20070614
- Workaround: some EXIM servers require SASL login without
- authzid (authoriZation ID), i.e. the client must send only
- the authcid (authentiCation ID) + the authcid's password.
- The IETF draft document says that in this case the server
- shall derive the authzid from the authcid. And since the
- Postfix client always used the same value for authzid and
- authcid, dropping the authzid should not create problems
- (lightly tested with Cyrus SASL servers). To get the old
- behavior specify "send_cyrus_sasl_authzid = yes". File:
- xsasl/xsasl_cyrus_client.c.
+ Workaround: some non-Cyrus SASL SMTP servers require SASL
+ login without authzid (authoriZation ID), i.e. the client
+ must send only the authcid (authentiCation ID) + the authcid's
+ password. In this case the server is supposed to derive
+ the authzid from the authcid. This works as expected when
+ authenticating to a Cyrus SASL SMTP server. To get the old
+ behavior specify "send_cyrus_sasl_authzid = yes", in which
+ case Postfix sends the (authzid, authcid, password), with
+ the authzid equal to the authcid. File: xsasl/xsasl_cyrus_client.c.
+
+20070619
+
+ Portability: /dev/poll support for Solaris chroot jail setup
+ scripts. Files: examples/chroot-setup/Solaris8,
+ examples/chroot-setup/Solaris10.
+
+20070713
+
+ The RFC documents at www.faqs.org are being polluted with
+ "feedback" spam. The Postfix hypertext documentation now
+ points to tools.ietf.org. File: mantools/postlink.
+
+20070719
+
+ Feature: updated smtp-sink with new options to send a
+ pre-formatted message from file, and to handle replies other
+ than the expected 2xx or 3xx. File: smtpstone/smtp-source.c.
+
+ Cleanup: streamlined Milter client error handling, so that
+ the (Postfix SMTP server's Milter client) does not get out
+ of sync with Milter applications after the (cleanup server's
+ Milter client) encounters some non-recoverable problem.
+ Files: milter/milter8.c, smtpd/smtpd.c.
/etc/postfix/main.cf:
smtpd_recipient_restrictions =
- permit_mynetworks permit_sasl_authenticated ...
+ permit_mynetworks
+ permit_sasl_authenticated
+ reject_unauth_destination
To report SASL login names in Received: message headers (Postfix version 2.3
and later):
250-ETRN
250-AUTH DIGEST-MD5 PLAIN CRAM-MD5
250 8BITMIME
- A\bAU\bUT\bTH\bH P\bPL\bLA\bAI\bIN\bN d\bdG\bGV\bVz\bzd\bdA\bAB\bB0\b0Z\bZX\bXN\bN0\b0A\bAH\bHR\bRl\blc\bc3\b3R\bRw\bwY\bYX\bXN\bNz\bz
+ A\bAU\bUT\bTH\bH P\bPL\bLA\bAI\bIN\bN A\bAH\bHR\bRl\blc\bc3\b3Q\bQA\bAd\bdG\bGV\bVz\bzd\bdH\bHB\bBh\bhc\bc3\b3M\bM=\b=
235 Authentication successful
-Instead of dGVzdAB0ZXN0AHRlc3RwYXNz, specify the base64 encoded form of
-username\0username\0password (the \0 is a null byte). The example above is for
-a user named `test' with password `testpass'.
+Instead of AHRlc3QAdGVzdHBhc3M=, specify the base64 encoded form of
+\0username\0password (the \0 is a null byte). The example above is for a user
+named `test' with password `testpass'.
In order to generate base64 encoded authentication information you can use one
of the following commands:
- % printf 'username\0username\0password' | mmencode
+ % printf '\0username\0password' | mmencode
% perl -MMIME::Base64 -e \
- 'print encode_base64("username\0username\0password");'
+ 'print encode_base64("\0username\0password");'
The mmencode command is part of the metamail software. MIME::Base64 is
available from http://www.cpan.org/.
Incompatibility with Postfix snapshot 20070614
==============================================
-By default, the Cyrus SASL client no longer sends an authoriZation
-ID (authzid); it sends only the authentiCation ID (authcid) plus
-the authcid's password. Specify "send_cyrus_sasl_authzid = yes" to
-get the old behavior.
+By default, the Postfix Cyrus SASL client no longer sends a SASL
+authoriZation ID (authzid); it sends only the SASL authentiCation
+ID (authcid) plus the authcid's password. Specify "send_cyrus_sasl_authzid
+= yes" to get the old behavior.
Incompatibility with Postfix snapshot 20070613
==============================================
Wish list:
+ Absent a formal spec, model IPv6 RBL lookups after the IPv6
+ PTR lookups (one zone per hex nibble, nibbles in reversed
+ order). How to specify whether to query an RBL server for
+ status info about an IPv6 address? One could argue that as
+ long as IPv6 traffic is small an unsupported lookup doesn't
+ matter; and once IPv6 takes off, the RBL servers better
+ start supporting IPv6 client status information.
+
+ Don't log "warning: XXXXX: undeliverable postmaster
+ notification discarded" for spam from outside.
+
Really need a cleanup driver that allows testing against
Milter applications instead of synthetic events. This would
have to provide stubs for clients that talk to Postfix
into mailer-daemon (current bahavior) or disallow (strict
behavior, currently implemented only in the SMTP server).
- The type of var_message_limit should be changed from int
- to long or better, to take advantage of LP64 architectures.
- This also requires checking all expressions in which
- var_message_limit appears.
+ Plan for time_t larger than long, or wait for LP64 to
+ dominate the world?
+
+ The type of var_message_limit (and other file size/offset
+ configuration parameters or internal protocol attributes)
+ should be changed from int to off_t. This also requires
+ checking all expressions in which var_message_limit etc.
+ appears.
Add M flag (enable multi-recipient delivery) to pipe daemon.
/dev/tcp6
/dev/udp
/dev/tcp
+/dev/poll
/dev/rawip
/dev/ticlts
/dev/ticotsord
/devices/pseudo/tcp6@0:tcp6
/devices/pseudo/udp@0:udp
/devices/pseudo/tcp@0:tcp
+/devices/pseudo/poll@0:poll
/devices/pseudo/icmp@0:icmp
/devices/pseudo/tl@0:ticlts
/devices/pseudo/tl@0:ticotsord
/dev/tcp6
/dev/udp
/dev/tcp
+/dev/poll
/dev/rawip
/dev/ticlts
/dev/ticotsord
/devices/pseudo/tcp6@0:tcp6
/devices/pseudo/udp@0:udp
/devices/pseudo/tcp@0:tcp
+/devices/pseudo/poll@0:poll
/devices/pseudo/icmp@0:icmp
/devices/pseudo/tl@0:ticlts
/devices/pseudo/tl@0:ticotsord
<h2><a name="intro">How Postfix uses SASL authentication information</a></h2>
-<p> Postfix SASL support (<a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a>) can be used to authenticate
+<p> Postfix SASL support (<a href="http://tools.ietf.org/html/rfc2554">RFC 2554</a>) can be used to authenticate
remote SMTP clients to the Postfix SMTP server, and to authenticate
the Postfix SMTP client to a remote SMTP server. </p>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> =
- <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a> <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a> ...
+ <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>
+ <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>
+ <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
</pre>
</blockquote>
250-ETRN
250-AUTH DIGEST-MD5 PLAIN CRAM-MD5
250 8BITMIME
-<b>AUTH PLAIN dGVzdAB0ZXN0AHRlc3RwYXNz</b>
+<b>AUTH PLAIN AHRlc3QAdGVzdHBhc3M=</b>
235 Authentication successful
</pre>
</blockquote>
-<p> Instead of dGVzdAB0ZXN0AHRlc3RwYXNz, specify the base64 encoded
-form of username\0username\0password (the \0 is a null byte). The
+<p> Instead of AHRlc3QAdGVzdHBhc3M=, specify the base64 encoded
+form of \0username\0password (the \0 is a null byte). The
example above is for a user named `test' with password `testpass'.
</p>
<blockquote>
<pre>
-% printf 'username\0username\0password' | mmencode
+% printf '\0username\0password' | mmencode
</pre>
</blockquote>
<blockquote>
<pre>
% perl -MMIME::Base64 -e \
- 'print encode_base64("username\0username\0password");'
+ 'print encode_base64("\0username\0password");'
</pre>
</blockquote>
<b>REJECT ACTIONS</b>
Postfix version 2.3 and later support enhanced status
- codes as defined in <a href="http://www.faqs.org/rfcs/rfc3463.html">RFC 3463</a>. When no code is specified
+ codes as defined in <a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a>. When no code is specified
at the beginning of the <i>text</i> below, Postfix inserts a
default enhanced status code of "5.7.1" in the case of
reject actions, and "4.7.1" in the case of defer actions.
<b>ENHANCED STATUS CODES</b>
Postfix version 2.3 and later support enhanced status
- codes as defined in <a href="http://www.faqs.org/rfcs/rfc3463.html">RFC 3463</a>. When an enhanced status
+ codes as defined in <a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a>. When an enhanced status
code is specified in an access table, it is subject to
modification. The following transformations are needed
when the same access table is used for client, helo,
<i>address</i>
Mail is forwarded to <i>address</i>, which is compatible
- with the <a href="http://www.faqs.org/rfcs/rfc822.html">RFC 822</a> standard.
+ with the <a href="http://tools.ietf.org/html/rfc822">RFC 822</a> standard.
<i>/file/name</i>
Mail is appended to <i>/file/name</i>. See <a href="local.8.html"><b>local</b>(8)</a> for
.forward files.
<b>STANDARDS</b>
- <a href="http://www.faqs.org/rfcs/rfc822.html">RFC 822</a> (ARPA Internet Text Messages)
+ <a href="http://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
<b>SEE ALSO</b>
<a href="local.8.html">local(8)</a>, local delivery agent
on retry logic in their own client.
<b>STANDARDS</b>
- <a href="http://www.faqs.org/rfcs/rfc822.html">RFC 822</a> (ARPA Internet Text Messages)
- <a href="http://www.faqs.org/rfcs/rfc2045.html">RFC 2045</a> (Format of Internet Message Bodies)
- <a href="http://www.faqs.org/rfcs/rfc2822.html">RFC 2822</a> (ARPA Internet Text Messages)
- <a href="http://www.faqs.org/rfcs/rfc3462.html">RFC 3462</a> (Delivery Status Notifications)
- <a href="http://www.faqs.org/rfcs/rfc3464.html">RFC 3464</a> (Delivery Status Notifications)
- <a href="http://www.faqs.org/rfcs/rfc3834.html">RFC 3834</a> (Auto-Submitted: message header)
+ <a href="http://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
+ <a href="http://tools.ietf.org/html/rfc2045">RFC 2045</a> (Format of Internet Message Bodies)
+ <a href="http://tools.ietf.org/html/rfc2822">RFC 2822</a> (ARPA Internet Text Messages)
+ <a href="http://tools.ietf.org/html/rfc3462">RFC 3462</a> (Delivery Status Notifications)
+ <a href="http://tools.ietf.org/html/rfc3464">RFC 3464</a> (Delivery Status Notifications)
+ <a href="http://tools.ietf.org/html/rfc3834">RFC 3834</a> (Auto-Submitted: message header)
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8).
bounce the message back to the sender in case of trouble.
