Cleanup: INFO action in access(5) tables, for consistency
with header/body_checks. Viktor Dukhovni. Files:
smtpd/smtpd_check.c, proto/access.
+
+20140619
+
+ Cleanup: process LaMont Jones feedback for shared-library
+ and database-plugin builds. Changes: 1) move non-executable
+ files from $daemon_directory to the default $config_directory
+ (postfix-files*, dynamicmaps.cf*, main.cf.proto/master.cf.proto
+ for multi-instance support); 2) add foo.so -> foo.so.version
+ symlinks; 3) change $shlib_directory and $plugin_directory
+ defaults to /usr/lib/postfix to reduce sprawl. Files:
+ conf/main.cf.proto, conf/master.cf.proto, conf/postfix-files.proto,
+ conf/post-install, conf/postmulti-script, makedefs,
+ postfix-install, proto/INSTALL.html, global/dynamicmaps.c,
+ global/dynamicmaps.h, global/mail_dict.c, global/mail_params.h,
+ postmulti/postmulti.c.
+
+ Bugfix (introduced: 2001): qmqpd null pointer bug when it
+ logs a lost connection while not in a mail transaction.
+ Reported by Michal Adamek. File: qmqpd/qmqpd.c.
+
+ Cleanup: filter non-printable characters in X509 subject
+ or issuer names. Viktor Dukhovni. File: tls/tls_server.c.
+
+20140620
+
+ Cleanup: for compliance with file system policies, some
+ files have been moved from $daemon-directory to the directory
+ specified with the new meta_directory parameter which has
+ the same default value as config_directory. This change
+ affects non-executable files that are shared among multiple
+ Postfix instances, such as postfix-files, dynamicmaps.cf,
+ and multi-instance template files.
+
+ For backwards compatibility with Postfix 2.6..2.11, specify
+ "meta_directory = $daemon_directory" in main.cf before
+ installing Postfix, or specify "meta_directory = /path/name"
+ on the "make makefiles", "make install" or "make upgrade"
+ command line.
+
+ Files: Makefile.in, RELEASE_NOTES, conf/post-install,
+ conf/postfix-files.proto, conf/postmulti-script, makedefs,
+ mantools/postlink, postfix-install, proto/INSTALL.html,
+ proto/postconf.proto, global/mail_params.c, global/mail_params.h,
+ postfix/postfix.c, postmulti/postmulti.c.
+
+ Feature: check_xxx_a_access (for xxx in client, reverse_client,
+ helo, sender, recipient) implements access control on all
+ A and AAAA IP addresses for the client hostname, helo
+ parameter, sender domain or recipient domain. Some spam has
+ sender domains with the same IP address but different MX
+ hosts. Files: global/mail_params.h, smtpd/smtpd_check.c,
+ proto/postconf.proto.
+
+20140622
+
+ Cleanup: eliminated plugin_directory to reduce configuration
+ parameter sprawl. Files: Makefile.in, RELEASE_NOTES,
+ conf/post-install, conf/postfix-files.proto, conf/postfix-script,
+ conf/postmulti-script, makedefs, mantools/postlink,
+ postfix-install, proto/INSTALL.html, proto/postconf.proto,
+ global/Makefile.in, global/mail_dict.c, global/mail_params.c,
+ global/mail_params.h, global/mail_version.h, postfix/postfix.c,
+ postmulti/postmulti.c, smtpd/smtpd_check.c, util/Makefile.in.
+
+20140623
+
+ Cleanup: eliminated the use of Postfix release versions as
+ file name suffixes for shared libraries, database plugins
+ and dynamicmaps.cf. The shared-library version suffixes
+ were fighting against assumptions and conventions in run-time
+ linkers, including the assumption that ABIs are preserved
+ from one version to the next. The Postfix version can now
+ be embedded in the shlib_directory parameter. As this is
+ sufficient to permit upgrade of a running Postfix system
+ without risking that old binaries will link against newer
+ shared objects, we no longer need a version suffix for
+ dynamicmaps.cf. Files: Makefile.in, RELEASE_NOTES,
+ conf/postfix-files.proto, makedefs, proto/INSTALL.html,
+ proto/postconf.proto, global/mail_params.h, global/mail_version.h,
+
+20140624
+
+ Cleanup: the commands "make (makefiles|install|upgrade|package)
+ parameter=value" now replace the string MAIL_VERSION in a
+ configuration parameter value with the Postfix release
+ version. Unfortunately, the more obvious approach, a
+ parameter value with the unexpanded '$mail_version', produces
+ inconsistent results with different make implementations.
+ Files: makedefs, Makefile.in, postfix-install, proto/INSTALL.html,
+ proto/PACKAGE_README.html
+
+ Cleanup: postmulti now requires "postmulti -e init" before
+ accepting other multi-instance requests. Viktor Dukhovni.
+ File: conf/postmulti-script.
+
+20140625
+
+ Kludge: moved dict_db_cache_size away from dict_db.c in
+ preparation for Berkeley DB database plugin support (a
+ similar kludge was implemented for LMDB). Files:
+ util/dict_db.[hc], util/dict_test.c, global/mail_params.c.
+
+ Cleanup: don't leak build directory information via SHLIB_ENV
+ in makedefs.out. Files: Makefile.in, conf/postfix-files.
of Linux, FreeBSD and MacOS X. Shared-library builds may become the default at
some point in the future.
+Overview of topics:
+
+ * 4.3.1 Turning on Postfix shared-library support
+ * 4.3.2 Turning on Postfix database-plugin support
+ * 4.3.3 Customizing Postfix shared libraries and database plugins
+ * 4.4.4 Tips for distribution maintainers
+
+Note: directories with Postfix shared libraries or database plugins should
+contain only postfix-related files. Postfix shared libraries and database
+plugins should not be installed in a "public" system directory such as /usr/lib
+or /usr/local/lib. Linking Postfix shared-library or database-plugin files into
+non-Postfix programs is not supported. Postfix shared libraries and database
+plugins implement a Postfix-internal API that changes without maintaining
+compatibility.
+
+4.3.1 Turning on Postfix shared-library support
+
Postfix can be built with Postfix shared libraries (files typically named
-libpostfix-*.so.*). Postfix shared libraries add minor run-time overhead and
+libpostfix-*.so). Postfix shared libraries add minor run-time overhead and
result in significantly-smaller Postfix executable files.
Specify "shared=yes" on the "make makefiles" command line to build Postfix with
shared-library support.
$ make makefiles shared=yes ...other arguments...
- $ make makefiles shared=no ...other arguments...
$ make
-This defaults to installing shared libraries in /usr/local/lib, typically with
-names like libpostfix-name.so.version, where the name is a source-code
-directory name such as "util" or "global", and the version is the Postfix
-version: x.y.z for stable releases, x.y-date for snapshot (development)
-releases, or x.y-date-nonprod for non-production releases.
+(Specify "make makefiles shared=no" to explicitly disable Postfix shared-
+library support).
-To override the default location or shared-library version, specify, for
-example:
+This installs shared libraries in $shlib_directory, typically, /usr/lib/
+postfix/version or /usr/local/lib/postfix/version, with names like libpostfix-
+name.so, where the name is a source-code directory name such as "util" or
+"global", and the version is the Postfix release version: x.y.z for stable
+releases, x.y-date for snapshot (development) releases, or x.y-date-nonprod for
+non-production releases.
- $ make makefiles shared=yes shlib_directory=/usr/lib \
- SHLIB_VERSION=1 ...other arguments...
+See section 4.3.3 "Customizing Postfix shared libraries and database plugins"
+below for how to customize the Postfix shared-library location and version.
-You can change the shlib_directory setting after Postfix is built, with "make
-install" or "make upgrade". However, you may have to run ldconfig if you change
-shlib_directory after Postfix is built and install the libpostfix-*.so.* files
-in a non-system directory. No ldconfig is needed if you keep the libpostfix-
-*.so.* files in the compiled-in default $shlib_directory location.
+4.3.2 Turning on Postfix database-plugin support
Additionally, Postfix can be built to support dynamic loading of Postfix
-database clients with the Debian-style dynamicmaps feature. Postfix 2.12
-supports dynamic loading of cdb:, ldap:, lmdb:, mysql:, pcre:, pgsql:, sdbm:,
-and sqlite: database clients. Dynamic loading is useful when you distribute or
-install pre-compiled Postfix packages.
+database clients (database plugins) with the Debian-style dynamicmaps feature.
+Postfix 2.12 supports dynamic loading of cdb:, ldap:, lmdb:, mysql:, pcre:,
+pgsql:, sdbm:, and sqlite: database clients. Dynamic loading is useful when you
+distribute or install pre-compiled Postfix packages.
Specify "dynamicmaps=yes" on the "make makefiles" command line to build Postfix
-with support to dynamically load Postfix database clients (database plugins)
-with the Debian-style dynamicmaps feature.
+with support to dynamically load Postfix database clients with the Debian-style
+dynamicmaps feature.
$ make makefiles dynamicmaps=yes ...other arguments...
- $ make makefiles dynamicmaps=no ...other arguments...
$ make
-This implicitly enables shared-library support, and defaults to installing
-dynamicmaps.cf and database plugins in /usr/libexec/postfix. Database plugins
-are typically named postfix-type.so.version where the type is a database type
-such as "cdb" or "ldap", and where the version is the same as for Postfix
-shared libraries. The installed dynamicmaps.cf configuration file is given a
-suffix with the same version.
+(Specify "make makefiles dynamicmaps=no" to explicitly disable Postfix
+database-plugin support).
+
+This implicitly enables shared-library support, installs the configuration file
+dynamicmaps.cf in $meta_directory (usually, /etc/postfix or /usr/local/etc/
+postfix), and installs database plugins in $shlib_directory (see above).
+Database plugins are named postfix-type.so where the type is a database type
+such as "cdb" or "ldap".
NOTE: The Postfix 2.12 build procedure expects that you specify database
library dependencies with variables named AUXLIBS_CDB, AUXLIBS_LDAP, etc.
dependencies. And that was exactly what dynamic database client loading was
meant to avoid.
-To override the default location or shared-library version, specify, for
-example:
+See the next section for how to customize the location and version of Postfix
+database plugins and the location of the file dynamicmaps.cf.
+
+4.3.3 Customizing Postfix shared libraries and database plugins
+
+Customizing the location of Postfix shared libraries and database plugins
- % make makefiles dynamicmaps=yes plugin_directory=/usr/lib/postfix \
- SHLIB_VERSION=1 ...
+As a reminder, the directories with Postfix shared libraries or database
+plugins should contain only Postfix-related files. Linking these files into
+other programs is not supported.
-You can also override the plugin_directory setting after Postfix is built, with
-"make install" or "make upgrade". In this case, there is no need to run the
-ldconfig command.
+To override the default location of Postfix shared libraries and database
+plugins specify, for example:
-Tips for distribution maintainers:
+ $ make makefiles shared=yes shlib_directory=/usr/local/lib/postfix ...
- * The postfix-install procedure creates a compatibility symlink
- dynamicmaps.cf -> dynamicmaps.cf.version (as well as a symlink
- dynamicmaps.cf.d -> dynamicmaps.cf.version.d; more on that below). It is
- therefore safe to use "unversioned" configuration file names when
- installing or deinstalling a database plugin. However, Postfix itself will
- use the "versioned" names, to allow minor upgrades to happen without having
- to stop Postfix.
+If you intend to upgrade Postfix without stopping the mail system, then you
+should append the Postfix release version to the shlib_directory pathname, to
+eliminate the possibility that programs from the old Postfix version will link
+with files from the new Postfix version. For example:
- * The configuration file dynamicmaps.cf.version will automatically include
- files under the directory dynamicmaps.cf.d.version, just like the
- configuration file postfix-files will automatically include files under the
- directory postfix-files.d. Thanks to this, you don't have to edit postfix-
- files or dynamicmaps.cf, when installing or deinstalling a database plugin
- package. Instead, each plugin can have its own configuration file.
+ $ make makefiles shared=yes \
+ shlib_directory=/usr/local/lib/postfix/MAIL_VERSION ...
- * The plugin_directory setting provides the default directory for shared-
- library objects with a relative pathname in the file
- dynamicmaps.cf.version.
+The command "make makefiles name=value..." will replace the string MAIL_VERSION
+in a configuration parameter value with the Postfix release version. Do not try
+to specify something like $mail_version on this command line. This produces
+inconsistent results with different versions of the make(1) command.
+
+You can change the shlib_directory setting after Postfix is built, with "make
+install" or "make upgrade". However, you may have to run ldconfig if you change
+shlib_directory after Postfix is built (the symptom is that Postfix programs
+fail because the run-time linker cannot find the files libpostfix-*.so). No
+ldconfig command is needed if you keep the files libpostfix-*.so in the
+compiled-in default $shlib_directory location.
- * Each configuration file under the directory dynamicmaps.cf.d.version must
- have a name that ends in ".cf" and must have the same format as the file
- dynamicmaps.cf.version.
+ # make upgrade shlib_directory=/usr/local/lib/postfix ...
+ # make install shlib_directory=/usr/local/lib/postfix ...
- * The directory dynamicmaps.cf.d.version is the default directory for shared-
- library objects with a relative pathname in the files
- dynamicmaps.cf.d.version/*.cf. Thus, the directory dynamicmaps.cf.d.version
- may contain both configuration files and shared-library object files.
- Hence, the requirement that configuration file names must end in ".cf".
+To append the Postfix release version to the pathname if you intend to upgrade
+Postfix without stopping the mail system:
+
+ # make upgrade shlib_directory=/usr/local/lib/postfix/MAIL_VERSION ...
+ # make install shlib_directory=/usr/local/lib/postfix/MAIL_VERSION ...
+
+See also the comments above for appending MAIL_VERSION with the "make
+makefiles" command.
+
+Customizing the location of dynamicmaps.cf and other files
+
+The meta_directory parameter has the same default setting as the
+config_directory parameter, typically /etc/postfix or /usr/local/etc/postfix.
+
+You can override the default meta_directory location at compile time or after
+Postfix is built. To override the default location at compile time specify, for
+example:
+
+ % make makefiles meta_directory=/usr/libexec/postfix ...
+
+Here is a tip if you want to make a pathname dependent on the Postfix release
+version: the command "make makefiles name=value..." will replace the string
+MAIL_VERSION in a configuration parameter value with the Postfix release
+version. Do not try to specify something like $mail_version on this command
+line. This produces inconsistent results with different versions of the make(1)
+command.
+
+You can override the meta_directory setting after Postfix is built, with "make
+install" or "make upgrade".
+
+ # make upgrade meta_directory=/usr/libexec/postfix ...
+ # make install meta_directory=/usr/libexec/postfix ...
+
+As with the command "make makefiles, the command "make install/upgrade
+name=value..." will replace the string MAIL_VERSION in a configuration
+parameter value with the Postfix release version. Do not try to specify
+something like $mail_version on this command line. This produces inconsistent
+results with different versions of the make(1) command.
+
+4.4.4 Tips for distribution maintainers
+
+ * The shlib_directory parameter setting also provides the default directory
+ for database plugin files with a relative pathname in the file
+ dynamicmaps.cf.
+
+ * The meta_directory parameter specifies the location of the files
+ dynamicmaps.cf, postfix-files, and some multi-instance template files. The
+ meta_directory parameter has the same default value as the config_directory
+ parameter (typically, /etc/postfix or /usr/local/etc/postfix). For
+ backwards compatibility with Postfix 2.6 .. 2.11, specify "meta_directory =
+ $daemon_directory" in main.cf before installing or upgrading Postfix, or
+ specify "meta_directory = /path/name" on the "make makefiles", "make
+ install" or "make upgrade" command line.
+
+ * The configuration file dynamicmaps.cf will automatically include files
+ under the directory dynamicmaps.cf.d, just like the configuration file
+ postfix-files will automatically include files under the directory postfix-
+ files.d. Thanks to this, you can install or deinstall a database plugin
+ package without having to edit postfix-files or dynamicmaps.cf. Instead,
+ you give that plugin its own configuration files dynamicmaps.cf.d and
+ postfix-files.d, and you add or remove those configuration files along with
+ the database plugin shared object.
+
+ * Each configuration file under the directory dynamicmaps.cf.d must have the
+ same format as the configuration file dynamicmaps.cf. There is no
+ requirement that these configuration file *names* have a specific format.
* Each configuration file under the directory postfix-files.d must have the
same format as the configuration file postfix-files. There is no
- requirement that these configuration file names have a specific format.
+ requirement that these configuration file *names* have a specific format.
4.4 - Building with optional features
$ make makefiles config_directory=/some/where ...other arguments...
$ make
+The command "make makefiles name=value ..." will replace the string
+MAIL_VERSION in a configuration parameter value with the Postfix release
+version. Do not try to specify something like $mail_version on this command
+line. This produces inconsistent results with different versions of the make(1)
+command.
+
Parameters whose defaults can be specified in this way are listed below. See
the postconf(5) manpage for a description (command: "nroff -man man/man5/
postconf.5 | less").
|_____________________|____________________|
|manpage_directory |/usr/local/man |
|_____________________|____________________|
- |newaliases_path |/usr/bin/newaliases |
+ |meta_directory |/etc/postfix |
|_____________________|____________________|
- |plugin_directory |/usr/libexec/postfix|
+ |newaliases_path |/usr/bin/newaliases |
|_____________________|____________________|
|queue_directory |/var/spool/postfix |
|_____________________|____________________|
|_____________________|____________________|
|sendmail_path |/usr/sbin/sendmail |
|_____________________|____________________|
- |shlib_directory |/usr/local/lib |
+ |shlib_directory |/usr/lib/postfix |
|_____________________|____________________|
4.5.2 - All Postfix versions
|Name/Value |Description |
|______________________________|______________________________________________|
| |Specifies one or more non-default object |
-| |libraries. Postfix 2,12 and later specify some|
+| |libraries. Postfix 2.12 and later specify some|
| |of their database library dependencies with |
|AUXLIBS="object_library..." |AUXLIBS_CDB, AUXLIBS_LDAP, AUXLIBS_LMDB, |
| |AUXLIBS_MYSQL, AUXLIBS_PCRE, AUXLIBS_PGSQL, |
|OPT=optimization_level |The default is -O. Specify OPT= to turn off |
| |optimization. |
|______________________________|______________________________________________|
-| |Specifies a non-default Postfix shared-library|
-| |version number. The default is to use the |
-|SHLIB_VERSION=version |Postfix version: X.Y.Z for stable releases, |
-| |X.Y-DATE for snapshot releases, X.Y-DATE- |
-| |nonprod for non-production releases. |
-|______________________________|______________________________________________|
| |Specifies non-default gcc compiler warning |
|WARN="warning_flags..." |options for use when "make" is invoked in a |
| |source subdirectory only. |
file from a previous installation. If the file does not exist, use
interactive installation ("make install") instead.
+ * If you specify name=value arguments on the "make install" or "make upgrade"
+ command line, then these will take precedence over compiled-in default
+ settings or main.cf settings.
+
+ The command "make install/upgrade name=value ..." will replace the string
+ MAIL_VERSION in a configuration parameter value with the Postfix release
+ version. Do not try to specify something like $mail_version on this command
+ line. This produces inconsistent results with different versions of the
+ make(1) command.
+
6.4 - Configure Postfix
Proceed to the section on how you wish to run Postfix on your particular
SHELL = /bin/sh
WARN = -Wmissing-prototypes -Wformat -Wno-comment
-OPTS = 'CC=$(CC)'
+OPTS = 'WARN=$(WARN)'
DIRS = src/util src/global src/dns src/tls src/xsasl src/milter src/master \
src/postfix src/fsstone src/smtpstone \
src/sendmail src/error src/pickup src/cleanup src/smtpd src/local \
src/postmulti src/postscreen src/dnsblog src/tlsproxy \
src/posttls-finger
MANDIRS = proto man html
-LIBEXEC = libexec/post-install libexec/postfix-files libexec/postfix-script \
- libexec/postfix-wrapper libexec/main.cf libexec/master.cf \
- libexec/postmulti-script
-PLUGINS = plugins/dynamicmaps.cf.$(SHLIB_VERSION)
-EXPAND = sed -e "s;\$${LIB_PREFIX};$(LIB_PREFIX);" \
- -e "s;\$${LIB_SUFFIX};$(LIB_SUFFIX);" \
- -e "s;\$${SHLIB_VERSION};$(SHLIB_VERSION);"
+LIBEXEC = libexec/post-install libexec/postfix-script libexec/postfix-wrapper \
+ libexec/postmulti-script libexec/post-install
+PLUGINS = meta/dynamicmaps.cf
+META = meta/main.cf.proto meta/master.cf.proto meta/postfix-files \
+ meta/makedefs.out $(PLUGINS)
+EXPAND = sed -e "s;\$${LIB_PREFIX};$(LIB_PREFIX);" \
+ -e "s;\$${LIB_SUFFIX};$(LIB_SUFFIX);"
+SHLIB_DIR_OVERRIDE = \
+ $${shlib_directory:-`$(SHLIB_ENV) bin/postconf -dhx shlib_directory`}
default: update
-# While generating the top-level Makefile, we must get the PLUGIN_DIR
+# While generating the top-level Makefile, we must get the PLUGIN_LD
# setting directly from the latest makedefs.out result.
-makefiles Makefiles:
+makefiles Makefiles conf/makedefs.out:
(echo "# Do not edit -- this file documents how Postfix was built for your machine."; $(SHELL) makedefs) >makedefs.tmp
set +e; if cmp makedefs.tmp conf/makedefs.out; then rm makedefs.tmp; \
else mv makedefs.tmp conf/makedefs.out; fi >/dev/null 2>/dev/null
(set -e; echo "[$$i]"; cd $$i; rm -f Makefile; \
$(MAKE) -f Makefile.in Makefile MAKELEVEL=) || exit 1; \
done
- set -- `grep '^PLUGIN_DIR' conf/makedefs.out`; \
+ @set -- `grep '^PLUGIN_LD' conf/makedefs.out`; \
rm -f Makefile; (cat conf/makedefs.out; \
case "$$3" in \
- /*) cat Makefile.in;; \
- *) grep -v '^PLUGINS' Makefile.in;; \
+ ""|":") grep -v '^PLUGINS' Makefile.in;; \
+ *) cat Makefile.in;; \
esac) >Makefile
update printfck tests root_tests:
(set -e; echo "[$$i]"; cd $$i; $(MAKE) $(OPTS) $@ MAKELEVEL=) || exit 1; \
done
-update: $(LIBEXEC) $(PLUGINS)
-
-libexec/makedefs.out: conf/makedefs.out
- rm -f $@ && ln -f $? $@
+update: $(META) $(LIBEXEC)
libexec/post-install: conf/post-install
rm -f $@ && ln -f $? $@
-libexec/postfix-files: conf/postfix-files conf/makedefs.out Makefile
+# Censor out build directory information.
+
+meta/makedefs.out: conf/makedefs.out
+ grep -v SHLIB_ENV $? > $@
+
+meta/postfix-files: conf/postfix-files conf/makedefs.out Makefile
rm -f $@
- (if [ "${SHLIB_DIR}" = "no" -o "${SHLIB_DIR}" = "" ]; then \
+ (if [ "${SHLIB_DIR_OVERRIDE}" = "no" -o "${SHLIB_DIR}" = "" ]; then \
sed -e '/^\$$shlib_directory/d' \
- -e '/^\$$plugin_directory/d' conf/postfix-files; \
- elif [ "${PLUGIN_DIR}" = "no" -o "${PLUGIN_DIR}" = "" ]; then \
- sed -e '/^\$$plugin_directory/d' conf/postfix-files | $(EXPAND); \
+ -e '/dynamicmaps.cf/d' conf/postfix-files; \
+ elif [ "${PLUGIN_LD}" = "" ]; then \
+ sed -e '/dynamicmaps.cf/d' \
+ -e '/^\$$shlib_directory\/\$${LIB_PREFIX}/d' \
+ conf/postfix-files | $(EXPAND); \
else \
$(EXPAND) conf/postfix-files | awk -F: ' \
BEGIN { \
count = split("'"$(DEFINED_MAP_TYPES)"'", names, " "); \
for (n = 1; n <= count; n++) \
- have["$$plugin_directory/$(LIB_PREFIX)" names[n] \
+ have["$$shlib_directory/$(LIB_PREFIX)" names[n] \
"$(LIB_SUFFIX)"] = 1; } \
- /^[$$]plugin_directory.dynamicmaps/ { \
- print; next } \
- /^[$$]plugin_directory.$(LIB_PREFIX)/ { \
+ /^[$$]shlib_directory.$(LIB_PREFIX)/ { \
if (have[$$1]) print; next } \
{ print } \
'; \
libexec/postfix-wrapper: conf/postfix-wrapper
rm -f $@ && ln -f $? $@
-libexec/main.cf: conf/main.cf
+meta/main.cf.proto: conf/main.cf
rm -f $@ && ln -f $? $@
-libexec/master.cf: conf/master.cf
+meta/master.cf.proto: conf/master.cf
rm -f $@ && ln -f $? $@
libexec/postmulti-script: conf/postmulti-script
rm -f $@ && ln -f $? $@
-plugins/dynamicmaps.cf.$(SHLIB_VERSION): conf/dynamicmaps.cf Makefile
+meta/dynamicmaps.cf: conf/dynamicmaps.cf Makefile
rm -f $@ && $(EXPAND) conf/dynamicmaps.cf | $(AWK) ' \
BEGIN { split("'"$(DEFINED_MAP_TYPES)"'", map_types); \
for (n in map_types) has_type[map_types[n]] = n } \
printfck: update
-# The build-time shlib_directory/plugin_directory settings must take
-# precedence over the installed main.cf settings, otherwise we can't
-# update an installed system from dynamicmaps=yes<->dynamicmaps=no
-# or from shared=yes<->shared=no.
