by Coverity, reported by Jaroslav Skarvada. Fix by Viktor
Dukhovni. File: global/haproxy_srvr.c.
- Missing null pointer check (introduced: Postfix alpha) after
- null argv[0] value. Found by Coverity, reported by Jaroslav
- Skarvada. File: global/mail_task.c.
-
20210404
Unbroke a ton of regression tests after DNS-related changes.
+
+20210406
+
+ More specific warnings for incorrect net/mask syntax. Files:
+ util/cidr_match.c, util/dict_cidr.ref.
+
+20210410
+
+ Added an msg_panic() call to silence a Coverity warning,
+ File: global/mail_task.c.
+
+ Documentation: updated containerization suggestions in
+ the postfix(1) manpage. File: postfix/postfix.c.
+
+ Documentation: added text and ASCII art to illustrate how
+ tlsproxy(8) is used for outbound SMTP connection caching
+ and for inbound postscreen(8) TLS support. File:
+ proto/OVERVIEW.html.
+
+ Documentation: added text and ASCII art to illustrate how
+ postlogd(8) provides an alternative to syslog logging.
+ File: proto/OVERVIEW.html.
Postfix version 2.2 and later. More information about this feature is in
the CONNECTION_CACHE_README document.
- /-- smtp(8) --> Internet
+ /-- smtp(8) --> Internet
qmgr(8)
- |
- \-- | smtp(8) --> Internet
- |
- ^
- |
+ |
+ \-- | smtp(8)
+ |
+ | ^
+ v |
+
+ scache(8)
+
+ A Postfix smtp(8) client can reuse a TLS-encrypted connection (with
+ "smtp_tls_connection_reuse = yes"). This can greatly reduce the overhead of
+ connection setup and improves message delivery rates. After a Postfix smtp
+ (8) client connects to a remote SMTP server and sends plaintext EHLO and
+ STARTTLS commands, the smtp(8) client inserts a tlsproxy(8) process into
+ the connection as shown below.
+
+ After the mail transaction completes, the Postfix smtp(8) client gives its
+ connection to the tlsproxy(8) process to the scache(8) server, which keeps
+ the connection open for a limited amount of time. The smtp(8) client
+ continues with some other mail delivery request. Meanwhile, any Postfix
+ smtp(8) client can ask the scache(8) server for that cached connection and
+ reuse it for mail delivery.
+
+ /-- smtp(8) --> tlsproxy(8) --> Internet
- scache(8)
+ qmgr(8)
+ |
+ \-- | smtp(8)
+ |
+ | ^
+ v |
+
+ scache(8)
* The showq(8) servers list the Postfix queue status. This is the queue
listing service that does the work for the mailq(1) and postqueue(1)
the implementation simple, postscreen(8) delegates DNS allow/denylist
lookups to dnsblog(8) server processes, and delegates TLS encryption/
decryption to tlsproxy(8) server processes. This delegation is invisible to
- the remote SMTP client, and is not shown in the diagram below.
+ the remote SMTP client.
+
+ zombie
+
+ \
+
+ zombie - tlsproxy(8) - - smtpd(8)
+
+ \ /
+
+ other --- postscreen(8)
+
+ / \
- zombie
+ other - - smtpd(8)
- \
+ /
- zombie - - smtpd(8)
+ zombie
- \ /
+ * The postlogd(8) server provides an alternative to syslog logging, which
+ remains the default. This feature is available with Postfix version 3.4 or
+ later, and supports the following modes:
- other --- postscreen(8)
+ o Logging to file, which addresses a usability problem with MacOS, and
+ eliminates information loss caused by systemd rate limits.
- / \
+ commands -> postlogd(8) -> /path/to/file
+ or daemons
- other - - smtpd(8)
+ o Logging to stdout, which eliminates a syslog dependency when Postfix
+ runs inside a container.
- /
+ commands -> postlogd(8) -> stdout inherited
+ or daemons from "postfix start-fg"
- zombie
+ See MAILLOG_README for details and limitations.
P\bPo\bos\bst\btf\bfi\bix\bx s\bsu\bup\bpp\bpo\bor\brt\bt c\bco\bom\bmm\bma\ban\bnd\bds\bs
Wish list:
- Update the OVERVIEW page: add postlogd; add tlsproxy to
- connection caching section.
-
Make smtpd_relay_before_recipient_restrictions settable
in smtpd_checks tests.
