogd</b>.
- <b>postsuper</b> reports the number of messages deleted with <b>-d</b>,
+ <b>postsuper</b> reports the number of messages deleted with <b>-d</b>,
the number of messages requeued with <b>-r</b>, and the number of
- messages whose queue file name was fixed with <b>-s</b>. The
+ messages whose queue file name was fixed with <b>-s</b>. The
report is written to the standard error stream and to <b>sys-</b>
<b>logd</b>.
Directory with the <b>main.cf</b> file.
<b>BUGS</b>
- Mail that is not sanitized by Postfix (i.e. mail in the
+ Mail that is not sanitized by Postfix (i.e. mail in the
<b>maildrop</b> queue) cannot be placed "on hold".
<b>CONFIGURATION PARAMETERS</b>
- See the Postfix <b>main.cf</b> file for syntax details and for
+ See the Postfix <b>main.cf</b> file for syntax details and for
default values.
<b>hash_queue_depth</b>
Number of subdirectory levels for hashed queues.
<b>hash_queue_names</b>
- The names of queues that are organized into multi-
+ The names of queues that are organized into multi-
ple levels of subdirectories.
<b>queue_directory</b>
- Top-level directory of the Postfix queue. This is
+ Top-level directory of the Postfix queue. This is
also the root directory of Postfix daemons that run
chrooted.
<a href="postqueue.1.html">postqueue(1)</a> unprivileged queue operations
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
-<html> <
head> </head> <body> <pre>
+<html> <body> <pre>
QMGR(8) QMGR(8)
<b>NAME</b>
actions (the message is followed by the symbolic constant
used internally by the software):
- <b>D (QMGR</b><i>_</i><b>REQ</b><i>_</i><b>SCAN</b><i>_</i><b>DEFERRED)</b>
+ <b>D (QMGR_REQ_SCAN_DEFERRED)</b>
Start a deferred queue scan. If a deferred queue
scan is already in progress, that scan will be
restarted as soon as it finishes.
- <b>I (QMGR</b><i>_</i><b>REQ</b><i>_</i><b>SCAN</b><i>_</i><b>INCOMING)</b>
+ <b>I (QMGR_REQ_SCAN_INCOMING)</b>
Start an incoming queue scan. If an incoming queue
scan is already in progress, that scan will be
restarted as soon as it finishes.
- <b>A (QMGR</b><i>_</i><b>REQ</b><i>_</i><b>SCAN</b><i>_</i><b>ALL)</b>
+ <b>A (QMGR_REQ_SCAN_ALL)</b>
Ignore deferred queue file time stamps. The request
affects the next deferred queue scan.
- <b>F (QMGR</b><i>_</i><b>REQ</b><i>_</i><b>FLUSH</b><i>_</i><b>DEAD)</b>
+ <b>F (QMGR_REQ_FLUSH_DEAD)</b>
Purge all information about dead transports and
destinations.
- <b>W (TRIGGER</b><i>_</i><b>REQ</b><i>_</i><b>WAKEUP)</b>
+ <b>W (TRIGGER_REQ_WAKEUP)</b>
Wakeup call, This is used by the master server to
instantiate servers that should not go away for-
ever. The action is to start an incoming queue
Corrupted message files are saved to the <b>corrupt</b> queue for
further inspection.
- Depending on the setting of the <b>notify</b><i>_</i><b>classes</b> parameter,
+ Depending on the setting of the <b>notify_classes</b> parameter,
the postmaster is notified of bounces and of other trou-
ble.
command after a configuration change.
<b>Miscellaneous</b>
- <b>allow</b><i>_</i><b>min</b><i>_</i><b>user</b>
+ <b>allow_min_user</b>
Do not bounce recipient addresses that begin with
'-'.
- <b>queue</b><i>_</i><b>directory</b>
+ <b>queue_directory</b>
Top-level directory of the Postfix queue.
<b>Active queue controls</b>
- <b>qmgr</b><i>_</i><b>clog</b><i>_</i><b>warn</b><i>_</i><b>time</b>
+ <b>qmgr_clog_warn_time</b>
Minimal delay between warnings that a specific des-
tination is clogging up the active queue. Specify 0
to disable.
- <b>qmgr</b><i>_</i><b>message</b><i>_</i><b>active</b><i>_</i><b>limit</b>
+ <b>qmgr_message_active_limit</b>
Limit the number of messages in the active queue.
- <b>qmgr</b><i>_</i><b>message</b><i>_</i><b>recipient</b><i>_</i><b>limit</b>
+ <b>qmgr_message_recipient_limit</b>
Limit the number of in-memory recipients.
This parameter also limits the size of the short-
term, in-memory destination cache.
<b>Timing controls</b>
- <b>minimal</b><i>_</i><b>backoff</b><i>_</i><b>time</b>
+ <b>minimal_backoff_time</b>
Minimal time in seconds between delivery attempts
of a deferred message.
destination is kept in the short-term, in-memory
destination status cache.
- <b>maximal</b><i>_</i><b>backoff</b><i>_</i><b>time</b>
+ <b>maximal_backoff_time</b>
Maximal time in seconds between delivery attempts
of a deferred message.
- <b>maximal</b><i>_</i><b>queue</b><i>_</i><b>lifetime</b>
- Maximal time in days a message is queued before it
- is sent back as undeliverable.
+ <b>maximal_queue_lifetime</b>
+ Maximal time (default: in days) a regular message
+ is queued before it is considered undeliverable.
- <b>queue</b><i>_</i><b>run</b><i>_</i><b>delay</b>
+ <b>bounce_queue_lifetime</b>
+ Maximal time (default: in days) a bounce message is
+ queued before it is considered undeliverable.
+
+ <b>queue_run_delay</b>
Time in seconds between deferred queue scans. Queue
scans do not overlap.
- <b>transport</b><i>_</i><b>retry</b><i>_</i><b>time</b>
- Time in seconds between attempts to contact a bro-
+ <b>transport_retry_time</b>
+ Time in seconds between attempts to contact a bro-
ken delivery transport.
<b>Concurrency controls</b>
- In the text below, <i>transport</i> is the first field in a <b>mas-</b>
+ In the text below, <i>transport</i> is the first field in a <b>mas-</b>
<b>ter.cf</b> entry.
- <b>qmgr</b><i>_</i><b>fudge</b><i>_</i><b>factor</b> (valid range: 10..100)
- The percentage of delivery resources that a busy
- mail system will use up for delivery of a large
- mailing list message. With 100%, delivery of one
- message does not begin before the previous message
- has been delivered. This results in good perfor-
- mance for large mailing lists, but results in poor
- response time for one-to-one mail. With less than
- 100%, response time for one-to-one mail improves,
- but large mailing list delivery performance suf-
+ <b>qmgr_fudge_factor</b> (valid range: 10..100)
+ The percentage of delivery resources that a busy
+ mail system will use up for delivery of a large
+ mailing list message. With 100%, delivery of one
+ message does not begin before the previous message
+ has been delivered. This results in good perfor-
+ mance for large mailing lists, but results in poor
+ response time for one-to-one mail. With less than
+ 100%, response time for one-to-one mail improves,
+ but large mailing list delivery performance suf-
fers. In the worst case, recipients near the begin-
- ning of a large list receive a burst of messages
- immediately, while recipients near the end of that
- list receive that same burst of messages a whole
+ ning of a large list receive a burst of messages
+ immediately, while recipients near the end of that
+ list receive that same burst of messages a whole
day later.
- <b>initial</b><i>_</i><b>destination</b><i>_</i><b>concurrency</b>
- Initial per-destination concurrency level for par-
+ <b>initial_destination_concurrency</b>
+ Initial per-destination concurrency level for par-
allel delivery to the same destination.
- <b>default</b><i>_</i><b>destination</b><i>_</i><b>concurrency</b><i>_</i><b>limit</b>
- Default limit on the number of parallel deliveries
+ <b>default_destination_concurrency_limit</b>
+ Default limit on the number of parallel deliveries
to the same destination.
- <i>transport_</i><b>destination</b><i>_</i><b>concurrency</b><i>_</i><b>limit</b>
- Limit on the number of parallel deliveries to the
- same destination, for delivery via the named mes-
+ <i>transport</i><b>_destination_concurrency_limit</b>
+ Limit on the number of parallel deliveries to the
+ same destination, for delivery via the named mes-
sage <i>transport</i>.
<b>Recipient controls</b>
- <b>default</b><i>_</i><b>destination</b><i>_</i><b>recipient</b><i>_</i><b>limit</b>
- Default limit on the number of recipients per mes-
+ <b>default_destination_recipient_limit</b>
+ Default limit on the number of recipients per mes-
sage transfer.
- <i>transport_</i><b>destination</b><i>_</i><b>recipient</b><i>_</i><b>limit</b>
- Limit on the number of recipients per message
+ <i>transport</i><b>_destination_recipient_limit</b>
+ Limit on the number of recipients per message
transfer, for the named message <i>transport</i>.