+# The build-time shlib_directory setting must take precedence over
+# the installed main.cf settings, otherwise we can't update an
+# installed system from dynamicmaps=yes<->dynamicmaps=no or from
+# shared=yes<->shared=no.
install: update
- $(SHLIB_ENV) shlib_directory=${SHLIB_DIR} plugin_directory=$(PLUGIN_DIR) \
- $(SHELL) postfix-install
+ $(SHLIB_ENV) shlib_directory=$(SHLIB_DIR_OVERRIDE) $(SHELL) \
+ postfix-install
package: update
- $(SHLIB_ENV) shlib_directory=${SHLIB_DIR} plugin_directory=$(PLUGIN_DIR) \
- $(SHELL) postfix-install -package
+ $(SHLIB_ENV) shlib_directory=$(SHLIB_DIR_OVERRIDE) $(SHELL) \
+ postfix-install -package
upgrade: update
- $(SHLIB_ENV) shlib_directory=${SHLIB_DIR} plugin_directory=$(PLUGIN_DIR) \
- $(SHELL) postfix-install -non-interactive
+ $(SHLIB_ENV) shlib_directory=$(SHLIB_DIR_OVERRIDE) $(SHELL) \
+ postfix-install -non-interactive
+
non-interactive-package: update
- $(SHLIB_ENV) shlib_directory=${SHLIB_DIR} plugin_directory=$(PLUGIN_DIR) \
- $(SHELL) postfix-install -non-interactive -package
+ $(SHLIB_ENV) shlib_directory=$(SHLIB_DIR_OVERRIDE) $(SHELL) \
+ postfix-install -non-interactive -package
depend clean:
set -e; for i in $(DIRS); do \
cp Makefile.init Makefile
rm -f README_FILES/RELEASE_NOTES
ln -s ../RELEASE_NOTES README_FILES
- rm -f bin/[!CRS]* lib/[!CRS]* include/[!CRS]* libexec/[!CRS]* plugins/[!CRS]* \
- src/*/libpostfix-*.so.* src/*/libpostfix-*.dylib.* \
- src/*/postfix-*.so.* src/*/postfix-*.dylib.* \
+ rm -f bin/[!CRS]* lib/[!CRS]* include/[!CRS]* libexec/[!CRS]* \
+ src/*/libpostfix-*.so src/*/libpostfix-*.dylib \
+ src/*/postfix-*.so src/*/postfix-*.dylib \
junk */junk */*/junk \
*core */*core */*/*core \
.nfs* */.nfs* */*/.nfs* \
*.bak */*.bak */*/*.bak \
make.err */make.err */*/make.err \
*.gmon */*.gmon */*/*.gmon \
- conf/main.cf.default conf/bounce.cf.default
+ conf/main.cf.default conf/bounce.cf.default meta/*
find . -type s -print | xargs rm -f
find . -type d -print | xargs chmod 755
find . -type f -print | xargs chmod a+r
of Linux, FreeBSD and MacOS X. Shared-library builds may become the default at
some point in the future.
+Overview of topics:
+
+ * 4.3.1 Turning on Postfix shared-library support
+ * 4.3.2 Turning on Postfix database-plugin support
+ * 4.3.3 Customizing Postfix shared libraries and database plugins
+ * 4.4.4 Tips for distribution maintainers
+
+Note: directories with Postfix shared libraries or database plugins should
+contain only postfix-related files. Postfix shared libraries and database
+plugins should not be installed in a "public" system directory such as /usr/lib
+or /usr/local/lib. Linking Postfix shared-library or database-plugin files into
+non-Postfix programs is not supported. Postfix shared libraries and database
+plugins implement a Postfix-internal API that changes without maintaining
+compatibility.
+
+4\b4.\b.3\b3.\b.1\b1 T\bTu\bur\brn\bni\bin\bng\bg o\bon\bn P\bPo\bos\bst\btf\bfi\bix\bx s\bsh\bha\bar\bre\bed\bd-\b-l\bli\bib\bbr\bra\bar\bry\by s\bsu\bup\bpp\bpo\bor\brt\bt
+
Postfix can be built with Postfix shared libraries (files typically named
-libpostfix-*.so.*). Postfix shared libraries add minor run-time overhead and
+libpostfix-*.so). Postfix shared libraries add minor run-time overhead and
result in significantly-smaller Postfix executable files.
Specify "shared=yes" on the "make makefiles" command line to build Postfix with
shared-library support.
$ make makefiles shared=yes ...other arguments...
- $ make makefiles shared=no ...other arguments...
$ make
-This defaults to installing shared libraries in /usr/local/lib, typically with
-names like libpostfix-name.so.version, where the name is a source-code
-directory name such as "util" or "global", and the version is the Postfix
-version: x.y.z for stable releases, x.y-date for snapshot (development)
-releases, or x.y-date-nonprod for non-production releases.
+(Specify "make makefiles shared=no" to explicitly disable Postfix shared-
+library support).
-To override the default location or shared-library version, specify, for
-example:
+This installs shared libraries in $shlib_directory, typically, /usr/lib/
+postfix/version or /usr/local/lib/postfix/version, with names like libpostfix-
+name.so, where the name is a source-code directory name such as "util" or
+"global", and the version is the Postfix release version: x.y.z for stable
+releases, x.y-date for snapshot (development) releases, or x.y-date-nonprod for
+non-production releases.
- $ make makefiles shared=yes shlib_directory=/usr/lib \
- SHLIB_VERSION=1 ...other arguments...
+See section 4.3.3 "Customizing Postfix shared libraries and database plugins"
+below for how to customize the Postfix shared-library location and version.
-You can change the shlib_directory setting after Postfix is built, with "make
-install" or "make upgrade". However, you may have to run ldconfig if you change
-shlib_directory after Postfix is built and install the libpostfix-*.so.* files
-in a non-system directory. No ldconfig is needed if you keep the libpostfix-
-*.so.* files in the compiled-in default $shlib_directory location.
+4\b4.\b.3\b3.\b.2\b2 T\bTu\bur\brn\bni\bin\bng\bg o\bon\bn P\bPo\bos\bst\btf\bfi\bix\bx d\bda\bat\bta\bab\bba\bas\bse\be-\b-p\bpl\blu\bug\bgi\bin\bn s\bsu\bup\bpp\bpo\bor\brt\bt
Additionally, Postfix can be built to support dynamic loading of Postfix
-database clients with the Debian-style dynamicmaps feature. Postfix 2.12
-supports dynamic loading of cdb:, ldap:, lmdb:, mysql:, pcre:, pgsql:, sdbm:,
-and sqlite: database clients. Dynamic loading is useful when you distribute or
-install pre-compiled Postfix packages.
+database clients (database plugins) with the Debian-style dynamicmaps feature.
+Postfix 2.12 supports dynamic loading of cdb:, ldap:, lmdb:, mysql:, pcre:,
+pgsql:, sdbm:, and sqlite: database clients. Dynamic loading is useful when you
+distribute or install pre-compiled Postfix packages.
Specify "dynamicmaps=yes" on the "make makefiles" command line to build Postfix
-with support to dynamically load Postfix database clients (database plugins)
-with the Debian-style dynamicmaps feature.
+with support to dynamically load Postfix database clients with the Debian-style
+dynamicmaps feature.
$ make makefiles dynamicmaps=yes ...other arguments...
- $ make makefiles dynamicmaps=no ...other arguments...
$ make
-This implicitly enables shared-library support, and defaults to installing
-dynamicmaps.cf and database plugins in /usr/libexec/postfix. Database plugins
-are typically named postfix-type.so.version where the type is a database type
-such as "cdb" or "ldap", and where the version is the same as for Postfix
-shared libraries. The installed dynamicmaps.cf configuration file is given a
-suffix with the same version.
+(Specify "make makefiles dynamicmaps=no" to explicitly disable Postfix
+database-plugin support).
+
+This implicitly enables shared-library support, installs the configuration file
+dynamicmaps.cf in $meta_directory (usually, /etc/postfix or /usr/local/etc/
+postfix), and installs database plugins in $shlib_directory (see above).
+Database plugins are named postfix-type.so where the type is a database type
+such as "cdb" or "ldap".
NOTE: The Postfix 2.12 build procedure expects that you specify database
library dependencies with variables named AUXLIBS_CDB, AUXLIBS_LDAP, etc.
dependencies. And that was exactly what dynamic database client loading was
meant to avoid.
-To override the default location or shared-library version, specify, for
-example:
+See the next section for how to customize the location and version of Postfix
+database plugins and the location of the file dynamicmaps.cf.
+
+4\b4.\b.3\b3.\b.3\b3 C\bCu\bus\bst\bto\bom\bmi\biz\bzi\bin\bng\bg P\bPo\bos\bst\btf\bfi\bix\bx s\bsh\bha\bar\bre\bed\bd l\bli\bib\bbr\bra\bar\bri\bie\bes\bs a\ban\bnd\bd d\bda\bat\bta\bab\bba\bas\bse\be p\bpl\blu\bug\bgi\bin\bns\bs
+
+C\bCu\bus\bst\bto\bom\bmi\biz\bzi\bin\bng\bg t\bth\bhe\be l\blo\boc\bca\bat\bti\bio\bon\bn o\bof\bf P\bPo\bos\bst\btf\bfi\bix\bx s\bsh\bha\bar\bre\bed\bd l\bli\bib\bbr\bra\bar\bri\bie\bes\bs a\ban\bnd\bd d\bda\bat\bta\bab\bba\bas\bse\be p\bpl\blu\bug\bgi\bin\bns\bs
- % make makefiles dynamicmaps=yes plugin_directory=/usr/lib/postfix \
- SHLIB_VERSION=1 ...
+As a reminder, the directories with Postfix shared libraries or database
+plugins should contain only Postfix-related files. Linking these files into
+other programs is not supported.
-You can also override the plugin_directory setting after Postfix is built, with
-"make install" or "make upgrade". In this case, there is no need to run the
-ldconfig command.
+To override the default location of Postfix shared libraries and database
+plugins specify, for example:
-Tips for distribution maintainers:
+ $ make makefiles shared=yes shlib_directory=/usr/local/lib/postfix ...
- * The postfix-install procedure creates a compatibility symlink
- dynamicmaps.cf -> dynamicmaps.cf.version (as well as a symlink
- dynamicmaps.cf.d -> dynamicmaps.cf.version.d; more on that below). It is
- therefore safe to use "unversioned" configuration file names when
- installing or deinstalling a database plugin. However, Postfix itself will
- use the "versioned" names, to allow minor upgrades to happen without having
- to stop Postfix.
+If you intend to upgrade Postfix without stopping the mail system, then you
+should append the Postfix release version to the shlib_directory pathname, to
+eliminate the possibility that programs from the old Postfix version will link
+with files from the new Postfix version. For example:
- * The configuration file dynamicmaps.cf.version will automatically include
- files under the directory dynamicmaps.cf.d.version, just like the
- configuration file postfix-files will automatically include files under the
- directory postfix-files.d. Thanks to this, you don't have to edit postfix-
- files or dynamicmaps.cf, when installing or deinstalling a database plugin
- package. Instead, each plugin can have its own configuration file.
+ $ make makefiles shared=yes \
+ shlib_directory=/usr/local/lib/postfix/MAIL_VERSION ...
- * The plugin_directory setting provides the default directory for shared-
- library objects with a relative pathname in the file
- dynamicmaps.cf.version.
+The command "make makefiles name=value..." will replace the string MAIL_VERSION
+in a configuration parameter value with the Postfix release version. Do not try
+to specify something like $mail_version on this command line. This produces
+inconsistent results with different versions of the make(1) command.
+
+You can change the shlib_directory setting after Postfix is built, with "make
+install" or "make upgrade". However, you may have to run ldconfig if you change
+shlib_directory after Postfix is built (the symptom is that Postfix programs
+fail because the run-time linker cannot find the files libpostfix-*.so). No
+ldconfig command is needed if you keep the files libpostfix-*.so in the
+compiled-in default $shlib_directory location.
- * Each configuration file under the directory dynamicmaps.cf.d.version must
- have a name that ends in ".cf" and must have the same format as the file
- dynamicmaps.cf.version.
+ # make upgrade shlib_directory=/usr/local/lib/postfix ...
+ # make install shlib_directory=/usr/local/lib/postfix ...
- * The directory dynamicmaps.cf.d.version is the default directory for shared-
- library objects with a relative pathname in the files
- dynamicmaps.cf.d.version/*.cf. Thus, the directory dynamicmaps.cf.d.version
- may contain both configuration files and shared-library object files.
- Hence, the requirement that configuration file names must end in ".cf".
+To append the Postfix release version to the pathname if you intend to upgrade
+Postfix without stopping the mail system:
+
+ # make upgrade shlib_directory=/usr/local/lib/postfix/MAIL_VERSION ...
+ # make install shlib_directory=/usr/local/lib/postfix/MAIL_VERSION ...
+
+See also the comments above for appending MAIL_VERSION with the "make
+makefiles" command.
+
+C\bCu\bus\bst\bto\bom\bmi\biz\bzi\bin\bng\bg t\bth\bhe\be l\blo\boc\bca\bat\bti\bio\bon\bn o\bof\bf d\bdy\byn\bna\bam\bmi\bic\bcm\bma\bap\bps\bs.\b.c\bcf\bf a\ban\bnd\bd o\bot\bth\bhe\ber\br f\bfi\bil\ble\bes\bs
+
+The meta_directory parameter has the same default setting as the
+config_directory parameter, typically /etc/postfix or /usr/local/etc/postfix.
+
+You can override the default meta_directory location at compile time or after
+Postfix is built. To override the default location at compile time specify, for
+example:
+
+ % make makefiles meta_directory=/usr/libexec/postfix ...
+
+Here is a tip if you want to make a pathname dependent on the Postfix release
+version: the command "make makefiles name=value..." will replace the string
+MAIL_VERSION in a configuration parameter value with the Postfix release
+version. Do not try to specify something like $mail_version on this command
+line. This produces inconsistent results with different versions of the make(1)
+command.
+
+You can override the meta_directory setting after Postfix is built, with "make
+install" or "make upgrade".
+
+ # make upgrade meta_directory=/usr/libexec/postfix ...
+ # make install meta_directory=/usr/libexec/postfix ...
+
+As with the command "make makefiles, the command "make install/upgrade
+name=value..." will replace the string MAIL_VERSION in a configuration
+parameter value with the Postfix release version. Do not try to specify
+something like $mail_version on this command line. This produces inconsistent
+results with different versions of the make(1) command.
+
+4\b4.\b.4\b4.\b.4\b4 T\bTi\bip\bps\bs f\bfo\bor\br d\bdi\bis\bst\btr\bri\bib\bbu\but\bti\bio\bon\bn m\bma\bai\bin\bnt\bta\bai\bin\bne\ber\brs\bs
+
+ * The shlib_directory parameter setting also provides the default directory
+ for database plugin files with a relative pathname in the file
+ dynamicmaps.cf.
+
+ * The meta_directory parameter specifies the location of the files
+ dynamicmaps.cf, postfix-files, and some multi-instance template files. The
+ meta_directory parameter has the same default value as the config_directory
+ parameter (typically, /etc/postfix or /usr/local/etc/postfix). For
+ backwards compatibility with Postfix 2.6 .. 2.11, specify "meta_directory =
+ $daemon_directory" in main.cf before installing or upgrading Postfix, or
+ specify "meta_directory = /path/name" on the "make makefiles", "make
+ install" or "make upgrade" command line.
+
+ * The configuration file dynamicmaps.cf will automatically include files
+ under the directory dynamicmaps.cf.d, just like the configuration file
+ postfix-files will automatically include files under the directory postfix-
+ files.d. Thanks to this, you can install or deinstall a database plugin
+ package without having to edit postfix-files or dynamicmaps.cf. Instead,
+ you give that plugin its own configuration files dynamicmaps.cf.d and
+ postfix-files.d, and you add or remove those configuration files along with
+ the database plugin shared object.
+
+ * Each configuration file under the directory dynamicmaps.cf.d must have the
+ same format as the configuration file dynamicmaps.cf. There is no
+ requirement that these configuration file *names* have a specific format.
* Each configuration file under the directory postfix-files.d must have the
same format as the configuration file postfix-files. There is no
- requirement that these configuration file names have a specific format.
+ requirement that these configuration file *names* have a specific format.
4\b4.\b.4\b4 -\b- B\bBu\bui\bil\bld\bdi\bin\bng\bg w\bwi\bit\bth\bh o\bop\bpt\bti\bio\bon\bna\bal\bl f\bfe\bea\bat\btu\bur\bre\bes\bs
$ make makefiles config_directory=/some/where ...other arguments...
$ make
+The command "make makefiles name=value ..." will replace the string
+MAIL_VERSION in a configuration parameter value with the Postfix release
+version. Do not try to specify something like $mail_version on this command
+line. This produces inconsistent results with different versions of the make(1)
+command.
+
Parameters whose defaults can be specified in this way are listed below. See
the postconf(5) manpage for a description (command: "nroff -man man/man5/
postconf.5 | less").
|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b |
|manpage_directory |/usr/local/man |
|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b |
- |newaliases_path |/usr/bin/newaliases |
+ |meta_directory |/etc/postfix |
|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b |
- |plugin_directory |/usr/libexec/postfix|
+ |newaliases_path |/usr/bin/newaliases |
|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b |
|queue_directory |/var/spool/postfix |
|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b |
|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b |
|sendmail_path |/usr/sbin/sendmail |
|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b |
- |shlib_directory |/usr/local/lib |
+ |shlib_directory |/usr/lib/postfix |
|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b |
4\b4.\b.5\b5.\b.2\b2 -\b- A\bAl\bll\bl P\bPo\bos\bst\btf\bfi\bix\bx v\bve\ber\brs\bsi\bio\bon\bns\bs
|N\bNa\bam\bme\be/\b/V\bVa\bal\blu\bue\be |D\bDe\bes\bsc\bcr\bri\bip\bpt\bti\bio\bon\bn |
|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b |
| |Specifies one or more non-default object |
-| |libraries. Postfix 2,12 and later specify some|
+| |libraries. Postfix 2.12 and later specify some|
| |of their database library dependencies with |
|AUXLIBS="object_library..." |AUXLIBS_CDB, AUXLIBS_LDAP, AUXLIBS_LMDB, |
| |AUXLIBS_MYSQL, AUXLIBS_PCRE, AUXLIBS_PGSQL, |
|OPT=optimization_level |The default is -O. Specify OPT= to turn off |
| |optimization. |
|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b |
-| |Specifies a non-default Postfix shared-library|
-| |version number. The default is to use the |
-|SHLIB_VERSION=version |Postfix version: X.Y.Z for stable releases, |
-| |X.Y-DATE for snapshot releases, X.Y-DATE- |
-| |nonprod for non-production releases. |
-|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b |
| |Specifies non-default gcc compiler warning |
|WARN="warning_flags..." |options for use when "make" is invoked in a |
| |source subdirectory only. |
file from a previous installation. If the file does not exist, use
interactive installation ("make install") instead.
+ * If you specify name=value arguments on the "make install" or "make upgrade"
+ command line, then these will take precedence over compiled-in default
+ settings or main.cf settings.
+
+ The command "make install/upgrade name=value ..." will replace the string
+ MAIL_VERSION in a configuration parameter value with the Postfix release
+ version. Do not try to specify something like $mail_version on this command
+ line. This produces inconsistent results with different versions of the
+ make(1) command.
+
6\b6.\b.4\b4 -\b- C\bCo\bon\bnf\bfi\big\bgu\bur\bre\be P\bPo\bos\bst\btf\bfi\bix\bx
Proceed to the section on how you wish to run Postfix on your particular
With Postfix versions before 2.2 you must invoke the post-install script
directly (% s\bsh\bh p\bpo\bos\bst\bt-\b-i\bin\bns\bst\bta\bal\bll\bl -\b-n\bno\bon\bn-\b-i\bin\bnt\bte\ber\bra\bac\bct\bti\biv\bve\be i\bin\bns\bst\bta\bal\bll\bl_\b_r\bro\boo\bot\bt.\b..\b..\b.).
+With Postfix 2.12 and later, the command "make package name=value ..." will
+replace the string MAIL_VERSION in a configuration parameter value with the
+Postfix release version. Do not try to specify something like $mail_version on
+this command line. This produces inconsistent results with different versions
+of the make(1) command.
+
B\bBe\beg\bgi\bin\bn S\bSe\bec\bcu\bur\bri\bit\bty\by A\bAl\ble\ber\brt\bt
W\bWh\bhe\ben\bn b\bbu\bui\bil\bld\bdi\bin\bng\bg a\ban\bn a\bar\brc\bch\bhi\biv\bve\be f\bfo\bor\br d\bdi\bis\bst\btr\bri\bib\bbu\but\bti\bio\bon\bn,\b, b\bbe\be s\bsu\bur\bre\be t\bto\bo a\bar\brc\bch\bhi\biv\bve\be o\bon\bnl\bly\by f\bfi\bil\ble\bes\bs a\ban\bnd\bd
If you upgrade from Postfix 2.10 or earlier, read RELEASE_NOTES-2.11
before proceeding.
-Notes for distribution maintainers (20140530)
----------------------------------------------
+Notes for distribution maintainers
+----------------------------------
-The Postfix build/install procedure has changed.
+The Postfix build/install procedure has changed to support Postfix
+shared libraries and database plugins.
+
+[Update 20140625: As a result of maintainer feedback, 1) the Postfix
+release version is no longer used as a filename suffix for Postfix
+shared libraries, database plugins or dynamicmaps.cf; 2) non-executable
+files have been moved away from $daemon_directory to $meta_directory
+(usually, /etc/postfix). The release notes below for 20140530 have
+been updated accordingly.]
To avoid massive frustration due to broken patches, PLEASE BUILD
POSTFIX FIRST WITHOUT APPLYING ANY PATCHES. Follow the INSTALL
(mantools/srctoman - makedefs | nroff -man | less) with information
about build options that are not described in the INSTALL instructions.
+Incompatible changes with snapshot 20140625
+===========================================
+
+For compliance with file system policies, some files have been moved
+from $daemon_directory to the directory specified with the new
+meta_directory configuration parameter which has the same default
+value as the config_directory parameter. This change affects
+non-executable files that are shared between multiple Postfix
+instances such as postfix-files, dynamicmaps.cf, and multi-instance
+template files.
+
+For backwards compatibility with Postfix 2.6 .. 2.11, specify
+"meta_directory = $daemon_directory" in main.cf before installing
+or upgrading Postfix, or specify "meta_directory = /path/name" on
+the "make makefiles", "make install" or "make upgrade" command line.
+
Incompatible changes with snapshot 20140618
===========================================
To support Postfix shared libraries and dynamically-loadable database
clients, the Postfix build procedure had to be changed (specifically,
-the makedefs and Makefile.in files, and the scripts that install
-or update Postfix). These changes are introduced early in the
-annual Postfix development cycle to give down-stream maintainers
-sufficient time to prepare their build systems for the next stable
-Postfix release.
+the files makedefs and Makefile.in, and the files postfix-install
+and post-install that install or update Postfix). These changes
+are introduced early in the annual Postfix development cycle to
+give down-stream maintainers sufficient time to prepare their build
+systems for the next stable Postfix release in 2015.
Building with Postfix shared libraries and database plugins
-----------------------------------------------------------
Please see the INSTALL section "Building with Postfix shared libraries
and database plugins" for fine-tuning details.
-To build with Postfix shared libraries (libpostfix-*.so.*), use:
+To build with Postfix shared libraries (files named libpostfix-*.so),
+use:
% make makefiles shared=yes ...other arguments...
To build with dynamicmaps.cf support and dynamically-loadable
-database clients (postfix-*.so.*), use:
+database clients (files named postfix-*.so), use:
% make makefiles dynamicmaps=yes ...other arguments...
-This implicitly enables support for libpostfix-*.so.* shared
-libraries. Postfix 2.12 supports dynamic loading for CDB, LDAP,
-LMDB, MYSQL, PCRE, PGSQL, SDBM, and SQLITE database clients.
+This implicitly enables support for Postfix shared libraries. Postfix
+2.12 supports dynamic loading for CDB, LDAP, LMDB, MYSQL, PCRE,
+PGSQL, SDBM, and SQLITE database clients.
NOTE: The Postfix 2.12 build procedure expects that you specify
database library dependencies with variables named AUXLIBS_CDB,
the user-visible changes with respect to Debian are:
- The new shlib_directory parameter specifies the location of the
- libpostfix-*.so.* shared-library files. You can change the location
- of these files after Postfix is built. However, you may have to
- run ldconfig if you move the libpostfix-*.so.* files to a non-system
- directory. No ldconfig is needed if you keep the libpostfix-*.so.*
- files in the compiled-in default $shlib_directory location.