<b>STANDARDS</b>
- <a href="http://www.faqs.org/rfcs/rfc822.html">RFC 822</a> (ARPA Internet Text Messages)
- <a href="http://www.faqs.org/rfcs/rfc2045.html">RFC 2045</a> (MIME: Format of Internet Message Bodies)
- <a href="http://www.faqs.org/rfcs/rfc2046.html">RFC 2046</a> (MIME: Media Types)
- <a href="http://www.faqs.org/rfcs/rfc3463.html">RFC 3463</a> (Enhanced Status Codes)
- <a href="http://www.faqs.org/rfcs/rfc3464.html">RFC 3464</a> (Delivery status notifications)
+ <a href="http://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
+ <a href="http://tools.ietf.org/html/rfc2045">RFC 2045</a> (MIME: Format of Internet Message Bodies)
+ <a href="http://tools.ietf.org/html/rfc2046">RFC 2046</a> (MIME: Media Types)
+ <a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced Status Codes)
+ <a href="http://tools.ietf.org/html/rfc3464">RFC 3464</a> (Delivery status notifications)
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8).
on retry logic in their own client.
<b>STANDARDS</b>
- <a href="http://www.faqs.org/rfcs/rfc822.html">RFC 822</a> (ARPA Internet Text Messages)
- <a href="http://www.faqs.org/rfcs/rfc2045.html">RFC 2045</a> (Format of Internet Message Bodies)
- <a href="http://www.faqs.org/rfcs/rfc2822.html">RFC 2822</a> (ARPA Internet Text Messages)
- <a href="http://www.faqs.org/rfcs/rfc3462.html">RFC 3462</a> (Delivery Status Notifications)
- <a href="http://www.faqs.org/rfcs/rfc3464.html">RFC 3464</a> (Delivery Status Notifications)
- <a href="http://www.faqs.org/rfcs/rfc3834.html">RFC 3834</a> (Auto-Submitted: message header)
+ <a href="http://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
+ <a href="http://tools.ietf.org/html/rfc2045">RFC 2045</a> (Format of Internet Message Bodies)
+ <a href="http://tools.ietf.org/html/rfc2822">RFC 2822</a> (ARPA Internet Text Messages)
+ <a href="http://tools.ietf.org/html/rfc3462">RFC 3462</a> (Delivery Status Notifications)
+ <a href="http://tools.ietf.org/html/rfc3464">RFC 3464</a> (Delivery Status Notifications)
+ <a href="http://tools.ietf.org/html/rfc3834">RFC 3834</a> (Auto-Submitted: message header)
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8).
queue file, a sender address, a domain or host name that
is treated as the reason for discarding the mail, and
recipient information. The reason may be prefixed with an
- <a href="http://www.faqs.org/rfcs/rfc3463.html">RFC 3463</a>-compatible detail code. This program expects to
+ <a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a>-compatible detail code. This program expects to
be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
The <a href="discard.8.html"><b>discard</b>(8)</a> delivery agent pretends to deliver all
requests from the queue manager. Each request specifies a
queue file, a sender address, the reason for non-delivery
(specified as the next-hop destination), and recipient
- information. The reason may be prefixed with an <a href="http://www.faqs.org/rfcs/rfc3463.html">RFC</a>
- <a href="http://www.faqs.org/rfcs/rfc3463.html">3463</a>-compatible detail code; if none is specified a
+ information. The reason may be prefixed with an <a href="http://tools.ietf.org/html/rfc3463">RFC</a>
+ <a href="http://tools.ietf.org/html/rfc3463">3463</a>-compatible detail code; if none is specified a
default 4.0.0 or 5.0.0 code is used instead. This program
expects to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
privilege.
<b>STANDARDS</b>
- <a href="http://www.faqs.org/rfcs/rfc3463.html">RFC 3463</a> (Enhanced Status Codes)
+ <a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced Status Codes)
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8).
or one body line at a time. A decision made for one
line is not carried over to the next line.
- <b>o</b> If text in the message body is encoded (<a href="http://www.faqs.org/rfcs/rfc2045.html">RFC 2045</a>)
+ <b>o</b> If text in the message body is encoded (<a href="http://tools.ietf.org/html/rfc2045">RFC 2045</a>)
then the rules need to be specified for the encoded
form.
- <b>o</b> Likewise, when message headers are encoded (<a href="http://www.faqs.org/rfcs/rfc2047.html">RFC</a>
- <a href="http://www.faqs.org/rfcs/rfc2047.html">2047</a>) then the rules need to be specified for the
+ <b>o</b> Likewise, when message headers are encoded (<a href="http://tools.ietf.org/html/rfc2047">RFC</a>
+ <a href="http://tools.ietf.org/html/rfc2047">2047</a>) then the rules need to be specified for the
encoded form.
Message headers added by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon itself are
<a href="postmap.1.html">postmap(1)</a>, Postfix lookup table management
<a href="postsuper.1.html">postsuper(1)</a>, Postfix janitor
<a href="postcat.1.html">postcat(1)</a>, show Postfix queue file contents
- <a href="http://www.faqs.org/rfcs/rfc2045.html">RFC 2045</a>, base64 and quoted-printable encoding rules
- <a href="http://www.faqs.org/rfcs/rfc2047.html">RFC 2047</a>, message header encoding for non-ASCII text
+ <a href="http://tools.ietf.org/html/rfc2045">RFC 2045</a>, base64 and quoted-printable encoding rules
+ <a href="http://tools.ietf.org/html/rfc2047">RFC 2047</a>, message header encoding for non-ASCII text
<b>README FILES</b>
<a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
timeout = 5
<b>search_base (No default; you must configure this)</b>
- The <a href="http://www.faqs.org/rfcs/rfc2253.html">RFC2253</a> base DN at which to conduct the search,
+ The <a href="http://tools.ietf.org/html/rfc2253">RFC2253</a> base DN at which to conduct the search,
e.g.
search_base = dc=your, dc=com
<b>%%</b> This is replaced by a literal '%' character.
- <b>%s</b> This is replaced by the input key. <a href="http://www.faqs.org/rfcs/rfc2253.html">RFC 2253</a>
+ <b>%s</b> This is replaced by the input key. <a href="http://tools.ietf.org/html/rfc2253">RFC 2253</a>
quoting is used to make sure that the input
key does not add unexpected metacharacters.
<b>%u</b> When the input key is an address of the form
- user@domain, <b>%u</b> is replaced by the (<a href="http://www.faqs.org/rfcs/rfc2253.html">RFC</a>
- <a href="http://www.faqs.org/rfcs/rfc2253.html">2253</a>) quoted local part of the address.
+ user@domain, <b>%u</b> is replaced by the (<a href="http://tools.ietf.org/html/rfc2253">RFC</a>
+ <a href="http://tools.ietf.org/html/rfc2253">2253</a>) quoted local part of the address.
Otherwise, <b>%u</b> is replaced by the entire
search string. If the localpart is empty,
the search is suppressed and returns no
results.
<b>%d</b> When the input key is an address of the form
- user@domain, <b>%d</b> is replaced by the (<a href="http://www.faqs.org/rfcs/rfc2253.html">RFC</a>
- <a href="http://www.faqs.org/rfcs/rfc2253.html">2253</a>) quoted domain part of the address.
+ user@domain, <b>%d</b> is replaced by the (<a href="http://tools.ietf.org/html/rfc2253">RFC</a>
+ <a href="http://tools.ietf.org/html/rfc2253">2253</a>) quoted domain part of the address.
Otherwise, the search is suppressed and
returns no results.
returns no results.
<b>query_filter (default: mailacceptinggeneralid=%s)</b>
- The <a href="http://www.faqs.org/rfcs/rfc2254.html">RFC2254</a> filter used to search the directory,
+ The <a href="http://tools.ietf.org/html/rfc2254">RFC2254</a> filter used to search the directory,
where <b>%s</b> is a substitute for the address Postfix is
trying to resolve, e.g.
<b>%%</b> This is replaced by a literal '%' character.
(Postfix 2.2 and later).
- <b>%s</b> This is replaced by the input key. <a href="http://www.faqs.org/rfcs/rfc2254.html">RFC 2254</a>
+ <b>%s</b> This is replaced by the input key. <a href="http://tools.ietf.org/html/rfc2254">RFC 2254</a>
quoting is used to make sure that the input
key does not add unexpected metacharacters.
<b>%u</b> When the input key is an address of the form
- user@domain, <b>%u</b> is replaced by the (<a href="http://www.faqs.org/rfcs/rfc2254.html">RFC</a>
- <a href="http://www.faqs.org/rfcs/rfc2254.html">2254</a>) quoted local part of the address.
+ user@domain, <b>%u</b> is replaced by the (<a href="http://tools.ietf.org/html/rfc2254">RFC</a>
+ <a href="http://tools.ietf.org/html/rfc2254">2254</a>) quoted local part of the address.
Otherwise, <b>%u</b> is replaced by the entire
search string. If the localpart is empty,
the search is suppressed and returns no
results.
<b>%d</b> When the input key is an address of the form
- user@domain, <b>%d</b> is replaced by the (<a href="http://www.faqs.org/rfcs/rfc2254.html">RFC</a>
- <a href="http://www.faqs.org/rfcs/rfc2254.html">2254</a>) quoted domain part of the address.
+ user@domain, <b>%d</b> is replaced by the (<a href="http://tools.ietf.org/html/rfc2254">RFC</a>
+ <a href="http://tools.ietf.org/html/rfc2254">2254</a>) quoted domain part of the address.
Otherwise, the search is suppressed and
returns no results.
tory entries whose mailacceptinggeneralid attribute is
"ldapuser", read the "maildrop" attributes of those found,
and build a list of their maildrops, which will be treated
- as <a href="http://www.faqs.org/rfcs/rfc822.html">RFC822</a> addresses to which the message will be deliv-
+ as <a href="http://tools.ietf.org/html/rfc822">RFC822</a> addresses to which the message will be deliv-
ered.
<b>SEE ALSO</b>
low privilege.
<b>STANDARDS</b>
- <a href="http://www.faqs.org/rfcs/rfc821.html">RFC 821</a> (SMTP protocol)
- <a href="http://www.faqs.org/rfcs/rfc822.html">RFC 822</a> (ARPA Internet Text Messages)
- <a href="http://www.faqs.org/rfcs/rfc1651.html">RFC 1651</a> (SMTP service extensions)
- <a href="http://www.faqs.org/rfcs/rfc1652.html">RFC 1652</a> (8bit-MIME transport)
- <a href="http://www.faqs.org/rfcs/rfc1870.html">RFC 1870</a> (Message Size Declaration)
- <a href="http://www.faqs.org/rfcs/rfc2033.html">RFC 2033</a> (LMTP protocol)
- <a href="http://www.faqs.org/rfcs/rfc2034.html">RFC 2034</a> (SMTP Enhanced Error Codes)
- <a href="http://www.faqs.org/rfcs/rfc2045.html">RFC 2045</a> (MIME: Format of Internet Message Bodies)
- <a href="http://www.faqs.org/rfcs/rfc2046.html">RFC 2046</a> (MIME: Media Types)
- <a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a> (AUTH command)
- <a href="http://www.faqs.org/rfcs/rfc2821.html">RFC 2821</a> (SMTP protocol)
- <a href="http://www.faqs.org/rfcs/rfc2920.html">RFC 2920</a> (SMTP Pipelining)
- <a href="http://www.faqs.org/rfcs/rfc3207.html">RFC 3207</a> (STARTTLS command)
- <a href="http://www.faqs.org/rfcs/rfc3461.html">RFC 3461</a> (SMTP DSN Extension)
- <a href="http://www.faqs.org/rfcs/rfc3463.html">RFC 3463</a> (Enhanced Status Codes)
+ <a href="http://tools.ietf.org/html/rfc821">RFC 821</a> (SMTP protocol)
+ <a href="http://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
+ <a href="http://tools.ietf.org/html/rfc1651">RFC 1651</a> (SMTP service extensions)
+ <a href="http://tools.ietf.org/html/rfc1652">RFC 1652</a> (8bit-MIME transport)
+ <a href="http://tools.ietf.org/html/rfc1870">RFC 1870</a> (Message Size Declaration)
+ <a href="http://tools.ietf.org/html/rfc2033">RFC 2033</a> (LMTP protocol)
+ <a href="http://tools.ietf.org/html/rfc2034">RFC 2034</a> (SMTP Enhanced Error Codes)
+ <a href="http://tools.ietf.org/html/rfc2045">RFC 2045</a> (MIME: Format of Internet Message Bodies)
+ <a href="http://tools.ietf.org/html/rfc2046">RFC 2046</a> (MIME: Media Types)
+ <a href="http://tools.ietf.org/html/rfc2554">RFC 2554</a> (AUTH command)
+ <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a> (SMTP protocol)
+ <a href="http://tools.ietf.org/html/rfc2920">RFC 2920</a> (SMTP Pipelining)
+ <a href="http://tools.ietf.org/html/rfc3207">RFC 3207</a> (STARTTLS command)
+ <a href="http://tools.ietf.org/html/rfc3461">RFC 3461</a> (SMTP DSN Extension)
+ <a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced Status Codes)
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8). Cor-
<b><a href="postconf.5.html#smtp_quote_rfc821_envelope">smtp_quote_rfc821_envelope</a> (yes)</b>
Quote addresses in SMTP MAIL FROM and RCPT TO com-
- mands as required by <a href="http://www.faqs.org/rfcs/rfc821.html">RFC 821</a>.