<tr> <td> </td> <td> <tt> /-- </tt> </td> <td align="center"
colspan="3" bgcolor="#f0f0ff"> <a href="smtp.8.html">smtp(8)</a> </td> <td colspan="2"> <tt>
---> </tt> Internet </td> </tr>
-
+--> </tt> </td> <td> Internet </td> </tr>
+
<tr> <td align="center" bgcolor="#f0f0ff"> <a href="qmgr.8.html">qmgr(8)</a> </td> <td> </td>
-<td align="center" rowspan="3"> </td> <td align="center"
-rowspan="3"><tt>|<br>|<br>|<br>|<br>v</tt></td> <td> </td>
+<td align="center" rowspan="3"><tt>|<br>|<br>|<br>|<br>v</tt></td>
</tr>
-<tr> <td> </td> <td> <tt> \-- </tt> </td> <td align="center"
-colspan="2" bgcolor="#f0f0ff"> <a href="smtp.8.html">smtp(8)</a> </td> <td align="left"> <tt>
---> </tt> Internet </td> </tr>
-
-<tr> <td colspan="3"> </td> <td align="center"><tt>^<br>|</tt></td>
-<td> </td> </tr>
+<tr> <td> </td> <td> <tt> \-- </tt> </td> <td align="center"
+colspan="4" bgcolor="#f0f0ff"> <a href="smtp.8.html">smtp(8)</a> </td> <td align="left">
+ </td> </tr>
+
+<tr> <td colspan="2"> </td> <td> </td> <td
+align="center"><tt>^<br>|</tt></td> </tr>
+
+<tr> <td colspan="2"> </td> <td align="center" colspan="3"
+bgcolor="#f0f0ff"> <a href="scache.8.html">scache(8)</a> </td> </tr>
+
+</table>
+
+<p> A Postfix <a href="smtp.8.html">smtp(8)</a> client can reuse a TLS-encrypted connection
+(with "<a href="postconf.5.html#smtp_tls_connection_reuse">smtp_tls_connection_reuse</a> = yes"). This can greatly reduce
+the overhead of connection setup and improves message delivery
+rates. After a Postfix <a href="smtp.8.html">smtp(8)</a> client connects to a remote SMTP
+server and sends plaintext EHLO and STARTTLS commands, the <a href="smtp.8.html">smtp(8)</a>
+client inserts a <a href="tlsproxy.8.html">tlsproxy(8)</a> process into the connection as shown
+below. </p>
+
+<p> After the mail transaction completes, the Postfix <a href="smtp.8.html">smtp(8)</a> client
+gives its connection to the <a href="tlsproxy.8.html">tlsproxy(8)</a> process to the <a href="scache.8.html">scache(8)</a>
+server, which keeps the connection open for a limited amount of
+time. The <a href="smtp.8.html">smtp(8)</a> client continues with some other mail delivery
+request. Meanwhile, any Postfix <a href="smtp.8.html">smtp(8)</a> client can ask the <a href="scache.8.html">scache(8)</a>
+server for that cached connection and reuse it for mail delivery.
+</p>
+
+<table>
+
+<tr> <td> </td> <td> <tt> /-- </tt> </td> <td align="center"
+colspan="3" bgcolor="#f0f0ff"> <a href="smtp.8.html">smtp(8)</a> </td> <td colspan="2"> <tt>
+--> </tt> </td> <td align="center"bgcolor="#f0f0ff"> <a href="tlsproxy.8.html">tlsproxy(8)</a>
+</td> <td> <tt> --> </tt> </td> <td> Internet </td> </tr>
+
+<tr> <td align="center" bgcolor="#f0f0ff"> <a href="qmgr.8.html">qmgr(8)</a> </td> <td> </td>
+<td align="center" rowspan="3"><tt>|<br>|<br>|<br>|<br>v</tt></td>
+</tr>
-<tr> <td colspan="3"> </td> <td align="center" colspan="3"
+<tr> <td> </td> <td> <tt> \-- </tt> </td> <td align="center"
+colspan="4" bgcolor="#f0f0ff"> <a href="smtp.8.html">smtp(8)</a> </td> <td align="left">
+ </td> </tr>
+
+<tr> <td colspan="2"> </td> <td> </td> <td
+align="center"><tt>^<br>|</tt></td> </tr>
+
+<tr> <td colspan="2"> </td> <td align="center" colspan="3"
bgcolor="#f0f0ff"> <a href="scache.8.html">scache(8)</a> </td> </tr>
</table>
later. To keep the implementation simple, <a href="postscreen.8.html">postscreen(8)</a> delegates
DNS allow/denylist lookups to <a href="dnsblog.8.html">dnsblog(8)</a> server processes, and
delegates TLS encryption/decryption to <a href="tlsproxy.8.html">tlsproxy(8)</a> server processes.