-
-- The new plugin_directory parameter specifies the location of the
- dynamicmaps.cf database plugin configuration file and of any
- postfix-*.so.* plugins with a relative pathname. The dynamicmaps.cf
- location is not hard-coded to /etc, because the file is shared
- among all Postfix instances just like postfix-files and other
- files. Files in /etc are meant to be instance-specific.
-
-- Postfix supports the directory dynamicmaps.cf.d. in addition to
- the file dynamicmaps.cf. Maintainers can one configuration file
- per database plugin, which simplifies installation and removal.
+ libpostfix-*.so shared-library files and the postfix-*.so database
+ plugins. You can change the location of these files after Postfix
+ is built. However, you may have to run ldconfig if you change the
+ libpostfix-*.so location. No ldconfig is needed if you keep the
+ libpostfix-*.so files in the compiled-in default $shlib_directory
+ location.
+
+- The new meta_directory parameter specifies the location of the
+ file dynamicmaps.cf and some other non-executable files. The
+ meta_directory parameter has the same default value as the
+ config_directory parameter, so this is backwards compatible with
+ Debian (but the default setting may be changed at compile time).
+
+- Postfix supports the directory dynamicmaps.cf.d in addition to
+ the file dynamicmaps.cf. Maintainers can use one configuration
+ file per database plugin, which simplifies installation and
+ removal of individual plugins.
+
+- Likewise, Postfix supports the directory postfix-files.d in
+ addition to the file postfix-files, Again, maintainers can use
+ one configuration file per database plugin, which simplifies
+ installation and removal of individual plugins.
Major changes with snapshot 20140321
====================================
# Arguments
# .IP create-missing
# Create missing queue directories with ownerships and permissions
-# according to the contents of $daemon_directory/postfix-files
-# and optionally in $daemon_directory/postfix-files.d/*, using
+# according to the contents of $meta_directory/postfix-files
+# and optionally in $meta_directory/postfix-files.d/*, using
# the mail_owner and setgid_group parameter settings from the
# command line, process environment or from the installed
# main.cf file.
# This is required at Postfix start-up time.
# .IP set-permissions
# Set all file/directory ownerships and permissions according to the
-# contents of $daemon_directory/postfix-files and optionally
-# in $daemon_directory/postfix-files.d/*, using the mail_owner
+# contents of $meta_directory/postfix-files and optionally
+# in $meta_directory/postfix-files.d/*, using the mail_owner
# and setgid_group parameter settings from the command line,
# process environment or from the installed main.cf file.
# Implies create-missing.
# settings after Postfix is already installed.
# .IP upgrade-permissions
# Update ownership and permission of existing files/directories as
-# specified in $daemon_directory/postfix-files and optionally
-# in $daemon_directory/postfix-files.d/*, using the mail_owner
+# specified in $meta_directory/postfix-files and optionally
+# in $meta_directory/postfix-files.d/*, using the mail_owner
# and setgid_group parameter settings from the command line,
# process environment or from the installed main.cf file.
# Implies create-missing.
# .IP readme_directory
# The directory for the Postfix README files.
# .IP shlib_directory
-# The directory for the Postfix shared-library files.
-# .IP plugin_directory
-# The directory for the Postfix dynamicmaps.cf database plugin
-# configuration file, and files referenced by that file.
+# The directory for the Postfix shared-library files, and for
+# the Postfix dabatase plugin files with a relative pathname
+# in the file dynamicmaps.cf.
+# .IP meta_directory
+# The directory for non-executable files that are shared
+# among multiple Postfix instances, such as postfix-files,
+# dynamicmaps.cf, as well as the multi-instance template files
+# main.cf.proto and master.cf.proto.
# SEE ALSO
# postfix-install(1) Postfix primary installation script.
# FILES
# $config_directory/main.cf, Postfix installation parameters.
-# $daemon_directory/postfix-files, installation control file.
-# $daemon_directory/postfix-files.d/*, optional control files.
+# $meta_directory/postfix-files, installation control file.
+# $meta_directory/postfix-files.d/*, optional control files.
# $config_directory/install.cf, obsolete configuration file.
# LICENSE
# .ad
MOST_PARAMETERS="command_directory daemon_directory data_directory
html_directory mail_owner mailq_path manpage_directory
newaliases_path queue_directory readme_directory sample_directory
- sendmail_path setgid_group shlib_directory plugin_directory"
+ sendmail_path setgid_group shlib_directory meta_directory"
NON_SHARED="config_directory queue_directory data_directory"
USAGE="Usage: $0 [name=value] command
esac
done
-test -f $daemon_directory/postfix-files || {
- echo $0: Error: $daemon_directory/postfix-files is not a file. 1>&2
+test -f $meta_directory/postfix-files || {
+ echo $0: Error: $meta_directory/postfix-files is not a file. 1>&2
exit 1
}
esac
for path in "$daemon_directory" "$command_directory" "$queue_directory" \
- "$sendmail_path" "$newaliases_path" "$mailq_path" "$manpage_directory"
+ "$sendmail_path" "$newaliases_path" "$mailq_path" "$manpage_directory" \
+ "$meta_directory"
do
case "$path" in
/*) ;;
esac
done
-for path in "$html_directory" "$readme_directory" "$shlib_directory" "$plugin_directory"
+for path in "$html_directory" "$readme_directory" "$shlib_directory"
do
case "$path" in
/*) ;;
"sample_directory = $sample_directory" \
"readme_directory = $readme_directory" \
"shlib_directory = $shlib_directory" \
- "plugin_directory = $plugin_directory" \
+ "meta_directory = $meta_directory" \
|| exit 1
}
-# Use file/directory status information in $daemon_directory/postfix-files.
+# Use file/directory status information in $meta_directory/postfix-files.
test -n "$create" && {
- postfix_files_d=$daemon_directory/postfix-files.d
- for postfix_file in $daemon_directory/postfix-files \
+ postfix_files_d=$meta_directory/postfix-files.d
+ for postfix_file in $meta_directory/postfix-files \
`test -d $postfix_files_d && { find $postfix_files_d -type f | sort; }`
do
exec <$postfix_file || exit 1
$queue_directory/pid:d:root:-:755:uc
$queue_directory/saved:d:$mail_owner:-:700:ucr
$queue_directory/trace:d:$mail_owner:-:700:ucr
-# Update shared libraries before daemon or command-line programs.
+# Update shared libraries and plugins before daemon or command-line programs.
$shlib_directory/lib${LIB_PREFIX}util${LIB_SUFFIX}:f:root:-:755
$shlib_directory/lib${LIB_PREFIX}global${LIB_SUFFIX}:f:root:-:755
$shlib_directory/lib${LIB_PREFIX}dns${LIB_SUFFIX}:f:root:-:755
$shlib_directory/lib${LIB_PREFIX}tls${LIB_SUFFIX}:f:root:-:755
$shlib_directory/lib${LIB_PREFIX}master${LIB_SUFFIX}:f:root:-:755
-# Update database plugins before daemon or command-line programs.
-$plugin_directory/${LIB_PREFIX}cdb${LIB_SUFFIX}:f:root:-:755
-$plugin_directory/${LIB_PREFIX}ldap${LIB_SUFFIX}:f:root:-:755
-$plugin_directory/${LIB_PREFIX}lmdb${LIB_SUFFIX}:f:root:-:755
-$plugin_directory/${LIB_PREFIX}mysql${LIB_SUFFIX}:f:root:-:755
-$plugin_directory/${LIB_PREFIX}pcre${LIB_SUFFIX}:f:root:-:755
-$plugin_directory/${LIB_PREFIX}pgsql${LIB_SUFFIX}:f:root:-:755
-$plugin_directory/${LIB_PREFIX}sdbm${LIB_SUFFIX}:f:root:-:755
-$plugin_directory/${LIB_PREFIX}sqlite${LIB_SUFFIX}:f:root:-:755
-$plugin_directory/dynamicmaps.cf.${SHLIB_VERSION}:f:root:-:644:
-$plugin_directory/dynamicmaps.cf.${SHLIB_VERSION}.d:d:root:-:755:
-$plugin_directory/dynamicmaps.cf:l:dynamicmaps.cf.${SHLIB_VERSION}:-::
-$plugin_directory/dynamicmaps.cf.d:l:dynamicmaps.cf.${SHLIB_VERSION}.d:-::
+$shlib_directory/${LIB_PREFIX}cdb${LIB_SUFFIX}:f:root:-:755
+$shlib_directory/${LIB_PREFIX}ldap${LIB_SUFFIX}:f:root:-:755
+$shlib_directory/${LIB_PREFIX}lmdb${LIB_SUFFIX}:f:root:-:755
+$shlib_directory/${LIB_PREFIX}mysql${LIB_SUFFIX}:f:root:-:755
+$shlib_directory/${LIB_PREFIX}pcre${LIB_SUFFIX}:f:root:-:755
+$shlib_directory/${LIB_PREFIX}pgsql${LIB_SUFFIX}:f:root:-:755
+$shlib_directory/${LIB_PREFIX}sdbm${LIB_SUFFIX}:f:root:-:755
+$shlib_directory/${LIB_PREFIX}sqlite${LIB_SUFFIX}:f:root:-:755
+$meta_directory/dynamicmaps.cf.d:d:root:-:755
+$meta_directory/dynamicmaps.cf:f:root:-:644
+$meta_directory/main.cf.proto:f:root:-:644
+$meta_directory/makedefs.out:f:root:-:644
+$meta_directory/master.cf.proto:f:root:-:644
+$meta_directory/postfix-files.d:d:root:-:755
+$meta_directory/postfix-files:f:root:-:644
$daemon_directory/anvil:f:root:-:755
$daemon_directory/bounce:f:root:-:755
$daemon_directory/cleanup:f:root:-:755
$daemon_directory/dnsblog:f:root:-:755
$daemon_directory/error:f:root:-:755
$daemon_directory/flush:f:root:-:755
-#$daemon_directory/lmtp:f:root:-:755
$daemon_directory/local:f:root:-:755
-$daemon_directory/main.cf:f:root:-:644
-$daemon_directory/master.cf:f:root:-:644
+$daemon_directory/main.cf:f:root:-:644:o
+$daemon_directory/master.cf:f:root:-:644:o
$daemon_directory/master:f:root:-:755
$daemon_directory/oqmgr:f:root:-:755
$daemon_directory/pickup:f:root:-:755
$daemon_directory/pipe:f:root:-:755
$daemon_directory/post-install:f:root:-:755
-$daemon_directory/postfix-files:f:root:-:644
-$daemon_directory/postfix-files.d:d:root:-:755
+# In case meta_directory == daemon_directory.
+#$daemon_directory/postfix-files:f:root:-:644:o
+#$daemon_directory/postfix-files.d:d:root:-:755:o
$daemon_directory/postfix-script:f:root:-:755
$daemon_directory/postfix-wrapper:f:root:-:755
$daemon_directory/postmulti-script:f:root:-:755
$config_directory/install.cf:f:root:-:644:o
$config_directory/main.cf.default:f:root:-:644:1
$config_directory/main.cf:f:root:-:644:p
-$config_directory/makedefs.out:f:root:-:644:1
$config_directory/master.cf:f:root:-:644:p
$config_directory/pcre_table:f:root:-:644:o
-$config_directory/postfix-files:f:root:-:644:o
$config_directory/regexp_table:f:root:-:644:o
$config_directory/relocated:f:root:-:644:p1
$config_directory/tcp_table:f:root:-:644:o
exit 1
}
esac
-case $plugin_directory in
-no) ;;
- *) cd $plugin_directory || {
- $FATAL no Postfix plugin directory $plugin_directory!
- exit 1
- }
-esac
+cd $meta_directory || {
+ $FATAL no Postfix meta directory $meta_directory!
+ exit 1
+}
cd $queue_directory || {
$FATAL no Postfix queue directory $queue_directory!
exit 1
test -n "$check_shared_files" && {
todo="$daemon_directory $todo"
test "$shlib_directory" = "no" || todo="$shlib_directory $todo"
- test "$plugin_directory" = "no" || todo="$plugin_directory $todo"
+ todo="$meta_directory $todo"
}
- for dir in $todo
+ for dir in `echo "$todo" | tr ' ' '\12' | sort -u`
do
ls -lLd $dir | (grep " root " >/dev/null ||
$WARN not owned by root: $dir)
todo="$daemon_directory/* $todo"
test "$shlib_directory" = "no" ||
todo="$shlib_directory/libpostfix* $todo"
- # plugin_directory/* is checked by dynamicmaps routines.
}
find $todo ! -user root \
test -n "$check_shared_files" && todo="$daemon_directory/. $todo"
# FIXME don't scan non-Postfix files under /usr/local/lib.
test "$shlib_directory" = "no" ||
- todo="$shlib_directory/libpostfix* $todo"
+ todo="$shlib_directory/libpostfix* $shlib_directory/postfix* $todo"
find $todo \
\( -perm -020 -o -perm -002 \) -type f \
# MAIL_CONFIG - config_directory of primary instance
# command_directory - From primary instance
# daemon_directory - From primary instance
+# meta_directory - From primary instance
+# shlib_directory - From primary instance
# config_directroy - config_directory of target instance
# queue_directory - queue_directory of target instance
# data_directory - data_directory of target instance
: ${MAIL_CONFIG:?"do not invoke this command directly"}
: ${command_directory:?"do not invoke this command directly"}
: ${daemon_directory:?"do not invoke this command directly"}
+: ${meta_directory:?"do not invoke this command directly"}
+: ${shlib_directory:?"do not invoke this command directly"}
USAGE="$0 -e create|destroy|import|deport|enable|disable|assign|init"
usage() { echo "$0: Error: Usage: $USAGE" >&2; exit 1; }
exit $? ;;
esac
+# Backport note: "-x" requires 2.10 or later, and is not essential here.
+#
+wrapper=`postconf -hx multi_instance_wrapper` || exit 1
+enable=`postconf -hx multi_instance_enable` || exit 1
+
+test -n "$wrapper" ||
+ fatal "multi_instance_wrapper is empty, run 'postmulti -e init' first."
+
+test "$enable" = "yes" ||
+ fatal "multi_instance_enable!=yes, run 'postmulti -e init' first."
+
: ${config_directory:?"Invalid empty target instance config_directory"}
case $action in
tmpdir=$config_directory/.tmp
(umask 077; mkdir -p $tmpdir) || exit 1
- cp -p $daemon_directory/main.cf $tmpdir/main.cf || exit 1
+ cp -p $meta_directory/main.cf.proto $tmpdir/main.cf || exit 1
# Shared install parameters are cloned from user-specified values in
# the default instance, but only if explicitly set there. Otherwise,
SHARED_PARAMETERS="
command_directory
daemon_directory
+ meta_directory
mail_owner
setgid_group
sendmail_path
sample_directory
readme_directory
shlib_directory
- plugin_directory
"
shift $# # Needed on SunOS where bare "set --" is NOP!
"$@" || exit 1
- cp -p $daemon_directory/master.cf $tmpdir/master.cf || exit 1
+ cp -p $meta_directory/master.cf.proto $tmpdir/master.cf || exit 1
mv $tmpdir/main.cf $config_directory/main.cf || exit 1
mv $tmpdir/master.cf $config_directory/master.cf || exit 1
rmdir $tmpdir 2>/dev/null
recent versions of Linux, FreeBSD and MacOS X. Shared-library builds
may become the default at some point in the future. </p>
+<p> Overview of topics: </p>
+
+<ul>
+
+<li><a href="#shared_enable">4.3.1 Turning on Postfix shared-library
+support</a>
+
+<li><a href="#dynamicmaps_enable">4.3.2 Turning on Postfix database-plugin
+support</a>
+
+<li><a href="#shared_custom">4.3.3 Customizing Postfix shared
+libraries and database plugins</a>
+
+<li><a href="#shared_tips">4.4.4 Tips for distribution maintainers</a>
+
+</ul>
+
+<p> Note: directories with Postfix shared libraries or database
+plugins should contain only postfix-related files. Postfix shared
+libraries and database plugins should not be installed in a "public"
+system directory such as /usr/lib or /usr/local/lib. Linking Postfix
+shared-library or database-plugin files into non-Postfix programs
+is not supported. Postfix shared libraries and database plugins
+implement a Postfix-internal API that changes without maintaining
+compatibility. </p>
+
+<h4><a name="shared_enable"> 4.3.1 Turning on Postfix shared-library
+support </a></h4>
+
<p> Postfix can be built with Postfix shared libraries (files
-typically named <tt>libpostfix-*.so.*</tt>). Postfix shared libraries
+typically named <tt>libpostfix-*.so</tt>). Postfix shared libraries
add minor run-time overhead and result in significantly-smaller
Postfix executable files. </p>
<blockquote>
<pre>
$ make makefiles shared=yes ...other arguments...
-$ make makefiles shared=no ...other arguments...
$ make
</pre>
</blockquote>
-<p> This defaults to installing shared libraries in /usr/local/lib,
-typically with names like libpostfix-<i>name</i>.so.<i>version</i>,
-where the <i>name</i> is a source-code directory name such as "util"
-or "global", and the <i>version</i> is the Postfix version:
-<i>x.y.z</i> for stable releases, <i>x.y</i>-<i>date</i> for snapshot
-(development) releases, or <i>x.y</i>-<i>date</i>-nonprod for
-non-production releases. </p>
+<p> (Specify "make makefiles shared=no" to explicitly disable Postfix
+shared-library support). </p>
-<p> To override the default location or shared-library version,
-specify, for example: </p>
+<p> This installs shared libraries in $<a href="postconf.5.html#shlib_directory">shlib_directory</a>, typically,
+/usr/lib/postfix/<i>version</i> or /usr/local/lib/postfix/<i>version</i>,
+with names like libpostfix-<i>name</i>.so, where the <i>name</i>
+is a source-code directory name such as "util" or "global", and the
+<i>version</i> is the Postfix release version: <i>x.y.z</i> for
+stable releases, <i>x.y</i>-<i>date</i> for snapshot (development)
+releases, or <i>x.y</i>-<i>date</i>-nonprod for non-production
+releases. </p>
-<blockquote>
-<pre>
-$ make makefiles shared=yes <a href="postconf.5.html#shlib_directory">shlib_directory</a>=/usr/lib \
- SHLIB_VERSION=1 ...other arguments...
-</pre>
-</blockquote>
+<p> See section 4.3.3 "Customizing Postfix shared libraries and
+database plugins" below for how to customize the Postfix shared-library
+location and version.
-<p> You can change the <a href="postconf.5.html#shlib_directory">shlib_directory</a> setting after Postfix is
-built, with "make install" or "make upgrade". However, you may have
-to run ldconfig if you change <a href="postconf.5.html#shlib_directory">shlib_directory</a> after Postfix is built
-and install the libpostfix-*.so.* files in a non-system directory.
-No ldconfig is needed if you keep the libpostfix-*.so.* files in
-the compiled-in default $<a href="postconf.5.html#shlib_directory">shlib_directory</a> location. </p>
+<h4><a name="dynamicmaps_enable"> 4.3.2 Turning on Postfix
+database-plugin support </a></h4>
<p> Additionally, Postfix can be built to support dynamic loading
-of Postfix database clients with the Debian-style dynamicmaps
-feature. Postfix 2.12 supports dynamic loading of <a href="CDB_README.html">cdb</a>:, <a href="ldap_table.5.html">ldap</a>:,
-<a href="lmdb_table.5.html">lmdb</a>:, <a href="mysql_table.5.html">mysql</a>:, <a href="pcre_table.5.html">pcre</a>:, <a href="pgsql_table.5.html">pgsql</a>:, <a href="DATABASE_README.html#types">sdbm</a>:, and <a href="sqlite_table.5.html">sqlite</a>: database clients.
-Dynamic loading is useful when you distribute or install pre-compiled
-Postfix packages. </p>
+of Postfix database clients (database plugins) with the Debian-style
+dynamicmaps feature. Postfix 2.12 supports dynamic loading of <a href="CDB_README.html">cdb</a>:,
+<a href="ldap_table.5.html">ldap</a>:, <a href="lmdb_table.5.html">lmdb</a>:, <a href="mysql_table.5.html">mysql</a>:, <a href="pcre_table.5.html">pcre</a>:, <a href="pgsql_table.5.html">pgsql</a>:, <a href="DATABASE_README.html#types">sdbm</a>:, and <a href="sqlite_table.5.html">sqlite</a>: database
+clients. Dynamic loading is useful when you distribute or install
+pre-compiled Postfix packages. </p>
<p> Specify "dynamicmaps=yes" on the "make makefiles" command line
to build Postfix with support to dynamically load Postfix database
-clients (database plugins) with the Debian-style dynamicmaps feature.
+clients with the Debian-style dynamicmaps feature.
</p>
<blockquote>
<pre>
$ make makefiles dynamicmaps=yes ...other arguments...
-$ make makefiles dynamicmaps=no ...other arguments...
$ make
</pre>
</blockquote>
-<p> This implicitly enables shared-library support, and defaults
-to installing dynamicmaps.cf and database plugins in /usr/libexec/postfix.
-Database plugins are typically named postfix-<i>type</i>.so.<i>version</i>
-where the <i>type</i> is a database type such as "cdb" or "ldap",
-and where the <i>version</i> is the same as for Postfix shared
-libraries. The installed dynamicmaps.cf configuration file is given
-a suffix with the same version. </p>
+<p> (Specify "make makefiles dynamicmaps=no" to explicitly disable
+Postfix database-plugin support). </p>
+
+<p> This implicitly enables shared-library support, installs the
+configuration file dynamicmaps.cf in $<a href="postconf.5.html#meta_directory">meta_directory</a> (usually,
+/etc/postfix or /usr/local/etc/postfix), and installs database
+plugins in $<a href="postconf.5.html#shlib_directory">shlib_directory</a> (see above). Database plugins are named
+postfix-<i>type</i>.so where the <i>type</i> is a database type
+such as "cdb" or "ldap". </p>
<blockquote>
</blockquote>
-<p> To override the default location or shared-library version,
-specify, for example: </p>
+<p> See the next section for how to customize the location and
+version of Postfix database plugins and the location of the file
+dynamicmaps.cf. </p>
+
+<h4><a name="shared_custom"> 4.3.3 Customizing Postfix shared
+libraries and database plugins </a></h4>
+
+<h5> Customizing the location of Postfix shared libraries and
+database plugins </h5>
+
+<p> As a reminder, the directories with Postfix shared libraries
+or database plugins should contain only Postfix-related files.
+Linking these files into other programs is not supported. </p>
+
+<p> To override the default location of Postfix shared libraries
+and database plugins specify, for example: </p>
<blockquote>
<pre>
-% make makefiles dynamicmaps=yes <a href="postconf.5.html#plugin_directory">plugin_directory</a>=/usr/lib/postfix \
- SHLIB_VERSION=1 ...
+$ make makefiles shared=yes <a href="postconf.5.html#shlib_directory">shlib_directory</a>=/usr/local/lib/postfix ...
</pre>
</blockquote>
-<p> You can also override the <a href="postconf.5.html#plugin_directory">plugin_directory</a> setting after Postfix
-is built, with "make install" or "make upgrade". In this case, there
-is no need to run the ldconfig command. </p>
+<p> If you intend to upgrade Postfix without stopping the mail
+system, then you should append the Postfix release version to the
+<a href="postconf.5.html#shlib_directory">shlib_directory</a> pathname, to eliminate the possibility that programs
+from the old Postfix version will link with files from the new
+Postfix version. For example: </p>
-<p> Tips for distribution maintainers:
+<blockquote>
+<pre>
+$ make makefiles shared=yes \
+ <a href="postconf.5.html#shlib_directory">shlib_directory</a>=/usr/local/lib/postfix/MAIL_VERSION ...
+</pre>
+</blockquote>
-<ul>
+<p> The command "make makefiles name=value..." will replace the
+string MAIL_VERSION in a configuration parameter value with the
+Postfix release version. Do not try to specify something like
+$<a href="postconf.5.html#mail_version">mail_version</a> on this command line. This produces inconsistent
+results with different versions of the make(1) command. </p>
-<li> <p> The postfix-install procedure creates a compatibility
-symlink dynamicmaps.cf -> dynamicmaps.cf.<i>version</i> (as well
-as a symlink dynamicmaps.cf.d -> dynamicmaps.cf.<i>version</i>.d;
-more on that below). It is therefore safe to use "unversioned"
-configuration file names when installing or deinstalling a database
-plugin. However, Postfix itself will use the "versioned" names, to
-allow minor upgrades to happen without having to stop Postfix. </p>
-
-<li> <p> The configuration file dynamicmaps.cf.<i>version</i> will
-automatically include files under the directory
-dynamicmaps.cf.d.<i>version</i>, just like the configuration file
-postfix-files will automatically include files under the directory
-postfix-files.d. Thanks to this, you don't have to edit postfix-files
-or dynamicmaps.cf, when installing or deinstalling a database plugin
-package. Instead, each plugin can have its own configuration file.