+ mands as required by <a href="http://tools.ietf.org/html/rfc821">RFC 821</a>.
<b><a href="postconf.5.html#smtp_skip_5xx_greeting">smtp_skip_5xx_greeting</a> (yes)</b>
Skip SMTP servers that greet with a 5XX status code
will ignore in the LHLO response from a remote LMTP
server.
- Available in Postfix version 2.5 and later:
+ Available in Postfix version 2.4.4 and later:
<b><a href="postconf.5.html#send_cyrus_sasl_authzid">send_cyrus_sasl_authzid</a> (no)</b>
- When authenticating to a SASL server, with the
- default setting "no", send no authoriZation ID
- (authzid); send only the authentiCation ID (auth-
- cid) plus the authcid's password.
+ When authenticating to a remote SMTP or LMTP server
+ with the default setting "no", send no SASL autho-
+ riZation ID (authzid); send only the SASL authenti-
+ Cation ID (authcid) plus the authcid's password.
<b>MIME PROCESSING CONTROLS</b>
Available in Postfix version 2.0 and later:
ventions defined in <<b>sysexits.h</b>>. Exit status 0 means
normal successful completion.
- Postfix version 2.3 and later support <a href="http://www.faqs.org/rfcs/rfc3463.html">RFC 3463</a>-style
+ Postfix version 2.3 and later support <a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a>-style
enhanced status codes. If a command terminates with a
non-zero exit status, and the command output begins with
an enhanced status code, this status code takes precedence
the <b><a href="postconf.5.html#default_privs">default_privs</a></b> configuration parameter.
<b>STANDARDS</b>
- <a href="http://www.faqs.org/rfcs/rfc822.html">RFC 822</a> (ARPA Internet Text Messages)
- <a href="http://www.faqs.org/rfcs/rfc3463.html">RFC 3463</a> (Enhanced status codes)
+ <a href="http://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
+ <a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced status codes)
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8). Cor-
manager of the arrival of new mail one would request <b>I</b>.
<b>STANDARDS</b>
- <a href="http://www.faqs.org/rfcs/rfc3463.html">RFC 3463</a> (Enhanced status codes)
- <a href="http://www.faqs.org/rfcs/rfc3464.html">RFC 3464</a> (Delivery status notifications)
+ <a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced status codes)
+ <a href="http://tools.ietf.org/html/rfc3464">RFC 3464</a> (Delivery status notifications)
<b>SECURITY</b>
The <a href="qmgr.8.html"><b>oqmgr</b>(8)</a> daemon is not security sensitive. It reads
ters in the command-line <b>$sender</b> and <b>$recip-</b>
<b>ient</b> address localparts (text to the left of
the right-most <b>@</b> character), according to an
- 8-bit transparent version of <a href="http://www.faqs.org/rfcs/rfc822.html">RFC 822</a>. This
+ 8-bit transparent version of <a href="http://tools.ietf.org/html/rfc822">RFC 822</a>. This
is recommended for delivery via <b>UUCP</b> or
<b>BSMTP</b>.
<b>${sasl_sender</b>}
This macro expands to the SASL sender name
- (i.e. the original submitter as per <a href="http://www.faqs.org/rfcs/rfc2554.html">RFC</a>
- <a href="http://www.faqs.org/rfcs/rfc2554.html">2554</a>) used during the reception of the mes-
+ (i.e. the original submitter as per <a href="http://tools.ietf.org/html/rfc2554">RFC</a>
+ <a href="http://tools.ietf.org/html/rfc2554">2554</a>) used during the reception of the mes-
sage.
This is available in Postfix 2.2 and later.
for case folding.
<b>STANDARDS</b>
- <a href="http://www.faqs.org/rfcs/rfc3463.html">RFC 3463</a> (Enhanced status codes)
+ <a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced status codes)
<b>DIAGNOSTICS</b>
Command exit status codes are expected to follow the con-
ventions defined in <<b>sysexits.h</b>>. Exit status 0 means
normal successful completion.
- Postfix version 2.3 and later support <a href="http://www.faqs.org/rfcs/rfc3463.html">RFC 3463</a>-style
+ Postfix version 2.3 and later support <a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a>-style
enhanced status codes. If a command terminates with a
non-zero exit status, and the command output begins with
an enhanced status code, this status code takes precedence
becomes, for example, "postfix/smtpd".
<b>STANDARDS</b>
- <a href="http://www.faqs.org/rfcs/rfc822.html">RFC 822</a> (ARPA Internet Text Messages)
+ <a href="http://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
<b>SEE ALSO</b>
<a href="aliases.5.html">aliases(5)</a>, format of alias database input file.
</p>
<p>
-Do not change this unless you have a complete understanding of <a href="http://www.faqs.org/rfcs/rfc821.html">RFC 821</a>.
+Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc821">RFC 821</a>.
</p>
<p>
Enable inter-operability with SMTP clients that implement an obsolete
-version of the AUTH command (<a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a>). Examples of such clients
+version of the AUTH command (<a href="http://tools.ietf.org/html/rfc2554">RFC 2554</a>). Examples of such clients
are MicroSoft Outlook Express version 4 and MicroSoft Exchange
version 5.0.
</p>
<a href="postconf.5.html#maps_rbl_reject_code">maps_rbl_reject_code</a> configuration parameter. Note: The numerical
SMTP response code is required, and must appear at the start of the
reply. With Postfix version 2.3 and later this information may be followed
-by an <a href="http://www.faqs.org/rfcs/rfc3463.html">RFC 3463</a> enhanced status code. </dd>
+by an <a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> enhanced status code. </dd>
<dt><b>$rbl_domain</b></dt>
</p>
<p>
-Do not change this unless you have a complete understanding of <a href="http://www.faqs.org/rfcs/rfc821.html">RFC 821</a>.
+Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc821">RFC 821</a>.
</p>
<p> Note: you MUST stop and start Postfix after changing this
parameter. </p>
-<p> On systems that pre-date IPV6_V6ONLY support (<a href="http://www.faqs.org/rfcs/rfc3493.html">RFC 3493</a>), an
+<p> On systems that pre-date IPV6_V6ONLY support (<a href="http://tools.ietf.org/html/rfc3493">RFC 3493</a>), an
IPv6 server will also accept IPv4 connections, even when IPv4 is
turned off with the <a href="postconf.5.html#inet_protocols">inet_protocols</a> parameter. On systems with
IPV6_V6ONLY support, Postfix will use separate server sockets for
Postfix will to DNS type A record lookups, and will convert
IPv4-in-IPv6 client IP addresses (::ffff:1.2.3.4) to their original
IPv4 form (1.2.3.4). The latter is needed on hosts that pre-date
-IPV6_V6ONLY support (<a href="http://www.faqs.org/rfcs/rfc3493.html">RFC 3493</a>). </p>
+IPV6_V6ONLY support (<a href="http://tools.ietf.org/html/rfc3493">RFC 3493</a>). </p>
<p> When IPv6 support is enabled via the <a href="postconf.5.html#inet_protocols">inet_protocols</a> parameter,
Postfix will do DNS type AAAA record lookups. </p>
</p>
<p>
-Do not change this unless you have a complete understanding of <a href="http://www.faqs.org/rfcs/rfc821.html">RFC 821</a>.
+Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc821">RFC 821</a>.
</p>
<dt><b> <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a> </b></dt>
<dd> Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> when the
-client is successfully authenticated via the <a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a> (AUTH)
+client is successfully authenticated via the <a href="http://tools.ietf.org/html/rfc2554">RFC 2554</a> (AUTH)
protocol. </dd>
<dt><b> <a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a> </b></dt>
</p>
<p>
-Do not change this unless you have a complete understanding of <a href="http://www.faqs.org/rfcs/rfc821.html">RFC 821</a>.
+Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc821">RFC 821</a>.
</p>
</p>
<p>
-Do not change this unless you have a complete understanding of <a href="http://www.faqs.org/rfcs/rfc821.html">RFC 821</a>.
+Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc821">RFC 821</a>.
</p>
<p>
</p>
<p>
-Do not change this unless you have a complete understanding of <a href="http://www.faqs.org/rfcs/rfc821.html">RFC 821</a>.
+Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc821">RFC 821</a>.
</p>
</p>
<p>
-Do not change this unless you have a complete understanding of <a href="http://www.faqs.org/rfcs/rfc821.html">RFC 821</a>.
+Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc821">RFC 821</a>.
</p>
looking inside quotes. </p>
<p> By default, the Postfix address resolver does not quote the
-address localpart as per <a href="http://www.faqs.org/rfcs/rfc822.html">RFC 822</a>, so that additional @ or % or !
+address localpart as per <a href="http://tools.ietf.org/html/rfc822">RFC 822</a>, so that additional @ or % or !
operators remain visible. This behavior is safe but it is also
technically incorrect. </p>
<DT><b><a name="send_cyrus_sasl_authzid">send_cyrus_sasl_authzid</a>
(default: no)</b></DT><DD>
-<p> When authenticating to a SASL server, with the default setting
-"no", send no authoriZation ID (authzid); send only the authentiCation
-ID (authcid) plus the authcid's password. </p>
+<p> When authenticating to a remote SMTP or LMTP server with the
+default setting "no", send no SASL authoriZation ID (authzid); send
+only the SASL authentiCation ID (authcid) plus the authcid's password.
+</p>
<p> The non-default setting "yes" enables the behavior of older
-Postfix versions. These always send an authzid that is equal to
-the authcid, but this causes inter-operability problems with some
-SMTP servers. </p>
+Postfix versions. These always send a SASL authzid that is equal
+to the SASL authcid, but this causes inter-operability problems
+with some SMTP servers. </p>
-<p> This feature is available in Postfix 2.5 and later. </p>
+<p> This feature is available in Postfix 2.4.4 and later. </p>
</DD>
<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> option. </p>
<p> This option is useful only if you are definitely sure that you
-will only connect to servers that support <a href="http://www.faqs.org/rfcs/rfc2487.html">RFC 2487</a> _and_ that
+will only connect to servers that support <a href="http://tools.ietf.org/html/rfc2487">RFC 2487</a> _and_ that
provide valid server certificates. Typical use is for clients that
send all their email to a dedicated mailhub. </p>
<p>
Quote addresses in SMTP MAIL FROM and RCPT TO commands as required
-by <a href="http://www.faqs.org/rfcs/rfc821.html">RFC 821</a>. This includes putting quotes around an address localpart
+by <a href="http://tools.ietf.org/html/rfc821">RFC 821</a>. This includes putting quotes around an address localpart
that ends in ".".