<b>SEE ALSO</b>
<a href="trivial-rewrite.8.html">trivial-rewrite(8)</a>, address routing
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
<p>
+<dt> <b>bounce_queue_lifetime</b> (default: 2 days) <dd> How
+long a bounce message stays in the queue before it is considered
+undeliverable. Specify 0 for mail that should be returned
+immediately after the first unsuccessful delivery attempt.
+
+<p>
+
<dt> <b>minimal_backoff_time</b> (default: 1000 seconds) <dd> The
minimal amount of time a message won't be looked at, and the minimal
amount of time to stay away from a "dead" destination.
checking and without any state change. This list
overrides built-in command definitions.
-<b>Content inspection controls</b>
- Optionally, Postfix can be configured to send new mail to
- external content filter software AFTER the mail is queued.
+<b>Content inspection after mail is queued</b>
+ Postfix can be configured to send new mail to an external
+ content filter AFTER the mail is queued.
<b>content_filter</b>
- The name of a mail delivery transport that filters
+ The name of a mail delivery transport that filters
mail and that either bounces mail or re-injects the
- result back into Postfix. This parameter uses the
- same syntax as the right-hand side of a Postfix
+ result back into Postfix. This parameter uses the
+ same syntax as the right-hand side of a Postfix
transport table.
<b>receive_override_options</b>
- The following options override <b>main.cf</b> settings.
- The options are either implemented by the SMTP
- server or are passed on to the downstream cleanup
+ The following options override <b>main.cf</b> settings.
+ The options are either implemented by the SMTP
+ server or are passed on to the downstream cleanup
server.
<b>no_unknown_recipient_checks</b>
- Do not try to reject unknown recipients.
- This is typically specified with the SMTP
+ Do not try to reject unknown recipients.
+ This is typically specified with the SMTP
server <b>after</b> an external content filter.
<b>no_address_mappings</b>
- Disable canonical address mapping, virtual
- alias map expansion, address masquerading,
- and automatic BCC recipients. This is typi-
- cally specified with the SMTP server <b>before</b>
+ Disable canonical address mapping, virtual
+ alias map expansion, address masquerading,
+ and automatic BCC recipients. This is typi-
+ cally specified with the SMTP server <b>before</b>
an external content filter.
<b>no_header_body_checks</b>
- Disable header/body_checks. This is typi-
- cally specified with the SMTP server <b>after</b>
+ Disable header/body_checks. This is typi-
+ cally specified with the SMTP server <b>after</b>
an external content filter.
-<b>Pass-through proxy</b>
- Optionally, the Postfix SMTP server can be configured to
- forward all mail to a proxy server, for example a real-
- time content filter, BEFORE mail is queued.
+<b>Content inspection before mail is queued</b>
+ The Postfix SMTP server can be configured to forward all
+ mail to a real-time SMTP-based content filter BEFORE mail
+ is queued.
<b>smtpd_proxy_filter</b>
- The <i>host:port</i> of the SMTP proxy server. The <i>host</i> or
- <i>host:</i> portion is optional.
+ The <i>host:port</i> of the real-time SMTP-based content
+ filter. The <i>host</i> or <i>host:</i> portion is optional.
<b>smtpd_proxy_timeout</b>
Timeout for connecting to, sending to and receiving
- from the SMTP proxy server.
+ from the real-time SMTP-based content filter.
<b>smtpd_proxy_ehlo</b>
The hostname to use when sending an EHLO command to
- the SMTP proxy server.
+ the real-time SMTP-based content filter.
<b>Authentication controls</b>
<b>smtpd_sasl_auth_enable</b>
- Enable per-session authentication as per <a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a>
- (SASL). This functionality is available only when
+ Enable per-session authentication as per <a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a>
+ (SASL). This functionality is available only when
explicitly selected at program build time and
explicitly enabled at runtime.
Disallow anonymous logins.
<b>smtpd_sender_login_maps</b>
- Maps that specify the SASL login names that own a
- MAIL FROM sender address. Used by the
+ Maps that specify the SASL login names that own a
+ MAIL FROM sender address. Used by the
<b>reject_sender_login_mismatch</b> sender anti-spoofing
- restriction, as well as by its component restric-
+ restriction, as well as by its component restric-
tions <b>reject_authenticated_sender_login_mismatch</b>
- (an authenticated client can't use a MAIL FROM
- sender address that is owned by someone else) and
+ (an authenticated client can't use a MAIL FROM
+ sender address that is owned by someone else) and
<b>reject_unauthenticated_sender_login_mismatch</b> (a
- client must be authenticated in order to use the
+ client must be authenticated in order to use the
MAIL FROM sender address).
<b>Miscellaneous</b>
<b>smtpd_authorized_xclient_hosts</b>
Hostnames, domain names and/or addresses of clients
- that are authorized to use the XCLIENT command.
- This command overrides client information for
+ that are authorized to use the XCLIENT command.
+ This command overrides client information for
access control and logging purposes, with the
- exception of the <b>smtpd_authorized_xclient_hosts</b>
+ exception of the <b>smtpd_authorized_xclient_hosts</b>
access control itself.
<b>smtpd_authorized_xforward_hosts</b>
Hostnames, domain names and/or addresses of clients
- that are authorized to use the XFORWARD command.
+ that are authorized to use the XFORWARD command.
This command accepts client and message identofying
information for logging purposes.
<b>debug_peer_level</b>
- Increment in verbose logging level when a remote
+ Increment in verbose logging level when a remote
host matches a pattern in the <b>debug_peer_list</b>
parameter.
<b>debug_peer_list</b>
- List of domain or network patterns. When a remote
- host matches a pattern, increase the verbose log-
- ging level by the amount specified in the
+ List of domain or network patterns. When a remote
+ host matches a pattern, increase the verbose log-
+ ging level by the amount specified in the
<b>debug_peer_level</b> parameter.
<b>default_verp_delimiters</b>
The default VERP delimiter characters that are used
- when the XVERP command is specified without
+ when the XVERP command is specified without
explicit delimiters.
<b>error_notice_recipient</b>
- Recipient of protocol/policy/resource/software
+ Recipient of protocol/policy/resource/software
error notices.
<b>hopcount_limit</b>
<b>notify_classes</b>
List of error classes. Of special interest are:
- <b>policy</b> When a client violates any policy, mail a
+ <b>policy</b> When a client violates any policy, mail a
transcript of the entire SMTP session to the
postmaster.
<b>protocol</b>
- When a client violates the SMTP protocol or
+ When a client violates the SMTP protocol or
issues an unimplemented command, mail a
transcript of the entire SMTP session to the
postmaster.
<b>smtpd_banner</b>
- Text that follows the <b>220</b> status code in the SMTP
+ Text that follows the <b>220</b> status code in the SMTP
greeting banner.
<b>smtpd_expansion_filter</b>
expansion of rbl template responses and other text.
<b>smtpd_recipient_limit</b>
- Restrict the number of recipients that the SMTP
+ Restrict the number of recipients that the SMTP
server accepts per message delivery.
<b>smtpd_timeout</b>
- Limit the time to send a server response and to
+ Limit the time to send a server response and to
receive a client request.
<b>soft_bounce</b>
- Change hard (5xx) reject responses into soft (4xx)
- reject responses. This can be useful for testing
+ Change hard (5xx) reject responses into soft (4xx)
+ reject responses. This can be useful for testing
purposes.
<b>verp_delimiter_filter</b>
- The characters that Postfix accepts as VERP delim-
+ The characters that Postfix accepts as VERP delim-
iter characters.
<b>Known versus unknown recipients</b>
<b>show_user_unknown_table_name</b>
- Whether or not to reveal the table name in the
- "User unknown" responses. The extra detail makes
- trouble shooting easier but also reveals informa-
+ Whether or not to reveal the table name in the
+ "User unknown" responses. The extra detail makes
+ trouble shooting easier but also reveals informa-
tion that is nobody elses business.
<b>unknown_local_recipient_reject_code</b>
The response code when a client specifies a recipi-
- ent whose domain matches <b>$mydestination</b> or
+ ent whose domain matches <b>$mydestination</b> or
<b>$inet_interfaces</b>, while <b>$local_recipient_maps</b> is
- non-empty and does not list the recipient address
+ non-empty and does not list the recipient address
or address local-part.
<b>unknown_relay_recipient_reject_code</b>
The response code when a client specifies a recipi-
ent whose domain matches <b>$relay_domains</b>, while
- <b>$relay_recipient_maps</b> is non-empty and does not
+ <b>$relay_recipient_maps</b> is non-empty and does not
list the recipient address.