-</p>
+<p> You can change the <a href="postconf.5.html#shlib_directory">shlib_directory</a> setting after Postfix is
+built, with "make install" or "make upgrade". However, you may have
+to run ldconfig if you change <a href="postconf.5.html#shlib_directory">shlib_directory</a> after Postfix is built
+(the symptom is that Postfix programs fail because the run-time
+linker cannot find the files libpostfix-*.so). No ldconfig command
+is needed if you keep the files libpostfix-*.so in the compiled-in
+default $<a href="postconf.5.html#shlib_directory">shlib_directory</a> location. </p>
-<li> <p> The <a href="postconf.5.html#plugin_directory">plugin_directory</a> setting provides the default directory
-for shared-library objects with a relative pathname in the file
-dynamicmaps.cf.<i>version</i>.
+<blockquote>
+<pre>
+# make upgrade <a href="postconf.5.html#shlib_directory">shlib_directory</a>=/usr/local/lib/postfix ...
+# make install <a href="postconf.5.html#shlib_directory">shlib_directory</a>=/usr/local/lib/postfix ...
+</pre>
+</blockquote>
+
+<p> To append the Postfix release version to the pathname if you
+intend to upgrade Postfix without stopping the mail system: </p>
+
+<blockquote>
+<pre>
+# make upgrade <a href="postconf.5.html#shlib_directory">shlib_directory</a>=/usr/local/lib/postfix/MAIL_VERSION ...
+# make install <a href="postconf.5.html#shlib_directory">shlib_directory</a>=/usr/local/lib/postfix/MAIL_VERSION ...
+</pre>
+</blockquote>
+
+<p> See also the comments above for appending MAIL_VERSION with
+the "make makefiles" command. </p>
+
+<h5> Customizing the location of dynamicmaps.cf and other files
+</h5>
-<li> <p> Each configuration file under the directory
-dynamicmaps.cf.d.<i>version</i> must have a name that ends in ".cf"
-and must have the same format as the file dynamicmaps.cf.<i>version</i>.
+<p> The <a href="postconf.5.html#meta_directory">meta_directory</a> parameter has the same default setting as
+the <a href="postconf.5.html#config_directory">config_directory</a> parameter, typically /etc/postfix or
+/usr/local/etc/postfix. </p>
+
+<p> You can override the default <a href="postconf.5.html#meta_directory">meta_directory</a> location at compile
+time or after Postfix is built. To override the default location
+at compile time specify, for example: </p>
+
+<blockquote>
+<pre>
+% make makefiles <a href="postconf.5.html#meta_directory">meta_directory</a>=/usr/libexec/postfix ...
+</pre>
+</blockquote>
+
+<p> Here is a tip if you want to make a pathname dependent on the
+Postfix release version: the command "make makefiles name=value..."
+will replace the string MAIL_VERSION in a configuration parameter
+value with the Postfix release version. Do not try to specify
+something like $<a href="postconf.5.html#mail_version">mail_version</a> on this command line. This produces
+inconsistent results with different versions of the make(1) command.
</p>
-<li> <p> The directory dynamicmaps.cf.d.<i>version</i> is the default
-directory for shared-library objects with a relative pathname in
-the files dynamicmaps.cf.d.<i>version</i>/*.cf. Thus, the directory
-dynamicmaps.cf.d.<i>version</i> may contain both configuration files
-and shared-library object files. Hence, the requirement that
-configuration file names must end in ".cf". </p>
+<p> You can override the <a href="postconf.5.html#meta_directory">meta_directory</a> setting after Postfix is
+built, with "make install" or "make upgrade". </p>
+
+<blockquote>
+<pre>
+# make upgrade <a href="postconf.5.html#meta_directory">meta_directory</a>=/usr/libexec/postfix ...
+# make install <a href="postconf.5.html#meta_directory">meta_directory</a>=/usr/libexec/postfix ...
+</pre>
+</blockquote>
+
+<p> As with the command "make makefiles, the command "make
+install/upgrade name=value..." will replace the string MAIL_VERSION
+in a configuration parameter value with the Postfix release version.
+Do not try to specify something like $<a href="postconf.5.html#mail_version">mail_version</a> on this command
+line. This produces inconsistent results with different versions
+of the make(1) command. </p>
+
+<h4><a name="shared_tips"> 4.4.4 Tips for distribution maintainers
+</a></h4>
+
+<ul>
+
+<li> <p> The <a href="postconf.5.html#shlib_directory">shlib_directory</a> parameter setting also provides the
+default directory for database plugin files with a relative pathname
+in the file dynamicmaps.cf. </p>
+
+<li> <p> The <a href="postconf.5.html#meta_directory">meta_directory</a> parameter specifies the location of the
+files dynamicmaps.cf, postfix-files, and some multi-instance template
+files. The <a href="postconf.5.html#meta_directory">meta_directory</a> parameter has the same default value as
+the <a href="postconf.5.html#config_directory">config_directory</a> parameter (typically, /etc/postfix or
+/usr/local/etc/postfix). For backwards compatibility with Postfix
+2.6 .. 2.11, specify "<a href="postconf.5.html#meta_directory">meta_directory</a> = $<a href="postconf.5.html#daemon_directory">daemon_directory</a>" in <a href="postconf.5.html">main.cf</a>
+before installing or upgrading Postfix, or specify "<a href="postconf.5.html#meta_directory">meta_directory</a>
+= /path/name" on the "make makefiles", "make install" or "make
+upgrade" command line. </p>
+
+<li> <p> The configuration file dynamicmaps.cf will automatically
+include files under the directory dynamicmaps.cf.d, just like the
+configuration file postfix-files will automatically include files
+under the directory postfix-files.d. Thanks to this, you can install
+or deinstall a database plugin package without having to edit
+postfix-files or dynamicmaps.cf. Instead, you give that plugin its
+own configuration files dynamicmaps.cf.d and postfix-files.d, and
+you add or remove those configuration files along with the database
+plugin shared object. </p>
+
+<li> <p> Each configuration file under the directory dynamicmaps.cf.d
+must have the same format as the configuration file dynamicmaps.cf.
+There is no requirement that these configuration file *names* have a
+specific format. </p>
<li> <p> Each configuration file under the directory postfix-files.d
must have the same format as the configuration file postfix-files.
-There is no requirement that these configuration file names have a
+There is no requirement that these configuration file *names* have a
specific format. </p>
</ul>
</pre>
</blockquote>
+<p> The command "make makefiles name=value ..." will replace the
+string MAIL_VERSION in a configuration parameter value with the
+Postfix release version. Do not try to specify something like
+$<a href="postconf.5.html#mail_version">mail_version</a> on this command line. This produces inconsistent
+results with different versions of the make(1) command. </p>
+
<p> Parameters whose defaults can be specified in this way are
listed below. See the <a href="postconf.5.html">postconf(5)</a> manpage for a description
(command: "<tt>nroff -man man/man5/postconf.5 | less</tt>"). </p>
<tr> <td><a href="postconf.5.html#manpage_directory">manpage_directory</a></td> <td>/usr/local/man</td> </tr>
-<tr> <td><a href="postconf.5.html#newaliases_path">newaliases_path</a></td> <td>/usr/bin/newaliases</td> </tr>
+<tr> <td><a href="postconf.5.html#meta_directory">meta_directory</a></td> <td>/etc/postfix</td> </tr>
-<tr> <td><a href="postconf.5.html#plugin_directory">plugin_directory</a></td> <td>/usr/libexec/postfix</td> </tr>
+<tr> <td><a href="postconf.5.html#newaliases_path">newaliases_path</a></td> <td>/usr/bin/newaliases</td> </tr>
<tr> <td><a href="postconf.5.html#queue_directory">queue_directory</a></td> <td>/var/spool/postfix</td> </tr>
<tr> <td><a href="postconf.5.html#sendmail_path">sendmail_path</a></td> <td>/usr/sbin/sendmail</td> </tr>
-<tr> <td><a href="postconf.5.html#shlib_directory">shlib_directory</a></td> <td>/usr/local/lib</td> </tr>
+<tr> <td><a href="postconf.5.html#shlib_directory">shlib_directory</a></td> <td>/usr/lib/postfix</td> </tr>
</table>
<tr> <th colspan="2"> Name/Value </th> <th> Description </th> </tr>
<tr> <td colspan="2"> AUXLIBS="object_library..."</td> <td> Specifies
-one or more non-default object libraries. Postfix 2,12 and later
+one or more non-default object libraries. Postfix 2.12 and later
specify some of their database library dependencies with <a href="CDB_README.html">AUXLIBS_CDB</a>,
<a href="LDAP_README.html">AUXLIBS_LDAP</a>, <a href="LMDB_README.html">AUXLIBS_LMDB</a>, <a href="MYSQL_README.html">AUXLIBS_MYSQL</a>, <a href="PCRE_README.html">AUXLIBS_PCRE</a>, <a href="PGSQL_README.html">AUXLIBS_PGSQL</a>,
<a href="SDBM_README.html">AUXLIBS_SDBM</a>, and <a href="SQLITE_README.html">AUXLIBS_SQLITE</a>, respectively. </td> </tr>
a non-default optimization level. The default is -O. Specify OPT=
to turn off optimization. </td> </tr>
-<tr> <td colspan="2"> SHLIB_VERSION=version </td> <td> Specifies a
-non-default Postfix shared-library version number. The default is
-to use the Postfix version: X.Y.Z for stable releases, X.Y-DATE for
-snapshot releases, X.Y-DATE-nonprod for non-production releases.
-</td> </tr>
-
<tr> <td colspan="2"> WARN="warning_flags..." </td> <td> Specifies
non-default <tt>gcc</tt> compiler warning options for use when
"<tt>make</tt>" is invoked in a source subdirectory only. </td>
does not exist, use interactive installation ("make install")
instead. </p>
+<li> <p> If you specify name=value arguments on the "make install"
+or "make upgrade" command line, then these will take precedence
+over compiled-in default settings or <a href="postconf.5.html">main.cf</a> settings. </p>
+
+<p> The command "make install/upgrade name=value ..." will replace
+the string MAIL_VERSION in a configuration parameter value with the
+Postfix release version. Do not try to specify something like
+$<a href="postconf.5.html#mail_version">mail_version</a> on this command line. This produces inconsistent
+results with different versions of the make(1) command. </p>
+
</ul>
<h3>6.4 - Configure Postfix</h3>
script directly (<tt>% <b>sh post-install -non-interactive
install_root...</b></tt>). </p>
+<p> With Postfix 2.12 and later, the command "make package name=value
+..." will replace the string MAIL_VERSION in a configuration parameter
+value with the Postfix release version. Do not try to specify
+something like $<a href="postconf.5.html#mail_version">mail_version</a> on this command line. This produces
+inconsistent results with different versions of the make(1) command.
+</p>
+
<h2>Begin Security Alert</h2>
<p> <b> When building an archive for distribution, be sure to
<p> This feature is available in Postfix 2.3 and later. </p>
+</DD>
+
+<DT><b><a name="meta_directory">meta_directory</a>
+(default: see 'postconf -d' output)</b></DT><DD>
+
+<p> The location of non-executable files that are shared among
+multiple Postfix instances, such as postfix-files, dynamicmaps.cf,
+and the multi-instance template files <a href="postconf.5.html">main.cf</a>.proto and <a href="master.5.html">master.cf</a>.proto.
+This directory should contain only Postfix-related files. Typically,
+the <a href="postconf.5.html#meta_directory">meta_directory</a> parameter has the same default as the <a href="postconf.5.html#config_directory">config_directory</a>
+parameter (/etc/postfix or /usr/local/etc/postfix). </p>
+
+<p> For backwards compatibility with Postfix versions 2.6..2.11,
+specify "<a href="postconf.5.html#meta_directory">meta_directory</a> = $<a href="postconf.5.html#daemon_directory">daemon_directory</a>" in <a href="postconf.5.html">main.cf</a> before
+installing or upgrading Postfix, or specify "<a href="postconf.5.html#meta_directory">meta_directory</a> =
+/path/name" on the "make makefiles", "make install" or "make upgrade"
+command line. </p>
+
+<p> This feature is available in Postfix 2.12 and later. </p>
+
+
</DD>
<DT><b><a name="milter_command_timeout">milter_command_timeout</a>
<p> This feature is available in Postfix 2.3 and later. </p>
-</DD>
-
-<DT><b><a name="plugin_directory">plugin_directory</a>
-(default: see 'postconf -d' output)</b></DT><DD>
-
-<p> The location of the Postfix dynamicmaps.cf database plugin
-configuration file, and of database plugins with a relative pathname.
-This is set to "no" when Postfix database plugin support is disabled
-at compile time. </p>
-
-<p> This feature is available in Postfix 2.12 and later. </p>
-
-
</DD>
<DT><b><a name="postmulti_control_commands">postmulti_control_commands</a>
<DT><b><a name="shlib_directory">shlib_directory</a>
(default: see 'postconf -d' output)</b></DT><DD>
-<p> The location of Postfix shared libraries (libpostfix-*.so.*).
-This parameter defaults to "no" when Postfix shared libraries are
-disabled at compile time. </p>
+<p> The location of Postfix shared libraries (libpostfix-*.so),
+and the default location of Postfix database plugins (libpostfix-*.so)
+that have a relative pathname in the dynamicmaps.cf file. The
+<a href="postconf.5.html#shlib_directory">shlib_directory</a> parameter defaults to "no" when Postfix shared
+libraries and database plugins are disabled at compile time, otherwise
+it typically defaults to /usr/lib/postfix or /usr/local/lib/postfix.
+</p>
-<p> NOTE: You can change the location of these files after Postfix
-is built. However, you may have to run ldconfig if you move the
-libpostfix-*.so.* files to a non-system directory. No ldconfig is
-needed if you keep the libpostfix-*.so.* files in the compiled-in
-default $<a href="postconf.5.html#shlib_directory">shlib_directory</a> location. </p>
+<p> Notes: </p>
+
+<ul>
+
+<li> <p> The directory specified with <a href="postconf.5.html#shlib_directory">shlib_directory</a> should contain
+only Postfix-related files. Postfix shared libraries and database
+plugins should not be installed in a "public" system directory such
+as /usr/lib or /usr/local/lib. Linking Postfix shared-library files
+or database plugins into non-Postfix programs is not supported.
+Postfix shared libraries and database plugins implement a
+Postfix-internal API that changes without maintaining compatibility.
+</p>
+
+<li> <p> You can change the <a href="postconf.5.html#shlib_directory">shlib_directory</a> value after Postfix is
+built. However, you may have to run ldconfig or equivalent to prevent
+Postfix programs from failing because the libpostfix-*.so files are
+not found. No ldconfig command is needed if you keep the libpostfix-*.so
+files in the compiled-in default $<a href="postconf.5.html#shlib_directory">shlib_directory</a> location. </p>
+
+</ul>
<p> This feature is available in Postfix 2.12 and later. </p>
parent domains, client IP address, or networks obtained by stripping
least significant octets. See the <a href="access.5.html">access(5)</a> manual page for details. </dd>
+<dt><b><a name="check_client_a_access">check_client_a_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
+
+<dd>Search the specified <a href="access.5.html">access(5)</a> database for the IP addresses for the
+client hostname, and execute the corresponding action. Note: a result
+of "OK" is not allowed for safety reasons. Instead, use DUNNO in order
+to exclude specific hosts from blacklists. This feature is available
+in Postfix 2.12 and later. </dd>
+
<dt><b><a name="check_client_mx_access">check_client_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
<dd>Search the specified <a href="access.5.html">access(5)</a> database for the MX hosts for the
hosts from blacklists. This feature is available in Postfix 2.6
and later.</dd>
+<dt><b><a name="check_reverse_client_hostname_a_access">check_reverse_client_hostname_a_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
+
+<dd>Search the specified <a href="access.5.html">access(5)</a> database for the IP addresses for the
+unverified reverse client hostname, and execute the corresponding
+action. Note: a result of "OK" is not allowed for safety reasons.
+Instead, use DUNNO in order to exclude specific hosts from blacklists.
+This feature is available in Postfix 2.12 and later. </dd>
+
<dt><b><a name="check_reverse_client_hostname_mx_access">check_reverse_client_hostname_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
<dd>Search the specified <a href="access.5.html">access(5)</a> database for the MX hosts for the
restriction (without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a client can
simply skip <a href="postconf.5.html#check_helo_access">check_helo_access</a> by not sending HELO or EHLO). </dd>
+<dt><b><a name="check_helo_a_access">check_helo_a_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
+
+<dd>Search the specified <a href="access.5.html">access(5)</a> database for the IP addresses for
+the HELO or EHLO hostname, and execute the corresponding action.
+Note 1: a result of "OK" is not allowed for safety reasons. Instead,
+use DUNNO in order to exclude specific hosts from blacklists. Note
+2: specify "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully enforce this
+restriction (without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a client can
+simply skip check_helo_a_access by not sending HELO or EHLO). This
+feature is available in Postfix 2.12 and later.
+</dd>
+
<dt><b><a name="check_helo_mx_access">check_helo_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
<dd>Search the specified <a href="access.5.html">access(5)</a> database for the MX hosts for
TO address, domain, parent domains, or localpart@, and execute the
corresponding action. </dd>
+<dt><b><a name="check_recipient_a_access">check_recipient_a_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
+
+<dd>Search the specified <a href="access.5.html">access(5)</a> database for the IP addresses for
+the RCPT TO domain, and execute the corresponding action. Note:
+a result of "OK" is not allowed for safety reasons. Instead, use
+DUNNO in order to exclude specific hosts from blacklists. This
+feature is available in Postfix 2.12 and later. </dd>
+
<dt><b><a name="check_recipient_mx_access">check_recipient_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
<dd>Search the specified <a href="access.5.html">access(5)</a> database for the MX hosts for
address, domain, parent domains, or localpart@, and execute the
corresponding action. </dd>
+<dt><b><a name="check_sender_a_access">check_sender_a_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
+
+<dd>Search the specified <a href="access.5.html">access(5)</a> database for the IP addresses for
+the MAIL FROM domain, and execute the corresponding action. Note:
+a result of "OK" is not allowed for safety reasons. Instead, use
+DUNNO in order to exclude specific hosts from blacklists. This
+feature is available in Postfix 2.12 and later. </dd>
+
<dt><b><a name="check_sender_mx_access">check_sender_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
<dd>Search the specified <a href="access.5.html">access(5)</a> database for the MX hosts for
-the MAIL FROM address, and execute the corresponding action. Note:
+the MAIL FROM domain, and execute the corresponding action. Note:
a result of "OK" is not allowed for safety reasons. Instead, use
DUNNO in order to exclude specific hosts from blacklists. This
feature is available in Postfix 2.1 and later. </dd>
<dt><b><a name="check_sender_ns_access">check_sender_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
<dd>Search the specified <a href="access.5.html">access(5)</a> database for the DNS servers
-for the MAIL FROM address, and execute the corresponding action.
+for the MAIL FROM domain, and execute the corresponding action.
Note: a result of "OK" is not allowed for safety reasons. Instead,
use DUNNO in order to exclude specific hosts from blacklists. This
feature is available in Postfix 2.1 and later. </dd>
Available in Postfix version 2.12 and later:
- <b><a href="postconf.5.html#plugin_directory">plugin_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix dynamicmaps.cf database plugin con-
- figuration file, and of database plugins with a relative path-
- name.
+ <b><a href="postconf.5.html#meta_directory">meta_directory</a> (see 'postconf -d' output)</b>
+ The location of non-executable files that are shared among mul-
+ tiple Postfix instances, such as postfix-files, dynamicmaps.cf,
+ and the multi-instance template files <a href="postconf.5.html">main.cf</a>.proto and <a href="master.5.html">mas-
+ ter.cf</a>.proto.
<b><a href="postconf.5.html#shlib_directory">shlib_directory</a> (see 'postconf -d' output)</b>
- The location of Postfix shared libraries (libpostfix-*.so.*).
+ The location of Postfix shared libraries (libpostfix-*.so.*),
+ and of Postfix database plugins that have a relative pathname in
+ the dynamicmaps.cf file.
Other configuration parameters:
<b><a href="postconf.5.html#import_environment">import_environment</a> (see 'postconf -d' output)</b>
- The list of environment parameters that a Postfix process will
+ The list of environment parameters that a Postfix process will
import from a non-Postfix parent process.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- The mail system name that is prepended to the process name in
- syslog records, so that "smtpd" becomes, for example, "post-
+ The mail system name that is prepended to the process name in
+ syslog records, so that "smtpd" becomes, for example, "post-
fix/smtpd".
Available in Postfix version 2.6 and later:
<b><a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> (empty)</b>
- An optional list of non-default Postfix configuration directo-
- ries; these directories belong to additional Postfix instances
- that share the Postfix executable files and documentation with
- the default Postfix instance, and that are started, stopped,
+ An optional list of non-default Postfix configuration directo-
+ ries; these directories belong to additional Postfix instances
+ that share the Postfix executable files and documentation with
+ the default Postfix instance, and that are started, stopped,
etc., together with the default Postfix instance.
<b><a href="postconf.5.html#multi_instance_wrapper">multi_instance_wrapper</a> (empty)</b>
- The
pathname of a multi-instance manager command that the <a href="postfix.1.html"><b>post-</b></a>
- <a href="postfix.1.html"><b>fix</b>(1)</a>
command invokes when the <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a>
+ The
pathname of a multi-instance manager command that the <a href="postfix.1.html"><b>post-</b></a>
+ <a href="postfix.1.html"><b>fix</b>(1)</a>
command invokes when the <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a>
parameter value is non-empty.
<b><a href="postconf.5.html#multi_instance_group">multi_instance_group</a> (empty)</b>
The optional instance name of this Postfix instance.
<b><a href="postconf.5.html#multi_instance_enable">multi_instance_enable</a> (no)</b>
- Allow this Postfix instance to be started, stopped, etc., by a
+ Allow this Postfix instance to be started, stopped, etc., by a
multi-instance manager.
<b>FILES</b>
- Prior
to Postfix version 2.6, all of the following files were in <b>$<a href="postconf.5.html#config_directory">con</a>-</b>
+ Prior
to Postfix version 2.6, all of the following files were in <b>$<a href="postconf.5.html#config_directory">con</a>-</b>
<b><a href="postconf.5.html#config_directory">fig_directory</a></b>. Some files are now in <b>$<a href="postconf.5.html#daemon_directory">daemon_directory</a></b> so that they can
be shared among multiple instances that run the same Postfix version.
- Use
the command "<b>postconf <a href="postconf.5.html#config_directory">config_directory</a></b>" or "<b>postconf <a href="postconf.5.html#daemon_directory">daemon_direc</a>-</b>
+ Use
the command "<b>postconf <a href="postconf.5.html#config_directory">config_directory</a></b>" or "<b>postconf <a href="postconf.5.html#daemon_directory">daemon_direc</a>-</b>
<b><a href="postconf.5.html#daemon_directory">tory</a></b>" to expand the names into their actual values.
$<a href="postconf.5.html#config_directory">config_directory</a>/<a href="postconf.5.html">main.cf</a>, Postfix configuration parameters
syslog records, so that "smtpd" becomes, for example, "post-
fix/smtpd".
+ Available in Postfix 2.12 and later:
+
+ <b><a href="postconf.5.html#meta_directory">meta_directory</a> (see 'postconf -d' output)</b>
+ The location of non-executable files that are shared among mul-
+ tiple Postfix instances, such as postfix-files, dynamicmaps.cf,
+ and the multi-instance template files <a href="postconf.5.html">main.cf</a>.proto and <a href="master.5.html">mas-
+ ter.cf</a>.proto.
+
+ <b><a href="postconf.5.html#shlib_directory">shlib_directory</a> (see 'postconf -d' output)</b>
+ The location of Postfix shared libraries (libpostfix-*.so.*),
+ and of Postfix database plugins that have a relative pathname in
+ the dynamicmaps.cf file.
+
<b>FILES</b>
- $<a href="postconf.5.html#daemon_directory">daemon_directory</a>/<a href="postconf.5.html">main.cf</a>, stock configuration file
- $<a href="postconf.5.html#daemon_directory">daemon_directory</a>/<a href="master.5.html">master.cf</a>, stock configuration file
+ $<a href="postconf.5.html#meta_directory">meta_directory</a>/<a href="postconf.5.html">main.cf</a>.proto, stock configuration file
+ $<a href="postconf.5.html#meta_directory">meta_directory</a>/<a href="master.5.html">master.cf</a>.proto, stock configuration file
$<a href="postconf.5.html#daemon_directory">daemon_directory</a>/postmulti-script, life-cycle helper program
<b>SEE ALSO</b>
# environment variables (or as name=value pairs on the "make"
# command line). Use quotes if variables contain whitespace
# or shell meta characters.
+#
+# The "make makefiles name=value..." command will replace the
+# string MAIL_VERSION in a parameter value with the Postfix
+# release version. Do not try to specify something like
+# $mail_version on this command line. This produces inconsistent
+# results with different versions of the make(1) command.