</p>
<p>
-The default is to comply with <a href="http://www.faqs.org/rfcs/rfc821.html">RFC 821</a>. If you have to send mail to
+The default is to comply with <a href="http://tools.ietf.org/html/rfc821">RFC 821</a>. If you have to send mail to
a broken SMTP server, configure a special SMTP client in <a href="master.5.html">master.cf</a>:
</p>
<p> With mandatory TLS encryption, require that the remote SMTP
server hostname matches the information in the remote SMTP server
-certificate. As of <a href="http://www.faqs.org/rfcs/rfc2487.html">RFC 2487</a> the requirements for hostname checking
+certificate. As of <a href="http://tools.ietf.org/html/rfc2487">RFC 2487</a> the requirements for hostname checking
for MTA clients are not specified. </p>
<p> This option can be set to "no" to disable strict peer name
<dt><b><a name="permit_sasl_authenticated">permit_sasl_authenticated</a></b></dt>
<dd> Permit the request when the client is successfully
-authenticated via the <a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a> (AUTH) protocol. </dd>
+authenticated via the <a href="http://tools.ietf.org/html/rfc2554">RFC 2554</a> (AUTH) protocol. </dd>
<dt><b><a name="permit_tls_all_clientcerts">permit_tls_all_clientcerts</a></b></dt>
(default: no)</b></DT><DD>
<p> Mandatory TLS: announce STARTTLS support to SMTP clients,
-and require that clients use TLS encryption. According to <a href="http://www.faqs.org/rfcs/rfc2487.html">RFC 2487</a>
+and require that clients use TLS encryption. According to <a href="http://tools.ietf.org/html/rfc2487">RFC 2487</a>
this MUST NOT be applied in case of a publicly-referenced SMTP
server. This option is off by default and should be used only on
dedicated servers. </p>
<dt><b>encrypt</b></dt> <dd>Mandatory TLS encryption: announce
STARTTLS support to SMTP clients, and require that clients use TLS
-encryption. According to <a href="http://www.faqs.org/rfcs/rfc2487.html">RFC 2487</a> this MUST NOT be applied in case
+encryption. According to <a href="http://tools.ietf.org/html/rfc2487">RFC 2487</a> this MUST NOT be applied in case
of a publicly-referenced SMTP server. Instead, this option should
be used only on dedicated servers. </dd>
<p>
Require that addresses received in SMTP MAIL FROM and RCPT TO
commands are enclosed with <>, and that those addresses do
-not contain <a href="http://www.faqs.org/rfcs/rfc822.html">RFC 822</a> style comments or phrases. This stops mail
+not contain <a href="http://tools.ietf.org/html/rfc822">RFC 822</a> style comments or phrases. This stops mail
from poorly written software.
</p>
<p>
-By default, the Postfix SMTP server accepts <a href="http://www.faqs.org/rfcs/rfc822.html">RFC 822</a> syntax in MAIL
+By default, the Postfix SMTP server accepts <a href="http://tools.ietf.org/html/rfc822">RFC 822</a> syntax in MAIL
FROM and RCPT TO addresses.
</p>
</p>
<p>
-Do not change this unless you have a complete understanding of <a href="http://www.faqs.org/rfcs/rfc821.html">RFC 821</a>.
+Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc821">RFC 821</a>.
</p>
</p>
<p>
-Do not change this unless you have a complete understanding of <a href="http://www.faqs.org/rfcs/rfc821.html">RFC 821</a>.
+Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc821">RFC 821</a>.
</p>
</p>
<p>
-Do not change this unless you have a complete understanding of <a href="http://www.faqs.org/rfcs/rfc821.html">RFC 821</a>.
+Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc821">RFC 821</a>.
</p>
</p>
<p>
-Do not change this unless you have a complete understanding of <a href="http://www.faqs.org/rfcs/rfc821.html">RFC 821</a>.
+Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc821">RFC 821</a>.
</p>
<p>
</p>
<p>
-Do not change this unless you have a complete understanding of <a href="http://www.faqs.org/rfcs/rfc821.html">RFC 821</a>.
+Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc821">RFC 821</a>.
</p>
<p>
<b>-s</b> <i>site</i>
Schedule immediate delivery of all mail that is
queued for the named <i>site</i>. A numerical site must be
- specified as a valid <a href="http://www.faqs.org/rfcs/rfc2821.html">RFC 2821</a> address literal
+ specified as a valid <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a> address literal
enclosed in [], just like in email addresses. The
site must be eligible for the "fast flush" service.
See <a href="flush.8.html"><b>flush</b>(8)</a> for more information about the "fast
manager of the arrival of new mail one would request <b>I</b>.
<b>STANDARDS</b>
- <a href="http://www.faqs.org/rfcs/rfc3463.html">RFC 3463</a> (Enhanced status codes)
- <a href="http://www.faqs.org/rfcs/rfc3464.html">RFC 3464</a> (Delivery status notifications)
+ <a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced status codes)
+ <a href="http://tools.ietf.org/html/rfc3464">RFC 3464</a> (Delivery status notifications)
<b>SECURITY</b>
The <a href="qmgr.8.html"><b>qmgr</b>(8)</a> daemon is not security sensitive. It reads
per-message capture file name.
<i>time-stamp</i>
- A time stamp as defined in <a href="http://www.faqs.org/rfcs/rfc2822.html">RFC 2822</a>.
+ A time stamp as defined in <a href="http://tools.ietf.org/html/rfc2822">RFC 2822</a>.
<b>SEE ALSO</b>
<a href="smtp-source.1.html">smtp-source(1)</a>, SMTP/LMTP message generator
available when Postfix is built without IPv6 sup-
port.
- <b>-c</b> Display a running counter that is incremented each
+ <b>-A</b> Don't abort when the server sends something other
+ than the expected positive reply code.
+
+ <b>-c</b> Display a running counter that is incremented each
time an SMTP DATA command completes.
<b>-C</b> <i>count</i>
- When a host sends RESET instead of SYN|ACK, try
- <i>count</i> times before giving up. The default count is
+ When a host sends RESET instead of SYN|ACK, try
+ <i>count</i> times before giving up. The default count is
1. Specify a larger count in order to work around a
problem with TCP/IP stacks that send RESET when the
listen queue is full.
- <b>-d</b> Don't disconnect after sending a message; send the
+ <b>-d</b> Don't disconnect after sending a message; send the
next message over the same connection.
<b>-f</b> <i>from</i>
- Use the specified sender address (default:
+ Use the specified sender address (default:
<foo@<a href="postconf.5.html#myhostname">myhostname</a>>).
+ <b>-F</b> <i>file</i>
+ Send the pre-formatted message header and body in
+ the specified <i>file</i>, while prepending '.' before
+ lines that begin with '.', and while appending CRLF
+ after each line.
+
<b>-l</b> <i>length</i>
Send <i>length</i> bytes as message payload. The length
does not include message headers.
action (default: 1). Recipient names are generated
by prepending a number to the recipient address.
+ <b>-R</b> <i>interval</i>
+ Wait for a random period of time 0 <= n <= interval
+ between messages. Suspending one thread does not
+ affect other delivery threads.
+
<b>-s</b> <i>session</i><b>_</b><i>count</i>
Run the specified number of SMTP sessions in paral-
lel (default: 1).
<b>-t</b> <i>to</i> Use the specified recipient address (default:
<foo@<a href="postconf.5.html#myhostname">myhostname</a>>).
- <b>-R</b> <i>interval</i>
- Wait for a random period of time 0 <= n <= interval
- between messages. Suspending one thread does not
- affect other delivery threads.
-
<b>-v</b> Make the program more verbose, for debugging pur-
poses.
low privilege.
<b>STANDARDS</b>
- <a href="http://www.faqs.org/rfcs/rfc821.html">RFC 821</a> (SMTP protocol)
- <a href="http://www.faqs.org/rfcs/rfc822.html">RFC 822</a> (ARPA Internet Text Messages)
- <a href="http://www.faqs.org/rfcs/rfc1651.html">RFC 1651</a> (SMTP service extensions)
- <a href="http://www.faqs.org/rfcs/rfc1652.html">RFC 1652</a> (8bit-MIME transport)
- <a href="http://www.faqs.org/rfcs/rfc1870.html">RFC 1870</a> (Message Size Declaration)
- <a href="http://www.faqs.org/rfcs/rfc2033.html">RFC 2033</a> (LMTP protocol)
- <a href="http://www.faqs.org/rfcs/rfc2034.html">RFC 2034</a> (SMTP Enhanced Error Codes)
- <a href="http://www.faqs.org/rfcs/rfc2045.html">RFC 2045</a> (MIME: Format of Internet Message Bodies)
- <a href="http://www.faqs.org/rfcs/rfc2046.html">RFC 2046</a> (MIME: Media Types)
- <a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a> (AUTH command)
- <a href="http://www.faqs.org/rfcs/rfc2821.html">RFC 2821</a> (SMTP protocol)
- <a href="http://www.faqs.org/rfcs/rfc2920.html">RFC 2920</a> (SMTP Pipelining)
- <a href="http://www.faqs.org/rfcs/rfc3207.html">RFC 3207</a> (STARTTLS command)
- <a href="http://www.faqs.org/rfcs/rfc3461.html">RFC 3461</a> (SMTP DSN Extension)
- <a href="http://www.faqs.org/rfcs/rfc3463.html">RFC 3463</a> (Enhanced Status Codes)
+ <a href="http://tools.ietf.org/html/rfc821">RFC 821</a> (SMTP protocol)
+ <a href="http://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
+ <a href="http://tools.ietf.org/html/rfc1651">RFC 1651</a> (SMTP service extensions)
+ <a href="http://tools.ietf.org/html/rfc1652">RFC 1652</a> (8bit-MIME transport)
+ <a href="http://tools.ietf.org/html/rfc1870">RFC 1870</a> (Message Size Declaration)
+ <a href="http://tools.ietf.org/html/rfc2033">RFC 2033</a> (LMTP protocol)
+ <a href="http://tools.ietf.org/html/rfc2034">RFC 2034</a> (SMTP Enhanced Error Codes)
+ <a href="http://tools.ietf.org/html/rfc2045">RFC 2045</a> (MIME: Format of Internet Message Bodies)
+ <a href="http://tools.ietf.org/html/rfc2046">RFC 2046</a> (MIME: Media Types)
+ <a href="http://tools.ietf.org/html/rfc2554">RFC 2554</a> (AUTH command)
+ <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a> (SMTP protocol)
+ <a href="http://tools.ietf.org/html/rfc2920">RFC 2920</a> (SMTP Pipelining)
+ <a href="http://tools.ietf.org/html/rfc3207">RFC 3207</a> (STARTTLS command)
+ <a href="http://tools.ietf.org/html/rfc3461">RFC 3461</a> (SMTP DSN Extension)
+ <a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced Status Codes)
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8). Cor-
<b><a href="postconf.5.html#smtp_quote_rfc821_envelope">smtp_quote_rfc821_envelope</a> (yes)</b>
Quote addresses in SMTP MAIL FROM and RCPT TO com-
- mands as required by <a href="http://www.faqs.org/rfcs/rfc821.html">RFC 821</a>.
+ mands as required by <a href="http://tools.ietf.org/html/rfc821">RFC 821</a>.