<b>unknown_virtual_alias_reject_code</b>
The response code when a client specifies a recipi-
- ent whose domain matches <b>$virtual_alias_domains</b>,
- while the recipient is not listed in <b>$vir-</b>
+ ent whose domain matches <b>$virtual_alias_domains</b>,
+ while the recipient is not listed in <b>$vir-</b>
<b>tual_alias_maps</b>.
<b>unknown_virtual_mailbox_reject_code</b>
The response code when a client specifies a recipi-
- ent whose domain matches <b>$virtual_mailbox_domains</b>,
+ ent whose domain matches <b>$virtual_mailbox_domains</b>,
while the recipient is not listed in <b>$virtual_mail-</b>
<b>box_maps</b>.
<b>Resource controls</b>
<b>line_length_limit</b>
- Limit the amount of memory in bytes used for the
+ Limit the amount of memory in bytes used for the
handling of partial input lines.
<b>message_size_limit</b>
ing on-disk storage for envelope information.
<b>queue_minfree</b>
- Minimal amount of free space in bytes in the queue
- file system for the SMTP server to accept any mail
- at all (default: twice the <b>message_size_limit</b>
+ Minimal amount of free space in bytes in the queue
+ file system for the SMTP server to accept any mail
+ at all (default: twice the <b>message_size_limit</b>
value).
<b>smtpd_history_flush_threshold</b>
<b>smtpd_client_connection_count_limit</b>
The maximal number of simultaneous connections that
- any client is allowed to make to this service.
- When a client exceeds the limit, the SMTP server
+ any client is allowed to make to this service.
+ When a client exceeds the limit, the SMTP server
logs a warning with the client name/address and the
service name as configured in master.cf.
<b>smtpd_client_connection_rate_limit</b>
- The maximal number of connections per unit time
+ The maximal number of connections per unit time
(specified with <b>connection_rate_time_unit</b>) that any
- client is allowed to make to this service. When a
- client exceeds the limit, the SMTP server logs a
- warning with the client name/address and the ser-
+ client is allowed to make to this service. When a
+ client exceeds the limit, the SMTP server logs a
+ warning with the client name/address and the ser-
vice name as configured in master.cf.
<b>smtpd_client_connection_limit_exceptions</b>
- Hostnames, .domain names and/or network address
+ Hostnames, .domain names and/or network address
blocks of clients that are excluded from connection
count or rate limits.
<b>smtpd_soft_error_limit</b>
When an SMTP client has made this number of errors,
- wait <i>error</i><b>_</b><i>count</i> seconds before responding to any
+ wait <i>error</i><b>_</b><i>count</i> seconds before responding to any
client request.
<b>smtpd_hard_error_limit</b>
- Disconnect after a client has made this number of
+ Disconnect after a client has made this number of
errors.
<b>smtpd_junk_command_limit</b>
Limit the number of times a client can issue a junk
- command such as NOOP, VRFY, ETRN or RSET in one
- SMTP session before it is penalized with tarpit
+ command such as NOOP, VRFY, ETRN or RSET in one
+ SMTP session before it is penalized with tarpit
delays.
<b>Delegated policy</b>
receiving from a delegated SMTPD policy server.
<b>smtpd_policy_service_max_idle</b>
- Time after which an unused SMTPD policy service
+ Time after which an unused SMTPD policy service
connection is closed.
<b>smtpd_policy_service_timeout</b>
- Time after which an active SMTPD policy service
+ Time after which an active SMTPD policy service
connection is closed.
<b>UCE control restrictions</b>
<b>parent_domain_matches_subdomains</b>
- List of Postfix features that use <i>domain.tld</i> pat-
- terns to match <i>sub.domain.tld</i> (as opposed to
+ List of Postfix features that use <i>domain.tld</i> pat-
+ terns to match <i>sub.domain.tld</i> (as opposed to
requiring <i>.domain.tld</i> patterns).
<b>smtpd_client_restrictions</b>
tem.
<b>smtpd_helo_required</b>
- Require that clients introduce themselves at the
+ Require that clients introduce themselves at the
beginning of an SMTP session.
<b>smtpd_helo_restrictions</b>
- Restrict what client hostnames are allowed in <b>HELO</b>
+ Restrict what client hostnames are allowed in <b>HELO</b>
and <b>EHLO</b> commands.
<b>smtpd_sender_restrictions</b>
- Restrict what sender addresses are allowed in <b>MAIL</b>
+ Restrict what sender addresses are allowed in <b>MAIL</b>
<b>FROM</b> commands.
<b>smtpd_recipient_restrictions</b>
- Restrict what recipient addresses are allowed in
+ Restrict what recipient addresses are allowed in
<b>RCPT TO</b> commands.
<b>smtpd_etrn_restrictions</b>
mands, and what clients may issue <b>ETRN</b> commands.
<b>smtpd_data_restrictions</b>
- Restrictions on the <b>DATA</b> command. Currently, the
- only restriction that makes sense here is
+ Restrictions on the <b>DATA</b> command. Currently, the
+ only restriction that makes sense here is
<b>reject_unauth_pipelining</b>.
<b>allow_untrusted_routing</b>
- Allow untrusted clients to specify addresses with
- sender-specified routing. Enabling this opens up
- nasty relay loopholes involving trusted backup MX
+ Allow untrusted clients to specify addresses with
+ sender-specified routing. Enabling this opens up
+ nasty relay loopholes involving trusted backup MX
hosts.
<b>smtpd_restriction_classes</b>
- Declares the name of zero or more parameters that
- contain a list of UCE restrictions. The names of
- these parameters can then be used instead of the
+ Declares the name of zero or more parameters that
+ contain a list of UCE restrictions. The names of
+ these parameters can then be used instead of the
restriction lists that they represent.
<b>smtpd_null_access_lookup_key</b>
- The lookup key to be used in SMTPD access tables
- instead of the null sender address. A null sender
+ The lookup key to be used in SMTPD access tables
+ instead of the null sender address. A null sender
address cannot be looked up.
<b>maps_rbl_domains</b> (deprecated)
- List of DNS domains that publish the addresses of
+ List of DNS domains that publish the addresses of
blacklisted hosts. This is used with the deprecated
<b>reject_maps_rbl</b> restriction.
<b>permit_mx_backup_networks</b>
- Only domains whose primary MX hosts match the
- listed networks are eligible for the <b>per-</b>
+ Only domains whose primary MX hosts match the
+ listed networks are eligible for the <b>per-</b>
<b>mit_mx_backup</b> feature.
<b>relay_domains</b>
- Restrict what domains this mail system will relay
- mail to. The domains are routed to the delivery
+ Restrict what domains this mail system will relay
+ mail to. The domains are routed to the delivery
agent specified with the <b>relay_transport</b> setting.
<b>Sender/recipient address verification</b>
Address verification is implemented by sending probe email
- messages that are not actually delivered, and is enabled
- via the reject_unverified_{sender,recipient} access
- restriction. The status of verification probes is main-
+ messages that are not actually delivered, and is enabled
+ via the reject_unverified_{sender,recipient} access
+ restriction. The status of verification probes is main-
tained by the address verification service.
<b>address_verify_poll_count</b>
- How many times to query the address verification
- service for completion of an address verification
- request. Specify 1 to implement a simple form of
- greylisting, that is, always defer the request for
+ How many times to query the address verification
+ service for completion of an address verification
+ request. Specify 1 to implement a simple form of
+ greylisting, that is, always defer the request for
a new sender or recipient address.
<b>address_verify_poll_delay</b>
- Time to wait after querying the address verifica-
+ Time to wait after querying the address verifica-
tion service for completion of an address verifica-
tion request.
<b>UCE control responses</b>
<b>access_map_reject_code</b>
- Response code when a client violates an access
+ Response code when a client violates an access
database restriction.
<b>default_rbl_reply</b>
Default template reply when a request is RBL black-
- listed. This template is used by the <b>reject_rbl_*</b>
- and <b>reject_rhsbl_*</b> restrictions. See also:
+ listed. This template is used by the <b>reject_rbl_*</b>
+ and <b>reject_rhsbl_*</b> restrictions. See also:
<b>rbl_reply_maps</b> and <b>smtpd_expansion_filter</b>.
<b>defer_code</b>
- Response code when a client request is rejected by
+ Response code when a client request is rejected by
the <b>defer</b> restriction.
<b>invalid_hostname_reject_code</b>
- Response code when a client violates the
+ Response code when a client violates the
<b>reject_invalid_hostname</b> restriction.
<b>maps_rbl_reject_code</b>
Response code when a request is RBL blacklisted.
<b>multi_recipient_bounce_reject_code</b>
- Response code when a multi-recipient bounce is
+ Response code when a multi-recipient bounce is
blocked.
<b>rbl_reply_maps</b>
- Table with template responses for RBL blacklisted
- requests, indexed by RBL domain name. These tem-
+ Table with template responses for RBL blacklisted
+ requests, indexed by RBL domain name. These tem-
plates are used by the <b>reject_rbl_*</b> and
- <b>reject_rhsbl_*</b> restrictions. See also:
+ <b>reject_rhsbl_*</b> restrictions. See also:
<b>default_rbl_reply</b> and <b>smtpd_expansion_filter</b>.