# .IP \fBAUXLIBS=\fIobject_library...\fR
# Specifies one or more non-default object libraries. Postfix
# 2,12 and later specify some of their database library
# .IP \fBdynamicmaps=yes\fR
# .IP \fBdynamicmaps=no\fR
# Enable (disable) Postfix builds with the configuration file
-# $plugin_directory/dynamicmaps.cf and dynamically-loadable
+# $meta_directory/dynamicmaps.cf and dynamically-loadable
# database plugins typically named postfix-*.so.*. The setting
# "dynamicmaps=yes" implicitly enables Postfix shared libraries.
#
#
# command_directory config_directory daemon_directory
# data_directory default_database_type html_directory
-# mailq_path manpage_directory newaliases_path plugin_directory
+# mailq_path manpage_directory meta_directory newaliases_path
# queue_directory readme_directory sendmail_path shlib_directory
#
# See the postconf(5) manpage for a description of these
# parameters.
#
# This feature was introduced with Postfix 2.12.
-# .IP \fBSHLIB_VERSION=\fIversion\fR
-# Specifies a non-default shared-library version for Postfix
-# libraries and database plugins. By default, the version
-# equals the default value for the $mail_version parameter.
-#
-# This feature was introduced with Postfix 2.12.
# .IP \fBWARN=\fIwarning_flags\fR
# Specifies non-default gcc compiler warning options for use when
# "make" is invoked in a source subdirectory only.
# Workaround: prepend Postfix include files before other include files.
CCARGS="-I. -I../../include $CCARGS"
+# Portability and usability considerations.
+#
+# In an ideal world we would be able to provide the option to say
+# "make makefiles shlib_directory=/some/where/'$mail_version'". This
+# would allow a running system to be upggraded without worries about
+# tempororary program-library ABI incompatibilities (the Postfix
+# library API changes incompatibly from one version to the next).
+#
+# Unfortunately, gmake performs macro expansion on values in name=value
+# command-line arguments. In the specific example above, gmake would
+# eat up the "$" and "m" before it even invokes makedefs, and it
+# ould replace "'${mail_version}'" and "'$(mail_version)'" with
+# nothing.
+#
+# We could work around this by documenting that $$ must be used (and
+# fix $$ in the case that people use traditional make). But this
+# would be non-intuitive and bad from a usability point of view.
+#
+# We could work around this by documenting that people must pass
+# name=value via the environment instead of the command line, as in
+# "shlib_directory=/some/where/'$mail_version' make makefiles", or
+# that they issue "export" or "setenv" commands depending on their
+# interactive shell. That would be non-intuitive and bad usability.
+#
+# Even if we did any of the above, we would not want to pass the
+# unexpanded $mail_version via CCARGS, because that requires extra
+# quoting with `echo "$parm_val" | sed 's/[$]/\\\\$$/'` which is
+# just too ugly to be portable.
+#
+# The upshot of all this is that we will expand MAIL_VERSION in the
+# "make makefiles parameter=value" command line, and that we pass
+# the expanded text via CCARGS. This is clumsier but cleaner.
+
+# Helper function to determine DEF_MAIL_VERSION.
+
+def_mail_version()
+{
+ trap 'rm -f makedefs.test makedefs.test.[co]' 1 2 3 15
+ cat > makedefs.test.c <<'EOF'
+#include <stdlib.h>
+#include <stdio.h>
+EOF
+ # Avoid "nested comment" warnings. Top-of-file comments start in
+ # column 1 and have no code after "*/", not even in header files.
+ # If this is insufficient, kill the problem with #ifndef MAKEDEFS.
+ sed '/^\/\*/,/\*\//d' src/global/mail_version.h >>makedefs.test.c
+ cat >>makedefs.test.c <<EOF
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+int main(void)
+{
+ printf("%s\n", DEF_MAIL_VERSION);
+ fflush(stdout);
+ exit(ferror(stdout) ? 1 : 0);
+}
+EOF
+ eval ${CC-gcc} ${CCARGS} -o makedefs.test makedefs.test.c || exit 1
+ ./makedefs.test || exit 1
+ rm -f makedefs.test makedefs.test.[co]
+}
+
+# Helper function to expand MAIL_VERSION in command-line value.
+
+expand_MAIL_VERSION()
+{
+ case "$mail_version" in
+ "") mail_version=`def_mail_version` || exit 1
+ esac
+ echo "$1" | sed "s/MAIL_VERSION/$mail_version/g"
+}
+
+
+# Helper function to expand $mail_version in parameter value.
+
+expand_mail_version()
+{
+ case "$mail_version" in
+ "") mail_version=`def_mail_version` || exit 1
+ esac
+ echo "$1" | sed "
+ s/\$[{(]mail_version[)}]/$mail_version/g
+ s/\$mail_version/$mail_version/g
+ "
+}
# Optionally override installation-parameter default settings.
command_directory_macro=DEF_COMMAND_DIR
daemon_directory_macro=DEF_DAEMON_DIR
data_directory_macro=DEF_DATA_DIR
mailq_path_macro=DEF_MAILQ_PATH
+meta_directory_macro=DEF_META_DIR
newaliases_path_macro=DEF_NEWALIAS_PATH
-plugin_directory_macro=DEF_PLUGIN_DIR
queue_directory_macro=DEF_QUEUE_DIR
sendmail_path_macro=DEF_SENDMAIL_PATH
shlib_directory_macro=DEF_SHLIB_DIR
-# shlib_directory and plugin_directory are checked here because "no"
-# is not a good answer. Instead, build with "dynamicmaps=no" or
-# "shared=no" as appropriate.
+# shlib_directory is checked here because "no" is not a good answer.
+# Instead, build with "dynamicmaps=no" and "shared=no" as appropriate.
for parm_name in command_directory config_directory daemon_directory \
- data_directory mailq_path newaliases_path plugin_directory \
+ data_directory mailq_path meta_directory newaliases_path \
queue_directory sendmail_path shlib_directory
do
eval parm_val=\"\$$parm_name\"
eval parm_macro=\"\$${parm_name}_macro\"
case "$parm_val" in
"") ;;
- /*) CCARGS="$CCARGS -D$parm_macro=\\\"$parm_val\\\"";;
+ /*) case "$parm_val" in
+ *MAIL_VERSION*)
+ parm_val=`expand_MAIL_VERSION "$parm_val"` || exit 1
+ eval ${parm_name}=\""\$parm_val"\";;
+ esac
+ CCARGS="$CCARGS -D$parm_macro=\\\"$parm_val\\\"";;
*) error "$parm_name must specify an absolute path name";;
esac
done
eval parm_macro=\"\$${parm_name}_macro\"
case "$parm_val" in
"") ;;
- /*|no) CCARGS="$CCARGS -D$parm_macro=\\\"$parm_val\\\"";;
+ /*|no) case "$parm_val" in
+ *MAIL_VERSION*)
+ parm_val=`expand_MAIL_VERSION "$parm_val"` || exit 1
+ eval ${parm_name}=\""\$parm_val"\";;
+ esac
+ CCARGS="$CCARGS -D$parm_macro=\\\"$parm_val\\\"";;
*) error "$parm_name must specify \"no\" or an absolute path name";;
esac
done
eval parm_macro=\"\$${parm_name}_macro\"
case "$parm_val" in
"") ;;
- *) CCARGS="$CCARGS -D$parm_macro=\\\"$parm_val\\\"";;
+ *) case "$parm_val" in
+ *MAIL_VERSION*)
+ parm_val=`expand_MAIL_VERSION "$parm_val"` || exit 1
+ eval ${parm_name}=\""\$parm_val"\";;
+ esac
+ CCARGS="$CCARGS -D$parm_macro=\\\"$parm_val\\\"";;
esac
done
PLUGIN_MAP_SO_MAKE=
PLUGIN_MAP_SO_UPDATE=
PLUGIN_LD=
- plugin_directory=no
- CCARGS="$CCARGS -UUSE_DYNAMIC_MAPS -DDEF_PLUGIN_DIR=\\\"no\\\""
+ CCARGS="$CCARGS -UUSE_DYNAMIC_MAPS"
;;
esac
# Determine the shared-library and plugin installation directory.
- for parm_name in shlib_directory plugin_directory
- do
- eval parm_val=\"\$$parm_name\"
- eval parm_macro=\"\$${parm_name}_macro\"
- case "$parm_val" in
- /*|no) # CCARGS was already updated above.
- ;;
- "") trap 'rm -f makedefs.test makedefs.test.[co]' 1 2 3 15
- sed -n '
- /_SHLIB_DIR/,/^$/p
- /_PLUGIN_DIR/,/^$/p
- ' src/global/mail_params.h >makedefs.test.c
- cat >>makedefs.test.c <<EOF
+ # The shlib_directory parameter is special. If the DEF_SHLIB_DIR
+ # C-language constant ends in "$mail_version" then the custom
+ # code below expands this by peeking at the DEF_MAIL_VERSION
+ # C-language constant.
+ #
+ parm_name=shlib_directory
+ eval parm_val=\"\$$parm_name\"
+ eval parm_macro=\"\$${parm_name}_macro\"
+ case "$parm_val" in
+ /*|no) # CCARGS was already updated above.
+ ;;
+ "") trap 'rm -f makedefs.test makedefs.test.[co]' 1 2 3 15
+ sed -n '
+ /_SHLIB_DIR/,/^$/p
+ ' src/global/mail_params.h >makedefs.test.c
+ cat >>makedefs.test.c <<EOF
#include <stdlib.h>
#include <stdio.h>
int main(void)
exit(ferror(stdout) ? 1 : 0);
}
EOF
- eval ${CC-gcc} ${CCARGS} -o makedefs.test makedefs.test.c || exit 1
- eval $parm_name=`./makedefs.test` || exit 1
- rm -f makedefs.test makedefs.test.[co]
- ;;
- *) # this parameter was already checked above.
- error "Can't happen in $0 - $parm_val is not an absolute path"
- ;;
+ eval ${CC-gcc} ${CCARGS} -o makedefs.test makedefs.test.c || exit 1
+ parm_val=`./makedefs.test` || exit 1
+ rm -f makedefs.test makedefs.test.[co]
+ case $parm_val in
+ *'$'mail_version*|*'$'{mail_version}*|'$('mail_version')'*)
+ parm_val=`expand_mail_version "$parm_val"` || exit 1
+ eval ${parm_name}=\""\$parm_val"\"
esac
- done
+ CCARGS="$CCARGS -D$parm_macro=\\\"$parm_val\\\""
+ ;;
+ *) # this parameter was already checked above.
+ error "Can't happen in $0 - $parm_val is not an absolute path"
+ ;;
+ esac
- # Determine the shared-library version.
- test -z "$SHLIB_VERSION" && {
- trap 'rm -f makedefs.test makedefs.test.[co]' 1 2 3 15
- (cat <<'EOF'
-#include <stdlib.h>
-#include <stdio.h>
-EOF
- # Avoid "nested comment" warnings. Top-of-file comments start in
- # column 1 and have no code after "*/", not even in header files.
- # If this is insufficient, kill the problem with #ifndef MAKEDEFS.
- sed '/^\/\*/,/\*\//d' src/global/mail_version.h
- cat <<'EOF'
-int main(void)
-{
- printf("%s\n", DEF_MAIL_VERSION);
- fflush(stdout);
- exit(ferror(stdout) ? 1 : 0);
-}
-EOF
- ) >makedefs.test.c
- eval ${CC-gcc} -DMAKEDEFS ${CCARGS} -o makedefs.test makedefs.test.c || exit 1
- SHLIB_VERSION=`./makedefs.test` || exit 1
- rm -f makedefs.test makedefs.test.[co]
- }
LIB_PREFIX=postfix-
- LIB_SUFFIX=${SHLIB_SUFFIX}.${SHLIB_VERSION}
- CCARGS="$CCARGS -DSHLIB_VERSION=\\\"$SHLIB_VERSION\\\""
+ LIB_SUFFIX=${SHLIB_SUFFIX}
;;
no|"")
shlib_directory=no
- plugin_directory=no
CCARGS="$CCARGS -UUSE_DYNAMIC_LIBS -DDEF_SHLIB_DIR=\\\"no\\\""
- CCARGS="$CCARGS -UUSE_DYNAMIC_MAPS -DDEF_PLUGIN_DIR=\\\"no\\\""
+ CCARGS="$CCARGS -UUSE_DYNAMIC_MAPS"
SHLIB_CFLAGS=
SHLIB_SUFFIX=
SHLIB_LD=:
SHLIB_RPATH=
SHLIB_ENV=
- SHLIB_VERSION=
LIB_PREFIX=
LIB_SUFFIX=.a
NON_PLUGIN_MAP_OBJ='$(MAP_OBJ)'
PLUGGABLE_MAPS="CDB LDAP LMDB MYSQL PCRE PGSQL SDBM SQLITE"
-case "$plugin_directory" in
-/*) for name in $PLUGGABLE_MAPS
- do
- eval test -n "\"\$AUXLIBS_$name\"" &&
- eval PLUGIN_AUXLIBS="\"\$PLUGIN_AUXLIBS
+case "$dynamicmaps" in
+yes) for name in $PLUGGABLE_MAPS
+ do
+ eval test -n "\"\$AUXLIBS_$name\"" &&
+ eval PLUGIN_AUXLIBS="\"\$PLUGIN_AUXLIBS
AUXLIBS_$name = \$AUXLIBS_$name\""
- done;;
- *) for name in $PLUGGABLE_MAPS
- do
- eval AUXLIBS="\"\$AUXLIBS \$AUXLIBS_$name\""
- done;;
+ done;;
+ *) for name in $PLUGGABLE_MAPS
+ do
+ eval AUXLIBS="\"\$AUXLIBS \$AUXLIBS_$name\""
+ done;;
esac
sed 's/ */ /g' <<EOF
SHLIB_ENV = $SHLIB_ENV
SHLIB_LD = $SHLIB_LD
SHLIB_RPATH = $SHLIB_RPATH
-SHLIB_VERSION = $SHLIB_VERSION
# Switch between dynamicmaps.cf plugins and hard-linked databases.
-PLUGIN_DIR = $plugin_directory
NON_PLUGIN_MAP_OBJ = $NON_PLUGIN_MAP_OBJ
PLUGIN_MAP_OBJ = $PLUGIN_MAP_OBJ
PLUGIN_MAP_OBJ_UPDATE = $PLUGIN_MAP_OBJ_UPDATE
caches, pseudo-random numbers).
.PP
Available in Postfix version 2.12 and later:
-.IP "\fBplugin_directory (see 'postconf -d' output)\fR"
-The location of the Postfix dynamicmaps.cf database plugin
-configuration file, and of database plugins with a relative pathname.
+.IP "\fBmeta_directory (see 'postconf -d' output)\fR"
+The location of non-executable files that are shared among
+multiple Postfix instances, such as postfix-files, dynamicmaps.cf,
+and the multi-instance template files main.cf.proto and master.cf.proto.
.IP "\fBshlib_directory (see 'postconf -d' output)\fR"
-The location of Postfix shared libraries (libpostfix-*.so.*).
+The location of Postfix shared libraries (libpostfix-*.so.*),
+and of Postfix database plugins that have a relative pathname in
+the dynamicmaps.cf file.
.PP
Other configuration parameters:
.IP "\fBimport_environment (see 'postconf -d' output)\fR"
.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
The mail system name that is prepended to the process name in syslog
records, so that "smtpd" becomes, for example, "postfix/smtpd".
+.PP
+Available in Postfix 2.12 and later:
+.IP "\fBmeta_directory (see 'postconf -d' output)\fR"
+The location of non-executable files that are shared among
+multiple Postfix instances, such as postfix-files, dynamicmaps.cf,
+and the multi-instance template files main.cf.proto and master.cf.proto.
+.IP "\fBshlib_directory (see 'postconf -d' output)\fR"
+The location of Postfix shared libraries (libpostfix-*.so.*),
+and of Postfix database plugins that have a relative pathname in
+the dynamicmaps.cf file.
.SH "FILES"
.na
.nf
-$daemon_directory/main.cf, stock configuration file
-$daemon_directory/master.cf, stock configuration file
+$meta_directory/main.cf.proto, stock configuration file
+$meta_directory/master.cf.proto, stock configuration file
$daemon_directory/postmulti-script, life-cycle helper program
.SH "SEE ALSO"
.na
.ft R
.PP
This feature is available in Postfix 2.3 and later.
+.SH meta_directory (default: see 'postconf -d' output)
+The location of non-executable files that are shared among
+multiple Postfix instances, such as postfix-files, dynamicmaps.cf,
+and the multi-instance template files main.cf.proto and master.cf.proto.
+This directory should contain only Postfix-related files. Typically,
+the meta_directory parameter has the same default as the config_directory
+parameter (/etc/postfix or /usr/local/etc/postfix).
+.PP
+For backwards compatibility with Postfix versions 2.6..2.11,
+specify "meta_directory = $daemon_directory" in main.cf before
+installing or upgrading Postfix, or specify "meta_directory =
+/path/name" on the "make makefiles", "make install" or "make upgrade"
+command line.
+.PP
+This feature is available in Postfix 2.12 and later.
.SH milter_command_timeout (default: 30s)
The time limit for sending an SMTP command to a Milter (mail
filter) application, and for receiving the response.
is rejected by the \fBreject_plaintext_session\fR restriction.
.PP
This feature is available in Postfix 2.3 and later.
-.SH plugin_directory (default: see 'postconf -d' output)
-The location of the Postfix dynamicmaps.cf database plugin
-configuration file, and of database plugins with a relative pathname.
-This is set to "no" when Postfix database plugin support is disabled
-at compile time.
-.PP
-This feature is available in Postfix 2.12 and later.
.SH postmulti_control_commands (default: reload flush)
The \fBpostfix\fR(1) commands that the \fBpostmulti\fR(1) instance manager
treats as "control" commands, that operate on running instances. For
to re-run "\fBpostfix set-permissions\fR" (with Postfix version 2.0 and
earlier: "\fB/etc/postfix/post-install set-permissions\fR".
.SH shlib_directory (default: see 'postconf -d' output)
-The location of Postfix shared libraries (libpostfix-*.so.*).
-This parameter defaults to "no" when Postfix shared libraries are
-disabled at compile time.
+The location of Postfix shared libraries (libpostfix-*.so),
+and the default location of Postfix database plugins (libpostfix-*.so)
+that have a relative pathname in the dynamicmaps.cf file. The
+shlib_directory parameter defaults to "no" when Postfix shared
+libraries and database plugins are disabled at compile time, otherwise
+it typically defaults to /usr/lib/postfix or /usr/local/lib/postfix.
.PP
-NOTE: You can change the location of these files after Postfix
-is built. However, you may have to run ldconfig if you move the
-libpostfix-*.so.* files to a non-system directory. No ldconfig is
-needed if you keep the libpostfix-*.so.* files in the compiled-in
-default $shlib_directory location.
+Notes:
+.IP \(bu
+The directory specified with shlib_directory should contain
+only Postfix-related files. Postfix shared libraries and database
+plugins should not be installed in a "public" system directory such
+as /usr/lib or /usr/local/lib. Linking Postfix shared-library files
+or database plugins into non-Postfix programs is not supported.
+Postfix shared libraries and database plugins implement a
+Postfix-internal API that changes without maintaining compatibility.
+.IP \(bu
+You can change the shlib_directory value after Postfix is
+built. However, you may have to run ldconfig or equivalent to prevent
+Postfix programs from failing because the libpostfix-*.so files are
+not found. No ldconfig command is needed if you keep the libpostfix-*.so
+files in the compiled-in default $shlib_directory location.
+.br
.PP
This feature is available in Postfix 2.12 and later.
.SH show_user_unknown_table_name (default: yes)
parent domains, client IP address, or networks obtained by stripping
least significant octets. See the \fBaccess\fR(5) manual page for details.
.br
+.IP "\fBcheck_client_a_access \fItype:table\fR\fR"
+Search the specified \fBaccess\fR(5) database for the IP addresses for the
+client hostname, and execute the corresponding action. Note: a result
+of "OK" is not allowed for safety reasons. Instead, use DUNNO in order
+to exclude specific hosts from blacklists. This feature is available
+in Postfix 2.12 and later.
+.br
.IP "\fBcheck_client_mx_access \fItype:table\fR\fR"
Search the specified \fBaccess\fR(5) database for the MX hosts for the
client hostname, and execute the corresponding action. Note: a result
hosts from blacklists. This feature is available in Postfix 2.6
and later.
.br
+.IP "\fBcheck_reverse_client_hostname_a_access \fItype:table\fR\fR"
+Search the specified \fBaccess\fR(5) database for the IP addresses for the
+unverified reverse client hostname, and execute the corresponding
+action. Note: a result of "OK" is not allowed for safety reasons.
+Instead, use DUNNO in order to exclude specific hosts from blacklists.
+This feature is available in Postfix 2.12 and later.
+.br
.IP "\fBcheck_reverse_client_hostname_mx_access \fItype:table\fR\fR"
Search the specified \fBaccess\fR(5) database for the MX hosts for the
unverified reverse client hostname, and execute the corresponding
restriction (without "smtpd_helo_required = yes", a client can
simply skip check_helo_access by not sending HELO or EHLO).
.br
+.IP "\fBcheck_helo_a_access \fItype:table\fR\fR"
+Search the specified \fBaccess\fR(5) database for the IP addresses for
+the HELO or EHLO hostname, and execute the corresponding action.
+Note 1: a result of "OK" is not allowed for safety reasons. Instead,
+use DUNNO in order to exclude specific hosts from blacklists. Note
+2: specify "smtpd_helo_required = yes" to fully enforce this
+restriction (without "smtpd_helo_required = yes", a client can
+simply skip check_helo_a_access by not sending HELO or EHLO). This
+feature is available in Postfix 2.12 and later.
+.br
.IP "\fBcheck_helo_mx_access \fItype:table\fR\fR"
Search the specified \fBaccess\fR(5) database for the MX hosts for
the HELO or EHLO hostname, and execute the corresponding action.
TO address, domain, parent domains, or localpart@, and execute the
corresponding action.
.br
+.IP "\fBcheck_recipient_a_access \fItype:table\fR\fR"
+Search the specified \fBaccess\fR(5) database for the IP addresses for
+the RCPT TO domain, and execute the corresponding action. Note:
+a result of "OK" is not allowed for safety reasons. Instead, use
+DUNNO in order to exclude specific hosts from blacklists. This
+feature is available in Postfix 2.12 and later.
+.br
.IP "\fBcheck_recipient_mx_access \fItype:table\fR\fR"
Search the specified \fBaccess\fR(5) database for the MX hosts for
the RCPT TO domain, and execute the corresponding action. Note:
address, domain, parent domains, or localpart@, and execute the
corresponding action.
.br
+.IP "\fBcheck_sender_a_access \fItype:table\fR\fR"
+Search the specified \fBaccess\fR(5) database for the IP addresses for
+the MAIL FROM domain, and execute the corresponding action. Note:
+a result of "OK" is not allowed for safety reasons. Instead, use
+DUNNO in order to exclude specific hosts from blacklists. This
+feature is available in Postfix 2.12 and later.
+.br
.IP "\fBcheck_sender_mx_access \fItype:table\fR\fR"
Search the specified \fBaccess\fR(5) database for the MX hosts for
-the MAIL FROM address, and execute the corresponding action. Note:
+the MAIL FROM domain, and execute the corresponding action. Note:
a result of "OK" is not allowed for safety reasons. Instead, use
DUNNO in order to exclude specific hosts from blacklists. This
feature is available in Postfix 2.1 and later.
.br
.IP "\fBcheck_sender_ns_access \fItype:table\fR\fR"
Search the specified \fBaccess\fR(5) database for the DNS servers
-for the MAIL FROM address, and execute the corresponding action.
+for the MAIL FROM domain, and execute the corresponding action.
Note: a result of "OK" is not allowed for safety reasons. Instead,
use DUNNO in order to exclude specific hosts from blacklists. This
feature is available in Postfix 2.1 and later.
s;\bdefault_desti[-</Bb>]*\n* *[<Bb>]*na[-</Bb>]*\n* *[<Bb>]*tion_con[-</Bb>]*\n* *[<Bb>]*currency_failed_cohort_limit\b;<a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">$&</a>;g;
s;\bdestination_concurrency_feedback_debug\b;<a href="postconf.5.html#destination_concurrency_feedback_debug">$&</a>;g;
s;\bdefault_destina[-</Bb>]*\n* *[<Bb>]*tion_rate_delay\b;<a href="postconf.5.html#default_destination_rate_delay">$&</a>;g;
- s;\bplugin_directory\b;<a href="postconf.5.html#plugin_directory">$&</a>;g;
+ s;\bmeta_directory\b;<a href="postconf.5.html#meta_directory">$&</a>;g;
s;\bqmqpd_client_port_logging\b;<a href="postconf.5.html#qmqpd_client_port_logging">$&</a>;g;
s;\bqmqpd_error_delay\b;<a href="postconf.5.html#qmqpd_error_delay">$&</a>;g;
#!/bin/sh
-# Run a program with the new libraries, not the installed ones.
+# Run a program with the new shared libraries instead of the installed ones.
-export LD_LIBRARY_PATH
-LD_LIBRARY_PATH=`pwd`/lib
-
-"$@"
+LD_LIBRARY_PATH=`pwd`/lib exec "$@"
# parameter settings. These settings have the highest precedence.
# .IP "command line"
# Parameter settings can be given as name=value arguments on
-# the postfix-install command line.
+# the postfix-install command line. This mode will replace
+# the string MAIL_VERSION in a configuration parameter value
+# with the Postfix release version (Postfix 2.12 and later).
# .IP "process environment"
# Parameter settings can be given as name=value environment
-# variables. Environment parameters can also be specified on the
-# make(1) command line as "make install name=value ...".
+# variables. Environment parameters can also be specified on
+# the make(1) command line as "make install name=value ...".
