-TXSASL_CYRUS_SERVER
-TXSASL_DOVECOT_SERVER
-TXSASL_DOVECOT_SERVER_IMPL
+-TXSASL_DOVECOT_SERVER_MECHS
-TXSASL_SERVER
-TXSASL_SERVER_IMPL
-TXSASL_SERVER_IMPL_INFO
to the recipient address domain portion. Based on code by
Koen Vermeer. File: pipe/pipe.c.
- Cleanup: suport for "Delivered-To:" loop detection in the
+ Cleanup: support for "Delivered-To:" loop detection in the
pipe(8) delivery agent. This follows a general principle:
if a program creates the "Delivered-To:" header, then it
is also responsible for "Delivered-To:" loop detection.
between wildcard transport map entry with an "empty" transport
field, or no wildcard transport map entry.
+20070424
+
+ Cleanup: making hard-coded behavior configurable. In this
+ case, extracting 8BITMIME encoding information from
+ Content-Transfer-Encoding: message headers. The default
+ behavior, "detect_8bit_encoding_header = yes", is backwards
+ compatible. This behavior was introduced to generate
+ RFC-compliant bounce messages before Postfix supported the
+ 8BITMIME option in the MAIL FROM command and on the Postfix
+ sendmail command line. Files: cleanup/cleanup_init.c,
+ cleanup/cleanup_message.c, global/mail_params.h.
+
+20070425
+
+ Bugfix: don't falsely report "lost connection from
+ localhost[127.0.0.1]" when Postfix is being portscanned.
+ Files: smtpd/smtpd_peer.c, qmqpd/qmqpd_peer.c.
+
+20070429
+
+ Feature: "postfix status" to report whether Postfix is
+ running. By Mike Cappella.
+
+ Cleanup: configurable address case folding moved from the
+ pipe(8) delivery agent to the library, where it can also
+ be used by other delivery agents. Files: global/fold_addr.[hc].
+
+20070430
+
+ Robustness: recommend a "0" process limit for policy servers
+ to avoid "connection refused" problems when the smtpd process
+ limit exceeds the default process limit. File:
+ proto/SMTPD_POLICY_README.html.
+
+20070501
+
+ Workaround: turn on KEEPALIVE probes to avoided "lost
+ connection after sending end-of-data" problems when some
+ stateful (NAT) filter expires an idle connection too soon.
+ This requires that the kernel's TCP keepalive timer be set
+ to a sufficiently short time (perhaps 100s or less). Files:
+ util/sane_accept.c, util/sane_connect.c.
+
+ Safety: when IPv6 (or IPv4) is turned off, don't treat an
+ IPv6 (or IPv4) connection from e.g. inetd as if it comes
+ from localhost[127.0.0.1]. Files: smtpd/smtpd_peer.c,
+ qmqpd/qmqpd_peer.c.
+
Wish list:
Remove defer(8) and trace(8) references and man pages. These
use something like this:
1 /etc/postfix/master.cf:
- 2 policy unix - n n - - spawn
+ 2 policy unix - n n - 0 spawn
3 user=nobody argv=/some/where/policy-server
4
5 /etc/postfix/main.cf:
"policy_time_limit" setting. The name of the parameter is the name of the
master.cf entry ("policy") concatenated with the "_time_limit" suffix.
+ * Line 2: specify a "0" process limit instead of the default "-", to avoid
+ "connection refused" and other problems when the smtpd process limit
+ exceeds the default_process_limit setting.
+
* Lines 8, 9: always specify "check_policy_service" AFTER
"reject_unauth_destination" or else your system could become an open relay.
* Solaris UNIX-domain sockets do not work reliably. Use TCP sockets instead:
1 /etc/postfix/master.cf:
- 2 127.0.0.1:9998 inet n n n - - spawn
+ 2 127.0.0.1:9998 inet n n n - 0 spawn
3 user=nobody argv=/some/where/policy-server
4
5 /etc/postfix/main.cf:
socket that is accessible by Postfix processes only:
1 /etc/postfix/master.cf:
- 2 policy unix - n n - - spawn
+ 2 policy unix - n n - 0 spawn
3 user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
4
5 /etc/postfix/main.cf:
"policy_time_limit" setting. The name of the parameter is the name of the
master.cf entry ("policy") concatenated with the "_time_limit" suffix.
+ * Line 2: specify a "0" process limit instead of the default "-", to avoid
+ "connection refused" and other problems when the smtpd process limit
+ exceeds the default_process_limit setting.
+
On Solaris you must use inet: style sockets instead of unix: style, as detailed
in the "Policy client/server configuration" section above.
1 /etc/postfix/master.cf:
- 2 127.0.0.1:9998 inet n n n - - spawn
+ 2 127.0.0.1:9998 inet n n n - 0 spawn
3 user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
4
5 /etc/postfix/main.cf:
==============================================
When the pipe(8) delivery agent is configured to create the optional
-Delivered-To: header, it first checks if that same header is already
-present. If so, the mail is returned as undeliverable. This test
-should have been included with Postfix 2.0 when Delivered-To: support
-was added to the pipe(8) delivery agent.
+Delivered-To: header, it now first checks if that same header is
+already present in the message. If so, the message is returned as
+undeliverable. This test should have been included with Postfix 2.0
+when Delivered-To: support was added to the pipe(8) delivery agent.
exit 0
;;
+status)
+
+ $daemon_directory/master -t 2>/dev/null && {
+ $INFO the Postfix mail system is not running
+ exit 1
+ }
+ $INFO the Postfix mail system is running: PID: `sed 1q pid/master.pid`
+ exit 0
+ ;;
+
+
check-fatal)
# This command is NOT part of the public interface.
$SHELL $config_directory/post-install create-missing || {
- $WARN unable to create missing queue directories
+ $FATAL unable to create missing queue directories
exit 1
}
*)
- $FATAL "usage: postfix start (or stop, reload, abort, flush, check, set-permissions, upgrade-configuration)"
+ $FATAL "usage: postfix start (or stop, reload, abort, flush, check, status, set-permissions, upgrade-configuration)"
exit 1
;;
<blockquote>
<pre>
1 /etc/postfix/<a href="master.5.html">master.cf</a>:
- 2 policy unix - n n - - spawn
+ 2 policy unix - n n - 0 spawn
3 user=nobody argv=/some/where/policy-server
4
5 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
the parameter is the name of the <a href="master.5.html">master.cf</a> entry ("policy")
concatenated with the "_time_limit" suffix. </p>
+<li> <p> Line 2: specify a "0" process limit instead of the default
+"-", to avoid "connection refused" and other problems when the smtpd
+process limit exceeds the <a href="postconf.5.html#default_process_limit">default_process_limit</a> setting. </p>
+
<li> <p> Lines 8, 9: always specify "<a href="postconf.5.html#check_policy_service">check_policy_service</a>" AFTER
"<a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>" or else your system could become an
open relay. </p>
<blockquote>
<pre>
1 /etc/postfix/<a href="master.5.html">master.cf</a>:
- 2 127.0.0.1:9998 inet n n n - - spawn
+ 2 127.0.0.1:9998 inet n n n - 0 spawn
3 user=nobody argv=/some/where/policy-server
4
5 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
<blockquote>
<pre>
1 /etc/postfix/<a href="master.5.html">master.cf</a>:
-2 policy unix - n n - - spawn
+2 policy unix - n n - 0 spawn
3 user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
4
5 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
the parameter is the name of the <a href="master.5.html">master.cf</a> entry ("policy")
concatenated with the "_time_limit" suffix. </p>
+<li> <p> Line 2: specify a "0" process limit instead of the default
+"-", to avoid "connection refused" and other problems when the smtpd
+process limit exceeds the <a href="postconf.5.html#default_process_limit">default_process_limit</a> setting. </p>
+
</ul>
<p> On Solaris you must use inet: style sockets instead of unix:
<blockquote>
<pre>
1 /etc/postfix/<a href="master.5.html">master.cf</a>:
-2 127.0.0.1:9998 inet n n n - - spawn
+2 127.0.0.1:9998 inet n n n - 0 spawn
3 user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
4
5 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
information for the message/* or multipart/* MIME
content types.
+ Available in Postfix version 2.5 and later:
+
+ <b><a href="postconf.5.html#detect_8bit_encoding_header">detect_8bit_encoding_header</a> (yes)</b>
+ Automatically detect 8BITMIME body content by look-
+ ing at Content-Transfer-Encoding: message headers;
+ historically, this behavior was hard-coded to be
+ "always on".
+
<b>AUTOMATIC BCC RECIPIENT CONTROLS</b>
Postfix can automatically add BCC (blind carbon copy) when
mail enters the mail system:
<b><a href="postconf.5.html#always_bcc">always_bcc</a> (empty)</b>
- Optional address that receives a "blind carbon
+ Optional address that receives a "blind carbon
copy" of each message that is received by the Post-
fix mail system.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#sender_bcc_maps">sender_bcc_maps</a> (empty)</b>
- Optional BCC (blind carbon-copy) address lookup
+ Optional BCC (blind carbon-copy) address lookup
tables, indexed by sender address.
<b><a href="postconf.5.html#recipient_bcc_maps">recipient_bcc_maps</a> (empty)</b>
- Optional BCC (blind carbon-copy) address lookup
+ Optional BCC (blind carbon-copy) address lookup
tables, indexed by recipient address.
<b>ADDRESS TRANSFORMATION CONTROLS</b>
- Address
rewriting is delegated to the <a href="trivial-rewrite.8.html"><b>trivial-rewrite</b>(8)</a>
- daemon. The <a href="cleanup.8.html"><b>cleanup</b>(8)</a> server implements table driven
+ Address
rewriting is delegated to the <a href="trivial-rewrite.8.html"><b>trivial-rewrite</b>(8)</a>
+ daemon. The <a href="cleanup.8.html"><b>cleanup</b>(8)</a> server implements table driven
address mapping.
<b><a href="postconf.5.html#empty_address_recipient">empty_address_recipient</a> (MAILER-DAEMON)</b>
- The recipient of mail addressed to the null
+ The recipient of mail addressed to the null
address.
<b><a href="postconf.5.html#canonical_maps">canonical_maps</a> (empty)</b>
- Optional address mapping lookup tables for message
+ Optional address mapping lookup tables for message
headers and envelopes.
<b><a href="postconf.5.html#recipient_canonical_maps">recipient_canonical_maps</a> (empty)</b>
Optional address mapping lookup tables for envelope
and header sender addresses.
- <b><a href="postconf.5.html#masquerade_classes">masquerade_classes</a> (envelope_sender, header_sender,</b>
+ <b><a href="postconf.5.html#masquerade_classes">masquerade_classes</a> (envelope_sender, header_sender,</b>
<b>header_recipient)</b>
What addresses are subject to address masquerading.
<b><a href="postconf.5.html#masquerade_domains">masquerade_domains</a> (empty)</b>
- Optional list of domains whose subdomain structure
+ Optional list of domains whose subdomain structure
will be stripped off in email addresses.
<b><a href="postconf.5.html#masquerade_exceptions">masquerade_exceptions</a> (empty)</b>
- Optional list of user names that are not subjected
- to address masquerading, even when their address
+ Optional list of user names that are not subjected
+ to address masquerading, even when their address
matches $<a href="postconf.5.html#masquerade_domains">masquerade_domains</a>.
<b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a> (canonical, virtual)</b>
- What address lookup tables copy an address exten-
+ What address lookup tables copy an address exten-
sion from the lookup key to the lookup result.
Available before Postfix version 2.0:
<b><a href="postconf.5.html#virtual_maps">virtual_maps</a> (empty)</b>
Optional lookup tables with a) names of domains for
- which all addresses are aliased to addresses in
- other local or remote domains, and b) addresses
- that are aliased to addresses in other local or
+ which all addresses are aliased to addresses in
+ other local or remote domains, and b) addresses
+ that are aliased to addresses in other local or
remote domains.
Available in Postfix version 2.0 and later:
<b><a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> ($<a href="postconf.5.html#virtual_maps">virtual_maps</a>)</b>
- Optional lookup tables that alias specific mail
- addresses or domains to other local or remote
+ Optional lookup tables that alias specific mail
+ addresses or domains to other local or remote
address.
Available in Postfix version 2.2 and later:
- <b><a href="postconf.5.html#canonical_classes">canonical_classes</a> (envelope_sender, envelope_recipient,</b>
+ <b><a href="postconf.5.html#canonical_classes">canonical_classes</a> (envelope_sender, envelope_recipient,</b>
<b>header_sender, header_recipient)</b>
- What
addresses are subject to <a href="postconf.5.html#canonical_maps">canonical_maps</a>
+ What
addresses are subject to <a href="postconf.5.html#canonical_maps">canonical_maps</a>
address mapping.
<b><a href="postconf.5.html#recipient_canonical_classes">recipient_canonical_classes</a> (envelope_recipient,</b>
<b>header_recipient)</b>
- What
addresses are subject to <a href="postconf.5.html#recipient_canonical_maps">recipient_canoni</a>-
+ What
addresses are subject to <a href="postconf.5.html#recipient_canonical_maps">recipient_canoni</a>-
<a href="postconf.5.html#recipient_canonical_maps">cal_maps</a> address mapping.
<b><a href="postconf.5.html#sender_canonical_classes">sender_canonical_classes</a> (envelope_sender, header_sender)</b>
address mapping.
<b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> (empty)</b>
- Don't rewrite message headers from remote clients
+ Don't rewrite message headers from remote clients
at all when this parameter is empty; otherwise, re-
- write message headers and append the specified
+ write message headers and append the specified
domain name to incomplete addresses.
<b>RESOURCE AND RATE CONTROLS</b>
<b><a href="postconf.5.html#duplicate_filter_limit">duplicate_filter_limit</a> (1000)</b>
- The maximal number of addresses remembered by the
- address
duplicate filter for <a href="aliases.5.html"><b>aliases</b>(5)</a> or <a href="virtual.5.html"><b>vir-</b></a>
+ The maximal number of addresses remembered by the
+ address
duplicate filter for <a href="aliases.5.html"><b>aliases</b>(5)</a> or <a href="virtual.5.html"><b>vir-</b></a>
<a href="virtual.5.html"><b>tual</b>(5)</a> alias expansion, or for <a href="showq.8.html"><b>showq</b>(8)</a> queue dis-
plays.
message header.
<b><a href="postconf.5.html#hopcount_limit">hopcount_limit</a> (50)</b>
- The maximal number of Received: message headers
+ The maximal number of Received: message headers
that is allowed in the primary message headers.
<b><a href="postconf.5.html#in_flow_delay">in_flow_delay</a> (1s)</b>
- Time to pause before accepting a new message, when
+ Time to pause before accepting a new message, when
the message arrival rate exceeds the message deliv-
ery rate.
<b><a href="postconf.5.html#message_size_limit">message_size_limit</a> (10240000)</b>
- The maximal size in bytes of a message, including
+ The maximal size in bytes of a message, including
envelope information.
Available in Postfix version 2.0 and later:
will handle.
<b><a href="postconf.5.html#queue_file_attribute_count_limit">queue_file_attribute_count_limit</a> (100)</b>
- The maximal number of (name=value) attributes that
+ The maximal number of (name=value) attributes that
may be stored in a Postfix queue file.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#virtual_alias_expansion_limit">virtual_alias_expansion_limit</a> (1000)</b>
- The maximal number of addresses that virtual alias
+ The maximal number of addresses that virtual alias
expansion produces from each original recipient.
<b><a href="postconf.5.html#virtual_alias_recursion_limit">virtual_alias_recursion_limit</a> (1000)</b>
- The maximal nesting depth of virtual alias expan-
+ The maximal nesting depth of virtual alias expan-
sion.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
<a href="master.5.html">master.cf</a> configuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to
- handle a request before it is terminated by a
+ How much time a Postfix daemon process may take to
+ handle a request before it is terminated by a
built-in watchdog timer.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
- The maximal number of digits after the decimal
+ The maximal number of digits after the decimal
point when logging sub-second delay values.