-This delegation is invisible to the remote SMTP client, and is not
-shown in the diagram below. </p>
+This delegation is invisible to the remote SMTP client. </p>
<table>
-<tr> <td> zombie </td> </tr>
+<tr> <td colspan="2"> </td> <td align="center"> zombie </td> </tr>
-<tr> <td> </td> <td align="left"> <tt> \ </tt> </td> </tr>
+<tr> <td colspan="3"> </td> <td align="left"> <tt> \ </tt> </td> </tr>
-<tr> <td> zombie </td> <td align="left"> <tt> - </tt> </td> <td>
+<tr> <td> zombie </td> <td> <tt> - </tt> </td> <td bgcolor="#f0f0ff" align="center"> <a href="tlsproxy.8.html">tlsproxy(8)</a> </td> <td align="left"> <tt> - </tt> </td> <td>
</td> <td> </td> <td> </td> <td align="right"> <tt> - </tt> </td>
<td bgcolor="#f0f0ff" align="center"> <a href="smtpd.8.html">smtpd(8)</a> </td> </tr>
-<tr> <td> </td> <td align="right"> <tt> \ </tt> </td> <td> </td>
+<tr> <td colspan="3"> </td> <td align="right"> <tt> \ </tt> </td> <td> </td>
<td align="left"> <tt> / </tt> </td> </tr>
-<tr> <td bgcolor="#f0f0ff" align="center"> other </td> <td> <tt>
+<tr> <td colspan="2"> </td> <td bgcolor="#f0f0ff" align="center"> other </td> <td> <tt>
--- </tt> </td> <td bgcolor="#f0f0ff" align="center" valign="middle">
<a href="postscreen.8.html">postscreen(8)</a> </td> </tr>
-<tr> <td> </td> <td align="right"> <tt> / </tt> </td> <td> </td>
+<tr> <td colspan="3"> </td> <td align="right"> <tt> / </tt> </td> <td> </td>
<td align="right"> <tt> \ </tt> </td> </tr>
-<tr> <td bgcolor="#f0f0ff" align="center"> other </td> <td align="left">
+<tr> <td colspan="2"> </td> <td bgcolor="#f0f0ff" align="center"> other </td> <td align="left">
<tt> - </tt> </td> <td> </td> <td> </td> <td> </td> <td align="right">
<tt> - </tt> </td> <td bgcolor="#f0f0ff" align="center"> <a href="smtpd.8.html">smtpd(8)</a>
</td> </tr>
-<tr> <td> </td> <td align="left"> <tt> / </tt> </td> </tr>
+<tr> <td colspan="3"> </td> <td align="left"> <tt> / </tt> </td> </tr>
-<tr> <td> zombie </td> </tr>
+<tr> <td colspan="2"> </td> <td align="center"> zombie </td> </tr>
+</table>
+
+<li> <p>The <a href="postlogd.8.html">postlogd(8)</a> server provides an alternative to syslog
+logging, which remains the default. This feature is available with
+Postfix version 3.4 or later, and supports the following modes:
+</p>
+
+
+<ul>
+
+<li> <p>Logging to file, which addresses a usability problem with
+MacOS, and eliminates information loss caused by systemd rate limits.