<b>reject_code</b>
- Response code when the client matches a <b>reject</b>
+ Response code when the client matches a <b>reject</b>
restriction.
<b>relay_domains_reject_code</b>
mail relay policy.
<b>unknown_address_reject_code</b>
- Response code when a client violates the
+ Response code when a client violates the
<b>reject_unknown_address</b> restriction.
<b>unknown_client_reject_code</b>
tion.
<b>unknown_hostname_reject_code</b>
- Response code when a client violates the
+ Response code when a client violates the
<b>reject_unknown_hostname</b> restriction.
<b>unverified_sender_reject_code</b>
- Response code when a sender address is known to be
+ Response code when a sender address is known to be
undeliverable.
<b>unverified_recipient_reject_code</b>
- Response code when a recipient address is known to
+ Response code when a recipient address is known to
be undeliverable.
<b>SEE ALSO</b>
<a href="verify.8.html">verify(8)</a> address verification service
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
.sp
Note: while mail is "on hold" it will not expire when its
time in the queue exceeds the \fBmaximal_queue_lifetime\fR
-setting. It becomes subject to expiration after it is
-released from "hold".
+or \fBbounce_queue_lifetime\fR setting. It becomes subject to
+expiration after it is released from "hold".
.IP "\fB-H \fIqueue_id\fR"
Release mail that was put "on hold".
Move one message with the named queue ID from the named
Maximal time in seconds between delivery attempts
of a deferred message.
.IP \fBmaximal_queue_lifetime\fR
-Maximal time in days a message is queued
-before it is sent back as undeliverable.
+Maximal time (default: in days) a regular message is queued
+before it is considered undeliverable.
+.IP \fBbounce_queue_lifetime\fR
+Maximal time (default: in days) a bounce message is queued
+before it is considered undeliverable.
.IP \fBqueue_run_delay\fR
Time in seconds between deferred queue scans. Queue scans do
not overlap.
Maximal time in seconds between delivery attempts
of a deferred message.
.IP \fBmaximal_queue_lifetime\fR
-Maximal time in days a message is queued
-before it is sent back as undeliverable.
+Maximal time (default: in days) a regular message is queued
+before it is considered undeliverable.
+.IP \fBbounce_queue_lifetime\fR
+Maximal time (default: in days) a bounce message is queued
+before it is considered undeliverable.
.IP \fBqueue_run_delay\fR
Time in seconds between deferred queue scans. Queue scans do
not overlap.
List of commands that are treated as NOOP (no operation) commands,
without any parameter syntax checking and without any state change.
This list overrides built-in command definitions.
-.SH "Content inspection controls"
-Optionally, Postfix can be configured to send new mail to
-external content filter software AFTER the mail is queued.
+.SH "Content inspection after mail is queued"
+.ad
+.fi
+Postfix can be configured to send new mail to an external
+content filter AFTER the mail is queued.
.IP \fBcontent_filter\fR
The name of a mail delivery transport that filters mail and that
either bounces mail or re-injects the result back into Postfix.
Disable header/body_checks. This is typically specified with the
SMTP server \fBafter\fR an external content filter.
.RE
-.SH "Pass-through proxy"
+.SH "Content inspection before mail is queued"
.ad
.fi
-.ad
-Optionally, the Postfix SMTP server can be configured to
-forward all mail to a proxy server, for example a real-time
-content filter, BEFORE mail is queued.
+The Postfix SMTP server can be configured to forward all mail
+to a real-time SMTP-based content filter BEFORE mail is queued.
.IP \fBsmtpd_proxy_filter\fR
-The \fIhost:port\fR of the SMTP proxy server. The \fIhost\fR
-or \fIhost:\fR portion is optional.
+The \fIhost:port\fR of the real-time SMTP-based content filter.
+The \fIhost\fR or \fIhost:\fR portion is optional.
.IP \fBsmtpd_proxy_timeout\fR
Timeout for connecting to, sending to and receiving from
-the SMTP proxy server.
+the real-time SMTP-based content filter.
.IP \fBsmtpd_proxy_ehlo\fR
The hostname to use when sending an EHLO command to the
-SMTP proxy server.
+real-time SMTP-based content filter.
.SH "Authentication controls"
.IP \fBsmtpd_sasl_auth_enable\fR
Enable per-session authentication as per RFC 2554 (SASL).
#define DEF_MAX_QUEUE_TIME "5d"
extern int var_max_queue_time;
+#define VAR_DSN_QUEUE_TIME "bounce_queue_lifetime"
+#define DEF_DSN_QUEUE_TIME "$" VAR_MAX_QUEUE_TIME
+extern int var_dsn_queue_time;
+
#define VAR_DELAY_WARN_TIME "delay_warning_time"
#define DEF_DELAY_WARN_TIME "0h"
extern int var_delay_warn_time;
extern int var_verify_neg_exp;
#define VAR_VERIFY_NEG_TRY "address_verify_negative_refresh_time"
-#define DEF_VERIFY_NEG_TRY "2h"
+#define DEF_VERIFY_NEG_TRY "3h"
extern int var_verify_neg_try;
#define VAR_VERIFY_NEG_CACHE "address_verify_negative_cache"
* Patches change the patchlevel and the release date. Snapshots change the
* release date only, unless they include the same bugfix as a patch release.
*/
-#define MAIL_RELEASE_DATE "20031224"
+#define MAIL_RELEASE_DATE "20031226"
#define VAR_MAIL_VERSION "mail_version"
#define DEF_MAIL_VERSION "2.0.16-" MAIL_RELEASE_DATE
/*
* Peek at the cache.
*/
+#define IFSET(flag, text) ((reply->flags & (flag)) ? (text) : "")
+
if (*addr && strcmp(addr, STR(last_addr)) == 0) {
vstring_strcpy(reply->transport, STR(last_reply.transport));
vstring_strcpy(reply->nexthop, STR(last_reply.nexthop));
vstring_strcpy(reply->recipient, STR(last_reply.recipient));
reply->flags = last_reply.flags;
if (msg_verbose)
- msg_info("%s: cached: `%s' -> t=`%s' h=`%s' r=`%s'",
+ msg_info("%s: cached: `%s' -> transp=`%s' host=`%s' rcpt=`%s' flags=%s%s%s%s class=%s%s%s%s%s",
myname, addr, STR(reply->transport),
- STR(reply->nexthop), STR(reply->recipient));
+ STR(reply->nexthop), STR(reply->recipient),
+ IFSET(RESOLVE_FLAG_FINAL, "final"),
+ IFSET(RESOLVE_FLAG_ROUTED, "routed"),
+ IFSET(RESOLVE_FLAG_ERROR, "error"),
+ IFSET(RESOLVE_FLAG_FAIL, "fail"),
+ IFSET(RESOLVE_CLASS_LOCAL, "local"),
+ IFSET(RESOLVE_CLASS_ALIAS, "alias"),
+ IFSET(RESOLVE_CLASS_VIRTUAL, "virtual"),
+ IFSET(RESOLVE_CLASS_RELAY, "relay"),
+ IFSET(RESOLVE_CLASS_DEFAULT, "default"));
return;
}
var_rewrite_service);
} else {
if (msg_verbose)
- msg_info("%s: `%s' -> t=`%s' h=`%s' r=`%s'",
+ msg_info("%s: `%s' -> transp=`%s' host=`%s' rcpt=`%s' flags=%s%s%s%s class=%s%s%s%s%s",
myname, addr, STR(reply->transport),
- STR(reply->nexthop), STR(reply->recipient));
+ STR(reply->nexthop), STR(reply->recipient),
+ IFSET(RESOLVE_FLAG_FINAL, "final"),
+ IFSET(RESOLVE_FLAG_ROUTED, "routed"),
+ IFSET(RESOLVE_FLAG_ERROR, "error"),
+ IFSET(RESOLVE_FLAG_FAIL, "fail"),
+ IFSET(RESOLVE_CLASS_LOCAL, "local"),
+ IFSET(RESOLVE_CLASS_ALIAS, "alias"),
+ IFSET(RESOLVE_CLASS_VIRTUAL, "virtual"),
+ IFSET(RESOLVE_CLASS_RELAY, "relay"),
+ IFSET(RESOLVE_CLASS_DEFAULT, "default"));
if (STR(reply->transport)[0] == 0)
msg_warn("%s: null transport result for: <%s>", myname, addr);
else if (STR(reply->recipient)[0] == 0 && *addr != 0)
SHELL = /bin/sh
SRCS = master.c master_conf.c master_ent.c master_sig.c master_avail.c \
- master_spawn.c master_service.c master_status.o master_listen.c \
+ master_spawn.c master_service.c master_status.c master_listen.c \
master_proto.c single_server.c multi_server.c master_vars.c \
master_wakeup.c master_flow.c mail_flow.c
OBJS = master.o master_conf.o master_ent.o master_sig.o master_avail.o \
/*
* master_vars.c
*/
-extern char *var_program_dir;
-extern int var_proc_limit;
-extern int var_use_limit;
-extern int var_idle_limit;
extern void master_vars_init(void);
/*
/* Maximal time in seconds between delivery attempts
/* of a deferred message.