<b><a href="postconf.5.html#smtp_skip_5xx_greeting">smtp_skip_5xx_greeting</a> (yes)</b>
Skip SMTP servers that greet with a 5XX status code
will ignore in the LHLO response from a remote LMTP
server.
- Available in Postfix version 2.5 and later:
+ Available in Postfix version 2.4.4 and later:
<b><a href="postconf.5.html#send_cyrus_sasl_authzid">send_cyrus_sasl_authzid</a> (no)</b>
- When authenticating to a SASL server, with the
- default setting "no", send no authoriZation ID
- (authzid); send only the authentiCation ID (auth-
- cid) plus the authcid's password.
+ When authenticating to a remote SMTP or LMTP server
+ with the default setting "no", send no SASL autho-
+ riZation ID (authzid); send only the SASL authenti-
+ Cation ID (authcid) plus the authcid's password.
<b>MIME PROCESSING CONTROLS</b>
Available in Postfix version 2.0 and later:
SMTP server can be run chrooted at fixed low privilege.
<b>STANDARDS</b>
- <a href="http://www.faqs.org/rfcs/rfc821.html">RFC 821</a> (SMTP protocol)
- <a href="http://www.faqs.org/rfcs/rfc1123.html">RFC 1123</a> (Host requirements)
- <a href="http://www.faqs.org/rfcs/rfc1652.html">RFC 1652</a> (8bit-MIME transport)
- <a href="http://www.faqs.org/rfcs/rfc1869.html">RFC 1869</a> (SMTP service extensions)
- <a href="http://www.faqs.org/rfcs/rfc1870.html">RFC 1870</a> (Message Size Declaration)
- <a href="http://www.faqs.org/rfcs/rfc1985.html">RFC 1985</a> (ETRN command)
- <a href="http://www.faqs.org/rfcs/rfc2034.html">RFC 2034</a> (SMTP Enhanced Error Codes)
- <a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a> (AUTH command)
- <a href="http://www.faqs.org/rfcs/rfc2821.html">RFC 2821</a> (SMTP protocol)
- <a href="http://www.faqs.org/rfcs/rfc2920.html">RFC 2920</a> (SMTP Pipelining)
- <a href="http://www.faqs.org/rfcs/rfc3207.html">RFC 3207</a> (STARTTLS command)
- <a href="http://www.faqs.org/rfcs/rfc3461.html">RFC 3461</a> (SMTP DSN Extension)
- <a href="http://www.faqs.org/rfcs/rfc3463.html">RFC 3463</a> (Enhanced Status Codes)
+ <a href="http://tools.ietf.org/html/rfc821">RFC 821</a> (SMTP protocol)
+ <a href="http://tools.ietf.org/html/rfc1123">RFC 1123</a> (Host requirements)
+ <a href="http://tools.ietf.org/html/rfc1652">RFC 1652</a> (8bit-MIME transport)
+ <a href="http://tools.ietf.org/html/rfc1869">RFC 1869</a> (SMTP service extensions)
+ <a href="http://tools.ietf.org/html/rfc1870">RFC 1870</a> (Message Size Declaration)
+ <a href="http://tools.ietf.org/html/rfc1985">RFC 1985</a> (ETRN command)
+ <a href="http://tools.ietf.org/html/rfc2034">RFC 2034</a> (SMTP Enhanced Error Codes)
+ <a href="http://tools.ietf.org/html/rfc2554">RFC 2554</a> (AUTH command)
+ <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a> (SMTP protocol)
+ <a href="http://tools.ietf.org/html/rfc2920">RFC 2920</a> (SMTP Pipelining)
+ <a href="http://tools.ietf.org/html/rfc3207">RFC 3207</a> (STARTTLS command)
+ <a href="http://tools.ietf.org/html/rfc3461">RFC 3461</a> (SMTP DSN Extension)
+ <a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced Status Codes)
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8).
<b><a href="postconf.5.html#broken_sasl_auth_clients">broken_sasl_auth_clients</a> (no)</b>
Enable inter-operability with SMTP clients that
implement an obsolete version of the AUTH command
- (<a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a>).
+ (<a href="http://tools.ietf.org/html/rfc2554">RFC 2554</a>).
<b><a href="postconf.5.html#disable_vrfy_command">disable_vrfy_command</a> (no)</b>
Disable the SMTP VRFY command.
<b><a href="postconf.5.html#strict_rfc821_envelopes">strict_rfc821_envelopes</a> (no)</b>
Require that addresses received in SMTP MAIL FROM
and RCPT TO commands are enclosed with <>, and that
- those addresses do not contain <a href="http://www.faqs.org/rfcs/rfc822.html">RFC 822</a> style com-
+ those addresses do not contain <a href="http://tools.ietf.org/html/rfc822">RFC 822</a> style com-
ments or phrases.
Available in Postfix version 2.1 and later:
feature.
<b>SASL AUTHENTICATION CONTROLS</b>
- Postfix SASL support (<a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a>) can be used to authenti-
+ Postfix SASL support (<a href="http://tools.ietf.org/html/rfc2554">RFC 2554</a>) can be used to authenti-
cate remote SMTP clients to the Postfix SMTP server, and
to authenticate the Postfix SMTP client to a remote SMTP
server. See the <a href="SASL_README.html">SASL_README</a> document for details.
<b><a href="postconf.5.html#broken_sasl_auth_clients">broken_sasl_auth_clients</a> (no)</b>
Enable inter-operability with SMTP clients that
implement an obsolete version of the AUTH command
- (<a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a>).
+ (<a href="http://tools.ietf.org/html/rfc2554">RFC 2554</a>).
<b><a href="postconf.5.html#smtpd_sasl_auth_enable">smtpd_sasl_auth_enable</a> (no)</b>
Enable SASL authentication in the Postfix SMTP
on retry logic in their own client.
<b>STANDARDS</b>
- <a href="http://www.faqs.org/rfcs/rfc822.html">RFC 822</a> (ARPA Internet Text Messages)
- <a href="http://www.faqs.org/rfcs/rfc2045.html">RFC 2045</a> (Format of Internet Message Bodies)
- <a href="http://www.faqs.org/rfcs/rfc2822.html">RFC 2822</a> (ARPA Internet Text Messages)
- <a href="http://www.faqs.org/rfcs/rfc3462.html">RFC 3462</a> (Delivery Status Notifications)
- <a href="http://www.faqs.org/rfcs/rfc3464.html">RFC 3464</a> (Delivery Status Notifications)
- <a href="http://www.faqs.org/rfcs/rfc3834.html">RFC 3834</a> (Auto-Submitted: message header)
+ <a href="http://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
+ <a href="http://tools.ietf.org/html/rfc2045">RFC 2045</a> (Format of Internet Message Bodies)
+ <a href="http://tools.ietf.org/html/rfc2822">RFC 2822</a> (ARPA Internet Text Messages)
+ <a href="http://tools.ietf.org/html/rfc3462">RFC 3462</a> (Delivery Status Notifications)
+ <a href="http://tools.ietf.org/html/rfc3464">RFC 3464</a> (Delivery Status Notifications)
+ <a href="http://tools.ietf.org/html/rfc3834">RFC 3834</a> (Auto-Submitted: message header)
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8).
virtual delivery agent will terminate with a fatal error.
<b>STANDARDS</b>
- <a href="http://www.faqs.org/rfcs/rfc822.html">RFC 822</a> (ARPA Internet Text Messages)
+ <a href="http://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
<b>DIAGNOSTICS</b>
Mail bounces when the recipient has no mailbox or when the
.IP \fB-6\fR
Connect to the server with IPv6. This option is not available when
Postfix is built without IPv6 support.
+.IP "\fB-A\fR"
+Don't abort when the server sends something other than the
+expected positive reply code.
.IP \fB-c\fR
Display a running counter that is incremented each time
an SMTP DATA command completes.
message over the same connection.
.IP "\fB-f \fIfrom\fR"
Use the specified sender address (default: <foo@myhostname>).
+.IP "\fB-F \fIfile\fR"
+Send the pre-formatted message header and body in the
+specified \fIfile\fR, while prepending '.' before lines that
+begin with '.', and while appending CRLF after each line.
.IP "\fB-l \fIlength\fR"
Send \fIlength\fR bytes as message payload. The length does not
include message headers.
Send the specified number of recipients per transaction (default: 1).
Recipient names are generated by prepending a number to the
recipient address.
+.IP "\fB-R \fIinterval\fR"
+Wait for a random period of time 0 <= n <= interval between messages.
+Suspending one thread does not affect other delivery threads.
.IP "\fB-s \fIsession_count\fR"
Run the specified number of SMTP sessions in parallel (default: 1).
.IP "\fB-S \fIsubject\fR"
Send mail with the named subject line (default: none).
.IP "\fB-t \fIto\fR"
Use the specified recipient address (default: <foo@myhostname>).
-.IP "\fB-R \fIinterval\fR"
-Wait for a random period of time 0 <= n <= interval between messages.
-Suspending one thread does not affect other delivery threads.
.IP \fB-v\fR
Make the program more verbose, for debugging purposes.
.IP "\fB-w \fIinterval\fR"
.SH sample_directory (default: /etc/postfix)
The name of the directory with example Postfix configuration files.
.SH send_cyrus_sasl_authzid (default: no)
-When authenticating to a SASL server, with the default setting
-"no", send no authoriZation ID (authzid); send only the authentiCation
-ID (authcid) plus the authcid's password.
+When authenticating to a remote SMTP or LMTP server with the
+default setting "no", send no SASL authoriZation ID (authzid); send
+only the SASL authentiCation ID (authcid) plus the authcid's password.
.PP
The non-default setting "yes" enables the behavior of older
-Postfix versions. These always send an authzid that is equal to
-the authcid, but this causes inter-operability problems with some
-SMTP servers.
+Postfix versions. These always send a SASL authzid that is equal
+to the SASL authcid, but this causes inter-operability problems
+with some SMTP servers.
.PP
-This feature is available in Postfix 2.5 and later.
+This feature is available in Postfix 2.4.4 and later.
.SH sender_based_routing (default: no)
This parameter should not be used. It was replaced by sender_dependent_relayhost_maps
in Postfix version 2.3.
auth, etc.) that the LMTP client will ignore in the LHLO response
from a remote LMTP server.
.PP
-Available in Postfix version 2.5 and later:
+Available in Postfix version 2.4.4 and later:
.IP "\fBsend_cyrus_sasl_authzid (no)\fR"
-When authenticating to a SASL server, with the default setting
-"no", send no authoriZation ID (authzid); send only the authentiCation
-ID (authcid) plus the authcid's password.
+When authenticating to a remote SMTP or LMTP server with the
+default setting "no", send no SASL authoriZation ID (authzid); send
+only the SASL authentiCation ID (authcid) plus the authcid's password.
.SH "MIME PROCESSING CONTROLS"
.na
.nf
s/(http:\/\/[^ ,"\(\)]*[^ ,"\(\):;!?.])/<a href="$1">$1<\/a>/;
s/(ftp:\/\/[^ ,"\(\)]*[^ ,"\(\):;!?.])/<a href="$1">$1<\/a>/;
- s/\bRFC\s*([1-9]\d*)/<a href="http:\/\/www.faqs.org\/rfcs\/rfc$1.html">$&<\/a>/;
+ s/\bRFC\s*([1-9]\d*)/<a href="http:\/\/tools.ietf.org\/html\/rfc$1">$&<\/a>/;
# Split README/RFC/parameter/restriction hyperlinks that span line breaks
<pre>
/etc/postfix/main.cf:
smtpd_recipient_restrictions =
- permit_mynetworks permit_sasl_authenticated ...