+</p>
+
+<table>
+
+<tr> <td bgcolor="#f0f0ff" rowspan="3" valign="middle" align="center">
+commands<br>or daemons</td> <td colspan="4"> </td> </tr>
+
+<tr> <td colspan="2"> <td> <tt> -> </tt> </td> <td bgcolor="#f0f0ff">
+<a href="postlogd.8.html">postlogd(8)</a> </td> <td> <tt> -> </tt> </td> <td> /path/to/file
+</td> </tr>
+
+<tr> <td colspan=6> </td> </tr>
</table>
+<li> <p>Logging to stdout, which eliminates a syslog dependency
+when Postfix runs inside a container. </p>
+
+<table>
+
+<tr> <td bgcolor="#f0f0ff" rowspan="3" valign="middle" align="center">
+commands<br>or daemons</td> <td colspan="4"> </td> <td
+rowspan="3" align="center"> stdout inherited<br>from "postfix
+start-fg" </td> </tr>
+
+<tr> <td colspan="2"> <tt> -> </tt> </td> <td bgcolor="#f0f0ff">
+<a href="postlogd.8.html">postlogd(8)</a> </td> <td> <tt> -> </tt> </td> </tr>
+
+<tr> <td colspan=5> </td> </tr>
+
+</table>
+
+</ul>
+
+<p> See <a href="MAILLOG_README.html">MAILLOG_README</a> for details and limitations. </p>
+
</ul>
<h2> <a name="commands"> Postfix support commands </a> </h2>
ground, and enable <a href="master.8.html"><b>master</b>(8)</a> "init" mode when running as PID 1.
This command requires that multi-instance support is disabled
(i.e. the <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> parameter value must be
- empty). When running Postfix inside a container, mount the con-
- tainer host's /dev/log socket inside the container (example:
- "docker run -v /dev/log:/dev/log ...") and specify a distinct
- Postfix "<a href="postconf.5.html#syslog_name">syslog_name</a>" prefix that identifies logging from the
- Postfix instance.
+ empty).
+
+ When running Postfix inside a container, see <a href="MAILLOG_README.html">MAILLOG_README</a> for
+ logging to stdout. Postfix logs to syslog by default, which
+ requires a) running a syslogd process inside the container, or
+ b) mounting the container host's /dev/log socket inside the con-
+ tainer (example: "docker run -v /dev/log:/dev/log ..."), and c)
+ a distinct Postfix "<a href="postconf.5.html#syslog_name">syslog_name</a>" prefix that identifies logging
+ from the Postfix instance.
<b>stop</b> Stop the Postfix mail system in an orderly fashion. If possible,
running processes are allowed to terminate at their earliest
when running as PID 1.
This command requires that multi\-instance support is
disabled (i.e. the multi_instance_directories parameter
-value must be empty). When running Postfix inside a container,
-mount the container host's /dev/log socket inside the
-container (example: "docker run \-v /dev/log:/dev/log ...")
-and specify a distinct Postfix "syslog_name" prefix that
-identifies logging from the Postfix instance.
+value must be empty).
+
+When running Postfix inside a container, see MAILLOG_README
+for logging to stdout. Postfix logs to syslog by default,
+which requires a) running a syslogd process inside the
+container, or b) mounting the container host's /dev/log
+socket inside the container (example: "docker run \-v
+/dev/log:/dev/log ..."), and c) a distinct Postfix "syslog_name"
+prefix that identifies logging from the Postfix instance.
.IP \fBstop\fR
Stop the Postfix mail system in an orderly fashion. If
possible, running processes are allowed to terminate at
<tr> <td> </td> <td> <tt> /-- </tt> </td> <td align="center"
colspan="3" bgcolor="#f0f0ff"> smtp(8) </td> <td colspan="2"> <tt>
---> </tt> Internet </td> </tr>
-
+--> </tt> </td> <td> Internet </td> </tr>
+
<tr> <td align="center" bgcolor="#f0f0ff"> qmgr(8) </td> <td> </td>
-<td align="center" rowspan="3"> </td> <td align="center"
-rowspan="3"><tt>|<br>|<br>|<br>|<br>v</tt></td> <td> </td>
+<td align="center" rowspan="3"><tt>|<br>|<br>|<br>|<br>v</tt></td>
</tr>
-<tr> <td> </td> <td> <tt> \-- </tt> </td> <td align="center"
-colspan="2" bgcolor="#f0f0ff"> smtp(8) </td> <td align="left"> <tt>
---> </tt> Internet </td> </tr>
-
-<tr> <td colspan="3"> </td> <td align="center"><tt>^<br>|</tt></td>
-<td> </td> </tr>
+<tr> <td> </td> <td> <tt> \-- </tt> </td> <td align="center"
+colspan="4" bgcolor="#f0f0ff"> smtp(8) </td> <td align="left">
+ </td> </tr>
+
+<tr> <td colspan="2"> </td> <td> </td> <td
+align="center"><tt>^<br>|</tt></td> </tr>
+
+<tr> <td colspan="2"> </td> <td align="center" colspan="3"
+bgcolor="#f0f0ff"> scache(8) </td> </tr>
+
+</table>
+
+<p> A Postfix smtp(8) client can reuse a TLS-encrypted connection
+(with "smtp_tls_connection_reuse = yes"). This can greatly reduce
+the overhead of connection setup and improves message delivery
+rates. After a Postfix smtp(8) client connects to a remote SMTP
+server and sends plaintext EHLO and STARTTLS commands, the smtp(8)
+client inserts a tlsproxy(8) process into the connection as shown
+below. </p>
+
+<p> After the mail transaction completes, the Postfix smtp(8) client
+gives its connection to the tlsproxy(8) process to the scache(8)
+server, which keeps the connection open for a limited amount of
+time. The smtp(8) client continues with some other mail delivery
+request. Meanwhile, any Postfix smtp(8) client can ask the scache(8)
+server for that cached connection and reuse it for mail delivery.