/* .IP \fBmaximal_queue_lifetime\fR
-/* Maximal time in days a message is queued
-/* before it is sent back as undeliverable.
+/* Maximal time (default: in days) a regular message is queued
+/* before it is considered undeliverable.
+/* .IP \fBbounce_queue_lifetime\fR
+/* Maximal time (default: in days) a bounce message is queued
+/* before it is considered undeliverable.
/* .IP \fBqueue_run_delay\fR
/* Time in seconds between deferred queue scans. Queue scans do
/* not overlap.
int var_min_backoff_time;
int var_max_backoff_time;
int var_max_queue_time;
+int var_dsn_queue_time;
int var_qmgr_active_limit;
int var_qmgr_rcpt_limit;
int var_qmgr_msg_rcpt_limit;
VAR_MIN_BACKOFF_TIME, DEF_MIN_BACKOFF_TIME, &var_min_backoff_time, 1, 0,
VAR_MAX_BACKOFF_TIME, DEF_MAX_BACKOFF_TIME, &var_max_backoff_time, 1, 0,
VAR_MAX_QUEUE_TIME, DEF_MAX_QUEUE_TIME, &var_max_queue_time, 0, 8640000,
+ VAR_DSN_QUEUE_TIME, DEF_DSN_QUEUE_TIME, &var_dsn_queue_time, 0, 8640000,
VAR_XPORT_RETRY_TIME, DEF_XPORT_RETRY_TIME, &var_transport_retry_time, 1, 0,
VAR_QMGR_CLOG_WARN_TIME, DEF_QMGR_CLOG_WARN_TIME, &var_qmgr_clog_warn_time, 0, 0,
0,
* daemon waits for the qmgr to accept the "new mail" trigger.
*/
if (message->flags) {
- if (event_time() >= message->arrival_time + var_max_queue_time) {
+ if (event_time() >= message->arrival_time +
+ (*message->sender ? var_max_queue_time : var_dsn_queue_time)) {
msg_info("%s: from=<%s>, status=expired, returned to sender",
message->queue_id, message->sender);
if (message->verp_delims == 0 || var_verp_bounce_off)
/* .sp
/* Note: while mail is "on hold" it will not expire when its
/* time in the queue exceeds the \fBmaximal_queue_lifetime\fR
-/* setting. It becomes subject to expiration after it is
-/* released from "hold".
+/* or \fBbounce_queue_lifetime\fR setting. It becomes subject to
+/* expiration after it is released from "hold".
/* .IP "\fB-H \fIqueue_id\fR"
/* Release mail that was put "on hold".
/* Move one message with the named queue ID from the named
/* Maximal time in seconds between delivery attempts
/* of a deferred message.
/* .IP \fBmaximal_queue_lifetime\fR
-/* Maximal time in days a message is queued
-/* before it is sent back as undeliverable.
+/* Maximal time (default: in days) a regular message is queued
+/* before it is considered undeliverable.
+/* .IP \fBbounce_queue_lifetime\fR
+/* Maximal time (default: in days) a bounce message is queued
+/* before it is considered undeliverable.
/* .IP \fBqueue_run_delay\fR
/* Time in seconds between deferred queue scans. Queue scans do
/* not overlap.
int var_min_backoff_time;
int var_max_backoff_time;
int var_max_queue_time;
+int var_dsn_queue_time;
int var_qmgr_active_limit;
int var_qmgr_rcpt_limit;
int var_init_dest_concurrency;
VAR_MIN_BACKOFF_TIME, DEF_MIN_BACKOFF_TIME, &var_min_backoff_time, 1, 0,
VAR_MAX_BACKOFF_TIME, DEF_MAX_BACKOFF_TIME, &var_max_backoff_time, 1, 0,
VAR_MAX_QUEUE_TIME, DEF_MAX_QUEUE_TIME, &var_max_queue_time, 0, 8640000,
+ VAR_DSN_QUEUE_TIME, DEF_DSN_QUEUE_TIME, &var_dsn_queue_time, 0, 8640000,
VAR_XPORT_RETRY_TIME, DEF_XPORT_RETRY_TIME, &var_transport_retry_time, 1, 0,
VAR_QMGR_CLOG_WARN_TIME, DEF_QMGR_CLOG_WARN_TIME, &var_qmgr_clog_warn_time, 0, 0,
0,
* daemon waits for the qmgr to accept the "new mail" trigger.
*/
if (message->flags) {
- if (event_time() >= message->arrival_time + var_max_queue_time) {
+ if (event_time() >= message->arrival_time +
+ (*message->sender ? var_max_queue_time : var_dsn_queue_time)) {
msg_info("%s: from=<%s>, status=expired, returned to sender",
message->queue_id, message->sender);
if (message->verp_delims == 0 || var_verp_bounce_off)
static void pre_init(char *unused_name, char **unused_argv)
{
static NAME_MASK lookup_masks[] = {
- SMTP_HOST_LOOKUP_DNS, SMTP_MASK_DNS,
- SMTP_HOST_LOOKUP_NATIVE, SMTP_MASK_NATIVE,
+ SMTP_HOST_LOOKUP_DNS, SMTP_HOST_FLAG_DNS,
+ SMTP_HOST_LOOKUP_NATIVE, SMTP_HOST_FLAG_NATIVE,
0,
};
* Select hostname lookup mechanisms.
*/
if (var_disable_dns)
- smtp_host_lookup_mask = SMTP_MASK_NATIVE;
+ smtp_host_lookup_mask = SMTP_HOST_FLAG_NATIVE;
else
smtp_host_lookup_mask = name_mask(VAR_SMTP_HOST_LOOKUP, lookup_masks,
var_smtp_host_lookup);
#define SMTP_FEATURE_XFORWARD_PROTO (1<<9)
#define SMTP_FEATURE_XFORWARD_HELO (1<<10)
+ /*
+ * Misc flags.
+ */
+#define SMTP_MISC_FLAG_LOOP_DETECT (1<<0)
+
+#define SMTP_MISC_FLAG_DEFAULT SMTP_MISC_FLAG_LOOP_DETECT
+
/*
* smtp.c
*/
extern int smtp_errno; /* XXX can we get rid of this? */
-#define SMTP_NONE 0 /* no error */
-#define SMTP_FAIL 1 /* permanent error */
-#define SMTP_RETRY 2 /* temporary error */
-#define SMTP_LOOP 3 /* MX loop */
+#define SMTP_ERR_NONE 0 /* no error */
+#define SMTP_ERR_FAIL 1 /* permanent error */
+#define SMTP_ERR_RETRY 2 /* temporary error */
+#define SMTP_ERR_LOOP 3 /* mailer loop */
extern int smtp_host_lookup_mask; /* host lookup methods to use */
-#define SMTP_MASK_DNS (1<<0)
-#define SMTP_MASK_NATIVE (1<<1)
+#define SMTP_HOST_FLAG_DNS (1<<0)
+#define SMTP_HOST_FLAG_NATIVE (1<<1)
/*
* smtp_session.c
/*
* smtp_proto.c
*/
-extern int smtp_helo(SMTP_STATE *);
+extern int smtp_helo(SMTP_STATE *, int);
extern int smtp_xfer(SMTP_STATE *);
extern void smtp_quit(SMTP_STATE *);
/* SYNOPSIS
/* #include "smtp_addr.h"
/*
-/* DNS_RR *smtp_domain_addr(name, why)
+/* DNS_RR *smtp_domain_addr(name, misc_flags, why)
/* char *name;
+/* int misc_flags;
/* VSTRING *why;
/*
-/* DNS_RR *smtp_host_addr(name, why)
+/* DNS_RR *smtp_host_addr(name, misc_flags, why)
/* char *name;
+/* int misc_flags;
/* VSTRING *why;
/* DESCRIPTION
/* This module implements Internet address lookups. By default,
/*
* Use DNS lookup, but keep the option open to use native name service.