<b><a href="postconf.5.html#delay_warning_time">delay_warning_time</a> (0h)</b>
- The time after which the sender receives the mes-
+ The time after which the sender receives the mes-
sage headers of mail that is still queued.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
over an internal communication channel.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix
- daemon process waits for an incoming connection
+ The maximum amount of time that an idle Postfix
+ daemon process waits for an incoming connection
before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of incoming connections that a
- Postfix daemon process will service before termi-
+ The maximal number of incoming connections that a
+ Postfix daemon process will service before termi-
nating voluntarily.
<b><a href="postconf.5.html#myhostname">myhostname</a> (see 'postconf -d' output)</b>
<b><a href="postconf.5.html#myorigin">myorigin</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
The domain name that locally-posted mail appears to
- come from, and that locally posted mail is deliv-
+ come from, and that locally posted mail is deliv-
ered to.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
+ The process ID of a Postfix command or daemon
process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
+ The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
+ The location of the Postfix top-level queue direc-
tory.
<b><a href="postconf.5.html#soft_bounce">soft_bounce</a> (no)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
+ The mail system name that is prepended to the
+ process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#enable_original_recipient">enable_original_recipient</a> (yes)</b>
- Enable support for the X-Original-To message
+ Enable support for the X-Original-To message
header.
<b>FILES</b>
<a href="CONTENT_INSPECTION_README.html">CONTENT_INSPECTION_README</a> content inspection
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
tion is enabled.
<b><a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a> (noplaintext, noanonymous)</b>
- SASL security options; as of Postfix 2.3 the list
- of available features depends on the SASL client
- implementation that is selected with
- <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
+ Postfix SMTP client SASL security options; as of
+ Postfix 2.3 the list of available features depends
+ on the SASL client implementation that is selected
+
with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
Available in Postfix version 2.2 and later:
will use the appropriate credentials.
<b><a href="postconf.5.html#smtp_sasl_path">smtp_sasl_path</a> (empty)</b>
- Implementation-specific information that is passed
- through to the SASL plug-in implementation that is
- selected with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
+ Implementation-specific information that the Post-
+ fix SMTP client passes through to the SASL plug-in
+ implementation that is selected with
+ <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
<b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a> (cyrus)</b>
- The SASL plug-in type that the Postfix SMTP client
+ The SASL plug-in type that the Postfix SMTP client
should use for authentication.
<b>STARTTLS SUPPORT CONTROLS</b>
- Detailed information about STARTTLS configuration may be
+ Detailed information about STARTTLS configuration may be
found in the <a href="TLS_README.html">TLS_README</a> document.
<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> (empty)</b>
The default SMTP TLS security level for the Postfix
- SMTP client; when a non-empty value is specified,
- this overrides the obsolete parameters
+ SMTP client; when a non-empty value is specified,
+ this overrides the obsolete parameters
<a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>, <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>, and
<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>.
<b><a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a> ($<a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_secu</a>-</b>
<b><a href="postconf.5.html#smtp_sasl_security_options">rity_options</a>)</b>
- The SASL authentication security options that the
- Postfix SMTP client uses for TLS encrypted SMTP
+ The SASL authentication security options that the
+ Postfix SMTP client uses for TLS encrypted SMTP
sessions.
<b><a href="postconf.5.html#smtp_starttls_timeout">smtp_starttls_timeout</a> (300s)</b>
- Time limit for Postfix SMTP client write and read
- operations during TLS startup and shutdown hand-
+ Time limit for Postfix SMTP client write and read
+ operations during TLS startup and shutdown hand-
shake procedures.
<b><a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> (empty)</b>
- The file with the certificate of the certification
- authority (CA) that issued the Postfix SMTP client
+ The file with the certificate of the certification
+ authority (CA) that issued the Postfix SMTP client
certificate.
<b><a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> (empty)</b>
- Directory with PEM format certificate authority
- certificates that the Postfix SMTP client uses to
+ Directory with PEM format certificate authority
+ certificates that the Postfix SMTP client uses to
verify a remote SMTP server certificate.
<b><a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> (empty)</b>
- File with the Postfix SMTP client RSA certificate
+ File with the Postfix SMTP client RSA certificate
in PEM format.
<b><a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> (medium)</b>
- The minimum TLS cipher grade that the Postfix SMTP
+ The minimum TLS cipher grade that the Postfix SMTP
client will use with mandatory TLS encryption.
<b><a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> (empty)</b>
levels.
<b><a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> (empty)</b>
- Additional list of ciphers or cipher types to
- exclude from the SMTP client cipher list at manda-
+ Additional list of ciphers or cipher types to
+ exclude from the SMTP client cipher list at manda-
tory TLS security levels.
<b><a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> (empty)</b>
- File with the Postfix SMTP client DSA certificate
+ File with the Postfix SMTP client DSA certificate
in PEM format.
<b><a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a> ($<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>)</b>
- File with the Postfix SMTP client DSA private key
+ File with the Postfix SMTP client DSA private key
in PEM format.
<b><a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a> ($<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>)</b>
- File with the Postfix SMTP client RSA private key
+ File with the Postfix SMTP client RSA private key
in PEM format.
<b><a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a> (0)</b>
- Enable additional Postfix SMTP client logging of
+ Enable additional Postfix SMTP client logging of
TLS activity.
<b><a href="postconf.5.html#smtp_tls_note_starttls_offer">smtp_tls_note_starttls_offer</a> (no)</b>
- Log the hostname of a remote SMTP server that
- offers STARTTLS, when TLS is not already enabled
+ Log the hostname of a remote SMTP server that
+ offers STARTTLS, when TLS is not already enabled
for that server.
<b><a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> (empty)</b>
Optional lookup tables with the Postfix SMTP client
TLS security policy by next-hop destination; when a
- non-empty value is specified, this overrides the
+ non-empty value is specified, this overrides the
obsolete <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> parameter.
<b><a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> (SSLv3, TLSv1)</b>
- List of TLS protocols that the Postfix SMTP client
+ List of TLS protocols that the Postfix SMTP client
will use with mandatory TLS encryption.
<b><a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> (5)</b>
- The verification depth for remote SMTP server cer-
+ The verification depth for remote SMTP server cer-
tificates.
<b><a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> (nexthop, dot-nexthop)</b>
for the "secure" TLS security level.
<b><a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> (empty)</b>
- Name of the file containing the optional Postfix
+ Name of the file containing the optional Postfix
SMTP client TLS session cache.
<b><a href="postconf.5.html#smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a> (3600s)</b>
for the "verify" TLS security level.
<b><a href="postconf.5.html#tls_daemon_random_bytes">tls_daemon_random_bytes</a> (32)</b>
- The
number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a>
- or
<a href="smtpd.8.html"><b>smtpd</b>(8)</a> process requests from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a>
- server in order to seed its internal pseudo random
+ The
number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a>
+ or
<a href="smtpd.8.html"><b>smtpd</b>(8)</a> process requests from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a>
+ server in order to seed its internal pseudo random
number generator (PRNG).
<b><a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a></b>
ciphers.
<b><a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a> (ALL:!EXPORT:+RC4:@STRENGTH)</b>
- The OpenSSL cipherlist for "LOW" or higher grade
+ The OpenSSL cipherlist for "LOW" or higher grade
ciphers.
<b><a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> (ALL:+RC4:@STRENGTH)</b>
ciphers.
<b><a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> (eNULL:!aNULL)</b>
- The OpenSSL cipherlist for "NULL" grade ciphers
+ The OpenSSL cipherlist for "NULL" grade ciphers
that provide authentication without encryption.
Available in Postfix version 2.4 and later:
<b><a href="postconf.5.html#smtp_sasl_tls_verified_security_options">smtp_sasl_tls_verified_security_options</a></b>
<b>($<a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a>)</b>
- The SASL authentication security options that the
- Postfix SMTP client uses for TLS encrypted SMTP
+ The SASL authentication security options that the
+ Postfix SMTP client uses for TLS encrypted SMTP
sessions with a verified server certificate.
<b>OBSOLETE STARTTLS CONTROLS</b>
- The following configuration parameters exist for compati-
+ The following configuration parameters exist for compati-
bility with Postfix versions before 2.3. Support for these
will be removed in a future release.
<b><a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> (no)</b>
- Opportunistic mode: use TLS when a remote SMTP
- server announces STARTTLS support, otherwise send
+ Opportunistic mode: use TLS when a remote SMTP
+ server announces STARTTLS support, otherwise send
the mail in the clear.
<b><a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> (no)</b>
- Enforcement mode: require that remote SMTP servers
- use TLS encryption, and never send mail in the
+ Enforcement mode: require that remote SMTP servers
+ use TLS encryption, and never send mail in the
clear.
<b><a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> (yes)</b>
- With mandatory TLS encryption, require that the
+ With mandatory TLS encryption, require that the
remote SMTP server hostname matches the information
in the remote SMTP server certificate.
<b><a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> (empty)</b>
Optional lookup tables with the Postfix SMTP client
- TLS usage policy by next-hop destination and by
+ TLS usage policy by next-hop destination and by
remote SMTP server hostname.
<b><a href="postconf.5.html#smtp_tls_cipherlist">smtp_tls_cipherlist</a> (empty)</b>
<b>RESOURCE AND RATE CONTROLS</b>
<b><a href="postconf.5.html#smtp_destination_concurrency_limit">smtp_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destina</a>-</b>
<b><a href="postconf.5.html#default_destination_concurrency_limit">tion_concurrency_limit</a>)</b>
- The maximal number of parallel deliveries to the
- same destination via the smtp message delivery
+ The maximal number of parallel deliveries to the
+ same destination via the smtp message delivery
transport.
<b><a href="postconf.5.html#smtp_destination_recipient_limit">smtp_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destina</a>-</b>
<b><a href="postconf.5.html#default_destination_recipient_limit">tion_recipient_limit</a>)</b>
- The maximal number of recipients per delivery via
+ The maximal number of recipients per delivery via
the smtp message delivery transport.
<b><a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a> (30s)</b>
- The SMTP client time limit for completing a TCP
+ The SMTP client time limit for completing a TCP
connection, or zero (use the operating system
built-in time limit).
<b><a href="postconf.5.html#smtp_helo_timeout">smtp_helo_timeout</a> (300s)</b>
- The SMTP client time limit for sending the HELO or
- EHLO command, and for receiving the initial server
+ The SMTP client time limit for sending the HELO or
+ EHLO command, and for receiving the initial server
response.
<b><a href="postconf.5.html#lmtp_lhlo_timeout">lmtp_lhlo_timeout</a> (300s)</b>
- The LMTP client time limit for sending the LHLO
+ The LMTP client time limit for sending the LHLO
command, and for receiving the initial server
response.
command, and for receiving the server response.
<b><a href="postconf.5.html#smtp_mail_timeout">smtp_mail_timeout</a> (300s)</b>
- The SMTP client time limit for sending the MAIL
- FROM command, and for receiving the server
+ The SMTP client time limit for sending the MAIL
+ FROM command, and for receiving the server
response.
<b><a href="postconf.5.html#smtp_rcpt_timeout">smtp_rcpt_timeout</a> (300s)</b>
- The SMTP client time limit for sending the SMTP
- RCPT TO command, and for receiving the server
+ The SMTP client time limit for sending the SMTP
+ RCPT TO command, and for receiving the server
response.
<b><a href="postconf.5.html#smtp_data_init_timeout">smtp_data_init_timeout</a> (120s)</b>
- The SMTP client time limit for sending the SMTP
- DATA command, and for receiving the server
+ The SMTP client time limit for sending the SMTP
+ DATA command, and for receiving the server
response.
<b><a href="postconf.5.html#smtp_data_xfer_timeout">smtp_data_xfer_timeout</a> (180s)</b>
- The SMTP client time limit for sending the SMTP
+ The SMTP client time limit for sending the SMTP
message content.
<b><a href="postconf.5.html#smtp_data_done_timeout">smtp_data_done_timeout</a> (600s)</b>
- The SMTP client time limit for sending the SMTP
+ The SMTP client time limit for sending the SMTP
".", and for receiving the server response.
<b><a href="postconf.5.html#smtp_quit_timeout">smtp_quit_timeout</a> (300s)</b>
- The SMTP client time limit for sending the QUIT
+ The SMTP client time limit for sending the QUIT
command, and for receiving the server response.
Available in Postfix version 2.1 and later:
lookups, or zero (no limit).
<b><a href="postconf.5.html#smtp_mx_session_limit">smtp_mx_session_limit</a> (2)</b>
- The maximal number of SMTP sessions per delivery
- request before giving up or delivering to a fall-
+ The maximal number of SMTP sessions per delivery
+ request before giving up or delivering to a fall-
back <a href="postconf.5.html#relayhost">relay host</a>, or zero (no limit).
<b><a href="postconf.5.html#smtp_rset_timeout">smtp_rset_timeout</a> (20s)</b>
- The SMTP client time limit for sending the RSET
+ The SMTP client time limit for sending the RSET
command, and for receiving the server response.
Available in Postfix version 2.2 and earlier:
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> (empty)</b>
- Permanently enable SMTP connection caching for the
+ Permanently enable SMTP connection caching for the
specified destinations.
<b><a href="postconf.5.html#smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a> (yes)</b>
- Temporarily enable SMTP connection caching while a
+ Temporarily enable SMTP connection caching while a
destination has a high volume of mail in the active
queue.
<b><a href="postconf.5.html#smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a> (2s)</b>
When SMTP connection caching is enabled, the amount
- of time that an unused SMTP client socket is kept
+ of time that an unused SMTP client socket is kept
open before it is closed.
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#connection_cache_protocol_timeout">connection_cache_protocol_timeout</a> (5s)</b>
- Time limit for connection cache connect, send or
+ Time limit for connection cache connect, send or
receive operations.
<b>TROUBLE SHOOTING CONTROLS</b>
<b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
- The increment in verbose logging level when a
- remote client or server matches a pattern in the
+ The increment in verbose logging level when a
+ remote client or server matches a pattern in the
<a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
<b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
- Optional list of remote client or server hostname
- or network address patterns that cause the verbose
- logging level to increase by the amount specified
+ Optional list of remote client or server hostname
+ or network address patterns that cause the verbose
+ logging level to increase by the amount specified
in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
<b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b>
- The recipient of postmaster notifications about
- mail delivery problems that are caused by policy,
+ The recipient of postmaster notifications about
+ mail delivery problems that are caused by policy,
resource, software or protocol errors.
<b><a href="postconf.5.html#internal_mail_filter_classes">internal_mail_filter_classes</a> (empty)</b>
- What categories of Postfix-generated mail are sub-
- ject to before-queue content inspection by
+ What categories of Postfix-generated mail are sub-
+ ject to before-queue content inspection by
<a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>, <a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>.
<b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
- The list of error classes that are reported to the
+ The list of error classes that are reported to the
postmaster.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#best_mx_transport">best_mx_transport</a> (empty)</b>
- Where the Postfix SMTP client should deliver mail
+ Where the Postfix SMTP client should deliver mail
when it detects a "mail loops back to myself" error
condition.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
<a href="master.5.html">master.cf</a> configuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to
- handle a request before it is terminated by a
+ How much time a Postfix daemon process may take to
+ handle a request before it is terminated by a
built-in watchdog timer.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
- The maximal number of digits after the decimal
+ The maximal number of digits after the decimal
point when logging sub-second delay values.
<b><a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> (no)</b>
- Disable DNS lookups in the Postfix SMTP and LMTP
+ Disable DNS lookups in the Postfix SMTP and LMTP
clients.
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b>
tem receives mail on.
<b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (ipv4)</b>
- The Internet protocols Postfix will attempt to use
+ The Internet protocols Postfix will attempt to use
when making or accepting connections.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
over an internal communication channel.