+</p>
+
+<table>
+
+<tr> <td> </td> <td> <tt> /-- </tt> </td> <td align="center"
+colspan="3" bgcolor="#f0f0ff"> smtp(8) </td> <td colspan="2"> <tt>
+--> </tt> </td> <td align="center"bgcolor="#f0f0ff"> tlsproxy(8)
+</td> <td> <tt> --> </tt> </td> <td> Internet </td> </tr>
+
+<tr> <td align="center" bgcolor="#f0f0ff"> qmgr(8) </td> <td> </td>
+<td align="center" rowspan="3"><tt>|<br>|<br>|<br>|<br>v</tt></td>
+</tr>
-<tr> <td colspan="3"> </td> <td align="center" colspan="3"
+<tr> <td> </td> <td> <tt> \-- </tt> </td> <td align="center"
+colspan="4" bgcolor="#f0f0ff"> smtp(8) </td> <td align="left">
+ </td> </tr>
+
+<tr> <td colspan="2"> </td> <td> </td> <td
+align="center"><tt>^<br>|</tt></td> </tr>
+
+<tr> <td colspan="2"> </td> <td align="center" colspan="3"
bgcolor="#f0f0ff"> scache(8) </td> </tr>
</table>
later. To keep the implementation simple, postscreen(8) delegates
DNS allow/denylist lookups to dnsblog(8) server processes, and
delegates TLS encryption/decryption to tlsproxy(8) server processes.
-This delegation is invisible to the remote SMTP client, and is not
-shown in the diagram below. </p>
+This delegation is invisible to the remote SMTP client. </p>
<table>
-<tr> <td> zombie </td> </tr>
+<tr> <td colspan="2"> </td> <td align="center"> zombie </td> </tr>
-<tr> <td> </td> <td align="left"> <tt> \ </tt> </td> </tr>
+<tr> <td colspan="3"> </td> <td align="left"> <tt> \ </tt> </td> </tr>
-<tr> <td> zombie </td> <td align="left"> <tt> - </tt> </td> <td>
+<tr> <td> zombie </td> <td> <tt> - </tt> </td> <td bgcolor="#f0f0ff" align="center"> tlsproxy(8) </td> <td align="left"> <tt> - </tt> </td> <td>
</td> <td> </td> <td> </td> <td align="right"> <tt> - </tt> </td>
<td bgcolor="#f0f0ff" align="center"> smtpd(8) </td> </tr>
-<tr> <td> </td> <td align="right"> <tt> \ </tt> </td> <td> </td>
+<tr> <td colspan="3"> </td> <td align="right"> <tt> \ </tt> </td> <td> </td>
<td align="left"> <tt> / </tt> </td> </tr>
-<tr> <td bgcolor="#f0f0ff" align="center"> other </td> <td> <tt>
+<tr> <td colspan="2"> </td> <td bgcolor="#f0f0ff" align="center"> other </td> <td> <tt>
--- </tt> </td> <td bgcolor="#f0f0ff" align="center" valign="middle">
postscreen(8) </td> </tr>
-<tr> <td> </td> <td align="right"> <tt> / </tt> </td> <td> </td>
+<tr> <td colspan="3"> </td> <td align="right"> <tt> / </tt> </td> <td> </td>
<td align="right"> <tt> \ </tt> </td> </tr>
-<tr> <td bgcolor="#f0f0ff" align="center"> other </td> <td align="left">
+<tr> <td colspan="2"> </td> <td bgcolor="#f0f0ff" align="center"> other </td> <td align="left">
<tt> - </tt> </td> <td> </td> <td> </td> <td> </td> <td align="right">
<tt> - </tt> </td> <td bgcolor="#f0f0ff" align="center"> smtpd(8)
</td> </tr>
-<tr> <td> </td> <td align="left"> <tt> / </tt> </td> </tr>
+<tr> <td colspan="3"> </td> <td align="left"> <tt> / </tt> </td> </tr>
-<tr> <td> zombie </td> </tr>
+<tr> <td colspan="2"> </td> <td align="center"> zombie </td> </tr>
+</table>
+
+<li> <p>The postlogd(8) server provides an alternative to syslog
+logging, which remains the default. This feature is available with
+Postfix version 3.4 or later, and supports the following modes:
+</p>
+
+
+<ul>
+
+<li> <p>Logging to file, which addresses a usability problem with
+MacOS, and eliminates information loss caused by systemd rate limits.