*/
- if (smtp_host_lookup_mask & SMTP_MASK_DNS) {
+ if (smtp_host_lookup_mask & SMTP_HOST_FLAG_DNS) {
switch (dns_lookup(host, T_A, RES_DEFNAMES, &addr, (VSTRING *) 0, why)) {
case DNS_OK:
for (rr = addr; rr; rr = rr->next)
addr_list = dns_rr_append(addr_list, addr);
return (addr_list);
default:
- smtp_errno = SMTP_RETRY;
+ smtp_errno = SMTP_ERR_RETRY;
return (addr_list);
case DNS_FAIL:
- if (smtp_errno != SMTP_RETRY)
- smtp_errno = SMTP_FAIL;
+ if (smtp_errno != SMTP_ERR_RETRY)
+ smtp_errno = SMTP_ERR_FAIL;
return (addr_list);
case DNS_NOTFOUND:
- if (smtp_errno != SMTP_RETRY)
- smtp_errno = SMTP_FAIL;
+ if (smtp_errno != SMTP_ERR_RETRY)
+ smtp_errno = SMTP_ERR_FAIL;
/* maybe gethostbyname() will succeed */
break;
}
/*
* Use the native name service which also looks in /etc/hosts.
*/
- if (smtp_host_lookup_mask & SMTP_MASK_NATIVE) {
+ if (smtp_host_lookup_mask & SMTP_HOST_FLAG_NATIVE) {
memset((char *) &fixed, 0, sizeof(fixed));
if ((hp = gethostbyname(host)) == 0) {
vstring_sprintf(why, "%s: %s", host, HSTRERROR(h_errno));
- if (smtp_errno != SMTP_RETRY)
- smtp_errno = (h_errno == TRY_AGAIN ? SMTP_RETRY : SMTP_FAIL);
+ if (smtp_errno != SMTP_ERR_RETRY)
+ smtp_errno =
+ (h_errno == TRY_AGAIN ? SMTP_ERR_RETRY : SMTP_ERR_FAIL);
} else if (hp->h_addrtype != AF_INET) {
vstring_sprintf(why, "%s: host not found", host);
msg_warn("%s: unknown address family %d for %s",
myname, hp->h_addrtype, host);
- if (smtp_errno != SMTP_RETRY)
- smtp_errno = SMTP_FAIL;
+ if (smtp_errno != SMTP_ERR_RETRY)
+ smtp_errno = SMTP_ERR_FAIL;
} else {
while (hp->h_addr_list[0]) {
addr_list = dns_rr_append(addr_list,
/* smtp_domain_addr - mail exchanger address lookup */
-DNS_RR *smtp_domain_addr(char *name, VSTRING *why)
+DNS_RR *smtp_domain_addr(char *name, int misc_flags, VSTRING *why)
{
DNS_RR *mx_names;
DNS_RR *addr_list = 0;
unsigned best_pref;
unsigned best_found;
- smtp_errno = SMTP_NONE; /* Paranoia */
+ smtp_errno = SMTP_ERR_NONE; /* Paranoia */
/*
* Preferences from DNS use 0..32767, fall-backs use 32768+.
*/
switch (dns_lookup(name, T_MX, 0, &mx_names, (VSTRING *) 0, why)) {
default:
- smtp_errno = SMTP_RETRY;
+ smtp_errno = SMTP_ERR_RETRY;
if (var_ign_mx_lookup_err)
- addr_list = smtp_host_addr(name, why);
+ addr_list = smtp_host_addr(name, misc_flags, why);
break;
case DNS_FAIL:
- smtp_errno = SMTP_FAIL;
+ smtp_errno = SMTP_ERR_FAIL;
if (var_ign_mx_lookup_err)
- addr_list = smtp_host_addr(name, why);
+ addr_list = smtp_host_addr(name, misc_flags, why);
break;
case DNS_OK:
mx_names = dns_rr_sort(mx_names, smtp_compare_pref);
dns_rr_free(mx_names);
if (addr_list == 0) {
if (var_smtp_defer_mxaddr)
- smtp_errno = SMTP_RETRY;
+ smtp_errno = SMTP_ERR_RETRY;
msg_warn("no MX host for %s has a valid A record", name);
break;
}
best_found = (addr_list ? addr_list->pref : IMPOSSIBLE_PREFERENCE);
if (msg_verbose)
smtp_print_addr(name, addr_list);
- if ((self = smtp_find_self(addr_list)) != 0) {
+ if ((misc_flags & SMTP_MISC_FLAG_LOOP_DETECT)
+ && (self = smtp_find_self(addr_list)) != 0) {
addr_list = smtp_truncate_self(addr_list, self->pref);
if (addr_list == 0) {
if (best_pref != best_found) {
vstring_sprintf(why, "unable to find primary relay for %s",
name);
- smtp_errno = SMTP_RETRY;
+ smtp_errno = SMTP_ERR_RETRY;
} else {
vstring_sprintf(why, "mail for %s loops back to myself",
name);
- smtp_errno = SMTP_LOOP;
+ smtp_errno = SMTP_ERR_LOOP;
}
}
}
}
break;
case DNS_NOTFOUND:
- addr_list = smtp_host_addr(name, why);
+ addr_list = smtp_host_addr(name, misc_flags, why);
break;
}
/* smtp_host_addr - direct host lookup */
-DNS_RR *smtp_host_addr(char *host, VSTRING *why)
+DNS_RR *smtp_host_addr(char *host, int misc_flags, VSTRING *why)
{
DNS_RR *addr_list;
- smtp_errno = SMTP_NONE; /* Paranoia */
+ smtp_errno = SMTP_ERR_NONE; /* Paranoia */
/*
* If the host is specified by numerical address, just convert the
*/
#define PREF0 0
addr_list = smtp_addr_one((DNS_RR *) 0, host, PREF0, why);
-#if 0
- if (addr_list && smtp_find_self(addr_list) != 0) {
+ if (addr_list
+ && (misc_flags & SMTP_MISC_FLAG_LOOP_DETECT)
+ && smtp_find_self(addr_list) != 0) {
dns_rr_free(addr_list);
vstring_sprintf(why, "mail for %s loops back to myself", host);
- smtp_errno = SMTP_LOOP;
+ smtp_errno = SMTP_ERR_LOOP;
return (0);
}
-#endif
if (addr_list && addr_list->next && var_smtp_rand_addr)
addr_list = dns_rr_shuffle(addr_list);
if (msg_verbose)
/*
* Internal interfaces.
*/
-extern DNS_RR *smtp_host_addr(char *, VSTRING *);
-extern DNS_RR *smtp_domain_addr(char *, VSTRING *);
+extern DNS_RR *smtp_host_addr(char *, int, VSTRING *);
+extern DNS_RR *smtp_domain_addr(char *, int, VSTRING *);
/* LICENSE
/* .ad
/* int smtp_connect(state)
/* SMTP_STATE *state;
/* DESCRIPTION
-/* This module implements SMTP connection management and mail
-/* delivery.
+/* This module implements SMTP connection management and controls
+/* mail delivery.
/*
/* smtp_connect() attempts to establish an SMTP session with a host
/* that represents the destination domain, or with an optional fallback
#endif
#ifndef INADDR_NONE
-#define INADDR_NONE 0xffffff
+#define INADDR_NONE 0xffffffff
#endif
/* Utility library. */
int ch;
unsigned long inaddr;
- smtp_errno = SMTP_NONE; /* Paranoia */
+ smtp_errno = SMTP_ERR_NONE; /* Paranoia */
/*
* Sanity checks.
*/
if (addr->data_len > sizeof(sin.sin_addr)) {
msg_warn("%s: skip address with length %d", myname, addr->data_len);
- smtp_errno = SMTP_RETRY;
+ smtp_errno = SMTP_ERR_RETRY;
return (0);
}
if (conn_stat < 0) {
vstring_sprintf(why, "connect to %s[%s]: %m",
addr->name, inet_ntoa(sin.sin_addr));
- smtp_errno = SMTP_RETRY;
+ smtp_errno = SMTP_ERR_RETRY;
close(sock);
return (0);
}
if (read_wait(sock, var_smtp_helo_tmout) < 0) {
vstring_sprintf(why, "connect to %s[%s]: read timeout",
addr->name, inet_ntoa(sin.sin_addr));
- smtp_errno = SMTP_RETRY;
+ smtp_errno = SMTP_ERR_RETRY;
close(sock);
return (0);
}
if ((ch = VSTREAM_GETC(stream)) == VSTREAM_EOF) {
vstring_sprintf(why, "connect to %s[%s]: server dropped connection without sending the initial SMTP greeting",
addr->name, inet_ntoa(sin.sin_addr));
- smtp_errno = SMTP_RETRY;
+ smtp_errno = SMTP_ERR_RETRY;
vstream_fclose(stream);
return (0);
}
if (ch == '4' && var_smtp_skip_4xx_greeting) {
vstring_sprintf(why, "connect to %s[%s]: server refused mail service",
addr->name, inet_ntoa(sin.sin_addr));
- smtp_errno = SMTP_RETRY;
+ smtp_errno = SMTP_ERR_RETRY;
vstream_fclose(stream);
return (0);
}
if (ch == '5' && var_smtp_skip_5xx_greeting) {
vstring_sprintf(why, "connect to %s[%s]: server refused mail service",
addr->name, inet_ntoa(sin.sin_addr));
- smtp_errno = SMTP_RETRY;
+ smtp_errno = SMTP_ERR_RETRY;
vstream_fclose(stream);
return (0);
}
DNS_RR *next;
int addr_count;
int sess_count;
+ int misc_flags = SMTP_MISC_FLAG_DEFAULT;
/*
* First try to deliver to the indicated destination, then try to deliver
*/
if (msg_verbose)
msg_info("connecting to %s port %d", host, ntohs(port));
+ if (ntohs(port) != 25)
+ misc_flags &= ~SMTP_MISC_FLAG_LOOP_DETECT;
+ else
+ misc_flags |= SMTP_MISC_FLAG_LOOP_DETECT;
if (var_disable_dns || *dest == '[') {
- addr_list = smtp_host_addr(host, why);
+ addr_list = smtp_host_addr(host, misc_flags, why);
} else {
- addr_list = smtp_domain_addr(host, why);
+ addr_list = smtp_domain_addr(host, misc_flags, why);
}
myfree(dest_buf);
* Don't try any backup host if mail loops to myself. That would just
* make the problem worse.