+# This mode will replace the string MAIL_VERSION in a
+# configuration parameter value with the Postfix release
+# version (Postfix 2.12 and later).
# .IP "installed configuration files"
# If a parameter is not specified via the command line or via the
# process environment, postfix-install will attempt to extract its
# The final destination directory for the Postfix sample configuration
# files. This parameter is obsolete as of Postfix version 2.1.
# This parameter setting is recorded in the installed main.cf file.
-# .IP plugin_directory
-# The final destination directory for the Postfix dynamicmaps.cf
-# database plugin configuration file, and files referenced by
-# that file. This is "no" when dynamic linking is disabled
-# at compile time.
+# .IP meta_directory
+# The final destination directory for non-executable files
+# that are shared among multiple Postfix instances, such
+# as postfix-files, dynamicmaps.cf, as well as the multi-instance
+# template files main.cf.proto and master.cf.proto. This
+# directory should contain only Postfix-related files.
# .IP readme_directory
# The final destination directory for the Postfix README files.
# This parameter setting is recorded in the installed main.cf file.
# .IP shlib_directory
-# The final destination directory for Postfix shared-library files.
-# The built-in default value is specified at compile time.
-# If you change this at installation time, then you should specify
-# only "standard" system directories. Otherwise, additional
-# configuration will be required with ldconfig(1) or equivalent.
+# The final destination directory for Postfix shared-library
+# files, and the default directory for Postfix database plugin
+# files with a relative pathname in the file dynamicmaps.cf.
+# This directory should contain only Postfix-related files.
+# The shlib_directory parameter built-in default value is
+# specified at compile time. If you change this at installation
+# time, then additional configuration will be required with
+# ldconfig(1) or equivalent.
# SEE ALSO
# post-install(1) post-installation procedure
# FILES
# $config_directory/main.cf, Postfix installation configuration.
-# $daemon_directory/postfix-files, installation control file.
+# $meta_directory/postfix-files, installation control file.
# $config_directory/install.cf, obsolete configuration file.
# LICENSE
# .ad
exit 1
}
+CONFIG_PARAMS="command_directory daemon_directory data_directory \
+html_directory mail_owner mailq_path manpage_directory newaliases_path \
+queue_directory readme_directory sendmail_path setgid_group shlib_directory \
+meta_directory"
+
+# Expand the string MAIL_VERSION in "make install" etc. name=value
+# command-line arguments (and consequently, in environment settings),
+# for consistency with "make makefiles".
+
+for name in $CONFIG_PARAMS sample_directory install_root tempdir
+do
+ eval junk=\$$name
+ case "$junk" in
+ *MAIL_VERSION*)
+ case "$mail_version" in
+ "") mail_version="`bin/postconf -dhx mail_version`" || exit 1
+ esac
+ eval ${name}=\"`echo "$junk" | sed "s/MAIL_VERSION/$mail_version/g"`\" ||
+ exit 1;;
+ esac
+done
+
case `uname -s` in
HP-UX*) FMT=cat;;
*) FMT=fmt;;
shlib_directory_prompt="the final destination directory for Postfix
shared-library files."
-plugin_directory_prompt="the final destination directory for the
-Postfix dynamicmaps.cf configuration file and files referenced by
-that file."
+meta_directory_prompt="the final destination directory for
+non-executable files that are shared among multiple Postfix instances,
+such as postfix-files, dynamicmaps.cf, as well as the multi-instance
+template files main.cf.proto and master.cf.proto."
# Default settings, just to get started.
}
}
-CONFIG_PARAMS="command_directory daemon_directory data_directory \
-html_directory mail_owner mailq_path manpage_directory newaliases_path \
-queue_directory readme_directory sendmail_path setgid_group shlib_directory \
-plugin_directory"
-
# Extract parameter settings from the installed main.cf file.
test -f $CONFIG_DIRECTORY/main.cf && {
exit 1;;
esac
-for path in "$html_directory" "$readme_directory" "$shlib_directory" "$plugin_directory"
+for path in "$html_directory" "$readme_directory" "$shlib_directory"
do
case "$path" in
/*) ;;
done
for path in "$daemon_directory" "$data_directory" "$command_directory" "$queue_directory" \
- "$sendmail_path" "$newaliases_path" "$mailq_path" "$manpage_directory"
+ "$sendmail_path" "$newaliases_path" "$mailq_path" "$manpage_directory" \
+ "$meta_directory"
do
case "$path" in
/*) ;;
done
for path in command_directory config_directory daemon_directory data_directory \
- manpage_directory queue_directory shlib_directory plugin_directory html_directory \
- readme_directory
+ manpage_directory queue_directory shlib_directory html_directory \
+ readme_directory meta_directory
do
case "$path" in
no) ;;
MANPAGE_DIRECTORY=$install_root$manpage_directory
README_DIRECTORY=$install_root$readme_directory
SHLIB_DIRECTORY=$install_root$shlib_directory
-PLUGIN_DIRECTORY=$install_root$plugin_directory
+META_DIRECTORY=$install_root$meta_directory
# Avoid repeated tests for existence of these; default permissions suffice.
test -d $DAEMON_DIRECTORY || mkdir -p $DAEMON_DIRECTORY || exit 1
test -d $COMMAND_DIRECTORY || mkdir -p $COMMAND_DIRECTORY || exit 1
test -d $QUEUE_DIRECTORY || mkdir -p $QUEUE_DIRECTORY || exit 1
-test "$plugin_directory" = "no" -o -d $PLUGIN_DIRECTORY ||
- mkdir -p $PLUGIN_DIRECTORY || exit 1
test "$shlib_directory" = "no" -o -d $SHLIB_DIRECTORY ||
mkdir -p $SHLIB_DIRECTORY || exit 1
test "$html_directory" = "no" -o -d $HTML_DIRECTORY ||
mkdir -p $HTML_DIRECTORY || exit 1
test "$readme_directory" = "no" -o -d $README_DIRECTORY ||
mkdir -p $README_DIRECTORY || exit 1
+test -d $META_DIRECTORY || mkdir -p $META_DIRECTORY || exit 1
# Upgrade or first-time installation?
# Install files, using information from the postfix-files file.
-exec < libexec/postfix-files || exit 1
+exec < meta/postfix-files || exit 1
while IFS=: read path type owner group mode flags junk
do
IFS="$BACKUP_IFS"
'$shlib_directory')
compare_or_replace $mode "$owner" "$group" lib/$file \
$SHLIB_DIRECTORY/$file || exit 1;;
- '$plugin_directory')
- compare_or_replace $mode "$owner" "$group" plugins/$file \
- $PLUGIN_DIRECTORY/$file || exit 1;;
+ '$meta_directory')
+ compare_or_replace $mode "$owner" "$group" meta/$file \
+ $META_DIRECTORY/$file || exit 1;;
'$daemon_directory')
compare_or_replace $mode "$owner" "$group" libexec/$file \
$DAEMON_DIRECTORY/$file || exit 1;;
test "$readme_directory" = "no" ||
compare_or_replace $mode "$owner" "$group" README_FILES/$file \
$README_DIRECTORY/$file || exit 1;;
- *) echo $0: Error: unknown entry $path in libexec/postfix-files 1>&2
+ *) echo $0: Error: unknown entry $path in meta/postfix-files 1>&2
exit 1;;
esac) || exit 1
continue;;
) || exit 1
continue;;
- *) echo $0: Error: unknown type $type for $path in libexec/postfix-files 1>&2
+ *) echo $0: Error: unknown type $type for $path in meta/postfix-files 1>&2
exit 1;;
esac
"sample_directory = $sample_directory" \
"readme_directory = $readme_directory" \
"shlib_directory = $shlib_directory" \
- "plugin_directory = $plugin_directory" \
+ "meta_directory = $meta_directory" \
|| exit 1
# If Postfix is being installed locally from source code, do the
recent versions of Linux, FreeBSD and MacOS X. Shared-library builds
may become the default at some point in the future. </p>
+<p> Overview of topics: </p>
+
+<ul>
+
+<li><a href="#shared_enable">4.3.1 Turning on Postfix shared-library
+support</a>
+
+<li><a href="#dynamicmaps_enable">4.3.2 Turning on Postfix database-plugin
+support</a>
+
+<li><a href="#shared_custom">4.3.3 Customizing Postfix shared
+libraries and database plugins</a>
+
+<li><a href="#shared_tips">4.4.4 Tips for distribution maintainers</a>
+
+</ul>
+
+<p> Note: directories with Postfix shared libraries or database
+plugins should contain only postfix-related files. Postfix shared
+libraries and database plugins should not be installed in a "public"
+system directory such as /usr/lib or /usr/local/lib. Linking Postfix
+shared-library or database-plugin files into non-Postfix programs
+is not supported. Postfix shared libraries and database plugins
+implement a Postfix-internal API that changes without maintaining
+compatibility. </p>
+
+<h4><a name="shared_enable"> 4.3.1 Turning on Postfix shared-library
+support </a></h4>
+
<p> Postfix can be built with Postfix shared libraries (files
-typically named <tt>libpostfix-*.so.*</tt>). Postfix shared libraries
+typically named <tt>libpostfix-*.so</tt>). Postfix shared libraries
add minor run-time overhead and result in significantly-smaller
Postfix executable files. </p>
<blockquote>
<pre>
$ make makefiles shared=yes ...other arguments...
-$ make makefiles shared=no ...other arguments...
$ make
</pre>
</blockquote>
-<p> This defaults to installing shared libraries in /usr/local/lib,
-typically with names like libpostfix-<i>name</i>.so.<i>version</i>,
-where the <i>name</i> is a source-code directory name such as "util"
-or "global", and the <i>version</i> is the Postfix version:
-<i>x.y.z</i> for stable releases, <i>x.y</i>-<i>date</i> for snapshot
-(development) releases, or <i>x.y</i>-<i>date</i>-nonprod for
-non-production releases. </p>
+<p> (Specify "make makefiles shared=no" to explicitly disable Postfix
+shared-library support). </p>
-<p> To override the default location or shared-library version,
-specify, for example: </p>
+<p> This installs shared libraries in $shlib_directory, typically,
+/usr/lib/postfix/<i>version</i> or /usr/local/lib/postfix/<i>version</i>,
+with names like libpostfix-<i>name</i>.so, where the <i>name</i>
+is a source-code directory name such as "util" or "global", and the
+<i>version</i> is the Postfix release version: <i>x.y.z</i> for
+stable releases, <i>x.y</i>-<i>date</i> for snapshot (development)
+releases, or <i>x.y</i>-<i>date</i>-nonprod for non-production
+releases. </p>
-<blockquote>
-<pre>
-$ make makefiles shared=yes shlib_directory=/usr/lib \
- SHLIB_VERSION=1 ...other arguments...
-</pre>
-</blockquote>
+<p> See section 4.3.3 "Customizing Postfix shared libraries and
+database plugins" below for how to customize the Postfix shared-library
+location and version.
-<p> You can change the shlib_directory setting after Postfix is
-built, with "make install" or "make upgrade". However, you may have
-to run ldconfig if you change shlib_directory after Postfix is built
-and install the libpostfix-*.so.* files in a non-system directory.
-No ldconfig is needed if you keep the libpostfix-*.so.* files in
-the compiled-in default $shlib_directory location. </p>
+<h4><a name="dynamicmaps_enable"> 4.3.2 Turning on Postfix
+database-plugin support </a></h4>
<p> Additionally, Postfix can be built to support dynamic loading
-of Postfix database clients with the Debian-style dynamicmaps
-feature. Postfix 2.12 supports dynamic loading of cdb:, ldap:,
-lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database clients.
-Dynamic loading is useful when you distribute or install pre-compiled
-Postfix packages. </p>
+of Postfix database clients (database plugins) with the Debian-style
+dynamicmaps feature. Postfix 2.12 supports dynamic loading of cdb:,
+ldap:, lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database
+clients. Dynamic loading is useful when you distribute or install
+pre-compiled Postfix packages. </p>
<p> Specify "dynamicmaps=yes" on the "make makefiles" command line
to build Postfix with support to dynamically load Postfix database
-clients (database plugins) with the Debian-style dynamicmaps feature.
+clients with the Debian-style dynamicmaps feature.
</p>
<blockquote>
<pre>
$ make makefiles dynamicmaps=yes ...other arguments...
-$ make makefiles dynamicmaps=no ...other arguments...
$ make
</pre>
</blockquote>
-<p> This implicitly enables shared-library support, and defaults
-to installing dynamicmaps.cf and database plugins in /usr/libexec/postfix.
-Database plugins are typically named postfix-<i>type</i>.so.<i>version</i>
-where the <i>type</i> is a database type such as "cdb" or "ldap",
-and where the <i>version</i> is the same as for Postfix shared
-libraries. The installed dynamicmaps.cf configuration file is given
-a suffix with the same version. </p>
+<p> (Specify "make makefiles dynamicmaps=no" to explicitly disable
+Postfix database-plugin support). </p>
+
+<p> This implicitly enables shared-library support, installs the
+configuration file dynamicmaps.cf in $meta_directory (usually,
+/etc/postfix or /usr/local/etc/postfix), and installs database
+plugins in $shlib_directory (see above). Database plugins are named
+postfix-<i>type</i>.so where the <i>type</i> is a database type
+such as "cdb" or "ldap". </p>
<blockquote>
</blockquote>
-<p> To override the default location or shared-library version,
-specify, for example: </p>
+<p> See the next section for how to customize the location and
+version of Postfix database plugins and the location of the file
+dynamicmaps.cf. </p>
+
+<h4><a name="shared_custom"> 4.3.3 Customizing Postfix shared
+libraries and database plugins </a></h4>
+
+<h5> Customizing the location of Postfix shared libraries and
+database plugins </h5>
+
+<p> As a reminder, the directories with Postfix shared libraries
+or database plugins should contain only Postfix-related files.
+Linking these files into other programs is not supported. </p>
+
+<p> To override the default location of Postfix shared libraries
+and database plugins specify, for example: </p>
<blockquote>
<pre>
-% make makefiles dynamicmaps=yes plugin_directory=/usr/lib/postfix \
- SHLIB_VERSION=1 ...
+$ make makefiles shared=yes shlib_directory=/usr/local/lib/postfix ...
</pre>
</blockquote>
-<p> You can also override the plugin_directory setting after Postfix
-is built, with "make install" or "make upgrade". In this case, there
-is no need to run the ldconfig command. </p>
+<p> If you intend to upgrade Postfix without stopping the mail
+system, then you should append the Postfix release version to the
+shlib_directory pathname, to eliminate the possibility that programs
+from the old Postfix version will link with files from the new
+Postfix version. For example: </p>
-<p> Tips for distribution maintainers:
+<blockquote>
+<pre>
+$ make makefiles shared=yes \
+ shlib_directory=/usr/local/lib/postfix/MAIL_VERSION ...
+</pre>
+</blockquote>
-<ul>
+<p> The command "make makefiles name=value..." will replace the
+string MAIL_VERSION in a configuration parameter value with the
+Postfix release version. Do not try to specify something like
+$mail_version on this command line. This produces inconsistent
+results with different versions of the make(1) command. </p>
-<li> <p> The postfix-install procedure creates a compatibility
-symlink dynamicmaps.cf -> dynamicmaps.cf.<i>version</i> (as well
-as a symlink dynamicmaps.cf.d -> dynamicmaps.cf.<i>version</i>.d;
-more on that below). It is therefore safe to use "unversioned"
-configuration file names when installing or deinstalling a database
-plugin. However, Postfix itself will use the "versioned" names, to
-allow minor upgrades to happen without having to stop Postfix. </p>
-
-<li> <p> The configuration file dynamicmaps.cf.<i>version</i> will
-automatically include files under the directory
-dynamicmaps.cf.d.<i>version</i>, just like the configuration file
-postfix-files will automatically include files under the directory
-postfix-files.d. Thanks to this, you don't have to edit postfix-files
-or dynamicmaps.cf, when installing or deinstalling a database plugin
-package. Instead, each plugin can have its own configuration file.
-</p>
+<p> You can change the shlib_directory setting after Postfix is
+built, with "make install" or "make upgrade". However, you may have
+to run ldconfig if you change shlib_directory after Postfix is built
+(the symptom is that Postfix programs fail because the run-time
+linker cannot find the files libpostfix-*.so). No ldconfig command
+is needed if you keep the files libpostfix-*.so in the compiled-in
+default $shlib_directory location. </p>
-<li> <p> The plugin_directory setting provides the default directory
-for shared-library objects with a relative pathname in the file
-dynamicmaps.cf.<i>version</i>.
+<blockquote>
+<pre>
+# make upgrade shlib_directory=/usr/local/lib/postfix ...
+# make install shlib_directory=/usr/local/lib/postfix ...
+</pre>
+</blockquote>
+
+<p> To append the Postfix release version to the pathname if you
+intend to upgrade Postfix without stopping the mail system: </p>
+
+<blockquote>
+<pre>
+# make upgrade shlib_directory=/usr/local/lib/postfix/MAIL_VERSION ...
+# make install shlib_directory=/usr/local/lib/postfix/MAIL_VERSION ...
+</pre>
+</blockquote>
+
+<p> See also the comments above for appending MAIL_VERSION with
+the "make makefiles" command. </p>
+
+<h5> Customizing the location of dynamicmaps.cf and other files
+</h5>
-<li> <p> Each configuration file under the directory
-dynamicmaps.cf.d.<i>version</i> must have a name that ends in ".cf"
-and must have the same format as the file dynamicmaps.cf.<i>version</i>.
+<p> The meta_directory parameter has the same default setting as
+the config_directory parameter, typically /etc/postfix or
+/usr/local/etc/postfix. </p>
+
+<p> You can override the default meta_directory location at compile
+time or after Postfix is built. To override the default location
+at compile time specify, for example: </p>
+
+<blockquote>
+<pre>
+% make makefiles meta_directory=/usr/libexec/postfix ...
+</pre>
+</blockquote>
+
+<p> Here is a tip if you want to make a pathname dependent on the
+Postfix release version: the command "make makefiles name=value..."
+will replace the string MAIL_VERSION in a configuration parameter
+value with the Postfix release version. Do not try to specify
+something like $mail_version on this command line. This produces
+inconsistent results with different versions of the make(1) command.
</p>
-<li> <p> The directory dynamicmaps.cf.d.<i>version</i> is the default
-directory for shared-library objects with a relative pathname in
-the files dynamicmaps.cf.d.<i>version</i>/*.cf. Thus, the directory
-dynamicmaps.cf.d.<i>version</i> may contain both configuration files
-and shared-library object files. Hence, the requirement that
-configuration file names must end in ".cf". </p>
+<p> You can override the meta_directory setting after Postfix is
+built, with "make install" or "make upgrade". </p>
+
+<blockquote>
+<pre>
+# make upgrade meta_directory=/usr/libexec/postfix ...
+# make install meta_directory=/usr/libexec/postfix ...
+</pre>
+</blockquote>
+
+<p> As with the command "make makefiles, the command "make
+install/upgrade name=value..." will replace the string MAIL_VERSION
+in a configuration parameter value with the Postfix release version.
+Do not try to specify something like $mail_version on this command
+line. This produces inconsistent results with different versions
+of the make(1) command. </p>
+
+<h4><a name="shared_tips"> 4.4.4 Tips for distribution maintainers
+</a></h4>
+
+<ul>
+
+<li> <p> The shlib_directory parameter setting also provides the
+default directory for database plugin files with a relative pathname
+in the file dynamicmaps.cf. </p>
+
+<li> <p> The meta_directory parameter specifies the location of the
+files dynamicmaps.cf, postfix-files, and some multi-instance template
+files. The meta_directory parameter has the same default value as
+the config_directory parameter (typically, /etc/postfix or
+/usr/local/etc/postfix). For backwards compatibility with Postfix
+2.6 .. 2.11, specify "meta_directory = $daemon_directory" in main.cf
+before installing or upgrading Postfix, or specify "meta_directory
+= /path/name" on the "make makefiles", "make install" or "make
+upgrade" command line. </p>
+
+<li> <p> The configuration file dynamicmaps.cf will automatically
+include files under the directory dynamicmaps.cf.d, just like the
+configuration file postfix-files will automatically include files
+under the directory postfix-files.d. Thanks to this, you can install
+or deinstall a database plugin package without having to edit
+postfix-files or dynamicmaps.cf. Instead, you give that plugin its
+own configuration files dynamicmaps.cf.d and postfix-files.d, and
+you add or remove those configuration files along with the database
+plugin shared object. </p>
+
+<li> <p> Each configuration file under the directory dynamicmaps.cf.d
+must have the same format as the configuration file dynamicmaps.cf.
+There is no requirement that these configuration file *names* have a
+specific format. </p>
<li> <p> Each configuration file under the directory postfix-files.d
must have the same format as the configuration file postfix-files.
-There is no requirement that these configuration file names have a
+There is no requirement that these configuration file *names* have a
specific format. </p>
</ul>
</pre>
</blockquote>
+<p> The command "make makefiles name=value ..." will replace the
+string MAIL_VERSION in a configuration parameter value with the
+Postfix release version. Do not try to specify something like
+$mail_version on this command line. This produces inconsistent
+results with different versions of the make(1) command. </p>
+
<p> Parameters whose defaults can be specified in this way are
listed below. See the postconf(5) manpage for a description
(command: "<tt>nroff -man man/man5/postconf.5 | less</tt>"). </p>
<tr> <td>manpage_directory</td> <td>/usr/local/man</td> </tr>
-<tr> <td>newaliases_path</td> <td>/usr/bin/newaliases</td> </tr>
+<tr> <td>meta_directory</td> <td>/etc/postfix</td> </tr>
-<tr> <td>plugin_directory</td> <td>/usr/libexec/postfix</td> </tr>
+<tr> <td>newaliases_path</td> <td>/usr/bin/newaliases</td> </tr>
<tr> <td>queue_directory</td> <td>/var/spool/postfix</td> </tr>
<tr> <td>sendmail_path</td> <td>/usr/sbin/sendmail</td> </tr>
-<tr> <td>shlib_directory</td> <td>/usr/local/lib</td> </tr>
+<tr> <td>shlib_directory</td> <td>/usr/lib/postfix</td> </tr>
</table>
<tr> <th colspan="2"> Name/Value </th> <th> Description </th> </tr>
<tr> <td colspan="2"> AUXLIBS="object_library..."</td> <td> Specifies
-one or more non-default object libraries. Postfix 2,12 and later
+one or more non-default object libraries. Postfix 2.12 and later
specify some of their database library dependencies with AUXLIBS_CDB,
AUXLIBS_LDAP, AUXLIBS_LMDB, AUXLIBS_MYSQL, AUXLIBS_PCRE, AUXLIBS_PGSQL,
AUXLIBS_SDBM, and AUXLIBS_SQLITE, respectively. </td> </tr>
a non-default optimization level. The default is -O. Specify OPT=
to turn off optimization. </td> </tr>
-<tr> <td colspan="2"> SHLIB_VERSION=version </td> <td> Specifies a
-non-default Postfix shared-library version number. The default is
-to use the Postfix version: X.Y.Z for stable releases, X.Y-DATE for
-snapshot releases, X.Y-DATE-nonprod for non-production releases.
-</td> </tr>
-
<tr> <td colspan="2"> WARN="warning_flags..." </td> <td> Specifies
non-default <tt>gcc</tt> compiler warning options for use when
"<tt>make</tt>" is invoked in a source subdirectory only. </td>
does not exist, use interactive installation ("make install")
instead. </p>
+<li> <p> If you specify name=value arguments on the "make install"
+or "make upgrade" command line, then these will take precedence
+over compiled-in default settings or main.cf settings. </p>
+
+<p> The command "make install/upgrade name=value ..." will replace
+the string MAIL_VERSION in a configuration parameter value with the
+Postfix release version. Do not try to specify something like
+$mail_version on this command line. This produces inconsistent
+results with different versions of the make(1) command. </p>
+
</ul>
<h3>6.4 - Configure Postfix</h3>
script directly (<tt>% <b>sh post-install -non-interactive
install_root...</b></tt>). </p>
+<p> With Postfix 2.12 and later, the command "make package name=value
+..." will replace the string MAIL_VERSION in a configuration parameter
+value with the Postfix release version. Do not try to specify
+something like $mail_version on this command line. This produces
+inconsistent results with different versions of the make(1) command.
+</p>
+
<h2>Begin Security Alert</h2>
<p> <b> When building an archive for distribution, be sure to
parent domains, client IP address, or networks obtained by stripping
least significant octets. See the access(5) manual page for details. </dd>
+<dt><b><a name="check_client_a_access">check_client_a_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
+
+<dd>Search the specified access(5) database for the IP addresses for the
+client hostname, and execute the corresponding action. Note: a result
+of "OK" is not allowed for safety reasons. Instead, use DUNNO in order
+to exclude specific hosts from blacklists. This feature is available
+in Postfix 2.12 and later. </dd>
+
<dt><b><a name="check_client_mx_access">check_client_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
<dd>Search the specified access(5) database for the MX hosts for the
hosts from blacklists. This feature is available in Postfix 2.6
and later.</dd>
+<dt><b><a name="check_reverse_client_hostname_a_access">check_reverse_client_hostname_a_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
+
+<dd>Search the specified access(5) database for the IP addresses for the
+unverified reverse client hostname, and execute the corresponding
+action. Note: a result of "OK" is not allowed for safety reasons.