<b><a href="postconf.5.html#lmtp_tcp_port">lmtp_tcp_port</a> (24)</b>
- The default TCP port that the Postfix LMTP client
+ The default TCP port that the Postfix LMTP client
connects to.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix
- daemon process waits for an incoming connection
+ The maximum amount of time that an idle Postfix
+ daemon process waits for an incoming connection
before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of incoming connections that a
- Postfix daemon process will service before termi-
+ The maximal number of incoming connections that a
+ Postfix daemon process will service before termi-
nating voluntarily.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
+ The process ID of a Postfix command or daemon
process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
+ The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b>
The network interface addresses that this mail sys-
- tem receives mail on by way of a proxy or network
+ tem receives mail on by way of a proxy or network
address translation unit.
<b><a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> (empty)</b>
- An optional numerical network address that the
- Postfix SMTP client should bind to when making an
+ An optional numerical network address that the
+ Postfix SMTP client should bind to when making an
IPv4 connection.
<b><a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> (empty)</b>
- An optional numerical network address that the
- Postfix SMTP client should bind to when making an
+ An optional numerical network address that the
+ Postfix SMTP client should bind to when making an
IPv6 connection.
<b><a href="postconf.5.html#smtp_helo_name">smtp_helo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
- The hostname to send in the SMTP EHLO or HELO com-
+ The hostname to send in the SMTP EHLO or HELO com-
mand.
<b><a href="postconf.5.html#lmtp_lhloname">lmtp_lhlo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
The hostname to send in the LMTP LHLO command.
<b><a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a> (dns)</b>
- What mechanisms when the Postfix SMTP client uses
+ What mechanisms when the Postfix SMTP client uses
to look up a host's IP address.
<b><a href="postconf.5.html#smtp_randomize_addresses">smtp_randomize_addresses</a> (yes)</b>
- Randomize the order of equal-preference MX host
+ Randomize the order of equal-preference MX host
addresses.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
+ The mail system name that is prepended to the
+ process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
Available with Postfix 2.2 and earlier:
<b><a href="postconf.5.html#fallback_relay">fallback_relay</a> (empty)</b>
- Optional list of relay hosts for SMTP destinations
+ Optional list of relay hosts for SMTP destinations
that can't be found or that are unreachable.
Available with Postfix 2.3 and later:
<b><a href="postconf.5.html#smtp_fallback_relay">smtp_fallback_relay</a> ($<a href="postconf.5.html#fallback_relay">fallback_relay</a>)</b>
- Optional list of relay hosts for SMTP destinations
+ Optional list of relay hosts for SMTP destinations
that can't be found or that are unreachable.
<b>SEE ALSO</b>
<a href="TLS_README.html">TLS_README</a>, Postfix STARTTLS howto
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
(Postfix 2.5 and later): if a message
already contains a <b>Delivered-To:</b> header with
the same recipient address, then the message
- is returned as undeliverable.
+ is returned as undeliverable. The address
+ comparison is case insensitive.
This feature is available as of Postfix 2.0.
- <b>F</b> Prepend a "<b>From</b> <i>sender time</i><b>_</b><i>stamp</i>" envelope
- header to the message content. This is
+ <b>F</b> Prepend a "<b>From</b> <i>sender time</i><b>_</b><i>stamp</i>" envelope
+ header to the message content. This is
expected by, for example, <b>UUCP</b> software.
- <b>O</b> Prepend an "<b>X-Original-To:</b> <i>recipient</i>" mes-
- sage header with the recipient address as
- given to Postfix. Note: for this to work,
+ <b>O</b> Prepend an "<b>X-Original-To:</b> <i>recipient</i>" mes-
+ sage header with the recipient address as
+ given to Postfix. Note: for this to work,
the <i>transport</i><b>_destination_recipient_limit</b>
- must be 1 (see SINGLE-RECIPIENT DELIVERY
+ must be 1 (see SINGLE-RECIPIENT DELIVERY
above for details).
This feature is available as of Postfix 2.0.
- <b>R</b> Prepend a <b>Return-Path:</b> message header with
+ <b>R</b> Prepend a <b>Return-Path:</b> message header with
the envelope sender address.
<b>h</b> Fold the command-line <b>$recipient</b> address
domain part (text to the right of the right-
- most <b>@</b> character) to lower case; fold the
+ most <b>@</b> character) to lower case; fold the
entire command-line <b>$domain</b> and <b>$nexthop</b>
- host or domain information to lower case.
+ host or domain information to lower case.
This is recommended for delivery via <b>UUCP</b>.
- <b>q</b> Quote white space and other special charac-
+ <b>q</b> Quote white space and other special charac-
ters in the command-line <b>$sender</b> and <b>$recip-</b>
<b>ient</b> address localparts (text to the left of
the right-most <b>@</b> character), according to an
- 8-bit transparent version of <a href="http://www.faqs.org/rfcs/rfc822.html">RFC 822</a>. This
- is recommended for delivery via <b>UUCP</b> or
+ 8-bit transparent version of <a href="http://www.faqs.org/rfcs/rfc822.html">RFC 822</a>. This
+ is recommended for delivery via <b>UUCP</b> or
<b>BSMTP</b>.
- The result is compatible with the address
- parsing of command-line recipients by the
+ The result is compatible with the address
+ parsing of command-line recipients by the
Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> mail submission command.
- The <b>q</b> flag affects only entire addresses,
+ The <b>q</b> flag affects only entire addresses,
not the partial address information from the
- <b>$user</b>, <b>$extension</b> or <b>$mailbox</b> command-line
+ <b>$user</b>, <b>$extension</b> or <b>$mailbox</b> command-line
macros.
<b>u</b> Fold the command-line <b>$recipient</b> address
- localpart (text to the left of the right-
- most <b>@</b> character) to lower case. This is
+ localpart (text to the left of the right-
+ most <b>@</b> character) to lower case. This is
recommended for delivery via <b>UUCP</b>.
<b>.</b> Prepend "<b>.</b>" to lines starting with "<b>.</b>". This
is needed by, for example, <b>BSMTP</b> software.
- > Prepend ">" to lines starting with "<b>From</b> ".
+ > Prepend ">" to lines starting with "<b>From</b> ".
This is expected by, for example, <b>UUCP</b> soft-
ware.
<b>null_sender</b>=<i>replacement</i> (default: MAILER-DAEMON)
Replace the null sender address (typically used for
- delivery status notifications) with the specified
+ delivery status notifications) with the specified
text when expanding the <b>$sender</b> command-line macro,
and when generating a From_ or Return-Path: message
header.
- If the null sender replacement text is a non-empty
- string then it is affected by the <b>q</b> flag for
+ If the null sender replacement text is a non-empty
+ string then it is affected by the <b>q</b> flag for
address quoting in command-line arguments.
The null sender replacement text may be empty; this
- form is recommended for content filters that feed
+ form is recommended for content filters that feed
mail back into Postfix. The empty sender address is
- not affected by the <b>q</b> flag for address quoting in
+ not affected by the <b>q</b> flag for address quoting in
command-line arguments.
Caution: a null sender address is easily mis-parsed
- by
naive software. For example, when the <a href="pipe.8.html"><b>pipe</b>(8)</a>
+ by
naive software. For example, when the <a href="pipe.8.html"><b>pipe</b>(8)</a>
daemon executes a command such as:
command -f$sender -- $recipient (<i>bad</i>)
the command will mis-parse the -f option value when
- the sender address is a null string. For correct
+ the sender address is a null string. For correct
parsing, specify <b>$sender</b> as an argument by itself:
command -f $sender -- $recipient (<i>good</i>)
<b>user</b>=<i>username</i>:<i>groupname</i>
Execute the external command with the rights of the
- specified <i>username</i>. The software refuses to exe-
- cute commands with root privileges, or with the
- privileges of the mail system owner. If <i>groupname</i>
- is specified, the corresponding group ID is used
+ specified <i>username</i>. The software refuses to exe-
+ cute commands with root privileges, or with the
+ privileges of the mail system owner. If <i>groupname</i>
+ is specified, the corresponding group ID is used
instead of the group ID of <i>username</i>.
<b>argv</b>=<i>command</i>... (required)
- The command to be executed. This must be specified
+ The command to be executed. This must be specified
as the last command attribute. The command is exe-
cuted directly, i.e. without interpretation of
- shell meta characters by a shell command inter-
+ shell meta characters by a shell command inter-
preter.
In the command argument vector, the following
macros are recognized and replaced with correspond-
- ing information from the Postfix queue manager
+ ing information from the Postfix queue manager
delivery request.
- In addition to the form ${<i>name</i>}, the forms $<i>name</i>
- and $(<i>name</i>) are also recognized. Specify <b>$$</b> where
+ In addition to the form ${<i>name</i>}, the forms $<i>name</i>
+ and $(<i>name</i>) are also recognized. Specify <b>$$</b> where
a single <b>$</b> is wanted.
<b>${client_address</b>}
This macro expands to the remote client net-
work address.
- This is available in Postfix 2.2 and later.
+ This is available in Postfix 2.2 and later.
<b>${client_helo</b>}
This macro expands to the remote client HELO
command parameter.
- This is available in Postfix 2.2 and later.
+ This is available in Postfix 2.2 and later.
<b>${client_hostname</b>}
- This macro expands to the remote client
+ This macro expands to the remote client
hostname.
- This is available in Postfix 2.2 and later.
+ This is available in Postfix 2.2 and later.
<b>${client_protocol</b>}
This macro expands to the remote client pro-
tocol.
- This is available in Postfix 2.2 and later.
+ This is available in Postfix 2.2 and later.
<b>${domain</b>}
- This macro expands to the domain portion of
+ This macro expands to the domain portion of
the recipient address. For example, with an
- address <i>user+foo@domain</i> the domain is
+ address <i>user+foo@domain</i> the domain is
<i>domain</i>.
- This information is modified by the <b>h</b> flag
+ This information is modified by the <b>h</b> flag
for case folding.
- This is available in Postfix 2.5 and later.
+ This is available in Postfix 2.5 and later.
<b>${extension</b>}
- This macro expands to the extension part of
- a recipient address. For example, with an
+ This macro expands to the extension part of
+ a recipient address. For example, with an
address <i>user+foo@domain</i> the extension is
<i>foo</i>.
- A command-line argument that contains
- <b>${extension</b>} expands into as many command-
+ A command-line argument that contains
+ <b>${extension</b>} expands into as many command-
line arguments as there are recipients.
- This information is modified by the <b>u</b> flag
+ This information is modified by the <b>u</b> flag
for case folding.
<b>${mailbox</b>}
- This macro expands to the complete local
- part of a recipient address. For example,
- with an address <i>user+foo@domain</i> the mailbox
+ This macro expands to the complete local
+ part of a recipient address. For example,
+ with an address <i>user+foo@domain</i> the mailbox
is <i>user+foo</i>.
- A command-line argument that contains
- <b>${mailbox</b>} expands to as many command-line
+ A command-line argument that contains
+ <b>${mailbox</b>} expands to as many command-line
arguments as there are recipients.
- This information is modified by the <b>u</b> flag
+ This information is modified by the <b>u</b> flag
for case folding.
<b>${nexthop</b>}
This macro expands to the next-hop hostname.
- This information is modified by the <b>h</b> flag
+ This information is modified by the <b>h</b> flag
for case folding.
<b>${recipient</b>}
This macro expands to the complete recipient
address.
- A command-line argument that contains
+ A command-line argument that contains
<b>${recipient</b>} expands to as many command-line
arguments as there are recipients.
- This information is modified by the <b>hqu</b>
+ This information is modified by the <b>hqu</b>
flags for quoting and case folding.
<b>${sasl_method</b>}
- This macro expands to the SASL authentica-
- tion mechanism used during the reception of
- the message. An empty string is passed if
- the message has been received without SASL
+ This macro expands to the SASL authentica-
+ tion mechanism used during the reception of
+ the message. An empty string is passed if
+ the message has been received without SASL
authentication.
- This is available in Postfix 2.2 and later.
+ This is available in Postfix 2.2 and later.
<b>${sasl_sender</b>}
- This macro expands to the SASL sender name
- (i.e.
the original submitter as per <a href="http://www.faqs.org/rfcs/rfc2554.html">RFC</a>
- <a href="http://www.faqs.org/rfcs/rfc2554.html">2554</a>) used during the reception of the mes-
+ This macro expands to the SASL sender name
+ (i.e.
the original submitter as per <a href="http://www.faqs.org/rfcs/rfc2554.html">RFC</a>
+ <a href="http://www.faqs.org/rfcs/rfc2554.html">2554</a>) used during the reception of the mes-
sage.
- This is available in Postfix 2.2 and later.
+ This is available in Postfix 2.2 and later.
<b>${sasl_username</b>}
- This macro expands to the SASL user name
+ This macro expands to the SASL user name
used during the reception of the message. An
- empty string is passed if the message has
+ empty string is passed if the message has
been received without SASL authentication.
- This is available in Postfix 2.2 and later.
+ This is available in Postfix 2.2 and later.
<b>${sender</b>}
- This macro expands to the envelope sender
+ This macro expands to the envelope sender
address. By default, the null sender address
- expands to MAILER-DAEMON; this can be
- changed with the <b>null_sender</b> attribute, as
+ expands to MAILER-DAEMON; this can be
+ changed with the <b>null_sender</b> attribute, as
described above.
- This information is modified by the <b>q</b> flag
+ This information is modified by the <b>q</b> flag
for quoting.
<b>${size</b>}
- This macro expands to Postfix's idea of the
- message size, which is an approximation of
+ This macro expands to Postfix's idea of the
+ message size, which is an approximation of
the size of the message as delivered.
<b>${user</b>}
This macro expands to the username part of a
- recipient address. For example, with an
+ recipient address. For example, with an
address <i>user+foo@domain</i> the username part is
<i>user</i>.
- A command-line argument that contains
- <b>${user</b>} expands into as many command-line
+ A command-line argument that contains
+ <b>${user</b>} expands into as many command-line
arguments as there are recipients.
- This information is modified by the <b>u</b> flag
+ This information is modified by the <b>u</b> flag
for case folding.
<b>STANDARDS</b>
<a href="http://www.faqs.org/rfcs/rfc3463.html">RFC 3463</a> (Enhanced status codes)
<b>DIAGNOSTICS</b>
- Command exit status codes are expected to follow the con-
- ventions defined in <<b>sysexits.h</b>>. Exit status 0 means
+ Command exit status codes are expected to follow the con-
+ ventions defined in <<b>sysexits.h</b>>. Exit status 0 means
normal successful completion.
- Postfix version 2.3 and later support <a href="http://www.faqs.org/rfcs/rfc3463.html">RFC 3463</a>-style
- enhanced status codes. If a command terminates with a
- non-zero exit status, and the command output begins with
+ Postfix version 2.3 and later support <a href="http://www.faqs.org/rfcs/rfc3463.html">RFC 3463</a>-style
+ enhanced status codes. If a command terminates with a
+ non-zero exit status, and the command output begins with
an enhanced status code, this status code takes precedence
over the non-zero exit status.
- Problems and transactions are logged to <b>syslogd</b>(8). Cor-
- rupted message files are marked so that the queue manager
+ Problems and transactions are logged to <b>syslogd</b>(8). Cor-
+ rupted message files are marked so that the queue manager
can move them to the <b>corrupt</b> queue for further inspection.
<b>SECURITY</b>
- This program needs a dual personality 1) to access the
- private Postfix queue and IPC mechanisms, and 2) to exe-
+ This program needs a dual personality 1) to access the
+ private Postfix queue and IPC mechanisms, and 2) to exe-
cute external commands as the specified user. It is there-
fore security sensitive.
<b>CONFIGURATION PARAMETERS</b>
- Changes
to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically as <a href="pipe.8.html"><b>pipe</b>(8)</a>
- processes run for only a limited amount of time. Use the
+ Changes
to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically as <a href="pipe.8.html"><b>pipe</b>(8)</a>
+ processes run for only a limited amount of time. Use the
command "<b>postfix reload</b>" to speed up a change.
- The text below provides only a parameter summary. See
+ The text below provides only a parameter summary. See
<a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
<b>RESOURCE AND RATE CONTROLS</b>
- In the text below, <i>transport</i> is the first field in a <b>mas-</b>
+ In the text below, <i>transport</i> is the first field in a <b>mas-</b>
<b>ter.cf</b> entry.