*/
- if (addr_list == 0 && smtp_errno == SMTP_LOOP)
+ if (addr_list == 0 && smtp_errno == SMTP_ERR_LOOP)
break;
/*
- * Connect to an SMTP server. XXX Limit the number of addresses that
- * we're willing to try for a non-fallback destination.
+ * Connect to an SMTP server.
*
* At the start of an SMTP session, all recipients are unmarked. In the
* course of an SMTP session, recipients are marked as KEEP (deliver
- * to backup mail server) or DROP (remove from recipient list). The
- * marking policy is configurable with the smtp_backup_on_soft_error
- * parameter. At the end of an SMTP session, weed out the recipient
- * list. Unmark any left-over recipients and try to deliver them to a
- * backup mail server.
+ * to alternate mail server) or DROP (remove from recipient list). At
+ * the end of an SMTP session, weed out the recipient list. Unmark
+ * any left-over recipients and try to deliver them to a backup mail
+ * server.
*/
sess_count = addr_count = 0;
for (addr = addr_list; SMTP_RCPT_LEFT(state) > 0 && addr; addr = next) {
state->final_server = (cpp[1] == 0 && next == 0);
state->session->best = (addr->pref == addr_list->pref);
debug_peer_check(state->session->host, state->session->addr);
- if (smtp_helo(state) == 0)
+ if (smtp_helo(state, misc_flags) == 0)
smtp_xfer(state);
if (state->history != 0
&& (state->error_mask & name_mask(VAR_NOTIFY_CLASSES,
default:
msg_panic("smtp_connect: bad error indication %d", smtp_errno);
- case SMTP_LOOP:
- case SMTP_FAIL:
+ case SMTP_ERR_LOOP:
+ case SMTP_ERR_FAIL:
/*
* The fall-back destination did not resolve as expected, or it
*/
if (sites->argc > 1 && cpp > sites->argv) {
msg_warn("%s configuration problem", VAR_FALLBACK_RELAY);
- smtp_errno = SMTP_RETRY;
+ smtp_errno = SMTP_ERR_RETRY;
}
/*
*/
else if (strcmp(sites->argv[0], var_relayhost) == 0) {
msg_warn("%s configuration problem", VAR_RELAYHOST);
- smtp_errno = SMTP_RETRY;
+ smtp_errno = SMTP_ERR_RETRY;
}
/*
* Mail for the next-hop destination loops back to myself. Pass
* the mail to the best_mx_transport or bounce it.
*/
- else if (smtp_errno == SMTP_LOOP && *var_bestmx_transp) {
+ else if (smtp_errno == SMTP_ERR_LOOP && *var_bestmx_transp) {
state->status = deliver_pass_all(MAIL_CLASS_PRIVATE,
var_bestmx_transp,
request);
}
/* FALLTHROUGH */
- case SMTP_RETRY:
+ case SMTP_ERR_RETRY:
/*
* We still need to bounce or defer some left-over recipients:
* either mail loops or some backup mail server was unavailable.
*/
state->final_server = 1; /* XXX */
- smtp_site_fail(state, smtp_errno == SMTP_RETRY ? 450 : 550,
+ smtp_site_fail(state, smtp_errno == SMTP_ERR_RETRY ? 450 : 550,
"%s", vstring_str(why));
/*
/* smtp_helo - perform initial handshake with SMTP server */
-int smtp_helo(SMTP_STATE *state)
+int smtp_helo(SMTP_STATE *state, int misc_flags)
{
SMTP_SESSION *session = state->session;
DELIVER_REQUEST *request = state->request;
(void) mystrtok(&words, "- \t\n");
for (n = 0; (word = mystrtok(&words, " \t\n")) != 0; n++) {
if (n == 0 && strcasecmp(word, var_myhostname) == 0) {
- msg_warn("host %s greeted me with my own hostname %s",
- session->namaddr, var_myhostname);
+ if (misc_flags & SMTP_MISC_FLAG_LOOP_DETECT)
+ msg_warn("host %s greeted me with my own hostname %s",
+ session->namaddr, var_myhostname);
} else if (strcasecmp(word, "ESMTP") == 0)
state->features |= SMTP_FEATURE_ESMTP;
}
smtp_sasl_helo_auth(state, words);
#endif
else if (strcasecmp(word, var_myhostname) == 0) {
- msg_warn("host %s replied to HELO/EHLO with my own hostname %s",
- session->namaddr, var_myhostname);
- return (smtp_site_fail(state, session->best ? 550 : 450,
- "mail for %s loops back to myself",
- request->nexthop));
+ if (misc_flags & SMTP_MISC_FLAG_LOOP_DETECT) {
+ msg_warn("host %s replied to HELO/EHLO with my own hostname %s",
+ session->namaddr, var_myhostname);
+ return (smtp_site_fail(state, session->best ? 550 : 450,
+ "mail for %s loops back to myself",
+ request->nexthop));
+ }
}
}
}
/* .IP \(bu
/* In the course of a delivery attempt each recipient is
/* marked either as DROP (remove from recipient list) or KEEP
-/* (deliver to backup mail server).
+/* (deliver to alternate mail server).
/* .IP \(bu
/* After a delivery attempt any recipients marked DROP are deleted
/* from the request, and the left-over recipients are unmarked.
/* List of commands that are treated as NOOP (no operation) commands,
/* without any parameter syntax checking and without any state change.
/* This list overrides built-in command definitions.
-/* .SH "Content inspection controls"
-/* Optionally, Postfix can be configured to send new mail to
-/* external content filter software AFTER the mail is queued.
+/* .SH "Content inspection after mail is queued"
+/* .ad
+/* .fi
+/* Postfix can be configured to send new mail to an external
+/* content filter AFTER the mail is queued.
/* .IP \fBcontent_filter\fR
/* The name of a mail delivery transport that filters mail and that
/* either bounces mail or re-injects the result back into Postfix.
/* Disable header/body_checks. This is typically specified with the
/* SMTP server \fBafter\fR an external content filter.
/* .RE
-/* .SH "Pass-through proxy"
+/* .SH "Content inspection before mail is queued"
/* .ad
/* .fi
-/* .ad
-/* Optionally, the Postfix SMTP server can be configured to
-/* forward all mail to a proxy server, for example a real-time
-/* content filter, BEFORE mail is queued.
+/* The Postfix SMTP server can be configured to forward all mail
+/* to a real-time SMTP-based content filter BEFORE mail is queued.
/* .IP \fBsmtpd_proxy_filter\fR
-/* The \fIhost:port\fR of the SMTP proxy server. The \fIhost\fR
-/* or \fIhost:\fR portion is optional.
+/* The \fIhost:port\fR of the real-time SMTP-based content filter.
+/* The \fIhost\fR or \fIhost:\fR portion is optional.
/* .IP \fBsmtpd_proxy_timeout\fR
/* Timeout for connecting to, sending to and receiving from
-/* the SMTP proxy server.
+/* the real-time SMTP-based content filter.
/* .IP \fBsmtpd_proxy_ehlo\fR
/* The hostname to use when sending an EHLO command to the
-/* SMTP proxy server.
+/* real-time SMTP-based content filter.
/* .SH "Authentication controls"
/* .IP \fBsmtpd_sasl_auth_enable\fR
/* Enable per-session authentication as per RFC 2554 (SASL).
* Report trouble. Log a warning only if we are going to sleep+reject so
* that attackers can't flood our logfiles.