+</p>
+
+<table>
+
+<tr> <td bgcolor="#f0f0ff" rowspan="3" valign="middle" align="center">
+commands<br>or daemons</td> <td colspan="4"> </td> </tr>
+
+<tr> <td colspan="2"> <td> <tt> -> </tt> </td> <td bgcolor="#f0f0ff">
+postlogd(8) </td> <td> <tt> -> </tt> </td> <td> /path/to/file
+</td> </tr>
+
+<tr> <td colspan=6> </td> </tr>
</table>
+<li> <p>Logging to stdout, which eliminates a syslog dependency
+when Postfix runs inside a container. </p>
+
+<table>
+
+<tr> <td bgcolor="#f0f0ff" rowspan="3" valign="middle" align="center">
+commands<br>or daemons</td> <td colspan="4"> </td> <td
+rowspan="3" align="center"> stdout inherited<br>from "postfix
+start-fg" </td> </tr>
+
+<tr> <td colspan="2"> <tt> -> </tt> </td> <td bgcolor="#f0f0ff">
+postlogd(8) </td> <td> <tt> -> </tt> </td> </tr>
+
+<tr> <td colspan=5> </td> </tr>
+
+</table>
+
+</ul>
+
+<p> See MAILLOG_README for details and limitations. </p>
+
</ul>
<h2> <a name="commands"> Postfix support commands </a> </h2>
mail_stream.o: mail_stream.h
mail_stream.o: opened.h
mail_task.o: ../../include/check_arg.h
+mail_task.o: ../../include/msg.h
mail_task.o: ../../include/safe.h
mail_task.o: ../../include/sys_defs.h
mail_task.o: ../../include/vbuf.h
/* The result is overwritten with each call.
/*
/* A null argv0 argument requests that the current result is
-/* returned, or "unknown" when no current result exists.
+/* returned.
+/* DIAGNOSTICS
+/* Panic: argv0 is a null pointer, but no current result exists.
/* LICENSE
/* .ad
/* .fi
#include <vstring.h>
#include <safe.h>
+#include <msg.h>
/* Global library. */
const char *slash;
const char *tag;
- if (argv0 == 0 && canon_name == 0)
- argv0 = "unknown";
if (argv0) {
if (canon_name == 0)
canon_name = vstring_alloc(10);
mail_conf_eval(DEF_SYSLOG_NAME);
vstring_sprintf(canon_name, "%s/%s", tag, argv0);
}
+ if (canon_name == 0)
+ msg_panic("mail_task: no current result");
return (vstring_str(canon_name));
}
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20210405"
+#define MAIL_RELEASE_DATE "20210410"
#define MAIL_VERSION_NUMBER "3.6"
#ifdef SNAPSHOT
/* when running as PID 1.
/* This command requires that multi-instance support is
/* disabled (i.e. the multi_instance_directories parameter
-/* value must be empty). When running Postfix inside a container,
-/* mount the container host's /dev/log socket inside the
-/* container (example: "docker run -v /dev/log:/dev/log ...")
-/* and specify a distinct Postfix "syslog_name" prefix that
-/* identifies logging from the Postfix instance.
+/* value must be empty).