<i>transport</i><b>_destination_concurrency_limit ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destina</a>-</b>
<b><a href="postconf.5.html#default_destination_concurrency_limit">tion_concurrency_limit</a>)</b>
Limit the number of parallel deliveries to the same
- destination, for delivery via the named <i>transport</i>.
+ destination, for delivery via the named <i>transport</i>.
The limit is enforced by the Postfix queue manager.
<i>transport</i><b>_destination_recipient_limit ($<a href="postconf.5.html#default_destination_recipient_limit">default_destina</a>-</b>
<b><a href="postconf.5.html#default_destination_recipient_limit">tion_recipient_limit</a>)</b>
- Limit the number of recipients per message deliv-
- ery, for delivery via the named <i>transport</i>. The
+ Limit the number of recipients per message deliv-
+ ery, for delivery via the named <i>transport</i>. The
limit is enforced by the Postfix queue manager.
<i>transport</i><b>_time_limit ($<a href="postconf.5.html#command_time_limit">command_time_limit</a>)</b>
- Limit the time for delivery to external command,
+ Limit the time for delivery to external command,
for delivery via the named <i>transport</i>. The limit is
enforced by the pipe delivery agent.
- Postfix 2.4 and later support a suffix that speci-
- fies the time unit: s (seconds), m (minutes), h
+ Postfix 2.4 and later support a suffix that speci-
+ fies the time unit: s (seconds), m (minutes), h
(hours), d (days), w (weeks). The default time unit
is seconds.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
<a href="master.5.html">master.cf</a> configuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to
- handle a request before it is terminated by a
+ How much time a Postfix daemon process may take to
+ handle a request before it is terminated by a
built-in watchdog timer.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
- The maximal number of digits after the decimal
+ The maximal number of digits after the decimal
point when logging sub-second delay values.
<b><a href="postconf.5.html#export_environment">export_environment</a> (see 'postconf -d' output)</b>
- The list of environment variables that a Postfix
+ The list of environment variables that a Postfix
process will export to non-Postfix processes.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
and most Postfix daemon processes.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix
- daemon process waits for an incoming connection
+ The maximum amount of time that an idle Postfix
+ daemon process waits for an incoming connection
before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of incoming connections that a
- Postfix daemon process will service before termi-
+ The maximal number of incoming connections that a
+ Postfix daemon process will service before termi-
nating voluntarily.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
+ The process ID of a Postfix command or daemon
process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
+ The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
+ The location of the Postfix top-level queue direc-
tory.
<b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> (empty)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
+ The mail system name that is prepended to the
+ process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
<b>SEE ALSO</b>
syslogd(8), system logging
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
<b>tcp</b> (read-only)
Perform lookups using a simple request-reply
protocol that is described in <a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>.
- This feature is not included with Postfix
- 2.2.
+ This feature is not included with the stable
+ Postfix release.
<b>unix</b> (read-only)
A limited way to query the UNIX authentica-
</p>
+</DD>
+
+<DT><b><a name="detect_8bit_encoding_header">detect_8bit_encoding_header</a>
+(default: yes)</b></DT><DD>
+
+<p> Automatically detect 8BITMIME body content by looking at
+Content-Transfer-Encoding: message headers; historically, this
+behavior was hard-coded to be "always on". </p>
+
+<p> This feature is available in Postfix 2.5 and later. </p>
+
+
</DD>
<DT><b><a name="disable_dns_lookups">disable_dns_lookups</a>
<DT><b><a name="smtp_sasl_path">smtp_sasl_path</a>
(default: empty)</b></DT><DD>
-<p> Implementation-specific information that is passed through to
+<p> Implementation-specific information that the Postfix SMTP client
+passes through to
the SASL plug-in implementation that is selected with
<b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>. Typically this specifies the name of a
configuration file or rendezvous point. </p>
<DT><b><a name="smtp_sasl_security_options">smtp_sasl_security_options</a>
(default: noplaintext, noanonymous)</b></DT><DD>
-<p> SASL security options; as of Postfix 2.3 the list of available
+<p> Postfix SMTP client SASL security options; as of Postfix 2.3
+the list of available
features depends on the SASL client implementation that is selected
with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>. </p>
(default: smtpd)</b></DT><DD>
<p>
-The application name used for SASL server initialization. This
+The application name that the Postfix SMTP server uses for SASL
+server initialization. This
controls the name of the SASL configuration file. The default value
is <b>smtpd</b>, corresponding to a SASL configuration file named
<b>smtpd.conf</b>.
(default: empty)</b></DT><DD>
<p>
-What SMTP clients Postfix will not offer AUTH support to.
+What remote SMTP clients the Postfix SMTP server will not offer
+AUTH support to.
</p>
<p>
(default: empty)</b></DT><DD>
<p>
-The name of the local SASL authentication realm.
+The name of the Postfix SMTP server's local SASL authentication
+realm.
</p>
<p>
<DT><b><a name="smtpd_sasl_path">smtpd_sasl_path</a>
(default: smtpd)</b></DT><DD>
-<p> Implementation-specific information that is passed through to
+<p> Implementation-specific information that the Postfix SMTP server
+passes through to
the SASL plug-in implementation that is selected with
<b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b>. Typically this specifies the name of a
configuration file or rendezvous point. </p>
<DT><b><a name="smtpd_sasl_security_options">smtpd_sasl_security_options</a>
(default: noanonymous)</b></DT><DD>
-<p> SASL security options; as of Postfix 2.3 the list of available
+<p> Postfix SMTP server SASL security options; as of Postfix 2.3
+the list of available
features depends on the SASL server implementation that is selected
with <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b>. </p>
<b>reload</b> Re-read configuration files. Running processes ter-
minate at their earliest convenience.
+ <b>status</b> Indicate if the Postfix mail system is currently
+ running.
+
<b>set-permissions [</b><i>name</i>=<i>value ...</i><b>]</b>
- Set the ownership and permissions of Postfix
- related files and directories, as specified in the
+ Set the ownership and permissions of Postfix
+ related files and directories, as specified in the
<b>postfix-files</b> file.
- Specify <i>name</i>=<i>value</i> to override and update specific
- <a href="postconf.5.html">main.cf</a> configuration parameters. Use this, for
- example,
to change the <b><a href="postconf.5.html#mail_owner">mail_owner</a></b> or <b><a href="postconf.5.html#setgid_group">setgid_group</a></b>
+ Specify <i>name</i>=<i>value</i> to override and update specific
+ <a href="postconf.5.html">main.cf</a> configuration parameters. Use this, for
+ example,
to change the <b><a href="postconf.5.html#mail_owner">mail_owner</a></b> or <b><a href="postconf.5.html#setgid_group">setgid_group</a></b>
setting for an already installed Postfix system.
This feature is available in Postfix 2.1 and later.
<b>fix/post-install set-permissions</b>".
<b>upgrade-configuration [</b><i>name</i>=<i>value ...</i><b>]</b>
- Update the <a href="postconf.5.html"><b>main.cf</b></a> and <a href="master.5.html"><b>master.cf</b></a> files with infor-
- mation that Postfix needs in order to run: add or
- update services, and add or update configuration
+ Update the <a href="postconf.5.html"><b>main.cf</b></a> and <a href="master.5.html"><b>master.cf</b></a> files with infor-
+ mation that Postfix needs in order to run: add or
+ update services, and add or update configuration
parameter settings.
- Specify <i>name</i>=<i>value</i> to override and update specific
+ Specify <i>name</i>=<i>value</i> to override and update specific
<a href="postconf.5.html">main.cf</a> configuration parameters.
This feature is available in Postfix 2.1 and later.
The following options are implemented:
<b>-c</b> <i>config</i><b>_</b><i>dir</i>
- Read the <a href="postconf.5.html"><b>main.cf</b></a> and <a href="master.5.html"><b>master.cf</b></a> configuration files
- in the named directory instead of the default con-
+ Read the <a href="postconf.5.html"><b>main.cf</b></a> and <a href="master.5.html"><b>master.cf</b></a> configuration files
+ in the named directory instead of the default con-
figuration directory. Use this to distinguish
- between multiple Postfix instances on the same
+ between multiple Postfix instances on the same
host.
<b>-D</b> (with <b>postfix start</b> only)
parameter.
<b>-v</b> Enable verbose logging for debugging purposes. Mul-
- tiple <b>-v</b> options make the software increasingly
+ tiple <b>-v</b> options make the software increasingly
verbose.
<b>ENVIRONMENT</b>
- The <a href="postfix.1.html"><b>postfix</b>(1)</a> command exports the following environment
+ The <a href="postfix.1.html"><b>postfix</b>(1)</a> command exports the following environment
variables before executing the <b>postfix-script</b> file:
<b>MAIL_CONFIG</b>
- This is set when the -c command-line option is
+ This is set when the -c command-line option is
present.
<b>MAIL_VERBOSE</b>
- This is set when the -v command-line option is
+ This is set when the -v command-line option is
present.
<b>MAIL_DEBUG</b>
- This is set when the -D command-line option is
+ This is set when the -D command-line option is
present.
<b>CONFIGURATION PARAMETERS</b>
- The following <a href="postconf.5.html"><b>main.cf</b></a> configuration parameters are
+ The following <a href="postconf.5.html"><b>main.cf</b></a> configuration parameters are
exported as environment variables with the same names:
<b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
- The location of all postfix administrative com-
+ The location of all postfix administrative com-
mands.
<b><a href="postconf.5.html#daemon_directory">daemon_directory</a> (see 'postconf -d' output)</b>
- The directory with Postfix support programs and
+ The directory with Postfix support programs and
daemon programs.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
<a href="master.5.html">master.cf</a> configuration files.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
+ The location of the Postfix top-level queue direc-
tory.
<b><a href="postconf.5.html#mail_owner">mail_owner</a> (postfix)</b>
location of the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command.
<b><a href="postconf.5.html#newaliases_path">newaliases_path</a> (see 'postconf -d' output)</b>
- Sendmail compatibility feature that specifies the
+ Sendmail compatibility feature that specifies the
location of the <a href="newaliases.1.html"><b>newaliases</b>(1)</a> command.
<b><a href="postconf.5.html#mailq_path">mailq_path</a> (see 'postconf -d' output)</b>
the Postfix <a href="mailq.1.html"><b>mailq</b>(1)</a> command is installed.
<b><a href="postconf.5.html#html_directory">html_directory</a> (see 'postconf -d' output)</b>
- The location of Postfix HTML files that describe
+ The location of Postfix HTML files that describe
how to build, configure or operate a specific Post-
fix subsystem or feature.
Where the Postfix manual pages are installed.
<b><a href="postconf.5.html#readme_directory">readme_directory</a> (see 'postconf -d' output)</b>
- The location of Postfix README files that describe
+ The location of Postfix README files that describe
how to build, configure or operate a specific Post-
fix subsystem or feature.
Other configuration parameters:
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
<a href="master.5.html">master.cf</a> configuration files.
<b><a href="postconf.5.html#import_environment">import_environment</a> (see 'postconf -d' output)</b>
- The list of environment parameters that a Postfix
+ The list of environment parameters that a Postfix
process will import from a non-Postfix parent
process.
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
+ The mail system name that is prepended to the
+ process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
<b>FILES</b>
<a href="QSHAPE_README.html">QSHAPE_README</a>, Postfix queue analysis
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
tion is enabled.
<b><a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a> (noplaintext, noanonymous)</b>
- SASL security options; as of Postfix 2.3 the list
- of available features depends on the SASL client
- implementation that is selected with
- <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
+ Postfix SMTP client SASL security options; as of
+ Postfix 2.3 the list of available features depends
+ on the SASL client implementation that is selected
+
with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
Available in Postfix version 2.2 and later:
will use the appropriate credentials.
<b><a href="postconf.5.html#smtp_sasl_path">smtp_sasl_path</a> (empty)</b>
- Implementation-specific information that is passed
- through to the SASL plug-in implementation that is
- selected with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
+ Implementation-specific information that the Post-
+ fix SMTP client passes through to the SASL plug-in
+ implementation that is selected with
+ <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
<b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a> (cyrus)</b>
- The SASL plug-in type that the Postfix SMTP client
+ The SASL plug-in type that the Postfix SMTP client
should use for authentication.
<b>STARTTLS SUPPORT CONTROLS</b>
- Detailed information about STARTTLS configuration may be
+ Detailed information about STARTTLS configuration may be
found in the <a href="TLS_README.html">TLS_README</a> document.
<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> (empty)</b>
The default SMTP TLS security level for the Postfix
- SMTP client; when a non-empty value is specified,
- this overrides the obsolete parameters
+ SMTP client; when a non-empty value is specified,
+ this overrides the obsolete parameters
<a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>, <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>, and
<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>.
<b><a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a> ($<a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_secu</a>-</b>
<b><a href="postconf.5.html#smtp_sasl_security_options">rity_options</a>)</b>
- The SASL authentication security options that the
- Postfix SMTP client uses for TLS encrypted SMTP
+ The SASL authentication security options that the
+ Postfix SMTP client uses for TLS encrypted SMTP
sessions.
<b><a href="postconf.5.html#smtp_starttls_timeout">smtp_starttls_timeout</a> (300s)</b>
- Time limit for Postfix SMTP client write and read
- operations during TLS startup and shutdown hand-
+ Time limit for Postfix SMTP client write and read
+ operations during TLS startup and shutdown hand-
shake procedures.
<b><a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> (empty)</b>
- The file with the certificate of the certification
- authority (CA) that issued the Postfix SMTP client
+ The file with the certificate of the certification
+ authority (CA) that issued the Postfix SMTP client
certificate.
<b><a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> (empty)</b>
- Directory with PEM format certificate authority
- certificates that the Postfix SMTP client uses to
+ Directory with PEM format certificate authority
+ certificates that the Postfix SMTP client uses to
verify a remote SMTP server certificate.
<b><a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> (empty)</b>
- File with the Postfix SMTP client RSA certificate
+ File with the Postfix SMTP client RSA certificate
in PEM format.
<b><a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> (medium)</b>
- The minimum TLS cipher grade that the Postfix SMTP
+ The minimum TLS cipher grade that the Postfix SMTP
client will use with mandatory TLS encryption.
<b><a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> (empty)</b>
levels.
<b><a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> (empty)</b>
- Additional list of ciphers or cipher types to
- exclude from the SMTP client cipher list at manda-
+ Additional list of ciphers or cipher types to
+ exclude from the SMTP client cipher list at manda-
tory TLS security levels.
<b><a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> (empty)</b>
- File with the Postfix SMTP client DSA certificate
+ File with the Postfix SMTP client DSA certificate
in PEM format.
<b><a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a> ($<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>)</b>
- File with the Postfix SMTP client DSA private key
+ File with the Postfix SMTP client DSA private key
in PEM format.
<b><a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a> ($<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>)</b>
- File with the Postfix SMTP client RSA private key
+ File with the Postfix SMTP client RSA private key
in PEM format.
<b><a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a> (0)</b>
- Enable additional Postfix SMTP client logging of
+ Enable additional Postfix SMTP client logging of
TLS activity.
<b><a href="postconf.5.html#smtp_tls_note_starttls_offer">smtp_tls_note_starttls_offer</a> (no)</b>
- Log the hostname of a remote SMTP server that
- offers STARTTLS, when TLS is not already enabled
+ Log the hostname of a remote SMTP server that
+ offers STARTTLS, when TLS is not already enabled
for that server.
<b><a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> (empty)</b>
Optional lookup tables with the Postfix SMTP client
TLS security policy by next-hop destination; when a
- non-empty value is specified, this overrides the
+ non-empty value is specified, this overrides the
obsolete <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> parameter.
<b><a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> (SSLv3, TLSv1)</b>
- List of TLS protocols that the Postfix SMTP client
+ List of TLS protocols that the Postfix SMTP client
will use with mandatory TLS encryption.
<b><a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> (5)</b>
- The verification depth for remote SMTP server cer-
+ The verification depth for remote SMTP server cer-
tificates.
<b><a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> (nexthop, dot-nexthop)</b>
for the "secure" TLS security level.