+ permit_mynetworks
+ permit_sasl_authenticated
+ reject_unauth_destination
</pre>
</blockquote>
250-ETRN
250-AUTH DIGEST-MD5 PLAIN CRAM-MD5
250 8BITMIME
-<b>AUTH PLAIN dGVzdAB0ZXN0AHRlc3RwYXNz</b>
+<b>AUTH PLAIN AHRlc3QAdGVzdHBhc3M=</b>
235 Authentication successful
</pre>
</blockquote>
-<p> Instead of dGVzdAB0ZXN0AHRlc3RwYXNz, specify the base64 encoded
-form of username\0username\0password (the \0 is a null byte). The
+<p> Instead of AHRlc3QAdGVzdHBhc3M=, specify the base64 encoded
+form of \0username\0password (the \0 is a null byte). The
example above is for a user named `test' with password `testpass'.
</p>
<blockquote>
<pre>
-% printf 'username\0username\0password' | mmencode
+% printf '\0username\0password' | mmencode
</pre>
</blockquote>
<blockquote>
<pre>
% perl -MMIME::Base64 -e \
- 'print encode_base64("username\0username\0password");'
+ 'print encode_base64("\0username\0password");'
</pre>
</blockquote>
%PARAM send_cyrus_sasl_authzid no
-<p> When authenticating to a SASL server, with the default setting
-"no", send no authoriZation ID (authzid); send only the authentiCation
-ID (authcid) plus the authcid's password. </p>
+<p> When authenticating to a remote SMTP or LMTP server with the
+default setting "no", send no SASL authoriZation ID (authzid); send
+only the SASL authentiCation ID (authcid) plus the authcid's password.
+</p>
<p> The non-default setting "yes" enables the behavior of older
-Postfix versions. These always send an authzid that is equal to
-the authcid, but this causes inter-operability problems with some
-SMTP servers. </p>
+Postfix versions. These always send a SASL authzid that is equal
+to the SASL authcid, but this causes inter-operability problems
+with some SMTP servers. </p>
-<p> This feature is available in Postfix 2.5 and later. </p>
+<p> This feature is available in Postfix 2.4.4 and later. </p>
* What problem classes should be reported to the postmaster via email.
* Default is bad problems only. See mail_error(3). Even when mail notices
* are disabled, problems are still logged to the syslog daemon.
+ *
+ * Do not add "protocol" to the default setting. It gives Postfix a bad
+ * reputation: people get mail whenever spam software makes a mistake.
*/
#define VAR_NOTIFY_CLASSES "notify_classes"
-#define DEF_NOTIFY_CLASSES "resource, software"
+#define DEF_NOTIFY_CLASSES "resource, software" /* Not: "protocol" */
extern char *var_notify_classes;
/*
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20070614"
+#define MAIL_RELEASE_DATE "20070720"
#define MAIL_VERSION_NUMBER "2.5"
#ifdef SNAPSHOT
#include <string.h>
#include <stdarg.h>
+#ifndef SHUT_RDWR
+#define SHUT_RDWR 2
+#endif
+
/* Sendmail 8 Milter protocol. */
#ifdef USE_LIBMILTER_INCLUDES
{
const char *reply;
+ /*
+ * While reading the following, keep in mind that a client-side Milter
+ * socket is shared between the Postfix SMTP server and the cleanup
+ * server. The SMTP server reports only the SMTP events to the Milter.
+ * The cleanup server reports the headers and body to the Milter, and
+ * receives the header or body modification requests from the Milter.
+ *
+ * XXX When the cleanup server closes its end of the Milter socket after
+ * some local/remote configuration error, the SMTP server is left out of
+ * sync with the Milter. Sending an ABORT to the Milters will not restore
+ * synchronization, because there may be any number of Milter replies
+ * already in flight. Workaround: poison the socket and force the SMTP
+ * server to abandon it.
+ */
if (milter->fp != 0) {
+ (void) shutdown(vstream_fileno(milter->fp), SHUT_RDWR);
(void) vstream_fclose(milter->fp);
milter->fp = 0;
}
{
const char *reply;
+ /*
+ * While reading the following, keep in mind that a client-side Milter
+ * socket is shared between the Postfix SMTP server and the cleanup
+ * server. The SMTP server reports only the SMTP events to the Milter.
+ * The cleanup server reports the headers and body to the Milter, and
+ * receives the header or body modification requests from the Milter.
+ *
+ * XXX When the cleanup server closes its end of the Milter socket after
+ * some local or remote remote protocol error, the SMTP server is left
+ * out of sync with the Milter. Sending an ABORT to the Milters will not
+ * restore synchronization, because there may be any number of Milter
+ * replies already in flight. Workaround: poison the socket and force the
+ * SMTP server to abandon it.
+ */
if (milter->fp != 0) {
+ (void) shutdown(vstream_fileno(milter->fp), SHUT_RDWR);
(void) vstream_fclose(milter->fp);
milter->fp = 0;
}
return (milter->state = MILTER8_STAT_ERROR);
}
-/* milter8_edit_error - local queue file update error */
-
-static void milter8_edit_error(MILTER8 *milter, const char *reply)
-{
-
- /*
- * Close the socket, so we don't have to skip pending replies from this
- * Milter instance.
- */
- if (milter->fp != 0) {
- (void) vstream_fclose(milter->fp);
- milter->fp = 0;
- }
-
- /*
- * Set the socket state to ERROR, so we don't try to send further MTA
- * events to this Milter instance.
- */
- milter8_def_reply(milter, reply);
- milter->state = MILTER8_STAT_ERROR;
-}
-
/* milter8_close_stream - close stream to milter application */
static void milter8_close_stream(MILTER8 *milter)
const char *retval = 0;
VSTRING *body_line_buf = 0;
int done = 0;
+ int body_edit_lockout = 0;
#define DONT_SKIP_REPLY 0
* processing.
*
* XXX Bound the loop iteration count.
+ *
+ * While reading the following, keep in mind that a client-side Milter
+ * socket is shared between the Postfix SMTP server and the cleanup
+ * server. The SMTP server reports only the SMTP events to the Milter.
+ * The cleanup server reports the headers and body to the Milter, and
+ * receives the header or body modification requests from the Milter.
+ *
+ * In the end-of-body stage, the Milter may reply with one or more queue
+ * file edit requests before it replies with its final decision: accept,
+ * reject, etc. After a local queue file edit error, do not close the
+ * Milter socket in the cleanup server. Instead skip all further Milter
+ * replies until the final decision. This way the Postfix SMTP server
+ * stays in sync with the Milter, and Postfix doesn't have to lose the
+ * ability to handle multiple deliveries within the same SMTP session.
+ * This requires that the Postfix SMTP server uses something other than
+ * CLEANUP_STAT_WRITE when it loses contact with the cleanup server.
*/
#define IN_CONNECT_EVENT(e) ((e) == SMFIC_CONNECT || (e) == SMFIC_HELO)
/*
* Handle unfinished message body replacement first.
+ *
+ * XXX When SMFIR_REPLBODY is followed by some different request, we
+ * assume that the body replacement operation is complete. The queue
+ * file editing implementation currently does not support sending
+ * part 1 of the body replacement text, doing some other queue file
+ * updates, and then sending part 2 of the body replacement text. To
+ * avoid loss of data, we log an error when SMFIR_REPLBODY requests
+ * are alternated with other requests.
*/
if (body_line_buf != 0 && cmd != SMFIR_REPLBODY) {
/* In case the last body replacement line didn't end in CRLF. */
- if (LEN(body_line_buf) > 0)
+ if (edit_resp == 0 && LEN(body_line_buf) > 0)
edit_resp = parent->repl_body(parent->chg_context,
MILTER_BODY_LINE,
body_line_buf);
edit_resp = parent->repl_body(parent->chg_context,
MILTER_BODY_END,
(VSTRING *) 0);
- if (edit_resp) {
- milter8_edit_error(milter, edit_resp);
- MILTER8_EVENT_BREAK(milter->def_reply);
- }
+ body_edit_lockout = 1;
vstring_free(body_line_buf);
body_line_buf = 0;
}
if (IN_CONNECT_EVENT(event)) {
msg_warn("milter %s: DISCARD action is not allowed "
"for connect or helo", milter->m.name);
- milter8_conf_error(milter);
MILTER8_EVENT_BREAK(milter->def_reply);
} else {
/* No more events for this message. */
MILTER8_DATA_STRING, milter->body,
MILTER8_DATA_END) != 0)
MILTER8_EVENT_BREAK(milter->def_reply);
+ /* Skip to the next request after previous edit error. */
+ if (edit_resp)
+ continue;
/* XXX Sendmail 8 compatibility. */
if (index == 0)
index = 1;
edit_resp = parent->del_header(parent->chg_context,
(ssize_t) index,
STR(milter->buf));
- if (edit_resp) {
- milter8_edit_error(milter, edit_resp);
- MILTER8_EVENT_BREAK(milter->def_reply);
- }
continue;
#endif
MILTER8_DATA_STRING, milter->body,
MILTER8_DATA_END) != 0)
MILTER8_EVENT_BREAK(milter->def_reply);
+ /* Skip to the next request after previous edit error. */
+ if (edit_resp)
+ continue;
edit_resp = parent->add_header(parent->chg_context,
STR(milter->buf),
STR(milter->body));
- if (edit_resp) {
- milter8_edit_error(milter, edit_resp);
- MILTER8_EVENT_BREAK(milter->def_reply);
- }
continue;
/*
MILTER8_DATA_STRING, milter->body,
MILTER8_DATA_END) != 0)
MILTER8_EVENT_BREAK(milter->def_reply);
+ /* Skip to the next request after previous edit error. */
+ if (edit_resp)
+ continue;
if ((ssize_t) index + 1 < 1) {
msg_warn("milter %s: bad insert header index: %ld",
milter->m.name, (long) index);
(ssize_t) index + 1,
STR(milter->buf),
STR(milter->body));
- if (edit_resp) {
- milter8_edit_error(milter, edit_resp);
- MILTER8_EVENT_BREAK(milter->def_reply);
- }
continue;
#endif
MILTER8_DATA_STRING, milter->buf,
MILTER8_DATA_END) != 0)
MILTER8_EVENT_BREAK(milter->def_reply);
+ /* Skip to the next request after previous edit error. */
+ if (edit_resp)
+ continue;
edit_resp = parent->add_rcpt(parent->chg_context,
STR(milter->buf));
- if (edit_resp) {
- milter8_edit_error(milter, edit_resp);
- MILTER8_EVENT_BREAK(milter->def_reply);
- }
continue;
/*
MILTER8_DATA_STRING, milter->buf,
MILTER8_DATA_END) != 0)
MILTER8_EVENT_BREAK(milter->def_reply);
+ /* Skip to the next request after previous edit error. */
+ if (edit_resp)
+ continue;
edit_resp = parent->del_rcpt(parent->chg_context,
STR(milter->buf));
- if (edit_resp) {
- milter8_edit_error(milter, edit_resp);
- MILTER8_EVENT_BREAK(milter->def_reply);
- }
continue;
/*
* update the message size.
*/
case SMFIR_REPLBODY:
+ if (body_edit_lockout) {
+ msg_warn("milter %s: body replacement requests can't "
+ "currently be mixed with other requests",
+ milter->m.name);
+ milter8_conf_error(milter);
+ MILTER8_EVENT_BREAK(milter->def_reply);
+ }
if (milter8_read_data(milter, data_size,
MILTER8_DATA_BUFFER, milter->body,
MILTER8_DATA_END) != 0)
MILTER8_EVENT_BREAK(milter->def_reply);
+ /* Skip to the next request after previous edit error. */
+ if (edit_resp)
+ continue;
/* Start body replacement. */
if (body_line_buf == 0) {
body_line_buf = vstring_alloc(var_line_limit);
VSTRING_ADDCH(body_line_buf, ch);
}
}
- if (edit_resp) {
- milter8_edit_error(milter, edit_resp);
- MILTER8_EVENT_BREAK(milter->def_reply);
- }
continue;
}
}
if (body_line_buf)
vstring_free(body_line_buf);
+ /*
+ * XXX Some cleanup clients ask the cleanup server to bounce mail for
+ * them. In that case we must override a hard reject retval result after
+ * queue file update failure. This is not a big problem; the odds are
+ * small that a Milter application sends a hard reject after replacing
+ * the message body.