*/
- if ((arg->strval[0] == 0 && !allow_empty_addr)
- || (strict_rfc821 && arg->strval[0] == '@')) {
- msg_warn("Illegal address syntax from %s in %s command: %s",
- state->namaddr, state->where, STR(arg->vstrval));
- err = "501 Bad address syntax";
- }
+ if (err == 0)
+ if ((arg->strval[0] == 0 && !allow_empty_addr)
+ || (strict_rfc821 && arg->strval[0] == '@')
+ || smtpd_check_addr(STR(arg->vstrval)) != 0) {
+ msg_warn("Illegal address syntax from %s in %s command: %s",
+ state->namaddr, state->where, STR(arg->vstrval));
+ err = "501 Bad address syntax";
+ }
/*
* Cleanup.
} else if (state->cleanup == 0) {
mail_open_stream(state);
}
+
+ /*
+ * Proxy the recipient. OK, so we lied. If the real-time proxy rejects
+ * the recipient then we can have a proxy connection without having
+ * accepted a recipient.
+ */
if (state->proxy && smtpd_proxy_cmd(state, SMTPD_PROX_WANT_OK,
"%s", STR(state->buffer)) != 0) {
smtpd_chat_reply(state, "%s", STR(state->proxy_buffer));
* Terminate the message envelope segment. Start the message content
* segment, and prepend our own Received: header. If there is only one
* recipient, list the recipient address.
- *
- * Suppress our own Received: header in the unlikely case that we are an
- * intermediate proxy.
*/
if (state->cleanup) {
if (state->saved_filter)
rec_fprintf(state->cleanup, REC_TYPE_FLGS, "%d", state->saved_flags);
rec_fputs(state->cleanup, REC_TYPE_MESG, "");
}
+
+ /*
+ * Suppress our own Received: header in the unlikely case that we are an
+ * intermediate proxy.
+ */
if (!state->proxy || state->xforward.flags == 0) {
out_fprintf(out_stream, REC_TYPE_NORM,
"Received: from %s (%s [%s])",
/*
* Copy the message content. If the cleanup process has a problem, keep
- * reading until the remote stops sending, then complain. Read typed
+ * reading until the remote stops sending, then complain. Produce typed
* records from the SMTP stream so we can handle data that spans buffers.
*
* XXX Force an empty record when the queue file content begins with
} SMTPD_XFORWARD_ATTR;
typedef struct SMTPD_STATE {
- int err;
- VSTREAM *client;
- VSTRING *buffer;
- time_t time;
- char *name;
- char *addr;
- char *namaddr;
+ int err; /* cleanup server/queue file errors */
+ VSTREAM *client; /* SMTP client handle */
+ VSTRING *buffer; /* SMTP client buffer */
+ time_t time; /* start of MAIL FROM transaction */
+ char *name; /* client hostname */
+ char *addr; /* client host address string */
+ char *namaddr; /* combined name and address */
int peer_code; /* 2=ok, 4=soft, 5=hard */
- int error_count;
- int error_mask;
- int notify_mask;
- char *helo_name;
- char *queue_id;
- VSTREAM *cleanup;
- MAIL_STREAM *dest;
- int rcpt_count;
- char *access_denied;
- ARGV *history;
- char *reason;
- char *sender;
+ int error_count; /* reset after DOT */
+ int error_mask; /* client errors */
+ int notify_mask; /* what to report to postmaster */
+ char *helo_name; /* client HELO/EHLO argument */
+ char *queue_id; /* from cleanup server/queue file */
+ VSTREAM *cleanup; /* cleanup server/queue file handle */
+ MAIL_STREAM *dest; /* another server/file handle */
+ int rcpt_count; /* number of accepted recipients */
+ char *access_denied; /* fixme */
+ ARGV *history; /* protocol transcript */
+ char *reason; /* cause of connection loss */
+ char *sender; /* sender address */
char *encoding; /* owned by mail_cmd() */
char *verp_delims; /* owned by mail_cmd() */
- char *recipient;
- char *etrn_name;
- char *protocol;
- char *where;
- int recursion;
- off_t msg_size;
- int junk_cmds;
+ char *recipient; /* recipient address */
+ char *etrn_name; /* client ETRN argument */
+ char *protocol; /* SMTP or ESMTP */
+ char *where; /* protocol stage */
+ int recursion; /* Kellerspeicherpegelanzeiger */
+ off_t msg_size; /* MAIL FROM message size */
+ int junk_cmds; /* counter */
+
+ /*
+ * SASL specific.
+ */
#ifdef USE_SASL_AUTH
#if SASL_VERSION_MAJOR >= 2
const char *sasl_mechanism_list;
VSTRING *sasl_encoded;
VSTRING *sasl_decoded;
#endif
+
+ /*
+ * Specific to smtpd access checks.
+ */
int rcptmap_checked;
int warn_if_reject; /* force reject into warning */
SMTPD_DEFER defer_if_reject; /* force reject into deferral */
int saved_flags; /* postponed hold/discard */
VSTRING *expand_buf; /* scratch space for $name expansion */
- /* Pass-through proxy client. */
+ /*
+ * Pass-through proxy client.
+ */
VSTREAM *proxy; /* proxy handle */
VSTRING *proxy_buffer; /* proxy query/reply buffer */
char *proxy_mail; /* owned by mail_cmd() */
int proxy_xforward_features; /* XFORWARD proxy state */
- /* XFORWARD server state. */
+ /*
+ * XFORWARD server state.
+ */
SMTPD_XFORWARD_ATTR xforward; /* up-stream logging info */
} SMTPD_STATE;
#define FORWARD_HELO(s) FORWARD_CLIENT_ATTR((s), helo_name)
#define FORWARD_IDENT(s) FORWARD_IDENT_ATTR(s)
-extern void smtpd_xforward_init(SMTPD_STATE *state);
-extern void smtpd_xforward_preset(SMTPD_STATE *state);
-extern void smtpd_xforward_reset(SMTPD_STATE *state);
+extern void smtpd_xforward_init(SMTPD_STATE *);
+extern void smtpd_xforward_preset(SMTPD_STATE *);
+extern void smtpd_xforward_reset(SMTPD_STATE *);
/*
* Transparency: before mail is queued, do we check for unknown recipients,
/*
/* void smtpd_check_init()
/*
+/* int smtpd_check_addr(address)
+/* const char *address;
+/*
/* char *smtpd_check_client(state)
/* SMTPD_STATE *state;
/*
/* smtpd_check_init() initializes. This function should be called
/* once during the process life time.
/*
+/* smtpd_check_addr() sanity checks an email address and returns
+/* non-zero in case of badness.
+/*
/* Each of the following routines scrutinizes the argument passed to
/* an SMTP command such as HELO, MAIL FROM, RCPT TO, or scrutinizes
/* the initial client connection request. The administrator can
return (status);
}
+/* smtpd_check_addr - address sanity check */
+
+int smtpd_check_addr(const char *addr)
+{
+ const RESOLVE_REPLY *resolve_reply;
+ char *myname = "smtpd_check_addr";
+ int status;
+
+ if (msg_verbose)
+ msg_info("%s: addr=%s", myname, addr);
+
+ /*
+ * Catch syntax errors early on if we can, but be prepared to re-compute
+ * the result later when the cache fills up with lots of recipients, at
+ * which time errors can still happen.
+ */
+ if (addr == 0 || *addr == 0)
+ return (0);
+ resolve_reply = (const RESOLVE_REPLY *)
+ ctable_locate(smtpd_resolve_cache, addr);
+ if (resolve_reply->flags & RESOLVE_FLAG_ERROR)
+ return (-1);
+ return (0);
+}
+
/* smtpd_check_client - validate client name or address */
char *smtpd_check_client(SMTPD_STATE *state)
* External interface.
*/
extern void smtpd_check_init(void);
+extern int smtpd_check_addr(const char *);
extern char *smtpd_check_client(SMTPD_STATE *);
extern char *smtpd_check_helo(SMTPD_STATE *, char *);
extern char *smtpd_check_mail(SMTPD_STATE *, char *);
tok822_internalize(nextrcpt, tree, TOK822_STR_DEFL);
rcpt_domain = strrchr(STR(nextrcpt), '@') + 1;
if (*rcpt_domain == '[' ? !valid_hostliteral(rcpt_domain, DONT_GRIPE) :
- !valid_hostname(rcpt_domain, DONT_GRIPE))
+ (!valid_hostname(rcpt_domain, DONT_GRIPE)
+ || valid_hostaddr(rcpt_domain, DONT_GRIPE)))
*flags |= RESOLVE_FLAG_ERROR;
tok822_free_tree(tree);
tree = 0;
#if 0
if (strcasecmp(rcpt_domain, var_myorigin) == 0)
msg_warn("do not list $%s (%s) in %s",
- VAR_MYORIGIN, var_myorigin, VAR_VIRT_ALIAS_DOMS);
+ VAR_MYORIGIN, var_myorigin, VAR_VIRT_ALIAS_DOMS);
#endif
}
vstring_strcpy(channel, MAIL_SERVICE_ERROR);
projects / thirdparty / postfix.git / commitdiff