<b><a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> (empty)</b>
- Name of the file containing the optional Postfix
+ Name of the file containing the optional Postfix
SMTP client TLS session cache.
<b><a href="postconf.5.html#smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a> (3600s)</b>
for the "verify" TLS security level.
<b><a href="postconf.5.html#tls_daemon_random_bytes">tls_daemon_random_bytes</a> (32)</b>
- The
number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a>
- or
<a href="smtpd.8.html"><b>smtpd</b>(8)</a> process requests from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a>
- server in order to seed its internal pseudo random
+ The
number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a>
+ or
<a href="smtpd.8.html"><b>smtpd</b>(8)</a> process requests from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a>
+ server in order to seed its internal pseudo random
number generator (PRNG).
<b><a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a></b>
ciphers.
<b><a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a> (ALL:!EXPORT:+RC4:@STRENGTH)</b>
- The OpenSSL cipherlist for "LOW" or higher grade
+ The OpenSSL cipherlist for "LOW" or higher grade
ciphers.
<b><a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> (ALL:+RC4:@STRENGTH)</b>
ciphers.
<b><a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> (eNULL:!aNULL)</b>
- The OpenSSL cipherlist for "NULL" grade ciphers
+ The OpenSSL cipherlist for "NULL" grade ciphers
that provide authentication without encryption.
Available in Postfix version 2.4 and later:
<b><a href="postconf.5.html#smtp_sasl_tls_verified_security_options">smtp_sasl_tls_verified_security_options</a></b>
<b>($<a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a>)</b>
- The SASL authentication security options that the
- Postfix SMTP client uses for TLS encrypted SMTP
+ The SASL authentication security options that the
+ Postfix SMTP client uses for TLS encrypted SMTP
sessions with a verified server certificate.
<b>OBSOLETE STARTTLS CONTROLS</b>
- The following configuration parameters exist for compati-
+ The following configuration parameters exist for compati-
bility with Postfix versions before 2.3. Support for these
will be removed in a future release.
<b><a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> (no)</b>
- Opportunistic mode: use TLS when a remote SMTP
- server announces STARTTLS support, otherwise send
+ Opportunistic mode: use TLS when a remote SMTP
+ server announces STARTTLS support, otherwise send
the mail in the clear.
<b><a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> (no)</b>
- Enforcement mode: require that remote SMTP servers
- use TLS encryption, and never send mail in the
+ Enforcement mode: require that remote SMTP servers
+ use TLS encryption, and never send mail in the
clear.
<b><a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> (yes)</b>
- With mandatory TLS encryption, require that the
+ With mandatory TLS encryption, require that the
remote SMTP server hostname matches the information
in the remote SMTP server certificate.
<b><a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> (empty)</b>
Optional lookup tables with the Postfix SMTP client
- TLS usage policy by next-hop destination and by
+ TLS usage policy by next-hop destination and by
remote SMTP server hostname.
<b><a href="postconf.5.html#smtp_tls_cipherlist">smtp_tls_cipherlist</a> (empty)</b>
<b>RESOURCE AND RATE CONTROLS</b>
<b><a href="postconf.5.html#smtp_destination_concurrency_limit">smtp_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destina</a>-</b>
<b><a href="postconf.5.html#default_destination_concurrency_limit">tion_concurrency_limit</a>)</b>
- The maximal number of parallel deliveries to the
- same destination via the smtp message delivery
+ The maximal number of parallel deliveries to the
+ same destination via the smtp message delivery
transport.
<b><a href="postconf.5.html#smtp_destination_recipient_limit">smtp_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destina</a>-</b>
<b><a href="postconf.5.html#default_destination_recipient_limit">tion_recipient_limit</a>)</b>
- The maximal number of recipients per delivery via
+ The maximal number of recipients per delivery via
the smtp message delivery transport.
<b><a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a> (30s)</b>
- The SMTP client time limit for completing a TCP
+ The SMTP client time limit for completing a TCP
connection, or zero (use the operating system
built-in time limit).
<b><a href="postconf.5.html#smtp_helo_timeout">smtp_helo_timeout</a> (300s)</b>
- The SMTP client time limit for sending the HELO or
- EHLO command, and for receiving the initial server
+ The SMTP client time limit for sending the HELO or
+ EHLO command, and for receiving the initial server
response.
<b><a href="postconf.5.html#lmtp_lhlo_timeout">lmtp_lhlo_timeout</a> (300s)</b>
- The LMTP client time limit for sending the LHLO
+ The LMTP client time limit for sending the LHLO
command, and for receiving the initial server
response.
command, and for receiving the server response.
<b><a href="postconf.5.html#smtp_mail_timeout">smtp_mail_timeout</a> (300s)</b>
- The SMTP client time limit for sending the MAIL
- FROM command, and for receiving the server
+ The SMTP client time limit for sending the MAIL
+ FROM command, and for receiving the server
response.
<b><a href="postconf.5.html#smtp_rcpt_timeout">smtp_rcpt_timeout</a> (300s)</b>
- The SMTP client time limit for sending the SMTP
- RCPT TO command, and for receiving the server
+ The SMTP client time limit for sending the SMTP
+ RCPT TO command, and for receiving the server
response.
<b><a href="postconf.5.html#smtp_data_init_timeout">smtp_data_init_timeout</a> (120s)</b>
- The SMTP client time limit for sending the SMTP
- DATA command, and for receiving the server
+ The SMTP client time limit for sending the SMTP
+ DATA command, and for receiving the server
response.
<b><a href="postconf.5.html#smtp_data_xfer_timeout">smtp_data_xfer_timeout</a> (180s)</b>
- The SMTP client time limit for sending the SMTP
+ The SMTP client time limit for sending the SMTP
message content.
<b><a href="postconf.5.html#smtp_data_done_timeout">smtp_data_done_timeout</a> (600s)</b>
- The SMTP client time limit for sending the SMTP
+ The SMTP client time limit for sending the SMTP
".", and for receiving the server response.
<b><a href="postconf.5.html#smtp_quit_timeout">smtp_quit_timeout</a> (300s)</b>
- The SMTP client time limit for sending the QUIT
+ The SMTP client time limit for sending the QUIT
command, and for receiving the server response.
Available in Postfix version 2.1 and later:
lookups, or zero (no limit).
<b><a href="postconf.5.html#smtp_mx_session_limit">smtp_mx_session_limit</a> (2)</b>
- The maximal number of SMTP sessions per delivery
- request before giving up or delivering to a fall-
+ The maximal number of SMTP sessions per delivery
+ request before giving up or delivering to a fall-
back <a href="postconf.5.html#relayhost">relay host</a>, or zero (no limit).
<b><a href="postconf.5.html#smtp_rset_timeout">smtp_rset_timeout</a> (20s)</b>
- The SMTP client time limit for sending the RSET
+ The SMTP client time limit for sending the RSET
command, and for receiving the server response.
Available in Postfix version 2.2 and earlier:
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> (empty)</b>
- Permanently enable SMTP connection caching for the
+ Permanently enable SMTP connection caching for the
specified destinations.
<b><a href="postconf.5.html#smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a> (yes)</b>
- Temporarily enable SMTP connection caching while a
+ Temporarily enable SMTP connection caching while a
destination has a high volume of mail in the active
queue.
<b><a href="postconf.5.html#smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a> (2s)</b>
When SMTP connection caching is enabled, the amount
- of time that an unused SMTP client socket is kept
+ of time that an unused SMTP client socket is kept
open before it is closed.
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#connection_cache_protocol_timeout">connection_cache_protocol_timeout</a> (5s)</b>
- Time limit for connection cache connect, send or
+ Time limit for connection cache connect, send or
receive operations.
<b>TROUBLE SHOOTING CONTROLS</b>
<b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
- The increment in verbose logging level when a
- remote client or server matches a pattern in the
+ The increment in verbose logging level when a
+ remote client or server matches a pattern in the
<a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
<b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
- Optional list of remote client or server hostname
- or network address patterns that cause the verbose
- logging level to increase by the amount specified
+ Optional list of remote client or server hostname
+ or network address patterns that cause the verbose
+ logging level to increase by the amount specified
in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
<b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b>
- The recipient of postmaster notifications about
- mail delivery problems that are caused by policy,
+ The recipient of postmaster notifications about
+ mail delivery problems that are caused by policy,
resource, software or protocol errors.
<b><a href="postconf.5.html#internal_mail_filter_classes">internal_mail_filter_classes</a> (empty)</b>
- What categories of Postfix-generated mail are sub-
- ject to before-queue content inspection by
+ What categories of Postfix-generated mail are sub-
+ ject to before-queue content inspection by
<a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>, <a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>.
<b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
- The list of error classes that are reported to the
+ The list of error classes that are reported to the
postmaster.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#best_mx_transport">best_mx_transport</a> (empty)</b>
- Where the Postfix SMTP client should deliver mail
+ Where the Postfix SMTP client should deliver mail
when it detects a "mail loops back to myself" error
condition.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
<a href="master.5.html">master.cf</a> configuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to
- handle a request before it is terminated by a
+ How much time a Postfix daemon process may take to
+ handle a request before it is terminated by a
built-in watchdog timer.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
- The maximal number of digits after the decimal
+ The maximal number of digits after the decimal
point when logging sub-second delay values.
<b><a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> (no)</b>
- Disable DNS lookups in the Postfix SMTP and LMTP
+ Disable DNS lookups in the Postfix SMTP and LMTP
clients.
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b>
tem receives mail on.
<b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (ipv4)</b>
- The Internet protocols Postfix will attempt to use
+ The Internet protocols Postfix will attempt to use
when making or accepting connections.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
over an internal communication channel.
<b><a href="postconf.5.html#lmtp_tcp_port">lmtp_tcp_port</a> (24)</b>
- The default TCP port that the Postfix LMTP client
+ The default TCP port that the Postfix LMTP client
connects to.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix
- daemon process waits for an incoming connection
+ The maximum amount of time that an idle Postfix
+ daemon process waits for an incoming connection
before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of incoming connections that a
- Postfix daemon process will service before termi-
+ The maximal number of incoming connections that a
+ Postfix daemon process will service before termi-
nating voluntarily.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
+ The process ID of a Postfix command or daemon
process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
+ The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b>
The network interface addresses that this mail sys-
- tem receives mail on by way of a proxy or network
+ tem receives mail on by way of a proxy or network
address translation unit.
<b><a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> (empty)</b>
- An optional numerical network address that the
- Postfix SMTP client should bind to when making an
+ An optional numerical network address that the
+ Postfix SMTP client should bind to when making an
IPv4 connection.
<b><a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> (empty)</b>
- An optional numerical network address that the
- Postfix SMTP client should bind to when making an
+ An optional numerical network address that the
+ Postfix SMTP client should bind to when making an
IPv6 connection.
<b><a href="postconf.5.html#smtp_helo_name">smtp_helo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
- The hostname to send in the SMTP EHLO or HELO com-
+ The hostname to send in the SMTP EHLO or HELO com-
mand.
<b><a href="postconf.5.html#lmtp_lhloname">lmtp_lhlo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
The hostname to send in the LMTP LHLO command.
<b><a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a> (dns)</b>
- What mechanisms when the Postfix SMTP client uses
+ What mechanisms when the Postfix SMTP client uses
to look up a host's IP address.
<b><a href="postconf.5.html#smtp_randomize_addresses">smtp_randomize_addresses</a> (yes)</b>
- Randomize the order of equal-preference MX host
+ Randomize the order of equal-preference MX host
addresses.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
+ The mail system name that is prepended to the
+ process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
Available with Postfix 2.2 and earlier:
<b><a href="postconf.5.html#fallback_relay">fallback_relay</a> (empty)</b>
- Optional list of relay hosts for SMTP destinations
+ Optional list of relay hosts for SMTP destinations
that can't be found or that are unreachable.
Available with Postfix 2.3 and later:
<b><a href="postconf.5.html#smtp_fallback_relay">smtp_fallback_relay</a> ($<a href="postconf.5.html#fallback_relay">fallback_relay</a>)</b>
- Optional list of relay hosts for SMTP destinations
+ Optional list of relay hosts for SMTP destinations
that can't be found or that are unreachable.
<b>SEE ALSO</b>
<a href="TLS_README.html">TLS_README</a>, Postfix STARTTLS howto
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
is specified.
<b><a href="postconf.5.html#smtpd_sasl_exceptions_networks">smtpd_sasl_exceptions_networks</a> (empty)</b>
- What SMTP clients Postfix will not offer AUTH sup-
- port to.
+ What remote SMTP clients the Postfix SMTP server
+ will not offer AUTH support to.
Available in Postfix version 2.2 and later:
server.
<b><a href="postconf.5.html#smtpd_sasl_local_domain">smtpd_sasl_local_domain</a> (empty)</b>
- The name of the local SASL authentication realm.
+ The name of the Postfix SMTP server's local SASL
+ authentication realm.
<b><a href="postconf.5.html#smtpd_sasl_security_options">smtpd_sasl_security_options</a> (noanonymous)</b>
- SASL security options; as of Postfix 2.3 the list
- of available features depends on the SASL server
- implementation that is selected with
- <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b>.
+ Postfix SMTP server SASL security options; as of
+ Postfix 2.3 the list of available features depends
+ on the SASL server implementation that is selected
+
with <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b>.
<b><a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a> (empty)</b>
- Optional lookup table with the SASL login names
+ Optional lookup table with the SASL login names
that own sender (MAIL FROM) addresses.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtpd_sasl_exceptions_networks">smtpd_sasl_exceptions_networks</a> (empty)</b>
- What SMTP clients Postfix will not offer AUTH sup-
- port to.
+ What remote SMTP clients the Postfix SMTP server
+ will not offer AUTH support to.
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#smtpd_sasl_authenticated_header">smtpd_sasl_authenticated_header</a> (no)</b>
- Report the SASL authenticated user name in the
+ Report the SASL authenticated user name in the
<a href="smtpd.8.html"><b>smtpd</b>(8)</a> Received message header.
<b><a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a> (smtpd)</b>
- Implementation-specific information that is passed
- through to the SASL plug-in implementation that is
- selected with <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b>.
+ Implementation-specific information that the Post-
+ fix SMTP server passes through to the SASL plug-in
+ implementation that is selected with
+ <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b>.
<b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a> (cyrus)</b>
The SASL plug-in type that the Postfix SMTP server
.IP "\fBtcp\fR (read-only)"
Perform lookups using a simple request-reply protocol that is
described in \fBtcp_table\fR(5).
-This feature is not included with Postfix 2.2.
+This feature is not included with the stable Postfix release.
.IP "\fBunix\fR (read-only)"
A limited way to query the UNIX authentication database. The
following tables are implemented:
.IP \fBreload\fR
Re-read configuration files. Running processes terminate at their
earliest convenience.
+.IP \fBstatus\fR
+Indicate if the Postfix mail system is currently running.
.IP "\fBset-permissions\fR \fB[\fIname\fR=\fIvalue ...\fB]\fR
Set the ownership and permissions of Postfix related files and
directories, as specified in the \fBpostfix-files\fR file.
.PP
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
+.SH detect_8bit_encoding_header (default: yes)
+Automatically detect 8BITMIME body content by looking at
+Content-Transfer-Encoding: message headers; historically, this
+behavior was hard-coded to be "always on".
+.PP
+This feature is available in Postfix 2.5 and later.
.SH disable_dns_lookups (default: no)
Disable DNS lookups in the Postfix SMTP and LMTP clients. When
disabled, hosts are looked up with the getaddrinfo() system
The Postfix SMTP client opens the lookup table before going to
chroot jail, so you can leave the password file in /etc/postfix.
.SH smtp_sasl_path (default: empty)
-Implementation-specific information that is passed through to
+Implementation-specific information that the Postfix SMTP client
+passes through to
the SASL plug-in implementation that is selected with
\fBsmtp_sasl_type\fR. Typically this specifies the name of a
configuration file or rendezvous point.
.PP
This feature is available in Postfix 2.3 and later.