+Instead, use DUNNO in order to exclude specific hosts from blacklists.
+This feature is available in Postfix 2.12 and later. </dd>
+
<dt><b><a name="check_reverse_client_hostname_mx_access">check_reverse_client_hostname_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
<dd>Search the specified access(5) database for the MX hosts for the
restriction (without "smtpd_helo_required = yes", a client can
simply skip check_helo_access by not sending HELO or EHLO). </dd>
+<dt><b><a name="check_helo_a_access">check_helo_a_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
+
+<dd>Search the specified access(5) database for the IP addresses for
+the HELO or EHLO hostname, and execute the corresponding action.
+Note 1: a result of "OK" is not allowed for safety reasons. Instead,
+use DUNNO in order to exclude specific hosts from blacklists. Note
+2: specify "smtpd_helo_required = yes" to fully enforce this
+restriction (without "smtpd_helo_required = yes", a client can
+simply skip check_helo_a_access by not sending HELO or EHLO). This
+feature is available in Postfix 2.12 and later.
+</dd>
+
<dt><b><a name="check_helo_mx_access">check_helo_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
<dd>Search the specified access(5) database for the MX hosts for
TO address, domain, parent domains, or localpart@, and execute the
corresponding action. </dd>
+<dt><b><a name="check_recipient_a_access">check_recipient_a_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
+
+<dd>Search the specified access(5) database for the IP addresses for
+the RCPT TO domain, and execute the corresponding action. Note:
+a result of "OK" is not allowed for safety reasons. Instead, use
+DUNNO in order to exclude specific hosts from blacklists. This
+feature is available in Postfix 2.12 and later. </dd>
+
<dt><b><a name="check_recipient_mx_access">check_recipient_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
<dd>Search the specified access(5) database for the MX hosts for
address, domain, parent domains, or localpart@, and execute the
corresponding action. </dd>
+<dt><b><a name="check_sender_a_access">check_sender_a_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
+
+<dd>Search the specified access(5) database for the IP addresses for
+the MAIL FROM domain, and execute the corresponding action. Note:
+a result of "OK" is not allowed for safety reasons. Instead, use
+DUNNO in order to exclude specific hosts from blacklists. This
+feature is available in Postfix 2.12 and later. </dd>
+
<dt><b><a name="check_sender_mx_access">check_sender_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
<dd>Search the specified access(5) database for the MX hosts for
-the MAIL FROM address, and execute the corresponding action. Note:
+the MAIL FROM domain, and execute the corresponding action. Note:
a result of "OK" is not allowed for safety reasons. Instead, use
DUNNO in order to exclude specific hosts from blacklists. This
feature is available in Postfix 2.1 and later. </dd>
<dt><b><a name="check_sender_ns_access">check_sender_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
<dd>Search the specified access(5) database for the DNS servers
-for the MAIL FROM address, and execute the corresponding action.
+for the MAIL FROM domain, and execute the corresponding action.
Note: a result of "OK" is not allowed for safety reasons. Instead,
use DUNNO in order to exclude specific hosts from blacklists. This
feature is available in Postfix 2.1 and later. </dd>
%PARAM shlib_directory see 'postconf -d' output
-<p> The location of Postfix shared libraries (libpostfix-*.so.*).
-This parameter defaults to "no" when Postfix shared libraries are
-disabled at compile time. </p>
+<p> The location of Postfix shared libraries (libpostfix-*.so),
+and the default location of Postfix database plugins (libpostfix-*.so)
+that have a relative pathname in the dynamicmaps.cf file. The
+shlib_directory parameter defaults to "no" when Postfix shared
+libraries and database plugins are disabled at compile time, otherwise
+it typically defaults to /usr/lib/postfix or /usr/local/lib/postfix.
+</p>
+
+<p> Notes: </p>
-<p> NOTE: You can change the location of these files after Postfix
-is built. However, you may have to run ldconfig if you move the
-libpostfix-*.so.* files to a non-system directory. No ldconfig is
-needed if you keep the libpostfix-*.so.* files in the compiled-in
-default $shlib_directory location. </p>
+<ul>
+
+<li> <p> The directory specified with shlib_directory should contain
+only Postfix-related files. Postfix shared libraries and database
+plugins should not be installed in a "public" system directory such
+as /usr/lib or /usr/local/lib. Linking Postfix shared-library files
+or database plugins into non-Postfix programs is not supported.
+Postfix shared libraries and database plugins implement a
+Postfix-internal API that changes without maintaining compatibility.
+</p>
+
+<li> <p> You can change the shlib_directory value after Postfix is
+built. However, you may have to run ldconfig or equivalent to prevent
+Postfix programs from failing because the libpostfix-*.so files are
+not found. No ldconfig command is needed if you keep the libpostfix-*.so
+files in the compiled-in default $shlib_directory location. </p>
+
+</ul>
<p> This feature is available in Postfix 2.12 and later. </p>
-%PARAM plugin_directory see 'postconf -d' output
+%PARAM meta_directory see 'postconf -d' output
+
+<p> The location of non-executable files that are shared among
+multiple Postfix instances, such as postfix-files, dynamicmaps.cf,
+and the multi-instance template files main.cf.proto and master.cf.proto.
+This directory should contain only Postfix-related files. Typically,
+the meta_directory parameter has the same default as the config_directory
+parameter (/etc/postfix or /usr/local/etc/postfix). </p>
-<p> The location of the Postfix dynamicmaps.cf database plugin
-configuration file, and of database plugins with a relative pathname.
-This is set to "no" when Postfix database plugin support is disabled
-at compile time. </p>
+<p> For backwards compatibility with Postfix versions 2.6..2.11,
+specify "meta_directory = $daemon_directory" in main.cf before
+installing or upgrading Postfix, or specify "meta_directory =
+/path/name" on the "make makefiles", "make install" or "make upgrade"
+command line. </p>
<p> This feature is available in Postfix 2.12 and later. </p>
LIBS = ../../lib/lib$(LIB_PREFIX)util$(LIB_SUFFIX)
LIB_DIR = ../../lib
INC_DIR = ../../include
-PLG_DIR= ../../plugins
PLUGIN_MAP_SO = $(LIB_PREFIX)ldap$(LIB_SUFFIX) $(LIB_PREFIX)mysql$(LIB_SUFFIX) \
$(LIB_PREFIX)pgsql$(LIB_SUFFIX) $(LIB_PREFIX)sqlite$(LIB_SUFFIX) \
$(LIB_PREFIX)lmdb$(LIB_SUFFIX) $(LIB_PREFIX)cdb$(LIB_SUFFIX) \
do \
for type in $(DEFINED_MAP_TYPES); do \
case $$i in $(LIB_PREFIX)$$type$(LIB_SUFFIX)) \
- cmp -s $$i $(PLG_DIR)/$$i 2>/dev/null || cp $$i $(PLG_DIR); \
+ cmp -s $$i $(LIB_DIR)/$$i 2>/dev/null || cp $$i $(LIB_DIR); \
continue 2;; \
esac; \
done; \
- rm -f $(PLG_DIR)/$$i; \
+ rm -f $(LIB_DIR)/$$i; \
done
dot_lockfile: $(LIB) $(LIBS)
/* SYNOPSIS
/* #include <dynamicmaps.h>
/*
-/* void dymap_init(const char *path)
+/* void dymap_init(const char *conf_path, const char *plugin_dir)
/* DESCRIPTION
/* This module reads the dynamicmaps.cf file and performs
/* run-time loading of Postfix dictionaries. Each dynamicmaps.cf
/* of a shared-library object, the name of a "dict_open"
/* function for access to individual dictionary entries, and
/* optionally the name of a "mkmap_open" function for bulk-mode
-/* dictionary creation. The configuration file's parent directory
-/* is the default directory for shared-library objects with a
-/* relative pathname.
+/* dictionary creation. Plugins may be specified with a relative
+/* pathname.
/*
/* A dictionary may be installed without editing the file
/* dynamicmaps.cf, by placing a configuration file under the
/* directory dynamicmaps.cf.d, with the same format as
-/* dynamicmaps.cf. These configuration file names must end in
-/* ".cf". As before, a configuration file's parent directory
-/* is the default directory for shared-library objects with a
-/* relative pathname. Thus, the directory dynamicmaps.cf.d may
-/* contain both configuration files and shared-library object
-/* files.
+/* dynamicmaps.cf.
/*
/* dymap_init() reads the specified configuration file which
/* is in dynamicmaps.cf format, and hooks itself into the
/* already been linked into the process address space, nor
/* will it hide their dictionaries types from later "open"
/* requests.
+/*
+/* Arguments:
+/* .IP conf_path
+/* Pathname for the dynamicmaps configuration file.
+/* .IP plugin_dir
+/* Default directory for plugins with a relative pathname.
/* SEE ALSO
/* load_lib(3) low-level run-time linker adapter
/* DIAGNOSTICS
static MKMAP_OPEN_EXTEND_FN saved_mkmap_open_hook = 0;
static DICT_MAPNAMES_EXTEND_FN saved_dict_mapnames_hook = 0;
- /*
- * Mandatory dynamicmaps.cf.d/ configuration file suffix.
- */
-#define DYMAP_CF_SUFFIX ".cf"
-
#define STREQ(x, y) (strcmp((x), (y)) == 0)
/* dymap_dict_lookup - look up "dict_foo_open" function */
}
if (st.st_uid != 0 || (st.st_mode & (S_IWGRP | S_IWOTH)) != 0) {
msg_warn("unsupported dictionary type: %s "
- "(%s: file is writable by non-root users)",
+ "(%s: file is owned or writable by non-root users)",
dict_type, dp->soname);
return (0);
}
dict_type, dp->soname, dict_type);
if (st.st_uid != 0 || (st.st_mode & (S_IWGRP | S_IWOTH)) != 0)
msg_fatal("unsupported dictionary type: %s "
- "(%s: file is writable by non-root users)",
+ "(%s: file is owned or writable by non-root users)",
dict_type, dp->soname);
fn[0].name = dp->mkmap_name;
fn[1].name = 0;
if (fstat(vstream_fileno(fp), &st) < 0)
msg_fatal("%s: fstat failed; %m", path);
if (st.st_uid != 0 || (st.st_mode & (S_IWGRP | S_IWOTH)) != 0) {
- msg_warn("%s: file is writable by non-root users"
+ msg_warn("%s: file is owned or writable by non-root users"
" -- skipping this file", path);
} else {
buf = vstring_alloc(100);
/* dymap_init - initialize dictionary type to soname etc. mapping */
-void dymap_init(const char *path)
+void dymap_init(const char *conf_path, const char *plugin_dir)
{
const char myname[] = "dymap_init";
SCAN_DIR *dir;
- char *path_base;
- char *path_d;
+ char *conf_path_d;
const char *conf_name;
- char *path_d_conf;
- char *suffix;
+ VSTRING *sub_conf_path;
/*
* Reload dynamicsmaps.cf, but don't reload already-loaded plugins.
/*
* Read dynamicmaps.cf.
*/
- path_base = mystrdup(path);
- (void) split_at_right(path_base, '/');
- dymap_read_conf(path, path_base);
- myfree(path_base);
+ dymap_read_conf(conf_path, plugin_dir);
/*
- * Read dynamicmaps.cf.d/filename entries. We allow shared-object files
- * in dynamicmaps.cf.d. Therefore, configuration file names must have a
- * distinct suffix.
+ * Read dynamicmaps.cf.d/filename entries.
*/
- path_d = concatenate(path, ".d", (char *) 0);
- if ((dir = scan_dir_open(path_d)) != 0) {
+ conf_path_d = concatenate(conf_path, ".d", (char *) 0);
+ if (access(conf_path_d, R_OK | X_OK) == 0
+ && (dir = scan_dir_open(conf_path_d)) != 0) {
+ sub_conf_path = vstring_alloc(100);
while ((conf_name = scan_dir_next(dir)) != 0) {
- if ((suffix = strrchr(conf_name, '.')) != 0
- && strcmp(suffix, DYMAP_CF_SUFFIX) == 0) {
- path_d_conf = concatenate(path_d, "/", conf_name, (char *) 0);
- dymap_read_conf(path_d_conf, path_d);
- myfree(path_d_conf);
- } else if (errno != 0) {
- /* Don't crash all programs - degrade gracefully. */
- msg_warn("%s: directory read error: %m", path_d);
- }
+ vstring_sprintf(sub_conf_path, "%s/%s", conf_path_d, conf_name);
+ dymap_read_conf(vstring_str(sub_conf_path), plugin_dir);
}
+ if (errno != 0)
+ /* Don't crash all programs - degrade gracefully. */
+ msg_warn("%s: directory read error: %m", conf_path_d);
scan_dir_close(dir);
+ vstring_free(sub_conf_path);
} else if (errno != ENOENT) {
/* Don't crash all programs - degrade gracefully. */
- msg_warn("%s: directory open failed: %m", path_d);
+ msg_warn("%s: directory open failed: %m", conf_path_d);
}
- myfree(path_d);
+ myfree(conf_path_d);
/*
* Future proofing, in case someone "improves" the code. We can't hook
*/
#ifdef USE_DYNAMIC_LIBS
-extern void dymap_init(const char *);
+extern void dymap_init(const char *, const char *);
#endif
/* LICENSE
#ifdef USE_DYNAMIC_MAPS
char *path;
- path = concatenate(var_plugin_dir, "/", "dynamicmaps.cf",
+ path = concatenate(var_meta_dir, "/", "dynamicmaps.cf",
#ifdef SHLIB_VERSION
".", SHLIB_VERSION,
#endif
(char *) 0);
- dymap_init(path);
+ dymap_init(path, var_shlib_dir);
myfree(path);
#endif
/* char *var_daemon_dir;
/* char *var_data_dir;
/* char *var_command_dir;
-/* char *var_plugin_dir;
+/* char *var_meta_dir;
/* char *var_queue_dir;
/* char *var_shlib_dir;
/* int var_use_limit;
#include <safe_open.h>
#include <mymalloc.h>
#include <dict.h>
-#ifdef HAS_DB
#include <dict_db.h>
-#endif
#include <dict_lmdb.h>
#include <inet_proto.h>
#include <vstring_vstream.h>
char *var_daemon_dir;
char *var_data_dir;
char *var_command_dir;
-char *var_plugin_dir;
+char *var_meta_dir;
char *var_queue_dir;
char *var_shlib_dir;
int var_use_limit;
const char null_format_string[1] = "";
DEFINE_DICT_LMDB_MAP_SIZE;
+DEFINE_DICT_DB_CACHE_SIZE;
/* check_myhostname - lookup hostname and validate */
VAR_DAEMON_DIR, DEF_DAEMON_DIR, &var_daemon_dir, 1, 0,
VAR_DATA_DIR, DEF_DATA_DIR, &var_data_dir, 1, 0,
VAR_COMMAND_DIR, DEF_COMMAND_DIR, &var_command_dir, 1, 0,
- VAR_PLUGIN_DIR, DEF_PLUGIN_DIR, &var_plugin_dir, 1, 0,
+ VAR_META_DIR, DEF_META_DIR, &var_meta_dir, 1, 0,
VAR_QUEUE_DIR, DEF_QUEUE_DIR, &var_queue_dir, 1, 0,
VAR_SHLIB_DIR, DEF_SHLIB_DIR, &var_shlib_dir, 1, 0,
VAR_PID_DIR, DEF_PID_DIR, &var_pid_dir, 1, 0,
check_mail_owner();
check_sgid_group();
check_overlap();
-#ifdef HAS_DB
dict_db_cache_size = var_db_read_buf;
-#endif
dict_lmdb_map_size = var_lmdb_map_size;
inet_windowsize = var_inet_windowsize;
#define CHECK_HELO_NS_ACL "check_helo_ns_access"
#define CHECK_SENDER_NS_ACL "check_sender_ns_access"
#define CHECK_RECIP_NS_ACL "check_recipient_ns_access"
+#define CHECK_CLIENT_A_ACL "check_client_a_access"
+#define CHECK_REVERSE_CLIENT_A_ACL "check_reverse_client_hostname_a_access"
+#define CHECK_HELO_A_ACL "check_helo_a_access"
+#define CHECK_SENDER_A_ACL "check_sender_a_access"
+#define CHECK_RECIP_A_ACL "check_recipient_a_access"
#define WARN_IF_REJECT "warn_if_reject"
*/
#define VAR_SHLIB_DIR "shlib_directory"
#ifndef DEF_SHLIB_DIR
-#define DEF_SHLIB_DIR "/usr/local/lib"
+#define DEF_SHLIB_DIR "/usr/lib/postfix/$mail_version"
#endif
extern char *var_shlib_dir;
-#define VAR_PLUGIN_DIR "plugin_directory"
-#ifndef DEF_PLUGIN_DIR
-#define DEF_PLUGIN_DIR "/usr/libexec/postfix"
+#define VAR_META_DIR "meta_directory"
+#ifndef DEF_META_DIR
+#define DEF_META_DIR DEF_CONFIG_DIR
#endif
-extern char *var_plugin_dir;
+extern char *var_meta_dir;
/* LICENSE
/* .ad
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20140618"
+#define MAIL_RELEASE_DATE "20140625"
#define MAIL_VERSION_NUMBER "2.12"
#ifdef SNAPSHOT
/* caches, pseudo-random numbers).
/* .PP
/* Available in Postfix version 2.12 and later:
-/* .IP "\fBplugin_directory (see 'postconf -d' output)\fR"
-/* The location of the Postfix dynamicmaps.cf database plugin
-/* configuration file, and of database plugins with a relative pathname.
+/* .IP "\fBmeta_directory (see 'postconf -d' output)\fR"
+/* The location of non-executable files that are shared among
+/* multiple Postfix instances, such as postfix-files, dynamicmaps.cf,
+/* and the multi-instance template files main.cf.proto and master.cf.proto.
/* .IP "\fBshlib_directory (see 'postconf -d' output)\fR"
-/* The location of Postfix shared libraries (libpostfix-*.so.*).
+/* The location of Postfix shared libraries (libpostfix-*.so.*),
+/* and of Postfix database plugins that have a relative pathname in
+/* the dynamicmaps.cf file.
/* .PP
/* Other configuration parameters:
/* .IP "\fBimport_environment (see 'postconf -d' output)\fR"
check_setenv(VAR_COMMAND_DIR, var_command_dir); /* main.cf */
check_setenv(VAR_DAEMON_DIR, var_daemon_dir); /* main.cf */
check_setenv(VAR_DATA_DIR, var_data_dir); /* main.cf */
- check_setenv(VAR_PLUGIN_DIR, var_plugin_dir); /* main.cf */
+ check_setenv(VAR_META_DIR, var_meta_dir); /* main.cf */
check_setenv(VAR_QUEUE_DIR, var_queue_dir); /* main.cf */
check_setenv(VAR_CONFIG_DIR, var_config_dir); /* main.cf */
check_setenv(VAR_SHLIB_DIR, var_shlib_dir); /* main.cf */
/* .IP "\fBsyslog_name (see 'postconf -d' output)\fR"
/* The mail system name that is prepended to the process name in syslog
/* records, so that "smtpd" becomes, for example, "postfix/smtpd".
+/* .PP
+/* Available in Postfix 2.12 and later:
+/* .IP "\fBmeta_directory (see 'postconf -d' output)\fR"
+/* The location of non-executable files that are shared among
+/* multiple Postfix instances, such as postfix-files, dynamicmaps.cf,
+/* and the multi-instance template files main.cf.proto and master.cf.proto.
+/* .IP "\fBshlib_directory (see 'postconf -d' output)\fR"
+/* The location of Postfix shared libraries (libpostfix-*.so.*),
+/* and of Postfix database plugins that have a relative pathname in
+/* the dynamicmaps.cf file.
/* FILES
-/* $daemon_directory/main.cf, stock configuration file
-/* $daemon_directory/master.cf, stock configuration file
+/* $meta_directory/main.cf.proto, stock configuration file
+/* $meta_directory/master.cf.proto, stock configuration file
/* $daemon_directory/postmulti-script, life-cycle helper program
/* SEE ALSO
/* postfix(1), Postfix control program
static SHARED_PATH shared_dir_table[] = {
VAR_COMMAND_DIR, &var_command_dir,
VAR_DAEMON_DIR, &var_daemon_dir,
+ VAR_META_DIR, &var_meta_dir,
+ VAR_SHLIB_DIR, &var_shlib_dir,
0,
};
struct stat st;
const SHARED_PATH *sp;
+ /*
+ * XXX Avoid false conflicts with meta_directory. This usually overlaps
+ * with other directories, typcally config_directory, shlib_directory or
+ * daemon_directory.
+ */
for (sp = shared_dir_table; sp->param_name; ++sp) {
+ if (sp->param_value[0][0] != '/') /* "no" or other special */
+ continue;
if (stat(sp->param_value[0], &st) < 0)
msg_fatal("%s = '%s': directory not found: %m",
sp->param_name, sp->param_value[0]);
if (!S_ISDIR(st.st_mode))
msg_fatal("%s = '%s' is not a directory",
sp->param_name, sp->param_value[0]);
+ if (strcmp(sp->param_name, VAR_META_DIR) == 0)
+ continue;
register_claim(var_config_dir, sp->param_name, sp->param_value[0]);
}
}
*/
if (state->reason && state->where)
msg_info("%s: %s: %s while %s",
- state->queue_id, state->namaddr, state->reason, state->where);
+ state->queue_id ? state->queue_id : "NOQUEUE",
+ state->namaddr, state->reason, state->where);
}
/* qmqpd_service - service one client */
tests: smtpd_check_test smtpd_check_test2 smtpd_acl_test smtpd_exp_test \
smtpd_token_test smtpd_check_test4 smtpd_check_dsn_test \
- smtpd_check_backup_test smtpd_dnswl_test smtpd_error_test
+ smtpd_check_backup_test smtpd_dnswl_test smtpd_error_test \
+ smtpd_server_test
root_tests:
diff smtpd_exp.ref smtpd_exp.tmp
rm -f smtpd_exp.tmp smtpd_check_access.*
+smtpd_server_test: smtpd_check smtpd_server.in smtpd_server.ref
+ $(SHLIB_ENV) ../postmap/postmap hash:smtpd_check_access
+ $(SHLIB_ENV) ./smtpd_check <smtpd_server.in >smtpd_server.tmp 2>&1
+ diff smtpd_server.ref smtpd_server.tmp
+ rm -f smtpd_server.tmp smtpd_check_access.*
+
smtpd_check_dsn_test: smtpd_check smtpd_check_dsn.in smtpd_check_dsn.ref smtpd_check_access
$(SHLIB_ENV) ../postmap/postmap hash:smtpd_check_access
$(SHLIB_ENV) ./smtpd_check <smtpd_check_dsn.in >smtpd_check.tmp 2>&1
/*
* Sanity check.
*/
- if (type != T_MX && type != T_NS)
+ if (type != T_MX && type != T_NS && type != T_A
+#ifdef HAS_IPV6
+ && type != T_AAAA
+#endif
+ )
msg_panic("%s: unexpected resource type \"%s\" in request",
myname, dns_strtype(type));
}
/*
+ * If the request is type A or AAAA, fabricate an MX record that points
+ * to the domain name itself, and skip name-based access control.
+ *
* If the domain name does not exist then we apply no restriction.
*
* If the domain name exists but no MX record exists, fabricate an MX record
* If the domain name exists but no NS record exists, look up parent domain
* NS records.