+ */
+ if (edit_resp && (retval == 0 || strchr("DS4", retval[0]) == 0))
+ retval = edit_resp;
return (retval);
}
# Reject with text
-./test-milter -C 1 -a "554 5.7.1 1% 2%% 3%%%" -c connect -p inet:9999@127.0.0.1
-./test-milter -C 1 -a "554 5.7.1 1% 2%% 3%%%" -c helo -p inet:9999@127.0.0.1
-./test-milter -C 1 -a "554 5.7.1 1% 2%% 3%%%" -c mail -p inet:9999@127.0.0.1
-./test-milter -C 1 -a "554 5.7.1 1% 2%% 3%%%" -c rcpt -p inet:9999@127.0.0.1
-./test-milter -C 1 -a "554 5.7.1 1% 2%% 3%%%" -c header -p inet:9999@127.0.0.1
-./test-milter -C 1 -a "554 5.7.1 1% 2%% 3%%%" -c eoh -p inet:9999@127.0.0.1
-./test-milter -C 1 -a "554 5.7.1 1% 2%% 3%%%" -c body -p inet:9999@127.0.0.1
-./test-milter -C 1 -a "554 5.7.1 1% 2%% 3%%%" -c eom -p inet:9999@127.0.0.1
+./test-milter -C 1 -a "554 5.7.1 1% 2%% 3%%%" -c connect -p inet:9999@0.0.0.0
+./test-milter -C 1 -a "554 5.7.1 1% 2%% 3%%%" -c helo -p inet:9999@0.0.0.0
+./test-milter -C 1 -a "554 5.7.1 1% 2%% 3%%%" -c mail -p inet:9999@0.0.0.0
+./test-milter -C 1 -a "554 5.7.1 1% 2%% 3%%%" -c rcpt -p inet:9999@0.0.0.0
+./test-milter -C 1 -a "554 5.7.1 1% 2%% 3%%%" -c header -p inet:9999@0.0.0.0
+./test-milter -C 1 -a "554 5.7.1 1% 2%% 3%%%" -c eoh -p inet:9999@0.0.0.0
+./test-milter -C 1 -a "554 5.7.1 1% 2%% 3%%%" -c body -p inet:9999@0.0.0.0
+./test-milter -C 1 -a "554 5.7.1 1% 2%% 3%%%" -c eom -p inet:9999@0.0.0.0
# Tempfail tests
-./test-milter -C 1 -a tempfail -c connect -p inet:9999@127.0.0.1
-./test-milter -C 1 -a tempfail -c helo -p inet:9999@127.0.0.1
-./test-milter -C 1 -a tempfail -c mail -p inet:9999@127.0.0.1
-./test-milter -C 1 -a tempfail -c rcpt -p inet:9999@127.0.0.1
-./test-milter -C 1 -a tempfail -c header -p inet:9999@127.0.0.1
-./test-milter -C 1 -a tempfail -c eoh -p inet:9999@127.0.0.1
-./test-milter -C 1 -a tempfail -c body -p inet:9999@127.0.0.1
-./test-milter -C 1 -a tempfail -c eom -p inet:9999@127.0.0.1
+./test-milter -C 1 -a tempfail -c connect -p inet:9999@0.0.0.0
+./test-milter -C 1 -a tempfail -c helo -p inet:9999@0.0.0.0
+./test-milter -C 1 -a tempfail -c mail -p inet:9999@0.0.0.0
+./test-milter -C 1 -a tempfail -c rcpt -p inet:9999@0.0.0.0
+./test-milter -C 1 -a tempfail -c header -p inet:9999@0.0.0.0
+./test-milter -C 1 -a tempfail -c eoh -p inet:9999@0.0.0.0
+./test-milter -C 1 -a tempfail -c body -p inet:9999@0.0.0.0
+./test-milter -C 1 -a tempfail -c eom -p inet:9999@0.0.0.0
# Reject tests
-./test-milter -C 1 -a reject -c connect -p inet:9999@127.0.0.1
-./test-milter -C 1 -a reject -c helo -p inet:9999@127.0.0.1
-./test-milter -C 1 -a reject -c mail -p inet:9999@127.0.0.1
-./test-milter -C 1 -a reject -c rcpt -p inet:9999@127.0.0.1
-./test-milter -C 1 -a reject -c header -p inet:9999@127.0.0.1
-./test-milter -C 1 -a reject -c eoh -p inet:9999@127.0.0.1
-./test-milter -C 1 -a reject -c body -p inet:9999@127.0.0.1
-./test-milter -C 1 -a reject -c eom -p inet:9999@127.0.0.1
+./test-milter -C 1 -a reject -c connect -p inet:9999@0.0.0.0
+./test-milter -C 1 -a reject -c helo -p inet:9999@0.0.0.0
+./test-milter -C 1 -a reject -c mail -p inet:9999@0.0.0.0
+./test-milter -C 1 -a reject -c rcpt -p inet:9999@0.0.0.0
+./test-milter -C 1 -a reject -c header -p inet:9999@0.0.0.0
+./test-milter -C 1 -a reject -c eoh -p inet:9999@0.0.0.0
+./test-milter -C 1 -a reject -c body -p inet:9999@0.0.0.0
+./test-milter -C 1 -a reject -c eom -p inet:9999@0.0.0.0
# Accept tests
-./test-milter -C 1 -a accept -c connect -p inet:9999@127.0.0.1
-./test-milter -C 1 -a accept -c helo -p inet:9999@127.0.0.1
-./test-milter -C 1 -a accept -c rcpt -p inet:9999@127.0.0.1
-./test-milter -C 1 -a accept -c mail -p inet:9999@127.0.0.1
-./test-milter -C 1 -a accept -c header -p inet:9999@127.0.0.1
-./test-milter -C 1 -a accept -c eoh -p inet:9999@127.0.0.1
-./test-milter -C 1 -a accept -c body -p inet:9999@127.0.0.1
-./test-milter -C 1 -a accept -c eom -p inet:9999@127.0.0.1
+./test-milter -C 1 -a accept -c connect -p inet:9999@0.0.0.0
+./test-milter -C 1 -a accept -c helo -p inet:9999@0.0.0.0
+./test-milter -C 1 -a accept -c rcpt -p inet:9999@0.0.0.0
+./test-milter -C 1 -a accept -c mail -p inet:9999@0.0.0.0
+./test-milter -C 1 -a accept -c header -p inet:9999@0.0.0.0
+./test-milter -C 1 -a accept -c eoh -p inet:9999@0.0.0.0
+./test-milter -C 1 -a accept -c body -p inet:9999@0.0.0.0
+./test-milter -C 1 -a accept -c eom -p inet:9999@0.0.0.0
# discard tests
-./test-milter -C 1 -a discard -c connect -p inet:9999@127.0.0.1
-./test-milter -C 1 -a discard -c helo -p inet:9999@127.0.0.1
-./test-milter -C 1 -a discard -c rcpt -p inet:9999@127.0.0.1
-./test-milter -C 1 -a discard -c mail -p inet:9999@127.0.0.1
-./test-milter -C 1 -a discard -c header -p inet:9999@127.0.0.1
-./test-milter -C 1 -a discard -c eoh -p inet:9999@127.0.0.1
-./test-milter -C 1 -a discard -c body -p inet:9999@127.0.0.1
-./test-milter -C 1 -a discard -c eom -p inet:9999@127.0.0.1
+./test-milter -C 1 -a discard -c connect -p inet:9999@0.0.0.0
+./test-milter -C 1 -a discard -c helo -p inet:9999@0.0.0.0
+./test-milter -C 1 -a discard -c rcpt -p inet:9999@0.0.0.0
+./test-milter -C 1 -a discard -c mail -p inet:9999@0.0.0.0
+./test-milter -C 1 -a discard -c header -p inet:9999@0.0.0.0
+./test-milter -C 1 -a discard -c eoh -p inet:9999@0.0.0.0
+./test-milter -C 1 -a discard -c body -p inet:9999@0.0.0.0
+./test-milter -C 1 -a discard -c eom -p inet:9999@0.0.0.0
/* auth, etc.) that the LMTP client will ignore in the LHLO response
/* from a remote LMTP server.
/* .PP
-/* Available in Postfix version 2.5 and later:
+/* Available in Postfix version 2.4.4 and later:
/* .IP "\fBsend_cyrus_sasl_authzid (no)\fR"
-/* When authenticating to a SASL server, with the default setting
-/* "no", send no authoriZation ID (authzid); send only the authentiCation
-/* ID (authcid) plus the authcid's password.
+/* When authenticating to a remote SMTP or LMTP server with the
+/* default setting "no", send no SASL authoriZation ID (authzid); send
+/* only the SASL authentiCation ID (authcid) plus the authcid's password.
/* MIME PROCESSING CONTROLS
/* .ad
/* .fi
* Check the queue file space, if applicable.
*/
if (!USE_SMTPD_PROXY(state)) {
- if ((err = smtpd_check_queue(state)) != 0) {
+ if (SMTPD_STAND_ALONE(state) == 0
+ && (err = smtpd_check_queue(state)) != 0) {
/* XXX Reset access map side effects. */
mail_reset(state);
smtpd_chat_reply(state, "%s", err);
state->cleanup = 0;
}
+ /*
+ * XXX If we lost the cleanup server, the Postfix SMTP server will be out
+ * of sync with Milter applications. Sending an ABORT to the Milters is
+ * not sufficient to restore synchronization, because there may be any
+ * number of Milter replies already in flight. Destroying and recreating
+ * the Milters (and faking the connect and ehlo events) is too much
+ * trouble for testing and maintenance. Workaround: force the Postfix
+ * SMTP server to hang up with a 421 response in the rare case that the
+ * cleanup server breaks AND that the remote SMTP client continues the
+ * session after end-of-data.
+ *
+ * XXX Should use something other than CLEANUP_STAT_WRITE when we lose
+ * contact with the cleanup server. This requires internal changes to the
+ * mail_stream module; these may affect other mail_stream_service() users
+ * (qmqpd, sendmail, ...).
+ */
+ if (smtpd_milters != 0 && (state->err & CLEANUP_STAT_WRITE) != 0)
+ state->access_denied = mystrdup("421 4.3.0 Mail system error");
+
/*
* Handle any errors. One message may suffer from multiple errors, so
* complain only about the most severe error. Forgive any previous client
xclient_hosts = namadr_list_init(MATCH_FLAG_NONE, var_xclient_hosts);
xforward_hosts = namadr_list_init(MATCH_FLAG_NONE, var_xforward_hosts);
hogger_list = namadr_list_init(MATCH_FLAG_NONE, var_smtpd_hoggers);
+
+ /*
+ * Open maps before dropping privileges so we can read passwords etc.
+ *
+ * XXX We should not do this in stand-alone (sendmail -bs) mode, but we
+ * can't use SMTPD_STAND_ALONE(state) here. This means "sendmail -bs"
+ * will try to connect to proxymap when invoked by root for mail
+ * submission. To fix, we would have to pass stand-alone mode information
+ * via different means. For now we have to tell people not to run mail
+ * clients as root.