.SH smtp_sasl_security_options (default: noplaintext, noanonymous)
-SASL security options; as of Postfix 2.3 the list of available
+Postfix SMTP client SASL security options; as of Postfix 2.3
+the list of available
features depends on the SASL client implementation that is selected
with \fBsmtp_sasl_type\fR.
.PP
One major application is for implementing per-recipient UCE control.
See the RESTRICTION_CLASS_README document for other examples.
.SH smtpd_sasl_application_name (default: smtpd)
-The application name used for SASL server initialization. This
+The application name that the Postfix SMTP server uses for SASL
+server initialization. This
controls the name of the SASL configuration file. The default value
is \fBsmtpd\fR, corresponding to a SASL configuration file named
\fBsmtpd.conf\fR.
.PP
This feature is available in Postfix 2.3 and later.
.SH smtpd_sasl_exceptions_networks (default: empty)
-What SMTP clients Postfix will not offer AUTH support to.
+What remote SMTP clients the Postfix SMTP server will not offer
+AUTH support to.
.PP
Some clients (Netscape 4 at least) have a bug that causes them to
require a login and password whenever AUTH is offered, whether it's
.PP
This feature is available in Postfix 2.1 and later.
.SH smtpd_sasl_local_domain (default: empty)
-The name of the local SASL authentication realm.
+The name of the Postfix SMTP server's local SASL authentication
+realm.
.PP
By default, the local authentication realm name is the null string.
.PP
.ad
.ft R
.SH smtpd_sasl_path (default: smtpd)
-Implementation-specific information that is passed through to
+Implementation-specific information that the Postfix SMTP server
+passes through to
the SASL plug-in implementation that is selected with
\fBsmtpd_sasl_type\fR. Typically this specifies the name of a
configuration file or rendezvous point.
This feature is available in Postfix 2.3 and later. In earlier
releases it was called smtpd_sasl_application.
.SH smtpd_sasl_security_options (default: noanonymous)
-SASL security options; as of Postfix 2.3 the list of available
+Postfix SMTP server SASL security options; as of Postfix 2.3
+the list of available
features depends on the SASL server implementation that is selected
with \fBsmtpd_sasl_type\fR.
.PP
.IP "\fBstrict_mime_encoding_domain (no)\fR"
Reject mail with invalid Content-Transfer-Encoding: information
for the message/* or multipart/* MIME content types.
+.PP
+Available in Postfix version 2.5 and later:
+.IP "\fBdetect_8bit_encoding_header (yes)\fR"
+Automatically detect 8BITMIME body content by looking at
+Content-Transfer-Encoding: message headers; historically, this
+behavior was hard-coded to be "always on".
.SH "AUTOMATIC BCC RECIPIENT CONTROLS"
.na
.nf
The \fBD\fR flag also enforces loop detection (Postfix 2.5 and later):
if a message already contains a \fBDelivered-To:\fR header
with the same recipient address, then the message is
-returned as undeliverable.
+returned as undeliverable. The address comparison is case
+insensitive.
.sp
This feature is available as of Postfix 2.0.
.IP \fBF\fR
per remote hostname or domain, or sender address when sender-dependent
authentication is enabled.
.IP "\fBsmtp_sasl_security_options (noplaintext, noanonymous)\fR"
-SASL security options; as of Postfix 2.3 the list of available
+Postfix SMTP client SASL security options; as of Postfix 2.3
+the list of available
features depends on the SASL client implementation that is selected
with \fBsmtp_sasl_type\fR.
.PP
caching to ensure that mail from different senders will use the
appropriate credentials.
.IP "\fBsmtp_sasl_path (empty)\fR"
-Implementation-specific information that is passed through to
+Implementation-specific information that the Postfix SMTP client
+passes through to
the SASL plug-in implementation that is selected with
\fBsmtp_sasl_type\fR.
.IP "\fBsmtp_sasl_type (cyrus)\fR"
sender addresses, even when no explicit reject_unlisted_sender
access restriction is specified.
.IP "\fBsmtpd_sasl_exceptions_networks (empty)\fR"
-What SMTP clients Postfix will not offer AUTH support to.
+What remote SMTP clients the Postfix SMTP server will not offer
+AUTH support to.
.PP
Available in Postfix version 2.2 and later:
.IP "\fBsmtpd_discard_ehlo_keyword_address_maps (empty)\fR"
.IP "\fBsmtpd_sasl_auth_enable (no)\fR"
Enable SASL authentication in the Postfix SMTP server.
.IP "\fBsmtpd_sasl_local_domain (empty)\fR"
-The name of the local SASL authentication realm.
+The name of the Postfix SMTP server's local SASL authentication
+realm.
.IP "\fBsmtpd_sasl_security_options (noanonymous)\fR"
-SASL security options; as of Postfix 2.3 the list of available
+Postfix SMTP server SASL security options; as of Postfix 2.3
+the list of available
features depends on the SASL server implementation that is selected
with \fBsmtpd_sasl_type\fR.
.IP "\fBsmtpd_sender_login_maps (empty)\fR"
.PP
Available in Postfix version 2.1 and later:
.IP "\fBsmtpd_sasl_exceptions_networks (empty)\fR"
-What SMTP clients Postfix will not offer AUTH support to.
+What remote SMTP clients the Postfix SMTP server will not offer
+AUTH support to.
.PP
Available in Postfix version 2.3 and later:
.IP "\fBsmtpd_sasl_authenticated_header (no)\fR"
Report the SASL authenticated user name in the \fBsmtpd\fR(8) Received
message header.
.IP "\fBsmtpd_sasl_path (smtpd)\fR"
-Implementation-specific information that is passed through to
+Implementation-specific information that the Postfix SMTP server
+passes through to
the SASL plug-in implementation that is selected with
\fBsmtpd_sasl_type\fR.
.IP "\fBsmtpd_sasl_type (cyrus)\fR"
s;\bdelay_warn[-</bB>]*\n*[ <bB>]*ing_time\b;<a href="postconf.5.html#delay_warning_time">$&</a>;g;
s;\bdeliver_lock_attempts\b;<a href="postconf.5.html#deliver_lock_attempts">$&</a>;g;
s;\bdeliver_lock_delay\b;<a href="postconf.5.html#deliver_lock_delay">$&</a>;g;
+ s;\bdetect_8bit_encoding_header\b;<a href="postconf.5.html#detect_8bit_encoding_header">$&</a>;g;
s;\bdisable_dns_lookups\b;<a href="postconf.5.html#disable_dns_lookups">$&</a>;g;
s;\bdisable_mime_input_processing\b;<a href="postconf.5.html#disable_mime_input_processing">$&</a>;g;
s;\bdisable_mime_output_conversion\b;<a href="postconf.5.html#disable_mime_output_conversion">$&</a>;g;
<blockquote>
<pre>
1 /etc/postfix/master.cf:
- 2 policy unix - n n - - spawn
+ 2 policy unix - n n - 0 spawn
3 user=nobody argv=/some/where/policy-server
4
5 /etc/postfix/main.cf:
the parameter is the name of the master.cf entry ("policy")
concatenated with the "_time_limit" suffix. </p>
+<li> <p> Line 2: specify a "0" process limit instead of the default
+"-", to avoid "connection refused" and other problems when the smtpd
+process limit exceeds the default_process_limit setting. </p>
+
<li> <p> Lines 8, 9: always specify "check_policy_service" AFTER
"reject_unauth_destination" or else your system could become an
open relay. </p>
<blockquote>
<pre>
1 /etc/postfix/master.cf:
- 2 127.0.0.1:9998 inet n n n - - spawn
+ 2 127.0.0.1:9998 inet n n n - 0 spawn
3 user=nobody argv=/some/where/policy-server
4
5 /etc/postfix/main.cf:
<blockquote>
<pre>
1 /etc/postfix/master.cf:
-2 policy unix - n n - - spawn
+2 policy unix - n n - 0 spawn
3 user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
4
5 /etc/postfix/main.cf:
the parameter is the name of the master.cf entry ("policy")
concatenated with the "_time_limit" suffix. </p>
+<li> <p> Line 2: specify a "0" process limit instead of the default
+"-", to avoid "connection refused" and other problems when the smtpd
+process limit exceeds the default_process_limit setting. </p>
+
</ul>
<p> On Solaris you must use inet: style sockets instead of unix:
<blockquote>
<pre>
1 /etc/postfix/master.cf:
-2 127.0.0.1:9998 inet n n n - - spawn
+2 127.0.0.1:9998 inet n n n - 0 spawn
3 user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
4
5 /etc/postfix/main.cf:
%PARAM smtp_sasl_security_options noplaintext, noanonymous
-<p> SASL security options; as of Postfix 2.3 the list of available
+<p> Postfix SMTP client SASL security options; as of Postfix 2.3
+the list of available
features depends on the SASL client implementation that is selected
with <b>smtp_sasl_type</b>. </p>
%PARAM smtpd_sasl_exceptions_networks
<p>
-What SMTP clients Postfix will not offer AUTH support to.
+What remote SMTP clients the Postfix SMTP server will not offer
+AUTH support to.
</p>
<p>
%PARAM smtpd_sasl_local_domain
<p>
-The name of the local SASL authentication realm.
+The name of the Postfix SMTP server's local SASL authentication
+realm.
</p>
<p>
%PARAM smtpd_sasl_security_options noanonymous
-<p> SASL security options; as of Postfix 2.3 the list of available
+<p> Postfix SMTP server SASL security options; as of Postfix 2.3
+the list of available
features depends on the SASL server implementation that is selected
with <b>smtpd_sasl_type</b>. </p>
%PARAM smtpd_sasl_application_name smtpd
<p>
-The application name used for SASL server initialization. This
+The application name that the Postfix SMTP server uses for SASL
+server initialization. This
controls the name of the SASL configuration file. The default value
is <b>smtpd</b>, corresponding to a SASL configuration file named
<b>smtpd.conf</b>.
%PARAM smtpd_sasl_path smtpd
-<p> Implementation-specific information that is passed through to
+<p> Implementation-specific information that the Postfix SMTP server
+passes through to
the SASL plug-in implementation that is selected with
<b>smtpd_sasl_type</b>. Typically this specifies the name of a
configuration file or rendezvous point. </p>
%PARAM smtp_sasl_path
-<p> Implementation-specific information that is passed through to
+<p> Implementation-specific information that the Postfix SMTP client
+passes through to
the SASL plug-in implementation that is selected with
<b>smtp_sasl_type</b>. Typically this specifies the name of a
configuration file or rendezvous point. </p>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.4 and later. </p>
+
+%PARAM detect_8bit_encoding_header yes
+
+<p> Automatically detect 8BITMIME body content by looking at
+Content-Transfer-Encoding: message headers; historically, this
+behavior was hard-coded to be "always on". </p>
+
+<p> This feature is available in Postfix 2.5 and later. </p>
/* .IP "\fBstrict_mime_encoding_domain (no)\fR"
/* Reject mail with invalid Content-Transfer-Encoding: information
/* for the message/* or multipart/* MIME content types.
+/* .PP
+/* Available in Postfix version 2.5 and later:
+/* .IP "\fBdetect_8bit_encoding_header (yes)\fR"
+/* Automatically detect 8BITMIME body content by looking at
+/* Content-Transfer-Encoding: message headers; historically, this
+/* behavior was hard-coded to be "always on".
/* AUTOMATIC BCC RECIPIENT CONTROLS
/* .ad
/* .fi
char *var_milt_eod_macros; /* end-of-data macros */
char *var_milt_unk_macros; /* unknown command macros */
char *var_cleanup_milters; /* non-SMTP mail */
+int var_auto_8bit_enc_hdr; /* auto-detect 8bit encoding header */
CONFIG_INT_TABLE cleanup_int_table[] = {
VAR_HOPCOUNT_LIMIT, DEF_HOPCOUNT_LIMIT, &var_hopcount_limit, 1, 0,
CONFIG_BOOL_TABLE cleanup_bool_table[] = {
VAR_ENABLE_ORCPT, DEF_ENABLE_ORCPT, &var_enable_orcpt,
VAR_VERP_BOUNCE_OFF, DEF_VERP_BOUNCE_OFF, &var_verp_bounce_off,
+ VAR_AUTO_8BIT_ENC_HDR, DEF_AUTO_8BIT_ENC_HDR, &var_auto_8bit_enc_hdr,
0,
};
DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX);
if (*var_cleanup_milters)
cleanup_milters = milter_create(var_cleanup_milters,
- var_milt_conn_time,
- var_milt_cmd_time,
- var_milt_msg_time,
- var_milt_protocol,
- var_milt_def_action,
- var_milt_conn_macros,
- var_milt_helo_macros,
- var_milt_mail_macros,
- var_milt_rcpt_macros,
- var_milt_data_macros,
- var_milt_eod_macros,
- var_milt_unk_macros);
+ var_milt_conn_time,
+ var_milt_cmd_time,
+ var_milt_msg_time,
+ var_milt_protocol,
+ var_milt_def_action,
+ var_milt_conn_macros,
+ var_milt_helo_macros,
+ var_milt_mail_macros,
+ var_milt_rcpt_macros,
+ var_milt_data_macros,
+ var_milt_eod_macros,
+ var_milt_unk_macros);
flush_init();
}
while (ISSPACE(*hdrval))
hdrval++;
/* trimblanks(hdrval, 0)[0] = 0; */
- if (hdr_opts->type == HDR_CONTENT_TRANSFER_ENCODING) {
+ if (var_auto_8bit_enc_hdr
+ && hdr_opts->type == HDR_CONTENT_TRANSFER_ENCODING) {
for (cmp = code_map; cmp->name != 0; cmp++) {
if (strcasecmp(hdrval, cmp->name) == 0) {
if (strcmp(cmp->encoding, MAIL_ATTR_ENC_8BIT) == 0)
sys_exits.c timed_ipc.c tok822_find.c tok822_node.c tok822_parse.c \
tok822_resolve.c tok822_rewrite.c tok822_tree.c trace.c \
user_acl.c valid_mailhost_addr.c verify.c verify_clnt.c \
- verp_sender.c wildcard_inet_addr.c xtext.c delivered_hdr.c
+ verp_sender.c wildcard_inet_addr.c xtext.c delivered_hdr.c \
+ fold_addr.c
OBJS = abounce.o anvil_clnt.o been_here.o bounce.o bounce_log.o \
canon_addr.o cfg_parser.o cleanup_strerror.o cleanup_strflags.o \
clnt_stream.o conv_time.o db_common.o debug_peer.o debug_process.o \
sys_exits.o timed_ipc.o tok822_find.o tok822_node.o tok822_parse.o \
tok822_resolve.o tok822_rewrite.o tok822_tree.o trace.o \
user_acl.o valid_mailhost_addr.o verify.o verify_clnt.o \
- verp_sender.o wildcard_inet_addr.o xtext.o delivered_hdr.o
+ verp_sender.o wildcard_inet_addr.o xtext.o delivered_hdr.o \
+ fold_addr.o
HDRS = abounce.h anvil_clnt.h been_here.h bounce.h bounce_log.h \
canon_addr.h cfg_parser.h cleanup_user.h clnt_stream.h config.h \
conv_time.h db_common.h debug_peer.h debug_process.h defer.h \
rewrite_clnt.h scache.h sent.h smtp_stream.h split_addr.h \
string_list.h strip_addr.h sys_exits.h timed_ipc.h tok822.h \
trace.h user_acl.h valid_mailhost_addr.h verify.h verify_clnt.h \
- verp_sender.h wildcard_inet_addr.h xtext.h delivered_hdr.h
+ verp_sender.h wildcard_inet_addr.h xtext.h delivered_hdr.h \
+ fold_addr.h
TESTSRC = rec2stream.c stream2rec.c recdump.c
DEFS = -I. -I$(INC_DIR) -D$(SYSTYPE)
CFLAGS = $(DEBUG) $(OPT) $(DEFS)
delivered_hdr.o: ../../include/vstring_vstream.h
delivered_hdr.o: delivered_hdr.c
delivered_hdr.o: delivered_hdr.h
+delivered_hdr.o: fold_addr.h
delivered_hdr.o: header_opts.h
delivered_hdr.o: is_header.h
delivered_hdr.o: quote_822_local.h
flush_clnt.o: mail_params.h
flush_clnt.o: mail_proto.h
flush_clnt.o: match_parent_style.h
+fold_addr.o: ../../include/stringops.h
+fold_addr.o: ../../include/sys_defs.h
+fold_addr.o: ../../include/vbuf.h
+fold_addr.o: ../../include/vstring.h
+fold_addr.o: fold_addr.c
+fold_addr.o: fold_addr.h
header_opts.o: ../../include/htable.h
header_opts.o: ../../include/msg.h
header_opts.o: ../../include/stringops.h
mail_params.o: ../../include/msg.h
mail_params.o: ../../include/msg_syslog.h
mail_params.o: ../../include/myaddrinfo.h
+mail_params.o: ../../include/mymalloc.h
mail_params.o: ../../include/safe.h
+mail_params.o: ../../include/safe_open.h
mail_params.o: ../../include/stringops.h
mail_params.o: ../../include/sys_defs.h
mail_params.o: ../../include/valid_hostname.h
mail_params.o: ../../include/vbuf.h
mail_params.o: ../../include/vstream.h
mail_params.o: ../../include/vstring.h
+mail_params.o: ../../include/vstring_vstream.h
mail_params.o: mail_conf.h
mail_params.o: mail_params.c
mail_params.o: mail_params.h
/* SYNOPSIS
/* #include <delivered_hdr.h>
/*
-/* DELIVERED_HDR_INFO *delivered_hdr_init(stream, offset)
+/* DELIVERED_HDR_INFO *delivered_hdr_init(stream, offset, flags)
/* VSTREAM *stream;
/* off_t offset;
+/* int flags;
/*
/* int delivered_hdr_find(info, address)
/* DELIVERED_HDR_INFO *info;
/* The open queue file.