*/
- dns_status = dns_lookup(domain, type, 0, &server_list,
- (VSTRING *) 0, (VSTRING *) 0);
- if (dns_status == DNS_NOTFOUND /* Not: h_errno == NO_DATA */ ) {
- if (type == T_MX) {
- server_list = dns_rr_create(domain, domain, type, C_IN, 0, 0,
- domain, strlen(domain) + 1);
- dns_status = DNS_OK;
- } else if (type == T_NS && h_errno == NO_DATA) {
- while ((domain = strchr(domain, '.')) != 0 && domain[1]) {
- domain += 1;
- dns_status = dns_lookup(domain, type, 0, &server_list,
- (VSTRING *) 0, (VSTRING *) 0);
- if (dns_status != DNS_NOTFOUND || h_errno != NO_DATA)
- break;
+ if (type == T_A
+#ifdef HAS_IPV6
+ || type == T_AAAA
+#endif
+ ) {
+ server_list = dns_rr_create(domain, domain, T_MX, C_IN, 0, 0,
+ domain, strlen(domain) + 1);
+ } else {
+ dns_status = dns_lookup(domain, type, 0, &server_list,
+ (VSTRING *) 0, (VSTRING *) 0);
+ if (dns_status == DNS_NOTFOUND /* Not: h_errno == NO_DATA */ ) {
+ if (type == T_MX) {
+ server_list = dns_rr_create(domain, domain, type, C_IN, 0, 0,
+ domain, strlen(domain) + 1);
+ dns_status = DNS_OK;
+ } else if (type == T_NS && h_errno == NO_DATA) {
+ while ((domain = strchr(domain, '.')) != 0 && domain[1]) {
+ domain += 1;
+ dns_status = dns_lookup(domain, type, 0, &server_list,
+ (VSTRING *) 0, (VSTRING *) 0);
+ if (dns_status != DNS_NOTFOUND || h_errno != NO_DATA)
+ break;
+ }
}
}
- }
- if (dns_status != DNS_OK) {
- msg_warn("Unable to look up %s host for %s: %s", dns_strtype(type),
- domain && domain[1] ? domain : name, dns_strerror(h_errno));
- return (SMTPD_CHECK_DUNNO);
+ if (dns_status != DNS_OK) {
+ msg_warn("Unable to look up %s host for %s: %s", dns_strtype(type),
+ domain && domain[1] ? domain : name, dns_strerror(h_errno));
+ return (SMTPD_CHECK_DUNNO);
+ }
}
/*
CHECK_SERVER_RETURN(status);
continue;
}
- if ((status = check_domain_access(state, table, (char *) server->data,
+ if (type != T_A && type != T_AAAA
+ && ((status = check_domain_access(state, table, (char *) server->data,
FULL, &found, reply_name, reply_class,
- def_acl)) != 0 || found)
+ def_acl)) != 0 || found))
CHECK_SERVER_RETURN(status);
if ((aierr = hostname_to_sockaddr((char *) server->data,
(char *) 0, 0, &res0)) != 0) {
- msg_warn("Unable to look up %s host %s for %s %s: %s",
- dns_strtype(type), (char *) server->data,
- reply_class, reply_name, MAI_STRERROR(aierr));
+ if (type != T_A && type != T_AAAA)
+ msg_warn("Unable to look up %s host %s for %s %s: %s",
+ dns_strtype(type), (char *) server->data,
+ reply_class, reply_name, MAI_STRERROR(aierr));
continue;
}
/* Now we must also free the addrinfo result. */
SMTPD_NAME_CLIENT, def_acl);
forbid_whitelist(state, name, status, state->name);
}
+ } else if (is_map_command(state, name, CHECK_CLIENT_A_ACL, &cpp)) {
+ if (strcasecmp(state->name, "unknown") != 0) {
+ status = check_server_access(state, *cpp, state->name,
+ T_A, state->namaddr,
+ SMTPD_NAME_CLIENT, def_acl);
+ forbid_whitelist(state, name, status, state->name);
+ }
} else if (is_map_command(state, name, CHECK_REVERSE_CLIENT_NS_ACL, &cpp)) {
if (strcasecmp(state->reverse_name, "unknown") != 0) {
status = check_server_access(state, *cpp, state->reverse_name,
SMTPD_NAME_REV_CLIENT, def_acl);
forbid_whitelist(state, name, status, state->reverse_name);
}
+ } else if (is_map_command(state, name, CHECK_REVERSE_CLIENT_A_ACL, &cpp)) {
+ if (strcasecmp(state->reverse_name, "unknown") != 0) {
+ status = check_server_access(state, *cpp, state->reverse_name,
+ T_A, state->namaddr,
+ SMTPD_NAME_REV_CLIENT, def_acl);
+ forbid_whitelist(state, name, status, state->reverse_name);
+ }
}
/*
SMTPD_NAME_HELO, def_acl);
forbid_whitelist(state, name, status, state->helo_name);
}
+ } else if (is_map_command(state, name, CHECK_HELO_A_ACL, &cpp)) {
+ if (state->helo_name) {
+ status = check_server_access(state, *cpp, state->helo_name,
+ T_A, state->helo_name,
+ SMTPD_NAME_HELO, def_acl);
+ forbid_whitelist(state, name, status, state->helo_name);
+ }
} else if (strcasecmp(name, REJECT_NON_FQDN_HELO_HOSTNAME) == 0
|| strcasecmp(name, REJECT_NON_FQDN_HOSTNAME) == 0) {
if (state->helo_name) {
SMTPD_NAME_SENDER, def_acl);
forbid_whitelist(state, name, status, state->sender);
}
+ } else if (is_map_command(state, name, CHECK_SENDER_A_ACL, &cpp)) {
+ if (state->sender && *state->sender) {
+ status = check_server_access(state, *cpp, state->sender,
+ T_A, state->sender,
+ SMTPD_NAME_SENDER, def_acl);
+ forbid_whitelist(state, name, status, state->sender);
+ }
} else if (strcasecmp(name, REJECT_RHSBL_SENDER) == 0) {
if (cpp[1] == 0)
msg_warn("restriction %s requires domain name argument", name);
SMTPD_NAME_RECIPIENT, def_acl);
forbid_whitelist(state, name, status, state->recipient);
}
+ } else if (is_map_command(state, name, CHECK_RECIP_A_ACL, &cpp)) {
+ if (state->recipient && *state->recipient) {
+ status = check_server_access(state, *cpp, state->recipient,
+ T_A, state->recipient,
+ SMTPD_NAME_RECIPIENT, def_acl);
+ forbid_whitelist(state, name, status, state->recipient);
+ }
} else if (strcasecmp(name, REJECT_RHSBL_RECIPIENT) == 0) {
if (cpp[1] == 0)
msg_warn("restriction %s requires domain name argument", name);
ok.domain OK
<> 550 Go away postmaster
+54.187.136.235 reject bizsat.net, gypsysoul.org spam
+
blackholes.mail-abuse.org $rbl_code client=$client
client_address=$client_address
client_name=$client_name helo_name=$helo_name
helo example.tld
mail sname@sdomain
rcpt rname@rdomain
-#
-# Check MX access
-#
-helo_restrictions check_helo_mx_access,hash:smtpd_check_access
-#helo verisign-wildcard.com
-helo verisign.com
-helo example.tld
-sender_restrictions check_sender_mx_access,hash:smtpd_check_access
-mail foo@pls.net.au
-#mail foo@verisign-wildcard.com
-mail foo@verisign.com
-recipient_restrictions check_recipient_mx_access,hash:smtpd_check_access
-#rcpt foo@verisign-wildcard.com
-rcpt foo@verisign.com
-rcpt foo@1.2.3.porcupine.org
-#
-# Check NS access
-#
-helo_restrictions check_helo_ns_access,hash:smtpd_check_access
-helo email-publisher.com
-helo ns1.topica.com
-#helo verisign-wildcard.com
-helo example.tld
-sender_restrictions check_sender_ns_access,hash:smtpd_check_access
-mail foo@email-publisher.com
-mail foo@ns1.topica.com
-#mail foo@verisign-wildcard.com
-recipient_restrictions check_recipient_ns_access,hash:smtpd_check_access
-rcpt foo@email-publisher.com
-rcpt foo@ns1.topica.com
-#rcpt foo@verisign-wildcard.com
-rcpt foo@1.2.3.porcupine.org
>>> rcpt rname@rdomain
./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.189.2]: 554 5.7.1 Service unavailable; Helo command [example.tld] blocked using abuse.rfc-ignorant.org; Not supporting abuse@domain; from=<sname@sdomain> to=<rname@rdomain> proto=SMTP helo=<example.tld>
554 5.7.1 Service unavailable; Helo command [example.tld] blocked using abuse.rfc-ignorant.org; Not supporting abuse@domain
->>> #
->>> # Check MX access
->>> #
->>> helo_restrictions check_helo_mx_access,hash:smtpd_check_access
-OK
->>> #helo verisign-wildcard.com
->>> helo verisign.com
-OK
->>> helo example.tld
-./smtpd_check: warning: Unable to look up MX host example.tld for Helo command example.tld: hostname nor servname provided, or not known
-OK
->>> sender_restrictions check_sender_mx_access,hash:smtpd_check_access
-OK
->>> mail foo@pls.net.au
-OK
->>> #mail foo@verisign-wildcard.com
->>> mail foo@verisign.com
-OK
->>> recipient_restrictions check_recipient_mx_access,hash:smtpd_check_access
-OK
->>> #rcpt foo@verisign-wildcard.com
->>> rcpt foo@verisign.com
-OK
->>> rcpt foo@1.2.3.porcupine.org
-./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.189.2]: 554 5.7.1 <foo@1.2.3.porcupine.org>: Recipient address rejected: mail server 10.10.10.10; from=<foo@verisign.com> to=<foo@1.2.3.porcupine.org> proto=SMTP helo=<example.tld>
-554 5.7.1 <foo@1.2.3.porcupine.org>: Recipient address rejected: mail server 10.10.10.10
->>> #
->>> # Check NS access
->>> #
->>> helo_restrictions check_helo_ns_access,hash:smtpd_check_access
-OK
->>> helo email-publisher.com
-./smtpd_check: <queue id>: reject: HELO from spike.porcupine.org[168.100.189.2]: 554 5.7.1 <email-publisher.com>: Helo command rejected: Access denied; from=<foo@verisign.com> proto=SMTP helo=<email-publisher.com>
-554 5.7.1 <email-publisher.com>: Helo command rejected: Access denied
->>> helo ns1.topica.com
-./smtpd_check: <queue id>: reject: HELO from spike.porcupine.org[168.100.189.2]: 554 5.7.1 <ns1.topica.com>: Helo command rejected: Access denied; from=<foo@verisign.com> proto=SMTP helo=<ns1.topica.com>
-554 5.7.1 <ns1.topica.com>: Helo command rejected: Access denied
->>> #helo verisign-wildcard.com
->>> helo example.tld
-./smtpd_check: warning: Unable to look up NS host for example.tld: Host not found
-OK
->>> sender_restrictions check_sender_ns_access,hash:smtpd_check_access
-OK
->>> mail foo@email-publisher.com
-./smtpd_check: <queue id>: reject: MAIL from spike.porcupine.org[168.100.189.2]: 554 5.7.1 <foo@email-publisher.com>: Sender address rejected: Access denied; from=<foo@email-publisher.com> proto=SMTP helo=<example.tld>
-554 5.7.1 <foo@email-publisher.com>: Sender address rejected: Access denied
->>> mail foo@ns1.topica.com
-./smtpd_check: <queue id>: reject: MAIL from spike.porcupine.org[168.100.189.2]: 554 5.7.1 <foo@ns1.topica.com>: Sender address rejected: Access denied; from=<foo@ns1.topica.com> proto=SMTP helo=<example.tld>
-554 5.7.1 <foo@ns1.topica.com>: Sender address rejected: Access denied
->>> #mail foo@verisign-wildcard.com
->>> recipient_restrictions check_recipient_ns_access,hash:smtpd_check_access
-OK
->>> rcpt foo@email-publisher.com
-./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.189.2]: 554 5.7.1 <foo@email-publisher.com>: Recipient address rejected: Access denied; from=<foo@ns1.topica.com> to=<foo@email-publisher.com> proto=SMTP helo=<example.tld>
-554 5.7.1 <foo@email-publisher.com>: Recipient address rejected: Access denied
->>> rcpt foo@ns1.topica.com
-./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.189.2]: 554 5.7.1 <foo@ns1.topica.com>: Recipient address rejected: Access denied; from=<foo@ns1.topica.com> to=<foo@ns1.topica.com> proto=SMTP helo=<example.tld>
-554 5.7.1 <foo@ns1.topica.com>: Recipient address rejected: Access denied
->>> #rcpt foo@verisign-wildcard.com
->>> rcpt foo@1.2.3.porcupine.org
-./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.189.2]: 554 5.7.1 <foo@1.2.3.porcupine.org>: Recipient address rejected: name server spike.porcupine.org; from=<foo@ns1.topica.com> to=<foo@1.2.3.porcupine.org> proto=SMTP helo=<example.tld>
-554 5.7.1 <foo@1.2.3.porcupine.org>: Recipient address rejected: name server spike.porcupine.org
--- /dev/null
+#
+# Initialize.
+#
+#! ../bin/postmap smtpd_check_access
+#msg_verbose 1
+smtpd_delay_reject 0
+mynetworks 127.0.0.0/8,168.100.189.0/28
+relay_domains porcupine.org
+maps_rbl_domains dnsbltest.porcupine.org
+rbl_reply_maps hash:smtpd_check_access
+client spike.porcupine.org 168.100.189.2
+#
+# Check MX access
+#
+helo_restrictions check_helo_mx_access,hash:smtpd_check_access
+#helo verisign-wildcard.com
+helo verisign.com
+helo example.tld
+sender_restrictions check_sender_mx_access,hash:smtpd_check_access
+mail foo@pls.net.au
+#mail foo@verisign-wildcard.com
+mail foo@verisign.com
+recipient_restrictions check_recipient_mx_access,hash:smtpd_check_access
+#rcpt foo@verisign-wildcard.com
+rcpt foo@verisign.com
+rcpt foo@1.2.3.porcupine.org
+#
+# Check NS access
+#
+helo_restrictions check_helo_ns_access,hash:smtpd_check_access
+helo email-publisher.com
+helo ns1.topica.com
+#helo verisign-wildcard.com
+helo example.tld
+sender_restrictions check_sender_ns_access,hash:smtpd_check_access
+mail foo@email-publisher.com
+mail foo@ns1.topica.com
+#mail foo@verisign-wildcard.com
+recipient_restrictions check_recipient_ns_access,hash:smtpd_check_access
+rcpt foo@email-publisher.com
+rcpt foo@ns1.topica.com
+#rcpt foo@verisign-wildcard.com
+rcpt foo@1.2.3.porcupine.org
+#
+# Check A access
+#
+helo_restrictions check_helo_a_access,hash:smtpd_check_access
+helo help.gypsysoul.org
+helo gypsysoul.org
+client_restrictions check_client_a_access,hash:smtpd_check_access
+client help.gypsysoul.org 1.2.3.4
+client gypsysoul.org 1.2.3.4
+#reverse_client_restrictions check_reverse_client_a_access,hash:smtpd_check_access
+#client help.gypsysoul.org 1.2.3.4
+#client gypsysoul.org 1.2.3.4
+sender_restrictions check_sender_a_access,hash:smtpd_check_access
+mail foo@gypsysoul.org
+recipient_restrictions check_recipient_a_access,hash:smtpd_check_access
+mail foo@gypsysoul.org
--- /dev/null
+>>> #
+>>> # Initialize.
+>>> #
+>>> #! ../bin/postmap smtpd_check_access
+>>> #msg_verbose 1
+>>> smtpd_delay_reject 0
+OK
+>>> mynetworks 127.0.0.0/8,168.100.189.0/28
+OK
+>>> relay_domains porcupine.org
+OK
+>>> maps_rbl_domains dnsbltest.porcupine.org
+OK
+>>> rbl_reply_maps hash:smtpd_check_access
+OK
+>>> client spike.porcupine.org 168.100.189.2
+OK
+>>> #
+>>> # Check MX access
+>>> #
+>>> helo_restrictions check_helo_mx_access,hash:smtpd_check_access
+OK
+>>> #helo verisign-wildcard.com
+>>> helo verisign.com
+OK
+>>> helo example.tld
+./smtpd_check: warning: Unable to look up MX host example.tld for Helo command example.tld: hostname nor servname provided, or not known
+OK
+>>> sender_restrictions check_sender_mx_access,hash:smtpd_check_access
+OK
+>>> mail foo@pls.net.au
+OK
+>>> #mail foo@verisign-wildcard.com
+>>> mail foo@verisign.com
+OK
+>>> recipient_restrictions check_recipient_mx_access,hash:smtpd_check_access
+OK
+>>> #rcpt foo@verisign-wildcard.com
+>>> rcpt foo@verisign.com
+OK
+>>> rcpt foo@1.2.3.porcupine.org
+./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.189.2]: 554 5.7.1 <foo@1.2.3.porcupine.org>: Recipient address rejected: mail server 10.10.10.10; from=<foo@verisign.com> to=<foo@1.2.3.porcupine.org> proto=SMTP helo=<example.tld>
+554 5.7.1 <foo@1.2.3.porcupine.org>: Recipient address rejected: mail server 10.10.10.10
+>>> #
+>>> # Check NS access
+>>> #
+>>> helo_restrictions check_helo_ns_access,hash:smtpd_check_access
+OK
+>>> helo email-publisher.com
+./smtpd_check: <queue id>: reject: HELO from spike.porcupine.org[168.100.189.2]: 554 5.7.1 <email-publisher.com>: Helo command rejected: Access denied; from=<foo@verisign.com> proto=SMTP helo=<email-publisher.com>
+554 5.7.1 <email-publisher.com>: Helo command rejected: Access denied
+>>> helo ns1.topica.com
+./smtpd_check: <queue id>: reject: HELO from spike.porcupine.org[168.100.189.2]: 554 5.7.1 <ns1.topica.com>: Helo command rejected: Access denied; from=<foo@verisign.com> proto=SMTP helo=<ns1.topica.com>
+554 5.7.1 <ns1.topica.com>: Helo command rejected: Access denied
+>>> #helo verisign-wildcard.com
+>>> helo example.tld
+./smtpd_check: warning: Unable to look up NS host for example.tld: Host not found
+OK
+>>> sender_restrictions check_sender_ns_access,hash:smtpd_check_access
+OK
+>>> mail foo@email-publisher.com
+./smtpd_check: <queue id>: reject: MAIL from spike.porcupine.org[168.100.189.2]: 554 5.7.1 <foo@email-publisher.com>: Sender address rejected: Access denied; from=<foo@email-publisher.com> proto=SMTP helo=<example.tld>
+554 5.7.1 <foo@email-publisher.com>: Sender address rejected: Access denied
+>>> mail foo@ns1.topica.com
+./smtpd_check: <queue id>: reject: MAIL from spike.porcupine.org[168.100.189.2]: 554 5.7.1 <foo@ns1.topica.com>: Sender address rejected: Access denied; from=<foo@ns1.topica.com> proto=SMTP helo=<example.tld>
+554 5.7.1 <foo@ns1.topica.com>: Sender address rejected: Access denied
+>>> #mail foo@verisign-wildcard.com
+>>> recipient_restrictions check_recipient_ns_access,hash:smtpd_check_access
+OK
+>>> rcpt foo@email-publisher.com
+./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.189.2]: 554 5.7.1 <foo@email-publisher.com>: Recipient address rejected: Access denied; from=<foo@ns1.topica.com> to=<foo@email-publisher.com> proto=SMTP helo=<example.tld>
+554 5.7.1 <foo@email-publisher.com>: Recipient address rejected: Access denied
+>>> rcpt foo@ns1.topica.com
+./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.189.2]: 554 5.7.1 <foo@ns1.topica.com>: Recipient address rejected: Access denied; from=<foo@ns1.topica.com> to=<foo@ns1.topica.com> proto=SMTP helo=<example.tld>
+554 5.7.1 <foo@ns1.topica.com>: Recipient address rejected: Access denied
+>>> #rcpt foo@verisign-wildcard.com
+>>> rcpt foo@1.2.3.porcupine.org
+./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.189.2]: 554 5.7.1 <foo@1.2.3.porcupine.org>: Recipient address rejected: name server spike.porcupine.org; from=<foo@ns1.topica.com> to=<foo@1.2.3.porcupine.org> proto=SMTP helo=<example.tld>
+554 5.7.1 <foo@1.2.3.porcupine.org>: Recipient address rejected: name server spike.porcupine.org
+>>> #
+>>> # Check A access
+>>> #
+>>> helo_restrictions check_helo_a_access,hash:smtpd_check_access
+OK
+>>> helo help.gypsysoul.org
+OK
+>>> helo gypsysoul.org
+./smtpd_check: <queue id>: reject: HELO from spike.porcupine.org[168.100.189.2]: 554 5.7.1 <gypsysoul.org>: Helo command rejected: bizsat.net, gypsysoul.org spam; from=<foo@ns1.topica.com> proto=SMTP helo=<gypsysoul.org>
+554 5.7.1 <gypsysoul.org>: Helo command rejected: bizsat.net, gypsysoul.org spam
+>>> client_restrictions check_client_a_access,hash:smtpd_check_access
+OK
+>>> client help.gypsysoul.org 1.2.3.4
+OK
+>>> client gypsysoul.org 1.2.3.4
+./smtpd_check: <queue id>: reject: CONNECT from gypsysoul.org[1.2.3.4]: 554 5.7.1 <gypsysoul.org[1.2.3.4]>: Client host rejected: bizsat.net, gypsysoul.org spam; from=<foo@ns1.topica.com> proto=SMTP helo=<gypsysoul.org>
+554 5.7.1 <gypsysoul.org[1.2.3.4]>: Client host rejected: bizsat.net, gypsysoul.org spam
+>>> #reverse_client_restrictions check_reverse_client_a_access,hash:smtpd_check_access
+>>> #client help.gypsysoul.org 1.2.3.4
+>>> #client gypsysoul.org 1.2.3.4
+>>> sender_restrictions check_sender_a_access,hash:smtpd_check_access
+OK
+>>> mail foo@gypsysoul.org
+./smtpd_check: <queue id>: reject: MAIL from gypsysoul.org[1.2.3.4]: 554 5.7.1 <foo@gypsysoul.org>: Sender address rejected: bizsat.net, gypsysoul.org spam; from=<foo@gypsysoul.org> proto=SMTP helo=<gypsysoul.org>
+554 5.7.1 <foo@gypsysoul.org>: Sender address rejected: bizsat.net, gypsysoul.org spam
+>>> recipient_restrictions check_recipient_a_access,hash:smtpd_check_access
+OK
+>>> mail foo@gypsysoul.org
+./smtpd_check: <queue id>: reject: MAIL from gypsysoul.org[1.2.3.4]: 554 5.7.1 <foo@gypsysoul.org>: Sender address rejected: bizsat.net, gypsysoul.org spam; from=<foo@gypsysoul.org> proto=SMTP helo=<gypsysoul.org>
+554 5.7.1 <foo@gypsysoul.org>: Sender address rejected: bizsat.net, gypsysoul.org spam
if (TLScontext->log_mask & TLS_LOG_VERBOSE) {
X509_NAME_oneline(X509_get_subject_name(peer),
buf, sizeof(buf));
- msg_info("subject=%s", buf);
+ msg_info("subject=%s", printable(buf, '?'));
X509_NAME_oneline(X509_get_issuer_name(peer),
buf, sizeof(buf));
- msg_info("issuer=%s", buf);
+ msg_info("issuer=%s", printable(buf, '?'));
}
TLScontext->peer_CN = tls_peer_CN(peer, TLScontext);
TLScontext->issuer_CN = tls_issuer_CN(peer, TLScontext);
LIB_DIR = ../../lib
INC_DIR = ../../include
-PLG_DIR = ../../plugins
.c.o:; $(CC) $(SHLIB_CFLAGS) $(CFLAGS) -c $*.c
do \
for type in $(DEFINED_MAP_TYPES); do \
case $$i in $(LIB_PREFIX)$$type$(LIB_SUFFIX)) \
- cmp -s $$i $(PLG_DIR)/$$i 2>/dev/null || cp $$i $(PLG_DIR); \
+ cmp -s $$i $(LIB_DIR)/$$i 2>/dev/null || cp $$i $(LIB_DIR); \
continue 2;; \
esac; \
done; \
- rm -f $(PLG_DIR)/$$i; \
+ rm -f $(LIB_DIR)/$$i; \
done
plugin_map_obj_update: $(LIB_MAP_OBJ)
/* SYNOPSIS
/* #include <dict_db.h>
/*
-/* int dict_db_cache_size;
+/* extern int dict_db_cache_size;
+/*
+/* DEFINE_DICT_DB_CACHE_SIZE;
/*
/* DICT *dict_hash_open(path, open_flags, dict_flags)
/* const char *path;
/* For better performance while creating a large table, specify a large
/* buffer size before opening the file.
/*
+/* This variable cannot be exported via the dict(3) API and
+/* must therefore be defined in the calling program by invoking
+/* the DEFINE_DICT_DB_CACHE_SIZE macro at the global level.
+/*
/* Arguments:
/* .IP path
/* The database pathname, not including the ".db" suffix.
#define SCOPY(buf, data, size) \
vstring_str(vstring_strncpy(buf ? buf : (buf = vstring_alloc(10)), data, size))
- /*
- * You can override the default dict_db_cache_size setting before calling
- * dict_hash_open() or dict_btree_open(). This is done in mkmap_db_open() to
- * set a larger memory pool for database (re)builds.
- *
- * XXX This should be specified via the DICT interface so that it becomes an
- * object property, instead of being specified by poking a global variable
- * so that it becomes a class property.
- */
-int dict_db_cache_size = (128 * 1024); /* 128K default memory pool */
-
#define DICT_DB_NELM 4096
#if DB_VERSION_MAJOR > 1
/*
* XXX Should be part of the DICT interface.
+ *
+ * You can override the default dict_db_cache_size setting before calling
+ * dict_hash_open() or dict_btree_open(). This is done in mkmap_db_open() to
+ * set a larger memory pool for database (re)builds.
*/
extern int dict_db_cache_size;
+#define DEFINE_DICT_DB_CACHE_SIZE int dict_db_cache_size = (128 * 1024)
+
/* LICENSE
/* .ad
/* .fi
* XXX Should be part of the DICT interface.
*/
extern size_t dict_lmdb_map_size;
-extern unsigned int dict_lmdb_max_readers;
/* Minimum size without SIGSEGV. */
#define DEFINE_DICT_LMDB_MAP_SIZE size_t dict_lmdb_map_size = 8192
#include <dict_lmdb.h>
DEFINE_DICT_LMDB_MAP_SIZE;
+DEFINE_DICT_DB_CACHE_SIZE;
static NORETURN usage(char *myname)
{
projects / thirdparty / postfix.git / commitdiff