+ */
if (getuid() == 0 || getuid() == var_owner_uid)
smtpd_check_init();
debug_peer_init();
/* .IP \fB-6\fR
/* Connect to the server with IPv6. This option is not available when
/* Postfix is built without IPv6 support.
+/* .IP "\fB-A\fR"
+/* Don't abort when the server sends something other than the
+/* expected positive reply code.
/* .IP \fB-c\fR
/* Display a running counter that is incremented each time
/* an SMTP DATA command completes.
/* message over the same connection.
/* .IP "\fB-f \fIfrom\fR"
/* Use the specified sender address (default: <foo@myhostname>).
+/* .IP "\fB-F \fIfile\fR"
+/* Send the pre-formatted message header and body in the
+/* specified \fIfile\fR, while prepending '.' before lines that
+/* begin with '.', and while appending CRLF after each line.
/* .IP "\fB-l \fIlength\fR"
/* Send \fIlength\fR bytes as message payload. The length does not
/* include message headers.
/* Send the specified number of recipients per transaction (default: 1).
/* Recipient names are generated by prepending a number to the
/* recipient address.
+/* .IP "\fB-R \fIinterval\fR"
+/* Wait for a random period of time 0 <= n <= interval between messages.
+/* Suspending one thread does not affect other delivery threads.
/* .IP "\fB-s \fIsession_count\fR"
/* Run the specified number of SMTP sessions in parallel (default: 1).
/* .IP "\fB-S \fIsubject\fR"
/* Send mail with the named subject line (default: none).
/* .IP "\fB-t \fIto\fR"
/* Use the specified recipient address (default: <foo@myhostname>).
-/* .IP "\fB-R \fIinterval\fR"
-/* Wait for a random period of time 0 <= n <= interval between messages.
-/* Suspending one thread does not affect other delivery threads.
/* .IP \fB-v\fR
/* Make the program more verbose, for debugging purposes.
/* .IP "\fB-w \fIinterval\fR"
int xfer_count; /* # of xfers in session */
int rcpt_done; /* # of recipients done */
int rcpt_count; /* # of recipients to go */
+ int rcpt_accepted; /* # of recipients accepted */
VSTREAM *stream; /* open connection */
int connect_count; /* # of connect()s to retry */
struct SESSION *next; /* connect() queue linkage */
static int talk_lmtp = 0;
static char *subject = 0;
static int number_rcpts = 0;
+static int allow_reject = 0;
static void enqueue_connect(SESSION *);
static void start_connect(SESSION *);
static void send_data(int, char *);
static void data_done(int, char *);
static void dot_done(int, char *);
+static void send_rset(int, char *);
+static void rset_done(int, char *);
static void send_quit(SESSION *);
static void quit_done(int, char *);
/*
* Read and parse the server's SMTP greeting banner.
*/
- if (((resp = response(session->stream, buffer))->code / 100) != 2)
- msg_fatal("bad startup: %d %s", resp->code, resp->str);
+ if (((resp = response(session->stream, buffer))->code / 100) == 2) {
+ /* void */ ;
+ } else if (allow_reject) {
+ msg_warn("rejected at server banner: %d %s", resp->code, resp->str);
+ } else {
+ msg_fatal("rejected at server banner: %d %s", resp->code, resp->str);
+ }
/*
* Send helo or send the envelope sender address.
if ((except = vstream_setjmp(session->stream)) != 0)
msg_fatal("%s while sending %s", exception_text(except), protocol);
- if ((resp = response(session->stream, buffer))->code / 100 != 2)
+ if ((resp = response(session->stream, buffer))->code / 100 == 2) {
+ /* void */ ;
+ } else if (allow_reject) {
+ msg_warn("%s rejected: %d %s", protocol, resp->code, resp->str);
+ } else {
msg_fatal("%s rejected: %d %s", protocol, resp->code, resp->str);
+ }
send_mail(session);
}
if ((except = vstream_setjmp(session->stream)) != 0)
msg_fatal("%s while sending sender", exception_text(except));
- if ((resp = response(session->stream, buffer))->code / 100 != 2)
+ if ((resp = response(session->stream, buffer))->code / 100 == 2) {
+ session->rcpt_count = recipients;
+ session->rcpt_done = 0;
+ session->rcpt_accepted = 0;
+ send_rcpt(unused, context);
+ } else if (allow_reject) {
+ msg_warn("sender rejected: %d %s", resp->code, resp->str);
+ send_rset(unused, context);
+ } else {
msg_fatal("sender rejected: %d %s", resp->code, resp->str);
-
- session->rcpt_count = recipients;
- session->rcpt_done = 0;
- send_rcpt(unused, context);
+ }
}
/* send_rcpt - send recipient address */
if ((except = vstream_setjmp(session->stream)) != 0)
msg_fatal("%s while sending recipient", exception_text(except));
- if ((resp = response(session->stream, buffer))->code / 100 != 2)
+ if ((resp = response(session->stream, buffer))->code / 100 == 2) {
+ session->rcpt_accepted++;
+ } else if (allow_reject) {
+ msg_warn("recipient rejected: %d %s", resp->code, resp->str);
+ } else {
msg_fatal("recipient rejected: %d %s", resp->code, resp->str);
+ }
/*
* Send another RCPT command or send DATA.
*/
if (session->rcpt_count > 0)
send_rcpt(unused, context);
- else
+ else if (session->rcpt_accepted > 0)
send_data(unused, context);
+ else
+ send_rset(unused, context);
}
/* send_data - send DATA command */
/* data_done - send message content */
-static void data_done(int unused_event, char *context)
+static void data_done(int unused, char *context)
{
SESSION *session = (SESSION *) context;
RESPONSE *resp;
*/
if ((except = vstream_setjmp(session->stream)) != 0)
msg_fatal("%s while sending DATA command", exception_text(except));
- if ((resp = response(session->stream, buffer))->code != 354)
- msg_fatal("data %d %s", resp->code, resp->str);
+ if ((resp = response(session->stream, buffer))->code == 354) {
+ /* see below */ ;
+ } else if (allow_reject) {
+ msg_warn("data rejected: %d %s", resp->code, resp->str);
+ send_rset(unused, context);
+ return;
+ } else {
+ msg_fatal("data rejected: %d %s", resp->code, resp->str);
+ }
/*
* Send basic header to keep mailers that bother to examine them happy.
event_enable_read(vstream_fileno(session->stream), dot_done, (char *) session);
}
-/* dot_done - send QUIT */
+/* dot_done - send QUIT or start another transaction */
static void dot_done(int unused_event, char *context)
{
if ((except = vstream_setjmp(session->stream)) != 0)
msg_fatal("%s while sending message", exception_text(except));
do { /* XXX this could block */
- if ((resp = response(session->stream, buffer))->code / 100 != 2)
- msg_fatal("data %d %s", resp->code, resp->str);
+ if ((resp = response(session->stream, buffer))->code / 100 == 2) {
+ /* void */ ;
+ } else if (allow_reject) {
+ msg_warn("end of data rejected: %d %s", resp->code, resp->str);
+ } else {
+ msg_fatal("end of data rejected: %d %s", resp->code, resp->str);
+ }
} while (talk_lmtp && --session->rcpt_done > 0);
session->xfer_count++;
}
}
+/* send_rset - send RSET command */
+
+static void send_rset(int unused_event, char *context)
+{
+ SESSION *session = (SESSION *) context;
+
+ command(session->stream, "RSET");
+ event_enable_read(vstream_fileno(session->stream), rset_done, (char *) session);
+}
+
+/* rset_done - handle RSET reply */
+
+static void rset_done(int unused_event, char *context)
+{
+ SESSION *session = (SESSION *) context;
+ RESPONSE *resp;
+ int except;
+
+ /*
+ * Get response to RSET command.
+ */
+ if ((except = vstream_setjmp(session->stream)) != 0)
+ msg_fatal("%s while sending message", exception_text(except));
+ if ((resp = response(session->stream, buffer))->code / 100 == 2) {
+ /* void */
+ } else if (allow_reject) {
+ msg_warn("rset rejected: %d %s", resp->code, resp->str);
+ } else {
+ msg_fatal("rset rejected: %d %s", resp->code, resp->str);
+ }
+
+ /*
+ * Say goodbye or send the next message.
+ */
+ if (disconnect || message_count < 1) {
+ send_quit(session);
+ } else {
+ event_disable_readwrite(vstream_fileno(session->stream));
+ start_another(session);
+ }
+}
+
/* send_quit - send QUIT command */
static void send_quit(SESSION *session)
int aierr;
const char *protocols = INET_PROTO_NAME_ALL;
INET_PROTO_INFO *proto_info;
+ char *message_file = 0;
/*
* Fingerprint executables and core dumps.
/*
* Parse JCL.
*/
- while ((ch = GETOPT(argc, argv, "46cC:df:l:Lm:M:Nor:R:s:S:t:vw:")) > 0) {
+ while ((ch = GETOPT(argc, argv, "46AcC:df:F:l:Lm:M:Nor:R:s:S:t:vw:")) > 0) {
switch (ch) {
case '4':
protocols = INET_PROTO_NAME_IPV4;
case '6':
protocols = INET_PROTO_NAME_IPV6;
break;
+ case 'A':
+ allow_reject = 1;
+ break;
case 'c':
count++;
break;
case 'f':
sender = optarg;
break;
+ case 'F':
+ if (message_file == 0 && message_length > 0)
+ msg_fatal("-l option cannot be used with -F");
+ message_file = optarg;
+ break;
case 'l':
+ if (message_file != 0)
+ msg_fatal("-l option cannot be used with -F");
if ((message_length = atoi(optarg)) <= 0)
msg_fatal("bad message length: %s", optarg);
- message_data = mymalloc(message_length);
- memset(message_data, 'X', message_length);
- for (i = 80; i < message_length; i += 80) {
- message_data[i - 80] = "0123456789"[(i / 80) % 10];
- message_data[i - 2] = '\r';
- message_data[i - 1] = '\n';
- }
break;
case 'L':
talk_lmtp = 1;
if (random_delay > 0)
srand(getpid());
+ /*
+ * Initialize the message content, SMTP encoded. smtp_fputs() will append
+ * another \r\n but we don't care.
+ */
+ if (message_file != 0) {
+ VSTREAM *fp;
+ VSTRING *buf = vstring_alloc(100);
+ VSTRING *msg = vstring_alloc(100);
+
+ if ((fp = vstream_fopen(message_file, O_RDONLY, 0)) == 0)
+ msg_fatal("open %s: %m", message_file);
+ while (vstring_get_nonl(buf, fp) != VSTREAM_EOF) {
+ if (*vstring_str(buf) == '.')
+ VSTRING_ADDCH(msg, '.');
+ vstring_memcat(msg, vstring_str(buf), VSTRING_LEN(buf));
+ vstring_memcat(msg, "\r\n", 2);
+ }
+ if (vstream_ferror(fp))
+ msg_fatal("read %s: %m", message_file);
+ vstream_fclose(fp);
+ vstring_free(buf);
+ message_length = VSTRING_LEN(msg);
+ message_data = vstring_export(msg);
+ send_headers = 0;
+ } else if (message_length > 0) {
+ message_data = mymalloc(message_length);
+ memset(message_data, 'X', message_length);
+ for (i = 80; i < message_length; i += 80) {
+ message_data[i - 80] = "0123456789"[(i / 80) % 10];
+ message_data[i - 2] = '\r';
+ message_data[i - 1] = '\n';
+ }
+ }
+
/*
* Translate endpoint address to internal form.
*/
#include <stringops.h>
/*
- * Global library.
+ * Global library
*/
#include <mail_params.h>
projects / thirdparty / postfix.git / commitdiff