/* .IP offset
/* Offset of the first message content record.
+/* .IP flags
+/* Zero, or the bit-wise OR ot:
+/* .RS
+/* .IP FOLD_ADDR_USER
+/* Case fold the address local part.
+/* .IP FOLD_ADDR_HOST
+/* Case fold the address domain part.
+/* .IP FOLD_ADDR_ALL
+/* Alias for (FOLD_ADDR_USER | FOLD_ADDR_HOST).
+/* .RE
/* .IP info
/* Extracted Delivered-To: addresses information.
/* .IP address
#include <quote_822_local.h>
#include <header_opts.h>
#include <delivered_hdr.h>
+#include <fold_addr.h>
/*
* Application-specific.
*/
struct DELIVERED_HDR_INFO {
+ int flags;
VSTRING *buf;
HTABLE *table;
};
/* delivered_hdr_init - extract delivered-to information from the message */
-DELIVERED_HDR_INFO *delivered_hdr_init(VSTREAM *fp, off_t offset)
+DELIVERED_HDR_INFO *delivered_hdr_init(VSTREAM *fp, off_t offset, int flags)
{
char *cp;
DELIVERED_HDR_INFO *info;
HEADER_OPTS *hdr;
+ /*
+ * Sanity check.
+ */
info = (DELIVERED_HDR_INFO *) mymalloc(sizeof(*info));
+ info->flags = flags;
info->buf = vstring_alloc(10);
info->table = htable_create(0);
cp = STR(info->buf) + strlen(hdr->name) + 1;
while (ISSPACE(*cp))
cp++;
- lowercase(cp);
+ if (info->flags & FOLD_ADDR_ALL)
+ fold_addr(cp, info->flags);
if (msg_verbose)
msg_info("delivered_hdr_init: %s", cp);
htable_enter(info->table, cp, (char *) 0);
* up the recipient. Lowercase the delivered-to address for consistency.
*/
quote_822_local(info->buf, address);
- lowercase(STR(info->buf));
+ if (info->flags & FOLD_ADDR_ALL)
+ fold_addr(STR(info->buf), info->flags);
ht = htable_locate(info->table, STR(info->buf));
return (ht != 0);
}
*/
#include <vstream.h>
+ /*
+ * Global library.
+ */
+#include <fold_addr.h>
+
/*
* External interface.
*/
typedef struct DELIVERED_HDR_INFO DELIVERED_HDR_INFO;
-extern DELIVERED_HDR_INFO *delivered_hdr_init(VSTREAM *, off_t);
+extern DELIVERED_HDR_INFO *delivered_hdr_init(VSTREAM *, off_t, int);
extern int delivered_hdr_find(DELIVERED_HDR_INFO *, const char *);
extern void delivered_hdr_free(DELIVERED_HDR_INFO *);
--- /dev/null
+/*++
+/* NAME
+/* fold_addr 3
+/* SUMMARY
+/* address case folding
+/* SYNOPSIS
+/* #include <fold_addr.h>
+/*
+/* char *fold_addr(addr, flags)
+/* char *addr;
+/* int flags;
+/* DESCRIPTION
+/* fold_addr() case folds an address according to the options
+/* specified with \fIflags\fR. The result value is the address
+/* argument.
+/*
+/* Arguments
+/* .IP addr
+/* Null-terminated writable string with the address.
+/* .IP flags
+/* Zero or the bit-wise OR of:
+/* .RS
+/* .IP FOLD_ADDR_USER
+/* Case fold the address local part.
+/* .IP FOLD_ADDR_HOST
+/* Case fold the address domain part.
+/* .IP FOLD_ADDR_ALL
+/* Alias for (FOLD_ADDR_USER | FOLD_ADDR_HOST).
+/* .RE
+/* SEE ALSO
+/* msg(3) diagnostics interface
+/* DIAGNOSTICS
+/* Fatal errors: memory allocation problem.
+/* LICENSE
+/* .ad
+/* .fi
+/* The Secure Mailer license must be distributed with this software.
+/* AUTHOR(S)
+/* Wietse Venema
+/* IBM T.J. Watson Research
+/* P.O. Box 704
+/* Yorktown Heights, NY 10598, USA
+/*--*/
+
+/* System library. */
+
+#include <sys_defs.h>
+#include <string.h>
+
+/* Utility library. */
+
+#include <stringops.h>
+
+/* Global library. */
+
+#include <fold_addr.h>
+
+/* fold_addr - case fold mail address */
+
+char *fold_addr(char *addr, int flags)
+{
+ char *cp;
+
+ /*
+ * Fold the address as appropriate.
+ */
+ switch (flags & FOLD_ADDR_ALL) {
+ case FOLD_ADDR_HOST:
+ if ((cp = strrchr(addr, '@')) != 0)
+ lowercase(cp + 1);
+ break;
+ case FOLD_ADDR_USER:
+ if ((cp = strrchr(addr, '@')) != 0) {
+ *cp = 0;
+ lowercase(addr);
+ *cp = '@';
+ break;
+ }
+ /* FALLTHROUGH */
+ case FOLD_ADDR_USER | FOLD_ADDR_HOST:
+ lowercase(addr);
+ break;
+ }
+ return (addr);
+}
--- /dev/null
+#ifndef _FOLD_ADDR_H_INCLUDED_
+#define _FOLD_ADDR_H_INCLUDED_
+
+/*++
+/* NAME
+/* fold_addr 3h
+/* SUMMARY
+/* address case folding
+/* SYNOPSIS
+/* #include <fold_addr.h>
+/* DESCRIPTION
+/* .nf
+
+ /*
+ * External interface.
+ */
+#define FOLD_ADDR_USER (1<<0)
+#define FOLD_ADDR_HOST (1<<1)
+
+#define FOLD_ADDR_ALL (FOLD_ADDR_USER | FOLD_ADDR_HOST)
+
+extern char *fold_addr(char *, int);
+
+/* LICENSE
+/* .ad
+/* .fi
+/* The Secure Mailer license must be distributed with this software.
+/* AUTHOR(S)
+/* Wietse Venema
+/* IBM T.J. Watson Research
+/* P.O. Box 704
+/* Yorktown Heights, NY 10598, USA
+/*--*/
+
+#endif
/* .IP MAIL_COPY_DELIVERED
/* Prepend a Delivered-To: header with the name of the
/* \fIdelivered\fR attribute.
+/* The address is quoted according to RFC822 rules.
/* .IP MAIL_COPY_ORIG_RCPT
/* Prepend an X-Original-To: header with the original
/* envelope recipient address.
#include <pwd.h>
#include <grp.h>
#include <time.h>
+#include <ctype.h>
#ifdef STRCASECMP_IN_STRINGS_H
#include <strings.h>
#include <valid_hostname.h>
#include <stringops.h>
#include <safe.h>
+#include <safe_open.h>
+#include <mymalloc.h>
#ifdef HAS_DB
#include <dict_db.h>
#endif
#include <inet_proto.h>
+#include <vstring_vstream.h>
/* Global library. */
(long) var_sgid_gid);
}
+#ifdef MYORIGIN_FROM_FILE
+
+/* read_param_from_file - read parameter value from file */
+
+static char *read_param_from_file(const char *path)
+{
+ VSTRING *why = vstring_alloc(100);
+ VSTRING *buf = vstring_alloc(100);
+ VSTREAM *fp;
+ char *bp;
+ char *result;
+
+ /*
+ * Ugly macros to make complex expressions less unreadable.
+ */
+#define SKIP(start, var, cond) \
+ for (var = start; *var && (cond); var++);
+
+#define TRIM(s) { \
+ char *p; \
+ for (p = (s) + strlen(s); p > (s) && ISSPACE(p[-1]); p--); \
+ *p = 0; \
+ }
+
+ fp = safe_open(path, O_RDONLY, 0, (struct stat *) 0, -1, -1, why);
+ if (fp == 0)
+ msg_fatal("%s: %s", path, vstring_str(why));
+ vstring_get_nonl(buf, fp);
+ if (vstream_ferror(fp)) /* FIX 20070501 */
+ msg_fatal("%s: read error: %m", path);
+ vstream_fclose(fp);
+ SKIP(vstring_str(buf), bp, ISSPACE(*bp));
+ TRIM(bp);
+ result = mystrdup(bp);
+
+ vstring_free(why);
+ vstring_free(buf);
+ return (result);
+}
+
+#endif
+
/* mail_params_init - configure built-in parameters */
void mail_params_init()
/*
* Variables that are needed by almost every program.
+ *
+ * XXX Reading the myorigin value from file is originally a Debian Linux
+ * feature. This code is not enabled by default because of problems: 1)
+ * it re-implements its own parameter syntax checks, and 2) it does not
+ * implement $name expansions.
*/
get_mail_conf_str_table(other_str_defaults);
+#ifdef MYORIGIN_FROM_FILE
+ if (*var_myorigin == '/') {
+ char *origin = read_param_from_file(var_myorigin);
+
+ if (*origin == 0)
+ msg_fatal("%s file %s is empty", VAR_MYORIGIN, var_myorigin);
+ myfree(var_myorigin); /* FIX 20070501 */
+ var_myorigin = origin;
+ }
+#endif
get_mail_conf_int_table(other_int_defaults);
get_mail_conf_bool_table(bool_defaults);
get_mail_conf_time_table(time_defaults);
#define DEF_STRICT_ENCODING 0
extern bool var_strict_encoding;
+#define VAR_AUTO_8BIT_ENC_HDR "detect_8bit_encoding_header"
+#define DEF_AUTO_8BIT_ENC_HDR 1
+extern int var_auto_8bit_enc_hdr;
+
/*
* Bizarre.
*/
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20070423"
+#define MAIL_RELEASE_DATE "20070501"
#define MAIL_VERSION_NUMBER "2.5"
#ifdef SNAPSHOT
* - Is this installation mixing multiple Postfix versions?
*
* - What Postfix version generated this core dump?
+ *
+ * To find out: strings -f file... | grep mail_version=
*/
#include <string.h>
alias.o: ../../include/dsn.h
alias.o: ../../include/dsn_buf.h
alias.o: ../../include/dsn_mask.h
+alias.o: ../../include/fold_addr.h
alias.o: ../../include/htable.h
alias.o: ../../include/mail_params.h
alias.o: ../../include/maps.h
command.o: ../../include/dsn.h
command.o: ../../include/dsn_buf.h
command.o: ../../include/dsn_util.h
+command.o: ../../include/fold_addr.h
command.o: ../../include/htable.h
command.o: ../../include/mac_parse.h
command.o: ../../include/mail_copy.h
deliver_attr.o: ../../include/dict.h
deliver_attr.o: ../../include/dsn.h
deliver_attr.o: ../../include/dsn_buf.h
+deliver_attr.o: ../../include/fold_addr.h
deliver_attr.o: ../../include/htable.h
deliver_attr.o: ../../include/maps.h
deliver_attr.o: ../../include/mbox_conf.h
dotforward.o: ../../include/dsn_buf.h
dotforward.o: ../../include/dsn_mask.h
dotforward.o: ../../include/ext_prop.h
+dotforward.o: ../../include/fold_addr.h
dotforward.o: ../../include/htable.h
dotforward.o: ../../include/iostuff.h
dotforward.o: ../../include/lstat_as.h
file.o: ../../include/dsn.h
file.o: ../../include/dsn_buf.h
file.o: ../../include/dsn_util.h
+file.o: ../../include/fold_addr.h
file.o: ../../include/htable.h
file.o: ../../include/mail_copy.h
file.o: ../../include/mail_params.h
forward.o: ../../include/dsn.h
forward.o: ../../include/dsn_buf.h
forward.o: ../../include/dsn_mask.h
+forward.o: ../../include/fold_addr.h
forward.o: ../../include/htable.h
forward.o: ../../include/iostuff.h
forward.o: ../../include/mail_date.h
include.o: ../../include/dsn.h
include.o: ../../include/dsn_buf.h
include.o: ../../include/ext_prop.h
+include.o: ../../include/fold_addr.h
include.o: ../../include/htable.h
include.o: ../../include/iostuff.h
include.o: ../../include/mail_params.h
indirect.o: ../../include/dict.h
indirect.o: ../../include/dsn.h
indirect.o: ../../include/dsn_buf.h
+indirect.o: ../../include/fold_addr.h
indirect.o: ../../include/htable.h
indirect.o: ../../include/mail_params.h
indirect.o: ../../include/maps.h
local.o: ../../include/dsn_buf.h
local.o: ../../include/ext_prop.h
local.o: ../../include/flush_clnt.h
+local.o: ../../include/fold_addr.h
local.o: ../../include/htable.h
local.o: ../../include/iostuff.h
local.o: ../../include/mail_addr.h
local_expand.o: ../../include/dict.h
local_expand.o: ../../include/dsn.h
local_expand.o: ../../include/dsn_buf.h
+local_expand.o: ../../include/fold_addr.h
local_expand.o: ../../include/htable.h
local_expand.o: ../../include/mac_expand.h
local_expand.o: ../../include/mac_parse.h
mailbox.o: ../../include/dsn.h
mailbox.o: ../../include/dsn_buf.h
mailbox.o: ../../include/dsn_util.h
+mailbox.o: ../../include/fold_addr.h
mailbox.o: ../../include/htable.h
mailbox.o: ../../include/iostuff.h
mailbox.o: ../../include/mail_copy.h
maildir.o: ../../include/dsn.h
maildir.o: ../../include/dsn_buf.h
maildir.o: ../../include/dsn_util.h
+maildir.o: ../../include/fold_addr.h
maildir.o: ../../include/get_hostname.h
maildir.o: ../../include/htable.h
maildir.o: ../../include/mail_copy.h
recipient.o: ../../include/dsn.h
recipient.o: ../../include/dsn_buf.h
recipient.o: ../../include/ext_prop.h
+recipient.o: ../../include/fold_addr.h
recipient.o: ../../include/htable.h
recipient.o: ../../include/mail_params.h
recipient.o: ../../include/maps.h
resolve.o: ../../include/dict.h
resolve.o: ../../include/dsn.h
resolve.o: ../../include/dsn_buf.h
+resolve.o: ../../include/fold_addr.h
resolve.o: ../../include/htable.h
resolve.o: ../../include/iostuff.h
resolve.o: ../../include/mail_params.h
token.o: ../../include/dict.h
token.o: ../../include/dsn.h
token.o: ../../include/dsn_buf.h
+token.o: ../../include/fold_addr.h
token.o: ../../include/htable.h
token.o: ../../include/mail_params.h
token.o: ../../include/maps.h
unknown.o: ../../include/dict.h
unknown.o: ../../include/dsn.h
unknown.o: ../../include/dsn_buf.h
+unknown.o: ../../include/fold_addr.h
unknown.o: ../../include/htable.h
unknown.o: ../../include/iostuff.h
unknown.o: ../../include/mail_addr.h
state.msg_attr.request = rqst;
RESET_OWNER_ATTR(state.msg_attr, state.level);
RESET_USER_ATTR(usr_attr, state.level);
- state.loop_info = delivered_hdr_init(rqst->fp, rqst->data_offset);
+ state.loop_info = delivered_hdr_init(rqst->fp, rqst->data_offset,
+ FOLD_ADDR_ALL);
state.request = rqst;
/*
pipe.o: ../../include/dsn_buf.h
pipe.o: ../../include/dsn_util.h
pipe.o: ../../include/flush_clnt.h
+pipe.o: ../../include/fold_addr.h
pipe.o: ../../include/htable.h
pipe.o: ../../include/iostuff.h
pipe.o: ../../include/mac_parse.h
/* The \fBD\fR flag also enforces loop detection (Postfix 2.5 and later):
/* if a message already contains a \fBDelivered-To:\fR header
/* with the same recipient address, then the message is
-/* returned as undeliverable.