+/*
+/* When running Postfix inside a container, see MAILLOG_README
+/* for logging to stdout. Postfix logs to syslog by default,
+/* which requires a) running a syslogd process inside the
+/* container, or b) mounting the container host's /dev/log
+/* socket inside the container (example: "docker run -v
+/* /dev/log:/dev/log ..."), and c) a distinct Postfix "syslog_name"
+/* prefix that identifies logging from the Postfix instance.
/* .IP \fBstop\fR
/* Stop the Postfix mail system in an orderly fashion. If
/* possible, running processes are allowed to terminate at
* assignment is made in unreachable code, the compiler "should" not emit
* any references to those assignment targets. We use the "extern" class so
* that gcc will not complain about unused variables. Using "extern" breaks
- * when a compiler does emit references unreachable assignment targets.
+ * when a compiler does emit references to unreachable assignment targets.
* Hopefully, those cases will be rare.
*/
#define CHECK_VAL_HELPER_DCL(tag, type) extern type CHECK_VAL_DUMMY(type)
* Parse the pattern into network and mask, destroying the pattern.
*/
if ((mask = split_at(mask_search, '/')) != 0) {
+ const char *parse_error;
+
ip->addr_family = CIDR_MATCH_ADDR_FAMILY(pattern);
ip->addr_bit_count = CIDR_MATCH_ADDR_BIT_COUNT(ip->addr_family);
ip->addr_byte_count = CIDR_MATCH_ADDR_BYTE_COUNT(ip->addr_family);
- if (!alldig(mask)
- || (ip->mask_shift = atoi(mask)) > ip->addr_bit_count
- || inet_pton(ip->addr_family, pattern, ip->net_bytes) != 1) {
+ if (!alldig(mask)) {
+ parse_error = "bad mask value";
+ } else if ((ip->mask_shift = atoi(mask)) > ip->addr_bit_count) {
+ parse_error = "bad mask length";
+ } else if (inet_pton(ip->addr_family, pattern, ip->net_bytes) != 1) {
+ parse_error = "bad network value";
+ } else {
+ parse_error = 0;
+ }
+ if (parse_error != 0) {
vstring_sprintf(why ? why : (why = vstring_alloc(20)),
- "bad net/mask pattern: \"%s/%s\"", pattern, mask);
+ "%s in \"%s/%s\"", parse_error, pattern, mask);
return (why);
}
if (ip->mask_shift > 0) {
./dict_open: warning: cidr map dict_cidr.map, line 5: non-null host address bits in "172.16.1.3/21", perhaps you should use "172.16.0.0/21" instead: skipping this rule
-./dict_open: warning: cidr map dict_cidr.map, line 6: bad net/mask pattern: "172.16.1.3/33": skipping this rule
-./dict_open: warning: cidr map dict_cidr.map, line 7: bad net/mask pattern: "172.999.0.0/21": skipping this rule
+./dict_open: warning: cidr map dict_cidr.map, line 6: bad mask length in "172.16.1.3/33": skipping this rule
+./dict_open: warning: cidr map dict_cidr.map, line 7: bad network value in "172.999.0.0/21": skipping this rule
./dict_open: warning: cidr map dict_cidr.map, line 8: bad address pattern: "172.16.1.999": skipping this rule
./dict_open: warning: cidr map dict_cidr.map, line 9: no lookup result: skipping this rule
./dict_open: warning: cidr map dict_cidr.map, line 38: non-null host address bits in "1.0.0.0/0", perhaps you should use "0.0.0.0/0" instead: skipping this rule
./dict_open: warning: cidr map dict_cidr.map, line 40: non-null host address bits in "1::/0", perhaps you should use "::/0" instead: skipping this rule
./dict_open: warning: cidr map dict_cidr.map, line 42: missing ']' character after "[1234": skipping this rule
./dict_open: warning: cidr map dict_cidr.map, line 43: garbage after "[1234]": skipping this rule
-./dict_open: warning: cidr map dict_cidr.map, line 44: bad net/mask pattern: "172.16.1.3/3x": skipping this rule
+./dict_open: warning: cidr map dict_cidr.map, line 44: bad mask value in "172.16.1.3/3x": skipping this rule
./dict_open: warning: cidr map dict_cidr.map, line 45: ENDIF without IF: skipping this rule
./dict_open: warning: cidr map dict_cidr.map, line 46: ENDIF without IF: skipping this rule
./dict_open: warning: cidr map dict_cidr.map, line 49: no address pattern: skipping this rule
projects / thirdparty / postfix.git / commitdiff