+/* returned as undeliverable. The address comparison is case
+/* insensitive.
/* .sp
/* This feature is available as of Postfix 2.0.
/* .IP \fBF\fR
#include <dsn_buf.h>
#include <sys_exits.h>
#include <delivered_hdr.h>
+#include <fold_addr.h>
/* Single server skeleton. */
* Additional flags. These are colocated with mail_copy() flags. Allow some
* space for extension of the mail_copy() interface.
*/
-#define PIPE_OPT_FOLD_USER (1<<16)
-#define PIPE_OPT_FOLD_HOST (1<<17)
-#define PIPE_OPT_QUOTE_LOCAL (1<<18)
+#define PIPE_OPT_FOLD_BASE (16)
+#define PIPE_OPT_FOLD_USER (FOLD_ADDR_USER << PIPE_OPT_FOLD_BASE)
+#define PIPE_OPT_FOLD_HOST (FOLD_ADDR_HOST << PIPE_OPT_FOLD_BASE)
+#define PIPE_OPT_QUOTE_LOCAL (PIPE_OPT_FOLD_BASE << 2)
-#define PIPE_OPT_FOLD_FLAGS (PIPE_OPT_FOLD_USER | PIPE_OPT_FOLD_HOST)
+#define PIPE_OPT_FOLD_ALL (FOLD_ADDR_ALL << PIPE_OPT_FOLD_BASE)
+#define PIPE_OPT_FOLD_FLAGS(f) \
+ (((f) & PIPE_OPT_FOLD_ALL) >> PIPE_OPT_FOLD_BASE)
/*
* Tunable parameters. Values are taken from the config file, after
static void morph_recipient(VSTRING *buf, const char *address, int flags)
{
- char *cp;
/*
* Quote the recipient address as appropriate.
/*
* Fold the recipient address as appropriate.
*/
- switch (flags & PIPE_OPT_FOLD_FLAGS) {
- case PIPE_OPT_FOLD_HOST:
- if ((cp = strrchr(STR(buf), '@')) != 0)
- lowercase(cp + 1);
- break;
- case PIPE_OPT_FOLD_USER:
- if ((cp = strrchr(STR(buf), '@')) != 0) {
- *cp = 0;
- lowercase(STR(buf));
- *cp = '@';
- break;
- }
- /* FALLTHROUGH */
- case PIPE_OPT_FOLD_USER | PIPE_OPT_FOLD_HOST:
- lowercase(STR(buf));
- break;
- }
+ if (flags & PIPE_OPT_FOLD_ALL)
+ fold_addr(STR(buf), PIPE_OPT_FOLD_FLAGS(flags));
}
/* expand_argv - expand macros in the argument vector */
*/
if (state.expand_flag & PIPE_FLAG_USER) {
morph_recipient(buf, rcpt_list->info[i].address,
- flags & PIPE_OPT_FOLD_FLAGS);
+ flags & PIPE_OPT_FOLD_ALL);
if (split_at_right(STR(buf), '@') == 0)
msg_warn("no @ in recipient address: %s",
rcpt_list->info[i].address);
*/
if (state.expand_flag & PIPE_FLAG_EXTENSION) {
morph_recipient(buf, rcpt_list->info[i].address,
- flags & PIPE_OPT_FOLD_FLAGS);
+ flags & PIPE_OPT_FOLD_ALL);
if (split_at_right(STR(buf), '@') == 0)
msg_warn("no @ in recipient address: %s",
rcpt_list->info[i].address);
*/
if (state.expand_flag & PIPE_FLAG_MAILBOX) {
morph_recipient(buf, rcpt_list->info[i].address,
- flags & PIPE_OPT_FOLD_FLAGS);
+ flags & PIPE_OPT_FOLD_ALL);
if (split_at_right(STR(buf), '@') == 0)
msg_warn("no @ in recipient address: %s",
rcpt_list->info[i].address);
*/
if (state.expand_flag & PIPE_FLAG_DOMAIN) {
morph_recipient(buf, rcpt_list->info[i].address,
- flags & PIPE_OPT_FOLD_FLAGS);
+ flags & PIPE_OPT_FOLD_ALL);
dom = split_at_right(STR(buf), '@');
if (dom == 0) {
msg_warn("no @ in recipient address: %s",
if (request->rcpt_list.len > 1)
msg_panic("%s: delivered-to enabled with multi-recipient request",
myname);
- info = delivered_hdr_init(request->fp, request->data_offset);
+ info = delivered_hdr_init(request->fp, request->data_offset,
+ FOLD_ADDR_ALL);
rcpt = request->rcpt_list.info;
loop_found = delivered_hdr_find(info, rcpt->address);
delivered_hdr_free(info);
/* .IP "\fBtcp\fR (read-only)"
/* Perform lookups using a simple request-reply protocol that is
/* described in \fBtcp_table\fR(5).
-/* This feature is not included with Postfix 2.2.
+/* This feature is not included with the stable Postfix release.
/* .IP "\fBunix\fR (read-only)"
/* A limited way to query the UNIX authentication database. The
/* following tables are implemented:
/* .IP \fBreload\fR
/* Re-read configuration files. Running processes terminate at their
/* earliest convenience.
+/* .IP \fBstatus\fR
+/* Indicate if the Postfix mail system is currently running.
/* .IP "\fBset-permissions\fR \fB[\fIname\fR=\fIvalue ...\fB]\fR
/* Set the ownership and permissions of Postfix related files and
/* directories, as specified in the \fBpostfix-files\fR file.
/*
* If peer went away, give up.
*/
- if (errno == ECONNRESET || errno == ECONNABORTED) {
+ if (errno != 0 && errno != ENOTSOCK) {
state->name = mystrdup(CLIENT_NAME_UNKNOWN);
state->addr = mystrdup(CLIENT_ADDR_UNKNOWN);
state->rfc_addr = mystrdup(CLIENT_ADDR_UNKNOWN);
/*
* Convert the client address to printable address and hostname.
+ *
+ * XXX If we're given an IPv6 (or IPv4) connection from, e.g., inetd, while
+ * Postfix IPv6 (or IPv4) support is turned off, don't (skip to the final
+ * else clause, pretend the origin is localhost[127.0.0.1], and become an
+ * open relay).
*/
else if (errno == 0
- && strchr((char *) proto_info->sa_family_list, sa->sa_family)) {
+ && (sa->sa_family == AF_INET
+#ifdef AF_INET6
+ || sa->sa_family == AF_INET6
+#endif
+ )) {
MAI_HOSTNAME_STR client_name;
MAI_HOSTADDR_STR client_addr;
int aierr;
char *colonp;
+ /*
+ * Sanity check: we can't use sockets that we're not configured for.
+ */
+ if (strchr((char *) proto_info->sa_family_list, sa->sa_family) == 0)
+ msg_fatal("cannot handle socket type %s with \"%s = %s\"",
+ sa->sa_family == AF_INET6 ? "AF_INET6" :
+ sa->sa_family == AF_INET ? "AF_INET" :
+ "other", VAR_INET_PROTOCOLS, var_inet_protocols);
+
/*
* Sorry, but there are some things that we just cannot do while
* connected to the network.
/* per remote hostname or domain, or sender address when sender-dependent
/* authentication is enabled.
/* .IP "\fBsmtp_sasl_security_options (noplaintext, noanonymous)\fR"
-/* SASL security options; as of Postfix 2.3 the list of available
+/* Postfix SMTP client SASL security options; as of Postfix 2.3
+/* the list of available
/* features depends on the SASL client implementation that is selected
/* with \fBsmtp_sasl_type\fR.
/* .PP
/* caching to ensure that mail from different senders will use the
/* appropriate credentials.
/* .IP "\fBsmtp_sasl_path (empty)\fR"
-/* Implementation-specific information that is passed through to
+/* Implementation-specific information that the Postfix SMTP client
+/* passes through to
/* the SASL plug-in implementation that is selected with
/* \fBsmtp_sasl_type\fR.
/* .IP "\fBsmtp_sasl_type (cyrus)\fR"
/* sender addresses, even when no explicit reject_unlisted_sender
/* access restriction is specified.
/* .IP "\fBsmtpd_sasl_exceptions_networks (empty)\fR"
-/* What SMTP clients Postfix will not offer AUTH support to.
+/* What remote SMTP clients the Postfix SMTP server will not offer
+/* AUTH support to.
/* .PP
/* Available in Postfix version 2.2 and later:
/* .IP "\fBsmtpd_discard_ehlo_keyword_address_maps (empty)\fR"
/* .IP "\fBsmtpd_sasl_auth_enable (no)\fR"
/* Enable SASL authentication in the Postfix SMTP server.
/* .IP "\fBsmtpd_sasl_local_domain (empty)\fR"
-/* The name of the local SASL authentication realm.
+/* The name of the Postfix SMTP server's local SASL authentication
+/* realm.
/* .IP "\fBsmtpd_sasl_security_options (noanonymous)\fR"
-/* SASL security options; as of Postfix 2.3 the list of available
+/* Postfix SMTP server SASL security options; as of Postfix 2.3
+/* the list of available
/* features depends on the SASL server implementation that is selected
/* with \fBsmtpd_sasl_type\fR.
/* .IP "\fBsmtpd_sender_login_maps (empty)\fR"
/* .PP
/* Available in Postfix version 2.1 and later:
/* .IP "\fBsmtpd_sasl_exceptions_networks (empty)\fR"
-/* What SMTP clients Postfix will not offer AUTH support to.
+/* What remote SMTP clients the Postfix SMTP server will not offer
+/* AUTH support to.
/* .PP
/* Available in Postfix version 2.3 and later:
/* .IP "\fBsmtpd_sasl_authenticated_header (no)\fR"
/* Report the SASL authenticated user name in the \fBsmtpd\fR(8) Received
/* message header.
/* .IP "\fBsmtpd_sasl_path (smtpd)\fR"
-/* Implementation-specific information that is passed through to
+/* Implementation-specific information that the Postfix SMTP server
+/* passes through to
/* the SASL plug-in implementation that is selected with
/* \fBsmtpd_sasl_type\fR.
/* .IP "\fBsmtpd_sasl_type (cyrus)\fR"
/*
* If peer went away, give up.
*/
- if (errno == ECONNRESET || errno == ECONNABORTED) {
+ if (errno != 0 && errno != ENOTSOCK) {
state->name = mystrdup(CLIENT_NAME_UNKNOWN);
state->reverse_name = mystrdup(CLIENT_NAME_UNKNOWN);
state->addr = mystrdup(CLIENT_ADDR_UNKNOWN);
/*
* Convert the client address to printable address and hostname.
+ *
+ * XXX If we're given an IPv6 (or IPv4) connection from, e.g., inetd, while
+ * Postfix IPv6 (or IPv4) support is turned off, don't (skip to the final
+ * else clause, pretend the origin is localhost[127.0.0.1], and become an
+ * open relay).
*/
else if (errno == 0
- && strchr((char *) proto_info->sa_family_list, sa->sa_family)) {
+ && (sa->sa_family == AF_INET
+#ifdef AF_INET6
+ || sa->sa_family == AF_INET6
+#endif
+ )) {
MAI_HOSTNAME_STR client_name;
MAI_HOSTADDR_STR client_addr;
int aierr;
char *colonp;
+ /*
+ * Sanity check: we can't use sockets that we're not configured for.
+ */
+ if (strchr((char *) proto_info->sa_family_list, sa->sa_family) == 0)
+ msg_fatal("cannot handle socket type %s with \"%s = %s\"",
+ sa->sa_family == AF_INET6 ? "AF_INET6" :
+ sa->sa_family == AF_INET ? "AF_INET" :
+ "other", VAR_INET_PROTOCOLS, var_inet_protocols);
+
/*
* Sorry, but there are some things that we just cannot do while
* connected to the network.
static char *shared_template; /* shared template */
static VSTRING *start_string; /* dump content prefix */
+static INET_PROTO_INFO *proto_info;
+
#define SOFT_ERROR_RESP "450 4.3.0 Error: command failed"
#define HARD_ERROR_RESP "500 5.3.0 Error: command failed"
if (++client_count == max_client_count)
event_disable_readwrite(sock);
state = (SINK_STATE *) mymalloc(sizeof(*state));
- SOCKADDR_TO_HOSTADDR(&sa, len, &state->client_addr,
- (MAI_SERVPORT_STR *) 0, sa.sa_family);
+ if (strchr((char *) proto_info->sa_family_list, sa.sa_family))
+ SOCKADDR_TO_HOSTADDR(&sa, len, &state->client_addr,
+ (MAI_SERVPORT_STR *) 0, sa.sa_family);
+ else
+ strncpy(state->client_addr.buf, "local", sizeof("local"));
if (msg_verbose)
msg_info("connect (%s %s)",
#ifdef AF_LOCAL
int backlog;
int ch;
const char *protocols = INET_PROTO_NAME_ALL;
- INET_PROTO_INFO *proto_info;
const char *root_dir = 0;
const char *user_privs = 0;
* socket. Turning on keepalives will fix a blocking socket provided that
* the kernel's keepalive timer expires before the Postfix watchdog
* timer.
+ *
+ * XXX Work around NAT induced damage by sending a keepalive before an idle
+ * connection is expired. This requires that the kernel keepalive timer
+ * is set to a short time, like 100s.
*/
-#if defined(BROKEN_READ_SELECT_ON_TCP_SOCKET) && defined(SO_KEEPALIVE)
else if (sa && (sa->sa_family == AF_INET
#ifdef HAS_IPV6
|| sa->sa_family == AF_INET6
(void) setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE,
(char *) &on, sizeof(on));
}
-#endif
return (fd);
}
* socket. Turning on keepalives will fix a blocking socket provided that
* the kernel's keepalive timer expires before the Postfix watchdog
* timer.
+ *
+ * XXX Work around NAT induced damage by sending a keepalive before an idle
+ * connection is expired. This requires that the kernel keepalive timer
+ * is set to a short time, like 100s.
*/
-#if defined(BROKEN_READ_SELECT_ON_TCP_SOCKET) && defined(SO_KEEPALIVE)
if (sa->sa_family == AF_INET) {
int on = 1;
(void) setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE,
(char *) &on, sizeof(on));
}
-#endif
return (connect(sock, sa, len));
}
static const char *xsasl_dovecot_server_get_username(XSASL_SERVER *);
/* xsasl_dovecot_server_connect - initial auth server handshake */
-
+
static int xsasl_dovecot_server_connect(XSASL_DOVECOT_SERVER_IMPL *xp)
{
const char *myname = "xsasl_dovecot_server_connect";
projects / thirdparty / postfix.git / commitdiff
